changed max_lwt_len to max_cred_len (#99)

* changed max_lwt_len to max_cred_len * Addressed doc FIXME
microsoft · Feb 22, 2025 · 0b6e20a · 0b6e20a
1 parent 82dfdd0
commit 0b6e20a
Showing 5 changed files with 32 additions and 33 deletions.
diff --git a/circuit_setup/inputs/mdl1/config.json b/circuit_setup/inputs/mdl1/config.json
@@ -1,5 +1,5 @@
 {
     "credtype": "mdl",
     "alg": "ES256",
-    "max_jwt_len": 1152
+    "max_cred_len": 1152
 }
diff --git a/circuit_setup/scripts/crescent_helper.py b/circuit_setup/scripts/crescent_helper.py
@@ -14,7 +14,7 @@
 CIRCOM_RS256_LIMB_BITS = 121
 CIRCOM_ES256K_LIMB_BITS = 64 
 CIRCOM_ES256_LIMB_BITS = 43     # Required by the ecdsa-p256 circuit we use
-CRESCENT_CONFIG_KEYS = ['alg', 'credtype', 'reveal_all_claims', 'defer_sig_ver', 'max_jwt_len']     # fields in config.json that are for crescent configuration and do not refer to claims in the token
+CRESCENT_CONFIG_KEYS = ['alg', 'credtype', 'reveal_all_claims', 'defer_sig_ver', 'max_cred_len']     # fields in config.json that are for crescent configuration and do not refer to claims in the token
 CRESCENT_SUPPORTED_ALGS = ['RS256', 'ES256', 'ES256K']     # Signature algorithms used to sign JWT/mDL
 
 
@@ -191,17 +191,17 @@ def check_config(config):
     if 'credtype' not in config:
         config['credtype'] = 'jwt'
 
-    if 'max_jwt_len' not in config:
-        config['max_jwt_len'] = 2048  # Maximum length of JWT, excluding the
+    if 'max_cred_len' not in config:
+        config['max_cred_len'] = 2048  # Maximum length of JWT, excluding the
                                       # signature part.  The length in bytes of the header 
                                       # and payload, base64url encoded. Must be a multiple of 64.
     else:
-        if type(config['max_jwt_len']) != int:
-            print_debug("Error: config field 'max_jwt_len' must be an integer")
+        if type(config['max_cred_len']) != int:
+            print_debug("Error: config field 'max_cred_len' must be an integer")
             return False
-        max_jwt_len = config['max_jwt_len']
-        if max_jwt_len % 64 != 0:
-            print_debug("Error: 'max_jwt_len' must be a multiple of 64. Found {}, try {}".format(max_jwt_len, (64 - (max_jwt_len % 64)) + max_jwt_len ))
+        max_cred_len = config['max_cred_len']
+        if max_cred_len % 64 != 0:
+            print_debug("Error: 'max_cred_len' must be a multiple of 64. Found {}, try {}".format(max_cred_len, (64 - (max_cred_len % 64)) + max_cred_len ))
             return False
 
     # Additional checks

diff --git a/circuit_setup/scripts/prepare_mdl_prover.py b/circuit_setup/scripts/prepare_mdl_prover.py
@@ -3,7 +3,6 @@
 
 #!/usr/bin/python3
 
-import python_jwt as jwt, jwcrypto.jwk as jwk
 from jwcrypto.common import base64url_encode
 import sys, os
 import json
@@ -162,7 +161,7 @@ def ymd_to_timestamp(ymd, is_bytes=False, has_time=False):
 
 def ymd_to_daystamp(ymd, is_bytes=False, has_time=False):
     # Compute the number of days between Jan 1, year 0000 and input "YYYY-MM-DD"
-    # The implementation of the Date class' toordinal() fucntion is here: 
+    # The implementation of the Date class' toordinal() function is here: 
     # https://github.com/python/cpython/blob/54b5e4da8a4c6ae527ab238fcd6b9ba0a3ed0fc7/Lib/datetime.py#L63
     (year, month, day) = ymd.split("-")
     year = int(year)
@@ -211,12 +210,12 @@ def ymd_to_daystamp(ymd, is_bytes=False, has_time=False):
 msg_len_after_SHA2_padding = len(padded_m)
 print_debug("msg_len_after_SHA2_padding: {}".format(msg_len_after_SHA2_padding))
 
-if msg_len_after_SHA2_padding > config['max_jwt_len']:
-    print_debug("Error: JWT too large.  Current token JSON header + payload is {} bytes ({} bytes after SHA256 padding), but maximum length supported is {} bytes.".format(len(tbs_data), msg_len_after_SHA2_padding, base64_decoded_size(config['max_jwt_len'])))
-    print_debug("The config file value `max_jwt_len` would have to be increased to {} bytes (currently config['max_jwt_len'] = {})".format(len(tbs_data)+64, config['max_jwt_len']))
+if msg_len_after_SHA2_padding > config['max_cred_len']:
+    print_debug("Error: mDL too large.  Current mDL header + payload is {} bytes ({} bytes after SHA256 padding), but maximum length supported is {} bytes.".format(len(tbs_data), msg_len_after_SHA2_padding, base64_decoded_size(config['max_cred_len'])))
+    print_debug("The config file value `max_cred_len` would have to be increased to {} bytes (currently config['max_cred_len'] = {})".format(len(tbs_data)+64, config['max_cred_len']))
     sys.exit(-1)
 
-while (len(padded_m) < config['max_jwt_len']):    # Additional zero padding for Circom program
+while (len(padded_m) < config['max_cred_len']):    # Additional zero padding for Circom program
     padded_m = padded_m + [0]
 
 sha256hash = hashlib.sha256(bytes(tbs_data))
@@ -269,7 +268,7 @@ def ymd_to_daystamp(ymd, is_bytes=False, has_time=False):
     exit(-1)
 
 if config['alg'] == 'ES256':
-    # See https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3.1 for ECDSA encoding details in JWTs, the signature is R||S
+    # See https://www.rfc-editor.org/rfc/rfc7515#appendix-A.3.1 for ECDSA encoding details, the signature is R||S
     # this code assumes |R|==|S|
     siglen = len(signature_bytes)
     assert(siglen % 2  == 0)

diff --git a/circuit_setup/scripts/prepare_setup.py b/circuit_setup/scripts/prepare_setup.py
@@ -216,7 +216,7 @@ def prepare_circom(config, circom_output_file):
         main_input = "{ public [" + ", ".join(public_inputs) + " ] }"
         f.write('''
 component main {main_input} = Main({max_msg_len}, {max_json_len}, {max_field_byte_len}, {limb_size}, {n_limbs});
-'''.format(main_input = main_input, max_msg_len = config['max_jwt_len'], max_json_len = base64_decoded_size(config['max_jwt_len']), max_field_byte_len = MAX_FIELD_BYTE_LEN, limb_size=limb_size, n_limbs=n_limbs))
+'''.format(main_input = main_input, max_msg_len = config['max_cred_len'], max_json_len = base64_decoded_size(config['max_cred_len']), max_field_byte_len = MAX_FIELD_BYTE_LEN, limb_size=limb_size, n_limbs=n_limbs))
 
 
     print_debug("Claims:", claims)

diff --git a/creds/src/prep_inputs.rs b/creds/src/prep_inputs.rs
@@ -19,7 +19,7 @@ use crate::utils::string_to_byte_vec;
 use crate::ProofSpec;
 use crate::ProofSpecInternal;
 
-// If not set in config.json, the max_jwt_len is set to this value. 
+// If not set in config.json, the max_cred_len is set to this value. 
 const DEFAULT_MAX_TOKEN_LENGTH : usize = 2048;
 const CIRCOM_RS256_LIMB_BITS : usize = 121;
 const CIRCOM_ES256_LIMB_BITS : usize = 43;  // Limb size required by ecdsa-p256 circuit
@@ -36,7 +36,7 @@ lazy_static! {
         let mut set = HashSet::new();
         set.insert("alg");
         set.insert("credtype");
-        set.insert("max_jwt_len");
+        set.insert("max_cred_len");
         set
     };
 }
@@ -127,19 +127,19 @@ Result<(JsonMap, JsonMap, JsonMap), Box<dyn Error>>
 
     let msg_len_after_sha2_padding = padded_m.len() as u64;
 
-    if msg_len_after_sha2_padding > config["max_jwt_len"].as_u64().unwrap() {
-        let errmsg = format!("Error: JWT too large.  Current token JSON header + payload is {} bytes ({} bytes after SHA256 padding), but maximum length supported is {} bytes.\nThe config file value `max_jwt_len` would have to be increased to {} bytes (currently config['max_jwt_len'] = {})", 
+    if msg_len_after_sha2_padding > config["max_cred_len"].as_u64().unwrap() {
+        let errmsg = format!("Error: JWT too large.  Current token JSON header + payload is {} bytes ({} bytes after SHA256 padding), but maximum length supported is {} bytes.\nThe config file value `max_cred_len` would have to be increased to {} bytes (currently config['max_cred_len'] = {})", 
         header_utf8.len() + payload_utf8.len(), 
         msg_len_after_sha2_padding, 
-        base64_decoded_size(config["max_jwt_len"].as_u64().unwrap()), 
-        header_utf8.len() + payload_utf8.len() + 64, config["max_jwt_len"].as_u64().unwrap()
+        base64_decoded_size(config["max_cred_len"].as_u64().unwrap()), 
+        header_utf8.len() + payload_utf8.len() + 64, config["max_cred_len"].as_u64().unwrap()
         );
 
         return_error!(errmsg);
     }
 
     // Add additional zero padding for Circom
-    while padded_m.len() < config["max_jwt_len"].as_u64().unwrap() as usize {
+    while padded_m.len() < config["max_cred_len"].as_u64().unwrap() as usize {
         padded_m.push(0);
     }
 
@@ -517,18 +517,18 @@ pub fn parse_config(config_str: &str) -> Result<serde_json::Map<String, Value>,
     }
 
     // Set defaults
-    if !config.contains_key("max_jwt_len") {
-        config.insert("max_jwt_len".to_string(), json!(DEFAULT_MAX_TOKEN_LENGTH));
+    if !config.contains_key("max_cred_len") {
+        config.insert("max_cred_len".to_string(), json!(DEFAULT_MAX_TOKEN_LENGTH));
     }
     else {
-        if !config["max_jwt_len"].is_u64() {
-            return_error!("max_jwt_len must have integer type");
+        if !config["max_cred_len"].is_u64() {
+            return_error!("max_cred_len must have integer type");
         }
-        let max_jwt_len = config["max_jwt_len"].as_u64().ok_or("Invalid value for max_jwt_len")?;
-        if max_jwt_len % 64 != 0 {
-            let round = (64 - (max_jwt_len % 64)) + max_jwt_len;
-            config["max_jwt_len"] = json!(round);
-            println!("Warning: max_jwt_len not a multiple of 64. Rounded from {} to {}", max_jwt_len, round);
+        let max_cred_len = config["max_cred_len"].as_u64().ok_or("Invalid value for max_cred_len")?;
+        if max_cred_len % 64 != 0 {
+            let round = (64 - (max_cred_len % 64)) + max_cred_len;
+            config["max_cred_len"] = json!(round);
+            println!("Warning: max_cred_len not a multiple of 64. Rounded from {} to {}", max_cred_len, round);
         }
     }