The types do not say whether it is necessary to apply pad/unpad to
the input/output of the PKCS15 encrypt/decrypt functions. Add
comments to clarify that it is not necessary to manually pad/unpad
the message.
How to reproduce:
```
$ cabal configure -f-support_deepseq
Resolving dependencies...
Configuring cryptonite-0.23...
$ cabal build
Building cryptonite-0.23...
Preprocessing library cryptonite-0.23...
[114 of 120] Compiling Crypto.PubKey.RSA.Types ( Crypto/PubKey/RSA/Types.hs, dist/build/Crypto/PubKey/RSA/Types
Crypto/PubKey/RSA/Types.hs:48:30: error:
• No instance for (NFData Integer) arising from a use of ‘rnf’
• In the first argument of ‘seq’, namely ‘rnf n’
In the expression: rnf n `seq` rnf e `seq` sz `seq` ()
In an equation for ‘rnf’:
rnf (PublicKey sz n e) = rnf n `seq` rnf e `seq` sz `seq` ()
```
The fix is to inctoruce 'NFData Integer' instance to `Crypto/Internal/DeepSeq`.
Closes: https://github.com/haskell-crypto/cryptonite/issues/171
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
This is actually a lie: the condition is tested in both curve
implementations but not returned by the Haskell API. Will be a reminder to
add this in the future. A function 'allocRetAndFreeze' could be useful.
Other algorithms define Show instances for their secrets.
Here ScrubbedBytes will obfuscate the content anyway.
Will be useful for X509.PrivKey, which requires a Show instance.
currently sign/verify works on message directly, it would be nice if PSS could sign/verify digest directly. This is useful for:
1) for some signing server it only has a digest (without message)
2) message could be very large, for cases when client need request a singing server to sign, it may make more sense for the client to compute digest, then ask server to (PSS) sign the digest
3) openSSL pkeyutl (PSS) sign operation signs with digest only, not the message, it would be nice to work with openSSL more easily
*openSSL command line:
```shell
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -sign -inkey "pri.key" -in hmac.bin > sig.bin
openssl pkeyutl -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pkeyopt digest:sha256 -verify -inkey "pri.key" -in hmac.bin -sigfile sig.bin
```
Need to use ordinary comments instead of nested comments
because LANGUAGE pragmas were removed otherwise.
Also adds a table of contents. We may have other examples
in the future.
