src/pki/testdata/verify_signed_data_unittest/rsa-pss-sha256-wrong-salt.pem - third_party/boringssl - Git at Google

 This is the same as rsa-pss-sha256.pem, except the signature was generated
 with a salt length of 33 instead of 32, while the algorithm still reports
 the standard value of 32.

 The public key in SPKI form:
 $ openssl pkey -in key.pem -pubout
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLX
 m/Q4HSJdP/kECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFz
 UZ3rBOMp4yESFLWoSL0quL0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIF
 IEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8emaGu50OKRSgziQB50JHKD0zRsh1cgUc
 QTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQdAzDYRQ/bq/v7LNYQc+Gu
 d+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIal6ARF0iWU
 XQIDAQAB
 -----END PUBLIC KEY-----

 The signing algorithm:

 $ openssl asn1parse -i < [ALGORITHM]
     0:d=0  hl=2 l=  65 cons: SEQUENCE
     2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
    13:d=1  hl=2 l=  52 cons:  SEQUENCE
    15:d=2  hl=2 l=  15 cons:   cont [ 0 ]
    17:d=3  hl=2 l=  13 cons:    SEQUENCE
    19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
    30:d=4  hl=2 l=   0 prim:     NULL
    32:d=2  hl=2 l=  28 cons:   cont [ 1 ]
    34:d=3  hl=2 l=  26 cons:    SEQUENCE
    36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
    47:d=4  hl=2 l=  13 cons:     SEQUENCE
    49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
    60:d=5  hl=2 l=   0 prim:      NULL
    62:d=2  hl=2 l=   3 cons:   cont [ 2 ]
    64:d=3  hl=2 l=   1 prim:    INTEGER           :20
 -----BEGIN ALGORITHM-----
 MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgw
 DQYJYIZIAWUDBAIBBQCiAwIBIA==
 -----END ALGORITHM-----

 -----BEGIN DATA-----
 x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
 frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
 nNV1xPnLMnlRuM3+QIcWg=
 -----END DATA-----

 The signature was generated with:
 $ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \
     -sigopt rsa_pss_saltlen:33 < [DATA] > [SIGNATURE]

 Then the signature was wrapped in a BIT STRING.

 $ openssl asn1parse -i < [SIGNATURE]
     0:d=0  hl=4 l= 257 prim: BIT STRING
 -----BEGIN SIGNATURE-----
 A4IBAQB4R+AnrWUH+TvyBU3yR1GP1ghodbwUZdyJfG1rqzEqpY/MJtsd1YM9bC9q
 FqHao1+idLj+WSl91hbtZAEtNb0TDdXkO+iattPYsTBAeLm70A7DbqwM7s/1rTp0
 KJ4QFOJe05wYO+p/zHZ4Oiyhx2bCx+8J1FLlYEtwR0NhwRwPflVO7TNZC1l40iqk
 iyxsJrXsibuFnFnBe6BytBdlKF/CHFuve6z5aLauuuQtA17I6YRZ4cdKceD9I3Hs
 NVhe+V1V10YoMDx3AywQTnaM+Au+VoxHU6oh9KP5lrrzBhPZPDtzfF++4Ag2Vd2O
 GFvPoL8xTp3S8QG5iVs90BkW8GvL
 -----END SIGNATURE-----
	This is the same as rsa-pss-sha256.pem, except the signature was generated
	with a salt length of 33 instead of 32, while the algorithm still reports
	the standard value of 32.

	The public key in SPKI form:
	$ openssl pkey -in key.pem -pubout
	-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLX
	m/Q4HSJdP/kECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFz
	UZ3rBOMp4yESFLWoSL0quL0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIF
	IEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8emaGu50OKRSgziQB50JHKD0zRsh1cgUc
	QTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQdAzDYRQ/bq/v7LNYQc+Gu
	d+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIal6ARF0iWU
	XQIDAQAB
	-----END PUBLIC KEY-----

	The signing algorithm:

	$ openssl asn1parse -i < [ALGORITHM]
	0:d=0 hl=2 l= 65 cons: SEQUENCE
	2:d=1 hl=2 l= 9 prim: OBJECT :rsassaPss
	13:d=1 hl=2 l= 52 cons: SEQUENCE
	15:d=2 hl=2 l= 15 cons: cont [ 0 ]
	17:d=3 hl=2 l= 13 cons: SEQUENCE
	19:d=4 hl=2 l= 9 prim: OBJECT :sha256
	30:d=4 hl=2 l= 0 prim: NULL
	32:d=2 hl=2 l= 28 cons: cont [ 1 ]
	34:d=3 hl=2 l= 26 cons: SEQUENCE
	36:d=4 hl=2 l= 9 prim: OBJECT :mgf1
	47:d=4 hl=2 l= 13 cons: SEQUENCE
	49:d=5 hl=2 l= 9 prim: OBJECT :sha256
	60:d=5 hl=2 l= 0 prim: NULL
	62:d=2 hl=2 l= 3 cons: cont [ 2 ]
	64:d=3 hl=2 l= 1 prim: INTEGER :20
	-----BEGIN ALGORITHM-----
	MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgw
	DQYJYIZIAWUDBAIBBQCiAwIBIA==
	-----END ALGORITHM-----

	-----BEGIN DATA-----
	x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
	frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
	nNV1xPnLMnlRuM3+QIcWg=
	-----END DATA-----

	The signature was generated with:
	$ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \
	-sigopt rsa_pss_saltlen:33 < [DATA] > [SIGNATURE]

	Then the signature was wrapped in a BIT STRING.

	$ openssl asn1parse -i < [SIGNATURE]
	0:d=0 hl=4 l= 257 prim: BIT STRING
	-----BEGIN SIGNATURE-----
	A4IBAQB4R+AnrWUH+TvyBU3yR1GP1ghodbwUZdyJfG1rqzEqpY/MJtsd1YM9bC9q
	FqHao1+idLj+WSl91hbtZAEtNb0TDdXkO+iattPYsTBAeLm70A7DbqwM7s/1rTp0
	KJ4QFOJe05wYO+p/zHZ4Oiyhx2bCx+8J1FLlYEtwR0NhwRwPflVO7TNZC1l40iqk
	iyxsJrXsibuFnFnBe6BytBdlKF/CHFuve6z5aLauuuQtA17I6YRZ4cdKceD9I3Hs
	NVhe+V1V10YoMDx3AywQTnaM+Au+VoxHU6oh9KP5lrrzBhPZPDtzfF++4Ag2Vd2O
	GFvPoL8xTp3S8QG5iVs90BkW8GvL
	-----END SIGNATURE-----