diff --git a/circuits/circuits/tests/utils/test_rsa_sha1_65537_2048.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha1_65537_2048.circom similarity index 83% rename from circuits/circuits/tests/utils/test_rsa_sha1_65537_2048.circom rename to circuits/circuits/tests/utils/rsa/test_rsa_sha1_65537_2048.circom index 270ceb9af..3e70c6017 100644 --- a/circuits/circuits/tests/utils/test_rsa_sha1_65537_2048.circom +++ b/circuits/circuits/tests/utils/rsa/test_rsa_sha1_65537_2048.circom @@ -1,6 +1,6 @@ pragma circom 2.1.9; -include "../../utils/rsa/verifyRsaPkcs1v1_5.circom"; +include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom"; template VerifyRsaPkcs1v1_5Tester() { signal input signature[32]; diff --git a/circuits/circuits/tests/utils/test_rsa_sha256_3_2048.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_3_2048.circom similarity index 83% rename from circuits/circuits/tests/utils/test_rsa_sha256_3_2048.circom rename to circuits/circuits/tests/utils/rsa/test_rsa_sha256_3_2048.circom index 39eb4f2da..25c5b607a 100644 --- a/circuits/circuits/tests/utils/test_rsa_sha256_3_2048.circom +++ b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_3_2048.circom @@ -1,6 +1,6 @@ pragma circom 2.1.9; -include "../../utils/rsa/verifyRsaPkcs1v1_5.circom"; +include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom"; template VerifyRsaPkcs1v1_5Tester() { signal input signature[32]; diff --git a/circuits/circuits/tests/utils/test_rsa_sha256_65537_2048.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_2048.circom similarity index 83% rename from circuits/circuits/tests/utils/test_rsa_sha256_65537_2048.circom rename to circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_2048.circom index 9cd727195..798cf43f4 100644 --- a/circuits/circuits/tests/utils/test_rsa_sha256_65537_2048.circom +++ b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_2048.circom @@ -1,6 +1,6 @@ pragma circom 2.1.9; -include "../../utils/rsa/verifyRsaPkcs1v1_5.circom"; +include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom"; template VerifyRsaPkcs1v1_5Tester() { signal input signature[32]; diff --git a/circuits/circuits/tests/utils/test_rsa_sha256_65537_3072.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_3072.circom similarity index 83% rename from circuits/circuits/tests/utils/test_rsa_sha256_65537_3072.circom rename to circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_3072.circom index 70d1d9be3..777be5f79 100644 --- a/circuits/circuits/tests/utils/test_rsa_sha256_65537_3072.circom +++ b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_3072.circom @@ -1,6 +1,6 @@ pragma circom 2.1.9; -include "../../utils/rsa/verifyRsaPkcs1v1_5.circom"; +include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom"; template VerifyRsaPkcs1v1_5Tester() { signal input signature[32]; diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_4096.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_4096.circom new file mode 100644 index 000000000..48d3c5c73 --- /dev/null +++ b/circuits/circuits/tests/utils/rsa/test_rsa_sha256_65537_4096.circom @@ -0,0 +1,13 @@ +pragma circom 2.1.9; + +include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom"; + +template VerifyRsaPkcs1v1_5Tester() { + signal input signature[64]; + signal input modulus[64]; + signal input message[64]; + + VerifyRsaPkcs1v1_5(10, 64, 64, 17, 256)(signature, modulus, message); +} + +component main = VerifyRsaPkcs1v1_5Tester(); \ No newline at end of file diff --git a/circuits/circuits/tests/utils/rsa/test_rsa_sha512_65537_4096.circom b/circuits/circuits/tests/utils/rsa/test_rsa_sha512_65537_4096.circom new file mode 100644 index 000000000..64d08d5e0 --- /dev/null +++ b/circuits/circuits/tests/utils/rsa/test_rsa_sha512_65537_4096.circom @@ -0,0 +1,13 @@ +pragma circom 2.1.9; + +include "../../../utils/rsa/verifyRsaPkcs1v1_5.circom"; + +template VerifyRsaPkcs1v1_5Tester() { + signal input signature[64]; + signal input modulus[64]; + signal input message[64]; + + VerifyRsaPkcs1v1_5(15, 64, 64, 17, 512)(signature, modulus, message); +} + +component main = VerifyRsaPkcs1v1_5Tester(); diff --git a/circuits/circuits/utils/passport/signatureAlgorithm.circom b/circuits/circuits/utils/passport/signatureAlgorithm.circom index 4852587c1..ff96e6036 100644 --- a/circuits/circuits/utils/passport/signatureAlgorithm.circom +++ b/circuits/circuits/utils/passport/signatureAlgorithm.circom @@ -1,5 +1,21 @@ pragma circom 2.1.9; +/* + ID to Signature Algorithm + 1: rsa_sha256_65537_2048 + 3: rsa_sha1_65537_2048 + 4: rsapss_sha256_65537_2048 + 7: ecdsa_sha1_secp256r1_256 + 8: ecdsa_sha256_secp256r1_256 + 9: ecdsa_sha384_secp384r1_384 + 10: rsa_sha256_65537_4096 + 11: rsa_sha1_65537_4096 + 12: rsapss_sha256_65537_4096 + 13: rsa_sha256_3_2048 + 14: rsa_sha256_65537_3072 + 15: rsa_sha512_65537_4096 +*/ + function getHashLength(signatureAlgorithm) { if (signatureAlgorithm == 1 ) { return 256; @@ -34,6 +50,9 @@ function getHashLength(signatureAlgorithm) { if (signatureAlgorithm == 14) { return 256; } + if (signatureAlgorithm == 15) { + return 512; + } return 0; } @@ -71,6 +90,9 @@ function getKeyLength(signatureAlgorithm) { if (signatureAlgorithm == 14) { return 3072; } + if (signatureAlgorithm == 15) { + return 4096; + } return 0; } @@ -109,6 +131,9 @@ function getKLengthFactor(signatureAlgorithm) { if (signatureAlgorithm == 14) { return 1; } + if (signatureAlgorithm == 15) { + return 1; + } return 0; } @@ -136,6 +161,9 @@ function getExponentBits(signatureAlgorithm) { if (signatureAlgorithm == 14) { return 17; } + if (signatureAlgorithm == 15) { + return 17; + } return 0; } @@ -151,6 +179,7 @@ function getPadding(signatureAlgorithm) { if ( signatureAlgorithm == 1 || signatureAlgorithm == 4 || + signatureAlgorithm == 10 || signatureAlgorithm == 13 ) { padding[0] = 217300885422736416; // 304020105000420 @@ -167,5 +196,13 @@ function getPadding(signatureAlgorithm) { padding[3] = 79228162514264337593543950335; // FFFFFFFFFFFFFFFFFFFFFFFF padding[4] = 2417851639229258349412351; // 1FFFFFFFFFFFFFFFFFFFF } + + if (signatureAlgorithm == 15) { + padding[0] = 217300894012671040; // 304020305000440 + padding[1] = 938447882527703397; // D06096086480165 + padding[2] = 18446744069417750832; // FFFFFFFF00305130 + padding[3] = 18446744073709551615; // FFFFFFFFFFFFFFFF + padding[4] = 562949953421311; // 1FFFFFFFFFFFF + } return padding; } \ No newline at end of file diff --git a/circuits/circuits/utils/rsa/verifyRsaPkcs1v1_5.circom b/circuits/circuits/utils/rsa/verifyRsaPkcs1v1_5.circom index 00248c0ac..15857070b 100644 --- a/circuits/circuits/utils/rsa/verifyRsaPkcs1v1_5.circom +++ b/circuits/circuits/utils/rsa/verifyRsaPkcs1v1_5.circom @@ -20,15 +20,15 @@ template VerifyRsaPkcs1v1_5(signatureAlgorithm, CHUNK_SIZE, CHUNK_NUMBER, E_BITS signal input message[CHUNK_NUMBER]; - // component signatureRangeCheck[CHUNK_NUMBER]; - // component bigLessThan = BigLessThan(CHUNK_SIZE, CHUNK_NUMBER); - // for (var i = 0; i < CHUNK_NUMBER; i++) { - // signatureRangeCheck[i] = Num2Bits(CHUNK_SIZE); - // signatureRangeCheck[i].in <== signature[i]; - // bigLessThan.a[i] <== signature[i]; - // bigLessThan.b[i] <== modulus[i]; - // } - // bigLessThan.out === 1; + component signatureRangeCheck[CHUNK_NUMBER]; + component bigLessThan = BigLessThan(CHUNK_SIZE, CHUNK_NUMBER); + for (var i = 0; i < CHUNK_NUMBER; i++) { + signatureRangeCheck[i] = Num2Bits(CHUNK_SIZE); + signatureRangeCheck[i].in <== signature[i]; + bigLessThan.a[i] <== signature[i]; + bigLessThan.b[i] <== modulus[i]; + } + bigLessThan.out === 1; component bigPow = PowerMod(CHUNK_SIZE, CHUNK_NUMBER, E_BITS); for (var i = 0; i < CHUNK_NUMBER; i++) { @@ -55,6 +55,17 @@ template VerifyRsaPkcs1v1_5(signatureAlgorithm, CHUNK_SIZE, CHUNK_NUMBER, E_BITS bigPow.out[i] === padding[3]; } bigPow.out[CHUNK_NUMBER - 1] === padding[4]; + } else if (signatureAlgorithm == 10) { + for (var i = 0; i < 4; i++) { + bigPow.out[i] === message[i]; + } + bigPow.out[4] === padding[0]; + bigPow.out[5] === padding[1]; + bigPow.out[6] === padding[2]; + for (var i = 7; i < CHUNK_NUMBER - 1; i++) { + bigPow.out[i] === padding[3]; + } + bigPow.out[CHUNK_NUMBER - 1] === padding[4]; } else if (signatureAlgorithm == 14) { for (var i = 0; i < 2; i++) { bigPow.out[i] === message[i]; @@ -72,6 +83,17 @@ template VerifyRsaPkcs1v1_5(signatureAlgorithm, CHUNK_SIZE, CHUNK_NUMBER, E_BITS bigPow.out[i] === padding[3]; } bigPow.out[CHUNK_NUMBER - 1] === padding[4]; + } else if (signatureAlgorithm == 15) { + for (var i = 0; i < 8; i++) { + bigPow.out[i] === message[i]; + } + bigPow.out[8] === padding[0]; + bigPow.out[9] === padding[1]; + bigPow.out[10] === padding[2]; + for (var i = 11; i < CHUNK_NUMBER - 1; i++) { + bigPow.out[i] === padding[3]; + } + bigPow.out[CHUNK_NUMBER - 1] === padding[4]; } else { for (var i = 0; i < 4; i++) { bigPow.out[i] === message[i]; diff --git a/circuits/package.json b/circuits/package.json index fcc48eb25..b8ef3d665 100644 --- a/circuits/package.json +++ b/circuits/package.json @@ -6,6 +6,7 @@ "scripts": { "test": "yarn ts-mocha --max-old-space-size=8192 'tests/**/*.test.ts' 'tests/*.test.ts' --exit", "test-prove": "yarn ts-mocha --max-old-space-size=8192 'tests/prove.test.ts' --exit", + "test-rsa": "yarn ts-mocha --max-old-space-size=8192 'tests/utils/rsaPkcs1v1_5.test.ts' --exit", "install-circuits": "cd ../common && yarn && cd ../circuits && yarn", "format": "prettier --write .", "lint": "prettier --check ." diff --git a/circuits/tests/utils/generateMockInputsInCircuits.ts b/circuits/tests/utils/generateMockInputsInCircuits.ts index 8de3444db..fe5665120 100644 --- a/circuits/tests/utils/generateMockInputsInCircuits.ts +++ b/circuits/tests/utils/generateMockInputsInCircuits.ts @@ -27,6 +27,12 @@ export const generateMockRsaPkcs1v1_5Inputs = (signatureAlgorithm: SignatureAlgo signAlgorithm = signatureAlgorithm.includes('sha1') ? 'sha1' : 'sha256'; publicExponent = 65537; break; + case 'rsa_sha256_65537_4096': + case 'rsa_sha512_65537_4096': + modulusLength = 4096; + signAlgorithm = signatureAlgorithm.includes('sha256') ? 'sha256' : 'sha512'; + publicExponent = 65537; + break; default: throw new Error(`Unsupported signature algorithm: ${signatureAlgorithm}`); } diff --git a/circuits/tests/utils/rsaPkcs1v1_5.test.ts b/circuits/tests/utils/rsaPkcs1v1_5.test.ts index 59e37f9b7..35034e084 100644 --- a/circuits/tests/utils/rsaPkcs1v1_5.test.ts +++ b/circuits/tests/utils/rsaPkcs1v1_5.test.ts @@ -12,6 +12,8 @@ describe('VerifyRsaPkcs1v1_5 Circuit Test', function () { 'rsa_sha256_65537_2048', 'rsa_sha256_3_2048', 'rsa_sha256_65537_3072', + 'rsa_sha256_65537_4096', + 'rsa_sha512_65537_4096' ]; rsaAlgorithms.forEach((algorithm) => { @@ -22,7 +24,7 @@ describe('VerifyRsaPkcs1v1_5 Circuit Test', function () { // Run circuit with inputs const circuit = await wasmTester( - path.join(__dirname, `../../circuits/tests/utils/test_${algorithm}.circom`), + path.join(__dirname, `../../circuits/tests/utils/rsa/test_${algorithm}.circom`), { include: [ 'node_modules', diff --git a/common/src/constants/constants.ts b/common/src/constants/constants.ts index efefc8d3c..d0114578d 100644 --- a/common/src/constants/constants.ts +++ b/common/src/constants/constants.ts @@ -101,7 +101,9 @@ export const circuitToSelectorMode = { export const MAX_DATAHASHES_LEN = 320; // max formatted and concatenated datagroup hashes length in bytes export const n_dsc = 64; export const n_dsc_3072 = 96; +export const n_dsc_4096 = 64; export const k_dsc = 32; +export const k_dsc_4096 = 64; export const n_csca = 120; export const k_csca = 35; export const n_dsc_ecdsa = 43; diff --git a/common/src/utils/types.ts b/common/src/utils/types.ts index e88935173..863c0ae04 100644 --- a/common/src/utils/types.ts +++ b/common/src/utils/types.ts @@ -19,7 +19,9 @@ export type SignatureAlgorithm = | 'ecdsa_sha384_secp384r1_384' | 'ecdsa_sha256_brainpoolP256r1_256' | 'rsa_sha256_3_2048' - | 'rsa_sha256_65537_3072'; + | 'rsa_sha256_65537_3072' + | 'rsa_sha256_65537_4096' + | 'rsa_sha512_65537_4096'; export type Proof = { proof: { diff --git a/common/src/utils/utils.ts b/common/src/utils/utils.ts index 71ebc95d8..1134873ad 100644 --- a/common/src/utils/utils.ts +++ b/common/src/utils/utils.ts @@ -7,7 +7,9 @@ import forge from 'node-forge'; import { n_dsc, n_dsc_3072, + n_dsc_4096, k_dsc, + k_dsc_4096, n_dsc_ecdsa, k_dsc_ecdsa, n_csca, @@ -41,6 +43,10 @@ export function getNAndK(sigAlg: SignatureAlgorithm) { return { n: n_dsc, k: k_dsc }; // 2048/32 = 64 } + if (sigAlg === 'rsa_sha256_65537_4096' || sigAlg === 'rsa_sha512_65537_4096') { + return { n: n_dsc_4096, k: k_dsc_4096 }; // 4096/32 = 128 + } + return { n: n_dsc, k: k_dsc }; // 2048/32 = 64 }