[svn] gcry - r1234 - in trunk: cipher doc
svn author wk
cvs at cvs.gnupg.org
Fri Apr 20 12:52:31 CEST 2007
Author: wk
Date: 2007-04-20 12:52:30 +0200 (Fri, 20 Apr 2007)
New Revision: 1234
Modified:
trunk/cipher/ChangeLog
trunk/cipher/ecc.c
trunk/cipher/pubkey.c
trunk/doc/gcrypt.texi
Log:
Support more curves.
Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog 2007-04-18 12:59:00 UTC (rev 1233)
+++ trunk/cipher/ChangeLog 2007-04-20 10:52:30 UTC (rev 1234)
@@ -1,3 +1,7 @@
+2007-04-20 Werner Koch <wk at g10code.com>
+
+ * ecc.c (domain_parms): Add standard brainpool curves.
+
2007-04-18 Werner Koch <wk at g10code.com>
* ecc.c (generate_curve): Implement alias mechanism.
Modified: trunk/cipher/ecc.c
===================================================================
--- trunk/cipher/ecc.c 2007-04-18 12:59:00 UTC (rev 1233)
+++ trunk/cipher/ecc.c 2007-04-20 10:52:30 UTC (rev 1234)
@@ -98,15 +98,26 @@
{ "NIST P-192", "secp192r1" }, /* SECP name. */
{ "NIST P-224", "secp224r1" },
+ { "NIST P-224", "1.3.132.0.33" }, /* SECP OID. */
{ "NIST P-256", "1.2.840.10045.3.1.7" },
{ "NIST P-256", "prime256v1" },
{ "NIST P-256", "secp256r1" },
{ "NIST P-384", "secp384r1" },
+ { "NIST P-384", "1.3.132.0.34" },
{ "NIST P-521", "secp521r1" },
+ { "NIST P-521", "1.3.132.0.35" },
+ { "brainpoolP160r1", "1.3.36.3.3.2.8.1.1.1" },
+ { "brainpoolP192r1", "1.3.36.3.3.2.8.1.1.3" },
+ { "brainpoolP224r1", "1.3.36.3.3.2.8.1.1.5" },
+ { "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7" },
+ { "brainpoolP320r1", "1.3.36.3.3.2.8.1.1.9" },
+ { "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
+ { "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
+
{ NULL, NULL}
};
@@ -123,16 +134,6 @@
const char *g_x, *g_y; /* Base point. */
} domain_parms[] =
{
- { "secp160r1", 160,
- "0x",
- "0x",
- "0x",
- "0x",
-
- "0x",
- "0x"
- },
-
{
"NIST P-192", 192,
"0xfffffffffffffffffffffffffffffffeffffffffffffffff",
@@ -195,6 +196,88 @@
"0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
},
+
+ { "brainpoolP160r1", 160,
+ "0xe95e4a5f737059dc60dfc7ad95b3d8139515620f",
+ "0x340e7be2a280eb74e2be61bada745d97e8f7c300",
+ "0x1e589a8595423412134faa2dbdec95c8d8675e58",
+ "0xe95e4a5f737059dc60df5991d45029409e60fc09",
+ "0xbed5af16ea3f6a4f62938c4631eb5af7bdbcdbc3",
+ "0x1667cb477a1a8ec338f94741669c976316da6321"
+ },
+
+ { "brainpoolP192r1", 192,
+ "0xc302f41d932a36cda7a3463093d18db78fce476de1a86297",
+ "0x6a91174076b1e0e19c39c031fe8685c1cae040e5c69a28ef",
+ "0x469a28ef7c28cca3dc721d044f4496bcca7ef4146fbf25c9",
+ "0xc302f41d932a36cda7a3462f9e9e916b5be8f1029ac4acc1",
+ "0xc0a0647eaab6a48753b033c56cb0f0900a2f5c4853375fd6",
+ "0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f"
+ },
+
+ { "brainpoolP224r1", 224,
+ "0xd7c134aa264366862a18302575d1d787b09f075797da89f57ec8c0ff",
+ "0x68a5e62ca9ce6c1c299803a6c1530b514e182ad8b0042a59cad29f43",
+ "0x2580f63ccfe44138870713b1a92369e33e2135d266dbb372386c400b",
+ "0xd7c134aa264366862a18302575d0fb98d116bc4b6ddebca3a5a7939f",
+ "0x0d9029ad2c7e5cf4340823b2a87dc68c9e4ce3174c1e6efdee12c07d",
+ "0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd"
+ },
+
+ { "brainpoolP256r1", 256,
+ "0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
+ "0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
+ "0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
+ "0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
+ "0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
+ "0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997"
+ },
+
+ { "brainpoolP320r1", 320,
+ "0xd35e472036bc4fb7e13c785ed201e065f98fcfa6f6f40def4f92b9ec7893ec28"
+ "fcd412b1f1b32e27",
+ "0x3ee30b568fbab0f883ccebd46d3f3bb8a2a73513f5eb79da66190eb085ffa9f4"
+ "92f375a97d860eb4",
+ "0x520883949dfdbc42d3ad198640688a6fe13f41349554b49acc31dccd88453981"
+ "6f5eb4ac8fb1f1a6",
+ "0xd35e472036bc4fb7e13c785ed201e065f98fcfa5b68f12a32d482ec7ee8658e9"
+ "8691555b44c59311",
+ "0x43bd7e9afb53d8b85289bcc48ee5bfe6f20137d10a087eb6e7871e2a10a599c7"
+ "10af8d0d39e20611",
+ "0x14fdd05545ec1cc8ab4093247f77275e0743ffed117182eaa9c77877aaac6ac7"
+ "d35245d1692e8ee1"
+ },
+
+ { "brainpoolP384r1", 384,
+ "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123"
+ "acd3a729901d1a71874700133107ec53",
+ "0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f"
+ "8aa5814a503ad4eb04a8c7dd22ce2826",
+ "0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d5"
+ "7cb4390295dbc9943ab78696fa504c11",
+ "0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7"
+ "cf3ab6af6b7fc3103b883202e9046565",
+ "0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8"
+ "e826e03436d646aaef87b2e247d4af1e",
+ "0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff9912928"
+ "0e4646217791811142820341263c5315"
+ },
+
+ { "brainpoolP512r1", 512,
+ "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330871"
+ "7d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
+ "0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc"
+ "2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
+ "0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a7"
+ "2bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
+ "0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870"
+ "553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
+ "0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098e"
+ "ff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
+ "0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111"
+ "b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892"
+ },
+
{ NULL, 0, NULL, NULL, NULL, NULL }
};
Modified: trunk/cipher/pubkey.c
===================================================================
--- trunk/cipher/pubkey.c 2007-04-18 12:59:00 UTC (rev 1233)
+++ trunk/cipher/pubkey.c 2007-04-20 10:52:30 UTC (rev 1234)
@@ -2278,7 +2278,7 @@
Get the number of nbits from the public key.
Hmmm: Should we have really this function or is it better to have a
- more general function to retrieve different propoerties of the key? */
+ more general function to retrieve different properties of the key? */
unsigned int
gcry_pk_get_nbits (gcry_sexp_t key)
{
Modified: trunk/doc/gcrypt.texi
===================================================================
--- trunk/doc/gcrypt.texi 2007-04-18 12:59:00 UTC (rev 1233)
+++ trunk/doc/gcrypt.texi 2007-04-20 10:52:30 UTC (rev 1234)
@@ -2137,7 +2137,7 @@
@end table
@noindent
-To describe how Libgcrypt expect keys, we use some examples. Note that
+To describe how Libgcrypt expect keys, we use examples. Note that
words in
@ifnottex
uppercase
@@ -2147,8 +2147,70 @@
@end iftex
indicate parameters whereas lowercase words are literals.
+Note that all MPI (big integer) values are expected to be in
+ at code{GCRYMPI_FMT_USG} format. An easy way to create S-expressions is
+by using @code{gcry_sexp_build} which allows to pass a string with
+printf-like escapes to insert MPI values.
+
+ at menu
+* RSA key parameters:: Parameters used with an RSA key.
+* DSA key parameters:: Parameters used with a DSA key.
+* ECC key parameters:: Parameters used with ECC keys.
+ at end menu
+
+ at node RSA key parameters
+ at subsection RSA key parameters
+
+ at noindent
+An RSA private key is described by this S-expression:
+
@example
(private-key
+ (rsa
+ (n @var{n-mpi})
+ (e @var{e-mpi})
+ (d @var{d-mpi})
+ (p @var{p-mpi})
+ (q @var{q-mpi})
+ (u @var{u-mpi})))
+ at end example
+
+ at noindent
+An RSA public key is described by this S-expression:
+
+ at example
+(public-key
+ (rsa
+ (n @var{n-mpi})
+ (e @var{e-mpi})))
+ at end example
+
+
+ at table @var
+ at item n-mpi
+RSA public modulus @math{n}.
+ at item e-mpi
+RSA public exponent @math{e}.
+ at item d-mpi
+RSA secret exponent @math{d = e^{-1} \bmod (p-1)(q-1)}.
+ at item p-mpi
+RSA secret prime @math{p}.
+ at item q-mpi
+RSA secret prime @math{q} with @math{q > p}.
+ at item u-mpi
+multiplicative inverse @math{u = p^{-1} \bmod q}.
+ at end table
+
+
+
+ at node DSA key parameters
+ at subsection DSA key parameters
+
+ at noindent
+A DSA private key is described by this S-expression:
+
+ at example
+(private-key
(dsa
(p @var{p-mpi})
(q @var{q-mpi})
@@ -2157,9 +2219,6 @@
(x @var{x-mpi})))
@end example
- at noindent
-This specifies a DSA private key with the following parameters:
-
@table @var
@item p-mpi
DSA prime @math{p}.
@@ -2173,46 +2232,98 @@
DSA secret exponent x.
@end table
-All the MPI values are expected to be in @code{GCRYMPI_FMT_USG} format.
The public key is similar with "private-key" replaced by "public-key"
and no @var{x-mpi}.
-An easy way to create such an S-expressions is by using
- at code{gcry_sexp_build} which allows to pass a string with printf-like
-escapes to insert MPI values.
+ at node ECC key parameters
+ at subsection ECC key parameters
+
@noindent
-Here is an example for an RSA key:
+An ECC private key is described by this S-expression:
@example
(private-key
- (rsa
+ (ecc
+ (p @var{p-mpi})
+ (a @var{a-mpi})
+ (b @var{b-mpi})
+ (g @var{g-point})
(n @var{n-mpi})
- (e @var{e-mpi})
- (d @var{d-mpi})
- (p @var{p-mpi})
- (q @var{q-mpi})
- (u @var{u-mpi})
+ (q @var{q-point})
+ (d @var{d-mpi})))
@end example
- at noindent
-with
-
@table @var
+ at item p-mpi
+Prime specifying the field @math{GF(p)}.
+ at item a-mpi
+ at itemx b-mpi
+The two coefficients of the Weierstrass equation @math{y^2 = x^3 + ax + b}
+ at item g-point
+Base point @math{g}.
@item n-mpi
-RSA public modulus @math{n}.
- at item e-mpi
-RSA public exponent @math{e}.
+Order of @math{g}
+ at item q-point
+The point representing the public key @math{Q = dP}.
@item d-mpi
-RSA secret exponent @math{d = e^{-1} \bmod (p-1)(q-1)}.
- at item p-mpi
-RSA secret prime @math{p}.
- at item q-mpi
-RSA secret prime @math{q} with @math{q > p}.
- at item u-mpi
-multiplicative inverse @math{u = p^{-1} \bmod q}.
+The private key @math{d}
@end table
+All point values are encoded in standard format; Libgcrypt does
+currently only support uncompressed points, thus the first byte needs to
+be @code{0x04}.
+
+The public key is similar with "private-key" replaced by "public-key"
+and no @var{d-mpi}.
+
+If the domain parameters are well-known, the name of this curve may be
+used. For example
+
+ at example
+(private-key
+ (ecc
+ (curve "NIST P-192")
+ (q @var{q-point})
+ (d @var{d-mpi})))
+ at end example
+
+The @code{curve} parameter may be given in any case and is used to replace
+missing parameters.
+
+ at noindent
+Currently implemented curves are:
+ at table @code
+ at item NIST P-192
+ at itemx 1.2.840.10045.3.1.1
+ at itemx prime192v1
+ at itemx secp192r1
+The NIST 192 bit curve, its OID, X9.62 and SECP aliases.
+
+ at item NIST P-224
+ at itemx secp224r1
+The NIST 224 bit curve and its SECP alias.
+
+ at item NIST P-256
+ at itemx 1.2.840.10045.3.1.7
+ at itemx prime256v1
+ at itemx secp256r1
+The NIST 256 bit curve, its OID, X9.62 and SECP aliases.
+
+ at item NIST P-384
+ at itemx secp384r1
+The NIST 384 bit curve and its SECP alias.
+
+ at item NIST P-521
+ at itemx secp521r1
+The NIST 521 bit curve and its SECP alias.
+
+ at end table
+As usual the OIDs may optionally be prefixed with the string @code{OID.}
+or @code{oid.}.
+
+
+
@node Public key modules
@section Public key modules
@@ -2729,6 +2840,13 @@
is a string with a number in C-notation. The value should be a multiple
of 8.
+ at item curve @var{name}
+For ECC a named curve may be used instead of giving the number of
+requested bits. This allows to request a specific curve to override a
+default selection Libgcrypt would have taken if @code{nbits} has been
+given. The available names are listed with the description of the ECC
+public key parameters.
+
@item rsa-use-e
This is only used with RSA to give a hint for the public exponent. The
value will be used as a base to test for a usable exponent. Some values
@@ -2761,7 +2879,7 @@
Q = 256
@item N = 7680
Q = 384
-w at item N = 15360
+ at item N = 15360
Q = 512
@end table
Note that in this case only the values for N, as given in the table,
More information about the Gnupg-commits
mailing list