Module Rsa.PKCS1

PKCS v1.5 operations, as defined by PKCS #1 v1.5.

For the operations that only add the raw padding, the key size must be at least 11 bytes larger than the message. For full signing, the minimal key size varies according to the hash algorithm. In this case, the key size is priv_bits key / 8, rounded up.

val encrypt : ?g:Mirage_crypto_rng.g -> key:pub -> Cstruct.t -> Cstruct.t

encrypt g key message is a PKCS1-padded (type 2) and encrypted message.

  • raises Insufficient_key

    (see Insufficient_key)

val decrypt : ?crt_hardening:bool -> ?mask:mask -> key:priv -> Cstruct.t -> Cstruct.t option

decrypt ~crt_hardening ~mask ~key ciphertext is Some message if the ciphertext was produced by the corresponding encrypt operation, or None otherwise. crt_hardening defaults to false.

val sig_encode : ?crt_hardening:bool -> ?mask:mask -> key:priv -> Cstruct.t -> Cstruct.t

sig_encode ~crt_hardening ~mask ~key message is the PKCS1-padded (type 1) message signed by the key. crt_hardening defaults to true and verifies that the computed signature is correct.

Note This operation performs only the padding and RSA transformation steps of the PKCS 1.5 signature. The full signature is implemented by sign.

  • raises Insufficient_key

    (see Insufficient_key)

val sig_decode : key:pub -> Cstruct.t -> Cstruct.t option

sig_decode key signature is Some message when the signature was produced with the given key as per sig_encode, or None

val min_key : Mirage_crypto.Hash.hash -> bits

min_key hash is the minimum key size required by sign.

val sign : ?crt_hardening:bool -> ?mask:mask -> hash:Mirage_crypto.Hash.hash -> key:priv -> Cstruct.t or_digest -> Cstruct.t

sign ~crt_hardening ~mask ~hash ~key message is the PKCS 1.5 signature of message, signed by the key, using the hash function hash. This is the full signature, with the ASN-encoded message digest as the payload. crt_hardening defaults to true and verifies that the computed signature is correct.

message is either the actual message, or its digest.

  • raises Insufficient_key

    (see Insufficient_key)

  • raises Invalid_argument

    if message is a `Digest of the wrong size.

val verify : hashp:( Mirage_crypto.Hash.hash -> bool ) -> key:pub -> signature:Cstruct.t -> Cstruct.t or_digest -> bool

verify ~hashp ~key ~signature message checks that signature is the PKCS 1.5 signature of the message under the given key.

message is either the actual message, or its digest.

hashp determines the allowed hash algorithms. Whenever hashp is false, verify is also false.

  • raises Invalid_argument

    if message is a `Digest of the wrong size.