Cryptography Reference
In-Depth Information
of the RSA modulus (and hence this integer is smaller than the modulus). It is also
used in step 10 of the EMSA-PSS verification procedure above.
> make0bits := proc(hbyte::string, numbits::nonnegint)
uses StringTools;
local bits, b;
if 8 <= numbits then
error "numbits must be less than 8"
end if;
bits := integer2bits(op(hexstringtobytes(hbyte)), 8);
bits := [0$numbits, op(bits[numbits+1 .. -1])];
b := LowerCase(convert(bits2integer(bits), hex));
if Length(b) = 1 then
cat("0", b)
else
b
end if
end proc:
The next function is used by the EMSA-PSS verification algorithm in step 11 to
check that some of the leftmost bits of
DB
are zero. The input parameters are as in
the preceding function and the output is either
true
, in case the leftmost
numbits
bits of
hbyte
are all zero, or
false
otherwise.
> check0bits := proc(hbyte::string, numbits::nonnegint)
local bits, b;
if 8 <= numbits then
error "numbits must be less than 8"
end if;
bits := integer2bits(op(hexstringtobytes(hbyte)), 8);
evalb(bits[1 .. numbits] = [0$numbits])
end proc:
Example 9.3
Let us consider the byte “ff” and compute the result of setting the
leftmost
i
bits equal to 0, for
i
=
0
,
1
,...,
7:
> make0bits
∼
("ff", [$0 .. 7]);
["ff", "7f", "3f", "1f", "0f", "07", "03", "01"]
> check0bits
∼
(%, [$0 .. 7]);
[true, true, true, true, true, true, true, true]
Next we give the function that implements the EMSA-PSS-Encode algorithm. By
default, we will use the hash function
SHA256
and the mask generating function
MGF1
, both of which were already used in the implementation of RSA-OAEP in
the intended byte length of the salt (the seed in Bellare-Rogaway's terminology).
We will use
sLen
hLen
as suggested in PKCS #1 v2.1 and so the former will not
appear as a parameter. We will not check the maximum message length—specified
in step 2 of EMSA-PSS encoding above—because this maximum is, for the hash
function we use, more than what Maple can handle. As far as possible we keep the
notation in PKCS #1 v2.1.
The required input parameters of the EMSA-PSS encoding function are
M
,forthe
message given either as an even-length hexadecimal string or a text string,
emBits
for the maximum bit length of the encoded message when regarded as an integer, and
salt
for the salt given as an even-length hexadecimal string. The optional parameters
=