Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for SHA-256 RSA PSS signatures #9

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
+305 −41
Open

feat: add support for SHA-256 RSA PSS signatures #9

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
7f20f14
feat: support for sha256 rsa pss signatures
madztheo Sep 9, 2024
938e110
fix: issue with rsa pss and modulus size not divisible by 8
madztheo Sep 10, 2024
367b026
test: rsa pss test case for modulus size not multiple of 8
madztheo Sep 10, 2024
914549f
refactor: remove code repetition
madztheo Sep 10, 2024
813ed46
docs: add some comments for the rsa pss signature verification logic
madztheo Sep 10, 2024
04aac8b
fix: rsa pss - wrong index for masked db bit check
madztheo Sep 11, 2024
dc3c2e4
chore: rsa pss - optimizations and code simplification
madztheo Sep 11, 2024
f9918de
fix: rsa pss - calculate offset for encoded message correctly
madztheo Sep 11, 2024
7a41f2f
feat: rsa pss - increase limit to 4096 bit RSA
madztheo Sep 11, 2024
88a109a
chore: rsa pss - optimize size of arrays
madztheo Sep 11, 2024
61252d9
chore: rsa pss - further optimizations
madztheo Sep 11, 2024
d8164df
Merge remote-tracking branch 'origin/main' into rsa-pss
madztheo Sep 13, 2024
7ec6e5f
update bignum + regenerate signatures and reduction params
madztheo Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
docs: add some comments for the rsa pss signature verification logic
@madztheo
madztheo committed Sep 10, 2024
commit 813ed463c66a23899fbc086dcac646b37618a2cc
15 changes: 15 additions & 0 deletions lib/src/rsa.nr
View file
Original file line number Diff line number Diff line change
@@ -25,6 +25,9 @@ fn get_array_slice<let N: u32, let M: u32>(array: [u8; N], start: u32, end: u32)
slice
}

/**
* @brief Generate a mask from a seed using the MGF1 algorithm with SHA256 as the hash function
**/
fn mgf1_sha256<let SEED_LEN: u32, let MASK_LEN: u32>(seed: [u8; SEED_LEN]) -> [u8; MASK_LEN] {
// MASK_LEN must be less than 2^32 * HASH_LEN
dep::std::field::bn254::assert_lt(MASK_LEN as Field, 0xffffffff * HASH_LEN as Field + 1);
@@ -38,6 +41,8 @@ fn mgf1_sha256<let SEED_LEN: u32, let MASK_LEN: u32>(seed: [u8; SEED_LEN]) -> [u
let mut hashed: [u8; HASH_LEN] = [0; HASH_LEN];

for i in 0..iterations {
// Hopefully one day we can use the line below, but for now we'll go with a fixed value
// let mut block: [u8; SEED_LEN + 4] = [0; SEED_LEN + 4];
let mut block: [u8; 256] = [0; 256];

// Copy seed to block
@@ -108,13 +113,20 @@ fn compare_signature_sha256<let N: u32>(padded_sha256_hash: [u8; N], msg_hash: [
true
}
impl<BN, BNInstance, let NumBytes: u32> RSA<BN, BNInstance, NumBytes> where BN: BigNumTrait, BNInstance: BigNumInstanceTrait<BN> {
/**
* @brief Verify an RSA signature generated via the PSS signature scheme.
* @details `key_size` is the size of the RSA modulus in bits and is required to correctly decode the signature.
*
* @note We assume the public key exponent `e` is 65537
**/
pub fn verify_sha256_pss(
_: Self,
instance: BNInstance,
msg_hash: [u8; 32],
sig: BN,
key_size: u32
) -> bool {
// Exponentiate the signature assuming e = 65537
let mut exponentiated = instance.mul(sig, sig);
exponentiated = instance.mul(exponentiated, exponentiated);
exponentiated = instance.mul(exponentiated, exponentiated);
@@ -132,6 +144,9 @@ impl<BN, BNInstance, let NumBytes: u32> RSA<BN, BNInstance, NumBytes> where BN:
exponentiated = instance.mul(exponentiated, exponentiated);
exponentiated = instance.mul(exponentiated, exponentiated);
exponentiated = instance.mul(exponentiated, sig);
// Convert the exponentiated signature to a byte array and reverse it to
// get it in big endian order, which is much easier to work with for
// the rest of the verification process
let em:[u8; NumBytes] = reverse_array(exponentiated.to_le_bytes());

// The modulus size in bits minus 1