RSA(2) RSA(2)
NAME
asn1dump, asn1toRSApriv, asn1encodeRSApriv,
asn1encodeRSApub, decodePEM, rsadecrypt, rsaencrypt,
rsafill, rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub,
rsapuballoc, rsapubfree, X509toRSApub, X509reqtoRSApub,
X509rsagen, X509rsareq, X509rsaverify, X509rsaverifydigest -
RSA encryption algorithm
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>
RSApriv* rsagen(int nlen, int elen, int nrep)
RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p,
mpint *q)
mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)
mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)
RSApub* rsapuballoc(void)
void rsapubfree(RSApub*)
RSApriv* rsaprivalloc(void)
void rsaprivfree(RSApriv*)
RSApub* rsaprivtopub(RSApriv*)
RSApub* X509toRSApub(uchar *cert, int ncert, char *name,
int nname)
RSApub* X509reqtoRSApub(uchar *req, int nreq, char *name,
int nname)
RSApriv* asn1toRSApriv(uchar *priv, int npriv)
int asn1encodeRSApriv(RSApriv *k, uchar *buf, int len)
int asn1encodeRSApub(RSApub *pk, uchar *buf, int len)
void asn1dump(uchar *der, int len)
uchar* decodePEM(char *s, char *type, int *len, char
**new_s)
Page 1 Plan 9 (printed 11/18/24)
RSA(2) RSA(2)
uchar* X509rsagen(RSApriv *priv, char *subj, ulong
valid[2], int *certlen);
uchar* X509rsareq(RSApriv *priv, char *subj, int *reqlen)
char* X509rsaverify(uchar *cert, int ncert, RSApub *pk)
char* X509rsaverifydigest(uchar *sig, int siglen, uchar
*edigest, int edigestlen, RSApub *pk)
DESCRIPTION
RSA is a public key encryption algorithm. The owner of a
key publishes the public part of the key:
struct RSApub
{
mpint *n; /* modulus */
mpint *ek; /* exp (encryption key) */
};
This part can be used for encrypting data (with rsaencrypt)
to be sent to the owner. The owner decrypts (with
rsadecrypt) using his private key:
struct RSApriv
{
RSApub pub;
mpint *dk; /* exp (decryption key) */
/* precomputed crt values */
mpint *p;
mpint *q;
mpint *kp; /* k mod p-1 */
mpint *kq; /* k mod q-1 */
mpint *c2; /* for converting residues to number */
};
Keys are generated using rsagen. Rsagen takes both bit
length of the modulus, the bit length of the public key
exponent, and the number of repetitions of the Miller-Rabin
primality test to run. If the latter is 0, it does the
default number of rounds. Rsagen returns a newly allocated
structure containing both public and private keys. Rsafill
returns a newly allocated private key by recomputing kp, kq,
and c2. Rsaprivtopub returns a newly allocated copy of the
public key corresponding to the private key.
The routines rsaalloc, rsafree, rsapuballoc, rsapubfree,
rsaprivalloc, and rsaprivfree are provided to aid in user
provided key I/O.
Given a binary X.509 cert, the routine X509toRSApub returns
Page 2 Plan 9 (printed 11/18/24)
RSA(2) RSA(2)
the public key and, if name is not nil, a concatenation of
the CN part of the Distinguished Name of the certificate's
Subject and further Subject Alternative Names separated by
comma. (These are conventionally a userid or a host DNS
name.) No verification is done of the certificate signa-
ture; the caller should check the fingerprint, sha1(cert),
against a table or check the certificate by other means.
X.509 certificates are often stored in PEM format; use dec64
to convert to binary before computing the fingerprint or
calling X509toRSApub. For the special case of certificates
signed by a known trusted key (in a single step, without
certificate chains), X509rsaverify checks the signature on
cert. It returns nil if successful, else an error string.
The routine X509reqtoRSApub is similar to X509toRSApub
above, but decodes a X509 certificate request.
X509rsaverifydigest takes a encoded PKCS #1 signature as
used in X.509 as sig[siglen] and verifies it against the
expected cryptographic hash edigest[edigestlen] of the
signed data; returning nil on success or an error string.
X509rsagen creates a self-signed X.509 certificate, given an
RSA keypair priv, a issuer/subject string subj, and the
starting and ending validity dates, valid. Length of the
allocated binary certificate request is stored in reqlen.
The subject line is conventionally of the form
C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric
using the quoting conventions of tokenize in getfields(2).
Asn1toRSApriv converts an ASN1 formatted RSA private key
into the corresponding RSApriv structure.
Asn1encodeRSApriv and asn1encodeRSApub export a RSApriv or
RSApub structure to ASN1 format. On success, buf is filled
and the encoded byte length is returned. Otherwise -1 is
returned and error string is set.
Asn1dump prints an ASN1 object to standard output.
DecodePEM takes a zero terminated string, s, and decodes the
PEM (privacy-enhanced mail) formatted section for type
within it. If successful, it returns malloced storage con-
taining the decoded section, which the caller must free, and
sets *len to its decoded length. Otherwise nil is returned
and *len is undefined. If not nil, new_s is set to the
first character beyond the type section.
SOURCE
/sys/src/libsec
Page 3 Plan 9 (printed 11/18/24)
RSA(2) RSA(2)
SEE ALSO
mp(2), aes(2), blowfish(2), des(2), dsa(2), elgamal(2),
rc4(2), sechash(2), prime(2), rand(2), rsa(8)
Page 4 Plan 9 (printed 11/18/24)