var bigOne … type PublicKey … // Size returns the modulus size in bytes. Raw signatures and ciphertexts // for or by this public key will have the same size. func (pub *PublicKey) Size() int { … } // Equal reports whether pub and x have the same value. func (pub *PublicKey) Equal(x crypto.PublicKey) bool { … } type OAEPOptions … var errPublicModulus … var errPublicExponentSmall … var errPublicExponentLarge … // checkPub sanity checks the public key before we use it. // We require pub.E to fit into a 32-bit integer so that we // do not have different behavior depending on whether // int is 32 or 64 bits. See also // https://www.imperialviolet.org/2012/03/16/rsae.html. func checkPub(pub *PublicKey) error { … } type PrivateKey … // Public returns the public key corresponding to priv. func (priv *PrivateKey) Public() crypto.PublicKey { … } // Equal reports whether priv and x have equivalent values. It ignores // Precomputed values. func (priv *PrivateKey) Equal(x crypto.PrivateKey) bool { … } // bigIntEqual reports whether a and b are equal leaking only their bit length // through timing side-channels. func bigIntEqual(a, b *big.Int) bool { … } // Sign signs digest with priv, reading randomness from rand. If opts is a // *[PSSOptions] then the PSS algorithm will be used, otherwise PKCS #1 v1.5 will // be used. digest must be the result of hashing the input message using // opts.HashFunc(). // // This method implements [crypto.Signer], which is an interface to support keys // where the private part is kept in, for example, a hardware module. Common // uses should use the Sign* functions in this package directly. func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) { … } // Decrypt decrypts ciphertext with priv. If opts is nil or of type // *[PKCS1v15DecryptOptions] then PKCS #1 v1.5 decryption is performed. Otherwise // opts must have type *[OAEPOptions] and OAEP decryption is done. func (priv *PrivateKey) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) { … } type PrecomputedValues … type CRTValue … // Validate performs basic sanity checks on the key. // It returns nil if the key is valid, or else an error describing a problem. func (priv *PrivateKey) Validate() error { … } // GenerateKey generates a random RSA private key of the given bit size. // // Most applications should use [crypto/rand.Reader] as rand. Note that the // returned key does not depend deterministically on the bytes read from rand, // and may change between calls and/or between versions. func GenerateKey(random io.Reader, bits int) (*PrivateKey, error) { … } // GenerateMultiPrimeKey generates a multi-prime RSA keypair of the given bit // size and the given random source. // // Table 1 in "[On the Security of Multi-prime RSA]" suggests maximum numbers of // primes for a given bit size. // // Although the public keys are compatible (actually, indistinguishable) from // the 2-prime case, the private keys are not. Thus it may not be possible to // export multi-prime private keys in certain formats or to subsequently import // them into other code. // // This package does not implement CRT optimizations for multi-prime RSA, so the // keys with more than two primes will have worse performance. // // Deprecated: The use of this function with a number of primes different from // two is not recommended for the above security, compatibility, and performance // reasons. Use [GenerateKey] instead. // // [On the Security of Multi-prime RSA]: http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf func GenerateMultiPrimeKey(random io.Reader, nprimes int, bits int) (*PrivateKey, error) { … } // incCounter increments a four byte, big-endian counter. func incCounter(c *[4]byte) { … } // mgf1XOR XORs the bytes in out with a mask generated using the MGF1 function // specified in PKCS #1 v2.1. func mgf1XOR(out []byte, hash hash.Hash, seed []byte) { … } var ErrMessageTooLong … func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { … } // EncryptOAEP encrypts the given message with RSA-OAEP. // // OAEP is parameterised by a hash function that is used as a random oracle. // Encryption and decryption of a given message must use the same hash function // and sha256.New() is a reasonable choice. // // The random parameter is used as a source of entropy to ensure that // encrypting the same message twice doesn't result in the same ciphertext. // Most applications should use [crypto/rand.Reader] as random. // // The label parameter may contain arbitrary data that will not be encrypted, // but which gives important context to the message. For example, if a given // public key is used to encrypt two types of messages then distinct label // values could be used to ensure that a ciphertext for one purpose cannot be // used for another by an attacker. If not required it can be empty. // // The message must be no longer than the length of the public modulus minus // twice the hash length, minus a further 2. func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error) { … } var ErrDecryption … var ErrVerification … // Precompute performs some calculations that speed up private key operations // in the future. func (priv *PrivateKey) Precompute() { … } const withCheck … const noCheck … // decrypt performs an RSA decryption of ciphertext into out. If check is true, // m^e is calculated and compared with ciphertext, in order to defend against // errors in the CRT computation. func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error) { … } // DecryptOAEP decrypts ciphertext using RSA-OAEP. // // OAEP is parameterised by a hash function that is used as a random oracle. // Encryption and decryption of a given message must use the same hash function // and sha256.New() is a reasonable choice. // // The random parameter is legacy and ignored, and it can be nil. // // The label parameter must match the value given when encrypting. See // [EncryptOAEP] for details. func DecryptOAEP(hash hash.Hash, random io.Reader, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error) { … } func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error) { … }
Codebase Browser
go