Commit | Line | Data |
---|---|---|
80a47a2c TK |
1 | /** |
2 | * \file rsa.h | |
3 | * | |
62d3e98d TK |
4 | * Copyright (C) 2006-2010, Brainspark B.V. |
5 | * | |
6 | * This file is part of PolarSSL (http://www.polarssl.org) | |
7 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> | |
80a47a2c | 8 | * |
62d3e98d | 9 | * All rights reserved. |
80a47a2c TK |
10 | * |
11 | * This program is free software; you can redistribute it and/or modify | |
12 | * it under the terms of the GNU General Public License as published by | |
13 | * the Free Software Foundation; either version 2 of the License, or | |
14 | * (at your option) any later version. | |
15 | * | |
16 | * This program is distributed in the hope that it will be useful, | |
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 | * GNU General Public License for more details. | |
20 | * | |
21 | * You should have received a copy of the GNU General Public License along | |
22 | * with this program; if not, write to the Free Software Foundation, Inc., | |
23 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | */ | |
25 | ||
80a47a2c TK |
26 | #ifndef POLARSSL_RSA_H |
27 | #define POLARSSL_RSA_H | |
28 | ||
29 | #include "bignum.h" | |
30 | ||
67932e54 TK |
31 | /* |
32 | * RSA Error codes | |
33 | */ | |
80a47a2c TK |
34 | #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x0400 |
35 | #define POLARSSL_ERR_RSA_INVALID_PADDING -0x0410 | |
36 | #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x0420 | |
37 | #define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x0430 | |
38 | #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440 | |
39 | #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450 | |
40 | #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460 | |
67932e54 | 41 | #define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x0470 |
62d3e98d | 42 | #define POLARSSL_ERR_RSA_RNG_FAILED -0x0480 |
80a47a2c | 43 | |
67932e54 TK |
44 | /* *************** begin copy from x509.h ************************/ |
45 | /* | |
46 | * ASN1 Error codes | |
47 | * | |
48 | * These error codes will be OR'ed to X509 error codes for | |
49 | * higher error granularity. | |
50 | */ | |
51 | #define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014 | |
52 | #define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016 | |
53 | #define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018 | |
54 | #define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A | |
55 | #define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C | |
80a47a2c | 56 | |
67932e54 TK |
57 | /* |
58 | * X509 Error codes | |
59 | */ | |
80a47a2c TK |
60 | #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 |
61 | #define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040 | |
62 | #define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 | |
63 | #define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 | |
64 | #define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 | |
65 | #define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 | |
66 | #define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 | |
67 | #define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100 | |
68 | #define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 | |
69 | #define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 | |
70 | #define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 | |
71 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 | |
72 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 | |
73 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 | |
74 | #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 | |
75 | #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 | |
76 | #define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 | |
77 | #define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 | |
78 | #define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 | |
79 | #define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 | |
80 | #define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 | |
81 | #define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 | |
82 | #define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 | |
83 | #define POLARSSL_ERR_X509_POINT_ERROR -0x0300 | |
84 | #define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 | |
85 | ||
86 | /* | |
87 | * DER constants | |
88 | */ | |
89 | #define ASN1_BOOLEAN 0x01 | |
90 | #define ASN1_INTEGER 0x02 | |
91 | #define ASN1_BIT_STRING 0x03 | |
92 | #define ASN1_OCTET_STRING 0x04 | |
93 | #define ASN1_NULL 0x05 | |
94 | #define ASN1_OID 0x06 | |
95 | #define ASN1_UTF8_STRING 0x0C | |
96 | #define ASN1_SEQUENCE 0x10 | |
97 | #define ASN1_SET 0x11 | |
98 | #define ASN1_PRINTABLE_STRING 0x13 | |
99 | #define ASN1_T61_STRING 0x14 | |
100 | #define ASN1_IA5_STRING 0x16 | |
101 | #define ASN1_UTC_TIME 0x17 | |
62d3e98d | 102 | #define ASN1_GENERALIZED_TIME 0x18 |
80a47a2c TK |
103 | #define ASN1_UNIVERSAL_STRING 0x1C |
104 | #define ASN1_BMP_STRING 0x1E | |
105 | #define ASN1_PRIMITIVE 0x00 | |
106 | #define ASN1_CONSTRUCTED 0x20 | |
107 | #define ASN1_CONTEXT_SPECIFIC 0x80 | |
67932e54 TK |
108 | /* *************** end copy from x509.h ************************/ |
109 | ||
80a47a2c TK |
110 | /* |
111 | * PKCS#1 constants | |
112 | */ | |
67932e54 TK |
113 | #define SIG_RSA_RAW 0 |
114 | #define SIG_RSA_MD2 2 | |
115 | #define SIG_RSA_MD4 3 | |
116 | #define SIG_RSA_MD5 4 | |
117 | #define SIG_RSA_SHA1 5 | |
118 | #define SIG_RSA_SHA224 14 | |
119 | #define SIG_RSA_SHA256 11 | |
120 | #define SIG_RSA_SHA384 12 | |
121 | #define SIG_RSA_SHA512 13 | |
80a47a2c TK |
122 | |
123 | #define RSA_PUBLIC 0 | |
124 | #define RSA_PRIVATE 1 | |
125 | ||
126 | #define RSA_PKCS_V15 0 | |
127 | #define RSA_PKCS_V21 1 | |
128 | ||
129 | #define RSA_SIGN 1 | |
130 | #define RSA_CRYPT 2 | |
131 | ||
67932e54 TK |
132 | #define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30" |
133 | #define ASN1_STR_NULL "\x05" | |
134 | #define ASN1_STR_OID "\x06" | |
135 | #define ASN1_STR_OCTET_STRING "\x04" | |
136 | ||
137 | #define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00" | |
138 | #define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a" | |
139 | #define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00" | |
140 | ||
141 | #define OID_ISO_MEMBER_BODIES "\x2a" | |
142 | #define OID_ISO_IDENTIFIED_ORG "\x2b" | |
143 | ||
144 | /* | |
145 | * ISO Member bodies OID parts | |
146 | */ | |
147 | #define OID_COUNTRY_US "\x86\x48" | |
148 | #define OID_RSA_DATA_SECURITY "\x86\xf7\x0d" | |
149 | ||
150 | /* | |
151 | * ISO Identified organization OID parts | |
152 | */ | |
153 | #define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" | |
154 | ||
80a47a2c TK |
155 | /* |
156 | * DigestInfo ::= SEQUENCE { | |
157 | * digestAlgorithm DigestAlgorithmIdentifier, | |
158 | * digest Digest } | |
159 | * | |
160 | * DigestAlgorithmIdentifier ::= AlgorithmIdentifier | |
161 | * | |
162 | * Digest ::= OCTET STRING | |
163 | */ | |
67932e54 TK |
164 | #define ASN1_HASH_MDX \ |
165 | ( \ | |
166 | ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \ | |
167 | ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \ | |
168 | ASN1_STR_OID "\x08" \ | |
169 | OID_DIGEST_ALG_MDX \ | |
170 | ASN1_STR_NULL "\x00" \ | |
171 | ASN1_STR_OCTET_STRING "\x10" \ | |
172 | ) | |
173 | ||
174 | #define ASN1_HASH_SHA1 \ | |
175 | ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \ | |
176 | ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \ | |
177 | ASN1_STR_OID "\x05" \ | |
178 | OID_HASH_ALG_SHA1 \ | |
179 | ASN1_STR_NULL "\x00" \ | |
180 | ASN1_STR_OCTET_STRING "\x14" | |
181 | ||
182 | #define ASN1_HASH_SHA2X \ | |
183 | ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \ | |
184 | ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \ | |
185 | ASN1_STR_OID "\x09" \ | |
186 | OID_HASH_ALG_SHA2X \ | |
187 | ASN1_STR_NULL "\x00" \ | |
188 | ASN1_STR_OCTET_STRING "\x00" | |
80a47a2c TK |
189 | |
190 | /** | |
191 | * \brief RSA context structure | |
192 | */ | |
193 | typedef struct | |
194 | { | |
195 | int ver; /*!< always 0 */ | |
196 | int len; /*!< size(N) in chars */ | |
197 | ||
198 | mpi N; /*!< public modulus */ | |
199 | mpi E; /*!< public exponent */ | |
200 | ||
201 | mpi D; /*!< private exponent */ | |
202 | mpi P; /*!< 1st prime factor */ | |
203 | mpi Q; /*!< 2nd prime factor */ | |
204 | mpi DP; /*!< D % (P - 1) */ | |
205 | mpi DQ; /*!< D % (Q - 1) */ | |
206 | mpi QP; /*!< 1 / (Q % P) */ | |
207 | ||
208 | mpi RN; /*!< cached R^2 mod N */ | |
209 | mpi RP; /*!< cached R^2 mod P */ | |
210 | mpi RQ; /*!< cached R^2 mod Q */ | |
211 | ||
212 | int padding; /*!< 1.5 or OAEP/PSS */ | |
213 | int hash_id; /*!< hash identifier */ | |
80a47a2c TK |
214 | } |
215 | rsa_context; | |
216 | ||
217 | #ifdef __cplusplus | |
218 | extern "C" { | |
219 | #endif | |
220 | ||
221 | /** | |
222 | * \brief Initialize an RSA context | |
223 | * | |
224 | * \param ctx RSA context to be initialized | |
225 | * \param padding RSA_PKCS_V15 or RSA_PKCS_V21 | |
226 | * \param hash_id RSA_PKCS_V21 hash identifier | |
80a47a2c TK |
227 | * |
228 | * \note The hash_id parameter is actually ignored | |
229 | * when using RSA_PKCS_V15 padding. | |
230 | * | |
62d3e98d | 231 | * \note Currently, RSA_PKCS_V21 padding |
80a47a2c TK |
232 | * is not supported. |
233 | */ | |
234 | void rsa_init( rsa_context *ctx, | |
235 | int padding, | |
62d3e98d | 236 | int hash_id); |
80a47a2c TK |
237 | |
238 | /** | |
239 | * \brief Generate an RSA keypair | |
240 | * | |
241 | * \param ctx RSA context that will hold the key | |
62d3e98d TK |
242 | * \param f_rng RNG function |
243 | * \param p_rng RNG parameter | |
80a47a2c TK |
244 | * \param nbits size of the public key in bits |
245 | * \param exponent public exponent (e.g., 65537) | |
246 | * | |
247 | * \note rsa_init() must be called beforehand to setup | |
62d3e98d | 248 | * the RSA context. |
80a47a2c TK |
249 | * |
250 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
251 | */ | |
62d3e98d TK |
252 | int rsa_gen_key( rsa_context *ctx, |
253 | int (*f_rng)(void *), | |
254 | void *p_rng, | |
255 | int nbits, int exponent ); | |
80a47a2c TK |
256 | |
257 | /** | |
258 | * \brief Check a public RSA key | |
259 | * | |
260 | * \param ctx RSA context to be checked | |
261 | * | |
262 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
263 | */ | |
62d3e98d | 264 | int rsa_check_pubkey( const rsa_context *ctx ); |
80a47a2c TK |
265 | |
266 | /** | |
267 | * \brief Check a private RSA key | |
268 | * | |
269 | * \param ctx RSA context to be checked | |
270 | * | |
271 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
272 | */ | |
62d3e98d | 273 | int rsa_check_privkey( const rsa_context *ctx ); |
80a47a2c TK |
274 | |
275 | /** | |
276 | * \brief Do an RSA public key operation | |
277 | * | |
278 | * \param ctx RSA context | |
279 | * \param input input buffer | |
280 | * \param output output buffer | |
281 | * | |
282 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
283 | * | |
284 | * \note This function does NOT take care of message | |
67932e54 TK |
285 | * padding. Also, be sure to set input[0] = 0 or assure that |
286 | * input is smaller than N. | |
80a47a2c TK |
287 | * |
288 | * \note The input and output buffers must be large | |
289 | * enough (eg. 128 bytes if RSA-1024 is used). | |
290 | */ | |
291 | int rsa_public( rsa_context *ctx, | |
62d3e98d | 292 | const unsigned char *input, |
80a47a2c TK |
293 | unsigned char *output ); |
294 | ||
295 | /** | |
296 | * \brief Do an RSA private key operation | |
297 | * | |
298 | * \param ctx RSA context | |
299 | * \param input input buffer | |
300 | * \param output output buffer | |
301 | * | |
302 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
303 | * | |
304 | * \note The input and output buffers must be large | |
305 | * enough (eg. 128 bytes if RSA-1024 is used). | |
306 | */ | |
307 | int rsa_private( rsa_context *ctx, | |
62d3e98d | 308 | const unsigned char *input, |
80a47a2c TK |
309 | unsigned char *output ); |
310 | ||
311 | /** | |
312 | * \brief Add the message padding, then do an RSA operation | |
313 | * | |
314 | * \param ctx RSA context | |
62d3e98d TK |
315 | * \param f_rng RNG function |
316 | * \param p_rng RNG parameter | |
80a47a2c | 317 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
67932e54 | 318 | * \param ilen contains the plaintext length |
80a47a2c TK |
319 | * \param input buffer holding the data to be encrypted |
320 | * \param output buffer that will hold the ciphertext | |
321 | * | |
322 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
323 | * | |
324 | * \note The output buffer must be as large as the size | |
325 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). | |
326 | */ | |
327 | int rsa_pkcs1_encrypt( rsa_context *ctx, | |
62d3e98d TK |
328 | int (*f_rng)(void *), |
329 | void *p_rng, | |
80a47a2c | 330 | int mode, int ilen, |
62d3e98d | 331 | const unsigned char *input, |
80a47a2c TK |
332 | unsigned char *output ); |
333 | ||
334 | /** | |
335 | * \brief Do an RSA operation, then remove the message padding | |
336 | * | |
337 | * \param ctx RSA context | |
338 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
339 | * \param input buffer holding the encrypted data | |
340 | * \param output buffer that will hold the plaintext | |
341 | * \param olen will contain the plaintext length | |
67932e54 | 342 | * \param output_max_len maximum length of the output buffer |
80a47a2c TK |
343 | * |
344 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
345 | * | |
346 | * \note The output buffer must be as large as the size | |
347 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise | |
348 | * an error is thrown. | |
349 | */ | |
350 | int rsa_pkcs1_decrypt( rsa_context *ctx, | |
351 | int mode, int *olen, | |
62d3e98d | 352 | const unsigned char *input, |
80a47a2c | 353 | unsigned char *output, |
67932e54 | 354 | int output_max_len ); |
80a47a2c TK |
355 | |
356 | /** | |
357 | * \brief Do a private RSA to sign a message digest | |
358 | * | |
359 | * \param ctx RSA context | |
360 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
67932e54 TK |
361 | * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512} |
362 | * \param hashlen message digest length (for SIG_RSA_RAW only) | |
80a47a2c TK |
363 | * \param hash buffer holding the message digest |
364 | * \param sig buffer that will hold the ciphertext | |
365 | * | |
366 | * \return 0 if the signing operation was successful, | |
367 | * or an POLARSSL_ERR_RSA_XXX error code | |
368 | * | |
369 | * \note The "sig" buffer must be as large as the size | |
370 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). | |
371 | */ | |
372 | int rsa_pkcs1_sign( rsa_context *ctx, | |
373 | int mode, | |
374 | int hash_id, | |
375 | int hashlen, | |
62d3e98d | 376 | const unsigned char *hash, |
80a47a2c TK |
377 | unsigned char *sig ); |
378 | ||
379 | /** | |
380 | * \brief Do a public RSA and check the message digest | |
381 | * | |
382 | * \param ctx points to an RSA public key | |
383 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
62d3e98d | 384 | * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512} |
67932e54 | 385 | * \param hashlen message digest length (for SIG_RSA_RAW only) |
80a47a2c TK |
386 | * \param hash buffer holding the message digest |
387 | * \param sig buffer holding the ciphertext | |
388 | * | |
389 | * \return 0 if the verify operation was successful, | |
390 | * or an POLARSSL_ERR_RSA_XXX error code | |
391 | * | |
392 | * \note The "sig" buffer must be as large as the size | |
393 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). | |
394 | */ | |
395 | int rsa_pkcs1_verify( rsa_context *ctx, | |
396 | int mode, | |
397 | int hash_id, | |
398 | int hashlen, | |
62d3e98d | 399 | const unsigned char *hash, |
80a47a2c TK |
400 | unsigned char *sig ); |
401 | ||
402 | /** | |
403 | * \brief Free the components of an RSA key | |
67932e54 TK |
404 | * |
405 | * \param ctx RSA Context to free | |
80a47a2c TK |
406 | */ |
407 | void rsa_free( rsa_context *ctx ); | |
408 | ||
62d3e98d | 409 | /* PDKIM declarations (not part of polarssl) */ |
80a47a2c | 410 | int rsa_parse_public_key( rsa_context *rsa, unsigned char *buf, int buflen ); |
80a47a2c TK |
411 | int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen, |
412 | unsigned char *pwd, int pwdlen ); | |
413 | ||
62d3e98d | 414 | |
80a47a2c TK |
415 | #ifdef __cplusplus |
416 | } | |
417 | #endif | |
418 | ||
419 | #endif /* rsa.h */ |