ericchiang
commented
1 year ago Hey! I don't remember exactly why this was omitted, but I also don't see any way for us to pass the salt length to the YubiKey:
https://pkg.go.dev/crypto/rsa#PSSOptions https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-73-4.pdf#page=117
For other protocols, like PKCS #11, there are additional parameters for the signing operation:
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cs01/pkcs11-curr-v2.40-cs01.html#_Toc399398845
Maybe this is using the implicit rsa.PSSSaltLengthAuto value, and letting the card choose the salt length rather than the caller? What if you provide an implicit salt length, and https://pkg.go.dev/crypto/rsa#VerifyPSS?
I'm using a certificate stored on a Yubikey to authenticate with a server. After enabling TLS 1.3, the flow broke because the TLS handshake attempts to use rsassa-pss and this library prevents that here:
Disabling rsassa-pss is not possible, unfortunately.
Interestingly, if I comment out the code above, the Yubikey seems to support this just fine, and the authentication succeeds.
What was the historical reason for introducing the check above? Was it related to the issues that golang had introducing support for rsassa-pss? Or maybe older Yubikeys did not support it?
Could removing this check be an option?