[−][src]Struct ring::signature::RSASigningState
State used for RSA Signing. Feature: rsa_signing
.
Performance Considerations
Every time sign
is called, some internal state is updated. Usually the
state update is relatively cheap, but the first time, and periodically, a
relatively expensive computation (computing the modular inverse of a random
number modulo the public key modulus, for blinding the RSA exponentiation)
will be done. Reusing the same RSASigningState
when generating multiple
signatures improves the computational efficiency of signing by minimizing
the frequency of the expensive computations.
RSASigningState
is not Sync
; i.e. concurrent use of an sign()
on the
same RSASigningState
from multiple threads is not allowed. An
RSASigningState
can be wrapped in a Mutex
to be shared between threads;
this would maximize the computational efficiency (as explained above) and
minimizes memory usage, but it also minimizes concurrency because all the
calls to sign()
would be serialized. To increases concurrency one could
create multiple RSASigningState
s that share the same RSAKeyPair
; the
number of RSASigningState
in use at once determines the concurrency
factor. This increases memory usage, but only by a small amount, as each
RSASigningState
is much smaller than the RSAKeyPair
that they would
share. Using multiple RSASigningState
per RSAKeyPair
may also decrease
computational efficiency by increasing the frequency of the expensive
modular inversions; managing a pool of RSASigningState
s in a
most-recently-used fashion would improve the computational efficiency.
Methods
impl RSASigningState
[src]
pub fn new(key_pair: Arc<RSAKeyPair>) -> Result<Self, Unspecified>
[src]
Construct an RSASigningState
for the given RSAKeyPair
.
pub fn key_pair(&self) -> &RSAKeyPair
[src]
The RSAKeyPair
. This can be used, for example, to access the key
pair's public key through the RSASigningState
.
pub fn sign(
&mut self,
padding_alg: &'static dyn RSAEncoding,
rng: &dyn SecureRandom,
msg: &[u8],
signature: &mut [u8]
) -> Result<(), Unspecified>
[src]
&mut self,
padding_alg: &'static dyn RSAEncoding,
rng: &dyn SecureRandom,
msg: &[u8],
signature: &mut [u8]
) -> Result<(), Unspecified>
Sign msg
. msg
is digested using the digest algorithm from
padding_alg
and the digest is then padded using the padding algorithm
from padding_alg
. The signature it written into signature
;
signature
's length must be exactly the length returned by
public_modulus_len()
. rng
is used for blinding the message during
signing, to mitigate some side-channel (e.g. timing) attacks.
Many other crypto libraries have signing functions that takes a
precomputed digest as input, instead of the message to digest. This
function does not take a precomputed digest; instead, sign
calculates the digest itself.
Lots of effort has been made to make the signing operations close to constant time to protect the private key from side channel attacks. On x86-64, this is done pretty well, but not perfectly. On other platforms, it is done less perfectly. To help mitigate the current imperfections, and for defense-in-depth, base blinding is always done. Exponent blinding is not done, but it may be done in the future.
Auto Trait Implementations
impl Send for RSASigningState
impl !Sync for RSASigningState
Blanket Implementations
impl<T> From for T
[src]
impl<T, U> TryFrom for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = !
try_from
)The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> TryInto for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
try_from
)The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T, U> Into for T where
U: From<T>,
[src]
U: From<T>,
impl<T> Borrow for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,