ec(2), rsa(2): document X509toECpub(), X509ecdsaverify(), X509ecdsaverifydigest(), X509rsaverifydigest()
This commit is contained in:
cinap_lenrek
parent
6840a9aafd
commit
7d4a1e3643
4 changed files with 55 additions and 9 deletions
|
|
@ -540,8 +540,8 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *, int);
|
|||
int ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
|
||||
void ecpubfree(ECpub *);
|
||||
|
||||
ECpub* X509toECpub(uchar *cert, int ncert, char*, int, ECdomain *dom);
|
||||
char* X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);
|
||||
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);
|
||||
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);
|
||||
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
|
||||
|
||||
/* curves */
|
||||
|
|
|
|||
|
|
@ -532,8 +532,8 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *, int);
|
|||
int ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
|
||||
void ecpubfree(ECpub *);
|
||||
|
||||
ECpub* X509toECpub(uchar *cert, int ncert, char*, int, ECdomain *dom);
|
||||
char* X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);
|
||||
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);
|
||||
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);
|
||||
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
|
||||
|
||||
/* curves */
|
||||
|
|
|
|||
29
sys/man/2/ec
29
sys/man/2/ec
|
|
@ -16,7 +16,10 @@ ecdsasign,
|
|||
ecdsaverify,
|
||||
ecencodepub,
|
||||
ecdecodepub,
|
||||
ecpubfree \- elliptic curve cryptography
|
||||
ecpubfree,
|
||||
X509toECpub,
|
||||
X509ecdsaverify,
|
||||
X509ecdsaverifydigest \- elliptic curve cryptography
|
||||
.SH SYNOPSIS
|
||||
.B #include <u.h>
|
||||
.br
|
||||
|
|
@ -76,6 +79,15 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *data, int len)
|
|||
.PP
|
||||
.B
|
||||
void ecpubfree(ECpub *p);
|
||||
.PP
|
||||
.B
|
||||
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)
|
||||
.PP
|
||||
.B
|
||||
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub)
|
||||
.PP
|
||||
.B
|
||||
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
|
||||
.DT
|
||||
.SH DESCRIPTION
|
||||
These functions implement elliptic curve cryptography.
|
||||
|
|
@ -154,6 +166,19 @@ also verifies that the public key is valid in the specified domain.
|
|||
frees a
|
||||
.B ECpub
|
||||
structure and its associated members.
|
||||
.PP
|
||||
Given a binary X.509 cert, the function
|
||||
.B X509toECpub
|
||||
initializes domain parameters and returns the ECDSA public key. if
|
||||
.I name
|
||||
is not
|
||||
.BR nil ,
|
||||
the CN part of the Distinguished Name of the certificate's Subject is returned.
|
||||
.B X509ecdsaverify
|
||||
and
|
||||
.B X509ecdsaverifydigest
|
||||
are analogs to the routines described by
|
||||
.IR rsa (2).
|
||||
.SH RETURN VALUE
|
||||
.B *verify
|
||||
functions return
|
||||
|
|
@ -168,6 +193,8 @@ failing
|
|||
.SH SOURCE
|
||||
.B /sys/src/libsec/port/ecc.c
|
||||
.SH SEE ALSO
|
||||
.IR rsa (2)
|
||||
.br
|
||||
.I
|
||||
Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography
|
||||
- Certicom Research, 2009
|
||||
|
|
|
|||
|
|
@ -15,7 +15,8 @@ rsapubfree,
|
|||
X509toRSApub,
|
||||
X509rsagen,
|
||||
X509rsareq,
|
||||
X509rsaverify \- RSA encryption algorithm
|
||||
X509rsaverify,
|
||||
X509rsaverifydigest \- RSA encryption algorithm
|
||||
.SH SYNOPSIS
|
||||
.B #include <u.h>
|
||||
.br
|
||||
|
|
@ -74,6 +75,9 @@ uchar* X509rsareq(RSApriv *priv, char *subj, int *certlen);
|
|||
.PP
|
||||
.B
|
||||
char* X509rsaverify(uchar *cert, int ncert, RSApub *pk)
|
||||
.PP
|
||||
.B
|
||||
char* X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk)
|
||||
.DT
|
||||
.SH DESCRIPTION
|
||||
RSA is a public key encryption algorithm. The owner of a key publishes
|
||||
|
|
@ -145,7 +149,9 @@ the routine
|
|||
.I X509toRSApub
|
||||
returns the public key and, if
|
||||
.I name
|
||||
is not nil, the CN part of the Distinguished Name of the
|
||||
is not
|
||||
.BR nil ,
|
||||
the CN part of the Distinguished Name of the
|
||||
certificate's Subject.
|
||||
(This is conventionally a userid or a host DNS name.)
|
||||
No verification is done of the certificate signature; the
|
||||
|
|
@ -162,7 +168,19 @@ certificates signed by a known trusted key
|
|||
.I X509rsaverify
|
||||
checks the signature on
|
||||
.IR cert .
|
||||
It returns nil if successful, else an error string.
|
||||
It returns
|
||||
.B nil
|
||||
if successful, else an error string.
|
||||
.PP
|
||||
.I X509rsaverifydigest
|
||||
takes a encoded PKCS #1 signature as used in X.509 as
|
||||
.IR sig [ siglen ]
|
||||
and verifies it against the expected cryptographic hash
|
||||
.IR edigest [ edigestlen ]
|
||||
of the signed data;
|
||||
returning
|
||||
.B nil
|
||||
on success or an error string.
|
||||
.PP
|
||||
.I X509rsagen
|
||||
creates a self-signed X.509 certificate, given an RSA keypair
|
||||
|
|
@ -210,7 +228,8 @@ Otherwise
|
|||
is returned and
|
||||
.BI * len
|
||||
is undefined.
|
||||
If not nil,
|
||||
If not
|
||||
.BR nil ,
|
||||
.I new_s
|
||||
is set to the first character beyond the
|
||||
.I type
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue