1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
|
<head>
<title>rsa(3) - Plan 9 from User Space</title>
<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
</head>
<body bgcolor=#ffffff>
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=10><td>
<tr><td width=20><td>
<tr><td width=20><td><b>RSA(3)</b><td align=right><b>RSA(3)</b>
<tr><td width=20><td colspan=2>
<br>
<p><font size=+1><b>NAME </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
asn1dump, asn1toRSApriv, decodepem, decodepemchain, rsadecrypt,
rsaencrypt, rsafill,, rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub,
rsapuballoc, rsapubfree, X509toRSApub, X509dump, X509gen, X509req,
X509verify – RSA encryption algorithm<br>
</table>
<p><font size=+1><b>SYNOPSIS </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<tt><font size=+1>#include <u.h><br>
#include <libc.h><br>
#include <mp.h><br>
#include <libsec.h>
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApriv* rsagen(int nlen, int elen, int nrep)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApriv* rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint
*q)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApub* rsapuballoc(void)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>void rsapubfree(RSApub*)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApriv* rsaprivalloc(void)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>void rsaprivfree(RSApriv*)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApub* rsaprivtopub(RSApriv*)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>RSApriv* asn1toRSApriv(uchar *priv, int npriv)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>void asn1dump(uchar *der, int len)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>uchar* decodepem(char *s, char *type, int *len)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>PEMChain* decodepemchain(char *s, char *type)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>void X509dump(uchar *cert, int ncert)
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int
*certlen);
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>uchar* X509req(RSApriv *priv, char *subj, int *certlen);
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
<tt><font size=+1>char* X509verify(uchar *cert, int ncert, RSApub *pk)<br>
</font></tt>
</table>
<p><font size=+1><b>DESCRIPTION </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
RSA is a public key encryption algorithm. The owner of a key publishes
the public part of the key:<br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<tt><font size=+1>struct RSApub<br>
{<br>
mpint*n;// modulus<br>
mpint*ek;// exp (encryption key)<br>
};<br>
</font></tt>
</table>
</table>
This part can be used for encrypting data (with <i>rsaencrypt</i>) to
be sent to the owner. The owner decrypts (with <i>rsadecrypt</i>) using
his private key:<br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<tt><font size=+1>struct RSApriv<br>
{<br>
RSApubpub;<br>
mpint*dk;// exp (decryption key)<br>
<br>
// precomputed crt values<br>
mpint*p;<br>
mpint*q;<br>
mpint*kp;// k mod p−1<br>
mpint*kq;// k mod q−1<br>
mpint*c2;// for converting residues to number<br>
};<br>
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</font></tt>
</table>
</table>
Keys are generated using <i>rsagen</i>. <i>Rsagen</i> takes both bit length
of the modulus, the bit length of the public key exponent, and
the number of repetitions of the Miller-Rabin primality test to
run. If the latter is 0, it does the default number of rounds.
<i>Rsagen</i> returns a newly allocated structure containing both public
and
private keys. <i>Rsaprivtopub</i> returns a newly allocated copy of the
public key corresponding to the private key.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>Rsafill</i> takes as input the bare minimum pieces of an RSA private
key and computes the rest (<tt><font size=+1>kp</font></tt>, <tt><font size=+1>kq</font></tt>, and <tt><font size=+1>c2</font></tt>). It returns a new private
key. All the <tt><font size=+1>mpint</font></tt>s in the key, even the ones that correspond
directly to <i>rsafill</i>’s input parameters, are freshly allocated,
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
The routines <i>rsaalloc</i>, <i>rsafree</i>, <i>rsapuballoc</i>, <i>rsapubfree</i>, <i>rsaprivalloc</i>,
and <i>rsaprivfree</i> are provided to aid in user provided key I/O.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
Given a binary X.509 <i>cert</i>, the routine <i>X509toRSApub</i> returns the
public key and, if <i>name</i> is not nil, the CN part of the Distinguished
Name of the certificate’s Subject. (This is conventionally a userid
or a host DNS name.) No verification is done of the certificate
signature; the caller should check the fingerprint,
<i>sha1(cert)</i>, against a table or check the certificate by other
means. X.509 certificates are often stored in PEM format; use
<i>dec64</i> to convert to binary before computing the fingerprint or
calling <i>X509toRSApub</i>. For the special case of certificates signed
by a known trusted key (in a single step, without certificate
chains)
<i>X509verify</i> checks the signature on <i>cert</i>. It returns nil if successful,
else an error string.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>X509dump</i> prints an X.509 certificate to standard ouptut.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>X509gen</i> creates a self-signed X.509 certificate, given an RSA
keypair <i>priv</i>, a issuer/subject string <i>subj</i>, and the starting and
ending validity dates, <i>valid</i>. Length of the allocated binary certificate
is stored in <i>certlen</i>. The subject line is conventionally of the
form<br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<tt><font size=+1>"C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric"<br>
</font></tt>
</table>
using the quoting conventions of <i>tokenize</i> (see <a href="../man3/getfields.html"><i>getfields</i>(3)</a>).
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>X509req</i> creates an X.509 certification request.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>Asn1toRSApriv</i> converts an ASN1 formatted RSA private key into
the corresponding <tt><font size=+1>RSApriv</font></tt> structure.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>Asn1dump</i> prints an ASN1 object to standard output.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>Decodepem</i> takes a zero terminated string, <i>s</i>, and decodes the PEM
(privacy-enhanced mail) formatted section for <i>type</i> within it.
If successful, it returns the decoded section and sets <tt><font size=+1>*</font></tt><i>len</i> to
its decoded length. If not, it returns <tt><font size=+1>nil</font></tt>, and <tt><font size=+1>*</font></tt><i>len</i> is undefined.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<i>Decodepemchain</i> is similar but expects a sequence of PEM-formatted
sections and returns a linked list of the decodings:<br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<tt><font size=+1>typedef struct PEMChain PEMChain<br>
struct PEMChain<br>
{<br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
PEMChain *next;<br>
uchar *pem;<br>
int pemlen;<br>
</table>
};<br>
</font></tt>
</table>
</table>
<p><font size=+1><b>SOURCE </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<tt><font size=+1>/usr/local/plan9/src/libsec<br>
</font></tt>
</table>
<p><font size=+1><b>SEE ALSO </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<a href="../man3/mp.html"><i>mp</i>(3)</a>, <a href="../man3/aes.html"><i>aes</i>(3)</a>, <a href="../man3/blowfish.html"><i>blowfish</i>(3)</a>, <a href="../man3/des.html"><i>des</i>(3)</a>, <a href="../man3/dsa.html"><i>dsa</i>(3)</a>, <a href="../man3/elgamal.html"><i>elgamal</i>(3)</a>, <a href="../man3/rc4.html"><i>rc4</i>(3)</a>,
<a href="../man3/sechash.html"><i>sechash</i>(3)</a>, <a href="../man3/prime.html"><i>prime</i>(3)</a>, <a href="../man3/rand.html"><i>rand</i>(3)</a><br>
</table>
<td width=20>
<tr height=20><td>
</table>
<!-- TRAILER -->
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=15><td width=10><td><td width=10>
<tr><td><td>
<center>
<a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
</center>
</table>
<!-- TRAILER -->
</body></html>
|