Small portable digital signing and verification library

Question

I'm looking for a library that allows me to authenticate data sent to embedded modules. Due to the hardware constraints, it needs to be of small footprint (both code and memory wise) and yet have security comparable to RSA-1024.

The requirements are as follows

• Verification on embedded modules (custom CPUs, with only a C89 compiler available)
• Signing and verification in Windows (C/C++ code)
• Signing in Java (some data needs to be generated via a webpage, so Java would be a big perk)

I would very much like to not have to implement a PKCS #1 v1.5/PSS-like system myself, but I haven't been able to find any good libraries that match the above requirements. Open source would be nice, but commercial solutions are of equal interest. Note that I need access to the C-code, since it has to be recompiled for the custom CPUs.

NaCl looks promising, but it seems to be in development still.

I've had a look at OpenSSL, but it does a lot more than digital signatures and stripping out just the signature verification code was non-trivial.

Am I looking at it the wrong way? I tried implementing SHA+RSA first, but I wasn't sure if the padding step was correct (which means that it probably wasn't secure), so I decided to post here instead for help.

EDIT: Clarification, only the verification part have the tough constraints on it. Signature and key generation will run on normal PCs.

Answer 1

Take a look at mbed TLS (formerly known as PolarSSL):

mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint.