def testPSSTestVector(self): # Test vector taken from http://www.rsa.com/rsalabs/node.asp?id=2125 # --------------------------------- # Step-by-step RSASSA-PSS Signature # --------------------------------- # Message M to be signed: m = a2b_hex(bytes('85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55\ bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64\ 78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17\ 3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27\ 12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0\ 4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74\ ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98\ 90 fc'.replace(" ", ""),'utf-8')) # mHash = Hash(M) # salt = random string of octets # M' = Padding || mHash || salt # H = Hash(M') # DB = Padding || salt # dbMask = MGF(H, length(DB)) # maskedDB = DB xor dbMask (leftmost bit set to # zero) # EM = maskedDB || H || 0xbc # mHash: mHash = a2b_hex(bytes('37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1\ 10 e6 2d 6a'.replace(" ", ""),'utf-8')) # salt: salt = a2b_hex(bytes('e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8\ 3b ce 7e 61'.replace(" ", ""),'utf-8')) # M': mPrime = a2b_hex(bytes('00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35\ 3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0\ 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(" ", ""),'utf-8')) # H: H = a2b_hex(bytes('df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54\ 6f be 8c fe'.replace(" ", ""),'utf-8')) # DB: DB = a2b_hex(bytes('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\ 00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c\ 2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(" ", ""),'utf-8')) # dbMask: dbMask = a2b_hex(bytes('66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67\ d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af\ 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4\ d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1\ e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec\ d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46\ 5e 87 a4 53 5c d4 c5 9b 10 02 8d'.replace(" ", ""),'utf-8')) # maskedDB: maskedDB = a2b_hex(bytes('66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67\ d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af\ 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4\ d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1\ e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec\ d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a\ 75 e2 4b db fd 5c 1d a0 de 7c ec'.replace(" ", ""),'utf-8')) # Encoded message EM: EM = a2b_hex(bytes('66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67\ d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af\ 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4\ d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1\ e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec\ d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a\ 75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d\ 8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc'.replace(" ", ""),'utf-8')) if debug: print("PSS Test Vector:") print("M =>", m) print("Mlen =>", len(m)) print("mHash =>", mHash) print("salt =>", salt) print("M' =>", mPrime) print("H =>", H) print("DB =>", DB) print("dbmask=>", dbMask) print("masked=>", maskedDB) print("EM =>", EM) print("EMLen =>", len(EM)) pss = PSSPadding() realEM = pss.encode(m,len(EM)*8,salt) self.assertEqual(EM, realEM)
def testPSSRountTripEquiv(self): pss = PSSPadding() m = b'This is a test message' em = pss.encode(m) self.assertTrue(pss.verify(m, em))