1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/signature_verifier.h" 6 #include "testing/gtest/include/gtest/gtest.h" 7 8 TEST(SignatureVerifierTest, BasicTest) { 9 // The input data in this test comes from real certificates. 10 // 11 // tbs_certificate ("to-be-signed certificate", the part of a certificate 12 // that is signed), signature_algorithm, and algorithm come from the 13 // certificate of bugs.webkit.org. 14 // 15 // public_key_info comes from the certificate of the issuer, Go Daddy Secure 16 // Certification Authority. 17 // 18 // The bytes in the array initializers are formatted to expose the DER 19 // encoding of the ASN.1 structures. 20 21 // The data that is signed is the following ASN.1 structure: 22 // TBSCertificate ::= SEQUENCE { 23 // ... -- omitted, not important 24 // } 25 const uint8 tbs_certificate[1017] = { 26 0x30, 0x82, 0x03, 0xf5, // a SEQUENCE of length 1013 (0x3f5) 27 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d, 28 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 29 0x00, 0x30, 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 30 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 31 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 32 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 33 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 34 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 35 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 36 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68, 37 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 38 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 39 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 40 0x69, 0x74, 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 41 0x04, 0x03, 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 42 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 43 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 44 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06, 45 0x03, 0x55, 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32, 46 0x38, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38, 47 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30, 48 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79, 49 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 50 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 51 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 52 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70, 53 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 54 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 55 0x6e, 0x63, 0x2e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b, 56 0x13, 0x0c, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72, 57 0x67, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 58 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72, 59 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 60 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 61 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28, 62 0xf2, 0xc0, 0x4f, 0xe0, 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5, 63 0xc9, 0x26, 0x3a, 0x1b, 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0, 64 0xf0, 0x40, 0x9e, 0x27, 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c, 65 0xb8, 0x9b, 0x01, 0x2f, 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1, 66 0x7e, 0x8e, 0xcd, 0xa6, 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff, 67 0x2a, 0x6d, 0x0e, 0xba, 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39, 68 0xdc, 0x1e, 0x34, 0xd0, 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca, 69 0x65, 0xf6, 0x85, 0x3a, 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1, 70 0xce, 0x88, 0x47, 0xcd, 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb, 71 0x57, 0xdc, 0xca, 0x99, 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e, 72 0xe9, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30, 73 0x82, 0x01, 0xca, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 74 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 75 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 76 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 77 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57, 78 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0, 79 0x4a, 0xa0, 0x48, 0x86, 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 80 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 81 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 82 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 83 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e, 84 0x64, 0x65, 0x64, 0x69, 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e, 85 0x63, 0x72, 0x6c, 0x30, 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b, 86 0x30, 0x49, 0x30, 0x47, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd, 87 0x6d, 0x01, 0x07, 0x17, 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b, 88 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74, 89 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 90 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 91 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 92 0x6f, 0x72, 0x79, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 93 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b, 94 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 95 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, 96 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08, 97 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 98 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 99 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 100 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 101 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65, 102 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74, 103 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48, 104 0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5, 105 0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55, 106 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32, 107 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76, 108 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 109 0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 110 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69, 111 0x74, 0x2e, 0x6f, 0x72, 0x67 112 }; 113 114 // The signature algorithm is specified as the following ASN.1 structure: 115 // AlgorithmIdentifier ::= SEQUENCE { 116 // algorithm OBJECT IDENTIFIER, 117 // parameters ANY DEFINED BY algorithm OPTIONAL } 118 // 119 const uint8 signature_algorithm[15] = { 120 0x30, 0x0d, // a SEQUENCE of length 13 (0xd) 121 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 122 // 1.2.840.113549.1.1.5 - sha1WithRSAEncryption 123 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 124 0x05, 0x00, // a NULL of length 0 125 }; 126 127 // RSA signature, a big integer in the big-endian byte order. 128 const uint8 signature[256] = { 129 0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f, 130 0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37, 131 0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82, 132 0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01, 133 0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01, 134 0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98, 135 0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56, 136 0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8, 137 0xa0, 0xe9, 0x7d, 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff, 138 0x9a, 0x01, 0x31, 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d, 139 0xbb, 0xbb, 0xcd, 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84, 140 0x71, 0x08, 0xd2, 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8, 141 0x12, 0x6a, 0x6f, 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9, 142 0xe0, 0xb5, 0xb3, 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2, 143 0xca, 0x20, 0xd3, 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94, 144 0x93, 0x8c, 0x64, 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3, 145 0xd3, 0xc1, 0x50, 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a, 146 0x7a, 0x21, 0x87, 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e, 147 0xbe, 0xcd, 0x70, 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08, 148 0x01, 0x6f, 0x37, 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd, 149 0x35, 0x52, 0xdd, 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8, 150 0x3c, 0xd8, 0x48, 0x8a 151 }; 152 153 // The public key is specified as the following ASN.1 structure: 154 // SubjectPublicKeyInfo ::= SEQUENCE { 155 // algorithm AlgorithmIdentifier, 156 // subjectPublicKey BIT STRING } 157 const uint8 public_key_info[294] = { 158 0x30, 0x82, 0x01, 0x22, // a SEQUENCE of length 290 (0x122) 159 // algorithm 160 0x30, 0x0d, // a SEQUENCE of length 13 161 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 162 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 163 0x05, 0x00, // a NULL of length 0 164 // subjectPublicKey 165 0x03, 0x82, 0x01, 0x0f, // a BIT STRING of length 271 (0x10f) 166 0x00, // number of unused bits 167 0x30, 0x82, 0x01, 0x0a, // a SEQUENCE of length 266 (0x10a) 168 // modulus 169 0x02, 0x82, 0x01, 0x01, // an INTEGER of length 257 (0x101) 170 0x00, 0xc4, 0x2d, 0xd5, 0x15, 0x8c, 0x9c, 0x26, 0x4c, 0xec, 171 0x32, 0x35, 0xeb, 0x5f, 0xb8, 0x59, 0x01, 0x5a, 0xa6, 0x61, 172 0x81, 0x59, 0x3b, 0x70, 0x63, 0xab, 0xe3, 0xdc, 0x3d, 0xc7, 173 0x2a, 0xb8, 0xc9, 0x33, 0xd3, 0x79, 0xe4, 0x3a, 0xed, 0x3c, 174 0x30, 0x23, 0x84, 0x8e, 0xb3, 0x30, 0x14, 0xb6, 0xb2, 0x87, 175 0xc3, 0x3d, 0x95, 0x54, 0x04, 0x9e, 0xdf, 0x99, 0xdd, 0x0b, 176 0x25, 0x1e, 0x21, 0xde, 0x65, 0x29, 0x7e, 0x35, 0xa8, 0xa9, 177 0x54, 0xeb, 0xf6, 0xf7, 0x32, 0x39, 0xd4, 0x26, 0x55, 0x95, 178 0xad, 0xef, 0xfb, 0xfe, 0x58, 0x86, 0xd7, 0x9e, 0xf4, 0x00, 179 0x8d, 0x8c, 0x2a, 0x0c, 0xbd, 0x42, 0x04, 0xce, 0xa7, 0x3f, 180 0x04, 0xf6, 0xee, 0x80, 0xf2, 0xaa, 0xef, 0x52, 0xa1, 0x69, 181 0x66, 0xda, 0xbe, 0x1a, 0xad, 0x5d, 0xda, 0x2c, 0x66, 0xea, 182 0x1a, 0x6b, 0xbb, 0xe5, 0x1a, 0x51, 0x4a, 0x00, 0x2f, 0x48, 183 0xc7, 0x98, 0x75, 0xd8, 0xb9, 0x29, 0xc8, 0xee, 0xf8, 0x66, 184 0x6d, 0x0a, 0x9c, 0xb3, 0xf3, 0xfc, 0x78, 0x7c, 0xa2, 0xf8, 185 0xa3, 0xf2, 0xb5, 0xc3, 0xf3, 0xb9, 0x7a, 0x91, 0xc1, 0xa7, 186 0xe6, 0x25, 0x2e, 0x9c, 0xa8, 0xed, 0x12, 0x65, 0x6e, 0x6a, 187 0xf6, 0x12, 0x44, 0x53, 0x70, 0x30, 0x95, 0xc3, 0x9c, 0x2b, 188 0x58, 0x2b, 0x3d, 0x08, 0x74, 0x4a, 0xf2, 0xbe, 0x51, 0xb0, 189 0xbf, 0x87, 0xd0, 0x4c, 0x27, 0x58, 0x6b, 0xb5, 0x35, 0xc5, 190 0x9d, 0xaf, 0x17, 0x31, 0xf8, 0x0b, 0x8f, 0xee, 0xad, 0x81, 191 0x36, 0x05, 0x89, 0x08, 0x98, 0xcf, 0x3a, 0xaf, 0x25, 0x87, 192 0xc0, 0x49, 0xea, 0xa7, 0xfd, 0x67, 0xf7, 0x45, 0x8e, 0x97, 193 0xcc, 0x14, 0x39, 0xe2, 0x36, 0x85, 0xb5, 0x7e, 0x1a, 0x37, 194 0xfd, 0x16, 0xf6, 0x71, 0x11, 0x9a, 0x74, 0x30, 0x16, 0xfe, 195 0x13, 0x94, 0xa3, 0x3f, 0x84, 0x0d, 0x4f, 196 // public exponent 197 0x02, 0x03, // an INTEGER of length 3 198 0x01, 0x00, 0x01 199 }; 200 201 // We use the signature verifier to perform four signature verification 202 // tests. 203 crypto::SignatureVerifier verifier; 204 bool ok; 205 206 // Test 1: feed all of the data to the verifier at once (a single 207 // VerifyUpdate call). 208 ok = verifier.VerifyInit(signature_algorithm, 209 sizeof(signature_algorithm), 210 signature, sizeof(signature), 211 public_key_info, sizeof(public_key_info)); 212 EXPECT_TRUE(ok); 213 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate)); 214 ok = verifier.VerifyFinal(); 215 EXPECT_TRUE(ok); 216 217 // Test 2: feed the data to the verifier in three parts (three VerifyUpdate 218 // calls). 219 ok = verifier.VerifyInit(signature_algorithm, 220 sizeof(signature_algorithm), 221 signature, sizeof(signature), 222 public_key_info, sizeof(public_key_info)); 223 EXPECT_TRUE(ok); 224 verifier.VerifyUpdate(tbs_certificate, 256); 225 verifier.VerifyUpdate(tbs_certificate + 256, 256); 226 verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512); 227 ok = verifier.VerifyFinal(); 228 EXPECT_TRUE(ok); 229 230 // Test 3: verify the signature with incorrect data. 231 uint8 bad_tbs_certificate[sizeof(tbs_certificate)]; 232 memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate)); 233 bad_tbs_certificate[10] += 1; // Corrupt one byte of the data. 234 ok = verifier.VerifyInit(signature_algorithm, 235 sizeof(signature_algorithm), 236 signature, sizeof(signature), 237 public_key_info, sizeof(public_key_info)); 238 EXPECT_TRUE(ok); 239 verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate)); 240 ok = verifier.VerifyFinal(); 241 EXPECT_FALSE(ok); 242 243 // Test 4: verify a bad signature. 244 uint8 bad_signature[sizeof(signature)]; 245 memcpy(bad_signature, signature, sizeof(signature)); 246 bad_signature[10] += 1; // Corrupt one byte of the signature. 247 ok = verifier.VerifyInit(signature_algorithm, 248 sizeof(signature_algorithm), 249 bad_signature, sizeof(bad_signature), 250 public_key_info, sizeof(public_key_info)); 251 252 // A crypto library (e.g., NSS) may detect that the signature is corrupted 253 // and cause VerifyInit to return false, so it is fine for 'ok' to be false. 254 if (ok) { 255 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate)); 256 ok = verifier.VerifyFinal(); 257 EXPECT_FALSE(ok); 258 } 259 } 260 261 ////////////////////////////////////////////////////////////////////// 262 // 263 // RSA-PSS signature verification known answer test 264 // 265 ////////////////////////////////////////////////////////////////////// 266 267 // The following RSA-PSS signature test vectors come from the pss-vect.txt 268 // file downloaded from 269 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip. 270 // 271 // For each key, 6 random messages of length between 1 and 256 octets have 272 // been RSASSA-PSS signed. 273 // 274 // Hash function: SHA-1 275 // Mask generation function: MGF1 with SHA-1 276 // Salt length: 20 octets 277 278 // Example 1: A 1024-bit RSA Key Pair" 279 280 // RSA modulus n: 281 static const char rsa_modulus_n_1[] = 282 "a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1 " 283 "56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91 " 284 "d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3 " 285 "94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df " 286 "d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77 " 287 "c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1 " 288 "05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4 " 289 "ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 "; 290 // RSA public exponent e: " 291 static const char rsa_public_exponent_e_1[] = 292 "01 00 01 "; 293 294 // RSASSA-PSS Signature Example 1.1 295 // Message to be signed: 296 static const char message_1_1[] = 297 "cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26 " 298 "d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6 " 299 "23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15 " 300 "6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76 " 301 "97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3 " 302 "d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0 " 303 "61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29 " 304 "cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61 " 305 "93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08 " 306 "a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c " 307 "29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca " 308 "b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16 " 309 "be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed " 310 "1b 73 31 8b 75 0a 01 67 d0 "; 311 // Salt: 312 static const char salt_1_1[] = 313 "de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f " 314 "3e 67 76 af "; 315 // Signature: 316 static const char signature_1_1[] = 317 "90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71 " 318 "fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87 " 319 "e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2 " 320 "26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15 " 321 "df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9 " 322 "c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65 " 323 "98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4 " 324 "c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c "; 325 326 // RSASSA-PSS Signature Example 1.2 327 // Message to be signed: 328 static const char message_1_2[] = 329 "85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c " 330 "f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f " 331 "71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13 " 332 "22 6b 9e "; 333 // Salt: 334 static const char salt_1_2[] = 335 "ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f " 336 "d5 6d f4 2d "; 337 // Signature: 338 static const char signature_1_2[] = 339 "3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce " 340 "fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e " 341 "f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db " 342 "0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45 " 343 "17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4 " 344 "cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35 " 345 "90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14 " 346 "18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 "; 347 348 // RSASSA-PSS Signature Example 1.3 349 // Message to be signed: 350 static const char message_1_3[] = 351 "a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5 " 352 "aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef " 353 "8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d " 354 "fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55 " 355 "fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db " 356 "43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7 " 357 "45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29 " 358 "c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4 " 359 "56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17 " 360 "be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c " 361 "03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b " 362 "79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa " 363 "29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61 " 364 "8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13 " 365 "38 e7 d4 70 "; 366 // Salt: 367 static const char salt_1_3[] = 368 "71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1 " 369 "81 07 cc 77 "; 370 // Signature: 371 static const char signature_1_3[] = 372 "66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e " 373 "4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01 " 374 "54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b " 375 "aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14 " 376 "3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82 " 377 "72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a " 378 "a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91 " 379 "60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 "; 380 381 // RSASSA-PSS Signature Example 1.4 382 // Message to be signed: 383 static const char message_1_4[] = 384 "bc 65 67 47 fa 9e af b3 f0 "; 385 // Salt: 386 static const char salt_1_4[] = 387 "05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be " 388 "f7 20 33 5e "; 389 // Signature: 390 static const char signature_1_4[] = 391 "46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f " 392 "3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c " 393 "17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f " 394 "4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad " 395 "84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e " 396 "42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18 " 397 "33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7 " 398 "52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 "; 399 400 // RSASSA-PSS Signature Example 1.5 401 // Message to be signed: 402 static const char message_1_5[] = 403 "b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64 " 404 "e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76 " 405 "c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e " 406 "f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75 " 407 "48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4 " 408 "b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f " 409 "32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7 " 410 "82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc " 411 "5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f " 412 "45 5a 69 09 b4 "; 413 // Salt: 414 static const char salt_1_5[] = 415 "80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc " 416 "ea 67 ae 8e "; 417 // Signature: 418 static const char signature_1_5[] = 419 "1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98 " 420 "e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73 " 421 "47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1 " 422 "6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59 " 423 "60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c " 424 "3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db " 425 "45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6 " 426 "84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad "; 427 428 // RSASSA-PSS Signature Example 1.6 429 // Message to be signed: 430 static const char message_1_6[] = 431 "10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7 " 432 "5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec " 433 "74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4 " 434 "3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4 " 435 "35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90 " 436 "9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7 " 437 "05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad " 438 "b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87 " 439 "94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00 " 440 "44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73 " 441 "d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29 " 442 "51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb " 443 "3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf " 444 "e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6 " 445 "13 8d 14 4f 8c e4 e2 da 73 "; 446 // Salt: 447 static const char salt_1_6[] = 448 "a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6 " 449 "16 d9 96 81 "; 450 // Signature: 451 static const char signature_1_6[] = 452 "2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32 " 453 "be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98 " 454 "7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6 " 455 "7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7 " 456 "5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0 " 457 "d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89 " 458 "82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27 " 459 "3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 "; 460 461 // Example 9: A 1536-bit RSA Key Pair 462 463 // RSA modulus n: 464 static const char rsa_modulus_n_9[] = 465 "e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9 " 466 "bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b " 467 "5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4 " 468 "a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68 " 469 "35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73 " 470 "ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc " 471 "ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43 " 472 "3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14 " 473 "83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f " 474 "84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02 " 475 "73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8 " 476 "17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b "; 477 // RSA public exponent e: 478 static const char rsa_public_exponent_e_9[] = 479 "01 00 01 "; 480 481 // RSASSA-PSS Signature Example 9.1 482 // Message to be signed: 483 static const char message_9_1[] = 484 "a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59 " 485 "1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59 " 486 "22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa " 487 "70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27 " 488 "88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4 " 489 "f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88 " 490 "c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f " 491 "0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79 " 492 "f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76 " 493 "2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70 " 494 "9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66 " 495 "ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94 " 496 "20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2 " 497 "c7 50 f5 "; 498 // Salt: 499 static const char salt_9_1[] = 500 "c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5 " 501 "25 7e ed 80 "; 502 // Signature: 503 static const char signature_9_1[] = 504 "58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59 " 505 "bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef " 506 "58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38 " 507 "30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1 " 508 "3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b " 509 "67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c " 510 "b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70 " 511 "46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27 " 512 "9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60 " 513 "20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11 " 514 "21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81 " 515 "fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e "; 516 517 // RSASSA-PSS Signature Example 9.2 518 // Message to be signed: 519 static const char message_9_2[] = 520 "c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3 " 521 "73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26 " 522 "58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce " 523 "d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1 " 524 "2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8 " 525 "a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6 " 526 "9f 86 35 0e 18 22 e8 bd 53 6a 2e "; 527 // Salt: 528 static const char salt_9_2[] = 529 "b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef " 530 "8c 5c 0e 91 "; 531 // Signature: 532 static const char signature_9_2[] = 533 "80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2 " 534 "59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d " 535 "d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04 " 536 "b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f " 537 "7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f " 538 "7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46 " 539 "bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63 " 540 "b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea " 541 "e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5 " 542 "e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee " 543 "36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa " 544 "1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 "; 545 546 // RSASSA-PSS Signature Example 9.3 547 // Message to be signed: 548 static const char message_9_3[] = 549 "0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a " 550 "4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1 " 551 "26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1 " 552 "fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89 " 553 "3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d " 554 "df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff " 555 "74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63 " 556 "19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34 " 557 "09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec " 558 "be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1 " 559 "4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46 " 560 "2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc " 561 "d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8 " 562 "9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 "; 563 // Salt: 564 static const char salt_9_3[] = 565 "9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed " 566 "fc 74 db f5 "; 567 // Signature: 568 static const char signature_9_3[] = 569 "48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27 " 570 "08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9 " 571 "81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5 " 572 "bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c " 573 "87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77 " 574 "5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd " 575 "1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb " 576 "c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20 " 577 "19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16 " 578 "a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd " 579 "e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3 " 580 "fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca "; 581 582 // RSASSA-PSS Signature Example 9.4 583 // Message to be signed: 584 static const char message_9_4[] = 585 "1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8 " 586 "82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db " 587 "be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19 " 588 "a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06 " 589 "e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb " 590 "b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f " 591 "53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3 " 592 "0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a " 593 "45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0 " 594 "1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14 " 595 "fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0 " 596 "c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4 " 597 "3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc " 598 "b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81 " 599 "7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5 " 600 "69 26 fc ec 20 9f 9e a8 "; 601 // Salt: 602 static const char salt_9_4[] = 603 "70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6 " 604 "32 b8 40 45 "; 605 // Signature: 606 static const char signature_9_4[] = 607 "84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01 " 608 "12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a " 609 "e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03 " 610 "fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c " 611 "97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed " 612 "2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8 " 613 "b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58 " 614 "cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a " 615 "91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e " 616 "0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77 " 617 "e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f " 618 "bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e "; 619 620 // RSASSA-PSS Signature Example 9.5 621 // Message to be signed: 622 static const char message_9_5[] = 623 "1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9 " 624 "cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d " 625 "73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52 " 626 "26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76 " 627 "96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18 " 628 "55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21 " 629 "38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8 " 630 "be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80 " 631 "0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f " 632 "bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67 " 633 "fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed " 634 "1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1 " 635 "be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e " 636 "2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01 " 637 "d9 fa 6e d8 06 46 49 1c 93 41 "; 638 // Salt: 639 static const char salt_9_5[] = 640 "d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29 " 641 "5f b9 1b 67 "; 642 // Signature: 643 static const char signature_9_5[] = 644 "82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6 " 645 "4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27 " 646 "4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42 " 647 "0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da " 648 "5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d " 649 "4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe " 650 "c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a " 651 "1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17 " 652 "17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16 " 653 "64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba " 654 "3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf " 655 "22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c "; 656 657 // RSASSA-PSS Signature Example 9.6 658 // Message to be signed: 659 static const char message_9_6[] = 660 "88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25 " 661 "c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67 " 662 "0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c " 663 "c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1 " 664 "de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc " 665 "d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30 " 666 "2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d " 667 "b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e " 668 "d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14 " 669 "fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db " 670 "ce 7a 9e f7 97 "; 671 // Salt: 672 static const char salt_9_6[] = 673 "c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61 " 674 "3b ba 22 76 "; 675 // Signature: 676 static const char signature_9_6[] = 677 "a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86 " 678 "7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa " 679 "de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2 " 680 "05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04 " 681 "c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4 " 682 "af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c " 683 "31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9 " 684 "aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3 " 685 "af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d " 686 "e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08 " 687 "95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42 " 688 "3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f "; 689 690 // Example 10: A 2048-bit RSA Key Pair 691 692 // RSA modulus n: 693 static const char rsa_modulus_n_10[] = 694 "a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70 " 695 "ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5 " 696 "7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18 " 697 "75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad " 698 "cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12 " 699 "cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae " 700 "4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e " 701 "90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a " 702 "21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37 " 703 "39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea " 704 "45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73 " 705 "3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07 " 706 "0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17 " 707 "b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00 " 708 "1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82 " 709 "ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 "; 710 // RSA public exponent e: 711 static const char rsa_public_exponent_e_10[] = 712 "01 00 01 "; 713 714 // RSASSA-PSS Signature Example 10.1 715 // Message to be signed: 716 static const char message_10_1[] = 717 "88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c " 718 "6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 "; 719 // Salt: 720 static const char salt_10_1[] = 721 "04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab " 722 "fc ec de 89 "; 723 // Signature: 724 static const char signature_10_1[] = 725 "82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54 " 726 "06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5 " 727 "af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14 " 728 "8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2 " 729 "1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7 " 730 "9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74 " 731 "1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a " 732 "77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f " 733 "d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16 " 734 "59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e " 735 "57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb " 736 "3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00 " 737 "0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8 " 738 "e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04 " 739 "38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1 " 740 "b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 "; 741 742 // RSASSA-PSS Signature Example 10.2 743 // Message to be signed: 744 static const char message_10_2[] = 745 "dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c " 746 "52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13 " 747 "97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b " 748 "34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db " 749 "d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3 " 750 "c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75 " 751 "ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e " 752 "80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac "; 753 // Salt: 754 static const char salt_10_2[] = 755 "8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb " 756 "57 f9 b7 1b "; 757 // Signature: 758 static const char signature_10_2[] = 759 "14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c " 760 "d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30 " 761 "53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10 " 762 "11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28 " 763 "92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a " 764 "5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca " 765 "ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec " 766 "d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63 " 767 "7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22 " 768 "21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15 " 769 "99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68 " 770 "25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42 " 771 "31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab " 772 "c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd " 773 "26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26 " 774 "d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 "; 775 776 // RSASSA-PSS Signature Example 10.3 777 // Message to be signed: 778 static const char message_10_3[] = 779 "48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b " 780 "08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01 " 781 "93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6 " 782 "26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71 " 783 "ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d " 784 "e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1 " 785 "3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db "; 786 // Salt: 787 static const char salt_10_3[] = 788 "4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6 " 789 "e2 0c 2d 73 "; 790 // Signature: 791 static const char signature_10_3[] = 792 "6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb " 793 "39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5 " 794 "4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d " 795 "3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01 " 796 "02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a " 797 "a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5 " 798 "d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa " 799 "91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66 " 800 "f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78 " 801 "34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b " 802 "44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de " 803 "03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53 " 804 "1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19 " 805 "6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24 " 806 "71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5 " 807 "0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb "; 808 809 // RSASSA-PSS Signature Example 10.4 810 // Message to be signed: 811 static const char message_10_4[] = 812 "0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75 " 813 "5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4 " 814 "e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82 " 815 "db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a " 816 "62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45 " 817 "1a "; 818 // Salt: 819 static const char salt_10_4[] = 820 "c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0 " 821 "1c b5 41 ec "; 822 // Signature: 823 static const char signature_10_4[] = 824 "34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61 " 825 "a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd " 826 "ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93 " 827 "2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc " 828 "f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0 " 829 "2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34 " 830 "b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6 " 831 "6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce " 832 "c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45 " 833 "0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d " 834 "02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec " 835 "b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f " 836 "01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9 " 837 "2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d " 838 "de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6 " 839 "c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb "; 840 841 // RSASSA-PSS Signature Example 10.5 842 // Message to be signed: 843 static const char message_10_5[] = 844 "f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f " 845 "06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97 " 846 "6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98 " 847 "01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b " 848 "b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9 " 849 "16 "; 850 // Salt: 851 static const char salt_10_5[] = 852 "ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52 " 853 "65 5f 5d fb "; 854 // Signature: 855 static const char signature_10_5[] = 856 "7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c " 857 "55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3 " 858 "46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de " 859 "42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1 " 860 "f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38 " 861 "77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b " 862 "3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b " 863 "b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72 " 864 "1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05 " 865 "e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed " 866 "b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5 " 867 "a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9 " 868 "21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11 " 869 "26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24 " 870 "86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a " 871 "cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc "; 872 873 // RSASSA-PSS Signature Example 10.6 874 // Message to be signed: 875 static const char message_10_6[] = 876 "25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1 " 877 "f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5 " 878 "55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91 " 879 "dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52 " 880 "c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03 " 881 "23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0 " 882 "74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7 " 883 "d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37 " 884 "8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e " 885 "aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef " 886 "b8 af d7 "; 887 // Salt: 888 static const char salt_10_6[] = 889 "ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c " 890 "a2 d1 df 28 "; 891 // Signature: 892 static const char signature_10_6[] = 893 "6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21 " 894 "80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9 " 895 "b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12 " 896 "5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7 " 897 "b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91 " 898 "55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c " 899 "43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46 " 900 "bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81 " 901 "8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96 " 902 "d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e " 903 "f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18 " 904 "e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08 " 905 "8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed " 906 "94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59 " 907 "e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73 " 908 "2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f "; 909 910 struct SignatureExample { 911 const char* message; 912 const char* salt; 913 const char* signature; 914 }; 915 916 struct PSSTestVector { 917 const char* modulus_n; 918 const char* public_exponent_e; 919 SignatureExample example[6]; 920 }; 921 922 static const PSSTestVector pss_test[] = { 923 { 924 rsa_modulus_n_1, 925 rsa_public_exponent_e_1, 926 { 927 { message_1_1, salt_1_1, signature_1_1 }, 928 { message_1_2, salt_1_2, signature_1_2 }, 929 { message_1_3, salt_1_3, signature_1_3 }, 930 { message_1_4, salt_1_4, signature_1_4 }, 931 { message_1_5, salt_1_5, signature_1_5 }, 932 { message_1_6, salt_1_6, signature_1_6 }, 933 } 934 }, 935 { 936 rsa_modulus_n_9, 937 rsa_public_exponent_e_9, 938 { 939 { message_9_1, salt_9_1, signature_9_1 }, 940 { message_9_2, salt_9_2, signature_9_2 }, 941 { message_9_3, salt_9_3, signature_9_3 }, 942 { message_9_4, salt_9_4, signature_9_4 }, 943 { message_9_5, salt_9_5, signature_9_5 }, 944 { message_9_6, salt_9_6, signature_9_6 }, 945 } 946 }, 947 { 948 rsa_modulus_n_10, 949 rsa_public_exponent_e_10, 950 { 951 { message_10_1, salt_10_1, signature_10_1 }, 952 { message_10_2, salt_10_2, signature_10_2 }, 953 { message_10_3, salt_10_3, signature_10_3 }, 954 { message_10_4, salt_10_4, signature_10_4 }, 955 { message_10_5, salt_10_5, signature_10_5 }, 956 { message_10_6, salt_10_6, signature_10_6 }, 957 } 958 }, 959 }; 960 961 static uint8 HexDigitValue(char digit) { 962 if ('0' <= digit && digit <= '9') 963 return digit - '0'; 964 if ('a' <= digit && digit <= 'f') 965 return digit - 'a' + 10; 966 return digit - 'A' + 10; 967 } 968 969 static bool DecodeTestInput(const char* in, std::vector<uint8>* out) { 970 out->clear(); 971 while (in[0] != '\0') { 972 if (!isxdigit(in[0]) || !isxdigit(in[1]) || in[2] != ' ') 973 return false; 974 uint8 octet = HexDigitValue(in[0]) * 16 + HexDigitValue(in[1]); 975 out->push_back(octet); 976 in += 3; 977 } 978 return true; 979 } 980 981 static bool EncodeRSAPublicKey(const std::vector<uint8>& modulus_n, 982 const std::vector<uint8>& public_exponent_e, 983 std::vector<uint8>* public_key_info) { 984 // The public key is specified as the following ASN.1 structure: 985 // SubjectPublicKeyInfo ::= SEQUENCE { 986 // algorithm AlgorithmIdentifier, 987 // subjectPublicKey BIT STRING } 988 // 989 // The signature algorithm is specified as the following ASN.1 structure: 990 // AlgorithmIdentifier ::= SEQUENCE { 991 // algorithm OBJECT IDENTIFIER, 992 // parameters ANY DEFINED BY algorithm OPTIONAL } 993 // 994 // An RSA public key is specified as the following ASN.1 structure: 995 // RSAPublicKey ::= SEQUENCE { 996 // modulus INTEGER, -- n 997 // publicExponent INTEGER -- e 998 // } 999 static const uint8 kIntegerTag = 0x02; 1000 static const uint8 kBitStringTag = 0x03; 1001 static const uint8 kSequenceTag = 0x30; 1002 public_key_info->clear(); 1003 1004 // Encode the public exponent e as an INTEGER. 1005 public_key_info->insert(public_key_info->begin(), 1006 public_exponent_e.begin(), 1007 public_exponent_e.end()); 1008 uint8 length = public_exponent_e.size(); 1009 public_key_info->insert(public_key_info->begin(), length); 1010 public_key_info->insert(public_key_info->begin(), kIntegerTag); 1011 1012 // Encode the modulus n as an INTEGER. 1013 public_key_info->insert(public_key_info->begin(), 1014 modulus_n.begin(), modulus_n.end()); 1015 uint16 length16 = modulus_n.size(); 1016 if (modulus_n[0] & 0x80) { 1017 public_key_info->insert(public_key_info->begin(), 0x00); 1018 length16++; 1019 } 1020 public_key_info->insert(public_key_info->begin(), length16 & 0xff); 1021 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff); 1022 public_key_info->insert(public_key_info->begin(), 0x82); 1023 public_key_info->insert(public_key_info->begin(), kIntegerTag); 1024 1025 // Encode the RSAPublicKey SEQUENCE. 1026 length16 = public_key_info->size(); 1027 public_key_info->insert(public_key_info->begin(), length16 & 0xff); 1028 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff); 1029 public_key_info->insert(public_key_info->begin(), 0x82); 1030 public_key_info->insert(public_key_info->begin(), kSequenceTag); 1031 1032 // Encode the BIT STRING. 1033 // Number of unused bits. 1034 public_key_info->insert(public_key_info->begin(), 0x00); 1035 length16 = public_key_info->size(); 1036 public_key_info->insert(public_key_info->begin(), length16 & 0xff); 1037 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff); 1038 public_key_info->insert(public_key_info->begin(), 0x82); 1039 public_key_info->insert(public_key_info->begin(), kBitStringTag); 1040 1041 // Encode the AlgorithmIdentifier. 1042 static const uint8 algorithm[] = { 1043 0x30, 0x0d, // a SEQUENCE of length 13 1044 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 1045 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 1046 0x05, 0x00, 1047 }; 1048 public_key_info->insert(public_key_info->begin(), 1049 algorithm, algorithm + sizeof(algorithm)); 1050 1051 // Encode the outermost SEQUENCE. 1052 length16 = public_key_info->size(); 1053 public_key_info->insert(public_key_info->begin(), length16 & 0xff); 1054 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff); 1055 public_key_info->insert(public_key_info->begin(), 0x82); 1056 public_key_info->insert(public_key_info->begin(), kSequenceTag); 1057 1058 return true; 1059 } 1060 1061 TEST(SignatureVerifierTest, VerifyRSAPSS) { 1062 for (unsigned int i = 0; i < arraysize(pss_test); i++) { 1063 std::vector<uint8> modulus_n; 1064 std::vector<uint8> public_exponent_e; 1065 ASSERT_TRUE(DecodeTestInput(pss_test[i].modulus_n, &modulus_n)); 1066 ASSERT_TRUE(DecodeTestInput(pss_test[i].public_exponent_e, 1067 &public_exponent_e)); 1068 std::vector<uint8> public_key_info; 1069 ASSERT_TRUE(EncodeRSAPublicKey(modulus_n, public_exponent_e, 1070 &public_key_info)); 1071 1072 for (unsigned int j = 0; j < arraysize(pss_test[i].example); j++) { 1073 std::vector<uint8> message; 1074 std::vector<uint8> salt; 1075 std::vector<uint8> signature; 1076 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].message, &message)); 1077 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].salt, &salt)); 1078 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].signature, 1079 &signature)); 1080 1081 crypto::SignatureVerifier verifier; 1082 bool ok; 1083 1084 // Positive test. 1085 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1086 crypto::SignatureVerifier::SHA1, 1087 salt.size(), 1088 &signature[0], signature.size(), 1089 &public_key_info[0], 1090 public_key_info.size()); 1091 ASSERT_TRUE(ok); 1092 verifier.VerifyUpdate(&message[0], message.size()); 1093 ok = verifier.VerifyFinal(); 1094 EXPECT_TRUE(ok); 1095 1096 // Modify the first byte of the message. 1097 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1098 crypto::SignatureVerifier::SHA1, 1099 salt.size(), 1100 &signature[0], signature.size(), 1101 &public_key_info[0], 1102 public_key_info.size()); 1103 ASSERT_TRUE(ok); 1104 message[0] += 1; 1105 verifier.VerifyUpdate(&message[0], message.size()); 1106 message[0] -= 1; 1107 ok = verifier.VerifyFinal(); 1108 EXPECT_FALSE(ok); 1109 1110 // Truncate the message. 1111 ASSERT_FALSE(message.empty()); 1112 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1113 crypto::SignatureVerifier::SHA1, 1114 salt.size(), 1115 &signature[0], signature.size(), 1116 &public_key_info[0], 1117 public_key_info.size()); 1118 ASSERT_TRUE(ok); 1119 verifier.VerifyUpdate(&message[0], message.size() - 1); 1120 ok = verifier.VerifyFinal(); 1121 EXPECT_FALSE(ok); 1122 1123 // Corrupt the signature. 1124 signature[0] += 1; 1125 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1126 crypto::SignatureVerifier::SHA1, 1127 salt.size(), 1128 &signature[0], signature.size(), 1129 &public_key_info[0], 1130 public_key_info.size()); 1131 signature[0] -= 1; 1132 ASSERT_TRUE(ok); 1133 verifier.VerifyUpdate(&message[0], message.size()); 1134 ok = verifier.VerifyFinal(); 1135 EXPECT_FALSE(ok); 1136 } 1137 } 1138 } 1139