Add PSS to the AVCP regcap.

PSS verification with RSA 1024 is still acceptable. This change adds it to our regcap. SHA-512 is omitted because that doesn't fit in 1024 bits with PSS encoding. (Unless you shrink the salt, but we don't want to deal with odd PSS configurations like that.) Change-Id: I05d4778d45c25c87e2e50cd095380ecd4f12c75c Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52427 Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Bob Beck <bbe@google.com>
3 years ago · 1a541d4db6
parent 82413455b8
commit 1a541d4db6
1 changed files with 18 additions and 0 deletions
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@ -697,6 +697,24 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
              "hashAlg": "SHA-1"
            }]
          }]
+        },{
+          "sigType": "pss",
+          "properties": [{
+            "modulo": 1024,
+            "hashPair": [{
+              "hashAlg": "SHA2-224",
+              "saltLen": 28
+            }, {
+              "hashAlg": "SHA2-256",
+              "saltLen": 32
+            }, {
+              "hashAlg": "SHA2-384",
+              "saltLen": 48
+            }, {
+              "hashAlg": "SHA-1",
+              "saltLen": 20
+            }]
+          }]
        },{
          "sigType": "pss",
          "properties": [{