summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--GNUmakefile8
-rw-r--r--Readme.txt27
-rw-r--r--TestVectors/all.txt13
-rw-r--r--TestVectors/dlies.txt132
-rw-r--r--TestVectors/nr.txt615
-rw-r--r--TestVectors/rsa_pss.txt2083
-rw-r--r--TestVectors/rw.txt791
-rw-r--r--algparam.cpp12
-rw-r--r--algparam.h54
-rw-r--r--asn.h6
-rw-r--r--base64.cpp2
-rw-r--r--basecode.cpp21
-rw-r--r--basecode.h6
-rw-r--r--bench.cpp20
-rw-r--r--config.h2
-rw-r--r--cryptlib.cpp71
-rw-r--r--cryptlib.dsp6
-rw-r--r--cryptlib.h227
-rw-r--r--datatest.cpp20
-rw-r--r--eccrypto.cpp4
-rw-r--r--eccrypto.h8
-rw-r--r--elgamal.h4
-rw-r--r--esign.h31
-rw-r--r--factory.h4
-rw-r--r--filters.cpp15
-rw-r--r--filters.h19
-rw-r--r--fips140.cpp18
-rw-r--r--fips140.h7
-rw-r--r--fipstest.cpp4
-rw-r--r--gfpcrypt.cpp50
-rw-r--r--gfpcrypt.h55
-rw-r--r--hex.h6
-rw-r--r--integer.cpp10
-rw-r--r--iterhash.cpp9
-rw-r--r--iterhash.h1
-rw-r--r--luc.cpp6
-rw-r--r--luc.h24
-rw-r--r--oaep.cpp12
-rw-r--r--oaep.h8
-rw-r--r--osrng.h32
-rw-r--r--pkcspad.cpp75
-rw-r--r--pkcspad.h76
-rw-r--r--polynomi.cpp2
-rw-r--r--polynomi.h8
-rw-r--r--pssr.cpp126
-rw-r--r--pssr.h199
-rw-r--r--pubkey.cpp116
-rw-r--r--pubkey.h741
-rw-r--r--rabin.cpp13
-rw-r--r--rabin.h20
-rw-r--r--regtest.cpp7
-rw-r--r--rsa.cpp85
-rw-r--r--rsa.h44
-rw-r--r--rw.cpp122
-rw-r--r--rw.h76
-rw-r--r--simple.h2
-rw-r--r--socketft.h1
-rw-r--r--test.cpp7
-rw-r--r--usage.dat2
-rw-r--r--validat1.cpp51
-rw-r--r--validat2.cpp63
-rw-r--r--validate.h1
-rw-r--r--wait.cpp151
-rw-r--r--wait.h7
64 files changed, 5151 insertions, 1287 deletions
diff --git a/GNUmakefile b/GNUmakefile
index 375e531..942f7bd 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -17,11 +17,17 @@ CXXFLAGS += -pipe
endif
ifeq ($(UNAME),Darwin)
+AR = libtool
+ARFLAGS = -static -o
+CXXFLAGS += -D__pic__
+IS_GCC2 = $(shell c++ -v 2>&1 | grep -c gcc-932)
+ifeq ($(IS_GCC2),1)
+CXXFLAGS += -fno-coalesce-templates -fno-coalesce-static-vtables
CXX = c++
-CXXFLAGS += -D__pic__ -fno-coalesce-templates -fno-coalesce-static-vtables
LDLIBS += -lstdc++
LDFLAGS += -flat_namespace -undefined suppress -m
endif
+endif
ifeq ($(UNAME),SunOS)
LDLIBS += -lnsl -lsocket
diff --git a/Readme.txt b/Readme.txt
index 06a9a12..e86ca49 100644
--- a/Readme.txt
+++ b/Readme.txt
@@ -58,28 +58,26 @@ and build the "cryptest" project. This will compile Crypto++ as a static
library and also build the test driver. Run the test driver and make sure
the validation suite passes. Then to use the library simply insert the
"cryptlib.dsp" project file into your own application workspace as a
-dependent project. You may need to check the compiler options to make sure
+dependent project. You should check the compiler options to make sure
that the library and your application are using the same C++ run-time
-libraries.
+libraries and calling conventions.
A makefile is included for you to compile Crypto++ with GCC. Make sure
you are using GNU Make and GNU ld. The make process will produce two files,
libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the validation
suite.
-Crypto++ is documented mostly through comments in header files. If you are
-not familiar with cryptography, I suggest that you read an introductory
-text (such as Bruce Schneier's _Applied Cryptography_) before attempting
-to use this library. Then, you should start by looking at
-cryptlib.h, which contains the main abstract base classes and their
-descriptions, and test.cpp, which contains sample/test code. There
-should also be a link on http://www.cryptopp.com to an HTML reference
-manual generated from the inline documentation.
+Crypto++ is documented through inline comments in header files, which are
+processed through Doxygen to produce an HTML reference manual. You can find
+a link to the manual from http://www.cryptopp.com. Also at that site is
+the Crypto++ FAQ, which you should browse through before attempting to
+use this library, because it will likely answer many of questions that
+may come up.
If you run into any problems, please try the Crypto++ mailing list.
The subscription information and the list archive are available on
http://www.cryptopp.com. You can also email me directly at
-weidai@eskimo.com, but you will probably get a faster response through
+cryptopp@weidai.com, but you will probably get a faster response through
the mailing list.
Finally, a couple of usage notes to keep in mind:
@@ -245,5 +243,10 @@ History
- added known answer test for X9.17 RNG in FIPS 140 power-up self test
5.1 (in development)
+ - added PSS padding and changed PSSR to track IEEE P1363a draft standard
+ - added blinding for RSA and Rabin to defend against timing attacks
- fixed a bug in CBC and ECB modes with processing non-aligned data
- - removed Sapphire
+ - fixed a standard conformance bug in DLIES/DHAES mode
+ (fix is not backwards compatible)
+ - fixed a number of minor bugs and portability problems
+ - removed Sapphire
diff --git a/TestVectors/all.txt b/TestVectors/all.txt
new file mode 100644
index 0000000..a9749c6
--- /dev/null
+++ b/TestVectors/all.txt
@@ -0,0 +1,13 @@
+AlgorithmType: FileList
+Name: all.txt collection
+Test: dlies.txt
+Test: dsa.txt
+Test: dsa_1363.txt
+Test: esign.txt
+Test: hmac.txt
+Test: nr.txt
+Test: rsa_oaep.txt
+Test: rsa_pkcs1_1_5.txt
+Test: rsa_pss.txt
+Test: rw.txt
+Test: sha.txt
diff --git a/TestVectors/dlies.txt b/TestVectors/dlies.txt
index 0716857..e7bdf17 100644
--- a/TestVectors/dlies.txt
+++ b/TestVectors/dlies.txt
@@ -32,22 +32,22 @@ PublicKey: \
2c8a33f08636
Test: KeyPairValidAndConsistent
Plaintext: 76
-Ciphertext: 208354217E0CA735295C2953115AB0C8450571A0241EFE3DEA007018339FC992C238E38514ACD7C5F8EC1CAE063B58318D96ECBDB6B26651343FBFBA3A872FE2FA6DDC819E6ADF6ED1B1BE0F512C8414D11BC1E64ECBCB3204A50F963AB8D7F142592C77909F4EAACE20AC2E182238597F000F5552B7FAAE225A2D67AA3799825DC8BEB0D8CC9976FE96CEDA05BD1AD299EEDF26DE
+Ciphertext: B11D906CC5A8E71CA8962A8CC0AC4CAFF2DA00DC130C370F42D11FCF5C37DE046EBC07C7D457CA351CE456A043695D14ED055ADAD2B58BE0DF992685EF8B0D21597A43D7B3D9634A077CB70C4590CD73C20FAAACBC5649413EECA0C7B3CBF469E531299398F61496C51FE9FFE48AE9FE6034F104EFC562DE9529C776B86ADD4025AD6B0C3687B012F92C7B9E82F794E4FBE247D644
Test: DecryptMatch
Plaintext: 89338CE80AFB62E9577A310E40311BB3F77F
-Ciphertext: 5E6DE09924109FA7EDF7EED2964D639BB2CF49E4B99B8C0F6872F30654DE32F9F74383BC294B0D73554D4482766ABDF3D2D42BE8125146ED1A66FFC3E77BDC4A33A5788B707E6E83FD3A3B6D0E33EA7D3CE68BD42697E891C59B6CCD4D2C4C0541EEE2377D5475CCD2C5109752C4F0F2A348CE74A841F6831B02C7FBADFC043688393F088239D91952F6FA05AB14A90157EA269B8109E7A177427E78479FC0A9C4535F544BF2
+Ciphertext: 8A33B0E212DB8155CA796B472F55CD77267C9106229B6055141EA3AAAE42AD27249D90E70F892B0CDC80D29D3D586A5CA6FE67D4BB44C58B03496708F80681125DCEF983B7453B1E4F927438BD2E3E506C1951E9F19BA70F9B687012440CD75C0BB78BDCFAB22AF535D3E2670ABD1F4D44ED95F3360536612B1A7DF35E2A88F66BD6E8C813EB9DC89D93A85C9A0BA13E4862B91171B681E64A0750197C6467B22566BC640E11
Test: DecryptMatch
Plaintext: 0835455ABD53E6FB11ED9B0C00485D3C6845DB
-Ciphertext: B5EAA059C9561FB6F173F459BB68983E69A568829177D8722571D380AD274D9C29B0ABBA8422C2C3647D1CFAE9C3FEF397518CAC5C72DF7B605AF9E926220019E17CDEB6565EBA2D61FA3A9886D9516E0E238E4404B3B1A160F0800A4E41753A818E06B295762DE134871B954279867D9749D8EE0681A647BC578FB4508873BED896BF95D506C25710A3A839725DB7FF763B2B51164C5A2B2876FF57E1B656E31F5A2F200FFFB4
+Ciphertext: A81181517BD270B0D921AF735052898932008DF00D501EDE0D2D564871D61A6A837776E8D7C7F9B0E5F9181C1FC68BC430F30ABB1A64D62B444C0AC5AAE588B4481AEF08B38E466155F10CA04C8202F281186016AE35212A2C7815A22DB2750ABD526D285BDBC598672BFB52E95CE33A0D3E5DCF4CF5F46224CFBB85297F3AB170C8B9478994E32D9A21A452B095D3D902E92C7E444A3307FDD7256FE49341142E5FF7A616475A
Test: DecryptMatch
Plaintext: 1EBED48EC47B6987091C52BC
-Ciphertext: 45BA361549BA3E45AF828BFA5D54C8020B7D3002DE0FC7F4CD60010C0148407A97B74372825DA7FD4CBCCE956B5EB80BD209CFFF7F9F15238F56D5B48D635D58192819F6EE07156DF25B49A6D5C5EBF132323EC8B0EA7B3552F64788E84999B49EDDB1324E642D8DA7EFCDE08663B23D1136B2A9F63CBF30D9DB202A8C294700277314ADBA6468E45BCD917702F7EF748453EF37253457B52D3EF0E6D5507D1A
+Ciphertext: 1DF446FF43AAAAAC8E3F7D70C912E2D45AB832BCA3D0FBD17AF864B9EA878C45B9E2902804171A739A0552BB7CE0CD46DC16343714CC9C2E71AE26304885EEEB242665814DD9E33C480ABA214755D5449F16CD8870D1AB3A8E64E45E463AB3F4D3031FA3ECD395B61B372602665FCF218D9C51E8C791FA1E5BCC2916EFBB482E1814632CDF0F1852EE4943D9652DAA4E1F3B22F17F57F51D52A0997BED5B04ED
Test: DecryptMatch
Plaintext: 65D8
-Ciphertext: 4A93FAA07DBEADC0C1ED71DE6FC3D9E9F65EF45A944338CE8B784891A36056E2F97274B673A8236BF8D0B4E1995C073C007D7063371520B53855266A66773A46FDFFF11C7B250FDD7A6C88DA76BDED9B771F2B8346BBC653A50EC6D7D77D0114246E8A376093AC8841C6F59E21B2C85E7230DFEC12DCA130C4305372B3E59297B440FF5DC32FEAD31BF25688EF8EBEEE3E2135D81C5C
+Ciphertext: 4385797FD38AD5DFBB4F613BC87637B0051501E57699A5880E235DB7A6994A04A1613D0C8E07E36AFD08F2E47D018951B22E7625DA647AA1A0791DB3B2FA794610892D9A3D3F173CF95277B4B1EB92579A229510B67E171CB5BBA8B3AA732047BA038816A30124AF1C4C57CA80E93AACCC8EC70BCF7867914E7DE2C403568F9778F8DBEAF08FDB9F48452054C9735DC84F012DF8FE17
Test: DecryptMatch
Plaintext: F86D8ED91E9934125DA6E9B4E97545C83A
-Ciphertext: 1C32929D2748575F63D9E732D8CBE133238A917885B2C16F6A2EC29B8417F4FEB2FC408D3BD23E7261CBAAE496EAA394C141F450CD4A3373F1A5013D20AA981B8A1B3E744EE7F5719A8B9F631074E597B4550C79FACC78189655270D01FD825D767AA662EEB5F8809BA58318E3704FC8C0D8866AAD822DF6EF05F14C08CD80FC0F45D73B092883EF6DE3890DFC006421739FB7E98C6074DCE97CEB98D8A8147BB735BCF593
+Ciphertext: 13B0AE03AB532D5E31C9384B4E726A9AC73583CFBB0643EC322E3D2D45D9358CAF745B0541C136E8AA2220C42CEC9E1ED174886475538732AA6D6417DA89FA411AEDEADCD9F15D25D27D0AE252F77E888470AE696D5805CE8CCCB40B45D4AA835E97C7BF2CD6A2B4FEC6FCF858606CE4695DCE998C518360068ED028FC882478BF96096D92C166899EB51778BC4B7DA1BA8C4B6CEBA1139F17CEE484EA104A0325420A3D56
Test: DecryptMatch
Comment: 1025-bit DLIES key
PrivateKey: \
@@ -78,22 +78,22 @@ PublicKey: \
1a66ca1ba442b425
Test: KeyPairValidAndConsistent
Plaintext: 256F07E0D37D69BE542BD17FA98CE4CFC3DA849B
-Ciphertext: 003A09F5975D4C988D98A93D5D7FEAAA2CE40B80BA292DD43862CA1FBE9583EEF7673C716D76C6D482AB6C3DB3BBC880477D748753612FCE180B05940EB7AB342152BBCD630315BF1B73E7B37910B12432573E3D3234F313336B50BEE7FE471794A5D3B5E0D488238DF30CA89F9C3C08F23FAF2454D5EB9F6B37C084CBF33A01FB9AF4099BB0B52D59F48AB42BE91A6961889F44B919D40A63C584A57ABA701F22EFCCFC4801D76549
+Ciphertext: 01269CE30DE12430904CEC9D8B91A6D8860B4F8D37FCE7DBDCE8FA18AC521684F4C1CD5C38BF3B42C259033CD36A53F0376A0CDD801979CF1B76ADD72AFDD27830BD85B373C4D451B84926ABA34012EB98331F0B81CCF8E801ACCDEE88A35DF60EFADABA1F395250A15463203FDCCEDAB7DD6CD1271B38A5E0946F8D189B225E8A307D198AC5E4EB33BCF26A02C0C602AA14592AEA01452E4F8AE46E7A032BABD1BA8ACB0919F2EA18
Test: DecryptMatch
Plaintext: A992
-Ciphertext: 00F4C8DB5D823FCA7158BC68FABF699A4EB7C37443506DD25729F1AC2373B649A71F52F983D56D179CC384EFDEB4BD2C59F3A292627595797046B9DC0C19EEB99F37040654C4071426746E5B030D746D13377E1E54AEED7EFFD1A0919E10A19D844EFA6B5EEA7C03A60E4DA67851FD43E9ABDC3A5E00730AF95D9BE0BE90858E8CCCBB52F0AD9CCCAF8A7EEC45989906DE38C2A30C2244
+Ciphertext: 007822B0BDF45CC5B15102B5E21F7656C8896E98FAD6C2AF6CD55D0DB90B7A6B05E36D260C7A5C070526813290BCA722959B9B9BF00041B4B7F3E3EAFA9B5376A1E02944EDA55B99202601AE6D402D56617B56B28BAC1B405016053CDC78AB4D372B0D58E7380D50F1CD0E31B8CB77FD2F6BA3E7A436A5B35552B9974EA5AB30AC0C4989E34F5FD7D272417FF2094B97119BEB2C73C68B
Test: DecryptMatch
Plaintext: 1D20C118C894EFDC67DAC33E56179C5D262C83
-Ciphertext: 00FEBCCDA1E895A5724BE0656AD1A1103DA94BB162FB91C8E06FD915FE297087F21A76720E0465122A0DDAAD279BC3A8C935DCD38E993134855AA09152E249E8E618F876DCF8F4A04FBC4DF7727F3C0652A49678C2914C14A3857CB6AE2E7CC90D8C88F087AF5883F2F5BE93899DDFB1B34F26E18FBDD139448B3574C23A6C8ACB9AA05A24654C90AEF5CAC61056511AA3434BEA211287FE1C16E18EDA36F1290B6EB6AC83110320
+Ciphertext: 001587AFEC265C244875371B680521FF93F0B1196901A7D580785B62A257B1736C86D1D9E59A31E62F53B92B209B45A7952776C6AC839243B0BBF3A059E6CEE99B120BBD45922B4E813DDE0F5793A42B3AF2DDDAA357136A010519D884589A1F9912110020A8C16E9B91C753EB8842B3224FE9C9A22AE2B82251CFF7799E78885B0B67B27DAAC6A7B58013C31115C2B8C0C0176BC2A7B96A299CC75693B4F2138B2B4053CB5320D5
Test: DecryptMatch
Plaintext: 83BC82A4F7A4DFC96CD7798BAC52254CD6E9
-Ciphertext: 00F8CC6BEECFED226C9D4B17E8C6553B9EBB5E9C0FE4C3F22D13452A7D940D14EE6ACF03BD0D40ED903D9F8C5797C6527ADA2724E8382FD4370A6AEA99F5BAF5B8E79BEAEB810932D6CB43EAA331161DC1158BE8932B4AEC319CCAC0E2B9A45C8ABDB63FA39AE2451AD0698787B0D24DEC0176DBF889980D59F75667CBBC94BF45112381EC604AAB6FD8B2E10D8E7B52F5255E92C8C72F6CC9082CF05845DEAF61BE7683B2BD9E
+Ciphertext: 0085E83465997BFED9CAE63B04B0419578D0BD85B1A65285E5537F4367E5E7E11DD8762BD3335916A13B8CF9D5BC651E762458E9879363B06748BEA0CA86D32CBC4F1B0C0BF67E616B872A64F7356241CD052944F6594A570522EF2BCC53D90E3326D2ECFA036C46256D9B678C93BE5877749AF8FF8FEDB6E1E17B67C7B6C6098D0C71D5B2AB503AFD7739ABCC8DE67DAC056AFE99D8A107230BA88C282FB8FD46E9E9E2C6874A
Test: DecryptMatch
Plaintext: 157597899A950A32
-Ciphertext: 014A220971F4466883D79710E2501B168405327B6C506F276C9579814564191BDDDD4D2A2C1679C5B6BF7107D91B223C6E249A35CFCC51E8E659A5E03E7A724CF38A3AC688E593B6C2BA504FE1669863D4872DAA375D4034997EDB157CDFFF1CBE00048DC31190AF64C69A595204FE1E02B04A9BC3A120A506687AAB8515F2AC575644D8C5A0E2AF376AFBBE3171EC0E5A305B060EE2B410A183939F91
+Ciphertext: 013623199FFDD0D4689A4C50A9FEA3C2250D0C73F209F33BF3EF13E6035976D6F3EAFBA3D83A3862E4B6DFC7581EA43B62F49BC85392B7EAB854F92DA8DD5921A6A4C42777E89004EB7E6D479BD028F758171C324168DC0814369C6BCD8471D9620C4E9BED785A220EF9C0DCF1201311A16C51341E0551043C6EAB45E04A81C9280633F58621D8D3492864FFF6A39EDC48450ABFE0C7AABAEB9A86CFFD
Test: DecryptMatch
Plaintext: CDE651
-Ciphertext: 014A166AE9DC4F53FA3F7055CBB32FC93494B4EC2F759D31440FE4D3E1AC635B000BD59B2E0BB3F0E25EE9ED9CA73C46258DA658E5FE21AF4BBCE3B1D3467E051996E9FE9D3F8FCB90EDCEC94FBE50D09555A25848CABC4DF6D8DD6229B3E7FDFDEC9D3ADA91C1EA3A7AA8116FE1206ED79E88B29AD8B4E66EAA70C4C6CE4CD6CC70AB047BB4B56D1CE359A87385B634DC3088193FE34E2F
+Ciphertext: 0040308CCDAB105426597D84A64665200A93208713004DB38594C490F7B85F08ADB67BBE47B7FB7BBDA435A6B6A2CA0B4CBE0FDCBD4FF078FD052213CBCAA4580D1C7962A3505DAA9BEA2957718AB36D061E61B9DEB3D7DD726975C6E7FD79AADBF649F5ABE51AC384E967D3CDAFD9EAA18EEB69774961E439F54844FA22DA1B6892E86471DAE6F7E74CACC944123234826621C7634AE34E
Test: DecryptMatch
Comment: 1026-bit DLIES key
PrivateKey: \
@@ -124,22 +124,22 @@ PublicKey: \
99a9cb6a9bfe12
Test: KeyPairValidAndConsistent
Plaintext: DEC85711F12C0D1D6C26797E91B0F39B37
-Ciphertext: 01BC7BC5D42424E784FA284D410FF01D0EC9CDCD77F8B0A91E7F152AC9AC3C5D568EB8F0599DE80696066FB670244BEEB18004F44F1D0118E68C78F00170848AAFF9913D48ECF1E106157261B977EC32BBEADD126A0A37038FB31D015EF19DD07E9BE95BB1D1CE74DEABFE54BC62A2C87992B56D171DA05BFE54B4B8AD90E72E1DC00BFFF80A450A2D9451CCCF4D0166E6C52761537CD16BF607EAC1A01B5BAB3F8B5C148182
+Ciphertext: 0215D75DD99B8A59DEA3FBA9B0F8A621EFFBFD831E9543749B04B495147CE9B56D519EE71BDF56D86FD1D9C1AE8BC1D7F29DC469A05221E4A31C726971731CF627E63FAB269FC92DEDDFF3319819373F299D55F4CABE08DADF29A7C60E9B4E2806899371B93A853F828EC4312D94CFDADFDEF2037D9C1FCE21A3E451006AC542E1BC36D3C33AEAC0D1666C26AA886F4C118836EDCA7C5A428E407C4ACD62A885C03202230FA6
Test: DecryptMatch
Plaintext: 0E665CD2CF75C2E6E24908448F29E9A198EF
-Ciphertext: 00CB10FD33765783930AFAFB2E17C2AC4EF41046110AAF9457DAABB40608CDBA0FE2DCE702458A5EBB07DB9214A0FD4B8AF4D33B9F168E72B15122391FD7CB692C5E16F739DD2EE117C2566E7174C518636D4F5862819C7CCA198D5B8F868D6AC6B585D2286B39C451200EB60D2702446E89BD4BDD604276A3DC7880E1BB19AF80DC87AD60B740E0FBCCEDF9C4E9F8DDA34E410BFE3B1C899761FBA58105B502391EBAA04CDBC3
+Ciphertext: 00A4583FF3A9451C6F8970E53D95EC74F41F709F5156B4FC9C698B1E43C7B5F3230D5417AED2C7447455009CE8381A30BE400EC15BBB1D7BCB9461E593D416421157541479FE1DCEAAE635728C68C58D260337A25D0CF9FA291D84E9E1DF4FF96822CA1F05CDD247AD14E5AFB231A0AF0F2E79FB9A0528CA2FE9431724C0AC9F0A2ABCED9A20EC1203DE2A835D90EA5FB1447EC722456B6F4C75D0645CEC5BECCE35B79FF3071A
Test: DecryptMatch
Plaintext: BE2A
-Ciphertext: 01C3ADB28D5D4379E110403B1ACF19BFD7D1333384DFEC460E927492B07DA4919655B2998F299311986CBF6DA718AEA0C744E9E9874018E9FA6EF2C6AE7770A77B176A0EFBD78E2377F9FE88B724ECD25457B002E06A02EDEB979517C19956B84C1F1EC67671860A0D099DE49E19A55C4BFE55753F2B9CDAD31672ED9885C6F818092619813A06106EDB7B83948851C39324E097D78C92
+Ciphertext: 02823CB4ABD598FC5D36300306460886BBECFAE6F56E02708A96EFB27EF7E3D8F08442FC819EAB1DC35CC70A074984A149F209EB285C6064DDDBC7781CEF7358F384D592BFC75D346A6D97D8524CB35060A35E3B3145199F4968677FA22BB468DBFF63E3E366D778B3042D5858699D9FE5D6F53D0CB084E107111B572AE9B933B94FF37F2681DC50CDED2714668375DA90787CF0144F1B
Test: DecryptMatch
Plaintext: 20D57B7E074BFFF8F54AF3E69C9B632253B3B5C0
-Ciphertext: 00F9D85E8842DB01AE315667AD71423B90392535465C6D1B799CCBB096F4D52DA26E2FA9CBE9530BF3AF6A82D072091F96EC5723D90D3B47BD4DB007D2760578FDAEF5B934D43BF8142D93CF591AF88E6B7FBFA3F39D172DFA9EFF0D7B1BC013524736B54C556D8420DA9452FF86E5AD86EFEC6CE5C369188E75CBFE13C199E6E4DCCB28CDD4CC7609092B71F2D0A1A1D1E9FFDE012D0E4BCA3FD76DC35FCD9C0F9F7C7F82C901F864
+Ciphertext: 00D18C24BF39CD527455737B4B214BADDE99B070181C1E4729CC7B6EAC82298417FFAE7BDA1F41A7D74D6969BF9CAF3A7F9EC9397DB75F5E53D0282F793D601A28E8B3CA8730CD9D7A0ABA338E2DB3EB5314321EEBA2F16C8072DA6AD9A887AA5AED0EC5EF3DC7E5726626511F8F23B0BA4D83BA358DF0951B07399C7515349E3DE2938D2AA53AB11A4D1C07213E091CD3FB6453AF7DFB6799D45DA44B060F7BF5ACA5A25B3892BBB6
Test: DecryptMatch
Plaintext: CC47935F7976
-Ciphertext: 017052871BC92384D3E20355AE3E9B5401556F15B137BBD610E2921A9CD027FAE6638EA9C984FC731DB2DC2C734ED0B8F3D2807ED537E5B2D42515A07C148283FF19AF9AFAB09A39A728569433470CD8FE2776776FD1ED4B6997F64FD351EE910C713E7CE0BC1227AB91818B8AD5478A3B821A24C0620B2DF8320C6E6A0A8C1AAD5DEE862371F33F5BBDF7CCCAC35922B7FF2FF994B2B0E6B585C8
+Ciphertext: 02366250DE032B147BCEABCB576ED39F4993251D25010FAEEB41BDDA4301B890063247EEDC041539488E70B977091BF581033EE6EF75C224C8046EE3E7D2330383A30BA07FF33D10F07FF6E1EE20FA4D112CAB1BF457B50DC301DE5C6DBFACE227903379A41DC4D92517A547968D3F147D6435C3DF6A3D0D13635360716CBAC322EBD295593865C3A117050059FBEC83D112C5C3727377EBA7778A
Test: DecryptMatch
Plaintext: 3A370FAFD82869FEC40117
-Ciphertext: 00C6042BD38A961F0B1721D6C8B27A5619EDDF3FE56D76C96BDF0030EF5B5878C4FD7D81291CEA3BD01B20B9A89EC5925B0B5FF34B9ACB375B93B2B0E41CB975821DD6A0E322ADE2EEB1EA0086004574E8945FA81DAB8C1FA9FF8A98AB00724693BFB70C9B0496E1AD94B8630FC7FB75F4221099F8F16E4A4D784A49DEE1E4C3093F594AC1C1B85794D5F4549A1C7C3466AC34449658D23906E05F8A9321C0BF
+Ciphertext: 026AE53843D3EFE36D8E52D9FD55DC6F0A0F51584BF81529914DAB6E380A6C9716828A7254307440B6A0CD16BF0D9D713939AE7F6C4D82D5AA70F33C9531E4071B9CB415C7622A23DBF4C81820BE04272874549F081B57D40B27BC1879BF134A2CF5D15203D326F9F97BCAC8606082A50A755CAE6FE2B72060EB1E0B72EF5AFAE8A823B3F0F91877C931CA64A06F3888DD4E2C823B3FCF529407255BE2AAD36A
Test: DecryptMatch
Comment: 1027-bit DLIES key
PrivateKey: \
@@ -170,22 +170,22 @@ PublicKey: \
4c279bec5282bc1b
Test: KeyPairValidAndConsistent
Plaintext: D391B4F3B53EB9B035C3AB1E3C6E
-Ciphertext: 009DF4A6FE0418BCEB691D6AE0739F64020950099D05D65CF294DC3AC2178F9B6129BD7DD66F54AA2957C06A331D86940C5970AB87B1ABB627FBDE1647A8E65DE8C21EB3DF6578CCDCBBD67483B85C0A5339D7DD2BDCEF02776D3B54C14B757595918EE0197CACAFE665792C5DE5FFF74EB6015DA0F173B0472021F27A82D2F81910B8FDDB42ACFF2C1CC5EBDD2AF654F62E9904C9AE8073DD798B288BED25133262F8
+Ciphertext: 05D90F9892F6DD3DC3654130CAA312D2287D9E57607C301BE58607BB19FC78D67F2082C907FACA819A0D946AD16B46FE1E7264BE7D25D4EAB4F80D136E89EE7BC53B65CC1692581E3ABFA3C15482A6FEEB607AD1765897E67BCEDAED0E03FDE18E05330A99BEBB8710C77E7735CBB747EB507FE1EC04F239E964B509A4FEE8463478E28BF5338AE016DED9FE6B2DDBD3FDE467C45F0FA619E039FEF085D2F1544EA3CD
Test: DecryptMatch
Plaintext: 28
-Ciphertext: 03F3C0EF85EF3C9B513DB86A2C4E4FF8B938EE4CC0CDD85D53005442865E8F9207B7ED2151D58C81DA0007AFAFBFFC7225674D320AB5E9ADBD614BA0FB01329365D457F438CE92C5A88E0B9F421E1C3849FCBE927F4FC55372BFA93E8D6F65519FBD2DEC311B824C574C8EA735DDBACCB9F0E3B748B87585E124BF9184379A2F3CA5543255AC210D286BD14ECAA23D0B75C2D99C4B2A
+Ciphertext: 066BBCB2D9E474A2C6CD514663BDA7AECA1F79136A00C1F9BDBAEDE344872093E67102307C96BF824999D86543121CC3D99B5CC4B511153A42E8A1569D063C27788E105858AF8EEB0766FAD9E0EDEFAEFFC733BE6824644CEE03AEE5FF15860CB3CBF4A46F95988D5E010FB844F944628043C830E575964EC36E2C38326C771085D796F2C22C0969E58665626415463A3CA1F56C357B
Test: DecryptMatch
Plaintext: D2C349F40A24230689EA15736C3AEFB1588A
-Ciphertext: 02D0722B13E77CA1CC2C0CEBDAD70851311EBBED1A885E8B714936E4F549DB95F23035A121E73705573FD6DE22C5D1B5D96DE8EAEC16C9BE78A708C9508C3AA055B08AF3E525B6F06E1D67F29D31707557C27192A03F468ADF0233330166970B9EEF3B2C5CF300E7E79DB9E813521F0DBC96D962FC9EEDBD7731F4A7DCE899EAEE90F9919D9F6E6FED233CB5BA2D665CE0E24DFE28348E4A73E4D14B489BA4567B0819E4C6CB70
+Ciphertext: 019A66A4ADFED556BBD1E58728A3B7A3631458DCF677BB155DA989827C2240A586783D8C5DB98E266C39FCDF6FB016BBB25D53A6B30F3BC9D1109CB908B54F1932335F3DFC2C80847D94D13C5933953EA1D212107AB42189536171069621403681CAAB2A13EEAEC847193FA6A0234FA8F107E2C1747425584EBB4F4D702E29A3A09580E25B34413208009F9643327A636DF622B7F0267D3169A64646F301C584F64066801383ED
Test: DecryptMatch
Plaintext: 85D75863811C6F574222B577
-Ciphertext: 0230D0C0F0CE47C4E8D2111F840A66C740443F4594047A25E82065CD86623B0CFC8E71F01630253554A643E1AE07FEBD5DAE19CA1E45465286A1DB896F1C98534D3D256BEC6916A9F6F1ED5EE1B929FE21B55C88F81F2CD28E73D80D8869B899C99F60908D23DF6260D75F856E9B1EE53BEDEC945FB470C3C43EE110F824A98E814EF8659DC8F0882D2AB57E92E60CBEF8E54AA8BBC13B264E8C3C2FB60E98D625
+Ciphertext: 02C6FFDB38965F3061C736E633B497192862677CB247A37C5FA1FEB4F2C021EA94C65AD9506C73C2E98ADF0F340DAFAD2BF6F6CC906C93655594D093D4B0F6867755013C25ED0AD75DC9A04DD0666E6340BDD6C1E748479F3D64129F76B5BAB37D26319287EC9D65CE9E2243D4CCC7BCEA4065623C4D388A7BD779941EE541DD29E070F7356ED1A1ADAE947D79F8421FA717F933F08CBB8B699B551F1EFF75B8F5
Test: DecryptMatch
Plaintext: DD07A91D32C26D3258AA4ABBD82E81
-Ciphertext: 060EF37DBFF1955CFA3C136DA59472C172AB3EB3B6AA8B8FC5267A9D879F2F855598A3275E61CB0B5D7C54C8972C8706085E184695B06676637CBB13AD625B79F6D26BA13BE596DA66424FD0F60EC8601012DEEA7A7F388481C86A9A52A56744F039DD7D29375BC516461E3EF0546CE47211FABE34BBF91786C255BC0A1D00D9E8D240A9192B069B66488823FD6B9B3873E3480715B2F76C6555B6FD8D35E156E1CECCF0
+Ciphertext: 05669E0777B003CC2EBE9BF3981160806A8B416A2DEAB4058497C5AF6A5C8F8D1ADF1225CC6FF7D292320E9C98CEDA144862FB4E32EE11AD9CC76A5C85FAE56A2567E6C9D168586F288CF4D525C94FF9F0ED6C3DBD08787768B90F8CD776520EFB920E61FB0E4463BE8D5AAE2683D31F392229A9554E0977BF25BCBBAAC7BB4FCCB009630D0203451A7A2AF847BA60AA0CE8C4D656DBED02353B92025925E1A0A6DF490F
Test: DecryptMatch
Plaintext: 0AA6B9FB846D1230F521F2624127
-Ciphertext: 00FD76D3514533D676B642E6A3CAE080B778B21C6225A4684364E37B332D787E697947E4B27328F4137421F1E8273BABA5D50F94E8C7483A02FFF4F30B6A6BC968D31DE4D1B2AB284BC1C4786AEDD74E576FBF1743D15DAE74E18A8D6E85585662C4BB20AF423E25A273AD21B14FF40DD82F0136AE6297E2606BB433233E4A2065C2A8EFA48C7368DF584CD04D525AEEFE0C8E46A6F4FEE5A52E70A401A4804F381E7E
+Ciphertext: 01A9D56F1547728782D4F80BB0EBC8890BAEFE994900F41D56094F4734ABA2BB371060B2A69C6B7BC8944358519D141FC277E1195B3A78F7068731C3AF3C604A062A0D551397CD804168B7F400F786BC5CC3F912457AEAD56873AEF1A2378F34E953E240C20FFD7DDA229D4C020BDC68684A53C0AB3ACF9B44581353C60CE9854E3451645A604BB7AB3EB44088A07F59CE0FEB6454CC5A83BE5E939B317D4D8537CAFA
Test: DecryptMatch
Comment: 1028-bit DLIES key
PrivateKey: \
@@ -216,22 +216,22 @@ PublicKey: \
ac97e8618cb09d46
Test: KeyPairValidAndConsistent
Plaintext:
-Ciphertext: 01FC156706A1F5934350E48128F4516EF1593FFAF57B2957AA535D1EFD54EF87DDD802BA607D5435DB396F4B7158824167115494717F4F37794552874A61EB227AA10792F4556E6EF45389AE04E790B0FBE28ECB7912FBF3AD45AD9107CB364C0CC94971D4EEA2A903BA7FB0125B29605D808266284B48CDB02710A09587E9B0676CFEDC515F8BF2F07386B90E2AE3ACED873EC202
+Ciphertext: 0194C64DEB9CB401573730A29359456F4E9528347ED80F24E5AEC4441E896E38047EF95AAD9AD7A25AED6CC89FD95CAAEF27F3C814C26FE43F6D65288D87E372A204D1A66C3BCF0346CE89E9D2D7646E90BACB9A85022ACFEF8903C72A663BAED9A346E1A6B2B2FCF70E239EE70A34385F8C76CDD121F6B190085BAB3300E6B811906CE38AC740FE88A3DF8DCA1C6DF73A03236D51
Test: DecryptMatch
Plaintext: 9498EB7300
-Ciphertext: 02689B3C5C8CFF190B43BC1B8ADBFC21C88DC9699B92C360B963B85C2DEAEDD5E775C550059D9217F1470B5C7989B8BDE64866F7DD9AC7BAABD7F7BA1642330B2B77058AD977A8C9DF62FCA67980E751088DF571335F53B5CA7FA2774049AC186B2034C086A1E377A246FAA1327B2A773CEDE9FFF5947C92CDB2B0CD3FF5A9681216AA47132A89C14AA89D5C2BBC308479E3957D14B11549208C
+Ciphertext: 0A38C373F6A96D87528D2D55F6391A9E801252A65F622F36A130ABD140E1858024E31F247C3BC8C07D9500CBE7A8A3D6C0670AF0FA14D020DC54B201E657C233F8031DF990AE801077D4D3AD9B861F4C32D36FFB9E8BD5E2651169BC4560CC7FD02159929AA50882F8B4C8508BB98F6BE8A6A7C0E21A2A81AF781447ABEC85C170F3F6256C3B6C5E2D3A01BB5EA8B502D37561C06F1DA536BD59
Test: DecryptMatch
Plaintext: F07FFAC9794BD8D528F750D50C05
-Ciphertext: 08BF2DC74E3231531D786B1294B93EEC793FC9D0BDFFD5DE3F6287FD761767A12394F1F812C2FA3EE8C686F25B47FF1D30E90A7A2C18B7979467EBCF4813AAD654B7615641A9D0903B98641D8D2CF77D1A581FA8D5CC3DB554C573B6F6D3C1108CA2B2B6146A224A657C617AC324286BB8CE51F3E952C89F7D25DFB51255D87FF37A2B707CD29F876E203E867B47A5492E3477F77FC46FF91505E997EC39D3B5E1B119
+Ciphertext: 03DAF7F6C2BEBF8D0B380EB71BD8BEE9D649AD7647DF6DE4CBCE00D0363E31F11E0DC0331409863E3C069EE3F975E7F623B55D7F4690C7419C5AD97EB52BBC0212D3FF0A83A031591A31481116B2CD232A9C86A20EA40BD13A53BB73E644A6C7DC1E6C767756E7235538E9D5B155B3173416E99F121E96E02034C6DB9129489A050740F603DEFF96EF1D99E7EB4A32083D0D946670B1AEF30E1E38D3F076D6BCB57255
Test: DecryptMatch
Plaintext: 85916A46E0965C69C4773C7DF9AF
-Ciphertext: 016AEA68DA2DE0890C71D773541458A2959DE031818B91AB7210B3F5AD9C5F1402265D5D5A612D2630F0A777D46BB08DA0518E8244C483BAEEBD70A07A2994DAEEB35C64EECFB1C0A4FAF10C52848E96A18314403801ED3D62ABA1A257B0B0308DF89E684D2EE69771F833F5A99D7BE239D2567A2C7D57C357FD9959B498F1F8332695CD280442B6003E0AC7E7E2398AAFA32CCA46EAB7E324D4FEBB7615E9F0DDC057
+Ciphertext: 053D29F0878C68FF55FFC8E6E0E03044AE23B79588034F0236A49A5B6D00EFE8C564D2D29ACB61FE49C0E984EFC3A48A96EAF22AF3032D8D0FD3B3BB16A0157C161F2B3D3DF802FDD6B61899212F44493383DDDEA8B2463BACD0C5E1F4F9E4063DE5E52032E7DA8B79E04C5F03144CD710ADA74506CEC2D448BEA0F2B59AB63FCC443BBE920748E122DDD6123BDDAE484DBD02088817D999FDF80D5ED4B308AF4C2DCC
Test: DecryptMatch
Plaintext: EB632C72F563174E680961BCF26EC7
-Ciphertext: 062FA7160644C706869BB9D9903461785F603ED12D15BCF2C2F7C136B7ED0E1E83287D94AD2CDAE2FB62A3D206D043D2C7B58923131B0AFF8D75ADBB136AED4F77687432563258D1E77822C9B891E4FDC7FBFA06CCF790F70DB4B45F5A7123147EDC9A89802F2197021C297235A468B4976641F912C848C1368E84C349B40B5AB53DC448B255F481C79EC5C1131780D7E304C104696034F27CAB431FC4D0F07AE55A90A3
+Ciphertext: 0BBE666C02191F668A2DB000646A14385A8E9199BD887913BA587DA4C683535801853186673AD7C43EFA5B65902559BA5345EFA111E0514D461C1B1EFFAE58708EE6C17F1758EBED31F0B3206B0EC1B4BEB2EF911C589E25CDC3B0020C47119B5F33EA2FB7C332CA6B1FDA2F350A4CB0D6844637F2CCA71EFB036C7400957AE093B21BE90E30A8672847C9BA5266EBBF9D62341F67A4D09FFA196A817DD2F5EE1A9654EC
Test: DecryptMatch
Plaintext: 42B5D2DB89374231
-Ciphertext: 01E541C38AB600B6957B0814094AAEA35C67821CEB793079D0B9AB2070CD6BE42F6F367B93689E5F34789BCF36674B0F7651763117A013B720364FB23D953E8FF0139244A6D517D96DEE49627253B22E46F5CBF8DF049AAD7B91D9F8E390FBEE4D18CEEAC73A733ECAE2333002E64D923671953C21618FD65225329C79A45A82A7F574FC61C8DB8804E52D9E8A62FA3FC85B03D4633BE06FCC9FE7499C
+Ciphertext: 0085B6894D887B59393F9D7365411DF239BE1104FD86CC63A52C990A84FC4660FF9B60CF0641E44A8224C169A9FD1B35EAF78008E34F14B5311CB5D725096D9DE92F35BE6E71E3AC3E3B3D68BDD5351A5AF93F0B3BCDB00B9B126D8DA07E5F42107181F9580CCD0D6F086C94177FD48ECFAE3FCF2F26D64940D749E8A964275290A247AF700210500517BEB2175326F4CD3016AB175B352F9BD3289079
Test: DecryptMatch
Comment: 1029-bit DLIES key
PrivateKey: \
@@ -262,22 +262,22 @@ PublicKey: \
c2840cb2e61086d7
Test: KeyPairValidAndConsistent
Plaintext: 03C57B87
-Ciphertext: 038CF765B1681FCDF074FC73B16F91715D4A6BAD3F17CAA08DDFF50D9D6FBE973E39CF7011EA1E503A102242AEC852BEDED46B554ADC7A6C42A89E4E06ED2D753C5523FCB77E6B0916BB62B41D65033DEE13C83950D95BEB2A7B88AF5AB606DCC7165B13F48AF8A101C9D473A1439F72BBE5FBCA2E57E83E1E8C03883115F78615CF5294ECBEE8EE9449DCE53E074F9C7430D7179D5C994AFC
+Ciphertext: 1440C6776914314A1DA161EAA41D52B283E2C0B487C801CEC33DCDB639F579F69D12FD029C994A311913EB6869C7A5659EE8BD9F5D7225BBB2EB77CF6F3D24A5E9866BD2CC50E593EC5CEBA4A96C59FE8B98B5EE2121E5892F2436F98B5C4E4A12077A1A64F1FCEB783D05453A657BB91909637063813CC00754402DE24F4AD6C0D9D4C15B7F4E485AF3538D391CF5993A59F6D1FE6C76E2A7
Test: DecryptMatch
Plaintext: C5598C0FE0D90B10E7125079E2EDA32E531C2EBF
-Ciphertext: 02E4C5534EB0B26B1E169DBCB63D181BAA1823CC7DE11BADC37C96FC8E126645FE63BF2282CB6DEA6D418710B0571A3D66C7856E18BABCAC831DDBAD62B60946573422C42CBBE8E22B7D9560921D1C7786FB37D7F2E80E460C76905E997BAB7069C5A5ED9C900B890334517A0791D5D692D6192FE2C3CBDA387A0C3F9416A98AD475409C86F7412448D8167F753C40F63A86530F303ED5B6C76CA2ED1CC03F5B473BA8A3BA19ED2127
+Ciphertext: 129FC863B70BB82C1C59EE2DA37FF3909F1DAB4B55D9727EE0CA3311BE5797F93446ACA0409CBFA848A90756D2598B6ECA56F6341C6E9F716A62380CB5D47400CF392A5441DA5AD2C1D066F894942837EA7B6237D7BE2E94FFE0A106148C2B7B9AF624242A945BF3B217D89FDBB070FA5940C1C899AD83AF1F865DEADFF0F4E48A7E00BF7AC5625F6E32F8B01394AE90284AFA061AF6DD61ECA1B8FA77CBC172573A9938332D7AEE41
Test: DecryptMatch
Plaintext:
-Ciphertext: 060A6DFB5D9DEB53EEAAAA6365A23C9F1AEC8D7B4E8CB4C6416CC12E779594536D68A8D9D6A305222D27FA9E362F9240F350B7E670B1CD59344664396D28001C59CCF6547E05ABBF69A033178B70C91E4AA309C7699F3CE7AAB2D8F2337983C9AC34C5148E4EAD93048F91A28C06AB7629104A33FDD3BF76D772AA709D327F26127E8A14B9D96209D57DA63CC42AF9A40186EE3AFE
+Ciphertext: 068117F2BCF29C72CDA3F4560A2165B7DB7C29314EFEC8D110425D5AA02F35C0F9A2304A0554C097944EF3A615BD70F5461E6549C319AC1207B100FEF022410C46284CEA9CA103685A18EC944DEA0BAE8E06D2489A3E2D1D9B255F192677664CA6FF44130C28CDE1FD437E85396503DFF305BA2D64E8BF9C75B00CA1595A1AED2C60865C0DF03F408EF95517E70552B2D5A8C190DC
Test: DecryptMatch
Plaintext: 8DDB5FC737283E5B
-Ciphertext: 118C7186F58E8121C2DFF8859E9BA8C23F971460CFC77106C49EA94F3CB89CD628A21F46B93E3D58F0748FA4A89FD16FC1F4E2295E02D38FA7897AE3FF8E1C67B53658484CC4E55B71874A3FDD02D86CE2ED30905066BD31A45FE2334D6AF297738948522C7AA39D48AF0C115987848D699014EE27358ED77A0DB6E6484A9EB9C7C1004C205AEA51EFC5DB2EDD7CE6DF0A5BB29F53EF4018344A4F4C67
+Ciphertext: 0B3E0CE51E1D3AE240EB34787DB5D49D6786B3BCC29C37EF8B9155F342C4D226CE1D07F7BAE09DFF7E8CD89915E1312F43540A26F03D918BF56B07E6D07A96870362643092F24FBCC6A2DE62F637B5F5F807E430DAF9B7AFE1890143591BBA035538FB419BE4CBADFCED5EB8BE2471B39CFCFBB2BA854C9E0F52E67524ECB80F9FBB3173D2A18C9F4C43F4E20866428A9256AB8AD199BA0BAD55A18896
Test: DecryptMatch
Plaintext:
-Ciphertext: 12B34709E3E2B4FAF76599CA3CCA54CD8A72F8765F3644CB68ECB5732F22074C841AAEBC6A089D5A2DD8A9EAF76562822BA9EC069EBAF2FCBEF904B48EAF6B0677CC5FB901AE7A93306066C1930B82E5673EA0717DF36BA1F4CC5DD4358740702994717BF03E9B9CF97C37D68F181054B1D13D6511C2C95237C1F53917C1755BCB29A3EB94C80E2703047B9B6B191F8145D1D7B6B3
+Ciphertext: 197D4DC43B0716191F926DC806A1B707ABD6684735144AFE07E0EAEEDD9BB3C89B9D0076859DACE6FFF9E2685592ECB010909910DCA50D2FB1B15EB9B9CFF4F71250D807EDDC2EFB2033BDFD93FD10E117683E3E4E8A5D3308572D4852954BD51251279A79092E3DCB95F1FCEC8310931933F47998DDB61438478CD80864F08D3370C863BE6E7E1CD22E38BC512D9A160478814057
Test: DecryptMatch
Plaintext: 53AC983CEE599A17261C53
-Ciphertext: 195200BDBCCD0D983761B7B00E0117D8E7CB3696889B76DB503B729BB2A10E603B6ED2B368E133DC6788A89E9B3E7648D1C59759E52BA27B69EA7037C2ADAAF9B7FBB3A45C9BF890AD7DB9FB3640DE53D7CE90A29DA5741234B1AF1500D003A6F1E9526F6326CE332E5DF9DA77671FB97C7D8E5CAB2C831119BCD043C31BF706579DEF338B803BC8BEA0873E6FA35498B6ADA36F4DD31286F563FCF897936C3A
+Ciphertext: 0E31EAACA9E8A86ACEFD1CB817869F48EAB342EAD0DAFE17B848CA9CB72B92567987B929F655B8D601EB1384BE380C8E4BA8B4E274F724F02FC5C00479C308813A3963E2D8AC88ACE92AEB00AB024A4EC5560857310E03009752B86793B356DA344B4AEF01F3ACCD9CBFBE399D0016260C006FCA5443359EA1E012D43921B8D2B8CFD31B94972ECE9C0031420238C76514635E9B40F17D9AF25A1009DB75E4C0
Test: DecryptMatch
Comment: 1030-bit DLIES key
PrivateKey: \
@@ -308,22 +308,22 @@ PublicKey: \
9305bc0386b16619
Test: KeyPairValidAndConsistent
Plaintext: 4424
-Ciphertext: 070DB525AA24778DEF63617D14830AC886D01379B87B216BCD48ED9AB16D921FFB73CC88BCFCFD248339B78ED4F18BD356B259A5FDEC31028C42FD87255644B5FE069C6825B9E114778C7F8EC38312DBBC0B5FC9B1D73ACFD8C0A093DD4880C6115FBEC6BE66A5A2B5D7F0034D537B99F1C439F74EA1A7F51F21EB1BB89E87C5CCDAAE06D043F5D99147A534ED3338FEF265395C8CFC94
+Ciphertext: 0C570D0317363DB43DEB295D49A3BC937116F2ECAC9226415952CE634679272B7041A4B806164F12E87A0050AC2D60D393F845965CB3A56FF0CF28D31CFA0285015452C59949E3D96C5C6D1DBE38F6EE98E2C93357E6C036053DF920C7CA5E2EA1617AE44434A347FCE426C55295172ADDE9CAC3AEF2C6D6AB2C8F0FAB1B146FF1A10D5EC2191C99D6418519443EEE2A198BFD159BCC63
Test: DecryptMatch
Plaintext: 5092C5D9FA398EE31AE27C97
-Ciphertext: 09B9D772F2CEC66C86D50BF85FD96DA9861D3D44EFAC6A46C79FEC0137D7559D5CFFBBC6EABBABCFBAD196DCD99621FB3309F01454A6222977A41589450CC03385CFBA7CF89273EC321BF47BD55E5C3A49125E5AB4FFD2C0B2369EE0E2C33D55F839093C795F0D0BFBEC429C42839ACED5B8363D458EDB4C47132E09C58AD7791F4885637D182CC4DE999AE299386A771A5D22E41D473241A5D448445684968E30
+Ciphertext: 196476CA0E6622569F233780EE0C449C2CAAD3819B348D01B4DE5425EBCDEAEA739C6D9CCACE4DDF06520E83C94D237AFD46A4EFED635112CC78534E2FA6046ED6C06806EA8F4B9F3FC3F87DC55F63B9E14F9ABD82E9CC80A298DB281C9F690391F5B064880CF35C5A0BC7537DE9F65DEB2467FAB5CE8F41529A5B06BFA6B587ED661849BC7388277AE7F7E5EFA3F2526E503ECB106B718275BF32C4F83278CA30
Test: DecryptMatch
Plaintext: 89BB350DC43CB3
-Ciphertext: 234D2617D8CD9C20307A6F52323EB1B99E16190798A3E5726B06C212EA0DF869AF8F3008DF1DF797E4E0C7960F02D1FC2C480BE374F3E21EB686ED7D4C046C3819883A0A5F4F922A15FFC94B33E7D567E08A71B2BC24620F5D1CD992B42FC0DE5BC2978ACFB4BFFED14740F599474343213ED17515940E87F9EB4FBEA7653CE9DD0E212F937865B1193959B2F322EC976040E35D21FE0CC9510B1762
+Ciphertext: 13844D63B45821E8704A9C1F6E9166B5EB7FD98DE5369E5DBB9DECE506EE467294282B5B174EF2F81B6766A3616AC5A974F06D9C47163C69668F4C1C78F8A6716A4EC28A6AE25F615A838B9C747EE857AA2AC92DEDC575AC568A78E8A86EF78D55EDB88707F7B6D558E8A760095BE8BCD066FC57396E67C9D8654245676DAE9FC4BC9D578496CA450B35E179410A5DB443C2026FFF0E5F7E54821E39
Test: DecryptMatch
Plaintext:
-Ciphertext: 10BEA38BAD87CD1F01EF3BA46EAF2684C57DCB5E247826898CDCA2D4369A268E8F91E43383C612E811E56FC5214E214158BFD894E0D4AA12CB0F5C086554DB55270820373BF362552658A0811EE654251FC76597A97E5DB54DBE6167E79868A80976500C2063F1F0F176EB47A36D7BECCC5D6CAC0541FC72F49C5BBEAFFB486B38FCDED50CF2EFAED5568C803698CB9045F4F7B134
+Ciphertext: 040E084ED4A1C135C8867BAFF219A0092855E1E9FC96F38277E16B96986FDEABDC22F3B02CC53B655369DDE3356EA6FE49B77C8EAA49815CD5B1DFDC6E7D0AF6AA985483345BBA8A251F1EC7658DF708C8EED8AB6B953393C03BA2EEDB8B6391D921C9EAD2AA61DBE724B15C9C664EC4EFF83A535E46BF768FD519B043DBF46A36FA03921224281A826F6F43DEA6DF38749D600317
Test: DecryptMatch
Plaintext: BB296D4FF04AE0171F1F24AE
-Ciphertext: 1CFAEFD16941C74A44C3CB526AD5729E6BEA42B29F39914EA348ED74749BA07AFFFA29C37716CCC22B9092D73AE6313545BCC0E2383C5B8CA9CF6E3D86FE8E12CE802CE76DCC9BEBFF6BC2FEC8EEADB0A9B356BFC54ACE5756201CD670590FFC895C29EDFE736180F6D5385423325BDBAF90C3A0FDC727D29C113CC15FB0B4B33503FBE35911F1565F8A1F57BCB27CC7A8E565C4456E0FC060F9D268CC83C21B42
+Ciphertext: 0AA9A85958D9F1BB06E3DB48DACC842534915A7E42715057BD33523EE756F62AD973E37128BB8031358A1DC583F40598B74F079AD667C037D4BE89938233BFE1C167EFE764724F97F2EA42479FB455B1166AAB26A43440867ACE77472CCB13643D5BC9532F68C5368825BF225DF49E2D3BD023447A795AFFE927A796C70E5D6359537A9CE2B4B9323D7FE208540CC32447940ACD91F4718FC7A7CAD45A524B6DA6
Test: DecryptMatch
Plaintext: 87A2C6B33856C6A096EE
-Ciphertext: 0039004C120A98C0B1D374CCD8DBA69B1D208986766A38152F87228CDCC48D2379E109EDB4BCC0ACFA5867F4531F7A7455849A4B0CB022B35AAED3D85DA41680CE9535FED8E73468DC29A193EF885611B2F3FFF92B610A86D351D6D46F1FAC6E793630DF15834E62555B568F3BDC583DC170D58F6BE575DB0143381FEA11EB3801D6FD57E045BA6ABA8AE4CD866D5F353FF579B79DB7053345FD0BBF4C67B7
+Ciphertext: 12D17080AD0E7FD426E02B6A90736AB4B566F31E937B2D3E642D663D6ABFEB903FC9C4763AE492191E0C15B264CEF321DC8747C590F751A9BA2825D9250F72BA85EEB45B1F1D7B2BA972455DCE7DAE6CBD7B5BFBFB88FCEF52910F9B28D3DCD6BB5D479BBFC73896C3D1C44AB387989DE4D77855F6B8C7A8C12969D51DC6B10BA15C2B19E91A55BD5542853EC6F8F13260E8774C706958B1C9866114FADA1D
Test: DecryptMatch
Comment: 1031-bit DLIES key
PrivateKey: \
@@ -354,22 +354,22 @@ PublicKey: \
879f3caae11d6e00
Test: KeyPairValidAndConsistent
Plaintext: 1FBE21CDBCEBA28625584CB1EA0D9627A919A6CA
-Ciphertext: 0E5FB5018E8936767C7F048DDC6C721FCDF7C4CDB8256D662D22DB3DD1ED7925BCBE42A1C4FD290E3824D3280078B21C048A2539323B6AF1E71207BBEEED71C3BB0AEBABC11F9F87A3AB9751016DBEDECB6893AF2CF2DCBBD35236C2501FE8866599555C7562925A526F7114367E1C1743A27C124EBA29B9165B23977EA57862FFD7F0C94A39F6B99FD053B3FA66F5D6BAE9BDD19B04B20BA8D29C1AA43BD742579E96032F56385F52
+Ciphertext: 2CFC251CB2A397880EFD0077D9CEF817A6D69EB6278CD82998C5988DD18D6ED15FC8CAFD1611DE58BB46BA8A87013C7BBD4A8DCFC454F13DB282BBBD4E1594E6AF17AB6219E91D7354EB88515007B58BF0D8FF4BD4C387FF6E02BF81455803E6A936F25245863F1580F00ADFA4BDE052BEC72739B88042CF99480AB6F4489F9C8B9319828A000FDDC4D1A6E49868E3B39DBF7DCDADD9B882B755E330C762FCC023EBBCBD0330D28DB6
Test: DecryptMatch
Plaintext: DCF33FA5BEDFDD93DA
-Ciphertext: 1EFDF07E1CCE18780F57136E29993042BBF6270417138214344E543E9277F4687E699A374F8F0DD90117F46027CF64E360A371992F40BA420E9A6772C64FB584287E524DDD3FFFA37B692D45F98E647F57463B185428A4CE7136764980FB76A7EACCB25932FC19F1CCC01882F3F4A41B890588BF890AF18047EB82982699C0B4EE3BF62B8BECF2B33EA76B1A43B860E3D1061851AADF2BD3EE43085E4CE7
+Ciphertext: 14BA927F10262B134AC43F6787EAEC3546C17EFE3F6D54AD2A245A0EE732B749B7312521372F21716E1DE29AF8FB329C25ADEDE2DADE3A455235DAC6C1F347C2A052893DBA6511C3760384935D68C7808D23CB194E6A19F579782B22C3D8880736BECE89FD75E7E69022E9B2500E5A044105B832C9BFC5F18A807889B401E61A9888276B31FD299D604AEA85091578D41E5B36D66C4510F4B147C5E59615
Test: DecryptMatch
Plaintext: 217B0E
-Ciphertext: 478978D6F8D5A8FFF786B580F6AC1556CEF1ACED7EC943D02A57A10B9F1F094A11D1BE60129D06C2AFDD3CD69CB8F864DE9B7BF1896D019EC68055BC24FAFEA4F62E9895C0D6EEB7FE16E9E6BC65BC0A2B5CD0ECDE1DE3E5721DEC18B4CEEF49A9100513B741C19E826C0E75497A599ECC1A976E3ABD707811E521B25BA79151B62119E3EC92B4B5581D7A96079827568F6D0B39146FED48
+Ciphertext: 37B50EFF3A3FDA419988CA44CCA3AE95F465A18C89CE2DF025F565DAF0F833E198DAEEB46517FBDE47AA3D5DC5039B873A31D0DEE1EBC63F3E97C0A63CC05A8F877FE70EB7F6198C088FF35C1C369616D3EACB013F295F764146A5AAA2D21CD36B9DA4490CF1B37D379ED7713B955C3B0581650B5C7F4F5B8F45B89B94DC364D3340414B491C29AAF2E197AD6F59B0DD687F2E60F8826169
Test: DecryptMatch
Plaintext: 36DA002D110CD632A9969DC42409B478A3AD3B
-Ciphertext: 344AC6A25FDC6BC0190C3D4A77AEE7C8A2B8755FF05BE5D258C76C23750A4F27D8E8AA429DF602DE285BD650D50677B80FA5551469F3E0DF0E80B2BC80DE672176C3874C935156FC41635DD35885EE8E2F60056D3AF997370E447600748016A3FE53CFFDCC2A8E488608487185ED54D8D7E380CB189A52F1781FA2063C8F3DE8CE59EEAC3B48B7CFAAC3C28949F54C5908CF06DD0D196F2D29E1932385AF7BF718F80E5CAF86A0C0
+Ciphertext: 37126F749ACDF2B6BF667DE9635CC0BBD61753B30931C847B612936C1AE122D6F0E409B4E9454852540C5FD8DD3DA8BA4026FBE8CC8449CA0071409DB47165907202DC078E5A8F6B0E9C8D3497A2D02F53DC3A47389C1B3778EDDEE980055BC4B7EBAC0B95C0CC4783A4B202CE127FA0D7B65B252492A1847FAA9D1ABE893376917BCD46DB4FFADC06C880AD848683B874F7CDFBF0E4BD87AFC39303C512C44EF58B510702C1129C
Test: DecryptMatch
Plaintext: FAFD
-Ciphertext: 024D4A04382B369E26D7D5E700941DA426CA8A4806921B3D4C636A3B4BB04775029FDB9935095B855FF115206B8DF64FED80E755D6BA11C8F78302252D8BC855FC3FB60AF004C8846DE829C07E7DD22F6D0DA6C27D1BCD252B842A13F5F12B982586BB300614F21A147FEB041BADD52564C700D9D9399FB642BF4EB9A0BEE45FC21119444E7B75902EFF99D6A34AE41E65EDF730361A55
+Ciphertext: 0F63F22B7817F2449388E0422C6122200D76BA8D4CEDE63DE950ED26768E6779BA0A238C8C3F2CC5C87C7926F1247A7067E27245423EEEFABCDB606976BA2FD9977320F903733FB57D02620682820B1AEE165604410157C5ECFAB7090EE83638A99E4CA36CA0879D3C14856A3417690A52F14F33CC50FE44503FC47F2D90C096C03F62A85D88891E9568911AF61DF916C3677DCF152FD3
Test: DecryptMatch
Plaintext: 9E9145E890FEEADC706AE1
-Ciphertext: 1187408652D7B0C974124128C6C4F18794A588FA27AE433C7E142B46CD3FF1409D919583632142D4906CB0FD563044AC1C54FBF101F433CE20D045EAE5F66F0D139AE6AACEF299C83FAFDFD7C0FC0BCA24B686A23023F053F8BFEC1EB9C3A36498759DDFAB1C335C04B677D79686A01159E83304608CB07BEEE77722D4BEFD26C76E0536A32139FFE93D12DBFFBD63EAAE93B72A1680DF88F414B9E259CFFA0B
+Ciphertext: 0B60A14F132D21E47E2FA20633DE43694EC0394115DB297C1B68D1A7EE7722B6AF5D149A2EF5D0EA05761C0FABCF8C0862AF320E9D273AE743717F78A46F15B640C87F4AD0C25865EA3453B0FB59D997E41A31B6C1669F14639E2F70F7D4324B8729A26C8869D97B432740F7CE28A74EFFC82AD7EF172A02AC678C13235BA2C6EF79143D189838E1F101385BD7098AE3B5B78A80964D5C0A3D7DBA7FD7328BE8
Test: DecryptMatch
Comment: 1032-bit DLIES key
PrivateKey: \
@@ -400,22 +400,22 @@ PublicKey: \
984d89792985ad688f
Test: KeyPairValidAndConsistent
Plaintext: 23
-Ciphertext: 700BC3C2AADC049B1CD914167B479215395777B6B70C1755E371F2EC425D05BABEB340B513915DEB0ECA9B899DDF1BB0941B8105213AD690325EC9043DB291382D4F34E1FD1E67F85B6D3058FAF45CA4F1F0F368C0BD4CE47032B78CAB6E39B4045BE6D9E508547367AAC0BBC5126ACAC160701AD978F63B5B4B534CEF05A866355EB21527DDCABAA8AE0B11B6CC6DF9A3ED89F41691
+Ciphertext: 0BE692E3384A784AD01D80A65D22B48449AFC0281B36085B0D8FA03574B4BAD05F754D6FFB8E3F4B4BFE60FC7EA2BC1F11253505C753BEFB1D3BDA0084E6CC1FD82454A601F1C0ADB52B3FFC4895D36542FE0139465B490102C7B6A75C9273B737536DD122CC8C3EA0F32900C82C45B0FEE97D995AC5B4345A8899DD6888D1E814BB5A1141A86E636D31FA05689ABA512DE869D12BB4
Test: DecryptMatch
Plaintext: 4F571384FD52A9041C8F3094
-Ciphertext: 2F41EAB6039148BD194F3F5934C3BC9DEB44E0BF288588314AF52BE8F1F480881CA96424F3463DCDF9CDDBB8F06341A4FB1A47DBC4652C837C61C24C5F0751E35FB90687F892AA2E05E2B2CA95ED13BE02802C779DE4FA6FFCA8BABB5CB0130BD3C15E6812BAF59DF4AAF68408F5AFB4D17D30DE635BC40F1F798B11FA704A6F72FEA079CD89331EE685B7A0954FA6705FA3B41D55240C1BFA1416AB70FD691B32
+Ciphertext: AB7942750662F0FA422F4628B558938545FBF7C749995B4D5B32BBF392292FD1B4EF02E5A2EEF6874BCA9F0D4CBCB92D684CDA821829850BD4CAE110E78E42909CF069B54B4BC7D742E113E57C85BCF54AA5CAE1005516BADA834A857315DD6C3DEF4AEBBBF6CB4AE217107E16E83F884B2933EE618F22C45B78092B2EFF7D5C33DB7D89FED4E134921DFD9DA999FB8AFBFD094D77BD887D2C86AACC401A621905
Test: DecryptMatch
Plaintext: E421A467654B3B88C93C8E5384FE2B85D4E340
-Ciphertext: 27432F30EA01697AC21FFE4258A24EE29830F424F9491A6625A18B49928BD137F349D00C2FC0A4CB3E720F5A0C09CE4918EEC8719E17E29B7A5383DE5CE068246F73769FE6323B7B1449F941F0DE7DB051E4D6404FFAC0D5481C911E182B5276DE7C2EAC0FB33589F027A994204F8B469C3FBAB405E94405C40CB3C4250465E15699006F427060999F96A330829CE0172278145CD8141203C65CEE52293D16DF6F38F30D9AD71308
+Ciphertext: 7485B8E5360BC1383FCE1C586E126D5DE89FF1CA7CC8146C37A1E6582A564C4588984915CCE9635EA6ED434C80CAE138FBC1EB15D16B294AC1E59CDE544E4DFBF276D30A7F51461C2B7E7F076222DE6AC534DC47E015BA85062694FD78DC37E9460C10FDAF2C61FC7EE0669E99793A657543B881B50B0D3916E395A959EF55B02DB8E7B4C5B5B653AE2D11CCE639342C8C77C667625116D9E6B6C6AE822CDDF2AA503EC3FAD53D80
Test: DecryptMatch
Plaintext: 3D6C941B1F03E5C9A4
-Ciphertext: 03FA370E7AF4EA48AB5A8824A67F2C3FE2562CEA49E5F7B720659496E61F50BD82A1018663D17C2BCE73D8D643AF29AB1649CB0874E71EF39A3BB8E85F934CFFA768151249F62C78FA52D4BD9EA5C4D7F8757CE231B24DC805DC5B2A2EEF596709FFA877867C74442CA157A3414FAF2F11BDA3266CBBCC5601310D3ED23B255E04D6979108B51B52A627915C8CE43BAD701F09A0B6167B7D14E941E94A69
+Ciphertext: 684AA8D2AD35D2775BC30794A078CFC931096A37D472FE511F72B03B33E87AB1E7B958C3447AF6285AC379379E0D1F1BEC535E4032E186573742A75C1B42BDC52F679DCA13B2B9E67CC73461084DE1777FAAED93C7C1E4A6B19473EDF6A57CD88C076574A356748D501A05AF66A136E908993A0A70538FEB03109C62A41540EB4E166596887B4860E3AB0BF9C1AFD02C67D4BFF28BAECD31D1CEB207A245
Test: DecryptMatch
Plaintext:
-Ciphertext: 969ACF4E7F631E5BA98311980EAC56517A7C6B93A1CF852E39AD66DD43E8CFC7148CF0828739A780070BC30846664D3206573D46D60BCB2474C65CFBE820002B67E5FDD8C0BB5D375737BA2C061783F1764B7800CF5696531FA461E87F7E820CA1D5E9885D4F4DBBDA4AB690BCC4771C47D4F9ABC2744B11E0703D044EAE5BC5910454C6B1C58B71D15A3D22C92969452B615F2951
+Ciphertext: 111C252A9E64FB777F09AF6AEF9C4210B9644C3A66D5528C631D5348E30B146A6225783DE1FB796DBAB3A901E37818B5AE49BF1F8CC0A6C8909D2DB06D651CB08009A25E13A89653DBBA5959674E37BD72039D4E7BFFB3A2395DF8C36164C3FA71334DBFF2FACA090F1C349BF68443838A0D893B9B498D3B6CC86646F935D5ADED81967A387506688B6478492129534F3A651C9985
Test: DecryptMatch
Plaintext: DE5F0B92C45A0C1530
-Ciphertext: 674B77E1E27F6AEF14EB215A86193764571A4D56DF34FF1C2603DD408F46B8508E038B1667A0041939A20D1571611AA23F524089D1E878E1D62535624A4E63F2560530B0C84FB8ADFE5D6D87D5157B84C43203C8E2891DACA75D1135B6DC91BF01776A8534796D1C7AA318370B746802EBDC87B3CE98E901D5C9B92203A29B5E1615224ADF94DEF3E30BAA3C7E20B95F4B2C5FC71973C37F7D0B317018A4
+Ciphertext: AE6BAEF52B43EE88AEA7796D667D044887407ED07E7618358243A0108514FE9793EB28EB42B4BA2F28F6687FE7973FB8DBF825541010F1BC1FC7350CBEC0B055C0C71FF2C4D2634582C966C1CFD3449AF8AC956BEC3EE797F7E81E589450EA13C1A8C99116E05E49F4BB87C9B95EFDBEB35B21C36711CEC8A1ECF3E4F194251563F88C056749B835FC19A7CD560FEC785207DD14D43C6104D83BB05F1DA1
Test: DecryptMatch
Comment: 1536-bit DLIES key
PrivateKey: \
@@ -456,22 +456,22 @@ PublicKey: \
05493aab1f07
Test: KeyPairValidAndConsistent
Plaintext: 9302C420D137C310
-Ciphertext: 5F3AE7A257BB56BD2246CC16671E609FF71C6B094DF6ECED48DD6F938B1D458D5971C1F514E181907378DA2FE96BC2852154E24468F6EE0539F3870E5DB33852ABB21A24F9AEF300EA4D8FED94B906F99349E8468D7ABA1337BA06868724D7EB60D5B94CC5C8BDA5D42E432D9EF9362767FC088E5BD214E8306F6FBB34B76593569D54595B27FDBCE2D5C235786ECFBC68648ABC2AD8AA53B8610504C9132C1421FA63931D2EC4F02818F1805BF41DC5F8FF98A9F3BFC815340C8F664641CBE3AAA853006D836137EB5130A7FFFF244EA03E602BD8CBFBAEDF683116
+Ciphertext: EEF64A81C754B2EF543A19549AC0FF3F44E4B548284ABAA1E5F1EB704B0D246749D7F1CEF7B20A5226384DBE8FB596101591BE2B53E9909EE3723CB70A385FC2DAF6CE15629EBA21E7F26223B0A2428D8931CBB4F1B281E318A540F38A809C8BAD92D10FDD63305DBBE972E6CB973FC4F2FDF0BB9CC37FC42C7AD76E8DE3FA91E5E79B09796652BFCD62A28A59D9A97759032A0A78E0E1B081DF212A15AA44E35DE9E291EDA499DDB631486C029D56052246C9E37FF24EE9E86465B3B55BC4BAD77B9AC873B6F36EA65892B202E320756540009C81B9C6747BDAF40E
Test: DecryptMatch
Plaintext: 9FD4F26B7317BBD1B235
-Ciphertext: A95FA2FED7A0FAF3FF6227BBFE749FC147051441AD62DB20AC0733C0606367D92D83EDD782A04E7EEC913653C63D1BE113E108359CF37E89C0EAB2E905E7536A4A13C1621C462F32FB237E119314A9FF9570F59B5918318A663FBEFEE28F25E85A4F60AB20C9FE105BC168C836728B370901895D4A912C5B246E067495F5B953DBB2E9ABE70500710EBC61A9E8FCE9A1EB5D7C070FDD7AA199990C55B5E341E627E48FB0551057F04E012A50999E563C1FD682D95CC6EFFC6B2982E1AE2CA8E6D8404EA89893EFDB782B0D9472629BFEEB3E63C68AAB976503A7228B8B51
+Ciphertext: 514DB5C63AD9707197B4F0B2A30CDA18369B963E62F7ABBA1E030E08D3DE4E6C17D4BD7CB8097C2E641FBB0AED6A9FE7FBEAAC1C6B85BB3570D0E86FF6105B9F8C9B562A4EFE4AE3AECA26978C514129006D22C108B1C8A0FA55864EED3D3F81643AAFE36DF1CBC3B4E1B1AD6D5E0612214938A55114589B97286A7EE5B04E39254696DA91453027F07346984423FE2784DEA9375C236E6640504B5BCAC32062836E5BE1695CE73285CD77CE9717FA38E080C28C2959D9E32A589C04ACE5E52970ED49BE34703AD6B9F024DDA176C631EF5EE76833B427E233A5DAEC4328
Test: DecryptMatch
Plaintext: 337D8BDD32
-Ciphertext: BB4D09A22B305A1999854CCC92BB441AF2B7D7A4FA25065DE751C0CDAB45D805AFA9F00BDC311C8F9951318F9EFD8469149F9349E58DC6DE1AB30CAC411FDC57EBAC4EE459512B424FCBA21500851E3696433E2A3248EA88C21F234A29CE153C6711E7C4D1B60C0530011DA956BBE631FC92C44488146894BC09CCE68BEC251C3B7451BAE2D4A70A2595F9C50CB2C62E23C2456FE0817C221697CD699B758AFA8BF6AC778C8BFDC131D34B0047617630EAA2DF63FE82D41623185049D07CE4E788371B18DF2729B97916E08E4AFEF05DB0C277E959BE9A7612
+Ciphertext: A4EFBF2151DAC683F0C51D60A647151A1EA0C0DAA8CF3497D7116439E6AEEC62A36D06F89AB2F1886FB9F62403E3DA8D6F67F66DA2436EE20FFBADD698DF87EF40470749C0BE0414A7AE4D2755459F8A17F6C7D8920236400313D7846532C391A0A4D99C26C556772E2D3C74E0119C4CEC7EF224488BFEBA017A910E5FD167B4486E436F7481DC5A46F3FF0536193C75A857DC53C5242C11AB911BD21926462C5060BB89F71D99FDEAD3D16B1E21E0D0791B59ED0F49871F744B13F23EF5028C238B895532F90B0ABE9912644EC079604939A0CF519BA9D185
Test: DecryptMatch
Plaintext: 25549A5AE844ABEAA694E3F6
-Ciphertext: A1238629540D2827A1C760AEE98273687FC06ABD64AF99E5083E1F3BD8D169784005728C2C7662AD111482B53C59A7104A8F4D1888252E3D8D1D5DAE2F17CCBBF9596A9D90DBBF95C34E609A9C40C87E83B9E0BF2B385AE242C041E809F493EF0BC2D985F8BD48BD66C14FD7BED064BEE24D28632DAAED4A9D7EAD41266EA5F0568FE9C73C4B1C91F90FF82B0AE9532CFAB26D1D1E3960270C2864121E9BC0597240A78DFA600829A5FFE1A7CFA6866C42AB0BEB0238C9C189845058E1ABD613F17036AEED216F5E91A6BD9318AD78FC77C07EA9DE5084A80E481EC59B113F49
+Ciphertext: E2B30DD7781DB7EE7B2EE3FEB77F7360A6069396D8BF1DFD85D5429DA5A156677679085D612D0FCCA0979C97E924E77C43D3702940DBB556A5BB6EA33D650E078B1CDF8E5F76DA6591D0AFF4389A3A982A9AC581BFF393B35D36894E407AA56B493C2F7C4CBB75AEC72394AC4F8A99089702F3AEDB2FC7486F5CD01691C3C8F8FF3E951CEC70A4E172B763124BE1D9F96DBBFBA8FA0EBD1A71067A20F68DA6AAAE849880DD7F88901DF051715E240BF0F5B49EEFE35B9B0ED2B69757111080DCE2E2A933CFBE8FB9E6E9A2C2C75E0A4228D06689796AB919EF80405CBF648137
Test: DecryptMatch
Plaintext: 5E61EB24085019F4A76893517C0A13
-Ciphertext: 04B6D3DF089B924864D3DBEF600A3F6655DE11976B7263581E16EDBAD7FAA5E4F5126AB02A68E7476FC87E1628C0622E49A5FC27F84CA270923F2ADBC6DD3D259532454B2045B711D536BBEDB7C0DE0311ADD25B9A7142C006550D8E23CA5D9E3DE77C8971E769B58D958D121A73D7EF919C5BD2C9930961B1B42FF393FDB96979C0E45BA640A75B719B1FA7ED92BEA55EC9A20C02A74716A56F9AA90A5559A6484E9BC5607934D0AA72F50F6E641666B8810667AD1FCFB3660DF3946B457D09DBE2FB1ACC7AAEB1B819FBA1BAE37116008820C26A28C098BF03365A074FBD2CD18DEF
+Ciphertext: B13E45F9288FD2C5C0FEE230D1A09DE376ADADB5A4330F33BEC04C6F14C4A1CF3789B976F402F11611AB8345B2EB1069CFEE1E2F482A02A0ED9A3B9D94EB78C7BD7222ECD48A598E34D1F0B6205331CB20E0B2C6C146FB29CC11BAD5CA06BCA3EE39DD536FF330663A817ADECCC284B92F6AE3EB75B00316992BEF8A955EBB4DDE2CEF504E9298AC243C00FDB64B6AE96FD7B2135E6BCEFA7CBFEE135A650AA3D8CD095D1C9156232DCFE1904BC4CCE58B455CEFDDEC1D201B07ED4F999D6281AE21C2008525DB24BEA2D9FDAC1BFEADC3E6E6B1181F1A55A75976C565BC28F177CF02
Test: DecryptMatch
Plaintext: 87
-Ciphertext: E5EB17840FD89D03B979974F0042D34F1AB0221508330EC9C6E3537B8EDF8CC078520BDFFAC503ACA4CB0E37108AF05C49CF77804D55A149A89696421AC23550A67E169020B9474259C073212F3724481D3C9033934BFC73F4244BA22FD93BD6E70FEBCDB064E741F49949A1207544AD4C0FCB2F89A1B68F07D5D3E941F91BB16463100C1D2DEDE2002E567DC81A125CFBEBBB43C4A6238590433AD347A311ACCE4EE182BA95EC7C0FDFD598B9F0263A36715B58EBF657AB5C906136394CAA88AE00916439C47D2BFE9D0434956A4E66D7AA9D5E2B
+Ciphertext: 174E5CFE167D4F6FB9A8FCC0FBEFC12864745900F5A18EA92282C8B6689EF53BBB87B30FC21DB101D93E9FFCED05538EDAB59F9FA07FB176407651DD0C4CD8269B1DBB70F24C8177EC6E16294CF5E87A3070A077B1CE84B612C3E3B1D4FD60D732C4D2CAEF5AC442A358AD0F323E60F58FC8B29894F3EAD3AE0DB8FD08BEBCCD4220CEE6B7C43A5E769D1F890A6B6505EE7FCDC7E399FE5321C2792D7AE094D13EC493CC0911B3EDBA6DAA037E2EA0CD3642784FFF2CB1BE04E5B12AC9D2871F016D8BCCE6DF25C1C04D912CBE707FD4DB0F9E89C4
Test: DecryptMatch
Comment: 2048-bit DLIES key
PrivateKey: \
@@ -523,20 +523,20 @@ PublicKey: \
36723c1d88c8c04981e4
Test: KeyPairValidAndConsistent
Plaintext: 5EE1
-Ciphertext: 963C4598BBBDC42C07AF5735DB9B76DBC1478056100E857BA565B93784C428186946D09CA2C55753A37EC1B69728C2636C08A0B92A68169EF494874181B4514DC55439B437A175BD4F40B5B6A0B7DF4C48191332A11189007709C2B900A3D9686DAD19125E4D980A4296CF4570E6E9AC1E9EE1ECDCA4187E46F6239FB5DBBAF4FEB4FA19284CE170F4CE3683AFAC81043B4CB33251165AA848E8DA8F3C06E427DD8DAB3F422F87D00820F1F0A625C737F3CDC9E217FE2A67596C1C888E1BD72B614715095528812491E36FD65E201F1709821184E2BB89A1D4B15E9E1B7E9772E70433B25DF8699D5FB5DE47CC0E891F3F5ABFFCBD3246D97BFBE86179FB390F30495168FF82FE5DC0A6D1DFA683D55C524B72560B80
+Ciphertext: 73279829369404A1B68D5E86FF334259936133CB04C9186CFF733972054918C3285EE907C2863DEE872252BF03EC9FB088B8DCE6D69D78C6BCD6B3FF87E683C6CF3CA05FA6AF0C068D964BE01030A3AB4E19575811D141A59CFBC9D3558E48CB771D88CB1E0E6C7ABED041077D24005E337AFCFE8531569FE56E2CE97C40693C071409888AE46DAC8BD739AE0E1C392586917FE07A66F7D3AAF0DDC398117B594481D0D5CD19C8708DAED6338EAA552564C31F9548FFC7E5C641FDA95B252EF637C6CF708979948A3E6B4F37A9ADCD60BDD841F3B0945CFF55E2F13468EC71C550CC2AD48E7E1FB444F132AADB1EF2A7C5A22450D0E0CFE9E37D999B4794B5A594A4EB7ED406DB24ED541E575B9F2756545DDD34F6DB
Test: DecryptMatch
Plaintext: 0252EE2E1C603017
-Ciphertext: 63B4F5C6642133E53E22505AE22137026FC1D2339925F05D171B815104F42C8587F17217CABC43E82C669300D933C89A723A8E1E44B41956A1CE978E4FC6E3A35DEBD8228053833D298493474C96C0C5915319FDA7F5C465A487D85A3B03D4E0429427C902B10264DBB224ECC98857B0C18750A784BBF31D3679F7861555E9001924F0B315E5128E8CA3EB97202EA7867BDA371A653B1EAFE189329C59C26B36CFE1697ABB73398346446F4CC7639FF91BD6A96E42DC28341CBA5BAD7527589E44E672119AA2C687223C77F253722BABB7E275AA7A5E42820D26EC9CA94CB33B0A1A8DE33E200F8755D6FD6C1C5C51836D2E4F27CD62E56B0D39632D4E59327EAA2C9878B7BA5CA6A6D073A5DA2D4E39BF129FF356B6BD8233D83C35
+Ciphertext: 0E742D794904D05C0F0B6F60E9655337F8C110F289C6E4A0D6FBA6A2A8EB0FBB566A7F9B9862175C7A00A8205E8C8012366023FD8DDB6EB713DEF86917233DC5D16C2822707230169C183FD3A714806220D7DBA735C4F747A23E4131CE12C5572BD5E659F967A8B7DAD0EB6138D1BB569C6F04EAD79F9A6301609697F73F6FD8CCE934FAC6FC138B4C552E211FB1CC242805C035815F462D0291537DE10632141ED0A7C22439C7270AF0A6244C073CE9E2654FED918C86697988B0B341C5EAD2CD6DE75EAFDB1DFFCC5FE465E8D8C9A34D5B7F0E9DDE62204FD12EE2F99435DD58F3254268F8E6CFFADEA9205DDFCC943004887C405859866A0A40456A6C50B57FCED319AE0EC92B9069F765013436FC9A0253481CBE12B707A2B20D
Test: DecryptMatch
Plaintext: 01AE
-Ciphertext: 91981C3BE750F54FD5F233E38C3AF527606449C05FA6CDD2F0ED4B6C39361158B91363708585B876C552A8305A1A75B0B874D04B61238A3D847306A8D30185871EE10CF28436526069CE59CB938F48E7DB3A7D9C9EE543F948D114FED541D379AFA4FB2197D0D77957F2408AD08F8C4C91A27EF6924A2604ABBCC40EE154B68C4496227A31451B2BEE92EEE93783E33768758844D36E3897CB21AFC24746CD7B40E6B968EB4EB30DE6563D701AC763A5CB4610CD364D8CA9E0292D9E3F85982F2208F30BC3F99A95CEC5080E94DD89DB095B58D3D7308F5CBA36D31A7BA3B97759F021808B0E4E93B7C3F8D5630D18BA23772A8EE1A46DFFB16B3B0B2052631DC7427D2A4B16BDAEAE643CB0BDAEF4C70516AB207F91
+Ciphertext: 6AB2E26D99942CEEE4844632355BB3B7713DF000DA11099D4E1BF9EDD1781A9396032E9D96BA0DF21B309A9CABCE9AE3D022C33A931183DEC5A3721EA5CEB39C18935A43E3B0BC153E4469AEB604D031A0084BE5927478AF8EA652D0A4AF455BDC57EDF26E2C6F9A01C91F29984C11D3C60313A53D8AC65D9FA504742868AD3D313506EB4FDD0E9799B111F3041F4C0547BBB06BF7DB20D18B427BCA1BA5099821A5F0997EF08C319B851F0C88B4814CAC7BAA4290B3182738C37B6ABFC2C4770A633F70E6FA4FA53AB286384FFC2AF9B64DECBE12C8EEB97862F76296D13D889E864418056420DCCD0DF9B76FB32FA6BDEE149585F427F133972DB7281D91D6E78B6BC46151901179D186CAAC784D6271023FD6E84B
Test: DecryptMatch
Plaintext: D52A1E0E3253FE281A9471
-Ciphertext: 84ED7C17B599DFE7229A3F726F28756639BDD691B703A8215577B059F13562BE0CF6E280B52CC97C50948547283B46A7E508C24D56D45CFF7F99766861AFDD0ED477D48DE1D60CBF589E6F029FC381A7FB3C562DD9F19C6613D04147F04FBB61C0C438EBD334DE24052429A42194E082D2EB8E20A722E92073324B3F925D6252438517EE675E2C2694F7009AC72C9E3A52F1E4440040D96FC7FCA3939EB3637E1C22BB3318F71C016651C00C1A99BC8C11D2B03DF3D419349445DB177D3834808814AEE4D5D1B3571FA1EDCDAC3A3502CCA1FACA4B45CCC4DB2DFE4B7F35445D2824CE608E760F85BA6DA73181B036C46777E0719F274CEA583612A104A0325B855389A7F3461BC6FD06F9C5B3D9E0562D58C6C1A132AD8536D872DC26B87F
+Ciphertext: 63F60818E399024073EAF02A7A419229EA4E2FA4126C910AE7D31DE7EB6C9502752F5B7241F2A133E9D71C1A75E23A6F5DBE36C1B661935B0F20123BF434153B1F81BBDE278611C9FAF9F56BE8C78116823AC5B5F355B88A82AD6A73D2B63BECFC7D3B39DB2A6B393E23826235AB76653EDF65DD7A94BD27E221E9D511041340FE83A27F7B26CCF3FA40B2BD786BB9D67D2BCED415F2F76D116E8F3EDC953B8A327D2846F247D91626F643F8DB800F5E1DF0CDAE2369AA8969A938E0BB5A44F0A9C0BBC7D15A34DAF4713531A7B6B59CCCA2282952B16A7E1A1D1CD47D8B2AC6A88BC6A85E692FED89BB3D1F16AC2A922836152059433A29F786F2386A74DD6F555CC8D06C890A4A93E9FE88CEB078333A631E9E3EED0610F0A17F2A4F8DAF
Test: DecryptMatch
Plaintext: 53
-Ciphertext: 5D1CB9740D01C9351721965F393FAC274EB7703027A9E1B8BF779CF3EB3206E17454855E84CAB314846D8A170E224D4A87A115035AB7B82005F455E46877C4709029D5CE3645855EA15EB6DFC9824DB8BDA706535A6C905D6B1F1B91022F7BE97730848B6AE61209C711571E164755DCA386E6F5F69DB9E7A65553CDF1AB5EAB499DCEC7CDBC4C187F33C82AC14A5DCE2DA6096E524888BBEB207A130B56FC9C8291E3CDFB51684CB54142CD14C2633A203896E0E06E9A8816581E8EC793C13CCB50DA74A284CC35F24B740CAB7A3366DF3390B5BFAB3A89F69E45F45A34ED241C0B64909B58787576D07E184BAC3797B23508B15EDDF1941A3501CCFF273728B8A568012F977A2CF319CECA243FFC0086042AFB08
+Ciphertext: 7F820C0C9A5709C6026E58446623B5D4B323BACE54724F456684526BD1966A360944227D04824B3C9BAF19A602EBAD25B8047FB6BF9997EBDE6B854140C032481F1479E4B994FC5A2DE8128375099A7A0024AE1CB985D73BB2B806B20E0751EA154BE2A70ECBCA49335BA57694DF1E0EA4566304B8DF4BBFE5AA41D0B767AE1679BDDE70F95E1C0C7E06F4A635F987E2858407BCA2133C3EC5620D58F1AB7FE1426B615959009A4706797FE4060E1C690DA373E48D6BA684F69E981DEE5DB9A58C504DED4D4CA6CD9B776DA03E55DEBA97E541A300465FFC68C5417A10ACED061023ADE00FEED4099180948F26F10D2F9470978469F67AE1092100C16D8FC4104DD1E711CF67D5842DE4102869E96E817F9C9FF520
Test: DecryptMatch
Plaintext: CEA6026338
-Ciphertext: 73DD44AB4316148799BB0DB283C601C7E757498C528BD8AF406283D8DBE579996F3F3DBFF9D26477146F29B9FAC01762A95ABFF256774FD83B2580F51791E2A0F7DD1DAEE2F3591AC586FDF92F9AFDBE98DA0BBE4A400FA41B02F1E352CE86504CF616AE710EE81AB1EA6B60F5424B57B8A8DAD045004C371AC7EF610C0B8A761A2BA6D3563023859A5E53E8153881834CC01A7C47BECB836B60DA65C72F0140CAFBA200985CB94722AFE5839396AEA79CC803CDC6B41E8DD039C6FE8A169BD889E81783D7B668FF412DAD5675211F5F43E11A021ED0327650A7F42A5C02A5C053DC537E20AE8742E3D6BBC39519B9E7811EC9886FCDE953E4552A8AE0733BBA216250B463818AFEE647147D546B82390722690334106B1855
+Ciphertext: 13D877F0F00D01125447982639AC82AACF30FA0573001DD809C72D0F811138088C6D6D0569E63AB001CEB0339BFB90F7B71F339CA2F75859920370C622C0C4930B79B99DAC0560C763A1162AB46F58D1409E25301AE6D70DD4FA64984FE894DAD2B6401F8864580132664DDC2A57D1AF8AAE43C2759780C8587475F21275D61765251DA8FE91921703DC8DD279DFF4260D8AFE69257BB43EC609DA30DC33526D66E46365F399AA04F34FA7BA6469CA964AD6F2299233424E7342F1BF493C0BBB31FA1C713543D758219AB0F73B9C24F4699415F96C32E2A700669FCAE7EA6921F96288723ECEDF9677EF35702C8C0B71AC27A57624A7667580A2FBFF72818B2BCBA3589DCB686486FDDB50E29E75EBC8AD3DEDC8B741AF80F7
Test: DecryptMatch
diff --git a/TestVectors/nr.txt b/TestVectors/nr.txt
new file mode 100644
index 0000000..f08bb6a
--- /dev/null
+++ b/TestVectors/nr.txt
@@ -0,0 +1,615 @@
+AlgorithmType: Signature
+Name: NR(1363)/EMSA1(SHA-1)
+Source: generated by Wei Dai using Crypto++ 5.0
+Comment: 1024-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 09b2940496d6d9a43bb7ec642c57b302e59b3a5155
+SubgroupGenerator: \
+ a1c379ba91fe1f9d5283807b809c698bce4aee6f405f4de8c46becf33c08a63b\
+ c5f8088f75b5b6bcfb0847ccbdee700e4e698652317bbd7a3056404c541136d7\
+ 332c2b835ef0d1508ef57b437de60675f20f75df0483f242ddeb57efacd18041\
+ 8790f4dec0a8250593ba36f17316580d50db1383ea93a21247650a2e04af904d
+Modulus: \
+ bd670f79b0cde98a84fd97e54d5d5c81525a016d222a3986dd7af3f32cde8a9f\
+ 6564e43a559a0c9f8bad36cc25330548b347ac158a345631fa90f7b873c36eff\
+ ae2f7823227a3f580b5dd18304d5932751e743e922eebfbb4289c389d9019c36\
+ f96c6b81fffbf20be062182104e3c4b7d02b872d9a21e0fb5f10ded64420951b
+PrivateExponent: \
+ 0355dc884345c08fb399b23b161831e94dbe61571e
+PublicElement: \
+ 255cf6b0a33f80cab614eafd5f7b2a6d83b3eafe27cd97b77ae70c7b966707d8\
+ 23f0e6aaaa41dc005aaefd3a0c269e60a665d2642f5d631ff1a3b8701bc06be9\
+ c44ab7367f77fefeec4c5959cd07e50d74a05af60b059ad3fc75249ecf44774b\
+ 88b46860d9c3fa35d033bcfc7b0b2d48dc180d192d4918cddff4f7ebcdaaa198
+Test: KeyPairValidAndConsistent
+Message: 66B92E1E2C44B80F7BFA
+Signature: \
+ 06e7586b76d5a8270155cce2d3ff4495237eed29a101eb1341fce0b43d95397b\
+ 053d93772b0a9cf3117b
+Test: Verify
+Message: 973266BB0A492248082A
+Signature: \
+ 02de44ed2233f0f11dcf567217d2089ec039a211bf000d42e04900a66ce45c58\
+ 526a97d7f4cfba29e43d
+Test: Verify
+Message: 9A6D079ED0CA9D8B40E8
+Signature: \
+ 04f59dbb2712926b3bc1d3c428f16203f3443f88db0669adda94dcb54e1fff71\
+ fb51bb603e7adff13f84
+Test: Verify
+Message: AA34DCE67BCDAC927DA6
+Signature: \
+ 08ad21bf9d0cc598a214329d3544685d39487988bb01aced68ad0a4831affbff\
+ 3b14df6c0f4ac4d2e967
+Test: Verify
+Message: 4EDAC08816AFDBF284DA
+Signature: \
+ 09a9d5aa9bd1b6b61fe8825128c8e52a6213692b2504c8c6951299b5ca51b03d\
+ ea0a5e56f9a7c4cd44f7
+Test: Verify
+Message: D82F2E903230962B8174
+Signature: \
+ 0441c8d089e690a7fab391de07073326d443a0d9d806a3997ac1641175310890\
+ 1e55582a582541330539
+Test: Verify
+Comment: 1025-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 0b3949dadf3196f08bca0606f06443afce2fb1d02f
+SubgroupGenerator: \
+ 015f0f6d1729ef2af723c00e36450a04c7e7681d65b74a6417a53b3eb6036989\
+ eff8e0ab11a7ec3ce2340b7c7a92e1a977aee52555c06c12c4cc28496ddc2598\
+ feeb7539ce90d3888e21f61d7f14746cf67d9fed373afd97e2483700e300ed9d\
+ a25e7200b363a4727ad201194b36ea5f816cf83488c3e527d3a5515870d2da63\
+ d6
+Modulus: \
+ 017310bf02d70ef2cee45d1cc47ec8ce8cabdd6bf32a560975a42ef057bf9dfd\
+ 553bc9368ddb154a55d855edaa755e69f511a4c69ba78571cc4b14ddbb0f32a4\
+ a9c56c286305aa21ec4e35de7390747477b3bd574e7b87cbebde2f665703137a\
+ 1172350ad2f48a0884d076ada9db82f104e6b0ad86693cd4adbd0067639102fc\
+ f1
+PrivateExponent: \
+ 0696b0f255468b7ac18e11632f208ca86383a46724
+PublicElement: \
+ 45bf83e62f50190374b23de5e4a1d0278e9e8e6c8335577d62e80662a380c206\
+ e326819c5082d321dfda1f905fa5a3ead9a2dc769885a27b1fd6a133185dc5a7\
+ 876a76ab0a09fe02b7071a924169e4d2d2a67e67ed3628800134183b962c0b31\
+ 3463aa154e6437d644e025ab234e63d19c129842a61c5e5ea5a06466c858c81c
+Test: KeyPairValidAndConsistent
+Message: 2F585D0CE4FA1CD93880
+Signature: \
+ 06586d8a703cdc27200d5261853f50effa8ebbdfc905f5becb68b81eca506992\
+ 50fb54e46d557c6095dd
+Test: Verify
+Message: 4F09A1F217B8393199EE
+Signature: \
+ 0622cd33b1d715829d8fae104759ed449f95becb5e03d36f5578fd6a2951d2e6\
+ 26cfce85ba6563990d64
+Test: Verify
+Message: 03D7110A753B008A76A0
+Signature: \
+ 02925630b4c80e604fc1d8680bfd0e3d878e22b3a30ab8b10da7fc38816a8c5f\
+ 1e06927c68f9d3db60d9
+Test: Verify
+Message: 129F4781D417671F886D
+Signature: \
+ 016c2c4ce845b4d412828cbb8a396d080c7eb93bcb01f7010410198c8bac96df\
+ 8ab8761cebdb7d87f3a2
+Test: Verify
+Message: 3E1594F559D1248D1112
+Signature: \
+ 080bab68c62be86ab2c1bfd0edf10387a7cd66b69f054e254218e01f650e4e8c\
+ 6bfa10054e367893e59e
+Test: Verify
+Message: D6F0354F1B6B253B6997
+Signature: \
+ 08755c7e8012e8160db75c6160686351e5c577207f01602b4dda2fa56b864374\
+ 703c83bb323c7bb34f5f
+Test: Verify
+Comment: 1026-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 36bb68cd95dab195f14c4534283e7ea50b00cc31a3
+SubgroupGenerator: \
+ e2782ad6992f4b7e88787b4d616744b60e095575a177569c4a069e311e38b724\
+ 0c43343367e23574c30e4d9f05afe1fbe61423bab715915c4ccf28aa0ed2f52b\
+ 092b86c8ec1f9d4795d6e91c88ba41297625c11a9e1f4f182da13cf51e541038\
+ a1266bf32b2dd81ecd84bb80be8fdf97689942e944b7fbb6981e00cd680ee25f
+Modulus: \
+ 025098828217d00108030801e5f135fc6fd3010be39e49060a96addc8a081198\
+ 803402c4b46e4ce0750fcbab8cf084c7ca8cae09f1b5482d336fa3af47b96791\
+ d02d8143e274b1325f2213e17f9384c805f479e52a3117cf84869d395f1bc025\
+ c918484478d2da1880d32bc519f4e6b2fd2d46958795550ce1765f725626f3fc\
+ 17
+PrivateExponent: \
+ 2db270c284328353f979cad99f4133c53acaa6ee71
+PublicElement: \
+ 0179b283f67868aeded3a0c5633d0e6c18fad77174e2c89c03452593d05e77a9\
+ fb029c0ccb2b6f2328e79c286ee392713f12d9d45578348383b81d11b0e0f7e8\
+ 9965a7785d5ab64ea25bb73e8acaa8e84cb9897985015757a48c0b1dac3a6a60\
+ 6fe671ea073ec434a46f227b8d4b02a46fbba2f6c6216736d669f55778d81004\
+ d8
+Test: KeyPairValidAndConsistent
+Message: 7E4F2ED4E79062778A2D
+Signature: \
+ 03f523873462ee1513833e2853c3b62e30c5c1cc3224f1a42dc154fa84ecce04\
+ 487069530d76e0574a38
+Test: Verify
+Message: A0E35846B5CF1B5BF560
+Signature: \
+ 2264285d75a55c431a7adb9347bc07d58efbeb1dd9354d01b0b86f2875f8dec0\
+ 294d20289d39369c5afa
+Test: Verify
+Message: 3B138785EFC6F520EAE0
+Signature: \
+ 116e45961ca73f3ccf08b35f94877fef88772cf0fa2ab196c85a91104d8fbde6\
+ 65b7032b2fb4011a88cc
+Test: Verify
+Message: 0F6BE2AA764B485145D4
+Signature: \
+ 027ad753bde13c7f2fcd7571e5558f8af756cdb9463237fb0e285cb633cc86be\
+ 1b410188d701f6ca83c6
+Test: Verify
+Message: 6CD9FBD23EA58826FB04
+Signature: \
+ 1651decd376899104e3fdbe40ab2d9bfd3c8577f3b092b66e3760678ecb3fc35\
+ 23a59107e0bdccb76a73
+Test: Verify
+Message: 473A82649565109E9E89
+Signature: \
+ 2045ef56d92f89a214d76cca6b591068ac5f0d008c121ec4e5c4c1e8ca9b67cd\
+ bb5ecc776a23b6d54ba5
+Test: Verify
+Comment: 1027-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 291d0ba731a4303070504d8b9615640a5e1345e00f
+SubgroupGenerator: \
+ 051c9d0270b69ceef82af5aed5f91dc88d585096609d835d03d39cf3ce74f5a3\
+ 402d4e8e192455493da61cc58ee6f54dd941172be3d7642169cbc52273f4b725\
+ f1d6c820c3333336c64d32fb6238121b3ccb7c71b847764946bb0887a44ca9de\
+ 802cda62efa9dda573751084225353f11ed837f3dc25de8374b6fdbfb6e313e4\
+ 6d
+Modulus: \
+ 055402a8abe9cda3072ca8601d68032651feb0335856e57f8f8d4ec949098a64\
+ 59151cefeef91b7aa733668c8cf0e9b96c93c61f3528d4036daa6565646f65d7\
+ 4c4552817df7e5fb1cc421cfd885e27bb811ad227e81b3fa02f7a00bf01ee6e2\
+ 3fb5572a75f8f29b58bd5f7db435e8a92a923f15d50f34213d29816921bf195b\
+ 2d
+PrivateExponent: \
+ 13b27094d9a5a3a9704cebdbe890da325fa26ad555
+PublicElement: \
+ 03b06b99097cd7145c7d7782b02e247a4741f3c7f39233627f17e13ebff89a18\
+ cad6a454c3f32f7ef2910384030da71ae47e1c3fa79c2141dad107f8e715e47f\
+ b0bb626baafc35db769852ebbec2d339c3c3d5f2287cfdd20b3b78ea4607086c\
+ 42558ae4637eddd6a74bc1072d0f34d9c0130cbc9e84f537e7ce50df502d17b5\
+ c3
+Test: KeyPairValidAndConsistent
+Message: AE6DCD9535AEEE3ECC89
+Signature: \
+ 1c6794878aabf07cf9f59b685d4a3a6e51c9135dc101a4a6a62c95a20902e2fa\
+ 23db7d15293f595f86ab
+Test: Verify
+Message: C83A14EAC016D659F9FE
+Signature: \
+ 18ed4812925dca6a9c30e2e3566433e202be2d305414e1e6583905ad845cbc63\
+ 2049804932aac79b858c
+Test: Verify
+Message: 745E02041EB487D16CE6
+Signature: \
+ 13d4ef1de59ef0fe9bc4ecc6d382908642f6f5793e255b819e25ed124f7fa574\
+ d91fc2e9b258f0514b15
+Test: Verify
+Message: 62F019655A83501FC4E7
+Signature: \
+ 07f797768984ecc792f366ece16f5102aec2aac6d31fdaf3972839cac2c99a2b\
+ f5b347c887d37943383c
+Test: Verify
+Message: 351D37A4B5046E885EAA
+Signature: \
+ 22064cd5179ff1551dbf73c5220e17a9dfa1aa8f7f22f44a6c70f13c6d0a21f8\
+ 7e53278251037a6cdc5e
+Test: Verify
+Message: 4073D33915F595F4FF9D
+Signature: \
+ 1f902ea2c9521b8c7f11619d35dd22a4667e2eb89a017194bb68ec0a9df762c9\
+ 377c1c075b5f09566048
+Test: Verify
+Comment: 1028-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 2368e2b864b250ad45406391e7eeaa3d27cd053c2b
+SubgroupGenerator: \
+ 07c325695dfe315a77ad7b42f0d18f9d4821b5c153fee7385877602fa54477bb\
+ 8c0639d2438f34352b97c22d02a7295d2b53d5286a01caa919d6283614690624\
+ 240af922675ccd4a0534ec336cb79cde31b02b5988cc5a53ca17790d67d803a2\
+ 7bb927b9c59bdc6ac794175e285cafdece6778ab19a0b444747fee20d5bf929e\
+ 70
+Modulus: \
+ 0abdeff64b6f28256e4562109bffed29cb5aa95d89cc0ec95da0e773dbff3467\
+ c271bbb1e1fbb6af058517fdacdf26b5919674c625eced6317d8631c063f43b3\
+ ade2cd633d554913339071d6ebed5fd665fc5dd7d47b80721a976c3b14fbd253\
+ f0f988c354725289f2897df0a15985c92b2d4da8d087870c251c72d979b8304d\
+ 51
+PrivateExponent: \
+ 0771305163506b2b83bd5279935df1b5fcf180b004
+PublicElement: \
+ 043e4ae6244408879264fe6b859b578218705b9a45af22efded27141b7f090cb\
+ cbe42dcf481df3e41b13920ae02b694eaa6bfd62f2d3c5d677b8c4ce783cbe27\
+ 89e088b04489ef535ad4a517351c8835cf128f7ec677a1b1dbe3ae9cc4198ddb\
+ 6e1cef8e978c0725f5063797bc43eb9ae496286cccbad5d4e026e9edb997d2f9\
+ 18
+Test: KeyPairValidAndConsistent
+Message: 4867852C83F181CDD010
+Signature: \
+ 1db6a5661b20c9289428c3b9ebf65d5a8f757f3a3b1eb15dfaf0c8cefc891954\
+ b48279eb45910a141ec3
+Test: Verify
+Message: DA6493C86D6B62C5961C
+Signature: \
+ 1c05300a56319ba4a8ace1206f5f37b5bbefc9d80a171a57b6da3c02aa1f3079\
+ 70583c008f073996d932
+Test: Verify
+Message: AE2C1136BFE966794A6C
+Signature: \
+ 02dfd79eb18f3a862b11a5d199a7db1dc53580ade90517a7739cbd8ab1849c44\
+ 54ba17a69b8d03ecc4f9
+Test: Verify
+Message: B20160E0442E726BE749
+Signature: \
+ 14c0cf809174d39f1324b7dd0d6d1fb3be5b5577c10048b12def39772fa60cd5\
+ a9d2cca9075f12e5a3c1
+Test: Verify
+Message: 3638935C4492F5CA42F2
+Signature: \
+ 0081d7216636bc6fb9bc7a637a377ebf4f9048826e0360c8faf03dd28c4ee4a4\
+ da82689259f140b3d918
+Test: Verify
+Message: DFB674CA6E0FDC0CBE99
+Signature: \
+ 1e3e21aa3dcccddb8cf3e360631fc36956263951ff18fec553531252b4dbe753\
+ 6ed5fc62897d51500c38
+Test: Verify
+Comment: 1029-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 3357536531dec150be0ef8747f69ea30d987ff7df1
+SubgroupGenerator: \
+ 067dd80dbc6b41f58d08f077a9a3dcbfe12a62065fe6b4691c457f506b56dcab\
+ 0433b3aad6ef962501633d0f3947b491a1317e7e6b632f062c53104d609c9222\
+ b056f08a0c83662a70744331fd09b2b42fb0768e52da27e92732106fbd41ec73\
+ 7373fd080b56b543d808d49eeb6e1bb0a8619b1edee8fb8295dc042423f684af\
+ 8a
+Modulus: \
+ 1d0f176b6799b36724c92954c38d0288fa95400c2b14e064f76a6338fccaebca\
+ 8d978b93bb76507bc150a50f9fe799fffe12ae2875b13ac1084ffcfde9f62b86\
+ 185a72f04ff80538d6eac177edc98d61a517b1275bcf4b57aa262e1702d623bc\
+ 344db7e5621c949a9b12e9936e88fae9b200a1f8ad5b40ec8220aa301267f38d\
+ d7
+PrivateExponent: \
+ 2dcdc00a86ecc2a60ebfa6660a83af1d7c3e570b85
+PublicElement: \
+ 13834f0fa1f42abf7dbd264cb7d2eb5798da8972df67f517c62d7ae5070fd588\
+ d61db62e492f9654833e876ed5737df35069f5ee01a45de881d8f5e68ec52ad9\
+ ef32780e8c453a5f1e38cc17bc5cd061a3c122080f6e1b82d31877e8b08f634f\
+ 497bd90b06824eaa0416c64104ce5622c272673d0dedb836ac7d47e0cea06739\
+ 02
+Test: KeyPairValidAndConsistent
+Message: 1E34034C47FE533F8FF5
+Signature: \
+ 05c110848feacc9ac762ffa14943f9ce9a111777de0502d9f364ad9b2df4e1a8\
+ 17bc15a602579b3a6a25
+Test: Verify
+Message: 53D2CA23AF7DF95634F0
+Signature: \
+ 14009997efeb3fd246956e44b5b0e48581ac5f414613b41fe5842c85b031ab8a\
+ e68f66f8e1f1f9fc1d74
+Test: Verify
+Message: 0F056E08AE77B3B30F33
+Signature: \
+ 1beedf85b426d36a657f422ab9a9132986eaf415332816d33d70c726c3066158\
+ c6481fd00503ffb65518
+Test: Verify
+Message: F08C80E8FD38A3867B76
+Signature: \
+ 0a23b8d8f920cfb0dec93725e4972080445647c54227fb987dd9f80fab446c75\
+ 1c2594276168aa68f318
+Test: Verify
+Message: 6D392690B92B3E75020F
+Signature: \
+ 18668f59c6974dad551a89bec5cacf0bf8617e8f43052eb97d7a1b12411b27b7\
+ 4248b3d1f5070823e951
+Test: Verify
+Message: 10AE0E091A267641FACF
+Signature: \
+ 1b3d10f74fdaed3d4d61fedfa3f6ad3a37c0cf6687166a312d5b280724c3545d\
+ 225e1fe0639cfb1113d6
+Test: Verify
+Comment: 1030-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 27c7996c1d3729c4cf1de06529e5619771e27ad9eb
+SubgroupGenerator: \
+ 0d87a4b01385da7f43b6277933c5f0dc8072dcacd5252e1b29f588114a7ac56e\
+ 377050aa8174b5dda400f043234e4a746442792734dc80274a00a3676101be94\
+ 759fc2630b9a858966488b12611d03d0b31e7243e124497a754544cee1db10bb\
+ 0a81cf0b2a68045b76fe935f641c666fdc788a2b968c6668c669115756b961d9\
+ fe
+Modulus: \
+ 2a32d68d31248024053bf628a94404b9a49d91ade4d7a45b071e93292a7f8c26\
+ 61d9165f0ab85491d4b0dc67d335fa7d7dd172cb17193390a55eb000aa97e2b8\
+ ed3ee64b73aa43ea9b8979132c2d966ab03c42cc14782c96e4284ee1136b8515\
+ 007ed1b1a5708b5e8d81304fa651edc715918e2299cfe9016dfec5f454d907f5\
+ 9f
+PrivateExponent: \
+ 091155581ecb7a0a792ba95c772d9382298bfdfa6f
+PublicElement: \
+ 0d7d22c931422fc46505887559a51490c2e367cdb40242cdbaeb23024693fd5c\
+ 68f6a3307ca34b224457d5aa610b90eca3b39905481daaba7151318f09f974ad\
+ 664546d14c87f797e38139ee1e07adba9c775e07b7f7b3edba87d886920d6b2c\
+ ef5f084359566b0a3b8b940a65b9ad93fd7ccd1354cdcee3c43c6bd315180498\
+ ad
+Test: KeyPairValidAndConsistent
+Message: 23EEE1D0EA8950B8F322
+Signature: \
+ 18fe1a5f61c4946810e82a1e30fb6c87ce4ad9cebb1ae27eebfa8779fe292b2a\
+ 451be3506bb65519dfd0
+Test: Verify
+Message: 13FA6F2816FB83190A21
+Signature: \
+ 2161a5be85f7ffe806df00f4bd50915e4b0674e7591f1c0902153823f881bc7b\
+ 3f093d92bf86b74b5b3e
+Test: Verify
+Message: D071CCC0C6E4CAE82E5A
+Signature: \
+ 059158b2cf143f38eb8c51088dd79bf45990e596c8026fa3de5e668368b9d8d7\
+ fe9ffdbdecf66aaf02bb
+Test: Verify
+Message: 22CE83F4803BF3EA2C48
+Signature: \
+ 073b56d72a5b706455cfdcbf85b75ee45c40e96dd21a5460542ade665e51a85c\
+ 510315a50307c2bbdb2d
+Test: Verify
+Message: 7A927EC7BB9CA16C1B0A
+Signature: \
+ 254c7525aad9b4b3807b3900a963fbf42f9ff2144820ea69abe5ba2c80613510\
+ e1429ebc726fd0a87a4c
+Test: Verify
+Message: 9591B069993E10BC0B84
+Signature: \
+ 0ed4210e5e4f2f9546ea181c4a61d062a1158810071905b180dbf070b480f436\
+ 0b1f66065ecf111741cf
+Test: Verify
+Comment: 1031-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 26f86a81a6bb530c2f9b63e3690e95a0894575f445
+SubgroupGenerator: \
+ 1e24828adb4ebf2becdbdcadf6706631293ad6566803d12479f04a7bb20b6086\
+ fe81df164f8bd02c5f418c1140d143f11a71170b42d0753c952bfff951b9ca42\
+ 04868375efaa4afad50b75787e41c5ab9ce8adcbccecd3716f350bb8aaeca9b6\
+ 098bd0002d789e1f7db9c19d9045499877b93ecb4e7c64808b742063bbecf60e\
+ 29
+Modulus: \
+ 4d58515f7b41c4fc87e4fcefe5cf6d84b2d74a9d6f498ae9605fcbf1c5921742\
+ 2001a272ef91dbd09e7af5ee54126dd4fc44bb1ed624d0dd5dafb984d5278114\
+ 0bba40600cbd4752d2c32b43253efee57af6964c339570edb24195502e6d424b\
+ 84bed65ac98c6fc52ec90e40a525f1863a53f2fbe2a0a133342eff4337f26ceb\
+ 93
+PrivateExponent: \
+ 0e61a054ee6510734a80f67a54d8c4151c957ef16f
+PublicElement: \
+ 19b50f1eea45bfaa22352a38f3c3b86d6f670747ac2fd94359608e25f2bb9f60\
+ 2506bc357245deeb4c3c702d435c557da4f4a9fd37330a75547c91681fdbb51f\
+ 286adb498d1e489e89b2e6a4eb9ff30222c51fefbeac7435f629f536ac2d6b87\
+ 664d80e5c97398cf489a1d1ca217f7f21ea8e409f938378875cf5f528162e3bc\
+ 07
+Test: KeyPairValidAndConsistent
+Message: B4B3C8FBE82013228A21
+Signature: \
+ 0e1003dd216194ded89f7d10b35a266ca7587d8cfb06a1fe3dd43f07dea4a6d6\
+ acaa1477f2552c9b3114
+Test: Verify
+Message: 17D2D18302173E2CE992
+Signature: \
+ 027b40cd9a159257a57efae3a657399a3b6d8b06f707ba3a323abc383a93f919\
+ 1246c38c03b028be05df
+Test: Verify
+Message: 8032AE177D6DF38C7E27
+Signature: \
+ 1f5e3d759e3b832f5a6c57b055764ff5b8ad942dd819610ef94cfec296cd1b56\
+ 4fd0b18bfa08c3645db3
+Test: Verify
+Message: 768640A60A3C62E02428
+Signature: \
+ 0abe2dfabc81ab677d2cbd781ef9768325a5d6d15a22f41b32972bd67058e617\
+ e28c7e0dfbaae535d655
+Test: Verify
+Message: B0999CA45B77ED63639D
+Signature: \
+ 1525539cd207d5f6f915eb2731b6451e38e11e0a031d7e420e0bb95d6616d8ef\
+ 35d20eb43c111f8f9ca1
+Test: Verify
+Message: 587EDB968FA82C12C930
+Signature: \
+ 024ed20dc19a07e00158aa2fe9cb6353f0112b8fab0e6775667115e1c92e5eb4\
+ 29876c12ed48e996f4f7
+Test: Verify
+Comment: 1032-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 2e802b5369c3f1ddfa789bf8f2ad2e048ced3bf355
+SubgroupGenerator: \
+ a9aebee7d29f90b081afc4d496a6a78210e918bb57a8a21c5995586c0bf20f7a\
+ 56bb10a97e05a3a723e7db64612b12bb591b1fe7d2e46be8c96a7b2ce7c66076\
+ aeded938775ae2223900adaf52a93f52d62173c82d4b67388c85d4c1127e1edf\
+ 4643cf09f5375b60c19316c4f8f8fd7daea1d8b44a2d03e97c2741537f63d86b\
+ 4a
+Modulus: \
+ d551680a62ebf98f0ed8930cc5b12de86d0a0c29a0d7e5524c24672a25428833\
+ f4c19ac883ead22efcc0c6823f2e942c17adb7ab763ff2c7cc2698fa8b6448e5\
+ 14d4628b197721bdaec780e126ac80ac83f24fef5c154f7690ceba903748be52\
+ 12e3180ea718ca7a71a49dee939bf9bc5b7845c9648d074587ccd3724493b91f\
+ 09
+PrivateExponent: \
+ 0f66e04c5a75d3eac03d744e5432f23e3aea066a63
+PublicElement: \
+ 2640c188055329f0b44aaf80f82f7fc7f0e421031834dfbd1fb6d6af6ab3e1c1\
+ 73c901370a4ce2793c1b88d12f764c58ff064905da9c5001f679c7508972f237\
+ bccca56524787466a7c9c2d6bb6392963008ed1a3e4cf3b13e66086bce3a4ca0\
+ 4d8cabcf0cadb4c403c7d02a858460d04350e730289cb5adf200b5fdf1198168\
+ b5
+Test: KeyPairValidAndConsistent
+Message: 909068BEFFA43331FDC7
+Signature: \
+ 2d557d8fae420880640dd9f60a524db48980c80d8b0179dd3c1892f02e87c9f6\
+ a04a8aa731be05aaffef
+Test: Verify
+Message: AC8AFC7A1D9105539E10
+Signature: \
+ 0ae7f23328453fdb03c090c09ee69d787ee7dfaccd047445b1026a9a7cacdd1f\
+ 91455db7299538817894
+Test: Verify
+Message: 310E40311BB3F77F9483
+Signature: \
+ 28a8d8de06dc0011b044d19a163d350535d6ca91a023c9687557690ddf102d8c\
+ 7558246ced311f2fc444
+Test: Verify
+Message: 35455ABD53E6FB11ED9B
+Signature: \
+ 162156e476cba65e767b4db942bb35cdc6293cf4360f1801a215bb2c726c22af\
+ f3a711d3c6473f1eb985
+Test: Verify
+Message: 95FFA73B52F0D06A0C1E
+Signature: \
+ 29bf4f13e6aff528aa1b060c2baed865c442e0472422b4bd485aa5ba2a09ad0d\
+ 732637bb3ee520f6bc0b
+Test: Verify
+Message: 1E9934125DA6E9B4E975
+Signature: \
+ 1674975d0a97e799d113ff9cad06b7f70a33f5ca5f1916cee07b525270284fbb\
+ 1c0428666987ad7e2116
+Test: Verify
+Comment: 1536-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 232cf9bee9d56c8bd8252d1edb59d99c40cf32d07d9e5a4893
+SubgroupGenerator: \
+ f028143e3f9d1317aafb814215ffda9c584da8943e96212c90a082c3d2f335e8\
+ a6b64d1c890aa2224ebf158bec2b6fe6bad236417acd517a4907331e0be0dd0b\
+ 801218ac270acdd45579290be1b94bc418b8f82c651d82a19d2f0e1cbb0fbc0f\
+ 054d95150af96f9a7488010787a799c544883ff76a4e3092f2ca9aa9000cecb8\
+ 8dda343c972c8192a83820727b1945c1a270cf913ab932457e8e6e207d06cd0e\
+ fdf265b762b9fa15c9a14633af17204ba2b755ed1b3b421ac596a2a04e64be43
+Modulus: \
+ fada6e4becef964a85caf9e129639a5616ac000dbac59bd50b84bc8d46411407\
+ 9c34c5b58d7d40027faaf037c6a649c527cb002d3a716bdef62b6c94d7a47a8b\
+ 65c2ebac05da09e40cdc417024cccba267a98f4eb69701a276b4f117662b5666\
+ 05c36054e7f015d2e5f81331e5666ec17ebf71907788b40cbcea0f24aaffb029\
+ ef5c25c55ae998f28a2ddb091d262c32ad324f4e64c7b4b50a19e9d92f6d8024\
+ 188627cf5ce68674e7ec7da38fd6cf4ec29a6ce2f17e3188d8ef6b0e50d77d5b
+PrivateExponent: \
+ 1d4cedc87d55eea31bd702139b90be08d58692a1f97628a01b
+PublicElement: \
+ 819c8cedb9c014aa577e9046b90795accbebe81bef68b1b5c37c68cb357e1a5f\
+ f92761bc26cb0953956b6c0aec05acfc9d1a27c50789793b13d9eaf2361760c9\
+ 7a7d86e7d922f4809a5d2d01448e938190bbc24c150e03ef8305365ddbf5ca19\
+ 6857314e3b3023f8ddc9d209bd7dad1ee763e7003fd1b0c53057d2e9acadd23a\
+ a18f83d20143bc41a2dfa4a164c82621fc0f800052ec01bec7c99c66fe20ec57\
+ 67e6fbbe8810cd5aa75eff3d8a4cb53e1259ebcfebcc2fcf21ba7f3589cd525a
+Test: KeyPairValidAndConsistent
+Message: 9F6DC301DF53FE22CAC0
+Signature: \
+ 15b22111ffa1b733979cd9d8944b1291ce09468ccbd05040de0f83023c8fe083\
+ 734ec39a542011643e448b01429c4bae06d1
+Test: Verify
+Message: 2D7B5B9A27EAB468331E
+Signature: \
+ 029eea970a049ffcb4c6117c97d181bec7a27557ceb88d422b2212ca36238380\
+ 87cd52d2445f539c9c03705ba4b485f56e19
+Test: Verify
+Message: F552FCBBA04FFCCC5CB6
+Signature: \
+ 115de3cc15d9a066c00fed43f583f6a9c984d4b8f4c93c3d72094a4b04dda506\
+ 7d460c3d1ae33ba66ceaac676256c1e73001
+Test: Verify
+Message: 0D52B894153A4BB74068
+Signature: \
+ 0f6b8cc28e2068a3fe14d220177793daf3512ba6942e9d16ef1571fa34926c27\
+ edd1bfa94723a663425f5c2d01eaddaa972e
+Test: Verify
+Message: 294442E103CC0CBA32A6
+Signature: \
+ 0fbd8768a1b3025c0d0d309cc448320e086318772bb9485a5a0a2afa1eb2afb2\
+ d1818aa7b1c55b9dc424e654524278f0ddbc
+Test: Verify
+Message: E993D8FE1E6F6C3914ED
+Signature: \
+ 0559d66bad3a51520bbb85827a257ab09dfa33938127c69bf40f08339b2f2251\
+ c0e50b63d2a4d05225dea7f58f67de3071e9
+Test: Verify
+Comment: 2048-bit NR key
+KeyFormat: Component
+SubgroupOrder: \
+ 03f35f80fcd896f03eda9ff07f2e35295384c4f3b8f8c4821369ab5417
+SubgroupGenerator: \
+ 75c5d8c8f72302d92be3bf486b8648330ff86954de5e6e83efef624a277574c1\
+ 6757684d3874ee303fa08343fe82dae484e5dda6781280b434c4090044cc7ff9\
+ b6e962594d3ca069815c0f0b6bfd25215a419420d0ef8a1595c6eb1b44a719b4\
+ 0131081f75cc15cb09a5d5a029c8546230c30b4af2d4a9f4374c93a095c83b59\
+ 4b1774d635d4aee965f1d094469f7bbf8bdc93216a6b8a6c5753b48962335bf2\
+ 092aa583c897878c8a7ce61186b592b05d2aea710b673d5994cedb5f117fdb6b\
+ 8ad4d89f443c4eb662b428a34a7522c69794cc0274f3eba837e90da86acbc707\
+ 4ee3a0b029d970efa48b3d582b740ae0e585d175a5f63a385f8b6b8878b44e1a
+Modulus: \
+ 9a08865d2bc9e0cf03d2500b2a08402bb9dc953d5fcd73f04be61236efc0998a\
+ 8f012f00e52f7a6e91e81b88a4c9f985a2da523cbe7caff08cae44963d2035ed\
+ a72e1f31f82c8d64c86e686899d53c0200282f407ceb1507db480f1db223606a\
+ 57466cf60fe9fc5f7ea7d5fd82ed3ab2cf5e35491dfaef0aa2e10fbfa3cdfeb5\
+ ebf65e4dfc2837e1f6399db06cc2e0420c7b14a4c0d483b742ca58b31fec9f26\
+ a64e9bfcaa82334e644f4b954e2a9c7eeae096b8864ecd223ead3bcf9e8c1f68\
+ f6678faccdb7f26d8f33d8a5fb0cb156cc7daf4a96ec2b730c0d7f666d699f73\
+ 45a37ddc1ccdea6d8f439ddb23de04a941b246bc257b0aef544a8e868bc8444f
+PrivateExponent: \
+ 0212c34d3d17b96a899548ebf43bb886676acebd2f040f5b33a4e88d2d
+PublicElement: \
+ 267f9c3ff3ee3cbc0f9e94dc7e6837e1ff65175e967987b90b9aea7eef1de6e4\
+ c342bebb5dbd0c4e2f6514f2d487857a146dda6cfdbc8b56ed254cd65754d84d\
+ d21a271cd15fc656274725643728b41ce3f0e6872b6dfb4c289e03f9b903880c\
+ e3d7d745dfbb641c8c42ec0bfb6951ca2611fd877c32248c97252bdb42d7bd65\
+ ebc50653dff389526c546d1e6ebaf6bd8b3298c01935901b7efb288b78730d89\
+ fba7f46f2a642aee0dbc93aa29c190b201acf89d4f8ba28f3e3f54a1c5a48294\
+ dda908f904afb7db398682c809ce13abd49279221d5b40ad76216bad7ca256d7\
+ 18d3552344c481b20da5aac3e637fb7edeaf7960b532ef761376489f02fa8c10
+Test: KeyPairValidAndConsistent
+Message: 5F3914F7AE0F6C76D152
+Signature: \
+ 03d30b7eaaddcb384dce378f806e88d646419bbedbc2c0c5cae32f3c3b02e0e1\
+ a3c3ab04b31e2c25db713db539a65c9419a846aea88aaa707cb4
+Test: Verify
+Message: 769583D4E7EAD14C137A
+Signature: \
+ 01dc2815fd4918b8d3bd1743f5ab4546313b1fa8044b4737b2c485eeb0016bcc\
+ cc084be064b6a8934a28011167eebbc33513ce609aa206810aa1
+Test: Verify
+Message: 6441D5239F50C71DE0F5
+Signature: \
+ 013f6d395de56832f82ee813b574002c36e551aaeffbb28ddebb84da7f01ff6f\
+ 4c3d0f3519d548e2ec1a0b36f12ac1e4fedc83071bbbbce024a6
+Test: Verify
+Message: F1C2D4F7C3ECDF2C17B7
+Signature: \
+ 006441a8b3517613f9a8c2e7a89c492e7f49300d901ad01b92167c1fce02453d\
+ 52b69dc1fc6532e792ad6366eae7fb14de3ad3f6f3132b0519fc
+Test: Verify
+Message: 752A1F2B8D9A717A882F
+Signature: \
+ 0127027984402f5b8cc069decc1bd611f0bb59c6eee86da7d334e3f8b903c5f3\
+ 02c65aaf16a837963bf772931235f81e963e4d692699dfd4f7e1
+Test: Verify
+Message: 666DC6B1E871026EDE56
+Signature: \
+ 03e87b55a7e81318b7599da3fa8f18d46253b6546814fd1ae19318820100c297\
+ 4de2624da0d54ca27e7fe3477913a6df35bf925de3f3d9a06849
+Test: Verify
diff --git a/TestVectors/rsa_pss.txt b/TestVectors/rsa_pss.txt
new file mode 100644
index 0000000..1b5fc9c
--- /dev/null
+++ b/TestVectors/rsa_pss.txt
@@ -0,0 +1,2083 @@
+AlgorithmType: Signature
+Name: RSA/PSS-MGF1(SHA-1)
+Source: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/, PKCS #1 test vectors
+KeyFormat: Component
+Comment: Example 1: A 1024-bit RSA Key Pair
+Modulus: \
+a5 6e 4a 0e 70 10 17 58 9a 51 87 dc 7e a8 41 d1\
+56 f2 ec 0e 36 ad 52 a4 4d fe b1 e6 1f 7a d9 91\
+d8 c5 10 56 ff ed b1 62 b4 c0 f2 83 a1 2a 88 a3\
+94 df f5 26 ab 72 91 cb b3 07 ce ab fc e0 b1 df\
+d5 cd 95 08 09 6d 5b 2b 8b 6d f5 d6 71 ef 63 77\
+c0 92 1c b2 3c 27 0a 70 e2 59 8e 6f f8 9d 19 f1\
+05 ac c2 d3 f0 cb 35 f2 92 80 e1 38 6b 6f 64 c4\
+ef 22 e1 e1 f2 0d 0c e8 cf fb 22 49 bd 9a 21 37
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+33 a5 04 2a 90 b2 7d 4f 54 51 ca 9b bb d0 b4 47\
+71 a1 01 af 88 43 40 ae f9 88 5f 2a 4b be 92 e8\
+94 a7 24 ac 3c 56 8c 8f 97 85 3a d0 7c 02 66 c8\
+c6 a3 ca 09 29 f1 e8 f1 12 31 88 44 29 fc 4d 9a\
+e5 5f ee 89 6a 10 ce 70 7c 3e d7 e7 34 e4 47 27\
+a3 95 74 50 1a 53 26 83 10 9c 2a ba ca ba 28 3c\
+31 b4 bd 2f 53 c3 ee 37 e3 52 ce e3 4f 9e 50 3b\
+d8 0c 06 22 ad 79 c6 dc ee 88 35 47 c6 a3 b3 25
+Prime1: \
+e7 e8 94 27 20 a8 77 51 72 73 a3 56 05 3e a2 a1\
+bc 0c 94 aa 72 d5 5c 6e 86 29 6b 2d fc 96 79 48\
+c0 a7 2c bc cc a7 ea cb 35 70 6e 09 a1 df 55 a1\
+53 5b d9 b3 cc 34 16 0b 3b 6d cd 3e da 8e 64 43
+Prime2: \
+b6 9d ca 1c f7 d4 d7 ec 81 e7 5b 90 fc ca 87 4a\
+bc de 12 3f d2 70 01 80 aa 90 47 9b 6e 48 de 8d\
+67 ed 24 f9 f1 9d 85 ba 27 58 74 f5 42 cd 20 dc\
+72 3e 69 63 36 4a 1f 94 25 45 2b 26 9a 67 99 fd
+ModPrime1PrivateExponent: \
+28 fa 13 93 86 55 be 1f 8a 15 9c ba ca 5a 72 ea\
+19 0c 30 08 9e 19 cd 27 4a 55 6f 36 c4 f6 e1 9f\
+55 4b 34 c0 77 79 04 27 bb dd 8d d3 ed e2 44 83\
+28 f3 85 d8 1b 30 e8 e4 3b 2f ff a0 27 86 19 79
+ModPrime2PrivateExponent: \
+1a 8b 38 f3 98 fa 71 20 49 89 8d 7f b7 9e e0 a7\
+76 68 79 12 99 cd fa 09 ef c0 e5 07 ac b2 1e d7\
+43 01 ef 5b fd 48 be 45 5e ae b6 e1 67 82 55 82\
+75 80 a8 e4 e8 e1 41 51 d1 51 0a 82 a3 f2 e7 29
+MultiplicativeInverseOfPrime2ModPrime1: \
+27 15 6a ba 41 26 d2 4a 81 f3 a5 28 cb fb 27 f5\
+68 86 f8 40 a9 f6 e8 6e 17 a4 4b 94 fe 93 19 58\
+4b 8e 22 fd de 1e 5a 2e 3b d8 aa 5b a8 d8 58 41\
+94 eb 21 90 ac f8 32 b8 47 f1 3a 3d 24 a7 9f 4d
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 1.1
+Message: \
+cd c8 7d a2 23 d7 86 df 3b 45 e0 bb bc 72 13 26\
+d1 ee 2a f8 06 cc 31 54 75 cc 6f 0d 9c 66 e1 b6\
+23 71 d4 5c e2 39 2e 1a c9 28 44 c3 10 10 2f 15\
+6a 0d 8d 52 c1 f4 c4 0b a3 aa 65 09 57 86 cb 76\
+97 57 a6 56 3b a9 58 fe d0 bc c9 84 e8 b5 17 a3\
+d5 f5 15 b2 3b 8a 41 e7 4a a8 67 69 3f 90 df b0\
+61 a6 e8 6d fa ae e6 44 72 c0 0e 5f 20 94 57 29\
+cb eb e7 7f 06 ce 78 e0 8f 40 98 fb a4 1f 9d 61\
+93 c0 31 7e 8b 60 d4 b6 08 4a cb 42 d2 9e 38 08\
+a3 bc 37 2d 85 e3 31 17 0f cb f7 cc 72 d0 b7 1c\
+29 66 48 b3 a4 d1 0f 41 62 95 d0 80 7a a6 25 ca\
+b2 74 4f d9 ea 8f d2 23 c4 25 37 02 98 28 bd 16\
+be 02 54 6f 13 0f d2 e3 3b 93 6d 26 76 e0 8a ed\
+1b 73 31 8b 75 0a 01 67 d0
+Salt: \
+de e9 59 c7 e0 64 11 36 14 20 ff 80 18 5e d5 7f\
+3e 67 76 af
+Signature: \
+90 74 30 8f b5 98 e9 70 1b 22 94 38 8e 52 f9 71\
+fa ac 2b 60 a5 14 5a f1 85 df 52 87 b5 ed 28 87\
+e5 7c e7 fd 44 dc 86 34 e4 07 c8 e0 e4 36 0b c2\
+26 f3 ec 22 7f 9d 9e 54 63 8e 8d 31 f5 05 12 15\
+df 6e bb 9c 2f 95 79 aa 77 59 8a 38 f9 14 b5 b9\
+c1 bd 83 c4 e2 f9 f3 82 a0 d0 aa 35 42 ff ee 65\
+98 4a 60 1b c6 9e b2 8d eb 27 dc a1 2c 82 c2 d4\
+c3 f6 6c d5 00 f1 ff 2b 99 4d 8a 4e 30 cb b3 3c
+Test: Verify
+Comment: RSASSA-PSS Signature Example 1.2
+Message: \
+85 13 84 cd fe 81 9c 22 ed 6c 4c cb 30 da eb 5c\
+f0 59 bc 8e 11 66 b7 e3 53 0c 4c 23 3e 2b 5f 8f\
+71 a1 cc a5 82 d4 3e cc 72 b1 bc a1 6d fc 70 13\
+22 6b 9e
+Salt: \
+ef 28 69 fa 40 c3 46 cb 18 3d ab 3d 7b ff c9 8f\
+d5 6d f4 2d
+Signature: \
+3e f7 f4 6e 83 1b f9 2b 32 27 41 42 a5 85 ff ce\
+fb dc a7 b3 2a e9 0d 10 fb 0f 0c 72 99 84 f0 4e\
+f2 9a 9d f0 78 07 75 ce 43 73 9b 97 83 83 90 db\
+0a 55 05 e6 3d e9 27 02 8d 9d 29 b2 19 ca 2c 45\
+17 83 25 58 a5 5d 69 4a 6d 25 b9 da b6 60 03 c4\
+cc cd 90 78 02 19 3b e5 17 0d 26 14 7d 37 b9 35\
+90 24 1b e5 1c 25 05 5f 47 ef 62 75 2c fb e2 14\
+18 fa fe 98 c2 2c 4d 4d 47 72 4f db 56 69 e8 43
+Test: Verify
+Comment: RSASSA-PSS Signature Example 1.3
+Message: \
+a4 b1 59 94 17 61 c4 0c 6a 82 f2 b8 0d 1b 94 f5\
+aa 26 54 fd 17 e1 2d 58 88 64 67 9b 54 cd 04 ef\
+8b d0 30 12 be 8d c3 7f 4b 83 af 79 63 fa ff 0d\
+fa 22 54 77 43 7c 48 01 7f f2 be 81 91 cf 39 55\
+fc 07 35 6e ab 3f 32 2f 7f 62 0e 21 d2 54 e5 db\
+43 24 27 9f e0 67 e0 91 0e 2e 81 ca 2c ab 31 c7\
+45 e6 7a 54 05 8e b5 0d 99 3c db 9e d0 b4 d0 29\
+c0 6d 21 a9 4c a6 61 c3 ce 27 fa e1 d6 cb 20 f4\
+56 4d 66 ce 47 67 58 3d 0e 5f 06 02 15 b5 90 17\
+be 85 ea 84 89 39 12 7b d8 c9 c4 d4 7b 51 05 6c\
+03 1c f3 36 f1 7c 99 80 f3 b8 f5 b9 b6 87 8e 8b\
+79 7a a4 3b 88 26 84 33 3e 17 89 3f e9 ca a6 aa\
+29 9f 7e d1 a1 8e e2 c5 48 64 b7 b2 b9 9b 72 61\
+8f b0 25 74 d1 39 ef 50 f0 19 c9 ee f4 16 97 13\
+38 e7 d4 70
+Salt: \
+71 0b 9c 47 47 d8 00 d4 de 87 f1 2a fd ce 6d f1\
+81 07 cc 77
+Signature: \
+66 60 26 fb a7 1b d3 e7 cf 13 15 7c c2 c5 1a 8e\
+4a a6 84 af 97 78 f9 18 49 f3 43 35 d1 41 c0 01\
+54 c4 19 76 21 f9 62 4a 67 5b 5a bc 22 ee 7d 5b\
+aa ff aa e1 c9 ba ca 2c c3 73 b3 f3 3e 78 e6 14\
+3c 39 5a 91 aa 7f ac a6 64 eb 73 3a fd 14 d8 82\
+72 59 d9 9a 75 50 fa ca 50 1e f2 b0 4e 33 c2 3a\
+a5 1f 4b 9e 82 82 ef db 72 8c c0 ab 09 40 5a 91\
+60 7c 63 69 96 1b c8 27 0d 2d 4f 39 fc e6 12 b1
+Test: Verify
+Comment: RSASSA-PSS Signature Example 1.4
+Message: \
+bc 65 67 47 fa 9e af b3 f0
+Salt: \
+05 6f 00 98 5d e1 4d 8e f5 ce a9 e8 2f 8c 27 be\
+f7 20 33 5e
+Signature: \
+46 09 79 3b 23 e9 d0 93 62 dc 21 bb 47 da 0b 4f\
+3a 76 22 64 9a 47 d4 64 01 9b 9a ea fe 53 35 9c\
+17 8c 91 cd 58 ba 6b cb 78 be 03 46 a7 bc 63 7f\
+4b 87 3d 4b ab 38 ee 66 1f 19 96 34 c5 47 a1 ad\
+84 42 e0 3d a0 15 b1 36 e5 43 f7 ab 07 c0 c1 3e\
+42 25 b8 de 8c ce 25 d4 f6 eb 84 00 f8 1f 7e 18\
+33 b7 ee 6e 33 4d 37 09 64 ca 79 fd b8 72 b4 d7\
+52 23 b5 ee b0 81 01 59 1f b5 32 d1 55 a6 de 87
+Test: Verify
+Comment: RSASSA-PSS Signature Example 1.5
+Message: \
+b4 55 81 54 7e 54 27 77 0c 76 8e 8b 82 b7 55 64\
+e0 ea 4e 9c 32 59 4d 6b ff 70 65 44 de 0a 87 76\
+c7 a8 0b 45 76 55 0e ee 1b 2a ca bc 7e 8b 7d 3e\
+f7 bb 5b 03 e4 62 c1 10 47 ea dd 00 62 9a e5 75\
+48 0a c1 47 0f e0 46 f1 3a 2b f5 af 17 92 1d c4\
+b0 aa 8b 02 be e6 33 49 11 65 1d 7f 85 25 d1 0f\
+32 b5 1d 33 be 52 0d 3d df 5a 70 99 55 a3 df e7\
+82 83 b9 e0 ab 54 04 6d 15 0c 17 7f 03 7f dc cc\
+5b e4 ea 5f 68 b5 e5 a3 8c 9d 7e dc cc c4 97 5f\
+45 5a 69 09 b4
+Salt: \
+80 e7 0f f8 6a 08 de 3e c6 09 72 b3 9b 4f bf dc\
+ea 67 ae 8e
+Signature: \
+1d 2a ad 22 1c a4 d3 1d df 13 50 92 39 01 93 98\
+e3 d1 4b 32 dc 34 dc 5a f4 ae ae a3 c0 95 af 73\
+47 9c f0 a4 5e 56 29 63 5a 53 a0 18 37 76 15 b1\
+6c b9 b1 3b 3e 09 d6 71 eb 71 e3 87 b8 54 5c 59\
+60 da 5a 64 77 6e 76 8e 82 b2 c9 35 83 bf 10 4c\
+3f db 23 51 2b 7b 4e 89 f6 33 dd 00 63 a5 30 db\
+45 24 b0 1c 3f 38 4c 09 31 0e 31 5a 79 dc d3 d6\
+84 02 2a 7f 31 c8 65 a6 64 e3 16 97 8b 75 9f ad
+Test: Verify
+Comment: RSASSA-PSS Signature Example 1.6
+Message: \
+10 aa e9 a0 ab 0b 59 5d 08 41 20 7b 70 0d 48 d7\
+5f ae dd e3 b7 75 cd 6b 4c c8 8a e0 6e 46 94 ec\
+74 ba 18 f8 52 0d 4f 5e a6 9c bb e7 cc 2b eb a4\
+3e fd c1 02 15 ac 4e b3 2d c3 02 a1 f5 3d c6 c4\
+35 22 67 e7 93 6c fe bf 7c 8d 67 03 57 84 a3 90\
+9f a8 59 c7 b7 b5 9b 8e 39 c5 c2 34 9f 18 86 b7\
+05 a3 02 67 d4 02 f7 48 6a b4 f5 8c ad 5d 69 ad\
+b1 7a b8 cd 0c e1 ca f5 02 5a f4 ae 24 b1 fb 87\
+94 c6 07 0c c0 9a 51 e2 f9 91 13 11 e3 87 7d 00\
+44 c7 1c 57 a9 93 39 50 08 80 6b 72 3a c3 83 73\
+d3 95 48 18 18 52 8c 1e 70 53 73 92 82 05 35 29\
+51 0e 93 5c d0 fa 77 b8 fa 53 cc 2d 47 4b d4 fb\
+3c c5 c6 72 d6 ff dc 90 a0 0f 98 48 71 2c 4b cf\
+e4 6c 60 57 36 59 b1 1e 64 57 e8 61 f0 f6 04 b6\
+13 8d 14 4f 8c e4 e2 da 73
+Salt: \
+a8 ab 69 dd 80 1f 00 74 c2 a1 fc 60 64 98 36 c6\
+16 d9 96 81
+Signature: \
+2a 34 f6 12 5e 1f 6b 0b f9 71 e8 4f bd 41 c6 32\
+be 8f 2c 2a ce 7d e8 b6 92 6e 31 ff 93 e9 af 98\
+7f bc 06 e5 1e 9b e1 4f 51 98 f9 1f 3f 95 3b d6\
+7d a6 0a 9d f5 97 64 c3 dc 0f e0 8e 1c be f0 b7\
+5f 86 8d 10 ad 3f ba 74 9f ef 59 fb 6d ac 46 a0\
+d6 e5 04 36 93 31 58 6f 58 e4 62 8f 39 aa 27 89\
+82 54 3b c0 ee b5 37 dc 61 95 80 19 b3 94 fb 27\
+3f 21 58 58 a0 a0 1a c4 d6 50 b9 55 c6 7f 4c 58
+Test: Verify
+Comment: Example 2: A 1025-bit RSA Key Pair
+Modulus: \
+01 d4 0c 1b cf 97 a6 8a e7 cd bd 8a 7b f3 e3 4f\
+a1 9d cc a4 ef 75 a4 74 54 37 5f 94 51 4d 88 fe\
+d0 06 fb 82 9f 84 19 ff 87 d6 31 5d a6 8a 1f f3\
+a0 93 8e 9a bb 34 64 01 1c 30 3a d9 91 99 cf 0c\
+7c 7a 8b 47 7d ce 82 9e 88 44 f6 25 b1 15 e5 e9\
+c4 a5 9c f8 f8 11 3b 68 34 33 6a 2f d2 68 9b 47\
+2c bb 5e 5c ab e6 74 35 0c 59 b6 c1 7e 17 68 74\
+fb 42 f8 fc 3d 17 6a 01 7e dc 61 fd 32 6c 4b 33\
+c9
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+02 7d 14 7e 46 73 05 73 77 fd 1e a2 01 56 57 72\
+17 6a 7d c3 83 58 d3 76 04 56 85 a2 e7 87 c2 3c\
+15 57 6b c1 6b 9f 44 44 02 d6 bf c5 d9 8a 3e 88\
+ea 13 ef 67 c3 53 ec a0 c0 dd ba 92 55 bd 7b 8b\
+b5 0a 64 4a fd fd 1d d5 16 95 b2 52 d2 2e 73 18\
+d1 b6 68 7a 1c 10 ff 75 54 5f 3d b0 fe 60 2d 5f\
+2b 7f 29 4e 36 01 ea b7 b9 d1 ce cd 76 7f 64 69\
+2e 3e 53 6c a2 84 6c b0 c2 dd 48 6a 39 fa 75 b1
+Prime1: \
+01 66 01 e9 26 a0 f8 c9 e2 6e ca b7 69 ea 65 a5\
+e7 c5 2c c9 e0 80 ef 51 94 57 c6 44 da 68 91 c5\
+a1 04 d3 ea 79 55 92 9a 22 e7 c6 8a 7a f9 fc ad\
+77 7c 3c cc 2b 9e 3d 36 50 bc e4 04 39 9b 7e 59\
+d1
+Prime2: \
+01 4e af a1 d4 d0 18 4d a7 e3 1f 87 7d 12 81 dd\
+da 62 56 64 86 9e 83 79 e6 7a d3 b7 5e ae 74 a5\
+80 e9 82 7a bd 6e b7 a0 02 cb 54 11 f5 26 67 97\
+76 8f b8 e9 5a e4 0e 3e 8a 01 f3 5f f8 9e 56 c0\
+79
+ModPrime1PrivateExponent: \
+e2 47 cc e5 04 93 9b 8f 0a 36 09 0d e2 00 93 87\
+55 e2 44 4b 29 53 9a 7d a7 a9 02 f6 05 68 35 c0\
+db 7b 52 55 94 97 cf e2 c6 1a 80 86 d0 21 3c 47\
+2c 78 85 18 00 b1 71 f6 40 1d e2 e9 c2 75 6f 31
+ModPrime2PrivateExponent: \
+b1 2f ba 75 78 55 e5 86 e4 6f 64 c3 8a 70 c6 8b\
+3f 54 8d 93 d7 87 b3 99 99 9d 4c 8f 0b bd 25 81\
+c2 1e 19 ed 00 18 a6 d5 d3 df 86 42 4b 3a bc ad\
+40 19 9d 31 49 5b 61 30 9f 27 c1 bf 55 d4 87 c1
+MultiplicativeInverseOfPrime2ModPrime1: \
+56 4b 1e 1f a0 03 bd a9 1e 89 09 04 25 aa c0 5b\
+91 da 9e e2 50 61 e7 62 8d 5f 51 30 4a 84 99 2f\
+dc 33 76 2b d3 78 a5 9f 03 0a 33 4d 53 2b d0 da\
+e8 f2 98 ea 9e d8 44 63 6a d5 fb 8c bd c0 3c ad
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 2.1
+Message: \
+da ba 03 20 66 26 3f ae db 65 98 48 11 52 78 a5\
+2c 44 fa a3 a7 6f 37 51 5e d3 36 32 10 72 c4 0a\
+9d 9b 53 bc 05 01 40 78 ad f5 20 87 51 46 aa e7\
+0f f0 60 22 6d cb 7b 1f 1f c2 7e 93 60
+Salt: \
+57 bf 16 0b cb 02 bb 1d c7 28 0c f0 45 85 30 b7\
+d2 83 2f f7
+Signature: \
+01 4c 5b a5 33 83 28 cc c6 e7 a9 0b f1 c0 ab 3f\
+d6 06 ff 47 96 d3 c1 2e 4b 63 9e d9 13 6a 5f ec\
+6c 16 d8 88 4b dd 99 cf dc 52 14 56 b0 74 2b 73\
+68 68 cf 90 de 09 9a db 8d 5f fd 1d ef f3 9b a4\
+00 7a b7 46 ce fd b2 2d 7d f0 e2 25 f5 46 27 dc\
+65 46 61 31 72 1b 90 af 44 53 63 a8 35 8b 9f 60\
+76 42 f7 8f ab 0a b0 f4 3b 71 68 d6 4b ae 70 d8\
+82 78 48 d8 ef 1e 42 1c 57 54 dd f4 2c 25 89 b5\
+b3
+Test: Verify
+Comment: RSASSA-PSS Signature Example 2.2
+Message: \
+e4 f8 60 1a 8a 6d a1 be 34 44 7c 09 59 c0 58 57\
+0c 36 68 cf d5 1d d5 f9 cc d6 ad 44 11 fe 82 13\
+48 6d 78 a6 c4 9f 93 ef c2 ca 22 88 ce bc 2b 9b\
+60 bd 04 b1 e2 20 d8 6e 3d 48 48 d7 09 d0 32 d1\
+e8 c6 a0 70 c6 af 9a 49 9f cf 95 35 4b 14 ba 61\
+27 c7 39 de 1b b0 fd 16 43 1e 46 93 8a ec 0c f8\
+ad 9e b7 2e 83 2a 70 35 de 9b 78 07 bd c0 ed 8b\
+68 eb 0f 5a c2 21 6b e4 0c e9 20 c0 db 0e dd d3\
+86 0e d7 88 ef ac ca ca 50 2d 8f 2b d6 d1 a7 c1\
+f4 1f f4 6f 16 81 c8 f1 f8 18 e9 c4 f6 d9 1a 0c\
+78 03 cc c6 3d 76 a6 54 4d 84 3e 08 4e 36 3b 8a\
+cc 55 aa 53 17 33 ed b5 de e5 b5 19 6e 9f 03 e8\
+b7 31 b3 77 64 28 d9 e4 57 fe 3f bc b3 db 72 74\
+44 2d 78 58 90 e9 cb 08 54 b6 44 4d ac e7 91 d7\
+27 3d e1 88 97 19 33 8a 77 fe
+Salt: \
+7f 6d d3 59 e6 04 e6 08 70 e8 98 e4 7b 19 bf 2e\
+5a 7b 2a 90
+Signature: \
+01 09 91 65 6c ca 18 2b 7f 29 d2 db c0 07 e7 ae\
+0f ec 15 8e b6 75 9c b9 c4 5c 5f f8 7c 76 35 dd\
+46 d1 50 88 2f 4d e1 e9 ae 65 e7 f7 d9 01 8f 68\
+36 95 4a 47 c0 a8 1a 8a 6b 6f 83 f2 94 4d 60 81\
+b1 aa 7c 75 9b 25 4b 2c 34 b6 91 da 67 cc 02 26\
+e2 0b 2f 18 b4 22 12 76 1d cd 4b 90 8a 62 b3 71\
+b5 91 8c 57 42 af 4b 53 7e 29 69 17 67 4f b9 14\
+19 47 61 62 1c c1 9a 41 f6 fb 95 3f bc bb 64 9d\
+ea
+Test: Verify
+Comment: RSASSA-PSS Signature Example 2.3
+Message: \
+52 a1 d9 6c 8a c3 9e 41 e4 55 80 98 01 b9 27 a5\
+b4 45 c1 0d 90 2a 0d cd 38 50 d2 2a 66 d2 bb 07\
+03 e6 7d 58 67 11 45 95 aa bf 5a 7a eb 5a 8f 87\
+03 4b bb 30 e1 3c fd 48 17 a9 be 76 23 00 23 60\
+6d 02 86 a3 fa f8 a4 d2 2b 72 8e c5 18 07 9f 9e\
+64 52 6e 3a 0c c7 94 1a a3 38 c4 37 99 7c 68 0c\
+ca c6 7c 66 bf a1
+Salt: \
+fc a8 62 06 8b ce 22 46 72 4b 70 8a 05 19 da 17\
+e6 48 68 8c
+Signature: \
+00 7f 00 30 01 8f 53 cd c7 1f 23 d0 36 59 fd e5\
+4d 42 41 f7 58 a7 50 b4 2f 18 5f 87 57 85 20 c3\
+07 42 af d8 43 59 b6 e6 e8 d3 ed 95 9d c6 fe 48\
+6b ed c8 e2 cf 00 1f 63 a7 ab e1 62 56 a1 b8 4d\
+f0 d2 49 fc 05 d3 19 4c e5 f0 91 27 42 db bf 80\
+dd 17 4f 6c 51 f6 ba d7 f1 6c f3 36 4e ba 09 5a\
+06 26 7d c3 79 38 03 ac 75 26 ae be 0a 47 5d 38\
+b8 c2 24 7a b5 1c 48 98 df 70 47 dc 6a df 52 c6\
+c4
+Test: Verify
+Comment: RSASSA-PSS Signature Example 2.4
+Message: \
+a7 18 2c 83 ac 18 be 65 70 a1 06 aa 9d 5c 4e 3d\
+bb d4 af ae b0 c6 0c 4a 23 e1 96 9d 79 ff
+Salt: \
+80 70 ef 2d e9 45 c0 23 87 68 4b a0 d3 30 96 73\
+22 35 d4 40
+Signature: \
+00 9c d2 f4 ed be 23 e1 23 46 ae 8c 76 dd 9a d3\
+23 0a 62 07 61 41 f1 6c 15 2b a1 85 13 a4 8e f6\
+f0 10 e0 e3 7f d3 df 10 a1 ec 62 9a 0c b5 a3 b5\
+d2 89 30 07 29 8c 30 93 6a 95 90 3b 6b a8 55 55\
+d9 ec 36 73 a0 61 08 fd 62 a2 fd a5 6d 1c e2 e8\
+5c 4d b6 b2 4a 81 ca 3b 49 6c 36 d4 fd 06 eb 7c\
+91 66 d8 e9 48 77 c4 2b ea 62 2b 3b fe 92 51 fd\
+c2 1d 8d 53 71 ba da d7 8a 48 82 14 79 63 35 b4\
+0b
+Test: Verify
+Comment: RSASSA-PSS Signature Example 2.5
+Message: \
+86 a8 3d 4a 72 ee 93 2a 4f 56 30 af 65 79 a3 86\
+b7 8f e8 89 99 e0 ab d2 d4 90 34 a4 bf c8 54 dd\
+94 f1 09 4e 2e 8c d7 a1 79 d1 95 88 e4 ae fc 1b\
+1b d2 5e 95 e3 dd 46 1f
+Salt: \
+17 63 9a 4e 88 d7 22 c4 fc a2 4d 07 9a 8b 29 c3\
+24 33 b0 c9
+Signature: \
+00 ec 43 08 24 93 1e bd 3b aa 43 03 4d ae 98 ba\
+64 6b 8c 36 01 3d 16 71 c3 cf 1c f8 26 0c 37 4b\
+19 f8 e1 cc 8d 96 50 12 40 5e 7e 9b f7 37 86 12\
+df cc 85 fc e1 2c da 11 f9 50 bd 0b a8 87 67 40\
+43 6c 1d 25 95 a6 4a 1b 32 ef cf b7 4a 21 c8 73\
+b3 cc 33 aa f4 e3 dc 39 53 de 67 f0 67 4c 04 53\
+b4 fd 9f 60 44 06 d4 41 b8 16 09 8c b1 06 fe 34\
+72 bc 25 1f 81 5f 59 db 2e 43 78 a3 ad dc 18 1e\
+cf
+Test: Verify
+Comment: RSASSA-PSS Signature Example 2.6
+Message: \
+04 9f 91 54 d8 71 ac 4a 7c 7a b4 53 25 ba 75 45\
+a1 ed 08 f7 05 25 b2 66 7c f1
+Salt: \
+37 81 0d ef 10 55 ed 92 2b 06 3d f7 98 de 5d 0a\
+ab f8 86 ee
+Signature: \
+00 47 5b 16 48 f8 14 a8 dc 0a bd c3 7b 55 27 f5\
+43 b6 66 bb 6e 39 d3 0e 5b 49 d3 b8 76 dc cc 58\
+ea c1 4e 32 a2 d5 5c 26 16 01 44 56 ad 2f 24 6f\
+c8 e3 d5 60 da 3d df 37 9a 1c 0b d2 00 f1 02 21\
+df 07 8c 21 9a 15 1b c8 d4 ec 9d 2f c2 56 44 67\
+81 10 14 ef 15 d8 ea 01 c2 eb bf f8 c2 c8 ef ab\
+38 09 6e 55 fc be 32 85 c7 aa 55 88 51 25 4f af\
+fa 92 c1 c7 2b 78 75 86 63 ef 45 82 84 31 39 d7\
+a6
+Test: Verify
+Comment: Example 3: A 1026-bit RSA Key Pair
+Modulus: \
+02 f2 46 ef 45 1e d3 ee bb 9a 31 02 00 cc 25 85\
+9c 04 8e 4b e7 98 30 29 91 11 2e b6 8c e6 db 67\
+4e 28 0d a2 1f ed ed 1a e7 48 80 ca 52 2b 18 db\
+24 93 85 01 28 27 c5 15 f0 e4 66 a1 ff a6 91 d9\
+81 70 57 4e 9d 0e ad b0 87 58 6c a4 89 33 da 3c\
+c9 53 d9 5b d0 ed 50 de 10 dd cb 67 36 10 7d 6c\
+83 1c 7f 66 3e 83 3c a4 c0 97 e7 00 ce 0f b9 45\
+f8 8f b8 5f e8 e5 a7 73 17 25 65 b9 14 a4 71 a4\
+43
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+65 14 51 73 3b 56 de 5a c0 a6 89 a4 ae b6 e6 89\
+4a 69 01 4e 07 6c 88 dd 7a 66 7e ab 32 32 bb cc\
+d2 fc 44 ba 2f a9 c3 1d b4 6f 21 ed d1 fd b2 3c\
+5c 12 8a 5d a5 ba b9 1e 7f 95 2b 67 75 9c 7c ff\
+70 54 15 ac 9f a0 90 7c 7c a6 17 8f 66 8f b9 48\
+d8 69 da 4c c3 b7 35 6f 40 08 df d5 44 9d 32 ee\
+02 d9 a4 77 eb 69 fc 29 26 6e 5d 90 70 51 23 75\
+a5 0f bb cc 27 e2 38 ad 98 42 5f 6e bb f8 89 91
+Prime1: \
+01 bd 36 e1 8e ce 4b 0f db 2e 9c 9d 54 8b d1 a7\
+d6 e2 c2 1c 6f dc 35 07 4a 1d 05 b1 c6 c8 b3 d5\
+58 ea 26 39 c9 a9 a4 21 68 01 69 31 72 52 55 8b\
+d1 48 ad 21 5a ac 55 0e 2d cf 12 a8 2d 0e bf e8\
+53
+Prime2: \
+01 b1 b6 56 ad 86 d8 e1 9d 5d c8 62 92 b3 a1 92\
+fd f6 e0 dd 37 87 7b ad 14 82 2f a0 01 90 ca b2\
+65 f9 0d 3f 02 05 7b 6f 54 d6 ec b1 44 91 e5 ad\
+ea ce bc 48 bf 0e bd 2a 2a d2 6d 40 2e 54 f6 16\
+51
+ModPrime1PrivateExponent: \
+1f 27 79 fd 2e 3e 5e 6b ae 05 53 95 18 fb a0 cd\
+0e ad 1a a4 51 3a 7c ba 18 f1 cf 10 e3 f6 81 95\
+69 3d 27 8a 0f 0e e7 2f 89 f9 bc 76 0d 80 e2 f9\
+d0 26 1d 51 65 01 c6 ae 39 f1 4a 47 6c e2 cc f5
+ModPrime2PrivateExponent: \
+01 1a 0d 36 79 4b 04 a8 54 aa b4 b2 46 2d 43 9a\
+50 46 c9 1d 94 0b 2b c6 f7 5b 62 95 6f ef 35 a2\
+a6 e6 3c 53 09 81 7f 30 7b bf f9 d5 9e 7e 33 1b\
+d3 63 f6 d6 68 49 b1 83 46 ad ea 16 9f 0a e9 ae\
+c1
+MultiplicativeInverseOfPrime2ModPrime1: \
+0b 30 f0 ec f5 58 75 2f b3 a6 ce 4b a2 b8 c6 75\
+f6 59 eb a6 c3 76 58 5a 1b 39 71 2d 03 8a e3 d2\
+b4 6f cb 41 8a e1 5d 09 05 da 64 40 e1 51 3a 30\
+b9 b7 d6 66 8f bc 5e 88 e5 ab 7a 17 5e 73 ba 35
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 3.1
+Message: \
+59 4b 37 33 3b bb 2c 84 52 4a 87 c1 a0 1f 75 fc\
+ec 0e 32 56 f1 08 e3 8d ca 36 d7 0d 00 57
+Salt: \
+f3 1a d6 c8 cf 89 df 78 ed 77 fe ac bc c2 f8 b0\
+a8 e4 cf aa
+Signature: \
+00 88 b1 35 fb 17 94 b6 b9 6c 4a 3e 67 81 97 f8\
+ca c5 2b 64 b2 fe 90 7d 6f 27 de 76 11 24 96 4a\
+99 a0 1a 88 27 40 ec fa ed 6c 01 a4 74 64 bb 05\
+18 23 13 c0 13 38 a8 cd 09 72 14 cd 68 ca 10 3b\
+d5 7d 3b c9 e8 16 21 3e 61 d7 84 f1 82 46 7a bf\
+8a 01 cf 25 3e 99 a1 56 ea a8 e3 e1 f9 0e 3c 6e\
+4e 3a a2 d8 3e d0 34 5b 89 fa fc 9c 26 07 7c 14\
+b6 ac 51 45 4f a2 6e 44 6e 3a 2f 15 3b 2b 16 79\
+7f
+Test: Verify
+Comment: RSASSA-PSS Signature Example 3.2
+Message: \
+8b 76 95 28 88 4a 0d 1f fd 09 0c f1 02 99 3e 79\
+6d ad cf bd dd 38 e4 4f f6 32 4c a4 51
+Salt: \
+fc f9 f0 e1 f1 99 a3 d1 d0 da 68 1c 5b 86 06 fc\
+64 29 39 f7
+Signature: \
+02 a5 f0 a8 58 a0 86 4a 4f 65 01 7a 7d 69 45 4f\
+3f 97 3a 29 99 83 9b 7b bc 48 bf 78 64 11 69 17\
+95 56 f5 95 fa 41 f6 ff 18 e2 86 c2 78 30 79 bc\
+09 10 ee 9c c3 4f 49 ba 68 11 24 f9 23 df a8 8f\
+42 61 41 a3 68 a5 f5 a9 30 c6 28 c2 c3 c2 00 e1\
+8a 76 44 72 1a 0c be c6 dd 3f 62 79 bd e3 e8 f2\
+be 5e 2d 4e e5 6f 97 e7 ce af 33 05 4b e7 04 2b\
+d9 1a 63 bb 09 f8 97 bd 41 e8 11 97 de e9 9b 11\
+af
+Test: Verify
+Comment: RSASSA-PSS Signature Example 3.3
+Message: \
+1a bd ba 48 9c 5a da 2f 99 5e d1 6f 19 d5 a9 4d\
+9e 6e c3 4a 8d 84 f8 45 57 d2 6e 5e f9 b0 2b 22\
+88 7e 3f 9a 4b 69 0a d1 14 92 09 c2 0c 61 43 1f\
+0c 01 7c 36 c2 65 7b 35 d7 b0 7d 3f 5a d8 70 85\
+07 a9 c1 b8 31 df 83 5a 56 f8 31 07 18 14 ea 5d\
+3d 8d 8f 6a de 40 cb a3 8b 42 db 7a 2d 3d 7a 29\
+c8 f0 a7 9a 78 38 cf 58 a9 75 7f a2 fe 4c 40 df\
+9b aa 19 3b fc 6f 92 b1 23 ad 57 b0 7a ce 3e 6a\
+c0 68 c9 f1 06 af d9 ee b0 3b 4f 37 c2 5d bf bc\
+fb 30 71 f6 f9 77 17 66 d0 72 f3 bb 07 0a f6 60\
+55 32 97 3a e2 50 51
+Salt: \
+98 6e 7c 43 db b6 71 bd 41 b9 a7 f4 b6 af c8 0e\
+80 5f 24 23
+Signature: \
+02 44 bc d1 c8 c1 69 55 73 6c 80 3b e4 01 27 2e\
+18 cb 99 08 11 b1 4f 72 db 96 41 24 d5 fa 76 06\
+49 cb b5 7a fb 87 55 db b6 2b f5 1f 46 6c f2 3a\
+0a 16 07 57 6e 98 3d 77 8f ce ff a9 2d f7 54 8a\
+ea 8e a4 ec ad 2c 29 dd 9f 95 bc 07 fe 91 ec f8\
+be e2 55 bf e8 76 2f d7 69 0a a9 bf a4 fa 08 49\
+ef 72 8c 2c 42 c4 53 23 64 52 2d f2 ab 7f 9f 8a\
+03 b6 3f 7a 49 91 75 82 86 68 f5 ef 5a 29 e3 80\
+2c
+Test: Verify
+Comment: RSASSA-PSS Signature Example 3.4
+Message: \
+8f b4 31 f5 ee 79 2b 6c 2a c7 db 53 cc 42 86 55\
+ae b3 2d 03 f4 e8 89 c5 c2 5d e6 83 c4 61 b5 3a\
+cf 89 f9 f8 d3 aa bd f6 b9 f0 c2 a1 de 12 e1 5b\
+49 ed b3 91 9a 65 2f e9 49 1c 25 a7 fc e1 f7 22\
+c2 54 36 08 b6 9d c3 75 ec
+Salt: \
+f8 31 2d 9c 8e ea 13 ec 0a 4c 7b 98 12 0c 87 50\
+90 87 c4 78
+Signature: \
+01 96 f1 2a 00 5b 98 12 9c 8d f1 3c 4c b1 6f 8a\
+a8 87 d3 c4 0d 96 df 3a 88 e7 53 2e f3 9c d9 92\
+f2 73 ab c3 70 bc 1b e6 f0 97 cf eb bf 01 18 fd\
+9e f4 b9 27 15 5f 3d f2 2b 90 4d 90 70 2d 1f 7b\
+a7 a5 2b ed 8b 89 42 f4 12 cd 7b d6 76 c9 d1 8e\
+17 03 91 dc d3 45 c0 6a 73 09 64 b3 f3 0b cc e0\
+bb 20 ba 10 6f 9a b0 ee b3 9c f8 a6 60 7f 75 c0\
+34 7f 0a f7 9f 16 af a0 81 d2 c9 2d 1e e6 f8 36\
+b8
+Test: Verify
+Comment: RSASSA-PSS Signature Example 3.5
+Message: \
+fe f4 16 1d fa af 9c 52 95 05 1d fc 1f f3 81 0c\
+8c 9e c2 e8 66 f7 07 54 22 c8 ec 42 16 a9 c4 ff\
+49 42 7d 48 3c ae 10 c8 53 4a 41 b2 fd 15 fe e0\
+69 60 ec 6f b3 f7 a7 e9 4a 2f 8a 2e 3e 43 dc 4a\
+40 57 6c 30 97 ac 95 3b 1d e8 6f 0b 4e d3 6d 64\
+4f 23 ae 14 42 55 29 62 24 64 ca 0c bf 0b 17 41\
+34 72 38 15 7f ab 59 e4 de 55 24 09 6d 62 ba ec\
+63 ac 64
+Salt: \
+50 32 7e fe c6 29 2f 98 01 9f c6 7a 2a 66 38 56\
+3e 9b 6e 2d
+Signature: \
+02 1e ca 3a b4 89 22 64 ec 22 41 1a 75 2d 92 22\
+10 76 d4 e0 1c 0e 6f 0d de 9a fd 26 ba 5a cf 6d\
+73 9e f9 87 54 5d 16 68 3e 56 74 c9 e7 0f 1d e6\
+49 d7 e6 1d 48 d0 ca eb 4f b4 d8 b2 4f ba 84 a6\
+e3 10 8f ee 7d 07 05 97 32 66 ac 52 4b 4a d2 80\
+f7 ae 17 dc 59 d9 6d 33 51 58 6b 5a 3b db 89 5d\
+1e 1f 78 20 ac 61 35 d8 75 34 80 99 83 82 ba 32\
+b7 34 95 59 60 8c 38 74 52 90 a8 5e f4 e9 f9 bd\
+83
+Test: Verify
+Comment: RSASSA-PSS Signature Example 3.6
+Message: \
+ef d2 37 bb 09 8a 44 3a ee b2 bf 6c 3f 8c 81 b8\
+c0 1b 7f cb 3f eb
+Salt: \
+b0 de 3f c2 5b 65 f5 af 96 b1 d5 cc 3b 27 d0 c6\
+05 30 87 b3
+Signature: \
+01 2f af ec 86 2f 56 e9 e9 2f 60 ab 0c 77 82 4f\
+42 99 a0 ca 73 4e d2 6e 06 44 d5 d2 22 c7 f0 bd\
+e0 39 64 f8 e7 0a 5c b6 5e d4 4e 44 d5 6a e0 ed\
+f1 ff 86 ca 03 2c c5 dd 44 04 db b7 6a b8 54 58\
+6c 44 ee d8 33 6d 08 d4 57 ce 6c 03 69 3b 45 c0\
+f1 ef ef 93 62 4b 95 b8 ec 16 9c 61 6d 20 e5 53\
+8e bc 0b 67 37 a6 f8 2b 4b c0 57 09 24 fc 6b 35\
+75 9a 33 48 42 62 79 f8 b3 d7 74 4e 2d 22 24 26\
+ce
+Test: Verify
+Comment: Example 4: A 1027-bit RSA Key Pair
+Modulus: \
+05 4a db 78 86 44 7e fe 6f 57 e0 36 8f 06 cf 52\
+b0 a3 37 07 60 d1 61 ce f1 26 b9 1b e7 f8 9c 42\
+1b 62 a6 ec 1d a3 c3 11 d7 5e d5 0e 0a b5 ff f3\
+fd 33 8a cc 3a a8 a4 e7 7e e2 63 69 ac b8 1b a9\
+00 fa 83 f5 30 0c f9 bb 6c 53 ad 1d c8 a1 78 b8\
+15 db 42 35 a9 a9 da 0c 06 de 4e 61 5e a1 27 7c\
+e5 59 e9 c1 08 de 58 c1 4a 81 aa 77 f5 a6 f8 d1\
+33 54 94 49 88 48 c8 b9 59 40 74 0b e7 bf 7c 37\
+05
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+fa 04 1f 8c d9 69 7c ee d3 8e c8 ca a2 75 52 3b\
+4d d7 2b 09 a3 01 d3 54 1d 72 f5 d3 1c 05 cb ce\
+2d 69 83 b3 61 83 af 10 69 0b d4 6c 46 13 1e 35\
+78 94 31 a5 56 77 1d d0 04 9b 57 46 1b f0 60 c1\
+f6 84 72 e8 a6 7c 25 f3 57 e5 b6 b4 73 8f a5 41\
+a7 30 34 6b 4a 07 64 9a 2d fa 80 6a 69 c9 75 b6\
+ab a6 46 78 ac c7 f5 91 3e 89 c6 22 f2 d8 ab b1\
+e3 e3 25 54 e3 9d f9 4b a6 0c 00 2e 38 7d 90 11
+Prime1: \
+02 92 32 33 6d 28 38 94 5d ba 9d d7 72 3f 4e 62\
+4a 05 f7 37 5b 92 7a 87 ab e6 a8 93 a1 65 8f d4\
+9f 47 f6 c7 b0 fa 59 6c 65 fa 68 a2 3f 0a b4 32\
+96 2d 18 d4 34 3b d6 fd 67 1a 5e a8 d1 48 41 39\
+95
+Prime2: \
+02 0e f5 ef e7 c5 39 4a ed 22 72 f7 e8 1a 74 f4\
+c0 2d 14 58 94 cb 1b 3c ab 23 a9 a0 71 0a 2a fc\
+7e 33 29 ac bb 74 3d 01 f6 80 c4 d0 2a fb 4c 8f\
+de 7e 20 93 08 11 bb 2b 99 57 88 b5 e8 72 c2 0b\
+b1
+ModPrime1PrivateExponent: \
+02 6e 7e 28 01 0e cf 24 12 d9 52 3a d7 04 64 7f\
+b4 fe 9b 66 b1 a6 81 58 1b 0e 15 55 3a 89 b1 54\
+28 28 89 8f 27 24 3e ba b4 5f f5 e1 ac b9 d4 df\
+1b 05 1f bc 62 82 4d bc 6f 6c 93 26 1a 78 b9 a7\
+59
+ModPrime2PrivateExponent: \
+01 2d dc c8 6e f6 55 99 8c 39 dd ae 11 71 86 69\
+e5 e4 6c f1 49 5b 07 e1 3b 10 14 cd 69 b3 af 68\
+30 4a d2 a6 b6 43 21 e7 8b f3 bb ca 9b b4 94 e9\
+1d 45 17 17 e2 d9 75 64 c6 54 94 65 d0 20 5c f4\
+21
+MultiplicativeInverseOfPrime2ModPrime1: \
+01 06 00 c4 c2 18 47 45 9f e5 76 70 3e 2e be ca\
+e8 a5 09 4e e6 3f 53 6b f4 ac 68 d3 c1 3e 5e 4f\
+12 ac 5c c1 0a b6 a2 d0 5a 19 92 14 d1 82 47 47\
+d5 51 90 96 36 b7 74 c2 2c ac 0b 83 75 99 ab cc\
+75
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 4.1
+Message: \
+9f b0 3b 82 7c 82 17 d9
+Salt: \
+ed 7c 98 c9 5f 30 97 4f be 4f bd dc f0 f2 8d 60\
+21 c0 e9 1d
+Signature: \
+03 23 d5 b7 bf 20 ba 45 39 28 9a e4 52 ae 42 97\
+08 0f ef f4 51 84 23 ff 48 11 a8 17 83 7e 7d 82\
+f1 83 6c df ab 54 51 4f f0 88 7b dd ee bf 40 bf\
+99 b0 47 ab c3 ec fa 6a 37 a3 ef 00 f4 a0 c4 a8\
+8a ae 09 04 b7 45 c8 46 c4 10 7e 87 97 72 3e 8a\
+c8 10 d9 e3 d9 5d fa 30 ff 49 66 f4 d7 5d 13 76\
+8d 20 85 7f 2b 14 06 f2 64 cf e7 5e 27 d7 65 2f\
+4b 5e d3 57 5f 28 a7 02 f8 c4 ed 9c f9 b2 d4 49\
+48
+Test: Verify
+Comment: RSASSA-PSS Signature Example 4.2
+Message: \
+0c a2 ad 77 79 7e ce 86 de 5b f7 68 75 0d db 5e\
+d6 a3 11 6a d9 9b bd 17 ed f7 f7 82 f0 db 1c d0\
+5b 0f 67 74 68 c5 ea 42 0d c1 16 b1 0e 80 d1 10\
+de 2b 04 61 ea 14 a3 8b e6 86 20 39 2e 7e 89 3c\
+b4 ea 93 93 fb 88 6c 20 ff 79 06 42 30 5b f3 02\
+00 38 92 e5 4d f9 f6 67 50 9d c5 39 20 df 58 3f\
+50 a3 dd 61 ab b6 fa b7 5d 60 03 77 e3 83 e6 ac\
+a6 71 0e ee a2 71 56 e0 67 52 c9 4c e2 5a e9 9f\
+cb f8 59 2d be 2d 7e 27 45 3c b4 4d e0 71 00 eb\
+b1 a2 a1 98 11 a4 78 ad be ab 27 0f 94 e8 fe 36\
+9d 90 b3 ca 61 2f 9f
+Salt: \
+22 d7 1d 54 36 3a 42 17 aa 55 11 3f 05 9b 33 84\
+e3 e5 7e 44
+Signature: \
+04 9d 01 85 84 5a 26 4d 28 fe b1 e6 9e da ec 09\
+06 09 e8 e4 6d 93 ab b3 83 71 ce 51 f4 aa 65 a5\
+99 bd aa a8 1d 24 fb a6 6a 08 a1 16 cb 64 4f 3f\
+1e 65 3d 95 c8 9d b8 bb d5 da ac 27 09 c8 98 40\
+00 17 84 10 a7 c6 aa 86 67 dd c3 8c 74 1f 71 0e\
+c8 66 5a a9 05 2b e9 29 d4 e3 b1 67 82 c1 66 21\
+14 c5 41 4b b0 35 34 55 c3 92 fc 28 f3 db 59 05\
+4b 5f 36 5c 49 e1 d1 56 f8 76 ee 10 cb 4f d7 05\
+98
+Test: Verify
+Comment: RSASSA-PSS Signature Example 4.3
+Message: \
+28 80 62 af c0 8f cd b7 c5 f8 65 0b 29 83 73 00\
+46 1d d5 67 6c 17 a2 0a 3c 8f b5 14 89 49 e3 f7\
+3d 66 b3 ae 82 c7 24 0e 27 c5 b3 ec 43 28 ee 7d\
+6d df 6a 6a 0c 9b 5b 15 bc da 19 6a 9d 0c 76 b1\
+19 d5 34 d8 5a bd 12 39 62 d5 83 b7 6c e9 d1 80\
+bc e1 ca
+Salt: \
+4a f8 70 fb c6 51 60 12 ca 91 6c 70 ba 86 2a c7\
+e8 24 36 17
+Signature: \
+03 fb c4 10 a2 ce d5 95 00 fb 99 f9 e2 af 27 81\
+ad a7 4e 13 14 56 24 60 27 82 e2 99 48 13 ee fc\
+a0 51 9e cd 25 3b 85 5f b6 26 a9 0d 77 1e ae 02\
+8b 0c 47 a1 99 cb d9 f8 e3 26 97 34 af 41 63 59\
+90 90 71 3a 3f a9 10 fa 09 60 65 27 21 43 2b 97\
+10 36 a7 18 1a 2b c0 ca b4 3b 0b 59 8b c6 21 74\
+61 d7 db 30 5f f7 e9 54 c5 b5 bb 23 1c 39 e7 91\
+af 6b cf a7 6b 14 7b 08 13 21 f7 26 41 48 2a 2a\
+ad
+Test: Verify
+Comment: RSASSA-PSS Signature Example 4.4
+Message: \
+6f 4f 9a b9 50 11 99 ce f5 5c 6c f4 08 fe 7b 36\
+c5 57 c4 9d 42 0a 47 63 d2 46 3c 8a d4 4b 3c fc\
+5b e2 74 2c 0e 7d 9b 0f 66 08 f0 8c 7f 47 b6 93\
+ee
+Salt: \
+40 d2 e1 80 fa e1 ea c4 39 c1 90 b5 6c 2c 0e 14\
+dd f9 a2 26
+Signature: \
+04 86 64 4b c6 6b f7 5d 28 33 5a 61 79 b1 08 51\
+f4 3f 09 bd ed 9f ac 1a f3 32 52 bb 99 53 ba 42\
+98 cd 64 66 b2 75 39 a7 0a da a3 f8 9b 3d b3 c7\
+4a b6 35 d1 22 f4 ee 7c e5 57 a6 1e 59 b8 2f fb\
+78 66 30 e5 f9 db 53 c7 7d 9a 0c 12 fa b5 95 8d\
+4c 2c e7 da a8 07 cd 89 ba 2c c7 fc d0 2f f4 70\
+ca 67 b2 29 fc ce 81 4c 85 2c 73 cc 93 be a3 5b\
+e6 84 59 ce 47 8e 9d 46 55 d1 21 c8 47 2f 37 1d\
+4f
+Test: Verify
+Comment: RSASSA-PSS Signature Example 4.5
+Message: \
+e1 7d 20 38 5d 50 19 55 82 3c 3f 66 62 54 c1 d3\
+dd 36 ad 51 68 b8 f1 8d 28 6f dc f6 7a 7d ad 94\
+09 70 85 fa b7 ed 86 fe 21 42 a2 87 71 71 79 97\
+ef 1a 7a 08 88 4e fc 39 35 6d 76 07 7a af 82 45\
+9a 7f ad 45 84 88 75 f2 81 9b 09 89 37 fe 92 3b\
+cc 9d c4 42 d7 2d 75 4d 81 20 25 09 0c 9b c0 3d\
+b3 08 0c 13 8d d6 3b 35 5d 0b 4b 85 d6 68 8a c1\
+9f 4d e1 50 84 a0 ba 4e 37 3b 93 ef 4a 55 50 96\
+69 19 15 dc 23 c0 0e 95 4c de b2 0a 47 cd 55 d1\
+6c 3d 86 81 d4 6e d7 f2 ed 5e a4 27 95 be 17 ba\
+ed 25 f0 f4 d1 13 b3 63 6a dd d5 85 f1 6a 8b 5a\
+ec 0c 8f a9 c5 f0 3c bf 3b 9b 73
+Salt: \
+24 97 dc 2b 46 15 df ae 5a 66 3d 49 ff d5 6b f7\
+ef c1 13 04
+Signature: \
+02 2a 80 04 53 53 90 4c b3 0c bb 54 2d 7d 49 90\
+42 1a 6e ec 16 a8 02 9a 84 22 ad fd 22 d6 af f8\
+c4 cc 02 94 af 11 0a 0c 06 7e c8 6a 7d 36 41 34\
+45 9b b1 ae 8f f8 36 d5 a8 a2 57 98 40 99 6b 32\
+0b 19 f1 3a 13 fa d3 78 d9 31 a6 56 25 da e2 73\
+9f 0c 53 67 0b 35 d9 d3 cb ac 08 e7 33 e4 ec 2b\
+83 af 4b 91 96 d6 3e 7c 4f f1 dd ea e2 a1 22 79\
+1a 12 5b fe a8 de b0 de 8c cf 1f 4f fa f6 e6 fb\
+0a
+Test: Verify
+Comment: RSASSA-PSS Signature Example 4.6
+Message: \
+af bc 19 d4 79 24 90 18 fd f4 e0 9f 61 87 26 44\
+04 95 de 11 dd ee e3 88 72 d7 75 fc ea 74 a2 38\
+96 b5 34 3c 9c 38 d4 6a f0 db a2 24 d0 47 58 0c\
+c6 0a 65 e9 39 1c f9 b5 9b 36 a8 60 59 8d 4e 82\
+16 72 2f 99 3b 91 cf ae 87 bc 25 5a f8 9a 6a 19\
+9b ca 4a 39 1e ad bc 3a 24 90 3c 0b d6 67 36 8f\
+6b e7 8e 3f ea bf b4 ff d4 63 12 27 63 74 0f fb\
+be fe ab 9a 25 56 4b c5 d1 c2 4c 93 e4 22 f7 50\
+73 e2 ad 72 bf 45 b1 0d f0 0b 52 a1 47 12 8e 73\
+fe e3 3f a3 f0 57 7d 77 f8 0f bc 2d f1 be d3 13\
+29 0c 12 77 7f 50
+Salt: \
+a3 34 db 6f ae bf 11 08 1a 04 f8 7c 2d 62 1c de\
+c7 93 0b 9b
+Signature: \
+00 93 8d cb 6d 58 30 46 06 5f 69 c7 8d a7 a1 f1\
+75 70 66 a7 fa 75 12 5a 9d 29 29 f0 b7 9a 60 b6\
+27 b0 82 f1 1f 5b 19 6f 28 eb 9d aa 6f 21 c0 5e\
+51 40 f6 ae f1 73 7d 20 23 07 5c 05 ec f0 4a 02\
+8c 68 6a 2a b3 e7 d5 a0 66 4f 29 5c e1 29 95 e8\
+90 90 8b 6a d2 1f 08 39 eb 65 b7 03 93 a7 b5 af\
+d9 87 1d e0 ca a0 ce de c5 b8 19 62 67 56 20 9d\
+13 ab 1e 7b b9 54 6a 26 ff 37 e9 a5 1a f9 fd 56\
+2e
+Test: Verify
+Comment: Example 5: A 1028-bit RSA Key Pair
+Modulus: \
+0d 10 f6 61 f2 99 40 f5 ed 39 aa 26 09 66 de b4\
+78 43 67 9d 2b 6f b2 5b 3d e3 70 f3 ac 7c 19 91\
+63 91 fd 25 fb 52 7e bf a6 a4 b4 df 45 a1 75 9d\
+99 6c 4b b4 eb d1 88 28 c4 4f c5 2d 01 91 87 17\
+40 52 5f 47 a4 b0 cc 8d a3 25 ed 8a a6 76 b0 d0\
+f6 26 e0 a7 7f 07 69 21 70 ac ac 80 82 f4 2f aa\
+7d c7 cd 12 3e 73 0e 31 a8 79 85 20 4c ab cb e6\
+67 0d 43 a2 dd 2b 2d de f5 e0 53 92 fc 21 3b c5\
+07
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+03 ce 08 b1 04 ff f3 96 a9 79 bd 3e 4e 46 92 5b\
+63 19 dd b6 3a cb cf d8 19 f1 7d 16 b8 07 7b 3a\
+87 10 1f f3 4b 77 fe 48 b8 b2 05 a9 6e 91 51 ba\
+8e ce a6 4d 0c ce 7b 23 c3 e6 a6 b8 30 58 bc 49\
+da e8 16 ae 73 6d b5 a4 70 8e 2a d4 35 23 2b 56\
+7f 90 96 ce 59 ff 28 06 1e 79 ab 1c 02 d7 17 e6\
+b2 3c ea 6d b8 eb 51 92 fa 7c 1e ab 22 7d ba 74\
+62 1c 45 60 18 96 ee f1 37 92 c8 44 0b eb 15 aa\
+c1
+Prime1: \
+03 f2 f3 31 f4 14 2d 4f 24 b4 3a a1 02 79 a8 96\
+52 d4 e7 53 72 21 a1 a7 b2 a2 5d eb 55 1e 5d e9\
+ac 49 74 11 c2 27 a9 4e 45 f9 1c 2d 1c 13 cc 04\
+6c f4 ce 14 e3 2d 05 87 34 21 0d 44 a8 7e e1 b7\
+3f
+Prime2: \
+03 4f 09 0d 73 b5 58 03 03 0c f0 36 1a 5d 80 81\
+bf b7 9f 85 15 23 fe ac 0a 21 24 d0 8d 40 13 ff\
+08 48 77 71 a8 70 d0 47 9d c0 68 6c 62 f7 71 8d\
+fe cf 02 4b 17 c9 26 76 78 05 91 71 33 9c c0 08\
+39
+ModPrime1PrivateExponent: \
+02 aa 66 3a db f5 1a b8 87 a0 18 cb 42 6e 78 bc\
+2f e1 82 dc b2 f7 bc b5 04 41 d1 7f df 0f 06 79\
+8b 50 71 c6 e2 f5 fe b4 d5 4a d8 18 23 11 c1 ef\
+62 d4 c4 9f 18 d1 f5 1f 54 b2 d2 cf fb a4 da 1b\
+e5
+ModPrime2PrivateExponent: \
+02 bb e7 06 07 8b 5c 0b 39 15 12 d4 11 db 1b 19\
+9b 5a 56 64 b8 40 42 ea d3 7f e9 94 ae 72 b9 53\
+2d fb fb 3e 9e 69 81 a0 fb b8 06 51 31 41 b7 c2\
+16 3f e5 6c 39 5e 4b fa ee 57 e3 83 3f 9b 91 8d\
+f9
+MultiplicativeInverseOfPrime2ModPrime1: \
+02 42 b6 cd 00 d3 0a 76 7a ee 9a 89 8e ad 45 3c\
+8e ae a6 3d 50 0b 7d 1e 00 71 3e da e5 1c e3 6b\
+23 b6 64 df 26 e6 3e 26 6e c8 f7 6e 6e 63 ed 1b\
+a4 1e b0 33 b1 20 f7 ea 52 12 ae 21 a9 8f bc 16
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 5.1
+Message: \
+30 c7 d5 57 45 8b 43 6d ec fd c1 4d 06 cb 7b 96\
+b0 67 18 c4 8d 7d e5 74 82 a8 68 ae 7f 06 58 70\
+a6 21 65 06 d1 1b 77 93 23 df df 04 6c f5 77 51\
+29 13 4b 4d 56 89 e4 d9 c0 ce 1e 12 d7 d4 b0 6c\
+b5 fc 58 20 de cf a4 1b af 59 bf 25 7b 32 f0 25\
+b7 67 9b 44 5b 94 99 c9 25 55 14 58 85 99 2f 1b\
+76 f8 48 91 ee 4d 3b e0 f5 15 0f d5 90 1e 3a 4c\
+8e d4 3f d3 6b 61 d0 22 e6 5a d5 00 8d bf 33 29\
+3c 22 bf bf d0 73 21 f0 f1 d5 fa 9f df 00 14 c2\
+fc b0 35 8a ad 0e 35 4b 0d 29
+Salt: \
+08 1b 23 3b 43 56 77 50 bd 6e 78 f3 96 a8 8b 9f\
+6a 44 51 51
+Signature: \
+0b a3 73 f7 6e 09 21 b7 0a 8f bf e6 22 f0 bf 77\
+b2 8a 3d b9 8e 36 10 51 c3 d7 cb 92 ad 04 52 91\
+5a 4d e9 c0 17 22 f6 82 3e eb 6a df 7e 0c a8 29\
+0f 5d e3 e5 49 89 0a c2 a3 c5 95 0a b2 17 ba 58\
+59 08 94 95 2d e9 6f 8d f1 11 b2 57 52 15 da 6c\
+16 15 90 c7 45 be 61 24 76 ee 57 8e d3 84 ab 33\
+e3 ec e9 74 81 a2 52 f5 c7 9a 98 b5 53 2a e0 0c\
+dd 62 f2 ec c0 cd 1b ae fe 80 d8 0b 96 21 93 ec\
+1d
+Test: Verify
+Comment: RSASSA-PSS Signature Example 5.2
+Message: \
+e7 b3 2e 15 56 ea 1b 27 95 04 6a c6 97 39 d2 2a\
+c8 96 6b f1 1c 11 6f 61 4b 16 67 40 e9 6b 90 65\
+3e 57 50 94 5f cf 77 21 86 c0 37 90 a0 7f da 32\
+3e 1a 61 91 6b 06 ee 21 57 db 3d ff 80 d6 7d 5e\
+39 a5 3a e2 68 c8 f0 9e d9 9a 73 20 05 b0 bc 6a\
+04 af 4e 08 d5 7a 00 e7 20 1b 30 60 ef aa db 73\
+11 3b fc 08 7f d8 37 09 3a a2 52 35 b8 c1 49 f5\
+62 15 f0 31 c2 4a d5 bd e7 f2 99 60 df 7d 52 40\
+70 f7 44 9c 6f 78 50 84 be 1a 0f 73 30 47 f3 36\
+f9 15 47 38 67 45 47 db 02 a9 f4 4d fc 6e 60 30\
+10 81 e1 ce 99 84 7f 3b 5b 60 1f f0 6b 4d 57 76\
+a9 74 0b 9a a0 d3 40 58 fd 3b 90 6e 4f 78 59 df\
+b0 7d 71 73 e5 e6 f6 35 0a da c2 1f 27 b2 30 74\
+69
+Salt: \
+bd 0c e1 95 49 d0 70 01 20 cb e5 10 77 db bb b0\
+0a 8d 8b 09
+Signature: \
+08 18 0d e8 25 e4 b8 b0 14 a3 2d a8 ba 76 15 55\
+92 12 04 f2 f9 0d 5f 24 b7 12 90 8f f8 4f 3e 22\
+0a d1 79 97 c0 dd 6e 70 66 30 ba 3e 84 ad d4 d5\
+e7 ab 00 4e 58 07 4b 54 97 09 56 5d 43 ad 9e 97\
+b5 a7 a1 a2 9e 85 b9 f9 0f 4a af cd f5 83 21 de\
+8c 59 74 ef 9a bf 2d 52 6f 33 c0 f2 f8 2e 95 d1\
+58 ea 6b 81 f1 73 6d b8 d1 af 3d 6a c6 a8 3b 32\
+d1 8b ae 0f f1 b2 fe 27 de 4c 76 ed 8c 79 80 a3\
+4e
+Test: Verify
+Comment: RSASSA-PSS Signature Example 5.3
+Message: \
+8d 83 96 e3 65 07 fe 1e f6 a1 90 17 54 8e 0c 71\
+66 74 c2 fe c2 33 ad b2 f7 75 66 5e c4 1f 2b d0\
+ba 39 6b 06 1a 9d aa 7e 86 6f 7c 23 fd 35 31 95\
+43 00 a3 42 f9 24 53 5e a1 49 8c 48 f6 c8 79 93\
+28 65 fc 02 00 0c 52 87 23 b7 ad 03 35 74 5b 51\
+20 9a 0a fe d9 32 af 8f 08 87 c2 19 00 4d 2a bd\
+89 4e a9 25 59 ee 31 98 af 3a 73 4f e9 b9 63 8c\
+26 3a 72 8a d9 5a 5a e8 ce 3e b1 58 39 f3 aa 78\
+52 bb 39 07 06 e7 76 0e 43 a7 12 91 a2 e3 f8 27\
+23 7d ed a8 51 87 4c 51 76 65 f5 45 f2 72 38 df\
+86 55 7f 37 5d 09 cc d8 bd 15 d8 cc f6 1f 5d 78\
+ca 5c 7f 5c de 78 2e 6b f5 d0 05 70 56 d4 ba d9\
+8b 3d 2f 95 75 e8 24 ab 7a 33 ff 57 b0 ac 10 0a\
+b0 d6 ea d7 aa 0b 50 f6 e4 d3 e5 ec 0b 96 6b
+Salt: \
+81 57 79 a9 1b 3a 8b d0 49 bf 2a eb 92 01 42 77\
+22 22 c9 ca
+Signature: \
+05 e0 fd bd f6 f7 56 ef 73 31 85 cc fa 8c ed 2e\
+b6 d0 29 d9 d5 6e 35 56 1b 5d b8 e7 02 57 ee 6f\
+d0 19 d2 f0 bb f6 69 fe 9b 98 21 e7 8d f6 d4 1e\
+31 60 8d 58 28 0f 31 8e e3 4f 55 99 41 c8 df 13\
+28 75 74 ba c0 00 b7 e5 8d c4 f4 14 ba 49 fb 12\
+7f 9d 0f 89 36 63 8c 76 e8 53 56 c9 94 f7 97 50\
+f7 fa 3c f4 fd 48 2d f7 5e 3f b9 97 8c d0 61 f7\
+ab b1 75 72 e6 e6 3e 0b de 12 cb dc f1 8c 68 b9\
+79
+Test: Verify
+Comment: RSASSA-PSS Signature Example 5.4
+Message: \
+32 8c 65 9e 0a 64 37 43 3c ce b7 3c 14
+Salt: \
+9a ec 4a 74 80 d5 bb c4 29 20 d7 ca 23 5d b6 74\
+98 9c 9a ac
+Signature: \
+0b c9 89 85 3b c2 ea 86 87 32 71 ce 18 3a 92 3a\
+b6 5e 8a 53 10 0e 6d f5 d8 7a 24 c4 19 4e b7 97\
+81 3e e2 a1 87 c0 97 dd 87 2d 59 1d a6 0c 56 86\
+05 dd 7e 74 2d 5a f4 e3 3b 11 67 8c cb 63 90 32\
+04 a3 d0 80 b0 90 2c 89 ab a8 86 8f 00 9c 0f 1c\
+0c b8 58 10 bb dd 29 12 1a bb 84 71 ff 2d 39 e4\
+9f d9 2d 56 c6 55 c8 e0 37 ad 18 fa fb dc 92 c9\
+58 63 f7 f6 1e a9 ef a2 8f ea 40 13 69 d1 9d ae\
+a1
+Test: Verify
+Comment: RSASSA-PSS Signature Example 5.5
+Message: \
+f3 7b 96 23 79 a4 7d 41 5a 37 6e ec 89 73 15 0b\
+cb 34 ed d5 ab 65 40 41 b6 14 30 56 0c 21 44 58\
+2b a1 33 c8 67 d8 52 d6 b8 e2 33 21 90 13 02 ec\
+b4 5b 09 ec 88 b1 52 71 78 fa 04 32 63 f3 06 7d\
+9f fe 97 30 32 a9 9f 4c b0 8a d2 c7 e0 a2 45 6c\
+dd 57 a7 df 56 fe 60 53 52 7a 5a eb 67 d7 e5 52\
+06 3c 1c a9 7b 1b ef fa 7b 39 e9 97 ca f2 78 78\
+ea 0f 62 cb eb c8 c2 1d f4 c8 89 a2 02 85 1e 94\
+90 88 49 0c 24 9b 6e 9a cf 1d 80 63 f5 be 23 43\
+98 9b f9 5c 4d a0 1a 2b e7 8b 4a b6 b3 78 01 5b\
+c3 79 57 f7 69 48 b5 e5 8e 44 0c 28 45 3d 40 d7\
+cf d5 7e 7d 69 06 00 47 4a b5 e7 59 73 b1 ea 0c\
+5f 1e 45 d1 41 90 af e2 f4 eb 6d 3b df 71 f1 d2\
+f8 bb 15 6a 1c 29 5d 04 aa eb 9d 68 9d ce 79 ed\
+62 bc 44 3e
+Salt: \
+e2 0c 1e 98 78 51 2c 39 97 0f 58 37 5e 15 49 a6\
+8b 64 f3 1d
+Signature: \
+0a ef a9 43 b6 98 b9 60 9e df 89 8a d2 27 44 ac\
+28 dc 23 94 97 ce a3 69 cb bd 84 f6 5c 95 c0 ad\
+77 6b 59 47 40 16 4b 59 a7 39 c6 ff 7c 2f 07 c7\
+c0 77 a8 6d 95 23 8f e5 1e 1f cf 33 57 4a 4a e0\
+68 4b 42 a3 f6 bf 67 7d 91 82 0c a8 98 74 46 7b\
+2c 23 ad d7 79 69 c8 07 17 43 0d 0e fc 1d 36 95\
+89 2c e8 55 cb 7f 70 11 63 0f 4d f2 6d ef 8d df\
+36 fc 23 90 5f 57 fa 62 43 a4 85 c7 70 d5 68 1f\
+cd
+Test: Verify
+Comment: RSASSA-PSS Signature Example 5.6
+Message: \
+c6 10 3c 33 0c 1e f7 18 c1 41 e4 7b 8f a8 59 be\
+4d 5b 96 25 9e 7d 14 20 70 ec d4 85 83 9d ba 5a\
+83 69 c1 7c 11 14 03 5e 53 2d 19 5c 74 f4 4a 04\
+76 a2 d3 e8 a4 da 21 00 16 ca ce d0 e3 67 cb 86\
+77 10 a4 b5 aa 2d f2 b8 e5 da f5 fd c6 47 80 7d\
+4d 5e bb 6c 56 b9 76 3c cd ae 4d ea 33 08 eb 0a\
+c2 a8 95 01 cb 20 9d 26 39 fa 5b f8 7c e7 90 74\
+7d 3c b2 d2 95 e8 45 64 f2 f6 37 82 4f 0c 13 02\
+81 29 b0 aa 4a 42 2d 16 22 82
+Salt: \
+23 29 1e 4a 33 07 e8 bb b7 76 62 3a b3 4e 4a 5f\
+4c c8 a8 db
+Signature: \
+02 80 2d cc fa 8d fa f5 27 9b f0 b4 a2 9b a1 b1\
+57 61 1f ae aa f4 19 b8 91 9d 15 94 19 00 c1 33\
+9e 7e 92 e6 fa e5 62 c5 3e 6c c8 e8 41 04 b1 10\
+bc e0 3a d1 85 25 e3 c4 9a 0e ad ad 5d 3f 28 f2\
+44 a8 ed 89 ed ba fb b6 86 27 7c fa 8a e9 09 71\
+4d 6b 28 f4 bf 8e 29 3a a0 4c 41 ef e7 c0 a8 12\
+66 d5 c0 61 e2 57 5b e0 32 aa 46 46 74 ff 71 62\
+62 19 bd 74 cc 45 f0 e7 ed 4e 3f f9 6e ee 75 8e\
+8f
+Test: Verify
+Comment: Example 6: A 1029-bit RSA Key Pair
+Modulus: \
+16 4c a3 1c ff 60 9f 3a 0e 71 01 b0 39 f2 e4 fe\
+6d d3 75 19 ab 98 59 8d 17 9e 17 49 96 59 80 71\
+f4 7d 3a 04 55 91 58 d7 be 37 3c f1 aa 53 f0 aa\
+6e f0 90 39 e5 67 8c 2a 4c 63 90 05 14 c8 c4 f8\
+aa ed 5d e1 2a 5f 10 b0 9c 31 1a f8 c0 ff b5 b7\
+a2 97 f2 ef c6 3b 8d 6b 05 10 93 1f 0b 98 e4 8b\
+f5 fc 6e c4 e7 b8 db 1f fa eb 08 c3 8e 02 ad b8\
+f0 3a 48 22 9c 99 e9 69 43 1f 61 cb 8c 4d c6 98\
+d1
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+03 b6 64 ee 3b 75 66 72 3f c6 ea f2 8a bb 43 0a\
+39 80 f1 12 6c 81 de 8a d7 09 ea b3 9a c9 dc d0\
+b1 55 0b 37 29 d8 70 68 e9 52 00 9d f5 44 53 4c\
+1f 50 82 9a 78 f4 59 1e b8 fd 57 14 04 26 a6 bb\
+04 05 b6 a6 f5 1a 57 d9 26 7b 7b bc 65 33 91 a6\
+99 a2 a9 0d ac 8a e2 26 bc c6 0f a8 cd 93 4c 73\
+c7 b0 3b 1f 6b 81 81 58 63 18 38 a8 61 2e 6e 6e\
+a9 2b e2 4f 83 24 fa f5 b1 fd 85 87 22 52 67 ba\
+6f
+Prime1: \
+04 f0 54 8c 96 26 ab 1e bf 12 44 93 47 41 d9 9a\
+06 22 0e fa 2a 58 56 aa 0e 75 73 0b 2e c9 6a dc\
+86 be 89 4f a2 80 3b 53 a5 e8 5d 27 6a cb d2 9a\
+b8 23 f8 0a 73 91 bb 54 a5 05 16 72 fb 04 ee b5\
+43
+Prime2: \
+04 83 e0 ae 47 91 55 87 74 3f f3 45 36 2b 55 5d\
+39 62 d9 8b b6 f1 5f 84 8b 4c 92 b1 77 1c a8 ed\
+10 7d 8d 3e e6 5e c4 45 17 dd 0f aa 48 1a 38 7e\
+90 2f 7a 2e 74 7c 26 9e 7e a4 44 80 bc 53 8b 8e\
+5b
+ModPrime1PrivateExponent: \
+03 a8 e8 ae a9 92 0c 1a a3 b2 f0 d8 46 e4 b8 50\
+d8 1c a3 06 a5 1c 83 54 4f 94 9f 64 f9 0d cf 3f\
+8e 26 61 f0 7e 56 12 20 a1 80 38 8f be 27 3e 70\
+e2 e5 dc a8 3a 0e 13 48 dd 64 90 c7 31 d6 ec e1\
+ab
+ModPrime2PrivateExponent: \
+01 35 bd cd b6 0b f2 19 7c 43 6e d3 4b 32 cd 8b\
+4f c7 77 78 83 2b a7 67 03 55 1f b2 42 b3 01 69\
+95 93 af 77 fd 8f c3 94 a8 52 6a d2 3c c4 1a 03\
+80 6b d8 97 fe 4b 0e a6 46 55 8a ad dc c9 9e 8a\
+25
+MultiplicativeInverseOfPrime2ModPrime1: \
+03 04 c0 3d 9c 73 65 03 a9 84 ab bd 9b a2 23 01\
+40 7c 4a 2a b1 dd 85 76 64 81 b6 0d 45 40 11 52\
+e6 92 be 14 f4 12 1d 9a a3 fd 6e 0b 4d 1d 3a 97\
+35 38 a3 1d 42 ee 6e 1e 5e f6 20 23 1a 2b ba f3\
+5f
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 6.1
+Message: \
+0a 20 b7 74 ad dc 2f a5 12 45 ed 7c b9 da 60 9e\
+50 ca c6 63 6a 52 54 3f 97 45 8e ed 73 40 f8 d5\
+3f fc 64 91 8f 94 90 78 ee 03 ef 60 d4 2b 5f ec\
+24 60 50 bd 55 05 cd 8c b5 97 ba d3 c4 e7 13 b0\
+ef 30 64 4e 76 ad ab b0 de 01 a1 56 1e fb 25 51\
+58 c7 4f c8 01 e6 e9 19 e5 81 b4 6f 0f 0d dd 08\
+e4 f3 4c 78 10 b5 ed 83 18 f9 1d 7c 8c
+Salt: \
+5b 4e a2 ef 62 9c c2 2f 3b 53 8e 01 69 04 b4 7b\
+1e 40 bf d5
+Signature: \
+04 c0 cf ac ec 04 e5 ba db ec e1 59 a5 a1 10 3f\
+69 b3 f3 2b a5 93 cb 4c c4 b1 b7 ab 45 59 16 a9\
+6a 27 cd 26 78 ea 0f 46 ba 37 f7 fc 9c 86 32 5f\
+29 73 3b 38 9f 1d 97 f4 3e 72 01 c0 f3 48 fc 45\
+fe 42 89 23 35 36 2e ee 01 8b 5b 16 1f 2f 93 93\
+03 12 25 c7 13 01 2a 57 6b c8 8e 23 05 24 89 86\
+8d 90 10 cb f0 33 ec c5 68 e8 bc 15 2b dc 59 d5\
+60 e4 12 91 91 5d 28 56 52 08 e2 2a ee c9 ef 85\
+d1
+Test: Verify
+Comment: RSASSA-PSS Signature Example 6.2
+Message: \
+2a af f6 63 1f 62 1c e6 15 76 0a 9e bc e9 4b b3\
+33 07 7a d8 64 88 c8 61 d4 b7 6d 29 c1 f4 87 46\
+c6 11 ae 1e 03 ce d4 44 5d 7c fa 1f e5 f6 2e 1b\
+3f 08 45 2b de 3b 6e f8 19 73 ba fb b5 7f 97 bc\
+ee f8 73 98 53 95 b8 26 05 89 aa 88 cb 7d b5 0a\
+b4 69 26 2e 55 1b dc d9 a5 6f 27 5a 0a c4 fe 48\
+47 00 c3 5f 3d bf 2b 46 9e de 86 47 41 b8 6f a5\
+91 72 a3 60 ba 95 a0 2e 13 9b e5 0d df b7 cf 0b\
+42 fa ea bb fb ba a8 6a 44 97 69 9c 4f 2d fd 5b\
+08 40 6a f7 e1 41 44 42 7c 25 3e c0 ef a2 0e af\
+9a 8b e8 cd 49 ce 1f 1b c4 e9 3e 61 9c f2 aa 8e\
+d4 fb 39 bc 85 90 d0 f7 b9 64 88 f7 31 7a c9 ab\
+f7 be e4 e3 a0 e7 15
+Salt: \
+83 14 6a 9e 78 27 22 c2 8b 01 4f 98 b4 26 7b da\
+2a c9 50 4f
+Signature: \
+0a 23 14 25 0c f5 2b 6e 4e 90 8d e5 b3 56 46 bc\
+aa 24 36 1d a8 16 0f b0 f9 25 75 90 ab 3a ce 42\
+b0 dc 3e 77 ad 2d b7 c2 03 a2 0b d9 52 fb b5 6b\
+15 67 04 6e cf aa 93 3d 7b 10 00 c3 de 9f f0 5b\
+7d 98 9b a4 6f d4 3b c4 c2 d0 a3 98 6b 7f fa 13\
+47 1d 37 eb 5b 47 d6 47 07 bd 29 0c fd 6a 9f 39\
+3a d0 8e c1 e3 bd 71 bb 57 92 61 50 35 cd af 2d\
+89 29 ae d3 be 09 83 79 37 7e 77 7c e7 9a aa 47\
+73
+Test: Verify
+Comment: RSASSA-PSS Signature Example 6.3
+Message: \
+0f 61 95 d0 4a 6e 6f c7 e2 c9 60 0d bf 84 0c 39\
+ea 8d 4d 62 4f d5 35 07 01 6b 0e 26 85 8a 5e 0a\
+ec d7 ad a5 43 ae 5c 0a b3 a6 25 99 cb a0 a5 4e\
+6b f4 46 e2 62 f9 89 97 8f 9d df 5e 9a 41
+Salt: \
+a8 7b 8a ed 07 d7 b8 e2 da f1 4d dc a4 ac 68 c4\
+d0 aa bf f8
+Signature: \
+08 6d f6 b5 00 09 8c 12 0f 24 ff 84 23 f7 27 d9\
+c6 1a 5c 90 07 d3 b6 a3 1c e7 cf 8f 3c be c1 a2\
+6b b2 0e 2b d4 a0 46 79 32 99 e0 3e 37 a2 1b 40\
+19 4f b0 45 f9 0b 18 bf 20 a4 79 92 cc d7 99 cf\
+9c 05 9c 29 9c 05 26 85 49 54 aa de 8a 6a d9 d9\
+7e c9 1a 11 45 38 3f 42 46 8b 23 1f 4d 72 f2 37\
+06 d9 85 3c 3f a4 3c e8 ac e8 bf e7 48 49 87 a1\
+ec 6a 16 c8 da f8 1f 7c 8b f4 27 74 70 7a 9d f4\
+56
+Test: Verify
+Comment: RSASSA-PSS Signature Example 6.4
+Message: \
+33 7d 25 fe 98 10 eb ca 0d e4 d4 65 8d 3c eb 8e\
+0f e4 c0 66 ab a3 bc c4 8b 10 5d 3b f7 e0 25 7d\
+44 fe ce a6 59 6f 4d 0c 59 a0 84 02 83 36 78 f7\
+06 20 f9 13 8d fe b7 de d9 05 e4 a6 d5 f0 5c 47\
+3d 55 93 66 52 e2 a5 df 43 c0 cf da 7b ac af 30\
+87 f4 52 4b 06 cf 42 15 7d 01 53 97 39 f7 fd de\
+c9 d5 81 25 df 31 a3 2e ab 06 c1 9b 71 f1 d5 bf
+Salt: \
+a3 79 32 f8 a7 49 4a 94 2d 6f 76 74 38 e7 24 d6\
+d0 c0 ef 18
+Signature: \
+0b 5b 11 ad 54 98 63 ff a9 c5 1a 14 a1 10 6c 2a\
+72 cc 8b 64 6e 5c 72 62 50 97 86 10 5a 98 47 76\
+53 4c a9 b5 4c 1c c6 4b f2 d5 a4 4f d7 e8 a6 9d\
+b6 99 d5 ea 52 08 7a 47 48 fd 2a bc 1a fe d1 e5\
+d6 f7 c8 90 25 53 0b da a2 21 3d 7e 03 0f a5 5d\
+f6 f3 4b cf 1c e4 6d 2e df 4e 3a e4 f3 b0 18 91\
+a0 68 c9 e3 a4 4b bc 43 13 3e da d6 ec b9 f3 54\
+00 c4 25 2a 57 62 d6 57 44 b9 9c b9 f4 c5 59 32\
+9f
+Test: Verify
+Comment: RSASSA-PSS Signature Example 6.5
+Message: \
+84 ec 50 2b 07 2e 82 87 78 9d 8f 92 35 82 9e a3\
+b1 87 af d4 d4 c7 85 61 1b da 5f 9e b3 cb 96 71\
+7e fa 70 07 22 7f 1c 08 cb cb 97 2e 66 72 35 e0\
+fb 7d 43 1a 65 70 32 6d 2e cc e3 5a db 37 3d c7\
+53 b3 be 5f 82 9b 89 17 54 93 19 3f ab 16 ba db\
+41 37 1b 3a ac 0a e6 70 07 6f 24 be f4 20 c1 35\
+ad d7 ce e8 d3 5f bc 94 4d 79 fa fb 9e 30 7a 13\
+b0 f5 56 cb 65 4a 06 f9 73 ed 22 67 23 30 19 7e\
+f5 a7 48 bf 82 6a 5d b2 38 3a 25 36 4b 68 6b 93\
+72 bb 23 39 ae b1 ac 9e 98 89 32 7d 01 6f 16 70\
+77 6d b0 62 01 ad bd ca f8 a5 e3 b7 4e 10 8b 73
+Salt: \
+7b 79 0c 1d 62 f7 b8 4e 94 df 6a f2 89 17 cf 57\
+10 18 11 0e
+Signature: \
+02 d7 1f a9 b5 3e 46 54 fe fb 7f 08 38 5c f6 b0\
+ae 3a 81 79 42 eb f6 6c 35 ac 67 f0 b0 69 95 2a\
+3c e9 c7 e1 f1 b0 2e 48 0a 95 00 83 6d e5 d6 4c\
+db 7e cd e0 45 42 f7 a7 99 88 78 7e 24 c2 ba 05\
+f5 fd 48 2c 02 3e d5 c3 0e 04 83 9d c4 4b ed 2a\
+3a 3a 4f ee 01 11 3c 89 1a 47 d3 2e b8 02 5c 28\
+cb 05 0b 5c db 57 6c 70 fe 76 ef 52 34 05 c0 84\
+17 fa f3 50 b0 37 a4 3c 37 93 39 fc b1 8d 3a 35\
+6b
+Test: Verify
+Comment: RSASSA-PSS Signature Example 6.6
+Message: \
+99 06 d8 9f 97 a9 fd ed d3 cc d8 24 db 68 73 26\
+f3 0f 00 aa 25 a7 fc a2 af cb 3b 0f 86 cd 41 e7\
+3f 0e 8f f7 d2 d8 3f 59 e2 8e d3 1a 5a 0d 55 15\
+23 37 4d e2 2e 4c 7e 8f f5 68 b3 86 ee 3d c4 11\
+63 f1 0b f6 7b b0 06 26 1c 90 82 f9 af 90 bf 1d\
+90 49 a6 b9 fa e7 1c 7f 84 fb e6 e5 5f 02 78 9d\
+e7 74 f2 30 f1 15 02 6a 4b 4e 96 c5 5b 04 a9 5d\
+a3 aa cb b2 ce ce 8f 81 76 4a 1f 1c 99 51 54 11\
+08 7c f7 d3 4a ed ed 09 32 c1 83
+Salt: \
+fb be 05 90 25 b6 9b 89 fb 14 ae 22 89 e7 aa af\
+e6 0c 0f cd
+Signature: \
+0a 40 a1 6e 2f e2 b3 8d 1d f9 05 46 16 7c f9 46\
+9c 9e 3c 36 81 a3 44 2b 4b 2c 2f 58 1d eb 38 5c\
+e9 9f c6 18 8b b0 2a 84 1d 56 e7 6d 30 18 91 e2\
+45 60 55 0f cc 2a 26 b5 5f 4c cb 26 d8 37 d3 50\
+a1 54 bc ac a8 39 2d 98 fa 67 95 9e 97 27 b7 8c\
+ad 03 26 9f 56 96 8f c5 6b 68 bd 67 99 26 d8 3c\
+c9 cb 21 55 50 64 5c cd a3 1c 76 0f f3 58 88 94\
+3d 2d 8a 1d 35 1e 81 e5 d0 7b 86 18 2e 75 10 81\
+ef
+Test: Verify
+Comment: Example 7: A 1030-bit RSA Key Pair
+Modulus: \
+37 c9 da 4a 66 c8 c4 08 b8 da 27 d0 c9 d7 9f 8c\
+cb 1e af c1 d2 fe 48 74 6d 94 0b 7c 4e f5 de e1\
+8a d1 26 47 ce fa a0 c4 b3 18 8b 22 1c 51 53 86\
+75 9b 93 f0 20 24 b2 5a b9 24 2f 83 57 d8 f3 fd\
+49 64 0e e5 e6 43 ea f6 c6 4d ee fa 70 89 72 7c\
+8f f0 39 93 33 39 15 c6 ef 21 bf 59 75 b6 e5 0d\
+11 8b 51 00 8e c3 3e 9f 01 a0 a5 45 a1 0a 83 6a\
+43 dd bc a9 d8 b5 c5 d3 54 80 22 d7 06 4e a2 9a\
+b3
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+3b ed 99 90 52 d9 57 bc 06 d6 51 ee f6 e3 a9 80\
+94 b1 62 1b d3 8b 54 49 bd 6c 4a ea 3d e7 e0 84\
+67 9a 44 84 de d2 5b e0 f0 82 6c f3 37 78 25 41\
+4b 14 d4 d6 1d b1 4d e6 26 fb b8 0e 5f 4f ae c9\
+56 f9 a0 a2 d2 4f 99 57 63 80 f0 84 eb 62 e4 6a\
+57 d5 54 27 8b 53 56 26 19 3c e0 20 60 57 5e b6\
+6c 57 98 d3 6f 6c 5d 40 fb 00 d8 09 b4 2a 73 10\
+2c 1c 74 ee 95 bd 71 42 0f ff ef 63 18 b5 2c 29
+Prime1: \
+07 ee fb 42 4b 0e 3a 40 e4 20 8e e5 af b2 80 b2\
+23 17 30 81 14 dd e0 b4 b6 4f 73 01 84 ec 68 da\
+6c e2 86 7a 9f 48 ed 77 26 d5 e2 61 4e d0 4a 54\
+10 73 6c 8c 71 4e e7 02 47 42 98 c6 29 2a f0 75\
+35
+Prime2: \
+07 08 30 db f9 47 ea c0 22 8d e2 63 14 b5 9b 66\
+99 4c c6 0e 83 60 e7 5d 38 76 29 8f 8f 8a 7d 14\
+1d a0 64 e5 ca 02 6a 97 3e 28 f2 54 73 8c ee 66\
+9c 72 1b 03 4c b5 f8 e2 44 da dd 7c d1 e1 59 d5\
+47
+ModPrime1PrivateExponent: \
+05 24 d2 0c 3d 95 cf f7 5a f2 31 34 83 22 7d 87\
+02 71 7a a5 76 de 15 5f 96 05 15 50 1a db 1d 70\
+e1 c0 4d e9 1b 75 b1 61 db f0 39 83 56 12 7e de\
+da 7b bc 19 a3 2d c1 62 1c c9 f5 3c 26 5d 0c e3\
+31
+ModPrime2PrivateExponent: \
+05 f9 84 a1 f2 3c 93 8d 6a 0e 89 72 4b cf 3d d9\
+3f 99 46 92 60 37 fe 7c 6b 13 a2 9e 52 84 85 5f\
+89 08 95 91 d4 40 97 56 27 bf 5c 9e 3a 8b 5c a7\
+9c 77 2a d2 73 e4 0d 32 1a f4 a6 c9 7d fd ed 78\
+d3
+MultiplicativeInverseOfPrime2ModPrime1: \
+dd d9 18 ad ad a2 9d ca b9 81 ff 9a cb a4 25 70\
+23 c0 9a 38 01 cc ce 09 8c e2 68 f8 55 d0 df 57\
+0c d6 e7 b9 b1 4b d9 a5 a9 25 4c bc 31 5b e6 f8\
+ba 1e 25 46 dd d5 69 c5 ea 19 ee d8 35 3b de 5e
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 7.1
+Message: \
+9e ad 0e 01 94 56 40 67 4e b4 1c ad 43 5e 23 74\
+ea ef a8 ad 71 97 d9 79 13 c4 49 57 d8 d8 3f 40\
+d7 6e e6 0e 39 bf 9c 0f 9e af 30 21 42 1a 07 4d\
+1a de 96 2c 6e 9d 3d c3 bb 17 4f e4 df e6 52 b0\
+91 15 49 5b 8f d2 79 41 74 02 0a 06 02 b5 ca 51\
+84 8c fc 96 ce 5e b5 7f c0 a2 ad c1 dd a3 6a 7c\
+c4 52 64 1a 14 91 1b 37 e4 5b fa 11 da a5 c7 ec\
+db 74 f6 d0 10 0d 1d 3e 39 e7 52 80 0e 20 33 97\
+de 02 33 07 7b 9a 88 85 55 37 fa e9 27 f9 24 38\
+0d 78 0f 98 e1 8d cf f3 9c 5e a7 41 b1 7d 6f dd\
+18 85 bc 9d 58 14 82 d7 71 ce b5 62 d7 8a 8b f8\
+8f 0c 75 b1 13 63 e5 e3 6c d4 79 ce b0 54 5f 9d\
+a8 42 03 e0 e6 e5 08 37 5c c9 e8 44 b8 8b 7a c7\
+a0 a2 01 ea 0f 1b ee 9a 2c 57 79 20 ca 02 c0 1b\
+9d 83 20 e9 74 a5 6f 4e fb 57 63 b9 62 55 ab bf\
+80 37 bf 18 02 cf 01 8f 56 37 94 93 e5 69 a9
+Salt: \
+b7 86 7a 59 95 8c b5 43 28 f8 77 5e 65 46 ec 06\
+d2 7e aa 50
+Signature: \
+18 7f 39 07 23 c8 90 25 91 f0 15 4b ae 6d 4e cb\
+ff e0 67 f0 e8 b7 95 47 6e a4 f4 d5 1c cc 81 05\
+20 bb 3c a9 bc a7 d0 b1 f2 ea 8a 17 d8 73 fa 27\
+57 0a cd 64 2e 38 08 56 1c b9 e9 75 cc fd 80 b2\
+3d c5 77 1c db 33 06 a5 f2 31 59 da cb d3 aa 2d\
+b9 3d 46 d7 66 e0 9e d1 5d 90 0a d8 97 a8 d2 74\
+dc 26 b4 7e 99 4a 27 e9 7e 22 68 a7 66 53 3a e4\
+b5 e4 2a 2f ca f7 55 c1 c4 79 4b 29 4c 60 55 58\
+23
+Test: Verify
+Comment: RSASSA-PSS Signature Example 7.2
+Message: \
+8d 80 d2 d0 8d bd 19 c1 54 df 3f 14 67 3a 14 bd\
+03 73 52 31 f2 4e 86 bf 15 3d 0e 69 e7 4c bf f7\
+b1 83 6e 66 4d e8 3f 68 01 24 37 0f c0 f9 6c 9b\
+65 c0 7a 36 6b 64 4c 4a b3
+Salt: \
+0c 09 58 22 66 df 08 63 10 82 1b a7 e1 8d f6 4d\
+fe e6 de 09
+Signature: \
+10 fd 89 76 8a 60 a6 77 88 ab b5 85 6a 78 7c 85\
+61 f3 ed cf 9a 83 e8 98 f7 dc 87 ab 8c ce 79 42\
+9b 43 e5 69 06 94 1a 88 61 94 f1 37 e5 91 fe 7c\
+33 95 55 36 1f bb e1 f2 4f eb 2d 4b cd b8 06 01\
+f3 09 6b c9 13 2d ee a6 0a e1 30 82 f4 4f 9a d4\
+1c d6 28 93 6a 4d 51 17 6e 42 fc 59 cb 76 db 81\
+5c e5 ab 4d b9 9a 10 4a af ea 68 f5 d3 30 32 9e\
+bf 25 8d 4e de 16 06 4b d1 d0 03 93 d5 e1 57 0e\
+b8
+Test: Verify
+Comment: RSASSA-PSS Signature Example 7.3
+Message: \
+80 84 05 cd fc 1a 58 b9 bb 03 97 c7 20 72 2a 81\
+ff fb 76 27 8f 33 59 17 ef 9c 47 38 14 b3 e0 16\
+ba 29 73 cd 27 65 f8 f3 f8 2d 6c c3 8a a7 f8 55\
+18 27 fe 8d 1e 38 84 b7 e6 1c 94 68 3b 8f 82 f1\
+84 3b da e2 25 7e ee c9 81 2a d4 c2 cf 28 3c 34\
+e0 b0 ae 0f e3 cb 99 0c f8 8f 2e f9
+Salt: \
+28 03 9d cf e1 06 d3 b8 29 66 11 25 8c 4a 56 65\
+1c 9e 92 dd
+Signature: \
+2b 31 fd e9 98 59 b9 77 aa 09 58 6d 8e 27 46 62\
+b2 5a 2a 64 06 40 b4 57 f5 94 05 1c b1 e7 f7 a9\
+11 86 54 55 24 29 26 cf 88 fe 80 df a3 a7 5b a9\
+68 98 44 a1 1e 63 4a 82 b0 75 af bd 69 c1 2a 0d\
+f9 d2 5f 84 ad 49 45 df 3d c8 fe 90 c3 ce fd f2\
+6e 95 f0 53 43 04 b5 bd ba 20 d3 e5 64 0a 2e bf\
+b8 98 aa c3 5a e4 0f 26 fc e5 56 3c 2f 9f 24 f3\
+04 2a f7 6f 3c 70 72 d6 87 bb fb 95 9a 88 46 0a\
+f1
+Test: Verify
+Comment: RSASSA-PSS Signature Example 7.4
+Message: \
+f3 37 b9 ba d9 37 de 22 a1 a0 52 df f1 11 34 a8\
+ce 26 97 62 02 98 19 39 b9 1e 07 15 ae 5e 60 96\
+49 da 1a df ce f3 f4 cc a5 9b 23 83 60 e7 d1 e4\
+96 c7 bf 4b 20 4b 5a cf f9 bb d6 16 6a 1d 87 a3\
+6e f2 24 73 73 75 10 39 f8 a8 00 b8 39 98 07 b3\
+a8 5f 44 89 34 97 c0 d0 5f b7 01 7b 82 22 81 52\
+de 6f 25 e6 11 6d cc 75 03 c7 86 c8 75 c2 8f 3a\
+a6 07 e9 4a b0 f1 98 63 ab 1b 50 73 77 0b 0c d5\
+f5 33 ac de 30 c6 fb 95 3c f3 da 68 02 64 e3 0f\
+c1 1b ff 9a 19 bf fa b4 77 9b 62 23 c3 fb 3f e0\
+f7 1a ba de 4e b7 c0 9c 41 e2 4c 22 d2 3f a1 48\
+e6 a1 73 fe b6 39 84 d1 bc 6e e3 a0 2d 91 5b 75\
+2c ea f9 2a 30 15 ec eb 38 ca 58 6c 68 01 b3 7c\
+34 ce fb 2c ff 25 ea 23 c0 86 62 dc ab 26 a7 a9\
+3a 28 5d 05 d3 04 4c
+Salt: \
+a7 78 21 eb bb ef 24 62 8e 4e 12 e1 d0 ea 96 de\
+39 8f 7b 0f
+Signature: \
+32 c7 ca 38 ff 26 94 9a 15 00 0c 4b a0 4b 2b 13\
+b3 5a 38 10 e5 68 18 4d 7e ca ba a1 66 b7 ff ab\
+dd f2 b6 cf 4b a0 71 24 92 37 90 f2 e5 b1 a5 be\
+04 0a ea 36 fe 13 2e c1 30 e1 f1 05 67 98 2d 17\
+ac 3e 89 b8 d2 6c 30 94 03 4e 76 2d 2e 03 12 64\
+f0 11 70 be ec b3 d1 43 9e 05 84 6f 25 45 83 67\
+a7 d9 c0 20 60 44 46 72 67 1e 64 e8 77 86 45 59\
+ca 19 b2 07 4d 58 8a 28 1b 58 04 d2 37 72 fb be\
+19
+Test: Verify
+Comment: RSASSA-PSS Signature Example 7.5
+Message: \
+45 01 3c eb af d9 60 b2 55 47 6a 8e 25 98 b9 aa\
+32 ef be 6d c1 f3 4f 4a 49 8d 8c f5 a2 b4 54 8d\
+08 c5 5d 5f 95 f7 bc c9 61 91 63 05 6f 2d 58 b5\
+2f a0 32
+Salt: \
+9d 5a d8 eb 45 21 34 b6 5d c3 a9 8b 6a 73 b5 f7\
+41 60 9c d6
+Signature: \
+07 eb 65 1d 75 f1 b5 2b c2 63 b2 e1 98 33 6e 99\
+fb eb c4 f3 32 04 9a 92 2a 10 81 56 07 ee 2d 98\
+9d b3 a4 49 5b 7d cc d3 8f 58 a2 11 fb 7e 19 31\
+71 a3 d8 91 13 24 37 eb ca 44 f3 18 b2 80 50 9e\
+52 b5 fa 98 fc ce 82 05 d9 69 7c 8e e4 b7 ff 59\
+d4 c5 9c 79 03 8a 19 70 bd 2a 0d 45 1e cd c5 ef\
+11 d9 97 9c 9d 35 f8 c7 0a 61 63 71 76 07 89 0d\
+58 6a 7c 6d c0 1c 79 f8 6a 8f 28 e8 52 35 f8 c2\
+f1
+Test: Verify
+Comment: RSASSA-PSS Signature Example 7.6
+Message: \
+23 58 09 70 86 c8 99 32 3e 75 d9 c9 0d 0c 09 f1\
+2d 9d 54 ed fb df 70 a9 c2 eb 5a 04 d8 f3 6b 9b\
+2b df 2a ab e0 a5 bd a1 96 89 37 f9 d6 eb d3 b6\
+b2 57 ef b3 13 6d 41 31 f9 ac b5 9b 85 e2 60 2c\
+2a 3f cd c8 35 49 4a 1f 4e 5e c1 8b 22 6c 80 23\
+2b 36 a7 5a 45 fd f0 9a 7e a9 e9 8e fb de 14 50\
+d1 19 4b f1 2e 15 a4 c5 f9 eb 5c 0b ce 52 69 e0\
+c3 b2 8c fa b6 55 d8 1a 61 a2 0b 4b e2 f5 44 59\
+bb 25 a0 db 94 c5 22 18 be 10 9a 74 26 de 83 01\
+44 24 78 9a aa 90 e5 05 6e 63 2a 69 81 15 e2 82\
+c1 a5 64 10 f2 6c 20 72 f1 93 48 1a 9d cd 88 05\
+72 00 5e 64 f4 08 2e cf
+Salt: \
+3f 2e fc 59 58 80 a7 d4 7f cf 3c ba 04 98 3e a5\
+4c 4b 73 fb
+Signature: \
+18 da 3c dc fe 79 bf b7 7f d9 c3 2f 37 7a d3 99\
+14 6f 0a 8e 81 06 20 23 32 71 a6 e3 ed 32 48 90\
+3f 5c dc 92 dc 79 b5 5d 3e 11 61 5a a0 56 a7 95\
+85 37 92 a3 99 8c 34 9c a5 c4 57 e8 ca 7d 29 d7\
+96 aa 24 f8 34 91 70 9b ef cf b1 51 0e a5 13 c9\
+28 29 a3 f0 0b 10 4f 65 56 34 f3 20 75 2e 13 0e\
+c0 cc f6 75 4f f8 93 db 30 29 32 bb 02 5e b6 0e\
+87 82 25 98 fc 61 9e 0e 98 17 37 a9 a4 c4 15 2d\
+33
+Test: Verify
+Comment: Example 8: A 1031-bit RSA Key Pair
+Modulus: \
+49 53 70 a1 fb 18 54 3c 16 d3 63 1e 31 63 25 5d\
+f6 2b e6 ee e8 90 d5 f2 55 09 e4 f7 78 a8 ea 6f\
+bb bc df 85 df f6 4e 0d 97 20 03 ab 36 81 fb ba\
+6d d4 1f d5 41 82 9b 2e 58 2d e9 f2 a4 a4 e0 a2\
+d0 90 0b ef 47 53 db 3c ee 0e e0 6c 7d fa e8 b1\
+d5 3b 59 53 21 8f 9c ce ea 69 5b 08 66 8e de aa\
+dc ed 94 63 b1 d7 90 d5 eb f2 7e 91 15 b4 6c ad\
+4d 9a 2b 8e fa b0 56 1b 08 10 34 47 39 ad a0 73\
+3f
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+6c 66 ff e9 89 80 c3 8f cd ea b5 15 98 98 83 61\
+65 f4 b4 b8 17 c4 f6 a8 d4 86 ee 4e a9 13 0f e9\
+b9 09 2b d1 36 d1 84 f9 5f 50 4a 60 7e ac 56 58\
+46 d2 fd d6 59 7a 89 67 c7 39 6e f9 5a 6e ee bb\
+45 78 a6 43 96 6d ca 4d 8e e3 de 84 2d e6 32 79\
+c6 18 15 9c 1a b5 4a 89 43 7b 6a 61 20 e4 93 0a\
+fb 52 a4 ba 6c ed 8a 49 47 ac 64 b3 0a 34 97 cb\
+e7 01 c2 d6 26 6d 51 72 19 ad 0e c6 d3 47 db e9
+Prime1: \
+08 da d7 f1 13 63 fa a6 23 d5 d6 d5 e8 a3 19 32\
+8d 82 19 0d 71 27 d2 84 6c 43 9b 0a b7 26 19 b0\
+a4 3a 95 32 0e 4e c3 4f c3 a9 ce a8 76 42 23 05\
+bd 76 c5 ba 7b e9 e2 f4 10 c8 06 06 45 a1 d2 9e\
+db
+Prime2: \
+08 47 e7 32 37 6f c7 90 0f 89 8e a8 2e b2 b0 fc\
+41 85 65 fd ae 62 f7 d9 ec 4c e2 21 7b 97 99 0d\
+d2 72 db 15 7f 99 f6 3c 0d cb b9 fb ac db d4 c4\
+da db 6d f6 77 56 35 8c a4 17 48 25 b4 8f 49 70\
+6d
+ModPrime1PrivateExponent: \
+05 c2 a8 3c 12 4b 36 21 a2 aa 57 ea 2c 3e fe 03\
+5e ff 45 60 f3 3d de bb 7a da b8 1f ce 69 a0 c8\
+c2 ed c1 65 20 dd a8 3d 59 a2 3b e8 67 96 3a c6\
+5f 2c c7 10 bb cf b9 6e e1 03 de b7 71 d1 05 fd\
+85
+ModPrime2PrivateExponent: \
+04 ca e8 aa 0d 9f aa 16 5c 87 b6 82 ec 14 0b 8e\
+d3 b5 0b 24 59 4b 7a 3b 2c 22 0b 36 69 bb 81 9f\
+98 4f 55 31 0a 1a e7 82 36 51 d4 a0 2e 99 44 79\
+72 59 51 39 36 34 34 e5 e3 0a 7e 7d 24 15 51 e1\
+b9
+MultiplicativeInverseOfPrime2ModPrime1: \
+07 d3 e4 7b f6 86 60 0b 11 ac 28 3c e8 8d bb 3f\
+60 51 e8 ef d0 46 80 e4 4c 17 1e f5 31 b8 0b 2b\
+7c 39 fc 76 63 20 e2 cf 15 d8 d9 98 20 e9 6f f3\
+0d c6 96 91 83 9c 4b 40 d7 b0 6e 45 30 7d c9 1f\
+3f
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 8.1
+Message: \
+81 33 2f 4b e6 29 48 41 5e a1 d8 99 79 2e ea cf\
+6c 6e 1d b1 da 8b e1 3b 5c ea 41 db 2f ed 46 70\
+92 e1 ff 39 89 14 c7 14 25 97 75 f5 95 f8 54 7f\
+73 56 92 a5 75 e6 92 3a f7 8f 22 c6 99 7d db 90\
+fb 6f 72 d7 bb 0d d5 74 4a 31 de cd 3d c3 68 58\
+49 83 6e d3 4a ec 59 63 04 ad 11 84 3c 4f 88 48\
+9f 20 97 35 f5 fb 7f da f7 ce c8 ad dc 58 18 16\
+8f 88 0a cb f4 90 d5 10 05 b7 a8 e8 4e 43 e5 42\
+87 97 75 71 dd 99 ee a4 b1 61 eb 2d f1 f5 10 8f\
+12 a4 14 2a 83 32 2e db 05 a7 54 87 a3 43 5c 9a\
+78 ce 53 ed 93 bc 55 08 57 d7 a9 fb
+Salt: \
+1d 65 49 1d 79 c8 64 b3 73 00 9b e6 f6 f2 46 7b\
+ac 4c 78 fa
+Signature: \
+02 62 ac 25 4b fa 77 f3 c1 ac a2 2c 51 79 f8 f0\
+40 42 2b 3c 5b af d4 0a 8f 21 cf 0f a5 a6 67 cc\
+d5 99 3d 42 db af b4 09 c5 20 e2 5f ce 2b 1e e1\
+e7 16 57 7f 1e fa 17 f3 da 28 05 2f 40 f0 41 9b\
+23 10 6d 78 45 aa f0 11 25 b6 98 e7 a4 df e9 2d\
+39 67 bb 00 c4 d0 d3 5b a3 55 2a b9 a8 b3 ee f0\
+7c 7f ec db c5 42 4a c4 db 1e 20 cb 37 d0 b2 74\
+47 69 94 0e a9 07 e1 7f bb ca 67 3b 20 52 23 80\
+c5
+Test: Verify
+Comment: RSASSA-PSS Signature Example 8.2
+Message: \
+e2 f9 6e af 0e 05 e7 ba 32 6e cc a0 ba 7f d2 f7\
+c0 23 56 f3 ce de 9d 0f aa bf 4f cc 8e 60 a9 73\
+e5 59 5f d9 ea 08
+Salt: \
+43 5c 09 8a a9 90 9e b2 37 7f 12 48 b0 91 b6 89\
+87 ff 18 38
+Signature: \
+27 07 b9 ad 51 15 c5 8c 94 e9 32 e8 ec 0a 28 0f\
+56 33 9e 44 a1 b5 8d 4d dc ff 2f 31 2e 5f 34 dc\
+fe 39 e8 9c 6a 94 dc ee 86 db bd ae 5b 79 ba 4e\
+08 19 a9 e7 bf d9 d9 82 e7 ee 6c 86 ee 68 39 6e\
+8b 3a 14 c9 c8 f3 4b 17 8e b7 41 f9 d3 f1 21 10\
+9b f5 c8 17 2f ad a2 e7 68 f9 ea 14 33 03 2c 00\
+4a 8a a0 7e b9 90 00 0a 48 dc 94 c8 ba c8 aa be\
+2b 09 b1 aa 46 c0 a2 aa 0e 12 f6 3f bb a7 75 ba\
+7e
+Test: Verify
+Comment: RSASSA-PSS Signature Example 8.3
+Message: \
+e3 5c 6e d9 8f 64 a6 d5 a6 48 fc ab 8a db 16 33\
+1d b3 2e 5d 15 c7 4a 40 ed f9 4c 3d c4 a4 de 79\
+2d 19 08 89 f2 0f 1e 24 ed 12 05 4a 6b 28 79 8f\
+cb 42 d1 c5 48 76 9b 73 4c 96 37 31 42 09 2a ed\
+27 76 03 f4 73 8d f4 dc 14 46 58 6d 0e c6 4d a4\
+fb 60 53 6d b2 ae 17 fc 7e 3c 04 bb fb bb d9 07\
+bf 11 7c 08 63 6f a1 6f 95 f5 1a 62 16 93 4d 3e\
+34 f8 50 30 f1 7b bb c5 ba 69 14 40 58 af f0 81\
+e0 b1 9c f0 3c 17 19 5c 5e 88 8b a5 8f 6f e0 a0\
+2e 5c 3b da 97 19 a7
+Salt: \
+c6 eb be 76 df 0c 4a ea 32 c4 74 17 5b 2f 13 68\
+62 d0 45 29
+Signature: \
+2a d2 05 09 d7 8c f2 6d 1b 6c 40 61 46 08 6e 4b\
+0c 91 a9 1c 2b d1 64 c8 7b 96 6b 8f aa 42 aa 0c\
+a4 46 02 23 23 ba 4b 1a 1b 89 70 6d 7f 4c 3b e5\
+7d 7b 69 70 2d 16 8a b5 95 5e e2 90 35 6b 8c 4a\
+29 ed 46 7d 54 7e c2 3c ba df 28 6c cb 58 63 c6\
+67 9d a4 67 fc 93 24 a1 51 c7 ec 55 aa c6 db 40\
+84 f8 27 26 82 5c fe 1a a4 21 bc 64 04 9f b4 2f\
+23 14 8f 9c 25 b2 dc 30 04 37 c3 8d 42 8a a7 5f\
+96
+Test: Verify
+Comment: RSASSA-PSS Signature Example 8.4
+Message: \
+db c5 f7 50 a7 a1 4b e2 b9 3e 83 8d 18 d1 4a 86\
+95 e5 2e 8a dd 9c 0a c7 33 b8 f5 6d 27 47 e5 29\
+a0 cc a5 32 dd 49 b9 02 ae fe d5 14 44 7f 9e 81\
+d1 61 95 c2 85 38 68 cb 9b 30 f7 d0 d4 95 c6 9d\
+01 b5 c5 d5 0b 27 04 5d b3 86 6c 23 24 a4 4a 11\
+0b 17 17 74 6d e4 57 d1 c8 c4 5c 3c d2 a9 29 70\
+c3 d5 96 32 05 5d 4c 98 a4 1d 6e 99 e2 a3 dd d5\
+f7 f9 97 9a b3 cd 18 f3 75 05 d2 51 41 de 2a 1b\
+ff 17 b3 a7 dc e9 41 9e cc 38 5c f1 1d 72 84 0f\
+19 95 3f d0 50 92 51 f6 ca fd e2 89 3d 0e 75 c7\
+81 ba 7a 50 12 ca 40 1a 4f a9 9e 04 b3 c3 24 9f\
+92 6d 5a fe 82 cc 87 da b2 2c 3c 1b 10 5d e4 8e\
+34 ac e9 c9 12 4e 59 59 7a c7 eb f8
+Salt: \
+02 1f dc c6 eb b5 e1 9b 1c b1 6e 9c 67 f2 76 81\
+65 7f e2 0a
+Signature: \
+1e 24 e6 e5 86 28 e5 17 50 44 a9 eb 6d 83 7d 48\
+af 12 60 b0 52 0e 87 32 7d e7 89 7e e4 d5 b9 f0\
+df 0b e3 e0 9e d4 de a8 c1 45 4f f3 42 3b b0 8e\
+17 93 24 5a 9d f8 bf 6a b3 96 8c 8e dd c3 b5 32\
+85 71 c7 7f 09 1c c5 78 57 69 12 df eb d1 64 b9\
+de 54 54 fe 0b e1 c1 f6 38 5b 32 83 60 ce 67 ec\
+7a 05 f6 e3 0e b4 5c 17 c4 8a c7 00 41 d2 ca b6\
+7f 0a 2a e7 aa fd cc 8d 24 5e a3 44 2a 63 00 cc\
+c7
+Test: Verify
+Comment: RSASSA-PSS Signature Example 8.5
+Message: \
+04 dc 25 1b e7 2e 88 e5 72 34 85 b6 38 3a 63 7e\
+2f ef e0 76 60 c5 19 a5 60 b8 bc 18 bd ed b8 6e\
+ae 23 64 ea 53 ba 9d ca 6e b3 d2 e7 d6 b8 06 af\
+42 b3 e8 7f 29 1b 4a 88 81 d5 bf 57 2c c9 a8 5e\
+19 c8 6a cb 28 f0 98 f9 da 03 83 c5 66 d3 c0 f5\
+8c fd 8f 39 5d cf 60 2e 5c d4 0e 8c 71 83 f7 14\
+99 6e 22 97 ef
+Salt: \
+c5 58 d7 16 7c bb 45 08 ad a0 42 97 1e 71 b1 37\
+7e ea 42 69
+Signature: \
+33 34 1b a3 57 6a 13 0a 50 e2 a5 cf 86 79 22 43\
+88 d5 69 3f 5a cc c2 35 ac 95 ad d6 8e 5e b1 ee\
+c3 16 66 d0 ca 7a 1c da 6f 70 a1 aa 76 2c 05 75\
+2a 51 95 0c db 8a f3 c5 37 9f 18 cf e6 b5 bc 55\
+a4 64 82 26 a1 5e 91 2e f1 9a d7 7a de ea 91 1d\
+67 cf ef d6 9b a4 3f a4 11 91 35 ff 64 21 17 ba\
+98 5a 7e 01 00 32 5e 95 19 f1 ca 6a 92 16 bd a0\
+55 b5 78 50 15 29 11 25 e9 0d cd 07 a2 ca 96 73\
+ee
+Test: Verify
+Comment: RSASSA-PSS Signature Example 8.6
+Message: \
+0e a3 7d f9 a6 fe a4 a8 b6 10 37 3c 24 cf 39 0c\
+20 fa 6e 21 35 c4 00 c8 a3 4f 5c 18 3a 7e 8e a4\
+c9 ae 09 0e d3 17 59 f4 2d c7 77 19 cc a4 00 ec\
+dc c5 17 ac fc 7a c6 90 26 75 b2 ef 30 c5 09 66\
+5f 33 21 48 2f c6 9a 9f b5 70 d1 5e 01 c8 45 d0\
+d8 e5 0d 2a 24 cb f1 cf 0e 71 49 75 a5 db 7b 18\
+d9 e9 e9 cb 91 b5 cb 16 86 90 60 ed 18 b7 b5 62\
+45 50 3f 0c af 90 35 2b 8d e8 1c b5 a1 d9 c6 33\
+60 92 f0 cd
+Salt: \
+76 fd 4e 64 fd c9 8e b9 27 a0 40 3e 35 a0 84 e7\
+6b a9 f9 2a
+Signature: \
+1e d1 d8 48 fb 1e db 44 12 9b d9 b3 54 79 5a f9\
+7a 06 9a 7a 00 d0 15 10 48 59 3e 0c 72 c3 51 7f\
+f9 ff 2a 41 d0 cb 5a 0a c8 60 d7 36 a1 99 70 4f\
+7c b6 a5 39 86 a8 8b bd 8a bc c0 07 6a 2c e8 47\
+88 00 31 52 5d 44 9d a2 ac 78 35 63 74 c5 36 e3\
+43 fa a7 cb a4 2a 5a aa 65 06 08 77 91 c0 6a 8e\
+98 93 35 ae d1 9b fa b2 d5 e6 7e 27 fb 0c 28 75\
+af 89 6c 21 b6 e8 e7 30 9d 04 e4 f6 72 7e 69 46\
+3e
+Test: Verify
+Comment: Example 9: A 1536-bit RSA Key Pair
+Modulus: \
+e6 bd 69 2a c9 66 45 79 04 03 fd d0 f5 be b8 b9\
+bf 92 ed 10 00 7f c3 65 04 64 19 dd 06 c0 5c 5b\
+5b 2f 48 ec f9 89 e4 ce 26 91 09 97 9c bb 40 b4\
+a0 ad 24 d2 24 83 d1 ee 31 5a d4 cc b1 53 42 68\
+35 26 91 c5 24 f6 dd 8e 6c 29 d2 24 cf 24 69 73\
+ae c8 6c 5b f6 b1 40 1a 85 0d 1b 9a d1 bb 8c bc\
+ec 47 b0 6f 0f 8c 7f 45 d3 fc 8f 31 92 99 c5 43\
+3d db c2 b3 05 3b 47 de d2 ec d4 a4 ca ef d6 14\
+83 3d c8 bb 62 2f 31 7e d0 76 b8 05 7f e8 de 3f\
+84 48 0a d5 e8 3e 4a 61 90 4a 4f 24 8f b3 97 02\
+73 57 e1 d3 0e 46 31 39 81 5c 6f d4 fd 5a c5 b8\
+17 2a 45 23 0e cb 63 18 a0 4f 14 55 d8 4e 5a 8b
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+6a 7f d8 4f b8 5f ad 07 3b 34 40 6d b7 4f 8d 61\
+a6 ab c1 21 96 a9 61 dd 79 56 5e 9d a6 e5 18 7b\
+ce 2d 98 02 50 f7 35 95 75 35 92 70 d9 15 90 bb\
+0e 42 7c 71 46 0b 55 d5 14 10 b1 91 bc f3 09 fe\
+a1 31 a9 2c 8e 70 27 38 fa 71 9f 1e 00 41 f5 2e\
+40 e9 1f 22 9f 4d 96 a1 e6 f1 72 e1 55 96 b4 51\
+0a 6d ae c2 61 05 f2 be bc 53 31 6b 87 bd f2 13\
+11 66 60 70 e8 df ee 69 d5 2c 71 a9 76 ca ae 79\
+c7 2b 68 d2 85 80 dc 68 6d 9f 51 29 d2 25 f8 2b\
+3d 61 55 13 a8 82 b3 db 91 41 6b 48 ce 08 88 82\
+13 e3 7e eb 9a f8 00 d8 1c ab 32 8c e4 20 68 99\
+03 c0 0c 7b 5f d3 1b 75 50 3a 6d 41 96 84 d6 29
+Prime1: \
+f8 eb 97 e9 8d f1 26 64 ee fd b7 61 59 6a 69 dd\
+cd 0e 76 da ec e6 ed 4b f5 a1 b5 0a c0 86 f7 92\
+8a 4d 2f 87 26 a7 7e 51 5b 74 da 41 98 8f 22 0b\
+1c c8 7a a1 fc 81 0c e9 9a 82 f2 d1 ce 82 1e dc\
+ed 79 4c 69 41 f4 2c 7a 1a 0b 8c 4d 28 c7 5e c6\
+0b 65 22 79 f6 15 4a 76 2a ed 16 5d 47 de e3 67
+Prime2: \
+ed 4d 71 d0 a6 e2 4b 93 c2 e5 f6 b4 bb e0 5f 5f\
+b0 af a0 42 d2 04 fe 33 78 d3 65 c2 f2 88 b6 a8\
+da d7 ef e4 5d 15 3e ef 40 ca cc 7b 81 ff 93 40\
+02 d1 08 99 4b 94 a5 e4 72 8c d9 c9 63 37 5a e4\
+99 65 bd a5 5c bf 0e fe d8 d6 55 3b 40 27 f2 d8\
+62 08 a6 e6 b4 89 c1 76 12 80 92 d6 29 e4 9d 3d
+ModPrime1PrivateExponent: \
+2b b6 8b dd fb 0c 4f 56 c8 55 8b ff af 89 2d 80\
+43 03 78 41 e7 fa 81 cf a6 1a 38 c5 e3 9b 90 1c\
+8e e7 11 22 a5 da 22 27 bd 6c de eb 48 14 52 c1\
+2a d3 d6 1d 5e 4f 77 6a 0a b5 56 59 1b ef e3 e5\
+9e 5a 7f dd b8 34 5e 1f 2f 35 b9 f4 ce e5 7c 32\
+41 4c 08 6a ec 99 3e 93 53 e4 80 d9 ee c6 28 9f
+ModPrime2PrivateExponent: \
+4f f8 97 70 9f ad 07 97 46 49 45 78 e7 0f d8 54\
+61 30 ee ab 56 27 c4 9b 08 0f 05 ee 4a d9 f3 e4\
+b7 cb a9 d6 a5 df f1 13 a4 1c 34 09 33 68 33 f1\
+90 81 6d 8a 6b c4 2e 9b ec 56 b7 56 7d 0f 3c 9c\
+69 6d b6 19 b2 45 d9 01 dd 85 6d b7 c8 09 2e 77\
+e9 a1 cc cd 56 ee 4d ba 42 c5 fd b6 1a ec 26 69
+MultiplicativeInverseOfPrime2ModPrime1: \
+77 b9 d1 13 7b 50 40 4a 98 27 29 31 6e fa fc 7d\
+fe 66 d3 4e 5a 18 26 00 d5 f3 0a 0a 85 12 05 1c\
+56 0d 08 1d 4d 0a 18 35 ec 3d 25 a6 0f 4e 4d 6a\
+a9 48 b2 bf 3d bb 5b 12 4c bb c3 48 92 55 a3 a9\
+48 37 2f 69 78 49 67 45 f9 43 e1 db 4f 18 38 2c\
+ea a5 05 df c6 57 57 bb 3f 85 7a 58 dc e5 21 56
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 9.1
+Message: \
+a8 8e 26 58 55 e9 d7 ca 36 c6 87 95 f0 b3 1b 59\
+1c d6 58 7c 71 d0 60 a0 b3 f7 f3 ea ef 43 79 59\
+22 02 8b c2 b6 ad 46 7c fc 2d 7f 65 9c 53 85 aa\
+70 ba 36 72 cd de 4c fe 49 70 cc 79 04 60 1b 27\
+88 72 bf 51 32 1c 4a 97 2f 3c 95 57 0f 34 45 d4\
+f5 79 80 e0 f2 0d f5 48 46 e6 a5 2c 66 8f 12 88\
+c0 3f 95 00 6e a3 2f 56 2d 40 d5 2a f9 fe b3 2f\
+0f a0 6d b6 5b 58 8a 23 7b 34 e5 92 d5 5c f9 79\
+f9 03 a6 42 ef 64 d2 ed 54 2a a8 c7 7d c1 dd 76\
+2f 45 a5 93 03 ed 75 e5 41 ca 27 1e 2b 60 ca 70\
+9e 44 fa 06 61 13 1e 8d 5d 41 63 fd 8d 39 85 66\
+ce 26 de 87 30 e7 2f 9c ca 73 76 41 c2 44 15 94\
+20 63 70 28 df 0a 18 07 9d 62 08 ea 8b 47 11 a2\
+c7 50 f5
+Salt: \
+c0 a4 25 31 3d f8 d7 56 4b d2 43 4d 31 15 23 d5\
+25 7e ed 80
+Signature: \
+58 61 07 22 6c 3c e0 13 a7 c8 f0 4d 1a 6a 29 59\
+bb 4b 8e 20 5b a4 3a 27 b5 0f 12 41 11 bc 35 ef\
+58 9b 03 9f 59 32 18 7c b6 96 d7 d9 a3 2c 0c 38\
+30 0a 5c dd a4 83 4b 62 d2 eb 24 0a f3 3f 79 d1\
+3d fb f0 95 bf 59 9e 0d 96 86 94 8c 19 64 74 7b\
+67 e8 9c 9a ba 5c d8 50 16 23 6f 56 6c c5 80 2c\
+b1 3e ad 51 bc 7c a6 be f3 b9 4d cb db b1 d5 70\
+46 97 71 df 0e 00 b1 a8 a0 67 77 47 2d 23 16 27\
+9e da e8 64 74 66 8d 4e 1e ff f9 5f 1d e6 1c 60\
+20 da 32 ae 92 bb f1 65 20 fe f3 cf 4d 88 f6 11\
+21 f2 4b bd 9f e9 1b 59 ca f1 23 5b 2a 93 ff 81\
+fc 40 3a dd f4 eb de a8 49 34 a9 cd af 8e 1a 9e
+Test: Verify
+Comment: RSASSA-PSS Signature Example 9.2
+Message: \
+c8 c9 c6 af 04 ac da 41 4d 22 7e f2 3e 08 20 c3\
+73 2c 50 0d c8 72 75 e9 5b 0d 09 54 13 99 3c 26\
+58 bc 1d 98 85 81 ba 87 9c 2d 20 1f 14 cb 88 ce\
+d1 53 a0 19 69 a7 bf 0a 7b e7 9c 84 c1 48 6b c1\
+2b 3f a6 c5 98 71 b6 82 7c 8c e2 53 ca 5f ef a8\
+a8 c6 90 bf 32 6e 8e 37 cd b9 6d 90 a8 2e ba b6\
+9f 86 35 0e 18 22 e8 bd 53 6a 2e
+Salt: \
+b3 07 c4 3b 48 50 a8 da c2 f1 5f 32 e3 78 39 ef\
+8c 5c 0e 91
+Signature: \
+80 b6 d6 43 25 52 09 f0 a4 56 76 38 97 ac 9e d2\
+59 d4 59 b4 9c 28 87 e5 88 2e cb 44 34 cf d6 6d\
+d7 e1 69 93 75 38 1e 51 cd 7f 55 4f 2c 27 17 04\
+b3 99 d4 2b 4b e2 54 0a 0e ca 61 95 1f 55 26 7f\
+7c 28 78 c1 22 84 2d ad b2 8b 01 bd 5f 8c 02 5f\
+7e 22 84 18 a6 73 c0 3d 6b c0 c7 36 d0 a2 95 46\
+bd 67 f7 86 d9 d6 92 cc ea 77 8d 71 d9 8c 20 63\
+b7 a7 10 92 18 7a 4d 35 af 10 81 11 d8 3e 83 ea\
+e4 6c 46 aa 34 27 7e 06 04 45 89 90 37 88 f1 d5\
+e7 ce e2 5f b4 85 e9 29 49 11 88 14 d6 f2 c3 ee\
+36 14 89 01 6f 32 7f b5 bc 51 7e b5 04 70 bf fa\
+1a fa 5f 4c e9 aa 0c e5 b8 ee 19 bf 55 01 b9 58
+Test: Verify
+Comment: RSASSA-PSS Signature Example 9.3
+Message: \
+0a fa d4 2c cd 4f c6 06 54 a5 50 02 d2 28 f5 2a\
+4a 5f e0 3b 8b bb 08 ca 82 da ca 55 8b 44 db e1\
+26 6e 50 c0 e7 45 a3 6d 9d 29 04 e3 40 8a bc d1\
+fd 56 99 94 06 3f 4a 75 cc 72 f2 fe e2 a0 cd 89\
+3a 43 af 1c 5b 8b 48 7d f0 a7 16 10 02 4e 4f 6d\
+df 9f 28 ad 08 13 c1 aa b9 1b cb 3c 90 64 d5 ff\
+74 2d ef fe a6 57 09 41 39 36 9e 5e a6 f4 a9 63\
+19 a5 cc 82 24 14 5b 54 50 62 75 8f ef d1 fe 34\
+09 ae 16 92 59 c6 cd fd 6b 5f 29 58 e3 14 fa ec\
+be 69 d2 ca ce 58 ee 55 17 9a b9 b3 e6 d1 ec c1\
+4a 55 7c 5f eb e9 88 59 52 64 fc 5d a1 c5 71 46\
+2e ca 79 8a 18 a1 a4 94 0c da b4 a3 e9 20 09 cc\
+d4 2e 1e 94 7b 13 14 e3 22 38 a2 de ce 7d 23 a8\
+9b 5b 30 c7 51 fd 0a 4a 43 0d 2c 54 85 94
+Salt: \
+9a 2b 00 7e 80 97 8b bb 19 2c 35 4e b7 da 9a ed\
+fc 74 db f5
+Signature: \
+48 44 08 f3 89 8c d5 f5 34 83 f8 08 19 ef bf 27\
+08 c3 4d 27 a8 b2 a6 fa e8 b3 22 f9 24 02 37 f9\
+81 81 7a ca 18 46 f1 08 4d aa 6d 7c 07 95 f6 e5\
+bf 1a f5 9c 38 e1 85 84 37 ce 1f 7e c4 19 b9 8c\
+87 36 ad f6 dd 9a 00 b1 80 6d 2b d3 ad 0a 73 77\
+5e 05 f5 2d fe f3 a5 9a b4 b0 81 43 f0 df 05 cd\
+1a d9 d0 4b ec ec a6 da a4 a2 12 98 03 e2 00 cb\
+c7 77 87 ca f4 c1 d0 66 3a 6c 59 87 b6 05 95 20\
+19 78 2c af 2e c1 42 6d 68 fb 94 ed 1d 4b e8 16\
+a7 ed 08 1b 77 e6 ab 33 0b 3f fc 07 38 20 fe cd\
+e3 72 7f cb e2 95 ee 61 a0 50 a3 43 65 86 37 c3\
+fd 65 9c fb 63 73 6d e3 2d 9f 90 d3 c2 f6 3e ca
+Test: Verify
+Comment: RSASSA-PSS Signature Example 9.4
+Message: \
+1d fd 43 b4 6c 93 db 82 62 9b da e2 bd 0a 12 b8\
+82 ea 04 c3 b4 65 f5 cf 93 02 3f 01 05 96 26 db\
+be 99 f2 6b b1 be 94 9d dd d1 6d c7 f3 de bb 19\
+a1 94 62 7f 0b 22 44 34 df 7d 87 00 e9 e9 8b 06\
+e3 60 c1 2f db e3 d1 9f 51 c9 68 4e b9 08 9e cb\
+b0 a2 f0 45 03 99 d3 f5 9e ac 72 94 08 5d 04 4f\
+53 93 c6 ce 73 74 23 d8 b8 6c 41 53 70 d3 89 e3\
+0b 9f 0a 3c 02 d2 5d 00 82 e8 ad 6f 3f 1e f2 4a\
+45 c3 cf 82 b3 83 36 70 63 a4 d4 61 3e 42 64 f0\
+1b 2d ac 2e 5a a4 20 43 f8 fb 5f 69 fa 87 1d 14\
+fb 27 3e 76 7a 53 1c 40 f0 2f 34 3b c2 fb 45 a0\
+c7 e0 f6 be 25 61 92 3a 77 21 1d 66 a6 e2 db b4\
+3c 36 63 50 be ae 22 da 3a c2 c1 f5 07 70 96 fc\
+b5 c4 bf 25 5f 75 74 35 1a e0 b1 e1 f0 36 32 81\
+7c 08 56 d4 a8 ba 97 af bd c8 b8 58 55 40 2b c5\
+69 26 fc ec 20 9f 9e a8
+Salt: \
+70 f3 82 bd df 4d 5d 2d d8 8b 3b c7 b7 30 8b e6\
+32 b8 40 45
+Signature: \
+84 eb eb 48 1b e5 98 45 b4 64 68 ba fb 47 1c 01\
+12 e0 2b 23 5d 84 b5 d9 11 cb d1 92 6e e5 07 4a\
+e0 42 44 95 cb 20 e8 23 08 b8 eb b6 5f 41 9a 03\
+fb 40 e7 2b 78 98 1d 88 aa d1 43 05 36 85 17 2c\
+97 b2 9c 8b 7b f0 ae 73 b5 b2 26 3c 40 3d a0 ed\
+2f 80 ff 74 50 af 78 28 eb 8b 86 f0 02 8b d2 a8\
+b1 76 a4 d2 28 cc ce a1 83 94 f2 38 b0 9f f7 58\
+cc 00 bc 04 30 11 52 35 57 42 f2 82 b5 4e 66 3a\
+91 9e 70 9d 8d a2 4a de 55 00 a7 b9 aa 50 22 6e\
+0c a5 29 23 e6 c2 d8 60 ec 50 ff 48 0f a5 74 77\
+e8 2b 05 65 f4 37 9f 79 c7 72 d5 c2 da 80 af 9f\
+bf 32 5e ce 6f c2 0b 00 96 16 14 be e8 9a 18 3e
+Test: Verify
+Comment: RSASSA-PSS Signature Example 9.5
+Message: \
+1b dc 6e 7c 98 fb 8c f5 4e 9b 09 7b 66 a8 31 e9\
+cf e5 2d 9d 48 88 44 8e e4 b0 97 80 93 ba 1d 7d\
+73 ae 78 b3 a6 2b a4 ad 95 cd 28 9c cb 9e 00 52\
+26 bb 3d 17 8b cc aa 82 1f b0 44 a4 e2 1e e9 76\
+96 c1 4d 06 78 c9 4c 2d ae 93 b0 ad 73 92 22 18\
+55 3d aa 7e 44 eb e5 77 25 a7 a4 5c c7 2b 9b 21\
+38 a6 b1 7c 8d b4 11 ce 82 79 ee 12 41 af f0 a8\
+be c6 f7 7f 87 ed b0 c6 9c b2 72 36 e3 43 5a 80\
+0b 19 2e 4f 11 e5 19 e3 fe 30 fc 30 ea cc ca 4f\
+bb 41 76 90 29 bf 70 8e 81 7a 9e 68 38 05 be 67\
+fa 10 09 84 68 3b 74 83 8e 3b cf fa 79 36 6e ed\
+1d 48 1c 76 72 91 18 83 8f 31 ba 8a 04 8a 93 c1\
+be 44 24 59 8e 8d f6 32 8b 7a 77 88 0a 3f 9c 7e\
+2e 8d fc a8 eb 5a 26 fb 86 bd c5 56 d4 2b be 01\
+d9 fa 6e d8 06 46 49 1c 93 41
+Salt: \
+d6 89 25 7a 86 ef fa 68 21 2c 5e 0c 61 9e ca 29\
+5f b9 1b 67
+Signature: \
+82 10 2d f8 cb 91 e7 17 99 19 a0 4d 26 d3 35 d6\
+4f bc 2f 87 2c 44 83 39 43 24 1d e8 45 48 10 27\
+4c df 3d b5 f4 2d 42 3d b1 52 af 71 35 f7 01 42\
+0e 39 b4 94 a6 7c bf d1 9f 91 19 da 23 3a 23 da\
+5c 64 39 b5 ba 0d 2b c3 73 ee e3 50 70 01 37 8d\
+4a 40 73 85 6b 7f e2 ab a0 b5 ee 93 b2 7f 4a fe\
+c7 d4 d1 20 92 1c 83 f6 06 76 5b 02 c1 9e 4d 6a\
+1a 3b 95 fa 4c 42 29 51 be 4f 52 13 10 77 ef 17\
+17 97 29 cd df bd b5 69 50 db ac ee fe 78 cb 16\
+64 0a 09 9e a5 6d 24 38 9e ef 10 f8 fe cb 31 ba\
+3e a3 b2 27 c0 a8 66 98 bb 89 e3 e9 36 39 05 bf\
+22 77 7b 2a 3a a5 21 b6 5b 4c ef 76 d8 3b de 4c
+Test: Verify
+Comment: RSASSA-PSS Signature Example 9.6
+Message: \
+88 c7 a9 f1 36 04 01 d9 0e 53 b1 01 b6 1c 53 25\
+c3 c7 5d b1 b4 11 fb eb 8e 83 0b 75 e9 6b 56 67\
+0a d2 45 40 4e 16 79 35 44 ee 35 4b c6 13 a9 0c\
+c9 84 87 15 a7 3d b5 89 3e 7f 6d 27 98 15 c0 c1\
+de 83 ef 8e 29 56 e3 a5 6e d2 6a 88 8d 7a 9c dc\
+d0 42 f4 b1 6b 7f a5 1e f1 a0 57 36 62 d1 6a 30\
+2d 0e c5 b2 85 d2 e0 3a d9 65 29 c8 7b 3d 37 4d\
+b3 72 d9 5b 24 43 d0 61 b6 b1 a3 50 ba 87 80 7e\
+d0 83 af d1 eb 05 c3 f5 2f 4e ba 5e d2 22 77 14\
+fd b5 0b 9d 9d 9d d6 81 4f 62 f6 27 2f cd 5c db\
+ce 7a 9e f7 97
+Salt: \
+c2 5f 13 bf 67 d0 81 67 1a 04 81 a1 f1 82 0d 61\
+3b ba 22 76
+Signature: \
+a7 fd b0 d2 59 16 5c a2 c8 8d 00 bb f1 02 8a 86\
+7d 33 76 99 d0 61 19 3b 17 a9 64 8e 14 cc bb aa\
+de ac aa cd ec 81 5e 75 71 29 4e bb 8a 11 7a f2\
+05 fa 07 8b 47 b0 71 2c 19 9e 3a d0 51 35 c5 04\
+c2 4b 81 70 51 15 74 08 02 48 79 92 ff d5 11 d4\
+af c6 b8 54 49 1e b3 f0 dd 52 31 39 54 2f f1 5c\
+31 01 ee 85 54 35 17 c6 a3 c7 94 17 c6 7e 2d d9\
+aa 74 1e 9a 29 b0 6d cb 59 3c 23 36 b3 67 0a e3\
+af ba c7 c3 e7 6e 21 54 73 e8 66 e3 38 ca 24 4d\
+e0 0b 62 62 4d 6b 94 26 82 2c ea e9 f8 cc 46 08\
+95 f4 12 50 07 3f d4 5c 5a 1e 7b 42 5c 20 4a 42\
+3a 69 91 59 f6 90 3e 71 0b 37 a7 bb 2b c8 04 9f
+Test: Verify
+Comment: Example 10: A 2048-bit RSA Key Pair
+Modulus: \
+a5 dd 86 7a c4 cb 02 f9 0b 94 57 d4 8c 14 a7 70\
+ef 99 1c 56 c3 9c 0e c6 5f d1 1a fa 89 37 ce a5\
+7b 9b e7 ac 73 b4 5c 00 17 61 5b 82 d6 22 e3 18\
+75 3b 60 27 c0 fd 15 7b e1 2f 80 90 fe e2 a7 ad\
+cd 0e ef 75 9f 88 ba 49 97 c7 a4 2d 58 c9 aa 12\
+cb 99 ae 00 1f e5 21 c1 3b b5 43 14 45 a8 d5 ae\
+4f 5e 4c 7e 94 8a c2 27 d3 60 40 71 f2 0e 57 7e\
+90 5f be b1 5d fa f0 6d 1d e5 ae 62 53 d6 3a 6a\
+21 20 b3 1a 5d a5 da bc 95 50 60 0e 20 f2 7d 37\
+39 e2 62 79 25 fe a3 cc 50 9f 21 df f0 4e 6e ea\
+45 49 c5 40 d6 80 9f f9 30 7e ed e9 1f ff 58 73\
+3d 83 85 a2 37 d6 d3 70 5a 33 e3 91 90 09 92 07\
+0d f7 ad f1 35 7c f7 e3 70 0c e3 66 7d e8 3f 17\
+b8 df 17 78 db 38 1d ce 09 cb 4a d0 58 a5 11 00\
+1a 73 81 98 ee 27 cf 55 a1 3b 75 45 39 90 65 82\
+ec 8b 17 4b d5 8d 5d 1f 3d 76 7c 61 37 21 ae 05
+PublicExponent: \
+01 00 01
+PrivateExponent: \
+2d 2f f5 67 b3 fe 74 e0 61 91 b7 fd ed 6d e1 12\
+29 0c 67 06 92 43 0d 59 69 18 40 47 da 23 4c 96\
+93 de ed 16 73 ed 42 95 39 c9 69 d3 72 c0 4d 6b\
+47 e0 f5 b8 ce e0 84 3e 5c 22 83 5d bd 3b 05 a0\
+99 79 84 ae 60 58 b1 1b c4 90 7c bf 67 ed 84 fa\
+9a e2 52 df b0 d0 cd 49 e6 18 e3 5d fd fe 59 bc\
+a3 dd d6 6c 33 ce bb c7 7a d4 41 aa 69 5e 13 e3\
+24 b5 18 f0 1c 60 f5 a8 5c 99 4a d1 79 f2 a6 b5\
+fb e9 34 02 b1 17 67 be 01 bf 07 34 44 d6 ba 1d\
+d2 bc a5 bd 07 4d 4a 5f ae 35 31 ad 13 03 d8 4b\
+30 d8 97 31 8c bb ba 04 e0 3c 2e 66 de 6d 91 f8\
+2f 96 ea 1d 4b b5 4a 5a ae 10 2d 59 46 57 f5 c9\
+78 95 53 51 2b 29 6d ea 29 d8 02 31 96 35 7e 3e\
+3a 6e 95 8f 39 e3 c2 34 40 38 ea 60 4b 31 ed c6\
+f0 f7 ff 6e 71 81 a5 7c 92 82 6a 26 8f 86 76 8e\
+96 f8 78 56 2f c7 1d 85 d6 9e 44 86 12 f7 04 8f
+Prime1: \
+cf d5 02 83 fe ee b9 7f 6f 08 d7 3c bc 7b 38 36\
+f8 2b bc d4 99 47 9f 5e 6f 76 fd fc b8 b3 8c 4f\
+71 dc 9e 88 bd 6a 6f 76 37 1a fd 65 d2 af 18 62\
+b3 2a fb 34 a9 5f 71 b8 b1 32 04 3f fe be 3a 95\
+2b af 75 92 44 81 48 c0 3f 9c 69 b1 d6 8e 4c e5\
+cf 32 c8 6b af 46 fe d3 01 ca 1a b4 03 06 9b 32\
+f4 56 b9 1f 71 89 8a b0 81 cd 8c 42 52 ef 52 71\
+91 5c 97 94 b8 f2 95 85 1d a7 51 0f 99 cb 73 eb
+Prime2: \
+cc 4e 90 d2 a1 b3 a0 65 d3 b2 d1 f5 a8 fc e3 1b\
+54 44 75 66 4e ab 56 1d 29 71 b9 9f b7 be f8 44\
+e8 ec 1f 36 0b 8c 2a c8 35 96 92 97 1e a6 a3 8f\
+72 3f cc 21 1f 5d bc b1 77 a0 fd ac 51 64 a1 d4\
+ff 7f bb 4e 82 99 86 35 3c b9 83 65 9a 14 8c dd\
+42 0c 7d 31 ba 38 22 ea 90 a3 2b e4 6c 03 0e 8c\
+17 e1 fa 0a d3 78 59 e0 6b 0a a6 fa 3b 21 6d 9c\
+be 6c 0e 22 33 97 69 c0 a6 15 91 3e 5d a7 19 cf
+ModPrime1PrivateExponent: \
+1c 2d 1f c3 2f 6b c4 00 4f d8 5d fd e0 fb bf 9a\
+4c 38 f9 c7 c4 e4 1d ea 1a a8 82 34 a2 01 cd 92\
+f3 b7 da 52 65 83 a9 8a d8 5b b3 60 fb 98 3b 71\
+1e 23 44 9d 56 1d 17 78 d7 a5 15 48 6b cb f4 7b\
+46 c9 e9 e1 a3 a1 f7 70 00 ef be b0 9a 8a fe 47\
+e5 b8 57 cd a9 9c b1 6d 7f ff 9b 71 2e 3b d6 0c\
+a9 6d 9c 79 73 d6 16 d4 69 34 a9 c0 50 28 1c 00\
+43 99 ce ff 1d b7 dd a7 87 66 a8 a9 b9 cb 08 73
+ModPrime2PrivateExponent: \
+cb 3b 3c 04 ca a5 8c 60 be 7d 9b 2d eb b3 e3 96\
+43 f4 f5 73 97 be 08 23 6a 1e 9e af aa 70 65 36\
+e7 1c 3a cf e0 1c c6 51 f2 3c 9e 05 85 8f ee 13\
+bb 6a 8a fc 47 df 4e dc 9a 4b a3 0b ce cb 73 d0\
+15 78 52 32 7e e7 89 01 5c 2e 8d ee 7b 9f 05 a0\
+f3 1a c9 4e b6 17 31 64 74 0c 5c 95 14 7c d5 f3\
+b5 ae 2c b4 a8 37 87 f0 1d 8a b3 1f 27 c2 d0 ee\
+a2 dd 8a 11 ab 90 6a ba 20 7c 43 c6 ee 12 53 31
+MultiplicativeInverseOfPrime2ModPrime1: \
+12 f6 b2 cf 13 74 a7 36 fa d0 56 16 05 0f 96 ab\
+4b 61 d1 17 7c 7f 9d 52 5a 29 f3 d1 80 e7 76 67\
+e9 9d 99 ab f0 52 5d 07 58 66 0f 37 52 65 5b 0f\
+25 b8 df 84 31 d9 a8 ff 77 c1 6c 12 a0 a5 12 2a\
+9f 0b f7 cf d5 a2 66 a3 5c 15 9f 99 12 08 b9 03\
+16 ff 44 4f 3e 0b 6b d0 e9 3b 8a 7a 24 48 e9 57\
+e3 dd a6 cf cf 22 66 b1 06 01 3a c4 68 08 d3 b3\
+88 7b 3b 00 34 4b aa c9 53 0b 4c e7 08 fc 32 b6
+Test: KeyPairValidAndConsistent
+Comment: RSASSA-PSS Signature Example 10.1
+Message: \
+88 31 77 e5 12 6b 9b e2 d9 a9 68 03 27 d5 37 0c\
+6f 26 86 1f 58 20 c4 3d a6 7a 3a d6 09
+Salt: \
+04 e2 15 ee 6f f9 34 b9 da 70 d7 73 0c 87 34 ab\
+fc ec de 89
+Signature: \
+82 c2 b1 60 09 3b 8a a3 c0 f7 52 2b 19 f8 73 54\
+06 6c 77 84 7a bf 2a 9f ce 54 2d 0e 84 e9 20 c5\
+af b4 9f fd fd ac e1 65 60 ee 94 a1 36 96 01 14\
+8e ba d7 a0 e1 51 cf 16 33 17 91 a5 72 7d 05 f2\
+1e 74 e7 eb 81 14 40 20 69 35 d7 44 76 5a 15 e7\
+9f 01 5c b6 6c 53 2c 87 a6 a0 59 61 c8 bf ad 74\
+1a 9a 66 57 02 28 94 39 3e 72 23 73 97 96 c0 2a\
+77 45 5d 0f 55 5b 0e c0 1d df 25 9b 62 07 fd 0f\
+d5 76 14 ce f1 a5 57 3b aa ff 4e c0 00 69 95 16\
+59 b8 5f 24 30 0a 25 16 0c a8 52 2d c6 e6 72 7e\
+57 d0 19 d7 e6 36 29 b8 fe 5e 89 e2 5c c1 5b eb\
+3a 64 75 77 55 92 99 28 0b 9b 28 f7 9b 04 09 00\
+0b e2 5b bd 96 40 8b a3 b4 3c c4 86 18 4d d1 c8\
+e6 25 53 fa 1a f4 04 0f 60 66 3d e7 f5 e4 9c 04\
+38 8e 25 7f 1c e8 9c 95 da b4 8a 31 5d 9b 66 b1\
+b7 62 82 33 87 6f f2 38 52 30 d0 70 d0 7e 16 66
+Comment: RSASSA-PSS Signature Example 10.2
+Message: \
+dd 67 0a 01 46 58 68 ad c9 3f 26 13 19 57 a5 0c\
+52 fb 77 7c db aa 30 89 2c 9e 12 36 11 64 ec 13\
+97 9d 43 04 81 18 e4 44 5d b8 7b ee 58 dd 98 7b\
+34 25 d0 20 71 d8 db ae 80 70 8b 03 9d bb 64 db\
+d1 de 56 57 d9 fe d0 c1 18 a5 41 43 74 2e 0f f3\
+c8 7f 74 e4 58 57 64 7a f3 f7 9e b0 a1 4c 9d 75\
+ea 9a 1a 04 b7 cf 47 8a 89 7a 70 8f d9 88 f4 8e\
+80 1e db 0b 70 39 df 8c 23 bb 3c 56 f4 e8 21 ac
+Salt: \
+8b 2b dd 4b 40 fa f5 45 c7 78 dd f9 bc 1a 49 cb\
+57 f9 b7 1b
+Signature: \
+14 ae 35 d9 dd 06 ba 92 f7 f3 b8 97 97 8a ed 7c\
+d4 bf 5f f0 b5 85 a4 0b d4 6c e1 b4 2c d2 70 30\
+53 bb 90 44 d6 4e 81 3d 8f 96 db 2d d7 00 7d 10\
+11 8f 6f 8f 84 96 09 7a d7 5e 1f f6 92 34 1b 28\
+92 ad 55 a6 33 a1 c5 5e 7f 0a 0a d5 9a 0e 20 3a\
+5b 82 78 ae c5 4d d8 62 2e 28 31 d8 71 74 f8 ca\
+ff 43 ee 6c 46 44 53 45 d8 4a 59 65 9b fb 92 ec\
+d4 c8 18 66 86 95 f3 47 06 f6 68 28 a8 99 59 63\
+7f 2b f3 e3 25 1c 24 bd ba 4d 4b 76 49 da 00 22\
+21 8b 11 9c 84 e7 9a 65 27 ec 5b 8a 5f 86 1c 15\
+99 52 e2 3e c0 5e 1e 71 73 46 fa ef e8 b1 68 68\
+25 bd 2b 26 2f b2 53 10 66 c0 de 09 ac de 2e 42\
+31 69 07 28 b5 d8 5e 11 5a 2f 6b 92 b7 9c 25 ab\
+c9 bd 93 99 ff 8b cf 82 5a 52 ea 1f 56 ea 76 dd\
+26 f4 3b aa fa 18 bf a9 2a 50 4c bd 35 69 9e 26\
+d1 dc c5 a2 88 73 85 f3 c6 32 32 f0 6f 32 44 c3
+Comment: RSASSA-PSS Signature Example 10.3
+Message: \
+48 b2 b6 a5 7a 63 c8 4c ea 85 9d 65 c6 68 28 4b\
+08 d9 6b dc aa be 25 2d b0 e4 a9 6c b1 ba c6 01\
+93 41 db 6f be fb 8d 10 6b 0e 90 ed a6 bc c6 c6\
+26 2f 37 e7 ea 9c 7e 5d 22 6b d7 df 85 ec 5e 71\
+ef ff 2f 54 c5 db 57 7f f7 29 ff 91 b8 42 49 1d\
+e2 74 1d 0c 63 16 07 df 58 6b 90 5b 23 b9 1a f1\
+3d a1 23 04 bf 83 ec a8 a7 3e 87 1f f9 db
+Salt: \
+4e 96 fc 1b 39 8f 92 b4 46 71 01 0c 0d c3 ef d6\
+e2 0c 2d 73
+Signature: \
+6e 3e 4d 7b 6b 15 d2 fb 46 01 3b 89 00 aa 5b bb\
+39 39 cf 2c 09 57 17 98 70 42 02 6e e6 2c 74 c5\
+4c ff d5 d7 d5 7e fb bf 95 0a 0f 5c 57 4f a0 9d\
+3f c1 c9 f5 13 b0 5b 4f f5 0d d8 df 7e df a2 01\
+02 85 4c 35 e5 92 18 01 19 a7 0c e5 b0 85 18 2a\
+a0 2d 9e a2 aa 90 d1 df 03 f2 da ae 88 5b a2 f5\
+d0 5a fd ac 97 47 6f 06 b9 3b 5b c9 4a 1a 80 aa\
+91 16 c4 d6 15 f3 33 b0 98 89 2b 25 ff ac e2 66\
+f5 db 5a 5a 3b cc 10 a8 24 ed 55 aa d3 5b 72 78\
+34 fb 8c 07 da 28 fc f4 16 a5 d9 b2 22 4f 1f 8b\
+44 2b 36 f9 1e 45 6f de a2 d7 cf e3 36 72 68 de\
+03 07 a4 c7 4e 92 41 59 ed 33 39 3d 5e 06 55 53\
+1c 77 32 7b 89 82 1b de df 88 01 61 c7 8c d4 19\
+6b 54 19 f7 ac c3 f1 3e 5e bf 16 1b 6e 7c 67 24\
+71 6c a3 3b 85 c2 e2 56 40 19 2a c2 85 96 51 d5\
+0b de 7e b9 76 e5 1c ec 82 8b 98 b6 56 3b 86 bb
+Comment: RSASSA-PSS Signature Example 10.4
+Message: \
+0b 87 77 c7 f8 39 ba f0 a6 4b bb db c5 ce 79 75\
+5c 57 a2 05 b8 45 c1 74 e2 d2 e9 05 46 a0 89 c4\
+e6 ec 8a df fa 23 a7 ea 97 ba e6 b6 5d 78 2b 82\
+db 5d 2b 5a 56 d2 2a 29 a0 5e 7c 44 33 e2 b8 2a\
+62 1a bb a9 0a dd 05 ce 39 3f c4 8a 84 05 42 45\
+1a
+Salt: \
+c7 cd 69 8d 84 b6 51 28 d8 83 5e 3a 8b 1e b0 e0\
+1c b5 41 ec
+Signature: \
+34 04 7f f9 6c 4d c0 dc 90 b2 d4 ff 59 a1 a3 61\
+a4 75 4b 25 5d 2e e0 af 7d 8b f8 7c 9b c9 e7 dd\
+ee de 33 93 4c 63 ca 1c 0e 3d 26 2c b1 45 ef 93\
+2a 1f 2c 0a 99 7a a6 a3 4f 8e ae e7 47 7d 82 cc\
+f0 90 95 a6 b8 ac ad 38 d4 ee c9 fb 7e ab 7a d0\
+2d a1 d1 1d 8e 54 c1 82 5e 55 bf 58 c2 a2 32 34\
+b9 02 be 12 4f 9e 90 38 a8 f6 8f a4 5d ab 72 f6\
+6e 09 45 bf 1d 8b ac c9 04 4c 6f 07 09 8c 9f ce\
+c5 8a 3a ab 10 0c 80 51 78 15 5f 03 0a 12 4c 45\
+0e 5a cb da 47 d0 e4 f1 0b 80 a2 3f 80 3e 77 4d\
+02 3b 00 15 c2 0b 9f 9b be 7c 91 29 63 38 d5 ec\
+b4 71 ca fb 03 20 07 b6 7a 60 be 5f 69 50 4a 9f\
+01 ab b3 cb 46 7b 26 0e 2b ce 86 0b e8 d9 5b f9\
+2c 0c 8e 14 96 ed 1e 52 85 93 a4 ab b6 df 46 2d\
+de 8a 09 68 df fe 46 83 11 68 57 a2 32 f5 eb f6\
+c8 5b e2 38 74 5a d0 f3 8f 76 7a 5f db f4 86 fb
+Comment: RSASSA-PSS Signature Example 10.5
+Message: \
+f1 03 6e 00 8e 71 e9 64 da dc 92 19 ed 30 e1 7f\
+06 b4 b6 8a 95 5c 16 b3 12 b1 ed df 02 8b 74 97\
+6b ed 6b 3f 6a 63 d4 e7 78 59 24 3c 9c cc dc 98\
+01 65 23 ab b0 24 83 b3 55 91 c3 3a ad 81 21 3b\
+b7 c7 bb 1a 47 0a ab c1 0d 44 25 6c 4d 45 59 d9\
+16
+Salt: \
+ef a8 bf f9 62 12 b2 f4 a3 f3 71 a1 0d 57 41 52\
+65 5f 5d fb
+Signature: \
+7e 09 35 ea 18 f4 d6 c1 d1 7c e8 2e b2 b3 83 6c\
+55 b3 84 58 9c e1 9d fe 74 33 63 ac 99 48 d1 f3\
+46 b7 bf dd fe 92 ef d7 8a db 21 fa ef c8 9a de\
+42 b1 0f 37 40 03 fe 12 2e 67 42 9a 1c b8 cb d1\
+f8 d9 01 45 64 c4 4d 12 01 16 f4 99 0f 1a 6e 38\
+77 4c 19 4b d1 b8 21 32 86 b0 77 b0 49 9d 2e 7b\
+3f 43 4a b1 22 89 c5 56 68 4d ee d7 81 31 93 4b\
+b3 dd 65 37 23 6f 7c 6f 3d cb 09 d4 76 be 07 72\
+1e 37 e1 ce ed 9b 2f 7b 40 68 87 bd 53 15 73 05\
+e1 c8 b4 f8 4d 73 3b c1 e1 86 fe 06 cc 59 b6 ed\
+b8 f4 bd 7f fe fd f4 f7 ba 9c fb 9d 57 06 89 b5\
+a1 a4 10 9a 74 6a 69 08 93 db 37 99 25 5a 0c b9\
+21 5d 2d 1c d4 90 59 0e 95 2e 8c 87 86 aa 00 11\
+26 52 52 47 0c 04 1d fb c3 ee c7 c3 cb f7 1c 24\
+86 9d 11 5c 0c b4 a9 56 f5 6d 53 0b 80 ab 58 9a\
+cf ef c6 90 75 1d df 36 e8 d3 83 f8 3c ed d2 cc
+Comment: RSASSA-PSS Signature Example 10.6
+Message: \
+25 f1 08 95 a8 77 16 c1 37 45 0b b9 51 9d fa a1\
+f2 07 fa a9 42 ea 88 ab f7 1e 9c 17 98 00 85 b5\
+55 ae ba b7 62 64 ae 2a 3a b9 3c 2d 12 98 11 91\
+dd ac 6f b5 94 9e b3 6a ee 3c 5d a9 40 f0 07 52\
+c9 16 d9 46 08 fa 7d 97 ba 6a 29 15 b6 88 f2 03\
+23 d4 e9 d9 68 01 d8 9a 72 ab 58 92 dc 21 17 c0\
+74 34 fc f9 72 e0 58 cf 8c 41 ca 4b 4f f5 54 f7\
+d5 06 8a d3 15 5f ce d0 f3 12 5b c0 4f 91 93 37\
+8a 8f 5c 4c 3b 8c b4 dd 6d 1c c6 9d 30 ec ca 6e\
+aa 51 e3 6a 05 73 0e 9e 34 2e 85 5b af 09 9d ef\
+b8 af d7
+Salt: \
+ad 8b 15 23 70 36 46 22 4b 66 0b 55 08 85 91 7c\
+a2 d1 df 28
+Signature: \
+6d 3b 5b 87 f6 7e a6 57 af 21 f7 54 41 97 7d 21\
+80 f9 1b 2c 5f 69 2d e8 29 55 69 6a 68 67 30 d9\
+b9 77 8d 97 07 58 cc b2 60 71 c2 20 9f fb d6 12\
+5b e2 e9 6e a8 1b 67 cb 9b 93 08 23 9f da 17 f7\
+b2 b6 4e cd a0 96 b6 b9 35 64 0a 5a 1c b4 2a 91\
+55 b1 c9 ef 7a 63 3a 02 c5 9f 0d 6e e5 9b 85 2c\
+43 b3 50 29 e7 3c 94 0f f0 41 0e 8f 11 4e ed 46\
+bb d0 fa e1 65 e4 2b e2 52 8a 40 1c 3b 28 fd 81\
+8e f3 23 2d ca 9f 4d 2a 0f 51 66 ec 59 c4 23 96\
+d6 c1 1d bc 12 15 a5 6f a1 71 69 db 95 75 34 3e\
+f3 4f 9d e3 2a 49 cd c3 17 49 22 f2 29 c2 3e 18\
+e4 5d f9 35 31 19 ec 43 19 ce dc e7 a1 7c 64 08\
+8c 1f 6f 52 be 29 63 41 00 b3 91 9d 38 f3 d1 ed\
+94 e6 89 1e 66 a7 3b 8f b8 49 f5 87 4d f5 94 59\
+e2 98 c7 bb ce 2e ee 78 2a 19 5a a6 6f e2 d0 73\
+2b 25 e5 95 f5 7d 3e 06 1b 1f c3 e4 06 3b f9 8f
+Test: Verify
diff --git a/TestVectors/rw.txt b/TestVectors/rw.txt
new file mode 100644
index 0000000..86ebc9b
--- /dev/null
+++ b/TestVectors/rw.txt
@@ -0,0 +1,791 @@
+AlgorithmType: Signature
+Name: RW/EMSA2(SHA-1)
+Source: generated by Wei Dai using Crypto++ 5.0
+Comment: 1024-bit RW key
+KeyFormat: Component
+Modulus: \
+ e5eb47bc1f82db3001faaeabc5bbe71b7d307b431889ac10255262281ec5f5af\
+ 8a790bd7bbec5efffa442cf2c3fd5ca4778763b9d15aeac0b9b71bdb13da8272\
+ 7f4967ac685975f8ff05a763c864d100b7cc1142102aa2dd343ea1a0ab530255\
+ 195c3a6400ecab7b27eff9b01ef6d37381fa6fb5401347f195354396772e8285
+Prime1: \
+ ef86dd7af3f32cde8a9f6564e43a559a0c9f8bad36cc25330548b347ac158a34\
+ 5631fa90f7b873c36effae2f7823227a3f580b5dd18304d5932751e743e9281b
+Prime2: \
+ f5bb4289c389d9019c36f96c6b81fffbf20be0620c6343e2b800aefb1b55a330\
+ 8cc1402da7a2a558579a2a5146b30cb08e3f20b501081248f2f1de36cdfce9df
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 88813a3d50b7c301948ee1985db19c9fd33a47c78c977024745e10483d9cc4f0\
+ f573597ce564a91421d1d7457bc45a971f7d8b31403298da77799b57cf9a76de
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 2CA039854B55688740E3
+Signature: \
+ 04ef52d5aded8ce32d653cbd0d0386f36dfe2d3629da4eea2b358ca8dce50139\
+ 583957b8c211ae65e23f35ba0c74954a2d2ca8755fffaf6a83f54acf7fa707ce\
+ 33bd38643de0ffa1481d933aaa391d6863c349988b4abb14c1801c7df2e8cd46\
+ c1faea194564a3cc51091ed01213a2ceb68ead822f1e8cd03274aaacefc7e31b
+Test: Verify
+Message: 2A51DF4AF88613D91A37
+Signature: \
+ 70313105024da6d8321ba4b7daddf284a291d44f616f4f9580794dbc783f00e4\
+ 9bcad654a374dbd6285e9999de6a4566a7e9043c972b73083fd166bd1c7bc3d5\
+ 93e5222c217b9c55fdd2fb2c917f45016ebee8a2d04fd9324b1f3cad89118684\
+ 3fb8f0e9dd1f04ff6707d33d9edc2cfa45e9fa194b6f799a59b14189c8d37ce5
+Test: Verify
+Message: 1CF8DDD95D780A89D7CF
+Signature: \
+ 10ebf7bf1a99915736fb191a78d27820ade595f9f9342f29d7c565918659d4e2\
+ 3afa3970f317d57f1cdff089078e720015b012a65a69bdc88a1a74d96c8bbecb\
+ fb5afe2c2e54b06f3cba31829a14e6254fa276f4dce0798d47179414e0e2e7f7\
+ 38a8c9bcf9bd1a6e42b4f629a4995678ba14677707ad62a706dac801bc70e920
+Test: Verify
+Message: 2119A954F1AC0F3DCDB2
+Signature: \
+ 6a5bf53bbe7712b013d7b8d7df019352646d80b0f3406fc84d6ba4bbc42570f7\
+ 6ce1d7540dc47aabf294495eb367ae1cfd87aa6569107275fc2b5afdf66973eb\
+ eaf0e0726ce5f9fee9ae4357862f4c8daad0b50909a9adabf96f80b814286990\
+ ea4ba1c6b6530f62ca6b2c354441f235cd1f6518038a7dd6d6e6b37539019b46
+Test: Verify
+Message: F6959926E6D9D37D8BC0
+Signature: \
+ 410150f4339ce378475c942d9f1275f60803f9e7c13318b5727c9ddb7bf44091\
+ a1ec76feefcf7d24fd9ea52f7ba44badc0db692d53c7858ec7c87fd711c2f2ff\
+ cd6e706b4ba7e3966bedcb831dc7a2bdb51e994d5c4e69d4ecdfba17d53a569c\
+ eebc7c0d45580bf1ea751f2286d5f81993a8ae0ae61771e2f229c0f63f174842
+Test: Verify
+Message: 7A4C634DE6F16315BD5F
+Signature: \
+ 5b9f10caf6a4ccf56def402ec81473c47ab84d6d89dec0a563ada1d3e35251bc\
+ d712f57e5815b72f3ecfc80e69b698afc7538ba208618e6f18c523131a806c6e\
+ a616c9e1fefa448c45b04db4b2ccbccf3a65d18605b7dfd54e5d4f660555a70b\
+ 8c7c135642232f40078d5ad23c3ba7a8fa3e88a548833c85fa89452af38ef14f
+Test: Verify
+Comment: 1025-bit RW key
+KeyFormat: Component
+Modulus: \
+ 014f62711d3215667995439ea7d63184eae44b229ea7218c60bd0a0e8f6a9a88\
+ 0e65e8ccef53f981109890ae035e28a6c1360038db30a30d5654e5589218276c\
+ 7cdcba05423072ecb41663774bc642fb909d134f5237af8dfed6fdcbd2744816\
+ 7a4a4374951cd09dc4ebb774f5d0a67c70bf359063398b863ca6b79d22087525\
+ c5
+Prime1: \
+ 010dac32cc0a4c40f8e06739f07a14e1c55aaefc3c0673dad3d9252f87b2c4bf\
+ 4f295a748372e2201d2eb67846e34f095355dc884345c08fb399b23b161831f2\
+ 03
+Prime2: \
+ 013e61571d66b92e1e2c44b80f7bfacd571b25a9d18b8ed846c72628f41266a2\
+ 2bd3a494c8e1de49513876ac0d273ebb76b8de76059eb980d3973266bb0a4922\
+ 97
+MultiplicativeInverseOfPrime2ModPrime1: \
+ c2b3c03a77f7c1ec867764ef68f453126b2bd2fc7a4ab55a3636dffdc763c642\
+ 9d9a0bd7229fa9ce14f334b07dcd92ce137d32d1b1c646cb4ad342a1fc5d3331
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 082A8A2CBD77B445696D
+Signature: \
+ 0053fee570f655686886011718369014f44f1b3ca0befa00fd069af1ff216e36\
+ fdd061710b7e66aebfa50caa882422c8a5efa68132323e7ad33974120062c6e9\
+ 670f003290b5708e51a2222339a003f9b2a0e5a5c219bed13d88f958f6005b91\
+ 0b7078bb0a843dd2d805ebab14dcbec9c92b44401c4f519e11e67c10a429e2b3\
+ 4d
+Test: Verify
+Message: 5A7C64957D01B160AEF5
+Signature: \
+ 000952962cdfc43932342274eb66c7c55ff465625737a6881a4216d963cb3a5f\
+ a0c87f460504adf56edc82abeae0c5df5eb3a2339d930bebfdc886f73bce30fc\
+ 0ee3ad876dac650301e52f99daf7f5426c3be6019ba32fd932cfcd1486e4d526\
+ b114ed548585a02ef61e0e823797f1396c1f574bc727f67acc4e80fd9204477f\
+ 78
+Test: Verify
+Message: BADEC506933099507DE6
+Signature: \
+ 0029687805fbc02138add9a8e0b8023e5f6fa55fa31ab0852ba8ed91fcd514a5\
+ 2826dacd04982214aa1fc0cf70859a7def03dbacbd882e0c62d51c6c90998297\
+ b6393e55b4f4261ef12cf0cc34d76cce6ea838d21a85db613ba41270790a6d5a\
+ 15e3d78665dce0a2c1e348f0252120b08c120a98855130c33e51221c7123e125\
+ 40
+Test: Verify
+Message: 8E05A598F0FFA0E2BBC8
+Signature: \
+ 000e7caa32b8543c90bbd79b8f8c595facf784690d7ec2d6f42955757d9e05ff\
+ c61b21adaa29cfa9fce60c7423eab4e804d7e9d510e1caacd185e3080a692e71\
+ f6c870cf5be65e65f7828531e2cd17eaa265342b94dd8fa38aa67a6553938f83\
+ 1fa7134e17f67a655c5404694943a5409bc4fb0b2c85b08afc6900f5d2445617\
+ 00
+Test: Verify
+Message: F75B466C9A6D079ED0CA
+Signature: \
+ 000ef4dc436e7856e978072151ea9346aa2fea614f814baefa7e5ea27439da5e\
+ 63d68be1cab926e2d0a5d345aeb96d30eee2a0245f9d770781c090a35051cc3d\
+ 11e80304c3b6ffffb7efeb14b9b8000a3b0544e1d34b31c8e103bcac24ba9ec6\
+ b32a50fba9fea9f630f9cd4aa9c0b9e2fbe9b21ec32cc69b920bf50b87d081ef\
+ 0a
+Test: Verify
+Message: 9D8B40E8A5752EF52849
+Signature: \
+ 004e3532bea4e38512e772a59588d11b1d814df7de22e8222b9bdb6f8eb55d54\
+ d9156c87c0ca23a6c67654a0cdd8515fe12bdaa8ca12ef655817acf8ada117d1\
+ 8fdec17efb9ad61478532f4fac828d169f34a95e7517347fb28fd821fb4a88a4\
+ 9a6fa8b5d18f49e405d824afdb7da44a019bc64d041176b1af8415d5a1d62bf1\
+ c5
+Test: Verify
+Comment: 1026-bit RW key
+KeyFormat: Component
+Modulus: \
+ 02d430eab945722f6c330c2fcce4b476c9064da4d79a783a3dc97a30fe78b1cd\
+ 8ae5717b55fbdc9d26993b5d12a0eff099868ffec97babbcd75c8e59012b73a7\
+ a7c23c4f2754fe72b9447daff38bbcc99a30e8f9c8ccecf8cc2f6b28b2297d3d\
+ d2d140217be1f545d610b26fcae7e424fb0051ee9c9eae776b71ce4b56098cb0\
+ ed
+Prime1: \
+ 01e6eb86774831af3937919b3fcb8caa34dce67bcdac927da654f00eb0ec73e0\
+ 9fd95a3f9e3df5c08323584360a84edac08816afdbf284da64636e84455edcbb\
+ a3
+Prime2: \
+ 017cbf02d70ef2cee45d1cc47ec8ce8cabdd6bf32a560975a42ef057bf9dfd55\
+ 3bc9368ddb154a55d855edaa755e69f511a4c69ba78571cc4b14ddbb0f32a4aa\
+ 2f
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 0135b4b86d7a4ee679c9e0c1f7b42a4f7a2f7daf534f8bc08cabbe06c9efe9d5\
+ a6225d8db440f6220185c628c5ad07d543e772b5f7d4cd2a07300b2fa2c9d27d\
+ 5a
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 6C286305AA21EC4E35DE
+Signature: \
+ 0082591a0e81c53deaa17773063b705bbbcda570a770e55119a698fd04079d55\
+ 573ba0bc65464c7392227f663567a40ce0659588b6c5d69fc253fbb7431f08ae\
+ 54f90ef89b197ba812cbc03138dff2582f9ecedd038f563c8992013f80291918\
+ 78d1b23e123aef28c60ce8a74f07db8f1732e29846ea03562b73da63d5c12cd7\
+ 32
+Test: Verify
+Message: 7390747477B3BD574E7B
+Signature: \
+ 00e6a0176e4a9921e01c861fec1a4a5186bd9da07ae637641156c3d3dc9d65c2\
+ 029427c24fe20ffa446962012b8a990db592b03fb538343eb82d973e1e8e16f5\
+ c893baca5ec822df9f98da400cf8e581c9f17aebff7e02bef5d24fa4def23aaf\
+ b06056512b00d74ad3e976b7a094a3a237d7b9844a67deffa8a2c4ca744960c9\
+ b6
+Test: Verify
+Message: 87CBEBDE2F665703137A
+Signature: \
+ 000e1ea6bbd37ead91c98c8d54723806a3865e9396baa46061f51acf7e34e3df\
+ edcbff7ddfedce465741abe41d1578d198d1fa4c1626ee6a0f9e29935ae62f6f\
+ bd6e4402fe239b579f8b1d88866cc743db406de894827082e976e0e399be4a4a\
+ 938d3fb2d1b31306ed9b0592988b10c9bfdb65a56cc559c8f49ce389f17e2505\
+ 15
+Test: Verify
+Message: 1172350AD2F48A0884D0
+Signature: \
+ 01531930c41fcc091fc1d577ccc7375be218809acafb7944bed4d44d761d6f32\
+ e0b7686387fe1cbbc6c1c17a837f68ebfa467a83522850af81d148003713d73b\
+ 9a6e99c3b6a4364a6f57423f807141a8d1a62e675aa451b84315d10bb77d2ef2\
+ 14f9adfe7f7fdfd078add4a6972cea6c7255ebf8cbfa1d8840bf0ac680defae6\
+ 2e
+Test: Verify
+Message: 76A05014672EB1256B9A
+Signature: \
+ 00ddb690471e1d0baaf12ece96ebf048367945c17a1abb6fcf21d23bab22a2f5\
+ 33c6c30eaffd501cb261ba05c93a358d4c991087b8543dd69486a51f5075d9ce\
+ 83c6837ae0b1bf5262e53f1bc70eab0512f19ee59c07b20a78361e87fef65c1e\
+ d0a367c6e85a8ab2ba37391c31150642915286b45907741b874418d9619eae61\
+ 98
+Test: Verify
+Message: 928F05974CAB2FDC8F23
+Signature: \
+ 00c787f8cf47320f88541e6e3858ae049d084fe5fcc57741a39feb13544236b8\
+ 3d6fa0be39207e4cf07f68220804b9bedb88d09b47e9db54b434d929693dca09\
+ a0d90932a12a7964ac5996644ee4ad686f8e79fe5d2b89b25ac56691a2b9bc06\
+ b43752d0e36c600071e8a6f735533da7e362f2e223b3c7b3bbd89d419d196964\
+ 9c
+Test: Verify
+Comment: 1027-bit RW key
+KeyFormat: Component
+Modulus: \
+ 05f975116cd8ed2a2ca964fe87ef4b0c897156561575002fbbab3357abef2172\
+ 71a30d6071af0e179d25f9f91d405fed63495475812169a2df386d88e44824f9\
+ 5d6af69c5a3279843fbfd74639ec9bcad9e34a5730b96414688fd4c5cdaeb59a\
+ 9a7b83f0e1e0e2aeda608adabf4b0fa0bc1e0dc09a3b1228ac00be619154e264\
+ f5
+Prime1: \
+ 023428e22d9b2b0777cc0d3d9fead86a6c060108b2574d151659bd98508e2073\
+ 6a666766a23af6cf9fd4ba8618f315a54f572ea0be45691d8643a1173cbe7fe8\
+ 83
+Prime2: \
+ 02b60675ab2cb579f4bc13a8002ea68038edc9a971e9e23f32c8a63e723c07ca\
+ 2929919214a25196e52441cc433212e4a0e14972c6a45311fe9efc01dde296d3\
+ 27
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 022e81e86bfe027761a2b32129abd37912929640b7666400b13d5fee5ee226f3\
+ ee03cc69a3e7743b134d6eed1a5bfa17bd3eacc701642de4937f17a916b4bba0\
+ 2e
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: C478A696B0F255468B7A
+Signature: \
+ 007b6f176db1cb37c2699e951251386efb5ffb2fda90e55c2f3335efde71ef78\
+ f8bc40ecaf29caa2a8d67e98b5d48e6684f1860aa9084001bc4d183d30fd1392\
+ 98ea8f14608e35cac28e07182c1dfd026dc73220d508a96f8d210dd224754f3b\
+ 1675f2332e795f0437c7f30e8f0de44f0f9d1979e25245e6cd206e8e75d1bdb0\
+ f8
+Test: Verify
+Message: C18E11632F208CA86383
+Signature: \
+ 01846c7bc42161bb2f8e4737b564b9109c484a80a7dfd3edab4b10c13b5b16de\
+ 5afcb8aa0eb7a660095936ec5ab4d831751f763546f2d64f0c85ff39573559e7\
+ 7873520b832d2584d441fa2f32f1f740b073170fd5e3c21ed2fda1ded97c4ad9\
+ 59a3433e69ac00310f1193bfe17a6529c55ea449b510424721dae65133db1d92\
+ 1a
+Test: Verify
+Message: A467232F585D0CE4FA1C
+Signature: \
+ 02910643b84fda8a8aa61498c768b28a720429859ac62ed5362fc1a986241990\
+ 5023c5ad1a3f9625ec8228ae19ef36c65bfdf00c06bdc407dc60f37bdcee9ae6\
+ 45c246c49347f0f7ac4970dc09989cc82c794cef8c2a66562d3e4ab7140e5b45\
+ 30f5a8c86c10405b0e67d957e502756d38d7a1b67292be83af271c67c2b4f73b\
+ 6a
+Test: Verify
+Message: D93880168C8E008F03B3
+Signature: \
+ 001fe6b090031213b5bb01f374b95988729ccd990f7ad4c8a51c2d11b9e92ea8\
+ 6672689fa5055a8bbb5a9808f21758f43aee3425f02325b8caa0052201526d9b\
+ a66a7195c7ad16704606d2786f1b48e87dfadf0d6684d913d4498fc9d6c5aea7\
+ f5a322c07031a8ffb5e02291e15905fac3b966ee9d97a22cb5bd4de6977ec87b\
+ a4
+Test: Verify
+Message: 5E9FE5027C29EAB421A5
+Signature: \
+ 02d1ded6227adcb612b1d5c0513aa89b114bcbb7a217983ccad824c93193dba1\
+ 7a814ee3d5bd6e5356746d7cdc31622d4bccc0b64afb6e3c8fcf2c362f4af54e\
+ b9c5b0864f9e2c5f6ff91c0cd62ee76abfcd96ec0c0019c723eabe35b9f9595c\
+ f2052cd7f857999425a19e2dc12a09924f2fbb3eea410a321b035cda7bdae739\
+ e8
+Test: Verify
+Message: AC4218E04F09A1F217B8
+Signature: \
+ 0204a3edc9b2fbb77d99fb209b93338dfd975e3fbc5fdebaf5b4e3356b5589aa\
+ 99f91c17291a44f42abc2698135ff287339fcb7c2c2bf4be12ca89880ec768a1\
+ 764b408c14371d7d62f46e232e0ec5d0ae90d5e7c249f5814677080883ef34b7\
+ 3821a8906b8dfbbd631a9a00879b188394c7dd2ccf7cee2a7ce21351fe611fa1\
+ d2
+Test: Verify
+Comment: 1028-bit RW key
+KeyFormat: Component
+Modulus: \
+ 087cccfb64a879acee195b25571704ed63eea2194594b250df8b893ecd79aed1\
+ d0c22ae1636371db48900f83a563c4f810049aab40c0e9070806f07eb5887618\
+ 8f0fb6a118c498d8d99be3188d79dff498f4271cd862514364c8954ac51be624\
+ 40abaf2bf3b8d03425a96eab73f18fcef0bc6e64e3cb0852d274b196ec4b284c\
+ 1d
+Prime1: \
+ 02f2092000f301f0f1b6925a7e17974fa53e9d6b1a54305af7cf85404297e16d\
+ 03152c60c5836f3d43a355e356dfcf1250ebbc33254a5e461eb177783e509886\
+ 0b
+Prime2: \
+ 02e1ae11ac527e1a4a6115fb86b7c3a8396a03d29c7d4f9ea2a9a1b32fe8fcb5\
+ 2dbc60798af7f168731cd0f3e63715980cc11e468e7194b7bbc33cc430c60517\
+ 77
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 1654d6ebc39e291e7a2f602eb977eae0e856cd43b3392954942eb31a8b506bfa\
+ 412a3cae57c3e83fbb86a7871b329ec91fb39b25e361a90b7487d1820de15097
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: A2065AC53F8E0A47851A
+Signature: \
+ 0400591d00d3b69ed3798a2d63cfe09cfc2ba37ea12fad93396a4be9a06c42b7\
+ e7eb270b349196da0980ee33025f826d48b976454aee5faa9bd2d983538c3b34\
+ e36de7f3f22b08da85e8e8b674acbcdd198faf7d65bd1c9a9bdee2bda5c6f65a\
+ 14fc169890d504843b4450afa6592a82308d61c0e050a715ab6de006cf7f0872\
+ 38
+Test: Verify
+Message: DB57223211C510801B3B
+Signature: \
+ 02eb8797b8f97fb833559beaf20b1996335f7f1a02399ead9e225afa13aee420\
+ 0ae14b992b3b347f6498658985427b44d3f2da4432f141252ff2d1be174b84c5\
+ f926c06ed54660c48bb0b82086fcd7ce24e906a84a2599d397b58bdff4f806bf\
+ 6391717a2ec187375f8a2399b6d65b8a09cf53943672ae6c64d44634d1f4a6f5\
+ 76
+Test: Verify
+Message: DD9005A7309E55F67D01
+Signature: \
+ 01c35a30a75385c8b7a0774d1ca1a7015e988aac7db854fbebd9e58d66c8780a\
+ 2036b48b1b57001df6e04de7007a40f5b394d30841effc336b0c4f99a8f8354b\
+ e1b8d0f25efc1623d4ce594144d545da265c951e06198c06f4a614354f29d54c\
+ 7fe2046a3ef0e23c3866eb15d198ea4dcfda38edece33a1c3002127ee4127634\
+ d7
+Test: Verify
+Message: EB0EB87E62FA563B76F0
+Signature: \
+ 015db0c4cabd9a88fab1e14608cdc5c8c6748953516a26367c472db6c903c884\
+ eb17a5cf61bdc709e46163079d3e4c72def59b90604faba783213331c4f174ee\
+ fc42be85a681f27aff222012048a6ba8dcc9cfafc36d806a6890ece093414e11\
+ 3ba354242d94881b648425a5e0b63b269b3cfb743cde4bcf0b1e745551add47e\
+ 91
+Test: Verify
+Message: 255C262D85B8B00972E6
+Signature: \
+ 039f2d447f267472363875d7c708209e9aebf2374c3c844a9d098641ce40a3ad\
+ 7e10a389e561ec360491124bd856d4a2ea47e871a3b9cf91229d94e2af8a6425\
+ a1671743157bedb8942c6a212dff2619c7d21675ff629007774d74dc1794ac5e\
+ 13c6823248def381d39d402259a5b16906a7be58e7ccfb6828dfe0e161c0b47c\
+ 6d
+Test: Verify
+Message: 1E5AB30CFBCD4E80C842
+Signature: \
+ 03f6ad6424b0192054f79ce4656d2187093eeb9a380f67127d5697ec3ccdd565\
+ 61267c6f1454b25c8e2c3a76ea97a93b4488c944fe2918adbeeb3e7ef039be2f\
+ de94b120c36538c2dbf60dd5f67bdc8c647333f38861ad4e2d8ac10437bd435d\
+ 7619ef4aa26ab92948c36428286536af6741a9188e4f75248f1dbb83a6302ca8\
+ 2b
+Test: Verify
+Comment: 1029-bit RW key
+KeyFormat: Component
+Modulus: \
+ 1335b36fc9d30c35f56e2feb6034038aa1bfc2a4072b6f58219c7ddc17afaebf\
+ bdc64c6f05e6df88f0d391a9f84ad65d47852014dbcbc15b2551fc4bc42c4e94\
+ 4d5370587a64d58cf05c390e345000fae3213fb77719b19a89711447b6df5c6c\
+ 63c9361bd59621050fe71a1dbb45cc89cc9efe1e30650948f5060defcb434ab7\
+ f5
+Prime1: \
+ 0484328353f979cad99f4133c53acaa6ee707e4f2ed4e79062778a2dee308176\
+ 1f803ac6e71bcdb4af4d37ba2405b077e5a0e35846b5cf1b5bf560977f380f1b\
+ 93
+Prime2: \
+ 0440daed0dcd475c0cbe4a5e6cd9fbd23ea58826fb044db132eb97fe173e24b8\
+ 4be0211935a11ebf5640a3473a82649565109e9e890c1c293d7ca097975f97e3\
+ 57
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 1eb353992ffe492783a2aa668f9128f9ca3901a4a545612cd93b081afe8f709e\
+ acd77a8f2779bff6af804a66f6c06a66ae6a19cfce4726db320c7ae071571de0
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 9C78E952A4240ACD1CC9
+Signature: \
+ 03837172288d2710698e7ff49b0c45c5aeaf829c8b1c7bbef4099fa3b05eec33\
+ c5bbbcffa304f44298d9ef5ddaaca6accea2a970afe8621070b09333a862f6d7\
+ d3c00f26b895661a406c5d1f647800e580a9a035510c6a7dfd37fc9a9d6e21ac\
+ 74c7ff14e8fdc75017b26edd562e97e61584d5c440781a3a180412b72b421d3b\
+ 2e
+Test: Verify
+Message: 1D0BA731A4303070504D
+Signature: \
+ 0658fdce91ba8b434947a866f14b395b9f98c46132e2ac33b84b8b683b024d9a\
+ 3744b43a6eb2c7f6e995e8944f030426acb0990eda7942463631962daf9926aa\
+ ac876a0bb1ff82775dc31aa55604b6867ca142a53a71af770e3093126ad9a6f6\
+ 7b545a320f2d67685600e4de7e6f6884f13d545688763a4b08b4979b4248d214\
+ 37
+Test: Verify
+Message: 8B9615640A5E1345DFED
+Signature: \
+ 04df0f6f3b3f586f76f75a6dd2503252f48144beb5d99e285c83b9050c0f5b2b\
+ ac70d68845f5a0aa74a117a667e04041c3bb4aaeb31c892be3b00276e07a08c7\
+ 5468301ec22e3d1ba2791109fcfce240c46393d3d4c7261559872f0e7d2b71d8\
+ f65f1eb4a04a913244c3b5dc9582e07e7a3a330c34dffcc810b829f512905b68\
+ c2
+Test: Verify
+Message: 115402A8ABE9CDA3072C
+Signature: \
+ 05dcfede8ff2d435d0bf1afc68998938f7d238a47eb745e968c5b85a23916324\
+ 6235e7d3b2e0f6447fb88053f88ac05130cd5fbf064d238132e55d7a40af44bf\
+ 0811039b7b04c002f4e71a6544a2c75fd2337b45a27dcfa3856812cbfd87e71c\
+ 3fa1821101f126f2990f3f0461ce4985d7e3d00e6c9381efa15d1b9607d85d65\
+ 06
+Test: Verify
+Message: A8601D68032651FEB033
+Signature: \
+ 01612d1411798aa97a5d7d7f9e7f843de10893c5be9105d4aef2563e9fa49764\
+ ebf639c9852cd6baeadffefc09a7049a7b028c2b794d7ffaa2587de5481d53aa\
+ 7b1c1b5bed91dd50a871d5b58508562385ae95365e7382652e4e8534f27fa22a\
+ c6e192405d4f08745da388a617c36643a4cec77f0dbacf39c3743fb021f6de32\
+ 40
+Test: Verify
+Message: 5856E57F8F8D4EC94909
+Signature: \
+ 02b0e50f512260c97058ba56528dc30bf32ac8062d1971f700b8d5be00250008\
+ 2b7813a2af0f0efc0e83b3fbf96c7510ed427d3d9f0b719e1d682c29c0e8ba8b\
+ 67da35101c33ebe74ea4aa21a00a76d9923905beaabba2e16a24aa49f9743ac5\
+ 33436df45c28a848ab52dbfa79765f70537c03196edf7a9503d6c7e2d6e64e53\
+ 89
+Test: Verify
+Comment: 1030-bit RW key
+KeyFormat: Component
+Modulus: \
+ 3ce073933ddc38b6e51f88f45f4fc8d2354e760c134b0e43f135439a4c64af51\
+ c754782a56a04705b7803c13dfecf5efdbe2d9bfbc06e341e09b949274bd1edb\
+ 660e30b441f5ddef1d23c5efdbd9fdad068f7852a39247d39afaf665aab48884\
+ df86ed9d588ed4691740e3387c9a295ccfc3137c48e7e11b84dfa2d85c83024f\
+ 0d
+Prime1: \
+ 07efb5572a75f8f29b58bd5f2a6080f6fa072f0c69b46e724959b0e782026eb0\
+ 1d69bf881e664ed668f7bba9369679b01e9da590af6234afc6941da685d2a570\
+ b3
+Prime2: \
+ 07abad6313afbde99f95cc263449fe997ddacab1834221f469a38801c0e5a3ad\
+ 0a6b029a058317e928d27d511d60a73252432618840fa4ac2c82b5082b7d69a1\
+ 3f
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 020d02907c4770b64d7ec7be20a174ff6734c6f47f3f2cecbda92875410f0e40\
+ 18526dd5b4d4eef94bcca42672886a6c360f39f60694f49d50b6a4eeab541657\
+ 9c
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 162DEB4C940A16BABBCD
+Signature: \
+ 0e39ffbb996f679d5c167864b22f6a2a8ae9b69ac9a7249362db552b8992427d\
+ 33f86fc605d1b4309902fa731f4b8730a3e4e6f8a7c6618c9365258d7f3b31c2\
+ f64ede5c9e42cc74270d1fc08864e0b73caef6e411b8e10a836702c6e84a8989\
+ 233e784bd9f7ede70e3f8c8b541d2c5e68c3432f8ae1ccde0d5dc81dc4061bb6\
+ 91
+Test: Verify
+Message: 1087E1EC7822EDECB926
+Signature: \
+ 160556756f0ae933604f13df1783344d82fd4bb0b380478a3329c0b737d72376\
+ def707e7e10521bb456ff76d92f431f94783d5e854c386afc7677d5c3758433f\
+ 4f64e422bdb251cd39ea64befa5d515f88ce9af8fc800c473d4fc1bd350a15af\
+ 29361780f90499e0fb38b284a460b87cbcbfaacea0ca4510f83aa5c6344224e6\
+ 58
+Test: Verify
+Message: 5D7D3F768E5082238248
+Signature: \
+ 1b97cebfd6428a4d033c6269b568dfdf4888a8134bdcdaa4855187148b1640a5\
+ c64556767379116ced60cd18027bd43b45071fa135c56e6a9519f4f46fec407b\
+ 333948e2b0c99e4952b6b4e063a4ba2337a85cede6f40b235502521a1fe65845\
+ ea5626604e87c2551a2ae21fddbbbb677926bec6139f754daf2786c95ef21732\
+ d0
+Test: Verify
+Message: 0E701EF227ECA4C734E3
+Signature: \
+ 0c55ff7d699efd140d93eccc65f1fdb5c30859e3539acc240fadfef4cc44af37\
+ 98373a2a47093a660c322a7577bd521d324dc930d7e3e54c39873c3f98d0e82e\
+ 92dbd33c5f83d83d9b1f69eee731ed01f9d5ba8edd0a55f5461e267ef9a7ef08\
+ 92feca7e818056f05398f95f5b6d981b1bad4aa0d622ff3eef054a3502c428d5\
+ 8f
+Test: Verify
+Message: 33E65C65EF6B72AFCB96
+Signature: \
+ 00e692d2e705da6dae543cf127907791a826a309993a74f18a1a3becc4ef1f0c\
+ 535d71ebb46440ca5120162c87c52642608d20babf3d0c90e9250ed56231ba3f\
+ ec692c94fe6169530c7d1cb366f31425a934ee0d4974d25294c9909dcc0771d6\
+ e03171c277c932c2c4927132d8c96546121a66ff17963d8ff3becb60720bebfc\
+ 22
+Test: Verify
+Message: A5D33DC2DD83CD71979B
+Signature: \
+ 11a3dd295af6d06f87996d7381e8b68296287aa1b7db0291ca4ae833bbd82c41\
+ 4c241e9d962fef2880bfd98dadb5c834bf6493481f67a4b2826faa628bd88af7\
+ d7afed125a4b5c1226462b1ecbdc1fbaebe75b2cd03fcab6d9d125ba269855ae\
+ 0a17cbbc784bf068e2dd6c54d01660e833705389634a486aa4ee075e02e583f9\
+ 51
+Test: Verify
+Comment: 1031-bit RW key
+KeyFormat: Component
+Modulus: \
+ 6e2681db0cb7ec625df9f87790345f2af3378bae4fdcc6224b9d4f1ead9e7bc6\
+ c4a7944f95aab6047bfaf185c38fe5438679994a39adb277538561ba73da682f\
+ 3960510686a5b4c39688e36b02177b2d3edab7c6dffc68da05ff2a846151d784\
+ ac24cc6f48de7b7490e08e73e79d60b1b5e1af431037183f50e3477299c1bd3d\
+ bd
+Prime1: \
+ 0acc8984e4d7de0d950848e4bb75231e7eb7644882c34f5dc83a14eac016d659\
+ f9fe416437f7dfe6b002503fc19fad863de7b48b0b173c745e02041eb487d16f\
+ 53
+Prime2: \
+ 0a33389ab2102b97351d37a4b5046e885eaab21e4d62254fc2efaf613a5da52d\
+ c295ac2b77aa9cafbd6ceedc136991cc560dbc3e5f7825ce5c2a6eebc1f834cc\
+ af
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 02c3b6017888557795c7cf45532a4b896503a26a9f2f2de9b630948b666cad2b\
+ 96bc7928be9b00f86d0c41be3a916dbabfb26332152f2d3060f0dc35cca67d17\
+ d6
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: E8591C99769BD81DD7AA
+Signature: \
+ 228a5622afb5f8da5b04a8b453c5078504f7af5155b51abe613f282d2b71d729\
+ afbc93606e2146c2287a00d5f7433ce7a336f93542d27b9b794a893e170065ba\
+ bc8fe0ea87da646c7194a133822d9ff2505962c9d80e8e5a67ca1867ea4d43b5\
+ 451d9333be577411d96b0f0b51c46f61bdbde2774e160cbc47ea7b702c9e3ab6\
+ 2c
+Test: Verify
+Message: 0BC6F6DA7CD14073D339
+Signature: \
+ 035a59e2b4c4633f41dd3e175dd4157ee328b3e7aaf58872539d004d667be119\
+ 6981a0e71f24fe7678b76ccda95a5fc9e6ff51d5fbb4b2f96ad852ea31f5c59e\
+ e10e6d2b9cecaf9a8a2a01518a5bd9559e9f7866fe50a3238b6eba6ee6970be9\
+ 526f0638466ca2474714ae904ee10b23a7f8034c6113e649a0c599885a02c20d\
+ fa
+Test: Verify
+Message: 15F595F4FF9DDFC969CB
+Signature: \
+ 09601b3513a7dffa307a76cd04ac78fa5b5246e396b46bb937d718e3cb6a576f\
+ 27c1b2693f1806aab28633897096fb2853c051d177577f3e8d5a58845140b249\
+ 0a70474be8a01f8c3c531b6cb6a79d32399cbf31e0066f552c4e221d1922e786\
+ cea446d4612a19ce7bf46b83d95c02036799e10d63008d058a36211a763ddb30\
+ 44
+Test: Verify
+Message: 8DB7894D9A75E3EB2082
+Signature: \
+ 25cc378c4b79b0300fdb6228e40eb4a481d0643648f89375fae72de7ca6c9cfa\
+ 1b2e8b20dcfcedac7ab86c73f77bb4fcce305753b3757c09ea1826310a4a3152\
+ ae806a579cca7e5907e6428a5aad7fe6fbf3912c2b31a7a0340d3d9f7469b690\
+ 140b4c0a8588eda26a3d5145633b36ac28b4e551c1f1f45eedced3f63d0540a6\
+ 6d
+Test: Verify
+Message: FB0C78591E59B38368E2
+Signature: \
+ 1b11c01683b9c1d284ecc415804323ac093a8dea207ba50d9688bf176e01454a\
+ cd65c3e44d340928b2a18df96485d1074184d7229f30838ab93744fed3a219e1\
+ c9c7219093a65f786c483c15113b2c7adb9006a4586fd943cf2d114692655a7a\
+ 7e32f8fe6d4eaebf13730374401ea10e161e544439ca08d9f823ca88e1c632e8\
+ 05
+Test: Verify
+Message: B864B250AD45406391E7
+Signature: \
+ 2ec5c0c8650aee4f3895e64a7d6cf3b199ab7d23250c0d617ae47ec6e8c1cba2\
+ f3ad1884945865580d7dc255d20aaa2fd28480afbcd89b3188113857ba9fff0d\
+ 54e23fc4b1d44015ea1e700a7f20fcca6665ff7790969e5e718f4a53ff66ff23\
+ 0bb9dd3104937acc7b0cf54aa7a147270deecc6101f2568717ba0b4983d81eaa\
+ bc
+Test: Verify
+Comment: 1032-bit RW key
+KeyFormat: Component
+Modulus: \
+ b660eb18786256c993ebc6dcb5892eac342f6d91229b73dc5d04f1afb9bb0dd4\
+ eb0b48895f514b4c9afeaf86e91226f2299126d37528ce374e89cc312c06f47c\
+ 81112bf5ca60ffc33b98318e04a17627269f1af461b6cb40f3be03b0113fb2d8\
+ 404e154c7191306b36fd3efa73c784ad9189115d0bb1bd82b850d000e7cc8d20\
+ 35
+Prime1: \
+ 0bc31c063f43b3ade2cd633d554913339071d6ebed5fd665fc5dd7d47b80721a\
+ 976c3b14fbd253f0f988c354725289f2897d7fb62c5c74af7d597a1e22aafba1\
+ d3
+Prime2: \
+ 0f816bf0add559afda38b008e4087f6a38b575c56fff453056eaaab3381c9552\
+ 0969546f954d458d48e44850938b1db471cf4b40afc47e067fb5bce67ba98be8\
+ d7
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 0b684eeec75b3e24e2d9947341b3f462258628af6f0b881396c887fe26a3408c\
+ 40b13370710c82dd4a021a87bbaab5c0fc96cb1d015a783a764a8ab7b002903d\
+ 21
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: EF0F1D56F4E5D587C212
+Signature: \
+ 04100affce5e7852b7e96e6484a76787c5c8428516159db1d3f27221a0960ef7\
+ 1abf16a347520fd8c08cc7048d51893497c4a26ebd403ae6df2313baa980cf3f\
+ d3c6cf3f5f9f8d885b469ebf8932ccb0272e3ab05bf3c489b8beb1d555ca9a0c\
+ 82d7b4a675252706cfc15a83cd8a08faa64f5d8c07f5ea68efaf8be77de5c8c7\
+ c5
+Test: Verify
+Message: 2C9EA313EACF2C5DA43A
+Signature: \
+ 0133fe2c3cb80c89118b9a7e4fbd0236d9857326721ea7b69bcc355992485364\
+ ec673501a93809a0685ad992bcc42a9c0691829ca84ad020818ece9ff493b04b\
+ 1ff934cae30c001cbfca55b629f932f8ef6d09607d4024ac4eb165f29dd6d934\
+ 35e5601aec2434d3b19d25fb14be9409ff55856457b730559447a69441769635\
+ b2
+Test: Verify
+Message: EC5CC4228C3C70EE8F35
+Signature: \
+ 0292228e7a28b288cdb6db84d7728759c071f2a079dbc1df3cb90d3647118b85\
+ 2186f6ffe645425eaabc010a7dbe1a2963e34f11193b4b25ddfab503db231b6e\
+ 86a2a40d7120185d5828752c16054061155f085e7eade9cc0ff9fc88430ebe32\
+ c01340f7b8d1f89369dc412e4b7b4a10dd71f7555172cb55f07c84b67666915e\
+ b5
+Test: Verify
+Message: D81F0C6F2D3D60EE19FE
+Signature: \
+ 104ee209ba0496989248d9abdfa55305e246ab0f05d6e4643725673d27485d30\
+ b8b90a3e064d4a0f856e6e0f3ac792f705c73cdb59f508c7352905387984aceb\
+ 92ecac54ae7ad1babafc1642e887ac83b42948431e93636cb2cff7a6482a94b9\
+ 5ad23b9bd3b5af9e7ff15553fe4d951ff3571638b0c861d97c5a4326fdff79c2\
+ 9f
+Test: Verify
+Message: FEF5EE07C74118DA30B9
+Signature: \
+ 2ef6fde52d6bcf735bb6531a76729fd237dc5a08b1c0caefe4d381612060bb33\
+ 138774cc38a50f5848959f28b63172983afbec6d0b1a54994e084cb0b76013dd\
+ e0a53ec0804f63e921e391ecd2a7ae1695a1c1cd3339e5de1c1bf5450004d3cb\
+ 3e60778546cb04c4a6b998d061e9dcd0bdcd2e308c9af04069567865fce448af\
+ 5f
+Test: Verify
+Message: 0B9554FFE4F6ADAB2C76
+Signature: \
+ 0587073e2070411738586fd883242cd1a4e9fc08b3e770ee01fd6160dc172a76\
+ a7ffd250503ddaa68b1f78cadeb422e9e9ce00e0773b863e662fa511891ed0d6\
+ 085d7863be37d6013ed5c4949bc19f7d1e3f1c7d447b1f849f6f41629f62c833\
+ 61861faf65e19ab4d3abcbbbc31b4cf4b4fc0d28cd7e524236a4a39066c2ee07\
+ ed
+Test: Verify
+Comment: 1536-bit RW key
+KeyFormat: Component
+Modulus: \
+ 9f8f8ab78ad635c71c9ef0fce9d4a958a9013ed69fcd67c385722668d4357c32\
+ 3732c78179eaa17984531ba570aa0721a1e228957b1008010f1a2d6c42e09847\
+ 9ffeaff9bbfeb3c8e101f968fc7ac74cfba210f76a6da160e65934d216368763\
+ 8f59e414dc6f0448c0b4052c90f7dc565d32acae5da04e3e157dca184aba8362\
+ bb28a2da6915d51d65f54fbeee69104a5a1b2304b87230c504b126dcf1c377cf\
+ 1777b93be6903b50a44f054ae233b7cc24f950ded467cb8ffbdb17e7b6937605
+Prime1: \
+ d0505c510a3b38a139d6d139818b04251d6ca46c2e717cfafbeebcd5fff8ae62\
+ de4698e3241784f05e8c86f0f996db77259ebaac6983f092853639f619b75701\
+ e562408cc1f5c543cada21fc26af36905b10a0df5b111efd754666bb3db4be63
+Prime2: \
+ c41623ccb51e2474eb3dc5c2ef42cfd320a285ef7aefc1d1edcd5f566549cb79\
+ 7285f01c89b9f749ca506b717c2a45b708fec2e7d611c5eee6af0a6d61219c7d\
+ cab18961e98eea3b7797c61a75aed21d411de4fcf4a009a8238a832dd6e41277
+MultiplicativeInverseOfPrime2ModPrime1: \
+ bc1ceeed917217387ead12254cfc183f82c79709499f510ce093d6d28bc1bf2b\
+ fabc3d86d64a1c807605bd57f9ec533745d6e359270885c3eb7a36a02dff7137\
+ 9bd453bf3fdc282afa2295d5e393f1c2c74edcbd2374c7740e8135ef0b8af258
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 400AEF79EDBCEA796D71
+Signature: \
+ 0c143a2c67cfc68abe6b52cc229a225f15516439a7b81ca795d0012eceac5dbc\
+ 1653b3fc2150b0c83ca316626751132093f55eada4bc097b979737615bece763\
+ 93d421eddd27d0fd0c7aab6d815699a1352bdacc1f77eb48e760fd1674572f57\
+ 7919672ecb77fb5866e0bdd35d9d2007ed6ec9388779483e68d48d1722b98fcb\
+ 34269a8be62323ad6b0bdb2f6df3dce5f9326b2447e88a322f1e88037ed6d8ab\
+ aafb9335b3fe9bb2d8a6551f4debd84cb26f13af7f0f7b96a0491ab3bc680918
+Test: Verify
+Message: 63F64BFAD5B830682F44
+Signature: \
+ 06dbab4e4d8fb0e09a144a2d785e956229c4f5cf834bf713f70158a7b3988c6f\
+ 2f8ddd1de4d824818c21c35ea3f9a1b463e474564a71c29e2df2a56d8d6c72b8\
+ 60d7752b7934a07c6ea9c38de6d508f5d6ad08c473b2bb2da989a9fe21082bce\
+ 8bea32366106d657a7c9657d8fee6843773c469c1406a8d7dd95111a77a39979\
+ 89c02e022b1166ae8a2075fb205d41bb977b6665b5f88150112b24f559b964c7\
+ 774bd9da84cca2b71d3f0dcd63538ddae92f85ba89eb967febd42a7d8af842ef
+Test: Verify
+Message: B6AAE87E8D469A16A335
+Signature: \
+ 2bb35d0671c7153b70ecabde00d717cbc0217d322d88a9e39810ff9ceed4859f\
+ 4beed20157877eec2d3bc57b45c423ebbaec0bbc3af8796837166670851192fd\
+ 40473ed98666ed8490eff0821ab4650989d6af90212fae1835dad38c0361c55c\
+ c7899c790aaf348b245e547da148be53bc1c722051b20eaecbda9f09eed80596\
+ 50e825d39216c906bfe97c2b34ff51dd0d7bb66799ddb917f18d0bf0d084f6a0\
+ 959885a971ea903b5cde5102e20dfe974be900d3353bee16ce7d3bfb4e1faf9f
+Test: Verify
+Message: DB0F126516E3EDFF3D7C
+Signature: \
+ 411b42db6320896fa9251c23a9951b909401a3bb1ebfc83381536669c0dc8e50\
+ 556adae94e15e40b515771078849dbe2c430853a28dbd1449a46edefd14970f9\
+ a217ee111dde569f51e335b3d60b320acbebc2d4e4d6786ceddc377548037387\
+ 3c406c61e616500f14f74af9335f697691836723a8ab97476750285675add8e0\
+ 01b137996c757329e53f8372eecdcf25c40d89befec0d41a1ff8694ac1bee0f6\
+ 907fa47f5dca291a09b76f8290bb86c741abfe8e11a24abb9a656c3d48bc59d7
+Test: Verify
+Message: A58B1E5E98C44A8680BD
+Signature: \
+ 0547ab81082b15af46bcec4d4188828edfecbe61e31b869937a3c7069309895a\
+ f2b0433ec7e1f900176206066848555fc554e0e95cd2c3d1639bfdf3c73f0413\
+ 5c832f3cf8695a4cccb2b55622da920649773bc163c0d2c9afd920267be3bcb2\
+ 4380d1e4b163f3d4ca248f21a0f14b3683b558d45d89bba9e8545b1d939e69f0\
+ 0652897cb1f26139e12e7bc21d24cbe7b796d4ba604d88481216144190f28064\
+ 5a8736b9126938041ef954240ea08810d86ccb09a99a91e6b29f05f2396d017d
+Test: Verify
+Message: 7AF0498714B0D93AB959
+Signature: \
+ 20bbf2a876dfa068e6f0ab79579024a373269bb2c5aca0fa6efc7da27bd2577c\
+ 8bc58c5e3572e4dc387384372afbb97bf9bf3d5bccbeb271b5695cb95b730e77\
+ 2ae39645a24ce49df46149040b8473218929c8eed03844aa90820a03ab7a26a6\
+ bad0a13a8d28c6d498dadf948c0c5c3ac3b9287456194ab8b33b64364a23b0f0\
+ 35dec5d190d5e9ff44ada5ff1f883a9dbfe966da0c5a0c6af1a68980023ad60f\
+ e240e9938f37f2e3cd085c03b30de6ad16372d4d93fb9a92afb092b0258a9746
+Test: Verify
+Comment: 2048-bit RW key
+KeyFormat: Component
+Modulus: \
+ b6dee7375bf4385043b3cc2ac5cacbc14ad11a17574738dd2bd84d2d1e6c74e1\
+ 6066c2a5c35bc3b87839858afb5ee5e8abfab408f38772866f6f833f39fab248\
+ 3a2c34ed55ad7098f9f63d4ec70b7950f02daaaab10781a0008f993c4027e381\
+ 6bfd45c52f59452a7b28873513dce415a84fc8bc06601567f91ec41647da2304\
+ 5b6e01e24516724acc02947ad5aa2dba4d952bc4f49d18ada0b0f7cc5d488814\
+ b921c0bc2b33d8828d80130df7d79b0992cec40d3bc7217d4a4dff3699345e44\
+ dac968575194845aa7b60dcf3c712d9b0a384824c3579b40dba265457d50f69f\
+ 02a140884d89b7fdee9f0a787e76a37c58c92cf2d3818c72097d41b3faa7aa95
+Prime1: \
+ fa880a456f9c205a26e02c3357536531dec150be0ef8747f69ea30d987ff7dd8\
+ 9e9a1075ebd39f04fa495bd26d8408a8de69113a9fbb52f20713d1d046a76b47\
+ 8cf77c46454a7afda2ef418f63faf67c947d898bca109f3275999e8f2e60e2c0\
+ eec133ff69e71a2d396632670b52d8ea03f7589d8144ab580b1d3e60efa1280b
+Prime2: \
+ badcc718dd2d761c4893c4831d56ada30fc5c7c148d473bedf7615b7e821b92f\
+ 319676ce278349f1309fb3d264c1a22bde71b221354c7a4d31117b3ec3c9d480\
+ 2e0a26bd8ec05d28b6502c65f35c687af7f8396b963ed029a2c5ae38dd7c5c96\
+ 2a953c113c0f590957ab19a6e2afda6db84f22c0c31ae243debd2920fbe9fbdf
+MultiplicativeInverseOfPrime2ModPrime1: \
+ 48a56f93e044a8211861da6bde9ab61265c63e168e507b56cd6e6e5f4de57c2f\
+ 5c0b626462d6c06790cf561fa12a350dc0c08767f2717914183fac90db36495a\
+ 91c0e9c0fbcfef19c85075b3b744fc378a9f2045cd7fd144ecd39bd1a59f1483\
+ 10f6982efb3ffe502b279c4c0cb2a7f9ef64ca8f38690c486afb5f659cf7f838
+PublicExponent: 02
+Test: KeyPairValidAndConsistent
+Message: 00AA5515CDAE5CD0F0DC
+Signature: \
+ 43f58896350d7150589730a5b895083224cdaf5475415b5cf9e00e90e0110818\
+ b2c26286dda3ffca8cd567ab0ae2647d71d8ecd82b1d6dd37518e2fc5ddc6bac\
+ 11faa8baa3d04b66c94057386d9e2f9d0cce8e72f7a6f187d317bf4df94005fc\
+ af5a6c2240c01de3d754cdd040d698123c23f4aed288b98ddb84c22dff4710f9\
+ 49d2947f1b3e5cd601341b08f6a90da6cf01223699480d0c4da06ee19de179d4\
+ ee431875dd89262aeeac3520bae9f540272a10aa0c4ba9a314c888f4c0de7ea9\
+ 702c6301657cc48c62e0663478acc05362077fa2471b12430bc0d681c3e07670\
+ b1f6f0527901284c87726df9724812a3df9305808696f01496c0ac2a5192332b
+Test: Verify
+Message: B8E2FB9EAE22FB2C0021
+Signature: \
+ 13701a1e3668da7c518a2a31b43150c9efcbdeeb8cd0c629472fd1a40312e5f5\
+ 4d29bbdaa10b337455bb76d7fbe7cce7872b5387a4116f7564d33a73d4c0d4ea\
+ b3ff687cabc4807aed536f253b5ea2b11275572f100a7c358c2b7df38f513a70\
+ 52b902e7dd8f3e218284ce9ea5b5b75467e9fb1b033feadba9ff5a1dd8412ee5\
+ f6eb9b3b23a2a23ad4191b82f5d75eb96f40a73b7d7841adc54f1f9c89b78bf6\
+ 2139820b0958f8eecb0b7a5208164dc14551f6b64612256c5519be2f06833955\
+ ed916c1444e82df4b6b7a980ccd3bf341f0baa0a1751adc28dee45ddaff34063\
+ bc20ed7edbcf6efb5b409a698c329ad633fa14a4254b382ec560bcddb1b5536e
+Test: Verify
+Message: 8C8C306A629373BAE647
+Signature: \
+ 2454422c3b13ad80e8063a19c3a8ba67a6d850eb2446d747d95e47ef27386d70\
+ 47f199e32f8516be745674eedda48cacf1655e27f60fee5a8b5fef7cc0623e07\
+ 5d0a6b24efd52871cb5b92d797b11289092e6b0d10f64a15c192a0e00c443018\
+ 68a5d0c06598ca4306b508b8a9794161d01d463bfe9d3918674a02c51cbb615a\
+ fd963256e678c41222c22be0fa2bbd9ea905ec055ce79bdffdfbd475d25a1d09\
+ 2b6edd5ccc8cbba579ebef9c83be024460f07d1a27b3843e18f83e4dc71a3bdb\
+ 32267b6e218324a3ebe9202e56e132edc5f5c52f4f44f495074614c6d9747d5b\
+ 36763bbcd352b00d7d6252f23656917fb1416485120e681e00622c6b35d81c64
+Test: Verify
+Message: 15E7B7B7ED0F176B6799
+Signature: \
+ 21c364a74387f14120f2825e7e8aa86498800e267c3dbe56b6ce0478921d95a7\
+ 19ce489a6faf7654a9a1ed8af0da6698aec80513519bbe890409b3164d7c577f\
+ 8836cf32faf7ec0859986642547abb725b97b2ff4eb4a2ffe1268c5f689a96cf\
+ 3a1b6192d29c7fce68470dcdf3f3e74d314700745232b49abaf1861b0612aef0\
+ b93518e03db3db269381c6eff4e125fff4cdabe9e462f3b926582f5803b4431d\
+ 1e0549956a48389d29fe0f8173d1d7d62883573b9b6fd19afb78b339bd9db1b6\
+ 824c58d088855865d35143796cb11121fb2262918f2f43e2b7ea04091fa1d771\
+ 44c8b22a1a7650276a0651e25ca1a3eecdc2d52fe1a92d8436e0b682db411b13
+Test: Verify
+Message: B36724C92954C38D0288
+Signature: \
+ 13107f891f2d6b7b18542d1285e353d7f6b28f483bee1d30145ab5bf121798d9\
+ 2b579fd37f88ccd9c3cdbffcfcf71f6cfb4af863dc783898380fb6ba4610ab3b\
+ a683fd3ff2a50e2d75f1f0dcc33c71d020a9bd0757a345f8234a71360948ea26\
+ 87b4bd5a39ff5d0c33e6736933759e3b183bd7f3bc793743c4eeace201d58107\
+ 5f22fbaad6c4c190681f87cd4043d2555f8fb2b8ce96329795e5b41c1dca3710\
+ bd1c772c4c954b68bb285c429fd5a01daf81fdd3a39ebc4da6ed74c548530375\
+ d92a0f1b3395143d697d68bc5e98701fd16b3d214c549206f0b711344a642476\
+ 2e1a9ab90461c36259964be805fa3d80e093d45ea411d407e6ced142c572eb4c
+Test: Verify
+Message: FA95400C2B14E064F76A
+Signature: \
+ 1bfbff59e854df6b53094d4fe46c7abe1d79562d99a843bbdab5b35a85b384f8\
+ dee895d94fbfb672dd7cfca1f9e7cbbb1a76e97a8efbddfa3ec7c9d9efb0d6b2\
+ 8b09ad0e26e8f0af32a309a45d316b3e3979f8b3ac4733c343463fb1b33cce71\
+ ed42a5ed914df586afeb50aa6316e49ba852514403b9d84ed9e76e593b034810\
+ 2d82aaa6dfbf5902da292f5966d7e26f7bf620ebb3e0c099e39375d82cb4b448\
+ bade152b9ca88eba9ec373f15bb013f3033b75497133940ff29b8a9e423dbffa\
+ f9cc20e12b886b124d57bb9cf1b4fc7598c6a6918edff8a3bc565705cdd31eee\
+ 6a5a4ad9a04ca14d28081480fdc96c7877f7cc72cfee50ed81bc79a5757e3beb
+Test: Verify
diff --git a/algparam.cpp b/algparam.cpp
index 1b980b6..1f49db6 100644
--- a/algparam.cpp
+++ b/algparam.cpp
@@ -2,19 +2,9 @@
#include "pch.h"
#include "algparam.h"
-#include "integer.h"
NAMESPACE_BEGIN(CryptoPP)
-const std::type_info & IntegerTypeId()
-{
- static const std::type_info &s_typeidInteger = typeid(Integer);
- return s_typeidInteger;
-}
-
-void AssignIntToInteger(void *pInteger, const void *pInt)
-{
- *reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt);
-}
+bool (*AssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt) = NULL;
NAMESPACE_END
diff --git a/algparam.h b/algparam.h
index 624fcdc..999998d 100644
--- a/algparam.h
+++ b/algparam.h
@@ -88,29 +88,33 @@ template <class T, class BASE>
class GetValueHelperClass
{
public:
- GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue)
+ GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst)
: m_pObject(pObject), m_name(name), m_valueType(&valueType), m_pValue(pValue), m_found(false), m_getValueNames(false)
{
- if (strcmp(name, "ValueNames") == 0)
- m_found = m_getValueNames = true;
-
- std::string thisPointerName = std::string("ThisPointer:") + typeid(T).name();
-
- if (m_getValueNames)
+ if (strcmp(m_name, "ValueNames") == 0)
{
- NameValuePairs::ThrowIfTypeMismatch(name, typeid(std::string), *m_valueType);
+ m_found = m_getValueNames = true;
+ NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(std::string), *m_valueType);
+ if (searchFirst)
+ searchFirst->GetVoidValue(m_name, valueType, pValue);
if (typeid(T) != typeid(BASE))
- pObject->BASE::GetVoidValue(name, valueType, pValue);
- (*reinterpret_cast<std::string *>(m_pValue) += thisPointerName) += ";";
+ pObject->BASE::GetVoidValue(m_name, valueType, pValue);
+ ((*reinterpret_cast<std::string *>(m_pValue) += "ThisPointer:") += typeid(T).name()) += ';';
}
- else if (name == thisPointerName)
+
+ if (!m_found && strncmp(m_name, "ThisPointer:", 12) == 0 && strcmp(m_name+12, typeid(T).name()) == 0)
{
- NameValuePairs::ThrowIfTypeMismatch(name, typeid(T *), *m_valueType);
+ NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T *), *m_valueType);
*reinterpret_cast<const T **>(pValue) = pObject;
m_found = true;
+ return;
}
- else if (typeid(T) != typeid(BASE))
- m_found = pObject->BASE::GetVoidValue(name, valueType, pValue);
+
+ if (!m_found && searchFirst)
+ m_found = searchFirst->GetVoidValue(m_name, valueType, pValue);
+
+ if (!m_found && typeid(T) != typeid(BASE))
+ m_found = pObject->BASE::GetVoidValue(m_name, valueType, pValue);
}
operator bool() const {return m_found;}
@@ -120,7 +124,7 @@ public:
{
if (m_getValueNames)
(*reinterpret_cast<std::string *>(m_pValue) += name) += ";";
- else if (!m_found && strcmp(name, m_name) == 0)
+ if (!m_found && strcmp(name, m_name) == 0)
{
NameValuePairs::ThrowIfTypeMismatch(name, typeid(R), *m_valueType);
*reinterpret_cast<R *>(m_pValue) = (m_pObject->*pm)();
@@ -131,10 +135,9 @@ public:
GetValueHelperClass<T,BASE> &Assignable()
{
- std::string thisObjectName = std::string("ThisObject:") + typeid(T).name();
if (m_getValueNames)
- (*reinterpret_cast<std::string *>(m_pValue) += thisObjectName) += ";";
- else if (!m_found && m_name == thisObjectName)
+ ((*reinterpret_cast<std::string *>(m_pValue) += "ThisObject:") += typeid(T).name()) += ';';
+ if (!m_found && strncmp(m_name, "ThisObject:", 11) == 0 && strcmp(m_name+11, typeid(T).name()) == 0)
{
NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T), *m_valueType);
*reinterpret_cast<T *>(m_pValue) = *m_pObject;
@@ -152,15 +155,15 @@ private:
};
template <class BASE, class T>
-GetValueHelperClass<T, BASE> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, BASE *dummy=NULL)
+GetValueHelperClass<T, BASE> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL, BASE *dummy=NULL)
{
- return GetValueHelperClass<T, BASE>(pObject, name, valueType, pValue);
+ return GetValueHelperClass<T, BASE>(pObject, name, valueType, pValue, searchFirst);
}
template <class T>
-GetValueHelperClass<T, T> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue)
+GetValueHelperClass<T, T> GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL)
{
- return GetValueHelperClass<T, T>(pObject, name, valueType, pValue);
+ return GetValueHelperClass<T, T>(pObject, name, valueType, pValue, searchFirst);
}
// ********************************************************
@@ -239,7 +242,8 @@ AssignFromHelperClass<T, T> AssignFromHelper(T *pObject, const NameValuePairs &s
// ********************************************************
-void AssignIntToInteger(void *pInteger, const void *pInt);
+// This should allow the linker to discard Integer code if not needed.
+extern bool (*AssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt);
const std::type_info & IntegerTypeId();
@@ -283,9 +287,7 @@ public:
else if (strcmp(name, m_name) == 0)
{
// special case for retrieving an Integer parameter when an int was passed in
- if (valueType == IntegerTypeId() && typeid(T) == typeid(int))
- AssignIntToInteger(pValue, &m_value);
- else
+ if (!(AssignIntToInteger != NULL && typeid(T) == typeid(int) && AssignIntToInteger(valueType, pValue, &m_value)))
{
ThrowIfTypeMismatch(name, typeid(T), valueType);
*reinterpret_cast<T *>(pValue) = m_value;
diff --git a/asn.h b/asn.h
index ab51369..b3fba6a 100644
--- a/asn.h
+++ b/asn.h
@@ -236,13 +236,15 @@ public:
virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const
{DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1
// one of the following two should be overriden
+ //! decode subjectPublicKey part of subjectPublicKeyInfo, or privateKey part of privateKeyInfo, without the BIT STRING or OCTET STRING header
virtual void BERDecodeKey(BufferedTransformation &bt) {assert(false);}
virtual void BERDecodeKey2(BufferedTransformation &bt, bool parametersPresent, unsigned int size)
{BERDecodeKey(bt);}
+ //! encode subjectPublicKey part of subjectPublicKeyInfo, or privateKey part of privateKeyInfo, without the BIT STRING or OCTET STRING header
virtual void DEREncodeKey(BufferedTransformation &bt) const =0;
};
-//! .
+//! encodes/decodes subjectPublicKeyInfo
class X509PublicKey : virtual public ASN1Key, public PublicKey
{
public:
@@ -250,7 +252,7 @@ public:
void DEREncode(BufferedTransformation &bt) const;
};
-//! .
+//! encodes/decodes privateKeyInfo
class PKCS8PrivateKey : virtual public ASN1Key, public PrivateKey
{
public:
diff --git a/base64.cpp b/base64.cpp
index 0cc48b9..3cf48ab 100644
--- a/base64.cpp
+++ b/base64.cpp
@@ -20,7 +20,7 @@ void Base64Encoder::IsolatedInitialize(const NameValuePairs &parameters)
("PaddingByte", s_padding)
("Log2Base", 6)
("GroupSize", insertLineBreaks ? maxLineLength : 0)
- ("Seperator", ConstByteArrayParameter("\n"))
+ ("Separator", ConstByteArrayParameter("\n"))
("Terminator", ConstByteArrayParameter("\n"))));
}
diff --git a/basecode.cpp b/basecode.cpp
index 7418a85..1e81ece 100644
--- a/basecode.cpp
+++ b/basecode.cpp
@@ -187,28 +187,26 @@ void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alpha
void Grouper::IsolatedInitialize(const NameValuePairs &parameters)
{
m_groupSize = parameters.GetIntValueWithDefault("GroupSize", 0);
- ConstByteArrayParameter seperator, terminator;
+ ConstByteArrayParameter separator, terminator;
if (m_groupSize)
- parameters.GetRequiredParameter("Grouper", "Seperator", seperator);
- else
- parameters.GetValue("Seperator", seperator);
+ parameters.GetRequiredParameter("Grouper", "Separator", separator);
parameters.GetValue("Terminator", terminator);
- m_seperator.Assign(seperator.begin(), seperator.size());
+ m_separator.Assign(separator.begin(), separator.size());
m_terminator.Assign(terminator.begin(), terminator.size());
m_counter = 0;
}
unsigned int Grouper::Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking)
{
+ FILTER_BEGIN;
if (m_groupSize)
{
- FILTER_BEGIN;
while (m_inputPosition < length)
{
if (m_counter == m_groupSize)
{
- FILTER_OUTPUT(1, m_seperator, m_seperator.size(), 0);
+ FILTER_OUTPUT(1, m_separator, m_separator.size(), 0);
m_counter = 0;
}
@@ -218,12 +216,13 @@ unsigned int Grouper::Put2(const byte *begin, unsigned int length, int messageEn
m_inputPosition += len;
m_counter += len;
}
- if (messageEnd)
- FILTER_OUTPUT(3, m_terminator, m_terminator.size(), messageEnd);
- FILTER_END_NO_MESSAGE_END
}
else
- return Output(0, begin, length, messageEnd, blocking);
+ FILTER_OUTPUT(3, begin, length, 0);
+
+ if (messageEnd)
+ FILTER_OUTPUT(4, m_terminator, m_terminator.size(), messageEnd);
+ FILTER_END_NO_MESSAGE_END
}
NAMESPACE_END
diff --git a/basecode.h b/basecode.h
index dcb49b0..9d6164f 100644
--- a/basecode.h
+++ b/basecode.h
@@ -61,11 +61,11 @@ public:
Grouper(BufferedTransformation *attachment=NULL)
: Bufferless<Filter>(attachment) {}
- Grouper(int groupSize, const std::string &seperator, const std::string &terminator, BufferedTransformation *attachment=NULL)
+ Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL)
: Bufferless<Filter>(attachment)
{
IsolatedInitialize(MakeParameters("GroupSize", groupSize)
- ("Seperator", ConstByteArrayParameter(seperator))
+ ("Separator", ConstByteArrayParameter(separator))
("Terminator", ConstByteArrayParameter(terminator)));
}
@@ -73,7 +73,7 @@ public:
unsigned int Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking);
private:
- SecByteBlock m_seperator, m_terminator;
+ SecByteBlock m_separator, m_terminator;
unsigned int m_groupSize, m_counter;
};
diff --git a/bench.cpp b/bench.cpp
index 1fece27..44c0c96 100644
--- a/bench.cpp
+++ b/bench.cpp
@@ -229,7 +229,7 @@ void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub
unsigned int i;
double timeTaken;
for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
- priv.Decrypt(ciphertext, ciphertext.size(), plaintext);
+ priv.Decrypt(rng, ciphertext, ciphertext.size(), plaintext);
OutputResultOperations(name, "Decryption", false, i, timeTaken);
}
@@ -268,7 +268,7 @@ void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier
unsigned int i;
double timeTaken;
for (timeTaken=(double)0, i=0; timeTaken < timeTotal; timeTaken = double(clock() - start) / CLOCK_TICKS_PER_SECOND, i++)
- pub.VerifyMessage(message, len, signature);
+ pub.VerifyMessage(message, len, signature, signature.size());
OutputResultOperations(name, "Verification", pc, i, timeTaken);
@@ -555,10 +555,10 @@ void BenchMarkAll(double t)
BenchMarkCrypto<LUC_IES<> >("lucc1024.dat", "LUCELG 1024", t);
cout << "<TBODY style=\"background: yellow\">" << endl;
- BenchMarkSignature<RSASSA<PKCS1v15, SHA> >("rsa1024.dat", "RSA 1024", t);
- BenchMarkSignature<RabinPSSR<SHA> >("rabi1024.dat", "Rabin 1024", t);
- BenchMarkSignature<RWSSA<SHA> >("rw1024.dat", "RW 1024", t);
- BenchMarkSignature<LUCSSA<SHA> >("luc1024.dat", "LUC 1024", t);
+ BenchMarkSignature<RSASS<PSSR, SHA> >("rsa1024.dat", "RSA 1024", t);
+ BenchMarkSignature<RabinSS<PSSR, SHA> >("rabi1024.dat", "Rabin 1024", t);
+ BenchMarkSignature<RWSS<PSSR, SHA> >("rw1024.dat", "RW 1024", t);
+ BenchMarkSignature<LUCSS<PSSR, SHA> >("luc1024.dat", "LUC 1024", t);
BenchMarkSignature<NR<SHA> >("nr1024.dat", "NR 1024", t);
BenchMarkSignature<DSA>("dsa1024.dat", "DSA 1024", t);
BenchMarkSignature<LUC_HMP<SHA> >("lucs512.dat", "LUC-HMP 512", t);
@@ -566,10 +566,10 @@ void BenchMarkAll(double t)
BenchMarkSignature<ESIGN<SHA> >("esig1536.dat", "ESIGN 1536", t);
cout << "<TBODY style=\"background: white\">" << endl;
- BenchMarkSignature<RSASSA<PKCS1v15, SHA> >("rsa2048.dat", "RSA 2048", t);
- BenchMarkSignature<RabinPSSR<SHA> >("rabi2048.dat", "Rabin 2048", t);
- BenchMarkSignature<RWSSA<SHA> >("rw2048.dat", "RW 2048", t);
- BenchMarkSignature<LUCSSA<SHA> >("luc2048.dat", "LUC 2048", t);
+ BenchMarkSignature<RSASS<PSSR, SHA> >("rsa2048.dat", "RSA 2048", t);
+ BenchMarkSignature<RabinSS<PSSR, SHA> >("rabi2048.dat", "Rabin 2048", t);
+ BenchMarkSignature<RWSS<PSSR, SHA> >("rw2048.dat", "RW 2048", t);
+ BenchMarkSignature<LUCSS<PSSR, SHA> >("luc2048.dat", "LUC 2048", t);
BenchMarkSignature<NR<SHA> >("nr2048.dat", "NR 2048", t);
BenchMarkSignature<LUC_HMP<SHA> >("lucs1024.dat", "LUC-HMP 1024", t);
BenchMarkSignature<ESIGN<SHA> >("esig2046.dat", "ESIGN 2046", t);
diff --git a/config.h b/config.h
index a7f18e3..f27910c 100644
--- a/config.h
+++ b/config.h
@@ -171,7 +171,7 @@ union dword_union
NAMESPACE_END
// VC60 workaround: it doesn't allow typename in some places
-#ifdef _MSC_VER
+#if defined(_MSC_VER) && (_MSC_VER < 1300)
#define CPP_TYPENAME
#else
#define CPP_TYPENAME typename
diff --git a/cryptlib.cpp b/cryptlib.cpp
index 9e0d59f..e3fe2d5 100644
--- a/cryptlib.cpp
+++ b/cryptlib.cpp
@@ -545,15 +545,15 @@ BufferedTransformation * PK_Encryptor::CreateEncryptionFilter(RandomNumberGenera
return new EncryptionFilter(rng, *this, attachment);
}
-BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(BufferedTransformation *attachment) const
+BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment) const
{
struct DecryptionFilter : public Unflushable<FilterWithInputQueue>
{
// VC60 complains if this function is missing
- DecryptionFilter(const DecryptionFilter &x) : Unflushable<FilterWithInputQueue>(NULL), m_decryptor(x.m_decryptor) {}
+ DecryptionFilter(const DecryptionFilter &x) : Unflushable<FilterWithInputQueue>(NULL), m_rng(x.m_rng), m_decryptor(x.m_decryptor) {}
- DecryptionFilter(const PK_Decryptor &decryptor, BufferedTransformation *attachment)
- : Unflushable<FilterWithInputQueue>(attachment), m_decryptor(decryptor)
+ DecryptionFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment)
+ : Unflushable<FilterWithInputQueue>(attachment), m_rng(rng), m_decryptor(decryptor)
{
}
@@ -569,7 +569,7 @@ BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(BufferedTransforma
SecByteBlock ciphertext(ciphertextLength);
m_inQueue.Get(ciphertext, ciphertextLength);
m_plaintext.resize(maxPlaintextLength);
- m_result = m_decryptor.Decrypt(ciphertext, ciphertextLength, m_plaintext);
+ m_result = m_decryptor.Decrypt(m_rng, ciphertext, ciphertextLength, m_plaintext);
if (!m_result.isValidCoding)
throw InvalidCiphertext(m_decryptor.AlgorithmName() + ": invalid ciphertext");
}
@@ -581,12 +581,13 @@ BufferedTransformation * PK_Decryptor::CreateDecryptionFilter(BufferedTransforma
return true;
}
+ RandomNumberGenerator &m_rng;
const PK_Decryptor &m_decryptor;
SecByteBlock m_plaintext;
DecodingResult m_result;
};
- return new DecryptionFilter(*this, attachment);
+ return new DecryptionFilter(rng, *this, attachment);
}
unsigned int PK_FixedLengthCryptoSystem::MaxPlaintextLength(unsigned int cipherTextLength) const
@@ -605,38 +606,64 @@ unsigned int PK_FixedLengthCryptoSystem::CiphertextLength(unsigned int plainText
return 0;
}
-DecodingResult PK_FixedLengthDecryptor::Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const
+DecodingResult PK_FixedLengthDecryptor::Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const
{
if (cipherTextLength != FixedCiphertextLength())
return DecodingResult();
- return FixedLengthDecrypt(cipherText, plainText);
+ return FixedLengthDecrypt(rng, cipherText, plainText);
+}
+
+unsigned int PK_Signer::Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const
+{
+ std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator);
+ return SignAndRestart(rng, *m, signature, false);
+}
+
+unsigned int PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const
+{
+ std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng));
+ m->Update(message, messageLen);
+ return SignAndRestart(rng, *m, signature, false);
+}
+
+unsigned int PK_Signer::SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength, byte *signature) const
+{
+ std::auto_ptr<PK_MessageAccumulator> m(NewSignatureAccumulator(rng));
+ InputRecoverableMessage(*m, recoverableMessage, recoverableMessageLength);
+ m->Update(nonrecoverableMessage, nonrecoverableMessageLength);
+ return SignAndRestart(rng, *m, signature, false);
}
-void PK_Signer::Sign(RandomNumberGenerator &rng, HashTransformation *messageAccumulator, byte *signature) const
+bool PK_Verifier::Verify(PK_MessageAccumulator *messageAccumulator) const
{
- std::auto_ptr<HashTransformation> m(messageAccumulator);
- SignAndRestart(rng, *m, signature);
+ std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator);
+ return VerifyAndRestart(*m);
}
-void PK_Signer::SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const
+bool PK_Verifier::VerifyMessage(const byte *message, unsigned int messageLen, const byte *signature, unsigned int signatureLength) const
{
- std::auto_ptr<HashTransformation> accumulator(NewSignatureAccumulator());
- accumulator->Update(message, messageLen);
- SignAndRestart(rng, *accumulator, signature);
+ std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator());
+ InputSignature(*m, signature, signatureLength);
+ m->Update(message, messageLen);
+ return VerifyAndRestart(*m);
}
-bool PK_Verifier::Verify(HashTransformation *messageAccumulator, const byte *signature) const
+DecodingResult PK_Verifier::Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const
{
- std::auto_ptr<HashTransformation> m(messageAccumulator);
- return VerifyAndRestart(*m, signature);
+ std::auto_ptr<PK_MessageAccumulator> m(messageAccumulator);
+ return RecoverAndRestart(recoveredMessage, *m);
}
-bool PK_Verifier::VerifyMessage(const byte *message, unsigned int messageLen, const byte *sig) const
+DecodingResult PK_Verifier::RecoverMessage(byte *recoveredMessage,
+ const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength,
+ const byte *signature, unsigned int signatureLength) const
{
- std::auto_ptr<HashTransformation> accumulator(NewVerificationAccumulator());
- accumulator->Update(message, messageLen);
- return VerifyAndRestart(*accumulator, sig);
+ std::auto_ptr<PK_MessageAccumulator> m(NewVerificationAccumulator());
+ InputSignature(*m, signature, signatureLength);
+ m->Update(nonrecoverableMessage, nonrecoverableMessageLength);
+ return RecoverAndRestart(recoveredMessage, *m);
}
void SimpleKeyAgreementDomain::GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const
diff --git a/cryptlib.dsp b/cryptlib.dsp
index 2448b98..5cb3b63 100644
--- a/cryptlib.dsp
+++ b/cryptlib.dsp
@@ -25,6 +25,8 @@ CFG=cryptlib - Win32 Debug
# Begin Project
# PROP AllowPerConfigDependencies 0
+# PROP Scc_ProjName ""
+# PROP Scc_LocalPath ""
CPP=cl.exe
RSC=rc.exe
@@ -402,6 +404,10 @@ SOURCE=.\polynomi.cpp
# End Source File
# Begin Source File
+SOURCE=.\pssr.cpp
+# End Source File
+# Begin Source File
+
SOURCE=.\pubkey.cpp
# End Source File
# Begin Source File
diff --git a/cryptlib.h b/cryptlib.h
index b73669d..2778397 100644
--- a/cryptlib.h
+++ b/cryptlib.h
@@ -21,7 +21,7 @@
<dt>Public Key Cryptosystems<dd>
DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
<dt>Public Key Signature Schemes<dd>
- DSA, GDSA, ECDSA, NR, ECNR, LUCSSA, RSASSA, RabinSSR, RWSSA, ESIGN
+ DSA, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RabinSS, RWSS, ESIGN
<dt>Key Agreement<dd>
#DH, DH2, #MQV, ECDH, ECMQV, XTR_DH
<dt>Algebraic Structures<dd>
@@ -106,7 +106,7 @@ public:
OTHER_ERROR
};
- explicit Exception(ErrorType errorType, const std::string &s) : m_what(s) {}
+ explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {}
virtual ~Exception() throw() {}
const char *what() const throw() {return (m_what.c_str());}
const std::string &GetWhat() const {return m_what;}
@@ -319,7 +319,7 @@ public:
class Algorithm : public Clonable
{
public:
- /*! When FIPS-140-2 compliance is enabled and checkSelfTestStatus == true,
+ /*! When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true,
this constructor throws SelfTestFailure if the self test hasn't been run or fails. */
Algorithm(bool checkSelfTestStatus = true);
//! returns name of this algorithm, not universally implemented yet
@@ -519,6 +519,9 @@ public:
//! input to Update() should have length a multiple of this for optimal speed
virtual unsigned int OptimalBlockSize() const {return 1;}
+ //! returns how input should be aligned for optimal performance
+ virtual unsigned int OptimalDataAlignment() const {return 1;}
+
//! use this if your input is in one piece and you don't want to call Update() and Final() separately
virtual void CalculateDigest(byte *digest, const byte *input, unsigned int length)
{Update(input, length); Final(digest);}
@@ -691,8 +694,9 @@ public:
//! input a 32-bit word
unsigned int PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true);
- //! request space to write bytes into for processing
+ //! request space which can be written into by the caller, and then used as input to Put()
/*! \param size is requested size (as a hint) for input, and size of the returned space for output */
+ /*! \note The purpose of this method is to help avoid doing extra memory allocations. */
virtual byte * CreatePutSpace(unsigned int &size) {size=0; return NULL;}
virtual bool CanModifyInput() const {return false;}
@@ -1126,12 +1130,12 @@ public:
/*! \pre size of plainText == MaxPlainTextLength(cipherTextLength) bytes.
\return the actual length of the plaintext, or 0 if decryption fails.
*/
- virtual DecodingResult Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const =0;
+ virtual DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const =0;
//! create a new decryption filter
/*! \note caller is responsible for deleting the returned pointer
*/
- virtual BufferedTransformation * CreateDecryptionFilter(BufferedTransformation *attachment=NULL) const;
+ virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng, BufferedTransformation *attachment=NULL) const;
};
//! interface for encryptors and decryptors with fixed length ciphertext
@@ -1175,165 +1179,154 @@ public:
\pre size of plainText == MaxPlainTextLength()
\return the actual length of the plaintext, or 0 if decryption fails.
*/
- virtual DecodingResult FixedLengthDecrypt(const byte *cipherText, byte *plainText) const =0;
-
- DecodingResult Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const;
+ virtual DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const =0;
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
- DecodingResult Decrypt(const byte *cipherText, byte *plainText) const {return FixedLengthDecrypt(cipherText, plainText);}
-#endif
+ DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const;
};
//! interface for public-key signers and verifiers
/*! This class provides an interface common to signers and verifiers
- for querying their signature lengths and creating message
- accumulators.
+ for querying scheme properties.
*/
class PK_SignatureScheme
{
public:
+ //! invalid key exception, may be thrown by any function in this class if the private or public key has a length that can't be used
+ class InvalidKeyLength : public Exception
+ {
+ public:
+ InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {}
+ };
+
+ //! key too short exception, may be thrown by any function in this class if the private or public key is too short to sign or verify anything
+ class KeyTooShort : public InvalidKeyLength
+ {
+ public:
+ KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {}
+ };
+
virtual ~PK_SignatureScheme() {}
- //! signature length support by this object (as either input or output)
+ //! signature length if it only depends on the key, otherwise 0
virtual unsigned int SignatureLength() const =0;
- //! deprecated, please use PK_Signer::NewSignatureAccumulator or PK_Verifier::NewVerificationAccumulator instead
- virtual HashTransformation * NewMessageAccumulator() const =0;
-};
+ //! maximum signature length produced for a given length of recoverable message part
+ virtual unsigned int MaxSignatureLength(unsigned int recoverablePartLength = 0) const {return SignatureLength();}
-//! interface for public-key signers
+ //! length of longest message that can be recovered, or 0 if this signature scheme does not support message recovery
+ virtual unsigned int MaxRecoverableLength() const =0;
-class PK_Signer : virtual public PK_SignatureScheme, public PrivateKeyAlgorithm
-{
-public:
- //! key too short exception, may be thrown by Sign() or SignMessage()
- class KeyTooShort : public Exception
- {
- public:
- KeyTooShort() : Exception(OTHER_ERROR, "PK_Signer: key too short") {}
- };
+ //! length of longest message that can be recovered from a signature of given length, or 0 if this signature scheme does not support message recovery
+ virtual unsigned int MaxRecoverableLengthFromSignatureLength(unsigned int signatureLength) const =0;
- //! sign and delete messageAccumulator (even in case of exception thrown)
- /*! \pre messageAccumulator was obtained by calling NewSignatureAccumulator()
- \pre HashTransformation::Final() has not been called on messageAccumulator
- \pre size of signature == SignatureLength()
- */
- virtual void Sign(RandomNumberGenerator &rng, HashTransformation *messageAccumulator, byte *signature) const;
+ //! requires a random number generator to sign
+ /*! if this returns false, NullRNG() can be passed to functions that take RandomNumberGenerator & */
+ virtual bool IsProbabilistic() const =0;
- //! sign and restart messageAccumulator
- virtual void SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const =0;
+ //! whether or not a non-recoverable message part can be signed
+ virtual bool AllowNonrecoverablePart() const =0;
- //! sign a message
- /*! \pre size of signature == SignatureLength() */
- virtual void SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const;
+ //! if this function returns true, during verification you must input the signature before the message, otherwise you can input it at anytime */
+ virtual bool SignatureUpfront() const {return false;}
- //! create a new HashTransformation to accumulate the message to be signed
- virtual HashTransformation * NewSignatureAccumulator() const
- {return NewMessageAccumulator();}
+ //! whether you must input the recoverable part before the non-recoverable part during signing
+ virtual bool RecoverablePartFirst() const =0;
};
-//! interface for public-key signature verifiers
+//! interface for accumulating messages to be signed or verified
+/*! Only Update() should be called
+ on this class. No other functions inherited from HashTransformation should be called.
+*/
+class PK_MessageAccumulator : public HashTransformation
+{
+public:
+ //! should not be called on PK_MessageAccumulator
+ unsigned int DigestSize() const
+ {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");}
+ //! should not be called on PK_MessageAccumulator
+ void TruncatedFinal(byte *digest, unsigned int digestSize)
+ {throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called");}
+};
-class PK_Verifier : virtual public PK_SignatureScheme, public PublicKeyAlgorithm
+//! interface for public-key signers
+
+class PK_Signer : virtual public PK_SignatureScheme, public PrivateKeyAlgorithm
{
public:
- /*! If this function returns true, you must input the signature when
- calling NewVerificationAccumulator(). Otherwise, you must input the signature
- when calling Verify(). */
- virtual bool SignatureUpfrontForVerification() const {return false;}
+ //! create a new HashTransformation to accumulate the message to be signed
+ virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng = NullRNG()) const =0;
- //! create a new HashTransformation to accumulate the message to be verified
- /*! \param signature is ignored if SignatureUpfrontForVerification() == false
- \param signature may be NULL to indicate that the signature is not available yet
- */
- virtual HashTransformation * NewVerificationAccumulator(const byte *signature=NULL) const
- {return NewMessageAccumulator();}
-
- //! check whether sig is a valid signature for messageAccumulator, and delete messageAccumulator (even in case of exception thrown)
- /*! \pre messageAccumulator was obtained by calling NewVerificationAccumulator()
- \pre HashTransformation::Final() has not been called on messageAccumulator
- \pre length of signature == SignatureLength()
- \param signature is ignored if SignatureUpfrontForVerification() == true
+ virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const =0;
+
+ //! sign and delete messageAccumulator (even in case of exception thrown)
+ /*! \pre size of signature == MaxSignatureLength()
+ \return actual signature length
*/
- virtual bool Verify(HashTransformation *messageAccumulator, const byte *signature=NULL) const;
+ virtual unsigned int Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;
- //! check whether sig is a valid signature for messageAccumulator, and restart messageAccumulator
- /*! \note depending on SignatureUpfrontForVerification(), signature is either the current or the next signature
- \param signature may be NULL to indicate that the next signature is not available yet
+ //! sign and restart messageAccumulator
+ /*! \pre size of signature == MaxSignatureLength()
+ \return actual signature length
*/
- virtual bool VerifyAndRestart(HashTransformation &messageAccumulator, const byte *signature) const =0;
+ virtual unsigned int SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;
- //! only useful if SignatureUpfrontForVerification() == true
- virtual void InitializeVerificationAccumulator(HashTransformation &messageAccumulator, const byte *signature) const {}
+ //! sign a message
+ /*! \pre size of signature == MaxSignatureLength()
+ \return actual signature length
+ */
+ virtual unsigned int SignMessage(RandomNumberGenerator &rng, const byte *message, unsigned int messageLen, byte *signature) const;
- //! check whether sig is a valid signature for message
- /*! \pre size of signature == SignatureLength() */
- virtual bool VerifyMessage(const byte *message, unsigned int messageLen, const byte *signature) const;
+ //! sign a recoverable message
+ /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)
+ \return actual signature length
+ */
+ virtual unsigned int SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength, byte *signature) const;
};
-//! interface for public-key signers and verifiers with recovery
-
-/*! In a signature scheme with recovery, a verifier is able to extract
- a message from its valid signature.
+//! interface for public-key signature verifiers
+/*! The Recover* functions throw NotImplemented if the signature scheme does not support
+ message recovery.
+ The Verify* functions throw InvalidDataFormat if the scheme does support message
+ recovery and the signature contains a non-empty recoverable message part. The
+ Recovery* functions should be used in that case.
*/
-class PK_SignatureSchemeWithRecovery : virtual public PK_SignatureScheme
+class PK_Verifier : virtual public PK_SignatureScheme, public PublicKeyAlgorithm
{
public:
- //! length of longest message that can be fully recovered
- virtual unsigned int MaximumRecoverableLength() const =0;
-
- //! whether or not messages longer than MaximumRecoverableLength() can be signed
- /*! If this function returns false, any message longer than
- MaximumRecoverableLength() will be truncated for signature
- and will fail verification.
- */
- virtual bool AllowLeftoverMessage() const =0;
-};
-
-//! interface for public-key signers with recovery
+ //! create a new HashTransformation to accumulate the message to be verified
+ virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0;
-class PK_SignerWithRecovery : virtual public PK_SignatureSchemeWithRecovery, virtual public PK_Signer
-{
-};
+ //! input signature into a message accumulator
+ virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const =0;
-//! interface for public-key verifiers with recovery
+ //! check whether messageAccumulator contains a valid signature and message, and delete messageAccumulator (even in case of exception thrown)
+ virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const;
-/*! A PK_VerifierWithRecovery can also be used the same way as a PK_Verifier,
- where the signature and the entire message is given to Verify() or
- VerifyMessage() as input.
-*/
-class PK_VerifierWithRecovery : virtual public PK_SignatureSchemeWithRecovery, virtual public PK_Verifier
-{
-public:
- /*! If this function returns true, you must input the signature when
- calling NewRecoveryAccumulator(). Otherwise, you must input the signature
- when calling Recover(). */
- virtual bool SignatureUpfrontForRecovery() const =0;
+ //! check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator
+ virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0;
- //! create a new HashTransformation to accumulate leftover message
- virtual HashTransformation * NewRecoveryAccumulator(const byte *signature=NULL) const =0;
+ //! check whether input signature is a valid signature for input message
+ virtual bool VerifyMessage(const byte *message, unsigned int messageLen,
+ const byte *signature, unsigned int signatureLength) const;
//! recover a message from its signature
- /*! \pre leftoverMessageAccumulator was obtained by calling NewLeftoverMessageAccumulator(signature)
- \pre HashTransformation::Final() has not been called on leftoverMessageAccumulator
- \pre length of signature == SignatureLength()
- \pre size of recoveredMessage == MaximumRecoverableLength()
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
*/
- virtual DecodingResult Recover(byte *recoveredMessage, HashTransformation *recoveryAccumulator, const byte *signature=NULL) const =0;
+ virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;
//! recover a message from its signature
- /*! depending on SignatureUpfrontForRecovery(), signature is either the current or the next signature */
- // TODO: uncomment this and implement
- // virtual unsigned int RecoverAndRestart(byte *recoveredMessage, HashTransformation &recoveryAccumulator, const byte *signature) const =0;
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ */
+ virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;
//! recover a message from its signature
- /*! \note This function should be equivalent to Recover(recoveredMessage, NewRecoveryAccumulator(signature), signature)
- \pre length of signature == SignatureLength()
- \pre size of recoveredMessage == MaximumRecoverableLength()
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
*/
- virtual DecodingResult RecoverMessage(byte *recoveredMessage, const byte *message, unsigned int messageLen, const byte *signature) const
- {return Recover(recoveredMessage, NewRecoveryAccumulator(signature), signature);}
+ virtual DecodingResult RecoverMessage(byte *recoveredMessage,
+ const byte *nonrecoverableMessage, unsigned int nonrecoverableMessageLength,
+ const byte *signature, unsigned int signatureLength) const;
};
//! interface for domains of simple key agreement protocols
diff --git a/datatest.cpp b/datatest.cpp
index 1be7d89..eac1d7f 100644
--- a/datatest.cpp
+++ b/datatest.cpp
@@ -222,7 +222,7 @@ void TestEncryptionScheme(TestData &v)
if (test == "DecryptMatch")
{
std::string decrypted, expected = GetDecodedDatum(v, "Plaintext");
- StringSource ss(GetDecodedDatum(v, "Ciphertext"), true, new PK_DecryptorFilter(*decryptor, new StringSink(decrypted)));
+ StringSource ss(GetDecodedDatum(v, "Ciphertext"), true, new PK_DecryptorFilter(GlobalRNG(), *decryptor, new StringSink(decrypted)));
if (decrypted != expected)
SignalTestFailure();
}
@@ -356,15 +356,12 @@ void OutputNameValuePairs(const NameValuePairs &v)
}
}
-bool RunTestDataFile(const char *filename)
+void TestDataFile(const std::string &filename, unsigned int &totalTests, unsigned int &failedTests)
{
- RegisterFactories();
-
- std::ifstream file(filename);
+ std::ifstream file(filename.c_str());
TestData v;
s_currentTestData = &v;
std::string name, value, lastAlgName;
- unsigned int totalTests = 0, failedTests = 0;
while (file)
{
@@ -386,7 +383,7 @@ bool RunTestDataFile(const char *filename)
if (lastAlgName != GetRequiredDatum(v, "Name"))
{
lastAlgName = GetRequiredDatum(v, "Name");
- cout << "Testing " << algType.c_str() << " algorithm " << lastAlgName.c_str() << ".\n";
+ cout << "\nTesting " << algType.c_str() << " algorithm " << lastAlgName.c_str() << ".\n";
}
try
@@ -399,6 +396,8 @@ bool RunTestDataFile(const char *filename)
TestDigestOrMAC(v, true);
else if (algType == "MAC")
TestDigestOrMAC(v, false);
+ else if (algType == "FileList")
+ TestDataFile(GetRequiredDatum(v, "Test"), totalTests, failedTests);
else
SignalTestError();
failed = false;
@@ -427,6 +426,13 @@ bool RunTestDataFile(const char *filename)
totalTests++;
}
}
+}
+
+bool RunTestDataFile(const char *filename)
+{
+ RegisterFactories();
+ unsigned int totalTests = 0, failedTests = 0;
+ TestDataFile(filename, totalTests, failedTests);
cout << "\nTests complete. Total tests = " << totalTests << ". Failed tests = " << failedTests << ".\n";
if (failedTests != 0)
cout << "SOME TESTS FAILED!\n";
diff --git a/eccrypto.cpp b/eccrypto.cpp
index 28110b7..b0042e8 100644
--- a/eccrypto.cpp
+++ b/eccrypto.cpp
@@ -542,13 +542,13 @@ void DL_GroupParameters_EC<EC>::SimultaneousExponentiate(Element *results, const
}
template <class EC>
-DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const
+CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::MultiplyElements(const Element &a, const Element &b) const
{
return GetCurve().Add(a, b);
}
template <class EC>
-DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const
+CPP_TYPENAME DL_GroupParameters_EC<EC>::Element DL_GroupParameters_EC<EC>::CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const
{
return GetCurve().CascadeMultiply(exponent1, element1, exponent2, element2);
}
diff --git a/eccrypto.h b/eccrypto.h
index 9706b7f..dafa1c7 100644
--- a/eccrypto.h
+++ b/eccrypto.h
@@ -172,14 +172,14 @@ public:
};
//! Elliptic Curve Diffie-Hellman, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECDH">ECDH</a>
-template <class EC, class COFACTOR_OPTION = DL_GroupParameters_EC<EC>::DefaultCofactorOption>
+template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
struct ECDH
{
typedef DH_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
};
/// Elliptic Curve Menezes-Qu-Vanstone, AKA <a href="http://www.weidai.com/scan-mirror/ka.html#ECMQV">ECMQV</a>
-template <class EC, class COFACTOR_OPTION = DL_GroupParameters_EC<EC>::DefaultCofactorOption>
+template <class EC, class COFACTOR_OPTION = CPP_TYPENAME DL_GroupParameters_EC<EC>::DefaultCofactorOption>
struct ECMQV
{
typedef MQV_Domain<DL_GroupParameters_EC<EC>, COFACTOR_OPTION> Domain;
@@ -222,13 +222,13 @@ public:
//! <a href="http://www.weidai.com/scan-mirror/sig.html#ECDSA">ECDSA</a>
template <class EC, class H>
-struct ECDSA : public DL_SSA<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, H>
+struct ECDSA : public DL_SS<DL_Keys_ECDSA<EC>, DL_Algorithm_ECDSA<EC>, DL_SignatureMessageEncodingMethod_DSA, H>
{
};
//! ECNR
template <class EC, class H = SHA>
-struct ECNR : public DL_SSA<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, H>
+struct ECNR : public DL_SS<DL_Keys_EC<EC>, DL_Algorithm_ECNR<EC>, DL_SignatureMessageEncodingMethod_NR, H>
{
};
diff --git a/elgamal.h b/elgamal.h
index a2f6ffb..65446c5 100644
--- a/elgamal.h
+++ b/elgamal.h
@@ -83,8 +83,8 @@ public:
const DL_GroupParameters_GFP & GetGroupParameters() const {return GetKey().GetGroupParameters();}
- DecodingResult FixedLengthDecrypt(const byte *cipherText, byte *plainText) const
- {return Decrypt(cipherText, FixedCiphertextLength(), plainText);}
+ DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const
+ {return Decrypt(rng, cipherText, FixedCiphertextLength(), plainText);}
protected:
const DL_KeyAgreementAlgorithm<Integer> & GetKeyAgreementAlgorithm() const {return *this;}
diff --git a/esign.h b/esign.h
index 69ec86b..9107bb2 100644
--- a/esign.h
+++ b/esign.h
@@ -83,32 +83,35 @@ protected:
//! .
template <class T>
-class EMSA5Pad : public PK_NonreversiblePaddingAlgorithm
+class EMSA5Pad : public PK_DeterministicSignatureMessageEncodingMethod
{
public:
static const char *StaticAlgorithmName() {return "EMSA5";}
- unsigned int MaxUnpaddedLength(unsigned int paddedLength) const {return UINT_MAX;}
-
- void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const
+ void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
{
- unsigned int paddedByteLength = BitsToBytes(paddedLength);
- memset(padded, 0, paddedByteLength);
- T::GenerateAndMask(padded, paddedByteLength, raw, inputLength);
- if (paddedLength % 8 != 0)
- padded[0] = (byte)Crop(padded[0], paddedLength % 8);
+ m_digest.New(hash.DigestSize());
+ hash.Final(m_digest);
+ unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
+ T mgf;
+ mgf.GenerateAndMask(hash, representative, representativeByteLength, m_digest, m_digest.size(), false);
+ if (representativeBitLength % 8 != 0)
+ representative[0] = (byte)Crop(representative[0], representativeBitLength % 8);
}
+
+private:
+ mutable SecByteBlock m_digest;
};
//! EMSA5, for use with ESIGN
struct P1363_EMSA5 : public SignatureStandard
{
- template <class H> struct SignaturePaddingAlgorithm {typedef EMSA5Pad<P1363_MGF1<H> > type;};
- template <class H> struct DecoratedHashingAlgorithm {typedef H type;};
+ typedef EMSA5Pad<P1363_MGF1> SignatureMessageEncodingMethod;
};
-template<> struct CryptoStandardTraits<P1363_EMSA5> : public P1363_EMSA5 {};
-
struct ESIGN_Keys
{
static std::string StaticAlgorithmName() {return "ESIGN";}
@@ -118,7 +121,7 @@ struct ESIGN_Keys
//! ESIGN, as defined in IEEE P1363a
template <class H, class STANDARD = P1363_EMSA5>
-struct ESIGN : public TF_SSA<STANDARD, H, ESIGN_Keys>
+struct ESIGN : public TF_SS<STANDARD, H, ESIGN_Keys>
{
};
diff --git a/factory.h b/factory.h
index 85d6631..42670b7 100644
--- a/factory.h
+++ b/factory.h
@@ -30,7 +30,7 @@ class ObjectFactoryRegistry
public:
~ObjectFactoryRegistry()
{
- for (Map::iterator i = m_map.begin(); i != m_map.end(); ++i)
+ for (CPP_TYPENAME Map::iterator i = m_map.begin(); i != m_map.end(); ++i)
{
delete i->second;
i->second = NULL;
@@ -44,7 +44,7 @@ public:
const ObjectFactory<AbstractClass> * GetFactory(const char *name) const
{
- Map::const_iterator i = m_map.find(name);
+ CPP_TYPENAME Map::const_iterator i = m_map.find(name);
return i == m_map.end() ? NULL : i->second;
}
diff --git a/filters.cpp b/filters.cpp
index d2b08fe..ffac565 100644
--- a/filters.cpp
+++ b/filters.cpp
@@ -733,7 +733,8 @@ void SignatureVerificationFilter::InitializeDerivedAndReturnNewSizes(const NameV
{
m_flags = parameters.GetValueWithDefault(Name::SignatureVerificationFilterFlags(), (word32)DEFAULT_FLAGS);
m_messageAccumulator.reset(m_verifier.NewVerificationAccumulator());
- unsigned int size = m_verifier.SignatureLength();
+ unsigned int size = m_verifier.SignatureLength();
+ assert(size != 0); // TODO: handle recoverable signature scheme
m_verified = false;
firstSize = m_flags & SIGNATURE_AT_BEGIN ? size : 0;
blockSize = 1;
@@ -744,8 +745,8 @@ void SignatureVerificationFilter::FirstPut(const byte *inString)
{
if (m_flags & SIGNATURE_AT_BEGIN)
{
- if (m_verifier.SignatureUpfrontForVerification())
- m_verifier.InitializeVerificationAccumulator(*m_messageAccumulator, inString);
+ if (m_verifier.SignatureUpfront())
+ m_verifier.InputSignature(*m_messageAccumulator, inString, m_verifier.SignatureLength());
else
{
m_signature.New(m_verifier.SignatureLength());
@@ -757,7 +758,7 @@ void SignatureVerificationFilter::FirstPut(const byte *inString)
}
else
{
- assert(!m_verifier.SignatureUpfrontForVerification());
+ assert(!m_verifier.SignatureUpfront());
}
}
@@ -773,11 +774,13 @@ void SignatureVerificationFilter::LastPut(const byte *inString, unsigned int len
if (m_flags & SIGNATURE_AT_BEGIN)
{
assert(length == 0);
- m_verified = m_verifier.Verify(m_messageAccumulator.release(), m_signature);
+ m_verifier.InputSignature(*m_messageAccumulator, m_signature, m_signature.size());
+ m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator);
}
else
{
- m_verified = (length==m_verifier.SignatureLength() && m_verifier.Verify(m_messageAccumulator.release(), inString));
+ m_verifier.InputSignature(*m_messageAccumulator, inString, length);
+ m_verified = m_verifier.VerifyAndRestart(*m_messageAccumulator);
if (m_flags & PUT_SIGNATURE)
AttachedTransformation()->Put(inString, length);
}
diff --git a/filters.h b/filters.h
index 1b8965b..b2ddec2 100644
--- a/filters.h
+++ b/filters.h
@@ -324,8 +324,8 @@ public:
private:
RandomNumberGenerator &m_rng;
- const PK_Signer &m_signer;
- member_ptr<HashTransformation> m_messageAccumulator;
+ const PK_Signer &m_signer;
+ member_ptr<PK_MessageAccumulator> m_messageAccumulator;
bool m_putMessage;
SecByteBlock m_buf;
};
@@ -354,7 +354,7 @@ protected:
private:
const PK_Verifier &m_verifier;
- member_ptr<HashTransformation> m_messageAccumulator;
+ member_ptr<PK_MessageAccumulator> m_messageAccumulator;
word32 m_flags;
SecByteBlock m_signature;
bool m_verified;
@@ -474,8 +474,8 @@ public:
class PK_DecryptorFilter : public SimpleProxyFilter
{
public:
- PK_DecryptorFilter(const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL)
- : SimpleProxyFilter(decryptor.CreateDecryptionFilter(), attachment) {}
+ PK_DecryptorFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL)
+ : SimpleProxyFilter(decryptor.CreateDecryptionFilter(rng), attachment) {}
};
//! Append input to a string object
@@ -491,9 +491,16 @@ public:
void IsolatedInitialize(const NameValuePairs &parameters)
{if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");}
+
unsigned int Put2(const byte *begin, unsigned int length, int messageEnd, bool blocking)
{
- m_output->append((const char_type *)begin, (const char_type *)begin+length);
+ if (length > 0)
+ {
+ typename T::size_type size = m_output->size();
+ if (length < size && size + length > m_output->capacity())
+ m_output->reserve(2*size);
+ m_output->append((const char_type *)begin, (const char_type *)begin+length);
+ }
return 0;
}
diff --git a/fips140.cpp b/fips140.cpp
index 9a1a6f9..7781956 100644
--- a/fips140.cpp
+++ b/fips140.cpp
@@ -13,11 +13,11 @@ NAMESPACE_BEGIN(CryptoPP)
#endif
#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE))
-#error FIPS-140-2 compliance requires the availability of thread local storage.
+#error FIPS 140-2 compliance requires the availability of thread local storage.
#endif
#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE))
-#error FIPS-140-2 compliance requires the availability of OS provided RNG.
+#error FIPS 140-2 compliance requires the availability of OS provided RNG.
#endif
PowerUpSelfTestStatus g_powerUpSelfTestStatus = POWER_UP_SELF_TEST_NOT_DONE;
@@ -62,4 +62,18 @@ void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress)
#endif
}
+void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor)
+{
+#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
+ EncryptionPairwiseConsistencyTest(encryptor, decryptor);
+#endif
+}
+
+void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier)
+{
+#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2
+ SignaturePairwiseConsistencyTest(signer, verifier);
+#endif
+}
+
NAMESPACE_END
diff --git a/fips140.h b/fips140.h
index e7e5d4a..76353ed 100644
--- a/fips140.h
+++ b/fips140.h
@@ -2,7 +2,7 @@
#define CRYPTOPP_FIPS140_H
/*! \file
- FIPS-140 related functions and classes.
+ FIPS 140 related functions and classes.
*/
#include "cryptlib.h"
@@ -16,7 +16,7 @@ public:
explicit SelfTestFailure(const std::string &s) : Exception(OTHER_ERROR, s) {}
};
-//! returns whether FIPS-140-2 compliance features were enabled at compile time
+//! returns whether FIPS 140-2 compliance features were enabled at compile time
bool FIPS_140_2_ComplianceEnabled();
//! enum values representing status of the power-up self test
@@ -39,6 +39,9 @@ void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress);
void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier);
void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor);
+void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier);
+void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor);
+
NAMESPACE_END
#endif
diff --git a/fipstest.cpp b/fipstest.cpp
index 5699390..10368ae 100644
--- a/fipstest.cpp
+++ b/fipstest.cpp
@@ -164,7 +164,7 @@ void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_D
new PK_EncryptorFilter(
rng,
encryptor,
- new PK_DecryptorFilter(decryptor, new ChannelSwitch(comparison, "1"))));
+ new PK_DecryptorFilter(rng, decryptor, new ChannelSwitch(comparison, "1"))));
comparison.ChannelMessageSeriesEnd("0");
comparison.ChannelMessageSeriesEnd("1");
@@ -302,7 +302,7 @@ void DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleSha
"Sample #2",
"0922d3405faa3d194f82a45830737d5cc6c75d24");
- SignatureKnownAnswerTest<RSASSA<PKCS1v15, SHA> >(
+ SignatureKnownAnswerTest<RSASS<PKCS1v15, SHA> >(
"30820150020100300d06092a864886f70d01010105000482013a3082013602010002400a66791dc6988168de7ab77419bb7fb0"
"c001c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9af55d655620bbab0203010001"
"02400123c5b61ba36edb1d3679904199a89ea80c09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa"
diff --git a/gfpcrypt.cpp b/gfpcrypt.cpp
index 8d8b0bf..c27a967 100644
--- a/gfpcrypt.cpp
+++ b/gfpcrypt.cpp
@@ -63,30 +63,48 @@ bool DL_GroupParameters_DSA::ValidateGroup(RandomNumberGenerator &rng, unsigned
return pass;
}
-Integer NR_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen)
+void DL_SignatureMessageEncodingMethod_DSA::ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
{
- Integer h;
- if (digestLen*8 < modulusBits)
- h.Decode(digest, digestLen);
- else
+ assert(recoverableMessageLength == 0);
+ assert(hashIdentifier.second == 0);
+ const unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
+ const unsigned int digestSize = hash.DigestSize();
+ const unsigned int paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
+
+ memset(representative, 0, paddingLength);
+ hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
+
+ if (digestSize*8 > representativeBitLength)
{
- h.Decode(digest, BitsToBytes(modulusBits));
- h >>= BitsToBytes(modulusBits)*8 - modulusBits + 1;
+ Integer h(representative, representativeByteLength);
+ h >>= representativeByteLength*8 - representativeBitLength;
+ h.Encode(representative, representativeByteLength);
}
- return h;
}
-Integer DSA_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen)
+void DL_SignatureMessageEncodingMethod_NR::ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
{
- Integer h;
- if (digestLen*8 <= modulusBits)
- h.Decode(digest, digestLen);
- else
+ assert(recoverableMessageLength == 0);
+ assert(hashIdentifier.second == 0);
+ const unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
+ const unsigned int digestSize = hash.DigestSize();
+ const unsigned int paddingLength = SaturatingSubtract(representativeByteLength, digestSize);
+
+ memset(representative, 0, paddingLength);
+ hash.TruncatedFinal(representative+paddingLength, STDMIN(representativeByteLength, digestSize));
+
+ if (digestSize*8 >= representativeBitLength)
{
- h.Decode(digest, BitsToBytes(modulusBits));
- h >>= BitsToBytes(modulusBits)*8 - modulusBits;
+ Integer h(representative, representativeByteLength);
+ h >>= representativeByteLength*8 - representativeBitLength + 1;
+ h.Encode(representative, representativeByteLength);
}
- return h;
}
bool DL_GroupParameters_IntegerBased::ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const
diff --git a/gfpcrypt.h b/gfpcrypt.h
index 31db5a1..24c8168 100644
--- a/gfpcrypt.h
+++ b/gfpcrypt.h
@@ -149,18 +149,13 @@ class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm<T>
public:
static const char * StaticAlgorithmName() {return "DSA-1363";}
- Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) const
- {
- return DSA_EncodeDigest(modulusBits, digest, digestLen);
- }
-
- bool Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
+ void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
{
const Integer &q = params.GetSubgroupOrder();
- r = params.ConvertElementToInteger(params.ExponentiateBase(k)) % q;
+ r %= q;
Integer kInv = k.InverseMod(q);
s = (kInv * (x*r + e)) % q;
- return (!!r && !!s);
+ assert(!!r && !!s);
}
bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
@@ -189,12 +184,12 @@ public:
return NR_EncodeDigest(modulusBits, digest, digestLen);
}
- bool Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
+ void Sign(const DL_GroupParameters<T> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
{
const Integer &q = params.GetSubgroupOrder();
- r = (params.ConvertElementToInteger(params.ExponentiateBase(k)) + e) % q;
+ r = (r + e) % q;
s = (k - x*r) % q;
- return !!r;
+ assert(!!r);
}
bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
@@ -345,13 +340,21 @@ public:
//! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA-1363">DSA-1363</a>
template <class H>
-struct GDSA : public DL_SSA<DL_SignatureKeys_GFP, DL_Algorithm_GDSA<Integer>, H>
+struct GDSA : public DL_SS<
+ DL_SignatureKeys_GFP,
+ DL_Algorithm_GDSA<Integer>,
+ DL_SignatureMessageEncodingMethod_DSA,
+ H>
{
};
//! <a href="http://www.weidai.com/scan-mirror/sig.html#NR">NR</a>
template <class H>
-struct NR : public DL_SSA<DL_SignatureKeys_GFP, DL_Algorithm_NR<Integer>, H>
+struct NR : public DL_SS<
+ DL_SignatureKeys_GFP,
+ DL_Algorithm_NR<Integer>,
+ DL_SignatureMessageEncodingMethod_NR,
+ H>
{
};
@@ -376,7 +379,12 @@ struct DL_Keys_DSA
};
//! <a href="http://www.weidai.com/scan-mirror/sig.html#DSA">DSA</a>
-struct DSA : public DL_SSA<DL_Keys_DSA, DL_Algorithm_GDSA<Integer>, SHA, DSA>
+struct DSA : public DL_SS<
+ DL_Keys_DSA,
+ DL_Algorithm_GDSA<Integer>,
+ DL_SignatureMessageEncodingMethod_DSA,
+ SHA,
+ DSA>
{
static std::string StaticAlgorithmName() {return std::string("DSA");}
@@ -426,7 +434,14 @@ public:
}
xorbuf(cipherText, plainText, cipherKey, plainTextLength);
- MAC(macKey).CalculateDigest(cipherText + plainTextLength, cipherText, plainTextLength);
+ MAC mac(macKey);
+ mac.Update(cipherText, plainTextLength);
+ if (DHAES_MODE)
+ {
+ const byte L[8] = {0,0,0,0,0,0,0,0};
+ mac.Update(L, 8);
+ }
+ mac.Final(cipherText + plainTextLength);
}
DecodingResult SymmetricDecrypt(const byte *key, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const
{
@@ -443,8 +458,16 @@ public:
macKey = key + plainTextLength;
}
- if (!MAC(macKey).VerifyDigest(cipherText + plainTextLength, cipherText, plainTextLength))
+ MAC mac(macKey);
+ mac.Update(cipherText, plainTextLength);
+ if (DHAES_MODE)
+ {
+ const byte L[8] = {0,0,0,0,0,0,0,0};
+ mac.Update(L, 8);
+ }
+ if (!mac.Verify(cipherText + plainTextLength))
return DecodingResult();
+
xorbuf(plainText, cipherText, cipherKey, plainTextLength);
return DecodingResult(plainTextLength);
}
diff --git a/hex.h b/hex.h
index 9dba4dc..85cdaa8 100644
--- a/hex.h
+++ b/hex.h
@@ -9,16 +9,16 @@ NAMESPACE_BEGIN(CryptoPP)
class HexEncoder : public SimpleProxyFilter
{
public:
- HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &seperator = ":", const std::string &terminator = "")
+ HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
{
- IsolatedInitialize(MakeParameters("Uppercase", uppercase)("GroupSize", outputGroupSize)("Seperator", ConstByteArrayParameter(seperator)));
+ IsolatedInitialize(MakeParameters("Uppercase", uppercase)("GroupSize", outputGroupSize)("Separator", ConstByteArrayParameter(separator)));
}
void IsolatedInitialize(const NameValuePairs &parameters);
};
-//! Decode 16 bit data back to bytes
+//! Decode base 16 data back to bytes
class HexDecoder : public BaseN_Decoder
{
public:
diff --git a/integer.cpp b/integer.cpp
index 35312f6..2a5f19e 100644
--- a/integer.cpp
+++ b/integer.cpp
@@ -23,6 +23,16 @@
NAMESPACE_BEGIN(CryptoPP)
+bool FunctionAssignIntToInteger(const std::type_info &valueType, void *pInteger, const void *pInt)
+{
+ if (valueType != typeid(Integer))
+ return false;
+ *reinterpret_cast<Integer *>(pInteger) = *reinterpret_cast<const int *>(pInt);
+ return true;
+}
+
+static int DummyAssignIntToInteger = (AssignIntToInteger = FunctionAssignIntToInteger, 0);
+
#ifdef SSE2_INTRINSICS_AVAILABLE
template <class T>
AllocatorBase<T>::pointer AlignedAllocator<T>::allocate(size_type n, const void *)
diff --git a/iterhash.cpp b/iterhash.cpp
index 08f7626..00cc12b 100644
--- a/iterhash.cpp
+++ b/iterhash.cpp
@@ -17,13 +17,13 @@ template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte
{
HashWordType tmp = m_countLo;
if ((m_countLo = tmp + len) < tmp)
- m_countHi++; // Carry from low to high
+ m_countHi++; // carry from low to high
m_countHi += SafeRightShift<8*sizeof(HashWordType)>(len);
unsigned int blockSize = BlockSize();
- unsigned int num = (unsigned int)(tmp & (blockSize-1));
+ unsigned int num = ModPowerOf2(tmp, blockSize);
- if (num != 0)
+ if (num != 0) // process left over data
{
if ((num+len) >= blockSize)
{
@@ -41,8 +41,7 @@ template <class T, class BASE> void IteratedHashBase<T, BASE>::Update(const byte
}
}
- // we now can process the input data in blocks of blockSize
- // chars and save the leftovers to this->data.
+ // now process the input data in blocks of blockSize bytes and save the leftovers to m_data
if (len >= blockSize)
{
if (input == (byte *)m_data.begin())
diff --git a/iterhash.h b/iterhash.h
index 1ae9b15..7945cec 100644
--- a/iterhash.h
+++ b/iterhash.h
@@ -16,6 +16,7 @@ public:
IteratedHashBase(unsigned int blockSize, unsigned int digestSize);
unsigned int DigestSize() const {return m_digest.size() * sizeof(T);};
unsigned int OptimalBlockSize() const {return BlockSize();}
+ unsigned int OptimalDataAlignment() const {return sizeof(T);}
void Update(const byte *input, unsigned int length);
byte * CreateUpdateSpace(unsigned int &size);
void Restart();
diff --git a/luc.cpp b/luc.cpp
index 40da56c..8814613 100644
--- a/luc.cpp
+++ b/luc.cpp
@@ -18,12 +18,11 @@ void LUC_TestInstantiations()
InvertibleLUCFunction t3;
}
-bool DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
+void DL_Algorithm_LUC_HMP::Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const
{
const Integer &q = params.GetSubgroupOrder();
r = params.ExponentiateBase(k);
s = (k + x*(r+e)) % q;
- return true;
}
bool DL_Algorithm_LUC_HMP::Verify(const DL_GroupParameters<Integer> &params, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const
@@ -165,8 +164,9 @@ void InvertibleLUCFunction::DEREncode(BufferedTransformation &bt) const
seq.MessageEnd();
}
-Integer InvertibleLUCFunction::CalculateInverse(const Integer &x) const
+Integer InvertibleLUCFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
{
+ // not clear how to do blinding with LUC
DoQuickSanityCheck();
return InverseLucas(m_e, x, m_q, m_p, m_u);
}
diff --git a/luc.h b/luc.h
index 34e76ce..e88d025 100644
--- a/luc.h
+++ b/luc.h
@@ -13,7 +13,12 @@
NAMESPACE_BEGIN(CryptoPP)
-//! .
+//! The LUC function.
+/*! This class is here for historical and pedagogical interest. It has no
+ practical advantages over other trapdoor functions and probably shouldn't
+ be used in production software. The discrete log based LUC schemes
+ defined later in this .h file may be of more practical interest.
+*/
class LUCFunction : public TrapdoorFunction, public PublicKey
{
typedef LUCFunction ThisClass;
@@ -57,7 +62,7 @@ public:
void BERDecode(BufferedTransformation &bt);
void DEREncode(BufferedTransformation &bt) const;
- Integer CalculateInverse(const Integer &x) const;
+ Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const;
bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
@@ -92,8 +97,8 @@ struct LUCES : public TF_ES<STANDARD, LUC>
};
//! LUC signature scheme with appendix
-template <class H, class STANDARD = PKCS1v15>
-struct LUCSSA : public TF_SSA<STANDARD, H, LUC>
+template <class STANDARD, class H>
+struct LUCSS : public TF_SS<STANDARD, H, LUC>
{
};
@@ -101,8 +106,8 @@ struct LUCSSA : public TF_SSA<STANDARD, H, LUC>
typedef LUCES<OAEP<SHA> >::Decryptor LUCES_OAEP_SHA_Decryptor;
typedef LUCES<OAEP<SHA> >::Encryptor LUCES_OAEP_SHA_Encryptor;
-typedef LUCSSA<SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer;
-typedef LUCSSA<SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier;
+typedef LUCSS<PKCS1v15, SHA>::Signer LUCSSA_PKCS1v15_SHA_Signer;
+typedef LUCSS<PKCS1v15, SHA>::Verifier LUCSSA_PKCS1v15_SHA_Verifier;
// ********************************************************
@@ -179,10 +184,7 @@ class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm<Integer>
public:
static const char * StaticAlgorithmName() {return "LUC-HMP";}
- Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen) const
- {return DSA_EncodeDigest(modulusBits, digest, digestLen);}
-
- bool Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const;
+ void Sign(const DL_GroupParameters<Integer> &params, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const;
bool Verify(const DL_GroupParameters<Integer> &params, const DL_PublicKey<Integer> &publicKey, const Integer &e, const Integer &r, const Integer &s) const;
unsigned int RLen(const DL_GroupParameters<Integer> &params) const
@@ -199,7 +201,7 @@ struct DL_SignatureKeys_LUC
//! LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen
template <class H>
-struct LUC_HMP : public DL_SSA<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, H>
+struct LUC_HMP : public DL_SS<DL_SignatureKeys_LUC, DL_Algorithm_LUC_HMP, DL_SignatureMessageEncodingMethod_DSA, H>
{
};
diff --git a/oaep.cpp b/oaep.cpp
index 9391f5b..8913631 100644
--- a/oaep.cpp
+++ b/oaep.cpp
@@ -56,8 +56,10 @@ void OAEP<H,MGF,P,PLen>::Pad(RandomNumberGenerator &rng, const byte *input, unsi
memcpy(maskedDB+dbLen-inputLength, input, inputLength);
rng.GenerateBlock(maskedSeed, seedLen);
- MGF::GenerateAndMask(maskedDB, dbLen, maskedSeed, seedLen);
- MGF::GenerateAndMask(maskedSeed, seedLen, maskedDB, dbLen);
+ H h;
+ MGF mgf;
+ mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen);
+ mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen);
}
template <class H, class MGF, byte *P, unsigned int PLen>
@@ -82,8 +84,10 @@ DecodingResult OAEP<H,MGF,P,PLen>::Unpad(const byte *oaepBlock, unsigned int oae
byte *const maskedSeed = t;
byte *const maskedDB = t+seedLen;
- MGF::GenerateAndMask(maskedSeed, seedLen, maskedDB, dbLen);
- MGF::GenerateAndMask(maskedDB, dbLen, maskedSeed, seedLen);
+ H h;
+ MGF mgf;
+ mgf.GenerateAndMask(h, maskedSeed, seedLen, maskedDB, dbLen);
+ mgf.GenerateAndMask(h, maskedDB, dbLen, maskedSeed, seedLen);
// DB = pHash' || 00 ... || 01 || M
diff --git a/oaep.h b/oaep.h
index 96baaa1..c242698 100644
--- a/oaep.h
+++ b/oaep.h
@@ -8,12 +8,12 @@ NAMESPACE_BEGIN(CryptoPP)
extern byte OAEP_P_DEFAULT[]; // defined in misc.cpp
/// <a href="http://www.weidai.com/scan-mirror/ca.html#cem_OAEP-MGF1">EME-OAEP</a>, for use with RSAES
-template <class H, class MGF=P1363_MGF1<H>, byte *P=OAEP_P_DEFAULT, unsigned int PLen=0>
-class OAEP : public PK_PaddingAlgorithm, public EncryptionStandard
+template <class H, class MGF=P1363_MGF1, byte *P=OAEP_P_DEFAULT, unsigned int PLen=0>
+class OAEP : public PK_EncryptionMessageEncodingMethod, public EncryptionStandard
{
public:
- static std::string StaticAlgorithmName() {return "OAEP-" + MGF::StaticAlgorithmName();}
- typedef OAEP<H, MGF, P, PLen> EncryptionPaddingAlgorithm;
+ static std::string StaticAlgorithmName() {return std::string("OAEP-") + MGF::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";}
+ typedef OAEP<H, MGF, P, PLen> EncryptionMessageEncodingMethod;
unsigned int MaxUnpaddedLength(unsigned int paddedLength) const;
void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const;
diff --git a/osrng.h b/osrng.h
index c5814a5..902b2ee 100644
--- a/osrng.h
+++ b/osrng.h
@@ -113,13 +113,11 @@ void AutoSeededX917RNG<BLOCK_CIPHER>::Reseed(const byte *key, unsigned int keyle
{
m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, keylength), seed, timeVector));
- if (FIPS_140_2_ComplianceEnabled())
- {
- m_lastBlock.resize(16);
- m_rng->GenerateBlock(m_lastBlock, m_lastBlock.size());
- m_counter = 0;
- m_isDifferent = false;
- }
+ // for FIPS 140-2
+ m_lastBlock.resize(16);
+ m_rng->GenerateBlock(m_lastBlock, m_lastBlock.size());
+ m_counter = 0;
+ m_isDifferent = false;
}
template <class BLOCK_CIPHER>
@@ -142,18 +140,16 @@ byte AutoSeededX917RNG<BLOCK_CIPHER>::GenerateByte()
{
byte b = m_rng->GenerateByte();
- if (FIPS_140_2_ComplianceEnabled())
+ // for FIPS 140-2
+ m_isDifferent = m_isDifferent || b != m_lastBlock[m_counter];
+ m_lastBlock[m_counter] = b;
+ ++m_counter;
+ if (m_counter == m_lastBlock.size())
{
- m_isDifferent = m_isDifferent || b != m_lastBlock[m_counter];
- m_lastBlock[m_counter] = b;
- ++m_counter;
- if (m_counter == m_lastBlock.size())
- {
- if (!m_isDifferent)
- throw SelfTestFailure("AutoSeededX917RNG: Continuous random number generator test failed.");
- m_counter = 0;
- m_isDifferent = false;
- }
+ if (!m_isDifferent)
+ throw SelfTestFailure("AutoSeededX917RNG: Continuous random number generator test failed.");
+ m_counter = 0;
+ m_isDifferent = false;
}
return b;
diff --git a/pkcspad.cpp b/pkcspad.cpp
index e94a1fd..e04ac9d 100644
--- a/pkcspad.cpp
+++ b/pkcspad.cpp
@@ -18,6 +18,9 @@ template<> const unsigned int PKCS_DigestDecoration<MD5>::length = sizeof(PKCS_D
template<> const byte PKCS_DigestDecoration<RIPEMD160>::decoration[] = {0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x24,0x03,0x02,0x01,0x05,0x00,0x04,0x14};
template<> const unsigned int PKCS_DigestDecoration<RIPEMD160>::length = sizeof(PKCS_DigestDecoration<RIPEMD160>::decoration);
+template<> const byte PKCS_DigestDecoration<Tiger>::decoration[] = {0x30,0x29,0x30,0x0D,0x06,0x09,0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0C,0x02,0x05,0x00,0x04,0x18};
+template<> const unsigned int PKCS_DigestDecoration<Tiger>::length = sizeof(PKCS_DigestDecoration<Tiger>::decoration);
+
template<> const byte PKCS_DigestDecoration<SHA256>::decoration[] = {0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,0x00,0x04,0x20};
template<> const unsigned int PKCS_DigestDecoration<SHA256>::length = sizeof(PKCS_DigestDecoration<SHA256>::decoration);
@@ -27,11 +30,9 @@ template<> const unsigned int PKCS_DigestDecoration<SHA384>::length = sizeof(PKC
template<> const byte PKCS_DigestDecoration<SHA512>::decoration[] = {0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,0x00,0x04,0x40};
template<> const unsigned int PKCS_DigestDecoration<SHA512>::length = sizeof(PKCS_DigestDecoration<SHA512>::decoration);
-
-
unsigned int PKCS_EncryptionPaddingScheme::MaxUnpaddedLength(unsigned int paddedLength) const
{
- return paddedLength/8 > 10 ? paddedLength/8-10 : 0;
+ return SaturatingSubtract(paddedLength/8, 10U);
}
void PKCS_EncryptionPaddingScheme::Pad(RandomNumberGenerator &rng, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen) const
@@ -72,7 +73,7 @@ DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, unsign
// Require block type 2.
invalid = (pkcsBlock[0] != 2) || invalid;
- // skip past the padding until we find the seperator
+ // skip past the padding until we find the separator
unsigned i=1;
while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
}
@@ -90,62 +91,36 @@ DecodingResult PKCS_EncryptionPaddingScheme::Unpad(const byte *pkcsBlock, unsign
// ********************************************************
-unsigned int PKCS_SignaturePaddingScheme::MaxUnpaddedLength(unsigned int paddedLength) const
-{
- return paddedLength/8 > 10 ? paddedLength/8-10 : 0;
-}
-
-void PKCS_SignaturePaddingScheme::Pad(RandomNumberGenerator &, const byte *input, unsigned int inputLen, byte *pkcsBlock, unsigned int pkcsBlockLen) const
-{
- assert (inputLen <= MaxUnpaddedLength(pkcsBlockLen)); // this should be checked by caller
-
- // convert from bit length to byte length
- if (pkcsBlockLen % 8 != 0)
- {
- pkcsBlock[0] = 0;
- pkcsBlock++;
- }
- pkcsBlockLen /= 8;
-
- pkcsBlock[0] = 1; // block type 1
-
- // padd with 0xff
- memset(pkcsBlock+1, 0xff, pkcsBlockLen-inputLen-2);
-
- pkcsBlock[pkcsBlockLen-inputLen-1] = 0; // separator
- memcpy(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
-}
-
-DecodingResult PKCS_SignaturePaddingScheme::Unpad(const byte *pkcsBlock, unsigned int pkcsBlockLen, byte *output) const
+void PKCS1v15_SignatureMessageEncodingMethod::ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
{
- unsigned int maxOutputLen = MaxUnpaddedLength(pkcsBlockLen);
+ unsigned int digestSize = hash.DigestSize();
+ if (digestSize + hashIdentifier.second + 10 > representativeBitLength/8)
+ throw PK_Signer::KeyTooShort();
+ unsigned int pkcsBlockLen = representativeBitLength;
// convert from bit length to byte length
if (pkcsBlockLen % 8 != 0)
{
- if (pkcsBlock[0] != 0)
- return DecodingResult();
- pkcsBlock++;
+ representative[0] = 0;
+ representative++;
}
pkcsBlockLen /= 8;
- // Require block type 1.
- if (pkcsBlock[0] != 1)
- return DecodingResult();
-
- // skip past the padding until we find the seperator
- unsigned i=1;
- while (i<pkcsBlockLen && pkcsBlock[i++])
- if (pkcsBlock[i-1] != 0xff) // not valid padding
- return DecodingResult();
- assert(i==pkcsBlockLen || pkcsBlock[i-1]==0);
+ representative[0] = 1; // block type 1
- unsigned int outputLen = pkcsBlockLen - i;
- if (outputLen > maxOutputLen)
- return DecodingResult();
+ byte *pPadding = representative + 1;
+ byte *pDigest = representative + pkcsBlockLen - digestSize;
+ byte *pHashId = pDigest - hashIdentifier.second;
+ byte *pSeparator = pHashId - 1;
- memcpy (output, pkcsBlock+i, outputLen);
- return DecodingResult(outputLen);
+ // pad with 0xff
+ memset(pPadding, 0xff, pSeparator-pPadding);
+ *pSeparator = 0;
+ memcpy(pHashId, hashIdentifier.first, hashIdentifier.second);
+ hash.Final(pDigest);
}
NAMESPACE_END
diff --git a/pkcspad.h b/pkcspad.h
index 347bd95..2e14a5e 100644
--- a/pkcspad.h
+++ b/pkcspad.h
@@ -6,8 +6,8 @@
NAMESPACE_BEGIN(CryptoPP)
-/// <a href="http://www.weidai.com/scan-mirror/ca.html#cem_PKCS1-1.5">EME-PKCS1-v1_5</a>
-class PKCS_EncryptionPaddingScheme : public PK_PaddingAlgorithm
+//! <a href="http://www.weidai.com/scan-mirror/ca.html#cem_PKCS1-1.5">EME-PKCS1-v1_5</a>
+class PKCS_EncryptionPaddingScheme : public PK_EncryptionMessageEncodingMethod
{
public:
static const char * StaticAlgorithmName() {return "EME-PKCS1-v1_5";}
@@ -17,50 +17,41 @@ public:
DecodingResult Unpad(const byte *padded, unsigned int paddedLength, byte *raw) const;
};
-/// <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a>
-class PKCS_SignaturePaddingScheme : public PK_PaddingAlgorithm
+template <class H> struct PKCS_DigestDecoration
{
-public:
- static const char * StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";}
-
- unsigned int MaxUnpaddedLength(unsigned int paddedLength) const;
- void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const;
- DecodingResult Unpad(const byte *padded, unsigned int paddedLength, byte *raw) const;
+ static const byte decoration[];
+ static const unsigned int length;
};
-/// <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a>
-template <class H>
-class PKCS_DecoratedHashModule : public HashTransformationWithDefaultTruncation
+//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PKCS1-1.5">EMSA-PKCS1-v1_5</a>
+class PKCS1v15_SignatureMessageEncodingMethod : public PK_DeterministicSignatureMessageEncodingMethod
{
public:
- static std::string StaticAlgorithmName() {return std::string("EMSA-PKCS1-v1_5(") + H::StaticAlgorithmName() + ")";}
-
- void Update(const byte *input, unsigned int length)
- {h.Update(input, length);}
- unsigned int DigestSize() const;
- void Final(byte *digest);
- void Restart() {h.Restart();}
+ static const char * StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";}
-private:
- H h;
+ void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
+
+ struct HashIdentifierLookup
+ {
+ template <class H> struct HashIdentifierLookup2
+ {
+ static HashIdentifier Lookup()
+ {
+ return HashIdentifier(PKCS_DigestDecoration<H>::decoration, PKCS_DigestDecoration<H>::length);
+ }
+ };
+ };
};
-//! PKCS #1 version 1.5, for use with RSAES and RSASSA
+//! PKCS #1 version 1.5, for use with RSAES and RSASS
/*! The following hash functions are supported for signature: SHA, MD2, MD5, RIPEMD160, SHA256, SHA384, SHA512. */
struct PKCS1v15 : public SignatureStandard, public EncryptionStandard
{
- typedef PKCS_EncryptionPaddingScheme EncryptionPaddingAlgorithm;
-
- template <class H> struct SignaturePaddingAlgorithm {typedef PKCS_SignaturePaddingScheme type;};
- template <class H> struct DecoratedHashingAlgorithm {typedef PKCS_DecoratedHashModule<H> type;};
-};
-
-template<> struct CryptoStandardTraits<PKCS1v15> : public PKCS1v15 {};
-
-template <class H> struct PKCS_DigestDecoration
-{
- static const byte decoration[];
- static const unsigned int length;
+ typedef PKCS_EncryptionPaddingScheme EncryptionMessageEncodingMethod;
+ typedef PKCS1v15_SignatureMessageEncodingMethod SignatureMessageEncodingMethod;
};
// PKCS_DecoratedHashModule can be instantiated with the following
@@ -69,24 +60,11 @@ class SHA;
class MD2;
class MD5;
class RIPEMD160;
+class Tiger;
class SHA256;
class SHA384;
class SHA512;
-template <class H>
-void PKCS_DecoratedHashModule<H>::Final(byte *digest)
-{
- const unsigned int decorationLen = PKCS_DigestDecoration<H>::length;
- memcpy(digest, PKCS_DigestDecoration<H>::decoration, decorationLen);
- h.Final(digest+decorationLen);
-}
-
-template <class H>
-unsigned int PKCS_DecoratedHashModule<H>::DigestSize() const
-{
- return h.DigestSize() + PKCS_DigestDecoration<H>::length; // PKCS_DigestDecoration<H>::length;
-}
-
NAMESPACE_END
#endif
diff --git a/polynomi.cpp b/polynomi.cpp
index 168fff8..5607caf 100644
--- a/polynomi.cpp
+++ b/polynomi.cpp
@@ -473,7 +473,7 @@ void RingOfPolynomialsOver<T>::CalculateAlpha(std::vector<CoefficientType> &alph
}
template <class T>
-RingOfPolynomialsOver<T>::Element RingOfPolynomialsOver<T>::Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const
+typename RingOfPolynomialsOver<T>::Element RingOfPolynomialsOver<T>::Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const
{
assert(n > 0);
diff --git a/polynomi.h b/polynomi.h
index 3a327e5..ce4295e 100644
--- a/polynomi.h
+++ b/polynomi.h
@@ -164,8 +164,8 @@ template <class T, int instance> class PolynomialOverFixedRing : private Polynom
public:
typedef T Ring;
typedef typename T::Element CoefficientType;
- typedef B::DivideByZero DivideByZero;
- typedef B::RandomizationParameter RandomizationParameter;
+ typedef typename B::DivideByZero DivideByZero;
+ typedef typename B::RandomizationParameter RandomizationParameter;
//! \name CREATORS
//@{
@@ -304,8 +304,8 @@ template <class T> class RingOfPolynomialsOver : public AbstractEuclideanDomain<
public:
typedef T CoefficientRing;
typedef PolynomialOver<T> Element;
- typedef Element::CoefficientType CoefficientType;
- typedef Element::RandomizationParameter RandomizationParameter;
+ typedef typename Element::CoefficientType CoefficientType;
+ typedef typename Element::RandomizationParameter RandomizationParameter;
RingOfPolynomialsOver(const CoefficientRing &ring) : m_ring(ring) {}
diff --git a/pssr.cpp b/pssr.cpp
new file mode 100644
index 0000000..020cb98
--- /dev/null
+++ b/pssr.cpp
@@ -0,0 +1,126 @@
+// pssr.cpp - written and placed in the public domain by Wei Dai
+
+#include "pch.h"
+#include "pssr.h"
+
+NAMESPACE_BEGIN(CryptoPP)
+
+template<> const byte EMSA2HashId<SHA>::id = 0x33;
+template<> const byte EMSA2HashId<RIPEMD160>::id = 0x31;
+
+unsigned int PSSR_MEM_Base::MaxRecoverableLength(unsigned int representativeBitLength, unsigned int hashIdentifierLength, unsigned int digestLength) const
+{
+ if (AllowRecovery())
+ {
+ unsigned int saltLen = SaltLen(digestLength);
+ unsigned int minPadLen = MinPadLen(digestLength);
+ return SaturatingSubtract(representativeBitLength, 8*(minPadLen + saltLen + digestLength + hashIdentifierLength) + 9) / 8;
+ }
+ return 0;
+}
+
+bool PSSR_MEM_Base::IsProbabilistic() const
+{
+ return SaltLen(1) > 0;
+}
+
+bool PSSR_MEM_Base::AllowNonrecoverablePart() const
+{
+ return true;
+}
+
+bool PSSR_MEM_Base::RecoverablePartFirst() const
+{
+ return false;
+}
+
+void PSSR_MEM_Base::ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
+{
+ const unsigned int u = hashIdentifier.second + 1;
+ const unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
+ const unsigned int digestSize = hash.DigestSize();
+ const unsigned int saltSize = SaltLen(digestSize);
+ byte *const h = representative + representativeByteLength - u - digestSize;
+
+ SecByteBlock digest(digestSize), salt(saltSize);
+ hash.Final(digest);
+ rng.GenerateBlock(salt, saltSize);
+
+ // compute H = hash of M'
+ byte c[8];
+ UnalignedPutWord(BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
+ UnalignedPutWord(BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
+ hash.Update(c, 8);
+ hash.Update(recoverableMessage, recoverableMessageLength);
+ hash.Update(digest, digestSize);
+ hash.Update(salt, saltSize);
+ hash.Final(h);
+
+ // compute representative
+ GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize, false);
+ byte *xorStart = representative + representativeByteLength - u - digestSize - salt.size() - recoverableMessageLength - 1;
+ xorStart[0] ^= 1;
+ xorbuf(xorStart + 1, recoverableMessage, recoverableMessageLength);
+ xorbuf(xorStart + 1 + recoverableMessageLength, salt, salt.size());
+ memcpy(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second);
+ representative[representativeByteLength - 1] = hashIdentifier.second ? 0xcc : 0xbc;
+ if (representativeBitLength % 8 != 0)
+ representative[0] = Crop(representative[0], representativeBitLength % 8);
+}
+
+DecodingResult PSSR_MEM_Base::RecoverMessageFromRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength,
+ byte *recoverableMessage) const
+{
+ const unsigned int u = hashIdentifier.second + 1;
+ const unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
+ const unsigned int digestSize = hash.DigestSize();
+ const unsigned int saltSize = SaltLen(digestSize);
+ const byte *const h = representative + representativeByteLength - u - digestSize;
+
+ SecByteBlock digest(digestSize);
+ hash.Final(digest);
+
+ DecodingResult result(0);
+ bool &valid = result.isValidCoding;
+ unsigned int &recoverableMessageLength = result.messageLength;
+
+ valid = (representative[representativeByteLength - 1] == (hashIdentifier.second ? 0xcc : 0xbc)) && valid;
+ valid = (memcmp(representative + representativeByteLength - u, hashIdentifier.first, hashIdentifier.second) == 0) && valid;
+
+ GetMGF().GenerateAndMask(hash, representative, representativeByteLength - u - digestSize, h, digestSize);
+ if (representativeBitLength % 8 != 0)
+ representative[0] = Crop(representative[0], representativeBitLength % 8);
+
+ // extract salt and recoverableMessage from DB = 00 ... || 01 || M || salt
+ byte *salt = representative + representativeByteLength - u - digestSize - saltSize;
+ byte *M = std::find_if(representative, salt-1, std::bind2nd(std::not_equal_to<byte>(), 0));
+ if (*M == 0x01 && M - representative - (representativeBitLength % 8 != 0) >= MinPadLen(digestSize))
+ {
+ recoverableMessageLength = salt-M-1;
+ memcpy(recoverableMessage, M+1, recoverableMessageLength);
+ }
+ else
+ valid = false;
+
+ // verify H = hash of M'
+ byte c[8];
+ UnalignedPutWord(BIG_ENDIAN_ORDER, c, (word32)SafeRightShift<29>(recoverableMessageLength));
+ UnalignedPutWord(BIG_ENDIAN_ORDER, c+4, word32(recoverableMessageLength << 3));
+ hash.Update(c, 8);
+ hash.Update(recoverableMessage, recoverableMessageLength);
+ hash.Update(digest, digestSize);
+ hash.Update(salt, saltSize);
+ valid = hash.Verify(h) && valid;
+
+ if (!AllowRecovery() && valid && recoverableMessageLength != 0)
+ {throw NotImplemented("PSSR_MEM: message recovery disabled");}
+
+ return result;
+}
+
+NAMESPACE_END
diff --git a/pssr.h b/pssr.h
index a17b56b..4ba2950 100644
--- a/pssr.h
+++ b/pssr.h
@@ -6,163 +6,80 @@
NAMESPACE_BEGIN(CryptoPP)
-// TODO: implement standard variant of PSSR
-template <class H, class MGF=P1363_MGF1<H> >
-class PSSR : public SignatureEncodingMethodWithRecovery
+class PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod
{
-public:
- PSSR(unsigned int representativeBitLen);
- PSSR(const byte *representative, unsigned int representativeBitLen);
- ~PSSR() {}
- void Update(const byte *input, unsigned int length);
- unsigned int DigestSize() const {return BitsToBytes(representativeBitLen);}
- void Restart() {h.Restart();}
- void Encode(RandomNumberGenerator &rng, byte *representative);
- bool Verify(const byte *representative);
- DecodingResult Decode(byte *message);
- unsigned int MaximumRecoverableLength() const {return MaximumRecoverableLength(representativeBitLen);}
- static unsigned int MaximumRecoverableLength(unsigned int representativeBitLen);
- static bool AllowLeftoverMessage() {return true;}
-
-protected:
- static void EncodeRepresentative(byte *representative, unsigned int representativeBitLen, const byte *w, const byte *seed, const byte *m1, unsigned int m1Len);
- static unsigned int DecodeRepresentative(const byte *representative, unsigned int representativeBitLen, byte *w, byte *seed, byte *m1);
+ virtual bool AllowRecovery() const =0;
+ virtual unsigned int SaltLen(unsigned int hashLen) const =0;
+ virtual unsigned int MinPadLen(unsigned int hashLen) const =0;
+ virtual const MaskGeneratingFunction & GetMGF() const =0;
- unsigned int representativeBitLen, m1Len;
- H h;
- SecByteBlock m1, w, seed;
+public:
+ unsigned int MaxRecoverableLength(unsigned int representativeBitLength, unsigned int hashIdentifierLength, unsigned int digestLength) const;
+ bool IsProbabilistic() const;
+ bool AllowNonrecoverablePart() const;
+ bool RecoverablePartFirst() const;
+ void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
+ DecodingResult RecoverMessageFromRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength,
+ byte *recoverableMessage) const;
};
-template <class H, class MGF>
-PSSR<H,MGF>::PSSR(unsigned int representativeBitLen)
- : representativeBitLen(representativeBitLen), m1Len(0)
- , m1(MaximumRecoverableLength()), w(H::DIGESTSIZE), seed(H::DIGESTSIZE)
-{
-}
-
-template <class H, class MGF>
-PSSR<H,MGF>::PSSR(const byte *representative, unsigned int representativeBitLen)
- : representativeBitLen(representativeBitLen), m1Len(0)
- , m1(MaximumRecoverableLength()), w(H::DIGESTSIZE), seed(H::DIGESTSIZE)
-{
- m1Len = DecodeRepresentative(representative, representativeBitLen, w, seed, m1);
- h.Update(m1, m1Len);
-}
-
-template <class H, class MGF>
-void PSSR<H,MGF>::Update(const byte *input, unsigned int length)
+template <class H> struct EMSA2HashId
{
- unsigned int m1LenInc = STDMIN(length, MaximumRecoverableLength() - m1Len);
- memcpy(m1+m1Len, input, m1LenInc);
- m1Len += m1LenInc;
- h.Update(input, length);
-}
-
-template <class H, class MGF>
-void PSSR<H,MGF>::Encode(RandomNumberGenerator &rng, byte *representative)
-{
- rng.GenerateBlock(seed, seed.size());
- h.Update(seed, seed.size());
- h.Final(w);
- EncodeRepresentative(representative, representativeBitLen, w, seed, m1, m1Len);
-}
+ static const byte id;
+};
-template <class H, class MGF>
-bool PSSR<H,MGF>::Verify(const byte *representative)
-{
- SecByteBlock m1r(MaximumRecoverableLength()), wr(H::DIGESTSIZE);
- unsigned int m1rLen = DecodeRepresentative(representative, representativeBitLen, wr, seed, m1r);
- h.Update(seed, seed.size());
- h.Final(w);
- return m1Len==m1rLen && memcmp(m1, m1r, m1Len)==0 && w==wr;
-}
+// EMSA2HashId can be instantiated with the following two classes.
+class SHA;
+class RIPEMD160;
-template <class H, class MGF>
-DecodingResult PSSR<H,MGF>::Decode(byte *message)
+template <class BASE>
+class EMSA2HashIdLookup : public BASE
{
- SecByteBlock wh(H::DIGESTSIZE);
- h.Update(seed, seed.size());
- h.Final(wh);
- if (wh == w)
+public:
+ struct HashIdentifierLookup
{
- memcpy(message, m1, m1Len);
- return DecodingResult(m1Len);
- }
- else
- return DecodingResult();
-}
+ template <class H> struct HashIdentifierLookup2
+ {
+ static HashIdentifier Lookup()
+ {
+ return HashIdentifier(&EMSA2HashId<H>::id, 1);
+ }
+ };
+ };
+};
-template <class H, class MGF>
-unsigned int PSSR<H,MGF>::MaximumRecoverableLength(unsigned int paddedLength)
-{
- return paddedLength/8 > 1+2*H::DIGESTSIZE ? paddedLength/8-1-2*H::DIGESTSIZE : 0;
-}
+template <bool USE_HASH_ID> class PSSR_MEM_BaseWithHashId;
+template<> class PSSR_MEM_BaseWithHashId<true> : public EMSA2HashIdLookup<PSSR_MEM_Base> {};
+template<> class PSSR_MEM_BaseWithHashId<false> : public PSSR_MEM_Base {};
-template <class H, class MGF>
-void PSSR<H,MGF>::EncodeRepresentative(byte *pssrBlock, unsigned int pssrBlockLen, const byte *w, const byte *seed, const byte *m1, unsigned int m1Len)
+template <bool ALLOW_RECOVERY, class MGF=P1363_MGF1, int SALT_LEN=-1, int MIN_PAD_LEN=0, bool USE_HASH_ID=false>
+class PSSR_MEM : public PSSR_MEM_BaseWithHashId<USE_HASH_ID>
{
- assert (m1Len <= MaximumRecoverableLength(pssrBlockLen));
-
- // convert from bit length to byte length
- if (pssrBlockLen % 8 != 0)
- {
- pssrBlock[0] = 0;
- pssrBlock++;
- }
- pssrBlockLen /= 8;
-
- const unsigned int hLen = H::DIGESTSIZE;
- const unsigned int wLen = hLen, seedLen = hLen, dbLen = pssrBlockLen-wLen-seedLen;
- byte *const maskedSeed = pssrBlock+wLen;
- byte *const maskedDB = pssrBlock+wLen+seedLen;
+ virtual bool AllowRecovery() const {return ALLOW_RECOVERY;}
+ virtual unsigned int SaltLen(unsigned int hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;}
+ virtual unsigned int MinPadLen(unsigned int hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;}
+ virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;}
- memcpy(pssrBlock, w, wLen);
- memcpy(maskedSeed, seed, seedLen);
- memset(maskedDB, 0, dbLen-m1Len-1);
- maskedDB[dbLen-m1Len-1] = 0x01;
- memcpy(maskedDB+dbLen-m1Len, m1, m1Len);
-
- MGF::GenerateAndMask(maskedSeed, seedLen+dbLen, w, wLen);
-}
+public:
+ static std::string StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();}
+};
-template <class H, class MGF>
-unsigned int PSSR<H,MGF>::DecodeRepresentative(const byte *pssrBlock, unsigned int pssrBlockLen, byte *w, byte *seed, byte *m1)
+//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSSR-MGF1">PSSR-MGF1</a>
+struct PSSR : public SignatureStandard
{
- // convert from bit length to byte length
- if (pssrBlockLen % 8 != 0)
- {
- if (pssrBlock[0] != 0)
- return 0;
- pssrBlock++;
- }
- pssrBlockLen /= 8;
-
- const unsigned int hLen = H::DIGESTSIZE;
- const unsigned int wLen = hLen, seedLen = hLen, dbLen = pssrBlockLen-wLen-seedLen;
-
- if (pssrBlockLen < 2*hLen+1)
- return 0;
-
- memcpy(w, pssrBlock, wLen);
- SecByteBlock t(pssrBlock+wLen, pssrBlockLen-wLen);
- byte *const maskedSeed = t;
- byte *const maskedDB = t+seedLen;
-
- MGF::GenerateAndMask(maskedSeed, seedLen+dbLen, w, wLen);
- memcpy(seed, maskedSeed, seedLen);
-
- // DB = 00 ... || 01 || M
+ typedef PSSR_MEM<true> SignatureMessageEncodingMethod;
+};
- byte *M = std::find_if(maskedDB, maskedDB+dbLen, std::bind2nd(std::not_equal_to<byte>(), 0));
- if (M!=maskedDB+dbLen && *M == 0x01)
- {
- M++;
- memcpy(m1, M, maskedDB+dbLen-M);
- return maskedDB+dbLen-M;
- }
- else
- return 0;
-}
+//! <a href="http://www.weidai.com/scan-mirror/sig.html#sem_PSS-MGF1">PSS-MGF1</a>
+struct PSS : public SignatureStandard
+{
+ typedef PSSR_MEM<false> SignatureMessageEncodingMethod;
+};
NAMESPACE_END
diff --git a/pubkey.cpp b/pubkey.cpp
index 94dc271..0002589 100644
--- a/pubkey.cpp
+++ b/pubkey.cpp
@@ -5,44 +5,108 @@
NAMESPACE_BEGIN(CryptoPP)
-void TF_DigestSignerBase::SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLen, byte *signature) const
+void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart)
{
- assert(digestLen <= MaxDigestLength());
+ ArraySink *sink;
+ HashFilter filter(hash, sink = mask ? new ArrayXorSink(output, outputLength) : new ArraySink(output, outputLength));
+ word32 counter = counterStart;
+ while (sink->AvailableSize() > 0)
+ {
+ filter.Put(input, inputLength);
+ filter.PutWord32(counter++);
+ filter.MessageEnd();
+ }
+}
- SecByteBlock paddedBlock(PaddedBlockByteLength());
- GetPaddingAlgorithm().Pad(rng, digest, digestLen, paddedBlock, PaddedBlockBitLength());
- GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, Integer(paddedBlock, paddedBlock.size())).Encode(signature, DigestSignatureLength());
+bool PK_DeterministicSignatureMessageEncodingMethod::VerifyMessageRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
+{
+ SecByteBlock computedRepresentative(BitsToBytes(representativeBitLength));
+ ComputeMessageRepresentative(NullRNG(), NULL, 0, hash, hashIdentifier, messageEmpty, computedRepresentative, representativeBitLength);
+ return memcmp(representative, computedRepresentative, computedRepresentative.size()) == 0;
}
-bool TF_DigestVerifierBase::VerifyDigest(const byte *digest, unsigned int digestLen, const byte *signature) const
+bool PK_RecoverableSignatureMessageEncodingMethod::VerifyMessageRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
{
- SecByteBlock paddedBlock(PaddedBlockByteLength());
- Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, DigestSignatureLength()));
- if (x.ByteCount() > paddedBlock.size())
+ SecByteBlock recoveredMessage(MaxRecoverableLength(representativeBitLength, hashIdentifier.second, hash.DigestSize()));
+ DecodingResult result = RecoverMessageFromRepresentative(
+ hash, hashIdentifier, messageEmpty, representative, representativeBitLength, recoveredMessage);
+ return result.isValidCoding && result.messageLength == 0;
+}
+
+void TF_SignerBase::InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const
+{
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ const MessageEncodingInterface &mei = GetMessageEncodingInterface();
+ unsigned int maxRecoverableLength = mei.MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, ma.AccessHash().DigestSize());
+
+ if (maxRecoverableLength == 0)
+ {throw NotImplemented("TF_SignerBase: this algorithm does not support messsage recovery or the key is too short");}
+ if (recoverableMessageLength > maxRecoverableLength)
+ throw InvalidArgument("TF_SignerBase: the recoverable message part is too long for the given key and algorithm");
+
+ ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength);
+ mei.ProcessRecoverableMessage(
+ ma.AccessHash(),
+ recoverableMessage, recoverableMessageLength,
+ NULL, 0, ma.m_semisignature);
+}
+
+unsigned int TF_SignerBase::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
+{
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ SecByteBlock representative(MessageRepresentativeLength());
+ GetMessageEncodingInterface().ComputeMessageRepresentative(rng,
+ ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
+ ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
+ representative, MessageRepresentativeBitLength());
+ ma.m_empty = true;
+
+ Integer r(representative, representative.size());
+ unsigned int signatureLength = SignatureLength();
+ GetTrapdoorFunctionInterface().CalculateRandomizedInverse(rng, r).Encode(signature, signatureLength);
+ return signatureLength;
+}
+
+void TF_VerifierBase::InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const
+{
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ ma.m_representative.New(MessageRepresentativeLength());
+ Integer x = GetTrapdoorFunctionInterface().ApplyFunction(Integer(signature, signatureLength));
+ if (x.BitCount() > MessageRepresentativeBitLength())
x = Integer::Zero(); // don't return false here to prevent timing attack
- x.Encode(paddedBlock, paddedBlock.size());
- if (GetPaddingAlgorithm().IsReversible())
- {
- SecByteBlock recoveredDigest(MaxDigestLength());
- DecodingResult result = GetPaddingAlgorithm().Unpad(paddedBlock, PaddedBlockBitLength(), recoveredDigest);
- return result == DecodingResult(digestLen) && memcmp(digest, recoveredDigest, digestLen) == 0;
- }
- else
- {
- SecByteBlock paddedBlock2(PaddedBlockByteLength());
- GetPaddingAlgorithm().Pad(NullRNG(), digest, digestLen, paddedBlock2, PaddedBlockBitLength());
- return paddedBlock == paddedBlock2;
- }
+ x.Encode(ma.m_representative, ma.m_representative.size());
+}
+
+bool TF_VerifierBase::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
+{
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ bool result = GetMessageEncodingInterface().VerifyMessageRepresentative(
+ ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength());
+ ma.m_empty = true;
+ return result;
+}
+
+DecodingResult TF_VerifierBase::RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
+{
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ DecodingResult result = GetMessageEncodingInterface().RecoverMessageFromRepresentative(
+ ma.AccessHash(), GetHashIdentifier(), ma.m_empty, ma.m_representative, MessageRepresentativeBitLength(), recoveredMessage);
+ ma.m_empty = true;
+ return result;
}
-DecodingResult TF_DecryptorBase::FixedLengthDecrypt(const byte *cipherText, byte *plainText) const
+DecodingResult TF_DecryptorBase::FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const
{
SecByteBlock paddedBlock(PaddedBlockByteLength());
- Integer x = GetTrapdoorFunctionInterface().CalculateInverse(Integer(cipherText, FixedCiphertextLength()));
+ Integer x = GetTrapdoorFunctionInterface().CalculateInverse(rng, Integer(cipherText, FixedCiphertextLength()));
if (x.ByteCount() > paddedBlock.size())
x = Integer::Zero(); // don't return false here to prevent timing attack
x.Encode(paddedBlock, paddedBlock.size());
- return GetPaddingAlgorithm().Unpad(paddedBlock, PaddedBlockBitLength(), plainText);
+ return GetMessageEncodingInterface().Unpad(paddedBlock, PaddedBlockBitLength(), plainText);
}
void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const
@@ -51,7 +115,7 @@ void TF_EncryptorBase::Encrypt(RandomNumberGenerator &rng, const byte *plainText
throw InvalidArgument(AlgorithmName() + ": message too long for this public key");
SecByteBlock paddedBlock(PaddedBlockByteLength());
- GetPaddingAlgorithm().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength());
+ GetMessageEncodingInterface().Pad(rng, plainText, plainTextLength, paddedBlock, PaddedBlockBitLength());
GetTrapdoorFunctionInterface().ApplyRandomizedFunction(rng, Integer(paddedBlock, paddedBlock.size())).Encode(cipherText, FixedCiphertextLength());
}
diff --git a/pubkey.h b/pubkey.h
index 7331883..a5de59c 100644
--- a/pubkey.h
+++ b/pubkey.h
@@ -47,15 +47,6 @@ NAMESPACE_BEGIN(CryptoPP)
Integer NR_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen);
Integer DSA_EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLen);
-template <typename STANDARD>
-struct CryptoStandardTraits
-{
- typedef typename STANDARD::EncryptionPaddingAlgorithm EncryptionPaddingAlgorithm;
-
- template <class H> class SignaturePaddingAlgorithm {};
- template <class H> class DecoratedHashingAlgorithm {};
-};
-
// ********************************************************
//! .
@@ -75,6 +66,7 @@ class RandomizedTrapdoorFunction : public TrapdoorFunctionBounds
{
public:
virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0;
+ virtual bool IsRandomized() const {return true;}
};
//! .
@@ -83,6 +75,7 @@ class TrapdoorFunction : public RandomizedTrapdoorFunction
public:
Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const
{return ApplyFunction(x);}
+ bool IsRandomized() const {return false;}
virtual Integer ApplyFunction(const Integer &x) const =0;
};
@@ -94,6 +87,7 @@ public:
virtual ~RandomizedTrapdoorFunctionInverse() {}
virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
+ virtual bool IsRandomized() const {return true;}
};
//! .
@@ -103,50 +97,42 @@ public:
virtual ~TrapdoorFunctionInverse() {}
Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const
- {return CalculateInverse(x);}
+ {return CalculateInverse(rng, x);}
+ bool IsRandomized() const {return false;}
- virtual Integer CalculateInverse(const Integer &x) const =0;
+ virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
};
// ********************************************************
//! .
-class PK_PaddingAlgorithm
+class PK_EncryptionMessageEncodingMethod
{
public:
- virtual ~PK_PaddingAlgorithm() {}
+ virtual ~PK_EncryptionMessageEncodingMethod() {}
+ //! max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of modulus)
virtual unsigned int MaxUnpaddedLength(unsigned int paddedLength) const =0;
virtual void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedBitLength) const =0;
virtual DecodingResult Unpad(const byte *padded, unsigned int paddedBitLength, byte *raw) const =0;
-
- virtual bool IsReversible() const {return true;}
-};
-
-//! .
-class PK_NonreversiblePaddingAlgorithm : public PK_PaddingAlgorithm
-{
- DecodingResult Unpad(const byte *padded, unsigned int paddedBitLength, byte *raw) const {assert(false); return DecodingResult();}
- bool IsReversible() const {return false;}
};
// ********************************************************
//! .
-template <class TFI>
+template <class TFI, class MEI>
class TF_Base
{
protected:
- unsigned int PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());}
-
virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0;
- virtual const PK_PaddingAlgorithm & GetPaddingAlgorithm() const =0;
- virtual unsigned int PaddedBlockBitLength() const =0;
typedef TFI TrapdoorFunctionInterface;
virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const =0;
+
+ typedef MEI MessageEncodingInterface;
+ virtual const MessageEncodingInterface & GetMessageEncodingInterface() const =0;
};
// ********************************************************
@@ -156,22 +142,23 @@ template <class INTERFACE, class BASE>
class TF_CryptoSystemBase : public INTERFACE, protected BASE
{
public:
- unsigned int FixedMaxPlaintextLength() const {return GetPaddingAlgorithm().MaxUnpaddedLength(PaddedBlockBitLength());}
+ unsigned int FixedMaxPlaintextLength() const {return GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());}
unsigned int FixedCiphertextLength() const {return GetTrapdoorFunctionBounds().MaxImage().ByteCount();}
protected:
+ unsigned int PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());}
unsigned int PaddedBlockBitLength() const {return GetTrapdoorFunctionBounds().PreimageBound().BitCount()-1;}
};
//! .
-class TF_DecryptorBase : public TF_CryptoSystemBase<PK_FixedLengthDecryptor, TF_Base<TrapdoorFunctionInverse> >
+class TF_DecryptorBase : public TF_CryptoSystemBase<PK_FixedLengthDecryptor, TF_Base<TrapdoorFunctionInverse, PK_EncryptionMessageEncodingMethod> >
{
public:
- DecodingResult FixedLengthDecrypt(const byte *cipherText, byte *plainText) const;
+ DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const;
};
//! .
-class TF_EncryptorBase : public TF_CryptoSystemBase<PK_FixedLengthEncryptor, TF_Base<RandomizedTrapdoorFunction> >
+class TF_EncryptorBase : public TF_CryptoSystemBase<PK_FixedLengthEncryptor, TF_Base<RandomizedTrapdoorFunction, PK_EncryptionMessageEncodingMethod> >
{
public:
void Encrypt(RandomNumberGenerator &rng, const byte *plainText, unsigned int plainTextLength, byte *cipherText) const;
@@ -179,67 +166,192 @@ public:
// ********************************************************
+typedef std::pair<const byte *, unsigned int> HashIdentifier;
+
//! .
-class DigestSignatureSystem
+class PK_SignatureMessageEncodingMethod
{
public:
- virtual unsigned int MaxDigestLength() const =0;
- virtual unsigned int DigestSignatureLength() const =0;
+ virtual ~PK_SignatureMessageEncodingMethod() {}
+
+ virtual unsigned int MaxRecoverableLength(unsigned int representativeBitLength, unsigned int hashIdentifierLength, unsigned int digestLength) const
+ {return 0;}
+
+ bool IsProbabilistic() const
+ {return true;}
+ bool AllowNonrecoverablePart() const
+ {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
+ virtual bool RecoverablePartFirst() const
+ {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
+
+ // for verification, DL
+ virtual void ProcessSemisignature(HashTransformation &hash, const byte *semisignature, unsigned int semisignatureLength) const {}
+
+ // for signature
+ virtual void ProcessRecoverableMessage(HashTransformation &hash,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ const byte *presignature, unsigned int presignatureLength,
+ SecByteBlock &semisignature) const
+ {
+ if (RecoverablePartFirst())
+ assert(!"ProcessRecoverableMessage() not implemented");
+ }
+
+ virtual void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const =0;
+
+ virtual bool VerifyMessageRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const =0;
+
+ virtual DecodingResult RecoverMessageFromRepresentative( // for TF
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength,
+ byte *recoveredMessage) const
+ {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
+
+ virtual DecodingResult RecoverMessageFromSemisignature( // for DL
+ HashTransformation &hash, HashIdentifier hashIdentifier,
+ const byte *presignature, unsigned int presignatureLength,
+ const byte *semisignature, unsigned int semisignatureLength,
+ byte *recoveredMessage) const
+ {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");}
+
+ // VC60 workaround
+ struct HashIdentifierLookup
+ {
+ template <class H> struct HashIdentifierLookup2
+ {
+ static HashIdentifier Lookup()
+ {
+ return HashIdentifier(NULL, 0);
+ }
+ };
+ };
};
-//! .
-class DigestSigner : virtual public DigestSignatureSystem, public PrivateKeyAlgorithm
+class PK_DeterministicSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod
{
public:
- virtual void SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLen, byte *signature) const =0;
+ bool VerifyMessageRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
};
-//! .
-class DigestVerifier : virtual public DigestSignatureSystem, public PublicKeyAlgorithm
+class PK_RecoverableSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod
{
public:
- virtual bool VerifyDigest(const byte *digest, unsigned int digestLen, const byte *sig) const =0;
+ bool VerifyMessageRepresentative(
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
};
-// ********************************************************
+class DL_SignatureMessageEncodingMethod_DSA : public PK_DeterministicSignatureMessageEncodingMethod
+{
+public:
+ void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
+};
+
+class DL_SignatureMessageEncodingMethod_NR : public PK_DeterministicSignatureMessageEncodingMethod
+{
+public:
+ void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
+};
+
+class PK_MessageAccumulatorBase : public PK_MessageAccumulator
+{
+public:
+ PK_MessageAccumulatorBase() : m_empty(true) {}
+
+ virtual HashTransformation & AccessHash() =0;
+
+ void Update(const byte *input, unsigned int length)
+ {
+ AccessHash().Update(input, length);
+ m_empty = m_empty && length == 0;
+ }
+
+ SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature;
+ Integer m_k, m_s;
+ bool m_empty;
+};
+
+template <class HASH_ALGORITHM>
+class PK_MessageAccumulatorImpl : public PK_MessageAccumulatorBase, protected ObjectHolder<HASH_ALGORITHM>
+{
+public:
+ HashTransformation & AccessHash() {return m_object;}
+};
//! .
template <class INTERFACE, class BASE>
-class TF_DigestSignatureSystemBase : public INTERFACE, protected BASE
+class TF_SignatureSchemeBase : public INTERFACE, protected BASE
{
public:
- unsigned int MaxDigestLength() const {return GetPaddingAlgorithm().MaxUnpaddedLength(PaddedBlockBitLength());}
- unsigned int DigestSignatureLength() const {return GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
+ unsigned int SignatureLength() const
+ {return GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
+ unsigned int MaxRecoverableLength() const
+ {return GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());}
+ unsigned int MaxRecoverableLengthFromSignatureLength(unsigned int signatureLength) const
+ {return MaxRecoverableLength();}
+
+ bool IsProbabilistic() const
+ {return GetTrapdoorFunctionInterface().IsRandomized() || GetMessageEncodingInterface().IsProbabilistic();}
+ bool AllowNonrecoverablePart() const
+ {return GetMessageEncodingInterface().AllowNonrecoverablePart();}
+ bool RecoverablePartFirst() const
+ {return GetMessageEncodingInterface().RecoverablePartFirst();}
protected:
- unsigned int PaddedBlockBitLength() const {return GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;}
+ unsigned int MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());}
+ unsigned int MessageRepresentativeBitLength() const {return GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;}
+ virtual HashIdentifier GetHashIdentifier() const =0;
+ virtual unsigned int GetDigestSize() const =0;
};
//! .
-class TF_DigestSignerBase : public TF_DigestSignatureSystemBase<DigestSigner, TF_Base<RandomizedTrapdoorFunctionInverse> >
+class TF_SignerBase : public TF_SignatureSchemeBase<PK_Signer, TF_Base<RandomizedTrapdoorFunctionInverse, PK_SignatureMessageEncodingMethod> >
{
public:
- void SignDigest(RandomNumberGenerator &rng, const byte *message, unsigned int messageLength, byte *signature) const;
+ void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const;
+ unsigned int SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const;
};
//! .
-class TF_DigestVerifierBase : public TF_DigestSignatureSystemBase<DigestVerifier, TF_Base<TrapdoorFunction> >
+class TF_VerifierBase : public TF_SignatureSchemeBase<PK_Verifier, TF_Base<TrapdoorFunction, PK_SignatureMessageEncodingMethod> >
{
public:
- bool VerifyDigest(const byte *digest, unsigned int digestLen, const byte *sig) const;
+ void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const;
+ bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const;
+ DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const;
};
// ********************************************************
//! .
template <class T1, class T2, class T3>
-struct TF_SchemeOptions
+struct TF_CryptoSchemeOptions
{
typedef T1 AlgorithmInfo;
typedef T2 Keys;
typedef typename Keys::PrivateKey PrivateKey;
typedef typename Keys::PublicKey PublicKey;
- typedef T3 PaddingAlgorithm;
+ typedef T3 MessageEncodingMethod;
+};
+
+//! .
+template <class T1, class T2, class T3, class T4>
+struct TF_SignatureSchemeOptions : public TF_CryptoSchemeOptions<T1, T2, T3>
+{
+ typedef T4 HashFunction;
};
//! .
@@ -279,9 +391,23 @@ public:
const KeyClass & GetTrapdoorFunction() const {return GetKey();}
protected:
- const PK_PaddingAlgorithm & GetPaddingAlgorithm() const {static typename SCHEME_OPTIONS::PaddingAlgorithm paddingScheme; return paddingScheme;}
- const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const {return GetKey();}
- const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const {return GetKey();}
+ const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface() const
+ {static typename SCHEME_OPTIONS::MessageEncodingMethod messageEncodingMethod; return messageEncodingMethod;}
+ const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const
+ {return GetKey();}
+ const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const
+ {return GetKey();}
+
+ // for signature scheme
+ HashIdentifier GetHashIdentifier() const
+ {
+ typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L;
+ return L::Lookup();
+ }
+ unsigned int GetDigestSize() const
+ {
+ return SCHEME_OPTIONS::HashFunction::DIGESTSIZE;
+ }
};
//! .
@@ -345,267 +471,69 @@ class TF_EncryptorImpl : public TF_PublicObjectImpl<TF_EncryptorBase, SCHEME_OPT
//! .
template <class SCHEME_OPTIONS>
-class TF_DigestSignerImpl : public TF_PrivateObjectImpl<TF_DigestSignerBase, SCHEME_OPTIONS>
+class TF_SignerImpl : public TF_PrivateObjectImpl<TF_SignerBase, SCHEME_OPTIONS>
{
+ PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng = NullRNG()) const
+ {
+ return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>;
+ }
};
//! .
template <class SCHEME_OPTIONS>
-class TF_DigestVerifierImpl : public TF_PublicObjectImpl<TF_DigestVerifierBase, SCHEME_OPTIONS>
-{
-};
-
-// ********************************************************
-
-//! .
-template <class H>
-class P1363_MGF1
-{
-public:
- static std::string StaticAlgorithmName() {return std::string("MGF1(") + H::StaticAlgorithmName() + ")";}
- static void GenerateAndMask(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength);
-};
-
-template <class H>
-void P1363_MGF1<H>::GenerateAndMask(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength)
+class TF_VerifierImpl : public TF_PublicObjectImpl<TF_VerifierBase, SCHEME_OPTIONS>
{
- H h;
- ArrayXorSink *sink;
- HashFilter filter(h, sink = new ArrayXorSink(output, outputLength));
- word32 counter = 0;
- while (sink->AvailableSize() > 0)
+ PK_MessageAccumulator * NewVerificationAccumulator() const
{
- filter.Put(input, inputLength);
- filter.PutWord32(counter++);
- filter.MessageEnd();
+ return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>;
}
-}
-
-// ********************************************************
-
-//! .
-template <class H>
-class P1363_KDF2
-{
-public:
- static void DeriveKey(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength);
};
-template <class H>
-void P1363_KDF2<H>::DeriveKey(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength)
-{
- H h;
- ArraySink *sink;
- HashFilter filter(h, sink = new ArraySink(output, outputLength));
- word32 counter = 1;
- while (sink->AvailableSize() > 0)
- {
- filter.Put(input, inputLength);
- filter.PutWord32(counter++);
- filter.MessageEnd();
- }
-}
-
// ********************************************************
-//! .
-template <class H, class INTERFACE, class DS_INTERFACE>
-class PK_SignatureSchemeBase : public INTERFACE
-{
-public:
- unsigned int SignatureLength() const {return GetDigestSignatureSchemeInterface().DigestSignatureLength();}
- HashTransformation * NewMessageAccumulator() const {return new H;}
-
- virtual const DS_INTERFACE & GetDigestSignatureSchemeInterface() const =0;
-};
-
-//! .
-template <class H>
-class PK_SignerBase : public PK_SignatureSchemeBase<H, PK_Signer, DigestSigner>
-{
-public:
- void SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const;
-};
-
-//! .
-template <class H>
-class PK_VerifierBase : public PK_SignatureSchemeBase<H, PK_Verifier, DigestVerifier>
+class MaskGeneratingFunction
{
public:
- bool VerifyAndRestart(HashTransformation &messageAccumulator, const byte *sig) const;
+ virtual ~MaskGeneratingFunction() {}
+ virtual void GenerateAndMask(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask = true) const =0;
};
-template <class H>
-void PK_SignerBase<H>::SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const
-{
- if (messageAccumulator.DigestSize() > GetDigestSignatureSchemeInterface().MaxDigestLength())
- throw PK_Signer::KeyTooShort();
- SecByteBlock digest(messageAccumulator.DigestSize());
- messageAccumulator.Final(digest);
- GetDigestSignatureSchemeInterface().SignDigest(rng, digest, digest.size(), signature);
-}
-
-template <class H>
-bool PK_VerifierBase<H>::VerifyAndRestart(HashTransformation &messageAccumulator, const byte *sig) const
-{
- SecByteBlock digest(messageAccumulator.DigestSize());
- messageAccumulator.Final(digest);
- return GetDigestSignatureSchemeInterface().VerifyDigest(digest, digest.size(), sig);
-}
+void P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask, unsigned int counterStart);
//! .
-template <class BASE, class DS>
-class PK_SignatureSchemeImpl : public BASE
+class P1363_MGF1 : public MaskGeneratingFunction
{
public:
- typedef typename DS::KeyClass KeyClass;
-
- // PublicKeyAlgorithm or PrivateKeyAlgorithm
- std::string AlgorithmName() const {return m_ds.AlgorithmName();}
-
- PrivateKey & AccessPrivateKey() {return m_ds.AccessPrivateKey();}
- const PrivateKey & GetPrivateKey() const {return m_ds.GetPrivateKey();}
-
- PublicKey & AccessPublicKey() {return m_ds.AccessPublicKey();}
- const PublicKey & GetPublicKey() const {return m_ds.GetPublicKey();}
-
- KeyClass & AccessKey() {return m_ds.AccessKey();}
- const KeyClass & GetKey() const {return m_ds.GetKey();}
-
- const KeyClass & GetTrapdoorFunction() const {return m_ds.GetTrapdoorFunction();}
-
- DS & AccessDigestSignatureScheme() {return m_ds;}
- const DS & GetDigestSignatureScheme() const {return m_ds;}
-
-protected:
- DS m_ds;
-};
-
-//! .
-template <class DS, class H>
-class PK_SignerImpl : public PK_SignatureSchemeImpl<PK_SignerBase<H>, DS>, public PrivateKeyCopier<typename DS::SchemeOptions>
-{
- const DigestSigner & GetDigestSignatureSchemeInterface() const {return m_ds;}
-public:
- // PrivateKeyCopier
- void CopyKeyInto(typename DS::SchemeOptions::PublicKey &key) const
- {m_ds.CopyKeyInto(key);}
- void CopyKeyInto(typename DS::SchemeOptions::PrivateKey &key) const
- {m_ds.CopyKeyInto(key);}
-};
-
-//! .
-template <class DS, class H>
-class PK_VerifierImpl : public PK_SignatureSchemeImpl<PK_VerifierBase<H>, DS>, public PublicKeyCopier<typename DS::SchemeOptions>
-{
- const DigestVerifier & GetDigestSignatureSchemeInterface() const {return m_ds;}
-public:
- // PublicKeyCopier
- void CopyKeyInto(typename DS::SchemeOptions::PublicKey &key) const
- {m_ds.CopyKeyInto(key);}
+ static const char * StaticAlgorithmName() {return "MGF1";}
+#if 0
+ // VC60 workaround: this function causes internal compiler error
+ template <class H>
+ static void GenerateAndMaskTemplate(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, H* dummy=NULL)
+ {
+ H h;
+ P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, mask, 0);
+ }
+#endif
+ void GenerateAndMask(HashTransformation &hash, byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength, bool mask = true) const
+ {
+ P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, mask, 0);
+ }
};
// ********************************************************
//! .
-class SignatureEncodingMethodWithRecovery : public HashTransformationWithDefaultTruncation
-{
-public:
- void Final(byte *digest) {}
- virtual void Encode(RandomNumberGenerator &rng, byte *representative) =0;
- virtual bool Verify(const byte *representative) =0;
- virtual DecodingResult Decode(byte *message) =0;
- virtual unsigned int MaximumRecoverableLength() const =0;
-};
-
-//! .
template <class H>
-class SignatureSystemWithRecoveryBaseTemplate : virtual public PK_SignatureSchemeWithRecovery
-{
-public:
- unsigned int SignatureLength() const {return GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();}
- HashTransformation * NewMessageAccumulator() const {return new H(PaddedBlockBitLength());}
- unsigned int MaximumRecoverableLength() const {return H::MaximumRecoverableLength(PaddedBlockBitLength());}
- bool AllowLeftoverMessage() const {return H::AllowLeftoverMessage();}
-
-protected:
- unsigned int PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());}
- unsigned int PaddedBlockBitLength() const {return GetTrapdoorFunctionBounds().ImageBound().BitCount()-1;}
-
- virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0;
-};
-
-//! .
-template <class TF, class H>
-class SignerWithRecoveryTemplate : virtual public SignatureSystemWithRecoveryBaseTemplate<H>, virtual public PK_SignerWithRecovery, public TF
-{
-public:
- typedef TF KeyClass;
-
- const KeyClass & GetKey() const {return *this;}
- KeyClass & AccessKey() {return *this;}
-
- PrivateKey & AccessPrivateKey() {return *this;}
-
- SignerWithRecoveryTemplate() {}
- void SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const;
- const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const {return *this;}
-};
-
-//! .
-template <class TF, class H>
-class VerifierWithRecoveryTemplate : virtual public SignatureSystemWithRecoveryBaseTemplate<H>, virtual public PK_VerifierWithRecovery, public TF
+class P1363_KDF2
{
public:
- typedef TF KeyClass;
-
- const KeyClass & GetKey() const {return *this;}
- KeyClass & AccessKey() {return *this;}
-
- PublicKey & AccessPublicKey() {return *this;}
-
- VerifierWithRecoveryTemplate() {}
- bool VerifyAndRestart(HashTransformation &messageAccumulator, const byte *sig) const;
- bool SignatureUpfrontForRecovery() const {return true;}
- HashTransformation * NewRecoveryAccumulator(const byte *signature) const;
- DecodingResult Recover(byte *recoveredMessage, HashTransformation *recoveryAccumulator, const byte *signature) const;
- const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const {return *this;}
+ static void DeriveKey(byte *output, unsigned int outputLength, const byte *input, unsigned int inputLength)
+ {
+ H h;
+ P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, false, 1);
+ }
};
-template <class TF, class H>
-void SignerWithRecoveryTemplate<TF, H>::SignAndRestart(RandomNumberGenerator &rng, HashTransformation &messageAccumulator, byte *signature) const
-{
- H &ma = static_cast<H&>(messageAccumulator);
- if (ma.MaximumRecoverableLength() == 0)
- throw KeyTooShort();
- SecByteBlock representative(PaddedBlockByteLength());
- ma.Encode(rng, representative);
- CalculateInverse(Integer(representative, representative.size())).Encode(signature, SignatureLength());
-}
-
-template <class TF, class H>
-bool VerifierWithRecoveryTemplate<TF, H>::VerifyAndRestart(HashTransformation &messageAccumulator, const byte *signature) const
-{
- SecByteBlock representative(PaddedBlockByteLength());
- ApplyFunction(Integer(signature, SignatureLength())).Encode(representative, representative.size());
- return messageAccumulator.Verify(representative);
-}
-
-template <class TF, class H>
-HashTransformation * VerifierWithRecoveryTemplate<TF, H>::NewRecoveryAccumulator(const byte *signature) const
-{
- SecByteBlock representative(PaddedBlockByteLength());
- ApplyFunction(Integer(signature, SignatureLength())).Encode(representative, representative.size());
- return new H(representative, PaddedBlockBitLength());
-}
-
-template <class TF, class H>
-DecodingResult VerifierWithRecoveryTemplate<TF, H>::Recover(byte *recoveredMessage, HashTransformation *recoveryAccumulator, const byte *signature) const
-{
- std::auto_ptr<H> ma(static_cast<H*>(recoveryAccumulator));
- return ma->Decode(recoveredMessage);
-}
-
// ********************************************************
// to be thrown by DecodeElement and AgreeWithStaticPrivateKey
@@ -745,8 +673,7 @@ public:
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
{
- return GetAbstractGroupParameters().GetVoidValue(name, valueType, pValue)
- || GetValueHelper(this, name, valueType, pValue)
+ return GetValueHelper(this, name, valueType, pValue, &GetAbstractGroupParameters())
CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement);
}
@@ -787,8 +714,7 @@ public:
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
{
- return GetAbstractGroupParameters().GetVoidValue(name, valueType, pValue)
- || GetValueHelper(this, name, valueType, pValue)
+ return GetValueHelper(this, name, valueType, pValue, &GetAbstractGroupParameters())
CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent);
}
@@ -930,7 +856,7 @@ public:
{
typename SIGNATURE_SCHEME::Signer signer(*this);
typename SIGNATURE_SCHEME::Verifier verifier(signer);
- SignaturePairwiseConsistencyTest(signer, verifier);
+ SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
}
}
};
@@ -1001,9 +927,11 @@ template <class T>
class DL_ElgamalLikeSignatureAlgorithm
{
public:
- virtual Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLength) const =0;
- virtual bool Sign(const DL_GroupParameters<T> &params, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0;
+// virtual Integer EncodeDigest(unsigned int modulusBits, const byte *digest, unsigned int digestLength) const =0;
+ virtual void Sign(const DL_GroupParameters<T> &params, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0;
virtual bool Verify(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &e, const Integer &r, const Integer &s) const =0;
+ virtual Integer RecoverPresignature(const DL_GroupParameters<T> &params, const DL_PublicKey<T> &publicKey, const Integer &r, const Integer &s) const
+ {throw NotImplemented("DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery");}
virtual unsigned int RLen(const DL_GroupParameters<T> &params) const
{return params.GetSubgroupOrder().ByteCount();}
virtual unsigned int SLen(const DL_GroupParameters<T> &params) const
@@ -1057,23 +985,39 @@ protected:
//! .
template <class INTERFACE, class KEY_INTERFACE>
-class DL_DigestSignatureSystemBase : public INTERFACE, public DL_Base<KEY_INTERFACE>
+class DL_SignatureSchemeBase : public INTERFACE, public DL_Base<KEY_INTERFACE>
{
public:
- unsigned int MaxDigestLength() const {return UINT_MAX;}
- unsigned int DigestSignatureLength() const
+ unsigned int SignatureLength() const
{
return GetSignatureAlgorithm().RLen(GetAbstractGroupParameters())
+ GetSignatureAlgorithm().SLen(GetAbstractGroupParameters());
}
+ unsigned int MaxRecoverableLength() const
+ {return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());}
+ unsigned int MaxRecoverableLengthFromSignatureLength(unsigned int signatureLength) const
+ {assert(false); return 0;} // TODO
+
+ bool IsProbabilistic() const
+ {return true;}
+ bool AllowNonrecoverablePart() const
+ {return GetMessageEncodingInterface().AllowNonrecoverablePart();}
+ bool RecoverablePartFirst() const
+ {return GetMessageEncodingInterface().RecoverablePartFirst();}
protected:
+ unsigned int MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());}
+ unsigned int MessageRepresentativeBitLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().BitCount();}
+
virtual const DL_ElgamalLikeSignatureAlgorithm<CPP_TYPENAME KEY_INTERFACE::Element> & GetSignatureAlgorithm() const =0;
+ virtual const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const =0;
+ virtual HashIdentifier GetHashIdentifier() const =0;
+ virtual unsigned int GetDigestSize() const =0;
};
//! .
template <class T>
-class DL_DigestSignerBase : public DL_DigestSignatureSystemBase<DigestSigner, DL_PrivateKey<T> >
+class DL_SignerBase : public DL_SignatureSchemeBase<PK_Signer, DL_PrivateKey<T> >
{
public:
// for validation testing
@@ -1083,47 +1027,132 @@ public:
const DL_GroupParameters<T> &params = GetAbstractGroupParameters();
const DL_PrivateKey<T> &key = GetKeyInterface();
+ r = params.ConvertElementToInteger(params.ExponentiateBase(k));
alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
}
- void SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLength, byte *signature) const
+ void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, unsigned int recoverableMessageLength) const
+ {
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength);
+ GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(),
+ recoverableMessage, recoverableMessageLength,
+ ma.m_presignature, ma.m_presignature.size(),
+ ma.m_semisignature);
+ }
+
+ unsigned int SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
{
+ GetMaterial().DoQuickSanityCheck();
+
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm();
const DL_GroupParameters<T> &params = GetAbstractGroupParameters();
const DL_PrivateKey<T> &key = GetKeyInterface();
- GetMaterial().DoQuickSanityCheck();
- const Integer &q = params.GetSubgroupOrder();
- Integer e = alg.EncodeDigest(q.BitCount(), digest, digestLength);
- Integer k, r, s;
-
- do {k.Randomize(rng, 1, params.GetSubgroupOrder()-1);}
- while (!alg.Sign(params, key.GetPrivateExponent(), k, e, r, s));
+ SecByteBlock representative(MessageRepresentativeLength());
+ GetMessageEncodingInterface().ComputeMessageRepresentative(
+ rng,
+ ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
+ ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
+ representative, MessageRepresentativeBitLength());
+ ma.m_empty = true;
+ Integer e(representative, representative.size());
+
+ Integer r;
+ if (MaxRecoverableLength() > 0)
+ r.Decode(ma.m_semisignature, ma.m_semisignature.size());
+ else
+ r.Decode(ma.m_presignature, ma.m_presignature.size());
+ Integer s;
+ alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s);
unsigned int rLen = alg.RLen(params);
r.Encode(signature, rLen);
s.Encode(signature+rLen, alg.SLen(params));
+
+ if (restart)
+ RestartMessageAccumulator(rng, ma);
+
+ return SignatureLength();
+ }
+
+protected:
+ void RestartMessageAccumulator(RandomNumberGenerator &rng, PK_MessageAccumulatorBase &ma) const
+ {
+ const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm();
+ const DL_GroupParameters<T> &params = GetAbstractGroupParameters();
+ ma.m_k.Randomize(rng, 1, params.GetSubgroupOrder()-1);
+ ma.m_presignature.New(params.GetEncodedElementSize(false));
+ params.ConvertElementToInteger(params.ExponentiateBase(ma.m_k)).Encode(ma.m_presignature, ma.m_presignature.size());
}
};
//! .
template <class T>
-class DL_DigestVerifierBase : public DL_DigestSignatureSystemBase<DigestVerifier, DL_PublicKey<T> >
+class DL_VerifierBase : public DL_SignatureSchemeBase<PK_Verifier, DL_PublicKey<T> >
{
public:
- bool VerifyDigest(const byte *digest, unsigned int digestLength, const byte *signature) const
+ void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, unsigned int signatureLength) const
{
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm();
+ const DL_GroupParameters<T> &params = GetAbstractGroupParameters();
+
+ unsigned int rLen = alg.RLen(params);
+ ma.m_semisignature.Assign(signature, rLen);
+ ma.m_s.Decode(signature+rLen, alg.SLen(params));
+
+ GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.size());
+ }
+
+ bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
+ {
+ GetMaterial().DoQuickSanityCheck();
+
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm();
const DL_GroupParameters<T> &params = GetAbstractGroupParameters();
const DL_PublicKey<T> &key = GetKeyInterface();
+ SecByteBlock representative(MessageRepresentativeLength());
+ GetMessageEncodingInterface().ComputeMessageRepresentative(NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
+ ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
+ representative, MessageRepresentativeBitLength());
+ ma.m_empty = true;
+ Integer e(representative, representative.size());
+
+ Integer r(ma.m_semisignature, ma.m_semisignature.size());
+ return alg.Verify(params, key, e, r, ma.m_s);
+ }
+
+ DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
+ {
GetMaterial().DoQuickSanityCheck();
- const Integer &q = params.GetSubgroupOrder();
- Integer e = alg.EncodeDigest(q.BitCount(), digest, digestLength);
- unsigned int rLen = alg.RLen(params);
- Integer r(signature, rLen);
- Integer s(signature+rLen, alg.SLen(params));
- return alg.Verify(params, key, e, r, s);
+
+ PK_MessageAccumulatorBase &ma = static_cast<PK_MessageAccumulatorBase &>(messageAccumulator);
+ const DL_ElgamalLikeSignatureAlgorithm<T> &alg = GetSignatureAlgorithm();
+ const DL_GroupParameters<T> &params = GetAbstractGroupParameters();
+ const DL_PublicKey<T> &key = GetKeyInterface();
+
+ SecByteBlock representative(MessageRepresentativeLength());
+ GetMessageEncodingInterface().ComputeMessageRepresentative(
+ NullRNG(),
+ ma.m_recoverableMessage, ma.m_recoverableMessage.size(),
+ ma.AccessHash(), GetHashIdentifier(), ma.m_empty,
+ representative, MessageRepresentativeBitLength());
+ ma.m_empty = true;
+ Integer e(representative, representative.size());
+
+ ma.m_presignature.New(params.GetEncodedElementSize(false));
+ Integer r(ma.m_semisignature, ma.m_semisignature.size());
+ alg.RecoverPresignature(params, key, r, ma.m_s).Encode(ma.m_presignature, ma.m_presignature.size());
+
+ return GetMessageEncodingInterface().RecoverMessageFromSemisignature(
+ ma.AccessHash(), GetHashIdentifier(),
+ ma.m_presignature, ma.m_presignature.size(),
+ ma.m_semisignature, ma.m_semisignature.size(),
+ recoveredMessage);
}
};
@@ -1159,7 +1188,7 @@ class DL_DecryptorBase : public DL_CryptoSystemBase<PK, DL_PrivateKey<T> >
public:
typedef T Element;
- DecodingResult Decrypt(const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const
+ DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *cipherText, unsigned int cipherTextLength, byte *plainText) const
{
try
{
@@ -1237,10 +1266,12 @@ struct DL_KeyedSchemeOptions : public DL_SchemeOptionsBase<T1, typename T2::Publ
};
//! .
-template <class T1, class T2, class T3>
+template <class T1, class T2, class T3, class T4, class T5>
struct DL_SignatureSchemeOptions : public DL_KeyedSchemeOptions<T1, T2>
{
typedef T3 SignatureAlgorithm;
+ typedef T4 MessageEncodingMethod;
+ typedef T5 HashFunction;
};
//! .
@@ -1272,6 +1303,17 @@ protected:
typename BASE::KeyInterface & AccessKeyInterface() {return m_key;}
const typename BASE::KeyInterface & GetKeyInterface() const {return m_key;}
+ // for signature scheme
+ HashIdentifier GetHashIdentifier() const
+ {
+ typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::HashIdentifierLookup2<CPP_TYPENAME SchemeOptions::HashFunction> L;
+ return L::Lookup();
+ }
+ unsigned int GetDigestSize() const
+ {
+ return SchemeOptions::HashFunction::DIGESTSIZE;
+ }
+
private:
KeyClass m_key;
};
@@ -1292,6 +1334,10 @@ protected:
{static typename SCHEME_OPTIONS::KeyDerivationAlgorithm a; return a;}
const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const
{static typename SCHEME_OPTIONS::SymmetricEncryptionAlgorithm a; return a;}
+ HashIdentifier GetHashIdentifier() const
+ {return HashIdentifier();}
+ const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const
+ {static typename SCHEME_OPTIONS::MessageEncodingMethod a; return a;}
};
//! .
@@ -1316,14 +1362,24 @@ public:
//! .
template <class SCHEME_OPTIONS>
-class DL_DigestSignerImpl : public DL_PrivateObjectImpl<DL_DigestSignerBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS>
+class DL_SignerImpl : public DL_PrivateObjectImpl<DL_SignerBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS>
{
+ PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng = NullRNG()) const
+ {
+ std::auto_ptr<PK_MessageAccumulatorBase> p(new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>);
+ RestartMessageAccumulator(rng, *p);
+ return p.release();
+ }
};
//! .
template <class SCHEME_OPTIONS>
-class DL_DigestVerifierImpl : public DL_PublicObjectImpl<DL_DigestVerifierBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS>
+class DL_VerifierImpl : public DL_PublicObjectImpl<DL_VerifierBase<typename SCHEME_OPTIONS::Element>, SCHEME_OPTIONS>
{
+ PK_MessageAccumulator * NewVerificationAccumulator() const
+ {
+ return new PK_MessageAccumulatorImpl<CPP_TYPENAME SCHEME_OPTIONS::HashFunction>;
+ }
};
//! .
@@ -1578,14 +1634,14 @@ class TF_ES;
template <class STANDARD, class KEYS, class ALG_INFO = TF_ES<STANDARD, KEYS, int> >
class TF_ES : public KEYS
{
- typedef typename STANDARD::EncryptionPaddingAlgorithm PaddingAlgorithm;
+ typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod;
public:
//! see EncryptionStandard for a list of standards
typedef STANDARD Standard;
- typedef TF_SchemeOptions<ALG_INFO, KEYS, PaddingAlgorithm> SchemeOptions;
+ typedef TF_CryptoSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod> SchemeOptions;
- static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + PaddingAlgorithm::StaticAlgorithmName();}
+ static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + MessageEncodingMethod::StaticAlgorithmName();}
//! implements PK_Decryptor interface
typedef PK_FinalTemplate<TF_DecryptorImpl<SchemeOptions> > Decryptor;
@@ -1594,55 +1650,42 @@ public:
};
template <class STANDARD, class H, class KEYS, class ALG_INFO> // VC60 workaround: doesn't work if KEYS is first parameter
-class TF_SSA;
+class TF_SS;
-//! Trapdoor Function Based Signature Scheme With Appendix
-template <class STANDARD, class H, class KEYS, class ALG_INFO = TF_SSA<STANDARD, H, KEYS, int> > // VC60 workaround: doesn't work if KEYS is first parameter
-class TF_SSA : public KEYS
+//! Trapdoor Function Based Signature Scheme
+template <class STANDARD, class H, class KEYS, class ALG_INFO = TF_SS<STANDARD, H, KEYS, int> > // VC60 workaround: doesn't work if KEYS is first parameter
+class TF_SS : public KEYS
{
-#ifdef __GNUC__
- // GCC3 workaround: can't do this typedef in one line
- typedef typename STANDARD::SignaturePaddingAlgorithm<H> Type1;
- typedef typename Type1::type PaddingAlgorithm;
- typedef typename STANDARD::DecoratedHashingAlgorithm<H> Type2;
-public:
- typedef typename Type2::type DecoratedHashAlgorithm;
-#else
- // VC60 workaround: using STANDARD directly causes internal compiler error
- typedef CryptoStandardTraits<STANDARD> Traits;
- typedef typename Traits::SignaturePaddingAlgorithm<H>::type PaddingAlgorithm;
public:
- typedef typename Traits::DecoratedHashingAlgorithm<H>::type DecoratedHashAlgorithm;
-#endif
-
//! see SignatureStandard for a list of standards
typedef STANDARD Standard;
- typedef TF_SchemeOptions<ALG_INFO, KEYS, PaddingAlgorithm> SchemeOptions;
+ typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod;
+ typedef TF_SignatureSchemeOptions<ALG_INFO, KEYS, MessageEncodingMethod, H> SchemeOptions;
- static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + PaddingAlgorithm::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";}
+ static std::string StaticAlgorithmName() {return KEYS::StaticAlgorithmName() + "/" + MessageEncodingMethod::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";}
//! implements PK_Signer interface
- typedef PK_FinalTemplate<PK_SignerImpl<TF_DigestSignerImpl<SchemeOptions>, DecoratedHashAlgorithm> > Signer;
+ typedef PK_FinalTemplate<TF_SignerImpl<SchemeOptions> > Signer;
//! implements PK_Verifier interface
- typedef PK_FinalTemplate<PK_VerifierImpl<TF_DigestVerifierImpl<SchemeOptions>, DecoratedHashAlgorithm> > Verifier;
+ typedef PK_FinalTemplate<TF_VerifierImpl<SchemeOptions> > Verifier;
};
-template <class KEYS, class SA, class H, class ALG_INFO>
-class DL_SSA;
+template <class KEYS, class SA, class MEM, class H, class ALG_INFO>
+class DL_SS;
-//! Discrete Log Based Signature Scheme With Appendix
-template <class KEYS, class SA, class H, class ALG_INFO = DL_SSA<KEYS, SA, H, int> >
-class DL_SSA : public KEYS
+//! Discrete Log Based Signature Scheme
+template <class KEYS, class SA, class MEM, class H, class ALG_INFO = DL_SS<KEYS, SA, MEM, H, int> >
+class DL_SS : public KEYS
{
- typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA> SchemeOptions;
+ typedef DL_SignatureSchemeOptions<ALG_INFO, KEYS, SA, MEM, H> SchemeOptions;
public:
static std::string StaticAlgorithmName() {return SA::StaticAlgorithmName() + std::string("/EMSA1(") + H::StaticAlgorithmName() + ")";}
//! implements PK_Signer interface
- typedef PK_FinalTemplate<PK_SignerImpl<DL_DigestSignerImpl<SchemeOptions>, H> > Signer;
+ typedef PK_FinalTemplate<DL_SignerImpl<SchemeOptions> > Signer;
//! implements PK_Verifier interface
- typedef PK_FinalTemplate<PK_VerifierImpl<DL_DigestVerifierImpl<SchemeOptions>, H> > Verifier;
+ typedef PK_FinalTemplate<DL_VerifierImpl<SchemeOptions> > Verifier;
};
//! Discrete Log Based Encryption Scheme
diff --git a/rabin.cpp b/rabin.cpp
index 80e96a6..7f85056 100644
--- a/rabin.cpp
+++ b/rabin.cpp
@@ -5,6 +5,7 @@
#include "nbtheory.h"
#include "asn.h"
#include "sha.h"
+#include "modarith.h"
#include "oaep.cpp"
@@ -138,11 +139,17 @@ void InvertibleRabinFunction::DEREncode(BufferedTransformation &bt) const
seq.MessageEnd();
}
-Integer InvertibleRabinFunction::CalculateInverse(const Integer &in) const
+Integer InvertibleRabinFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &in) const
{
DoQuickSanityCheck();
- Integer cp=in%m_p, cq=in%m_q;
+ ModularArithmetic modn(m_n);
+ Integer r(rng, Integer::One(), m_n - Integer::One());
+ r = modn.Square(r);
+ Integer r2 = modn.Square(r);
+ Integer c = modn.Multiply(in, r2); // blind
+
+ Integer cp=c%m_p, cq=c%m_q;
int jp = Jacobi(cp, m_p);
int jq = Jacobi(cq, m_q);
@@ -167,6 +174,8 @@ Integer InvertibleRabinFunction::CalculateInverse(const Integer &in) const
Integer out = CRT(cq, m_q, cp, m_p, m_u);
+ out = modn.Divide(out, r); // unblind
+
if ((jq==-1 && out.IsEven()) || (jq==1 && out.IsOdd()))
out = m_n-out;
diff --git a/rabin.h b/rabin.h
index 34d21f5..f321271 100644
--- a/rabin.h
+++ b/rabin.h
@@ -57,7 +57,7 @@ public:
void BERDecode(BufferedTransformation &bt);
void DEREncode(BufferedTransformation &bt) const;
- Integer CalculateInverse(const Integer &x) const;
+ Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const;
bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
@@ -92,16 +92,8 @@ struct RabinES : public TF_ES<STANDARD, Rabin>
};
//! .
-template <class EM>
-struct RabinSSR
-{
- typedef PK_FinalTemplate<SignerWithRecoveryTemplate<InvertibleRabinFunction, EM> > Signer;
- typedef PK_FinalTemplate<VerifierWithRecoveryTemplate<RabinFunction, EM> > Verifier;
-};
-
-//! .
-template <class H>
-struct RabinPSSR : public RabinSSR<PSSR<H> >
+template <class STANDARD, class H>
+struct RabinSS : public TF_SS<STANDARD, H, Rabin>
{
};
@@ -112,12 +104,6 @@ class SHA;
typedef RabinES<OAEP<SHA> >::Decryptor RabinDecryptor;
typedef RabinES<OAEP<SHA> >::Encryptor RabinEncryptor;
-#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
-// simulate template typedef
-#define RabinSignerWith(H) RabinPSSR<H>::Signer
-#define RabinVerifierWith(H) RabinPSSR<H>::Verifier
-#endif
-
NAMESPACE_END
#endif
diff --git a/regtest.cpp b/regtest.cpp
index 38d80c2..b01351f 100644
--- a/regtest.cpp
+++ b/regtest.cpp
@@ -27,8 +27,9 @@ void RegisterFactories()
RegisterSignatureSchemeDefaultFactories<DSA>("DSA(1363)");
RegisterSignatureSchemeDefaultFactories<NR<SHA1> >("NR(1363)/EMSA1(SHA-1)");
RegisterSignatureSchemeDefaultFactories<GDSA<SHA1> >("DSA-1363/EMSA1(SHA-1)");
- RegisterSignatureSchemeDefaultFactories<RSASSA<PKCS1v15, MD2> >("RSA/PKCS1-1.5(MD2)");
- RegisterSignatureSchemeDefaultFactories<RSASSA<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)");
+ RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, MD2> >("RSA/PKCS1-1.5(MD2)");
+ RegisterSignatureSchemeDefaultFactories<RSASS<PKCS1v15, SHA1> >("RSA/PKCS1-1.5(SHA-1)");
RegisterSignatureSchemeDefaultFactories<ESIGN<SHA1> >("ESIGN/EMSA5-MGF1(SHA-1)");
- RegisterSignatureSchemeDefaultFactories<RWSSA<SHA1> >("RW/EMSA2(SHA-1)");
+ RegisterSignatureSchemeDefaultFactories<RWSS<P1363_EMSA2, SHA1> >("RW/EMSA2(SHA-1)");
+ RegisterSignatureSchemeDefaultFactories<RSASS<PSS, SHA1> >("RSA/PSS-MGF1(SHA-1)");
}
diff --git a/rsa.cpp b/rsa.cpp
index af82c02..9d690b9 100644
--- a/rsa.cpp
+++ b/rsa.cpp
@@ -4,25 +4,33 @@
#include "rsa.h"
#include "asn.h"
#include "oids.h"
+#include "modarith.h"
#include "nbtheory.h"
#include "sha.h"
#include "algparam.h"
#include "fips140.h"
+#ifndef NDEBUG
+#include "pssr.h"
+#endif
+
#include "oaep.cpp"
NAMESPACE_BEGIN(CryptoPP)
+#ifndef NDEBUG
void RSA_TestInstantiations()
{
- RSASSA<PKCS1v15, SHA>::Verifier x1(1, 1);
- RSASSA<PKCS1v15, SHA>::Signer x2(NullRNG(), 1);
- RSASSA<PKCS1v15, SHA>::Verifier x3(x2);
- RSASSA<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
- RSASSA<PKCS1v15, SHA>::Verifier x5(x3);
- RSASSA<PKCS1v15, SHA>::Signer x6 = x2;
+ RSASS<PKCS1v15, SHA>::Verifier x1(1, 1);
+ RSASS<PKCS1v15, SHA>::Signer x2(NullRNG(), 1);
+ RSASS<PKCS1v15, SHA>::Verifier x3(x2);
+ RSASS<PKCS1v15, SHA>::Verifier x4(x2.GetKey());
+ RSASS<PSS, SHA>::Verifier x5(x3);
+ RSASS<PSSR, SHA>::Signer x6 = x2;
RSAES<PKCS1v15>::Encryptor x7(x2);
+#ifndef __GNUC__
RSAES<PKCS1v15>::Encryptor x8(x3);
+#endif
RSAES<OAEP<SHA> >::Encryptor x9(x2);
x6 = x2;
@@ -31,6 +39,7 @@ void RSA_TestInstantiations()
#endif
x4 = x2.GetKey();
}
+#endif
template class OAEP<SHA>;
@@ -124,13 +133,13 @@ void InvertibleRSAFunction::GenerateRandom(RandomNumberGenerator &rng, const Nam
if (FIPS_140_2_ComplianceEnabled())
{
- RSASSA<PKCS1v15, SHA>::Signer signer(*this);
- RSASSA<PKCS1v15, SHA>::Verifier verifier(signer);
- SignaturePairwiseConsistencyTest(signer, verifier);
+ RSASS<PKCS1v15, SHA>::Signer signer(*this);
+ RSASS<PKCS1v15, SHA>::Verifier verifier(signer);
+ SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier);
RSAES<OAEP<SHA> >::Decryptor decryptor(*this);
RSAES<OAEP<SHA> >::Encryptor encryptor(decryptor);
- EncryptionPairwiseConsistencyTest(encryptor, decryptor);
+ EncryptionPairwiseConsistencyTest_FIPS_140_Only(encryptor, decryptor);
}
}
@@ -139,6 +148,40 @@ void InvertibleRSAFunction::Initialize(RandomNumberGenerator &rng, unsigned int
GenerateRandom(rng, MakeParameters("ModulusSize", (int)keybits)("PublicExponent", e+e.IsEven()));
}
+void InvertibleRSAFunction::Initialize(const Integer &n, const Integer &e, const Integer &d)
+{
+ m_n = n;
+ m_e = e;
+ m_d = d;
+
+ Integer r = --(d*e);
+ while (r.IsEven())
+ r >>= 1;
+
+ ModularArithmetic modn(n);
+ for (Integer i = 2; ; ++i)
+ {
+ Integer a = modn.Exponentiate(i, r);
+ if (a == 1)
+ continue;
+ Integer b;
+ while (a != -1)
+ {
+ b = modn.Square(a);
+ if (b == 1)
+ {
+ m_p = GCD(a-1, n);
+ m_q = n/m_p;
+ m_dp = m_d % (m_p-1);
+ m_dq = m_d % (m_q-1);
+ m_u = m_q.InverseMod(m_p);
+ return;
+ }
+ a = b;
+ }
+ }
+}
+
void InvertibleRSAFunction::BERDecodeKey(BufferedTransformation &bt)
{
BERSequenceDecoder privateKey(bt);
@@ -170,12 +213,20 @@ void InvertibleRSAFunction::DEREncodeKey(BufferedTransformation &bt) const
privateKey.MessageEnd();
}
-Integer InvertibleRSAFunction::CalculateInverse(const Integer &x) const
+Integer InvertibleRSAFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const
{
DoQuickSanityCheck();
+ ModularArithmetic modn(m_n);
+ Integer r(rng, Integer::One(), m_n - Integer::One());
+ Integer re = modn.Exponentiate(r, m_e);
+ re = modn.Multiply(re, x); // blind
// here we follow the notation of PKCS #1 and let u=q inverse mod p
// but in ModRoot, u=p inverse mod q, so we reverse the order of p and q
- return ModularRoot(x, m_dq, m_dp, m_q, m_p, m_u);
+ Integer y = ModularRoot(re, m_dq, m_dp, m_q, m_p, m_u);
+ y = modn.Divide(y, r); // unblind
+ if (modn.Exponentiate(y, m_e) != x) // check
+ throw Exception(Exception::OTHER_ERROR, "InvertibleRSAFunction: computational error during private key operation");
+ return y;
}
bool InvertibleRSAFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
@@ -223,14 +274,4 @@ void InvertibleRSAFunction::AssignFrom(const NameValuePairs &source)
;
}
-/*
-bool RSAFunctionInverse_NonCRT::Validate(RandomNumberGenerator &rng, unsigned int level) const
-{
- bool pass = true;
- pass = pass && m_n > Integer::One() && m_n.IsOdd();
- pass = pass && m_d > Integer::One() && m_d.IsOdd() && m_d < m_n;
- return pass;
-}
-*/
-
NAMESPACE_END
diff --git a/rsa.h b/rsa.h
index 49f9de6..7f82134 100644
--- a/rsa.h
+++ b/rsa.h
@@ -57,6 +57,8 @@ public:
void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &e = 17);
void Initialize(const Integer &n, const Integer &e, const Integer &d, const Integer &p, const Integer &q, const Integer &dp, const Integer &dq, const Integer &u)
{m_n = n; m_e = e; m_d = d; m_p = p; m_q = q; m_dp = dp; m_dq = dq; m_u = u;}
+ //! factor n given private exponent
+ void Initialize(const Integer &n, const Integer &e, const Integer &d);
// PKCS8PrivateKey
void BERDecode(BufferedTransformation &bt)
@@ -67,7 +69,7 @@ public:
void DEREncodeKey(BufferedTransformation &bt) const;
// TrapdoorFunctionInverse
- Integer CalculateInverse(const Integer &x) const;
+ Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const;
// GeneratableCryptoMaterial
bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
@@ -98,32 +100,6 @@ protected:
Integer m_d, m_p, m_q, m_dp, m_dq, m_u;
};
-/*
-//! .
-class RSAFunctionInverse_NonCRT : public TrapdoorFunctionBounds, public TrapdoorFunctionInverse, public PrivateKey
-{
-public:
- Integer CalculateInverse(const Integer &x) const
- {return a_exp_b_mod_c(x, m_d, m_n);}
- Integer PreimageBound() const {return m_n;}
- Integer ImageBound() const {return m_n;}
-
- bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
-
- const Integer& GetModulus() const {return m_n;}
- const Integer& GetDecryptionExponent() const {return m_d;}
-
- void SetModulus(const Integer &n) {m_n = n;}
- void SetDecryptionExponent(const Integer &d) {m_d = d;}
-
- void SetPrivateValues(const Integer &n, const Integer &d)
- {m_n = n; m_d = d;}
-
-private:
- Integer m_n, m_d;
-};
-*/
-
//! .
struct RSA
{
@@ -141,7 +117,7 @@ struct RSAES : public TF_ES<STANDARD, RSA>
//! <a href="http://www.weidai.com/scan-mirror/sig.html#RSA">RSA signature scheme with appendix</a>
/*! See documentation of PKCS1v15 for a list of hash functions that can be used with it. */
template <class STANDARD, class H>
-struct RSASSA : public TF_SSA<STANDARD, H, RSA>
+struct RSASS : public TF_SS<STANDARD, H, RSA>
{
};
@@ -153,14 +129,14 @@ typedef RSAES<OAEP<SHA> >::Decryptor RSAES_OAEP_SHA_Decryptor;
typedef RSAES<OAEP<SHA> >::Encryptor RSAES_OAEP_SHA_Encryptor;
// The three RSA signature schemes defined in PKCS #1 v2.0
-typedef RSASSA<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer;
-typedef RSASSA<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier;
+typedef RSASS<PKCS1v15, SHA>::Signer RSASSA_PKCS1v15_SHA_Signer;
+typedef RSASS<PKCS1v15, SHA>::Verifier RSASSA_PKCS1v15_SHA_Verifier;
-typedef RSASSA<PKCS1v15, MD2>::Signer RSASSA_PKCS1v15_MD2_Signer;
-typedef RSASSA<PKCS1v15, MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier;
+typedef RSASS<PKCS1v15, MD2>::Signer RSASSA_PKCS1v15_MD2_Signer;
+typedef RSASS<PKCS1v15, MD2>::Verifier RSASSA_PKCS1v15_MD2_Verifier;
-typedef RSASSA<PKCS1v15, MD5>::Signer RSASSA_PKCS1v15_MD5_Signer;
-typedef RSASSA<PKCS1v15, MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier;
+typedef RSASS<PKCS1v15, MD5>::Signer RSASSA_PKCS1v15_MD5_Signer;
+typedef RSASS<PKCS1v15, MD5>::Verifier RSASSA_PKCS1v15_MD5_Verifier;
NAMESPACE_END
diff --git a/rw.cpp b/rw.cpp
index 2bce748..ab3fb70 100644
--- a/rw.cpp
+++ b/rw.cpp
@@ -7,82 +7,53 @@
NAMESPACE_BEGIN(CryptoPP)
-template<> const byte EMSA2DigestDecoration<SHA>::decoration = 0x33;
-template<> const byte EMSA2DigestDecoration<RIPEMD160>::decoration = 0x31;
-
-void EMSA2Pad::Pad(RandomNumberGenerator &, const byte *input, unsigned int inputLen, byte *emsa2Block, unsigned int emsa2BlockLen) const
-{
- assert (inputLen > 0 && inputLen <= MaxUnpaddedLength(emsa2BlockLen));
-
- // convert from bit length to byte length
- emsa2BlockLen++;
- if (emsa2BlockLen % 8 > 1)
- {
- emsa2Block[0] = 0;
- emsa2Block++;
- }
- emsa2BlockLen /= 8;
-
- emsa2Block[0] = input[0]; // indicate empty or non-empty message
- memset(emsa2Block+1, 0xbb, emsa2BlockLen-inputLen-2); // padd with 0xbb
- emsa2Block[emsa2BlockLen-inputLen-1] = 0xba; // separator
- memcpy(emsa2Block+emsa2BlockLen-inputLen, input+1, inputLen-1);
- emsa2Block[emsa2BlockLen-1] = 0xcc; // make it congruent to 12 mod 16
-}
-
-DecodingResult EMSA2Pad::Unpad(const byte *emsa2Block, unsigned int emsa2BlockLen, byte *output) const
+void EMSA2Pad::ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const
{
- // convert from bit length to byte length
- emsa2BlockLen++;
- if (emsa2BlockLen % 8 > 1)
- {
- if (emsa2Block[0] != 0)
- return DecodingResult();
- emsa2Block++;
- }
- emsa2BlockLen /= 8;
-
- // check last byte
- if (emsa2Block[emsa2BlockLen-1] != 0xcc)
- return DecodingResult();
-
- // skip past the padding until we find the seperator
- unsigned i=1;
- while (i<emsa2BlockLen-1 && emsa2Block[i++] != 0xba)
- if (emsa2Block[i-1] != 0xbb) // not valid padding
- return DecodingResult();
- assert(i==emsa2BlockLen-1 || emsa2Block[i-1]==0xba);
-
- unsigned int outputLen = emsa2BlockLen - i;
- output[0] = emsa2Block[0];
- memcpy (output+1, emsa2Block+i, outputLen-1);
- return DecodingResult(outputLen);
+ if (representativeBitLength % 8 != 7)
+ throw PK_SignatureScheme::InvalidKeyLength("EMSA2: EMSA2 requires a key length that is a multiple of 8");
+
+ unsigned int digestSize = hash.DigestSize();
+ if (representativeBitLength < 8*digestSize + 31)
+ throw PK_SignatureScheme::KeyTooShort();
+
+ unsigned int representativeByteLength = BitsToBytes(representativeBitLength);
+
+ representative[0] = messageEmpty ? 0x4b : 0x6b;
+ memset(representative+1, 0xbb, representativeByteLength-digestSize-4); // padd with 0xbb
+ byte *afterP2 = representative+representativeByteLength-digestSize-3;
+ afterP2[0] = 0xba;
+ hash.Final(afterP2+1);
+ representative[representativeByteLength-2] = *hashIdentifier.first;
+ representative[representativeByteLength-1] = 0xcc;
}
// *****************************************************************************
-template <word r>
-void RWFunction<r>::BERDecode(BufferedTransformation &bt)
+void RWFunction::BERDecode(BufferedTransformation &bt)
{
BERSequenceDecoder seq(bt);
m_n.BERDecode(seq);
seq.MessageEnd();
}
-template <word r>
-void RWFunction<r>::DEREncode(BufferedTransformation &bt) const
+void RWFunction::DEREncode(BufferedTransformation &bt) const
{
DERSequenceEncoder seq(bt);
m_n.DEREncode(seq);
seq.MessageEnd();
}
-template <word r>
-Integer RWFunction<r>::ApplyFunction(const Integer &in) const
+Integer RWFunction::ApplyFunction(const Integer &in) const
{
DoQuickSanityCheck();
Integer out = in.Squared()%m_n;
+ const word r = 12;
+ // this code was written to handle both r = 6 and r = 12,
+ // but now only r = 12 is used in P1363
const word r2 = r/2;
const word r3a = (16 + 5 - r) % 16; // n%16 could be 5 or 13
const word r3b = (16 + 13 - r) % 16;
@@ -112,24 +83,21 @@ Integer RWFunction<r>::ApplyFunction(const Integer &in) const
return out;
}
-template <word r>
-bool RWFunction<r>::Validate(RandomNumberGenerator &rng, unsigned int level) const
+bool RWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
{
bool pass = true;
pass = pass && m_n > Integer::One() && m_n%8 == 5;
return pass;
}
-template <word r>
-bool RWFunction<r>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
+bool RWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
{
return GetValueHelper(this, name, valueType, pValue).Assignable()
CRYPTOPP_GET_FUNCTION_ENTRY(Modulus)
;
}
-template <word r>
-void RWFunction<r>::AssignFrom(const NameValuePairs &source)
+void RWFunction::AssignFrom(const NameValuePairs &source)
{
AssignFromHelper(this, source)
CRYPTOPP_SET_FUNCTION_ENTRY(Modulus)
@@ -140,8 +108,7 @@ void RWFunction<r>::AssignFrom(const NameValuePairs &source)
// private key operations:
// generate a random private key
-template <word r>
-void InvertibleRWFunction<r>::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
+void InvertibleRWFunction::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg)
{
int modulusSize = 2048;
alg.GetIntValue("ModulusSize", modulusSize) || alg.GetIntValue("KeySize", modulusSize);
@@ -157,8 +124,7 @@ void InvertibleRWFunction<r>::GenerateRandom(RandomNumberGenerator &rng, const N
m_u = m_q.InverseMod(m_p);
}
-template <word r>
-void InvertibleRWFunction<r>::BERDecode(BufferedTransformation &bt)
+void InvertibleRWFunction::BERDecode(BufferedTransformation &bt)
{
BERSequenceDecoder seq(bt);
m_n.BERDecode(seq);
@@ -168,8 +134,7 @@ void InvertibleRWFunction<r>::BERDecode(BufferedTransformation &bt)
seq.MessageEnd();
}
-template <word r>
-void InvertibleRWFunction<r>::DEREncode(BufferedTransformation &bt) const
+void InvertibleRWFunction::DEREncode(BufferedTransformation &bt) const
{
DERSequenceEncoder seq(bt);
m_n.DEREncode(seq);
@@ -179,9 +144,10 @@ void InvertibleRWFunction<r>::DEREncode(BufferedTransformation &bt) const
seq.MessageEnd();
}
-template <word r>
-Integer InvertibleRWFunction<r>::CalculateInverse(const Integer &in) const
+Integer InvertibleRWFunction::CalculateInverse(RandomNumberGenerator &rng, const Integer &in) const
{
+ // no need to do blinding because RW is only used for signatures
+
DoQuickSanityCheck();
Integer cp=in%m_p, cq=in%m_q;
@@ -200,10 +166,9 @@ Integer InvertibleRWFunction<r>::CalculateInverse(const Integer &in) const
return STDMIN(out, m_n-out);
}
-template <word r>
-bool InvertibleRWFunction<r>::Validate(RandomNumberGenerator &rng, unsigned int level) const
+bool InvertibleRWFunction::Validate(RandomNumberGenerator &rng, unsigned int level) const
{
- bool pass = RWFunction<r>::Validate(rng, level);
+ bool pass = RWFunction::Validate(rng, level);
pass = pass && m_p > Integer::One() && m_p%8 == 3 && m_p < m_n;
pass = pass && m_q > Integer::One() && m_q%8 == 7 && m_q < m_n;
pass = pass && m_u.IsPositive() && m_u < m_p;
@@ -217,27 +182,22 @@ bool InvertibleRWFunction<r>::Validate(RandomNumberGenerator &rng, unsigned int
return pass;
}
-template <word r>
-bool InvertibleRWFunction<r>::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
+bool InvertibleRWFunction::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
{
- return GetValueHelper<RWFunction<r> >(this, name, valueType, pValue).Assignable()
+ return GetValueHelper<RWFunction>(this, name, valueType, pValue).Assignable()
CRYPTOPP_GET_FUNCTION_ENTRY(Prime1)
CRYPTOPP_GET_FUNCTION_ENTRY(Prime2)
CRYPTOPP_GET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
;
}
-template <word r>
-void InvertibleRWFunction<r>::AssignFrom(const NameValuePairs &source)
+void InvertibleRWFunction::AssignFrom(const NameValuePairs &source)
{
- AssignFromHelper<RWFunction<r> >(this, source)
+ AssignFromHelper<RWFunction>(this, source)
CRYPTOPP_SET_FUNCTION_ENTRY(Prime1)
CRYPTOPP_SET_FUNCTION_ENTRY(Prime2)
CRYPTOPP_SET_FUNCTION_ENTRY(MultiplicativeInverseOfPrime2ModPrime1)
;
}
-template class RWFunction<IFSSA_R>;
-template class InvertibleRWFunction<IFSSA_R>;
-
NAMESPACE_END
diff --git a/rw.h b/rw.h
index 2dbfce5..76031f0 100644
--- a/rw.h
+++ b/rw.h
@@ -6,16 +6,12 @@
Rabin-Williams signature schemes as defined in IEEE P1363.
*/
-#include "pubkey.h"
#include "integer.h"
+#include "pssr.h"
NAMESPACE_BEGIN(CryptoPP)
-const word IFSSR_R = 6;
-const word IFSSA_R = 12;
-
//! .
-template <word r>
class RWFunction : virtual public TrapdoorFunction, public PublicKey
{
typedef RWFunction ThisClass;
@@ -43,8 +39,7 @@ protected:
};
//! .
-template <word r>
-class InvertibleRWFunction : public RWFunction<r>, public TrapdoorFunctionInverse, public PrivateKey
+class InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey
{
typedef InvertibleRWFunction ThisClass;
@@ -58,7 +53,7 @@ public:
void BERDecode(BufferedTransformation &bt);
void DEREncode(BufferedTransformation &bt) const;
- Integer CalculateInverse(const Integer &x) const;
+ Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const;
// GeneratibleCryptoMaterial
bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
@@ -80,80 +75,37 @@ protected:
};
//! .
-class EMSA2Pad : public PK_PaddingAlgorithm
+class EMSA2Pad : public EMSA2HashIdLookup<PK_DeterministicSignatureMessageEncodingMethod>
{
public:
static const char *StaticAlgorithmName() {return "EMSA2";}
unsigned int MaxUnpaddedLength(unsigned int paddedLength) const {return (paddedLength+1)/8-2;}
- void Pad(RandomNumberGenerator &rng, const byte *raw, unsigned int inputLength, byte *padded, unsigned int paddedLength) const;
- DecodingResult Unpad(const byte *padded, unsigned int paddedLength, byte *raw) const;
-};
-
-//! .
-template <class H>
-class EMSA2DecoratedHashModule : public HashTransformationWithDefaultTruncation
-{
-public:
- EMSA2DecoratedHashModule() : empty(true) {}
- void Update(const byte *input, unsigned int length)
- {h.Update(input, length); empty = empty && length==0;}
- unsigned int DigestSize() const;
- void Final(byte *digest);
- void Restart() {h.Restart(); empty=true;}
-
-private:
- H h;
- bool empty;
-};
-
-template <class H> struct EMSA2DigestDecoration
-{
- static const byte decoration;
+ void ComputeMessageRepresentative(RandomNumberGenerator &rng,
+ const byte *recoverableMessage, unsigned int recoverableMessageLength,
+ HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty,
+ byte *representative, unsigned int representativeBitLength) const;
};
//! EMSA2, for use with RW
/*! The following hash functions are supported: SHA, RIPEMD160. */
struct P1363_EMSA2 : public SignatureStandard
{
- template <class H> struct SignaturePaddingAlgorithm {typedef EMSA2Pad type;};
- template <class H> struct DecoratedHashingAlgorithm {typedef EMSA2DecoratedHashModule<H> type;};
+ typedef EMSA2Pad SignatureMessageEncodingMethod;
};
-template<> struct CryptoStandardTraits<P1363_EMSA2> : public P1363_EMSA2 {};
-
-// EMSA2DecoratedHashModule can be instantiated with the following two classes.
-class SHA;
-class RIPEMD160;
-
-template <class H>
-void EMSA2DecoratedHashModule<H>::Final(byte *digest)
-{
- digest[0] = empty ? 0x4b : 0x6b;
- h.Final(digest+1);
- digest[DigestSize()-1] = EMSA2DigestDecoration<H>::decoration;
- empty=true;
-}
-
-template <class H>
-unsigned int EMSA2DecoratedHashModule<H>::DigestSize() const
-{
- return h.DigestSize() + 2;
-}
-
//! .
-template <word r>
struct RW
{
static std::string StaticAlgorithmName() {return "RW";}
- typedef RWFunction<r> PublicKey;
- typedef InvertibleRWFunction<r> PrivateKey;
+ typedef RWFunction PublicKey;
+ typedef InvertibleRWFunction PrivateKey;
};
-//! RW
-template <class H, class STANDARD = P1363_EMSA2>
-struct RWSSA : public TF_SSA<STANDARD, H, RW<IFSSA_R> >
+//! RWSS
+template <class STANDARD, class H>
+struct RWSS : public TF_SS<STANDARD, H, RW>
{
};
diff --git a/simple.h b/simple.h
index f57d1f8..e26cefd 100644
--- a/simple.h
+++ b/simple.h
@@ -151,6 +151,8 @@ public:
{ChannelPut(channel, inString, length); return false;}
virtual unsigned int ChannelPut2(const std::string &channel, const byte *begin, unsigned int length, int messageEnd, bool blocking) =0;
+ unsigned int ChannelPutModifiable2(const std::string &channel, byte *begin, unsigned int length, int messageEnd, bool blocking)
+ {return ChannelPut2(channel, begin, length, messageEnd, blocking);}
virtual void ChannelInitialize(const std::string &channel, const NameValuePairs &parameters=g_nullNameValuePairs, int propagation=-1) =0;
virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) =0;
diff --git a/socketft.h b/socketft.h
index 58f2702..2ce5454 100644
--- a/socketft.h
+++ b/socketft.h
@@ -113,7 +113,6 @@ protected:
bool m_own;
};
-//! contributed by Denis Bider
class SocketsInitializer
{
public:
diff --git a/test.cpp b/test.cpp
index 926d98d..f12b199 100644
--- a/test.cpp
+++ b/test.cpp
@@ -448,7 +448,7 @@ void FIPS140_SampleApplication(const char *moduleFilename, const char *edcFilena
signer.SignMessage(rng, message, 3, signature);
DSA::Verifier verifier(dsaPublicKey);
- if (!verifier.VerifyMessage(message, 3, signature))
+ if (!verifier.VerifyMessage(message, 3, signature, 40))
{
cerr << "DSA signature and verification failed.\n";
abort();
@@ -458,7 +458,7 @@ void FIPS140_SampleApplication(const char *moduleFilename, const char *edcFilena
// try to verify an invalid signature
signature[0] ^= 1;
- if (verifier.VerifyMessage(message, 3, signature))
+ if (verifier.VerifyMessage(message, 3, signature, 40))
{
cerr << "DSA signature verification failed to detect bad signature.\n";
abort();
@@ -538,7 +538,7 @@ string RSADecryptString(const char *privFilename, const char *ciphertext)
RSAES_OAEP_SHA_Decryptor priv(privFile);
string result;
- StringSource(ciphertext, true, new HexDecoder(new PK_DecryptorFilter(priv, new StringSink(result))));
+ StringSource(ciphertext, true, new HexDecoder(new PK_DecryptorFilter(GlobalRNG(), priv, new StringSink(result))));
return result;
}
@@ -921,6 +921,7 @@ bool Validate(int alg, bool thorough, const char *seed)
case 56: result = ValidatePBKDF(); break;
case 57: result = ValidateESIGN(); break;
case 58: result = ValidateDLIES(); break;
+ case 59: result = ValidateBaseCode(); break;
default: result = ValidateAll(thorough); break;
}
diff --git a/usage.dat b/usage.dat
index 201aece..d885914 100644
--- a/usage.dat
+++ b/usage.dat
@@ -56,7 +56,7 @@ Test Driver for Crypto++(TM) Library, a C++ Class Library of Cryptographic Schem
- To forward a TCP connection
cryptest ft source-port destination-host destination-port
-- To run the FIPS-140-2 sample application
+- To run the FIPS 140-2 sample application
cryptest fips
- To run validation tests
diff --git a/validat1.cpp b/validat1.cpp
index 9c03951..b4b6fa7 100644
--- a/validat1.cpp
+++ b/validat1.cpp
@@ -4,6 +4,7 @@
#include "files.h"
#include "hex.h"
+#include "base64.h"
#include "modes.h"
#include "cbcmac.h"
#include "dmac.h"
@@ -1258,3 +1259,53 @@ bool ValidateSEAL()
cout << (pass ? "passed" : "FAILED") << endl;
return pass;
}
+
+bool ValidateBaseCode()
+{
+ bool pass = true, fail;
+ byte data[255];
+ for (unsigned int i=0; i<255; i++)
+ data[i] = i;
+ const char *hexEncoded =
+"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627"
+"28292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F"
+"505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071727374757677"
+"78797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9F"
+"A0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7"
+"C8C9CACBCCCDCECFD0D1D2D3D4D5D6D7D8D9DADBDCDDDEDFE0E1E2E3E4E5E6E7E8E9EAEBECEDEEEF"
+"F0F1F2F3F4F5F6F7F8F9FAFBFCFDFE";
+ const char *base64AndHexEncoded =
+"41414543417751464267634943516F4C4441304F4478415245684D554652595847426B6147787764"
+"486838674953496A4A43556D4A7967704B6973734C5334764D4445794D7A51310A4E6A63344F546F"
+"375044302B50304242516B4E4552555A4853456C4B5330784E546B395155564A5456465657563168"
+"5A576C746358563566594746695932526C5A6D646F615770720A6247317562334278636E4E306458"
+"5A3365486C3665337839666E2B4167594B44684957476834694A696F754D6A5936506B4A47536B35"
+"53566C7065596D5A71626E4A32656E3643680A6F714F6B7061616E714B6D717136797472712B7773"
+"624B7A744C573274376935757275387662362F774D484377385446787366497963724C7A4D334F7A"
+"39445230745055316462580A324E6E6132397A6433742F6734654C6A354F586D352B6A7036757673"
+"3765377638504879382F5431397666342B6672372F50332B0A";
+
+ cout << "\nBase64 and hex coding validation suite running...\n\n";
+
+ fail = !TestFilter(HexEncoder().Ref(), data, 255, (const byte *)hexEncoded, strlen(hexEncoded));
+ cout << (fail ? "FAILED " : "passed ");
+ cout << "Hex Encoding\n";
+ pass = pass && !fail;
+
+ fail = !TestFilter(HexDecoder().Ref(), (const byte *)hexEncoded, strlen(hexEncoded), data, 255);
+ cout << (fail ? "FAILED " : "passed ");
+ cout << "Hex Decoding\n";
+ pass = pass && !fail;
+
+ fail = !TestFilter(Base64Encoder(new HexEncoder).Ref(), data, 255, (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded));
+ cout << (fail ? "FAILED " : "passed ");
+ cout << "Base64 Encoding\n";
+ pass = pass && !fail;
+
+ fail = !TestFilter(HexDecoder(new Base64Decoder).Ref(), (const byte *)base64AndHexEncoded, strlen(base64AndHexEncoded), data, 255);
+ cout << (fail ? "FAILED " : "passed ");
+ cout << "Base64 Decoding\n";
+ pass = pass && !fail;
+
+ return pass;
+}
diff --git a/validat2.cpp b/validat2.cpp
index 783f7be..9a93019 100644
--- a/validat2.cpp
+++ b/validat2.cpp
@@ -113,23 +113,42 @@ bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false)
const byte *message = (byte *)"test message";
const int messageLen = 12;
- byte buffer[512];
- memset(buffer, 0, sizeof(buffer));
- priv.SignMessage(GlobalRNG(), message, messageLen, buffer);
- fail = !pub.VerifyMessage(message, messageLen, buffer);
+ SecByteBlock signature(priv.MaxSignatureLength());
+ unsigned int signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature);
+ fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature and verification\n";
- ++buffer[0];
- fail = pub.VerifyMessage(message, messageLen, buffer);
+ ++signature[0];
+ fail = pub.VerifyMessage(message, messageLen, signature, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "checking invalid signature" << endl;
+ if (priv.MaxRecoverableLength() > 0)
+ {
+ signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULL, 0, signature);
+ SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength));
+ DecodingResult result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
+ fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0);
+ pass = pass && !fail;
+
+ cout << (fail ? "FAILED " : "passed ");
+ cout << "signature and verification with recovery" << endl;
+
+ ++signature[0];
+ result = pub.RecoverMessage(recovered, NULL, 0, signature, signatureLength);
+ fail = result.isValidCoding;
+ pass = pass && !fail;
+
+ cout << (fail ? "FAILED " : "passed ");
+ cout << "recovery with invalid signature" << endl;
+ }
+
return pass;
}
@@ -149,7 +168,7 @@ bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough =
SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size()));
pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext);
- fail = priv.Decrypt(ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
+ fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen);
fail = fail || memcmp(message, plaintext, messageLen);
pass = pass && !fail;
@@ -254,21 +273,21 @@ bool ValidateRSA()
RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys);
RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv);
- rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
+ unsigned int signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out);
fail = memcmp(signature, out, 64) != 0;
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature check against test vector\n";
- fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out);
+ fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "verification check against test vector\n";
out[10]++;
- fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out);
+ fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
@@ -305,7 +324,7 @@ bool ValidateRSA()
memset(out, 0, 50);
memset(outPlain, 0, 8);
rsaPub.Encrypt(rng, plain, 8, out);
- DecodingResult result = rsaPriv.FixedLengthDecrypt(encrypted, outPlain);
+ DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain);
fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8);
pass = pass && !fail;
@@ -447,20 +466,20 @@ bool ValidateDSA(bool thorough)
cout << (fail ? "FAILED " : "passed ");
cout << "prime generation test\n";
- priv.GetDigestSignatureScheme().RawSign(k, h, rOut, sOut);
+ priv.RawSign(k, h, rOut, sOut);
fail = (rOut != r) || (sOut != s);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature check against test vector\n";
- fail = !pub.VerifyMessage((byte *)"abc", 3, sig);
+ fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "verification check against test vector\n";
- fail = pub.VerifyMessage((byte *)"xyz", 3, sig);
+ fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
pass = pass && !fail;
}
FileSource fs1("dsa1024.dat", true, new HexDecoder());
@@ -518,8 +537,8 @@ bool ValidateRabin()
{
FileSource f("rabi1024.dat", true, new HexDecoder);
- RabinPSSR<SHA>::Signer priv(f);
- RabinPSSR<SHA>::Verifier pub(priv);
+ RabinSS<PSSR, SHA>::Signer priv(f);
+ RabinSS<PSSR, SHA>::Verifier pub(priv);
pass = SignatureValidate(priv, pub) && pass;
}
{
@@ -535,8 +554,8 @@ bool ValidateRW()
cout << "\nRW validation suite running...\n\n";
FileSource f("rw1024.dat", true, new HexDecoder);
- RWSSA<SHA>::Signer priv(f);
- RWSSA<SHA>::Verifier pub(priv);
+ RWSS<PSSR, SHA>::Signer priv(f);
+ RWSS<PSSR, SHA>::Verifier pub(priv);
return SignatureValidate(priv, pub);
}
@@ -681,20 +700,20 @@ bool ValidateECDSA()
Integer rOut, sOut;
bool fail, pass=true;
- priv.GetDigestSignatureScheme().RawSign(k, h, rOut, sOut);
+ priv.RawSign(k, h, rOut, sOut);
fail = (rOut != r) || (sOut != s);
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "signature check against test vector\n";
- fail = !pub.VerifyMessage((byte *)"abc", 3, sig);
+ fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig));
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
cout << "verification check against test vector\n";
- fail = pub.VerifyMessage((byte *)"xyz", 3, sig);
+ fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig));
pass = pass && !fail;
pass = SignatureValidate(priv, pub) && pass;
@@ -723,7 +742,7 @@ bool ValidateESIGN()
fail = !SignatureValidate(signer, verifier);
pass = pass && !fail;
- fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature);
+ fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength());
pass = pass && !fail;
cout << (fail ? "FAILED " : "passed ");
diff --git a/validate.h b/validate.h
index 7c2a1d7..486cf48 100644
--- a/validate.h
+++ b/validate.h
@@ -7,6 +7,7 @@
bool ValidateAll(bool thorough);
bool TestSettings();
bool TestOS_RNG();
+bool ValidateBaseCode();
bool ValidateCRC32();
bool ValidateAdler32();
diff --git a/wait.cpp b/wait.cpp
index f7a0e36..c97d714 100644
--- a/wait.cpp
+++ b/wait.cpp
@@ -34,24 +34,161 @@ void WaitObjectContainer::Clear()
#ifdef USE_WINDOWS_STYLE_SOCKETS
+struct WaitingThreadData
+{
+ bool waitingToWait, terminate;
+ HANDLE startWaiting, stopWaiting;
+ const HANDLE *waitHandles;
+ unsigned int count;
+ HANDLE threadHandle;
+ DWORD threadId;
+ DWORD* error;
+};
+
+WaitObjectContainer::~WaitObjectContainer()
+{
+ if (!m_threads.empty())
+ {
+ HANDLE threadHandles[MAXIMUM_WAIT_OBJECTS];
+ unsigned int i;
+ for (i=0; i<m_threads.size(); i++)
+ {
+ WaitingThreadData &thread = *m_threads[i];
+ while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state
+ Sleep(0);
+ thread.terminate = true;
+ threadHandles[i] = thread.threadHandle;
+ }
+ PulseEvent(m_startWaiting);
+ ::WaitForMultipleObjects(m_threads.size(), threadHandles, TRUE, INFINITE);
+ for (i=0; i<m_threads.size(); i++)
+ CloseHandle(threadHandles[i]);
+ CloseHandle(m_startWaiting);
+ CloseHandle(m_stopWaiting);
+ }
+}
+
void WaitObjectContainer::AddHandle(HANDLE handle)
{
m_handles.push_back(handle);
}
+DWORD WINAPI WaitingThread(LPVOID lParam)
+{
+ std::auto_ptr<WaitingThreadData> pThread((WaitingThreadData *)lParam);
+ WaitingThreadData &thread = *pThread;
+ std::vector<HANDLE> handles;
+
+ while (true)
+ {
+ thread.waitingToWait = true;
+ ::WaitForSingleObject(thread.startWaiting, INFINITE);
+ thread.waitingToWait = false;
+
+ if (thread.terminate)
+ return S_OK;
+ if (!thread.count)
+ continue;
+
+ handles.resize(thread.count + 1);
+ handles[0] = thread.stopWaiting;
+ std::copy(thread.waitHandles, thread.waitHandles+thread.count, handles.begin()+1);
+
+ DWORD result = ::WaitForMultipleObjects(handles.size(), handles.begin(), FALSE, INFINITE);
+
+ if (result == WAIT_OBJECT_0)
+ continue; // another thread finished waiting first, so do nothing
+ SetEvent(thread.stopWaiting);
+ if (!(result > WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + handles.size()))
+ {
+ assert(!"error in WaitingThread"); // break here so we can see which thread has an error
+ *thread.error = ::GetLastError();
+ }
+ }
+}
+
+void WaitObjectContainer::CreateThreads(unsigned int count)
+{
+ unsigned int currentCount = m_threads.size();
+ if (currentCount == 0)
+ {
+ m_startWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL);
+ m_stopWaiting = ::CreateEvent(NULL, TRUE, FALSE, NULL);
+ }
+
+ if (currentCount < count)
+ {
+ m_threads.resize(count);
+ for (unsigned int i=currentCount; i<count; i++)
+ {
+ m_threads[i] = new WaitingThreadData;
+ WaitingThreadData &thread = *m_threads[i];
+ thread.terminate = false;
+ thread.startWaiting = m_startWaiting;
+ thread.stopWaiting = m_stopWaiting;
+ thread.waitingToWait = false;
+ thread.threadHandle = CreateThread(NULL, 0, &WaitingThread, &thread, 0, &thread.threadId);
+ }
+ }
+}
+
bool WaitObjectContainer::Wait(unsigned long milliseconds)
{
if (m_noWait || m_handles.empty())
return true;
- DWORD result = ::WaitForMultipleObjects(m_handles.size(), &m_handles[0], FALSE, milliseconds);
-
- if (result >= WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + m_handles.size())
- return true;
- else if (result == WAIT_TIMEOUT)
- return false;
+ if (m_handles.size() > MAXIMUM_WAIT_OBJECTS)
+ {
+ // too many wait objects for a single WaitForMultipleObjects call, so use multiple threads
+ static const unsigned int WAIT_OBJECTS_PER_THREAD = MAXIMUM_WAIT_OBJECTS-1;
+ unsigned int nThreads = (m_handles.size() + WAIT_OBJECTS_PER_THREAD - 1) / WAIT_OBJECTS_PER_THREAD;
+ if (nThreads > MAXIMUM_WAIT_OBJECTS) // still too many wait objects, maybe implement recursive threading later?
+ throw Err("WaitObjectContainer: number of wait objects exceeds limit");
+ CreateThreads(nThreads);
+ DWORD error = S_OK;
+
+ for (unsigned int i=0; i<m_threads.size(); i++)
+ {
+ WaitingThreadData &thread = *m_threads[i];
+ while (!thread.waitingToWait) // spin until thread is in the initial "waiting to wait" state
+ Sleep(0);
+ if (i<nThreads)
+ {
+ thread.waitHandles = m_handles.begin() + i*WAIT_OBJECTS_PER_THREAD;
+ thread.count = STDMIN(WAIT_OBJECTS_PER_THREAD, m_handles.size() - i*WAIT_OBJECTS_PER_THREAD);
+ thread.error = &error;
+ }
+ else
+ thread.count = 0;
+ }
+
+ ResetEvent(m_stopWaiting);
+ PulseEvent(m_startWaiting);
+
+ DWORD result = ::WaitForSingleObject(m_stopWaiting, milliseconds);
+ if (result == WAIT_OBJECT_0)
+ {
+ if (error == S_OK)
+ return true;
+ else
+ throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(error));
+ }
+ SetEvent(m_stopWaiting);
+ if (result == WAIT_TIMEOUT)
+ return false;
+ else
+ throw Err("WaitObjectContainer: WaitForSingleObject failed with error " + IntToString(::GetLastError()));
+ }
else
- throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError()));
+ {
+ DWORD result = ::WaitForMultipleObjects(m_handles.size(), &m_handles[0], FALSE, milliseconds);
+ if (result >= WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + m_handles.size())
+ return true;
+ else if (result == WAIT_TIMEOUT)
+ return false;
+ else
+ throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError()));
+ }
}
#else
diff --git a/wait.h b/wait.h
index a72c187..4619398 100644
--- a/wait.h
+++ b/wait.h
@@ -16,6 +16,8 @@
NAMESPACE_BEGIN(CryptoPP)
+struct WaitingThreadData;
+
//! container of wait objects
class WaitObjectContainer
{
@@ -34,6 +36,7 @@ public:
bool Wait(unsigned long milliseconds);
#ifdef USE_WINDOWS_STYLE_SOCKETS
+ ~WaitObjectContainer();
void AddHandle(HANDLE handle);
#else
void AddReadFd(int fd);
@@ -42,7 +45,11 @@ public:
private:
#ifdef USE_WINDOWS_STYLE_SOCKETS
+ void CreateThreads(unsigned int count);
std::vector<HANDLE> m_handles;
+ std::vector<WaitingThreadData *> m_threads;
+ HANDLE m_startWaiting;
+ HANDLE m_stopWaiting;
#else
fd_set m_readfds, m_writefds;
int m_maxFd;
View Lorry Controller Status