diff --git a/Dockerfile b/Dockerfile index abaa574..dd926b5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,4 +14,4 @@ FROM alpine:3.9 COPY --from=buildbase /usr/local/bin/incognito-light-registrator /usr/local/bin/incognito-light-registrator RUN apk add --no-cache ca-certificates -ENTRYPOINT ["incognito-light-registrator", "run", "service"] +ENTRYPOINT ["incognito-light-registrator"] diff --git a/config.yaml b/config.yaml index b83502e..8de014c 100644 --- a/config.yaml +++ b/config.yaml @@ -1,5 +1,13 @@ verifier: + verification_keys_paths: + sha1: "./verification_keys/registerIdentityLight160.json" + sha224: "./verification_keys/registerIdentityLight224.json" + sha256: "./verification_keys/registerIdentityLight256.json" + sha384: "./verification_keys/registerIdentityLight384.json" + sha512: "./verification_keys/registerIdentityLight512.json" master_certs_path: "./masterList.dev.pem" + disableTimeChecks: false + disableNameChecks: false log: level: debug diff --git a/docs/spec/components/schemas/DocumentSod.yaml b/docs/spec/components/schemas/DocumentSod.yaml index 78a613c..de7b14b 100644 --- a/docs/spec/components/schemas/DocumentSod.yaml +++ b/docs/spec/components/schemas/DocumentSod.yaml @@ -1,41 +1,38 @@ -allOf: - - $ref: '#/components/schemas/DocumentSodKey' - - type: object - required: - - attributes - properties: - attributes: - type: object - required: - - hash_algorithm - - signature_algorithm - - signed_attributes - - signature - - encapsulated_content - - pem_file - - dg15 - properties: - hash_algorithm: - type: string - description: The hash algorithm used to hash the content - signature_algorithm: - type: string - description: The signature algorithm used to sign the content - signed_attributes: - type: string - description: The signed attributes, for e.g. 104 bytes-long hex string - signature: - type: string - description: Signature corresponding to the algorithm - encapsulated_content: - type: string - description: The encapsulated content, for e.g. 186 bytes-long hex string - pem_file: - type: string - description: The PEM file containing the public key - dg15: - type: string - description: The Data Group 15, hex string +type: object +required: + - hash_algorithm + - signature_algorithm + - signed_attributes + - signature + - encapsulated_content + - aa_signature + - pem_file + - dg15 +properties: + hash_algorithm: + type: string + description: The hash algorithm used to hash the content + signature_algorithm: + type: string + description: The signature algorithm used to sign the content + signed_attributes: + type: string + description: The signed attributes, for e.g. 104 bytes-long hex string + signature: + type: string + description: Signature corresponding to the algorithm + aa_signature: + type: string + description: The active authentication signature + encapsulated_content: + type: string + description: The encapsulated content, for e.g. 186 bytes-long hex string + pem_file: + type: string + description: The PEM file containing the public key + dg15: + type: string + description: The Data Group 15, hex string diff --git a/docs/spec/components/schemas/Register.yaml b/docs/spec/components/schemas/Register.yaml index c660b77..d63bb2b 100644 --- a/docs/spec/components/schemas/Register.yaml +++ b/docs/spec/components/schemas/Register.yaml @@ -7,14 +7,12 @@ allOf: attributes: type: object required: - - signature - - document_hash + - zk_proof + - document_sod properties: - signature: - type: string - example: 7768792064696420796F75206576656E206465636F6465642069743F - description: ECDSA signature of the document hash - document_hash: - type: string - example: 7768792064696420796F75206576656E206465636F6465642069743F - description: Poseidon hash of the document + zk_proof: + type: object + format: types.ZKProof + description: Zero-knowledge proof with dg1 public input + document_sod: + $ref: '#/components/schemas/DocumentSod' \ No newline at end of file diff --git a/docs/spec/components/schemas/Signature.yaml b/docs/spec/components/schemas/Signature.yaml new file mode 100644 index 0000000..7c4c90f --- /dev/null +++ b/docs/spec/components/schemas/Signature.yaml @@ -0,0 +1,20 @@ +allOf: + - $ref: '#/components/schemas/SignatureKey' + - type: object + required: + - attributes + properties: + attributes: + type: object + required: + - signature + - document_hash + properties: + signature: + type: string + example: 7768792064696420796F75206576656E206465636F6465642069743F + description: ECDSA signature of the document hash + document_hash: + type: string + example: 7768792064696420796F75206576656E206465636F6465642069743F + description: Poseidon hash of the document diff --git a/docs/spec/components/schemas/SignatureKey.yaml b/docs/spec/components/schemas/SignatureKey.yaml new file mode 100644 index 0000000..2822203 --- /dev/null +++ b/docs/spec/components/schemas/SignatureKey.yaml @@ -0,0 +1,11 @@ +type: object +required: + - id + - type +properties: + id: + type: string + type: + type: string + enum: + - signature diff --git a/docs/spec/paths/intergrations@incognito-light-registrator@v1@register.yaml b/docs/spec/paths/intergrations@incognito-light-registrator@v1@register.yaml index d3cd928..4003715 100644 --- a/docs/spec/paths/intergrations@incognito-light-registrator@v1@register.yaml +++ b/docs/spec/paths/intergrations@incognito-light-registrator@v1@register.yaml @@ -13,7 +13,7 @@ post: properties: data: type: object - $ref: '#/components/schemas/DocumentSod' + $ref: '#/components/schemas/Register' responses: '200': description: Success @@ -24,7 +24,7 @@ post: properties: data: type: object - $ref: '#/components/schemas/Register' + $ref: '#/components/schemas/Signature' '500': description: Internal Error content: diff --git a/go.mod b/go.mod index 9281a12..18d0880 100644 --- a/go.mod +++ b/go.mod @@ -8,9 +8,10 @@ require ( github.com/fatih/structs v1.1.0 github.com/go-chi/chi v4.1.2+incompatible github.com/go-ozzo/ozzo-validation/v4 v4.3.0 - github.com/google/jsonapi v0.0.0-20200226002910-c8283f632fb7 github.com/hashicorp/vault/api v1.15.0 github.com/iden3/go-iden3-crypto v0.0.17 + github.com/iden3/go-rapidsnark/types v0.0.3 + github.com/iden3/go-rapidsnark/verifier v0.0.5 github.com/pkg/errors v0.9.1 github.com/rarimo/certificate-transparency-go v0.0.0-20240305114501-050b1f19639a github.com/rubenv/sql-migrate v1.6.1 @@ -42,6 +43,7 @@ require ( github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-ole/go-ole v1.3.0 // indirect + github.com/google/jsonapi v0.0.0-20200226002910-c8283f632fb7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect diff --git a/go.sum b/go.sum index 34b474f..d1795f9 100644 --- a/go.sum +++ b/go.sum @@ -1685,6 +1685,10 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/iden3/go-iden3-crypto v0.0.17 h1:NdkceRLJo/pI4UpcjVah4lN/a3yzxRUGXqxbWcYh9mY= github.com/iden3/go-iden3-crypto v0.0.17/go.mod h1:dLpM4vEPJ3nDHzhWFXDjzkn1qHoBeOT/3UEhXsEsP3E= +github.com/iden3/go-rapidsnark/types v0.0.3 h1:f0s1Qdut1qHe1O67+m+xUVRBPwSXnq5j0xSrBi0jqM4= +github.com/iden3/go-rapidsnark/types v0.0.3/go.mod h1:ApgcaUxKIgSRA6fAeFxK7p+lgXXfG4oA2HN5DhFlfF4= +github.com/iden3/go-rapidsnark/verifier v0.0.5 h1:J7y0ovrEjDQoWtZmlrp4tgGng1A9faMeYsQH4igAEqA= +github.com/iden3/go-rapidsnark/verifier v0.0.5/go.mod h1:KgL3Yr9NehlFDI4EIWVLE3UDUi8ulyjbp7HcXSBfiGI= github.com/imkira/go-interpol v1.1.0/go.mod h1:z0h2/2T3XF8kyEPpRgJ3kmNv+C43p+I/CoI+jC3w2iA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/flux v0.65.1/go.mod h1:J754/zds0vvpfwuq7Gc2wRdVwEodfpCFM7mYlOw2LqY= diff --git a/internal/assets/migrations/001_initial.sql b/internal/assets/migrations/001_initial.sql index 29e6dd4..020750c 100644 --- a/internal/assets/migrations/001_initial.sql +++ b/internal/assets/migrations/001_initial.sql @@ -8,13 +8,15 @@ create table document_sod dg15 varchar(512) not null, -- base64 encoded hash_algorithm smallint not null, -- 0 - sha1, 1 - sha256, 2 - sha384, 3 - sha512 signature_algorithm smallint not null, -- 0 - rsa, 1 - rsapss, 2 - ecdsa, 3 - brainpool - signed_attributes varchar(256) not null, -- hex encoded - encapsulated_content varchar(1024) not null, -- hex encoded - signature varchar(1024) not null, -- hex encoded + signed_attributes varchar(512) not null, -- hex encoded + encapsulated_content varchar(4096) not null, -- hex encoded + signature varchar(4096) not null, -- hex encoded + aa_signature varchar(4096) not null, -- hex encoded pem_file varchar(4096) not null, error_kind smallint, -- 0 - signed attributes validation failed, 1 - PEM file parsing failed, 2 - PEM file validation failed, 3 - signature verification failed error varchar(1024), -- error message - unique nulls not distinct (hash_algorithm, signature_algorithm, signed_attributes, encapsulated_content, signature, error_kind, error) + unique nulls not distinct (hash_algorithm, signature_algorithm, signed_attributes, encapsulated_content, signature, + aa_signature, error_kind, error) -- We need to ensure that we won't store the same document with the same error multiple times. -- Perhaps the same document can fail verification with different errors ); diff --git a/internal/config/verifier.go b/internal/config/verifier.go index b343a44..3ad9aed 100644 --- a/internal/config/verifier.go +++ b/internal/config/verifier.go @@ -3,6 +3,7 @@ package config import ( "os" + "github.com/rarimo/passport-identity-provider/internal/types" "gitlab.com/distributed_lab/figure/v3" "gitlab.com/distributed_lab/kit/comfig" "gitlab.com/distributed_lab/kit/kv" @@ -13,7 +14,10 @@ type VerifierConfiger interface { } type VerifierConfig struct { - MasterCerts []byte + VerificationKeys map[types.HashAlgorithm][]byte + MasterCerts []byte + DisableTimeChecks bool + DisableNameChecks bool } type verifier struct { @@ -30,7 +34,10 @@ func NewVerifierConfiger(getter kv.Getter) VerifierConfiger { func (v *verifier) VerifierConfig() *VerifierConfig { return v.once.Do(func() interface{} { newCfg := struct { - MasterCertsPath string `fig:"master_certs_path,required"` + VerificationKeysPaths map[string]string `fig:"verification_keys_paths,required"` + MasterCertsPath string `fig:"master_certs_path,required"` + DisableTimeChecks bool `fig:"disable_time_checks"` + DisableNameChecks bool `fig:"disable_name_checks"` }{} err := figure. @@ -42,13 +49,26 @@ func (v *verifier) VerifierConfig() *VerifierConfig { panic(err) } + verificationKeys := make(map[types.HashAlgorithm][]byte) + for algo, path := range newCfg.VerificationKeysPaths { + verificationKey, err := os.ReadFile(path) + if err != nil { + panic(err) + } + + verificationKeys[types.HashAlgorithmFromString(algo)] = verificationKey + } + masterCerts, err := os.ReadFile(newCfg.MasterCertsPath) if err != nil { panic(err) } return &VerifierConfig{ - MasterCerts: masterCerts, + VerificationKeys: verificationKeys, + MasterCerts: masterCerts, + DisableTimeChecks: newCfg.DisableTimeChecks, + DisableNameChecks: newCfg.DisableNameChecks, } }).(*VerifierConfig) } diff --git a/internal/data/document_sod.go b/internal/data/document_sod.go index 114101f..a0ac77e 100644 --- a/internal/data/document_sod.go +++ b/internal/data/document_sod.go @@ -23,6 +23,7 @@ type DocumentSOD struct { SignedAttributed string `db:"signed_attributes" structs:"signed_attributes"` EncapsulatedContent string `db:"encapsulated_content" structs:"encapsulated_content"` Signature string `db:"signature" structs:"signature"` + AaSignature string `db:"aa_signature" structs:"aa_signature"` PemFile string `db:"pem_file" structs:"pem_file"` ErrorKind *types.DocumentSODErrorKind `db:"error_kind" structs:"error_kind"` Error *string `db:"error" structs:"error"` diff --git a/internal/data/postgres/document_sod.go b/internal/data/postgres/document_sod.go index c0d85c6..a40111b 100644 --- a/internal/data/postgres/document_sod.go +++ b/internal/data/postgres/document_sod.go @@ -64,7 +64,9 @@ func (q *DocumentSODQ) Insert(value data.DocumentSOD) (*data.DocumentSOD, error) var result data.DocumentSOD clauses := structs.Map(value) stmt := sq.Insert(documentSODTableName).SetMap(clauses).Suffix( - "on conflict (hash_algorithm, signature_algorithm, signed_attributes, encapsulated_content, signature, error_kind, error) do update set updated_at = current_timestamp returning *", + "on conflict " + + "(hash_algorithm, signature_algorithm, signed_attributes, encapsulated_content, signature, aa_signature, error_kind, error) " + + "do update set updated_at = current_timestamp returning *", ) err := q.db.Get(&result, stmt) if errors.Is(err, sql.ErrNoRows) { diff --git a/internal/service/api/handlers/register.go b/internal/service/api/handlers/register.go index a28be94..8bc1828 100644 --- a/internal/service/api/handlers/register.go +++ b/internal/service/api/handlers/register.go @@ -9,10 +9,14 @@ import ( "encoding/json" "encoding/pem" "fmt" + "math/big" "net/http" + "github.com/google/jsonapi" "github.com/iden3/go-iden3-crypto/poseidon" + "github.com/iden3/go-rapidsnark/verifier" errors2 "github.com/pkg/errors" + "github.com/rarimo/passport-identity-provider/internal/config" "github.com/rarimo/passport-identity-provider/internal/data" "github.com/rarimo/passport-identity-provider/internal/types" @@ -37,40 +41,47 @@ func Register(w http.ResponseWriter, r *http.Request) { } algorithmPair := types.AlgorithmPair{ - HashAlgorithm: types.HashAlgorithmFromString(req.Data.Attributes.HashAlgorithm), - SignatureAlgorithm: types.SignatureAlgorithmFromString(req.Data.Attributes.SignatureAlgorithm), + HashAlgorithm: types.HashAlgorithmFromString(req.Data.Attributes.DocumentSod.HashAlgorithm), + SignatureAlgorithm: types.SignatureAlgorithmFromString(req.Data.Attributes.DocumentSod.SignatureAlgorithm), } documentSOD := data.DocumentSOD{ - DG15: req.Data.Attributes.Dg15, + DG15: req.Data.Attributes.DocumentSod.Dg15, HashAlgorigthm: algorithmPair.HashAlgorithm, SignatureAlgorithm: algorithmPair.SignatureAlgorithm, - SignedAttributed: req.Data.Attributes.SignedAttributes, - EncapsulatedContent: req.Data.Attributes.EncapsulatedContent, - Signature: req.Data.Attributes.Signature, - PemFile: req.Data.Attributes.PemFile, - ErrorKind: nil, - Error: nil, + SignedAttributed: req.Data.Attributes.DocumentSod.SignedAttributes, + EncapsulatedContent: req.Data.Attributes.DocumentSod.EncapsulatedContent, + Signature: req.Data.Attributes.DocumentSod.Signature, + + PemFile: req.Data.Attributes.DocumentSod.PemFile, + ErrorKind: nil, + Error: nil, } - var response resources.RegisterResponse + var response *resources.SignatureResponse + var jsonError []*jsonapi.ErrorObject - defer func(documentSOD *data.DocumentSOD, response *resources.RegisterResponse) { - if _, err := api.DocumentSODQ(r).Insert(*documentSOD); err != nil { + defer func() { + if _, err := api.DocumentSODQ(r).Insert(documentSOD); err != nil { api.Log(r).WithError(err).Error("failed to insert document SOD") ape.RenderErr(w, problems.InternalError()) return } + if jsonError != nil { + ape.RenderErr(w, jsonError...) + return + } + if response != nil { ape.Render(w, response) } - }(&documentSOD, &response) + }() rawReqData, err := json.Marshal(req.Data) if err != nil { api.Log(r).WithError(err).Error("failed to marshal register request") - ape.RenderErr(w, problems.InternalError()) + jsonError = append(jsonError, problems.InternalError()) return } log := api.Log(r).WithFields(logan.F{ @@ -80,43 +91,79 @@ func Register(w http.ResponseWriter, r *http.Request) { cfg := api.VerifierConfig(r) - signedAttributes, err := hex.DecodeString(req.Data.Attributes.SignedAttributes) + if err := verifier.VerifyGroth16( + req.Data.Attributes.ZkProof, + cfg.VerificationKeys[types.SHA256], + ); err != nil { + log.WithError(err).Error("failed to verify zk proof") + jsonError = problems.BadRequest(validation.Errors{ + "zk_proof": err, + }) + return + } + + signedAttributes, err := hex.DecodeString(req.Data.Attributes.DocumentSod.SignedAttributes) if err != nil { log.WithError(err).Error("failed to decode signed attributes") - ape.RenderErr(w, problems.BadRequest(validation.Errors{ + jsonError = problems.BadRequest(validation.Errors{ "signed_attributes": err, - })...) + }) return } - encapsulatedContent, err := hex.DecodeString(req.Data.Attributes.EncapsulatedContent) + encapsulatedContent, err := hex.DecodeString(req.Data.Attributes.DocumentSod.EncapsulatedContent) if err != nil { log.WithError(err).Error("failed to decode encapsulated content") - ape.RenderErr(w, problems.BadRequest(validation.Errors{ + jsonError = problems.BadRequest(validation.Errors{ "encapsulated_content": err, - })...) + }) return } - cert, err := parseCertificate([]byte(req.Data.Attributes.PemFile)) + cert, err := parseCertificate([]byte(req.Data.Attributes.DocumentSod.PemFile)) if err != nil { log.WithError(err).Error("failed to parse certificate") - ape.RenderErr(w, problems.BadRequest(validation.Errors{ + jsonError = problems.BadRequest(validation.Errors{ "pem_file": err, - })...) + }) return } - slaveSignature, err := hex.DecodeString(req.Data.Attributes.Signature) + slaveSignature, err := hex.DecodeString(req.Data.Attributes.DocumentSod.Signature) if err != nil { log.WithError(err).Error("failed to decode slaveSignature") - ape.RenderErr(w, problems.BadRequest(validation.Errors{ + jsonError = problems.BadRequest(validation.Errors{ "slaveSignature": err, - })...) + }) + return + } + + dg1, err := getDataGroup(encapsulatedContent, 0) + if err != nil { + log.WithError(err).Error("failed to get data group") + jsonError = append(jsonError, problems.InternalError()) + return + } + + proofDg1Decimal, ok := big.NewInt(0).SetString(req.Data.Attributes.ZkProof.PubSignals[0], 10) + if !ok { + log.Error("failed to convert proofDg1Decimal to big.Int") + jsonError = append(jsonError, problems.InternalError()) return } - err = verifySod(signedAttributes, encapsulatedContent, slaveSignature, cert, algorithmPair, cfg.MasterCerts) + // Since circuit is using 31 bits of dg1, we need to truncate it to last 31 bytes + dg1Truncated := dg1[len(dg1)-31:] + + if !bytes.Equal(dg1Truncated, proofDg1Decimal.Bytes()) { + log.Error("proof contains foreign data group 1") + jsonError = problems.BadRequest(validation.Errors{ + "zk_proof": errors.New("proof contains foreign data group 1"), + }) + return + } + + err = verifySod(signedAttributes, encapsulatedContent, slaveSignature, cert, algorithmPair, cfg) if err != nil { var sodError *types.SodError errors2.As(err, &sodError) @@ -127,7 +174,7 @@ func Register(w http.ResponseWriter, r *http.Request) { documentSOD.Error = sodError.GetOptionalMessage() if resp := mapResponse(sodError.Kind, sodError.Message); resp != nil { - ape.RenderErr(w, problems.BadRequest(resp)...) + jsonError = problems.BadRequest(resp) return } } @@ -135,21 +182,14 @@ func Register(w http.ResponseWriter, r *http.Request) { truncatedSignedAttributes, err := extractBits(signedAttributes, 252) if err != nil { log.WithError(err).Error("failed to extract bits from signed attributes") - ape.RenderErr(w, problems.InternalError()) + jsonError = append(jsonError, problems.InternalError()) return } documentHash, err := poseidon.HashBytes(truncatedSignedAttributes) if err != nil { log.WithError(err).Error("failed to hash signed attributes") - ape.RenderErr(w, problems.InternalError()) - return - } - - dg1, err := getDataGroup(encapsulatedContent, 0) - if err != nil { - log.WithError(err).Error("failed to get data group") - ape.RenderErr(w, problems.InternalError()) + jsonError = append(jsonError, problems.InternalError()) return } @@ -158,28 +198,28 @@ func Register(w http.ResponseWriter, r *http.Request) { signature, err := ecdsa.SignASN1(rand.Reader, api.KeysConfig(r).SignatureKey, message) if err != nil { log.WithError(err).Error("failed to sign message") - ape.RenderErr(w, problems.InternalError()) + jsonError = append(jsonError, problems.InternalError()) return } - response = resources.RegisterResponse{ - Data: resources.Register{ - Key: resources.NewKeyInt64(0, resources.REGISTER), - Attributes: resources.RegisterAttributes{ - Signature: hex.EncodeToString(signature), + response = &resources.SignatureResponse{ + Data: resources.Signature{ + Key: resources.NewKeyInt64(0, resources.SIGNATURE), + Attributes: resources.SignatureAttributes{ DocumentHash: hex.EncodeToString(documentHash.Bytes()), + Signature: hex.EncodeToString(signature), }, }, } } func verifySod( - signedAttributes []byte, - encapsulatedContent []byte, - signature []byte, - cert *x509.Certificate, - algorithmPair types.AlgorithmPair, - masterCertsPem []byte, + signedAttributes []byte, + encapsulatedContent []byte, + signature []byte, + cert *x509.Certificate, + algorithmPair types.AlgorithmPair, + cfg *config.VerifierConfig, ) error { if err := validateSignedAttributes(signedAttributes, encapsulatedContent, algorithmPair.HashAlgorithm); err != nil { return &types.SodError{ @@ -203,7 +243,7 @@ func verifySod( } } - if err := validateCert(cert, masterCertsPem); err != nil { + if err := validateCert(cert, cfg.MasterCerts, cfg.DisableTimeChecks, cfg.DisableNameChecks); err != nil { return &types.SodError{ Kind: types.PEMFileValidateErr.Ptr(), Message: err, @@ -228,9 +268,9 @@ func parseCertificate(pemFile []byte) (*x509.Certificate, error) { } func validateSignedAttributes( - signedAttributes, - encapsulatedContent []byte, - hashAlgorithm types.HashAlgorithm, + signedAttributes, + encapsulatedContent []byte, + hashAlgorithm types.HashAlgorithm, ) error { signedAttributesASN1 := make([]asn1.RawValue, 0) @@ -268,10 +308,10 @@ func validateSignedAttributes( } func verifySignature( - signature []byte, - cert *x509.Certificate, - signedAttributes []byte, - algorithmPair types.AlgorithmPair, + signature []byte, + cert *x509.Certificate, + signedAttributes []byte, + algorithmPair types.AlgorithmPair, ) error { h := types.GeneralHash(algorithmPair.HashAlgorithm) h.Write(signedAttributes) @@ -284,14 +324,14 @@ func verifySignature( return nil } -func validateCert(cert *x509.Certificate, masterCertsPem []byte) error { +func validateCert(cert *x509.Certificate, masterCertsPem []byte, disableTimeChecks, disableNameChecks bool) error { roots := x509.NewCertPool() roots.AppendCertsFromPEM(masterCertsPem) foundCerts, err := cert.Verify(x509.VerifyOptions{ Roots: roots, - DisableTimeChecks: true, - DisableNameChecks: true, + DisableTimeChecks: disableTimeChecks, + DisableNameChecks: disableNameChecks, }) if err != nil { return fmt.Errorf("invalid certificate: %w", err) diff --git a/internal/service/api/requests/register.go b/internal/service/api/requests/register.go new file mode 100644 index 0000000..94b9b3a --- /dev/null +++ b/internal/service/api/requests/register.go @@ -0,0 +1,81 @@ +package requests + +import ( + "encoding/json" + "net/http" + + validation "github.com/go-ozzo/ozzo-validation/v4" + "github.com/rarimo/passport-identity-provider/internal/types" + "github.com/rarimo/passport-identity-provider/resources" + "gitlab.com/distributed_lab/logan/v3/errors" +) + +func NewRegisterRequest(r *http.Request) (request resources.RegisterResponse, err error) { + if err := json.NewDecoder(r.Body).Decode(&request); err != nil { + return request, validation.NewError("err_decode", "failed to unmarshal register request") + } + + return request, validateRegister(request) +} + +func validateRegister(r resources.RegisterResponse) error { + return validation.Errors{ + "/data/attributes/document_sod/signature_algorithm": validation.Validate( + r.Data.Attributes.DocumentSod.SignatureAlgorithm, + validation.Required, + validation.By(func(value interface{}) error { + _, ok := types.IsValidSignatureAlgorithm(value.(string)) + if !ok { + return errors.New("unsupported signature algorithm") + } + + return nil + }), + ), + "/data/attributes/document_sod/hash_algorithm": validation.Validate( + r.Data.Attributes.DocumentSod.HashAlgorithm, + validation.Required, + validation.By(func(value interface{}) error { + _, ok := types.IsValidHashAlgorithm(value.(string)) + if !ok { + return errors.New("unsupported hash algorithm") + } + + return nil + })), + "/data/attributes/document_sod/dg15": validation.Validate( + r.Data.Attributes.DocumentSod.Dg15, + validation.Required, + validation.Length(1, 512), + ), + "/data/attributes/document_sod/signed_attributes": validation.Validate( + r.Data.Attributes.DocumentSod.SignedAttributes, + validation.Required, + validation.Length(1, 512), + ), + "/data/attributes/document_sod/encapsulated_content": validation.Validate( + r.Data.Attributes.DocumentSod.EncapsulatedContent, + validation.Required, + validation.Length(1, 4096), + ), + "/data/attributes/document_sod/signature": validation.Validate( + r.Data.Attributes.DocumentSod.Signature, + validation.Required, + validation.Length(1, 4096), + ), + "/data/attributes/document_sod/aa_signature": validation.Validate( + r.Data.Attributes.DocumentSod.AaSignature, + validation.Required, + validation.Length(1, 4096), + ), + "/data/attributes/document_sod/pem_file": validation.Validate( + r.Data.Attributes.DocumentSod.PemFile, + validation.Required, + validation.Length(1, 4096), + ), + "/data/attributes/zk_proof/proof": validation.Validate( + r.Data.Attributes.ZkProof.Proof, + validation.Required, + ), + }.Filter() +} diff --git a/internal/service/api/requests/verify_sod.go b/internal/service/api/requests/verify_sod.go deleted file mode 100644 index 2934ce0..0000000 --- a/internal/service/api/requests/verify_sod.go +++ /dev/null @@ -1,73 +0,0 @@ -package requests - -import ( - "encoding/json" - "net/http" - - validation "github.com/go-ozzo/ozzo-validation/v4" - "github.com/rarimo/passport-identity-provider/internal/types" - "github.com/rarimo/passport-identity-provider/resources" - "gitlab.com/distributed_lab/logan/v3/errors" -) - -func NewRegisterRequest(r *http.Request) (request resources.DocumentSodResponse, err error) { - err = json.NewDecoder(r.Body).Decode(&request) - if err != nil { - return request, validation.NewError("err_decode", "failed to unmarshal verify sod request") - } - - return request, validateRegister(request) -} - -func validateRegister(r resources.DocumentSodResponse) error { - return validation.Errors{ - "/data/attributes/signature_algorithm": validation.Validate( - r.Data.Attributes.SignatureAlgorithm, - validation.Required, - validation.By(func(value interface{}) error { - _, ok := types.IsValidSignatureAlgorithm(value.(string)) - if !ok { - return errors.New("unsupported signature algorithm") - } - - return nil - }), - ), - "/data/attributes/hash_algorithm": validation.Validate( - r.Data.Attributes.HashAlgorithm, - validation.Required, - validation.By(func(value interface{}) error { - _, ok := types.IsValidHashAlgorithm(value.(string)) - if !ok { - return errors.New("unsupported hash algorithm") - } - - return nil - })), - "/data/attributes/dg15": validation.Validate( - r.Data.Attributes.Dg15, - validation.Required, - validation.Length(1, 512), - ), - "/data/attributes/signed_attributes": validation.Validate( - r.Data.Attributes.SignedAttributes, - validation.Required, - validation.Length(1, 256), - ), - "/data/attributes/encapsulated_content": validation.Validate( - r.Data.Attributes.SignedAttributes, - validation.Required, - validation.Length(1, 1024), - ), - "/data/attributes/signature": validation.Validate( - r.Data.Attributes.SignedAttributes, - validation.Required, - validation.Length(1, 1024), - ), - "/data/attributes/pem_file": validation.Validate( - r.Data.Attributes.SignedAttributes, - validation.Required, - validation.Length(1, 4096), - ), - }.Filter() -} diff --git a/internal/types/enums.go b/internal/types/enums.go index 1a222bb..530d6d7 100644 --- a/internal/types/enums.go +++ b/internal/types/enums.go @@ -1,9 +1,12 @@ package types +import "strings" + type HashAlgorithm uint8 const ( SHA1 HashAlgorithm = iota + SHA224 SHA256 SHA384 SHA512 @@ -11,6 +14,7 @@ const ( var hashAlgorithmMap = map[string]HashAlgorithm{ "SHA1": SHA1, + "SHA224": SHA224, "SHA256": SHA256, "SHA384": SHA384, "SHA512": SHA512, @@ -20,6 +24,8 @@ func (h HashAlgorithm) String() string { switch h { case SHA1: return "SHA1" + case SHA224: + return "SHA224" case SHA256: return "SHA256" case SHA384: @@ -27,12 +33,12 @@ func (h HashAlgorithm) String() string { case SHA512: return "SHA512" default: - return "Unknown" + return Unknown } } func HashAlgorithmFromString(alg string) HashAlgorithm { - h, ok := hashAlgorithmMap[alg] + h, ok := hashAlgorithmMap[strings.ToUpper(alg)] if !ok { return HashAlgorithm(0) } @@ -50,14 +56,13 @@ const ( RSA SignatureAlgorithm = iota RSAPSS ECDSA - Brainpool + Unknown = "Unknown" ) var signatureAlgorithmMap = map[string]SignatureAlgorithm{ - "RSA": RSA, - "RSA-PSS": RSAPSS, - "ECDSA": ECDSA, - "Brainpool": Brainpool, + "RSA": RSA, + "RSA-PSS": RSAPSS, + "ECDSA": ECDSA, } func (s SignatureAlgorithm) String() string { @@ -68,10 +73,8 @@ func (s SignatureAlgorithm) String() string { return "RSA-PSS" case ECDSA: return "ECDSA" - case Brainpool: - return "Brainpool" default: - return "Unknown" + return Unknown } } diff --git a/internal/types/errors.go b/internal/types/errors.go index 3a824ac..19158e4 100644 --- a/internal/types/errors.go +++ b/internal/types/errors.go @@ -44,7 +44,7 @@ type SodError struct { } func (e *SodError) Error() string { - return fmt.Sprintf("%s: %e", e.Kind, e.Message) + return fmt.Sprintf("%s: %s", e.Kind, e.Message) } func (e *SodError) GetOptionalMessage() *string { diff --git a/internal/types/signature_algorithm.go b/internal/types/signature_algorithm.go index 9053d0b..ae57a0c 100644 --- a/internal/types/signature_algorithm.go +++ b/internal/types/signature_algorithm.go @@ -3,9 +3,13 @@ package types import ( "crypto" "crypto/ecdsa" + "crypto/elliptic" "crypto/rsa" + "fmt" "hash" + "reflect" + "github.com/keybase/go-crypto/brainpool" "github.com/rarimo/passport-identity-provider/internal/algorithms" "gitlab.com/distributed_lab/logan/v3/errors" ) @@ -43,17 +47,9 @@ func GeneralVerify(publicKey interface{}, hash []byte, signature []byte, algo Al if !ok { return ErrInvalidPublicKey{Expected: algo.SignatureAlgorithm} } - if !ecdsa.VerifyASN1(ecdsaKey, hash, signature) { - return errors.New("ECDSA verification failed") - } - case Brainpool: - ecdsaKey, ok := publicKey.(*ecdsa.PublicKey) - if !ok { - return ErrInvalidPublicKey{Expected: algo.SignatureAlgorithm} - } - if err := algorithms.VerifyBrainpool(hash, signature, ecdsaKey); err != nil { - return errors.Wrap(err, "failed to verify brainpool signature") + if err := verifyECDSA(ecdsaKey, hash, signature); err != nil { + return errors.Wrap(err, "failed to verify ECDSA signature") } default: return errors.New("unsupported signature algorithm") @@ -65,6 +61,8 @@ func GeneralHash(algorithm HashAlgorithm) hash.Hash { switch algorithm { case SHA1: return crypto.SHA1.New() + case SHA224: + return crypto.SHA224.New() case SHA256: return crypto.SHA256.New() case SHA384: @@ -81,6 +79,8 @@ func getCryptoHash(hashAlgorithm HashAlgorithm) crypto.Hash { switch hashAlgorithm { case SHA1: return crypto.SHA1 + case SHA224: + return crypto.SHA224 case SHA256: return crypto.SHA256 case SHA384: @@ -91,3 +91,22 @@ func getCryptoHash(hashAlgorithm HashAlgorithm) crypto.Hash { return 0 } } + +func verifyECDSA(ecdsaKey *ecdsa.PublicKey, hash []byte, signature []byte) error { + //print type of ecdsaKey.Curve + fmt.Println(reflect.TypeOf(ecdsaKey.Curve)) + switch ecdsaKey.Curve { + case elliptic.P224(), elliptic.P256(), elliptic.P384(), elliptic.P521(): + if !ecdsa.VerifyASN1(ecdsaKey, hash, signature) { + return errors.New("ECDSA verification failed") + } + case brainpool.P256r1(), brainpool.P384r1(), brainpool.P512r1(), + brainpool.P256t1(), brainpool.P384t1(), brainpool.P512t1(): + if err := algorithms.VerifyBrainpool(hash, signature, ecdsaKey); err != nil { + return errors.Wrap(err, "failed to verify brainpool signature") + } + default: + return errors.New("unsupported curve") + } + return nil +} diff --git a/resources/model_document_sod.go b/resources/model_document_sod.go index 5557cfe..f05644b 100644 --- a/resources/model_document_sod.go +++ b/resources/model_document_sod.go @@ -5,27 +5,20 @@ package resources type DocumentSod struct { - Key - Attributes DocumentSodAttributes `json:"attributes"` -} -type DocumentSodResponse struct { - Data DocumentSod `json:"data"` - Included Included `json:"included"` -} - -type DocumentSodListResponse struct { - Data []DocumentSod `json:"data"` - Included Included `json:"included"` - Links *Links `json:"links"` -} - -// MustDocumentSod - returns DocumentSod from include collection. -// if entry with specified key does not exist - returns nil -// if entry with specified key exists but type or ID mismatches - panics -func (c *Included) MustDocumentSod(key Key) *DocumentSod { - var documentSod DocumentSod - if c.tryFindEntry(key, &documentSod) { - return &documentSod - } - return nil + // The active authentication signature + AaSignature string `json:"aa_signature"` + // The Data Group 15, hex string + Dg15 string `json:"dg15"` + // The encapsulated content, for e.g. 186 bytes-long hex string + EncapsulatedContent string `json:"encapsulated_content"` + // The hash algorithm used to hash the content + HashAlgorithm string `json:"hash_algorithm"` + // The PEM file containing the public key + PemFile string `json:"pem_file"` + // Signature corresponding to the algorithm + Signature string `json:"signature"` + // The signature algorithm used to sign the content + SignatureAlgorithm string `json:"signature_algorithm"` + // The signed attributes, for e.g. 104 bytes-long hex string + SignedAttributes string `json:"signed_attributes"` } diff --git a/resources/model_document_sod_attributes.go b/resources/model_document_sod_attributes.go deleted file mode 100644 index 890203e..0000000 --- a/resources/model_document_sod_attributes.go +++ /dev/null @@ -1,22 +0,0 @@ -/* - * GENERATED. Do not modify. Your changes might be overwritten! - */ - -package resources - -type DocumentSodAttributes struct { - // The Data Group 15, hex string - Dg15 string `json:"dg15"` - // The encapsulated content, for e.g. 186 bytes-long hex string - EncapsulatedContent string `json:"encapsulated_content"` - // The hash algorithm used to hash the content - HashAlgorithm string `json:"hash_algorithm"` - // The PEM file containing the public key - PemFile string `json:"pem_file"` - // Signature corresponding to the algorithm - Signature string `json:"signature"` - // The signature algorithm used to sign the content - SignatureAlgorithm string `json:"signature_algorithm"` - // The signed attributes, for e.g. 104 bytes-long hex string - SignedAttributes string `json:"signed_attributes"` -} diff --git a/resources/model_register_attributes.go b/resources/model_register_attributes.go index bc975a8..1ffe147 100644 --- a/resources/model_register_attributes.go +++ b/resources/model_register_attributes.go @@ -4,9 +4,10 @@ package resources +import "github.com/iden3/go-rapidsnark/types" + type RegisterAttributes struct { - // Poseidon hash of the document - DocumentHash string `json:"document_hash"` - // ECDSA signature of the document hash - Signature string `json:"signature"` + DocumentSod DocumentSod `json:"document_sod"` + // Zero-knowledge proof with dg1 public input + ZkProof types.ZKProof `json:"zk_proof"` } diff --git a/resources/model_resource_type.go b/resources/model_resource_type.go index 1dadeb8..c103383 100644 --- a/resources/model_resource_type.go +++ b/resources/model_resource_type.go @@ -10,4 +10,5 @@ type ResourceType string const ( DOCUMENT_SOD ResourceType = "document-sod" REGISTER ResourceType = "register" + SIGNATURE ResourceType = "signature" ) diff --git a/resources/model_signature.go b/resources/model_signature.go new file mode 100644 index 0000000..47be1d9 --- /dev/null +++ b/resources/model_signature.go @@ -0,0 +1,31 @@ +/* + * GENERATED. Do not modify. Your changes might be overwritten! + */ + +package resources + +type Signature struct { + Key + Attributes SignatureAttributes `json:"attributes"` +} +type SignatureResponse struct { + Data Signature `json:"data"` + Included Included `json:"included"` +} + +type SignatureListResponse struct { + Data []Signature `json:"data"` + Included Included `json:"included"` + Links *Links `json:"links"` +} + +// MustSignature - returns Signature from include collection. +// if entry with specified key does not exist - returns nil +// if entry with specified key exists but type or ID mismatches - panics +func (c *Included) MustSignature(key Key) *Signature { + var signature Signature + if c.tryFindEntry(key, &signature) { + return &signature + } + return nil +} diff --git a/resources/model_signature_attributes.go b/resources/model_signature_attributes.go new file mode 100644 index 0000000..22ecc97 --- /dev/null +++ b/resources/model_signature_attributes.go @@ -0,0 +1,12 @@ +/* + * GENERATED. Do not modify. Your changes might be overwritten! + */ + +package resources + +type SignatureAttributes struct { + // Poseidon hash of the document + DocumentHash string `json:"document_hash"` + // ECDSA signature of the document hash + Signature string `json:"signature"` +} diff --git a/verification_keys/registerIdentityLight160.json b/verification_keys/registerIdentityLight160.json new file mode 100644 index 0000000..54257e8 --- /dev/null +++ b/verification_keys/registerIdentityLight160.json @@ -0,0 +1,104 @@ +{ + "protocol": "groth16", + "curve": "bn128", + "nPublic": 3, + "vk_alpha_1": [ + "20491192805390485299153009773594534940189261866228447918068658471970481763042", + "9383485363053290200918347156157836566562967994039712273449902621266178545958", + "1" + ], + "vk_beta_2": [ + [ + "6375614351688725206403948262868962793625744043794305715222011528459656738731", + "4252822878758300859123897981450591353533073413197771768651442665752259397132" + ], + [ + "10505242626370262277552901082094356697409835680220590971873171140371331206856", + "21847035105528745403288232691147584728191162732299865338377159692350059136679" + ], + [ + "1", + "0" + ] + ], + "vk_gamma_2": [ + [ + "10857046999023057135944570762232829481370756359578518086990519993285655852781", + "11559732032986387107991004021392285783925812861821192530917403151452391805634" + ], + [ + "8495653923123431417604973247489272438418190587263600148770280649306958101930", + "4082367875863433681332203403145435568316851327593401208105741076214120093531" + ], + [ + "1", + "0" + ] + ], + "vk_delta_2": [ + [ + "12332182442772026061532463402195922904484652168320406058917153242039787029124", + "7464177824610983307005740376234062407980911552344061210615932548437251433336" + ], + [ + "20249923108983612536541993853253052729015083279950856711269450127011991451714", + "3091641843146585314920371491385675874805613124750904273225176458140419096189" + ], + [ + "1", + "0" + ] + ], + "vk_alphabeta_12": [ + [ + [ + "2029413683389138792403550203267699914886160938906632433982220835551125967885", + "21072700047562757817161031222997517981543347628379360635925549008442030252106" + ], + [ + "5940354580057074848093997050200682056184807770593307860589430076672439820312", + "12156638873931618554171829126792193045421052652279363021382169897324752428276" + ], + [ + "7898200236362823042373859371574133993780991612861777490112507062703164551277", + "7074218545237549455313236346927434013100842096812539264420499035217050630853" + ] + ], + [ + [ + "7077479683546002997211712695946002074877511277312570035766170199895071832130", + "10093483419865920389913245021038182291233451549023025229112148274109565435465" + ], + [ + "4595479056700221319381530156280926371456704509942304414423590385166031118820", + "19831328484489333784475432780421641293929726139240675179672856274388269393268" + ], + [ + "11934129596455521040620786944827826205713621633706285934057045369193958244500", + "8037395052364110730298837004334506829870972346962140206007064471173334027475" + ] + ] + ], + "IC": [ + [ + "20349435726303868385690895524466146481538595742316644502027428688090812304748", + "8497653594025335127509748616381019098271669042312847018720793147370622770322", + "1" + ], + [ + "7618230016779813947936548809162030741013764904420405332759144755798695997641", + "12245121283281875421296145276713189976174075865252576946667873206706959263144", + "1" + ], + [ + "12143967266017632687075184861752968737400472253371389347964345909784645967094", + "19277562751550954377761419603853342685141377171185508208174780508899555392348", + "1" + ], + [ + "20574052471301075832166532620085793553873377990800519535149126747662976784503", + "11361754778472978979167817608710117232580993916765512558182336192859531891328", + "1" + ] + ] +} \ No newline at end of file diff --git a/verification_keys/registerIdentityLight224.json b/verification_keys/registerIdentityLight224.json new file mode 100644 index 0000000..7330fb0 --- /dev/null +++ b/verification_keys/registerIdentityLight224.json @@ -0,0 +1,104 @@ +{ + "protocol": "groth16", + "curve": "bn128", + "nPublic": 3, + "vk_alpha_1": [ + "20491192805390485299153009773594534940189261866228447918068658471970481763042", + "9383485363053290200918347156157836566562967994039712273449902621266178545958", + "1" + ], + "vk_beta_2": [ + [ + "6375614351688725206403948262868962793625744043794305715222011528459656738731", + "4252822878758300859123897981450591353533073413197771768651442665752259397132" + ], + [ + "10505242626370262277552901082094356697409835680220590971873171140371331206856", + "21847035105528745403288232691147584728191162732299865338377159692350059136679" + ], + [ + "1", + "0" + ] + ], + "vk_gamma_2": [ + [ + "10857046999023057135944570762232829481370756359578518086990519993285655852781", + "11559732032986387107991004021392285783925812861821192530917403151452391805634" + ], + [ + "8495653923123431417604973247489272438418190587263600148770280649306958101930", + "4082367875863433681332203403145435568316851327593401208105741076214120093531" + ], + [ + "1", + "0" + ] + ], + "vk_delta_2": [ + [ + "15713463791781049874728070408359051925633360844252096970748543581073820154017", + "7834705987400213832654482879284608247211273342907346498433201812351743326550" + ], + [ + "18785935708316386048807622408608175376450166653438440654145636676645554166030", + "9960303067610396047265975354690935301458735339005627828526828963951265833671" + ], + [ + "1", + "0" + ] + ], + "vk_alphabeta_12": [ + [ + [ + "2029413683389138792403550203267699914886160938906632433982220835551125967885", + "21072700047562757817161031222997517981543347628379360635925549008442030252106" + ], + [ + "5940354580057074848093997050200682056184807770593307860589430076672439820312", + "12156638873931618554171829126792193045421052652279363021382169897324752428276" + ], + [ + "7898200236362823042373859371574133993780991612861777490112507062703164551277", + "7074218545237549455313236346927434013100842096812539264420499035217050630853" + ] + ], + [ + [ + "7077479683546002997211712695946002074877511277312570035766170199895071832130", + "10093483419865920389913245021038182291233451549023025229112148274109565435465" + ], + [ + "4595479056700221319381530156280926371456704509942304414423590385166031118820", + "19831328484489333784475432780421641293929726139240675179672856274388269393268" + ], + [ + "11934129596455521040620786944827826205713621633706285934057045369193958244500", + "8037395052364110730298837004334506829870972346962140206007064471173334027475" + ] + ] + ], + "IC": [ + [ + "16021720986994023839045556452771522836858090081700715530292594617309924269579", + "13594283472226049115124097576752908610589316199529061389269052153309165676516", + "1" + ], + [ + "18690805862834858837267080816430038044064723091728304099870642848030496550770", + "10215125565427426491709621200106259568328671289468640624443539421364531371216", + "1" + ], + [ + "18796505394079206082600292661633691936761371596120188411147722737603294837590", + "1121894399568100959910413213468154592683150638260580461512139659150923719975", + "1" + ], + [ + "4678945113863386760438849690757650811219476819937609876975421977973533253953", + "14173498963267645827891248481396713947897070300527005985896563335692207023061", + "1" + ] + ] +} \ No newline at end of file diff --git a/verification_keys/registerIdentityLight256.json b/verification_keys/registerIdentityLight256.json new file mode 100644 index 0000000..19e4a06 --- /dev/null +++ b/verification_keys/registerIdentityLight256.json @@ -0,0 +1,104 @@ +{ + "protocol": "groth16", + "curve": "bn128", + "nPublic": 3, + "vk_alpha_1": [ + "20491192805390485299153009773594534940189261866228447918068658471970481763042", + "9383485363053290200918347156157836566562967994039712273449902621266178545958", + "1" + ], + "vk_beta_2": [ + [ + "6375614351688725206403948262868962793625744043794305715222011528459656738731", + "4252822878758300859123897981450591353533073413197771768651442665752259397132" + ], + [ + "10505242626370262277552901082094356697409835680220590971873171140371331206856", + "21847035105528745403288232691147584728191162732299865338377159692350059136679" + ], + [ + "1", + "0" + ] + ], + "vk_gamma_2": [ + [ + "10857046999023057135944570762232829481370756359578518086990519993285655852781", + "11559732032986387107991004021392285783925812861821192530917403151452391805634" + ], + [ + "8495653923123431417604973247489272438418190587263600148770280649306958101930", + "4082367875863433681332203403145435568316851327593401208105741076214120093531" + ], + [ + "1", + "0" + ] + ], + "vk_delta_2": [ + [ + "10024655051728395812564307039738346388454604848124933406202507965194273799917", + "10937043963655185952891449223625636213959039570715537527210240567875698546497" + ], + [ + "19680239487707527798110040460768721884036997340435808307578785917462138857357", + "3288878702757913739253373321195210173509136075843368700533242800223626150044" + ], + [ + "1", + "0" + ] + ], + "vk_alphabeta_12": [ + [ + [ + "2029413683389138792403550203267699914886160938906632433982220835551125967885", + "21072700047562757817161031222997517981543347628379360635925549008442030252106" + ], + [ + "5940354580057074848093997050200682056184807770593307860589430076672439820312", + "12156638873931618554171829126792193045421052652279363021382169897324752428276" + ], + [ + "7898200236362823042373859371574133993780991612861777490112507062703164551277", + "7074218545237549455313236346927434013100842096812539264420499035217050630853" + ] + ], + [ + [ + "7077479683546002997211712695946002074877511277312570035766170199895071832130", + "10093483419865920389913245021038182291233451549023025229112148274109565435465" + ], + [ + "4595479056700221319381530156280926371456704509942304414423590385166031118820", + "19831328484489333784475432780421641293929726139240675179672856274388269393268" + ], + [ + "11934129596455521040620786944827826205713621633706285934057045369193958244500", + "8037395052364110730298837004334506829870972346962140206007064471173334027475" + ] + ] + ], + "IC": [ + [ + "4179432338433124082507168334716073369977625424306513458535481875746097550658", + "12714499129458131796726486922435073908760835207347394165560527204719372283417", + "1" + ], + [ + "15796010941534208751370774490726059448355760291220049636894135052670536978530", + "4411190147057228862091306245729888086078023337791017667104000774333055394870", + "1" + ], + [ + "18796505394079206082600292661633691936761371596120188411147722737603294837590", + "1121894399568100959910413213468154592683150638260580461512139659150923719975", + "1" + ], + [ + "4678945113863386760438849690757650811219476819937609876975421977973533253953", + "14173498963267645827891248481396713947897070300527005985896563335692207023061", + "1" + ] + ] +} \ No newline at end of file diff --git a/verification_keys/registerIdentityLight384.json b/verification_keys/registerIdentityLight384.json new file mode 100644 index 0000000..b0217b6 --- /dev/null +++ b/verification_keys/registerIdentityLight384.json @@ -0,0 +1,104 @@ +{ + "protocol": "groth16", + "curve": "bn128", + "nPublic": 3, + "vk_alpha_1": [ + "20491192805390485299153009773594534940189261866228447918068658471970481763042", + "9383485363053290200918347156157836566562967994039712273449902621266178545958", + "1" + ], + "vk_beta_2": [ + [ + "6375614351688725206403948262868962793625744043794305715222011528459656738731", + "4252822878758300859123897981450591353533073413197771768651442665752259397132" + ], + [ + "10505242626370262277552901082094356697409835680220590971873171140371331206856", + "21847035105528745403288232691147584728191162732299865338377159692350059136679" + ], + [ + "1", + "0" + ] + ], + "vk_gamma_2": [ + [ + "10857046999023057135944570762232829481370756359578518086990519993285655852781", + "11559732032986387107991004021392285783925812861821192530917403151452391805634" + ], + [ + "8495653923123431417604973247489272438418190587263600148770280649306958101930", + "4082367875863433681332203403145435568316851327593401208105741076214120093531" + ], + [ + "1", + "0" + ] + ], + "vk_delta_2": [ + [ + "20920478363756885826557448382492133433438051226802271107044625325075887619878", + "11165441086203221830564434281092153828694100276925141548132295268982789784218" + ], + [ + "16379963167594355624397041694142678582673604414859527578769631435571901320739", + "329638903360336659502662742168939111382564162309368768872389687402883811153" + ], + [ + "1", + "0" + ] + ], + "vk_alphabeta_12": [ + [ + [ + "2029413683389138792403550203267699914886160938906632433982220835551125967885", + "21072700047562757817161031222997517981543347628379360635925549008442030252106" + ], + [ + "5940354580057074848093997050200682056184807770593307860589430076672439820312", + "12156638873931618554171829126792193045421052652279363021382169897324752428276" + ], + [ + "7898200236362823042373859371574133993780991612861777490112507062703164551277", + "7074218545237549455313236346927434013100842096812539264420499035217050630853" + ] + ], + [ + [ + "7077479683546002997211712695946002074877511277312570035766170199895071832130", + "10093483419865920389913245021038182291233451549023025229112148274109565435465" + ], + [ + "4595479056700221319381530156280926371456704509942304414423590385166031118820", + "19831328484489333784475432780421641293929726139240675179672856274388269393268" + ], + [ + "11934129596455521040620786944827826205713621633706285934057045369193958244500", + "8037395052364110730298837004334506829870972346962140206007064471173334027475" + ] + ] + ], + "IC": [ + [ + "8958748513494058508599191426944138752237723060989629885038137078978463172227", + "4914214867090836473397542537588042343107930445150928081188031438063227238585", + "1" + ], + [ + "11637195806071434341598534723644239565519206257928292801099367935388755595989", + "13796067696679506753382694179027254081697448827749121543805129157701971513652", + "1" + ], + [ + "9660917988021801458534214617659058002652266153176087555013704979536707738690", + "4470882805288917516012047038336848119476613701332909259888198696601506932384", + "1" + ], + [ + "7956535661116822197218826069905896150124433038776757351581060766576643991459", + "3526572257993380078734696900863011236346281307961566554617165013663546039781", + "1" + ] + ] +} \ No newline at end of file diff --git a/verification_keys/registerIdentityLight512.json b/verification_keys/registerIdentityLight512.json new file mode 100644 index 0000000..2d6acaa --- /dev/null +++ b/verification_keys/registerIdentityLight512.json @@ -0,0 +1,104 @@ +{ + "protocol": "groth16", + "curve": "bn128", + "nPublic": 3, + "vk_alpha_1": [ + "20491192805390485299153009773594534940189261866228447918068658471970481763042", + "9383485363053290200918347156157836566562967994039712273449902621266178545958", + "1" + ], + "vk_beta_2": [ + [ + "6375614351688725206403948262868962793625744043794305715222011528459656738731", + "4252822878758300859123897981450591353533073413197771768651442665752259397132" + ], + [ + "10505242626370262277552901082094356697409835680220590971873171140371331206856", + "21847035105528745403288232691147584728191162732299865338377159692350059136679" + ], + [ + "1", + "0" + ] + ], + "vk_gamma_2": [ + [ + "10857046999023057135944570762232829481370756359578518086990519993285655852781", + "11559732032986387107991004021392285783925812861821192530917403151452391805634" + ], + [ + "8495653923123431417604973247489272438418190587263600148770280649306958101930", + "4082367875863433681332203403145435568316851327593401208105741076214120093531" + ], + [ + "1", + "0" + ] + ], + "vk_delta_2": [ + [ + "11162227726412670331525004561008161086115274445056892148102775713121895310353", + "3387259999311938725151085858998115553074670755997850426319505603531219882007" + ], + [ + "12176000192246658389921929645549310373381949728546676297767733512117951594990", + "6751278131593240514485822017454775551862786472928973888422025785566093161187" + ], + [ + "1", + "0" + ] + ], + "vk_alphabeta_12": [ + [ + [ + "2029413683389138792403550203267699914886160938906632433982220835551125967885", + "21072700047562757817161031222997517981543347628379360635925549008442030252106" + ], + [ + "5940354580057074848093997050200682056184807770593307860589430076672439820312", + "12156638873931618554171829126792193045421052652279363021382169897324752428276" + ], + [ + "7898200236362823042373859371574133993780991612861777490112507062703164551277", + "7074218545237549455313236346927434013100842096812539264420499035217050630853" + ] + ], + [ + [ + "7077479683546002997211712695946002074877511277312570035766170199895071832130", + "10093483419865920389913245021038182291233451549023025229112148274109565435465" + ], + [ + "4595479056700221319381530156280926371456704509942304414423590385166031118820", + "19831328484489333784475432780421641293929726139240675179672856274388269393268" + ], + [ + "11934129596455521040620786944827826205713621633706285934057045369193958244500", + "8037395052364110730298837004334506829870972346962140206007064471173334027475" + ] + ] + ], + "IC": [ + [ + "2361597157333949405444551808660905822518513818917441435771632219638879364895", + "11843470797144390446779295046401105119065931507359093609062612428361329499677", + "1" + ], + [ + "11520068037387614772235658828483597072828893176043759014855542849469627748429", + "12806915968118383368769176060835098711480471542738558271454427667093846432359", + "1" + ], + [ + "9660917988021801458534214617659058002652266153176087555013704979536707738690", + "4470882805288917516012047038336848119476613701332909259888198696601506932384", + "1" + ], + [ + "7956535661116822197218826069905896150124433038776757351581060766576643991459", + "3526572257993380078734696900863011236346281307961566554617165013663546039781", + "1" + ] + ] +} \ No newline at end of file