1*e7b1675dSTing-Kang Chang// Copyright 2022 Google LLC 2*e7b1675dSTing-Kang Chang// 3*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang// 7*e7b1675dSTing-Kang Chang// http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang// 9*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang// limitations under the License. 14*e7b1675dSTing-Kang Chang// 15*e7b1675dSTing-Kang Chang//////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Changpackage signature 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changimport ( 20*e7b1675dSTing-Kang Chang "crypto" 21*e7b1675dSTing-Kang Chang "crypto/rand" 22*e7b1675dSTing-Kang Chang "crypto/rsa" 23*e7b1675dSTing-Kang Chang "fmt" 24*e7b1675dSTing-Kang Chang "hash" 25*e7b1675dSTing-Kang Chang 26*e7b1675dSTing-Kang Chang "github.com/google/tink/go/subtle" 27*e7b1675dSTing-Kang Chang "github.com/google/tink/go/tink" 28*e7b1675dSTing-Kang Chang) 29*e7b1675dSTing-Kang Chang 30*e7b1675dSTing-Kang Chang// RSA_SSA_PSS_Signer is an implementation of Signer for RSA-SSA-PSS. 31*e7b1675dSTing-Kang Changtype RSA_SSA_PSS_Signer struct { 32*e7b1675dSTing-Kang Chang privateKey *rsa.PrivateKey 33*e7b1675dSTing-Kang Chang hashFunc func() hash.Hash 34*e7b1675dSTing-Kang Chang hashID crypto.Hash 35*e7b1675dSTing-Kang Chang saltLength int 36*e7b1675dSTing-Kang Chang} 37*e7b1675dSTing-Kang Chang 38*e7b1675dSTing-Kang Changvar _ tink.Signer = (*RSA_SSA_PSS_Signer)(nil) 39*e7b1675dSTing-Kang Chang 40*e7b1675dSTing-Kang Chang// New_RSA_SSA_PSS_Signer creates a new instance of RSA_SSA_PSS_Signer. 41*e7b1675dSTing-Kang Changfunc New_RSA_SSA_PSS_Signer(hashAlg string, saltLength int, privKey *rsa.PrivateKey) (*RSA_SSA_PSS_Signer, error) { 42*e7b1675dSTing-Kang Chang if err := validRSAPublicKey(&privKey.PublicKey); err != nil { 43*e7b1675dSTing-Kang Chang return nil, err 44*e7b1675dSTing-Kang Chang } 45*e7b1675dSTing-Kang Chang hashFunc, hashID, err := rsaHashFunc(hashAlg) 46*e7b1675dSTing-Kang Chang if err != nil { 47*e7b1675dSTing-Kang Chang return nil, err 48*e7b1675dSTing-Kang Chang } 49*e7b1675dSTing-Kang Chang if saltLength < 0 { 50*e7b1675dSTing-Kang Chang return nil, fmt.Errorf("invalid salt length") 51*e7b1675dSTing-Kang Chang } 52*e7b1675dSTing-Kang Chang return &RSA_SSA_PSS_Signer{ 53*e7b1675dSTing-Kang Chang privateKey: privKey, 54*e7b1675dSTing-Kang Chang hashFunc: hashFunc, 55*e7b1675dSTing-Kang Chang hashID: hashID, 56*e7b1675dSTing-Kang Chang saltLength: saltLength, 57*e7b1675dSTing-Kang Chang }, nil 58*e7b1675dSTing-Kang Chang} 59*e7b1675dSTing-Kang Chang 60*e7b1675dSTing-Kang Chang// Sign computes a signature for the given data. 61*e7b1675dSTing-Kang Changfunc (s *RSA_SSA_PSS_Signer) Sign(data []byte) ([]byte, error) { 62*e7b1675dSTing-Kang Chang digest, err := subtle.ComputeHash(s.hashFunc, data) 63*e7b1675dSTing-Kang Chang if err != nil { 64*e7b1675dSTing-Kang Chang return nil, err 65*e7b1675dSTing-Kang Chang } 66*e7b1675dSTing-Kang Chang return rsa.SignPSS(rand.Reader, s.privateKey, s.hashID, digest, &rsa.PSSOptions{SaltLength: s.saltLength}) 67*e7b1675dSTing-Kang Chang 68*e7b1675dSTing-Kang Chang} 69