11.05.2021 18:10, Mark Rotteveel wrote:
The TomCrypt documentation[1] says:
"""
This will PSS encode the message digest pointed to by in of length inlen octets. Next, the
PSS encoded hash will be RSA signed and the output stored in the buffer pointed to by out
of length outlen octets. The hash_idx parameter indicates which hash will be used to
create the PSS encoding.
It should be the same as the hash used to hash the message being signed. The saltlen
parameter indicates the length of the desired salt, and should typically be small. A good
default value is between 8 and 16 octets. Strictly, it must be small than modulus_len −
hLen − 2 where modulus_len is the size of the RSA modulus (in octets), and hLen is the
length of the message digest produced by the chosen hash
"""
It doesn't explain why
Ah, now I get it. The function doesn't hash anything itself, this parameter just inform
it which kind of hash it has on input and thus it must match the hash function used for
message. I.e. you cannot write RSA_HASH_SIGN(SHA256(message) HASH MD5), such signature
will be invalid, you have to write RSA_HASH_SIGN(SHA256(message) HASH SHA256).
From my POV all this has a little sense and RSA_SIGN() should work as the name suggest:
hash any input message with named hash function and then form the signature.
--
WBR, SD.
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
