From 0481625a8c8b3162313c122b1df065da0e0c5f7f Mon Sep 17 00:00:00 2001
From: roman_harazha <roman.harazha@gmail.com>
Date: Thu, 15 Feb 2024 14:54:43 +0200
Subject: [PATCH] check proofs using switch between SHA1 and SHA256
 verification keys

---
 config.yaml                                   |   4 +-
 internal/config/verifier.go                   |  35 +++--
 .../service/api/handlers/create_identity.go   |  17 ++-
 ...ion_key.json => sha1_verification_key.json |  52 +++----
 sha256_verification_key.json                  | 139 ++++++++++++++++++
 5 files changed, 202 insertions(+), 45 deletions(-)
 rename verification_key.json => sha1_verification_key.json (52%)
 create mode 100644 sha256_verification_key.json

diff --git a/config.yaml b/config.yaml
index cec3d96..6608610 100644
--- a/config.yaml
+++ b/config.yaml
@@ -1,5 +1,7 @@
 verifier:
-  verification_key_path: "./verification_key.json"
+  verification_keys_paths:
+    sha1: "./sha1_verification_key.json"
+    sha256: "./sha256_verification_key.json"
   master_certs_path: "./masterList.dev.pem"
   allowed_age: 18
   blinder: 1 # big value required
diff --git a/internal/config/verifier.go b/internal/config/verifier.go
index adca40f..47d762a 100644
--- a/internal/config/verifier.go
+++ b/internal/config/verifier.go
@@ -14,10 +14,10 @@ type VerifierConfiger interface {
 }
 
 type VerifierConfig struct {
-	VerificationKey []byte
-	MasterCerts     []byte
-	AllowedAge      int
-	Blinder         *big.Int
+	VerificationKeys map[string][]byte
+	MasterCerts      []byte
+	AllowedAge       int
+	Blinder          *big.Int
 }
 
 type verifier struct {
@@ -34,10 +34,10 @@ func NewVerifierConfiger(getter kv.Getter) VerifierConfiger {
 func (v *verifier) VerifierConfig() *VerifierConfig {
 	return v.once.Do(func() interface{} {
 		newCfg := struct {
-			VerificationKeyPath string `fig:"verification_key_path,required"`
-			MasterCertsPath     string `fig:"master_certs_path,required"`
-			AllowedAge          int    `fig:"allowed_age,required"`
-			Blinder             string `fig:"blinder,required"`
+			VerificationKeysPaths map[string]string `fig:"verification_keys_paths,required"`
+			MasterCertsPath       string            `fig:"master_certs_path,required"`
+			AllowedAge            int               `fig:"allowed_age,required"`
+			Blinder               string            `fig:"blinder,required"`
 		}{}
 
 		err := figure.
@@ -48,9 +48,14 @@ func (v *verifier) VerifierConfig() *VerifierConfig {
 			panic(err)
 		}
 
-		verificationKey, err := os.ReadFile(newCfg.VerificationKeyPath)
-		if err != nil {
-			panic(err)
+		verificationKeys := make(map[string][]byte)
+		for algo, path := range newCfg.VerificationKeysPaths {
+			verificationKey, err := os.ReadFile(path)
+			if err != nil {
+				panic(err)
+			}
+
+			verificationKeys[algo] = verificationKey
 		}
 
 		masterCerts, err := os.ReadFile(newCfg.MasterCertsPath)
@@ -64,10 +69,10 @@ func (v *verifier) VerifierConfig() *VerifierConfig {
 		}
 
 		return &VerifierConfig{
-			VerificationKey: verificationKey,
-			MasterCerts:     masterCerts,
-			AllowedAge:      newCfg.AllowedAge,
-			Blinder:         blinder,
+			VerificationKeys: verificationKeys,
+			MasterCerts:      masterCerts,
+			AllowedAge:       newCfg.AllowedAge,
+			Blinder:          blinder,
 		}
 	}).(*VerifierConfig)
 }
diff --git a/internal/service/api/handlers/create_identity.go b/internal/service/api/handlers/create_identity.go
index 2f22879..1992442 100644
--- a/internal/service/api/handlers/create_identity.go
+++ b/internal/service/api/handlers/create_identity.go
@@ -35,6 +35,9 @@ import (
 // https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set1_sigalgs_list.html
 
 const (
+	SHA1   = "sha1"
+	SHA256 = "sha256"
+
 	SHA256withRSA   = "SHA256withRSA"
 	SHA1withECDSA   = "SHA1withECDSA"
 	SHA256withECDSA = "SHA256withECDSA"
@@ -92,9 +95,17 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) {
 			return errors.Wrap(err, "failed to verify signature")
 		}
 
-		if err := verifier.VerifyGroth16(req.Data.ZKProof, cfg.VerificationKey); err != nil {
-			ape.RenderErr(w, problems.BadRequest(err)...)
-			return errors.Wrap(err, "failed to verify Groth16")
+		switch algorithms[req.Data.DocumentSOD.Algorithm] {
+		case SHA1withECDSA:
+			if err := verifier.VerifyGroth16(req.Data.ZKProof, cfg.VerificationKeys[SHA1]); err != nil {
+				ape.RenderErr(w, problems.BadRequest(err)...)
+				return errors.Wrap(err, "failed to verify Groth16")
+			}
+		case SHA256withRSA, SHA256withECDSA:
+			if err := verifier.VerifyGroth16(req.Data.ZKProof, cfg.VerificationKeys[SHA256]); err != nil {
+				ape.RenderErr(w, problems.BadRequest(err)...)
+				return errors.Wrap(err, "failed to verify Groth16")
+			}
 		}
 
 		encapsulatedContentBytes, err := hex.DecodeString(req.Data.DocumentSOD.EncapsulatedContent)
diff --git a/verification_key.json b/sha1_verification_key.json
similarity index 52%
rename from verification_key.json
rename to sha1_verification_key.json
index 8c98abc..e245fc1 100644
--- a/verification_key.json
+++ b/sha1_verification_key.json
@@ -37,12 +37,12 @@
  ],
  "vk_delta_2": [
   [
-   "16610458380053275333190574502197567245052418264572260138402575354448230137993",
-   "14893949748505478155461982104398560048027468431243737584728491323829488500232"
+   "13335603151114257085544796181936358705000717656954191293817584669435541903997",
+   "855044178118616772310849467209193664762752654954052490163498625045180193756"
   ],
   [
-   "5924736619258262745839616532891208481991406373639919255057891886925676939832",
-   "11117112699097287601531630650720827415117189869469015813861353783539026463112"
+   "6302336779246085612303849712824706487368936725589359697885301708175792844786",
+   "3784551810894943508748993329302756088278319564314930030748154195034083326587"
   ],
   [
    "1",
@@ -81,58 +81,58 @@
  ],
  "IC": [
   [
-   "10836507231560064438853199816837275287304732889292761009923935023304290243708",
-   "8313665120712763091237816419959869725041378367206177402487170875813565163614",
+   "19766712073108394055778654604653161828599986192416085027770686939657537474394",
+   "12642379111858059083801753438279635767167548213546287271697232928586495515699",
    "1"
   ],
   [
-   "1407902058092577756310408182533834941208785204451957305292062688766152927675",
-   "4421147721399081711100127633620339611795626548483784456298325292791533886280",
+   "584762057455664547744476471213046814865611820077786283125673808213893818755",
+   "2912432121204396054706954371886894328141865251111756656662249761743998496191",
    "1"
   ],
   [
-   "15784758315684965889643245596013639908676218131608583681726912770493592981154",
-   "12166252267053518952142399147291122724409535238358716418189639271800270452435",
+   "19451045650299307320044727951276477304372732815205278053357027625954057505564",
+   "7100217652478779412031569841873451007978853870973219012300086874189787375785",
    "1"
   ],
   [
-   "11731310903712808384763965987274623585388325723497518799371952595961426021167",
-   "9607844486927310308772424303801740638459245021803642616030218846068507991355",
+   "11970078222384517632961845147934946655612526886659849027950134923294732029165",
+   "6527685793983467597201811761846003066122316061526297927932748528606993248636",
    "1"
   ],
   [
-   "3386960986503219633676131028357920393103489256402865212894619646893961007653",
-   "11648392806310059907146019631961094169502579980021772790829581830295513389729",
+   "2660457081731774785128097336270231248352700431474148108139412388195283182232",
+   "10488555146741721756573736739665847987061152580772800352624573820935951088344",
    "1"
   ],
   [
-   "11029362760906877925647022083950904590052340724441639620562170560144461711644",
-   "16529680570756907191972408976095499644746614213234829514838070181620257905045",
+   "4893978980811664218839438027979908249454919893355746208690065504815606996262",
+   "19502969513500282812422680455994826923834050704271610731578081635166186993501",
    "1"
   ],
   [
-   "298791453572805870620493149871480475924416080940298958700109639679245228438",
-   "1805470270570815181291819243955591483228094307623240045439324457314127125384",
+   "18439384519127139362275927514462884403559719228548124935120397729435517213503",
+   "7048874182435608031065423155085957060967730132845918622494815786952189070741",
    "1"
   ],
   [
-   "1398747142689540014160160509503638076398389089468592130144004469635961277745",
-   "11722381688586618925236668154913224917058148828181064697351233880836205807275",
+   "11059240975576033930164464853226216820462476497935609277365762403945847356460",
+   "2881196981032565074325013910354406643711256837091689775171647854359302526073",
    "1"
   ],
   [
-   "4746356720610414442943884386010293361430656349431767640556527510875655654263",
-   "19287164454047149361243647950312956357319730022531598021708860540463065084951",
+   "18135724539352256541449998224099007381748021073153872484479250984089064579622",
+   "7992354498594564483034548722246985239588388054478138294348024661383582846574",
    "1"
   ],
   [
-   "1469302761255903712363560821074269976457680525580401786085848027507764924649",
-   "15836807378698839792657088394308004379399487622002798557006197297804582184180",
+   "5053719041764043456087341180127062799902390878534108335055115084702857369676",
+   "20142380894288460545079211888023687300985182521228248118922317151986740129783",
    "1"
   ],
   [
-   "14442433895044395414051684655359935973735334861132167041956438606647681855561",
-   "17641192594156342734185335518665254141585200018917827242341185403877600461848",
+   "13509562356188107648974321344583644995728503613402077845936593792883627805260",
+   "7794092723380352848845619773297911712349571618205916500009692182982271988232",
    "1"
   ]
  ]
diff --git a/sha256_verification_key.json b/sha256_verification_key.json
new file mode 100644
index 0000000..476b7d8
--- /dev/null
+++ b/sha256_verification_key.json
@@ -0,0 +1,139 @@
+{
+ "protocol": "groth16",
+ "curve": "bn128",
+ "nPublic": 10,
+ "vk_alpha_1": [
+  "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+  "9383485363053290200918347156157836566562967994039712273449902621266178545958",
+  "1"
+ ],
+ "vk_beta_2": [
+  [
+   "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+   "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+  ],
+  [
+   "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+   "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "vk_gamma_2": [
+  [
+   "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+   "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+  ],
+  [
+   "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+   "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "vk_delta_2": [
+  [
+   "8767943132255908659621448864311181023075456751167467131291557114128374509934",
+   "5877101292351415218299489783347327985138326881578758780380449942726943140276"
+  ],
+  [
+   "12680584410820365890672996430300519834411616530112645757178056454416163820692",
+   "19774966158762863707082168545275433613524686193433871664759865203431034905947"
+  ],
+  [
+   "1",
+   "0"
+  ]
+ ],
+ "vk_alphabeta_12": [
+  [
+   [
+    "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+    "21072700047562757817161031222997517981543347628379360635925549008442030252106"
+   ],
+   [
+    "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+    "12156638873931618554171829126792193045421052652279363021382169897324752428276"
+   ],
+   [
+    "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+    "7074218545237549455313236346927434013100842096812539264420499035217050630853"
+   ]
+  ],
+  [
+   [
+    "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+    "10093483419865920389913245021038182291233451549023025229112148274109565435465"
+   ],
+   [
+    "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+    "19831328484489333784475432780421641293929726139240675179672856274388269393268"
+   ],
+   [
+    "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+    "8037395052364110730298837004334506829870972346962140206007064471173334027475"
+   ]
+  ]
+ ],
+ "IC": [
+  [
+   "15173812305309831757708639027315020189449057594488219448543959207607673084279",
+   "4814820718200744916511464835021856303255833249952873915686759979417600552947",
+   "1"
+  ],
+  [
+   "3444252994063267366080312721417215139713916628122723523087529286045650776409",
+   "4361919222828239648312602078120666110225297919827173779067050201452455249930",
+   "1"
+  ],
+  [
+   "19300808472721615667034958542809903725324875358810540778846814364169650800414",
+   "20426091859060010655343410540159901955165826321293328056909481802779225131221",
+   "1"
+  ],
+  [
+   "8329495446876201996995806231175162591746860221198959263467553007658725162143",
+   "17508461337160224747297796306311768894282268327661620636214629260705532549624",
+   "1"
+  ],
+  [
+   "20040123241747600892666259227496013749215236854660587785663857812228012673762",
+   "5729443332333637593770762404117272066047057113326960028413991477297974183903",
+   "1"
+  ],
+  [
+   "3024259430970802219526870158524046712149294065997344281422276885118044200553",
+   "9801065014450203161439146571266682567573487164679976344521031094443632198026",
+   "1"
+  ],
+  [
+   "15667469284259607099267228672405726445698960078994075111208469718859122323637",
+   "10787447162480273994046848927763585296663244037416113612572074251856207793682",
+   "1"
+  ],
+  [
+   "9820074783160412985187460372522436631200468609751139914172627821323239779064",
+   "12972559272391447938575941241577431744095602567340658045147691923715011520072",
+   "1"
+  ],
+  [
+   "5419213375484459883306350143506463889901576856899122960678862270845991915096",
+   "9261974966733576467250263770968551812519600034135314844726635880580498504025",
+   "1"
+  ],
+  [
+   "11290445513758753115012850630733665404002511428601534527806086290324782552840",
+   "1659743188610609462703631354829204020986657725865076762217376006074675596814",
+   "1"
+  ],
+  [
+   "14821705212209839031788750598029676874964794243356605498494182067162800708956",
+   "1840975772780294955842758105215237594901536551454124194460024363325959212487",
+   "1"
+  ]
+ ]
+}
\ No newline at end of file