Typo.
[oweals/openssl.git] / crypto / rsa / rsa_pmeth.c
1 /* crypto/rsa/rsa_pmeth.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 2006.
4  */
5 /* ====================================================================
6  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer. 
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58
59 #include <stdio.h>
60 #include "cryptlib.h"
61 #include <openssl/asn1t.h>
62 #include <openssl/x509.h>
63 #include <openssl/rsa.h>
64 #include <openssl/bn.h>
65 #include <openssl/evp.h>
66 #ifndef OPENSSL_NO_CMS
67 #include <openssl/cms.h>
68 #endif
69 #include "evp_locl.h"
70 #include "rsa_locl.h"
71
72 /* RSA pkey context structure */
73
74 typedef struct
75         {
76         /* Key gen parameters */
77         int nbits;
78         BIGNUM *pub_exp;
79         /* Keygen callback info */
80         int gentmp[2];
81         /* RSA padding mode */
82         int pad_mode;
83         /* message digest */
84         const EVP_MD *md;
85         /* message digest for MGF1 */
86         const EVP_MD *mgf1md;
87         /* PSS/OAEP salt length */
88         int saltlen;
89         /* Temp buffer */
90         unsigned char *tbuf;
91         } RSA_PKEY_CTX;
92
93 static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
94         {
95         RSA_PKEY_CTX *rctx;
96         rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
97         if (!rctx)
98                 return 0;
99         rctx->nbits = 1024;
100         rctx->pub_exp = NULL;
101         rctx->pad_mode = RSA_PKCS1_PADDING;
102         rctx->md = NULL;
103         rctx->mgf1md = NULL;
104         rctx->tbuf = NULL;
105
106         rctx->saltlen = -2;
107
108         ctx->data = rctx;
109         ctx->keygen_info = rctx->gentmp;
110         ctx->keygen_info_count = 2;
111         
112         return 1;
113         }
114
115 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
116         {
117         RSA_PKEY_CTX *dctx, *sctx;
118         if (!pkey_rsa_init(dst))
119                 return 0;
120         sctx = src->data;
121         dctx = dst->data;
122         dctx->nbits = sctx->nbits;
123         if (sctx->pub_exp)
124                 {
125                 dctx->pub_exp = BN_dup(sctx->pub_exp);
126                 if (!dctx->pub_exp)
127                         return 0;
128                 }
129         dctx->pad_mode = sctx->pad_mode;
130         dctx->md = sctx->md;
131         return 1;
132         }
133
134 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
135         {
136         if (ctx->tbuf)
137                 return 1;
138         ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
139         if (!ctx->tbuf)
140                 return 0;
141         return 1;
142         }
143
144 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
145         {
146         RSA_PKEY_CTX *rctx = ctx->data;
147         if (rctx)
148                 {
149                 if (rctx->pub_exp)
150                         BN_free(rctx->pub_exp);
151                 if (rctx->tbuf)
152                         OPENSSL_free(rctx->tbuf);
153                 OPENSSL_free(rctx);
154                 }
155         }
156
157 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
158                                         const unsigned char *tbs, size_t tbslen)
159         {
160         int ret;
161         RSA_PKEY_CTX *rctx = ctx->data;
162         RSA *rsa = ctx->pkey->pkey.rsa;
163
164         if (rctx->md)
165                 {
166                 if (tbslen != (size_t)EVP_MD_size(rctx->md))
167                         {
168                         RSAerr(RSA_F_PKEY_RSA_SIGN,
169                                         RSA_R_INVALID_DIGEST_LENGTH);
170                         return -1;
171                         }
172
173                 if (EVP_MD_type(rctx->md) == NID_mdc2)
174                         {
175                         unsigned int sltmp;
176                         if (rctx->pad_mode != RSA_PKCS1_PADDING)
177                                 return -1;
178                         ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
179                                                 tbs, tbslen, sig, &sltmp, rsa);
180
181                         if (ret <= 0)
182                                 return ret;
183                         ret = sltmp;
184                         }
185                 else if (rctx->pad_mode == RSA_X931_PADDING)
186                         {
187                         if (!setup_tbuf(rctx, ctx))
188                                 return -1;
189                         memcpy(rctx->tbuf, tbs, tbslen);
190                         rctx->tbuf[tbslen] =
191                                 RSA_X931_hash_id(EVP_MD_type(rctx->md));
192                         ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
193                                                 sig, rsa, RSA_X931_PADDING);
194                         }
195                 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
196                         {
197                         unsigned int sltmp;
198                         ret = RSA_sign(EVP_MD_type(rctx->md),
199                                                 tbs, tbslen, sig, &sltmp, rsa);
200                         if (ret <= 0)
201                                 return ret;
202                         ret = sltmp;
203                         }
204                 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
205                         {
206                         if (!setup_tbuf(rctx, ctx))
207                                 return -1;
208                         if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
209                                                 rctx->tbuf, tbs,
210                                                 rctx->md, rctx->mgf1md,
211                                                 rctx->saltlen))
212                                 return -1;
213                         ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
214                                                 sig, rsa, RSA_NO_PADDING);
215                         }
216                 else
217                         return -1;
218                 }
219         else
220                 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
221                                                         rctx->pad_mode);
222         if (ret < 0)
223                 return ret;
224         *siglen = ret;
225         return 1;
226         }
227
228
229 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
230                                         unsigned char *rout, size_t *routlen,
231                                         const unsigned char *sig, size_t siglen)
232         {
233         int ret;
234         RSA_PKEY_CTX *rctx = ctx->data;
235
236         if (rctx->md)
237                 {
238                 if (rctx->pad_mode == RSA_X931_PADDING)
239                         {
240                         if (!setup_tbuf(rctx, ctx))
241                                 return -1;
242                         ret = RSA_public_decrypt(siglen, sig,
243                                                 rctx->tbuf, ctx->pkey->pkey.rsa,
244                                                 RSA_X931_PADDING);
245                         if (ret < 1)
246                                 return 0;
247                         ret--;
248                         if (rctx->tbuf[ret] !=
249                                 RSA_X931_hash_id(EVP_MD_type(rctx->md)))
250                                 {
251                                 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
252                                                 RSA_R_ALGORITHM_MISMATCH);
253                                 return 0;
254                                 }
255                         if (ret != EVP_MD_size(rctx->md))
256                                 {
257                                 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
258                                         RSA_R_INVALID_DIGEST_LENGTH);
259                                 return 0;
260                                 }
261                         if (rout)
262                                 memcpy(rout, rctx->tbuf, ret);
263                         }
264                 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
265                         {
266                         size_t sltmp;
267                         ret = int_rsa_verify(EVP_MD_type(rctx->md),
268                                                 NULL, 0, rout, &sltmp,
269                                         sig, siglen, ctx->pkey->pkey.rsa);
270                         if (ret <= 0)
271                                 return 0;
272                         ret = sltmp;
273                         }
274                 else
275                         return -1;
276                 }
277         else
278                 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
279                                                         rctx->pad_mode);
280         if (ret < 0)
281                 return ret;
282         *routlen = ret;
283         return 1;
284         }
285
286 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
287                                         const unsigned char *sig, size_t siglen,
288                                         const unsigned char *tbs, size_t tbslen)
289         {
290         RSA_PKEY_CTX *rctx = ctx->data;
291         RSA *rsa = ctx->pkey->pkey.rsa;
292         size_t rslen;
293         if (rctx->md)
294                 {
295                 if (rctx->pad_mode == RSA_PKCS1_PADDING)
296                         return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
297                                         sig, siglen, rsa);
298                 if (rctx->pad_mode == RSA_X931_PADDING)
299                         {
300                         if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
301                                         sig, siglen) <= 0)
302                                 return 0;
303                         }
304                 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
305                         {
306                         int ret;
307                         if (!setup_tbuf(rctx, ctx))
308                                 return -1;
309                         ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
310                                                         rsa, RSA_NO_PADDING);
311                         if (ret <= 0)
312                                 return 0;
313                         ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
314                                                 rctx->md, rctx->mgf1md,
315                                                 rctx->tbuf, rctx->saltlen);
316                         if (ret <= 0)
317                                 return 0;
318                         return 1;
319                         }
320                 else
321                         return -1;
322                 }
323         else
324                 {
325                 if (!setup_tbuf(rctx, ctx))
326                         return -1;
327                 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
328                                                 rsa, rctx->pad_mode);
329                 if (rslen == 0)
330                         return 0;
331                 }
332
333         if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
334                 return 0;
335
336         return 1;
337                         
338         }
339         
340
341 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
342                                         unsigned char *out, size_t *outlen,
343                                         const unsigned char *in, size_t inlen)
344         {
345         int ret;
346         RSA_PKEY_CTX *rctx = ctx->data;
347         ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
348                                                         rctx->pad_mode);
349         if (ret < 0)
350                 return ret;
351         *outlen = ret;
352         return 1;
353         }
354
355 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
356                                         unsigned char *out, size_t *outlen,
357                                         const unsigned char *in, size_t inlen)
358         {
359         int ret;
360         RSA_PKEY_CTX *rctx = ctx->data;
361         ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
362                                                         rctx->pad_mode);
363         if (ret < 0)
364                 return ret;
365         *outlen = ret;
366         return 1;
367         }
368
369 static int check_padding_md(const EVP_MD *md, int padding)
370         {
371         if (!md)
372                 return 1;
373
374         if (padding == RSA_NO_PADDING)
375                 {
376                 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
377                 return 0;
378                 }
379
380         if (padding == RSA_X931_PADDING)
381                 {
382                 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
383                         {
384                         RSAerr(RSA_F_CHECK_PADDING_MD,
385                                                 RSA_R_INVALID_X931_DIGEST);
386                         return 0;
387                         }
388                 return 1;
389                 }
390
391         return 1;
392         }
393                         
394
395 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
396         {
397         RSA_PKEY_CTX *rctx = ctx->data;
398         switch (type)
399                 {
400                 case EVP_PKEY_CTRL_RSA_PADDING:
401                 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
402                         {
403                         if (!check_padding_md(rctx->md, p1))
404                                 return 0;
405                         if (p1 == RSA_PKCS1_PSS_PADDING) 
406                                 {
407                                 if (!(ctx->operation &
408                                      (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
409                                         goto bad_pad;
410                                 if (!rctx->md)
411                                         rctx->md = EVP_sha1();
412                                 }
413                         if (p1 == RSA_PKCS1_OAEP_PADDING) 
414                                 {
415                                 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
416                                         goto bad_pad;
417                                 if (!rctx->md)
418                                         rctx->md = EVP_sha1();
419                                 }
420                         rctx->pad_mode = p1;
421                         return 1;
422                         }
423                 bad_pad:
424                 RSAerr(RSA_F_PKEY_RSA_CTRL,
425                                 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
426                 return -2;
427
428                 case EVP_PKEY_CTRL_GET_RSA_PADDING:
429                 *(int *)p2 = rctx->pad_mode;
430                 return 1;
431
432                 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
433                 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
434                 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
435                         {
436                         RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
437                         return -2;
438                         }
439                 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
440                         *(int *)p2 = rctx->saltlen;
441                 else
442                         {
443                         if (p1 < -2)
444                                 return -2;
445                         rctx->saltlen = p1;
446                         }
447                 return 1;
448
449                 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
450                 if (p1 < 256)
451                         {
452                         RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
453                         return -2;
454                         }
455                 rctx->nbits = p1;
456                 return 1;
457
458                 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
459                 if (!p2)
460                         return -2;
461                 rctx->pub_exp = p2;
462                 return 1;
463
464                 case EVP_PKEY_CTRL_MD:
465                 if (!check_padding_md(p2, rctx->pad_mode))
466                         return 0;
467                 rctx->md = p2;
468                 return 1;
469
470                 case EVP_PKEY_CTRL_RSA_MGF1_MD:
471                 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
472                 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
473                         {
474                         RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
475                         return -2;
476                         }
477                 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
478                         {
479                         if (rctx->mgf1md)
480                                 *(const EVP_MD **)p2 = rctx->mgf1md;
481                         else
482                                 *(const EVP_MD **)p2 = rctx->md;
483                         }
484                 else
485                         rctx->mgf1md = p2;
486                 return 1;
487
488                 case EVP_PKEY_CTRL_DIGESTINIT:
489                 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
490                 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
491                 case EVP_PKEY_CTRL_PKCS7_SIGN:
492                 return 1;
493 #ifndef OPENSSL_NO_CMS
494                 case EVP_PKEY_CTRL_CMS_DECRYPT:
495                 {
496                 X509_ALGOR *alg = NULL;
497                 ASN1_OBJECT *encalg = NULL;
498                 if (p2)
499                         CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
500                 if (alg)
501                         X509_ALGOR_get0(&encalg, NULL, NULL, alg);
502                 if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
503                         rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
504                 }
505                 case EVP_PKEY_CTRL_CMS_ENCRYPT:
506                 case EVP_PKEY_CTRL_CMS_SIGN:
507                 return 1;
508 #endif
509                 case EVP_PKEY_CTRL_PEER_KEY:
510                         RSAerr(RSA_F_PKEY_RSA_CTRL,
511                         RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
512                         return -2;      
513
514                 default:
515                 return -2;
516
517                 }
518         }
519                         
520 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
521                         const char *type, const char *value)
522         {
523         if (!value)
524                 {
525                 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
526                 return 0;
527                 }
528         if (!strcmp(type, "rsa_padding_mode"))
529                 {
530                 int pm;
531                 if (!strcmp(value, "pkcs1"))
532                         pm = RSA_PKCS1_PADDING;
533                 else if (!strcmp(value, "sslv23"))
534                         pm = RSA_SSLV23_PADDING;
535                 else if (!strcmp(value, "none"))
536                         pm = RSA_NO_PADDING;
537                 else if (!strcmp(value, "oeap"))
538                         pm = RSA_PKCS1_OAEP_PADDING;
539                 else if (!strcmp(value, "oaep"))
540                         pm = RSA_PKCS1_OAEP_PADDING;
541                 else if (!strcmp(value, "x931"))
542                         pm = RSA_X931_PADDING;
543                 else if (!strcmp(value, "pss"))
544                         pm = RSA_PKCS1_PSS_PADDING;
545                 else
546                         {
547                         RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
548                                                 RSA_R_UNKNOWN_PADDING_TYPE);
549                         return -2;
550                         }
551                 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
552                 }
553
554         if (!strcmp(type, "rsa_pss_saltlen"))
555                 {
556                 int saltlen;
557                 saltlen = atoi(value);
558                 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
559                 }
560
561         if (!strcmp(type, "rsa_keygen_bits"))
562                 {
563                 int nbits;
564                 nbits = atoi(value);
565                 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
566                 }
567
568         if (!strcmp(type, "rsa_keygen_pubexp"))
569                 {
570                 int ret;
571                 BIGNUM *pubexp = NULL;
572                 if (!BN_asc2bn(&pubexp, value))
573                         return 0;
574                 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
575                 if (ret <= 0)
576                         BN_free(pubexp);
577                 return ret;
578                 }
579
580         return -2;
581         }
582
583 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
584         {
585         RSA *rsa = NULL;
586         RSA_PKEY_CTX *rctx = ctx->data;
587         BN_GENCB *pcb, cb;
588         int ret;
589         if (!rctx->pub_exp)
590                 {
591                 rctx->pub_exp = BN_new();
592                 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
593                         return 0;
594                 }
595         rsa = RSA_new();
596         if (!rsa)
597                 return 0;
598         if (ctx->pkey_gencb)
599                 {
600                 pcb = &cb;
601                 evp_pkey_set_cb_translate(pcb, ctx);
602                 }
603         else
604                 pcb = NULL;
605         ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
606         if (ret > 0)
607                 EVP_PKEY_assign_RSA(pkey, rsa);
608         else
609                 RSA_free(rsa);
610         return ret;
611         }
612
613 const EVP_PKEY_METHOD rsa_pkey_meth = 
614         {
615         EVP_PKEY_RSA,
616         EVP_PKEY_FLAG_AUTOARGLEN,
617         pkey_rsa_init,
618         pkey_rsa_copy,
619         pkey_rsa_cleanup,
620
621         0,0,
622
623         0,
624         pkey_rsa_keygen,
625
626         0,
627         pkey_rsa_sign,
628
629         0,
630         pkey_rsa_verify,
631
632         0,
633         pkey_rsa_verifyrecover,
634
635
636         0,0,0,0,
637
638         0,
639         pkey_rsa_encrypt,
640
641         0,
642         pkey_rsa_decrypt,
643
644         0,0,
645
646         pkey_rsa_ctrl,
647         pkey_rsa_ctrl_str
648
649
650         };