Age | Commit message (Collapse) | Author | Files | Lines |
|
* tests/t-kdf.c (check_scrypt): New.
(main): Call new test.
* configure.ac: Support disabling of the scrypt algorithm. Make KDF
enabling similar to the other algorithm classes. Disable scrypt if we
don't have a 64 bit type.
* cipher/memxor.c, cipher/memxor.h: Remove.
* cipher/scrypt.h: Remove.
* cipher/kdf-internal.h: New.
* cipher/Makefile.am: Remove files. Add new file. Move scrypt.c to
EXTRA_libcipher_la_SOURCES.
(GCRYPT_MODULES): Add GCRYPT_KDFS.
* src/gcrypt.h.in (GCRY_KDF_SCRYPT): Change value.
* cipher/kdf.c (pkdf2): Rename to _gcry_kdf_pkdf2.
(_gcry_kdf_pkdf2): Don't bail out for SALTLEN==0.
(gcry_kdf_derive): Allow for a passwordlen of zero for scrypt. Check
for SALTLEN > 0 for GCRY_KDF_PBKDF2. Pass algo to _gcry_kdf_scrypt.
(gcry_kdf_derive) [!USE_SCRYPT]: Return an error.
* cipher/scrypt.c: Replace memxor.h by bufhelp.h. Replace scrypt.h by
kdf-internal.h. Enable code only if HAVE_U64_TYPEDEF is defined.
Replace C99 types uint64_t, uint32_t, and uint8_t by libgcrypt types.
(_SALSA20_INPUT_LENGTH): Remove underscore from identifier.
(_scryptBlockMix): Replace memxor by buf_xor.
(_gcry_kdf_scrypt): Use gcry_malloc and gcry_free. Check for integer
overflow. Add hack to support blocksize of 1 for tests. Return
errors from calls to _gcry_kdf_pkdf2.
* cipher/kdf.c (openpgp_s2k): Make static.
--
This patch prepares the addition of more KDF functions, brings the
code into Libgcrypt shape, adds a test case and makes the code more
robust. For example, scrypt would have fail silently if Libgcrypt was
not build with SHA256 support. Also fixed symbol naming for systems
without a visibility support.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* scrypt.c, scrypt.h: New files.
* memxor.c, memxor.h: New files.
* cipher/Makefile.am: Add new files.
* cipher/kdf.c (gcry_kdf_derive): Support GCRY_KDF_SCRYPT.
* src/gcrypt.h.in (GCRY_KDF_SCRYPT): New.
--
Signed-off-by: Christian Grothoff <christian@grothoff.org>
I added the ChangeLog entry and the missing signed-off line.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* src/ec-context.h (mpi_ec_ctx_s): Add field NEED_SYNC.
* mpi/ec.c (ec_p_sync): New.
(ec_p_init): Only set NEED_SYNC.
(_gcry_mpi_ec_set_mpi): Set NEED_SYNC for 'p' and 'a'.
(_gcry_mpi_ec_dup_point, _gcry_mpi_ec_add_points)
(_gcry_mpi_ec_mul_point): Call ec_p_sync.
(_gcry_mpi_ec_get_point): Recompute 'q' is needed.
(_gcry_mpi_ec_get_mpi): Ditto. Also allow for names 'q', 'q.x',
'q.y', and 'g'.
* cipher/ecc.c (_gcry_mpi_ec_ec2os): New.
* cipher/ecc.c (_gcry_mpi_ec_new): Fix init from parameters 'Q'->'q',
'G'->'q'.
--
Note that the parameter names are all lowercase. This patch fixes an
inconsistency.
The other bug was that changing the parameters D or A may have
resulted in wrong computations because helper variables were not
updated. Now we delay the computation of those helper variables until
we need them.
|
|
* src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove.
(gcry_mpi_ec_new): New.
(gcry_mpi_ec_get_mpi): New.
(gcry_mpi_ec_get_point): New.
(gcry_mpi_ec_set_mpi): New.
(gcry_mpi_ec_set_point): New.
* src/visibility.c (gcry_mpi_ec_p_new): Remove.
* mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and
change to return an error code.
(_gcry_mpi_ec_get_mpi): New.
(_gcry_mpi_ec_get_point): New.
(_gcry_mpi_ec_set_mpi): New.
(_gcry_mpi_ec_set_point): New.
* src/mpi.h: Add new prototypes.
* src/ec-context.h: New.
* mpi/ec.c: Include that header.
(mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some
fields into an inner struct.
(point_copy): New.
* cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS.
(mpi_from_keyparam, point_from_keyparam): New.
(_gcry_mpi_ec_new): New.
* tests/t-mpi-point.c (test-curve): New.
(ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new.
(get_and_cmp_mpi, get_and_cmp_point): New.
(context_param): New test.
(basic_ec_math_simplified): New test.
(main): Call new tests.
* src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX.
--
gcry_mpi_ec_p_new() was a specialized version of the more general new
gcry_mpi_ec_new(). It was added to master only a few days ago, thus
there should be no problem to remove it. A replacement can easily be
written (cf. t-mpi-point.c).
Note that gcry_mpi_ec_set_mpi and gcry_mpi_ec_set_point have not yet
been tested.
|
|
* src/gcrypt.h.in (GCRYMPI_FLAG_CONST): New.
* src/mpi.h (mpi_is_const, mpi_const): New.
(enum gcry_mpi_constants, MPI_NUMBER_OF_CONSTANTS): New.
* mpi/mpiutil.c (_gcry_mpi_init): New.
(constants): New.
(_gcry_mpi_free): Do not release a constant flagged MPI.
(gcry_mpi_copy): Clear the const and immutable flags.
(gcry_mpi_set_flag, gcry_mpi_clear_flag, gcry_mpi_get_flag): Support
GCRYMPI_FLAG_CONST.
(_gcry_mpi_const): New.
* src/global.c (global_init): Call _gcry_mpi_init.
* mpi/ec.c (mpi_ec_ctx_s): Remove fields one, two, three, four, and
eight. Change all users to call mpi_const() instead.
* src/mpiutils.c (gcry_mpi_set_opaque): Check the immutable flag.
--
Allocating the trivial constants newly for every EC context is a waste
of memory and cpu cycles. We instead provide a simple mechanism to
internally support such constants. Using a new flag in THE API also
allows to mark an arbitrary MPI as constant. The drawback of the
constants is the their memory will never be deallocated. However,
that is what constants are about.
|
|
* src/gcrypt.h.in (GCRYMPI_FLAG_IMMUTABLE): New.
* src/mpi.h (mpi_is_immutable): New macro.
* mpi/mpiutil.c (gcry_mpi_set_flag, gcry_mpi_clear_flag)
(gcry_mpi_get_flag): Implement new flag
(_gcry_mpi_immutable_failed): New.
* mpi/mpiutil.c (_gcry_mpi_clear, _gcry_mpi_free, gcry_mpi_snatch)
(gcry_mpi_set, gcry_mpi_randomize): Act upon the immutable flag.
* mpi/mpi-bit.c (gcry_mpi_set_bit, gcry_mpi_set_highbit)
(gcry_mpi_clear_highbit, gcry_mpi_clear_bit)
(_gcry_mpi_rshift_limbs, gcry_mpi_lshift): Ditto.
* mpi/mpicoder.c (_gcry_mpi_set_buffer): Ditto.
--
Note that this flag is currently only checked by a few MPI functions.
The reason why we eventually need such a flag is to help implementing
a generic way to retrieve and set ECC parameters without accidentally
changing a curve parameter taken from a list of predefined curves.
|
|
--
|
|
* src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point.
(mpi_point_struct): New typedef.
(mpi_point_t): Change typedef to a pointer. Replace all occurrences
to use mpi_point_struct.
* mpi/ec.c (_gcry_mpi_ec_point_init): Rename to ..
(_gcry_mpi_point_init): this. Change all callers.
(_gcry_mpi_ec_point_free): Rename to ..
(_gcry_mpi_point_free_parts): this. Change all callers.
* mpi/mpiutil.c (gcry_mpi_snatch): New function.
* src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and
macro.
* src/visibility.c (gcry_mpi_snatch): Add wrapper.
* src/visibility.h (gcry_mpi_snatch): Add macro magic.
* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
--
This patch is a prerequisite to implement a public point API. The new
function gcry_mpi_snatch is actually not needed for this but is useful
anyway and will be used to implement the point API.
|
|
* random/random-system.c: New.
* random/Makefile.am (librandom_la_SOURCES): Add new module.
* random/random.c (struct rng_types): New.
(_gcry_set_preferred_rng_type, _gcry_get_rng_type): New.
(_gcry_random_initialize, gcry_random_add_bytes, do_randomize)
(_gcry_set_random_seed_file, _gcry_update_random_seed_file)
(_gcry_fast_random_poll): Dispatch to the actual RNG.
* src/gcrypt.h.in (GCRYCTL_SET_PREFERRED_RNG_TYPE): New.
GCRYCTL_GET_CURRENT_RNG_TYPE): New.
(gcry_rng_types): New.
* src/global.c (print_config): Print the TNG type.
(global_init, _gcry_vcontrol): Implement the new control codes.
* doc/gcrypt.texi (Controlling the library): Document the new control
codes.
* tests/benchmark.c (main): Add options to test the RNG types.
* tests/random.c (main): Add new options.
(print_hex): Print to stderr.
(progress_cb, rng_type): New.
(check_rng_type_switching, check_early_rng_type_switching): New.
(run_all_rng_tests): New.
--
The purpose of this change is to allow applications with moderate
random requirements to use the system's RNG (e.g. /dev/urandom). The
type switching logic makes sure that existing applications won't be
affected by this change. A library is in almost all cases not able to
degrade the quality of the RNG. The definition of "degrade" comes
from our own assertion of the quality/trustworthiness of the RNGs:
The most trustworthy RNG is the CSPRNG which dates back to the early
GnuPG days. It is quite conservative and often requires more seeding
than might be justified. GCRY_RNG_TYPE_STANDARD is the default unless
the process is in FIPS mode.
The second trustworthy RNG is the FIPS recommended X9.81 AES based
implementation. It is seeded by the system's RNG. GCRY_RNG_TYPE_FIPS
is the only available RNG if running in FIPS mode.
The third trustworthy RNG is a mere wrapper around the system's native
RNG. Thus there is no extra step on top of what, for example,
/dev/random provides. GCRY_RNG_TYPE_SYSTEM may be used by
applications which would use /dev/random or /dev/urandom instead.
|
|
--
|
|
* doc/DCO: New.
* doc/HACKING: Document new rules.
|
|
* doc/gcrypt.texi: Add documentation of the new command.
* src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
only when fips mode is enabled.
(_gcry_set_enforced_fips_mode): New function.
* src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
* src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG.
* src/global.c (_gcry_vcontrol): Handle the new command.
|
|
* scripts/gitlog-to-changelog: New script. Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.
Rename all ChangeLog files to ChangeLog-2011.
|
|
|
|
The module registration interface is not widely used but complicates
the internal operation of Libgcrypt a lot. It also does not allow for
efficient implementation of new algorithm or cipher modes. Further the
required locking of all access to internal module data or functions
would make it hard to come up with a deadlock free pthread_atfork
implementation. Thus we remove the entire subsystem.
Note that the module system is still used internally but it is now
possible to change it without breaking the ABI.
In case a feature to add more algorithms demanded in the future, we
may add one by dlopening modules at startup time from a dedicated
directory.
|
|
This interface has long been deprecated. It was also initially only
declared as an experimental interface. It added its own kind of
complexity and we found that it does not make applications easier to
read. Modern features of Libgcrypt were not supported and its removal
reduces the SLOC which is a Good Thing from a security POV.
|
|
We also include the man page in the manual.
|
|
|
|
Contrary to the documentation those functions aborted if an invalid
algorithm was passed. The same happened for the corresponding
subcommands of gcry_cipher_algo_info.
|
|
|
|
|
|
|
|
|
|
Support PKCS#1 un-padding for encryption (not for signature). This patch
also removes "unpad" flag (introduced by OAEP patch) since we can now
do un-padding implicitly when `pkcs1' or `oaep' is given.
|
|
This allows us to factor the S2k code from gpg and gpg-agent out to
libgcrypt. Created a bunch of test vectors using a hacked gpg 1.4.
The function also implements PBKDF2; tested against the RFC-6070 test
vectors.
|
|
The AC functions are deprecated for a long time. How we will even
print a warning if they are used.
The module register interface is now also deprecated and the use of
those functions will yield a warning as well.
|
|
This option is useful to disable detected hardware features. It has
been implemented in benchmark, so that it is now possible to run
tests/benchmark --disable-hwf intel-aesni cipher aes aes192 aes256
to compare the use of AES-NI insns to the pure C code.
|
|
Check and install the standard git pre-commit hook.
|
|
|
|
This merge went smoothly and didn't need any code written (as opposed to parallel gnupg integration). The checked in code was tested through gnupg with 'gnupg --gen-key (select ECC)'.
This change corresponds to earlier check in gnupg project. This branch, ECC-INTEGRATION-1-5, corresponds to ECC-INTEGRATION-2-1 in gnupg project.
|
|
Fix a bug in a test.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Other small changes.
|
|
Doc updates.
Allows the use of the strings AES-128, AES-192, AES-256 to specify AES
algorithms.
|
|
Type fix.
Made sure that gcry_free preserves ERRNO.
|
|
|
|
|
|
|
|
|
|
|