Mercurial > dropbear
view libtomcrypt/notes/rsa-testvectors/pss-int.txt @ 1857:6022df862942
Use DSCP for IP QoS traffic classes
The previous TOS values are deprecated and not used by modern traffic
classifiers. This sets AF21 for "interactive" traffic (with a tty).
Non-tty traffic sets AF11 - that indicates high throughput but is not
lowest priority (which would be CS1 or LE).
This differs from the CS1 used by OpenSSH, it lets interactive git over SSH
have higher priority than background least effort traffic. Dropbear's settings
here should be suitable with the diffservs used by CAKE qdisc.
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 25 Jan 2022 17:32:20 +0800 |
| parents | 6dba84798cd5 |
| children |
line wrap: on
line source
# ================================= # WORKED-OUT EXAMPLE FOR RSASSA-PSS # ================================= # # This file gives an example of the process of # signing a message with RSASSA-PSS as # specified in PKCS #1 v2.1. # # The message is an octet string of length 114, # while the size of the modulus in the public # key is 1024 bits. The message is signed via a # random salt of length 20 octets # # The underlying hash function in the EMSA-PSS # encoding method is SHA-1; the mask generation # function is MGF1 with SHA-1 as specified in # PKCS #1 v2.1. # # Integers are represented by strings of octets # with the leftmost octet being the most # significant octet. For example, # # 9,202,000 = (0x)8c 69 50. # # ============================================= # ------------------------------ # Components of the RSA Key Pair # ------------------------------ # RSA modulus n: a2 ba 40 ee 07 e3 b2 bd 2f 02 ce 22 7f 36 a1 95 02 44 86 e4 9c 19 cb 41 bb bd fb ba 98 b2 2b 0e 57 7c 2e ea ff a2 0d 88 3a 76 e6 5e 39 4c 69 d4 b3 c0 5a 1e 8f ad da 27 ed b2 a4 2b c0 00 fe 88 8b 9b 32 c2 2d 15 ad d0 cd 76 b3 e7 93 6e 19 95 5b 22 0d d1 7d 4e a9 04 b1 ec 10 2b 2e 4d e7 75 12 22 aa 99 15 10 24 c7 cb 41 cc 5e a2 1d 00 ee b4 1f 7c 80 08 34 d2 c6 e0 6b ce 3b ce 7e a9 a5 # RSA public exponent e: 01 00 01 # Prime p: d1 7f 65 5b f2 7c 8b 16 d3 54 62 c9 05 cc 04 a2 6f 37 e2 a6 7f a9 c0 ce 0d ce d4 72 39 4a 0d f7 43 fe 7f 92 9e 37 8e fd b3 68 ed df f4 53 cf 00 7a f6 d9 48 e0 ad e7 57 37 1f 8a 71 1e 27 8f 6b # Prime q: c6 d9 2b 6f ee 74 14 d1 35 8c e1 54 6f b6 29 87 53 0b 90 bd 15 e0 f1 49 63 a5 e2 63 5a db 69 34 7e c0 c0 1b 2a b1 76 3f d8 ac 1a 59 2f b2 27 57 46 3a 98 24 25 bb 97 a3 a4 37 c5 bf 86 d0 3f 2f # p's CRT exponent dP: 9d 0d bf 83 e5 ce 9e 4b 17 54 dc d5 cd 05 bc b7 b5 5f 15 08 33 0e a4 9f 14 d4 e8 89 55 0f 82 56 cb 5f 80 6d ff 34 b1 7a da 44 20 88 53 57 7d 08 e4 26 28 90 ac f7 52 46 1c ea 05 54 76 01 bc 4f # q's CRT exponent dQ: 12 91 a5 24 c6 b7 c0 59 e9 0e 46 dc 83 b2 17 1e b3 fa 98 81 8f d1 79 b6 c8 bf 6c ec aa 47 63 03 ab f2 83 fe 05 76 9c fc 49 57 88 fe 5b 1d df de 9e 88 4a 3c d5 e9 36 b7 e9 55 eb f9 7e b5 63 b1 # CRT coefficient qInv: a6 3f 1d a3 8b 95 0c 9a d1 c6 7c e0 d6 77 ec 29 14 cd 7d 40 06 2d f4 2a 67 eb 19 8a 17 6f 97 42 aa c7 c5 fe a1 4f 22 97 66 2b 84 81 2c 4d ef c4 9a 80 25 ab 43 82 28 6b e4 c0 37 88 dd 01 d6 9f # --------------------------------- # Step-by-step RSASSA-PSS Signature # --------------------------------- # Message M to be signed: 85 9e ef 2f d7 8a ca 00 30 8b dc 47 11 93 bf 55 bf 9d 78 db 8f 8a 67 2b 48 46 34 f3 c9 c2 6e 64 78 ae 10 26 0f e0 dd 8c 08 2e 53 a5 29 3a f2 17 3c d5 0c 6d 5d 35 4f eb f7 8b 26 02 1c 25 c0 27 12 e7 8c d4 69 4c 9f 46 97 77 e4 51 e7 f8 e9 e0 4c d3 73 9c 6b bf ed ae 48 7f b5 56 44 e9 ca 74 ff 77 a5 3c b7 29 80 2f 6e d4 a5 ff a8 ba 15 98 90 fc # mHash = Hash(M) # salt = random string of octets # M' = Padding || mHash || salt # H = Hash(M') # DB = Padding || salt # dbMask = MGF(H, length(DB)) # maskedDB = DB xor dbMask (leftmost bit set to # zero) # EM = maskedDB || H || 0xbc # mHash: 37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a # salt: e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61 # M': 00 00 00 00 00 00 00 00 37 b6 6a e0 44 58 43 35 3d 47 ec b0 b4 fd 14 c1 10 e6 2d 6a e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61 # H: df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe # DB: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 e3 b5 d5 d0 02 c1 bc e5 0c 2b 65 ef 88 a1 88 d8 3b ce 7e 61 # dbMask: 66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec d3 18 3a 31 1f c8 97 39 a9 66 43 13 6e 8b 0f 46 5e 87 a4 53 5c d4 c5 9b 10 02 8d # maskedDB: 66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a 75 e2 4b db fd 5c 1d a0 de 7c ec # Encoded message EM: 66 e4 67 2e 83 6a d1 21 ba 24 4b ed 65 76 b8 67 d9 a4 47 c2 8a 6e 66 a5 b8 7d ee 7f bc 7e 65 af 50 57 f8 6f ae 89 84 d9 ba 7f 96 9a d6 fe 02 a4 d7 5f 74 45 fe fd d8 5b 6d 3a 47 7c 28 d2 4b a1 e3 75 6f 79 2d d1 dc e8 ca 94 44 0e cb 52 79 ec d3 18 3a 31 1f c8 96 da 1c b3 93 11 af 37 ea 4a 75 e2 4b db fd 5c 1d a0 de 7c ec df 1a 89 6f 9d 8b c8 16 d9 7c d7 a2 c4 3b ad 54 6f be 8c fe bc # Signature S, the RSA decryption of EM: 8d aa 62 7d 3d e7 59 5d 63 05 6c 7e c6 59 e5 44 06 f1 06 10 12 8b aa e8 21 c8 b2 a0 f3 93 6d 54 dc 3b dc e4 66 89 f6 b7 95 1b b1 8e 84 05 42 76 97 18 d5 71 5d 21 0d 85 ef bb 59 61 92 03 2c 42 be 4c 29 97 2c 85 62 75 eb 6d 5a 45 f0 5f 51 87 6f c6 74 3d ed dd 28 ca ec 9b b3 0e a9 9e 02 c3 48 82 69 60 4f e4 97 f7 4c cd 7c 7f ca 16 71 89 71 23 cb d3 0d ef 5d 54 a2 b5 53 6a d9 0a 74 7e # =============================================