rsa.h revision 110007
156083Skris/* crypto/rsa/rsa.h */ 256083Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 356083Skris * All rights reserved. 456083Skris * 556083Skris * This package is an SSL implementation written 656083Skris * by Eric Young (eay@cryptsoft.com). 756083Skris * The implementation was written so as to conform with Netscapes SSL. 856083Skris * 956083Skris * This library is free for commercial and non-commercial use as long as 1056083Skris * the following conditions are aheared to. The following conditions 1156083Skris * apply to all code found in this distribution, be it the RC4, RSA, 1256083Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1356083Skris * included with this distribution is covered by the same copyright terms 1456083Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1556083Skris * 1656083Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1756083Skris * the code are not to be removed. 1856083Skris * If this package is used in a product, Eric Young should be given attribution 1956083Skris * as the author of the parts of the library used. 2056083Skris * This can be in the form of a textual message at program startup or 2156083Skris * in documentation (online or textual) provided with the package. 2256083Skris * 2356083Skris * Redistribution and use in source and binary forms, with or without 2456083Skris * modification, are permitted provided that the following conditions 2556083Skris * are met: 2656083Skris * 1. Redistributions of source code must retain the copyright 2756083Skris * notice, this list of conditions and the following disclaimer. 2856083Skris * 2. Redistributions in binary form must reproduce the above copyright 2956083Skris * notice, this list of conditions and the following disclaimer in the 3056083Skris * documentation and/or other materials provided with the distribution. 3156083Skris * 3. All advertising materials mentioning features or use of this software 3256083Skris * must display the following acknowledgement: 3356083Skris * "This product includes cryptographic software written by 3456083Skris * Eric Young (eay@cryptsoft.com)" 3556083Skris * The word 'cryptographic' can be left out if the rouines from the library 3656083Skris * being used are not cryptographic related :-). 3756083Skris * 4. If you include any Windows specific code (or a derivative thereof) from 3856083Skris * the apps directory (application code) you must include an acknowledgement: 3956083Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4056083Skris * 4156083Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4256083Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4356083Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4456083Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4556083Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4656083Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4756083Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4856083Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4956083Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5056083Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5156083Skris * SUCH DAMAGE. 5256083Skris * 5356083Skris * The licence and distribution terms for any publically available version or 5456083Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5556083Skris * copied and put under another distribution licence 5656083Skris * [including the GNU Public Licence.] 5756083Skris */ 5856083Skris 5956083Skris#ifndef HEADER_RSA_H 6056083Skris#define HEADER_RSA_H 6156083Skris 62110007Smarkm#include <openssl/asn1.h> 63110007Smarkm 64110007Smarkm#ifndef OPENSSL_NO_BIO 6568654Skris#include <openssl/bio.h> 6656083Skris#endif 6756083Skris#include <openssl/bn.h> 6856083Skris#include <openssl/crypto.h> 69110007Smarkm#include <openssl/ossl_typ.h> 7056083Skris 71110007Smarkm#ifdef OPENSSL_NO_RSA 7256083Skris#error RSA is disabled. 7356083Skris#endif 7456083Skris 7568654Skris#ifdef __cplusplus 7668654Skrisextern "C" { 7768654Skris#endif 7868654Skris 7956083Skristypedef struct rsa_st RSA; 8056083Skris 8156083Skristypedef struct rsa_meth_st 8256083Skris { 8356083Skris const char *name; 84110007Smarkm int (*rsa_pub_enc)(int flen,const unsigned char *from, 85110007Smarkm unsigned char *to, 8656083Skris RSA *rsa,int padding); 87110007Smarkm int (*rsa_pub_dec)(int flen,const unsigned char *from, 88110007Smarkm unsigned char *to, 8956083Skris RSA *rsa,int padding); 90110007Smarkm int (*rsa_priv_enc)(int flen,const unsigned char *from, 91110007Smarkm unsigned char *to, 9256083Skris RSA *rsa,int padding); 93110007Smarkm int (*rsa_priv_dec)(int flen,const unsigned char *from, 94110007Smarkm unsigned char *to, 9556083Skris RSA *rsa,int padding); 96110007Smarkm int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ 97110007Smarkm int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 9856083Skris const BIGNUM *m, BN_CTX *ctx, 9956083Skris BN_MONT_CTX *m_ctx); /* Can be null */ 10056083Skris int (*init)(RSA *rsa); /* called at new */ 10156083Skris int (*finish)(RSA *rsa); /* called at free */ 10256083Skris int flags; /* RSA_METHOD_FLAG_* things */ 10356083Skris char *app_data; /* may be needed! */ 10459194Skris/* New sign and verify functions: some libraries don't allow arbitrary data 10559194Skris * to be signed/verified: this allows them to be used. Note: for this to work 10659194Skris * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used 10759194Skris * RSA_sign(), RSA_verify() should be used instead. Note: for backwards 10859194Skris * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER 10959194Skris * option is set in 'flags'. 11059194Skris */ 111110007Smarkm int (*rsa_sign)(int type, 112110007Smarkm const unsigned char *m, unsigned int m_length, 113110007Smarkm unsigned char *sigret, unsigned int *siglen, const RSA *rsa); 114110007Smarkm int (*rsa_verify)(int dtype, 115110007Smarkm const unsigned char *m, unsigned int m_length, 116110007Smarkm unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); 117100931Snectar 11856083Skris } RSA_METHOD; 11956083Skris 12056083Skrisstruct rsa_st 12156083Skris { 12256083Skris /* The first parameter is used to pickup errors where 12356083Skris * this is passed instead of aEVP_PKEY, it is set to 0 */ 12456083Skris int pad; 125110007Smarkm long version; 126110007Smarkm const RSA_METHOD *meth; 127110007Smarkm /* functional reference if 'meth' is ENGINE-provided */ 128110007Smarkm ENGINE *engine; 12956083Skris BIGNUM *n; 13056083Skris BIGNUM *e; 13156083Skris BIGNUM *d; 13256083Skris BIGNUM *p; 13356083Skris BIGNUM *q; 13456083Skris BIGNUM *dmp1; 13556083Skris BIGNUM *dmq1; 13656083Skris BIGNUM *iqmp; 13756083Skris /* be careful using this if the RSA structure is shared */ 13856083Skris CRYPTO_EX_DATA ex_data; 13956083Skris int references; 14056083Skris int flags; 14156083Skris 14256083Skris /* Used to cache montgomery values */ 14356083Skris BN_MONT_CTX *_method_mod_n; 14456083Skris BN_MONT_CTX *_method_mod_p; 14556083Skris BN_MONT_CTX *_method_mod_q; 14656083Skris 14756083Skris /* all BIGNUM values are actually in the following data, if it is not 14856083Skris * NULL */ 14956083Skris char *bignum_data; 15056083Skris BN_BLINDING *blinding; 15156083Skris }; 15256083Skris 15356083Skris#define RSA_3 0x3L 15456083Skris#define RSA_F4 0x10001L 15556083Skris 15656083Skris#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ 15756083Skris 15856083Skris#define RSA_FLAG_CACHE_PUBLIC 0x02 15956083Skris#define RSA_FLAG_CACHE_PRIVATE 0x04 16056083Skris#define RSA_FLAG_BLINDING 0x08 16156083Skris#define RSA_FLAG_THREAD_SAFE 0x10 16256083Skris/* This flag means the private key operations will be handled by rsa_mod_exp 16356083Skris * and that they do not depend on the private key components being present: 16456083Skris * for example a key stored in external hardware. Without this flag bn_mod_exp 16556083Skris * gets called when private key components are absent. 16656083Skris */ 16756083Skris#define RSA_FLAG_EXT_PKEY 0x20 16856083Skris 16959194Skris/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. 17059194Skris */ 17159194Skris#define RSA_FLAG_SIGN_VER 0x40 17259194Skris 17356083Skris#define RSA_PKCS1_PADDING 1 17456083Skris#define RSA_SSLV23_PADDING 2 17556083Skris#define RSA_NO_PADDING 3 17656083Skris#define RSA_PKCS1_OAEP_PADDING 4 17756083Skris 178110007Smarkm#define RSA_PKCS1_PADDING_SIZE 11 179110007Smarkm 18059194Skris#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) 18156083Skris#define RSA_get_app_data(s) RSA_get_ex_data(s,0) 18256083Skris 18356083SkrisRSA * RSA_new(void); 184110007SmarkmRSA * RSA_new_method(ENGINE *engine); 185110007Smarkmint RSA_size(const RSA *); 18656083SkrisRSA * RSA_generate_key(int bits, unsigned long e,void 18756083Skris (*callback)(int,int,void *),void *cb_arg); 188110007Smarkmint RSA_check_key(const RSA *); 18956083Skris /* next 4 return -1 on error */ 190110007Smarkmint RSA_public_encrypt(int flen, const unsigned char *from, 19156083Skris unsigned char *to, RSA *rsa,int padding); 192110007Smarkmint RSA_private_encrypt(int flen, const unsigned char *from, 19356083Skris unsigned char *to, RSA *rsa,int padding); 194110007Smarkmint RSA_public_decrypt(int flen, const unsigned char *from, 19556083Skris unsigned char *to, RSA *rsa,int padding); 196110007Smarkmint RSA_private_decrypt(int flen, const unsigned char *from, 19756083Skris unsigned char *to, RSA *rsa,int padding); 19856083Skrisvoid RSA_free (RSA *r); 199110007Smarkm/* "up" the RSA object's reference count */ 200110007Smarkmint RSA_up_ref(RSA *r); 20156083Skris 202110007Smarkmint RSA_flags(const RSA *r); 20356083Skris 204110007Smarkmvoid RSA_set_default_method(const RSA_METHOD *meth); 205110007Smarkmconst RSA_METHOD *RSA_get_default_method(void); 206110007Smarkmconst RSA_METHOD *RSA_get_method(const RSA *rsa); 207110007Smarkmint RSA_set_method(RSA *rsa, const RSA_METHOD *meth); 20856083Skris 20956083Skris/* This function needs the memory locking malloc callbacks to be installed */ 21056083Skrisint RSA_memory_lock(RSA *r); 21156083Skris 21256083Skris/* these are the actual SSLeay RSA functions */ 213110007Smarkmconst RSA_METHOD *RSA_PKCS1_SSLeay(void); 21456083Skris 215110007Smarkmconst RSA_METHOD *RSA_null_method(void); 21659194Skris 217110007SmarkmDECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) 218110007SmarkmDECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) 219110007Smarkm 220110007Smarkm#ifndef OPENSSL_NO_FP_API 221110007Smarkmint RSA_print_fp(FILE *fp, const RSA *r,int offset); 22256083Skris#endif 22356083Skris 224110007Smarkm#ifndef OPENSSL_NO_BIO 225110007Smarkmint RSA_print(BIO *bp, const RSA *r,int offset); 22656083Skris#endif 22756083Skris 228110007Smarkmint i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); 229110007SmarkmRSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); 23068654Skris 231110007Smarkmint i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); 232110007SmarkmRSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); 23356083Skris 23456083Skris/* The following 2 functions sign and verify a X509_SIG ASN1 object 23556083Skris * inside PKCS#1 padded RSA encryption */ 236110007Smarkmint RSA_sign(int type, const unsigned char *m, unsigned int m_length, 23756083Skris unsigned char *sigret, unsigned int *siglen, RSA *rsa); 238110007Smarkmint RSA_verify(int type, const unsigned char *m, unsigned int m_length, 23956083Skris unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 24056083Skris 24156083Skris/* The following 2 function sign and verify a ASN1_OCTET_STRING 24256083Skris * object inside PKCS#1 padded RSA encryption */ 243110007Smarkmint RSA_sign_ASN1_OCTET_STRING(int type, 244110007Smarkm const unsigned char *m, unsigned int m_length, 24556083Skris unsigned char *sigret, unsigned int *siglen, RSA *rsa); 246110007Smarkmint RSA_verify_ASN1_OCTET_STRING(int type, 247110007Smarkm const unsigned char *m, unsigned int m_length, 24856083Skris unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 24956083Skris 25056083Skrisint RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 25156083Skrisvoid RSA_blinding_off(RSA *rsa); 25256083Skris 25356083Skrisint RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, 254110007Smarkm const unsigned char *f,int fl); 25556083Skrisint RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, 256110007Smarkm const unsigned char *f,int fl,int rsa_len); 25756083Skrisint RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, 258110007Smarkm const unsigned char *f,int fl); 25956083Skrisint RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, 260110007Smarkm const unsigned char *f,int fl,int rsa_len); 26156083Skrisint RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, 262110007Smarkm const unsigned char *f,int fl, 263110007Smarkm const unsigned char *p,int pl); 26456083Skrisint RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, 265110007Smarkm const unsigned char *f,int fl,int rsa_len, 266110007Smarkm const unsigned char *p,int pl); 26756083Skrisint RSA_padding_add_SSLv23(unsigned char *to,int tlen, 268110007Smarkm const unsigned char *f,int fl); 26956083Skrisint RSA_padding_check_SSLv23(unsigned char *to,int tlen, 270110007Smarkm const unsigned char *f,int fl,int rsa_len); 27156083Skrisint RSA_padding_add_none(unsigned char *to,int tlen, 272110007Smarkm const unsigned char *f,int fl); 27356083Skrisint RSA_padding_check_none(unsigned char *to,int tlen, 274110007Smarkm const unsigned char *f,int fl,int rsa_len); 27556083Skris 27659194Skrisint RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 27759194Skris CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 27859194Skrisint RSA_set_ex_data(RSA *r,int idx,void *arg); 279110007Smarkmvoid *RSA_get_ex_data(const RSA *r, int idx); 28057971Skris 281110007SmarkmRSA *RSAPublicKey_dup(RSA *rsa); 282110007SmarkmRSA *RSAPrivateKey_dup(RSA *rsa); 283110007Smarkm 28456083Skris/* BEGIN ERROR CODES */ 28556083Skris/* The following lines are auto generated by the script mkerr.pl. Any changes 28656083Skris * made after this point may be overwritten when the script is next run. 28756083Skris */ 28889840Skrisvoid ERR_load_RSA_strings(void); 28956083Skris 29056083Skris/* Error codes for the RSA functions. */ 29156083Skris 29256083Skris/* Function codes. */ 29356083Skris#define RSA_F_MEMORY_LOCK 100 29456083Skris#define RSA_F_RSA_CHECK_KEY 123 29556083Skris#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 29656083Skris#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 29756083Skris#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 29856083Skris#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 29956083Skris#define RSA_F_RSA_GENERATE_KEY 105 30056083Skris#define RSA_F_RSA_NEW_METHOD 106 30159194Skris#define RSA_F_RSA_NULL 124 30256083Skris#define RSA_F_RSA_PADDING_ADD_NONE 107 30356083Skris#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 30456083Skris#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 30556083Skris#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 30656083Skris#define RSA_F_RSA_PADDING_ADD_SSLV23 110 30756083Skris#define RSA_F_RSA_PADDING_CHECK_NONE 111 30856083Skris#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 30956083Skris#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 31056083Skris#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 31156083Skris#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 31256083Skris#define RSA_F_RSA_PRINT 115 31356083Skris#define RSA_F_RSA_PRINT_FP 116 31456083Skris#define RSA_F_RSA_SIGN 117 31556083Skris#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 31656083Skris#define RSA_F_RSA_VERIFY 119 31756083Skris#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 31856083Skris 31956083Skris/* Reason codes. */ 32056083Skris#define RSA_R_ALGORITHM_MISMATCH 100 32156083Skris#define RSA_R_BAD_E_VALUE 101 32256083Skris#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 32356083Skris#define RSA_R_BAD_PAD_BYTE_COUNT 103 32456083Skris#define RSA_R_BAD_SIGNATURE 104 32556083Skris#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 32656083Skris#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 32756083Skris#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 32856083Skris#define RSA_R_DATA_TOO_LARGE 109 32956083Skris#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 33089840Skris#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 33156083Skris#define RSA_R_DATA_TOO_SMALL 111 33256083Skris#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 33356083Skris#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 33456083Skris#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 33556083Skris#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 33659194Skris#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 33759194Skris#define RSA_R_INVALID_MESSAGE_LENGTH 131 33856083Skris#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 33956083Skris#define RSA_R_KEY_SIZE_TOO_SMALL 120 34056083Skris#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 34156083Skris#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 34256083Skris#define RSA_R_OAEP_DECODING_ERROR 121 34356083Skris#define RSA_R_PADDING_CHECK_FAILED 114 34456083Skris#define RSA_R_P_NOT_PRIME 128 34556083Skris#define RSA_R_Q_NOT_PRIME 129 34659194Skris#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 34756083Skris#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 34856083Skris#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 34956083Skris#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 35056083Skris#define RSA_R_UNKNOWN_PADDING_TYPE 118 35156083Skris#define RSA_R_WRONG_SIGNATURE_LENGTH 119 35256083Skris 35356083Skris#ifdef __cplusplus 35456083Skris} 35556083Skris#endif 35656083Skris#endif 357