1e71b7053SJung-uk Kim /* 2e71b7053SJung-uk Kim * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3e71b7053SJung-uk Kim * 4e71b7053SJung-uk Kim * Licensed under the OpenSSL license (the "License"). You may not use 5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 8e71b7053SJung-uk Kim */ 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim #ifndef HEADER_RSA_H 11e71b7053SJung-uk Kim # define HEADER_RSA_H 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim # include <openssl/opensslconf.h> 14e71b7053SJung-uk Kim 15e71b7053SJung-uk Kim # ifndef OPENSSL_NO_RSA 16e71b7053SJung-uk Kim # include <openssl/asn1.h> 17e71b7053SJung-uk Kim # include <openssl/bio.h> 18e71b7053SJung-uk Kim # include <openssl/crypto.h> 19e71b7053SJung-uk Kim # include <openssl/ossl_typ.h> 20e71b7053SJung-uk Kim # if OPENSSL_API_COMPAT < 0x10100000L 21e71b7053SJung-uk Kim # include <openssl/bn.h> 22e71b7053SJung-uk Kim # endif 23e71b7053SJung-uk Kim # include <openssl/rsaerr.h> 24e71b7053SJung-uk Kim # ifdef __cplusplus 25e71b7053SJung-uk Kim extern "C" { 26e71b7053SJung-uk Kim # endif 27e71b7053SJung-uk Kim 28e71b7053SJung-uk Kim /* The types RSA and RSA_METHOD are defined in ossl_typ.h */ 29e71b7053SJung-uk Kim 30e71b7053SJung-uk Kim # ifndef OPENSSL_RSA_MAX_MODULUS_BITS 31e71b7053SJung-uk Kim # define OPENSSL_RSA_MAX_MODULUS_BITS 16384 32e71b7053SJung-uk Kim # endif 33e71b7053SJung-uk Kim 34e71b7053SJung-uk Kim # define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024 35e71b7053SJung-uk Kim 36e71b7053SJung-uk Kim # ifndef OPENSSL_RSA_SMALL_MODULUS_BITS 37e71b7053SJung-uk Kim # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 38e71b7053SJung-uk Kim # endif 39e71b7053SJung-uk Kim # ifndef OPENSSL_RSA_MAX_PUBEXP_BITS 40e71b7053SJung-uk Kim 41e71b7053SJung-uk Kim /* exponent limit enforced for "large" modulus only */ 42e71b7053SJung-uk Kim # define OPENSSL_RSA_MAX_PUBEXP_BITS 64 43e71b7053SJung-uk Kim # endif 44e71b7053SJung-uk Kim 45e71b7053SJung-uk Kim # define RSA_3 0x3L 46e71b7053SJung-uk Kim # define RSA_F4 0x10001L 47e71b7053SJung-uk Kim 48e71b7053SJung-uk Kim /* based on RFC 8017 appendix A.1.2 */ 49e71b7053SJung-uk Kim # define RSA_ASN1_VERSION_DEFAULT 0 50e71b7053SJung-uk Kim # define RSA_ASN1_VERSION_MULTI 1 51e71b7053SJung-uk Kim 52e71b7053SJung-uk Kim # define RSA_DEFAULT_PRIME_NUM 2 53e71b7053SJung-uk Kim 54e71b7053SJung-uk Kim # define RSA_METHOD_FLAG_NO_CHECK 0x0001/* don't check pub/private 55e71b7053SJung-uk Kim * match */ 56e71b7053SJung-uk Kim 57e71b7053SJung-uk Kim # define RSA_FLAG_CACHE_PUBLIC 0x0002 58e71b7053SJung-uk Kim # define RSA_FLAG_CACHE_PRIVATE 0x0004 59e71b7053SJung-uk Kim # define RSA_FLAG_BLINDING 0x0008 60e71b7053SJung-uk Kim # define RSA_FLAG_THREAD_SAFE 0x0010 61e71b7053SJung-uk Kim /* 62e71b7053SJung-uk Kim * This flag means the private key operations will be handled by rsa_mod_exp 63e71b7053SJung-uk Kim * and that they do not depend on the private key components being present: 64e71b7053SJung-uk Kim * for example a key stored in external hardware. Without this flag 65e71b7053SJung-uk Kim * bn_mod_exp gets called when private key components are absent. 66e71b7053SJung-uk Kim */ 67e71b7053SJung-uk Kim # define RSA_FLAG_EXT_PKEY 0x0020 68e71b7053SJung-uk Kim 69e71b7053SJung-uk Kim /* 70e71b7053SJung-uk Kim * new with 0.9.6j and 0.9.7b; the built-in 71e71b7053SJung-uk Kim * RSA implementation now uses blinding by 72e71b7053SJung-uk Kim * default (ignoring RSA_FLAG_BLINDING), 73e71b7053SJung-uk Kim * but other engines might not need it 74e71b7053SJung-uk Kim */ 75e71b7053SJung-uk Kim # define RSA_FLAG_NO_BLINDING 0x0080 76e71b7053SJung-uk Kim # if OPENSSL_API_COMPAT < 0x10100000L 77e71b7053SJung-uk Kim /* 78e71b7053SJung-uk Kim * Does nothing. Previously this switched off constant time behaviour. 79e71b7053SJung-uk Kim */ 80e71b7053SJung-uk Kim # define RSA_FLAG_NO_CONSTTIME 0x0000 81e71b7053SJung-uk Kim # endif 82e71b7053SJung-uk Kim # if OPENSSL_API_COMPAT < 0x00908000L 83e71b7053SJung-uk Kim /* deprecated name for the flag*/ 84e71b7053SJung-uk Kim /* 85e71b7053SJung-uk Kim * new with 0.9.7h; the built-in RSA 86e71b7053SJung-uk Kim * implementation now uses constant time 87e71b7053SJung-uk Kim * modular exponentiation for secret exponents 88e71b7053SJung-uk Kim * by default. This flag causes the 89e71b7053SJung-uk Kim * faster variable sliding window method to 90e71b7053SJung-uk Kim * be used for all exponents. 91e71b7053SJung-uk Kim */ 92e71b7053SJung-uk Kim # define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME 93e71b7053SJung-uk Kim # endif 94e71b7053SJung-uk Kim 95e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ 96e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) 97e71b7053SJung-uk Kim 98e71b7053SJung-uk Kim # define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ 99e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) 100e71b7053SJung-uk Kim 101e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ 102e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ 103e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) 104e71b7053SJung-uk Kim /* Salt length matches digest */ 105e71b7053SJung-uk Kim # define RSA_PSS_SALTLEN_DIGEST -1 106e71b7053SJung-uk Kim /* Verify only: auto detect salt length */ 107e71b7053SJung-uk Kim # define RSA_PSS_SALTLEN_AUTO -2 108e71b7053SJung-uk Kim /* Set salt length to maximum possible */ 109e71b7053SJung-uk Kim # define RSA_PSS_SALTLEN_MAX -3 110e71b7053SJung-uk Kim /* Old compatible max salt length for sign only */ 111e71b7053SJung-uk Kim # define RSA_PSS_SALTLEN_MAX_SIGN -2 112e71b7053SJung-uk Kim 113e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ 114e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ 115e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) 116e71b7053SJung-uk Kim 117e71b7053SJung-uk Kim # define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ 118e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ 119e71b7053SJung-uk Kim EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) 120e71b7053SJung-uk Kim 121e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ 122e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ 123e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) 124e71b7053SJung-uk Kim 125e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ 126e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ 127e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) 128e71b7053SJung-uk Kim 129e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \ 130e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ 131e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL) 132e71b7053SJung-uk Kim 133e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ 134e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ 135e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) 136e71b7053SJung-uk Kim 137e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ 138e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ 139e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) 140e71b7053SJung-uk Kim 141e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ 142e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ 143e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) 144e71b7053SJung-uk Kim 145e71b7053SJung-uk Kim # define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ 146e71b7053SJung-uk Kim RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ 147e71b7053SJung-uk Kim EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) 148e71b7053SJung-uk Kim 149e71b7053SJung-uk Kim # define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ 150e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ 151e71b7053SJung-uk Kim EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) 152e71b7053SJung-uk Kim 153e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ 154e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ 155e71b7053SJung-uk Kim EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) 156e71b7053SJung-uk Kim 157e71b7053SJung-uk Kim # define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ 158e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ 159e71b7053SJung-uk Kim EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) 160e71b7053SJung-uk Kim 161e71b7053SJung-uk Kim # define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ 162e71b7053SJung-uk Kim EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ 163*c9cf7b5cSJung-uk Kim EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, \ 164e71b7053SJung-uk Kim 0, (void *)(md)) 165e71b7053SJung-uk Kim 166e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) 167e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) 168e71b7053SJung-uk Kim 169e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) 170e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) 171e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) 172e71b7053SJung-uk Kim 173e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) 174e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) 175e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) 176e71b7053SJung-uk Kim 177e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) 178e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) 179e71b7053SJung-uk Kim 180e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) 181e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) 182e71b7053SJung-uk Kim 183e71b7053SJung-uk Kim # define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES (EVP_PKEY_ALG_CTRL + 13) 184e71b7053SJung-uk Kim 185e71b7053SJung-uk Kim # define RSA_PKCS1_PADDING 1 186e71b7053SJung-uk Kim # define RSA_SSLV23_PADDING 2 187e71b7053SJung-uk Kim # define RSA_NO_PADDING 3 188e71b7053SJung-uk Kim # define RSA_PKCS1_OAEP_PADDING 4 189e71b7053SJung-uk Kim # define RSA_X931_PADDING 5 190e71b7053SJung-uk Kim /* EVP_PKEY_ only */ 191e71b7053SJung-uk Kim # define RSA_PKCS1_PSS_PADDING 6 192e71b7053SJung-uk Kim 193e71b7053SJung-uk Kim # define RSA_PKCS1_PADDING_SIZE 11 194e71b7053SJung-uk Kim 195e71b7053SJung-uk Kim # define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) 196e71b7053SJung-uk Kim # define RSA_get_app_data(s) RSA_get_ex_data(s,0) 197e71b7053SJung-uk Kim 198e71b7053SJung-uk Kim RSA *RSA_new(void); 199e71b7053SJung-uk Kim RSA *RSA_new_method(ENGINE *engine); 200e71b7053SJung-uk Kim int RSA_bits(const RSA *rsa); 201e71b7053SJung-uk Kim int RSA_size(const RSA *rsa); 202e71b7053SJung-uk Kim int RSA_security_bits(const RSA *rsa); 203e71b7053SJung-uk Kim 204e71b7053SJung-uk Kim int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); 205e71b7053SJung-uk Kim int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); 206e71b7053SJung-uk Kim int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); 207e71b7053SJung-uk Kim int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], 208e71b7053SJung-uk Kim BIGNUM *coeffs[], int pnum); 209e71b7053SJung-uk Kim void RSA_get0_key(const RSA *r, 210e71b7053SJung-uk Kim const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); 211e71b7053SJung-uk Kim void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); 212e71b7053SJung-uk Kim int RSA_get_multi_prime_extra_count(const RSA *r); 213e71b7053SJung-uk Kim int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]); 214e71b7053SJung-uk Kim void RSA_get0_crt_params(const RSA *r, 215e71b7053SJung-uk Kim const BIGNUM **dmp1, const BIGNUM **dmq1, 216e71b7053SJung-uk Kim const BIGNUM **iqmp); 217e71b7053SJung-uk Kim int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[], 218e71b7053SJung-uk Kim const BIGNUM *coeffs[]); 219e71b7053SJung-uk Kim const BIGNUM *RSA_get0_n(const RSA *d); 220e71b7053SJung-uk Kim const BIGNUM *RSA_get0_e(const RSA *d); 221e71b7053SJung-uk Kim const BIGNUM *RSA_get0_d(const RSA *d); 222e71b7053SJung-uk Kim const BIGNUM *RSA_get0_p(const RSA *d); 223e71b7053SJung-uk Kim const BIGNUM *RSA_get0_q(const RSA *d); 224e71b7053SJung-uk Kim const BIGNUM *RSA_get0_dmp1(const RSA *r); 225e71b7053SJung-uk Kim const BIGNUM *RSA_get0_dmq1(const RSA *r); 226e71b7053SJung-uk Kim const BIGNUM *RSA_get0_iqmp(const RSA *r); 227e71b7053SJung-uk Kim void RSA_clear_flags(RSA *r, int flags); 228e71b7053SJung-uk Kim int RSA_test_flags(const RSA *r, int flags); 229e71b7053SJung-uk Kim void RSA_set_flags(RSA *r, int flags); 230e71b7053SJung-uk Kim int RSA_get_version(RSA *r); 231e71b7053SJung-uk Kim ENGINE *RSA_get0_engine(const RSA *r); 232e71b7053SJung-uk Kim 233e71b7053SJung-uk Kim /* Deprecated version */ 234e71b7053SJung-uk Kim DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void 235e71b7053SJung-uk Kim (*callback) (int, int, void *), 236e71b7053SJung-uk Kim void *cb_arg)) 237e71b7053SJung-uk Kim 238e71b7053SJung-uk Kim /* New version */ 239e71b7053SJung-uk Kim int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); 240e71b7053SJung-uk Kim /* Multi-prime version */ 241e71b7053SJung-uk Kim int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, 242e71b7053SJung-uk Kim BIGNUM *e, BN_GENCB *cb); 243e71b7053SJung-uk Kim 244e71b7053SJung-uk Kim int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, 245e71b7053SJung-uk Kim BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2, 246e71b7053SJung-uk Kim const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2, 247e71b7053SJung-uk Kim const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb); 248e71b7053SJung-uk Kim int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, 249e71b7053SJung-uk Kim BN_GENCB *cb); 250e71b7053SJung-uk Kim 251e71b7053SJung-uk Kim int RSA_check_key(const RSA *); 252e71b7053SJung-uk Kim int RSA_check_key_ex(const RSA *, BN_GENCB *cb); 253e71b7053SJung-uk Kim /* next 4 return -1 on error */ 254e71b7053SJung-uk Kim int RSA_public_encrypt(int flen, const unsigned char *from, 255e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 256e71b7053SJung-uk Kim int RSA_private_encrypt(int flen, const unsigned char *from, 257e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 258e71b7053SJung-uk Kim int RSA_public_decrypt(int flen, const unsigned char *from, 259e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 260e71b7053SJung-uk Kim int RSA_private_decrypt(int flen, const unsigned char *from, 261e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 262e71b7053SJung-uk Kim void RSA_free(RSA *r); 263e71b7053SJung-uk Kim /* "up" the RSA object's reference count */ 264e71b7053SJung-uk Kim int RSA_up_ref(RSA *r); 265e71b7053SJung-uk Kim 266e71b7053SJung-uk Kim int RSA_flags(const RSA *r); 267e71b7053SJung-uk Kim 268e71b7053SJung-uk Kim void RSA_set_default_method(const RSA_METHOD *meth); 269e71b7053SJung-uk Kim const RSA_METHOD *RSA_get_default_method(void); 270e71b7053SJung-uk Kim const RSA_METHOD *RSA_null_method(void); 271e71b7053SJung-uk Kim const RSA_METHOD *RSA_get_method(const RSA *rsa); 272e71b7053SJung-uk Kim int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); 273e71b7053SJung-uk Kim 274e71b7053SJung-uk Kim /* these are the actual RSA functions */ 275e71b7053SJung-uk Kim const RSA_METHOD *RSA_PKCS1_OpenSSL(void); 276e71b7053SJung-uk Kim 277e71b7053SJung-uk Kim int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); 278e71b7053SJung-uk Kim 279e71b7053SJung-uk Kim DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) 280e71b7053SJung-uk Kim DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) 281e71b7053SJung-uk Kim 282e71b7053SJung-uk Kim typedef struct rsa_pss_params_st { 283e71b7053SJung-uk Kim X509_ALGOR *hashAlgorithm; 284e71b7053SJung-uk Kim X509_ALGOR *maskGenAlgorithm; 285e71b7053SJung-uk Kim ASN1_INTEGER *saltLength; 286e71b7053SJung-uk Kim ASN1_INTEGER *trailerField; 287e71b7053SJung-uk Kim /* Decoded hash algorithm from maskGenAlgorithm */ 288e71b7053SJung-uk Kim X509_ALGOR *maskHash; 289e71b7053SJung-uk Kim } RSA_PSS_PARAMS; 290e71b7053SJung-uk Kim 291e71b7053SJung-uk Kim DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) 292e71b7053SJung-uk Kim 293e71b7053SJung-uk Kim typedef struct rsa_oaep_params_st { 294e71b7053SJung-uk Kim X509_ALGOR *hashFunc; 295e71b7053SJung-uk Kim X509_ALGOR *maskGenFunc; 296e71b7053SJung-uk Kim X509_ALGOR *pSourceFunc; 297e71b7053SJung-uk Kim /* Decoded hash algorithm from maskGenFunc */ 298e71b7053SJung-uk Kim X509_ALGOR *maskHash; 299e71b7053SJung-uk Kim } RSA_OAEP_PARAMS; 300e71b7053SJung-uk Kim 301e71b7053SJung-uk Kim DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) 302e71b7053SJung-uk Kim 303e71b7053SJung-uk Kim # ifndef OPENSSL_NO_STDIO 304e71b7053SJung-uk Kim int RSA_print_fp(FILE *fp, const RSA *r, int offset); 305e71b7053SJung-uk Kim # endif 306e71b7053SJung-uk Kim 307e71b7053SJung-uk Kim int RSA_print(BIO *bp, const RSA *r, int offset); 308e71b7053SJung-uk Kim 309e71b7053SJung-uk Kim /* 310e71b7053SJung-uk Kim * The following 2 functions sign and verify a X509_SIG ASN1 object inside 311e71b7053SJung-uk Kim * PKCS#1 padded RSA encryption 312e71b7053SJung-uk Kim */ 313e71b7053SJung-uk Kim int RSA_sign(int type, const unsigned char *m, unsigned int m_length, 314e71b7053SJung-uk Kim unsigned char *sigret, unsigned int *siglen, RSA *rsa); 315e71b7053SJung-uk Kim int RSA_verify(int type, const unsigned char *m, unsigned int m_length, 316e71b7053SJung-uk Kim const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 317e71b7053SJung-uk Kim 318e71b7053SJung-uk Kim /* 319e71b7053SJung-uk Kim * The following 2 function sign and verify a ASN1_OCTET_STRING object inside 320e71b7053SJung-uk Kim * PKCS#1 padded RSA encryption 321e71b7053SJung-uk Kim */ 322e71b7053SJung-uk Kim int RSA_sign_ASN1_OCTET_STRING(int type, 323e71b7053SJung-uk Kim const unsigned char *m, unsigned int m_length, 324e71b7053SJung-uk Kim unsigned char *sigret, unsigned int *siglen, 325e71b7053SJung-uk Kim RSA *rsa); 326e71b7053SJung-uk Kim int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, 327e71b7053SJung-uk Kim unsigned int m_length, unsigned char *sigbuf, 328e71b7053SJung-uk Kim unsigned int siglen, RSA *rsa); 329e71b7053SJung-uk Kim 330e71b7053SJung-uk Kim int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 331e71b7053SJung-uk Kim void RSA_blinding_off(RSA *rsa); 332e71b7053SJung-uk Kim BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); 333e71b7053SJung-uk Kim 334e71b7053SJung-uk Kim int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, 335e71b7053SJung-uk Kim const unsigned char *f, int fl); 336e71b7053SJung-uk Kim int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, 337e71b7053SJung-uk Kim const unsigned char *f, int fl, 338e71b7053SJung-uk Kim int rsa_len); 339e71b7053SJung-uk Kim int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, 340e71b7053SJung-uk Kim const unsigned char *f, int fl); 341e71b7053SJung-uk Kim int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, 342e71b7053SJung-uk Kim const unsigned char *f, int fl, 343e71b7053SJung-uk Kim int rsa_len); 344e71b7053SJung-uk Kim int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, 345e71b7053SJung-uk Kim long seedlen, const EVP_MD *dgst); 346e71b7053SJung-uk Kim int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 347e71b7053SJung-uk Kim const unsigned char *f, int fl, 348e71b7053SJung-uk Kim const unsigned char *p, int pl); 349e71b7053SJung-uk Kim int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, 350e71b7053SJung-uk Kim const unsigned char *f, int fl, int rsa_len, 351e71b7053SJung-uk Kim const unsigned char *p, int pl); 352e71b7053SJung-uk Kim int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, 353e71b7053SJung-uk Kim const unsigned char *from, int flen, 354e71b7053SJung-uk Kim const unsigned char *param, int plen, 355e71b7053SJung-uk Kim const EVP_MD *md, const EVP_MD *mgf1md); 356e71b7053SJung-uk Kim int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, 357e71b7053SJung-uk Kim const unsigned char *from, int flen, 358e71b7053SJung-uk Kim int num, const unsigned char *param, 359e71b7053SJung-uk Kim int plen, const EVP_MD *md, 360e71b7053SJung-uk Kim const EVP_MD *mgf1md); 361e71b7053SJung-uk Kim int RSA_padding_add_SSLv23(unsigned char *to, int tlen, 362e71b7053SJung-uk Kim const unsigned char *f, int fl); 363e71b7053SJung-uk Kim int RSA_padding_check_SSLv23(unsigned char *to, int tlen, 364e71b7053SJung-uk Kim const unsigned char *f, int fl, int rsa_len); 365e71b7053SJung-uk Kim int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f, 366e71b7053SJung-uk Kim int fl); 367e71b7053SJung-uk Kim int RSA_padding_check_none(unsigned char *to, int tlen, 368e71b7053SJung-uk Kim const unsigned char *f, int fl, int rsa_len); 369e71b7053SJung-uk Kim int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f, 370e71b7053SJung-uk Kim int fl); 371e71b7053SJung-uk Kim int RSA_padding_check_X931(unsigned char *to, int tlen, 372e71b7053SJung-uk Kim const unsigned char *f, int fl, int rsa_len); 373e71b7053SJung-uk Kim int RSA_X931_hash_id(int nid); 374e71b7053SJung-uk Kim 375e71b7053SJung-uk Kim int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, 376e71b7053SJung-uk Kim const EVP_MD *Hash, const unsigned char *EM, 377e71b7053SJung-uk Kim int sLen); 378e71b7053SJung-uk Kim int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, 379e71b7053SJung-uk Kim const unsigned char *mHash, const EVP_MD *Hash, 380e71b7053SJung-uk Kim int sLen); 381e71b7053SJung-uk Kim 382e71b7053SJung-uk Kim int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, 383e71b7053SJung-uk Kim const EVP_MD *Hash, const EVP_MD *mgf1Hash, 384e71b7053SJung-uk Kim const unsigned char *EM, int sLen); 385e71b7053SJung-uk Kim 386e71b7053SJung-uk Kim int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, 387e71b7053SJung-uk Kim const unsigned char *mHash, 388e71b7053SJung-uk Kim const EVP_MD *Hash, const EVP_MD *mgf1Hash, 389e71b7053SJung-uk Kim int sLen); 390e71b7053SJung-uk Kim 391e71b7053SJung-uk Kim #define RSA_get_ex_new_index(l, p, newf, dupf, freef) \ 392e71b7053SJung-uk Kim CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef) 393e71b7053SJung-uk Kim int RSA_set_ex_data(RSA *r, int idx, void *arg); 394e71b7053SJung-uk Kim void *RSA_get_ex_data(const RSA *r, int idx); 395e71b7053SJung-uk Kim 396e71b7053SJung-uk Kim RSA *RSAPublicKey_dup(RSA *rsa); 397e71b7053SJung-uk Kim RSA *RSAPrivateKey_dup(RSA *rsa); 398e71b7053SJung-uk Kim 399e71b7053SJung-uk Kim /* 400e71b7053SJung-uk Kim * If this flag is set the RSA method is FIPS compliant and can be used in 401e71b7053SJung-uk Kim * FIPS mode. This is set in the validated module method. If an application 402e71b7053SJung-uk Kim * sets this flag in its own methods it is its responsibility to ensure the 403e71b7053SJung-uk Kim * result is compliant. 404e71b7053SJung-uk Kim */ 405e71b7053SJung-uk Kim 406e71b7053SJung-uk Kim # define RSA_FLAG_FIPS_METHOD 0x0400 407e71b7053SJung-uk Kim 408e71b7053SJung-uk Kim /* 409e71b7053SJung-uk Kim * If this flag is set the operations normally disabled in FIPS mode are 410e71b7053SJung-uk Kim * permitted it is then the applications responsibility to ensure that the 411e71b7053SJung-uk Kim * usage is compliant. 412e71b7053SJung-uk Kim */ 413e71b7053SJung-uk Kim 414e71b7053SJung-uk Kim # define RSA_FLAG_NON_FIPS_ALLOW 0x0400 415e71b7053SJung-uk Kim /* 416e71b7053SJung-uk Kim * Application has decided PRNG is good enough to generate a key: don't 417e71b7053SJung-uk Kim * check. 418e71b7053SJung-uk Kim */ 419e71b7053SJung-uk Kim # define RSA_FLAG_CHECKED 0x0800 420e71b7053SJung-uk Kim 421e71b7053SJung-uk Kim RSA_METHOD *RSA_meth_new(const char *name, int flags); 422e71b7053SJung-uk Kim void RSA_meth_free(RSA_METHOD *meth); 423e71b7053SJung-uk Kim RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); 424e71b7053SJung-uk Kim const char *RSA_meth_get0_name(const RSA_METHOD *meth); 425e71b7053SJung-uk Kim int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); 426e71b7053SJung-uk Kim int RSA_meth_get_flags(const RSA_METHOD *meth); 427e71b7053SJung-uk Kim int RSA_meth_set_flags(RSA_METHOD *meth, int flags); 428e71b7053SJung-uk Kim void *RSA_meth_get0_app_data(const RSA_METHOD *meth); 429e71b7053SJung-uk Kim int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); 430e71b7053SJung-uk Kim int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth)) 431e71b7053SJung-uk Kim (int flen, const unsigned char *from, 432e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 433e71b7053SJung-uk Kim int RSA_meth_set_pub_enc(RSA_METHOD *rsa, 434e71b7053SJung-uk Kim int (*pub_enc) (int flen, const unsigned char *from, 435e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, 436e71b7053SJung-uk Kim int padding)); 437e71b7053SJung-uk Kim int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth)) 438e71b7053SJung-uk Kim (int flen, const unsigned char *from, 439e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 440e71b7053SJung-uk Kim int RSA_meth_set_pub_dec(RSA_METHOD *rsa, 441e71b7053SJung-uk Kim int (*pub_dec) (int flen, const unsigned char *from, 442e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, 443e71b7053SJung-uk Kim int padding)); 444e71b7053SJung-uk Kim int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) 445e71b7053SJung-uk Kim (int flen, const unsigned char *from, 446e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 447e71b7053SJung-uk Kim int RSA_meth_set_priv_enc(RSA_METHOD *rsa, 448e71b7053SJung-uk Kim int (*priv_enc) (int flen, const unsigned char *from, 449e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, 450e71b7053SJung-uk Kim int padding)); 451e71b7053SJung-uk Kim int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) 452e71b7053SJung-uk Kim (int flen, const unsigned char *from, 453e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, int padding); 454e71b7053SJung-uk Kim int RSA_meth_set_priv_dec(RSA_METHOD *rsa, 455e71b7053SJung-uk Kim int (*priv_dec) (int flen, const unsigned char *from, 456e71b7053SJung-uk Kim unsigned char *to, RSA *rsa, 457e71b7053SJung-uk Kim int padding)); 458e71b7053SJung-uk Kim int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth)) 459*c9cf7b5cSJung-uk Kim (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); 460e71b7053SJung-uk Kim int RSA_meth_set_mod_exp(RSA_METHOD *rsa, 461*c9cf7b5cSJung-uk Kim int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa, 462e71b7053SJung-uk Kim BN_CTX *ctx)); 463e71b7053SJung-uk Kim int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth)) 464e71b7053SJung-uk Kim (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 465e71b7053SJung-uk Kim const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 466e71b7053SJung-uk Kim int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa, 467e71b7053SJung-uk Kim int (*bn_mod_exp) (BIGNUM *r, 468e71b7053SJung-uk Kim const BIGNUM *a, 469e71b7053SJung-uk Kim const BIGNUM *p, 470e71b7053SJung-uk Kim const BIGNUM *m, 471e71b7053SJung-uk Kim BN_CTX *ctx, 472e71b7053SJung-uk Kim BN_MONT_CTX *m_ctx)); 473e71b7053SJung-uk Kim int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa); 474e71b7053SJung-uk Kim int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa)); 475e71b7053SJung-uk Kim int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa); 476e71b7053SJung-uk Kim int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa)); 477e71b7053SJung-uk Kim int (*RSA_meth_get_sign(const RSA_METHOD *meth)) 478e71b7053SJung-uk Kim (int type, 479e71b7053SJung-uk Kim const unsigned char *m, unsigned int m_length, 480e71b7053SJung-uk Kim unsigned char *sigret, unsigned int *siglen, 481e71b7053SJung-uk Kim const RSA *rsa); 482e71b7053SJung-uk Kim int RSA_meth_set_sign(RSA_METHOD *rsa, 483e71b7053SJung-uk Kim int (*sign) (int type, const unsigned char *m, 484e71b7053SJung-uk Kim unsigned int m_length, 485e71b7053SJung-uk Kim unsigned char *sigret, unsigned int *siglen, 486e71b7053SJung-uk Kim const RSA *rsa)); 487e71b7053SJung-uk Kim int (*RSA_meth_get_verify(const RSA_METHOD *meth)) 488e71b7053SJung-uk Kim (int dtype, const unsigned char *m, 489e71b7053SJung-uk Kim unsigned int m_length, const unsigned char *sigbuf, 490e71b7053SJung-uk Kim unsigned int siglen, const RSA *rsa); 491e71b7053SJung-uk Kim int RSA_meth_set_verify(RSA_METHOD *rsa, 492e71b7053SJung-uk Kim int (*verify) (int dtype, const unsigned char *m, 493e71b7053SJung-uk Kim unsigned int m_length, 494e71b7053SJung-uk Kim const unsigned char *sigbuf, 495e71b7053SJung-uk Kim unsigned int siglen, const RSA *rsa)); 496e71b7053SJung-uk Kim int (*RSA_meth_get_keygen(const RSA_METHOD *meth)) 497e71b7053SJung-uk Kim (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); 498e71b7053SJung-uk Kim int RSA_meth_set_keygen(RSA_METHOD *rsa, 499e71b7053SJung-uk Kim int (*keygen) (RSA *rsa, int bits, BIGNUM *e, 500e71b7053SJung-uk Kim BN_GENCB *cb)); 501e71b7053SJung-uk Kim int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth)) 502e71b7053SJung-uk Kim (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); 503e71b7053SJung-uk Kim int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth, 504e71b7053SJung-uk Kim int (*keygen) (RSA *rsa, int bits, 505e71b7053SJung-uk Kim int primes, BIGNUM *e, 506e71b7053SJung-uk Kim BN_GENCB *cb)); 507e71b7053SJung-uk Kim 508e71b7053SJung-uk Kim # ifdef __cplusplus 509e71b7053SJung-uk Kim } 510e71b7053SJung-uk Kim # endif 511e71b7053SJung-uk Kim # endif 512e71b7053SJung-uk Kim #endif 513