rsa::padding

Enum PaddingScheme

Source 
pub enum PaddingScheme {
    PKCS1v15Encrypt,
    PKCS1v15Sign {
        hash_len: Option<usize>,
        prefix: Box<[u8]>,
    },
    OAEP {
        digest: Box<dyn DynDigest + Send + Sync>,
        mgf_digest: Box<dyn DynDigest + Send + Sync>,
        label: Option<String>,
    },
    PSS {
        digest: Box<dyn DynDigest + Send + Sync>,
        salt_len: Option<usize>,
    },
}
Expand description

Available padding schemes.

Variants§

§

PKCS1v15Encrypt

Encryption and Decryption using PKCS1v15 padding.

§

PKCS1v15Sign

Sign and Verify using PKCS1v15 padding.

Fields

§hash_len: Option<usize>

Length of hash to use.

§prefix: Box<[u8]>

Prefix.

§

OAEP

Encryption and Decryption using OAEP padding.

  • digest is used to hash the label. The maximum possible plaintext length is m = k - 2 * h_len - 2, where k is the size of the RSA modulus.
  • mgf_digest specifies the hash function that is used in the MGF1.
  • label is optional data that can be associated with the message.

The two hash functions can, but don’t need to be the same.

A prominent example is the AndroidKeyStore. It uses SHA-1 for mgf_digest and a user-chosen SHA flavour for digest.

Fields

§digest: Box<dyn DynDigest + Send + Sync>

Digest type to use.

§mgf_digest: Box<dyn DynDigest + Send + Sync>

Digest to use for Mask Generation Function (MGF).

§label: Option<String>

Optional label.

§

PSS

Sign and Verify using PSS padding.

Fields

§digest: Box<dyn DynDigest + Send + Sync>

Digest type to use.

§salt_len: Option<usize>

Salt length.

Implementations§

Source§

impl PaddingScheme

Source

pub fn new_pkcs1v15_encrypt() -> Self

Create new PKCS#1 v1.5 encryption padding.

Source

pub fn new_pkcs1v15_sign_raw() -> Self

Create new PKCS#1 v1.5 padding for computing a raw signature.

This sets hash_len to None and uses an empty prefix.

Source

pub fn new_pkcs1v15_sign<D>() -> Self
where D: Digest + AssociatedOid,

Create new PKCS#1 v1.5 padding for the given digest.

The digest must have an AssociatedOid. Make sure to enable the oid feature of the relevant digest crate.

Source

pub fn new_oaep_with_mgf_hash<T: 'static + Digest + DynDigest + Send + Sync, U: 'static + Digest + DynDigest + Send + Sync>() -> Self

Create a new OAEP PaddingScheme, using T as the hash function for the default (empty) label, and U as the hash function for MGF1. If a label is needed use PaddingScheme::new_oaep_with_label or PaddingScheme::new_oaep_with_mgf_hash_with_label.

§Example
use sha1::Sha1;
use sha2::Sha256;
use rsa::{BigUint, RsaPublicKey, PaddingScheme, PublicKey};
use base64ct::{Base64, Encoding};

let n = Base64::decode_vec("ALHgDoZmBQIx+jTmgeeHW6KsPOrj11f6CvWsiRleJlQpW77AwSZhd21ZDmlTKfaIHBSUxRUsuYNh7E2SHx8rkFVCQA2/gXkZ5GK2IUbzSTio9qXA25MWHvVxjMfKSL8ZAxZyKbrG94FLLszFAFOaiLLY8ECs7g+dXOriYtBwLUJK+lppbd+El+8ZA/zH0bk7vbqph5pIoiWggxwdq3mEz4LnrUln7r6dagSQzYErKewY8GADVpXcq5mfHC1xF2DFBub7bFjMVM5fHq7RK+pG5xjNDiYITbhLYrbVv3X0z75OvN0dY49ITWjM7xyvMWJXVJS7sJlgmCCL6RwWgP8PhcE=").unwrap();
let e = Base64::decode_vec("AQAB").unwrap();

let mut rng = rand::thread_rng();
let key = RsaPublicKey::new(BigUint::from_bytes_be(&n), BigUint::from_bytes_be(&e)).unwrap();
let padding = PaddingScheme::new_oaep_with_mgf_hash::<Sha256, Sha1>();
let encrypted_data = key.encrypt(&mut rng, padding, b"secret").unwrap();
Source

pub fn new_oaep<T: 'static + Digest + DynDigest + Send + Sync>() -> Self

Create a new OAEP PaddingScheme, using T as the hash function for both the default (empty) label and for MGF1.

§Example
use sha1::Sha1;
use sha2::Sha256;
use rsa::{BigUint, RsaPublicKey, PaddingScheme, PublicKey};
use base64ct::{Base64, Encoding};

let n = Base64::decode_vec("ALHgDoZmBQIx+jTmgeeHW6KsPOrj11f6CvWsiRleJlQpW77AwSZhd21ZDmlTKfaIHBSUxRUsuYNh7E2SHx8rkFVCQA2/gXkZ5GK2IUbzSTio9qXA25MWHvVxjMfKSL8ZAxZyKbrG94FLLszFAFOaiLLY8ECs7g+dXOriYtBwLUJK+lppbd+El+8ZA/zH0bk7vbqph5pIoiWggxwdq3mEz4LnrUln7r6dagSQzYErKewY8GADVpXcq5mfHC1xF2DFBub7bFjMVM5fHq7RK+pG5xjNDiYITbhLYrbVv3X0z75OvN0dY49ITWjM7xyvMWJXVJS7sJlgmCCL6RwWgP8PhcE=").unwrap();
let e = Base64::decode_vec("AQAB").unwrap();

let mut rng = rand::thread_rng();
let key = RsaPublicKey::new(BigUint::from_bytes_be(&n), BigUint::from_bytes_be(&e)).unwrap();
let padding = PaddingScheme::new_oaep::<Sha256>();
let encrypted_data = key.encrypt(&mut rng, padding, b"secret").unwrap();
Source

pub fn new_oaep_with_mgf_hash_with_label<T: 'static + Digest + DynDigest + Send + Sync, U: 'static + Digest + DynDigest + Send + Sync, S: AsRef<str>>( label: S, ) -> Self

Create a new OAEP PaddingScheme with an associated label, using T as the hash function for the label, and U as the hash function for MGF1.

Source

pub fn new_oaep_with_label<T: 'static + Digest + DynDigest + Send + Sync, S: AsRef<str>>( label: S, ) -> Self

Create a new OAEP PaddingScheme with an associated label, using T as the hash function for both the label and for MGF1.

Source

pub fn new_pss<T: 'static + Digest + DynDigest + Send + Sync>() -> Self

New PSS padding for the given digest.

Source

pub fn new_pss_with_salt<T: 'static + Digest + DynDigest + Send + Sync>( len: usize, ) -> Self

New PSS padding for the given digest with a salt value of the given length.

Trait Implementations§

Source§

impl Debug for PaddingScheme

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V