crypto/rsa: allow hash.Hash for PSS and MGF1 to be specified independently

KeiichiHirobe commented 3 years ago

I've checked https://github.com/golang/go/issues/19974. And, I am aware of comment https://github.com/golang/go/issues/19974#issuecomment-530862973.

SignPSS/VerifyPSS have almost the same problem as that issue. I wanted to call SignPSS using RSASSA-PSS with SHA-256 with MGF1SHA1 because server which is hosted by third party needs that, but I couldn't.

It seems good to simply add option MGF1Hash to PSSOptions. It is not invasing, and keep backwards compatibility.

If there are no counter-proposals, I' ll create a patch.

// PSSOptions contains options for creating and verifying PSS signatures.
type PSSOptions struct {
    SaltLength int
    Hash crypto.Hash
        // ADD OPTION HERE
    // MGF1Hash is the hash function used for MGF1 . 
        // If zero,  hash function used to generate the message digest will be used.
    MGF1Hash  crypto.Hash
}

seankhliao commented 3 years ago

cc @FiloSottile @agl @katiehockman @rolandshoemaker

bonurgeyik commented 6 months ago

@KeiichiHirobe I have the same problem, did you find a solution or workaround to make it work in go?

KeiichiHirobe commented 6 months ago

@bonurgeyik Unfortunately I haven't found it

golang / go

crypto/rsa: allow hash.Hash for PSS and MGF1 to be specified independently #46233