Merge pull request #10 from ZeroPass/develop

Add SHA-384 RSA PKCS#1v1.5 & RSASSA-PSS signature verification functions && Fix bugs & Optimize

CMakeLists.txt

@@ -2,7 +2,7 @@ cmake_minimum_required( VERSION 3.14 )
 project(
   ack
   LANGUAGES CXX
-  VERSION 0.4.0
+  VERSION 0.5.0
 )
 
 option( ACK_NO_INTRINSICS     "Don't use intrinsics"      OFF )
@@ -50,10 +50,11 @@ if ( ACK_BUILD_TESTS )
 
   include (CTest)
   enable_testing()
-  add_test( ack_tests ${CMAKE_BINARY_DIR}/tests/ack_tests )
+  add_test( ack_gen_tests ${CMAKE_BINARY_DIR}/tests/ack_gen_tests )
+  add_test( ack_rsa_tests ${CMAKE_BINARY_DIR}/tests/ack_rsa_tests )
+  add_test( ack_ecc_tests ${CMAKE_BINARY_DIR}/tests/ack_ecc_tests )
 endif( ACK_BUILD_TESTS )
 
-
 message( "No intrinsics................${ACK_NO_INTRINSICS}"    )
 message( "Building examples............${ACK_BUILD_EXAMPLES}"   )
 message( "Building tests...............${ACK_BUILD_TESTS}"      )

README.md

@@ -1,7 +1,8 @@
 # AntelopeIO Cryptography Kits
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)
-[![build](https://github.com/ZeroPass/antelope.ck/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/ZeroPass/antelope.ck/actions/workflows/build.yml)
-[![tests](https://github.com/ZeroPass/antelope.ck/actions/workflows/tests.yml/badge.svg?branch=master)](https://github.com/ZeroPass/antelope.ck/actions/workflows/tests.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?style=for-the-badge)](LICENSE)
+[![build](https://img.shields.io/github/actions/workflow/status/ZeroPass/ack/build.yml?branch=master&logo=github&style=for-the-badge)](https://github.com/ZeroPass/ack/actions/workflows/build.yml)
+[![tests](https://img.shields.io/github/actions/workflow/status/ZeroPass/ack/tests.yml?label=Tests&branch=master&logo=github&style=for-the-badge)](https://github.com/ZeroPass/ack/actions/workflows/tests.yml)
+
 
 [AntelopeIO](https://github.com/antelopeIO) Cryptography Library is a header-only library designed for use in smart contracts. The library includes implementations of ECC primitives and ECDSA verification algorithms, as well as RSA PKCS v1.5 & RSASSA-PSS signature verification algorithms, SHA-384 and Keccak hash algorithms: SHA3-256, SHA3-384, SHA3-512, SHAKE-128, and SHAKE-256.
 
@@ -39,6 +40,8 @@ The [ack/rsa.hpp](include/ack/rsa.hpp) header file defines the RSA PKCS v1.5 sig
 - `assert_rsa_sha1` - fails transaction if RSA signature is not valid for the provided SHA-1 hash.
 - `verify_rsa_sha256` - checks if RSA signature is valid for the provided SHA-256 hash.
 - `assert_rsa_sha256` - fails transaction if RSA signature is not valid for the provided SHA-256 hash.
+- `verify_rsa_sha384` - checks if RSA signature is valid for the provided SHA-384 hash.
+- `assert_rsa_sha384` - fails transaction if RSA signature is not valid for the provided SHA-384 hash.
 - `verify_rsa_sha512` - checks if RSA signature is valid for the provided SHA-512 hash.
 - `assert_rsa_sha512` - fails transaction if RSA signature is not valid for the provided SHA-512 hash.
 
@@ -47,6 +50,8 @@ the RSASSA-PSS signature verification functions for *SHA-1*, *SHA-256* and *SHA-
 - `assert_rsa_pss_sha1` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-1 hash.
 - `verify_rsa_pss_sha256` - checks if RSASSA-PSS MGF1 signature is valid for the provided SHA-256 hash.
 - `assert_rsa_pss_sha256` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-256 hash.
+- `verify_rsa_pss_sha384` - checks if RSASSA-PSS MGF1 signature is valid for the provided SHA-384 hash.
+- `assert_rsa_pss_sha384` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-384 hash.
 - `verify_rsa_pss_sha512` - checks if RSASSA-PSS MGF1 signature is valid for the provided SHA-512 hash.
 - `assert_rsa_pss_sha512` - fails transaction if RSASSA-PSS MGF1 signature is not valid for the provided SHA-512 hash.
 
@@ -83,8 +88,7 @@ FIPS 180-4: [https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-P
 To use antelope.ck library in your project, it is recommended to use  [CMake](https://cmake.org/) and configure your project to use the external `ack` project. E.g.: using [FetchContent](https://cmake.org/cmake/help/latest/module/FetchContent.html) or copy the library folder to your project and point cmake to it with [add_subdirectory](https://cmake.org/cmake/help/latest/command/add_subdirectory.html).
 If only pure WASM implementation is desired configure your CMake project with `ACK_NO_INTRINSICS=ON` option before including ack library. This will exclude specialized intrinsics such as `eosio::mod_exp` from being used by the library, and instead, a software implementation will be used.
 
-If configured correctly, you should be able to add the antelope.ck library to your [CMake](https://cmake.org/) project using command `add_library(<your_project> ack)` and include it in your code using the header file: `#include <ack/ack.hpp>`.  
-
+If configured correctly, you should be able to add the `ack` library to your [CMake](https://cmake.org/) project using command `add_library(<your_project> ack)` and include it in your code using the header file: `#include <ack/ack.hpp>`.  
 
 **Example:**
 ```cpp

examples/helloack/bin/helloack.abi

@@ -155,6 +155,24 @@
                 }
             ]
         },
+        {
+            "name": "check_rsa_pss_sha384",
+            "base": "",
+            "fields": [
+                {
+                    "name": "pubkey",
+                    "type": "rsa_pss_public_key_view"
+                },
+                {
+                    "name": "msg",
+                    "type": "bytes_view"
+                },
+                {
+                    "name": "sig",
+                    "type": "bytes_view"
+                }
+            ]
+        },
         {
             "name": "check_rsa_pss_sha512",
             "base": "",
@@ -209,6 +227,24 @@
                 }
             ]
         },
+        {
+            "name": "check_rsa_sha384",
+            "base": "",
+            "fields": [
+                {
+                    "name": "pubkey",
+                    "type": "rsa_public_key_view"
+                },
+                {
+                    "name": "msg",
+                    "type": "bytes_view"
+                },
+                {
+                    "name": "sig",
+                    "type": "bytes_view"
+                }
+            ]
+        },
         {
             "name": "check_rsa_sha512",
             "base": "",
@@ -336,6 +372,11 @@
             "type": "check_rsa_pss_sha256",
             "ricardian_contract": ""
         },
+        {
+            "name": "rsapsssha34",
+            "type": "check_rsa_pss_sha384",
+            "ricardian_contract": ""
+        },
         {
             "name": "rsapsssha512",
             "type": "check_rsa_pss_sha512",
@@ -351,6 +392,11 @@
             "type": "check_rsa_sha256",
             "ricardian_contract": ""
         },
+        {
+            "name": "rsasha34",
+            "type": "check_rsa_sha384",
+            "ricardian_contract": ""
+        },
         {
             "name": "rsasha512",
             "type": "check_rsa_sha512",

examples/helloack/include/helloack.hpp

@@ -70,6 +70,26 @@ struct [[eosio::contract]] helloack : public eosio::contract {
     [[eosio::action("rsapsssha2"), eosio::read_only]]
     void check_rsa_pss_sha256(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig);
 
+     /**
+     * Action verifies RSA PKCS v1.5 SHA-384 signature.
+     * Action fails if signature is invalid
+     * @param pubkey - RSA public key
+     * @param msg    - signed message
+     * @param sig    - RSA PKCS v1.5 SHA-384 signature
+    */
+    [[eosio::action("rsasha34"), eosio::read_only]]
+    void check_rsa_sha384(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig);
+
+    /**
+     * Action verifies RSA PSS MGF1 SHA-384 signature.
+     * Action fails if signature is invalid
+     * @param pubkey - RSA-PSS public key
+     * @param msg    - signed message
+     * @param sig    - RSA-PSS MGF1 SHA-384 signature
+    */
+    [[eosio::action("rsapsssha34"), eosio::read_only]]
+    void check_rsa_pss_sha384(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig);
+
     /**
      * Action verifies RSA PKCS v1.5 SHA-512 signature.
      * Action fails if signature is invalid

examples/helloack/src/helloack.cpp

@@ -5,6 +5,7 @@
 #include <ack/ec.hpp>
 #include <ack/ec_curve.hpp>
 #include <ack/ecdsa.hpp>
+#include <ack/sha.hpp>
 
 #include <helloack.hpp>
 #include <bt.hpp>
@@ -37,43 +38,61 @@ void helloack::check_ecdsa_secp256r1_sha256(bytes_view qx, bytes_view qy, bytes_
 [[eosio::action("rsasha1"), eosio::read_only]]
 void helloack::check_rsa_sha1(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
 {
-    auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
-    assert_rsa_sha1_assert( pubkey, md, sig,
+    const auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
+    assert_rsa_sha1( pubkey, md, sig,
         "RSA PKCS v1.5 SHA-1 signature verification failed"
     );
 }
 
 [[eosio::action("rsapsssha1"), eosio::read_only]]
 void helloack::check_rsa_pss_sha1(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
 {
-    auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
+    const auto md = eosio::sha1( reinterpret_cast<const char*>( msg.data() ), msg.size() );
     assert_rsa_pss_sha1( pubkey, md, sig,
         "RSA PSS SHA-1 signature verification failed"
     );
 }
 
-[[eosio::action("rsasha2")]]
+[[eosio::action("rsasha2"), eosio::read_only]]
 void helloack::check_rsa_sha256(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
 {
-    auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
+    const auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
     assert_rsa_sha256( pubkey, md, sig,
         "RSA PKCS v1.5 SHA-256 signature verification failed"
     );
 }
 
-[[eosio::action("rsapsssha2")]]
+[[eosio::action("rsapsssha2"), eosio::read_only]]
 void helloack::check_rsa_pss_sha256(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
 {
-    auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
+    const auto md = eosio::sha256( reinterpret_cast<const char*>( msg.data() ), msg.size() );
     assert_rsa_pss_sha256( pubkey, md, sig,
         "RSA PSS SHA-256 signature verification failed"
     );
 }
 
+[[eosio::action("rsasha34"), eosio::read_only]]
+void helloack::check_rsa_sha384(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
+{
+    const auto md = sha384( msg );
+    assert_rsa_sha384( pubkey, md, sig,
+        "RSA PKCS v1.5 SHA-384 signature verification failed"
+    );
+}
+
+[[eosio::action("rsapsssha34"), eosio::read_only]]
+void helloack::check_rsa_pss_sha384(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
+{
+    const auto md = sha384( msg );
+    assert_rsa_pss_sha384( pubkey, md, sig,
+        "RSA PSS SHA-384 signature verification failed"
+    );
+}
+
 [[eosio::action("rsasha512"), eosio::read_only]]
 void helloack::check_rsa_sha512(rsa_public_key_view pubkey, bytes_view msg, bytes_view sig)
 {
-    auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
+    const auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
     assert_rsa_sha512( pubkey, md, sig,
         "RSA PKCS v1.5 SHA-512 signature verification failed"
     );
@@ -82,7 +101,7 @@ void helloack::check_rsa_sha512(rsa_public_key_view pubkey, bytes_view msg, byte
 [[eosio::action("rsapsssha512"), eosio::read_only]]
 void helloack::check_rsa_pss_sha512(rsa_pss_public_key_view pubkey, bytes_view msg, bytes_view sig)
 {
-    auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
+    const auto md = eosio::sha512( reinterpret_cast<const char*>( msg.data() ), msg.size() );
     assert_rsa_pss_sha512( pubkey, md, sig,
         "RSA PSS SHA-512 signature verification failed"
     );
@@ -92,7 +111,7 @@ void helloack::check_rsa_pss_sha512(rsa_pss_public_key_view pubkey, bytes_view m
 void helloack::bt_rsa_1024_sha1()
 {
     constexpr auto pubkey = rsa_public_key_view( rsa_1024_sha1::mod, rsa_1024_sha1::exp );
-    assert_rsa_sha1_assert( pubkey, rsa_1024_sha1::md, rsa_1024_sha1::sig,
+    assert_rsa_sha1( pubkey, rsa_1024_sha1::md, rsa_1024_sha1::sig,
         "RSA 1024 PKCS v1.5 SHA-1 signature verification failed"
     );
 }
@@ -101,7 +120,7 @@ void helloack::bt_rsa_1024_sha1()
 void helloack::bt_rsa_2048_sha1()
 {
     constexpr auto pubkey = rsa_public_key_view( rsa_2048_sha1::mod, rsa_2048_sha1::exp );
-    assert_rsa_sha1_assert( pubkey, rsa_2048_sha1::md, rsa_2048_sha1::sig,
+    assert_rsa_sha1( pubkey, rsa_2048_sha1::md, rsa_2048_sha1::sig,
         "RSA 2048 PKCS v1.5 SHA-1 signature verification failed"
     );
 }