| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* src/gcrypt.h.in (GCRY_PK_ECC): New.
* cipher/pubkey.c (map_algo): New.
(spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it.
* cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC.
(run_selftests): Simplify.
(ecdh_names, ecdsa_names): Merge into a new ecc_names.
(_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new
_gcry_pubkey_spec_ecc.
--
The algo ids are actually a relict from Libgcrypt's former life as
GnuPG's crypto code. They don't make much sense anymore and are often
not needed.
This patch requires some changes to the GnuPG 2.1 code (which has
still not been released). For example the secret key transfer between
gpg and gpg-agent (gpg --export and gpg --import). Fortunately this
will also require to add usage flags to the secret key storage of
gpg-agent which is is something we should have done a long time ago.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/bithelp.h (rol, ror): Remove i386 version, change
macros to inline functions.
* src/hmac256.c (ror): Ditto.
--
(Current) compilers can optimize '(x << c) | (x >> (32-c))' to rotation
instruction. So remove i386 specific assembly for manually doing this.
Furthermore, compiler can generate faster code in case where 'c' is
constant and can use rotate with immediate value rather than rotate
with %cl register.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/sexp.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_build)
(gcry_sexp_build_array, gcry_sexp_canon_len): Change error return type
from gpg_error_t to gpg_err_code_t. Remove all calls to gpg_error.
* src/visibility.c (gcry_sexp_new, gcry_sexp_create, gcry_sexp_sscan)
(gcry_sexp_build, gcry_sexp_build_array, gcry_sexp_canon_len): Map
error codes via gpg_error.
* cipher/dsa.c, cipher/ecc.c, cipher/elgamal.c, cipher/rsa.c: Remove
use gpg_err_code wrappers.
--
We should do such a change for all other use of internal functions.
It just does not make sense to use gpg_error in the internal interface
because the error source is always Libgcrypt.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it
into FLAGS.
(gcry_pk_decrypt): Move result s-exp building into the modules.
* src/cipher-proto.h (gcry_pk_decrypt_t): Add some args.
* cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp.
* cipher/elgamal.c (elg_decrypt): Ditto.
* cipher/rsa.c (rsa_decrypt): Ditto.
(rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several
extra MPI allocations.
--
The extra args added to gcry_pk_decrypt_t are a temporary solution
unti we move the input s-exp parsing also into the modules.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove
|
|
* cipher/pubkey.c (pubkey_generate): Fold into gcry_pk_genkey
(gcry_pk_genkey): Move result s-exp creation into the modules.
* cipher/dsa.c (dsa_generate): Create result as s-exp.
* cipher/elgamal.c (elg_generate): Ditto.
* cipher/rsa.c (rsa_generate): Ditto.
* cipher/ecc.c (ecc_generate): Ditto.
* src/cipher-proto.h (pk_ext_generate_t): Remove type
(gcry_pk_spec): and remove from struct.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/sexp.c (suitable_encoding): Detect a negative number.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt.
(pubkey_decrypt): Fold into gcry_pk_decrypt.
(pubkey_sign): Fold into gcry_pk_sign.
(pubkey_verify): Fold into gcry_pk_verify.
(octet_string_from_mpi): Make it a wrapper and factor code out to ...
* mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function.
* src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New.
* cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings.
(gcry_pk_encrypt): Simply by moving the s-expr generation to the modules.
(gcry_pk_sign): Ditto.
* cipher/dsa.c (dsa_sign): Create s-expr.
* cipher/elgamal.c (elg_encrypt, elg_sign): Ditto.
* cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto.
* cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto.
(ecdsa_names): Add "eddsa".
* tests/t-ed25519.c (one_test): Expect "eddsa" token.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS.
* cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields.
* cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto.
(_gcry_pubkey_spec_ecdh): Ditto.
* cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto.
* cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto
(_gcry_pubkey_spec_elg_e): New.
* cipher/pubkey.c: Change most code to replace the former module
system by a simpler system to gain information about the algorithms.
(disable_pubkey_algo): SImplified. Not anymore thread-safe, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the
corresponding function typedefs to ...
* src/cipher-proto.h: here.
(pk_extra_spec_t): Remove typedef and merge fields into
gcry_pk_spec_t.
* cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto.
* cipher/pubkey.c: Change accordingly.
* src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove.
(_gcry_pubkey_extraspec_dsa): Remove.
(_gcry_pubkey_extraspec_elg): Remove.
(_gcry_pubkey_extraspec_ecdsa): Remove.
--
Now that we don't have loadable modules anymore, we don't need to keep
the internal API between the modules and thus can simplify the code.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
Dots and dashes in the names are probably not a good idea. I also
renamed the identifiers to names which are easier to remember.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256)
(GCRY_MD_GOSTR3411_12_512): New.
* cipher/stribog.c: New.
* configure.ac (available_digests_64): Add stribog.
* src/cipher.h: Declare Stribog declarations.
* cipher/md.c: Register Stribog digest.
* tests/basic.c (check_digests) Add 4 testcases for Stribog from
standard.
* doc/gcrypt.texi: Document new constants.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
* src/gcrypt.h.in (GCRY_MD_GOSTR3411_94): New.
* cipher/gostr3411-94.c: New.
* configure.ac (available_digests): Add gostr3411-94.
* src/cipher.h: Add gostr3411-94 definitions.
* cipher/md.c: Register GOST R 34.11-94.
* tests/basic.c (check_digests): Add 4 tests for GOST R 34.11-94
hash algo. Two are defined in the standard itself, two other are
more or less common tests - an empty string an exclamation mark.
* doc/gcrypt.texi: Add an entry describing GOST R 34.11-94 to the MD
algorithms table.
--
Add simple implementation of GOST R 34.11-94 hash function. Currently
there is no way to specify hash parameters (it always uses GOST R 34.11-94
test parameters).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Stack burn value in gost3411_init added by wk.
|
|
* src/gcrypt.h.in (GCRY_CIPHER_GOST28147): New.
* cipher/gost.h, cipher/gost28147.c: New.
* configure.ac (available_ciphers): Add gost28147.
* src/cipher.h: Add gost28147 definitions.
* cipher/cipher.c: Register gost28147.
* tests/basic.c (check_ciphers): Enable simple test for gost28147.
* doc/gcrypt.texi: document GCRY_CIPHER_GOST28147.
--
Add a very basic implementation of GOST 28147-89 cipher: from modes
defined in standard only ECB and CFB are supported, sbox is limited
to the "test variant" as provided in GOST 34.11-94.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
* src/mpi.h (enum ecc_dialects): New.
* src/ec-context.h (mpi_ec_ctx_s): Add field DIALECT.
* cipher/ecc-common.h (elliptic_curve_t): Ditto.
* cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
(domain_parms): Add dialect values.
(_gcry_ecc_fill_in_curve): Set dialect.
(_gcry_ecc_get_curve): Ditto.
(_gcry_mpi_ec_new): Ditto.
(_gcry_ecc_get_param): Use ECC_DIALECT_STANDARD for now.
* cipher/ecc-misc.c (_gcry_ecc_curve_copy): Copy dialect.
(_gcry_ecc_dialect2str): New.
* mpi/ec.c (ec_p_init): Add arg DIALECT.
(_gcry_mpi_ec_p_internal_new): Ditto.
(_gcry_mpi_ec_p_new): Ditto.
* mpi/mpiutil.c (gcry_mpi_set_opaque): Set the secure flag.
(_gcry_mpi_set_opaque_copy): New.
* cipher/ecc-misc.c (_gcry_ecc_os2ec): Take care of an opaque MPI.
* cipher/ecc.c (eddsa_generate_key): New.
(generate_key): Rename to nist_generate_key and factor some code out
to ...
(ecc_generate_ext): here. Divert to eddsa_generate_key if desired.
(eddsa_decodepoint): Take care of an opaque MPI.
(ecc_check_secret_key): Ditto.
(ecc_sign): Ditto.
* cipher/pubkey.c (sexp_elements_extract_ecc): Store public and secret
key as opaque MPIs.
(gcry_pk_genkey): Add the curve_name also to the private key part of
the result.
* tests/benchmark.c (ecc_bench): Support Ed25519.
(main): Add option --debug.
* tests/curves.c (sample_key_2): Make sure that P and N are positive.
* tests/keygen.c (show): New.
(check_ecc_keys): Support Ed25519.
--
There are two main purposes of this patch: Add a key generation
feature for Ed25519 and add the "dialect" thingy which will eventually
be used to add curve specific optimization.
Note that the entire way of how we interface between the public key
modules and pubkey.c is overly complex and probably also the cause for
a lot of performance overhead. Given that we don't have the loadable
module system anymore, we should entirely get rid of the MPI-array
based internal interface and move parts of the s-expression handling
direct into the pubkey modules. This needs to be fixed or we are
turning Libgcrypt into another software incarnation of Heathrow
Airport.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc-curves.c (domain_parms): Add curve "Ed25519".
* cipher/ecc.c (reverse_buffer): New.
(eddsa_encodempi): New.
(eddsa_encodepoint): New.
(eddsa_decodepoint): New.
(sign_eddsa): Implement.
(verify_eddsa): Implement.
(ecc_sign): Init unused Q. Pass public key to sign_eddsa.
(ecc_verify): Init pk.Q if not used. Pass public key verbatim to
verify_eddsa.
* cipher/pubkey.c (sexp_elements_extract): Add arg OPAQUE. Change all
callers to pass 0.
(sexp_to_sig): Add arg OPAQUE and pass it to sexp_elements_extract.
(sexp_data_to_mpi): Allow for a zero length "value".
(gcry_pk_verify): Reorder parameter processing. Pass OPAQUE flag as
required.
* mpi/ec.c (ec_invm): Print a warning if the inverse does not exist.
(_gcry_mpi_ec_get_affine): Implement for our Twisted Edwards curve
model.
(dup_point_twistededwards): Implement.
(add_points_twistededwards): Implement.
(_gcry_mpi_ec_mul_point): Support Twisted Edwards.
* mpi/mpicoder.c (do_get_buffer): Add arg FILL_LE.
(_gcry_mpi_get_buffer): Ditto. Change all callers.
(_gcry_mpi_get_secure_buffer): Ditto.
* src/sexp.c (_gcry_sexp_nth_opaque_mpi): New.
* tests/t-ed25519.c: New.
* tests/t-ed25519.inp: New.
* tests/t-mpi-point.c (basic_ec_math_simplified): Print some output
only in debug mode.
(twistededwards_math): New test.
(main): Call new test.
--
This is a non optimized version which takes far too long. On my X220
Thinkpad the 1024 test cases take 14 seconds (12 with --sign-with-pk).
There should be a lot of room for improvements.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* mpi/mpiutil.c (_gcry_mpi_get_opaque_copy): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* mpi/ec.c (_gcry_mpi_point_log): New.
* src/mpi.h (log_printpnt): new macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/misc.c: Special case an mpi length of 0.
|
|
* mpi/mpicoder.c (gcry_mpi_dump): Remove.
(_gcry_log_mpidump): Remove.
* src/misc.c (_gcry_log_printhex): Factor all code out to ...
(do_printhex): new. Add line wrapping a and compact printing.
(_gcry_log_printmpi): New.
* src/mpi.h (log_mpidump): Remove macro.
* src/g10lib.h (log_mpidump): Add compatibility macro.
(log_printmpi): New macro
* src/visibility.c (gcry_mpi_dump): Call _gcry_log_printmpi.
* cipher/primegen.c (prime_generate_internal): Replace gcry_mpi_dump
by log_printmpi.
(gcry_prime_group_generator): Ditto.
* cipher/pubkey.c: Remove extra colons from log_mpidump call.
* cipher/rsa.c (stronger_key_check): Use log_printmpi.
--
The values to debug get longer and longer and the different debug
functions made it hard to check them out. Now MPIs and hex buffers are
printed very similar. Lines may now wrap with an backslash as
indicator. MPIs are distinguished from plain buffers in the output by
always using a sign.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (gcry_buffer_t): new.
(gcry_md_hash_buffers): New.
* src/visibility.c, src/visibility.h: Add wrapper for new function.
* src/libgcrypt.def, src/libgcrypt.vers: Export new function.
* cipher/md.c (gcry_md_hash_buffers): New.
* cipher/sha1.c (_gcry_sha1_hash_buffers): New.
* tests/basic.c (check_one_md_multi): New.
(check_digests): Run that test.
* tests/hmac.c (check_hmac_multi): New.
(main): Run that test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/g10lib.h (GCC_ATTR_UNUSED): Fix gcc version detection.
--
Reported-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRY_CIPHER_SALSA20R12): New.
* src/salsa20.c (salsa20_core, salsa20_do_encrypt_stream): Add support
for reduced round versions.
(salsa20r12_encrypt_stream, _gcry_cipher_spec_salsa20r12): Implement
Salsa20/12 - a 12 round version of Salsa20 selected by eStream.
* src/cipher.h: Declsare Salsa20/12 definition.
* cipher/cipher.c: Register Salsa20/12
* tests/basic.c: (check_stream_cipher, check_stream_cipher_large_block):
Populate Salsa20/12 tests with test vectors from ecrypt
(check_ciphers): Add simple test for Salsa20/12
--
Salsa20/12 is a reduced round version of Salsa20 that is amongst ciphers
selected by eSTREAM for Phase 3 of Profile 1 algorithm. Moreover it is
one of proposed ciphers for TLS (draft-josefsson-salsa20-tls-02).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
* mpi/ec.c (ec_p_init): Add args MODEL and P. Change all callers.
(_gcry_mpi_ec_p_internal_new): Ditto.
(_gcry_mpi_ec_p_new): Ditto.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return
GPG_ERR_UNKNOWN_CURVE instead of invalid value. Init curve model.
* cipher/ecc.c (ecc_verify, ecc_encrypt_raw): Ditto.
* cipher/pubkey.c (sexp_data_to_mpi): Fix EDDSA flag error checking.
--
(fixes commit c26be7a337d0bf98193bc58e043209e46d0769bb)
|
|
* mpi/ec.c (_gcry_mpi_ec_curve_point): New.
(ec_powm): Return the absolute value.
* src/visibility.c, src/visibility.c: Add wrappers.
* src/libgcrypt.def, src/libgcrypt.vers: Export them.
|
|
* src/gcrypt.h.in (gcry_mpi_is_neg): New.
(gcry_mpi_neg, gcry_mpi_abs): New.
* mpi/mpiutil.c (_gcry_mpi_is_neg): New.
(_gcry_mpi_neg, _gcry_mpi_abs): New.
* src/visibility.c, src/visibility.h: Add wrappers.
* src/libgcrypt.def, src/libgcrypt.vers: Export them.
* src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign.
* mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign.
* mpi/mpi-mpow.c (calc_barrett): Ditto.
* cipher/primegen.c (_gcry_derive_x931_prime): Ditto
* cipher/rsa.c (secret): Ditto.
|
|
* src/misc.c (_gcry_burn_stack): Change to handle 'unsigned int' bytes.
--
Unsigned integer is better here for code generation because we can now avoid
possible branching caused by (bytes <= 0) check.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/Makefile.am (mpicalc): Adjust CFLAGS and LDADD.
--
Building libgcrypt is now failing on Ubuntu 13.04 machine. Patch changes src/Makefile.am for 'mpicalc' to correct this issue.
$ make distclean; ./configure --enable-maintainer-mode; make
...
libtool: link: gcc -g -O2 -fvisibility=hidden -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wextra -Wbad-function-cast -Wwrite-strings -Wdeclaration-after-statement -Wno-missing-field-initializers -Wno-sign-compare -Wpointer-arith -o .libs/mpicalc mpicalc-mpicalc.o ../src/.libs/libgcrypt.so
/usr/bin/ld: mpicalc-mpicalc.o: undefined reference to symbol 'gpg_strerror'
/usr/bin/ld: note: 'gpg_strerror' is defined in DSO /lib/x86_64-linux-gnu/libgpg-error.so.0 so try adding it to the linker command line
/lib/x86_64-linux-gnu/libgpg-error.so.0: could not read symbols: Invalid operation
With win32 target, gpg-error.h is not found.
$ make distclean; ./autogen.sh --build-w32; make
...
i686-w64-mingw32-gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wextra -Wbad-function-cast -Wwrite-strings -Wdeclaration-after-statement -Wno-missing-field-initializers -Wno-sign-compare -Wpointer-arith -MT mpicalc-mpicalc.o -MD -MP -MF .deps/mpicalc-mpicalc.Tpo -c -o mpicalc-mpicalc.o `test -f 'mpicalc.c' || echo './'`mpicalc.c
In file included from mpicalc.c:36:0:
gcrypt.h:32:23: fatal error: gpg-error.h: No such file or directory
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/mpicalc.c: Make use of gcry_ functions.
(MPICALC_VERSION): New. Set to 2.0.
(strusage): Remove.
(scan_mpi): New. Replaces mpi_fromstr.
(print_mpi): New. Replaces mpi_print.
(my_getc): New.
(print_help): New.
(main): Use simple option parser and print version info.
* src/Makefile.am (bin_PROGRAMS): Add mpicalc.
(mpicalc_SOURCES, mpicalc_CFLAGS, mpicalc_LDADD): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
Changed license to LGPLv2.1+.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/mpicalc.c: Take from GnuPG 1.4
--
Taken from GnuPG commit 45efde9557661ea071a01bcb938f1591ed4ec1a3
|
|
* src/cipher.h (PUBKEY_FLAG_EDDSA): New.
* cipher/pubkey.c (pubkey_verify): Repalce args CMP and OPAQUEV by
CTX. Pass flags and hash algo to the verify function. Change all
verify functions to accept these args.
(sexp_data_to_mpi): Implement new flag "eddsa".
(gcry_pk_verify): Pass CTX instead of the compare function to
pubkey_verify.
* cipher/ecc.c (sign): Rename to sign_ecdsa. Change all callers.
(verify): Rename to verify_ecdsa. Change all callers.
(sign_eddsa, verify_eddsa): New stub functions.
(ecc_sign): Divert to sign_ecdsa or sign_eddsa.
(ecc_verify): Divert to verify_ecdsa or verify_eddsa.
|
|
* src/mpi.h (gcry_mpi_ec_models): New.
* src/ec-context.h (mpi_ec_ctx_s): Add MODEL.
* cipher/ecc-common.h (elliptic_curve_t): Ditto.
* cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
(domain_parms): Mark als as Weierstrass.
(_gcry_ecc_fill_in_curve): Check model.
(_gcry_ecc_get_curve): Set model to Weierstrass.
* cipher/ecc-misc.c (_gcry_ecc_model2str): New.
* cipher/ecc.c (generate_key, ecc_generate_ext): Print model in the
debug output.
* mpi/ec.c (_gcry_mpi_ec_dup_point): Switch depending on model.
Factor code out to ...
(dup_point_weierstrass): new.
(dup_point_montgomery, dup_point_twistededwards): New stub functions.
(_gcry_mpi_ec_add_points): Switch depending on model. Factor code out
to ...
(add_points_weierstrass): new.
(add_points_montgomery, add_points_twistededwards): New stub
functions.
* tests/Makefile.am (TESTS): Reorder tests.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/g10lib.h (GCC_ATTR_UNUSED): Define for gcc >= 3.5.
* mpi/mpih-div.c (_gcry_mpih_mod_1, _gcry_mpih_divmod_1): Mark dummy
as unused.
* mpi/mpi-internal.h (UDIV_QRNND_PREINV): Mark _ql as unused.
--
Due to the use of macros and longlong.h, we use variables which are
only used by some architectures. At least gcc 4.7.2 prints new
warnings abot set but not used variables. This patch silences them.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt-int.h: Include error code replacements depeding on the
version of libgpg-error.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* configure.ac (HAVE_VLA): Add check.
* src/misc.c (_gcry_burn_stack) [HAVE_VLA]: Add VLA code.
--
Some gcc versions convert _gcry_burn_stack into loop that overwrites the same
64-byte stack buffer instead of burn stack deeper. It's argued at GCC bugzilla
that _gcry_burn_stack is doing wrong thing here [1] and that this kind of
optimization is allowed.
So lets fix _gcry_burn_stack by using variable length array when VLAs are
supported by compiler. This should ensure proper stack burning to the requested
depth and avoid GCC loop optimizations.
[1] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=52285
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/gcrypt-module.h (gcry_cipher_encrypt_t)
(gcry_cipher_decrypt_t): Return 'unsigned int'.
* cipher/cipher.c (dummy_encrypt_block, dummy_decrypt_block): Return
zero.
(do_ecb_encrypt, do_ecb_decrypt): Get largest stack burn depth from
block cipher crypt function and burn stack at end.
* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
(_gcry_cipher_aeswrap_decrypt): Ditto.
* cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
(_gcry_cipher_cbc_decrypt): Ditto.
* cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
(_gcry_cipher_cfb_decrypt): Ditto.
* cipher/cipher-ctr.c (_gcry_cipher_cbc_encrypt): Ditto.
* cipher/cipher-ofb.c (_gcry_cipher_ofb_encrypt)
(_gcry_cipher_ofb_decrypt): Ditto.
* cipher/blowfish.c (encrypt_block, decrypt_block): Return burn stack
depth.
* cipher/camellia-glue.c (camellia_encrypt, camellia_decrypt): Ditto.
* cipher/cast5.c (encrypt_block, decrypt_block): Ditto.
* cipher/des.c (do_tripledes_encrypt, do_tripledes_decrypt)
(do_des_encrypt, do_des_decrypt): Ditto.
* cipher/idea.c (idea_encrypt, idea_decrypt): Ditto.
* cipher/rijndael.c (rijndael_encrypt, rijndael_decrypt): Ditto.
* cipher/seed.c (seed_encrypt, seed_decrypt): Ditto.
* cipher/serpent.c (serpent_encrypt, serpent_decrypt): Ditto.
* cipher/twofish.c (twofish_encrypt, twofish_decrypt): Ditto.
* cipher/rfc2268.c (encrypt_block, decrypt_block): New.
(_gcry_cipher_spec_rfc2268_40): Use encrypt_block and decrypt_block.
--
Patch moves stack burning from block ciphers and cipher mode loop to end of
cipher mode functions. This greatly reduces the overall CPU usage of the
problematic _gcry_burn_stack. Internal cipher module API is changed so
that encrypt/decrypt functions now return the stack burn depth as unsigned
int to cipher mode function.
(Note, patch also adds missing burn_stack for RFC2268_40 cipher).
_gcry_burn_stack CPU time (looping tests/benchmark cipher blowfish):
arch CPU Old New
i386 Intel-Haswell 4.1% 0.16%
x86_64 Intel-Haswell 3.4% 0.07%
armhf Cortex-A8 8.7% 0.14%
New vs. old (armhf/Cortex-A8):
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
IDEA 1.05x 1.05x 1.04x 1.04x 1.04x 1.04x 1.07x 1.05x 1.04x 1.04x
3DES 1.04x 1.03x 1.04x 1.03x 1.04x 1.04x 1.04x 1.04x 1.04x 1.04x
CAST5 1.19x 1.20x 1.15x 1.00x 1.17x 1.00x 1.15x 1.05x 1.00x 1.00x
BLOWFISH 1.21x 1.22x 1.16x 1.00x 1.18x 1.00x 1.16x 1.16x 1.00x 1.00x
AES 1.09x 1.09x 1.00x 1.00x 1.00x 1.00x 1.07x 1.07x 1.00x 1.00x
AES192 1.11x 1.11x 1.00x 1.00x 1.00x 1.00x 1.08x 1.09x 1.01x 1.00x
AES256 1.07x 1.08x 1.01x .99x 1.00x 1.00x 1.07x 1.06x 1.00x 1.00x
TWOFISH 1.10x 1.09x 1.09x 1.00x 1.09x 1.00x 1.08x 1.09x 1.00x 1.00x
ARCFOUR 1.00x 1.00x
DES 1.07x 1.11x 1.06x 1.08x 1.07x 1.07x 1.06x 1.06x 1.06x 1.06x
TWOFISH128 1.10x 1.10x 1.09x 1.00x 1.09x 1.00x 1.08x 1.08x 1.00x 1.00x
SERPENT128 1.06x 1.07x 1.02x 1.00x 1.06x 1.00x 1.06x 1.05x 1.00x 1.00x
SERPENT192 1.07x 1.06x 1.03x 1.00x 1.06x 1.00x 1.06x 1.05x 1.00x 1.00x
SERPENT256 1.06x 1.07x 1.02x 1.00x 1.06x 1.00x 1.05x 1.06x 1.00x 1.00x
RFC2268_40 0.97x 1.01x 0.99x 0.98x 1.00x 0.97x 0.96x 0.96x 0.97x 0.97x
SEED 1.45x 1.54x 1.53x 1.56x 1.50x 1.51x 1.50x 1.50x 1.42x 1.42x
CAMELLIA128 1.08x 1.07x 1.06x 1.00x 1.07x 1.00x 1.06x 1.06x 1.00x 1.00x
CAMELLIA192 1.08x 1.08x 1.08x 1.00x 1.07x 1.00x 1.07x 1.07x 1.00x 1.00x
CAMELLIA256 1.08x 1.09x 1.07x 1.01x 1.08x 1.00x 1.07x 1.07x 1.00x 1.00x
SALSA20 .99x 1.00x
Raw data:
New (armhf/Cortex-A8):
Running each test 100 times.
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
IDEA 8620ms 8680ms 9640ms 10010ms 9140ms 8960ms 9630ms 9660ms 9180ms 9180ms
3DES 13990ms 14000ms 14780ms 15300ms 14320ms 14370ms 14780ms 14780ms 14480ms 14480ms
CAST5 2980ms 2980ms 3780ms 2300ms 3290ms 2320ms 3770ms 4100ms 2320ms 2320ms
BLOWFISH 2740ms 2660ms 3530ms 2060ms 3050ms 2080ms 3530ms 3530ms 2070ms 2070ms
AES 2200ms 2330ms 2330ms 2450ms 2270ms 2270ms 2700ms 2690ms 2330ms 2320ms
AES192 2550ms 2670ms 2700ms 2910ms 2630ms 2640ms 3060ms 3060ms 2680ms 2690ms
AES256 2920ms 3010ms 3040ms 3190ms 3010ms 3000ms 3380ms 3420ms 3050ms 3050ms
TWOFISH 2790ms 2840ms 3300ms 2950ms 3010ms 2870ms 3310ms 3280ms 2940ms 2940ms
ARCFOUR 2050ms 2050ms
DES 5640ms 5630ms 6440ms 6970ms 5960ms 6000ms 6440ms 6440ms 6120ms 6120ms
TWOFISH128 2790ms 2840ms 3300ms 2950ms 3010ms 2890ms 3310ms 3290ms 2930ms 2930ms
SERPENT128 4530ms 4340ms 5210ms 4470ms 4740ms 4620ms 5020ms 5030ms 4680ms 4680ms
SERPENT192 4510ms 4340ms 5190ms 4460ms 4750ms 4620ms 5020ms 5030ms 4680ms 4680ms
SERPENT256 4540ms 4330ms 5220ms 4460ms 4730ms 4600ms 5030ms 5020ms 4680ms 4680ms
RFC2268_40 10530ms 7790ms 11140ms 9490ms 10650ms 10710ms 11710ms 11690ms 11000ms 11000ms
SEED 4530ms 4540ms 5050ms 5380ms 4760ms 4810ms 5060ms 5060ms 4850ms 4860ms
CAMELLIA128 2660ms 2630ms 3170ms 2750ms 2880ms 2740ms 3170ms 3170ms 2780ms 2780ms
CAMELLIA192 3430ms 3400ms 3930ms 3530ms 3650ms 3500ms 3940ms 3940ms 3570ms 3560ms
CAMELLIA256 3430ms 3390ms 3940ms 3500ms 3650ms 3510ms 3930ms 3940ms 3550ms 3550ms
SALSA20 1910ms 1900ms
Old (armhf/Cortex-A8):
Running each test 100 times.
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
IDEA 9030ms 9100ms 10050ms 10410ms 9540ms 9360ms 10350ms 10190ms 9560ms 9570ms
3DES 14580ms 14460ms 15300ms 15720ms 14880ms 14900ms 15350ms 15330ms 15030ms 15020ms
CAST5 3560ms 3570ms 4350ms 2300ms 3860ms 2330ms 4340ms 4320ms 2330ms 2320ms
BLOWFISH 3320ms 3250ms 4110ms 2060ms 3610ms 2080ms 4100ms 4090ms 2070ms 2070ms
AES 2390ms 2530ms 2320ms 2460ms 2280ms 2270ms 2890ms 2880ms 2330ms 2330ms
AES192 2830ms 2970ms 2690ms 2900ms 2630ms 2650ms 3320ms 3330ms 2700ms 2690ms
AES256 3110ms 3250ms 3060ms 3170ms 3000ms 3000ms 3610ms 3610ms 3050ms 3060ms
TWOFISH 3080ms 3100ms 3600ms 2940ms 3290ms 2880ms 3560ms 3570ms 2940ms 2930ms
ARCFOUR 2060ms 2050ms
DES 6060ms 6230ms 6850ms 7540ms 6380ms 6400ms 6830ms 6840ms 6500ms 6510ms
TWOFISH128 3060ms 3110ms 3600ms 2940ms 3290ms 2890ms 3560ms 3560ms 2940ms 2930ms
SERPENT128 4820ms 4630ms 5330ms 4460ms 5030ms 4620ms 5300ms 5300ms 4680ms 4680ms
SERPENT192 4830ms 4620ms 5320ms 4460ms 5040ms 4620ms 5300ms 5300ms 4680ms 4680ms
SERPENT256 4820ms 4640ms 5330ms 4460ms 5030ms 4620ms 5300ms 5300ms 4680ms 4660ms
RFC2268_40 10260ms 7850ms 11080ms 9270ms 10620ms 10380ms 11250ms 11230ms 10690ms 10710ms
SEED 6580ms 6990ms 7710ms 8370ms 7140ms 7240ms 7600ms 7610ms 6870ms 6900ms
CAMELLIA128 2860ms 2820ms 3360ms 2750ms 3080ms 2740ms 3350ms 3360ms 2790ms 2790ms
CAMELLIA192 3710ms 3680ms 4240ms 3520ms 3910ms 3510ms 4200ms 4210ms 3560ms 3560ms
CAMELLIA256 3700ms 3680ms 4230ms 3520ms 3930ms 3510ms 4200ms 4210ms 3550ms 3560ms
SALSA20 1900ms 1900ms
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* configure.ac: Add option --disable-neon-support.
(HAVE_GCC_INLINE_ASM_NEON): New.
(ENABLE_NEON_SUPPORT): New.
[arm]: Add 'hwf-arm.lo' as HW feature module.
* src/Makefile.am: Add 'hwf-arm.c'.
* src/g10lib.h (HWF_ARM_NEON): New macro.
* src/global.c (hwflist): Add HWF_ARM_NEON entry.
* src/hwf-arm.c: New file.
* src/hwf-common.h (_gcry_hwf_detect_arm): New prototype.
* src/hwfeatures.c (_gcry_detect_hw_features) [HAVE_CPU_ARCH_ARM]: Add
call to _gcry_hwf_detect_arm.
--
Add HW detection module for detecting ARM NEON instruction set. ARM does not
have cpuid instruction so we have to rely on OS to pass feature set information
to user-space. For linux, NEON support can be detected by parsing
'/proc/self/auxv' for hardware capabilities information. For other OSes, NEON
can be detected by checking if platform/compiler only supports NEON capable
CPUs (by check if __ARM_NEON__ macro is defined).
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
src/g10lib.h [__arm__] (fast_wipememory2_unaligned_head)
(fast_wipememory2): New macros.
--
Previous patch that removed _gcry_burn_stack optimization causes burn_stack
take over 30% CPU usage when looping 'benchmark cipher blowfish' on
ARM/Cortex-A8. Optimizing wipememory2 for ARM helps situation a lot.
Old vs new (Cortex-A8):
ECB/Stream CBC CFB OFB CTR
--------------- --------------- --------------- --------------- ---------------
IDEA 1.20x 1.18x 1.16x 1.15x 1.16x 1.18x 1.18x 1.16x 1.16x 1.17x
3DES 1.14x 1.14x 1.12x 1.13x 1.12x 1.13x 1.12x 1.13x 1.13x 1.15x
CAST5 1.66x 1.67x 1.43x 1.00x 1.48x 1.00x 1.44x 1.44x 1.04x 0.96x
BLOWFISH 1.56x 1.66x 1.47x 1.00x 1.54x 1.05x 1.44x 1.47x 1.00x 1.00x
AES 1.52x 1.42x 1.04x 1.00x 1.00x 1.00x 1.38x 1.37x 1.00x 1.00x
AES192 1.36x 1.36x 1.00x 1.00x 1.00x 1.04x 1.26x 1.22x 1.00x 1.04x
AES256 1.32x 1.31x 1.03x 1.00x 1.00x 1.00x 1.24x 1.30x 1.03x 0.97x
TWOFISH 1.31x 1.26x 1.23x 1.00x 1.25x 1.00x 1.24x 1.23x 1.00x 1.03x
ARCFOUR 1.05x 0.96x
DES 1.31x 1.33x 1.26x 1.29x 1.28x 1.29x 1.26x 1.29x 1.27x 1.29x
TWOFISH128 1.27x 1.24x 1.23x 1.00x 1.28x 1.00x 1.21x 1.26x 0.97x 1.06x
SERPENT128 1.19x 1.19x 1.15x 1.00x 1.14x 1.00x 1.17x 1.17x 0.98x 1.00x
SERPENT192 1.19x 1.24x 1.17x 1.00x 1.14x 1.00x 1.15x 1.17x 1.00x 1.00x
SERPENT256 1.16x 1.19x 1.17x 1.00x 1.14x 1.00x 1.15x 1.15x 1.00x 1.00x
RFC2268_40 1.00x 0.99x 1.00x 1.01x 1.00x 1.00x 1.03x 1.00x 1.01x 1.00x
SEED 1.20x 1.20x 1.18x 1.17x 1.17x 1.19x 1.18x 1.16x 1.19x 1.19x
CAMELLIA128 1.38x 1.34x 1.31x 1.00x 1.31x 1.00x 1.29x 1.32x 1.00x 1.00x
CAMELLIA192 1.27x 1.27x 1.23x 1.00x 1.25x 1.03x 1.20x 1.23x 1.00x 1.00x
CAMELLIA256 1.27x 1.27x 1.26x 1.00x 1.25x 1.03x 1.20x 1.23x 1.00x 1.00x
SALSA20 1.04x 1.00x
(Note: bulk encryption/decryption do burn_stack after full buffer processing,
instead of after each block.)
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/misc.c (_gcry_burn_stack): Remove SIZEOF_UNSIGNED_LONG == 4 or 8
optimization.
--
At least GCC 4.6 on Debian Wheezy (armhf) generates wrong code for burn_stack,
causing recursive structure to be transformed in to iterative without updating
stack pointer between iterations. Therefore only first 64 bytes of stack get
zeroed. This appears to be fixed in GCC 4.7, but lets play this safe and
remove this optimization.
Better approach would probably be to add architecture specific assembly
routine(s) that replace this generic function.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/libgcrypt.def: Change 'gcry_sexp_get_buffer' to
'gcry_sexp_nth_buffer'.
--
Commit 2d3e8d4d9 "sexp: Add function gcry_sexp_nth_buffer." added
'gcry_sexp_get_buffer' to libgcrypt.def, when it should have been
'gcry_sexp_nth_buffer'.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* src/sexp.c (hextobyte): Remove.
(hextonibble): New.
(vsexp_sscan): Skip whtespace between hex nibbles.
--
Before that patch a string
"(a #123"
" 456#")
was not correctly parsed because white space was only allowed between
two hex digits but not in between nibbles.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/sexp.c (gcry_sexp_nth_buffer): New.
* src/visibility.c, src/visibility.h: Add function wrapper.
* src/libgcrypt.vers, src/libgcrypt.def: Add to API.
* src/gcrypt.h.in: Add prototype.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/gcrypt.h.in (GCRY_CIPHER_SALSA20): New.
* cipher/salsa20.c: New.
* configure.ac (available_ciphers): Add Salsa20.
* cipher/cipher.c: Register Salsa20.
(cipher_setiv): Allow to divert an IV to a cipher module.
* src/cipher-proto.h (cipher_setiv_func_t): New.
(cipher_extra_spec): Add field setiv.
* src/cipher.h: Declare Salsa20 definitions.
* tests/basic.c (check_stream_cipher): New.
(check_stream_cipher_large_block): New.
(check_cipher_modes): Run new test functions.
(check_ciphers): Add simple test for Salsa20.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
--
|
|
* src/gcrypt-module.h (gcry_pk_sign_t): Add parms flags and hashalgo.
* cipher/rsa.c (rsa_sign): Add parms and mark them as unused.
* cipher/dsa.c (dsa_sign): Ditto.
* cipher/elgamal.c (elg_sign): Ditto.
* cipher/pubkey.c (dummy_sign): Ditto.
(pubkey_sign): Pass 0 for the new args.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* random/rndw32.c: include winsock2.h before windows.h.
* src/ath.h [_WIN32]: Ditto.
* tests/benchmark.c [_WIN32]: Ditto.
--
Patch silences warnings of following type:
/usr/lib/gcc/i686-w64-mingw32/4.6/../../../../i686-w64-mingw32/include/winsock2.h:15:2: warning: #warning Please include winsock2.h before windows.h [-Wcpp]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* cipher/bithelp.h [__GNUC__, __i386__] (rol, ror): add "cc" globber
for inline assembly.
* cipher/cast5.c [__GNUC__, __i386__] (rol): Ditto.
* random/rndhw.c [USE_DRNG] (rdrand_long): Ditto.
* src/hmac256.c [__GNUC__, __i386__] (ror): Ditto.
* mpi/longlong.c [__i386__] (add_ssaaaa, sub_ddmmss, umul_ppmm)
(udiv_qrnnd, count_leading_zeros, count_trailing_zeros): Ditto.
--
These assembly snippets modify cflags but do not mark "cc" clobber.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
* configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ...
* src/gcrypt-int.h: new file.
* src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h.
* tests/: Ditto for all test files.
--
Defining newer gpg-error codes in config.h was not a good idea,
because config.h is usually included before gpg-error.h and thus
gpg-error.h would be double defines to lead to faulty code there like
typedef enum
{
[...]
191 = 191,
[...]
};
|
|
* src/misc.c (_gcry_burn_stack): Add optimization for 32-bit and 64-bit
architectures.
--
Busy looping 'tests/benchmark --cipher-repetitions 10 cipher blowfish' on ARM
Cortex-A8 shows that _gcry_burn_stack takes 21% of CPU time. With this patch,
that number drops to 3.4%.
On AMD64 (Intel i5-4570) CPU usage for _gcry_burn_stack in the same test drops
from 3.5% to 1.1%.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
