When we first implemented PKCS#1 1.5 signature verification we had not
implemented signature generation, so we implemented verification by
parsing the padding. Now that we have generation we can save some code
and arguably make verification safer. Also, this is the way RFC 3447
recommends to do it.
Expose `RSAEncoding` in the public API so that users of *ring* can use
it in type signatures. Add an "RSA" prefix to the exported types, since
they will be exported from `ring::signature`. Modify RSA tests to use
only the public API so as to ensure that enough of the API is public.
Besides improving type safety generally, this fixes a bug in RSA PSS
signing where the wrong value of `mod_bits` was being passed to
`Encoding::encode()`.
- Refactor Encoding trait to be randomised.
- Add RSA-PSS signing test cases.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
Output the extra leading zero byte when necessary.
Rename parameters in the `Encoding` interface to match the
specification and update the implementations to use the updated
variable names.
- Add tests for RSA-PSS verification from NIST test cases.
I agree to license my contributions to each file under the terms given
at the top of each file I changed.
