Core.calculateChecksum encodes the result as Big Endian instead of Little Endian

[nedgar]

The spec for ID states that the checksum bytes should be encoded as Little Endian: https://docs.iden3.io/protocol/spec/#identifier-format

• checksum: Addition (with overflow) of all the ID bytes Little Endian 16 bits ( [ type | genesis_state ] )

However, the code in Core.calculateChecksum returns the bytes as Big Endian:
https://github.com/iden3/js-iden3-auth/blob/v0.1.3-intermediate/src/core/core.ts#L39

Compare with the corresponding code in js-iden3-core, which reverses the bytes to encode as Little Endian:
https://github.com/iden3/js-iden3-core/blame/fb25d9b0bb1cab2e32ba3a2774feec84fb38d88e/src/elemBytes.ts#L41

This means an ID created by js-iden3-core (or go-iden3-core) cannot be decoded by js-iden3-auth, and vice-versa. e.g. I hit this in the AtomicQuerySigPubSignals constructor when it parses the public signals with a user ID generated from go-iden3-core.

There have been issues with this in the Go libraries as well, but go-iden3-core has recently been changed to use Little Endian: https://github.com/iden3/go-iden3-core/blob/master/id.go#L189 (though not in a release yet). The go-iden3-auth library uses the ID implementation from go-iden3-core. Perhaps the JS libraries could do similarly.

FYI @OBrezhniev

[nedgar]

FYI @jimthematrix, @Chengxuan

[OBrezhniev]

Hi @nedgar, @jimthematrix, @Chengxuan. As I mentioned in kaleido-io/kaleido-iden3-samples#14 we've changed that to match the specs. This is a breaking change that impacts the whole protocol and all the parts need to be updated (issuer, verifier, circuits, smart contracts, wallet, and sdk on different languages). We plan to release everything by the end of February. And until then I suggested to stick to the already released versions (tagged in the repositories, not master branches) and preferably using go libs, because only the verifier part of js libs (js-iden3-auth) was released during the previous release. And specifically you should not use js-iden3-core for now (even though we just tagged it and released on the npmjs.org), because it was not part of the release, and we were not implementing compatibility with the old release and started directly with implementation for the new one.

[nedgar]

Thanks for clarifying @OBrezhniev. One pain point with the current version of js-iden3-auth is that it doesn't re-export the core classes and helper functions, so e.g. Id isn't available to consumers. Perhaps that could be patched until the new library versions are available?

[nedgar]

Also, should we be using js-iden3-auth 0.1.3-intermediate (5 months ago, still marked as current) or 0.1.4 (7 months ago)?
https://www.npmjs.com/package/@iden3/js-iden3-auth?activeTab=versions

There's no tag for 0.1.4 in the repo: https://github.com/iden3/js-iden3-auth/tags

[nedgar]

Looks like the support for basic auth in the state resolver is only in 0.1.4, according to:
npm diff --diff='@iden3/js-iden3-auth@0.1.3-intermediate' --diff='@iden3/js-iden3-auth@0.1.4'

So we'll use that for now unless you tell us otherwise.

[OBrezhniev]

@nedgar We noticed that npm was pulling updated version of js-jwz for tagged versions of js-iden3-auth, that broke verification of jwz tokens. You can update to js-iden3-auth version 0.1.5 to fix this if you had such a problem too.

[OBrezhniev]

And exported core lib in v0.1.6.

[nedgar]

Thanks, @OBrezhniev. Will switch to 0.1.6 until the new release is available.

[vmidyllic]

the new version is released. Core versions are synchronized.