rsa.h 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545
  1. /* crypto/rsa/rsa.h */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #ifndef HEADER_RSA_H
  59. #define HEADER_RSA_H
  60. #include <openssl/asn1.h>
  61. #ifndef OPENSSL_NO_BIO
  62. #include <openssl/bio.h>
  63. #endif
  64. #include <openssl/crypto.h>
  65. #include <openssl/ossl_typ.h>
  66. #ifndef OPENSSL_NO_DEPRECATED
  67. #include <openssl/bn.h>
  68. #endif
  69. #ifdef OPENSSL_NO_RSA
  70. #error RSA is disabled.
  71. #endif
  72. #ifdef __cplusplus
  73. extern "C" {
  74. #endif
  75. /* Declared already in ossl_typ.h */
  76. /* typedef struct rsa_st RSA; */
  77. /* typedef struct rsa_meth_st RSA_METHOD; */
  78. struct rsa_meth_st
  79. {
  80. const char *name;
  81. int (*rsa_pub_enc)(int flen,const unsigned char *from,
  82. unsigned char *to,
  83. RSA *rsa,int padding);
  84. int (*rsa_pub_dec)(int flen,const unsigned char *from,
  85. unsigned char *to,
  86. RSA *rsa,int padding);
  87. int (*rsa_priv_enc)(int flen,const unsigned char *from,
  88. unsigned char *to,
  89. RSA *rsa,int padding);
  90. int (*rsa_priv_dec)(int flen,const unsigned char *from,
  91. unsigned char *to,
  92. RSA *rsa,int padding);
  93. int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */
  94. int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
  95. const BIGNUM *m, BN_CTX *ctx,
  96. BN_MONT_CTX *m_ctx); /* Can be null */
  97. int (*init)(RSA *rsa); /* called at new */
  98. int (*finish)(RSA *rsa); /* called at free */
  99. int flags; /* RSA_METHOD_FLAG_* things */
  100. char *app_data; /* may be needed! */
  101. /* New sign and verify functions: some libraries don't allow arbitrary data
  102. * to be signed/verified: this allows them to be used. Note: for this to work
  103. * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
  104. * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
  105. * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
  106. * option is set in 'flags'.
  107. */
  108. int (*rsa_sign)(int type,
  109. const unsigned char *m, unsigned int m_length,
  110. unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
  111. int (*rsa_verify)(int dtype,
  112. const unsigned char *m, unsigned int m_length,
  113. const unsigned char *sigbuf, unsigned int siglen,
  114. const RSA *rsa);
  115. /* If this callback is NULL, the builtin software RSA key-gen will be used. This
  116. * is for behavioural compatibility whilst the code gets rewired, but one day
  117. * it would be nice to assume there are no such things as "builtin software"
  118. * implementations. */
  119. int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
  120. };
  121. struct rsa_st
  122. {
  123. /* The first parameter is used to pickup errors where
  124. * this is passed instead of aEVP_PKEY, it is set to 0 */
  125. int pad;
  126. long version;
  127. const RSA_METHOD *meth;
  128. /* functional reference if 'meth' is ENGINE-provided */
  129. ENGINE *engine;
  130. BIGNUM *n;
  131. BIGNUM *e;
  132. BIGNUM *d;
  133. BIGNUM *p;
  134. BIGNUM *q;
  135. BIGNUM *dmp1;
  136. BIGNUM *dmq1;
  137. BIGNUM *iqmp;
  138. /* be careful using this if the RSA structure is shared */
  139. CRYPTO_EX_DATA ex_data;
  140. int references;
  141. int flags;
  142. /* Used to cache montgomery values */
  143. BN_MONT_CTX *_method_mod_n;
  144. BN_MONT_CTX *_method_mod_p;
  145. BN_MONT_CTX *_method_mod_q;
  146. /* all BIGNUM values are actually in the following data, if it is not
  147. * NULL */
  148. char *bignum_data;
  149. BN_BLINDING *blinding;
  150. BN_BLINDING *mt_blinding;
  151. };
  152. #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
  153. # define OPENSSL_RSA_MAX_MODULUS_BITS 16384
  154. #endif
  155. #ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
  156. # define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
  157. #endif
  158. #ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
  159. # define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
  160. #endif
  161. #define RSA_3 0x3L
  162. #define RSA_F4 0x10001L
  163. #define RSA_METHOD_FLAG_NO_CHECK 0x0001 /* don't check pub/private match */
  164. #define RSA_FLAG_CACHE_PUBLIC 0x0002
  165. #define RSA_FLAG_CACHE_PRIVATE 0x0004
  166. #define RSA_FLAG_BLINDING 0x0008
  167. #define RSA_FLAG_THREAD_SAFE 0x0010
  168. /* This flag means the private key operations will be handled by rsa_mod_exp
  169. * and that they do not depend on the private key components being present:
  170. * for example a key stored in external hardware. Without this flag bn_mod_exp
  171. * gets called when private key components are absent.
  172. */
  173. #define RSA_FLAG_EXT_PKEY 0x0020
  174. /* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
  175. */
  176. #define RSA_FLAG_SIGN_VER 0x0040
  177. #define RSA_FLAG_NO_BLINDING 0x0080 /* new with 0.9.6j and 0.9.7b; the built-in
  178. * RSA implementation now uses blinding by
  179. * default (ignoring RSA_FLAG_BLINDING),
  180. * but other engines might not need it
  181. */
  182. #define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA
  183. * implementation now uses constant time
  184. * operations by default in private key operations,
  185. * e.g., constant time modular exponentiation,
  186. * modular inverse without leaking branches,
  187. * division without leaking branches. This
  188. * flag disables these constant time
  189. * operations and results in faster RSA
  190. * private key operations.
  191. */
  192. #ifndef OPENSSL_NO_DEPRECATED
  193. #define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
  194. /* new with 0.9.7h; the built-in RSA
  195. * implementation now uses constant time
  196. * modular exponentiation for secret exponents
  197. * by default. This flag causes the
  198. * faster variable sliding window method to
  199. * be used for all exponents.
  200. */
  201. #endif
  202. #define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
  203. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
  204. pad, NULL)
  205. #define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
  206. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
  207. EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
  208. #define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
  209. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
  210. (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
  211. EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
  212. len, NULL)
  213. #define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
  214. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
  215. (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
  216. EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
  217. 0, plen)
  218. #define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
  219. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
  220. EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
  221. #define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
  222. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
  223. EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
  224. #define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
  225. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \
  226. EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
  227. #define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
  228. EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \
  229. EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
  230. #define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
  231. #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
  232. #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
  233. #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
  234. #define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
  235. #define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
  236. #define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
  237. #define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
  238. #define RSA_PKCS1_PADDING 1
  239. #define RSA_SSLV23_PADDING 2
  240. #define RSA_NO_PADDING 3
  241. #define RSA_PKCS1_OAEP_PADDING 4
  242. #define RSA_X931_PADDING 5
  243. /* EVP_PKEY_ only */
  244. #define RSA_PKCS1_PSS_PADDING 6
  245. #define RSA_PKCS1_PADDING_SIZE 11
  246. #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
  247. #define RSA_get_app_data(s) RSA_get_ex_data(s,0)
  248. RSA * RSA_new(void);
  249. RSA * RSA_new_method(ENGINE *engine);
  250. int RSA_size(const RSA *);
  251. /* Deprecated version */
  252. #ifndef OPENSSL_NO_DEPRECATED
  253. RSA * RSA_generate_key(int bits, unsigned long e,void
  254. (*callback)(int,int,void *),void *cb_arg);
  255. #endif /* !defined(OPENSSL_NO_DEPRECATED) */
  256. /* New version */
  257. int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
  258. int RSA_check_key(const RSA *);
  259. /* next 4 return -1 on error */
  260. int RSA_public_encrypt(int flen, const unsigned char *from,
  261. unsigned char *to, RSA *rsa,int padding);
  262. int RSA_private_encrypt(int flen, const unsigned char *from,
  263. unsigned char *to, RSA *rsa,int padding);
  264. int RSA_public_decrypt(int flen, const unsigned char *from,
  265. unsigned char *to, RSA *rsa,int padding);
  266. int RSA_private_decrypt(int flen, const unsigned char *from,
  267. unsigned char *to, RSA *rsa,int padding);
  268. void RSA_free (RSA *r);
  269. /* "up" the RSA object's reference count */
  270. int RSA_up_ref(RSA *r);
  271. int RSA_flags(const RSA *r);
  272. void RSA_set_default_method(const RSA_METHOD *meth);
  273. const RSA_METHOD *RSA_get_default_method(void);
  274. const RSA_METHOD *RSA_get_method(const RSA *rsa);
  275. int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
  276. /* This function needs the memory locking malloc callbacks to be installed */
  277. int RSA_memory_lock(RSA *r);
  278. /* these are the actual SSLeay RSA functions */
  279. const RSA_METHOD *RSA_PKCS1_SSLeay(void);
  280. const RSA_METHOD *RSA_null_method(void);
  281. DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
  282. DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
  283. typedef struct rsa_pss_params_st
  284. {
  285. X509_ALGOR *hashAlgorithm;
  286. X509_ALGOR *maskGenAlgorithm;
  287. ASN1_INTEGER *saltLength;
  288. ASN1_INTEGER *trailerField;
  289. } RSA_PSS_PARAMS;
  290. DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
  291. #ifndef OPENSSL_NO_FP_API
  292. int RSA_print_fp(FILE *fp, const RSA *r,int offset);
  293. #endif
  294. #ifndef OPENSSL_NO_BIO
  295. int RSA_print(BIO *bp, const RSA *r,int offset);
  296. #endif
  297. #ifndef OPENSSL_NO_RC4
  298. int i2d_RSA_NET(const RSA *a, unsigned char **pp,
  299. int (*cb)(char *buf, int len, const char *prompt, int verify),
  300. int sgckey);
  301. RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
  302. int (*cb)(char *buf, int len, const char *prompt, int verify),
  303. int sgckey);
  304. int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
  305. int (*cb)(char *buf, int len, const char *prompt,
  306. int verify));
  307. RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
  308. int (*cb)(char *buf, int len, const char *prompt,
  309. int verify));
  310. #endif
  311. /* The following 2 functions sign and verify a X509_SIG ASN1 object
  312. * inside PKCS#1 padded RSA encryption */
  313. int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
  314. unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  315. int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
  316. const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
  317. /* The following 2 function sign and verify a ASN1_OCTET_STRING
  318. * object inside PKCS#1 padded RSA encryption */
  319. int RSA_sign_ASN1_OCTET_STRING(int type,
  320. const unsigned char *m, unsigned int m_length,
  321. unsigned char *sigret, unsigned int *siglen, RSA *rsa);
  322. int RSA_verify_ASN1_OCTET_STRING(int type,
  323. const unsigned char *m, unsigned int m_length,
  324. unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
  325. int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
  326. void RSA_blinding_off(RSA *rsa);
  327. BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
  328. int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
  329. const unsigned char *f,int fl);
  330. int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
  331. const unsigned char *f,int fl,int rsa_len);
  332. int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
  333. const unsigned char *f,int fl);
  334. int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
  335. const unsigned char *f,int fl,int rsa_len);
  336. int PKCS1_MGF1(unsigned char *mask, long len,
  337. const unsigned char *seed, long seedlen, const EVP_MD *dgst);
  338. int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
  339. const unsigned char *f,int fl,
  340. const unsigned char *p,int pl);
  341. int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
  342. const unsigned char *f,int fl,int rsa_len,
  343. const unsigned char *p,int pl);
  344. int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
  345. const unsigned char *f,int fl);
  346. int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
  347. const unsigned char *f,int fl,int rsa_len);
  348. int RSA_padding_add_none(unsigned char *to,int tlen,
  349. const unsigned char *f,int fl);
  350. int RSA_padding_check_none(unsigned char *to,int tlen,
  351. const unsigned char *f,int fl,int rsa_len);
  352. int RSA_padding_add_X931(unsigned char *to,int tlen,
  353. const unsigned char *f,int fl);
  354. int RSA_padding_check_X931(unsigned char *to,int tlen,
  355. const unsigned char *f,int fl,int rsa_len);
  356. int RSA_X931_hash_id(int nid);
  357. int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
  358. const EVP_MD *Hash, const unsigned char *EM, int sLen);
  359. int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
  360. const unsigned char *mHash,
  361. const EVP_MD *Hash, int sLen);
  362. int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
  363. CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
  364. int RSA_set_ex_data(RSA *r,int idx,void *arg);
  365. void *RSA_get_ex_data(const RSA *r, int idx);
  366. RSA *RSAPublicKey_dup(RSA *rsa);
  367. RSA *RSAPrivateKey_dup(RSA *rsa);
  368. /* BEGIN ERROR CODES */
  369. /* The following lines are auto generated by the script mkerr.pl. Any changes
  370. * made after this point may be overwritten when the script is next run.
  371. */
  372. void ERR_load_RSA_strings(void);
  373. /* Error codes for the RSA functions. */
  374. /* Function codes. */
  375. #define RSA_F_CHECK_PADDING_MD 140
  376. #define RSA_F_DO_RSA_PRINT 146
  377. #define RSA_F_INT_RSA_VERIFY 145
  378. #define RSA_F_MEMORY_LOCK 100
  379. #define RSA_F_OLD_RSA_PRIV_DECODE 147
  380. #define RSA_F_PKEY_RSA_CTRL 143
  381. #define RSA_F_PKEY_RSA_CTRL_STR 144
  382. #define RSA_F_PKEY_RSA_SIGN 142
  383. #define RSA_F_PKEY_RSA_VERIFYRECOVER 141
  384. #define RSA_F_RSA_BUILTIN_KEYGEN 129
  385. #define RSA_F_RSA_CHECK_KEY 123
  386. #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
  387. #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
  388. #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
  389. #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
  390. #define RSA_F_RSA_GENERATE_KEY 105
  391. #define RSA_F_RSA_ITEM_VERIFY 148
  392. #define RSA_F_RSA_MEMORY_LOCK 130
  393. #define RSA_F_RSA_NEW_METHOD 106
  394. #define RSA_F_RSA_NULL 124
  395. #define RSA_F_RSA_NULL_MOD_EXP 131
  396. #define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132
  397. #define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
  398. #define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
  399. #define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
  400. #define RSA_F_RSA_PADDING_ADD_NONE 107
  401. #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
  402. #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
  403. #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
  404. #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
  405. #define RSA_F_RSA_PADDING_ADD_SSLV23 110
  406. #define RSA_F_RSA_PADDING_ADD_X931 127
  407. #define RSA_F_RSA_PADDING_CHECK_NONE 111
  408. #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
  409. #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
  410. #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
  411. #define RSA_F_RSA_PADDING_CHECK_SSLV23 114
  412. #define RSA_F_RSA_PADDING_CHECK_X931 128
  413. #define RSA_F_RSA_PRINT 115
  414. #define RSA_F_RSA_PRINT_FP 116
  415. #define RSA_F_RSA_PRIV_DECODE 137
  416. #define RSA_F_RSA_PRIV_ENCODE 138
  417. #define RSA_F_RSA_PUB_DECODE 139
  418. #define RSA_F_RSA_SETUP_BLINDING 136
  419. #define RSA_F_RSA_SIGN 117
  420. #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
  421. #define RSA_F_RSA_VERIFY 119
  422. #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
  423. #define RSA_F_RSA_VERIFY_PKCS1_PSS 126
  424. /* Reason codes. */
  425. #define RSA_R_ALGORITHM_MISMATCH 100
  426. #define RSA_R_BAD_E_VALUE 101
  427. #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
  428. #define RSA_R_BAD_PAD_BYTE_COUNT 103
  429. #define RSA_R_BAD_SIGNATURE 104
  430. #define RSA_R_BLOCK_TYPE_IS_NOT_01 106
  431. #define RSA_R_BLOCK_TYPE_IS_NOT_02 107
  432. #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
  433. #define RSA_R_DATA_TOO_LARGE 109
  434. #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
  435. #define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132
  436. #define RSA_R_DATA_TOO_SMALL 111
  437. #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
  438. #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
  439. #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
  440. #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
  441. #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
  442. #define RSA_R_FIRST_OCTET_INVALID 133
  443. #define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144
  444. #define RSA_R_INVALID_DIGEST_LENGTH 143
  445. #define RSA_R_INVALID_HEADER 137
  446. #define RSA_R_INVALID_KEYBITS 145
  447. #define RSA_R_INVALID_MESSAGE_LENGTH 131
  448. #define RSA_R_INVALID_MGF1_MD 156
  449. #define RSA_R_INVALID_PADDING 138
  450. #define RSA_R_INVALID_PADDING_MODE 141
  451. #define RSA_R_INVALID_PSS_PARAMETERS 149
  452. #define RSA_R_INVALID_PSS_SALTLEN 146
  453. #define RSA_R_INVALID_SALT_LENGTH 150
  454. #define RSA_R_INVALID_TRAILER 139
  455. #define RSA_R_INVALID_X931_DIGEST 142
  456. #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
  457. #define RSA_R_KEY_SIZE_TOO_SMALL 120
  458. #define RSA_R_LAST_OCTET_INVALID 134
  459. #define RSA_R_MODULUS_TOO_LARGE 105
  460. #define RSA_R_NO_PUBLIC_EXPONENT 140
  461. #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
  462. #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
  463. #define RSA_R_OAEP_DECODING_ERROR 121
  464. #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
  465. #define RSA_R_PADDING_CHECK_FAILED 114
  466. #define RSA_R_P_NOT_PRIME 128
  467. #define RSA_R_Q_NOT_PRIME 129
  468. #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
  469. #define RSA_R_SLEN_CHECK_FAILED 136
  470. #define RSA_R_SLEN_RECOVERY_FAILED 135
  471. #define RSA_R_SSLV3_ROLLBACK_ATTACK 115
  472. #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
  473. #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
  474. #define RSA_R_UNKNOWN_MASK_DIGEST 151
  475. #define RSA_R_UNKNOWN_PADDING_TYPE 118
  476. #define RSA_R_UNKNOWN_PSS_DIGEST 152
  477. #define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
  478. #define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
  479. #define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
  480. #define RSA_R_VALUE_MISSING 147
  481. #define RSA_R_WRONG_SIGNATURE_LENGTH 119
  482. #ifdef __cplusplus
  483. }
  484. #endif
  485. #endif