Merge pull request #366 from zk-passport/hot-fix-off-by-one

hotfix off-by-one issues

circuits/circuits/dsc/dsc.circom

@@ -84,7 +84,7 @@ template DSC(
     // this should guarantee the dsc commitment is unique for each commitment
     component byte_checks[MAX_DSC_LENGTH];
     for (var i = 0; i < MAX_DSC_LENGTH; i++) {
-        byte_checks[i] = GreaterThan(12);
+        byte_checks[i] = GreaterEqThan(12);
         byte_checks[i].in[0] <== i;
         byte_checks[i].in[1] <== raw_dsc_padded_length;
 

circuits/circuits/utils/passport/signatureVerifier.circom

@@ -25,7 +25,7 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
     signal input pubKey[kScaled];
     signal input signature[kScaled];
 
-    var msg_len = (HASH_LEN_BITS + n) \ n;
+    var msg_len = (HASH_LEN_BITS + n - 1) \ n;
 
     signal hashParsed[msg_len] <== HashParser(signatureAlgorithm, n, k)(hash);
 
@@ -124,7 +124,7 @@ template SignatureVerifier(signatureAlgorithm, n, k) {
 
 template HashParser(signatureAlgorithm, n, k) {
     var HASH_LEN_BITS = getHashLength(signatureAlgorithm);
-    var msg_len = (HASH_LEN_BITS + n) \ n;
+    var msg_len = (HASH_LEN_BITS + n - 1) \ n;
 
     component hashParser[msg_len];
     signal input hash[HASH_LEN_BITS];

circuits/tests/dsc/dsc.test.ts

@@ -283,5 +283,18 @@ testSuite.forEach(({ sigAlg, hashFunction, domainParameter, keyLength }) => {
         expect(error.message).to.include('Assert Failed');
       }
     });
+
+    it('should not allow tampering of raw_dsc[raw_dsc_padded_length]', async () => {
+      try {
+        const tamperedInputs = JSON.parse(JSON.stringify(inputs));
+        const paddedLength = Number(tamperedInputs.raw_dsc_padded_length);
+        tamperedInputs.raw_dsc[paddedLength] = '255'; // or any nonzero value
+
+        await circuit.calculateWitness(tamperedInputs);
+        expect.fail('Expected an error but none was thrown.');
+      } catch (error) {
+        expect(error.message).to.include('Assert Failed');
+      }
+    });
   });
 });