package nocrypto

  1. Overview
  2. Docs

RSA public-key cryptography.

Keys are taken to be trusted material, and their properties are not checked.

Messages are checked not to exceed the key size, and this is signalled via exceptions.

Private-key operations are optionally protected through RSA blinding.

RSA public-key encryption

exception Insufficient_key

Raised if the key is too small to transform the given message, i.e. if the numerical interpretation of the (potentially padded) message is not smaller than the modulus.

It is additionally raised if the message is 0 and the mode does not involve padding.

type pub = {
  1. e : Z.t;
    (*

    Public exponent

    *)
  2. n : Z.t;
    (*

    Modulus

    *)
}

Public key.

Sexplib convertible.

type priv = {
  1. e : Z.t;
    (*

    Public exponent

    *)
  2. d : Z.t;
    (*

    Private exponent

    *)
  3. n : Z.t;
    (*

    Modulus

    *)
  4. p : Z.t;
    (*

    Prime factor p

    *)
  5. q : Z.t;
    (*

    Prime factor q

    *)
  6. dp : Z.t;
    (*

    d mod (p-1)

    *)
  7. dq : Z.t;
    (*

    d mod (q-1)

    *)
  8. q' : Z.t;
    (*

    q^(-1) mod p

    *)
}

Private key (two-factor version).

Sexplib convertible.

type mask = [
  1. | `No
  2. | `Yes
  3. | `Yes_with of Rng.g
]

Masking (cryptographic blinding) option.

val pub_bits : pub -> int

Bit-size of a public key.

val priv_bits : priv -> int

Bit-size of a private key.

val priv_of_primes : e:Z.t -> p:Z.t -> q:Z.t -> priv

priv_of_primes e p q creates priv from a minimal description: the public exponent and the two primes.

val pub_of_priv : priv -> pub

Extract the public component from a private key.

val encrypt : key:pub -> Cstruct.t -> Cstruct.t

encrypt key message is the encrypted message.

val decrypt : ?mask:mask -> key:priv -> Cstruct.t -> Cstruct.t

decrypt mask key ciphertext is the decrypted ciphertext, left-padded with 0x00 up to key size.

val generate : ?g:Rng.g -> ?e:Z.t -> int -> priv

generate g e bits is a new priv. e defaults to 2^16+1.

  • raises Invalid_argument

    if e is bad or bits is too small.

PKCS#1 padded modes

module PKCS1 : sig ... end

PKCS v1.5-padded operations, as defined by PKCS #1 v1.5.

module OAEP (H : Hash.S) : sig ... end

OAEP-padded encryption, as defined by PKCS #1 v2.1.

module PSS (H : Hash.S) : sig ... end

PSS-based signing, as defined by PKCS #1 v2.1.