diff options
author | Adam Langley <agl@google.com> | 2015-09-24 10:57:52 -0700 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-09-24 11:04:03 -0700 |
commit | 1e4884f615b20946411a74e41eb9c6aa65e2d5f3 (patch) | |
tree | dd743d9d64af3145fe96b8d5fc2f3427544794bd /src/include/openssl/rsa.h | |
parent | 08656b61d075740bfb24ddcce65223146259fc02 (diff) | |
download | external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.zip external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.tar.gz external_boringssl-1e4884f615b20946411a74e41eb9c6aa65e2d5f3.tar.bz2 |
external/boringssl: sync with upstream.
This change imports the current version of BoringSSL. The only local
change now is that |BORINGSSL_201509| is defined in base.h. This allows
this change to be made without (hopefully) breaking the build.
This change will need https://android-review.googlesource.com/172744 to
be landed afterwards to update a test.
Change-Id: I6d1f463f7785a2423bd846305af91c973c326104
Diffstat (limited to 'src/include/openssl/rsa.h')
-rw-r--r-- | src/include/openssl/rsa.h | 180 |
1 files changed, 121 insertions, 59 deletions
diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 9b415d7..2be50dc 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -59,6 +59,7 @@ #include <openssl/base.h> +#include <openssl/asn1.h> #include <openssl/engine.h> #include <openssl/ex_data.h> #include <openssl/thread.h> @@ -100,6 +101,12 @@ OPENSSL_EXPORT int RSA_up_ref(RSA *rsa); OPENSSL_EXPORT int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +/* RSA_generate_multi_prime_key acts like |RSA_generate_key_ex| but can + * generate an RSA private key with more than two primes. */ +OPENSSL_EXPORT int RSA_generate_multi_prime_key(RSA *rsa, int bits, + int num_primes, BIGNUM *e, + BN_GENCB *cb); + /* Encryption / Decryption */ @@ -240,7 +247,7 @@ OPENSSL_EXPORT int RSA_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out, OPENSSL_EXPORT int RSA_private_encrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa, int padding); -/* RSA_private_encrypt verifies |flen| bytes of signature from |from| using the +/* RSA_public_decrypt verifies |flen| bytes of signature from |from| using the * public key in |rsa| and writes the plaintext to |to|. The |to| buffer must * have at least |RSA_size| bytes of space. It returns the number of bytes * written, or -1 on error. The |padding| argument must be one of the @@ -266,7 +273,7 @@ OPENSSL_EXPORT int RSA_is_opaque(const RSA *rsa); * of type |md|. Otherwise it returns zero. */ OPENSSL_EXPORT int RSA_supports_digest(const RSA *rsa, const EVP_MD *md); -/* RSAPublicKey_dup allocates a fresh |RSA| and copies the private key from +/* RSAPublicKey_dup allocates a fresh |RSA| and copies the public key from * |rsa| into it. It returns the fresh |RSA| object, or NULL on error. */ OPENSSL_EXPORT RSA *RSAPublicKey_dup(const RSA *rsa); @@ -315,36 +322,63 @@ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM, const EVP_MD *mgf1Hash, int sLen); +/* RSA_add_pkcs1_prefix builds a version of |msg| prefixed with the DigestInfo + * header for the given hash function and sets |out_msg| to point to it. On + * successful return, |*out_msg| may be allocated memory and, if so, + * |*is_alloced| will be 1. */ +OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len, + int *is_alloced, int hash_nid, + const uint8_t *msg, size_t msg_len); -/* ASN.1 functions. */ -/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len| - * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result - * is in |*out|. If |*out| is already non-NULL on entry then the result is - * written directly into |*out|, otherwise a fresh |RSA| is allocated. On - * successful exit, |*inp| is advanced past the DER structure. It returns the - * result or NULL on error. */ -OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len); - -/* i2d_RSAPublicKey marshals |in| to an ASN.1, DER structure. If |outp| is not - * NULL then the result is written to |*outp| and |*outp| is advanced just past - * the output. It returns the number of bytes in the result, whether written or - * not, or a negative value on error. */ -OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp); - -/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len| - * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result - * is in |*out|. If |*out| is already non-NULL on entry then the result is - * written directly into |*out|, otherwise a fresh |RSA| is allocated. On - * successful exit, |*inp| is advanced past the DER structure. It returns the - * result or NULL on error. */ -OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len); +/* ASN.1 functions. */ -/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not - * NULL then the result is written to |*outp| and |*outp| is advanced just past - * the output. It returns the number of bytes in the result, whether written or - * not, or a negative value on error. */ -OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp); +/* RSA_parse_public_key parses a DER-encoded RSAPublicKey structure (RFC 3447) + * from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on + * error. */ +OPENSSL_EXPORT RSA *RSA_parse_public_key(CBS *cbs); + +/* RSA_parse_public_key_buggy behaves like |RSA_parse_public_key|, but it + * tolerates some invalid encodings. Do not use this function. */ +OPENSSL_EXPORT RSA *RSA_parse_public_key_buggy(CBS *cbs); + +/* RSA_public_key_from_bytes parses |in| as a DER-encoded RSAPublicKey structure + * (RFC 3447). It returns a newly-allocated |RSA| or NULL on error. */ +OPENSSL_EXPORT RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len); + +/* RSA_marshal_public_key marshals |rsa| as a DER-encoded RSAPublicKey structure + * (RFC 3447) and appends the result to |cbb|. It returns one on success and + * zero on failure. */ +OPENSSL_EXPORT int RSA_marshal_public_key(CBB *cbb, const RSA *rsa); + +/* RSA_public_key_to_bytes marshals |rsa| as a DER-encoded RSAPublicKey + * structure (RFC 3447) and, on success, sets |*out_bytes| to a newly allocated + * buffer containing the result and returns one. Otherwise, it returns zero. The + * result should be freed with |OPENSSL_free|. */ +OPENSSL_EXPORT int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len, + const RSA *rsa); + +/* RSA_parse_private_key parses a DER-encoded RSAPrivateKey structure (RFC 3447) + * from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on + * error. */ +OPENSSL_EXPORT RSA *RSA_parse_private_key(CBS *cbs); + +/* RSA_private_key_from_bytes parses |in| as a DER-encoded RSAPrivateKey + * structure (RFC 3447). It returns a newly-allocated |RSA| or NULL on error. */ +OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in, + size_t in_len); + +/* RSA_marshal_private_key marshals |rsa| as a DER-encoded RSAPrivateKey + * structure (RFC 3447) and appends the result to |cbb|. It returns one on + * success and zero on failure. */ +OPENSSL_EXPORT int RSA_marshal_private_key(CBB *cbb, const RSA *rsa); + +/* RSA_private_key_to_bytes marshals |rsa| as a DER-encoded RSAPrivateKey + * structure (RFC 3447) and, on success, sets |*out_bytes| to a newly allocated + * buffer containing the result and returns one. Otherwise, it returns zero. The + * result should be freed with |OPENSSL_free|. */ +OPENSSL_EXPORT int RSA_private_key_to_bytes(uint8_t **out_bytes, + size_t *out_len, const RSA *rsa); /* ex_data functions. @@ -358,6 +392,9 @@ OPENSSL_EXPORT int RSA_get_ex_new_index(long argl, void *argp, OPENSSL_EXPORT int RSA_set_ex_data(RSA *r, int idx, void *arg); OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx); + +/* Flags. */ + /* RSA_FLAG_OPAQUE specifies that this RSA_METHOD does not expose its key * material. This may be set if, for instance, it is wrapping some other crypto * API, like a platform key store. */ @@ -395,6 +432,50 @@ OPENSSL_EXPORT void *RSA_get_ex_data(const RSA *r, int idx); /* RSA_blinding_on returns one. */ OPENSSL_EXPORT int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +/* RSA_generate_key behaves like |RSA_generate_key_ex|, which is what you + * should use instead. It returns NULL on error, or a newly-allocated |RSA| on + * success. This function is provided for compatibility only. The |callback| + * and |cb_arg| parameters must be NULL. */ +OPENSSL_EXPORT RSA *RSA_generate_key(int bits, unsigned long e, void *callback, + void *cb_arg); + +/* d2i_RSAPublicKey parses an ASN.1, DER-encoded, RSA public key from |len| + * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result + * is in |*out|. If |*out| is already non-NULL on entry then the result is + * written directly into |*out|, otherwise a fresh |RSA| is allocated. On + * successful exit, |*inp| is advanced past the DER structure. It returns the + * result or NULL on error. */ +OPENSSL_EXPORT RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len); + +/* i2d_RSAPublicKey marshals |in| to an ASN.1, DER structure. If |outp| is not + * NULL then the result is written to |*outp| and |*outp| is advanced just past + * the output. It returns the number of bytes in the result, whether written or + * not, or a negative value on error. */ +OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp); + +/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len| + * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result + * is in |*out|. If |*out| is already non-NULL on entry then the result is + * written directly into |*out|, otherwise a fresh |RSA| is allocated. On + * successful exit, |*inp| is advanced past the DER structure. It returns the + * result or NULL on error. */ +OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len); + +/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not + * NULL then the result is written to |*outp| and |*outp| is advanced just past + * the output. It returns the number of bytes in the result, whether written or + * not, or a negative value on error. */ +OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp); + +typedef struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; +} RSA_PSS_PARAMS; + +DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) + struct rsa_meth_st { struct openssl_method_common_st common; @@ -450,6 +531,9 @@ struct rsa_meth_st { int (*keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + int (*multi_prime_keygen)(RSA *rsa, int bits, int num_primes, BIGNUM *e, + BN_GENCB *cb); + /* supports_digest returns one if |rsa| supports digests of type * |md|. If null, it is assumed that all digests are supported. */ int (*supports_digest)(const RSA *rsa, const EVP_MD *md); @@ -461,8 +545,6 @@ struct rsa_meth_st { typedef struct bn_blinding_st BN_BLINDING; struct rsa_st { - /* version is only used during ASN.1 (de)serialisation. */ - long version; RSA_METHOD *meth; BIGNUM *n; @@ -473,6 +555,9 @@ struct rsa_st { BIGNUM *dmp1; BIGNUM *dmq1; BIGNUM *iqmp; + + STACK_OF(RSA_additional_prime) *additional_primes; + /* be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; CRYPTO_refcount_t references; @@ -502,34 +587,6 @@ struct rsa_st { } /* extern C */ #endif -#define RSA_F_BN_BLINDING_convert_ex 100 -#define RSA_F_BN_BLINDING_create_param 101 -#define RSA_F_BN_BLINDING_invert_ex 102 -#define RSA_F_BN_BLINDING_new 103 -#define RSA_F_BN_BLINDING_update 104 -#define RSA_F_RSA_check_key 105 -#define RSA_F_RSA_new_method 106 -#define RSA_F_RSA_padding_add_PKCS1_OAEP_mgf1 107 -#define RSA_F_RSA_padding_add_PKCS1_PSS_mgf1 108 -#define RSA_F_RSA_padding_add_PKCS1_type_1 109 -#define RSA_F_RSA_padding_add_PKCS1_type_2 110 -#define RSA_F_RSA_padding_add_none 111 -#define RSA_F_RSA_padding_check_PKCS1_OAEP_mgf1 112 -#define RSA_F_RSA_padding_check_PKCS1_type_1 113 -#define RSA_F_RSA_padding_check_PKCS1_type_2 114 -#define RSA_F_RSA_padding_check_none 115 -#define RSA_F_RSA_recover_crt_params 116 -#define RSA_F_RSA_sign 117 -#define RSA_F_RSA_verify 118 -#define RSA_F_RSA_verify_PKCS1_PSS_mgf1 119 -#define RSA_F_decrypt 120 -#define RSA_F_encrypt 121 -#define RSA_F_keygen 122 -#define RSA_F_pkcs1_prefixed_msg 123 -#define RSA_F_private_transform 124 -#define RSA_F_rsa_setup_blinding 125 -#define RSA_F_sign_raw 126 -#define RSA_F_verify_raw 127 #define RSA_R_BAD_E_VALUE 100 #define RSA_R_BAD_FIXED_HEADER_DECRYPT 101 #define RSA_R_BAD_PAD_BYTE_COUNT 102 @@ -571,5 +628,10 @@ struct rsa_st { #define RSA_R_UNKNOWN_PADDING_TYPE 138 #define RSA_R_VALUE_MISSING 139 #define RSA_R_WRONG_SIGNATURE_LENGTH 140 +#define RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES 141 +#define RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY 142 +#define RSA_R_BAD_ENCODING 143 +#define RSA_R_ENCODE_ERROR 144 +#define RSA_R_BAD_VERSION 145 #endif /* OPENSSL_HEADER_RSA_H */ |