crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others)

[shaunco]

$ go version
go version go1.15.5 linux/amd64

Does this issue reproduce with the latest release?

Yes

What did you do?

rsa.VerifyPKCS1v15(myPublicKey, crypto.SHA3_224, hashed, signature)

What did you expect to see?

A properly verified hash. pkcs1v15HashInfo() needs to calculate the ASN1 DER prefix for algorithms that aren't in the lookup table.

What did you see instead?

crypto/rsa: unsupported hash function

Additional notes

The current code has a table of precomputed ASN1 DER prefixes for 8 algorithms. All other algorithms get crypto/rsa: unsupported hash function, even though they are valid.

[toothrot]

/cc @FiloSottile

[FiloSottile]

It's a bit unclear to me why anyone would want to use legacy PKCS#1 v1.5 with SHA-3, but if there is a need I'd accept a PR to add the relevant ASN.1 prefixes.

[shaunco]

I too wish the originator of the signatures I'm dealing with had used PSS. I'll try to find some time to submit a PR so I can ditch the current workaround I put in place.

[w3bb]

Trying to reimplement a program, for some reason they use an SHA-3 hash in this way and it's broken for me.

@shaunco What's your workaround?