完善

Author: FishGoddess

FUTURE.md

@@ -5,14 +5,14 @@
 * [ ] 增加 cmd 包，提供二进制 cli 使用
 * [ ] 支持 SM3 国标算法
 * [ ] 支持 SM4 国标算法
+* [ ] 支持更多的散列算法
 
 ### v0.5.x
 
 * [ ] 支持 ECDSA 算法
 * [ ] 支持 EdDSA 算法
-* [ ] 支持更多的散列算法
 * [x] 重构代码，优化使用方式
-* [ ] 继续完善单元测试，提升覆盖率到 90% 以上
+* [ ] 提升覆盖率到 90% 以上
 
 ### v0.4.x
 

README.en.md

@@ -48,15 +48,15 @@ func main() {
 	// Use the private key to sign data.
 	digest := hash.SHA256(data)
 
-	sign, err := privateKey.SignPSS(digest, 0, rsa.WithHex())
+	sign, err := privateKey.SignPSS(digest, rsa.WithHex())
 	if err != nil {
 		panic(err)
 	}
 
 	fmt.Printf("sign: %s\n", sign)
 
 	// Use the public key to verify the sign.
-	err = publicKey.VerifyPSS(digest, sign, 0, rsa.WithHex())
+	err = publicKey.VerifyPSS(digest, sign, rsa.WithHex())
 	if err != nil {
 		panic(err)
 	}

README.md

@@ -53,7 +53,7 @@ func BenchmarkRSA_EncryptOAEP(b *testing.B) {
 
 // go test -v -bench=^BenchmarkRSA_DecryptPKCS1v15$ -benchtime=1s rsa_test.go
 func BenchmarkRSA_DecryptPKCS1v15(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -81,7 +81,7 @@ func BenchmarkRSA_DecryptPKCS1v15(b *testing.B) {
 
 // go test -v -bench=^BenchmarkRSA_DecryptPKCS1v15SessionKey$ -benchtime=1s rsa_test.go
 func BenchmarkRSA_DecryptPKCS1v15SessionKey(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -95,14 +95,14 @@ func BenchmarkRSA_DecryptPKCS1v15SessionKey(b *testing.B) {
 
 	encrypt, err := publicKey.EncryptPKCS1v15(sessionKey)
 	if err != nil {
-		t.Fatal(err)
+		b.Fatal(err)
 	}
 
 	b.ReportAllocs()
 	b.ResetTimer()
 
 	for i := 0; i < b.N; i++ {
-		err := privateKey.DecryptPKCS1v15SessionKey(encrypt, sessionKey, nil)
+		err := privateKey.DecryptPKCS1v15SessionKey(encrypt, sessionKey)
 		if err != nil {
 			b.Fatal(err)
 		}
@@ -111,7 +111,7 @@ func BenchmarkRSA_DecryptPKCS1v15SessionKey(b *testing.B) {
 
 // go test -v -bench=^BenchmarkRSA_DecryptOAEP$ -benchtime=1s rsa_test.go
 func BenchmarkRSA_DecryptOAEP(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -137,50 +137,49 @@ func BenchmarkRSA_DecryptOAEP(b *testing.B) {
 	}
 }
 
-// go test -v -bench=^BenchmarkRSA_SignPSS$ -benchtime=1s rsa_test.go
-func BenchmarkRSA_SignPSS(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+// go test -v -bench=^BenchmarkRSA_SignPKCS1v15$ -benchtime=1s rsa_test.go
+func BenchmarkRSA_SignPKCS1v15(b *testing.B) {
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
 
-	digest := hash.SHA256(rsaBenchData)
-	saltLength := 4
+	hashed := hash.SHA256(rsaBenchData)
 
 	b.ReportAllocs()
 	b.ResetTimer()
 
 	for i := 0; i < b.N; i++ {
-		_, err := privateKey.SignPSS(digest, saltLength)
+		_, err := privateKey.SignPKCS1v15(hashed)
 		if err != nil {
 			b.Fatal(err)
 		}
 	}
 }
 
-// go test -v -bench=^BenchmarkRSA_SignPKCS1v15$ -benchtime=1s rsa_test.go
-func BenchmarkRSA_SignPKCS1v15(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+// go test -v -bench=^BenchmarkRSA_SignPSS$ -benchtime=1s rsa_test.go
+func BenchmarkRSA_SignPSS(b *testing.B) {
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
 
-	hashed := hash.SHA256(rsaBenchData)
+	digest := hash.SHA256(rsaBenchData)
 
 	b.ReportAllocs()
 	b.ResetTimer()
 
 	for i := 0; i < b.N; i++ {
-		_, err := privateKey.SignPKCS1v15(hashed)
+		_, err := privateKey.SignPSS(digest)
 		if err != nil {
 			b.Fatal(err)
 		}
 	}
 }
 
-// go test -v -bench=^BenchmarkRSA_VerifyPSS$ -benchtime=1s rsa_test.go
-func BenchmarkRSA_VerifyPSS(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+// go test -v -bench=^BenchmarkRSA_VerifyPKCS1v15$ -benchtime=1s rsa_test.go
+func BenchmarkRSA_VerifyPKCS1v15(b *testing.B) {
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -190,10 +189,9 @@ func BenchmarkRSA_VerifyPSS(b *testing.B) {
 		b.Fatal(err)
 	}
 
-	digest := hash.SHA256(rsaBenchData)
-	saltLength := 4
+	hashed := hash.SHA256(rsaBenchData)
 
-	sign, err := privateKey.SignPSS(digest, saltLength)
+	sign, err := privateKey.SignPKCS1v15(hashed)
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -202,16 +200,16 @@ func BenchmarkRSA_VerifyPSS(b *testing.B) {
 	b.ResetTimer()
 
 	for i := 0; i < b.N; i++ {
-		err = publicKey.VerifyPSS(digest, sign, saltLength)
+		err = publicKey.VerifyPKCS1v15(hashed, sign)
 		if err != nil {
 			b.Fatal(err)
 		}
 	}
 }
 
-// go test -v -bench=^BenchmarkRSA_VerifyPKCS1v15$ -benchtime=1s rsa_test.go
-func BenchmarkRSA_VerifyPKCS1v15(b *testing.B) {
-	privateKey, err := rsa.LoadPublicKey("rsa.key")
+// go test -v -bench=^BenchmarkRSA_VerifyPSS$ -benchtime=1s rsa_test.go
+func BenchmarkRSA_VerifyPSS(b *testing.B) {
+	privateKey, err := rsa.LoadPrivateKey("rsa.key")
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -221,9 +219,9 @@ func BenchmarkRSA_VerifyPKCS1v15(b *testing.B) {
 		b.Fatal(err)
 	}
 
-	hashed := hash.SHA256(rsaBenchData)
+	digest := hash.SHA256(rsaBenchData)
 
-	sign, err := privateKey.SignPKCS1v15(hashed)
+	sign, err := privateKey.SignPSS(digest)
 	if err != nil {
 		b.Fatal(err)
 	}
@@ -232,7 +230,7 @@ func BenchmarkRSA_VerifyPKCS1v15(b *testing.B) {
 	b.ResetTimer()
 
 	for i := 0; i < b.N; i++ {
-		err = publicKey.VerifyPKCS1v15(hashed, sign)
+		err = publicKey.VerifyPSS(digest, sign)
 		if err != nil {
 			b.Fatal(err)
 		}

_examples/rsa.go

@@ -86,6 +86,7 @@ type Config struct {
 	random     io.Reader
 	hash       hash.Hash
 	cryptoHash crypto.Hash
+	saltLength int
 }
 
 func newConfig() *Config {
@@ -94,6 +95,7 @@ func newConfig() *Config {
 		random:     rand.Reader,
 		hash:       sha256.New(),
 		cryptoHash: crypto.SHA256,
+		saltLength: rsa.PSSSaltLengthAuto,
 	}
 
 	return conf
@@ -143,3 +145,10 @@ func WithCryptoHash(hash crypto.Hash) Option {
 		conf.cryptoHash = hash
 	}
 }
+
+// WithSalt sets salt length to config.
+func WithSalt(saltLength int) Option {
+	return func(conf *Config) {
+		conf.saltLength = saltLength
+	}
+}

_examples/rsa_test.go

@@ -62,12 +62,14 @@ func TestKeyConfig(t *testing.T) {
 // go test -v -cover -run=^TestConfig$
 func TestConfig(t *testing.T) {
 	hash := sha256.New()
+	saltLength := 32
 
 	opts := []Option{
 		WithHex(),
 		WithRandom(rand.Reader),
 		WithHash(hash),
 		WithCryptoHash(crypto.SHA256),
+		WithSalt(saltLength),
 	}
 
 	conf := newConfig().Apply(opts...)
@@ -99,6 +101,10 @@ func TestConfig(t *testing.T) {
 	}
 
 	if conf.cryptoHash != crypto.SHA256 {
-		t.Fatalf("conf.cryptoHash %d != crypto.SHA256 %d", conf.cryptoHash, crypto.SHA256)
+		t.Fatalf("got %d != expect %d", conf.cryptoHash, crypto.SHA256)
+	}
+
+	if conf.saltLength != saltLength {
+		t.Fatalf("got %d != expect %d", conf.saltLength, saltLength)
 	}
 }

_icons/coverage.svg

@@ -6,6 +6,7 @@ package rsa
 
 import (
 	"crypto/rsa"
+	"fmt"
 )
 
 type PrivateKey struct {
@@ -62,9 +63,14 @@ func (pk PrivateKey) SignPKCS1v15(hashed []byte, opts ...Option) ([]byte, error)
 }
 
 // SignPSS signs digest with pss.
-func (pk PrivateKey) SignPSS(digest []byte, saltLength int, opts ...Option) ([]byte, error) {
+func (pk PrivateKey) SignPSS(digest []byte, opts ...Option) ([]byte, error) {
 	conf := newConfig().Apply(opts...)
-	pssOpts := &rsa.PSSOptions{Hash: conf.cryptoHash, SaltLength: saltLength}
+
+	if !conf.cryptoHash.Available() {
+		return nil, fmt.Errorf("cryptox/rsa: crypto hash %+v isn't available", conf.cryptoHash)
+	}
+
+	pssOpts := &rsa.PSSOptions{Hash: conf.cryptoHash, SaltLength: conf.saltLength}
 
 	sign, err := rsa.SignPSS(conf.random, pk.key, conf.cryptoHash, digest, pssOpts)
 	if err != nil {

rsa/options.go

@@ -158,34 +158,34 @@ func TestSignVerifyPSS(t *testing.T) {
 		digest := sum[:]
 
 		// None
-		sign, err := privateKey.SignPSS(digest, 0)
+		sign, err := privateKey.SignPSS(digest)
 		if err != nil {
 			t.Fatal(err)
 		}
 
-		err = publicKey.VerifyPSS(digest, sign, 0)
+		err = publicKey.VerifyPSS(digest, sign)
 		if err != nil {
 			t.Fatal(err)
 		}
 
 		// Hex
-		sign, err = privateKey.SignPSS(digest, 0, WithHex())
+		sign, err = privateKey.SignPSS(digest, WithHex())
 		if err != nil {
 			t.Fatal(err)
 		}
 
-		err = publicKey.VerifyPSS(digest, sign, 0, WithHex())
+		err = publicKey.VerifyPSS(digest, sign, WithHex())
 		if err != nil {
 			t.Fatal(err)
 		}
 
 		// Base64
-		sign, err = privateKey.SignPSS(digest, 0, WithBase64())
+		sign, err = privateKey.SignPSS(digest, WithBase64())
 		if err != nil {
 			t.Fatal(err)
 		}
 
-		err = publicKey.VerifyPSS(digest, sign, 0, WithBase64())
+		err = publicKey.VerifyPSS(digest, sign, WithBase64())
 		if err != nil {
 			t.Fatal(err)
 		}