From ulm at gentoo.org Sat Jan 7 02:23:37 2012 From: ulm at gentoo.org (Ulrich Mueller) Date: Sat, 7 Jan 2012 02:23:37 +0100 Subject: IDEA support In-Reply-To: <871uzyv6w4.fsf@vigenere.g10code.de> References: <19921.24220.826380.56157@a1i15.kph.uni-mainz.de> <871uzyv6w4.fsf@vigenere.g10code.de> Message-ID: <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> >>>>> On Mon, 16 May 2011, Werner Koch wrote: > On Mon, 16 May 2011 19:27, ulm at gentoo.org said: >> According to the >> IDEA patent has expired today. Are there any plans for (re-)adding >> support for the IDEA algorithm to libgcrypt? > Maybe after the US patent expires next year. Coming back to this. Some sources say that the US patent has already expired on 2011-05-16. According to others it expires at 2012-01-07 which is today. > Still waiting for someone who want BassOMatic implemented ;-). Not sure how much that was used. IDEA was used in PGP versions 2.* and I guess I'm not the only one who still has some data (on backup media mostly) encrypted with it. Ulrich From chris.adamson at mcri.edu.au Mon Jan 9 10:15:29 2012 From: chris.adamson at mcri.edu.au (Chris Adamson) Date: Mon, 9 Jan 2012 20:15:29 +1100 Subject: AES-NI not detected with i7-980X Message-ID: Hi List, I am trying to get gpg2 using AES-NI as I need to backup a LOT of data and would like the extra performance. I have an Intel i7-980X which does support AES-NI according to the cpuinfo (below) and according to Intel's website. I added a printf statement in rijndael.c to check to see if it was using the instructions and found out that AES-NI was not in the hardware capability flag. Any suggestions? Chris Adamson. processor : 11 vendor_id : GenuineIntel cpu family : 6 model : 44 model name : Intel(R) Core(TM) i7 CPU X 980 @ 3.33GHz stepping : 2 cpu MHz : 1600.000 cache size : 12288 KB physical id : 0 siblings : 12 core id : 10 cpu cores : 6 apicid : 21 initial apicid : 21 fpu : yes fpu_exception : yes cpuid level : 11 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt aes lahf_lm ida arat epb dts tpr_shadow vnmi flexpriority ept vpid Dr Christopher Adamson, PhD (Melb.), B Software Engineering (Hons., Monash) Research Officer Developmental and Functional Brain Imaging, Critical Care and Neurosciences Murdoch Childrens Research Institute The Royal Children?s Hospital Flemington Road Parkville Victoria 3052 Australia T 9345 4306 M XXXX XXX XXX E chris.adamson at mcri.edu.au www.mcri.edu.au ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From wk at gnupg.org Mon Jan 9 13:46:21 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 09 Jan 2012 13:46:21 +0100 Subject: AES-NI not detected with i7-980X In-Reply-To: (Chris Adamson's message of "Mon, 9 Jan 2012 20:15:29 +1100") References: Message-ID: <87r4z93uxu.fsf@vigenere.g10code.de> On Mon, 9 Jan 2012 10:15, chris.adamson at mcri.edu.au said: > I am trying to get gpg2 using AES-NI as I need to backup a LOT of > data and would like the extra performance. I have an Intel i7-980X > which does support AE You need to use at least Libgcrypt 1.5.0 and a 32 bit OS. 64 bit is not yet supported. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From wk at gnupg.org Mon Jan 9 13:52:58 2012 From: wk at gnupg.org (Werner Koch) Date: Mon, 09 Jan 2012 13:52:58 +0100 Subject: IDEA support In-Reply-To: <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> (Ulrich Mueller's message of "Sat, 7 Jan 2012 02:23:37 +0100") References: <19921.24220.826380.56157@a1i15.kph.uni-mainz.de> <871uzyv6w4.fsf@vigenere.g10code.de> <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> Message-ID: <87mx9x3umt.fsf@vigenere.g10code.de> On Sat, 7 Jan 2012 02:23, ulm at gentoo.org said: > According to others it expires at 2012-01-07 which is today. Well, we could now use it but there is not much point besides reading of old backups. Maybe I give it a try and add IDEA decryption support in 2.1. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From smncrowe at gmail.com Tue Jan 10 21:59:19 2012 From: smncrowe at gmail.com (Simon Crowe) Date: Tue, 10 Jan 2012 12:59:19 -0800 (PST) Subject: CAVP Tests Message-ID: <33115059.post@talk.nabble.com> All, I am trying to run the CAVP tests against a set of test vectors, specifically SigGen and SigVer, however I am getting an error message stating that "Error: X9.31 is not supported", this is specifically being caught by the perl script which is in the test directory. Can someone please tell me why the SigGen and SigVer vectors are not supported by the CAVP test suite. Furthermore, can someone tell me what the minimum HMAC size is for AES384 I looked at the code for AES384, and it appears to be based upon AES512 and therefore have the same HMAC size .. Apologies if I have gone on the wrong track, but I am a newbie. Regards -- View this message in context: http://old.nabble.com/CAVP-Tests-tp33115059p33115059.html Sent from the GnuPG - Libgcrypt - Dev mailing list archive at Nabble.com. From ulm at gentoo.org Wed Jan 11 07:49:14 2012 From: ulm at gentoo.org (Ulrich Mueller) Date: Wed, 11 Jan 2012 07:49:14 +0100 Subject: IDEA support In-Reply-To: <87mx9x3umt.fsf@vigenere.g10code.de> References: <19921.24220.826380.56157@a1i15.kph.uni-mainz.de> <871uzyv6w4.fsf@vigenere.g10code.de> <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> <87mx9x3umt.fsf@vigenere.g10code.de> Message-ID: <20237.12522.644856.464955@a1i15.kph.uni-mainz.de> >>>>> On Mon, 09 Jan 2012, Werner Koch wrote: > Well, we could now use it but there is not much point besides > reading of old backups. Maybe I give it a try and add IDEA > decryption support in 2.1. Please find a patch included below. It applies cleanly to the trunk as well as to 1.5.0. I've tested it both with keys and files generated with PGP 2.6.3in. Thanks, Ulrich https://bugs.gentoo.org/159870 Re-add support for the IDEA cipher. Based on a patch created by Kristian Fiskerstrand and subsequently modified by Alon Bar-Lev: http://www.kfwebs.net/articles/article/42/GnuPG-2.0---IDEA-support The idea.c file is based on the idea.c file used for gnupg version 1. which again is based on an implementation from Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. ISBN 0-471-11709-9. idea.c in gnupg version 1 was copyrighted by Werner Koch and distributed under a MIT/X11 license. Patents on IDEA have expired at the time of writing (2012-01-09). --- libgcrypt-1.5.0-orig/cipher/Makefile.am +++ libgcrypt-1.5.0/cipher/Makefile.am @@ -51,6 +51,7 @@ dsa.c \ elgamal.c \ ecc.c \ +idea.c \ md4.c \ md5.c \ rijndael.c rijndael-tables.h \ --- libgcrypt-1.5.0-orig/cipher/cipher.c +++ libgcrypt-1.5.0/cipher/cipher.c @@ -112,6 +112,10 @@ { &_gcry_cipher_spec_camellia256, &dummy_extra_spec, GCRY_CIPHER_CAMELLIA256 }, #endif +#ifdef USE_IDEA + { &_gcry_cipher_spec_idea, + &dummy_extra_spec, GCRY_CIPHER_IDEA }, +#endif { NULL } }; --- libgcrypt-1.5.0-orig/cipher/idea.c +++ libgcrypt-1.5.0/cipher/idea.c @@ -0,0 +1,272 @@ +#include +#include +#include +#include /* for memcmp() */ +#include + +#include "types.h" /* for byte and u32 typedefs */ +#include "g10lib.h" +#include "cipher.h" + +/* configuration stuff */ +#ifdef __alpha__ + #define SIZEOF_UNSIGNED_LONG 8 +#else + #define SIZEOF_UNSIGNED_LONG 4 +#endif + +#if defined(__mc68000__) || defined (__sparc__) || defined (__PPC__) \ + || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)) ) \ + || defined(__powerpc__) \ + || defined(__hpux__) /* should be replaced by the Macro for the PA */ + #define BIG_ENDIAN_HOST 1 +#else + #define LITTLE_ENDIAN_HOST 1 +#endif + +#ifndef DIM + #define DIM(v) (sizeof(v)/sizeof((v)[0])) + #define DIMof(type,member) DIM(((type *)0)->member) +#endif + +/* imports */ +void g10_log_fatal( const char *fmt, ... ); + + +/* local stuff */ + +#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f)) +#define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) + +#define IDEA_KEYSIZE 16 +#define IDEA_BLOCKSIZE 8 +#define IDEA_ROUNDS 8 +#define IDEA_KEYLEN (6*IDEA_ROUNDS+4) + +typedef struct { + u16 ek[IDEA_KEYLEN]; + u16 dk[IDEA_KEYLEN]; + int have_dk; +} IDEA_context; + +static u16 +mul_inv( u16 x ) +{ + u16 t0, t1; + u16 q, y; + + if( x < 2 ) + return x; + t1 = 0x10001L / x; + y = 0x10001L % x; + if( y == 1 ) + return (1-t1) & 0xffff; + + t0 = 1; + do { + q = x / y; + x = x % y; + t0 += q * t1; + if( x == 1 ) + return t0; + q = y / x; + y = y % x; + t1 += q * t0; + } while( y != 1 ); + return (1-t1) & 0xffff; +} + +static void +cipher( byte *outbuf, const byte *inbuf, u16 *key ) +{ + u16 x1, x2, x3,x4, s2, s3; + u16 *in, *out; + int r = IDEA_ROUNDS; + #define MUL(x,y) \ + do {u16 _t16; u32 _t32; \ + if( (_t16 = (y)) ) { \ + if( (x = (x)&0xffff) ) { \ + _t32 = (u32)x * _t16; \ + x = _t32 & 0xffff; \ + _t16 = _t32 >> 16; \ + x = ((x)-_t16) + (x<_t16?1:0); \ + } \ + else { \ + x = 1 - _t16; \ + } \ + } \ + else { \ + x = 1 - x; \ + } \ + } while(0) + + in = (u16*)inbuf; + x1 = *in++; + x2 = *in++; + x3 = *in++; + x4 = *in; + #ifdef LITTLE_ENDIAN_HOST + x1 = (x1>>8) | (x1<<8); + x2 = (x2>>8) | (x2<<8); + x3 = (x3>>8) | (x3<<8); + x4 = (x4>>8) | (x4<<8); + #endif + do { + MUL(x1, *key++); + x2 += *key++; + x3 += *key++; + MUL(x4, *key++ ); + + s3 = x3; + x3 ^= x1; + MUL(x3, *key++); + s2 = x2; + x2 ^=x4; + x2 += x3; + MUL(x2, *key++); + x3 += x2; + + x1 ^= x2; + x4 ^= x3; + + x2 ^= s3; + x3 ^= s2; + } while( --r ); + MUL(x1, *key++); + x3 += *key++; + x2 += *key++; + MUL(x4, *key); + + out = (u16*)outbuf; + #ifdef LITTLE_ENDIAN_HOST + *out++ = (x1>>8) | (x1<<8); + *out++ = (x3>>8) | (x3<<8); + *out++ = (x2>>8) | (x2<<8); + *out = (x4>>8) | (x4<<8); + #else + *out++ = x1; + *out++ = x3; + *out++ = x2; + *out = x4; + #endif + #undef MUL +} + +static void +expand_key( const byte *userkey, u16 *ek ) +{ + int i,j; + + for(j=0; j < 8; j++ ) { + ek[j] = (*userkey << 8) + userkey[1]; + userkey += 2; + } + for(i=0; j < IDEA_KEYLEN; j++ ) { + i++; + ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7; + ek += i & 8; + i &= 7; + } +} + +static void +invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] ) +{ + int i; + u16 t1, t2, t3; + u16 temp[IDEA_KEYLEN]; + u16 *p = temp + IDEA_KEYLEN; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + + for(i=0; i < IDEA_ROUNDS-1; i++ ) { + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t2; + *--p = t3; + *--p = t1; + } + t1 = *ek++; + *--p = *ek++; + *--p = t1; + + t1 = mul_inv( *ek++ ); + t2 = -*ek++; + t3 = -*ek++; + *--p = mul_inv( *ek++ ); + *--p = t3; + *--p = t2; + *--p = t1; + memcpy(dk, temp, sizeof(temp) ); + memset(temp, 0, sizeof(temp) ); /* burn temp */ +} + +static int +do_idea_setkey( IDEA_context *c, const byte *key, unsigned int keylen ) +{ + assert(keylen == 16); + c->have_dk = 0; + expand_key( key, c->ek ); + invert_key( c->ek, c->dk ); + return 0; +} + +static gcry_err_code_t +idea_setkey (void *context, const byte *key, unsigned int keylen) +{ + IDEA_context *ctx = context; + int rc = do_idea_setkey (ctx, key, keylen); + _gcry_burn_stack (23+6*sizeof(void*)); + return rc; +} + +static void +do_idea_encrypt( IDEA_context *c, byte *outbuf, const byte *inbuf ) +{ + cipher( outbuf, inbuf, c->ek ); +} + +static void +idea_encrypt (void *context, byte *out, const byte *in) +{ + IDEA_context *ctx = context; + do_idea_encrypt (ctx, out, in); + _gcry_burn_stack (24+3*sizeof (void*)); +} + +static void +do_idea_decrypt( IDEA_context *c, byte *outbuf, const byte *inbuf ) +{ + if( !c->have_dk ) { + c->have_dk = 1; + invert_key( c->ek, c->dk ); + } + cipher( outbuf, inbuf, c->dk ); +} + +static void +idea_decrypt (void *context, byte *out, const byte *in) +{ + IDEA_context *ctx = context; + + do_idea_decrypt (ctx, out, in); + _gcry_burn_stack (24+3*sizeof (void*)); +} + +gcry_cipher_spec_t _gcry_cipher_spec_idea = + { + "IDEA", NULL, NULL, IDEA_BLOCKSIZE, 128, sizeof (IDEA_context), + idea_setkey, idea_encrypt, idea_decrypt, + }; --- libgcrypt-1.5.0-orig/configure.ac +++ libgcrypt-1.5.0/configure.ac @@ -156,7 +156,7 @@ # Definitions for symmetric ciphers. available_ciphers="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed" -available_ciphers="$available_ciphers camellia" +available_ciphers="$available_ciphers camellia idea" enabled_ciphers="" # Definitions for public-key ciphers. @@ -1047,6 +1047,12 @@ AC_DEFINE(USE_CAMELLIA, 1, [Defined if this module should be included]) fi +LIST_MEMBER(idea, $enabled_ciphers) +if test "$found" = "1" ; then + GCRYPT_CIPHERS="$GCRYPT_CIPHERS idea.lo" + AC_DEFINE(USE_IDEA, 1, [Defined if this module should be included]) +fi + LIST_MEMBER(dsa, $enabled_pubkey_ciphers) if test "$found" = "1" ; then GCRYPT_PUBKEY_CIPHERS="$GCRYPT_PUBKEY_CIPHERS dsa.lo" --- libgcrypt-1.5.0-orig/src/cipher.h +++ libgcrypt-1.5.0/src/cipher.h @@ -135,6 +135,7 @@ extern gcry_cipher_spec_t _gcry_cipher_spec_camellia128; extern gcry_cipher_spec_t _gcry_cipher_spec_camellia192; extern gcry_cipher_spec_t _gcry_cipher_spec_camellia256; +extern gcry_cipher_spec_t _gcry_cipher_spec_idea; extern cipher_extra_spec_t _gcry_cipher_extraspec_tripledes; extern cipher_extra_spec_t _gcry_cipher_extraspec_aes; --- libgcrypt-1.5.0-orig/tests/basic.c +++ libgcrypt-1.5.0/tests/basic.c @@ -1494,6 +1494,9 @@ GCRY_CIPHER_CAMELLIA192, GCRY_CIPHER_CAMELLIA256, #endif +#if USE_IDEA + GCRY_CIPHER_IDEA, +#endif 0 }; static int algos2[] = { From smueller at chronox.de Wed Jan 11 08:43:11 2012 From: smueller at chronox.de (Stephan Mueller) Date: Wed, 11 Jan 2012 08:43:11 +0100 Subject: CAVP Tests In-Reply-To: <33115059.post@talk.nabble.com> References: <33115059.post@talk.nabble.com> Message-ID: <4F0D3D8F.10203@chronox.de> On 10.01.2012 21:59:19, +0100, Simon Crowe wrote: Hi Simon, > All, > > I am trying to run the CAVP tests against a set of test vectors, > specifically SigGen and SigVer, however I am getting an error message > stating that "Error: X9.31 is not supported", this is specifically being > caught by the perl script which is in the test directory. X9.31 RSA is not implemented in the Perl script, i.e. there is no parser for the CAVS test vectors. > > Can someone please tell me why the SigGen and SigVer vectors are not > supported by the CAVP test suite. The X9.31 RSA testing is not supported by the Perl script. > > Furthermore, can someone tell me what the minimum HMAC size is for AES384 I > looked at the code for AES384, and it appears to be based upon AES512 and > therefore have the same HMAC size .. AES384? You mean SHA384? > > > Apologies if I have gone on the wrong track, but I am a newbie. > > Regards > > > > From wk at gnupg.org Wed Jan 11 09:39:02 2012 From: wk at gnupg.org (Werner Koch) Date: Wed, 11 Jan 2012 09:39:02 +0100 Subject: IDEA support In-Reply-To: <20237.12522.644856.464955@a1i15.kph.uni-mainz.de> (Ulrich Mueller's message of "Wed, 11 Jan 2012 07:49:14 +0100") References: <19921.24220.826380.56157@a1i15.kph.uni-mainz.de> <871uzyv6w4.fsf@vigenere.g10code.de> <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> <87mx9x3umt.fsf@vigenere.g10code.de> <20237.12522.644856.464955@a1i15.kph.uni-mainz.de> Message-ID: <87ipkizl95.fsf@vigenere.g10code.de> On Wed, 11 Jan 2012 07:49, ulm at gentoo.org said: > Please find a patch included below. It applies cleanly to the trunk > as well as to 1.5.0. I've tested it both with keys and files generated To apply this patch you first need to sign copyright assignments > +/* configuration stuff */ > +#ifdef __alpha__ > + #define SIZEOF_UNSIGNED_LONG 8 > +#else > + #define SIZEOF_UNSIGNED_LONG 4 > +#endif This needs to be changed to configure checks. > +#if defined(__mc68000__) || defined (__sparc__) || defined (__PPC__) \ > + || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)) ) \ > + || defined(__powerpc__) \ > + || defined(__hpux__) /* should be replaced by the Macro for the PA */ > + #define BIG_ENDIAN_HOST 1 Ditto. > +#ifndef DIM > + #define DIM(v) (sizeof(v)/sizeof((v)[0])) > + #define DIMof(type,member) DIM(((type *)0)->member) > +#endif Already in other header files. > +void g10_log_fatal( const char *fmt, ... ); Obsolete prototype. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From smncrowe at gmail.com Wed Jan 11 16:55:59 2012 From: smncrowe at gmail.com (Simon Crowe) Date: Wed, 11 Jan 2012 07:55:59 -0800 (PST) Subject: CAVP Tests In-Reply-To: <4F0D3D8F.10203@chronox.de> References: <33115059.post@talk.nabble.com> <4F0D3D8F.10203@chronox.de> Message-ID: <33121988.post@talk.nabble.com> All, Stephan, thanks for the information with respect to the perl script. With respect to the MAC size, i need the MAC size for HMAC-SHA384 Regards Simon Stephan Mueller-5 wrote: > > On 10.01.2012 21:59:19, +0100, Simon Crowe wrote: > > Hi Simon, >> All, >> >> I am trying to run the CAVP tests against a set of test vectors, >> specifically SigGen and SigVer, however I am getting an error message >> stating that "Error: X9.31 is not supported", this is specifically being >> caught by the perl script which is in the test directory. > > X9.31 RSA is not implemented in the Perl script, i.e. there is no parser > for the CAVS test vectors. > > >> >> Can someone please tell me why the SigGen and SigVer vectors are not >> supported by the CAVP test suite. > > The X9.31 RSA testing is not supported by the Perl script. >> >> Furthermore, can someone tell me what the minimum HMAC size is for AES384 >> I >> looked at the code for AES384, and it appears to be based upon AES512 and >> therefore have the same HMAC size .. > > AES384? You mean SHA384? >> >> >> Apologies if I have gone on the wrong track, but I am a newbie. >> >> Regards >> >> >> >> > > > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel > > -- View this message in context: http://old.nabble.com/CAVP-Tests-tp33115059p33121988.html Sent from the GnuPG - Libgcrypt - Dev mailing list archive at Nabble.com. From smueller at chronox.de Wed Jan 11 17:47:07 2012 From: smueller at chronox.de (Stephan Mueller) Date: Wed, 11 Jan 2012 17:47:07 +0100 Subject: CAVP Tests In-Reply-To: <33121988.post@talk.nabble.com> References: <33115059.post@talk.nabble.com> <4F0D3D8F.10203@chronox.de> <33121988.post@talk.nabble.com> Message-ID: <4F0DBD0B.4000907@chronox.de> On 11.01.2012 16:55:59, +0100, Simon Crowe wrote: Hi Simon, > All, > > Stephan, thanks for the information with respect to the perl script. > > With respect to the MAC size, i need the MAC size for HMAC-SHA384 The CAVS test vectors are really problematic in this area. The Perl script uses the following, which is the default -- there are other size combinations (IIRC, CAVS may test a truncated SHA512 hash that is supposed to have a size of 48). So, sync that with your CAVS vectors! # XXX this is a hack - we need to decipher the HMAC REQ files in a more # sane way # # This is a conversion table from the expected hash output size # to the assumed hash type - we only define here the block size of # the underlying hashes and do not allow any truncation my %hashtype = ( 20 => 1, 28 => 224, 32 => 256, 48 => 384, 64 => 512 ); > > Regards > Simon > > > > > Stephan Mueller-5 wrote: >> On 10.01.2012 21:59:19, +0100, Simon Crowe wrote: >> >> Hi Simon, >>> All, >>> >>> I am trying to run the CAVP tests against a set of test vectors, >>> specifically SigGen and SigVer, however I am getting an error message >>> stating that "Error: X9.31 is not supported", this is specifically being >>> caught by the perl script which is in the test directory. >> X9.31 RSA is not implemented in the Perl script, i.e. there is no parser >> for the CAVS test vectors. >> >> >>> Can someone please tell me why the SigGen and SigVer vectors are not >>> supported by the CAVP test suite. >> The X9.31 RSA testing is not supported by the Perl script. >>> Furthermore, can someone tell me what the minimum HMAC size is for AES384 >>> I >>> looked at the code for AES384, and it appears to be based upon AES512 and >>> therefore have the same HMAC size .. >> AES384? You mean SHA384? >>> >>> Apologies if I have gone on the wrong track, but I am a newbie. >>> >>> Regards >>> >>> >>> >>> >> >> >> _______________________________________________ >> Gcrypt-devel mailing list >> Gcrypt-devel at gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel >> >> From ulm at gentoo.org Wed Jan 11 19:33:33 2012 From: ulm at gentoo.org (Ulrich Mueller) Date: Wed, 11 Jan 2012 19:33:33 +0100 Subject: IDEA support In-Reply-To: <87ipkizl95.fsf@vigenere.g10code.de> References: <19921.24220.826380.56157@a1i15.kph.uni-mainz.de> <871uzyv6w4.fsf@vigenere.g10code.de> <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> <87mx9x3umt.fsf@vigenere.g10code.de> <20237.12522.644856.464955@a1i15.kph.uni-mainz.de> <87ipkizl95.fsf@vigenere.g10code.de> Message-ID: <20237.54781.307379.448936@a1i15.kph.uni-mainz.de> >>>>> On Wed, 11 Jan 2012, Werner Koch wrote: >> Please find a patch included below. It applies cleanly to the trunk >> as well as to 1.5.0. I've tested it both with keys and files >> generated > To apply this patch you first need to sign copyright assignments I've requested the forms from the FSF. Let's see how long it will take this time. >> +/* configuration stuff */ >> +#ifdef __alpha__ >> + #define SIZEOF_UNSIGNED_LONG 8 >> +#else >> + #define SIZEOF_UNSIGNED_LONG 4 >> +#endif > This needs to be changed to configure checks. >> +#if defined(__mc68000__) || defined (__sparc__) || defined (__PPC__) \ >> + || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)) ) \ >> + || defined(__powerpc__) \ >> + || defined(__hpux__) /* should be replaced by the Macro for the PA */ >> + #define BIG_ENDIAN_HOST 1 > Ditto. >> +#ifndef DIM >> + #define DIM(v) (sizeof(v)/sizeof((v)[0])) >> + #define DIMof(type,member) DIM(((type *)0)->member) >> +#endif > Already in other header files. >> +void g10_log_fatal( const char *fmt, ... ); > Obsolete prototype. I think that I've addressed all above points. I've also rebased against your commit 6078b05 in the trunk. New patch is included below. Thanks, Ulrich >From 8b13ed16bab9196f5ed7728906166d9dedf38d86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ulrich=20M=C3=BCller?= Date: Wed, 11 Jan 2012 13:20:48 +0100 Subject: [PATCH] Subject: [PATCH] Add support for the IDEA cipher. Adapt idea.c to the Libgcrypt framework. Add IDEA to cipher_table and to the build system. Patents on IDEA have expired: Europe: EP0482154 on 2011-05-16, Japan: JP3225440 on 2011-05-16, U.S.: 5,214,703 on 2012-01-07. --- cipher/Makefile.am | 1 + cipher/cipher.c | 4 + cipher/idea.c | 196 ++++++++++++++-------------------------------------- configure.ac | 8 ++- src/cipher.h | 1 + tests/basic.c | 3 + 6 files changed, 68 insertions(+), 145 deletions(-) diff --git a/cipher/Makefile.am b/cipher/Makefile.am index dcb4a47..473e3c8 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -53,6 +53,7 @@ des.c \ dsa.c \ elgamal.c \ ecc.c \ +idea.c \ md4.c \ md5.c \ rijndael.c rijndael-tables.h \ diff --git a/cipher/cipher.c b/cipher/cipher.c index 589c262..389bf7a 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -100,6 +100,10 @@ static struct cipher_table_entry { &_gcry_cipher_spec_camellia256, &dummy_extra_spec, GCRY_CIPHER_CAMELLIA256 }, #endif +#ifdef USE_IDEA + { &_gcry_cipher_spec_idea, + &dummy_extra_spec, GCRY_CIPHER_IDEA }, +#endif { NULL } }; diff --git a/cipher/idea.c b/cipher/idea.c index 65a8ec3..fe14b21 100644 --- a/cipher/idea.c +++ b/cipher/idea.c @@ -22,10 +22,10 @@ * used in advertising or otherwise to promote the sale, use or other dealings * in this Software without prior written authorization from Werner Koch. * - * DUE TO PATENT CLAIMS THE DISTRIBUTION OF THE SOFTWARE IS NOT ALLOWED IN - * THESE COUNTRIES: - * AUSTRIA, FRANCE, GERMANY, ITALY, JAPAN, THE NETHERLANDS, - * SPAIN, SWEDEN, SWITZERLAND, THE UK AND THE US. + * Patents on IDEA have expired: + * Europe: EP0482154 on 2011-05-16, + * Japan: JP3225440 on 2011-05-16, + * U.S.: 5,214,703 on 2012-01-07. */ /* @@ -34,60 +34,22 @@ * * The code herein is based on the one from: * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. - * ISBN 0-471-11709-9. . - * - * How to compile: - gcc -Wall -O2 -shared -fPIC -o idea idea.c - * - * 2001-06-08 wk Changed distribution conditions - * 2001-06-11 wk Fixed invert_key (which is not used in CFB mode) - * Thanks to Mark A. Borgerding. Added defintion for - * the PowerPC. + * ISBN 0-471-11709-9. */ +#include #include #include #include #include -/* configuration stuff */ -#ifdef __alpha__ - #define SIZEOF_UNSIGNED_LONG 8 -#else - #define SIZEOF_UNSIGNED_LONG 4 -#endif - -#if defined(__mc68000__) || defined (__sparc__) || defined (__PPC__) \ - || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)) ) \ - || defined(__powerpc__) \ - || defined(__hpux__) /* should be replaced by the Macro for the PA */ - #define BIG_ENDIAN_HOST 1 -#else - #define LITTLE_ENDIAN_HOST 1 -#endif - -typedef unsigned long ulong; -typedef unsigned short ushort; -typedef unsigned char byte; - -typedef unsigned short u16; -typedef unsigned long u32; - -/* end configurable stuff */ - -#ifndef DIM - #define DIM(v) (sizeof(v)/sizeof((v)[0])) - #define DIMof(type,member) DIM(((type *)0)->member) -#endif - -/* imports */ -void g10_log_fatal( const char *fmt, ... ); - +#include "types.h" /* for byte and u32 typedefs */ +#include "g10lib.h" +#include "cipher.h" -/* local stuff */ -#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned))(f)) +#define FNCCAST_SETKEY(f) ((int(*)(void*, byte*, unsigned int))(f)) #define FNCCAST_CRYPT(f) ((void(*)(void*, byte*, byte*))(f)) #define IDEA_KEYSIZE 16 @@ -102,13 +64,6 @@ typedef struct { } IDEA_context; -static int do_setkey( IDEA_context *c, byte *key, unsigned keylen ); -static void encrypt_block( IDEA_context *bc, byte *outbuf, byte *inbuf ); -static void decrypt_block( IDEA_context *bc, byte *outbuf, byte *inbuf ); -static void selftest(int); - - - static u16 mul_inv( u16 x ) { @@ -139,7 +94,7 @@ mul_inv( u16 x ) static void -expand_key( byte *userkey, u16 *ek ) +expand_key( const byte *userkey, u16 *ek ) { int i,j; @@ -202,7 +157,7 @@ invert_key( u16 *ek, u16 dk[IDEA_KEYLEN] ) static void -cipher( byte *outbuf, byte *inbuf, u16 *key ) +cipher( byte *outbuf, const byte *inbuf, u16 *key ) { u16 x1, x2, x3,x4, s2, s3; u16 *in, *out; @@ -230,7 +185,7 @@ cipher( byte *outbuf, byte *inbuf, u16 *key ) x2 = *in++; x3 = *in++; x4 = *in; - #ifdef LITTLE_ENDIAN_HOST + #ifndef WORDS_BIGENDIAN x1 = (x1>>8) | (x1<<8); x2 = (x2>>8) | (x2<<8); x3 = (x3>>8) | (x3<<8); @@ -263,7 +218,7 @@ cipher( byte *outbuf, byte *inbuf, u16 *key ) MUL(x4, *key); out = (u16*)outbuf; - #ifdef LITTLE_ENDIAN_HOST + #ifndef WORDS_BIGENDIAN *out++ = (x1>>8) | (x1<<8); *out++ = (x3>>8) | (x3<<8); *out++ = (x2>>8) | (x2<<8); @@ -279,14 +234,16 @@ cipher( byte *outbuf, byte *inbuf, u16 *key ) static int -do_setkey( IDEA_context *c, byte *key, unsigned keylen ) +do_setkey( IDEA_context *c, const byte *key, unsigned int keylen ) { +#if 0 static int initialized = 0; if( !initialized ) { initialized = 1; selftest(0); } +#endif assert(keylen == 16); c->have_dk = 0; expand_key( key, c->ek ); @@ -294,21 +251,40 @@ do_setkey( IDEA_context *c, byte *key, unsigned keylen ) return 0; } +static gcry_err_code_t +idea_setkey (void *context, const byte *key, unsigned int keylen) +{ + IDEA_context *ctx = context; + int rc = do_setkey (ctx, key, keylen); + _gcry_burn_stack (23+6*sizeof(void*)); + return rc; +} + static void -encrypt_block( IDEA_context *c, byte *outbuf, byte *inbuf ) +encrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf ) { cipher( outbuf, inbuf, c->ek ); } static void -decrypt_block( IDEA_context *c, byte *outbuf, byte *inbuf ) +idea_encrypt (void *context, byte *out, const byte *in) +{ + IDEA_context *ctx = context; + encrypt_block (ctx, out, in); + _gcry_burn_stack (24+3*sizeof (void*)); +} + +static void +decrypt_block( IDEA_context *c, byte *outbuf, const byte *inbuf ) { +#if 0 static int initialized; if( !initialized ) { initialized = 1; selftest(1); } +#endif if( !c->have_dk ) { c->have_dk = 1; invert_key( c->ek, c->dk ); @@ -316,7 +292,16 @@ decrypt_block( IDEA_context *c, byte *outbuf, byte *inbuf ) cipher( outbuf, inbuf, c->dk ); } +static void +idea_decrypt (void *context, byte *out, const byte *in) +{ + IDEA_context *ctx = context; + decrypt_block (ctx, out, in); + _gcry_burn_stack (24+3*sizeof (void*)); +} + +#if 0 static void selftest( int check_decrypt ) { @@ -388,89 +373,12 @@ static struct { } } } +#endif -/**************** - * Return some information about the algorithm. We need algo here to - * distinguish different flavors of the algorithm. - * Returns: A pointer to string describing the algorithm or NULL if - * the ALGO is invalid. - */ -const char * -idea_get_info( int algo, size_t *keylen, - size_t *blocksize, size_t *contextsize, - int (**r_setkey)( void *c, byte *key, unsigned keylen ), - void (**r_encrypt)( void *c, byte *outbuf, byte *inbuf ), - void (**r_decrypt)( void *c, byte *outbuf, byte *inbuf ) - ) +gcry_cipher_spec_t _gcry_cipher_spec_idea = { - *keylen = 128; - *blocksize = 8; - *contextsize = sizeof(IDEA_context); - *r_setkey = FNCCAST_SETKEY(do_setkey); - *r_encrypt= FNCCAST_CRYPT(encrypt_block); - *r_decrypt= FNCCAST_CRYPT(decrypt_block); - if( algo == 1 ) - return "IDEA"; - return NULL; -} - - - -const char * const gnupgext_version = "IDEA ($Revision: 1.11 $)"; - -static struct { - int class; - int version; - int value; - void (*func)(void); -} func_table[] = { - { 20, 1, 0, (void(*)(void))idea_get_info }, - { 21, 1, 1 }, + "IDEA", NULL, NULL, IDEA_BLOCKSIZE, 128, + sizeof (IDEA_context), + idea_setkey, idea_encrypt, idea_decrypt }; - - - -/**************** - * Enumerate the names of the functions together with informations about - * this function. Set sequence to an integer with a initial value of 0 and - * do not change it. - * If what is 0 all kind of functions are returned. - * Return values: class := class of function: - * 10 = message digest algorithm info function - * 11 = integer with available md algorithms - * 20 = cipher algorithm info function - * 21 = integer with available cipher algorithms - * 30 = public key algorithm info function - * 31 = integer with available pubkey algorithms - * version = interface version of the function/pointer - * (currently this is 1 for all functions) - */ -void * -gnupgext_enum_func( int what, int *sequence, int *class, int *vers ) -{ - void *ret; - int i = *sequence; - - do { - if( i >= DIM(func_table) || i < 0 ) { - return NULL; - } - *class = func_table[i].class; - *vers = func_table[i].version; - switch( *class ) { - case 11: - case 21: - case 31: - ret = &func_table[i].value; - break; - default: - ret = func_table[i].func; - break; - } - i++; - } while( what && what != *class ); - - *sequence = i; - return ret; -} diff --git a/configure.ac b/configure.ac index c354836..cf4a082 100644 --- a/configure.ac +++ b/configure.ac @@ -174,7 +174,7 @@ LIBGCRYPT_CONFIG_HOST="$host" # Definitions for symmetric ciphers. available_ciphers="arcfour blowfish cast5 des aes twofish serpent rfc2268 seed" -available_ciphers="$available_ciphers camellia" +available_ciphers="$available_ciphers camellia idea" enabled_ciphers="" # Definitions for public-key ciphers. @@ -1080,6 +1080,12 @@ if test "$found" = "1" ; then AC_DEFINE(USE_CAMELLIA, 1, [Defined if this module should be included]) fi +LIST_MEMBER(idea, $enabled_ciphers) +if test "$found" = "1" ; then + GCRYPT_CIPHERS="$GCRYPT_CIPHERS idea.lo" + AC_DEFINE(USE_IDEA, 1, [Defined if this module should be included]) +fi + LIST_MEMBER(dsa, $enabled_pubkey_ciphers) if test "$found" = "1" ; then GCRYPT_PUBKEY_CIPHERS="$GCRYPT_PUBKEY_CIPHERS dsa.lo" diff --git a/src/cipher.h b/src/cipher.h index 0f923d7..48eeeda 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -135,6 +135,7 @@ extern gcry_cipher_spec_t _gcry_cipher_spec_seed; extern gcry_cipher_spec_t _gcry_cipher_spec_camellia128; extern gcry_cipher_spec_t _gcry_cipher_spec_camellia192; extern gcry_cipher_spec_t _gcry_cipher_spec_camellia256; +extern gcry_cipher_spec_t _gcry_cipher_spec_idea; extern cipher_extra_spec_t _gcry_cipher_extraspec_tripledes; extern cipher_extra_spec_t _gcry_cipher_extraspec_aes; diff --git a/tests/basic.c b/tests/basic.c index 4d5196f..8001e86 100644 --- a/tests/basic.c +++ b/tests/basic.c @@ -1568,6 +1568,9 @@ check_ciphers (void) GCRY_CIPHER_CAMELLIA192, GCRY_CIPHER_CAMELLIA256, #endif +#if USE_IDEA + GCRY_CIPHER_IDEA, +#endif 0 }; static int algos2[] = { -- 1.7.8.3 From simon at josefsson.org Wed Jan 11 19:35:59 2012 From: simon at josefsson.org (Simon Josefsson) Date: Wed, 11 Jan 2012 19:35:59 +0100 Subject: IDEA support In-Reply-To: <20237.54781.307379.448936@a1i15.kph.uni-mainz.de> (Ulrich Mueller's message of "Wed, 11 Jan 2012 19:33:33 +0100") References: <19921.24220.826380.56157@a1i15.kph.uni-mainz.de> <871uzyv6w4.fsf@vigenere.g10code.de> <20231.40601.138265.57633@a1i15.kph.uni-mainz.de> <87mx9x3umt.fsf@vigenere.g10code.de> <20237.12522.644856.464955@a1i15.kph.uni-mainz.de> <87ipkizl95.fsf@vigenere.g10code.de> <20237.54781.307379.448936@a1i15.kph.uni-mainz.de> Message-ID: <87y5te5bow.fsf@latte.josefsson.org> Ulrich Mueller writes: >>>>>> On Wed, 11 Jan 2012, Werner Koch wrote: > >>> Please find a patch included below. It applies cleanly to the trunk >>> as well as to 1.5.0. I've tested it both with keys and files >>> generated > >> To apply this patch you first need to sign copyright assignments > > I've requested the forms from the FSF. Let's see how long it will take > this time. Can you claim US residency? Then you can do the signing electronically. This was changed recently. /Simon