mbed TLS v1.3.14
Data Structures | Macros | Functions
rsa.h File Reference

The RSA public-key cryptosystem. More...

#include "config.h"
#include "bignum.h"
#include "md.h"
Include dependency graph for rsa.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  rsa_context
 RSA context structure. More...
 

Macros

#define POLARSSL_ERR_RSA_BAD_INPUT_DATA   -0x4080
 Bad input parameters to function. More...
 
#define POLARSSL_ERR_RSA_INVALID_PADDING   -0x4100
 Input data contains invalid padding and is rejected. More...
 
#define POLARSSL_ERR_RSA_KEY_GEN_FAILED   -0x4180
 Something failed during generation of a key. More...
 
#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED   -0x4200
 Key failed to pass the library's validity check. More...
 
#define POLARSSL_ERR_RSA_PUBLIC_FAILED   -0x4280
 The public key operation failed. More...
 
#define POLARSSL_ERR_RSA_PRIVATE_FAILED   -0x4300
 The private key operation failed. More...
 
#define POLARSSL_ERR_RSA_VERIFY_FAILED   -0x4380
 The PKCS#1 verification failed. More...
 
#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE   -0x4400
 The output buffer for decryption is not large enough. More...
 
#define POLARSSL_ERR_RSA_RNG_FAILED   -0x4480
 The random generator failed to generate non-zeros. More...
 
#define RSA_PUBLIC   0
 
#define RSA_PRIVATE   1
 
#define RSA_PKCS_V15   0
 
#define RSA_PKCS_V21   1
 
#define RSA_SIGN   1
 
#define RSA_CRYPT   2
 
#define RSA_SALT_LEN_ANY   -1
 

Functions

void rsa_init (rsa_context *ctx, int padding, int hash_id)
 Initialize an RSA context. More...
 
void rsa_set_padding (rsa_context *ctx, int padding, int hash_id)
 Set padding for an already initialized RSA context See rsa_init() for details. More...
 
int rsa_gen_key (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, unsigned int nbits, int exponent)
 Generate an RSA keypair. More...
 
int rsa_check_pubkey (const rsa_context *ctx)
 Check a public RSA key. More...
 
int rsa_check_privkey (const rsa_context *ctx)
 Check a private RSA key. More...
 
int rsa_check_pub_priv (const rsa_context *pub, const rsa_context *prv)
 Check a public-private RSA key pair. More...
 
int rsa_public (rsa_context *ctx, const unsigned char *input, unsigned char *output)
 Do an RSA public key operation (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_private (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, const unsigned char *input, unsigned char *output)
 Do an RSA private key operation (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_pkcs1_encrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
 Generic wrapper to perform a PKCS#1 encryption using the mode from the context. More...
 
int rsa_rsaes_pkcs1_v15_encrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t ilen, const unsigned char *input, unsigned char *output)
 Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_rsaes_oaep_encrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t ilen, const unsigned char *input, unsigned char *output)
 Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_pkcs1_decrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Generic wrapper to perform a PKCS#1 decryption using the mode from the context. More...
 
int rsa_rsaes_pkcs1_v15_decrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_rsaes_oaep_decrypt (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len)
 Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_pkcs1_sign (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Generic wrapper to perform a PKCS#1 signature using the mode from the context. More...
 
int rsa_rsassa_pkcs1_v15_sign (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) More...
 
int rsa_rsassa_pss_sign (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig)
 Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_pkcs1_verify (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
 Generic wrapper to perform a PKCS#1 verification using the mode from the context. More...
 
int rsa_rsassa_pkcs1_v15_verify (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
 Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_rsassa_pss_verify (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, const unsigned char *sig)
 Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_rsassa_pss_verify_ext (rsa_context *ctx, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode, md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, md_type_t mgf1_hash_id, int expected_salt_len, const unsigned char *sig)
 Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.) (Thread-safe if POLARSSL_THREADING_C is enabled) More...
 
int rsa_copy (rsa_context *dst, const rsa_context *src)
 Copy the components of an RSA context. More...
 
void rsa_free (rsa_context *ctx)
 Free the components of an RSA key. More...
 
int rsa_self_test (int verbose)
 Checkup routine. More...
 

Detailed Description

The RSA public-key cryptosystem.

Copyright (C) 2006-2014, ARM Limited, All Rights Reserved

This file is part of mbed TLS (https://tls.mbed.org)

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file rsa.h.

Macro Definition Documentation

#define POLARSSL_ERR_RSA_BAD_INPUT_DATA   -0x4080

Bad input parameters to function.

Definition at line 43 of file rsa.h.

#define POLARSSL_ERR_RSA_INVALID_PADDING   -0x4100

Input data contains invalid padding and is rejected.

Definition at line 44 of file rsa.h.

#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED   -0x4200

Key failed to pass the library's validity check.

Definition at line 46 of file rsa.h.

#define POLARSSL_ERR_RSA_KEY_GEN_FAILED   -0x4180

Something failed during generation of a key.

Definition at line 45 of file rsa.h.

#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE   -0x4400

The output buffer for decryption is not large enough.

Definition at line 50 of file rsa.h.

#define POLARSSL_ERR_RSA_PRIVATE_FAILED   -0x4300

The private key operation failed.

Definition at line 48 of file rsa.h.

#define POLARSSL_ERR_RSA_PUBLIC_FAILED   -0x4280

The public key operation failed.

Definition at line 47 of file rsa.h.

#define POLARSSL_ERR_RSA_RNG_FAILED   -0x4480

The random generator failed to generate non-zeros.

Definition at line 51 of file rsa.h.

#define POLARSSL_ERR_RSA_VERIFY_FAILED   -0x4380

The PKCS#1 verification failed.

Definition at line 49 of file rsa.h.

#define RSA_CRYPT   2

Definition at line 63 of file rsa.h.

#define RSA_PKCS_V15   0

Definition at line 59 of file rsa.h.

#define RSA_PKCS_V21   1

Definition at line 60 of file rsa.h.

#define RSA_PRIVATE   1

Definition at line 57 of file rsa.h.

Referenced by RSA_private_decrypt(), and RSA_private_encrypt().

#define RSA_PUBLIC   0

Definition at line 56 of file rsa.h.

Referenced by RSA_public_decrypt(), and RSA_public_encrypt().

#define RSA_SALT_LEN_ANY   -1

Definition at line 65 of file rsa.h.

#define RSA_SIGN   1

Definition at line 62 of file rsa.h.

Function Documentation

int rsa_check_privkey ( const rsa_context ctx)

Check a private RSA key.

Parameters
ctxRSA context to be checked
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
int rsa_check_pub_priv ( const rsa_context pub,
const rsa_context prv 
)

Check a public-private RSA key pair.

Check each of the contexts, and make sure they match.

Parameters
pubRSA context holding the public key
prvRSA context holding the private key
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
int rsa_check_pubkey ( const rsa_context ctx)

Check a public RSA key.

Parameters
ctxRSA context to be checked
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
int rsa_copy ( rsa_context dst,
const rsa_context src 
)

Copy the components of an RSA context.

Parameters
dstDestination context
srcSource context
Returns
O on success, POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure

Referenced by x509_write_key_der(), x509_write_pubkey_der(), x509parse_key(), x509parse_keyfile(), x509parse_public_key(), and x509parse_public_keyfile().

void rsa_free ( rsa_context ctx)

Free the components of an RSA key.

Parameters
ctxRSA Context to free

Referenced by x509parse_key(), x509parse_keyfile(), x509parse_public_key(), and x509parse_public_keyfile().

int rsa_gen_key ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
unsigned int  nbits,
int  exponent 
)

Generate an RSA keypair.

Parameters
ctxRSA context that will hold the key
f_rngRNG function
p_rngRNG parameter
nbitssize of the public key in bits
exponentpublic exponent (e.g., 65537)
Note
rsa_init() must be called beforehand to setup the RSA context.
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
void rsa_init ( rsa_context ctx,
int  padding,
int  hash_id 
)

Initialize an RSA context.

Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP encryption scheme and the RSASSA-PSS signature scheme.

Parameters
ctxRSA context to be initialized
paddingRSA_PKCS_V15 or RSA_PKCS_V21
hash_idRSA_PKCS_V21 hash identifier
Note
The hash_id parameter is actually ignored when using RSA_PKCS_V15 padding.
Choice of padding mode is strictly enforced for private key operations, since there might be security concerns in mixing padding modes. For public key operations it's merely a default value, which can be overriden by calling specific rsa_rsaes_xxx or rsa_rsassa_xxx functions.
The chosen hash is always used for OEAP encryption. For PSS signatures, it's always used for making signatures, but can be overriden (and always is, if set to POLARSSL_MD_NONE) for verifying them.
int rsa_pkcs1_decrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Generic wrapper to perform a PKCS#1 decryption using the mode from the context.

Do an RSA operation, then remove the message padding (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
olenwill contain the plaintext length
inputbuffer holding the encrypted data
outputbuffer that will hold the plaintext
output_max_lenmaximum length of the output buffer
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.

Referenced by RSA_private_decrypt(), and RSA_public_decrypt().

int rsa_pkcs1_encrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t  ilen,
const unsigned char *  input,
unsigned char *  output 
)

Generic wrapper to perform a PKCS#1 encryption using the mode from the context.

Add the message padding, then do an RSA operation. (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Needed for padding and PKCS#1 v2.1 encoding and RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
ilencontains the plaintext length
inputbuffer holding the data to be encrypted
outputbuffer that will hold the ciphertext
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).

Referenced by RSA_private_encrypt(), and RSA_public_encrypt().

int rsa_pkcs1_sign ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Generic wrapper to perform a PKCS#1 signature using the mode from the context.

Do a private RSA operation to sign a message digest (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Needed for PKCS#1 v2.1 encoding and for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer that will hold the ciphertext
Returns
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
In case of PKCS#1 v2.1 encoding, see comments on
rsa_rsassa_pss_sign() for details on md_alg and hash_id.
int rsa_pkcs1_verify ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
const unsigned char *  sig 
)

Generic wrapper to perform a PKCS#1 verification using the mode from the context.

Do a public RSA operation and check the message digest (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxpoints to an RSA public key
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer holding the ciphertext
Returns
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
In case of PKCS#1 v2.1 encoding, see comments on rsa_rsassa_pss_verify() about md_alg and hash_id.
int rsa_private ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
const unsigned char *  input,
unsigned char *  output 
)

Do an RSA private key operation (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Needed for blinding)
p_rngRNG parameter
inputinput buffer
outputoutput buffer
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).
int rsa_public ( rsa_context ctx,
const unsigned char *  input,
unsigned char *  output 
)

Do an RSA public key operation (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
inputinput buffer
outputoutput buffer
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
This function does NOT take care of message padding. Also, be sure to set input[0] = 0 or assure that input is smaller than N.
The input and output buffers must be large enough (eg. 128 bytes if RSA-1024 is used).
int rsa_rsaes_oaep_decrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
const unsigned char *  label,
size_t  label_len,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
labelbuffer holding the custom label to use
label_lencontains the label length
olenwill contain the plaintext length
inputbuffer holding the encrypted data
outputbuffer that will hold the plaintext
output_max_lenmaximum length of the output buffer
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.
int rsa_rsaes_oaep_encrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
const unsigned char *  label,
size_t  label_len,
size_t  ilen,
const unsigned char *  input,
unsigned char *  output 
)

Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Needed for padding and PKCS#1 v2.1 encoding and RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
labelbuffer holding the custom label to use
label_lencontains the label length
ilencontains the plaintext length
inputbuffer holding the data to be encrypted
outputbuffer that will hold the ciphertext
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
int rsa_rsaes_pkcs1_v15_decrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t *  olen,
const unsigned char *  input,
unsigned char *  output,
size_t  output_max_len 
)

Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
olenwill contain the plaintext length
inputbuffer holding the encrypted data
outputbuffer that will hold the plaintext
output_max_lenmaximum length of the output buffer
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise an error is thrown.
int rsa_rsaes_pkcs1_v15_encrypt ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
size_t  ilen,
const unsigned char *  input,
unsigned char *  output 
)

Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Needed for padding and RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
ilencontains the plaintext length
inputbuffer holding the data to be encrypted
outputbuffer that will hold the ciphertext
Returns
0 if successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The output buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
int rsa_rsassa_pkcs1_v15_sign ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)

Parameters
ctxRSA context
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer that will hold the ciphertext
Returns
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
int rsa_rsassa_pkcs1_v15_verify ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
const unsigned char *  sig 
)

Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxpoints to an RSA public key
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer holding the ciphertext
Returns
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
int rsa_rsassa_pss_sign ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
unsigned char *  sig 
)

Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxRSA context
f_rngRNG function (Needed for PKCS#1 v2.1 encoding and for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer that will hold the ciphertext
Returns
0 if the signing operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
The hash_id in the RSA context is the one used for the encoding. md_alg in the function call is the type of hash that is encoded. According to RFC 3447 it is advised to keep both hashes the same.
int rsa_rsassa_pss_verify ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
const unsigned char *  sig 
)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the "simple" version.) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxpoints to an RSA public key
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
sigbuffer holding the ciphertext
Returns
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
The hash_id in the RSA context is the one used for the verification. md_alg in the function call is the type of hash that is verified. According to RFC 3447 it is advised to keep both hashes the same. If hash_id in the RSA context is unset, the md_alg from the function call is used.
int rsa_rsassa_pss_verify_ext ( rsa_context ctx,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng,
int  mode,
md_type_t  md_alg,
unsigned int  hashlen,
const unsigned char *  hash,
md_type_t  mgf1_hash_id,
int  expected_salt_len,
const unsigned char *  sig 
)

Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) (This is the version with "full" options.) (Thread-safe if POLARSSL_THREADING_C is enabled)

Parameters
ctxpoints to an RSA public key
f_rngRNG function (Only needed for RSA_PRIVATE)
p_rngRNG parameter
modeRSA_PUBLIC or RSA_PRIVATE
md_alga POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
hashlenmessage digest length (for POLARSSL_MD_NONE only)
hashbuffer holding the message digest
mgf1_hash_idmessage digest used for mask generation
expected_salt_lenLength of the salt used in padding, use RSA_SALT_LEN_ANY to accept any salt length
sigbuffer holding the ciphertext
Returns
0 if the verify operation was successful, or an POLARSSL_ERR_RSA_XXX error code
Note
The "sig" buffer must be as large as the size of ctx->N (eg. 128 bytes if RSA-1024 is used).
The hash_id in the RSA context is ignored.
int rsa_self_test ( int  verbose)

Checkup routine.

Returns
0 if successful, or 1 if the test failed
void rsa_set_padding ( rsa_context ctx,
int  padding,
int  hash_id 
)

Set padding for an already initialized RSA context See rsa_init() for details.

Parameters
ctxRSA context to be set
paddingRSA_PKCS_V15 or RSA_PKCS_V21
hash_idRSA_PKCS_V21 hash identifier