Skip to content

KMS: fix RSA PSS signing issue for salt length #12467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 4, 2025
Merged

KMS: fix RSA PSS signing issue for salt length #12467

merged 1 commit into from
Apr 4, 2025

Conversation

sannya-singal
Copy link
Contributor

@sannya-singal sannya-singal commented Apr 2, 2025
edited
Loading

Motivation

When using an RSA key to sign with PSS algorithm, currently the salt length is set to be MAX_LENGTH, which is not in accordance with the ones required by RFC 4055 making making it difficult to verify such signatures across platforms: https://datatracker.ietf.org/doc/html/rfc4055#section-3.3.

Closes #9602

Changes

This PR:

  • sets the salt length appropriately for the signing algorithm being used.
  • adds an AWS validated test to validate the changes to sign with an aws client and verify the signature using cryptography library.

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 2, 2025

LocalStack Community integration with Pro

  2 files  ±    0    2 suites  ±0   4m 3s ⏱️ - 1h 47m 36s
669 tests  - 3 628  662 ✅  - 3 307  7 💤  - 321  0 ❌ ±0 
671 runs   - 3 628  662 ✅  - 3 307  9 💤  - 321  0 ❌ ±0 

Results for commit aa692da. ± Comparison against base commit 9383d50.

This pull request removes 3636 and adds 8 tests. Note that renamed tests count towards both. 
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_lambda_dynamodb
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_opensearch_crud
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_search_books
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_setup
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_destination_sns
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_infra
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_prefill_dynamodb_table
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input0-SUCCEEDED]
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input1-SUCCEEDED]
…

tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[ECC_NIST_P256-ECDSA_SHA_256]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[ECC_NIST_P384-ECDSA_SHA_384]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[ECC_SECG_P256K1-ECDSA_SHA_256]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[RSA_2048-RSASSA_PSS_SHA_256]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[RSA_2048-RSASSA_PSS_SHA_384]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[RSA_2048-RSASSA_PSS_SHA_512]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[RSA_4096-RSASSA_PKCS1_V1_5_SHA_256]
tests.aws.services.kms.test_kms.TestKMS ‑ test_verify_salt_length[RSA_4096-RSASSA_PKCS1_V1_5_SHA_512]

@sannya-singal sannya-singal self-assigned this Apr 2, 2025
@sannya-singal sannya-singal added semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases aws:kms AWS Key Management Service labels Apr 2, 2025
@sannya-singal sannya-singal requested a review from k-a-il April 2, 2025 10:40
@sannya-singal sannya-singal marked this pull request as ready for review April 2, 2025 10:40
@sannya-singal sannya-singal requested a review from silv-io April 2, 2025 10:40
silv-io
silv-io approved these changes Apr 2, 2025
View reviewed changes
Copy link
Member

@silv-io silv-io left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! First I got a bit confused because Section 3.3 in the RFC doesn't mention the recommended salt length. However, 3.1 does:

saltLength

         The saltLength field is the octet length of the salt.  For a
         given hashAlgorithm, the recommended value of saltLength is the
         number of octets in the hash value.  Unlike the other fields of
         type RSASSA-PSS-params, saltLength does not need to be fixed
         for a given RSA key pair; a different value could be used for
         each RSASSA-PSS signature generated.

So using the digest (hash) length here is indeed more correct.

Awesome work on the test as well! :)

k-a-il
k-a-il requested changes Apr 3, 2025
View reviewed changes
tests/aws/services/kms/test_kms.py
Comment on lines +749 to +760
@pytest.mark.parametrize(
"key_spec,sign_algo",
[
("RSA_2048", "RSASSA_PSS_SHA_256"),
("RSA_2048", "RSASSA_PSS_SHA_384"),
("RSA_2048", "RSASSA_PSS_SHA_512"),
("RSA_4096", "RSASSA_PKCS1_V1_5_SHA_256"),
("RSA_4096", "RSASSA_PKCS1_V1_5_SHA_512"),
("ECC_NIST_P256", "ECDSA_SHA_256"),
("ECC_NIST_P384", "ECDSA_SHA_384"),
("ECC_SECG_P256K1", "ECDSA_SHA_256"),
],
Copy link
Contributor

@k-a-il k-a-il Apr 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice parametrized test :)

@sannya-singal sannya-singal requested a review from k-a-il April 3, 2025 16:59
@sannya-singal sannya-singal added this to the 4.4 milestone Apr 4, 2025
k-a-il
k-a-il approved these changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@k-a-il k-a-il left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! thank you for doing that

@sannya-singal sannya-singal merged commit 8999cc4 into master Apr 4, 2025
38 of 40 checks passed
@sannya-singal sannya-singal deleted the signing-kms branch April 4, 2025 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@silv-io silv-io silv-io approved these changes

@k-a-il k-a-il k-a-il approved these changes

Assignees

@sannya-singal sannya-singal

Labels
aws:kms AWS Key Management Service semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases
Projects
None yet
Milestone
4.4
Development

Successfully merging this pull request may close these issues.

bug: KMS signing with PSS always selects a salt length of MAX_SIZE, which creates interoperability problems
3 participants
@sannya-singal @silv-io @k-a-il