DSA(2)                                                     DSA(2)

          dsagen, dsasign, dsaverify, dsapuballoc, dsapubfree,
          dsaprivalloc, dsaprivfree, dsasigalloc, dsasigfree,
          dsaprivtopub - digital signature algorithm

          #include <u.h>
          #include <libc.h>
          #include <mp.h>
          #include <libsec.h>

          DSApriv*  dsagen(DSApub *opub)

          DSAsig*   dsasign(DSApriv *k, mpint *m)

          int       dsaverify(DSApub *k, DSAsig *sig, mpint *m)

          DSApub*   dsapuballoc(void)

          void      dsapubfree(DSApub*)

          DSApriv*  dsaprivalloc(void)

          void      dsaprivfree(DSApriv*)

          DSAsig*   dsasigalloc(void)

          void      dsasigfree(DSAsig*)

          DSApub*   dsaprivtopub(DSApriv*)

          DSA is the NIST approved digital signature algorithm.  The
          owner of a key publishes the public part of the key:

               struct DSApub
                    mpint     *p;  // modulus
                    mpint     *q;  // group order, q divides p-1
                    mpint     *alpha;   // group generator
                    mpint     *key;     // alpha**secret mod p

          This part can be used for verifying signatures (with
          dsaverify) created by the owner.  The owner signs (with
          dsasign) using his private key:

               struct DSApriv
                    DSApub    pub;

     Page 1                       Plan 9             (printed 7/22/24)

     DSA(2)                                                     DSA(2)

                    mpint     *secret; // (decryption key)

          Keys are generated using dsagen. If dsagen's argument opub
          is nil, a key is created using a new p and q generated by
          DSAprimes (see prime(2)). Otherwise, p and q are copied from
          the old key.

          Dsaprivtopub returns a newly allocated copy of the public
          key corresponding to the private key.

          The routines dsapuballoc, dsapubfree, dsaprivalloc, and
          dsaprivfree are provided to manage key storage.

          Dsasign signs message m using a private key k yielding a

               struct DSAsig
                    mpint     *r, *s;

          Dsaverify returns 0 if the signature is valid and -1 if not.

          The routines dsasigalloc and dsasigfree are provided to man-
          age signature storage.


          mp(2), aes(2), blowfish(2), des(2), rc4(2), rsa(2),
          sechash(2), prime(2), rand(2)

     Page 2                       Plan 9             (printed 7/22/24)