avatar
andrewlukoshko has added daa3397876
RELS 7.5 initial import of version 3.34.0-2.el7
... ... --- a/.abf.yml
... ... +++ b/.abf.yml
... ... @@ -1,2 +1,2 @@
1 1
sources:
2
  nss-softokn-3.28.3.tar.gz: ead8285aeb4547630b376e29f9597a05482f3c6f
2
  nss-softokn-3.34.0.tar.gz: 185931ac63238c24c36369863495110450f2ee0e
view file @ daa3397876
... ... --- a/nss-softokn-3.16-add_encrypt_derive.patch
... ... +++ b/nss-softokn-3.16-add_encrypt_derive.patch
... ... @@ -1,7 +1,7 @@
1
diff -up ./nss/lib/softoken/pkcs11.c.add_encrypt_derive ./nss/lib/softoken/pkcs11.c
2
--- ./nss/lib/softoken/pkcs11.c.add_encrypt_derive	2017-02-17 14:20:06.000000000 +0100
3
+++ ./nss/lib/softoken/pkcs11.c	2017-05-26 14:10:26.633700334 +0200
4
@@ -423,11 +423,22 @@ static const struct mechanismList mechan
1
diff -up nss/lib/softoken/pkcs11.c.add_encrypt_derive nss/lib/softoken/pkcs11.c
2
--- nss/lib/softoken/pkcs11.c.add_encrypt_derive	2017-10-30 10:38:09.000000000 +0100
3
+++ nss/lib/softoken/pkcs11.c	2017-11-03 14:15:03.648179954 +0100
4
@@ -421,11 +421,22 @@ static const struct mechanismList mechan
5 5
 #endif
6 6
     /* --------------------- Secret Key Operations ------------------------ */
7 7
     { CKM_GENERIC_SECRET_KEY_GEN, { 1, 32, CKF_GENERATE }, PR_TRUE },
... ... @@ -28,11 +28,11 @@ diff -up ./nss/lib/softoken/pkcs11.c.add_encrypt_derive ./nss/lib/softoken/pkcs1
28 28
     /* ---------------------- SSL Key Derivations ------------------------- */
29 29
     { CKM_SSL3_PRE_MASTER_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_FALSE },
30 30
     { CKM_SSL3_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
31
diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs11c.c
32
--- ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive	2017-02-17 14:20:06.000000000 +0100
33
+++ ./nss/lib/softoken/pkcs11c.c	2017-05-26 14:09:34.990901108 +0200
34
@@ -6213,6 +6213,44 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_UL
35
 #endif /* NSS_DISABLE_ECC */
31
diff -up nss/lib/softoken/pkcs11c.c.add_encrypt_derive nss/lib/softoken/pkcs11c.c
32
--- nss/lib/softoken/pkcs11c.c.add_encrypt_derive	2017-10-30 10:38:09.000000000 +0100
33
+++ nss/lib/softoken/pkcs11c.c	2017-11-03 14:19:35.665109757 +0100
34
@@ -6242,6 +6242,44 @@ sftk_ANSI_X9_63_kdf(CK_BYTE **key, CK_UL
35
 }
36 36
 
37 37
 /*
38 38
+ *  Handle The derive from a block encryption cipher
... ... @@ -76,7 +76,7 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs
76 76
  * SSL Key generation given pre master secret
77 77
  */
78 78
 #define NUM_MIXERS 9
79
@@ -6257,6 +6295,9 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
79
@@ -6286,6 +6324,9 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
80 80
     CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
81 81
     CK_OBJECT_CLASS classType = CKO_SECRET_KEY;
82 82
     CK_KEY_DERIVATION_STRING_DATA *stringPtr;
... ... @@ -86,7 +86,7 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs
86 86
     CK_MECHANISM_TYPE mechanism = pMechanism->mechanism;
87 87
     PRBool isTLS = PR_FALSE;
88 88
     PRBool isDH = PR_FALSE;
89
@@ -6266,6 +6307,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
89
@@ -6295,6 +6336,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
90 90
     unsigned int outLen;
91 91
     unsigned char sha_out[SHA1_LENGTH];
92 92
     unsigned char key_block[NUM_MIXERS * SFTK_MAX_MAC_LENGTH];
... ... @@ -94,7 +94,7 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs
94 94
     PRBool isFIPS;
95 95
     HASH_HashType hashType;
96 96
     PRBool extractValue = PR_TRUE;
97
@@ -6935,6 +6977,168 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
97
@@ -6899,6 +6941,168 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
98 98
             break;
99 99
         }
100 100
 
... ... @@ -260,6 +260,6 @@ diff -up ./nss/lib/softoken/pkcs11c.c.add_encrypt_derive ./nss/lib/softoken/pkcs
260 260
+            SEED_DestroyContext(cipherInfo, PR_TRUE);
261 261
+            break;
262 262
+
263
         case CKM_CONCATENATE_BASE_AND_DATA:
264
             crv = sftk_DeriveSensitiveCheck(sourceKey, key);
265
             if (crv != CKR_OK)
263
         case CKM_CONCATENATE_BASE_AND_KEY: {
264
             SFTKObject *newKey;
265
 
view file @ e0b0f58bd0
... ... --- a/nss-softokn-basicutil-dependency.patch
... ... +++ /dev/null
... ... @@ -1,417 +0,0 @@
0
# HG changeset patch
1
# User Daiki Ueno <dueno@redhat.com>
2
# Date 1483701049 -3600
3
#      Fri Jan 06 12:10:49 2017 +0100
4
# Node ID 85673cf4a82728084850deb2f05bda2778480341
5
# Parent  697aaeda536948589fb6759e235f7e1486b524b3
6
Move SSLNamedGroup references from basicutil.h to secutil.h
7
8
diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c
9
--- a/cmd/lib/basicutil.c
10
+++ b/cmd/lib/basicutil.c
11
@@ -25,7 +25,6 @@
12
 #endif
13
 
14
 #include "secoid.h"
15
-#include "sslt.h"
16
 
17
 extern long DER_GetInteger(const SECItem *src);
18
 
19
@@ -732,98 +731,3 @@ SECU_SECItemHexStringToBinary(SECItem *s
20
     srcdest->len /= 2;
21
     return SECSuccess;
22
 }
23
-
24
-SSLNamedGroup
25
-groupNameToNamedGroup(char *name)
26
-{
27
-    if (PL_strlen(name) == 4) {
28
-        if (!strncmp(name, "P256", 4)) {
29
-            return ssl_grp_ec_secp256r1;
30
-        }
31
-        if (!strncmp(name, "P384", 4)) {
32
-            return ssl_grp_ec_secp384r1;
33
-        }
34
-        if (!strncmp(name, "P521", 4)) {
35
-            return ssl_grp_ec_secp521r1;
36
-        }
37
-    }
38
-    if (PL_strlen(name) == 6) {
39
-        if (!strncmp(name, "x25519", 6)) {
40
-            return ssl_grp_ec_curve25519;
41
-        }
42
-        if (!strncmp(name, "FF2048", 6)) {
43
-            return ssl_grp_ffdhe_2048;
44
-        }
45
-        if (!strncmp(name, "FF3072", 6)) {
46
-            return ssl_grp_ffdhe_3072;
47
-        }
48
-        if (!strncmp(name, "FF4096", 6)) {
49
-            return ssl_grp_ffdhe_4096;
50
-        }
51
-        if (!strncmp(name, "FF6144", 6)) {
52
-            return ssl_grp_ffdhe_6144;
53
-        }
54
-        if (!strncmp(name, "FF8192", 6)) {
55
-            return ssl_grp_ffdhe_8192;
56
-        }
57
-    }
58
-
59
-    return ssl_grp_none;
60
-}
61
-
62
-SECStatus
63
-parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
64
-               unsigned int *enabledGroupsCount)
65
-{
66
-    SSLNamedGroup *groups;
67
-    char *str;
68
-    char *p;
69
-    unsigned int numValues = 0;
70
-    unsigned int count = 0;
71
-
72
-    /* Count the number of groups. */
73
-    str = PORT_Strdup(arg);
74
-    if (!str) {
75
-        return SECFailure;
76
-    }
77
-    p = strtok(str, ",");
78
-    while (p) {
79
-        ++numValues;
80
-        p = strtok(NULL, ",");
81
-    }
82
-    PORT_Free(str);
83
-    str = NULL;
84
-    groups = PORT_ZNewArray(SSLNamedGroup, numValues);
85
-    if (!groups) {
86
-        goto done;
87
-    }
88
-
89
-    /* Get group names. */
90
-    str = PORT_Strdup(arg);
91
-    if (!str) {
92
-        goto done;
93
-    }
94
-    p = strtok(str, ",");
95
-    while (p) {
96
-        SSLNamedGroup group = groupNameToNamedGroup(p);
97
-        if (group == ssl_grp_none) {
98
-            count = 0;
99
-            goto done;
100
-        }
101
-        groups[count++] = group;
102
-        p = strtok(NULL, ",");
103
-    }
104
-
105
-done:
106
-    if (str) {
107
-        PORT_Free(str);
108
-    }
109
-    if (!count) {
110
-        PORT_Free(groups);
111
-        return SECFailure;
112
-    }
113
-
114
-    *enabledGroupsCount = count;
115
-    *enabledGroups = groups;
116
-    return SECSuccess;
117
-}
118
diff --git a/cmd/lib/basicutil.h b/cmd/lib/basicutil.h
119
--- a/cmd/lib/basicutil.h
120
+++ b/cmd/lib/basicutil.h
121
@@ -13,7 +13,6 @@
122
 #include "base64.h"
123
 #include "secasn1.h"
124
 #include "secder.h"
125
-#include "sslt.h"
126
 #include <stdio.h>
127
 
128
 #ifdef SECUTIL_NEW
129
@@ -113,10 +112,6 @@ SECU_ParseCommandLine(int argc, char **a
130
 char *
131
 SECU_GetOptionArg(const secuCommand *cmd, int optionNum);
132
 
133
-SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
134
-                         unsigned int *enabledGroupsCount);
135
-SSLNamedGroup groupNameToNamedGroup(char *name);
136
-
137
 /*
138
  *
139
  *  Error messaging
140
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c
141
--- a/cmd/lib/secutil.c
142
+++ b/cmd/lib/secutil.c
143
@@ -3875,3 +3875,98 @@ SECU_HexString2SECItem(PLArenaPool *aren
144
 
145
     return item;
146
 }
147
+
148
+SSLNamedGroup
149
+groupNameToNamedGroup(char *name)
150
+{
151
+    if (PL_strlen(name) == 4) {
152
+        if (!strncmp(name, "P256", 4)) {
153
+            return ssl_grp_ec_secp256r1;
154
+        }
155
+        if (!strncmp(name, "P384", 4)) {
156
+            return ssl_grp_ec_secp384r1;
157
+        }
158
+        if (!strncmp(name, "P521", 4)) {
159
+            return ssl_grp_ec_secp521r1;
160
+        }
161
+    }
162
+    if (PL_strlen(name) == 6) {
163
+        if (!strncmp(name, "x25519", 6)) {
164
+            return ssl_grp_ec_curve25519;
165
+        }
166
+        if (!strncmp(name, "FF2048", 6)) {
167
+            return ssl_grp_ffdhe_2048;
168
+        }
169
+        if (!strncmp(name, "FF3072", 6)) {
170
+            return ssl_grp_ffdhe_3072;
171
+        }
172
+        if (!strncmp(name, "FF4096", 6)) {
173
+            return ssl_grp_ffdhe_4096;
174
+        }
175
+        if (!strncmp(name, "FF6144", 6)) {
176
+            return ssl_grp_ffdhe_6144;
177
+        }
178
+        if (!strncmp(name, "FF8192", 6)) {
179
+            return ssl_grp_ffdhe_8192;
180
+        }
181
+    }
182
+
183
+    return ssl_grp_none;
184
+}
185
+
186
+SECStatus
187
+parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
188
+               unsigned int *enabledGroupsCount)
189
+{
190
+    SSLNamedGroup *groups;
191
+    char *str;
192
+    char *p;
193
+    unsigned int numValues = 0;
194
+    unsigned int count = 0;
195
+
196
+    /* Count the number of groups. */
197
+    str = PORT_Strdup(arg);
198
+    if (!str) {
199
+        return SECFailure;
200
+    }
201
+    p = strtok(str, ",");
202
+    while (p) {
203
+        ++numValues;
204
+        p = strtok(NULL, ",");
205
+    }
206
+    PORT_Free(str);
207
+    str = NULL;
208
+    groups = PORT_ZNewArray(SSLNamedGroup, numValues);
209
+    if (!groups) {
210
+        goto done;
211
+    }
212
+
213
+    /* Get group names. */
214
+    str = PORT_Strdup(arg);
215
+    if (!str) {
216
+        goto done;
217
+    }
218
+    p = strtok(str, ",");
219
+    while (p) {
220
+        SSLNamedGroup group = groupNameToNamedGroup(p);
221
+        if (group == ssl_grp_none) {
222
+            count = 0;
223
+            goto done;
224
+        }
225
+        groups[count++] = group;
226
+        p = strtok(NULL, ",");
227
+    }
228
+
229
+done:
230
+    if (str) {
231
+        PORT_Free(str);
232
+    }
233
+    if (!count) {
234
+        PORT_Free(groups);
235
+        return SECFailure;
236
+    }
237
+
238
+    *enabledGroupsCount = count;
239
+    *enabledGroups = groups;
240
+    return SECSuccess;
241
+}
242
diff --git a/cmd/lib/secutil.h b/cmd/lib/secutil.h
243
--- a/cmd/lib/secutil.h
244
+++ b/cmd/lib/secutil.h
245
@@ -408,6 +408,10 @@ SECU_ParseSSLVersionRangeString(const ch
246
 extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item,
247
                                        const char *str);
248
 
249
+SECStatus parseGroupList(const char *arg, SSLNamedGroup **enabledGroups,
250
+                         unsigned int *enabledGroupsCount);
251
+SSLNamedGroup groupNameToNamedGroup(char *name);
252
+
253
 /*
254
  *
255
  *  Error messaging
256
# HG changeset patch
257
# User Daiki Ueno <dueno@redhat.com>
258
# Date 1483695727 -3600
259
#      Fri Jan 06 10:42:07 2017 +0100
260
# Node ID 93a3a5494fad25ba55c2133453c3300719216b18
261
# Parent  85673cf4a82728084850deb2f05bda2778480341
262
Move SECU_HexString2SECItem to basicutil.c
263
264
Also add the stub declaration in basicutil.h, and remove unnecesary
265
#include for secutil.h in some files.
266
267
diff --git a/cmd/ecperf/ecperf.c b/cmd/ecperf/ecperf.c
268
--- a/cmd/ecperf/ecperf.c
269
+++ b/cmd/ecperf/ecperf.c
270
@@ -9,7 +9,6 @@
271
 #include "basicutil.h"
272
 #include "pkcs11.h"
273
 #include "nspr.h"
274
-#include "secutil.h"
275
 #include <stdio.h>
276
 
277
 #define __PASTE(x, y) x##y
278
@@ -106,6 +105,8 @@ typedef struct ThreadDataStr {
279
     int isSign;
280
 } ThreadData;
281
 
282
+typedef SECItem SECKEYECParams;
283
+
284
 void
285
 PKCS11Thread(void *data)
286
 {
287
diff --git a/cmd/fbectest/fbectest.c b/cmd/fbectest/fbectest.c
288
--- a/cmd/fbectest/fbectest.c
289
+++ b/cmd/fbectest/fbectest.c
290
@@ -9,7 +9,6 @@
291
 #include "basicutil.h"
292
 #include "secder.h"
293
 #include "secitem.h"
294
-#include "secutil.h"
295
 #include "nspr.h"
296
 #include <stdio.h>
297
 
298
diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c
299
--- a/cmd/lib/basicutil.c
300
+++ b/cmd/lib/basicutil.c
301
@@ -731,3 +731,46 @@ SECU_SECItemHexStringToBinary(SECItem *s
302
     srcdest->len /= 2;
303
     return SECSuccess;
304
 }
305
+
306
+SECItem *
307
+SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
308
+{
309
+    int i = 0;
310
+    int byteval = 0;
311
+    int tmp = PORT_Strlen(str);
312
+
313
+    PORT_Assert(arena);
314
+    PORT_Assert(item);
315
+
316
+    if ((tmp % 2) != 0) {
317
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
318
+        return NULL;
319
+    }
320
+
321
+    item = SECITEM_AllocItem(arena, item, tmp / 2);
322
+    if (item == NULL) {
323
+        return NULL;
324
+    }
325
+
326
+    while (str[i]) {
327
+        if ((str[i] >= '0') && (str[i] <= '9')) {
328
+            tmp = str[i] - '0';
329
+        } else if ((str[i] >= 'a') && (str[i] <= 'f')) {
330
+            tmp = str[i] - 'a' + 10;
331
+        } else if ((str[i] >= 'A') && (str[i] <= 'F')) {
332
+            tmp = str[i] - 'A' + 10;
333
+        } else {
334
+            /* item is in arena and gets freed by the caller */
335
+            return NULL;
336
+        }
337
+
338
+        byteval = byteval * 16 + tmp;
339
+        if ((i % 2) != 0) {
340
+            item->data[i / 2] = byteval;
341
+            byteval = 0;
342
+        }
343
+        i++;
344
+    }
345
+
346
+    return item;
347
+}
348
diff --git a/cmd/lib/basicutil.h b/cmd/lib/basicutil.h
349
--- a/cmd/lib/basicutil.h
350
+++ b/cmd/lib/basicutil.h
351
@@ -81,6 +81,12 @@ SECStatus
352
 SECU_SECItemHexStringToBinary(SECItem *srcdest);
353
 
354
 /*
355
+** Read a hex string into a SecItem.
356
+*/
357
+extern SECItem *SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item,
358
+                                       const char *str);
359
+
360
+/*
361
  *
362
  *  Utilities for parsing security tools command lines
363
  *
364
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c
365
--- a/cmd/lib/secutil.c
366
+++ b/cmd/lib/secutil.c
367
@@ -3833,49 +3833,6 @@ SECU_ParseSSLVersionRangeString(const ch
368
     return SECSuccess;
369
 }
370
 
371
-SECItem *
372
-SECU_HexString2SECItem(PLArenaPool *arena, SECItem *item, const char *str)
373
-{
374
-    int i = 0;
375
-    int byteval = 0;
376
-    int tmp = PORT_Strlen(str);
377
-
378
-    PORT_Assert(arena);
379
-    PORT_Assert(item);
380
-
381
-    if ((tmp % 2) != 0) {
382
-        PORT_SetError(SEC_ERROR_INVALID_ARGS);
383
-        return NULL;
384
-    }
385
-
386
-    item = SECITEM_AllocItem(arena, item, tmp / 2);
387
-    if (item == NULL) {
388
-        return NULL;
389
-    }
390
-
391
-    while (str[i]) {
392
-        if ((str[i] >= '0') && (str[i] <= '9')) {
393
-            tmp = str[i] - '0';
394
-        } else if ((str[i] >= 'a') && (str[i] <= 'f')) {
395
-            tmp = str[i] - 'a' + 10;
396
-        } else if ((str[i] >= 'A') && (str[i] <= 'F')) {
397
-            tmp = str[i] - 'A' + 10;
398
-        } else {
399
-            /* item is in arena and gets freed by the caller */
400
-            return NULL;
401
-        }
402
-
403
-        byteval = byteval * 16 + tmp;
404
-        if ((i % 2) != 0) {
405
-            item->data[i / 2] = byteval;
406
-            byteval = 0;
407
-        }
408
-        i++;
409
-    }
410
-
411
-    return item;
412
-}
413
-
414
 SSLNamedGroup
415
 groupNameToNamedGroup(char *name)
416
 {
view file @ e0b0f58bd0
... ... --- a/nss-softokn-ec-derive-pubkey-check.patch
... ... +++ /dev/null
... ... @@ -1,48 +0,0 @@
0
diff -up ./nss/lib/freebl/ec.c.ec-derive-pubkey-check ./nss/lib/freebl/ec.c
1
--- ./nss/lib/freebl/ec.c.ec-derive-pubkey-check	2017-03-23 15:54:08.182526259 -0700
2
+++ ./nss/lib/freebl/ec.c	2017-03-23 15:59:37.407142251 -0700
3
@@ -565,6 +565,15 @@ ECDH_Derive(SECItem *publicValue,
4
         return SECFailure;
5
     }
6
 
7
+    /*
8
+     * Make sure the point is on the requested curve to avoid
9
+     * certain small subgroup attacks.
10
+     */
11
+    if (EC_ValidatePublicKey(ecParams, publicValue) != SECSuccess) {
12
+        PORT_SetError(SEC_ERROR_BAD_KEY);
13
+        return SECFailure;
14
+    }
15
+
16
     /* Perform curve specific multiplication using ECMethod */
17
     if (ecParams->fieldID.type == ec_field_plain) {
18
         const ECMethod *method;
19
@@ -580,10 +589,6 @@ ECDH_Derive(SECItem *publicValue,
20
             PORT_SetError(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
21
             return SECFailure;
22
         }
23
-        if (method->validate(publicValue) != SECSuccess) {
24
-            PORT_SetError(SEC_ERROR_BAD_KEY);
25
-            return SECFailure;
26
-        }
27
         return method->mul(derivedSecret, privateValue, publicValue);
28
     }
29
 
30
diff -up ./nss/lib/softoken/pkcs11c.c.ec-derive-pubkey-check ./nss/lib/softoken/pkcs11c.c
31
--- ./nss/lib/softoken/pkcs11c.c.ec-derive-pubkey-check	2017-02-17 05:20:06.000000000 -0800
32
+++ ./nss/lib/softoken/pkcs11c.c	2017-03-23 15:54:08.184526293 -0700
33
@@ -7247,14 +7247,6 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
34
 
35
             if (mechanism == CKM_ECDH1_COFACTOR_DERIVE) {
36
                 withCofactor = PR_TRUE;
37
-            } else {
38
-                /* When not using cofactor derivation, one should
39
-                 * validate the public key to avoid small subgroup
40
-                 * attacks.
41
-                 */
42
-                if (EC_ValidatePublicKey(&privKey->u.ec.ecParams, &ecPoint) != SECSuccess) {
43
-                    goto ec_loser;
44
-                }
45
             }
46
 
47
             rv = ECDH_Derive(&ecPoint, &privKey->u.ec.ecParams, &ecScalar,
view file @ e0b0f58bd0
... ... --- a/nss-softokn-fix-drbg.patch
... ... +++ /dev/null
... ... @@ -1,97 +0,0 @@
0
# HG changeset patch
1
# User Franziskus Kiefer <franziskuskiefer@gmail.com>
2
# Date 1491394302 -7200
3
#      Wed Apr 05 14:11:42 2017 +0200
4
# Branch NSS_3_28_BRANCH
5
# Node ID 7248d38b76e569d2f89b20598fcdca595c3a2e6a
6
# Parent  6eb39ead39e0b3f6269fd9660a4426187f5302a8
7
Bug 1345089 - add prng kat tests, r=ttaubert
8
9
diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
10
--- a/lib/freebl/blapi.h
11
+++ b/lib/freebl/blapi.h
12
@@ -1469,6 +1469,12 @@ FIPS186Change_ReduceModQForDSA(const uns
13
                                const unsigned char *q,
14
                                unsigned char *xj);
15
 
16
+/* To allow NIST KAT tests */
17
+extern SECStatus
18
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
19
+                         const PRUint8 *nonce, unsigned int nonce_len,
20
+                         const PRUint8 *personal_string, unsigned int ps_len);
21
+
22
 /*
23
  * The following functions are for FIPS poweron self test and FIPS algorithm
24
  * testing.
25
diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c
26
--- a/lib/freebl/drbg.c
27
+++ b/lib/freebl/drbg.c
28
@@ -99,7 +99,8 @@ struct RNGContextStr {
29
      * RNG_RandomUpdate. */
30
     PRUint8 additionalDataCache[PRNG_ADDITONAL_DATA_CACHE_SIZE];
31
     PRUint32 additionalAvail;
32
-    PRBool isValid; /* false if RNG reaches an invalid state */
33
+    PRBool isValid;   /* false if RNG reaches an invalid state */
34
+    PRBool isKatTest; /* true if running NIST PRNG KAT tests */
35
 };
36
 
37
 typedef struct RNGContextStr RNGContext;
38
@@ -150,7 +151,7 @@ prng_Hash_df(PRUint8 *requested_bytes, u
39
 }
40
 
41
 /*
42
- * Hash_DRBG Instantiate NIST SP 800-80 10.1.1.2
43
+ * Hash_DRBG Instantiate NIST SP 800-90 10.1.1.2
44
  *
45
  * NOTE: bytes & len are entropy || nonce || personalization_string. In
46
  * normal operation, NSS calculates them all together in a single call.
47
@@ -158,9 +159,11 @@ prng_Hash_df(PRUint8 *requested_bytes, u
48
 static SECStatus
49
 prng_instantiate(RNGContext *rng, const PRUint8 *bytes, unsigned int len)
50
 {
51
-    if (len < PRNG_SEEDLEN) {
52
-        /* if the seedlen is to small, it's probably because we failed to get
53
-     * enough random data */
54
+    if (!rng->isKatTest && len < PRNG_SEEDLEN) {
55
+        /* If the seedlen is too small, it's probably because we failed to get
56
+         * enough random data.
57
+         * This is stricter than NIST SP800-90A requires. Don't enforce it for
58
+         * tests. */
59
         PORT_SetError(SEC_ERROR_NEED_RANDOM);
60
         return SECFailure;
61
     }
62
@@ -272,7 +275,7 @@ prng_reseed_test(RNGContext *rng, const 
63
 
64
 #define PRNG_ADD_BITS_AND_CARRY(dest, dest_len, add, len, carry) \
65
     PRNG_ADD_BITS(dest, dest_len, add, len, carry)               \
66
-    PRNG_ADD_CARRY_ONLY(dest, dest_len - len, carry)
67
+    PRNG_ADD_CARRY_ONLY(dest, dest_len - len - 1, carry)
68
 
69
 /*
70
  * This function expands the internal state of the prng to fulfill any number
71
@@ -441,6 +444,7 @@ rng_init(void)
72
         }
73
         /* the RNG is in a valid state */
74
         globalrng->isValid = PR_TRUE;
75
+        globalrng->isKatTest = PR_FALSE;
76
 
77
         /* fetch one random value so that we can populate rng->oldV for our
78
          * continous random number test. */
79
@@ -696,6 +700,17 @@ RNG_RNGShutdown(void)
80
   * entropy we may have previously collected. */
81
 RNGContext testContext;
82
 
83
+SECStatus
84
+PRNGTEST_Instantiate_Kat(const PRUint8 *entropy, unsigned int entropy_len,
85
+                         const PRUint8 *nonce, unsigned int nonce_len,
86
+                         const PRUint8 *personal_string, unsigned int ps_len)
87
+{
88
+    testContext.isKatTest = PR_TRUE;
89
+    return PRNGTEST_Instantiate(entropy, entropy_len,
90
+                                nonce, nonce_len,
91
+                                personal_string, ps_len);
92
+}
93
+
94
 /*
95
  * Test vector API. Use NIST SP 800-90 general interface so one of the
96
  * other NIST SP 800-90 algorithms may be used in the future.
view file @ daa3397876
... ... --- /dev/null
... ... +++ b/nss-softokn-fix-ecc-post.patch
... ... @@ -0,0 +1,44 @@
1
diff -up ./nss/lib/freebl/fipsfreebl.c.ecc_post ./nss/lib/freebl/fipsfreebl.c
2
--- ./nss/lib/freebl/fipsfreebl.c.ecc_post	2017-07-21 18:33:27.946809392 -0700
3
+++ ./nss/lib/freebl/fipsfreebl.c	2017-07-21 18:34:09.065510689 -0700
4
@@ -15,9 +15,7 @@
5
 #include "secerr.h"
6
 #include "prtypes.h"
7
 
8
-#ifdef NSS_ENABLE_ECC
9
 #include "ec.h" /* Required for ECDSA */
10
-#endif
11
 
12
 /*
13
  * different platforms have different ways of calling and initial entry point
14
@@ -1077,7 +1075,6 @@ rsa_loser:
15
     return (SECFailure);
16
 }
17
 
18
-#ifdef NSS_ENABLE_ECC
19
 
20
 static SECStatus
21
 freebl_fips_ECDSA_Test(ECParams *ecparams,
22
@@ -1275,8 +1272,6 @@ freebl_fips_ECDSA_PowerUpSelfTest()
23
     return (SECSuccess);
24
 }
25
 
26
-#endif /* NSS_ENABLE_ECC */
27
-
28
 static SECStatus
29
 freebl_fips_DSA_PowerUpSelfTest(void)
30
 {
31
@@ -1559,13 +1554,11 @@ freebl_fipsPowerUpSelfTest(unsigned int
32
         if (rv != SECSuccess)
33
             return rv;
34
 
35
-#ifdef NSS_ENABLE_ECC
36
         /* ECDSA Power-Up SelfTest(s). */
37
         rv = freebl_fips_ECDSA_PowerUpSelfTest();
38
 
39
         if (rv != SECSuccess)
40
             return rv;
41
-#endif
42
     }
43
     /* Passed Power-Up SelfTest(s). */
44
     return (SECSuccess);
view file @ e0b0f58bd0
... ... --- a/nss-softokn-pkcs12-rsa-pss.patch
... ... +++ /dev/null
... ... @@ -1,11 +0,0 @@
0
diff -up ./nss/lib/softoken/pkcs11c.c.pkcs12-rsa-pss ./nss/lib/softoken/pkcs11c.c
1
--- ./nss/lib/softoken/pkcs11c.c.pkcs12-rsa-pss	2017-03-23 15:32:39.172593148 -0700
2
+++ ./nss/lib/softoken/pkcs11c.c	2017-03-23 15:33:20.789301538 -0700
3
@@ -5592,6 +5592,7 @@ sftk_unwrapPrivateKey(SFTKObject *key, S
4
 
5
     switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
6
         case SEC_OID_PKCS1_RSA_ENCRYPTION:
7
+        case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
8
             keyTemplate = nsslowkey_RSAPrivateKeyTemplate;
9
             paramTemplate = NULL;
10
             paramDest = NULL;
view file @ e0b0f58bd0
... ... --- a/nss-softokn-pkcs12-sha2.patch
... ... +++ /dev/null
... ... @@ -1,94 +0,0 @@
0
diff -up ./nss/lib/softoken/lowpbe.c.pkcs12-sha2 ./nss/lib/softoken/lowpbe.c
1
--- ./nss/lib/softoken/lowpbe.c.pkcs12-sha2	2017-02-17 05:20:06.000000000 -0800
2
+++ ./nss/lib/softoken/lowpbe.c	2017-03-23 10:34:22.320526927 -0700
3
@@ -408,7 +408,6 @@ loser:
4
     return result;
5
 }
6
 
7
-#define HMAC_BUFFER 64
8
 #define NSSPBE_ROUNDUP(x, y) ((((x) + ((y)-1)) / (y)) * (y))
9
 #define NSSPBE_MIN(x, y) ((x) < (y) ? (x) : (y))
10
 /*
11
@@ -430,6 +429,7 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
12
     int iter;
13
     unsigned char *iterBuf;
14
     void *hash = NULL;
15
+    unsigned int bufferLength;
16
 
17
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
18
     if (!arena) {
19
@@ -439,8 +439,11 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
20
     /* how many hash object lengths are needed */
21
     c = (bytesNeeded + (hashLength - 1)) / hashLength;
22
 
23
+    /* 64 if 0 < hashLength <= 32, 128 if 32 < hashLength <= 64 */
24
+    bufferLength = NSSPBE_ROUNDUP(hashLength * 2, 64);
25
+
26
     /* initialize our buffers */
27
-    D.len = HMAC_BUFFER;
28
+    D.len = bufferLength;
29
     /* B and D are the same length, use one alloc go get both */
30
     D.data = (unsigned char *)PORT_ArenaZAlloc(arena, D.len * 2);
31
     B.len = D.len;
32
@@ -452,8 +455,8 @@ nsspkcs5_PKCS12PBE(const SECHashObject *
33
         goto loser;
34
     }
35
 
36
-    SLen = NSSPBE_ROUNDUP(salt->len, HMAC_BUFFER);
37
-    PLen = NSSPBE_ROUNDUP(pwitem->len, HMAC_BUFFER);
38
+    SLen = NSSPBE_ROUNDUP(salt->len, bufferLength);
39
+    PLen = NSSPBE_ROUNDUP(pwitem->len, bufferLength);
40
     I.len = SLen + PLen;
41
     I.data = (unsigned char *)PORT_ArenaZAlloc(arena, I.len);
42
     if (I.data == NULL) {
43
diff -up ./nss/lib/softoken/pkcs11c.c.pkcs12-sha2 ./nss/lib/softoken/pkcs11c.c
44
--- ./nss/lib/softoken/pkcs11c.c.pkcs12-sha2	2017-02-17 05:20:06.000000000 -0800
45
+++ ./nss/lib/softoken/pkcs11c.c	2017-03-23 10:34:22.322526961 -0700
46
@@ -3971,6 +3971,22 @@ nsc_SetupHMACKeyGen(CK_MECHANISM_PTR pMe
47
             params->hashType = HASH_AlgMD2;
48
             params->keyLen = 16;
49
             break;
50
+        case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
51
+            params->hashType = HASH_AlgSHA224;
52
+            params->keyLen = 28;
53
+            break;
54
+        case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
55
+            params->hashType = HASH_AlgSHA256;
56
+            params->keyLen = 32;
57
+            break;
58
+        case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
59
+            params->hashType = HASH_AlgSHA384;
60
+            params->keyLen = 48;
61
+            break;
62
+        case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
63
+            params->hashType = HASH_AlgSHA512;
64
+            params->keyLen = 64;
65
+            break;
66
         default:
67
             PORT_FreeArena(arena, PR_TRUE);
68
             return CKR_MECHANISM_INVALID;
69
@@ -4189,6 +4205,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
70
         case CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN:
71
         case CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN:
72
         case CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN:
73
+        case CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN:
74
+        case CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN:
75
+        case CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN:
76
+        case CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN:
77
             key_gen_type = nsc_pbe;
78
             key_type = CKK_GENERIC_SECRET;
79
             crv = nsc_SetupHMACKeyGen(pMechanism, &pbe_param);
80
diff -up ./nss/lib/softoken/pkcs11.c.pkcs12-sha2 ./nss/lib/softoken/pkcs11.c
81
--- ./nss/lib/softoken/pkcs11.c.pkcs12-sha2	2017-02-17 05:20:06.000000000 -0800
82
+++ ./nss/lib/softoken/pkcs11.c	2017-03-23 10:34:22.321526944 -0700
83
@@ -480,6 +480,10 @@ static const struct mechanismList mechan
84
     { CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN, { 20, 20, CKF_GENERATE }, PR_TRUE },
85
     { CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
86
     { CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN, { 16, 16, CKF_GENERATE }, PR_TRUE },
87
+    { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 28, 28, CKF_GENERATE }, PR_TRUE },
88
+    { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 32, 32, CKF_GENERATE }, PR_TRUE },
89
+    { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 48, 48, CKF_GENERATE }, PR_TRUE },
90
+    { CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN, { 64, 64, CKF_GENERATE }, PR_TRUE },
91
     /* ------------------ AES Key Wrap (also encrypt)  ------------------- */
92
     { CKM_NETSCAPE_AES_KEY_WRAP, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
93
     { CKM_NETSCAPE_AES_KEY_WRAP_PAD, { 16, 32, CKF_EN_DE_WR_UN }, PR_TRUE },
view file @ e0b0f58bd0
... ... --- a/nss-softokn-pss-modulus-bits.patch
... ... +++ /dev/null
... ... @@ -1,1570 +0,0 @@
0
# HG changeset patch
1
# User Tim Taubert <ttaubert@mozilla.com>
2
# Date 1485772089 -3600
3
#      Mon Jan 30 11:28:09 2017 +0100
4
# Branch NSS_3_29_BRANCH
5
# Node ID 1bbd8a1ba5a38334b8a9f9371319db139a81fe54
6
# Parent  e8afdd255bae83dceee408343773b956e0198efc
7
Bug 1334474 - Support RSA-PSS signatures with (modulus_bits % 8 > 0) r=franziskus
8
9
Differential Revision: https://nss-review.dev.mozaws.net/D180
10
* * *
11
Bug 1334474 - Fix 1025-bit RSA-PSS signatures on Linux r=bustage
12
13
diff --git a/gtests/pk11_gtest/pk11_rsapss_unittest.cc b/gtests/pk11_gtest/pk11_rsapss_unittest.cc
14
--- a/gtests/pk11_gtest/pk11_rsapss_unittest.cc
15
+++ b/gtests/pk11_gtest/pk11_rsapss_unittest.cc
16
@@ -12,115 +12,9 @@
17
 #include "gtest/gtest.h"
18
 #include "scoped_ptrs.h"
19
 
20
-namespace nss_test {
21
-
22
-// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
23
-// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
24
-const uint8_t kTestVector1Spki[] = {
25
-    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
26
-    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
27
-    0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17,
28
-    0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec,
29
-    0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9,
30
-    0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2,
31
-    0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91,
32
-    0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95,
33
-    0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63,
34
-    0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e,
35
-    0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35,
36
-    0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1,
37
-    0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
38
-    0x37, 0x02, 0x03, 0x01, 0x00, 0x01};
39
-// RSA-PSS test vectors, pss-vect.txt, Example 1.1
40
-const uint8_t kTestVector1Data[] = {
41
-    0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb,
42
-    0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54,
43
-    0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c,
44
-    0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
45
-    0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09,
46
-    0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe,
47
-    0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2,
48
-    0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
49
-    0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f,
50
-    0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0,
51
-    0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e,
52
-    0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
53
-    0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
54
-    0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41,
55
-    0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9,
56
-    0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
57
-    0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26,
58
-    0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67,
59
-    0xd0};
60
-const uint8_t kTestVector1Sig[] = {
61
-    0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38,
62
-    0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1,
63
-    0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd,
64
-    0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2,
65
-    0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31,
66
-    0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa,
67
-    0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4,
68
-    0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65,
69
-    0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1,
70
-    0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b,
71
-    0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c};
72
+#include "pk11_rsapss_vectors.h"
73
 
74
-// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
75
-// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
76
-const uint8_t kTestVector2Spki[] = {
77
-    0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
78
-    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00,
79
-    0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a,
80
-    0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70,
81
-    0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa,
82
-    0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00,
83
-    0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27,
84
-    0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad,
85
-    0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d,
86
-    0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1,
87
-    0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e,
88
-    0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e,
89
-    0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
90
-    0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc,
91
-    0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79,
92
-    0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea,
93
-    0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9,
94
-    0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70,
95
-    0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1,
96
-    0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17,
97
-    0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0,
98
-    0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55,
99
-    0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b,
100
-    0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05,
101
-    0x02, 0x03, 0x01, 0x00, 0x01};
102
-// RSA-PSS test vectors, pss-vect.txt, Example 10.1
103
-const uint8_t kTestVector2Data[] = {
104
-    0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9,
105
-    0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f,
106
-    0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09};
107
-const uint8_t kTestVector2Sig[] = {
108
-    0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b,
109
-    0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f,
110
-    0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd,
111
-    0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14,
112
-    0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5,
113
-    0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20,
114
-    0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6,
115
-    0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74,
116
-    0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73,
117
-    0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0,
118
-    0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce,
119
-    0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16,
120
-    0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
121
-    0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8,
122
-    0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77,
123
-    0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00,
124
-    0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86,
125
-    0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f,
126
-    0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f,
127
-    0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1,
128
-    0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70,
129
-    0xd0, 0x7e, 0x16, 0x66};
130
+namespace nss_test {
131
 
132
 static unsigned char* toUcharPtr(const uint8_t* v) {
133
   return const_cast<unsigned char*>(static_cast<const unsigned char*>(v));
134
@@ -152,7 +46,7 @@ class Pkcs11RsaPssVectorTest : public Pk
135
 
136
     // Hash the data.
137
     std::vector<uint8_t> hashBuf(hLen);
138
-    SECItem hash = {siBuffer, &hashBuf[0],
139
+    SECItem hash = {siBuffer, hashBuf.data(),
140
                     static_cast<unsigned int>(hashBuf.size())};
141
     SECStatus rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len);
142
     EXPECT_EQ(rv, SECSuccess);
143
@@ -165,11 +59,63 @@ class Pkcs11RsaPssVectorTest : public Pk
144
                                   nullptr);
145
     EXPECT_EQ(rv, SECSuccess);
146
   }
147
+
148
+  void SignAndVerify(const uint8_t* pkcs8, size_t pkcs8_len,
149
+                     const uint8_t* spki, size_t spki_len, const uint8_t* data,
150
+                     size_t data_len) {
151
+    // Sign with PSS/SHA-1.
152
+    SECOidTag hashOid = SEC_OID_SHA1;
153
+    CK_MECHANISM_TYPE hashMech = CKM_SHA_1;
154
+    CK_RSA_PKCS_MGF_TYPE mgf = CKG_MGF1_SHA1;
155
+
156
+    ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
157
+    ASSERT_TRUE(slot);
158
+
159
+    SECItem pkcs8Item = {siBuffer, toUcharPtr(pkcs8),
160
+                         static_cast<unsigned int>(pkcs8_len)};
161
+
162
+    // Import PKCS #8.
163
+    SECKEYPrivateKey* key = nullptr;
164
+    SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
165
+        slot.get(), &pkcs8Item, nullptr, nullptr, false, false, KU_ALL, &key,
166
+        nullptr);
167
+    EXPECT_TRUE(rv == SECSuccess && !!key);
168
+    ScopedSECKEYPrivateKey privKey(key);
169
+
170
+    // Set up PSS parameters.
171
+    unsigned int hLen = HASH_ResultLenByOidTag(hashOid);
172
+    CK_RSA_PKCS_PSS_PARAMS rsaPssParams = {hashMech, mgf, hLen};
173
+    SECItem params = {siBuffer, reinterpret_cast<unsigned char*>(&rsaPssParams),
174
+                      sizeof(rsaPssParams)};
175
+
176
+    // Hash the data.
177
+    std::vector<uint8_t> hashBuf(hLen);
178
+    SECItem hash = {siBuffer, hashBuf.data(),
179
+                    static_cast<unsigned int>(hashBuf.size())};
180
+    rv = PK11_HashBuf(hashOid, hash.data, toUcharPtr(data), data_len);
181
+    EXPECT_EQ(rv, SECSuccess);
182
+
183
+    // Prepare signature buffer.
184
+    uint32_t len = PK11_SignatureLen(privKey.get());
185
+    std::vector<uint8_t> sigBuf(len);
186
+    SECItem sig = {siBuffer, sigBuf.data(),
187
+                   static_cast<unsigned int>(sigBuf.size())};
188
+
189
+    CK_MECHANISM_TYPE mech = CKM_RSA_PKCS_PSS;
190
+    rv = PK11_SignWithMechanism(privKey.get(), mech, &params, &sig, &hash);
191
+    EXPECT_EQ(rv, SECSuccess);
192
+
193
+    // Verify.
194
+    Verify(spki, spki_len, data, data_len, sig.data, sig.len);
195
+  }
196
 };
197
 
198
 #define PSS_TEST_VECTOR_VERIFY(spki, data, sig) \
199
   Verify(spki, sizeof(spki), data, sizeof(data), sig, sizeof(sig));
200
 
201
+#define PSS_TEST_VECTOR_SIGN_VERIFY(pkcs8, spki, data) \
202
+  SignAndVerify(pkcs8, sizeof(pkcs8), spki, sizeof(spki), data, sizeof(data));
203
+
204
 TEST_F(Pkcs11RsaPssTest, GenerateAndSignAndVerify) {
205
   // Sign data with a 1024-bit RSA key, using PSS/SHA-256.
206
   SECOidTag hashOid = SEC_OID_SHA256;
207
@@ -232,11 +178,100 @@ TEST_F(Pkcs11RsaPssTest, GenerateAndSign
208
 TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature1) {
209
   PSS_TEST_VECTOR_VERIFY(kTestVector1Spki, kTestVector1Data, kTestVector1Sig);
210
 }
211
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify1) {
212
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector1Pkcs8, kTestVector1Spki,
213
+                              kTestVector1Data);
214
+}
215
 
216
-// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
217
+// RSA-PSS test vectors, pss-vect.txt, Example 2.1: A 1025-bit RSA Key Pair
218
 // <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
219
 TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature2) {
220
   PSS_TEST_VECTOR_VERIFY(kTestVector2Spki, kTestVector2Data, kTestVector2Sig);
221
 }
222
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify2) {
223
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector2Pkcs8, kTestVector2Spki,
224
+                              kTestVector2Data);
225
+}
226
+
227
+// RSA-PSS test vectors, pss-vect.txt, Example 3.1: A 1026-bit RSA Key Pair
228
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
229
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature3) {
230
+  PSS_TEST_VECTOR_VERIFY(kTestVector3Spki, kTestVector3Data, kTestVector3Sig);
231
+}
232
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify3) {
233
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector3Pkcs8, kTestVector3Spki,
234
+                              kTestVector3Data);
235
+}
236
+
237
+// RSA-PSS test vectors, pss-vect.txt, Example 4.1: A 1027-bit RSA Key Pair
238
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
239
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature4) {
240
+  PSS_TEST_VECTOR_VERIFY(kTestVector4Spki, kTestVector4Data, kTestVector4Sig);
241
+}
242
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify4) {
243
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector4Pkcs8, kTestVector4Spki,
244
+                              kTestVector4Data);
245
+}
246
+
247
+// RSA-PSS test vectors, pss-vect.txt, Example 5.1: A 1028-bit RSA Key Pair
248
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
249
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature5) {
250
+  PSS_TEST_VECTOR_VERIFY(kTestVector5Spki, kTestVector5Data, kTestVector5Sig);
251
+}
252
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify5) {
253
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector5Pkcs8, kTestVector5Spki,
254
+                              kTestVector5Data);
255
+}
256
+
257
+// RSA-PSS test vectors, pss-vect.txt, Example 6.1: A 1029-bit RSA Key Pair
258
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
259
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature6) {
260
+  PSS_TEST_VECTOR_VERIFY(kTestVector6Spki, kTestVector6Data, kTestVector6Sig);
261
+}
262
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify6) {
263
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector6Pkcs8, kTestVector6Spki,
264
+                              kTestVector6Data);
265
+}
266
+
267
+// RSA-PSS test vectors, pss-vect.txt, Example 7.1: A 1030-bit RSA Key Pair
268
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
269
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature7) {
270
+  PSS_TEST_VECTOR_VERIFY(kTestVector7Spki, kTestVector7Data, kTestVector7Sig);
271
+}
272
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify7) {
273
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector7Pkcs8, kTestVector7Spki,
274
+                              kTestVector7Data);
275
+}
276
+
277
+// RSA-PSS test vectors, pss-vect.txt, Example 8.1: A 1031-bit RSA Key Pair
278
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
279
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature8) {
280
+  PSS_TEST_VECTOR_VERIFY(kTestVector8Spki, kTestVector8Data, kTestVector8Sig);
281
+}
282
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify8) {
283
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector8Pkcs8, kTestVector8Spki,
284
+                              kTestVector8Data);
285
+}
286
+
287
+// RSA-PSS test vectors, pss-vect.txt, Example 9.1: A 1536-bit RSA Key Pair
288
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
289
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature9) {
290
+  PSS_TEST_VECTOR_VERIFY(kTestVector9Spki, kTestVector9Data, kTestVector9Sig);
291
+}
292
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify9) {
293
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector9Pkcs8, kTestVector9Spki,
294
+                              kTestVector9Data);
295
+}
296
+
297
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1: A 2048-bit RSA Key Pair
298
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
299
+TEST_F(Pkcs11RsaPssVectorTest, VerifyKnownSignature10) {
300
+  PSS_TEST_VECTOR_VERIFY(kTestVector10Spki, kTestVector10Data,
301
+                         kTestVector10Sig);
302
+}
303
+TEST_F(Pkcs11RsaPssVectorTest, SignAndVerify10) {
304
+  PSS_TEST_VECTOR_SIGN_VERIFY(kTestVector10Pkcs8, kTestVector10Spki,
305
+                              kTestVector10Data);
306
+}
307
 
308
 }  // namespace nss_test
309
diff --git a/gtests/pk11_gtest/pk11_rsapss_vectors.h b/gtests/pk11_gtest/pk11_rsapss_vectors.h
310
new file mode 100644
311
--- /dev/null
312
+++ b/gtests/pk11_gtest/pk11_rsapss_vectors.h
313
@@ -0,0 +1,1083 @@
314
+/* This Source Code Form is subject to the terms of the Mozilla Public
315
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
316
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
317
+
318
+namespace nss_test {
319
+
320
+// RSA-PSS test vectors, pss-vect.txt, Example 1: A 1024-bit RSA Key Pair
321
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
322
+const uint8_t kTestVector1Pkcs8[] = {
323
+    0x30, 0x82, 0x02, 0x72, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
324
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
325
+    0x02, 0x5c, 0x30, 0x82, 0x02, 0x58, 0x02, 0x01, 0x00, 0x02, 0x81, 0x80,
326
+    0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17, 0x58, 0x9a, 0x51, 0x87, 0xdc,
327
+    0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec, 0x0e, 0x36, 0xad, 0x52, 0xa4,
328
+    0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9, 0x91, 0xd8, 0xc5, 0x10, 0x56,
329
+    0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2, 0x83, 0xa1, 0x2a, 0x88, 0xa3,
330
+    0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91, 0xcb, 0xb3, 0x07, 0xce, 0xab,
331
+    0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95, 0x08, 0x09, 0x6d, 0x5b, 0x2b,
332
+    0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63, 0x77, 0xc0, 0x92, 0x1c, 0xb2,
333
+    0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e, 0x6f, 0xf8, 0x9d, 0x19, 0xf1,
334
+    0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35, 0xf2, 0x92, 0x80, 0xe1, 0x38,
335
+    0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1, 0xe1, 0xf2, 0x0d, 0x0c, 0xe8,
336
+    0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21, 0x37, 0x02, 0x03, 0x01, 0x00,
337
+    0x01, 0x02, 0x81, 0x80, 0x33, 0xa5, 0x04, 0x2a, 0x90, 0xb2, 0x7d, 0x4f,
338
+    0x54, 0x51, 0xca, 0x9b, 0xbb, 0xd0, 0xb4, 0x47, 0x71, 0xa1, 0x01, 0xaf,
339
+    0x88, 0x43, 0x40, 0xae, 0xf9, 0x88, 0x5f, 0x2a, 0x4b, 0xbe, 0x92, 0xe8,
340
+    0x94, 0xa7, 0x24, 0xac, 0x3c, 0x56, 0x8c, 0x8f, 0x97, 0x85, 0x3a, 0xd0,
341
+    0x7c, 0x02, 0x66, 0xc8, 0xc6, 0xa3, 0xca, 0x09, 0x29, 0xf1, 0xe8, 0xf1,
342
+    0x12, 0x31, 0x88, 0x44, 0x29, 0xfc, 0x4d, 0x9a, 0xe5, 0x5f, 0xee, 0x89,
343
+    0x6a, 0x10, 0xce, 0x70, 0x7c, 0x3e, 0xd7, 0xe7, 0x34, 0xe4, 0x47, 0x27,
344
+    0xa3, 0x95, 0x74, 0x50, 0x1a, 0x53, 0x26, 0x83, 0x10, 0x9c, 0x2a, 0xba,
345
+    0xca, 0xba, 0x28, 0x3c, 0x31, 0xb4, 0xbd, 0x2f, 0x53, 0xc3, 0xee, 0x37,
346
+    0xe3, 0x52, 0xce, 0xe3, 0x4f, 0x9e, 0x50, 0x3b, 0xd8, 0x0c, 0x06, 0x22,
347
+    0xad, 0x79, 0xc6, 0xdc, 0xee, 0x88, 0x35, 0x47, 0xc6, 0xa3, 0xb3, 0x25,
348
+    0x02, 0x40, 0xe7, 0xe8, 0x94, 0x27, 0x20, 0xa8, 0x77, 0x51, 0x72, 0x73,
349
+    0xa3, 0x56, 0x05, 0x3e, 0xa2, 0xa1, 0xbc, 0x0c, 0x94, 0xaa, 0x72, 0xd5,
350
+    0x5c, 0x6e, 0x86, 0x29, 0x6b, 0x2d, 0xfc, 0x96, 0x79, 0x48, 0xc0, 0xa7,
351
+    0x2c, 0xbc, 0xcc, 0xa7, 0xea, 0xcb, 0x35, 0x70, 0x6e, 0x09, 0xa1, 0xdf,
352
+    0x55, 0xa1, 0x53, 0x5b, 0xd9, 0xb3, 0xcc, 0x34, 0x16, 0x0b, 0x3b, 0x6d,
353
+    0xcd, 0x3e, 0xda, 0x8e, 0x64, 0x43, 0x02, 0x40, 0xb6, 0x9d, 0xca, 0x1c,
354
+    0xf7, 0xd4, 0xd7, 0xec, 0x81, 0xe7, 0x5b, 0x90, 0xfc, 0xca, 0x87, 0x4a,
355
+    0xbc, 0xde, 0x12, 0x3f, 0xd2, 0x70, 0x01, 0x80, 0xaa, 0x90, 0x47, 0x9b,
356
+    0x6e, 0x48, 0xde, 0x8d, 0x67, 0xed, 0x24, 0xf9, 0xf1, 0x9d, 0x85, 0xba,
357
+    0x27, 0x58, 0x74, 0xf5, 0x42, 0xcd, 0x20, 0xdc, 0x72, 0x3e, 0x69, 0x63,
358
+    0x36, 0x4a, 0x1f, 0x94, 0x25, 0x45, 0x2b, 0x26, 0x9a, 0x67, 0x99, 0xfd,
359
+    0x02, 0x40, 0x28, 0xfa, 0x13, 0x93, 0x86, 0x55, 0xbe, 0x1f, 0x8a, 0x15,
360
+    0x9c, 0xba, 0xca, 0x5a, 0x72, 0xea, 0x19, 0x0c, 0x30, 0x08, 0x9e, 0x19,
361
+    0xcd, 0x27, 0x4a, 0x55, 0x6f, 0x36, 0xc4, 0xf6, 0xe1, 0x9f, 0x55, 0x4b,
362
+    0x34, 0xc0, 0x77, 0x79, 0x04, 0x27, 0xbb, 0xdd, 0x8d, 0xd3, 0xed, 0xe2,
363
+    0x44, 0x83, 0x28, 0xf3, 0x85, 0xd8, 0x1b, 0x30, 0xe8, 0xe4, 0x3b, 0x2f,
364
+    0xff, 0xa0, 0x27, 0x86, 0x19, 0x79, 0x02, 0x40, 0x1a, 0x8b, 0x38, 0xf3,
365
+    0x98, 0xfa, 0x71, 0x20, 0x49, 0x89, 0x8d, 0x7f, 0xb7, 0x9e, 0xe0, 0xa7,
366
+    0x76, 0x68, 0x79, 0x12, 0x99, 0xcd, 0xfa, 0x09, 0xef, 0xc0, 0xe5, 0x07,
367
+    0xac, 0xb2, 0x1e, 0xd7, 0x43, 0x01, 0xef, 0x5b, 0xfd, 0x48, 0xbe, 0x45,
368
+    0x5e, 0xae, 0xb6, 0xe1, 0x67, 0x82, 0x55, 0x82, 0x75, 0x80, 0xa8, 0xe4,
369
+    0xe8, 0xe1, 0x41, 0x51, 0xd1, 0x51, 0x0a, 0x82, 0xa3, 0xf2, 0xe7, 0x29,
370
+    0x02, 0x40, 0x27, 0x15, 0x6a, 0xba, 0x41, 0x26, 0xd2, 0x4a, 0x81, 0xf3,
371
+    0xa5, 0x28, 0xcb, 0xfb, 0x27, 0xf5, 0x68, 0x86, 0xf8, 0x40, 0xa9, 0xf6,
372
+    0xe8, 0x6e, 0x17, 0xa4, 0x4b, 0x94, 0xfe, 0x93, 0x19, 0x58, 0x4b, 0x8e,
373
+    0x22, 0xfd, 0xde, 0x1e, 0x5a, 0x2e, 0x3b, 0xd8, 0xaa, 0x5b, 0xa8, 0xd8,
374
+    0x58, 0x41, 0x94, 0xeb, 0x21, 0x90, 0xac, 0xf8, 0x32, 0xb8, 0x47, 0xf1,
375
+    0x3a, 0x3d, 0x24, 0xa7, 0x9f, 0x4d};
376
+const uint8_t kTestVector1Spki[] = {
377
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
378
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
379
+    0x89, 0x02, 0x81, 0x81, 0x00, 0xa5, 0x6e, 0x4a, 0x0e, 0x70, 0x10, 0x17,
380
+    0x58, 0x9a, 0x51, 0x87, 0xdc, 0x7e, 0xa8, 0x41, 0xd1, 0x56, 0xf2, 0xec,
381
+    0x0e, 0x36, 0xad, 0x52, 0xa4, 0x4d, 0xfe, 0xb1, 0xe6, 0x1f, 0x7a, 0xd9,
382
+    0x91, 0xd8, 0xc5, 0x10, 0x56, 0xff, 0xed, 0xb1, 0x62, 0xb4, 0xc0, 0xf2,
383
+    0x83, 0xa1, 0x2a, 0x88, 0xa3, 0x94, 0xdf, 0xf5, 0x26, 0xab, 0x72, 0x91,
384
+    0xcb, 0xb3, 0x07, 0xce, 0xab, 0xfc, 0xe0, 0xb1, 0xdf, 0xd5, 0xcd, 0x95,
385
+    0x08, 0x09, 0x6d, 0x5b, 0x2b, 0x8b, 0x6d, 0xf5, 0xd6, 0x71, 0xef, 0x63,
386
+    0x77, 0xc0, 0x92, 0x1c, 0xb2, 0x3c, 0x27, 0x0a, 0x70, 0xe2, 0x59, 0x8e,
387
+    0x6f, 0xf8, 0x9d, 0x19, 0xf1, 0x05, 0xac, 0xc2, 0xd3, 0xf0, 0xcb, 0x35,
388
+    0xf2, 0x92, 0x80, 0xe1, 0x38, 0x6b, 0x6f, 0x64, 0xc4, 0xef, 0x22, 0xe1,
389
+    0xe1, 0xf2, 0x0d, 0x0c, 0xe8, 0xcf, 0xfb, 0x22, 0x49, 0xbd, 0x9a, 0x21,
390
+    0x37, 0x02, 0x03, 0x01, 0x00, 0x01};
391
+// RSA-PSS test vectors, pss-vect.txt, Example 1.1
392
+const uint8_t kTestVector1Data[] = {
393
+    0xcd, 0xc8, 0x7d, 0xa2, 0x23, 0xd7, 0x86, 0xdf, 0x3b, 0x45, 0xe0, 0xbb,
394
+    0xbc, 0x72, 0x13, 0x26, 0xd1, 0xee, 0x2a, 0xf8, 0x06, 0xcc, 0x31, 0x54,
395
+    0x75, 0xcc, 0x6f, 0x0d, 0x9c, 0x66, 0xe1, 0xb6, 0x23, 0x71, 0xd4, 0x5c,
396
+    0xe2, 0x39, 0x2e, 0x1a, 0xc9, 0x28, 0x44, 0xc3, 0x10, 0x10, 0x2f, 0x15,
397
+    0x6a, 0x0d, 0x8d, 0x52, 0xc1, 0xf4, 0xc4, 0x0b, 0xa3, 0xaa, 0x65, 0x09,
398
+    0x57, 0x86, 0xcb, 0x76, 0x97, 0x57, 0xa6, 0x56, 0x3b, 0xa9, 0x58, 0xfe,
399
+    0xd0, 0xbc, 0xc9, 0x84, 0xe8, 0xb5, 0x17, 0xa3, 0xd5, 0xf5, 0x15, 0xb2,
400
+    0x3b, 0x8a, 0x41, 0xe7, 0x4a, 0xa8, 0x67, 0x69, 0x3f, 0x90, 0xdf, 0xb0,
401
+    0x61, 0xa6, 0xe8, 0x6d, 0xfa, 0xae, 0xe6, 0x44, 0x72, 0xc0, 0x0e, 0x5f,
402
+    0x20, 0x94, 0x57, 0x29, 0xcb, 0xeb, 0xe7, 0x7f, 0x06, 0xce, 0x78, 0xe0,
403
+    0x8f, 0x40, 0x98, 0xfb, 0xa4, 0x1f, 0x9d, 0x61, 0x93, 0xc0, 0x31, 0x7e,
404
+    0x8b, 0x60, 0xd4, 0xb6, 0x08, 0x4a, 0xcb, 0x42, 0xd2, 0x9e, 0x38, 0x08,
405
+    0xa3, 0xbc, 0x37, 0x2d, 0x85, 0xe3, 0x31, 0x17, 0x0f, 0xcb, 0xf7, 0xcc,
406
+    0x72, 0xd0, 0xb7, 0x1c, 0x29, 0x66, 0x48, 0xb3, 0xa4, 0xd1, 0x0f, 0x41,
407
+    0x62, 0x95, 0xd0, 0x80, 0x7a, 0xa6, 0x25, 0xca, 0xb2, 0x74, 0x4f, 0xd9,
408
+    0xea, 0x8f, 0xd2, 0x23, 0xc4, 0x25, 0x37, 0x02, 0x98, 0x28, 0xbd, 0x16,
409
+    0xbe, 0x02, 0x54, 0x6f, 0x13, 0x0f, 0xd2, 0xe3, 0x3b, 0x93, 0x6d, 0x26,
410
+    0x76, 0xe0, 0x8a, 0xed, 0x1b, 0x73, 0x31, 0x8b, 0x75, 0x0a, 0x01, 0x67,
411
+    0xd0};
412
+const uint8_t kTestVector1Sig[] = {
413
+    0x90, 0x74, 0x30, 0x8f, 0xb5, 0x98, 0xe9, 0x70, 0x1b, 0x22, 0x94, 0x38,
414
+    0x8e, 0x52, 0xf9, 0x71, 0xfa, 0xac, 0x2b, 0x60, 0xa5, 0x14, 0x5a, 0xf1,
415
+    0x85, 0xdf, 0x52, 0x87, 0xb5, 0xed, 0x28, 0x87, 0xe5, 0x7c, 0xe7, 0xfd,
416
+    0x44, 0xdc, 0x86, 0x34, 0xe4, 0x07, 0xc8, 0xe0, 0xe4, 0x36, 0x0b, 0xc2,
417
+    0x26, 0xf3, 0xec, 0x22, 0x7f, 0x9d, 0x9e, 0x54, 0x63, 0x8e, 0x8d, 0x31,
418
+    0xf5, 0x05, 0x12, 0x15, 0xdf, 0x6e, 0xbb, 0x9c, 0x2f, 0x95, 0x79, 0xaa,
419
+    0x77, 0x59, 0x8a, 0x38, 0xf9, 0x14, 0xb5, 0xb9, 0xc1, 0xbd, 0x83, 0xc4,
420
+    0xe2, 0xf9, 0xf3, 0x82, 0xa0, 0xd0, 0xaa, 0x35, 0x42, 0xff, 0xee, 0x65,
421
+    0x98, 0x4a, 0x60, 0x1b, 0xc6, 0x9e, 0xb2, 0x8d, 0xeb, 0x27, 0xdc, 0xa1,
422
+    0x2c, 0x82, 0xc2, 0xd4, 0xc3, 0xf6, 0x6c, 0xd5, 0x00, 0xf1, 0xff, 0x2b,
423
+    0x99, 0x4d, 0x8a, 0x4e, 0x30, 0xcb, 0xb3, 0x3c};
424
+
425
+// RSA-PSS test vectors, pss-vect.txt, Example 2: A 1025-bit RSA Key Pair
426
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
427
+const uint8_t kTestVector2Pkcs8[] = {
428
+    0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
429
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
430
+    0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
431
+    0x01, 0xd4, 0x0c, 0x1b, 0xcf, 0x97, 0xa6, 0x8a, 0xe7, 0xcd, 0xbd, 0x8a,
432
+    0x7b, 0xf3, 0xe3, 0x4f, 0xa1, 0x9d, 0xcc, 0xa4, 0xef, 0x75, 0xa4, 0x74,
433
+    0x54, 0x37, 0x5f, 0x94, 0x51, 0x4d, 0x88, 0xfe, 0xd0, 0x06, 0xfb, 0x82,
434
+    0x9f, 0x84, 0x19, 0xff, 0x87, 0xd6, 0x31, 0x5d, 0xa6, 0x8a, 0x1f, 0xf3,
435
+    0xa0, 0x93, 0x8e, 0x9a, 0xbb, 0x34, 0x64, 0x01, 0x1c, 0x30, 0x3a, 0xd9,
436
+    0x91, 0x99, 0xcf, 0x0c, 0x7c, 0x7a, 0x8b, 0x47, 0x7d, 0xce, 0x82, 0x9e,
437
+    0x88, 0x44, 0xf6, 0x25, 0xb1, 0x15, 0xe5, 0xe9, 0xc4, 0xa5, 0x9c, 0xf8,
438
+    0xf8, 0x11, 0x3b, 0x68, 0x34, 0x33, 0x6a, 0x2f, 0xd2, 0x68, 0x9b, 0x47,
439
+    0x2c, 0xbb, 0x5e, 0x5c, 0xab, 0xe6, 0x74, 0x35, 0x0c, 0x59, 0xb6, 0xc1,
440
+    0x7e, 0x17, 0x68, 0x74, 0xfb, 0x42, 0xf8, 0xfc, 0x3d, 0x17, 0x6a, 0x01,
441
+    0x7e, 0xdc, 0x61, 0xfd, 0x32, 0x6c, 0x4b, 0x33, 0xc9, 0x02, 0x03, 0x01,
442
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x02, 0x7d, 0x14, 0x7e, 0x46, 0x73, 0x05,
443
+    0x73, 0x77, 0xfd, 0x1e, 0xa2, 0x01, 0x56, 0x57, 0x72, 0x17, 0x6a, 0x7d,
444
+    0xc3, 0x83, 0x58, 0xd3, 0x76, 0x04, 0x56, 0x85, 0xa2, 0xe7, 0x87, 0xc2,
445
+    0x3c, 0x15, 0x57, 0x6b, 0xc1, 0x6b, 0x9f, 0x44, 0x44, 0x02, 0xd6, 0xbf,
446
+    0xc5, 0xd9, 0x8a, 0x3e, 0x88, 0xea, 0x13, 0xef, 0x67, 0xc3, 0x53, 0xec,
447
+    0xa0, 0xc0, 0xdd, 0xba, 0x92, 0x55, 0xbd, 0x7b, 0x8b, 0xb5, 0x0a, 0x64,
448
+    0x4a, 0xfd, 0xfd, 0x1d, 0xd5, 0x16, 0x95, 0xb2, 0x52, 0xd2, 0x2e, 0x73,
449
+    0x18, 0xd1, 0xb6, 0x68, 0x7a, 0x1c, 0x10, 0xff, 0x75, 0x54, 0x5f, 0x3d,
450
+    0xb0, 0xfe, 0x60, 0x2d, 0x5f, 0x2b, 0x7f, 0x29, 0x4e, 0x36, 0x01, 0xea,
451
+    0xb7, 0xb9, 0xd1, 0xce, 0xcd, 0x76, 0x7f, 0x64, 0x69, 0x2e, 0x3e, 0x53,
452
+    0x6c, 0xa2, 0x84, 0x6c, 0xb0, 0xc2, 0xdd, 0x48, 0x6a, 0x39, 0xfa, 0x75,
453
+    0xb1, 0x02, 0x41, 0x01, 0x66, 0x01, 0xe9, 0x26, 0xa0, 0xf8, 0xc9, 0xe2,
454
+    0x6e, 0xca, 0xb7, 0x69, 0xea, 0x65, 0xa5, 0xe7, 0xc5, 0x2c, 0xc9, 0xe0,
455
+    0x80, 0xef, 0x51, 0x94, 0x57, 0xc6, 0x44, 0xda, 0x68, 0x91, 0xc5, 0xa1,
456
+    0x04, 0xd3, 0xea, 0x79, 0x55, 0x92, 0x9a, 0x22, 0xe7, 0xc6, 0x8a, 0x7a,
457
+    0xf9, 0xfc, 0xad, 0x77, 0x7c, 0x3c, 0xcc, 0x2b, 0x9e, 0x3d, 0x36, 0x50,
458
+    0xbc, 0xe4, 0x04, 0x39, 0x9b, 0x7e, 0x59, 0xd1, 0x02, 0x41, 0x01, 0x4e,
459
+    0xaf, 0xa1, 0xd4, 0xd0, 0x18, 0x4d, 0xa7, 0xe3, 0x1f, 0x87, 0x7d, 0x12,
460
+    0x81, 0xdd, 0xda, 0x62, 0x56, 0x64, 0x86, 0x9e, 0x83, 0x79, 0xe6, 0x7a,
461
+    0xd3, 0xb7, 0x5e, 0xae, 0x74, 0xa5, 0x80, 0xe9, 0x82, 0x7a, 0xbd, 0x6e,
462
+    0xb7, 0xa0, 0x02, 0xcb, 0x54, 0x11, 0xf5, 0x26, 0x67, 0x97, 0x76, 0x8f,
463
+    0xb8, 0xe9, 0x5a, 0xe4, 0x0e, 0x3e, 0x8a, 0x01, 0xf3, 0x5f, 0xf8, 0x9e,
464
+    0x56, 0xc0, 0x79, 0x02, 0x40, 0xe2, 0x47, 0xcc, 0xe5, 0x04, 0x93, 0x9b,
465
+    0x8f, 0x0a, 0x36, 0x09, 0x0d, 0xe2, 0x00, 0x93, 0x87, 0x55, 0xe2, 0x44,
466
+    0x4b, 0x29, 0x53, 0x9a, 0x7d, 0xa7, 0xa9, 0x02, 0xf6, 0x05, 0x68, 0x35,
467
+    0xc0, 0xdb, 0x7b, 0x52, 0x55, 0x94, 0x97, 0xcf, 0xe2, 0xc6, 0x1a, 0x80,
468
+    0x86, 0xd0, 0x21, 0x3c, 0x47, 0x2c, 0x78, 0x85, 0x18, 0x00, 0xb1, 0x71,
469
+    0xf6, 0x40, 0x1d, 0xe2, 0xe9, 0xc2, 0x75, 0x6f, 0x31, 0x02, 0x40, 0xb1,
470
+    0x2f, 0xba, 0x75, 0x78, 0x55, 0xe5, 0x86, 0xe4, 0x6f, 0x64, 0xc3, 0x8a,
471
+    0x70, 0xc6, 0x8b, 0x3f, 0x54, 0x8d, 0x93, 0xd7, 0x87, 0xb3, 0x99, 0x99,
472
+    0x9d, 0x4c, 0x8f, 0x0b, 0xbd, 0x25, 0x81, 0xc2, 0x1e, 0x19, 0xed, 0x00,
473
+    0x18, 0xa6, 0xd5, 0xd3, 0xdf, 0x86, 0x42, 0x4b, 0x3a, 0xbc, 0xad, 0x40,
474
+    0x19, 0x9d, 0x31, 0x49, 0x5b, 0x61, 0x30, 0x9f, 0x27, 0xc1, 0xbf, 0x55,
475
+    0xd4, 0x87, 0xc1, 0x02, 0x40, 0x56, 0x4b, 0x1e, 0x1f, 0xa0, 0x03, 0xbd,
476
+    0xa9, 0x1e, 0x89, 0x09, 0x04, 0x25, 0xaa, 0xc0, 0x5b, 0x91, 0xda, 0x9e,
477
+    0xe2, 0x50, 0x61, 0xe7, 0x62, 0x8d, 0x5f, 0x51, 0x30, 0x4a, 0x84, 0x99,
478
+    0x2f, 0xdc, 0x33, 0x76, 0x2b, 0xd3, 0x78, 0xa5, 0x9f, 0x03, 0x0a, 0x33,
479
+    0x4d, 0x53, 0x2b, 0xd0, 0xda, 0xe8, 0xf2, 0x98, 0xea, 0x9e, 0xd8, 0x44,
480
+    0x63, 0x6a, 0xd5, 0xfb, 0x8c, 0xbd, 0xc0, 0x3c, 0xad};
481
+const uint8_t kTestVector2Spki[] = {
482
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
483
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
484
+    0x89, 0x02, 0x81, 0x81, 0x01, 0xd4, 0x0c, 0x1b, 0xcf, 0x97, 0xa6, 0x8a,
485
+    0xe7, 0xcd, 0xbd, 0x8a, 0x7b, 0xf3, 0xe3, 0x4f, 0xa1, 0x9d, 0xcc, 0xa4,
486
+    0xef, 0x75, 0xa4, 0x74, 0x54, 0x37, 0x5f, 0x94, 0x51, 0x4d, 0x88, 0xfe,
487
+    0xd0, 0x06, 0xfb, 0x82, 0x9f, 0x84, 0x19, 0xff, 0x87, 0xd6, 0x31, 0x5d,
488
+    0xa6, 0x8a, 0x1f, 0xf3, 0xa0, 0x93, 0x8e, 0x9a, 0xbb, 0x34, 0x64, 0x01,
489
+    0x1c, 0x30, 0x3a, 0xd9, 0x91, 0x99, 0xcf, 0x0c, 0x7c, 0x7a, 0x8b, 0x47,
490
+    0x7d, 0xce, 0x82, 0x9e, 0x88, 0x44, 0xf6, 0x25, 0xb1, 0x15, 0xe5, 0xe9,
491
+    0xc4, 0xa5, 0x9c, 0xf8, 0xf8, 0x11, 0x3b, 0x68, 0x34, 0x33, 0x6a, 0x2f,
492
+    0xd2, 0x68, 0x9b, 0x47, 0x2c, 0xbb, 0x5e, 0x5c, 0xab, 0xe6, 0x74, 0x35,
493
+    0x0c, 0x59, 0xb6, 0xc1, 0x7e, 0x17, 0x68, 0x74, 0xfb, 0x42, 0xf8, 0xfc,
494
+    0x3d, 0x17, 0x6a, 0x01, 0x7e, 0xdc, 0x61, 0xfd, 0x32, 0x6c, 0x4b, 0x33,
495
+    0xc9, 0x02, 0x03, 0x01, 0x00, 0x01};
496
+// RSA-PSS test vectors, pss-vect.txt, Example 2.1
497
+const uint8_t kTestVector2Data[] = {
498
+    0xda, 0xba, 0x03, 0x20, 0x66, 0x26, 0x3f, 0xae, 0xdb, 0x65, 0x98,
499
+    0x48, 0x11, 0x52, 0x78, 0xa5, 0x2c, 0x44, 0xfa, 0xa3, 0xa7, 0x6f,
500
+    0x37, 0x51, 0x5e, 0xd3, 0x36, 0x32, 0x10, 0x72, 0xc4, 0x0a, 0x9d,
501
+    0x9b, 0x53, 0xbc, 0x05, 0x01, 0x40, 0x78, 0xad, 0xf5, 0x20, 0x87,
502
+    0x51, 0x46, 0xaa, 0xe7, 0x0f, 0xf0, 0x60, 0x22, 0x6d, 0xcb, 0x7b,
503
+    0x1f, 0x1f, 0xc2, 0x7e, 0x93, 0x60};
504
+const uint8_t kTestVector2Sig[] = {
505
+    0x01, 0x4c, 0x5b, 0xa5, 0x33, 0x83, 0x28, 0xcc, 0xc6, 0xe7, 0xa9, 0x0b,
506
+    0xf1, 0xc0, 0xab, 0x3f, 0xd6, 0x06, 0xff, 0x47, 0x96, 0xd3, 0xc1, 0x2e,
507
+    0x4b, 0x63, 0x9e, 0xd9, 0x13, 0x6a, 0x5f, 0xec, 0x6c, 0x16, 0xd8, 0x88,
508
+    0x4b, 0xdd, 0x99, 0xcf, 0xdc, 0x52, 0x14, 0x56, 0xb0, 0x74, 0x2b, 0x73,
509
+    0x68, 0x68, 0xcf, 0x90, 0xde, 0x09, 0x9a, 0xdb, 0x8d, 0x5f, 0xfd, 0x1d,
510
+    0xef, 0xf3, 0x9b, 0xa4, 0x00, 0x7a, 0xb7, 0x46, 0xce, 0xfd, 0xb2, 0x2d,
511
+    0x7d, 0xf0, 0xe2, 0x25, 0xf5, 0x46, 0x27, 0xdc, 0x65, 0x46, 0x61, 0x31,
512
+    0x72, 0x1b, 0x90, 0xaf, 0x44, 0x53, 0x63, 0xa8, 0x35, 0x8b, 0x9f, 0x60,
513
+    0x76, 0x42, 0xf7, 0x8f, 0xab, 0x0a, 0xb0, 0xf4, 0x3b, 0x71, 0x68, 0xd6,
514
+    0x4b, 0xae, 0x70, 0xd8, 0x82, 0x78, 0x48, 0xd8, 0xef, 0x1e, 0x42, 0x1c,
515
+    0x57, 0x54, 0xdd, 0xf4, 0x2c, 0x25, 0x89, 0xb5, 0xb3};
516
+
517
+// RSA-PSS test vectors, pss-vect.txt, Example 3: A 1026-bit RSA Key Pair
518
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
519
+const uint8_t kTestVector3Pkcs8[] = {
520
+    0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
521
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
522
+    0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
523
+    0x02, 0xf2, 0x46, 0xef, 0x45, 0x1e, 0xd3, 0xee, 0xbb, 0x9a, 0x31, 0x02,
524
+    0x00, 0xcc, 0x25, 0x85, 0x9c, 0x04, 0x8e, 0x4b, 0xe7, 0x98, 0x30, 0x29,
525
+    0x91, 0x11, 0x2e, 0xb6, 0x8c, 0xe6, 0xdb, 0x67, 0x4e, 0x28, 0x0d, 0xa2,
526
+    0x1f, 0xed, 0xed, 0x1a, 0xe7, 0x48, 0x80, 0xca, 0x52, 0x2b, 0x18, 0xdb,
527
+    0x24, 0x93, 0x85, 0x01, 0x28, 0x27, 0xc5, 0x15, 0xf0, 0xe4, 0x66, 0xa1,
528
+    0xff, 0xa6, 0x91, 0xd9, 0x81, 0x70, 0x57, 0x4e, 0x9d, 0x0e, 0xad, 0xb0,
529
+    0x87, 0x58, 0x6c, 0xa4, 0x89, 0x33, 0xda, 0x3c, 0xc9, 0x53, 0xd9, 0x5b,
530
+    0xd0, 0xed, 0x50, 0xde, 0x10, 0xdd, 0xcb, 0x67, 0x36, 0x10, 0x7d, 0x6c,
531
+    0x83, 0x1c, 0x7f, 0x66, 0x3e, 0x83, 0x3c, 0xa4, 0xc0, 0x97, 0xe7, 0x00,
532
+    0xce, 0x0f, 0xb9, 0x45, 0xf8, 0x8f, 0xb8, 0x5f, 0xe8, 0xe5, 0xa7, 0x73,
533
+    0x17, 0x25, 0x65, 0xb9, 0x14, 0xa4, 0x71, 0xa4, 0x43, 0x02, 0x03, 0x01,
534
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x65, 0x14, 0x51, 0x73, 0x3b, 0x56, 0xde,
535
+    0x5a, 0xc0, 0xa6, 0x89, 0xa4, 0xae, 0xb6, 0xe6, 0x89, 0x4a, 0x69, 0x01,
536
+    0x4e, 0x07, 0x6c, 0x88, 0xdd, 0x7a, 0x66, 0x7e, 0xab, 0x32, 0x32, 0xbb,
537
+    0xcc, 0xd2, 0xfc, 0x44, 0xba, 0x2f, 0xa9, 0xc3, 0x1d, 0xb4, 0x6f, 0x21,
538
+    0xed, 0xd1, 0xfd, 0xb2, 0x3c, 0x5c, 0x12, 0x8a, 0x5d, 0xa5, 0xba, 0xb9,
539
+    0x1e, 0x7f, 0x95, 0x2b, 0x67, 0x75, 0x9c, 0x7c, 0xff, 0x70, 0x54, 0x15,
540
+    0xac, 0x9f, 0xa0, 0x90, 0x7c, 0x7c, 0xa6, 0x17, 0x8f, 0x66, 0x8f, 0xb9,
541
+    0x48, 0xd8, 0x69, 0xda, 0x4c, 0xc3, 0xb7, 0x35, 0x6f, 0x40, 0x08, 0xdf,
542
+    0xd5, 0x44, 0x9d, 0x32, 0xee, 0x02, 0xd9, 0xa4, 0x77, 0xeb, 0x69, 0xfc,
543
+    0x29, 0x26, 0x6e, 0x5d, 0x90, 0x70, 0x51, 0x23, 0x75, 0xa5, 0x0f, 0xbb,
544
+    0xcc, 0x27, 0xe2, 0x38, 0xad, 0x98, 0x42, 0x5f, 0x6e, 0xbb, 0xf8, 0x89,
545
+    0x91, 0x02, 0x41, 0x01, 0xbd, 0x36, 0xe1, 0x8e, 0xce, 0x4b, 0x0f, 0xdb,
546
+    0x2e, 0x9c, 0x9d, 0x54, 0x8b, 0xd1, 0xa7, 0xd6, 0xe2, 0xc2, 0x1c, 0x6f,
547
+    0xdc, 0x35, 0x07, 0x4a, 0x1d, 0x05, 0xb1, 0xc6, 0xc8, 0xb3, 0xd5, 0x58,
548
+    0xea, 0x26, 0x39, 0xc9, 0xa9, 0xa4, 0x21, 0x68, 0x01, 0x69, 0x31, 0x72,
549
+    0x52, 0x55, 0x8b, 0xd1, 0x48, 0xad, 0x21, 0x5a, 0xac, 0x55, 0x0e, 0x2d,
550
+    0xcf, 0x12, 0xa8, 0x2d, 0x0e, 0xbf, 0xe8, 0x53, 0x02, 0x41, 0x01, 0xb1,
551
+    0xb6, 0x56, 0xad, 0x86, 0xd8, 0xe1, 0x9d, 0x5d, 0xc8, 0x62, 0x92, 0xb3,
552
+    0xa1, 0x92, 0xfd, 0xf6, 0xe0, 0xdd, 0x37, 0x87, 0x7b, 0xad, 0x14, 0x82,
553
+    0x2f, 0xa0, 0x01, 0x90, 0xca, 0xb2, 0x65, 0xf9, 0x0d, 0x3f, 0x02, 0x05,
554
+    0x7b, 0x6f, 0x54, 0xd6, 0xec, 0xb1, 0x44, 0x91, 0xe5, 0xad, 0xea, 0xce,
555
+    0xbc, 0x48, 0xbf, 0x0e, 0xbd, 0x2a, 0x2a, 0xd2, 0x6d, 0x40, 0x2e, 0x54,
556
+    0xf6, 0x16, 0x51, 0x02, 0x40, 0x1f, 0x27, 0x79, 0xfd, 0x2e, 0x3e, 0x5e,
557
+    0x6b, 0xae, 0x05, 0x53, 0x95, 0x18, 0xfb, 0xa0, 0xcd, 0x0e, 0xad, 0x1a,
558
+    0xa4, 0x51, 0x3a, 0x7c, 0xba, 0x18, 0xf1, 0xcf, 0x10, 0xe3, 0xf6, 0x81,
559
+    0x95, 0x69, 0x3d, 0x27, 0x8a, 0x0f, 0x0e, 0xe7, 0x2f, 0x89, 0xf9, 0xbc,
560
+    0x76, 0x0d, 0x80, 0xe2, 0xf9, 0xd0, 0x26, 0x1d, 0x51, 0x65, 0x01, 0xc6,
561
+    0xae, 0x39, 0xf1, 0x4a, 0x47, 0x6c, 0xe2, 0xcc, 0xf5, 0x02, 0x41, 0x01,
562
+    0x1a, 0x0d, 0x36, 0x79, 0x4b, 0x04, 0xa8, 0x54, 0xaa, 0xb4, 0xb2, 0x46,
563
+    0x2d, 0x43, 0x9a, 0x50, 0x46, 0xc9, 0x1d, 0x94, 0x0b, 0x2b, 0xc6, 0xf7,
564
+    0x5b, 0x62, 0x95, 0x6f, 0xef, 0x35, 0xa2, 0xa6, 0xe6, 0x3c, 0x53, 0x09,
565
+    0x81, 0x7f, 0x30, 0x7b, 0xbf, 0xf9, 0xd5, 0x9e, 0x7e, 0x33, 0x1b, 0xd3,
566
+    0x63, 0xf6, 0xd6, 0x68, 0x49, 0xb1, 0x83, 0x46, 0xad, 0xea, 0x16, 0x9f,
567
+    0x0a, 0xe9, 0xae, 0xc1, 0x02, 0x40, 0x0b, 0x30, 0xf0, 0xec, 0xf5, 0x58,
568
+    0x75, 0x2f, 0xb3, 0xa6, 0xce, 0x4b, 0xa2, 0xb8, 0xc6, 0x75, 0xf6, 0x59,
569
+    0xeb, 0xa6, 0xc3, 0x76, 0x58, 0x5a, 0x1b, 0x39, 0x71, 0x2d, 0x03, 0x8a,
570
+    0xe3, 0xd2, 0xb4, 0x6f, 0xcb, 0x41, 0x8a, 0xe1, 0x5d, 0x09, 0x05, 0xda,
571
+    0x64, 0x40, 0xe1, 0x51, 0x3a, 0x30, 0xb9, 0xb7, 0xd6, 0x66, 0x8f, 0xbc,
572
+    0x5e, 0x88, 0xe5, 0xab, 0x7a, 0x17, 0x5e, 0x73, 0xba, 0x35};
573
+const uint8_t kTestVector3Spki[] = {
574
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
575
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
576
+    0x89, 0x02, 0x81, 0x81, 0x02, 0xf2, 0x46, 0xef, 0x45, 0x1e, 0xd3, 0xee,
577
+    0xbb, 0x9a, 0x31, 0x02, 0x00, 0xcc, 0x25, 0x85, 0x9c, 0x04, 0x8e, 0x4b,
578
+    0xe7, 0x98, 0x30, 0x29, 0x91, 0x11, 0x2e, 0xb6, 0x8c, 0xe6, 0xdb, 0x67,
579
+    0x4e, 0x28, 0x0d, 0xa2, 0x1f, 0xed, 0xed, 0x1a, 0xe7, 0x48, 0x80, 0xca,
580
+    0x52, 0x2b, 0x18, 0xdb, 0x24, 0x93, 0x85, 0x01, 0x28, 0x27, 0xc5, 0x15,
581
+    0xf0, 0xe4, 0x66, 0xa1, 0xff, 0xa6, 0x91, 0xd9, 0x81, 0x70, 0x57, 0x4e,
582
+    0x9d, 0x0e, 0xad, 0xb0, 0x87, 0x58, 0x6c, 0xa4, 0x89, 0x33, 0xda, 0x3c,
583
+    0xc9, 0x53, 0xd9, 0x5b, 0xd0, 0xed, 0x50, 0xde, 0x10, 0xdd, 0xcb, 0x67,
584
+    0x36, 0x10, 0x7d, 0x6c, 0x83, 0x1c, 0x7f, 0x66, 0x3e, 0x83, 0x3c, 0xa4,
585
+    0xc0, 0x97, 0xe7, 0x00, 0xce, 0x0f, 0xb9, 0x45, 0xf8, 0x8f, 0xb8, 0x5f,
586
+    0xe8, 0xe5, 0xa7, 0x73, 0x17, 0x25, 0x65, 0xb9, 0x14, 0xa4, 0x71, 0xa4,
587
+    0x43, 0x02, 0x03, 0x01, 0x00, 0x01};
588
+// RSA-PSS test vectors, pss-vect.txt, Example 3.1
589
+const uint8_t kTestVector3Data[] = {
590
+    0x59, 0x4b, 0x37, 0x33, 0x3b, 0xbb, 0x2c, 0x84, 0x52, 0x4a,
591
+    0x87, 0xc1, 0xa0, 0x1f, 0x75, 0xfc, 0xec, 0x0e, 0x32, 0x56,
592
+    0xf1, 0x08, 0xe3, 0x8d, 0xca, 0x36, 0xd7, 0x0d, 0x00, 0x57};
593
+const uint8_t kTestVector3Sig[] = {
594
+    0x00, 0x88, 0xb1, 0x35, 0xfb, 0x17, 0x94, 0xb6, 0xb9, 0x6c, 0x4a, 0x3e,
595
+    0x67, 0x81, 0x97, 0xf8, 0xca, 0xc5, 0x2b, 0x64, 0xb2, 0xfe, 0x90, 0x7d,
596
+    0x6f, 0x27, 0xde, 0x76, 0x11, 0x24, 0x96, 0x4a, 0x99, 0xa0, 0x1a, 0x88,
597
+    0x27, 0x40, 0xec, 0xfa, 0xed, 0x6c, 0x01, 0xa4, 0x74, 0x64, 0xbb, 0x05,
598
+    0x18, 0x23, 0x13, 0xc0, 0x13, 0x38, 0xa8, 0xcd, 0x09, 0x72, 0x14, 0xcd,
599
+    0x68, 0xca, 0x10, 0x3b, 0xd5, 0x7d, 0x3b, 0xc9, 0xe8, 0x16, 0x21, 0x3e,
600
+    0x61, 0xd7, 0x84, 0xf1, 0x82, 0x46, 0x7a, 0xbf, 0x8a, 0x01, 0xcf, 0x25,
601
+    0x3e, 0x99, 0xa1, 0x56, 0xea, 0xa8, 0xe3, 0xe1, 0xf9, 0x0e, 0x3c, 0x6e,
602
+    0x4e, 0x3a, 0xa2, 0xd8, 0x3e, 0xd0, 0x34, 0x5b, 0x89, 0xfa, 0xfc, 0x9c,
603
+    0x26, 0x07, 0x7c, 0x14, 0xb6, 0xac, 0x51, 0x45, 0x4f, 0xa2, 0x6e, 0x44,
604
+    0x6e, 0x3a, 0x2f, 0x15, 0x3b, 0x2b, 0x16, 0x79, 0x7f};
605
+
606
+// RSA-PSS test vectors, pss-vect.txt, Example 4: A 1027-bit RSA Key Pair
607
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
608
+const uint8_t kTestVector4Pkcs8[] = {
609
+    0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
610
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
611
+    0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
612
+    0x05, 0x4a, 0xdb, 0x78, 0x86, 0x44, 0x7e, 0xfe, 0x6f, 0x57, 0xe0, 0x36,
613
+    0x8f, 0x06, 0xcf, 0x52, 0xb0, 0xa3, 0x37, 0x07, 0x60, 0xd1, 0x61, 0xce,
614
+    0xf1, 0x26, 0xb9, 0x1b, 0xe7, 0xf8, 0x9c, 0x42, 0x1b, 0x62, 0xa6, 0xec,
615
+    0x1d, 0xa3, 0xc3, 0x11, 0xd7, 0x5e, 0xd5, 0x0e, 0x0a, 0xb5, 0xff, 0xf3,
616
+    0xfd, 0x33, 0x8a, 0xcc, 0x3a, 0xa8, 0xa4, 0xe7, 0x7e, 0xe2, 0x63, 0x69,
617
+    0xac, 0xb8, 0x1b, 0xa9, 0x00, 0xfa, 0x83, 0xf5, 0x30, 0x0c, 0xf9, 0xbb,
618
+    0x6c, 0x53, 0xad, 0x1d, 0xc8, 0xa1, 0x78, 0xb8, 0x15, 0xdb, 0x42, 0x35,
619
+    0xa9, 0xa9, 0xda, 0x0c, 0x06, 0xde, 0x4e, 0x61, 0x5e, 0xa1, 0x27, 0x7c,
620
+    0xe5, 0x59, 0xe9, 0xc1, 0x08, 0xde, 0x58, 0xc1, 0x4a, 0x81, 0xaa, 0x77,
621
+    0xf5, 0xa6, 0xf8, 0xd1, 0x33, 0x54, 0x94, 0x49, 0x88, 0x48, 0xc8, 0xb9,
622
+    0x59, 0x40, 0x74, 0x0b, 0xe7, 0xbf, 0x7c, 0x37, 0x05, 0x02, 0x03, 0x01,
623
+    0x00, 0x01, 0x02, 0x81, 0x80, 0xfa, 0x04, 0x1f, 0x8c, 0xd9, 0x69, 0x7c,
624
+    0xee, 0xd3, 0x8e, 0xc8, 0xca, 0xa2, 0x75, 0x52, 0x3b, 0x4d, 0xd7, 0x2b,
625
+    0x09, 0xa3, 0x01, 0xd3, 0x54, 0x1d, 0x72, 0xf5, 0xd3, 0x1c, 0x05, 0xcb,
626
+    0xce, 0x2d, 0x69, 0x83, 0xb3, 0x61, 0x83, 0xaf, 0x10, 0x69, 0x0b, 0xd4,
627
+    0x6c, 0x46, 0x13, 0x1e, 0x35, 0x78, 0x94, 0x31, 0xa5, 0x56, 0x77, 0x1d,
628
+    0xd0, 0x04, 0x9b, 0x57, 0x46, 0x1b, 0xf0, 0x60, 0xc1, 0xf6, 0x84, 0x72,
629
+    0xe8, 0xa6, 0x7c, 0x25, 0xf3, 0x57, 0xe5, 0xb6, 0xb4, 0x73, 0x8f, 0xa5,
630
+    0x41, 0xa7, 0x30, 0x34, 0x6b, 0x4a, 0x07, 0x64, 0x9a, 0x2d, 0xfa, 0x80,
631
+    0x6a, 0x69, 0xc9, 0x75, 0xb6, 0xab, 0xa6, 0x46, 0x78, 0xac, 0xc7, 0xf5,
632
+    0x91, 0x3e, 0x89, 0xc6, 0x22, 0xf2, 0xd8, 0xab, 0xb1, 0xe3, 0xe3, 0x25,
633
+    0x54, 0xe3, 0x9d, 0xf9, 0x4b, 0xa6, 0x0c, 0x00, 0x2e, 0x38, 0x7d, 0x90,
634
+    0x11, 0x02, 0x41, 0x02, 0x92, 0x32, 0x33, 0x6d, 0x28, 0x38, 0x94, 0x5d,
635
+    0xba, 0x9d, 0xd7, 0x72, 0x3f, 0x4e, 0x62, 0x4a, 0x05, 0xf7, 0x37, 0x5b,
636
+    0x92, 0x7a, 0x87, 0xab, 0xe6, 0xa8, 0x93, 0xa1, 0x65, 0x8f, 0xd4, 0x9f,
637
+    0x47, 0xf6, 0xc7, 0xb0, 0xfa, 0x59, 0x6c, 0x65, 0xfa, 0x68, 0xa2, 0x3f,
638
+    0x0a, 0xb4, 0x32, 0x96, 0x2d, 0x18, 0xd4, 0x34, 0x3b, 0xd6, 0xfd, 0x67,
639
+    0x1a, 0x5e, 0xa8, 0xd1, 0x48, 0x41, 0x39, 0x95, 0x02, 0x41, 0x02, 0x0e,
640
+    0xf5, 0xef, 0xe7, 0xc5, 0x39, 0x4a, 0xed, 0x22, 0x72, 0xf7, 0xe8, 0x1a,
641
+    0x74, 0xf4, 0xc0, 0x2d, 0x14, 0x58, 0x94, 0xcb, 0x1b, 0x3c, 0xab, 0x23,
642
+    0xa9, 0xa0, 0x71, 0x0a, 0x2a, 0xfc, 0x7e, 0x33, 0x29, 0xac, 0xbb, 0x74,
643
+    0x3d, 0x01, 0xf6, 0x80, 0xc4, 0xd0, 0x2a, 0xfb, 0x4c, 0x8f, 0xde, 0x7e,
644
+    0x20, 0x93, 0x08, 0x11, 0xbb, 0x2b, 0x99, 0x57, 0x88, 0xb5, 0xe8, 0x72,
645
+    0xc2, 0x0b, 0xb1, 0x02, 0x41, 0x02, 0x6e, 0x7e, 0x28, 0x01, 0x0e, 0xcf,
646
+    0x24, 0x12, 0xd9, 0x52, 0x3a, 0xd7, 0x04, 0x64, 0x7f, 0xb4, 0xfe, 0x9b,
647
+    0x66, 0xb1, 0xa6, 0x81, 0x58, 0x1b, 0x0e, 0x15, 0x55, 0x3a, 0x89, 0xb1,
648
+    0x54, 0x28, 0x28, 0x89, 0x8f, 0x27, 0x24, 0x3e, 0xba, 0xb4, 0x5f, 0xf5,
649
+    0xe1, 0xac, 0xb9, 0xd4, 0xdf, 0x1b, 0x05, 0x1f, 0xbc, 0x62, 0x82, 0x4d,
650
+    0xbc, 0x6f, 0x6c, 0x93, 0x26, 0x1a, 0x78, 0xb9, 0xa7, 0x59, 0x02, 0x41,
651
+    0x01, 0x2d, 0xdc, 0xc8, 0x6e, 0xf6, 0x55, 0x99, 0x8c, 0x39, 0xdd, 0xae,
652
+    0x11, 0x71, 0x86, 0x69, 0xe5, 0xe4, 0x6c, 0xf1, 0x49, 0x5b, 0x07, 0xe1,
653
+    0x3b, 0x10, 0x14, 0xcd, 0x69, 0xb3, 0xaf, 0x68, 0x30, 0x4a, 0xd2, 0xa6,
654
+    0xb6, 0x43, 0x21, 0xe7, 0x8b, 0xf3, 0xbb, 0xca, 0x9b, 0xb4, 0x94, 0xe9,
655
+    0x1d, 0x45, 0x17, 0x17, 0xe2, 0xd9, 0x75, 0x64, 0xc6, 0x54, 0x94, 0x65,
656
+    0xd0, 0x20, 0x5c, 0xf4, 0x21, 0x02, 0x41, 0x01, 0x06, 0x00, 0xc4, 0xc2,
657
+    0x18, 0x47, 0x45, 0x9f, 0xe5, 0x76, 0x70, 0x3e, 0x2e, 0xbe, 0xca, 0xe8,
658
+    0xa5, 0x09, 0x4e, 0xe6, 0x3f, 0x53, 0x6b, 0xf4, 0xac, 0x68, 0xd3, 0xc1,
659
+    0x3e, 0x5e, 0x4f, 0x12, 0xac, 0x5c, 0xc1, 0x0a, 0xb6, 0xa2, 0xd0, 0x5a,
660
+    0x19, 0x92, 0x14, 0xd1, 0x82, 0x47, 0x47, 0xd5, 0x51, 0x90, 0x96, 0x36,
661
+    0xb7, 0x74, 0xc2, 0x2c, 0xac, 0x0b, 0x83, 0x75, 0x99, 0xab, 0xcc, 0x75};
662
+const uint8_t kTestVector4Spki[] = {
663
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
664
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
665
+    0x89, 0x02, 0x81, 0x81, 0x05, 0x4a, 0xdb, 0x78, 0x86, 0x44, 0x7e, 0xfe,
666
+    0x6f, 0x57, 0xe0, 0x36, 0x8f, 0x06, 0xcf, 0x52, 0xb0, 0xa3, 0x37, 0x07,
667
+    0x60, 0xd1, 0x61, 0xce, 0xf1, 0x26, 0xb9, 0x1b, 0xe7, 0xf8, 0x9c, 0x42,
668
+    0x1b, 0x62, 0xa6, 0xec, 0x1d, 0xa3, 0xc3, 0x11, 0xd7, 0x5e, 0xd5, 0x0e,
669
+    0x0a, 0xb5, 0xff, 0xf3, 0xfd, 0x33, 0x8a, 0xcc, 0x3a, 0xa8, 0xa4, 0xe7,
670
+    0x7e, 0xe2, 0x63, 0x69, 0xac, 0xb8, 0x1b, 0xa9, 0x00, 0xfa, 0x83, 0xf5,
671
+    0x30, 0x0c, 0xf9, 0xbb, 0x6c, 0x53, 0xad, 0x1d, 0xc8, 0xa1, 0x78, 0xb8,
672
+    0x15, 0xdb, 0x42, 0x35, 0xa9, 0xa9, 0xda, 0x0c, 0x06, 0xde, 0x4e, 0x61,
673
+    0x5e, 0xa1, 0x27, 0x7c, 0xe5, 0x59, 0xe9, 0xc1, 0x08, 0xde, 0x58, 0xc1,
674
+    0x4a, 0x81, 0xaa, 0x77, 0xf5, 0xa6, 0xf8, 0xd1, 0x33, 0x54, 0x94, 0x49,
675
+    0x88, 0x48, 0xc8, 0xb9, 0x59, 0x40, 0x74, 0x0b, 0xe7, 0xbf, 0x7c, 0x37,
676
+    0x05, 0x02, 0x03, 0x01, 0x00, 0x01};
677
+// RSA-PSS test vectors, pss-vect.txt, Example 4.1
678
+const uint8_t kTestVector4Data[] = {0x9f, 0xb0, 0x3b, 0x82,
679
+                                    0x7c, 0x82, 0x17, 0xd9};
680
+const uint8_t kTestVector4Sig[] = {
681
+    0x03, 0x23, 0xd5, 0xb7, 0xbf, 0x20, 0xba, 0x45, 0x39, 0x28, 0x9a, 0xe4,
682
+    0x52, 0xae, 0x42, 0x97, 0x08, 0x0f, 0xef, 0xf4, 0x51, 0x84, 0x23, 0xff,
683
+    0x48, 0x11, 0xa8, 0x17, 0x83, 0x7e, 0x7d, 0x82, 0xf1, 0x83, 0x6c, 0xdf,
684
+    0xab, 0x54, 0x51, 0x4f, 0xf0, 0x88, 0x7b, 0xdd, 0xee, 0xbf, 0x40, 0xbf,
685
+    0x99, 0xb0, 0x47, 0xab, 0xc3, 0xec, 0xfa, 0x6a, 0x37, 0xa3, 0xef, 0x00,
686
+    0xf4, 0xa0, 0xc4, 0xa8, 0x8a, 0xae, 0x09, 0x04, 0xb7, 0x45, 0xc8, 0x46,
687
+    0xc4, 0x10, 0x7e, 0x87, 0x97, 0x72, 0x3e, 0x8a, 0xc8, 0x10, 0xd9, 0xe3,
688
+    0xd9, 0x5d, 0xfa, 0x30, 0xff, 0x49, 0x66, 0xf4, 0xd7, 0x5d, 0x13, 0x76,
689
+    0x8d, 0x20, 0x85, 0x7f, 0x2b, 0x14, 0x06, 0xf2, 0x64, 0xcf, 0xe7, 0x5e,
690
+    0x27, 0xd7, 0x65, 0x2f, 0x4b, 0x5e, 0xd3, 0x57, 0x5f, 0x28, 0xa7, 0x02,
691
+    0xf8, 0xc4, 0xed, 0x9c, 0xf9, 0xb2, 0xd4, 0x49, 0x48};
692
+
693
+// RSA-PSS test vectors, pss-vect.txt, Example 5: A 1028-bit RSA Key Pair
694
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
695
+const uint8_t kTestVector5Pkcs8[] = {
696
+    0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
697
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
698
+    0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
699
+    0x0d, 0x10, 0xf6, 0x61, 0xf2, 0x99, 0x40, 0xf5, 0xed, 0x39, 0xaa, 0x26,
700
+    0x09, 0x66, 0xde, 0xb4, 0x78, 0x43, 0x67, 0x9d, 0x2b, 0x6f, 0xb2, 0x5b,
701
+    0x3d, 0xe3, 0x70, 0xf3, 0xac, 0x7c, 0x19, 0x91, 0x63, 0x91, 0xfd, 0x25,
702
+    0xfb, 0x52, 0x7e, 0xbf, 0xa6, 0xa4, 0xb4, 0xdf, 0x45, 0xa1, 0x75, 0x9d,
703
+    0x99, 0x6c, 0x4b, 0xb4, 0xeb, 0xd1, 0x88, 0x28, 0xc4, 0x4f, 0xc5, 0x2d,
704
+    0x01, 0x91, 0x87, 0x17, 0x40, 0x52, 0x5f, 0x47, 0xa4, 0xb0, 0xcc, 0x8d,
705
+    0xa3, 0x25, 0xed, 0x8a, 0xa6, 0x76, 0xb0, 0xd0, 0xf6, 0x26, 0xe0, 0xa7,
706
+    0x7f, 0x07, 0x69, 0x21, 0x70, 0xac, 0xac, 0x80, 0x82, 0xf4, 0x2f, 0xaa,
707
+    0x7d, 0xc7, 0xcd, 0x12, 0x3e, 0x73, 0x0e, 0x31, 0xa8, 0x79, 0x85, 0x20,
708
+    0x4c, 0xab, 0xcb, 0xe6, 0x67, 0x0d, 0x43, 0xa2, 0xdd, 0x2b, 0x2d, 0xde,
709
+    0xf5, 0xe0, 0x53, 0x92, 0xfc, 0x21, 0x3b, 0xc5, 0x07, 0x02, 0x03, 0x01,
710
+    0x00, 0x01, 0x02, 0x81, 0x81, 0x03, 0xce, 0x08, 0xb1, 0x04, 0xff, 0xf3,
711
+    0x96, 0xa9, 0x79, 0xbd, 0x3e, 0x4e, 0x46, 0x92, 0x5b, 0x63, 0x19, 0xdd,
712
+    0xb6, 0x3a, 0xcb, 0xcf, 0xd8, 0x19, 0xf1, 0x7d, 0x16, 0xb8, 0x07, 0x7b,
713
+    0x3a, 0x87, 0x10, 0x1f, 0xf3, 0x4b, 0x77, 0xfe, 0x48, 0xb8, 0xb2, 0x05,
714
+    0xa9, 0x6e, 0x91, 0x51, 0xba, 0x8e, 0xce, 0xa6, 0x4d, 0x0c, 0xce, 0x7b,
715
+    0x23, 0xc3, 0xe6, 0xa6, 0xb8, 0x30, 0x58, 0xbc, 0x49, 0xda, 0xe8, 0x16,
716
+    0xae, 0x73, 0x6d, 0xb5, 0xa4, 0x70, 0x8e, 0x2a, 0xd4, 0x35, 0x23, 0x2b,
717
+    0x56, 0x7f, 0x90, 0x96, 0xce, 0x59, 0xff, 0x28, 0x06, 0x1e, 0x79, 0xab,
718
+    0x1c, 0x02, 0xd7, 0x17, 0xe6, 0xb2, 0x3c, 0xea, 0x6d, 0xb8, 0xeb, 0x51,
719
+    0x92, 0xfa, 0x7c, 0x1e, 0xab, 0x22, 0x7d, 0xba, 0x74, 0x62, 0x1c, 0x45,
720
+    0x60, 0x18, 0x96, 0xee, 0xf1, 0x37, 0x92, 0xc8, 0x44, 0x0b, 0xeb, 0x15,
721
+    0xaa, 0xc1, 0x02, 0x41, 0x03, 0xf2, 0xf3, 0x31, 0xf4, 0x14, 0x2d, 0x4f,
722
+    0x24, 0xb4, 0x3a, 0xa1, 0x02, 0x79, 0xa8, 0x96, 0x52, 0xd4, 0xe7, 0x53,
723
+    0x72, 0x21, 0xa1, 0xa7, 0xb2, 0xa2, 0x5d, 0xeb, 0x55, 0x1e, 0x5d, 0xe9,
724
+    0xac, 0x49, 0x74, 0x11, 0xc2, 0x27, 0xa9, 0x4e, 0x45, 0xf9, 0x1c, 0x2d,
725
+    0x1c, 0x13, 0xcc, 0x04, 0x6c, 0xf4, 0xce, 0x14, 0xe3, 0x2d, 0x05, 0x87,
726
+    0x34, 0x21, 0x0d, 0x44, 0xa8, 0x7e, 0xe1, 0xb7, 0x3f, 0x02, 0x41, 0x03,
727
+    0x4f, 0x09, 0x0d, 0x73, 0xb5, 0x58, 0x03, 0x03, 0x0c, 0xf0, 0x36, 0x1a,
728
+    0x5d, 0x80, 0x81, 0xbf, 0xb7, 0x9f, 0x85, 0x15, 0x23, 0xfe, 0xac, 0x0a,
729
+    0x21, 0x24, 0xd0, 0x8d, 0x40, 0x13, 0xff, 0x08, 0x48, 0x77, 0x71, 0xa8,
730
+    0x70, 0xd0, 0x47, 0x9d, 0xc0, 0x68, 0x6c, 0x62, 0xf7, 0x71, 0x8d, 0xfe,
731
+    0xcf, 0x02, 0x4b, 0x17, 0xc9, 0x26, 0x76, 0x78, 0x05, 0x91, 0x71, 0x33,
732
+    0x9c, 0xc0, 0x08, 0x39, 0x02, 0x41, 0x02, 0xaa, 0x66, 0x3a, 0xdb, 0xf5,
733
+    0x1a, 0xb8, 0x87, 0xa0, 0x18, 0xcb, 0x42, 0x6e, 0x78, 0xbc, 0x2f, 0xe1,
734
+    0x82, 0xdc, 0xb2, 0xf7, 0xbc, 0xb5, 0x04, 0x41, 0xd1, 0x7f, 0xdf, 0x0f,
735
+    0x06, 0x79, 0x8b, 0x50, 0x71, 0xc6, 0xe2, 0xf5, 0xfe, 0xb4, 0xd5, 0x4a,
736
+    0xd8, 0x18, 0x23, 0x11, 0xc1, 0xef, 0x62, 0xd4, 0xc4, 0x9f, 0x18, 0xd1,
737
+    0xf5, 0x1f, 0x54, 0xb2, 0xd2, 0xcf, 0xfb, 0xa4, 0xda, 0x1b, 0xe5, 0x02,
738
+    0x41, 0x02, 0xbb, 0xe7, 0x06, 0x07, 0x8b, 0x5c, 0x0b, 0x39, 0x15, 0x12,
739
+    0xd4, 0x11, 0xdb, 0x1b, 0x19, 0x9b, 0x5a, 0x56, 0x64, 0xb8, 0x40, 0x42,
740
+    0xea, 0xd3, 0x7f, 0xe9, 0x94, 0xae, 0x72, 0xb9, 0x53, 0x2d, 0xfb, 0xfb,
741
+    0x3e, 0x9e, 0x69, 0x81, 0xa0, 0xfb, 0xb8, 0x06, 0x51, 0x31, 0x41, 0xb7,
742
+    0xc2, 0x16, 0x3f, 0xe5, 0x6c, 0x39, 0x5e, 0x4b, 0xfa, 0xee, 0x57, 0xe3,
743
+    0x83, 0x3f, 0x9b, 0x91, 0x8d, 0xf9, 0x02, 0x40, 0x02, 0x42, 0xb6, 0xcd,
744
+    0x00, 0xd3, 0x0a, 0x76, 0x7a, 0xee, 0x9a, 0x89, 0x8e, 0xad, 0x45, 0x3c,
745
+    0x8e, 0xae, 0xa6, 0x3d, 0x50, 0x0b, 0x7d, 0x1e, 0x00, 0x71, 0x3e, 0xda,
746
+    0xe5, 0x1c, 0xe3, 0x6b, 0x23, 0xb6, 0x64, 0xdf, 0x26, 0xe6, 0x3e, 0x26,
747
+    0x6e, 0xc8, 0xf7, 0x6e, 0x6e, 0x63, 0xed, 0x1b, 0xa4, 0x1e, 0xb0, 0x33,
748
+    0xb1, 0x20, 0xf7, 0xea, 0x52, 0x12, 0xae, 0x21, 0xa9, 0x8f, 0xbc, 0x16};
749
+const uint8_t kTestVector5Spki[] = {
750
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
751
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
752
+    0x89, 0x02, 0x81, 0x81, 0x0d, 0x10, 0xf6, 0x61, 0xf2, 0x99, 0x40, 0xf5,
753
+    0xed, 0x39, 0xaa, 0x26, 0x09, 0x66, 0xde, 0xb4, 0x78, 0x43, 0x67, 0x9d,
754
+    0x2b, 0x6f, 0xb2, 0x5b, 0x3d, 0xe3, 0x70, 0xf3, 0xac, 0x7c, 0x19, 0x91,
755
+    0x63, 0x91, 0xfd, 0x25, 0xfb, 0x52, 0x7e, 0xbf, 0xa6, 0xa4, 0xb4, 0xdf,
756
+    0x45, 0xa1, 0x75, 0x9d, 0x99, 0x6c, 0x4b, 0xb4, 0xeb, 0xd1, 0x88, 0x28,
757
+    0xc4, 0x4f, 0xc5, 0x2d, 0x01, 0x91, 0x87, 0x17, 0x40, 0x52, 0x5f, 0x47,
758
+    0xa4, 0xb0, 0xcc, 0x8d, 0xa3, 0x25, 0xed, 0x8a, 0xa6, 0x76, 0xb0, 0xd0,
759
+    0xf6, 0x26, 0xe0, 0xa7, 0x7f, 0x07, 0x69, 0x21, 0x70, 0xac, 0xac, 0x80,
760
+    0x82, 0xf4, 0x2f, 0xaa, 0x7d, 0xc7, 0xcd, 0x12, 0x3e, 0x73, 0x0e, 0x31,
761
+    0xa8, 0x79, 0x85, 0x20, 0x4c, 0xab, 0xcb, 0xe6, 0x67, 0x0d, 0x43, 0xa2,
762
+    0xdd, 0x2b, 0x2d, 0xde, 0xf5, 0xe0, 0x53, 0x92, 0xfc, 0x21, 0x3b, 0xc5,
763
+    0x07, 0x02, 0x03, 0x01, 0x00, 0x01};
764
+// RSA-PSS test vectors, pss-vect.txt, Example 5.1
765
+const uint8_t kTestVector5Data[] = {
766
+    0x30, 0xc7, 0xd5, 0x57, 0x45, 0x8b, 0x43, 0x6d, 0xec, 0xfd, 0xc1, 0x4d,
767
+    0x06, 0xcb, 0x7b, 0x96, 0xb0, 0x67, 0x18, 0xc4, 0x8d, 0x7d, 0xe5, 0x74,
768
+    0x82, 0xa8, 0x68, 0xae, 0x7f, 0x06, 0x58, 0x70, 0xa6, 0x21, 0x65, 0x06,
769
+    0xd1, 0x1b, 0x77, 0x93, 0x23, 0xdf, 0xdf, 0x04, 0x6c, 0xf5, 0x77, 0x51,
770
+    0x29, 0x13, 0x4b, 0x4d, 0x56, 0x89, 0xe4, 0xd9, 0xc0, 0xce, 0x1e, 0x12,
771
+    0xd7, 0xd4, 0xb0, 0x6c, 0xb5, 0xfc, 0x58, 0x20, 0xde, 0xcf, 0xa4, 0x1b,
772
+    0xaf, 0x59, 0xbf, 0x25, 0x7b, 0x32, 0xf0, 0x25, 0xb7, 0x67, 0x9b, 0x44,
773
+    0x5b, 0x94, 0x99, 0xc9, 0x25, 0x55, 0x14, 0x58, 0x85, 0x99, 0x2f, 0x1b,
774
+    0x76, 0xf8, 0x48, 0x91, 0xee, 0x4d, 0x3b, 0xe0, 0xf5, 0x15, 0x0f, 0xd5,
775
+    0x90, 0x1e, 0x3a, 0x4c, 0x8e, 0xd4, 0x3f, 0xd3, 0x6b, 0x61, 0xd0, 0x22,
776
+    0xe6, 0x5a, 0xd5, 0x00, 0x8d, 0xbf, 0x33, 0x29, 0x3c, 0x22, 0xbf, 0xbf,
777
+    0xd0, 0x73, 0x21, 0xf0, 0xf1, 0xd5, 0xfa, 0x9f, 0xdf, 0x00, 0x14, 0xc2,
778
+    0xfc, 0xb0, 0x35, 0x8a, 0xad, 0x0e, 0x35, 0x4b, 0x0d, 0x29};
779
+const uint8_t kTestVector5Sig[] = {
780
+    0x0b, 0xa3, 0x73, 0xf7, 0x6e, 0x09, 0x21, 0xb7, 0x0a, 0x8f, 0xbf, 0xe6,
781
+    0x22, 0xf0, 0xbf, 0x77, 0xb2, 0x8a, 0x3d, 0xb9, 0x8e, 0x36, 0x10, 0x51,
782
+    0xc3, 0xd7, 0xcb, 0x92, 0xad, 0x04, 0x52, 0x91, 0x5a, 0x4d, 0xe9, 0xc0,
783
+    0x17, 0x22, 0xf6, 0x82, 0x3e, 0xeb, 0x6a, 0xdf, 0x7e, 0x0c, 0xa8, 0x29,
784
+    0x0f, 0x5d, 0xe3, 0xe5, 0x49, 0x89, 0x0a, 0xc2, 0xa3, 0xc5, 0x95, 0x0a,
785
+    0xb2, 0x17, 0xba, 0x58, 0x59, 0x08, 0x94, 0x95, 0x2d, 0xe9, 0x6f, 0x8d,
786
+    0xf1, 0x11, 0xb2, 0x57, 0x52, 0x15, 0xda, 0x6c, 0x16, 0x15, 0x90, 0xc7,
787
+    0x45, 0xbe, 0x61, 0x24, 0x76, 0xee, 0x57, 0x8e, 0xd3, 0x84, 0xab, 0x33,
788
+    0xe3, 0xec, 0xe9, 0x74, 0x81, 0xa2, 0x52, 0xf5, 0xc7, 0x9a, 0x98, 0xb5,
789
+    0x53, 0x2a, 0xe0, 0x0c, 0xdd, 0x62, 0xf2, 0xec, 0xc0, 0xcd, 0x1b, 0xae,
790
+    0xfe, 0x80, 0xd8, 0x0b, 0x96, 0x21, 0x93, 0xec, 0x1d};
791
+
792
+// RSA-PSS test vectors, pss-vect.txt, Example 6: A 1029-bit RSA Key Pair
793
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
794
+const uint8_t kTestVector6Pkcs8[] = {
795
+    0x30, 0x82, 0x02, 0x79, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
796
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
797
+    0x02, 0x63, 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
798
+    0x16, 0x4c, 0xa3, 0x1c, 0xff, 0x60, 0x9f, 0x3a, 0x0e, 0x71, 0x01, 0xb0,
799
+    0x39, 0xf2, 0xe4, 0xfe, 0x6d, 0xd3, 0x75, 0x19, 0xab, 0x98, 0x59, 0x8d,
800
+    0x17, 0x9e, 0x17, 0x49, 0x96, 0x59, 0x80, 0x71, 0xf4, 0x7d, 0x3a, 0x04,
801
+    0x55, 0x91, 0x58, 0xd7, 0xbe, 0x37, 0x3c, 0xf1, 0xaa, 0x53, 0xf0, 0xaa,
802
+    0x6e, 0xf0, 0x90, 0x39, 0xe5, 0x67, 0x8c, 0x2a, 0x4c, 0x63, 0x90, 0x05,
803
+    0x14, 0xc8, 0xc4, 0xf8, 0xaa, 0xed, 0x5d, 0xe1, 0x2a, 0x5f, 0x10, 0xb0,
804
+    0x9c, 0x31, 0x1a, 0xf8, 0xc0, 0xff, 0xb5, 0xb7, 0xa2, 0x97, 0xf2, 0xef,
805
+    0xc6, 0x3b, 0x8d, 0x6b, 0x05, 0x10, 0x93, 0x1f, 0x0b, 0x98, 0xe4, 0x8b,
806
+    0xf5, 0xfc, 0x6e, 0xc4, 0xe7, 0xb8, 0xdb, 0x1f, 0xfa, 0xeb, 0x08, 0xc3,
807
+    0x8e, 0x02, 0xad, 0xb8, 0xf0, 0x3a, 0x48, 0x22, 0x9c, 0x99, 0xe9, 0x69,
808
+    0x43, 0x1f, 0x61, 0xcb, 0x8c, 0x4d, 0xc6, 0x98, 0xd1, 0x02, 0x03, 0x01,
809
+    0x00, 0x01, 0x02, 0x81, 0x81, 0x03, 0xb6, 0x64, 0xee, 0x3b, 0x75, 0x66,
810
+    0x72, 0x3f, 0xc6, 0xea, 0xf2, 0x8a, 0xbb, 0x43, 0x0a, 0x39, 0x80, 0xf1,
811
+    0x12, 0x6c, 0x81, 0xde, 0x8a, 0xd7, 0x09, 0xea, 0xb3, 0x9a, 0xc9, 0xdc,
812
+    0xd0, 0xb1, 0x55, 0x0b, 0x37, 0x29, 0xd8, 0x70, 0x68, 0xe9, 0x52, 0x00,
813
+    0x9d, 0xf5, 0x44, 0x53, 0x4c, 0x1f, 0x50, 0x82, 0x9a, 0x78, 0xf4, 0x59,
814
+    0x1e, 0xb8, 0xfd, 0x57, 0x14, 0x04, 0x26, 0xa6, 0xbb, 0x04, 0x05, 0xb6,
815
+    0xa6, 0xf5, 0x1a, 0x57, 0xd9, 0x26, 0x7b, 0x7b, 0xbc, 0x65, 0x33, 0x91,
816
+    0xa6, 0x99, 0xa2, 0xa9, 0x0d, 0xac, 0x8a, 0xe2, 0x26, 0xbc, 0xc6, 0x0f,
817
+    0xa8, 0xcd, 0x93, 0x4c, 0x73, 0xc7, 0xb0, 0x3b, 0x1f, 0x6b, 0x81, 0x81,
818
+    0x58, 0x63, 0x18, 0x38, 0xa8, 0x61, 0x2e, 0x6e, 0x6e, 0xa9, 0x2b, 0xe2,
819
+    0x4f, 0x83, 0x24, 0xfa, 0xf5, 0xb1, 0xfd, 0x85, 0x87, 0x22, 0x52, 0x67,
820
+    0xba, 0x6f, 0x02, 0x41, 0x04, 0xf0, 0x54, 0x8c, 0x96, 0x26, 0xab, 0x1e,
821
+    0xbf, 0x12, 0x44, 0x93, 0x47, 0x41, 0xd9, 0x9a, 0x06, 0x22, 0x0e, 0xfa,
822
+    0x2a, 0x58, 0x56, 0xaa, 0x0e, 0x75, 0x73, 0x0b, 0x2e, 0xc9, 0x6a, 0xdc,
823
+    0x86, 0xbe, 0x89, 0x4f, 0xa2, 0x80, 0x3b, 0x53, 0xa5, 0xe8, 0x5d, 0x27,
824
+    0x6a, 0xcb, 0xd2, 0x9a, 0xb8, 0x23, 0xf8, 0x0a, 0x73, 0x91, 0xbb, 0x54,
825
+    0xa5, 0x05, 0x16, 0x72, 0xfb, 0x04, 0xee, 0xb5, 0x43, 0x02, 0x41, 0x04,
826
+    0x83, 0xe0, 0xae, 0x47, 0x91, 0x55, 0x87, 0x74, 0x3f, 0xf3, 0x45, 0x36,
827
+    0x2b, 0x55, 0x5d, 0x39, 0x62, 0xd9, 0x8b, 0xb6, 0xf1, 0x5f, 0x84, 0x8b,
828
+    0x4c, 0x92, 0xb1, 0x77, 0x1c, 0xa8, 0xed, 0x10, 0x7d, 0x8d, 0x3e, 0xe6,
829
+    0x5e, 0xc4, 0x45, 0x17, 0xdd, 0x0f, 0xaa, 0x48, 0x1a, 0x38, 0x7e, 0x90,
830
+    0x2f, 0x7a, 0x2e, 0x74, 0x7c, 0x26, 0x9e, 0x7e, 0xa4, 0x44, 0x80, 0xbc,
831
+    0x53, 0x8b, 0x8e, 0x5b, 0x02, 0x41, 0x03, 0xa8, 0xe8, 0xae, 0xa9, 0x92,
832
+    0x0c, 0x1a, 0xa3, 0xb2, 0xf0, 0xd8, 0x46, 0xe4, 0xb8, 0x50, 0xd8, 0x1c,
833
+    0xa3, 0x06, 0xa5, 0x1c, 0x83, 0x54, 0x4f, 0x94, 0x9f, 0x64, 0xf9, 0x0d,
834
+    0xcf, 0x3f, 0x8e, 0x26, 0x61, 0xf0, 0x7e, 0x56, 0x12, 0x20, 0xa1, 0x80,
835
+    0x38, 0x8f, 0xbe, 0x27, 0x3e, 0x70, 0xe2, 0xe5, 0xdc, 0xa8, 0x3a, 0x0e,
836
+    0x13, 0x48, 0xdd, 0x64, 0x90, 0xc7, 0x31, 0xd6, 0xec, 0xe1, 0xab, 0x02,
837
+    0x41, 0x01, 0x35, 0xbd, 0xcd, 0xb6, 0x0b, 0xf2, 0x19, 0x7c, 0x43, 0x6e,
838
+    0xd3, 0x4b, 0x32, 0xcd, 0x8b, 0x4f, 0xc7, 0x77, 0x78, 0x83, 0x2b, 0xa7,
839
+    0x67, 0x03, 0x55, 0x1f, 0xb2, 0x42, 0xb3, 0x01, 0x69, 0x95, 0x93, 0xaf,
840
+    0x77, 0xfd, 0x8f, 0xc3, 0x94, 0xa8, 0x52, 0x6a, 0xd2, 0x3c, 0xc4, 0x1a,
841
+    0x03, 0x80, 0x6b, 0xd8, 0x97, 0xfe, 0x4b, 0x0e, 0xa6, 0x46, 0x55, 0x8a,
842
+    0xad, 0xdc, 0xc9, 0x9e, 0x8a, 0x25, 0x02, 0x41, 0x03, 0x04, 0xc0, 0x3d,
843
+    0x9c, 0x73, 0x65, 0x03, 0xa9, 0x84, 0xab, 0xbd, 0x9b, 0xa2, 0x23, 0x01,
844
+    0x40, 0x7c, 0x4a, 0x2a, 0xb1, 0xdd, 0x85, 0x76, 0x64, 0x81, 0xb6, 0x0d,
845
+    0x45, 0x40, 0x11, 0x52, 0xe6, 0x92, 0xbe, 0x14, 0xf4, 0x12, 0x1d, 0x9a,
846
+    0xa3, 0xfd, 0x6e, 0x0b, 0x4d, 0x1d, 0x3a, 0x97, 0x35, 0x38, 0xa3, 0x1d,
847
+    0x42, 0xee, 0x6e, 0x1e, 0x5e, 0xf6, 0x20, 0x23, 0x1a, 0x2b, 0xba, 0xf3,
848
+    0x5f};
849
+const uint8_t kTestVector6Spki[] = {
850
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
851
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
852
+    0x89, 0x02, 0x81, 0x81, 0x16, 0x4c, 0xa3, 0x1c, 0xff, 0x60, 0x9f, 0x3a,
853
+    0x0e, 0x71, 0x01, 0xb0, 0x39, 0xf2, 0xe4, 0xfe, 0x6d, 0xd3, 0x75, 0x19,
854
+    0xab, 0x98, 0x59, 0x8d, 0x17, 0x9e, 0x17, 0x49, 0x96, 0x59, 0x80, 0x71,
855
+    0xf4, 0x7d, 0x3a, 0x04, 0x55, 0x91, 0x58, 0xd7, 0xbe, 0x37, 0x3c, 0xf1,
856
+    0xaa, 0x53, 0xf0, 0xaa, 0x6e, 0xf0, 0x90, 0x39, 0xe5, 0x67, 0x8c, 0x2a,
857
+    0x4c, 0x63, 0x90, 0x05, 0x14, 0xc8, 0xc4, 0xf8, 0xaa, 0xed, 0x5d, 0xe1,
858
+    0x2a, 0x5f, 0x10, 0xb0, 0x9c, 0x31, 0x1a, 0xf8, 0xc0, 0xff, 0xb5, 0xb7,
859
+    0xa2, 0x97, 0xf2, 0xef, 0xc6, 0x3b, 0x8d, 0x6b, 0x05, 0x10, 0x93, 0x1f,
860
+    0x0b, 0x98, 0xe4, 0x8b, 0xf5, 0xfc, 0x6e, 0xc4, 0xe7, 0xb8, 0xdb, 0x1f,
861
+    0xfa, 0xeb, 0x08, 0xc3, 0x8e, 0x02, 0xad, 0xb8, 0xf0, 0x3a, 0x48, 0x22,
862
+    0x9c, 0x99, 0xe9, 0x69, 0x43, 0x1f, 0x61, 0xcb, 0x8c, 0x4d, 0xc6, 0x98,
863
+    0xd1, 0x02, 0x03, 0x01, 0x00, 0x01};
864
+// RSA-PSS test vectors, pss-vect.txt, Example 6.1
865
+const uint8_t kTestVector6Data[] = {
866
+    0x0a, 0x20, 0xb7, 0x74, 0xad, 0xdc, 0x2f, 0xa5, 0x12, 0x45, 0xed,
867
+    0x7c, 0xb9, 0xda, 0x60, 0x9e, 0x50, 0xca, 0xc6, 0x63, 0x6a, 0x52,
868
+    0x54, 0x3f, 0x97, 0x45, 0x8e, 0xed, 0x73, 0x40, 0xf8, 0xd5, 0x3f,
869
+    0xfc, 0x64, 0x91, 0x8f, 0x94, 0x90, 0x78, 0xee, 0x03, 0xef, 0x60,
870
+    0xd4, 0x2b, 0x5f, 0xec, 0x24, 0x60, 0x50, 0xbd, 0x55, 0x05, 0xcd,
871
+    0x8c, 0xb5, 0x97, 0xba, 0xd3, 0xc4, 0xe7, 0x13, 0xb0, 0xef, 0x30,
872
+    0x64, 0x4e, 0x76, 0xad, 0xab, 0xb0, 0xde, 0x01, 0xa1, 0x56, 0x1e,
873
+    0xfb, 0x25, 0x51, 0x58, 0xc7, 0x4f, 0xc8, 0x01, 0xe6, 0xe9, 0x19,
874
+    0xe5, 0x81, 0xb4, 0x6f, 0x0f, 0x0d, 0xdd, 0x08, 0xe4, 0xf3, 0x4c,
875
+    0x78, 0x10, 0xb5, 0xed, 0x83, 0x18, 0xf9, 0x1d, 0x7c, 0x8c};
876
+const uint8_t kTestVector6Sig[] = {
877
+    0x04, 0xc0, 0xcf, 0xac, 0xec, 0x04, 0xe5, 0xba, 0xdb, 0xec, 0xe1, 0x59,
878
+    0xa5, 0xa1, 0x10, 0x3f, 0x69, 0xb3, 0xf3, 0x2b, 0xa5, 0x93, 0xcb, 0x4c,
879
+    0xc4, 0xb1, 0xb7, 0xab, 0x45, 0x59, 0x16, 0xa9, 0x6a, 0x27, 0xcd, 0x26,
880
+    0x78, 0xea, 0x0f, 0x46, 0xba, 0x37, 0xf7, 0xfc, 0x9c, 0x86, 0x32, 0x5f,
881
+    0x29, 0x73, 0x3b, 0x38, 0x9f, 0x1d, 0x97, 0xf4, 0x3e, 0x72, 0x01, 0xc0,
882
+    0xf3, 0x48, 0xfc, 0x45, 0xfe, 0x42, 0x89, 0x23, 0x35, 0x36, 0x2e, 0xee,
883
+    0x01, 0x8b, 0x5b, 0x16, 0x1f, 0x2f, 0x93, 0x93, 0x03, 0x12, 0x25, 0xc7,
884
+    0x13, 0x01, 0x2a, 0x57, 0x6b, 0xc8, 0x8e, 0x23, 0x05, 0x24, 0x89, 0x86,
885
+    0x8d, 0x90, 0x10, 0xcb, 0xf0, 0x33, 0xec, 0xc5, 0x68, 0xe8, 0xbc, 0x15,
886
+    0x2b, 0xdc, 0x59, 0xd5, 0x60, 0xe4, 0x12, 0x91, 0x91, 0x5d, 0x28, 0x56,
887
+    0x52, 0x08, 0xe2, 0x2a, 0xee, 0xc9, 0xef, 0x85, 0xd1};
888
+
889
+// RSA-PSS test vectors, pss-vect.txt, Example 7: A 1030-bit RSA Key Pair
890
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
891
+const uint8_t kTestVector7Pkcs8[] = {
892
+    0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
893
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
894
+    0x02, 0x61, 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
895
+    0x37, 0xc9, 0xda, 0x4a, 0x66, 0xc8, 0xc4, 0x08, 0xb8, 0xda, 0x27, 0xd0,
896
+    0xc9, 0xd7, 0x9f, 0x8c, 0xcb, 0x1e, 0xaf, 0xc1, 0xd2, 0xfe, 0x48, 0x74,
897
+    0x6d, 0x94, 0x0b, 0x7c, 0x4e, 0xf5, 0xde, 0xe1, 0x8a, 0xd1, 0x26, 0x47,
898
+    0xce, 0xfa, 0xa0, 0xc4, 0xb3, 0x18, 0x8b, 0x22, 0x1c, 0x51, 0x53, 0x86,
899
+    0x75, 0x9b, 0x93, 0xf0, 0x20, 0x24, 0xb2, 0x5a, 0xb9, 0x24, 0x2f, 0x83,
900
+    0x57, 0xd8, 0xf3, 0xfd, 0x49, 0x64, 0x0e, 0xe5, 0xe6, 0x43, 0xea, 0xf6,
901
+    0xc6, 0x4d, 0xee, 0xfa, 0x70, 0x89, 0x72, 0x7c, 0x8f, 0xf0, 0x39, 0x93,
902
+    0x33, 0x39, 0x15, 0xc6, 0xef, 0x21, 0xbf, 0x59, 0x75, 0xb6, 0xe5, 0x0d,
903
+    0x11, 0x8b, 0x51, 0x00, 0x8e, 0xc3, 0x3e, 0x9f, 0x01, 0xa0, 0xa5, 0x45,
904
+    0xa1, 0x0a, 0x83, 0x6a, 0x43, 0xdd, 0xbc, 0xa9, 0xd8, 0xb5, 0xc5, 0xd3,
905
+    0x54, 0x80, 0x22, 0xd7, 0x06, 0x4e, 0xa2, 0x9a, 0xb3, 0x02, 0x03, 0x01,
906
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x3b, 0xed, 0x99, 0x90, 0x52, 0xd9, 0x57,
907
+    0xbc, 0x06, 0xd6, 0x51, 0xee, 0xf6, 0xe3, 0xa9, 0x80, 0x94, 0xb1, 0x62,
908
+    0x1b, 0xd3, 0x8b, 0x54, 0x49, 0xbd, 0x6c, 0x4a, 0xea, 0x3d, 0xe7, 0xe0,
909
+    0x84, 0x67, 0x9a, 0x44, 0x84, 0xde, 0xd2, 0x5b, 0xe0, 0xf0, 0x82, 0x6c,
910
+    0xf3, 0x37, 0x78, 0x25, 0x41, 0x4b, 0x14, 0xd4, 0xd6, 0x1d, 0xb1, 0x4d,
911
+    0xe6, 0x26, 0xfb, 0xb8, 0x0e, 0x5f, 0x4f, 0xae, 0xc9, 0x56, 0xf9, 0xa0,
912
+    0xa2, 0xd2, 0x4f, 0x99, 0x57, 0x63, 0x80, 0xf0, 0x84, 0xeb, 0x62, 0xe4,
913
+    0x6a, 0x57, 0xd5, 0x54, 0x27, 0x8b, 0x53, 0x56, 0x26, 0x19, 0x3c, 0xe0,
914
+    0x20, 0x60, 0x57, 0x5e, 0xb6, 0x6c, 0x57, 0x98, 0xd3, 0x6f, 0x6c, 0x5d,
915
+    0x40, 0xfb, 0x00, 0xd8, 0x09, 0xb4, 0x2a, 0x73, 0x10, 0x2c, 0x1c, 0x74,
916
+    0xee, 0x95, 0xbd, 0x71, 0x42, 0x0f, 0xff, 0xef, 0x63, 0x18, 0xb5, 0x2c,
917
+    0x29, 0x02, 0x41, 0x07, 0xee, 0xfb, 0x42, 0x4b, 0x0e, 0x3a, 0x40, 0xe4,
918
+    0x20, 0x8e, 0xe5, 0xaf, 0xb2, 0x80, 0xb2, 0x23, 0x17, 0x30, 0x81, 0x14,
919
+    0xdd, 0xe0, 0xb4, 0xb6, 0x4f, 0x73, 0x01, 0x84, 0xec, 0x68, 0xda, 0x6c,
920
+    0xe2, 0x86, 0x7a, 0x9f, 0x48, 0xed, 0x77, 0x26, 0xd5, 0xe2, 0x61, 0x4e,
921
+    0xd0, 0x4a, 0x54, 0x10, 0x73, 0x6c, 0x8c, 0x71, 0x4e, 0xe7, 0x02, 0x47,
922
+    0x42, 0x98, 0xc6, 0x29, 0x2a, 0xf0, 0x75, 0x35, 0x02, 0x41, 0x07, 0x08,
923
+    0x30, 0xdb, 0xf9, 0x47, 0xea, 0xc0, 0x22, 0x8d, 0xe2, 0x63, 0x14, 0xb5,
924
+    0x9b, 0x66, 0x99, 0x4c, 0xc6, 0x0e, 0x83, 0x60, 0xe7, 0x5d, 0x38, 0x76,
925
+    0x29, 0x8f, 0x8f, 0x8a, 0x7d, 0x14, 0x1d, 0xa0, 0x64, 0xe5, 0xca, 0x02,
926
+    0x6a, 0x97, 0x3e, 0x28, 0xf2, 0x54, 0x73, 0x8c, 0xee, 0x66, 0x9c, 0x72,
927
+    0x1b, 0x03, 0x4c, 0xb5, 0xf8, 0xe2, 0x44, 0xda, 0xdd, 0x7c, 0xd1, 0xe1,
928
+    0x59, 0xd5, 0x47, 0x02, 0x41, 0x05, 0x24, 0xd2, 0x0c, 0x3d, 0x95, 0xcf,
929
+    0xf7, 0x5a, 0xf2, 0x31, 0x34, 0x83, 0x22, 0x7d, 0x87, 0x02, 0x71, 0x7a,
930
+    0xa5, 0x76, 0xde, 0x15, 0x5f, 0x96, 0x05, 0x15, 0x50, 0x1a, 0xdb, 0x1d,
931
+    0x70, 0xe1, 0xc0, 0x4d, 0xe9, 0x1b, 0x75, 0xb1, 0x61, 0xdb, 0xf0, 0x39,
932
+    0x83, 0x56, 0x12, 0x7e, 0xde, 0xda, 0x7b, 0xbc, 0x19, 0xa3, 0x2d, 0xc1,
933
+    0x62, 0x1c, 0xc9, 0xf5, 0x3c, 0x26, 0x5d, 0x0c, 0xe3, 0x31, 0x02, 0x41,
934
+    0x05, 0xf9, 0x84, 0xa1, 0xf2, 0x3c, 0x93, 0x8d, 0x6a, 0x0e, 0x89, 0x72,
935
+    0x4b, 0xcf, 0x3d, 0xd9, 0x3f, 0x99, 0x46, 0x92, 0x60, 0x37, 0xfe, 0x7c,
936
+    0x6b, 0x13, 0xa2, 0x9e, 0x52, 0x84, 0x85, 0x5f, 0x89, 0x08, 0x95, 0x91,
937
+    0xd4, 0x40, 0x97, 0x56, 0x27, 0xbf, 0x5c, 0x9e, 0x3a, 0x8b, 0x5c, 0xa7,
938
+    0x9c, 0x77, 0x2a, 0xd2, 0x73, 0xe4, 0x0d, 0x32, 0x1a, 0xf4, 0xa6, 0xc9,
939
+    0x7d, 0xfd, 0xed, 0x78, 0xd3, 0x02, 0x40, 0xdd, 0xd9, 0x18, 0xad, 0xad,
940
+    0xa2, 0x9d, 0xca, 0xb9, 0x81, 0xff, 0x9a, 0xcb, 0xa4, 0x25, 0x70, 0x23,
941
+    0xc0, 0x9a, 0x38, 0x01, 0xcc, 0xce, 0x09, 0x8c, 0xe2, 0x68, 0xf8, 0x55,
942
+    0xd0, 0xdf, 0x57, 0x0c, 0xd6, 0xe7, 0xb9, 0xb1, 0x4b, 0xd9, 0xa5, 0xa9,
943
+    0x25, 0x4c, 0xbc, 0x31, 0x5b, 0xe6, 0xf8, 0xba, 0x1e, 0x25, 0x46, 0xdd,
944
+    0xd5, 0x69, 0xc5, 0xea, 0x19, 0xee, 0xd8, 0x35, 0x3b, 0xde, 0x5e};
945
+const uint8_t kTestVector7Spki[] = {
946
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
947
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
948
+    0x89, 0x02, 0x81, 0x81, 0x37, 0xc9, 0xda, 0x4a, 0x66, 0xc8, 0xc4, 0x08,
949
+    0xb8, 0xda, 0x27, 0xd0, 0xc9, 0xd7, 0x9f, 0x8c, 0xcb, 0x1e, 0xaf, 0xc1,
950
+    0xd2, 0xfe, 0x48, 0x74, 0x6d, 0x94, 0x0b, 0x7c, 0x4e, 0xf5, 0xde, 0xe1,
951
+    0x8a, 0xd1, 0x26, 0x47, 0xce, 0xfa, 0xa0, 0xc4, 0xb3, 0x18, 0x8b, 0x22,
952
+    0x1c, 0x51, 0x53, 0x86, 0x75, 0x9b, 0x93, 0xf0, 0x20, 0x24, 0xb2, 0x5a,
953
+    0xb9, 0x24, 0x2f, 0x83, 0x57, 0xd8, 0xf3, 0xfd, 0x49, 0x64, 0x0e, 0xe5,
954
+    0xe6, 0x43, 0xea, 0xf6, 0xc6, 0x4d, 0xee, 0xfa, 0x70, 0x89, 0x72, 0x7c,
955
+    0x8f, 0xf0, 0x39, 0x93, 0x33, 0x39, 0x15, 0xc6, 0xef, 0x21, 0xbf, 0x59,
956
+    0x75, 0xb6, 0xe5, 0x0d, 0x11, 0x8b, 0x51, 0x00, 0x8e, 0xc3, 0x3e, 0x9f,
957
+    0x01, 0xa0, 0xa5, 0x45, 0xa1, 0x0a, 0x83, 0x6a, 0x43, 0xdd, 0xbc, 0xa9,
958
+    0xd8, 0xb5, 0xc5, 0xd3, 0x54, 0x80, 0x22, 0xd7, 0x06, 0x4e, 0xa2, 0x9a,
959
+    0xb3, 0x02, 0x03, 0x01, 0x00, 0x01};
960
+// RSA-PSS test vectors, pss-vect.txt, Example 7.1
961
+const uint8_t kTestVector7Data[] = {
962
+    0x9e, 0xad, 0x0e, 0x01, 0x94, 0x56, 0x40, 0x67, 0x4e, 0xb4, 0x1c, 0xad,
963
+    0x43, 0x5e, 0x23, 0x74, 0xea, 0xef, 0xa8, 0xad, 0x71, 0x97, 0xd9, 0x79,
964
+    0x13, 0xc4, 0x49, 0x57, 0xd8, 0xd8, 0x3f, 0x40, 0xd7, 0x6e, 0xe6, 0x0e,
965
+    0x39, 0xbf, 0x9c, 0x0f, 0x9e, 0xaf, 0x30, 0x21, 0x42, 0x1a, 0x07, 0x4d,
966
+    0x1a, 0xde, 0x96, 0x2c, 0x6e, 0x9d, 0x3d, 0xc3, 0xbb, 0x17, 0x4f, 0xe4,
967
+    0xdf, 0xe6, 0x52, 0xb0, 0x91, 0x15, 0x49, 0x5b, 0x8f, 0xd2, 0x79, 0x41,
968
+    0x74, 0x02, 0x0a, 0x06, 0x02, 0xb5, 0xca, 0x51, 0x84, 0x8c, 0xfc, 0x96,
969
+    0xce, 0x5e, 0xb5, 0x7f, 0xc0, 0xa2, 0xad, 0xc1, 0xdd, 0xa3, 0x6a, 0x7c,
970
+    0xc4, 0x52, 0x64, 0x1a, 0x14, 0x91, 0x1b, 0x37, 0xe4, 0x5b, 0xfa, 0x11,
971
+    0xda, 0xa5, 0xc7, 0xec, 0xdb, 0x74, 0xf6, 0xd0, 0x10, 0x0d, 0x1d, 0x3e,
972
+    0x39, 0xe7, 0x52, 0x80, 0x0e, 0x20, 0x33, 0x97, 0xde, 0x02, 0x33, 0x07,
973
+    0x7b, 0x9a, 0x88, 0x85, 0x55, 0x37, 0xfa, 0xe9, 0x27, 0xf9, 0x24, 0x38,
974
+    0x0d, 0x78, 0x0f, 0x98, 0xe1, 0x8d, 0xcf, 0xf3, 0x9c, 0x5e, 0xa7, 0x41,
975
+    0xb1, 0x7d, 0x6f, 0xdd, 0x18, 0x85, 0xbc, 0x9d, 0x58, 0x14, 0x82, 0xd7,
976
+    0x71, 0xce, 0xb5, 0x62, 0xd7, 0x8a, 0x8b, 0xf8, 0x8f, 0x0c, 0x75, 0xb1,
977
+    0x13, 0x63, 0xe5, 0xe3, 0x6c, 0xd4, 0x79, 0xce, 0xb0, 0x54, 0x5f, 0x9d,
978
+    0xa8, 0x42, 0x03, 0xe0, 0xe6, 0xe5, 0x08, 0x37, 0x5c, 0xc9, 0xe8, 0x44,
979
+    0xb8, 0x8b, 0x7a, 0xc7, 0xa0, 0xa2, 0x01, 0xea, 0x0f, 0x1b, 0xee, 0x9a,
980
+    0x2c, 0x57, 0x79, 0x20, 0xca, 0x02, 0xc0, 0x1b, 0x9d, 0x83, 0x20, 0xe9,
981
+    0x74, 0xa5, 0x6f, 0x4e, 0xfb, 0x57, 0x63, 0xb9, 0x62, 0x55, 0xab, 0xbf,
982
+    0x80, 0x37, 0xbf, 0x18, 0x02, 0xcf, 0x01, 0x8f, 0x56, 0x37, 0x94, 0x93,
983
+    0xe5, 0x69, 0xa9};
984
+const uint8_t kTestVector7Sig[] = {
985
+    0x18, 0x7f, 0x39, 0x07, 0x23, 0xc8, 0x90, 0x25, 0x91, 0xf0, 0x15, 0x4b,
986
+    0xae, 0x6d, 0x4e, 0xcb, 0xff, 0xe0, 0x67, 0xf0, 0xe8, 0xb7, 0x95, 0x47,
987
+    0x6e, 0xa4, 0xf4, 0xd5, 0x1c, 0xcc, 0x81, 0x05, 0x20, 0xbb, 0x3c, 0xa9,
988
+    0xbc, 0xa7, 0xd0, 0xb1, 0xf2, 0xea, 0x8a, 0x17, 0xd8, 0x73, 0xfa, 0x27,
989
+    0x57, 0x0a, 0xcd, 0x64, 0x2e, 0x38, 0x08, 0x56, 0x1c, 0xb9, 0xe9, 0x75,
990
+    0xcc, 0xfd, 0x80, 0xb2, 0x3d, 0xc5, 0x77, 0x1c, 0xdb, 0x33, 0x06, 0xa5,
991
+    0xf2, 0x31, 0x59, 0xda, 0xcb, 0xd3, 0xaa, 0x2d, 0xb9, 0x3d, 0x46, 0xd7,
992
+    0x66, 0xe0, 0x9e, 0xd1, 0x5d, 0x90, 0x0a, 0xd8, 0x97, 0xa8, 0xd2, 0x74,
993
+    0xdc, 0x26, 0xb4, 0x7e, 0x99, 0x4a, 0x27, 0xe9, 0x7e, 0x22, 0x68, 0xa7,
994
+    0x66, 0x53, 0x3a, 0xe4, 0xb5, 0xe4, 0x2a, 0x2f, 0xca, 0xf7, 0x55, 0xc1,
995
+    0xc4, 0x79, 0x4b, 0x29, 0x4c, 0x60, 0x55, 0x58, 0x23};
996
+
997
+// RSA-PSS test vectors, pss-vect.txt, Example 8: A 1031-bit RSA Key Pair
998
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
999
+const uint8_t kTestVector8Pkcs8[] = {
1000
+    0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
1001
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
1002
+    0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
1003
+    0x49, 0x53, 0x70, 0xa1, 0xfb, 0x18, 0x54, 0x3c, 0x16, 0xd3, 0x63, 0x1e,
1004
+    0x31, 0x63, 0x25, 0x5d, 0xf6, 0x2b, 0xe6, 0xee, 0xe8, 0x90, 0xd5, 0xf2,
1005
+    0x55, 0x09, 0xe4, 0xf7, 0x78, 0xa8, 0xea, 0x6f, 0xbb, 0xbc, 0xdf, 0x85,
1006
+    0xdf, 0xf6, 0x4e, 0x0d, 0x97, 0x20, 0x03, 0xab, 0x36, 0x81, 0xfb, 0xba,
1007
+    0x6d, 0xd4, 0x1f, 0xd5, 0x41, 0x82, 0x9b, 0x2e, 0x58, 0x2d, 0xe9, 0xf2,
1008
+    0xa4, 0xa4, 0xe0, 0xa2, 0xd0, 0x90, 0x0b, 0xef, 0x47, 0x53, 0xdb, 0x3c,
1009
+    0xee, 0x0e, 0xe0, 0x6c, 0x7d, 0xfa, 0xe8, 0xb1, 0xd5, 0x3b, 0x59, 0x53,
1010
+    0x21, 0x8f, 0x9c, 0xce, 0xea, 0x69, 0x5b, 0x08, 0x66, 0x8e, 0xde, 0xaa,
1011
+    0xdc, 0xed, 0x94, 0x63, 0xb1, 0xd7, 0x90, 0xd5, 0xeb, 0xf2, 0x7e, 0x91,
1012
+    0x15, 0xb4, 0x6c, 0xad, 0x4d, 0x9a, 0x2b, 0x8e, 0xfa, 0xb0, 0x56, 0x1b,
1013
+    0x08, 0x10, 0x34, 0x47, 0x39, 0xad, 0xa0, 0x73, 0x3f, 0x02, 0x03, 0x01,
1014
+    0x00, 0x01, 0x02, 0x81, 0x80, 0x6c, 0x66, 0xff, 0xe9, 0x89, 0x80, 0xc3,
1015
+    0x8f, 0xcd, 0xea, 0xb5, 0x15, 0x98, 0x98, 0x83, 0x61, 0x65, 0xf4, 0xb4,
1016
+    0xb8, 0x17, 0xc4, 0xf6, 0xa8, 0xd4, 0x86, 0xee, 0x4e, 0xa9, 0x13, 0x0f,
1017
+    0xe9, 0xb9, 0x09, 0x2b, 0xd1, 0x36, 0xd1, 0x84, 0xf9, 0x5f, 0x50, 0x4a,
1018
+    0x60, 0x7e, 0xac, 0x56, 0x58, 0x46, 0xd2, 0xfd, 0xd6, 0x59, 0x7a, 0x89,
1019
+    0x67, 0xc7, 0x39, 0x6e, 0xf9, 0x5a, 0x6e, 0xee, 0xbb, 0x45, 0x78, 0xa6,
1020
+    0x43, 0x96, 0x6d, 0xca, 0x4d, 0x8e, 0xe3, 0xde, 0x84, 0x2d, 0xe6, 0x32,
1021
+    0x79, 0xc6, 0x18, 0x15, 0x9c, 0x1a, 0xb5, 0x4a, 0x89, 0x43, 0x7b, 0x6a,
1022
+    0x61, 0x20, 0xe4, 0x93, 0x0a, 0xfb, 0x52, 0xa4, 0xba, 0x6c, 0xed, 0x8a,
1023
+    0x49, 0x47, 0xac, 0x64, 0xb3, 0x0a, 0x34, 0x97, 0xcb, 0xe7, 0x01, 0xc2,
1024
+    0xd6, 0x26, 0x6d, 0x51, 0x72, 0x19, 0xad, 0x0e, 0xc6, 0xd3, 0x47, 0xdb,
1025
+    0xe9, 0x02, 0x41, 0x08, 0xda, 0xd7, 0xf1, 0x13, 0x63, 0xfa, 0xa6, 0x23,
1026
+    0xd5, 0xd6, 0xd5, 0xe8, 0xa3, 0x19, 0x32, 0x8d, 0x82, 0x19, 0x0d, 0x71,
1027
+    0x27, 0xd2, 0x84, 0x6c, 0x43, 0x9b, 0x0a, 0xb7, 0x26, 0x19, 0xb0, 0xa4,
1028
+    0x3a, 0x95, 0x32, 0x0e, 0x4e, 0xc3, 0x4f, 0xc3, 0xa9, 0xce, 0xa8, 0x76,
1029
+    0x42, 0x23, 0x05, 0xbd, 0x76, 0xc5, 0xba, 0x7b, 0xe9, 0xe2, 0xf4, 0x10,
1030
+    0xc8, 0x06, 0x06, 0x45, 0xa1, 0xd2, 0x9e, 0xdb, 0x02, 0x41, 0x08, 0x47,
1031
+    0xe7, 0x32, 0x37, 0x6f, 0xc7, 0x90, 0x0f, 0x89, 0x8e, 0xa8, 0x2e, 0xb2,
1032
+    0xb0, 0xfc, 0x41, 0x85, 0x65, 0xfd, 0xae, 0x62, 0xf7, 0xd9, 0xec, 0x4c,
1033
+    0xe2, 0x21, 0x7b, 0x97, 0x99, 0x0d, 0xd2, 0x72, 0xdb, 0x15, 0x7f, 0x99,
1034
+    0xf6, 0x3c, 0x0d, 0xcb, 0xb9, 0xfb, 0xac, 0xdb, 0xd4, 0xc4, 0xda, 0xdb,
1035
+    0x6d, 0xf6, 0x77, 0x56, 0x35, 0x8c, 0xa4, 0x17, 0x48, 0x25, 0xb4, 0x8f,
1036
+    0x49, 0x70, 0x6d, 0x02, 0x41, 0x05, 0xc2, 0xa8, 0x3c, 0x12, 0x4b, 0x36,
1037
+    0x21, 0xa2, 0xaa, 0x57, 0xea, 0x2c, 0x3e, 0xfe, 0x03, 0x5e, 0xff, 0x45,
1038
+    0x60, 0xf3, 0x3d, 0xde, 0xbb, 0x7a, 0xda, 0xb8, 0x1f, 0xce, 0x69, 0xa0,
1039
+    0xc8, 0xc2, 0xed, 0xc1, 0x65, 0x20, 0xdd, 0xa8, 0x3d, 0x59, 0xa2, 0x3b,
1040
+    0xe8, 0x67, 0x96, 0x3a, 0xc6, 0x5f, 0x2c, 0xc7, 0x10, 0xbb, 0xcf, 0xb9,
1041
+    0x6e, 0xe1, 0x03, 0xde, 0xb7, 0x71, 0xd1, 0x05, 0xfd, 0x85, 0x02, 0x41,
1042
+    0x04, 0xca, 0xe8, 0xaa, 0x0d, 0x9f, 0xaa, 0x16, 0x5c, 0x87, 0xb6, 0x82,
1043
+    0xec, 0x14, 0x0b, 0x8e, 0xd3, 0xb5, 0x0b, 0x24, 0x59, 0x4b, 0x7a, 0x3b,
1044
+    0x2c, 0x22, 0x0b, 0x36, 0x69, 0xbb, 0x81, 0x9f, 0x98, 0x4f, 0x55, 0x31,
1045
+    0x0a, 0x1a, 0xe7, 0x82, 0x36, 0x51, 0xd4, 0xa0, 0x2e, 0x99, 0x44, 0x79,
1046
+    0x72, 0x59, 0x51, 0x39, 0x36, 0x34, 0x34, 0xe5, 0xe3, 0x0a, 0x7e, 0x7d,
1047
+    0x24, 0x15, 0x51, 0xe1, 0xb9, 0x02, 0x41, 0x07, 0xd3, 0xe4, 0x7b, 0xf6,
1048
+    0x86, 0x60, 0x0b, 0x11, 0xac, 0x28, 0x3c, 0xe8, 0x8d, 0xbb, 0x3f, 0x60,
1049
+    0x51, 0xe8, 0xef, 0xd0, 0x46, 0x80, 0xe4, 0x4c, 0x17, 0x1e, 0xf5, 0x31,
1050
+    0xb8, 0x0b, 0x2b, 0x7c, 0x39, 0xfc, 0x76, 0x63, 0x20, 0xe2, 0xcf, 0x15,
1051
+    0xd8, 0xd9, 0x98, 0x20, 0xe9, 0x6f, 0xf3, 0x0d, 0xc6, 0x96, 0x91, 0x83,
1052
+    0x9c, 0x4b, 0x40, 0xd7, 0xb0, 0x6e, 0x45, 0x30, 0x7d, 0xc9, 0x1f, 0x3f};
1053
+const uint8_t kTestVector8Spki[] = {
1054
+    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1055
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81,
1056
+    0x89, 0x02, 0x81, 0x81, 0x49, 0x53, 0x70, 0xa1, 0xfb, 0x18, 0x54, 0x3c,
1057
+    0x16, 0xd3, 0x63, 0x1e, 0x31, 0x63, 0x25, 0x5d, 0xf6, 0x2b, 0xe6, 0xee,
1058
+    0xe8, 0x90, 0xd5, 0xf2, 0x55, 0x09, 0xe4, 0xf7, 0x78, 0xa8, 0xea, 0x6f,
1059
+    0xbb, 0xbc, 0xdf, 0x85, 0xdf, 0xf6, 0x4e, 0x0d, 0x97, 0x20, 0x03, 0xab,
1060
+    0x36, 0x81, 0xfb, 0xba, 0x6d, 0xd4, 0x1f, 0xd5, 0x41, 0x82, 0x9b, 0x2e,
1061
+    0x58, 0x2d, 0xe9, 0xf2, 0xa4, 0xa4, 0xe0, 0xa2, 0xd0, 0x90, 0x0b, 0xef,
1062
+    0x47, 0x53, 0xdb, 0x3c, 0xee, 0x0e, 0xe0, 0x6c, 0x7d, 0xfa, 0xe8, 0xb1,
1063
+    0xd5, 0x3b, 0x59, 0x53, 0x21, 0x8f, 0x9c, 0xce, 0xea, 0x69, 0x5b, 0x08,
1064
+    0x66, 0x8e, 0xde, 0xaa, 0xdc, 0xed, 0x94, 0x63, 0xb1, 0xd7, 0x90, 0xd5,
1065
+    0xeb, 0xf2, 0x7e, 0x91, 0x15, 0xb4, 0x6c, 0xad, 0x4d, 0x9a, 0x2b, 0x8e,
1066
+    0xfa, 0xb0, 0x56, 0x1b, 0x08, 0x10, 0x34, 0x47, 0x39, 0xad, 0xa0, 0x73,
1067
+    0x3f, 0x02, 0x03, 0x01, 0x00, 0x01};
1068
+// RSA-PSS test vectors, pss-vect.txt, Example 8.1
1069
+const uint8_t kTestVector8Data[] = {
1070
+    0x81, 0x33, 0x2f, 0x4b, 0xe6, 0x29, 0x48, 0x41, 0x5e, 0xa1, 0xd8, 0x99,
1071
+    0x79, 0x2e, 0xea, 0xcf, 0x6c, 0x6e, 0x1d, 0xb1, 0xda, 0x8b, 0xe1, 0x3b,
1072
+    0x5c, 0xea, 0x41, 0xdb, 0x2f, 0xed, 0x46, 0x70, 0x92, 0xe1, 0xff, 0x39,
1073
+    0x89, 0x14, 0xc7, 0x14, 0x25, 0x97, 0x75, 0xf5, 0x95, 0xf8, 0x54, 0x7f,
1074
+    0x73, 0x56, 0x92, 0xa5, 0x75, 0xe6, 0x92, 0x3a, 0xf7, 0x8f, 0x22, 0xc6,
1075
+    0x99, 0x7d, 0xdb, 0x90, 0xfb, 0x6f, 0x72, 0xd7, 0xbb, 0x0d, 0xd5, 0x74,
1076
+    0x4a, 0x31, 0xde, 0xcd, 0x3d, 0xc3, 0x68, 0x58, 0x49, 0x83, 0x6e, 0xd3,
1077
+    0x4a, 0xec, 0x59, 0x63, 0x04, 0xad, 0x11, 0x84, 0x3c, 0x4f, 0x88, 0x48,
1078
+    0x9f, 0x20, 0x97, 0x35, 0xf5, 0xfb, 0x7f, 0xda, 0xf7, 0xce, 0xc8, 0xad,
1079
+    0xdc, 0x58, 0x18, 0x16, 0x8f, 0x88, 0x0a, 0xcb, 0xf4, 0x90, 0xd5, 0x10,
1080
+    0x05, 0xb7, 0xa8, 0xe8, 0x4e, 0x43, 0xe5, 0x42, 0x87, 0x97, 0x75, 0x71,
1081
+    0xdd, 0x99, 0xee, 0xa4, 0xb1, 0x61, 0xeb, 0x2d, 0xf1, 0xf5, 0x10, 0x8f,
1082
+    0x12, 0xa4, 0x14, 0x2a, 0x83, 0x32, 0x2e, 0xdb, 0x05, 0xa7, 0x54, 0x87,
1083
+    0xa3, 0x43, 0x5c, 0x9a, 0x78, 0xce, 0x53, 0xed, 0x93, 0xbc, 0x55, 0x08,
1084
+    0x57, 0xd7, 0xa9, 0xfb};
1085
+const uint8_t kTestVector8Sig[] = {
1086
+    0x02, 0x62, 0xac, 0x25, 0x4b, 0xfa, 0x77, 0xf3, 0xc1, 0xac, 0xa2, 0x2c,
1087
+    0x51, 0x79, 0xf8, 0xf0, 0x40, 0x42, 0x2b, 0x3c, 0x5b, 0xaf, 0xd4, 0x0a,
1088
+    0x8f, 0x21, 0xcf, 0x0f, 0xa5, 0xa6, 0x67, 0xcc, 0xd5, 0x99, 0x3d, 0x42,
1089
+    0xdb, 0xaf, 0xb4, 0x09, 0xc5, 0x20, 0xe2, 0x5f, 0xce, 0x2b, 0x1e, 0xe1,
1090
+    0xe7, 0x16, 0x57, 0x7f, 0x1e, 0xfa, 0x17, 0xf3, 0xda, 0x28, 0x05, 0x2f,
1091
+    0x40, 0xf0, 0x41, 0x9b, 0x23, 0x10, 0x6d, 0x78, 0x45, 0xaa, 0xf0, 0x11,
1092
+    0x25, 0xb6, 0x98, 0xe7, 0xa4, 0xdf, 0xe9, 0x2d, 0x39, 0x67, 0xbb, 0x00,
1093
+    0xc4, 0xd0, 0xd3, 0x5b, 0xa3, 0x55, 0x2a, 0xb9, 0xa8, 0xb3, 0xee, 0xf0,
1094
+    0x7c, 0x7f, 0xec, 0xdb, 0xc5, 0x42, 0x4a, 0xc4, 0xdb, 0x1e, 0x20, 0xcb,
1095
+    0x37, 0xd0, 0xb2, 0x74, 0x47, 0x69, 0x94, 0x0e, 0xa9, 0x07, 0xe1, 0x7f,
1096
+    0xbb, 0xca, 0x67, 0x3b, 0x20, 0x52, 0x23, 0x80, 0xc5};
1097
+
1098
+// RSA-PSS test vectors, pss-vect.txt, Example 9: A 1536-bit RSA Key Pair
1099
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
1100
+const uint8_t kTestVector9Pkcs8[] = {
1101
+    0x30, 0x82, 0x03, 0x92, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
1102
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
1103
+    0x03, 0x7c, 0x30, 0x82, 0x03, 0x78, 0x02, 0x01, 0x00, 0x02, 0x81, 0xc0,
1104
+    0xe6, 0xbd, 0x69, 0x2a, 0xc9, 0x66, 0x45, 0x79, 0x04, 0x03, 0xfd, 0xd0,
1105
+    0xf5, 0xbe, 0xb8, 0xb9, 0xbf, 0x92, 0xed, 0x10, 0x00, 0x7f, 0xc3, 0x65,
1106
+    0x04, 0x64, 0x19, 0xdd, 0x06, 0xc0, 0x5c, 0x5b, 0x5b, 0x2f, 0x48, 0xec,
1107
+    0xf9, 0x89, 0xe4, 0xce, 0x26, 0x91, 0x09, 0x97, 0x9c, 0xbb, 0x40, 0xb4,
1108
+    0xa0, 0xad, 0x24, 0xd2, 0x24, 0x83, 0xd1, 0xee, 0x31, 0x5a, 0xd4, 0xcc,
1109
+    0xb1, 0x53, 0x42, 0x68, 0x35, 0x26, 0x91, 0xc5, 0x24, 0xf6, 0xdd, 0x8e,
1110
+    0x6c, 0x29, 0xd2, 0x24, 0xcf, 0x24, 0x69, 0x73, 0xae, 0xc8, 0x6c, 0x5b,
1111
+    0xf6, 0xb1, 0x40, 0x1a, 0x85, 0x0d, 0x1b, 0x9a, 0xd1, 0xbb, 0x8c, 0xbc,
1112
+    0xec, 0x47, 0xb0, 0x6f, 0x0f, 0x8c, 0x7f, 0x45, 0xd3, 0xfc, 0x8f, 0x31,
1113
+    0x92, 0x99, 0xc5, 0x43, 0x3d, 0xdb, 0xc2, 0xb3, 0x05, 0x3b, 0x47, 0xde,
1114
+    0xd2, 0xec, 0xd4, 0xa4, 0xca, 0xef, 0xd6, 0x14, 0x83, 0x3d, 0xc8, 0xbb,
1115
+    0x62, 0x2f, 0x31, 0x7e, 0xd0, 0x76, 0xb8, 0x05, 0x7f, 0xe8, 0xde, 0x3f,
1116
+    0x84, 0x48, 0x0a, 0xd5, 0xe8, 0x3e, 0x4a, 0x61, 0x90, 0x4a, 0x4f, 0x24,
1117
+    0x8f, 0xb3, 0x97, 0x02, 0x73, 0x57, 0xe1, 0xd3, 0x0e, 0x46, 0x31, 0x39,
1118
+    0x81, 0x5c, 0x6f, 0xd4, 0xfd, 0x5a, 0xc5, 0xb8, 0x17, 0x2a, 0x45, 0x23,
1119
+    0x0e, 0xcb, 0x63, 0x18, 0xa0, 0x4f, 0x14, 0x55, 0xd8, 0x4e, 0x5a, 0x8b,
1120
+    0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0xc0, 0x6a, 0x7f, 0xd8, 0x4f,
1121
+    0xb8, 0x5f, 0xad, 0x07, 0x3b, 0x34, 0x40, 0x6d, 0xb7, 0x4f, 0x8d, 0x61,
1122
+    0xa6, 0xab, 0xc1, 0x21, 0x96, 0xa9, 0x61, 0xdd, 0x79, 0x56, 0x5e, 0x9d,
1123
+    0xa6, 0xe5, 0x18, 0x7b, 0xce, 0x2d, 0x98, 0x02, 0x50, 0xf7, 0x35, 0x95,
1124
+    0x75, 0x35, 0x92, 0x70, 0xd9, 0x15, 0x90, 0xbb, 0x0e, 0x42, 0x7c, 0x71,
1125
+    0x46, 0x0b, 0x55, 0xd5, 0x14, 0x10, 0xb1, 0x91, 0xbc, 0xf3, 0x09, 0xfe,
1126
+    0xa1, 0x31, 0xa9, 0x2c, 0x8e, 0x70, 0x27, 0x38, 0xfa, 0x71, 0x9f, 0x1e,
1127
+    0x00, 0x41, 0xf5, 0x2e, 0x40, 0xe9, 0x1f, 0x22, 0x9f, 0x4d, 0x96, 0xa1,
1128
+    0xe6, 0xf1, 0x72, 0xe1, 0x55, 0x96, 0xb4, 0x51, 0x0a, 0x6d, 0xae, 0xc2,
1129
+    0x61, 0x05, 0xf2, 0xbe, 0xbc, 0x53, 0x31, 0x6b, 0x87, 0xbd, 0xf2, 0x13,
1130
+    0x11, 0x66, 0x60, 0x70, 0xe8, 0xdf, 0xee, 0x69, 0xd5, 0x2c, 0x71, 0xa9,
1131
+    0x76, 0xca, 0xae, 0x79, 0xc7, 0x2b, 0x68, 0xd2, 0x85, 0x80, 0xdc, 0x68,
1132
+    0x6d, 0x9f, 0x51, 0x29, 0xd2, 0x25, 0xf8, 0x2b, 0x3d, 0x61, 0x55, 0x13,
1133
+    0xa8, 0x82, 0xb3, 0xdb, 0x91, 0x41, 0x6b, 0x48, 0xce, 0x08, 0x88, 0x82,
1134
+    0x13, 0xe3, 0x7e, 0xeb, 0x9a, 0xf8, 0x00, 0xd8, 0x1c, 0xab, 0x32, 0x8c,
1135
+    0xe4, 0x20, 0x68, 0x99, 0x03, 0xc0, 0x0c, 0x7b, 0x5f, 0xd3, 0x1b, 0x75,
1136
+    0x50, 0x3a, 0x6d, 0x41, 0x96, 0x84, 0xd6, 0x29, 0x02, 0x60, 0xf8, 0xeb,
1137
+    0x97, 0xe9, 0x8d, 0xf1, 0x26, 0x64, 0xee, 0xfd, 0xb7, 0x61, 0x59, 0x6a,
1138
+    0x69, 0xdd, 0xcd, 0x0e, 0x76, 0xda, 0xec, 0xe6, 0xed, 0x4b, 0xf5, 0xa1,
1139
+    0xb5, 0x0a, 0xc0, 0x86, 0xf7, 0x92, 0x8a, 0x4d, 0x2f, 0x87, 0x26, 0xa7,
1140
+    0x7e, 0x51, 0x5b, 0x74, 0xda, 0x41, 0x98, 0x8f, 0x22, 0x0b, 0x1c, 0xc8,
1141
+    0x7a, 0xa1, 0xfc, 0x81, 0x0c, 0xe9, 0x9a, 0x82, 0xf2, 0xd1, 0xce, 0x82,
1142
+    0x1e, 0xdc, 0xed, 0x79, 0x4c, 0x69, 0x41, 0xf4, 0x2c, 0x7a, 0x1a, 0x0b,
1143
+    0x8c, 0x4d, 0x28, 0xc7, 0x5e, 0xc6, 0x0b, 0x65, 0x22, 0x79, 0xf6, 0x15,
1144
+    0x4a, 0x76, 0x2a, 0xed, 0x16, 0x5d, 0x47, 0xde, 0xe3, 0x67, 0x02, 0x60,
1145
+    0xed, 0x4d, 0x71, 0xd0, 0xa6, 0xe2, 0x4b, 0x93, 0xc2, 0xe5, 0xf6, 0xb4,
1146
+    0xbb, 0xe0, 0x5f, 0x5f, 0xb0, 0xaf, 0xa0, 0x42, 0xd2, 0x04, 0xfe, 0x33,
1147
+    0x78, 0xd3, 0x65, 0xc2, 0xf2, 0x88, 0xb6, 0xa8, 0xda, 0xd7, 0xef, 0xe4,
1148
+    0x5d, 0x15, 0x3e, 0xef, 0x40, 0xca, 0xcc, 0x7b, 0x81, 0xff, 0x93, 0x40,
1149
+    0x02, 0xd1, 0x08, 0x99, 0x4b, 0x94, 0xa5, 0xe4, 0x72, 0x8c, 0xd9, 0xc9,
1150
+    0x63, 0x37, 0x5a, 0xe4, 0x99, 0x65, 0xbd, 0xa5, 0x5c, 0xbf, 0x0e, 0xfe,
1151
+    0xd8, 0xd6, 0x55, 0x3b, 0x40, 0x27, 0xf2, 0xd8, 0x62, 0x08, 0xa6, 0xe6,
1152
+    0xb4, 0x89, 0xc1, 0x76, 0x12, 0x80, 0x92, 0xd6, 0x29, 0xe4, 0x9d, 0x3d,
1153
+    0x02, 0x60, 0x2b, 0xb6, 0x8b, 0xdd, 0xfb, 0x0c, 0x4f, 0x56, 0xc8, 0x55,
1154
+    0x8b, 0xff, 0xaf, 0x89, 0x2d, 0x80, 0x43, 0x03, 0x78, 0x41, 0xe7, 0xfa,
1155
+    0x81, 0xcf, 0xa6, 0x1a, 0x38, 0xc5, 0xe3, 0x9b, 0x90, 0x1c, 0x8e, 0xe7,
1156
+    0x11, 0x22, 0xa5, 0xda, 0x22, 0x27, 0xbd, 0x6c, 0xde, 0xeb, 0x48, 0x14,
1157
+    0x52, 0xc1, 0x2a, 0xd3, 0xd6, 0x1d, 0x5e, 0x4f, 0x77, 0x6a, 0x0a, 0xb5,
1158
+    0x56, 0x59, 0x1b, 0xef, 0xe3, 0xe5, 0x9e, 0x5a, 0x7f, 0xdd, 0xb8, 0x34,
1159
+    0x5e, 0x1f, 0x2f, 0x35, 0xb9, 0xf4, 0xce, 0xe5, 0x7c, 0x32, 0x41, 0x4c,
1160
+    0x08, 0x6a, 0xec, 0x99, 0x3e, 0x93, 0x53, 0xe4, 0x80, 0xd9, 0xee, 0xc6,
1161
+    0x28, 0x9f, 0x02, 0x60, 0x4f, 0xf8, 0x97, 0x70, 0x9f, 0xad, 0x07, 0x97,
1162
+    0x46, 0x49, 0x45, 0x78, 0xe7, 0x0f, 0xd8, 0x54, 0x61, 0x30, 0xee, 0xab,
1163
+    0x56, 0x27, 0xc4, 0x9b, 0x08, 0x0f, 0x05, 0xee, 0x4a, 0xd9, 0xf3, 0xe4,
1164
+    0xb7, 0xcb, 0xa9, 0xd6, 0xa5, 0xdf, 0xf1, 0x13, 0xa4, 0x1c, 0x34, 0x09,
1165
+    0x33, 0x68, 0x33, 0xf1, 0x90, 0x81, 0x6d, 0x8a, 0x6b, 0xc4, 0x2e, 0x9b,
1166
+    0xec, 0x56, 0xb7, 0x56, 0x7d, 0x0f, 0x3c, 0x9c, 0x69, 0x6d, 0xb6, 0x19,
1167
+    0xb2, 0x45, 0xd9, 0x01, 0xdd, 0x85, 0x6d, 0xb7, 0xc8, 0x09, 0x2e, 0x77,
1168
+    0xe9, 0xa1, 0xcc, 0xcd, 0x56, 0xee, 0x4d, 0xba, 0x42, 0xc5, 0xfd, 0xb6,
1169
+    0x1a, 0xec, 0x26, 0x69, 0x02, 0x60, 0x77, 0xb9, 0xd1, 0x13, 0x7b, 0x50,
1170
+    0x40, 0x4a, 0x98, 0x27, 0x29, 0x31, 0x6e, 0xfa, 0xfc, 0x7d, 0xfe, 0x66,
1171
+    0xd3, 0x4e, 0x5a, 0x18, 0x26, 0x00, 0xd5, 0xf3, 0x0a, 0x0a, 0x85, 0x12,
1172
+    0x05, 0x1c, 0x56, 0x0d, 0x08, 0x1d, 0x4d, 0x0a, 0x18, 0x35, 0xec, 0x3d,
1173
+    0x25, 0xa6, 0x0f, 0x4e, 0x4d, 0x6a, 0xa9, 0x48, 0xb2, 0xbf, 0x3d, 0xbb,
1174
+    0x5b, 0x12, 0x4c, 0xbb, 0xc3, 0x48, 0x92, 0x55, 0xa3, 0xa9, 0x48, 0x37,
1175
+    0x2f, 0x69, 0x78, 0x49, 0x67, 0x45, 0xf9, 0x43, 0xe1, 0xdb, 0x4f, 0x18,
1176
+    0x38, 0x2c, 0xea, 0xa5, 0x05, 0xdf, 0xc6, 0x57, 0x57, 0xbb, 0x3f, 0x85,
1177
+    0x7a, 0x58, 0xdc, 0xe5, 0x21, 0x56};
1178
+const uint8_t kTestVector9Spki[] = {
1179
+    0x30, 0x81, 0xdf, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
1180
+    0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0xcd, 0x00, 0x30, 0x81,
1181
+    0xc9, 0x02, 0x81, 0xc1, 0x00, 0xe6, 0xbd, 0x69, 0x2a, 0xc9, 0x66, 0x45,
1182
+    0x79, 0x04, 0x03, 0xfd, 0xd0, 0xf5, 0xbe, 0xb8, 0xb9, 0xbf, 0x92, 0xed,
1183
+    0x10, 0x00, 0x7f, 0xc3, 0x65, 0x04, 0x64, 0x19, 0xdd, 0x06, 0xc0, 0x5c,
1184
+    0x5b, 0x5b, 0x2f, 0x48, 0xec, 0xf9, 0x89, 0xe4, 0xce, 0x26, 0x91, 0x09,
1185
+    0x97, 0x9c, 0xbb, 0x40, 0xb4, 0xa0, 0xad, 0x24, 0xd2, 0x24, 0x83, 0xd1,
1186
+    0xee, 0x31, 0x5a, 0xd4, 0xcc, 0xb1, 0x53, 0x42, 0x68, 0x35, 0x26, 0x91,
1187
+    0xc5, 0x24, 0xf6, 0xdd, 0x8e, 0x6c, 0x29, 0xd2, 0x24, 0xcf, 0x24, 0x69,
1188
+    0x73, 0xae, 0xc8, 0x6c, 0x5b, 0xf6, 0xb1, 0x40, 0x1a, 0x85, 0x0d, 0x1b,
1189
+    0x9a, 0xd1, 0xbb, 0x8c, 0xbc, 0xec, 0x47, 0xb0, 0x6f, 0x0f, 0x8c, 0x7f,
1190
+    0x45, 0xd3, 0xfc, 0x8f, 0x31, 0x92, 0x99, 0xc5, 0x43, 0x3d, 0xdb, 0xc2,
1191
+    0xb3, 0x05, 0x3b, 0x47, 0xde, 0xd2, 0xec, 0xd4, 0xa4, 0xca, 0xef, 0xd6,
1192
+    0x14, 0x83, 0x3d, 0xc8, 0xbb, 0x62, 0x2f, 0x31, 0x7e, 0xd0, 0x76, 0xb8,
1193
+    0x05, 0x7f, 0xe8, 0xde, 0x3f, 0x84, 0x48, 0x0a, 0xd5, 0xe8, 0x3e, 0x4a,
1194
+    0x61, 0x90, 0x4a, 0x4f, 0x24, 0x8f, 0xb3, 0x97, 0x02, 0x73, 0x57, 0xe1,
1195
+    0xd3, 0x0e, 0x46, 0x31, 0x39, 0x81, 0x5c, 0x6f, 0xd4, 0xfd, 0x5a, 0xc5,
1196
+    0xb8, 0x17, 0x2a, 0x45, 0x23, 0x0e, 0xcb, 0x63, 0x18, 0xa0, 0x4f, 0x14,
1197
+    0x55, 0xd8, 0x4e, 0x5a, 0x8b, 0x02, 0x03, 0x01, 0x00, 0x01};
1198
+// RSA-PSS test vectors, pss-vect.txt, Example 9.1
1199
+const uint8_t kTestVector9Data[] = {
1200
+    0xa8, 0x8e, 0x26, 0x58, 0x55, 0xe9, 0xd7, 0xca, 0x36, 0xc6, 0x87, 0x95,
1201
+    0xf0, 0xb3, 0x1b, 0x59, 0x1c, 0xd6, 0x58, 0x7c, 0x71, 0xd0, 0x60, 0xa0,
1202
+    0xb3, 0xf7, 0xf3, 0xea, 0xef, 0x43, 0x79, 0x59, 0x22, 0x02, 0x8b, 0xc2,
1203
+    0xb6, 0xad, 0x46, 0x7c, 0xfc, 0x2d, 0x7f, 0x65, 0x9c, 0x53, 0x85, 0xaa,
1204
+    0x70, 0xba, 0x36, 0x72, 0xcd, 0xde, 0x4c, 0xfe, 0x49, 0x70, 0xcc, 0x79,
1205
+    0x04, 0x60, 0x1b, 0x27, 0x88, 0x72, 0xbf, 0x51, 0x32, 0x1c, 0x4a, 0x97,
1206
+    0x2f, 0x3c, 0x95, 0x57, 0x0f, 0x34, 0x45, 0xd4, 0xf5, 0x79, 0x80, 0xe0,
1207
+    0xf2, 0x0d, 0xf5, 0x48, 0x46, 0xe6, 0xa5, 0x2c, 0x66, 0x8f, 0x12, 0x88,
1208
+    0xc0, 0x3f, 0x95, 0x00, 0x6e, 0xa3, 0x2f, 0x56, 0x2d, 0x40, 0xd5, 0x2a,
1209
+    0xf9, 0xfe, 0xb3, 0x2f, 0x0f, 0xa0, 0x6d, 0xb6, 0x5b, 0x58, 0x8a, 0x23,
1210
+    0x7b, 0x34, 0xe5, 0x92, 0xd5, 0x5c, 0xf9, 0x79, 0xf9, 0x03, 0xa6, 0x42,
1211
+    0xef, 0x64, 0xd2, 0xed, 0x54, 0x2a, 0xa8, 0xc7, 0x7d, 0xc1, 0xdd, 0x76,
1212
+    0x2f, 0x45, 0xa5, 0x93, 0x03, 0xed, 0x75, 0xe5, 0x41, 0xca, 0x27, 0x1e,
1213
+    0x2b, 0x60, 0xca, 0x70, 0x9e, 0x44, 0xfa, 0x06, 0x61, 0x13, 0x1e, 0x8d,
1214
+    0x5d, 0x41, 0x63, 0xfd, 0x8d, 0x39, 0x85, 0x66, 0xce, 0x26, 0xde, 0x87,
1215
+    0x30, 0xe7, 0x2f, 0x9c, 0xca, 0x73, 0x76, 0x41, 0xc2, 0x44, 0x15, 0x94,
1216
+    0x20, 0x63, 0x70, 0x28, 0xdf, 0x0a, 0x18, 0x07, 0x9d, 0x62, 0x08, 0xea,
1217
+    0x8b, 0x47, 0x11, 0xa2, 0xc7, 0x50, 0xf5};
1218
+const uint8_t kTestVector9Sig[] = {
1219
+    0x58, 0x61, 0x07, 0x22, 0x6c, 0x3c, 0xe0, 0x13, 0xa7, 0xc8, 0xf0, 0x4d,
1220
+    0x1a, 0x6a, 0x29, 0x59, 0xbb, 0x4b, 0x8e, 0x20, 0x5b, 0xa4, 0x3a, 0x27,
1221
+    0xb5, 0x0f, 0x12, 0x41, 0x11, 0xbc, 0x35, 0xef, 0x58, 0x9b, 0x03, 0x9f,
1222
+    0x59, 0x32, 0x18, 0x7c, 0xb6, 0x96, 0xd7, 0xd9, 0xa3, 0x2c, 0x0c, 0x38,
1223
+    0x30, 0x0a, 0x5c, 0xdd, 0xa4, 0x83, 0x4b, 0x62, 0xd2, 0xeb, 0x24, 0x0a,
1224
+    0xf3, 0x3f, 0x79, 0xd1, 0x3d, 0xfb, 0xf0, 0x95, 0xbf, 0x59, 0x9e, 0x0d,
1225
+    0x96, 0x86, 0x94, 0x8c, 0x19, 0x64, 0x74, 0x7b, 0x67, 0xe8, 0x9c, 0x9a,
1226
+    0xba, 0x5c, 0xd8, 0x50, 0x16, 0x23, 0x6f, 0x56, 0x6c, 0xc5, 0x80, 0x2c,
1227
+    0xb1, 0x3e, 0xad, 0x51, 0xbc, 0x7c, 0xa6, 0xbe, 0xf3, 0xb9, 0x4d, 0xcb,
1228
+    0xdb, 0xb1, 0xd5, 0x70, 0x46, 0x97, 0x71, 0xdf, 0x0e, 0x00, 0xb1, 0xa8,
1229
+    0xa0, 0x67, 0x77, 0x47, 0x2d, 0x23, 0x16, 0x27, 0x9e, 0xda, 0xe8, 0x64,
1230
+    0x74, 0x66, 0x8d, 0x4e, 0x1e, 0xff, 0xf9, 0x5f, 0x1d, 0xe6, 0x1c, 0x60,
1231
+    0x20, 0xda, 0x32, 0xae, 0x92, 0xbb, 0xf1, 0x65, 0x20, 0xfe, 0xf3, 0xcf,
1232
+    0x4d, 0x88, 0xf6, 0x11, 0x21, 0xf2, 0x4b, 0xbd, 0x9f, 0xe9, 0x1b, 0x59,
1233
+    0xca, 0xf1, 0x23, 0x5b, 0x2a, 0x93, 0xff, 0x81, 0xfc, 0x40, 0x3a, 0xdd,
1234
+    0xf4, 0xeb, 0xde, 0xa8, 0x49, 0x34, 0xa9, 0xcd, 0xaf, 0x8e, 0x1a, 0x9e};
1235
+
1236
+// RSA-PSS test vectors, pss-vect.txt, Example 10: A 2048-bit RSA Key Pair
1237
+// <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip>
1238
+const uint8_t kTestVector10Pkcs8[] = {
1239
+    0x30, 0x82, 0x04, 0xb9, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
1240
+    0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
1241
+    0x04, 0xa3, 0x30, 0x82, 0x04, 0x9f, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
1242
+    0x00, 0xa5, 0xdd, 0x86, 0x7a, 0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57,
1243
+    0xd4, 0x8c, 0x14, 0xa7, 0x70, 0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e,
1244
+    0xc6, 0x5f, 0xd1, 0x1a, 0xfa, 0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7,
1245
+    0xac, 0x73, 0xb4, 0x5c, 0x00, 0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3,
1246
+    0x18, 0x75, 0x3b, 0x60, 0x27, 0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80,
1247
+    0x90, 0xfe, 0xe2, 0xa7, 0xad, 0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba,
1248
+    0x49, 0x97, 0xc7, 0xa4, 0x2d, 0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae,
1249
+    0x00, 0x1f, 0xe5, 0x21, 0xc1, 0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5,
1250
+    0xae, 0x4f, 0x5e, 0x4c, 0x7e, 0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40,
1251
+    0x71, 0xf2, 0x0e, 0x57, 0x7e, 0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0,
1252
+    0x6d, 0x1d, 0xe5, 0xae, 0x62, 0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3,
1253
+    0x1a, 0x5d, 0xa5, 0xda, 0xbc, 0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d,
1254
+    0x37, 0x39, 0xe2, 0x62, 0x79, 0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21,
1255
+    0xdf, 0xf0, 0x4e, 0x6e, 0xea, 0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f,
1256
+    0xf9, 0x30, 0x7e, 0xed, 0xe9, 0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85,
1257
+    0xa2, 0x37, 0xd6, 0xd3, 0x70, 0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92,
1258
+    0x07, 0x0d, 0xf7, 0xad, 0xf1, 0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3,
1259
+    0x66, 0x7d, 0xe8, 0x3f, 0x17, 0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d,
1260
+    0xce, 0x09, 0xcb, 0x4a, 0xd0, 0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81,
1261
+    0x98, 0xee, 0x27, 0xcf, 0x55, 0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65,
1262
+    0x82, 0xec, 0x8b, 0x17, 0x4b, 0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c,
1263
+    0x61, 0x37, 0x21, 0xae, 0x05, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82,
1264
+    0x01, 0x00, 0x2d, 0x2f, 0xf5, 0x67, 0xb3, 0xfe, 0x74, 0xe0, 0x61, 0x91,
1265
+    0xb7, 0xfd, 0xed, 0x6d, 0xe1, 0x12, 0x29, 0x0c, 0x67, 0x06, 0x92, 0x43,
1266
+    0x0d, 0x59, 0x69, 0x18, 0x40, 0x47, 0xda, 0x23, 0x4c, 0x96, 0x93, 0xde,
1267
+    0xed, 0x16, 0x73, 0xed, 0x42, 0x95, 0x39, 0xc9, 0x69, 0xd3, 0x72, 0xc0,
1268
+    0x4d, 0x6b, 0x47, 0xe0, 0xf5, 0xb8, 0xce, 0xe0, 0x84, 0x3e, 0x5c, 0x22,
1269
+    0x83, 0x5d, 0xbd, 0x3b, 0x05, 0xa0, 0x99, 0x79, 0x84, 0xae, 0x60, 0x58,
1270
+    0xb1, 0x1b, 0xc4, 0x90, 0x7c, 0xbf, 0x67, 0xed, 0x84, 0xfa, 0x9a, 0xe2,
1271
+    0x52, 0xdf, 0xb0, 0xd0, 0xcd, 0x49, 0xe6, 0x18, 0xe3, 0x5d, 0xfd, 0xfe,
1272
+    0x59, 0xbc, 0xa3, 0xdd, 0xd6, 0x6c, 0x33, 0xce, 0xbb, 0xc7, 0x7a, 0xd4,
1273
+    0x41, 0xaa, 0x69, 0x5e, 0x13, 0xe3, 0x24, 0xb5, 0x18, 0xf0, 0x1c, 0x60,
1274
+    0xf5, 0xa8, 0x5c, 0x99, 0x4a, 0xd1, 0x79, 0xf2, 0xa6, 0xb5, 0xfb, 0xe9,
1275
+    0x34, 0x02, 0xb1, 0x17, 0x67, 0xbe, 0x01, 0xbf, 0x07, 0x34, 0x44, 0xd6,
1276
+    0xba, 0x1d, 0xd2, 0xbc, 0xa5, 0xbd, 0x07, 0x4d, 0x4a, 0x5f, 0xae, 0x35,
1277
+    0x31, 0xad, 0x13, 0x03, 0xd8, 0x4b, 0x30, 0xd8, 0x97, 0x31, 0x8c, 0xbb,
1278
+    0xba, 0x04, 0xe0, 0x3c, 0x2e, 0x66, 0xde, 0x6d, 0x91, 0xf8, 0x2f, 0x96,
1279
+    0xea, 0x1d, 0x4b, 0xb5, 0x4a, 0x5a, 0xae, 0x10, 0x2d, 0x59, 0x46, 0x57,
1280
+    0xf5, 0xc9, 0x78, 0x95, 0x53, 0x51, 0x2b, 0x29, 0x6d, 0xea, 0x29, 0xd8,
1281
+    0x02, 0x31, 0x96, 0x35, 0x7e, 0x3e, 0x3a, 0x6e, 0x95, 0x8f, 0x39, 0xe3,
1282
+    0xc2, 0x34, 0x40, 0x38, 0xea, 0x60, 0x4b, 0x31, 0xed, 0xc6, 0xf0, 0xf7,
1283
+    0xff, 0x6e, 0x71, 0x81, 0xa5, 0x7c, 0x92, 0x82, 0x6a, 0x26, 0x8f, 0x86,
1284
+    0x76, 0x8e, 0x96, 0xf8, 0x78, 0x56, 0x2f, 0xc7, 0x1d, 0x85, 0xd6, 0x9e,
1285
+    0x44, 0x86, 0x12, 0xf7, 0x04, 0x8f, 0x02, 0x81, 0x80, 0xcf, 0xd5, 0x02,
1286
+    0x83, 0xfe, 0xee, 0xb9, 0x7f, 0x6f, 0x08, 0xd7, 0x3c, 0xbc, 0x7b, 0x38,
1287
+    0x36, 0xf8, 0x2b, 0xbc, 0xd4, 0x99, 0x47, 0x9f, 0x5e, 0x6f, 0x76, 0xfd,
1288
+    0xfc, 0xb8, 0xb3, 0x8c, 0x4f, 0x71, 0xdc, 0x9e, 0x88, 0xbd, 0x6a, 0x6f,
1289
+    0x76, 0x37, 0x1a, 0xfd, 0x65, 0xd2, 0xaf, 0x18, 0x62, 0xb3, 0x2a, 0xfb,
1290
+    0x34, 0xa9, 0x5f, 0x71, 0xb8, 0xb1, 0x32, 0x04, 0x3f, 0xfe, 0xbe, 0x3a,
1291
+    0x95, 0x2b, 0xaf, 0x75, 0x92, 0x44, 0x81, 0x48, 0xc0, 0x3f, 0x9c, 0x69,
1292
+    0xb1, 0xd6, 0x8e, 0x4c, 0xe5, 0xcf, 0x32, 0xc8, 0x6b, 0xaf, 0x46, 0xfe,
1293
+    0xd3, 0x01, 0xca, 0x1a, 0xb4, 0x03, 0x06, 0x9b, 0x32, 0xf4, 0x56, 0xb9,
1294
+    0x1f, 0x71, 0x89, 0x8a, 0xb0, 0x81, 0xcd, 0x8c, 0x42, 0x52, 0xef, 0x52,
1295
+    0x71, 0x91, 0x5c, 0x97, 0x94, 0xb8, 0xf2, 0x95, 0x85, 0x1d, 0xa7, 0x51,
1296
+    0x0f, 0x99, 0xcb, 0x73, 0xeb, 0x02, 0x81, 0x80, 0xcc, 0x4e, 0x90, 0xd2,
1297
+    0xa1, 0xb3, 0xa0, 0x65, 0xd3, 0xb2, 0xd1, 0xf5, 0xa8, 0xfc, 0xe3, 0x1b,
1298
+    0x54, 0x44, 0x75, 0x66, 0x4e, 0xab, 0x56, 0x1d, 0x29, 0x71, 0xb9, 0x9f,
1299
+    0xb7, 0xbe, 0xf8, 0x44, 0xe8, 0xec, 0x1f, 0x36, 0x0b, 0x8c, 0x2a, 0xc8,
1300
+    0x35, 0x96, 0x92, 0x97, 0x1e, 0xa6, 0xa3, 0x8f, 0x72, 0x3f, 0xcc, 0x21,
1301
+    0x1f, 0x5d, 0xbc, 0xb1, 0x77, 0xa0, 0xfd, 0xac, 0x51, 0x64, 0xa1, 0xd4,
1302
+    0xff, 0x7f, 0xbb, 0x4e, 0x82, 0x99, 0x86, 0x35, 0x3c, 0xb9, 0x83, 0x65,
1303
+    0x9a, 0x14, 0x8c, 0xdd, 0x42, 0x0c, 0x7d, 0x31, 0xba, 0x38, 0x22, 0xea,
1304
+    0x90, 0xa3, 0x2b, 0xe4, 0x6c, 0x03, 0x0e, 0x8c, 0x17, 0xe1, 0xfa, 0x0a,
1305
+    0xd3, 0x78, 0x59, 0xe0, 0x6b, 0x0a, 0xa6, 0xfa, 0x3b, 0x21, 0x6d, 0x9c,
1306
+    0xbe, 0x6c, 0x0e, 0x22, 0x33, 0x97, 0x69, 0xc0, 0xa6, 0x15, 0x91, 0x3e,
1307
+    0x5d, 0xa7, 0x19, 0xcf, 0x02, 0x81, 0x80, 0x1c, 0x2d, 0x1f, 0xc3, 0x2f,
1308
+    0x6b, 0xc4, 0x00, 0x4f, 0xd8, 0x5d, 0xfd, 0xe0, 0xfb, 0xbf, 0x9a, 0x4c,
1309
+    0x38, 0xf9, 0xc7, 0xc4, 0xe4, 0x1d, 0xea, 0x1a, 0xa8, 0x82, 0x34, 0xa2,
1310
+    0x01, 0xcd, 0x92, 0xf3, 0xb7, 0xda, 0x52, 0x65, 0x83, 0xa9, 0x8a, 0xd8,
1311
+    0x5b, 0xb3, 0x60, 0xfb, 0x98, 0x3b, 0x71, 0x1e, 0x23, 0x44, 0x9d, 0x56,
1312
+    0x1d, 0x17, 0x78, 0xd7, 0xa5, 0x15, 0x48, 0x6b, 0xcb, 0xf4, 0x7b, 0x46,
1313
+    0xc9, 0xe9, 0xe1, 0xa3, 0xa1, 0xf7, 0x70, 0x00, 0xef, 0xbe, 0xb0, 0x9a,
1314
+    0x8a, 0xfe, 0x47, 0xe5, 0xb8, 0x57, 0xcd, 0xa9, 0x9c, 0xb1, 0x6d, 0x7f,
1315
+    0xff, 0x9b, 0x71, 0x2e, 0x3b, 0xd6, 0x0c, 0xa9, 0x6d, 0x9c, 0x79, 0x73,
1316
+    0xd6, 0x16, 0xd4, 0x69, 0x34, 0xa9, 0xc0, 0x50, 0x28, 0x1c, 0x00, 0x43,
1317
+    0x99, 0xce, 0xff, 0x1d, 0xb7, 0xdd, 0xa7, 0x87, 0x66, 0xa8, 0xa9, 0xb9,
1318
+    0xcb, 0x08, 0x73, 0x02, 0x81, 0x80, 0xcb, 0x3b, 0x3c, 0x04, 0xca, 0xa5,
1319
+    0x8c, 0x60, 0xbe, 0x7d, 0x9b, 0x2d, 0xeb, 0xb3, 0xe3, 0x96, 0x43, 0xf4,
1320
+    0xf5, 0x73, 0x97, 0xbe, 0x08, 0x23, 0x6a, 0x1e, 0x9e, 0xaf, 0xaa, 0x70,
1321
+    0x65, 0x36, 0xe7, 0x1c, 0x3a, 0xcf, 0xe0, 0x1c, 0xc6, 0x51, 0xf2, 0x3c,
1322
+    0x9e, 0x05, 0x85, 0x8f, 0xee, 0x13, 0xbb, 0x6a, 0x8a, 0xfc, 0x47, 0xdf,
1323
+    0x4e, 0xdc, 0x9a, 0x4b, 0xa3, 0x0b, 0xce, 0xcb, 0x73, 0xd0, 0x15, 0x78,
1324
+    0x52, 0x32, 0x7e, 0xe7, 0x89, 0x01, 0x5c, 0x2e, 0x8d, 0xee, 0x7b, 0x9f,
1325
+    0x05, 0xa0, 0xf3, 0x1a, 0xc9, 0x4e, 0xb6, 0x17, 0x31, 0x64, 0x74, 0x0c,
1326
+    0x5c, 0x95, 0x14, 0x7c, 0xd5, 0xf3, 0xb5, 0xae, 0x2c, 0xb4, 0xa8, 0x37,
1327
+    0x87, 0xf0, 0x1d, 0x8a, 0xb3, 0x1f, 0x27, 0xc2, 0xd0, 0xee, 0xa2, 0xdd,
1328
+    0x8a, 0x11, 0xab, 0x90, 0x6a, 0xba, 0x20, 0x7c, 0x43, 0xc6, 0xee, 0x12,
1329
+    0x53, 0x31, 0x02, 0x81, 0x80, 0x12, 0xf6, 0xb2, 0xcf, 0x13, 0x74, 0xa7,
1330
+    0x36, 0xfa, 0xd0, 0x56, 0x16, 0x05, 0x0f, 0x96, 0xab, 0x4b, 0x61, 0xd1,
1331
+    0x17, 0x7c, 0x7f, 0x9d, 0x52, 0x5a, 0x29, 0xf3, 0xd1, 0x80, 0xe7, 0x76,
1332
+    0x67, 0xe9, 0x9d, 0x99, 0xab, 0xf0, 0x52, 0x5d, 0x07, 0x58, 0x66, 0x0f,
1333
+    0x37, 0x52, 0x65, 0x5b, 0x0f, 0x25, 0xb8, 0xdf, 0x84, 0x31, 0xd9, 0xa8,
1334
+    0xff, 0x77, 0xc1, 0x6c, 0x12, 0xa0, 0xa5, 0x12, 0x2a, 0x9f, 0x0b, 0xf7,
1335
+    0xcf, 0xd5, 0xa2, 0x66, 0xa3, 0x5c, 0x15, 0x9f, 0x99, 0x12, 0x08, 0xb9,
1336
+    0x03, 0x16, 0xff, 0x44, 0x4f, 0x3e, 0x0b, 0x6b, 0xd0, 0xe9, 0x3b, 0x8a,
1337
+    0x7a, 0x24, 0x48, 0xe9, 0x57, 0xe3, 0xdd, 0xa6, 0xcf, 0xcf, 0x22, 0x66,
1338
+    0xb1, 0x06, 0x01, 0x3a, 0xc4, 0x68, 0x08, 0xd3, 0xb3, 0x88, 0x7b, 0x3b,
1339
+    0x00, 0x34, 0x4b, 0xaa, 0xc9, 0x53, 0x0b, 0x4c, 0xe7, 0x08, 0xfc, 0x32,
1340
+    0xb6};
1341
+const uint8_t kTestVector10Spki[] = {
1342
+    0x30, 0x82, 0x01, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
1343
+    0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0e, 0x00,
1344
+    0x30, 0x82, 0x01, 0x09, 0x02, 0x82, 0x01, 0x00, 0xa5, 0xdd, 0x86, 0x7a,
1345
+    0xc4, 0xcb, 0x02, 0xf9, 0x0b, 0x94, 0x57, 0xd4, 0x8c, 0x14, 0xa7, 0x70,
1346
+    0xef, 0x99, 0x1c, 0x56, 0xc3, 0x9c, 0x0e, 0xc6, 0x5f, 0xd1, 0x1a, 0xfa,
1347
+    0x89, 0x37, 0xce, 0xa5, 0x7b, 0x9b, 0xe7, 0xac, 0x73, 0xb4, 0x5c, 0x00,
1348
+    0x17, 0x61, 0x5b, 0x82, 0xd6, 0x22, 0xe3, 0x18, 0x75, 0x3b, 0x60, 0x27,
1349
+    0xc0, 0xfd, 0x15, 0x7b, 0xe1, 0x2f, 0x80, 0x90, 0xfe, 0xe2, 0xa7, 0xad,
1350
+    0xcd, 0x0e, 0xef, 0x75, 0x9f, 0x88, 0xba, 0x49, 0x97, 0xc7, 0xa4, 0x2d,
1351
+    0x58, 0xc9, 0xaa, 0x12, 0xcb, 0x99, 0xae, 0x00, 0x1f, 0xe5, 0x21, 0xc1,
1352
+    0x3b, 0xb5, 0x43, 0x14, 0x45, 0xa8, 0xd5, 0xae, 0x4f, 0x5e, 0x4c, 0x7e,
1353
+    0x94, 0x8a, 0xc2, 0x27, 0xd3, 0x60, 0x40, 0x71, 0xf2, 0x0e, 0x57, 0x7e,
1354
+    0x90, 0x5f, 0xbe, 0xb1, 0x5d, 0xfa, 0xf0, 0x6d, 0x1d, 0xe5, 0xae, 0x62,
1355
+    0x53, 0xd6, 0x3a, 0x6a, 0x21, 0x20, 0xb3, 0x1a, 0x5d, 0xa5, 0xda, 0xbc,
1356
+    0x95, 0x50, 0x60, 0x0e, 0x20, 0xf2, 0x7d, 0x37, 0x39, 0xe2, 0x62, 0x79,
1357
+    0x25, 0xfe, 0xa3, 0xcc, 0x50, 0x9f, 0x21, 0xdf, 0xf0, 0x4e, 0x6e, 0xea,
1358
+    0x45, 0x49, 0xc5, 0x40, 0xd6, 0x80, 0x9f, 0xf9, 0x30, 0x7e, 0xed, 0xe9,
1359
+    0x1f, 0xff, 0x58, 0x73, 0x3d, 0x83, 0x85, 0xa2, 0x37, 0xd6, 0xd3, 0x70,
1360
+    0x5a, 0x33, 0xe3, 0x91, 0x90, 0x09, 0x92, 0x07, 0x0d, 0xf7, 0xad, 0xf1,
1361
+    0x35, 0x7c, 0xf7, 0xe3, 0x70, 0x0c, 0xe3, 0x66, 0x7d, 0xe8, 0x3f, 0x17,
1362
+    0xb8, 0xdf, 0x17, 0x78, 0xdb, 0x38, 0x1d, 0xce, 0x09, 0xcb, 0x4a, 0xd0,
1363
+    0x58, 0xa5, 0x11, 0x00, 0x1a, 0x73, 0x81, 0x98, 0xee, 0x27, 0xcf, 0x55,
1364
+    0xa1, 0x3b, 0x75, 0x45, 0x39, 0x90, 0x65, 0x82, 0xec, 0x8b, 0x17, 0x4b,
1365
+    0xd5, 0x8d, 0x5d, 0x1f, 0x3d, 0x76, 0x7c, 0x61, 0x37, 0x21, 0xae, 0x05,
1366
+    0x02, 0x03, 0x01, 0x00, 0x01};
1367
+// RSA-PSS test vectors, pss-vect.txt, Example 10.1
1368
+const uint8_t kTestVector10Data[] = {
1369
+    0x88, 0x31, 0x77, 0xe5, 0x12, 0x6b, 0x9b, 0xe2, 0xd9, 0xa9,
1370
+    0x68, 0x03, 0x27, 0xd5, 0x37, 0x0c, 0x6f, 0x26, 0x86, 0x1f,
1371
+    0x58, 0x20, 0xc4, 0x3d, 0xa6, 0x7a, 0x3a, 0xd6, 0x09};
1372
+const uint8_t kTestVector10Sig[] = {
1373
+    0x82, 0xc2, 0xb1, 0x60, 0x09, 0x3b, 0x8a, 0xa3, 0xc0, 0xf7, 0x52, 0x2b,
1374
+    0x19, 0xf8, 0x73, 0x54, 0x06, 0x6c, 0x77, 0x84, 0x7a, 0xbf, 0x2a, 0x9f,
1375
+    0xce, 0x54, 0x2d, 0x0e, 0x84, 0xe9, 0x20, 0xc5, 0xaf, 0xb4, 0x9f, 0xfd,
1376
+    0xfd, 0xac, 0xe1, 0x65, 0x60, 0xee, 0x94, 0xa1, 0x36, 0x96, 0x01, 0x14,
1377
+    0x8e, 0xba, 0xd7, 0xa0, 0xe1, 0x51, 0xcf, 0x16, 0x33, 0x17, 0x91, 0xa5,
1378
+    0x72, 0x7d, 0x05, 0xf2, 0x1e, 0x74, 0xe7, 0xeb, 0x81, 0x14, 0x40, 0x20,
1379
+    0x69, 0x35, 0xd7, 0x44, 0x76, 0x5a, 0x15, 0xe7, 0x9f, 0x01, 0x5c, 0xb6,
1380
+    0x6c, 0x53, 0x2c, 0x87, 0xa6, 0xa0, 0x59, 0x61, 0xc8, 0xbf, 0xad, 0x74,
1381
+    0x1a, 0x9a, 0x66, 0x57, 0x02, 0x28, 0x94, 0x39, 0x3e, 0x72, 0x23, 0x73,
1382
+    0x97, 0x96, 0xc0, 0x2a, 0x77, 0x45, 0x5d, 0x0f, 0x55, 0x5b, 0x0e, 0xc0,
1383
+    0x1d, 0xdf, 0x25, 0x9b, 0x62, 0x07, 0xfd, 0x0f, 0xd5, 0x76, 0x14, 0xce,
1384
+    0xf1, 0xa5, 0x57, 0x3b, 0xaa, 0xff, 0x4e, 0xc0, 0x00, 0x69, 0x95, 0x16,
1385
+    0x59, 0xb8, 0x5f, 0x24, 0x30, 0x0a, 0x25, 0x16, 0x0c, 0xa8, 0x52, 0x2d,
1386
+    0xc6, 0xe6, 0x72, 0x7e, 0x57, 0xd0, 0x19, 0xd7, 0xe6, 0x36, 0x29, 0xb8,
1387
+    0xfe, 0x5e, 0x89, 0xe2, 0x5c, 0xc1, 0x5b, 0xeb, 0x3a, 0x64, 0x75, 0x77,
1388
+    0x55, 0x92, 0x99, 0x28, 0x0b, 0x9b, 0x28, 0xf7, 0x9b, 0x04, 0x09, 0x00,
1389
+    0x0b, 0xe2, 0x5b, 0xbd, 0x96, 0x40, 0x8b, 0xa3, 0xb4, 0x3c, 0xc4, 0x86,
1390
+    0x18, 0x4d, 0xd1, 0xc8, 0xe6, 0x25, 0x53, 0xfa, 0x1a, 0xf4, 0x04, 0x0f,
1391
+    0x60, 0x66, 0x3d, 0xe7, 0xf5, 0xe4, 0x9c, 0x04, 0x38, 0x8e, 0x25, 0x7f,
1392
+    0x1c, 0xe8, 0x9c, 0x95, 0xda, 0xb4, 0x8a, 0x31, 0x5d, 0x9b, 0x66, 0xb1,
1393
+    0xb7, 0x62, 0x82, 0x33, 0x87, 0x6f, 0xf2, 0x38, 0x52, 0x30, 0xd0, 0x70,
1394
+    0xd0, 0x7e, 0x16, 0x66};
1395
+
1396
+}  // namespace nss_test
1397
diff --git a/lib/freebl/rsapkcs.c b/lib/freebl/rsapkcs.c
1398
--- a/lib/freebl/rsapkcs.c
1399
+++ b/lib/freebl/rsapkcs.c
1400
@@ -85,6 +85,25 @@ rsa_modulusLen(SECItem *modulus)
1401
     return modLen;
1402
 }
1403
 
1404
+static unsigned int
1405
+rsa_modulusBits(SECItem *modulus)
1406
+{
1407
+    unsigned char byteZero = modulus->data[0];
1408
+    unsigned int numBits = (modulus->len - 1) * 8;
1409
+
1410
+    if (byteZero == 0) {
1411
+        numBits -= 8;
1412
+        byteZero = modulus->data[1];
1413
+    }
1414
+
1415
+    while (byteZero > 0) {
1416
+        numBits++;
1417
+        byteZero >>= 1;
1418
+    }
1419
+
1420
+    return numBits;
1421
+}
1422
+
1423
 /*
1424
  * Format one block of data for public/private key encryption using
1425
  * the rules defined in PKCS #1.
1426
@@ -962,12 +981,11 @@ failure:
1427
  * We use mHash instead of M as input.
1428
  * emBits from the RFC is just modBits - 1, see section 8.1.1.
1429
  * We only support MGF1 as the MGF.
1430
- *
1431
- * NOTE: this code assumes modBits is a multiple of 8.
1432
  */
1433
 static SECStatus
1434
 emsa_pss_encode(unsigned char *em,
1435
                 unsigned int emLen,
1436
+                unsigned int emBits,
1437
                 const unsigned char *mHash,
1438
                 HASH_HashType hashAlg,
1439
                 HASH_HashType maskHashAlg,
1440
@@ -1032,7 +1050,7 @@ emsa_pss_encode(unsigned char *em,
1441
     PORT_Free(dbMask);
1442
 
1443
     /* Step 11 */
1444
-    em[0] &= 0x7f;
1445
+    em[0] &= 0xff >> (8 * emLen - emBits);
1446
 
1447
     /* Step 12 */
1448
     em[emLen - 1] = 0xbc;
1449
@@ -1046,13 +1064,12 @@ emsa_pss_encode(unsigned char *em,
1450
  * We use mHash instead of M as input.
1451
  * emBits from the RFC is just modBits - 1, see section 8.1.2.
1452
  * We only support MGF1 as the MGF.
1453
- *
1454
- * NOTE: this code assumes modBits is a multiple of 8.
1455
  */
1456
 static SECStatus
1457
 emsa_pss_verify(const unsigned char *mHash,
1458
                 const unsigned char *em,
1459
                 unsigned int emLen,
1460
+                unsigned int emBits,
1461
                 HASH_HashType hashAlg,
1462
                 HASH_HashType maskHashAlg,
1463
                 unsigned int saltLen)
1464
@@ -1063,15 +1080,22 @@ emsa_pss_verify(const unsigned char *mHa
1465
     unsigned char *H_; /* H' from the RFC */
1466
     unsigned int i;
1467
     unsigned int dbMaskLen;
1468
+    unsigned int zeroBits;
1469
     SECStatus rv;
1470
 
1471
     hash = HASH_GetRawHashObject(hashAlg);
1472
     dbMaskLen = emLen - hash->length - 1;
1473
 
1474
-    /* Step 3 + 4 + 6 */
1475
+    /* Step 3 + 4 */
1476
     if ((emLen < (hash->length + saltLen + 2)) ||
1477
-        (em[emLen - 1] != 0xbc) ||
1478
-        ((em[0] & 0x80) != 0)) {
1479
+        (em[emLen - 1] != 0xbc)) {
1480
+        PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
1481
+        return SECFailure;
1482
+    }
1483
+
1484
+    /* Step 6 */
1485
+    zeroBits = 8 * emLen - emBits;
1486
+    if (em[0] >> (8 - zeroBits)) {
1487
         PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
1488
         return SECFailure;
1489
     }
1490
@@ -1091,7 +1115,7 @@ emsa_pss_verify(const unsigned char *mHa
1491
     }
1492
 
1493
     /* Step 9 */
1494
-    db[0] &= 0x7f;
1495
+    db[0] &= 0xff >> zeroBits;
1496
 
1497
     /* Step 10 */
1498
     for (i = 0; i < (dbMaskLen - saltLen - 1); i++) {
1499
@@ -1156,7 +1180,9 @@ RSA_SignPSS(RSAPrivateKey *key,
1500
 {
1501
     SECStatus rv = SECSuccess;
1502
     unsigned int modulusLen = rsa_modulusLen(&key->modulus);
1503
-    unsigned char *pssEncoded = NULL;
1504
+    unsigned int modulusBits = rsa_modulusBits(&key->modulus);
1505
+    unsigned int emLen = modulusLen;
1506
+    unsigned char *pssEncoded, *em;
1507
 
1508
     if (maxOutputLen < modulusLen) {
1509
         PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1510
@@ -1168,12 +1194,19 @@ RSA_SignPSS(RSAPrivateKey *key,
1511
         return SECFailure;
1512
     }
1513
 
1514
-    pssEncoded = (unsigned char *)PORT_Alloc(modulusLen);
1515
+    pssEncoded = em = (unsigned char *)PORT_Alloc(modulusLen);
1516
     if (pssEncoded == NULL) {
1517
         PORT_SetError(SEC_ERROR_NO_MEMORY);
1518
         return SECFailure;
1519
     }
1520
-    rv = emsa_pss_encode(pssEncoded, modulusLen, input, hashAlg,
1521
+
1522
+    /* len(em) == ceil((modulusBits - 1) / 8). */
1523
+    if (modulusBits % 8 == 1) {
1524
+        em[0] = 0;
1525
+        emLen--;
1526
+        em++;
1527
+    }
1528
+    rv = emsa_pss_encode(em, emLen, modulusBits - 1, input, hashAlg,
1529
                          maskHashAlg, salt, saltLength);
1530
     if (rv != SECSuccess)
1531
         goto done;
1532
@@ -1198,7 +1231,9 @@ RSA_CheckSignPSS(RSAPublicKey *key,
1533
 {
1534
     SECStatus rv;
1535
     unsigned int modulusLen = rsa_modulusLen(&key->modulus);
1536
-    unsigned char *buffer;
1537
+    unsigned int modulusBits = rsa_modulusBits(&key->modulus);
1538
+    unsigned int emLen = modulusLen;
1539
+    unsigned char *buffer, *em;
1540
 
1541
     if (sigLen != modulusLen) {
1542
         PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
1543
@@ -1210,7 +1245,7 @@ RSA_CheckSignPSS(RSAPublicKey *key,
1544
         return SECFailure;
1545
     }
1546
 
1547
-    buffer = (unsigned char *)PORT_Alloc(modulusLen);
1548
+    buffer = em = (unsigned char *)PORT_Alloc(modulusLen);
1549
     if (!buffer) {
1550
         PORT_SetError(SEC_ERROR_NO_MEMORY);
1551
         return SECFailure;
1552
@@ -1223,10 +1258,15 @@ RSA_CheckSignPSS(RSAPublicKey *key,
1553
         return SECFailure;
1554
     }
1555
 
1556
-    rv = emsa_pss_verify(hash, buffer, modulusLen, hashAlg,
1557
+    /* len(em) == ceil((modulusBits - 1) / 8). */
1558
+    if (modulusBits % 8 == 1) {
1559
+        emLen--;
1560
+        em++;
1561
+    }
1562
+    rv = emsa_pss_verify(hash, em, emLen, modulusBits - 1, hashAlg,
1563
                          maskHashAlg, saltLength);
1564
+
1565
     PORT_Free(buffer);
1566
-
1567
     return rv;
1568
 }
1569
 
view file @ daa3397876
... ... --- a/nss-softokn.spec
... ... +++ b/nss-softokn.spec
... ... @@ -1,6 +1,6 @@
1
%global nspr_version 4.13.1
1
%global nspr_version 4.17.0
2 2
%global nss_name nss
3
%global nss_util_version 3.28.3
3
%global nss_util_version 3.34.0
4 4
%global nss_util_build -2
5 5
%global unsupported_tools_directory %{_libdir}/nss/unsupported-tools
6 6
%global saved_files_dir %{_libdir}/nss/saved
... ... @@ -31,8 +31,8 @@
31 31
32 32
Summary:          Network Security Services Softoken Module
33 33
Name:             nss-softokn
34
Version:          3.28.3
35
Release:          6%{?dist}
34
Version:          3.34.0
35
Release:          2%{?dist}
36 36
License:          MPLv2.0
37 37
URL:              http://www.mozilla.org/projects/security/pki/nss/
38 38
Group:            System Environment/Libraries
... ... @@ -77,22 +77,12 @@ Source6: nss-softokn-dracut.conf
77 77
# Once has been bootstapped the patch may be removed, but it doesn't hurt to keep it.
78 78
Patch10:           iquote.patch
79 79
80
# Patch from Fedora, to fix issues in basicutil/secutil splitting
81
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1300109
82
Patch12:           nss-softokn-basicutil-dependency.patch
83
84 80
Patch97:	   nss-softokn-3.16-add_encrypt_derive.patch
85 81
86
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1334474
87
Patch100:          nss-softokn-pss-modulus-bits.patch
88
Patch101:          nss-softokn-pkcs12-sha2.patch
89 82
Patch102:          nss-softokn-tls-abi-fix.patch
90
Patch103:          nss-softokn-pkcs12-rsa-pss.patch
91
Patch104:          nss-softokn-ec-derive-pubkey-check.patch
92 83
# Not upstreamed: https://bugzilla.redhat.com/show_bug.cgi?id=1390154
93 84
Patch105:	   nss-softokn-3.28-fix-fips-login.patch
94
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1345089
95
Patch106:	   nss-softokn-fix-drbg.patch
85
Patch107:	   nss-softokn-fix-ecc-post.patch
96 86
97 87
%description
98 88
Network Security Services Softoken Cryptographic Module
... ... @@ -100,6 +90,10 @@ Network Security Services Softoken Cryptographic Module
90 90
%package freebl
91 91
Summary:          Freebl library for the Network Security Services
92 92
Group:            System Environment/Base
93
# Needed because nss-softokn-freebl dlopen()'s nspr and nss-util
94
# https://bugzilla.redhat.com/show_bug.cgi?id=1477308
95
Requires:         nspr >= %{nspr_version}
96
Requires:         nss-util >= %{nss_util_version}%{nss_util_build}
93 97
Conflicts:        nss < 3.12.2.99.3-5
94 98
Conflicts:        prelink < 0.4.3
95 99
Conflicts:        filesystem < 3
... ... @@ -147,18 +141,9 @@ Header and library files for doing development with Network Security Services.
141 141
142 142
%patch97 -p0 -b .add_encrypt_derive
143 143
144
pushd nss
145
%patch12 -p1 -b .basicutil-dependency
146
%patch100 -p1 -b .pss-modulus-bits
147
popd
148
%patch101 -p1 -b .pkcs12-sha2
149 144
%patch102 -p1 -b .tls-abi-fix
150
%patch103 -p1 -b .pkcs12-rsa-pss
151
%patch104 -p1 -b .ec-derive-pubkey-check
152 145
%patch105 -p1 -b .fix-fips-login
153
pushd nss
154
%patch106 -p1 -b .fix-drbg
155
popd
146
%patch107 -p1 -b .ecc_post
156 147
157 148
%build
158 149
... ... @@ -176,6 +161,9 @@ export FREEBL_NO_DEPEND
161 161
FREEBL_LOWHASH=1
162 162
export FREEBL_LOWHASH
163 163
164
NSS_FORCE_FIPS=1
165
export NSS_FORCE_FIPS
166
164 167
#FREEBL_USE_PRELINK=1
165 168
#export FREEBL_USE_PRELINK
166 169
... ... @@ -481,6 +469,36 @@ done
469 469
%{_includedir}/nss3/shsign.h
470 470
471 471
%changelog
472
* Tue Jan 16 2018 Daiki Ueno <dueno@redhat.com> - 3.34.0-2
473
- Rebuild to utilize ECC slotFlag added in nss-util
474
475
* Thu Nov 23 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-1
476
- Update to NSS 3.34.0
477
478
* Tue Nov 14 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-0.3.beta1
479
- let nss-softokn-freebl depend on recent version of nss-util,
480
  reported by Bob Peterson
481
482
* Fri Nov  3 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-0.2.beta1
483
- Fix indentation of nss-softokn-3.16-add_encrypt_derive.patch
484
485
* Mon Oct 30 2017 Daiki Ueno <dueno@redhat.com> - 3.34.0-0.1.beta1
486
- Update to NSS 3.34.BETA1
487
488
* Mon Oct  9 2017 Daiki Ueno <dueno@redhat.com> - 3.33.0-1
489
- Update to NSS 3.33.0
490
- Remove upstreamed patches: nss-softokn-basicutil-dependency.patch,
491
  nss-softokn-pss-modulus-bits.patch, nss-softokn-pkcs12-sha2.patch,
492
  nss-softokn-pkcs12-rsa-pss.patch,
493
  nss-softokn-ec-derive-pubkey-check.patch, and nss-softokn-fix-drbg.patch
494
495
* Wed Aug  2 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-8
496
- let nss-softokn-freebl depend on recent version of nspr (rhbz#1477308),
497
  patch by Kyle Walker
498
499
* Fri Jul 21 2017 Bob Relyea <rrelyea@redhat.com> - 3.28.3-7
500
- fix fips post so that they actually run at startup
501
472 502
* Fri May 26 2017 Daiki Ueno <dueno@redhat.com> - 3.28.3-6
473 503
- restore nss-softokn-3.16-add_encrypt_derive.patch
474 504

Comments