+/*----- RSA private key operations ----------------------------------------*/
+
+/* --- @rsa_privcreate@ --- *
+ *
+ * Arguments: @rsa_privctx *rd@ = pointer to an RSA private key context
+ * @rsa_priv *rp@ = pointer to RSA private key
+ * @grand *r@ = pointer to random number source for blinding
+ *
+ * Returns: ---
+ *
+ * Use: Initializes an RSA private-key context. Keeping a context
+ * for several decryption or signing operations provides a minor
+ * performance benefit.
+ *
+ * The random number source may be null if blinding is not
+ * desired. This improves decryption speed, at the risk of
+ * permitting timing attacks.
+ */
+
+extern void rsa_privcreate(rsa_privctx */*rd*/, rsa_priv */*rp*/,
+ grand */*r*/);
+
+/* --- @rsa_privdestroy@ --- *
+ *
+ * Arguments: @rsa_privctx *rd@ = pointer to an RSA decryption context
+ *
+ * Returns: ---
+ *
+ * Use: Destroys an RSA decryption context.
+ */
+
+extern void rsa_privdestroy(rsa_privctx */*rd*/);
+
+/* --- @rsa_privop@ --- *
+ *
+ * Arguments: @rsa_privctx *rd@ = pointer to RSA private key context
+ * @mp *d@ = destination
+ * @mp *c@ = input message
+ *
+ * Returns: The transformed output message.
+ *
+ * Use: Performs an RSA private key operation. This function takes
+ * advantage of knowledge of the key factors in order to speed
+ * up decryption. It also blinds the ciphertext prior to
+ * decryption and unblinds it afterwards to thwart timing
+ * attacks.
+ */
+
+extern mp *rsa_privop(rsa_privctx */*rd*/, mp */*d*/, mp */*c*/);
+
+/* --- @rsa_qprivop@ --- *
+ *
+ * Arguments: @rsa_priv *rp@ = pointer to RSA parameters
+ * @mp *d@ = destination
+ * @mp *c@ = input message
+ * @grand *r@ = pointer to random number source for blinding
+ *
+ * Returns: Correctly transformed output message
+ *
+ * Use: Performs an RSA private key operation, very carefully.
+ */
+
+extern mp *rsa_qprivop(rsa_priv */*rp*/, mp */*d*/, mp */*c*/, grand */*r*/);
+
+/* --- @rsa_sign@ --- *
+ *
+ * Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
+ * @mp *d@ = where to put the result
+ * @const void *m@ = pointer to input message
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
+ * @void *earg@ = argument pointer for encoding procedure
+ *
+ * Returns: The signature, as a multiprecision integer, or null on
+ * failure.
+ *
+ * Use: Computes an RSA digital signature.
+ */
+
+extern mp *rsa_sign(rsa_privctx */*rp*/, mp */*d*/,
+ const void */*m*/, size_t /*msz*/,
+ rsa_pad */*e*/, void */*earg*/);
+
+/* --- @rsa_decrypt@ --- *
+ *
+ * Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
+ * @mp *m@ = encrypted message, as a multiprecision integer
+ * @dstr *d@ = pointer to output string
+ * @rsa_decunpad *e@ = decoding procedure
+ * @void *earg@ = argument pointer for decoding procedure
+ *
+ * Returns: The length of the output string if successful, negative on
+ * failure.
+ *
+ * Use: Does RSA decryption.
+ */
+
+extern int rsa_decrypt(rsa_privctx */*rp*/, mp */*m*/,
+ dstr */*d*/, rsa_decunpad */*e*/, void */*earg*/);
+
+/*----- RSA public key operations -----------------------------------------*/
+
+/* --- @rsa_pubcreate@ --- *
+ *
+ * Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
+ * @rsa_pub *rp@ = pointer to RSA public key
+ *
+ * Returns: ---
+ *
+ * Use: Initializes an RSA public-key context.
+ */
+
+extern void rsa_pubcreate(rsa_pubctx */*rd*/, rsa_pub */*rp*/);
+
+/* --- @rsa_pubdestroy@ --- *
+ *
+ * Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
+ *
+ * Returns: ---
+ *
+ * Use: Destroys an RSA public-key context.
+ */
+
+extern void rsa_pubdestroy(rsa_pubctx */*rd*/);
+
+/* --- @rsa_pubop@ --- *
+ *
+ * Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
+ * @mp *d@ = destination
+ * @mp *p@ = input message
+ *
+ * Returns: The transformed output message.
+ *
+ * Use: Performs an RSA public key operation.
+ */
+
+extern mp *rsa_pubop(rsa_pubctx */*rd*/, mp */*d*/, mp */*p*/);
+
+/* --- @rsa_qpubop@ --- *
+ *
+ * Arguments: @rsa_pub *rp@ = pointer to RSA parameters
+ * @mp *d@ = destination
+ * @mp *p@ = input message
+ *
+ * Returns: Correctly transformed output message.
+ *
+ * Use: Performs an RSA public key operation.
+ */
+
+extern mp *rsa_qpubop(rsa_pub */*rp*/, mp */*d*/, mp */*c*/);
+
+/* --- @rsa_encrypt@ --- *
+ *
+ * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
+ * @mp *d@ = proposed destination integer
+ * @const void *m@ = pointer to input message
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
+ * @void *earg@ = argument pointer for encoding procedure
+ *
+ * Returns: The encrypted message, as a multiprecision integer, or null
+ * on failure.
+ *
+ * Use: Does RSA encryption.
+ */
+
+extern mp *rsa_encrypt(rsa_pubctx */*rp*/, mp */*d*/,
+ const void */*m*/, size_t /*msz*/,
+ rsa_pad */*e*/, void */*earg*/);
+
+/* --- @rsa_verify@ --- *
+ *
+ * Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
+ * @mp *s@ = the signature, as a multiprecision integer
+ * @const void *m@ = pointer to message to verify, or null
+ * @size_t sz@ = size of input message
+ * @dstr *d@ = pointer to output string, or null
+ * @rsa_vfrunpad *e@ = decoding procedure
+ * @void *earg@ = argument pointer for decoding procedure
+ *
+ * Returns: The length of the output string if successful (0 if no output
+ * was wanted); negative on failure.
+ *
+ * Use: Does RSA signature verification. To use a signature scheme
+ * with recovery, pass in @m == 0@ and @d != 0@: the recovered
+ * message should appear in @d@. To use a signature scheme with
+ * appendix, provide @m != 0@ and @d == 0@; the result should be
+ * zero for success.
+ */
+
+extern int rsa_verify(rsa_pubctx */*rp*/, mp */*s*/,
+ const void */*m*/, size_t /*sz*/, dstr */*d*/,
+ rsa_vrfunpad */*e*/, void */*earg*/);
+
+/*----- Miscellaneous operations ------------------------------------------*/