Cryptography Reference
In-Depth Information
are Hash for the name of the hash function used (with SHA256 as default), hLen
for the byte length of the hash function output (with 32 as default), MGF for the mask
generating function (with MGF1 the default) and, finally, messagetype ,usedto
specify whether the message is a text string or a hexadecimal string (with hex as
default). The output is the encoded message EM .
> EMSAPSSEnc := proc(M::string, emBits::posint, salt::string, {Hash::name:='SHA256',
hLen:=32, MGF::name:='MGF1', messagetype::identical(hex,text):=hex})
uses StringTools;
local mHash, emLen, hhLen, s, M1, H, PS, DB, dbMask, maskedDB;
mHash := Hash(M, messagetype);
emLen := ceil(emBits/8);
if emLen < 2*hLen+2 then
error "encoding error"
end if;
hhLen := 2*hLen;
if _params['salt'] = NULL then
Randomize();
s := LowerCase(Random(hhLen, xdigit))
else
if not IsHexDigit(salt) or Length(salt) <> hhLen then
error "salt must be a hex string of %1 bytes" ,hLen
end if;
s := salt
end if;
M1 := cat(Repeat("00", 8), mHash, s);
H := Hash(M1, hex);
PS := Repeat("00", emLen-2*hLen-2);
DB := cat(PS, "01", s);
dbMask := MGF(H, emLen-hLen-1);
maskedDB :=
bytestohexstring(BitXor (hexstringtobytes(DB),hexstringtobytes(dbMask)));
maskedDB := cat(make0bits(Take(maskedDB, 2), 8*emLen-emBits),Drop(maskedDB, 2));
cat(maskedDB, H, "bc")
end proc:
For demonstration and testing purposes, EMSAPSSEnc will also work if no argu-
ment is passed to the salt parameter, in which case the salt string will be pseudo-
randomly generated inside the procedure. As on other similar occasions, we warn that
the security reduction does not apply to the resulting scheme; for it to be applicable,
an externally generated random salt should be supplied to the function.
Next we give the PSS signing function, which calls the previous one to encode the
message and then uses the RSA private key to sign it. The required input parameters
are privatekey for the private key given as a list
(or in the format output
by the function RSAKeyGen in Sect. 8.3.3 ) , message for the message, and salt
for the salt, where the last two parameters have the same format as in the preceding
function. The optional keyword parameters are also the same as in the previous
function. As before, if no value is passed to salt , the signing algorithm will use a
pseudo-randomly generated one. The output of the function is the signature, given
as a hexadecimal byte string.
> PSSSign := proc(privatekey::list,message::string,salt::string,{Hash::name := 'SHA256',
hLen::posint := 32, MGF::name := 'MGF1', messagetype::identical(hex,text) := hex})
local sk, n, d, modBits, EM, m, s, k;
sk := stringposint (privatekey);
n := sk[1];
[
n
,
d
]
Search WWH ::




Custom Search