Skip to content

Commit 0555240

Browse files
booradboorad
committed
test: cover RSA-PSS saltLength default in sign/verify tests
Verify that omitting saltLength with RSA_PKCS1_PSS_PADDING produces a signature that round-trips both with no explicit saltLength and with the explicit RSA_PSS_SALTLEN_MAX_SIGN constant.
1 parent 299cbb6 commit 0555240

2 files changed

Lines changed: 66 additions & 0 deletions

File tree

example/src/tests/keys/sign_verify_oneshot.ts

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -113,6 +113,38 @@ test(SUITE, 'RSA-PSS with padding and salt length options', () => {
113113
expect(isValid).to.equal(true);
114114
});
115115

116+
test(SUITE, 'RSA-PSS defaults saltLength to MAX_SIGN when undefined', () => {
117+
const signature = sign('SHA256', testData, {
118+
key: rsaPrivateKeyPem,
119+
padding: constants.RSA_PKCS1_PSS_PADDING,
120+
});
121+
122+
const isValid = verify(
123+
'SHA256',
124+
testData,
125+
{
126+
key: rsaPublicKeyPem,
127+
padding: constants.RSA_PKCS1_PSS_PADDING,
128+
},
129+
signature,
130+
);
131+
132+
expect(isValid).to.equal(true);
133+
134+
const isValidExplicit = verify(
135+
'SHA256',
136+
testData,
137+
{
138+
key: rsaPublicKeyPem,
139+
padding: constants.RSA_PKCS1_PSS_PADDING,
140+
saltLength: constants.RSA_PSS_SALTLEN_MAX_SIGN,
141+
},
142+
signature,
143+
);
144+
145+
expect(isValidExplicit).to.equal(true);
146+
});
147+
116148
// --- ECDSA Tests ---
117149

118150
test(SUITE, 'ECDSA P-256 with DER encoding', async () => {

example/src/tests/keys/sign_verify_streaming.ts

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -219,6 +219,40 @@ test(SUITE, 'RSA-PSS with SHA256 and auto salt length', () => {
219219
expect(isValid).to.equal(true);
220220
});
221221

222+
test(SUITE, 'RSA-PSS defaults saltLength to MAX_SIGN when undefined', () => {
223+
const signer = createSign('SHA256');
224+
signer.update(testData);
225+
const signature = signer.sign({
226+
key: rsaPrivateKeyPem,
227+
padding: constants.RSA_PKCS1_PSS_PADDING,
228+
});
229+
230+
const verifier = createVerify('SHA256');
231+
verifier.update(testData);
232+
const isValid = verifier.verify(
233+
{
234+
key: rsaPublicKeyPem,
235+
padding: constants.RSA_PKCS1_PSS_PADDING,
236+
},
237+
signature,
238+
);
239+
240+
expect(isValid).to.equal(true);
241+
242+
const verifierExplicit = createVerify('SHA256');
243+
verifierExplicit.update(testData);
244+
const isValidExplicit = verifierExplicit.verify(
245+
{
246+
key: rsaPublicKeyPem,
247+
padding: constants.RSA_PKCS1_PSS_PADDING,
248+
saltLength: constants.RSA_PSS_SALTLEN_MAX_SIGN,
249+
},
250+
signature,
251+
);
252+
253+
expect(isValidExplicit).to.equal(true);
254+
});
255+
222256
// --- KeyObject Tests ---
223257

224258
test(SUITE, 'Sign/Verify with KeyObject', () => {

0 commit comments

Comments
 (0)