[crypto] Add support for RSA-PSS signature scheme

Add support for the RSA-PSS signature scheme as defined in RFC 8017
and required for TLS version 1.3.

Signature verification is deliberately implemented by first deriving
the salt value and then reconstructing the entire expected signature.
This is arguably inefficient since it involves two invocations of the
mask generation function when only one is required.  However, this
implementation approach keeps the code size minimal (since there is no
need to implement separate verification logic), and makes it provably
impossible to accidentally omit a verification step (such as checking
the leading zero bits or the fixed 0x01 or 0xbc bytes).  Since
signature verification is not a fast-path operation, the guaranteed
correctness is more valuable than a marginally faster execution.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2026-05-06 22:14:17 +01:00
parent c8743b8c8e
commit 0c617b9132
3 changed files with 472 additions and 5 deletions
+1
View File
@@ -57,6 +57,7 @@ struct rsa_digestinfo_prefix {
#define __rsa_digestinfo_prefix __table_entry ( RSA_DIGESTINFO_PREFIXES, 01 )
extern struct pubkey_algorithm rsa_algorithm;
extern struct pubkey_algorithm rsa_pss_algorithm;
extern int ( * rsa_get_random ) ( void *data, size_t len );