Google Git
Sign in
chromium / chromium / src.git / 9fcec0ad20328b6d36e65312632bf615ab94e8c0 / . / crypto / signature_verifier_unittest.cc
blob: 332979971c6e717da4a9c88f1ad43a30f87d2e34 [file] [log] [blame]
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]5#include "crypto/signature_verifier.h"
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]6#include "testing/gtest/include/gtest/gtest.h"
7
8TEST(SignatureVerifierTest, BasicTest) {
9 // The input data in this test comes from real certificates.
10 //
11 // tbs_certificate ("to-be-signed certificate", the part of a certificate
12 // that is signed), signature_algorithm, and algorithm come from the
13 // certificate of bugs.webkit.org.
14 //
15 // public_key_info comes from the certificate of the issuer, Go Daddy Secure
16 // Certification Authority.
17 //
18 // The bytes in the array initializers are formatted to expose the DER
19 // encoding of the ASN.1 structures.
20
21 // The data that is signed is the following ASN.1 structure:
[email protected]15b3b562009-04-10 23:43:43[diff] [blame]22 // TBSCertificate ::= SEQUENCE {
23 // ... -- omitted, not important
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]24 // }
25 const uint8 tbs_certificate[1017] = {
26 0x30, 0x82, 0x03, 0xf5, // a SEQUENCE of length 1013 (0x3f5)
27 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d,
28 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
29 0x00, 0x30, 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
30 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
31 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31,
32 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63,
33 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18,
34 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64,
35 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
36 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68,
37 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66,
38 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64,
39 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73,
40 0x69, 0x74, 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55,
41 0x04, 0x03, 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79,
42 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74,
43 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75,
44 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06,
45 0x03, 0x55, 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32,
46 0x38, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38,
47 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30,
48 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79,
49 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
50 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
51 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12,
52 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70,
53 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
54 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49,
55 0x6e, 0x63, 0x2e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b,
56 0x13, 0x0c, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72,
57 0x67, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
58 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72,
59 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
60 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
61 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28,
62 0xf2, 0xc0, 0x4f, 0xe0, 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5,
63 0xc9, 0x26, 0x3a, 0x1b, 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0,
64 0xf0, 0x40, 0x9e, 0x27, 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c,
65 0xb8, 0x9b, 0x01, 0x2f, 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1,
66 0x7e, 0x8e, 0xcd, 0xa6, 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff,
67 0x2a, 0x6d, 0x0e, 0xba, 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39,
68 0xdc, 0x1e, 0x34, 0xd0, 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca,
69 0x65, 0xf6, 0x85, 0x3a, 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1,
70 0xce, 0x88, 0x47, 0xcd, 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb,
71 0x57, 0xdc, 0xca, 0x99, 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e,
72 0xe9, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30,
73 0x82, 0x01, 0xca, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02,
74 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03,
75 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16,
76 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
77 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57,
78 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0,
79 0x4a, 0xa0, 0x48, 0x86, 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
80 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73,
81 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
82 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f,
83 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e,
84 0x64, 0x65, 0x64, 0x69, 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e,
85 0x63, 0x72, 0x6c, 0x30, 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b,
86 0x30, 0x49, 0x30, 0x47, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd,
87 0x6d, 0x01, 0x07, 0x17, 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b,
88 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74,
89 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
90 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79,
91 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74,
92 0x6f, 0x72, 0x79, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
93 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b,
94 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74,
95 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64,
96 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08,
97 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74,
98 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
99 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64,
100 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69,
101 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65,
102 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74,
103 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48,
104 0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5,
105 0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55,
106 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32,
107 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76,
108 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04,
109 0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69,
110 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69,
111 0x74, 0x2e, 0x6f, 0x72, 0x67
112 };
113
114 // The signature algorithm is specified as the following ASN.1 structure:
[email protected]15b3b562009-04-10 23:43:43[diff] [blame]115 // AlgorithmIdentifier ::= SEQUENCE {
116 // algorithm OBJECT IDENTIFIER,
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]117 // parameters ANY DEFINED BY algorithm OPTIONAL }
118 //
119 const uint8 signature_algorithm[15] = {
120 0x30, 0x0d, // a SEQUENCE of length 13 (0xd)
121 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
122 // 1.2.840.113549.1.1.5 - sha1WithRSAEncryption
123 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
124 0x05, 0x00, // a NULL of length 0
125 };
126
127 // RSA signature, a big integer in the big-endian byte order.
128 const uint8 signature[256] = {
129 0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f,
130 0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37,
131 0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82,
132 0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01,
133 0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01,
134 0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98,
135 0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56,
136 0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8,
137 0xa0, 0xe9, 0x7d, 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff,
138 0x9a, 0x01, 0x31, 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d,
139 0xbb, 0xbb, 0xcd, 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84,
140 0x71, 0x08, 0xd2, 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8,
141 0x12, 0x6a, 0x6f, 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9,
142 0xe0, 0xb5, 0xb3, 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2,
143 0xca, 0x20, 0xd3, 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94,
144 0x93, 0x8c, 0x64, 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3,
145 0xd3, 0xc1, 0x50, 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a,
146 0x7a, 0x21, 0x87, 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e,
147 0xbe, 0xcd, 0x70, 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08,
148 0x01, 0x6f, 0x37, 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd,
149 0x35, 0x52, 0xdd, 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8,
150 0x3c, 0xd8, 0x48, 0x8a
151 };
152
153 // The public key is specified as the following ASN.1 structure:
[email protected]15b3b562009-04-10 23:43:43[diff] [blame]154 // SubjectPublicKeyInfo ::= SEQUENCE {
155 // algorithm AlgorithmIdentifier,
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]156 // subjectPublicKey BIT STRING }
157 const uint8 public_key_info[294] = {
158 0x30, 0x82, 0x01, 0x22, // a SEQUENCE of length 290 (0x122)
159 // algorithm
160 0x30, 0x0d, // a SEQUENCE of length 13
161 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
162 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
163 0x05, 0x00, // a NULL of length 0
164 // subjectPublicKey
165 0x03, 0x82, 0x01, 0x0f, // a BIT STRING of length 271 (0x10f)
166 0x00, // number of unused bits
167 0x30, 0x82, 0x01, 0x0a, // a SEQUENCE of length 266 (0x10a)
168 // modulus
169 0x02, 0x82, 0x01, 0x01, // an INTEGER of length 257 (0x101)
170 0x00, 0xc4, 0x2d, 0xd5, 0x15, 0x8c, 0x9c, 0x26, 0x4c, 0xec,
171 0x32, 0x35, 0xeb, 0x5f, 0xb8, 0x59, 0x01, 0x5a, 0xa6, 0x61,
172 0x81, 0x59, 0x3b, 0x70, 0x63, 0xab, 0xe3, 0xdc, 0x3d, 0xc7,
173 0x2a, 0xb8, 0xc9, 0x33, 0xd3, 0x79, 0xe4, 0x3a, 0xed, 0x3c,
174 0x30, 0x23, 0x84, 0x8e, 0xb3, 0x30, 0x14, 0xb6, 0xb2, 0x87,
175 0xc3, 0x3d, 0x95, 0x54, 0x04, 0x9e, 0xdf, 0x99, 0xdd, 0x0b,
176 0x25, 0x1e, 0x21, 0xde, 0x65, 0x29, 0x7e, 0x35, 0xa8, 0xa9,
177 0x54, 0xeb, 0xf6, 0xf7, 0x32, 0x39, 0xd4, 0x26, 0x55, 0x95,
178 0xad, 0xef, 0xfb, 0xfe, 0x58, 0x86, 0xd7, 0x9e, 0xf4, 0x00,
179 0x8d, 0x8c, 0x2a, 0x0c, 0xbd, 0x42, 0x04, 0xce, 0xa7, 0x3f,
180 0x04, 0xf6, 0xee, 0x80, 0xf2, 0xaa, 0xef, 0x52, 0xa1, 0x69,
181 0x66, 0xda, 0xbe, 0x1a, 0xad, 0x5d, 0xda, 0x2c, 0x66, 0xea,
182 0x1a, 0x6b, 0xbb, 0xe5, 0x1a, 0x51, 0x4a, 0x00, 0x2f, 0x48,
183 0xc7, 0x98, 0x75, 0xd8, 0xb9, 0x29, 0xc8, 0xee, 0xf8, 0x66,
184 0x6d, 0x0a, 0x9c, 0xb3, 0xf3, 0xfc, 0x78, 0x7c, 0xa2, 0xf8,
185 0xa3, 0xf2, 0xb5, 0xc3, 0xf3, 0xb9, 0x7a, 0x91, 0xc1, 0xa7,
186 0xe6, 0x25, 0x2e, 0x9c, 0xa8, 0xed, 0x12, 0x65, 0x6e, 0x6a,
187 0xf6, 0x12, 0x44, 0x53, 0x70, 0x30, 0x95, 0xc3, 0x9c, 0x2b,
188 0x58, 0x2b, 0x3d, 0x08, 0x74, 0x4a, 0xf2, 0xbe, 0x51, 0xb0,
189 0xbf, 0x87, 0xd0, 0x4c, 0x27, 0x58, 0x6b, 0xb5, 0x35, 0xc5,
190 0x9d, 0xaf, 0x17, 0x31, 0xf8, 0x0b, 0x8f, 0xee, 0xad, 0x81,
191 0x36, 0x05, 0x89, 0x08, 0x98, 0xcf, 0x3a, 0xaf, 0x25, 0x87,
192 0xc0, 0x49, 0xea, 0xa7, 0xfd, 0x67, 0xf7, 0x45, 0x8e, 0x97,
193 0xcc, 0x14, 0x39, 0xe2, 0x36, 0x85, 0xb5, 0x7e, 0x1a, 0x37,
194 0xfd, 0x16, 0xf6, 0x71, 0x11, 0x9a, 0x74, 0x30, 0x16, 0xfe,
195 0x13, 0x94, 0xa3, 0x3f, 0x84, 0x0d, 0x4f,
196 // public exponent
197 0x02, 0x03, // an INTEGER of length 3
198 0x01, 0x00, 0x01
199 };
200
201 // We use the signature verifier to perform four signature verification
202 // tests.
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]203 crypto::SignatureVerifier verifier;
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]204 bool ok;
205
206 // Test 1: feed all of the data to the verifier at once (a single
207 // VerifyUpdate call).
208 ok = verifier.VerifyInit(signature_algorithm,
209 sizeof(signature_algorithm),
210 signature, sizeof(signature),
211 public_key_info, sizeof(public_key_info));
212 EXPECT_TRUE(ok);
213 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
214 ok = verifier.VerifyFinal();
215 EXPECT_TRUE(ok);
216
217 // Test 2: feed the data to the verifier in three parts (three VerifyUpdate
218 // calls).
219 ok = verifier.VerifyInit(signature_algorithm,
220 sizeof(signature_algorithm),
221 signature, sizeof(signature),
222 public_key_info, sizeof(public_key_info));
223 EXPECT_TRUE(ok);
224 verifier.VerifyUpdate(tbs_certificate, 256);
225 verifier.VerifyUpdate(tbs_certificate + 256, 256);
226 verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512);
227 ok = verifier.VerifyFinal();
228 EXPECT_TRUE(ok);
229
230 // Test 3: verify the signature with incorrect data.
231 uint8 bad_tbs_certificate[sizeof(tbs_certificate)];
232 memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate));
233 bad_tbs_certificate[10] += 1; // Corrupt one byte of the data.
234 ok = verifier.VerifyInit(signature_algorithm,
235 sizeof(signature_algorithm),
236 signature, sizeof(signature),
237 public_key_info, sizeof(public_key_info));
238 EXPECT_TRUE(ok);
239 verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate));
240 ok = verifier.VerifyFinal();
241 EXPECT_FALSE(ok);
242
243 // Test 4: verify a bad signature.
244 uint8 bad_signature[sizeof(signature)];
245 memcpy(bad_signature, signature, sizeof(signature));
246 bad_signature[10] += 1; // Corrupt one byte of the signature.
247 ok = verifier.VerifyInit(signature_algorithm,
248 sizeof(signature_algorithm),
249 bad_signature, sizeof(bad_signature),
250 public_key_info, sizeof(public_key_info));
251
252 // A crypto library (e.g., NSS) may detect that the signature is corrupted
253 // and cause VerifyInit to return false, so it is fine for 'ok' to be false.
254 if (ok) {
255 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
256 ok = verifier.VerifyFinal();
257 EXPECT_FALSE(ok);
[email protected]db7286d2009-04-10 16:36:34[diff] [blame]258 }
259}
[email protected]9b8986612013-06-28 17:46:53[diff] [blame]260
261//////////////////////////////////////////////////////////////////////
262//
263// RSA-PSS signature verification known answer test
264//
265//////////////////////////////////////////////////////////////////////
266
267// The following RSA-PSS signature test vectors come from the pss-vect.txt
268// file downloaded from
269// ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip.
270//
271// For each key, 6 random messages of length between 1 and 256 octets have
272// been RSASSA-PSS signed.
273//
274// Hash function: SHA-1
275// Mask generation function: MGF1 with SHA-1
276// Salt length: 20 octets
277
278// Example 1: A 1024-bit RSA Key Pair"
279
280// RSA modulus n:
281static const char rsa_modulus_n_1[] =
282 "a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1 "
283 "56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91 "
284 "d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3 "
285 "94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df "
286 "d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77 "
287 "c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1 "
288 "05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4 "
289 "ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 ";
290// RSA public exponent e: "
291static const char rsa_public_exponent_e_1[] =
292 "01 00 01 ";
293
294// RSASSA-PSS Signature Example 1.1
295// Message to be signed:
296static const char message_1_1[] =
297 "cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26 "
298 "d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6 "
299 "23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15 "
300 "6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76 "
301 "97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3 "
302 "d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0 "
303 "61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29 "
304 "cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61 "
305 "93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08 "
306 "a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c "
307 "29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca "
308 "b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16 "
309 "be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed "
310 "1b 73 31 8b 75 0a 01 67 d0 ";
311// Salt:
312static const char salt_1_1[] =
313 "de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f "
314 "3e 67 76 af ";
315// Signature:
316static const char signature_1_1[] =
317 "90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71 "
318 "fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87 "
319 "e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2 "
320 "26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15 "
321 "df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9 "
322 "c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65 "
323 "98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4 "
324 "c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c ";
325
326// RSASSA-PSS Signature Example 1.2
327// Message to be signed:
328static const char message_1_2[] =
329 "85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c "
330 "f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f "
331 "71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13 "
332 "22 6b 9e ";
333// Salt:
334static const char salt_1_2[] =
335 "ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f "
336 "d5 6d f4 2d ";
337// Signature:
338static const char signature_1_2[] =
339 "3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce "
340 "fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e "
341 "f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db "
342 "0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45 "
343 "17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4 "
344 "cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35 "
345 "90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14 "
346 "18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 ";
347
348// RSASSA-PSS Signature Example 1.3
349// Message to be signed:
350static const char message_1_3[] =
351 "a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5 "
352 "aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef "
353 "8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d "
354 "fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55 "
355 "fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db "
356 "43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7 "
357 "45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29 "
358 "c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4 "
359 "56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17 "
360 "be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c "
361 "03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b "
362 "79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa "
363 "29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61 "
364 "8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13 "
365 "38 e7 d4 70 ";
366// Salt:
367static const char salt_1_3[] =
368 "71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1 "
369 "81 07 cc 77 ";
370// Signature:
371static const char signature_1_3[] =
372 "66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e "
373 "4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01 "
374 "54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b "
375 "aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14 "
376 "3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82 "
377 "72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a "
378 "a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91 "
379 "60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 ";
380
381// RSASSA-PSS Signature Example 1.4
382// Message to be signed:
383static const char message_1_4[] =
384 "bc 65 67 47 fa 9e af b3 f0 ";
385// Salt:
386static const char salt_1_4[] =
387 "05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be "
388 "f7 20 33 5e ";
389// Signature:
390static const char signature_1_4[] =
391 "46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f "
392 "3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c "
393 "17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f "
394 "4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad "
395 "84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e "
396 "42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18 "
397 "33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7 "
398 "52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 ";
399
400// RSASSA-PSS Signature Example 1.5
401// Message to be signed:
402static const char message_1_5[] =
403 "b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64 "
404 "e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76 "
405 "c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e "
406 "f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75 "
407 "48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4 "
408 "b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f "
409 "32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7 "
410 "82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc "
411 "5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f "
412 "45 5a 69 09 b4 ";
413// Salt:
414static const char salt_1_5[] =
415 "80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc "
416 "ea 67 ae 8e ";
417// Signature:
418static const char signature_1_5[] =
419 "1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98 "
420 "e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73 "
421 "47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1 "
422 "6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59 "
423 "60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c "
424 "3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db "
425 "45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6 "
426 "84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad ";
427
428// RSASSA-PSS Signature Example 1.6
429// Message to be signed:
430static const char message_1_6[] =
431 "10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7 "
432 "5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec "
433 "74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4 "
434 "3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4 "
435 "35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90 "
436 "9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7 "
437 "05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad "
438 "b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87 "
439 "94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00 "
440 "44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73 "
441 "d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29 "
442 "51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb "
443 "3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf "
444 "e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6 "
445 "13 8d 14 4f 8c e4 e2 da 73 ";
446// Salt:
447static const char salt_1_6[] =
448 "a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6 "
449 "16 d9 96 81 ";
450// Signature:
451static const char signature_1_6[] =
452 "2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32 "
453 "be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98 "
454 "7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6 "
455 "7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7 "
456 "5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0 "
457 "d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89 "
458 "82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27 "
459 "3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 ";
460
461// Example 9: A 1536-bit RSA Key Pair
462
463// RSA modulus n:
464static const char rsa_modulus_n_9[] =
465 "e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9 "
466 "bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b "
467 "5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4 "
468 "a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68 "
469 "35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73 "
470 "ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc "
471 "ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43 "
472 "3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14 "
473 "83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f "
474 "84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02 "
475 "73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8 "
476 "17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b ";
477// RSA public exponent e:
478static const char rsa_public_exponent_e_9[] =
479 "01 00 01 ";
480
481// RSASSA-PSS Signature Example 9.1
482// Message to be signed:
483static const char message_9_1[] =
484 "a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59 "
485 "1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59 "
486 "22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa "
487 "70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27 "
488 "88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4 "
489 "f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88 "
490 "c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f "
491 "0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79 "
492 "f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76 "
493 "2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70 "
494 "9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66 "
495 "ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94 "
496 "20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2 "
497 "c7 50 f5 ";
498// Salt:
499static const char salt_9_1[] =
500 "c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5 "
501 "25 7e ed 80 ";
502// Signature:
503static const char signature_9_1[] =
504 "58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59 "
505 "bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef "
506 "58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38 "
507 "30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1 "
508 "3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b "
509 "67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c "
510 "b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70 "
511 "46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27 "
512 "9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60 "
513 "20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11 "
514 "21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81 "
515 "fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e ";
516
517// RSASSA-PSS Signature Example 9.2
518// Message to be signed:
519static const char message_9_2[] =
520 "c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3 "
521 "73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26 "
522 "58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce "
523 "d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1 "
524 "2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8 "
525 "a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6 "
526 "9f 86 35 0e 18 22 e8 bd 53 6a 2e ";
527// Salt:
528static const char salt_9_2[] =
529 "b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef "
530 "8c 5c 0e 91 ";
531// Signature:
532static const char signature_9_2[] =
533 "80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2 "
534 "59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d "
535 "d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04 "
536 "b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f "
537 "7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f "
538 "7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46 "
539 "bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63 "
540 "b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea "
541 "e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5 "
542 "e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee "
543 "36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa "
544 "1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 ";
545
546// RSASSA-PSS Signature Example 9.3
547// Message to be signed:
548static const char message_9_3[] =
549 "0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a "
550 "4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1 "
551 "26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1 "
552 "fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89 "
553 "3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d "
554 "df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff "
555 "74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63 "
556 "19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34 "
557 "09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec "
558 "be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1 "
559 "4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46 "
560 "2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc "
561 "d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8 "
562 "9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 ";
563// Salt:
564static const char salt_9_3[] =
565 "9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed "
566 "fc 74 db f5 ";
567// Signature:
568static const char signature_9_3[] =
569 "48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27 "
570 "08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9 "
571 "81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5 "
572 "bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c "
573 "87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77 "
574 "5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd "
575 "1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb "
576 "c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20 "
577 "19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16 "
578 "a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd "
579 "e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3 "
580 "fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca ";
581
582// RSASSA-PSS Signature Example 9.4
583// Message to be signed:
584static const char message_9_4[] =
585 "1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8 "
586 "82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db "
587 "be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19 "
588 "a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06 "
589 "e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb "
590 "b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f "
591 "53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3 "
592 "0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a "
593 "45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0 "
594 "1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14 "
595 "fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0 "
596 "c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4 "
597 "3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc "
598 "b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81 "
599 "7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5 "
600 "69 26 fc ec 20 9f 9e a8 ";
601// Salt:
602static const char salt_9_4[] =
603 "70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6 "
604 "32 b8 40 45 ";
605// Signature:
606static const char signature_9_4[] =
607 "84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01 "
608 "12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a "
609 "e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03 "
610 "fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c "
611 "97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed "
612 "2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8 "
613 "b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58 "
614 "cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a "
615 "91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e "
616 "0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77 "
617 "e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f "
618 "bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e ";
619
620// RSASSA-PSS Signature Example 9.5
621// Message to be signed:
622static const char message_9_5[] =
623 "1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9 "
624 "cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d "
625 "73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52 "
626 "26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76 "
627 "96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18 "
628 "55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21 "
629 "38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8 "
630 "be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80 "
631 "0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f "
632 "bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67 "
633 "fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed "
634 "1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1 "
635 "be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e "
636 "2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01 "
637 "d9 fa 6e d8 06 46 49 1c 93 41 ";
638// Salt:
639static const char salt_9_5[] =
640 "d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29 "
641 "5f b9 1b 67 ";
642// Signature:
643static const char signature_9_5[] =
644 "82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6 "
645 "4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27 "
646 "4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42 "
647 "0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da "
648 "5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d "
649 "4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe "
650 "c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a "
651 "1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17 "
652 "17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16 "
653 "64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba "
654 "3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf "
655 "22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c ";
656
657// RSASSA-PSS Signature Example 9.6
658// Message to be signed:
659static const char message_9_6[] =
660 "88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25 "
661 "c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67 "
662 "0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c "
663 "c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1 "
664 "de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc "
665 "d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30 "
666 "2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d "
667 "b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e "
668 "d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14 "
669 "fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db "
670 "ce 7a 9e f7 97 ";
671// Salt:
672static const char salt_9_6[] =
673 "c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61 "
674 "3b ba 22 76 ";
675// Signature:
676static const char signature_9_6[] =
677 "a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86 "
678 "7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa "
679 "de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2 "
680 "05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04 "
681 "c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4 "
682 "af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c "
683 "31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9 "
684 "aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3 "
685 "af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d "
686 "e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08 "
687 "95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42 "
688 "3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f ";
689
690// Example 10: A 2048-bit RSA Key Pair
691
692// RSA modulus n:
693static const char rsa_modulus_n_10[] =
694 "a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70 "
695 "ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5 "
696 "7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18 "
697 "75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad "
698 "cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12 "
699 "cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae "
700 "4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e "
701 "90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a "
702 "21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37 "
703 "39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea "
704 "45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73 "
705 "3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07 "
706 "0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17 "
707 "b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00 "
708 "1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82 "
709 "ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 ";
710// RSA public exponent e:
711static const char rsa_public_exponent_e_10[] =
712 "01 00 01 ";
713
714// RSASSA-PSS Signature Example 10.1
715// Message to be signed:
716static const char message_10_1[] =
717 "88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c "
718 "6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 ";
719// Salt:
720static const char salt_10_1[] =
721 "04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab "
722 "fc ec de 89 ";
723// Signature:
724static const char signature_10_1[] =
725 "82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54 "
726 "06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5 "
727 "af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14 "
728 "8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2 "
729 "1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7 "
730 "9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74 "
731 "1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a "
732 "77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f "
733 "d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16 "
734 "59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e "
735 "57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb "
736 "3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00 "
737 "0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8 "
738 "e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04 "
739 "38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1 "
740 "b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 ";
741
742// RSASSA-PSS Signature Example 10.2
743// Message to be signed:
744static const char message_10_2[] =
745 "dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c "
746 "52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13 "
747 "97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b "
748 "34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db "
749 "d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3 "
750 "c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75 "
751 "ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e "
752 "80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac ";
753// Salt:
754static const char salt_10_2[] =
755 "8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb "
756 "57 f9 b7 1b ";
757// Signature:
758static const char signature_10_2[] =
759 "14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c "
760 "d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30 "
761 "53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10 "
762 "11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28 "
763 "92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a "
764 "5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca "
765 "ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec "
766 "d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63 "
767 "7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22 "
768 "21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15 "
769 "99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68 "
770 "25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42 "
771 "31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab "
772 "c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd "
773 "26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26 "
774 "d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 ";
775
776// RSASSA-PSS Signature Example 10.3
777// Message to be signed:
778static const char message_10_3[] =
779 "48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b "
780 "08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01 "
781 "93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6 "
782 "26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71 "
783 "ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d "
784 "e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1 "
785 "3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db ";
786// Salt:
787static const char salt_10_3[] =
788 "4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6 "
789 "e2 0c 2d 73 ";
790// Signature:
791static const char signature_10_3[] =
792 "6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb "
793 "39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5 "
794 "4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d "
795 "3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01 "
796 "02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a "
797 "a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5 "
798 "d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa "
799 "91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66 "
800 "f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78 "
801 "34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b "
802 "44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de "
803 "03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53 "
804 "1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19 "
805 "6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24 "
806 "71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5 "
807 "0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb ";
808
809// RSASSA-PSS Signature Example 10.4
810// Message to be signed:
811static const char message_10_4[] =
812 "0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75 "
813 "5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4 "
814 "e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82 "
815 "db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a "
816 "62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45 "
817 "1a ";
818// Salt:
819static const char salt_10_4[] =
820 "c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0 "
821 "1c b5 41 ec ";
822// Signature:
823static const char signature_10_4[] =
824 "34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61 "
825 "a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd "
826 "ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93 "
827 "2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc "
828 "f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0 "
829 "2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34 "
830 "b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6 "
831 "6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce "
832 "c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45 "
833 "0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d "
834 "02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec "
835 "b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f "
836 "01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9 "
837 "2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d "
838 "de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6 "
839 "c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb ";
840
841// RSASSA-PSS Signature Example 10.5
842// Message to be signed:
843static const char message_10_5[] =
844 "f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f "
845 "06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97 "
846 "6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98 "
847 "01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b "
848 "b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9 "
849 "16 ";
850// Salt:
851static const char salt_10_5[] =
852 "ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52 "
853 "65 5f 5d fb ";
854// Signature:
855static const char signature_10_5[] =
856 "7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c "
857 "55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3 "
858 "46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de "
859 "42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1 "
860 "f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38 "
861 "77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b "
862 "3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b "
863 "b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72 "
864 "1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05 "
865 "e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed "
866 "b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5 "
867 "a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9 "
868 "21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11 "
869 "26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24 "
870 "86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a "
871 "cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc ";
872
873// RSASSA-PSS Signature Example 10.6
874// Message to be signed:
875static const char message_10_6[] =
876 "25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1 "
877 "f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5 "
878 "55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91 "
879 "dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52 "
880 "c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03 "
881 "23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0 "
882 "74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7 "
883 "d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37 "
884 "8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e "
885 "aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef "
886 "b8 af d7 ";
887// Salt:
888static const char salt_10_6[] =
889 "ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c "
890 "a2 d1 df 28 ";
891// Signature:
892static const char signature_10_6[] =
893 "6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21 "
894 "80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9 "
895 "b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12 "
896 "5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7 "
897 "b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91 "
898 "55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c "
899 "43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46 "
900 "bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81 "
901 "8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96 "
902 "d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e "
903 "f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18 "
904 "e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08 "
905 "8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed "
906 "94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59 "
907 "e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73 "
908 "2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f ";
909
910struct SignatureExample {
911 const char* message;
912 const char* salt;
913 const char* signature;
914};
915
916struct PSSTestVector {
917 const char* modulus_n;
918 const char* public_exponent_e;
919 SignatureExample example[6];
920};
921
922static const PSSTestVector pss_test[] = {
923 {
924 rsa_modulus_n_1,
925 rsa_public_exponent_e_1,
926 {
927 { message_1_1, salt_1_1, signature_1_1 },
928 { message_1_2, salt_1_2, signature_1_2 },
929 { message_1_3, salt_1_3, signature_1_3 },
930 { message_1_4, salt_1_4, signature_1_4 },
931 { message_1_5, salt_1_5, signature_1_5 },
932 { message_1_6, salt_1_6, signature_1_6 },
933 }
934 },
935 {
936 rsa_modulus_n_9,
937 rsa_public_exponent_e_9,
938 {
939 { message_9_1, salt_9_1, signature_9_1 },
940 { message_9_2, salt_9_2, signature_9_2 },
941 { message_9_3, salt_9_3, signature_9_3 },
942 { message_9_4, salt_9_4, signature_9_4 },
943 { message_9_5, salt_9_5, signature_9_5 },
944 { message_9_6, salt_9_6, signature_9_6 },
945 }
946 },
947 {
948 rsa_modulus_n_10,
949 rsa_public_exponent_e_10,
950 {
951 { message_10_1, salt_10_1, signature_10_1 },
952 { message_10_2, salt_10_2, signature_10_2 },
953 { message_10_3, salt_10_3, signature_10_3 },
954 { message_10_4, salt_10_4, signature_10_4 },
955 { message_10_5, salt_10_5, signature_10_5 },
956 { message_10_6, salt_10_6, signature_10_6 },
957 }
958 },
959};
960
961static uint8 HexDigitValue(char digit) {
962 if ('0' <= digit && digit <= '9')
963 return digit - '0';
964 if ('a' <= digit && digit <= 'f')
965 return digit - 'a' + 10;
966 return digit - 'A' + 10;
967}
968
969static bool DecodeTestInput(const char* in, std::vector<uint8>* out) {
970 out->clear();
971 while (in[0] != '\0') {
972 if (!isxdigit(in[0]) || !isxdigit(in[1]) || in[2] != ' ')
973 return false;
974 uint8 octet = HexDigitValue(in[0]) * 16 + HexDigitValue(in[1]);
975 out->push_back(octet);
976 in += 3;
977 }
978 return true;
979}
980
981static bool EncodeRSAPublicKey(const std::vector<uint8>& modulus_n,
982 const std::vector<uint8>& public_exponent_e,
983 std::vector<uint8>* public_key_info) {
984 // The public key is specified as the following ASN.1 structure:
985 // SubjectPublicKeyInfo ::= SEQUENCE {
986 // algorithm AlgorithmIdentifier,
987 // subjectPublicKey BIT STRING }
988 //
989 // The signature algorithm is specified as the following ASN.1 structure:
990 // AlgorithmIdentifier ::= SEQUENCE {
991 // algorithm OBJECT IDENTIFIER,
992 // parameters ANY DEFINED BY algorithm OPTIONAL }
993 //
994 // An RSA public key is specified as the following ASN.1 structure:
995 // RSAPublicKey ::= SEQUENCE {
996 // modulus INTEGER, -- n
997 // publicExponent INTEGER -- e
998 // }
999 static const uint8 kIntegerTag = 0x02;
1000 static const uint8 kBitStringTag = 0x03;
1001 static const uint8 kSequenceTag = 0x30;
1002 public_key_info->clear();
1003
1004 // Encode the public exponent e as an INTEGER.
1005 public_key_info->insert(public_key_info->begin(),
1006 public_exponent_e.begin(),
1007 public_exponent_e.end());
1008 uint8 length = public_exponent_e.size();
1009 public_key_info->insert(public_key_info->begin(), length);
1010 public_key_info->insert(public_key_info->begin(), kIntegerTag);
1011
1012 // Encode the modulus n as an INTEGER.
1013 public_key_info->insert(public_key_info->begin(),
1014 modulus_n.begin(), modulus_n.end());
1015 uint16 length16 = modulus_n.size();
1016 if (modulus_n[0] & 0x80) {
1017 public_key_info->insert(public_key_info->begin(), 0x00);
1018 length16++;
1019 }
1020 public_key_info->insert(public_key_info->begin(), length16 & 0xff);
1021 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff);
1022 public_key_info->insert(public_key_info->begin(), 0x82);
1023 public_key_info->insert(public_key_info->begin(), kIntegerTag);
1024
1025 // Encode the RSAPublicKey SEQUENCE.
1026 length16 = public_key_info->size();
1027 public_key_info->insert(public_key_info->begin(), length16 & 0xff);
1028 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff);
1029 public_key_info->insert(public_key_info->begin(), 0x82);
1030 public_key_info->insert(public_key_info->begin(), kSequenceTag);
1031
1032 // Encode the BIT STRING.
1033 // Number of unused bits.
1034 public_key_info->insert(public_key_info->begin(), 0x00);
1035 length16 = public_key_info->size();
1036 public_key_info->insert(public_key_info->begin(), length16 & 0xff);
1037 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff);
1038 public_key_info->insert(public_key_info->begin(), 0x82);
1039 public_key_info->insert(public_key_info->begin(), kBitStringTag);
1040
1041 // Encode the AlgorithmIdentifier.
1042 static const uint8 algorithm[] = {
1043 0x30, 0x0d, // a SEQUENCE of length 13
1044 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
1045 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1046 0x05, 0x00,
1047 };
1048 public_key_info->insert(public_key_info->begin(),
1049 algorithm, algorithm + sizeof(algorithm));
1050
1051 // Encode the outermost SEQUENCE.
1052 length16 = public_key_info->size();
1053 public_key_info->insert(public_key_info->begin(), length16 & 0xff);
1054 public_key_info->insert(public_key_info->begin(), (length16 >> 8) & 0xff);
1055 public_key_info->insert(public_key_info->begin(), 0x82);
1056 public_key_info->insert(public_key_info->begin(), kSequenceTag);
1057
1058 return true;
1059}
1060
1061TEST(SignatureVerifierTest, VerifyRSAPSS) {
1062 for (unsigned int i = 0; i < arraysize(pss_test); i++) {
1063 std::vector<uint8> modulus_n;
1064 std::vector<uint8> public_exponent_e;
1065 ASSERT_TRUE(DecodeTestInput(pss_test[i].modulus_n, &modulus_n));
1066 ASSERT_TRUE(DecodeTestInput(pss_test[i].public_exponent_e,
1067 &public_exponent_e));
1068 std::vector<uint8> public_key_info;
1069 ASSERT_TRUE(EncodeRSAPublicKey(modulus_n, public_exponent_e,
1070 &public_key_info));
1071
1072 for (unsigned int j = 0; j < arraysize(pss_test[i].example); j++) {
1073 std::vector<uint8> message;
1074 std::vector<uint8> salt;
1075 std::vector<uint8> signature;
1076 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].message, &message));
1077 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].salt, &salt));
1078 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].signature,
1079 &signature));
1080
1081 crypto::SignatureVerifier verifier;
1082 bool ok;
1083
1084 // Positive test.
1085 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1086 crypto::SignatureVerifier::SHA1,
1087 salt.size(),
1088 &signature[0], signature.size(),
1089 &public_key_info[0],
1090 public_key_info.size());
1091 ASSERT_TRUE(ok);
1092 verifier.VerifyUpdate(&message[0], message.size());
1093 ok = verifier.VerifyFinal();
1094 EXPECT_TRUE(ok);
1095
1096 // Modify the first byte of the message.
1097 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1098 crypto::SignatureVerifier::SHA1,
1099 salt.size(),
1100 &signature[0], signature.size(),
1101 &public_key_info[0],
1102 public_key_info.size());
1103 ASSERT_TRUE(ok);
1104 message[0] += 1;
1105 verifier.VerifyUpdate(&message[0], message.size());
1106 message[0] -= 1;
1107 ok = verifier.VerifyFinal();
1108 EXPECT_FALSE(ok);
1109
1110 // Truncate the message.
1111 ASSERT_FALSE(message.empty());
1112 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1113 crypto::SignatureVerifier::SHA1,
1114 salt.size(),
1115 &signature[0], signature.size(),
1116 &public_key_info[0],
1117 public_key_info.size());
1118 ASSERT_TRUE(ok);
1119 verifier.VerifyUpdate(&message[0], message.size() - 1);
1120 ok = verifier.VerifyFinal();
1121 EXPECT_FALSE(ok);
1122
1123 // Corrupt the signature.
1124 signature[0] += 1;
1125 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1126 crypto::SignatureVerifier::SHA1,
1127 salt.size(),
1128 &signature[0], signature.size(),
1129 &public_key_info[0],
1130 public_key_info.size());
1131 signature[0] -= 1;
1132 ASSERT_TRUE(ok);
1133 verifier.VerifyUpdate(&message[0], message.size());
1134 ok = verifier.VerifyFinal();
1135 EXPECT_FALSE(ok);
1136 }
1137 }
1138}