pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-wrong-salt.pem - boringssl.git - Git at Google

 This is the same as rsa-pss-sha256.pem, except the signature was generated
 with a salt length of 33 instead of 32, while the algorithm still reports
 the standard value of 32.

 The public key in SPKI form:
 $ openssl pkey -in key.pem -pubout


 $ openssl asn1parse -i < [PUBLIC KEY]
     0:d=0  hl=4 l= 290 cons: SEQUENCE
     4:d=1  hl=2 l=  13 cons:  SEQUENCE
     6:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
    17:d=2  hl=2 l=   0 prim:   NULL
    19:d=1  hl=4 l= 271 prim:  BIT STRING
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLXm/Q4HSJdP/k
 ECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFzUZ3rBOMp4yESFLWoSL0quL
 0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIFIEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8e
 maGu50OKRSgziQB50JHKD0zRsh1cgUcQTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQd
 AzDYRQ/bq/v7LNYQc+Gud+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIa
 l6ARF0iWUXQIDAQAB
 -----END PUBLIC KEY-----

 The signing algorithm:

 $ openssl asn1parse -i < [ALGORITHM]
     0:d=0  hl=2 l=  65 cons: SEQUENCE
     2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
    13:d=1  hl=2 l=  52 cons:  SEQUENCE
    15:d=2  hl=2 l=  15 cons:   cont [ 0 ]
    17:d=3  hl=2 l=  13 cons:    SEQUENCE
    19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
    30:d=4  hl=2 l=   0 prim:     NULL
    32:d=2  hl=2 l=  28 cons:   cont [ 1 ]
    34:d=3  hl=2 l=  26 cons:    SEQUENCE
    36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
    47:d=4  hl=2 l=  13 cons:     SEQUENCE
    49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
    60:d=5  hl=2 l=   0 prim:      NULL
    62:d=2  hl=2 l=   3 cons:   cont [ 2 ]
    64:d=3  hl=2 l=   1 prim:    INTEGER           :20
 -----BEGIN ALGORITHM-----
 MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
 DBAIBBQCiAwIBIA==
 -----END ALGORITHM-----

 -----BEGIN DATA-----
 x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
 frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
 nNV1xPnLMnlRuM3+QIcWg=
 -----END DATA-----

 The signature was generated with:
 $ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \
     -sigopt rsa_pss_saltlen:33 < [DATA] > [SIGNATURE]

 Then the signature was wrapped in a BIT STRING.

 $ openssl asn1parse -i < [SIGNATURE]
     0:d=0  hl=4 l= 257 prim: BIT STRING
 -----BEGIN SIGNATURE-----
 A4IBAQB4R+AnrWUH+TvyBU3yR1GP1ghodbwUZdyJfG1rqzEqpY/MJtsd1YM9bC9qFqHao1+idLj
 +WSl91hbtZAEtNb0TDdXkO+iattPYsTBAeLm70A7DbqwM7s/1rTp0KJ4QFOJe05wYO+p/zHZ4Oi
 yhx2bCx+8J1FLlYEtwR0NhwRwPflVO7TNZC1l40iqkiyxsJrXsibuFnFnBe6BytBdlKF/CHFuve
 6z5aLauuuQtA17I6YRZ4cdKceD9I3HsNVhe+V1V10YoMDx3AywQTnaM+Au+VoxHU6oh9KP5lrrz
 BhPZPDtzfF++4Ag2Vd2OGFvPoL8xTp3S8QG5iVs90BkW8GvL
 -----END SIGNATURE-----
	This is the same as rsa-pss-sha256.pem, except the signature was generated
	with a salt length of 33 instead of 32, while the algorithm still reports
	the standard value of 32.

	The public key in SPKI form:
	$ openssl pkey -in key.pem -pubout


	$ openssl asn1parse -i < [PUBLIC KEY]
	0:d=0 hl=4 l= 290 cons: SEQUENCE
	4:d=1 hl=2 l= 13 cons: SEQUENCE
	6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
	17:d=2 hl=2 l= 0 prim: NULL
	19:d=1 hl=4 l= 271 prim: BIT STRING
	-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLXm/Q4HSJdP/k
	ECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFzUZ3rBOMp4yESFLWoSL0quL
	0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIFIEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8e
	maGu50OKRSgziQB50JHKD0zRsh1cgUcQTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQd
	AzDYRQ/bq/v7LNYQc+Gud+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIa
	l6ARF0iWUXQIDAQAB
	-----END PUBLIC KEY-----

	The signing algorithm:

	$ openssl asn1parse -i < [ALGORITHM]
	0:d=0 hl=2 l= 65 cons: SEQUENCE
	2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss
	13:d=1 hl=2 l= 52 cons: SEQUENCE
	15:d=2 hl=2 l= 15 cons: cont [ 0 ]
	17:d=3 hl=2 l= 13 cons: SEQUENCE
	19:d=4 hl=2 l= 9 prim: OBJECT :sha256
	30:d=4 hl=2 l= 0 prim: NULL
	32:d=2 hl=2 l= 28 cons: cont [ 1 ]
	34:d=3 hl=2 l= 26 cons: SEQUENCE
	36:d=4 hl=2 l= 9 prim: OBJECT :mgf1
	47:d=4 hl=2 l= 13 cons: SEQUENCE
	49:d=5 hl=2 l= 9 prim: OBJECT :sha256
	60:d=5 hl=2 l= 0 prim: NULL
	62:d=2 hl=2 l= 3 cons: cont [ 2 ]
	64:d=3 hl=2 l= 1 prim: INTEGER :20
	-----BEGIN ALGORITHM-----
	MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWU
	DBAIBBQCiAwIBIA==
	-----END ALGORITHM-----

	-----BEGIN DATA-----
	x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
	frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
	nNV1xPnLMnlRuM3+QIcWg=
	-----END DATA-----

	The signature was generated with:
	$ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \
	-sigopt rsa_pss_saltlen:33 < [DATA] > [SIGNATURE]

	Then the signature was wrapped in a BIT STRING.

	$ openssl asn1parse -i < [SIGNATURE]
	0:d=0 hl=4 l= 257 prim: BIT STRING
	-----BEGIN SIGNATURE-----
	A4IBAQB4R+AnrWUH+TvyBU3yR1GP1ghodbwUZdyJfG1rqzEqpY/MJtsd1YM9bC9qFqHao1+idLj
	+WSl91hbtZAEtNb0TDdXkO+iattPYsTBAeLm70A7DbqwM7s/1rTp0KJ4QFOJe05wYO+p/zHZ4Oi
	yhx2bCx+8J1FLlYEtwR0NhwRwPflVO7TNZC1l40iqkiyxsJrXsibuFnFnBe6BytBdlKF/CHFuve
	6z5aLauuuQtA17I6YRZ4cdKceD9I3HsNVhe+V1V10YoMDx3AywQTnaM+Au+VoxHU6oh9KP5lrrz
	BhPZPDtzfF++4Ag2Vd2OGFvPoL8xTp3S8QG5iVs90BkW8GvL
	-----END SIGNATURE-----