This PR teaches SignRSAPSS and VerifyRSAPSS to understand Go salt length special cases: rsa.PSSSaltLengthAuto and rsa.PSSSaltLengthEqualsHash.
Unfortunately, CNG does not support them out-of-the-box.
rsa.PSSSaltLengthEqualsHash is straightforward to implement, it just means the salt length should be equal to the hash length.
rsa.PSSSaltLengthAuto requires decoding and understanding the bits of the signature, thus out of our scope. I would rather error out and fallback to Go crypto when rsa.PSSSaltLengthAuto is used.
Luckly it will only affect rsa.VerifyPSS, as rsa.SignPSS is converting the salt length to a concret value before calling us.
Added to #4 so we don't miss this limitation in the documentation.
This PR teaches
SignRSAPSS
andVerifyRSAPSS
to understand Go salt length special cases:rsa.PSSSaltLengthAuto
andrsa.PSSSaltLengthEqualsHash
.Unfortunately, CNG does not support them out-of-the-box.
rsa.PSSSaltLengthEqualsHash
is straightforward to implement, it just means the salt length should be equal to the hash length.rsa.PSSSaltLengthAuto
requires decoding and understanding the bits of the signature, thus out of our scope. I would rather error out and fallback to Go crypto whenrsa.PSSSaltLengthAuto
is used. Luckly it will only affectrsa.VerifyPSS
, asrsa.SignPSS
is converting the salt length to a concret value before calling us. Added to #4 so we don't miss this limitation in the documentation.