1
0

rsa 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238
  1. .TH RSA 2
  2. .SH NAME
  3. asn1dump,
  4. asn1toRSApub,
  5. asn1toRSApriv,
  6. decodePEM,
  7. rsadecrypt,
  8. rsaencrypt,
  9. rsagen,
  10. rsaprivalloc,
  11. rsaprivfree,
  12. rsaprivtopub,
  13. rsapuballoc,
  14. rsapubfree,
  15. RSApubtoasn1,
  16. X509toRSApub,
  17. X509gen,
  18. X509verify \- RSA encryption algorithm
  19. .SH SYNOPSIS
  20. .B #include <u.h>
  21. .br
  22. .B #include <libc.h>
  23. .br
  24. .B #include <mp.h>
  25. .br
  26. .B #include <libsec.h>
  27. .PP
  28. .ta +\w'\fLRSApriv* \fP'u
  29. .B
  30. RSApriv* rsagen(int nlen, int elen, int nrep)
  31. .PP
  32. .B
  33. mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
  34. .PP
  35. .B
  36. mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
  37. .PP
  38. .B
  39. RSApub* rsapuballoc(void)
  40. .PP
  41. .B
  42. void rsapubfree(RSApub*)
  43. .PP
  44. .B
  45. RSApriv* rsaprivalloc(void)
  46. .PP
  47. .B
  48. void rsaprivfree(RSApriv*)
  49. .PP
  50. .B
  51. RSApub* rsaprivtopub(RSApriv*)
  52. .PP
  53. .B
  54. RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
  55. .PP
  56. .B
  57. RSApub* asn1toRSApub(uchar *pub, int npub)
  58. .PP
  59. .B
  60. uchar* RSApubtoasn1(RSApub *pub, int *keylen)
  61. .PP
  62. .B
  63. RSApriv* asn1toRSApriv(uchar *priv, int npriv)
  64. .PP
  65. .B
  66. void asn1dump(uchar *der, int len)
  67. .PP
  68. .B
  69. uchar* decodePEM(char *s, char *type, int *len, char **new_s)
  70. .PP
  71. .B
  72. uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
  73. .PP
  74. .B
  75. uchar* X509req(RSApriv *priv, char *subj, int *certlen);
  76. .PP
  77. .B
  78. char* X509verify(uchar *cert, int ncert, RSApub *pk)
  79. .DT
  80. .SH DESCRIPTION
  81. RSA is a public key encryption algorithm. The owner of a key publishes
  82. the public part of the key:
  83. .IP
  84. .EX
  85. struct RSApub
  86. {
  87. mpint *n; /* modulus */
  88. mpint *ek; /* exp (encryption key) */
  89. };
  90. .EE
  91. .LP
  92. This part can be used for encrypting data (with
  93. .IR rsaencrypt )
  94. to be sent to the owner.
  95. The owner decrypts (with
  96. .IR rsadecrypt )
  97. using his private key:
  98. .IP
  99. .EX
  100. struct RSApriv
  101. {
  102. RSApub pub;
  103. mpint *dk; /* exp (decryption key) */
  104. /* precomputed crt values */
  105. mpint *p;
  106. mpint *q;
  107. mpint *kp; /* k mod p-1 */
  108. mpint *kq; /* k mod q-1 */
  109. mpint *c2; /* for converting residues to number */
  110. };
  111. .EE
  112. .PP
  113. Keys are generated using
  114. .IR rsagen .
  115. .I Rsagen
  116. takes both bit length of the modulus, the bit length of the
  117. public key exponent, and the number of repetitions of the Miller-Rabin
  118. primality test to run. If the latter is 0, it does the default number
  119. of rounds.
  120. .I Rsagen
  121. returns a newly allocated structure containing both
  122. public and private keys.
  123. .I Rsaprivtopub
  124. returns a newly allocated copy of the public key
  125. corresponding to the private key.
  126. .PP
  127. The routines
  128. .IR rsaalloc ,
  129. .IR rsafree ,
  130. .IR rsapuballoc ,
  131. .IR rsapubfree ,
  132. .IR rsaprivalloc ,
  133. and
  134. .I rsaprivfree
  135. are provided to aid in user provided key I/O.
  136. .PP
  137. Given a binary X.509
  138. .IR cert ,
  139. the routine
  140. .I X509toRSApub
  141. returns the public key and, if
  142. .I name
  143. is not nil, the CN part of the Distinguished Name of the
  144. certificate's Subject.
  145. (This is conventionally a userid or a host DNS name.)
  146. No verification is done of the certificate signature; the
  147. caller should check the fingerprint,
  148. .IR sha1(cert) ,
  149. against a table or check the certificate by other means.
  150. X.509 certificates are often stored in PEM format; use
  151. .I dec64
  152. to convert to binary before computing the fingerprint or calling
  153. .IR X509toRSApub .
  154. For the special case of
  155. certificates signed by a known trusted key
  156. (in a single step, without certificate chains),
  157. .I X509verify
  158. checks the signature on
  159. .IR cert .
  160. It returns nil if successful, else an error string.
  161. .PP
  162. .I X509gen
  163. creates a self-signed X.509 certificate, given an RSA keypair
  164. .IR priv ,
  165. a issuer/subject string
  166. .IR subj ,
  167. and the starting and ending validity dates,
  168. .IR valid .
  169. Length of the allocated binary certificate is stored in
  170. .IR certlen .
  171. The subject line is conventionally of the form
  172. .IP
  173. .EX
  174. C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric
  175. .EE
  176. .LP
  177. using the quoting conventions of
  178. .I tokenize
  179. in
  180. .IR getfields (2).
  181. .PP
  182. .I Asn1toRSApub
  183. converts an ASN1-formatted RSA public key into the corresponding
  184. .B RSApub
  185. structure.
  186. .PP
  187. .I RSApubtoasn1
  188. encodes an RSA public key using ASN.1 DER. It returns a pointer
  189. to the encoded key; if keylen is non-nil, it sets
  190. .B *keylen
  191. to the length of the encoded key.
  192. .PP
  193. .I Asn1toRSApriv
  194. converts an ASN1 formatted RSA private key into the corresponding
  195. .B RSApriv
  196. structure.
  197. .PP
  198. .I Asn1dump
  199. prints an ASN1 object to standard output.
  200. .PP
  201. .I DecodePEM
  202. takes a zero terminated string,
  203. .IR s ,
  204. and decodes the PEM (privacy-enhanced mail) formatted section for
  205. .I type
  206. within it.
  207. If successful, it returns
  208. .IR malloc ed
  209. storage containing the decoded section,
  210. which the caller must free,
  211. and sets
  212. .BI * len
  213. to its decoded length.
  214. Otherwise
  215. .B nil
  216. is returned and
  217. .BI * len
  218. is undefined.
  219. If not nil,
  220. .I new_s
  221. is set to the first character beyond the
  222. .I type
  223. section.
  224. .SH SOURCE
  225. .B /sys/src/libsec
  226. .SH SEE ALSO
  227. .IR mp (2),
  228. .IR aes (2),
  229. .IR blowfish (2),
  230. .IR des (2),
  231. .IR dsa (2),
  232. .IR elgamal (2),
  233. .IR rc4 (2),
  234. .IR sechash (2),
  235. .IR prime (2),
  236. .IR rand (2),
  237. .IR rsa (8)