1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "crypto/signature_verifier.h" 6 7#include <stddef.h> 8#include <stdint.h> 9 10#include "base/macros.h" 11#include "base/numerics/safe_conversions.h" 12#include "testing/gtest/include/gtest/gtest.h" 13 14TEST(SignatureVerifierTest, BasicTest) { 15 // The input data in this test comes from real certificates. 16 // 17 // tbs_certificate ("to-be-signed certificate", the part of a certificate 18 // that is signed), signature_algorithm, and algorithm come from the 19 // certificate of bugs.webkit.org. 20 // 21 // public_key_info comes from the certificate of the issuer, Go Daddy Secure 22 // Certification Authority. 23 // 24 // The bytes in the array initializers are formatted to expose the DER 25 // encoding of the ASN.1 structures. 26 27 // The data that is signed is the following ASN.1 structure: 28 // TBSCertificate ::= SEQUENCE { 29 // ... -- omitted, not important 30 // } 31 const uint8_t tbs_certificate[1017] = { 32 0x30, 0x82, 0x03, 0xf5, // a SEQUENCE of length 1013 (0x3f5) 33 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d, 34 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 35 0x00, 0x30, 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 36 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 37 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31, 38 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63, 39 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18, 40 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64, 41 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 42 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68, 43 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 44 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 45 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 46 0x69, 0x74, 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55, 47 0x04, 0x03, 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79, 48 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 49 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 50 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06, 51 0x03, 0x55, 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32, 52 0x38, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38, 53 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30, 54 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79, 55 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 56 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a, 57 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12, 58 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70, 59 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 60 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49, 61 0x6e, 0x63, 0x2e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b, 62 0x13, 0x0c, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72, 63 0x67, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 64 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72, 65 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 66 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 67 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28, 68 0xf2, 0xc0, 0x4f, 0xe0, 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5, 69 0xc9, 0x26, 0x3a, 0x1b, 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0, 70 0xf0, 0x40, 0x9e, 0x27, 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c, 71 0xb8, 0x9b, 0x01, 0x2f, 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1, 72 0x7e, 0x8e, 0xcd, 0xa6, 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff, 73 0x2a, 0x6d, 0x0e, 0xba, 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39, 74 0xdc, 0x1e, 0x34, 0xd0, 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca, 75 0x65, 0xf6, 0x85, 0x3a, 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1, 76 0xce, 0x88, 0x47, 0xcd, 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb, 77 0x57, 0xdc, 0xca, 0x99, 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e, 78 0xe9, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30, 79 0x82, 0x01, 0xca, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 80 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 81 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 82 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 83 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57, 84 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0, 85 0x4a, 0xa0, 0x48, 0x86, 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 86 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 87 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 88 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f, 89 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e, 90 0x64, 0x65, 0x64, 0x69, 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e, 91 0x63, 0x72, 0x6c, 0x30, 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b, 92 0x30, 0x49, 0x30, 0x47, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd, 93 0x6d, 0x01, 0x07, 0x17, 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b, 94 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74, 95 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 96 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 97 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 98 0x6f, 0x72, 0x79, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 99 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b, 100 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74, 101 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64, 102 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08, 103 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74, 104 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 105 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 106 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 107 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65, 108 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74, 109 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48, 110 0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5, 111 0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55, 112 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32, 113 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76, 114 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 115 0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 116 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69, 117 0x74, 0x2e, 0x6f, 0x72, 0x67}; 118 119 // The signature algorithm is specified as the following ASN.1 structure: 120 // AlgorithmIdentifier ::= SEQUENCE { 121 // algorithm OBJECT IDENTIFIER, 122 // parameters ANY DEFINED BY algorithm OPTIONAL } 123 // 124 const uint8_t signature_algorithm[15] = { 125 0x30, 0x0d, // a SEQUENCE of length 13 (0xd) 126 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 127 // 1.2.840.113549.1.1.5 - sha1WithRSAEncryption 128 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 129 0x00, // a NULL of length 0 130 }; 131 132 // RSA signature, a big integer in the big-endian byte order. 133 const uint8_t signature[256] = { 134 0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f, 135 0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37, 136 0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82, 137 0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01, 138 0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01, 139 0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98, 140 0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56, 141 0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8, 142 0xa0, 0xe9, 0x7d, 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff, 143 0x9a, 0x01, 0x31, 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d, 144 0xbb, 0xbb, 0xcd, 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84, 145 0x71, 0x08, 0xd2, 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8, 146 0x12, 0x6a, 0x6f, 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9, 147 0xe0, 0xb5, 0xb3, 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2, 148 0xca, 0x20, 0xd3, 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94, 149 0x93, 0x8c, 0x64, 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3, 150 0xd3, 0xc1, 0x50, 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a, 151 0x7a, 0x21, 0x87, 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e, 152 0xbe, 0xcd, 0x70, 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08, 153 0x01, 0x6f, 0x37, 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd, 154 0x35, 0x52, 0xdd, 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8, 155 0x3c, 0xd8, 0x48, 0x8a}; 156 157 // The public key is specified as the following ASN.1 structure: 158 // SubjectPublicKeyInfo ::= SEQUENCE { 159 // algorithm AlgorithmIdentifier, 160 // subjectPublicKey BIT STRING } 161 const uint8_t public_key_info[294] = { 162 0x30, 0x82, 0x01, 0x22, // a SEQUENCE of length 290 (0x122) 163 // algorithm 164 0x30, 0x0d, // a SEQUENCE of length 13 165 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 166 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 167 0x00, // a NULL of length 0 168 // subjectPublicKey 169 0x03, 0x82, 0x01, 0x0f, // a BIT STRING of length 271 (0x10f) 170 0x00, // number of unused bits 171 0x30, 0x82, 0x01, 0x0a, // a SEQUENCE of length 266 (0x10a) 172 // modulus 173 0x02, 0x82, 0x01, 0x01, // an INTEGER of length 257 (0x101) 174 0x00, 0xc4, 0x2d, 0xd5, 0x15, 0x8c, 0x9c, 0x26, 0x4c, 0xec, 0x32, 0x35, 175 0xeb, 0x5f, 0xb8, 0x59, 0x01, 0x5a, 0xa6, 0x61, 0x81, 0x59, 0x3b, 0x70, 176 0x63, 0xab, 0xe3, 0xdc, 0x3d, 0xc7, 0x2a, 0xb8, 0xc9, 0x33, 0xd3, 0x79, 177 0xe4, 0x3a, 0xed, 0x3c, 0x30, 0x23, 0x84, 0x8e, 0xb3, 0x30, 0x14, 0xb6, 178 0xb2, 0x87, 0xc3, 0x3d, 0x95, 0x54, 0x04, 0x9e, 0xdf, 0x99, 0xdd, 0x0b, 179 0x25, 0x1e, 0x21, 0xde, 0x65, 0x29, 0x7e, 0x35, 0xa8, 0xa9, 0x54, 0xeb, 180 0xf6, 0xf7, 0x32, 0x39, 0xd4, 0x26, 0x55, 0x95, 0xad, 0xef, 0xfb, 0xfe, 181 0x58, 0x86, 0xd7, 0x9e, 0xf4, 0x00, 0x8d, 0x8c, 0x2a, 0x0c, 0xbd, 0x42, 182 0x04, 0xce, 0xa7, 0x3f, 0x04, 0xf6, 0xee, 0x80, 0xf2, 0xaa, 0xef, 0x52, 183 0xa1, 0x69, 0x66, 0xda, 0xbe, 0x1a, 0xad, 0x5d, 0xda, 0x2c, 0x66, 0xea, 184 0x1a, 0x6b, 0xbb, 0xe5, 0x1a, 0x51, 0x4a, 0x00, 0x2f, 0x48, 0xc7, 0x98, 185 0x75, 0xd8, 0xb9, 0x29, 0xc8, 0xee, 0xf8, 0x66, 0x6d, 0x0a, 0x9c, 0xb3, 186 0xf3, 0xfc, 0x78, 0x7c, 0xa2, 0xf8, 0xa3, 0xf2, 0xb5, 0xc3, 0xf3, 0xb9, 187 0x7a, 0x91, 0xc1, 0xa7, 0xe6, 0x25, 0x2e, 0x9c, 0xa8, 0xed, 0x12, 0x65, 188 0x6e, 0x6a, 0xf6, 0x12, 0x44, 0x53, 0x70, 0x30, 0x95, 0xc3, 0x9c, 0x2b, 189 0x58, 0x2b, 0x3d, 0x08, 0x74, 0x4a, 0xf2, 0xbe, 0x51, 0xb0, 0xbf, 0x87, 190 0xd0, 0x4c, 0x27, 0x58, 0x6b, 0xb5, 0x35, 0xc5, 0x9d, 0xaf, 0x17, 0x31, 191 0xf8, 0x0b, 0x8f, 0xee, 0xad, 0x81, 0x36, 0x05, 0x89, 0x08, 0x98, 0xcf, 192 0x3a, 0xaf, 0x25, 0x87, 0xc0, 0x49, 0xea, 0xa7, 0xfd, 0x67, 0xf7, 0x45, 193 0x8e, 0x97, 0xcc, 0x14, 0x39, 0xe2, 0x36, 0x85, 0xb5, 0x7e, 0x1a, 0x37, 194 0xfd, 0x16, 0xf6, 0x71, 0x11, 0x9a, 0x74, 0x30, 0x16, 0xfe, 0x13, 0x94, 195 0xa3, 0x3f, 0x84, 0x0d, 0x4f, 196 // public exponent 197 0x02, 0x03, // an INTEGER of length 3 198 0x01, 0x00, 0x01}; 199 200 // We use the signature verifier to perform four signature verification 201 // tests. 202 crypto::SignatureVerifier verifier; 203 bool ok; 204 205 // Test 1: feed all of the data to the verifier at once (a single 206 // VerifyUpdate call). 207 ok = verifier.VerifyInit(signature_algorithm, 208 sizeof(signature_algorithm), 209 signature, sizeof(signature), 210 public_key_info, sizeof(public_key_info)); 211 EXPECT_TRUE(ok); 212 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate)); 213 ok = verifier.VerifyFinal(); 214 EXPECT_TRUE(ok); 215 216 // Test 2: feed the data to the verifier in three parts (three VerifyUpdate 217 // calls). 218 ok = verifier.VerifyInit(signature_algorithm, 219 sizeof(signature_algorithm), 220 signature, sizeof(signature), 221 public_key_info, sizeof(public_key_info)); 222 EXPECT_TRUE(ok); 223 verifier.VerifyUpdate(tbs_certificate, 256); 224 verifier.VerifyUpdate(tbs_certificate + 256, 256); 225 verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512); 226 ok = verifier.VerifyFinal(); 227 EXPECT_TRUE(ok); 228 229 // Test 3: verify the signature with incorrect data. 230 uint8_t bad_tbs_certificate[sizeof(tbs_certificate)]; 231 memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate)); 232 bad_tbs_certificate[10] += 1; // Corrupt one byte of the data. 233 ok = verifier.VerifyInit(signature_algorithm, 234 sizeof(signature_algorithm), 235 signature, sizeof(signature), 236 public_key_info, sizeof(public_key_info)); 237 EXPECT_TRUE(ok); 238 verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate)); 239 ok = verifier.VerifyFinal(); 240 EXPECT_FALSE(ok); 241 242 // Test 4: verify a bad signature. 243 uint8_t bad_signature[sizeof(signature)]; 244 memcpy(bad_signature, signature, sizeof(signature)); 245 bad_signature[10] += 1; // Corrupt one byte of the signature. 246 ok = verifier.VerifyInit(signature_algorithm, 247 sizeof(signature_algorithm), 248 bad_signature, sizeof(bad_signature), 249 public_key_info, sizeof(public_key_info)); 250 251 // A crypto library (e.g., NSS) may detect that the signature is corrupted 252 // and cause VerifyInit to return false, so it is fine for 'ok' to be false. 253 if (ok) { 254 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate)); 255 ok = verifier.VerifyFinal(); 256 EXPECT_FALSE(ok); 257 } 258 259 // Test 5: import an invalid key. 260 uint8_t bad_public_key_info[sizeof(public_key_info)]; 261 memcpy(bad_public_key_info, public_key_info, sizeof(public_key_info)); 262 bad_public_key_info[0] += 1; // Corrupt part of the SPKI syntax. 263 ok = verifier.VerifyInit(signature_algorithm, 264 sizeof(signature_algorithm), 265 signature, sizeof(signature), 266 bad_public_key_info, sizeof(bad_public_key_info)); 267 EXPECT_FALSE(ok); 268 269 // Test 6: import a key with extra data. 270 uint8_t long_public_key_info[sizeof(public_key_info) + 5]; 271 memset(long_public_key_info, 0, sizeof(long_public_key_info)); 272 memcpy(long_public_key_info, public_key_info, sizeof(public_key_info)); 273 ok = verifier.VerifyInit(signature_algorithm, 274 sizeof(signature_algorithm), 275 signature, sizeof(signature), 276 long_public_key_info, sizeof(long_public_key_info)); 277 EXPECT_FALSE(ok); 278} 279 280////////////////////////////////////////////////////////////////////// 281// 282// RSA-PSS signature verification known answer test 283// 284////////////////////////////////////////////////////////////////////// 285 286// The following RSA-PSS signature test vectors come from the pss-vect.txt 287// file downloaded from 288// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip. 289// 290// For each key, 6 random messages of length between 1 and 256 octets have 291// been RSASSA-PSS signed. 292// 293// Hash function: SHA-1 294// Mask generation function: MGF1 with SHA-1 295// Salt length: 20 octets 296 297// Example 1: A 1024-bit RSA Key Pair" 298 299// RSA modulus n: 300static const char rsa_modulus_n_1[] = 301 "a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1 " 302 "56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91 " 303 "d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3 " 304 "94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df " 305 "d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77 " 306 "c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1 " 307 "05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4 " 308 "ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 "; 309// RSA public exponent e: " 310static const char rsa_public_exponent_e_1[] = 311 "01 00 01 "; 312 313// RSASSA-PSS Signature Example 1.1 314// Message to be signed: 315static const char message_1_1[] = 316 "cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26 " 317 "d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6 " 318 "23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15 " 319 "6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76 " 320 "97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3 " 321 "d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0 " 322 "61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29 " 323 "cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61 " 324 "93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08 " 325 "a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c " 326 "29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca " 327 "b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16 " 328 "be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed " 329 "1b 73 31 8b 75 0a 01 67 d0 "; 330// Salt: 331static const char salt_1_1[] = 332 "de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f " 333 "3e 67 76 af "; 334// Signature: 335static const char signature_1_1[] = 336 "90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71 " 337 "fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87 " 338 "e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2 " 339 "26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15 " 340 "df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9 " 341 "c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65 " 342 "98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4 " 343 "c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c "; 344 345// RSASSA-PSS Signature Example 1.2 346// Message to be signed: 347static const char message_1_2[] = 348 "85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c " 349 "f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f " 350 "71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13 " 351 "22 6b 9e "; 352// Salt: 353static const char salt_1_2[] = 354 "ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f " 355 "d5 6d f4 2d "; 356// Signature: 357static const char signature_1_2[] = 358 "3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce " 359 "fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e " 360 "f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db " 361 "0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45 " 362 "17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4 " 363 "cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35 " 364 "90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14 " 365 "18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 "; 366 367// RSASSA-PSS Signature Example 1.3 368// Message to be signed: 369static const char message_1_3[] = 370 "a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5 " 371 "aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef " 372 "8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d " 373 "fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55 " 374 "fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db " 375 "43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7 " 376 "45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29 " 377 "c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4 " 378 "56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17 " 379 "be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c " 380 "03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b " 381 "79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa " 382 "29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61 " 383 "8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13 " 384 "38 e7 d4 70 "; 385// Salt: 386static const char salt_1_3[] = 387 "71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1 " 388 "81 07 cc 77 "; 389// Signature: 390static const char signature_1_3[] = 391 "66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e " 392 "4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01 " 393 "54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b " 394 "aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14 " 395 "3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82 " 396 "72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a " 397 "a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91 " 398 "60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 "; 399 400// RSASSA-PSS Signature Example 1.4 401// Message to be signed: 402static const char message_1_4[] = 403 "bc 65 67 47 fa 9e af b3 f0 "; 404// Salt: 405static const char salt_1_4[] = 406 "05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be " 407 "f7 20 33 5e "; 408// Signature: 409static const char signature_1_4[] = 410 "46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f " 411 "3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c " 412 "17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f " 413 "4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad " 414 "84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e " 415 "42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18 " 416 "33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7 " 417 "52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 "; 418 419// RSASSA-PSS Signature Example 1.5 420// Message to be signed: 421static const char message_1_5[] = 422 "b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64 " 423 "e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76 " 424 "c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e " 425 "f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75 " 426 "48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4 " 427 "b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f " 428 "32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7 " 429 "82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc " 430 "5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f " 431 "45 5a 69 09 b4 "; 432// Salt: 433static const char salt_1_5[] = 434 "80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc " 435 "ea 67 ae 8e "; 436// Signature: 437static const char signature_1_5[] = 438 "1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98 " 439 "e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73 " 440 "47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1 " 441 "6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59 " 442 "60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c " 443 "3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db " 444 "45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6 " 445 "84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad "; 446 447// RSASSA-PSS Signature Example 1.6 448// Message to be signed: 449static const char message_1_6[] = 450 "10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7 " 451 "5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec " 452 "74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4 " 453 "3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4 " 454 "35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90 " 455 "9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7 " 456 "05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad " 457 "b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87 " 458 "94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00 " 459 "44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73 " 460 "d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29 " 461 "51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb " 462 "3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf " 463 "e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6 " 464 "13 8d 14 4f 8c e4 e2 da 73 "; 465// Salt: 466static const char salt_1_6[] = 467 "a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6 " 468 "16 d9 96 81 "; 469// Signature: 470static const char signature_1_6[] = 471 "2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32 " 472 "be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98 " 473 "7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6 " 474 "7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7 " 475 "5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0 " 476 "d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89 " 477 "82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27 " 478 "3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 "; 479 480// Example 9: A 1536-bit RSA Key Pair 481 482// RSA modulus n: 483static const char rsa_modulus_n_9[] = 484 "e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9 " 485 "bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b " 486 "5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4 " 487 "a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68 " 488 "35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73 " 489 "ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc " 490 "ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43 " 491 "3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14 " 492 "83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f " 493 "84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02 " 494 "73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8 " 495 "17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b "; 496// RSA public exponent e: 497static const char rsa_public_exponent_e_9[] = 498 "01 00 01 "; 499 500// RSASSA-PSS Signature Example 9.1 501// Message to be signed: 502static const char message_9_1[] = 503 "a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59 " 504 "1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59 " 505 "22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa " 506 "70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27 " 507 "88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4 " 508 "f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88 " 509 "c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f " 510 "0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79 " 511 "f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76 " 512 "2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70 " 513 "9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66 " 514 "ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94 " 515 "20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2 " 516 "c7 50 f5 "; 517// Salt: 518static const char salt_9_1[] = 519 "c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5 " 520 "25 7e ed 80 "; 521// Signature: 522static const char signature_9_1[] = 523 "58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59 " 524 "bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef " 525 "58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38 " 526 "30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1 " 527 "3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b " 528 "67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c " 529 "b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70 " 530 "46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27 " 531 "9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60 " 532 "20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11 " 533 "21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81 " 534 "fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e "; 535 536// RSASSA-PSS Signature Example 9.2 537// Message to be signed: 538static const char message_9_2[] = 539 "c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3 " 540 "73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26 " 541 "58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce " 542 "d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1 " 543 "2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8 " 544 "a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6 " 545 "9f 86 35 0e 18 22 e8 bd 53 6a 2e "; 546// Salt: 547static const char salt_9_2[] = 548 "b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef " 549 "8c 5c 0e 91 "; 550// Signature: 551static const char signature_9_2[] = 552 "80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2 " 553 "59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d " 554 "d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04 " 555 "b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f " 556 "7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f " 557 "7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46 " 558 "bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63 " 559 "b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea " 560 "e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5 " 561 "e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee " 562 "36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa " 563 "1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 "; 564 565// RSASSA-PSS Signature Example 9.3 566// Message to be signed: 567static const char message_9_3[] = 568 "0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a " 569 "4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1 " 570 "26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1 " 571 "fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89 " 572 "3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d " 573 "df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff " 574 "74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63 " 575 "19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34 " 576 "09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec " 577 "be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1 " 578 "4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46 " 579 "2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc " 580 "d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8 " 581 "9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 "; 582// Salt: 583static const char salt_9_3[] = 584 "9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed " 585 "fc 74 db f5 "; 586// Signature: 587static const char signature_9_3[] = 588 "48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27 " 589 "08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9 " 590 "81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5 " 591 "bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c " 592 "87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77 " 593 "5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd " 594 "1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb " 595 "c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20 " 596 "19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16 " 597 "a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd " 598 "e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3 " 599 "fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca "; 600 601// RSASSA-PSS Signature Example 9.4 602// Message to be signed: 603static const char message_9_4[] = 604 "1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8 " 605 "82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db " 606 "be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19 " 607 "a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06 " 608 "e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb " 609 "b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f " 610 "53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3 " 611 "0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a " 612 "45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0 " 613 "1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14 " 614 "fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0 " 615 "c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4 " 616 "3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc " 617 "b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81 " 618 "7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5 " 619 "69 26 fc ec 20 9f 9e a8 "; 620// Salt: 621static const char salt_9_4[] = 622 "70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6 " 623 "32 b8 40 45 "; 624// Signature: 625static const char signature_9_4[] = 626 "84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01 " 627 "12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a " 628 "e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03 " 629 "fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c " 630 "97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed " 631 "2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8 " 632 "b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58 " 633 "cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a " 634 "91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e " 635 "0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77 " 636 "e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f " 637 "bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e "; 638 639// RSASSA-PSS Signature Example 9.5 640// Message to be signed: 641static const char message_9_5[] = 642 "1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9 " 643 "cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d " 644 "73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52 " 645 "26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76 " 646 "96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18 " 647 "55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21 " 648 "38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8 " 649 "be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80 " 650 "0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f " 651 "bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67 " 652 "fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed " 653 "1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1 " 654 "be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e " 655 "2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01 " 656 "d9 fa 6e d8 06 46 49 1c 93 41 "; 657// Salt: 658static const char salt_9_5[] = 659 "d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29 " 660 "5f b9 1b 67 "; 661// Signature: 662static const char signature_9_5[] = 663 "82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6 " 664 "4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27 " 665 "4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42 " 666 "0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da " 667 "5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d " 668 "4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe " 669 "c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a " 670 "1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17 " 671 "17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16 " 672 "64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba " 673 "3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf " 674 "22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c "; 675 676// RSASSA-PSS Signature Example 9.6 677// Message to be signed: 678static const char message_9_6[] = 679 "88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25 " 680 "c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67 " 681 "0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c " 682 "c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1 " 683 "de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc " 684 "d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30 " 685 "2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d " 686 "b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e " 687 "d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14 " 688 "fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db " 689 "ce 7a 9e f7 97 "; 690// Salt: 691static const char salt_9_6[] = 692 "c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61 " 693 "3b ba 22 76 "; 694// Signature: 695static const char signature_9_6[] = 696 "a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86 " 697 "7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa " 698 "de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2 " 699 "05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04 " 700 "c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4 " 701 "af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c " 702 "31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9 " 703 "aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3 " 704 "af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d " 705 "e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08 " 706 "95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42 " 707 "3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f "; 708 709// Example 10: A 2048-bit RSA Key Pair 710 711// RSA modulus n: 712static const char rsa_modulus_n_10[] = 713 "a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70 " 714 "ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5 " 715 "7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18 " 716 "75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad " 717 "cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12 " 718 "cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae " 719 "4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e " 720 "90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a " 721 "21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37 " 722 "39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea " 723 "45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73 " 724 "3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07 " 725 "0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17 " 726 "b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00 " 727 "1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82 " 728 "ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 "; 729// RSA public exponent e: 730static const char rsa_public_exponent_e_10[] = 731 "01 00 01 "; 732 733// RSASSA-PSS Signature Example 10.1 734// Message to be signed: 735static const char message_10_1[] = 736 "88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c " 737 "6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 "; 738// Salt: 739static const char salt_10_1[] = 740 "04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab " 741 "fc ec de 89 "; 742// Signature: 743static const char signature_10_1[] = 744 "82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54 " 745 "06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5 " 746 "af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14 " 747 "8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2 " 748 "1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7 " 749 "9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74 " 750 "1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a " 751 "77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f " 752 "d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16 " 753 "59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e " 754 "57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb " 755 "3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00 " 756 "0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8 " 757 "e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04 " 758 "38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1 " 759 "b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 "; 760 761// RSASSA-PSS Signature Example 10.2 762// Message to be signed: 763static const char message_10_2[] = 764 "dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c " 765 "52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13 " 766 "97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b " 767 "34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db " 768 "d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3 " 769 "c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75 " 770 "ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e " 771 "80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac "; 772// Salt: 773static const char salt_10_2[] = 774 "8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb " 775 "57 f9 b7 1b "; 776// Signature: 777static const char signature_10_2[] = 778 "14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c " 779 "d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30 " 780 "53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10 " 781 "11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28 " 782 "92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a " 783 "5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca " 784 "ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec " 785 "d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63 " 786 "7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22 " 787 "21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15 " 788 "99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68 " 789 "25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42 " 790 "31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab " 791 "c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd " 792 "26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26 " 793 "d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 "; 794 795// RSASSA-PSS Signature Example 10.3 796// Message to be signed: 797static const char message_10_3[] = 798 "48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b " 799 "08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01 " 800 "93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6 " 801 "26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71 " 802 "ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d " 803 "e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1 " 804 "3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db "; 805// Salt: 806static const char salt_10_3[] = 807 "4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6 " 808 "e2 0c 2d 73 "; 809// Signature: 810static const char signature_10_3[] = 811 "6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb " 812 "39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5 " 813 "4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d " 814 "3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01 " 815 "02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a " 816 "a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5 " 817 "d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa " 818 "91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66 " 819 "f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78 " 820 "34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b " 821 "44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de " 822 "03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53 " 823 "1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19 " 824 "6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24 " 825 "71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5 " 826 "0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb "; 827 828// RSASSA-PSS Signature Example 10.4 829// Message to be signed: 830static const char message_10_4[] = 831 "0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75 " 832 "5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4 " 833 "e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82 " 834 "db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a " 835 "62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45 " 836 "1a "; 837// Salt: 838static const char salt_10_4[] = 839 "c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0 " 840 "1c b5 41 ec "; 841// Signature: 842static const char signature_10_4[] = 843 "34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61 " 844 "a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd " 845 "ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93 " 846 "2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc " 847 "f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0 " 848 "2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34 " 849 "b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6 " 850 "6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce " 851 "c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45 " 852 "0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d " 853 "02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec " 854 "b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f " 855 "01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9 " 856 "2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d " 857 "de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6 " 858 "c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb "; 859 860// RSASSA-PSS Signature Example 10.5 861// Message to be signed: 862static const char message_10_5[] = 863 "f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f " 864 "06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97 " 865 "6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98 " 866 "01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b " 867 "b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9 " 868 "16 "; 869// Salt: 870static const char salt_10_5[] = 871 "ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52 " 872 "65 5f 5d fb "; 873// Signature: 874static const char signature_10_5[] = 875 "7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c " 876 "55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3 " 877 "46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de " 878 "42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1 " 879 "f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38 " 880 "77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b " 881 "3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b " 882 "b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72 " 883 "1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05 " 884 "e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed " 885 "b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5 " 886 "a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9 " 887 "21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11 " 888 "26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24 " 889 "86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a " 890 "cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc "; 891 892// RSASSA-PSS Signature Example 10.6 893// Message to be signed: 894static const char message_10_6[] = 895 "25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1 " 896 "f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5 " 897 "55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91 " 898 "dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52 " 899 "c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03 " 900 "23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0 " 901 "74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7 " 902 "d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37 " 903 "8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e " 904 "aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef " 905 "b8 af d7 "; 906// Salt: 907static const char salt_10_6[] = 908 "ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c " 909 "a2 d1 df 28 "; 910// Signature: 911static const char signature_10_6[] = 912 "6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21 " 913 "80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9 " 914 "b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12 " 915 "5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7 " 916 "b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91 " 917 "55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c " 918 "43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46 " 919 "bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81 " 920 "8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96 " 921 "d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e " 922 "f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18 " 923 "e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08 " 924 "8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed " 925 "94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59 " 926 "e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73 " 927 "2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f "; 928 929struct SignatureExample { 930 const char* message; 931 const char* salt; 932 const char* signature; 933}; 934 935struct PSSTestVector { 936 const char* modulus_n; 937 const char* public_exponent_e; 938 SignatureExample example[6]; 939}; 940 941static const PSSTestVector pss_test[] = { 942 { 943 rsa_modulus_n_1, 944 rsa_public_exponent_e_1, 945 { 946 { message_1_1, salt_1_1, signature_1_1 }, 947 { message_1_2, salt_1_2, signature_1_2 }, 948 { message_1_3, salt_1_3, signature_1_3 }, 949 { message_1_4, salt_1_4, signature_1_4 }, 950 { message_1_5, salt_1_5, signature_1_5 }, 951 { message_1_6, salt_1_6, signature_1_6 }, 952 } 953 }, 954 { 955 rsa_modulus_n_9, 956 rsa_public_exponent_e_9, 957 { 958 { message_9_1, salt_9_1, signature_9_1 }, 959 { message_9_2, salt_9_2, signature_9_2 }, 960 { message_9_3, salt_9_3, signature_9_3 }, 961 { message_9_4, salt_9_4, signature_9_4 }, 962 { message_9_5, salt_9_5, signature_9_5 }, 963 { message_9_6, salt_9_6, signature_9_6 }, 964 } 965 }, 966 { 967 rsa_modulus_n_10, 968 rsa_public_exponent_e_10, 969 { 970 { message_10_1, salt_10_1, signature_10_1 }, 971 { message_10_2, salt_10_2, signature_10_2 }, 972 { message_10_3, salt_10_3, signature_10_3 }, 973 { message_10_4, salt_10_4, signature_10_4 }, 974 { message_10_5, salt_10_5, signature_10_5 }, 975 { message_10_6, salt_10_6, signature_10_6 }, 976 } 977 }, 978}; 979 980static uint8_t HexDigitValue(char digit) { 981 if ('0' <= digit && digit <= '9') 982 return digit - '0'; 983 if ('a' <= digit && digit <= 'f') 984 return digit - 'a' + 10; 985 return digit - 'A' + 10; 986} 987 988static bool DecodeTestInput(const char* in, std::vector<uint8_t>* out) { 989 out->clear(); 990 while (in[0] != '\0') { 991 if (!isxdigit(in[0]) || !isxdigit(in[1]) || in[2] != ' ') 992 return false; 993 uint8_t octet = HexDigitValue(in[0]) * 16 + HexDigitValue(in[1]); 994 out->push_back(octet); 995 in += 3; 996 } 997 return true; 998} 999 1000// PrependASN1Length prepends an ASN.1 serialized length to the beginning of 1001// |out|. 1002static void PrependASN1Length(std::vector<uint8_t>* out, size_t len) { 1003 if (len < 128) { 1004 out->insert(out->begin(), static_cast<uint8_t>(len)); 1005 } else if (len < 256) { 1006 out->insert(out->begin(), static_cast<uint8_t>(len)); 1007 out->insert(out->begin(), 0x81); 1008 } else if (len < 0x10000) { 1009 out->insert(out->begin(), static_cast<uint8_t>(len)); 1010 out->insert(out->begin(), static_cast<uint8_t>(len >> 8)); 1011 out->insert(out->begin(), 0x82); 1012 } else { 1013 CHECK(false) << "ASN.1 length not handled: " << len; 1014 } 1015} 1016 1017static bool EncodeRSAPublicKey(const std::vector<uint8_t>& modulus_n, 1018 const std::vector<uint8_t>& public_exponent_e, 1019 std::vector<uint8_t>* public_key_info) { 1020 // The public key is specified as the following ASN.1 structure: 1021 // SubjectPublicKeyInfo ::= SEQUENCE { 1022 // algorithm AlgorithmIdentifier, 1023 // subjectPublicKey BIT STRING } 1024 // 1025 // The signature algorithm is specified as the following ASN.1 structure: 1026 // AlgorithmIdentifier ::= SEQUENCE { 1027 // algorithm OBJECT IDENTIFIER, 1028 // parameters ANY DEFINED BY algorithm OPTIONAL } 1029 // 1030 // An RSA public key is specified as the following ASN.1 structure: 1031 // RSAPublicKey ::= SEQUENCE { 1032 // modulus INTEGER, -- n 1033 // publicExponent INTEGER -- e 1034 // } 1035 static const uint8_t kIntegerTag = 0x02; 1036 static const uint8_t kBitStringTag = 0x03; 1037 static const uint8_t kSequenceTag = 0x30; 1038 public_key_info->clear(); 1039 1040 // Encode the public exponent e as an INTEGER. 1041 public_key_info->insert(public_key_info->begin(), 1042 public_exponent_e.begin(), 1043 public_exponent_e.end()); 1044 PrependASN1Length(public_key_info, public_exponent_e.size()); 1045 public_key_info->insert(public_key_info->begin(), kIntegerTag); 1046 1047 // Encode the modulus n as an INTEGER. 1048 public_key_info->insert(public_key_info->begin(), 1049 modulus_n.begin(), modulus_n.end()); 1050 size_t modulus_size = modulus_n.size(); 1051 if (modulus_n[0] & 0x80) { 1052 public_key_info->insert(public_key_info->begin(), 0x00); 1053 modulus_size++; 1054 } 1055 PrependASN1Length(public_key_info, modulus_size); 1056 public_key_info->insert(public_key_info->begin(), kIntegerTag); 1057 1058 // Encode the RSAPublicKey SEQUENCE. 1059 PrependASN1Length(public_key_info, public_key_info->size()); 1060 public_key_info->insert(public_key_info->begin(), kSequenceTag); 1061 1062 // Encode the BIT STRING. 1063 // Number of unused bits. 1064 public_key_info->insert(public_key_info->begin(), 0x00); 1065 PrependASN1Length(public_key_info, public_key_info->size()); 1066 public_key_info->insert(public_key_info->begin(), kBitStringTag); 1067 1068 // Encode the AlgorithmIdentifier. 1069 static const uint8_t algorithm[] = { 1070 0x30, 0x0d, // a SEQUENCE of length 13 1071 0x06, 0x09, // an OBJECT IDENTIFIER of length 9 1072 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 1073 }; 1074 public_key_info->insert(public_key_info->begin(), 1075 algorithm, algorithm + sizeof(algorithm)); 1076 1077 // Encode the outermost SEQUENCE. 1078 PrependASN1Length(public_key_info, public_key_info->size()); 1079 public_key_info->insert(public_key_info->begin(), kSequenceTag); 1080 1081 return true; 1082} 1083 1084TEST(SignatureVerifierTest, VerifyRSAPSS) { 1085 for (unsigned int i = 0; i < arraysize(pss_test); i++) { 1086 SCOPED_TRACE(i); 1087 std::vector<uint8_t> modulus_n; 1088 std::vector<uint8_t> public_exponent_e; 1089 ASSERT_TRUE(DecodeTestInput(pss_test[i].modulus_n, &modulus_n)); 1090 ASSERT_TRUE(DecodeTestInput(pss_test[i].public_exponent_e, 1091 &public_exponent_e)); 1092 std::vector<uint8_t> public_key_info; 1093 ASSERT_TRUE(EncodeRSAPublicKey(modulus_n, public_exponent_e, 1094 &public_key_info)); 1095 1096 for (unsigned int j = 0; j < arraysize(pss_test[i].example); j++) { 1097 SCOPED_TRACE(j); 1098 std::vector<uint8_t> message; 1099 std::vector<uint8_t> salt; 1100 std::vector<uint8_t> signature; 1101 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].message, &message)); 1102 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].salt, &salt)); 1103 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].signature, 1104 &signature)); 1105 1106 crypto::SignatureVerifier verifier; 1107 bool ok; 1108 1109 // Positive test. 1110 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1111 crypto::SignatureVerifier::SHA1, 1112 salt.size(), 1113 &signature[0], signature.size(), 1114 &public_key_info[0], 1115 public_key_info.size()); 1116 ASSERT_TRUE(ok); 1117 verifier.VerifyUpdate(&message[0], message.size()); 1118 ok = verifier.VerifyFinal(); 1119 EXPECT_TRUE(ok); 1120 1121 // Modify the first byte of the message. 1122 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1123 crypto::SignatureVerifier::SHA1, 1124 salt.size(), 1125 &signature[0], signature.size(), 1126 &public_key_info[0], 1127 public_key_info.size()); 1128 ASSERT_TRUE(ok); 1129 message[0] += 1; 1130 verifier.VerifyUpdate(&message[0], message.size()); 1131 message[0] -= 1; 1132 ok = verifier.VerifyFinal(); 1133 EXPECT_FALSE(ok); 1134 1135 // Truncate the message. 1136 ASSERT_FALSE(message.empty()); 1137 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1138 crypto::SignatureVerifier::SHA1, 1139 salt.size(), 1140 &signature[0], signature.size(), 1141 &public_key_info[0], 1142 public_key_info.size()); 1143 ASSERT_TRUE(ok); 1144 verifier.VerifyUpdate(&message[0], message.size() - 1); 1145 ok = verifier.VerifyFinal(); 1146 EXPECT_FALSE(ok); 1147 1148 // Corrupt the signature. 1149 signature[0] += 1; 1150 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1, 1151 crypto::SignatureVerifier::SHA1, 1152 salt.size(), 1153 &signature[0], signature.size(), 1154 &public_key_info[0], 1155 public_key_info.size()); 1156 signature[0] -= 1; 1157 ASSERT_TRUE(ok); 1158 verifier.VerifyUpdate(&message[0], message.size()); 1159 ok = verifier.VerifyFinal(); 1160 EXPECT_FALSE(ok); 1161 } 1162 } 1163} 1164