rsa::oaep

Struct Oaep

pub struct Oaep<D, MGD = D> {
    pub digest: D,
    pub mgf_digest: MGD,
    pub label: Option<Box<[u8]>>,
}

Expand description

Encryption and Decryption using OAEP padding.

digest is used to hash the label. The maximum possible plaintext length is m = k - 2 * h_len - 2, where k is the size of the RSA modulus.
mgf_digest specifies the hash function that is used in the MGF1.
label is optional data that can be associated with the message.

The two hash functions can, but don’t need to be the same.

A prominent example is the AndroidKeyStore. It uses SHA-1 for mgf_digest and a user-chosen SHA flavour for digest.

Fields§

§digest: D

Digest type to use.

§mgf_digest: MGD

Digest to use for Mask Generation Function (MGF).

§label: Option<Box<[u8]>>

Optional label.

Implementations§

Source §

impl<D> Oaep<D>
where D: Digest + FixedOutputReset,

Source

pub fn new() -> Self

Create a new OAEP PaddingScheme, using T as the hash function for both the default (empty) label and for MGF1.

§Example

use sha1::Sha1;
use sha2::Sha256;
use rsa::{RsaPublicKey, Oaep};
use base64ct::{Base64, Encoding};
use crypto_bigint::BoxedUint;

let n_bytes = Base64::decode_vec("seAOhmYFAjH6NOaB54dboqw86uPXV/oK9ayJGV4mVClbvsDBJmF3bVkOaVMp9ogcFJTFFSy5g2HsTZIfHyuQVUJADb+BeRnkYrYhRvNJOKj2pcDbkxYe9XGMx8pIvxkDFnIpusb3gUsuzMUAU5qIstjwQKzuD51c6uJi0HAtQkr6Wmlt34SX7xkD/MfRuTu9uqmHmkiiJaCDHB2reYTPguetSWfuvp1qBJDNgSsp7BjwYANWldyrmZ8cLXEXYMUG5vtsWMxUzl8ertEr6kbnGM0OJghNuEtittW/dfTPvk683R1jj0hNaMzvHK8xYldUlLuwmWCYIIvpHBaA/w+FwQ==").unwrap();
let e_bytes = Base64::decode_vec("AQAB").unwrap();
let n = BoxedUint::from_be_slice(&n_bytes, 2048).unwrap();
let e = BoxedUint::from_be_slice(&e_bytes, 32).unwrap();

let mut rng = rand::rng();
let key = RsaPublicKey::new(n, e).unwrap();
let padding = Oaep::<Sha256>::new();
let encrypted_data = key.encrypt(&mut rng, padding, b"secret").unwrap();

Source

pub fn new_with_label<S: Into<Box<[u8]>>>(label: S) -> Self

Create a new OAEP PaddingScheme with an associated label, using T as the hash function for both the label and for MGF1.

Source §

impl<D, MGD> Oaep<D, MGD>
where D: Digest + FixedOutputReset, MGD: Digest + FixedOutputReset,

Source

pub fn new_with_mgf_hash() -> Self

Create a new OAEP PaddingScheme, using T as the hash function for the default (empty) label, and U as the hash function for MGF1. If a label is needed use PaddingScheme::new_oaep_with_label or PaddingScheme::new_oaep_with_mgf_hash_with_label.

§Example

use sha1::Sha1;
use sha2::Sha256;
use rsa::{RsaPublicKey, Oaep};
use base64ct::{Base64, Encoding};
use crypto_bigint::BoxedUint;

let n_bytes = Base64::decode_vec("seAOhmYFAjH6NOaB54dboqw86uPXV/oK9ayJGV4mVClbvsDBJmF3bVkOaVMp9ogcFJTFFSy5g2HsTZIfHyuQVUJADb+BeRnkYrYhRvNJOKj2pcDbkxYe9XGMx8pIvxkDFnIpusb3gUsuzMUAU5qIstjwQKzuD51c6uJi0HAtQkr6Wmlt34SX7xkD/MfRuTu9uqmHmkiiJaCDHB2reYTPguetSWfuvp1qBJDNgSsp7BjwYANWldyrmZ8cLXEXYMUG5vtsWMxUzl8ertEr6kbnGM0OJghNuEtittW/dfTPvk683R1jj0hNaMzvHK8xYldUlLuwmWCYIIvpHBaA/w+FwQ==").unwrap();
let e_bytes = Base64::decode_vec("AQAB").unwrap();
let n = BoxedUint::from_be_slice(&n_bytes, 2048).unwrap();
let e = BoxedUint::from_be_slice(&e_bytes, 32).unwrap();

let mut rng = rand::rng();
let key = RsaPublicKey::new(n, e).unwrap();
let padding = Oaep::<Sha256, Sha1>::new_with_mgf_hash();
let encrypted_data = key.encrypt(&mut rng, padding, b"secret").unwrap();