-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Core.calculateChecksum encodes the result as Big Endian instead of Little Endian #37
Comments
FYI @jimthematrix, @Chengxuan |
Hi @nedgar, @jimthematrix, @Chengxuan. As I mentioned in kaleido-io/kaleido-iden3-samples#14 we've changed that to match the specs. This is a breaking change that impacts the whole protocol and all the parts need to be updated (issuer, verifier, circuits, smart contracts, wallet, and sdk on different languages). We plan to release everything by the end of February. And until then I suggested to stick to the already released versions (tagged in the repositories, not master branches) and preferably using go libs, because only the verifier part of js libs (js-iden3-auth) was released during the previous release. And specifically you should not use js-iden3-core for now (even though we just tagged it and released on the npmjs.org), because it was not part of the release, and we were not implementing compatibility with the old release and started directly with implementation for the new one. |
Thanks for clarifying @OBrezhniev. One pain point with the current version of js-iden3-auth is that it doesn't re-export the |
Also, should we be using js-iden3-auth 0.1.3-intermediate (5 months ago, still marked as current) or 0.1.4 (7 months ago)? There's no tag for 0.1.4 in the repo: https://github.com/iden3/js-iden3-auth/tags |
Looks like the support for basic auth in the state resolver is only in 0.1.4, according to: So we'll use that for now unless you tell us otherwise. |
@nedgar We noticed that npm was pulling updated version of js-jwz for tagged versions of js-iden3-auth, that broke verification of jwz tokens. You can update to js-iden3-auth version 0.1.5 to fix this if you had such a problem too. |
And exported core lib in v0.1.6. |
Thanks, @OBrezhniev. Will switch to 0.1.6 until the new release is available. |
the new version is released. Core versions are synchronized. |
The spec for ID states that the checksum bytes should be encoded as Little Endian: https://docs.iden3.io/protocol/spec/#identifier-format
However, the code in Core.calculateChecksum returns the bytes as Big Endian:
https://github.com/iden3/js-iden3-auth/blob/v0.1.3-intermediate/src/core/core.ts#L39
Compare with the corresponding code in
js-iden3-core
, which reverses the bytes to encode as Little Endian:https://github.com/iden3/js-iden3-core/blame/fb25d9b0bb1cab2e32ba3a2774feec84fb38d88e/src/elemBytes.ts#L41
This means an ID created by js-iden3-core (or go-iden3-core) cannot be decoded by js-iden3-auth, and vice-versa. e.g. I hit this in the
AtomicQuerySigPubSignals
constructor when it parses the public signals with a user ID generated from go-iden3-core.There have been issues with this in the Go libraries as well, but go-iden3-core has recently been changed to use Little Endian: https://github.com/iden3/go-iden3-core/blob/master/id.go#L189 (though not in a release yet). The go-iden3-auth library uses the ID implementation from go-iden3-core. Perhaps the JS libraries could do similarly.
FYI @OBrezhniev
The text was updated successfully, but these errors were encountered: