Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others) #43923

Open
shaunco opened this issue Jan 26, 2021 · 5 comments · May be fixed by #58242
Open

crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others) #43923

shaunco opened this issue Jan 26, 2021 · 5 comments · May be fixed by #58242
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone

Comments

@shaunco
Copy link

shaunco commented Jan 26, 2021

$ go version
go version go1.15.5 linux/amd64

Does this issue reproduce with the latest release?

Yes

What did you do?

rsa.VerifyPKCS1v15(myPublicKey, crypto.SHA3_224, hashed, signature)

What did you expect to see?

A properly verified hash. pkcs1v15HashInfo() needs to calculate the ASN1 DER prefix for algorithms that aren't in the lookup table.

What did you see instead?

crypto/rsa: unsupported hash function

Additional notes

The current code has a table of precomputed ASN1 DER prefixes for 8 algorithms. All other algorithms get crypto/rsa: unsupported hash function, even though they are valid.

@toothrot toothrot changed the title RSA-PSS PKCS1v15 should support SHA3 hashes (and others) x/crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others) Jan 27, 2021
@gopherbot gopherbot added this to the Unreleased milestone Jan 27, 2021
@toothrot toothrot changed the title x/crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others) crypto/rsa: RSA-PSS PKCS1v15 should support SHA3 hashes (and others) Jan 27, 2021
@toothrot
Copy link
Contributor

/cc @FiloSottile

@toothrot toothrot added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jan 27, 2021
@FiloSottile
Copy link
Contributor

It's a bit unclear to me why anyone would want to use legacy PKCS#1 v1.5 with SHA-3, but if there is a need I'd accept a PR to add the relevant ASN.1 prefixes.

@shaunco
Copy link
Author

shaunco commented Jan 29, 2021

I too wish the originator of the signatures I'm dealing with had used PSS. I'll try to find some time to submit a PR so I can ditch the current workaround I put in place.

@w3bb
Copy link

w3bb commented May 29, 2021

Trying to reimplement a program, for some reason they use an SHA-3 hash in this way and it's broken for me.

@shaunco What's your workaround?

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/464695 mentions this issue: crypto: pkcs1v15 should support sha3 hashes and others

@tristov-aurora
Copy link

tristov-aurora commented Feb 10, 2024

It's a bit unclear to me why anyone would want to use legacy PKCS#1 v1.5 with SHA-3, but if there is a need I'd accept a PR to add the relevant ASN.1 prefixes.

Unfortunately, it's still used even in new hardware like ZynqMP FPGA -- RSA4096-SHA3-384 with pkcs#1v1.5 is the only scheme it supports; I suspect there's other hardware out there with similar settings. In those cases no pkcs#1v.15 with SHA3 support also means it's hard (not impossible) to use Vault transit keys for signing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants