| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/db2any: Update copyright notice.
* cipher/arcfour.c, cipher/blowfish.ccipher/cast5.c: Likewise.
* cipher/crc-armv8-ce.c, cipher/crc-intel-pclmul.c: Likewise.
* cipher/crc-ppc.c, cipher/crc.c, cipher/des.c: Likewise.
* cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
* cipher/primegen.c, cipher/rfc2268.c, cipher/rmd160.c: Likewise.
* cipher/seed.c, cipher/serpent.c, cipher/tiger.c: Likewise.
* cipher/twofish.c: Likewise.
* mpi/alpha/mpih-add1.S, mpi/alpha/mpih-lshift.S: Likewise.
* mpi/alpha/mpih-mul1.S, mpi/alpha/mpih-mul2.S: Likewise.
* mpi/alpha/mpih-mul3.S, mpi/alpha/mpih-rshift.S: Likewise.
* mpi/alpha/mpih-sub1.S, mpi/alpha/udiv-qrnnd.S: Likewise.
* mpi/amd64/mpih-add1.S, mpi/amd64/mpih-lshift.S: Likewise.
* mpi/amd64/mpih-mul1.S, mpi/amd64/mpih-mul2.S: Likewise.
* mpi/amd64/mpih-mul3.S, mpi/amd64/mpih-rshift.S: Likewise.
* mpi/amd64/mpih-sub1.S, mpi/config.links: Likewise.
* mpi/generic/mpih-add1.c, mpi/generic/mpih-lshift.c: Likewise.
* mpi/generic/mpih-mul1.c, mpi/generic/mpih-mul2.c: Likewise.
* mpi/generic/mpih-mul3.c, mpi/generic/mpih-rshift.c: Likewise.
* mpi/generic/mpih-sub1.c, mpi/generic/udiv-w-sdiv.c: Likewise.
* mpi/hppa/mpih-add1.S, mpi/hppa/mpih-lshift.S: Likewise.
* mpi/hppa/mpih-rshift.S, mpi/hppa/mpih-sub1.S: Likewise.
* mpi/hppa/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul1.S: Likewise.
* mpi/hppa1.1/mpih-mul2.S, mpi/hppa1.1/mpih-mul3.S: Likewise.
* mpi/hppa1.1/udiv-qrnnd.S, mpi/i386/mpih-add1.S: Likewise.
* mpi/i386/mpih-lshift.S, mpi/i386/mpih-mul1.S: Likewise.
* mpi/i386/mpih-mul2.S, mpi/i386/mpih-mul3.S: Likewise.
* mpi/i386/mpih-rshift.S, mpi/i386/mpih-sub1.S: Likewise.
* mpi/i386/syntax.h, mpi/longlong.h: Likewise.
* mpi/m68k/mc68020/mpih-mul1.S, mpi/m68k/mc68020/mpih-mul2.S: Likewise.
* mpi/m68k/mc68020/mpih-mul3.S, mpi/m68k/mpih-add1.S: Likewise.
* mpi/m68k/mpih-lshift.S, mpi/m68k/mpih-rshift.S: Likewise.
* mpi/m68k/mpih-sub1.S, mpi/m68k/syntax.h: Likewise.
* mpi/mips3/mpih-add1.S, mpi/mips3/mpih-lshift.S: Likewise.
* mpi/mips3/mpih-mul1.S, mpi/mips3/mpih-mul2.S: Likewise.
* mpi/mips3/mpih-mul3.S, mpi/mips3/mpih-rshift.S: Likewise.
* mpi/mips3/mpih-sub1.S, mpi/mpi-add.c: Likewise.
* mpi/mpi-bit.c, mpi/mpi-cmp.c, mpi/mpi-div.c: Likewise.
* mpi/mpi-gcd.c, mpi/mpi-inline.c, mpi/mpi-inline.h: Likewise.
* mpi/mpi-internal.h, mpi/mpi-mpow.c, mpi/mpi-mul.c: Likewise.
* mpi/mpi-scan.c, mpi/mpih-div.c, mpi/mpih-mul.c: Likewise.
* mpi/pa7100/mpih-lshift.S, mpi/pa7100/mpih-rshift.S: Likewise.
* mpi/power/mpih-add1.S, mpi/power/mpih-lshift.S: Likewise.
* mpi/power/mpih-mul1.S, mpi/power/mpih-mul2.S: Likewise.
* mpi/power/mpih-mul3.S, mpi/power/mpih-rshift.S: Likewise.
* mpi/power/mpih-sub1.S, mpi/powerpc32/mpih-add1.S: Likewise.
* mpi/powerpc32/mpih-lshift.S, mpi/powerpc32/mpih-mul1.S: Likewise.
* mpi/powerpc32/mpih-mul2.S, mpi/powerpc32/mpih-mul3.S: Likewise.
* mpi/powerpc32/mpih-rshift.S, mpi/powerpc32/mpih-sub1.S: Likewise.
* mpi/powerpc32/syntax.h, mpi/sparc32/mpih-add1.S: Likewise.
* mpi/sparc32/mpih-lshift.S, mpi/sparc32/mpih-rshift.S: Likewise.
* mpi/sparc32/udiv.S, mpi/sparc32v8/mpih-mul1.S: Likewise.
* mpi/sparc32v8/mpih-mul2.S, mpi/sparc32v8/mpih-mul3.S: Likewise.
* mpi/supersparc/udiv.S: Likewise.
* random/random.h, random/rndegd.c: Likewise.
* src/cipher.h, src/libgcrypt.def, src/libgcrypt.vers: Likewise.
* src/missing-string.c, src/mpi.h, src/secmem.h: Likewise.
* src/stdmem.h, src/types.h: Likewise.
* tests/aeswrap.c, tests/curves.c, tests/hmac.c: Likewise.
* tests/keygrip.c, tests/prime.c, tests/random.c: Likewise.
* tests/t-kdf.c, tests/testapi.c: Likewise.
--
GnuPG-bug-id: 6271
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-gcm.c (_gcry_cipher_gcm_setiv_zero): New.
(_gcry_cipher_gcm_encrypt, _gcry_cipher_gcm_decrypt)
(_gcry_cipher_gcm_authenticate): Use _gcry_cipher_gcm_setiv_zero.
* cipher/cipher-internal.h (struct gcry_cipher_handle): Add aead field.
* cipher/cipher.c (_gcry_cipher_setiv): Check calling setiv to reject
direct invocation in FIPS mode.
(_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New.
* doc/gcrypt.texi: Add explanation for two new functions.
* src/gcrypt-int.h (_gcry_cipher_setup_geniv, _gcry_cipher_geniv): New.
* src/gcrypt.h.in (enum gcry_cipher_geniv_methods): New.
(gcry_cipher_setup_geniv, gcry_cipher_geniv): New.
* src/libgcrypt.def (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add.
* src/libgcrypt.vers: Likewise.
* src/visibility.c (gcry_cipher_setup_geniv, gcry_cipher_geniv): Add.
* src/visibility.h: Likewise.
--
GnuPG-bug-id: 4873
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (argon2_ctl): Remove.
(argon2_iterator): Remove.
(argon2_compute_segment): Change the API.
(argon2_compute): New.
(argon2_open): No optional N_THERADS any more.
(_gcry_kdf_ctl): Remove.
(_gcry_kdf_iterator, _gcry_kdf_compute_segment): Remove.
(_gcry_kdf_compute): New.
* src/gcrypt-int.h: Update declarations.
* src/gcrypt.h.in: Likewise.
* src/libgcrypt.def: Update.
* src/libgcrypt.vers: Update.
* src/visibility.c: Update.
* src/visibility.h: Update.
* tests/t-kdf.c (check_argon2): Update the test with change of new
API.
--
GnuPG-bug-id: 5797
Co-authored-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (struct argon2_thread_data): Change layout.
(argon2_iterator): Use struct gcry_kdf_pt_head.
(argon2_compute_segment): Rename from argon2_compute_row.
(argon2_open): Handle N_THREAD maximum.
(_gcry_kdf_iterator): Use struct gcry_kdf_pt_head.
(_gcry_kdf_compute_segment): Rename from _gcry_kdf_compute_row.
* src/gcrypt-int.h: Update declarations.
* src/gcrypt.h.in (struct gcry_kdf_pt_head): Expose the data type.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.c, src/visibility.h: Update.
* tests/t-kdf.c (start_thread, my_kdf_derive): Follow the change.
--
Fixes-commit: bafdb90d97b65db541ea917088ca956e6a364f6b
GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/kdf.c (hash, argon2_genh0_first_blocks): New for Argon2.
(argon2_init, argon2_ctl, argon2_iterator): Likewise.
(argon2_compute_row, argon2_final, argon2_close): Likewise.
(argon2_open): Likewise.
(balloon_open): New for Balloon.
(_gcry_kdf_open, _gcry_kdf_ctl, _gcry_kdf_iterator): Add new API.
(_gcry_kdf_compute_row, _gcry_kdf_final, _gcry_kdf_close): Likewise.
* src/gcrypt-int.h: Add declarations for new API.
* src/gcrypt.h.in: Likewise.
(enum gcry_kdf_algos): Add GCRY_KDF_ARGON2 and GCRY_KDF_BALLOON.
(enum gcry_kdf_subalgo_argon2): Add GCRY_KDF_ARGON2D,
GCRY_KDF_ARGON2I, and GCRY_KDF_ARGON2ID.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.h: Likewise.
* src/visibility.c: Add new API.
* tests/Makefile.am (t_kdf_LDADD, t_kdf_CFLAGS): Enable use of pthread.
* tests/t-kdf.c (check_argon2): New, not enabled yet.
--
New API has been added, decoupling thread support. Implementation of
Argon2 is on-going. Test is not enabled yet.
GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (_gcry_pk_sign_md, _gcry_pk_verify_md): New.
(_gcry_pk_random_override_new): New.
(_gcry_pk_get_random_override): New.
* src/gcrypt-int.h: Add those routines.
* src/context.h (CONTEXT_TYPE_RANDOM_OVERRIDE): New.
* src/context.c (_gcry_ctx_alloc, _gcry_ctx_release): Handle
CONTEXT_TYPE_RANDOM_OVERRIDE.
* src/gcrypt.h.in (gcry_error_t gcry_pk_hash_sign): New.
(gcry_error_t gcry_pk_hash_verify): New.
(gcry_pk_random_override_new): New.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.c (gcry_pk_hash_sign, gcry_pk_hash_verify): New.
(gcry_pk_random_override_new): New.
* src/visibility.h: Add those routines.
--
GnuPG-bug-id: 4894
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-ecdh.c (_gcry_ecc_get_algo_keylen): New.
(_gcry_ecc_mul_point): Fill into the RESULT buffer, instead of
allocating new buffer.
* src/gcrypt-int.h: Change the API.
* src/gcrypt.h.in: Likewise.
* src/libgcrypt.def (gcry_ecc_get_algo_keylen): New.
* src/libgcrypt.vers (gcry_ecc_get_algo_keylen): New.
* src/visibility.c (gcry_ecc_get_algo_keylen): New.
* src/visibility.h (gcry_ecc_get_algo_keylen): New.
* tests/t-cv25519.c: Fix the use case.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add ecc-ecdh.lo.
* cipher/Makefile.am: Add ecc-ecdh.c.
* cipher/ecc-common.h (reverse_buffer): Expose.
* cipher/ecc-eddsa.c (reverse_buffer): Expose.
* cipher/ecc-curves.c (domain_parms): Fix as the errata of RFC.
* cipher/ecc-ecdh.c: New.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix for other curves
than Curve25519.
* src/gcrypt-int.h (_gcry_ecc_mul_point): New.
* src/gcrypt.h.in (enum gcry_ecc_curves): New.
(gcry_ecc_mul_point): new.
* src/libgcrypt.def (gcry_ecc_mul_point): New.
* src/libgcrypt.vers (gcry_ecc_mul_point): New.
* src/visibility.h (gcry_ecc_mul_point): New.
* src/visibility.c (gcry_ecc_mul_point): New.
* tests/t-cv25519.c (test_cv_hl): Rename from test_cv.
(test_cv_x25519): New.
(test_cv): Call both of test_cv_hl and test_cv_x25519.
--
Add new API gcry_ecc_mul_point for direct use of X25519 function.
"Direct use" means, its inputs and output are binary octet in native
format, while no lengths check inside. It's a responsibility of
caller.
We can use gcry_pk_encrypt for implementing X25519, but the API of
gcry_pk_encrypt uses SEXP format, which is a bit cumbersome.
GnuPG-bug-id: 4293
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (gcry_mpi_get_ui): New.
(mpi_get_ui): New macro.
* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
* src/visibility.c (gcry_mpi_get_ui): New.
* src/visibility.h: Mark that function.
(gcry_mpi_get_ui): New.
* mpi/mpiutil.c (MY_UINT_MAX): New macro.
(_gcry_mpi_get_ui): Re-implemented. This function existed but was
never imported or used.
* tests/mpitests.c (test_maxsize): Add some test for this function.
--
Note that in libgcrypt.def the cardinal 91 is used which was never
used in the past.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (gcry_mpi_point_copy): New.
(mpi_point_copy): New macro.
* src/visibility.c (gcry_mpi_point_copy): New.
* src/libgcrypt.def, src/libgcrypt.vers: Add function.
* mpi/ec.c (_gcry_mpi_point_copy): New.
* tests/t-mpi-point.c (set_get_point): Add test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/misc.c (_gcry_log_info_with_dummy_fp): Remove.
* src/global.c (print_config): New arg WHAT. Remove arg FNC and use
gpgrt_fprintf directly.
(_gcry_get_config): New.
(_gcry_vcontrol) <GCRYCTL_PRINT_CONFIG>: Use _gcry_get_config instead
of print_config.
* src/gcrypt.h.in (gcry_get_config): New.
* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
* src/visibility.c (gcry_get_config): New.
* src/visibility.h: Mark new function.
* tests/version.c (test_get_config): New.
(main): Call new test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (_gcry_mpi_ec_decode_point): New.
* cipher/ecc-common.h: Move two prototypes to ...
* src/ec-context.h: here.
* src/gcrypt.h.in (gcry_mpi_ec_decode_point): New.
* src/libgcrypt.def (gcry_mpi_ec_decode_point): New.
* src/libgcrypt.vers (gcry_mpi_ec_decode_point): New.
* src/visibility.c (gcry_mpi_ec_decode_point): New.
* src/visibility.h: Add new function.
--
This new function make the use of the gcry_mpi_ec_curve_point function
possible in many contexts. Here is a code snippet which could be used
in gpg to check a point:
static gpg_error_t
check_point (PKT_public_key *pk, gcry_mpi_t m_point)
{
gpg_error_t err;
char *curve;
gcry_ctx_t gctx = NULL;
gcry_mpi_point_t point = NULL;
/* Get the curve name from the first OpenPGP key parameter. */
curve = openpgp_oid_to_str (pk->pkey[0]);
if (!curve)
{
err = gpg_error_from_syserror ();
goto leave;
}
point = gcry_mpi_point_new (0);
if (!point)
{
err = gpg_error_from_syserror ();
goto leave;
}
err = gcry_mpi_ec_new (&gctx, NULL, curve);
if (err)
goto leave;
err = gcry_mpi_ec_decode_point (point, m_point, gctx);
if (err)
goto leave;
if (!gcry_mpi_ec_curve_point (point, gctx))
err = gpg_error (GPG_ERR_BAD_DATA);
leave:
gcry_ctx_release (gctx);
gcry_mpi_point_release (point);
xfree (curve);
return err;
}
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/crc.c (_gcry_digest_spec_crc32)
(_gcry_digest_spec_crc32_rfc1510, _gcry_digest_spec_crc24_rfc2440): Set
'extract' NULL.
* cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_94)
(_gcry_digest_spec_gost3411_cp): Ditto.
* cipher/keccak.c (_gcry_digest_spec_sha3_224)
(_gcry_digest_spec_sha3_256, _gcry_digest_spec_sha3_384)
(_gcry_digest_spec_sha3_512): Ditto.
* cipher/md2.c (_gcry_digest_spec_md2): Ditto.
* cipher/md4.c (_gcry_digest_spec_md4): Ditto.
* cipher/md5.c (_gcry_digest_spec_md5): Ditto.
* cipher/rmd160.c (_gcry_digest_spec_rmd160): Ditto.
* cipher/sha1.c (_gcry_digest_spec_sha1): Ditto.
* cipher/sha256.c (_gcry_digest_spec_sha224)
(_gcry_digest_spec_sha256): Ditto.
* cipher/sha512.c (_gcry_digest_spec_sha384)
(_gcry_digest_spec_sha512): Ditto.
* cipher/stribog.c (_gcry_digest_spec_stribog_256)
(_gcry_digest_spec_stribog_512): Ditto.
* cipher/tiger.c (_gcry_digest_spec_tiger)
(_gcry_digest_spec_tiger1, _gcry_digest_spec_tiger2): Ditto.
* cipher/whirlpool.c (_gcry_digest_spec_whirlpool): Ditto.
* cipher/md.c (md_enable): Do not allow combination of HMAC and
'expandable-output function'.
(md_final): Check if spec->read is NULL before calling.
(md_read): Ditto.
(md_extract, _gcry_md_extract): New.
* doc/gcrypt.texi: Add SHA3 algorithms and gcry_md_extract.
* src/cipher-proto.h (gcry_md_extract_t): New.
(gcry_md_spec_t): Add 'extract'.
* src/gcrypt-int.g (_gcry_md_extract): New.
* src/gcrypt.h.in (gcry_md_extract): New.
* src/libgcrypt.def: Add gcry_md_extract.
* src/libgcrypt.vers: Add gcry_md_extract.
* src/visibility.c (gcry_md_extract): New.
* src/visibility.h (gcry_md_extract): New.
--
Patch adds new interface for reading output from 'expandable-output
function' MD algorithms that can give variable length output (ie.
SHAKE algorithms from FIPS-202). New function to read output is
gpg_error_t gcry_md_extract(gcry_md_hd_t md, int algo,
void *buffer, size_t length);
Function implicitly finalizes algorithm so that no new input can
be given. Subsequents calls of the function return more output
bytes from the algorithm.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* NEWS (gcry_mpi_ec_sub): New.
* doc/gcrypt.texi (gcry_mpi_ec_sub): New.
* mpi/ec.c (_gcry_mpi_ec_sub, sub_points_edwards): New.
(sub_points_montgomery, sub_points_weierstrass): New stubs.
* src/gcrypt-int.h (_gcry_mpi_ec_sub): New.
* src/gcrypt.h.in (gcry_mpi_ec_sub): New.
* src/libgcrypt.def (gcry_mpi_ec_sub): New.
* src/libgcrypt.vers (gcry_mpi_ec_sub): New.
* src/mpi.h (_gcry_mpi_ec_sub_points): New.
* src/visibility.c (gcry_mpi_ec_sub): New.
* src/visibility.h (gcry_mpi_ec_sub): New.
--
This function subtracts two points on the curve. Only Twisted Edwards
curves are supported with this change.
Signed-off-by: Markus Teich <markus dot teich at stusta dot mhn dot de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo.
* src/visibility.c (gcry_mac_get_algo): New wrapper.
* src/visibility.h: Hanlde gcry_mac_get_algo.
* src/gcrypt-int.h (_gcry_mac_get_algo): New.
* src/gcrypt.h.in (gcry_mac_get_algo): New.
* src/libgcrypt.def (gcry_mac_get_algo): New.
* src/libgcrypt.vers (gcry_mac_get_algo): New.
* doc/gcrypt.texi: Document gcry_mac_get_algo.
* tests/basic.c (check_one_mac): Verify gcry_mac_get_algo.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'mac.c', 'mac-internal.h' and 'mac-hmac.c'.
* cipher/bufhelp.h (buf_eq_const): New.
* cipher/cipher-ccm.c (_gcry_cipher_ccm_tag): Use 'buf_eq_const' for
constant-time compare.
* cipher/mac-hmac.c: New.
* cipher/mac-internal.h: New.
* cipher/mac.c: New.
* doc/gcrypt.texi: Add documentation for MAC API.
* src/gcrypt-int.h [GPG_ERROR_VERSION_NUMBER < 1.13]
(GPG_ERR_MAC_ALGO): New.
* src/gcrypt.h.in (gcry_mac_handle, gcry_mac_hd_t, gcry_mac_algos)
(gcry_mac_flags, gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name)
(gcry_mac_reset, gcry_mac_test_algo): New.
* src/libgcrypt.def (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/libgcrypt.vers (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/visibility.c (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* src/visibility.h (gcry_mac_open, gcry_mac_close, gcry_mac_ctl)
(gcry_mac_algo_info, gcry_mac_setkey, gcry_mac_setiv, gcry_mac_write)
(gcry_mac_read, gcry_mac_verify, gcry_mac_get_algo_maclen)
(gcry_mac_get_algo_keylen, gcry_mac_algo_name, gcry_mac_map_name): New.
* tests/basic.c (check_one_mac, check_mac): New.
(main): Call 'check_mac'.
* tests/bench-slope.c (bench_print_header, bench_print_footer): Allow
variable algorithm name width.
(_cipher_bench, hash_bench): Update to above change.
(bench_hash_do_bench): Add 'gcry_md_reset'.
(bench_mac_mode, bench_mac_init, bench_mac_free, bench_mac_do_bench)
(mac_ops, mac_modes, mac_bench_one, _mac_bench, mac_bench): New.
(main): Add 'mac' benchmark options.
* tests/benchmark.c (mac_repetitions, mac_bench): New.
(main): Add 'mac' benchmark options.
--
Add MAC API, with HMAC algorithms. Internally uses HMAC functionality of the
MD module.
[v2]:
- Add documentation for MAC API.
- Change length argument for gcry_mac_read from size_t to size_t* for
returning number of written bytes.
[v3]:
- HMAC algorithm ids start from 101.
- Fix coding style for new files.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (gcry_mpi_set_opaque_copy): New.
* src/visibility.c (gcry_mpi_set_opaque_copy): New.
* src/visibility.h (gcry_mpi_set_opaque_copy): Mark visible.
* src/libgcrypt.def, src/libgcrypt.vers: Add new API.
* tests/mpitests.c (test_opaque): Add test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_authenticate, _gcry_cipher_checktag)
(_gcry_cipher_gettag): New.
* doc/gcrypt.texi: Add documentation for new API functions.
* src/visibility.c (gcry_cipher_authenticate, gcry_cipher_checktag)
(gcry_cipher_gettag): New.
* src/gcrypt.h.in, src/visibility.h: add declarations of these
functions.
* src/libgcrypt.defs, src/libgcrypt.vers: export functions.
--
Authenticated Encryption with Associated Data (AEAD) cipher modes
provide authentication tag that can be used to authenticate message. At
the same time it allows one to specify additional (unencrypted data)
that will be authenticated together with the message. This class of
cipher modes requires additional API present in this commit.
This patch is based on original patch by Dmitry Eremin-Solenikov.
Changes in v2:
- Change gcry_cipher_tag to gcry_cipher_checktag and gcry_cipher_gettag
for giving tag (checktag) for decryption and reading tag (gettag) after
encryption.
- Change gcry_cipher_authenticate to gcry_cipher_setaad, since
additional parameters needed for some AEAD modes (in this case CCM,
which needs the length of encrypted data and tag for MAC
initialization).
- Add some documentation.
Changes in v3:
- Change gcry_cipher_setaad back to gcry_cipher_authenticate. Additional
parameters (encrypt_len, tag_len, aad_len) for CCM will be given
through GCRY_CTL_SET_CCM_LENGTHS.
Changes in v4:
- log_fatal => log_error
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (_GCRY_GCC_ATTR_SENTINEL): New.
(gcry_sexp_extract_param): New.
* src/visibility.c (gcry_sexp_extract_param): New.
* src/visibility.h (gcry_sexp_extract_param): Add hack to detect
internal use.
* cipher/pubkey-util.c (_gcry_pk_util_extract_mpis): Move and split
into ...
* src/sexp.c (_gcry_sexp_vextract_param)
(_gcry_sexp_extract_param): this. Change all callers. Add support for buffer
descriptors and a path option/
* tests/tsexp.c (die, hex2buffer, hex2mpi, hex2mpiopa): New.
(cmp_mpihex, cmp_bufhex): New.
(check_extract_param): New.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (_GCRY_GCC_ATTR_PRINTF): New.
(gcry_log_debug, gcry_log_debughex, gcry_log_debugmpi): New.
(gcry_log_debugpnt, gcry_log_debugsxp): New.
* src/visibility.c (gcry_log_debug): New.
(gcry_log_debughex, gcry_log_debugmpi, gcry_log_debugpnt): New.
(gcry_log_debugsxp): New.
* src/libgcrypt.def, src/libgcrypt.vers: Add new functions.
* src/misc.c (_gcry_logv): Make public.
(_gcry_log_printsxp): New.
* src/g10lib.h (log_printsxp): New macro.
--
For debugging applications it is often required to dump certain data
structures. Libgcrypt uses several internal functions for this. To
avoid re-implementing everything in the caller, we now provide access
to some of those functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (gcry_buffer_t): new.
(gcry_md_hash_buffers): New.
* src/visibility.c, src/visibility.h: Add wrapper for new function.
* src/libgcrypt.def, src/libgcrypt.vers: Export new function.
* cipher/md.c (gcry_md_hash_buffers): New.
* cipher/sha1.c (_gcry_sha1_hash_buffers): New.
* tests/basic.c (check_one_md_multi): New.
(check_digests): Run that test.
* tests/hmac.c (check_hmac_multi): New.
(main): Run that test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
| |
* mpi/ec.c (_gcry_mpi_ec_curve_point): New.
(ec_powm): Return the absolute value.
* src/visibility.c, src/visibility.c: Add wrappers.
* src/libgcrypt.def, src/libgcrypt.vers: Export them.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (gcry_mpi_is_neg): New.
(gcry_mpi_neg, gcry_mpi_abs): New.
* mpi/mpiutil.c (_gcry_mpi_is_neg): New.
(_gcry_mpi_neg, _gcry_mpi_abs): New.
* src/visibility.c, src/visibility.h: Add wrappers.
* src/libgcrypt.def, src/libgcrypt.vers: Export them.
* src/mpi.h (mpi_is_neg): New. Rename old macro to mpi_has_sign.
* mpi/mpi-mod.c (_gcry_mpi_mod_barrett): Use mpi_has_sign.
* mpi/mpi-mpow.c (calc_barrett): Ditto.
* cipher/primegen.c (_gcry_derive_x931_prime): Ditto
* cipher/rsa.c (secret): Ditto.
|
|
|
|
|
|
|
|
|
| |
* src/sexp.c (gcry_sexp_nth_buffer): New.
* src/visibility.c, src/visibility.h: Add function wrapper.
* src/libgcrypt.vers, src/libgcrypt.def: Add to API.
* src/gcrypt.h.in: Add prototype.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRYMPI_CONST_ONE, GCRYMPI_CONST_TWO)
(GCRYMPI_CONST_THREE, GCRYMPI_CONST_FOUR, GCRYMPI_CONST_EIGHT): New.
(_gcry_mpi_get_const): New private function.
* src/visibility.c (_gcry_mpi_get_const): New.
* src/visibility.h: Mark it visible.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_PK_GET_PUBKEY): New.
(GCRY_PK_GET_SECKEY): New.
(gcry_pubkey_get_sexp): New.
* src/visibility.c (gcry_pubkey_get_sexp): New.
* src/visibility.h (gcry_pubkey_get_sexp): Mark visible.
* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
* cipher/pubkey-internal.h: New.
* cipher/Makefile.am (libcipher_la_SOURCES): Add new file.
* cipher/ecc.c: Include pubkey-internal.h
(_gcry_pk_ecc_get_sexp): New.
* cipher/pubkey.c: Include pubkey-internal.h and context.h.
(_gcry_pubkey_get_sexp): New.
* src/context.c (_gcry_ctx_find_pointer): New.
* src/cipher-proto.h: Add _gcry_pubkey_get_sexp.
* tests/t-mpi-point.c (print_sexp): New.
(context_param, basic_ec_math_simplified): Add tests for the new
function.
* configure.ac (NEED_GPG_ERROR_VERSION): Set to 1.11.
(AH_BOTTOM) Add error codes from gpg-error 1.12
* src/g10lib.h (fips_not_operational): Use GPG_ERR_NOT_OPERATIONAL.
* mpi/ec.c (_gcry_mpi_ec_get_mpi): Fix computation of Q.
(_gcry_mpi_ec_get_point): Ditto.
--
While checking the new code I figured that the auto-computation of Q
must have led to a segv. It seems we had no test case for that.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (gcry_mpi_ec_p_new): Remove.
(gcry_mpi_ec_new): New.
(gcry_mpi_ec_get_mpi): New.
(gcry_mpi_ec_get_point): New.
(gcry_mpi_ec_set_mpi): New.
(gcry_mpi_ec_set_point): New.
* src/visibility.c (gcry_mpi_ec_p_new): Remove.
* mpi/ec.c (_gcry_mpi_ec_p_new): Make it an internal function and
change to return an error code.
(_gcry_mpi_ec_get_mpi): New.
(_gcry_mpi_ec_get_point): New.
(_gcry_mpi_ec_set_mpi): New.
(_gcry_mpi_ec_set_point): New.
* src/mpi.h: Add new prototypes.
* src/ec-context.h: New.
* mpi/ec.c: Include that header.
(mpi_ec_ctx_s): Move to ec-context.h, add new fields, and put some
fields into an inner struct.
(point_copy): New.
* cipher/ecc.c (fill_in_curve): Allow passing NULL for R_NBITS.
(mpi_from_keyparam, point_from_keyparam): New.
(_gcry_mpi_ec_new): New.
* tests/t-mpi-point.c (test-curve): New.
(ec_p_new): New. Use it instead of the removed gcry_mpi_ec_p_new.
(get_and_cmp_mpi, get_and_cmp_point): New.
(context_param): New test.
(basic_ec_math_simplified): New test.
(main): Call new tests.
* src/context.c (_gcry_ctx_get_pointer): Check for a NULL CTX.
--
gcry_mpi_ec_p_new() was a specialized version of the more general new
gcry_mpi_ec_new(). It was added to master only a few days ago, thus
there should be no problem to remove it. A replacement can easily be
written (cf. t-mpi-point.c).
Note that gcry_mpi_ec_set_mpi and gcry_mpi_ec_set_point have not yet
been tested.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/context.c, src/context.h: New.
* src/Makefile.am (libgcrypt_la_SOURCES): Add new files.
* src/gcrypt.h.in (struct gcry_context, gcry_ctx_t): New types.
(gcry_ctx_release): New prototype.
(gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup)
(gcry_mpi_ec_add, gcry_mpi_ec_mul): New prototypes.
* mpi/ec.c: Include errno.h and context.h.
(_gcry_mpi_ec_init): Rename to ..
(ec_p_init): this, make static, remove allocation and add arg CTX.
(_gcry_mpi_ec_p_internal_new): New; to replace _gcry_mpi_ec_init.
Change all callers to use this func.
(_gcry_mpi_ec_free): Factor code out to ..
(ec_deinit): New func.
(gcry_mpi_ec_p_new): New.
* src/visibility.c: Include context.h and mpi.h.
(gcry_mpi_ec_p_new, gcry_mpi_ec_get_affine, gcry_mpi_ec_dup)
(gcry_mpi_ec_add, gcry_mpi_ec_mul)
(gcry_ctx_release): New wrapper functions.
* src/visibility.h: Mark new wrapper functions visible.
* src/libgcrypt.def, src/libgcrypt.vers: Add new symbols.
* tests/t-mpi-point.c (print_mpi, hex2mpi, cmp_mpihex): New.
(context_alloc): New.
(make_point, basic_ec_math): New.
--
This part finishes the basic API to do EC math. It provides a wrapper
around all internal functions. tests/t-mpi-point.c may be useful as
sample code. Eventually we will add function to retrieve curve
parameters etc.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* mpi/ec.c (gcry_mpi_point_new, gcry_mpi_point_release): New.
(gcry_mpi_point_get, gcry_mpi_point_snatch_get): New.
(gcry_mpi_point_set, gcry_mpi_point_snatch_set): New.
* src/visibility.h, src/visibility.c: Add corresponding macros and
wrappers.
* src/gcrypt.h.in (struct gcry_mpi_point, gcry_mpi_point_t): New.
(gcry_mpi_point_new, gcry_mpi_point_release, gcry_mpi_point_get)
(gcry_mpi_point_snatch_get, gcry_mpi_point_set)
(gcry_mpi_point_snatch_set): New prototypes.
(mpi_point_new, mpi_point_release, mpi_point_get, mpi_point_snatch_get)
(mpi_point_set, mpi_point_snatch_set): New macros.
* src/libgcrypt.vers (gcry_mpi_point_new, gcry_mpi_point_release)
(gcry_mpi_point_get, gcry_mpi_point_snatch_get, gcry_mpi_point_set)
(gcry_mpi_point_snatch_set): New symbols.
* src/libgcrypt.def: Ditto.
* tests/t-mpi-point.c: New.
* tests/Makefile.am (TESTS): Add t-mpi-point
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/mpi.h (struct mpi_point_s): Rename to struct gcry_mpi_point.
(mpi_point_struct): New typedef.
(mpi_point_t): Change typedef to a pointer. Replace all occurrences
to use mpi_point_struct.
* mpi/ec.c (_gcry_mpi_ec_point_init): Rename to ..
(_gcry_mpi_point_init): this. Change all callers.
(_gcry_mpi_ec_point_free): Rename to ..
(_gcry_mpi_point_free_parts): this. Change all callers.
* mpi/mpiutil.c (gcry_mpi_snatch): New function.
* src/gcrypt.h.in (gcry_mpi_snatch, mpi_snatch): Add protoype and
macro.
* src/visibility.c (gcry_mpi_snatch): Add wrapper.
* src/visibility.h (gcry_mpi_snatch): Add macro magic.
* src/libgcrypt.def, src/libgcrypt.vers: Add new function.
--
This patch is a prerequisite to implement a public point API. The new
function gcry_mpi_snatch is actually not needed for this but is useful
anyway and will be used to implement the point API.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The module registration interface is not widely used but complicates
the internal operation of Libgcrypt a lot. It also does not allow for
efficient implementation of new algorithm or cipher modes. Further the
required locking of all access to internal module data or functions
would make it hard to come up with a deadlock free pthread_atfork
implementation. Thus we remove the entire subsystem.
Note that the module system is still used internally but it is now
possible to change it without breaking the ABI.
In case a feature to add more algorithms demanded in the future, we
may add one by dlopening modules at startup time from a dedicated
directory.
|
|
|
|
|
|
|
|
| |
This interface has long been deprecated. It was also initially only
declared as an experimental interface. It added its own kind of
complexity and we found that it does not make applications easier to
read. Modern features of Libgcrypt were not supported and its removal
reduces the SLOC which is a Good Thing from a security POV.
|
|
|
|
|
|
|
|
| |
This allows us to factor the S2k code from gpg and gpg-agent out to
libgcrypt. Created a bunch of test vectors using a hacked gpg 1.4.
The function also implements PBKDF2; tested against the RFC-6070 test
vectors.
|
|
|
|
| |
Check and install the standard git pre-commit hook.
|
|
|
|
|
|
|
|
| |
Also changed quite some trailing white spaces. I never configured
that in Emacs but git diff annoys me with red lines and thus it seems
better to use nuke-trailing-whitespace autmatically. Sorry for the
extra diff lines. A diff filter should help to not show those
changes.
|
| |
|
|
|
|
|
| |
Preparing a release candidate.
|
|
|
|
|
|
|
| |
FIPS restricted mode. Also some documentation
improvements and other minor enhancements.
See the ChangeLogs. Stay tuned.
|
|
|
|
|
|
| |
This can be improved by using fucntion aliases instead
of wrapper functions.
|
|
|
|
|
|
| |
Along with the latest libksba it is now possible for gpgsm to import
an ECC certificate.
|
|
|
|
|
| |
Ported some changes from 1.2 to here.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* libgcrypt.vers: Added: gcry_ac_io_init, gry_ac_io_init_va.
* gcrypt.h (gcry_ac_data_read_cb_t, gcry_ac_data_write_cb_t,
gcry_ac_io_mode_t, gcry_ac_io_type_t, gcry_ac_io_t): New types.
(gcry_ac_io_init_va): Declare function.
(gcry_ac_data_encode, gcry_ac_data_decode,
gcry_ac_data_encrypt_scheme, gcry_ac_data_decrypt_scheme,
gcry_ac_data_sign_scheme, gcry_ac_data_verify_scheme): Use
gcry_ac_io_type_t objects instead of memory strings directly.
|
|
|
|
|
|
| |
* libgcrypt.vers: Added: gcry_ac_data_to_sexp() and
gcry_ac_data_from_sexp().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* gcrypt.h: Declare new functions: gcry_ac_data_encrypt_scheme,
gcry_ac_data_decrypt_scheme, gcry_ac_data_sign_scheme,
gcry_ac_data_verify_scheme, gcry_ac_data_encode,
gcry_ac_data_decode, gcry_ac_data_to_sexp, gcry_ac_data_from_sexp.
New types: gcry_ac_emsa_pkcs_v1_5_t, gcry_ac_ssa_pkcs_v1_5_t,
gcry_md_algo_t.
New enumeration lists: gcry_ac_scheme_t, gcry_ac_em_t.
* libgcrypt.vers: Added new ac functions.
* g10lib.h: Declare function: _gcry_pk_get_elements.
* mpi.h (mpi_get_ui): New macro.
Declare function: _gcry_mpi_get_ui.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Use it here instead of the generic lib test.
Bumbed LT vesion to C9/A2/R0.
* dsa.c (verify): s/exp/ex/ due to shadowing of a builtin.
* elgamal.c (verify): Ditto.
* ac.c (gcry_ac_data_get_index): s/index/idx/
(gcry_ac_data_copy_internal): Remove the cast in _gcry_malloc.
(gcry_ac_data_add): Must use gcry_realloc instead of realloc.
* pubkey.c (sexp_elements_extract): s/index/idx/ as tribute to the
forehackers.
(gcry_pk_encrypt): Removed shadowed definition of I. Reordered
arguments to malloc for clarity.
(gcry_pk_sign, gcry_pk_genkey): Ditto.
* primegen.c (prime_generate_internal): s/random/randomlevel/.
* i386/mpih-rshift.S, i386/mpih-lshift.S: Use %dl and not %edx for
testb; this avoids an assembler warning.
* mpi-pow.c (gcry_mpi_powm): s/exp/expo/ to avoid shadowing warning.
* autogen.sh: Allow to override the tool name. Do not run
libtoolize. Update required version numbers.
* libgcrypt.vers (_gcry_generate_elg_prime): Removed this symbol;
gnutls does not need it anymore.
* secmem.c (mb_get_new): s/pool/block/ due to global pool.
* misc.c (gcry_set_log_handler): s/logf/f/ to avoid shadowing
warning against a builtin.
* ath-pth-compat.c: cast pth_connect to get rid of the const
prototype.
* basic.c (check_aes128_cbc_cts_cipher): Make it a prototype
* ac.c (check_run): Comment unused variable.
|
|
|
|
|
| |
use by GNUTLS.
|
|
* Makefile.am: Use this instead of the build symbol file.
|