[go] crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
153 views
Skip to first unread message
Evan Broder (Gerrit)
Jun 12, 2015, 4:27:15 PM6/12/15
to Ian Lance Taylor, golang-co...@googlegroups.com
Evan Broder uploaded a change:
https://go-review.googlesource.com/10952
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
This brings the DSA PrivateKey class into parity with the RSA and
ECDSA implementations. As per the crypto.Signer documentation, the
Sign method encodes the signature into an ASN.1 sequence.
Change-Id: I55e1df65979cc4e0d87345bec79a36dd69af50f5
---
M src/crypto/dsa/dsa.go
M src/go/build/deps_test.go
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
index b7565a6..81d579a 100644
--- a/src/crypto/dsa/dsa.go
+++ b/src/crypto/dsa/dsa.go
@@ -6,6 +6,8 @@
package dsa
import (
+ "crypto"
+ "encoding/asn1"
"errors"
"io"
"math/big"
@@ -29,6 +31,10 @@
X *big.Int
}
+type dsaSignature struct {
+ R, S *big.Int
+}
+
// ErrInvalidPublicKey results when a public key is not usable by this
code.
// FIPS is quite strict about the format of DSA keys, but other code may be
// less so. Thus, when using keys which may have been generated by other
code,
@@ -50,6 +56,24 @@
// pick the largest recommended number from table C.1 of FIPS 186-3.
const numMRTests = 64
+// Public returns the public key corresponding to priv
+func (priv *PrivateKey) Public() crypto.PublicKey {
+ return &priv.PublicKey
+}
+
+// Sign signs msg with priv, reading randomness from rand. This method is
+// intended to support keys where the private part is kept in, for
example, a
+// hardware module. Common uses should use the Sign function in this
package
+// directly.
+func (priv *PrivateKey) Sign(rand io.Reader, msg []byte, opts
crypto.SignerOpts) ([]byte, error) {
+ r, s, err := Sign(rand, priv, msg)
+ if err != nil {
+ return nil, err
+ }
+
+ return asn1.Marshal(dsaSignature{r, s})
+}
+
// GenerateParameters puts a random, valid set of DSA parameters into
params.
// This function takes many seconds, even on fast machines.
func GenerateParameters(params *Parameters, rand io.Reader, sizes
ParameterSizes) (err error) {
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 8e985aa..4e7b5bf 100644
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -287,7 +287,7 @@
// Mathematical crypto: dependencies on fmt (L4) and math/big.
// We could avoid some of the fmt, but math/big imports fmt anyway.
- "crypto/dsa": {"L4", "CRYPTO", "math/big"},
+ "crypto/dsa": {"L4", "CRYPTO", "math/big", "encoding/asn1"},
"crypto/ecdsa":
{"L4", "CRYPTO", "crypto/elliptic", "math/big", "encoding/asn1"},
"crypto/elliptic": {"L4", "CRYPTO", "math/big"},
"crypto/rsa": {"L4", "CRYPTO", "crypto/rand", "math/big"},
--
https://go-review.googlesource.com/10952
https://go-review.googlesource.com/10952
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
This brings the DSA PrivateKey class into parity with the RSA and
ECDSA implementations. As per the crypto.Signer documentation, the
Sign method encodes the signature into an ASN.1 sequence.
Change-Id: I55e1df65979cc4e0d87345bec79a36dd69af50f5
---
M src/crypto/dsa/dsa.go
M src/go/build/deps_test.go
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go
index b7565a6..81d579a 100644
--- a/src/crypto/dsa/dsa.go
+++ b/src/crypto/dsa/dsa.go
@@ -6,6 +6,8 @@
package dsa
import (
+ "crypto"
+ "encoding/asn1"
"errors"
"io"
"math/big"
@@ -29,6 +31,10 @@
X *big.Int
}
+type dsaSignature struct {
+ R, S *big.Int
+}
+
// ErrInvalidPublicKey results when a public key is not usable by this
code.
// FIPS is quite strict about the format of DSA keys, but other code may be
// less so. Thus, when using keys which may have been generated by other
code,
@@ -50,6 +56,24 @@
// pick the largest recommended number from table C.1 of FIPS 186-3.
const numMRTests = 64
+// Public returns the public key corresponding to priv
+func (priv *PrivateKey) Public() crypto.PublicKey {
+ return &priv.PublicKey
+}
+
+// Sign signs msg with priv, reading randomness from rand. This method is
+// intended to support keys where the private part is kept in, for
example, a
+// hardware module. Common uses should use the Sign function in this
package
+// directly.
+func (priv *PrivateKey) Sign(rand io.Reader, msg []byte, opts
crypto.SignerOpts) ([]byte, error) {
+ r, s, err := Sign(rand, priv, msg)
+ if err != nil {
+ return nil, err
+ }
+
+ return asn1.Marshal(dsaSignature{r, s})
+}
+
// GenerateParameters puts a random, valid set of DSA parameters into
params.
// This function takes many seconds, even on fast machines.
func GenerateParameters(params *Parameters, rand io.Reader, sizes
ParameterSizes) (err error) {
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 8e985aa..4e7b5bf 100644
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -287,7 +287,7 @@
// Mathematical crypto: dependencies on fmt (L4) and math/big.
// We could avoid some of the fmt, but math/big imports fmt anyway.
- "crypto/dsa": {"L4", "CRYPTO", "math/big"},
+ "crypto/dsa": {"L4", "CRYPTO", "math/big", "encoding/asn1"},
"crypto/ecdsa":
{"L4", "CRYPTO", "crypto/elliptic", "math/big", "encoding/asn1"},
"crypto/elliptic": {"L4", "CRYPTO", "math/big"},
"crypto/rsa": {"L4", "CRYPTO", "crypto/rand", "math/big"},
--
https://go-review.googlesource.com/10952
Adam Langley (Gerrit)
Jun 14, 2015, 2:56:42 PM6/14/15
to Evan Broder, golang-co...@googlegroups.com
Adam Langley has posted comments on this change.
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
Patch Set 1:
(1 comment)
Ugh. I was clearly in far too generous a mood when crypto/dsa was added to
the standard library.
We can't delete it, but might I ask what on earth you need this for? I
agree, in principle, that dsa should implement Signer, but there is an
argument to be made that DSA is decrepit at this point.
https://go-review.googlesource.com/#/c/10952/1/src/crypto/dsa/dsa.go
File src/crypto/dsa/dsa.go:
Line 64: // Sign signs msg with priv, reading randomness from rand. This
Sign function in this package directly.
--
https://go-review.googlesource.com/10952
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Gerrit-HasComments: Yes
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
(1 comment)
Ugh. I was clearly in far too generous a mood when crypto/dsa was added to
the standard library.
We can't delete it, but might I ask what on earth you need this for? I
agree, in principle, that dsa should implement Signer, but there is an
argument to be made that DSA is decrepit at this point.
https://go-review.googlesource.com/#/c/10952/1/src/crypto/dsa/dsa.go
File src/crypto/dsa/dsa.go:
Line 64: // Sign signs msg with priv, reading randomness from rand. This
method is
// Sign signs msg with priv, reading randomness from rand. This method
exists to satisfy the crypto.Signer interface. Common uses should use the
// Sign signs msg with priv, reading randomness from rand. This method
Sign function in this package directly.
--
https://go-review.googlesource.com/10952
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Gerrit-HasComments: Yes
Evan Broder (Gerrit)
Jun 15, 2015, 12:42:55 AM6/15/15
to Adam Langley, golang-co...@googlegroups.com
Evan Broder has posted comments on this change.
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
initially so that I could test my crypto/ssh.Signer implementation against
DSA keys, since the signature encoding is so fiddly.
But I don't actually have a real-world use for this (the lack of parity
just seemed weird)
Gerrit-Reviewer: Evan Broder <ev...@stripe.com>
Gerrit-HasComments: No
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
Patch Set 1:
> (1 comment)
>
> Ugh. I was clearly in far too generous a mood when crypto/dsa was
> added to the standard library.
>
> We can't delete it, but might I ask what on earth you need this
> for? I agree, in principle, that dsa should implement Signer, but
> there is an argument to be made that DSA is decrepit at this point.
Yeah, I guess I don't have the world's best defense here. I wrote the code
> (1 comment)
>
> Ugh. I was clearly in far too generous a mood when crypto/dsa was
> added to the standard library.
>
> We can't delete it, but might I ask what on earth you need this
> for? I agree, in principle, that dsa should implement Signer, but
> there is an argument to be made that DSA is decrepit at this point.
initially so that I could test my crypto/ssh.Signer implementation against
DSA keys, since the signature encoding is so fiddly.
But I don't actually have a real-world use for this (the lack of parity
just seemed weird)
Gerrit-Reviewer: Evan Broder <ev...@stripe.com>
Gerrit-HasComments: No
Russ Cox (Gerrit)
Jun 26, 2015, 12:05:39 PM6/26/15
to Evan Broder, Russ Cox, Adam Langley, golang-co...@googlegroups.com
Russ Cox has posted comments on this change.
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
Patch Set 1:
R=close
Okay, let's wait until there's a compelling reason. Absent a time machine,
it doesn't sound like there will be one.
--
https://go-review.googlesource.com/10952
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Gerrit-Reviewer: Evan Broder <ev...@stripe.com>
Gerrit-Reviewer: Russ Cox <r...@golang.org>
Gerrit-HasComments: No
crypto/dsa: Implement crypto.Signer interface on dsa.PrivateKey
R=close
Okay, let's wait until there's a compelling reason. Absent a time machine,
it doesn't sound like there will be one.
--
https://go-review.googlesource.com/10952
Gerrit-Reviewer: Adam Langley <a...@golang.org>
Gerrit-Reviewer: Evan Broder <ev...@stripe.com>
Gerrit-HasComments: No
Reply all
Reply to author
Forward
0 new messages