Signing with RSA-PSS does not hash the message with the given function

[beamer159]

I have code that looks like this:

let mechanism = Mechanism::RsaPkcsPss(PkcsPssParams {
    hash_alg: MechanismType::SHA256,
    mgf: PkcsMgfType::MGF1_SHA256,
    s_len: Ulong::from(32)
});
let label = Attribute::Label(keyname.to_string().into_bytes());
let key = session
    .find_objects(&[label])
    .unwrap()
    .into_iter()
    .nth(0)
    .unwrap();
let signature = session.sign(&mechanism, key, data);

Here, data is a &[u8]. This code only works if data has length 20, 28, 32, 48, or 64. As it turns out, these are the digest lengths for SHA1, SHA224, SHA256, SHA384, and SHA512 respectively, and it works for all five of these sizes regardless of the mechanism specifying SHA256. I expected this code to use the mechanism provided to perform the corresponding hash function on the input data. Is this an incorrect assumption on my part?

[beamer159]

Looking into this further, the mechanism used is CKM_RSA_PKCS_PSS, whose details can be found here. Specifically, it says the following:

[this mechanism] does not compute a hash value on the message to be signed.

The mechanism I want to use is CKM_SHA256_RSA_PKCS_PSS (here). Does this library currently support using this mechanism?

[ionut-arm]

Hi,

Thanks for getting in touch, the short answer is no - we don't support it right now, but we will be after #81 . This does mean, however, that you'd need to wait until the next release to get access to it through crates.io, if you need to publish a crate yourself.

[ionut-arm]

@beamer159 - as I've merged #81, can I close this?

[beamer159]

Yes. #81 resolved the issue.