diff options
| author | Nick Sullivan <nicholas.sullivan@gmail.com> | 2015-02-24 17:55:25 -0800 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2015-03-16 23:15:08 +0000 |
| commit | 0a048ce5e9b599912872c4d8865e8f5beceb04ff (patch) | |
| tree | abfe7a1c70d44cbcb30f1a2a09d2fb0a5592d625 /src/crypto/rsa/rsa.go | |
| parent | fa97136038a2f848b6d9c1820757a3762882263b (diff) | |
| download | go-0a048ce5e9b599912872c4d8865e8f5beceb04ff.tar.gz go-0a048ce5e9b599912872c4d8865e8f5beceb04ff.zip | |
crypto/rsa: implement crypto.Decrypter
Decrypter is an interface to support opaque private keys that perform
decryption operations. This interface is analogous to the crypto.Signer
interface.
This change introduces the crypto.Decrypter interface and implements
the crypto.Decrypter interface for rsa.PrivateKey with both OAEP and
PKCS#1 v1.5 padding modes.
Change-Id: I433f649f84ed3c2148337d735cafd75f1d94a904
Reviewed-on: https://go-review.googlesource.com/3900
Reviewed-by: Adam Langley <agl@golang.org>
Diffstat (limited to 'src/crypto/rsa/rsa.go')
| -rw-r--r-- | src/crypto/rsa/rsa.go | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 21704469d2..f9f6d25a89 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -24,6 +24,16 @@ type PublicKey struct { E int // public exponent } +// OAEPOptions is an interface for passing options to OAEP decryption using the +// crypto.Decrypter interface. +type OAEPOptions struct { + // Hash is the hash function that will be used when generating the mask. + Hash crypto.Hash + // Label is an arbitrary byte string that must be equal to the value + // used when encrypting. + Label []byte +} + var ( errPublicModulus = errors.New("crypto/rsa: missing public modulus") errPublicExponentSmall = errors.New("crypto/rsa: public exponent too small") @@ -77,6 +87,37 @@ func (priv *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) return SignPKCS1v15(rand, priv, opts.HashFunc(), msg) } +// Decrypt decrypts ciphertext with priv. If opts is nil or of type +// *PKCS1v15DecryptOptions then PKCS#1 v1.5 decryption is performed. Otherwise +// opts must have type *OAEPOptions and OAEP decryption is done. +func (priv *PrivateKey) Decrypt(rand io.Reader, ciphertext []byte, opts crypto.DecrypterOpts) (plaintext []byte, err error) { + if opts == nil { + return DecryptPKCS1v15(rand, priv, ciphertext) + } + + switch opts := opts.(type) { + case *OAEPOptions: + return DecryptOAEP(opts.Hash.New(), rand, priv, ciphertext, opts.Label) + + case *PKCS1v15DecryptOptions: + if l := opts.SessionKeyLen; l > 0 { + plaintext = make([]byte, l) + if _, err := rand.Read(plaintext); err != nil { + return nil, err + } + if err := DecryptPKCS1v15SessionKey(rand, priv, ciphertext, plaintext); err != nil { + return nil, err + } + return plaintext, nil + } else { + return DecryptPKCS1v15(rand, priv, ciphertext) + } + + default: + return nil, errors.New("crypto/rsa: invalid options for Decrypt") + } +} + type PrecomputedValues struct { Dp, Dq *big.Int // D mod (P-1) (or mod Q-1) Qinv *big.Int // Q^-1 mod P |