opentitanlib::crypto::rsa

Struct RsaPrivateKey

Source 
pub struct RsaPrivateKey { /* private fields */ }
Expand description

RSA Private Key used in OpenTitan signing operations.

This is a wrapper for handling RSA priavate keys as they’re used in OpenTitan images.

Implementations§

Source§

impl RsaPrivateKey

Source

pub fn new() -> Result<Self>

Construct a new 3072-bit private key with e = 65537.

Source

pub fn from_pkcs8_der_file<P: Into<PathBuf>>(der_file: P) -> Result<Self>

Construct a new private key from a PKCS8 encoded DER file.

Source

pub fn to_pkcs8_der_file<P: Into<PathBuf>>(&self, der_file: P) -> Result<()>

Write private key to a PKCS8 encoded DER file.

Source

pub fn sign(&self, digest: &Sha256Digest) -> Result<Signature>

Signs a SHA256 digest using PKCS1v15 padding scheme.

Methods from Deref<Target = RsaPrivateKey>§

pub fn to_public_key(&self) -> RsaPublicKey

Get the public key from the private key, cloning n and e.

Generally this is not needed since RsaPrivateKey implements the PublicKey trait, but it can occasionally be useful to discard the private information entirely.

pub fn crt_coefficient(&self) -> Option<BigUint>

Compute CRT coefficient: (1/q) mod p.

pub fn validate(&self) -> Result<(), Error>

Performs basic sanity checks on the key. Returns Ok(()) if everything is good, otherwise an appropriate error.

pub fn decrypt<P>( &self, padding: P, ciphertext: &[u8], ) -> Result<Vec<u8>, Error>
where P: PaddingScheme,

Decrypt the given message.

pub fn decrypt_blinded<R, P>( &self, rng: &mut R, padding: P, ciphertext: &[u8], ) -> Result<Vec<u8>, Error>
where R: CryptoRngCore, P: PaddingScheme,

Decrypt the given message.

Uses rng to blind the decryption process.

pub fn sign<S>(&self, padding: S, digest_in: &[u8]) -> Result<Vec<u8>, Error>
where S: SignatureScheme,

Sign the given digest.

pub fn sign_with_rng<R, S>( &self, rng: &mut R, padding: S, digest_in: &[u8], ) -> Result<Vec<u8>, Error>
where R: CryptoRngCore, S: SignatureScheme,

Sign the given digest using the provided rng, which is used in the following ways depending on the [SignatureScheme]:

  • [Pkcs1v15Sign][crate::Pkcs1v15Sign] padding: uses the RNG to mask the private key operation with random blinding, which helps mitigate sidechannel attacks.
  • [Pss][crate::Pss] always requires randomness. Use [Pss::new][crate::Pss::new] for a standard RSASSA-PSS signature, or [Pss::new_blinded][crate::Pss::new_blinded] for RSA-BSSA blind signatures.

Trait Implementations§

Source§

impl Clone for RsaPrivateKey

Source§

fn clone(&self) -> RsaPrivateKey

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for RsaPrivateKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Deref for RsaPrivateKey

Source§

type Target = RsaPrivateKey

The resulting type after dereferencing.
Source§

fn deref(&self) -> &Self::Target

Dereferences the value.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<P, T> Receiver for P
where P: Deref<Target = T> + ?Sized, T: ?Sized,

Source§

type Target = T

🔬This is a nightly-only experimental API. (arbitrary_self_types)
The target type on which the method may be called.
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

§

fn vzip(self) -> V