|  | /** | 
|  | * \file rsa.h | 
|  | * | 
|  | * \brief The RSA public-key cryptosystem | 
|  | * | 
|  | *  Copyright (C) 2006-2013, Brainspark B.V. | 
|  | * | 
|  | *  This file is part of PolarSSL (http://www.polarssl.org) | 
|  | *  Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> | 
|  | * | 
|  | *  All rights reserved. | 
|  | * | 
|  | *  This program is free software; you can redistribute it and/or modify | 
|  | *  it under the terms of the GNU General Public License as published by | 
|  | *  the Free Software Foundation; either version 2 of the License, or | 
|  | *  (at your option) any later version. | 
|  | * | 
|  | *  This program is distributed in the hope that it will be useful, | 
|  | *  but WITHOUT ANY WARRANTY; without even the implied warranty of | 
|  | *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
|  | *  GNU General Public License for more details. | 
|  | * | 
|  | *  You should have received a copy of the GNU General Public License along | 
|  | *  with this program; if not, write to the Free Software Foundation, Inc., | 
|  | *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 
|  | */ | 
|  | #ifndef POLARSSL_RSA_H | 
|  | #define POLARSSL_RSA_H | 
|  |  | 
|  | #include "config.h" | 
|  |  | 
|  | #include "bignum.h" | 
|  | #include "md.h" | 
|  |  | 
|  | #if defined(POLARSSL_THREADING_C) | 
|  | #include "threading.h" | 
|  | #endif | 
|  |  | 
|  | /* | 
|  | * RSA Error codes | 
|  | */ | 
|  | #define POLARSSL_ERR_RSA_BAD_INPUT_DATA                    -0x4080  /**< Bad input parameters to function. */ | 
|  | #define POLARSSL_ERR_RSA_INVALID_PADDING                   -0x4100  /**< Input data contains invalid padding and is rejected. */ | 
|  | #define POLARSSL_ERR_RSA_KEY_GEN_FAILED                    -0x4180  /**< Something failed during generation of a key. */ | 
|  | #define POLARSSL_ERR_RSA_KEY_CHECK_FAILED                  -0x4200  /**< Key failed to pass the libraries validity check. */ | 
|  | #define POLARSSL_ERR_RSA_PUBLIC_FAILED                     -0x4280  /**< The public key operation failed. */ | 
|  | #define POLARSSL_ERR_RSA_PRIVATE_FAILED                    -0x4300  /**< The private key operation failed. */ | 
|  | #define POLARSSL_ERR_RSA_VERIFY_FAILED                     -0x4380  /**< The PKCS#1 verification failed. */ | 
|  | #define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400  /**< The output buffer for decryption is not large enough. */ | 
|  | #define POLARSSL_ERR_RSA_RNG_FAILED                        -0x4480  /**< The random generator failed to generate non-zeros. */ | 
|  |  | 
|  | /* | 
|  | * RSA constants | 
|  | */ | 
|  | #define RSA_PUBLIC      0 | 
|  | #define RSA_PRIVATE     1 | 
|  |  | 
|  | #define RSA_PKCS_V15    0 | 
|  | #define RSA_PKCS_V21    1 | 
|  |  | 
|  | #define RSA_SIGN        1 | 
|  | #define RSA_CRYPT       2 | 
|  |  | 
|  | /* | 
|  | * The above constants may be used even if the RSA module is compile out, | 
|  | * eg for alternative (PKCS#11) RSA implemenations in the PK layers. | 
|  | */ | 
|  | #if defined(POLARSSL_RSA_C) | 
|  |  | 
|  | #ifdef __cplusplus | 
|  | extern "C" { | 
|  | #endif | 
|  |  | 
|  | /** | 
|  | * \brief          RSA context structure | 
|  | */ | 
|  | typedef struct | 
|  | { | 
|  | int ver;                    /*!<  always 0          */ | 
|  | size_t len;                 /*!<  size(N) in chars  */ | 
|  |  | 
|  | mpi N;                      /*!<  public modulus    */ | 
|  | mpi E;                      /*!<  public exponent   */ | 
|  |  | 
|  | mpi D;                      /*!<  private exponent  */ | 
|  | mpi P;                      /*!<  1st prime factor  */ | 
|  | mpi Q;                      /*!<  2nd prime factor  */ | 
|  | mpi DP;                     /*!<  D % (P - 1)       */ | 
|  | mpi DQ;                     /*!<  D % (Q - 1)       */ | 
|  | mpi QP;                     /*!<  1 / (Q % P)       */ | 
|  |  | 
|  | mpi RN;                     /*!<  cached R^2 mod N  */ | 
|  | mpi RP;                     /*!<  cached R^2 mod P  */ | 
|  | mpi RQ;                     /*!<  cached R^2 mod Q  */ | 
|  |  | 
|  | #if !defined(POLARSSL_RSA_NO_CRT) | 
|  | mpi Vi;                     /*!<  cached blinding value     */ | 
|  | mpi Vf;                     /*!<  cached un-blinding value  */ | 
|  | #endif | 
|  |  | 
|  | int padding;                /*!<  RSA_PKCS_V15 for 1.5 padding and | 
|  | RSA_PKCS_v21 for OAEP/PSS         */ | 
|  | int hash_id;                /*!<  Hash identifier of md_type_t as | 
|  | specified in the md.h header file | 
|  | for the EME-OAEP and EMSA-PSS | 
|  | encoding                          */ | 
|  | #if defined(POLARSSL_THREADING_C) | 
|  | threading_mutex_t mutex;    /*!<  Thread-safety mutex       */ | 
|  | #endif | 
|  | } | 
|  | rsa_context; | 
|  |  | 
|  | /** | 
|  | * \brief          Initialize an RSA context | 
|  | * | 
|  | *                 Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP | 
|  | *                 encryption scheme and the RSASSA-PSS signature scheme. | 
|  | * | 
|  | * \param ctx      RSA context to be initialized | 
|  | * \param padding  RSA_PKCS_V15 or RSA_PKCS_V21 | 
|  | * \param hash_id  RSA_PKCS_V21 hash identifier | 
|  | * | 
|  | * \note           The hash_id parameter is actually ignored | 
|  | *                 when using RSA_PKCS_V15 padding. | 
|  | */ | 
|  | void rsa_init( rsa_context *ctx, | 
|  | int padding, | 
|  | int hash_id); | 
|  |  | 
|  | /** | 
|  | * \brief          Set padding for an already initialized RSA context | 
|  | * | 
|  | *                 Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP | 
|  | *                 encryption scheme and the RSASSA-PSS signature scheme. | 
|  | * | 
|  | * \param ctx      RSA context to be set | 
|  | * \param padding  RSA_PKCS_V15 or RSA_PKCS_V21 | 
|  | * \param hash_id  RSA_PKCS_V21 hash identifier | 
|  | * | 
|  | * \note           The hash_id parameter is actually ignored | 
|  | *                 when using RSA_PKCS_V15 padding. | 
|  | */ | 
|  | void rsa_set_padding( rsa_context *ctx, int padding, int hash_id); | 
|  |  | 
|  | /** | 
|  | * \brief          Generate an RSA keypair | 
|  | * | 
|  | * \param ctx      RSA context that will hold the key | 
|  | * \param f_rng    RNG function | 
|  | * \param p_rng    RNG parameter | 
|  | * \param nbits    size of the public key in bits | 
|  | * \param exponent public exponent (e.g., 65537) | 
|  | * | 
|  | * \note           rsa_init() must be called beforehand to setup | 
|  | *                 the RSA context. | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | */ | 
|  | int rsa_gen_key( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | unsigned int nbits, int exponent ); | 
|  |  | 
|  | /** | 
|  | * \brief          Check a public RSA key | 
|  | * | 
|  | * \param ctx      RSA context to be checked | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | */ | 
|  | int rsa_check_pubkey( const rsa_context *ctx ); | 
|  |  | 
|  | /** | 
|  | * \brief          Check a private RSA key | 
|  | * | 
|  | * \param ctx      RSA context to be checked | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | */ | 
|  | int rsa_check_privkey( const rsa_context *ctx ); | 
|  |  | 
|  | /** | 
|  | * \brief          Do an RSA public key operation | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param input    input buffer | 
|  | * \param output   output buffer | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           This function does NOT take care of message | 
|  | *                 padding. Also, be sure to set input[0] = 0 or assure that | 
|  | *                 input is smaller than N. | 
|  | * | 
|  | * \note           The input and output buffers must be large | 
|  | *                 enough (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_public( rsa_context *ctx, | 
|  | const unsigned char *input, | 
|  | unsigned char *output ); | 
|  |  | 
|  | /** | 
|  | * \brief          Do an RSA private key operation | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Needed for blinding) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param input    input buffer | 
|  | * \param output   output buffer | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The input and output buffers must be large | 
|  | *                 enough (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_private( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | const unsigned char *input, | 
|  | unsigned char *output ); | 
|  |  | 
|  | /** | 
|  | * \brief          Generic wrapper to perform a PKCS#1 encryption using the | 
|  | *                 mode from the context. Add the message padding, then do an | 
|  | *                 RSA operation. | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding | 
|  | *                               and RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param ilen     contains the plaintext length | 
|  | * \param input    buffer holding the data to be encrypted | 
|  | * \param output   buffer that will hold the ciphertext | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The output buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_pkcs1_encrypt( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, size_t ilen, | 
|  | const unsigned char *input, | 
|  | unsigned char *output ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Needed for padding and RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param ilen     contains the plaintext length | 
|  | * \param input    buffer holding the data to be encrypted | 
|  | * \param output   buffer that will hold the ciphertext | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The output buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, size_t ilen, | 
|  | const unsigned char *input, | 
|  | unsigned char *output ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding | 
|  | *                               and RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param label    buffer holding the custom label to use | 
|  | * \param label_len contains the label length | 
|  | * \param ilen     contains the plaintext length | 
|  | * \param input    buffer holding the data to be encrypted | 
|  | * \param output   buffer that will hold the ciphertext | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The output buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_rsaes_oaep_encrypt( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | const unsigned char *label, size_t label_len, | 
|  | size_t ilen, | 
|  | const unsigned char *input, | 
|  | unsigned char *output ); | 
|  |  | 
|  | /** | 
|  | * \brief          Generic wrapper to perform a PKCS#1 decryption using the | 
|  | *                 mode from the context. Do an RSA operation, then remove | 
|  | *                 the message padding | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param olen     will contain the plaintext length | 
|  | * \param input    buffer holding the encrypted data | 
|  | * \param output   buffer that will hold the plaintext | 
|  | * \param output_max_len    maximum length of the output buffer | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The output buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise | 
|  | *                 an error is thrown. | 
|  | */ | 
|  | int rsa_pkcs1_decrypt( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, size_t *olen, | 
|  | const unsigned char *input, | 
|  | unsigned char *output, | 
|  | size_t output_max_len ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param olen     will contain the plaintext length | 
|  | * \param input    buffer holding the encrypted data | 
|  | * \param output   buffer that will hold the plaintext | 
|  | * \param output_max_len    maximum length of the output buffer | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The output buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise | 
|  | *                 an error is thrown. | 
|  | */ | 
|  | int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, size_t *olen, | 
|  | const unsigned char *input, | 
|  | unsigned char *output, | 
|  | size_t output_max_len ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param label    buffer holding the custom label to use | 
|  | * \param label_len contains the label length | 
|  | * \param olen     will contain the plaintext length | 
|  | * \param input    buffer holding the encrypted data | 
|  | * \param output   buffer that will hold the plaintext | 
|  | * \param output_max_len    maximum length of the output buffer | 
|  | * | 
|  | * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The output buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise | 
|  | *                 an error is thrown. | 
|  | */ | 
|  | int rsa_rsaes_oaep_decrypt( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | const unsigned char *label, size_t label_len, | 
|  | size_t *olen, | 
|  | const unsigned char *input, | 
|  | unsigned char *output, | 
|  | size_t output_max_len ); | 
|  |  | 
|  | /** | 
|  | * \brief          Generic wrapper to perform a PKCS#1 signature using the | 
|  | *                 mode from the context. Do a private RSA operation to sign | 
|  | *                 a message digest | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for | 
|  | *                               RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) | 
|  | * \param hashlen  message digest length (for POLARSSL_MD_NONE only) | 
|  | * \param hash     buffer holding the message digest | 
|  | * \param sig      buffer that will hold the ciphertext | 
|  | * | 
|  | * \return         0 if the signing operation was successful, | 
|  | *                 or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The "sig" buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | * | 
|  | * \note           In case of PKCS#1 v2.1 encoding keep in mind that | 
|  | *                 the hash_id in the RSA context is the one used for the | 
|  | *                 encoding. hash_id in the function call is the type of hash | 
|  | *                 that is encoded. According to RFC 3447 it is advised to | 
|  | *                 keep both hashes the same. | 
|  | */ | 
|  | int rsa_pkcs1_sign( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | md_type_t md_alg, | 
|  | unsigned int hashlen, | 
|  | const unsigned char *hash, | 
|  | unsigned char *sig ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) | 
|  | * \param hashlen  message digest length (for POLARSSL_MD_NONE only) | 
|  | * \param hash     buffer holding the message digest | 
|  | * \param sig      buffer that will hold the ciphertext | 
|  | * | 
|  | * \return         0 if the signing operation was successful, | 
|  | *                 or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The "sig" buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | md_type_t md_alg, | 
|  | unsigned int hashlen, | 
|  | const unsigned char *hash, | 
|  | unsigned char *sig ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) | 
|  | * | 
|  | * \param ctx      RSA context | 
|  | * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for | 
|  | *                               RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) | 
|  | * \param hashlen  message digest length (for POLARSSL_MD_NONE only) | 
|  | * \param hash     buffer holding the message digest | 
|  | * \param sig      buffer that will hold the ciphertext | 
|  | * | 
|  | * \return         0 if the signing operation was successful, | 
|  | *                 or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The "sig" buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | * | 
|  | * \note           In case of PKCS#1 v2.1 encoding keep in mind that | 
|  | *                 the hash_id in the RSA context is the one used for the | 
|  | *                 encoding. hash_id in the function call is the type of hash | 
|  | *                 that is encoded. According to RFC 3447 it is advised to | 
|  | *                 keep both hashes the same. | 
|  | */ | 
|  | int rsa_rsassa_pss_sign( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | md_type_t md_alg, | 
|  | unsigned int hashlen, | 
|  | const unsigned char *hash, | 
|  | unsigned char *sig ); | 
|  |  | 
|  | /** | 
|  | * \brief          Generic wrapper to perform a PKCS#1 verification using the | 
|  | *                 mode from the context. Do a public RSA operation and check | 
|  | *                 the message digest | 
|  | * | 
|  | * \param ctx      points to an RSA public key | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) | 
|  | * \param hashlen  message digest length (for POLARSSL_MD_NONE only) | 
|  | * \param hash     buffer holding the message digest | 
|  | * \param sig      buffer holding the ciphertext | 
|  | * | 
|  | * \return         0 if the verify operation was successful, | 
|  | *                 or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The "sig" buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | * | 
|  | * \note           In case of PKCS#1 v2.1 encoding keep in mind that | 
|  | *                 the hash_id in the RSA context is the one used for the | 
|  | *                 verification. hash_id in the function call is the type of hash | 
|  | *                 that is verified. According to RFC 3447 it is advised to | 
|  | *                 keep both hashes the same. | 
|  | */ | 
|  | int rsa_pkcs1_verify( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | md_type_t md_alg, | 
|  | unsigned int hashlen, | 
|  | const unsigned char *hash, | 
|  | const unsigned char *sig ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) | 
|  | * | 
|  | * \param ctx      points to an RSA public key | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) | 
|  | * \param hashlen  message digest length (for POLARSSL_MD_NONE only) | 
|  | * \param hash     buffer holding the message digest | 
|  | * \param sig      buffer holding the ciphertext | 
|  | * | 
|  | * \return         0 if the verify operation was successful, | 
|  | *                 or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The "sig" buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | */ | 
|  | int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | md_type_t md_alg, | 
|  | unsigned int hashlen, | 
|  | const unsigned char *hash, | 
|  | const unsigned char *sig ); | 
|  |  | 
|  | /** | 
|  | * \brief          Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) | 
|  | * | 
|  | * \param ctx      points to an RSA public key | 
|  | * \param f_rng    RNG function (Only needed for RSA_PRIVATE) | 
|  | * \param p_rng    RNG parameter | 
|  | * \param mode     RSA_PUBLIC or RSA_PRIVATE | 
|  | * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) | 
|  | * \param hashlen  message digest length (for POLARSSL_MD_NONE only) | 
|  | * \param hash     buffer holding the message digest | 
|  | * \param sig      buffer holding the ciphertext | 
|  | * | 
|  | * \return         0 if the verify operation was successful, | 
|  | *                 or an POLARSSL_ERR_RSA_XXX error code | 
|  | * | 
|  | * \note           The "sig" buffer must be as large as the size | 
|  | *                 of ctx->N (eg. 128 bytes if RSA-1024 is used). | 
|  | * | 
|  | * \note           In case of PKCS#1 v2.1 encoding keep in mind that | 
|  | *                 the hash_id in the RSA context is the one used for the | 
|  | *                 verification. hash_id in the function call is the type of hash | 
|  | *                 that is verified. According to RFC 3447 it is advised to | 
|  | *                 keep both hashes the same. | 
|  | */ | 
|  | int rsa_rsassa_pss_verify( rsa_context *ctx, | 
|  | int (*f_rng)(void *, unsigned char *, size_t), | 
|  | void *p_rng, | 
|  | int mode, | 
|  | md_type_t md_alg, | 
|  | unsigned int hashlen, | 
|  | const unsigned char *hash, | 
|  | const unsigned char *sig ); | 
|  |  | 
|  | /** | 
|  | * \brief          Copy the components of an RSA context | 
|  | * | 
|  | * \param dst      Destination context | 
|  | * \param src      Source context | 
|  | * | 
|  | * \return         O on success, | 
|  | *                 POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure | 
|  | */ | 
|  | int rsa_copy( rsa_context *dst, const rsa_context *src ); | 
|  |  | 
|  | /** | 
|  | * \brief          Free the components of an RSA key | 
|  | * | 
|  | * \param ctx      RSA Context to free | 
|  | */ | 
|  | void rsa_free( rsa_context *ctx ); | 
|  |  | 
|  | /** | 
|  | * \brief          Checkup routine | 
|  | * | 
|  | * \return         0 if successful, or 1 if the test failed | 
|  | */ | 
|  | int rsa_self_test( int verbose ); | 
|  |  | 
|  | #ifdef __cplusplus | 
|  | } | 
|  | #endif | 
|  |  | 
|  | #endif /* POLARSSL_RSA_C */ | 
|  |  | 
|  | #endif /* rsa.h */ |