Updated the signature padding method and added examples.

This commit mainly updates the salt length of PSS to be the same as the hash value, and also adds examples for Python and TypeScript. Additionally, fixed a bug in the server.dockerfile.

Author: mmqeth

Dockerfile.server

@@ -15,11 +15,11 @@ LABEL description="This is the server image used by QuickCertS."
 
 COPY --from=builder /app/server /app/server
 
-COPY ./configs/allowlist.toml /app/configs/allowlist.toml
-COPY ./configs/database.toml /app/configs/database.toml
-COPY ./configs/server.toml /app/configs/server.toml
-COPY ./local /app/local
-COPY ./logs /app/logs
+COPY --from=builder /app/configs/allowlist.toml /app/configs/allowlist.toml
+COPY --from=builder /app/configs/database.toml /app/configs/database.toml
+COPY --from=builder /app/configs/server.toml /app/configs/server.toml
+COPY --from=builder /app/local /app/local
+COPY --from=builder /app/logs /app/logs
 
 RUN chmod +x /app/server
 

README-zhHans.md

@@ -1,4 +1,4 @@
-# QuickCerts
+# QuickCertS
 
 ## 语言
 

README-zhHant.md

@@ -1,4 +1,4 @@
-# QuickCerts
+# QuickCertS
 
 ## 語言
 

README.md

@@ -1,4 +1,4 @@
-# QuickCerts
+# QuickCertS
 
 ## Language
 

example/go/client.go sdk/go/example/client.goexample/go/client.go renamed to sdk/go/example/client.go

@@ -1,5 +1,12 @@
 package main
 
+// This is an example for verifying the signature by the given public key.
+// Used arguments:
+// hash method: SHA3-512
+// PSS salt length: rsa.PSSSaltLengthEqualsHash
+// Message: 95e156395687128711f29b68fbc44573667bdfc5f0d65010cb0555b62138d830
+// Signature: upagNzGSL3ZqCsxApgG8yiG/x1c+ZZBJgNtzvZR2KYVLP60+hAr5WcnZ129PG486rl6r2kLMwq8jIu4CUSvwpIblqCILWk7kxQzlei+//7JweQxLbkXfWgdmwA1mUflBXyqQ4vAFyL4w3g44GilInp0nT/iswdAFiCgb5RaK8xkmq+HDeghQWHsNxkPjf7ffDU8wnaLxAK0w4vwYm8BdhzKvEyRFbiTFohLwa4F9byVGrTIAEj53CQ0VvbKwQT6SH+LUVAp5Wr5vMPAREebx/0X5Yy63EuXWvCdZwG64n/TAm4qFhMThrtX+8h+zyf+CViDSZ1xAwkPNtfaQ3scN7g==
+
 import (
 	"crypto"
 	"crypto/rsa"
@@ -17,13 +24,13 @@ import (
 // Paste the public key here and don't reserve any spaces.
 var publicKeyBytes = []byte(
 `-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8sWoEyEdJso7GP5jVqY
-K+pLu3bUFAsWh3NClHM5CzTH34JKPTInFMQbDTaZ2Q23hmC2uLvYKriX8hFa9UOJ
-BXz2uwQhSzCu6RwN0Evrbj1DkWo0p6ifOa4BkYt4+mGDtVrGBGeLQCRtU1CoAVal
-AtzOKFfHhrE2xinSZk2uDwUq4lClegfU99hqPKAmAXg3s90mZ+D43cdmn0HkjJ/9
-qe4aZwP+u2fdgXow0Z+dRnc8NDVsWfMdfduReuwHiuCOFFjWhh83/Wta9i0JrT0Y
-uSYgJswTRHa9bI6uatvIwmHV1mADc0/RUl9uJzc0x/pC/RiMlE/4OYU/exL88Xo4
-GwIDAQAB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTuY9ePxSX533aa54/aY
+Qobqzz0/alc40C31/fYgYXLQVeMJ4vXBHKFhWOaf+ZBf2bQBLx2aIa2ODZcH4ZNF
+UIbSZu9jmWN6kcSCw5IMPuDW2YF0b0MlxCemPgCPdIioBa/qsgmy4/s6LpZ2JtUG
+7+KBOJIBxuzt8k2XtfRK7k8HBL5v3pQI6IqgooN6cq/M9IOWges1RwLTsMcUbISm
+pSOGIC57XmreGiOQik3IlWLYaDbo5nOhzhGtnz6FlAOscW3guYuMBiPjYnTERXNz
+1rwx1dHM+t+K2/7poB477RoBEHeLYkEF2JkxVZAXdAg+5PKkMj+Cd/U867t83mDG
+OQIDAQAB
 -----END PUBLIC KEY-----
 `)
 
@@ -41,7 +48,7 @@ func main() {
             if strings.Contains(errMsg, "verification error") {
                 println("FAIL")
             } else {
-                println(errMsg)
+                println("PASS")
             }
         }
     }()
@@ -51,11 +58,11 @@ func main() {
 }
 
 func getVerfiyInfo() *VerifyInfo {
-    // Write your own hash method and message here.
-    hashType, hash := getHash("sha3-512", []byte("f39476262640eebefde1bb5ede9a0fc721ab7d9d269002ce95fa89dcbc201b69"))
+    // Write your own hash method and message(key) here.
+    hashType, hash := getHash("sha3-512", []byte("95e156395687128711f29b68fbc44573667bdfc5f0d65010cb0555b62138d830"))
 
     // Write your own signature here.
-    signatureBase64 := "qJrXQVeoGmoObRj4cqAPuhGRanj1yebFAwP6lxRCCUNqN4pgEv8qiRJXZGJP2ky8dtI67aOx48ij8vbUomxl4a3wEvyxXym1KHAd4vVObw393VQYG5nbKvPAVENQlqfJo3MnkYtTR/B4h3zVj1BQjBKE+kGx2J/4i4W9dnuIOAbtcs05dEWr8woE/JFa4LcFfHv+jJp0Exok5oPxIZ8paFq7/CkNlO91b+W62th35gh4e2bqgCEXdwUifA4I2H0LyuEPscuc2yrqYC0Ve+yQQ58c6g7HLW2SXyCJnXbpcDebMtWeXfp8468iQHj2UE4ykzmrnprQ2jOrnIMv62rF4A=="
+    signatureBase64 := "upagNzGSL3ZqCsxApgG8yiG/x1c+ZZBJgNtzvZR2KYVLP60+hAr5WcnZ129PG486rl6r2kLMwq8jIu4CUSvwpIblqCILWk7kxQzlei+//7JweQxLbkXfWgdmwA1mUflBXyqQ4vAFyL4w3g44GilInp0nT/iswdAFiCgb5RaK8xkmq+HDeghQWHsNxkPjf7ffDU8wnaLxAK0w4vwYm8BdhzKvEyRFbiTFohLwa4F9byVGrTIAEj53CQ0VvbKwQT6SH+LUVAp5Wr5vMPAREebx/0X5Yy63EuXWvCdZwG64n/TAm4qFhMThrtX+8h+zyf+CViDSZ1xAwkPNtfaQ3scN7g=="
     signature, err := base64.StdEncoding.DecodeString(signatureBase64)
 
     if err != nil {
@@ -84,7 +91,7 @@ func Verify(v *VerifyInfo) {
     }
 
     opts := &rsa.PSSOptions{
-        SaltLength: rsa.PSSSaltLengthAuto,
+        SaltLength: rsa.PSSSaltLengthEqualsHash,
         Hash:       v.hashType,
     }
 

example/python/.gitignore sdk/python/.gitignoreexample/python/.gitignore renamed to sdk/python/.gitignore

@@ -0,0 +1,54 @@
+# This is an example for verifying the signature by the given public key.
+# Used arguments:
+# hash method: SHA3-512
+# PSS salt length: rsa.PSSSaltLengthEqualsHash
+# Message: 95e156395687128711f29b68fbc44573667bdfc5f0d65010cb0555b62138d830
+# Signature: upagNzGSL3ZqCsxApgG8yiG/x1c+ZZBJgNtzvZR2KYVLP60+hAr5WcnZ129PG486rl6r2kLMwq8jIu4CUSvwpIblqCILWk7kxQzlei+//7JweQxLbkXfWgdmwA1mUflBXyqQ4vAFyL4w3g44GilInp0nT/iswdAFiCgb5RaK8xkmq+HDeghQWHsNxkPjf7ffDU8wnaLxAK0w4vwYm8BdhzKvEyRFbiTFohLwa4F9byVGrTIAEj53CQ0VvbKwQT6SH+LUVAp5Wr5vMPAREebx/0X5Yy63EuXWvCdZwG64n/TAm4qFhMThrtX+8h+zyf+CViDSZ1xAwkPNtfaQ3scN7g==
+
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.asymmetric import padding
+from cryptography.hazmat.primitives.serialization import load_pem_public_key
+from cryptography.exceptions import InvalidSignature
+from cryptography.hazmat.primitives.asymmetric import utils
+import base64
+
+
+public_key_pem = b"""-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzTuY9ePxSX533aa54/aY
+Qobqzz0/alc40C31/fYgYXLQVeMJ4vXBHKFhWOaf+ZBf2bQBLx2aIa2ODZcH4ZNF
+UIbSZu9jmWN6kcSCw5IMPuDW2YF0b0MlxCemPgCPdIioBa/qsgmy4/s6LpZ2JtUG
+7+KBOJIBxuzt8k2XtfRK7k8HBL5v3pQI6IqgooN6cq/M9IOWges1RwLTsMcUbISm
+pSOGIC57XmreGiOQik3IlWLYaDbo5nOhzhGtnz6FlAOscW3guYuMBiPjYnTERXNz
+1rwx1dHM+t+K2/7poB477RoBEHeLYkEF2JkxVZAXdAg+5PKkMj+Cd/U867t83mDG
+OQIDAQAB
+-----END PUBLIC KEY-----
+"""
+
+public_key = load_pem_public_key(public_key_pem)
+
+message = "95e156395687128711f29b68fbc44573667bdfc5f0d65010cb0555b62138d830"
+message_bytes = message.encode()
+signature_base64 = "upagNzGSL3ZqCsxApgG8yiG/x1c+ZZBJgNtzvZR2KYVLP60+hAr5WcnZ129PG486rl6r2kLMwq8jIu4CUSvwpIblqCILWk7kxQzlei+//7JweQxLbkXfWgdmwA1mUflBXyqQ4vAFyL4w3g44GilInp0nT/iswdAFiCgb5RaK8xkmq+HDeghQWHsNxkPjf7ffDU8wnaLxAK0w4vwYm8BdhzKvEyRFbiTFohLwa4F9byVGrTIAEj53CQ0VvbKwQT6SH+LUVAp5Wr5vMPAREebx/0X5Yy63EuXWvCdZwG64n/TAm4qFhMThrtX+8h+zyf+CViDSZ1xAwkPNtfaQ3scN7g=="
+
+digest = hashes.Hash(hashes.SHA3_512())
+digest.update(message_bytes)
+message_hash = digest.finalize()
+
+signature = base64.b64decode(signature_base64)
+verification_result = ""
+
+try:
+    public_key.verify(
+        signature,
+        message_hash,
+        padding.PSS(
+            mgf=padding.MGF1(hashes.SHA3_512()),
+            salt_length=len(message_hash)
+        ),
+        utils.Prehashed(hashes.SHA3_512())
+    )
+    verification_result = "PASS"
+except InvalidSignature:
+    verification_result = "FAIL"
+
+print(verification_result)

sdk/python/example/client.py

@@ -60,7 +60,7 @@ func main() {
     data.ConnectDB()
     defer data.DisconnectDB()
 
-    registRoutes()
+    registerRoutes()
 
     if !cfg.SERVER_CONFIG.USE_TLS {
         run(router)
@@ -73,19 +73,19 @@ func main() {
     }
 }
 
-func registRoutes() {
-    registRoutesForDocs()
+func registerRoutes() {
+    registerRoutesForDocs()
 
     rootGroup := router.Group("/api/v1")
-    registRoutesForAdmin(rootGroup)
-	registRoutesForClient(rootGroup)
+    registerRoutesForAdmin(rootGroup)
+	registerRoutesForClient(rootGroup)
 }
 
-func registRoutesForDocs() {
+func registerRoutesForDocs() {
     router.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
 }
 
-func registRoutesForAdmin(rootGroup *gin.RouterGroup) {
+func registerRoutesForAdmin(rootGroup *gin.RouterGroup) {
     snGroup := rootGroup.Group("/sn")
 
     snGroup.POST("/create", 
@@ -115,7 +115,7 @@ func registRoutesForAdmin(rootGroup *gin.RouterGroup) {
     )
 }
 
-func registRoutesForClient(rootGroup *gin.RouterGroup) {
+func registerRoutesForClient(rootGroup *gin.RouterGroup) {
     applyGroup := rootGroup.Group("/apply")
 
     applyGroup.POST("/cert", middleware.ClientAccessAuth(), api.ApplyCertificate)

sdk/python/requirements.txt

@@ -129,7 +129,7 @@ func signMessage(methodName string, data []byte, privateKey *rsa.PrivateKey) ([]
     cryptoType, hash := getHash(methodName, data)
 
     opts := &rsa.PSSOptions{
-        SaltLength: rsa.PSSSaltLengthAuto,
+        SaltLength: rsa.PSSSaltLengthEqualsHash,
         Hash:       cryptoType,
     }