PSS salt Auto error fix

secure-systems-lab · Jun 28, 2024 · 8c0ff83 · 8c0ff83
1 parent c6d2729
commit 8c0ff83
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 9 deletions.
diff --git a/securesystemslib/signer/_crypto_signer.py b/securesystemslib/signer/_crypto_signer.py
@@ -130,7 +130,7 @@ def __init__(
                 raise ValueError(f"invalid rsa key: {type(private_key)}")
 
             hash_algo = public_key.get_hash_algorithm()
-            padding = public_key.get_padding_name(hash_algo)
+            padding = public_key.get_padding_name(hash_algo, False)
             self._sign_args = _RSASignArgs(padding, hash_algo)
             self._private_key = private_key
 

diff --git a/securesystemslib/signer/_gpg_signer.py b/securesystemslib/signer/_gpg_signer.py
@@ -64,7 +64,9 @@ def get_hash_algorithm(self) -> None:
     def get_padding_name_str(self) -> None:
         raise NotImplementedError
 
-    def get_padding_name(self, hash_algorithm: None) -> None:
+    def get_padding_name(
+        self, hash_algorithm: None, pss_salt_auto: bool
+    ) -> None:
         raise NotImplementedError
 
 

diff --git a/securesystemslib/signer/_key.py b/securesystemslib/signer/_key.py
@@ -224,7 +224,7 @@ def get_padding_name_str(self) -> Any:
         raise NotImplementedError
 
     @abstractmethod
-    def get_padding_name(self, hash_algorithm: Any) -> Any:
+    def get_padding_name(self, hash_algorithm: Any, pss_salt: bool) -> Any:
         """Return payload padding name used for this key as a AsymmetricPadding"""
 
         raise NotImplementedError
@@ -475,17 +475,20 @@ def get_hash_algorithm(self) -> "HashAlgorithm":
 
     def get_padding_name_str(self) -> str:
         padding_name = self.scheme.split("-")[1]
-
         return padding_name
 
     def get_padding_name(
-        self, hash_algorithm: "HashAlgorithm"
+        self, hash_algorithm: "HashAlgorithm", pss_salt_auto=True
     ) -> "AsymmetricPadding":
         name = self.get_padding_name_str()
         padding: AsymmetricPadding
         if name == "pss":
-            padding = PSS(mgf=MGF1(hash_algorithm), salt_length=PSS.AUTO)
-
+            if pss_salt_auto:
+                padding = PSS(mgf=MGF1(hash_algorithm), salt_length=PSS.AUTO)
+            else:
+                padding = PSS(
+                    mgf=MGF1(hash_algorithm), salt_length=PSS.DIGEST_LENGTH
+                )
         if name == "pkcs1v15":
             padding = PKCS1v15()
 

diff --git a/securesystemslib/signer/_sigstore_signer.py b/securesystemslib/signer/_sigstore_signer.py
@@ -100,7 +100,9 @@ def get_hash_algorithm(self) -> None:
     def get_padding_name_str(self) -> None:
         raise NotImplementedError
 
-    def get_padding_name(self, hash_algorithm: None) -> None:
+    def get_padding_name(
+        self, hash_algorithm: None, pss_salt_auto: bool
+    ) -> None:
         raise NotImplementedError
 
 

diff --git a/securesystemslib/signer/_spx_signer.py b/securesystemslib/signer/_spx_signer.py
@@ -96,7 +96,9 @@ def get_hash_algorithm(self) -> None:
     def get_padding_name_str(self) -> None:
         raise NotImplementedError
 
-    def get_padding_name(self, hash_algorithm: None) -> None:
+    def get_padding_name(
+        self, hash_algorithm: None, pss_salt_auto: bool
+    ) -> None:
         raise NotImplementedError