search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/skia b3eb687:c6f3e2c
[chromium-blink-merge.git] / crypto / signature_verifier_unittest.cc
blobf6c42e0fdc7f208fe4f1c4cd71f381482ca2bf0b
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/signature_verifier.h"
6
7 #include "base/numerics/safe_conversions.h"
8 #include "testing/gtest/include/gtest/gtest.h"
9
10 TEST(SignatureVerifierTest, BasicTest) {
11 // The input data in this test comes from real certificates.
12 //
13 // tbs_certificate ("to-be-signed certificate", the part of a certificate
14 // that is signed), signature_algorithm, and algorithm come from the
15 // certificate of bugs.webkit.org.
16 //
17 // public_key_info comes from the certificate of the issuer, Go Daddy Secure
18 // Certification Authority.
19 //
20 // The bytes in the array initializers are formatted to expose the DER
21 // encoding of the ASN.1 structures.
22
23 // The data that is signed is the following ASN.1 structure:
24 // TBSCertificate ::= SEQUENCE {
25 // ... -- omitted, not important
26 // }
27 const uint8 tbs_certificate[1017] = {
28 0x30, 0x82, 0x03, 0xf5, // a SEQUENCE of length 1013 (0x3f5)
29 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d,
30 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
31 0x00, 0x30, 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
32 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
33 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31,
34 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63,
35 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18,
36 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64,
37 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
38 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68,
39 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66,
40 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64,
41 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73,
42 0x69, 0x74, 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55,
43 0x04, 0x03, 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79,
44 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74,
45 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75,
46 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06,
47 0x03, 0x55, 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32,
48 0x38, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38,
49 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30,
50 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79,
51 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
52 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
53 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12,
54 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70,
55 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
56 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49,
57 0x6e, 0x63, 0x2e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b,
58 0x13, 0x0c, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72,
59 0x67, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
60 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72,
61 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
62 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
63 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28,
64 0xf2, 0xc0, 0x4f, 0xe0, 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5,
65 0xc9, 0x26, 0x3a, 0x1b, 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0,
66 0xf0, 0x40, 0x9e, 0x27, 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c,
67 0xb8, 0x9b, 0x01, 0x2f, 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1,
68 0x7e, 0x8e, 0xcd, 0xa6, 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff,
69 0x2a, 0x6d, 0x0e, 0xba, 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39,
70 0xdc, 0x1e, 0x34, 0xd0, 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca,
71 0x65, 0xf6, 0x85, 0x3a, 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1,
72 0xce, 0x88, 0x47, 0xcd, 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb,
73 0x57, 0xdc, 0xca, 0x99, 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e,
74 0xe9, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30,
75 0x82, 0x01, 0xca, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02,
76 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03,
77 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16,
78 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
79 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57,
80 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0,
81 0x4a, 0xa0, 0x48, 0x86, 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
82 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73,
83 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
84 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f,
85 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e,
86 0x64, 0x65, 0x64, 0x69, 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e,
87 0x63, 0x72, 0x6c, 0x30, 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b,
88 0x30, 0x49, 0x30, 0x47, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd,
89 0x6d, 0x01, 0x07, 0x17, 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b,
90 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74,
91 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
92 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79,
93 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74,
94 0x6f, 0x72, 0x79, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
95 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b,
96 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74,
97 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64,
98 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08,
99 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74,
100 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
101 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64,
102 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69,
103 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65,
104 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74,
105 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48,
106 0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5,
107 0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55,
108 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32,
109 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76,
110 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04,
111 0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69,
112 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69,
113 0x74, 0x2e, 0x6f, 0x72, 0x67
114 };
115
116 // The signature algorithm is specified as the following ASN.1 structure:
117 // AlgorithmIdentifier ::= SEQUENCE {
118 // algorithm OBJECT IDENTIFIER,
119 // parameters ANY DEFINED BY algorithm OPTIONAL }
120 //
121 const uint8 signature_algorithm[15] = {
122 0x30, 0x0d, // a SEQUENCE of length 13 (0xd)
123 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
124 // 1.2.840.113549.1.1.5 - sha1WithRSAEncryption
125 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
126 0x05, 0x00, // a NULL of length 0
127 };
128
129 // RSA signature, a big integer in the big-endian byte order.
130 const uint8 signature[256] = {
131 0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f,
132 0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37,
133 0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82,
134 0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01,
135 0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01,
136 0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98,
137 0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56,
138 0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8,
139 0xa0, 0xe9, 0x7d, 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff,
140 0x9a, 0x01, 0x31, 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d,
141 0xbb, 0xbb, 0xcd, 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84,
142 0x71, 0x08, 0xd2, 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8,
143 0x12, 0x6a, 0x6f, 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9,
144 0xe0, 0xb5, 0xb3, 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2,
145 0xca, 0x20, 0xd3, 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94,
146 0x93, 0x8c, 0x64, 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3,
147 0xd3, 0xc1, 0x50, 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a,
148 0x7a, 0x21, 0x87, 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e,
149 0xbe, 0xcd, 0x70, 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08,
150 0x01, 0x6f, 0x37, 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd,
151 0x35, 0x52, 0xdd, 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8,
152 0x3c, 0xd8, 0x48, 0x8a
153 };
154
155 // The public key is specified as the following ASN.1 structure:
156 // SubjectPublicKeyInfo ::= SEQUENCE {
157 // algorithm AlgorithmIdentifier,
158 // subjectPublicKey BIT STRING }
159 const uint8 public_key_info[294] = {
160 0x30, 0x82, 0x01, 0x22, // a SEQUENCE of length 290 (0x122)
161 // algorithm
162 0x30, 0x0d, // a SEQUENCE of length 13
163 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
164 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
165 0x05, 0x00, // a NULL of length 0
166 // subjectPublicKey
167 0x03, 0x82, 0x01, 0x0f, // a BIT STRING of length 271 (0x10f)
168 0x00, // number of unused bits
169 0x30, 0x82, 0x01, 0x0a, // a SEQUENCE of length 266 (0x10a)
170 // modulus
171 0x02, 0x82, 0x01, 0x01, // an INTEGER of length 257 (0x101)
172 0x00, 0xc4, 0x2d, 0xd5, 0x15, 0x8c, 0x9c, 0x26, 0x4c, 0xec,
173 0x32, 0x35, 0xeb, 0x5f, 0xb8, 0x59, 0x01, 0x5a, 0xa6, 0x61,
174 0x81, 0x59, 0x3b, 0x70, 0x63, 0xab, 0xe3, 0xdc, 0x3d, 0xc7,
175 0x2a, 0xb8, 0xc9, 0x33, 0xd3, 0x79, 0xe4, 0x3a, 0xed, 0x3c,
176 0x30, 0x23, 0x84, 0x8e, 0xb3, 0x30, 0x14, 0xb6, 0xb2, 0x87,
177 0xc3, 0x3d, 0x95, 0x54, 0x04, 0x9e, 0xdf, 0x99, 0xdd, 0x0b,
178 0x25, 0x1e, 0x21, 0xde, 0x65, 0x29, 0x7e, 0x35, 0xa8, 0xa9,
179 0x54, 0xeb, 0xf6, 0xf7, 0x32, 0x39, 0xd4, 0x26, 0x55, 0x95,
180 0xad, 0xef, 0xfb, 0xfe, 0x58, 0x86, 0xd7, 0x9e, 0xf4, 0x00,
181 0x8d, 0x8c, 0x2a, 0x0c, 0xbd, 0x42, 0x04, 0xce, 0xa7, 0x3f,
182 0x04, 0xf6, 0xee, 0x80, 0xf2, 0xaa, 0xef, 0x52, 0xa1, 0x69,
183 0x66, 0xda, 0xbe, 0x1a, 0xad, 0x5d, 0xda, 0x2c, 0x66, 0xea,
184 0x1a, 0x6b, 0xbb, 0xe5, 0x1a, 0x51, 0x4a, 0x00, 0x2f, 0x48,
185 0xc7, 0x98, 0x75, 0xd8, 0xb9, 0x29, 0xc8, 0xee, 0xf8, 0x66,
186 0x6d, 0x0a, 0x9c, 0xb3, 0xf3, 0xfc, 0x78, 0x7c, 0xa2, 0xf8,
187 0xa3, 0xf2, 0xb5, 0xc3, 0xf3, 0xb9, 0x7a, 0x91, 0xc1, 0xa7,
188 0xe6, 0x25, 0x2e, 0x9c, 0xa8, 0xed, 0x12, 0x65, 0x6e, 0x6a,
189 0xf6, 0x12, 0x44, 0x53, 0x70, 0x30, 0x95, 0xc3, 0x9c, 0x2b,
190 0x58, 0x2b, 0x3d, 0x08, 0x74, 0x4a, 0xf2, 0xbe, 0x51, 0xb0,
191 0xbf, 0x87, 0xd0, 0x4c, 0x27, 0x58, 0x6b, 0xb5, 0x35, 0xc5,
192 0x9d, 0xaf, 0x17, 0x31, 0xf8, 0x0b, 0x8f, 0xee, 0xad, 0x81,
193 0x36, 0x05, 0x89, 0x08, 0x98, 0xcf, 0x3a, 0xaf, 0x25, 0x87,
194 0xc0, 0x49, 0xea, 0xa7, 0xfd, 0x67, 0xf7, 0x45, 0x8e, 0x97,
195 0xcc, 0x14, 0x39, 0xe2, 0x36, 0x85, 0xb5, 0x7e, 0x1a, 0x37,
196 0xfd, 0x16, 0xf6, 0x71, 0x11, 0x9a, 0x74, 0x30, 0x16, 0xfe,
197 0x13, 0x94, 0xa3, 0x3f, 0x84, 0x0d, 0x4f,
198 // public exponent
199 0x02, 0x03, // an INTEGER of length 3
200 0x01, 0x00, 0x01
201 };
202
203 // We use the signature verifier to perform four signature verification
204 // tests.
205 crypto::SignatureVerifier verifier;
206 bool ok;
207
208 // Test 1: feed all of the data to the verifier at once (a single
209 // VerifyUpdate call).
210 ok = verifier.VerifyInit(signature_algorithm,
211 sizeof(signature_algorithm),
212 signature, sizeof(signature),
213 public_key_info, sizeof(public_key_info));
214 EXPECT_TRUE(ok);
215 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
216 ok = verifier.VerifyFinal();
217 EXPECT_TRUE(ok);
218
219 // Test 2: feed the data to the verifier in three parts (three VerifyUpdate
220 // calls).
221 ok = verifier.VerifyInit(signature_algorithm,
222 sizeof(signature_algorithm),
223 signature, sizeof(signature),
224 public_key_info, sizeof(public_key_info));
225 EXPECT_TRUE(ok);
226 verifier.VerifyUpdate(tbs_certificate, 256);
227 verifier.VerifyUpdate(tbs_certificate + 256, 256);
228 verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512);
229 ok = verifier.VerifyFinal();
230 EXPECT_TRUE(ok);
231
232 // Test 3: verify the signature with incorrect data.
233 uint8 bad_tbs_certificate[sizeof(tbs_certificate)];
234 memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate));
235 bad_tbs_certificate[10] += 1; // Corrupt one byte of the data.
236 ok = verifier.VerifyInit(signature_algorithm,
237 sizeof(signature_algorithm),
238 signature, sizeof(signature),
239 public_key_info, sizeof(public_key_info));
240 EXPECT_TRUE(ok);
241 verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate));
242 ok = verifier.VerifyFinal();
243 EXPECT_FALSE(ok);
244
245 // Test 4: verify a bad signature.
246 uint8 bad_signature[sizeof(signature)];
247 memcpy(bad_signature, signature, sizeof(signature));
248 bad_signature[10] += 1; // Corrupt one byte of the signature.
249 ok = verifier.VerifyInit(signature_algorithm,
250 sizeof(signature_algorithm),
251 bad_signature, sizeof(bad_signature),
252 public_key_info, sizeof(public_key_info));
253
254 // A crypto library (e.g., NSS) may detect that the signature is corrupted
255 // and cause VerifyInit to return false, so it is fine for 'ok' to be false.
256 if (ok) {
257 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
258 ok = verifier.VerifyFinal();
259 EXPECT_FALSE(ok);
260 }
261 }
262
263 //////////////////////////////////////////////////////////////////////
264 //
265 // RSA-PSS signature verification known answer test
266 //
267 //////////////////////////////////////////////////////////////////////
268
269 // The following RSA-PSS signature test vectors come from the pss-vect.txt
270 // file downloaded from
271 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip.
272 //
273 // For each key, 6 random messages of length between 1 and 256 octets have
274 // been RSASSA-PSS signed.
275 //
276 // Hash function: SHA-1
277 // Mask generation function: MGF1 with SHA-1
278 // Salt length: 20 octets
279
280 // Example 1: A 1024-bit RSA Key Pair"
281
282 // RSA modulus n:
283 static const char rsa_modulus_n_1[] =
284 "a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1 "
285 "56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91 "
286 "d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3 "
287 "94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df "
288 "d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77 "
289 "c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1 "
290 "05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4 "
291 "ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 ";
292 // RSA public exponent e: "
293 static const char rsa_public_exponent_e_1[] =
294 "01 00 01 ";
295
296 // RSASSA-PSS Signature Example 1.1
297 // Message to be signed:
298 static const char message_1_1[] =
299 "cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26 "
300 "d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6 "
301 "23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15 "
302 "6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76 "
303 "97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3 "
304 "d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0 "
305 "61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29 "
306 "cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61 "
307 "93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08 "
308 "a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c "
309 "29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca "
310 "b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16 "
311 "be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed "
312 "1b 73 31 8b 75 0a 01 67 d0 ";
313 // Salt:
314 static const char salt_1_1[] =
315 "de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f "
316 "3e 67 76 af ";
317 // Signature:
318 static const char signature_1_1[] =
319 "90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71 "
320 "fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87 "
321 "e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2 "
322 "26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15 "
323 "df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9 "
324 "c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65 "
325 "98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4 "
326 "c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c ";
327
328 // RSASSA-PSS Signature Example 1.2
329 // Message to be signed:
330 static const char message_1_2[] =
331 "85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c "
332 "f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f "
333 "71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13 "
334 "22 6b 9e ";
335 // Salt:
336 static const char salt_1_2[] =
337 "ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f "
338 "d5 6d f4 2d ";
339 // Signature:
340 static const char signature_1_2[] =
341 "3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce "
342 "fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e "
343 "f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db "
344 "0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45 "
345 "17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4 "
346 "cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35 "
347 "90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14 "
348 "18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 ";
349
350 // RSASSA-PSS Signature Example 1.3
351 // Message to be signed:
352 static const char message_1_3[] =
353 "a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5 "
354 "aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef "
355 "8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d "
356 "fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55 "
357 "fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db "
358 "43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7 "
359 "45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29 "
360 "c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4 "
361 "56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17 "
362 "be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c "
363 "03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b "
364 "79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa "
365 "29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61 "
366 "8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13 "
367 "38 e7 d4 70 ";
368 // Salt:
369 static const char salt_1_3[] =
370 "71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1 "
371 "81 07 cc 77 ";
372 // Signature:
373 static const char signature_1_3[] =
374 "66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e "
375 "4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01 "
376 "54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b "
377 "aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14 "
378 "3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82 "
379 "72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a "
380 "a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91 "
381 "60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 ";
382
383 // RSASSA-PSS Signature Example 1.4
384 // Message to be signed:
385 static const char message_1_4[] =
386 "bc 65 67 47 fa 9e af b3 f0 ";
387 // Salt:
388 static const char salt_1_4[] =
389 "05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be "
390 "f7 20 33 5e ";
391 // Signature:
392 static const char signature_1_4[] =
393 "46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f "
394 "3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c "
395 "17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f "
396 "4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad "
397 "84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e "
398 "42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18 "
399 "33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7 "
400 "52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 ";
401
402 // RSASSA-PSS Signature Example 1.5
403 // Message to be signed:
404 static const char message_1_5[] =
405 "b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64 "
406 "e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76 "
407 "c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e "
408 "f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75 "
409 "48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4 "
410 "b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f "
411 "32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7 "
412 "82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc "
413 "5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f "
414 "45 5a 69 09 b4 ";
415 // Salt:
416 static const char salt_1_5[] =
417 "80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc "
418 "ea 67 ae 8e ";
419 // Signature:
420 static const char signature_1_5[] =
421 "1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98 "
422 "e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73 "
423 "47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1 "
424 "6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59 "
425 "60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c "
426 "3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db "
427 "45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6 "
428 "84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad ";
429
430 // RSASSA-PSS Signature Example 1.6
431 // Message to be signed:
432 static const char message_1_6[] =
433 "10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7 "
434 "5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec "
435 "74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4 "
436 "3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4 "
437 "35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90 "
438 "9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7 "
439 "05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad "
440 "b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87 "
441 "94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00 "
442 "44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73 "
443 "d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29 "
444 "51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb "
445 "3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf "
446 "e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6 "
447 "13 8d 14 4f 8c e4 e2 da 73 ";
448 // Salt:
449 static const char salt_1_6[] =
450 "a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6 "
451 "16 d9 96 81 ";
452 // Signature:
453 static const char signature_1_6[] =
454 "2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32 "
455 "be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98 "
456 "7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6 "
457 "7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7 "
458 "5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0 "
459 "d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89 "
460 "82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27 "
461 "3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 ";
462
463 // Example 9: A 1536-bit RSA Key Pair
464
465 // RSA modulus n:
466 static const char rsa_modulus_n_9[] =
467 "e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9 "
468 "bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b "
469 "5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4 "
470 "a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68 "
471 "35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73 "
472 "ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc "
473 "ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43 "
474 "3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14 "
475 "83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f "
476 "84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02 "
477 "73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8 "
478 "17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b ";
479 // RSA public exponent e:
480 static const char rsa_public_exponent_e_9[] =
481 "01 00 01 ";
482
483 // RSASSA-PSS Signature Example 9.1
484 // Message to be signed:
485 static const char message_9_1[] =
486 "a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59 "
487 "1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59 "
488 "22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa "
489 "70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27 "
490 "88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4 "
491 "f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88 "
492 "c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f "
493 "0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79 "
494 "f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76 "
495 "2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70 "
496 "9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66 "
497 "ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94 "
498 "20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2 "
499 "c7 50 f5 ";
500 // Salt:
501 static const char salt_9_1[] =
502 "c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5 "
503 "25 7e ed 80 ";
504 // Signature:
505 static const char signature_9_1[] =
506 "58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59 "
507 "bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef "
508 "58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38 "
509 "30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1 "
510 "3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b "
511 "67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c "
512 "b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70 "
513 "46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27 "
514 "9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60 "
515 "20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11 "
516 "21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81 "
517 "fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e ";
518
519 // RSASSA-PSS Signature Example 9.2
520 // Message to be signed:
521 static const char message_9_2[] =
522 "c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3 "
523 "73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26 "
524 "58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce "
525 "d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1 "
526 "2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8 "
527 "a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6 "
528 "9f 86 35 0e 18 22 e8 bd 53 6a 2e ";
529 // Salt:
530 static const char salt_9_2[] =
531 "b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef "
532 "8c 5c 0e 91 ";
533 // Signature:
534 static const char signature_9_2[] =
535 "80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2 "
536 "59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d "
537 "d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04 "
538 "b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f "
539 "7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f "
540 "7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46 "
541 "bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63 "
542 "b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea "
543 "e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5 "
544 "e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee "
545 "36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa "
546 "1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 ";
547
548 // RSASSA-PSS Signature Example 9.3
549 // Message to be signed:
550 static const char message_9_3[] =
551 "0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a "
552 "4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1 "
553 "26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1 "
554 "fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89 "
555 "3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d "
556 "df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff "
557 "74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63 "
558 "19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34 "
559 "09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec "
560 "be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1 "
561 "4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46 "
562 "2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc "
563 "d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8 "
564 "9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 ";
565 // Salt:
566 static const char salt_9_3[] =
567 "9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed "
568 "fc 74 db f5 ";
569 // Signature:
570 static const char signature_9_3[] =
571 "48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27 "
572 "08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9 "
573 "81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5 "
574 "bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c "
575 "87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77 "
576 "5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd "
577 "1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb "
578 "c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20 "
579 "19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16 "
580 "a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd "
581 "e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3 "
582 "fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca ";
583
584 // RSASSA-PSS Signature Example 9.4
585 // Message to be signed:
586 static const char message_9_4[] =
587 "1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8 "
588 "82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db "
589 "be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19 "
590 "a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06 "
591 "e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb "
592 "b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f "
593 "53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3 "
594 "0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a "
595 "45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0 "
596 "1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14 "
597 "fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0 "
598 "c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4 "
599 "3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc "
600 "b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81 "
601 "7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5 "
602 "69 26 fc ec 20 9f 9e a8 ";
603 // Salt:
604 static const char salt_9_4[] =
605 "70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6 "
606 "32 b8 40 45 ";
607 // Signature:
608 static const char signature_9_4[] =
609 "84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01 "
610 "12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a "
611 "e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03 "
612 "fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c "
613 "97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed "
614 "2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8 "
615 "b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58 "
616 "cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a "
617 "91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e "
618 "0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77 "
619 "e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f "
620 "bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e ";
621
622 // RSASSA-PSS Signature Example 9.5
623 // Message to be signed:
624 static const char message_9_5[] =
625 "1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9 "
626 "cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d "
627 "73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52 "
628 "26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76 "
629 "96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18 "
630 "55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21 "
631 "38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8 "
632 "be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80 "
633 "0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f "
634 "bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67 "
635 "fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed "
636 "1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1 "
637 "be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e "
638 "2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01 "
639 "d9 fa 6e d8 06 46 49 1c 93 41 ";
640 // Salt:
641 static const char salt_9_5[] =
642 "d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29 "
643 "5f b9 1b 67 ";
644 // Signature:
645 static const char signature_9_5[] =
646 "82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6 "
647 "4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27 "
648 "4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42 "
649 "0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da "
650 "5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d "
651 "4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe "
652 "c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a "
653 "1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17 "
654 "17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16 "
655 "64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba "
656 "3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf "
657 "22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c ";
658
659 // RSASSA-PSS Signature Example 9.6
660 // Message to be signed:
661 static const char message_9_6[] =
662 "88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25 "
663 "c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67 "
664 "0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c "
665 "c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1 "
666 "de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc "
667 "d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30 "
668 "2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d "
669 "b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e "
670 "d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14 "
671 "fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db "
672 "ce 7a 9e f7 97 ";
673 // Salt:
674 static const char salt_9_6[] =
675 "c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61 "
676 "3b ba 22 76 ";
677 // Signature:
678 static const char signature_9_6[] =
679 "a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86 "
680 "7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa "
681 "de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2 "
682 "05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04 "
683 "c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4 "
684 "af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c "
685 "31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9 "
686 "aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3 "
687 "af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d "
688 "e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08 "
689 "95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42 "
690 "3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f ";
691
692 // Example 10: A 2048-bit RSA Key Pair
693
694 // RSA modulus n:
695 static const char rsa_modulus_n_10[] =
696 "a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70 "
697 "ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5 "
698 "7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18 "
699 "75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad "
700 "cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12 "
701 "cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae "
702 "4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e "
703 "90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a "
704 "21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37 "
705 "39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea "
706 "45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73 "
707 "3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07 "
708 "0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17 "
709 "b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00 "
710 "1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82 "
711 "ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 ";
712 // RSA public exponent e:
713 static const char rsa_public_exponent_e_10[] =
714 "01 00 01 ";
715
716 // RSASSA-PSS Signature Example 10.1
717 // Message to be signed:
718 static const char message_10_1[] =
719 "88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c "
720 "6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 ";
721 // Salt:
722 static const char salt_10_1[] =
723 "04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab "
724 "fc ec de 89 ";
725 // Signature:
726 static const char signature_10_1[] =
727 "82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54 "
728 "06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5 "
729 "af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14 "
730 "8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2 "
731 "1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7 "
732 "9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74 "
733 "1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a "
734 "77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f "
735 "d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16 "
736 "59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e "
737 "57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb "
738 "3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00 "
739 "0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8 "
740 "e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04 "
741 "38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1 "
742 "b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 ";
743
744 // RSASSA-PSS Signature Example 10.2
745 // Message to be signed:
746 static const char message_10_2[] =
747 "dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c "
748 "52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13 "
749 "97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b "
750 "34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db "
751 "d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3 "
752 "c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75 "
753 "ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e "
754 "80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac ";
755 // Salt:
756 static const char salt_10_2[] =
757 "8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb "
758 "57 f9 b7 1b ";
759 // Signature:
760 static const char signature_10_2[] =
761 "14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c "
762 "d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30 "
763 "53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10 "
764 "11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28 "
765 "92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a "
766 "5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca "
767 "ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec "
768 "d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63 "
769 "7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22 "
770 "21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15 "
771 "99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68 "
772 "25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42 "
773 "31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab "
774 "c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd "
775 "26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26 "
776 "d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 ";
777
778 // RSASSA-PSS Signature Example 10.3
779 // Message to be signed:
780 static const char message_10_3[] =
781 "48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b "
782 "08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01 "
783 "93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6 "
784 "26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71 "
785 "ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d "
786 "e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1 "
787 "3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db ";
788 // Salt:
789 static const char salt_10_3[] =
790 "4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6 "
791 "e2 0c 2d 73 ";
792 // Signature:
793 static const char signature_10_3[] =
794 "6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb "
795 "39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5 "
796 "4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d "
797 "3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01 "
798 "02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a "
799 "a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5 "
800 "d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa "
801 "91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66 "
802 "f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78 "
803 "34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b "
804 "44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de "
805 "03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53 "
806 "1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19 "
807 "6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24 "
808 "71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5 "
809 "0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb ";
810
811 // RSASSA-PSS Signature Example 10.4
812 // Message to be signed:
813 static const char message_10_4[] =
814 "0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75 "
815 "5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4 "
816 "e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82 "
817 "db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a "
818 "62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45 "
819 "1a ";
820 // Salt:
821 static const char salt_10_4[] =
822 "c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0 "
823 "1c b5 41 ec ";
824 // Signature:
825 static const char signature_10_4[] =
826 "34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61 "
827 "a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd "
828 "ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93 "
829 "2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc "
830 "f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0 "
831 "2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34 "
832 "b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6 "
833 "6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce "
834 "c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45 "
835 "0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d "
836 "02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec "
837 "b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f "
838 "01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9 "
839 "2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d "
840 "de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6 "
841 "c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb ";
842
843 // RSASSA-PSS Signature Example 10.5
844 // Message to be signed:
845 static const char message_10_5[] =
846 "f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f "
847 "06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97 "
848 "6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98 "
849 "01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b "
850 "b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9 "
851 "16 ";
852 // Salt:
853 static const char salt_10_5[] =
854 "ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52 "
855 "65 5f 5d fb ";
856 // Signature:
857 static const char signature_10_5[] =
858 "7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c "
859 "55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3 "
860 "46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de "
861 "42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1 "
862 "f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38 "
863 "77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b "
864 "3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b "
865 "b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72 "
866 "1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05 "
867 "e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed "
868 "b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5 "
869 "a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9 "
870 "21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11 "
871 "26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24 "
872 "86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a "
873 "cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc ";
874
875 // RSASSA-PSS Signature Example 10.6
876 // Message to be signed:
877 static const char message_10_6[] =
878 "25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1 "
879 "f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5 "
880 "55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91 "
881 "dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52 "
882 "c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03 "
883 "23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0 "
884 "74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7 "
885 "d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37 "
886 "8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e "
887 "aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef "
888 "b8 af d7 ";
889 // Salt:
890 static const char salt_10_6[] =
891 "ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c "
892 "a2 d1 df 28 ";
893 // Signature:
894 static const char signature_10_6[] =
895 "6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21 "
896 "80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9 "
897 "b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12 "
898 "5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7 "
899 "b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91 "
900 "55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c "
901 "43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46 "
902 "bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81 "
903 "8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96 "
904 "d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e "
905 "f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18 "
906 "e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08 "
907 "8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed "
908 "94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59 "
909 "e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73 "
910 "2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f ";
911
912 struct SignatureExample {
913 const char* message;
914 const char* salt;
915 const char* signature;
916 };
917
918 struct PSSTestVector {
919 const char* modulus_n;
920 const char* public_exponent_e;
921 SignatureExample example[6];
922 };
923
924 static const PSSTestVector pss_test[] = {
925 {
926 rsa_modulus_n_1,
927 rsa_public_exponent_e_1,
928 {
929 { message_1_1, salt_1_1, signature_1_1 },
930 { message_1_2, salt_1_2, signature_1_2 },
931 { message_1_3, salt_1_3, signature_1_3 },
932 { message_1_4, salt_1_4, signature_1_4 },
933 { message_1_5, salt_1_5, signature_1_5 },
934 { message_1_6, salt_1_6, signature_1_6 },
935 }
936 },
937 {
938 rsa_modulus_n_9,
939 rsa_public_exponent_e_9,
940 {
941 { message_9_1, salt_9_1, signature_9_1 },
942 { message_9_2, salt_9_2, signature_9_2 },
943 { message_9_3, salt_9_3, signature_9_3 },
944 { message_9_4, salt_9_4, signature_9_4 },
945 { message_9_5, salt_9_5, signature_9_5 },
946 { message_9_6, salt_9_6, signature_9_6 },
947 }
948 },
949 {
950 rsa_modulus_n_10,
951 rsa_public_exponent_e_10,
952 {
953 { message_10_1, salt_10_1, signature_10_1 },
954 { message_10_2, salt_10_2, signature_10_2 },
955 { message_10_3, salt_10_3, signature_10_3 },
956 { message_10_4, salt_10_4, signature_10_4 },
957 { message_10_5, salt_10_5, signature_10_5 },
958 { message_10_6, salt_10_6, signature_10_6 },
959 }
960 },
961 };
962
963 static uint8 HexDigitValue(char digit) {
964 if ('0' <= digit && digit <= '9')
965 return digit - '0';
966 if ('a' <= digit && digit <= 'f')
967 return digit - 'a' + 10;
968 return digit - 'A' + 10;
969 }
970
971 static bool DecodeTestInput(const char* in, std::vector<uint8>* out) {
972 out->clear();
973 while (in[0] != '\0') {
974 if (!isxdigit(in[0]) || !isxdigit(in[1]) || in[2] != ' ')
975 return false;
976 uint8 octet = HexDigitValue(in[0]) * 16 + HexDigitValue(in[1]);
977 out->push_back(octet);
978 in += 3;
979 }
980 return true;
981 }
982
983 static bool EncodeRSAPublicKey(const std::vector<uint8>& modulus_n,
984 const std::vector<uint8>& public_exponent_e,
985 std::vector<uint8>* public_key_info) {
986 // The public key is specified as the following ASN.1 structure:
987 // SubjectPublicKeyInfo ::= SEQUENCE {
988 // algorithm AlgorithmIdentifier,
989 // subjectPublicKey BIT STRING }
990 //
991 // The signature algorithm is specified as the following ASN.1 structure:
992 // AlgorithmIdentifier ::= SEQUENCE {
993 // algorithm OBJECT IDENTIFIER,
994 // parameters ANY DEFINED BY algorithm OPTIONAL }
995 //
996 // An RSA public key is specified as the following ASN.1 structure:
997 // RSAPublicKey ::= SEQUENCE {
998 // modulus INTEGER, -- n
999 // publicExponent INTEGER -- e
1000 // }
1001 static const uint8 kIntegerTag = 0x02;
1002 static const uint8 kBitStringTag = 0x03;
1003 static const uint8 kSequenceTag = 0x30;
1004 public_key_info->clear();
1005
1006 // Encode the public exponent e as an INTEGER.
1007 public_key_info->insert(public_key_info->begin(),
1008 public_exponent_e.begin(),
1009 public_exponent_e.end());
1010 uint8 exponent_size = base::checked_cast<uint8>(public_exponent_e.size());
1011 public_key_info->insert(public_key_info->begin(), exponent_size);
1012 public_key_info->insert(public_key_info->begin(), kIntegerTag);
1013
1014 // Encode the modulus n as an INTEGER.
1015 public_key_info->insert(public_key_info->begin(),
1016 modulus_n.begin(), modulus_n.end());
1017 uint16 modulus_size = base::checked_cast<uint16>(modulus_n.size());
1018 if (modulus_n[0] & 0x80) {
1019 public_key_info->insert(public_key_info->begin(), 0x00);
1020 modulus_size++;
1021 }
1022 public_key_info->insert(public_key_info->begin(), modulus_size & 0xff);
1023 public_key_info->insert(public_key_info->begin(), (modulus_size >> 8) & 0xff);
1024 public_key_info->insert(public_key_info->begin(), 0x82);
1025 public_key_info->insert(public_key_info->begin(), kIntegerTag);
1026
1027 // Encode the RSAPublicKey SEQUENCE.
1028 uint16 info_size = base::checked_cast<uint16>(public_key_info->size());
1029 public_key_info->insert(public_key_info->begin(), info_size & 0xff);
1030 public_key_info->insert(public_key_info->begin(), (info_size >> 8) & 0xff);
1031 public_key_info->insert(public_key_info->begin(), 0x82);
1032 public_key_info->insert(public_key_info->begin(), kSequenceTag);
1033
1034 // Encode the BIT STRING.
1035 // Number of unused bits.
1036 public_key_info->insert(public_key_info->begin(), 0x00);
1037 info_size = base::checked_cast<uint16>(public_key_info->size());
1038 public_key_info->insert(public_key_info->begin(), info_size & 0xff);
1039 public_key_info->insert(public_key_info->begin(), (info_size >> 8) & 0xff);
1040 public_key_info->insert(public_key_info->begin(), 0x82);
1041 public_key_info->insert(public_key_info->begin(), kBitStringTag);
1042
1043 // Encode the AlgorithmIdentifier.
1044 static const uint8 algorithm[] = {
1045 0x30, 0x0d, // a SEQUENCE of length 13
1046 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
1047 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1048 0x05, 0x00,
1049 };
1050 public_key_info->insert(public_key_info->begin(),
1051 algorithm, algorithm + sizeof(algorithm));
1052
1053 // Encode the outermost SEQUENCE.
1054 info_size = base::checked_cast<uint16>(public_key_info->size());
1055 public_key_info->insert(public_key_info->begin(), info_size & 0xff);
1056 public_key_info->insert(public_key_info->begin(), (info_size >> 8) & 0xff);
1057 public_key_info->insert(public_key_info->begin(), 0x82);
1058 public_key_info->insert(public_key_info->begin(), kSequenceTag);
1059
1060 return true;
1061 }
1062
1063 TEST(SignatureVerifierTest, VerifyRSAPSS) {
1064 for (unsigned int i = 0; i < arraysize(pss_test); i++) {
1065 std::vector<uint8> modulus_n;
1066 std::vector<uint8> public_exponent_e;
1067 ASSERT_TRUE(DecodeTestInput(pss_test[i].modulus_n, &modulus_n));
1068 ASSERT_TRUE(DecodeTestInput(pss_test[i].public_exponent_e,
1069 &public_exponent_e));
1070 std::vector<uint8> public_key_info;
1071 ASSERT_TRUE(EncodeRSAPublicKey(modulus_n, public_exponent_e,
1072 &public_key_info));
1073
1074 for (unsigned int j = 0; j < arraysize(pss_test[i].example); j++) {
1075 std::vector<uint8> message;
1076 std::vector<uint8> salt;
1077 std::vector<uint8> signature;
1078 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].message, &message));
1079 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].salt, &salt));
1080 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].signature,
1081 &signature));
1082
1083 crypto::SignatureVerifier verifier;
1084 bool ok;
1085
1086 // Positive test.
1087 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1088 crypto::SignatureVerifier::SHA1,
1089 salt.size(),
1090 &signature[0], signature.size(),
1091 &public_key_info[0],
1092 public_key_info.size());
1093 ASSERT_TRUE(ok);
1094 verifier.VerifyUpdate(&message[0], message.size());
1095 ok = verifier.VerifyFinal();
1096 EXPECT_TRUE(ok);
1097
1098 // Modify the first byte of the message.
1099 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1100 crypto::SignatureVerifier::SHA1,
1101 salt.size(),
1102 &signature[0], signature.size(),
1103 &public_key_info[0],
1104 public_key_info.size());
1105 ASSERT_TRUE(ok);
1106 message[0] += 1;
1107 verifier.VerifyUpdate(&message[0], message.size());
1108 message[0] -= 1;
1109 ok = verifier.VerifyFinal();
1110 EXPECT_FALSE(ok);
1111
1112 // Truncate the message.
1113 ASSERT_FALSE(message.empty());
1114 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1115 crypto::SignatureVerifier::SHA1,
1116 salt.size(),
1117 &signature[0], signature.size(),
1118 &public_key_info[0],
1119 public_key_info.size());
1120 ASSERT_TRUE(ok);
1121 verifier.VerifyUpdate(&message[0], message.size() - 1);
1122 ok = verifier.VerifyFinal();
1123 EXPECT_FALSE(ok);
1124
1125 // Corrupt the signature.
1126 signature[0] += 1;
1127 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1128 crypto::SignatureVerifier::SHA1,
1129 salt.size(),
1130 &signature[0], signature.size(),
1131 &public_key_info[0],
1132 public_key_info.size());
1133 signature[0] -= 1;
1134 ASSERT_TRUE(ok);
1135 verifier.VerifyUpdate(&message[0], message.size());
1136 ok = verifier.VerifyFinal();
1137 EXPECT_FALSE(ok);
1138 }
1139 }
1140 }