Bli explicit about salt length when doing PSS padding.

rohe · rohe · commit 5c088c1f4dff · 2025-04-29T17:04:22.000+02:00
diff --git a/src/cryptojwt/jws/pss.py b/src/cryptojwt/jws/pss.py
@@ -17,10 +17,13 @@ class PSSSigner(Signer):
     def __init__(self, algorithm="SHA256"):
         if algorithm == "SHA256":
             self.hash_algorithm = hashes.SHA256
+            self.salt_length = 32
         elif algorithm == "SHA384":
             self.hash_algorithm = hashes.SHA384
+            self.salt_length = 48
         elif algorithm == "SHA512":
             self.hash_algorithm = hashes.SHA512
+            self.salt_length = 64
         else:
             raise Unsupported("algorithm: {}".format(algorithm))
 
@@ -39,7 +42,7 @@ def sign(self, msg, key):
             digest,
             padding.PSS(
                 mgf=padding.MGF1(self.hash_algorithm()),
-                salt_length=padding.PSS.MAX_LENGTH,
+                salt_length=self.salt_length,
             ),
             utils.Prehashed(self.hash_algorithm()),
         )
@@ -51,7 +54,7 @@ def verify(self, msg, signature, key):
 
         :param msg: The message
         :param sig: A signature
-        :param key: A ec.EllipticCurvePublicKey to use for the verification.
+        :param key: A rsa._RSAPublicKey to use for the verification.
         :raises: BadSignature if the signature can't be verified.
         :return: True
         """
@@ -61,7 +64,7 @@ def verify(self, msg, signature, key):
                 msg,
                 padding.PSS(
                     mgf=padding.MGF1(self.hash_algorithm()),
-                    salt_length=padding.PSS.MAX_LENGTH,
+                    salt_length=self.salt_length,
                 ),
                 self.hash_algorithm(),
             )
diff --git a/tests/test_21_pss.py b/tests/test_21_pss.py
@@ -0,0 +1,29 @@
+import json
+
+import pytest
+
+from cryptojwt.jwk.jwk import key_from_jwk_dict
+from cryptojwt.jws.jws import JWS
+import test_vector
+
+
+@pytest.mark.parametrize(
+    "alg",
+    ["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]
+)
+def test_jws_rsa_signer_and_verifier(alg):
+    _jwk_dict = json.loads(test_vector.json_rsa_priv_key)
+    _key = key_from_jwk_dict(_jwk_dict)
+    _key.alg = alg
+    _key.add_kid()
+
+    json_header_rsa = json.loads(test_vector.test_header_rsa)
+    json_header_rsa["alg"] = alg
+
+    # Sign
+    jws = JWS(msg=test_vector.test_payload, **json_header_rsa)
+    signed_token = jws.sign_compact([_key])
+
+    # Verify
+    verifier = JWS(alg=[alg])
+    assert verifier.verify_compact(signed_token, [_key])
