diff --git a/cipher/ChangeLog b/cipher/ChangeLog index b8ff7c5a..9c1e5128 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3200 +1,3209 @@ +2007-02-23 Werner Koch + + * elgamal.c (generate): Removed unused variable TEMP. + (test_keys): New arg NODIE. + (generate_using_x, _gcry_elg_generate_using_x): New. + * pubkey.c (pubkey_generate): New arg XVALUE and direct call to + the new elgamal generate fucntion. + (gcry_pk_genkey): Parse the new "xvalue" tag. + 2007-02-22 Werner Koch * pubkey.c (sexp_data_to_mpi): Handle dynamically allocated algorithms. Suggested by Neil Dunbar. Fixes bug#596. * rndw32.c (_gcry_rndw32_gather_random_fast): Make it return void. * cipher.c (gcry_cipher_algo_name): Simplified. * random.c: Use the daemon only if compiled with USE_RANDOM_DAEMON. * Makefile.am (libcipher_la_SOURCES): Build random-daemon support only if requested. 2007-02-21 Werner Koch * random.c (rndpool, keypool): Make unsigned. (mix_pool): Change char* variables to unsigned char*. (gcry_randomize): Make arg BUFFER a void*. (gcry_create_nonce): Ditto. * rmd160.c (gcry_rmd160_mixblock): Make BUFFER a void*. (_gcry_rmd160_hash_buffer): Make OUTBUF and BUFFER void*. * sha1.c (_gcry_sha1_hash_buffer): Ditto. * cipher.c (gcry_cipher_encrypt, cry_cipher_decrypt): Change buffer args to void*. (gcry_cipher_register): Make ALGORITHM_ID a int *. * md.c (md_start_debug): Make SUFFIX a const char*. Use snprintf. (gcry_md_debug): New. (gcry_md_ctl): Changed arg BUFFER from unsigned char*. * md.c (md_write): Make INBUF a const void*. (gcry_md_write): Remove needless cast. * crc.c (crc32_write): Make INBUF a const void* (update_crc32, crc24rfc2440_write): Ditto. * sha512.c (sha512_write, transform): Ditto. * sha256.c (sha256_write, transform): Ditto. * rmd160.c (rmd160_write, transform): Ditto. * md5.c (md5_write, transform): Ditto. * md4.c (md4_write, transform): Ditto. * sha1.c (sha1_write, transform): Ditto. * tiger.c (tiger_write, transform): Ditto. * whirlpool.c (whirlpool_write, whirlpool_add, transform): Ditto. * elgamal.c (elg_names): Change to a const*. * dsa.c (dsa_names): Ditto. * rsa.c (rsa_names): Ditto. * pubkey.c (gcry_pk_lookup_func_name): Make ALIASES a const. 2007-02-20 Werner Koch * rndlinux.c (open_device): Remove unsused arg MINOR. 2007-01-30 Werner Koch * sha256.c (oid_spec_sha256): Add alias from pkcs#1. * sha512.c (oid_spec_sha512): Ditto. (oid_spec_sha384): Ditto. 2006-12-18 Werner Koch * rndlinux.c (set_cloexec_flag): New. (open_device): Set close-on-exit flags. Suggested by Max Kellermann. Fixes Debian#403613. * Makefile.am (AM_CPPFLAGS, AM_CFLAGS): Splitted and merged Moritz' changes. (INCLUDES): Removed. 2006-11-30 Werner Koch * serpent.c (byte_swap_32): Remove trailing semicolon. 2006-11-15 Werner Koch * Makefile.am (INCLUDES): Include ../src/ 2006-11-03 Werner Koch * random.c [HAVE_GETTIMEOFDAY]: Included sys/time.h and not sys/times.h. Reported by Rafaël Carré. 2006-11-05 Moritz Schulte * Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the new gcrypt.h is used, not the one installed in the system. 2006-10-25 Werner Koch * primegen.c (prime_generate_internal): Tweaked use of secure memory and entropy use. Safe unused primes from the pool. Allocate at least a pool of 30. (save_pool_prime, get_pool_prime): New. 2006-10-23 Werner Koch * ac.c (_gcry_ac_data_from_sexp): Reset sexp_tmp for failsafe means. Release sexp_cur if needed. Reported by Dirk Stoecker. * pubkey.c (pubkeys_registered_lock): Intialized it. It is not realy needed because this is a mere initialization to 0 anyway. Noted by Victor Stinner. 2006-10-17 Werner Koch * dsa.c (_gcry_dsa_generate2): New. (generate): New arg QBITS. Add sanity checks for reasonable qbits and nbits. * pubkey.c (gcry_pk_genkey): Parse an qbits element. (pubkey_generate): New arg QBITS. Pass it to the DSA generation. 2006-10-05 Werner Koch * md.c (gcry_md_algo_info) : Check that the algo is available. 2006-10-04 David Shaw (wk) * tiger.c (round): Rename to tiger_round as gcc 4 has a built-in round function that this conflicts with. 2006-09-11 Werner Koch * rndw32.c (slow_gatherer_windowsNT): While adding data use the size of the diskPerformance and not its address. Has been fixed in GnuPG more than a year ago. Noted by Lee Fisher. 2006-08-30 Werner Koch * pubkey.c (sexp_data_to_mpi): Need to allow "ripemd160" here as this is the canonical name. 2006-08-29 Hye-Shik Chang (wk) * seed.c: New. 2006-08-03 Werner Koch * random-daemon.c (_gcry_daemon_initialize_basics): Don't initialize the socket. Remove arg SOCKETNAME. (connect_to_socket): Make sure that daemon is set to -1 on error. (call_daemon): Initialize the socket on the first call. (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) (_gcry_daemon_create_nonce): New arg SOCKETNAME. * random.c (initialize): Call new daemon initializator. (get_random_bytes, gcry_randomize, gcry_create_nonce): Pass socket name to daemon call and reset allow_daemon on failure. 2006-07-26 Werner Koch * rmd160.c (_gcry_rmd160_mixblock): Add cast to transform call. * blowfish.c (selftest): Cast string to usnigned char*. * primegen.c (prime_generate_internal): Cast unsigned/char* mismatch in calling m_out_of_n. (is_prime): Changed COUNT to unsigned int *. * ac.c (_gcry_ac_data_copy): Initialize DATA_MPIS. * random.c (gcry_create_nonce): Update the pid after a fork. Reported by Uoti Urpala. 2006-07-04 Marcus Brinkmann * sha512.c: Fix typo in copyright notice. 2006-06-21 Werner Koch * rsa.c (_gcry_rsa_generate): Replace xcalloc by calloc. * pubkey.c (gcry_pk_encrypt, gcry_pk_sign): Ditto. (sexp_to_key, sexp_to_sig, sexp_to_enc, gcry_pk_encrypt) (gcry_pk_sign, gcry_pk_genkey, gcry_pk_get_keygrip): Ditto. * md.c (md_copy): Ditto. 2006-04-22 Moritz Schulte * random-daemon.c (_gcry_daemon_initialize_basics): New argument: SOCKETNAME. Passing on to connect_to_socket() if non-NULL. (connect_to_socket, writen, readn, call_daemon): New functions. (_gcry_daemon_randomize, _gcry_daemon_get_random_bytes) (_gcry_daemon_create_nonce): Call call_daemon(). (RANDOM_DAEMON_SOCKET): New symbol. (daemon_socket): New static variable. * random.h (_gcry_daemon_initialize_basics): New parameter: SOCKETNAME. (_gcry_set_random_daemon_socket): New declaration. * random.c (initialize_basics): Pass DAEMON_SOCKET_NAME to _gcry_daemon_initialize_basics. (_gcry_set_random_daemon_socket): New function, setting DAEMON_SOCKET_NAME. 2006-04-01 Moritz Schulte * ac.c (eme_pkcs_v1_5_encode): Use KEY_SIZE directly, no need to call gcry_ac_key_get_nbits. (eme_pkcs_v1_5_decode): Likewise. (ac_es_dencode_prepare_pkcs_v1_5): Fill options_em structure with key_size. (_gcry_ac_data_dump, gcry_ac_data_dump): New functions. (_gcry_ac_data_to_sexp, _gcry_ac_data_from_sexp): More or less rewritten; changed S-Expression format so that it matches the one used in pubkey.c. 2006-03-15 Werner Koch * random-daemon.c: New. * random.c (_gcry_use_random_daemon): New. (get_random_bytes, gcry_randomize, gcry_create_nonce): Try diverting to the daemon functions. 2006-03-14 Werner Koch * random.c (lock_seed_file): New. (read_seed_file, _gcry_update_random_seed_file): Use it. * random.c (gcry_create_nonce): Detect a fork and re-seed. (read_pool): Fixed the fork detection; it used to work only for multi-threaded processes. 2006-03-12 Brad Hards (wk) * md.c (md_open): Use new variable macpads_Bsize instead of hardwiring the block size. Changed at all places. 2006-03-10 Brad Hards (wk, patch 2005-04-22) * md.c, sha256.c: Add support for SHA-224. (sha224_init): New. 2006-01-18 Brad Hards (wk 2006-03-07) * cipher.c (cipher_encrypt, cipher_decrypt, do_ofb_encrypt) (do_ofb_decrypt, gcry_cipher_open): Implement Output Feedback Mode. 2005-11-02 Moritz Schulte * pubkey.c (gcry_pk_algo_name): Return "?" instead of NULL for unknown algorithm IDs. * cipher.c (cipher_algo_to_string): Likewise. 2005-11-01 Moritz Schulte * pubkey.c (gcry_pk_algo_info): Don't forget to break after switch case. 2005-09-19 Werner Koch * dsa.c (generate): Add preliminary support for 2 and 4 keys. Return an error code if the key size is not supported. (_gcry_dsa_generate): Return an error. 2005-08-22 Werner Koch * primegen.c (check_prime): New arg RM_ROUNDS. (prime_generate_internal): Call it here with 5 rounds as used before. (gcry_prime_check): But here with 64 rounds. (is_prime): Make sure never to use less than 5 rounds. 2005-04-16 Moritz Schulte * ac.c (_gcry_ac_init): New function. 2005-04-12 Moritz Schulte * ac.c (_gcry_ac_io_write, _gcry_ac_io_read): Initialize err to make the compiler happy. Always use errno, now that gcry_malloc() is guaranteed to set errno on failure. (_gcry_ac_data_to_sexp): Don't forget to goto out after error in loop. (_gcry_ac_data_to_sexp): Remove unused variable: mpi_list; (_gcry_ac_data_to_sexp): Always deallocate sexp_buffer. (_gcry_ac_data_from_sexp): Don't forget to initialize data_set_new. (_gcry_ac_data_from_sexp): Handle special case, which is necessary, since gcry_sexp_nth() does not distinguish between "element does not exist" and "element is the empty list". (_gcry_ac_io_init_va): Use assert to make sure that mode and type are correct. Use gcry_error_t types where gcry_err_code_t types have been used before. 2005-04-11 Moritz Schulte * ac.c (_gcry_ac_data_sign_scheme): Don't forget to initialize buffer. * whirlpool.c: New file. * md.c (digest_table): Add whirlpool. * Makefile.am (EXTRA_libcipher_la_SOURCES): Added: whirlpool.c. 2005-03-30 Moritz Schulte * ac.c (_gcry_ac_data_from_sexp): Use length of SEXP_CUR, not length of SEXP; do not forget to set SEXP_TMP to NULL after it has been released. (struct gcry_ac_mpi): New member: name_provided. (_gcry_ac_data_set): Rename variable `name_final' to `name_cp'; remove const qualifier; change code to not cast away const qualifiers; use name_provided member as well. (_gcry_ac_data_set, _gcry_ac_data_get_name): Use name_provided member of named mpi structure. (gcry_ac_name_to_id): Do not forget to initialize err. (_gcry_ac_data_get_index): Do not forget to initialize mpi_return; use gcry_free() instead of free(); remove unnecessary cast; rename mpi_return and name_return to mpi_cp and name_cp; adjust code. (ac_data_mpi_copy): Do not cast away const qualifier. (ac_data_values_destroy): Likewise. (ac_data_construct): Likewise. (ac_data_mpi_copy): Initialize flags to GCRY_AC_FLAG_DEALLOC. (ac_data_extract): Use GCRY_AC_FLAG_DEALLOC instead of GCRY_AC_FLAG_COPY. (_gcry_ac_io_init_va, _gcry_ac_io_init, gcry_ac_io_init) (gcry_ac_io_init_va, _gcry_ac_io_write, _gcry_ac_io_read) (_gcry_ac_io_read_all, _gcry_ac_io_process): New functions. (gry_ac_em_dencode_t): Use gcry_ac_io_t in prototype instead of memroy strings directly; adjust encode/decode functions to use io objects. (emsa_pkcs_v1_5_encode_data_cb): New function ... (emsa_pkcs_v1_5_encode): ... use it here. (ac_data_dencode): Use io objects. (_gcry_ac_data_encode, _gcry_ac_data_decode, gcry_ac_data_encode) (gcry_ac_data_decode): Likewise. (_gcry_ac_data_encrypt_scheme, gcry_ac_data_encrypt_scheme) (_gcry_ac_data_decrypt_scheme, gcry_ac_data_decrypt_scheme) (_gcry_ac_data_sign_scheme, gcry_ac_data_sign_scheme) (_gcry_ac_data_verify_scheme, gcry_ac_data_verify_scheme): Likewise. 2005-03-23 Werner Koch * rndw32.c (_gcry_rndw32_gather_random_fast): While adding data use the size of the object and not the one of its address. Bug reported by Sascha Kiefer. 2005-03-19 Moritz Schulte * cipher.c (do_cbc_encrypt): Be careful to not overwrite data, which is to be used later on. This happend, in case CTS is enabled and OUTBUF is equal to INBUF. 2005-02-25 Werner Koch * pubkey.c (gcry_pk_get_keygrip): Allow for shadowed-private-key. 2005-02-13 Moritz Schulte * serpent.c: Updated from 1.2 branch: s/u32_t/u32/ and s/byte_t/byte/. Too match what we have always used and are using in all other files too (serpent_test): Moved prototype out of a fucntion. 2005-02-07 Moritz Schulte * ac.c: Major parts rewritten. * pubkey.c (_gcry_pk_get_elements): New function. 2004-12-09 Werner Koch * serpent.c (serpent_setkey): Moved prototype of serpent_test to outer scope. 2004-09-11 Moritz Schulte * pubkey.c (pubkey_table): Added an alias entry for GCRY_PK_ELG_E. 2004-08-23 Moritz Schulte * ac.c: Do not include . * rndegd.c: Likewise. * sha1.c: Likewise. * rndunix.c: Likewise. * rndlinux.c: Likewise. * rmd160.c: Likewise. * md5.c: Likewise. * md4.c: Likewise. * cipher.c: Likewise. * crc.c: Likewise. * blowfish.c: Likewise. * pubkey.c (dummy_generate, dummy_check_secret_key) (dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Return err code GPG_ERR_NOT_IMPLEMENTED instead of aborting through log_bug(). (dummy_get_nbits): Return 0 instead of aborting though log_bug(). 2004-08-19 Werner Koch * pubkey.c (sexp_data_to_mpi): Changed the zero random byte substituting code to actually do clever things. Thanks to Matthias Urlichs for noting the implementation problem. 2004-08-09 Moritz Schulte * pubkey.c (gcry_pk_sign): Fixed memory leak; fix provided by Modestas Vainius. 2004-07-16 Werner Koch * rijndael.c (do_encrypt): Fix alignment problem. Bugs found by Matthias Urlichs. (do_decrypt): Ditto. (keySched, keySched2): Use 2 macros along with unions in the key schedule context. 2004-07-14 Moritz Schulte * rsa.c (_gcry_rsa_decrypt): Don't forget to free "a". Thanks to Nikos Mavroyanopoulos. 2004-05-09 Werner Koch * random.c (read_pool): Mix the PID in to better protect after a fork. 2004-07-04 Moritz Schulte * serpent.c: Use "u32_t" instead of "unsigned long", do not declare S-Box variables as "register". Fixes failure on OpenBSD/sparc64, reported by Nikolay Sturm. 2004-05-07 Werner Koch * random.c (initialize): Factored out some code to .. (initialize_basics): .. new function. (_gcry_random_initialize): Just call initialize_basics unless the new arg FULL is set to TRUE. (_gcry_fast_random_poll): Don't do anything unless the random system has been really initialized. 2004-05-07 Moritz Schulte * ac.c (gcry_ac_open): Do not dereference NULL pointer. Reported by Umberto Salsi. 2004-02-20 Werner Koch * primegen.c (check_prime): New args CB_FUNC and CB_ARG; call them at different stages. Pass these arguments through all callers. 2004-02-06 Werner Koch * des.c: Add a new OID as used by pkcs#12. * rfc2268.c: New. Taken from libgcrypt. * cipher.c: Setup the rfc2268 algorithm. 2004-01-25 Moritz Schulte * primegen.c (prime_generate_internal): Do not forget to free `q_factor'; fixed by Brieuc Jeunhomme. (prime_generate_internal): Do not forget to free `prime'. 2004-01-14 Moritz Schulte * ac.c (gcry_ac_data_set): New argument: flags; slightly rewritten. (gcry_ac_data_get_name, gcry_ac_data_get_index): Likewise. (gcry_ac_key_pair_generate): New argument: misc_data; modified order of arguments. (gcry_ac_key_test): New argument: handle. (gcry_ac_key_get_nbits, gcry_ac_key_get_grip): Likewise. Use GCRY_AC_FLAG_NO_BLINDING instead of GCRY_AC_DATA_FLAG_NO_BLINDING. (gcry_ac_mpi): New member: flags. (gcry_ac_data_search, gcry_ac_data_add): Removed functions. 2003-12-22 Werner Koch * primegen.c (is_prime): Release A2. 2003-12-19 Werner Koch * md.c: Moved a couple of functions down below the data structure definitions. (struct gcry_md_context): New field ACTUAL_HANDLE_SIZE. (md_open): Set it here. (strcut gcry_md_list): New field ACTUAL_STRUCT_SIZE. (md_enable): Set it here. (md_close): Wipe the context memory. secure memory. * cipher.c (struct gcry_cipher_handle): New field ACTUAL_HANDLE_SIZE. (gcry_cipher_open): Set it here. (gcry_cipher_close): Use it to always wipe out the handle data. * ac.c (gcry_ac_open): Make sure HANDLE gets initialized even when the function is not successful. (gcry_ac_close): Allow a NULL handle. (gcry_ac_key_destroy, gcry_ac_key_pair_destroy): Ditto. (gcry_ac_key_get_grip): Return INV_OBJ on error. * primegen.c (prime_generate_internal): Fixed error code for failed malloc. Replaced the !err if chain by gotos. (gcry_prime_group_generator): Remove the extra sanity check. * md.c: Minor code and comment cleanups. 2003-12-16 Werner Koch * primegen.c (gen_prime): Doc fix. Thanks to Newton Hammet. 2003-12-11 Werner Koch * rndunix.c (slow_poll): Don't use #warning but #error. * rndegd.c: Changed indentation. (my_make_filename): Removd the var_arg cruft becuase we don't need it here. Changed caller. * rndlinux.c: Changed indentation. (open_device): Remove the superfluous stat call and clarify comment. * rsa.c: Changed indentation. (secret): Use the standard algorithm if p, q and u are not available. (rsa_blind, rsa_unblind): Renamed from _gcry_rsa_blind, _gcry_rsa_unblind and moved more to the top. * md4.c: Changed indentation. Removed unnecessary casts. * md5.c, rmd160.c, sha1.c, tiger.c: Ditto. * rijndael.c, twofish.c: Ditto. * serpent.c: Removed unnecessary casts. * sha256.c, sha512.c: Ditto. 2003-12-09 Werner Koch * dsa.c: Unified indentation style. * elgamal.c: Ditto. * des.c (des_key_schedule): Code beautifications. * blowfish.c: Changed indentation style. * cast5.c (do_cast_setkey): Ditto. * pubkey.c (gcry_pk_encrypt): Replaced the chain of if(!err) tests by straightforward gotos. Other cleanups. (gcry_pk_decrypt): Ditto. (gcry_pk_sign): Ditto. (gcry_pk_verify): Ditto. (gcry_pk_genkey): Ditto. Use strtoul instead of strtol. (gcry_pk_ctl): Use GPG_ERR_INV_ARG to indicate bad arguments. 2003-12-07 Werner Koch * pubkey.c (gcry_pk_register_default): Undef the helper macro. (gcry_pk_map_name): Allow NULL for string. (sexp_to_key): Use memcpy and not strncpy. Use gcry_free and not free. (sexp_to_sig): Ditto. (sexp_to_enc): Ditto. Replaced the chain of if(!err) tests by straightforward gotos. 2003-12-05 Werner Koch * cipher.c: Documentation cleanups. (gcry_cipher_mode_from_oid): Allow NULL for STRING. 2003-12-03 Werner Koch * elgamal.c (sign, do_encrypt, gen_k): Make sure that a small K is only used for encryption. 2003-11-18 Werner Koch * random.h (rndw32_set_dll_name): Removed unused prototype. * Makefile.am (EXTRA_DIST): Added Manifest. 2003-11-11 Werner Koch * Manifest: New. 2003-11-04 Werner Koch * md.c (gcry_md_hash_buffer): Use shortcut for SHA1 * sha1.c (_gcry_sha1_hash_buffer): New. * random.c: Reformatted most functions. (mix_pool): Moved the failsafe_digest from global scope to here. (do_fast_random_poll): Use the generic fucntions even if a fast gathering function has been used. (read_pool): Detect a fork and retry. (gcry_randomize, get_random_bytes): Don't distinguish anymore between weak and strong random. (gcry_create_nonce): New. 2003-10-31 Werner Koch * rndw32.c (slow_gatherer_windowsNT): Use a plain buffer for the disk performance values and not the W32 API structure. * dsa.c (verify): s/exp/ex/ due to shadowing of a builtin. * elgamal.c (verify): Ditto. * ac.c (gcry_ac_data_get_index): s/index/idx/ (gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc. (gcry_ac_data_add): Must use gcry_realloc instead of realloc. * pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the forehackers. (gcry_pk_encrypt): Removed shadowed definition of I. Reordered arguments to malloc for clarity. (gcry_pk_sign, gcry_pk_genkey): Ditto. * primegen.c (prime_generate_internal): s/random/randomlevel/. 2003-10-27 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Don't forget to deallocate pkey. 2003-10-27 Werner Koch * random.c (gcry_random_add_bytes): Return if buflen is zero to avoid gcc warning about unsed parameter. (MASK_LEVEL): Simplified; does now work for signed and unsigned w/o warnings. * md.c (md_start_debug): Removed the const from SUFFIX, because this function is called from the control fucntion which does not require const. Prefixed all (pubkey,digest,cipher}_spec_* globale variables with _gcry_. * ac.c (ac_key_identifiers): Made static. * random.c (getfnc_gather_random,getfnc_fast_random_poll): Move prototypes to .. * rand-internal.h: .. here * random.c (getfnc_gather_random): Include rndw32 gatherer. * rndunix.c, rndw32.c, rndegd.c: Include them here. * rndlinux.c (_gcry_rndlinux_gather_random): Prepend the _gcry_ prefix. Changed all callers. * rndegd.c (_gcry_rndegd_gather_random): Likewise. (_gcry_rndegd_connect_socket): Likewise. * rndunix.c (_gcry_rndunix_gather_random): Likewise. (waitpid): Made static. * rndw32.c: Removed the old and unused winseed.dll cruft. (_gcry_rndw32_gather_random_fast): Renamed from gather_random_fast. (_gcry_rndw32_gather_random): Renamed from gather_random. Note, that the changes 2003-04-08 somehow got lost. * sha512.c (sha512_init, sha384_init): Made static. * cipher.c (do_ctr_decrypt): Removed "return" from this void function. 2003-10-24 Moritz Schulte * serpent.c: Fix an issue on big-endian systems. * rndw32.c: Removed IS_MODULE -cruft. * rndlinux.c (rndlinux_gather_random): Likewise. 2003-10-10 Werner Koch * primegen.c (gen_prime): Bail out if NBITS is less than 16. (prime_generate_internal): Initialize prime variable to suppress compiler warning. Check pbits, initialize qbits when passed as zero. * primegen.c (prime_generate_internal): New arg ALL_FACTORS. Changed all callers. (gcry_prime_generate): Make the factors arg optional. Request all_factors. Make sure PRIME is set to NULL even on error. (gcry_prime_group_generator): New. (gcry_prime_release_factors): New. 2003-10-06 Werner Koch * primegen.c (gen_prime): Assert that NBITS is never zero, it would cause a segv. 2003-09-28 Moritz Schulte * ac.c: Include "cipher.h". 2003-09-27 Moritz Schulte * rndegd.c (do_read): Return nread instead of nbytes; thanks to Michael Caerwyn. 2003-09-04 Werner Koch * pubkey.c (_gcry_pk_aliased_algo_name): New. * ac.c (gcry_ac_open): Use it here. * Makefile.am (EXTRA_libcipher_la_SOURCES): Add serpent.c 2003-09-02 Moritz Schulte * primegen.c (gcry_prime_check, gcry_prime_generate): New functions. (prime_generate_internal): New function, based on _gcry_generate_elg_prime. (_gcry_generate_elg_prime): Rewritten as a wrapper for prime_generate_internal. 2003-08-28 Werner Koch * pubkey.c (gcry_pk_encrypt): Don't include the flags list in the return value. This does not make sense and breaks any programs parsing the output strictly (e.g. current gpgsm). (gcry_pk_encrypt): If aliases for the algorithm name exists, take the first one instead of the regular name to adhere to SPKI conventions. (gcry_pk_genkey): Ditto. (gcry_pk_sign): Ditto. Removed unused KEY_ALGO_NAME. 2003-08-19 Moritz Schulte * cipher.c: Add support for Serpent * serpent.c: New file. 2003-08-10 Moritz Schulte * rsa.c (_gcry_rsa_blind, _gcry_rsa_unblind): Declare static. 2003-08-09 Timo Schulz * random.c (getfnc_gather_random): Don't check NAME_OF_DEV_RANDOM two times, but also the NAME_OF_DEV_URANDOM device. 2003-08-08 Moritz Schulte * pubkey.c (sexp_to_enc): Fixed extraction of S-Expression: do not fail if no `flags' sub S-Expression is found. 2003-07-27 Werner Koch * md.c (gcry_md_lookup_func_oid): Allow for empty OID lists. 2003-07-23 Moritz Schulte * ac.c (gcry_ac_data_construct): New argument: include_flags, only include `flags' S-expression, if include_flags is true. Adjust callers. Thanks for triggering a bug caused by `flags' sub-S-expression where they are not expected to Ralf Schneider. 2003-07-21 Moritz Schulte * pubkey.c (gcry_pk_lookup_func_name): Use new member name `aliases' instead of `sexp_names'. * ac.c (gcry_ac_key_data_get): New function. * cipher.c (gcry_cipher_lookup_func_name): Fix return value. 2003-07-20 Moritz Schulte * blowfish.c: Adjusted for new gcry_cipher_spec_t structure. * cast5.c: Likewise. * twofish.c: Likewise. * arcfour.c: Likewise. * rijndael.c (rijndael_oids, rijndael192_oids, rijndael256_oids): New variables, adjust for new gcry_cipher_spec_t structure. * des.c (oids_tripledes): New variable, adjust for new gcry_cipher_spec_t structure. * md.c (oid_table): Removed. * tiger.c (oid_spec_tiger): New variable. (digest_spec_tiger): Adjusted for new gry_md_spec_t structure. * sha512.c (oid_spec_sha512): New variable. (digest_spec_sha512): Adjusted for new gry_md_spec_t structure. * sha512.c (oid_spec_sha384): New variable. (digest_spec_sha384): Adjusted for new gry_md_spec_t structure. * sha256.c (oid_spec_sha256): New variable. (digest_spec_sha256): Adjusted for new gry_md_spec_t structure. * sha1.c (oid_spec_sha1): New variable. (digest_spec_sha1): Adjusted for new gry_md_spec_t structure. * rmd160.c (oid_spec_rmd160): New variable. (digest_spec_rnd160): Adjusted for new gry_md_spec_t structure. * md5.c (oid_spec_md5): New variable. (digest_spec_md5): Adjusted for new gry_md_spec_t structure. * md4.c (oid_spec_md4): New variable. (digest_spec_md4): Adjusted for new gry_md_spec_t structure. * crc.c (digest_spec_crc32, digest_spec_crc32_rfc1510, digest_spec_crc32_rfc2440): Adjusted for new gry_md_spec_t structure. 2003-07-19 Moritz Schulte * md.c (gcry_md_lookup_func_oid): New function. (search_oid): New function, copied from cipher.c. (gcry_md_map_name): Adjust for new search_oid_interface. * cipher.c (oid_table): Removed table. (gcry_cipher_lookup_func_oid): New function. (search_oid): Rewritten to use the module functions. (gcry_cipher_map_name): Adjust for new search_oid interface. (gcry_cipher_mode_from_oid): Likewise. 2003-07-18 Werner Koch * md.c (gcry_md_hash_buffer): Convert ERR to gpg_error_t in gpg_strerror. 2003-07-14 Moritz Schulte * cipher.c (gcry_cipher_lookup_func_name): Also check the cipher name aliases, not just the primary name. (gcry_cipher_map_name): Remove kludge for aliasing Rijndael to AES. * arcfour.c, blowfish.c, cast5.c, des.c, twofish.c: Adjust cipher specification structures. * rijndael.c (rijndael_names, rijndael192_names, rijndael256_names): New variables, use them in the cipher specifications. * rmd160test.c: Removed file. * ac.c, arcfour.c, blowfish.c, cast5.c, cipher.c, des.c, dsa.c, elgamal.c, md.c, pubkey.c, random.c, rijndael.c, rsa.c, twofish.c: Used gcry_err* wrappers for libgpg symbols. * primegen.c (gen_prime): Correct the order arguments to extra_check. 2003-07-12 Moritz Schulte * ac.c: Replaced all public occurences of gpg_error_t with gcry_error_t. * cipher.c: Likewise. * md.c: Likewise. * pubkey.c: Likewise. * random.c: Likewise. * cipher.c: Added support for TWOFISH128. 2003-07-08 Moritz Schulte * ac.c (gcry_ac_data_copy_internal): New function, based on gcry_ac_data_copy. (gcry_ac_data_copy): Made public, use gcry_ac_data_copy_internal. (gcry_ac_key_init): Use gcry_ac_data_copy_internal. 2003-07-07 Moritz Schulte * ac.c (gcry_ac_data_set): Only release old MPI value if it is different from the new value. Bug reported by Simon Josefsson . * pubkey.c (gcry_pk_list): New function. * md.c (gcry_md_list): New function. * ac.c (gcry_ac_key_pair_generate): Fix calculation of format string size. 2003-07-05 Moritz Schulte * md.c: Named struct of digest_table `digest_table_entry'. (digest_table_entry): New member: algorithm; filled in. (digest_table_entry): Removed unused member: flags. (gcry_md_register): New argument: algorithm_id, filled in. (gcry_md_register_default): Used algorithm ID from module structure. (gcry_md_map_name): Likewise. (md_enable): Likewise. (md_read): Likewise. (gcry_md_info): Likewise. * pubkey.c: Named truct for pubkey_table `pubkey_table_entry'. (pubkey_table_entry): New member: algorithm; filled in. (gcry_pk_register_default): Used algorithm ID from pubkey_table. (gcry_pk_register): New argument: algorithm_id, filled in. (gcry_pk_map_name): Used algorithm ID from module structure. (gcry_pk_decrypt): Likewise. (gcry_pk_encrypt): Likewise. (gcry_pk_verify): Likewise. (gcry_pk_sign): Likewise. (gcry_pk_testkey): Likewise. (gcry_pk_genkey): Likewise. (gcry_pk_get_nbits): Likewise. (sexp_to_key): Removed unused variable: algo. (sexp_to_sig): Likewise. * cipher.c: Named struct for cipher_table `cipher_table_entry'. (cipher_table_entry): New member: algorithm; filled in. (gcry_cipher_register_default): Used algorithm ID from cipher_table. (gcry_cipher_register): New argument: algorithm_id, filled in. (gcry_cipher_map_name): Used algorithm ID from module structure. * arcfour.c (cipher_spec_arcfour): Removed algorithm ID. * blowfish.c (cipher_spec_blowfish): Likewise. * cast5.c (cipher_spec_cast5): Likewise. * crc.c (digest_spec_crc32): Likewise. * crc.c (digest_spec_crc32_rfc1510): Likewise. * crc.c (digest_spec_crc32_rfc2440): Likewise. * des.c (cipher_spec_des): Likewise. * des.c (cipher_spec_tripledes): Likewise. * dsa.c (pubkey_spec_dsa): Likewise. * elgamal.c (pubkey_spec_elg): Likewise. * md4.c (digest_spec_md4): Likewise. * md5.c (digest_spec_md5): Likewise. * aes.c (cipher_spec_aes): Likewise. * aes.c (cipher_spec_aes192): Likewise. * aes.c (cipher_spec_aes256): Likewise. * rsa.c (pubkey_spec_rsa): Likewise. * sha1.c (digest_spec_sha1): Likewise. * sha256.c (digest_spec_sha256): Likewise. * sha512.c (digest_spec_sha512): Likewise. * tiger.c (digest_spec_tiger): Likewise. * twofish.c (cipher_spec_twofish): Likewise. * twofish.c (cipher_spec_twofish128): Likewise. * Makefile.am (EXTRA_libcipher_la_SOURCES): Fix list of source files; reported by Simon Josefsson . * pubkey.c: Replaced all occurences of `id' with `algorithm', since `id' is a keyword in obj-c. * md.c: Likewise. * cipher.c: Likewise. * crc.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, tiger.c: Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t. * dsa.c, rsa.c, elgamal.c: Replaced all occurencens of gcry_pubkey_spec_t with gcry_pk_spec_t. * md.c: Replaced all occurences of gcry_digest_spec_t with gcry_md_spec_t. (gcry_digest_register_default): Renamed to ... (gcry_md_register_default): ... this; adjusted callers. (gcry_digest_lookup_func_name): Renamed to ... (gcry_md_lookup_func_name): ... this; adjusted callers. (gcry_digest_lookup_name): Renamed to ... (gcry_md_lookup_name): ... this; adjusted callers. (gcry_digest_register): Renamed to ... (gcry_md_register): ... this. (gcry_digest_unregister): Renamed to ... (gcry_md_unregister): ... this. * pubkey.c (gcry_pubkey_register): Renamed to ... (gcry_pk_register): ... this. (gcry_pubkey_unregister): Renamed to ... (gcry_pk_unregister): ... this. Replaced all occurences of gcry_pubkey_spec_t with gcry_pk_spec_t. (gcry_pubkey_register_default): Renamed to ... (gcry_pk_register_default): ... this; adjusted callers. (gcry_pubkey_lookup_func_name): Renamed to ... (gcry_pk_lookup_func_name): ... this; adjusted callers. (gcry_pubkey_lookup_name): Renamed to ... (gcry_pk_lookup_name): ... this; adjusted callers. * md.c (gcry_md_hash_buffer): Fix error checking. Thanks to Simon Josefsson . 2003-07-04 Moritz Schulte * cipher.c (gcry_cipher_list): New function. 2003-07-01 Moritz Schulte * pubkey.c (sexp_to_sig): Accept a `flags' S-expression to be more consistent with sexp_to_enc. 2003-06-30 Moritz Schulte * Makefile.am (libcipher_la_SOURCES): Added: ac.c. * pubkey.c (_gcry_pk_module_lookup): New function. (_gcry_pk_module_release): New function. 2003-06-29 Moritz Schulte * ac.c: New file. 2003-06-26 Werner Koch * md.c (gcry_md_hash_buffer): Trigger BUG correcly with new API. 2003-06-19 Werner Koch * md.c (gcry_md_is_enabled): Fixed. 2003-06-18 Werner Koch * cipher.c (gcry_cipher_get_algo_keylen): New. (gcry_cipher_get_algo_blklen): New. 2003-06-18 Moritz Schulte * arcfour.c, cipher.c, blowfish.c, md.c, cast5.c, pubkey.c, crc.c, des.c, dsa.c, elgamal.c, md4.c, md5.c, random.c, rijndael.c, rmd160.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Replaced older types GcryDigestSpec, GcryCipherSpec and GcryPubkeySpec with newer types: gcry_digest_spec_t, gcry_cipher_spec_t and gcry_pubkey_spec_t. * md.c (gcry_digest_id_new): Removed function. (gcry_digest_register): Removed code for generating a new module ID. * pubkey.c (gcry_pubkey_id_new): Removed function. (gcry_pubkey_register): Removed code for generating a new module ID. * cipher.c, md.c, pubkey.c: Replace old type GcryModule with newer one: gcry_module_t. (gcry_cipher_id_new): Removed function. (gcry_cipher_register): Removed code for generating a new module ID. * cipher.c (gcry_cipher_register): Adjust call to _gcry_module_add. (gcry_cipher_register_default): Likewise. * pubkey.c (gcry_pubkey_register_default): Likewise. (gcry_pubkey_register): Likewise. * md.c (gcry_digest_register_default): Likewise. (gcry_digest_register): Likewise. * md.c (gcry_digest_lookup_func_id): Removed function. (gcry_digest_lookup_id): Likewise. (gcry_digest_id_new): Use _gcry_module_lookup_id instead of gcry_digest_lookup_id. (digest_algo_to_string): Likewise. (check_digest_algo): Likewise. (md_enable): Likewise. (md_digest_length): Likewise. (md_asn_oid): Likewise. * pubkey.c (gcry_pubkey_lookup_id): Removed function. (gcry_pubkey_lookup_func_id): Likewise. (gcry_pubkey_id_new): Use _gcry_module_lookup_id instead of gcry_pubkey_id_new. (gcry_pk_algo_name): Likewise. (disable_pubkey_algo): Likewise. (check_pubkey_algo): Likewise. (pubkey_get_npkey): Likewise. (pubkey_get_nskey): Likewise. (pubkey_get_nsig): Likewise. (pubkey_get_nenc): Likewise. (pubkey_generate): Likewise. (pubkey_check_secret_key): Likewise. (pubkey_encrypt): Likewise. (pubkey_decrypt): Likewise. (pubkey_sign): Likewise. (pubkey_verify): Likewise. (gcry_pk_algo_info): Likewise. * cipher.c (gcry_cipher_lookup_func_id): Removed function. (gcry_cipher_lookup_id): Likewise. (cipher_algo_to_string): use _gcry_module_lookup_id instead of gcry_cipher_lookup_id. (disable_cipher_algo): Likewise. (check_cipher_algo): Likewise. (cipher_get_blocksize): Likewise. (gcry_cipher_open): Likewise. (gcry_cipher_id_new): Likewise. 2003-06-17 Moritz Schulte * Makefile.am (GCRYPT_MODULES): Set to @GCRYPT_CIPHERS@, @GCRYPT_PUBKEY_CIPHERS@, @GCRYPT_DIGESTS@ and @GCRYPT_RANDOM@. (libcipher_la_DEPENDENCIES): Set to $(GCRYPT_MODULES). (libcipher_la_LIBADD): Likewise. (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@. (EXTRA_libcipher_la_SOURCES): Added all conditional sources. * md.c (md_open): Use _gcry_fast_random_poll instead of fast_random_poll. * cipher.c (gcry_cipher_open): Likewise. * random.h (fast_random_poll): Removed macro. * blowfish.c, md4.c, md5.c, rmd160.c, sha1.c, sha256.c, sha512.c, tiger.c: Use Autoconf's WORDS_BIGENDIAN instead of our own BIG_ENDIAN_HOST. 2003-06-16 Moritz Schulte * random.c (getfnc_gather_random): Do not special-case USE_ALL_RANDOM_MODULES, make it the default. * dsa.c: Replace last occurences of old type names with newer names (i.e. replace MPI with gcry_mpi_t). * elgamal.c: Likewise. * primegen.c: Likewise. * pubkey.c: Likewise. * rsa.c: Likewise. 2003-06-14 Moritz Schulte * des.c (des_setkey): Add selftest check. (tripledes_set3keys): Likewise. (do_tripledes_setkey): Remove selftest check. (do_des_setkey): Likewise. 2003-06-11 Moritz Schulte * md.c (_gcry_md_init): New function. * cipher.c (_gcry_cipher_init): New function. * pubkey.c (_gcry_pk_init): New function. 2003-06-13 Werner Koch * md.c (gcry_md_get_algo): Reverted to old API. This is a convenience function anyway and error checking is not approriate. (gcry_md_is_secure): New. (gcry_md_is_enabled): New. 2003-06-12 Werner Koch * cipher.c (gcry_cipher_open): Make sure HANDLE is set to NULL on error. 2003-06-11 Werner Koch * md.c (gcry_md_open): Make sure H receives either NULL or an valid handle. (gcry_md_copy): Swapped arguments so that it is more in lione with md_open and most other API fucntions like memcpy (destination comes first). Make sure HANDLE is set to NULL on error. * rijndael.c (do_encrypt): Hack to force correct alignment. It seems not to be not sufficient, though. We should rework this fucntions and remove all these ugly casts. Let the compiler optimize or have an assembler implementation. 2003-06-09 Moritz Schulte * Makefile.am: Removed rules serpent, since that is not commited yet. 2003-06-08 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Improve calculation for size of the format string. 2003-06-07 Moritz Schulte * arcfour.c, bithelp.h, blowfish.c, cast5.c, cipher.c, crc.c, des.c, dsa.c, elgamal.c, md4.c, md5.c, md.c, primegen.c, pubkey.c, rand-internal.h, random.c, random.h, rijndael.c, rmd160.c, rmd160test.c, rmd.h, rndeged.c, rndlinux.c, rndunix.c, rndw32.c, rsa.c, sha1.c, sha256.c, sha512.c, tiger.c, twofish.c: Edited all preprocessor instructions to remove whitespace before the '#'. This is not required by C89, but there are some compilers out there that don't like it. Replaced any occurence of the now deprecated type names with the new ones. 2003-06-04 Moritz Schulte * pubkey.c (gcry_pk_encrypt): Construct an arg_list and use gcry_sexp_build_array instead of gcry_sexp_build. (gcry_pk_sign): Likewise. (gcry_pk_genkey): Likewise. 2003-06-01 Moritz Schulte * dsa.c (_gcry_dsa_generate): Do not check wether the algorithm ID does indeed belong to DSA. (_gcry_dsa_sign): Likewise. (_gcry_dsa_verify): Likewise. (_gcry_dsa_get_nbits): Likewise. * elgamal.c (_gcry_elg_check_secret_key): Do not check wether the algorithm ID does indeed belong to ElGamal. (_gcry_elg_encrypt): Likewise. (_gcry_elg_decrypt): Likewise. (_gcry_elg_sign): Likewise. (_gcry_elg_verify): Likewise. (_gcry_elg_get_nbits): Likewise. (_gcry_elg_generate): Likewise. * rsa.c (_gcry_rsa_generate): Do not check wether the algorithm ID does indeed belong to RSA. (_gcry_rsa_encrypt): Likewise. (_gcry_rsa_decrypt): Likewise. (_gcry_rsa_sign): Likewise. (_gcry_rsa_verify): Likewise. (_gcry_rsa_get_nbits): Likewise. 2003-05-30 Moritz Schulte * md.c (md_get_algo): Return zero in case to algorithm is enabled. * md.c (gcry_md_info): Adjusted for new no-errno-API. (md_final): Likewise. (gcry_md_get_algo): Likewise. * pubkey.c (gcry_pk_get_keygrip): Likewise. (gcry_pk_ctl): Likewise. (gcry_pk_algo_info): Likewise. * des.c (selftest): Likewise. 2003-05-29 Moritz Schulte * md.c (md_enable): Do not forget to release module on error. (gcry_md_open): Adjusted for new no-errno-API. (md_open): Likewise. (md_copy): Likewise. (gcry_md_copy): Likewise. (gcry_md_setkey): Likewise. (gcry_md_algo_info): Likewise. * cipher.c (gcry_cipher_open): Adjusted for new no-errno-API and also fixed a locking bug. (gcry_cipher_encrypt): Adjusted for new no-errno-API. (gcry_cipher_decrypt): Likewise. (gcry_cipher_ctl): Likewise. (gcry_cipher_info): Likewise. (gcry_cipher_algo_info): Likewise. 2003-05-28 Moritz Schulte * md.c (md_enable): Adjusted for libgpg-error. (gcry_md_enable): Likewise. (gcry_digest_register_default): Likewise. (gcry_digest_register): Likewise. (check_digest_algo): Likewise. (prepare_macpads): Likewise. (gcry_md_setkey): Likewise. (gcry_md_ctl): Likewise. (gcry_md_get): Likewise. (gcry_md_algo_info): Likewise. (gcry_md_info): Likewise. * dsa.c (_gcry_dsa_generate): Likewise. (_gcry_dsa_check_secret_key): Likewise. (_gcry_dsa_sign): Likewie. (_gcry_dsa_verify): Likewise. * twofish.c (do_twofish_setkey): Likewise. (twofish_setkey): Likewise. * cipher.c (gcry_cipher_register): Likewise. 2003-05-25 Moritz Schulte * rijndael.c (do_setkey): Adjusted for libgpg-error. (rijndael_setkey): Likewise. * random.c (gcry_random_add_bytes): Likewise. * elgamal.c (_gcry_elg_generate): Likewise. (_gcry_elg_check_secret_key): Likewise. (_gcry_elg_encrypt): Likewise. (_gcry_elg_decrypt): Likewise. (_gcry_elg_sign): Likewise. (_gcry_elg_verify): Likewise. * rsa.c (_gcry_rsa_generate): Likewise. (_gcry_rsa_check_secret_key): Likewise. (_gcry_rsa_encrypt): Likewise. (_gcry_rsa_decrypt): Likewise. (_gcry_rsa_sign): Likewise. (_gcry_rsa_verify): Likewise. * pubkey.c (dummy_generate, dummy_check_secret_key, dummy_encrypt, dummy_decrypt, dummy_sign, dummy_verify): Likewise. (gcry_pubkey_register): Likewise. (check_pubkey_algo): Likewise. (pubkey_generate): Likewise. (pubkey_check_secret_key): Likewise. (pubkey_encrypt): Likewise. (pubkey_decrypt): Likewise. (pubkey_sign): Likewise. (pubkey_verify): Likewise. (sexp_elements_extract): Likewise. (sexp_to_key): Likewise. (sexp_to_sig): Likewise. (sexp_to_enc): Likewise. (sexp_data_to_mpi): Likewise. (gcry_pk_encrypt): Likewise. (gcry_pk_decrypt): Likewise. (gcry_pk_sign): Likewise. (gcry_pk_verify): Likewise. (gcry_pk_testkey): Likewise. (gcry_pk_genkey): Likewise. (gcry_pk_ctl): Likewise. * cipher.c (dummy_setkey): Likewise. (check_cipher_algo): Likewise. (gcry_cipher_open): Likewise. (cipher_setkey): Likewise. (gcry_cipher_ctl): Likewise. (cipher_encrypt): Likewise. (gcry_cipher_encrypt): Likewise. (cipher_decrypt): Likewise. (gcry_cipher_decrypt): Likewise. (gcry_cipher_info): Likewise. (gcry_cipher_algo_info): Likewise. * cast5.c (cast_setkey): Likewise. (do_cast_setkey): Likewise. * arcfour.c (arcfour_setkey): Likewise. (do_arcfour_setkey): Likewise. * blowfish.c (do_bf_setkey): Likewise. (bf_setkey): Likewise. * des.c (do_des_setkey): Likewise. (do_tripledes_setkey): Likewise. 2003-05-22 Moritz Schulte * tiger.c: Merged code ussing the U64_C macro from GnuPG. * sha512.c: Likewise. 2003-05-17 Moritz Schulte * pubkey.c (gcry_pk_genkey): Fix type: acquire a lock, instead of releasing it. 2003-05-11 Moritz Schulte * pubkey.c (gcry_pk_testkey): Call REGISTER_DEFAULT_CIPHERS. (gcry_pk_ctl): Likewise. 2003-04-27 Moritz Schulte * pubkey.c (gcry_pk_genkey): Release sexp after extracted data has been used. * md.c (gcry_md_get_algo_dlen): Simplified, simply call md_digest_length to do the job. * des.c (do_des_setkey): Check for selftest failure not only during initialization. (do_tripledes_setkey): Include check for selftest failure. * pubkey.c (gcry_pubkey_register_default): New macro `pubkey_use_dummy', use it. * elgamal.c (elg_names): New variable. (pubkey_spec_elg): Include elg_names. * dsa.c (dsa_names): New variable. (pubkey_spec_dsa): Include dsa_names. * rsa.c (rsa_names): New variable. (pubkey_spec_rsa): Include rsa_names. * pubkey.c (gcry_pubkey_lookup_func_name): Compare name also with the names listed in `sexp_names'. 2003-04-24 Moritz Schulte * pubkey.c (sexp_to_key): New variables: module, pubkey. Adjusted to new module interface. (sexp_to_key): Changend type of argument `retalgo' from `int *' to `GcryModule **'. Adjusted all callers. Removed argument: r_algotblidx. (sexp_to_sig): Changend type of argument `retalgo' from `int *' to `GcryModule **'. Adjusted all callers. (sexp_to_enc): Likewise. (pubkey_get_npkey, pubkey_get_nskey, pubkey_get_nsig, pubkey_get_nenc): Use strlen to find out the number. * rsa.c: Adjust pubkey_spec_rsa to new internal interface. * dsa.c: Likewise. * elgamal.c: Likewise. 2003-04-17 Moritz Schulte * pubkey.c (sexp_elements_extract): New function. * pubkey.c (sexp_to_key): Removed variable `idx', added `err', use sexp_elements_extract. (sexp_to_sig): Likewise. (sexp_to_enc): Likewise. * pubkey.c: Terminate list correctly. * md.c: Include sha512/sha384 in digest_table. 2003-04-16 Moritz Schulte * Makefile.am: Include support for sha512.c. * sha512.c: New file, merged from GnuPG, with few modifications for libgcrypt. * rand-internal.h: Removed declarations for constructor functions. * md.c (md_copy): Call _gcry_module_use for incrementing the usage counter of the digest modules. * rsa.c: Do not include "rsa.h". * dsa.c: Do not include "dsa.h". * elgamal.c: Do not include "elgamal.h". * des.c: Do not include "des.h". * cast5.c: Do not include "cast5.h". * blowfish.c: Do not include "blowfish.h". * arcfour.c: Do not include "arcfour.h". * Makefile.am (libcipher_la_DEPENDENCIES): Removed. (libcipher_la_LIBADD): Removed. Use Automake conditionals for conditional compilation. 2003-04-13 Moritz Schulte * cipher.c (gcry_cipher_open): Call REGISTER_DEFAULT_CIPHERS. * md.c (gcry_md_list): New member: module. (md_enable): New variable: module, changed use of module and digest. (md_enable): Initialize member: module. (md_close): Call _gcry_module_release. * cipher.c (gcry_cipher_open): New variable: module, changed use of module and cipher. (struct gcry_cipher_handle): New member: module. (gcry_cipher_open): Initialize member: module. (gcry_cipher_close): Call _gcry_module_release. 2003-04-09 Moritz Schulte * cipher.c: Include "ath.h". * md.c: Likewise. * pubkey.c: Likewise. * cipher.c (ciphers_registered_lock): New variable. * md.c (digests_registered_lock): New variable. * pubkey.c (pubkeys_registered_lock): New variable. * rndlinux.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndlinux_constructor): Removed function. * rndegd.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndegd_constructor): Removed function. * rndunix.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndunix_constructor): Removed function. * rndw32.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rndw32_constructor): Removed function. * rndegd.c (rndegd_connect_socket): Simplify code for creating the egd socket address. (rndegd_connect_socket): Call log_fatal use instead of g10_log_fatal. (egd_gather_random): Renamed to ... (rndegd_gather_random): ... here. 2003-04-08 Moritz Schulte * rndlinux.c: Do not include "dynload.h". * rndunix.c: Likewise. * rndw32.c: Likewise. * rndegd.c (rndegd_connect_socket): Factored out from ... (egd_gather_random): here; call it. (egd_socket): New variable. (egd_gather_random): Initialize fd with egd_socket, do not declare fd static. (do_read): Merged few changes from GnuPG. FIXME - not finished? Do not include "dynload.h". * rndw32.c (gather_random): Renamed to rndw32_gather_random, do not declare static. (gather_random_fast): Renamed to rndw32_gather_random_fast, do not declare static. * rndunix.c (gather_random): Renamed to rndunix_gather_random, do not declare static. * rndegd.c (gather_random): Renamed to rndegd_gather_random, do not declare static. * rndlinux.c (gather_random): Renamed to rndlinux_gather_random, do not declare static. 2003-04-07 Moritz Schulte * Makefile.am (libcipher_la_SOURCES): Removed construct.c. (libcipher_la_SOURCES): Added sha1.c, sha256.c, rmd160.c, md4.c, md5.c, tiger.c and crc.c (EXTRA_PROGRAMS): Removed sha1, sha256, rmd160, md4, md5, tiger and crc. Removed definitions: EXTRA_md4_SOURCES, EXTRA_md5_SOURCES, EXTRA_rmd160_SOURCES, EXTRA_sha1_SOURCES, EXTRA_sha256_SOURCES, EXTRA_tiger_SOURCES and EXTRA_crc_SOURCES, BUILT_SOURCES, DISTCLEANFILES. * pubkey.c: Do not include "elgamal.h", "dsa.h" and "rsa.h". * Makefile.am (libcipher_la_SOURCES): Removed rsa.h, elgamal.h, dsa.h, des.h, cast5.h, arcfour.h and blowfish.h. * rsa.h: Removed file. * elgamal.h: Removed file. * dsa.h: Removed file. * des.h: Removed file. * cast5.h: Removed file. * arcfour.h: Removed file. * blowfish.h: Removed file. * Makefile.am (libcipher_la_SOURCES): Removed dynload.c and dynload.h. * rsa.c (pubkey_spec_rsa): New variable. * dsa.c (pubkey_spec_rsa): New variable. * elgamal.c (pubkey_spec_elg): New variable. * rsa.c (_gcry_rsa_get_info): Removed function. * elgamal.c (_gcry_elg_get_info): Removed function. * dsa.c (_gcry_dsa_get_info): Removed function. * tiger.c (tiger_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_tiger_constructor): Removed function. * sha1.c (sha1_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_sha1_constructor): Removed function. * sha256.c (sha256_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_sha256_constructor): Removed function. * rmd160.c (rmd160_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_rmd160_constructor): Removed function. * md5.c (md5_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_md5_constructor): Removed function. * md4.c (md4_get_info): Removed function. (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func): Removed function. (_gcry_md4_constructor): Removed function. * crc.c (crc_get_info): Removed function. * arcfour.c (do_arcfour_setkey): Changed type of context argument to `void *', added local variable for cast, adjusted callers. (arcfour_setkey): Likewise. (encrypt_stream): Likewise. * cast5.c (cast_setkey): Likewise. (encrypt_block): Likewise. * rijndael.c (rijndael_setkey): Likewise. (rijndael_encrypt): Likewise. (rijndael_decrypt): Likewise. * twofish.c (twofish_setkey): Likewise. (twofish_encrypt): Likewise. (twofish_decrypt): Likewise. * des.c (do_des_setkey): Likewise. (do_des_encrypt): Likewise. (do_des_encrypt): Likewise. (do_tripledes_encrypt): Likewise. (do_tripledes_encrypt): Likewise. * blowfish.c (bf_setkey: Likewise. (encrypt_block): Likewise. (decrypt_block): Likewise. * arcfour.c (encrypt_stream): Likewise. * rijndael.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func) Removed function. * twofish.c (gnupgext_version, func_table): Removed definitions. (gnupgext_enum_func) Removed function. * cast5.c (CIPHER_ALGO_CAST5): Removed. * blowfish.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros. (CIPHER_ALGO_BLOWFISH): Removed symbol. * cast5.c (FNCCAST_SETKEY, FNCCAST_CRYPT): Likewise. * des.c (selftest_failed): Removed. (initialized): New variable. (do_des_setkey): Run selftest, if not yet done. (FNCCAST_SETKEY, FNCCAST_CRYPT): Removed macros. * arcfour.c (_gcry_arcfour_get_info): Removed function. * blowfish.c (_gcry_blowfish_get_info): Removed function. * cast5.c (_gcry_cast5_get_info): Removed function. * des.c (_gcry_des_get_info): Removed function. * rijndael.c (_gcry_rijndael_get_info): Removed function. * twofish.c (_gcry_twofish_get_info): Removed function. * arcfour.c (cipher_spec_arcfour): New variable. * twofish.c (cipher_spec_twofish, cipher_spec_twofish128): New variables. * rijndael.c (cipher_spec_aes, cipher_spec_aes192, cipher_spec256): New variables. * des.c (cipher_spec_des, cipher_spec_tripledes): New variables. * cast5.c (cipher_spec_cast5): New variable. * blowfish.c (cipher_spec_blowfish): Likewise. * twofish.c: Do not include "dynload.h". * rijndael.c: Likewise. * des.c: Likewise. * cast5.c: Likewise. * blowfish.c: Likewise. * cipher.c: Likewise. * crc.c: Likewise. * md4.c: Likewise. * md5.c: Likewise. * md.c: Likewise. * pubkey.c: Likewise. * rijndael.c: Likewise. * sha1.c: Likewise. * sha256.c: Likewise. * arcfour.c: Include "cipher.h". * twofish.c: Likewise. * rijndael.c: Likewise. * des.c: Likewise. * cast5.c: Likewise. * blowfish.c: Likewise. * twofish.c (twofish_setkey): Declared argument `key' const. (twofish_encrypt): Declared argument `inbuf' const. (twofish_decrypt): Likewise. * rijndael.c (rijndael_setkey): Declared argument `key' const. (rijndael_encrypt): Declared argument `inbuf' const. (rijndael_decrypt): Likewise. * des.c (do_des_setkey): Declared argument `key' const. (do_tripledes_setkey): Likewise. (do_des_encrypt): Declared argument `inbuf' const. (do_des_decrypt): Likewise. (do_tripledes_encrypt): Likewise. (do_tripledes_decrypt): Likewise. * cast5.c (encrypt_block): Declared argument `inbuf' const. (decrypt_block): Likewise. (cast_setkey): Declared argument `key' const. * blowfish.c (do_bf_setkey): Declared argument `key' const. (encrypt_block): Declared argument `inbuf' const. (encrypt_block): Likewise. * cipher.c: Remove CIPHER_ALGO_DUMMY related code. Removed struct cipher_table_s. Changed definition of cipher_table. Removed definition of disabled_algos. (ciphers_registered, default_ciphers_registered): New variables. (REGISTER_DEFAULT_CIPHERS): New macro. (dummy_setkey): Declared argument `key' const. (dummy_encrypt_block): Declared argument `inbuf' const. (dummy_encrypt_block): Likewise. (dummy_encrypt_stream): Likewise. (dummy_encrypt_stream): Likewise. (dummy_setkey): Use `unsigned char' instead of `byte'. (dummy_encrypt_block): Likewise. (dummy_decrypt_block): Likewise. (dummy_encrypt_stream): Likewise. (dummy_decrypt_stream): Likewise. (gcry_cipher_register_default): New function. (gcry_cipher_lookup_func_id): New function. (gcry_cipher_lookup_func_name): New function. (gcry_cipher_lookup_id): New function. (gcry_cipher_lookup_name): New function. (gcry_cipher_id_new): New function. (gcry_cipher_register): New function. (gcry_cipher_unregister): New function. (setup_cipher_table): Removed function. (load_cipher_modules): Removed function. (gcry_cipher_map_name): Adjusted to use new module management. (cipher_algo_to_string): Likewise. (disable_cipher_algo): Likewise. (check_cipher_algo): Likewise. (cipher_get_keylen): Likewise. (cipher_get_blocksize): Likewise. (gcry_cipher_open): Likewise. (struct gcry_cipher_handle): Replaced members algo, algo_index, blocksize, setkey, encrypt, decrypt, stencrypt, stdecrypt with one member: cipher. (gcry_cipher_open): Adjusted code for new handle structure. (cipher_setkey): Likewise. (cipher_setiv): Likewise. (cipher_reset): Likewise. (do_ecb_encrypt): Likewise. (do_ecb_decrypt): Likewise. (do_cbc_encrypt): Likewise. (do_cbc_decrypt): Likewise. (do_cfb_encrypt): Likewise. (do_cfb_decrypt): Likewise. (do_ctr_encrypt): Likewise. (cipher_encrypt): Likewise. (gcry_cipher_encrypt): Likewise. (cipher_decrypt): Likewise. (gcry_cipher_decrypt): Likewise. (cipher_sync): Likewise. (gcry_cipher_ctl): Likewise. * pubkey.c: Removed struct pubkey_table_s. Changed definition of pubkey_table. Removed definition of disabled_algos. (pubkeys_registered, default_pubkeys_registered): New variables. (REGISTER_DEFAULT_PUBKEYS): New macro. (setup_pubkey_table): Removed function. (load_pubkey_modules): Removed function. (gcry_pubkey_register_default): New function. (gcry_pubkey_lookup_func_id): New function. (gcry_pubkey_lookup_func_name): New function. (gcry_pubkey_lookup_id): New function. (gcry_pubkey_lookup_name): New function. (gcry_pubkey_id_new): New function. (gcry_pubkey_register): New function. (gcry_pubkey_unregister): New function. (gcry_pk_map_name): Adjusted to use new module management. (gcry_pk_algo_name): Likewise. (disable_pubkey_algo): Likewise. (check_pubkey_algo): Likewise. (pubkey_get_npkey): Likewise. (pubkey_get_nskey): Likewise. (pubkey_get_nsig): Likewise. (pubkey_get_nenc): Likewise. (pubkey_generate): Likewise. (pubkey_check_secret_key): Likewise. (pubkey_encrypt): Likewise. (pubkey_decrypt): Likewise. (pubkey_sign): Likewise. (pubkey_verify): Likewise. (gcry_pk_get_nbits): Likewise. (gcry_pk_algo_info): Likewise. * md.c: Removed struct md_digest_list_s. (digest_list): Changed definition. (digests_registered, default_digests_registered): New variables. (REGISTER_DEFAULT_DIGESTS): New macro. (new_list_item): Removed function. (setup_md_table): Removed function. (load_digest_module): Removed function. (gcry_digest_register_default): New function. (gcry_digest_lookup_func_id): New function. (gcry_digest_lookup_func_name): New function. (gcry_digest_lookup_id): New function. (gcry_digest_lookup_name): New function. (gcry_digest_id_new): New function. (gcry_digest_register): New function. (gcry_digest_unregister): New function. (GcryDigestEntry): New type. (struct gcry_md_context): Adjusted type of `list'. (gcry_md_map_name): Adjusted to use new module management. (digest_algo_to_string): Likewise. (check_digest_algo): Likewise. (md_enable): Likewise. (md_digest_length): Likewise. (md_asn_oid): Likewise. 2003-04-07 Moritz Schulte * pubkey.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA, PUBKEY_ALGO_RSA with GCRY_PK_RSA and PUBKEY_ALGO_ELGAMAL with GCRY_PK_ELG. * dsa.c: Replaced PUBKEY_ALGO_DSA with GCRY_PK_DSA. 2003-04-01 Moritz Schulte * des.c: Removed checks for GCRY_CIPHER_3DES and GCRY_CIPHER_DES. 2003-03-31 Moritz Schulte * tiger.c (tiger_get_info): Do not declare static. * sha256.c (sha256_get_info): Likewise. * sha1.c (sha1_get_info): Likewise. * rmd160.c (rmd160_get_info): Likewise. * md5.c (md5_get_info): Likewise. * md4.c (md4_get_info): Likewise. * crc.c (crc_get_info): Likewise. * md.c (load_digest_module): Call setup_md_table during initialization. (new_list_item): Link new element into digest_list. * cipher.c (do_ctr_decrypt): Made do_ctr_encrypt act as a wrapper for do_ctr_encrypt, since these functions are identical. 2003-03-30 Simon Josefsson * cipher.c (struct gcry_cipher_handle): Add counter field. (gcry_cipher_open): Add CTR. (cipher_reset): Clear counter field. (do_ctr_encrypt, do_ctr_decrypt): New functions. (cipher_encrypt, cipher_decrypt): Call CTR functions. (gcry_cipher_ctl): Add SET_CTR to set counter. 2003-03-30 Moritz Schulte * rsa.c (_gcry_rsa_blind): New function. (_gcry_rsa_unblind): New function. (_gcry_rsa_decrypt): Use _gcry_rsa_blind and _gcry_rsa_decrypt. 2003-03-26 Moritz Schulte * dynload.c (_gcry_enum_gnupgext_pubkeys): Adjust `encrypt' and `decrypt' function arguments. (_gcry_enum_gnupgext_pubkeys): Likewise. * dynload.h: Likewise. * pubkey.c (dummy_decrypt): Add argument: int flags. (dummy_encrypt): Likewise. * elgamal.c (_gcry_elg_encrypt): Add argument: int flags. (_gcry_elg_decrypt): Likewise. * rsa.c (_gcry_rsa_encrypt): Add argument: int flags. (_gcry_rsa_decrypt): Likewise. * pubkey.c: Add `flags' argument to members `encrypt' and `decrypt' of struct `pubkey_table_s'. * rsa.h: Add `flags' argument to function declarations. * elgamal.h: Likewise. * pubkey.c (sexp_data_to_mpi): New variable: int parsed_flags. (sexp_data_to_mpi): Set `parsed_flags'. (sexp_data_to_mpi): New argument: int *flags. (gcry_pk_encrypt): New variable: int flags. (gcry_pk_encrypt): Pass `flags' to pubkey_encrypt. (pubkey_encrypt): New variable: int flags. (pubkey_encrypt): Pass `flags' to pubkey encrypt function. (pubkey_decrypt): Likewise. (pubkey_decrypt): Pass `flags' to pubkey encrypt function. (gcry_pk_encrypt): Include `flags' s-exp in return list. (sexp_to_enc): New argument: int *flags. (gcry_pk_decrypt): New variable: int flags. (gcry_pk_decrypt): Pass `flags' to pubkey_decrypt. (sexp_to_enc): New variable: int parsed_flags. (sexp_to_enc): Set `parsed_flags'. 2003-03-22 Simon Josefsson * cipher.c (gcry_cipher_open, do_cbc_encrypt) (gcry_cipher_encrypt): Support GCRY_CIPHER_CBC_MAC. (gcry_cipher_ctl): Support GCRYCTL_SET_CBC_MAC. 2003-03-19 Werner Koch * primegen.c (gen_prime): New args EXTRA_CHECK and EXTRA_CHECK_ARG to allow for a user callback. Changed all callers. (_gcry_generate_secret_prime) (_gcry_generate_public_prime): Ditto, pass them to gen_prime. * rsa.c (check_exponent): New. (generate): Use a callback to ensure that a given exponent is actually generated. 2003-03-12 Moritz Schulte * primegen.c: Initialize `no_of_small_prime_numbers' statically. (gen_prime): Remove calculation of `no_of_small_prime_numbers'. 2003-03-03 Moritz Schulte * md.c (gcry_md_ctl): Rewritten to use same style like the other functions dispatchers. 2003-03-02 Moritz Schulte * cipher.c (struct gcry_cipher_handle): New member: algo_index. (gcry_cipher_open): Allocate memory for two cipher contexts. Initialize algo_index. (cipher_setkey): Duplicate context into reserved memory. (cipher_reset): New function, which resets the context and clear the IV. (gcry_cipher_ctl): Call cipher_reset. 2003-02-23 Moritz Schulte * cipher.c: Remove (bogus) `digitp' macro definition. * md.c: Likewise. * blowfish.c (burn_stack): Removed. * arcfour.c (burn_stack): Likewise. * cast5.c (burn_stack): Likewise. * des.c (burn_stack): Likewise. * md4.c (burn_stack): Likewise. * md5.c (burn_stack): Likewise. * random.c (burn_stack): Likewise. * rijndael.c (burn_stack): Likewise. * rmd160.c (burn_stack): Likewise. * sha1.c (burn_stack): Likewise. * sha256.c (burn_stack): Likewise. * tiger.c (burn_stack): Likewise. * twofish.c (burn_stack): Likewise. * blowfish.c: Changed all occurences of burn_stack to _gcry_burn_stack. * arcfour.c: Likewise. * cast5.c: Likewise. * des.c: Likewise. * md4.c: Likewise. * md5.c: Likewise. * random.c: Likewise. * rijndael.c: Likewise. * rmd160.c: Likewise. * sha1.c: Likewise. * sha256.c: Likewise. * tiger.c: Likewise. * twofish.c: Likewise. * arcfour.c (_gcry_arcfour_get_info): Use GCRY_CIPHER_ARCFOUR instead of hard-coded value `301'. 2003-01-24 Werner Koch * random.c (_gcry_register_random_progress): New. (_gcry_random_progress): New. * rndlinux.c (gather_random): Call the random progress function. 2003-01-23 Werner Koch * rsa.c (generate): New arg USE_E to request a specific public exponent. (_gcry_rsa_generate): Ditto. * elgamal.c (_gcry_elg_generate): Must add an dummy argument instead of USE_E. * dsa.c (_gcry_dsa_generate): Ditto. * pubkey.c (dummy_generate): Ditto. (pubkey_generate): Add USE_E arg and pass it down. (gcry_pk_genkey): Detect "rsa-use-e" parameter and pass it to generate. * pubkey.c (sexp_to_enc): New arg RET_MODERN. (gcry_pk_decrypt): Make use of it to return a real S-expression. Return better error codes. (gcry_pk_verify): Return better error codes. 2003-01-21 Werner Koch * random.c (gcry_random_add_bytes): Add QUALITY argument, let function return an error code and disable its core for now. 2003-01-21 Timo Schulz * random.c (gcry_random_add_bytes): New. Function to add external random to the pool. 2003-01-20 Simon Josefsson * crc.c: New. * Makefile.am (EXTRA_PROGRAMS, EXTRA_crc_SOURCES): Add crc.c. * md.c (gcry_md_get_algo_dlen): Add values for CRC. 2003-01-20 Werner Koch * sha256.c: New. * bithelp.h (ror): New. * Makfile.am: Add sha256.c. * md.c (oid_table): Add values for SHA256 et al. (gcry_md_get_algo_dlen): Likewise 2003-01-20 Werner Koch * pubkey.c (gcry_pk_get_keygrip): Implemented keygrips for DSA and ElGamal. 2003-01-17 Werner Koch * cipher.c (gcry_cipher_encrypt): Reworked so that the output will never contain the plaintext even if the caller did not checked the return value. * md.c (gcry_md_get_algo): Changed error code to GCRYERR_GENERAL because we don't have an invalid md algo but no algorithm enabled. * pubkey.c (gcry_pk_genkey): Changed error code for bounds check of table parameters to GCRYERR_INTERNAL. * md.c (gcry_md_open): Partly reverted Timo's change from 2002-10-10 by removing the check for the algorithm. An algorithm of 0 is allowed and anyway we should not double check it or check it using a different function. Also fixed the flags check. * pubkey.c (gcry_pk_encrypt): Make sure that R_CIPH points to NULL on error. (gcry_pk_decrypt): Ditto for R_PLAIN. (gcry_pk_sign): Ditto for R_SIG. (gcry_pk_genkey): Ditto for R_KEY. 2003-01-16 Werner Koch * md.c (gcry_md_write): Changed 2nd argument type to void*. (gcry_md_hash_buffer): Changed type of boths buffers to void*. (gcry_md_setkey): Changed 2nd argument type to void*. 2003-01-15 Werner Koch * pubkey.c (sexp_data_to_mpi): New. This handles pkcs1 padding. (gcry_pk_sign, gcry_pk_verify): Use it here. (gcry_pk_encrypt): And here. (pubkey_verify): Add debug code. (sexp_to_enc): Handle flags in the input and return the pkcs1 flag in a new parameter. (gcry_pk_decrypt): Prepare for future pkcs1 handling. 2002-12-19 Werner Koch * random.c (_gcry_random_initialize): New. 2002-12-16 Werner Koch * cipher.c: Added a Teletrust specific OID for 3DES. 2002-12-12 Werner Koch * md.c: Added another oddball OIW OID (sha-1WithRSAEncryption). 2002-11-23 Werner Koch * md.c (load_digest_module): Enlarged checked_algos bitmap. * md4.c (func_table): Fixed entry for md4. Both by Simon Josephson. (transform): Copy data to get the alignment straight. Tested only on i386. 2002-11-10 Simon Josefsson * cipher.c (gcry_cipher_open): Don't reject CTS flag. (do_cbc_encrypt, do_cbc_decrypt, cipher_encrypt) (gcry_cipher_encrypt, cipher_decrypt) (gcry_cipher_decrypt): Support CTS flag. (gcry_cipher_ctl): Toggle CTS flag. 2002-11-10 Werner Koch * md4.c: New. By Simon Josefsson. * Makefile.am (EXTRA_PROGRAMS): Add md4.c. * md.c (oid_table,gcry_md_get_algo_dlen): MD4 support. 2002-10-14 Werner Koch * arcfour.c (do_encrypt_stream): Don't use increment op when assigning to the same variable. 2002-10-10 Timo Schulz * pubkey.c (gcry_pk_genkey): Check boundaries. * md.c (gcry_md_open): Check that algo is available and only valid flag values are used. (gcry_md_get_algo): Add error handling. 2002-09-26 Werner Koch * md.c: Include an OID for TIGER. * tiger.c (tiger_get_info): Use a regular OID. 2002-09-17 Werner Koch * random.c: Replaced mutex.h by the new ath.h. Changed all calls. 2002-09-16 Werner Koch * arcfour.c (do_encrypt_stream): Use register modifier and modulo. According to Nikos Mavroyanopoulos this increases perfromace on i386 system noticable. And I always tought gcc is clever enough. * md5.c (transform): Use register modifier. * rmd160.c (transform): Ditto. * sha1.c (transform): Ditto. We hope that there are 6 free registers. * random.c (gcry_randomize): Rewrote to avoid malloc calls. * rndlinux.c (gather_random): Replaced remaining fprintfs by log_*. * arcfour.c (do_arcfour_setkey): Ditto. * twofish.c (do_twofish_setkey): Ditto. * rndegd.c (gather_random): Ditto. * rijndael.c (do_setkey): Ditto. * random.c (_gcry_random_dump_stats): Ditto. * primegen.c (_gcry_generate_elg_prime): Ditto. * des.c (_gcry_des_get_info): Ditto. * cast5.c (do_cast_setkey): Ditto. * blowfish.c (do_bf_setkey): Ditto. 2002-08-26 Werner Koch * des.c (weak_keys): Fixed one entry in the table and compared all entries against the literature. (selftest): Checksum the weak key table. 2002-08-21 Werner Koch * pubkey.c: Enable keygrip calculation for "openpgp-rsa". 2002-08-17 Werner Koch * cipher.c (setup_cipher_table): Don't overwrite the DES entry with the entry for DUMMY. 2002-08-14 Werner Koch * des.c (do_des_setkey,do_des_encrypt, do_des_decrypt): New. (_gcry_des_get_info): Support plain old DES. * cipher.c (setup_cipher_table): Put DES into the table. 2002-07-25 Werner Koch * rndunix.c (_gcry_rndunix_constructor): Prefixed with _gcry_. Noted by Stephan Austermuehle. 2002-07-08 Timo Schulz * rndw32.c: Replaced the m_ memory functions with the real gcry_ functions. Renamed all g10_ prefixed functions to log_. 2002-06-12 Werner Koch * rsa.c (generate): Use e = 65537 for now. 2002-06-11 Werner Koch * pubkey.c (gcry_pk_get_keygrip): Allow a "protected-private-key". 2002-06-05 Timo Schulz * cipher.c (gcry_cipher_encrypt, gcry_cipher_decrypt): Check that the input size is a multiple of the blocksize. 2002-05-23 Werner Koch * md.c (oid_table): Add an rsadsi OID for MD5. 2002-05-21 Werner Koch * primegen.c, elgamal.c, dsa.c (progress): Do not print anything by default. Pass an extra identifying string to the callback and reserved 2 argumenst for current and total counters. Changed the register function prototype. 2002-05-17 Werner Koch * rndegd.c (rndegd_constructor): Fixed name of register function and prefixed the function name with _gcry_. * rndw32.c (rndw32_constructor): Ditto. * tiger.c (tiger_constructor): Ditto. * Makefile.am: Removed all dynamic loading stuff. * dynload.c: Ditto. Now only used for the constructor system. 2002-05-15 Werner Koch * random.c (gcry_random_bytes,gcry_random_bytes_secure) (gcry_randomize): Make sure we are initialized. 2002-05-14 Werner Koch Changed license of most files to the LGPL. 2002-05-02 Werner Koch * random.c (_gcry_fast_random_poll): Initialize the module so the mutex can be used. * primegen.c (small_prime_numbers): Moved table from smallprime.c * smallprime.c: File removed. * des.c (leftkey_swap, rightkey_swap, working_memcmp): Made static. * cipher.c (gcry_cipher_map_name): Map "RIJNDAEL" to "AES". * rijndael.c (rijndael_get_info): We do only support a 128 bit blocksize so it makes sense to change the algorithm strings to AES. * tiger.c (tiger_final): Removed superfluous token pasting operators. * md5.c (md5_final): Ditto. 2002-04-30 Werner Koch * cipher.c: Fixed list of copyright years. 2002-03-18 Werner Koch * random.c (initialize): Initialize the new pool lock mutex. (_gcry_fast_random_poll): Add locking and moved main code out to... (do_fast_random_poll): new function. (read_pool): Use the new function here. (get_random_bytes): Add locking. (_gcry_update_random_seed_file): Ditto. 2002-03-11 Werner Koch * md.c: Add rsaSignatureWithripemd160 to OID table. 2002-02-20 Werner Koch * sha1.c: Removed a left over comment note. The code has been rewritten from scratch in 1998. Thanks to Niels Möller for reporting this misleading comment. 2002-02-18 Werner Koch * rndunix.c (rndunix_constructor): Use the the new prefixed function name. Reported by Jordi Mallach. 2002-02-10 Werner Koch * random.c (mix_pool): Carry an extra failsafe_digest buffer around to make the function more robust. 2002-02-08 Werner Koch * random.c (add_randomness): Xor new data into the pool and not just copy it. This avoids any choosen input attacks which are not serious in our setting because an outsider won't be able to mix data in and even then we keep going with a PRNG. Thanks to Stefan Keller for pointing this out. 2002-01-04 Werner Koch * pubkey.c (gcry_pk_genkey): Do not release skey - it is static. * primegen.c (gen_prime): Of course we should use set_bit and not set_highbit to set the second high bit. 2001-12-18 Werner Koch * rsa.c (generate): Loop until we find the exact modulus size. Changed the exponent to 41. (rsa_get_info): s/usage/r_usage/ to avoid shadow warnings. * primegen.c (gen_prime): Set 2 high order bits for secret primes. * Makefile.am (DISTCLEANFILES): Include construct.c. 2001-12-17 Werner Koch * pubkey.c (gcry_pk_get_keygrip): New - experimental. 2001-12-11 Werner Koch * cipher.c: Added OIDs for AES. (gcry_cipher_mode_from_oid): New. (gcry_cipher_map_name): Moved OID search code to .. (search_oid): .. new function. 2001-12-10 Werner Koch * pubkey.c (gcry_pk_encrypt): Find the signature algorithm by name and not by number. * pubkey.c (gcry_pk_encrypt,gcry_pk_decrypt,gcry_pk_sign) (gcry_pk_verify,gcry_pk_testkey, gcry_pk_genkey) (gcry_pk_get_nbits): Release the arrays. Noted by Nikos Mavroyanopoulos. 2001-12-06 Werner Koch * cipher.c (gcry_cipher_map_name): Look also for OIDs prefixed with "oid." or "OID.". 2001-12-05 Werner Koch * pubkey.c (algo_info_table): Fixed entry for openpgp-rsa. 2001-11-24 Werner Koch * pubkey.c: Added the rsaEncryption OID to the tables. (sexp_to_key): Add an arg to return the index of the algorithm, changed all callers. (gcry_pk_sign): Find the signature algorithm by name and not by number. (gcry_pk_get_nbits): Fixed so that we can now really pass a secret key to get the result. * md.c (gcry_md_map_name): Look also for OIDs prefixed with "oid." or "OID." so that an OID string can be used as an S-Exp token. 2001-11-20 Werner Koch * md.c (gcry_md_map_name): Lookup by OID if the the name begins with a digit. (oid_table): New. 2001-11-16 Werner Koch * md.c (gcry_md_info): New operator GCRYCTL_IS_ALGO_ENABLED. 2001-11-07 Werner Koch * md.c (gcry_md_hash_buffer): Close the handle which was left open for algorithms other than rmd160. 2001-08-08 Werner Koch * rndw32.c (gather_random): Use toolhelp in addition to the NT gatherer for Windows2000. Suggested by Sami Tolvanen. * random.c (read_pool): Fixed length check, this used to be one byte to strict. Made an assert out of it because the caller has already made sure that only poolsize bytes are requested. Reported by Marcus Brinkmann. 2001-08-03 Werner Koch * cipher.c (cipher_encrypt, cipher_decrypt): Prepare to return errors. We have to change the interface to all ciphers to make this really work but we should do so to prepare for hardware encryption modules. (gcry_cipher_encrypt, gcry_cipher_decrypt): Return the error and set lasterr. (gcry_cipher_ctl): Make sure that errors from setkey are returned. 2001-08-02 Werner Koch * rndlinux.c (gather_random): casted a size_t arg to int so that the format string is correct. Casting is okay here and avoids translation changes. * random.c (fast_random_poll): Do not check the return code of getrusage. * rndunix.c: Add a signal.h header to avoid warnings on Solaris 7 and 8. * tiger.c (print_abc,print_data): Removed. * rijndael.c, des.c, blowfish.c, twofish.c, cast5.c, arcfour.c (burn_stack): New. Add wrappers for most functions to be able to call burn_stack after the function invocation. This methods seems to be the most portable way to zeroise the stack used. It does only work on stack frame based machines but it is highly portable and has no side effects. Just setting the automatic variables at the end of a function to zero does not work well because the compiler will optimize them away - marking them as volatile would be bad for performance. * md5.c, sha1.c, rmd160.c, tiger.c (burn_stack): Likewise. * random.c (burn_stack): New. (mix_pool): Use it here to burn the stack of the mixblock function. * primegen.c (_gcry_generate_elg_prime): Freed q at 3 places. Thanks to Tommi Komulainen. * arcfour.c (arcfour_setkey): Check the minimim keylength against bytes and not bits. (selftest): Must reset the key before decryption. 2001-05-31 Werner Koch * sha1.c (sha1_init): Made static. Changed all g10_ prefixed function names as well as some mpi_ function names to cope with the introduced naming changes. * md.c (prepare_macpads): Made key const. 2001-05-28 Werner Koch * rndegd.c (gather_random): Removed the use of tty_printf. 2001-03-29 Werner Koch * md5.c (md5_final): Fixed calculation of hashed length. Thanks to disastry@saiknes.lv for pointing out that it was horrible wrong for more than 512MB of input. * sha1.c (sha1_final): Ditto. * rmd160.c (rmd160_final): Ditto. * tiger.c (tiger_final): Ditto. * blowfish.c (encrypt,do_encrypt): Changed name to do_encrypt to avoid name clashes with an encrypt function in stdlib.h of Dynix/PIX. Thanks to Gene Carter. * elgamal.c (encrypt,do_encrypt): Ditto. * twofish.c (gnupgext_enum_func): Use only when when compiled as a module. * rijndael.c (gnupgext_enum_func): Ditto. * tiger.c (tiger_get_info): Return "TIGER192" and not just "TIGER". By Edwin Woudt. * random.c: Always include time.h - standard requirement. Thanks to James Troup. * rndw32.c: Fixes to the macros. 2001-01-11 Werner Koch * cipher.c (cipher_encrypt,gcry_cipher_encrypt): Use blocksize and not 8. 2000-12-19 Werner Koch Major change: Removed all GnuPG stuff and renamed this piece of software to gcrypt. 2000-11-14 Werner Koch * dsa.c (test_keys): Replaced mpi_alloc by gcry_mpi_new and mpi_free by gcry_mpi_release. * elgamal.c (test_keys,generate): Ditto, also for mpi_alloc_secure. * rsa.c (test_keys,generate,rsa_verify): Ditto. * primegen.c (generate_elg_prime): Ditto. (gen_prime): Ditto and removed nlimbs. * rsa.c (generate): Allocate 2 more vars in secure memory. * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency problems. 2000-10-09 Werner Koch * arcfour.c, arcfour.h: New. * cipher.c (cipher_encrypt, cipher_decrypt): Add stream mode. (setup_cipher_table): Add Arcfour. (gcry_cipher_open): Kludge to allow stream mode. Wed Oct 4 13:16:18 CEST 2000 Werner Koch * sha1.c (transform): Use rol() macro. Actually this is not needed for a newer gcc but there are still aoter compilers. * rsa.c (test_keys): Use new random function. * md.c (gcry_md_setkey): New function to overcome problems with const conflics. (gcry_md_ctl): Pass set key to the new functions. * rijndael.c: New. * cipher.c: Add Rijndael support. Mon Sep 18 16:35:45 CEST 2000 Werner Koch * rndlinux.c (open_device): Loose random device checking. By Nils Ellmenreich. * random.c (fast_random_poll): Check ENOSYS for getrusage. * rndunix.c: Add 2 sources for QNX. By Sam Roberts. * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE. * rsa.c: Changed the comment about the patent. (secret): Speed up by using the CRT. For a 2k keys this is about 3 times faster. (stronger_key_check): New but unused code to check the secret key. * Makefile.am: Included rsa.[ch]. * pubkey.c: Enabled RSA support. (pubkey_get_npkey): Removed RSA workaround. Mon Jul 31 10:04:47 CEST 2000 Werner Koch * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new gcry_sexp_nth_{data,mpi} functions. Tue Jul 25 17:44:15 CEST 2000 Werner Koch * pubkey.c (exp_to_key,sexp_to_sig,sexp_to_enc,gcry_pk_encrypt, gcry_pk_decrypt,gcry_pk_sign,gcry_pk_genkey): Changed to work with the new S-Exp interface. Mon Jul 17 16:35:47 CEST 2000 Werner Koch * random.c (gather_faked): Replaced make_timestamp by time(2) again. Fri Jul 14 19:38:23 CEST 2000 Werner Koch * md.c (gcry_md_ctl): Support GCRYCTL_{START,STOP}_DUMP. * Makefile.am: Never compile mingw32 as module. * Makefile.am: Tweaked module build and removed libtool * Makefile.am: Replaced -O1 by -O. Suggested by Alec Habig. * elgamal.c (sign): Removed inactive code. * rsa.c, rsa.h: New based on the old module version (only in CVS for now). * pubkey.c (setup_pubkey_table): Added commented support for RSA. * rndunix.c (waitpid): New. For UTS 2.1. All by Dave Dykstra. (my_popen): Do the FD_CLOEXEC only if it is available (start_gatherer): Cope with missing _SC_OPEN_MAX * rndunix.c: Add some more headers for QNX. By Sam Roberts. * rndegd.c (gather_random): Shortcut level 0. * rndunix.c (gather_random): Ditto. * rndw32.c (gather_random): Ditto. * rndw32.c: Replaced with code from Cryptlib and commented the old stuff. * rndw32.c: Add some debuging code enabled by an environment variable. * random.c (read_seed_file): Binary open for DOSish system (update_random_seed_file): Ditto. * random.c [MINGW32]: Include process.h for getpid. * random.c (fast_random_poll): Add clock_gettime() as fallback for system which support this POSIX.4 fucntion. By Sam Roberts. * random.c (read_seed_file): Removed the S_ISLNK test becuase it is already covered by !S_ISREG and is not defined in Unixware. Reported by Dave Dykstra. (update_random_seed_file): Silently ignore update request when pool is not filled. * random.c (read_seed_file): New. (set_random_seed_file): New. (read_pool): Try to read the seeding file. (update_random_seed_file): New. (read_pool): Do an initial extra seeding when level 2 quality random is requested the first time. This requestes at least POOLSIZE/2 bytes of entropy. Compined with the seeding file this should make normal random bytes cheaper and increase the quality of the random bytes used for key generation. * random.c (read_pool): Print a more friendly error message in cases when too much random is requested in one call. * random.c (fast_random_poll): Check whether RUSAGE_SELF is defined; this is not the case for some ESIX and Unixware, although they have getrusage(). * primegen.c (generate_elg_prime): All primes are now generated with the lowest random quality level. Because they are public anyway we don't need stronger random and by this we do not drain the systems entropy so much. * primegen.c (register_primegen_progress): New. * dsa.c (register_pk_dsa_progress): New. * elgamal.c (register_pk_elg_progress): New. * elgamal.c (wiener_map): New. (gen_k): Use a much smaller k. (generate): Calculate the qbits using the wiener map and choose an x at a size comparable to the one choosen in gen_k * rmd160.c (rmd160_get_info): Moved casting to the left side due to a problem with UTS4.3. Suggested by Dave Dykstra. * sha1.c (sha1_get_info): Ditto. * tiger.c (tiger_get_info): Ditto. * md5.c (md5_get_info): Ditto * des.c (des_get_info): Ditto. * blowfish.c (blowfish_get_info): Ditto. * cast5.c (cast5_get_info): Ditto. * twofish.c (twofish_get_info): Ditto. Fri Mar 24 11:25:45 CET 2000 Werner Koch * md.c (md_open): Add hmac arg and allocate space for the pads. (md_finalize): Add HMAC support. (md_copy): Ditto. (md_close): Ditto. (gcry_md_reset): Ditto. (gcry_md_ctl): Ditto. (prepare_macpdas): New. Mon Mar 13 19:22:46 CET 2000 Werner Koch * md.c (gcry_md_hash_buffer): Add support for the other algorithms. Mon Jan 31 16:37:34 CET 2000 Werner Koch * genprime.c (generate_elg_prime): Fixed returned factors which never worked for non-DSA keys. Thu Jan 27 18:00:44 CET 2000 Werner Koch * pubkey.c (sexp_to_key): Fixed mem leaks in case of errors. Mon Jan 24 22:24:38 CET 2000 Werner Koch * pubkey.c (gcry_pk_decrypt): Implemented. (gcry_pk_encrypt): Implemented. (gcry_pk_testkey): New. (gcry_pk_genkey): New. (pubkey_decrypt): Made static. (pubkey_encrypt): Ditto. (pubkey_check_secret_key): Ditto. (pubkey_generate): Ditto. Mon Jan 24 13:04:28 CET 2000 Werner Koch * pubkey.c (pubkey_nbits): Removed and replaced by ... (gcry_pk_get_nbits): this new one. Wed Dec 8 21:58:32 CET 1999 Werner Koch * dsa.c: s/mpi_powm/gcry_mpi_powm/g * elgamal.c: Ditto. * primegen.c: Ditto. * : Replaced g10_opt_verbose by g10_log_verbosity(). * Makefile.am (INCLUDES): removed intl, add ../gcrypt Fri Nov 19 17:15:20 CET 1999 Werner Koch * dynload.c (cmp_filenames): New to replaced compare_filename() in module. (register_cipher_extension): Removed the tilde expansion stuff. * rndeg.c (my_make_filename): New. * : Replaced header util.h by g10lib.h * random.c (gather_faked): Replaced make_timestamp by time(2). Disabled wrning printed with tty_printf. * rndlinux.c (gather_random): Always use fprintf instead of tty_xxx; this should be replaced by a callback function. * primegen.c (gen_prime): Use gcry_mpi_randomize. (is_prime): Ditto. * elgamal.c (test_keys): Ditto. * dsa.c (test_keys): Ditto. * cipher.c (gcry_cipher_close): Die on invalid handle. Mon Nov 15 21:36:02 CET 1999 Werner Koch * elgamal.c (gen_k): Use the new random API. (generate): Ditto. * dsa.c (gen_k): Ditto. (generate): Ditto. Sat Nov 13 17:44:23 CET 1999 Werner Koch * pubkey.c (disable_pubkey_algo): Made static. (gcry_pk_ctl): New. * random.c (get_random_bits): Renamed to ... (get_random_bytes): ... this and made static. (gcry_random_bytes): New. (gcry_random_bytes_secure): New. (randomize_buffer): Renamed to ... (gcry_randomize): ...this. * md.c (gcry_md_hash_buffer): New. * pubkey.c (gcry_pk_algo_info): 4 new commands. (pubkey_get_npkey): Made static. (pubkey_get_nskey): Made static. (pubkey_get_nsig): Made static. (pubkey_get_nenc): Made static. * pubkey.c: Removed all G10ERR_xxx. * cipher.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_CIPHER_ALGO. * md.c: Changed all GCRYERR_INV_ALGO to GCRYERR_INV_MD_ALGO. * cast5.c (cast_setkey): Changed errocodes to GCRYERR_xxx. * blowfish.c: Ditto. * des.c: Ditto. * twofish.c: Ditto. * dsa.c: Ditto. * elgamal.c: Ditto. * g10c.c: Removed * cipher.c (gcry_cipher_open): Replaced alloc functions and return NULL if we are out of core. * dynload.c: Replaced all memory allocation functions. * md.c: Ditto. * primegen.c: Ditto. * pubkey.c: Ditto. * random.c: Ditto. * rndw32.c: Ditto. * elgamal.c: Ditto. * dsa.c: Ditto. Tue Oct 26 14:10:21 CEST 1999 Werner Koch * elgamal.c (sign): Hugh found strange code here. Replaced by BUG(). * cipher.c: Merged with gcrypt/symapi.c. * pubkey.c (string_to_pubkey_algo): Renamed function to ... (gcry_pk_map_name): ... this. (pubkey_algo_to_string): Renamed function to ... (gcry_pk_algo_name): ... this. (gcry_pk_algo_info): New. * pubkey.c: Merged with gcrypt/pkapi.c. * md.c (md_reset): Clear finalized; thanks to Ulf Moeller for fixing this bug. * md.c: Merged with gcrypt/mdapi.c Wed Sep 15 14:39:59 CEST 1999 Michael Roth * des.c: Various speed improvements: One bit pre rotation trick after initial permutation (Richard Outerbridge). Finished test of SSLeay Tripple-DES patterns. Wed Sep 15 16:22:17 CEST 1999 Werner Koch * rndw32.c: New. Mon Sep 13 10:51:29 CEST 1999 Werner Koch * bithelp.h: New. * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h Tue Sep 7 16:23:36 CEST 1999 Werner Koch * Makefile.am: Fixed seds for latest egcc. By Ollivier Robert. Mon Sep 6 19:59:08 CEST 1999 Werner Koch * des.c (selftest): Add some testpattern Mon Aug 30 20:38:33 CEST 1999 Werner Koch * cipher.c (do_cbc_encrypt): Fixed serious bug occuring when not using in place encryption. Pointed out by Frank Stajano. Mon Jul 26 09:34:46 CEST 1999 Werner Koch * md5.c (md5_final): Fix for a SCO cpp bug. Thu Jul 15 10:15:35 CEST 1999 Werner Koch * elgamal.c (elg_check_secret_key,elg_encrypt elg_decrypt,elg_sign,elg_verify): Sanity check on the args. * dsa.c (dsa_check_secret_key,dsa_sign,dsa_verify): Ditto. * pubkey.c (disable_pubkey_algo): New. (check_pubkey_algo2): Look at disabled algo table. * cipher.c (disable_cipher_algo): New. (check_cipher_algo): Look at disabled algo table. Wed Jul 7 13:08:40 CEST 1999 Werner Koch * Makefile.am: Support for libtool. Fri Jul 2 11:45:54 CEST 1999 Werner Koch * dsa.c (gen_k): Changed algorithm to consume less random bytes * elgamal.c (gen_k): Ditto. * random.c (random_dump_stats): New. Thu Jul 1 12:47:31 CEST 1999 Werner Koch * primegen.c, elgamal.c, dsa.c (progess): New and replaced all fputc with a call to this function. Sat Jun 26 12:15:59 CEST 1999 Werner Koch * rndegd.c (do_write): s/ssize_t/int/ due to SunOS 4.1 probs. * cipher.c (do_cbc_encrypt, do_cbc_decrypt): New. * dynload.c (HAVE_DL_SHL_LOAD): Map hpux API to dlopen (Dave Dykstra). * Makefile.am (install-exec-hook): Removed. Sun May 23 14:20:22 CEST 1999 Werner Koch * cipher.c (setup_cipher_table): Enable Twofish * random.c (fast_random_poll): Disable use of times() for mingw32. Mon May 17 21:54:43 CEST 1999 Werner Koch * dynload.c (register_internal_cipher_extension): Minor init fix. Tue May 4 15:47:53 CEST 1999 Werner Koch * primegen.c (gen_prime): Readded the Fermat test. Fixed the bug that we didn't correct for step when passing the prime to the Rabin-Miller test which led to bad performance (Stefan Keller). (check_prime): Add a first Fermat test. Sun Apr 18 10:11:28 CEST 1999 Werner Koch * cipher.c (cipher_setiv): Add ivlen arg, changed all callers. * random.c (randomize_buffer): alway use secure memory because we can't use m_is_secure() on a statically allocated buffer. * twofish.c: Replaced some macros by a loop to reduce text size. * Makefile.am (twofish): No more need for sed editing. Fri Apr 9 12:26:25 CEST 1999 Werner Koch * cipher.c (cipher_open): Reversed the changes for AUTO_CFB. * blowfish.c: Dropped the Blowfish 160 mode. * cipher.c (cipher_open): Ditto. (setup_cipher_table): Ditto. And removed support of twofish128 Wed Apr 7 20:51:39 CEST 1999 Werner Koch * random.c (get_random_bits): Can now handle requests > POOLSIZE * cipher.c (cipher_open): Now uses standard CFB for automode if the blocksize is gt 8 (according to rfc2440). * twofish.c: Applied Matthew Skala's patches for 256 bit key. Tue Apr 6 19:58:12 CEST 1999 Werner Koch * random.c (get_random_bits): Can now handle requests > POOLSIZE * cipher.c (cipher_open): Now uses standard CFB for automode if the blocksize is gt 8 (according to rfc2440). Sat Mar 20 11:44:21 CET 1999 Werner Koch * rndlinux.c (tty_printf) [IS_MODULE]: Removed. * rndegd.c (gather_random): Some fixes. Wed Mar 17 13:09:03 CET 1999 Werner Koch * rndegd.c (do_read): New. (gather_random): Changed the implementation. Mon Mar 8 20:47:17 CET 1999 Werner Koch * dynload.c (DLSYM_NEEDS_UNDERSCORE): Renamed. Fri Feb 26 17:55:41 CET 1999 Werner Koch * md.c: Nearly a total rewrote. Wed Feb 24 11:07:27 CET 1999 Werner Koch * cipher.c (context): Fixed alignment * md.c: Ditto. * rndegd.c: New Mon Feb 22 20:04:00 CET 1999 Werner Koch * rndegd.c: New. Wed Feb 10 17:15:39 CET 1999 Werner Koch * Makefile.am: Modules are now figured out by configure * construct.c: New. Generated by configure. Changed all modules to work with that. * sha1.h: Removed. * md5.h: Removed. * twofish.c: Changed interface to allow Twofish/256 * rndunix.c (start_gatherer): Die on SIGPIPE. Wed Jan 20 18:59:49 CET 1999 Werner Koch * rndunix.c (gather_random): Fix to avoid infinite loop. Sun Jan 17 11:04:33 CET 1999 Werner Koch * des.c (is_weak_key): Replace system memcmp due to bugs in SunOS's memcmp. (des_get_info): Return error on failed selftest. * twofish.c (twofish_setkey): Return error on failed selftest or invalid keylength. * cast5.c (cast_setkey): Ditto. * blowfish.c (bf_setkey): Return error on failed selftest. Tue Jan 12 11:17:18 CET 1999 Werner Koch * random.c (random_is_faked): New. * tiger.c: Only compile if we have the u64 type Sat Jan 9 16:02:23 CET 1999 Werner Koch * rndunix.c (gather_random): check for setuid. * Makefile.am: Add a way to staically link random modules Thu Jan 7 18:00:58 CET 1999 Werner Koch * md.c (md_stop_debug): Do a flush first. (md_open): size of buffer now depends on the secure parameter Sun Jan 3 15:28:44 CET 1999 Werner Koch * rndunix.c (start_gatherer): Fixed stupid ==/= bug 1998-12-31 Geoff Keating * des.c (is_weak_key): Rewrite loop end condition. Tue Dec 29 14:41:47 CET 1998 Werner Koch * random.c: add unistd.h for getpid(). (RAND_MAX): Fallback value for Sun. Wed Dec 23 17:12:24 CET 1998 Werner Koch * md.c (md_copy): Reset debug. Mon Dec 14 21:18:49 CET 1998 Werner Koch * random.c (read_random_source): Changed the interface to the random gathering function. (gather_faked): Use new interface. * dynload.c (dynload_getfnc_fast_random_poll): Ditto. (dynload_getfnc_gather_random): Ditto. * rndlinux.c (gather_random): Ditto. * rndunix.c (gather_random): Ditto. Sat Dec 12 18:40:32 CET 1998 Werner Koch * dynload.c (SYMBOL_VERSION): New to cope with system which needs underscores. * rndunix.c: Rewrote large parts Thu Dec 10 20:15:36 CET 1998 Werner Koch * dynload.c (load_extension): increased needed verbosity level. * random.c (fast_random_poll): Fallback to a default fast random poll function. (read_random_source): Always use the faked entroy gatherer if no gather module is available. * rndlinux.c (fast_poll): Removed. * rndunix.c (fast_poll): Removed. Wed Nov 25 12:33:41 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-*.c: Removed. * rndlinux.c : New. * rndunix.c : New. * random.c : Restructured the interface to the gather modules. (intialize): Call constructor functions (read_radnom_source): Moved to here. * dynload.c (dynload_getfnc_gather_random): New. (dynload_getfnc_fast_random_poll): New. (register_internal_cipher_extension): New. (register_cipher_extension): Support of internal modules. Sun Nov 8 17:44:36 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-unix.c (read_random_source): Removed the assert. Mon Oct 19 18:34:30 1998 me,,, (wk@tobold) * pubkey.c: Hack to allow us to give some info about RSA keys back. Thu Oct 15 11:47:57 1998 Werner Koch (wk@isil.d.shuttle.de) * dynload.c: Support for DLD Wed Oct 14 12:13:07 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-unix.c: Now uses names from configure for /dev/random. 1998-10-10 SL Baur * Makefile.am: fix sed -O substitutions to catch -O6, etc. Tue Oct 6 10:06:32 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-unix.c (HAVE_GETTIMEOFDAY): Fixed (was ..GETTIMEOFTIME :-) * rand-dummy.c (HAVE_GETTIMEOFDAY): Ditto. Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_digest): New. (md_reset): New. Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned. Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none)) * des.c: Some patches from Michael. Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none)) * des.c : New file from Michael Roth Mon Sep 14 11:10:55 1998 Werner Koch (wk@(none)) * blowfish.c (bf_setkey): Niklas Hernaeus patch to detect weak keys. Mon Sep 14 09:19:25 1998 Werner Koch (wk@(none)) * dynload.c (RTLD_NOW): Now defined to 1 if it is undefined. Mon Sep 7 17:04:33 1998 Werner Koch (wk@(none)) * Makefile.am: Fixes to allow a different build directory Thu Aug 6 17:25:38 1998 Werner Koch,mobil,,, (wk@tobold) * random.c (get_random_byte): Removed and changed all callers to use get_random_bits() Mon Jul 27 10:30:22 1998 Werner Koch (wk@(none)) * cipher.c : Support for other blocksizes (cipher_get_blocksize): New. * twofish.c: New. * Makefile.am: Add twofish module. Mon Jul 13 21:30:52 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (read_pool): Simple alloc if secure_alloc is not set. (get_random_bits): Ditto. Thu Jul 9 13:01:14 1998 Werner Koch (wk@isil.d.shuttle.de) * dynload.c (load_extension): Function now nbails out if the program is run setuid. Wed Jul 8 18:58:23 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (rmd160_hash_buffer): New. Thu Jul 2 10:50:30 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c (cipher_open): algos >=100 use standard CFB Thu Jun 25 11:18:25 1998 Werner Koch (wk@isil.d.shuttle.de) * Makefile.am: Support for extensions Thu Jun 18 12:09:38 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (mix_pool): simpler handling for level 0 Mon Jun 15 14:40:48 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c: Removed from dist, will reappear as dynload module Sat Jun 13 14:16:57 1998 Werner Koch (wk@isil.d.shuttle.de) * pubkey.c: Major changes to allow extensions. Changed the inteface of all public key ciphers and added the ability to load extensions on demand. * misc.c: Removed. Wed Jun 10 07:52:08 1998 Werner Koch,mobil,,, (wk@tobold) * dynload.c: New. * cipher.c: Major changes to allow extensions. Mon Jun 8 22:43:00 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c: Major internal chnages to support extensions. * blowfish.c (blowfish_get_info): New and made all internal functions static, changed heder. * cast5.c (cast5_get_info): Likewise. Mon Jun 8 12:27:52 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c (transform): Fix for big endian * cipher.c (do_cfb_decrypt): Big endian fix. Fri May 22 07:30:39 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_get_oid): Add a new one for TIGER. Thu May 21 13:24:52 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c: Add support for a dummy cipher Thu May 14 15:40:36 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (transform): fixed sigbus - I should better add Christian von Roques's new implemenation of rmd160_write. Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de) * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New * random.c: Moved system specific functions to rand-****.c Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (fast_random_poll): add call to gethrtime. Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de) * elgamal.c (elg_generate): choosing x was not correct, could yield 6 bytes which are not from the random pool, tsss, tsss.. Tue May 5 14:09:06 1998 Werner Koch (wk@isil.d.shuttle.de) * primegen.c (generate_elg_prime): Add arg mode, changed all callers and implemented mode 1. Mon Apr 27 14:41:58 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c (cipher_get_keylen): New. Sun Apr 26 14:44:52 1998 Werner Koch (wk@isil.d.shuttle.de) * tiger.c, tiger.h: New. Wed Apr 8 14:57:11 1998 Werner Koch (wk@isil.d.shuttle.de) * misc.c (check_pubkey_algo2): New. Tue Apr 7 18:46:49 1998 Werner Koch (wk@isil.d.shuttle.de) * cipher.c: New * misc.c (check_cipher_algo): Moved to cipher.c * cast5.c: Moved many functions to cipher.c * blowfish.c: Likewise. Sat Apr 4 19:52:08 1998 Werner Koch (wk@isil.d.shuttle.de) * cast5.c: Implemented and tested. Wed Apr 1 16:38:27 1998 Werner Koch (wk@isil.d.shuttle.de) * elgamal.c (elg_generate): Faster generation of x in some cases. Thu Mar 19 13:54:48 1998 Werner Koch (wk@isil.d.shuttle.de) * blowfish.c (blowfish_decode_cfb): changed XOR operation (blowfish_encode_cfb): Ditto. Thu Mar 12 14:04:05 1998 Werner Koch (wk@isil.d.shuttle.de) * sha1.c (transform): Rewrote * blowfish.c (encrypt): Unrolled for rounds == 16 (decrypt): Ditto. Tue Mar 10 16:32:08 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (transform): Unrolled the loop. Tue Mar 10 13:05:14 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (read_pool): Add pool_balance stuff. (get_random_bits): New. * elgamal.c (elg_generate): Now uses get_random_bits to generate x. Tue Mar 10 11:33:51 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_digest_length): New. Tue Mar 10 11:27:41 1998 Werner Koch (wk@isil.d.shuttle.de) * dsa.c (dsa_verify): Works. Mon Mar 9 12:59:08 1998 Werner Koch (wk@isil.d.shuttle.de) * dsa.c, dsa.h: Removed some unused code. Wed Mar 4 10:39:22 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_open): Add call to fast_random_poll. blowfish.c (blowfish_setkey): Ditto. Tue Mar 3 13:32:54 1998 Werner Koch (wk@isil.d.shuttle.de) * rmd160.c (rmd160_mixblock): New. * random.c: Restructured to start with a new RNG implementation. * random.h: New. Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de) * gost.c, gost.h: Removed because they did only contain trash. Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de) * random.c (fill_buffer): removed error message if n == -1. Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c (md_enable): No init if called twice. Thu Feb 26 07:57:02 1998 Werner Koch (wk@isil.d.shuttle.de) * primegen.c (generate_elg_prime): Changed the progress printing. (gen_prime): Ditto. Tue Feb 24 12:28:42 1998 Werner Koch (wk@isil.d.shuttle.de) * md5.c, md.5 : Replaced by a modified version of md5.c from GNU textutils 1.22. Wed Feb 18 14:08:30 1998 Werner Koch (wk@isil.d.shuttle.de) * md.c, md.h : New debugging support Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de) * misc.c (cipher_algo_to_string): New (pubkey_algo_to_string): New. (digest_algo_to_string): New. Copyright 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 066ffb61..4a76e910 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -1,701 +1,813 @@ -/* Elgamal.c - ElGamal Public Key encryption +/* Elgamal.c - Elgamal Public Key encryption * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * * For a description of the algorithm, see: * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. * ISBN 0-471-11709-9. Pages 476 ff. */ #include #include #include #include #include "g10lib.h" #include "mpi.h" #include "cipher.h" typedef struct { gcry_mpi_t p; /* prime */ gcry_mpi_t g; /* group generator */ gcry_mpi_t y; /* g^x mod p */ } ELG_public_key; typedef struct { gcry_mpi_t p; /* prime */ gcry_mpi_t g; /* group generator */ gcry_mpi_t y; /* g^x mod p */ gcry_mpi_t x; /* secret exponent */ } ELG_secret_key; -static void test_keys (ELG_secret_key *sk, unsigned nbits); +static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie); static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k); static void generate (ELG_secret_key *sk, unsigned nbits, gcry_mpi_t **factors); static int check_secret_key (ELG_secret_key *sk); static void do_encrypt (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey); static void decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey); static void sign (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey); static int verify (gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey); static void (*progress_cb) (void *, const char *, int, int, int); static void *progress_cb_data; void _gcry_register_pk_elg_progress (void (*cb) (void *, const char *, int, int, int), void *cb_data) { progress_cb = cb; progress_cb_data = cb_data; } static void progress (int c) { if (progress_cb) progress_cb (progress_cb_data, "pk_elg", c, 0, 0); } /**************** * Michael Wiener's table on subgroup sizes to match field sizes * (floating around somewhere - Fixme: need a reference) */ static unsigned int wiener_map( unsigned int n ) { static struct { unsigned int p_n, q_n; } t[] = { /* p q attack cost */ { 512, 119 }, /* 9 x 10^17 */ { 768, 145 }, /* 6 x 10^21 */ { 1024, 165 }, /* 7 x 10^24 */ { 1280, 183 }, /* 3 x 10^27 */ { 1536, 198 }, /* 7 x 10^29 */ { 1792, 212 }, /* 9 x 10^31 */ { 2048, 225 }, /* 8 x 10^33 */ { 2304, 237 }, /* 5 x 10^35 */ { 2560, 249 }, /* 3 x 10^37 */ { 2816, 259 }, /* 1 x 10^39 */ { 3072, 269 }, /* 3 x 10^40 */ { 3328, 279 }, /* 8 x 10^41 */ { 3584, 288 }, /* 2 x 10^43 */ { 3840, 296 }, /* 4 x 10^44 */ { 4096, 305 }, /* 7 x 10^45 */ { 4352, 313 }, /* 1 x 10^47 */ { 4608, 320 }, /* 2 x 10^48 */ { 4864, 328 }, /* 2 x 10^49 */ { 5120, 335 }, /* 3 x 10^50 */ { 0, 0 } }; int i; for(i=0; t[i].p_n; i++ ) { if( n <= t[i].p_n ) return t[i].q_n; } /* Not in table - use an arbitrary high number. */ return n / 8 + 200; } -static void -test_keys( ELG_secret_key *sk, unsigned nbits ) +static int +test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie ) { ELG_public_key pk; gcry_mpi_t test = gcry_mpi_new ( 0 ); gcry_mpi_t out1_a = gcry_mpi_new ( nbits ); gcry_mpi_t out1_b = gcry_mpi_new ( nbits ); gcry_mpi_t out2 = gcry_mpi_new ( nbits ); + int failed = 0; pk.p = sk->p; pk.g = sk->g; pk.y = sk->y; - gcry_mpi_randomize( test, nbits, GCRY_WEAK_RANDOM ); + gcry_mpi_randomize ( test, nbits, GCRY_WEAK_RANDOM ); - do_encrypt( out1_a, out1_b, test, &pk ); - decrypt( out2, out1_a, out1_b, sk ); - if( mpi_cmp( test, out2 ) ) - log_fatal("ElGamal operation: encrypt, decrypt failed\n"); + do_encrypt ( out1_a, out1_b, test, &pk ); + decrypt ( out2, out1_a, out1_b, sk ); + if ( mpi_cmp( test, out2 ) ) + failed |= 1; - sign( out1_a, out1_b, test, sk ); - if( !verify( out1_a, out1_b, test, &pk ) ) - log_fatal("ElGamal operation: sign, verify failed\n"); + sign ( out1_a, out1_b, test, sk ); + if ( !verify( out1_a, out1_b, test, &pk ) ) + failed |= 2; gcry_mpi_release ( test ); gcry_mpi_release ( out1_a ); gcry_mpi_release ( out1_b ); gcry_mpi_release ( out2 ); + + if (failed && !nodie) + log_fatal ("Elgamal test key for %s %s failed\n", + (failed & 1)? "encrypt+decrypt":"", + (failed & 2)? "sign+verify":""); + if (failed && DBG_CIPHER) + log_debug ("Elgamal test key for %s %s failed\n", + (failed & 1)? "encrypt+decrypt":"", + (failed & 2)? "sign+verify":""); + + return failed; } /**************** * Generate a random secret exponent k from prime p, so that k is * relatively prime to p-1. With SMALL_K set, k will be selected for * better encryption performance - this must never be used signing! */ static gcry_mpi_t gen_k( gcry_mpi_t p, int small_k ) { gcry_mpi_t k = mpi_alloc_secure( 0 ); gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) ); gcry_mpi_t p_1 = mpi_copy(p); unsigned int orig_nbits = mpi_get_nbits(p); unsigned int nbits, nbytes; char *rndbuf = NULL; if (small_k) { /* Using a k much lesser than p is sufficient for encryption and * it greatly improves the encryption performance. We use * Wiener's table and add a large safety margin. */ nbits = wiener_map( orig_nbits ) * 3 / 2; if( nbits >= orig_nbits ) BUG(); } else nbits = orig_nbits; nbytes = (nbits+7)/8; if( DBG_CIPHER ) log_debug("choosing a random k "); mpi_sub_ui( p_1, p, 1); for(;;) { if( !rndbuf || nbits < 32 ) { gcry_free(rndbuf); rndbuf = gcry_random_bytes_secure( nbytes, GCRY_STRONG_RANDOM ); } else { /* Change only some of the higher bits. We could improve this by directly requesting more memory at the first call to get_random_bytes() and use this the here maybe it is easier to do this directly in random.c Anyway, it is highly inlikely that we will ever reach this code. */ char *pp = gcry_random_bytes_secure( 4, GCRY_STRONG_RANDOM ); memcpy( rndbuf, pp, 4 ); gcry_free(pp); } _gcry_mpi_set_buffer( k, rndbuf, nbytes, 0 ); for(;;) { if( !(mpi_cmp( k, p_1 ) < 0) ) /* check: k < (p-1) */ { if( DBG_CIPHER ) progress('+'); break; /* no */ } if( !(mpi_cmp_ui( k, 0 ) > 0) ) /* check: k > 0 */ { if( DBG_CIPHER ) progress('-'); break; /* no */ } if (gcry_mpi_gcd( temp, k, p_1 )) goto found; /* okay, k is relative prime to (p-1) */ mpi_add_ui( k, k, 1 ); if( DBG_CIPHER ) progress('.'); } } found: gcry_free(rndbuf); if( DBG_CIPHER ) progress('\n'); mpi_free(p_1); mpi_free(temp); return k; } /**************** * Generate a key pair with a key of size NBITS - * Returns: 2 structures filles with all needed values + * Returns: 2 structures filled with all needed values * and an array with n-1 factors of (p-1) */ static void generate ( ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t **ret_factors ) { gcry_mpi_t p; /* the prime */ gcry_mpi_t p_min1; gcry_mpi_t g; gcry_mpi_t x; /* the secret exponent */ gcry_mpi_t y; - gcry_mpi_t temp; unsigned int qbits; unsigned int xbits; byte *rndbuf; p_min1 = gcry_mpi_new ( nbits ); - temp = gcry_mpi_new( nbits ); qbits = wiener_map( nbits ); if( qbits & 1 ) /* better have a even one */ qbits++; g = mpi_alloc(1); p = _gcry_generate_elg_prime( 0, nbits, qbits, g, ret_factors ); mpi_sub_ui(p_min1, p, 1); /* Select a random number which has these properties: * 0 < x < p-1 * This must be a very good random number because this is the * secret part. The prime is public and may be shared anyway, * so a random generator level of 1 is used for the prime. * * I don't see a reason to have a x of about the same size * as the p. It should be sufficient to have one about the size * of q or the later used k plus a large safety margin. Decryption * will be much faster with such an x. */ xbits = qbits * 3 / 2; if( xbits >= nbits ) BUG(); x = gcry_mpi_snew ( xbits ); if( DBG_CIPHER ) log_debug("choosing a random x of size %u", xbits ); rndbuf = NULL; do { if( DBG_CIPHER ) progress('.'); if( rndbuf ) { /* Change only some of the higher bits */ if( xbits < 16 ) /* should never happen ... */ { gcry_free(rndbuf); rndbuf = gcry_random_bytes_secure( (xbits+7)/8, GCRY_VERY_STRONG_RANDOM ); } else { char *r = gcry_random_bytes_secure( 2, GCRY_VERY_STRONG_RANDOM ); memcpy(rndbuf, r, 2 ); gcry_free(r); } } else { rndbuf = gcry_random_bytes_secure( (xbits+7)/8, GCRY_VERY_STRONG_RANDOM ); } _gcry_mpi_set_buffer( x, rndbuf, (xbits+7)/8, 0 ); mpi_clear_highbit( x, xbits+1 ); } while( !( mpi_cmp_ui( x, 0 )>0 && mpi_cmp( x, p_min1 )<0 ) ); gcry_free(rndbuf); y = gcry_mpi_new (nbits); gcry_mpi_powm( y, g, x, p ); if( DBG_CIPHER ) { progress('\n'); log_mpidump("elg p= ", p ); log_mpidump("elg g= ", g ); log_mpidump("elg y= ", y ); log_mpidump("elg x= ", x ); } /* Copy the stuff to the key structures */ sk->p = p; sk->g = g; sk->y = y; sk->x = x; + gcry_mpi_release ( p_min1 ); + /* Now we can test our keys (this should never fail!) */ - test_keys( sk, nbits - 64 ); + test_keys ( sk, nbits - 64, 0 ); +} + + +/* Generate a key pair with a key of size NBITS not using a random + value for the secret key but the one given as X. This is useful to + implement a passphrase based decryption for a public key based + encryption. It has appliactions in backup systems. + + Returns: A structure filled with all needed values and an array + with n-1 factors of (p-1). */ +static gcry_err_code_t +generate_using_x (ELG_secret_key *sk, unsigned int nbits, gcry_mpi_t x, + gcry_mpi_t **ret_factors ) +{ + gcry_mpi_t p; /* The prime. */ + gcry_mpi_t p_min1; /* The prime minus 1. */ + gcry_mpi_t g; /* The generator. */ + gcry_mpi_t y; /* g^x mod p. */ + unsigned int qbits; + unsigned int xbits; + + sk->p = NULL; + sk->g = NULL; + sk->y = NULL; + sk->x = NULL; + + /* Do a quick check to see whether X is suitable. */ + xbits = mpi_get_nbits (x); + if ( xbits < 64 || xbits >= nbits ) + return GPG_ERR_INV_VALUE; + + p_min1 = gcry_mpi_new ( nbits ); + qbits = wiener_map ( nbits ); + if ( (qbits & 1) ) /* Better have an even one. */ + qbits++; + g = mpi_alloc (1); + p = _gcry_generate_elg_prime ( 0, nbits, qbits, g, ret_factors ); + mpi_sub_ui (p_min1, p, 1); + + if (DBG_CIPHER) + log_debug ("using a supplied x of size %u", xbits ); + if ( !(mpi_cmp_ui ( x, 0 ) > 0 && mpi_cmp ( x, p_min1 ) <0 ) ) + { + gcry_mpi_release ( p_min1 ); + gcry_mpi_release ( p ); + gcry_mpi_release ( g ); + return GPG_ERR_INV_VALUE; + } + + y = gcry_mpi_new (nbits); + gcry_mpi_powm ( y, g, x, p ); + + if ( DBG_CIPHER ) + { + progress ('\n'); + log_mpidump ("elg p= ", p ); + log_mpidump ("elg g= ", g ); + log_mpidump ("elg y= ", y ); + log_mpidump ("elg x= ", x ); + } + + /* Copy the stuff to the key structures */ + sk->p = p; + sk->g = g; + sk->y = y; + sk->x = gcry_mpi_copy (x); gcry_mpi_release ( p_min1 ); - gcry_mpi_release ( temp ); + + /* Now we can test our keys. */ + if ( test_keys ( sk, nbits - 64, 1 ) ) + { + gcry_mpi_release ( sk->p ); sk->p = NULL; + gcry_mpi_release ( sk->g ); sk->g = NULL; + gcry_mpi_release ( sk->y ); sk->y = NULL; + gcry_mpi_release ( sk->x ); sk->x = NULL; + return GPG_ERR_BAD_SECKEY; + } + + return 0; } /**************** * Test whether the secret key is valid. * Returns: if this is a valid key. */ static int check_secret_key( ELG_secret_key *sk ) { int rc; gcry_mpi_t y = mpi_alloc( mpi_get_nlimbs(sk->y) ); gcry_mpi_powm( y, sk->g, sk->x, sk->p ); rc = !mpi_cmp( y, sk->y ); mpi_free( y ); return rc; } static void do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) { gcry_mpi_t k; /* Note: maybe we should change the interface, so that it * is possible to check that input is < p and return an * error code. */ k = gen_k( pkey->p, 1 ); gcry_mpi_powm( a, pkey->g, k, pkey->p ); /* b = (y^k * input) mod p * = ((y^k mod p) * (input mod p)) mod p * and because input is < p * = ((y^k mod p) * input) mod p */ gcry_mpi_powm( b, pkey->y, k, pkey->p ); gcry_mpi_mulm( b, b, input, pkey->p ); #if 0 if( DBG_CIPHER ) { log_mpidump("elg encrypted y= ", pkey->y); log_mpidump("elg encrypted p= ", pkey->p); log_mpidump("elg encrypted k= ", k); log_mpidump("elg encrypted M= ", input); log_mpidump("elg encrypted a= ", a); log_mpidump("elg encrypted b= ", b); } #endif mpi_free(k); } static void decrypt(gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey ) { gcry_mpi_t t1 = mpi_alloc_secure( mpi_get_nlimbs( skey->p ) ); /* output = b/(a^x) mod p */ gcry_mpi_powm( t1, a, skey->x, skey->p ); mpi_invm( t1, t1, skey->p ); mpi_mulm( output, b, t1, skey->p ); #if 0 if( DBG_CIPHER ) { log_mpidump("elg decrypted x= ", skey->x); log_mpidump("elg decrypted p= ", skey->p); log_mpidump("elg decrypted a= ", a); log_mpidump("elg decrypted b= ", b); log_mpidump("elg decrypted M= ", output); } #endif mpi_free(t1); } /**************** * Make an Elgamal signature out of INPUT */ static void sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey ) { gcry_mpi_t k; gcry_mpi_t t = mpi_alloc( mpi_get_nlimbs(a) ); gcry_mpi_t inv = mpi_alloc( mpi_get_nlimbs(a) ); gcry_mpi_t p_1 = mpi_copy(skey->p); /* * b = (t * inv) mod (p-1) * b = (t * inv(k,(p-1),(p-1)) mod (p-1) * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1) * */ mpi_sub_ui(p_1, p_1, 1); k = gen_k( skey->p, 0 /* no small K ! */ ); gcry_mpi_powm( a, skey->g, k, skey->p ); mpi_mul(t, skey->x, a ); mpi_subm(t, input, t, p_1 ); mpi_invm(inv, k, p_1 ); mpi_mulm(b, t, inv, p_1 ); #if 0 if( DBG_CIPHER ) { log_mpidump("elg sign p= ", skey->p); log_mpidump("elg sign g= ", skey->g); log_mpidump("elg sign y= ", skey->y); log_mpidump("elg sign x= ", skey->x); log_mpidump("elg sign k= ", k); log_mpidump("elg sign M= ", input); log_mpidump("elg sign a= ", a); log_mpidump("elg sign b= ", b); } #endif mpi_free(k); mpi_free(t); mpi_free(inv); mpi_free(p_1); } /**************** * Returns true if the signature composed of A and B is valid. */ static int verify(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey ) { int rc; gcry_mpi_t t1; gcry_mpi_t t2; gcry_mpi_t base[4]; gcry_mpi_t ex[4]; if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) ) return 0; /* assertion 0 < a < p failed */ t1 = mpi_alloc( mpi_get_nlimbs(a) ); t2 = mpi_alloc( mpi_get_nlimbs(a) ); #if 0 /* t1 = (y^a mod p) * (a^b mod p) mod p */ gcry_mpi_powm( t1, pkey->y, a, pkey->p ); gcry_mpi_powm( t2, a, b, pkey->p ); mpi_mulm( t1, t1, t2, pkey->p ); /* t2 = g ^ input mod p */ gcry_mpi_powm( t2, pkey->g, input, pkey->p ); rc = !mpi_cmp( t1, t2 ); #elif 0 /* t1 = (y^a mod p) * (a^b mod p) mod p */ base[0] = pkey->y; ex[0] = a; base[1] = a; ex[1] = b; base[2] = NULL; ex[2] = NULL; mpi_mulpowm( t1, base, ex, pkey->p ); /* t2 = g ^ input mod p */ gcry_mpi_powm( t2, pkey->g, input, pkey->p ); rc = !mpi_cmp( t1, t2 ); #else /* t1 = g ^ - input * y ^ a * a ^ b mod p */ mpi_invm(t2, pkey->g, pkey->p ); base[0] = t2 ; ex[0] = input; base[1] = pkey->y; ex[1] = a; base[2] = a; ex[2] = b; base[3] = NULL; ex[3] = NULL; mpi_mulpowm( t1, base, ex, pkey->p ); rc = !mpi_cmp_ui( t1, 1 ); #endif mpi_free(t1); mpi_free(t2); return rc; } /********************************************* ************** interface ****************** *********************************************/ gcry_err_code_t -_gcry_elg_generate (int algo, unsigned nbits, unsigned long dummy, +_gcry_elg_generate (int algo, unsigned int nbits, unsigned long dummy, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { ELG_secret_key sk; (void)algo; (void)dummy; generate (&sk, nbits, retfactors); skey[0] = sk.p; skey[1] = sk.g; skey[2] = sk.y; skey[3] = sk.x; return GPG_ERR_NO_ERROR; } +/* This is a specila generate function which is not called via the + module interface. */ +gcry_err_code_t +_gcry_elg_generate_using_x (int algo, unsigned int nbits, gcry_mpi_t x, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) +{ + gcry_err_code_t ec; + ELG_secret_key sk; + + (void)algo; + + ec = generate_using_x (&sk, nbits, x, retfactors); + if (!ec) + { + skey[0] = sk.p; + skey[1] = sk.g; + skey[2] = sk.y; + skey[3] = sk.x; + } + return ec; +} + + gcry_err_code_t _gcry_elg_check_secret_key (int algo, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; (void)algo; if ((! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3])) err = GPG_ERR_BAD_MPI; else { sk.p = skey[0]; sk.g = skey[1]; sk.y = skey[2]; sk.x = skey[3]; if (! check_secret_key (&sk)) err = GPG_ERR_BAD_SECKEY; } return err; } gcry_err_code_t _gcry_elg_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *pkey, int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_public_key pk; (void)algo; (void)flags; if ((! data) || (! pkey[0]) || (! pkey[1]) || (! pkey[2])) err = GPG_ERR_BAD_MPI; else { pk.p = pkey[0]; pk.g = pkey[1]; pk.y = pkey[2]; resarr[0] = mpi_alloc (mpi_get_nlimbs (pk.p)); resarr[1] = mpi_alloc (mpi_get_nlimbs (pk.p)); do_encrypt (resarr[0], resarr[1], data, &pk); } return err; } gcry_err_code_t _gcry_elg_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data, gcry_mpi_t *skey, int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; (void)algo; (void)flags; if ((! data[0]) || (! data[1]) || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3])) err = GPG_ERR_BAD_MPI; else { sk.p = skey[0]; sk.g = skey[1]; sk.y = skey[2]; sk.x = skey[3]; *result = mpi_alloc_secure (mpi_get_nlimbs (sk.p)); decrypt (*result, data[0], data[1], &sk); } return err; } gcry_err_code_t _gcry_elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; (void)algo; if ((! data) || (! skey[0]) || (! skey[1]) || (! skey[2]) || (! skey[3])) err = GPG_ERR_BAD_MPI; else { sk.p = skey[0]; sk.g = skey[1]; sk.y = skey[2]; sk.x = skey[3]; resarr[0] = mpi_alloc (mpi_get_nlimbs (sk.p)); resarr[1] = mpi_alloc (mpi_get_nlimbs (sk.p)); sign (resarr[0], resarr[1], data, &sk); } return err; } gcry_err_code_t _gcry_elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, int (*cmp) (void *, gcry_mpi_t), void *opaquev) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_public_key pk; (void)algo; (void)cmp; (void)opaquev; if ((! data[0]) || (! data[1]) || (! hash) || (! pkey[0]) || (! pkey[1]) || (! pkey[2])) err = GPG_ERR_BAD_MPI; else { pk.p = pkey[0]; pk.g = pkey[1]; pk.y = pkey[2]; if (! verify (data[0], data[1], hash, &pk)) err = GPG_ERR_BAD_SIGNATURE; } return err; } unsigned int _gcry_elg_get_nbits (int algo, gcry_mpi_t *pkey) { (void)algo; return mpi_get_nbits (pkey[0]); } static const char *elg_names[] = { "elg", "openpgp-elg", "openpgp-elg-sig", NULL, }; gcry_pk_spec_t _gcry_pubkey_spec_elg = { "ELG", elg_names, "pgy", "pgyx", "ab", "rs", "pgy", GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR, _gcry_elg_generate, _gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_decrypt, _gcry_elg_sign, _gcry_elg_verify, _gcry_elg_get_nbits, }; diff --git a/cipher/pubkey.c b/cipher/pubkey.c index a833c3dd..0b14cb80 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -1,2560 +1,2587 @@ /* pubkey.c - pubkey dispatcher * Copyright (C) 1998, 1999, 2000, 2002, 2003, * 2005 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include #include #include #include #include #include #include "g10lib.h" #include "mpi.h" #include "cipher.h" #include "ath.h" static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data, gcry_mpi_t *skey, int flags); static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t hash, gcry_mpi_t *skey); static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, int (*cmp) (void *, gcry_mpi_t), void *opaque); /* This is the list of the default public-key ciphers included in libgcrypt. */ static struct pubkey_table_entry { gcry_pk_spec_t *pubkey; unsigned int algorithm; } pubkey_table[] = { #if USE_RSA { &_gcry_pubkey_spec_rsa, GCRY_PK_RSA }, #endif #if USE_ELGAMAL { &_gcry_pubkey_spec_elg, GCRY_PK_ELG }, { &_gcry_pubkey_spec_elg, GCRY_PK_ELG_E }, #endif #if USE_DSA { &_gcry_pubkey_spec_dsa, GCRY_PK_DSA }, #endif { NULL, 0 }, }; /* List of registered ciphers. */ static gcry_module_t pubkeys_registered; /* This is the lock protecting PUBKEYS_REGISTERED. */ static ath_mutex_t pubkeys_registered_lock = ATH_MUTEX_INITIALIZER;; /* Flag to check wether the default pubkeys have already been registered. */ static int default_pubkeys_registered; /* Convenient macro for registering the default digests. */ #define REGISTER_DEFAULT_PUBKEYS \ do \ { \ ath_mutex_lock (&pubkeys_registered_lock); \ if (! default_pubkeys_registered) \ { \ gcry_pk_register_default (); \ default_pubkeys_registered = 1; \ } \ ath_mutex_unlock (&pubkeys_registered_lock); \ } \ while (0) /* These dummy functions are used in case a cipher implementation refuses to provide it's own functions. */ static gcry_err_code_t dummy_generate (int algorithm, unsigned int nbits, unsigned long dummy, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { (void)algorithm; (void)nbits; (void)dummy; (void)skey; (void)retfactors; return GPG_ERR_NOT_IMPLEMENTED; } static gcry_err_code_t dummy_check_secret_key (int algorithm, gcry_mpi_t *skey) { (void)algorithm; (void)skey; return GPG_ERR_NOT_IMPLEMENTED; } static gcry_err_code_t dummy_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *pkey, int flags) { (void)algorithm; (void)resarr; (void)data; (void)pkey; (void)flags; return GPG_ERR_NOT_IMPLEMENTED; } static gcry_err_code_t dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data, gcry_mpi_t *skey, int flags) { (void)algorithm; (void)result; (void)data; (void)skey; (void)flags; return GPG_ERR_NOT_IMPLEMENTED; } static gcry_err_code_t dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) { (void)algorithm; (void)resarr; (void)data; (void)skey; return GPG_ERR_NOT_IMPLEMENTED; } static gcry_err_code_t dummy_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, int (*cmp) (void *, gcry_mpi_t), void *opaquev) { (void)algorithm; (void)hash; (void)data; (void)pkey; (void)cmp; (void)opaquev; return GPG_ERR_NOT_IMPLEMENTED; } static unsigned dummy_get_nbits (int algorithm, gcry_mpi_t *pkey) { (void)algorithm; (void)pkey; return 0; } /* Internal function. Register all the pubkeys included in PUBKEY_TABLE. Returns zero on success or an error code. */ static void gcry_pk_register_default (void) { gcry_err_code_t err = 0; int i; for (i = 0; (! err) && pubkey_table[i].pubkey; i++) { #define pubkey_use_dummy(func) \ if (! pubkey_table[i].pubkey->func) \ pubkey_table[i].pubkey->func = dummy_##func; pubkey_use_dummy (generate); pubkey_use_dummy (check_secret_key); pubkey_use_dummy (encrypt); pubkey_use_dummy (decrypt); pubkey_use_dummy (sign); pubkey_use_dummy (verify); pubkey_use_dummy (get_nbits); #undef pubkey_use_dummy err = _gcry_module_add (&pubkeys_registered, pubkey_table[i].algorithm, (void *) pubkey_table[i].pubkey, NULL); } if (err) BUG (); } /* Internal callback function. Used via _gcry_module_lookup. */ static int gcry_pk_lookup_func_name (void *spec, void *data) { gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) spec; char *name = (char *) data; const char **aliases = pubkey->aliases; int ret = stricmp (name, pubkey->name); while (ret && *aliases) ret = stricmp (name, *aliases++); return ! ret; } /* Internal function. Lookup a pubkey entry by it's name. */ static gcry_module_t gcry_pk_lookup_name (const char *name) { gcry_module_t pubkey; pubkey = _gcry_module_lookup (pubkeys_registered, (void *) name, gcry_pk_lookup_func_name); return pubkey; } /* Register a new pubkey module whose specification can be found in PUBKEY. On success, a new algorithm ID is stored in ALGORITHM_ID and a pointer representhing this module is stored in MODULE. */ gcry_error_t gcry_pk_register (gcry_pk_spec_t *pubkey, unsigned int *algorithm_id, gcry_module_t *module) { gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_module_t mod; ath_mutex_lock (&pubkeys_registered_lock); err = _gcry_module_add (&pubkeys_registered, 0, (void *) pubkey, &mod); ath_mutex_unlock (&pubkeys_registered_lock); if (! err) { *module = mod; *algorithm_id = mod->mod_id; } return err; } /* Unregister the pubkey identified by ID, which must have been registered with gcry_pk_register. */ void gcry_pk_unregister (gcry_module_t module) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); } static void release_mpi_array (gcry_mpi_t *array) { for (; *array; array++) { mpi_free(*array); *array = NULL; } } /**************** * Map a string to the pubkey algo */ int gcry_pk_map_name (const char *string) { gcry_module_t pubkey; int algorithm = 0; if (!string) return 0; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = gcry_pk_lookup_name (string); if (pubkey) { algorithm = pubkey->mod_id; _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return algorithm; } /* Map the public key algorithm whose ID is contained in ALGORITHM to a string representation of the algorithm name. For unknown algorithm IDs this functions returns "?". */ const char * gcry_pk_algo_name (int algorithm) { gcry_module_t pubkey; const char *name; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { name = ((gcry_pk_spec_t *) pubkey->spec)->name; _gcry_module_release (pubkey); } else name = "?"; ath_mutex_unlock (&pubkeys_registered_lock); return name; } /* A special version of gcry_pk_algo name to return the first aliased name of the algorithm. This is required to adhere to the spki specs where the algorithm names are lowercase. */ const char * _gcry_pk_aliased_algo_name (int algorithm) { const char *name = NULL; gcry_module_t module; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); module = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (module) { gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) module->spec; name = pubkey->aliases? *pubkey->aliases : NULL; if (!name || !*name) name = pubkey->name; _gcry_module_release (module); } ath_mutex_unlock (&pubkeys_registered_lock); return name; } static void disable_pubkey_algo (int algorithm) { gcry_module_t pubkey; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { if (! (pubkey-> flags & FLAG_MODULE_DISABLED)) pubkey->flags |= FLAG_MODULE_DISABLED; _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); } /**************** * A USE of 0 means: don't care. */ static gcry_err_code_t check_pubkey_algo (int algorithm, unsigned use) { gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_pk_spec_t *pubkey; gcry_module_t module; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); module = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (module) { pubkey = (gcry_pk_spec_t *) module->spec; if (((use & GCRY_PK_USAGE_SIGN) && (! (pubkey->use & GCRY_PK_USAGE_SIGN))) || ((use & GCRY_PK_USAGE_ENCR) && (! (pubkey->use & GCRY_PK_USAGE_ENCR)))) err = GPG_ERR_WRONG_PUBKEY_ALGO; else if (module->flags & FLAG_MODULE_DISABLED) err = GPG_ERR_PUBKEY_ALGO; _gcry_module_release (module); } else err = GPG_ERR_PUBKEY_ALGO; ath_mutex_unlock (&pubkeys_registered_lock); return err; } /**************** * Return the number of public key material numbers */ static int pubkey_get_npkey (int algorithm) { gcry_module_t pubkey; int npkey = 0; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { npkey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_pkey); _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return npkey; } /**************** * Return the number of secret key material numbers */ static int pubkey_get_nskey (int algorithm) { gcry_module_t pubkey; int nskey = 0; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { nskey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_skey); _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return nskey; } /**************** * Return the number of signature material numbers */ static int pubkey_get_nsig (int algorithm) { gcry_module_t pubkey; int nsig = 0; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { nsig = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_sig); _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return nsig; } /**************** * Return the number of encryption material numbers */ static int pubkey_get_nenc (int algorithm) { gcry_module_t pubkey; int nenc = 0; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { nenc = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_enc); _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return nenc; } static gcry_err_code_t pubkey_generate (int algorithm, unsigned int nbits, unsigned int qbits, - unsigned long use_e, + unsigned long use_e, gcry_mpi_t xvalue, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO; gcry_module_t pubkey; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { /* Hack to pass QBITS to the DSA generation. */ if (qbits && pubkey->spec == &_gcry_pubkey_spec_dsa) - err = _gcry_dsa_generate2 - (algorithm, nbits, qbits, 0, skey, retfactors); + { + err = _gcry_dsa_generate2 + (algorithm, nbits, qbits, 0, skey, retfactors); + } +#ifdef USE_ELGAMAL + else if (xvalue && pubkey->spec == &_gcry_pubkey_spec_elg) + { + err = _gcry_elg_generate_using_x + (algorithm, nbits, xvalue, skey, retfactors); + } +#endif /*USE_ELGAMAL*/ else - err = ((gcry_pk_spec_t *) pubkey->spec)->generate - (algorithm, nbits, use_e, skey, retfactors); + { + err = ((gcry_pk_spec_t *) pubkey->spec)->generate + (algorithm, nbits, use_e, skey, retfactors); + } _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return err; } static gcry_err_code_t pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO; gcry_module_t pubkey; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { err = ((gcry_pk_spec_t *) pubkey->spec)->check_secret_key (algorithm, skey); _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); return err; } /**************** * This is the interface to the public key encryption. Encrypt DATA * with PKEY and put it into RESARR which should be an array of MPIs * of size PUBKEY_MAX_NENC (or less if the algorithm allows this - * check with pubkey_get_nenc() ) */ static gcry_err_code_t pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *pkey, int flags) { gcry_pk_spec_t *pubkey; gcry_module_t module; gcry_err_code_t rc; int i; if (DBG_CIPHER) { log_debug ("pubkey_encrypt: algo=%d\n", algorithm); for(i = 0; i < pubkey_get_npkey (algorithm); i++) log_mpidump (" pkey:", pkey[i]); log_mpidump (" data:", data); } ath_mutex_lock (&pubkeys_registered_lock); module = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (module) { pubkey = (gcry_pk_spec_t *) module->spec; rc = pubkey->encrypt (algorithm, resarr, data, pkey, flags); _gcry_module_release (module); goto ready; } rc = GPG_ERR_PUBKEY_ALGO; ready: ath_mutex_unlock (&pubkeys_registered_lock); if (!rc && DBG_CIPHER) { for(i = 0; i < pubkey_get_nenc (algorithm); i++) log_mpidump(" encr:", resarr[i] ); } return rc; } /**************** * This is the interface to the public key decryption. * ALGO gives the algorithm to use and this implicitly determines * the size of the arrays. * result is a pointer to a mpi variable which will receive a * newly allocated mpi or NULL in case of an error. */ static gcry_err_code_t pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data, gcry_mpi_t *skey, int flags) { gcry_pk_spec_t *pubkey; gcry_module_t module; gcry_err_code_t rc; int i; *result = NULL; /* so the caller can always do a mpi_free */ if (DBG_CIPHER) { log_debug ("pubkey_decrypt: algo=%d\n", algorithm); for(i = 0; i < pubkey_get_nskey (algorithm); i++) log_mpidump (" skey:", skey[i]); for(i = 0; i < pubkey_get_nenc (algorithm); i++) log_mpidump (" data:", data[i]); } ath_mutex_lock (&pubkeys_registered_lock); module = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (module) { pubkey = (gcry_pk_spec_t *) module->spec; rc = pubkey->decrypt (algorithm, result, data, skey, flags); _gcry_module_release (module); goto ready; } rc = GPG_ERR_PUBKEY_ALGO; ready: ath_mutex_unlock (&pubkeys_registered_lock); if (! rc && DBG_CIPHER) log_mpidump (" plain:", *result); return rc; } /**************** * This is the interface to the public key signing. * Sign data with skey and put the result into resarr which * should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the * algorithm allows this - check with pubkey_get_nsig() ) */ static gcry_err_code_t pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) { gcry_pk_spec_t *pubkey; gcry_module_t module; gcry_err_code_t rc; int i; if (DBG_CIPHER) { log_debug ("pubkey_sign: algo=%d\n", algorithm); for(i = 0; i < pubkey_get_nskey (algorithm); i++) log_mpidump (" skey:", skey[i]); log_mpidump(" data:", data ); } ath_mutex_lock (&pubkeys_registered_lock); module = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (module) { pubkey = (gcry_pk_spec_t *) module->spec; rc = pubkey->sign (algorithm, resarr, data, skey); _gcry_module_release (module); goto ready; } rc = GPG_ERR_PUBKEY_ALGO; ready: ath_mutex_unlock (&pubkeys_registered_lock); if (! rc && DBG_CIPHER) for (i = 0; i < pubkey_get_nsig (algorithm); i++) log_mpidump (" sig:", resarr[i]); return rc; } /**************** * Verify a public key signature. * Return 0 if the signature is good */ static gcry_err_code_t pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, int (*cmp)(void *, gcry_mpi_t), void *opaquev) { gcry_pk_spec_t *pubkey; gcry_module_t module; gcry_err_code_t rc; int i; if (DBG_CIPHER) { log_debug ("pubkey_verify: algo=%d\n", algorithm); for (i = 0; i < pubkey_get_npkey (algorithm); i++) log_mpidump (" pkey:", pkey[i]); for (i = 0; i < pubkey_get_nsig (algorithm); i++) log_mpidump (" sig:", data[i]); log_mpidump (" hash:", hash); } ath_mutex_lock (&pubkeys_registered_lock); module = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (module) { pubkey = (gcry_pk_spec_t *) module->spec; rc = pubkey->verify (algorithm, hash, data, pkey, cmp, opaquev); _gcry_module_release (module); goto ready; } rc = GPG_ERR_PUBKEY_ALGO; ready: ath_mutex_unlock (&pubkeys_registered_lock); return rc; } /* Internal function. */ static gcry_err_code_t sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names, gcry_mpi_t *elements) { gcry_err_code_t err = GPG_ERR_NO_ERROR; int i, idx; const char *name; gcry_sexp_t list; for (name = element_names, idx = 0; *name && !err; name++, idx++) { list = gcry_sexp_find_token (key_sexp, name, 1); if (! list) err = GPG_ERR_NO_OBJ; else { elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG); gcry_sexp_release (list); if (! elements[idx]) err = GPG_ERR_INV_OBJ; } } if (err) { for (i = 0; i < idx; i++) if (elements[i]) gcry_free (elements[i]); } return err; } /**************** * Convert a S-Exp with either a private or a public key to our * internal format. Currently we do only support the following * algorithms: * dsa * rsa * openpgp-dsa * openpgp-rsa * openpgp-elg * openpgp-elg-sig * Provide a SE with the first element be either "private-key" or * or "public-key". It is followed by a list with its first element * be one of the above algorithm identifiers and the remaning * elements are pairs with parameter-id and value. * NOTE: we look through the list to find a list beginning with * "private-key" or "public-key" - the first one found is used. * * FIXME: Allow for encrypted secret keys here. * * Returns: A pointer to an allocated array of MPIs if the return value is * zero; the caller has to release this array. * * Example of a DSA public key: * (private-key * (dsa * (p ) * (g ) * (y ) * (x ) * ) * ) * The are expected to be in GCRYMPI_FMT_USG */ static gcry_err_code_t sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray, gcry_module_t *retalgo) { gcry_sexp_t list, l2; const char *name; size_t n; const char *elems; gcry_mpi_t *array; gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_module_t module; gcry_pk_spec_t *pubkey; /* check that the first element is valid */ list = gcry_sexp_find_token( sexp, want_private? "private-key" :"public-key", 0 ); if( !list ) return GPG_ERR_INV_OBJ; /* Does not contain a public- or private-key object */ l2 = gcry_sexp_cadr( list ); gcry_sexp_release ( list ); list = l2; name = gcry_sexp_nth_data( list, 0, &n ); if( !name ) { gcry_sexp_release ( list ); return GPG_ERR_INV_OBJ; /* invalid structure of object */ } { char *name_terminated; name_terminated = gcry_malloc (n + 1); if (!name_terminated) { err = gpg_err_code_from_errno (errno); gcry_sexp_release (list); return err; } memcpy (name_terminated, name, n); name_terminated[n] = 0; ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name_terminated); ath_mutex_unlock (&pubkeys_registered_lock); gcry_free (name_terminated); } if (! module) { gcry_sexp_release (list); return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */ } else pubkey = (gcry_pk_spec_t *) module->spec; elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey; array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); if (! array) err = gpg_err_code_from_errno (errno); if (! err) err = sexp_elements_extract (list, elems, array); if (list) gcry_sexp_release (list); if (err) { if (array) gcry_free (array); ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); } else { *retarray = array; *retalgo = module; } return err; } static gcry_err_code_t sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo) { gcry_sexp_t list, l2; const char *name; size_t n; const char *elems; gcry_mpi_t *array; gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_module_t module; gcry_pk_spec_t *pubkey; /* check that the first element is valid */ list = gcry_sexp_find_token( sexp, "sig-val" , 0 ); if( !list ) return GPG_ERR_INV_OBJ; /* Does not contain a signature value object */ l2 = gcry_sexp_nth (list, 1); if(! l2) { gcry_sexp_release (list); return GPG_ERR_NO_OBJ; /* no cadr for the sig object */ } name = gcry_sexp_nth_data( l2, 0, &n ); if( !name ) { gcry_sexp_release ( list ); gcry_sexp_release ( l2 ); return GPG_ERR_INV_OBJ; /* invalid structure of object */ } else if (n == 5 && (! memcmp (name, "flags", 5))) { /* Skip flags, since they are not used but just here for the sake of consistent S-expressions. */ gcry_sexp_release (l2); l2 = gcry_sexp_nth (list, 2); if (! l2) { gcry_sexp_release (list); return GPG_ERR_INV_OBJ; } name = gcry_sexp_nth_data (l2, 0, &n); } { char *name_terminated; name_terminated = gcry_malloc (n + 1); if (!name_terminated) { err = gcry_err_code_from_errno (errno); gcry_sexp_release (l2); gcry_sexp_release (list); return err; } memcpy (name_terminated, name, n); name_terminated[n] = 0; ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name_terminated); ath_mutex_unlock (&pubkeys_registered_lock); gcry_free (name_terminated); } if (! module) { gcry_sexp_release (l2); gcry_sexp_release (list); return GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */ } else pubkey = (gcry_pk_spec_t *) module->spec; elems = pubkey->elements_sig; array = gcry_calloc (strlen (elems) + 1 , sizeof (*array)); if (! array) err = gpg_err_code_from_errno (errno); if (! err) err = sexp_elements_extract (list, elems, array); gcry_sexp_release (l2); gcry_sexp_release (list); if (err) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); if (array) gcry_free (array); } else { *retarray = array; *retalgo = module; } return err; } /**************** * Take sexp and return an array of MPI as used for our internal decrypt * function. * s_data = (enc-val * [(flags [pkcs1]) * ( * ( ) * ... * ( ) * )) * RET_MODERN is set to true when at least an empty flags list has been found. */ static gcry_err_code_t sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo, int *ret_modern, int *ret_want_pkcs1, int *flags) { gcry_sexp_t list = NULL, l2 = NULL; gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; const char *name; size_t n; int parsed_flags = 0; const char *elems; gcry_mpi_t *array = NULL; gcry_err_code_t err = GPG_ERR_NO_ERROR; *ret_want_pkcs1 = 0; *ret_modern = 0; /* check that the first element is valid */ list = gcry_sexp_find_token (sexp, "enc-val" , 0); if (! list) { err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object */ goto leave; } l2 = gcry_sexp_nth (list, 1); if (! l2) { err = GPG_ERR_NO_OBJ; /* no cdr for the data object */ goto leave; } /* Extract identifier of sublist. */ name = gcry_sexp_nth_data (l2, 0, &n); if (! name) { err = GPG_ERR_INV_OBJ; /* invalid structure of object */ goto leave; } if ((n == 5) && (! memcmp (name, "flags", 5))) { /* There is a flags element - process it */ const char *s; int i; *ret_modern = 1; for (i = gcry_sexp_length (l2) - 1; i > 0; i--) { s = gcry_sexp_nth_data (l2, i, &n); if (! s) ; /* not a data element - ignore */ else if (n == 3 && ! memcmp (s, "raw", 3)) ; /* just a dummy because it is the default */ else if (n == 5 && ! memcmp (s, "pkcs1", 5)) *ret_want_pkcs1 = 1; else if (n == 11 && ! memcmp (s, "no-blinding", 11)) parsed_flags |= PUBKEY_FLAG_NO_BLINDING; else { err = GPG_ERR_INV_FLAG; goto leave; } } /* Get the next which has the actual data */ gcry_sexp_release (l2); l2 = gcry_sexp_nth (list, 2); if (! l2) { err = GPG_ERR_NO_OBJ; /* no cdr for the data object */ goto leave; } /* Extract sublist identifier. */ name = gcry_sexp_nth_data (l2, 0, &n); if (! name) { err = GPG_ERR_INV_OBJ; /* invalid structure of object */ goto leave; } gcry_sexp_release (list); list = l2; l2 = NULL; } { char *name_terminated; name_terminated = gcry_malloc (n + 1); if (!name_terminated) { err = gcry_err_code_from_errno (errno); goto leave; } memcpy (name_terminated, name, n); name_terminated[n] = 0; ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name_terminated); ath_mutex_unlock (&pubkeys_registered_lock); gcry_free (name_terminated); if (! module) { err = GPG_ERR_PUBKEY_ALGO; /* unknown algorithm */ goto leave; } pubkey = (gcry_pk_spec_t *) module->spec; } elems = pubkey->elements_enc; array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); if (! array) { err = gpg_err_code_from_errno (errno); goto leave; } err = sexp_elements_extract (list, elems, array); leave: if (list) gcry_sexp_release (list); if (l2) gcry_sexp_release (l2); if (err) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); if (array) gcry_free (array); } else { *retarray = array; *retalgo = module; *flags = parsed_flags; } return err; } /* Take the hash value and convert into an MPI, suitable for for passing to the low level functions. We currently support the old style way of passing just a MPI and the modern interface which allows to pass flags so that we can choose between raw and pkcs1 padding - may be more padding options later. () or (data [(flags [pkcs1])] [(hash )] [(value )] ) Either the VALUE or the HASH element must be present for use with signatures. VALUE is used for encryption. NBITS is the length of the key in bits. */ static gcry_err_code_t sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi, int for_encryption, int *flags) { gcry_err_code_t rc = 0; gcry_sexp_t ldata, lhash, lvalue; int i; size_t n; const char *s; int is_raw = 0, is_pkcs1 = 0, unknown_flag=0; int parsed_flags = 0, dummy_flags; if (! flags) flags = &dummy_flags; *ret_mpi = NULL; ldata = gcry_sexp_find_token (input, "data", 0); if (!ldata) { /* assume old style */ *ret_mpi = gcry_sexp_nth_mpi (input, 0, 0); return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ; } /* see whether there is a flags object */ { gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0); if (lflags) { /* parse the flags list. */ for (i=gcry_sexp_length (lflags)-1; i > 0; i--) { s = gcry_sexp_nth_data (lflags, i, &n); if (!s) ; /* not a data element*/ else if ( n == 3 && !memcmp (s, "raw", 3)) is_raw = 1; else if ( n == 5 && !memcmp (s, "pkcs1", 5)) is_pkcs1 = 1; else if (n == 11 && ! memcmp (s, "no-blinding", 11)) parsed_flags |= PUBKEY_FLAG_NO_BLINDING; else unknown_flag = 1; } gcry_sexp_release (lflags); } } if (!is_pkcs1 && !is_raw) is_raw = 1; /* default to raw */ /* Get HASH or MPI */ lhash = gcry_sexp_find_token (ldata, "hash", 0); lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0); if (!(!lhash ^ !lvalue)) rc = GPG_ERR_INV_OBJ; /* none or both given */ else if (unknown_flag) rc = GPG_ERR_INV_FLAG; else if (is_raw && is_pkcs1 && !for_encryption) rc = GPG_ERR_CONFLICT; else if (is_raw && lvalue) { *ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, 0); if (!*ret_mpi) rc = GPG_ERR_INV_OBJ; } else if (is_pkcs1 && lvalue && for_encryption) { /* Create pkcs#1 block type 2 padding. */ unsigned char *frame = NULL; size_t nframe = (nbits+7) / 8; const void * value; size_t valuelen; unsigned char *p; if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else if (valuelen + 7 > nframe || !nframe) { /* Can't encode a VALUELEN value in a NFRAME bytes frame. */ rc = GPG_ERR_TOO_SHORT; /* the key is too short */ } else if ( !(frame = gcry_malloc_secure (nframe))) rc = gpg_err_code_from_errno (errno); else { n = 0; frame[n++] = 0; frame[n++] = 2; /* block type */ i = nframe - 3 - valuelen; assert (i > 0); p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM); /* Replace zero bytes by new values. */ for (;;) { int j, k; unsigned char *pp; /* Count the zero bytes. */ for (j=k=0; j < i; j++) { if (!p[j]) k++; } if (!k) break; /* Okay: no (more) zero bytes. */ k += k/128 + 3; /* Better get some more. */ pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM); for (j=0; j < i && k; ) { if (!p[j]) p[j] = pp[--k]; if (p[j]) j++; } gcry_free (pp); } memcpy (frame+n, p, i); n += i; gcry_free (p); frame[n++] = 0; memcpy (frame+n, value, valuelen); n += valuelen; assert (n == nframe); /* FIXME, error checking? */ gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe); } gcry_free(frame); } else if (is_pkcs1 && lhash && !for_encryption) { /* Create pkcs#1 block type 1 padding. */ if (gcry_sexp_length (lhash) != 3) rc = GPG_ERR_INV_OBJ; else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n ) rc = GPG_ERR_INV_OBJ; else { static struct { const char *name; int algo; } hashnames[] = { { "sha1", GCRY_MD_SHA1 }, { "md5", GCRY_MD_MD5 }, { "sha256", GCRY_MD_SHA256 }, { "ripemd160", GCRY_MD_RMD160 }, { "rmd160", GCRY_MD_RMD160 }, { "sha384", GCRY_MD_SHA384 }, { "sha512", GCRY_MD_SHA512 }, { "md2", GCRY_MD_MD2 }, { "md4", GCRY_MD_MD4 }, { "tiger", GCRY_MD_TIGER }, { "haval", GCRY_MD_HAVAL }, { NULL, 0 } }; int algo; byte asn[100]; byte *frame = NULL; size_t nframe = (nbits+7) / 8; const void * value; size_t valuelen; size_t asnlen, dlen; for (i=0; hashnames[i].name; i++) { if ( strlen (hashnames[i].name) == n && !memcmp (hashnames[i].name, s, n)) break; } if (hashnames[i].name) algo = hashnames[i].algo; else { /* In case of not listed or dynamically allocated hash algorithm we fall back to this somewhat slower method. Further, it also allows to use OIDs as algorithm names. */ char *tmpname; tmpname = gcry_malloc (n+1); if (!tmpname) algo = 0; /* Out of core - silently give up. */ else { memcpy (tmpname, s, n); tmpname[n] = 0; algo = gcry_md_map_name (tmpname); gcry_free (tmpname); } } asnlen = DIM(asn); dlen = gcry_md_get_algo_dlen (algo); if (!algo) rc = GPG_ERR_DIGEST_ALGO; else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen)) || !valuelen ) rc = GPG_ERR_INV_OBJ; else if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen)) { /* We don't have yet all of the above algorithms. */ rc = GPG_ERR_NOT_IMPLEMENTED; } else if ( valuelen != dlen ) { /* Hash value does not match the length of digest for the given algorithm. */ rc = GPG_ERR_CONFLICT; } else if( !dlen || dlen + asnlen + 4 > nframe) { /* Can't encode an DLEN byte digest MD into a NFRAME byte frame. */ rc = GPG_ERR_TOO_SHORT; } else if ( !(frame = gcry_malloc (nframe)) ) rc = gpg_err_code_from_errno (errno); else { /* Assemble the pkcs#1 block type 1. */ n = 0; frame[n++] = 0; frame[n++] = 1; /* block type */ i = nframe - valuelen - asnlen - 3 ; assert (i > 1); memset (frame+n, 0xff, i ); n += i; frame[n++] = 0; memcpy (frame+n, asn, asnlen); n += asnlen; memcpy (frame+n, value, valuelen ); n += valuelen; assert (n == nframe); /* convert it into an MPI, FIXME: error checking? */ gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe); } gcry_free (frame); } } else rc = GPG_ERR_CONFLICT; gcry_sexp_release (ldata); gcry_sexp_release (lhash); gcry_sexp_release (lvalue); if (!rc) *flags = parsed_flags; return rc; } /* Do a PK encrypt operation Caller has to provide a public key as the SEXP pkey and data as a SEXP with just one MPI in it. Alternativly S_DATA might be a complex S-Expression, similar to the one used for signature verification. This provides a flag which allows to handle PKCS#1 block type 2 padding. The function returns a a sexp which may be passed to to pk_decrypt. Returns: 0 or an errorcode. s_data = See comment for sexp_data_to_mpi s_pkey = r_ciph = (enc-val ( ( ) ... ( ) )) */ gcry_error_t gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) { gcry_mpi_t *pkey = NULL, data = NULL, *ciph = NULL; const char *algo_name, *algo_elems; int flags; gcry_err_code_t rc; gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; REGISTER_DEFAULT_PUBKEYS; *r_ciph = NULL; /* get the key */ rc = sexp_to_key (s_pkey, 0, &pkey, &module); if (rc) goto leave; assert (module); pubkey = (gcry_pk_spec_t *) module->spec; /* If aliases for the algorithm name exists, take the first one instead of the regular name to adhere to SPKI conventions. We assume that the first alias name is the lowercase version of the regular one. This change is required for compatibility with 1.1.12 generated S-expressions. */ algo_name = pubkey->aliases? *pubkey->aliases : NULL; if (!algo_name || !*algo_name) algo_name = pubkey->name; algo_elems = pubkey->elements_enc; /* Get the stuff we want to encrypt. */ rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1, &flags); if (rc) goto leave; /* Now we can encrypt DATA to CIPH. */ ciph = gcry_calloc (strlen (algo_elems) + 1, sizeof (*ciph)); if (!ciph) { rc = gpg_err_code_from_errno (errno); goto leave; } rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags); mpi_free (data); data = NULL; if (rc) goto leave; /* We did it. Now build the return list */ { char *string, *p; int i; size_t nelem = strlen (algo_elems); size_t needed = 19 + strlen (algo_name) + (nelem * 5); void **arg_list; /* Build the string. */ string = p = gcry_malloc (needed); if (!string) { rc = gpg_err_code_from_errno (errno); goto leave; } p = stpcpy ( p, "(enc-val(" ); p = stpcpy ( p, algo_name ); for (i=0; algo_elems[i]; i++ ) { *p++ = '('; *p++ = algo_elems[i]; p = stpcpy ( p, "%m)" ); } strcpy ( p, "))" ); /* And now the ugly part: We don't have a function to pass an * array to a format string, so we have to do it this way :-(. */ /* FIXME: There is now such a format spefier, so we can could change the code to be more clear. */ arg_list = malloc (nelem * sizeof *arg_list); if (!arg_list) { rc = gpg_err_code_from_errno (errno); goto leave; } for (i = 0; i < nelem; i++) arg_list[i] = ciph + i; rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list); free (arg_list); if (rc) BUG (); gcry_free (string); } leave: if (pkey) { release_mpi_array (pkey); gcry_free (pkey); } if (ciph) { release_mpi_array (ciph); gcry_free (ciph); } if (module) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); } return gcry_error (rc); } /* Do a PK decrypt operation Caller has to provide a secret key as the SEXP skey and data in a format as created by gcry_pk_encrypt. For historic reasons the function returns simply an MPI as an S-expression part; this is deprecated and the new method should be used which returns a real S-expressionl this is selected by adding at least an empty flags list to S_DATA. Returns: 0 or an errorcode. s_data = (enc-val [(flags)] ( ( ) ... ( ) )) s_skey = r_plain= Either an incomplete S-expression without the parentheses or if the flags list is used (even if empty) a real S-expression: (value PLAIN). */ gcry_error_t gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey) { gcry_mpi_t *skey = NULL, *data = NULL, plain = NULL; int modern, want_pkcs1, flags; gcry_err_code_t rc; gcry_module_t module_enc = NULL, module_key = NULL; gcry_pk_spec_t *pubkey = NULL; REGISTER_DEFAULT_PUBKEYS; *r_plain = NULL; rc = sexp_to_key (s_skey, 1, &skey, &module_key); if (rc) goto leave; rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags); if (rc) goto leave; if (module_key->mod_id != module_enc->mod_id) { rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */ goto leave; } pubkey = (gcry_pk_spec_t *) module_key->spec; rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags); if (rc) goto leave; if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain)) BUG (); leave: if (skey) { release_mpi_array (skey); gcry_free (skey); } if (plain) mpi_free (plain); if (data) { release_mpi_array (data); gcry_free (data); } if (module_key || module_enc) { ath_mutex_lock (&pubkeys_registered_lock); if (module_key) _gcry_module_release (module_key); if (module_enc) _gcry_module_release (module_enc); ath_mutex_unlock (&pubkeys_registered_lock); } return gcry_error (rc); } /* Create a signature. Caller has to provide a secret key as the SEXP skey and data expressed as a SEXP list hash with only one element which should instantly be available as a MPI. Alternatively the structure given below may be used for S_HASH, it provides the abiliy to pass flags to the operation; the only flag defined by now is "pkcs1" which does PKCS#1 block type 1 style padding. Returns: 0 or an errorcode. In case of 0 the function returns a new SEXP with the signature value; the structure of this signature depends on the other arguments but is always suitable to be passed to gcry_pk_verify s_hash = See comment for sexp_data_to_mpi s_skey = r_sig = (sig-val ( ( ) ... ( ))) */ gcry_error_t gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) { gcry_mpi_t *skey = NULL, hash = NULL, *result = NULL; gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; const char *algo_name, *algo_elems; int i; gcry_err_code_t rc; REGISTER_DEFAULT_PUBKEYS; *r_sig = NULL; rc = sexp_to_key (s_skey, 1, &skey, &module); if (rc) goto leave; assert (module); pubkey = (gcry_pk_spec_t *) module->spec; algo_name = pubkey->aliases? *pubkey->aliases : NULL; if (!algo_name || !*algo_name) algo_name = pubkey->name; algo_elems = pubkey->elements_sig; /* Get the stuff we want to sign. Note that pk_get_nbits does also work on a private key. */ rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_skey), &hash, 0, NULL); if (rc) goto leave; result = gcry_calloc (strlen (algo_elems) + 1, sizeof (*result)); if (!result) { rc = gpg_err_code_from_errno (errno); goto leave; } rc = pubkey_sign (module->mod_id, result, hash, skey); if (rc) goto leave; { char *string, *p; size_t nelem, needed = strlen (algo_name) + 20; void **arg_list; nelem = strlen (algo_elems); /* Count elements, so that we can allocate enough space. */ needed += 10 * nelem; /* Build the string. */ string = p = gcry_malloc (needed); if (!string) { rc = gpg_err_code_from_errno (errno); goto leave; } p = stpcpy (p, "(sig-val("); p = stpcpy (p, algo_name); for (i = 0; algo_elems[i]; i++) { *p++ = '('; *p++ = algo_elems[i]; p = stpcpy (p, "%m)"); } strcpy (p, "))"); arg_list = malloc (nelem * sizeof *arg_list); if (!arg_list) { rc = gpg_err_code_from_errno (errno); goto leave; } for (i = 0; i < nelem; i++) arg_list[i] = result + i; rc = gcry_sexp_build_array (r_sig, NULL, string, arg_list); free (arg_list); if (rc) BUG (); gcry_free (string); } leave: if (skey) { release_mpi_array (skey); gcry_free (skey); } if (hash) mpi_free (hash); if (result) { release_mpi_array (result); gcry_free (result); } return gcry_error (rc); } /* Verify a signature. Caller has to supply the public key pkey, the signature sig and his hashvalue data. Public key has to be a standard public key given as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data must be an S-Exp like the one in sign too. */ gcry_error_t gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey) { gcry_module_t module_key = NULL, module_sig = NULL; gcry_mpi_t *pkey = NULL, hash = NULL, *sig = NULL; gcry_err_code_t rc; REGISTER_DEFAULT_PUBKEYS; rc = sexp_to_key (s_pkey, 0, &pkey, &module_key); if (rc) goto leave; rc = sexp_to_sig (s_sig, &sig, &module_sig); if (rc) goto leave; if (module_key->mod_id != module_sig->mod_id) { rc = GPG_ERR_CONFLICT; goto leave; } rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_pkey), &hash, 0, 0); if (rc) goto leave; rc = pubkey_verify (module_key->mod_id, hash, sig, pkey, NULL, NULL); leave: if (pkey) { release_mpi_array (pkey); gcry_free (pkey); } if (sig) { release_mpi_array (sig); gcry_free (sig); } if (hash) mpi_free (hash); if (module_key || module_sig) { ath_mutex_lock (&pubkeys_registered_lock); if (module_key) _gcry_module_release (module_key); if (module_sig) _gcry_module_release (module_sig); ath_mutex_unlock (&pubkeys_registered_lock); } return gcry_error (rc); } /* Test a key. This may be used either for a public or a secret key to see whether internal structre is valid. Returns: 0 or an errorcode. s_key = */ gcry_error_t gcry_pk_testkey (gcry_sexp_t s_key) { gcry_module_t module = NULL; gcry_mpi_t *key = NULL; gcry_err_code_t rc; REGISTER_DEFAULT_PUBKEYS; /* Note we currently support only secret key checking. */ rc = sexp_to_key (s_key, 1, &key, &module); if (! rc) { rc = pubkey_check_secret_key (module->mod_id, key); release_mpi_array (key); gcry_free (key); } return gcry_error (rc); } /* Create a public key pair and return it in r_key. How the key is created depends on s_parms: (genkey (algo (parameter_name_1 ....) .... (parameter_name_n ....) )) The key is returned in a format depending on the algorithm. Both, private and secret keys are returned and optionally some additional informatin. For elgamal we return this structure: (key-data (public-key (elg (p ) (g ) (y ) ) ) (private-key (elg (p ) (g ) (y ) (x ) ) ) (misc-key-info (pm1-factors n1 n2 ... nn) )) */ gcry_error_t gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms) { gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; gcry_sexp_t list = NULL, l2 = NULL; const char *name; size_t n; gcry_err_code_t rc = GPG_ERR_NO_ERROR; int i; const char *algo_name = NULL; int algo; const char *sec_elems = NULL, *pub_elems = NULL; gcry_mpi_t skey[10], *factors = NULL; unsigned int nbits = 0; unsigned long use_e = 0; unsigned int qbits; + gcry_mpi_t xvalue = NULL; char *name_terminated; REGISTER_DEFAULT_PUBKEYS; skey[0] = NULL; *r_key = NULL; list = gcry_sexp_find_token (s_parms, "genkey", 0); if (!list) { rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */ goto leave; } l2 = gcry_sexp_cadr (list); gcry_sexp_release (list); list = l2; l2 = NULL; if (! list) { rc = GPG_ERR_NO_OBJ; /* No cdr for the genkey. */ goto leave; } name = gcry_sexp_nth_data (list, 0, &n); if (! name) { rc = GPG_ERR_INV_OBJ; /* Algo string missing. */ goto leave; } name_terminated = gcry_malloc (n + 1); if (!name_terminated) { rc = gpg_err_code_from_errno (errno); goto leave; } memcpy (name_terminated, name, n); name_terminated[n] = 0; ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name_terminated); ath_mutex_unlock (&pubkeys_registered_lock); gcry_free (name_terminated); if (! module) { rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ goto leave; } pubkey = (gcry_pk_spec_t *) module->spec; algo = module->mod_id; algo_name = pubkey->aliases? *pubkey->aliases : NULL; if (!algo_name || !*algo_name) algo_name = pubkey->name; pub_elems = pubkey->elements_pkey; sec_elems = pubkey->elements_skey; /* Handle the optional rsa-use-e element. */ l2 = gcry_sexp_find_token (list, "rsa-use-e", 0); if (l2) { char buf[50]; name = gcry_sexp_nth_data (l2, 1, &n); if ((! name) || (n >= DIM (buf) - 1)) { rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ goto leave; } memcpy (buf, name, n); buf[n] = 0; use_e = strtoul (buf, NULL, 0); gcry_sexp_release (l2); l2 = NULL; } else use_e = 65537; /* Not given, use the value generated by old versions. */ /* Handle the optional qbits element. */ l2 = gcry_sexp_find_token (list, "qbits", 0); if (l2) { char buf[50]; name = gcry_sexp_nth_data (l2, 1, &n); if ((! name) || (n >= DIM (buf) - 1)) { rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ goto leave; } memcpy (buf, name, n); buf[n] = 0; qbits = (unsigned int)strtoul (buf, NULL, 0); gcry_sexp_release (l2); l2 = NULL; } else qbits = 0; + /* Parse the optional xvalue element. */ + l2 = gcry_sexp_find_token (list, "xvalue", 0); + if (l2) + { + xvalue = gcry_sexp_nth_mpi (l2, 1, 0); + if (!xvalue) + { + rc = GPG_ERR_BAD_MPI; + goto leave; + } + } + /* Now parse the required nbits element. */ l2 = gcry_sexp_find_token (list, "nbits", 0); gcry_sexp_release (list); list = l2; l2 = NULL; if (! list) { rc = GPG_ERR_NO_OBJ; /* No nbits parameter. */ goto leave; } name = gcry_sexp_nth_data (list, 1, &n); if (! name) { rc = GPG_ERR_INV_OBJ; /* nbits without a cdr. */ goto leave; } name_terminated = gcry_malloc (n + 1); if (!name_terminated) { rc = gpg_err_code_from_errno (errno); goto leave; } memcpy (name_terminated, name, n); name_terminated[n] = 0; nbits = (unsigned int) strtoul (name_terminated, NULL, 0); gcry_free (name_terminated); - rc = pubkey_generate (module->mod_id, nbits, qbits, use_e, skey, &factors); + rc = pubkey_generate (module->mod_id, nbits, qbits, use_e, xvalue, + skey, &factors); if (rc) goto leave; { char *string, *p; size_t nelem=0, nelem_cp = 0, needed=0; gcry_mpi_t mpis[30]; nelem = strlen (pub_elems) + strlen (sec_elems); for (i = 0; factors[i]; i++) nelem++; nelem_cp = nelem; needed += nelem * 10; needed += 2 * strlen (algo_name) + 300; if (nelem > DIM (mpis)) BUG (); /* Build the string. */ nelem = 0; string = p = gcry_malloc (needed); if (!string) { rc = gpg_err_code_from_errno (errno); goto leave; } p = stpcpy (p, "(key-data"); p = stpcpy (p, "(public-key("); p = stpcpy (p, algo_name); for(i = 0; pub_elems[i]; i++) { *p++ = '('; *p++ = pub_elems[i]; p = stpcpy (p, "%m)"); mpis[nelem++] = skey[i]; } p = stpcpy (p, "))"); p = stpcpy (p, "(private-key("); p = stpcpy (p, algo_name); for (i = 0; sec_elems[i]; i++) { *p++ = '('; *p++ = sec_elems[i]; p = stpcpy (p, "%m)"); mpis[nelem++] = skey[i]; } p = stpcpy (p, "))"); /* Very ugly hack to make release_mpi_array() work FIXME */ skey[i] = NULL; p = stpcpy (p, "(misc-key-info(pm1-factors"); for(i = 0; factors[i]; i++) { p = stpcpy (p, "%m"); mpis[nelem++] = factors[i]; } strcpy (p, ")))"); while (nelem < DIM (mpis)) mpis[nelem++] = NULL; { int elem_n = strlen (pub_elems) + strlen (sec_elems); void **arg_list; arg_list = malloc (nelem_cp * sizeof *arg_list); if (!arg_list) { rc = gpg_err_code_from_errno (errno); goto leave; } for (i = 0; i < elem_n; i++) arg_list[i] = mpis + i; for (; i < nelem_cp; i++) arg_list[i] = factors + i - elem_n; rc = gcry_sexp_build_array (r_key, NULL, string, arg_list); free (arg_list); if (rc) BUG (); assert (DIM (mpis) == 30); /* Reminder to make sure that the array gets increased if new parameters are added. */ } gcry_free (string); } leave: release_mpi_array (skey); /* Don't free SKEY itself, it is a static array. */ - + + gcry_mpi_release (xvalue); + if (factors) { release_mpi_array ( factors ); gcry_free (factors); } if (l2) gcry_sexp_release (l2); if (list) gcry_sexp_release (list); - + if (module) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); } return gcry_error (rc); } /* Get the number of nbits from the public key. Hmmm: Should we have really this function or is it better to have a more general function to retrieve different propoerties of the key? */ unsigned int gcry_pk_get_nbits (gcry_sexp_t key) { gcry_module_t module = NULL; gcry_pk_spec_t *pubkey; gcry_mpi_t *keyarr = NULL; unsigned int nbits = 0; gcry_err_code_t rc; REGISTER_DEFAULT_PUBKEYS; rc = sexp_to_key (key, 0, &keyarr, &module); if (rc == GPG_ERR_INV_OBJ) rc = sexp_to_key (key, 1, &keyarr, &module); if (rc) return 0; /* Error - 0 is a suitable indication for that. */ pubkey = (gcry_pk_spec_t *) module->spec; nbits = (*pubkey->get_nbits) (module->mod_id, keyarr); ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); release_mpi_array (keyarr); gcry_free (keyarr); return nbits; } /* Return the so called KEYGRIP which is the SHA-1 hash of the public key parameters expressed in a way depended on the algorithm. ARRAY must either be 20 bytes long or NULL; in the latter case a newly allocated array of that size is returned, otherwise ARRAY or NULL is returned to indicate an error which is most likely an unknown algorithm. The function accepts public or secret keys. */ unsigned char * gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array) { gcry_sexp_t list = NULL, l2 = NULL; gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; const char *s, *name; size_t n; int idx; int is_rsa; const char *elems; gcry_md_hd_t md = NULL; REGISTER_DEFAULT_PUBKEYS; /* Check that the first element is valid. */ list = gcry_sexp_find_token (key, "public-key", 0); if (! list) list = gcry_sexp_find_token (key, "private-key", 0); if (! list) list = gcry_sexp_find_token (key, "protected-private-key", 0); if (! list) list = gcry_sexp_find_token (key, "shadowed-private-key", 0); if (! list) return NULL; /* No public- or private-key object. */ l2 = gcry_sexp_cadr (list); gcry_sexp_release (list); list = l2; l2 = NULL; name = gcry_sexp_nth_data (list, 0, &n); if (! name) goto fail; /* Invalid structure of object. */ { char *name_terminated = gcry_malloc (n + 1); if (!name_terminated) goto fail; memcpy (name_terminated, name, n); name_terminated[n] = 0; ath_mutex_lock (&pubkeys_registered_lock); module = gcry_pk_lookup_name (name_terminated); ath_mutex_unlock (&pubkeys_registered_lock); gcry_free (name_terminated); } if (! module) goto fail; /* unknown algorithm */ pubkey = (gcry_pk_spec_t *) module->spec; /* FIXME, special handling should be implemented by the algorithms, not by the libgcrypt core. */ is_rsa = module->mod_id == GCRY_PK_RSA; elems = pubkey->elements_grip; if (! elems) goto fail; /* no grip parameter */ if (gcry_md_open (&md, GCRY_MD_SHA1, 0)) goto fail; for (idx = 0, s = elems; *s; s++, idx++) { const char *data; size_t datalen; l2 = gcry_sexp_find_token (list, s, 1); if (! l2) goto fail; data = gcry_sexp_nth_data (l2, 1, &datalen); if (! data) goto fail; if (!is_rsa) { char buf[30]; sprintf (buf, "(1:%c%u:", *s, (unsigned int)datalen); gcry_md_write (md, buf, strlen (buf)); } /* PKCS-15 says that for RSA only the modulus should be hashed - however, it is not clear wether this is meant to has the raw bytes assuming this is an unsigned integer or whether the DER required 0 should be prefixed. We hash the raw bytes. For non-RSA we hash S-expressions. */ gcry_md_write (md, data, datalen); gcry_sexp_release (l2); if (!is_rsa) gcry_md_write (md, ")", 1); } if (!array) { array = gcry_malloc (20); if (! array) goto fail; } memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20); gcry_md_close (md); gcry_sexp_release (list); return array; fail: if (l2) gcry_sexp_release (l2); if (md) gcry_md_close (md); gcry_sexp_release (list); return NULL; } gcry_error_t gcry_pk_ctl (int cmd, void *buffer, size_t buflen) { gcry_err_code_t err = GPG_ERR_NO_ERROR; REGISTER_DEFAULT_PUBKEYS; switch (cmd) { case GCRYCTL_DISABLE_ALGO: /* This one expects a buffer pointing to an integer with the algo number. */ if ((! buffer) || (buflen != sizeof (int))) err = GPG_ERR_INV_ARG; else disable_pubkey_algo (*((int *) buffer)); break; default: err = GPG_ERR_INV_OP; } return gcry_error (err); } /* Return information about the given algorithm WHAT select the kind of information returned: GCRYCTL_TEST_ALGO: Returns 0 when the specified algorithm is available for use. Buffer must be NULL, nbytes may have the address of a variable with the required usage of the algorithm. It may be 0 for don't care or a combination of the GCRY_PK_USAGE_xxx flags; GCRYCTL_GET_ALGO_USAGE: Return the usage glafs for the give algo. An invalid alog does return 0. Disabled algos are ignored here becuase we only want to know whether the algo is at all capable of the usage. Note: Because this function is in most cases used to return an integer value, we can make it easier for the caller to just look at the return value. The caller will in all cases consult the value and thereby detecting whether a error occured or not (i.e. while checking the block size) */ gcry_error_t gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes) { gcry_err_code_t err = GPG_ERR_NO_ERROR; switch (what) { case GCRYCTL_TEST_ALGO: { int use = nbytes ? *nbytes : 0; if (buffer) err = GPG_ERR_INV_ARG; else if (check_pubkey_algo (algorithm, use)) err = GPG_ERR_PUBKEY_ALGO; break; } case GCRYCTL_GET_ALGO_USAGE: { gcry_module_t pubkey; int use = 0; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) { use = ((gcry_pk_spec_t *) pubkey->spec)->use; _gcry_module_release (pubkey); } ath_mutex_unlock (&pubkeys_registered_lock); /* FIXME? */ *nbytes = use; break; } case GCRYCTL_GET_ALGO_NPKEY: { /* FIXME? */ int npkey = pubkey_get_npkey (algorithm); *nbytes = npkey; break; } case GCRYCTL_GET_ALGO_NSKEY: { /* FIXME? */ int nskey = pubkey_get_nskey (algorithm); *nbytes = nskey; break; } case GCRYCTL_GET_ALGO_NSIGN: { /* FIXME? */ int nsign = pubkey_get_nsig (algorithm); *nbytes = nsign; break; } case GCRYCTL_GET_ALGO_NENCR: { /* FIXME? */ int nencr = pubkey_get_nenc (algorithm); *nbytes = nencr; break; } default: err = GPG_ERR_INV_OP; } return gcry_error (err); } gcry_err_code_t _gcry_pk_init (void) { gcry_err_code_t err = GPG_ERR_NO_ERROR; REGISTER_DEFAULT_PUBKEYS; return err; } gcry_err_code_t _gcry_pk_module_lookup (int algorithm, gcry_module_t *module) { gcry_err_code_t err = GPG_ERR_NO_ERROR; gcry_module_t pubkey; REGISTER_DEFAULT_PUBKEYS; ath_mutex_lock (&pubkeys_registered_lock); pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm); if (pubkey) *module = pubkey; else err = GPG_ERR_PUBKEY_ALGO; ath_mutex_unlock (&pubkeys_registered_lock); return err; } void _gcry_pk_module_release (gcry_module_t module) { ath_mutex_lock (&pubkeys_registered_lock); _gcry_module_release (module); ath_mutex_unlock (&pubkeys_registered_lock); } /* Get a list consisting of the IDs of the loaded pubkey modules. If LIST is zero, write the number of loaded pubkey modules to LIST_LENGTH and return. If LIST is non-zero, the first *LIST_LENGTH algorithm IDs are stored in LIST, which must be of according size. In case there are less pubkey modules than *LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */ gcry_error_t gcry_pk_list (int *list, int *list_length) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ath_mutex_lock (&pubkeys_registered_lock); err = _gcry_module_list (pubkeys_registered, list, list_length); ath_mutex_unlock (&pubkeys_registered_lock); return err; } gcry_err_code_t _gcry_pk_get_elements (int algo, char **enc, char **sig) { gcry_module_t pubkey; gcry_pk_spec_t *spec; gcry_err_code_t err; char *enc_cp; char *sig_cp; REGISTER_DEFAULT_PUBKEYS; enc_cp = NULL; sig_cp = NULL; spec = NULL; pubkey = _gcry_module_lookup_id (pubkeys_registered, algo); if (! pubkey) { err = GPG_ERR_INTERNAL; goto out; } spec = pubkey->spec; if (enc) { enc_cp = strdup (spec->elements_enc); if (! enc_cp) { err = gpg_err_code_from_errno (errno); goto out; } } if (sig) { sig_cp = strdup (spec->elements_sig); if (! sig_cp) { err = gpg_err_code_from_errno (errno); goto out; } } if (enc) *enc = enc_cp; if (sig) *sig = sig_cp; err = 0; out: _gcry_module_release (pubkey); if (err) { free (enc_cp); free (sig_cp); } return err; } diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 9a1e9dd6..dc6556d2 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,665 +1,672 @@ +2007-02-23 Werner Koch + + * mpi-pow.c (gcry_mpi_powm): Remove unused var ESIGN. + + * mpiutil.c (gcry_mpi_get_flag): Let it return a value to silent + MIPSpro cc warning. + 2007-02-21 Werner Koch * mpicoder.c (_gcry_mpi_set_buffer): Made BUFFER a void*. 2006-11-15 Werner Koch * Makefile.am (.S.o): Check for srcdir also in in CPP pass. (INCLUDES): Removed. (AM_CPPFLAGS, AM_CFLAGS): New, modified. Merged with Moritz' changes. 2006-11-05 Moritz Schulte * Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the new gcrypt.h is used, not the one installed in the system. 2006-10-23 Werner Koch * config.links (mpi_optional_modules): Make sure that powerpc64 is matched before a generic powerpc. Reported by Andreas Metzler. Should fix Debian bug 284609. 2006-08-25 Werner Koch * mpi-bit.c (gcry_mpi_rshift): Don't shift if N == 0 but do a plain copy. 2006-08-04 Werner Koch * mpi-bit.c (gcry_mpi_rshift): Rewritten to remove the limitation on N (which used to be less than BITS_PER_MPI_LIMB). 2006-08-03 Werner Koch * mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit): Fixed allocation. Reported by bpgcrypt at itaparica.org. * mpiutil.c (_gcry_mpi_resize): Clear the new part of the resized limb space. 2006-07-26 Werner Koch * mpiutil.c (gcry_mpi_randomize): Changed P to unsigned char*. * mpicoder.c (gcry_mpi_scan): Changed arg BUFFER to void*. (mpi_read_from_buffer): Made BUFFER arg const. (gcry_mpi_scan): Removed now needless cast. Add cast for arg to mpi_fromstr. (gcry_mpi_print): Made TMP unsigned. * Makefile.am (AM_CCASFLAGS): New. 2005-10-09 Moritz Schulte * mpi-cmp.c (gcry_mpi_cmp_ui): Rewritten; correctly handle case of zero limbs in U. 2005-04-27 Moritz Schulte * mpiutil.c (gcry_mpi_randomize): Store random data in secure memory if the given MPI is secure - not the other way around (argl). 2005-04-23 Moritz Schulte * Makefile.am: Don't assume the compiler will pre-process the .S files. Some compilers, like those from HP and IBM, don't do this. So, we use the same solution gnupg-1.4.0 does. Preprocess first and then compile. * hppa1.1/mpih-mul3.S: Add "level 1.1" directive to disable warning about using PA-RISC1.1 opcodes. * hppa1.1/mpih-mul2.S: Likewise. * hppa1.1/mpih-mul1.S: Likewise. * hppa1.1/udiv-qrnnd.S: Likewise. 2005-02-16 Moritz Schulte * mpiutil.c (_gcry_mpi_alloc_limb_space): Rewritten, fixed memory corruption. 2005-02-06 Moritz Schulte * mpiutil.c (_gcry_mpi_get_ui, gcry_mpi_get_ui): New functions. 2005-01-05 Werner Koch * hppa1.1/udiv-qrnnd.S: Reverted change of 2004-03-02 but kept the .align directive. 2004-12-16 Werner Koch * config.links (mpi_optional_modules): Move entry for powerpc64 before generic powerpc. Suggested by Rafael Ávila de Espíndola. 2004-03-02 Werner Koch * hppa1.1/udiv-qrnnd.S: Alignment fix from Lamont Jones for Debian. Taken from gnupg-1.3. * longlong.h: Added PowerPC 64 bit code from GPM-4.1.2 but didn't enable it yet. Some whitespace changes in HPPA to fix assembler problems on HP-UX. From gnupg 1.3 * mpiutil.c (_gcry_mpi_alloc_limb_space): Better allocate something even if NLIMBS is passed as 0. * config.links: Updated system list to match gnupg 1.3. 2003-12-19 Werner Koch * mpi-internal.h [M_DEBUG]: Removed this unused code. (struct karatsuba_ctx): Added TSPACE_NLIMBS and TP_NLIMBS. * mpiutil.c (_gcry_mpi_free_limb_space): Add arg NLIMBS and wipe out the memory. Changed all callers. * mpih-mul.c (_gcry_mpih_mul_karatsuba_case): Keep track of allocated limbs. * mpi-div.c (_gcry_mpi_tdiv_qr): Keep track of allocated limbs. * mpi-mul.c (gcry_mpi_mul): Ditto. * mpi-pow.c (gcry_mpi_powm): Ditto. * Manifest: Empty new file. Also add Manifest files to all CPU specific directories. * Makefile.am: Added. * mpiutil.c (gcry_mpi_randomize): Use gcry_create_nonce if WEAK random has been requested. 2003-10-31 Werner Koch * i386/mpih-rshift.S, i386/mpih-lshift.S: Use %dl and not %edx for testb; this avoids an assembler warning. * mpi-pow.c (gcry_mpi_powm): s/exp/expo/ to avoid shadowing warning. 2003-08-19 Marcus Brinkmann * Makefile.am (SUFFIXES): New variable. (.S.o, .S.lo, .S.obj): Rewritten. 2003-07-30 Moritz Schulte * longlong.h (__clz_tab): Renamed to _gcry_clz_tab. * mpi-bit.c (__clz_tab): Likewise. 2003-07-27 Werner Koch * mpicoder.c (gcry_mpi_scan): New argument BUFLEN to replace the use of the intial value of NBYTES. Changed BUFFER to unsigned. (gcry_mpi_print): Likewise. (gcry_mpi_dump): New. (_gcry_log_mpidump): Make use of gcry_mpi_dump. (mpi_print): Removed. (gcry_mpi_scan): Allocated mpi in secure memory when required. (gcry_mpi_aprint): Changed BUFFER to unsigned char*. 2003-07-14 Moritz Schulte * mpicoder.c: Used gcry_err* wrappers for libgpg-error symbols. 2003-06-16 Moritz Schulte * mpi-add.c: Replace last occurences of old type names with newer names (i.e. replace MPI with gcry_mpi_t). * mpi-bit.c: Likewise. * mpi-cmp.c: Likewise. * mpi-div.c: Likewise. * mpi-gcd.c: Likewise. * mpi-internal.h: Likewise. * mpi-inv.c: Likewise. * mpi-mpow.c: Likewise. * mpi-mul.c: Likewise. * mpi-pow.c: Likewise. * mpi-scan.c: Likewise. * mpicoder.c: Likewise. * mpiutil.c: Likewise. 2003-06-09 Moritz Schulte * mpicoder.c (gcry_mpi_scan): Adjust for libgpg-error. (gcry_mpi_print): Likewise. (gcry_mpi_aprint): Likewise. 2003-06-07 Moritz Schulte * longlong.h, mpi-add.c, mpi-bit.c, mpi-cmp.c, mpi-div.c, mpi-gcd.c, mpi-inline.c, mpi-inline.h, mpi-internal.h, mpi-inv.c, mpi-mpow.c, mpi-mul.c, mpi-pow.c, mpi-scan.c, mpicoder.c, mpih-div.c, mpih-mul.c, mpiutil.c, generic/mpi-asm-defs.h, generic/mpih-add1.c, generic/mpih-lshift.c, generic/mpih-mul1.c, generic/mpih-mul2.c, generic/mpih-mul3.c, generic/mpih-rshift.c, generic/mpih-sub1.c, generic/udiv-w-sdiv.c, i386/syntax.h, m68k/syntax.h, mips3/mpi-asm-defs.h, powerpc32/syntax.h: Edited all preprocessor instructions to remove whitespace before the '#'. This is not required by C89, but there are some compilers out there that don't like it. Replaced any occurence of the now deprecated type names with the new ones. 2003-05-21 Moritz Schulte * mpiutil.c (_gcry_mpi_alloc_limb_space): Only try to allocate memory in case the amount of bytes to allocate is non-zero. 2003-04-27 Moritz Schulte * mpiutil.c (_gcry_mpi_resize): Allocate secure memory, in case bit zero of `flags' is set. * mpi-add.c (gcry_mpi_sub): Simplify function; always use a temporary variable now. 2003-04-15 Werner Koch * longlong.h (umul_ppmm): Support SH3 and SH4. Thanks to kazuya.s@jp.yokogawa.com. 2003-04-02 Werner Koch * mpicoder.c (gcry_mpi_print): Fixed testing against possible uninitialized LEN. Valgrinded by Nikos Mavroyanopoulos. 2003-01-15 Werner Koch * longlong.h: Removed some spaces between backslashes and newlines. 2002-09-20 Werner Koch * mpi-mul.c (gcry_mpi_mul_2exp): New. This was declared in gcrypt.h but only implemented as internal function. Noted by Timo but a few minutes to late for today's release. * Makefile.am (DISTCLEANFILES): Include mpi-asm-defs.h 2002-09-18 Werner Koch * Makefile.am (.S.lo): Pass -DPIC. i386, PPC and Sparc code require it. It worked for me because I am using the i586 code. 2002-08-23 Werner Koch * Makefile.am (.S.lo): Fixed for libtool build with --disable-shared. 2002-07-24 Werner Koch * longlong.h: Replaced all K&R multiline strings by ISO ones for the sake of modern compilers. Suggested by Marco Parrone. 2002-06-24 Werner Koch * mpiutil.c (gcry_mpi_swap): New. * mpi-div.c (gcry_mpi_div): New. (gcry_mpi_mod): New. * mpi-inv.c (gcry_mpi_invm): New. * mpicoder.c (do_get_buffer): Make sure that we allocate at least one byte. 2002-06-12 Werner Koch * hppa1.1/udiv-qrnnd.S: Changes for PIC by Randolph Chung. 2002-05-15 Werner Koch * config.links: Chnage the way the mpi modules are determined. * Makefile.am: Revamped to better handle modules 2002-05-14 Werner Koch Changed license of all files to the LGPL. 2002-04-18 Werner Koch * mpicoder.c (gcry_mpi_scan): Don't use normalize on a NULL MPI. 2002-03-20 Werner Koch * mpicoder.c (mpi_read_from_buffer): Bail out on a zero length buffer because we can't eventually do an malloc of this size. Reported by Timo. 2002-01-14 Werner Koch * mpi-inv.c (_gcry_mpi_invm): Typo fixes, noted by Carlo Perassi. 2001-11-01 Werner Koch * mpicoder.c (gcry_mpi_scan): Allow to pass a nbytes as NULL or with value 0 for format GCRY_FMT_SSH, so that the length is not used for any checks, only the length stored in the bufer is used. This is a nice format becuase we can just pass a buffer around and don't need to care about its length. 2001-08-03 Werner Koch * config.links: Changed the way the list of files to be symlinked is returned. 2001-05-31 Werner Koch * mpih-cmp.c: Removed and moved mpihelp_cmp to .. * mpi-inline.h: .. here. Major function renaming. All global functions are now prefixed with _gcry_ or gcry_. Renamed also all mpihelp_ to just mpih_ so that functions names are not getting to long an unreadable and for better matching with the filenames. 2001-05-28 Werner Koch * mpicoder.c (mpi_fromstr): Made static and assume that all input is in hexformat. Updated all CPU specific code with the one from GnuPG-1.0.5. This is just a change of text formatting and the use of .label instead of labels for hppa and pa7100. * longlong.h: Fixes for ARM by Phil Blundell. 2001-03-29 Werner Koch * mpi-mul.c (mpi_mul): Make sure that secret temporary results are not stored in w. Suggested by Florian Weimer. * config.links: Use i386 code for i386. According to tests by Kevin Ryde the i586 code runs slow on i386 CPUs. Ditto for i786. 2001-01-11 Werner Koch * Makefile.am: Removed mpi.h. 2000-12-19 Werner Koch * mpi-internal.h: Put limb_t definition in an ifdef. Major change: Removed all GnuPG stuff and renamed this piece of software to gcrypt. 2000-11-14 Werner Koch * mpi-internal.h, mpi.h: Changed the way they are called and introduced DID_MPI_LIMP_TYPEDEF hack. Very ugly, should all be revamped. * Makefile.am (OMIT_DEPENDENCIES): Hack to work around dependency problems. 2000-10-11 Werner Koch * generic/mpi-asm-defs.h: New. * mips3/mpi-asm-defs.h: New. * config.links: Create a link to one of the above files. Fri Jul 28 18:19:11 CEST 2000 Werner Koch * mpicoder.c (gcry_mpi_scan): Normalize the returned MPI. Tue Jul 25 17:44:15 CEST 2000 Werner Koch * config.links: Support for powerpc--netbsd by Gabriel Rosenkoetter. Mon Jul 17 16:35:47 CEST 2000 Werner Koch * power/: Add all files from GMP for this CPU. Converted comments to CPP comments because some ASes complain about ' in comments. * config.links: Support for BSDI 4.x; by Wayne Chapeskie. Add support for FreeBSD 5 and made the case stmt looking nicer; by Jun Kuriyama. Add support for NetBSD. (sparc8): Made the search path the same as sparc9 (sparc64-unknown-linux-gnu): use udiv module; by Adam Mitchell. * Makefile.am: c/SFLAGS/ASFLAGS/. This has only been used by the powerpc and actually never passed the -Wa,foo to the cc. * mpih-div.c (mpihelp_divrem): The MPN_COPY_DECR copied one element too many. This is a gmp2.0.2p9.txt patch. * longlong.h (umul_ppmm): Fixes for ARM-4. By Sean MacLennan. * mpi-internal.h (karatsuba_ctx): New. * mpih-mul.c (mpihelp_release_karatsuba_ctx): New. (mpihelp_mul_karatsuba_case): New. (mpihelp_mul): Splitted to make use of the new functions. * mpi-pow.c (mpi_powm): Make use of the new splitted function to avoid multiple allocation of temporary memory during the karatsuba operations. * mpi_mpow.c: Removed the unused Barrett code. 2000-03-21 16:17:30 Werner Koch (wk@habibti.openit.de) * config.links: Add support for FreeBSD 5. Mon Jan 24 22:24:38 CET 2000 Werner Koch * mpicoder.c (gcry_mpi_aprint): Now really returns the length. Mon Jan 24 13:04:28 CET 2000 Werner Koch * mpiutil.c: Removed all memory debugging code. * mpicoder.c (gcry_mpi_aprint): New. * Replaced all m_ memory functions by g10_ ones. Fri Dec 31 14:06:56 CET 1999 Werner Koch * mpi-bit.c (gcry_mpi_get_nbits): New. * mpiutil.c (mpi_set_secure): made static. (gcry_mpi_get_flag): New. (gcry_mpi_set_flag): New. (gcry_mpi_clear_flag): New. (mpi_set_opaque): renamed to gcry_mpi_set_opaque. (mpi_get_opaque): renamed to gcry_mpi_get_opaque. Fri Dec 31 12:48:31 CET 1999 Werner Koch * mpicoder.c (mpi_read_from_buffer): Made static. (gcry_mpi_print): A buffer of NULL is now allowed to get the required length back. (mpi_get_keyid): Removed. (mpi_print): Made static - should be removed. Wed Dec 8 21:58:32 CET 1999 Werner Koch * Makefile.am (INCLUDES): Add ../gcrypt. * g10m.c : Removed. * mpicoder.c (mpi_write): Removed. (mpi_read): Removed. (gcry_mpi_scan): New. Taken from ../gcrypt/mpiapi.c. (gcry_mpi_print): Ditto. * mpi-pow.c (mpi_powm): Renamed to ... (gcry_mpi_powm): ... this. * mpiutil.c (gcry_mpi_new): New as a wrapper around the old function. Taken from ../gcrypt/mpiapi.c. (gcry_mpi_snew): Ditto. (gcry_mpi_release): Ditto. (gcry_mpi_copy): Ditto. (gcry_mpi_set): Ditto. (gcry_mpi_set_ui): Ditto. (gcry_mpi_cmp): Ditto. (gcry_mpi_cmp_ui): Ditto. (gcry_mpi_randomize): Ditto. * mpicoder.c (mpi_print): Removed the nbit_info kludge. * mpi-bits.c (mpi_get_nbits): Replaced the is_protected stuff by checking whether it is an opaque mpi and then returns it's length in bits. * mpiutil.c (mpi_set_opaque): Changed the interface to take a number of bits for the length. Adjusted all users. (mpi_get_opaque): Ditto. Fri Nov 19 17:15:20 CET 1999 Werner Koch * mpicoder.c (g10_log_mpidump): Add a temporary workaround * mpih-mul.c (mpihelp_mul_n): s/m_is_ecure/g10_is_secure/ * mpiutil.c (mpi_alloc): Remved the debug mode because it has turned out, that this feature was not very useful in the past. Use the new alloc functions. (mpi_alloc_secure): Ditto. (mpi_alloc_limb_space): Ditto. (mpi_free_limb_space): Ditto. (mpi_resize): Ditto. (mpi_free): Ditto. (mpi_set_secure): Removed the debug stuff. (mpi_set_opaque): Ditto. (mpi_copy): Ditto. (mpi_alloc_set_ui): Ditto. (mpi_m_check): Use g10_ wrapper. Mon Aug 30 20:38:33 CEST 1999 Werner Koch * config.links: Add case label for DJGPP Wed Jul 14 19:42:08 CEST 1999 Werner Koch * Makefile.am: Use .s files as temporaries, disabled other .S rules. Wed Jul 7 13:08:40 CEST 1999 Werner Koch * mpicoder.c (g10_log_mpidump): New. * Makefile.am: Support for libtool. Fri Jul 2 11:45:54 CEST 1999 Werner Koch * mpi-bit.c (mpi_lshift_limbs,mpi_rshift_limbs): New. * mpi-mpow.c (barrett_mulm): New but diabled. Tue Jun 1 16:01:46 CEST 1999 Werner Koch * config.links (i[56]86*-*-freebsdelf*): New. Sun May 23 14:20:22 CEST 1999 Werner Koch * config.links (sysdep.h): Not any more conditionally created. Tue May 4 15:47:53 CEST 1999 Werner Koch * mpiutil.c (mpi_alloc_like): New. Mon Apr 26 17:48:15 CEST 1999 Werner Koch * mpih-add.c, mpih-sub.c: Removed * mpi-inline.c: New. * mpi-inline.h: Make it usable by mpi-inline.c. Sun Apr 18 10:11:28 CEST 1999 Werner Koch * mpih-mul.c (mpihelp_mul_n): Fixed use of memory region. (mpihelp_mul): Ditto. Wed Apr 7 20:51:39 CEST 1999 Werner Koch * Makefile.am: Explicit rules to invoke cpp on *.S Mon Mar 8 20:47:17 CET 1999 Werner Koch * config.links: Take advantage of the with_symbol_underscore macro. Add support for freebsd 4. Wed Feb 24 11:07:27 CET 1999 Werner Koch * mips3/mpih-sub1.S: Removed left over junk in last line. (Should I blame me or my editor?). Sat Feb 13 12:04:43 CET 1999 Werner Koch * Makefile.am: Removed the +=. Add MPI_OPT_FLAGS. Sat Jan 9 16:02:23 CET 1999 Werner Koch * mpi-cmp.c (mpi_cmp_ui): Normalized the arg. Thu Jan 7 18:00:58 CET 1999 Werner Koch * mpi-bit.c (mpi_normalize): New. (mpi_get_nbits): Normalize the MPI. * mpi-bit.c (mpi_cmp): Normalize the MPI before the compare. Tue Dec 8 13:15:16 CET 1998 Werner Koch * config.links: Moved the case for powerpc*linux * powerpcp32/*.S: Removed some underscores. Thu Nov 26 07:27:52 1998 Werner Koch * config.links: Support for ppc with ELF * powerpc32/syntax.h: New. * powerpc32/*.S: Applied ELF patches (glibc patches) Tue Nov 10 19:31:37 1998 Werner Koch (wk@isil.d.shuttle.de) * power*/ : Started with stuff for PPC * config.links: Some stuff for PPC. * generic/udiv-w-sdiv.c: New but disabled. Tue Oct 27 12:37:46 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links (freebsd): Fixes for FreeBSD 3.0 Wed Oct 14 09:59:30 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links (freebsd): ELF patches from Jun Kuriyama. Thu Oct 8 13:28:17 1998 Werner Koch (wk@isil.d.shuttle.de) * mpi-mpow.c (mpi_mulpowm): Fixed mem leak (m_free/mpi_free). Thu Sep 17 18:08:50 1998 Werner Koch (wk@(none)) * hppa1.1/udiv-qrnnd.S: Fix from Steffen Zahn for HPUX 10.20 Thu Aug 6 16:39:28 1998 Werner Koch,mobil,,, (wk@tobold) * mpi-bit.c (mpi_set_bytes): Removed. Wed Aug 5 15:11:12 1998 Werner Koch (wk@(none)) * mpicoder.c (mpi_read_from_buffer): New. * mpiutil.c (mpi_set_opaque): New. (mpi_get_opaque): New. (mpi_copy): Changed to support opauqe flag (mpi_free): Ditto. Sat Jul 4 10:11:11 1998 Werner Koch (wk@isil.d.shuttle.de) * mpiutil.c (mpi_clear): Reset flags. (mpi_set): Ditto. (mpi_alloc_secure): Set flag to 1 and not ored the 1 in, tsss.. Fri Jun 26 11:19:06 1998 Werner Koch (wk@isil.d.shuttle.de) * mpiutil.c (mpi_alloc): set nbits to 0. (mpi_alloc_secure): Ditto. (mpi_clear): Ditto. Thu Jun 25 11:50:01 1998 Werner Koch (wk@isil.d.shuttle.de) * mips3/*.S: New Mon May 18 13:47:06 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links: split mpih-shift into mpih-[lr]shift and changed all implementations. * mpi/alpha: add some new assembler stuff. Wed May 13 11:04:29 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links: Add support for MIPS Thu Apr 9 11:31:36 1998 Werner Koch (wk@isil.d.shuttle.de) * mpicoder.c (mpi_get_secure_buffer): New. Wed Apr 8 09:44:33 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links: Applied small fix from Ulf Möller. Mon Apr 6 12:38:52 1998 Werner Koch (wk@isil.d.shuttle.de) * mpicoder.c (mpi_get_buffer): Removed returned leading zeroes and changed all callers. Tue Mar 10 13:40:34 1998 Werner Koch (wk@isil.d.shuttle.de) * mpi-bit.c (mpi_clear_highbit): New. Mon Mar 2 19:29:00 1998 Werner Koch (wk@isil.d.shuttle.de) * Makefile.am (DISTCLEANFILES): New Thu Feb 26 06:48:54 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links (X86_BROKEN_ALIGN): Added for some systems. Mon Feb 23 12:21:40 1998 Werner Koch (wk@isil.d.shuttle.de) * mpi/m68k/mpih-shift.S (Lspecial): Changed duplicate symbol. Mon Feb 16 13:00:27 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links : Add detection of m68k cpus Copyright 1998,1999,2000,2001,2002,2003 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/mpi/mpi-pow.c b/mpi/mpi-pow.c index 61a115f4..4f3d73e4 100644 --- a/mpi/mpi-pow.c +++ b/mpi/mpi-pow.c @@ -1,302 +1,301 @@ /* mpi-pow.c - MPI functions * Copyright (C) 1994, 1996, 1998, 2000, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA * * Note: This code is heavily based on the GNU MP Library. * Actually it's the same code with only minor changes in the * way the data is stored; this is to support the abstraction * of an optional secure memory allocation which may be used * to avoid revealing of sensitive data due to paging etc. */ #include #include #include #include #include "mpi-internal.h" #include "longlong.h" #include /**************** * RES = BASE ^ EXPO mod MOD */ void gcry_mpi_powm( gcry_mpi_t res, gcry_mpi_t base, gcry_mpi_t expo, gcry_mpi_t mod) { mpi_ptr_t rp, ep, mp, bp; mpi_size_t esize, msize, bsize, rsize; - int esign, msign, bsign, rsign; + int msign, bsign, rsign; int esec, msec, bsec, rsec; mpi_size_t size; int mod_shift_cnt; int negative_result; mpi_ptr_t mp_marker=NULL, bp_marker=NULL, ep_marker=NULL; mpi_ptr_t xp_marker=NULL; unsigned int mp_nlimbs = 0, bp_nlimbs = 0, ep_nlimbs = 0; unsigned int xp_nlimbs = 0; int assign_rp = 0; mpi_ptr_t tspace = NULL; mpi_size_t tsize=0; /* to avoid compiler warning */ /* fixme: we should check that the warning is void*/ esize = expo->nlimbs; msize = mod->nlimbs; size = 2 * msize; - esign = expo->sign; msign = mod->sign; esec = mpi_is_secure(expo); msec = mpi_is_secure(mod); bsec = mpi_is_secure(base); rsec = mpi_is_secure(res); rp = res->d; ep = expo->d; if( !msize ) msize = 1 / msize; /* provoke a signal */ if( !esize ) { /* Exponent is zero, result is 1 mod MOD, i.e., 1 or 0 * depending on if MOD equals 1. */ rp[0] = 1; res->nlimbs = (msize == 1 && mod->d[0] == 1) ? 0 : 1; res->sign = 0; goto leave; } /* Normalize MOD (i.e. make its most significant bit set) as required by * mpn_divrem. This will make the intermediate values in the calculation * slightly larger, but the correct result is obtained after a final * reduction using the original MOD value. */ mp_nlimbs = msec? msize:0; mp = mp_marker = mpi_alloc_limb_space(msize, msec); count_leading_zeros( mod_shift_cnt, mod->d[msize-1] ); if( mod_shift_cnt ) _gcry_mpih_lshift( mp, mod->d, msize, mod_shift_cnt ); else MPN_COPY( mp, mod->d, msize ); bsize = base->nlimbs; bsign = base->sign; if( bsize > msize ) { /* The base is larger than the module. Reduce it. */ /* Allocate (BSIZE + 1) with space for remainder and quotient. * (The quotient is (bsize - msize + 1) limbs.) */ bp_nlimbs = bsec ? (bsize + 1):0; bp = bp_marker = mpi_alloc_limb_space( bsize + 1, bsec ); MPN_COPY( bp, base->d, bsize ); /* We don't care about the quotient, store it above the remainder, * at BP + MSIZE. */ _gcry_mpih_divrem( bp + msize, 0, bp, bsize, mp, msize ); bsize = msize; /* Canonicalize the base, since we are going to multiply with it * quite a few times. */ MPN_NORMALIZE( bp, bsize ); } else bp = base->d; if( !bsize ) { res->nlimbs = 0; res->sign = 0; goto leave; } if( res->alloced < size ) { /* We have to allocate more space for RES. If any of the input * parameters are identical to RES, defer deallocation of the old * space. */ if( rp == ep || rp == mp || rp == bp ) { rp = mpi_alloc_limb_space( size, rsec ); assign_rp = 1; } else { mpi_resize( res, size ); rp = res->d; } } else { /* Make BASE, EXPO and MOD not overlap with RES. */ if( rp == bp ) { /* RES and BASE are identical. Allocate temp. space for BASE. */ assert( !bp_marker ); bp_nlimbs = bsec? bsize:0; bp = bp_marker = mpi_alloc_limb_space( bsize, bsec ); MPN_COPY(bp, rp, bsize); } if( rp == ep ) { /* RES and EXPO are identical. Allocate temp. space for EXPO. */ ep_nlimbs = esec? esize:0; ep = ep_marker = mpi_alloc_limb_space( esize, esec ); MPN_COPY(ep, rp, esize); } if( rp == mp ) { /* RES and MOD are identical. Allocate temporary space for MOD.*/ assert( !mp_marker ); mp_nlimbs = msec?msize:0; mp = mp_marker = mpi_alloc_limb_space( msize, msec ); MPN_COPY(mp, rp, msize); } } MPN_COPY( rp, bp, bsize ); rsize = bsize; rsign = bsign; { mpi_size_t i; mpi_ptr_t xp; int c; mpi_limb_t e; mpi_limb_t carry_limb; struct karatsuba_ctx karactx; xp_nlimbs = msec? (2 * (msize + 1)):0; xp = xp_marker = mpi_alloc_limb_space( 2 * (msize + 1), msec ); memset( &karactx, 0, sizeof karactx ); negative_result = (ep[0] & 1) && base->sign; i = esize - 1; e = ep[i]; count_leading_zeros (c, e); e = (e << c) << 1; /* shift the expo bits to the left, lose msb */ c = BITS_PER_MPI_LIMB - 1 - c; /* Main loop. * * Make the result be pointed to alternately by XP and RP. This * helps us avoid block copying, which would otherwise be necessary * with the overlap restrictions of _gcry_mpih_divmod. With 50% probability * the result after this loop will be in the area originally pointed * by RP (==RES->d), and with 50% probability in the area originally * pointed to by XP. */ for(;;) { while( c ) { mpi_ptr_t tp; mpi_size_t xsize; /*mpih_mul_n(xp, rp, rp, rsize);*/ if( rsize < KARATSUBA_THRESHOLD ) _gcry_mpih_sqr_n_basecase( xp, rp, rsize ); else { if( !tspace ) { tsize = 2 * rsize; tspace = mpi_alloc_limb_space( tsize, 0 ); } else if( tsize < (2*rsize) ) { _gcry_mpi_free_limb_space (tspace, 0); tsize = 2 * rsize; tspace = mpi_alloc_limb_space( tsize, 0 ); } _gcry_mpih_sqr_n( xp, rp, rsize, tspace ); } xsize = 2 * rsize; if( xsize > msize ) { _gcry_mpih_divrem(xp + msize, 0, xp, xsize, mp, msize); xsize = msize; } tp = rp; rp = xp; xp = tp; rsize = xsize; if( (mpi_limb_signed_t)e < 0 ) { /*mpih_mul( xp, rp, rsize, bp, bsize );*/ if( bsize < KARATSUBA_THRESHOLD ) { _gcry_mpih_mul( xp, rp, rsize, bp, bsize ); } else { _gcry_mpih_mul_karatsuba_case( xp, rp, rsize, bp, bsize, &karactx ); } xsize = rsize + bsize; if( xsize > msize ) { _gcry_mpih_divrem(xp + msize, 0, xp, xsize, mp, msize); xsize = msize; } tp = rp; rp = xp; xp = tp; rsize = xsize; } e <<= 1; c--; } i--; if( i < 0 ) break; e = ep[i]; c = BITS_PER_MPI_LIMB; } /* We shifted MOD, the modulo reduction argument, left MOD_SHIFT_CNT * steps. Adjust the result by reducing it with the original MOD. * * Also make sure the result is put in RES->d (where it already * might be, see above). */ if( mod_shift_cnt ) { carry_limb = _gcry_mpih_lshift( res->d, rp, rsize, mod_shift_cnt); rp = res->d; if( carry_limb ) { rp[rsize] = carry_limb; rsize++; } } else { MPN_COPY( res->d, rp, rsize); rp = res->d; } if( rsize >= msize ) { _gcry_mpih_divrem(rp + msize, 0, rp, rsize, mp, msize); rsize = msize; } /* Remove any leading zero words from the result. */ if( mod_shift_cnt ) _gcry_mpih_rshift( rp, rp, rsize, mod_shift_cnt); MPN_NORMALIZE (rp, rsize); _gcry_mpih_release_karatsuba_ctx( &karactx ); } if( negative_result && rsize ) { if( mod_shift_cnt ) _gcry_mpih_rshift( mp, mp, msize, mod_shift_cnt); _gcry_mpih_sub( rp, mp, msize, rp, rsize); rsize = msize; rsign = msign; MPN_NORMALIZE(rp, rsize); } res->nlimbs = rsize; res->sign = rsign; leave: if( assign_rp ) _gcry_mpi_assign_limb_space( res, rp, size ); if( mp_marker ) _gcry_mpi_free_limb_space( mp_marker, mp_nlimbs ); if( bp_marker ) _gcry_mpi_free_limb_space( bp_marker, bp_nlimbs ); if( ep_marker ) _gcry_mpi_free_limb_space( ep_marker, ep_nlimbs ); if( xp_marker ) _gcry_mpi_free_limb_space( xp_marker, xp_nlimbs ); if( tspace ) _gcry_mpi_free_limb_space( tspace, 0 ); } diff --git a/mpi/mpiutil.c b/mpi/mpiutil.c index d74a1f89..20e1ff02 100644 --- a/mpi/mpiutil.c +++ b/mpi/mpiutil.c @@ -1,472 +1,475 @@ /* mpiutil.ac - Utility functions for MPI * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #include #include #include #include #include #include "g10lib.h" #include "mpi-internal.h" #include "memory.h" /**************** * Note: It was a bad idea to use the number of limbs to allocate * because on a alpha the limbs are large but we normally need * integers of n bits - So we should chnage this to bits (or bytes). * * But mpi_alloc is used in a lot of places :-) */ gcry_mpi_t _gcry_mpi_alloc( unsigned nlimbs ) { gcry_mpi_t a; a = gcry_xmalloc( sizeof *a ); a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 0 ) : NULL; a->alloced = nlimbs; a->nlimbs = 0; a->sign = 0; a->flags = 0; return a; } void _gcry_mpi_m_check( gcry_mpi_t a ) { _gcry_check_heap(a); _gcry_check_heap(a->d); } gcry_mpi_t _gcry_mpi_alloc_secure( unsigned nlimbs ) { gcry_mpi_t a; a = gcry_xmalloc( sizeof *a ); a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL; a->alloced = nlimbs; a->flags = 1; a->nlimbs = 0; a->sign = 0; return a; } mpi_ptr_t _gcry_mpi_alloc_limb_space( unsigned int nlimbs, int secure ) { mpi_ptr_t p; size_t len; len = (nlimbs ? nlimbs : 1) * sizeof (mpi_limb_t); p = secure ? gcry_xmalloc_secure (len) : gcry_xmalloc (len); if (! nlimbs) *p = 0; return p; } void _gcry_mpi_free_limb_space( mpi_ptr_t a, unsigned int nlimbs) { if (a) { size_t len = nlimbs * sizeof(mpi_limb_t); /* If we have information on the number of allocated limbs, we better wipe that space out. This is a failsafe feature if secure memory has been disabled or was not properly implemented in user provided allocation functions. */ if (len) wipememory (a, len); gcry_free(a); } } void _gcry_mpi_assign_limb_space( gcry_mpi_t a, mpi_ptr_t ap, unsigned int nlimbs ) { _gcry_mpi_free_limb_space (a->d, a->alloced); a->d = ap; a->alloced = nlimbs; } /**************** * Resize the array of A to NLIMBS. The additional space is cleared * (set to 0). */ void _gcry_mpi_resize (gcry_mpi_t a, unsigned nlimbs) { size_t i; if (nlimbs <= a->alloced) { /* We only need to clear the new space (this is a nop if the limb space is already of the correct size. */ for (i=a->nlimbs; i < a->alloced; i++) a->d[i] = 0; return; } /* Actually resize the limb space. */ if (a->d) { a->d = gcry_xrealloc (a->d, nlimbs * sizeof (mpi_limb_t)); for (i=a->alloced; i < nlimbs; i++) a->d[i] = 0; } else { if (a->flags & 1) /* Secure memory is wanted. */ a->d = gcry_xcalloc_secure (nlimbs , sizeof (mpi_limb_t)); else /* Standard memory. */ a->d = gcry_xcalloc (nlimbs , sizeof (mpi_limb_t)); } a->alloced = nlimbs; } void _gcry_mpi_clear( gcry_mpi_t a ) { a->nlimbs = 0; a->flags = 0; } void _gcry_mpi_free( gcry_mpi_t a ) { if (!a ) return; if ((a->flags & 4)) gcry_free( a->d ); else { _gcry_mpi_free_limb_space(a->d, a->alloced); } if ((a->flags & ~7)) log_bug("invalid flag value in mpi\n"); gcry_free(a); } static void mpi_set_secure( gcry_mpi_t a ) { mpi_ptr_t ap, bp; if ( (a->flags & 1) ) return; a->flags |= 1; ap = a->d; if (!a->nlimbs) { assert(!ap); return; } bp = mpi_alloc_limb_space (a->nlimbs, 1); MPN_COPY( bp, ap, a->nlimbs ); a->d = bp; _gcry_mpi_free_limb_space (ap, a->alloced); } gcry_mpi_t gcry_mpi_set_opaque( gcry_mpi_t a, void *p, unsigned int nbits ) { if (!a) a = mpi_alloc(0); if( a->flags & 4 ) gcry_free( a->d ); else _gcry_mpi_free_limb_space (a->d, a->alloced); a->d = p; a->alloced = 0; a->nlimbs = 0; a->sign = nbits; a->flags = 4; return a; } void * gcry_mpi_get_opaque( gcry_mpi_t a, unsigned int *nbits ) { if( !(a->flags & 4) ) log_bug("mpi_get_opaque on normal mpi\n"); if( nbits ) *nbits = a->sign; return a->d; } /**************** * Note: This copy function should not interpret the MPI * but copy it transparently. */ gcry_mpi_t _gcry_mpi_copy( gcry_mpi_t a ) { int i; gcry_mpi_t b; if( a && (a->flags & 4) ) { void *p = gcry_is_secure(a->d)? gcry_xmalloc_secure( (a->sign+7)/8 ) : gcry_xmalloc( (a->sign+7)/8 ); memcpy( p, a->d, (a->sign+7)/8 ); b = gcry_mpi_set_opaque( NULL, p, a->sign ); } else if( a ) { b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) : mpi_alloc( a->nlimbs ); b->nlimbs = a->nlimbs; b->sign = a->sign; b->flags = a->flags; for(i=0; i < b->nlimbs; i++ ) b->d[i] = a->d[i]; } else b = NULL; return b; } /**************** * This function allocates an MPI which is optimized to hold * a value as large as the one given in the argument and allocates it * with the same flags as A. */ gcry_mpi_t _gcry_mpi_alloc_like( gcry_mpi_t a ) { gcry_mpi_t b; if( a && (a->flags & 4) ) { int n = (a->sign+7)/8; void *p = gcry_is_secure(a->d)? gcry_malloc_secure( n ) : gcry_malloc( n ); memcpy( p, a->d, n ); b = gcry_mpi_set_opaque( NULL, p, a->sign ); } else if( a ) { b = mpi_is_secure(a)? mpi_alloc_secure( a->nlimbs ) : mpi_alloc( a->nlimbs ); b->nlimbs = 0; b->sign = 0; b->flags = a->flags; } else b = NULL; return b; } void _gcry_mpi_set( gcry_mpi_t w, gcry_mpi_t u) { mpi_ptr_t wp, up; mpi_size_t usize = u->nlimbs; int usign = u->sign; RESIZE_IF_NEEDED(w, usize); wp = w->d; up = u->d; MPN_COPY( wp, up, usize ); w->nlimbs = usize; w->flags = u->flags; w->sign = usign; } void _gcry_mpi_set_ui( gcry_mpi_t w, unsigned long u) { RESIZE_IF_NEEDED(w, 1); w->d[0] = u; w->nlimbs = u? 1:0; w->sign = 0; w->flags = 0; } gcry_err_code_t _gcry_mpi_get_ui (gcry_mpi_t w, unsigned long *u) { gcry_err_code_t err = GPG_ERR_NO_ERROR; unsigned long x = 0; if (w->nlimbs > 1) err = GPG_ERR_TOO_LARGE; else if (w->nlimbs == 1) x = w->d[0]; else x = 0; if (! err) *u = x; return err; } gcry_error_t gcry_mpi_get_ui (gcry_mpi_t w, unsigned long *u) { gcry_err_code_t err = GPG_ERR_NO_ERROR; err = _gcry_mpi_get_ui (w, u); return gcry_error (err); } gcry_mpi_t _gcry_mpi_alloc_set_ui( unsigned long u) { gcry_mpi_t w = mpi_alloc(1); w->d[0] = u; w->nlimbs = u? 1:0; w->sign = 0; return w; } void _gcry_mpi_swap( gcry_mpi_t a, gcry_mpi_t b) { struct gcry_mpi tmp; tmp = *a; *a = *b; *b = tmp; } void gcry_mpi_swap( gcry_mpi_t a, gcry_mpi_t b) { _gcry_mpi_swap (a, b); } gcry_mpi_t gcry_mpi_new( unsigned int nbits ) { return _gcry_mpi_alloc( (nbits+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB ); } gcry_mpi_t gcry_mpi_snew( unsigned int nbits ) { return _gcry_mpi_alloc_secure( (nbits+BITS_PER_MPI_LIMB-1) / BITS_PER_MPI_LIMB ); } void gcry_mpi_release( gcry_mpi_t a ) { _gcry_mpi_free( a ); } gcry_mpi_t gcry_mpi_copy( const gcry_mpi_t a ) { return _gcry_mpi_copy( (gcry_mpi_t)a ); } gcry_mpi_t gcry_mpi_set( gcry_mpi_t w, const gcry_mpi_t u ) { if( !w ) w = _gcry_mpi_alloc( mpi_get_nlimbs(u) ); _gcry_mpi_set( w, (gcry_mpi_t)u ); return w; } gcry_mpi_t gcry_mpi_set_ui( gcry_mpi_t w, unsigned long u ) { if( !w ) w = _gcry_mpi_alloc(1); _gcry_mpi_set_ui( w, u ); return w; } void gcry_mpi_randomize( gcry_mpi_t w, unsigned int nbits, enum gcry_random_level level ) { unsigned char *p; size_t nbytes = (nbits+7)/8; if (level == GCRY_WEAK_RANDOM) { p = mpi_is_secure(w) ? gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes); gcry_create_nonce (p, nbytes); } else { p = mpi_is_secure(w) ? gcry_random_bytes_secure (nbytes, level) : gcry_random_bytes (nbytes, level); } _gcry_mpi_set_buffer( w, p, nbytes, 0 ); gcry_free (p); } void gcry_mpi_set_flag( gcry_mpi_t a, enum gcry_mpi_flag flag ) { switch( flag ) { case GCRYMPI_FLAG_SECURE: mpi_set_secure(a); break; case GCRYMPI_FLAG_OPAQUE: default: log_bug("invalid flag value\n"); } } void gcry_mpi_clear_flag( gcry_mpi_t a, enum gcry_mpi_flag flag ) { (void)a; /* Not yet used. */ switch (flag) { case GCRYMPI_FLAG_SECURE: case GCRYMPI_FLAG_OPAQUE: default: log_bug("invalid flag value\n"); } } int gcry_mpi_get_flag( gcry_mpi_t a, enum gcry_mpi_flag flag ) { - switch( flag ) { - case GCRYMPI_FLAG_SECURE: return (a->flags & 1); - case GCRYMPI_FLAG_OPAQUE: return (a->flags & 4); - default: log_bug("invalid flag value\n"); + switch (flag) + { + case GCRYMPI_FLAG_SECURE: return (a->flags & 1); + case GCRYMPI_FLAG_OPAQUE: return (a->flags & 4); + default: log_bug("invalid flag value\n"); } + /*NOTREACHED*/ + return 0; } diff --git a/src/cipher.h b/src/cipher.h index 7aeaef6a..17002ab3 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -1,91 +1,96 @@ /* cipher.h * Copyright (C) 1998, 2002, 2003 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser general Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifndef G10_CIPHER_H #define G10_CIPHER_H #include #define DBG_CIPHER _gcry_get_debug_flag( 1 ) #include "../cipher/random.h" #define PUBKEY_FLAG_NO_BLINDING (1 << 0) /*-- rmd160.c --*/ void _gcry_rmd160_hash_buffer (void *outbuf, const void *buffer, size_t length); /*-- sha1.c --*/ void _gcry_sha1_hash_buffer (void *outbuf, const void *buffer, size_t length); /*-- dsa.c --*/ void _gcry_register_pk_dsa_progress (gcry_handler_progress_t cbc, void *cb_data); gcry_err_code_t _gcry_dsa_generate2 (int algo, unsigned int nbits, unsigned int qbits, unsigned long dummy, gcry_mpi_t *skey, gcry_mpi_t **retfactors); /*-- elgamal.c --*/ void _gcry_register_pk_elg_progress (gcry_handler_progress_t cb, void *cb_data); +gcry_err_code_t _gcry_elg_generate_using_x (int algo, unsigned int nbits, + gcry_mpi_t x, + gcry_mpi_t *skey, + gcry_mpi_t **retfactors); + /*-- primegen.c --*/ void _gcry_register_primegen_progress (gcry_handler_progress_t cb, void *cb_data); /*-- pubkey.c --*/ const char * _gcry_pk_aliased_algo_name (int algorithm); /* Declarations for the cipher specifications. */ extern gcry_cipher_spec_t _gcry_cipher_spec_blowfish; extern gcry_cipher_spec_t _gcry_cipher_spec_des; extern gcry_cipher_spec_t _gcry_cipher_spec_tripledes; extern gcry_cipher_spec_t _gcry_cipher_spec_arcfour; extern gcry_cipher_spec_t _gcry_cipher_spec_cast5; extern gcry_cipher_spec_t _gcry_cipher_spec_aes; extern gcry_cipher_spec_t _gcry_cipher_spec_aes192; extern gcry_cipher_spec_t _gcry_cipher_spec_aes256; extern gcry_cipher_spec_t _gcry_cipher_spec_twofish; extern gcry_cipher_spec_t _gcry_cipher_spec_twofish128; extern gcry_cipher_spec_t _gcry_cipher_spec_serpent128; extern gcry_cipher_spec_t _gcry_cipher_spec_serpent192; extern gcry_cipher_spec_t _gcry_cipher_spec_serpent256; extern gcry_cipher_spec_t _gcry_cipher_spec_rfc2268_40; extern gcry_cipher_spec_t _gcry_cipher_spec_seed; /* Declarations for the digest specifications. */ extern gcry_md_spec_t _gcry_digest_spec_crc32; extern gcry_md_spec_t _gcry_digest_spec_crc32_rfc1510; extern gcry_md_spec_t _gcry_digest_spec_crc24_rfc2440; extern gcry_md_spec_t _gcry_digest_spec_md4; extern gcry_md_spec_t _gcry_digest_spec_md5; extern gcry_md_spec_t _gcry_digest_spec_rmd160; extern gcry_md_spec_t _gcry_digest_spec_sha1; extern gcry_md_spec_t _gcry_digest_spec_sha224; extern gcry_md_spec_t _gcry_digest_spec_sha256; extern gcry_md_spec_t _gcry_digest_spec_sha512; extern gcry_md_spec_t _gcry_digest_spec_sha384; extern gcry_md_spec_t _gcry_digest_spec_tiger; extern gcry_md_spec_t _gcry_digest_spec_whirlpool; /* Declarations for the pubkey cipher specifications. */ extern gcry_pk_spec_t _gcry_pubkey_spec_rsa; extern gcry_pk_spec_t _gcry_pubkey_spec_elg; extern gcry_pk_spec_t _gcry_pubkey_spec_dsa; #endif /*G10_CIPHER_H*/ diff --git a/tests/ChangeLog b/tests/ChangeLog index 07d5af04..f7811626 100644 --- a/tests/ChangeLog +++ b/tests/ChangeLog @@ -1,439 +1,454 @@ +2007-02-23 Werner Koch + + * Makefile.am (TEST): Run benchmark as last. + + * ac-data.c (check_sexp_conversion): Print label only in verbose + mode. + + * pubkey.c (main): Run test just 2 times instead of 10. + (get_elg_key_new): New. + (check_run): Also run tests with Elgamal keys. + (check_keys): New arg NBITS_DATA. + (get_elg_key_new): Use only 400 for the 512 bit Elgamal test. + + * random.c: New. + 2007-02-22 Werner Koch * basic.c (check_pubkey_sign): Also try signing using an OID. * Makefile.am (TESTS) [W32]: Removed pkbench for now. * pkbench.c (benchmark): Fixed for W32. 2007-02-21 Werner Koch * hmac.c (check_one_mac): Make pointer args const. * basic.c (check_one_md): Ditto. (check_one_hmac): Ditto. * keygen.c (progress_cb): Filter out line feeds. * basic.c (progress_handler): Ditto. 2006-12-18 Werner Koch * Makefile.am (AM_CFLAGS, AM_CPPFLAGS): Splitted and merged with Moritz' changes. (INCLUDES): Removed. * keygen.c (progress_handler): New. (main): Use it in verbose mode. 2006-11-05 Moritz Schulte * Makefile.am (AM_CFLAGS): Added -I$(top_builddir)/src so that the new gcrypt.h is used, not the one installed in the system. 2006-10-17 Werner Koch * keygen.c (check_rsa_keys): Also create an 1536 bit DSA key. 2006-08-03 Werner Koch * t-mpi-bit.c: New. 2006-07-06 Werner Koch * benchmark.c (main): New option --use-random-daemon. New command strongrandom. (random_bench): New arg VERY_STRONG. 2006-03-14 Werner Koch * benchmark.c (main): Allow for seed file argument to random bench. * basic.c (main): Use progress handler only in verbose mode. (main): Speed up test key generation. * ac-data.c (check_sexp_conversion, check_run): Take care of VERBOSE. * ac.c (main): Ditto. * pubkey.c (main): Ditto. * pkbench.c (main): Ditto. * keygen.c (main): Ditto. (check_rsa_keys): Print key only in verbose mode. 2006-03-10 Brad Hards (wk, patch 2006-02-18) * basic.c (check_one_hmac, check_hmac): New. 2006-03-07 Werner Koch * benchmark.c (cipher_bench): Add OFB mode. 2006-01-18 Brad Hards (wk 2006-03-07) * basic.c: Added test cases for OFB and CFB modes. Fixed some compiler warnings for signedness. 2005-11-12 Moritz Schulte * ac-data.c: Added way more test cases. 2005-09-15 Moritz Schulte * Makefile.am (TESTS): Added keygrip. * keygrip.c: New. 2005-09-19 Werner Koch * benchmark.c (dsa_bench): New. 2005-08-19 Werner Koch * hmac.c (main): Added all FIPS tests. 2005-08-18 Werner Koch * hmac.c: New. 2005-04-22 Moritz Schulte * tsexp.c: Include in case HAVE_CONFIG_H is defined; thanks to Albert Chin. * testapi.c: Likewise. * register.c: Likewise. * pubkey.c: Likewise. * prime.c: Likewise. * pkbench.c: Likewise. * keygen.c: Likewise. * benchmark.c: Likewise. * basic.c: Likewise. * ac-schemes.c: Likewise. * ac-data.c: Likewise. * ac.c: Likewise. 2005-04-16 Moritz Schulte * ac-data.c (check_run): Include new test. 2005-04-11 Moritz Schulte * basic.c (check_digests): Add tests for Whirlpool. 2005-03-30 Moritz Schulte * ac-schemes.c: New file. * ac-data.c: New file. * Makefile.am (TESTS): Added ac-schemes and ac-data. 2004-09-15 Moritz Schulte * pkbench.c: Include . 2004-08-24 Moritz Schulte * pkbench.c (context_init): Improve generation of test data. 2004-08-23 Moritz Schulte * Makefile.am (TESTS): Added: pkbench. * pkbench.c: New file. 2004-02-25 Werner Koch * Makefile.am (TEST): Add benchmark. * benchmark.c (md_bench, cipher_bench): Allow NULL arg to to run tests for all algorithms. (main): Run all tests by default. 2004-02-03 Werner Koch * tsexp.c (basic): New pass to check secure memory switching. 2004-01-12 Moritz Schulte * ac.c (check_one): Adjust to new ac API. 2003-11-22 Werner Koch * pubkey.c (check_keys_crypt): Fixed my last patch. 2003-11-11 Werner Koch * tsexp.c (basic): Add pass structure and a test for the %b format. 2003-11-04 Werner Koch * Makefile.am (noinst_PROGRAMS): Use this so that test programs get always build. * keygen.c (check_nonce): New. (main): Add a basic check for the nocen function. 2003-10-31 Werner Koch * basic.c (check_aes128_cbc_cts_cipher): Make it a prototype * ac.c (check_run): Comment unused variable. 2003-10-10 Werner Koch * prime.c (check_primes): Generate a generator and avoid printing unless in verbose mode. 2003-10-07 Werner Koch * tsexp.c (check_sscan): New. 2003-09-04 Werner Koch * pubkey.c (check_keys_crypt): Fix for compatibility mode. 2003-09-02 Moritz Schulte * Makefile.am (TESTS): Added: prime. * prime.c: New file. 2003-08-27 Moritz Schulte * basic.c (check_ciphers): Added: Serpent. Write braces around flags. 2003-08-04 Moritz Schulte * benchmark.c (do_powm): Adjust for new gcry_mpi_scan interface. 2003-07-23 Moritz Schulte * ac.c (key_copy): New function... (check_one): ... use it. 2003-07-22 Moritz Schulte * basic.c (check_ciphers): Use gcry_cipher_map_name. 2003-07-18 Moritz Schulte * ac.c (check_run): Renamed to ... (check_one): ... this, changed calling interface. (check_run): New function. * register.c: Adjust gcry_cipher_spec_t structure. 2003-07-14 Moritz Schulte * register.c: Adjust cipher specification structure. * benchmark.c: New file. * testapi.c: New file. * Makefile.am (EXTRA_PROGRAMS): Set to: benchmark testapi. (check_PROGRAMS): Set to: $(TESTS). 2003-07-12 Moritz Schulte * ac.c, basic.c, keygen.c, register.c, sexp.c, tsexp.c: Used gcry_err* wrappers for libgpg symbols. * basic.c (check_ciphers): Added: GCRY_CIPHER_TWOFISH128. 2003-07-08 Moritz Schulte * Makefile.am (LIBS): Remove: -lpthread. * basic.c (check_one_cipher): Fix variable initialization. Thanks to Simon Joseffson . 2003-07-07 Moritz Schulte * Makefile.am (TESTS): Added: register. 2003-07-05 Moritz Schulte * register.c (check_run): Adjusted for new gcry_cipher_register API. 2003-07-02 Moritz Schulte * Makefile.am (TESTS): Added: ac. * ac.c: New file. 2003-06-18 Werner Koch * basic.c (check_cbc_mac_cipher): Adjusted for new API of get_blklen and get_keylen. (check_ctr_cipher): Ditto. (check_one_cipher): Ditto. (check_one_md): Adjusted for new API of gcry_md_copy. 2003-06-18 Moritz Schulte * register.c: Replace old type GcryModule with newer one: gcry_module_t. Adjusted for new API. * Makefile.am (AM_CFLAGS): Added: @GPG_ERROR_CFLAGS@. 2003-06-15 Moritz Schulte * basic.c (get_keys_new): New function. (do_check_one_pubkey): New function ... (check_one_pubkey): ... use it. (progress_handler): New function. (main): Use gcry_set_progress_handler. 2003-06-14 Moritz Schulte * basic.c: Replaced calls to gcry_strerror with calls to gpg_strerror. (check_one_md): Adjust for new gcry_md_copy API. * tsexp.c: Likewise. * keygen.c: Likewise. 2003-06-12 Moritz Schulte * basic.c: Changed here and there, reorganized pubkey checks, added DSA and ELG keys. 2003-06-09 Moritz Schulte * basic.c, keygen.c, pubkey.c, register.c, tsexp.c: Changed to use new API. 2003-06-01 Moritz Schulte * tsexp.c (canon_len): Adjust for new gcry_sexp_canon_len API. 2003-05-26 Moritz Schulte * basic.c (verify_one_signature): Adjust for libgpg-error. (check_pubkey_sign): Likewise. (check_pubkey): Likewise. * basic.c (check_pubkey_sign): Likewise. * tsexp.c (canon_len): Likewise. (back_and_forth_one): Likewise. 2003-04-27 Moritz Schulte * pubkey.c: Changed the sample private key to contain the identifier `openpgp-rsa' instead of `rsa'. * basic.c (check_digests): Enabled/fixed some tests for TIGER. 2003-04-17 Moritz Schulte * Makefile.am (TESTS): Removed `register' for now. 2003-04-17 Moritz Schulte * basic.c (check_digests): Include checks for SHA512 and SHA384. 2003-04-16 Moritz Schulte * basic.c (check_one_md): Also test md_copy. 2003-04-07 Moritz Schulte * Makefile.am (TESTS): Added register. * register.c: New file. 2003-03-30 Simon Josefsson * basic.c (check_one_cipher): New. Test CTR. (main): Call it. (check_ciphers): Check CTR mode. 2003-03-26 Moritz Schulte * Makefile.am (TESTS): Added pubkey. * pubkey.c: New file. 2003-03-22 Simon Josefsson * basic.c (check_cbc_mac_cipher): New. (main): Use it. 2003-03-19 Werner Koch * keygen.c (check_rsa_keys): Don't expect an exponent when asking for e=0. (check_generated_rsa_key): Just print exponent if EXPECTED_E is 0. 2003-03-02 Moritz Schulte * basic.c (check_one_cipher): Use gcry_cipher_reset() instead of gcry_cipher_close(), gcry_cipher_open and gcry_cipher_setkey(). 2003-01-23 Werner Koch * keygen.c: New. 2003-01-20 Simon Josefsson * basic.c (check_digests): Add CRC. (check_one_md): Print computed and expected values on error. 2003-01-20 Werner Koch * basic.c (check_one_md): Kludge to check a one million "a". (check_digests): Add checks for SHA-256. 2003-01-20 Werner Koch * basic.c (check_pubkey): Check the keygrip for the sample key. 2003-01-15 Werner Koch * basic.c (verify_one_signature,check_pubkey_sign) (check_pubkey): New. (main): Check public key functions. Add a --debug option. 2002-11-23 Werner Koch * basic.c (check_digests): Add another test for MD4. By Simon Josefsson. 2002-11-10 Simon Josefsson * basic.c (check_aes128_cbc_cts_cipher): New function. (check_one_cipher): Add flags parameter. (check_ciphers): Support flags parameter. (main): Check CTS. 2002-11-10 Werner Koch * basic.c (check_one_md): New. By Simon Josefsson. (check_digests): New tests for MD4. By Simon. 2002-08-26 Werner Koch * basic.c (check_ciphers): Check simple DES. 2002-05-16 Werner Koch * tsexp.c (back_and_forth): Very minimal test of the new functions. 2002-05-14 Werner Koch Changed license of all files to the LGPL. 2002-05-02 Werner Koch * basic.c: Add option --verbose. 2002-01-11 Werner Koch * tsexp.c (canon_len): Fixed tests. 2001-12-18 Werner Koch * tsexp.c: New. Copyright 2001, 2002, 2003 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without modifications, as long as this notice is preserved. This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. diff --git a/tests/Makefile.am b/tests/Makefile.am index 6539d885..b13e16b1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,40 +1,44 @@ # Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. # # This file is part of Libgcrypt. # # Libgcrypt is free software; you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as # published by the Free Software Foundation; either version 2.1 of # the License, or (at your option) any later version. # # Libgcrypt is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA ## Process this file with automake to produce Makefile.in TESTS = t-mpi-bit prime register ac ac-schemes ac-data basic \ - tsexp keygen pubkey benchmark hmac keygrip + tsexp keygen pubkey hmac keygrip # pkbench uses mmap for no good reason. Needs to be fixed. Code for -# this can be found in libksba/tests. +# this can be found in libksba/tests. +# random tests forking thus no a test for W32 does not make any sense. if !HAVE_W32_SYSTEM -TESTS += pkbench +TESTS += pkbench random endif +# The last test to run. +TESTS += benchmark + # Need to include ../src in addition to top_srcdir because gcrypt.h is # a built header. AM_CPPFLAGS = -I../src -I$(top_srcdir)/src AM_CFLAGS = $(GPG_ERROR_CFLAGS) LDADD = ../src/libgcrypt.la EXTRA_PROGRAMS = testapi noinst_PROGRAMS = $(TESTS) diff --git a/tests/ac-data.c b/tests/ac-data.c index fc4be8a5..792c3dc5 100644 --- a/tests/ac-data.c +++ b/tests/ac-data.c @@ -1,208 +1,211 @@ /* ac-data.c - Public key encryption/decryption tests * Copyright (C) 2005 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #define assert_err(err) \ do \ if (err) \ { \ fprintf (stderr, "Error occured at line %i: %s\n", \ __LINE__, gcry_strerror (err)); \ exit (1); \ } \ while (0) #include "../src/gcrypt.h" static int verbose; static void die (const char *format, ...) { va_list arg_ptr ; va_start( arg_ptr, format ) ; vfprintf (stderr, format, arg_ptr ); va_end(arg_ptr); exit (1); } static void check_sexp_conversion (gcry_ac_data_t data, const char **identifiers) { gcry_ac_data_t data2; gcry_error_t err; gcry_sexp_t sexp; unsigned int i; const char *label1, *label2; gcry_mpi_t mpi1, mpi2; size_t length1, length2; err = gcry_ac_data_to_sexp (data, &sexp, identifiers); assert_err (err); if (verbose) gcry_sexp_dump (sexp); err = gcry_ac_data_from_sexp (&data2, sexp, identifiers); assert_err (err); length1 = gcry_ac_data_length (data); length2 = gcry_ac_data_length (data2); assert (length1 == length2); for (i = 0; i < length1; i++) { err = gcry_ac_data_get_index (data, 0, i, &label1, &mpi1); assert_err (err); err = gcry_ac_data_get_index (data2, 0, i, &label2, &mpi2); assert_err (err); - fprintf (stderr, "Label1=`%s'\n", label1); - fprintf (stderr, "Label1=`%s'\n", label2); + if (verbose) + { + fprintf (stderr, "Label1=`%s'\n", label1); + fprintf (stderr, "Label2=`%s'\n", label2); + } assert (! strcmp (label1, label2)); assert (! gcry_mpi_cmp (mpi1, mpi2)); } gcry_ac_data_destroy (data2); gcry_sexp_release (sexp); } void check_run (void) { const char *identifiers[] = { "foo", "bar", "baz", "hello", "somemoretexthere", "blahblahblah", NULL }; const char *identifiers_null[] = { NULL }; gcry_ac_data_t data; gcry_error_t err; const char *label0; const char *label1; gcry_mpi_t mpi0; gcry_mpi_t mpi1; gcry_mpi_t mpi2; /* Initialize values. */ label0 = "thisisreallylonglabelbutsincethereisnolimitationonthelengthoflabelsitshouldworkjustfine"; mpi0 = gcry_mpi_new (0); assert (mpi0); gcry_mpi_set_ui (mpi0, 123456); err = gcry_ac_data_new (&data); assert_err (err); check_sexp_conversion (data, identifiers); check_sexp_conversion (data, identifiers_null); check_sexp_conversion (data, NULL); err = gcry_ac_data_set (data, 0, label0, mpi0); assert_err (err); err = gcry_ac_data_get_index (data, 0, 0, &label1, &mpi1); assert_err (err); assert (label0 == label1); assert (mpi0 == mpi1); check_sexp_conversion (data, identifiers); check_sexp_conversion (data, identifiers_null); check_sexp_conversion (data, NULL); if (verbose) printf ("data-set-test-0 succeeded\n"); gcry_ac_data_clear (data); err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY, label0, mpi0); assert_err (err); err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, "foo", mpi0); assert_err (err); err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, "foo", mpi0); assert_err (err); err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, "bar", mpi0); assert_err (err); err = gcry_ac_data_set (data, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, "blah1", mpi0); assert_err (err); check_sexp_conversion (data, identifiers); check_sexp_conversion (data, identifiers_null); check_sexp_conversion (data, NULL); err = gcry_ac_data_get_name (data, 0, label0, &mpi1); assert_err (err); assert (mpi0 != mpi1); err = gcry_ac_data_get_name (data, GCRY_AC_FLAG_COPY, label0, &mpi2); assert_err (err); assert (mpi0 != mpi1); assert (mpi1 != mpi2); err = gcry_ac_data_get_index (data, 0, 0, &label1, &mpi1); assert_err (err); gcry_free ((void *) label1); /* FIXME!! */ gcry_mpi_release (mpi1); if (verbose) printf ("data-set-test-1 succeeded\n"); gcry_ac_data_clear (data); assert (! gcry_ac_data_length (data)); check_sexp_conversion (data, identifiers); check_sexp_conversion (data, identifiers_null); check_sexp_conversion (data, NULL); if (verbose) printf ("data-set-test-2 succeeded\n"); gcry_ac_data_destroy (data); } int main (int argc, char **argv) { int debug = 0; int i = 1; if (argc > 1 && !strcmp (argv[1], "--verbose")) verbose = 1; else if (argc > 1 && !strcmp (argv[1], "--debug")) verbose = debug = 1; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); for (; i > 0; i--) check_run (); return 0; } diff --git a/tests/pubkey.c b/tests/pubkey.c index f71590d9..a2a1f32a 100644 --- a/tests/pubkey.c +++ b/tests/pubkey.c @@ -1,257 +1,307 @@ /* pubkey.c - Public key encryption/decryption tests * Copyright (C) 2001, 2002, 2003, 2005 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * Libgcrypt is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #include #include #include "../src/gcrypt.h" /* Sample RSA keys, taken from basic.c. */ static const char sample_private_key_1[] = "(private-key\n" " (openpgp-rsa\n" " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" " (e #010001#)\n" " (d #046129F2489D71579BE0A75FE029BD6CDB574EBF57EA8A5B0FDA942CAB943B11" "7D7BB95E5D28875E0F9FC5FCC06A72F6D502464DABDED78EF6B716177B83D5BD" "C543DC5D3FED932E59F5897E92E6F58A0F33424106A3B6FA2CBF877510E4AC21" "C3EE47851E97D12996222AC3566D4CCB0B83D164074ABF7DE655FC2446DA1781#)\n" " (p #00e861b700e17e8afe6837e7512e35b6ca11d0ae47d8b85161c67baf64377213" "fe52d772f2035b3ca830af41d8a4120e1c1c70d12cc22f00d28d31dd48a8d424f1#)\n" " (q #00f7a7ca5367c661f8e62df34f0d05c10c88e5492348dd7bddc942c9a8f369f9" "35a07785d2db805215ed786e4285df1658eed3ce84f469b81b50d358407b4ad361#)\n" " (u #304559a9ead56d2309d203811a641bb1a09626bc8eb36fffa23c968ec5bd891e" "ebbafc73ae666e01ba7c8990bae06cc2bbe10b75e69fcacb353a6473079d8e9b#)\n" " )\n" ")\n"; static const char sample_public_key_1[] = "(public-key\n" " (rsa\n" " (n #00e0ce96f90b6c9e02f3922beada93fe50a875eac6bcc18bb9a9cf2e84965caa" "2d1ff95a7f542465c6c0c19d276e4526ce048868a7a914fd343cc3a87dd74291" "ffc565506d5bbb25cbac6a0e2dd1f8bcaab0d4a29c2f37c950f363484bf269f7" "891440464baf79827e03a36e70b814938eebdc63e964247be75dc58b014b7ea251#)\n" " (e #010001#)\n" " )\n" ")\n"; -#define RANDOM_DATA_NBITS 800 static int verbose; static void die (const char *format, ...) { va_list arg_ptr ; va_start( arg_ptr, format ) ; vfprintf (stderr, format, arg_ptr ); va_end(arg_ptr); exit (1); } static void check_keys_crypt (gcry_sexp_t pkey, gcry_sexp_t skey, gcry_sexp_t plain0) { gcry_sexp_t plain1, cipher, l; gcry_mpi_t x0, x1; int rc; int have_flags; /* Extract data from plaintext. */ l = gcry_sexp_find_token (plain0, "value", 0); x0 = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG); /* Encrypt data. */ rc = gcry_pk_encrypt (&cipher, plain0, pkey); if (rc) die ("encryption failed: %s\n", gcry_strerror (rc)); l = gcry_sexp_find_token (cipher, "flags", 0); have_flags = !!l; gcry_sexp_release (l); /* Decrypt data. */ rc = gcry_pk_decrypt (&plain1, cipher, skey); gcry_sexp_release (cipher); if (rc) die ("decryption failed: %s\n", gcry_strerror (rc)); /* Extract decrypted data. Note that for compatibility reasons, the output of gcry_pk_decrypt depends on whether a flags lists (even if empty) occurs in its input data. Because we passed the output of encrypt directly to decrypt, such a flag value won't be there as of today. We check it anyway. */ l = gcry_sexp_find_token (plain1, "value", 0); if (l) { if (!have_flags) die ("compatibility mode of pk_decrypt broken\n"); gcry_sexp_release (plain1); x1 = gcry_sexp_nth_mpi (l, 1, GCRYMPI_FMT_USG); gcry_sexp_release (l); } else { if (have_flags) die ("compatibility mode of pk_decrypt broken\n"); x1 = gcry_sexp_nth_mpi (plain1, 0, GCRYMPI_FMT_USG); gcry_sexp_release (plain1); } /* Compare. */ if (gcry_mpi_cmp (x0, x1)) die ("data corrupted\n"); } static void -check_keys (gcry_sexp_t pkey, gcry_sexp_t skey) +check_keys (gcry_sexp_t pkey, gcry_sexp_t skey, unsigned int nbits_data) { gcry_sexp_t plain; gcry_mpi_t x; int rc; /* Create plain text. */ - x = gcry_mpi_new (RANDOM_DATA_NBITS); - gcry_mpi_randomize (x, RANDOM_DATA_NBITS, GCRY_WEAK_RANDOM); + x = gcry_mpi_new (nbits_data); + gcry_mpi_randomize (x, nbits_data, GCRY_WEAK_RANDOM); rc = gcry_sexp_build (&plain, NULL, "(data (flags raw) (value %m))", x); if (rc) die ("converting data for encryption failed: %s\n", gcry_strerror (rc)); check_keys_crypt (pkey, skey, plain); gcry_sexp_release (plain); gcry_mpi_release (x); /* Create plain text. */ - x = gcry_mpi_new (RANDOM_DATA_NBITS); - gcry_mpi_randomize (x, RANDOM_DATA_NBITS, GCRY_WEAK_RANDOM); + x = gcry_mpi_new (nbits_data); + gcry_mpi_randomize (x, nbits_data, GCRY_WEAK_RANDOM); - rc = gcry_sexp_build (&plain, NULL, "(data (flags raw no-blinding) (value %m))", x); + rc = gcry_sexp_build (&plain, NULL, + "(data (flags raw no-blinding) (value %m))", x); if (rc) die ("converting data for encryption failed: %s\n", gcry_strerror (rc)); check_keys_crypt (pkey, skey, plain); gcry_sexp_release (plain); } static void get_keys_sample (gcry_sexp_t *pkey, gcry_sexp_t *skey) { gcry_sexp_t pub_key, sec_key; int rc; rc = gcry_sexp_sscan (&pub_key, NULL, sample_public_key_1, strlen (sample_public_key_1)); if (! rc) rc = gcry_sexp_sscan (&sec_key, NULL, sample_private_key_1, strlen (sample_private_key_1)); if (rc) die ("converting sample keys failed: %s\n", gcry_strerror (rc)); *pkey = pub_key; *skey = sec_key; } static void get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) { gcry_sexp_t key_spec, key, pub_key, sec_key; int rc; rc = gcry_sexp_new (&key_spec, "(genkey (rsa (nbits 4:1024)))", 0, 1); if (rc) die ("error creating S-expression: %s\n", gcry_strerror (rc)); rc = gcry_pk_genkey (&key, key_spec); gcry_sexp_release (key_spec); if (rc) die ("error generating RSA key: %s\n", gcry_strerror (rc)); pub_key = gcry_sexp_find_token (key, "public-key", 0); if (! pub_key) die ("public part missing in key\n"); sec_key = gcry_sexp_find_token (key, "private-key", 0); if (! sec_key) die ("private part missing in key\n"); gcry_sexp_release (key); *pkey = pub_key; *skey = sec_key; } + +static void +get_elg_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int fixed_x) +{ + gcry_sexp_t key_spec, key, pub_key, sec_key; + int rc; + + rc = gcry_sexp_new + (&key_spec, + (fixed_x + ? "(genkey (elg (nbits 4:1024)(xvalue my.not-so-secret.key)))" + : "(genkey (elg (nbits 3:512)))"), + 0, 1); + + if (rc) + die ("error creating S-expression: %s\n", gcry_strerror (rc)); + rc = gcry_pk_genkey (&key, key_spec); + gcry_sexp_release (key_spec); + if (rc) + die ("error generating Elgamal key: %s\n", gcry_strerror (rc)); + + pub_key = gcry_sexp_find_token (key, "public-key", 0); + if (!pub_key) + die ("public part missing in key\n"); + + sec_key = gcry_sexp_find_token (key, "private-key", 0); + if (!sec_key) + die ("private part missing in key\n"); + + gcry_sexp_release (key); + *pkey = pub_key; + *skey = sec_key; +} + static void check_run (void) { gcry_sexp_t pkey, skey; - /* Check sample keys. */ + if (verbose) + fprintf (stderr, "Checking sample key.\n"); get_keys_sample (&pkey, &skey); - check_keys (pkey, skey); + check_keys (pkey, skey, 800); gcry_sexp_release (pkey); gcry_sexp_release (skey); - /* Check newly generated keys. */ + if (verbose) + fprintf (stderr, "Checking generated RSA key.\n"); get_keys_new (&pkey, &skey); - check_keys (pkey, skey); + check_keys (pkey, skey, 800); + gcry_sexp_release (pkey); + gcry_sexp_release (skey); + + if (verbose) + fprintf (stderr, "Checking generated Elgamal key.\n"); + get_elg_key_new (&pkey, &skey, 0); + check_keys (pkey, skey, 400 ); + gcry_sexp_release (pkey); + gcry_sexp_release (skey); + + if (verbose) + fprintf (stderr, "Checking passphrase generated Elgamal key.\n"); + get_elg_key_new (&pkey, &skey, 1); + check_keys (pkey, skey, 800); gcry_sexp_release (pkey); gcry_sexp_release (skey); } int main (int argc, char **argv) { int debug = 0; - int i = 10; + int i; if (argc > 1 && !strcmp (argv[1], "--verbose")) verbose = 1; else if (argc > 1 && !strcmp (argv[1], "--debug")) verbose = debug = 1; gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) die ("version mismatch\n"); gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); if (debug) gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0); /* No valuable keys are create, so we can speed up our RNG. */ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - for (; i > 0; i--) + for (i=0; i < 2; i++) check_run (); return 0; } diff --git a/tests/random.c b/tests/random.c new file mode 100644 index 00000000..502a3758 --- /dev/null +++ b/tests/random.c @@ -0,0 +1,255 @@ +/* random.c - part of the Libgcrypt test suite. + Copyright (C) 2005 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 + USA. */ + +#ifdef HAVE_CONFIG_H +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#include "../src/gcrypt.h" + +static int verbose; + +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + + +static void +print_hex (const char *text, const void *buf, size_t n) +{ + const unsigned char *p = buf; + + fputs (text, stdout); + for (; n; n--, p++) + printf ("%02X", *p); + putchar ('\n'); +} + + +static int +writen (int fd, const void *buf, size_t nbytes) +{ + size_t nleft = nbytes; + int nwritten; + + while (nleft > 0) + { + nwritten = write (fd, buf, nleft); + if (nwritten < 0) + { + if (errno == EINTR) + nwritten = 0; + else + return -1; + } + nleft -= nwritten; + buf = (const char*)buf + nwritten; + } + + return 0; +} + +static int +readn (int fd, void *buf, size_t buflen, size_t *ret_nread) +{ + size_t nleft = buflen; + int nread; + char *p; + + p = buf; + while ( nleft > 0 ) + { + nread = read ( fd, buf, nleft ); + if (nread < 0) + { + if (nread == EINTR) + nread = 0; + else + return -1; + } + else if (!nread) + break; /* EOF */ + nleft -= nread; + buf = (char*)buf + nread; + } + if (ret_nread) + *ret_nread = buflen - nleft; + return 0; +} + + + +/* Check that forking won't return the same random. */ +static void +check_forking (void) +{ + pid_t pid; + int rp[2]; + int i, status; + size_t nread; + char tmp1[16], tmp1c[16], tmp1p[16]; + + /* We better make sure that the RNG has been initialzied. */ + gcry_randomize (tmp1, sizeof tmp1, GCRY_STRONG_RANDOM); + if (verbose) + print_hex ("initial random: ", tmp1, sizeof tmp1); + + if (pipe (rp) == -1) + die ("pipe failed: %s\n", strerror (errno)); + + pid = fork (); + if (pid == (pid_t)(-1)) + die ("fork failed: %s\n", strerror (errno)); + if (!pid) + { + gcry_randomize (tmp1c, sizeof tmp1c, GCRY_STRONG_RANDOM); + if (writen (rp[1], tmp1c, sizeof tmp1c)) + die ("write failed: %s\n", strerror (errno)); + if (verbose) + { + print_hex (" child random: ", tmp1c, sizeof tmp1c); + fflush (stdout); + } + _exit (0); + } + gcry_randomize (tmp1p, sizeof tmp1p, GCRY_STRONG_RANDOM); + if (verbose) + print_hex (" parent random: ", tmp1p, sizeof tmp1p); + + close (rp[1]); + if (readn (rp[0], tmp1c, sizeof tmp1c, &nread)) + die ("read failed: %s\n", strerror (errno)); + if (nread != sizeof tmp1c) + die ("read too short\n"); + + while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR) + ; + if (i != (pid_t)(-1) + && WIFEXITED (status) && !WEXITSTATUS (status)) + ; + else + die ("child failed\n"); + + if (!memcmp (tmp1p, tmp1c, sizeof tmp1c)) + die ("parent and child got the same random number\n"); +} + + + +/* Check that forking won't return the same nonce. */ +static void +check_nonce_forking (void) +{ + pid_t pid; + int rp[2]; + int i, status; + size_t nread; + char nonce1[10], nonce1c[10], nonce1p[10]; + + /* We won't get the same nonce back if we never initialized the + nonce subsystem, thus we get one nonce here and forget about + it. */ + gcry_create_nonce (nonce1, sizeof nonce1); + if (verbose) + print_hex ("initial nonce: ", nonce1, sizeof nonce1); + + if (pipe (rp) == -1) + die ("pipe failed: %s\n", strerror (errno)); + + pid = fork (); + if (pid == (pid_t)(-1)) + die ("fork failed: %s\n", strerror (errno)); + if (!pid) + { + gcry_create_nonce (nonce1c, sizeof nonce1c); + if (writen (rp[1], nonce1c, sizeof nonce1c)) + die ("write failed: %s\n", strerror (errno)); + if (verbose) + { + print_hex (" child nonce: ", nonce1c, sizeof nonce1c); + fflush (stdout); + } + _exit (0); + } + gcry_create_nonce (nonce1p, sizeof nonce1p); + if (verbose) + print_hex (" parent nonce: ", nonce1p, sizeof nonce1p); + + close (rp[1]); + if (readn (rp[0], nonce1c, sizeof nonce1c, &nread)) + die ("read failed: %s\n", strerror (errno)); + if (nread != sizeof nonce1c) + die ("read too short\n"); + + while ( (i=waitpid (pid, &status, 0)) == -1 && errno == EINTR) + ; + if (i != (pid_t)(-1) + && WIFEXITED (status) && !WEXITSTATUS (status)) + ; + else + die ("child failed\n"); + + if (!memcmp (nonce1p, nonce1c, sizeof nonce1c)) + die ("parent and child got the same nonce\n"); +} + + + + + + +int +main (int argc, char **argv) +{ + int debug = 0; + + if ((argc > 1) && (! strcmp (argv[1], "--verbose"))) + verbose = 1; + else if ((argc > 1) && (! strcmp (argv[1], "--debug"))) + verbose = debug = 1; + + signal (SIGPIPE, SIG_IGN); + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch\n"); + + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + + check_forking (); + check_nonce_forking (); + + return 0; +}