func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash hash.Hash) ([]byte, error) { … } func emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash hash.Hash) error { … } // signPSSWithSalt calculates the signature of hashed using PSS with specified salt. // Note that hashed must be the result of hashing the input message using the // given hash function. salt is a random sequence of bytes whose length will be // later used to verify the signature. func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([]byte, error) { … } const PSSSaltLengthAuto … const PSSSaltLengthEqualsHash … type PSSOptions … // HashFunc returns opts.Hash so that [PSSOptions] implements [crypto.SignerOpts]. func (opts *PSSOptions) HashFunc() crypto.Hash { … } func (opts *PSSOptions) saltLength() int { … } var invalidSaltLenErr … // SignPSS calculates the signature of digest using PSS. // // digest must be the result of hashing the input message using the given hash // function. The opts argument may be nil, in which case sensible defaults are // used. If opts.Hash is set, it overrides hash. // // The signature is randomized depending on the message, key, and salt size, // using bytes from rand. Most applications should use [crypto/rand.Reader] as // rand. func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, opts *PSSOptions) ([]byte, error) { … } // VerifyPSS verifies a PSS signature. // // A valid signature is indicated by returning a nil error. digest must be the // result of hashing the input message using the given hash function. The opts // argument may be nil, in which case sensible defaults are used. opts.Hash is // ignored. // // The inputs are not considered confidential, and may leak through timing side // channels, or if an attacker has control of part of the inputs. func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { … }
Codebase Browser
go