Skip to content

Comments

Add support for RSASSA-PSS (PS256) algorithm#616

Merged
daneshk merged 10 commits intoballerina-platform:masterfrom
randilt:PS256_Implementation
Dec 9, 2025
Merged

Add support for RSASSA-PSS (PS256) algorithm#616
daneshk merged 10 commits intoballerina-platform:masterfrom
randilt:PS256_Implementation

Conversation

@randilt
Copy link
Contributor

@randilt randilt commented Dec 7, 2025

Purpose

Fixes #8292

This PR implements RSASSA-PSS (PS256) signature support for the Ballerina crypto library, addressing the current limitation where only classic RSA signatures (PKCS#1 v1.5) are available.

Examples

Sign data

crypto:PrivateKey privateKey = check crypto:decodeRsaPrivateKeyFromKeyStore(keyStore, "keyAlias", "keyPassword");
byte[] signature = check crypto:signRsaSsaPss256(data, privateKey);

Verify signature

crypto:PublicKey publicKey = check crypto:decodeRsaPublicKeyFromTrustStore(keyStore, "keyAlias");
boolean isValid = check crypto:verifyRsaSsaPss256Signature(data, signature, publicKey);

Checklist

  • Linked to an issue
  • Updated the changelog
  • Added tests
  • Updated the spec
  • Checked native-image compatibility

randilt and others added 10 commits December 7, 2025 09:46
@randilt
Add RSASSA-PSS with SHA-256 signing and verification functions
d5fdd57
@randilt
Add RSASSA-PSS (PS256) signature support proposal
7f55b39
@randilt
Add RSASSA-PSS-SHA256 signing and verification APIs to the specification
a82b173
@randilt
Update changelog
d5a22aa
@TharmiganK @randilt
Refactor scan rule implementation (ballerina-platform#613)
609a37f 
* Refactor static code rule implementation

* Update spec with scan rules

* Update changelog

* Address sonar cloud reported issues

* Add enable code coverage report for compiler plugin

* Bump to the next minor version

* [Automated] Update the native jar versions

* Improve code coverage

* Update AES encryption example from CCM to CBC

* Fix reference to SHA256 in password hashing function
@randilt
Add RSASSA-PSS-SHA256 signing and verification APIs to the specification
b09d547
@randilt @ThisaruGuruge
Update ballerina/sign_verify.bal
b542aec 
Co-authored-by: Thisaru Guruge <thisaru@wso2.com>
@randilt @DimuthuMadushan
Update ballerina/sign_verify.bal
6678006 
Co-authored-by: DimuthuMadushan <35717653+DimuthuMadushan@users.noreply.github.com>
@randilt
Update formatting in spec.md
263edc5
@randilt
Add RSASSA-PSS-SHA256 signing and verification APIs to the specification
2cfae64
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 7, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov
Copy link

codecov bot commented Dec 7, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.14%. Comparing base (cf1437f) to head (2cfae64).
⚠️ Report is 11 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master     #616      +/-   ##
============================================
- Coverage     82.32%   82.14%   -0.19%     
- Complexity      241      371     +130     
============================================
  Files            29       41      +12     
  Lines          1375     1725     +350     
  Branches        191      268      +77     
============================================
+ Hits           1132     1417     +285     
- Misses          196      215      +19     
- Partials         47       93      +46

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@randilt randilt marked this pull request as ready for review December 7, 2025 04:59
@randilt
Copy link
Contributor Author

randilt commented Dec 7, 2025

@DimuthuMadushan @daneshk I have created a new PR with only the commits that are related to this feature, which were already reviewed in the previous PR

@randilt randilt mentioned this pull request Dec 7, 2025
Closed
5 tasks
DimuthuMadushan
DimuthuMadushan approved these changes Dec 8, 2025
View reviewed changes
Copy link
Contributor

@DimuthuMadushan DimuthuMadushan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@daneshk daneshk merged commit 8704865 into ballerina-platform:master Dec 9, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daneshk daneshk daneshk approved these changes

@DimuthuMadushan DimuthuMadushan DimuthuMadushan approved these changes

@ThisaruGuruge ThisaruGuruge Awaiting requested review from ThisaruGuruge ThisaruGuruge is a code owner

@MohamedSabthar MohamedSabthar Awaiting requested review from MohamedSabthar MohamedSabthar is a code owner

@shafreenAnfar shafreenAnfar Awaiting requested review from shafreenAnfar shafreenAnfar is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for RSASSA-PSS (PS256) algorithm

4 participants

@randilt @daneshk @DimuthuMadushan @TharmiganK