RSAPSS#

RSASSA-PSS as defined in RFC 8017.

API Reference#

#include "Hacl_RSAPSS.h"
uint64_t *Hacl_RSAPSS_new_rsapss_load_skey(uint32_t modBits, uint32_t eBits, uint32_t dBits, uint8_t *nb, uint8_t *eb, uint8_t *db)#

Load a secret key from key parts.

Parameters

  • modBits – Count of bits in modulus (n).

  • eBits – Count of bits in e value.

  • dBits – Count of bits in d value.

  • nb – Pointer to ceil(modBits / 8) bytes where the modulus (n), in big-endian byte order, is read from.

  • eb – Pointer to ceil(modBits / 8) bytes where the e value, in big-endian byte order, is read from.

  • db – Pointer to ceil(modBits / 8) bytes where the d value, in big-endian byte order, is read from.

Returns

Returns an allocated secret key upon success, otherwise, NULL if key part arguments are invalid or memory allocation fails. Note: caller must take care to free() the created key.

uint64_t *Hacl_RSAPSS_new_rsapss_load_pkey(uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb)#

Load a public key from key parts.

Parameters

  • modBits – Count of bits in modulus (n).

  • eBits – Count of bits in e value.

  • nb – Pointer to ceil(modBits / 8) bytes where the modulus (n), in big-endian byte order, is read from.

  • eb – Pointer to ceil(modBits / 8) bytes where the e value, in big-endian byte order, is read from.

Returns

Returns an allocated public key upon success, otherwise, NULL if key part arguments are invalid or memory allocation fails. Note: caller must take care to free() the created key.

bool Hacl_RSAPSS_rsapss_sign(Spec_Hash_Definitions_hash_alg a, uint32_t modBits, uint32_t eBits, uint32_t dBits, uint64_t *skey, uint32_t saltLen, uint8_t *salt, uint32_t msgLen, uint8_t *msg, uint8_t *sgnt)#

Sign a message msg and write the signature to sgnt.

Parameters

  • a – Hash algorithm to use. Allowed values for a are …

    • Spec_Hash_Definitions_SHA2_256,

    • Spec_Hash_Definitions_SHA2_384, and

    • Spec_Hash_Definitions_SHA2_512.

  • modBits – Count of bits in the modulus (n).

  • eBits – Count of bits in e value.

  • dBits – Count of bits in d value.

  • skey – Pointer to secret key created by Hacl_RSAPSS_new_rsapss_load_skey.

  • saltLen – Length of salt.

  • salt – Pointer to saltLen bytes where the salt is read from.

  • msgLen – Length of message.

  • msg – Pointer to msgLen bytes where the message is read from.

  • sgnt – Pointer to ceil(modBits / 8) bytes where the signature is written to.

Returns

Returns true if and only if signing was successful.

bool Hacl_RSAPSS_rsapss_verify(Spec_Hash_Definitions_hash_alg a, uint32_t modBits, uint32_t eBits, uint64_t *pkey, uint32_t saltLen, uint32_t sgntLen, uint8_t *sgnt, uint32_t msgLen, uint8_t *msg)#

Verify the signature sgnt of a message msg.

Parameters

  • a – Hash algorithm to use. Allowed values for a are …

    • Spec_Hash_Definitions_SHA2_256,

    • Spec_Hash_Definitions_SHA2_384, and

    • Spec_Hash_Definitions_SHA2_512.

  • modBits – Count of bits in the modulus (n).

  • eBits – Count of bits in e value.

  • pkey – Pointer to public key created by Hacl_RSAPSS_new_rsapss_load_pkey.

  • saltLen – Length of salt.

  • sgntLen – Length of signature.

  • sgnt – Pointer to sgntLen bytes where the signature is read from.

  • msgLen – Length of message.

  • msg – Pointer to msgLen bytes where the message is read from.

Returns

Returns true if and only if the signature is valid.

bool Hacl_RSAPSS_rsapss_skey_sign(Spec_Hash_Definitions_hash_alg a, uint32_t modBits, uint32_t eBits, uint32_t dBits, uint8_t *nb, uint8_t *eb, uint8_t *db, uint32_t saltLen, uint8_t *salt, uint32_t msgLen, uint8_t *msg, uint8_t *sgnt)#

Sign a message msg and write the signature to sgnt.

Parameters

  • a – Hash algorithm to use. Allowed values for a are …

    • Spec_Hash_Definitions_SHA2_256,

    • Spec_Hash_Definitions_SHA2_384, and

    • Spec_Hash_Definitions_SHA2_512.

  • modBits – Count of bits in the modulus (n).

  • eBits – Count of bits in e value.

  • dBits – Count of bits in d value.

  • nb – Pointer to ceil(modBits / 8) bytes where the modulus (n), in big-endian byte order, is read from.

  • eb – Pointer to ceil(modBits / 8) bytes where the e value, in big-endian byte order, is read from.

  • db – Pointer to ceil(modBits / 8) bytes where the d value, in big-endian byte order, is read from.

  • saltLen – Length of salt.

  • salt – Pointer to saltLen bytes where the salt is read from.

  • msgLen – Length of message.

  • msg – Pointer to msgLen bytes where the message is read from.

  • sgnt – Pointer to ceil(modBits / 8) bytes where the signature is written to.

Returns

Returns true if and only if signing was successful.

bool Hacl_RSAPSS_rsapss_pkey_verify(Spec_Hash_Definitions_hash_alg a, uint32_t modBits, uint32_t eBits, uint8_t *nb, uint8_t *eb, uint32_t saltLen, uint32_t sgntLen, uint8_t *sgnt, uint32_t msgLen, uint8_t *msg)#

Verify the signature sgnt of a message msg.

Parameters

  • a – Hash algorithm to use. Allowed values for a are …

    • Spec_Hash_Definitions_SHA2_256,

    • Spec_Hash_Definitions_SHA2_384, and

    • Spec_Hash_Definitions_SHA2_512.

  • modBits – Count of bits in the modulus (n).

  • eBits – Count of bits in e value.

  • nb – Pointer to ceil(modBits / 8) bytes where the modulus (n), in big-endian byte order, is read from.

  • eb – Pointer to ceil(modBits / 8) bytes where the e value, in big-endian byte order, is read from.

  • saltLen – Length of salt.

  • sgntLen – Length of signature.

  • sgnt – Pointer to sgntLen bytes where the signature is read from.

  • msgLen – Length of message.

  • msg – Pointer to msgLen bytes where the message is read from.

Returns

Returns true if and only if the signature is valid.