Android facematch: intermediate TBS limit 500 bytes too small for some devices (Samsung A15 = 633 bytes)

[TheWhiteWater]

Bug Description

The Android facematch circuit hardcodes ECDSA intermediate certificate TBS size to [u8; 500], but some Android devices have Key Attestation intermediate certificates with TBS sections exceeding this limit.

Observed on: Samsung Galaxy A15 — intermediate TBS length = 633 bytes

Error

CircuitError: FAILED_TO_GET_DISCLOSURE_CIRCUITS
error_details: intermediate tbs length 633 exceeds max 500
circuit_name: disclosure_circuit

The error occurs after base subproofs complete successfully. The app cannot proceed to disclosure proof generation because the facematch circuit inputs cannot be prepared — the intermediate cert is too large.

Root Cause

src/ts/scripts/circuit-builder.ts, line 485:

intermediate_${index + 1}_tbs: [u8; ${signature_algorithm === "rsa" ? 1000 : 500}],

RSA intermediates get 1000 bytes, but ECDSA intermediates are limited to 500. Google's Key Attestation chain on some devices produces intermediate certificates with TBS sections > 500 bytes.

Affected Circuits

All generated facematch_android_* circuits with ECDSA intermediate certs (ik_ecdsa_* variants), plus the iOS facematch circuit (facematch/ios/*/src/main.nr line 31: intermediate_tbs: [u8; 500]).

Suggested Fix

Increase ECDSA intermediate TBS limit to 700 (matching the smallest sig-check/dsc TBS tier):

intermediate_${index + 1}_tbs: [u8; ${signature_algorithm === "rsa" ? 1000 : 700}],

Environment

• Device: Samsung Galaxy A15 (Android)
• Passport: New Zealand (NZL)
• Circuit manifest version: 0.16.0
• Network: Sepolia testnet
• NZ CSCA is present in certificate registry (5 certs)
• Base subproofs (sig_check_dsc, data_check_integrity) succeed
• Failure point: facematch circuit input preparation

Impact

NZ passport holders on affected Android devices cannot complete verification. The passport_support: 1 flag in document-support-rules.json marks NZ as supported, but verification fails at proof generation.

[madztheo]

Thanks for your detailed report! You are right, some TBS started to go above 500 bytes. This wasn't the case before, but since the rollout of the new Google ECDSA root key, intermediate certificates above that 500-byte limit started to get issued. Increasing to 700 bytes should fix it, assuming no certificates go above that.

This is purely related to FaceMatch and is independent of the type of passport. The limit is chosen as a matter of performance and memory consumption. The more it is increased, the more likely it is to consume more memory and perform not as great on low-end devices.

As for iOS, the certificate chain and root key have much less variability since it's a closed operating system with a limited set of devices. So, not sure whether the change will be needed there.

A fix to this will be included in the next update.