dsa

Imports

Imports # 

"errors"
"io"
"math/big"
"crypto/internal/fips140only"
"crypto/internal/randutil"

Constants & Variables

ErrInvalidPublicKey var #

ErrInvalidPublicKey results when a public key is not usable by this code. FIPS is quite strict about the format of DSA keys, but other code may be less so. Thus, when using keys which may have been generated by other code, this error must be handled.

var ErrInvalidPublicKey = *ast.CallExpr

L1024N160 const # 

const L1024N160 ParameterSizes = iota

L2048N224 const # 

const L2048N224

L2048N256 const # 

const L2048N256

L3072N256 const # 

const L3072N256

numMRTests const #

numMRTests is the number of Miller-Rabin primality tests that we perform. We pick the largest recommended number from table C.1 of FIPS 186-3.

const numMRTests = 64

Type Aliases

ParameterSizes type #

ParameterSizes is an enumeration of the acceptable bit lengths of the primes in a set of DSA parameters. See FIPS 186-3, section 4.2.

type ParameterSizes int

Structs

Parameters struct #

Parameters represents the domain parameters for a key. These parameters can be shared across many keys. The bit length of Q must be a multiple of 8.

type Parameters struct {
P *big.Int
Q *big.Int
G *big.Int
}

PrivateKey struct #

PrivateKey represents a DSA private key.

type PrivateKey struct {
PublicKey
X *big.Int
}

PublicKey struct #

PublicKey represents a DSA public key.

type PublicKey struct {
Parameters
Y *big.Int
}

Functions

GenerateKey function #

GenerateKey generates a public&private key pair. The Parameters of the [PrivateKey] must already be valid (see [GenerateParameters]).

func GenerateKey(priv *PrivateKey, rand io.Reader) error

GenerateParameters function #

GenerateParameters puts a random, valid set of DSA parameters into params. This function can take many seconds, even on fast machines.

func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes) error

Sign function #

Sign signs an arbitrary length hash (which should be the result of hashing a larger message) using the private key, priv. It returns the signature as a pair of integers. The security of the private key depends on the entropy of rand. Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated to the byte-length of the subgroup. This function does not perform that truncation itself. Be aware that calling Sign with an attacker-controlled [PrivateKey] may require an arbitrary amount of CPU.

func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r *big.Int, s *big.Int, err error)

Verify function #

Verify verifies the signature in r, s of hash using the public key, pub. It reports whether the signature is valid. Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated to the byte-length of the subgroup. This function does not perform that truncation itself.

func Verify(pub *PublicKey, hash []byte, r *big.Int, s *big.Int) bool

fermatInverse function #

fermatInverse calculates the inverse of k in GF(P) using Fermat's method. This has better constant-time properties than Euclid's method (implemented in math/big.Int.ModInverse) although math/big itself isn't strictly constant-time so it's not perfect.

func fermatInverse(k *big.Int, P *big.Int) *big.Int

Generated with Arrow