Explicitly add python-numpy dependency to install-build-deps.
[chromium-blink-merge.git] / crypto / signature_verifier_unittest.cc
blobb521bd7bcd295f6b0d8b3f7ef4dc3ecdc81866f9
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/signature_verifier.h"
7 #include "base/numerics/safe_conversions.h"
8 #include "testing/gtest/include/gtest/gtest.h"
10 TEST(SignatureVerifierTest, BasicTest) {
11 // The input data in this test comes from real certificates.
13 // tbs_certificate ("to-be-signed certificate", the part of a certificate
14 // that is signed), signature_algorithm, and algorithm come from the
15 // certificate of bugs.webkit.org.
17 // public_key_info comes from the certificate of the issuer, Go Daddy Secure
18 // Certification Authority.
20 // The bytes in the array initializers are formatted to expose the DER
21 // encoding of the ASN.1 structures.
23 // The data that is signed is the following ASN.1 structure:
24 // TBSCertificate ::= SEQUENCE {
25 // ... -- omitted, not important
26 // }
27 const uint8 tbs_certificate[1017] = {
28 0x30, 0x82, 0x03, 0xf5, // a SEQUENCE of length 1013 (0x3f5)
29 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x03, 0x43, 0xdd, 0x63, 0x30, 0x0d,
30 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05,
31 0x00, 0x30, 0x81, 0xca, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04,
32 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
33 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, 0x7a, 0x6f, 0x6e, 0x61, 0x31,
34 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0a, 0x53, 0x63,
35 0x6f, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6c, 0x65, 0x31, 0x1a, 0x30, 0x18,
36 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x11, 0x47, 0x6f, 0x44, 0x61, 0x64,
37 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
38 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x2a, 0x68,
39 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66,
40 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64,
41 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73,
42 0x69, 0x74, 0x6f, 0x72, 0x79, 0x31, 0x30, 0x30, 0x2e, 0x06, 0x03, 0x55,
43 0x04, 0x03, 0x13, 0x27, 0x47, 0x6f, 0x20, 0x44, 0x61, 0x64, 0x64, 0x79,
44 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74,
45 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75,
46 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x31, 0x11, 0x30, 0x0f, 0x06,
47 0x03, 0x55, 0x04, 0x05, 0x13, 0x08, 0x30, 0x37, 0x39, 0x36, 0x39, 0x32,
48 0x38, 0x37, 0x30, 0x1e, 0x17, 0x0d, 0x30, 0x38, 0x30, 0x33, 0x31, 0x38,
49 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x17, 0x0d, 0x31, 0x31, 0x30,
50 0x33, 0x31, 0x38, 0x32, 0x33, 0x33, 0x35, 0x31, 0x39, 0x5a, 0x30, 0x79,
51 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
52 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0a,
53 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x12,
54 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x09, 0x43, 0x75, 0x70,
55 0x65, 0x72, 0x74, 0x69, 0x6e, 0x6f, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
56 0x55, 0x04, 0x0a, 0x13, 0x0a, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x49,
57 0x6e, 0x63, 0x2e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0b,
58 0x13, 0x0c, 0x4d, 0x61, 0x63, 0x20, 0x4f, 0x53, 0x20, 0x46, 0x6f, 0x72,
59 0x67, 0x65, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
60 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69, 0x74, 0x2e, 0x6f, 0x72,
61 0x67, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
62 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30,
63 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa7, 0x62, 0x79, 0x41, 0xda, 0x28,
64 0xf2, 0xc0, 0x4f, 0xe0, 0x25, 0xaa, 0xa1, 0x2e, 0x3b, 0x30, 0x94, 0xb5,
65 0xc9, 0x26, 0x3a, 0x1b, 0xe2, 0xd0, 0xcc, 0xa2, 0x95, 0xe2, 0x91, 0xc0,
66 0xf0, 0x40, 0x9e, 0x27, 0x6e, 0xbd, 0x6e, 0xde, 0x7c, 0xb6, 0x30, 0x5c,
67 0xb8, 0x9b, 0x01, 0x2f, 0x92, 0x04, 0xa1, 0xef, 0x4a, 0xb1, 0x6c, 0xb1,
68 0x7e, 0x8e, 0xcd, 0xa6, 0xf4, 0x40, 0x73, 0x1f, 0x2c, 0x96, 0xad, 0xff,
69 0x2a, 0x6d, 0x0e, 0xba, 0x52, 0x84, 0x83, 0xb0, 0x39, 0xee, 0xc9, 0x39,
70 0xdc, 0x1e, 0x34, 0xd0, 0xd8, 0x5d, 0x7a, 0x09, 0xac, 0xa9, 0xee, 0xca,
71 0x65, 0xf6, 0x85, 0x3a, 0x6b, 0xee, 0xe4, 0x5c, 0x5e, 0xf8, 0xda, 0xd1,
72 0xce, 0x88, 0x47, 0xcd, 0x06, 0x21, 0xe0, 0xb9, 0x4b, 0xe4, 0x07, 0xcb,
73 0x57, 0xdc, 0xca, 0x99, 0x54, 0xf7, 0x0e, 0xd5, 0x17, 0x95, 0x05, 0x2e,
74 0xe9, 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0xce, 0x30,
75 0x82, 0x01, 0xca, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02,
76 0x30, 0x00, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03,
77 0x02, 0x05, 0xa0, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16,
78 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01,
79 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x57,
80 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, 0x50, 0x30, 0x4e, 0x30, 0x4c, 0xa0,
81 0x4a, 0xa0, 0x48, 0x86, 0x46, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f,
82 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73,
83 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d,
84 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74, 0x6f, 0x72, 0x79, 0x2f,
85 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79, 0x65, 0x78, 0x74, 0x65, 0x6e,
86 0x64, 0x65, 0x64, 0x69, 0x73, 0x73, 0x75, 0x69, 0x6e, 0x67, 0x33, 0x2e,
87 0x63, 0x72, 0x6c, 0x30, 0x52, 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04, 0x4b,
88 0x30, 0x49, 0x30, 0x47, 0x06, 0x0b, 0x60, 0x86, 0x48, 0x01, 0x86, 0xfd,
89 0x6d, 0x01, 0x07, 0x17, 0x02, 0x30, 0x38, 0x30, 0x36, 0x06, 0x08, 0x2b,
90 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x2a, 0x68, 0x74, 0x74,
91 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
92 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64, 0x79,
93 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69, 0x74,
94 0x6f, 0x72, 0x79, 0x30, 0x7f, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05,
95 0x07, 0x01, 0x01, 0x04, 0x73, 0x30, 0x71, 0x30, 0x23, 0x06, 0x08, 0x2b,
96 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x17, 0x68, 0x74, 0x74,
97 0x70, 0x3a, 0x2f, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2e, 0x67, 0x6f, 0x64,
98 0x61, 0x64, 0x64, 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x4a, 0x06, 0x08,
99 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x3e, 0x68, 0x74,
100 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
101 0x63, 0x61, 0x74, 0x65, 0x73, 0x2e, 0x67, 0x6f, 0x64, 0x61, 0x64, 0x64,
102 0x79, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x72, 0x65, 0x70, 0x6f, 0x73, 0x69,
103 0x74, 0x6f, 0x72, 0x79, 0x2f, 0x67, 0x64, 0x5f, 0x69, 0x6e, 0x74, 0x65,
104 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x2e, 0x63, 0x72, 0x74,
105 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x48,
106 0xdf, 0x60, 0x32, 0xcc, 0x89, 0x01, 0xb6, 0xdc, 0x2f, 0xe3, 0x73, 0xb5,
107 0x9c, 0x16, 0x58, 0x32, 0x68, 0xa9, 0xc3, 0x30, 0x1f, 0x06, 0x03, 0x55,
108 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfd, 0xac, 0x61, 0x32,
109 0x93, 0x6c, 0x45, 0xd6, 0xe2, 0xee, 0x85, 0x5f, 0x9a, 0xba, 0xe7, 0x76,
110 0x99, 0x68, 0xcc, 0xe7, 0x30, 0x23, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04,
111 0x1c, 0x30, 0x1a, 0x82, 0x0c, 0x2a, 0x2e, 0x77, 0x65, 0x62, 0x6b, 0x69,
112 0x74, 0x2e, 0x6f, 0x72, 0x67, 0x82, 0x0a, 0x77, 0x65, 0x62, 0x6b, 0x69,
113 0x74, 0x2e, 0x6f, 0x72, 0x67
116 // The signature algorithm is specified as the following ASN.1 structure:
117 // AlgorithmIdentifier ::= SEQUENCE {
118 // algorithm OBJECT IDENTIFIER,
119 // parameters ANY DEFINED BY algorithm OPTIONAL }
121 const uint8 signature_algorithm[15] = {
122 0x30, 0x0d, // a SEQUENCE of length 13 (0xd)
123 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
124 // 1.2.840.113549.1.1.5 - sha1WithRSAEncryption
125 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05,
126 0x05, 0x00, // a NULL of length 0
129 // RSA signature, a big integer in the big-endian byte order.
130 const uint8 signature[256] = {
131 0x1e, 0x6a, 0xe7, 0xe0, 0x4f, 0xe7, 0x4d, 0xd0, 0x69, 0x7c, 0xf8, 0x8f,
132 0x99, 0xb4, 0x18, 0x95, 0x36, 0x24, 0x0f, 0x0e, 0xa3, 0xea, 0x34, 0x37,
133 0xf4, 0x7d, 0xd5, 0x92, 0x35, 0x53, 0x72, 0x76, 0x3f, 0x69, 0xf0, 0x82,
134 0x56, 0xe3, 0x94, 0x7a, 0x1d, 0x1a, 0x81, 0xaf, 0x9f, 0xc7, 0x43, 0x01,
135 0x64, 0xd3, 0x7c, 0x0d, 0xc8, 0x11, 0x4e, 0x4a, 0xe6, 0x1a, 0xc3, 0x01,
136 0x74, 0xe8, 0x35, 0x87, 0x5c, 0x61, 0xaa, 0x8a, 0x46, 0x06, 0xbe, 0x98,
137 0x95, 0x24, 0x9e, 0x01, 0xe3, 0xe6, 0xa0, 0x98, 0xee, 0x36, 0x44, 0x56,
138 0x8d, 0x23, 0x9c, 0x65, 0xea, 0x55, 0x6a, 0xdf, 0x66, 0xee, 0x45, 0xe8,
139 0xa0, 0xe9, 0x7d, 0x9a, 0xba, 0x94, 0xc5, 0xc8, 0xc4, 0x4b, 0x98, 0xff,
140 0x9a, 0x01, 0x31, 0x6d, 0xf9, 0x2b, 0x58, 0xe7, 0xe7, 0x2a, 0xc5, 0x4d,
141 0xbb, 0xbb, 0xcd, 0x0d, 0x70, 0xe1, 0xad, 0x03, 0xf5, 0xfe, 0xf4, 0x84,
142 0x71, 0x08, 0xd2, 0xbc, 0x04, 0x7b, 0x26, 0x1c, 0xa8, 0x0f, 0x9c, 0xd8,
143 0x12, 0x6a, 0x6f, 0x2b, 0x67, 0xa1, 0x03, 0x80, 0x9a, 0x11, 0x0b, 0xe9,
144 0xe0, 0xb5, 0xb3, 0xb8, 0x19, 0x4e, 0x0c, 0xa4, 0xd9, 0x2b, 0x3b, 0xc2,
145 0xca, 0x20, 0xd3, 0x0c, 0xa4, 0xff, 0x93, 0x13, 0x1f, 0xfc, 0xba, 0x94,
146 0x93, 0x8c, 0x64, 0x15, 0x2e, 0x28, 0xa9, 0x55, 0x8c, 0x2c, 0x48, 0xd3,
147 0xd3, 0xc1, 0x50, 0x69, 0x19, 0xe8, 0x34, 0xd3, 0xf1, 0x04, 0x9f, 0x0a,
148 0x7a, 0x21, 0x87, 0xbf, 0xb9, 0x59, 0x37, 0x2e, 0xf4, 0x71, 0xa5, 0x3e,
149 0xbe, 0xcd, 0x70, 0x83, 0x18, 0xf8, 0x8a, 0x72, 0x85, 0x45, 0x1f, 0x08,
150 0x01, 0x6f, 0x37, 0xf5, 0x2b, 0x7b, 0xea, 0xb9, 0x8b, 0xa3, 0xcc, 0xfd,
151 0x35, 0x52, 0xdd, 0x66, 0xde, 0x4f, 0x30, 0xc5, 0x73, 0x81, 0xb6, 0xe8,
152 0x3c, 0xd8, 0x48, 0x8a
155 // The public key is specified as the following ASN.1 structure:
156 // SubjectPublicKeyInfo ::= SEQUENCE {
157 // algorithm AlgorithmIdentifier,
158 // subjectPublicKey BIT STRING }
159 const uint8 public_key_info[294] = {
160 0x30, 0x82, 0x01, 0x22, // a SEQUENCE of length 290 (0x122)
161 // algorithm
162 0x30, 0x0d, // a SEQUENCE of length 13
163 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
164 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
165 0x05, 0x00, // a NULL of length 0
166 // subjectPublicKey
167 0x03, 0x82, 0x01, 0x0f, // a BIT STRING of length 271 (0x10f)
168 0x00, // number of unused bits
169 0x30, 0x82, 0x01, 0x0a, // a SEQUENCE of length 266 (0x10a)
170 // modulus
171 0x02, 0x82, 0x01, 0x01, // an INTEGER of length 257 (0x101)
172 0x00, 0xc4, 0x2d, 0xd5, 0x15, 0x8c, 0x9c, 0x26, 0x4c, 0xec,
173 0x32, 0x35, 0xeb, 0x5f, 0xb8, 0x59, 0x01, 0x5a, 0xa6, 0x61,
174 0x81, 0x59, 0x3b, 0x70, 0x63, 0xab, 0xe3, 0xdc, 0x3d, 0xc7,
175 0x2a, 0xb8, 0xc9, 0x33, 0xd3, 0x79, 0xe4, 0x3a, 0xed, 0x3c,
176 0x30, 0x23, 0x84, 0x8e, 0xb3, 0x30, 0x14, 0xb6, 0xb2, 0x87,
177 0xc3, 0x3d, 0x95, 0x54, 0x04, 0x9e, 0xdf, 0x99, 0xdd, 0x0b,
178 0x25, 0x1e, 0x21, 0xde, 0x65, 0x29, 0x7e, 0x35, 0xa8, 0xa9,
179 0x54, 0xeb, 0xf6, 0xf7, 0x32, 0x39, 0xd4, 0x26, 0x55, 0x95,
180 0xad, 0xef, 0xfb, 0xfe, 0x58, 0x86, 0xd7, 0x9e, 0xf4, 0x00,
181 0x8d, 0x8c, 0x2a, 0x0c, 0xbd, 0x42, 0x04, 0xce, 0xa7, 0x3f,
182 0x04, 0xf6, 0xee, 0x80, 0xf2, 0xaa, 0xef, 0x52, 0xa1, 0x69,
183 0x66, 0xda, 0xbe, 0x1a, 0xad, 0x5d, 0xda, 0x2c, 0x66, 0xea,
184 0x1a, 0x6b, 0xbb, 0xe5, 0x1a, 0x51, 0x4a, 0x00, 0x2f, 0x48,
185 0xc7, 0x98, 0x75, 0xd8, 0xb9, 0x29, 0xc8, 0xee, 0xf8, 0x66,
186 0x6d, 0x0a, 0x9c, 0xb3, 0xf3, 0xfc, 0x78, 0x7c, 0xa2, 0xf8,
187 0xa3, 0xf2, 0xb5, 0xc3, 0xf3, 0xb9, 0x7a, 0x91, 0xc1, 0xa7,
188 0xe6, 0x25, 0x2e, 0x9c, 0xa8, 0xed, 0x12, 0x65, 0x6e, 0x6a,
189 0xf6, 0x12, 0x44, 0x53, 0x70, 0x30, 0x95, 0xc3, 0x9c, 0x2b,
190 0x58, 0x2b, 0x3d, 0x08, 0x74, 0x4a, 0xf2, 0xbe, 0x51, 0xb0,
191 0xbf, 0x87, 0xd0, 0x4c, 0x27, 0x58, 0x6b, 0xb5, 0x35, 0xc5,
192 0x9d, 0xaf, 0x17, 0x31, 0xf8, 0x0b, 0x8f, 0xee, 0xad, 0x81,
193 0x36, 0x05, 0x89, 0x08, 0x98, 0xcf, 0x3a, 0xaf, 0x25, 0x87,
194 0xc0, 0x49, 0xea, 0xa7, 0xfd, 0x67, 0xf7, 0x45, 0x8e, 0x97,
195 0xcc, 0x14, 0x39, 0xe2, 0x36, 0x85, 0xb5, 0x7e, 0x1a, 0x37,
196 0xfd, 0x16, 0xf6, 0x71, 0x11, 0x9a, 0x74, 0x30, 0x16, 0xfe,
197 0x13, 0x94, 0xa3, 0x3f, 0x84, 0x0d, 0x4f,
198 // public exponent
199 0x02, 0x03, // an INTEGER of length 3
200 0x01, 0x00, 0x01
203 // We use the signature verifier to perform four signature verification
204 // tests.
205 crypto::SignatureVerifier verifier;
206 bool ok;
208 // Test 1: feed all of the data to the verifier at once (a single
209 // VerifyUpdate call).
210 ok = verifier.VerifyInit(signature_algorithm,
211 sizeof(signature_algorithm),
212 signature, sizeof(signature),
213 public_key_info, sizeof(public_key_info));
214 EXPECT_TRUE(ok);
215 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
216 ok = verifier.VerifyFinal();
217 EXPECT_TRUE(ok);
219 // Test 2: feed the data to the verifier in three parts (three VerifyUpdate
220 // calls).
221 ok = verifier.VerifyInit(signature_algorithm,
222 sizeof(signature_algorithm),
223 signature, sizeof(signature),
224 public_key_info, sizeof(public_key_info));
225 EXPECT_TRUE(ok);
226 verifier.VerifyUpdate(tbs_certificate, 256);
227 verifier.VerifyUpdate(tbs_certificate + 256, 256);
228 verifier.VerifyUpdate(tbs_certificate + 512, sizeof(tbs_certificate) - 512);
229 ok = verifier.VerifyFinal();
230 EXPECT_TRUE(ok);
232 // Test 3: verify the signature with incorrect data.
233 uint8 bad_tbs_certificate[sizeof(tbs_certificate)];
234 memcpy(bad_tbs_certificate, tbs_certificate, sizeof(tbs_certificate));
235 bad_tbs_certificate[10] += 1; // Corrupt one byte of the data.
236 ok = verifier.VerifyInit(signature_algorithm,
237 sizeof(signature_algorithm),
238 signature, sizeof(signature),
239 public_key_info, sizeof(public_key_info));
240 EXPECT_TRUE(ok);
241 verifier.VerifyUpdate(bad_tbs_certificate, sizeof(bad_tbs_certificate));
242 ok = verifier.VerifyFinal();
243 EXPECT_FALSE(ok);
245 // Test 4: verify a bad signature.
246 uint8 bad_signature[sizeof(signature)];
247 memcpy(bad_signature, signature, sizeof(signature));
248 bad_signature[10] += 1; // Corrupt one byte of the signature.
249 ok = verifier.VerifyInit(signature_algorithm,
250 sizeof(signature_algorithm),
251 bad_signature, sizeof(bad_signature),
252 public_key_info, sizeof(public_key_info));
254 // A crypto library (e.g., NSS) may detect that the signature is corrupted
255 // and cause VerifyInit to return false, so it is fine for 'ok' to be false.
256 if (ok) {
257 verifier.VerifyUpdate(tbs_certificate, sizeof(tbs_certificate));
258 ok = verifier.VerifyFinal();
259 EXPECT_FALSE(ok);
262 // Test 5: import an invalid key.
263 uint8_t bad_public_key_info[sizeof(public_key_info)];
264 memcpy(bad_public_key_info, public_key_info, sizeof(public_key_info));
265 bad_public_key_info[0] += 1; // Corrupt part of the SPKI syntax.
266 ok = verifier.VerifyInit(signature_algorithm,
267 sizeof(signature_algorithm),
268 signature, sizeof(signature),
269 bad_public_key_info, sizeof(bad_public_key_info));
270 EXPECT_FALSE(ok);
272 // Test 6: import a key with extra data.
273 uint8_t long_public_key_info[sizeof(public_key_info) + 5];
274 memset(long_public_key_info, 0, sizeof(long_public_key_info));
275 memcpy(long_public_key_info, public_key_info, sizeof(public_key_info));
276 ok = verifier.VerifyInit(signature_algorithm,
277 sizeof(signature_algorithm),
278 signature, sizeof(signature),
279 long_public_key_info, sizeof(long_public_key_info));
280 EXPECT_FALSE(ok);
283 //////////////////////////////////////////////////////////////////////
285 // RSA-PSS signature verification known answer test
287 //////////////////////////////////////////////////////////////////////
289 // The following RSA-PSS signature test vectors come from the pss-vect.txt
290 // file downloaded from
291 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip.
293 // For each key, 6 random messages of length between 1 and 256 octets have
294 // been RSASSA-PSS signed.
296 // Hash function: SHA-1
297 // Mask generation function: MGF1 with SHA-1
298 // Salt length: 20 octets
300 // Example 1: A 1024-bit RSA Key Pair"
302 // RSA modulus n:
303 static const char rsa_modulus_n_1[] =
304 "a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1 "
305 "56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91 "
306 "d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3 "
307 "94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df "
308 "d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77 "
309 "c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1 "
310 "05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4 "
311 "ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37 ";
312 // RSA public exponent e: "
313 static const char rsa_public_exponent_e_1[] =
314 "01 00 01 ";
316 // RSASSA-PSS Signature Example 1.1
317 // Message to be signed:
318 static const char message_1_1[] =
319 "cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26 "
320 "d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6 "
321 "23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15 "
322 "6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76 "
323 "97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3 "
324 "d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0 "
325 "61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29 "
326 "cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61 "
327 "93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08 "
328 "a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c "
329 "29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca "
330 "b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16 "
331 "be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed "
332 "1b 73 31 8b 75 0a 01 67 d0 ";
333 // Salt:
334 static const char salt_1_1[] =
335 "de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f "
336 "3e 67 76 af ";
337 // Signature:
338 static const char signature_1_1[] =
339 "90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71 "
340 "fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87 "
341 "e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2 "
342 "26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15 "
343 "df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9 "
344 "c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65 "
345 "98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4 "
346 "c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c ";
348 // RSASSA-PSS Signature Example 1.2
349 // Message to be signed:
350 static const char message_1_2[] =
351 "85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c "
352 "f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f "
353 "71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13 "
354 "22 6b 9e ";
355 // Salt:
356 static const char salt_1_2[] =
357 "ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f "
358 "d5 6d f4 2d ";
359 // Signature:
360 static const char signature_1_2[] =
361 "3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce "
362 "fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e "
363 "f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db "
364 "0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45 "
365 "17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4 "
366 "cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35 "
367 "90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14 "
368 "18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43 ";
370 // RSASSA-PSS Signature Example 1.3
371 // Message to be signed:
372 static const char message_1_3[] =
373 "a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5 "
374 "aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef "
375 "8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d "
376 "fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55 "
377 "fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db "
378 "43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7 "
379 "45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29 "
380 "c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4 "
381 "56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17 "
382 "be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c "
383 "03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b "
384 "79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa "
385 "29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61 "
386 "8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13 "
387 "38 e7 d4 70 ";
388 // Salt:
389 static const char salt_1_3[] =
390 "71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1 "
391 "81 07 cc 77 ";
392 // Signature:
393 static const char signature_1_3[] =
394 "66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e "
395 "4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01 "
396 "54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b "
397 "aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14 "
398 "3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82 "
399 "72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a "
400 "a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91 "
401 "60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1 ";
403 // RSASSA-PSS Signature Example 1.4
404 // Message to be signed:
405 static const char message_1_4[] =
406 "bc 65 67 47 fa 9e af b3 f0 ";
407 // Salt:
408 static const char salt_1_4[] =
409 "05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be "
410 "f7 20 33 5e ";
411 // Signature:
412 static const char signature_1_4[] =
413 "46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f "
414 "3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c "
415 "17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f "
416 "4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad "
417 "84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e "
418 "42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18 "
419 "33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7 "
420 "52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87 ";
422 // RSASSA-PSS Signature Example 1.5
423 // Message to be signed:
424 static const char message_1_5[] =
425 "b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64 "
426 "e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76 "
427 "c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e "
428 "f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75 "
429 "48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4 "
430 "b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f "
431 "32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7 "
432 "82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc "
433 "5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f "
434 "45 5a 69 09 b4 ";
435 // Salt:
436 static const char salt_1_5[] =
437 "80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc "
438 "ea 67 ae 8e ";
439 // Signature:
440 static const char signature_1_5[] =
441 "1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98 "
442 "e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73 "
443 "47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1 "
444 "6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59 "
445 "60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c "
446 "3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db "
447 "45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6 "
448 "84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad ";
450 // RSASSA-PSS Signature Example 1.6
451 // Message to be signed:
452 static const char message_1_6[] =
453 "10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7 "
454 "5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec "
455 "74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4 "
456 "3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4 "
457 "35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90 "
458 "9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7 "
459 "05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad "
460 "b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87 "
461 "94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00 "
462 "44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73 "
463 "d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29 "
464 "51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb "
465 "3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf "
466 "e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6 "
467 "13 8d 14 4f 8c e4 e2 da 73 ";
468 // Salt:
469 static const char salt_1_6[] =
470 "a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6 "
471 "16 d9 96 81 ";
472 // Signature:
473 static const char signature_1_6[] =
474 "2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32 "
475 "be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98 "
476 "7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6 "
477 "7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7 "
478 "5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0 "
479 "d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89 "
480 "82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27 "
481 "3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58 ";
483 // Example 9: A 1536-bit RSA Key Pair
485 // RSA modulus n:
486 static const char rsa_modulus_n_9[] =
487 "e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9 "
488 "bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b "
489 "5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4 "
490 "a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68 "
491 "35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73 "
492 "ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc "
493 "ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43 "
494 "3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14 "
495 "83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f "
496 "84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02 "
497 "73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8 "
498 "17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b ";
499 // RSA public exponent e:
500 static const char rsa_public_exponent_e_9[] =
501 "01 00 01 ";
503 // RSASSA-PSS Signature Example 9.1
504 // Message to be signed:
505 static const char message_9_1[] =
506 "a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59 "
507 "1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59 "
508 "22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa "
509 "70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27 "
510 "88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4 "
511 "f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88 "
512 "c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f "
513 "0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79 "
514 "f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76 "
515 "2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70 "
516 "9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66 "
517 "ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94 "
518 "20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2 "
519 "c7 50 f5 ";
520 // Salt:
521 static const char salt_9_1[] =
522 "c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5 "
523 "25 7e ed 80 ";
524 // Signature:
525 static const char signature_9_1[] =
526 "58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59 "
527 "bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef "
528 "58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38 "
529 "30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1 "
530 "3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b "
531 "67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c "
532 "b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70 "
533 "46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27 "
534 "9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60 "
535 "20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11 "
536 "21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81 "
537 "fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e ";
539 // RSASSA-PSS Signature Example 9.2
540 // Message to be signed:
541 static const char message_9_2[] =
542 "c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3 "
543 "73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26 "
544 "58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce "
545 "d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1 "
546 "2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8 "
547 "a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6 "
548 "9f 86 35 0e 18 22 e8 bd 53 6a 2e ";
549 // Salt:
550 static const char salt_9_2[] =
551 "b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef "
552 "8c 5c 0e 91 ";
553 // Signature:
554 static const char signature_9_2[] =
555 "80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2 "
556 "59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d "
557 "d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04 "
558 "b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f "
559 "7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f "
560 "7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46 "
561 "bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63 "
562 "b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea "
563 "e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5 "
564 "e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee "
565 "36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa "
566 "1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58 ";
568 // RSASSA-PSS Signature Example 9.3
569 // Message to be signed:
570 static const char message_9_3[] =
571 "0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a "
572 "4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1 "
573 "26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1 "
574 "fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89 "
575 "3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d "
576 "df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff "
577 "74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63 "
578 "19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34 "
579 "09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec "
580 "be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1 "
581 "4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46 "
582 "2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc "
583 "d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8 "
584 "9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94 ";
585 // Salt:
586 static const char salt_9_3[] =
587 "9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed "
588 "fc 74 db f5 ";
589 // Signature:
590 static const char signature_9_3[] =
591 "48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27 "
592 "08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9 "
593 "81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5 "
594 "bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c "
595 "87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77 "
596 "5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd "
597 "1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb "
598 "c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20 "
599 "19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16 "
600 "a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd "
601 "e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3 "
602 "fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca ";
604 // RSASSA-PSS Signature Example 9.4
605 // Message to be signed:
606 static const char message_9_4[] =
607 "1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8 "
608 "82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db "
609 "be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19 "
610 "a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06 "
611 "e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb "
612 "b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f "
613 "53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3 "
614 "0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a "
615 "45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0 "
616 "1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14 "
617 "fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0 "
618 "c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4 "
619 "3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc "
620 "b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81 "
621 "7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5 "
622 "69 26 fc ec 20 9f 9e a8 ";
623 // Salt:
624 static const char salt_9_4[] =
625 "70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6 "
626 "32 b8 40 45 ";
627 // Signature:
628 static const char signature_9_4[] =
629 "84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01 "
630 "12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a "
631 "e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03 "
632 "fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c "
633 "97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed "
634 "2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8 "
635 "b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58 "
636 "cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a "
637 "91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e "
638 "0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77 "
639 "e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f "
640 "bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e ";
642 // RSASSA-PSS Signature Example 9.5
643 // Message to be signed:
644 static const char message_9_5[] =
645 "1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9 "
646 "cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d "
647 "73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52 "
648 "26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76 "
649 "96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18 "
650 "55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21 "
651 "38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8 "
652 "be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80 "
653 "0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f "
654 "bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67 "
655 "fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed "
656 "1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1 "
657 "be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e "
658 "2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01 "
659 "d9 fa 6e d8 06 46 49 1c 93 41 ";
660 // Salt:
661 static const char salt_9_5[] =
662 "d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29 "
663 "5f b9 1b 67 ";
664 // Signature:
665 static const char signature_9_5[] =
666 "82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6 "
667 "4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27 "
668 "4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42 "
669 "0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da "
670 "5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d "
671 "4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe "
672 "c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a "
673 "1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17 "
674 "17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16 "
675 "64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba "
676 "3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf "
677 "22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c ";
679 // RSASSA-PSS Signature Example 9.6
680 // Message to be signed:
681 static const char message_9_6[] =
682 "88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25 "
683 "c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67 "
684 "0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c "
685 "c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1 "
686 "de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc "
687 "d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30 "
688 "2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d "
689 "b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e "
690 "d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14 "
691 "fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db "
692 "ce 7a 9e f7 97 ";
693 // Salt:
694 static const char salt_9_6[] =
695 "c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61 "
696 "3b ba 22 76 ";
697 // Signature:
698 static const char signature_9_6[] =
699 "a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86 "
700 "7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa "
701 "de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2 "
702 "05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04 "
703 "c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4 "
704 "af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c "
705 "31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9 "
706 "aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3 "
707 "af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d "
708 "e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08 "
709 "95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42 "
710 "3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f ";
712 // Example 10: A 2048-bit RSA Key Pair
714 // RSA modulus n:
715 static const char rsa_modulus_n_10[] =
716 "a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70 "
717 "ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5 "
718 "7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18 "
719 "75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad "
720 "cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12 "
721 "cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae "
722 "4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e "
723 "90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a "
724 "21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37 "
725 "39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea "
726 "45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73 "
727 "3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07 "
728 "0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17 "
729 "b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00 "
730 "1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82 "
731 "ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05 ";
732 // RSA public exponent e:
733 static const char rsa_public_exponent_e_10[] =
734 "01 00 01 ";
736 // RSASSA-PSS Signature Example 10.1
737 // Message to be signed:
738 static const char message_10_1[] =
739 "88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c "
740 "6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09 ";
741 // Salt:
742 static const char salt_10_1[] =
743 "04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab "
744 "fc ec de 89 ";
745 // Signature:
746 static const char signature_10_1[] =
747 "82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54 "
748 "06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5 "
749 "af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14 "
750 "8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2 "
751 "1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7 "
752 "9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74 "
753 "1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a "
754 "77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f "
755 "d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16 "
756 "59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e "
757 "57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb "
758 "3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00 "
759 "0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8 "
760 "e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04 "
761 "38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1 "
762 "b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66 ";
764 // RSASSA-PSS Signature Example 10.2
765 // Message to be signed:
766 static const char message_10_2[] =
767 "dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c "
768 "52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13 "
769 "97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b "
770 "34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db "
771 "d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3 "
772 "c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75 "
773 "ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e "
774 "80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac ";
775 // Salt:
776 static const char salt_10_2[] =
777 "8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb "
778 "57 f9 b7 1b ";
779 // Signature:
780 static const char signature_10_2[] =
781 "14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c "
782 "d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30 "
783 "53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10 "
784 "11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28 "
785 "92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a "
786 "5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca "
787 "ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec "
788 "d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63 "
789 "7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22 "
790 "21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15 "
791 "99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68 "
792 "25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42 "
793 "31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab "
794 "c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd "
795 "26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26 "
796 "d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3 ";
798 // RSASSA-PSS Signature Example 10.3
799 // Message to be signed:
800 static const char message_10_3[] =
801 "48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b "
802 "08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01 "
803 "93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6 "
804 "26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71 "
805 "ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d "
806 "e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1 "
807 "3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db ";
808 // Salt:
809 static const char salt_10_3[] =
810 "4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6 "
811 "e2 0c 2d 73 ";
812 // Signature:
813 static const char signature_10_3[] =
814 "6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb "
815 "39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5 "
816 "4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d "
817 "3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01 "
818 "02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a "
819 "a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5 "
820 "d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa "
821 "91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66 "
822 "f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78 "
823 "34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b "
824 "44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de "
825 "03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53 "
826 "1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19 "
827 "6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24 "
828 "71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5 "
829 "0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb ";
831 // RSASSA-PSS Signature Example 10.4
832 // Message to be signed:
833 static const char message_10_4[] =
834 "0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75 "
835 "5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4 "
836 "e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82 "
837 "db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a "
838 "62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45 "
839 "1a ";
840 // Salt:
841 static const char salt_10_4[] =
842 "c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0 "
843 "1c b5 41 ec ";
844 // Signature:
845 static const char signature_10_4[] =
846 "34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61 "
847 "a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd "
848 "ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93 "
849 "2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc "
850 "f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0 "
851 "2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34 "
852 "b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6 "
853 "6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce "
854 "c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45 "
855 "0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d "
856 "02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec "
857 "b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f "
858 "01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9 "
859 "2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d "
860 "de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6 "
861 "c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb ";
863 // RSASSA-PSS Signature Example 10.5
864 // Message to be signed:
865 static const char message_10_5[] =
866 "f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f "
867 "06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97 "
868 "6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98 "
869 "01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b "
870 "b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9 "
871 "16 ";
872 // Salt:
873 static const char salt_10_5[] =
874 "ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52 "
875 "65 5f 5d fb ";
876 // Signature:
877 static const char signature_10_5[] =
878 "7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c "
879 "55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3 "
880 "46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de "
881 "42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1 "
882 "f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38 "
883 "77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b "
884 "3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b "
885 "b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72 "
886 "1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05 "
887 "e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed "
888 "b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5 "
889 "a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9 "
890 "21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11 "
891 "26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24 "
892 "86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a "
893 "cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc ";
895 // RSASSA-PSS Signature Example 10.6
896 // Message to be signed:
897 static const char message_10_6[] =
898 "25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1 "
899 "f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5 "
900 "55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91 "
901 "dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52 "
902 "c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03 "
903 "23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0 "
904 "74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7 "
905 "d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37 "
906 "8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e "
907 "aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef "
908 "b8 af d7 ";
909 // Salt:
910 static const char salt_10_6[] =
911 "ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c "
912 "a2 d1 df 28 ";
913 // Signature:
914 static const char signature_10_6[] =
915 "6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21 "
916 "80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9 "
917 "b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12 "
918 "5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7 "
919 "b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91 "
920 "55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c "
921 "43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46 "
922 "bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81 "
923 "8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96 "
924 "d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e "
925 "f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18 "
926 "e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08 "
927 "8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed "
928 "94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59 "
929 "e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73 "
930 "2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f ";
932 struct SignatureExample {
933 const char* message;
934 const char* salt;
935 const char* signature;
938 struct PSSTestVector {
939 const char* modulus_n;
940 const char* public_exponent_e;
941 SignatureExample example[6];
944 static const PSSTestVector pss_test[] = {
946 rsa_modulus_n_1,
947 rsa_public_exponent_e_1,
949 { message_1_1, salt_1_1, signature_1_1 },
950 { message_1_2, salt_1_2, signature_1_2 },
951 { message_1_3, salt_1_3, signature_1_3 },
952 { message_1_4, salt_1_4, signature_1_4 },
953 { message_1_5, salt_1_5, signature_1_5 },
954 { message_1_6, salt_1_6, signature_1_6 },
958 rsa_modulus_n_9,
959 rsa_public_exponent_e_9,
961 { message_9_1, salt_9_1, signature_9_1 },
962 { message_9_2, salt_9_2, signature_9_2 },
963 { message_9_3, salt_9_3, signature_9_3 },
964 { message_9_4, salt_9_4, signature_9_4 },
965 { message_9_5, salt_9_5, signature_9_5 },
966 { message_9_6, salt_9_6, signature_9_6 },
970 rsa_modulus_n_10,
971 rsa_public_exponent_e_10,
973 { message_10_1, salt_10_1, signature_10_1 },
974 { message_10_2, salt_10_2, signature_10_2 },
975 { message_10_3, salt_10_3, signature_10_3 },
976 { message_10_4, salt_10_4, signature_10_4 },
977 { message_10_5, salt_10_5, signature_10_5 },
978 { message_10_6, salt_10_6, signature_10_6 },
983 static uint8 HexDigitValue(char digit) {
984 if ('0' <= digit && digit <= '9')
985 return digit - '0';
986 if ('a' <= digit && digit <= 'f')
987 return digit - 'a' + 10;
988 return digit - 'A' + 10;
991 static bool DecodeTestInput(const char* in, std::vector<uint8>* out) {
992 out->clear();
993 while (in[0] != '\0') {
994 if (!isxdigit(in[0]) || !isxdigit(in[1]) || in[2] != ' ')
995 return false;
996 uint8 octet = HexDigitValue(in[0]) * 16 + HexDigitValue(in[1]);
997 out->push_back(octet);
998 in += 3;
1000 return true;
1003 static bool EncodeRSAPublicKey(const std::vector<uint8>& modulus_n,
1004 const std::vector<uint8>& public_exponent_e,
1005 std::vector<uint8>* public_key_info) {
1006 // The public key is specified as the following ASN.1 structure:
1007 // SubjectPublicKeyInfo ::= SEQUENCE {
1008 // algorithm AlgorithmIdentifier,
1009 // subjectPublicKey BIT STRING }
1011 // The signature algorithm is specified as the following ASN.1 structure:
1012 // AlgorithmIdentifier ::= SEQUENCE {
1013 // algorithm OBJECT IDENTIFIER,
1014 // parameters ANY DEFINED BY algorithm OPTIONAL }
1016 // An RSA public key is specified as the following ASN.1 structure:
1017 // RSAPublicKey ::= SEQUENCE {
1018 // modulus INTEGER, -- n
1019 // publicExponent INTEGER -- e
1020 // }
1021 static const uint8 kIntegerTag = 0x02;
1022 static const uint8 kBitStringTag = 0x03;
1023 static const uint8 kSequenceTag = 0x30;
1024 public_key_info->clear();
1026 // Encode the public exponent e as an INTEGER.
1027 public_key_info->insert(public_key_info->begin(),
1028 public_exponent_e.begin(),
1029 public_exponent_e.end());
1030 uint8 exponent_size = base::checked_cast<uint8>(public_exponent_e.size());
1031 public_key_info->insert(public_key_info->begin(), exponent_size);
1032 public_key_info->insert(public_key_info->begin(), kIntegerTag);
1034 // Encode the modulus n as an INTEGER.
1035 public_key_info->insert(public_key_info->begin(),
1036 modulus_n.begin(), modulus_n.end());
1037 uint16 modulus_size = base::checked_cast<uint16>(modulus_n.size());
1038 if (modulus_n[0] & 0x80) {
1039 public_key_info->insert(public_key_info->begin(), 0x00);
1040 modulus_size++;
1042 public_key_info->insert(public_key_info->begin(), modulus_size & 0xff);
1043 public_key_info->insert(public_key_info->begin(), (modulus_size >> 8) & 0xff);
1044 public_key_info->insert(public_key_info->begin(), 0x82);
1045 public_key_info->insert(public_key_info->begin(), kIntegerTag);
1047 // Encode the RSAPublicKey SEQUENCE.
1048 uint16 info_size = base::checked_cast<uint16>(public_key_info->size());
1049 public_key_info->insert(public_key_info->begin(), info_size & 0xff);
1050 public_key_info->insert(public_key_info->begin(), (info_size >> 8) & 0xff);
1051 public_key_info->insert(public_key_info->begin(), 0x82);
1052 public_key_info->insert(public_key_info->begin(), kSequenceTag);
1054 // Encode the BIT STRING.
1055 // Number of unused bits.
1056 public_key_info->insert(public_key_info->begin(), 0x00);
1057 info_size = base::checked_cast<uint16>(public_key_info->size());
1058 public_key_info->insert(public_key_info->begin(), info_size & 0xff);
1059 public_key_info->insert(public_key_info->begin(), (info_size >> 8) & 0xff);
1060 public_key_info->insert(public_key_info->begin(), 0x82);
1061 public_key_info->insert(public_key_info->begin(), kBitStringTag);
1063 // Encode the AlgorithmIdentifier.
1064 static const uint8 algorithm[] = {
1065 0x30, 0x0d, // a SEQUENCE of length 13
1066 0x06, 0x09, // an OBJECT IDENTIFIER of length 9
1067 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
1068 0x05, 0x00,
1070 public_key_info->insert(public_key_info->begin(),
1071 algorithm, algorithm + sizeof(algorithm));
1073 // Encode the outermost SEQUENCE.
1074 info_size = base::checked_cast<uint16>(public_key_info->size());
1075 public_key_info->insert(public_key_info->begin(), info_size & 0xff);
1076 public_key_info->insert(public_key_info->begin(), (info_size >> 8) & 0xff);
1077 public_key_info->insert(public_key_info->begin(), 0x82);
1078 public_key_info->insert(public_key_info->begin(), kSequenceTag);
1080 return true;
1083 TEST(SignatureVerifierTest, VerifyRSAPSS) {
1084 for (unsigned int i = 0; i < arraysize(pss_test); i++) {
1085 std::vector<uint8> modulus_n;
1086 std::vector<uint8> public_exponent_e;
1087 ASSERT_TRUE(DecodeTestInput(pss_test[i].modulus_n, &modulus_n));
1088 ASSERT_TRUE(DecodeTestInput(pss_test[i].public_exponent_e,
1089 &public_exponent_e));
1090 std::vector<uint8> public_key_info;
1091 ASSERT_TRUE(EncodeRSAPublicKey(modulus_n, public_exponent_e,
1092 &public_key_info));
1094 for (unsigned int j = 0; j < arraysize(pss_test[i].example); j++) {
1095 std::vector<uint8> message;
1096 std::vector<uint8> salt;
1097 std::vector<uint8> signature;
1098 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].message, &message));
1099 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].salt, &salt));
1100 ASSERT_TRUE(DecodeTestInput(pss_test[i].example[j].signature,
1101 &signature));
1103 crypto::SignatureVerifier verifier;
1104 bool ok;
1106 // Positive test.
1107 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1108 crypto::SignatureVerifier::SHA1,
1109 salt.size(),
1110 &signature[0], signature.size(),
1111 &public_key_info[0],
1112 public_key_info.size());
1113 ASSERT_TRUE(ok);
1114 verifier.VerifyUpdate(&message[0], message.size());
1115 ok = verifier.VerifyFinal();
1116 EXPECT_TRUE(ok);
1118 // Modify the first byte of the message.
1119 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1120 crypto::SignatureVerifier::SHA1,
1121 salt.size(),
1122 &signature[0], signature.size(),
1123 &public_key_info[0],
1124 public_key_info.size());
1125 ASSERT_TRUE(ok);
1126 message[0] += 1;
1127 verifier.VerifyUpdate(&message[0], message.size());
1128 message[0] -= 1;
1129 ok = verifier.VerifyFinal();
1130 EXPECT_FALSE(ok);
1132 // Truncate the message.
1133 ASSERT_FALSE(message.empty());
1134 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1135 crypto::SignatureVerifier::SHA1,
1136 salt.size(),
1137 &signature[0], signature.size(),
1138 &public_key_info[0],
1139 public_key_info.size());
1140 ASSERT_TRUE(ok);
1141 verifier.VerifyUpdate(&message[0], message.size() - 1);
1142 ok = verifier.VerifyFinal();
1143 EXPECT_FALSE(ok);
1145 // Corrupt the signature.
1146 signature[0] += 1;
1147 ok = verifier.VerifyInitRSAPSS(crypto::SignatureVerifier::SHA1,
1148 crypto::SignatureVerifier::SHA1,
1149 salt.size(),
1150 &signature[0], signature.size(),
1151 &public_key_info[0],
1152 public_key_info.size());
1153 signature[0] -= 1;
1154 ASSERT_TRUE(ok);
1155 verifier.VerifyUpdate(&message[0], message.size());
1156 ok = verifier.VerifyFinal();
1157 EXPECT_FALSE(ok);