package rsa

Import Path
	crypto/internal/fips140/rsa (on go.dev)

Dependency Relation
	imports 12 packages, and imported by one package

Involved Source Files

	    cast.go
	    keygen.go
	    pkcs1v15.go
	    pkcs1v22.go
	    rsa.go
Package-Level Type Names (total 3, in which 2 are exported)

	/* sort exporteds by: alphabet | popularity */
	 type PrivateKey (struct)

		Fields (total 8, none are exported)
			/* 8 unexporteds ... *//* 8 unexporteds: */
			d *bigmod.Nat
			dP []byte
				dP and dQ are used as exponents, so we store them as big-endian byte
				slices to be passed to [bigmod.Nat.Exp].
				// d mod (p - 1)

			dQ []byte
				// d mod (q - 1)

			fipsApproved bool
				fipsApproved is false if this key does not comply with FIPS 186-5 or
				SP 800-56B Rev. 2.

			p *bigmod.Modulus
				The following values are not set for deprecated multi-prime keys.
				
				Since they are always set for keys in FIPS mode, for SP 800-56B Rev. 2
				purposes we always use the Chinese Remainder Theorem (CRT) format.
				// p × q = n

			pub PublicKey
				pub has already been checked with checkPublicKey.

			q *bigmod.Modulus
				The following values are not set for deprecated multi-prime keys.
				
				Since they are always set for keys in FIPS mode, for SP 800-56B Rev. 2
				purposes we always use the Chinese Remainder Theorem (CRT) format.
				// p × q = n

			qInv *bigmod.Nat
				// qInv = q⁻¹ mod p

		Methods (total 2, both are exported)
			(*PrivateKey) Export() (N []byte, e int, d, P, Q, dP, dQ, qInv []byte)
				Export returns the key parameters in big-endian byte slice format.
				
				P, Q, dP, dQ, and qInv may be nil if the key was created with
				NewPrivateKeyWithoutCRT.

			(*PrivateKey) PublicKey() *PublicKey
		As Outputs Of (at least 7, in which 4 are exported)
			func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error)
			func NewPrivateKey(N []byte, e int, d, P, Q []byte) (*PrivateKey, error)
			func NewPrivateKeyWithoutCRT(N []byte, e int, d []byte) (*PrivateKey, error)
			func NewPrivateKeyWithPrecomputation(N []byte, e int, d, P, Q, dP, dQ, qInv []byte) (*PrivateKey, error)
			/* 3+ unexporteds ... *//* 3+ unexporteds: */
			func newPrivateKey(n *bigmod.Modulus, e int, d *bigmod.Nat, p, q *bigmod.Modulus) (*PrivateKey, error)
			func testPrivateKey() *PrivateKey
			func crypto/rsa.fipsPrivateKey(priv *rsa.PrivateKey) (*PrivateKey, error)
		As Inputs Of (at least 8, in which 5 are exported)
			func DecryptOAEP(hash, mgfHash fips140.Hash, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error)
			func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error)
			func DecryptWithoutCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error)
			func SignPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error)
			func SignPSS(rand io.Reader, priv *PrivateKey, hash fips140.Hash, hashed []byte, saltLength int) ([]byte, error)
			/* 3+ unexporteds ... *//* 3+ unexporteds: */
			func checkPrivateKey(priv *PrivateKey) error
			func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error)
			func signPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error)

	 type PublicKey (struct)

		Fields (total 2, both are exported)
			E int
			N *bigmod.Modulus
		Methods (only one, which is exported)
			(*PublicKey) Size() int
				Size returns the modulus size in bytes. Raw signatures and ciphertexts
				for or by this public key will have the same size.

		As Outputs Of (at least 2, in which 1 is exported)
			func (*PrivateKey).PublicKey() *PublicKey
			/* at least one unexported ... *//* at least one unexported: */
			func crypto/rsa.fipsPublicKey(pub *rsa.PublicKey) (*PublicKey, error)
		As Inputs Of (at least 11, in which 6 are exported)
			func Encrypt(pub *PublicKey, plaintext []byte) ([]byte, error)
			func EncryptOAEP(hash, mgfHash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error)
			func PSSMaxSaltLength(pub *PublicKey, hash fips140.Hash) (int, error)
			func VerifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error
			func VerifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte) error
			func VerifyPSSWithSaltLength(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error
			/* 5+ unexporteds ... *//* 5+ unexporteds: */
			func checkPublicKey(pub *PublicKey) (fipsApproved bool, err error)
			func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error)
			func pkcs1v15ConstructEM(pub *PublicKey, hash string, hashed []byte) ([]byte, error)
			func verifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error
			func verifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error

	/* one unexported ... *//* one unexported: */
	 type millerRabin (struct)

		Fields (total 3, none are exported)
			/* 3 unexporteds ... *//* 3 unexporteds: */
			a uint
			m []byte
			w *bigmod.Modulus
		As Outputs Of (at least one unexported)
			/* at least one unexported ... *//* at least one unexported: */
			func millerRabinSetup(w []byte) (*millerRabin, error)
		As Inputs Of (at least one unexported)
			/* at least one unexported ... *//* at least one unexported: */
			func millerRabinIteration(mr *millerRabin, bb []byte) (bool, error)


Package-Level Functions (total 36, in which 15 are exported)

	 func DecryptOAEP(hash, mgfHash fips140.Hash, priv *PrivateKey, ciphertext []byte, label []byte) ([]byte, error)
		DecryptOAEP decrypts ciphertext using RSAES-OAEP.

	 func DecryptWithCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error)
		DecryptWithCheck performs the RSA private key operation and checks the
		result to defend against errors in the CRT computation.

	 func DecryptWithoutCheck(priv *PrivateKey, ciphertext []byte) ([]byte, error)
		DecryptWithoutCheck performs the RSA private key operation.

	 func Encrypt(pub *PublicKey, plaintext []byte) ([]byte, error)
		Encrypt performs the RSA public key operation.

	 func EncryptOAEP(hash, mgfHash fips140.Hash, random io.Reader, pub *PublicKey, msg []byte, label []byte) ([]byte, error)
		EncryptOAEP encrypts the given message with RSAES-OAEP.

	 func GenerateKey(rand io.Reader, bits int) (*PrivateKey, error)
		GenerateKey generates a new RSA key pair of the given bit size.
		bits must be at least 32.

	 func NewPrivateKey(N []byte, e int, d, P, Q []byte) (*PrivateKey, error)
		NewPrivateKey creates a new RSA private key from the given parameters.
		
		All values are in big-endian byte slice format, and may have leading zeros
		or be shorter if leading zeroes were trimmed.

	 func NewPrivateKeyWithoutCRT(N []byte, e int, d []byte) (*PrivateKey, error)
		NewPrivateKeyWithoutCRT creates a new RSA private key from the given parameters.
		
		This is meant for deprecated multi-prime keys, and is not FIPS 140 compliant.

	 func NewPrivateKeyWithPrecomputation(N []byte, e int, d, P, Q, dP, dQ, qInv []byte) (*PrivateKey, error)
		NewPrivateKeyWithPrecomputation creates a new RSA private key from the given
		parameters, which include precomputed CRT values.

	 func PSSMaxSaltLength(pub *PublicKey, hash fips140.Hash) (int, error)
		PSSMaxSaltLength returns the maximum salt length for a given public key and
		hash function.

	 func SignPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error)
		SignPKCS1v15 calculates an RSASSA-PKCS1-v1.5 signature.
		
		hash is the name of the hash function as returned by [crypto.Hash.String]
		or the empty string to indicate that the message is signed directly.

	 func SignPSS(rand io.Reader, priv *PrivateKey, hash fips140.Hash, hashed []byte, saltLength int) ([]byte, error)
		SignPSS calculates the signature of hashed using RSASSA-PSS.

	 func VerifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error
		VerifyPKCS1v15 verifies an RSASSA-PKCS1-v1.5 signature.
		
		hash is the name of the hash function as returned by [crypto.Hash.String]
		or the empty string to indicate that the message is signed directly.

	 func VerifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte) error
		VerifyPSS verifies sig with RSASSA-PSS automatically detecting the salt length.

	 func VerifyPSSWithSaltLength(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error
		VerifyPSS verifies sig with RSASSA-PSS and an expected salt length.

	/* 21 unexporteds ... *//* 21 unexporteds: */
	 func checkApprovedHash(hash fips140.Hash)
	 func checkApprovedHashName(hash string)
	 func checkPrivateKey(priv *PrivateKey) error
		checkPrivateKey is called by the NewPrivateKey and GenerateKey functions, and
		is allowed to modify priv.fipsApproved.

	 func checkPublicKey(pub *PublicKey) (fipsApproved bool, err error)
	 func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error)
		decrypt performs an RSA decryption of ciphertext into out. If check is true,
		m^e is calculated and compared with ciphertext, in order to defend against
		errors in the CRT computation.

	 func emsaPSSEncode(mHash []byte, emBits int, salt []byte, hash fips140.Hash) ([]byte, error)
	 func emsaPSSVerify(mHash, em []byte, emBits, sLen int, hash fips140.Hash) error
	 func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error)
	 func incCounter(c *[4]byte)
		incCounter increments a four byte, big-endian counter.

	 func isPrime(w []byte) bool
		isPrime runs the Miller-Rabin Probabilistic Primality Test from
		FIPS 186-5, Appendix B.3.1.
		
		w must be a random odd integer greater than three in big-endian order.
		isPrime might return false positives for adversarially chosen values.
		
		isPrime is not constant-time.

	 func mgf1XOR(out []byte, hash fips140.Hash, seed []byte)
		mgf1XOR XORs the bytes in out with a mask generated using the MGF1 function
		specified in PKCS #1 v2.1.

	 func millerRabinIteration(mr *millerRabin, bb []byte) (bool, error)
	 func millerRabinSetup(w []byte) (*millerRabin, error)
		millerRabinSetup prepares state that's reused across multiple iterations of
		the Miller-Rabin test.

	 func newPrivateKey(n *bigmod.Modulus, e int, d *bigmod.Nat, p, q *bigmod.Modulus) (*PrivateKey, error)
	 func pkcs1v15ConstructEM(pub *PublicKey, hash string, hashed []byte) ([]byte, error)
	 func randomPrime(rand io.Reader, bits int) ([]byte, error)
		randomPrime returns a random prime number of the given bit size following
		the process in FIPS 186-5, Appendix A.1.3.

	 func signPKCS1v15(priv *PrivateKey, hash string, hashed []byte) ([]byte, error)
	 func testPrivateKey() *PrivateKey
	 func totient(p, q *bigmod.Modulus) (*bigmod.Modulus, error)
		totient computes the Carmichael totient function λ(N) = lcm(p-1, q-1).

	 func verifyPKCS1v15(pub *PublicKey, hash string, hashed []byte, sig []byte) error
	 func verifyPSS(pub *PublicKey, hash fips140.Hash, digest []byte, sig []byte, saltLength int) error
Package-Level Variables (total 7, in which 3 are exported)

	  var ErrDecryption error
	  var ErrMessageTooLong error
	  var ErrVerification error
	/* 4 unexporteds ... *//* 4 unexporteds: */
	  var errDivisorTooLarge error
		errDivisorTooLarge is returned by [totient] when gcd(p-1, q-1) is too large.

	  var fipsSelfTest func()
	  var hashPrefixes map[string][]byte
		These are ASN1 DER structures:
		
			DigestInfo ::= SEQUENCE {
			  digestAlgorithm AlgorithmIdentifier,
			  digest OCTET STRING
			}
		
		For performance, we don't use the generic ASN1 encoder. Rather, we
		precompute a prefix of the digest value that makes a valid ASN1 DER string
		with the correct contents.

	  var productOfPrimes []byte
		productOfPrimes is the product of the first 74 primes higher than 2.
		
		The number of primes was selected to be the highest such that the product fit
		in 512 bits, so to be usable for 1024 bit RSA keys.
		
		Higher values cause fewer Miller-Rabin tests of composites (nothing can help
		with the final test on the actual prime) but make InverseVarTime take longer.


Package-Level Constants (total 5, none are exported)

	/* 5 unexporteds ... *//* 5 unexporteds: */
	const millerRabinCOMPOSITE = false
	const millerRabinPOSSIBLYPRIME = true
	const noCheck = false
	const pssSaltLengthAutodetect = -1
	const withCheck = true

The pages are generated with Golds v0.7.6. (GOOS=linux GOARCH=amd64)