Skip to content

Commit

Permalink
Merge pull request #10 from ZeroPass/develop
Browse files Browse the repository at this point in the history
Add SHA-384 RSA PKCS#1v1.5 & RSASSA-PSS signature verification functions && Fix bugs & Optimize
  • Loading branch information
smlu authored Dec 14, 2023
2 parents e42d326 + c245400 commit 8f5c092
Show file tree
Hide file tree
Showing 32 changed files with 56,440 additions and 12,005 deletions.
7 changes: 4 additions & 3 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ cmake_minimum_required( VERSION 3.14 )
project(
ack
LANGUAGES CXX
VERSION 0.4.0
VERSION 0.5.0
)

option( ACK_NO_INTRINSICS "Don't use intrinsics" OFF )
Expand Down Expand Up @@ -50,10 +50,11 @@ if ( ACK_BUILD_TESTS )

include (CTest)
enable_testing()
add_test( ack_tests ${CMAKE_BINARY_DIR}/tests/ack_tests )
add_test( ack_gen_tests ${CMAKE_BINARY_DIR}/tests/ack_gen_tests )
add_test( ack_rsa_tests ${CMAKE_BINARY_DIR}/tests/ack_rsa_tests )
add_test( ack_ecc_tests ${CMAKE_BINARY_DIR}/tests/ack_ecc_tests )
endif( ACK_BUILD_TESTS )


message( "No intrinsics................${ACK_NO_INTRINSICS}" )
message( "Building examples............${ACK_BUILD_EXAMPLES}" )
message( "Building tests...............${ACK_BUILD_TESTS}" )
Expand Down
14 changes: 9 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
# AntelopeIO Cryptography Kits
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
[![build](https://github.com/ZeroPass/antelope.ck/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/ZeroPass/antelope.ck/actions/workflows/build.yml)
[![tests](https://github.com/ZeroPass/antelope.ck/actions/workflows/tests.yml/badge.svg?branch=master)](https://github.com/ZeroPass/antelope.ck/actions/workflows/tests.yml)
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?style=for-the-badge)](LICENSE)
[![build](https://img.shields.io/github/actions/workflow/status/ZeroPass/ack/build.yml?branch=master&logo=github&style=for-the-badge)](https://github.com/ZeroPass/ack/actions/workflows/build.yml)
[![tests](https://img.shields.io/github/actions/workflow/status/ZeroPass/ack/tests.yml?label=Tests&branch=master&logo=github&style=for-the-badge)](https://github.com/ZeroPass/ack/actions/workflows/tests.yml)


[AntelopeIO](https://github.com/antelopeIO) Cryptography Library is a header-only library designed for use in smart contracts. The library includes implementations of ECC primitives and ECDSA verification algorithms, as well as RSA PKCS v1.5 & RSASSA-PSS signature verification algorithms, SHA-384 and Keccak hash algorithms: SHA3-256, SHA3-384, SHA3-512, SHAKE-128, and SHAKE-256.

Expand Down Expand Up @@ -39,6 +40,8 @@ The [ack/rsa.hpp](include/ack/rsa.hpp) header file defines the RSA PKCS v1.5 sig
- `assert_rsa_sha1` - fails transaction if RSA signature is not valid for the provided SHA-1 hash.
- `verify_rsa_sha256` - checks if RSA signature is valid for the provided SHA-256 hash.
- `assert_rsa_sha256` - fails transaction if RSA signature is not valid for the provided SHA-256 hash.
- `verify_rsa_sha384` - checks if RSA signature is valid for the provided SHA-384 hash.
- `assert_rsa_sha384` - fails transaction if RSA signature is not valid for the provided SHA-384 hash.
- `verify_rsa_sha512` - checks if RSA signature is valid for the provided SHA-512 hash.
- `assert_rsa_sha512` - fails transaction if RSA signature is not valid for the provided SHA-512 hash.

Expand All @@ -47,6 +50,8 @@ the RSASSA-PSS signature verification functions for *SHA-1*, *SHA-256* and *SHA-
- `assert_rsa_pss_sha1` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-1 hash.
- `verify_rsa_pss_sha256` - checks if RSASSA-PSS MGF1 signature is valid for the provided SHA-256 hash.
- `assert_rsa_pss_sha256` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-256 hash.
- `verify_rsa_pss_sha384` - checks if RSASSA-PSS MGF1 signature is valid for the provided SHA-384 hash.
- `assert_rsa_pss_sha384` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-384 hash.
- `verify_rsa_pss_sha512` - checks if RSASSA-PSS MGF1 signature is valid for the provided SHA-512 hash.
- `assert_rsa_pss_sha512` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-512 hash.

Expand Down Expand Up @@ -83,8 +88,7 @@ FIPS 180-4: [https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-P
To use antelope.ck library in your project, it is recommended to use [CMake](https://cmake.org/) and configure your project to use the external `ack` project. E.g.: using [FetchContent](https://cmake.org/cmake/help/latest/module/FetchContent.html) or copy the library folder to your project and point cmake to it with [add_subdirectory](https://cmake.org/cmake/help/latest/command/add_subdirectory.html).
If only pure WASM implementation is desired configure your CMake project with `ACK_NO_INTRINSICS=ON` option before including ack library. This will exclude specialized intrinsics such as `eosio::mod_exp` from being used by the library, and instead, a software implementation will be used.

If configured correctly, you should be able to add the antelope.ck library to your [CMake](https://cmake.org/) project using command `add_library(<your_project> ack)` and include it in your code using the header file: `#include <ack/ack.hpp>`.

If configured correctly, you should be able to add the `ack` library to your [CMake](https://cmake.org/) project using command `add_library(<your_project> ack)` and include it in your code using the header file: `#include <ack/ack.hpp>`.

**Example:**
```cpp
Expand Down
46 changes: 46 additions & 0 deletions examples/helloack/bin/helloack.abi
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,24 @@
}
]
},
{
"name": "check_rsa_pss_sha384",
"base": "",
"fields": [
{
"name": "pubkey",
"type": "rsa_pss_public_key_view"
},
{
"name": "msg",
"type": "bytes_view"
},
{
"name": "sig",
"type": "bytes_view"
}
]
},
{
"name": "check_rsa_pss_sha512",
"base": "",
Expand Down Expand Up @@ -209,6 +227,24 @@
}
]
},
{
"name": "check_rsa_sha384",
"base": "",
"fields": [
{
"name": "pubkey",
"type": "rsa_public_key_view"
},
{
"name": "msg",
"type": "bytes_view"
},
{
"name": "sig",
"type": "bytes_view"
}
]
},
{
"name": "check_rsa_sha512",
"base": "",
Expand Down Expand Up @@ -336,6 +372,11 @@
"type": "check_rsa_pss_sha256",
"ricardian_contract": ""
},
{
"name": "rsapsssha34",
"type": "check_rsa_pss_sha384",
"ricardian_contract": ""
},
{
"name": "rsapsssha512",
"type": "check_rsa_pss_sha512",
Expand All @@ -351,6 +392,11 @@
"type": "check_rsa_sha256",
"ricardian_contract": ""
},
{
"name": "rsasha34",
"type": "check_rsa_sha384",
"ricardian_contract": ""
},
{
"name": "rsasha512",
"type": "check_rsa_sha512",
Expand Down
Binary file modified examples/helloack/bin/helloack.wasm
Binary file not shown.
20 changes: 20 additions & 0 deletions examples/helloack/include/helloack.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,26 @@ struct [[eosio::contract]] helloack : public eosio::contract {
[[eosio::action("rsapsssha2"), eosio::read_only]]
void check_rsa_pss_sha256(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig);

/**
* Action verifies RSA PKCS v1.5 SHA-384 signature.
* Action fails if signature is invalid
* @param pubkey - RSA public key
* @param msg - signed message
* @param sig - RSA PKCS v1.5 SHA-384 signature
*/
[[eosio::action("rsasha34"), eosio::read_only]]
void check_rsa_sha384(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig);

/**
* Action verifies RSA PSS MGF1 SHA-384 signature.
* Action fails if signature is invalid
* @param pubkey - RSA-PSS public key
* @param msg - signed message
* @param sig - RSA-PSS MGF1 SHA-384 signature
*/
[[eosio::action("rsapsssha34"), eosio::read_only]]
void check_rsa_pss_sha384(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig);

/**
* Action verifies RSA PKCS v1.5 SHA-512 signature.
* Action fails if signature is invalid
Expand Down
41 changes: 30 additions & 11 deletions examples/helloack/src/helloack.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
#include <ack/ec.hpp>
#include <ack/ec_curve.hpp>
#include <ack/ecdsa.hpp>
#include <ack/sha.hpp>

#include <helloack.hpp>
#include <bt.hpp>
Expand Down Expand Up @@ -37,43 +38,61 @@ void helloack::check_ecdsa_secp256r1_sha256(bytes_view qx, bytes_view qy, bytes_
[[eosio::action("rsasha1"), eosio::read_only]]
void helloack::check_rsa_sha1(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_sha1_assert( pubkey, md, sig,
const auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_sha1( pubkey, md, sig,
"RSA PKCS v1.5 SHA-1 signature verification failed"
);
}

[[eosio::action("rsapsssha1"), eosio::read_only]]
void helloack::check_rsa_pss_sha1(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
const auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_pss_sha1( pubkey, md, sig,
"RSA PSS SHA-1 signature verification failed"
);
}

[[eosio::action("rsasha2")]]
[[eosio::action("rsasha2"), eosio::read_only]]
void helloack::check_rsa_sha256(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
const auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_sha256( pubkey, md, sig,
"RSA PKCS v1.5 SHA-256 signature verification failed"
);
}

[[eosio::action("rsapsssha2")]]
[[eosio::action("rsapsssha2"), eosio::read_only]]
void helloack::check_rsa_pss_sha256(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
const auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_pss_sha256( pubkey, md, sig,
"RSA PSS SHA-256 signature verification failed"
);
}

[[eosio::action("rsasha34"), eosio::read_only]]
void helloack::check_rsa_sha384(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
const auto md = sha384( msg );
assert_rsa_sha384( pubkey, md, sig,
"RSA PKCS v1.5 SHA-384 signature verification failed"
);
}

[[eosio::action("rsapsssha34"), eosio::read_only]]
void helloack::check_rsa_pss_sha384(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
const auto md = sha384( msg );
assert_rsa_pss_sha384( pubkey, md, sig,
"RSA PSS SHA-384 signature verification failed"
);
}

[[eosio::action("rsasha512"), eosio::read_only]]
void helloack::check_rsa_sha512(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
const auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_sha512( pubkey, md, sig,
"RSA PKCS v1.5 SHA-512 signature verification failed"
);
Expand All @@ -82,7 +101,7 @@ void helloack::check_rsa_sha512(rsa_public_key_view pubkey, bytes_view msg, byte
[[eosio::action("rsapsssha512"), eosio::read_only]]
void helloack::check_rsa_pss_sha512(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
{
auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
const auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
assert_rsa_pss_sha512( pubkey, md, sig,
"RSA PSS SHA-512 signature verification failed"
);
Expand All @@ -92,7 +111,7 @@ void helloack::check_rsa_pss_sha512(rsa_pss_public_key_view pubkey, bytes_view m
void helloack::bt_rsa_1024_sha1()
{
constexpr auto pubkey = rsa_public_key_view( rsa_1024_sha1::mod, rsa_1024_sha1::exp );
assert_rsa_sha1_assert( pubkey, rsa_1024_sha1::md, rsa_1024_sha1::sig,
assert_rsa_sha1( pubkey, rsa_1024_sha1::md, rsa_1024_sha1::sig,
"RSA 1024 PKCS v1.5 SHA-1 signature verification failed"
);
}
Expand All @@ -101,7 +120,7 @@ void helloack::bt_rsa_1024_sha1()
void helloack::bt_rsa_2048_sha1()
{
constexpr auto pubkey = rsa_public_key_view( rsa_2048_sha1::mod, rsa_2048_sha1::exp );
assert_rsa_sha1_assert( pubkey, rsa_2048_sha1::md, rsa_2048_sha1::sig,
assert_rsa_sha1( pubkey, rsa_2048_sha1::md, rsa_2048_sha1::sig,
"RSA 2048 PKCS v1.5 SHA-1 signature verification failed"
);
}
Expand Down
Loading

0 comments on commit 8f5c092

Please sign in to comment.