package boring

import "crypto/internal/boring"

Package boring provides access to BoringCrypto implementation functions. Check the constant Enabled to find out whether BoringCrypto is available. If BoringCrypto is not available, the functions in this package all panic.

Index

Constants 

const Enabled = available

Enabled reports whether BoringCrypto is available. When enabled is false, all functions in this package panic.

BoringCrypto is only available on linux/amd64 systems. 

const RandReader = randReader(0)

Functions

func DecryptRSANoPadding 

func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)

func DecryptRSAOAEP 

func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error)

func DecryptRSAPKCS1 

func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)

func EncryptRSANoPadding 

func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error)

func EncryptRSAOAEP 

func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error)

func EncryptRSAPKCS1 

func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error)

func NewAESCipher 

func NewAESCipher(key []byte) (cipher.Block, error)

func NewGCMTLS 

func NewGCMTLS(cipher.Block) (cipher.AEAD, error)

func NewHMAC 

func NewHMAC(h func() hash.Hash, key []byte) hash.Hash

func NewSHA1 

func NewSHA1() hash.Hash

func NewSHA224 

func NewSHA224() hash.Hash

func NewSHA256 

func NewSHA256() hash.Hash

func NewSHA384 

func NewSHA384() hash.Hash

func NewSHA512 

func NewSHA512() hash.Hash

func SHA1 

func SHA1([]byte) [20]byte

func SHA224 

func SHA224([]byte) [28]byte

func SHA256 

func SHA256([]byte) [32]byte

func SHA384 

func SHA384([]byte) [48]byte

func SHA512 

func SHA512([]byte) [64]byte

func SignMarshalECDSA 

func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error)

func SignRSAPKCS1v15 

func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error)

func SignRSAPSS 

func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error)

func Unreachable 

func Unreachable()

Unreachable marks code that should be unreachable when BoringCrypto is in use. It is a no-op without BoringCrypto.

func UnreachableExceptTests 

func UnreachableExceptTests()

UnreachableExceptTests marks code that should be unreachable when BoringCrypto is in use. It is a no-op without BoringCrypto.

func VerifyECDSA 

func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool

func VerifyRSAPKCS1v15 

func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error

func VerifyRSAPSS 

func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error

Types

type BigInt 

type BigInt []uint

A BigInt is the raw words from a BigInt. This definition allows us to avoid importing math/big. Conversion between BigInt and *big.Int is in crypto/internal/boring/bbig.

func GenerateKeyECDSA 

func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error)

func GenerateKeyRSA 

func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error)

type Cache 

type Cache struct {
	// contains filtered or unexported fields
}

A Cache is a GC-friendly concurrent map from unsafe.Pointer to unsafe.Pointer. It is meant to be used for maintaining shadow BoringCrypto state associated with certain allocated structs, in particular public and private RSA and ECDSA keys.

The cache is GC-friendly in the sense that the keys do not indefinitely prevent the garbage collector from collecting them. Instead, at the start of each GC, the cache is cleared entirely. That is, the cache is lossy, and the loss happens at the start of each GC. This means that clients need to be able to cope with cache entries disappearing, but it also means that clients don't need to worry about cache entries keeping the keys from being collected.

TODO(rsc): Make Cache generic once consumers can handle that.

func (*Cache) Clear 

func (c *Cache) Clear()

Clear clears the cache. The runtime does this automatically at each garbage collection; this method is exposed only for testing.

func (*Cache) Get 

func (c *Cache) Get(k unsafe.Pointer) unsafe.Pointer

Get returns the cached value associated with v, which is either the value v corresponding to the most recent call to Put(k, v) or nil if that cache entry has been dropped.

func (*Cache) Put 

func (c *Cache) Put(k, v unsafe.Pointer)

Put sets the cached value associated with k to v.

func (*Cache) Register 

func (c *Cache) Register()

Register registers the cache with the runtime, so that c.ptable can be cleared at the start of each GC. Register must be called during package initialization.

type PrivateKeyECDSA 

type PrivateKeyECDSA struct {
	// contains filtered or unexported fields
}

func NewPrivateKeyECDSA 

func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error)

type PrivateKeyRSA 

type PrivateKeyRSA struct {
	// contains filtered or unexported fields
}

func NewPrivateKeyRSA 

func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error)

type PublicKeyECDSA 

type PublicKeyECDSA struct {
	// contains filtered or unexported fields
}

func NewPublicKeyECDSA 

func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error)

type PublicKeyRSA 

type PublicKeyRSA struct {
	// contains filtered or unexported fields
}

func NewPublicKeyRSA 

func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error)

Source Files

cache.go doc.go notboring.go

Directories

PathSynopsis
crypto/internal/boring/bbig
crypto/internal/boring/sigPackage sig holds “code signatures” that can be called and will result in certain code sequences being linked into the final binary.
Version
v1.19.0-beta.1
Published
Jun 9, 2022
Platform
linux/amd64
Imports
6 packages
Last checked
53 seconds ago

Tools for package owners.