Add Certificate Dispatchers (ecdsa384, rsasha512, rsa 3072, ecdsa256) (#30)

* add ecdsa384

* add rsasha512

* add rsa 3072

* add ecdsa256

* fix test

* update changelog

Author: Arvolear

CHANGELOG.md

@@ -1,7 +1,19 @@
 # Changelog
 
+## [0.1.6]
+
+* Added new algorithms:
+    1. **Certificate dispatchers**
+
+    ```solidity
+    C_RSA_SHA2_3072 = keccak256("C_RSA_3072");
+    C_RSA_SHA512_4096 = keccak256("C_RSA_SHA512_4096");
+    C_ECDSA_SECP256R1_SHA1_256 = keccak256("C_ECDSA_SECP256R1_SHA1_256");
+    ```
+
 ## [0.1.5]
 
+
 * Upgraded `StateKeeper` and `Registration2` to be Ownable + TSS. Ownable changes do not require Merkle Proof checks.
 * Added new algorithms:
     1. **Certificate dispatchers**
@@ -12,7 +24,6 @@
     ```
 
     2. **Passport verifiers**
-    
 
     ```solidity
     Z_PER_PASSPORT_2_256_3_6_336_264_1_2448_3_256 = keccak256("Z_PER_PASSPORT_2_256_3_6_336_264_1_2448_3_256");

contracts/certificate/signers/CECDSA256Signer.sol

@@ -0,0 +1,70 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.21;
+
+import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+
+import {ECDSA256} from "@solarity/solidity-lib/libs/crypto/ECDSA256.sol";
+
+import {ICertificateSigner} from "../../interfaces/signers/ICertificateSigner.sol";
+
+import {SHA1} from "../../utils/SHA1.sol";
+
+contract CECDSA256Signer is ICertificateSigner, Initializable {
+    using ECDSA256 for *;
+    using SHA1 for *;
+
+    enum Curve {
+        secp256r1
+    }
+
+    enum HF {
+        sha1
+    }
+
+    ECDSA256.Parameters private _secp256r1CurveParams =
+        ECDSA256.Parameters({
+            a: 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC,
+            b: 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B,
+            gx: 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296,
+            gy: 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5,
+            p: 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF,
+            n: 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551,
+            lowSmax: 0x7fffffff800000007fffffffffffffffde737d56d38bcf4279dce5617e3192a8
+        });
+
+    Curve public curve;
+    HF public hashFunction;
+
+    function __CECDSA256Signer_init(Curve curve_, HF hashFunction_) external initializer {
+        curve = curve_;
+        hashFunction = hashFunction_;
+    }
+
+    function verifyICAOSignature(
+        bytes memory x509SignedAttributes_,
+        bytes memory icaoMemberSignature_,
+        bytes memory icaoMemberKey_
+    ) external view returns (bool) {
+        ECDSA256.Parameters memory curveParams_;
+        function(bytes memory) internal view returns (bytes32) hasher_;
+
+        if (curve == Curve.secp256r1) {
+            curveParams_ = _secp256r1CurveParams;
+        }
+
+        if (hashFunction == HF.sha1) {
+            hasher_ = _sha1;
+        }
+
+        return
+            curveParams_.verify(
+                hasher_(x509SignedAttributes_),
+                icaoMemberSignature_,
+                icaoMemberKey_
+            );
+    }
+
+    function _sha1(bytes memory message) internal pure returns (bytes32) {
+        return bytes32(message.sha1()) >> 96;
+    }
+}

contracts/certificate/signers/CECDSA384Signer.sol

@@ -13,6 +13,16 @@ contract CECDSA384Signer is ICertificateSigner, Initializable {
     using ECDSA384 for *;
     using SHA384 for *;
 
+    enum Curve {
+        secp384r1,
+        brainpoolP384r1
+    }
+
+    enum HF {
+        sha256,
+        sha384
+    }
+
     ECDSA384.Parameters internal _secp384r1CurveParams =
         ECDSA384.Parameters({
             a: hex"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc",
@@ -35,12 +45,12 @@ contract CECDSA384Signer is ICertificateSigner, Initializable {
             lowSmax: hex"465c8f41519c369407aeb7bf287320ef8a97b884f6aa2b598f8b3736560212d3e79d5b57b5bfe1881dc41901748232b2"
         });
 
-    bool public isSecp;
-    bool public isSha2;
+    Curve public curve;
+    HF public hashFunction;
 
-    function __CECDSA384Signer_init(bool isSecp_, bool isSha2_) external initializer {
-        isSecp = isSecp_;
-        isSha2 = isSha2_;
+    function __CECDSA384Signer_init(Curve curve_, HF hashFunction_) external initializer {
+        curve = curve_;
+        hashFunction = hashFunction_;
     }
 
     function verifyICAOSignature(
@@ -51,15 +61,15 @@ contract CECDSA384Signer is ICertificateSigner, Initializable {
         ECDSA384.Parameters memory curveParams_;
         function(bytes memory) internal view returns (bytes memory) hasher_;
 
-        if (isSecp) {
+        if (curve == Curve.secp384r1) {
             curveParams_ = _secp384r1CurveParams;
-        } else {
+        } else if (curve == Curve.brainpoolP384r1) {
             curveParams_ = _brainpoolP384r1CurveParams;
         }
 
-        if (isSha2) {
+        if (hashFunction == HF.sha256) {
             hasher_ = _sha2;
-        } else {
+        } else if (hashFunction == HF.sha384) {
             hasher_ = SHA384.sha384;
         }
 

contracts/certificate/signers/CRSAPSSSigner.sol

@@ -12,12 +12,17 @@ import {SHA512} from "../../utils/SHA512.sol";
 contract CRSAPSSSigner is ICertificateSigner, Initializable {
     using RSASSAPSS for *;
 
+    enum HF {
+        sha256,
+        sha512
+    }
+
     uint256 public exponent; // RSAPSS exponent
-    bool public isSha2; // hash function switcher, true - sha2, false - sha512
+    HF public hashFunction; // hash function switcher
 
-    function __CRSAPSSSigner_init(uint256 exponent_, bool isSha2_) external initializer {
+    function __CRSAPSSSigner_init(uint256 exponent_, HF hashFunction_) external initializer {
         exponent = exponent_;
-        isSha2 = isSha2_;
+        hashFunction = hashFunction_;
     }
 
     /**
@@ -30,9 +35,9 @@ contract CRSAPSSSigner is ICertificateSigner, Initializable {
     ) external view override returns (bool) {
         RSASSAPSS.Parameters memory params_;
 
-        if (isSha2) {
+        if (hashFunction == HF.sha256) {
             params_ = RSASSAPSS.Parameters({hashLength: 32, saltLength: 32, hasher: _sha2});
-        } else {
+        } else if (hashFunction == HF.sha512) {
             params_ = RSASSAPSS.Parameters({
                 hashLength: 64,
                 saltLength: 64,

contracts/certificate/signers/CRSASigner.sol

@@ -7,22 +7,31 @@ import {ICertificateSigner} from "../../interfaces/signers/ICertificateSigner.so
 
 import {RSA} from "../../utils/RSA.sol";
 import {SHA1} from "../../utils/SHA1.sol";
+import {SHA512} from "../../utils/SHA512.sol";
 
 contract CRSASigner is ICertificateSigner, Initializable {
     using RSA for bytes;
     using SHA1 for bytes;
+    using SHA512 for bytes;
+
+    enum HF {
+        sha1,
+        sha256,
+        sha512
+    }
 
     uint256 public exponent; // RSA exponent
-    bool public isSha1; // hash function switcher, true - sha1, false - sha2
+    HF public hashFunction; // hash function switcher
 
-    function __CRSASigner_init(uint256 exponent_, bool isSha1_) external initializer {
+    function __CRSASigner_init(uint256 exponent_, HF hashFunction_) external initializer {
         exponent = exponent_;
-        isSha1 = isSha1_;
+        hashFunction = hashFunction_;
     }
 
     /**
      * @notice Verifies ICAO member RSA signature of the X509 certificate SA.
      *
+     * The last 64 bytes of the decrypted signature is a SHA512 hash of the certificate signed attributes
      * The last 32 bytes of the decrypted signature is a SHA256 hash of the certificate signed attributes
      * The last 20 bytes of the decrypted signature is a SHA1 hash of the certificate signed attributes
      */
@@ -31,22 +40,40 @@ contract CRSASigner is ICertificateSigner, Initializable {
         bytes memory icaoMemberSignature_,
         bytes memory icaoMemberKey_
     ) external view override returns (bool) {
-        bytes memory x509SAHash = isSha1
-            ? abi.encodePacked(x509SignedAttributes_.sha1())
-            : abi.encodePacked(sha256(x509SignedAttributes_));
-
         bytes memory decrypted_ = icaoMemberSignature_.decrypt(
             abi.encodePacked(exponent),
             icaoMemberKey_
         );
 
+        bytes32 x509SAHash;
         bytes32 decryptedX509SAHash_;
-        uint256 offset_ = isSha1 ? 12 : 0; // offset for sha1 or sha2
 
-        assembly {
-            decryptedX509SAHash_ := mload(add(add(decrypted_, mload(decrypted_)), offset_)) // load the last 32 or 20 bytes (depends on hash function)
+        if (hashFunction == HF.sha1) {
+            x509SAHash = x509SignedAttributes_.sha1();
+
+            assembly {
+                decryptedX509SAHash_ := shl(
+                    96,
+                    shr(96, mload(add(add(decrypted_, mload(decrypted_)), 12)))
+                ) // load last 20 bytes
+            }
+        } else if (hashFunction == HF.sha256) {
+            x509SAHash = sha256(x509SignedAttributes_);
+
+            assembly {
+                decryptedX509SAHash_ := mload(add(decrypted_, mload(decrypted_))) // load last 32 bytes
+            }
+        } else if (hashFunction == HF.sha512) {
+            x509SAHash = keccak256(x509SignedAttributes_.sha512());
+
+            assembly {
+                mstore(0, mload(sub(add(decrypted_, mload(decrypted_)), 32))) // load prelast 32 bytes
+                mstore(32, mload(add(decrypted_, mload(decrypted_)))) // load last 32 bytes
+
+                decryptedX509SAHash_ := keccak256(0, 64) // calculate a hash for quick comparison
+            }
         }
 
-        return bytes32(x509SAHash) == decryptedX509SAHash_;
+        return x509SAHash == decryptedX509SAHash_;
     }
 }

deploy/10_setup.migration.ts

@@ -59,17 +59,21 @@ import {
 
 import {
   C_RSA_SHA1_2048,
-  C_RSA_SHA2_2048,
   C_RSA_SHA1_4096,
+  C_RSA_SHA2_2048,
+  C_RSA_SHA2_3072,
   C_RSA_SHA2_4096,
+  C_RSA_SHA512_4096,
   C_RSAPSS_SHA2_2048,
   C_RSAPSS_SHA2_4096,
   C_RSAPSS_SHA512_2048,
   C_RSAPSS_SHA512_4096,
+  C_ECDSA_SECP256R1_SHA1_256,
   C_ECDSA_SECP384R1_SHA2_512,
   C_ECDSA_SECP384R1_SHA384_512,
   C_ECDSA_BRAINPOOLP384R1_SHA2_512,
   C_ECDSA_BRAINPOOLP384R1_SHA384_512,
+  C_ECDSA_BRAINPOOLP384R1_SHA384_768,
   C_ECDSA_BRAINPOOLP512R1_SHA512_1024,
   P_ECDSA_SHA1_2704,
   P_NO_AA,
@@ -138,7 +142,9 @@ export = async (deployer: Deployer) => {
   const cRsa4096Sha1Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA1 512");
   const cRsa2048Sha1Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA1 256");
   const cRsa4096Sha2Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA2 512");
+  const cRsa3072Sha2Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA2 384");
   const cRsa2048Sha2Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA2 256");
+  const cRsa4096Sha512Dispatcher = await deployer.deployed(CRSADispatcher__factory, "CRSADispatcher SHA512 512");
 
   const cRsaPss2048Sha2Dispatcher = await deployer.deployed(
     CRSADispatcher__factory,
@@ -157,6 +163,11 @@ export = async (deployer: Deployer) => {
     "CRSAPSSDispatcher SHA512 65537 512",
   );
 
+  const cEcdsaSecp256r1256Sha1Dispatcher = await deployer.deployed(
+    CECDSADispatcher__factory,
+    "CECDSADispatcher SECP256 SHA1 64",
+  );
+
   const cEcdsaSecp384r1512Sha2Dispatcher = await deployer.deployed(
     CECDSADispatcher__factory,
     "CECDSADispatcher SECP384 SHA2 64",
@@ -173,6 +184,10 @@ export = async (deployer: Deployer) => {
     CECDSADispatcher__factory,
     "CECDSADispatcher brainpoolP384r1 SHA384 64",
   );
+  const cEcdsaBrainpoolP384r1768Sha384Dispatcher = await deployer.deployed(
+    CECDSADispatcher__factory,
+    "CECDSADispatcher brainpoolP384r1 SHA384 96",
+  );
   const cEcdsaBrainpoolP512r11024Sha512Dispatcher = await deployer.deployed(
     CECDSADispatcher__factory,
     "CECDSADispatcher brainpoolP512r1 SHA512 128",
@@ -321,13 +336,19 @@ export = async (deployer: Deployer) => {
   await registration.mockAddCertificateDispatcher(C_RSA_SHA1_4096, await cRsa4096Sha1Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSA_SHA1_2048, await cRsa2048Sha1Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSA_SHA2_4096, await cRsa4096Sha2Dispatcher.getAddress());
+  await registration.mockAddCertificateDispatcher(C_RSA_SHA2_3072, await cRsa3072Sha2Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSA_SHA2_2048, await cRsa2048Sha2Dispatcher.getAddress());
+  await registration.mockAddCertificateDispatcher(C_RSA_SHA512_4096, await cRsa4096Sha512Dispatcher.getAddress());
 
   await registration.mockAddCertificateDispatcher(C_RSAPSS_SHA2_2048, await cRsaPss2048Sha2Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSAPSS_SHA2_4096, await cRsaPss4096Sha2Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSAPSS_SHA512_2048, await cRsaPss2048Sha512Dispatcher.getAddress());
   await registration.mockAddCertificateDispatcher(C_RSAPSS_SHA512_4096, await cRsaPss4096Sha512Dispatcher.getAddress());
 
+  await registration.mockAddCertificateDispatcher(
+    C_ECDSA_SECP256R1_SHA1_256,
+    await cEcdsaSecp256r1256Sha1Dispatcher.getAddress(),
+  );
   await registration.mockAddCertificateDispatcher(
     C_ECDSA_SECP384R1_SHA2_512,
     await cEcdsaSecp384r1512Sha2Dispatcher.getAddress(),
@@ -344,6 +365,10 @@ export = async (deployer: Deployer) => {
     C_ECDSA_BRAINPOOLP384R1_SHA384_512,
     await cEcdsaBrainpoolP384r1512Sha384Dispatcher.getAddress(),
   );
+  await registration.mockAddCertificateDispatcher(
+    C_ECDSA_BRAINPOOLP384R1_SHA384_768,
+    await cEcdsaBrainpoolP384r1768Sha384Dispatcher.getAddress(),
+  );
   await registration.mockAddCertificateDispatcher(
     C_ECDSA_BRAINPOOLP512R1_SHA512_1024,
     await cEcdsaBrainpoolP512r11024Sha512Dispatcher.getAddress(),

deploy/2_registration.migration.ts

@@ -30,17 +30,21 @@ export = async (deployer: Deployer) => {
   await deployCRSADispatcher(deployer, "SHA1", "65537", "512", "0x0282020100");
   await deployCRSADispatcher(deployer, "SHA1", "65537", "256", "0x0282010100");
   await deployCRSADispatcher(deployer, "SHA2", "65537", "512", "0x0282020100");
+  await deployCRSADispatcher(deployer, "SHA2", "65537", "384", "0x0282018100");
   await deployCRSADispatcher(deployer, "SHA2", "65537", "256", "0x0282010100");
+  await deployCRSADispatcher(deployer, "SHA512", "65537", "512", "0x0282020100");
 
   await deployCRSAPSSDispatcher(deployer, "SHA2", "65537", "256", "0x0282010100");
   await deployCRSAPSSDispatcher(deployer, "SHA2", "65537", "512", "0x0282020100");
   await deployCRSAPSSDispatcher(deployer, "SHA512", "65537", "256", "0x0282010100");
   await deployCRSAPSSDispatcher(deployer, "SHA512", "65537", "512", "0x0282020100");
 
+  await deployCECDSADispatcher(deployer, "SECP256", "SHA1", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "SECP384", "SHA2", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "SECP384", "SHA384", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "brainpoolP384r1", "SHA2", "64", "0x03420004");
   await deployCECDSADispatcher(deployer, "brainpoolP384r1", "SHA384", "64", "0x03420004");
+  await deployCECDSADispatcher(deployer, "brainpoolP384r1", "SHA384", "96", "0x03620004");
   await deployCECDSADispatcher(deployer, "brainpoolP512r1", "SHA512", "128", "0x0381820004");
 
   await deployPRSASHA2688Dispatcher(deployer, "65537", "SHA1");