Apologies if this is the incorrect place to raise this. I was looking at the draft and the number of bits passed to EMSA-PSS-ENCODE here seems wrong (section 4.2 step 1):
encoded_msg = EMSA-PSS-ENCODE(msg, bit_len(n))
The argument needs to be bit_len(n) - 1 to ensure that the encoded message is less than the modulus. I think the minus one was there originally but got left off as part of the change from bytes to bits in #173.
The python implementation is working despite passing the modulus bit length to EMSA-PSS-ENCODE because the implementation of EMSA-PSS-ENCODE subtracts one from that argument immediately (which isn't specified in the RFC
Apologies if this is the incorrect place to raise this. I was looking at the draft and the number of bits passed to EMSA-PSS-ENCODE here seems wrong (section 4.2 step 1):
encoded_msg = EMSA-PSS-ENCODE(msg, bit_len(n))The argument needs to be
bit_len(n) - 1to ensure that the encoded message is less than the modulus. I think the minus one was there originally but got left off as part of the change from bytes to bits in #173.The python implementation is working despite passing the modulus bit length to
EMSA-PSS-ENCODEbecause the implementation ofEMSA-PSS-ENCODEsubtracts one from that argument immediately (which isn't specified in the RFC