commit 9dcc32236b7cb249093f4f985253b8c834790ce2
author Paul Bakker <p.j.bakker@polarssl.org> Tue Mar 08 14:16:06 2011 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Tue Mar 08 14:16:06 2011 +0000
tree 73e7bcdc2b377bf65d248b3eb3f845c6cf02a93f
parent fea43a2501d77b4ec0fee48c94a941b19612fe4a

 - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21)

include/polarssl/rsa.h

diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 15b047c..509e24d 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -144,8 +144,12 @@
     mpi RP;                     /*!<  cached R^2 mod P  */
     mpi RQ;                     /*!<  cached R^2 mod Q  */
 
-    int padding;                /*!<  1.5 or OAEP/PSS   */
-    int hash_id;                /*!<  hash identifier   */
+    int padding;                /*!<  RSA_PKCS_V15 for 1.5 padding and
+                                      RSA_PKCS_v21 for OAEP/PSS         */
+    int hash_id;                /*!<  Hash identifier of md_type_t as
+                                      specified in the md.h header file
+                                      for the EME-OAEP and EMSA-PSS
+                                      encoding                          */
 }
 rsa_context;
 
@@ -162,9 +166,6 @@
  *
  * \note           The hash_id parameter is actually ignored
  *                 when using RSA_PKCS_V15 padding.
- *
- * \note           Currently, RSA_PKCS_V21 padding
- *                 is not supported.
  */
 void rsa_init( rsa_context *ctx,
                int padding,
@@ -247,7 +248,7 @@
  * \brief          Add the message padding, then do an RSA operation
  *
  * \param ctx      RSA context
- * \param f_rng    RNG function
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding)
  * \param p_rng    RNG parameter
  * \param mode     RSA_PUBLIC or RSA_PRIVATE
  * \param ilen     contains the plaintext length
@@ -292,6 +293,8 @@
  * \brief          Do a private RSA to sign a message digest
  *
  * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding)
+ * \param p_rng    RNG parameter
  * \param mode     RSA_PUBLIC or RSA_PRIVATE
  * \param hash_id  SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
  * \param hashlen  message digest length (for SIG_RSA_RAW only)
@@ -303,8 +306,16 @@
  *
  * \note           The "sig" buffer must be as large as the size
  *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding keep in mind that
+ *                 the hash_id in the RSA context is the one used for the
+ *                 encoding. hash_id in the function call is the type of hash
+ *                 that is encoded. According to RFC 3447 it is advised to
+ *                 keep both hashes the same.
  */
 int rsa_pkcs1_sign( rsa_context *ctx,
+                    int (*f_rng)(void *),
+                    void *p_rng,
                     int mode,
                     int hash_id,
                     int hashlen,
@@ -326,6 +337,12 @@
  *
  * \note           The "sig" buffer must be as large as the size
  *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
+ *
+ * \note           In case of PKCS#1 v2.1 encoding keep in mind that
+ *                 the hash_id in the RSA context is the one used for the
+ *                 verification. hash_id in the function call is the type of hash
+ *                 that is verified. According to RFC 3447 it is advised to
+ *                 keep both hashes the same.
  */
 int rsa_pkcs1_verify( rsa_context *ctx,
                       int mode,