diff options
| author | Filippo Valsorda <filippo@golang.org> | 2020-04-01 17:25:40 -0400 |
|---|---|---|
| committer | Filippo Valsorda <filippo@golang.org> | 2020-04-02 17:46:57 +0000 |
| commit | 9baafabac9a84813a336f068862207d2bb06d255 (patch) | |
| tree | 8fc40261a8ca4401045160e7bf0960b9fde17dc8 /src/crypto/rsa/rsa.go | |
| parent | aa4d92b8aab63c847ab077417b809694a2a6ea81 (diff) | |
| download | go-9baafabac9a84813a336f068862207d2bb06d255.tar.gz go-9baafabac9a84813a336f068862207d2bb06d255.zip | |
crypto/rsa: refactor RSA-PSS signing and verification
Cleaned up for readability and consistency.
There is one tiny behavioral change: when PSSSaltLengthEqualsHash is
used and both hash and opts.Hash were set, hash.Size() was used for the
salt length instead of opts.Hash.Size(). That's clearly wrong because
opts.Hash is documented to override hash.
Change-Id: I3e25dad933961eac827c6d2e3bbfe45fc5a6fb0e
Reviewed-on: https://go-review.googlesource.com/c/go/+/226937
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Diffstat (limited to 'src/crypto/rsa/rsa.go')
| -rw-r--r-- | src/crypto/rsa/rsa.go | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 5a42990640..b4bfa13def 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package rsa implements RSA encryption as specified in PKCS#1. +// Package rsa implements RSA encryption as specified in PKCS#1 and RFC 8017. // // RSA is a single, fundamental operation that is used in this package to // implement either public-key encryption or public-key signatures. @@ -10,13 +10,13 @@ // The original specification for encryption and signatures with RSA is PKCS#1 // and the terms "RSA encryption" and "RSA signatures" by default refer to // PKCS#1 version 1.5. However, that specification has flaws and new designs -// should use version two, usually called by just OAEP and PSS, where +// should use version 2, usually called by just OAEP and PSS, where // possible. // // Two sets of interfaces are included in this package. When a more abstract // interface isn't necessary, there are functions for encrypting/decrypting // with v1.5/OAEP and signing/verifying with v1.5/PSS. If one needs to abstract -// over the public-key primitive, the PrivateKey struct implements the +// over the public key primitive, the PrivateKey type implements the // Decrypter and Signer interfaces from the crypto package. // // The RSA operations in this package are not implemented using constant-time algorithms. @@ -111,7 +111,8 @@ func (priv *PrivateKey) Public() crypto.PublicKey { // Sign signs digest with priv, reading randomness from rand. If opts is a // *PSSOptions then the PSS algorithm will be used, otherwise PKCS#1 v1.5 will -// be used. +// be used. digest must be the result of hashing the input message using +// opts.HashFunc(). // // This method implements crypto.Signer, which is an interface to support keys // where the private part is kept in, for example, a hardware module. Common |