Cryptography Reference
In-Depth Information
of the RSA modulus (and hence this integer is smaller than the modulus). It is also
used in step 10 of the EMSA-PSS verification procedure above.
> make0bits := proc(hbyte::string, numbits::nonnegint)
uses StringTools;
local bits, b;
if 8 <= numbits then
error "numbits must be less than 8"
end if;
bits := integer2bits(op(hexstringtobytes(hbyte)), 8);
bits := [0$numbits, op(bits[numbits+1 .. -1])];
b := LowerCase(convert(bits2integer(bits), hex));
if Length(b) = 1 then
cat("0", b)
else
b
end if
end proc:
The next function is used by the EMSA-PSS verification algorithm in step 11 to
check that some of the leftmost bits of DB are zero. The input parameters are as in
the preceding function and the output is either true , in case the leftmost numbits
bits of hbyte are all zero, or false otherwise.
> check0bits := proc(hbyte::string, numbits::nonnegint)
local bits, b;
if 8 <= numbits then
error "numbits must be less than 8"
end if;
bits := integer2bits(op(hexstringtobytes(hbyte)), 8);
evalb(bits[1 .. numbits] = [0$numbits])
end proc:
Example 9.3 Let us consider the byte “ff” and compute the result of setting the
leftmost i bits equal to 0, for i
=
0
,
1
,...,
7:
> make0bits ("ff", [$0 .. 7]);
["ff", "7f", "3f", "1f", "0f", "07", "03", "01"]
> check0bits (%, [$0 .. 7]);
[true, true, true, true, true, true, true, true]
Next we give the function that implements the EMSA-PSS-Encode algorithm. By
default, we will use the hash function SHA256 and the mask generating function
MGF1 , both of which were already used in the implementation of RSA-OAEP in
Sect. 8.3.7 . As we saw in the description above, another required input is sLen , namely
the intended byte length of the salt (the seed in Bellare-Rogaway's terminology).
We will use sLen
hLen as suggested in PKCS #1 v2.1 and so the former will not
appear as a parameter. We will not check the maximum message length—specified
in step 2 of EMSA-PSS encoding above—because this maximum is, for the hash
function we use, more than what Maple can handle. As far as possible we keep the
notation in PKCS #1 v2.1.
The required input parameters of the EMSA-PSS encoding function are M ,forthe
message given either as an even-length hexadecimal string or a text string, emBits
for the maximum bit length of the encoded message when regarded as an integer, and
salt for the salt given as an even-length hexadecimal string. The optional parameters
=
Search WWH ::




Custom Search