github/self
1
1
Fork 0
mirror of https://github.com/selfxyz/self.git synced 2026-04-05 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #308 from zk-passport/feat/rsapss-sha256-64byte-salt

Browse Source 
Tests for rsapss sha256 with 64 byte salt
This commit is contained in:
turnoffthiscomputer
2025-01-16 18:50:28 +01:00
committed by GitHub
parent 99572a8544 251ee36542
commit 44d94f68cb
8 changed files with 122 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
circuits/circuits/tests/utils/rsapss/test_rsapss_sha256_3_2048_64.circom Normal file
View File

@@ -0,0 +1,12 @@
pragma circom 2.1.9;
include "../../../utils/crypto/signature/rsapss/rsapss3.circom";
template VerifyRsaPss3Sig_tester() {
signal input modulus[35];
signal input signature[35];
signal input message[256];
VerifyRsaPss3Sig(120, 35, 64, 256, 2048)(modulus,signature,message);
}
component main = VerifyRsaPss3Sig_tester();

12
circuits/circuits/tests/utils/rsapss/test_rsapss_sha256_3_3072_64.circom Normal file
View File

@@ -0,0 +1,12 @@
pragma circom 2.1.9;
include "../../../utils/crypto/signature/rsapss/rsapss3.circom";
template VerifyRsaPss3Sig_tester() {
signal input modulus[35];
signal input signature[35];
signal input message[256];
VerifyRsaPss3Sig(120, 35, 64, 256, 3072)(modulus,signature,message);
}
component main = VerifyRsaPss3Sig_tester();

12
circuits/circuits/tests/utils/rsapss/test_rsapss_sha256_3_4096_64.circom Normal file
View File

@@ -0,0 +1,12 @@
pragma circom 2.1.9;
include "../../../utils/crypto/signature/rsapss/rsapss3.circom";
template VerifyRsaPss3Sig_tester() {
signal input modulus[35];
signal input signature[35];
signal input message[256];
VerifyRsaPss3Sig(120, 35, 64, 256, 4096)(modulus,signature,message);
}
component main = VerifyRsaPss3Sig_tester();

12
circuits/circuits/tests/utils/rsapss/test_rsapss_sha256_65537_2048_64.circom Normal file
View File

@@ -0,0 +1,12 @@
pragma circom 2.1.9;
include "../../../utils/crypto/signature/rsapss/rsapss65537.circom";
template VerifyRsaPss65537Sig_tester() {
signal input modulus[35];
signal input signature[35];
signal input message[256];
VerifyRsaPss65537Sig(120, 35, 64, 256, 2048)(modulus,signature,message);
}
component main = VerifyRsaPss65537Sig_tester();

12
circuits/circuits/tests/utils/rsapss/test_rsapss_sha256_65537_3072_64.circom Normal file
View File

@@ -0,0 +1,12 @@
pragma circom 2.1.9;
include "../../../utils/crypto/signature/rsapss/rsapss65537.circom";
template VerifyRsaPss65537Sig_tester() {
signal input modulus[35];
signal input signature[35];
signal input message[256];
VerifyRsaPss65537Sig(120, 35, 64, 256, 3072)(modulus,signature,message);
}
component main = VerifyRsaPss65537Sig_tester();

12
circuits/circuits/tests/utils/rsapss/test_rsapss_sha256_65537_4096_64.circom Normal file
View File

@@ -0,0 +1,12 @@
pragma circom 2.1.9;
include "../../../utils/crypto/signature/rsapss/rsapss65537.circom";
template VerifyRsaPss65537Sig_tester() {
signal input modulus[35];
signal input signature[35];
signal input message[256];
VerifyRsaPss65537Sig(120, 35, 64, 256, 4096)(modulus,signature,message);
}
component main = VerifyRsaPss65537Sig_tester();

50
circuits/tests/utils/generateMockInputsRsaPss.ts
View File

@@ -7,53 +7,12 @@ import {
} from '../../../common/src/utils/utils';
import { SignatureAlgorithm } from '../../../common/src/utils/types';
export const generateMockRsaPssInputs = (signatureAlgorithm: SignatureAlgorithm) => {
let saltLength: number;
export const generateMockRsaPssInputs = (
signatureAlgorithm: SignatureAlgorithm,
saltLength: number
) => {
const [sigAlg, hashAlgorithm, exponent, modulusLength] = signatureAlgorithm.split('_');
switch (signatureAlgorithm) {
case 'rsapss_sha256_65537_4096':
saltLength = 32;
break;
case 'rsapss_sha256_65537_3072':
saltLength = 32;
break;
case 'rsapss_sha256_65537_2048':
saltLength = 32;
break;
case 'rsapss_sha256_3_4096':
saltLength = 32;
break;
case 'rsapss_sha256_3_3072':
saltLength = 32;
break;
case 'rsapss_sha256_3_2048':
saltLength = 32;
break;
case 'rsapss_sha512_3_4096':
saltLength = 64;
break;
case 'rsapss_sha512_3_2048':
saltLength = 64;
break;
case 'rsapss_sha384_65537_4096':
saltLength = 48;
break;
case 'rsapss_sha384_65537_3072':
saltLength = 48;
break;
case 'rsapss_sha384_3_4096':
saltLength = 48;
break;
case 'rsapss_sha384_3_3072':
saltLength = 48;
break;
default:
throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm}`);
}
// Generate RSA key pair
const keypair = forge.pki.rsa.generateKeyPair({
bits: parseInt(modulusLength),
@@ -90,6 +49,5 @@ export const generateMockRsaPssInputs = (signatureAlgorithm: SignatureAlgorithm)
signature: splitToWords(BigInt(bytesToBigDecimal(signature)), n, k),
modulus: splitToWords(BigInt(hexToDecimal(modulus)), n, k),
message: messageBits,
saltLength: saltLength,
};
};

68
circuits/tests/utils/rsapss.test.ts
View File

@@ -7,32 +7,50 @@ import { expect } from 'chai';
describe('VerifyRsapss Circuit Test', function () {
this.timeout(0);
const rsaAlgorithms: SignatureAlgorithm[] = [
'rsapss_sha256_65537_4096',
'rsapss_sha256_65537_3072',
'rsapss_sha256_65537_2048',
'rsapss_sha256_3_4096',
'rsapss_sha256_3_3072',
'rsapss_sha256_3_2048',
'rsapss_sha512_3_4096',
'rsapss_sha512_3_2048',
'rsapss_sha384_65537_4096',
'rsapss_sha384_65537_3072',
'rsapss_sha384_3_4096',
'rsapss_sha384_3_3072',
const fullAlgorithms: { algo: SignatureAlgorithm; saltLength: number }[] = [
{ algo: 'rsapss_sha256_65537_4096', saltLength: 32 },
{ algo: 'rsapss_sha256_65537_3072', saltLength: 32 },
{ algo: 'rsapss_sha256_65537_2048', saltLength: 32 },
{ algo: 'rsapss_sha256_65537_4096', saltLength: 64 },
{ algo: 'rsapss_sha256_65537_3072', saltLength: 64 },
{ algo: 'rsapss_sha256_65537_2048', saltLength: 64 },
{ algo: 'rsapss_sha256_3_4096', saltLength: 32 },
{ algo: 'rsapss_sha256_3_3072', saltLength: 32 },
{ algo: 'rsapss_sha256_3_2048', saltLength: 32 },
{ algo: 'rsapss_sha256_3_4096', saltLength: 64 },
{ algo: 'rsapss_sha256_3_3072', saltLength: 64 },
{ algo: 'rsapss_sha256_3_2048', saltLength: 64 },
{ algo: 'rsapss_sha512_3_4096', saltLength: 64 },
{ algo: 'rsapss_sha512_3_2048', saltLength: 64 },
{ algo: 'rsapss_sha384_65537_4096', saltLength: 48 },
{ algo: 'rsapss_sha384_65537_3072', saltLength: 48 },
{ algo: 'rsapss_sha384_3_4096', saltLength: 48 },
{ algo: 'rsapss_sha384_3_3072', saltLength: 48 },
];
rsaAlgorithms.forEach((algorithm) => {
it(`should verify RSA-PSS signature using the circuit for ${algorithm}`, async function () {
const sigAlgs: { algo: SignatureAlgorithm; saltLength: number }[] = [
{ algo: 'rsapss_sha256_65537_4096', saltLength: 32 },
{ algo: 'rsapss_sha256_3_3072', saltLength: 64 },
{ algo: 'rsapss_sha512_3_2048', saltLength: 64 },
{ algo: 'rsapss_sha384_65537_3072', saltLength: 48 },
];
const testSuite = process.env.FULL_TEST_SUITE === 'true' ? fullAlgorithms : sigAlgs;
testSuite.forEach((algorithm) => {
it(`should verify RSA-PSS signature using the circuit for ${algorithm.algo}_${algorithm.saltLength}`, async function () {
this.timeout(0);
// Generate inputs using the utility function
const { signature, modulus, message, saltLength } = generateMockRsaPssInputs(algorithm);
const { signature, modulus, message } = generateMockRsaPssInputs(
algorithm.algo,
algorithm.saltLength
);
// Run circuit with inputs
const circuit = await wasmTester(
path.join(
__dirname,
`../../circuits/tests/utils/rsapss/test_${algorithm}_${saltLength}.circom`
`../../circuits/tests/utils/rsapss/test_${algorithm.algo}_${algorithm.saltLength}.circom`
),
{
include: ['node_modules', './node_modules/@zk-kit/binary-merkle-root.circom/src'],
@@ -40,7 +58,7 @@ describe('VerifyRsapss Circuit Test', function () {
);
// Log the inputs for debugging
console.log(`Testing algorithm: ${algorithm}`);
console.log(`Testing algorithm: ${algorithm.algo} with salt length: ${algorithm.saltLength}`);
const witness = await circuit.calculateWitness({
signature,
@@ -53,13 +71,16 @@ describe('VerifyRsapss Circuit Test', function () {
});
it('Should fail to verify RSA-PSS signature with invalid signature', async function () {
const { signature, modulus, message, saltLength } = generateMockRsaPssInputs(algorithm);
const { signature, modulus, message } = generateMockRsaPssInputs(
algorithm.algo,
algorithm.saltLength
);
const invalidSignature = signature.map((byte: string) => String((parseInt(byte) + 1) % 256));
const circuit = await wasmTester(
path.join(
__dirname,
`../../circuits/tests/utils/rsapss/test_${algorithm}_${saltLength}.circom`
`../../circuits/tests/utils/rsapss/test_${algorithm.algo}_${algorithm.saltLength}.circom`
),
{
include: ['node_modules', './node_modules/@zk-kit/binary-merkle-root.circom/src'],
@@ -78,13 +99,16 @@ describe('VerifyRsapss Circuit Test', function () {
});
it('Should fail to verify RSA-PSS signature with invalid message', async function () {
const { signature, modulus, message, saltLength } = generateMockRsaPssInputs(algorithm);
const { signature, modulus, message } = generateMockRsaPssInputs(
algorithm.algo,
algorithm.saltLength
);
const invalidMessage = message.map((byte: number) => String((byte + 1) % 256));
const circuit = await wasmTester(
path.join(
__dirname,
`../../circuits/tests/utils/rsapss/test_${algorithm}_${saltLength}.circom`
`../../circuits/tests/utils/rsapss/test_${algorithm.algo}_${algorithm.saltLength}.circom`
),
{
include: ['node_modules', './node_modules/@zk-kit/binary-merkle-root.circom/src'],