Age | Commit message (Collapse) | Author | Files | Lines |
|
* cipher/cipher.c (_gcry_cipher_init),
* cipher/mac.c (_gcry_mac_init),
* cipher/md.c (_gcry_md_init),
* cipher/pubkey.c (_gcry_pk_init): In the FIPS mode, disable all the
non-allowed ciphers.
* cipher/md5.c: Mark MD5 as not allowed in FIPS.
* src/g10lib.h (_gcry_mac_init): New.
* src/global.c (global_init): Call the new _gcry_mac_init.
* tests/basic.c (check_ciphers): Fix a typo.
--
When running in the FIPS mode, disable all the ciphers that don't have
the fips flag set.
Skip the non-allowed algos during testing in the FIPS mode.
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
|
|
* cipher/cipher-ocb.c: Fix typos.
* cipher/des.c: Likewise.
* cipher/dsa-common.c: Likewise.
* cipher/ecc.c: Likewise.
* cipher/pubkey.c: Likewise.
* cipher/rsa-common.c: Likewise.
* cipher/scrypt.c: Likewise.
* random/random-csprng.c: Likewise.
* random/random-fips.c: Likewise.
* random/rndw32.c: Likewise.
* src/cipher-proto.h: Likewise.
* src/context.c: Likewise.
* src/fips.c: Likewise.
* src/gcrypt.h.in: Likewise.
* src/global.c: Likewise.
* src/sexp.c: Likewise.
* tests/mpitests.c: Likewise.
* tests/t-lock.c: Likewise.
Signed-off-by: Justus Winter <justus@g10code.com>
|
|
* cipher/pubkey.c (map_algo): Mape RSA_E and RSA_S.
|
|
* configure.ac (NEED_GPG_ERROR_VERSION): Require 1.13.
(gl_LOCK): Remove.
* src/ath.c, src/ath.h: Remove. Remove from all files. Replace all
mutexes by gpgrt based statically initialized locks.
* src/global.c (global_init): Remove ath_init.
(_gcry_vcontrol): Make ath install a dummy function.
(print_config): Remove threads info line.
* doc/gcrypt.texi: Simplify the multi-thread related documentation.
--
The current code does only work on ELF systems with weak symbol
support. In particular no locks were used under Windows. With the
new gpgrt_lock functions from the soon to be released libgpg-error
1.13 we have a better portable scheme which also allows for static
initialized mutexes.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/visibility.h: Remove remaining define/undef hacks for symbol
visibility. Add macros to detect the use of the public functions.
Change all affected functions by replacing them by the x-macros.
* src/g10lib.h: Add internal prototypes.
(xtrymalloc, xtrycalloc, xtrymalloc_secure, xtrycalloc_secure)
(xtryrealloc, xtrystrdup, xmalloc, xcalloc, xmalloc_secure)
(xcalloc_secure, xrealloc, xstrdup, xfree): New macros.
--
The use of xmalloc/xtrymalloc/xfree is a more common pattern than the
gcry_free etc. functions. Those functions behave like those defined
by C and thus for better readability we use these macros and not
the underscore prefixed functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/visibility.h: Remove almost all define/undef hacks for symbol
visibility. Add macros to detect the use of the public functions.
Change all affected functions by prefixing them explicitly with an
underscore and change all internal callers to call the underscore
prefixed versions. Provide convenience macros from sexp and mpi
functions.
* src/visibility.c: Change all functions to use only gpg_err_code_t
and translate to gpg_error_t only in visibility.c.
--
The use of the macro magic made if hard to follow the function calls
in the source. It was not easy to see if an internal or external
function (as defined by visibility.c) was called. The change is quite
large but hopefully makes Libgcrypt easier to maintain. Some
function have not yet been fixed; this will be done soon.
Because Libgcrypt does no make use of any other libgpg-error using
libraries it is useless to always translate between gpg_error_t and
gpg_err_code_t (i.e with and w/o error source identifier). This
translation has no mostly be moved to the function wrappers in
visibility.c. An additional advantage of using gpg_err_code_t is that
comparison can be done without using gpg_err_code().
I am sorry for that large patch, but a series of patches would
actually be more work to audit.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (release_mpi_array): Remove.
(pubkey_check_secret_key): Remove.
(sexp_elements_extract): Remove.
(sexp_elements_extract_ecc): Remove.
(sexp_to_key): Remove.
(get_hash_algo): Remove.
(gcry_pk_testkey): Revamp.
(gcry_pk_get_curve): Revamp.
* cipher/rsa.c (rsa_check_secret_key): Revamp.
* cipher/elgamal.c (elg_check_secret_key): Revamp.
* cipher/dsa.c (dsa_check_secret_key): Revamp.
* cipher/ecc.c (ecc_check_secret_key): Revamp.
* cipher/ecc-curves.c: Include cipher.h and pubkey-internal.h
(_gcry_ecc_get_curve): Revamp.
* cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Set passed and
used parameters on error to NULL.
--
That is the final part of the changes modulo introduced regressions.
pubkey.c is now actually maintainable code.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_decrypt): Revamp.
* cipher/elgamal.c (elg_decrypt): Revamp.
* cipher/ecc.c (ecc_decrypt_raw): Revamp.
* cipher/pubkey.c (gcry_pk_decrypt): Simplify.
(sexp_to_enc): Remove.
* cipher/pubkey-util.c (_gcry_pk_util_preparse_encval): New.
--
Note that we do not have a regression test for ecc_decrypt_raw. Even
GnuPG does not use it. we also better check whether the interface is
really usable; for example GnuPG implements way to much low-level ECC
code. Maybe we should move the OpenPGP ECC encryption code into
Libgcrypt.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_encrypt): Revamp.
* cipher/elgamal.c (elg_encrypt): Revamp.
* cipher/ecc.c (ecc_encrypt_raw): Revamp.
* cipher/pubkey.c (gcry_pk_encrypt): Simplify.
* tests/basic.c (check_pubkey_crypt): Init plain, ciph, and data so
that they are initialized even after an encrypt failure.
--
Note that we do not have a regression test for ecc_encrypt_raw. Thus
it is possible that a bug has been introduced. Should be tested using
GnuPG master.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_sign): Revamp.
* cipher/dsa.c (dsa_sign): Revamp.
* cipher/elgamal.c (elg_sign): Revamp.
* cipher/ecc.c (ecc_sign): Revamp.
* cipher/pubkey.c (gcry_pk_sign): Simplify.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (rsa_verify): Revamp.
* cipher/dsa.c (dsa_verify): Revamp.
* cipher/elgamal.c (elg_verify): Revamp.
* cipher/ecc.c (ecc_verify): Revamp.
* cipher/pubkey.c (sexp_to_sig): Remove.
(pss_verify_cmp): Move to pubkey-util.c
(sexp_data_to_mpi): Ditto.
(init_encoding_ctx): Ditto.
(gcry_pk_verify): Simplify.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Add. Take
from pubkey.c
(get_hash_algo): Ditto.
(_gcry_pk_util_data_to_mpi): Ditto.
(pss_verify_cmp): Ditto.
(_gcry_pk_util_extract_mpis): New.
(_gcry_pk_util_preparse_sigval): New.
(_gcry_pk_util_free_encoding_ctx): New.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make curve init
optional.
* src/g10lib.h (GCC_ATTR_SENTINEL): New.
* tests/basic.c (check_pubkey_sign): Print the algo name.
(main): Add option --pubkey.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (spec_from_sexp): New.
(gcry_pk_get_nbits): Simplify.
* cipher/rsa.c (rsa_get_nbits): Take only PARMS as args and do sexp
parsing here.
* cipher/dsa.c (dsa_get_nbits): Ditto.
* cipher/elgamal.c (elg_get_nbits): Ditto.
* cipher/ecc.c (ecc_get_nbits): Ditto.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Allow NULL for arg
CURVE.
--
gcry_pk_get_nbits should now also be faster for ECC because there is
no more need to copy all the parms if a curve name has been given.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey-util.c: New.
(_gcry_pk_util_get_nbits): New. Based on code from gcry_pk_genkey.
(_gcry_pk_util_get_rsa_use_e): Ditto.
* cipher/pubkey.c (gcry_pk_genkey): Strip most code and pass.
* cipher/rsa.c (rsa_generate): Remove args ALGO, NBITS and EVALUE.
Call new fucntions to get these values.
* cipher/dsa.c (dsa_generate): Remove args ALGO, NBITS and EVALUE.
Call _gcry_pk_util_get_nbits to get nbits. Always parse genparms.
* cipher/elgamal.c (elg_generate): Ditto.
* cipher/ecc.c (ecc_generate): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/elgamal.c (_gcry_pubkey_spec_elg_e): Remove.
* cipher/pubkey.c (pubkey_list): Remove double included
_gcry_pubkey_spec_elg.
(map_algo): MAke ELG_E to ELG.
--
It does not make sense to have different algorithm identifiers for
Elgamal encryption and the obsolete Elgamal signing. Thus mark one of
them as deprecated and remove the useless extra spec info in
elgamal.c. Frankly it is questionable why at all we need the
algorithm identifiers; they are a remain from the time when Libgcrypt
was part of GnuPG. With the s-expression based API the IDs they don't
make much sense.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt-module.h (gcry_cipher_spec_t): Move to ...
* src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with
cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in
all cipher modules.
* cipher/cipher.c: Change most code to replace the former module
system by a simpler system to gain information about the algorithms.
(disable_pubkey_algo): Simplified. Not anymore thread-safe, though.
* cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real
problem because both define the same function as their first field.
* cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRY_PK_ECC): New.
* cipher/pubkey.c (map_algo): New.
(spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it.
* cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC.
(run_selftests): Simplify.
(ecdh_names, ecdsa_names): Merge into a new ecc_names.
(_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new
_gcry_pubkey_spec_ecc.
--
The algo ids are actually a relict from Libgcrypt's former life as
GnuPG's crypto code. They don't make much sense anymore and are often
not needed.
This patch requires some changes to the GnuPG 2.1 code (which has
still not been released). For example the secret key transfer between
gpg and gpg-agent (gpg --export and gpg --import). Fortunately this
will also require to add usage flags to the secret key storage of
gpg-agent which is is something we should have done a long time ago.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it
into FLAGS.
(gcry_pk_decrypt): Move result s-exp building into the modules.
* src/cipher-proto.h (gcry_pk_decrypt_t): Add some args.
* cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp.
* cipher/elgamal.c (elg_decrypt): Ditto.
* cipher/rsa.c (rsa_decrypt): Ditto.
(rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several
extra MPI allocations.
--
The extra args added to gcry_pk_decrypt_t are a temporary solution
unti we move the input s-exp parsing also into the modules.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove
|
|
* cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey
(gcry_pk_genkey): Move result s-exp creation into the modules.
* cipher/dsa.c (dsa_generate): Create result as s-exp.
* cipher/elgamal.c (elg_generate): Ditto.
* cipher/rsa.c (rsa_generate): Ditto.
* cipher/ecc.c (ecc_generate): Ditto.
* src/cipher-proto.h (pk_ext_generate_t): Remove type
(gcry_pk_spec): and remove from struct.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa-common: New.
* cipher/pubkey.c (pkcs1_encode_for_encryption): Move to rsa-common.c
and rename to _gcry_rsa_pkcs1_encode_for_enc.
(pkcs1_decode_for_encryption): Move to rsa-common.c and rename to
_gcry_rsa_pkcs1_decode_for_enc.
(pkcs1_encode_for_signature): Move to rsa-common.c and rename to
_gcry_rsa_pkcs1_encode_for_sig.
(oaep_encode): Move to rsa-common.c and rename to
_gcry_rsa_oaep_encode.
(oaep_decode): Move to rsa-common.c and rename to
_gcry_rsa_oaep_decode.
(pss_encode): Move to rsa-common.c and rename to _gcry_rsa_pss_encode.
(pss_verify): Move to rsa-common.c and rename to _gcry_rsa_pss_decode.
(octet_string_from_mpi, mgf1): Move to rsa-common.c.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt.
(pubkey_decrypt): Fold into gcry_pk_decrypt.
(pubkey_sign): Fold into gcry_pk_sign.
(pubkey_verify): Fold into gcry_pk_verify.
(octet_string_from_mpi): Make it a wrapper and factor code out to ...
* mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function.
* src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New.
* cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings.
(gcry_pk_encrypt): Simply by moving the s-expr generation to the modules.
(gcry_pk_sign): Ditto.
* cipher/dsa.c (dsa_sign): Create s-expr.
* cipher/elgamal.c (elg_encrypt, elg_sign): Ditto.
* cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto.
* cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto.
(ecdsa_names): Add "eddsa".
* tests/t-ed25519.c (one_test): Expect "eddsa" token.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS.
* cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields.
* cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto.
(_gcry_pubkey_spec_ecdh): Ditto.
* cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto.
* cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto
(_gcry_pubkey_spec_elg_e): New.
* cipher/pubkey.c: Change most code to replace the former module
system by a simpler system to gain information about the algorithms.
(disable_pubkey_algo): SImplified. Not anymore thread-safe, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the
corresponding function typedefs to ...
* src/cipher-proto.h: here.
(pk_extra_spec_t): Remove typedef and merge fields into
gcry_pk_spec_t.
* cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto.
* cipher/pubkey.c: Change accordingly.
* src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove.
(_gcry_pubkey_extraspec_dsa): Remove.
(_gcry_pubkey_extraspec_elg): Remove.
(_gcry_pubkey_extraspec_ecdsa): Remove.
--
Now that we don't have loadable modules anymore, we don't need to keep
the internal API between the modules and thus can simplify the code.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/mpi.h (enum ecc_dialects): New.
* src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT.
* cipher/ecc-common.h (elliptic_curve_t): Ditto.
* cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
(domain_parms): Add dialect values.
(_gcry_ecc_fill_in_curve): Set dialect.
(_gcry_ecc_get_curve): Ditto.
(_gcry_mpi_ec_new): Ditto.
(_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now.
* cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect.
(_gcry_ecc_dialect2str): New.
* mpi/ec.c (ec_p_init): Add arg DIALECT.
(_gcry_mpi_ec_p_internal_new): Ditto.
(_gcry_mpi_ec_p_new): Ditto.
* mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag.
(_gcry_mpi_set_opaque_copy): New.
* cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI.
* cipher/ecc.c (eddsa_generate_key): New.
(generate_key): Rename to nist_generate_key and factor some code out
to ...
(ecc_generate_ext): here. Divert to eddsa_generate_key if desired.
(eddsa_decodepoint): Take care of an opaque MPI.
(ecc_check_secret_key): Ditto.
(ecc_sign): Ditto.
* cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret
key as opaque MPIs.
(gcry_pk_genkey): Add the curve_name also to the private key part of
the result.
* tests/benchmark.c (ecc_bench): Support Ed25519.
(main): Add option --debug.
* tests/curves.c (sample_key_2): Make sure that P and N are positive.
* tests/keygen.c (show): New.
(check_ecc_keys): Support Ed25519.
--
There are two main purposes of this patch: Add a key generation
feature for Ed25519 and add the "dialect" thingy which will eventually
be used to add curve specific optimization.
Note that the entire way of how we interface between the public key
modules and pubkey.c is overly complex and probably also the cause for
a lot of performance overhead. Given that we don't have the loadable
module system anymore, we should entirely get rid of the MPI-array
based internal interface and move parts of the s-expression handling
direct into the pubkey modules. This needs to be fixed or we are
turning Libgcrypt into another software incarnation of Heathrow
Airport.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-curves.c (domain_parms): Add curve "Ed25519".
* cipher/ecc.c (reverse_buffer): New.
(eddsa_encodempi): New.
(eddsa_encodepoint): New.
(eddsa_decodepoint): New.
(sign_eddsa): Implement.
(verify_eddsa): Implement.
(ecc_sign): Init unused Q. Pass public key to sign_eddsa.
(ecc_verify): Init pk.Q if not used. Pass public key verbatim to
verify_eddsa.
* cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all
callers to pass 0.
(sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract.
(sexp_data_to_mpi): Allow for a zero length "value".
(gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as
required.
* mpi/ec.c (ec_invm): Print a warning if the inverse does not exist.
(_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve
model.
(dup_point_twistededwards): Implement.
(add_points_twistededwards): Implement.
(_gcry_mpi_ec_mul_point): Support Twisted Edwards.
* mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE.
(_gcry_mpi_get_buffer): Ditto. Change all callers.
(_gcry_mpi_get_secure_buffer): Ditto.
* src/sexp.c (_gcry_sexp_nth_opaque_mpi): New.
* tests/t-ed25519.c: New.
* tests/t-ed25519.inp: New.
* tests/t-mpi-point.c (basic_ec_math_simplified): Print some output
only in debug mode.
(twistededwards_math): New test.
(main): Call new test.
--
This is a non optimized version which takes far too long. On my X220
Thinkpad the 1024 test cases take 14 seconds (12 with --sign-with-pk).
There should be a lot of room for improvements.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* mpi/mpicoder.c (gcry_mpi_dump): Remove.
(_gcry_log_mpidump): Remove.
* src/misc.c (_gcry_log_printhex): Factor all code out to ...
(do_printhex): new. Add line wrapping a and compact printing.
(_gcry_log_printmpi): New.
* src/mpi.h (log_mpidump): Remove macro.
* src/g10lib.h (log_mpidump): Add compatibility macro.
(log_printmpi): New macro
* src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi.
* cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump
by log_printmpi.
(gcry_prime_group_generator): Ditto.
* cipher/pubkey.c: Remove extra colons from log_mpidump call.
* cipher/rsa.c (stronger_key_check): Use log_printmpi.
--
The values to debug get longer and longer and the different debug
functions made it hard to check them out. Now MPIs and hex buffers are
printed very similar. Lines may now wrap with an backslash as
indicator. MPIs are distinguished from plain buffers in the output by
always using a sign.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers.
(_gcry_mpi_ec_p_internal_new): Ditto.
(_gcry_mpi_ec_p_new): Ditto.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return
GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model.
* cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto.
* cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking.
--
(fixes commit c26be7a337d0bf98193bc58e043209e46d0769bb)
|
|
* src/cipher.h (PUBKEY_FLAG_EDDSA): New.
* cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by
CTX. Pass flags and hash algo to the verify function. Change all
verify functions to accept these args.
(sexp_data_to_mpi): Implement new flag "eddsa".
(gcry_pk_verify): Pass CTX instead of the compare function to
pubkey_verify.
* cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers.
(verify): Rename to verify_ecdsa. Change all callers.
(sign_eddsa, verify_eddsa): New stub functions.
(ecc_sign): Divert to sign_ecdsa or sign_eddsa.
(ecc_verify): Divert to verify_ecdsa or verify_eddsa.
|
|
* cipher/pubkey.c (gcry_pk_sign): Handle the specific case of ECC,
where there is NULL whichi is not the sentinel.
--
This is a kind of makeshift fix, but the MPI array API is internal
only and will be removed, it is better not to change API now.
|
|
* cipher/elgamal.c (elg_generate_ext): Free XVALUE.
* cipher/pubkey.c (sexp_elements_extract): Don't use IDX for loop.
Call mpi_free.
(sexp_elements_extract_ecc): Call mpi_free.
|
|
* cipher/pubkey.c (sexp_to_key): Fallback to private key.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (pubkey_sign): Add arg ctx and pass it to the sign
module.
(gcry_pk_sign): Pass CTX to pubkey_sign.
(sexp_data_to_mpi): Add flag rfc6979 and code to alls hash with *DSA
* cipher/rsa.c (rsa_sign, rsa_verify): Return an error if an opaque
MPI is given for DATA/HASH.
* cipher/elgamal.c (elg_sign, elg_verify): Ditto.
* cipher/dsa.c (dsa_sign, dsa_verify): Convert a given opaque MPI.
* cipher/ecc.c (ecc_sign, ecc_verify): Ditto.
* tests/basic.c (check_pubkey_sign_ecdsa): Add a test for using a hash
element with DSA.
--
This patch allows the use of
(data (flags raw)
(hash sha256 #80112233445566778899AABBCCDDEEFF
000102030405060708090A0B0C0D0E0F#))
in addition to the old but more efficient
(data (flags raw)
(value #80112233445566778899AABBCCDDEEFF
000102030405060708090A0B0C0D0E0F#))
for DSA and ECDSA. With the hash element the flag "raw" must be
explicitly given because existing regression test code expects that
conflict error is return if no flags but a hash element is given.
Note that the hash algorithm name is currently not checked. It may
eventually be used to cross-check the length of the provided hash
value. It is suggested that the correct hash name is given - even if
a truncated hash value is used.
Finally this patch adds a way to pass the hash algorithm and flag
values to the signing module. "rfc6979" as been implemented as a new
but not yet used flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo.
* cipher/rsa.c (rsa_sign): Add parms and mark them as unused.
* cipher/dsa.c (dsa_sign): Ditto.
* cipher/elgamal.c (elg_sign): Ditto.
* cipher/pubkey.c (dummy_sign): Ditto.
(pubkey_sign): Pass 0 for the new args.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (sexp_to_key): Add optional arg USE.
(gcry_pk_encrypt, gcry_pk_decrypt): Call sexp_to_key with usage sign.
(gcry_pk_sign, gcry_pk_verify): Call sexp_to_key with usage encrypt.
* tests/basic.c (show_sexp): New.
(check_pubkey_sign): Print test number and add cases for ecc.
(check_pubkey_sign_ecdsa): New.
(do_check_one_pubkey): Divert to new function.
--
The problem we try to address is that in the mdoule specs both, ECDSA
and ECDH have the same alias name "ecc". This patch allows to use for
example gcry_pk_verify with a key that has only "ecc" in it.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New.
(GCRY_PK_GET_SECKEY): New.
(gcry_pubkey_get_sexp): New.
* src/visibility.c (gcry_pubkey_get_sexp): New.
* src/visibility.h (gcry_pubkey_get_sexp): Mark visible.
* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
* cipher/pubkey-internal.h: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add new file.
* cipher/ecc.c: Include pubkey-internal.h
(_gcry_pk_ecc_get_sexp): New.
* cipher/pubkey.c: Include pubkey-internal.h and context.h.
(_gcry_pubkey_get_sexp): New.
* src/context.c (_gcry_ctx_find_pointer): New.
* src/cipher-proto.h: Add _gcry_pubkey_get_sexp.
* tests/t-mpi-point.c (print_sexp): New.
(context_param, basic_ec_math_simplified): Add tests for the new
function.
* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
(AH_BOTTOM) Add error codes from gpg-error 1.12
* src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL.
* mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q.
(_gcry_mpi_ec_get_point): Ditto.
--
While checking the new code I figured that the auto-computation of Q
must have led to a segv. It seems we had no test case for that.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (_gcry_pk_module_lookup, _gcry_pk_module_release)
(_gcry_pk_get_elements): Remove.
--
This code was only used by the removed ac interface.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc.c (ecc_sign): Remove the need for Q.
* cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a
private key.
(sexp_to_key): Add optional arg R_IS_ECC.
(gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys.
* tests/pubkey.c (die): Make sure to print a LF.
(check_ecc_sample_key): New.
(main): Call new test.
--
Q is the actual public key which is not used for signing. Thus we
can make it optional and even speed up the signing by parsing less
stuff.
Note: There seems to be a memory leak somewhere. Running tests/pubkey
with just the new test enabled shows it.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
This is only a first step. We will need to either implement
pthread_atfork or - better - make use use POSIX RT semaphores.
|
|
The module registration interface is not widely used but complicates
the internal operation of Libgcrypt a lot. It also does not allow for
efficient implementation of new algorithm or cipher modes. Further the
required locking of all access to internal module data or functions
would make it hard to come up with a deadlock free pthread_atfork
implementation. Thus we remove the entire subsystem.
Note that the module system is still used internally but it is now
possible to change it without breaking the ABI.
In case a feature to add more algorithms demanded in the future, we
may add one by dlopening modules at startup time from a dedicated
directory.
|
|
With these changes the entire new pkcs#1 test suite passes fine.
The leading zero bytes used to appear due to mixed signed/unsigned use
of our internal representation of the values as MPIs. The changed code
also detected another bug in the DSA selftest which used the pkcs1
flag - this was certainly wrong but didn't throw an error. The code
in GnuPG does the right thing thus I believe not too many applications
got it as wrong as we in our own selftest.
|
|
|
|
|
|
|
|
This is to remove duplicated code. I had to move
octet_string_from_mpi more to the top of the file.
|
|
testing.
|
|
The old code did the entire hashing of the message. The reason we
want the hashed message as input is that a a message might be pretty
long and that the other padding schemes don't allow this either.
|
|
Solved conflicts:
cipher/ChangeLog
cipher/pubkey.c
tests/ChangeLog
tests/basic.c
|
|
|
|
|
|
This also takes the suggestion by Tom Ritter in account to avoid time
attacks. Ueno's fixes posted to the ML are thus not needed.
|