The RSA public-key cryptosystem. More...

#include "config.h"
#include "bignum.h"
#include "md.h"

Include dependency graph for rsa.h:

This graph shows which files directly or indirectly include this file:

Data Structures
struct	rsa_context
	RSA context structure. More...

Macros
#define	POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080
	Bad input parameters to function.

#define	POLARSSL_ERR_RSA_INVALID_PADDING -0x4100
	Input data contains invalid padding and is rejected.

#define	POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180
	Something failed during generation of a key.

#define	POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200
	Key failed to pass the libraries validity check.

#define	POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280
	The public key operation failed.

#define	POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300
	The private key operation failed.

#define	POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380
	The PKCS#1 verification failed.

#define	POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
	The output buffer for decryption is not large enough.

#define	POLARSSL_ERR_RSA_RNG_FAILED -0x4480
	The random generator failed to generate non-zeros.

#define	RSA_PUBLIC 0

#define	RSA_PRIVATE 1

#define	RSA_PKCS_V15 0

#define	RSA_PKCS_V21 1

#define	RSA_SIGN 1

#define	RSA_CRYPT 2

#define	RSA_SALT_LEN_ANY -1

Functions
void	rsa_init (rsa_context *ctx, int padding, int hash_id)
	Initialize an RSA context.

void	rsa_set_padding (rsa_context *ctx, int padding, int hash_id)
	Set padding for an already initialized RSA context See `rsa_init()` for details.

int	rsa_gen_key (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void *p_rng, unsigned int nbits, int exponent)
	Generate an RSA keypair.

int	rsa_check_pubkey (const rsa_context *ctx)
	Check a public RSA key.

int	rsa_check_privkey (const rsa_context *ctx)
	Check a private RSA key.

int	rsa_public (rsa_context ctx, const unsigned char input, unsigned char *output)
	Do an RSA public key operation.

int	rsa_private (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, const unsigned char input, unsigned char *output)
	Do an RSA private key operation.

int	rsa_pkcs1_encrypt (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t ilen, const unsigned char input, unsigned char *output)
	Generic wrapper to perform a PKCS#1 encryption using the mode from the context.

int	rsa_rsaes_pkcs1_v15_encrypt (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t ilen, const unsigned char input, unsigned char *output)
	Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)

int	rsa_rsaes_oaep_encrypt (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, const unsigned char label, size_t label_len, size_t ilen, const unsigned char input, unsigned char output)
	Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)

int	rsa_pkcs1_decrypt (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t olen, const unsigned char input, unsigned char output, size_t output_max_len)
	Generic wrapper to perform a PKCS#1 decryption using the mode from the context.

int	rsa_rsaes_pkcs1_v15_decrypt (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, size_t olen, const unsigned char input, unsigned char output, size_t output_max_len)
	Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)

int	rsa_rsaes_oaep_decrypt (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, const unsigned char label, size_t label_len, size_t olen, const unsigned char input, unsigned char *output, size_t output_max_len)
	Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)

int	rsa_pkcs1_sign (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Generic wrapper to perform a PKCS#1 signature using the mode from the context.

int	rsa_rsassa_pkcs1_v15_sign (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)

int	rsa_rsassa_pss_sign (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)

int	rsa_pkcs1_verify (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Generic wrapper to perform a PKCS#1 verification using the mode from the context.

int	rsa_rsassa_pkcs1_v15_verify (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)

int	rsa_rsassa_pss_verify (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, const unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.)

int	rsa_rsassa_pss_verify_ext (rsa_context ctx, int(f_rng)(void , unsigned char , size_t), void p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char hash, md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig)
	Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.)

int	rsa_copy (rsa_context dst, const rsa_context src)
	Copy the components of an RSA context.

void	rsa_free (rsa_context *ctx)
	Free the components of an RSA key.

int	rsa_self_test (int verbose)
	Checkup routine.

Detailed Description

The RSA public-key cryptosystem.

This file is part of PolarSSL (http://www.polarssl.org) Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file rsa.h.

Macro Definition Documentation

◆ POLARSSL_ERR_RSA_BAD_INPUT_DATA

#define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080

Bad input parameters to function.

Definition at line 46 of file rsa.h.

◆ POLARSSL_ERR_RSA_INVALID_PADDING

#define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100

Input data contains invalid padding and is rejected.

Definition at line 47 of file rsa.h.

◆ POLARSSL_ERR_RSA_KEY_CHECK_FAILED

#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200

Key failed to pass the libraries validity check.

Definition at line 49 of file rsa.h.

◆ POLARSSL_ERR_RSA_KEY_GEN_FAILED

#define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180

Something failed during generation of a key.

Definition at line 48 of file rsa.h.

◆ POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE

#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400

The output buffer for decryption is not large enough.

Definition at line 53 of file rsa.h.

◆ POLARSSL_ERR_RSA_PRIVATE_FAILED

#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300

The private key operation failed.

Definition at line 51 of file rsa.h.

◆ POLARSSL_ERR_RSA_PUBLIC_FAILED

#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280

The public key operation failed.

Definition at line 50 of file rsa.h.

◆ POLARSSL_ERR_RSA_RNG_FAILED

#define POLARSSL_ERR_RSA_RNG_FAILED -0x4480

The random generator failed to generate non-zeros.

Definition at line 54 of file rsa.h.

◆ POLARSSL_ERR_RSA_VERIFY_FAILED

#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380

The PKCS#1 verification failed.

Definition at line 52 of file rsa.h.

◆ RSA_CRYPT

#define RSA_CRYPT 2

Definition at line 66 of file rsa.h.

◆ RSA_PKCS_V15

#define RSA_PKCS_V15 0

Definition at line 62 of file rsa.h.

◆ RSA_PKCS_V21

#define RSA_PKCS_V21 1

Definition at line 63 of file rsa.h.

◆ RSA_PRIVATE

#define RSA_PRIVATE 1

Definition at line 60 of file rsa.h.

Referenced by RSA_private_decrypt(), and RSA_private_encrypt().

◆ RSA_PUBLIC

#define RSA_PUBLIC 0

Definition at line 59 of file rsa.h.

Referenced by RSA_public_decrypt(), and RSA_public_encrypt().

◆ RSA_SALT_LEN_ANY

#define RSA_SALT_LEN_ANY -1

Definition at line 68 of file rsa.h.

◆ RSA_SIGN

#define RSA_SIGN 1

Definition at line 65 of file rsa.h.

Function Documentation

◆ rsa_check_privkey()

int rsa_check_privkey ( const rsa_context * ctx )

Check a private RSA key.

Parameters

ctx	RSA context to be checked

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

◆ rsa_check_pubkey()

int rsa_check_pubkey ( const rsa_context * ctx )

Check a public RSA key.

Parameters

ctx	RSA context to be checked

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

◆ rsa_copy()

int rsa_copy	(	rsa_context *	dst,
		const rsa_context *	src )

Copy the components of an RSA context.

Parameters

dst	Destination context
src	Source context

Returns: O on success, POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure

Referenced by x509_write_key_der(), x509_write_pubkey_der(), x509parse_key(), x509parse_keyfile(), x509parse_public_key(), and x509parse_public_keyfile().

◆ rsa_free()

void rsa_free ( rsa_context * ctx )

Free the components of an RSA key.

Parameters

ctx	RSA Context to free

Referenced by x509parse_key(), x509parse_keyfile(), x509parse_public_key(), and x509parse_public_keyfile().

◆ rsa_gen_key()

int rsa_gen_key	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		unsigned int	nbits,
		int	exponent )

Generate an RSA keypair.

Parameters

ctx	RSA context that will hold the key
f_rng	RNG function
p_rng	RNG parameter
nbits	size of the public key in bits
exponent	public exponent (e.g., 65537)

Note: rsa_init() must be called beforehand to setup the RSA context.

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

◆ rsa_init()

void rsa_init	(	rsa_context *	ctx,
		int	padding,
		int	hash_id )

Initialize an RSA context.

           Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP
           encryption scheme and the RSASSA-PSS signature scheme.

Parameters

ctx	RSA context to be initialized
padding	RSA_PKCS_V15 or RSA_PKCS_V21
hash_id	RSA_PKCS_V21 hash identifier

Note: The hash_id parameter is actually ignored when using RSA_PKCS_V15 padding.; Choice of padding mode is strictly enforced for private key operations, since there might be security concerns in mixing padding modes. For public key operations it's merely a default value, which can be overriden by calling specific rsa_rsaes_xxx or rsa_rsassa_xxx functions.; The chosen hash is always used for OEAP encryption. For PSS signatures, it's always used for making signatures, but can be overriden (and always is, if set to POLARSSL_MD_NONE) for verifying them.

◆ rsa_pkcs1_decrypt()

int rsa_pkcs1_decrypt	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len )

Generic wrapper to perform a PKCS#1 decryption using the mode from the context.

Do an RSA operation, then remove the message padding

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Referenced by RSA_private_decrypt(), and RSA_public_decrypt().

◆ rsa_pkcs1_encrypt()

int rsa_pkcs1_encrypt	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output )

Generic wrapper to perform a PKCS#1 encryption using the mode from the context.

Add the message padding, then do an RSA operation.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and PKCS#1 v2.1 encoding and RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Referenced by RSA_private_encrypt(), and RSA_public_encrypt().

◆ rsa_pkcs1_sign()

int rsa_pkcs1_sign	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig )

Generic wrapper to perform a PKCS#1 signature using the mode from the context.

Do a private RSA operation to sign a message digest

Parameters

ctx	RSA context
f_rng	RNG function (Needed for PKCS#1 v2.1 encoding and for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; In case of PKCS#1 v2.1 encoding, see comments on; rsa_rsassa_pss_sign() for details on md_alg and hash_id.

◆ rsa_pkcs1_verify()

int rsa_pkcs1_verify	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig )

Generic wrapper to perform a PKCS#1 verification using the mode from the context.

Do a public RSA operation and check the message digest

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; In case of PKCS#1 v2.1 encoding, see comments on rsa_rsassa_pss_verify() about md_alg and hash_id.

◆ rsa_private()

int rsa_private	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		const unsigned char *	input,
		unsigned char *	output )

Do an RSA private key operation.

Parameters

ctx	RSA context
f_rng	RNG function (Needed for blinding)
p_rng	RNG parameter
input	input buffer
output	output buffer

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

◆ rsa_public()

int rsa_public	(	rsa_context *	ctx,
		const unsigned char *	input,
		unsigned char *	output )

Do an RSA public key operation.

Parameters

ctx	RSA context
input	input buffer
output	output buffer

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: This function does NOT take care of message padding. Also, be sure to set input[0] = 0 or assure that input is smaller than N.; The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).

◆ rsa_rsaes_oaep_decrypt()

int rsa_rsaes_oaep_decrypt	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		const unsigned char *	label,
		size_t	label_len,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len )

Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
label	buffer holding the custom label to use
label_len	contains the label length
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

◆ rsa_rsaes_oaep_encrypt()

int rsa_rsaes_oaep_encrypt	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		const unsigned char *	label,
		size_t	label_len,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output )

Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and PKCS#1 v2.1 encoding and RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
label	buffer holding the custom label to use
label_len	contains the label length
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

◆ rsa_rsaes_pkcs1_v15_decrypt()

int rsa_rsaes_pkcs1_v15_decrypt	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		size_t *	olen,
		const unsigned char *	input,
		unsigned char *	output,
		size_t	output_max_len )

Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
olen	will contain the plaintext length
input	buffer holding the encrypted data
output	buffer that will hold the plaintext
output_max_len	maximum length of the output buffer

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

◆ rsa_rsaes_pkcs1_v15_encrypt()

int rsa_rsaes_pkcs1_v15_encrypt	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		size_t	ilen,
		const unsigned char *	input,
		unsigned char *	output )

Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for padding and RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
ilen	contains the plaintext length
input	buffer holding the data to be encrypted
output	buffer that will hold the ciphertext

Returns: 0 if successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

◆ rsa_rsassa_pkcs1_v15_sign()

int rsa_rsassa_pkcs1_v15_sign	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig )

Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)

Parameters

ctx	RSA context
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

◆ rsa_rsassa_pkcs1_v15_verify()

int rsa_rsassa_pkcs1_v15_verify	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig )

Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

◆ rsa_rsassa_pss_sign()

int rsa_rsassa_pss_sign	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		unsigned char *	sig )

Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)

Parameters

ctx	RSA context
f_rng	RNG function (Needed for PKCS#1 v2.1 encoding and for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
sig	buffer that will hold the ciphertext

Returns: 0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is the one used for the encoding. md_alg in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same.

◆ rsa_rsassa_pss_verify()

int rsa_rsassa_pss_verify	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		const unsigned char *	sig )

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is the one used for the verification. md_alg in the function call is the type of hash that is verified. According to RFC 3447 it is advised to keep both hashes the same. If hash_id in the RSA context is unset, the md_alg from the function call is used.

◆ rsa_rsassa_pss_verify_ext()

int rsa_rsassa_pss_verify_ext	(	rsa_context *	ctx,
		int(*	f_rng )(void , unsigned char , size_t),
		void *	p_rng,
		int	mode,
		md_type_t	md_alg,
		unsigned int	hashlen,
		const unsigned char *	hash,
		md_type_t	mgf1_hash_id,
		int	expected_salt_len,
		const unsigned char *	sig )

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.)

Parameters

ctx	points to an RSA public key
f_rng	RNG function (Only needed for RSA_PRIVATE)
p_rng	RNG parameter
mode	RSA_PUBLIC or RSA_PRIVATE
md_alg	a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlen	message digest length (for POLARSSL_MD_NONE only)
hash	buffer holding the message digest
mgf1_hash_id	message digest used for mask generation
expected_salt_len	Length of the salt used in padding, use RSA_SALT_LEN_ANY to accept any salt length
sig	buffer holding the ciphertext

Returns: 0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code

Note: The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).; The hash_id in the RSA context is ignored.

◆ rsa_self_test()

int rsa_self_test ( int verbose )

Checkup routine.

Returns: 0 if successful, or 1 if the test failed

◆ rsa_set_padding()

void rsa_set_padding	(	rsa_context *	ctx,
		int	padding,
		int	hash_id )

Set padding for an already initialized RSA context See rsa_init() for details.

Parameters

ctx	RSA context to be set
padding	RSA_PKCS_V15 or RSA_PKCS_V21
hash_id	RSA_PKCS_V21 hash identifier

Data Structures

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ POLARSSL_ERR_RSA_BAD_INPUT_DATA

◆ POLARSSL_ERR_RSA_INVALID_PADDING

◆ POLARSSL_ERR_RSA_KEY_CHECK_FAILED

◆ POLARSSL_ERR_RSA_KEY_GEN_FAILED

◆ POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE

◆ POLARSSL_ERR_RSA_PRIVATE_FAILED

◆ POLARSSL_ERR_RSA_PUBLIC_FAILED

◆ POLARSSL_ERR_RSA_RNG_FAILED

◆ POLARSSL_ERR_RSA_VERIFY_FAILED

◆ RSA_CRYPT

◆ RSA_PKCS_V15

◆ RSA_PKCS_V21

◆ RSA_PRIVATE

◆ RSA_PUBLIC

◆ RSA_SALT_LEN_ANY

◆ RSA_SIGN

Function Documentation

◆ rsa_check_privkey()

◆ rsa_check_pubkey()

◆ rsa_copy()

◆ rsa_free()

◆ rsa_gen_key()

◆ rsa_init()

◆ rsa_pkcs1_decrypt()

◆ rsa_pkcs1_encrypt()

◆ rsa_pkcs1_sign()

◆ rsa_pkcs1_verify()

◆ rsa_private()

◆ rsa_public()

◆ rsa_rsaes_oaep_decrypt()

◆ rsa_rsaes_oaep_encrypt()

◆ rsa_rsaes_pkcs1_v15_decrypt()

◆ rsa_rsaes_pkcs1_v15_encrypt()

◆ rsa_rsassa_pkcs1_v15_sign()

◆ rsa_rsassa_pkcs1_v15_verify()

◆ rsa_rsassa_pss_sign()

◆ rsa_rsassa_pss_verify()

◆ rsa_rsassa_pss_verify_ext()

◆ rsa_self_test()

◆ rsa_set_padding()