FAQ
https://codereview.appspot.com/9438043/diff/20001/src/pkg/crypto/rsa/pss.go
File src/pkg/crypto/rsa/pss.go (right):

https://codereview.appspot.com/9438043/diff/20001/src/pkg/crypto/rsa/pss.go#newcode190
src/pkg/crypto/rsa/pss.go:190: func SignPSS(rand io.Reader, priv
*PrivateKey, hash crypto.Hash, hashed []byte, saltLen int) (s []byte,
err error) {
Some reorganisation is probably needed before landing, but I can do that
before submitting.

The only important point is the interface: I don't think the saltLen
parameters should be there.

OpenSSL allows one to specify an optional structure that can set the
salt len but the defaults are to set the salt to be as long as possible
when encoding and decoding. I think we should mirror that or, if you
feel strongly that the salt length needs to be a parameter, then we
could have a optional options struct. But OpenSSL's version includes
some pretty obscure options that I'm not sure that we would want to
support:

typedef struct rsa_pss_params_st
»·······{
»·······X509_ALGOR *hashAlgorithm;
»·······X509_ALGOR *maskGenAlgorithm;
»·······ASN1_INTEGER *saltLength;
»·······ASN1_INTEGER *trailerField;
»·······} RSA_PSS_PARAMS;

https://codereview.appspot.com/9438043/

--

---
You received this message because you are subscribed to the Google Groups "golang-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

  • Monnand at May 20, 2013 at 8:19 pm
    https://codereview.appspot.com/9438043/diff/20001/src/pkg/crypto/rsa/pss.go
    File src/pkg/crypto/rsa/pss.go (right):

    https://codereview.appspot.com/9438043/diff/20001/src/pkg/crypto/rsa/pss.go#newcode190
    src/pkg/crypto/rsa/pss.go:190: func SignPSS(rand io.Reader, priv
    *PrivateKey, hash crypto.Hash, hashed []byte, saltLen int) (s []byte,
    err error) {
    On 2013/05/20 19:56:23, agl1 wrote:
    Some reorganisation is probably needed before landing, but I can do
    that before
    submitting.
    The only important point is the interface: I don't think the saltLen
    parameters
    should be there.
    I agree. After a reading of more details, I would rather set the saltLen
    as len(hashed) (or hash.Size())
    OpenSSL allows one to specify an optional structure that can set the salt len
    but the defaults are to set the salt to be as long as possible when
    encoding and
    decoding. I think we should mirror that or, if you feel strongly that the salt
    length needs to be a parameter, then we could have a optional options struct.
    But OpenSSL's version includes some pretty obscure options that I'm not sure
    that we would want to support:
    typedef struct rsa_pss_params_st
    »·······{
    »·······X509_ALGOR *hashAlgorithm;
    »·······X509_ALGOR *maskGenAlgorithm;
    »·······ASN1_INTEGER *saltLength;
    »·······ASN1_INTEGER *trailerField;
    »·······} RSA_PSS_PARAMS;
    To me, supporting such many of options may confuse the user which may in
    turn lead to some bad decisions. I agree that it would be better to
    provide a less-flexible version of the interface.

    I will make the change and upload a new version soon.

    https://codereview.appspot.com/9438043/

    --

    ---
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Monnand at May 20, 2013 at 8:23 pm
    Hello agl@chromium.org, agl@golang.org (cc: gobot@golang.org,
    golang-dev@googlegroups.com, r@golang.org),

    Please take another look.


    https://codereview.appspot.com/9438043/

    --

    ---
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Monnand at May 20, 2013 at 8:26 pm
    Hello agl@chromium.org, agl@golang.org (cc: gobot@golang.org,
    golang-dev@googlegroups.com, r@golang.org),

    Please take another look.


    https://codereview.appspot.com/9438043/

    --

    ---
    You received this message because you are subscribed to the Google Groups "golang-dev" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-dev+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-dev @
categoriesgo
postedMay 20, '13 at 7:56p
activeMay 20, '13 at 8:26p
posts4
users2
websitegolang.org

2 users in discussion

Monnand: 3 posts Agl: 1 post

People

Translate

site design / logo © 2022 Grokbase