/* -*-c-*-
*
- * $Id: rsa.h,v 1.3 2000/07/01 11:24:37 mdw Exp $
+ * $Id: rsa.h,v 1.4 2004/04/08 01:36:15 mdw Exp $
*
* The RSA public-key cryptosystem
*
* (c) 1999 Straylight/Edgeware
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of Catacomb.
*
* it under the terms of the GNU Library General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
- *
+ *
* Catacomb is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
- *
+ *
* You should have received a copy of the GNU Library General Public
* License along with Catacomb; if not, write to the Free
* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: rsa.h,v $
- * Revision 1.3 2000/07/01 11:24:37 mdw
- * Remove bad type name `rsa_param'. New functions for freeing public and
- * private keys. Add types and functions for doing pubic key operations,
- * and padded RSA operations.
- *
- * Revision 1.2 2000/06/17 12:07:36 mdw
- * Add key fetching interface. Add new rsa_decrypt interface.
- *
- * Revision 1.1 1999/12/22 15:50:45 mdw
- * Initial RSA support.
- *
- */
-
#ifndef CATACOMB_RSA_H
#define CATACOMB_RSA_H
# include "grand.h"
#endif
+#ifndef CATACOMB_GCIPHER_H
+# include "gcipher.h"
+#endif
+
+#ifndef CATACOMB_GHASH_H
+# include "ghash.h"
+#endif
+
#ifndef CATACOMB_KEY_H
# include "key.h"
#endif
* See `oaep.h' and `pkcs1.h' for appropriate encoding functions.
*/
-typedef int (*rsa_encodeproc)(const void */*m*/, size_t /*msz*/,
- void */*buf*/, size_t /*sz*/, void */*p*/);
-typedef int (*rsa_decodeproc)(const void */*m*/, size_t /*msz*/,
- dstr */*d*/, void */*p*/);
+typedef mp *rsa_pad(mp */*d*/, const void */*m*/, size_t /*msz*/,
+ octet */*b*/, size_t /*sz*/,
+ unsigned long /*nbits*/, void */*p*/);
+
+typedef int rsa_decunpad(mp */*m*/, octet */*b*/, size_t /*sz*/,
+ unsigned long /*nbits*/, void */*p*/);
+
+typedef int rsa_vrfunpad(mp */*s*/, const void */*m*/, size_t /*msz*/,
+ octet */*b*/, size_t /*sz*/,
+ unsigned long /*nbits*/, void */*p*/);
/*----- Key fetching ------------------------------------------------------*/
/* --- @rsa_sign@ --- *
*
* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
+ * @mp *d@ = where to put the result
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
+ * Returns: The signature, as a multiprecision integer, or null on
* failure.
*
* Use: Computes an RSA digital signature.
*/
-extern int rsa_sign(rsa_privctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_encodeproc /*e*/, void */*earg*/);
+extern mp *rsa_sign(rsa_privctx */*rp*/, mp */*d*/,
+ const void */*m*/, size_t /*msz*/,
+ rsa_pad */*e*/, void */*earg*/);
/* --- @rsa_decrypt@ --- *
*
* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
- * @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
+ * @mp *m@ = encrypted message, as a multiprecision integer
* @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * @rsa_decunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
* Returns: The length of the output string if successful, negative on
* failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA decryption.
*/
-extern int rsa_decrypt(rsa_privctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_decodeproc /*e*/, void */*earg*/);
+extern int rsa_decrypt(rsa_privctx */*rp*/, mp */*m*/,
+ dstr */*d*/, rsa_decunpad */*e*/, void */*earg*/);
/*----- RSA public key operations -----------------------------------------*/
/* --- @rsa_encrypt@ --- *
*
* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
+ * @mp *d@ = proposed destination integer
* @const void *m@ = pointer to input message
- * @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_encodeproc e@ = encoding procedure
+ * @size_t msz@ = size of input message
+ * @rsa_pad *e@ = encoding procedure
* @void *earg@ = argument pointer for encoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The encrypted message, as a multiprecision integer, or null
+ * on failure.
*
* Use: Does RSA encryption.
*/
-extern int rsa_encrypt(rsa_pubctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_encodeproc /*e*/, void */*earg*/);
+extern mp *rsa_encrypt(rsa_pubctx */*rp*/, mp */*d*/,
+ const void */*m*/, size_t /*msz*/,
+ rsa_pad */*e*/, void */*earg*/);
/* --- @rsa_verify@ --- *
*
* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
- * @const void *m@ = pointer to input message
+ * @mp *s@ = the signature, as a multiprecision integer
+ * @const void *m@ = pointer to message to verify, or null
* @size_t sz@ = size of input message
- * @dstr *d@ = pointer to output string
- * @rsa_decodeproc e@ = decoding procedure
+ * @dstr *d@ = pointer to output string, or null
+ * @rsa_vfrunpad *e@ = decoding procedure
* @void *earg@ = argument pointer for decoding procedure
*
- * Returns: The length of the output string if successful, negative on
- * failure.
+ * Returns: The length of the output string if successful (0 if no output
+ * was wanted); negative on failure.
*
- * Use: Does RSA signature verification.
+ * Use: Does RSA signature verification. To use a signature scheme
+ * with recovery, pass in @m == 0@ and @d != 0@: the recovered
+ * message should appear in @d@. To use a signature scheme with
+ * appendix, provide @m != 0@ and @d == 0@; the result should be
+ * zero for success.
*/
-extern int rsa_verify(rsa_pubctx */*rp*/, const void */*m*/, size_t /*sz*/,
- dstr */*d*/, rsa_decodeproc /*e*/, void */*earg*/);
+extern int rsa_verify(rsa_pubctx */*rp*/, mp */*s*/,
+ const void */*m*/, size_t /*sz*/, dstr */*d*/,
+ rsa_vrfunpad */*e*/, void */*earg*/);
/*----- Miscellaneous operations ------------------------------------------*/
extern int rsa_recover(rsa_priv */*rp*/);
+/*----- Padding schemes ---------------------------------------------------*/
+
+/* --- PKCS1 padding --- */
+
+typedef struct pkcs1 {
+ grand *r; /* Random number source */
+ const void *ep; /* Encoding parameters block */
+ size_t epsz; /* Size of the parameter block */
+} pkcs1;
+
+extern rsa_pad pkcs1_cryptencode;
+extern rsa_decunpad pkcs1_cryptdecode;
+extern rsa_pad pkcs1_sigencode;
+extern rsa_vrfunpad pkcs1_sigdecode;
+
+/* --- OAEP --- */
+
+typedef struct oaep {
+ const gccipher *cc; /* Cipher class for masking */
+ const gchash *ch; /* Hash class for parameter block */
+ grand *r; /* Random number source */
+ const void *ep; /* Encoding parameters block */
+ size_t epsz; /* Size of the parameter block */
+} oaep;
+
+extern rsa_pad oaep_encode;
+extern rsa_decunpad oaep_decode;
+
+/* --- PSS --- */
+
+typedef struct pss {
+ const gccipher *cc; /* Cipher class for masking */
+ const gchash *ch; /* Hash class for choosing a seed */
+ grand *r; /* Random number source */
+ size_t ssz; /* Requested salt size */
+} pss;
+
+extern rsa_pad pss_encode;
+extern rsa_vrfunpad pss_decode;
+
/*----- That's all, folks -------------------------------------------------*/
#ifdef __cplusplus