Allow rsa.PSSSaltLengthEqualsHash as option

This commit adds support to the salt length set to
rsa.PSSSaltLengthEqualsHash when signing with an RSA key. This is
currently supported, but the user must sspecify the length to the digest
size.

Adding rsa.PSSSaltLengthEqualsHash allows using a key generated by the
TPM for TLS client authentication, Go will set this option by default
if an RSA key is used.

Signed-off-by: Mariano Cano <[email protected]>

Author: maraino

attest/application_key_test.go

@@ -288,6 +288,18 @@ func testKeySign(t *testing.T, tpm *TPM) {
 			},
 			digest: []byte("1234567890123456789012345678901212345678901234567890123456789012"),
 		},
+		{
+			name: "RSA2048-PSS-SHA256, explicit salt len",
+			keyOpts: &KeyConfig{
+				Algorithm: RSA,
+				Size:      2048,
+			},
+			signOpts: &rsa.PSSOptions{
+				SaltLength: rsa.PSSSaltLengthEqualsHash,
+				Hash:       crypto.SHA256,
+			},
+			digest: []byte("12345678901234567890123456789012"),
+		},
 		{
 			name: "RSA2048-PSS-SHA256, explicit salt len",
 			keyOpts: &KeyConfig{

attest/wrapped_tpm20.go

@@ -652,8 +652,8 @@ func signRSA(rw io.ReadWriter, key tpmutil.Handle, digest []byte, opts crypto.Si
 	}
 
 	if pss, ok := opts.(*rsa.PSSOptions); ok {
-		if pss.SaltLength != rsa.PSSSaltLengthAuto && pss.SaltLength != len(digest) {
-			return nil, fmt.Errorf("PSS salt length %d is incorrect, expected rsa.PSSSaltLengthAuto or %d", pss.SaltLength, len(digest))
+		if pss.SaltLength != rsa.PSSSaltLengthAuto && pss.SaltLength != rsa.PSSSaltLengthEqualsHash && pss.SaltLength != len(digest) {
+			return nil, fmt.Errorf("PSS salt length %d is incorrect, expected rsa.PSSSaltLengthAuto, rsa.PSSSaltLengthEqualsHash or %d", pss.SaltLength, len(digest))
 		}
 		scheme.Alg = tpm2.AlgRSAPSS
 	}