rsa.h
Provides RSA implementation for between 1024 and 2048 bit keys, including encryption and signature verification. \par Reference: RFC 8017.
- Author
jacobly (modexp)
- Author
Anthony Cagliano
Functions
-
bool tls_rsa_encode_oaep(const uint8_t *inbuf, size_t in_len, uint8_t *outbuf, size_t modulus_len, const char *auth, uint8_t hash_alg)
-
size_t tls_rsa_decode_oaep(const uint8_t *inbuf, size_t in_len, uint8_t *outbuf, const char *auth, uint8_t hash_alg)
-
bool tls_rsa_encrypt(const uint8_t *inbuf, size_t in_len, uint8_t *outbuf, const uint8_t *pubkey, size_t keylen, uint8_t hash_alg)
-
bool tls_rsa_decrypt_signature(const uint8_t *signature, size_t signature_len, uint8_t *outbuf, const uint8_t *pubkey, size_t keylen)
-
bool tls_rsa_pss_verify(const uint8_t *encoded_msg, size_t em_len, const uint8_t *mhash, size_t mhash_len, uint8_t hash_alg)
Verify RSA-PSS padding on an already-decrypted signature.
This function verifies that the encoded message (EM) matches the expected PSS padding structure for the given message hash. It does NOT perform RSA modular exponentiation - the caller must decrypt the signature first.
Uses only fixed-size local scratch buffers. em_bits is derived internally as (em_len * 8) - 1.
- Parameters:
encoded_msg – The decrypted signature (EM), big-endian, emLen bytes
em_len – Length of encoded message in bytes (same as modulus length)
mhash – Hash of the message being verified
mhash_len – Length of mhash (must equal hash digest length)
hash_alg – Hash algorithm ID (TLS_HASH_SHA256, etc.)
- Returns:
true if PSS padding is valid, false otherwise
Variables
-
uint8_t __rsa_transient[RSA_TRANSIENT_SIZE]