asn1dump, asn1toRSApriv, asn1encodeRSApriv, asn1encodeRSApub, decodePEM, rsadecrypt, rsaencrypt, rsafill, rsagen, rsaprivalloc, rsaprivfree, rsaprivtopub, rsapuballoc, rsapubfree, X509toRSApub, X509rsagen, X509rsareq, X509rsaverify, X509rsaverifydigest – RSA encryption algorithm


#include <u.h>
#include <libc.h>
#include <mp.h>
#include <libsec.h>

RSApriv* rsagen(int nlen, int elen, int nrep)

RSApriv* rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q)

mpint* rsaencrypt(RSApub *k, mpint *in, mpint *out)

mpint* rsadecrypt(RSApriv *k, mpint *in, mpint *out)

RSApub* rsapuballoc(void)

void rsapubfree(RSApub*)

RSApriv* rsaprivalloc(void)

void rsaprivfree(RSApriv*)

RSApub* rsaprivtopub(RSApriv*)

RSApub* X509toRSApub(uchar *cert, int ncert, char *name, int nname)

RSApriv* asn1toRSApriv(uchar *priv, int npriv)

int asn1encodeRSApriv(RSApriv *k, uchar *buf, int len)

int asn1encodeRSApub(RSApub *pk, uchar *buf, int len)

void asn1dump(uchar *der, int len)

uchar* decodePEM(char *s, char *type, int *len, char **new_s)

uchar* X509rsagen(RSApriv *priv, char *subj, ulong valid[2], int *certlen);

uchar* X509rsareq(RSApriv *priv, char *subj, int *certlen);

char* X509rsaverify(uchar *cert, int ncert, RSApub *pk)

char* X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk)

unhandled troff command .DT


RSA is a public key encryption algorithm. The owner of a key publishes the public part of the key:


struct RSApub
	mpint	*n;	/* modulus */
	mpint	*ek;	/* exp (encryption key) */

This part can be used for encrypting data (with rsaencrypt) to be sent to the owner. The owner decrypts (with rsadecrypt) using his private key:


struct RSApriv
	RSApub	pub;
	mpint	*dk;	/* exp (decryption key) */

	/* precomputed crt values */
	mpint	*p;
	mpint	*q;
	mpint	*kp;	/* k mod p-1 */
	mpint	*kq;	/* k mod q-1 */
	mpint	*c2;	/* for converting residues to number */

Keys are generated using rsagen. Rsagen takes both bit length of the modulus, the bit length of the public key exponent, and the number of repetitions of the Miller-Rabin primality test to run. If the latter is 0, it does the default number of rounds. Rsagen returns a newly allocated structure containing both public and private keys. Rsafill returns a newly allocated private key by recomputing kp, kq, and c2. Rsaprivtopub returns a newly allocated copy of the public key corresponding to the private key.

The routines rsaalloc, rsafree, rsapuballoc, rsapubfree, rsaprivalloc, and rsaprivfree are provided to aid in user provided key I/O.

Given a binary X.509 cert, the routine X509toRSApub returns the public key and, if name is not nil, the CN part of the Distinguished Name of the certificate’s Subject. (This is conventionally a userid or a host DNS name.) No verification is done of the certificate signature; the caller should check the fingerprint, sha1(cert), against a table or check the certificate by other means. X.509 certificates are often stored in PEM format; use dec64 to convert to binary before computing the fingerprint or calling X509toRSApub. For the special case of certificates signed by a known trusted key (in a single step, without certificate chains), X509rsaverify checks the signature on cert. It returns nil if successful, else an error string.

X509rsaverifydigest takes a encoded PKCS #1 signature as used in X.509 as sig[siglen] and verifies it against the expected cryptographic hash edigest[edigestlen] of the signed data; returning nil on success or an error string.

X509rsagen creates a self-signed X.509 certificate, given an RSA keypair priv, a issuer/subject string subj, and the starting and ending validity dates, valid. Length of the allocated binary certificate is stored in certlen. The subject line is conventionally of the form


C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=Eric

using the quoting conventions of tokenize in getfields(2).

Asn1toRSApriv converts an ASN1 formatted RSA private key into the corresponding RSApriv structure.

Asn1encodeRSApriv and asn1encodeRSApub export a RSApriv or RSApub structure to ASN1 format. On success, buf is filled and the encoded byte length is returned. Otherwise -1 is returned and error string is set.

Asn1dump prints an ASN1 object to standard output.

DecodePEM takes a zero terminated string, s, and decodes the PEM (privacy-enhanced mail) formatted section for type within it. If successful, it returns malloced storage containing the decoded section, which the caller must free, and sets *len to its decoded length. Otherwise nil is returned and *len is undefined. If not nil, new_s is set to the first character beyond the type section.




mp(2), aes(2), blowfish(2), des(2), dsa(2), elgamal(2), rc4(2), sechash(2), prime(2), rand(2), rsa(8)