[doc/rsa] Add missing API functions to the cryptolib documentation

andrea-caforio · nasahlpa · commit 158897e780e3 · 2025-10-28T13:37:21.000Z
- otcrypto_rsa_encrypt
  - otcrypto_rsa_decrypt
  - otcrypto_rsa_keypair_from_cofactor

Signed-off-by: Andrea Caforio &lt;andrea.caforio@lowrisc.org&gt;
diff --git a/doc/security/cryptolib/cryptolib_api.md b/doc/security/cryptolib/cryptolib_api.md
@@ -296,6 +296,9 @@ Always ensure that you fully understand the security implications of the padding
 {{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_private_key_from_exponents }}
 {{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_sign }}
 {{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_verify }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_encrypt }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_decrypt }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_keypair_from_cofactor }}
 
 ### RSA Asynchronous API
 
@@ -305,6 +308,12 @@ Always ensure that you fully understand the security implications of the padding
 {{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_sign_async_finalize }}
 {{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_verify_async_start }}
 {{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_verify_async_finalize }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_encrypt_async_start }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_encrypt_async_finalize }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_decrypt_async_start }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_decrypt_async_finalize }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_keypair_from_cofactor_async_start }}
+{{#header-snippet sw/device/lib/crypto/include/rsa.h otcrypto_rsa_keypair_from_cofactor_async_finalize }}
 
 ## Elliptic curve cryptography
 
diff --git a/doc/security/cryptolib/security.md b/doc/security/cryptolib/security.md
@@ -66,7 +66,10 @@ The following software-based countermeasures are implemented:
 ### RSA
 Modular exponentiation is the core operation for both RSA encryption/sign and key generation.
 It is implemented as a constant-time Montgomery Ladder with Boolean-masked exponents and blinded base points as detailed in the following works:
+
 - https://eprint.iacr.org/2018/1226.pdf
 - https://dl.acm.org/doi/10.1145/1873548.1873556
+
 The combination of both countermeasures results in an exponentiation that is resistant against vertical and horizontal power analysis.
-This hardened exponentiation is reused in the primality check routine of the key generation algorithm.
+This hardened exponentiation is reused in the primality check routine of the key generation algorithm rendering it equally hardened.
+The key generation hardening only applies to [otcrypto_rsa_keygen](https://github.com/lowRISC/opentitan/tree/master/sw/device/lib/crypto/include/rsa.h#L100) and not [otcrypto_rsa_keypair_from_cofactor](https://github.com/lowRISC/opentitan/tree/master/sw/device/lib/crypto/include/rsa.h#L155).
