2004-04-10 18:53:55 +00:00
|
|
|
.TH RSA 3
|
|
|
|
.SH NAME
|
|
|
|
asn1dump,
|
|
|
|
asn1toRSApriv,
|
|
|
|
decodepem,
|
2005-01-03 06:40:20 +00:00
|
|
|
decodepemchain,
|
2004-04-10 18:53:55 +00:00
|
|
|
rsadecrypt,
|
|
|
|
rsaencrypt,
|
2005-01-03 06:40:20 +00:00
|
|
|
rsafill,,
|
2004-04-10 18:53:55 +00:00
|
|
|
rsagen,
|
|
|
|
rsaprivalloc,
|
|
|
|
rsaprivfree,
|
|
|
|
rsaprivtopub,
|
|
|
|
rsapuballoc,
|
|
|
|
rsapubfree,
|
|
|
|
X509toRSApub,
|
2005-01-03 06:40:20 +00:00
|
|
|
X509dump,
|
2004-04-10 18:53:55 +00:00
|
|
|
X509gen,
|
2005-01-03 06:40:20 +00:00
|
|
|
X509req,
|
2004-04-10 18:53:55 +00:00
|
|
|
X509verify \- RSA encryption algorithm
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.B #include <u.h>
|
|
|
|
.br
|
|
|
|
.B #include <libc.h>
|
|
|
|
.br
|
|
|
|
.B #include <mp.h>
|
|
|
|
.br
|
|
|
|
.B #include <libsec.h>
|
|
|
|
.PP
|
|
|
|
.B
|
2005-01-03 06:40:20 +00:00
|
|
|
.ta +\w'\fLPEMChain* 'u
|
2004-04-10 18:53:55 +00:00
|
|
|
RSApriv* rsagen(int nlen, int elen, int nrep)
|
|
|
|
.PP
|
|
|
|
.B
|
2005-01-03 06:40:20 +00:00
|
|
|
RSApriv* rsafill(mpint *n, mpint *ek, mpint *dk, mpint *p, mpint *q)
|
|
|
|
.PP
|
|
|
|
.B
|
2004-04-10 18:53:55 +00:00
|
|
|
mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
RSApub* rsapuballoc(void)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
void rsapubfree(RSApub*)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
RSApriv* rsaprivalloc(void)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
void rsaprivfree(RSApriv*)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
RSApub* rsaprivtopub(RSApriv*)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
RSApriv* asn1toRSApriv(uchar *priv, int npriv)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
void asn1dump(uchar *der, int len)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
uchar* decodepem(char *s, char *type, int *len)
|
|
|
|
.PP
|
|
|
|
.B
|
2005-01-03 06:40:20 +00:00
|
|
|
PEMChain* decodepemchain(char *s, char *type)
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
void X509dump(uchar *cert, int ncert)
|
|
|
|
.PP
|
|
|
|
.B
|
2004-04-10 18:53:55 +00:00
|
|
|
uchar* X509gen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
uchar* X509req(RSApriv *priv, char *subj, int *certlen);
|
|
|
|
.PP
|
|
|
|
.B
|
|
|
|
char* X509verify(uchar *cert, int ncert, RSApub *pk)
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.PP
|
|
|
|
RSA is a public key encryption algorithm. The owner of a key publishes
|
|
|
|
the public part of the key:
|
|
|
|
.EX
|
|
|
|
struct RSApub
|
|
|
|
{
|
|
|
|
mpint *n; // modulus
|
|
|
|
mpint *ek; // exp (encryption key)
|
|
|
|
};
|
|
|
|
.EE
|
|
|
|
This part can be used for encrypting data (with
|
|
|
|
.IR rsaencrypt )
|
|
|
|
to be sent to the owner.
|
|
|
|
The owner decrypts (with
|
|
|
|
.IR rsadecrypt )
|
|
|
|
using his private key:
|
|
|
|
.EX
|
|
|
|
struct RSApriv
|
|
|
|
{
|
|
|
|
RSApub pub;
|
|
|
|
mpint *dk; // exp (decryption key)
|
|
|
|
|
|
|
|
// precomputed crt values
|
|
|
|
mpint *p;
|
|
|
|
mpint *q;
|
|
|
|
mpint *kp; // k mod p-1
|
|
|
|
mpint *kq; // k mod q-1
|
|
|
|
mpint *c2; // for converting residues to number
|
|
|
|
};
|
|
|
|
.EE
|
|
|
|
.PP
|
|
|
|
Keys are generated using
|
|
|
|
.IR rsagen .
|
|
|
|
.I Rsagen
|
|
|
|
takes both bit length of the modulus, the bit length of the
|
|
|
|
public key exponent, and the number of repetitions of the Miller-Rabin
|
|
|
|
primality test to run. If the latter is 0, it does the default number
|
|
|
|
of rounds.
|
|
|
|
.I Rsagen
|
|
|
|
returns a newly allocated structure containing both
|
|
|
|
public and private keys.
|
|
|
|
.I Rsaprivtopub
|
|
|
|
returns a newly allocated copy of the public key
|
|
|
|
corresponding to the private key.
|
|
|
|
.PP
|
2005-01-03 06:40:20 +00:00
|
|
|
.I Rsafill
|
|
|
|
takes as input the bare minimum pieces of an RSA private key
|
|
|
|
and computes the rest
|
|
|
|
.RB ( kp ,
|
|
|
|
.BR kq ,
|
|
|
|
and
|
|
|
|
.BR c2 ).
|
|
|
|
It returns a new private key.
|
|
|
|
All the
|
|
|
|
.BR mpint s
|
|
|
|
in the key,
|
|
|
|
even the ones that correspond directly to
|
|
|
|
.IR rsafill 's
|
|
|
|
input parameters,
|
|
|
|
are freshly allocated,
|
|
|
|
.PP
|
2004-04-10 18:53:55 +00:00
|
|
|
The routines
|
|
|
|
.IR rsaalloc ,
|
|
|
|
.IR rsafree ,
|
|
|
|
.IR rsapuballoc ,
|
|
|
|
.IR rsapubfree ,
|
|
|
|
.IR rsaprivalloc ,
|
|
|
|
and
|
|
|
|
.I rsaprivfree
|
|
|
|
are provided to aid in user provided key I/O.
|
|
|
|
.PP
|
|
|
|
Given a binary X.509
|
|
|
|
.IR cert ,
|
|
|
|
the routine
|
|
|
|
.I X509toRSApub
|
|
|
|
returns the public key and, if
|
|
|
|
.I name
|
|
|
|
is not nil, the CN part of the Distinguished Name of the
|
|
|
|
certificate's Subject.
|
|
|
|
(This is conventionally a userid or a host DNS name.)
|
|
|
|
No verification is done of the certificate signature; the
|
|
|
|
caller should check the fingerprint,
|
|
|
|
.IR sha1(cert) ,
|
|
|
|
against a table or check the certificate by other means.
|
|
|
|
X.509 certificates are often stored in PEM format; use
|
|
|
|
.I dec64
|
|
|
|
to convert to binary before computing the fingerprint or calling
|
|
|
|
.IR X509toRSApub .
|
|
|
|
For the special case of
|
|
|
|
certificates signed by a known trusted key
|
|
|
|
(in a single step, without certificate chains)
|
|
|
|
.I X509verify
|
|
|
|
checks the signature on
|
|
|
|
.IR cert .
|
|
|
|
It returns nil if successful, else an error string.
|
|
|
|
.PP
|
2005-01-03 06:40:20 +00:00
|
|
|
.I X509dump
|
|
|
|
prints an X.509 certificate to standard ouptut.
|
|
|
|
.PP
|
2004-04-10 18:53:55 +00:00
|
|
|
.I X509gen
|
|
|
|
creates a self-signed X.509 certificate, given an RSA keypair
|
|
|
|
.IR priv ,
|
|
|
|
a issuer/subject string
|
|
|
|
.IR subj ,
|
|
|
|
and the starting and ending validity dates,
|
|
|
|
.IR valid .
|
|
|
|
Length of the allocated binary certificate is stored in
|
|
|
|
.IR certlen .
|
|
|
|
The subject line is conventionally of the form
|
|
|
|
.EX
|
|
|
|
"C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric"
|
|
|
|
.EE
|
|
|
|
using the quoting conventions of
|
2005-01-03 06:40:20 +00:00
|
|
|
.I tokenize
|
|
|
|
(see
|
2020-08-14 03:41:59 +00:00
|
|
|
.IM getfields (3) ).
|
2005-01-03 06:40:20 +00:00
|
|
|
.PP
|
|
|
|
.I X509req
|
|
|
|
creates an X.509 certification request.
|
2004-04-10 18:53:55 +00:00
|
|
|
.PP
|
|
|
|
.I Asn1toRSApriv
|
|
|
|
converts an ASN1 formatted RSA private key into the corresponding
|
|
|
|
.B RSApriv
|
|
|
|
structure.
|
|
|
|
.PP
|
|
|
|
.I Asn1dump
|
|
|
|
prints an ASN1 object to standard output.
|
|
|
|
.PP
|
|
|
|
.I Decodepem
|
|
|
|
takes a zero terminated string,
|
|
|
|
.IR s ,
|
|
|
|
and decodes the PEM (privacy-enhanced mail) formatted section for
|
|
|
|
.I type
|
|
|
|
within it.
|
|
|
|
If successful, it returns the decoded section and sets
|
|
|
|
.BI * len
|
|
|
|
to its decoded length.
|
|
|
|
If not, it returns
|
|
|
|
.BR nil ,
|
|
|
|
and
|
|
|
|
.BI * len
|
|
|
|
is undefined.
|
2005-01-03 06:40:20 +00:00
|
|
|
.PP
|
|
|
|
.I Decodepemchain
|
|
|
|
is similar but expects a sequence of PEM-formatted sections
|
|
|
|
and returns a linked list of the decodings:
|
|
|
|
.IP
|
|
|
|
.EX
|
|
|
|
typedef struct PEMChain PEMChain
|
|
|
|
struct PEMChain
|
|
|
|
{
|
|
|
|
PEMChain *next;
|
|
|
|
uchar *pem;
|
|
|
|
int pemlen;
|
|
|
|
};
|
|
|
|
.EE
|
2004-04-10 18:53:55 +00:00
|
|
|
.SH SOURCE
|
2005-01-11 17:37:33 +00:00
|
|
|
.B \*9/src/libsec
|
2004-04-10 18:53:55 +00:00
|
|
|
.SH SEE ALSO
|
2020-08-14 03:41:59 +00:00
|
|
|
.IM mp (3) ,
|
|
|
|
.IM aes (3) ,
|
|
|
|
.IM blowfish (3) ,
|
|
|
|
.IM des (3) ,
|
|
|
|
.IM dsa (3) ,
|
|
|
|
.IM elgamal (3) ,
|
|
|
|
.IM rc4 (3) ,
|
|
|
|
.IM sechash (3) ,
|
|
|
|
.IM prime (3) ,
|
|
|
|
.IM rand (3)
|
2005-01-03 06:40:20 +00:00
|
|
|
.\" .IR pem (8)
|