diff options
Diffstat (limited to 'src/crypto/rsa/pss.go')
-rw-r--r-- | src/crypto/rsa/pss.go | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go index b2adbedb28..cda1eafd6e 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -15,6 +15,8 @@ import ( "math/big" ) +import "crypto/internal/boring" + // Per RFC 8017, Section 9.1 // // EM = MGF1 xor DB || H( 8*0x00 || mHash || salt ) || 0xbc @@ -213,6 +215,21 @@ func signPSSWithSalt(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed, if err != nil { return nil, err } + + if boring.Enabled { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err + } + // Note: BoringCrypto takes care of the "AndCheck" part of "decryptAndCheck". + // (It's not just decrypt.) + s, err := boring.DecryptRSANoPadding(bkey, em) + if err != nil { + return nil, err + } + return s, nil + } + m := new(big.Int).SetBytes(em) c, err := decryptAndCheck(rand, priv, m) if err != nil { @@ -274,6 +291,14 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, saltLength = hash.Size() } + if boring.Enabled && rand == boring.RandReader { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err + } + return boring.SignRSAPSS(bkey, hash, digest, saltLength) + } + salt := make([]byte, saltLength) if _, err := io.ReadFull(rand, salt); err != nil { return nil, err @@ -288,6 +313,16 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, // argument may be nil, in which case sensible defaults are used. opts.Hash is // ignored. func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { + if boring.Enabled { + bkey, err := boringPublicKey(pub) + if err != nil { + return err + } + if err := boring.VerifyRSAPSS(bkey, hash, digest, sig, opts.saltLength()); err != nil { + return ErrVerification + } + return nil + } if len(sig) != pub.Size() { return ErrVerification } |