Dear all,
This email is still about the implementation of RSA PSS. Based on the code I
posted yesterday, I found the problem may exist in the verification
function. I pasted the RSA_verify_PKCS1_PSS() code from
/crypto/rsa/rsa_pss.c in my code to replace the function call of
RSA_verify_PKCS1_PSS().
I debug this part step by step and find that the abnormal value is in the
following part:
if (EM[emLen - 1] != 0xbc)
{
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
goto err;
}
I am not sure about the implied meaning of this line. It seems that the last
octet of EM should be equal to 0xbc. Could anyone please tell me the meaning
of this line, and if there are some error bits in the previous encode
process? Thank you so much. I will post my code in the following. Hope that
there is no formation problem this time.
/*Sig function*/
unsigned char* sign(unsigned char *apdu_dig, RSA *pKey)
{
unsigned char sig[128];
unsigned char pad[128];
RSA_padding_add_PKCS1_PSS(pKey, pad, apdu_dig, EVP_sha256(), -2);
RSA_private_encrypt(128, pad, sig, pKey, RSA_NO_PADDING);
retrurn goose_sig;
}
/*Veri function*/
int verification (unsigned char *apdu_data, unsigned char *signature, int
data_len, int sig_len, RSA *pKey)
{
unsigned char decrypted_sig[128];
unsigned char *apdu_dig;
int ret;
apdu_dig = digest(apdu_data, data_len); //This function works fine.
RSA_public_decrypt(128, signature, decrypted_sig, pKey, RSA_NO_PADDING);
/*ret = RSA_verify_PKCS1_PSS(pKey, apdu_dig, EVP_sha256(), decrypted_sig,
-2);*/
//This line will be replaced by the code in /crypto/rsa/rsa_pss.c
......................................
if (EM[emLen - 1] != 0xbc)
{
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
goto err;
}
....................................
return ret;
}
Best Regards,
Xiang
