This PR teaches SignRSAPSS and VerifyRSAPSS to understand Go salt length special cases: rsa.PSSSaltLengthAuto and rsa.PSSSaltLengthEqualsHash.
Unfortunately, CNG does not support them out-of-the-box.
rsa.PSSSaltLengthEqualsHash is straightforward to implement, it just means the salt length should be equal to the hash length.
rsa.PSSSaltLengthAuto requires decoding and understanding the bits of the signature, thus out of our scope. I would rather error out and fallback to Go crypto when rsa.PSSSaltLengthAuto is used.
Luckly it will only affect rsa.VerifyPSS, as rsa.SignPSS is converting the salt length to a concret value before calling us.
Added to #4 so we don't miss this limitation in the documentation.
This PR teaches
SignRSAPSSandVerifyRSAPSSto understand Go salt length special cases:rsa.PSSSaltLengthAutoandrsa.PSSSaltLengthEqualsHash.Unfortunately, CNG does not support them out-of-the-box.
rsa.PSSSaltLengthEqualsHashis straightforward to implement, it just means the salt length should be equal to the hash length.rsa.PSSSaltLengthAutorequires decoding and understanding the bits of the signature, thus out of our scope. I would rather error out and fallback to Go crypto whenrsa.PSSSaltLengthAutois used. Luckly it will only affectrsa.VerifyPSS, asrsa.SignPSSis converting the salt length to a concret value before calling us. Added to #4 so we don't miss this limitation in the documentation.