Documentation ¶
Index ¶
Constants ¶
const ( // PSSSaltLengthAuto causes the salt in a PSS signature to be as large // as possible when signing, and to be auto-detected when verifying. PSSSaltLengthAuto = 0 // PSSSaltLengthEqualsHash causes the salt length to equal the length // of the hash used in the signature. PSSSaltLengthEqualsHash = -1 )
Variables ¶
var ( // ErrUnexpectedSize is the error used if the size of a parameter does not match its expected value. ErrUnexpectedSize = errors.New("blindsign/blindrsa: unexpected input size") // ErrInvalidMessageLength is the error used if the size of a protocol message does not match its expected value. ErrInvalidMessageLength = errors.New("blindsign/blindrsa: invalid message length") // ErrInvalidBlind is the error used if the blind generated by the Verifier fails. ErrInvalidBlind = errors.New("blindsign/blindrsa: invalid blind") // ErrInvalidRandomness is the error used if caller did not provide randomness to the Blind() function. ErrInvalidRandomness = errors.New("blindsign/blindrsa: invalid random parameter") )
var ErrVerification = errors.New("crypto/rsa: verification error")
ErrVerification represents a failure to verify a signature. It is deliberately vague to avoid adaptive attacks.
Functions ¶
func SignPSS ¶
func SignPSS(rand io.Reader, priv *rsa.PrivateKey, hash crypto.Hash, digest []byte, opts *PSSOptions) ([]byte, error)
SignPSS calculates the signature of digest using PSS.
digest must be the result of hashing the input message using the given hash function. The opts argument may be nil, in which case sensible defaults are used. If opts.Hash is set, it overrides hash.
func VerifyPSS ¶
func VerifyPSS(pub *rsa.PublicKey, hash hash.Hash, digest []byte, sig []byte, opts *PSSOptions) error
VerifyPSS verifies a PSS signature.
A valid signature is indicated by returning a nil error. digest must be the result of hashing the input message using the given hash function. The opts argument may be nil, in which case sensible defaults are used. opts.Hash is ignored.
Types ¶
type PSSOptions ¶
type PSSOptions struct { // SaltLength controls the length of the salt used in the PSS // signature. It can either be a number of bytes, or one of the special // PSSSaltLength constants. SaltLength int // Hash is the hash function used to generate the message digest. If not // zero, it overrides the hash function passed to SignPSS. It's required // when using PrivateKey.Sign. Hash crypto.Hash }
PSSOptions contains options for creating and verifying PSS signatures.
func (*PSSOptions) HashFunc ¶
func (opts *PSSOptions) HashFunc() crypto.Hash
HashFunc returns opts.Hash so that PSSOptions implements crypto.SignerOpts.
type RSASigner ¶
type RSASigner struct {
// contains filtered or unexported fields
}
An RSASigner represents the Signer in the blind RSA protocol. It carries the raw RSA private key used for signing blinded messages.
func NewRSASigner ¶
func NewRSASigner(sk *rsa.PrivateKey) RSASigner
NewRSASigner creates a new Signer for the blind RSA protocol using an RSA private key.
func (RSASigner) BlindSign ¶
BlindSign blindly computes the RSA operation using the Signer's private key on the blinded message input, if it's of valid length, and returns an error should the function fail.
See the specification for more details: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-rsa-blind-signatures-02#section-5.1.2
type RSAVerifier ¶
type RSAVerifier struct {
// contains filtered or unexported fields
}
An RSAVerifier represents a Verifier in the RSA blind signature protocol. It carries state needed to produce and validate an RSA blind signature.
func NewRSAVerifier ¶
func NewRSAVerifier(pk *rsa.PublicKey, hash hash.Hash) RSAVerifier
NewRSAVerifier creates a new RSAVerifier using the corresponding Signer parameters.
func (RSAVerifier) Blind ¶
func (v RSAVerifier) Blind(random io.Reader, message []byte) ([]byte, blindsign.VerifierState, error)
Blind initializes the blind RSA protocol using an input message and source of randomness. The signature includes a randomly generated PSS salt whose length equals the size of the underlying hash function. This function fails if randomness was not provided.
See the specification for more details: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-rsa-blind-signatures-02#section-5.1.1
type RSAVerifierState ¶
type RSAVerifierState struct {
// contains filtered or unexported fields
}
An RSAVerifierState carries state needed to complete the blind signature protocol as a verifier.
func (RSAVerifierState) Finalize ¶
func (state RSAVerifierState) Finalize(data []byte) ([]byte, error)
Finalize computes and outputs the final signature, if it's valid. Otherwise, it returns an error.
See the specification for more details: https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-rsa-blind-signatures-02#section-5.1.3