rsa

Imports

Imports # 

"bytes"
"crypto/internal/fips140"
"crypto/internal/fips140/bigmod"
_ "crypto/internal/fips140/check"
"errors"
"sync"
"crypto/internal/fips140"
"crypto/internal/fips140/bigmod"
"crypto/internal/fips140/drbg"
"errors"
"io"
"bytes"
"crypto/internal/fips140"
"errors"
"bytes"
"crypto/internal/fips140"
"crypto/internal/fips140/drbg"
"crypto/internal/fips140/sha256"
"crypto/internal/fips140/sha3"
"crypto/internal/fips140/sha512"
"crypto/internal/fips140/subtle"
"errors"
"io"
"bytes"
"crypto/internal/fips140"
"crypto/internal/fips140/bigmod"
"errors"

Constants & Variables

ErrDecryption var # 

var ErrDecryption = *ast.CallExpr

ErrMessageTooLong var # 

var ErrMessageTooLong = *ast.CallExpr

ErrVerification var # 

var ErrVerification = *ast.CallExpr

errDivisorTooLarge var #

errDivisorTooLarge is returned by [totient] when gcd(p-1, q-1) is too large.

var errDivisorTooLarge = *ast.CallExpr

fipsSelfTest var # 

var fipsSelfTest = *ast.CallExpr

hashPrefixes var #

These are ASN1 DER structures: DigestInfo ::= SEQUENCE { digestAlgorithm AlgorithmIdentifier, digest OCTET STRING } For performance, we don't use the generic ASN1 encoder. Rather, we precompute a prefix of the digest value that makes a valid ASN1 DER string with the correct contents.

var hashPrefixes = map[string][]byte{...}

millerRabinCOMPOSITE const # 

const millerRabinCOMPOSITE = false

millerRabinPOSSIBLYPRIME const # 

const millerRabinPOSSIBLYPRIME = true

noCheck const # 

const noCheck = false

productOfPrimes var #

productOfPrimes is the product of the first 74 primes higher than 2. The number of primes was selected to be the highest such that the product fit in 512 bits, so to be usable for 1024 bit RSA keys. Higher values cause fewer Miller-Rabin tests of composites (nothing can help with the final test on the actual prime) but make InverseVarTime take longer.

var productOfPrimes = []byte{...}

pssSaltLengthAutodetect const # 

const pssSaltLengthAutodetect = *ast.UnaryExpr

withCheck const # 

const withCheck = true

Structs

PrivateKey struct # 

type PrivateKey struct {
pub PublicKey
d *bigmod.Nat
p *bigmod.Modulus
q *bigmod.Modulus
dP []byte
dQ []byte
qInv *bigmod.Nat
fipsApproved bool
}

PublicKey struct # 

type PublicKey struct {
N *bigmod.Modulus
E int
}

millerRabin struct # 

type millerRabin struct {
w *bigmod.Modulus
a uint
m []byte
}

Functions

DecryptOAEP function #

DecryptOAEP decrypts ciphertext using RSAES-OAEP.

func DecryptOAEP(hash fips140.Hash, mgfHash fips140.Hash, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error)

DecryptWithCheck function #

DecryptWithCheck performs the RSA private key operation and checks the result to defend against errors in the CRT computation.

func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error)

DecryptWithoutCheck function #

DecryptWithoutCheck performs the RSA private key operation.

func DecryptWithoutCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error)

Encrypt function #

Encrypt performs the RSA public key operation.

func Encrypt(pub *PublicKey, plaintext []byte) ([]byte, error)

EncryptOAEP function #

EncryptOAEP encrypts the given message with RSAES-OAEP.

func EncryptOAEP(hash fips140.Hash, mgfHash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error)

Export method #

Export returns the key parameters in big-endian byte slice format. P, Q, dP, dQ, and qInv may be nil if the key was created with NewPrivateKeyWithoutCRT.

func (priv *PrivateKey) Export() (N []byte, e int, d []byte, P []byte, Q []byte, dP []byte, dQ []byte, qInv []byte)

GenerateKey function #

GenerateKey generates a new RSA key pair of the given bit size. bits must be at least 32.

func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error)

NewPrivateKey function #

NewPrivateKey creates a new RSA private key from the given parameters. All values are in big-endian byte slice format, and may have leading zeros or be shorter if leading zeroes were trimmed.

func NewPrivateKey(N []byte, e int, d []byte, P []byte, Q []byte) (*PrivateKey, error)

NewPrivateKeyWithPrecomputation function #

NewPrivateKeyWithPrecomputation creates a new RSA private key from the given parameters, which include precomputed CRT values.

func NewPrivateKeyWithPrecomputation(N []byte, e int, d []byte, P []byte, Q []byte, dP []byte, dQ []byte, qInv []byte) (*PrivateKey, error)

NewPrivateKeyWithoutCRT function #

NewPrivateKeyWithoutCRT creates a new RSA private key from the given parameters. This is meant for deprecated multi-prime keys, and is not FIPS 140 compliant.

func NewPrivateKeyWithoutCRT(N []byte, e int, d []byte) (*PrivateKey, error)

PSSMaxSaltLength function #

PSSMaxSaltLength returns the maximum salt length for a given public key and hash function.

func PSSMaxSaltLength(pub *PublicKey, hash fips140.Hash) (int, error)

PublicKey method # 

func (priv *PrivateKey) PublicKey() *PublicKey

SignPKCS1v15 function #

SignPKCS1v15 calculates an RSASSA-PKCS1-v1.5 signature. hash is the name of the hash function as returned by [crypto.Hash.String] or the empty string to indicate that the message is signed directly.

func SignPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error)

SignPSS function #

SignPSS calculates the signature of hashed using RSASSA-PSS.

func SignPSS(rand io.Reader, priv *PrivateKey, hash fips140.Hash, hashed []byte, saltLength int) ([]byte, error)

Size method #

Size returns the modulus size in bytes. Raw signatures and ciphertexts for or by this public key will have the same size.

func (pub *PublicKey) Size() int

VerifyPKCS1v15 function #

VerifyPKCS1v15 verifies an RSASSA-PKCS1-v1.5 signature. hash is the name of the hash function as returned by [crypto.Hash.String] or the empty string to indicate that the message is signed directly.

func VerifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error

VerifyPSS function #

VerifyPSS verifies sig with RSASSA-PSS automatically detecting the salt length.

func VerifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte) error

VerifyPSSWithSaltLength function #

VerifyPSS verifies sig with RSASSA-PSS and an expected salt length.

func VerifyPSSWithSaltLength(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error

checkApprovedHash function # 

func checkApprovedHash(hash fips140.Hash)

checkApprovedHashName function # 

func checkApprovedHashName(hash string)

checkPrivateKey function #

checkPrivateKey is called by the NewPrivateKey and GenerateKey functions, and is allowed to modify priv.fipsApproved.

func checkPrivateKey(priv *PrivateKey) error

checkPublicKey function # 

func checkPublicKey(pub *PublicKey) (fipsApproved bool, err error)

decrypt function #

decrypt performs an RSA decryption of ciphertext into out. If check is true, m^e is calculated and compared with ciphertext, in order to defend against errors in the CRT computation.

func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error)

emsaPSSEncode function # 

func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash fips140.Hash) ([]byte, error)

emsaPSSVerify function # 

func emsaPSSVerify(mHash []byte, em []byte, emBits int, sLen int, hash fips140.Hash) error

encrypt function # 

func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error)

incCounter function #

incCounter increments a four byte, big-endian counter.

func incCounter(c *[4]byte)

isPrime function #

isPrime runs the Miller-Rabin Probabilistic Primality Test from FIPS 186-5, Appendix B.3.1. w must be a random odd integer greater than three in big-endian order. isPrime might return false positives for adversarially chosen values. isPrime is not constant-time.

func isPrime(w []byte) bool

mgf1XOR function #

mgf1XOR XORs the bytes in out with a mask generated using the MGF1 function specified in PKCS #1 v2.1.

func mgf1XOR(out []byte, hash fips140.Hash, seed []byte)

millerRabinIteration function # 

func millerRabinIteration(mr *millerRabin, bb []byte) (bool, error)

millerRabinSetup function #

millerRabinSetup prepares state that's reused across multiple iterations of the Miller-Rabin test.

func millerRabinSetup(w []byte) (*millerRabin, error)

newPrivateKey function # 

func newPrivateKey(n *bigmod.Modulus, e int, d *bigmod.Nat, p *bigmod.Modulus, q *bigmod.Modulus) (*PrivateKey, error)

pkcs1v15ConstructEM function # 

func pkcs1v15ConstructEM(pub *PublicKey, hash string, hashed []byte) ([]byte, error)

randomPrime function #

randomPrime returns a random prime number of the given bit size following the process in FIPS 186-5, Appendix A.1.3.

func randomPrime(rand io.Reader, bits int) ([]byte, error)

signPKCS1v15 function # 

func signPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error)

testPrivateKey function # 

func testPrivateKey() *PrivateKey

totient function #

totient computes the Carmichael totient function λ(N) = lcm(p-1, q-1).

func totient(p *bigmod.Modulus, q *bigmod.Modulus) (*bigmod.Modulus, error)

verifyPKCS1v15 function # 

func verifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error

verifyPSS function # 

func verifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error

Generated with Arrow