In order to implement the standard RSA-PKCS, raw data must be signed with the private key without performing a hash.
All the CRYS functions wants either a HASH as input or want to comute a HASH inthe sign function.
How can I sign (actually encrypt) data with a private key without using a hash
Maybe you are looking at the wrong api?
There are two encypryption api's in CC310 for RSA:
RSA: CRYS_RSA_OAEP_Encrypt() and CRYS_RSA_PKCS1v15_Encrypt()
Which to use depends on the variant you want to do, in general look at examples here:
examples\crypto\nrf_cc310\rsa\main.c
Hi,
From the last post, it seems clear you want to sign the data, not encrypt it (it was initially unclear). In that case, the function you are looking for is probably CRYS_RSA_PSS_SHA1_Sign(). You can refer to <SDK>\examples\crypto\nrf_cc310\rsa\main.c to see how it is done.
Update: remove the statement about hashing, since it is optional whether to provide a hash digest as input or just the data and let hashing be handled internally.
As stated previously:
Main issue: How can I sign (RSA) data of variable length without using a Hash before or after the signature?
I don't want to compute a hash of the data, before or after. I just want to sign the raw data of variable length. My data is an asn.1 structure that should not be hashed. Is this possible?
As stated previously:
Main issue: How can I sign (RSA) data of variable length without using a Hash before or after the signature?
I don't want to compute a hash of the data, before or after. I just want to sign the raw data of variable length. My data is an asn.1 structure that should not be hashed. Is this possible?
Hi,
The API does not allow not hashing. However, you can try using CRYS_RSA_HASH_NO_HASH_mode or CRYS_RSA_After_HASH_NOT_KNOWN_mode. That is just intended for testing, though. See supported modes here (excluding MD5):
/*! Defines the enum for the HASH operation mode. */
typedef enum
{
CRYS_RSA_HASH_MD5_mode = 0, /*!< For PKCS1 v1.5 only. The input data will be hashed with MD5 */
CRYS_RSA_HASH_SHA1_mode = 1, /*!< The input data will be hashed with SHA1. */
CRYS_RSA_HASH_SHA224_mode = 2, /*!< The input data will be hashed with SHA224. */
CRYS_RSA_HASH_SHA256_mode = 3, /*!< The input data will be hashed with SHA256. */
CRYS_RSA_HASH_SHA384_mode = 4, /*!< The input data will be hashed with SHA384. */
CRYS_RSA_HASH_SHA512_mode = 5, /*!< The input data will be hashed with SHA512. */
CRYS_RSA_After_MD5_mode = 6, /*!< For PKCS1 v1.5 only. The input data is a digest of MD5 and will not be hashed. */
CRYS_RSA_After_SHA1_mode = 7, /*!< The input data is a digest of SHA1 and will not be hashed. */
CRYS_RSA_After_SHA224_mode = 8, /*!< The input data is a digest of SHA224 and will not be hashed. */
CRYS_RSA_After_SHA256_mode = 9, /*!< The input data is a digest of SHA256 and will not be hashed. */
CRYS_RSA_After_SHA384_mode = 10, /*!< The input data is a digest of SHA384 and will not be hashed. */
CRYS_RSA_After_SHA512_mode = 11, /*!< The input data is a digest of SHA512 and will not be hashed. */
CRYS_RSA_After_HASH_NOT_KNOWN_mode = 12, /*!< \internal used only for PKCS#1 Ver 1.5 - possible to perform verify operation without hash mode input,
the hash mode is derived from the signature.*/
CRYS_RSA_HASH_NO_HASH_mode = 13, /*!< Used for PKCS1 v1.5 Encrypt and Decrypt.*/
CRYS_RSA_HASH_NumOfModes, /*!< Maximal number of hash operations modes. */
CRYS_RSA_HASH_OpModeLast = 0x7FFFFFFF, /*! Reserved.*/
}CRYS_RSA_HASH_OpMode_t; By the way, since I have not seen this request before. Which part of PKCS requires raw data?
This is a mechanism from PKCS#11 CKM_RSA_PKCS. Currently it is an OpenSSL command that I am sending to the device.
"The PKCS #1 v1.5 RSA mechanism, denoted CKM_RSA_PKCS, is a multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5. It supports single-part encryption and decryption; single-part signatures and verification with and without message recovery; key wrapping; and key unwrapping. This mechanism corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not compute a message digest or a DigestInfo encoding as specified for the md2withRSAEncryption and md5withRSAEncryption algorithms in PKCS #1 v1.5 .
This mechanism does not have a parameter.
This mechanism can wrap and unwrap any secret key of appropriate length. Of course, a particular token may not be able to wrap/unwrap every appropriate-length secret key that it supports. For wrapping, the “input” to the encryption operation is the value of the CKA_VALUE attribute of the key that is wrapped; similarly for unwrapping. The mechanism does not wrap the key type or any other information about the key, except the key length; the application must convey these separately. In particular, the mechanism contributes only the CKA_CLASS and CKA_VALUE (and CKA_VALUE_LEN, if the key has it) attributes to the recovered key during unwrapping; other attributes must be specified in the template."