Function esp_idf_sys::mbedtls_rsa_rsassa_pss_sign_ext

source ·

pub unsafe extern "C" fn mbedtls_rsa_rsassa_pss_sign_ext(
    ctx: *mut mbedtls_rsa_context,
    f_rng: Option<unsafe extern "C" fn(arg1: *mut c_void, arg2: *mut c_uchar, arg3: usize) -> c_int>,
    p_rng: *mut c_void,
    md_alg: mbedtls_md_type_t,
    hashlen: c_uint,
    hash: *const c_uchar,
    saltlen: c_int,
    sig: *mut c_uchar
) -> c_int

Expand description

\brief This function performs a PKCS#1 v2.1 PSS signature operation (RSASSA-PSS-SIGN).

\note The \c hash_id set in \p ctx by calling mbedtls_rsa_set_padding() selects the hash used for the encoding operation and for the mask generation function (MGF1). For more details on the encoding operation and the mask generation function, consult RFC-3447: Public-Key Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography Specifications.

\note This function enforces that the provided salt length complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1 step 3. The constraint is that the hash length plus the salt length plus 2 bytes must be at most the key length. If this constraint is not met, this function returns #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.

\param ctx The initialized RSA context to use. \param f_rng The RNG function. It is mandatory and must not be \c NULL. \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL if \p f_rng doesn’t need a context argument. \param md_alg The message-digest algorithm used to hash the original data. Use #MBEDTLS_MD_NONE for signing raw data. \param hashlen The length of the message digest or raw data in Bytes. If \p md_alg is not #MBEDTLS_MD_NONE, this must match the output length of the corresponding hash algorithm. \param hash The buffer holding the message digest or raw data. This must be a readable buffer of at least \p hashlen Bytes. \param saltlen The length of the salt that should be used. If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use the largest possible salt length up to the hash length, which is the largest permitted by some standards including FIPS 186-4 §5.5. \param sig The buffer to hold the signature. This must be a writable buffer of length \c ctx->len Bytes. For example, \c 256 Bytes for an 2048-bit RSA modulus. A buffer length of #MBEDTLS_MPI_MAX_SIZE is always safe.

\return \c 0 if the signing operation was successful. \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.