diff --git a/circuits/circuits/tests/utils/rsapss_verifier.circom b/circuits/circuits/tests/utils/rsapss_verifier.circom new file mode 100644 index 00000000..b798ac4d --- /dev/null +++ b/circuits/circuits/tests/utils/rsapss_verifier.circom @@ -0,0 +1,20 @@ +include "../../utils/RSASSAPSS_padded.circom"; + +template RSAPSSVerifier(n,k,max_bytes) { + signal input signature[k]; + signal input modulus[k]; + signal input raw_message[max_bytes]; + signal input raw_message_padded_bytes; + + component rsaDecode = RSASSAPSS_Decode(n, k); + rsaDecode.signature <== signature; + rsaDecode.modulus <== modulus; + var emLen = div_ceil(n * k, 8); + signal encodedMessage[emLen] <== rsaDecode.eM; + + component rsaVerify = RSASSAPSSVerify_SHA256(n * k, max_bytes); + rsaVerify.eM <== encodedMessage; + rsaVerify.message <== raw_message; + rsaVerify.messagePaddedLen <== raw_message_padded_bytes; +} +component main = RSAPSSVerifier(64,32, 960); \ No newline at end of file diff --git a/circuits/scripts/build_utils_circuits.sh b/circuits/scripts/build_utils_circuits.sh new file mode 100755 index 00000000..7f0bc462 --- /dev/null +++ b/circuits/scripts/build_utils_circuits.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +source "scripts/download_ptau.sh" + + echo "compiling circuit rsapss_verifier" + circom circuits/tests/utils/rsapss_verifier.circom -l node_modules -l ./node_modules/@zk-kit/binary-merkle-root.circom/src -l ./node_modules/circomlib/circuits --r1cs --O1 --wasm -c --output build diff --git a/circuits/tests/utils/rsapss_verifier.test.ts b/circuits/tests/utils/rsapss_verifier.test.ts new file mode 100644 index 00000000..7057efe2 --- /dev/null +++ b/circuits/tests/utils/rsapss_verifier.test.ts @@ -0,0 +1,72 @@ +import { expect } from 'chai'; +import { X509Certificate } from 'crypto'; +import path from 'path'; +import { getCSCAInputs, getTBSHash } from '../../../common/src/utils/csca'; +const wasm_tester = require('circom_tester').wasm; +import forge from 'node-forge'; + +import { + mock_dsc_sha256_rsapss_2048, + mock_csca_sha256_rsapss_2048, +} from '../../../common/src/constants/mockCertificates'; + +function loadCertificates(dscCertContent: string, cscaCertContent: string) { + const dscCert = new X509Certificate(dscCertContent); + const cscaCert = new X509Certificate(cscaCertContent); + const dscCert_forge = forge.pki.certificateFromPem(dscCertContent); + const cscaCert_forge = forge.pki.certificateFromPem(cscaCertContent); + + return { dscCert, cscaCert, dscCert_forge, cscaCert_forge }; +} + +describe('RSAPSS Verifier', function () { + this.timeout(0); + let circuit; + + this.beforeAll(async () => { + const circuitPath = path.resolve( + __dirname, + '../../circuits/tests/utils/rsapss_verifier.circom' + ); + circuit = await wasm_tester(circuitPath, { + include: [ + 'node_modules', + './node_modules/@zk-kit/binary-merkle-root.circom/src', + './node_modules/circomlib/circuits', + ], + }); + }); + describe('Circuit', () => { + it('should compile and load the circuit', () => { + expect(circuit).not.to.be.undefined; + }); + }); + + describe('SHA-256 certificates', async () => { + const { dscCert, cscaCert, dscCert_forge, cscaCert_forge } = loadCertificates( + mock_dsc_sha256_rsapss_2048, + mock_csca_sha256_rsapss_2048 + ); + const n = 64; + const k = 32; + + it('should verify DSC has been signed by the CSCA', () => { + const isVerified = dscCert.verify(cscaCert.publicKey); + console.log(`SHA-256 DSC certificate verification result: ${isVerified}`); + expect(isVerified).to.be.true; + }); + + it('should extract and log certificate information', async () => { + const csca_inputs = getCSCAInputs('0', dscCert_forge, cscaCert_forge, n, k, n, k, 960, true); + // const tbsCertificateHashFormatted = getTBSHash(dscCert_forge, 'sha256', n, k); + + const inputs = { + raw_message: csca_inputs.raw_dsc_cert, + raw_message_padded_bytes: csca_inputs.raw_dsc_cert_padded_bytes, + signature: csca_inputs.dsc_signature, + modulus: csca_inputs.csca_modulus, + }; + //const witness = await circuit.calculateWitness(inputs, true); + }); + }); +});