[cryptography] Error in PKCS #1 v2.1?

Alexander Klimov alserkli at inbox.ru
Thu Feb 17 09:20:06 EST 2011


On Thu, 17 Feb 2011, Paul Crowley wrote:
> Surely where it says ceil((modBits ? 1)/8) it has to mean
> floor((modBits ? 1)/8)?  For a simple example, suppose the modulus
> were 10 bits.  Then ceil((modBits ? 1)/8) = 2, so EM will be two
> bytes long, too long for a 10 bit modulus.  If the floor function is
> used, then EM will always be exactly the maximum length in bytes
> that a modulus of length modBits can be guaranteed to handle
> properly.

I guess the standard is correct: consider that

 EMSA-PSS-ENCODE (M, emBits)

outputs EM consisting of ceil(emBits/8) octets or gives an error and
similarly

 RSASP1 (K, m)

outputs (integer) signature or gives "message representative out of
range". So, if

 RSASSA-PSS-SIGN (K, M)

gets M which is too large, then one of the above operations will
detect the problem.

-- 
Regards,
ASK



More information about the cryptography mailing list