rsa 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. .TH RSA 2
  2. .SH NAME
  3. asn1dump,
  4. asn1toRSApriv,
  5. decodePEM,
  6. rsadecrypt,
  7. rsaencrypt,
  8. rsagen,
  9. rsaprivalloc,
  10. rsaprivfree,
  11. rsaprivtopub,
  12. rsapuballoc,
  13. rsapubfree,
  14. X509toRSApub,
  15. X509gen,
  16. X509verify \- RSA encryption algorithm
  17. .SH SYNOPSIS
  18. .B #include <u.h>
  19. .br
  20. .B #include <libc.h>
  21. .br
  22. .B #include <mp.h>
  23. .br
  24. .B #include <libsec.h>
  25. .PP
  26. .B
  27. RSApriv* rsagen(int nlen, int elen, int nrep)
  28. .PP
  29. .B
  30. mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
  31. .PP
  32. .B
  33. mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
  34. .PP
  35. .B
  36. RSApub* rsapuballoc(void)
  37. .PP
  38. .B
  39. void rsapubfree(RSApub*)
  40. .PP
  41. .B
  42. RSApriv* rsaprivalloc(void)
  43. .PP
  44. .B
  45. void rsaprivfree(RSApriv*)
  46. .PP
  47. .B
  48. RSApub* rsaprivtopub(RSApriv*)
  49. .PP
  50. .B
  51. RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
  52. .PP
  53. .B
  54. RSApriv* asn1toRSApriv(uchar *priv, int npriv)
  55. .PP
  56. .B
  57. void asn1dump(uchar *der, int len)
  58. .PP
  59. .B
  60. uchar* decodePEM(char *s, char *type, int *len, char **new_s)
  61. .PP
  62. .B
  63. uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
  64. .PP
  65. .B
  66. uchar* X509req(RSApriv *priv, char *subj, int *certlen);
  67. .PP
  68. .B
  69. char* X509verify(uchar *cert, int ncert, RSApub *pk)
  70. .SH DESCRIPTION
  71. .PP
  72. RSA is a public key encryption algorithm. The owner of a key publishes
  73. the public part of the key:
  74. .EX
  75. struct RSApub
  76. {
  77. mpint *n; // modulus
  78. mpint *ek; // exp (encryption key)
  79. };
  80. .EE
  81. This part can be used for encrypting data (with
  82. .IR rsaencrypt )
  83. to be sent to the owner.
  84. The owner decrypts (with
  85. .IR rsadecrypt )
  86. using his private key:
  87. .EX
  88. struct RSApriv
  89. {
  90. RSApub pub;
  91. mpint *dk; // exp (decryption key)
  92. // precomputed crt values
  93. mpint *p;
  94. mpint *q;
  95. mpint *kp; // k mod p-1
  96. mpint *kq; // k mod q-1
  97. mpint *c2; // for converting residues to number
  98. };
  99. .EE
  100. .PP
  101. Keys are generated using
  102. .IR rsagen .
  103. .I Rsagen
  104. takes both bit length of the modulus, the bit length of the
  105. public key exponent, and the number of repetitions of the Miller-Rabin
  106. primality test to run. If the latter is 0, it does the default number
  107. of rounds.
  108. .I Rsagen
  109. returns a newly allocated structure containing both
  110. public and private keys.
  111. .I Rsaprivtopub
  112. returns a newly allocated copy of the public key
  113. corresponding to the private key.
  114. .PP
  115. The routines
  116. .IR rsaalloc ,
  117. .IR rsafree ,
  118. .IR rsapuballoc ,
  119. .IR rsapubfree ,
  120. .IR rsaprivalloc ,
  121. and
  122. .I rsaprivfree
  123. are provided to aid in user provided key I/O.
  124. .PP
  125. Given a binary X.509
  126. .IR cert ,
  127. the routine
  128. .I X509toRSApub
  129. returns the public key and, if
  130. .I name
  131. is not nil, the CN part of the Distinguished Name of the
  132. certificate's Subject.
  133. (This is conventionally a userid or a host DNS name.)
  134. No verification is done of the certificate signature; the
  135. caller should check the fingerprint,
  136. .IR sha1(cert) ,
  137. against a table or check the certificate by other means.
  138. X.509 certificates are often stored in PEM format; use
  139. .I dec64
  140. to convert to binary before computing the fingerprint or calling
  141. .IR X509toRSApub .
  142. For the special case of
  143. certificates signed by a known trusted key
  144. (in a single step, without certificate chains)
  145. .I X509verify
  146. checks the signature on
  147. .IR cert .
  148. It returns nil if successful, else an error string.
  149. .PP
  150. .I X509gen
  151. creates a self-signed X.509 certificate, given an RSA keypair
  152. .IR priv ,
  153. a issuer/subject string
  154. .IR subj ,
  155. and the starting and ending validity dates,
  156. .IR valid .
  157. Length of the allocated binary certificate is stored in
  158. .IR certlen .
  159. The subject line is conventionally of the form
  160. .EX
  161. "C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric"
  162. .EE
  163. using the quoting conventions of
  164. .IR tokenize (2).
  165. .PP
  166. .I Asn1toRSApriv
  167. converts an ASN1 formatted RSA private key into the corresponding
  168. .B RSApriv
  169. structure.
  170. .PP
  171. .I Asn1dump
  172. prints an ASN1 object to standard output.
  173. .PP
  174. .I DecodePEM
  175. takes a zero terminated string,
  176. .IR s ,
  177. and decodes the PEM (privacy-enhanced mail) formatted section for
  178. .I type
  179. within it.
  180. If successful, it returns the decoded section and sets
  181. .BI * len
  182. to its decoded length. If not nil,
  183. .I new_s
  184. is set to the first character beyond the
  185. .I type
  186. section.
  187. Otherwise
  188. .B nil
  189. is returned and
  190. .BI * len
  191. is undefined.
  192. .SH SOURCE
  193. .B /sys/src/libsec
  194. .SH SEE ALSO
  195. .IR mp (2),
  196. .IR aes (2),
  197. .IR blowfish (2),
  198. .IR des (2),
  199. .IR dsa (2),
  200. .IR elgamal (2),
  201. .IR rc4 (2),
  202. .IR sechash (2),
  203. .IR prime (2),
  204. .IR rand (2),
  205. .IR x509 (8)