Dear all,
I have made my code work now. Thank you so much.
Best Regards,
Xiang
2010/6/29 翔芦 <luxiang...@gmail.com>
> Dear all,
>
> This email is still about the implementation of RSA PSS. Based on the code
> I posted yesterday, I found the problem may exist in the verification
> function. I pasted the RSA_verify_PKCS1_PSS() code from
> /crypto/rsa/rsa_pss.c in my code to replace the function call of
> RSA_verify_PKCS1_PSS().
>
> I debug this part step by step and find that the abnormal value is in the
> following part:
>
> if (EM[emLen - 1] != 0xbc)
> {
> RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
> goto err;
> }
>
> I am not sure about the implied meaning of this line. It seems that the
> last octet of EM should be equal to 0xbc. Could anyone please tell me the
> meaning of this line, and if there are some error bits in the previous
> encode process? Thank you so much. I will post my code in the following.
> Hope that there is no formation problem this time.
>
> /*Sig function*/
> unsigned char* sign(unsigned char *apdu_dig, RSA *pKey)
> {
> unsigned char sig[128];
> unsigned char pad[128];
>
> RSA_padding_add_PKCS1_PSS(pKey, pad, apdu_dig, EVP_sha256(), -2);
>
> RSA_private_encrypt(128, pad, sig, pKey, RSA_NO_PADDING);
> retrurn goose_sig;
> }
>
> /*Veri function*/
> int verification (unsigned char *apdu_data, unsigned char *signature, int
> data_len, int sig_len, RSA *pKey)
> {
> unsigned char decrypted_sig[128];
> unsigned char *apdu_dig;
> int ret;
>
> apdu_dig = digest(apdu_data, data_len); //This function works fine.
>
> RSA_public_decrypt(128, signature, decrypted_sig, pKey,
> RSA_NO_PADDING);
>
> /*ret = RSA_verify_PKCS1_PSS(pKey, apdu_dig, EVP_sha256(),
> decrypted_sig, -2);*/
> //This line will be replaced by the code in /crypto/rsa/rsa_pss.c
> ......................................
>
> if (EM[emLen - 1] != 0xbc)
> {
> RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
> goto err;
> }
> ....................................
>
>
> return ret;
> }
>
> Best Regards,
> Xiang
>
>
