| // Copyright 2011 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "crypto/signature_verifier.h" |
| |
| #include <stddef.h> |
| #include <stdint.h> |
| |
| #include "base/numerics/safe_conversions.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| TEST(SignatureVerifierTest, BasicTest) { |
| // The input data in this test comes from real certificates. |
| // |
| // tbs_certificate ("to-be-signed certificate", the part of a certificate that |
| // is signed), signature, and algorithm come from the certificate of |
| // bugs.webkit.org. |
| // |
| // public_key_info comes from the certificate of the issuer, Go Daddy Secure |
| // Certification Authority. |
| // |
| // The bytes in the array initializers are formatted to expose the DER |
| // encoding of the ASN.1 structures. |
| |
| // The data that is signed is the following ASN.1 structure: |
| // TBSCertificate ::= SEQUENCE { |
| // ... -- omitted, not important |
| // } |
| const uint8_t tbs_certificate[1017] = { |
| 0x30, 0x82, 0x03, 0xf5, // a SEQUENCE of length 1013 (0x3f5) |
| 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d, |
| 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, |
| 0x00, 0x30, 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, |
| 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, |
| 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, |
| 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, |
| 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, |
| 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, |
| 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, |
| 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68, |
| 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, |
| 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, |
| 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, |
| 0x69, 0x74, 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, |
| 0x04, 0x03, 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, |
| 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, |
| 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, |
| 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06, |
| 0x03, 0x55, 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32, |
| 0x38, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38, |
| 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30, |
| 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79, |
| 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, |
| 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, |
| 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, |
| 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70, |
| 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, |
| 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, |
| 0x6e, 0x63, 0x2e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b, |
| 0x13, 0x0c, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72, |
| 0x67, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, |
| 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72, |
| 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, |
| 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, |
| 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28, |
| 0xf2, 0xc0, 0x4f, 0xe0, 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5, |
| 0xc9, 0x26, 0x3a, 0x1b, 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0, |
| 0xf0, 0x40, 0x9e, 0x27, 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c, |
| 0xb8, 0x9b, 0x01, 0x2f, 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1, |
| 0x7e, 0x8e, 0xcd, 0xa6, 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff, |
| 0x2a, 0x6d, 0x0e, 0xba, 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39, |
| 0xdc, 0x1e, 0x34, 0xd0, 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca, |
| 0x65, 0xf6, 0x85, 0x3a, 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1, |
| 0xce, 0x88, 0x47, 0xcd, 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb, |
| 0x57, 0xdc, 0xca, 0x99, 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e, |
| 0xe9, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30, |
| 0x82, 0x01, 0xca, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, |
| 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, |
| 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, |
| 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, |
| 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57, |
| 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0, |
| 0x4a, 0xa0, 0x48, 0x86, 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, |
| 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, |
| 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, |
| 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, |
| 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e, |
| 0x64, 0x65, 0x64, 0x69, 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e, |
| 0x63, 0x72, 0x6c, 0x30, 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b, |
| 0x30, 0x49, 0x30, 0x47, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd, |
| 0x6d, 0x01, 0x07, 0x17, 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b, |
| 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74, |
| 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, |
| 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, |
| 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, |
| 0x6f, 0x72, 0x79, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, |
| 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b, |
| 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, |
| 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, |
| 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08, |
| 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, |
| 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, |
| 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, |
| 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, |
| 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65, |
| 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74, |
| 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48, |
| 0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5, |
| 0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55, |
| 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32, |
| 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76, |
| 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, |
| 0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, |
| 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69, |
| 0x74, 0x2e, 0x6f, 0x72, 0x67}; |
| |
| // RSA signature, a big integer in the big-endian byte order. |
| const uint8_t signature[256] = { |
| 0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f, |
| 0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37, |
| 0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82, |
| 0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01, |
| 0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01, |
| 0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98, |
| 0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56, |
| 0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8, |
| 0xa0, 0xe9, 0x7d, 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff, |
| 0x9a, 0x01, 0x31, 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d, |
| 0xbb, 0xbb, 0xcd, 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84, |
| 0x71, 0x08, 0xd2, 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8, |
| 0x12, 0x6a, 0x6f, 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9, |
| 0xe0, 0xb5, 0xb3, 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2, |
| 0xca, 0x20, 0xd3, 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94, |
| 0x93, 0x8c, 0x64, 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3, |
| 0xd3, 0xc1, 0x50, 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a, |
| 0x7a, 0x21, 0x87, 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e, |
| 0xbe, 0xcd, 0x70, 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08, |
| 0x01, 0x6f, 0x37, 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd, |
| 0x35, 0x52, 0xdd, 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8, |
| 0x3c, 0xd8, 0x48, 0x8a}; |
| |
| // The public key is specified as the following ASN.1 structure: |
| // SubjectPublicKeyInfo ::= SEQUENCE { |
| // algorithm AlgorithmIdentifier, |
| // subjectPublicKey BIT STRING } |
| const uint8_t public_key_info[294] = { |
| 0x30, 0x82, 0x01, 0x22, // a SEQUENCE of length 290 (0x122) |
| // algorithm |
| 0x30, 0x0d, // a SEQUENCE of length 13 |
| 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 |
| 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, |
| 0x00, // a NULL of length 0 |
| // subjectPublicKey |
| 0x03, 0x82, 0x01, 0x0f, // a BIT STRING of length 271 (0x10f) |
| 0x00, // number of unused bits |
| 0x30, 0x82, 0x01, 0x0a, // a SEQUENCE of length 266 (0x10a) |
| // modulus |
| 0x02, 0x82, 0x01, 0x01, // an INTEGER of length 257 (0x101) |
| 0x00, 0xc4, 0x2d, 0xd5, 0x15, 0x8c, 0x9c, 0x26, 0x4c, 0xec, 0x32, 0x35, |
| 0xeb, 0x5f, 0xb8, 0x59, 0x01, 0x5a, 0xa6, 0x61, 0x81, 0x59, 0x3b, 0x70, |
| 0x63, 0xab, 0xe3, 0xdc, 0x3d, 0xc7, 0x2a, 0xb8, 0xc9, 0x33, 0xd3, 0x79, |
| 0xe4, 0x3a, 0xed, 0x3c, 0x30, 0x23, 0x84, 0x8e, 0xb3, 0x30, 0x14, 0xb6, |
| 0xb2, 0x87, 0xc3, 0x3d, 0x95, 0x54, 0x04, 0x9e, 0xdf, 0x99, 0xdd, 0x0b, |
| 0x25, 0x1e, 0x21, 0xde, 0x65, 0x29, 0x7e, 0x35, 0xa8, 0xa9, 0x54, 0xeb, |
| 0xf6, 0xf7, 0x32, 0x39, 0xd4, 0x26, 0x55, 0x95, 0xad, 0xef, 0xfb, 0xfe, |
| 0x58, 0x86, 0xd7, 0x9e, 0xf4, 0x00, 0x8d, 0x8c, 0x2a, 0x0c, 0xbd, 0x42, |
| 0x04, 0xce, 0xa7, 0x3f, 0x04, 0xf6, 0xee, 0x80, 0xf2, 0xaa, 0xef, 0x52, |
| 0xa1, 0x69, 0x66, 0xda, 0xbe, 0x1a, 0xad, 0x5d, 0xda, 0x2c, 0x66, 0xea, |
| 0x1a, 0x6b, 0xbb, 0xe5, 0x1a, 0x51, 0x4a, 0x00, 0x2f, 0x48, 0xc7, 0x98, |
| 0x75, 0xd8, 0xb9, 0x29, 0xc8, 0xee, 0xf8, 0x66, 0x6d, 0x0a, 0x9c, 0xb3, |
| 0xf3, 0xfc, 0x78, 0x7c, 0xa2, 0xf8, 0xa3, 0xf2, 0xb5, 0xc3, 0xf3, 0xb9, |
| 0x7a, 0x91, 0xc1, 0xa7, 0xe6, 0x25, 0x2e, 0x9c, 0xa8, 0xed, 0x12, 0x65, |
| 0x6e, 0x6a, 0xf6, 0x12, 0x44, 0x53, 0x70, 0x30, 0x95, 0xc3, 0x9c, 0x2b, |
| 0x58, 0x2b, 0x3d, 0x08, 0x74, 0x4a, 0xf2, 0xbe, 0x51, 0xb0, 0xbf, 0x87, |
| 0xd0, 0x4c, 0x27, 0x58, 0x6b, 0xb5, 0x35, 0xc5, 0x9d, 0xaf, 0x17, 0x31, |
| 0xf8, 0x0b, 0x8f, 0xee, 0xad, 0x81, 0x36, 0x05, 0x89, 0x08, 0x98, 0xcf, |
| 0x3a, 0xaf, 0x25, 0x87, 0xc0, 0x49, 0xea, 0xa7, 0xfd, 0x67, 0xf7, 0x45, |
| 0x8e, 0x97, 0xcc, 0x14, 0x39, 0xe2, 0x36, 0x85, 0xb5, 0x7e, 0x1a, 0x37, |
| 0xfd, 0x16, 0xf6, 0x71, 0x11, 0x9a, 0x74, 0x30, 0x16, 0xfe, 0x13, 0x94, |
| 0xa3, 0x3f, 0x84, 0x0d, 0x4f, |
| // public exponent |
| 0x02, 0x03, // an INTEGER of length 3 |
| 0x01, 0x00, 0x01}; |
| |
| // We use the signature verifier to perform four signature verification |
| // tests. |
| crypto::SignatureVerifier verifier; |
| bool ok; |
| |
| // Test 1: feed all of the data to the verifier at once (a single |
| // VerifyUpdate call). |
| ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature, |
| sizeof(signature), public_key_info, |
| sizeof(public_key_info)); |
| EXPECT_TRUE(ok); |
| verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate)); |
| ok = verifier.VerifyFinal(); |
| EXPECT_TRUE(ok); |
| |
| // Test 2: feed the data to the verifier in three parts (three VerifyUpdate |
| // calls). |
| ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature, |
| sizeof(signature), public_key_info, |
| sizeof(public_key_info)); |
| EXPECT_TRUE(ok); |
| verifier.VerifyUpdate(tbs_certificate, 256); |
| verifier.VerifyUpdate(tbs_certificate + 256, 256); |
| verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512); |
| ok = verifier.VerifyFinal(); |
| EXPECT_TRUE(ok); |
| |
| // Test 3: verify the signature with incorrect data. |
| uint8_t bad_tbs_certificate[sizeof(tbs_certificate)]; |
| memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate)); |
| bad_tbs_certificate[10] += 1; // Corrupt one byte of the data. |
| ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature, |
| sizeof(signature), public_key_info, |
| sizeof(public_key_info)); |
| EXPECT_TRUE(ok); |
| verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate)); |
| ok = verifier.VerifyFinal(); |
| EXPECT_FALSE(ok); |
| |
| // Test 4: verify a bad signature. |
| uint8_t bad_signature[sizeof(signature)]; |
| memcpy(bad_signature, signature, sizeof(signature)); |
| bad_signature[10] += 1; // Corrupt one byte of the signature. |
| ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, |
| bad_signature, sizeof(bad_signature), |
| public_key_info, sizeof(public_key_info)); |
| |
| // A crypto library (e.g., NSS) may detect that the signature is corrupted |
| // and cause VerifyInit to return false, so it is fine for 'ok' to be false. |
| if (ok) { |
| verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate)); |
| ok = verifier.VerifyFinal(); |
| EXPECT_FALSE(ok); |
| } |
| |
| // Test 5: import an invalid key. |
| uint8_t bad_public_key_info[sizeof(public_key_info)]; |
| memcpy(bad_public_key_info, public_key_info, sizeof(public_key_info)); |
| bad_public_key_info[0] += 1; // Corrupt part of the SPKI syntax. |
| ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature, |
| sizeof(signature), bad_public_key_info, |
| sizeof(bad_public_key_info)); |
| EXPECT_FALSE(ok); |
| |
| // Test 6: import a key with extra data. |
| uint8_t long_public_key_info[sizeof(public_key_info) + 5]; |
| memset(long_public_key_info, 0, sizeof(long_public_key_info)); |
| memcpy(long_public_key_info, public_key_info, sizeof(public_key_info)); |
| ok = verifier.VerifyInit(crypto::SignatureVerifier::RSA_PKCS1_SHA1, signature, |
| sizeof(signature), long_public_key_info, |
| sizeof(long_public_key_info)); |
| EXPECT_FALSE(ok); |
| } |
| |
| ////////////////////////////////////////////////////////////////////// |
| // |
| // RSA-PSS signature verification known answer test |
| // |
| ////////////////////////////////////////////////////////////////////// |
| |
| // The following RSA-PSS signature test vectors come from the pss-vect.txt |
| // file downloaded from |
| // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip. |
| // |
| // For each key, 6 random messages of length between 1 and 256 octets have |
| // been RSASSA-PSS signed. |
| // |
| // Hash function: SHA-1 |
| // Mask generation function: MGF1 with SHA-1 |
| // Salt length: 20 octets |
| |
| // Example 1: A 1024-bit RSA Key Pair" |
| |
| // RSA modulus n: |
| static const char rsa_modulus_n_1[] = |
| "a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1 " |
| "56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91 " |
| "d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3 " |
| "94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df " |
| "d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77 " |
| "c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1 " |
| "05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4 " |
| "ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 "; |
| // RSA public exponent e: " |
| static const char rsa_public_exponent_e_1[] = |
| "01 00 01 "; |
| |
| // RSASSA-PSS Signature Example 1.1 |
| // Message to be signed: |
| static const char message_1_1[] = |
| "cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26 " |
| "d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6 " |
| "23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15 " |
| "6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76 " |
| "97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3 " |
| "d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0 " |
| "61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29 " |
| "cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61 " |
| "93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08 " |
| "a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c " |
| "29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca " |
| "b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16 " |
| "be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed " |
| "1b 73 31 8b 75 0a 01 67 d0 "; |
| // Salt: |
| static const char salt_1_1[] = |
| "de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f " |
| "3e 67 76 af "; |
| // Signature: |
| static const char signature_1_1[] = |
| "90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71 " |
| "fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87 " |
| "e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2 " |
| "26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15 " |
| "df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9 " |
| "c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65 " |
| "98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4 " |
| "c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c "; |
| |
| // RSASSA-PSS Signature Example 1.2 |
| // Message to be signed: |
| static const char message_1_2[] = |
| "85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c " |
| "f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f " |
| "71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13 " |
| "22 6b 9e "; |
| // Salt: |
| static const char salt_1_2[] = |
| "ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f " |
| "d5 6d f4 2d "; |
| // Signature: |
| static const char signature_1_2[] = |
| "3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce " |
| "fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e " |
| "f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db " |
| "0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45 " |
| "17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4 " |
| "cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35 " |
| "90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14 " |
| "18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 "; |
| |
| // RSASSA-PSS Signature Example 1.3 |
| // Message to be signed: |
| static const char message_1_3[] = |
| "a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5 " |
| "aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef " |
| "8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d " |
| "fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55 " |
| "fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db " |
| "43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7 " |
| "45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29 " |
| "c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4 " |
| "56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17 " |
| "be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c " |
| "03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b " |
| "79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa " |
| "29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61 " |
| "8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13 " |
| "38 e7 d4 70 "; |
| // Salt: |
| static const char salt_1_3[] = |
| "71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1 " |
| "81 07 cc 77 "; |
| // Signature: |
| static const char signature_1_3[] = |
| "66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e " |
| "4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01 " |
| "54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b " |
| "aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14 " |
| "3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82 " |
| "72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a " |
| "a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91 " |
| "60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 "; |
| |
| // RSASSA-PSS Signature Example 1.4 |
| // Message to be signed: |
| static const char message_1_4[] = |
| "bc 65 67 47 fa 9e af b3 f0 "; |
| // Salt: |
| static const char salt_1_4[] = |
| "05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be " |
| "f7 20 33 5e "; |
| // Signature: |
| static const char signature_1_4[] = |
| "46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f " |
| "3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c " |
| "17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f " |
| "4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad " |
| "84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e " |
| "42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18 " |
| "33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7 " |
| "52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 "; |
| |
| // RSASSA-PSS Signature Example 1.5 |
| // Message to be signed: |
| static const char message_1_5[] = |
| "b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64 " |
| "e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76 " |
| "c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e " |
| "f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75 " |
| "48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4 " |
| "b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f " |
| "32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7 " |
| "82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc " |
| "5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f " |
| "45 5a 69 09 b4 "; |
| // Salt: |
| static const char salt_1_5[] = |
| "80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc " |
| "ea 67 ae 8e "; |
| // Signature: |
| static const char signature_1_5[] = |
| "1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98 " |
| "e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73 " |
| "47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1 " |
| "6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59 " |
| "60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c " |
| "3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db " |
| "45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6 " |
| "84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad "; |
| |
| // RSASSA-PSS Signature Example 1.6 |
| // Message to be signed: |
| static const char message_1_6[] = |
| "10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7 " |
| "5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec " |
| "74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4 " |
| "3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4 " |
| "35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90 " |
| "9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7 " |
| "05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad " |
| "b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87 " |
| "94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00 " |
| "44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73 " |
| "d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29 " |
| "51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb " |
| "3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf " |
| "e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6 " |
| "13 8d 14 4f 8c e4 e2 da 73 "; |
| // Salt: |
| static const char salt_1_6[] = |
| "a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6 " |
| "16 d9 96 81 "; |
| // Signature: |
| static const char signature_1_6[] = |
| "2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32 " |
| "be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98 " |
| "7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6 " |
| "7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7 " |
| "5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0 " |
| "d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89 " |
| "82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27 " |
| "3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 "; |
| |
| // Example 9: A 1536-bit RSA Key Pair |
| |
| // RSA modulus n: |
| static const char rsa_modulus_n_9[] = |
| "e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9 " |
| "bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b " |
| "5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4 " |
| "a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68 " |
| "35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73 " |
| "ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc " |
| "ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43 " |
| "3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14 " |
| "83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f " |
| "84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02 " |
| "73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8 " |
| "17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b "; |
| // RSA public exponent e: |
| static const char rsa_public_exponent_e_9[] = |
| "01 00 01 "; |
| |
| // RSASSA-PSS Signature Example 9.1 |
| // Message to be signed: |
| static const char message_9_1[] = |
| "a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59 " |
| "1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59 " |
| "22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa " |
| "70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27 " |
| "88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4 " |
| "f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88 " |
| "c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f " |
| "0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79 " |
| "f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76 " |
| "2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70 " |
| "9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66 " |
| "ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94 " |
| "20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2 " |
| "c7 50 f5 "; |
| // Salt: |
| static const char salt_9_1[] = |
| "c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5 " |
| "25 7e ed 80 "; |
| // Signature: |
| static const char signature_9_1[] = |
| "58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59 " |
| "bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef " |
| "58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38 " |
| "30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1 " |
| "3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b " |
| "67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c " |
| "b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70 " |
| "46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27 " |
| "9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60 " |
| "20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11 " |
| "21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81 " |
| "fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e "; |
| |
| // RSASSA-PSS Signature Example 9.2 |
| // Message to be signed: |
| static const char message_9_2[] = |
| "c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3 " |
| "73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26 " |
| "58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce " |
| "d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1 " |
| "2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8 " |
| "a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6 " |
| "9f 86 35 0e 18 22 e8 bd 53 6a 2e "; |
| // Salt: |
| static const char salt_9_2[] = |
| "b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef " |
| "8c 5c 0e 91 "; |
| // Signature: |
| static const char signature_9_2[] = |
| "80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2 " |
| "59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d " |
| "d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04 " |
| "b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f " |
| "7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f " |
| "7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46 " |
| "bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63 " |
| "b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea " |
| "e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5 " |
| "e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee " |
| "36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa " |
| "1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 "; |
| |
| // RSASSA-PSS Signature Example 9.3 |
| // Message to be signed: |
| static const char message_9_3[] = |
| "0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a " |
| "4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1 " |
| "26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1 " |
| "fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89 " |
| "3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d " |
| "df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff " |
| "74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63 " |
| "19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34 " |
| "09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec " |
| "be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1 " |
| "4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46 " |
| "2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc " |
| "d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8 " |
| "9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 "; |
| // Salt: |
| static const char salt_9_3[] = |
| "9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed " |
| "fc 74 db f5 "; |
| // Signature: |
| static const char signature_9_3[] = |
| "48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27 " |
| "08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9 " |
| "81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5 " |
| "bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c " |
| "87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77 " |
| "5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd " |
| "1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb " |
| "c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20 " |
| "19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16 " |
| "a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd " |
| "e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3 " |
| "fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca "; |
| |
| // RSASSA-PSS Signature Example 9.4 |
| // Message to be signed: |
| static const char message_9_4[] = |
| "1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8 " |
| "82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db " |
| "be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19 " |
| "a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06 " |
| "e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb " |
| "b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f " |
| "53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3 " |
| "0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a " |
| "45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0 " |
| "1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14 " |
| "fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0 " |
| "c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4 " |
| "3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc " |
| "b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81 " |
| "7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5 " |
| "69 26 fc ec 20 9f 9e a8 "; |
| // Salt: |
| static const char salt_9_4[] = |
| "70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6 " |
| "32 b8 40 45 "; |
| // Signature: |
| static const char signature_9_4[] = |
| "84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01 " |
| "12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a " |
| "e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03 " |
| "fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c " |
| "97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed " |
| "2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8 " |
| "b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58 " |
| "cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a " |
| "91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e " |
| "0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77 " |
| "e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f " |
| "bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e "; |
| |
| // RSASSA-PSS Signature Example 9.5 |
| // Message to be signed: |
| static const char message_9_5[] = |
| "1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9 " |
| "cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d " |
| "73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52 " |
| "26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76 " |
| "96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18 " |
| "55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21 " |
| "38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8 " |
| "be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80 " |
| "0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f " |
| "bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67 " |
| "fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed " |
| "1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1 " |
| "be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e " |
| "2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01 " |
| "d9 fa 6e d8 06 46 49 1c 93 41 "; |
| // Salt: |
| static const char salt_9_5[] = |
| "d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29 " |
| "5f b9 1b 67 "; |
| // Signature: |
| static const char signature_9_5[] = |
| "82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6 " |
| "4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27 " |
| "4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42 " |
| "0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da " |
| "5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d " |
| "4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe " |
| "c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a " |
| "1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17 " |
| "17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16 " |
| "64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba " |
| "3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf " |
| "22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c "; |
| |
| // RSASSA-PSS Signature Example 9.6 |
| // Message to be signed: |
| static const char message_9_6[] = |
| "88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25 " |
| "c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67 " |
| "0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c " |
| "c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1 " |
| "de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc " |
| "d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30 " |
| "2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d " |
| "b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e " |
| "d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14 " |
| "fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db " |
| "ce 7a 9e f7 97 "; |
| // Salt: |
| static const char salt_9_6[] = |
| "c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61 " |
| "3b ba 22 76 "; |
| // Signature: |
| static const char signature_9_6[] = |
| "a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86 " |
| "7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa " |
| "de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2 " |
| "05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04 " |
| "c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4 " |
| "af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c " |
| "31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9 " |
| "aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3 " |
| "af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d " |
| "e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08 " |
| "95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42 " |
| "3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f "; |
| |
| // Example 10: A 2048-bit RSA Key Pair |
| |
| // RSA modulus n: |
| static const char rsa_modulus_n_10[] = |
| "a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70 " |
| "ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5 " |
| "7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18 " |
| "75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad " |
| "cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12 " |
| "cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae " |
| "4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e " |
| "90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a " |
| "21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37 " |
| "39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea " |
| "45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73 " |
| "3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07 " |
| "0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17 " |
| "b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00 " |
| "1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82 " |
| "ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 "; |
| // RSA public exponent e: |
| static const char rsa_public_exponent_e_10[] = |
| "01 00 01 "; |
| |
| // RSASSA-PSS Signature Example 10.1 |
| // Message to be signed: |
| static const char message_10_1[] = |
| "88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c " |
| "6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 "; |
| // Salt: |
| static const char salt_10_1[] = |
| "04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab " |
| "fc ec de 89 "; |
| // Signature: |
| static const char signature_10_1[] = |
| "82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54 " |
| "06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5 " |
| "af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14 " |
| "8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2 " |
| "1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7 " |
| "9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74 " |
| "1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a " |
| "77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f " |
| "d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16 " |
| "59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e " |
| "57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb " |
| "3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00 " |
| "0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8 " |
| "e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04 " |
| "38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1 " |
| "b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 "; |
| |
| // RSASSA-PSS Signature Example 10.2 |
| // Message to be signed: |
| static const char message_10_2[] = |
| "dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c " |
| "52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13 " |
| "97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b " |
| "34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db " |
| "d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3 " |
| "c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75 " |
| "ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e " |
| "80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac "; |
| // Salt: |
| static const char salt_10_2[] = |
| "8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb " |
| "57 f9 b7 1b "; |
| // Signature: |
| static const char signature_10_2[] = |
| "14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c " |
| "d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30 " |
| "53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10 " |
| "11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28 " |
| "92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a " |
| "5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca " |
| "ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec " |
| "d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63 " |
| "7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22 " |
| "21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15 " |
| "99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68 " |
| "25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42 " |
| "31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab " |
| "c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd " |
| "26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26 " |
| "d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 "; |
| |
| // RSASSA-PSS Signature Example 10.3 |
| // Message to be signed: |
| static const char message_10_3[] = |
| "48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b " |
| "08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01 " |
| "93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6 " |
| "26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71 " |
| "ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d " |
| "e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1 " |
| "3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db "; |
| // Salt: |
| static const char salt_10_3[] = |
| "4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6 " |
| "e2 0c 2d 73 "; |
| // Signature: |
| static const char signature_10_3[] = |
| "6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb " |
| "39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5 " |
| "4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d " |
| "3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01 " |
| "02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a " |
| "a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5 " |
| "d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa " |
| "91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66 " |
| "f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78 " |
| "34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b " |
| "44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de " |
| "03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53 " |
| "1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19 " |
| "6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24 " |
| "71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5 " |
| "0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb "; |
| |
| // RSASSA-PSS Signature Example 10.4 |
| // Message to be signed: |
| static const char message_10_4[] = |
| "0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75 " |
| "5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4 " |
| "e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82 " |
| "db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a " |
| "62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45 " |
| "1a "; |
| // Salt: |
| static const char salt_10_4[] = |
| "c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0 " |
| "1c b5 41 ec "; |
| // Signature: |
| static const char signature_10_4[] = |
| "34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61 " |
| "a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd " |
| "ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93 " |
| "2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc " |
| "f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0 " |
| "2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34 " |
| "b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6 " |
| "6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce " |
| "c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45 " |
| "0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d " |
| "02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec " |
| "b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f " |
| "01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9 " |
| "2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d " |
| "de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6 " |
| "c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb "; |
| |
| // RSASSA-PSS Signature Example 10.5 |
| // Message to be signed: |
| static const char message_10_5[] = |
| "f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f " |
| "06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97 " |
| "6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98 " |
| "01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b " |
| "b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9 " |
| "16 "; |
| // Salt: |
| static const char salt_10_5[] = |
| "ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52 " |
| "65 5f 5d fb "; |
| // Signature: |
| static const char signature_10_5[] = |
| "7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c " |
| "55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3 " |
| "46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de " |
| "42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1 " |
| "f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38 " |
| "77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b " |
| "3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b " |
| "b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72 " |
| "1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05 " |
| "e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed " |
| "b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5 " |
| "a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9 " |
| "21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11 " |
| "26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24 " |
| "86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a " |
| "cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc "; |
| |
| // RSASSA-PSS Signature Example 10.6 |
| // Message to be signed: |
| static const char message_10_6[] = |
| "25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1 " |
| "f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5 " |
| "55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91 " |
| "dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52 " |
| "c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03 " |
| "23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0 " |
| "74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7 " |
| "d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37 " |
| "8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e " |
| "aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef " |
| "b8 af d7 "; |
| // Salt: |
| static const char salt_10_6[] = |
| "ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c " |
| "a2 d1 df 28 "; |
| // Signature: |
| static const char signature_10_6[] = |
| "6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21 " |
| "80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9 " |
| "b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12 " |
| "5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7 " |
| "b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91 " |
| "55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c " |
| "43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46 " |
| "bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81 " |
| "8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96 " |
| "d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e " |
| "f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18 " |
| "e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08 " |
| "8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed " |
| "94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59 " |
| "e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73 " |
| "2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f "; |
| |
| struct SignatureExample { |
| const char* message; |
| const char* salt; |
| const char* signature; |
| }; |
| |
| struct PSSTestVector { |
| const char* modulus_n; |
| const char* public_exponent_e; |
| SignatureExample example[6]; |
| }; |
| |
| static const PSSTestVector pss_test[] = { |
| { |
| rsa_modulus_n_1, |
| rsa_public_exponent_e_1, |
| { |
| { message_1_1, salt_1_1, signature_1_1 }, |
| { message_1_2, salt_1_2, signature_1_2 }, |
| { message_1_3, salt_1_3, signature_1_3 }, |
| { message_1_4, salt_1_4, signature_1_4 }, |
| { message_1_5, salt_1_5, signature_1_5 }, |
| { message_1_6, salt_1_6, signature_1_6 }, |
| } |
| }, |
| { |
| rsa_modulus_n_9, |
| rsa_public_exponent_e_9, |
| { |
| { message_9_1, salt_9_1, signature_9_1 }, |
| { message_9_2, salt_9_2, signature_9_2 }, |
| { message_9_3, salt_9_3, signature_9_3 }, |
| { message_9_4, salt_9_4, signature_9_4 }, |
| { message_9_5, salt_9_5, signature_9_5 }, |
| { message_9_6, salt_9_6, signature_9_6 }, |
| } |
| }, |
| { |
| rsa_modulus_n_10, |
| rsa_public_exponent_e_10, |
| { |
| { message_10_1, salt_10_1, signature_10_1 }, |
| { message_10_2, salt_10_2, signature_10_2 }, |
| { message_10_3, salt_10_3, signature_10_3 }, |
| { message_10_4, salt_10_4, signature_10_4 }, |
| { message_10_5, salt_10_5, signature_10_5 }, |
| { message_10_6, salt_10_6, signature_10_6 }, |
| } |
| }, |
| }; |
| |
| static uint8_t HexDigitValue(char digit) { |
| if ('0' <= digit && digit <= '9') |
| return digit - '0'; |
| if ('a' <= digit && digit <= 'f') |
| return digit - 'a' + 10; |
| return digit - 'A' + 10; |
| } |
| |
| static bool DecodeTestInput(const char* in, std::vector<uint8_t>* out) { |
| out->clear(); |
| while (in[0] != '\0') { |
| if (!isxdigit(in[0]) || !isxdigit(in[1]) || in[2] != ' ') |
| return false; |
| uint8_t octet = HexDigitValue(in[0]) * 16 + HexDigitValue(in[1]); |
| out->push_back(octet); |
| in += 3; |
| } |
| return true; |
| } |
| |
| // PrependASN1Length prepends an ASN.1 serialized length to the beginning of |
| // |out|. |
| static void PrependASN1Length(std::vector<uint8_t>* out, size_t len) { |
| if (len < 128) { |
| out->insert(out->begin(), static_cast<uint8_t>(len)); |
| } else if (len < 256) { |
| out->insert(out->begin(), static_cast<uint8_t>(len)); |
| out->insert(out->begin(), 0x81); |
| } else if (len < 0x10000) { |
| out->insert(out->begin(), static_cast<uint8_t>(len)); |
| out->insert(out->begin(), static_cast<uint8_t>(len >> 8)); |
| out->insert(out->begin(), 0x82); |
| } else { |
| CHECK(false) << "ASN.1 length not handled: " << len; |
| } |
| } |
| |
| static bool EncodeRSAPublicKey(const std::vector<uint8_t>& modulus_n, |
| const std::vector<uint8_t>& public_exponent_e, |
| std::vector<uint8_t>* public_key_info) { |
| // The public key is specified as the following ASN.1 structure: |
| // SubjectPublicKeyInfo ::= SEQUENCE { |
| // algorithm AlgorithmIdentifier, |
| // subjectPublicKey BIT STRING } |
| // |
| // The algorithm is specified as the following ASN.1 structure: |
| // AlgorithmIdentifier ::= SEQUENCE { |
| // algorithm OBJECT IDENTIFIER, |
| // parameters ANY DEFINED BY algorithm OPTIONAL } |
| // |
| // An RSA public key is specified as the following ASN.1 structure: |
| // RSAPublicKey ::= SEQUENCE { |
| // modulus INTEGER, -- n |
| // publicExponent INTEGER -- e |
| // } |
| static const uint8_t kIntegerTag = 0x02; |
| static const uint8_t kBitStringTag = 0x03; |
| static const uint8_t kSequenceTag = 0x30; |
| public_key_info->clear(); |
| |
| // Encode the public exponent e as an INTEGER. |
| public_key_info->insert(public_key_info->begin(), |
| public_exponent_e.begin(), |
| public_exponent_e.end()); |
| PrependASN1Length(public_key_info, public_exponent_e.size()); |
| public_key_info->insert(public_key_info->begin(), kIntegerTag); |
| |
| // Encode the modulus n as an INTEGER. |
| public_key_info->insert(public_key_info->begin(), |
| modulus_n.begin(), modulus_n.end()); |
| size_t modulus_size = modulus_n.size(); |
| if (modulus_n[0] & 0x80) { |
| public_key_info->insert(public_key_info->begin(), 0x00); |
| modulus_size++; |
| } |
| PrependASN1Length(public_key_info, modulus_size); |
| public_key_info->insert(public_key_info->begin(), kIntegerTag); |
| |
| // Encode the RSAPublicKey SEQUENCE. |
| PrependASN1Length(public_key_info, public_key_info->size()); |
| public_key_info->insert(public_key_info->begin(), kSequenceTag); |
| |
| // Encode the BIT STRING. |
| // Number of unused bits. |
| public_key_info->insert(public_key_info->begin(), 0x00); |
| PrependASN1Length(public_key_info, public_key_info->size()); |
| public_key_info->insert(public_key_info->begin(), kBitStringTag); |
| |
| // Encode the AlgorithmIdentifier. |
| static const uint8_t algorithm[] = { |
| 0x30, 0x0d, // a SEQUENCE of length 13 |
| 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 |
| 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, |
| }; |
| public_key_info->insert(public_key_info->begin(), |
| algorithm, algorithm + sizeof(algorithm)); |
| |
| // Encode the outermost SEQUENCE. |
| PrependASN1Length(public_key_info, public_key_info->size()); |
| public_key_info->insert(public_key_info->begin(), kSequenceTag); |
| |
| return true; |
| } |
| |
| TEST(SignatureVerifierTest, VerifyRSAPSS) { |
| for (unsigned int i = 0; i < arraysize(pss_test); i++) { |
| SCOPED_TRACE(i); |
| std::vector<uint8_t> modulus_n; |
| std::vector<uint8_t> public_exponent_e; |
| ASSERT_TRUE(DecodeTestInput(pss_test[i].modulus_n, &modulus_n)); |
| ASSERT_TRUE(DecodeTestInput(pss_test[i].public_exponent_e, |
| &public_exponent_e)); |
| std::vector<uint8_t> public_key_info; |
| ASSERT_TRUE(EncodeRSAPublicKey(modulus_n, public_exponent_e, |
| &public_key_info)); |
| |
| for (unsigned int j = 0; j < arraysize(pss_test[i].example); j++) { |
| SCOPED_TRACE(j); |
| std::vector<uint8_t> message; |
| std::vector<uint8_t> salt; |
| std::vector<uint8_t> signature; |
| ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].message, &message)); |
| ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].salt, &salt)); |
| ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].signature, |
| &signature)); |
| |
| crypto::SignatureVerifier verifier; |
| bool ok; |
| |
| // Positive test. |
| ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, |
| crypto::SignatureVerifier::SHA1, |
| salt.size(), |
| &signature[0], signature.size(), |
| &public_key_info[0], |
| public_key_info.size()); |
| ASSERT_TRUE(ok); |
| verifier.VerifyUpdate(&message[0], message.size()); |
| ok = verifier.VerifyFinal(); |
| EXPECT_TRUE(ok); |
| |
| // Modify the first byte of the message. |
| ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, |
| crypto::SignatureVerifier::SHA1, |
| salt.size(), |
| &signature[0], signature.size(), |
| &public_key_info[0], |
| public_key_info.size()); |
| ASSERT_TRUE(ok); |
| message[0] += 1; |
| verifier.VerifyUpdate(&message[0], message.size()); |
| message[0] -= 1; |
| ok = verifier.VerifyFinal(); |
| EXPECT_FALSE(ok); |
| |
| // Truncate the message. |
| ASSERT_FALSE(message.empty()); |
| ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, |
| crypto::SignatureVerifier::SHA1, |
| salt.size(), |
| &signature[0], signature.size(), |
| &public_key_info[0], |
| public_key_info.size()); |
| ASSERT_TRUE(ok); |
| verifier.VerifyUpdate(&message[0], message.size() - 1); |
| ok = verifier.VerifyFinal(); |
| EXPECT_FALSE(ok); |
| |
| // Corrupt the signature. |
| signature[0] += 1; |
| ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, |
| crypto::SignatureVerifier::SHA1, |
| salt.size(), |
| &signature[0], signature.size(), |
| &public_key_info[0], |
| public_key_info.size()); |
| signature[0] -= 1; |
| ASSERT_TRUE(ok); |
| verifier.VerifyUpdate(&message[0], message.size()); |
| ok = verifier.VerifyFinal(); |
| EXPECT_FALSE(ok); |
| } |
| } |
| } |