Age | Commit message (Collapse) | Author | Files | Lines |
|
* cipher/dsa.c: Release memory for MPI and sexp structures.
* cipher/ecc.c: Release memory for sexp structure.
* tests/keygen.c: Likewise.
--
These leaks broke the mpitests, basic and keygen tests when running
under AddressSanitizer.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Minor formatting changes by -wk.
|
|
* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
* cipher/ecc.c: Add ECDSA self test.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
* tests/fipsdrv.c: Add support for ECDSA signatures.
--
Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.
Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Minor source code re-formatting by -wk.
|
|
* cipher/ecc.c (ecc_get_nbits): Update comment to reflect the fact
that a curve parameter can be given.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/ecc.c (ecc_decrypt_raw): Curve25519 is an exception.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* cipher/ecc.c (ecc_decrypt_raw): Go to leave to release memory.
* mpi/ec.c (_gcry_mpi_ec_curve_point): Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
* cipher/ecc.c (ecc_decrypt_raw): Validate the point.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(forward port from LIBGCRYPT-1-6-BRANCH
commit 28eb424e4427b320ec1c9c4ce56af25d495230bd)
|
|
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix calc of NBITS
and prefix detection.
* cipher/ecc.c (ecc_generate): Use NBITS instead of CTX->NBITS.
(ecc_encrypt_raw): Use NBITS from curve instead of from P.
Fix rawmpilen calculation.
(ecc_decrypt_raw): Likewise. Add debug output.
--
This fixes the commit dd3d06e7. NBITS is defined 256 in ecc-curves.c,
thus, ecc_get_nbits returns 256. But CTX->NBITS has 255 for Montgomery
curve.
|
|
* cipher/ecc.c (ecc_decrypt_raw): Improve error handling.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/ecc.c (ecc_encrypt_raw): Initialize 'flags' to 0.
--
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Decode point with
the prefix 0x40, additional 0x00 by MPI handling, and shorter octets
by MPI normalization.
* cipher/ecc.c (ecc_generate, ecc_encrypt_raw, ecc_decrypt_raw):
Always add the prefix 0x40.
--
Curve25519 native little-endian point representation is not friendly
to existing practice of OpenPGP code, where MPI is assumed. MPI
handling might insert 0x00 in the beginning to avoid sign confusion.
MPI handling also might remove 0x00s in the front. So, it is safe
to put the prefix 0x40.
While we support old point representation of no prefix in
ecc_mont_decodepoint, new libgcrypt always put the prefix.
|
|
* cipher/cipher-ocb.c: Fix typos.
* cipher/des.c: Likewise.
* cipher/dsa-common.c: Likewise.
* cipher/ecc.c: Likewise.
* cipher/pubkey.c: Likewise.
* cipher/rsa-common.c: Likewise.
* cipher/scrypt.c: Likewise.
* random/random-csprng.c: Likewise.
* random/random-fips.c: Likewise.
* random/rndw32.c: Likewise.
* src/cipher-proto.h: Likewise.
* src/context.c: Likewise.
* src/fips.c: Likewise.
* src/gcrypt.h.in: Likewise.
* src/global.c: Likewise.
* src/sexp.c: Likewise.
* tests/mpitests.c: Likewise.
* tests/t-lock.c: Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/ecc.c (check_secret_key): Y1 should not be NULL when check.
(ecc_check_secret_key): Support Montgomery curve.
* mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition.
|
|
* cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519.
* tests/curves.c (N_CURVES): It's 22 now.
* src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New.
* cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New.
* cipher/ecc.c (nist_generate_key): Handle the case of
PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
(test_ecdh_only_keys, check_secret_key): Likewise.
(ecc_generate): Support Curve25519 which is Montgomery curve with flag
PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP.
(ecc_encrypt_raw): Get flags from KEYPARMS and handle
PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
(ecc_decrypt_raw): Likewise.
(compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist):
PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK.
Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
--
With PUBKEY_FLAG_DJB_TWEAK, secret key has msb set and it should be
always multiple by cofactor.
|
|
* cipher/ecc.c (ecc_verify): Release memory which was allocated before
by _gcry_pk_util_preparse_sigval.
(ecc_decrypt_raw): Likewise.
--
Caught by LeakSanitizer (LSan). Now the test suite (make check) passes
with no memleaks.
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
The last commit (0a7547e487a8bc4e7ac9599c55579eb2e4a13f06) includes
wrong fixes for sexp_release.
ecc_decrypt_raw fix added by gniibe.
|
|
cipher/ecc.c (ecc_generate): Fix memory leak on error of
_gcry_pk_util_parse_flaglist and _gcry_ecc_eddsa_encodepoint.
(ecc_check_secret_key): Fix memory leak on error of
_gcry_ecc_update_curve_param.
(ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Remove
unnecessary sexp_release and fix memory leak on error of
_gcry_ecc_fill_in_curve.
(ecc_decrypt_raw): Fix double free of the point kG and memory leak
on error of _gcry_ecc_os2ec.
|
|
* src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
"no-keytest". Return an error for invalid flags of length 10.
* cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
set random level depending on flags.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
* cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
remove var random_level.
(nist_generate_key): Implement "no-keytest" flag.
* tests/keygen.c (check_ecc_keys): Add tests for transient-key and
no-keytest.
--
After key creation we usually run a test to check whether the keys
really work. However for transient keys this might be too time
consuming and given that a failed test would anyway abort the process
the optional use of a flag to skip the test is appropriate.
Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to
create such a key. This was measured by looping the last test from
check_ecc_keys() 1000 times with and without the flag.
Due to a bug in the flags parser unknown flags with a length of 10
characters were not detected. Thus the "no-keytest" flag can be
employed by all software even for libraries before this. That bug is
however solved with this version.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc.c (nist_generate_key): Add args r_x and r_y.
(ecc_generate): Rename vars. Convert to affine coordinates only if
not returned by the lower level generation function.
--
nist_generate_key already needs to convert to affine coordinates to
implement Jivsov's trick. Thus we can return them and avoid calling
it in ecc_generate again.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support
MPI_EC_MONTGOMERY.
* cipher/ecc.c (test_ecdh_only_keys): New.
(nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY.
(check_secret_key): Handle Montgomery curve of x-coordinate only.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop.
Simplify, using pointers of Q1, Q2, PRD, and SUM.
--
|
|
* src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'.
* cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'.
(_gcry_ecc_update_curve_param): New API adding cofactor.
* cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'.
(ecc_domain_parms_t domain_parms): Add cofactors.
(_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param)
(_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp)
(_gcry_ecc_get_mpi): Handle cofactor.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
* cipher/ecc-misc.c (_gcry_ecc_curve_free)
(_gcry_ecc_curve_copy): Likewise.
* cipher/ecc.c (nist_generate_key, ecc_generate)
(ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw)
(ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc):
Likewise.
(compute_keygrip): Handle cofactor, but skip it for its computation.
* mpi/ec.c (ec_deinit): Likewise.
* tests/t-mpi-point.c (context_param): Likewise.
(test_curve): Add cofactors.
* tests/curves.c (sample_key_1, sample_key_2): Add cofactors.
* tests/keygrip.c (key_grips): Add cofactors.
--
We keep compatibility of compute_keygrip in cipher/ecc.c.
|
|
* cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA.
* cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX.
(_gcry_ecc_eddsa_encodepoint): Ditto.
(_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix.
(_gcry_ecc_eddsa_decodepoint): Ditto.
* tests/keygrip.c: Check an compresssed with prefix Ed25519 key.
* tests/t-ed25519.inp: Ditto.
|
|
* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
values.
* cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
path.
* cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.
--
==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8
==11657== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11657== by 0x404178F: _gcry_private_malloc (stdmem.c:113)
==11657== by 0x403CED1: do_malloc.constprop.4 (global.c:768)
==11657== by 0x403DD01: _gcry_xmalloc (global.c:790)
==11657== by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84)
==11657== by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466)
==11657== by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796)
==11657== by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327)
==11657== by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378)
==11657== by 0x407B895: compute_keygrip (ecc.c:1492)
==11657== by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674)
==11657== by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056)
==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7
==16502== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==16502== by 0x404B4DE: _gcry_private_malloc (stdmem.c:113)
==16502== by 0x404667B: do_malloc (global.c:768)
==16502== by 0x40466E7: _gcry_malloc (global.c:790)
==16502== by 0x4046A55: _gcry_xmalloc (global.c:944)
==16502== by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84)
==16502== by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548)
==16502== by 0x40A72B2: scanval (ecc-curves.c:432)
==16502== by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685)
==16502== by 0x4058164: _gcry_pk_get_curve (pubkey.c:747)
==16502== by 0x4043E14: gcry_pk_get_curve (visibility.c:1067)
==16502== by 0x8048934: check_matching (curves.c:124)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
* src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage
all users.
* cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
comment.
* mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
(add_points_twistededwards): Rename to add_points_edwards.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/visibility.h: Remove remaining define/undef hacks for symbol
visibility. Add macros to detect the use of the public functions.
Change all affected functions by replacing them by the x-macros.
* src/g10lib.h: Add internal prototypes.
(xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure)
(xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure)
(xcalloc_secure, xrealloc, xstrdup, xfree): New macros.
--
The use of xmalloc/xtrymalloc/xfree is a more common pattern than the
gcry_free etc. functions. Those functions behave like those defined
by C and thus for better readability we use these macros and not
the underscore prefixed functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher-proto.h (gcry_pk_spec): Remove get_param.
* cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Merge in code from
_gcry_ecc_get_param.
(_gcry_ecc_get_param): Remove.
* cipher/ecc.c (_gcry_pubkey_spec_ecc): Remove _gcry_ecc_get_param.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/visibility.h: Remove almost all define/undef hacks for symbol
visibility. Add macros to detect the use of the public functions.
Change all affected functions by prefixing them explicitly with an
underscore and change all internal callers to call the underscore
prefixed versions. Provide convenience macros from sexp and mpi
functions.
* src/visibility.c: Change all functions to use only gpg_err_code_t
and translate to gpg_error_t only in visibility.c.
--
The use of the macro magic made if hard to follow the function calls
in the source. It was not easy to see if an internal or external
function (as defined by visibility.c) was called. The change is quite
large but hopefully makes Libgcrypt easier to maintain. Some
function have not yet been fixed; this will be done soon.
Because Libgcrypt does no make use of any other libgpg-error using
libraries it is useless to always translate between gpg_error_t and
gpg_err_code_t (i.e with and w/o error source identifier). This
translation has no mostly be moved to the function wrappers in
visibility.c. An additional advantage of using gpg_err_code_t is that
comparison can be done without using gpg_err_code().
I am sorry for that large patch, but a series of patches would
actually be more work to audit.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Add optional args G
and d. Change all callers.
* cipher/ecc.c (gen_y_2): Remove.
(check_secret_key): Use generic public key compute function. Adjust
for use with Ed25519 and EdDSA.
(nist_generate_key): Do not use the compliant key thingy for Ed25519.
(ecc_check_secret_key): Make parameter parsing similar to the other
functions.
* cipher/ecc-curves.c (domain_parms): Zero prefix some parameters so
that _gcry_ecc_update_curve_param works correctly.
* tests/keygen.c (check_ecc_keys): Add "param" flag. Check all
Ed25519 keys.
|
|
* cipher/ecc.c (nist_generate_key): Use custom code for ED25519.
--
I wish there would a an RFC for Curve25519 - the description in the
paper is easy to misunderstand for a non-mathematician. Source code
and a paper are nice but a proper description (like those in the HAC)
would be better. Problem spotted by Florian Dold.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-curves.c (_gcry_mpi_ec_new): Free ec->b before assigning.
* cipher/ecc.c (nist_generate_key): Release Q.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
--
_gcry_mpi_ec_new: Fixing memory leak detected with valgrind; if 'b' is
non-NULL, the code in ec_p_init (ec.c:379) already makes a copy of
'b', so before we clobber ctx->b here, we need to at least release the
old value (however, it would of course be nicer to not first make a
copy of b in the first place, but this is the most localized change to
get rid of the memory leak).
nist_generate_key: Fixing rather obvious local leak; Q is first
initialized, then used, copied into the result but never released.
|
|
* cipher/ecc.c (compute_keygrip): Rework.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_ensure_compact): New.
* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): New.
* tests/keygrip.c (key_grips): Add flag param and test cases for
Ed25519.
--
The keygrip for Ed25519+EdDSA has not yet been used - thus it is
possible to change it. Using the compact representation saves us the
recovering of x from the standard representation. Compacting is
basically free.
|
|
* cipher/ecc.c (ecc_generate): Support the "nocomp" flag.
* tests/keygen.c (check_ecc_keys): Add a test for it.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h (PUBKEY_FLAG_NOCOMP): New.
(PUBKEY_FLAG_NOPARAM): Remove.
(PUBKEY_FLAG_PARAM): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new
flags and ignore the obsolete "noparam" flag.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name
also for curves selected by NBITS.
(_gcry_mpi_ec_new): Support the "param" flag.
* cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto.
* tests/keygen.c (check_ecc_keys): Remove the "noparam" flag.
--
This is an API change but there are not many ECC users yet and adding
the "param" flag for those who really need the parameters (e.g. if
private keys have been stored without the curve name, it can easily be
added.
Note that no version of Libgcrypt with support for "noparam" has been
released but for the sake of projects already working with the master
version we don't bail out on "noparam".
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h (PUBKEY_FLAG_ECDSA): Remove.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa".
* cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag.
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag.
* tests/benchmark.c, tests/keygen.c, tests/pubkey.c
* tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags.
--
This changes make using ECDSA signatures the default for all curves.
If another signing algorithm is to be used, the corresponding flag
needs to be given. In particular the flags "eddsa" is now always
required with curve Ed25519 to comply with the specs. This change
makes the code better readable by not assuming a certain signature
algorithm depending on the curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/ec-context.h (mpi_ec_ctx_s): Add field FLAGS.
* mpi/ec.c (ec_p_init): Add arg FLAGS. Change all callers to pass it.
* cipher/ecc-curves.c (point_from_keyparam): Add arg EC, parse as
opaque mpi and use eddsa decoding depending on the flag.
(_gcry_mpi_ec_new): Rearrange to parse Q and D after knowing the
curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case.
(ecc_verify): Implement ED25519/ECDSA uncompression.
--
With this change Ed25519 may be used with ECDSA while using the
Ed25519 standard compression technique.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags
and change code for possible faster parsing.
* cipher/ecc.c (ecc_generate): Implement the "noparam" flag.
(ecc_sign): Ditto.
(ecc_verify): Ditto.
* tests/keygen.c (check_ecc_keys): Use the "noparam" flag.
* cipher/ecc.c (ecc_generate): Fix parsing of the deprecated
transient-flag parameter.
(ecc_verify): Do not make Q optional in the extract-param call.
--
Note that the "comp" flag has not yet any effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-ecdsa.c, cipher/ecc-eddsa.c, cipher/ecc-gost.c: New.
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add new files.
* configure.ac (GCRYPT_PUBKEY_CIPHERS): Add new files.
* cipher/ecc.c (point_init, point_free): Move to ecc-common.h.
(sign_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_sign.
(verify_ecdsa): Move to ecc-ecdsa.c as _gcry_ecc_ecdsa_verify.
(sign_gost): Move to ecc-gots.c as _gcry_ecc_gost_sign.
(verify_gost): Move to ecc-gost.c as _gcry_ecc_gost_verify.
(sign_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_sign.
(verify_eddsa): Move to ecc-eddsa.c as _gcry_ecc_eddsa_verify.
(eddsa_generate_key): Move to ecc-eddsa.c as _gcry_ecc_eddsa_genkey.
(reverse_buffer): Move to ecc-eddsa.c.
(eddsa_encodempi, eddsa_encode_x_y): Ditto.
(_gcry_ecc_eddsa_encodepoint, _gcry_ecc_eddsa_decodepoint): Ditto.
--
This change should make it easier to add new ECC algorithms.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc.c: Add case for Edwards curves.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc.c (ecc_generate): Use the correct var. Release
CURVE_FLAGS.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h: define PUBKEY_FLAG_GOST
* cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves
defined in standards. Typical applications would use either those
curves, or curves defined in RFC 4357 (will be added later).
* cipher/ecc.c (sign_gost, verify_gost): New.
(ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST
is set.
(ecc_names): add "gost" for gost signatures.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
_gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag
is present in s-exp.
* tests/benchmark.c (ecc_bench): also benchmark GOST signatures.
* tests/basic.c (check_pubkey): add two public keys from
GOST R 34.10-2012 standard.
(check_pubkey_sign_ecdsa): add two data sets to check gost signatures.
* tests/curves.c: correct N_CURVES as we now have 2 more curves.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Removed some comments from the new curve definitions in ecc-curves.c
to avoid line wrapping. Eventually we will develop a precompiler to
avoid parsing those hex strings. -wk
|
|
* src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New.
(gcry_sexp_extract_param): New.
* src/visibility.c (gcry_sexp_extract_param): New.
* src/visibility.h (gcry_sexp_extract_param): Add hack to detect
internal use.
* cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split
into ...
* src/sexp.c (_gcry_sexp_vextract_param)
(_gcry_sexp_extract_param): this. Change all callers. Add support for buffer
descriptors and a path option/
* tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New.
(cmp_mpihex, cmp_bufhex): New.
(check_extract_param): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h (PUBKEY_FLAG_ECDSA): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa".
* cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output.
(ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA.
* tests/keygen.c (check_ecc_keys): Create such a test key.
* tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New.
Take from dsa-6979.c
(check_ed25519ecdsa_sample_key): new.
(main): Call new test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
(PUBKEY_FLAG_USE_X931): New.
(PUBKEY_FLAG_USE_FIPS186): New.
(PUBKEY_FLAG_USE_FIPS186_2): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from
parse_flags_list. Parse new flags.
* cipher/dsa.c (dsa_generate): Support flag list.
* cipher/ecc.c (ecc_generate): Ditto.
* cipher/rsa.c (rsa_generate): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (release_mpi_array): Remove.
(pubkey_check_secret_key): Remove.
(sexp_elements_extract): Remove.
(sexp_elements_extract_ecc): Remove.
(sexp_to_key): Remove.
(get_hash_algo): Remove.
(gcry_pk_testkey): Revamp.
(gcry_pk_get_curve): Revamp.
* cipher/rsa.c (rsa_check_secret_key): Revamp.
* cipher/elgamal.c (elg_check_secret_key): Revamp.
* cipher/dsa.c (dsa_check_secret_key): Revamp.
* cipher/ecc.c (ecc_check_secret_key): Revamp.
* cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h
(_gcry_ecc_get_curve): Revamp.
* cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and
used parameters on error to NULL.
--
That is the final part of the changes modulo introduced regressions.
pubkey.c is now actually maintainable code.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_decrypt): Revamp.
* cipher/elgamal.c (elg_decrypt): Revamp.
* cipher/ecc.c (ecc_decrypt_raw): Revamp.
* cipher/pubkey.c (gcry_pk_decrypt): Simplify.
(sexp_to_enc): Remove.
* cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New.
--
Note that we do not have a regression test for ecc_decrypt_raw. Even
GnuPG does not use it. we also better check whether the interface is
really usable; for example GnuPG implements way to much low-level ECC
code. Maybe we should move the OpenPGP ECC encryption code into
Libgcrypt.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_encrypt): Revamp.
* cipher/elgamal.c (elg_encrypt): Revamp.
* cipher/ecc.c (ecc_encrypt_raw): Revamp.
* cipher/pubkey.c (gcry_pk_encrypt): Simplify.
* tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so
that they are initialized even after an encrypt failure.
--
Note that we do not have a regression test for ecc_encrypt_raw. Thus
it is possible that a bug has been introduced. Should be tested using
GnuPG master.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_sign): Revamp.
* cipher/dsa.c (dsa_sign): Revamp.
* cipher/elgamal.c (elg_sign): Revamp.
* cipher/ecc.c (ecc_sign): Revamp.
* cipher/pubkey.c (gcry_pk_sign): Simplify.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_verify): Revamp.
* cipher/dsa.c (dsa_verify): Revamp.
* cipher/elgamal.c (elg_verify): Revamp.
* cipher/ecc.c (ecc_verify): Revamp.
* cipher/pubkey.c (sexp_to_sig): Remove.
(pss_verify_cmp): Move to pubkey-util.c
(sexp_data_to_mpi): Ditto.
(init_encoding_ctx): Ditto.
(gcry_pk_verify): Simplify.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take
from pubkey.c
(get_hash_algo): Ditto.
(_gcry_pk_util_data_to_mpi): Ditto.
(pss_verify_cmp): Ditto.
(_gcry_pk_util_extract_mpis): New.
(_gcry_pk_util_preparse_sigval): New.
(_gcry_pk_util_free_encoding_ctx): New.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init
optional.
* src/g10lib.h (GCC_ATTR_SENTINEL): New.
* tests/basic.c (check_pubkey_sign): Print the algo name.
(main): Add option --pubkey.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (spec_from_sexp): New.
(gcry_pk_get_nbits): Simplify.
* cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp
parsing here.
* cipher/dsa.c (dsa_get_nbits): Ditto.
* cipher/elgamal.c (elg_get_nbits): Ditto.
* cipher/ecc.c (ecc_get_nbits): Ditto.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg
CURVE.
--
gcry_pk_get_nbits should now also be faster for ECC because there is
no more need to copy all the parms if a curve name has been given.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey-util.c: New.
(_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey.
(_gcry_pk_util_get_rsa_use_e): Ditto.
* cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass.
* cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE.
Call new fucntions to get these values.
* cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE.
Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms.
* cipher/elgamal.c (elg_generate): Ditto.
* cipher/ecc.c (ecc_generate): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-misc.c (reverse_buffer): New.
(_gcry_ecc_compute_public): Add ED255519 specific code.
* cipher/ecc.c (sign_eddsa): Allocate DIGEST in secure memory. Get
rid of HASH_D.
* tests/t-mpi-point.c (context_param): Test recomputing of Q for
Ed25519.
Signed-off-by: Werner Koch <wk@gnupg.org>
|