[catacomb] / pub / rsa.h

/* -*-c-*-
 *
 * The RSA public-key cryptosystem
 *
 * (c) 1999 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#ifndef CATACOMB_RSA_H
#define CATACOMB_RSA_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Header files ------------------------------------------------------*/

#ifndef CATACOMB_GRAND_H
#  include "grand.h"
#endif

#ifndef CATACOMB_GCIPHER_H
#  include "gcipher.h"
#endif

#ifndef CATACOMB_GHASH_H
#  include "ghash.h"
#endif

#ifndef CATACOMB_KEY_H
#  include "key.h"
#endif

#ifndef CATACOMB_MP_H
#  include "mp.h"
#endif

#ifndef CATACOMB_PGEN_H
#  include "pgen.h"
#endif

/*----- Data structures ---------------------------------------------------*/

/* --- RSA private and public keys --- */

typedef struct rsa_pub {
  mp *n;
  mp *e;
} rsa_pub;

typedef struct rsa_priv {
  mp *n, *p, *q, *q_inv;
  mp *e, *d, *dp, *dq;
} rsa_priv;

/* --- RSA private and public key contexts --- *
 *
 * These are used to store information about `active' keys which will speed
 * up the various operations.
 */

typedef struct rsa_privctx {
  rsa_priv *rp;
  grand *r;
  mpmont nm, pm, qm;
} rsa_privctx;

typedef struct rsa_pubctx {
  mpmont mm;
  rsa_pub *rp;
} rsa_pubctx;

/* --- Encoding and decoding function schemas --- *
 *
 * See `oaep.h' and `pkcs1.h' for appropriate encoding functions.
 */

typedef mp *rsa_pad(mp */*d*/, const void */*m*/, size_t /*msz*/,
		    octet */*b*/, size_t /*sz*/,
		    unsigned long /*nbits*/, void */*p*/);

typedef int rsa_decunpad(mp */*m*/, octet */*b*/, size_t /*sz*/,
			 unsigned long /*nbits*/, void */*p*/);

typedef int rsa_vrfunpad(mp */*s*/, const void */*m*/, size_t /*msz*/,
			 octet */*b*/, size_t /*sz*/,
			 unsigned long /*nbits*/, void */*p*/);

/*----- Key fetching ------------------------------------------------------*/

extern const key_fetchdef rsa_pubfetch[];
#define RSA_PUBFETCHSZ 4

extern const key_fetchdef rsa_privfetch[];
#define RSA_PRIVFETCHSZ 12

/* --- @rsa_pubfree@, @rsa_privfree@ --- *
 *
 * Arguments:	@rsa_pub *rp@, @rsa_priv *rp@ = pointer to key block
 *
 * Returns:	---
 *
 * Use:		Frees an RSA key block.
 */

extern void rsa_pubfree(rsa_pub */*rp*/);
extern void rsa_privfree(rsa_priv */*rp*/);

/*----- RSA private key operations ----------------------------------------*/

/* --- @rsa_privcreate@ --- *
 *
 * Arguments:	@rsa_privctx *rd@ = pointer to an RSA private key context
 *		@rsa_priv *rp@ = pointer to RSA private key
 *		@grand *r@ = pointer to random number source for blinding
 *
 * Returns:	---
 *
 * Use:		Initializes an RSA private-key context.  Keeping a context
 *		for several decryption or signing operations provides a minor
 *		performance benefit.
 *
 *		The random number source may be null if blinding is not
 *		desired.  This improves decryption speed, at the risk of
 *		permitting timing attacks.
 */

extern void rsa_privcreate(rsa_privctx */*rd*/, rsa_priv */*rp*/,
			   grand */*r*/);

/* --- @rsa_privdestroy@ --- *
 *
 * Arguments:	@rsa_privctx *rd@ = pointer to an RSA decryption context
 *
 * Returns:	---
 *
 * Use:		Destroys an RSA decryption context.
 */

extern void rsa_privdestroy(rsa_privctx */*rd*/);

/* --- @rsa_privop@ --- *
 *
 * Arguments:	@rsa_privctx *rd@ = pointer to RSA private key context
 *		@mp *d@ = destination
 *		@mp *c@ = input message
 *
 * Returns:	The transformed output message.
 *
 * Use:		Performs an RSA private key operation.  This function takes
 *		advantage of knowledge of the key factors in order to speed
 *		up decryption.  It also blinds the ciphertext prior to
 *		decryption and unblinds it afterwards to thwart timing
 *		attacks.
 */

extern mp *rsa_privop(rsa_privctx */*rd*/, mp */*d*/, mp */*c*/);

/* --- @rsa_qprivop@ --- *
 *
 * Arguments:	@rsa_priv *rp@ = pointer to RSA parameters
 *		@mp *d@ = destination
 *		@mp *c@ = input message
 *		@grand *r@ = pointer to random number source for blinding
 *
 * Returns:	Correctly transformed output message
 *
 * Use:		Performs an RSA private key operation, very carefully.
 */

extern mp *rsa_qprivop(rsa_priv */*rp*/, mp */*d*/, mp */*c*/, grand */*r*/);

/* --- @rsa_sign@ --- *
 *
 * Arguments:	@rsa_privctx *rp@ = pointer to an RSA private key context
 *		@mp *d@ = where to put the result
 *		@const void *m@ = pointer to input message
 *		@size_t msz@ = size of input message
 *		@rsa_pad *e@ = encoding procedure
 *		@void *earg@ = argument pointer for encoding procedure
 *
 * Returns:	The signature, as a multiprecision integer, or null on
 *		failure.
 *
 * Use:		Computes an RSA digital signature.
 */

extern mp *rsa_sign(rsa_privctx */*rp*/, mp */*d*/,
		    const void */*m*/, size_t /*msz*/,
		    rsa_pad */*e*/, void */*earg*/);

/* --- @rsa_decrypt@ --- *
 *
 * Arguments:	@rsa_privctx *rp@ = pointer to an RSA private key context
 *		@mp *m@ = encrypted message, as a multiprecision integer
 *		@dstr *d@ = pointer to output string
 *		@rsa_decunpad *e@ = decoding procedure
 *		@void *earg@ = argument pointer for decoding procedure
 *
 * Returns:	The length of the output string if successful, negative on
 *		failure.
 *
 * Use:		Does RSA decryption.
 */

extern int rsa_decrypt(rsa_privctx */*rp*/, mp */*m*/,
		       dstr */*d*/, rsa_decunpad */*e*/, void */*earg*/);

/*----- RSA public key operations -----------------------------------------*/

/* --- @rsa_pubcreate@ --- *
 *
 * Arguments:	@rsa_pubctx *rd@ = pointer to an RSA public key context
 *		@rsa_pub *rp@ = pointer to RSA public key
 *
 * Returns:	---
 *
 * Use:		Initializes an RSA public-key context.
 */

extern void rsa_pubcreate(rsa_pubctx */*rd*/, rsa_pub */*rp*/);

/* --- @rsa_pubdestroy@ --- *
 *
 * Arguments:	@rsa_pubctx *rd@ = pointer to an RSA public key context
 *
 * Returns:	---
 *
 * Use:		Destroys an RSA public-key context.
 */

extern void rsa_pubdestroy(rsa_pubctx */*rd*/);

/* --- @rsa_pubop@ --- *
 *
 * Arguments:	@rsa_pubctx *rd@ = pointer to an RSA public key context
 *		@mp *d@ = destination
 *		@mp *p@ = input message
 *
 * Returns:	The transformed output message.
 *
 * Use:		Performs an RSA public key operation.
 */

extern mp *rsa_pubop(rsa_pubctx */*rd*/, mp */*d*/, mp */*p*/);

/* --- @rsa_qpubop@ --- *
 *
 * Arguments:	@rsa_pub *rp@ = pointer to RSA parameters
 *		@mp *d@ = destination
 *		@mp *p@ = input message
 *
 * Returns:	Correctly transformed output message.
 *
 * Use:		Performs an RSA public key operation.
 */

extern mp *rsa_qpubop(rsa_pub */*rp*/, mp */*d*/, mp */*c*/);

/* --- @rsa_encrypt@ --- *
 *
 * Arguments:	@rsa_pubctx *rp@ = pointer to an RSA public key context
 *		@mp *d@ = proposed destination integer
 *		@const void *m@ = pointer to input message
 *		@size_t msz@ = size of input message
 *		@rsa_pad *e@ = encoding procedure
 *		@void *earg@ = argument pointer for encoding procedure
 *
 * Returns:	The encrypted message, as a multiprecision integer, or null
 *		on failure.
 *
 * Use:		Does RSA encryption.
 */

extern mp *rsa_encrypt(rsa_pubctx */*rp*/, mp */*d*/,
		       const void */*m*/, size_t /*msz*/,
		       rsa_pad */*e*/, void */*earg*/);

/* --- @rsa_verify@ --- *
 *
 * Arguments:	@rsa_pubctx *rp@ = pointer to an RSA public key contxt
 *		@mp *s@ = the signature, as a multiprecision integer
 *		@const void *m@ = pointer to message to verify, or null
 *		@size_t sz@ = size of input message
 *		@dstr *d@ = pointer to output string, or null
 *		@rsa_vfrunpad *e@ = decoding procedure
 *		@void *earg@ = argument pointer for decoding procedure
 *
 * Returns:	The length of the output string if successful (0 if no output
 *		was wanted); negative on failure.
 *
 * Use:		Does RSA signature verification.  To use a signature scheme
 *		with recovery, pass in @m == 0@ and @d != 0@: the recovered
 *		message should appear in @d@.  To use a signature scheme with
 *		appendix, provide @m != 0@ and @d == 0@; the result should be
 *		zero for success.
 */

extern int rsa_verify(rsa_pubctx */*rp*/, mp */*s*/,
		      const void */*m*/, size_t /*sz*/, dstr */*d*/,
		      rsa_vrfunpad */*e*/, void */*earg*/);

/*----- Miscellaneous operations ------------------------------------------*/

/* --- @rsa_gen@ --- *
 *
 * Arguments:	@rsa_priv *rp@ = pointer to block to be filled in
 *		@unsigned nbits@ = required modulus size in bits
 *		@mp *e@ = public exponent
 *		@grand *r@ = random number source
 *		@unsigned n@ = number of attempts to make
 *		@pgen_proc *event@ = event handler function
 *		@void *ectx@ = argument for the event handler
 *
 * Returns:	Zero if all went well, nonzero otherwise.
 *
 * Use:		Constructs a pair of strong RSA primes and other useful RSA
 *		parameters.  A small encryption exponent is chosen if
 *		possible.
 */

extern int rsa_gen(rsa_priv */*rp*/, unsigned /*nbits*/,
		   grand */*r*/, unsigned /*n*/,
		   pgen_proc */*event*/, void */*ectx*/);

extern int rsa_gen_e(rsa_priv */*rp*/, unsigned /*nbits*/, mp */*e*/,
		     grand */*r*/, unsigned /*nsteps*/,
		     pgen_proc */*event*/, void */*ectx*/);

/* --- @rsa_recover@ --- *
 *
 * Arguments:	@rsa_priv *rp@ = pointer to parameter block
 *
 * Returns:	Zero if all went well, nonzero if the parameters make no
 *		sense.
 *
 * Use:		Derives the full set of RSA parameters given a minimal set.
 *
 *		On failure, the parameter block might be partially filled in,
 *		but the @rsa_privfree@ function will be able to free it
 *		successfully.
 */

extern int rsa_recover(rsa_priv */*rp*/);

/*----- Padding schemes ---------------------------------------------------*/

/* --- PKCS1 padding --- */

typedef struct pkcs1 {
  grand *r;				/* Random number source */
  const void *ep;			/* Encoding parameters block */
  size_t epsz;				/* Size of the parameter block */
} pkcs1;

extern rsa_pad pkcs1_cryptencode;
extern rsa_decunpad pkcs1_cryptdecode;
extern rsa_pad pkcs1_sigencode;
extern rsa_vrfunpad pkcs1_sigdecode;

/* --- OAEP --- */

typedef struct oaep {
  const gccipher *cc;			/* Cipher class for masking */
  const gchash *ch;			/* Hash class for parameter block */
  grand *r;				/* Random number source */
  const void *ep;			/* Encoding parameters block */
  size_t epsz;				/* Size of the parameter block */
} oaep;

extern rsa_pad oaep_encode;
extern rsa_decunpad oaep_decode;

/* --- PSS --- */

typedef struct pss {
  const gccipher *cc;			/* Cipher class for masking */
  const gchash *ch;			/* Hash class for choosing a seed */
  grand *r;				/* Random number source */
  size_t ssz;				/* Requested salt size */
} pss;

extern rsa_pad pss_encode;
extern rsa_vrfunpad pss_decode;

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif
Commit	Line	Data
01898d8e	1	/* --c--
01898d8e	2	*
01898d8e	3	* The RSA public-key cryptosystem
	4	*
	5	* (c) 1999 Straylight/Edgeware
	6	*/
	7
45c0fd36	8	/----- Licensing notice --------------------------------------------------
01898d8e	9	*
	10	* This file is part of Catacomb.
	11	*
	12	* Catacomb is free software; you can redistribute it and/or modify
	13	* it under the terms of the GNU Library General Public License as
	14	* published by the Free Software Foundation; either version 2 of the
	15	* License, or (at your option) any later version.
45c0fd36	16	*
01898d8e	17	* Catacomb is distributed in the hope that it will be useful,
	18	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	* GNU Library General Public License for more details.
45c0fd36	21	*
01898d8e	22	* You should have received a copy of the GNU Library General Public
	23	* License along with Catacomb; if not, write to the Free
	24	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	25	* MA 02111-1307, USA.
	26	*/
	27
01898d8e	28	#ifndef CATACOMB_RSA_H
	29	#define CATACOMB_RSA_H
	30
	31	#ifdef __cplusplus
	32	extern "C" {
	33	#endif
	34
	35	/----- Header files ------------------------------------------------------/
	36
	37	#ifndef CATACOMB_GRAND_H
	38	# include "grand.h"
	39	#endif
	40
b817bfc6	41	#ifndef CATACOMB_GCIPHER_H
	42	# include "gcipher.h"
	43	#endif
	44
	45	#ifndef CATACOMB_GHASH_H
	46	# include "ghash.h"
	47	#endif
	48
81e9d7ec	49	#ifndef CATACOMB_KEY_H
	50	# include "key.h"
	51	#endif
	52
01898d8e	53	#ifndef CATACOMB_MP_H
	54	# include "mp.h"
	55	#endif
	56
	57	#ifndef CATACOMB_PGEN_H
	58	# include "pgen.h"
	59	#endif
	60
	61	/----- Data structures ---------------------------------------------------/
	62
7ec885b3	63	/* --- RSA private and public keys --- */
7ec885b3	64
81e9d7ec	65	typedef struct rsa_pub {
01898d8e	66	mp *n;
81e9d7ec	67	mp *e;
	68	} rsa_pub;
	69
7ec885b3	70	typedef struct rsa_priv {
81e9d7ec	71	mp n, p, q, q_inv;
01898d8e	72	mp e, d, dp, dq;
7ec885b3	73	} rsa_priv;
81e9d7ec	74
7ec885b3	75	/* --- RSA private and public key contexts --- *
	76	*
	77	* These are used to store information about `active' keys which will speed
	78	* up the various operations.
	79	*/
	80
	81	typedef struct rsa_privctx {
	82	rsa_priv *rp;
81e9d7ec	83	grand *r;
81e9d7ec	84	mpmont nm, pm, qm;
7ec885b3	85	} rsa_privctx;
	86
	87	typedef struct rsa_pubctx {
	88	mpmont mm;
	89	rsa_pub *rp;
	90	} rsa_pubctx;
	91
	92	/* --- Encoding and decoding function schemas --- *
	93	*
	94	* See `oaep.h' and `pkcs1.h' for appropriate encoding functions.
	95	*/
	96
b817bfc6	97	typedef mp rsa_pad(mp /d/, const void /m/, size_t /msz*/,
	98	octet /b/, size_t /sz*/,
	99	unsigned long /nbits/, void /p*/);
	100
	101	typedef int rsa_decunpad(mp /m/, octet /b/, size_t /sz/,
	102	unsigned long /nbits/, void /p*/);
	103
	104	typedef int rsa_vrfunpad(mp /s/, const void /m/, size_t /msz/,
	105	octet /b/, size_t /sz*/,
	106	unsigned long /nbits/, void /p*/);
81e9d7ec	107
	108	/----- Key fetching ------------------------------------------------------/
	109
	110	extern const key_fetchdef rsa_pubfetch[];
	111	#define RSA_PUBFETCHSZ 4
	112
	113	extern const key_fetchdef rsa_privfetch[];
	114	#define RSA_PRIVFETCHSZ 12
01898d8e	115
7ec885b3	116	/* --- @rsa_pubfree@, @rsa_privfree@ --- *
01898d8e	117	*
7ec885b3	118	* Arguments: @rsa_pub rp@, @rsa_priv rp@ = pointer to key block
01898d8e	119	*
7ec885b3	120	* Returns: ---
01898d8e	121	*
7ec885b3	122	* Use: Frees an RSA key block.
01898d8e	123	*/
01898d8e	124
7ec885b3	125	extern void rsa_pubfree(rsa_pub /rp*/);
	126	extern void rsa_privfree(rsa_priv /rp*/);
	127
	128	/----- RSA private key operations ----------------------------------------/
01898d8e	129
7ec885b3	130	/* --- @rsa_privcreate@ --- *
81e9d7ec	131	*
7ec885b3	132	* Arguments: @rsa_privctx *rd@ = pointer to an RSA private key context
81e9d7ec	133	* @rsa_priv *rp@ = pointer to RSA private key
	134	* @grand *r@ = pointer to random number source for blinding
	135	*
	136	* Returns: ---
	137	*
7ec885b3	138	* Use: Initializes an RSA private-key context. Keeping a context
81e9d7ec	139	* for several decryption or signing operations provides a minor
	140	* performance benefit.
	141	*
	142	* The random number source may be null if blinding is not
	143	* desired. This improves decryption speed, at the risk of
	144	* permitting timing attacks.
	145	*/
	146
7ec885b3	147	extern void rsa_privcreate(rsa_privctx /rd/, rsa_priv /rp/,
7ec885b3	148	grand /r*/);
81e9d7ec	149
7ec885b3	150	/* --- @rsa_privdestroy@ --- *
81e9d7ec	151	*
7ec885b3	152	* Arguments: @rsa_privctx *rd@ = pointer to an RSA decryption context
81e9d7ec	153	*
	154	* Returns: ---
	155	*
	156	* Use: Destroys an RSA decryption context.
	157	*/
	158
7ec885b3	159	extern void rsa_privdestroy(rsa_privctx /rd*/);
81e9d7ec	160
7ec885b3	161	/* --- @rsa_privop@ --- *
81e9d7ec	162	*
7ec885b3	163	* Arguments: @rsa_privctx *rd@ = pointer to RSA private key context
81e9d7ec	164	* @mp *d@ = destination
7ec885b3	165	* @mp *c@ = input message
81e9d7ec	166	*
7ec885b3	167	* Returns: The transformed output message.
81e9d7ec	168	*
7ec885b3	169	* Use: Performs an RSA private key operation. This function takes
	170	* advantage of knowledge of the key factors in order to speed
	171	* up decryption. It also blinds the ciphertext prior to
81e9d7ec	172	* decryption and unblinds it afterwards to thwart timing
	173	* attacks.
	174	*/
	175
7ec885b3	176	extern mp rsa_privop(rsa_privctx /rd/, mp /d/, mp /c/);
81e9d7ec	177
7ec885b3	178	/* --- @rsa_qprivop@ --- *
01898d8e	179	*
7ec885b3	180	* Arguments: @rsa_priv *rp@ = pointer to RSA parameters
01898d8e	181	* @mp *d@ = destination
7ec885b3	182	* @mp *c@ = input message
01898d8e	183	* @grand *r@ = pointer to random number source for blinding
01898d8e	184	*
7ec885b3	185	* Returns: Correctly transformed output message
	186	*
	187	* Use: Performs an RSA private key operation, very carefully.
	188	*/
	189
	190	extern mp rsa_qprivop(rsa_priv /rp/, mp /d/, mp /c/, grand /r*/);
	191
	192	/* --- @rsa_sign@ --- *
	193	*
	194	* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
b817bfc6	195	* @mp *d@ = where to put the result
7ec885b3	196	* @const void *m@ = pointer to input message
b817bfc6	197	* @size_t msz@ = size of input message
b817bfc6	198	* @rsa_pad *e@ = encoding procedure
7ec885b3	199	* @void *earg@ = argument pointer for encoding procedure
7ec885b3	200	*
b817bfc6	201	* Returns: The signature, as a multiprecision integer, or null on
7ec885b3	202	* failure.
01898d8e	203	*
7ec885b3	204	* Use: Computes an RSA digital signature.
01898d8e	205	*/
01898d8e	206
b817bfc6	207	extern mp rsa_sign(rsa_privctx /rp/, mp /d*/,
	208	const void /m/, size_t /msz*/,
	209	rsa_pad /e/, void /earg/);
7ec885b3	210
	211	/* --- @rsa_decrypt@ --- *
	212	*
	213	* Arguments: @rsa_privctx *rp@ = pointer to an RSA private key context
b817bfc6	214	* @mp *m@ = encrypted message, as a multiprecision integer
7ec885b3	215	* @dstr *d@ = pointer to output string
b817bfc6	216	* @rsa_decunpad *e@ = decoding procedure
7ec885b3	217	* @void *earg@ = argument pointer for decoding procedure
	218	*
	219	* Returns: The length of the output string if successful, negative on
	220	* failure.
	221	*
b817bfc6	222	* Use: Does RSA decryption.
7ec885b3	223	*/
7ec885b3	224
b817bfc6	225	extern int rsa_decrypt(rsa_privctx /rp/, mp /m/,
b817bfc6	226	dstr /d/, rsa_decunpad /e/, void /earg*/);
7ec885b3	227
	228	/----- RSA public key operations -----------------------------------------/
	229
	230	/* --- @rsa_pubcreate@ --- *
	231	*
	232	* Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
	233	* @rsa_pub *rp@ = pointer to RSA public key
	234	*
	235	* Returns: ---
	236	*
	237	* Use: Initializes an RSA public-key context.
	238	*/
	239
	240	extern void rsa_pubcreate(rsa_pubctx /rd/, rsa_pub /rp/);
	241
	242	/* --- @rsa_pubdestroy@ --- *
	243	*
	244	* Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
	245	*
	246	* Returns: ---
	247	*
	248	* Use: Destroys an RSA public-key context.
	249	*/
	250
	251	extern void rsa_pubdestroy(rsa_pubctx /rd*/);
	252
	253	/* --- @rsa_pubop@ --- *
	254	*
	255	* Arguments: @rsa_pubctx *rd@ = pointer to an RSA public key context
	256	* @mp *d@ = destination
	257	* @mp *p@ = input message
	258	*
	259	* Returns: The transformed output message.
	260	*
	261	* Use: Performs an RSA public key operation.
	262	*/
	263
	264	extern mp rsa_pubop(rsa_pubctx /rd/, mp /d/, mp /p/);
	265
	266	/* --- @rsa_qpubop@ --- *
	267	*
	268	* Arguments: @rsa_pub *rp@ = pointer to RSA parameters
	269	* @mp *d@ = destination
	270	* @mp *p@ = input message
	271	*
	272	* Returns: Correctly transformed output message.
	273	*
	274	* Use: Performs an RSA public key operation.
	275	*/
	276
	277	extern mp rsa_qpubop(rsa_pub /rp/, mp /d/, mp /c/);
	278
	279	/* --- @rsa_encrypt@ --- *
	280	*
	281	* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key context
b817bfc6	282	* @mp *d@ = proposed destination integer
7ec885b3	283	* @const void *m@ = pointer to input message
b817bfc6	284	* @size_t msz@ = size of input message
b817bfc6	285	* @rsa_pad *e@ = encoding procedure
7ec885b3	286	* @void *earg@ = argument pointer for encoding procedure
7ec885b3	287	*
b817bfc6	288	* Returns: The encrypted message, as a multiprecision integer, or null
b817bfc6	289	* on failure.
7ec885b3	290	*
	291	* Use: Does RSA encryption.
	292	*/
	293
b817bfc6	294	extern mp rsa_encrypt(rsa_pubctx /rp/, mp /d*/,
	295	const void /m/, size_t /msz*/,
	296	rsa_pad /e/, void /earg/);
7ec885b3	297
	298	/* --- @rsa_verify@ --- *
	299	*
	300	* Arguments: @rsa_pubctx *rp@ = pointer to an RSA public key contxt
b817bfc6	301	* @mp *s@ = the signature, as a multiprecision integer
b817bfc6	302	* @const void *m@ = pointer to message to verify, or null
7ec885b3	303	* @size_t sz@ = size of input message
b817bfc6	304	* @dstr *d@ = pointer to output string, or null
b817bfc6	305	* @rsa_vfrunpad *e@ = decoding procedure
7ec885b3	306	* @void *earg@ = argument pointer for decoding procedure
7ec885b3	307	*
b817bfc6	308	* Returns: The length of the output string if successful (0 if no output
b817bfc6	309	* was wanted); negative on failure.
7ec885b3	310	*
b817bfc6	311	* Use: Does RSA signature verification. To use a signature scheme
	312	* with recovery, pass in @m == 0@ and @d != 0@: the recovered
	313	* message should appear in @d@. To use a signature scheme with
	314	* appendix, provide @m != 0@ and @d == 0@; the result should be
	315	* zero for success.
7ec885b3	316	*/
7ec885b3	317
b817bfc6	318	extern int rsa_verify(rsa_pubctx /rp/, mp /s/,
	319	const void /m/, size_t /sz/, dstr /d/,
	320	rsa_vrfunpad /e/, void /earg/);
7ec885b3	321
	322	/----- Miscellaneous operations ------------------------------------------/
	323
	324	/* --- @rsa_gen@ --- *
	325	*
	326	* Arguments: @rsa_priv *rp@ = pointer to block to be filled in
	327	* @unsigned nbits@ = required modulus size in bits
8de0fc89	328	* @mp *e@ = public exponent
7ec885b3	329	* @grand *r@ = random number source
	330	* @unsigned n@ = number of attempts to make
	331	* @pgen_proc *event@ = event handler function
	332	* @void *ectx@ = argument for the event handler
	333	*
	334	* Returns: Zero if all went well, nonzero otherwise.
	335	*
	336	* Use: Constructs a pair of strong RSA primes and other useful RSA
	337	* parameters. A small encryption exponent is chosen if
	338	* possible.
	339	*/
	340
	341	extern int rsa_gen(rsa_priv /rp/, unsigned /nbits*/,
	342	grand /r/, unsigned /n*/,
	343	pgen_proc /event/, void /ectx/);
01898d8e	344
8de0fc89 MW	345	extern int rsa_gen_e(rsa_priv /rp/, unsigned /nbits/, mp /e/,
	346	grand /r/, unsigned /nsteps*/,
	347	pgen_proc /event/, void /ectx/);
	348
01898d8e	349	/* --- @rsa_recover@ --- *
01898d8e	350	*
7ec885b3	351	* Arguments: @rsa_priv *rp@ = pointer to parameter block
01898d8e	352	*
	353	* Returns: Zero if all went well, nonzero if the parameters make no
	354	* sense.
	355	*
	356	* Use: Derives the full set of RSA parameters given a minimal set.
395da108 MW	357	*
	358	* On failure, the parameter block might be partially filled in,
	359	* but the @rsa_privfree@ function will be able to free it
	360	* successfully.
01898d8e	361	*/
01898d8e	362
7ec885b3	363	extern int rsa_recover(rsa_priv /rp*/);
01898d8e	364
b817bfc6	365	/----- Padding schemes ---------------------------------------------------/
	366
	367	/* --- PKCS1 padding --- */
	368
	369	typedef struct pkcs1 {
	370	grand r; / Random number source */
	371	const void ep; / Encoding parameters block */
	372	size_t epsz; /* Size of the parameter block */
	373	} pkcs1;
	374
	375	extern rsa_pad pkcs1_cryptencode;
	376	extern rsa_decunpad pkcs1_cryptdecode;
	377	extern rsa_pad pkcs1_sigencode;
	378	extern rsa_vrfunpad pkcs1_sigdecode;
	379
	380	/* --- OAEP --- */
	381
	382	typedef struct oaep {
	383	const gccipher cc; / Cipher class for masking */
	384	const gchash ch; / Hash class for parameter block */
	385	grand r; / Random number source */
	386	const void ep; / Encoding parameters block */
	387	size_t epsz; /* Size of the parameter block */
	388	} oaep;
	389
	390	extern rsa_pad oaep_encode;
	391	extern rsa_decunpad oaep_decode;
	392
	393	/* --- PSS --- */
	394
	395	typedef struct pss {
	396	const gccipher cc; / Cipher class for masking */
	397	const gchash ch; / Hash class for choosing a seed */
	398	grand r; / Random number source */
	399	size_t ssz; /* Requested salt size */
	400	} pss;
	401
	402	extern rsa_pad pss_encode;
	403	extern rsa_vrfunpad pss_decode;
	404
01898d8e	405	/----- That's all, folks -------------------------------------------------/
	406
	407	#ifdef __cplusplus
	408	}
	409	#endif
	410
	411	#endif