use mock DSC for sha256-ecdsa, pubkey now optional on PassportData

app/src/stores/userStore.ts

@@ -184,7 +184,7 @@ const useUserStore = create<UserState>((set, get) => ({
 
       const start = Date.now();
 
-      const sigAlgFormatted = formatSigAlgNameForCircuit(passportData.signatureAlgorithm, passportData.pubKey.exponent);
+      const sigAlgFormatted = formatSigAlgNameForCircuit(passportData.signatureAlgorithm, passportData.pubKey!.exponent);
       const sigAlgIndex = SignatureAlgorithm[sigAlgFormatted as keyof typeof SignatureAlgorithm]
 
       const proof = await generateProof(

app/src/utils/registration.ts

@@ -29,8 +29,8 @@ export async function isCommitmentRegistered(secret: string, passportData: Passp
 
   const pubkey_leaf = getLeaf({
     signatureAlgorithm: passportData.signatureAlgorithm,
-    modulus: passportData.pubKey.modulus,
-    exponent: passportData.pubKey.exponent,
+    modulus: passportData.pubKey!.modulus,
+    exponent: passportData.pubKey!.exponent,
   });
 
   const formattedMrz = formatMrz(passportData.mrz);

common/scripts/passportData/sha256_ecdsa.ts

@@ -8,16 +8,18 @@ import {
   arraysAreEqual,
   findSubarrayIndex,
 } from '../../../common/src/utils/utils';
-import * as forge from 'node-forge';
+import * as asn1 from 'asn1js';
+import { Certificate } from 'pkijs';
 import { writeFileSync } from 'fs';
 import elliptic from 'elliptic';
-import * as crypto from 'crypto';
 import { sampleDataHashes_large } from '../../src/constants/sampleDataHashes';
+import { mock_dsc_key_sha256_ecdsa, mock_dsc_sha256_ecdsa } from "../../src/constants/mockCertificates";
 
 const sampleMRZ =
   'P<FRADUPONT<<ALPHONSE<HUGUES<ALBERT<<<<<<<<<24HB818324FRA0402111M3111115<<<<<<<<<<<<<<02';
 const signatureAlgorithm = 'ecdsa-with-SHA256';
 const hashLen = 32;
+const ec = new elliptic.ec('p256');
 
 export function genMockPassportData_sha256WithECDSA(): PassportData {
   const mrzHash = hash(signatureAlgorithm, formatMrz(sampleMRZ));
@@ -29,24 +31,20 @@ export function genMockPassportData_sha256WithECDSA(): PassportData {
   );
   const eContent = assembleEContent(hash(signatureAlgorithm, concatenatedDataHashes));
 
-  const ec = new elliptic.ec('p256');
-  const keyPair = ec.genKeyPair();
-  const pubKey = keyPair.getPublic();
+  const privateKeyDer = Buffer.from(mock_dsc_key_sha256_ecdsa.replace(/-----BEGIN EC PRIVATE KEY-----|\n|-----END EC PRIVATE KEY-----/g, ''), 'base64');
+  const asn1Data = asn1.fromBER(privateKeyDer);
+  const privateKeyBuffer = (asn1Data.result.valueBlock as any).value[1].valueBlock.valueHexView;
 
-  const md = forge.md.sha256.create();
-  md.update(forge.util.binary.raw.encode(new Uint8Array(eContent)));
-  const signature = keyPair.sign(md.digest().toHex(), 'hex');
-  const signatureBytes = Array.from(Buffer.from(signature.toDER(), 'hex'));
+  const keyPair = ec.keyFromPrivate(privateKeyBuffer);
 
-  const Qx = pubKey.getX().toString(16);
-  const Qy = pubKey.getY().toString(16);
+  const eContentHash = hash(signatureAlgorithm, eContent);
+  const signature = keyPair.sign(eContentHash);
+  const signatureBytes = signature.toDER();
 
   return {
     mrz: sampleMRZ,
     signatureAlgorithm: signatureAlgorithm,
-    pubKey: {
-      publicKeyQ: `(${Qx},${Qy},1,fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc)`,
-    },
+    dsc: mock_dsc_sha256_ecdsa,
     dataGroupHashes: concatenatedDataHashes,
     eContent: eContent,
     encryptedDigest: signatureBytes,
@@ -55,7 +53,7 @@ export function genMockPassportData_sha256WithECDSA(): PassportData {
 }
 
 function verify(passportData: PassportData): boolean {
-  const { mrz, signatureAlgorithm, pubKey, dataGroupHashes, eContent, encryptedDigest } =
+  const { mrz, signatureAlgorithm, dsc, dataGroupHashes, eContent, encryptedDigest } =
     passportData;
   const formattedMrz = formatMrz(mrz);
   const mrzHash = hash(signatureAlgorithm, formattedMrz);
@@ -69,21 +67,18 @@ function verify(passportData: PassportData): boolean {
     'concatHash is not at the right place in eContent'
   );
 
-  const cleanPublicKeyQ = pubKey.publicKeyQ.replace(/[()]/g, '').split(',');
-  const Qx = cleanPublicKeyQ[0];
-  const Qy = cleanPublicKeyQ[1];
+  const certBuffer = Buffer.from(dsc.replace(/(-----(BEGIN|END) CERTIFICATE-----|\n)/g, ''), 'base64');
+  const asn1Data = asn1.fromBER(certBuffer);
+  const cert = new Certificate({ schema: asn1Data.result });
+  const publicKeyInfo = cert.subjectPublicKeyInfo;
+  const publicKeyBuffer = publicKeyInfo.subjectPublicKey.valueBlock.valueHexView;
 
-  const ec = new elliptic.ec('p256');
-  const key = ec.keyFromPublic({ x: Qx, y: Qy }, 'hex');
-
-  const messageBuffer = Buffer.from(eContent);
-  const msgHash = crypto.createHash('sha256').update(messageBuffer).digest();
+  const key = ec.keyFromPublic(publicKeyBuffer);
 
+  const eContentHash = hash(signatureAlgorithm, eContent);
   const signature = Buffer.from(encryptedDigest).toString('hex');
 
-  const isValid = key.verify(msgHash, signature);
-
-  return isValid;
+  return key.verify(eContentHash, signature);
 }
 
 const mockPassportData = genMockPassportData_sha256WithECDSA();

common/src/constants/mockCertificates.ts

@@ -450,3 +450,24 @@ bUTICRnwWI2dWQz/K5VQuMdEDhxpzDw4uhBun97HlwEZnQnMxrf4whDby1yEnMrk
 jXtnkq7Exo0bOsVwH7VNkw==
 -----END PRIVATE KEY-----`
 
+export const mock_dsc_key_sha256_ecdsa = `-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILM+tyrOADmGjsoNiF/MBuvIscs80M4i1QjVnDy/VBJkoAoGCCqGSM49
+AwEHoUQDQgAEQGjDJAD3r/b7oRH2TrgidhLtX+ThLntgul4cdoSEb1fmFcrTgXr4
+utAT4/K3aMZ3GrVtCMb5e94lwOlhuOdPdw==
+-----END EC PRIVATE KEY-----
+`
+
+export const mock_dsc_sha256_ecdsa = `-----BEGIN CERTIFICATE-----
+MIICBzCCAa2gAwIBAgIUepk5fECPtH8DJL55fJcGsPCHHowwCgYIKoZIzj0EAwIw
+cjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRUw
+EwYDVQQKDAxPcmdhbml6YXRpb24xEzARBgNVBAsMCkRlcGFydG1lbnQxGDAWBgNV
+BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0yNDA4MjcxNDE3NDdaFw0yNTA4MjcxNDE3
+NDdaMHIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0
+eTEVMBMGA1UECgwMT3JnYW5pemF0aW9uMRMwEQYDVQQLDApEZXBhcnRtZW50MRgw
+FgYDVQQDDA93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AARAaMMkAPev9vuhEfZOuCJ2Eu1f5OEue2C6Xhx2hIRvV+YVytOBevi60BPj8rdo
+xncatW0Ixvl73iXA6WG45093oyEwHzAdBgNVHQ4EFgQUUa6p5iCBqbhslwC79LHX
+EyYTiP0wCgYIKoZIzj0EAwIDSAAwRQIhAP6XA1AWr8v6f7EJz3u5GuudyCKqiuBY
+mDhB0W8OhhR2AiAMTm++57YJkbQNxzL75nypXSdZmBfiQXSNM0NFpHEuIQ==
+-----END CERTIFICATE-----
+`

common/src/mock_certificates/sha256_ecdsa/mock_dsc.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILM+tyrOADmGjsoNiF/MBuvIscs80M4i1QjVnDy/VBJkoAoGCCqGSM49
+AwEHoUQDQgAEQGjDJAD3r/b7oRH2TrgidhLtX+ThLntgul4cdoSEb1fmFcrTgXr4
+utAT4/K3aMZ3GrVtCMb5e94lwOlhuOdPdw==
+-----END EC PRIVATE KEY-----

common/src/mock_certificates/sha256_ecdsa/mock_dsc.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBzCCAa2gAwIBAgIUepk5fECPtH8DJL55fJcGsPCHHowwCgYIKoZIzj0EAwIw
+cjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVN0YXRlMQ0wCwYDVQQHDARDaXR5MRUw
+EwYDVQQKDAxPcmdhbml6YXRpb24xEzARBgNVBAsMCkRlcGFydG1lbnQxGDAWBgNV
+BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0yNDA4MjcxNDE3NDdaFw0yNTA4MjcxNDE3
+NDdaMHIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVTdGF0ZTENMAsGA1UEBwwEQ2l0
+eTEVMBMGA1UECgwMT3JnYW5pemF0aW9uMRMwEQYDVQQLDApEZXBhcnRtZW50MRgw
+FgYDVQQDDA93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
+AARAaMMkAPev9vuhEfZOuCJ2Eu1f5OEue2C6Xhx2hIRvV+YVytOBevi60BPj8rdo
+xncatW0Ixvl73iXA6WG45093oyEwHzAdBgNVHQ4EFgQUUa6p5iCBqbhslwC79LHX
+EyYTiP0wCgYIKoZIzj0EAwIDSAAwRQIhAP6XA1AWr8v6f7EJz3u5GuudyCKqiuBY
+mDhB0W8OhhR2AiAMTm++57YJkbQNxzL75nypXSdZmBfiQXSNM0NFpHEuIQ==
+-----END CERTIFICATE-----

common/src/utils/types.ts

@@ -2,7 +2,7 @@ export type PassportData = {
   mrz: string;
   signatureAlgorithm: string;
   dsc?: string;
-  pubKey: { modulus?: string, exponent?: string, curveName?: string, publicKeyQ?: string };
+  pubKey?: { modulus?: string, exponent?: string, curveName?: string, publicKeyQ?: string };
   dataGroupHashes: number[];
   eContent: number[];
   encryptedDigest: number[];