rsa.c File Reference

RSA public-key cryptography standard. More...

#include "core/crypto.h"
#include "pkc/rsa.h"
#include "pkc/rsa_misc.h"
#include "debug.h"

Go to the source code of this file.

Macros

#define TRACE_LEVEL   CRYPTO_TRACE_LEVEL
 

Functions

void rsaInitPublicKey (RsaPublicKey *key)
 Initialize an RSA public key. More...
 
void rsaFreePublicKey (RsaPublicKey *key)
 Release an RSA public key. More...
 
void rsaInitPrivateKey (RsaPrivateKey *key)
 Initialize an RSA private key. More...
 
void rsaFreePrivateKey (RsaPrivateKey *key)
 Release an RSA private key. More...
 
error_t rsaGenerateKeyPair (const PrngAlgo *prngAlgo, void *prngContext, size_t k, uint_t e, RsaPrivateKey *privateKey, RsaPublicKey *publicKey)
 RSA key pair generation. More...
 
__weak_func error_t rsaGeneratePrivateKey (const PrngAlgo *prngAlgo, void *prngContext, size_t k, uint_t e, RsaPrivateKey *privateKey)
 RSA private key generation. More...
 
error_t rsaGeneratePublicKey (const RsaPrivateKey *privateKey, RsaPublicKey *publicKey)
 Derive the public key from an RSA private key. More...
 
error_t rsaesPkcs1v15Encrypt (const PrngAlgo *prngAlgo, void *prngContext, const RsaPublicKey *key, const uint8_t *message, size_t messageLen, uint8_t *ciphertext, size_t *ciphertextLen)
 RSAES-PKCS1-v1_5 encryption operation. More...
 
error_t rsaesPkcs1v15Decrypt (const RsaPrivateKey *key, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *message, size_t messageSize, size_t *messageLen)
 RSAES-PKCS1-v1_5 decryption operation. More...
 
error_t rsaesOaepEncrypt (const PrngAlgo *prngAlgo, void *prngContext, const RsaPublicKey *key, const HashAlgo *hash, const char_t *label, const uint8_t *message, size_t messageLen, uint8_t *ciphertext, size_t *ciphertextLen)
 RSAES-OAEP encryption operation. More...
 
error_t rsaesOaepDecrypt (const RsaPrivateKey *key, const HashAlgo *hash, const char_t *label, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *message, size_t messageSize, size_t *messageLen)
 RSAES-OAEP decryption operation. More...
 
error_t rsassaPkcs1v15Sign (const RsaPrivateKey *key, const HashAlgo *hash, const uint8_t *digest, uint8_t *signature, size_t *signatureLen)
 RSASSA-PKCS1-v1_5 signature generation operation. More...
 
error_t rsassaPkcs1v15Verify (const RsaPublicKey *key, const HashAlgo *hash, const uint8_t *digest, const uint8_t *signature, size_t signatureLen)
 RSASSA-PKCS1-v1_5 signature verification operation. More...
 
error_t rsassaPssSign (const PrngAlgo *prngAlgo, void *prngContext, const RsaPrivateKey *key, const HashAlgo *hash, size_t saltLen, const uint8_t *digest, uint8_t *signature, size_t *signatureLen)
 RSASSA-PSS signature generation operation. More...
 
error_t rsassaPssVerify (const RsaPublicKey *key, const HashAlgo *hash, size_t saltLen, const uint8_t *digest, const uint8_t *signature, size_t signatureLen)
 RSASSA-PSS signature verification operation. More...
 

Variables

const uint8_t PKCS1_OID [8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01}
 
const uint8_t RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01}
 
const uint8_t MD2_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02}
 
const uint8_t MD5_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04}
 
const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05}
 
const uint8_t SHA224_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E}
 
const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B}
 
const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C}
 
const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D}
 
const uint8_t SHA512_224_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0F}
 
const uint8_t SHA512_256_WITH_RSA_ENCRYPTION_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x10}
 
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID [9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0D}
 
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID [9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0E}
 
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID [9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0F}
 
const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID [9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x10}
 
const uint8_t RSASSA_PSS_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A}
 
const uint8_t RSASSA_PSS_SHAKE128_OID [8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x1E}
 
const uint8_t RSASSA_PSS_SHAKE256_OID [8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x1F}
 
const uint8_t MGF1_OID [9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08}
 

Detailed Description

RSA public-key cryptography standard.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneCRYPTO Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Description

RSA is an algorithm for public-key cryptography which is suitable for signing as well as encryption. Refer to the following RFCs for complete details:

  • RFC 2313: PKCS #1: RSA Encryption Version 1.5
  • RFC 3447: PKCS #1: RSA Cryptography Specifications Version 2.1
  • RFC 8017: PKCS #1: RSA Cryptography Specifications Version 2.2
Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.5.0

Definition in file rsa.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL   CRYPTO_TRACE_LEVEL

Definition at line 40 of file rsa.c.

Function Documentation

◆ rsaesOaepDecrypt()

error_t rsaesOaepDecrypt ( const RsaPrivateKey key,
const HashAlgo hash,
const char_t label,
const uint8_t *  ciphertext,
size_t  ciphertextLen,
uint8_t *  message,
size_t  messageSize,
size_t *  messageLen 
)

RSAES-OAEP decryption operation.

Parameters
[in]keyRecipient's RSA private key
[in]hashUnderlying hash function
[in]labelOptional label to be associated with the message
[in]ciphertextCiphertext to be decrypted
[in]ciphertextLenLength of the ciphertext to be decrypted
[out]messageOutput buffer where to store the decrypted message
[in]messageSizeSize of the output buffer
[out]messageLenLength of the decrypted message
Returns
Error code

Definition at line 774 of file rsa.c.

◆ rsaesOaepEncrypt()

error_t rsaesOaepEncrypt ( const PrngAlgo prngAlgo,
void *  prngContext,
const RsaPublicKey key,
const HashAlgo hash,
const char_t label,
const uint8_t *  message,
size_t  messageLen,
uint8_t *  ciphertext,
size_t *  ciphertextLen 
)

RSAES-OAEP encryption operation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[in]keyRecipient's RSA public key
[in]hashUnderlying hash function
[in]labelOptional label to be associated with the message
[in]messageMessage to be encrypted
[in]messageLenLength of the message to be encrypted
[out]ciphertextCiphertext resulting from the encryption operation
[out]ciphertextLenLength of the resulting ciphertext
Returns
Error code

Definition at line 668 of file rsa.c.

◆ rsaesPkcs1v15Decrypt()

error_t rsaesPkcs1v15Decrypt ( const RsaPrivateKey key,
const uint8_t *  ciphertext,
size_t  ciphertextLen,
uint8_t *  message,
size_t  messageSize,
size_t *  messageLen 
)

RSAES-PKCS1-v1_5 decryption operation.

Parameters
[in]keyRecipient's RSA private key
[in]ciphertextCiphertext to be decrypted
[in]ciphertextLenLength of the ciphertext to be decrypted
[out]messageOutput buffer where to store the decrypted message
[in]messageSizeSize of the output buffer
[out]messageLenLength of the decrypted message
Returns
Error code

Definition at line 507 of file rsa.c.

◆ rsaesPkcs1v15Encrypt()

error_t rsaesPkcs1v15Encrypt ( const PrngAlgo prngAlgo,
void *  prngContext,
const RsaPublicKey key,
const uint8_t *  message,
size_t  messageLen,
uint8_t *  ciphertext,
size_t *  ciphertextLen 
)

RSAES-PKCS1-v1_5 encryption operation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[in]keyRecipient's RSA public key
[in]messageMessage to be encrypted
[in]messageLenLength of the message to be encrypted
[out]ciphertextCiphertext resulting from the encryption operation
[out]ciphertextLenLength of the resulting ciphertext
Returns
Error code

Definition at line 409 of file rsa.c.

◆ rsaFreePrivateKey()

void rsaFreePrivateKey ( RsaPrivateKey key)

Release an RSA private key.

Parameters
[in]keyPointer to the RSA private key to free

Definition at line 148 of file rsa.c.

◆ rsaFreePublicKey()

void rsaFreePublicKey ( RsaPublicKey key)

Release an RSA public key.

Parameters
[in]keyPointer to the RSA public key to free

Definition at line 113 of file rsa.c.

◆ rsaGenerateKeyPair()

error_t rsaGenerateKeyPair ( const PrngAlgo prngAlgo,
void *  prngContext,
size_t  k,
uint_t  e,
RsaPrivateKey privateKey,
RsaPublicKey publicKey 
)

RSA key pair generation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[in]kRequired bit length of the modulus n
[in]ePublic exponent (3, 5, 17, 257 or 65537)
[out]privateKeyRSA private key
[out]publicKeyRSA public key
Returns
Error code

Definition at line 173 of file rsa.c.

◆ rsaGeneratePrivateKey()

__weak_func error_t rsaGeneratePrivateKey ( const PrngAlgo prngAlgo,
void *  prngContext,
size_t  k,
uint_t  e,
RsaPrivateKey privateKey 
)

RSA private key generation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[in]kRequired bit length of the modulus n
[in]ePublic exponent (3, 5, 17, 257 or 65537)
[out]privateKeyRSA private key
Returns
Error code

Definition at line 203 of file rsa.c.

◆ rsaGeneratePublicKey()

error_t rsaGeneratePublicKey ( const RsaPrivateKey privateKey,
RsaPublicKey publicKey 
)

Derive the public key from an RSA private key.

Parameters
[in]privateKeyRSA private key
[out]publicKeyRSA public key
Returns
Error code

Definition at line 364 of file rsa.c.

◆ rsaInitPrivateKey()

void rsaInitPrivateKey ( RsaPrivateKey key)

Initialize an RSA private key.

Parameters
[in]keyPointer to the RSA private key to initialize

Definition at line 126 of file rsa.c.

◆ rsaInitPublicKey()

void rsaInitPublicKey ( RsaPublicKey key)

Initialize an RSA public key.

Parameters
[in]keyPointer to the RSA public key to initialize

Definition at line 100 of file rsa.c.

◆ rsassaPkcs1v15Sign()

error_t rsassaPkcs1v15Sign ( const RsaPrivateKey key,
const HashAlgo hash,
const uint8_t *  digest,
uint8_t *  signature,
size_t *  signatureLen 
)

RSASSA-PKCS1-v1_5 signature generation operation.

Parameters
[in]keySigner's RSA private key
[in]hashHash function used to digest the message
[in]digestDigest of the message to be signed
[out]signatureResulting signature
[out]signatureLenLength of the resulting signature
Returns
Error code

Definition at line 935 of file rsa.c.

◆ rsassaPkcs1v15Verify()

error_t rsassaPkcs1v15Verify ( const RsaPublicKey key,
const HashAlgo hash,
const uint8_t *  digest,
const uint8_t *  signature,
size_t  signatureLen 
)

RSASSA-PKCS1-v1_5 signature verification operation.

Parameters
[in]keySigner's RSA public key
[in]hashHash function used to digest the message
[in]digestDigest of the message whose signature is to be verified
[in]signatureSignature to be verified
[in]signatureLenLength of the signature to be verified
Returns
Error code

Definition at line 1068 of file rsa.c.

◆ rsassaPssSign()

error_t rsassaPssSign ( const PrngAlgo prngAlgo,
void *  prngContext,
const RsaPrivateKey key,
const HashAlgo hash,
size_t  saltLen,
const uint8_t *  digest,
uint8_t *  signature,
size_t *  signatureLen 
)

RSASSA-PSS signature generation operation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[in]keySigner's RSA private key
[in]hashHash function used to digest the message
[in]saltLenLength of the salt, in bytes
[in]digestDigest of the message to be signed
[out]signatureResulting signature
[out]signatureLenLength of the resulting signature
Returns
Error code

Definition at line 1189 of file rsa.c.

◆ rsassaPssVerify()

error_t rsassaPssVerify ( const RsaPublicKey key,
const HashAlgo hash,
size_t  saltLen,
const uint8_t *  digest,
const uint8_t *  signature,
size_t  signatureLen 
)

RSASSA-PSS signature verification operation.

Parameters
[in]keySigner's RSA public key
[in]hashHash function used to digest the message
[in]saltLenLength of the salt, in bytes
[in]digestDigest of the message whose signature is to be verified
[in]signatureSignature to be verified
[in]signatureLenLength of the signature to be verified
Returns
Error code

Definition at line 1309 of file rsa.c.

Variable Documentation

◆ MD2_WITH_RSA_ENCRYPTION_OID

const uint8_t MD2_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x02}

Definition at line 57 of file rsa.c.

◆ MD5_WITH_RSA_ENCRYPTION_OID

const uint8_t MD5_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04}

Definition at line 59 of file rsa.c.

◆ MGF1_OID

const uint8_t MGF1_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08}

Definition at line 92 of file rsa.c.

◆ PKCS1_OID

const uint8_t PKCS1_OID[8] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01}

Definition at line 52 of file rsa.c.

◆ RSA_ENCRYPTION_OID

const uint8_t RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01}

Definition at line 54 of file rsa.c.

◆ RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID

const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_224_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0D}

Definition at line 76 of file rsa.c.

◆ RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID

const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_256_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0E}

Definition at line 78 of file rsa.c.

◆ RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID

const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_384_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0F}

Definition at line 80 of file rsa.c.

◆ RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID

const uint8_t RSASSA_PKCS1_V1_5_WITH_SHA3_512_OID[9] = {0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x10}

Definition at line 82 of file rsa.c.

◆ RSASSA_PSS_OID

const uint8_t RSASSA_PSS_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0A}

Definition at line 85 of file rsa.c.

◆ RSASSA_PSS_SHAKE128_OID

const uint8_t RSASSA_PSS_SHAKE128_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x1E}

Definition at line 87 of file rsa.c.

◆ RSASSA_PSS_SHAKE256_OID

const uint8_t RSASSA_PSS_SHAKE256_OID[8] = {0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x06, 0x1F}

Definition at line 89 of file rsa.c.

◆ SHA1_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA1_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05}

Definition at line 61 of file rsa.c.

◆ SHA224_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA224_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E}

Definition at line 63 of file rsa.c.

◆ SHA256_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA256_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B}

Definition at line 65 of file rsa.c.

◆ SHA384_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA384_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0C}

Definition at line 67 of file rsa.c.

◆ SHA512_224_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA512_224_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0F}

Definition at line 71 of file rsa.c.

◆ SHA512_256_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA512_256_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x10}

Definition at line 73 of file rsa.c.

◆ SHA512_WITH_RSA_ENCRYPTION_OID

const uint8_t SHA512_WITH_RSA_ENCRYPTION_OID[9] = {0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0D}

Definition at line 69 of file rsa.c.