ec(2), rsa(2): document X509toECpub(), X509ecdsaverify(), X509ecdsaverifydigest(), X509rsaverifydigest()
This commit is contained in:
cinap_lenrek
parent
6840a9aafd
commit
7d4a1e3643
4 changed files with 55 additions and 9 deletions
|
|
@ -540,8 +540,8 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *, int);
|
||||||
int ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
|
int ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
|
||||||
void ecpubfree(ECpub *);
|
void ecpubfree(ECpub *);
|
||||||
|
|
||||||
ECpub* X509toECpub(uchar *cert, int ncert, char*, int, ECdomain *dom);
|
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);
|
||||||
char* X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);
|
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);
|
||||||
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
|
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
|
||||||
|
|
||||||
/* curves */
|
/* curves */
|
||||||
|
|
|
||||||
|
|
@ -532,8 +532,8 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *, int);
|
||||||
int ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
|
int ecencodepub(ECdomain *dom, ECpub *, uchar *, int);
|
||||||
void ecpubfree(ECpub *);
|
void ecpubfree(ECpub *);
|
||||||
|
|
||||||
ECpub* X509toECpub(uchar *cert, int ncert, char*, int, ECdomain *dom);
|
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);
|
||||||
char* X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);
|
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);
|
||||||
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
|
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);
|
||||||
|
|
||||||
/* curves */
|
/* curves */
|
||||||
|
|
|
||||||
29
sys/man/2/ec
29
sys/man/2/ec
|
|
@ -16,7 +16,10 @@ ecdsasign,
|
||||||
ecdsaverify,
|
ecdsaverify,
|
||||||
ecencodepub,
|
ecencodepub,
|
||||||
ecdecodepub,
|
ecdecodepub,
|
||||||
ecpubfree \- elliptic curve cryptography
|
ecpubfree,
|
||||||
|
X509toECpub,
|
||||||
|
X509ecdsaverify,
|
||||||
|
X509ecdsaverifydigest \- elliptic curve cryptography
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.B #include <u.h>
|
.B #include <u.h>
|
||||||
.br
|
.br
|
||||||
|
|
@ -76,6 +79,15 @@ ECpub* ecdecodepub(ECdomain *dom, uchar *data, int len)
|
||||||
.PP
|
.PP
|
||||||
.B
|
.B
|
||||||
void ecpubfree(ECpub *p);
|
void ecpubfree(ECpub *p);
|
||||||
|
.PP
|
||||||
|
.B
|
||||||
|
ECpub* X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)
|
||||||
|
.PP
|
||||||
|
.B
|
||||||
|
char* X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub)
|
||||||
|
.PP
|
||||||
|
.B
|
||||||
|
char* X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)
|
||||||
.DT
|
.DT
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
These functions implement elliptic curve cryptography.
|
These functions implement elliptic curve cryptography.
|
||||||
|
|
@ -154,6 +166,19 @@ also verifies that the public key is valid in the specified domain.
|
||||||
frees a
|
frees a
|
||||||
.B ECpub
|
.B ECpub
|
||||||
structure and its associated members.
|
structure and its associated members.
|
||||||
|
.PP
|
||||||
|
Given a binary X.509 cert, the function
|
||||||
|
.B X509toECpub
|
||||||
|
initializes domain parameters and returns the ECDSA public key. if
|
||||||
|
.I name
|
||||||
|
is not
|
||||||
|
.BR nil ,
|
||||||
|
the CN part of the Distinguished Name of the certificate's Subject is returned.
|
||||||
|
.B X509ecdsaverify
|
||||||
|
and
|
||||||
|
.B X509ecdsaverifydigest
|
||||||
|
are analogs to the routines described by
|
||||||
|
.IR rsa (2).
|
||||||
.SH RETURN VALUE
|
.SH RETURN VALUE
|
||||||
.B *verify
|
.B *verify
|
||||||
functions return
|
functions return
|
||||||
|
|
@ -168,6 +193,8 @@ failing
|
||||||
.SH SOURCE
|
.SH SOURCE
|
||||||
.B /sys/src/libsec/port/ecc.c
|
.B /sys/src/libsec/port/ecc.c
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
|
.IR rsa (2)
|
||||||
|
.br
|
||||||
.I
|
.I
|
||||||
Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography
|
Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography
|
||||||
- Certicom Research, 2009
|
- Certicom Research, 2009
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,8 @@ rsapubfree,
|
||||||
X509toRSApub,
|
X509toRSApub,
|
||||||
X509rsagen,
|
X509rsagen,
|
||||||
X509rsareq,
|
X509rsareq,
|
||||||
X509rsaverify \- RSA encryption algorithm
|
X509rsaverify,
|
||||||
|
X509rsaverifydigest \- RSA encryption algorithm
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.B #include <u.h>
|
.B #include <u.h>
|
||||||
.br
|
.br
|
||||||
|
|
@ -74,6 +75,9 @@ uchar* X509rsareq(RSApriv *priv, char *subj, int *certlen);
|
||||||
.PP
|
.PP
|
||||||
.B
|
.B
|
||||||
char* X509rsaverify(uchar *cert, int ncert, RSApub *pk)
|
char* X509rsaverify(uchar *cert, int ncert, RSApub *pk)
|
||||||
|
.PP
|
||||||
|
.B
|
||||||
|
char* X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk)
|
||||||
.DT
|
.DT
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
RSA is a public key encryption algorithm. The owner of a key publishes
|
RSA is a public key encryption algorithm. The owner of a key publishes
|
||||||
|
|
@ -145,7 +149,9 @@ the routine
|
||||||
.I X509toRSApub
|
.I X509toRSApub
|
||||||
returns the public key and, if
|
returns the public key and, if
|
||||||
.I name
|
.I name
|
||||||
is not nil, the CN part of the Distinguished Name of the
|
is not
|
||||||
|
.BR nil ,
|
||||||
|
the CN part of the Distinguished Name of the
|
||||||
certificate's Subject.
|
certificate's Subject.
|
||||||
(This is conventionally a userid or a host DNS name.)
|
(This is conventionally a userid or a host DNS name.)
|
||||||
No verification is done of the certificate signature; the
|
No verification is done of the certificate signature; the
|
||||||
|
|
@ -162,7 +168,19 @@ certificates signed by a known trusted key
|
||||||
.I X509rsaverify
|
.I X509rsaverify
|
||||||
checks the signature on
|
checks the signature on
|
||||||
.IR cert .
|
.IR cert .
|
||||||
It returns nil if successful, else an error string.
|
It returns
|
||||||
|
.B nil
|
||||||
|
if successful, else an error string.
|
||||||
|
.PP
|
||||||
|
.I X509rsaverifydigest
|
||||||
|
takes a encoded PKCS #1 signature as used in X.509 as
|
||||||
|
.IR sig [ siglen ]
|
||||||
|
and verifies it against the expected cryptographic hash
|
||||||
|
.IR edigest [ edigestlen ]
|
||||||
|
of the signed data;
|
||||||
|
returning
|
||||||
|
.B nil
|
||||||
|
on success or an error string.
|
||||||
.PP
|
.PP
|
||||||
.I X509rsagen
|
.I X509rsagen
|
||||||
creates a self-signed X.509 certificate, given an RSA keypair
|
creates a self-signed X.509 certificate, given an RSA keypair
|
||||||
|
|
@ -210,7 +228,8 @@ Otherwise
|
||||||
is returned and
|
is returned and
|
||||||
.BI * len
|
.BI * len
|
||||||
is undefined.
|
is undefined.
|
||||||
If not nil,
|
If not
|
||||||
|
.BR nil ,
|
||||||
.I new_s
|
.I new_s
|
||||||
is set to the first character beyond the
|
is set to the first character beyond the
|
||||||
.I type
|
.I type
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue