lcx_rsa.h

Back to the files list

RSA algorithm. More...

Data Structures
struct	cx_rsa_public_key_s
	Abstract RSA public key. More...
struct	cx_rsa_private_key_s
	Abstract RSA private key. More...
struct	cx_rsa_1024_public_key_s
	1024-bit RSA public key More...
struct	cx_rsa_1024_private_key_s
	1024-bit RSA private key More...
struct	cx_rsa_2048_public_key_s
	2048-bit RSA public key More...
struct	cx_rsa_2048_private_key_s
	2048-bit RSA private key More...
struct	cx_rsa_3072_public_key_s
	3072-bit RSA public key More...
struct	cx_rsa_3072_private_key_s
	3072-bit RSA private key More...
struct	cx_rsa_4096_public_key_s
	4096-bit RSA public key More...
struct	cx_rsa_4096_private_key_s
	4096-bit RSA private key More...

Typedefs
typedef struct cx_rsa_public_key_s	cx_rsa_public_key_t
	Convenience type. More...
typedef struct cx_rsa_private_key_s	cx_rsa_private_key_t
	Convenience type. More...
typedef struct cx_rsa_1024_public_key_s	cx_rsa_1024_public_key_t
	Convenience type. More...
typedef struct cx_rsa_1024_private_key_s	cx_rsa_1024_private_key_t
	Convenience type. More...
typedef struct cx_rsa_2048_public_key_s	cx_rsa_2048_public_key_t
	Convenience type. More...
typedef struct cx_rsa_2048_private_key_s	cx_rsa_2048_private_key_t
	Convenience type. More...
typedef struct cx_rsa_3072_public_key_s	cx_rsa_3072_public_key_t
	Convenience type. More...
typedef struct cx_rsa_3072_private_key_s	cx_rsa_3072_private_key_t
	Convenience type. More...
typedef struct cx_rsa_4096_public_key_s	cx_rsa_4096_public_key_t
	Convenience type. More...
typedef struct cx_rsa_4096_private_key_s	cx_rsa_4096_private_key_t
	Convenience type. More...

Functions
cx_err_t	cx_rsa_init_public_key_no_throw (const uint8_t *exponent, size_t exponent_len, const uint8_t *modulus, size_t modulus_len, cx_rsa_public_key_t *key)
	Initializes a RSA public key. More...
static int	cx_rsa_init_public_key (const unsigned char *exponent, unsigned int exponent_len, const unsigned char *modulus, unsigned int modulus_len, cx_rsa_public_key_t *key)
	Initializes a RSA public key. More...
cx_err_t	cx_rsa_init_private_key_no_throw (const uint8_t *exponent, size_t exponent_len, const uint8_t *modulus, size_t modulus_len, cx_rsa_private_key_t *key)
	Initializes a RSA private key. More...
static int	cx_rsa_init_private_key (const unsigned char *exponent, unsigned int exponent_len, const unsigned char *modulus, unsigned int modulus_len, cx_rsa_private_key_t *key)
	Initializes a RSA private key. More...
cx_err_t	cx_rsa_generate_pair_no_throw (size_t modulus_len, cx_rsa_public_key_t *public_key, cx_rsa_private_key_t *private_key, const uint8_t *pub_exponent, size_t exponent_len, const uint8_t *externalPQ)
	Generates a RSA key pair. More...
static int	cx_rsa_generate_pair (unsigned int modulus_len, cx_rsa_public_key_t *public_key, cx_rsa_private_key_t *private_key, const unsigned char *pub_exponent, unsigned int exponent_len, const unsigned char *externalPQ)
	Generates a RSA key pair. More...
cx_err_t	cx_rsa_sign_with_salt_len (const cx_rsa_private_key_t *key, uint32_t mode, cx_md_t hashID, const uint8_t *hash, size_t hash_len, uint8_t *sig, size_t sig_len, size_t salt_len)
	Computes a message digest signature according to RSA specification. More...
cx_err_t	cx_rsa_sign_no_throw (const cx_rsa_private_key_t *key, uint32_t mode, cx_md_t hashID, const uint8_t *hash, size_t hash_len, uint8_t *sig, size_t sig_len)
	Computes a message digest signature according to RSA specification. More...
static int	cx_rsa_sign (const cx_rsa_private_key_t *key, int mode, cx_md_t hashID, const unsigned char *hash, unsigned int hash_len, unsigned char *sig, unsigned int sig_len)
	Computes a message digest signature according to RSA specification. More...
bool	cx_rsa_verify_with_salt_len (const cx_rsa_public_key_t *key, uint32_t mode, cx_md_t hashID, const uint8_t *hash, size_t hash_len, uint8_t *sig, size_t sig_len, size_t salt_len)
	Verifies a message digest signature. More...
bool	cx_rsa_verify (const cx_rsa_public_key_t *key, uint32_t mode, cx_md_t hashID, const uint8_t *hash, size_t hash_len, uint8_t *sig, size_t sig_len)
	Verifies a message digest signature. More...
cx_err_t	cx_rsa_encrypt_no_throw (const cx_rsa_public_key_t *key, uint32_t mode, cx_md_t hashID, const uint8_t *mesg, size_t mesg_len, uint8_t *enc, size_t enc_len)
	Encrypts a message according to RSA specification. More...
static int	cx_rsa_encrypt (const cx_rsa_public_key_t *key, int mode, cx_md_t hashID, const unsigned char *mesg, unsigned int mesg_len, unsigned char *enc, unsigned int enc_len)
	Encrypts a message according to RSA specification. More...
cx_err_t	cx_rsa_decrypt_no_throw (const cx_rsa_private_key_t *key, uint32_t mode, cx_md_t hashID, const uint8_t *mesg, size_t mesg_len, uint8_t *dec, size_t *dec_len)
	Decrypts a message according to RSA specification. More...
static int	cx_rsa_decrypt (const cx_rsa_private_key_t *key, int mode, cx_md_t hashID, const unsigned char *mesg, unsigned int mesg_len, unsigned char *dec, unsigned int dec_len)
	Decrypts a message according to RSA specification. More...

Detailed Description

RSA algorithm.

RSA is a public key cryptosystem that can be used for encryption and signature schemes.

Typedef Documentation

cx_rsa_1024_private_key_t

typedef struct cx_rsa_1024_private_key_s cx_rsa_1024_private_key_t

Convenience type.

See cx_rsa_1024_private_key_s.

cx_rsa_1024_public_key_t

typedef struct cx_rsa_1024_public_key_s cx_rsa_1024_public_key_t

Convenience type.

See cx_rsa_1024_public_key_s.

cx_rsa_2048_private_key_t

typedef struct cx_rsa_2048_private_key_s cx_rsa_2048_private_key_t

Convenience type.

See cx_rsa_2048_private_key_s.

cx_rsa_2048_public_key_t

typedef struct cx_rsa_2048_public_key_s cx_rsa_2048_public_key_t

Convenience type.

See cx_rsa_2048_public_key_s.

cx_rsa_3072_private_key_t

typedef struct cx_rsa_3072_private_key_s cx_rsa_3072_private_key_t

Convenience type.

See cx_rsa_3072_private_key_s.

cx_rsa_3072_public_key_t

typedef struct cx_rsa_3072_public_key_s cx_rsa_3072_public_key_t

Convenience type.

See cx_rsa_3072_public_key_s.

cx_rsa_4096_private_key_t

typedef struct cx_rsa_4096_private_key_s cx_rsa_4096_private_key_t

Convenience type.

See cx_rsa_4096_private_key_s.

cx_rsa_4096_public_key_t

typedef struct cx_rsa_4096_public_key_s cx_rsa_4096_public_key_t

Convenience type.

See cx_rsa_4096_public_key_s.

cx_rsa_private_key_t

typedef struct cx_rsa_private_key_s cx_rsa_private_key_t

Convenience type.

See cx_rsa_private_key_s.

cx_rsa_public_key_t

typedef struct cx_rsa_public_key_s cx_rsa_public_key_t

Convenience type.

See cx_rsa_public_key_s.

Function Documentation

cx_rsa_decrypt()

static int cx_rsa_decrypt ( const cx_rsa_private_key_t *  key, int  mode, cx_md_t  hashID, const unsigned char *  mesg, unsigned int  mesg_len, unsigned char *  dec, unsigned int  dec_len  )

Decrypts a message according to RSA specification.

This function throws an exception if the computation doesn't succeed.

Warning

It is recommended to use cx_rsa_decrypt_no_throw rather than this function.

Parameters

[in]	key	RSA private key initialized with cx_rsa_init_private_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_OAEP
[in]	hashID	Message digest algorithm identifier. Expected identifiers used in OAEP padding: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512
[in]	mesg	Input data to decrypt.
[in]	mesg_len	Length of the input.
[in]	dec	Buffer where to store the decrypted data.
[in]	dec_len	Length of the output.

Returns

Length of the decrypted message.

Exceptions

CX_INVALID_PARAMETER

CX_NOT_UNLOCKED

CX_INVALID_PARAMETER_SIZE

CX_MEMORY_FULL

CX_NOT_LOCKED

cx_rsa_decrypt_no_throw()

cx_err_t cx_rsa_decrypt_no_throw	(	const cx_rsa_private_key_t *	key,
		uint32_t	mode,
		cx_md_t	hashID,
		const uint8_t *	mesg,
		size_t	mesg_len,
		uint8_t *	dec,
		size_t *	dec_len
)

Decrypts a message according to RSA specification.

Parameters

[in]	key	RSA private key initialized with cx_rsa_init_private_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_OAEP
[in]	hashID	Message digest algorithm identifier. Expected identifiers used in OAEP padding: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512
[in]	mesg	Input data to decrypt.
[in]	mesg_len	Length of the input.
[in]	dec	Buffer where to store the decrypted data.
[in]	dec_len	Length of the output.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER
• CX_NOT_UNLOCKED
• CX_INVALID_PARAMETER_SIZE
• CX_MEMORY_FULL
• CX_NOT_LOCKED

cx_rsa_encrypt()

static int cx_rsa_encrypt ( const cx_rsa_public_key_t *  key, int  mode, cx_md_t  hashID, const unsigned char *  mesg, unsigned int  mesg_len, unsigned char *  enc, unsigned int  enc_len  )

Encrypts a message according to RSA specification.

This function throws an exception if the computation doesn't succeed.

Warning

It is recommended to use cx_rsa_encrypt_no_throw rather than this function.

Parameters

[in]	key	RSA public key initialized with cx_rsa_init_public_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_OAEP
[in]	hashID	Message digest algorithm identifier. Expected identifiers used in OAEP padding: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512
[in]	mesg	Input data to encrypt.
[in]	mesg_len	Length of the input.
[in]	enc	Buffer where to store the ciphertext.
[in]	enc_len	Length of the ciphertext.

Returns

Length of the key.

Exceptions

CX_INVALID_PARAMETER

CX_NOT_UNLOCKED

CX_INVALID_PARAMETER_SIZE

CX_MEMORY_FULL

CX_NOT_LOCKED

cx_rsa_encrypt_no_throw()

cx_err_t cx_rsa_encrypt_no_throw	(	const cx_rsa_public_key_t *	key,
		uint32_t	mode,
		cx_md_t	hashID,
		const uint8_t *	mesg,
		size_t	mesg_len,
		uint8_t *	enc,
		size_t	enc_len
)

Encrypts a message according to RSA specification.

Parameters

[in]	key	RSA public key initialized with cx_rsa_init_public_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_OAEP
[in]	hashID	Message digest algorithm identifier. Expected identifiers used in OAEP padding: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512
[in]	mesg	Input data to encrypt.
[in]	mesg_len	Length of the input.
[in]	enc	Buffer where to store the ciphertext.
[in]	enc_len	Length of the ciphertext.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER
• CX_NOT_UNLOCKED
• CX_INVALID_PARAMETER_SIZE
• CX_MEMORY_FULL
• CX_NOT_LOCKED

cx_rsa_generate_pair()

static int cx_rsa_generate_pair ( unsigned int  modulus_len, cx_rsa_public_key_t *  public_key, cx_rsa_private_key_t *  private_key, const unsigned char *  pub_exponent, unsigned int  exponent_len, const unsigned char *  externalPQ  )

Generates a RSA key pair.

This function throws an exception if the generation failed.

Warning

It is recommended to use cx_rsa_generate_pair_no_throw rather than this function.

Parameters

[in]	modulus_len	Size of the modulus in bytes. Expected sizes: 256 384 512
[out]	public_key	Pointer to the RSA public key. The structure shall match modulus_len.
[out]	private_key	Pointer to the RSA private key. The structure shall match modulus_len.
[in]	pub_exponent	Public exponent. ZERO means default value: 0x010001 (65337). The public exponent shall be less than 0x0FFFFFFF. No verification is done on the public exponent value except its range.
[in]	exponent_len	Length of the exponent.
[in]	externalPQ	Pointer to the prime factors of the modulus or NULL pointer. Each prime consists of modulus_len/2 bytes in big endian order. P = externalPQ[0:modulus_len/2-1], Q = externalPQ[modulus_len/2 : modulus_len-1] There is no verification on provided P and Q.

Returns

Length of the modulus.

Exceptions

CX_INVALID_PARAMETER

CX_NOT_UNLOCKED

CX_INVALID_PARAMETER_SIZE

CX_MEMORY_FULL

CX_NOT_LOCKED

CX_INTERNAL_ERROR

CX_OVERFLOW

cx_rsa_generate_pair_no_throw()

cx_err_t cx_rsa_generate_pair_no_throw	(	size_t	modulus_len,
		cx_rsa_public_key_t *	public_key,
		cx_rsa_private_key_t *	private_key,
		const uint8_t *	pub_exponent,
		size_t	exponent_len,
		const uint8_t *	externalPQ
)

Generates a RSA key pair.

Parameters

[in]	modulus_len	Size of the modulus in bytes. Expected sizes: 256 384 512
[out]	public_key	Pointer to the RSA public key. The structure shall match modulus_len.
[out]	private_key	Pointer to the RSA private key. The structure shall match modulus_len.
[in]	pub_exponent	Public exponent. ZERO means default value: 0x010001 (65337). The public exponent shall be less than 0x0FFFFFFF. No verification is done on the public exponent value except its range.
[in]	exponent_len	Length of the exponent.
[in]	externalPQ	Pointer to the prime factors of the modulus or NULL pointer. Each prime consists of modulus_len/2 bytes in big endian order. P = externalPQ[0:modulus_len/2-1], Q = externalPQ[modulus_len/2 : modulus_len-1] There is no verification on provided P and Q.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER
• CX_NOT_UNLOCKED
• CX_INVALID_PARAMETER_SIZE
• CX_MEMORY_FULL
• CX_NOT_LOCKED
• CX_INTERNAL_ERROR
• CX_OVERFLOW

cx_rsa_init_private_key()

static int cx_rsa_init_private_key ( const unsigned char *  exponent, unsigned int  exponent_len, const unsigned char *  modulus, unsigned int  modulus_len, cx_rsa_private_key_t *  key  )

Initializes a RSA private key.

Once initialized, the key may be stored in non-volatile memory and used for any RSA processing.

Passing NULL as raw key initializes the key without any value. The key cannot be used. This function throws an exception if the initialization fails.

Warning

It is recommended to use cx_rsa_init_private_key_no_throw rather than this function.

Parameters

[in]	exponent	Private exponent: pointer to a raw key value or NULL.
[in]	exponent_len	Length of the exponent.
[in]	modulus	Modulus: pointer to a raw key as big endian value or NULL.
[in]	modulus_len	Length of the modulus.
[out]	key	Pointer to the RSA private key.

Returns

Length of the modulus.

Exceptions

CX_INVALID_PARAMETER

cx_rsa_init_private_key_no_throw()

cx_err_t cx_rsa_init_private_key_no_throw	(	const uint8_t *	exponent,
		size_t	exponent_len,
		const uint8_t *	modulus,
		size_t	modulus_len,
		cx_rsa_private_key_t *	key
)

Initializes a RSA private key.

Once initialized, the key may be stored in non-volatile memory and used for any RSA processing.

Passing NULL as raw key initializes the key without any value. The key cannot be used.

Parameters

[in]	exponent	Private exponent: pointer to a raw key value or NULL.
[in]	exponent_len	Length of the exponent.
[in]	modulus	Modulus: pointer to a raw key as big endian value or NULL.
[in]	modulus_len	Length of the modulus.
[out]	key	Pointer to the RSA private key.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER

cx_rsa_init_public_key()

static int cx_rsa_init_public_key ( const unsigned char *  exponent, unsigned int  exponent_len, const unsigned char *  modulus, unsigned int  modulus_len, cx_rsa_public_key_t *  key  )

Initializes a RSA public key.

Once initialized, the key may be stored in non-volatile memory and used for any RSA processing.

Passing NULL as raw key initializes the key without any value. The key cannot be used. This function throws an exception if the initialization fails.

Warning

It is recommended to use cx_rsa_init_public_key_no_throw rather than this function.

Parameters

[in]	exponent	Public exponent: pointer to a raw key value (4 bytes) or NULL.
[in]	exponent_len	Length of the exponent.
[in]	modulus	Modulus: pointer to a raw key as big endian value or NULL.
[in]	modulus_len	Length of the modulus.
[out]	key	Pointer to the RSA public key.

Returns

Length of the modulus.

Exceptions

CX_INVALID_PARAMETER

cx_rsa_init_public_key_no_throw()

cx_err_t cx_rsa_init_public_key_no_throw	(	const uint8_t *	exponent,
		size_t	exponent_len,
		const uint8_t *	modulus,
		size_t	modulus_len,
		cx_rsa_public_key_t *	key
)

Initializes a RSA public key.

Once initialized, the key may be stored in non-volatile memory and used for any RSA processing.

Passing NULL as raw key initializes the key without any value. The key cannot be used.

Parameters

[in]	exponent	Public exponent: pointer to a raw key value (4 bytes) or NULL.
[in]	exponent_len	Length of the exponent.
[in]	modulus	Modulus: pointer to a raw key as big endian value or NULL.
[in]	modulus_len	Length of the modulus.
[out]	key	Pointer to the RSA public key.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER

cx_rsa_sign()

static int cx_rsa_sign ( const cx_rsa_private_key_t *  key, int  mode, cx_md_t  hashID, const unsigned char *  hash, unsigned int  hash_len, unsigned char *  sig, unsigned int  sig_len  )

Computes a message digest signature according to RSA specification.

When using PSS padding, the salt length is fixed to the hash output length. If another salt length is used, call cx_rsa_sign_with_salt_len instead. The MGF1 function is the one descrided in PKCS1 v2.0 specification, using the same hash algorithm as specified by hashID. This function throws an exception if the computation doesn't succeed.

Warning

It is recommended to use cx_rsa_sign_no_throw rather than this function.

Parameters

[in]	key	RSA private key initialized with cx_rsa_init_private_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_PSS
[in]	hashID	Message digest algorithm identifier. Expected identifiers: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512 CX_SHA3_256 (for CX_PAD_PKCS1_1o5 mode only) CX_SHA3_512 (for CX_PAD_PKCS1_1o5 mode only)
[in]	hash	Input data to be signed.
[in]	hash_len	Length of the input data.
[in]	sig	Buffer where to store the signature.
[in]	sig_len	Length of the output buffer.

Returns

Length of the key.

Exceptions

CX_INVALID_PARAMETER

CX_NOT_UNLOCKED

CX_INVALID_PARAMETER_SIZE

CX_MEMORY_FULL

CX_NOT_LOCKED

cx_rsa_sign_no_throw()

cx_err_t cx_rsa_sign_no_throw	(	const cx_rsa_private_key_t *	key,
		uint32_t	mode,
		cx_md_t	hashID,
		const uint8_t *	hash,
		size_t	hash_len,
		uint8_t *	sig,
		size_t	sig_len
)

Computes a message digest signature according to RSA specification.

When using PSS padding, the salt length is fixed to the hash output length. If another salt length is used, call cx_rsa_sign_with_salt_len instead. The MGF1 function is the one descrided in PKCS1 v2.0 specification, using the same hash algorithm as specified by hashID.

Parameters

[in]	key	RSA private key initialized with cx_rsa_init_private_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_PSS
[in]	hashID	Message digest algorithm identifier. Expected identifiers: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512 CX_SHA3_256 (for CX_PAD_PKCS1_1o5 mode only) CX_SHA3_512 (for CX_PAD_PKCS1_1o5 mode only)
[in]	hash	Input data to be signed.
[in]	hash_len	Length of the input data.
[in]	sig	Buffer where to store the signature.
[in]	sig_len	Length of the output buffer.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER
• CX_NOT_UNLOCKED
• CX_INVALID_PARAMETER_SIZE
• CX_MEMORY_FULL
• CX_NOT_LOCKED

cx_rsa_sign_with_salt_len()

cx_err_t cx_rsa_sign_with_salt_len	(	const cx_rsa_private_key_t *	key,
		uint32_t	mode,
		cx_md_t	hashID,
		const uint8_t *	hash,
		size_t	hash_len,
		uint8_t *	sig,
		size_t	sig_len,
		size_t	salt_len
)

Computes a message digest signature according to RSA specification.

When using PSS padding, the salt length is fixed to the hash output length. The MGF1 function is the one descrided in PKCS1 v2.0 specification, using the same hash algorithm as specified by hashID.

Parameters

[in]	key	RSA private key initialized with cx_rsa_init_private_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_PSS
[in]	hashID	Message digest algorithm identifier. Expected identifiers: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512 CX_SHA3_256 (for CX_PAD_PKCS1_1o5 mode only) CX_SHA3_512 (for CX_PAD_PKCS1_1o5 mode only)
[in]	hash	Input data to be signed.
[in]	hash_len	Length of the input data.
[in]	sig	Buffer where to store the signature.
[in]	sig_len	Length of the output buffer.
[in]	salt_len	Length of the salt.

Returns

Error code:

• CX_OK on success
• CX_INVALID_PARAMETER
• CX_NOT_UNLOCKED
• CX_INVALID_PARAMETER_SIZE
• CX_MEMORY_FULL
• CX_NOT_LOCKED

cx_rsa_verify()

bool cx_rsa_verify	(	const cx_rsa_public_key_t *	key,
		uint32_t	mode,
		cx_md_t	hashID,
		const uint8_t *	hash,
		size_t	hash_len,
		uint8_t *	sig,
		size_t	sig_len
)

Verifies a message digest signature.

It verifies a message digest signature according to RSA specification. Please note that if the mode is set to CX_PAD_PKCS1_PSS, then the underlying salt length is by convention equal to the hash length. If another salt length is used, please call cx_rsa_verify_with_salt_len instead.

Parameters

[in]	key	RSA public key initialized with cx_rsa_init_public_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_PSS
[in]	hashID	Message digest algorithm identifier. Expected identifiers: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512 CX_SHA3_256 (for CX_PAD_PKCS1_1o5 mode only) CX_SHA3_512 (for CX_PAD_PKCS1_1o5 mode only)
[in]	hash	Message digest corresponding to the signature.
[in]	hash_len	Length of the message digest.
[in]	sig	RSA signature encoded as raw bytes. This is used as a temporary buffer.
[in]	sig_len	Length of the signature.

Returns

1 if the signature is verified, 0 otherwise.

cx_rsa_verify_with_salt_len()

bool cx_rsa_verify_with_salt_len	(	const cx_rsa_public_key_t *	key,
		uint32_t	mode,
		cx_md_t	hashID,
		const uint8_t *	hash,
		size_t	hash_len,
		uint8_t *	sig,
		size_t	sig_len,
		size_t	salt_len
)

Verifies a message digest signature.

It verifies a message digest signature according to RSA specification with a specified salt length.

Parameters

[in]	key	RSA public key initialized with cx_rsa_init_public_key_no_throw.
[in]	mode	Crypto mode flags. Supported flags: CX_PAD_PKCS1_1o5 CX_PAD_PKCS1_PSS
[in]	hashID	Message digest algorithm identifier. Expected identifiers: CX_SHA224 CX_SHA256 CX_SHA384 CX_SHA512 CX_SHA3_256 (for CX_PAD_PKCS1_1o5 mode only) CX_SHA3_512 (for CX_PAD_PKCS1_1o5 mode only)
[in]	hash	Input data to be signed.
[in]	hash_len	Length of the input data.
[in]	sig	RSA signature encoded as raw bytes. This is used as a temporary buffer.
[in]	sig_len	Length of the signature.
[in]	salt_len	Length of the salt.

Returns

1 if the signature is verified, 0 otherwise.

Back to the files list

---

Did you find this page helpful?

How would you improve this page for developers?

I am a developer.
Contributors will be chosen randomly to receive rewards. Check this box to send your email and participate.

Ledger collects your email address to send you rewards for your contribution to improve the Developer Portal documentation. Learn more about how we manage your data and your rights.

By providing your email address, you consent that Ledger may contact you for rewards delivery purposes. If you are part of the randomly selected contributors, we will send you an email to ask for your physical address and if necessary, ask you for additional information on the suggestion you made. Your information will only be available to Ledger and will be retained for no longer than 90 days. It may be transferred to non-European countries that ensure an adequate level of protection or under the standard contractual clauses adopted by the EU Commission.

Please note that you may withdraw your consent at any time, access your data and request their rectification or deletion. You may also request the limitation of the processing of your data. To exercise your rights or for any question on the processing of your data, please contact LEDGER’s Data Protection Officer here. If nevertheless you believe LEDGER did not adequately address your concerns and mishandled your data, you may lodge a complaint with the personal data protection authority of your country.