Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ (2) — Plan9 4th Edition

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

mp(2)

aes(2)

blowfish(2)

des(2)

dsa(2)

elgamal(2)

rc4(2)

sechash(2)

prime(2)

rand(2)

x509(8)

RSA(2)

NAME

asn1dump, asn1toRSApriv, decodePEM, rsadecrypt, rsaencrypt, rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub, rsapuballoc, rsapubfree, X509toRSApub, X509gen, X509verify − RSA encryption algorithm

SYNOPSIS

­#include <u.h>
­#include <libc.h>
­#include <mp.h>
­#include <libsec.h>

RSApriv∗rsagen(int nlen, int elen, int nrep)

mpint∗rsaencrypt(RSApub ∗k, mpint ∗in, mpint ∗out)

mpint∗rsadecrypt(RSApriv ∗k, mpint ∗in, mpint ∗out)

RSApub∗rsapuballoc(void)

voidrsapubfree(RSApub∗)

RSApriv∗rsaprivalloc(void)

voidrsaprivfree(RSApriv∗)

RSApub∗rsaprivtopub(RSApriv∗)

RSApub∗X509toRSApub(uchar ∗cert, int ncert, char ∗name, int nname)

RSApriv∗asn1toRSApriv(uchar ∗priv, int npriv)

voidasn1dump(uchar ∗der, int len)

uchar∗decodePEM(char ∗s, char ∗type, int ∗len, char ∗∗new_s)

uchar∗X509gen(RSApriv ∗priv, char ∗subj, ulong valid[2], int ∗certlen);

uchar∗X509req(RSApriv ∗priv, char ∗subj, int ∗certlen);

char∗ X509verify(uchar ∗cert, int ncert, RSApub ∗pk)

DESCRIPTION

RSA is a public key encryption algorithm.  The owner of a key publishes the public part of the key:

struct RSApub
{
mpint∗n;// modulus
mpint∗ek;// exp (encryption key)
};

This part can be used for encrypting data (with rsaencrypt) to be sent to the owner. The owner decrypts (with rsadecrypt) using his private key:

struct RSApriv
{
RSApubpub;
mpint∗dk;// exp (decryption key)

// precomputed crt values
mpint∗p;
mpint∗q;
mpint∗kp;// k mod p-1
mpint∗kq;// k mod q-1
mpint∗c2;// for converting residues to number
};

Keys are generated using rsagen. ­Rsagen takes both bit length of the modulus, the bit length of the public key exponent, and the number of repetitions of the Miller-Rabin primality test to run.  If the latter is 0, it does the default number of rounds.  ­Rsagen returns a newly allocated structure containing both public and private keys.  ­Rsaprivtopub returns a newly allocated copy of the public key corresponding to the private key. 

The routines rsaalloc, rsafree, rsapuballoc, rsapubfree, rsaprivalloc, and ­rsaprivfree are provided to aid in user provided key I/O. 

Given a binary X.509 cert, the routine ­X509toRSApub returns the public key and, if ­name is not nil, the CN part of the Distinguished Name of the certificate’s Subject.  (This is conventionally a userid or a host DNS name.)  No verification is done of the certificate signature;  the caller should check the fingerprint, sha1(cert), against a table or check the certificate by other means. X.509 certificates are often stored in PEM format; use ­dec64 to convert to binary before computing the fingerprint or calling X509toRSApub. For the special case of certificates signed by a known trusted key (in a single step, without certificate chains) ­X509verify checks the signature on cert. It returns nil if successful, else an error string.

­X509gen creates a self-signed X.509 certificate, given an RSA keypair priv, a issuer/subject string subj, and the starting and ending validity dates, valid. Length of the allocated binary certificate is stored in certlen. The subject line is conventionally of the form

   "C=US ST=NJ L=07922 O=Lucent OU=’Bell Labs’ CN=Eric"

using the quoting conventions of tokenize(2).

­Asn1toRSApriv converts an ASN1 formatted RSA private key into the corresponding ­RSApriv structure. 

­Asn1dump prints an ASN1 object to standard output. 

­DecodePEM takes a zero terminated string, s, and decodes the PEM (privacy-enhanced mail) formatted section for ­type within it.  If successful, it returns the decoded section and sets ∗len to its decoded length.  If not nil, ­new_s is set to the first character beyond the ­type section.  Otherwise ­nil is returned and ∗len is undefined. 

SOURCE

­/sys/src/libsec

SEE ALSO

mp(2), aes(2), blowfish(2), des(2), dsa(2), elgamal(2), rc4(2), sechash(2), prime(2), rand(2), x509(8)

Plan 9  —  June 21, 2004

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026