Age | Commit message (Collapse) | Author | Files | Lines |
|
* tests/benchmark.c (ecc_bench): Avoid not approved curves in FIPS.
* tests/curves.c (check_get_params): Skip Brainpool curves in FIPS.
* tests/keygen.c (check_dsa_keys): Generate 2048 and 3072 bits keys.
(check_ecc_keys): Skip Ed25519 in FIPS mode.
* tests/random.c (main): Don't switch DRBG in FIPS mode.
* tests/t-ed25519.c (main): Ed25519 isn't supported in FIPS mode.
* tests/t-kdf.c (check_openpgp): Skip vectors using md5 in FIPS.
* tests/t-mpi-point.c (context_param): Skip P-192 and Ed25519 in FIPS.
(main): Skip math tests that use P-192 and Ed25519 in FIPS.
--
Fix the testsuite to make it pass after the FIPS adjustmens.
This consists mostly of disabling the tests that use not approved
curves and algorithms as well as increasing the keysizes.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Removed changes already done with commit e40939b. The original
patch had these chnages:
* tests/fips186-dsa.c (main): Merely suggest a future improvement.
* tests/pubkey.c (get_dsa_key_*new): Increase keysizes.
(check_run): Skip tests with small domain in FIPS.
(main): Skip Ed25519 sample key test in FIPS.
Noet that get_dsa_key_fips186_with_seed_new was not changed from
1024 to 3072 but to 2048 bit.
- Return with 77 (skip) from t-ed25519.c in FIPS mode.
- Some code style changes.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/basic.c (get_keys_new): Generate 2048 bit key.
* tests/benchmark.c (rsa_bench): Skip keys of lengths different
than 2048 and 3072 in FIPS mode.
* tests/keygen.c (check_rsa_keys): Failure if short keys can be
generated in FIPS mode.
(check_dsa_keys): Ditto for DSA keys.
* tests/pubkey.c (check_x931_derived_key): Skip keys < 2048 in FIPS.
--
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Remove printing of "FAIL" in fail() because this is reserved for
use by the test driver of the Makefile.
- Move setting of IN_FIPS_MODE after gcry_check_version in keygen.c
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/rsa.c (selftests_rsa): Use 2048 bit keys.
(selftest_encr_1024): Replaced by selftest_encr_2048.
(selftest_sign_1024): Replaced by selftest_sign_2048.
(selftest_encr_2048): Add check against known ciphertext.
(selftest_sign_2048): Add check against known signature.
(selftest_sign_2048): Free SIG_MPI.
* tests/pubkey.c (get_keys_new): Generate 2048 bit keys.
--
Use a 2048 bit keys for RSA selftest.
Check against the known signature/ciphertext after signing/encryption
in the selftests.
Also generate 2k keys in tests/pubkey.
Thanks to Ludwig Nussel.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Additional changes by wk:
- Reformat some strings and comments.
- Replace a free by xfree.
- Free SIG_MPI.
- Make two strings static.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/dsa.c (sample_secret_key_1024): Comment out unused constant.
(ogenerate_fips186): Make it work with use-fips183-2 flag.
* cipher/primegen.c (_gcry_generate_fips186_3_prime): Use Emacs
standard comment out format.
* tests/fips186-dsa.c (check_dsa_gen_186_3): New dummy fucntion.
(main): Call it.
(main): Compare against current version.
* tests/pubkey.c (get_dsa_key_fips186_new): Create 2048 bit key.
(get_dsa_key_fips186_with_seed_new): Ditto.
(get_dsa_key_fips186_with_domain_new): Comment out.
(check_run): Do not call that function.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque
mpis as required for DSA and ECDSA signature schemas.
* cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to
behave like the rest of internal sign/verify functions.
* cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify):
as required by ECDSA scheme, truncate hash values to bitlength of
used curve.
* tests/pubkey.c (check_ecc_sample_key): add a testcase for hash
truncation.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
* src/cipher.h (PUBKEY_FLAG_ECDSA): Remove.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa".
* cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag.
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag.
* tests/benchmark.c, tests/keygen.c, tests/pubkey.c
* tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags.
--
This changes make using ECDSA signatures the default for all curves.
If another signing algorithm is to be used, the corresponding flag
needs to be given. In particular the flags "eddsa" is now always
required with curve Ed25519 to comply with the specs. This change
makes the code better readable by not assuming a certain signature
algorithm depending on the curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case.
(ecc_verify): Implement ED25519/ECDSA uncompression.
--
With this change Ed25519 may be used with ECDSA while using the
Ed25519 standard compression technique.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* src/cipher.h (PUBKEY_FLAG_ECDSA): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa".
* cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output.
(ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA.
* tests/keygen.c (check_ecc_keys): Create such a test key.
* tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New.
Take from dsa-6979.c
(check_ed25519ecdsa_sample_key): new.
(main): Call new test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
* tests/pubkey.c (check_keys_crypt): Release L, X0, and X1.
(check_keys): Release X.
|
|
* configure.ac (AH_BOTTOM): Move GPG_ERR_ replacement defines to ...
* src/gcrypt-int.h: new file.
* src/visibility.h, src/cipher.h: Replace gcrypt.h by gcrypt-int.h.
* tests/: Ditto for all test files.
--
Defining newer gpg-error codes in config.h was not a good idea,
because config.h is usually included before gpg-error.h and thus
gpg-error.h would be double defines to lead to faulty code there like
typedef enum
{
[...]
191 = 191,
[...]
};
|
|
* cipher/ecc.c (ecc_sign): Remove the need for Q.
* cipher/pubkey.c (sexp_elements_extract_ecc): Make Q optional for a
private key.
(sexp_to_key): Add optional arg R_IS_ECC.
(gcry_pk_sign): Do not call gcry_pk_get_nbits for ECC keys.
* tests/pubkey.c (die): Make sure to print a LF.
(check_ecc_sample_key): New.
(main): Call new test.
--
Q is the actual public key which is not used for signing. Thus we
can make it optional and even speed up the signing by parsing less
stuff.
Note: There seems to be a memory leak somewhere. Running tests/pubkey
with just the new test enabled shows it.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
Check and install the standard git pre-commit hook.
|
|
Add stuff to help debugging.
|
|
Other small changes.
|
|
Doc updates.
Allows the use of the strings AES-128, AES-192, AES-256 to specify AES
algorithms.
|
|
Type fix.
Made sure that gcry_free preserves ERRNO.
|
|
|
|
|
|
Add a way to derive RSA keys according to X9.31.
|
|
|
|
Allow to decryption/signing using a minimal RSA key.
|
|
This is not ready but the key generation and the self-test works.
|
|
Updated some tests.
Support for passphrase generated Elgamal keys.
|
|
Cleaned up output; i.e. take care of --verbose.
|
|
2005-04-23 Moritz Schulte <moritz@g10code.com>
* acinclude.m4 (TYPE_SOCKLEN_T): New type definition test;
provided by Albert Chin.
* configure.ac: Don't use $(CMD) as it's not portable; use `CMD` nstead.
Simpler -lnsl/-lsocket test.
Use TYPE_SOCKLEN_T test.
Don't forget to set `random_modules' correctly.
2005-04-22 Moritz Schulte <moritz@g10code.com>
* configure.ac: Added support for pkgconfig; provided by Albert
Chin.
cipher/ChangeLog:
2005-04-12 Moritz Schulte <moritz@g10code.com>
* ac.c (_gcry_ac_io_write, _gcry_ac_io_read): Initialize err to
make the compiler happy.
Always use errno, now that gcry_malloc() is guaranteed to set
errno on failure.
(_gcry_ac_data_to_sexp): Don't forget to goto out after error in
loop.
(_gcry_ac_data_to_sexp): Remove unused variable: mpi_list;
(_gcry_ac_data_to_sexp): Always deallocate sexp_buffer.
(_gcry_ac_data_from_sexp): Don't forget to initialize data_set_new.
(_gcry_ac_data_from_sexp): Handle special case, which is
necessary, since gcry_sexp_nth() does not distinguish between
"element does not exist" and "element is the empty list".
(_gcry_ac_io_init_va): Use assert to make sure that mode and type
are correct.
Use gcry_error_t types where gcry_err_code_t types have been used
before.
mpi/ChangeLog:
2005-04-23 Moritz Schulte <moritz@g10code.com>
* Makefile.am: Don't assume the compiler will pre-process the .S
files. Some compilers, like those from HP and IBM, don't do
this. So, we use the same solution gnupg-1.4.0 does. Preprocess
first and then compile.
* hppa1.1/mpih-mul3.S: Add "level 1.1" directive to disable
warning about using PA-RISC1.1 opcodes.
* hppa1.1/mpih-mul2.S: Likewise.
* hppa1.1/mpih-mul1.S: Likewise.
* hppa1.1/udiv-qrnnd.S: Likewise.
src/ChangeLog:
2005-04-22 Moritz Schulte <moritz@g10code.com>
* Makefile.am (pkgconfigdir, pkgconfig_DATA): New; support for
pkgconfig provided by Albert Chin.
* libgcrypt.pc.in (Cflags): New file.
2005-04-16 Moritz Schulte <moritz@g10code.com>
* g10lib.h (_gcry_ac_init): Declare.
* global.c (global_init): Call _gcry_ac_init; don't forget to set
err.
tests/ChangeLog:
2005-04-22 Moritz Schulte <moritz@g10code.com>
* tsexp.c: Include <config.h> in case HAVE_CONFIG_H is defined;
thanks to Albert Chin.
* testapi.c: Likewise.
* register.c: Likewise.
* pubkey.c: Likewise.
* prime.c: Likewise.
* pkbench.c: Likewise.
* keygen.c: Likewise.
* benchmark.c: Likewise.
* basic.c: Likewise.
* ac-schemes.c: Likewise.
* ac-data.c: Likewise.
* ac.c: Likewise.
2005-04-16 Moritz Schulte <moritz@g10code.com>
* ac-data.c (check_run): Include new test.
|
|
|
|
* ac.c (gcry_ac_open): Use it here.
* pubkey.c (check_keys_crypt): Fix for compatibility mode.
|
|
* basic.c, keygen.c, pubkey.c, register.c, tsexp.c: Changed to use
new API.
2003-06-01 Moritz Schulte <moritz@g10code.com>
* tsexp.c (canon_len): Adjust for new gcry_sexp_canon_len API.
|
|
* pubkey.c: Changed the sample private key to contain the
identifier `openpgp-rsa' instead of `rsa'.
* basic.c (check_digests): Enabled/fixed some tests for TIGER.
|
|
* Makefile.am (TESTS): Added pubkey.
* pubkey.c: New file.
|