shithub: riscv

--- a/sys/include/ape/libsec.h

+++ b/sys/include/ape/libsec.h

@@ -540,8 +540,8 @@

 int	ecencodepub(ECdomain *dom, ECpub *, uchar *, int);

 void	ecpubfree(ECpub *);

-ECpub*	X509toECpub(uchar *cert, int ncert, char*, int, ECdomain *dom);

-char*	X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);

+ECpub*	X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);

+char*	X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);

 char*	X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);

 /* curves */

--- a/sys/include/libsec.h

+++ b/sys/include/libsec.h

@@ -532,8 +532,8 @@

 int	ecencodepub(ECdomain *dom, ECpub *, uchar *, int);

 void	ecpubfree(ECpub *);

-ECpub*	X509toECpub(uchar *cert, int ncert, char*, int, ECdomain *dom);

-char*	X509ecdsaverify(uchar *sig, int siglen, ECdomain *dom, ECpub *pub);

+ECpub*	X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom);

+char*	X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub);

 char*	X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub);

 /* curves */

--- a/sys/man/2/ec

+++ b/sys/man/2/ec

@@ -16,7 +16,10 @@

 ecdsaverify,

 ecencodepub,

 ecdecodepub,

-ecpubfree \- elliptic curve cryptography

+ecpubfree,

+X509toECpub,

+X509ecdsaverify,

+X509ecdsaverifydigest \- elliptic curve cryptography

 .SH SYNOPSIS

 .B #include <u.h>

.br

@@ -76,6 +79,15 @@

.PP

.B

 void	ecpubfree(ECpub *p);

+.PP

+.B

+ECpub*	X509toECpub(uchar *cert, int ncert, char *name, int nname, ECdomain *dom)

+.PP

+.B

+char*	X509ecdsaverify(uchar *cert, int ncert, ECdomain *dom, ECpub *pub)

+.PP

+.B

+char*	X509ecdsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, ECdomain *dom, ECpub *pub)

.DT

 .SH DESCRIPTION

 These functions implement elliptic curve cryptography.

@@ -154,6 +166,19 @@

 frees a

 .B ECpub

 structure and its associated members.

+.PP

+Given a binary X.509 cert, the function

+.B X509toECpub

+initializes domain parameters and returns the ECDSA public key. if

+.I name

+is not

+.BR nil ,

+the CN part of the Distinguished Name of the certificate's Subject is returned.

+.B X509ecdsaverify

+and

+.B X509ecdsaverifydigest

+are analogs to the routines described by

+.IR rsa (2).

 .SH RETURN VALUE

 .B *verify

 functions return

@@ -168,6 +193,8 @@

 .SH SOURCE

 .B /sys/src/libsec/port/ecc.c

 .SH SEE ALSO

+.IR rsa (2)

+.br

.I

 Standards for Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography

 - Certicom Research, 2009

--- a/sys/man/2/rsa

+++ b/sys/man/2/rsa

@@ -15,7 +15,8 @@

 X509toRSApub,

 X509rsagen,

 X509rsareq,

-X509rsaverify \- RSA encryption algorithm

+X509rsaverify,

+X509rsaverifydigest \- RSA encryption algorithm

 .SH SYNOPSIS

 .B #include <u.h>

.br

@@ -74,6 +75,9 @@

.PP

.B

 char*	X509rsaverify(uchar *cert, int ncert, RSApub *pk)

+.PP

+.B

+char*	X509rsaverifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub *pk)

.DT

 .SH DESCRIPTION

 RSA is a public key encryption algorithm.  The owner of a key publishes

@@ -145,7 +149,9 @@

 .I X509toRSApub

 returns the public key and, if

 .I name

-is not nil, the CN part of the Distinguished Name of the

+is not

+.BR nil ,

+the CN part of the Distinguished Name of the

 certificate's Subject.

 (This is conventionally a userid or a host DNS name.)

 No verification is done of the certificate signature;  the

@@ -162,8 +168,20 @@

 .I X509rsaverify

 checks the signature on

 .IR cert .

-It returns nil if successful, else an error string.

+It returns

+.B nil

+if successful, else an error string.

.PP

+.I X509rsaverifydigest

+takes a encoded PKCS #1 signature as used in X.509 as

+.IR sig [ siglen ]

+and verifies it against the expected cryptographic hash

+.IR edigest [ edigestlen ]

+of the signed data;

+returning

+.B nil

+on success or an error string.

+.PP

 .I X509rsagen

 creates a self-signed X.509 certificate, given an RSA keypair

 .IR priv ,

@@ -210,7 +228,8 @@

 is returned and

 .BI * len

 is undefined.

-If not nil,

+If not

+.BR nil ,

 .I new_s

 is set to the first character beyond the

 .I type

--

⑨