Documentation
¶
Overview ¶
Package boring provides access to BoringCrypto implementation functions. Check the constant Enabled to find out whether BoringCrypto is available. If BoringCrypto is not available, the functions in this package all panic.
Index ¶
- Constants
- func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)
- func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error)
- func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)
- func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error)
- func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error)
- func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error)
- func NewAESCipher(key []byte) (cipher.Block, error)
- func NewGCMTLS(cipher.Block) (cipher.AEAD, error)
- func NewHMAC(h func() hash.Hash, key []byte) hash.Hash
- func NewSHA1() hash.Hash
- func NewSHA224() hash.Hash
- func NewSHA256() hash.Hash
- func NewSHA384() hash.Hash
- func NewSHA512() hash.Hash
- func SHA1([]byte) [20]byte
- func SHA224([]byte) [28]byte
- func SHA256([]byte) [32]byte
- func SHA384([]byte) [48]byte
- func SHA512([]byte) [64]byte
- func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error)
- func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error)
- func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error)
- func Unreachable()
- func UnreachableExceptTests()
- func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool
- func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error
- func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error
- type BigInt
- type Cache
- type PrivateKeyECDSA
- type PrivateKeyRSA
- type PublicKeyECDSA
- type PublicKeyRSA
Constants ¶
const Enabled = available
Enabled reports whether BoringCrypto is available. When enabled is false, all functions in this package panic.
BoringCrypto is only available on linux/amd64 systems.
const RandReader = randReader(0)
Variables ¶
This section is empty.
Functions ¶
func DecryptRSANoPadding ¶
func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)
func DecryptRSAOAEP ¶
func DecryptRSAPKCS1 ¶
func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)
func EncryptRSANoPadding ¶
func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error)
func EncryptRSAOAEP ¶
func EncryptRSAPKCS1 ¶
func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error)
func SignMarshalECDSA ¶
func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error)
func SignRSAPKCS1v15 ¶
func SignRSAPSS ¶
func Unreachable ¶
func Unreachable()
Unreachable marks code that should be unreachable when BoringCrypto is in use. It is a no-op without BoringCrypto.
func UnreachableExceptTests ¶
func UnreachableExceptTests()
UnreachableExceptTests marks code that should be unreachable when BoringCrypto is in use. It is a no-op without BoringCrypto.
func VerifyECDSA ¶
func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool
func VerifyRSAPKCS1v15 ¶
func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error
func VerifyRSAPSS ¶
Types ¶
type BigInt ¶
type BigInt []uint
A BigInt is the raw words from a BigInt. This definition allows us to avoid importing math/big. Conversion between BigInt and *big.Int is in crypto/internal/boring/bbig.
func GenerateKeyECDSA ¶
func GenerateKeyRSA ¶
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
A Cache is a GC-friendly concurrent map from unsafe.Pointer to unsafe.Pointer. It is meant to be used for maintaining shadow BoringCrypto state associated with certain allocated structs, in particular public and private RSA and ECDSA keys.
The cache is GC-friendly in the sense that the keys do not indefinitely prevent the garbage collector from collecting them. Instead, at the start of each GC, the cache is cleared entirely. That is, the cache is lossy, and the loss happens at the start of each GC. This means that clients need to be able to cope with cache entries disappearing, but it also means that clients don't need to worry about cache entries keeping the keys from being collected.
TODO(rsc): Make Cache generic once consumers can handle that.
func (*Cache) Clear ¶
func (c *Cache) Clear()
Clear clears the cache. The runtime does this automatically at each garbage collection; this method is exposed only for testing.
func (*Cache) Get ¶
Get returns the cached value associated with v, which is either the value v corresponding to the most recent call to Put(k, v) or nil if that cache entry has been dropped.
type PrivateKeyECDSA ¶
type PrivateKeyECDSA struct {
// contains filtered or unexported fields
}
func NewPrivateKeyECDSA ¶
func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error)
type PrivateKeyRSA ¶
type PrivateKeyRSA struct {
// contains filtered or unexported fields
}
func NewPrivateKeyRSA ¶
func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error)
type PublicKeyECDSA ¶
type PublicKeyECDSA struct {
// contains filtered or unexported fields
}
func NewPublicKeyECDSA ¶
func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error)
type PublicKeyRSA ¶
type PublicKeyRSA struct {
// contains filtered or unexported fields
}
func NewPublicKeyRSA ¶
func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error)
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary.
|
Package sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary. |