From 9e5b59bea48b05129bde66da5d1a40c5efe65504 Mon Sep 17 00:00:00 2001 From: wuriyanto Date: Sun, 11 Dec 2022 18:50:08 +0700 Subject: [PATCH] rsa digital sign: set pss option salt length equal to digest size --- rsax/sign.go | 6 ++++-- rsax/verify_sign.go | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/rsax/sign.go b/rsax/sign.go index 2270503..3da2fd2 100644 --- a/rsax/sign.go +++ b/rsax/sign.go @@ -23,7 +23,8 @@ func signWithPSS(privateKey *rsa.PrivateKey, msgHashSum := d.Sum(nil) - signature, err := rsa.SignPSS(rand.Reader, privateKey, h, msgHashSum, nil) + signature, err := rsa.SignPSS(rand.Reader, + privateKey, h, msgHashSum, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}) if err != nil { return nil, err } @@ -41,7 +42,8 @@ func signWithPSSIO(privateKey *rsa.PrivateKey, msgHashSum := d.Sum(nil) - signature, err := rsa.SignPSS(rand.Reader, privateKey, h, msgHashSum, nil) + signature, err := rsa.SignPSS(rand.Reader, + privateKey, h, msgHashSum, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}) if err != nil { return nil, err } diff --git a/rsax/verify_sign.go b/rsax/verify_sign.go index 4c67f1c..c397a91 100644 --- a/rsax/verify_sign.go +++ b/rsax/verify_sign.go @@ -22,7 +22,8 @@ func verifySignatureWithPSS(publicKey *rsa.PublicKey, msgHashSum := d.Sum(nil) - return rsa.VerifyPSS(publicKey, h, msgHashSum, signature, nil) + return rsa.VerifyPSS(publicKey, h, + msgHashSum, signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}) } func verifySignatureWithPSSIO(publicKey *rsa.PublicKey, @@ -35,7 +36,8 @@ func verifySignatureWithPSSIO(publicKey *rsa.PublicKey, msgHashSum := d.Sum(nil) - return rsa.VerifyPSS(publicKey, h, msgHashSum, signature, nil) + return rsa.VerifyPSS(publicKey, h, + msgHashSum, signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash}) } // VerifySignatureWithPSSMd5 will verify signature data with RSA PSS and MD5