Allow rsa.PSSSaltLengthEqualsHash as option #361

maraino · 2024-01-11T01:13:46Z

This commit adds support to the salt length set to rsa.PSSSaltLengthEqualsHash when signing with an RSA key. This is currently supported, but the user must specify the length of the digest size.

Adding rsa.PSSSaltLengthEqualsHash allows the use of a key generated by the TPM for TLS client/server authentication. Go will set this option by default if an RSA key is used.

The client code looks like this:

if sigType == signatureRSAPSS {
        signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
}
sig, err := cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts)

This commit adds support to the salt length set to rsa.PSSSaltLengthEqualsHash when signing with an RSA key. This is currently supported, but the user must sspecify the length to the digest size. Adding rsa.PSSSaltLengthEqualsHash allows using a key generated by the TPM for TLS client authentication, Go will set this option by default if an RSA key is used. Signed-off-by: Mariano Cano <[email protected]>

maraino force-pushed the fix-tls branch from 13e9507 to dca66cd Compare January 11, 2024 01:17

maraino added 3 commits July 22, 2024 12:30

Merge branch 'master' into fix-tls

6a34e66

Merge branch 'master' into fix-tls

4a9ed96

Merge branch 'master' into fix-tls

f1739c8

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow rsa.PSSSaltLengthEqualsHash as option #361

Allow rsa.PSSSaltLengthEqualsHash as option #361

maraino commented Jan 11, 2024 •

edited

Loading

Allow rsa.PSSSaltLengthEqualsHash as option #361

Are you sure you want to change the base?

Allow rsa.PSSSaltLengthEqualsHash as option #361

Conversation

maraino commented Jan 11, 2024 • edited Loading

maraino commented Jan 11, 2024 •

edited

Loading