Commit | Line | Data |
---|---|---|
80a47a2c TK |
1 | /** |
2 | * \file rsa.h | |
3 | * | |
4 | * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine | |
5 | * | |
6 | * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License as published by | |
10 | * the Free Software Foundation; either version 2 of the License, or | |
11 | * (at your option) any later version. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License along | |
19 | * with this program; if not, write to the Free Software Foundation, Inc., | |
20 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
22 | ||
23 | /* $Cambridge: exim/src/src/pdkim/rsa.h,v 1.2 2009/06/10 07:34:05 tom Exp $ */ | |
24 | ||
25 | #ifndef POLARSSL_RSA_H | |
26 | #define POLARSSL_RSA_H | |
27 | ||
28 | #include "bignum.h" | |
29 | ||
30 | #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x0400 | |
31 | #define POLARSSL_ERR_RSA_INVALID_PADDING -0x0410 | |
32 | #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x0420 | |
33 | #define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x0430 | |
34 | #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440 | |
35 | #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450 | |
36 | #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460 | |
37 | #define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE -0x0470 | |
38 | ||
39 | #define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014 | |
40 | #define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 | |
41 | #define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 | |
42 | #define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A | |
43 | #define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C | |
44 | ||
45 | #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 | |
46 | #define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040 | |
47 | #define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 | |
48 | #define POLARSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 | |
49 | #define POLARSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 | |
50 | #define POLARSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 | |
51 | #define POLARSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 | |
52 | #define POLARSSL_ERR_X509_CERT_INVALID_DATE -0x0100 | |
53 | #define POLARSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 | |
54 | #define POLARSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 | |
55 | #define POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 | |
56 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 | |
57 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 | |
58 | #define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 | |
59 | #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 | |
60 | #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 | |
61 | #define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 | |
62 | #define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 | |
63 | #define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 | |
64 | #define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 | |
65 | #define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 | |
66 | #define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 | |
67 | #define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 | |
68 | #define POLARSSL_ERR_X509_POINT_ERROR -0x0300 | |
69 | #define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 | |
70 | ||
71 | /* | |
72 | * DER constants | |
73 | */ | |
74 | #define ASN1_BOOLEAN 0x01 | |
75 | #define ASN1_INTEGER 0x02 | |
76 | #define ASN1_BIT_STRING 0x03 | |
77 | #define ASN1_OCTET_STRING 0x04 | |
78 | #define ASN1_NULL 0x05 | |
79 | #define ASN1_OID 0x06 | |
80 | #define ASN1_UTF8_STRING 0x0C | |
81 | #define ASN1_SEQUENCE 0x10 | |
82 | #define ASN1_SET 0x11 | |
83 | #define ASN1_PRINTABLE_STRING 0x13 | |
84 | #define ASN1_T61_STRING 0x14 | |
85 | #define ASN1_IA5_STRING 0x16 | |
86 | #define ASN1_UTC_TIME 0x17 | |
87 | #define ASN1_UNIVERSAL_STRING 0x1C | |
88 | #define ASN1_BMP_STRING 0x1E | |
89 | #define ASN1_PRIMITIVE 0x00 | |
90 | #define ASN1_CONSTRUCTED 0x20 | |
91 | #define ASN1_CONTEXT_SPECIFIC 0x80 | |
92 | ||
93 | /* | |
94 | * PKCS#1 constants | |
95 | */ | |
96 | #define RSA_RAW 0 | |
97 | #define RSA_MD2 2 | |
98 | #define RSA_MD4 3 | |
99 | #define RSA_MD5 4 | |
100 | #define RSA_SHA1 5 | |
101 | #define RSA_SHA256 6 | |
102 | ||
103 | #define RSA_PUBLIC 0 | |
104 | #define RSA_PRIVATE 1 | |
105 | ||
106 | #define RSA_PKCS_V15 0 | |
107 | #define RSA_PKCS_V21 1 | |
108 | ||
109 | #define RSA_SIGN 1 | |
110 | #define RSA_CRYPT 2 | |
111 | ||
112 | /* | |
113 | * DigestInfo ::= SEQUENCE { | |
114 | * digestAlgorithm DigestAlgorithmIdentifier, | |
115 | * digest Digest } | |
116 | * | |
117 | * DigestAlgorithmIdentifier ::= AlgorithmIdentifier | |
118 | * | |
119 | * Digest ::= OCTET STRING | |
120 | */ | |
121 | #define ASN1_HASH_MDX \ | |
122 | "\x30\x20\x30\x0C\x06\x08\x2A\x86\x48" \ | |
123 | "\x86\xF7\x0D\x02\x00\x05\x00\x04\x10" | |
124 | ||
125 | #define ASN1_HASH_SHA1 \ | |
126 | "\x30\x21\x30\x09\x06\x05\x2B\x0E\x03" \ | |
127 | "\x02\x1A\x05\x00\x04\x14" | |
128 | ||
129 | #define ASN1_HASH_SHA256 \ | |
130 | "\x30\x31\x30\x0d\x06\x09\x60\x86\x48" \ | |
131 | "\x01\x65\x03\x04\x02\x01\x05\x00\x04" \ | |
132 | "\x20" | |
133 | ||
134 | /** | |
135 | * \brief RSA context structure | |
136 | */ | |
137 | typedef struct | |
138 | { | |
139 | int ver; /*!< always 0 */ | |
140 | int len; /*!< size(N) in chars */ | |
141 | ||
142 | mpi N; /*!< public modulus */ | |
143 | mpi E; /*!< public exponent */ | |
144 | ||
145 | mpi D; /*!< private exponent */ | |
146 | mpi P; /*!< 1st prime factor */ | |
147 | mpi Q; /*!< 2nd prime factor */ | |
148 | mpi DP; /*!< D % (P - 1) */ | |
149 | mpi DQ; /*!< D % (Q - 1) */ | |
150 | mpi QP; /*!< 1 / (Q % P) */ | |
151 | ||
152 | mpi RN; /*!< cached R^2 mod N */ | |
153 | mpi RP; /*!< cached R^2 mod P */ | |
154 | mpi RQ; /*!< cached R^2 mod Q */ | |
155 | ||
156 | int padding; /*!< 1.5 or OAEP/PSS */ | |
157 | int hash_id; /*!< hash identifier */ | |
158 | int (*f_rng)(void *); /*!< RNG function */ | |
159 | void *p_rng; /*!< RNG parameter */ | |
160 | } | |
161 | rsa_context; | |
162 | ||
163 | #ifdef __cplusplus | |
164 | extern "C" { | |
165 | #endif | |
166 | ||
167 | /** | |
168 | * \brief Initialize an RSA context | |
169 | * | |
170 | * \param ctx RSA context to be initialized | |
171 | * \param padding RSA_PKCS_V15 or RSA_PKCS_V21 | |
172 | * \param hash_id RSA_PKCS_V21 hash identifier | |
173 | * \param f_rng RNG function | |
174 | * \param p_rng RNG parameter | |
175 | * | |
176 | * \note The hash_id parameter is actually ignored | |
177 | * when using RSA_PKCS_V15 padding. | |
178 | * | |
179 | * \note Currently (xyssl-0.8), RSA_PKCS_V21 padding | |
180 | * is not supported. | |
181 | */ | |
182 | void rsa_init( rsa_context *ctx, | |
183 | int padding, | |
184 | int hash_id, | |
185 | int (*f_rng)(void *), | |
186 | void *p_rng ); | |
187 | ||
188 | /** | |
189 | * \brief Generate an RSA keypair | |
190 | * | |
191 | * \param ctx RSA context that will hold the key | |
192 | * \param nbits size of the public key in bits | |
193 | * \param exponent public exponent (e.g., 65537) | |
194 | * | |
195 | * \note rsa_init() must be called beforehand to setup | |
196 | * the RSA context (especially f_rng and p_rng). | |
197 | * | |
198 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
199 | */ | |
200 | int rsa_gen_key( rsa_context *ctx, int nbits, int exponent ); | |
201 | ||
202 | /** | |
203 | * \brief Check a public RSA key | |
204 | * | |
205 | * \param ctx RSA context to be checked | |
206 | * | |
207 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
208 | */ | |
209 | int rsa_check_pubkey( rsa_context *ctx ); | |
210 | ||
211 | /** | |
212 | * \brief Check a private RSA key | |
213 | * | |
214 | * \param ctx RSA context to be checked | |
215 | * | |
216 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
217 | */ | |
218 | int rsa_check_privkey( rsa_context *ctx ); | |
219 | ||
220 | /** | |
221 | * \brief Do an RSA public key operation | |
222 | * | |
223 | * \param ctx RSA context | |
224 | * \param input input buffer | |
225 | * \param output output buffer | |
226 | * | |
227 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
228 | * | |
229 | * \note This function does NOT take care of message | |
230 | * padding. Also, be sure to set input[0] = 0. | |
231 | * | |
232 | * \note The input and output buffers must be large | |
233 | * enough (eg. 128 bytes if RSA-1024 is used). | |
234 | */ | |
235 | int rsa_public( rsa_context *ctx, | |
236 | unsigned char *input, | |
237 | unsigned char *output ); | |
238 | ||
239 | /** | |
240 | * \brief Do an RSA private key operation | |
241 | * | |
242 | * \param ctx RSA context | |
243 | * \param input input buffer | |
244 | * \param output output buffer | |
245 | * | |
246 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
247 | * | |
248 | * \note The input and output buffers must be large | |
249 | * enough (eg. 128 bytes if RSA-1024 is used). | |
250 | */ | |
251 | int rsa_private( rsa_context *ctx, | |
252 | unsigned char *input, | |
253 | unsigned char *output ); | |
254 | ||
255 | /** | |
256 | * \brief Add the message padding, then do an RSA operation | |
257 | * | |
258 | * \param ctx RSA context | |
259 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
260 | * \param ilen contains the the plaintext length | |
261 | * \param input buffer holding the data to be encrypted | |
262 | * \param output buffer that will hold the ciphertext | |
263 | * | |
264 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
265 | * | |
266 | * \note The output buffer must be as large as the size | |
267 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). | |
268 | */ | |
269 | int rsa_pkcs1_encrypt( rsa_context *ctx, | |
270 | int mode, int ilen, | |
271 | unsigned char *input, | |
272 | unsigned char *output ); | |
273 | ||
274 | /** | |
275 | * \brief Do an RSA operation, then remove the message padding | |
276 | * | |
277 | * \param ctx RSA context | |
278 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
279 | * \param input buffer holding the encrypted data | |
280 | * \param output buffer that will hold the plaintext | |
281 | * \param olen will contain the plaintext length | |
282 | * \param output_max_len maximum length of the output buffer | |
283 | * | |
284 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code | |
285 | * | |
286 | * \note The output buffer must be as large as the size | |
287 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise | |
288 | * an error is thrown. | |
289 | */ | |
290 | int rsa_pkcs1_decrypt( rsa_context *ctx, | |
291 | int mode, int *olen, | |
292 | unsigned char *input, | |
293 | unsigned char *output, | |
294 | int output_max_len); | |
295 | ||
296 | /** | |
297 | * \brief Do a private RSA to sign a message digest | |
298 | * | |
299 | * \param ctx RSA context | |
300 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
301 | * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} | |
302 | * \param hashlen message digest length (for RSA_RAW only) | |
303 | * \param hash buffer holding the message digest | |
304 | * \param sig buffer that will hold the ciphertext | |
305 | * | |
306 | * \return 0 if the signing operation was successful, | |
307 | * or an POLARSSL_ERR_RSA_XXX error code | |
308 | * | |
309 | * \note The "sig" buffer must be as large as the size | |
310 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). | |
311 | */ | |
312 | int rsa_pkcs1_sign( rsa_context *ctx, | |
313 | int mode, | |
314 | int hash_id, | |
315 | int hashlen, | |
316 | unsigned char *hash, | |
317 | unsigned char *sig ); | |
318 | ||
319 | /** | |
320 | * \brief Do a public RSA and check the message digest | |
321 | * | |
322 | * \param ctx points to an RSA public key | |
323 | * \param mode RSA_PUBLIC or RSA_PRIVATE | |
324 | * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} | |
325 | * \param hashlen message digest length (for RSA_RAW only) | |
326 | * \param hash buffer holding the message digest | |
327 | * \param sig buffer holding the ciphertext | |
328 | * | |
329 | * \return 0 if the verify operation was successful, | |
330 | * or an POLARSSL_ERR_RSA_XXX error code | |
331 | * | |
332 | * \note The "sig" buffer must be as large as the size | |
333 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). | |
334 | */ | |
335 | int rsa_pkcs1_verify( rsa_context *ctx, | |
336 | int mode, | |
337 | int hash_id, | |
338 | int hashlen, | |
339 | unsigned char *hash, | |
340 | unsigned char *sig ); | |
341 | ||
342 | /** | |
343 | * \brief Free the components of an RSA key | |
344 | */ | |
345 | void rsa_free( rsa_context *ctx ); | |
346 | ||
347 | int rsa_parse_public_key( rsa_context *rsa, unsigned char *buf, int buflen ); | |
348 | ||
349 | int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen, | |
350 | unsigned char *pwd, int pwdlen ); | |
351 | ||
352 | #ifdef __cplusplus | |
353 | } | |
354 | #endif | |
355 | ||
356 | #endif /* rsa.h */ |