4 cfa37a7b 2004-04-10 devnull asn1toRSApriv,
5 cfa37a7b 2004-04-10 devnull decodepem,
6 cfa37a7b 2004-04-10 devnull rsadecrypt,
7 cfa37a7b 2004-04-10 devnull rsaencrypt,
9 cfa37a7b 2004-04-10 devnull rsaprivalloc,
10 cfa37a7b 2004-04-10 devnull rsaprivfree,
11 cfa37a7b 2004-04-10 devnull rsaprivtopub,
12 cfa37a7b 2004-04-10 devnull rsapuballoc,
13 cfa37a7b 2004-04-10 devnull rsapubfree,
14 cfa37a7b 2004-04-10 devnull X509toRSApub,
16 cfa37a7b 2004-04-10 devnull X509verify \- RSA encryption algorithm
17 cfa37a7b 2004-04-10 devnull .SH SYNOPSIS
18 cfa37a7b 2004-04-10 devnull .B #include <u.h>
20 cfa37a7b 2004-04-10 devnull .B #include <libc.h>
22 cfa37a7b 2004-04-10 devnull .B #include <mp.h>
24 cfa37a7b 2004-04-10 devnull .B #include <libsec.h>
27 cfa37a7b 2004-04-10 devnull RSApriv* rsagen(int nlen, int elen, int nrep)
30 cfa37a7b 2004-04-10 devnull mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
33 cfa37a7b 2004-04-10 devnull mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
36 cfa37a7b 2004-04-10 devnull RSApub* rsapuballoc(void)
39 cfa37a7b 2004-04-10 devnull void rsapubfree(RSApub*)
42 cfa37a7b 2004-04-10 devnull RSApriv* rsaprivalloc(void)
45 cfa37a7b 2004-04-10 devnull void rsaprivfree(RSApriv*)
48 cfa37a7b 2004-04-10 devnull RSApub* rsaprivtopub(RSApriv*)
51 cfa37a7b 2004-04-10 devnull RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
54 cfa37a7b 2004-04-10 devnull RSApriv* asn1toRSApriv(uchar *priv, int npriv)
57 cfa37a7b 2004-04-10 devnull void asn1dump(uchar *der, int len)
60 cfa37a7b 2004-04-10 devnull uchar* decodepem(char *s, char *type, int *len)
63 cfa37a7b 2004-04-10 devnull uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
66 cfa37a7b 2004-04-10 devnull uchar* X509req(RSApriv *priv, char *subj, int *certlen);
69 cfa37a7b 2004-04-10 devnull char* X509verify(uchar *cert, int ncert, RSApub *pk)
70 cfa37a7b 2004-04-10 devnull .SH DESCRIPTION
72 cfa37a7b 2004-04-10 devnull RSA is a public key encryption algorithm. The owner of a key publishes
73 cfa37a7b 2004-04-10 devnull the public part of the key:
75 cfa37a7b 2004-04-10 devnull struct RSApub
77 cfa37a7b 2004-04-10 devnull mpint *n; // modulus
78 cfa37a7b 2004-04-10 devnull mpint *ek; // exp (encryption key)
81 cfa37a7b 2004-04-10 devnull This part can be used for encrypting data (with
82 cfa37a7b 2004-04-10 devnull .IR rsaencrypt )
83 cfa37a7b 2004-04-10 devnull to be sent to the owner.
84 cfa37a7b 2004-04-10 devnull The owner decrypts (with
85 cfa37a7b 2004-04-10 devnull .IR rsadecrypt )
86 cfa37a7b 2004-04-10 devnull using his private key:
88 cfa37a7b 2004-04-10 devnull struct RSApriv
90 cfa37a7b 2004-04-10 devnull RSApub pub;
91 cfa37a7b 2004-04-10 devnull mpint *dk; // exp (decryption key)
93 cfa37a7b 2004-04-10 devnull // precomputed crt values
94 cfa37a7b 2004-04-10 devnull mpint *p;
95 cfa37a7b 2004-04-10 devnull mpint *q;
96 cfa37a7b 2004-04-10 devnull mpint *kp; // k mod p-1
97 cfa37a7b 2004-04-10 devnull mpint *kq; // k mod q-1
98 cfa37a7b 2004-04-10 devnull mpint *c2; // for converting residues to number
102 cfa37a7b 2004-04-10 devnull Keys are generated using
103 cfa37a7b 2004-04-10 devnull .IR rsagen .
104 cfa37a7b 2004-04-10 devnull .I Rsagen
105 cfa37a7b 2004-04-10 devnull takes both bit length of the modulus, the bit length of the
106 cfa37a7b 2004-04-10 devnull public key exponent, and the number of repetitions of the Miller-Rabin
107 cfa37a7b 2004-04-10 devnull primality test to run. If the latter is 0, it does the default number
108 cfa37a7b 2004-04-10 devnull of rounds.
109 cfa37a7b 2004-04-10 devnull .I Rsagen
110 cfa37a7b 2004-04-10 devnull returns a newly allocated structure containing both
111 cfa37a7b 2004-04-10 devnull public and private keys.
112 cfa37a7b 2004-04-10 devnull .I Rsaprivtopub
113 cfa37a7b 2004-04-10 devnull returns a newly allocated copy of the public key
114 cfa37a7b 2004-04-10 devnull corresponding to the private key.
116 cfa37a7b 2004-04-10 devnull The routines
117 cfa37a7b 2004-04-10 devnull .IR rsaalloc ,
118 cfa37a7b 2004-04-10 devnull .IR rsafree ,
119 cfa37a7b 2004-04-10 devnull .IR rsapuballoc ,
120 cfa37a7b 2004-04-10 devnull .IR rsapubfree ,
121 cfa37a7b 2004-04-10 devnull .IR rsaprivalloc ,
123 cfa37a7b 2004-04-10 devnull .I rsaprivfree
124 cfa37a7b 2004-04-10 devnull are provided to aid in user provided key I/O.
126 cfa37a7b 2004-04-10 devnull Given a binary X.509
127 cfa37a7b 2004-04-10 devnull .IR cert ,
128 cfa37a7b 2004-04-10 devnull the routine
129 cfa37a7b 2004-04-10 devnull .I X509toRSApub
130 cfa37a7b 2004-04-10 devnull returns the public key and, if
132 cfa37a7b 2004-04-10 devnull is not nil, the CN part of the Distinguished Name of the
133 cfa37a7b 2004-04-10 devnull certificate's Subject.
134 cfa37a7b 2004-04-10 devnull (This is conventionally a userid or a host DNS name.)
135 cfa37a7b 2004-04-10 devnull No verification is done of the certificate signature; the
136 cfa37a7b 2004-04-10 devnull caller should check the fingerprint,
137 cfa37a7b 2004-04-10 devnull .IR sha1(cert) ,
138 cfa37a7b 2004-04-10 devnull against a table or check the certificate by other means.
139 cfa37a7b 2004-04-10 devnull X.509 certificates are often stored in PEM format; use
140 cfa37a7b 2004-04-10 devnull .I dec64
141 cfa37a7b 2004-04-10 devnull to convert to binary before computing the fingerprint or calling
142 cfa37a7b 2004-04-10 devnull .IR X509toRSApub .
143 cfa37a7b 2004-04-10 devnull For the special case of
144 cfa37a7b 2004-04-10 devnull certificates signed by a known trusted key
145 cfa37a7b 2004-04-10 devnull (in a single step, without certificate chains)
146 cfa37a7b 2004-04-10 devnull .I X509verify
147 cfa37a7b 2004-04-10 devnull checks the signature on
148 cfa37a7b 2004-04-10 devnull .IR cert .
149 cfa37a7b 2004-04-10 devnull It returns nil if successful, else an error string.
151 cfa37a7b 2004-04-10 devnull .I X509gen
152 cfa37a7b 2004-04-10 devnull creates a self-signed X.509 certificate, given an RSA keypair
153 cfa37a7b 2004-04-10 devnull .IR priv ,
154 cfa37a7b 2004-04-10 devnull a issuer/subject string
155 cfa37a7b 2004-04-10 devnull .IR subj ,
156 cfa37a7b 2004-04-10 devnull and the starting and ending validity dates,
157 cfa37a7b 2004-04-10 devnull .IR valid .
158 cfa37a7b 2004-04-10 devnull Length of the allocated binary certificate is stored in
159 cfa37a7b 2004-04-10 devnull .IR certlen .
160 cfa37a7b 2004-04-10 devnull The subject line is conventionally of the form
162 cfa37a7b 2004-04-10 devnull "C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric"
164 cfa37a7b 2004-04-10 devnull using the quoting conventions of
165 bf8a59fa 2004-04-11 devnull .IR tokenize (3).
167 cfa37a7b 2004-04-10 devnull .I Asn1toRSApriv
168 cfa37a7b 2004-04-10 devnull converts an ASN1 formatted RSA private key into the corresponding
169 cfa37a7b 2004-04-10 devnull .B RSApriv
170 cfa37a7b 2004-04-10 devnull structure.
172 cfa37a7b 2004-04-10 devnull .I Asn1dump
173 cfa37a7b 2004-04-10 devnull prints an ASN1 object to standard output.
175 cfa37a7b 2004-04-10 devnull .I Decodepem
176 cfa37a7b 2004-04-10 devnull takes a zero terminated string,
178 cfa37a7b 2004-04-10 devnull and decodes the PEM (privacy-enhanced mail) formatted section for
180 cfa37a7b 2004-04-10 devnull within it.
181 cfa37a7b 2004-04-10 devnull If successful, it returns the decoded section and sets
182 cfa37a7b 2004-04-10 devnull .BI * len
183 cfa37a7b 2004-04-10 devnull to its decoded length.
184 cfa37a7b 2004-04-10 devnull If not, it returns
185 cfa37a7b 2004-04-10 devnull .BR nil ,
187 cfa37a7b 2004-04-10 devnull .BI * len
188 cfa37a7b 2004-04-10 devnull is undefined.
189 cfa37a7b 2004-04-10 devnull .SH SOURCE
190 b5fdffee 2004-04-19 devnull .B /usr/local/plan9/src/libsec
191 cfa37a7b 2004-04-10 devnull .SH SEE ALSO
192 bf8a59fa 2004-04-11 devnull .IR mp (3),
193 bf8a59fa 2004-04-11 devnull .IR aes (3),
194 bf8a59fa 2004-04-11 devnull .IR blowfish (3),
195 bf8a59fa 2004-04-11 devnull .IR des (3),
196 bf8a59fa 2004-04-11 devnull .IR dsa (3),
197 bf8a59fa 2004-04-11 devnull .IR elgamal (3),
198 bf8a59fa 2004-04-11 devnull .IR rc4 (3),
199 bf8a59fa 2004-04-11 devnull .IR sechash (3),
200 bf8a59fa 2004-04-11 devnull .IR prime (3),
201 bf8a59fa 2004-04-11 devnull .IR rand (3),
202 cfa37a7b 2004-04-10 devnull .IR x509 (8)