projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[INCLUDE]
[reactos.git] / reactos / include / reactos / libs / gnutls / nettle / rsa.h
1 /* rsa.h
2 *
3 * The RSA publickey algorithm.
4 */
5
6 /* nettle, low-level cryptographics library
7 *
8 * Copyright (C) 2001, 2002 Niels Möller
9 *
10 * The nettle library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published by
12 * the Free Software Foundation; either version 2.1 of the License, or (at your
13 * option) any later version.
14 *
15 * The nettle library is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
18 * License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with the nettle library; see the file COPYING.LIB. If not, write to
22 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
23 * MA 02111-1301, USA.
24 */
25
26 #ifndef NETTLE_RSA_H_INCLUDED
27 #define NETTLE_RSA_H_INCLUDED
28
29 #include <gmp.h>
30 #include "nettle-types.h"
31
32 #include "md5.h"
33 #include "sha1.h"
34 #include "sha2.h"
35
36 #ifdef __cplusplus
37 extern "C" {
38 #endif
39
40 /* Name mangling */
41 #define rsa_public_key_init nettle_rsa_public_key_init
42 #define rsa_public_key_clear nettle_rsa_public_key_clear
43 #define rsa_public_key_prepare nettle_rsa_public_key_prepare
44 #define rsa_private_key_init nettle_rsa_private_key_init
45 #define rsa_private_key_clear nettle_rsa_private_key_clear
46 #define rsa_private_key_prepare nettle_rsa_private_key_prepare
47 #define rsa_pkcs1_verify nettle_rsa_pkcs1_verify
48 #define rsa_pkcs1_sign nettle_rsa_pkcs1_sign
49 #define rsa_pkcs1_sign_tr nettle_rsa_pkcs1_sign_tr
50 #define rsa_md5_sign nettle_rsa_md5_sign
51 #define rsa_md5_verify nettle_rsa_md5_verify
52 #define rsa_sha1_sign nettle_rsa_sha1_sign
53 #define rsa_sha1_verify nettle_rsa_sha1_verify
54 #define rsa_sha256_sign nettle_rsa_sha256_sign
55 #define rsa_sha256_verify nettle_rsa_sha256_verify
56 #define rsa_sha512_sign nettle_rsa_sha512_sign
57 #define rsa_sha512_verify nettle_rsa_sha512_verify
58 #define rsa_md5_sign_digest nettle_rsa_md5_sign_digest
59 #define rsa_md5_verify_digest nettle_rsa_md5_verify_digest
60 #define rsa_sha1_sign_digest nettle_rsa_sha1_sign_digest
61 #define rsa_sha1_verify_digest nettle_rsa_sha1_verify_digest
62 #define rsa_sha256_sign_digest nettle_rsa_sha256_sign_digest
63 #define rsa_sha256_verify_digest nettle_rsa_sha256_verify_digest
64 #define rsa_sha512_sign_digest nettle_rsa_sha512_sign_digest
65 #define rsa_sha512_verify_digest nettle_rsa_sha512_verify_digest
66 #define rsa_encrypt nettle_rsa_encrypt
67 #define rsa_decrypt nettle_rsa_decrypt
68 #define rsa_decrypt_tr nettle_rsa_decrypt_tr
69 #define rsa_compute_root nettle_rsa_compute_root
70 #define rsa_generate_keypair nettle_rsa_generate_keypair
71 #define rsa_keypair_to_sexp nettle_rsa_keypair_to_sexp
72 #define rsa_keypair_from_sexp_alist nettle_rsa_keypair_from_sexp_alist
73 #define rsa_keypair_from_sexp nettle_rsa_keypair_from_sexp
74 #define rsa_public_key_from_der_iterator nettle_rsa_public_key_from_der_iterator
75 #define rsa_private_key_from_der_iterator nettle_rsa_private_key_from_der_iterator
76 #define rsa_keypair_from_der nettle_rsa_keypair_from_der
77 #define rsa_keypair_to_openpgp nettle_rsa_keypair_to_openpgp
78 #define _rsa_verify _nettle_rsa_verify
79 #define _rsa_check_size _nettle_rsa_check_size
80 #define _rsa_blind _nettle_rsa_blind
81 #define _rsa_unblind _nettle_rsa_unblind
82
83 /* This limit is somewhat arbitrary. Technically, the smallest modulo
84 which makes sense at all is 15 = 3*5, phi(15) = 8, size 4 bits. But
85 for ridiculously small keys, not all odd e are possible (e.g., for
86 5 bits, the only possible modulo is 3*7 = 21, phi(21) = 12, and e =
87 3 don't work). The smallest size that makes sense with pkcs#1, and
88 which allows RSA encryption of one byte messages, is 12 octets, 89
89 bits. */
90
91 #define RSA_MINIMUM_N_OCTETS 12
92 #define RSA_MINIMUM_N_BITS (8*RSA_MINIMUM_N_OCTETS - 7)
93
94 struct rsa_public_key {
95 /* Size of the modulo, in octets. This is also the size of all
96 * signatures that are created or verified with this key. */
97 unsigned size;
98
99 /* Modulo */
100 mpz_t n;
101
102 /* Public exponent */
103 mpz_t e;
104 };
105
106 struct rsa_private_key {
107 unsigned size;
108
109 /* d is filled in by the key generation function; otherwise it's
110 * completely unused. */
111 mpz_t d;
112
113 /* The two factors */
114 mpz_t p;
115 mpz_t q;
116
117 /* d % (p-1), i.e. a e = 1 (mod (p-1)) */
118 mpz_t a;
119
120 /* d % (q-1), i.e. b e = 1 (mod (q-1)) */
121 mpz_t b;
122
123 /* modular inverse of q , i.e. c q = 1 (mod p) */
124 mpz_t c;
125 };
126
127 /* Signing a message works as follows:
128 *
129 * Store the private key in a rsa_private_key struct.
130 *
131 * Call rsa_private_key_prepare. This initializes the size attribute
132 * to the length of a signature.
133 *
134 * Initialize a hashing context, by callling
135 * md5_init
136 *
137 * Hash the message by calling
138 * md5_update
139 *
140 * Create the signature by calling
141 * rsa_md5_sign
142 *
143 * The signature is represented as a mpz_t bignum. This call also
144 * resets the hashing context.
145 *
146 * When done with the key and signature, don't forget to call
147 * mpz_clear.
148 */
149
150 /* Calls mpz_init to initialize bignum storage. */
151 void
152 rsa_public_key_init(struct rsa_public_key *key);
153
154 /* Calls mpz_clear to deallocate bignum storage. */
155 void
156 rsa_public_key_clear(struct rsa_public_key *key);
157
158 int
159 rsa_public_key_prepare(struct rsa_public_key *key);
160
161 /* Calls mpz_init to initialize bignum storage. */
162 void
163 rsa_private_key_init(struct rsa_private_key *key);
164
165 /* Calls mpz_clear to deallocate bignum storage. */
166 void
167 rsa_private_key_clear(struct rsa_private_key *key);
168
169 int
170 rsa_private_key_prepare(struct rsa_private_key *key);
171
172
173 /* PKCS#1 style signatures */
174 int
175 rsa_pkcs1_sign(const struct rsa_private_key *key,
176 unsigned length, const uint8_t * digest_info,
177 mpz_t s);
178
179 int
180 rsa_pkcs1_sign_tr(const struct rsa_public_key *pub,
181 const struct rsa_private_key *key,
182 void *random_ctx, nettle_random_func * random,
183 unsigned length, const uint8_t * digest_info,
184 mpz_t s);
185 int
186 rsa_pkcs1_verify(const struct rsa_public_key *key,
187 unsigned length, const uint8_t * digest_info,
188 const mpz_t signature);
189
190 int
191 rsa_md5_sign(const struct rsa_private_key *key,
192 struct md5_ctx *hash, mpz_t signature);
193
194
195 int
196 rsa_md5_verify(const struct rsa_public_key *key,
197 struct md5_ctx *hash, const mpz_t signature);
198
199 int
200 rsa_sha1_sign(const struct rsa_private_key *key,
201 struct sha1_ctx *hash, mpz_t signature);
202
203 int
204 rsa_sha1_verify(const struct rsa_public_key *key,
205 struct sha1_ctx *hash, const mpz_t signature);
206
207 int
208 rsa_sha256_sign(const struct rsa_private_key *key,
209 struct sha256_ctx *hash, mpz_t signature);
210
211 int
212 rsa_sha256_verify(const struct rsa_public_key *key,
213 struct sha256_ctx *hash, const mpz_t signature);
214
215 int
216 rsa_sha512_sign(const struct rsa_private_key *key,
217 struct sha512_ctx *hash, mpz_t signature);
218
219 int
220 rsa_sha512_verify(const struct rsa_public_key *key,
221 struct sha512_ctx *hash, const mpz_t signature);
222
223 /* Variants taking the digest as argument. */
224 int
225 rsa_md5_sign_digest(const struct rsa_private_key *key,
226 const uint8_t * digest, mpz_t s);
227
228 int
229 rsa_md5_verify_digest(const struct rsa_public_key *key,
230 const uint8_t * digest,
231 const mpz_t signature);
232
233 int
234 rsa_sha1_sign_digest(const struct rsa_private_key *key,
235 const uint8_t * digest, mpz_t s);
236
237 int
238 rsa_sha1_verify_digest(const struct rsa_public_key *key,
239 const uint8_t * digest,
240 const mpz_t signature);
241
242 int
243 rsa_sha256_sign_digest(const struct rsa_private_key *key,
244 const uint8_t * digest, mpz_t s);
245
246 int
247 rsa_sha256_verify_digest(const struct rsa_public_key *key,
248 const uint8_t * digest,
249 const mpz_t signature);
250
251 int
252 rsa_sha512_sign_digest(const struct rsa_private_key *key,
253 const uint8_t * digest, mpz_t s);
254
255 int
256 rsa_sha512_verify_digest(const struct rsa_public_key *key,
257 const uint8_t * digest,
258 const mpz_t signature);
259
260
261 /* RSA encryption, using PKCS#1 */
262 /* These functions uses the v1.5 padding. What should the v2 (OAEP)
263 * functions be called? */
264
265 /* Returns 1 on success, 0 on failure, which happens if the
266 * message is too long for the key. */
267 int
268 rsa_encrypt(const struct rsa_public_key *key,
269 /* For padding */
270 void *random_ctx, nettle_random_func * random,
271 unsigned length, const uint8_t * cleartext,
272 mpz_t cipher);
273
274 /* Message must point to a buffer of size *LENGTH. KEY->size is enough
275 * for all valid messages. On success, *LENGTH is updated to reflect
276 * the actual length of the message. Returns 1 on success, 0 on
277 * failure, which happens if decryption failed or if the message
278 * didn't fit. */
279 int
280 rsa_decrypt(const struct rsa_private_key *key,
281 unsigned *length, uint8_t * cleartext,
282 const mpz_t ciphertext);
283
284 /* Timing-resistant version, using randomized RSA blinding. */
285 int
286 rsa_decrypt_tr(const struct rsa_public_key *pub,
287 const struct rsa_private_key *key,
288 void *random_ctx, nettle_random_func * random,
289 unsigned *length, uint8_t * message,
290 const mpz_t gibberish);
291
292 /* Compute x, the e:th root of m. Calling it with x == m is allowed. */
293 void
294 rsa_compute_root(const struct rsa_private_key *key,
295 mpz_t x, const mpz_t m);
296
297
298 /* Key generation */
299
300 /* Note that the key structs must be initialized first. */
301 int
302 rsa_generate_keypair(struct rsa_public_key *pub,
303 struct rsa_private_key *key,
304 void *random_ctx,
305 nettle_random_func * random,
306 void *progress_ctx,
307 nettle_progress_func * progress,
308 /* Desired size of modulo, in bits */
309 unsigned n_size,
310 /* Desired size of public exponent, in bits. If
311 * zero, the passed in value pub->e is used. */
312 unsigned e_size);
313
314
315 #define RSA_SIGN(key, algorithm, ctx, length, data, signature) ( \
316 algorithm##_update(ctx, length, data), \
317 rsa_##algorithm##_sign(key, ctx, signature) \
318 )
319
320 #define RSA_VERIFY(key, algorithm, ctx, length, data, signature) ( \
321 algorithm##_update(ctx, length, data), \
322 rsa_##algorithm##_verify(key, ctx, signature) \
323 )
324 \f
325
326 /* Keys in sexp form. */
327
328 struct nettle_buffer;
329
330 /* Generates a public-key expression if PRIV is NULL .*/
331 int
332 rsa_keypair_to_sexp(struct nettle_buffer *buffer, const char *algorithm_name, /* NULL means "rsa" */
333 const struct rsa_public_key *pub,
334 const struct rsa_private_key *priv);
335
336 struct sexp_iterator;
337
338 int
339 rsa_keypair_from_sexp_alist(struct rsa_public_key *pub,
340 struct rsa_private_key *priv,
341 unsigned limit,
342 struct sexp_iterator *i);
343
344 /* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
345 * expect a private key expression and ignore the parts not needed for
346 * the public key. */
347 /* Keys must be initialized before calling this function, as usual. */
348 int
349 rsa_keypair_from_sexp(struct rsa_public_key *pub,
350 struct rsa_private_key *priv,
351 unsigned limit,
352 unsigned length, const uint8_t * expr);
353
354
355 /* Keys in PKCS#1 format. */
356 struct asn1_der_iterator;
357
358 int
359 rsa_public_key_from_der_iterator(struct rsa_public_key *pub,
360 unsigned limit,
361 struct asn1_der_iterator *i);
362
363 int
364 rsa_private_key_from_der_iterator(struct rsa_public_key *pub,
365 struct rsa_private_key *priv,
366 unsigned limit,
367 struct asn1_der_iterator *i);
368
369 /* For public keys, use PRIV == NULL */
370 int
371 rsa_keypair_from_der(struct rsa_public_key *pub,
372 struct rsa_private_key *priv,
373 unsigned limit,
374 unsigned length, const uint8_t * data);
375
376 /* OpenPGP format. Experimental interface, subject to change. */
377 int
378 rsa_keypair_to_openpgp(struct nettle_buffer *buffer,
379 const struct rsa_public_key *pub,
380 const struct rsa_private_key *priv,
381 /* A single user id. NUL-terminated utf8. */
382 const char *userid);
383
384 /* Internal functions. */
385 int
386 _rsa_verify(const struct rsa_public_key *key,
387 const mpz_t m, const mpz_t s);
388
389 unsigned
390 _rsa_check_size(mpz_t n);
391
392 void
393 _rsa_blind(const struct rsa_public_key *pub,
394 void *random_ctx, nettle_random_func * random,
395 mpz_t c, mpz_t ri);
396 void
397 _rsa_unblind(const struct rsa_public_key *pub, mpz_t c,
398 const mpz_t ri);
399
400 #ifdef __cplusplus
401 }
402 #endif
403 #endif /* NETTLE_RSA_H_INCLUDED */
A free Windows-compatible Operating System