Cryptography Reference
In-Depth Information
hhLen := 2*hLen;
if emLen < hhLen+2 then
return "inconsistent"
end if;
if not IsSuffix("bc", EM) then
return "inconsistent"
end if;
em := Take(EM, hemLen-2);
maskedDB := Take(em, hemLen-hhLen-2);
H := Drop(em, hemLen-hhLen-2);
if not check0bits(Take(maskedDB, 2), 8*emLen-emBits) then
return "inconsistent"
end if;
dbMask := MGF(H, emLen-hLen-1);
DB :=
bytestohexstring(BitXor
∼
(hexstringtobytes(maskedDB), hexstringtobytes(dbMask)));
b := make0bits(Take(DB, 2), 8*emLen-emBits);
DB := cat(b, Drop(DB, 2));
if Take(DB, hemLen-2*hhLen-4) <> Repeat("0", hemLen-2*hhLen-4) or
SubString(DB, hemLen-2*hhLen-3 .. hemLen-2*hhLen-2) <> "01" then
return "inconsistent"
end if;
salt := Drop(DB, hemLen-2*hhLen-2);
M1 := cat(Repeat("00", 8), mHash, salt);
H1 := Hash(M1, hex);
ifH=H1then
"consistent"
else
"inconsistent"
end if
end proc:
The PSS verification algorithm is implemented in the next function
PSSVer
which first performs the RSA verification and then calls
EMSAPSSVer
to complete
the verification process. The required inputs are an RSA public key given as a list
[
, a hexadecimal or text string containing the message, and the signature as
an even-length hexadecimal string. The optional parameters are the same as in the
preceding function and the output is either “valid signature” or “invalid signature”.
> PSSVer := proc(publickey::list,message::string,signature::string, {hLen::posint := 32,
Hash::name := 'SHA256', MGF::name := 'MGF1',messagetype::identical(hex,text):= hex})
local pk, n, e, modBits, s, m, EM, emLen, Result;
pk := stringposint
∼
(publickey);
n := pk[1];
e := pk[2];
modBits := intlog[2](n)+1;
s := OS2IP(signature);
m := Power(s, e) mod n;
EM := I2OSP(m, emLen);
emLen := ceil((modBits-1)/8);
EM := I2OSP(m, emLen);
Result := EMSAPSSVer(message, EM, modBits-1, ':-Hash' = Hash, 'hLen' = hLen,
':-MGF' = MGF, ':-messagetype' = messagetype);
if Result = "consistent" then
"valid signature"
else
"invalid signature"
end if
end proc:
n
,
e
]
Example 9.5
We give a function to test the PSS implementation. Required inputs
are an RSA key and the number of iterations to be performed. The parameter
maxlength
specifies the maximum number of characters (for text messages) or
