diff --git a/cipher/ChangeLog b/cipher/ChangeLog index f914e385..422f4525 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,2628 +1,2633 @@ +2003-12-03 Werner Koch + + * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is + only used for encryption. + 2003-11-18 Werner Koch * random.h (rndw32_set_dll_name): Removed unused prototype. * Makefile.am (EXTRA_DIST): Added Manifest. 2003-11-11 Werner Koch * Manifest: New. 2003-11-04 Werner Koch * md.c (gcry_md_hash_buffer): Use shortcut for SHA1 * sha1.c (_gcry_sha1_hash_buffer): New. * random.c: Reformatted most functions. (mix_pool): Moved the failsafe_digest from global scope to here. (do_fast_random_poll): Use the generic fucntions even if a fast gathering function has been used. (read_pool): Detect a fork and retry. (gcry_randomize, get_random_bytes): Don't distinguish anymore between weak and strong random. (gcry_create_nonce): New. 2003-10-31 Werner Koch * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the disk performance values and not the W32 API structure. * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin. * elgamal.c (verify): Ditto. * ac.c (gcry_ac_data_get_index): s/index/idx/ (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc. (gcry_ac_data_add): Must use gcry_realloc instead of realloc. * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the forehackers. (gcry_pk_encrypt): Removed shadowed definition of I. Reordered arguments to malloc for clarity. (gcry_pk_sign, gcry_pk_genkey): Ditto. * primegen.c (prime_generate_internal): s/random/randomlevel/. 2003-10-27 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey. 2003-10-27 Werner Koch * random.c (gcry_random_add_bytes): Return if buflen is zero to avoid gcc warning about unsed parameter. (MASK_LEVEL): Simplified; does now work for signed and unsigned w/o warnings. * md.c (md_start_debug): Removed the const from SUFFIX, because this function is called from the control fucntion which does not require const. Prefixed all (pubkey,digest,cipher}_spec_* globale variables with _gcry_. * ac.c (ac_key_identifiers): Made static. * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move prototypes to .. * rand-internal.h: .. here * random.c (getfnc_gather_random): Include rndw32 gatherer. * rndunix.c, rndw32.c, rndegd.c: Include them here. * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_ prefix. Changed all callers. * rndegd.c (_gcry_rndegd_gather_random): Likewise. (_gcry_rndegd_connect_socket): Likewise. * rndunix.c (_gcry_rndunix_gather_random): Likewise. (waitpid): Made static. * rndw32.c: Removed the old and unused winseed.dll cruft. (_gcry_rndw32_gather_random_fast): Renamed from gather_random_fast. (_gcry_rndw32_gather_random): Renamed from gather_random. Note, that the changes 2003-04-08 somehow got lost. * sha512.c (sha512_init, sha384_init): Made static. * cipher.c (do_ctr_decrypt): Removed "return" from this void function. 2003-10-24 Moritz Schulte * serpent.c: Fix an issue on big-endian systems. * rndw32.c: Removed IS_MODULE -cruft. * rndlinux.c (rndlinux_gather_random): Likewise. 2003-10-10 Werner Koch * primegen.c (gen_prime): Bail out if NBITS is less than 16. (prime_generate_internal): Initialize prime variable to suppress compiler warning. Check pbits, initialize qbits when passed as zero. * primegen.c (prime_generate_internal): New arg ALL_FACTORS. Changed all callers. (gcry_prime_generate): Make the factors arg optional. Request all_factors. Make sure PRIME is set to NULL even on error. (gcry_prime_group_generator): New. (gcry_prime_release_factors): New. 2003-10-06 Werner Koch * primegen.c (gen_prime): Assert that NBITS is never zero, it would cause a segv. 2003-09-28 Moritz Schulte * ac.c: Include "cipher.h". 2003-09-27 Moritz Schulte * rndegd.c (do_read): Return nread instead of nbytes; thanks to Michael Caerwyn. 2003-09-04 Werner Koch * pubkey.c (_gcry_pk_aliased_algo_name): New. * ac.c (gcry_ac_open): Use it here. * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c 2003-09-02 Moritz Schulte * primegen.c (gcry_prime_check, gcry_prime_generate): New functions. (prime_generate_internal): New function, based on _gcry_generate_elg_prime. (_gcry_generate_elg_prime): Rewritten as a wrapper for prime_generate_internal. 2003-08-28 Werner Koch * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the return value. This does not make sense and breaks any programs parsing the output strictly (e.g. current gpgsm). (gcry_pk_encrypt): If aliases for the algorithm name exists, take the first one instead of the regular name to adhere to SPKI conventions. (gcry_pk_genkey): Ditto. (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME. 2003-08-19 Moritz Schulte * cipher.c: Add support for Serpent * serpent.c: New file. 2003-08-10 Moritz Schulte * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static. 2003-08-09 Timo Schulz * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM two times, but also the NAME_OF_DEV_URANDOM device. 2003-08-08 Moritz Schulte * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not fail if no `flags' sub S-Expression is found. 2003-07-27 Werner Koch * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists. 2003-07-23 Moritz Schulte * ac.c (gcry_ac_data_construct): New argument: include_flags, only include `flags' S-expression, if include_flags is true. Adjust callers. Thanks for triggering a bug caused by `flags' sub-S-expression where they are not expected to Ralf Schneider. 2003-07-21 Moritz Schulte * pubkey.c (gcry_pk_lookup_func_name): Use new member name `aliases' instead of `sexp_names'. * ac.c (gcry_ac_key_data_get): New function. * cipher.c (gcry_cipher_lookup_func_name): Fix return value. 2003-07-20 Moritz Schulte * blowfish.c: Adjusted for new gcry_cipher_spec_t structure. * cast5.c: Likewise. * twofish.c: Likewise. * arcfour.c: Likewise. * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids): New variables, adjust for new gcry_cipher_spec_t structure. * des.c (oids_tripledes): New variable, adjust for new gcry_cipher_spec_t structure. * md.c (oid_table): Removed. * tiger.c (oid_spec_tiger): New variable. (digest_spec_tiger): Adjusted for new gry_md_spec_t structure. * sha512.c (oid_spec_sha512): New variable. (digest_spec_sha512): Adjusted for new gry_md_spec_t structure. * sha512.c (oid_spec_sha384): New variable. (digest_spec_sha384): Adjusted for new gry_md_spec_t structure. * sha256.c (oid_spec_sha256): New variable. (digest_spec_sha256): Adjusted for new gry_md_spec_t structure. * sha1.c (oid_spec_sha1): New variable. (digest_spec_sha1): Adjusted for new gry_md_spec_t structure. * rmd160.c (oid_spec_rmd160): New variable. (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure. * md5.c (oid_spec_md5): New variable. (digest_spec_md5): Adjusted for new gry_md_spec_t structure. * md4.c (oid_spec_md4): New variable. (digest_spec_md4): Adjusted for new gry_md_spec_t structure. * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510, digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t structure. 2003-07-19 Moritz Schulte * md.c (gcry_md_lookup_func_oid): New function. (search_oid): New function, copied from cipher.c. (gcry_md_map_name): Adjust for new search_oid_interface. * cipher.c (oid_table): Removed table. (gcry_cipher_lookup_func_oid): New function. (search_oid): Rewritten to use the module functions. (gcry_cipher_map_name): Adjust for new search_oid interface. (gcry_cipher_mode_from_oid): Likewise. 2003-07-18 Werner Koch * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in gpg_strerror. 2003-07-14 Moritz Schulte * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher name aliases, not just the primary name. (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to AES. * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher specification structures. * rijndael.c (rijndael_names, rijndael192_names, rijndael256_names): New variables, use them in the cipher specifications. * rmd160test.c: Removed file. * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c, elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c: Used gcry_err* wrappers for libgpg symbols. * primegen.c (gen_prime): Correct the order arguments to extra_check. 2003-07-12 Moritz Schulte * ac.c: Replaced all public occurences of gpg_error_t with gcry_error_t. * cipher.c: Likewise. * md.c: Likewise. * pubkey.c: Likewise. * random.c: Likewise. * cipher.c: Added support for TWOFISH128. 2003-07-08 Moritz Schulte * ac.c (gcry_ac_data_copy_internal): New function, based on gcry_ac_data_copy. (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal. (gcry_ac_key_init): Use gcry_ac_data_copy_internal. 2003-07-07 Moritz Schulte * ac.c (gcry_ac_data_set): Only release old MPI value if it is different from the new value. Bug reported by Simon Josefsson . * pubkey.c (gcry_pk_list): New function. * md.c (gcry_md_list): New function. * ac.c (gcry_ac_key_pair_generate): Fix calculation of format string size. 2003-07-05 Moritz Schulte * md.c: Named struct of digest_table `digest_table_entry'. (digest_table_entry): New member: algorithm; filled in. (digest_table_entry): Removed unused member: flags. (gcry_md_register): New argument: algorithm_id, filled in. (gcry_md_register_default): Used algorithm ID from module structure. (gcry_md_map_name): Likewise. (md_enable): Likewise. (md_read): Likewise. (gcry_md_info): Likewise. * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'. (pubkey_table_entry): New member: algorithm; filled in. (gcry_pk_register_default): Used algorithm ID from pubkey_table. (gcry_pk_register): New argument: algorithm_id, filled in. (gcry_pk_map_name): Used algorithm ID from module structure. (gcry_pk_decrypt): Likewise. (gcry_pk_encrypt): Likewise. (gcry_pk_verify): Likewise. (gcry_pk_sign): Likewise. (gcry_pk_testkey): Likewise. (gcry_pk_genkey): Likewise. (gcry_pk_get_nbits): Likewise. (sexp_to_key): Removed unused variable: algo. (sexp_to_sig): Likewise. * cipher.c: Named struct for cipher_table `cipher_table_entry'. (cipher_table_entry): New member: algorithm; filled in. (gcry_cipher_register_default): Used algorithm ID from cipher_table. (gcry_cipher_register): New argument: algorithm_id, filled in. (gcry_cipher_map_name): Used algorithm ID from module structure. * arcfour.c (cipher_spec_arcfour): Removed algorithm ID. * blowfish.c (cipher_spec_blowfish): Likewise. * cast5.c (cipher_spec_cast5): Likewise. * crc.c (digest_spec_crc32): Likewise. * crc.c (digest_spec_crc32_rfc1510): Likewise. * crc.c (digest_spec_crc32_rfc2440): Likewise. * des.c (cipher_spec_des): Likewise. * des.c (cipher_spec_tripledes): Likewise. * dsa.c (pubkey_spec_dsa): Likewise. * elgamal.c (pubkey_spec_elg): Likewise. * md4.c (digest_spec_md4): Likewise. * md5.c (digest_spec_md5): Likewise. * aes.c (cipher_spec_aes): Likewise. * aes.c (cipher_spec_aes192): Likewise. * aes.c (cipher_spec_aes256): Likewise. * rsa.c (pubkey_spec_rsa): Likewise. * sha1.c (digest_spec_sha1): Likewise. * sha256.c (digest_spec_sha256): Likewise. * sha512.c (digest_spec_sha512): Likewise. * tiger.c (digest_spec_tiger): Likewise. * twofish.c (cipher_spec_twofish): Likewise. * twofish.c (cipher_spec_twofish128): Likewise. * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source files; reported by Simon Josefsson . * pubkey.c: Replaced all occurences of `id' with `algorithm', since `id' is a keyword in obj-c. * md.c: Likewise. * cipher.c: Likewise. * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c: Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t. * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of gcry_pubkey_spec_t with gcry_pk_spec_t. * md.c: Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t. (gcry_digest_register_default): Renamed to ... (gcry_md_register_default): ... this; adjusted callers. (gcry_digest_lookup_func_name): Renamed to ... (gcry_md_lookup_func_name): ... this; adjusted callers. (gcry_digest_lookup_name): Renamed to ... (gcry_md_lookup_name): ... this; adjusted callers. (gcry_digest_register): Renamed to ... (gcry_md_register): ... this. (gcry_digest_unregister): Renamed to ... (gcry_md_unregister): ... this. * pubkey.c (gcry_pubkey_register): Renamed to ... (gcry_pk_register): ... this. (gcry_pubkey_unregister): Renamed to ... (gcry_pk_unregister): ... this. Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t. (gcry_pubkey_register_default): Renamed to ... (gcry_pk_register_default): ... this; adjusted callers. (gcry_pubkey_lookup_func_name): Renamed to ... (gcry_pk_lookup_func_name): ... this; adjusted callers. (gcry_pubkey_lookup_name): Renamed to ... (gcry_pk_lookup_name): ... this; adjusted callers. * md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon Josefsson . 2003-07-04 Moritz Schulte * cipher.c (gcry_cipher_list): New function. 2003-07-01 Moritz Schulte * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more consistent with sexp_to_enc. 2003-06-30 Moritz Schulte * Makefile.am (libcipher_la_SOURCES): Added: ac.c. * pubkey.c (_gcry_pk_module_lookup): New function. (_gcry_pk_module_release): New function. 2003-06-29 Moritz Schulte * ac.c: New file. 2003-06-26 Werner Koch * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API. 2003-06-19 Werner Koch * md.c (gcry_md_is_enabled): Fixed. 2003-06-18 Werner Koch * cipher.c (gcry_cipher_get_algo_keylen): New. (gcry_cipher_get_algo_blklen): New. 2003-06-18 Moritz Schulte * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c, des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c, rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Replaced older types GcryDigestSpec, GcryCipherSpec and GcryPubkeySpec with newer types: gcry_digest_spec_t, gcry_cipher_spec_t and gcry_pubkey_spec_t. * md.c (gcry_digest_id_new): Removed function. (gcry_digest_register): Removed code for generating a new module ID. * pubkey.c (gcry_pubkey_id_new): Removed function. (gcry_pubkey_register): Removed code for generating a new module ID. * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer one: gcry_module_t. (gcry_cipher_id_new): Removed function. (gcry_cipher_register): Removed code for generating a new module ID. * cipher.c (gcry_cipher_register): Adjust call to _gcry_module_add. (gcry_cipher_register_default): Likewise. * pubkey.c (gcry_pubkey_register_default): Likewise. (gcry_pubkey_register): Likewise. * md.c (gcry_digest_register_default): Likewise. (gcry_digest_register): Likewise. * md.c (gcry_digest_lookup_func_id): Removed function. (gcry_digest_lookup_id): Likewise. (gcry_digest_id_new): Use _gcry_module_lookup_id instead of gcry_digest_lookup_id. (digest_algo_to_string): Likewise. (check_digest_algo): Likewise. (md_enable): Likewise. (md_digest_length): Likewise. (md_asn_oid): Likewise. * pubkey.c (gcry_pubkey_lookup_id): Removed function. (gcry_pubkey_lookup_func_id): Likewise. (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of gcry_pubkey_id_new. (gcry_pk_algo_name): Likewise. (disable_pubkey_algo): Likewise. (check_pubkey_algo): Likewise. (pubkey_get_npkey): Likewise. (pubkey_get_nskey): Likewise. (pubkey_get_nsig): Likewise. (pubkey_get_nenc): Likewise. (pubkey_generate): Likewise. (pubkey_check_secret_key): Likewise. (pubkey_encrypt): Likewise. (pubkey_decrypt): Likewise. (pubkey_sign): Likewise. (pubkey_verify): Likewise. (gcry_pk_algo_info): Likewise. * cipher.c (gcry_cipher_lookup_func_id): Removed function. (gcry_cipher_lookup_id): Likewise. (cipher_algo_to_string): use _gcry_module_lookup_id instead of gcry_cipher_lookup_id. (disable_cipher_algo): Likewise. (check_cipher_algo): Likewise. (cipher_get_blocksize): Likewise. (gcry_cipher_open): Likewise. (gcry_cipher_id_new): Likewise. 2003-06-17 Moritz Schulte * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@, @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@. (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES). (libcipher_la_LIBADD): Likewise. (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@. (EXTRA_libcipher_la_SOURCES): Added all conditional sources. * md.c (md_open): Use _gcry_fast_random_poll instead of fast_random_poll. * cipher.c (gcry_cipher_open): Likewise. * random.h (fast_random_poll): Removed macro. * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c, tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own BIG_ENDIAN_HOST. 2003-06-16 Moritz Schulte * random.c (getfnc_gather_random): Do not special-case USE_ALL_RANDOM_MODULES, make it the default. * dsa.c: Replace last occurences of old type names with newer names (i.e. replace MPI with gcry_mpi_t). * elgamal.c: Likewise. * primegen.c: Likewise. * pubkey.c: Likewise. * rsa.c: Likewise. 2003-06-14 Moritz Schulte * des.c (des_setkey): Add selftest check. (tripledes_set3keys): Likewise. (do_tripledes_setkey): Remove selftest check. (do_des_setkey): Likewise. 2003-06-11 Moritz Schulte * md.c (_gcry_md_init): New function. * cipher.c (_gcry_cipher_init): New function. * pubkey.c (_gcry_pk_init): New function. 2003-06-13 Werner Koch * md.c (gcry_md_get_algo): Reverted to old API. This is a convenience function anyway and error checking is not approriate. (gcry_md_is_secure): New. (gcry_md_is_enabled): New. 2003-06-12 Werner Koch * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on error. 2003-06-11 Werner Koch * md.c (gcry_md_open): Make sure H receives either NULL or an valid handle. (gcry_md_copy): Swapped arguments so that it is more in lione with md_open and most other API fucntions like memcpy (destination comes first). Make sure HANDLE is set to NULL on error. * rijndael.c (do_encrypt): Hack to force correct alignment. It seems not to be not sufficient, though. We should rework this fucntions and remove all these ugly casts. Let the compiler optimize or have an assembler implementation. 2003-06-09 Moritz Schulte * Makefile.am: Removed rules serpent, since that is not commited yet. 2003-06-08 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the format string. 2003-06-07 Moritz Schulte * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c, des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c, rand-internal.h, random.c, random.h, rijndael.c, rmd160.c, rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all preprocessor instructions to remove whitespace before the '#'. This is not required by C89, but there are some compilers out there that don't like it. Replaced any occurence of the now deprecated type names with the new ones. 2003-06-04 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use gcry_sexp_build_array instead of gcry_sexp_build. (gcry_pk_sign): Likewise. (gcry_pk_genkey): Likewise. 2003-06-01 Moritz Schulte * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID does indeed belong to DSA. (_gcry_dsa_sign): Likewise. (_gcry_dsa_verify): Likewise. (_gcry_dsa_get_nbits): Likewise. * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the algorithm ID does indeed belong to ElGamal. (_gcry_elg_encrypt): Likewise. (_gcry_elg_decrypt): Likewise. (_gcry_elg_sign): Likewise. (_gcry_elg_verify): Likewise. (_gcry_elg_get_nbits): Likewise. (_gcry_elg_generate): Likewise. * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID does indeed belong to RSA. (_gcry_rsa_encrypt): Likewise. (_gcry_rsa_decrypt): Likewise. (_gcry_rsa_sign): Likewise. (_gcry_rsa_verify): Likewise. (_gcry_rsa_get_nbits): Likewise. 2003-05-30 Moritz Schulte * md.c (md_get_algo): Return zero in case to algorithm is enabled. * md.c (gcry_md_info): Adjusted for new no-errno-API. (md_final): Likewise. (gcry_md_get_algo): Likewise. * pubkey.c (gcry_pk_get_keygrip): Likewise. (gcry_pk_ctl): Likewise. (gcry_pk_algo_info): Likewise. * des.c (selftest): Likewise. 2003-05-29 Moritz Schulte * md.c (md_enable): Do not forget to release module on error. (gcry_md_open): Adjusted for new no-errno-API. (md_open): Likewise. (md_copy): Likewise. (gcry_md_copy): Likewise. (gcry_md_setkey): Likewise. (gcry_md_algo_info): Likewise. * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and also fixed a locking bug. (gcry_cipher_encrypt): Adjusted for new no-errno-API. (gcry_cipher_decrypt): Likewise. (gcry_cipher_ctl): Likewise. (gcry_cipher_info): Likewise. (gcry_cipher_algo_info): Likewise. 2003-05-28 Moritz Schulte * md.c (md_enable): Adjusted for libgpg-error. (gcry_md_enable): Likewise. (gcry_digest_register_default): Likewise. (gcry_digest_register): Likewise. (check_digest_algo): Likewise. (prepare_macpads): Likewise. (gcry_md_setkey): Likewise. (gcry_md_ctl): Likewise. (gcry_md_get): Likewise. (gcry_md_algo_info): Likewise. (gcry_md_info): Likewise. * dsa.c (_gcry_dsa_generate): Likewise. (_gcry_dsa_check_secret_key): Likewise. (_gcry_dsa_sign): Likewie. (_gcry_dsa_verify): Likewise. * twofish.c (do_twofish_setkey): Likewise. (twofish_setkey): Likewise. * cipher.c (gcry_cipher_register): Likewise. 2003-05-25 Moritz Schulte * rijndael.c (do_setkey): Adjusted for libgpg-error. (rijndael_setkey): Likewise. * random.c (gcry_random_add_bytes): Likewise. * elgamal.c (_gcry_elg_generate): Likewise. (_gcry_elg_check_secret_key): Likewise. (_gcry_elg_encrypt): Likewise. (_gcry_elg_decrypt): Likewise. (_gcry_elg_sign): Likewise. (_gcry_elg_verify): Likewise. * rsa.c (_gcry_rsa_generate): Likewise. (_gcry_rsa_check_secret_key): Likewise. (_gcry_rsa_encrypt): Likewise. (_gcry_rsa_decrypt): Likewise. (_gcry_rsa_sign): Likewise. (_gcry_rsa_verify): Likewise. * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Likewise. (gcry_pubkey_register): Likewise. (check_pubkey_algo): Likewise. (pubkey_generate): Likewise. (pubkey_check_secret_key): Likewise. (pubkey_encrypt): Likewise. (pubkey_decrypt): Likewise. (pubkey_sign): Likewise. (pubkey_verify): Likewise. (sexp_elements_extract): Likewise. (sexp_to_key): Likewise. (sexp_to_sig): Likewise. (sexp_to_enc): Likewise. (sexp_data_to_mpi): Likewise. (gcry_pk_encrypt): Likewise. (gcry_pk_decrypt): Likewise. (gcry_pk_sign): Likewise. (gcry_pk_verify): Likewise. (gcry_pk_testkey): Likewise. (gcry_pk_genkey): Likewise. (gcry_pk_ctl): Likewise. * cipher.c (dummy_setkey): Likewise. (check_cipher_algo): Likewise. (gcry_cipher_open): Likewise. (cipher_setkey): Likewise. (gcry_cipher_ctl): Likewise. (cipher_encrypt): Likewise. (gcry_cipher_encrypt): Likewise. (cipher_decrypt): Likewise. (gcry_cipher_decrypt): Likewise. (gcry_cipher_info): Likewise. (gcry_cipher_algo_info): Likewise. * cast5.c (cast_setkey): Likewise. (do_cast_setkey): Likewise. * arcfour.c (arcfour_setkey): Likewise. (do_arcfour_setkey): Likewise. * blowfish.c (do_bf_setkey): Likewise. (bf_setkey): Likewise. * des.c (do_des_setkey): Likewise. (do_tripledes_setkey): Likewise. 2003-05-22 Moritz Schulte * tiger.c: Merged code ussing the U64_C macro from GnuPG. * sha512.c: Likewise. 2003-05-17 Moritz Schulte * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of releasing it. 2003-05-11 Moritz Schulte * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS. (gcry_pk_ctl): Likewise. 2003-04-27 Moritz Schulte * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has been used. * md.c (gcry_md_get_algo_dlen): Simplified, simply call md_digest_length to do the job. * des.c (do_des_setkey): Check for selftest failure not only during initialization. (do_tripledes_setkey): Include check for selftest failure. * pubkey.c (gcry_pubkey_register_default): New macro `pubkey_use_dummy', use it. * elgamal.c (elg_names): New variable. (pubkey_spec_elg): Include elg_names. * dsa.c (dsa_names): New variable. (pubkey_spec_dsa): Include dsa_names. * rsa.c (rsa_names): New variable. (pubkey_spec_rsa): Include rsa_names. * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with the names listed in `sexp_names'. 2003-04-24 Moritz Schulte * pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted to new module interface. (sexp_to_key): Changend type of argument `retalgo' from `int *' to `GcryModule **'. Adjusted all callers. Removed argument: r_algotblidx. (sexp_to_sig): Changend type of argument `retalgo' from `int *' to `GcryModule **'. Adjusted all callers. (sexp_to_enc): Likewise. (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig, pubkey_get_nenc): Use strlen to find out the number. * rsa.c: Adjust pubkey_spec_rsa to new internal interface. * dsa.c: Likewise. * elgamal.c: Likewise. 2003-04-17 Moritz Schulte * pubkey.c (sexp_elements_extract): New function. * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use sexp_elements_extract. (sexp_to_sig): Likewise. (sexp_to_enc): Likewise. * pubkey.c: Terminate list correctly. * md.c: Include sha512/sha384 in digest_table. 2003-04-16 Moritz Schulte * Makefile.am: Include support for sha512.c. * sha512.c: New file, merged from GnuPG, with few modifications for libgcrypt. * rand-internal.h: Removed declarations for constructor functions. * md.c (md_copy): Call _gcry_module_use for incrementing the usage counter of the digest modules. * rsa.c: Do not include "rsa.h". * dsa.c: Do not include "dsa.h". * elgamal.c: Do not include "elgamal.h". * des.c: Do not include "des.h". * cast5.c: Do not include "cast5.h". * blowfish.c: Do not include "blowfish.h". * arcfour.c: Do not include "arcfour.h". * Makefile.am (libcipher_la_DEPENDENCIES): Removed. (libcipher_la_LIBADD): Removed. Use Automake conditionals for conditional compilation. 2003-04-13 Moritz Schulte * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS. * md.c (gcry_md_list): New member: module. (md_enable): New variable: module, changed use of module and digest. (md_enable): Initialize member: module. (md_close): Call _gcry_module_release. * cipher.c (gcry_cipher_open): New variable: module, changed use of module and cipher. (struct gcry_cipher_handle): New member: module. (gcry_cipher_open): Initialize member: module. (gcry_cipher_close): Call _gcry_module_release. 2003-04-09 Moritz Schulte * cipher.c: Include "ath.h". * md.c: Likewise. * pubkey.c: Likewise. * cipher.c (ciphers_registered_lock): New variable. * md.c (digests_registered_lock): New variable. * pubkey.c (pubkeys_registered_lock): New variable. * rndlinux.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndlinux_constructor): Removed function. * rndegd.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndegd_constructor): Removed function. * rndunix.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndunix_constructor): Removed function. * rndw32.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndw32_constructor): Removed function. * rndegd.c (rndegd_connect_socket): Simplify code for creating the egd socket address. (rndegd_connect_socket): Call log_fatal use instead of g10_log_fatal. (egd_gather_random): Renamed to ... (rndegd_gather_random): ... here. 2003-04-08 Moritz Schulte * rndlinux.c: Do not include "dynload.h". * rndunix.c: Likewise. * rndw32.c: Likewise. * rndegd.c (rndegd_connect_socket): Factored out from ... (egd_gather_random): here; call it. (egd_socket): New variable. (egd_gather_random): Initialize fd with egd_socket, do not declare fd static. (do_read): Merged few changes from GnuPG. FIXME - not finished? Do not include "dynload.h". * rndw32.c (gather_random): Renamed to rndw32_gather_random, do not declare static. (gather_random_fast): Renamed to rndw32_gather_random_fast, do not declare static. * rndunix.c (gather_random): Renamed to rndunix_gather_random, do not declare static. * rndegd.c (gather_random): Renamed to rndegd_gather_random, do not declare static. * rndlinux.c (gather_random): Renamed to rndlinux_gather_random, do not declare static. 2003-04-07 Moritz Schulte * Makefile.am (libcipher_la_SOURCES): Removed construct.c. (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c, md5.c, tiger.c and crc.c (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger and crc. Removed definitions: EXTRA_md4_SOURCES, EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES, EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES, BUILT_SOURCES, DISTCLEANFILES. * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h". * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h, dsa.h, des.h, cast5.h, arcfour.h and blowfish.h. * rsa.h: Removed file. * elgamal.h: Removed file. * dsa.h: Removed file. * des.h: Removed file. * cast5.h: Removed file. * arcfour.h: Removed file. * blowfish.h: Removed file. * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and dynload.h. * rsa.c (pubkey_spec_rsa): New variable. * dsa.c (pubkey_spec_rsa): New variable. * elgamal.c (pubkey_spec_elg): New variable. * rsa.c (_gcry_rsa_get_info): Removed function. * elgamal.c (_gcry_elg_get_info): Removed function. * dsa.c (_gcry_dsa_get_info): Removed function. * tiger.c (tiger_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_tiger_constructor): Removed function. * sha1.c (sha1_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_sha1_constructor): Removed function. * sha256.c (sha256_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_sha256_constructor): Removed function. * rmd160.c (rmd160_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rmd160_constructor): Removed function. * md5.c (md5_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_md5_constructor): Removed function. * md4.c (md4_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_md4_constructor): Removed function. * crc.c (crc_get_info): Removed function. * arcfour.c (do_arcfour_setkey): Changed type of context argument to `void *', added local variable for cast, adjusted callers. (arcfour_setkey): Likewise. (encrypt_stream): Likewise. * cast5.c (cast_setkey): Likewise. (encrypt_block): Likewise. * rijndael.c (rijndael_setkey): Likewise. (rijndael_encrypt): Likewise. (rijndael_decrypt): Likewise. * twofish.c (twofish_setkey): Likewise. (twofish_encrypt): Likewise. (twofish_decrypt): Likewise. * des.c (do_des_setkey): Likewise. (do_des_encrypt): Likewise. (do_des_encrypt): Likewise. (do_tripledes_encrypt): Likewise. (do_tripledes_encrypt): Likewise. * blowfish.c (bf_setkey: Likewise. (encrypt_block): Likewise. (decrypt_block): Likewise. * arcfour.c (encrypt_stream): Likewise. * rijndael.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func) Removed function. * twofish.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func) Removed function. * cast5.c (CIPHER_ALGO_CAST5): Removed. * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros. (CIPHER_ALGO_BLOWFISH): Removed symbol. * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise. * des.c (selftest_failed): Removed. (initialized): New variable. (do_des_setkey): Run selftest, if not yet done. (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros. * arcfour.c (_gcry_arcfour_get_info): Removed function. * blowfish.c (_gcry_blowfish_get_info): Removed function. * cast5.c (_gcry_cast5_get_info): Removed function. * des.c (_gcry_des_get_info): Removed function. * rijndael.c (_gcry_rijndael_get_info): Removed function. * twofish.c (_gcry_twofish_get_info): Removed function. * arcfour.c (cipher_spec_arcfour): New variable. * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New variables. * rijndael.c (cipher_spec_aes, cipher_spec_aes192, cipher_spec256): New variables. * des.c (cipher_spec_des, cipher_spec_tripledes): New variables. * cast5.c (cipher_spec_cast5): New variable. * blowfish.c (cipher_spec_blowfish): Likewise. * twofish.c: Do not include "dynload.h". * rijndael.c: Likewise. * des.c: Likewise. * cast5.c: Likewise. * blowfish.c: Likewise. * cipher.c: Likewise. * crc.c: Likewise. * md4.c: Likewise. * md5.c: Likewise. * md.c: Likewise. * pubkey.c: Likewise. * rijndael.c: Likewise. * sha1.c: Likewise. * sha256.c: Likewise. * arcfour.c: Include "cipher.h". * twofish.c: Likewise. * rijndael.c: Likewise. * des.c: Likewise. * cast5.c: Likewise. * blowfish.c: Likewise. * twofish.c (twofish_setkey): Declared argument `key' const. (twofish_encrypt): Declared argument `inbuf' const. (twofish_decrypt): Likewise. * rijndael.c (rijndael_setkey): Declared argument `key' const. (rijndael_encrypt): Declared argument `inbuf' const. (rijndael_decrypt): Likewise. * des.c (do_des_setkey): Declared argument `key' const. (do_tripledes_setkey): Likewise. (do_des_encrypt): Declared argument `inbuf' const. (do_des_decrypt): Likewise. (do_tripledes_encrypt): Likewise. (do_tripledes_decrypt): Likewise. * cast5.c (encrypt_block): Declared argument `inbuf' const. (decrypt_block): Likewise. (cast_setkey): Declared argument `key' const. * blowfish.c (do_bf_setkey): Declared argument `key' const. (encrypt_block): Declared argument `inbuf' const. (encrypt_block): Likewise. * cipher.c: Remove CIPHER_ALGO_DUMMY related code. Removed struct cipher_table_s. Changed definition of cipher_table. Removed definition of disabled_algos. (ciphers_registered, default_ciphers_registered): New variables. (REGISTER_DEFAULT_CIPHERS): New macro. (dummy_setkey): Declared argument `key' const. (dummy_encrypt_block): Declared argument `inbuf' const. (dummy_encrypt_block): Likewise. (dummy_encrypt_stream): Likewise. (dummy_encrypt_stream): Likewise. (dummy_setkey): Use `unsigned char' instead of `byte'. (dummy_encrypt_block): Likewise. (dummy_decrypt_block): Likewise. (dummy_encrypt_stream): Likewise. (dummy_decrypt_stream): Likewise. (gcry_cipher_register_default): New function. (gcry_cipher_lookup_func_id): New function. (gcry_cipher_lookup_func_name): New function. (gcry_cipher_lookup_id): New function. (gcry_cipher_lookup_name): New function. (gcry_cipher_id_new): New function. (gcry_cipher_register): New function. (gcry_cipher_unregister): New function. (setup_cipher_table): Removed function. (load_cipher_modules): Removed function. (gcry_cipher_map_name): Adjusted to use new module management. (cipher_algo_to_string): Likewise. (disable_cipher_algo): Likewise. (check_cipher_algo): Likewise. (cipher_get_keylen): Likewise. (cipher_get_blocksize): Likewise. (gcry_cipher_open): Likewise. (struct gcry_cipher_handle): Replaced members algo, algo_index, blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one member: cipher. (gcry_cipher_open): Adjusted code for new handle structure. (cipher_setkey): Likewise. (cipher_setiv): Likewise. (cipher_reset): Likewise. (do_ecb_encrypt): Likewise. (do_ecb_decrypt): Likewise. (do_cbc_encrypt): Likewise. (do_cbc_decrypt): Likewise. (do_cfb_encrypt): Likewise. (do_cfb_decrypt): Likewise. (do_ctr_encrypt): Likewise. (cipher_encrypt): Likewise. (gcry_cipher_encrypt): Likewise. (cipher_decrypt): Likewise. (gcry_cipher_decrypt): Likewise. (cipher_sync): Likewise. (gcry_cipher_ctl): Likewise. * pubkey.c: Removed struct pubkey_table_s. Changed definition of pubkey_table. Removed definition of disabled_algos. (pubkeys_registered, default_pubkeys_registered): New variables. (REGISTER_DEFAULT_PUBKEYS): New macro. (setup_pubkey_table): Removed function. (load_pubkey_modules): Removed function. (gcry_pubkey_register_default): New function. (gcry_pubkey_lookup_func_id): New function. (gcry_pubkey_lookup_func_name): New function. (gcry_pubkey_lookup_id): New function. (gcry_pubkey_lookup_name): New function. (gcry_pubkey_id_new): New function. (gcry_pubkey_register): New function. (gcry_pubkey_unregister): New function. (gcry_pk_map_name): Adjusted to use new module management. (gcry_pk_algo_name): Likewise. (disable_pubkey_algo): Likewise. (check_pubkey_algo): Likewise. (pubkey_get_npkey): Likewise. (pubkey_get_nskey): Likewise. (pubkey_get_nsig): Likewise. (pubkey_get_nenc): Likewise. (pubkey_generate): Likewise. (pubkey_check_secret_key): Likewise. (pubkey_encrypt): Likewise. (pubkey_decrypt): Likewise. (pubkey_sign): Likewise. (pubkey_verify): Likewise. (gcry_pk_get_nbits): Likewise. (gcry_pk_algo_info): Likewise. * md.c: Removed struct md_digest_list_s. (digest_list): Changed definition. (digests_registered, default_digests_registered): New variables. (REGISTER_DEFAULT_DIGESTS): New macro. (new_list_item): Removed function. (setup_md_table): Removed function. (load_digest_module): Removed function. (gcry_digest_register_default): New function. (gcry_digest_lookup_func_id): New function. (gcry_digest_lookup_func_name): New function. (gcry_digest_lookup_id): New function. (gcry_digest_lookup_name): New function. (gcry_digest_id_new): New function. (gcry_digest_register): New function. (gcry_digest_unregister): New function. (GcryDigestEntry): New type. (struct gcry_md_context): Adjusted type of `list'. (gcry_md_map_name): Adjusted to use new module management. (digest_algo_to_string): Likewise. (check_digest_algo): Likewise. (md_enable): Likewise. (md_digest_length): Likewise. (md_asn_oid): Likewise. 2003-04-07 Moritz Schulte * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA, PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with GCRY_PK_ELG. * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA. 2003-04-01 Moritz Schulte * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES. 2003-03-31 Moritz Schulte * tiger.c (tiger_get_info): Do not declare static. * sha256.c (sha256_get_info): Likewise. * sha1.c (sha1_get_info): Likewise. * rmd160.c (rmd160_get_info): Likewise. * md5.c (md5_get_info): Likewise. * md4.c (md4_get_info): Likewise. * crc.c (crc_get_info): Likewise. * md.c (load_digest_module): Call setup_md_table during initialization. (new_list_item): Link new element into digest_list. * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper for do_ctr_encrypt, since these functions are identical. 2003-03-30 Simon Josefsson * cipher.c (struct gcry_cipher_handle): Add counter field. (gcry_cipher_open): Add CTR. (cipher_reset): Clear counter field. (do_ctr_encrypt, do_ctr_decrypt): New functions. (cipher_encrypt, cipher_decrypt): Call CTR functions. (gcry_cipher_ctl): Add SET_CTR to set counter. 2003-03-30 Moritz Schulte * rsa.c (_gcry_rsa_blind): New function. (_gcry_rsa_unblind): New function. (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt. 2003-03-26 Moritz Schulte * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and `decrypt' function arguments. (_gcry_enum_gnupgext_pubkeys): Likewise. * dynload.h: Likewise. * pubkey.c (dummy_decrypt): Add argument: int flags. (dummy_encrypt): Likewise. * elgamal.c (_gcry_elg_encrypt): Add argument: int flags. (_gcry_elg_decrypt): Likewise. * rsa.c (_gcry_rsa_encrypt): Add argument: int flags. (_gcry_rsa_decrypt): Likewise. * pubkey.c: Add `flags' argument to members `encrypt' and `decrypt' of struct `pubkey_table_s'. * rsa.h: Add `flags' argument to function declarations. * elgamal.h: Likewise. * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags. (sexp_data_to_mpi): Set `parsed_flags'. (sexp_data_to_mpi): New argument: int *flags. (gcry_pk_encrypt): New variable: int flags. (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt. (pubkey_encrypt): New variable: int flags. (pubkey_encrypt): Pass `flags' to pubkey encrypt function. (pubkey_decrypt): Likewise. (pubkey_decrypt): Pass `flags' to pubkey encrypt function. (gcry_pk_encrypt): Include `flags' s-exp in return list. (sexp_to_enc): New argument: int *flags. (gcry_pk_decrypt): New variable: int flags. (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt. (sexp_to_enc): New variable: int parsed_flags. (sexp_to_enc): Set `parsed_flags'. 2003-03-22 Simon Josefsson * cipher.c (gcry_cipher_open, do_cbc_encrypt) (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC. (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC. 2003-03-19 Werner Koch * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG to allow for a user callback. Changed all callers. (_gcry_generate_secret_prime) (_gcry_generate_public_prime): Ditto, pass them to gen_prime. * rsa.c (check_exponent): New. (generate): Use a callback to ensure that a given exponent is actually generated. 2003-03-12 Moritz Schulte * primegen.c: Initialize `no_of_small_prime_numbers' statically. (gen_prime): Remove calculation of `no_of_small_prime_numbers'. 2003-03-03 Moritz Schulte * md.c (gcry_md_ctl): Rewritten to use same style like the other functions dispatchers. 2003-03-02 Moritz Schulte * cipher.c (struct gcry_cipher_handle): New member: algo_index. (gcry_cipher_open): Allocate memory for two cipher contexts. Initialize algo_index. (cipher_setkey): Duplicate context into reserved memory. (cipher_reset): New function, which resets the context and clear the IV. (gcry_cipher_ctl): Call cipher_reset. 2003-02-23 Moritz Schulte * cipher.c: Remove (bogus) `digitp' macro definition. * md.c: Likewise. * blowfish.c (burn_stack): Removed. * arcfour.c (burn_stack): Likewise. * cast5.c (burn_stack): Likewise. * des.c (burn_stack): Likewise. * md4.c (burn_stack): Likewise. * md5.c (burn_stack): Likewise. * random.c (burn_stack): Likewise. * rijndael.c (burn_stack): Likewise. * rmd160.c (burn_stack): Likewise. * sha1.c (burn_stack): Likewise. * sha256.c (burn_stack): Likewise. * tiger.c (burn_stack): Likewise. * twofish.c (burn_stack): Likewise. * blowfish.c: Changed all occurences of burn_stack to _gcry_burn_stack. * arcfour.c: Likewise. * cast5.c: Likewise. * des.c: Likewise. * md4.c: Likewise. * md5.c: Likewise. * random.c: Likewise. * rijndael.c: Likewise. * rmd160.c: Likewise. * sha1.c: Likewise. * sha256.c: Likewise. * tiger.c: Likewise. * twofish.c: Likewise. * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR instead of hard-coded value `301'. 2003-01-24 Werner Koch * random.c (_gcry_register_random_progress): New. (_gcry_random_progress): New. * rndlinux.c (gather_random): Call the random progress function. 2003-01-23 Werner Koch * rsa.c (generate): New arg USE_E to request a specific public exponent. (_gcry_rsa_generate): Ditto. * elgamal.c (_gcry_elg_generate): Must add an dummy argument instead of USE_E. * dsa.c (_gcry_dsa_generate): Ditto. * pubkey.c (dummy_generate): Ditto. (pubkey_generate): Add USE_E arg and pass it down. (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate. * pubkey.c (sexp_to_enc): New arg RET_MODERN. (gcry_pk_decrypt): Make use of it to return a real S-expression. Return better error codes. (gcry_pk_verify): Return better error codes. 2003-01-21 Werner Koch * random.c (gcry_random_add_bytes): Add QUALITY argument, let function return an error code and disable its core for now. 2003-01-21 Timo Schulz * random.c (gcry_random_add_bytes): New. Function to add external random to the pool. 2003-01-20 Simon Josefsson * crc.c: New. * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c. * md.c (gcry_md_get_algo_dlen): Add values for CRC. 2003-01-20 Werner Koch * sha256.c: New. * bithelp.h (ror): New. * Makfile.am: Add sha256.c. * md.c (oid_table): Add values for SHA256 et al. (gcry_md_get_algo_dlen): Likewise 2003-01-20 Werner Koch * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA and ElGamal. 2003-01-17 Werner Koch * cipher.c (gcry_cipher_encrypt): Reworked so that the output will never contain the plaintext even if the caller did not checked the return value. * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL because we don't have an invalid md algo but no algorithm enabled. * pubkey.c (gcry_pk_genkey): Changed error code for bounds check of table parameters to GCRYERR_INTERNAL. * md.c (gcry_md_open): Partly reverted Timo's change from 2002-10-10 by removing the check for the algorithm. An algorithm of 0 is allowed and anyway we should not double check it or check it using a different function. Also fixed the flags check. * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL on error. (gcry_pk_decrypt): Ditto for R_PLAIN. (gcry_pk_sign): Ditto for R_SIG. (gcry_pk_genkey): Ditto for R_KEY. 2003-01-16 Werner Koch * md.c (gcry_md_write): Changed 2nd argument type to void*. (gcry_md_hash_buffer): Changed type of boths buffers to void*. (gcry_md_setkey): Changed 2nd argument type to void*. 2003-01-15 Werner Koch * pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding. (gcry_pk_sign, gcry_pk_verify): Use it here. (gcry_pk_encrypt): And here. (pubkey_verify): Add debug code. (sexp_to_enc): Handle flags in the input and return the pkcs1 flag in a new parameter. (gcry_pk_decrypt): Prepare for future pkcs1 handling. 2002-12-19 Werner Koch * random.c (_gcry_random_initialize): New. 2002-12-16 Werner Koch * cipher.c: Added a Teletrust specific OID for 3DES. 2002-12-12 Werner Koch * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption). 2002-11-23 Werner Koch * md.c (load_digest_module): Enlarged checked_algos bitmap. * md4.c (func_table): Fixed entry for md4. Both by Simon Josephson. (transform): Copy data to get the alignment straight. Tested only on i386. 2002-11-10 Simon Josefsson * cipher.c (gcry_cipher_open): Don't reject CTS flag. (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) (gcry_cipher_encrypt, cipher_decrypt) (gcry_cipher_decrypt): Support CTS flag. (gcry_cipher_ctl): Toggle CTS flag. 2002-11-10 Werner Koch * md4.c: New. By Simon Josefsson. * Makefile.am (EXTRA_PROGRAMS): Add md4.c. * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. 2002-10-14 Werner Koch * arcfour.c (do_encrypt_stream): Don't use increment op when assigning to the same variable. 2002-10-10 Timo Schulz * pubkey.c (gcry_pk_genkey): Check boundaries. * md.c (gcry_md_open): Check that algo is available and only valid flag values are used. (gcry_md_get_algo): Add error handling. 2002-09-26 Werner Koch * md.c: Include an OID for TIGER. * tiger.c (tiger_get_info): Use a regular OID. 2002-09-17 Werner Koch * random.c: Replaced mutex.h by the new ath.h. Changed all calls. 2002-09-16 Werner Koch * arcfour.c (do_encrypt_stream): Use register modifier and modulo. According to Nikos Mavroyanopoulos this increases perfromace on i386 system noticable. And I always tought gcc is clever enough. * md5.c (transform): Use register modifier. * rmd160.c (transform): Ditto. * sha1.c (transform): Ditto. We hope that there are 6 free registers. * random.c (gcry_randomize): Rewrote to avoid malloc calls. * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*. * arcfour.c (do_arcfour_setkey): Ditto. * twofish.c (do_twofish_setkey): Ditto. * rndegd.c (gather_random): Ditto. * rijndael.c (do_setkey): Ditto. * random.c (_gcry_random_dump_stats): Ditto. * primegen.c (_gcry_generate_elg_prime): Ditto. * des.c (_gcry_des_get_info): Ditto. * cast5.c (do_cast_setkey): Ditto. * blowfish.c (do_bf_setkey): Ditto. 2002-08-26 Werner Koch * des.c (weak_keys): Fixed one entry in the table and compared all entries against the literature. (selftest): Checksum the weak key table. 2002-08-21 Werner Koch * pubkey.c: Enable keygrip calculation for "openpgp-rsa". 2002-08-17 Werner Koch * cipher.c (setup_cipher_table): Don't overwrite the DES entry with the entry for DUMMY. 2002-08-14 Werner Koch * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New. (_gcry_des_get_info): Support plain old DES. * cipher.c (setup_cipher_table): Put DES into the table. 2002-07-25 Werner Koch * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_. Noted by Stephan Austermuehle. 2002-07-08 Timo Schulz * rndw32.c: Replaced the m_ memory functions with the real gcry_ functions. Renamed all g10_ prefixed functions to log_. 2002-06-12 Werner Koch * rsa.c (generate): Use e = 65537 for now. 2002-06-11 Werner Koch * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key". 2002-06-05 Timo Schulz * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Check that the input size is a multiple of the blocksize. 2002-05-23 Werner Koch * md.c (oid_table): Add an rsadsi OID for MD5. 2002-05-21 Werner Koch * primegen.c, elgamal.c, dsa.c (progress): Do not print anything by default. Pass an extra identifying string to the callback and reserved 2 argumenst for current and total counters. Changed the register function prototype. 2002-05-17 Werner Koch * rndegd.c (rndegd_constructor): Fixed name of register function and prefixed the function name with _gcry_. * rndw32.c (rndw32_constructor): Ditto. * tiger.c (tiger_constructor): Ditto. * Makefile.am: Removed all dynamic loading stuff. * dynload.c: Ditto. Now only used for the constructor system. 2002-05-15 Werner Koch * random.c (gcry_random_bytes,gcry_random_bytes_secure) (gcry_randomize): Make sure we are initialized. 2002-05-14 Werner Koch Changed license of most files to the LGPL. 2002-05-02 Werner Koch * random.c (_gcry_fast_random_poll): Initialize the module so the mutex can be used. * primegen.c (small_prime_numbers): Moved table from smallprime.c * smallprime.c: File removed. * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static. * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES". * rijndael.c (rijndael_get_info): We do only support a 128 bit blocksize so it makes sense to change the algorithm strings to AES. * tiger.c (tiger_final): Removed superfluous token pasting operators. * md5.c (md5_final): Ditto. 2002-04-30 Werner Koch * cipher.c: Fixed list of copyright years. 2002-03-18 Werner Koch * random.c (initialize): Initialize the new pool lock mutex. (_gcry_fast_random_poll): Add locking and moved main code out to... (do_fast_random_poll): new function. (read_pool): Use the new function here. (get_random_bytes): Add locking. (_gcry_update_random_seed_file): Ditto. 2002-03-11 Werner Koch * md.c: Add rsaSignatureWithripemd160 to OID table. 2002-02-20 Werner Koch * sha1.c: Removed a left over comment note. The code has been rewritten from scratch in 1998. Thanks to Niels Möller for reporting this misleading comment. 2002-02-18 Werner Koch * rndunix.c (rndunix_constructor): Use the the new prefixed function name. Reported by Jordi Mallach. 2002-02-10 Werner Koch * random.c (mix_pool): Carry an extra failsafe_digest buffer around to make the function more robust. 2002-02-08 Werner Koch * random.c (add_randomness): Xor new data into the pool and not just copy it. This avoids any choosen input attacks which are not serious in our setting because an outsider won't be able to mix data in and even then we keep going with a PRNG. Thanks to Stefan Keller for pointing this out. 2002-01-04 Werner Koch * pubkey.c (gcry_pk_genkey): Do not release skey - it is static. * primegen.c (gen_prime): Of course we should use set_bit and not set_highbit to set the second high bit. 2001-12-18 Werner Koch * rsa.c (generate): Loop until we find the exact modulus size. Changed the exponent to 41. (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings. * primegen.c (gen_prime): Set 2 high order bits for secret primes. * Makefile.am (DISTCLEANFILES): Include construct.c. 2001-12-17 Werner Koch * pubkey.c (gcry_pk_get_keygrip): New - experimental. 2001-12-11 Werner Koch * cipher.c: Added OIDs for AES. (gcry_cipher_mode_from_oid): New. (gcry_cipher_map_name): Moved OID search code to .. (search_oid): .. new function. 2001-12-10 Werner Koch * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name and not by number. * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign) (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey) (gcry_pk_get_nbits): Release the arrays. Noted by Nikos Mavroyanopoulos. 2001-12-06 Werner Koch * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed with "oid." or "OID.". 2001-12-05 Werner Koch * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. 2001-11-24 Werner Koch * pubkey.c: Added the rsaEncryption OID to the tables. (sexp_to_key): Add an arg to return the index of the algorithm, changed all callers. (gcry_pk_sign): Find the signature algorithm by name and not by number. (gcry_pk_get_nbits): Fixed so that we can now really pass a secret key to get the result. * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid." or "OID." so that an OID string can be used as an S-Exp token. 2001-11-20 Werner Koch * md.c (gcry_md_map_name): Lookup by OID if the the name begins with a digit. (oid_table): New. 2001-11-16 Werner Koch * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED. 2001-11-07 Werner Koch * md.c (gcry_md_hash_buffer): Close the handle which was left open for algorithms other than rmd160. 2001-08-08 Werner Koch * rndw32.c (gather_random): Use toolhelp in addition to the NT gatherer for Windows2000. Suggested by Sami Tolvanen. * random.c (read_pool): Fixed length check, this used to be one byte to strict. Made an assert out of it because the caller has already made sure that only poolsize bytes are requested. Reported by Marcus Brinkmann. 2001-08-03 Werner Koch * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return errors. We have to change the interface to all ciphers to make this really work but we should do so to prepare for hardware encryption modules. (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and set lasterr. (gcry_cipher_ctl): Make sure that errors from setkey are returned. 2001-08-02 Werner Koch * rndlinux.c (gather_random): casted a size_t arg to int so that the format string is correct. Casting is okay here and avoids translation changes. * random.c (fast_random_poll): Do not check the return code of getrusage. * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7 and 8. * tiger.c (print_abc,print_data): Removed. * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c (burn_stack): New. Add wrappers for most functions to be able to call burn_stack after the function invocation. This methods seems to be the most portable way to zeroise the stack used. It does only work on stack frame based machines but it is highly portable and has no side effects. Just setting the automatic variables at the end of a function to zero does not work well because the compiler will optimize them away - marking them as volatile would be bad for performance. * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise. * random.c (burn_stack): New. (mix_pool): Use it here to burn the stack of the mixblock function. * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places. Thanks to Tommi Komulainen. * arcfour.c (arcfour_setkey): Check the minimim keylength against bytes and not bits. (selftest): Must reset the key before decryption. 2001-05-31 Werner Koch * sha1.c (sha1_init): Made static. Changed all g10_ prefixed function names as well as some mpi_ function names to cope with the introduced naming changes. * md.c (prepare_macpads): Made key const. 2001-05-28 Werner Koch * rndegd.c (gather_random): Removed the use of tty_printf. 2001-03-29 Werner Koch * md5.c (md5_final): Fixed calculation of hashed length. Thanks to disastry@saiknes.lv for pointing out that it was horrible wrong for more than 512MB of input. * sha1.c (sha1_final): Ditto. * rmd160.c (rmd160_final): Ditto. * tiger.c (tiger_final): Ditto. * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to avoid name clashes with an encrypt function in stdlib.h of Dynix/PIX. Thanks to Gene Carter. * elgamal.c (encrypt,do_encrypt): Ditto. * twofish.c (gnupgext_enum_func): Use only when when compiled as a module. * rijndael.c (gnupgext_enum_func): Ditto. * tiger.c (tiger_get_info): Return "TIGER192" and not just "TIGER". By Edwin Woudt. * random.c: Always include time.h - standard requirement. Thanks to James Troup. * rndw32.c: Fixes to the macros. 2001-01-11 Werner Koch * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and not 8. 2000-12-19 Werner Koch Major change: Removed all GnuPG stuff and renamed this piece of software to gcrypt. 2000-11-14 Werner Koch * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and mpi_free by gcry_mpi_release. * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure. * rsa.c (test_keys,generate,rsa_verify): Ditto. * primegen.c (generate_elg_prime): Ditto. (gen_prime): Ditto and removed nlimbs. * rsa.c (generate): Allocate 2 more vars in secure memory. * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency problems. 2000-10-09 Werner Koch * arcfour.c, arcfour.h: New. * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode. (setup_cipher_table): Add Arcfour. (gcry_cipher_open): Kludge to allow stream mode. Wed Oct 4 13:16:18 CEST 2000 Werner Koch * sha1.c (transform): Use rol() macro. Actually this is not needed for a newer gcc but there are still aoter compilers. * rsa.c (test_keys): Use new random function. * md.c (gcry_md_setkey): New function to overcome problems with const conflics. (gcry_md_ctl): Pass set key to the new functions. * rijndael.c: New. * cipher.c: Add Rijndael support. Mon Sep 18 16:35:45 CEST 2000 Werner Koch * rndlinux.c (open_device): Loose random device checking. By Nils Ellmenreich. * random.c (fast_random_poll): Check ENOSYS for getrusage. * rndunix.c: Add 2 sources for QNX. By Sam Roberts. * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE. * rsa.c: Changed the comment about the patent. (secret): Speed up by using the CRT. For a 2k keys this is about 3 times faster. (stronger_key_check): New but unused code to check the secret key. * Makefile.am: Included rsa.[ch]. * pubkey.c: Enabled RSA support. (pubkey_get_npkey): Removed RSA workaround. Mon Jul 31 10:04:47 CEST 2000 Werner Koch * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new gcry_sexp_nth_{data,mpi} functions. Tue Jul 25 17:44:15 CEST 2000 Werner Koch * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt, gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with the new S-Exp interface. Mon Jul 17 16:35:47 CEST 2000 Werner Koch * random.c (gather_faked): Replaced make_timestamp by time(2) again. Fri Jul 14 19:38:23 CEST 2000 Werner Koch * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP. * Makefile.am: Never compile mingw32 as module. * Makefile.am: Tweaked module build and removed libtool * Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig. * elgamal.c (sign): Removed inactive code. * rsa.c, rsa.h: New based on the old module version (only in CVS for now). * pubkey.c (setup_pubkey_table): Added commented support for RSA. * rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra. (my_popen): Do the FD_CLOEXEC only if it is available (start_gatherer): Cope with missing _SC_OPEN_MAX * rndunix.c: Add some more headers for QNX. By Sam Roberts. * rndegd.c (gather_random): Shortcut level 0. * rndunix.c (gather_random): Ditto. * rndw32.c (gather_random): Ditto. * rndw32.c: Replaced with code from Cryptlib and commented the old stuff. * rndw32.c: Add some debuging code enabled by an environment variable. * random.c (read_seed_file): Binary open for DOSish system (update_random_seed_file): Ditto. * random.c [MINGW32]: Include process.h for getpid. * random.c (fast_random_poll): Add clock_gettime() as fallback for system which support this POSIX.4 fucntion. By Sam Roberts. * random.c (read_seed_file): Removed the S_ISLNK test becuase it is already covered by !S_ISREG and is not defined in Unixware. Reported by Dave Dykstra. (update_random_seed_file): Silently ignore update request when pool is not filled. * random.c (read_seed_file): New. (set_random_seed_file): New. (read_pool): Try to read the seeding file. (update_random_seed_file): New. (read_pool): Do an initial extra seeding when level 2 quality random is requested the first time. This requestes at least POOLSIZE/2 bytes of entropy. Compined with the seeding file this should make normal random bytes cheaper and increase the quality of the random bytes used for key generation. * random.c (read_pool): Print a more friendly error message in cases when too much random is requested in one call. * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined; this is not the case for some ESIX and Unixware, although they have getrusage(). * primegen.c (generate_elg_prime): All primes are now generated with the lowest random quality level. Because they are public anyway we don't need stronger random and by this we do not drain the systems entropy so much. * primegen.c (register_primegen_progress): New. * dsa.c (register_pk_dsa_progress): New. * elgamal.c (register_pk_elg_progress): New. * elgamal.c (wiener_map): New. (gen_k): Use a much smaller k. (generate): Calculate the qbits using the wiener map and choose an x at a size comparable to the one choosen in gen_k * rmd160.c (rmd160_get_info): Moved casting to the left side due to a problem with UTS4.3. Suggested by Dave Dykstra. * sha1.c (sha1_get_info): Ditto. * tiger.c (tiger_get_info): Ditto. * md5.c (md5_get_info): Ditto * des.c (des_get_info): Ditto. * blowfish.c (blowfish_get_info): Ditto. * cast5.c (cast5_get_info): Ditto. * twofish.c (twofish_get_info): Ditto. Fri Mar 24 11:25:45 CET 2000 Werner Koch * md.c (md_open): Add hmac arg and allocate space for the pads. (md_finalize): Add HMAC support. (md_copy): Ditto. (md_close): Ditto. (gcry_md_reset): Ditto. (gcry_md_ctl): Ditto. (prepare_macpdas): New. Mon Mar 13 19:22:46 CET 2000 Werner Koch * md.c (gcry_md_hash_buffer): Add support for the other algorithms. Mon Jan 31 16:37:34 CET 2000 Werner Koch * genprime.c (generate_elg_prime): Fixed returned factors which never worked for non-DSA keys. Thu Jan 27 18:00:44 CET 2000 Werner Koch * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors. Mon Jan 24 22:24:38 CET 2000 Werner Koch * pubkey.c (gcry_pk_decrypt): Implemented. (gcry_pk_encrypt): Implemented. (gcry_pk_testkey): New. (gcry_pk_genkey): New. (pubkey_decrypt): Made static. (pubkey_encrypt): Ditto. (pubkey_check_secret_key): Ditto. (pubkey_generate): Ditto. Mon Jan 24 13:04:28 CET 2000 Werner Koch * pubkey.c (pubkey_nbits): Removed and replaced by ... (gcry_pk_get_nbits): this new one. Wed Dec 8 21:58:32 CET 1999 Werner Koch * dsa.c: s/mpi_powm/gcry_mpi_powm/g * elgamal.c: Ditto. * primegen.c: Ditto. * : Replaced g10_opt_verbose by g10_log_verbosity(). * Makefile.am (INCLUDES): removed intl, add ../gcrypt Fri Nov 19 17:15:20 CET 1999 Werner Koch * dynload.c (cmp_filenames): New to replaced compare_filename() in module. (register_cipher_extension): Removed the tilde expansion stuff. * rndeg.c (my_make_filename): New. * : Replaced header util.h by g10lib.h * random.c (gather_faked): Replaced make_timestamp by time(2). Disabled wrning printed with tty_printf. * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx; this should be replaced by a callback function. * primegen.c (gen_prime): Use gcry_mpi_randomize. (is_prime): Ditto. * elgamal.c (test_keys): Ditto. * dsa.c (test_keys): Ditto. * cipher.c (gcry_cipher_close): Die on invalid handle. Mon Nov 15 21:36:02 CET 1999 Werner Koch * elgamal.c (gen_k): Use the new random API. (generate): Ditto. * dsa.c (gen_k): Ditto. (generate): Ditto. Sat Nov 13 17:44:23 CET 1999 Werner Koch * pubkey.c (disable_pubkey_algo): Made static. (gcry_pk_ctl): New. * random.c (get_random_bits): Renamed to ... (get_random_bytes): ... this and made static. (gcry_random_bytes): New. (gcry_random_bytes_secure): New. (randomize_buffer): Renamed to ... (gcry_randomize): ...this. * md.c (gcry_md_hash_buffer): New. * pubkey.c (gcry_pk_algo_info): 4 new commands. (pubkey_get_npkey): Made static. (pubkey_get_nskey): Made static. (pubkey_get_nsig): Made static. (pubkey_get_nenc): Made static. * pubkey.c: Removed all G10ERR_xxx. * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO. * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO. * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx. * blowfish.c: Ditto. * des.c: Ditto. * twofish.c: Ditto. * dsa.c: Ditto. * elgamal.c: Ditto. * g10c.c: Removed * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL if we are out of core. * dynload.c: Replaced all memory allocation functions. * md.c: Ditto. * primegen.c: Ditto. * pubkey.c: Ditto. * random.c: Ditto. * rndw32.c: Ditto. * elgamal.c: Ditto. * dsa.c: Ditto. Tue Oct 26 14:10:21 CEST 1999 Werner Koch * elgamal.c (sign): Hugh found strange code here. Replaced by BUG(). * cipher.c: Merged with gcrypt/symapi.c. * pubkey.c (string_to_pubkey_algo): Renamed function to ... (gcry_pk_map_name): ... this. (pubkey_algo_to_string): Renamed function to ... (gcry_pk_algo_name): ... this. (gcry_pk_algo_info): New. * pubkey.c: Merged with gcrypt/pkapi.c. * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for fixing this bug. * md.c: Merged with gcrypt/mdapi.c Wed Sep 15 14:39:59 CEST 1999 Michael Roth * des.c: Various speed improvements: One bit pre rotation trick after initial permutation (Richard Outerbridge). Finished test of SSLeay Tripple-DES patterns. Wed Sep 15 16:22:17 CEST 1999 Werner Koch * rndw32.c: New. Mon Sep 13 10:51:29 CEST 1999 Werner Koch * bithelp.h: New. * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h Tue Sep 7 16:23:36 CEST 1999 Werner Koch * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert. Mon Sep 6 19:59:08 CEST 1999 Werner Koch * des.c (selftest): Add some testpattern Mon Aug 30 20:38:33 CEST 1999 Werner Koch * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using in place encryption. Pointed out by Frank Stajano. Mon Jul 26 09:34:46 CEST 1999 Werner Koch * md5.c (md5_final): Fix for a SCO cpp bug. Thu Jul 15 10:15:35 CEST 1999 Werner Koch * elgamal.c (elg_check_secret_key,elg_encrypt elg_decrypt,elg_sign,elg_verify): Sanity check on the args. * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto. * pubkey.c (disable_pubkey_algo): New. (check_pubkey_algo2): Look at disabled algo table. * cipher.c (disable_cipher_algo): New. (check_cipher_algo): Look at disabled algo table. Wed Jul 7 13:08:40 CEST 1999 Werner Koch * Makefile.am: Support for libtool. Fri Jul 2 11:45:54 CEST 1999 Werner Koch * dsa.c (gen_k): Changed algorithm to consume less random bytes * elgamal.c (gen_k): Ditto. * random.c (random_dump_stats): New. Thu Jul 1 12:47:31 CEST 1999 Werner Koch * primegen.c, elgamal.c, dsa.c (progess): New and replaced all fputc with a call to this function. Sat Jun 26 12:15:59 CEST 1999 Werner Koch * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs. * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New. * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra). * Makefile.am (install-exec-hook): Removed. Sun May 23 14:20:22 CEST 1999 Werner Koch * cipher.c (setup_cipher_table): Enable Twofish * random.c (fast_random_poll): Disable use of times() for mingw32. Mon May 17 21:54:43 CEST 1999 Werner Koch * dynload.c (register_internal_cipher_extension): Minor init fix. Tue May 4 15:47:53 CEST 1999 Werner Koch * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug that we didn't correct for step when passing the prime to the Rabin-Miller test which led to bad performance (Stefan Keller). (check_prime): Add a first Fermat test. Sun Apr 18 10:11:28 CEST 1999 Werner Koch * cipher.c (cipher_setiv): Add ivlen arg, changed all callers. * random.c (randomize_buffer): alway use secure memory because we can't use m_is_secure() on a statically allocated buffer. * twofish.c: Replaced some macros by a loop to reduce text size. * Makefile.am (twofish): No more need for sed editing. Fri Apr 9 12:26:25 CEST 1999 Werner Koch * cipher.c (cipher_open): Reversed the changes for AUTO_CFB. * blowfish.c: Dropped the Blowfish 160 mode. * cipher.c (cipher_open): Ditto. (setup_cipher_table): Ditto. And removed support of twofish128 Wed Apr 7 20:51:39 CEST 1999 Werner Koch * random.c (get_random_bits): Can now handle requests > POOLSIZE * cipher.c (cipher_open): Now uses standard CFB for automode if the blocksize is gt 8 (according to rfc2440). * twofish.c: Applied Matthew Skala's patches for 256 bit key. Tue Apr 6 19:58:12 CEST 1999 Werner Koch * random.c (get_random_bits): Can now handle requests > POOLSIZE * cipher.c (cipher_open): Now uses standard CFB for automode if the blocksize is gt 8 (according to rfc2440). Sat Mar 20 11:44:21 CET 1999 Werner Koch * rndlinux.c (tty_printf) [IS_MODULE]: Removed. * rndegd.c (gather_random): Some fixes. Wed Mar 17 13:09:03 CET 1999 Werner Koch * rndegd.c (do_read): New. (gather_random): Changed the implementation. Mon Mar 8 20:47:17 CET 1999 Werner Koch * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed. Fri Feb 26 17:55:41 CET 1999 Werner Koch * md.c: Nearly a total rewrote. Wed Feb 24 11:07:27 CET 1999 Werner Koch * cipher.c (context): Fixed alignment * md.c: Ditto. * rndegd.c: New Mon Feb 22 20:04:00 CET 1999 Werner Koch * rndegd.c: New. Wed Feb 10 17:15:39 CET 1999 Werner Koch * Makefile.am: Modules are now figured out by configure * construct.c: New. Generated by configure. Changed all modules to work with that. * sha1.h: Removed. * md5.h: Removed. * twofish.c: Changed interface to allow Twofish/256 * rndunix.c (start_gatherer): Die on SIGPIPE. Wed Jan 20 18:59:49 CET 1999 Werner Koch * rndunix.c (gather_random): Fix to avoid infinite loop. Sun Jan 17 11:04:33 CET 1999 Werner Koch * des.c (is_weak_key): Replace system memcmp due to bugs in SunOS's memcmp. (des_get_info): Return error on failed selftest. * twofish.c (twofish_setkey): Return error on failed selftest or invalid keylength. * cast5.c (cast_setkey): Ditto. * blowfish.c (bf_setkey): Return error on failed selftest. Tue Jan 12 11:17:18 CET 1999 Werner Koch * random.c (random_is_faked): New. * tiger.c: Only compile if we have the u64 type Sat Jan 9 16:02:23 CET 1999 Werner Koch * rndunix.c (gather_random): check for setuid. * Makefile.am: Add a way to staically link random modules Thu Jan 7 18:00:58 CET 1999 Werner Koch * md.c (md_stop_debug): Do a flush first. (md_open): size of buffer now depends on the secure parameter Sun Jan 3 15:28:44 CET 1999 Werner Koch * rndunix.c (start_gatherer): Fixed stupid ==/= bug 1998-12-31 Geoff Keating * des.c (is_weak_key): Rewrite loop end condition. Tue Dec 29 14:41:47 CET 1998 Werner Koch * random.c: add unistd.h for getpid(). (RAND_MAX): Fallback value for Sun. Wed Dec 23 17:12:24 CET 1998 Werner Koch * md.c (md_copy): Reset debug. Mon Dec 14 21:18:49 CET 1998 Werner Koch * random.c (read_random_source): Changed the interface to the random gathering function. (gather_faked): Use new interface. * dynload.c (dynload_getfnc_fast_random_poll): Ditto. (dynload_getfnc_gather_random): Ditto. * rndlinux.c (gather_random): Ditto. * rndunix.c (gather_random): Ditto. Sat Dec 12 18:40:32 CET 1998 Werner Koch * dynload.c (SYMBOL_VERSION): New to cope with system which needs underscores. * rndunix.c: Rewrote large parts Thu Dec 10 20:15:36 CET 1998 Werner Koch * dynload.c (load_extension): increased needed verbosity level. * random.c (fast_random_poll): Fallback to a default fast random poll function. (read_random_source): Always use the faked entroy gatherer if no gather module is available. * rndlinux.c (fast_poll): Removed. * rndunix.c (fast_poll): Removed. Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-*.c: Removed. * rndlinux.c : New. * rndunix.c : New. * random.c : Restructured the interface to the gather modules. (intialize): Call constructor functions (read_radnom_source): Moved to here. * dynload.c (dynload_getfnc_gather_random): New. (dynload_getfnc_fast_random_poll): New. (register_internal_cipher_extension): New. (register_cipher_extension): Support of internal modules. Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-unix.c (read_random_source): Removed the assert. Mon Oct 19 18:34:30 1998 me,,, (wk@tobold) * pubkey.c: Hack to allow us to give some info about RSA keys back. Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de) * dynload.c: Support for DLD Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-unix.c: Now uses names from configure for /dev/random. 1998-10-10 SL Baur * Makefile.am: fix sed -O substitutions to catch -O6, etc. Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-) * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto. Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_digest): New. (md_reset): New. Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned. Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none)) * des.c: Some patches from Michael. Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none)) * des.c : New file from Michael Roth Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none)) * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys. Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none)) * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined. Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none)) * Makefile.am: Fixes to allow a different build directory Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold) * random.c (get_random_byte): Removed and changed all callers to use get_random_bits() Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none)) * cipher.c : Support for other blocksizes (cipher_get_blocksize): New. * twofish.c: New. * Makefile.am: Add twofish module. Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (read_pool): Simple alloc if secure_alloc is not set. (get_random_bits): Ditto. Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de) * dynload.c (load_extension): Function now nbails out if the program is run setuid. Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (rmd160_hash_buffer): New. Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c (cipher_open): algos >=100 use standard CFB Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de) * Makefile.am: Support for extensions Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (mix_pool): simpler handling for level 0 Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c: Removed from dist, will reappear as dynload module Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de) * pubkey.c: Major changes to allow extensions. Changed the inteface of all public key ciphers and added the ability to load extensions on demand. * misc.c: Removed. Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold) * dynload.c: New. * cipher.c: Major changes to allow extensions. Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c: Major internal chnages to support extensions. * blowfish.c (blowfish_get_info): New and made all internal functions static, changed heder. * cast5.c (cast5_get_info): Likewise. Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c (transform): Fix for big endian * cipher.c (do_cfb_decrypt): Big endian fix. Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_get_oid): Add a new one for TIGER. Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c: Add support for a dummy cipher Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (transform): fixed sigbus - I should better add Christian von Roques's new implemenation of rmd160_write. Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New * random.c: Moved system specific functions to rand-****.c Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (fast_random_poll): add call to gethrtime. Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de) * elgamal.c (elg_generate): choosing x was not correct, could yield 6 bytes which are not from the random pool, tsss, tsss.. Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de) * primegen.c (generate_elg_prime): Add arg mode, changed all callers and implemented mode 1. Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c (cipher_get_keylen): New. Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c, tiger.h: New. Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de) * misc.c (check_pubkey_algo2): New. Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c: New * misc.c (check_cipher_algo): Moved to cipher.c * cast5.c: Moved many functions to cipher.c * blowfish.c: Likewise. Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de) * cast5.c: Implemented and tested. Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de) * elgamal.c (elg_generate): Faster generation of x in some cases. Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de) * blowfish.c (blowfish_decode_cfb): changed XOR operation (blowfish_encode_cfb): Ditto. Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de) * sha1.c (transform): Rewrote * blowfish.c (encrypt): Unrolled for rounds == 16 (decrypt): Ditto. Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (transform): Unrolled the loop. Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (read_pool): Add pool_balance stuff. (get_random_bits): New. * elgamal.c (elg_generate): Now uses get_random_bits to generate x. Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_digest_length): New. Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de) * dsa.c (dsa_verify): Works. Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de) * dsa.c, dsa.h: Removed some unused code. Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_open): Add call to fast_random_poll. blowfish.c (blowfish_setkey): Ditto. Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (rmd160_mixblock): New. * random.c: Restructured to start with a new RNG implementation. * random.h: New. Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de) * gost.c, gost.h: Removed because they did only conatin trash. Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (fill_buffer): removed error message if n == -1. Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_enable): No init if called twice. Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de) * primegen.c (generate_elg_prime): Changed the progress printing. (gen_prime): Ditto. Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de) * md5.c, md.5 : Replaced by a modified version of md5.c from GNU textutils 1.22. Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c, md.h : New debugging support Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de) * misc.c (cipher_algo_to_string): New (pubkey_algo_to_string): New. (digest_algo_to_string): New. Copyright 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/cipher/Manifest b/cipher/Manifest index 47b48b15..fb396633 100644 --- a/cipher/Manifest +++ b/cipher/Manifest @@ -1,72 +1,71 @@ # Manifest - checksums of the cipher directory # Copyright 2003 Free Software Foundation, Inc. # # This file is part of Libgcrypt. # # Libgcrypt is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser general Public License as # published by the Free Software Foundation; either version 2.1 of # the License, or (at your option) any later version. # # Libgcrypt is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA # Checksums for all source files in this directory. Format is # filename, blanks, base-64 part of an OpenPGP detached signature # without the header lines. Blank lines and lines beginning with a # hash mark are ignored. A tool to process this file is available by # cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/wk co misc-scripts/manifest-tool # # The special entry "$names$" holds a signature over all sorted # filenames excluding itself. # Algorithm API cipher.c pubkey.c ac.c md.c primegen.c # Algorithm implementations arcfour.c blowfish.c cast5.c crc.c iQCVAwUAP7ouejEAnp832S/7AQIgwQQApg5Nm63tH5DQkbN+zPzMO9Ygoj3ukxfFTyTBPYSXYKMiTjEbESegaU40uN8jnz2vprcIQWcgZfzO4+opEJMcI35aPwzEk0vKOp0S/PrBLUY2rJfnDVkX5XgJFZa2Q7LLe826UEBzTVYW924utiCCe8oOaOEWVNpg1mqdknu3M9o==kz5D des.c dsa.c elgamal.c md4.c md5.c rijndael.c rmd160.c -rsa.c -serpent.c +rsa.c serpent.c sha1.c sha256.c sha512.c tiger.c twofish.c # Random number related random.c iQCVAwUAP7nsITEAnp832S/7AQK4SAQAtvfUgrtGOQ2PlxGMla0qJLPHjJacMwgq0ecusiI79elPdDsFfCCk6dK1Ug2kFbNm22nCGHNcUquqbX7noi7ZVQnmPBQXzyLNZd7GmrawRZfdlRerTUDBpSnR8V8ui/5+YYp627E7kKGC0hPSgqXFql6oBMIfno0LZwFJTjIevRY==L419 random.h iQCVAwUAP7ovKDEAnp832S/7AQJ3bQQAjnPebnyTC7sphAv2I7uIz+yPgw1ZfbVhLv+OiWDlO9ish+fRyyMpy+HELBOgZjJdgRegqhlZC6qyns5arM/VglYi+PzvdLO3hIqHE/YFfpIFPz8wBrcmlqrYyd3CsGqcYsfjocXNttCBLeSWmoJ09ltKQH8yzJf3oAgN6X1yuc4==eNoU rand-internal.h iQCVAwUAP7ouvDEAnp832S/7AQLYnAQAhdI7ERoJVCkV8GiV7MjaUxv1WIL7iZ+jIOvVhv4fNyhCGCGoEtTjkyput/lj7Nsh3FXEqRhypGGrCLf47x/gua5n+BwffogxVyUDqiOyyGhNTPpe3fQcNBvbPCtco8yMK4GJO5G3BqzlPyN+BMeogLymyV6Sm1mvh5LZDyAFbfQ==tZSE rndlinux.c rndegd.c rndunix.c rndw32.c # Helper bithelp.h iQCVAwUAP7ouPTEAnp832S/7AQKXggQAqjcgvihIF3WclOgw1JV2rbARw4ISIDRMFqdaNCqBRx6BwEz3UGsEIlz6+iR1sS/reqN61WvtjLb+D0+tujAkGrgQJhFLG85WtG2tB5UVoI3am1fpkwiRm+bR4rv0rGk0BYk81bC7+l4KrK9o5lVp4lCsrorlUKsd48lNmBHyAXM==mDDN rmd.h iQCVAwUAP7oumjEAnp832S/7AQJiJQP/V4bJwjZaYndJzV+KRnIDbl1koHuw+ZK5heMYVu8Qk4ylqv//BGyeRa3jZCcfPHI35q6HilCs2VBm8hiBMjHSqY/VPn2ZQ0yg/lt6qEvl7YjsLmyMICvjG+ncszHoq9pRvnF3vTnM18sPIioXLk8fskuM0XOCNBs0ARBAQjY9UGI==olUN # Configuration Makefile.am iQCVAwUAP7otvTEAnp832S/7AQJSRAQA22xFVzkSrsO7aoWxgJaJwDyHD6FC41au6+NGc1EpY/phUGtzmV/lvGuTz/VVe0hKP9UmUmIs8vVUf6UlrR26ePFwsk5ziForI4b8F18nIZQmt2TJNMIEN6N8rRPMmZCFEnWyT2z3+2kNrDUjanqY7mcKkT7ywB7qwwFeQ7egr3k==3zw5 $names$ iQCVAwUAP7oq4DEAnp832S/7AQLJ9gQAwNn8FjvvH+7cKIfvgki+wS81lOe+tXdRBKgPwHteQy8N/VrusLtasqB6JmAX4RDL/3Y0IsX9lkuZS2S1XPB+JnjT6F2zt+jVmGgY6nDLMZUlZI++5Mz0s5qDiAGUC0vIA7dvICWNjDjFVEsKjcMlWRw16plTF2fe/yUjwsCGG1s==G7kF diff --git a/cipher/elgamal.c b/cipher/elgamal.c index b902aba6..27903f95 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -1,656 +1,662 @@ /* Elgamal.c - ElGamal Public Key encryption * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * * For a description of the algorithm, see: * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. * ISBN 0-471-11709-9. Pages 476 ff. */ #include #include #include #include #include "g10lib.h" #include "mpi.h" #include "cipher.h" typedef struct { gcry_mpi_t p; /* prime */ gcry_mpi_t g; /* group generator */ gcry_mpi_t y; /* g^x mod p */ } ELG_public_key; typedef struct { gcry_mpi_t p; /* prime */ gcry_mpi_t g; /* group generator */ gcry_mpi_t y; /* g^x mod p */ gcry_mpi_t x; /* secret exponent */ } ELG_secret_key; static void test_keys (ELG_secret_key *sk, unsigned nbits); -static gcry_mpi_t gen_k (gcry_mpi_t p); +static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors); static int check_secret_key (ELG_secret_key *sk); static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey); static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey); static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey); static int verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey); static void (*progress_cb) (void *, const char *, int, int, int); static void *progress_cb_data; void _gcry_register_pk_elg_progress (void (*cb) (void *, const char *, int, int, int), void *cb_data) { progress_cb = cb; progress_cb_data = cb_data; } static void progress (int c) { if (progress_cb) progress_cb (progress_cb_data, "pk_elg", c, 0, 0); } /**************** * Michael Wiener's table on subgroup sizes to match field sizes * (floating around somewhere - Fixme: need a reference) */ static unsigned int wiener_map( unsigned int n ) { static struct { unsigned int p_n, q_n; } t[] = { /* p q attack cost */ { 512, 119 }, /* 9 x 10^17 */ { 768, 145 }, /* 6 x 10^21 */ { 1024, 165 }, /* 7 x 10^24 */ { 1280, 183 }, /* 3 x 10^27 */ { 1536, 198 }, /* 7 x 10^29 */ { 1792, 212 }, /* 9 x 10^31 */ { 2048, 225 }, /* 8 x 10^33 */ { 2304, 237 }, /* 5 x 10^35 */ { 2560, 249 }, /* 3 x 10^37 */ { 2816, 259 }, /* 1 x 10^39 */ { 3072, 269 }, /* 3 x 10^40 */ { 3328, 279 }, /* 8 x 10^41 */ { 3584, 288 }, /* 2 x 10^43 */ { 3840, 296 }, /* 4 x 10^44 */ { 4096, 305 }, /* 7 x 10^45 */ { 4352, 313 }, /* 1 x 10^47 */ { 4608, 320 }, /* 2 x 10^48 */ { 4864, 328 }, /* 2 x 10^49 */ { 5120, 335 }, /* 3 x 10^50 */ { 0, 0 } }; int i; for(i=0; t[i].p_n; i++ ) { if( n <= t[i].p_n ) return t[i].q_n; } /* not in table - use some arbitrary high number ;-) */ return n / 8 + 200; } static void test_keys( ELG_secret_key *sk, unsigned nbits ) { ELG_public_key pk; gcry_mpi_t test = gcry_mpi_new ( 0 ); gcry_mpi_t out1_a = gcry_mpi_new ( nbits ); gcry_mpi_t out1_b = gcry_mpi_new ( nbits ); gcry_mpi_t out2 = gcry_mpi_new ( nbits ); pk.p = sk->p; pk.g = sk->g; pk.y = sk->y; gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM ); do_encrypt( out1_a, out1_b, test, &pk ); decrypt( out2, out1_a, out1_b, sk ); if( mpi_cmp( test, out2 ) ) log_fatal("ElGamal operation: encrypt, decrypt failed\n"); sign( out1_a, out1_b, test, sk ); if( !verify( out1_a, out1_b, test, &pk ) ) log_fatal("ElGamal operation: sign, verify failed\n"); gcry_mpi_release ( test ); gcry_mpi_release ( out1_a ); gcry_mpi_release ( out1_b ); gcry_mpi_release ( out2 ); } /**************** - * generate a random secret exponent k from prime p, so - * that k is relatively prime to p-1 + * Generate a random secret exponent k from prime p, so that k is + * relatively prime to p-1. With SMALL_K set, k will be selected for + * better encryption performance - this must never be used signing! */ static gcry_mpi_t -gen_k( gcry_mpi_t p ) +gen_k( gcry_mpi_t p, int small_k ) { gcry_mpi_t k = mpi_alloc_secure( 0 ); gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); gcry_mpi_t p_1 = mpi_copy(p); unsigned int orig_nbits = mpi_get_nbits(p); unsigned int nbits, nbytes; char *rndbuf = NULL; - /* IMO using a k much lesser than p is sufficient and it greatly - * improves the encryption performance. We use Wiener's table - * and add a large safety margin. - */ - nbits = wiener_map( orig_nbits ) * 3 / 2; - if( nbits >= orig_nbits ) - BUG(); + if (small_k) + { + /* Using a k much lesser than p is sufficient for encryption and + * it greatly improves the encryption performance. We use + * Wiener's table and add a large safety margin. + */ + nbits = wiener_map( orig_nbits ) * 3 / 2; + if( nbits >= orig_nbits ) + BUG(); + } + else + nbits = orig_nbits; + nbytes = (nbits+7)/8; if( DBG_CIPHER ) log_debug("choosing a random k "); mpi_sub_ui( p_1, p, 1); for(;;) { if( !rndbuf || nbits < 32 ) { gcry_free(rndbuf); rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM ); } else { /* change only some of the higher bits */ /* we could improve this by directly requesting more memory * at the first call to get_random_bytes() and use this the here * maybe it is easier to do this directly in random.c * Anyway, it is highly inlikely that we will ever reach this code */ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); memcpy( rndbuf, pp, 4 ); gcry_free(pp); - log_debug("gen_k: tsss, never expected to reach this\n"); } _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 ); for(;;) { /* Hmm, actually we don't need this step here * because we use k much smaller than p - we do it anyway * just in case the keep on adding a one to k ;) */ if( !(mpi_cmp( k, p_1 ) < 0) ) { /* check: k < (p-1) */ if( DBG_CIPHER ) progress('+'); break; /* no */ } if( !(mpi_cmp_ui( k, 0 ) > 0) ) { /* check: k > 0 */ if( DBG_CIPHER ) progress('-'); break; /* no */ } if( gcry_mpi_gcd( temp, k, p_1 ) ) goto found; /* okay, k is relatively prime to (p-1) */ mpi_add_ui( k, k, 1 ); if( DBG_CIPHER ) progress('.'); } } found: gcry_free(rndbuf); if( DBG_CIPHER ) progress('\n'); mpi_free(p_1); mpi_free(temp); return k; } /**************** * Generate a key pair with a key of size NBITS * Returns: 2 structures filles with all needed values * and an array with n-1 factors of (p-1) */ static void generate( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) { gcry_mpi_t p; /* the prime */ gcry_mpi_t p_min1; gcry_mpi_t g; gcry_mpi_t x; /* the secret exponent */ gcry_mpi_t y; gcry_mpi_t temp; unsigned int qbits; unsigned int xbits; byte *rndbuf; p_min1 = gcry_mpi_new ( nbits ); temp = gcry_mpi_new( nbits ); qbits = wiener_map( nbits ); if( qbits & 1 ) /* better have a even one */ qbits++; g = mpi_alloc(1); p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors ); mpi_sub_ui(p_min1, p, 1); /* select a random number which has these properties: * 0 < x < p-1 * This must be a very good random number because this is the * secret part. The prime is public and may be shared anyway, * so a random generator level of 1 is used for the prime. * * I don't see a reason to have a x of about the same size * as the p. It should be sufficient to have one about the size * of q or the later used k plus a large safety margin. Decryption * will be much faster with such an x. */ xbits = qbits * 3 / 2; if( xbits >= nbits ) BUG(); x = gcry_mpi_snew ( xbits ); if( DBG_CIPHER ) log_debug("choosing a random x of size %u", xbits ); rndbuf = NULL; do { if( DBG_CIPHER ) progress('.'); if( rndbuf ) { /* change only some of the higher bits */ if( xbits < 16 ) {/* should never happen ... */ gcry_free(rndbuf); rndbuf = gcry_random_bytes_secure( (xbits+7)/8, GCRY_VERY_STRONG_RANDOM ); } else { char *r = gcry_random_bytes_secure( 2, GCRY_VERY_STRONG_RANDOM ); memcpy(rndbuf, r, 2 ); gcry_free(r); } } else { rndbuf = gcry_random_bytes_secure( (xbits+7)/8, GCRY_VERY_STRONG_RANDOM ); } _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 ); mpi_clear_highbit( x, xbits+1 ); } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); gcry_free(rndbuf); y = gcry_mpi_new (nbits); gcry_mpi_powm( y, g, x, p ); if( DBG_CIPHER ) { progress('\n'); log_mpidump("elg p= ", p ); log_mpidump("elg g= ", g ); log_mpidump("elg y= ", y ); log_mpidump("elg x= ", x ); } /* copy the stuff to the key structures */ sk->p = p; sk->g = g; sk->y = y; sk->x = x; /* now we can test our keys (this should never fail!) */ test_keys( sk, nbits - 64 ); gcry_mpi_release ( p_min1 ); gcry_mpi_release ( temp ); } /**************** * Test whether the secret key is valid. * Returns: if this is a valid key. */ static int check_secret_key( ELG_secret_key *sk ) { int rc; gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) ); gcry_mpi_powm( y, sk->g, sk->x, sk->p ); rc = !mpi_cmp( y, sk->y ); mpi_free( y ); return rc; } static void do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) { gcry_mpi_t k; /* Note: maybe we should change the interface, so that it * is possible to check that input is < p and return an * error code. */ - k = gen_k( pkey->p ); + k = gen_k( pkey->p, 1 ); gcry_mpi_powm( a, pkey->g, k, pkey->p ); /* b = (y^k * input) mod p * = ((y^k mod p) * (input mod p)) mod p * and because input is < p * = ((y^k mod p) * input) mod p */ gcry_mpi_powm( b, pkey->y, k, pkey->p ); gcry_mpi_mulm( b, b, input, pkey->p ); #if 0 if( DBG_CIPHER ) { log_mpidump("elg encrypted y= ", pkey->y); log_mpidump("elg encrypted p= ", pkey->p); log_mpidump("elg encrypted k= ", k); log_mpidump("elg encrypted M= ", input); log_mpidump("elg encrypted a= ", a); log_mpidump("elg encrypted b= ", b); } #endif mpi_free(k); } static void decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) { gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); /* output = b/(a^x) mod p */ gcry_mpi_powm( t1, a, skey->x, skey->p ); mpi_invm( t1, t1, skey->p ); mpi_mulm( output, b, t1, skey->p ); #if 0 if( DBG_CIPHER ) { log_mpidump("elg decrypted x= ", skey->x); log_mpidump("elg decrypted p= ", skey->p); log_mpidump("elg decrypted a= ", a); log_mpidump("elg decrypted b= ", b); log_mpidump("elg decrypted M= ", output); } #endif mpi_free(t1); } /**************** * Make an Elgamal signature out of INPUT */ static void sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) { gcry_mpi_t k; gcry_mpi_t t = mpi_alloc( mpi_get_nlimbs(a) ); gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) ); gcry_mpi_t p_1 = mpi_copy(skey->p); /* * b = (t * inv) mod (p-1) * b = (t * inv(k,(p-1),(p-1)) mod (p-1) * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1) * */ mpi_sub_ui(p_1, p_1, 1); - k = gen_k( skey->p ); + k = gen_k( skey->p, 0 /* no small K ! */ ); gcry_mpi_powm( a, skey->g, k, skey->p ); mpi_mul(t, skey->x, a ); mpi_subm(t, input, t, p_1 ); mpi_invm(inv, k, p_1 ); mpi_mulm(b, t, inv, p_1 ); #if 0 if( DBG_CIPHER ) { log_mpidump("elg sign p= ", skey->p); log_mpidump("elg sign g= ", skey->g); log_mpidump("elg sign y= ", skey->y); log_mpidump("elg sign x= ", skey->x); log_mpidump("elg sign k= ", k); log_mpidump("elg sign M= ", input); log_mpidump("elg sign a= ", a); log_mpidump("elg sign b= ", b); } #endif mpi_free(k); mpi_free(t); mpi_free(inv); mpi_free(p_1); } /**************** * Returns true if the signature composed of A and B is valid. */ static int verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) { int rc; gcry_mpi_t t1; gcry_mpi_t t2; gcry_mpi_t base[4]; gcry_mpi_t ex[4]; if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) ) return 0; /* assertion 0 < a < p failed */ t1 = mpi_alloc( mpi_get_nlimbs(a) ); t2 = mpi_alloc( mpi_get_nlimbs(a) ); #if 0 /* t1 = (y^a mod p) * (a^b mod p) mod p */ gcry_mpi_powm( t1, pkey->y, a, pkey->p ); gcry_mpi_powm( t2, a, b, pkey->p ); mpi_mulm( t1, t1, t2, pkey->p ); /* t2 = g ^ input mod p */ gcry_mpi_powm( t2, pkey->g, input, pkey->p ); rc = !mpi_cmp( t1, t2 ); #elif 0 /* t1 = (y^a mod p) * (a^b mod p) mod p */ base[0] = pkey->y; ex[0] = a; base[1] = a; ex[1] = b; base[2] = NULL; ex[2] = NULL; mpi_mulpowm( t1, base, ex, pkey->p ); /* t2 = g ^ input mod p */ gcry_mpi_powm( t2, pkey->g, input, pkey->p ); rc = !mpi_cmp( t1, t2 ); #else /* t1 = g ^ - input * y ^ a * a ^ b mod p */ mpi_invm(t2, pkey->g, pkey->p ); base[0] = t2 ; ex[0] = input; base[1] = pkey->y; ex[1] = a; base[2] = a; ex[2] = b; base[3] = NULL; ex[3] = NULL; mpi_mulpowm( t1, base, ex, pkey->p ); rc = !mpi_cmp_ui( t1, 1 ); #endif mpi_free(t1); mpi_free(t2); return rc; } /********************************************* ************** interface ****************** *********************************************/ gcry_err_code_t _gcry_elg_generate (int algo, unsigned nbits, unsigned long dummy, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { ELG_secret_key sk; generate (&sk, nbits, retfactors); skey[0] = sk.p; skey[1] = sk.g; skey[2] = sk.y; skey[3] = sk.x; return GPG_ERR_NO_ERROR; } gcry_err_code_t _gcry_elg_check_secret_key (int algo, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3])) err = GPG_ERR_BAD_MPI; else { sk.p = skey[0]; sk.g = skey[1]; sk.y = skey[2]; sk.x = skey[3]; if (! check_secret_key (&sk)) err = GPG_ERR_BAD_SECKEY; } return err; } gcry_err_code_t _gcry_elg_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *pkey, int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_public_key pk; if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2])) err = GPG_ERR_BAD_MPI; else { pk.p = pkey[0]; pk.g = pkey[1]; pk.y = pkey[2]; resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p)); resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p)); do_encrypt (resarr[0], resarr[1], data, &pk); } return err; } gcry_err_code_t _gcry_elg_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data, gcry_mpi_t *skey, int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; if ((! data[0]) || (! data[1]) || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3])) err = GPG_ERR_BAD_MPI; else { sk.p = skey[0]; sk.g = skey[1]; sk.y = skey[2]; sk.x = skey[3]; *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p)); decrypt (*result, data[0], data[1], &sk); } return err; } gcry_err_code_t _gcry_elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; if ((! data) || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3])) err = GPG_ERR_BAD_MPI; else { sk.p = skey[0]; sk.g = skey[1]; sk.y = skey[2]; sk.x = skey[3]; resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p)); resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p)); sign (resarr[0], resarr[1], data, &sk); } return err; } gcry_err_code_t _gcry_elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, int (*cmp) (void *, gcry_mpi_t), void *opaquev) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_public_key pk; if ((! data[0]) || (! data[1]) || (! hash) || (! pkey[0]) || (! pkey[1]) || (! pkey[2])) err = GPG_ERR_BAD_MPI; else { pk.p = pkey[0]; pk.g = pkey[1]; pk.y = pkey[2]; if (! verify (data[0], data[1], hash, &pk)) err = GPG_ERR_BAD_SIGNATURE; } return err; } unsigned int _gcry_elg_get_nbits (int algo, gcry_mpi_t *pkey) { return mpi_get_nbits (pkey[0]); } static char *elg_names[] = { "elg", "openpgp-elg", "openpgp-elg-sig", NULL, }; gcry_pk_spec_t _gcry_pubkey_spec_elg = { "ELG", elg_names, "pgy", "pgyx", "ab", "rs", "pgy", GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR, _gcry_elg_generate, _gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_decrypt, _gcry_elg_sign, _gcry_elg_verify, _gcry_elg_get_nbits, }; diff --git a/cipher/primegen.c b/cipher/primegen.c index 127e2800..0fd869e1 100644 --- a/cipher/primegen.c +++ b/cipher/primegen.c @@ -1,982 +1,982 @@ /* primegen.c - prime number generator * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * * *********************************************************************** * The algorithm used to generate practically save primes is due to * Lim and Lee as described in the CRYPTO '97 proceedings (ISBN3540633847) * page 260. */ #include #include #include #include #include #include "g10lib.h" #include "mpi.h" #include "cipher.h" static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel, int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg); static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2 ); static int is_prime( gcry_mpi_t n, int steps, int *count ); static void m_out_of_n( char *array, int m, int n ); static void (*progress_cb) (void *,const char*,int,int, int ); static void *progress_cb_data; /* Note: 2 is not included because it can be tested more easily by looking at bit 0. The last entry in this list is marked by a zero */ static ushort small_prime_numbers[] = { 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051, 1061, 1063, 1069, 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123, 1129, 1151, 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, 1217, 1223, 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, 1289, 1291, 1297, 1301, 1303, 1307, 1319, 1321, 1327, 1361, 1367, 1373, 1381, 1399, 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459, 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, 1523, 1531, 1543, 1549, 1553, 1559, 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609, 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, 1697, 1699, 1709, 1721, 1723, 1733, 1741, 1747, 1753, 1759, 1777, 1783, 1787, 1789, 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, 1873, 1877, 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 1951, 1973, 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, 2027, 2029, 2039, 2053, 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129, 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, 2207, 2213, 2221, 2237, 2239, 2243, 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297, 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, 2381, 2383, 2389, 2393, 2399, 2411, 2417, 2423, 2437, 2441, 2447, 2459, 2467, 2473, 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, 2557, 2579, 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, 2659, 2663, 2671, 2677, 2683, 2687, 2689, 2693, 2699, 2707, 2711, 2713, 2719, 2729, 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801, 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 2879, 2887, 2897, 2903, 2909, 2917, 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999, 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, 3083, 3089, 3109, 3119, 3121, 3137, 3163, 3167, 3169, 3181, 3187, 3191, 3203, 3209, 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, 3299, 3301, 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, 3359, 3361, 3371, 3373, 3389, 3391, 3407, 3413, 3433, 3449, 3457, 3461, 3463, 3467, 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541, 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, 3613, 3617, 3623, 3631, 3637, 3643, 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709, 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, 3803, 3821, 3823, 3833, 3847, 3851, 3853, 3863, 3877, 3881, 3889, 3907, 3911, 3917, 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, 4001, 4003, 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, 4073, 4079, 4091, 4093, 4099, 4111, 4127, 4129, 4133, 4139, 4153, 4157, 4159, 4177, 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259, 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, 4339, 4349, 4357, 4363, 4373, 4391, 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457, 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, 4549, 4561, 4567, 4583, 4591, 4597, 4603, 4621, 4637, 4639, 4643, 4649, 4651, 4657, 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, 4733, 4751, 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, 4817, 4831, 4861, 4871, 4877, 4889, 4903, 4909, 4919, 4931, 4933, 4937, 4943, 4951, 4957, 4967, 4969, 4973, 4987, 4993, 4999, 0 }; static int no_of_small_prime_numbers = DIM (small_prime_numbers) - 1; void _gcry_register_primegen_progress ( void (*cb)(void *,const char*,int,int,int), void *cb_data ) { progress_cb = cb; progress_cb_data = cb_data; } static void progress( int c ) { if ( progress_cb ) progress_cb ( progress_cb_data, "primegen", c, 0, 0 ); } /**************** * Generate a prime number (stored in secure memory) */ gcry_mpi_t _gcry_generate_secret_prime (unsigned int nbits, int (*extra_check)(void*, gcry_mpi_t), void *extra_check_arg) { gcry_mpi_t prime; prime = gen_prime( nbits, 1, 2, extra_check, extra_check_arg); progress('\n'); return prime; } gcry_mpi_t _gcry_generate_public_prime( unsigned int nbits, int (*extra_check)(void*, gcry_mpi_t), void *extra_check_arg) { gcry_mpi_t prime; prime = gen_prime( nbits, 0, 2, extra_check, extra_check_arg ); progress('\n'); return prime; } /**************** * We do not need to use the strongest RNG because we gain no extra * security from it - The prime number is public and we could also * offer the factors for those who are willing to check that it is * indeed a strong prime. With ALL_FACTORS set to true all afcors of * prime-1 are returned in FACTORS. * * mode 0: Standard * 1: Make sure that at least one factor is of size qbits. */ static gcry_err_code_t prime_generate_internal (int mode, gcry_mpi_t *prime_generated, unsigned int pbits, unsigned int qbits, gcry_mpi_t g, gcry_mpi_t **ret_factors, gcry_random_level_t randomlevel, unsigned int flags, int all_factors) { gcry_err_code_t err = 0; gcry_mpi_t *factors_new = NULL; /* Factors to return to the caller. */ gcry_mpi_t *factors = NULL; /* Current factors. */ gcry_mpi_t *pool = NULL; /* Pool of primes. */ unsigned char *perms = NULL; /* Permutations of POOL. */ gcry_mpi_t q_factor = NULL; /* Used if QBITS is non-zero. */ unsigned int fbits = 0; /* Length of prime factors. */ unsigned int n = 0; /* Number of factors. */ unsigned int m = 0; /* Number of primes in pool. */ gcry_mpi_t q = NULL; /* First prime factor. */ gcry_mpi_t prime = NULL; /* Prime candidate. */ unsigned int nprime = 0; /* Bits of PRIME. */ unsigned int req_qbits; /* The original QBITS value. */ gcry_mpi_t val_2; /* For check_prime(). */ unsigned int is_secret = (flags & GCRY_PRIME_FLAG_SECRET); unsigned int count1 = 0, count2 = 0; unsigned int i = 0, j = 0; if (pbits < 48) return GPG_ERR_INV_ARG; /* If QBITS is not given, assume a reasonable value. */ if (!qbits) qbits = pbits / 3; req_qbits = qbits; /* Find number of needed prime factors. */ for (n = 1; (pbits - qbits - 1) / n >= qbits; n++) ; n--; val_2 = mpi_alloc_set_ui (2); if ((! n) || ((mode == 1) && (n < 2))) err = GPG_ERR_INV_ARG; if (! err) { if (mode == 1) { n--; fbits = (pbits - 2 * req_qbits -1) / n; qbits = pbits - req_qbits - n * fbits; } else { fbits = (pbits - req_qbits -1) / n; qbits = pbits - n * fbits; } if (DBG_CIPHER) log_debug ("gen prime: pbits=%u qbits=%u fbits=%u/%u n=%d\n", pbits, req_qbits, qbits, fbits, n); prime = gcry_mpi_new (pbits); /* Generate first prime factor. */ q = gen_prime (qbits, is_secret, randomlevel, NULL, NULL); if (mode == 1) q_factor = gen_prime (req_qbits, is_secret, randomlevel, NULL, NULL); /* Allocate an array to hold the factors + 2 for later usage. */ factors = gcry_calloc (n + 2, sizeof (*factors)); if (! factors) err = GPG_ERR_INTERNAL; /* FIXME. */ } if (! err) { /* Make a pool of 3n+5 primes (this is an arbitrary value). */ m = n * 3 + 5; if (mode == 1) /* Need some more (for e.g. DSA). */ m += 5; if (m < 25) m = 25; pool = gcry_calloc (m , sizeof (*pool)); if (! pool) err = GPG_ERR_INTERNAL; } if (! err) /* Permutate over the pool of primes. */ do { next_try: if (! perms) { /* Allocate new primes. */ for(i = 0; i < m; i++) { mpi_free (pool[i]); pool[i] = NULL; } /* Init m_out_of_n(). */ perms = gcry_calloc (1, m); if (! perms) err = GPG_ERR_INTERNAL; /* FIXME. */ else { for(i = 0; i < n; i++) { perms[i] = 1; pool[i] = gen_prime (fbits, is_secret, randomlevel, NULL, NULL); factors[i] = pool[i]; } } if (err) break; } else { m_out_of_n (perms, n, m); for(i = j = 0; (i < m) && (j < n); i++) if (perms[i]) { if(! pool[i]) pool[i] = gen_prime (fbits, 0, 1, NULL, NULL); factors[j++] = pool[i]; } if (i == n) { gcry_free(perms); perms = NULL; progress('!'); goto next_try; /* Allocate new primes. */ } } /* Generate next prime candidate: p = 2 * q [ * q_factor] * factor_0 * factor_1 * ... * factor_n + 1. */ mpi_set (prime, q); mpi_mul_ui (prime, prime, 2); if (mode == 1) mpi_mul (prime, prime, q_factor); for(i = 0; i < n; i++) mpi_mul (prime, prime, factors[i]); mpi_add_ui (prime, prime, 1); nprime = mpi_get_nbits (prime); if (nprime < pbits) { if (++count1 > 20) { count1 = 0; qbits++; progress('>'); mpi_free (q); q = gen_prime (qbits, 0, 0, NULL, NULL); goto next_try; } } else count1 = 0; if (nprime > pbits) { if (++count2 > 20) { count2 = 0; qbits--; progress('<'); mpi_free (q); q = gen_prime (qbits, 0, 0, NULL, NULL); goto next_try; } } else count2 = 0; } while (! ((nprime == pbits) && check_prime (prime, val_2))); if (! err) if (DBG_CIPHER) { progress ('\n'); log_mpidump ("prime : ", prime); log_mpidump ("factor q: ", q); if (mode == 1) log_mpidump ("factor q0: ", q_factor); for(i = 0; i < n; i++) log_mpidump ("factor pi: ", factors[i]); log_debug ("bit sizes: prime=%u, q=%u", mpi_get_nbits (prime), mpi_get_nbits (q)); if (mode == 1) log_debug (", q0=%u", mpi_get_nbits (q_factor)); for (i = 0; i < n; i++) log_debug (", p%d=%u", i, mpi_get_nbits (factors[i])); progress('\n'); } if (! err) if (ret_factors) { /* Caller wants the factors. */ factors_new = gcry_calloc (n + 4, sizeof (*factors_new)); if (! factors_new) err = GPG_ERR_INTERNAL; /* FIXME. */ else if (all_factors) { i = 0; (factors_new)[i++] = gcry_mpi_set_ui (NULL, 2); (factors_new)[i++] = mpi_copy (q); if (mode == 1) (factors_new)[i++] = mpi_copy (q_factor); for(j=0; j < n; j++) (factors_new)[i++] = mpi_copy (factors[j]); } else { i = 0; if (mode == 1) { (factors_new)[i++] = mpi_copy (q_factor); for(; i <= n; i++) (factors_new)[i] = mpi_copy (factors[i]); } else for(; i < n; i++ ) (factors_new)[i] = mpi_copy (factors[i]); } } if (! err) if (g) { /* Create a generator (start with 3). */ gcry_mpi_t tmp = mpi_alloc (mpi_get_nlimbs (prime)); gcry_mpi_t b = mpi_alloc (mpi_get_nlimbs (prime)); gcry_mpi_t pmin1 = mpi_alloc (mpi_get_nlimbs (prime)); if (mode == 1) err = GPG_ERR_NOT_IMPLEMENTED; else { factors[n] = q; factors[n + 1] = mpi_alloc_set_ui (2); mpi_sub_ui (pmin1, prime, 1); mpi_set_ui (g, 2); do { mpi_add_ui (g, g, 1); if (DBG_CIPHER) { log_debug ("checking g:"); gcry_mpi_dump (g); - log_debug ("\n"); + log_printf ("\n"); } else progress('^'); for (i = 0; i < n + 2; i++) { mpi_fdiv_q (tmp, pmin1, factors[i]); /* No mpi_pow(), but it is okay to use this with mod prime. */ gcry_mpi_powm (b, g, tmp, prime); if (! mpi_cmp_ui (b, 1)) break; } if (DBG_CIPHER) progress('\n'); } while (i < n + 2); mpi_free (factors[n+1]); mpi_free (tmp); mpi_free (b); mpi_free (pmin1); } } if (! err) if (! DBG_CIPHER) progress ('\n'); if (pool) { for(i = 0; i < m; i++) mpi_free (pool[i]); gcry_free (pool); } if (factors) gcry_free (factors); /* Factors are shallow copies. */ if (perms) gcry_free (perms); mpi_free (val_2); mpi_free (q); if (! err) { *prime_generated = prime; if (ret_factors) *ret_factors = factors_new; } else { if (factors_new) { for (i = 0; factors_new[i]; i++) mpi_free (factors_new[i]); gcry_free (factors_new); } } return err; } gcry_mpi_t _gcry_generate_elg_prime (int mode, unsigned pbits, unsigned qbits, gcry_mpi_t g, gcry_mpi_t **ret_factors) { gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_mpi_t prime = NULL; err = prime_generate_internal (mode, &prime, pbits, qbits, g, ret_factors, GCRY_WEAK_RANDOM, 0, 0); return prime; } static gcry_mpi_t gen_prime (unsigned int nbits, int secret, int randomlevel, int (*extra_check)(void *, gcry_mpi_t), void *extra_check_arg) { gcry_mpi_t prime, ptest, pminus1, val_2, val_3, result; int i; unsigned x, step; unsigned count1, count2; int *mods; if( 0 && DBG_CIPHER ) log_debug ("generate a prime of %u bits ", nbits ); if (nbits < 16) log_fatal ("can't generate a prime with less than %d bits\n", 16); mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); /* make nbits fit into gcry_mpi_t implementation */ val_2 = mpi_alloc_set_ui( 2 ); val_3 = mpi_alloc_set_ui( 3); prime = secret? gcry_mpi_snew ( nbits ): gcry_mpi_new ( nbits ); result = mpi_alloc_like( prime ); pminus1= mpi_alloc_like( prime ); ptest = mpi_alloc_like( prime ); count1 = count2 = 0; for (;;) { /* try forvever */ int dotcount=0; /* generate a random number */ gcry_mpi_randomize( prime, nbits, randomlevel ); /* Set high order bit to 1, set low order bit to 0. If we are generating a secret prime we are most probably doing that for RSA, to make sure that the modulus does have the requested keysize we set the 2 high order bits */ mpi_set_highbit (prime, nbits-1); if (secret) mpi_set_bit (prime, nbits-2); mpi_set_bit(prime, 0); /* calculate all remainders */ for (i=0; (x = small_prime_numbers[i]); i++ ) mods[i] = mpi_fdiv_r_ui(NULL, prime, x); /* now try some primes starting with prime */ for(step=0; step < 20000; step += 2 ) { /* check against all the small primes we have in mods */ count1++; for (i=0; (x = small_prime_numbers[i]); i++ ) { while ( mods[i] + step >= x ) mods[i] -= x; if ( !(mods[i] + step) ) break; } if ( x ) continue; /* found a multiple of an already known prime */ mpi_add_ui( ptest, prime, step ); /* do a faster Fermat test */ count2++; mpi_sub_ui( pminus1, ptest, 1); gcry_mpi_powm( result, val_2, pminus1, ptest ); if ( !mpi_cmp_ui( result, 1 ) ) { /* not composite, perform stronger tests */ if (is_prime(ptest, 5, &count2 )) { if (!mpi_test_bit( ptest, nbits-1-secret )) { progress('\n'); log_debug("overflow in prime generation\n"); break; /* stop loop, continue with a new prime */ } if (extra_check && extra_check (extra_check_arg, ptest)) { /* The extra check told us that this prime is not of the caller's taste. */ progress ('/'); } else { /* got it */ mpi_free(val_2); mpi_free(val_3); mpi_free(result); mpi_free(pminus1); mpi_free(prime); gcry_free(mods); return ptest; } } } if (++dotcount == 10 ) { progress('.'); dotcount = 0; } } progress(':'); /* restart with a new random value */ } } /**************** * Returns: true if this may be a prime */ static int check_prime( gcry_mpi_t prime, gcry_mpi_t val_2 ) { int i; unsigned x; int count=0; /* check against small primes */ for(i=0; (x = small_prime_numbers[i]); i++ ) { if( mpi_divisible_ui( prime, x ) ) return 0; } /* a quick fermat test */ { gcry_mpi_t result = mpi_alloc_like( prime ); gcry_mpi_t pminus1 = mpi_alloc_like( prime ); mpi_sub_ui( pminus1, prime, 1); gcry_mpi_powm( result, val_2, pminus1, prime ); mpi_free( pminus1 ); if( mpi_cmp_ui( result, 1 ) ) { /* if composite */ mpi_free( result ); progress('.'); return 0; } mpi_free( result ); } /* perform stronger tests */ if( is_prime(prime, 5, &count ) ) return 1; /* is probably a prime */ progress('.'); return 0; } /**************** * Return true if n is probably a prime */ static int is_prime( gcry_mpi_t n, int steps, int *count ) { gcry_mpi_t x = mpi_alloc( mpi_get_nlimbs( n ) ); gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs( n ) ); gcry_mpi_t z = mpi_alloc( mpi_get_nlimbs( n ) ); gcry_mpi_t nminus1 = mpi_alloc( mpi_get_nlimbs( n ) ); gcry_mpi_t a2 = mpi_alloc_set_ui( 2 ); gcry_mpi_t q; unsigned i, j, k; int rc = 0; unsigned nbits = mpi_get_nbits( n ); mpi_sub_ui( nminus1, n, 1 ); /* find q and k, so that n = 1 + 2^k * q */ q = mpi_copy( nminus1 ); k = mpi_trailing_zeros( q ); mpi_tdiv_q_2exp(q, q, k); for(i=0 ; i < steps; i++ ) { ++*count; if( !i ) { mpi_set_ui( x, 2 ); } else { gcry_mpi_randomize( x, nbits, GCRY_WEAK_RANDOM ); /* make sure that the number is smaller than the prime * and keep the randomness of the high bit */ if( mpi_test_bit( x, nbits-2 ) ) { mpi_set_highbit( x, nbits-2 ); /* clear all higher bits */ } else { mpi_set_highbit( x, nbits-2 ); mpi_clear_bit( x, nbits-2 ); } assert( mpi_cmp( x, nminus1 ) < 0 && mpi_cmp_ui( x, 1 ) > 0 ); } gcry_mpi_powm( y, x, q, n); if( mpi_cmp_ui(y, 1) && mpi_cmp( y, nminus1 ) ) { for( j=1; j < k && mpi_cmp( y, nminus1 ); j++ ) { gcry_mpi_powm(y, y, a2, n); if( !mpi_cmp_ui( y, 1 ) ) goto leave; /* not a prime */ } if( mpi_cmp( y, nminus1 ) ) goto leave; /* not a prime */ } progress('+'); } rc = 1; /* may be a prime */ leave: mpi_free( x ); mpi_free( y ); mpi_free( z ); mpi_free( nminus1 ); mpi_free( q ); return rc; } static void m_out_of_n( char *array, int m, int n ) { int i=0, i1=0, j=0, jp=0, j1=0, k1=0, k2=0; if( !m || m >= n ) return; if( m == 1 ) { /* special case */ for(i=0; i < n; i++ ) if( array[i] ) { array[i++] = 0; if( i >= n ) i = 0; array[i] = 1; return; } BUG(); } for(j=1; j < n; j++ ) { if( array[n-1] == array[n-j-1] ) continue; j1 = j; break; } if( m & 1 ) { /* m is odd */ if( array[n-1] ) { if( j1 & 1 ) { k1 = n - j1; k2 = k1+2; if( k2 > n ) k2 = n; goto leave; } goto scan; } k2 = n - j1 - 1; if( k2 == 0 ) { k1 = i; k2 = n - j1; } else if( array[k2] && array[k2-1] ) k1 = n; else k1 = k2 + 1; } else { /* m is even */ if( !array[n-1] ) { k1 = n - j1; k2 = k1 + 1; goto leave; } if( !(j1 & 1) ) { k1 = n - j1; k2 = k1+2; if( k2 > n ) k2 = n; goto leave; } scan: jp = n - j1 - 1; for(i=1; i <= jp; i++ ) { i1 = jp + 2 - i; if( array[i1-1] ) { if( array[i1-2] ) { k1 = i1 - 1; k2 = n - j1; } else { k1 = i1 - 1; k2 = n + 1 - j1; } goto leave; } } k1 = 1; k2 = n + 1 - m; } leave: array[k1-1] = !array[k1-1]; array[k2-1] = !array[k2-1]; } /* Generate a new prime number of PRIME_BITS bits and store it in PRIME. If FACTOR_BITS is non-zero, one of the prime factors of (prime - 1) / 2 must be FACTOR_BITS bits long. If FACTORS is non-zero, allocate a new, NULL-terminated array holding the prime factors and store it in FACTORS. FLAGS might be used to influence the prime number generation process. */ gcry_error_t gcry_prime_generate (gcry_mpi_t *prime, unsigned int prime_bits, unsigned int factor_bits, gcry_mpi_t **factors, gcry_prime_check_func_t cb_func, void *cb_arg, gcry_random_level_t random_level, unsigned int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_mpi_t *factors_generated = NULL; gcry_mpi_t prime_generated = NULL; unsigned int mode = 0; if (!prime) return gpg_error (GPG_ERR_INV_ARG); *prime = NULL; if (flags & GCRY_PRIME_FLAG_SPECIAL_FACTOR) mode = 1; /* Generate. */ err = prime_generate_internal (mode, &prime_generated, prime_bits, factor_bits, NULL, factors? &factors_generated : NULL, random_level, flags, 1); if (! err) if (cb_func) { /* Additional check */ if (! (*cb_func) (cb_arg, 0, prime_generated)) { /* Failed, deallocate resources. */ unsigned int i; mpi_free (prime_generated); if (factors) { for (i = 0; factors_generated[i]; i++) mpi_free (factors_generated[i]); gcry_free (factors_generated); } err = GPG_ERR_INTERNAL; /* FIXME. */ } } if (! err) { if (factors) *factors = factors_generated; *prime = prime_generated; } return gcry_error (err); } /* Check wether the number X is prime. */ gcry_error_t gcry_prime_check (gcry_mpi_t x, unsigned int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_mpi_t test_value = mpi_alloc_set_ui (2); /* ? */ if (! check_prime (x, test_value)) err = GPG_ERR_NO_PRIME; mpi_free (test_value); return gcry_error (err); } /* Find a generator for PRIME where the factorization of (prime-1) is in the NULL terminated array FACTORS. Return the generator as a newly allocated MPI in R_G. If START_G is not NULL, use this as s atart for the search. Returns 0 on success.*/ gcry_error_t gcry_prime_group_generator (gcry_mpi_t *r_g, gcry_mpi_t prime, gcry_mpi_t *factors, gcry_mpi_t start_g) { gcry_mpi_t tmp = gcry_mpi_new (0); gcry_mpi_t b = gcry_mpi_new (0); gcry_mpi_t pmin1 = gcry_mpi_new (0); gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3); int first = 1; int i, n; if (!factors || !r_g || !prime) return gpg_error (GPG_ERR_INV_ARG); *r_g = NULL; for (n=0; factors[n]; n++) ; if (n < 2) return gpg_error (GPG_ERR_INV_ARG); #if 1 /* Extra sanity check - usually disabled. */ { mpi_set (tmp, factors[0]); for(i = 1; i < n; i++) mpi_mul (tmp, tmp, factors[i]); mpi_add_ui (tmp, tmp, 1); if (mpi_cmp (prime, tmp)) return gpg_error (GPG_ERR_INV_ARG); } #endif /* Extra sanity check. */ gcry_mpi_sub_ui (pmin1, prime, 1); do { if (first) first = 0; else gcry_mpi_add_ui (g, g, 1); if (DBG_CIPHER) { log_debug ("checking g:"); gcry_mpi_dump (g); log_debug ("\n"); } else progress('^'); for (i = 0; i < n; i++) { mpi_fdiv_q (tmp, pmin1, factors[i]); gcry_mpi_powm (b, g, tmp, prime); if (! mpi_cmp_ui (b, 1)) break; } if (DBG_CIPHER) progress('\n'); } while (i < n); gcry_mpi_release (tmp); gcry_mpi_release (b); gcry_mpi_release (pmin1); *r_g = g; return 0; } /* Convenience function to release the factors array. */ void gcry_prime_release_factors (gcry_mpi_t *factors) { if (factors) { int i; for (i=0; factors[i]; i++) mpi_free (factors[i]); gcry_free (factors); } }