rsa heapless fork
A microcontroller-friendly fork of the RustCrypto RSA crate. Public-key operations — PKCS#1 v1.5 verify, OAEP encrypt, PSS verify — are generic over the bigint backend, with a no-alloc path through fixed-bigint and modmath tested on 8-bit AVR, Cortex-M and RISC-V.
Scope
This is a proof of concept focused on shrinking code size and stack usage. Public-key only — verification and encryption — which covers the common embedded use cases (bootloader signature checks, key wrapping to a server).
Private-key operations (key generation, signing, decryption) are deliberately omitted from the heapless path on safety grounds: doing them correctly requires constant-time primitives, a trustworthy RNG, and secure key storage that the dependency stack doesn't yet provide. The full upstream behavior remains available via the alloc and private-key feature flags on a heap-allocating backend; license, MSRV, and security advisories there follow the upstream crate, preserved verbatim in UPSTREAM_README.md.
Resource usage (as of version 0.10.0-rc.18)
PSS signature verification. The u8 backend uses 8-bit limbs (more portable, works on 8-bit AVR); the u32 backend uses 32-bit limbs (natural on 32-bit cores). Full sweeps across key sizes, operations, and targets live under footprint/.
| Target | Key | Hash | Backend | .text (KiB) | Stack (bytes) |
|---|---|---|---|---|---|
| ATmega2560 | 512 | SHA-1 | u8 | 27.4 | 3099 |
| Cortex-M0 | 512 | SHA-1 | u32 | 8.9 | 4208 |
| Cortex-M0 | 2048 | SHA-256 | u32 | 15.5 | 11724 |
| Cortex-M3 | 512 | SHA-1 | u32 | 9.2 | 4216 |
| Cortex-M3 | 2048 | SHA-256 | u32 | 13.1 | 11564 |
| sifive_e (RV32) | 512 | SHA-1 | u32 | 11.3 | 2840 |
| sifive_e (RV32) | 2048 | SHA-256 | u32 | 21.1 | 11736 |
Example (host, alloc)
use ;
let pub_key: RsaPublicKey = /* parse from DER/PEM via pkcs1/pkcs8 */;
let mut rng = rng;
let enc = pub_key.encrypt.unwrap;
For no-alloc usage (embedded), see the examples/ and footprint/ directories.