Added more dispatchers and verifiers (#46)

* Added C_RSA_SHA2_2048_122125

* Added more dispatchers

* Added verifier

* Added more dispatchers

* Added an ability to register expired certificates

* Updated CHANGELOG.md

* rm log

---------

Co-authored-by: Artem Chystiakov <artem.ch31@gmail.com>

Author: KyrylR

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [UNRELEASED]
+
+* Added an ability to register expired certificates
+* Added `C_RSA_SHA512_2048`, `C_RSA_SHA2_2048_122125`, `C_ECDSA_SECP256R1_SHA2_512`, `C_ECDSA_SECP256R1_SHA2_2048`, `C_ECDSA_BRAINPOOLP256R1_SHA2_512` dispatchers.
+* Added `Z_NOIR_PASSPORT_ID_CARD_I` verifier
+
 ## [0.4.2]
 
 * Made the `_buildPublicSignals` and `getPublicSignals` functions view. 

contracts/certificate/signers/CECDSA256Signer.sol

@@ -19,7 +19,8 @@ contract CECDSA256Signer is ICertificateSigner, Initializable {
     }
 
     enum HF {
-        sha1
+        sha1,
+        sha2
     }
 
     EC256.Curve private _secp256r1CurveParams =
@@ -66,6 +67,8 @@ contract CECDSA256Signer is ICertificateSigner, Initializable {
 
         if (hashFunction == HF.sha1) {
             hasher_ = _sha1;
+        } else if (hashFunction == HF.sha2) {
+            hasher_ = _sha2;
         }
 
         return
@@ -79,4 +82,8 @@ contract CECDSA256Signer is ICertificateSigner, Initializable {
     function _sha1(bytes memory message) internal pure returns (bytes32) {
         return bytes32(message.sha1()) >> 96;
     }
+
+    function _sha2(bytes memory message) internal pure returns (bytes32) {
+        return sha256(message);
+    }
 }

contracts/passport/verifiers2/noir/NoirRegisterIdentity_ID_Card_I.sol

@@ -104,7 +104,10 @@ contract StateKeeper is Initializable, AMultiOwnable, UUPSUpgradeable {
         bytes32 certificateKey_,
         uint256 expirationTimestamp_
     ) external virtual onlyRegistration {
-        require(expirationTimestamp_ > block.timestamp, "StateKeeper: certificate is expired");
+        require(
+            expirationTimestamp_ + 5 * 365 days > block.timestamp,
+            "StateKeeper: certificate is expired"
+        );
 
         _certificateInfos[certificateKey_].expirationTimestamp = uint64(expirationTimestamp_);
 

contracts/state/StateKeeper.sol

@@ -100,7 +100,9 @@ import {
   C_RSA_SHA2_2048,
   C_RSA_SHA2_3072,
   C_RSA_SHA2_4096,
+  C_RSA_SHA2_2048_122125,
   C_RSA_SHA2_3072_56611,
+  C_RSA_SHA512_2048,
   C_RSA_SHA512_4096,
   C_RSAPSS_SHA2_2048,
   C_RSAPSS_SHA2_3072,
@@ -112,9 +114,12 @@ import {
   C_ECDSA_SECP256R1_SHA1_256,
   C_ECDSA_SECP256R1_SHA1_384,
   C_ECDSA_SECP256R1_SHA1_512,
+  C_ECDSA_SECP256R1_SHA2_512,
+  C_ECDSA_SECP256R1_SHA2_2048,
   C_ECDSA_SECP384R1_SHA2_512,
   C_ECDSA_SECP384R1_SHA384_512,
   C_ECDSA_BRAINPOOLP256R1_SHA1_448,
+  C_ECDSA_BRAINPOOLP256R1_SHA2_512,
   C_ECDSA_BRAINPOOLP384R1_SHA2_512,
   C_ECDSA_BRAINPOOLP384R1_SHA384_512,
   C_ECDSA_BRAINPOOLP384R1_SHA384_768,
@@ -225,11 +230,16 @@ export = async (deployer: Deployer) => {
   const cRsa4096Sha2Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA2 512 65537");
   const cRsa3072Sha2Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA2 384 65537");
   const cRsa2048Sha2Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA2 256 65537");
+  const cRsa4096Sha256Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA512 256 65537");
   const cRsa4096Sha512Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA512 512 65537");
   const cRsa3072Sha2Dispatcher_56611 = await deployer.deployed(
     CRSADispatcher__factory,
     "CRSADispatcher SHA2 512 56611",
   );
+  const cRsa2048Sha2Dispatcher_122125 = await deployer.deployed(
+    CRSADispatcher__factory,
+    "CRSADispatcher SHA2 256 122125",
+  );
 
   const cRsaPss2048Sha2Dispatcher = await deployer.deployed(
     CRSADispatcher__factory,
@@ -276,6 +286,21 @@ export = async (deployer: Deployer) => {
     "CECDSADispatcher SECP256 SHA1 128",
   );
 
+  const cEcdsaSecp256r1512Sha2Dispatcher = await deployer.deployed(
+    CECDSADispatcher__factory,
+    "CECDSADispatcher SECP256 SHA2 128",
+  );
+
+  const cEcdsaSecp256r12048Sha2Dispatcher = await deployer.deployed(
+    CECDSADispatcher__factory,
+    "CECDSADispatcher SECP256 SHA2 512",
+  );
+
+  const cEcdsaBrainpoolP256r1128Sha2Dispatcher = await deployer.deployed(
+    CECDSADispatcher__factory,
+    "CECDSADispatcher brainpoolP256r1 SHA2 128",
+  );
+
   const cEcdsaBrainpoolP256r1112Sha1Dispatcher = await deployer.deployed(
     CECDSADispatcher__factory,
     "CECDSADispatcher brainpoolP256r1 SHA1 112",
@@ -564,11 +589,16 @@ export = async (deployer: Deployer) => {
   await registration.mockAddCertificateDispatcher(C_RSA_SHA2_4096, await cRsa4096Sha2Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSA_SHA2_3072, await cRsa3072Sha2Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSA_SHA2_2048, await cRsa2048Sha2Dispatcher.getAddress());
+  await registration.mockAddCertificateDispatcher(C_RSA_SHA512_2048, await cRsa4096Sha256Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSA_SHA512_4096, await cRsa4096Sha512Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(
     C_RSA_SHA2_3072_56611,
     await cRsa3072Sha2Dispatcher_56611.getAddress(),
   );
+  await registration.mockAddCertificateDispatcher(
+    C_RSA_SHA2_2048_122125,
+    await cRsa2048Sha2Dispatcher_122125.getAddress(),
+  );
 
   await registration.mockAddCertificateDispatcher(C_RSAPSS_SHA2_2048, await cRsaPss2048Sha2Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSAPSS_SHA2_4096, await cRsaPss4096Sha2Dispatcher.getAddress());
@@ -591,6 +621,18 @@ export = async (deployer: Deployer) => {
     C_ECDSA_SECP256R1_SHA1_512,
     await cEcdsaSecp256r1512Sha1Dispatcher.getAddress(),
   );
+  await registration.mockAddCertificateDispatcher(
+    C_ECDSA_SECP256R1_SHA2_512,
+    await cEcdsaSecp256r1512Sha2Dispatcher.getAddress(),
+  );
+  await registration.mockAddCertificateDispatcher(
+    C_ECDSA_SECP256R1_SHA2_2048,
+    await cEcdsaSecp256r12048Sha2Dispatcher.getAddress(),
+  );
+  await registration.mockAddCertificateDispatcher(
+    C_ECDSA_BRAINPOOLP256R1_SHA2_512,
+    await cEcdsaBrainpoolP256r1128Sha2Dispatcher.getAddress(),
+  );
   await registration.mockAddCertificateDispatcher(
     C_ECDSA_BRAINPOOLP256R1_SHA1_448,
     await cEcdsaBrainpoolP256r1112Sha1Dispatcher.getAddress(),

deploy/10_setup.migration.ts

@@ -32,8 +32,10 @@ export = async (deployer: Deployer) => {
   await deployCRSADispatcher(deployer, "SHA2", "65537", "512", "0x0282020100");
   await deployCRSADispatcher(deployer, "SHA2", "65537", "384", "0x0282018100");
   await deployCRSADispatcher(deployer, "SHA2", "65537", "256", "0x0282010100");
+  await deployCRSADispatcher(deployer, "SHA512", "65537", "256", "0x0282010100");
   await deployCRSADispatcher(deployer, "SHA512", "65537", "512", "0x0282020100");
   await deployCRSADispatcher(deployer, "SHA2", "56611", "512", "0x0282018100");
+  await deployCRSADispatcher(deployer, "SHA2", "122125", "256", "0x0282010100");
 
   await deployCRSAPSSDispatcher(deployer, "SHA2", "65537", "256", "0x0282010100");
   await deployCRSAPSSDispatcher(deployer, "SHA2", "65537", "512", "0x0282020100");
@@ -46,7 +48,10 @@ export = async (deployer: Deployer) => {
   await deployCECDSADispatcher(deployer, "SECP256", "SHA1", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "SECP256", "SHA1", "96", "0x03320004");
   await deployCECDSADispatcher(deployer, "SECP256", "SHA1", "128", "0x03420004");
+  await deployCECDSADispatcher(deployer, "SECP256", "SHA2", "128", "0x03420004");
+  await deployCECDSADispatcher(deployer, "SECP256", "SHA2", "512", "0x0282010100");
   await deployCECDSADispatcher(deployer, "brainpoolP256r1", "SHA1", "112", "0x033A0004");
+  await deployCECDSADispatcher(deployer, "brainpoolP256r1", "SHA2", "128", "0x03420004");
   await deployCECDSADispatcher(deployer, "SECP384", "SHA2", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "SECP384", "SHA384", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "brainpoolP384r1", "SHA2", "64", "0x03420004");

deploy/2_registration.migration.ts

@@ -48,17 +48,17 @@ export const deployCECDSADispatcher = async (
   deployer: Deployer,
   curve: "SECP256" | "SECP384" | "brainpoolP256r1" | "brainpoolP384r1" | "brainpoolP512r1",
   hashFunc: "SHA1" | "SHA2" | "SHA384" | "SHA512",
-  keyLength: "64" | "96" | "112" | "128",
+  keyLength: "64" | "96" | "112" | "128" | "512",
   keyPrefix: string,
 ) => {
   let signer: CECDSA384Signer | CECDSA512Signer;
 
   if (curve == "brainpoolP512r1") {
     signer = await deployECDSA512Signer(deployer, keyLength);
   } else if (curve == "SECP256") {
-    signer = await deployECDSA256Signer(deployer, curve, keyLength);
+    signer = await deployECDSA256Signer(deployer, curve, hashFunc, keyLength);
   } else if (curve == "brainpoolP256r1") {
-    signer = await deployECDSA256Signer(deployer, curve, keyLength);
+    signer = await deployECDSA256Signer(deployer, curve, hashFunc, keyLength);
   } else {
     signer = await deployECDSA384Signer(deployer, curve, hashFunc, keyLength);
   }
@@ -160,25 +160,35 @@ const deployECDSA384Signer = async (deployer: Deployer, curve: string, hashfunc:
   return signer;
 };
 
-const deployECDSA256Signer = async (deployer: Deployer, curve: string, keyLength: string) => {
+const deployECDSA256Signer = async (deployer: Deployer, curve: string, hashfunc: string, keyLength: string) => {
   try {
-    const result = await deployer.deployed(CECDSA256Signer__factory, `CESDCA256Signer ${keyLength}`);
+    const result = await deployer.deployed(
+      CECDSA256Signer__factory,
+      `CESDCA256Signer ${hashfunc} ${curve} ${keyLength}`,
+    );
     return result;
   } catch {}
 
   const signer = await deployer.deploy(CECDSA256Signer__factory, {
-    name: `CESDCA256Signer ${keyLength}`,
+    name: `CESDCA256Signer ${hashfunc} ${curve} ${keyLength}`,
   });
 
   let curv;
+  let hf;
 
   if (curve === "SECP256") {
     curv = 0;
   } else {
     curv = 1;
   }
 
-  await signer.__CECDSA256Signer_init(curv, 0 /* SHA1 */);
+  if (hashfunc === "SHA2") {
+    hf = 1;
+  } else {
+    hf = 0;
+  }
+
+  await signer.__CECDSA256Signer_init(curv, hf);
 
   return signer;
 };

deploy/helpers/dispatchers/certificate.ts

@@ -57,6 +57,7 @@ const config: HardhatUserConfig = {
     "rarimo-l2": {
       url: "https://l2.rarimo.com",
       gasMultiplier: 1.2,
+      gasPrice: 1060000,
     },
     "rarimo-l2-testnet": {
       url: "https://l2.testnet.rarimo.com",

hardhat.config.ts

@@ -7,8 +7,10 @@ export const C_RSA_SHA1_2048 = keccak256(["string"], ["C_RSA_SHA1_2048"]);
 export const C_RSA_SHA2_4096 = keccak256(["string"], ["C_RSA_4096"]);
 export const C_RSA_SHA2_3072 = keccak256(["string"], ["C_RSA_3072"]);
 export const C_RSA_SHA2_2048 = keccak256(["string"], ["C_RSA_2048"]);
+export const C_RSA_SHA512_2048 = keccak256(["string"], ["C_RSA_SHA512_2048"]);
 export const C_RSA_SHA512_4096 = keccak256(["string"], ["C_RSA_SHA512_4096"]);
 export const C_RSA_SHA2_3072_56611 = keccak256(["string"], ["C_RSA_3072_56611"]);
+export const C_RSA_SHA2_2048_122125 = keccak256(["string"], ["C_RSA_2048_122125"]);
 
 export const C_RSAPSS_SHA2_2048 = keccak256(["string"], ["C_RSAPSS_SHA2_2048"]);
 export const C_RSAPSS_SHA2_4096 = keccak256(["string"], ["C_RSAPSS_SHA2_4096"]);
@@ -21,9 +23,12 @@ export const C_RSAPSS_SHA384_2048 = keccak256(["string"], ["C_RSAPSS_SHA384_2048
 export const C_ECDSA_SECP256R1_SHA1_256 = keccak256(["string"], ["C_ECDSA_SECP256R1_SHA1_256"]);
 export const C_ECDSA_SECP256R1_SHA1_384 = keccak256(["string"], ["C_ECDSA_SECP256R1_SHA1_384"]);
 export const C_ECDSA_SECP256R1_SHA1_512 = keccak256(["string"], ["C_ECDSA_SECP256R1_SHA1_512"]);
+export const C_ECDSA_SECP256R1_SHA2_512 = keccak256(["string"], ["C_ECDSA_SECP256R1_SHA2_512"]);
+export const C_ECDSA_SECP256R1_SHA2_2048 = keccak256(["string"], ["C_ECDSA_SECP256R1_SHA2_2048"]);
 export const C_ECDSA_SECP384R1_SHA2_512 = keccak256(["string"], ["C_ECDSA_SECP384R1_SHA2_512"]);
 export const C_ECDSA_SECP384R1_SHA384_512 = keccak256(["string"], ["C_ECDSA_SECP384R1_SHA384_512"]);
 export const C_ECDSA_BRAINPOOLP256R1_SHA1_448 = keccak256(["string"], ["C_ECDSA_BRAINPOOLP256R1_SHA1_448"]);
+export const C_ECDSA_BRAINPOOLP256R1_SHA2_512 = keccak256(["string"], ["C_ECDSA_BRAINPOOLP256R1_SHA2_512"]);
 export const C_ECDSA_BRAINPOOLP384R1_SHA2_512 = keccak256(["string"], ["C_ECDSA_BRAINPOOLP384R1_SHA2_512"]);
 export const C_ECDSA_BRAINPOOLP384R1_SHA384_512 = keccak256(["string"], ["C_ECDSA_BRAINPOOLP384R1_SHA384_512"]);
 export const C_ECDSA_BRAINPOOLP384R1_SHA384_768 = keccak256(["string"], ["C_ECDSA_BRAINPOOLP384R1_SHA384_768"]);
@@ -245,3 +250,5 @@ export const Z_NOIR_PASSPORT_26_512_3_3_336_264_1_1968_2_256 = keccak256(
   ["Z_NOIR_PASSPORT_26_512_3_3_336_264_1_1968_2_256"],
 );
 export const Z_NOIR_PASSPORT_27_512_3_4_336_248_NA = keccak256(["string"], ["Z_NOIR_PASSPORT_27_512_3_4_336_248_NA"]);
+
+export const Z_NOIR_PASSPORT_ID_CARD_I = keccak256(["string"], ["Z_NOIR_PASSPORT_ID_CARD_I"]);