func GenerateKey(random io.Reader, bits int) (*rsa.PrivateKey, error)
GenerateKey generates a RSA keypair for its use in RSA threshold signatures. Internally, the modulus is the product of two safe primes. The time consumed by this function is relatively longer than the regular GenerateKey function from the crypto/rsa package.
func PadHash(padder Padder, hash crypto.Hash, pub *rsa.PublicKey, msg []byte) ([]byte, error)
PadHash MUST be called before signing a message
KeyShare represents a portion of the key. It can only be used to generate SignShare's. During the dealing phase (when Deal is called), one KeyShare is generated per player.
type KeyShare struct {
Index uint // When KeyShare's are generated they are each assigned an index sequentially
Players uint
Threshold uint
// contains filtered or unexported fields
}
func Deal(randSource io.Reader, players, threshold uint, key *rsa.PrivateKey, cache bool) ([]KeyShare, error)
Deal takes in an existing RSA private key generated elsewhere. If cache is true, cached values are stored in KeyShare taking up more memory by reducing Sign time. See KeyShare documentation. Multi-prime RSA keys are unsupported.
func (kshare *KeyShare) MarshalBinary() ([]byte, error)
MarshalBinary encodes a KeyShare into a byte array in a format readable by UnmarshalBinary. Note: Only Index's up to math.MaxUint16 are supported
func (kshare *KeyShare) Sign(randSource io.Reader, pub *rsa.PublicKey, digest []byte, parallel bool) (SignShare, error)
Sign msg using a KeyShare. msg MUST be padded and hashed. Call PadHash before this method.
If rand is not nil then blinding will be used to avoid timing side-channel attacks.
parallel indicates whether the blinding operations should use go routines to operate in parallel. If parallel is false, blinding will take about 2x longer than nonbinding, otherwise it will take about the same time (see benchmarks). If randSource is nil, parallel has no effect. parallel should almost always be set to true.
func (kshare KeyShare) String() string
func (kshare *KeyShare) UnmarshalBinary(data []byte) error
UnmarshalBinary recovers a KeyShare from a slice of bytes, or returns an error if the encoding is invalid.
type PKCS1v15Padder struct{}
func (PKCS1v15Padder) Pad(pub *rsa.PublicKey, hash crypto.Hash, hashed []byte) ([]byte, error)
PSSPadder is a padder for RSA Probabilistic Padding Scheme (RSA-PSS) used in TLS 1.3
Note: If the salt length is non-zero, PSS padding is not deterministic. TLS 1.3 mandates that the salt length is the same as the hash output length. As such, each player cannot pad the message individually, otherwise they will produce unique messages and the signature will not be valid. Instead, one party should generate a random saltLen byte string. When requesting signatures from the rest of the parties they should send along the same random string to be used as `rand` here.
For TLS, rsa.PSSOptions.SaltLength should be PSSSaltLengthEqualsHash.
type PSSPadder struct {
Rand io.Reader
Opts *rsa.PSSOptions
}
func (pss *PSSPadder) Pad(pub *rsa.PublicKey, hash crypto.Hash, hashed []byte) ([]byte, error)
type Padder interface {
Pad(pub *rsa.PublicKey, hash crypto.Hash, hashed []byte) ([]byte, error)
}
SignShare represents a portion of a signature. It is generated when a message is signed by a KeyShare. t SignShare's are then combined by calling CombineSignShares, where t is the Threshold.
type SignShare struct {
Index uint
Players uint
Threshold uint
// contains filtered or unexported fields
}
func (s *SignShare) MarshalBinary() ([]byte, error)
MarshalBinary encodes SignShare into a byte array in a format readable by UnmarshalBinary. Note: Only Index's up to math.MaxUint16 are supported
func (s SignShare) String() string
func (s *SignShare) UnmarshalBinary(data []byte) error
UnmarshalBinary converts a byte array outputted from Marshall into a SignShare or returns an error if the value is invalid
type Signature = []byte
func CombineSignShares(pub *rsa.PublicKey, shares []SignShare, msg []byte) (Signature, error)
CombineSignShares combines t SignShare's to produce a valid signature
| Name | Synopsis |
|---|---|
| .. | |