Module Nocrypto.Rsa

module Rsa: sig .. end
RSA public-key cryptography.

Keys are taken to be trusted material, and their properties are not checked.

Messages are checked not to exceed the key size, and this is signalled via exceptions.

Private-key operations are optionally protected through RSA blinding.



RSA public-key encryption


exception Insufficient_key
Raised if the key is too small to transform the given message, i.e. if the numerical interpretation of the (potentially padded) message is not smaller than the modulus.

It is additionally raised if the message is 0 and the mode does not involve padding.

type pub = {
   e : Z.t; (*
Public exponent
*)
   n : Z.t; (*
Modulus
*)
}
Public key.

Sexplib convertible.

type priv = {
   e : Z.t; (*
Public exponent
*)
   d : Z.t; (*
Private exponent
*)
   n : Z.t; (*
Modulus
*)
   p : Z.t; (*
Prime factor p
*)
   q : Z.t; (*
Prime factor q
*)
   dp : Z.t; (*
mod (p-1)
*)
   dq : Z.t; (*
mod (q-1)
*)
   q' : Z.t; (*
q^(-1) mod p
*)
}
Private key (two-factor version).

Sexplib convertible.

type mask = [ `No | `Yes | `Yes_with of Nocrypto.Rng.g ] 
Masking (cryptographic blinding) option.
val pub_bits : pub -> int
Bit-size of a public key.
val priv_bits : priv -> int
Bit-size of a private key.
val priv_of_primes : e:Z.t -> p:Z.t -> q:Z.t -> priv
priv_of_primes e p q creates priv from a minimal description: the public exponent and the two primes.
val pub_of_priv : priv -> pub
Extract the public component from a private key.
val encrypt : key:pub -> Cstruct.t -> Cstruct.t
encrypt key message is the encrypted message.
Raises Insufficient_key (see Insufficient_key)
val decrypt : ?mask:mask -> key:priv -> Cstruct.t -> Cstruct.t
decrypt mask key ciphertext is the decrypted ciphertext, left-padded with 0x00 up to key size.
Raises Insufficient_key (see Insufficient_key)
val generate : ?g:Nocrypto.Rng.g -> ?e:Z.t -> int -> priv
generate g e bits is a new priv. e defaults to 2^16+1.
Raises Invalid_argument if e is bad or bits is too small.

PKCS#1 padded modes


module PKCS1: sig .. end
PKCS v1.5-padded operations, as defined by PKCS #1 v1.5.
module OAEP: 
functor (H : Nocrypto.Hash.S-> sig .. end
OAEP-padded encryption, as defined by PKCS #1 v2.1.
module PSS: 
functor (H : Nocrypto.Hash.S-> sig .. end
PSS-based signing, as defined by PKCS #1 v2.1.