rsa.h 24 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609
  1. /* $OpenBSD: rsa.h,v 1.65 2023/07/28 10:05:16 tb Exp $ */
  2. /* Copyright (C) 1995-1998 Eric Young ([email protected])
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young ([email protected]).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson ([email protected]).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young ([email protected])"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson ([email protected])"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #ifndef HEADER_RSA_H
  59. #define HEADER_RSA_H
  60. #include <openssl/opensslconf.h>
  61. #include <openssl/asn1.h>
  62. #ifndef OPENSSL_NO_BIO
  63. #include <openssl/bio.h>
  64. #endif
  65. #include <openssl/bn.h>
  66. #include <openssl/crypto.h>
  67. #include <openssl/ossl_typ.h>
  68. #ifdef OPENSSL_NO_RSA
  69. #error RSA is disabled.
  70. #endif
  71. #ifdef __cplusplus
  72. extern "C" {
  73. #endif
  74. struct rsa_pss_params_st {
  75. X509_ALGOR *hashAlgorithm;
  76. X509_ALGOR *maskGenAlgorithm;
  77. ASN1_INTEGER *saltLength;
  78. ASN1_INTEGER *trailerField;
  79. /* Hash algorithm decoded from maskGenAlgorithm. */
  80. X509_ALGOR *maskHash;
  81. } /* RSA_PSS_PARAMS */;
  82. typedef struct rsa_oaep_params_st {
  83. X509_ALGOR *hashFunc;
  84. X509_ALGOR *maskGenFunc;
  85. X509_ALGOR *pSourceFunc;
  86. /* Hash algorithm decoded from maskGenFunc. */
  87. X509_ALGOR *maskHash;
  88. } RSA_OAEP_PARAMS;
  89. #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
  90. # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
  91. #endif
  92. #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
  93. # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
  94. #endif
  95. #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
  96. # define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
  97. #endif
  98. #define RSA_3 0x3L
  99. #define RSA_F4 0x10001L
  100. /* Don't check pub/private match. */
  101. #define RSA_METHOD_FLAG_NO_CHECK 0x0001
  102. #define RSA_FLAG_CACHE_PUBLIC 0x0002
  103. #define RSA_FLAG_CACHE_PRIVATE 0x0004
  104. #define RSA_FLAG_BLINDING 0x0008
  105. #define RSA_FLAG_THREAD_SAFE 0x0010
  106. /*
  107. * This flag means the private key operations will be handled by rsa_mod_exp
  108. * and that they do not depend on the private key components being present:
  109. * for example a key stored in external hardware. Without this flag bn_mod_exp
  110. * gets called when private key components are absent.
  111. */
  112. #define RSA_FLAG_EXT_PKEY 0x0020
  113. /*
  114. * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
  115. */
  116. #define RSA_FLAG_SIGN_VER 0x0040
  117. /*
  118. * The built-in RSA implementation uses blinding by default, but other engines
  119. * might not need it.
  120. */
  121. #define RSA_FLAG_NO_BLINDING 0x0080
  122. /* Salt length matches digest */
  123. #define RSA_PSS_SALTLEN_DIGEST -1
  124. /* Verify only: auto detect salt length */
  125. #define RSA_PSS_SALTLEN_AUTO -2
  126. /* Set salt length to maximum possible */
  127. #define RSA_PSS_SALTLEN_MAX -3
  128. #define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
  129. RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL)
  130. #define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
  131. RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
  132. #define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
  133. RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
  134. EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
  135. #define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
  136. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
  137. EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
  138. #define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
  139. RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
  140. EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen)
  141. #define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
  142. RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
  143. EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
  144. #define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
  145. RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
  146. EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
  147. #define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
  148. RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
  149. EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
  150. #define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
  151. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
  152. EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
  153. #define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
  154. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
  155. EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md))
  156. #define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
  157. RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
  158. EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd))
  159. #define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
  160. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
  161. EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd))
  162. #define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
  163. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
  164. EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l))
  165. #define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \
  166. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \
  167. EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l))
  168. #define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
  169. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \
  170. EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, 0, (void *)(md))
  171. #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
  172. #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
  173. #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
  174. #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
  175. #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
  176. #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
  177. #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
  178. #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
  179. #define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9)
  180. #define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10)
  181. #define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11)
  182. #define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
  183. #define RSA_PKCS1_PADDING 1
  184. #define RSA_SSLV23_PADDING 2
  185. #define RSA_NO_PADDING 3
  186. #define RSA_PKCS1_OAEP_PADDING 4
  187. /* rust-openssl and erlang expose this and salt even uses it. */
  188. #define RSA_X931_PADDING 5
  189. /* EVP_PKEY_ only */
  190. #define RSA_PKCS1_PSS_PADDING 6
  191. #define RSA_PKCS1_PADDING_SIZE 11
  192. #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
  193. #define RSA_get_app_data(s) RSA_get_ex_data(s,0)
  194. RSA *RSA_new(void);
  195. RSA *RSA_new_method(ENGINE *engine);
  196. int RSA_bits(const RSA *rsa);
  197. int RSA_size(const RSA *rsa);
  198. /*
  199. * Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used for libressl bindings
  200. * in rust-openssl.
  201. */
  202. RSA *RSA_generate_key(int bits, unsigned long e,
  203. void (*callback)(int, int, void *), void *cb_arg);
  204. /* New version */
  205. int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
  206. int RSA_check_key(const RSA *);
  207. /* next 4 return -1 on error */
  208. int RSA_public_encrypt(int flen, const unsigned char *from,
  209. unsigned char *to, RSA *rsa, int padding);
  210. int RSA_private_encrypt(int flen, const unsigned char *from,
  211. unsigned char *to, RSA *rsa, int padding);
  212. int RSA_public_decrypt(int flen, const unsigned char *from,
  213. unsigned char *to, RSA *rsa, int padding);
  214. int RSA_private_decrypt(int flen, const unsigned char *from,
  215. unsigned char *to, RSA *rsa, int padding);
  216. void RSA_free(RSA *r);
  217. /* "up" the RSA object's reference count */
  218. int RSA_up_ref(RSA *r);
  219. int RSA_flags(const RSA *r);
  220. void RSA_set_default_method(const RSA_METHOD *meth);
  221. const RSA_METHOD *RSA_get_default_method(void);
  222. const RSA_METHOD *RSA_get_method(const RSA *rsa);
  223. int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
  224. const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
  225. const RSA_METHOD *RSA_PKCS1_SSLeay(void);
  226. const RSA_METHOD *RSA_null_method(void);
  227. int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
  228. RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len);
  229. int i2d_RSAPublicKey(const RSA *a, unsigned char **out);
  230. extern const ASN1_ITEM RSAPublicKey_it;
  231. RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len);
  232. int i2d_RSAPrivateKey(const RSA *a, unsigned char **out);
  233. extern const ASN1_ITEM RSAPrivateKey_it;
  234. RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void);
  235. void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a);
  236. RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len);
  237. int i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out);
  238. extern const ASN1_ITEM RSA_PSS_PARAMS_it;
  239. RSA_OAEP_PARAMS *RSA_OAEP_PARAMS_new(void);
  240. void RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS *a);
  241. RSA_OAEP_PARAMS *d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS **a, const unsigned char **in, long len);
  242. int i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS *a, unsigned char **out);
  243. extern const ASN1_ITEM RSA_OAEP_PARAMS_it;
  244. int RSA_print_fp(FILE *fp, const RSA *r, int offset);
  245. #ifndef OPENSSL_NO_BIO
  246. int RSA_print(BIO *bp, const RSA *r, int offset);
  247. #endif
  248. /* The following 2 functions sign and verify a X509_SIG ASN1 object
  249. * inside PKCS#1 padded RSA encryption */
  250. int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
  251. unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  252. int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
  253. const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
  254. /* The following 2 function sign and verify a ASN1_OCTET_STRING
  255. * object inside PKCS#1 padded RSA encryption */
  256. int RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m,
  257. unsigned int m_length, unsigned char *sigret, unsigned int *siglen,
  258. RSA *rsa);
  259. int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
  260. unsigned int m_length, unsigned char *sigbuf, unsigned int siglen,
  261. RSA *rsa);
  262. int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  263. void RSA_blinding_off(RSA *rsa);
  264. int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
  265. const unsigned char *f, int fl);
  266. int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
  267. const unsigned char *f, int fl, int rsa_len);
  268. int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
  269. const unsigned char *f, int fl);
  270. int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
  271. const unsigned char *f, int fl, int rsa_len);
  272. int PKCS1_MGF1(unsigned char *mask, long len,
  273. const unsigned char *seed, long seedlen, const EVP_MD *dgst);
  274. int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
  275. const unsigned char *f, int fl,
  276. const unsigned char *p, int pl);
  277. int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
  278. const unsigned char *f, int fl, int rsa_len,
  279. const unsigned char *p, int pl);
  280. int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
  281. const unsigned char *from, int flen, const unsigned char *param, int plen,
  282. const EVP_MD *md, const EVP_MD *mgf1md);
  283. int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
  284. const unsigned char *from, int flen, int num, const unsigned char *param,
  285. int plen, const EVP_MD *md, const EVP_MD *mgf1md);
  286. int RSA_padding_add_none(unsigned char *to, int tlen,
  287. const unsigned char *f, int fl);
  288. int RSA_padding_check_none(unsigned char *to, int tlen,
  289. const unsigned char *f, int fl, int rsa_len);
  290. int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
  291. const EVP_MD *Hash, const unsigned char *EM, int sLen);
  292. int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
  293. const unsigned char *mHash, const EVP_MD *Hash, int sLen);
  294. int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
  295. const EVP_MD *Hash, const EVP_MD *mgf1Hash, const unsigned char *EM,
  296. int sLen);
  297. int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
  298. const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash,
  299. int sLen);
  300. int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
  301. CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
  302. int RSA_set_ex_data(RSA *r, int idx, void *arg);
  303. void *RSA_get_ex_data(const RSA *r, int idx);
  304. int RSA_security_bits(const RSA *rsa);
  305. void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
  306. const BIGNUM **d);
  307. int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
  308. void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
  309. const BIGNUM **iqmp);
  310. int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
  311. void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
  312. int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
  313. const BIGNUM *RSA_get0_n(const RSA *r);
  314. const BIGNUM *RSA_get0_e(const RSA *r);
  315. const BIGNUM *RSA_get0_d(const RSA *r);
  316. const BIGNUM *RSA_get0_p(const RSA *r);
  317. const BIGNUM *RSA_get0_q(const RSA *r);
  318. const BIGNUM *RSA_get0_dmp1(const RSA *r);
  319. const BIGNUM *RSA_get0_dmq1(const RSA *r);
  320. const BIGNUM *RSA_get0_iqmp(const RSA *r);
  321. const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
  322. void RSA_clear_flags(RSA *r, int flags);
  323. int RSA_test_flags(const RSA *r, int flags);
  324. void RSA_set_flags(RSA *r, int flags);
  325. RSA *RSAPublicKey_dup(RSA *rsa);
  326. RSA *RSAPrivateKey_dup(RSA *rsa);
  327. /* If this flag is set the RSA method is FIPS compliant and can be used
  328. * in FIPS mode. This is set in the validated module method. If an
  329. * application sets this flag in its own methods it is its responsibility
  330. * to ensure the result is compliant.
  331. */
  332. #define RSA_FLAG_FIPS_METHOD 0x0400
  333. /* If this flag is set the operations normally disabled in FIPS mode are
  334. * permitted it is then the applications responsibility to ensure that the
  335. * usage is compliant.
  336. */
  337. #define RSA_FLAG_NON_FIPS_ALLOW 0x0400
  338. /* Application has decided PRNG is good enough to generate a key: don't
  339. * check.
  340. */
  341. #define RSA_FLAG_CHECKED 0x0800
  342. RSA_METHOD *RSA_meth_new(const char *name, int flags);
  343. void RSA_meth_free(RSA_METHOD *meth);
  344. RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
  345. int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
  346. int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
  347. const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
  348. int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
  349. const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
  350. int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
  351. int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
  352. int RSA_meth_set_pub_enc(RSA_METHOD *meth, int (*pub_enc)(int flen,
  353. const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
  354. int RSA_meth_set_pub_dec(RSA_METHOD *meth, int (*pub_dec)(int flen,
  355. const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
  356. int RSA_meth_set_mod_exp(RSA_METHOD *meth, int (*mod_exp)(BIGNUM *r0,
  357. const BIGNUM *i, RSA *rsa, BN_CTX *ctx));
  358. int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp)(BIGNUM *r,
  359. const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  360. BN_MONT_CTX *m_ctx));
  361. int RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa));
  362. int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen)(RSA *rsa, int bits,
  363. BIGNUM *e, BN_GENCB *cb));
  364. int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
  365. int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
  366. const char *RSA_meth_get0_name(const RSA_METHOD *);
  367. int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen,
  368. const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
  369. int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))(int flen,
  370. const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
  371. int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen,
  372. const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
  373. int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen,
  374. const unsigned char *from, unsigned char *to, RSA *rsa, int padding);
  375. int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i,
  376. RSA *rsa, BN_CTX *ctx);
  377. int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r,
  378. const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
  379. BN_MONT_CTX *m_ctx);
  380. int (*RSA_meth_get_init(const RSA_METHOD *meth))(RSA *rsa);
  381. int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e,
  382. BN_GENCB *cb);
  383. int RSA_meth_get_flags(const RSA_METHOD *meth);
  384. void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
  385. int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type,
  386. const unsigned char *m, unsigned int m_length,
  387. unsigned char *sigret, unsigned int *siglen,
  388. const RSA *rsa);
  389. int RSA_meth_set_sign(RSA_METHOD *rsa, int (*sign)(int type,
  390. const unsigned char *m, unsigned int m_length, unsigned char *sigret,
  391. unsigned int *siglen, const RSA *rsa));
  392. int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype,
  393. const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf,
  394. unsigned int siglen, const RSA *rsa);
  395. int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify)(int dtype,
  396. const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf,
  397. unsigned int siglen, const RSA *rsa));
  398. void ERR_load_RSA_strings(void);
  399. /* Error codes for the RSA functions. */
  400. /* Function codes. */
  401. #define RSA_F_CHECK_PADDING_MD 140
  402. #define RSA_F_DO_RSA_PRINT 146
  403. #define RSA_F_INT_RSA_VERIFY 145
  404. #define RSA_F_MEMORY_LOCK 100
  405. #define RSA_F_OLD_RSA_PRIV_DECODE 147
  406. #define RSA_F_PKEY_RSA_CTRL 143
  407. #define RSA_F_PKEY_RSA_CTRL_STR 144
  408. #define RSA_F_PKEY_RSA_SIGN 142
  409. #define RSA_F_PKEY_RSA_VERIFY 154
  410. #define RSA_F_PKEY_RSA_VERIFYRECOVER 141
  411. #define RSA_F_RSA_BUILTIN_KEYGEN 129
  412. #define RSA_F_RSA_CHECK_KEY 123
  413. #define RSA_F_RSA_EAY_MOD_EXP 157
  414. #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
  415. #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
  416. #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
  417. #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
  418. #define RSA_F_RSA_GENERATE_KEY 105
  419. #define RSA_F_RSA_GENERATE_KEY_EX 155
  420. #define RSA_F_RSA_ITEM_VERIFY 156
  421. #define RSA_F_RSA_MEMORY_LOCK 130
  422. #define RSA_F_RSA_NEW_METHOD 106
  423. #define RSA_F_RSA_NULL 124
  424. #define RSA_F_RSA_NULL_MOD_EXP 131
  425. #define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132
  426. #define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
  427. #define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
  428. #define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
  429. #define RSA_F_RSA_PADDING_ADD_NONE 107
  430. #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
  431. #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
  432. #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
  433. #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
  434. #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
  435. #define RSA_F_RSA_PADDING_ADD_X931 127
  436. #define RSA_F_RSA_PADDING_CHECK_NONE 111
  437. #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
  438. #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
  439. #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
  440. #define RSA_F_RSA_PADDING_CHECK_X931 128
  441. #define RSA_F_RSA_PRINT 115
  442. #define RSA_F_RSA_PRINT_FP 116
  443. #define RSA_F_RSA_PRIVATE_DECRYPT 150
  444. #define RSA_F_RSA_PRIVATE_ENCRYPT 151
  445. #define RSA_F_RSA_PRIV_DECODE 137
  446. #define RSA_F_RSA_PRIV_ENCODE 138
  447. #define RSA_F_RSA_PUBLIC_DECRYPT 152
  448. #define RSA_F_RSA_PUBLIC_ENCRYPT 153
  449. #define RSA_F_RSA_PUB_DECODE 139
  450. #define RSA_F_RSA_SETUP_BLINDING 136
  451. #define RSA_F_RSA_SIGN 117
  452. #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
  453. #define RSA_F_RSA_VERIFY 119
  454. #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
  455. #define RSA_F_RSA_VERIFY_PKCS1_PSS 126
  456. #define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
  457. /* Reason codes. */
  458. #define RSA_R_ALGORITHM_MISMATCH 100
  459. #define RSA_R_BAD_E_VALUE 101
  460. #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
  461. #define RSA_R_BAD_PAD_BYTE_COUNT 103
  462. #define RSA_R_BAD_SIGNATURE 104
  463. #define RSA_R_BLOCK_TYPE_IS_NOT_01 106
  464. #define RSA_R_BLOCK_TYPE_IS_NOT_02 107
  465. #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
  466. #define RSA_R_DATA_TOO_LARGE 109
  467. #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
  468. #define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
  469. #define RSA_R_DATA_TOO_SMALL 111
  470. #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
  471. #define RSA_R_DIGEST_DOES_NOT_MATCH 158
  472. #define RSA_R_DIGEST_NOT_ALLOWED 145
  473. #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
  474. #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
  475. #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
  476. #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
  477. #define RSA_R_FIRST_OCTET_INVALID 133
  478. #define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144
  479. #define RSA_R_INVALID_DIGEST 157
  480. #define RSA_R_INVALID_DIGEST_LENGTH 143
  481. #define RSA_R_INVALID_HEADER 137
  482. #define RSA_R_INVALID_KEYBITS 145
  483. #define RSA_R_INVALID_LABEL 160
  484. #define RSA_R_INVALID_MESSAGE_LENGTH 131
  485. #define RSA_R_INVALID_MGF1_MD 156
  486. #define RSA_R_INVALID_OAEP_PARAMETERS 161
  487. #define RSA_R_INVALID_PADDING 138
  488. #define RSA_R_INVALID_PADDING_MODE 141
  489. #define RSA_R_INVALID_PSS_PARAMETERS 149
  490. #define RSA_R_INVALID_PSS_SALTLEN 146
  491. #define RSA_R_INVALID_SALT_LENGTH 150
  492. #define RSA_R_INVALID_TRAILER 139
  493. #define RSA_R_INVALID_X931_DIGEST 142
  494. #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
  495. #define RSA_R_KEY_SIZE_TOO_SMALL 120
  496. #define RSA_R_LAST_OCTET_INVALID 134
  497. #define RSA_R_MODULUS_TOO_LARGE 105
  498. #define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152
  499. #define RSA_R_NON_FIPS_RSA_METHOD 157
  500. #define RSA_R_NO_PUBLIC_EXPONENT 140
  501. #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
  502. #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
  503. #define RSA_R_OAEP_DECODING_ERROR 121
  504. #define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
  505. #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
  506. #define RSA_R_PADDING_CHECK_FAILED 114
  507. #define RSA_R_PSS_SALTLEN_TOO_SMALL 164
  508. #define RSA_R_P_NOT_PRIME 128
  509. #define RSA_R_Q_NOT_PRIME 129
  510. #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
  511. #define RSA_R_SLEN_CHECK_FAILED 136
  512. #define RSA_R_SLEN_RECOVERY_FAILED 135
  513. #define RSA_R_SSLV3_ROLLBACK_ATTACK 115
  514. #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
  515. #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
  516. #define RSA_R_UNKNOWN_DIGEST 166
  517. #define RSA_R_UNKNOWN_MASK_DIGEST 151
  518. #define RSA_R_UNKNOWN_PADDING_TYPE 118
  519. #define RSA_R_UNKNOWN_PSS_DIGEST 152
  520. #define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162
  521. #define RSA_R_UNSUPPORTED_LABEL_SOURCE 163
  522. #define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
  523. #define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
  524. #define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
  525. #define RSA_R_VALUE_MISSING 147
  526. #define RSA_R_WRONG_SIGNATURE_LENGTH 119
  527. #ifdef __cplusplus
  528. }
  529. #endif
  530. #endif