velvox
/
corecrypto
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
corecrypto/ccrsa/test_vectors/pss-int.txt

173 lines
6.1 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* Copyright (c) (2015,2019) Apple Inc. All rights reserved.
*
* corecrypto is licensed under Apple Inc.s Internal Use License Agreement (which
* is contained in the License.txt file distributed with corecrypto) and only to
* people who accept that license. IMPORTANT: Any license rights granted to you by
* Apple Inc. (if any) are limited to internal use within your organization only on
* devices and computers you own or control, for the sole purpose of verifying the
* security characteristics and correct functioning of the Apple Software. You may
* not, directly or indirectly, redistribute the Apple Software or any portions thereof.
*/
# =================================
# WORKED-OUT EXAMPLE FOR RSASSA-PSS
# =================================
#
# This file gives an example of the process of
# signing a message with RSASSA-PSS as
# specified in PKCS #1 v2.1.
#
# The message is an octet string of length 114,
# while the size of the modulus in the public
# key is 1024 bits. The message is signed via a
# random salt of length 20 octets
#
# The underlying hash function in the EMSA-PSS
# encoding method is SHA-1; the mask generation
# function is MGF1 with SHA-1 as specified in
# PKCS #1 v2.1.
#
# Integers are represented by strings of octets
# with the leftmost octet being the most
# significant octet. For example,
#
# 9,202,000 = (0x)8c 69 50.
#
# =============================================
# ------------------------------
# Components of the RSA Key Pair
# ------------------------------
# RSA modulus n:
a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95
02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e
57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4
b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88
8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95
5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75
12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee
b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5
# RSA public exponent e:
01 00 01
# Prime p:
d1 7f 65 5b f2 7c 8b 16 d3 54 62 c9 05 cc 04 a2
6f 37 e2 a6 7f a9 c0 ce 0d ce d4 72 39 4a 0d f7
43 fe 7f 92 9e 37 8e fd b3 68 ed df f4 53 cf 00
7a f6 d9 48 e0 ad e7 57 37 1f 8a 71 1e 27 8f 6b
# Prime q:
c6 d9 2b 6f ee 74 14 d1 35 8c e1 54 6f b6 29 87
53 0b 90 bd 15 e0 f1 49 63 a5 e2 63 5a db 69 34
7e c0 c0 1b 2a b1 76 3f d8 ac 1a 59 2f b2 27 57
46 3a 98 24 25 bb 97 a3 a4 37 c5 bf 86 d0 3f 2f
# p's CRT exponent dP:
9d 0d bf 83 e5 ce 9e 4b 17 54 dc d5 cd 05 bc b7
b5 5f 15 08 33 0e a4 9f 14 d4 e8 89 55 0f 82 56
cb 5f 80 6d ff 34 b1 7a da 44 20 88 53 57 7d 08
e4 26 28 90 ac f7 52 46 1c ea 05 54 76 01 bc 4f
# q's CRT exponent dQ:
12 91 a5 24 c6 b7 c0 59 e9 0e 46 dc 83 b2 17 1e
b3 fa 98 81 8f d1 79 b6 c8 bf 6c ec aa 47 63 03
ab f2 83 fe 05 76 9c fc 49 57 88 fe 5b 1d df de
9e 88 4a 3c d5 e9 36 b7 e9 55 eb f9 7e b5 63 b1
# CRT coefficient qInv:
a6 3f 1d a3 8b 95 0c 9a d1 c6 7c e0 d6 77 ec 29
14 cd 7d 40 06 2d f4 2a 67 eb 19 8a 17 6f 97 42
aa c7 c5 fe a1 4f 22 97 66 2b 84 81 2c 4d ef c4
9a 80 25 ab 43 82 28 6b e4 c0 37 88 dd 01 d6 9f
# ---------------------------------
# Step-by-step RSASSA-PSS Signature
# ---------------------------------
# Message M to be signed:
85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55
bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64
78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17
3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27
12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0
4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74
ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98
90 fc
# mHash = Hash(M)
# salt = random string of octets
# M' = Padding || mHash || salt
# H = Hash(M')
# DB = Padding || salt
# dbMask = MGF(H, length(DB))
# maskedDB = DB xor dbMask (leftmost bit set to
# zero)
# EM = maskedDB || H || 0xbc
# mHash:
37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1
10 e6 2d 6a
# salt:
e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8
3b ce 7e 61
# M':
00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35
3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0
02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61
# H:
df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54
6f be 8c fe
# DB:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c
2b 65 ef 88 a1 88 d8 3b ce 7e 61
# dbMask:
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46
5e 87 a4 53 5c d4 c5 9b 10 02 8d
# maskedDB:
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a
75 e2 4b db fd 5c 1d a0 de 7c ec
# Encoded message EM:
66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a
75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d
8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc
# Signature S, the RSA decryption of EM:
8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44
06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54
dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76
97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42
be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87
6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3
48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89
71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e
# =============================================
Reference in New Issue View Git Blame Copy Permalink