diff --git a/certstore_test.go b/certstore_test.go index 24879d3..c3c6c93 100644 --- a/certstore_test.go +++ b/certstore_test.go @@ -139,6 +139,19 @@ func TestSignerRSA(t *testing.T) { } } + // SHA256WithRSAPSS + sha256Digest = sha256.Sum256([]byte("hello")) + sig, err = signer.Sign(rand.Reader, sha256Digest[:], &rsa.PSSOptions{Hash: crypto.SHA256}) + if err == ErrUnsupportedHash { + // Some Windows CSPs may not support this algorithm. Pass... + } else if err != nil { + t.Fatal(err) + } else { + if err = leafRSA.Certificate.CheckSignature(x509.SHA256WithRSAPSS, []byte("hello"), sig); err != nil { + t.Fatal(err) + } + } + // SHA384WithRSA sha384Digest := sha512.Sum384([]byte("hello")) sig, err = signer.Sign(rand.Reader, sha384Digest[:], crypto.SHA384) @@ -152,6 +165,19 @@ func TestSignerRSA(t *testing.T) { } } + // SHA384WithRSA + sha384Digest = sha512.Sum384([]byte("hello")) + sig, err = signer.Sign(rand.Reader, sha384Digest[:], &rsa.PSSOptions{Hash: crypto.SHA3_384}) + if err == ErrUnsupportedHash { + // Some Windows CSPs may not support this algorithm. Pass... + } else if err != nil { + t.Fatal(err) + } else { + if err = leafRSA.Certificate.CheckSignature(x509.SHA384WithRSAPSS, []byte("hello"), sig); err != nil { + t.Fatal(err) + } + } + // SHA512WithRSA sha512Digest := sha512.Sum512([]byte("hello")) sig, err = signer.Sign(rand.Reader, sha512Digest[:], crypto.SHA512) @@ -165,6 +191,19 @@ func TestSignerRSA(t *testing.T) { } } + // SHA512WithRSA + sha512Digest = sha512.Sum512([]byte("hello")) + sig, err = signer.Sign(rand.Reader, sha512Digest[:], &rsa.PSSOptions{Hash: crypto.SHA512}) + if err == ErrUnsupportedHash { + // Some Windows CSPs may not support this algorithm. Pass... + } else if err != nil { + t.Fatal(err) + } else { + if err = leafRSA.Certificate.CheckSignature(x509.SHA512WithRSAPSS, []byte("hello"), sig); err != nil { + t.Fatal(err) + } + } + // Bad digest size _, err = signer.Sign(rand.Reader, sha1Digest[5:], crypto.SHA1) if err == nil {