This module implements constant-time RSA PKCS#1.5 DSA.
This module uses unmodified parts of code from BearSSL library <https://bearssl.org/> Copyright(C) 2018 Thomas Pornin <pornin@bolet.org>.
Types
RsaError = enum RsaGenError, RsaKeyIncorrectError, RsaSignatureError, RsaLowSecurityError
- Source Edit
RsaPrivateKey = ref object buffer*: seq[byte] seck*: rsa.RsaPrivateKey pubk*: rsa.RsaPublicKey pexp*: ptr byte pexplen*: uint
- Source Edit
RsaPublicKey = ref object buffer*: seq[byte] key*: rsa.RsaPublicKey
- Source Edit
RsaSignature = ref object buffer*: seq[byte]
- Source Edit
Consts
DefaultKeySize = 3072
- Default RSA key size in bits. Source Edit
DefaultPublicExponent = 65537'u32
- Default value for RSA public exponent. https://golang.org/src/crypto/rsa/rsa.go#226 Source Edit
MinKeySize = 2048
- Minimal allowed RSA key size in bits. https://github.com/libp2p/go-libp2p-core/blob/master/crypto/rsa_common.go#L13 Source Edit
RsaOidSha1 = [5'u, 0x0000002B, 0x0000000E, 0x00000003, 0x00000002, 0x0000001A]
- RSA PKCS#1.5 SHA-1 hash object identifier. Source Edit
RsaOidSha224 = [9'u, 0x00000060, 0x00000086, 0x00000048, 0x00000001, 0x00000065, 0x00000003, 0x00000004, 0x00000002, 0x00000004]
- RSA PKCS#1.5 SHA-224 hash object identifier. Source Edit
RsaOidSha256 = [9'u, 0x00000060, 0x00000086, 0x00000048, 0x00000001, 0x00000065, 0x00000003, 0x00000004, 0x00000002, 0x00000001]
- RSA PKCS#1.5 SHA-256 hash object identifier. Source Edit
RsaOidSha384 = [9'u, 0x00000060, 0x00000086, 0x00000048, 0x00000001, 0x00000065, 0x00000003, 0x00000004, 0x00000002, 0x00000002]
- RSA PKCS#1.5 SHA-384 hash object identifier. Source Edit
RsaOidSha512 = [9'u, 0x00000060, 0x00000086, 0x00000048, 0x00000001, 0x00000065, 0x00000003, 0x00000004, 0x00000002, 0x00000003]
- RSA PKCS#1.5 SHA-512 hash object identifier. Source Edit
Procs
proc `$`(key: RsaPrivateKey): string {....raises: [], tags: [].}
- Return string representation of RSA private key. Source Edit
proc `$`(key: RsaPublicKey): string {....raises: [], tags: [].}
- Return string representation of RSA public key. Source Edit
proc `$`(sig: RsaSignature): string {....raises: [], tags: [].}
- Return string representation of RSA signature. Source Edit
proc `==`(a, b: RsaPrivateKey): bool {....raises: [], tags: [].}
-
Compare two RSA private keys for equality.
Result is true if a and b are both nil or a and b are equal by value.
Source Edit proc `==`(a, b: RsaPublicKey): bool {....raises: [], tags: [].}
- Compare two RSA public keys for equality. Source Edit
proc `==`(a, b: RsaSignature): bool {....raises: [], tags: [].}
- Compare two RSA signatures for equality. Source Edit
proc clear[T: RsaPKI | RsaKeyPair](pki: var T) {....raises: [].}
- Wipe and clear EC private key, public key or scalar object. Source Edit
proc copy[T: RsaPKI](key: T): T {....raises: [].}
- Create copy of RSA private key, public key or signature. Source Edit
proc getBytes(key: RsaPrivateKey): RsaResult[seq[byte]] {....raises: [], tags: [].}
- Serialize RSA private key key to ASN.1 DER binary form and return it. Source Edit
proc getBytes(key: RsaPublicKey): RsaResult[seq[byte]] {....raises: [], tags: [].}
- Serialize RSA public key key to ASN.1 DER binary form and return it. Source Edit
proc getBytes(sig: RsaSignature): RsaResult[seq[byte]] {....raises: [], tags: [].}
- Serialize RSA signature sig to raw binary form and return it. Source Edit
proc getPublicKey(key: RsaPrivateKey): RsaPublicKey {....raises: [], tags: [].}
- Get RSA public key from RSA private key. Source Edit
proc init(key: var RsaPrivateKey; data: openArray[byte]): Result[void, Asn1Error] {. ...raises: [], tags: [].}
-
Initialize RSA private key key from ASN.1 DER binary representation data.
Procedure returns Asn1Status.
Source Edit proc init(key: var RsaPublicKey; data: openArray[byte]): Result[void, Asn1Error] {. ...raises: [], tags: [].}
-
Initialize RSA public key key from ASN.1 DER binary representation data.
Procedure returns Asn1Status.
Source Edit proc init(sig: var RsaSignature; data: openArray[byte]): Result[void, Asn1Error] {. ...raises: [], tags: [].}
-
Initialize RSA signature sig from ASN.1 DER binary representation data.
Procedure returns Result[void, Asn1Status].
Source Edit proc init(t: typedesc[RsaPrivateKey]; data: openArray[byte]): RsaResult[ RsaPrivateKey] {....raises: [].}
- Initialize RSA private key from ASN.1 DER binary representation data and return constructed object. Source Edit
proc init(t: typedesc[RsaPublicKey]; data: openArray[byte]): RsaResult[ RsaPublicKey] {....raises: [].}
- Initialize RSA public key from ASN.1 DER binary representation data and return constructed object. Source Edit
proc init(t: typedesc[RsaSignature]; data: openArray[byte]): RsaResult[ RsaSignature] {....raises: [].}
- Initialize RSA signature from raw binary representation data and return constructed object. Source Edit
proc init[T: RsaPKI](sospk: var T; data: string): Result[void, Asn1Error] {. inline, ...raises: [].}
-
Initialize EC private key, public key or scalar sospk from hexadecimal string representation data.
Procedure returns Result[void, Asn1Status].
Source Edit proc init[T: RsaPKI](t: typedesc[T]; data: string): T {.inline, ...raises: [].}
- Initialize RSA private key, public key or signature from hexadecimal string representation data and return constructed object. Source Edit
proc pubkey(pair: RsaKeyPair): RsaPublicKey {.inline, ...raises: [], tags: [].}
- Get RSA public key from pair pair. Source Edit
proc random[T: RsaKP](t: typedesc[T]; rng: var HmacDrbgContext; bits = DefaultKeySize; pubexp = DefaultPublicExponent): RsaResult[ T] {....raises: [].}
-
Generate new random RSA private key using BearSSL's HMAC-SHA256-DRBG algorithm.
bits number of bits in RSA key, must be in range [2048, 4096] (default = 3072).
pubexp is RSA public exponent, which must be prime (default = 3).
Source Edit proc seckey(pair: RsaKeyPair): RsaPrivateKey {.inline, ...raises: [], tags: [].}
- Get RSA private key from pair pair. Source Edit
proc sign[T: byte | char](key: RsaPrivateKey; message: openArray[T]): RsaResult[ RsaSignature] {....gcsafe, raises: [].}
- Get RSA PKCS1.5 signature of data message using SHA256 and private key key. Source Edit
proc toBytes(key: RsaPrivateKey; data: var openArray[byte]): RsaResult[int] {. ...raises: [], tags: [].}
-
Serialize RSA private key key to ASN.1 DER binary form and store it to data.
Procedure returns number of bytes (octets) needed to store RSA private key, or 0 if private key is is incorrect.
Source Edit proc toBytes(key: RsaPublicKey; data: var openArray[byte]): RsaResult[int] {. ...raises: [], tags: [].}
-
Serialize RSA public key key to ASN.1 DER binary form and store it to data.
Procedure returns number of bytes (octets) needed to store RSA public key, or 0 if public key is incorrect.
Source Edit proc toBytes(sig: RsaSignature; data: var openArray[byte]): RsaResult[int] {. ...raises: [], tags: [].}
-
Serialize RSA signature sig to raw binary form and store it to data.
Procedure returns number of bytes (octets) needed to store RSA public key, or 0 if public key is incorrect.
Source Edit proc verify[T: byte | char](sig: RsaSignature; message: openArray[T]; pubkey: RsaPublicKey): bool {.inline, ...raises: [].}
-
Verify RSA signature sig using public key pubkey and data message.
Return true if message verification succeeded, false if verification failed.
Source Edit