def testPSSRountTripEquiv(self):
pss = PSSPadding()
m = b'This is a test message'
em = pss.encode(m)
self.assertTrue(pss.verify(m, em))
def testPSSTestVector(self):
# Test vector taken from http://www.rsa.com/rsalabs/node.asp?id=2125
# ---------------------------------
# Step-by-step RSASSA-PSS Signature
# ---------------------------------
# Message M to be signed:
m = a2b_hex(bytes('85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55\
bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64\
78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17\
3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27\
12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0\
4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74\
ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98\
90 fc'.replace(" ", ""),'utf-8'))
# mHash = Hash(M)
# salt = random string of octets
# M' = Padding || mHash || salt
# H = Hash(M')
# DB = Padding || salt
# dbMask = MGF(H, length(DB))
# maskedDB = DB xor dbMask (leftmost bit set to
# zero)
# EM = maskedDB || H || 0xbc
# mHash:
mHash = a2b_hex(bytes('37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1\
10 e6 2d 6a'.replace(" ", ""),'utf-8'))
# salt:
salt = a2b_hex(bytes('e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8\
3b ce 7e 61'.replace(" ", ""),'utf-8'))
# M':
mPrime = a2b_hex(bytes('00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35\
3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0\
02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(" ", ""),'utf-8'))
# H:
H = a2b_hex(bytes('df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54\
6f be 8c fe'.replace(" ", ""),'utf-8'))
# DB:
DB = a2b_hex(bytes('00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\
00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c\
2b 65 ef 88 a1 88 d8 3b ce 7e 61'.replace(" ", ""),'utf-8'))
# dbMask:
dbMask = a2b_hex(bytes('66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67\
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af\
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4\
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1\
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec\
d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46\
5e 87 a4 53 5c d4 c5 9b 10 02 8d'.replace(" ", ""),'utf-8'))
# maskedDB:
maskedDB = a2b_hex(bytes('66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67\
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af\
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4\
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1\
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec\
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a\
75 e2 4b db fd 5c 1d a0 de 7c ec'.replace(" ", ""),'utf-8'))
# Encoded message EM:
EM = a2b_hex(bytes('66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67\
d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af\
50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4\
d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1\
e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec\
d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a\
75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d\
8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc'.replace(" ", ""),'utf-8'))
if debug:
print("PSS Test Vector:")
print("M =>", m)
print("Mlen =>", len(m))
print("mHash =>", mHash)
print("salt =>", salt)
print("M' =>", mPrime)
print("H =>", H)
print("DB =>", DB)
print("dbmask=>", dbMask)
print("masked=>", maskedDB)
print("EM =>", EM)
print("EMLen =>", len(EM))
pss = PSSPadding()
realEM = pss.encode(m,len(EM)*8,salt)
self.assertEqual(EM, realEM)
def __init__(self, padding=PSSPadding()):
RSA.__init__(self)
PKSig.__init__(self)
self.paddingscheme = padding