/* Copyright (c) (2015,2019) Apple Inc. All rights reserved. * * corecrypto is licensed under Apple Inc.’s Internal Use License Agreement (which * is contained in the License.txt file distributed with corecrypto) and only to * people who accept that license. IMPORTANT: Any license rights granted to you by * Apple Inc. (if any) are limited to internal use within your organization only on * devices and computers you own or control, for the sole purpose of verifying the * security characteristics and correct functioning of the Apple Software. You may * not, directly or indirectly, redistribute the Apple Software or any portions thereof. */ // ================================= // WORKED-OUT EXAMPLE FOR RSASSA-PSS // ================================= // // This file gives an example of the process of // signing a message with RSASSA-PSS as // specified"in PKCS #1 v2.1. // // The message is an octet string of length 114, // while the size of the modulus in the public // key is 1024"bits. The message is signed via a // random salt of length 20 octets // // The underlying hash function in the EMSA-PSS // encoding method is SHA-1; the mask generation // function is MGF1 with SHA-1 as specified in // PKCS #1 v2.1. // // Integers are represented by strings of octets // with the leftmost octet being the most // significant octet. For example, // // 9,202,000 = (0x)8c\x69\x50. // 0x8C6950 // ============================================= // ------------------------------ // Components of the RSA Key Pair // ------------------------------ // mHash = Hash(M) // salt = random string of octets // M' = Padding || mHash || salt // H = Hash(M') // DB = Padding || salt // dbMask = MGF(H, length(DB)) // maskedDB = DB xor dbMask (leftmost bit set to // zero) // EM = maskedDB || H || 0xbc // mHash: .mHash="\x37\xb6\x6a\xe0\x44\x58\x43\x35\x3d\x47\xec\xb0\xb4\xfd\x14\xc1" "\x10\xe6\x2d\x6a", .mHash_len=20, // M': .Mp="\x00\x00\x00\x00\x00\x00\x00\x00\x37\xb6\x6a\xe0\x44\x58\x43\x35" "\x3d\x47\xec\xb0\xb4\xfd\x14\xc1\x10\xe6\x2d\x6a\xe3\xb5\xd5\xd0" "\x02\xc1\xbc\xe5\x0c\x2b\x65\xef\x88\xa1\x88\xd8\x3b\xce\x7e\x61", .Mp_len=3*16, // H: .H= "\xdf\x1a\x89\x6f\x9d\x8b\xc8\x16\xd9\x7c\xd7\xa2\xc4\x3b\xad\x54" "\x6f\xbe\x8c\xfe", .H_len=12, // DB: .DB= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x01\xe3\xb5\xd5\xd0\x02\xc1\xbc\xe5\x0c" "\x2b\x65\xef\x88\xa1\x88\xd8\x3b\xce\x7e\x61", .DB_len=107, //dbMask: .dbMask= "\x66\xe4\x67\x2e\x83\x6a\xd1\x21\xba\x24\x4b\xed\x65\x76\xb8\x67" "\xd9\xa4\x47\xc2\x8a\x6e\x66\xa5\xb8\x7d\xee\x7f\xbc\x7e\x65\xaf" "\x50\x57\xf8\x6f\xae\x89\x84\xd9\xba\x7f\x96\x9a\xd6\xfe\x02\xa4" "\xd7\x5f\x74\x45\xfe\xfd\xd8\x5b\x6d\x3a\x47\x7c\x28\xd2\x4b\xa1" "\xe3\x75\x6f\x79\x2d\xd1\xdc\xe8\xca\x94\x44\x0e\xcb\x52\x79\xec" "\xd3\x18\x3a\x31\x1f\xc8\x97\x39\xa9\x66\x43\x13\x6e\x8b\x0f\x46" "\x5e\x87\xa4\x53\x5c\xd4\xc5\x9b\x10\x02\x8d", .dbMask_len=107, // maskedDB: .maskedDB="\x66\xe4\x67\x2e\x83\x6a\xd1\x21\xba\x24\x4b\xed\x65\x76\xb8\x67" "\xd9\xa4\x47\xc2\x8a\x6e\x66\xa5\xb8\x7d\xee\x7f\xbc\x7e\x65\xaf" "\x50\x57\xf8\x6f\xae\x89\x84\xd9\xba\x7f\x96\x9a\xd6\xfe\x02\xa4" "\xd7\x5f\x74\x45\xfe\xfd\xd8\x5b\x6d\x3a\x47\x7c\x28\xd2\x4b\xa1" "\xe3\x75\x6f\x79\x2d\xd1\xdc\xe8\xca\x94\x44\x0e\xcb\x52\x79\xec" "\xd3\x18\x3a\x31\x1f\xc8\x96\xda\x1c\xb3\x93\x11\xaf\x37\xea\x4a" "\x75\xe2\x4b\xdb\xfd\x5c\x1d\xa0\xde\x7c\xec", .maskedDB_len=107, // Encoded"message EM: .EM= "\x66\xe4\x67\x2e\x83\x6a\xd1\x21\xba\x24\x4b\xed\x65\x76\xb8\x67" "\xd9\xa4\x47\xc2\x8a\x6e\x66\xa5\xb8\x7d\xee\x7f\xbc\x7e\x65\xaf" "\x50\x57\xf8\x6f\xae\x89\x84\xd9\xba\x7f\x96\x9a\xd6\xfe\x02\xa4" "\xd7\x5f\x74\x45\xfe\xfd\xd8\x5b\x6d\x3a\x47\x7c\x28\xd2\x4b\xa1" "\xe3\x75\x6f\x79\x2d\xd1\xdc\xe8\xca\x94\x44\x0e\xcb\x52\x79\xec" "\xd3\x18\x3a\x31\x1f\xc8\x96\xda\x1c\xb3\x93\x11\xaf\x37\xea\x4a" "\x75\xe2\x4b\xdb\xfd\x5c\x1d\xa0\xde\x7c\xec\xdf\x1a\x89\x6f\x9d" "\x8b\xc8\x16\xd9\x7c\xd7\xa2\xc4\x3b\xad\x54\x6f\xbe\x8c\xfe\xbc", .EM_len=128,