]>
Commit | Line | Data |
---|---|---|
d02b48c6 | 1 | /* crypto/rsa/rsa.h */ |
58964a49 | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
d02b48c6 RE |
3 | * All rights reserved. |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #ifndef HEADER_RSA_H | |
60 | #define HEADER_RSA_H | |
61 | ||
ef33b970 RL |
62 | #ifndef NO_BIO |
63 | #include <openssl/bio.h> | |
64 | #endif | |
ec577822 BM |
65 | #include <openssl/bn.h> |
66 | #include <openssl/crypto.h> | |
d02b48c6 | 67 | |
f5d7a031 UM |
68 | #ifdef NO_RSA |
69 | #error RSA is disabled. | |
70 | #endif | |
71 | ||
82271cee RL |
72 | #ifdef __cplusplus |
73 | extern "C" { | |
74 | #endif | |
75 | ||
03f8b042 BL |
76 | typedef struct rsa_st RSA; |
77 | ||
d02b48c6 RE |
78 | typedef struct rsa_meth_st |
79 | { | |
e778802f | 80 | const char *name; |
03f8b042 BL |
81 | int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, |
82 | RSA *rsa,int padding); | |
83 | int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, | |
84 | RSA *rsa,int padding); | |
85 | int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to, | |
86 | RSA *rsa,int padding); | |
87 | int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to, | |
88 | RSA *rsa,int padding); | |
89 | int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */ | |
84c15db5 BL |
90 | int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
91 | const BIGNUM *m, BN_CTX *ctx, | |
92 | BN_MONT_CTX *m_ctx); /* Can be null */ | |
03f8b042 BL |
93 | int (*init)(RSA *rsa); /* called at new */ |
94 | int (*finish)(RSA *rsa); /* called at free */ | |
58964a49 RE |
95 | int flags; /* RSA_METHOD_FLAG_* things */ |
96 | char *app_data; /* may be needed! */ | |
1c80019a DSH |
97 | /* New sign and verify functions: some libraries don't allow arbitrary data |
98 | * to be signed/verified: this allows them to be used. Note: for this to work | |
99 | * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used | |
100 | * RSA_sign(), RSA_verify() should be used instead. Note: for backwards | |
657e60fa | 101 | * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER |
1c80019a DSH |
102 | * option is set in 'flags'. |
103 | */ | |
104 | int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, | |
105 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | |
106 | int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len, | |
107 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | |
108 | ||
d02b48c6 RE |
109 | } RSA_METHOD; |
110 | ||
03f8b042 | 111 | struct rsa_st |
d02b48c6 RE |
112 | { |
113 | /* The first parameter is used to pickup errors where | |
114 | * this is passed instead of aEVP_PKEY, it is set to 0 */ | |
115 | int pad; | |
116 | int version; | |
5270e702 | 117 | #if 0 |
d02b48c6 | 118 | RSA_METHOD *meth; |
5270e702 RL |
119 | #else |
120 | struct engine_st *engine; | |
121 | #endif | |
d02b48c6 RE |
122 | BIGNUM *n; |
123 | BIGNUM *e; | |
124 | BIGNUM *d; | |
125 | BIGNUM *p; | |
126 | BIGNUM *q; | |
127 | BIGNUM *dmp1; | |
128 | BIGNUM *dmq1; | |
129 | BIGNUM *iqmp; | |
770d19b8 | 130 | /* be careful using this if the RSA structure is shared */ |
58964a49 | 131 | CRYPTO_EX_DATA ex_data; |
d02b48c6 | 132 | int references; |
58964a49 RE |
133 | int flags; |
134 | ||
03f8b042 BL |
135 | /* Used to cache montgomery values */ |
136 | BN_MONT_CTX *_method_mod_n; | |
137 | BN_MONT_CTX *_method_mod_p; | |
138 | BN_MONT_CTX *_method_mod_q; | |
58964a49 | 139 | |
dfeab068 RE |
140 | /* all BIGNUM values are actually in the following data, if it is not |
141 | * NULL */ | |
142 | char *bignum_data; | |
58964a49 | 143 | BN_BLINDING *blinding; |
03f8b042 | 144 | }; |
d02b48c6 RE |
145 | |
146 | #define RSA_3 0x3L | |
147 | #define RSA_F4 0x10001L | |
148 | ||
58964a49 | 149 | #define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ |
dfeab068 | 150 | |
58964a49 RE |
151 | #define RSA_FLAG_CACHE_PUBLIC 0x02 |
152 | #define RSA_FLAG_CACHE_PRIVATE 0x04 | |
153 | #define RSA_FLAG_BLINDING 0x08 | |
154 | #define RSA_FLAG_THREAD_SAFE 0x10 | |
770d19b8 DSH |
155 | /* This flag means the private key operations will be handled by rsa_mod_exp |
156 | * and that they do not depend on the private key components being present: | |
157 | * for example a key stored in external hardware. Without this flag bn_mod_exp | |
158 | * gets called when private key components are absent. | |
159 | */ | |
160 | #define RSA_FLAG_EXT_PKEY 0x20 | |
58964a49 | 161 | |
1c80019a DSH |
162 | /* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. |
163 | */ | |
164 | #define RSA_FLAG_SIGN_VER 0x40 | |
165 | ||
58964a49 RE |
166 | #define RSA_PKCS1_PADDING 1 |
167 | #define RSA_SSLV23_PADDING 2 | |
168 | #define RSA_NO_PADDING 3 | |
a4949896 | 169 | #define RSA_PKCS1_OAEP_PADDING 4 |
58964a49 | 170 | |
dd9d233e | 171 | #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) |
58964a49 | 172 | #define RSA_get_app_data(s) RSA_get_ex_data(s,0) |
d02b48c6 | 173 | |
d02b48c6 | 174 | RSA * RSA_new(void); |
5270e702 | 175 | #if 0 |
d02b48c6 | 176 | RSA * RSA_new_method(RSA_METHOD *method); |
5270e702 RL |
177 | #else |
178 | RSA * RSA_new_method(struct engine_st *engine); | |
179 | #endif | |
d02b48c6 RE |
180 | int RSA_size(RSA *); |
181 | RSA * RSA_generate_key(int bits, unsigned long e,void | |
b4f76582 | 182 | (*callback)(int,int,void *),void *cb_arg); |
03cd4944 | 183 | int RSA_check_key(RSA *); |
d02b48c6 RE |
184 | /* next 4 return -1 on error */ |
185 | int RSA_public_encrypt(int flen, unsigned char *from, | |
186 | unsigned char *to, RSA *rsa,int padding); | |
187 | int RSA_private_encrypt(int flen, unsigned char *from, | |
188 | unsigned char *to, RSA *rsa,int padding); | |
189 | int RSA_public_decrypt(int flen, unsigned char *from, | |
190 | unsigned char *to, RSA *rsa,int padding); | |
191 | int RSA_private_decrypt(int flen, unsigned char *from, | |
192 | unsigned char *to, RSA *rsa,int padding); | |
193 | void RSA_free (RSA *r); | |
194 | ||
58964a49 RE |
195 | int RSA_flags(RSA *r); |
196 | ||
5270e702 RL |
197 | void RSA_set_default_openssl_method(RSA_METHOD *meth); |
198 | RSA_METHOD *RSA_get_default_openssl_method(void); | |
ce8b2574 | 199 | RSA_METHOD *RSA_get_method(RSA *rsa); |
5270e702 | 200 | #if 0 |
ce8b2574 | 201 | RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); |
5270e702 RL |
202 | #else |
203 | int RSA_set_method(RSA *rsa, struct engine_st *engine); | |
204 | #endif | |
d02b48c6 | 205 | |
dfeab068 RE |
206 | /* This function needs the memory locking malloc callbacks to be installed */ |
207 | int RSA_memory_lock(RSA *r); | |
208 | ||
d02b48c6 | 209 | /* If you have RSAref compiled in. */ |
58964a49 | 210 | RSA_METHOD *RSA_PKCS1_RSAref(void); |
d02b48c6 RE |
211 | |
212 | /* these are the actual SSLeay RSA functions */ | |
213 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | |
214 | ||
c1cd88a0 DSH |
215 | RSA_METHOD *RSA_null_method(void); |
216 | ||
d02b48c6 RE |
217 | void ERR_load_RSA_strings(void ); |
218 | ||
219 | RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); | |
220 | int i2d_RSAPublicKey(RSA *a, unsigned char **pp); | |
221 | RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); | |
222 | int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); | |
58964a49 | 223 | #ifndef NO_FP_API |
d02b48c6 RE |
224 | int RSA_print_fp(FILE *fp, RSA *r,int offset); |
225 | #endif | |
226 | ||
ef33b970 | 227 | #ifndef NO_BIO |
d02b48c6 RE |
228 | int RSA_print(BIO *bp, RSA *r,int offset); |
229 | #endif | |
230 | ||
d3ed8ceb DSH |
231 | int i2d_RSA_NET(RSA *a, unsigned char **pp, int (*cb)(), int sgckey); |
232 | RSA *d2i_RSA_NET(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); | |
233 | RSA *d2i_RSA_NET_2(RSA **a, unsigned char **pp, long length, int (*cb)(), int sgckey); | |
234 | ||
d02b48c6 RE |
235 | int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); |
236 | RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); | |
58964a49 RE |
237 | /* Naughty internal function required elsewhere, to handle a MS structure |
238 | * that is the same as the netscape one :-) */ | |
239 | RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)()); | |
d02b48c6 RE |
240 | |
241 | /* The following 2 functions sign and verify a X509_SIG ASN1 object | |
242 | * inside PKCS#1 padded RSA encryption */ | |
243 | int RSA_sign(int type, unsigned char *m, unsigned int m_len, | |
244 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | |
245 | int RSA_verify(int type, unsigned char *m, unsigned int m_len, | |
246 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | |
247 | ||
248 | /* The following 2 function sign and verify a ASN1_OCTET_STRING | |
249 | * object inside PKCS#1 padded RSA encryption */ | |
250 | int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, | |
251 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | |
252 | int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, | |
253 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | |
254 | ||
58964a49 RE |
255 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); |
256 | void RSA_blinding_off(RSA *rsa); | |
257 | ||
258 | int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, | |
259 | unsigned char *f,int fl); | |
260 | int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, | |
dfeab068 | 261 | unsigned char *f,int fl,int rsa_len); |
58964a49 RE |
262 | int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, |
263 | unsigned char *f,int fl); | |
264 | int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, | |
dfeab068 | 265 | unsigned char *f,int fl,int rsa_len); |
a4949896 BL |
266 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, |
267 | unsigned char *f,int fl,unsigned char *p, | |
268 | int pl); | |
269 | int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, | |
270 | unsigned char *f,int fl,int rsa_len, | |
271 | unsigned char *p,int pl); | |
58964a49 RE |
272 | int RSA_padding_add_SSLv23(unsigned char *to,int tlen, |
273 | unsigned char *f,int fl); | |
274 | int RSA_padding_check_SSLv23(unsigned char *to,int tlen, | |
dfeab068 | 275 | unsigned char *f,int fl,int rsa_len); |
58964a49 RE |
276 | int RSA_padding_add_none(unsigned char *to,int tlen, |
277 | unsigned char *f,int fl); | |
278 | int RSA_padding_check_none(unsigned char *to,int tlen, | |
dfeab068 | 279 | unsigned char *f,int fl,int rsa_len); |
58964a49 | 280 | |
dd9d233e DSH |
281 | int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
282 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | |
283 | int RSA_set_ex_data(RSA *r,int idx,void *arg); | |
284 | void *RSA_get_ex_data(RSA *r, int idx); | |
58964a49 | 285 | |
d02b48c6 | 286 | /* BEGIN ERROR CODES */ |
6d311938 DSH |
287 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
288 | * made after this point may be overwritten when the script is next run. | |
289 | */ | |
290 | ||
d02b48c6 RE |
291 | /* Error codes for the RSA functions. */ |
292 | ||
293 | /* Function codes. */ | |
dfeab068 | 294 | #define RSA_F_MEMORY_LOCK 100 |
03cd4944 | 295 | #define RSA_F_RSA_CHECK_KEY 123 |
dfeab068 RE |
296 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 |
297 | #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 | |
298 | #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 | |
299 | #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 | |
300 | #define RSA_F_RSA_GENERATE_KEY 105 | |
301 | #define RSA_F_RSA_NEW_METHOD 106 | |
c1cd88a0 | 302 | #define RSA_F_RSA_NULL 124 |
dfeab068 | 303 | #define RSA_F_RSA_PADDING_ADD_NONE 107 |
a4949896 | 304 | #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 |
dfeab068 RE |
305 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 |
306 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 | |
307 | #define RSA_F_RSA_PADDING_ADD_SSLV23 110 | |
308 | #define RSA_F_RSA_PADDING_CHECK_NONE 111 | |
a4949896 | 309 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 |
dfeab068 RE |
310 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 |
311 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 | |
312 | #define RSA_F_RSA_PADDING_CHECK_SSLV23 114 | |
313 | #define RSA_F_RSA_PRINT 115 | |
314 | #define RSA_F_RSA_PRINT_FP 116 | |
315 | #define RSA_F_RSA_SIGN 117 | |
316 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 | |
317 | #define RSA_F_RSA_VERIFY 119 | |
318 | #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 | |
d02b48c6 RE |
319 | |
320 | /* Reason codes. */ | |
321 | #define RSA_R_ALGORITHM_MISMATCH 100 | |
322 | #define RSA_R_BAD_E_VALUE 101 | |
323 | #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 | |
324 | #define RSA_R_BAD_PAD_BYTE_COUNT 103 | |
325 | #define RSA_R_BAD_SIGNATURE 104 | |
58964a49 RE |
326 | #define RSA_R_BLOCK_TYPE_IS_NOT_01 106 |
327 | #define RSA_R_BLOCK_TYPE_IS_NOT_02 107 | |
328 | #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 | |
329 | #define RSA_R_DATA_TOO_LARGE 109 | |
330 | #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 | |
331 | #define RSA_R_DATA_TOO_SMALL 111 | |
0c8a1281 | 332 | #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 |
58964a49 | 333 | #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 |
03cd4944 BM |
334 | #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 |
335 | #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 | |
c1cd88a0 | 336 | #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 |
1c80019a | 337 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 |
03cd4944 | 338 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 |
a4949896 | 339 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 |
58964a49 | 340 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
3a55fc1a | 341 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 |
a4949896 | 342 | #define RSA_R_OAEP_DECODING_ERROR 121 |
58964a49 | 343 | #define RSA_R_PADDING_CHECK_FAILED 114 |
03cd4944 BM |
344 | #define RSA_R_P_NOT_PRIME 128 |
345 | #define RSA_R_Q_NOT_PRIME 129 | |
c1cd88a0 | 346 | #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 |
58964a49 RE |
347 | #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 |
348 | #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 | |
349 | #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 | |
350 | #define RSA_R_UNKNOWN_PADDING_TYPE 118 | |
351 | #define RSA_R_WRONG_SIGNATURE_LENGTH 119 | |
6d311938 | 352 | |
d02b48c6 RE |
353 | #ifdef __cplusplus |
354 | } | |
355 | #endif | |
356 | #endif | |
357 |