From cvs at cvs.gnupg.org Mon Nov 3 11:54:19 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Nov 2008 11:54:19 +0100 Subject: [svn] GnuPG - r4866 - trunk/scd Message-ID: Author: wk Date: 2008-11-03 11:54:18 +0100 (Mon, 03 Nov 2008) New Revision: 4866 Modified: trunk/scd/ChangeLog trunk/scd/app-help.c trunk/scd/app-nks.c trunk/scd/app-openpgp.c trunk/scd/app-p15.c trunk/scd/app.c trunk/scd/card-p15.c trunk/scd/command.c Log: Use bin2hex if possible. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/ChangeLog 2008-11-03 10:54:18 UTC (rev 4866) @@ -1,3 +1,13 @@ +2008-11-03 Werner Koch + + * app.c (app_get_serial_and_stamp): Use bin2hex. + * app-help.c (app_help_get_keygrip_string): Ditto. + * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. + * app-openpgp.c (send_fpr_if_not_null, send_key_data) + (retrieve_fpr_from_card, send_keypair_info): Ditto. + * app-nks.c (keygripstr_from_pk_file): Ditto. + * command.c (cmd_apdu): Ditto. + 2008-10-21 Marcus Brinkmann * command.c (open_card): If connect error is SW_HOST_NO_CARD, Modified: trunk/scd/app-help.c =================================================================== --- trunk/scd/app-help.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/app-help.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -39,7 +39,6 @@ ksba_sexp_t p; size_t n; unsigned char array[20]; - int i; p = ksba_cert_get_public_key (cert); if (!p) @@ -58,8 +57,7 @@ } gcry_sexp_release (s_pkey); - for (i=0; i < 20; i++) - sprintf (hexkeygrip+i*2, "%02X", array[i]); + bin2hex (array, 20, hexkeygrip); return 0; } Modified: trunk/scd/app-nks.c =================================================================== --- trunk/scd/app-nks.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/app-nks.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -108,8 +108,7 @@ } else { - for (i=0; i < 20; i++) - sprintf (r_gripstr+i*2, "%02X", grip[i]); + bin2hex (grip, 20, r_gripstr); } gcry_sexp_release (sexp); return err; Modified: trunk/scd/app-openpgp.c =================================================================== --- trunk/scd/app-openpgp.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/app-openpgp.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -697,8 +697,7 @@ ; if (i==20) return; /* All zero. */ - for (i=0; i< 20; i++) - sprintf (buf+2*i, "%02X", fpr[i]); + bin2hex (fpr, 20, buf); if (number == -1) *numbuf = 0; /* Don't print the key number */ else @@ -729,10 +728,14 @@ send_key_data (ctrl_t ctrl, const char *name, const unsigned char *a, size_t alen) { - char *p, *buf = xmalloc (alen*2+1); + char *buf; - for (p=buf; alen; a++, alen--, p += 2) - sprintf (p, "%02X", *a); + buf = bin2hex (a, alen, NULL); + if (!buf) + { + log_error ("memory allocation error in send_key_data\n"); + return; + } send_status_info (ctrl, "KEY-DATA", name, (size_t)strlen(name), @@ -893,16 +896,12 @@ void *relptr; unsigned char *value; size_t valuelen; - int i; assert (keyno >=0 && keyno <= 2); relptr = get_one_do (app, 0x00C5, &value, &valuelen, NULL); if (relptr && valuelen >= 60) - { - for (i = 0; i < 20; i++) - sprintf (fpr + (i * 2), "%02X", value[(keyno*20)+i]); - } + bin2hex (value+keyno*20, 20, fpr); else err = gpg_error (GPG_ERR_NOT_FOUND); xfree (relptr); @@ -1235,7 +1234,6 @@ unsigned char grip[20]; char gripstr[41]; char idbuf[50]; - int i; err = get_public_key (app, keyno); if (err) @@ -1251,8 +1249,7 @@ if (err) goto leave; - for (i=0; i < 20; i++) - sprintf (gripstr+i*2, "%02X", grip[i]); + bin2hex (grip, 20, gripstr); sprintf (idbuf, "OPENPGP.%d", keyno); send_status_info (ctrl, "KEYPAIRINFO", Modified: trunk/scd/app-p15.c =================================================================== --- trunk/scd/app-p15.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/app-p15.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -2363,7 +2363,6 @@ for (; certinfo; certinfo = certinfo->next) { char *buf, *p; - int i; buf = xtrymalloc (9 + certinfo->objidlen*2 + 1); if (!buf) @@ -2375,11 +2374,7 @@ p += 5; } p = stpcpy (p, "."); - for (i=0; i < certinfo->objidlen; i++) - { - sprintf (p, "%02X", certinfo->objid[i]); - p += 2; - } + bin2hex (certinfo->objid, certinfo->objidlen, p); send_status_info (ctrl, "CERTINFO", certtype, strlen (certtype), @@ -2458,7 +2453,7 @@ { char gripstr[40+1]; char *buf, *p; - int i, j; + int j; buf = xtrymalloc (9 + keyinfo->objidlen*2 + 1); if (!buf) @@ -2470,11 +2465,7 @@ p += 5; } p = stpcpy (p, "."); - for (i=0; i < keyinfo->objidlen; i++) - { - sprintf (p, "%02X", keyinfo->objid[i]); - p += 2; - } + bin2hex (keyinfo->objid, keyinfo->objidlen, p); err = keygripstr_from_prkdf (app, keyinfo, gripstr); if (err) @@ -2669,7 +2660,6 @@ do_getattr (app_t app, ctrl_t ctrl, const char *name) { gpg_error_t err; - int i; if (!strcmp (name, "$AUTHKEYID")) { @@ -2694,11 +2684,7 @@ p += 5; } p = stpcpy (p, "."); - for (i=0; i < prkdf->objidlen; i++) - { - sprintf (p, "%02X", prkdf->objid[i]); - p += 2; - } + bin2hex (prkdf->objid, prkdf->objidlen, p); send_status_info (ctrl, name, buf, strlen (buf), NULL, 0); xfree (buf); Modified: trunk/scd/app.c =================================================================== --- trunk/scd/app.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/app.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -106,6 +106,7 @@ dump_mutex_state (pth_mutex_t *m) { #ifdef _W32_PTH_H + (void)m; log_printf ("unknown under W32"); #else if (!(m->mx_state & PTH_MUTEX_INITIALIZED)) @@ -186,7 +187,7 @@ } -/* This fucntion is used by the serialno command to check for an +/* This function is used by the serialno command to check for an application conflict which may appear if the serialno command is used to request a specific application and the connection has already done a select_application. */ @@ -472,8 +473,7 @@ gpg_error_t app_get_serial_and_stamp (app_t app, char **serial, time_t *stamp) { - char *buf, *p; - int i; + char *buf; if (!app || !serial) return gpg_error (GPG_ERR_INV_VALUE); @@ -482,12 +482,10 @@ if (stamp) *stamp = 0; /* not available */ - buf = xtrymalloc (app->serialnolen * 2 + 1); + buf = bin2hex (app->serialno, app->serialnolen, NULL); if (!buf) return gpg_error_from_syserror (); - for (p=buf, i=0; i < app->serialnolen; p +=2, i++) - sprintf (p, "%02X", app->serialno[i]); - *p = 0; + *serial = buf; return 0; } Modified: trunk/scd/card-p15.c =================================================================== --- trunk/scd/card-p15.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/card-p15.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -174,15 +174,12 @@ if (keyid) { char *p; - int i; *keyid = p = xtrymalloc (9+pinfo->id.len*2+1); if (!*keyid) return gpg_error (gpg_err_code_from_errno (errno)); p = stpcpy (p, "P15-5015."); - for (i=0; i < pinfo->id.len; i++, p += 2) - sprintf (p, "%02X", pinfo->id.value[i]); - *p = 0; + bin2hex (pinfo->id.value, pinfo->id.len, p); } return rc; @@ -218,9 +215,7 @@ if (!*certid) return gpg_error (gpg_err_code_from_errno (errno)); p = stpcpy (p, "P15-5015."); - for (i=0; i < cinfo->id.len; i++, p += 2) - sprintf (p, "%02X", cinfo->id.value[i]); - *p = 0; + bin2hex (cinfo->id.value, cinfo->id.len, p); } if (type) { Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-10-29 17:24:27 UTC (rev 4865) +++ trunk/scd/command.c 2008-11-03 10:54:18 UTC (rev 4866) @@ -1704,7 +1704,6 @@ { unsigned char *atr; size_t atrlen; - int i; char hexbuf[400]; atr = apdu_get_atr (ctrl->reader_slot, &atrlen); @@ -1713,8 +1712,7 @@ rc = gpg_error (GPG_ERR_INV_CARD); goto leave; } - for (i=0; i < atrlen; i++) - sprintf (hexbuf+2*i, "%02X", atr[i]); + bin2hex (atr, atrlen, hexbuf); xfree (atr); send_status_info (ctrl, "CARD-ATR", hexbuf, strlen (hexbuf), NULL, 0); } From cvs at cvs.gnupg.org Mon Nov 3 14:56:35 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Nov 2008 14:56:35 +0100 Subject: [svn] GpgOL - r282 - trunk/src Message-ID: Author: wk Date: 2008-11-03 14:56:34 +0100 (Mon, 03 Nov 2008) New Revision: 282 Modified: trunk/src/ChangeLog trunk/src/engine-assuan.c trunk/src/mimemaker.c Log: Add session title to sign and encrypt operations. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-29 13:01:28 UTC (rev 281) +++ trunk/src/ChangeLog 2008-11-03 13:56:34 UTC (rev 282) @@ -1,3 +1,13 @@ +2008-11-03 Werner Koch + + * mimemaker.c (do_mime_sign): Add arg SESSION_NUMBER and pass it + to the sign operation. Set session title. + (mime_sign): Create a new session number. + (mime_sign_encrypt): Pass a session number and title to the engine. + (mime_encrypt): Ditto. + * engine-assuan.c (op_assuan_encrypt, op_assuan_sign): Send + session info. + 2008-10-29 Werner Koch * engine.c (engine_filter): Collect more data in the in buffer. Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2008-10-29 13:01:28 UTC (rev 281) +++ trunk/src/engine-assuan.c 2008-11-03 13:56:34 UTC (rev 282) @@ -1635,6 +1635,7 @@ err = assuan_transact (ctx, "RESET", NULL, NULL, NULL, NULL, NULL, NULL); if (err) goto leave; + send_session_info (ctx, filter); for (i=0; recipients && recipients[i]; i++) { snprintf (line, sizeof line, "RECIPIENT %s", recipients[i]); @@ -1812,6 +1813,8 @@ if (err) goto leave; + send_session_info (ctx, filter); + /* We always send the SENDER command because it allows us to figure out the protocol to use. In case the UI server fails to send the protocol we fall back to OpenPGP. The --protocol option isused Modified: trunk/src/mimemaker.c =================================================================== --- trunk/src/mimemaker.c 2008-10-29 13:01:28 UTC (rev 281) +++ trunk/src/mimemaker.c 2008-11-03 13:56:34 UTC (rev 282) @@ -1148,7 +1148,8 @@ written to that sink. */ static int do_mime_sign (LPMESSAGE message, HWND hwnd, protocol_t protocol, - mapi_attach_item_t **r_att_table, sink_t tmpsink) + mapi_attach_item_t **r_att_table, sink_t tmpsink, + unsigned int session_number) { int result = -1; int rc; @@ -1203,6 +1204,17 @@ /* Prepare the signing. */ if (engine_create_filter (&filter, collect_signature, &sigbuffer)) goto failure; + + if (session_number) + { + engine_set_session_number (filter, session_number); + { + char *tmp = mapi_get_subject (message); + engine_set_session_title (filter, tmp); + xfree (tmp); + } + } + if (engine_sign_start (filter, hwnd, protocol, mapi_get_sender (message), &protocol)) goto failure; @@ -1386,7 +1398,8 @@ int result = -1; mapi_attach_item_t *att_table; - result = do_mime_sign (message, hwnd, protocol, &att_table, 0); + result = do_mime_sign (message, hwnd, protocol, &att_table, 0, + engine_new_session_number ()); if (!result) { if (!finalize_message (message, att_table, protocol, 0)) @@ -1619,6 +1632,14 @@ encryption will fail early. */ if (engine_create_filter (&filter, write_buffer_for_cb, sink)) goto failure; + + engine_set_session_number (filter, engine_new_session_number ()); + { + char *tmp = mapi_get_subject (message); + engine_set_session_title (filter, tmp); + xfree (tmp); + } + if (engine_encrypt_prepare (filter, hwnd, protocol, recipients, &protocol)) goto failure; if (engine_encrypt_start (filter, 0)) @@ -1723,6 +1744,7 @@ char boundary[BOUNDARYSIZE+1]; mapi_attach_item_t *att_table = NULL; engine_filter_t filter = NULL; + unsigned int session_number; memset (sink, 0, sizeof *sink); memset (encsink, 0, sizeof *encsink); @@ -1732,7 +1754,7 @@ if (!attach) return -1; - /* First check that we are not rying to process an empty message + /* First check that we are not trying to process an empty message which might lock up our engine. Unfortunately we need to duplicate the code we use in do_mime_sign here. FIXME: The engine should be fixed instead of using such a workaround. */ @@ -1785,6 +1807,15 @@ figure out the protocol to use if we have not forced one. */ if (engine_create_filter (&filter, write_buffer_for_cb, sink)) goto failure; + + session_number = engine_new_session_number (); + engine_set_session_number (filter, session_number); + { + char *tmp = mapi_get_subject (message); + engine_set_session_title (filter, tmp); + xfree (tmp); + } + if ((rc=engine_encrypt_prepare (filter, hwnd, protocol, recipients, &protocol))) goto failure; @@ -1799,7 +1830,8 @@ we need to fix up that ugly micalg parameter after having created the signature. Note that the protocol to use is taken from the encryption operation. */ - if (do_mime_sign (message, hwnd, protocol, &att_table, tmpsink)) + if (do_mime_sign (message, hwnd, protocol, &att_table, tmpsink, + session_number)) goto failure; /* Now send the actual ENCRYPT command. This split up between From cvs at cvs.gnupg.org Mon Nov 3 18:24:10 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Mon, 03 Nov 2008 18:24:10 +0100 Subject: [svn] gpgme - r1345 - in trunk: . assuan tests tests/gpg tests/gpgsm Message-ID: Author: marcus Date: 2008-11-03 18:24:09 +0100 (Mon, 03 Nov 2008) New Revision: 1345 Added: trunk/src/ Removed: trunk/gpgme/ Modified: trunk/ChangeLog trunk/Makefile.am trunk/assuan/ChangeLog trunk/assuan/Makefile.am trunk/configure.ac trunk/tests/ChangeLog trunk/tests/Makefile.am trunk/tests/gpg/Makefile.am trunk/tests/gpgsm/Makefile.am Log: 008-11-03 Marcus Brinkmann * configure.ac: Replace gpgme paths with src. * gpgme: Move to ... * src: ... this new directory. assuan/ 2008-11-03 Marcus Brinkmann * Makefile.am (INCLUDES): Replace gpgme path with src. tests/ 2008-11-03 Marcus Brinkmann * gpgsm/Makefile.am (INCLUDES, LDADD): Replace gpgme path with src. * gpg/Makefile.am (INCLUDES, LDADD, t_thread1_LDADD): Likewise. * Makefile.am (LDADD): Likewise. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/ChangeLog 2008-11-03 17:24:09 UTC (rev 1345) @@ -1,3 +1,9 @@ +2008-11-03 Marcus Brinkmann + + * configure.ac: Replace gpgme paths with src. + * gpgme: Move to ... + * src: ... this new directory. + 2008-10-20 Werner Koch * configure.ac (AC_CONFIG_FILES): Add gpgme.h. Modified: trunk/assuan/ChangeLog =================================================================== --- trunk/assuan/ChangeLog 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/assuan/ChangeLog 2008-11-03 17:24:09 UTC (rev 1345) @@ -1,3 +1,7 @@ +2008-11-03 Marcus Brinkmann + + * Makefile.am (INCLUDES): Replace gpgme path with src. + 2008-10-30 Marcus Brinkmann * assuan-pipe-connect.c: Fix prototype for _gpgme_io_spawn. Cast Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/tests/ChangeLog 2008-11-03 17:24:09 UTC (rev 1345) @@ -1,3 +1,9 @@ +2008-11-03 Marcus Brinkmann + + * gpgsm/Makefile.am (INCLUDES, LDADD): Replace gpgme path with src. + * gpg/Makefile.am (INCLUDES, LDADD, t_thread1_LDADD): Likewise. + * Makefile.am (LDADD): Likewise. + 2008-06-19 Werner Koch * gpg/t-gpgconf.c (dump_arg): Add new types. Print strings in Modified: trunk/Makefile.am =================================================================== --- trunk/Makefile.am 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/Makefile.am 2008-11-03 17:24:09 UTC (rev 1345) @@ -1,6 +1,6 @@ # Makefile.am - Top level Makefile for GPGME. # Copyright (C) 2000 Werner Koch (dd9jn) -# Copyright (C) 2001, 2002, 2004, 2005 g10 Code GmbH +# Copyright (C) 2001, 2002, 2004, 2005, 2008 g10 Code GmbH # # This file is part of GPGME. # @@ -43,7 +43,7 @@ tests = endif -SUBDIRS = ${assuan} gpgme ${tests} doc ${complus} lang +SUBDIRS = ${assuan} src ${tests} doc ${complus} lang # Fix the version of the spec file and create a file named VERSION # to be used for patch's Prereq: feature. Modified: trunk/assuan/Makefile.am =================================================================== --- trunk/assuan/Makefile.am 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/assuan/Makefile.am 2008-11-03 17:24:09 UTC (rev 1345) @@ -20,7 +20,7 @@ ## Process this file with automake to produce Makefile.in EXTRA_DIST = mkerrors -INCLUDES = -I.. -I$(top_srcdir)/gpgme +INCLUDES = -I.. -I$(top_srcdir)/src BUILT_SOURCES = assuan-errors.c MOSTLYCLEANFILES = assuan-errors.c Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/configure.ac 2008-11-03 17:24:09 UTC (rev 1345) @@ -62,7 +62,7 @@ PACKAGE=$PACKAGE_NAME VERSION=$PACKAGE_VERSION -AC_CONFIG_SRCDIR(gpgme/gpgme.h.in) +AC_CONFIG_SRCDIR(src/gpgme.h.in) dnl FIXME: Enable this with autoconf 2.59. dnl AC_CONFIG_MACRO_DIR(m4) AM_CONFIG_HEADER(config.h) @@ -743,12 +743,12 @@ # # Create config files -AC_CONFIG_FILES(Makefile assuan/Makefile gpgme/Makefile +AC_CONFIG_FILES(Makefile assuan/Makefile src/Makefile tests/Makefile tests/gpg/Makefile tests/gpgsm/Makefile doc/Makefile complus/Makefile - gpgme/versioninfo.rc - gpgme/gpgme.h) -AC_CONFIG_FILES(gpgme/gpgme-config, chmod +x gpgme/gpgme-config) + src/versioninfo.rc + src/gpgme.h) +AC_CONFIG_FILES(src/gpgme-config, chmod +x src/gpgme-config) AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpgme.asd]) AC_OUTPUT Copied: trunk/src (from rev 1344, trunk/gpgme) Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/tests/Makefile.am 2008-11-03 17:24:09 UTC (rev 1345) @@ -29,7 +29,7 @@ INCLUDES = -I$(top_srcdir)/gpgme AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ -LDADD = ../gpgme/libgpgme.la @GPG_ERROR_LIBS@ +LDADD = ../src/libgpgme.la @GPG_ERROR_LIBS@ noinst_PROGRAMS = $(TESTS) Modified: trunk/tests/gpg/Makefile.am =================================================================== --- trunk/tests/gpg/Makefile.am 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/tests/gpg/Makefile.am 2008-11-03 17:24:09 UTC (rev 1345) @@ -43,11 +43,11 @@ EXTRA_DIST = mkdemodirs pubdemo.asc secdemo.asc cipher-1.asc cipher-2.asc \ geheim.txt pubkey-1.asc seckey-1.asc pinentry -INCLUDES = -I$(top_srcdir)/gpgme +INCLUDES = -I$(top_srcdir)/src AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ -LDADD = ../../gpgme/libgpgme.la -t_thread1_LDADD = ../../gpgme/libgpgme-pthread.la +LDADD = ../../src/libgpgme.la +t_thread1_LDADD = ../../src/libgpgme-pthread.la # We don't run t-genkey in the test suite, because it takes too long noinst_PROGRAMS = $(TESTS) t-genkey Modified: trunk/tests/gpgsm/Makefile.am =================================================================== --- trunk/tests/gpgsm/Makefile.am 2008-10-30 15:08:44 UTC (rev 1344) +++ trunk/tests/gpgsm/Makefile.am 2008-11-03 17:24:09 UTC (rev 1345) @@ -29,10 +29,10 @@ EXTRA_DIST = cert_dfn_pca01.der cert_dfn_pca15.der cert_g10code_test1.der \ $(key_id) -INCLUDES = -I$(top_srcdir)/gpgme +INCLUDES = -I$(top_srcdir)/src AM_CPPFLAGS = @GPG_ERROR_CFLAGS@ -LDADD = ../../gpgme/libgpgme.la +LDADD = ../../src/libgpgme.la # We don't run t-genkey in the test suite, because it takes too long # and needs a working pinentry. From cvs at cvs.gnupg.org Mon Nov 3 19:27:11 2008 From: cvs at cvs.gnupg.org (svn author marcus) Date: Mon, 03 Nov 2008 19:27:11 +0100 Subject: [svn] assuan - r292 - in trunk: . src tests Message-ID: Author: marcus Date: 2008-11-03 19:27:11 +0100 (Mon, 03 Nov 2008) New Revision: 292 Modified: trunk/ChangeLog trunk/src/ChangeLog trunk/src/assuan-handler.c trunk/src/assuan-logging.c trunk/src/assuan-socket-connect.c trunk/src/assuan-socket-server.c trunk/src/funopen.c trunk/tests/fdpassing.c Log: 2008-11-03 Marcus Brinkmann * tests/fdpassing.c (register_commands): Add missing initializer to silence gcc -W warning. src/ 2008-11-03 Marcus Brinkmann * assuan-handler.c (std_handler_help): Make I unsigned to silence gcc -W warning. * assuan-logging.c (_assuan_log_print_buffer): Likewise for N. * funopen.c (_assuan_funopen): Remove initializer to silence gcc -W warning. * assuan-handler.c (std_cmd_table): Add missing initializer to silence gcc -W warning. * assuan-socket-server.c (io): Likewise. * assuan-socket-connect.c (assuan_socket_connect_ext): Likewise. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/ChangeLog 2008-11-03 18:27:11 UTC (rev 292) @@ -1,3 +1,8 @@ +2008-11-03 Marcus Brinkmann + + * tests/fdpassing.c (register_commands): Add missing initializer + to silence gcc -W warning. + 2008-05-25 Werner Koch Released 1.0.5. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/src/ChangeLog 2008-11-03 18:27:11 UTC (rev 292) @@ -1,3 +1,15 @@ +2008-11-03 Marcus Brinkmann + + * assuan-handler.c (std_handler_help): Make I unsigned to silence + gcc -W warning. + * assuan-logging.c (_assuan_log_print_buffer): Likewise for N. + * funopen.c (_assuan_funopen): Remove initializer to silence gcc + -W warning. + * assuan-handler.c (std_cmd_table): Add missing initializer to + silence gcc -W warning. + * assuan-socket-server.c (io): Likewise. + * assuan-socket-connect.c (assuan_socket_connect_ext): Likewise. + 2008-10-29 Marcus Brinkmann * assuan.h (assuan_error_t) (_ASSUAN_ONLY_GPG_ERRORS): Make Modified: trunk/src/assuan-handler.c =================================================================== --- trunk/src/assuan-handler.c 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/src/assuan-handler.c 2008-11-03 18:27:11 UTC (rev 292) @@ -141,7 +141,7 @@ static int std_handler_help (assuan_context_t ctx, char *line) { - int i; + unsigned int i; char buf[ASSUAN_LINELENGTH]; for (i = 0; i < ctx->cmdtbl_used; i++) @@ -251,10 +251,10 @@ { "END", std_handler_end, 1 }, { "HELP", std_handler_help, 1 }, - { "INPUT", std_handler_input }, - { "OUTPUT", std_handler_output }, + { "INPUT", std_handler_input, 0 }, + { "OUTPUT", std_handler_output, 0 }, { "OPTION", std_handler_option, 1 }, - { NULL } + { NULL, NULL, 0 } }; Modified: trunk/src/assuan-logging.c =================================================================== --- trunk/src/assuan-logging.c 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/src/assuan-logging.c 2008-11-03 18:27:11 UTC (rev 292) @@ -129,14 +129,14 @@ _assuan_log_print_buffer (FILE *fp, const void *buffer, size_t length) { const unsigned char *s; - int n; + unsigned int n; - for (n=length,s=buffer; n; n--, s++) - if ((!isascii (*s) || iscntrl (*s) || !isprint (*s)) && !(*s >= 0x80)) + for (n = length, s = buffer; n; n--, s++) + if ((! isascii (*s) || iscntrl (*s) || ! isprint (*s)) && !(*s >= 0x80)) break; s = buffer; - if (!n && *s != '[') + if (! n && *s != '[') fwrite (buffer, length, 1, fp); else { @@ -144,15 +144,15 @@ flockfile (fp); #endif putc_unlocked ('[', fp); - if ( length > 16 && !full_logging) + if (length > 16 && ! full_logging) { - for (n=0; n < 12; n++, s++) + for (n = 0; n < 12; n++, s++) fprintf (fp, " %02x", *s); - fprintf (fp, " ...(%d bytes skipped)", (int)length - 12); + fprintf (fp, " ...(%d bytes skipped)", (int) length - 12); } else { - for (n=0; n < length; n++, s++) + for (n = 0; n < length; n++, s++) fprintf (fp, " %02x", *s); } putc_unlocked (' ', fp); Modified: trunk/src/assuan-socket-connect.c =================================================================== --- trunk/src/assuan-socket-connect.c 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/src/assuan-socket-connect.c 2008-11-03 18:27:11 UTC (rev 292) @@ -91,9 +91,8 @@ const char *name, pid_t server_pid, unsigned int flags) { - static struct assuan_io io = { _assuan_simple_read, - _assuan_simple_write }; - + static struct assuan_io io = { _assuan_simple_read, _assuan_simple_write, + NULL, NULL }; assuan_error_t err; assuan_context_t ctx; assuan_fd_t fd; Modified: trunk/src/assuan-socket-server.c =================================================================== --- trunk/src/assuan-socket-server.c 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/src/assuan-socket-server.c 2008-11-03 18:27:11 UTC (rev 292) @@ -38,10 +38,9 @@ #include "assuan-defs.h" -static struct assuan_io io = { _assuan_simple_read, - _assuan_simple_write }; +static struct assuan_io io = { _assuan_simple_read, _assuan_simple_write, + NULL, NULL }; - static int accept_connection_bottom (assuan_context_t ctx) { Modified: trunk/src/funopen.c =================================================================== --- trunk/src/funopen.c 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/src/funopen.c 2008-11-03 18:27:11 UTC (rev 292) @@ -46,7 +46,7 @@ cookie_seek_function_t *seekfn, cookie_close_function_t *closefn) { - cookie_io_functions_t io = { NULL }; + cookie_io_functions_t io; io.read = readfn; io.write = writefn; Modified: trunk/tests/fdpassing.c =================================================================== --- trunk/tests/fdpassing.c 2008-10-29 19:52:36 UTC (rev 291) +++ trunk/tests/fdpassing.c 2008-11-03 18:27:11 UTC (rev 292) @@ -72,15 +72,17 @@ static assuan_error_t register_commands (assuan_context_t ctx) { - static struct { + static struct + { const char *name; - int (*handler)(assuan_context_t, char *line); - } table[] = { - { "ECHO", cmd_echo }, - { "INPUT", NULL }, - { "OUTPUT", NULL }, - { NULL } - }; + int (*handler) (assuan_context_t, char *line); + } table[] = + { + { "ECHO", cmd_echo }, + { "INPUT", NULL }, + { "OUTPUT", NULL }, + { NULL, NULL } + }; int i; assuan_error_t rc; From cvs at cvs.gnupg.org Mon Nov 3 20:09:34 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 03 Nov 2008 20:09:34 +0100 Subject: [svn] GnuPG - r4867 - trunk/scd Message-ID: Author: wk Date: 2008-11-03 20:09:34 +0100 (Mon, 03 Nov 2008) New Revision: 4867 Modified: trunk/scd/ChangeLog trunk/scd/app-common.h trunk/scd/app.c trunk/scd/ccid-driver.c trunk/scd/command.c Log: Fixed the card removed with cached app bug. (Famous last fix). Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-11-03 10:54:18 UTC (rev 4866) +++ trunk/scd/ChangeLog 2008-11-03 19:09:34 UTC (rev 4867) @@ -1,5 +1,20 @@ 2008-11-03 Werner Koch + * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT + unsigned. + * app.c (select_application): Remove INITIALIZED. + (app_write_learn_status, app_readcert, app_readkey, app_getattr) + (app_setattr, app_sign, app_decipher, app_writecert) + (app_writekey, app_get_challenge, app_change_pin, app_check_pin): + Replace INITIALIZED by REF_COUNT check. + (application_notify_card_removed): Rename to .. + (application_notify_card_reset): .. this. Change all callers. + * command.c (do_reset): Call application_notify_card_reset after + sending a reset. + (update_reader_status_file): Add arg SET_CARD_REMOVED. + (scd_update_reader_status_file): Pass true for new flag. + (do_reset): Pass false for new flag. + * app.c (app_get_serial_and_stamp): Use bin2hex. * app-help.c (app_help_get_keygrip_string): Ditto. * app-p15.c (send_certinfo, send_keypairinfo, do_getattr): Ditto. Modified: trunk/scd/app-common.h =================================================================== --- trunk/scd/app-common.h 2008-11-03 10:54:18 UTC (rev 4866) +++ trunk/scd/app-common.h 2008-11-03 19:09:34 UTC (rev 4867) @@ -38,15 +38,14 @@ struct app_local_s; /* Defined by all app-*.c. */ struct app_ctx_s { - int initialized; /* The application has been initialied and the - function pointers may be used. Note that for - unsupported operations the particular - function pointer is set to NULL */ + unsigned int ref_count; /* Number of connections currently using + this application context. If this is + not 0 the application has been + initialized and the function pointers + may be used. Note that for unsupported + operations the particular function + pointer is set to NULL */ - int ref_count; /* Number of connections currently using this - application context. fixme: We might want to - merg this witghn INITIALIZED above. */ - int slot; /* Used reader. */ /* If this is used by GnuPG 1.4 we need to know the assuan context @@ -138,7 +137,7 @@ /*-- app.c --*/ void app_dump_state (void); -void application_notify_card_removed (int slot); +void application_notify_card_reset (int slot); gpg_error_t check_application_conflict (ctrl_t ctrl, const char *name); gpg_error_t select_application (ctrl_t ctrl, int slot, const char *name, app_t *r_app); Modified: trunk/scd/app.c =================================================================== --- trunk/scd/app.c 2008-11-03 10:54:18 UTC (rev 4866) +++ trunk/scd/app.c 2008-11-03 19:09:34 UTC (rev 4867) @@ -161,9 +161,9 @@ } -/* This may be called to tell this module about a removed card. */ +/* This may be called to tell this module about a removed or resetted card. */ void -application_notify_card_removed (int slot) +application_notify_card_reset (int slot) { app_t app; @@ -369,8 +369,8 @@ return err; } - app->initialized = 1; app->ref_count = 1; + log_debug ("USING application context (refcount=%u) (new)\n", app->ref_count); lock_table[slot].app = app; *r_app = app; unlock_reader (slot); @@ -405,7 +405,7 @@ if (!app) return; - if (app->ref_count < 1) + if (!app->ref_count) log_bug ("trying to release an already released context\n"); if (--app->ref_count) return; @@ -500,7 +500,7 @@ if (!app) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.learn_status) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -529,7 +529,7 @@ if (!app) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.readcert) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -561,7 +561,7 @@ if (!app || !keyid || !pk || !pklen) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.readkey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -582,7 +582,7 @@ if (!app || !name || !*name) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (app->apptype && name && !strcmp (name, "APPTYPE")) @@ -626,7 +626,7 @@ if (!app || !name || !*name || !value) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.setattr) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -652,7 +652,7 @@ if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.sign) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -684,7 +684,7 @@ if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.auth) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -716,7 +716,7 @@ if (!app || !indata || !indatalen || !outdata || !outdatalen || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.decipher) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -746,7 +746,7 @@ if (!app || !certidstr || !*certidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.writecert) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -774,7 +774,7 @@ if (!app || !keyidstr || !*keyidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.writekey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -801,7 +801,7 @@ if (!app || !keynostr || !*keynostr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.genkey) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -827,7 +827,7 @@ if (!app || !nbytes || !buffer) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); err = lock_reader (app->slot); if (err) @@ -849,7 +849,7 @@ if (!app || !chvnostr || !*chvnostr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.change_pin) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); @@ -877,7 +877,7 @@ if (!app || !keyidstr || !*keyidstr || !pincb) return gpg_error (GPG_ERR_INV_VALUE); - if (!app->initialized) + if (!app->ref_count) return gpg_error (GPG_ERR_CARD_NOT_INITIALIZED); if (!app->fnc.check_pin) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); Modified: trunk/scd/ccid-driver.c =================================================================== --- trunk/scd/ccid-driver.c 2008-11-03 10:54:18 UTC (rev 4866) +++ trunk/scd/ccid-driver.c 2008-11-03 19:09:34 UTC (rev 4867) @@ -1707,6 +1707,8 @@ } +/* Return the ATR of the card. This is not a cached value and thus an + actual reset is done. */ int ccid_get_atr (ccid_driver_t handle, unsigned char *atr, size_t maxatrlen, size_t *atrlen) @@ -1730,7 +1732,6 @@ if (statusbits == 2) return CCID_DRIVER_ERR_NO_CARD; - /* For an inactive and also for an active card, issue the PowerOn command to get the ATR. */ again: Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-11-03 10:54:18 UTC (rev 4866) +++ trunk/scd/command.c 2008-11-03 19:09:34 UTC (rev 4867) @@ -81,7 +81,7 @@ done. This is set once to indicate that the status tracking for the slot has been initialized. */ unsigned int status; /* Last status of the slot. */ - unsigned int changed; /* Last change counter of teh slot. */ + unsigned int changed; /* Last change counter of the slot. */ }; @@ -134,7 +134,7 @@ /*-- Local prototypes --*/ -static void update_reader_status_file (void); +static void update_reader_status_file (int set_card_removed_flag); @@ -171,7 +171,7 @@ } /* Let the card application layer know about the removal. */ if (value) - application_notify_card_removed (slot); + application_notify_card_reset (slot); } @@ -256,7 +256,8 @@ /* Reset the card and free the application context. With SEND_RESET - set to true actually send a RESET to the reader. */ + set to true actually send a RESET to the reader; this is the normal + way of calling the function. */ static void do_reset (ctrl_t ctrl, int send_reset) { @@ -265,18 +266,22 @@ if (!(slot == -1 || (slot >= 0 && slot < DIM(slot_table)))) BUG (); + /* If there is an active application, release it. */ if (ctrl->app_ctx) { release_application (ctrl->app_ctx); ctrl->app_ctx = NULL; } + /* If we want a real reset for the card, send the reset APDU and + tell the application layer about it. */ if (slot != -1 && send_reset && !IS_LOCKED (ctrl) ) { if (apdu_reset (slot)) { slot_table[slot].reset_failed = 1; } + application_notify_card_reset (slot); } /* If we hold a lock, unlock now. */ @@ -286,23 +291,23 @@ log_info ("implicitly unlocking due to RESET\n"); } - /* Reset card removed flag for the current reader. We need to take - the lock here so that the ticker thread won't concurrently try to - update the file. Note that the update function will set the card - removed flag and we will later reset it - not a particualar nice - way of implementing it but it works. */ + /* Reset the card removed flag for the current reader. We need to + take the lock here so that the ticker thread won't concurrently + try to update the file. Calling update_reader_status_file is + required to get hold of the new status of the card in the slot + table. */ if (!pth_mutex_acquire (&status_file_update_lock, 0, NULL)) { log_error ("failed to acquire status_fle_update lock\n"); ctrl->reader_slot = -1; return; } - update_reader_status_file (); - update_card_removed (slot, 0); + update_reader_status_file (0); /* Update slot status table. */ + update_card_removed (slot, 0); /* Clear card_removed flag. */ if (!pth_mutex_release (&status_file_update_lock)) log_error ("failed to release status_file_update lock\n"); - /* Do this last, so that update_card_removed does its job. */ + /* Do this last, so that the update_card_removed above does its job. */ ctrl->reader_slot = -1; } @@ -1875,7 +1880,7 @@ } } - /* Cleanup. */ + /* Cleanup. We don't send an explicit reset to the card. */ do_reset (ctrl, 0); /* Release the server object. */ @@ -1951,9 +1956,9 @@ /* This is the core of scd_update_reader_status_file but the caller - needs to take care of the locking. */ + needs to take care of the locking. */ static void -update_reader_status_file (void) +update_reader_status_file (int set_card_removed_flag) { int idx; unsigned int status, changed; @@ -1990,7 +1995,7 @@ /* FIXME: Should this be IDX instead of ss->slot? This depends on how client sessions will associate the reader status with their session. */ - sprintf (templ, "reader_%d.status", ss->slot); + snprintf (templ, sizeof templ, "reader_%d.status", ss->slot); fname = make_filename (opt.homedir, templ, NULL ); fp = fopen (fname, "w"); if (fp) @@ -2047,7 +2052,7 @@ /* Set the card removed flag for all current sessions. We will set this on any card change because a reset or SERIALNO request must be done in any case. */ - if (ss->any) + if (ss->any && set_card_removed_flag) update_card_removed (idx, 1); ss->any = 1; @@ -2090,7 +2095,7 @@ { if (!pth_mutex_acquire (&status_file_update_lock, 1, NULL)) return; /* locked - give up. */ - update_reader_status_file (); + update_reader_status_file (1); if (!pth_mutex_release (&status_file_update_lock)) log_error ("failed to release status_file_update lock\n"); } From cvs at cvs.gnupg.org Tue Nov 4 20:54:03 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 04 Nov 2008 20:54:03 +0100 Subject: [svn] GnuPG - r4868 - in trunk: common jnlib Message-ID: Author: wk Date: 2008-11-04 20:54:02 +0100 (Tue, 04 Nov 2008) New Revision: 4868 Modified: trunk/common/ChangeLog trunk/common/homedir.c trunk/common/i18n.c trunk/common/util.h trunk/jnlib/ChangeLog trunk/jnlib/Makefile.am trunk/jnlib/utf8conv.h trunk/jnlib/w32-gettext.c trunk/jnlib/w32help.h Log: Revamped the W32 gettext implementation. [The diff below has been truncated] Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/common/ChangeLog 2008-11-04 19:54:02 UTC (rev 4868) @@ -1,6 +1,11 @@ +2008-11-04 Werner Koch + + * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed + w32-gettext.c. + * homedir.c (gnupg_localedir): New. + 2008-10-20 Werner Koch - * http.c (http_register_tls_callback) [!HTTP_USE_GNUTLS]: Mark unused arg. * localename.c (do_nl_locale_name): Ditto. Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/jnlib/ChangeLog 2008-11-04 19:54:02 UTC (rev 4868) @@ -1,3 +1,10 @@ +2008-11-04 Werner Koch + + * w32-gettext.c: Merged with code from libgpg-error and rewrote + most parts. + + * Makefile.am (AM_CFLAGS): Add -DJNLIB_IN_JNLIB. + 2008-10-29 Werner Koch * stringhelp.c (make_filename): Implement using macros. Factor some Modified: trunk/common/homedir.c =================================================================== --- trunk/common/homedir.c 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/common/homedir.c 2008-11-04 19:54:02 UTC (rev 4868) @@ -322,6 +322,27 @@ } +const char * +gnupg_localedir (void) +{ +#ifdef HAVE_W32_SYSTEM + static char *name; + + if (!name) + { + const char *s1, *s2; + s1 = w32_rootdir (); + s2 = DIRSEP_S "share" DIRSEP_S "locale"; + name = xmalloc (strlen (s1) + strlen (s2) + 1); + strcpy (stpcpy (name, s1), s2); + } + return name; +#else /*!HAVE_W32_SYSTEM*/ + return LOCALEDIR; +#endif /*!HAVE_W32_SYSTEM*/ +} + + /* Return the default socket name used by DirMngr. */ const char * dirmngr_socket_name (void) Modified: trunk/common/i18n.c =================================================================== --- trunk/common/i18n.c 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/common/i18n.c 2008-11-04 19:54:02 UTC (rev 4868) @@ -33,7 +33,7 @@ i18n_init (void) { #ifdef USE_SIMPLE_GETTEXT - set_gettext_file (PACKAGE_GT, "Software\\GNU\\GnuPG"); + bindtextdomain (PACKAGE_GT, gnupg_localedir ()); #else # ifdef ENABLE_NLS setlocale (LC_ALL, "" ); Modified: trunk/common/util.h =================================================================== --- trunk/common/util.h 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/common/util.h 2008-11-04 19:54:02 UTC (rev 4868) @@ -208,6 +208,7 @@ const char *gnupg_libexecdir (void); const char *gnupg_libdir (void); const char *gnupg_datadir (void); +const char *gnupg_localedir (void); const char *dirmngr_socket_name (void); /* All module names. We also include gpg and gpgsm for the sake for Modified: trunk/jnlib/Makefile.am =================================================================== --- trunk/jnlib/Makefile.am 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/jnlib/Makefile.am 2008-11-04 19:54:02 UTC (rev 4868) @@ -27,7 +27,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/intl # We need libgcrypt because libjnlib-config includes gcrypt.h -AM_CFLAGS = $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -DJNLIB_IN_JNLIB $(LIBGCRYPT_CFLAGS) noinst_LIBRARIES = libjnlib.a Modified: trunk/jnlib/utf8conv.h =================================================================== Modified: trunk/jnlib/w32-gettext.c =================================================================== --- trunk/jnlib/w32-gettext.c 2008-11-03 19:09:34 UTC (rev 4867) +++ trunk/jnlib/w32-gettext.c 2008-11-04 19:54:02 UTC (rev 4868) @@ -1,789 +1,609 @@ -/* w32-gettext.c - A simplified version of gettext for use under W32. - * Copyright (C) 1995, 1996, 1997, 1999, 2000, 2003, - * 2005, 2007, 2008 Free Software Foundation, Inc. - * - * This file is part of JNLIB. - * - * JNLIB is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * JNLIB is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, see . - */ +/* w32-gettext.h - A simple gettext implementation for Windows targets. + Copyright (C) 1995, 1996, 1997, 1999, 2005, 2007, + 2008 Free Software Foundation, Inc. -/* - This is a simplified version of gettext written by Ulrich Drepper. - It is used for the Win32 version of GnuPG becaise all the overhead - of gettext is not needed and we have to do some special Win32 - stuff. I decided that this is far easier than to tweak gettext for - the special cases (I tried it but it is a lot of code). wk 15.09.99 + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public License + as published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . */ +#if HAVE_CONFIG_H #include -#ifdef USE_SIMPLE_GETTEXT -# if !defined (_WIN32) && !defined (__CYGWIN32__) +#endif +#if !defined (_WIN32) && !defined (__CYGWIN32__) # error This module may only be build for Windows or Cygwin32 -# endif +#endif -# include -# include -# include -# include -# include -# include -# include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include -# include "libjnlib-config.h" -# include "types.h" -# include "stringhelp.h" -# include "utf8conv.h" -# include "w32help.h" +#ifdef JNLIB_IN_JNLIB +#include "libjnlib-config.h" +#endif -# include "windows.h" /* For GetModuleFileName. */ +#ifndef jnlib_malloc +# define jnlib_malloc(a) malloc ((a)) +# define jnlib_calloc(a,b) calloc ((a), (b)) +# define jnlib_free(a) free ((a)) +# define jnlib_xstrdup(a) my_xstrdup(a) +#endif /*!jnlib_malloc*/ + +/* localname.c from gettext BEGIN. */ -/* The magic number of the GNU message catalog format. */ -#define MAGIC 0x950412de -#define MAGIC_SWAPPED 0xde120495 +/* Determine the current selected locale. + Copyright (C) 1995-1999, 2000-2003 Free Software Foundation, Inc. -/* Revision number of the currently used .mo (binary) file format. */ -#define MO_REVISION_NUMBER 0 + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Library General Public License as published + by the Free Software Foundation; either version 2, or (at your option) + any later version. + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. -/* Header for binary .mo file format. */ -struct mo_file_header -{ - /* The magic number. */ - u32 magic; - /* The revision number of the file format. */ - u32 revision; - /* The number of strings pairs. */ - u32 nstrings; - /* Offset of table with start offsets of original strings. */ - u32 orig_tab_offset; - /* Offset of table with start offsets of translation strings. */ - u32 trans_tab_offset; - /* Size of hashing table. */ - u32 hash_tab_size; - /* Offset of first hashing entry. */ - u32 hash_tab_offset; -}; + You should have received a copy of the GNU Library General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + USA. */ -struct string_desc -{ - /* Length of addressed string. */ - u32 length; - /* Offset of string in file. */ - u32 offset; -}; - - -struct overflow_space_s -{ - struct overflow_space_s *next; - u32 idx; - char d[1]; -}; - -struct loaded_domain -{ - char *data; - char *data_native; /* Data mapped to the native version of the - string. (Allocated along with DATA). */ - int must_swap; - u32 nstrings; - char *mapped; /* 0 = not mapped (original utf8), - 1 = mapped to native encoding, - 2 = mapped to native encoding in overflow space. */ - struct overflow_space_s *overflow_space; - struct string_desc *orig_tab; - struct string_desc *trans_tab; - u32 hash_size; - u32 *hash_tab; -}; - - -static struct loaded_domain *the_domain; -static char *the_langid; -static int want_utf8; /* True if the user want's utf-8 strings. */ - - -static __inline__ u32 -do_swap_u32( u32 i ) -{ - return (i << 24) | ((i & 0xff00) << 8) | ((i >> 8) & 0xff00) | (i >> 24); -} - -#define SWAPIT(flag, data) ((flag) ? do_swap_u32(data) : (data) ) - - -/* We assume to have `unsigned long int' value with at least 32 bits. */ -#define HASHWORDBITS 32 - - - -/* BEGIN parts of localname.c from gettext. */ - /* Written by Ulrich Drepper , 1995. */ /* Win32 code written by Tor Lillqvist . */ +/* Renamed _nl_locale_name, removed unsed carg, removed include files, + non-W32 code and changed comments . */ -/* List of language codes, sorted by value: - 0x01 LANG_ARABIC - 0x02 LANG_BULGARIAN - 0x03 LANG_CATALAN - 0x04 LANG_CHINESE - 0x05 LANG_CZECH - 0x06 LANG_DANISH - 0x07 LANG_GERMAN - 0x08 LANG_GREEK - 0x09 LANG_ENGLISH - 0x0a LANG_SPANISH - 0x0b LANG_FINNISH - 0x0c LANG_FRENCH - 0x0d LANG_HEBREW - 0x0e LANG_HUNGARIAN - 0x0f LANG_ICELANDIC - 0x10 LANG_ITALIAN - 0x11 LANG_JAPANESE - 0x12 LANG_KOREAN - 0x13 LANG_DUTCH - 0x14 LANG_NORWEGIAN - 0x15 LANG_POLISH - 0x16 LANG_PORTUGUESE - 0x17 LANG_RHAETO_ROMANCE - 0x18 LANG_ROMANIAN - 0x19 LANG_RUSSIAN - 0x1a LANG_CROATIAN == LANG_SERBIAN - 0x1b LANG_SLOVAK - 0x1c LANG_ALBANIAN - 0x1d LANG_SWEDISH - 0x1e LANG_THAI - 0x1f LANG_TURKISH - 0x20 LANG_URDU - 0x21 LANG_INDONESIAN - 0x22 LANG_UKRAINIAN - 0x23 LANG_BELARUSIAN - 0x24 LANG_SLOVENIAN - 0x25 LANG_ESTONIAN - 0x26 LANG_LATVIAN - 0x27 LANG_LITHUANIAN - 0x28 LANG_TAJIK - 0x29 LANG_FARSI - 0x2a LANG_VIETNAMESE - 0x2b LANG_ARMENIAN - 0x2c LANG_AZERI - 0x2d LANG_BASQUE - 0x2e LANG_SORBIAN - 0x2f LANG_MACEDONIAN - 0x30 LANG_SUTU - 0x31 LANG_TSONGA - 0x32 LANG_TSWANA - 0x33 LANG_VENDA - 0x34 LANG_XHOSA - 0x35 LANG_ZULU - 0x36 LANG_AFRIKAANS - 0x37 LANG_GEORGIAN - 0x38 LANG_FAEROESE - 0x39 LANG_HINDI - 0x3a LANG_MALTESE - 0x3b LANG_SAAMI - 0x3c LANG_GAELIC - 0x3d LANG_YIDDISH - 0x3e LANG_MALAY - 0x3f LANG_KAZAK - 0x40 LANG_KYRGYZ - 0x41 LANG_SWAHILI - 0x42 LANG_TURKMEN - 0x43 LANG_UZBEK - 0x44 LANG_TATAR - 0x45 LANG_BENGALI - 0x46 LANG_PUNJABI - 0x47 LANG_GUJARATI - 0x48 LANG_ORIYA - 0x49 LANG_TAMIL - 0x4a LANG_TELUGU - 0x4b LANG_KANNADA - 0x4c LANG_MALAYALAM - 0x4d LANG_ASSAMESE - 0x4e LANG_MARATHI - 0x4f LANG_SANSKRIT - 0x50 LANG_MONGOLIAN - 0x51 LANG_TIBETAN - 0x52 LANG_WELSH - 0x53 LANG_CAMBODIAN - 0x54 LANG_LAO - 0x55 LANG_BURMESE - 0x56 LANG_GALICIAN - 0x57 LANG_KONKANI - 0x58 LANG_MANIPURI - 0x59 LANG_SINDHI - 0x5a LANG_SYRIAC - 0x5b LANG_SINHALESE - 0x5c LANG_CHEROKEE - 0x5d LANG_INUKTITUT - 0x5e LANG_AMHARIC - 0x5f LANG_TAMAZIGHT - 0x60 LANG_KASHMIRI - 0x61 LANG_NEPALI - 0x62 LANG_FRISIAN - 0x63 LANG_PASHTO - 0x64 LANG_TAGALOG - 0x65 LANG_DIVEHI - 0x66 LANG_EDO - 0x67 LANG_FULFULDE - 0x68 LANG_HAUSA - 0x69 LANG_IBIBIO - 0x6a LANG_YORUBA - 0x70 LANG_IGBO - 0x71 LANG_KANURI - 0x72 LANG_OROMO - 0x73 LANG_TIGRINYA - 0x74 LANG_GUARANI - 0x75 LANG_HAWAIIAN - 0x76 LANG_LATIN - 0x77 LANG_SOMALI - 0x78 LANG_YI - 0x79 LANG_PAPIAMENTU -*/ /* Mingw headers don't have latest language and sublanguage codes. */ -# ifndef LANG_AFRIKAANS -# define LANG_AFRIKAANS 0x36 -# endif -# ifndef LANG_ALBANIAN -# define LANG_ALBANIAN 0x1c -# endif -# ifndef LANG_AMHARIC -# define LANG_AMHARIC 0x5e -# endif -# ifndef LANG_ARABIC -# define LANG_ARABIC 0x01 -# endif -# ifndef LANG_ARMENIAN -# define LANG_ARMENIAN 0x2b -# endif -# ifndef LANG_ASSAMESE -# define LANG_ASSAMESE 0x4d -# endif -# ifndef LANG_AZERI -# define LANG_AZERI 0x2c -# endif -# ifndef LANG_BASQUE -# define LANG_BASQUE 0x2d -# endif -# ifndef LANG_BELARUSIAN -# define LANG_BELARUSIAN 0x23 -# endif -# ifndef LANG_BENGALI -# define LANG_BENGALI 0x45 -# endif -# ifndef LANG_BURMESE -# define LANG_BURMESE 0x55 -# endif -# ifndef LANG_CAMBODIAN -# define LANG_CAMBODIAN 0x53 -# endif -# ifndef LANG_CATALAN -# define LANG_CATALAN 0x03 -# endif -# ifndef LANG_CHEROKEE -# define LANG_CHEROKEE 0x5c -# endif -# ifndef LANG_DIVEHI -# define LANG_DIVEHI 0x65 -# endif -# ifndef LANG_EDO -# define LANG_EDO 0x66 -# endif -# ifndef LANG_ESTONIAN -# define LANG_ESTONIAN 0x25 -# endif -# ifndef LANG_FAEROESE -# define LANG_FAEROESE 0x38 -# endif -# ifndef LANG_FARSI -# define LANG_FARSI 0x29 -# endif -# ifndef LANG_FRISIAN -# define LANG_FRISIAN 0x62 -# endif -# ifndef LANG_FULFULDE -# define LANG_FULFULDE 0x67 -# endif -# ifndef LANG_GAELIC -# define LANG_GAELIC 0x3c -# endif -# ifndef LANG_GALICIAN -# define LANG_GALICIAN 0x56 -# endif -# ifndef LANG_GEORGIAN -# define LANG_GEORGIAN 0x37 -# endif -# ifndef LANG_GUARANI -# define LANG_GUARANI 0x74 -# endif -# ifndef LANG_GUJARATI -# define LANG_GUJARATI 0x47 -# endif -# ifndef LANG_HAUSA -# define LANG_HAUSA 0x68 -# endif -# ifndef LANG_HAWAIIAN -# define LANG_HAWAIIAN 0x75 -# endif -# ifndef LANG_HEBREW -# define LANG_HEBREW 0x0d -# endif -# ifndef LANG_HINDI -# define LANG_HINDI 0x39 -# endif -# ifndef LANG_IBIBIO -# define LANG_IBIBIO 0x69 -# endif -# ifndef LANG_IGBO -# define LANG_IGBO 0x70 -# endif -# ifndef LANG_INDONESIAN -# define LANG_INDONESIAN 0x21 -# endif -# ifndef LANG_INUKTITUT -# define LANG_INUKTITUT 0x5d -# endif -# ifndef LANG_KANNADA -# define LANG_KANNADA 0x4b -# endif -# ifndef LANG_KANURI -# define LANG_KANURI 0x71 -# endif -# ifndef LANG_KASHMIRI -# define LANG_KASHMIRI 0x60 -# endif -# ifndef LANG_KAZAK -# define LANG_KAZAK 0x3f -# endif -# ifndef LANG_KONKANI -# define LANG_KONKANI 0x57 -# endif -# ifndef LANG_KYRGYZ -# define LANG_KYRGYZ 0x40 -# endif -# ifndef LANG_LAO -# define LANG_LAO 0x54 -# endif -# ifndef LANG_LATIN -# define LANG_LATIN 0x76 -# endif -# ifndef LANG_LATVIAN -# define LANG_LATVIAN 0x26 -# endif -# ifndef LANG_LITHUANIAN -# define LANG_LITHUANIAN 0x27 -# endif -# ifndef LANG_MACEDONIAN -# define LANG_MACEDONIAN 0x2f -# endif -# ifndef LANG_MALAY -# define LANG_MALAY 0x3e -# endif -# ifndef LANG_MALAYALAM -# define LANG_MALAYALAM 0x4c -# endif -# ifndef LANG_MALTESE -# define LANG_MALTESE 0x3a -# endif -# ifndef LANG_MANIPURI -# define LANG_MANIPURI 0x58 -# endif -# ifndef LANG_MARATHI -# define LANG_MARATHI 0x4e -# endif -# ifndef LANG_MONGOLIAN -# define LANG_MONGOLIAN 0x50 -# endif -# ifndef LANG_NEPALI -# define LANG_NEPALI 0x61 -# endif -# ifndef LANG_ORIYA -# define LANG_ORIYA 0x48 -# endif -# ifndef LANG_OROMO -# define LANG_OROMO 0x72 -# endif -# ifndef LANG_PAPIAMENTU -# define LANG_PAPIAMENTU 0x79 -# endif -# ifndef LANG_PASHTO -# define LANG_PASHTO 0x63 -# endif -# ifndef LANG_PUNJABI -# define LANG_PUNJABI 0x46 -# endif -# ifndef LANG_RHAETO_ROMANCE -# define LANG_RHAETO_ROMANCE 0x17 -# endif -# ifndef LANG_SAAMI -# define LANG_SAAMI 0x3b -# endif -# ifndef LANG_SANSKRIT -# define LANG_SANSKRIT 0x4f -# endif -# ifndef LANG_SERBIAN -# define LANG_SERBIAN 0x1a -# endif -# ifndef LANG_SINDHI -# define LANG_SINDHI 0x59 -# endif -# ifndef LANG_SINHALESE -# define LANG_SINHALESE 0x5b -# endif -# ifndef LANG_SLOVAK -# define LANG_SLOVAK 0x1b -# endif -# ifndef LANG_SOMALI -# define LANG_SOMALI 0x77 -# endif -# ifndef LANG_SORBIAN -# define LANG_SORBIAN 0x2e -# endif -# ifndef LANG_SUTU -# define LANG_SUTU 0x30 -# endif -# ifndef LANG_SWAHILI -# define LANG_SWAHILI 0x41 -# endif -# ifndef LANG_SYRIAC -# define LANG_SYRIAC 0x5a -# endif -# ifndef LANG_TAGALOG -# define LANG_TAGALOG 0x64 -# endif -# ifndef LANG_TAJIK -# define LANG_TAJIK 0x28 -# endif -# ifndef LANG_TAMAZIGHT -# define LANG_TAMAZIGHT 0x5f -# endif -# ifndef LANG_TAMIL -# define LANG_TAMIL 0x49 -# endif -# ifndef LANG_TATAR -# define LANG_TATAR 0x44 -# endif -# ifndef LANG_TELUGU -# define LANG_TELUGU 0x4a -# endif -# ifndef LANG_THAI -# define LANG_THAI 0x1e -# endif -# ifndef LANG_TIBETAN -# define LANG_TIBETAN 0x51 -# endif -# ifndef LANG_TIGRINYA -# define LANG_TIGRINYA 0x73 -# endif -# ifndef LANG_TSONGA -# define LANG_TSONGA 0x31 -# endif -# ifndef LANG_TSWANA -# define LANG_TSWANA 0x32 -# endif -# ifndef LANG_TURKMEN -# define LANG_TURKMEN 0x42 -# endif -# ifndef LANG_UKRAINIAN -# define LANG_UKRAINIAN 0x22 -# endif -# ifndef LANG_URDU -# define LANG_URDU 0x20 -# endif -# ifndef LANG_UZBEK -# define LANG_UZBEK 0x43 -# endif -# ifndef LANG_VENDA -# define LANG_VENDA 0x33 -# endif -# ifndef LANG_VIETNAMESE -# define LANG_VIETNAMESE 0x2a -# endif -# ifndef LANG_WELSH -# define LANG_WELSH 0x52 -# endif -# ifndef LANG_XHOSA -# define LANG_XHOSA 0x34 -# endif -# ifndef LANG_YI -# define LANG_YI 0x78 -# endif -# ifndef LANG_YIDDISH -# define LANG_YIDDISH 0x3d -# endif -# ifndef LANG_YORUBA -# define LANG_YORUBA 0x6a -# endif -# ifndef LANG_ZULU -# define LANG_ZULU 0x35 -# endif -# ifndef SUBLANG_ARABIC_SAUDI_ARABIA -# define SUBLANG_ARABIC_SAUDI_ARABIA 0x01 -# endif -# ifndef SUBLANG_ARABIC_IRAQ -# define SUBLANG_ARABIC_IRAQ 0x02 -# endif -# ifndef SUBLANG_ARABIC_EGYPT -# define SUBLANG_ARABIC_EGYPT 0x03 -# endif -# ifndef SUBLANG_ARABIC_LIBYA -# define SUBLANG_ARABIC_LIBYA 0x04 -# endif -# ifndef SUBLANG_ARABIC_ALGERIA -# define SUBLANG_ARABIC_ALGERIA 0x05 -# endif -# ifndef SUBLANG_ARABIC_MOROCCO -# define SUBLANG_ARABIC_MOROCCO 0x06 -# endif -# ifndef SUBLANG_ARABIC_TUNISIA -# define SUBLANG_ARABIC_TUNISIA 0x07 -# endif -# ifndef SUBLANG_ARABIC_OMAN -# define SUBLANG_ARABIC_OMAN 0x08 -# endif -# ifndef SUBLANG_ARABIC_YEMEN -# define SUBLANG_ARABIC_YEMEN 0x09 -# endif -# ifndef SUBLANG_ARABIC_SYRIA -# define SUBLANG_ARABIC_SYRIA 0x0a -# endif -# ifndef SUBLANG_ARABIC_JORDAN -# define SUBLANG_ARABIC_JORDAN 0x0b -# endif -# ifndef SUBLANG_ARABIC_LEBANON -# define SUBLANG_ARABIC_LEBANON 0x0c -# endif -# ifndef SUBLANG_ARABIC_KUWAIT -# define SUBLANG_ARABIC_KUWAIT 0x0d -# endif -# ifndef SUBLANG_ARABIC_UAE -# define SUBLANG_ARABIC_UAE 0x0e -# endif -# ifndef SUBLANG_ARABIC_BAHRAIN -# define SUBLANG_ARABIC_BAHRAIN 0x0f -# endif -# ifndef SUBLANG_ARABIC_QATAR -# define SUBLANG_ARABIC_QATAR 0x10 -# endif -# ifndef SUBLANG_AZERI_LATIN -# define SUBLANG_AZERI_LATIN 0x01 -# endif -# ifndef SUBLANG_AZERI_CYRILLIC -# define SUBLANG_AZERI_CYRILLIC 0x02 -# endif -# ifndef SUBLANG_BENGALI_INDIA -# define SUBLANG_BENGALI_INDIA 0x01 -# endif -# ifndef SUBLANG_BENGALI_BANGLADESH -# define SUBLANG_BENGALI_BANGLADESH 0x02 -# endif -# ifndef SUBLANG_CHINESE_MACAU -# define SUBLANG_CHINESE_MACAU 0x05 -# endif -# ifndef SUBLANG_ENGLISH_SOUTH_AFRICA -# define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07 -# endif -# ifndef SUBLANG_ENGLISH_JAMAICA -# define SUBLANG_ENGLISH_JAMAICA 0x08 -# endif -# ifndef SUBLANG_ENGLISH_CARIBBEAN -# define SUBLANG_ENGLISH_CARIBBEAN 0x09 -# endif -# ifndef SUBLANG_ENGLISH_BELIZE -# define SUBLANG_ENGLISH_BELIZE 0x0a -# endif -# ifndef SUBLANG_ENGLISH_TRINIDAD -# define SUBLANG_ENGLISH_TRINIDAD 0x0b -# endif -# ifndef SUBLANG_ENGLISH_ZIMBABWE -# define SUBLANG_ENGLISH_ZIMBABWE 0x0c -# endif -# ifndef SUBLANG_ENGLISH_PHILIPPINES -# define SUBLANG_ENGLISH_PHILIPPINES 0x0d -# endif -# ifndef SUBLANG_ENGLISH_INDONESIA -# define SUBLANG_ENGLISH_INDONESIA 0x0e -# endif -# ifndef SUBLANG_ENGLISH_HONGKONG -# define SUBLANG_ENGLISH_HONGKONG 0x0f -# endif -# ifndef SUBLANG_ENGLISH_INDIA -# define SUBLANG_ENGLISH_INDIA 0x10 -# endif -# ifndef SUBLANG_ENGLISH_MALAYSIA -# define SUBLANG_ENGLISH_MALAYSIA 0x11 -# endif -# ifndef SUBLANG_ENGLISH_SINGAPORE -# define SUBLANG_ENGLISH_SINGAPORE 0x12 -# endif -# ifndef SUBLANG_FRENCH_LUXEMBOURG -# define SUBLANG_FRENCH_LUXEMBOURG 0x05 -# endif -# ifndef SUBLANG_FRENCH_MONACO -# define SUBLANG_FRENCH_MONACO 0x06 -# endif -# ifndef SUBLANG_FRENCH_WESTINDIES -# define SUBLANG_FRENCH_WESTINDIES 0x07 -# endif -# ifndef SUBLANG_FRENCH_REUNION -# define SUBLANG_FRENCH_REUNION 0x08 -# endif -# ifndef SUBLANG_FRENCH_CONGO -# define SUBLANG_FRENCH_CONGO 0x09 -# endif -# ifndef SUBLANG_FRENCH_SENEGAL -# define SUBLANG_FRENCH_SENEGAL 0x0a -# endif -# ifndef SUBLANG_FRENCH_CAMEROON -# define SUBLANG_FRENCH_CAMEROON 0x0b -# endif -# ifndef SUBLANG_FRENCH_COTEDIVOIRE -# define SUBLANG_FRENCH_COTEDIVOIRE 0x0c -# endif -# ifndef SUBLANG_FRENCH_MALI -# define SUBLANG_FRENCH_MALI 0x0d -# endif -# ifndef SUBLANG_FRENCH_MOROCCO -# define SUBLANG_FRENCH_MOROCCO 0x0e -# endif -# ifndef SUBLANG_FRENCH_HAITI -# define SUBLANG_FRENCH_HAITI 0x0f -# endif -# ifndef SUBLANG_GERMAN_LUXEMBOURG -# define SUBLANG_GERMAN_LUXEMBOURG 0x04 -# endif -# ifndef SUBLANG_GERMAN_LIECHTENSTEIN -# define SUBLANG_GERMAN_LIECHTENSTEIN 0x05 -# endif -# ifndef SUBLANG_KASHMIRI_INDIA -# define SUBLANG_KASHMIRI_INDIA 0x02 -# endif -# ifndef SUBLANG_MALAY_MALAYSIA -# define SUBLANG_MALAY_MALAYSIA 0x01 -# endif -# ifndef SUBLANG_MALAY_BRUNEI_DARUSSALAM -# define SUBLANG_MALAY_BRUNEI_DARUSSALAM 0x02 -# endif -# ifndef SUBLANG_NEPALI_INDIA -# define SUBLANG_NEPALI_INDIA 0x02 -# endif -# ifndef SUBLANG_PUNJABI_INDIA -# define SUBLANG_PUNJABI_INDIA 0x01 -# endif -# ifndef SUBLANG_ROMANIAN_ROMANIA -# define SUBLANG_ROMANIAN_ROMANIA 0x01 -# endif -# ifndef SUBLANG_SERBIAN_LATIN -# define SUBLANG_SERBIAN_LATIN 0x02 -# endif -# ifndef SUBLANG_SERBIAN_CYRILLIC -# define SUBLANG_SERBIAN_CYRILLIC 0x03 -# endif -# ifndef SUBLANG_SINDHI_INDIA -# define SUBLANG_SINDHI_INDIA 0x00 -# endif -# ifndef SUBLANG_SINDHI_PAKISTAN -# define SUBLANG_SINDHI_PAKISTAN 0x01 -# endif -# ifndef SUBLANG_SPANISH_GUATEMALA -# define SUBLANG_SPANISH_GUATEMALA 0x04 -# endif -# ifndef SUBLANG_SPANISH_COSTA_RICA -# define SUBLANG_SPANISH_COSTA_RICA 0x05 -# endif -# ifndef SUBLANG_SPANISH_PANAMA -# define SUBLANG_SPANISH_PANAMA 0x06 -# endif -# ifndef SUBLANG_SPANISH_DOMINICAN_REPUBLIC -# define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07 -# endif -# ifndef SUBLANG_SPANISH_VENEZUELA -# define SUBLANG_SPANISH_VENEZUELA 0x08 -# endif -# ifndef SUBLANG_SPANISH_COLOMBIA -# define SUBLANG_SPANISH_COLOMBIA 0x09 -# endif -# ifndef SUBLANG_SPANISH_PERU -# define SUBLANG_SPANISH_PERU 0x0a -# endif -# ifndef SUBLANG_SPANISH_ARGENTINA -# define SUBLANG_SPANISH_ARGENTINA 0x0b -# endif -# ifndef SUBLANG_SPANISH_ECUADOR -# define SUBLANG_SPANISH_ECUADOR 0x0c -# endif -# ifndef SUBLANG_SPANISH_CHILE -# define SUBLANG_SPANISH_CHILE 0x0d -# endif -# ifndef SUBLANG_SPANISH_URUGUAY -# define SUBLANG_SPANISH_URUGUAY 0x0e -# endif -# ifndef SUBLANG_SPANISH_PARAGUAY -# define SUBLANG_SPANISH_PARAGUAY 0x0f -# endif -# ifndef SUBLANG_SPANISH_BOLIVIA -# define SUBLANG_SPANISH_BOLIVIA 0x10 -# endif -# ifndef SUBLANG_SPANISH_EL_SALVADOR -# define SUBLANG_SPANISH_EL_SALVADOR 0x11 -# endif -# ifndef SUBLANG_SPANISH_HONDURAS -# define SUBLANG_SPANISH_HONDURAS 0x12 -# endif -# ifndef SUBLANG_SPANISH_NICARAGUA -# define SUBLANG_SPANISH_NICARAGUA 0x13 -# endif -# ifndef SUBLANG_SPANISH_PUERTO_RICO -# define SUBLANG_SPANISH_PUERTO_RICO 0x14 -# endif -# ifndef SUBLANG_SWEDISH_FINLAND -# define SUBLANG_SWEDISH_FINLAND 0x02 -# endif -# ifndef SUBLANG_TAMAZIGHT_ARABIC -# define SUBLANG_TAMAZIGHT_ARABIC 0x01 -# endif -# ifndef SUBLANG_TAMAZIGHT_LATIN -# define SUBLANG_TAMAZIGHT_LATIN 0x02 -# endif -# ifndef SUBLANG_TIGRINYA_ETHIOPIA -# define SUBLANG_TIGRINYA_ETHIOPIA 0x00 -# endif -# ifndef SUBLANG_TIGRINYA_ERITREA -# define SUBLANG_TIGRINYA_ERITREA 0x01 -# endif -# ifndef SUBLANG_URDU_PAKISTAN -# define SUBLANG_URDU_PAKISTAN 0x01 -# endif -# ifndef SUBLANG_URDU_INDIA -# define SUBLANG_URDU_INDIA 0x02 -# endif -# ifndef SUBLANG_UZBEK_LATIN -# define SUBLANG_UZBEK_LATIN 0x01 -# endif -# ifndef SUBLANG_UZBEK_CYRILLIC -# define SUBLANG_UZBEK_CYRILLIC 0x02 -# endif - - -/* Return an XPG style locale name language[_territory][@modifier]. +#ifndef LANG_AFRIKAANS +#define LANG_AFRIKAANS 0x36 +#endif +#ifndef LANG_ALBANIAN +#define LANG_ALBANIAN 0x1c +#endif +#ifndef LANG_AMHARIC +#define LANG_AMHARIC 0x5e +#endif +#ifndef LANG_ARABIC +#define LANG_ARABIC 0x01 +#endif +#ifndef LANG_ARMENIAN +#define LANG_ARMENIAN 0x2b +#endif +#ifndef LANG_ASSAMESE +#define LANG_ASSAMESE 0x4d +#endif +#ifndef LANG_AZERI +#define LANG_AZERI 0x2c +#endif +#ifndef LANG_BASQUE +#define LANG_BASQUE 0x2d +#endif +#ifndef LANG_BELARUSIAN +#define LANG_BELARUSIAN 0x23 +#endif +#ifndef LANG_BENGALI +#define LANG_BENGALI 0x45 +#endif +#ifndef LANG_BURMESE +#define LANG_BURMESE 0x55 +#endif +#ifndef LANG_CAMBODIAN +#define LANG_CAMBODIAN 0x53 +#endif +#ifndef LANG_CATALAN +#define LANG_CATALAN 0x03 +#endif +#ifndef LANG_CHEROKEE +#define LANG_CHEROKEE 0x5c +#endif +#ifndef LANG_DIVEHI +#define LANG_DIVEHI 0x65 +#endif +#ifndef LANG_EDO +#define LANG_EDO 0x66 +#endif +#ifndef LANG_ESTONIAN +#define LANG_ESTONIAN 0x25 +#endif +#ifndef LANG_FAEROESE +#define LANG_FAEROESE 0x38 +#endif +#ifndef LANG_FARSI +#define LANG_FARSI 0x29 +#endif +#ifndef LANG_FRISIAN +#define LANG_FRISIAN 0x62 +#endif +#ifndef LANG_FULFULDE +#define LANG_FULFULDE 0x67 +#endif +#ifndef LANG_GAELIC +#define LANG_GAELIC 0x3c +#endif +#ifndef LANG_GALICIAN +#define LANG_GALICIAN 0x56 +#endif +#ifndef LANG_GEORGIAN +#define LANG_GEORGIAN 0x37 +#endif +#ifndef LANG_GUARANI +#define LANG_GUARANI 0x74 +#endif +#ifndef LANG_GUJARATI +#define LANG_GUJARATI 0x47 +#endif +#ifndef LANG_HAUSA +#define LANG_HAUSA 0x68 +#endif +#ifndef LANG_HAWAIIAN +#define LANG_HAWAIIAN 0x75 +#endif +#ifndef LANG_HEBREW +#define LANG_HEBREW 0x0d +#endif +#ifndef LANG_HINDI +#define LANG_HINDI 0x39 +#endif +#ifndef LANG_IBIBIO +#define LANG_IBIBIO 0x69 +#endif +#ifndef LANG_IGBO +#define LANG_IGBO 0x70 +#endif +#ifndef LANG_INDONESIAN +#define LANG_INDONESIAN 0x21 +#endif +#ifndef LANG_INUKTITUT +#define LANG_INUKTITUT 0x5d +#endif +#ifndef LANG_KANNADA +#define LANG_KANNADA 0x4b +#endif +#ifndef LANG_KANURI +#define LANG_KANURI 0x71 +#endif +#ifndef LANG_KASHMIRI +#define LANG_KASHMIRI 0x60 +#endif +#ifndef LANG_KAZAK +#define LANG_KAZAK 0x3f +#endif +#ifndef LANG_KONKANI +#define LANG_KONKANI 0x57 +#endif +#ifndef LANG_KYRGYZ +#define LANG_KYRGYZ 0x40 +#endif +#ifndef LANG_LAO +#define LANG_LAO 0x54 +#endif +#ifndef LANG_LATIN +#define LANG_LATIN 0x76 +#endif +#ifndef LANG_LATVIAN +#define LANG_LATVIAN 0x26 +#endif +#ifndef LANG_LITHUANIAN +#define LANG_LITHUANIAN 0x27 +#endif +#ifndef LANG_MACEDONIAN +#define LANG_MACEDONIAN 0x2f +#endif +#ifndef LANG_MALAY +#define LANG_MALAY 0x3e +#endif +#ifndef LANG_MALAYALAM +#define LANG_MALAYALAM 0x4c +#endif +#ifndef LANG_MALTESE +#define LANG_MALTESE 0x3a +#endif +#ifndef LANG_MANIPURI +#define LANG_MANIPURI 0x58 +#endif +#ifndef LANG_MARATHI +#define LANG_MARATHI 0x4e +#endif +#ifndef LANG_MONGOLIAN +#define LANG_MONGOLIAN 0x50 +#endif +#ifndef LANG_NEPALI +#define LANG_NEPALI 0x61 +#endif +#ifndef LANG_ORIYA +#define LANG_ORIYA 0x48 +#endif +#ifndef LANG_OROMO +#define LANG_OROMO 0x72 +#endif +#ifndef LANG_PAPIAMENTU +#define LANG_PAPIAMENTU 0x79 +#endif +#ifndef LANG_PASHTO +#define LANG_PASHTO 0x63 +#endif +#ifndef LANG_PUNJABI +#define LANG_PUNJABI 0x46 +#endif +#ifndef LANG_RHAETO_ROMANCE +#define LANG_RHAETO_ROMANCE 0x17 +#endif +#ifndef LANG_SAAMI +#define LANG_SAAMI 0x3b +#endif +#ifndef LANG_SANSKRIT +#define LANG_SANSKRIT 0x4f +#endif +#ifndef LANG_SERBIAN +#define LANG_SERBIAN 0x1a +#endif +#ifndef LANG_SINDHI +#define LANG_SINDHI 0x59 +#endif +#ifndef LANG_SINHALESE +#define LANG_SINHALESE 0x5b +#endif +#ifndef LANG_SLOVAK +#define LANG_SLOVAK 0x1b +#endif +#ifndef LANG_SOMALI +#define LANG_SOMALI 0x77 +#endif +#ifndef LANG_SORBIAN +#define LANG_SORBIAN 0x2e +#endif +#ifndef LANG_SUTU +#define LANG_SUTU 0x30 +#endif +#ifndef LANG_SWAHILI +#define LANG_SWAHILI 0x41 +#endif +#ifndef LANG_SYRIAC +#define LANG_SYRIAC 0x5a +#endif +#ifndef LANG_TAGALOG +#define LANG_TAGALOG 0x64 +#endif +#ifndef LANG_TAJIK +#define LANG_TAJIK 0x28 +#endif +#ifndef LANG_TAMAZIGHT +#define LANG_TAMAZIGHT 0x5f +#endif +#ifndef LANG_TAMIL +#define LANG_TAMIL 0x49 +#endif +#ifndef LANG_TATAR +#define LANG_TATAR 0x44 +#endif +#ifndef LANG_TELUGU +#define LANG_TELUGU 0x4a +#endif +#ifndef LANG_THAI +#define LANG_THAI 0x1e +#endif +#ifndef LANG_TIBETAN +#define LANG_TIBETAN 0x51 +#endif +#ifndef LANG_TIGRINYA +#define LANG_TIGRINYA 0x73 +#endif +#ifndef LANG_TSONGA +#define LANG_TSONGA 0x31 +#endif +#ifndef LANG_TSWANA +#define LANG_TSWANA 0x32 +#endif +#ifndef LANG_TURKMEN +#define LANG_TURKMEN 0x42 +#endif +#ifndef LANG_UKRAINIAN +#define LANG_UKRAINIAN 0x22 +#endif +#ifndef LANG_URDU +#define LANG_URDU 0x20 +#endif +#ifndef LANG_UZBEK +#define LANG_UZBEK 0x43 +#endif +#ifndef LANG_VENDA +#define LANG_VENDA 0x33 +#endif +#ifndef LANG_VIETNAMESE +#define LANG_VIETNAMESE 0x2a +#endif +#ifndef LANG_WELSH +#define LANG_WELSH 0x52 +#endif +#ifndef LANG_XHOSA +#define LANG_XHOSA 0x34 +#endif +#ifndef LANG_YI +#define LANG_YI 0x78 +#endif +#ifndef LANG_YIDDISH +#define LANG_YIDDISH 0x3d +#endif +#ifndef LANG_YORUBA +#define LANG_YORUBA 0x6a +#endif +#ifndef LANG_ZULU +#define LANG_ZULU 0x35 +#endif +#ifndef SUBLANG_ARABIC_SAUDI_ARABIA +#define SUBLANG_ARABIC_SAUDI_ARABIA 0x01 +#endif +#ifndef SUBLANG_ARABIC_IRAQ +#define SUBLANG_ARABIC_IRAQ 0x02 +#endif +#ifndef SUBLANG_ARABIC_EGYPT +#define SUBLANG_ARABIC_EGYPT 0x03 +#endif +#ifndef SUBLANG_ARABIC_LIBYA +#define SUBLANG_ARABIC_LIBYA 0x04 +#endif +#ifndef SUBLANG_ARABIC_ALGERIA +#define SUBLANG_ARABIC_ALGERIA 0x05 +#endif +#ifndef SUBLANG_ARABIC_MOROCCO +#define SUBLANG_ARABIC_MOROCCO 0x06 +#endif +#ifndef SUBLANG_ARABIC_TUNISIA +#define SUBLANG_ARABIC_TUNISIA 0x07 +#endif +#ifndef SUBLANG_ARABIC_OMAN +#define SUBLANG_ARABIC_OMAN 0x08 +#endif +#ifndef SUBLANG_ARABIC_YEMEN +#define SUBLANG_ARABIC_YEMEN 0x09 +#endif +#ifndef SUBLANG_ARABIC_SYRIA +#define SUBLANG_ARABIC_SYRIA 0x0a +#endif +#ifndef SUBLANG_ARABIC_JORDAN +#define SUBLANG_ARABIC_JORDAN 0x0b +#endif +#ifndef SUBLANG_ARABIC_LEBANON +#define SUBLANG_ARABIC_LEBANON 0x0c +#endif +#ifndef SUBLANG_ARABIC_KUWAIT +#define SUBLANG_ARABIC_KUWAIT 0x0d +#endif +#ifndef SUBLANG_ARABIC_UAE +#define SUBLANG_ARABIC_UAE 0x0e +#endif +#ifndef SUBLANG_ARABIC_BAHRAIN +#define SUBLANG_ARABIC_BAHRAIN 0x0f +#endif +#ifndef SUBLANG_ARABIC_QATAR +#define SUBLANG_ARABIC_QATAR 0x10 +#endif +#ifndef SUBLANG_AZERI_LATIN +#define SUBLANG_AZERI_LATIN 0x01 +#endif +#ifndef SUBLANG_AZERI_CYRILLIC +#define SUBLANG_AZERI_CYRILLIC 0x02 +#endif +#ifndef SUBLANG_BENGALI_INDIA +#define SUBLANG_BENGALI_INDIA 0x01 +#endif +#ifndef SUBLANG_BENGALI_BANGLADESH +#define SUBLANG_BENGALI_BANGLADESH 0x02 +#endif +#ifndef SUBLANG_CHINESE_MACAU +#define SUBLANG_CHINESE_MACAU 0x05 +#endif +#ifndef SUBLANG_ENGLISH_SOUTH_AFRICA +#define SUBLANG_ENGLISH_SOUTH_AFRICA 0x07 +#endif +#ifndef SUBLANG_ENGLISH_JAMAICA +#define SUBLANG_ENGLISH_JAMAICA 0x08 +#endif +#ifndef SUBLANG_ENGLISH_CARIBBEAN +#define SUBLANG_ENGLISH_CARIBBEAN 0x09 +#endif +#ifndef SUBLANG_ENGLISH_BELIZE +#define SUBLANG_ENGLISH_BELIZE 0x0a +#endif +#ifndef SUBLANG_ENGLISH_TRINIDAD +#define SUBLANG_ENGLISH_TRINIDAD 0x0b +#endif +#ifndef SUBLANG_ENGLISH_ZIMBABWE +#define SUBLANG_ENGLISH_ZIMBABWE 0x0c +#endif +#ifndef SUBLANG_ENGLISH_PHILIPPINES +#define SUBLANG_ENGLISH_PHILIPPINES 0x0d +#endif +#ifndef SUBLANG_ENGLISH_INDONESIA +#define SUBLANG_ENGLISH_INDONESIA 0x0e +#endif +#ifndef SUBLANG_ENGLISH_HONGKONG +#define SUBLANG_ENGLISH_HONGKONG 0x0f +#endif +#ifndef SUBLANG_ENGLISH_INDIA +#define SUBLANG_ENGLISH_INDIA 0x10 +#endif +#ifndef SUBLANG_ENGLISH_MALAYSIA +#define SUBLANG_ENGLISH_MALAYSIA 0x11 +#endif +#ifndef SUBLANG_ENGLISH_SINGAPORE +#define SUBLANG_ENGLISH_SINGAPORE 0x12 +#endif +#ifndef SUBLANG_FRENCH_LUXEMBOURG +#define SUBLANG_FRENCH_LUXEMBOURG 0x05 +#endif +#ifndef SUBLANG_FRENCH_MONACO +#define SUBLANG_FRENCH_MONACO 0x06 +#endif +#ifndef SUBLANG_FRENCH_WESTINDIES +#define SUBLANG_FRENCH_WESTINDIES 0x07 +#endif +#ifndef SUBLANG_FRENCH_REUNION +#define SUBLANG_FRENCH_REUNION 0x08 +#endif +#ifndef SUBLANG_FRENCH_CONGO +#define SUBLANG_FRENCH_CONGO 0x09 +#endif +#ifndef SUBLANG_FRENCH_SENEGAL +#define SUBLANG_FRENCH_SENEGAL 0x0a +#endif +#ifndef SUBLANG_FRENCH_CAMEROON +#define SUBLANG_FRENCH_CAMEROON 0x0b +#endif +#ifndef SUBLANG_FRENCH_COTEDIVOIRE +#define SUBLANG_FRENCH_COTEDIVOIRE 0x0c +#endif +#ifndef SUBLANG_FRENCH_MALI +#define SUBLANG_FRENCH_MALI 0x0d +#endif +#ifndef SUBLANG_FRENCH_MOROCCO +#define SUBLANG_FRENCH_MOROCCO 0x0e +#endif +#ifndef SUBLANG_FRENCH_HAITI +#define SUBLANG_FRENCH_HAITI 0x0f +#endif +#ifndef SUBLANG_GERMAN_LUXEMBOURG +#define SUBLANG_GERMAN_LUXEMBOURG 0x04 +#endif +#ifndef SUBLANG_GERMAN_LIECHTENSTEIN +#define SUBLANG_GERMAN_LIECHTENSTEIN 0x05 +#endif +#ifndef SUBLANG_KASHMIRI_INDIA +#define SUBLANG_KASHMIRI_INDIA 0x02 +#endif +#ifndef SUBLANG_MALAY_MALAYSIA +#define SUBLANG_MALAY_MALAYSIA 0x01 +#endif +#ifndef SUBLANG_MALAY_BRUNEI_DARUSSALAM +#define SUBLANG_MALAY_BRUNEI_DARUSSALAM 0x02 +#endif +#ifndef SUBLANG_NEPALI_INDIA +#define SUBLANG_NEPALI_INDIA 0x02 +#endif +#ifndef SUBLANG_PUNJABI_INDIA +#define SUBLANG_PUNJABI_INDIA 0x01 +#endif +#ifndef SUBLANG_ROMANIAN_ROMANIA +#define SUBLANG_ROMANIAN_ROMANIA 0x01 +#endif +#ifndef SUBLANG_SERBIAN_LATIN +#define SUBLANG_SERBIAN_LATIN 0x02 +#endif +#ifndef SUBLANG_SERBIAN_CYRILLIC +#define SUBLANG_SERBIAN_CYRILLIC 0x03 +#endif +#ifndef SUBLANG_SINDHI_INDIA +#define SUBLANG_SINDHI_INDIA 0x00 +#endif +#ifndef SUBLANG_SINDHI_PAKISTAN +#define SUBLANG_SINDHI_PAKISTAN 0x01 +#endif +#ifndef SUBLANG_SPANISH_GUATEMALA +#define SUBLANG_SPANISH_GUATEMALA 0x04 +#endif +#ifndef SUBLANG_SPANISH_COSTA_RICA +#define SUBLANG_SPANISH_COSTA_RICA 0x05 +#endif +#ifndef SUBLANG_SPANISH_PANAMA +#define SUBLANG_SPANISH_PANAMA 0x06 +#endif +#ifndef SUBLANG_SPANISH_DOMINICAN_REPUBLIC +#define SUBLANG_SPANISH_DOMINICAN_REPUBLIC 0x07 +#endif +#ifndef SUBLANG_SPANISH_VENEZUELA +#define SUBLANG_SPANISH_VENEZUELA 0x08 +#endif +#ifndef SUBLANG_SPANISH_COLOMBIA +#define SUBLANG_SPANISH_COLOMBIA 0x09 +#endif +#ifndef SUBLANG_SPANISH_PERU +#define SUBLANG_SPANISH_PERU 0x0a +#endif +#ifndef SUBLANG_SPANISH_ARGENTINA +#define SUBLANG_SPANISH_ARGENTINA 0x0b +#endif +#ifndef SUBLANG_SPANISH_ECUADOR +#define SUBLANG_SPANISH_ECUADOR 0x0c +#endif +#ifndef SUBLANG_SPANISH_CHILE +#define SUBLANG_SPANISH_CHILE 0x0d +#endif +#ifndef SUBLANG_SPANISH_URUGUAY +#define SUBLANG_SPANISH_URUGUAY 0x0e +#endif +#ifndef SUBLANG_SPANISH_PARAGUAY +#define SUBLANG_SPANISH_PARAGUAY 0x0f +#endif +#ifndef SUBLANG_SPANISH_BOLIVIA +#define SUBLANG_SPANISH_BOLIVIA 0x10 +#endif +#ifndef SUBLANG_SPANISH_EL_SALVADOR +#define SUBLANG_SPANISH_EL_SALVADOR 0x11 +#endif +#ifndef SUBLANG_SPANISH_HONDURAS +#define SUBLANG_SPANISH_HONDURAS 0x12 +#endif +#ifndef SUBLANG_SPANISH_NICARAGUA +#define SUBLANG_SPANISH_NICARAGUA 0x13 +#endif +#ifndef SUBLANG_SPANISH_PUERTO_RICO +#define SUBLANG_SPANISH_PUERTO_RICO 0x14 +#endif +#ifndef SUBLANG_SWEDISH_FINLAND +#define SUBLANG_SWEDISH_FINLAND 0x02 +#endif +#ifndef SUBLANG_TAMAZIGHT_ARABIC +#define SUBLANG_TAMAZIGHT_ARABIC 0x01 +#endif +#ifndef SUBLANG_TAMAZIGHT_LATIN +#define SUBLANG_TAMAZIGHT_LATIN 0x02 +#endif +#ifndef SUBLANG_TIGRINYA_ETHIOPIA +#define SUBLANG_TIGRINYA_ETHIOPIA 0x00 +#endif +#ifndef SUBLANG_TIGRINYA_ERITREA +#define SUBLANG_TIGRINYA_ERITREA 0x01 +#endif +#ifndef SUBLANG_URDU_PAKISTAN +#define SUBLANG_URDU_PAKISTAN 0x01 +#endif +#ifndef SUBLANG_URDU_INDIA +#define SUBLANG_URDU_INDIA 0x02 +#endif +#ifndef SUBLANG_UZBEK_LATIN +#define SUBLANG_UZBEK_LATIN 0x01 +#endif +#ifndef SUBLANG_UZBEK_CYRILLIC +#define SUBLANG_UZBEK_CYRILLIC 0x02 +#endif + +/* Return an XPG style locale name + language[_territory[.codeset]][@modifier]. Don't even bother determining the codeset; it's not useful in this context, because message catalogs are not specific to a single - codeset. */ + codeset. The result must not be freed; it is statically + allocated. */ static const char * -_nl_locale_name (const char *categoryname) +my_nl_locale_name (const char *categoryname) { const char *retval; LCID lcid; @@ -1187,16 +1007,30 @@ default: return "C"; } } -/* END parts of localname.c from gettext. */ +/* localname.c from gettext END. */ + +/* Support functions. */ + +static __inline__ uint32_t +do_swap_u32 (uint32_t i) +{ + return (i << 24) | ((i & 0xff00) << 8) | ((i >> 8) & 0xff00) | (i >> 24); +} + +#define SWAPIT(flag, data) ((flag) ? do_swap_u32(data) : (data)) + + +/* We assume to have `unsigned long int' value with at least 32 bits. */ +#define HASHWORDBITS 32 + /* The so called `hashpjw' function by P.J. Weinberger [see Aho/Sethi/Ullman, COMPILERS: Principles, Techniques and Tools, 1986, 1987 Bell Telephone Laboratories, Inc.] */ - -static __inline__ ulong -hash_string (const char *str_param) +static __inline__ unsigned long +hash_string( const char *str_param ) { unsigned long int hval, g; const char *str = str_param; @@ -1216,7 +1050,115 @@ return hval; } +/* static char * */ +/* my_xstrdup (const char *s) */ +/* { */ +/* size_t n = strlen (s) + 1; */ +/* char *p = jnlib_malloc (n); */ +/* if (!p) */ From cvs at cvs.gnupg.org Wed Nov 5 18:21:58 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 05 Nov 2008 18:21:58 +0100 Subject: [svn] gcry - r1354 - in trunk: . cipher src tests Message-ID: Author: wk Date: 2008-11-05 18:21:57 +0100 (Wed, 05 Nov 2008) New Revision: 1354 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/cipher.c trunk/cipher/des.c trunk/src/ChangeLog trunk/src/cipher-proto.h trunk/src/cipher.h trunk/src/fips.c trunk/src/gcrypt.h.in trunk/src/global.c trunk/tests/ChangeLog trunk/tests/fipsdrv.c Log: Add a method to disable the weak key detection. Add a method to return the current input block. Use this in the FIPS driver. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/cipher/ChangeLog 2008-11-05 17:21:57 UTC (rev 1354) @@ -1,3 +1,14 @@ +2008-11-05 Werner Koch + + * cipher.c (gcry_cipher_handle): Add field EXTRASPEC. + (gcry_cipher_open): Set it. + (gcry_cipher_ctl): Add private control code to disable weak key + detection and to return the current input block. + * des.c (_tripledes_ctx): Add field FLAGS. + (do_tripledes_set_extra_info): New. + (_gcry_cipher_extraspec_tripledes): Add new function. + (do_tripledes_setkey): Disable weak key detection. + 2008-10-24 Werner Koch * md.c (digest_table): Allow MD5 in fips mode. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/src/ChangeLog 2008-11-05 17:21:57 UTC (rev 1354) @@ -1,3 +1,10 @@ +2008-11-05 Werner Koch + + * cipher.h (CIPHER_INFO_NO_WEAK_KEY): New. + + * cipher-proto.h (cipher_set_extra_info_t): New. + (cipher_extra_spec): Add field SET_EXTRA_INFO. + 2008-10-30 Werner Koch * g10lib.h (GCC_ATTR_FORMAT_ARG): New. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/tests/ChangeLog 2008-11-05 17:21:57 UTC (rev 1354) @@ -1,3 +1,7 @@ +2008-11-05 Werner Koch + + * fipsdrv.c (run_encrypt_decrypt): Disable weak key detection. + 2008-10-31 Werner Koch * fipsdrv.c (run_rsa_sign): Buffer needs to be larger for SHA512. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/NEWS 2008-11-05 17:21:57 UTC (rev 1354) @@ -2,7 +2,7 @@ ------------------------------------------------ * Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants. - This functionality is in Libgcrypt since 1.3.0. + This functionality has been in Libgcrypt since 1.3.0. * MD5 may now be used in non-enforced fips mode. Modified: trunk/cipher/cipher.c =================================================================== --- trunk/cipher/cipher.c 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/cipher/cipher.c 2008-11-05 17:21:57 UTC (rev 1354) @@ -161,6 +161,7 @@ size_t actual_handle_size; /* Allocated size of this handle. */ size_t handle_offset; /* Offset to the malloced block. */ gcry_cipher_spec_t *cipher; + cipher_extra_spec_t *extraspec; gcry_module_t module; /* The algorithm id. This is a hack required because the module @@ -669,6 +670,7 @@ { int secure = (flags & GCRY_CIPHER_SECURE); gcry_cipher_spec_t *cipher = NULL; + cipher_extra_spec_t *extraspec = NULL; gcry_module_t module = NULL; gcry_cipher_hd_t h = NULL; gcry_err_code_t err = 0; @@ -694,7 +696,10 @@ _gcry_module_release (module); } else - cipher = (gcry_cipher_spec_t *) module->spec; + { + cipher = (gcry_cipher_spec_t *) module->spec; + extraspec = module->extraspec; + } } else err = GPG_ERR_CIPHER_ALGO; @@ -731,7 +736,7 @@ break; case GCRY_CIPHER_MODE_NONE: - /* This mode may be used for debbuging. It copies the main + /* This mode may be used for debugging. It copies the main text verbatim to the ciphertext. We do not allow this in fips mode or if no debug flag has been set. */ if (fips_mode () || !_gcry_get_debug_flag (0)) @@ -783,6 +788,7 @@ h->actual_handle_size = size - off; h->handle_offset = off; h->cipher = cipher; + h->extraspec = extraspec; h->module = module; h->algo = algo; h->mode = mode; @@ -1681,6 +1687,38 @@ rc = GPG_ERR_INV_ARG; break; + case 61: /* Disable weak key detection (private). */ + if (h->extraspec->set_extra_info) + rc = h->extraspec->set_extra_info + (&h->context.c, CIPHER_INFO_NO_WEAK_KEY, NULL, 0); + else + rc = GPG_ERR_NOT_SUPPORTED; + break; + + case 62: /* Return current input vector (private). */ + /* This is the input block as used in CFB and OFB mode which has + initially been set as IV. The returned format is: + 1 byte Actual length of the block in bytes. + n byte The block. + If the provided buffer is too short, an error is returned. */ + if (buflen < (1 + h->cipher->blocksize)) + rc = GPG_ERR_TOO_SHORT; + else + { + unsigned char *ivp; + unsigned char *dst = buffer; + int n = h->unused; + + if (!n) + n = h->cipher->blocksize; + gcry_assert (n <= h->cipher->blocksize); + *dst++ = n; + ivp = h->u_iv.iv + h->cipher->blocksize - n; + while (n--) + *dst++ = *ivp++; + } + break; + default: rc = GPG_ERR_INV_OP; } Modified: trunk/cipher/des.c =================================================================== --- trunk/cipher/des.c 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/cipher/des.c 2008-11-05 17:21:57 UTC (rev 1354) @@ -1,5 +1,6 @@ /* des.c - DES and Triple-DES encryption/decryption Algorithm - * Copyright (C) 1998, 1999, 2001, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2001, 2002, 2003, + * 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -152,6 +153,9 @@ { u32 encrypt_subkeys[96]; u32 decrypt_subkeys[96]; + struct { + int no_weak_key; + } flags; } tripledes_ctx[1]; @@ -1013,7 +1017,9 @@ tripledes_set3keys ( ctx, key, key+8, key+16); - if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) ) + if (ctx->flags.no_weak_key) + ; /* Detection has been disabled. */ + else if (is_weak_key (key) || is_weak_key (key+8) || is_weak_key (key+16)) { _gcry_burn_stack (64); return GPG_ERR_WEAK_KEY; @@ -1024,6 +1030,30 @@ } +static gcry_err_code_t +do_tripledes_set_extra_info (void *context, int what, + const void *buffer, size_t buflen) +{ + struct _tripledes_ctx *ctx = (struct _tripledes_ctx *)context; + gpg_err_code_t ec = 0; + + (void)buffer; + (void)buflen; + + switch (what) + { + case CIPHER_INFO_NO_WEAK_KEY: + ctx->flags.no_weak_key = 1; + break; + + default: + ec = GPG_ERR_INV_OP; + break; + } + return ec; +} + + static void do_tripledes_encrypt( void *context, byte *outbuf, const byte *inbuf ) { @@ -1161,5 +1191,6 @@ cipher_extra_spec_t _gcry_cipher_extraspec_tripledes = { - run_selftests + run_selftests, + do_tripledes_set_extra_info }; Modified: trunk/src/cipher-proto.h =================================================================== --- trunk/src/cipher-proto.h 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/src/cipher-proto.h 2008-11-05 17:21:57 UTC (rev 1354) @@ -55,13 +55,18 @@ typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md, gcry_sexp_t keyparm); +/* The type used to convey additional information to a cipher. */ +typedef gpg_err_code_t (*cipher_set_extra_info_t) + (void *c, int what, const void *buffer, size_t buflen); + /* Extra module specification structures. These are used for internal modules which provide more functions than available through the public algorithm register APIs. */ typedef struct cipher_extra_spec { selftest_func_t selftest; + cipher_set_extra_info_t set_extra_info; } cipher_extra_spec_t; typedef struct md_extra_spec Modified: trunk/src/cipher.h =================================================================== --- trunk/src/cipher.h 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/src/cipher.h 2008-11-05 17:21:57 UTC (rev 1354) @@ -29,6 +29,8 @@ #define PUBKEY_FLAG_NO_BLINDING (1 << 0) #define PUBKEY_FLAG_TRANSIENT_KEY (1 << 1) +#define CIPHER_INFO_NO_WEAK_KEY 1 + #include "cipher-proto.h" Modified: trunk/src/fips.c =================================================================== --- trunk/src/fips.c 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/src/fips.c 2008-11-05 17:21:57 UTC (rev 1354) @@ -262,8 +262,8 @@ int _gcry_fips_mode (void) { - /* No locking is required becuase we have the requirement that this - variable is only intialized once with no other threads + /* No locking is required because we have the requirement that this + variable is only initialized once with no other threads existing. */ return !no_fips_mode_required; } Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/src/gcrypt.h.in 2008-11-05 17:21:57 UTC (rev 1354) @@ -410,7 +410,7 @@ GCRYCTL_FIPS_MODE_P = 55, GCRYCTL_FORCE_FIPS_MODE = 56, GCRYCTL_SELFTEST = 57 - /* Note: 58, 59 and 60 are used internally. */ + /* Note: 58 .. 62 are used internally. */ }; /* Perform various operations defined by CMD. */ Modified: trunk/src/global.c =================================================================== --- trunk/src/global.c 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/src/global.c 2008-11-05 17:21:57 UTC (rev 1354) @@ -529,7 +529,7 @@ err = _gcry_fips_run_selftests (1); break; - case 58: + case 58: /* Init external random test. */ { void **rctx = va_arg (arg_ptr, void **); unsigned int flags = va_arg (arg_ptr, unsigned int); @@ -546,7 +546,7 @@ seed, seedlen, dt, dtlen); } break; - case 59: + case 59: /* Run external random test. */ { void *ctx = va_arg (arg_ptr, void *); void *buffer = va_arg (arg_ptr, void *); @@ -557,7 +557,7 @@ err = _gcry_random_run_external_test (ctx, buffer, buflen); } break; - case 60: + case 60: /* Deinit external random test. */ { void *ctx = va_arg (arg_ptr, void *); _gcry_random_deinit_external_test (ctx); Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-10-31 13:57:39 UTC (rev 1353) +++ trunk/tests/fipsdrv.c 2008-11-05 17:21:57 UTC (rev 1354) @@ -48,6 +48,13 @@ #define DIMof(type,member) DIM(((type *)0)->member) +#define PRIV_CTL_INIT_EXTRNG_TEST 58 +#define PRIV_CTL_RUN_EXTRNG_TEST 59 +#define PRIV_CTL_DEINIT_EXTRNG_TEST 60 +#define PRIV_CTL_DISABLE_WEAK_KEY 61 +#define PRIV_CTL_GET_INPUT_VECTOR 62 + + /* Verbose mode flag. */ static int verbose; @@ -63,6 +70,10 @@ /* We need to know whetehr we are in loop_mode. */ static int loop_mode; +/* If true the input vectors are printed before and after encryption + and decryption. */ +static int print_ivs; + /* ASN.1 classes. */ enum { @@ -747,7 +758,7 @@ const void *seed, size_t seedlen, const void *dt, size_t dtlen) { - return gcry_control (58, + return gcry_control (PRIV_CTL_INIT_EXTRNG_TEST, r_context, flags, key, keylen, seed, seedlen, @@ -757,13 +768,13 @@ static gcry_error_t run_external_rng_test (void *context, void *buffer, size_t buflen) { - return gcry_control (59, context, buffer, buflen); + return gcry_control (PRIV_CTL_RUN_EXTRNG_TEST, context, buffer, buflen); } static void deinit_external_rng_test (void *context) { - gcry_control (60, context); + gcry_control (PRIV_CTL_DEINIT_EXTRNG_TEST, context); } @@ -856,12 +867,18 @@ size_t outbuflen; void *inbuf; size_t inbuflen; + size_t blocklen; err = gcry_cipher_open (&hd, cipher_algo, cipher_mode, 0); if (err) die ("gcry_cipher_open failed for algo %d, mode %d: %s\n", cipher_algo, cipher_mode, gpg_strerror (err)); + blocklen = gcry_cipher_get_algo_blklen (cipher_algo); + assert (blocklen); + + gcry_cipher_ctl (hd, PRIV_CTL_DISABLE_WEAK_KEY, NULL, 0); + err = gcry_cipher_setkey (hd, key_buffer, key_buflen); if (err) die ("gcry_cipher_setkey failed with keylen %u: %s\n", @@ -877,7 +894,7 @@ inbuf = data? NULL : gcry_xmalloc (datalen); outbuflen = datalen; - outbuf = gcry_xmalloc (outbuflen); + outbuf = gcry_xmalloc (outbuflen < blocklen? blocklen:outbuflen); do { @@ -892,14 +909,52 @@ else inbuflen = datalen; - if (encrypt_mode) - err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, inbuflen); + if (print_ivs) + { + /* If we want to print the input vectors we need to pass the + data block by block to the encryption function. */ + unsigned char tmp[17]; + const unsigned char *iptr = data; + size_t ilen; + + do + { + ilen = inbuflen > blocklen? blocklen : inbuflen; + + if (gcry_cipher_ctl (hd, PRIV_CTL_GET_INPUT_VECTOR, + tmp, sizeof tmp)) + die ("error getting input block\n"); + print_buffer (tmp+1, *tmp); + putchar ('\n'); + + if (encrypt_mode) + err = gcry_cipher_encrypt (hd, outbuf, blocklen, iptr, ilen); + else + err = gcry_cipher_decrypt (hd, outbuf, blocklen, iptr, ilen); + if (err) + die ("gcry_cipher_%scrypt failed: %s\n", + encrypt_mode? "en":"de", gpg_strerror (err)); + + print_buffer (outbuf, blocklen); + putchar ('\n'); + + iptr += ilen; + inbuflen -= ilen; + } + while (inbuflen); + } else - err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, inbuflen); - if (err) - die ("gcry_cipher_%scrypt failed: %s\n", - encrypt_mode? "en":"de", gpg_strerror (err)); - print_buffer (outbuf, outbuflen); + { + if (encrypt_mode) + err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, inbuflen); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, inbuflen); + if (err) + die ("gcry_cipher_%scrypt failed: %s\n", + encrypt_mode? "en":"de", gpg_strerror (err)); + + print_buffer (outbuf, outbuflen); + } } while (inbuf); @@ -1301,20 +1356,21 @@ "MODE:\n" " encrypt, decrypt, digest, random, hmac-sha, rsa-{gen,sign,verify}\n" "OPTIONS:\n" - " --verbose print additional information\n" - " --binary input and output is in binary form\n" - " --no-fips do not force FIPS mode\n" - " --key KEY use the hex encoded KEY\n" - " --iv IV use the hex encoded IV\n" - " --dt DT use the hex encoded DT for the RNG\n" - " --algo NAME use algorithm NAME\n" - " --keysize N use a keysize of N bits\n" - " --signature NAME take signature from file NAME\n" - " --chunk N read in chunks of N bytes (implies --binary)\n" - " --pkcs1 use PKCS#1 encoding\n" - " --loop enable random loop mode\n" - " --progress print pogress indicators\n" - " --help print this text\n" + " --verbose Print additional information\n" + " --binary Input and output is in binary form\n" + " --no-fips Do not force FIPS mode\n" + " --key KEY Use the hex encoded KEY\n" + " --iv IV Use the hex encoded IV\n" + " --dt DT Use the hex encoded DT for the RNG\n" + " --algo NAME Use algorithm NAME\n" + " --keysize N Use a keysize of N bits\n" + " --signature NAME Take signature from file NAME\n" + " --chunk N Read in chunks of N bytes (implies --binary)\n" + " --pkcs1 Use PKCS#1 encoding\n" + " --print-ivs Print input vectors\n" + " --loop Enable random loop mode\n" + " --progress Print pogress indicators\n" + " --help Print this text\n" "With no FILE, or when FILE is -, read standard input.\n" "Report bugs to " PACKAGE_BUGREPORT ".\n" , stdout); exit (0); @@ -1448,6 +1504,11 @@ use_pkcs1 = 1; argc--; argv++; } + else if (!strcmp (*argv, "--print-ivs")) + { + print_ivs = 1; + argc--; argv++; + } } if (!argc || argc > 2) From cvs at cvs.gnupg.org Wed Nov 5 20:13:23 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 05 Nov 2008 20:13:23 +0100 Subject: [svn] gcry - r1355 - in trunk: . cipher tests Message-ID: Author: wk Date: 2008-11-05 20:13:22 +0100 (Wed, 05 Nov 2008) New Revision: 1355 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/md.c trunk/tests/basic.c Log: Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-05 17:21:57 UTC (rev 1354) +++ trunk/cipher/ChangeLog 2008-11-05 19:13:22 UTC (rev 1355) @@ -1,5 +1,8 @@ 2008-11-05 Werner Koch + * md.c (md_open): Use a switch to set the Bsize. + (prepare_macpads): Fix long key case for SHA384 and SHA512. + * cipher.c (gcry_cipher_handle): Add field EXTRASPEC. (gcry_cipher_open): Set it. (gcry_cipher_ctl): Add private control code to disable weak key @@ -22,7 +25,6 @@ 2008-09-18 Werner Koch - * pubkey.c (gcry_pk_genkey): Parse domain parameter. (pubkey_generate): Add new arg DOMAIN and remove special case for DSA with qbits. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-05 17:21:57 UTC (rev 1354) +++ trunk/NEWS 2008-11-05 19:13:22 UTC (rev 1355) @@ -6,7 +6,9 @@ * MD5 may now be used in non-enforced fips mode. + * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes. + Noteworthy changes in version 1.4.3 (2008-09-18) ------------------------------------------------ Modified: trunk/cipher/md.c =================================================================== --- trunk/cipher/md.c 2008-11-05 17:21:57 UTC (rev 1354) +++ trunk/cipher/md.c 2008-11-05 19:13:22 UTC (rev 1355) @@ -474,14 +474,18 @@ if (hmac) { - if ( (GCRY_MD_SHA384 == algo) || (GCRY_MD_SHA512 == algo) ) { - ctx->macpads_Bsize = 128; - ctx->macpads = gcry_malloc_secure (2*(ctx->macpads_Bsize)); - } else { - ctx->macpads_Bsize = 64; - ctx->macpads = gcry_malloc_secure (2*(ctx->macpads_Bsize)); - } - if (! ctx->macpads) + switch (algo) + { + case GCRY_MD_SHA384: + case GCRY_MD_SHA512: + ctx->macpads_Bsize = 128; + break; + default: + ctx->macpads_Bsize = 64; + break; + } + ctx->macpads = gcry_malloc_secure (2*(ctx->macpads_Bsize)); + if (!ctx->macpads) { err = gpg_err_code_from_errno (errno); md_close (hd); @@ -842,25 +846,25 @@ } static gcry_err_code_t -prepare_macpads( gcry_md_hd_t hd, const byte *key, size_t keylen) +prepare_macpads (gcry_md_hd_t hd, const unsigned char *key, size_t keylen) { int i; - int algo = md_get_algo( hd ); - byte *helpkey = NULL; - byte *ipad, *opad; + int algo = md_get_algo (hd); + unsigned char *helpkey = NULL; + unsigned char *ipad, *opad; - if ( !algo ) - return GPG_ERR_DIGEST_ALGO; /* i.e. no algo enabled */ + if (!algo) + return GPG_ERR_DIGEST_ALGO; /* Might happen if no algo is enabled. */ - if ( keylen > 64 ) + if ( keylen > hd->ctx->macpads_Bsize ) { - helpkey = gcry_malloc_secure ( md_digest_length( algo ) ); - if ( !helpkey ) + helpkey = gcry_malloc_secure (md_digest_length (algo)); + if (!helpkey) return gpg_err_code_from_errno (errno); - gcry_md_hash_buffer ( algo, helpkey, key, keylen ); + gcry_md_hash_buffer (algo, helpkey, key, keylen); key = helpkey; - keylen = md_digest_length( algo ); - gcry_assert ( keylen <= 64 ); + keylen = md_digest_length (algo); + gcry_assert ( keylen <= hd->ctx->macpads_Bsize ); } memset ( hd->ctx->macpads, 0, 2*(hd->ctx->macpads_Bsize) ); @@ -868,12 +872,12 @@ opad = (hd->ctx->macpads)+(hd->ctx->macpads_Bsize); memcpy ( ipad, key, keylen ); memcpy ( opad, key, keylen ); - for (i=0; i < (hd->ctx->macpads_Bsize); i++ ) + for (i=0; i < hd->ctx->macpads_Bsize; i++ ) { ipad[i] ^= 0x36; opad[i] ^= 0x5c; } - gcry_free( helpkey ); + gcry_free (helpkey); return GPG_ERR_NO_ERROR; } Modified: trunk/tests/basic.c =================================================================== --- trunk/tests/basic.c 2008-11-05 17:21:57 UTC (rev 1354) +++ trunk/tests/basic.c 2008-11-05 19:13:22 UTC (rev 1355) @@ -1695,10 +1695,11 @@ continue; } if (verbose) - fprintf (stderr, " checking %s [%i] for length %zi\n", + fprintf (stderr, + " checking %s [%i] for %zi byte key and %zi byte data\n", gcry_md_algo_name (algos[i].md), algos[i].md, - strlen(algos[i].data)); + strlen(algos[i].key), strlen(algos[i].data)); check_one_hmac (algos[i].md, algos[i].data, strlen (algos[i].data), algos[i].key, strlen(algos[i].key), From cvs at cvs.gnupg.org Fri Nov 7 17:07:02 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 07 Nov 2008 17:07:02 +0100 Subject: [svn] gcry - r1356 - trunk/tests Message-ID: Author: wk Date: 2008-11-07 17:07:02 +0100 (Fri, 07 Nov 2008) New Revision: 1356 Modified: trunk/tests/ChangeLog trunk/tests/cavs_driver.pl trunk/tests/fipsdrv.c Log: Implement mct server mode for fips driver and use it in the CAVS tests to speed up things and to get hold of intermediate values we could not easily retrieve with the old implementaion. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-11-05 19:13:22 UTC (rev 1355) +++ trunk/tests/ChangeLog 2008-11-07 16:07:02 UTC (rev 1356) @@ -1,3 +1,10 @@ +2008-11-07 Werner Koch + + * fipsdrv.c (run_cipher_mct_loop, get_current_iv): New. + (read_textline, read_hexline, skip_to_empty_line): New. + (main): New option --mct-server. + * cavs_driver.pl: Update from upstream and adjust to new fipsdrv. + 2008-11-05 Werner Koch * fipsdrv.c (run_encrypt_decrypt): Disable weak key detection. Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-11-05 19:13:22 UTC (rev 1355) +++ trunk/tests/cavs_driver.pl 2008-11-07 16:07:02 UTC (rev 1356) @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# $Id: cavs_driver.pl 1243 2008-09-18 18:42:57Z smueller $ +# $Id: cavs_driver.pl 1383 2008-10-30 11:45:31Z smueller $ # # CAVS test driver (based on the OpenSSL driver) # Written by: Stephan M?ller @@ -206,8 +206,12 @@ my $enc = (shift) ? "-e" : "-d"; my $data=shift; + # We only invoke the driver with the IV parameter, if we have + # an IV, otherwise, we skip it + $iv = "-iv $iv" if ($iv); + $data=hex2bin($data); - my $program="openssl enc -$cipher -nopad -nosalt -K $key $enc -iv $iv"; + my $program="openssl enc -$cipher -nopad -nosalt -K $key $enc $iv"; $program = "rc4 -k $key" if $opt{'R'}; #for ARCFOUR, no IV must be given $data=pipe_through_program($data,$program); return bin2hex($data); @@ -269,9 +273,15 @@ my $key = shift; my $iv = shift; + #FIXME: Implement the inner loop right here. + my $enc = $encdec ? "-e": "-d"; - my $out = "openssl enc -'$cipher' $enc -nopad -nosalt -bufsize $bufsize -K ".bin2hex($key)." -iv ".bin2hex($iv); + # We only invoke the driver with the IV parameter, if we have + # an IV, otherwise, we skip it + $iv = "-iv ".bin2hex($iv) if ($iv); + + my $out = "openssl enc -'$cipher' $enc -nopad -nosalt -bufsize $bufsize -K ".bin2hex($key)." $iv"; #for ARCFOUR, no IV must be given $out = "rc4 -k " . bin2hex($key) if $opt{'R'}; return $out; @@ -289,11 +299,14 @@ my $enc = (shift) ? "encrypt" : "decrypt"; my $data=shift; - $iv = "--iv $iv" if ($iv); + # We only invoke the driver with the IV parameter, if we have + # an IV, otherwise, we skip it + $iv = "--iv $iv" if ($iv); my $program="fipsdrv --key $key $iv --algo $cipher $enc"; return pipe_through_program($data,$program); + } sub libgcrypt_rsa_sign($$$) { @@ -302,8 +315,9 @@ my $keyfile = shift; die "ARCFOUR not available for RSA" if $opt{'R'}; + return pipe_through_program($data, - "fipsdrv --verbose --pkcs1 --algo $hashalgo --key $keyfile rsa-sign"); + "fipsdrv --pkcs1 --algo $hashalgo --key $keyfile rsa-sign"); } sub libgcrypt_rsa_verify($$$$) { @@ -314,7 +328,7 @@ die "ARCFOUR not available for RSA" if $opt{'R'}; $data = pipe_through_program($data, - "fipsdrv --verbose --pkcs1 --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify"); + "fipsdrv --pkcs1 --algo $hashalgo --key $keyfile --signature $sigfile rsa-verify"); # Parse through the output information return ($data =~ /GOOD signature/); @@ -348,9 +362,7 @@ my $key = shift; my $iv = shift; - $iv = "--iv $iv" if ($iv); - - my $program="fipsdrv --binary --key ".bin2hex($key)." $iv ".bin2hex($iv)." --algo '$cipher' --chunk '$bufsize' $enc"; + my $program="fipsdrv --algo '$cipher' --mct-server $enc"; return $program; } @@ -359,7 +371,7 @@ my $dt = shift; my $v = shift; - return "fipsdrv --binary --progress --loop --key $key --iv $v --dt $dt random"; + return "fipsdrv --binary --loop --key $key --iv $v --dt $dt random"; } sub libgcrypt_hmac($$$$) { @@ -930,7 +942,9 @@ my $out = ""; $out .= "Len = $len\n" if (defined($len)); $out .= "Msg = $pt\n"; - $out .= "MD = " . &$hash($pt, $cipher); + + $pt = "" if(!$len); + $out .= "MD = " . &$hash($pt, $cipher) . "\n"; return $out; } @@ -994,6 +1008,8 @@ my $source_data = hex2bin(shift); my $cipher = shift; my $enc = shift; + my $line; + my $next_source; my $out = ""; @@ -1009,7 +1025,17 @@ my $iloop=1000; if ($ciph =~ /des/) {$oloop=400;$iloop=10000;} + my ($CO, $CI); + my $cipher_imp = &$state_cipher($cipher, $enc, $bufsize, $key1, $iv); + my $pid = open2($CO, $CI, $cipher_imp); + my $len; + for (my $i=0; $i<$oloop; ++$i) { + my $calc_data; + my $old_calc_data; + my $old_old_calc_data; + my $ov; + $out .= "COUNT = $i\n"; if (defined($key2)) { $out .= "$keytype = ". bin2hex($key1). "\n"; @@ -1032,43 +1058,40 @@ } else { $out .= "CIPHERTEXT = ". bin2hex($source_data). "\n"; } - my ($CO, $CI); - my $cipher_imp = &$state_cipher($cipher, $enc, $bufsize, $key1, $iv); - my $pid = open2($CO, $CI, $cipher_imp); - my $calc_data = $iv; # CT[j] - my $old_calc_data; # CT[j-1] - my $old_old_calc_data; # CT[j-2] - for (my $j = 0; $j < $iloop; ++$j) { - $old_old_calc_data = $old_calc_data; - $old_calc_data = $calc_data; + print $CI "1\n" + .$iloop."\n" + .bin2hex($key1)."\n" + .bin2hex($iv)."\n" + .bin2hex($source_data)."\n\n" or die; + + # fixme: We should skip over empty lines here. - # $calc_data = AES($key, $calc_data); - #print STDERR "source_data=", bin2hex($source_data), "\n"; - syswrite $CI, $source_data or die; - my $len = sysread $CO, $calc_data, $bufsize; - #print STDERR "len=$len, bufsize=$bufsize\n"; - die if $len ne $bufsize; - #print STDERR "calc_data=", bin2hex($calc_data), "\n"; + chomp($line = <$CO>); #print STDERR " calc=$line\n"; + $calc_data = hex2bin($line); - if ( (!$enc && $ciph =~ /des/) || - $ciph =~ /rc4/ ) { - #TDES in decryption mode and RC4 have a special rule - $source_data = $calc_data; - } else { - $source_data = $old_calc_data; - } - } - close $CO; - close $CI; - waitpid $pid, 0; + chomp($line = <$CO>); #print STDERR " old_calc=$line\n"; + $old_calc_data = hex2bin($line); + chomp($line = <$CO>); #print STDERR "old_old_calc=$line\n"; + $old_old_calc_data = hex2bin($line); + + chomp($line = <$CO>); #print STDERR " ov=$line\n"; + $ov = hex2bin($line); + + chomp($line = <$CO>); #print STDERR " next source=$line\n"; + $next_source = hex2bin($line); + + # Skip over empty line. + $line = <$CO>; + + if ($enc) { $out .= "CIPHERTEXT = ". bin2hex($calc_data). "\n\n"; } else { $out .= "PLAINTEXT = ". bin2hex($calc_data). "\n\n"; } - + if ( $ciph =~ /aes/ ) { $key1 ^= substr($old_calc_data . $calc_data, -$keylen); #print STDERR bin2hex($key1)."\n"; @@ -1106,18 +1129,25 @@ die "Test limitation: cipher '$cipher' not supported in Monte Carlo testing"; } - if (! $enc && $ciph =~ /des/ ) { - #TDES in decryption mode has a special rule - $iv = $old_calc_data; - $source_data = $calc_data; - } elsif ( $ciph =~ /rc4/ ) { + if ($ciph =~ /des/) { + $iv = $ov; + if ($cipher =~ /des-ede3-ofb/) { + $source_data = $source_data ^ $next_source; + } else { + $source_data = $next_source; + } + } elsif ( $ciph =~ /rc4/ || $cipher =~ /ecb/ ) { #No resetting of IV as the IV is all zero set initially (i.e. no IV) $source_data = $calc_data; } else { $iv = $calc_data; $source_data = $old_calc_data; } + } + close $CO; + close $CI; + waitpid $pid, 0; return $out; } @@ -1133,13 +1163,14 @@ my $out = ""; $out .= "Seed = $pt\n\n"; - + for (my $j=0; $j<100; ++$j) { $out .= "COUNT = $j\n"; my $md0=$pt; my $md1=$pt; my $md2=$pt; for (my $i=0; $i<1000; ++$i) { + #print STDERR "outer loop $j; inner loop $i\n"; my $mi= $md0 . $md1 . $md2; $md0=$md1; $md1=$md2; @@ -1164,10 +1195,10 @@ my $keyfile = shift; my $out = ""; - + $out .= "SHAAlg = $cipher\n"; $out .= "Msg = $data\n"; - $out .= "S = " . &$rsa_sign($data, $cipher, $keyfile) . "\n"; + $out .= "S = " . &$rsa_sign($data, lc($cipher), $keyfile) . "\n"; return $out; } @@ -1204,7 +1235,7 @@ print FH hex2bin($signature); close FH; - $out .= "Result = " . (&$rsa_verify($data, $cipher, $keyfile, $sigfile) ? "P\n" : "F\n"); + $out .= "Result = " . (&$rsa_verify($data, lc($cipher), $keyfile, $sigfile) ? "P\n" : "F\n"); unlink($keyfile); unlink($sigfile); @@ -1392,44 +1423,50 @@ } } - + if ($tt == 0) { ##### Identify the test type - if ($tmpline =~ /Hash sizes tested/) { - $tt = 9; - die "Interface function hmac for HMAC testing not defined for tested library" - if (!defined($hmac)); - } elsif ($tmpline =~ /ANSI X9\.31/ && $tmpline =~ /MCT/) { - $tt = 8; - die "Interface function state_rng for RNG MCT not defined for tested library" - if (!defined($state_rng)); - } elsif ($tmpline =~ /ANSI X9\.31/ && $tmpline =~ /VST/) { - $tt = 7; - die "Interface function state_rng for RNG KAT not defined for tested library" - if (!defined($state_rng)); - } elsif ($tmpline =~ /SigVer/ ) { - $tt = 6; - die "Interface function rsa_verify or gen_rsakey for RSA verification not defined for tested library" - if (!defined($rsa_verify) || !defined($gen_rsakey)); - } elsif ($tmpline =~ /SigGen/ ) { - $tt = 5; - die "Interface function rsa_sign or gen_rsakey for RSA sign not defined for tested library" - if (!defined($rsa_sign) || !defined($gen_rsakey)); - } elsif ($tmpline =~ /Monte|MCT|Carlo/ && $cipher eq "sha") { - $tt = 4; - die "Interface function hash for Hashing not defined for tested library" - if (!defined($hash)); - } elsif ($tmpline =~ /Monte|MCT|Carlo/) { - $tt = 2; - die "Interface function state_cipher for Stateful Cipher operation defined for tested library" - if (!defined($state_cipher)); - } elsif ($cipher =~ /^sha\d+/ && $tt!=5 && $tt!=6) { - $tt = 3; - die "Interface function hash for Hashing not defined for tested library" - if (!defined($hash)); - } else { - $tt = 1; - die "Interface function encdec for Encryption/Decryption not defined for tested library" - if (!defined($encdec)); + if ($tmpline =~ /KeyGen RSA \(X9.31\)/) { + $tt =~ 10; + die "Interface function for RSA KeyGen testing not defined for tested library" + if (!defined($gen_rsakey)); + } + if ($tmpline =~ /Hash sizes tested/) { + $tt = 9; + die "Interface function hmac for HMAC testing not defined for tested library" + if (!defined($hmac)); + } elsif ($tmpline =~ /ANSI X9\.31/ && $tmpline =~ /MCT/) { + $tt = 8; + die "Interface function state_rng for RNG MCT not defined for tested library" + if (!defined($state_rng)); + } elsif ($tmpline =~ /ANSI X9\.31/ && $tmpline =~ /VST/) { + $tt = 7; + die "Interface function state_rng for RNG KAT not defined for tested library" + if (!defined($state_rng)); + } elsif ($tmpline =~ /SigVer/ ) { + $tt = 6; + die "Interface function rsa_verify or gen_rsakey for RSA verification not defined for tested library" + if (!defined($rsa_verify) || !defined($gen_rsakey)); + } elsif ($tmpline =~ /SigGen/ ) { + $tt = 5; + die "Interface function rsa_sign or gen_rsakey for RSA sign not defined for tested library" + if (!defined($rsa_sign) || !defined($gen_rsakey)); + } elsif ($tmpline =~ /Monte|MCT|Carlo/ && $cipher =~ /^sha/) { + $tt = 4; + die "Interface function hash for Hashing not defined for tested library" + if (!defined($hash)); + } elsif ($tmpline =~ /Monte|MCT|Carlo/) { + $tt = 2; + die "Interface function state_cipher for Stateful Cipher operation defined for tested library" + if (!defined($state_cipher)); + } elsif ($cipher =~ /^sha/) { + $tt = 3; + die "Interface function hash for Hashing not defined for tested library" + if (!defined($hash)); + } else { + $tt = 1; + die "Interface function encdec for Encryption/Decryption not defined for tested library" + if (!defined($encdec)); + } } } @@ -1449,12 +1486,20 @@ } # Get the test data - if ($line =~ /^(KEY|KEYs|KEY1|Key)\s*=\s*(.*)/) { # found in ciphers and RNG + if ($line =~ /^(KEY|KEY1|Key)\s*=\s*(.*)/) { # found in ciphers and RNG die "KEY seen twice - input file crap" if ($key1 ne ""); $keytype=$1; $key1=$2; $key1 =~ s/\s//g; #replace potential white spaces } + elsif ($line =~ /^(KEYs)\s*=\s*(.*)/) { # found in ciphers and RNG + die "KEY seen twice - input file crap" if ($key1 ne ""); + $keytype=$1; + $key1=$2; + $key1 =~ s/\s//g; #replace potential white spaces + $key2 = $key1; + $key3 = $key1; + } elsif ($line =~ /^KEY2\s*=\s*(.*)/) { # found in TDES die "First key not set, but got already second key - input file crap" if ($key1 eq ""); die "KEY2 seen twice - input file crap" if (defined($key2)); Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-11-05 19:13:22 UTC (rev 1355) +++ trunk/tests/fipsdrv.c 2008-11-07 16:07:02 UTC (rev 1356) @@ -70,9 +70,6 @@ /* We need to know whetehr we are in loop_mode. */ static int loop_mode; -/* If true the input vectors are printed before and after encryption - and decryption. */ -static int print_ivs; /* ASN.1 classes. */ enum @@ -212,6 +209,78 @@ return buffer; } + +static char * +read_textline (FILE *fp) +{ + char line[256]; + char *p; + int any = 0; + + /* Read line but skip over initial empty lines. */ + do + { + do + { + if (!fgets (line, sizeof line, fp)) + { + if (feof (fp)) + return NULL; + die ("error reading input line: %s\n", strerror (errno)); + } + p = strchr (line, '\n'); + if (p) + *p = 0; + p = line + (*line? (strlen (line)-1):0); + for ( ;p > line; p--) + if (my_isascii (*p) && isspace (*p)) + *p = 0; + } + while (!any && !*line); + any = 1; + } + while (*line == '#'); /* Always skip comment lines. */ + return gcry_xstrdup (line); +} + +static char * +read_hexline (FILE *fp, size_t *retlen) +{ + char *line, *p; + + line = read_textline (fp); + if (!line) + return NULL; + p = hex2buffer (line, retlen); + if (!p) + die ("error decoding hex string on input\n"); + gcry_free (line); + return p; +} + +static void +skip_to_empty_line (FILE *fp) +{ + char line[256]; + char *p; + + do + { + if (!fgets (line, sizeof line, fp)) + { + if (feof (fp)) + return; + die ("error reading input line: %s\n", strerror (errno)); + } + p = strchr (line, '\n'); + if (p) + *p =0; + } + while (*line); +} + + + /* Read a file from stream FP into a newly allocated buffer and return that buffer. The valid length of the buffer is stored at R_LENGTH. Returns NULL on failure. If decode is set, the file is assumed to @@ -909,58 +978,131 @@ else inbuflen = datalen; - if (print_ivs) - { - /* If we want to print the input vectors we need to pass the - data block by block to the encryption function. */ - unsigned char tmp[17]; - const unsigned char *iptr = data; - size_t ilen; - - do - { - ilen = inbuflen > blocklen? blocklen : inbuflen; - - if (gcry_cipher_ctl (hd, PRIV_CTL_GET_INPUT_VECTOR, - tmp, sizeof tmp)) - die ("error getting input block\n"); - print_buffer (tmp+1, *tmp); - putchar ('\n'); + if (encrypt_mode) + err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, inbuflen); + else + err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, inbuflen); + if (err) + die ("gcry_cipher_%scrypt failed: %s\n", + encrypt_mode? "en":"de", gpg_strerror (err)); + + print_buffer (outbuf, outbuflen); + } + while (inbuf); - if (encrypt_mode) - err = gcry_cipher_encrypt (hd, outbuf, blocklen, iptr, ilen); - else - err = gcry_cipher_decrypt (hd, outbuf, blocklen, iptr, ilen); - if (err) - die ("gcry_cipher_%scrypt failed: %s\n", - encrypt_mode? "en":"de", gpg_strerror (err)); - - print_buffer (outbuf, blocklen); - putchar ('\n'); + gcry_cipher_close (hd); + gcry_free (outbuf); + gcry_free (inbuf); +} - iptr += ilen; - inbuflen -= ilen; - } - while (inbuflen); - } + +static void +get_current_iv (gcry_cipher_hd_t hd, void *buffer, size_t buflen) +{ + unsigned char tmp[17]; + + if (gcry_cipher_ctl (hd, PRIV_CTL_GET_INPUT_VECTOR, tmp, sizeof tmp)) + die ("error getting current input vector\n"); + if (buflen > *tmp) + die ("buffer too short to store the current input vector\n"); + memcpy (buffer, tmp+1, *tmp); +} + +/* Run the inner loop of the CAVS monte carlo test. */ +static void +run_cipher_mct_loop (int encrypt_mode, int cipher_algo, int cipher_mode, + const void *iv_buffer, size_t iv_buflen, + const void *key_buffer, size_t key_buflen, + const void *data, size_t datalen, int iterations) +{ + gpg_error_t err; + gcry_cipher_hd_t hd; + size_t blocklen; + int count; + char input[16]; + char output[16]; + char last_output[16]; + char last_last_output[16]; + char last_iv[16]; + + + err = gcry_cipher_open (&hd, cipher_algo, cipher_mode, 0); + if (err) + die ("gcry_cipher_open failed for algo %d, mode %d: %s\n", + cipher_algo, cipher_mode, gpg_strerror (err)); + + blocklen = gcry_cipher_get_algo_blklen (cipher_algo); + if (!blocklen || blocklen > sizeof output) + die ("invalid block length %d\n", blocklen); + + + gcry_cipher_ctl (hd, PRIV_CTL_DISABLE_WEAK_KEY, NULL, 0); + + err = gcry_cipher_setkey (hd, key_buffer, key_buflen); + if (err) + die ("gcry_cipher_setkey failed with keylen %u: %s\n", + (unsigned int)key_buflen, gpg_strerror (err)); + + if (iv_buffer) + { + err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen); + if (err) + die ("gcry_cipher_setiv failed with ivlen %u: %s\n", + (unsigned int)iv_buflen, gpg_strerror (err)); + } + + if (datalen != blocklen) + die ("length of input (%u) does not match block length (%u)\n", + (unsigned int)datalen, (unsigned int)blocklen); + memcpy (input, data, datalen); + memset (output, 0, sizeof output); + for (count=0; count < iterations; count++) + { + memcpy (last_last_output, last_output, sizeof last_output); + memcpy (last_output, output, sizeof output); + + get_current_iv (hd, last_iv, blocklen); + + if (encrypt_mode) + err = gcry_cipher_encrypt (hd, output, blocklen, input, blocklen); else + err = gcry_cipher_decrypt (hd, output, blocklen, input, blocklen); + if (err) + die ("gcry_cipher_%scrypt failed: %s\n", + encrypt_mode? "en":"de", gpg_strerror (err)); + + + if (encrypt_mode && (cipher_mode == GCRY_CIPHER_MODE_CFB + || cipher_mode == GCRY_CIPHER_MODE_CBC)) + memcpy (input, last_iv, blocklen); + else if (cipher_mode == GCRY_CIPHER_MODE_OFB) + memcpy (input, last_iv, blocklen); + else if (!encrypt_mode && cipher_mode == GCRY_CIPHER_MODE_CFB) { - if (encrypt_mode) - err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, inbuflen); - else - err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, inbuflen); - if (err) - die ("gcry_cipher_%scrypt failed: %s\n", - encrypt_mode? "en":"de", gpg_strerror (err)); - - print_buffer (outbuf, outbuflen); + /* Reconstruct the output vector. */ + int i; + for (i=0; i < blocklen; i++) + input[i] ^= output[i]; } + else + memcpy (input, output, blocklen); } - while (inbuf); + print_buffer (output, blocklen); + putchar ('\n'); + print_buffer (last_output, blocklen); + putchar ('\n'); + print_buffer (last_last_output, blocklen); + putchar ('\n'); + get_current_iv (hd, last_iv, blocklen); + print_buffer (last_iv, blocklen); /* Last output vector. */ + putchar ('\n'); + print_buffer (input, blocklen); /* Next input text. */ + putchar ('\n'); + putchar ('\n'); + fflush (stdout); + gcry_cipher_close (hd); - gcry_free (outbuf); - gcry_free (inbuf); } @@ -1367,7 +1509,7 @@ " --signature NAME Take signature from file NAME\n" " --chunk N Read in chunks of N bytes (implies --binary)\n" " --pkcs1 Use PKCS#1 encoding\n" - " --print-ivs Print input vectors\n" + " --mct-server Run a monte carlo test server\n" " --loop Enable random loop mode\n" " --progress Print pogress indicators\n" " --help Print this text\n" @@ -1395,6 +1537,7 @@ void *data; size_t datalen; size_t chunksize = 0; + int mct_server = 0; if (argc) @@ -1504,9 +1647,9 @@ use_pkcs1 = 1; argc--; argv++; } - else if (!strcmp (*argv, "--print-ivs")) + else if (!strcmp (*argv, "--mct-server")) { - print_ivs = 1; + mct_server = 1; argc--; argv++; } } @@ -1544,6 +1687,7 @@ /* Most operations need some input data. */ if (!chunksize + && !mct_server && strcmp (mode_string, "random") && strcmp (mode_string, "rsa-gen") ) { @@ -1564,7 +1708,8 @@ if (!strcmp (mode_string, "encrypt") || !strcmp (mode_string, "decrypt")) { int cipher_algo, cipher_mode; - void *iv_buffer, *key_buffer; + void *iv_buffer = NULL; + void *key_buffer = NULL; size_t iv_buflen, key_buflen; if (!algo_string) @@ -1572,30 +1717,70 @@ cipher_algo = map_openssl_cipher_name (algo_string, &cipher_mode); if (!cipher_algo) die ("cipher algorithm `%s' is not supported\n", algo_string); - if (cipher_mode != GCRY_CIPHER_MODE_ECB) + if (mct_server) { - if (!iv_string) - die ("option --iv is required in this mode\n"); - iv_buffer = hex2buffer (iv_string, &iv_buflen); - if (!iv_buffer) - die ("invalid value for IV\n"); + int iterations; + + for (;;) + { + gcry_free (key_buffer); key_buffer = NULL; + gcry_free (iv_buffer); iv_buffer = NULL; + gcry_free (data); data = NULL; + if (!(key_buffer = read_textline (input))) + { + if (feof (input)) + break; + die ("no version info in input\n"); + } + if (atoi (key_buffer) != 1) + die ("unsupported input version %s\n", key_buffer); + gcry_free (key_buffer); + if (!(key_buffer = read_textline (input))) + die ("no iteration count in input\n"); + iterations = atoi (key_buffer); + gcry_free (key_buffer); + if (!(key_buffer = read_hexline (input, &key_buflen))) + die ("no key in input\n"); + if (!(iv_buffer = read_hexline (input, &iv_buflen))) + die ("no IV in input\n"); + if (!(data = read_hexline (input, &datalen))) + die ("no data in input\n"); + skip_to_empty_line (input); + + run_cipher_mct_loop ((*mode_string == 'e'), + cipher_algo, cipher_mode, + iv_buffer, iv_buflen, + key_buffer, key_buflen, + data, datalen, iterations); + } } else { - iv_buffer = NULL; - iv_buflen = 0; + if (cipher_mode != GCRY_CIPHER_MODE_ECB) + { + if (!iv_string) + die ("option --iv is required in this mode\n"); + iv_buffer = hex2buffer (iv_string, &iv_buflen); + if (!iv_buffer) + die ("invalid value for IV\n"); + } + else + { + iv_buffer = NULL; + iv_buflen = 0; + } + if (!key_string) + die ("option --key is required in this mode\n"); + key_buffer = hex2buffer (key_string, &key_buflen); + if (!key_buffer) + die ("invalid value for KEY\n"); + + run_encrypt_decrypt ((*mode_string == 'e'), + cipher_algo, cipher_mode, + iv_buffer, iv_buflen, + key_buffer, key_buflen, + data, data? datalen:chunksize, input); } - if (!key_string) - die ("option --key is required in this mode\n"); - key_buffer = hex2buffer (key_string, &key_buflen); - if (!key_buffer) - die ("invalid value for KEY\n"); - - run_encrypt_decrypt ((*mode_string == 'e'), - cipher_algo, cipher_mode, - iv_buffer, iv_buflen, - key_buffer, key_buflen, - data, data? datalen:chunksize, input); gcry_free (key_buffer); gcry_free (iv_buffer); } @@ -1608,6 +1793,8 @@ algo = gcry_md_map_name (algo_string); if (!algo) die ("digest algorithm `%s' is not supported\n", algo_string); + if (!data) + die ("no data available (do not use --chunk)\n"); run_digest (algo, data, datalen); } From cvs at cvs.gnupg.org Mon Nov 10 18:59:22 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 10 Nov 2008 18:59:22 +0100 Subject: [svn] GpgOL - r283 - in trunk: po src Message-ID: Author: wk Date: 2008-11-10 18:59:21 +0100 (Mon, 10 Nov 2008) New Revision: 283 Modified: trunk/po/de.po trunk/po/sv.po trunk/src/ChangeLog trunk/src/engine-assuan.c trunk/src/engine.c Log: Ask the user whether he want to try starting the ui-server again. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-11-03 13:56:34 UTC (rev 282) +++ trunk/src/ChangeLog 2008-11-10 17:59:21 UTC (rev 283) @@ -1,3 +1,10 @@ +2008-11-10 Werner Koch + + * engine.c (engine_init): Allow the user to try again if the + server did not come up. + * engine-assuan.c (connect_uiserver, op_assuan_init): Add a hack + to reset the retry counter. + 2008-11-03 Werner Koch * mimemaker.c (do_mime_sign): Add arg SESSION_NUMBER and pass it Modified: trunk/po/de.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/src/engine-assuan.c =================================================================== --- trunk/src/engine-assuan.c 2008-11-03 13:56:34 UTC (rev 282) +++ trunk/src/engine-assuan.c 2008-11-10 17:59:21 UTC (rev 283) @@ -455,6 +455,13 @@ gpg_error_t err; assuan_context_t ctx; + if (!r_ctx && !r_pid && !r_cmdid && !hwnd) + { + InterlockedExchange (&retry_counter, 0); + return 0; + } + + *r_ctx = NULL; *r_pid = (pid_t)(-1); *r_cmdid = 0; @@ -570,6 +577,9 @@ if (init_done) return 0; + /* Reset the retry counter. */ + connect_uiserver (NULL, NULL, NULL, NULL); + /* Run a test connection to see whether the UI server is available. */ err = connect_uiserver (&ctx, &pid, &cmdid, NULL); if (!err) Modified: trunk/src/engine.c =================================================================== --- trunk/src/engine.c 2008-11-03 13:56:34 UTC (rev 282) +++ trunk/src/engine.c 2008-11-10 17:59:21 UTC (rev 283) @@ -421,7 +421,15 @@ if (err) return err; - err = op_assuan_init (); + do + err = op_assuan_init (); + while (err + && MessageBox (NULL, + _("The user interface server is not available " + "or could not be started in time. You may " + "want to try again."), + _("GpgOL"), + MB_ICONQUESTION|MB_RETRYCANCEL) == IDRETRY); if (err) { use_assuan = 0; From cvs at cvs.gnupg.org Mon Nov 10 20:18:28 2008 From: cvs at cvs.gnupg.org (svn author mo) Date: Mon, 10 Nov 2008 20:18:28 +0100 Subject: [svn] gpg-error - r207 - in trunk: . lang/cl Message-ID: Author: mo Date: 2008-11-10 20:18:28 +0100 (Mon, 10 Nov 2008) New Revision: 207 Modified: trunk/ChangeLog trunk/lang/cl/gpg-error.lisp Log: 2008-11-08 Moritz * lang/cl/gpg-error.lisp ("gpg_err_code_from_syserror"): Fix defcfun: removed "(void)". * lang/cl/gpg-error.lisp (size-t): Wrong call to defctype: function accepts optional, not keyword argument. (gpg-error-t): Likewise. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-10-29 12:52:44 UTC (rev 206) +++ trunk/ChangeLog 2008-11-10 19:18:28 UTC (rev 207) @@ -1,3 +1,12 @@ +2008-11-08 Moritz + + * lang/cl/gpg-error.lisp ("gpg_err_code_from_syserror"): Fix + defcfun: removed "(void)". + + * lang/cl/gpg-error.lisp (size-t): Wrong call to defctype: + function accepts optional, not keyword argument. + (gpg-error-t): Likewise. + 2008-10-29 Marcus Brinkmann * src/mkstrtable.awk: Make generated code -W clean to silence gcc Modified: trunk/lang/cl/gpg-error.lisp =================================================================== --- trunk/lang/cl/gpg-error.lisp 2008-10-29 12:52:44 UTC (rev 206) +++ trunk/lang/cl/gpg-error.lisp 2008-11-10 19:18:28 UTC (rev 207) @@ -31,8 +31,7 @@ ;;; System dependencies. -(defctype size-t :unsigned-int - :documentation "The system size_t type.") +(defctype size-t :unsigned-int "The system size_t type.") ;;; Error sources. @@ -62,8 +61,7 @@ ;;; libgpg-error-codes.lisp is loaded by ASDF. -(defctype gpg-error-t :unsigned-int - :documentation "The GPG error code type.") +(defctype gpg-error-t :unsigned-int "The GPG error code type.") ;;; Bit mask manipulation constants. @@ -111,8 +109,7 @@ (code gpg-err-code-t)) (defcfun ("gpg_err_code_from_syserror" - c-gpg-err-code-from-syserror) gpg-err-code-t - (void)) + c-gpg-err-code-from-syserror) gpg-err-code-t) ;;; Self-documenting convenience functions. From cvs at cvs.gnupg.org Tue Nov 11 09:22:10 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Nov 2008 09:22:10 +0100 Subject: [svn] GnuPG - r4869 - in trunk: . agent jnlib po scd tools Message-ID: Author: wk Date: 2008-11-11 09:22:06 +0100 (Tue, 11 Nov 2008) New Revision: 4869 Modified: trunk/NEWS trunk/TODO trunk/agent/ChangeLog trunk/agent/call-scd.c trunk/agent/command.c trunk/jnlib/stringhelp.c trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po trunk/scd/ChangeLog trunk/scd/command.c trunk/tools/clean-sat.c Log: Minor cleanups. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/agent/ChangeLog 2008-11-11 08:22:06 UTC (rev 4869) @@ -1,3 +1,13 @@ +2008-11-11 Werner Koch + + * call-scd.c (membuf_data_cb): Change return type to + assuan_error_t to avoid warnings with newer libassuan versions. + +2008-11-04 Werner Koch + + * command.c (cmd_killagent): Stop the agent immediately. + (start_command_handler): Take care of GPG_ERR_EOF. + 2008-10-29 Werner Koch * gpg-agent.c (main): Move USE_STANDARD_SOCKET to the outer scope. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/scd/ChangeLog 2008-11-11 08:22:06 UTC (rev 4869) @@ -1,5 +1,10 @@ 2008-11-03 Werner Koch + * command.c (server_local_s): Add field DISCONNECT_ALLOWED. + (cmd_disconnect): Implement command. + (open_card): Reset disconnect flag. + (update_reader_status_file): Disconnect if allowed. + * app-common.h (app_ctx_s): Remove INITIALIZED. Make REF_COUNT unsigned. * app.c (select_application): Remove INITIALIZED. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/NEWS 2008-11-11 08:22:06 UTC (rev 4869) @@ -35,6 +35,9 @@ * [w32] The sysconf directory has been moved from a subdirectory of the installation directory to %CSIDL_COMMON_APPDATA%/GNU/etc/gnupg. + * [w32] The gnupg2.nls directory is not anymore used. The standard + locale directory is now used. + * The gpg-preset-passphrase mechanism works again. * Admin PINs are cached again (bug in 2.0.9). Modified: trunk/TODO =================================================================== --- trunk/TODO 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/TODO 2008-11-11 08:22:06 UTC (rev 4869) @@ -59,20 +59,14 @@ * scd ** Application context vs. reader slot We have 2 concurrent method of tracking whether a reader is in use: - Using the session_list in command.c and the lock_table in app.c. IT + Using the session_list in command.c and the lock_table in app.c. It would be better to do this just at one place. First we need to see how we can support cards with multiple applications. -** Detecting a removed card works only after the ticker detected it. - We should check the card status in open-card to make this smoother. - Needs to be integrated with the status file update, though. It is - not a real problem because application will get a card removed - status and should then send a reset to try solving the problem. ** Resolve fixme in do_sign of app-dinsig. ** Add a regression test to check the extkeyusage. * Windows port (W32) -** No card status notifications. ** Regex support is disabled We need to adjust the test to find the regex we have anyway in gpg4win. Is that regex compatible to the OpenPGP requirement? @@ -91,6 +85,7 @@ ** issue a NO_SECKEY xxxx if a -u key was not found. * Extend selinux support to other modules + See also http://etbe.coker.com.au/2008/06/06/se-linux-support-gpg/ * UTF-8 specific TODOs None. @@ -101,10 +96,8 @@ some more work. * Bugs -** After disabling scdaemon and sending a HUP - scdaemon stays as a zombie and gpg-agent does not perform any more - commands. + * Howtos ** Migrate OpenPGP keys to another system Modified: trunk/agent/call-scd.c =================================================================== --- trunk/agent/call-scd.c 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/agent/call-scd.c 2008-11-11 08:22:06 UTC (rev 4869) @@ -710,7 +710,7 @@ -static int +static assuan_error_t membuf_data_cb (void *opaque, const void *buffer, size_t length) { membuf_t *data = opaque; Modified: trunk/agent/command.c =================================================================== --- trunk/agent/command.c 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/agent/command.c 2008-11-11 08:22:06 UTC (rev 4869) @@ -1362,8 +1362,11 @@ cmd_killagent (assuan_context_t ctx, char *line) { ctrl_t ctrl = assuan_get_pointer (ctx); + + (void)line; + ctrl->server_local->stopme = 1; - return 0; + return gpg_error (GPG_ERR_EOF); } /* RELOADAGENT @@ -1373,6 +1376,9 @@ static int cmd_reloadagent (assuan_context_t ctx, char *line) { + (void)ctx; + (void)line; + agent_sighup_action (); return 0; } @@ -1666,7 +1672,7 @@ for (;;) { rc = assuan_accept (ctx); - if (rc == -1) + if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1) { break; } Modified: trunk/jnlib/stringhelp.c =================================================================== --- trunk/jnlib/stringhelp.c 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/jnlib/stringhelp.c 2008-11-11 08:22:06 UTC (rev 4869) @@ -42,9 +42,9 @@ static inline char * change_slashes (char *name) { +#ifdef HAVE_DRIVE_LETTERS char *p; -#ifdef HAVE_DRIVE_LETTERS if (strchr (name, '\\')) { for (p=name; *p; p++) Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] Modified: trunk/scd/command.c =================================================================== --- trunk/scd/command.c 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/scd/command.c 2008-11-11 08:22:06 UTC (rev 4869) @@ -111,6 +111,9 @@ /* True if the card has been removed and a reset is required to continue operation. */ int card_removed; + + /* A disconnect command has been sent. */ + int disconnect_allowed; }; @@ -408,7 +411,10 @@ { /* Fixme: We should move the apdu_connect call to select_application. */ - int sw = apdu_connect (slot); + int sw; + + ctrl->server_local->disconnect_allowed = 0; + sw = apdu_connect (slot); if (sw && sw != SW_HOST_ALREADY_CONNECTED) { if (sw == SW_HOST_NO_CARD) @@ -1655,15 +1661,18 @@ /* DISCONNECT - TBD - -*/ + Disconnect the card if it is not any longer used by other + connections and the backend supports a disconnect operation. + */ static int cmd_disconnect (assuan_context_t ctx, char *line) { - (void)ctx; + ctrl_t ctrl = assuan_get_pointer (ctx); + (void)line; - return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + + ctrl->server_local->disconnect_allowed = 1; + return 0; } @@ -1975,6 +1984,7 @@ for (idx=0; idx < DIM(slot_table); idx++) { struct slot_status_s *ss = slot_table + idx; + struct server_local_s *sl; if (!ss->valid || ss->slot == -1) continue; /* Not valid or reader not yet open. */ @@ -1987,7 +1997,6 @@ char *fname; char templ[50]; FILE *fp; - struct server_local_s *sl; log_info ("updating status of slot %d to 0x%04X\n", ss->slot, status); @@ -2084,6 +2093,18 @@ } } + + /* Check whether a disconnect is pending. */ + for (sl=session_list; sl; sl = sl->next_session) + if (!sl->disconnect_allowed) + break; + if (session_list && !sl) + { + /* At least one connection and all allow a disconnect. */ + log_debug ("disconnecting card in slot %d\n", ss->slot); + apdu_disconnect (ss->slot); + } + } } Modified: trunk/tools/clean-sat.c =================================================================== --- trunk/tools/clean-sat.c 2008-11-04 19:54:02 UTC (rev 4868) +++ trunk/tools/clean-sat.c 2008-11-11 08:22:06 UTC (rev 4869) @@ -17,6 +17,8 @@ { int c; + (void)argv; + if( argc > 1 ) { fprintf(stderr, "no arguments, please\n"); return 1; From cvs at cvs.gnupg.org Tue Nov 11 12:45:20 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Nov 2008 12:45:20 +0100 Subject: [svn] GnuPG - r4870 - in trunk: jnlib kbx po Message-ID: Author: wk Date: 2008-11-11 12:45:17 +0100 (Tue, 11 Nov 2008) New Revision: 4870 Modified: trunk/jnlib/w32-gettext.c trunk/kbx/ChangeLog trunk/kbx/Makefile.am trunk/po/be.po trunk/po/ca.po trunk/po/cs.po trunk/po/da.po trunk/po/de.po trunk/po/el.po trunk/po/eo.po trunk/po/es.po trunk/po/et.po trunk/po/fi.po trunk/po/fr.po trunk/po/gl.po trunk/po/hu.po trunk/po/id.po trunk/po/it.po trunk/po/ja.po trunk/po/nb.po trunk/po/pl.po trunk/po/pt.po trunk/po/pt_BR.po trunk/po/ro.po trunk/po/ru.po trunk/po/sk.po trunk/po/sv.po trunk/po/tr.po trunk/po/zh_CN.po trunk/po/zh_TW.po Log: Reorder libs in kbx. Modified: trunk/kbx/ChangeLog =================================================================== --- trunk/kbx/ChangeLog 2008-11-11 08:22:06 UTC (rev 4869) +++ trunk/kbx/ChangeLog 2008-11-11 11:45:17 UTC (rev 4870) @@ -1,3 +1,8 @@ +2008-11-11 Werner Koch + + * Makefile.am (kbxutil_LDADD): Change order of libs. + ($(PROGRAMS)): Ditto for documentation. + 2008-10-20 Werner Koch * keybox-update.c (blob_filecopy): Remove unused arg n_packets. Modified: trunk/jnlib/w32-gettext.c =================================================================== --- trunk/jnlib/w32-gettext.c 2008-11-11 08:22:06 UTC (rev 4869) +++ trunk/jnlib/w32-gettext.c 2008-11-11 11:45:17 UTC (rev 4870) @@ -69,7 +69,7 @@ /* Written by Ulrich Drepper , 1995. */ /* Win32 code written by Tor Lillqvist . */ -/* Renamed _nl_locale_name, removed unsed carg, removed include files, +/* Renamed _nl_locale_name, removed unsed args, removed include files, non-W32 code and changed comments . */ /* Mingw headers don't have latest language and sublanguage codes. */ Modified: trunk/kbx/Makefile.am =================================================================== --- trunk/kbx/Makefile.am 2008-11-11 08:22:06 UTC (rev 4869) +++ trunk/kbx/Makefile.am 2008-11-11 11:45:17 UTC (rev 4870) @@ -46,8 +46,8 @@ # requires it - although we don't actually need it. It is easier # to do it this way. kbxutil_SOURCES = kbxutil.c $(common_sources) -kbxutil_LDADD = ../jnlib/libjnlib.a ../gl/libgnu.a ../common/libcommon.a \ +kbxutil_LDADD = ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a \ $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \ $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV) $(W32SOCKLIBS) -$(PROGRAMS) : ../jnlib/libjnlib.a ../gl/libgnu.a ../common/libcommon.a +$(PROGRAMS) : ../common/libcommon.a ../jnlib/libjnlib.a ../gl/libgnu.a Modified: trunk/po/be.po [not shown] Modified: trunk/po/ca.po [not shown] Modified: trunk/po/cs.po [not shown] Modified: trunk/po/da.po [not shown] Modified: trunk/po/de.po [not shown] Modified: trunk/po/el.po [not shown] Modified: trunk/po/eo.po [not shown] Modified: trunk/po/es.po [not shown] Modified: trunk/po/et.po [not shown] Modified: trunk/po/fi.po [not shown] Modified: trunk/po/fr.po [not shown] Modified: trunk/po/gl.po [not shown] Modified: trunk/po/hu.po [not shown] Modified: trunk/po/id.po [not shown] Modified: trunk/po/it.po [not shown] Modified: trunk/po/ja.po [not shown] Modified: trunk/po/nb.po [not shown] Modified: trunk/po/pl.po [not shown] Modified: trunk/po/pt.po [not shown] Modified: trunk/po/pt_BR.po [not shown] Modified: trunk/po/ro.po [not shown] Modified: trunk/po/ru.po [not shown] Modified: trunk/po/sk.po [not shown] Modified: trunk/po/sv.po [not shown] Modified: trunk/po/tr.po [not shown] Modified: trunk/po/zh_CN.po [not shown] Modified: trunk/po/zh_TW.po [not shown] From cvs at cvs.gnupg.org Tue Nov 11 19:06:20 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Nov 2008 19:06:20 +0100 Subject: [svn] GpgOL - r284 - in trunk: . po Message-ID: Author: wk Date: 2008-11-11 19:06:20 +0100 (Tue, 11 Nov 2008) New Revision: 284 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac trunk/po/de.po Log: Preparing 0.10.16 release Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-11-10 17:59:21 UTC (rev 283) +++ trunk/ChangeLog 2008-11-11 18:06:20 UTC (rev 284) @@ -1,3 +1,7 @@ +2008-11-11 Werner Koch + + Release 0.10.16. + 2008-10-27 Werner Koch * forms/gpgol-cs_de.cfg: New. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-10 17:59:21 UTC (rev 283) +++ trunk/NEWS 2008-11-11 18:06:20 UTC (rev 284) @@ -1,4 +1,4 @@ -Noteworthy changes for version 0.10.16 +Noteworthy changes for version 0.10.16 (2008-11-11) =================================================== * Fixed a regression in the last release with opaque signatures. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-11-10 17:59:21 UTC (rev 283) +++ trunk/configure.ac 2008-11-11 18:06:20 UTC (rev 284) @@ -17,7 +17,7 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [0.10.16]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) Modified: trunk/po/de.po [not shown] From cvs at cvs.gnupg.org Tue Nov 11 19:16:30 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 11 Nov 2008 19:16:30 +0100 Subject: [svn] GpgOL - r285 - tags Message-ID: Author: wk Date: 2008-11-11 19:16:30 +0100 (Tue, 11 Nov 2008) New Revision: 285 Added: tags/gpgol-0.10.16/ Log: Release tag From cvs at cvs.gnupg.org Tue Nov 18 12:12:36 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 18 Nov 2008 12:12:36 +0100 Subject: [svn] gpgme - r1346 - in trunk: . src tests tests/gpgsm Message-ID: Author: wk Date: 2008-11-18 12:12:36 +0100 (Tue, 18 Nov 2008) New Revision: 1346 Added: trunk/tests/gpgsm/cms-decrypt.c Modified: trunk/NEWS trunk/src/ChangeLog trunk/src/decrypt.c trunk/src/version.c trunk/tests/ChangeLog trunk/tests/gpgsm/Makefile.am Log: Fix SIGPIPE ignoring regression. Fix unsupported algorithm detection. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-11-03 17:24:09 UTC (rev 1345) +++ trunk/src/ChangeLog 2008-11-18 11:12:36 UTC (rev 1346) @@ -1,3 +1,11 @@ +2008-11-18 Werner Koch + + * version.c (do_subsystem_inits): Always initialize I/O + subsystem. Fixes regression from 2007-08-02. + + * decrypt.c (_gpgme_decrypt_status_handler): Use + _gpgme_map_gnupg_error to parse the error code for decrypt.algorithm. + 2008-10-30 Marcus Brinkmann * wait-private.c (_gpgme_wait_on_condition): Remove unused @@ -479,9 +487,9 @@ * w32-io.c (_gpgme_io_spawn): Ditto. (_gpgme_io_write): Map ERROR_NO_DATA to EPIPE. * debug.c (_gpgme_debug): Enable assuan logging. - (_gpgme_debug_subsystem_init): New. * version.c - (do_subsystem_inits): Disable assuan logging and initialize de - debug system. + (_gpgme_debug_subsystem_init): New. + * version.c (do_subsystem_inits): Disable assuan logging and + initialize the debug system. (gpgme_check_version): Do not trace before the subsystems are initialized. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-11-03 17:24:09 UTC (rev 1345) +++ trunk/tests/ChangeLog 2008-11-18 11:12:36 UTC (rev 1346) @@ -1,3 +1,7 @@ +2008-11-18 Werner Koch + + * gpgsm/cms-decrypt.c: New. + 2008-11-03 Marcus Brinkmann * gpgsm/Makefile.am (INCLUDES, LDADD): Replace gpgme path with src. @@ -4,6 +8,10 @@ * gpg/Makefile.am (INCLUDES, LDADD, t_thread1_LDADD): Likewise. * Makefile.am (LDADD): Likewise. +2008-10-30 Werner Koch + + * gpgsm/cms-keylist.c: New. + 2008-06-19 Werner Koch * gpg/t-gpgconf.c (dump_arg): Add new types. Print strings in Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-03 17:24:09 UTC (rev 1345) +++ trunk/NEWS 2008-11-18 11:12:36 UTC (rev 1346) @@ -1,6 +1,9 @@ Noteworthy changes in version 1.1.7 (unreleased) ------------------------------------------------ + * SIGPIPE is now again ignored as described in the manual. Fixes + regresion introduced with 1.1.6. + * Interface changes relative to the 1.1.7 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/src/decrypt.c =================================================================== --- trunk/src/decrypt.c 2008-11-03 17:24:09 UTC (rev 1345) +++ trunk/src/decrypt.c 2008-11-18 11:12:36 UTC (rev 1346) @@ -180,7 +180,6 @@ related to the backend. */ { const char d_alg[] = "decrypt.algorithm"; - const char u_alg[] = "Unsupported_Algorithm"; const char k_alg[] = "decrypt.keyusage"; if (!strncmp (args, d_alg, sizeof (d_alg) - 1)) @@ -189,11 +188,13 @@ while (*args == ' ') args++; - if (!strncmp (args, u_alg, sizeof (u_alg) - 1)) + if (gpg_err_code (_gpgme_map_gnupg_error (args)) + == GPG_ERR_UNSUPPORTED_ALGORITHM) { char *end; - args += sizeof (u_alg) - 1; + while (*args && *args != ' ') + args++; while (*args == ' ') args++; Modified: trunk/src/version.c =================================================================== --- trunk/src/version.c 2008-11-03 17:24:09 UTC (rev 1345) +++ trunk/src/version.c 2008-11-18 11:12:36 UTC (rev 1346) @@ -60,8 +60,8 @@ assuan_set_assuan_err_source (GPG_ERR_SOURCE_GPGME); #endif /*HAVE_ASSUAN_H*/ _gpgme_debug_subsystem_init (); + _gpgme_io_subsystem_init (); #if defined(HAVE_W32_SYSTEM) && defined(HAVE_ASSUAN_H) - _gpgme_io_subsystem_init (); /* We need to make sure that the sockets are initialized. */ { WSADATA wsadat; Modified: trunk/tests/gpgsm/Makefile.am =================================================================== --- trunk/tests/gpgsm/Makefile.am 2008-11-03 17:24:09 UTC (rev 1345) +++ trunk/tests/gpgsm/Makefile.am 2008-11-18 11:12:36 UTC (rev 1346) @@ -36,7 +36,7 @@ # We don't run t-genkey in the test suite, because it takes too long # and needs a working pinentry. -noinst_PROGRAMS = $(TESTS) t-genkey cms-keylist +noinst_PROGRAMS = $(TESTS) t-genkey cms-keylist cms-decrypt key_id = 32100C27173EF6E9C4E9A25D3D69F86D37A4F939 Added: trunk/tests/gpgsm/cms-decrypt.c =================================================================== --- trunk/tests/gpgsm/cms-decrypt.c (rev 0) +++ trunk/tests/gpgsm/cms-decrypt.c 2008-11-18 11:12:36 UTC (rev 1346) @@ -0,0 +1,108 @@ +/* cms-decrypt.c - Helper to debug the decrupt operation. + Copyright (C) 2008 g10 Code GmbH + + This file is part of GPGME. + + GPGME is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + GPGME is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see . +*/ + +/* We need to include config.h so that we know whether we are building + with large file system (LFS) support. */ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include + +#define PGM "cms-decrypt" + +#include "t-support.h" + +static const char * +nonnull (const char *s) +{ + return s? s :"[none]"; +} + + +int +main (int argc, char **argv) +{ + gpgme_error_t err; + gpgme_ctx_t ctx; + gpgme_data_t in, out; + gpgme_decrypt_result_t result; + gpgme_recipient_t recp; + + if (argc) + { argc--; argv++; } + + if (argc != 1) + { + fputs ("usage: " PGM " FILE\n", stderr); + exit (1); + } + + init_gpgme (GPGME_PROTOCOL_CMS); + + err = gpgme_new (&ctx); + fail_if_err (err); + gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS); + + + err = gpgme_data_new_from_file (&in, *argv, 1); + fail_if_err (err); + + err = gpgme_data_new (&out); + fail_if_err (err); + + err = gpgme_op_decrypt (ctx, in, out); + printf ("gpgme_op_decrypt: %s <%s> (%u)\n", + gpg_strerror (err), gpg_strsource (err), err); + result = gpgme_op_decrypt_result (ctx); + if (!result) + { + fputs (PGM ": error: decryption result missing\n", stderr); + exit (1); + } + + printf ("unsupported_algorithm: %s\n", + nonnull (result->unsupported_algorithm)); + printf ("wrong_key_usage: %u\n", result->wrong_key_usage); + printf ("file_name: %s\n", nonnull (result->file_name)); + for (recp = result->recipients; recp; recp = recp->next) + { + printf ("recipient.status: %s <%s> (%u)\n", + gpg_strerror (recp->status), gpg_strsource (recp->status), + recp->status); + printf ("recipient.pkalgo: %d\n", recp->pubkey_algo); + printf ("recipient.keyid : %s\n", nonnull (recp->keyid)); + } + + if (!err) + { + puts ("plaintext:"); + print_data (out); + gpgme_data_release (out); + } + + gpgme_data_release (in); + + gpgme_release (ctx); + return 0; +} From cvs at cvs.gnupg.org Tue Nov 18 18:09:08 2008 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 18 Nov 2008 18:09:08 +0100 Subject: [svn] GnuPG - r4874 - branches/STABLE-BRANCH-1-4/keyserver Message-ID: Author: dshaw Date: 2008-11-18 18:09:07 +0100 (Tue, 18 Nov 2008) New Revision: 4874 Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_finger.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c Log: * curl-shim.h (curl_version): No need to provide a version for curl-shim as it always matches the GnuPG version. * gpgkeys_curl.c, gpgkeys_hkp.c (main): Show which version of curl we're using as part of --version. * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_hkp.c, gpgkeys_ldap.c (show_help): Document --version. Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2008-11-13 12:37:45 UTC (rev 4873) +++ branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2008-11-18 17:09:07 UTC (rev 4874) @@ -1,3 +1,14 @@ +2008-11-18 David Shaw + + * curl-shim.h (curl_version): No need to provide a version for + curl-shim as it always matches the GnuPG version. + + * gpgkeys_curl.c, gpgkeys_hkp.c (main): Show which version of curl + we're using as part of --version. + + * gpgkeys_curl.c, gpgkeys_finger.c, gpgkeys_hkp.c, + gpgkeys_ldap.c (show_help): Document --version. + 2008-04-14 David Shaw * gpgkeys_curl.c (main), gpgkeys_hkp.c (main): Make sure all Modified: branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h 2008-11-13 12:37:45 UTC (rev 4873) +++ branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h 2008-11-18 17:09:07 UTC (rev 4874) @@ -91,7 +91,7 @@ void curl_easy_cleanup(CURL *curl); char *curl_easy_escape(CURL *curl,char *str,int len); #define curl_free(x) free(x) -#define curl_version() "GnuPG curl-shim "VERSION +#define curl_version() "GnuPG curl-shim" curl_version_info_data *curl_version_info(int type); #endif /* !_CURL_SHIM_H_ */ Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2008-11-13 12:37:45 UTC (rev 4873) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2008-11-18 17:09:07 UTC (rev 4874) @@ -103,9 +103,10 @@ static void show_help (FILE *fp) { - fprintf (fp,"-h\thelp\n"); - fprintf (fp,"-V\tversion\n"); - fprintf (fp,"-o\toutput to this file\n"); + fprintf (fp,"-h, --help\thelp\n"); + fprintf (fp,"-V\t\tmachine readable version\n"); + fprintf (fp,"--version\thuman readable version\n"); + fprintf (fp,"-o\t\toutput to this file\n"); } int @@ -123,7 +124,7 @@ /* Kludge to implement standard GNU options. */ if (argc > 1 && !strcmp (argv[1], "--version")) { - fputs ("gpgkeys_curl (GnuPG) " VERSION"\n", stdout); + printf("gpgkeys_curl (GnuPG) "VERSION" (uses %s)\n",curl_version()); return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_finger.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_finger.c 2008-11-13 12:37:45 UTC (rev 4873) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_finger.c 2008-11-18 17:09:07 UTC (rev 4874) @@ -352,9 +352,10 @@ static void show_help (FILE *fp) { - fprintf (fp,"-h\thelp\n"); - fprintf (fp,"-V\tversion\n"); - fprintf (fp,"-o\toutput to this file\n"); + fprintf (fp,"-h, --help\thelp\n"); + fprintf (fp,"-V\t\tmachine readable version\n"); + fprintf (fp,"--version\thuman readable version\n"); + fprintf (fp,"-o\t\toutput to this file\n"); } int Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2008-11-13 12:37:45 UTC (rev 4873) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2008-11-18 17:09:07 UTC (rev 4874) @@ -497,9 +497,10 @@ static void show_help (FILE *fp) { - fprintf (fp,"-h\thelp\n"); - fprintf (fp,"-V\tversion\n"); - fprintf (fp,"-o\toutput to this file\n"); + fprintf (fp,"-h, --help\thelp\n"); + fprintf (fp,"-V\t\tmachine readable version\n"); + fprintf (fp,"--version\thuman readable version\n"); + fprintf (fp,"-o\t\toutput to this file\n"); } int @@ -516,7 +517,7 @@ /* Kludge to implement standard GNU options. */ if (argc > 1 && !strcmp (argv[1], "--version")) { - fputs ("gpgkeys_hkp (GnuPG) " VERSION"\n", stdout); + printf("gpgkeys_hkp (GnuPG) "VERSION" (uses %s)\n",curl_version()); return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c 2008-11-13 12:37:45 UTC (rev 4873) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_ldap.c 2008-11-18 17:09:07 UTC (rev 4874) @@ -1778,9 +1778,10 @@ static void show_help (FILE *fp) { - fprintf (fp,"-h\thelp\n"); - fprintf (fp,"-V\tversion\n"); - fprintf (fp,"-o\toutput to this file\n"); + fprintf (fp,"-h, --help\thelp\n"); + fprintf (fp,"-V\t\tmachine readable version\n"); + fprintf (fp,"--version\thuman readable version\n"); + fprintf (fp,"-o\t\toutput to this file\n"); } int From cvs at cvs.gnupg.org Tue Nov 18 18:15:08 2008 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 18 Nov 2008 18:15:08 +0100 Subject: [svn] GnuPG - r4875 - branches/STABLE-BRANCH-1-4/g10 Message-ID: Author: dshaw Date: 2008-11-18 18:15:07 +0100 (Tue, 18 Nov 2008) New Revision: 4875 Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog branches/STABLE-BRANCH-1-4/g10/trustdb.c Log: * trustdb.c (validate_one_keyblock): Fix the trust signature calculations so that we lower the trust depth of signatures to fit within the current chain, rather than discarding any signature that does not fit within the trust depth. Modified: branches/STABLE-BRANCH-1-4/g10/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/g10/ChangeLog 2008-11-18 17:09:07 UTC (rev 4874) +++ branches/STABLE-BRANCH-1-4/g10/ChangeLog 2008-11-18 17:15:07 UTC (rev 4875) @@ -1,3 +1,10 @@ +2008-11-18 David Shaw + + * trustdb.c (validate_one_keyblock): Fix the trust signature + calculations so that we lower the trust depth of signatures to fit + within the current chain, rather than discarding any signature + that does not fit within the trust depth. + 2008-10-03 David Shaw * main.h, mainproc.c (check_sig_and_print), Modified: branches/STABLE-BRANCH-1-4/g10/trustdb.c =================================================================== --- branches/STABLE-BRANCH-1-4/g10/trustdb.c 2008-11-18 17:09:07 UTC (rev 4874) +++ branches/STABLE-BRANCH-1-4/g10/trustdb.c 2008-11-18 17:15:07 UTC (rev 4875) @@ -1,6 +1,6 @@ /* trustdb.c - * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, - * 2007 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, + * 2008 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -1933,50 +1933,72 @@ (uidnode && check_regexp(kr->trust_regexp, uidnode->pkt->pkt.user_id->name)))) { - if(DBG_TRUST && opt.trust_model==TM_PGP && sig->trust_depth) - log_debug("trust sig on %s, sig depth is %d, kr depth is %d\n", - uidnode->pkt->pkt.user_id->name,sig->trust_depth, - kr->trust_depth); - /* Are we part of a trust sig chain? We always favor the latest trust sig, rather than the greater or lesser trust sig or value. I could make a decent argument for any of these cases, but this seems to be what PGP does, and I'd like to be compatible. -dms */ - if(opt.trust_model==TM_PGP && sig->trust_depth - && pk->trust_timestamp<=sig->timestamp - && (sig->trust_depth<=kr->trust_depth - || kr->ownertrust==TRUST_ULTIMATE)) + if(opt.trust_model==TM_PGP + && sig->trust_depth + && pk->trust_timestamp<=sig->timestamp) { - /* If we got here, we know that: + byte depth; - this is a trust sig. + /* If the depth on the signature is less than the + chain currently has, then use the signature depth + so we don't increase the depth beyond what the + signer wanted. If the depth on the signature is + more than the chain currently has, then use the + chain depth so we use as much of the signature + depth as the chain will permit. An ultimately + trusted signature can restart the depth to + whatever level it likes. */ - it's a newer trust sig than any previous trust - sig on this key (not uid). + if(sig->trust_depthtrust_depth + || kr->ownertrust==TRUST_ULTIMATE) + depth=sig->trust_depth; + else + depth=kr->trust_depth; - it is legal in that it was either generated by an - ultimate key, or a key that was part of a trust - chain, and the depth does not violate the - original trust sig. + if(depth) + { + if(DBG_TRUST) + log_debug("trust sig on %s, sig depth is %d," + " kr depth is %d\n", + uidnode->pkt->pkt.user_id->name, + sig->trust_depth, + kr->trust_depth); - if there is a regexp attached, it matched - successfully. - */ + /* If we got here, we know that: - if(DBG_TRUST) - log_debug("replacing trust value %d with %d and " - "depth %d with %d\n", - pk->trust_value,sig->trust_value, - pk->trust_depth,sig->trust_depth); + this is a trust sig. - pk->trust_value=sig->trust_value; - pk->trust_depth=sig->trust_depth-1; + it's a newer trust sig than any previous trust + sig on this key (not uid). - /* If the trust sig contains a regexp, record it - on the pk for the next round. */ - if(sig->trust_regexp) - pk->trust_regexp=sig->trust_regexp; + it is legal in that it was either generated by an + ultimate key, or a key that was part of a trust + chain, and the depth does not violate the + original trust sig. + + if there is a regexp attached, it matched + successfully. + */ + + if(DBG_TRUST) + log_debug("replacing trust value %d with %d and " + "depth %d with %d\n", + pk->trust_value,sig->trust_value, + pk->trust_depth,depth); + + pk->trust_value=sig->trust_value; + pk->trust_depth=depth-1; + + /* If the trust sig contains a regexp, record it + on the pk for the next round. */ + if(sig->trust_regexp) + pk->trust_regexp=sig->trust_regexp; + } } if (kr->ownertrust == TRUST_ULTIMATE) From cvs at cvs.gnupg.org Tue Nov 18 19:01:04 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 18 Nov 2008 19:01:04 +0100 Subject: [svn] GnuPG - r4876 - in trunk: agent g10 scd sm Message-ID: Author: wk Date: 2008-11-18 19:01:03 +0100 (Tue, 18 Nov 2008) New Revision: 4876 Modified: trunk/agent/ChangeLog trunk/agent/gpg-agent.c trunk/g10/ChangeLog trunk/g10/gpg.c trunk/g10/gpgv.c trunk/scd/ChangeLog trunk/scd/scdaemon.c trunk/sm/ChangeLog trunk/sm/gpgsm.c Log: Print library versions according to GNU standards. Modified: trunk/agent/ChangeLog =================================================================== --- trunk/agent/ChangeLog 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/agent/ChangeLog 2008-11-18 18:01:03 UTC (rev 4876) @@ -1,3 +1,8 @@ +2008-11-18 Werner Koch + + * gpg-agent.c (make_libversion): New. + (my_strusage): Print libgcrypt version + 2008-11-11 Werner Koch * call-scd.c (membuf_data_cb): Change return type to Modified: trunk/g10/ChangeLog =================================================================== --- trunk/g10/ChangeLog 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/g10/ChangeLog 2008-11-18 18:01:03 UTC (rev 4876) @@ -1,3 +1,11 @@ +2008-11-18 Werner Koch + + * gpg.c (build_lib_list): Remove. + (make_libversion): New. + (my_strusage): Use it. + * gpgv.c (make_libversion): New. + (my_strusage): Print libgcrypt version. + 2008-11-13 Werner Koch * gpgv.c: Use new ARGPARSE macros and re-indent. Modified: trunk/scd/ChangeLog =================================================================== --- trunk/scd/ChangeLog 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/scd/ChangeLog 2008-11-18 18:01:03 UTC (rev 4876) @@ -1,3 +1,8 @@ +2008-11-18 Werner Koch + + * scdaemon.c (make_libversion): New. + (my_strusage): Print libgcrypt and libksba version. + 2008-11-03 Werner Koch * command.c (server_local_s): Add field DISCONNECT_ALLOWED. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/sm/ChangeLog 2008-11-18 18:01:03 UTC (rev 4876) @@ -1,3 +1,9 @@ +2008-11-18 Werner Koch + + * gpgsm.c (make_libversion): New. + (my_strusage): Use new fucntion. + (build_lib_list): Remove. + 2008-11-13 Werner Koch * gpgsm.c: Remove all unused options. Use ARGPARSE macros. Modified: trunk/agent/gpg-agent.c =================================================================== --- trunk/agent/gpg-agent.c 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/agent/gpg-agent.c 2008-11-18 18:01:03 UTC (rev 4876) @@ -280,11 +280,30 @@ Functions. */ +static char * +make_libversion (const char *libname, const char *(*getfnc)(const char*)) +{ + const char *s; + char *result; + + if (maybe_setuid) + { + gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); + result = xmalloc (strlen (libname) + 1 + strlen (s) + 1); + strcpy (stpcpy (stpcpy (result, libname), " "), s); + return result; +} + static const char * my_strusage (int level) { + static char *ver_gcry; const char *p; + switch (level) { case 11: p = "gpg-agent (GnuPG)"; @@ -293,6 +312,12 @@ case 17: p = PRINTABLE_OS_NAME; break; case 19: p = _("Please report bugs to <" PACKAGE_BUGREPORT ">.\n"); break; + case 20: + if (!ver_gcry) + ver_gcry = make_libversion ("libgcrypt", gcry_check_version); + p = ver_gcry; + break; + case 1: case 40: p = _("Usage: gpg-agent [options] (-h for help)"); break; Modified: trunk/g10/gpg.c =================================================================== --- trunk/g10/gpg.c 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/g10/gpg.c 2008-11-18 18:01:03 UTC (rev 4876) @@ -766,7 +766,6 @@ static char *build_list( const char *text, char letter, const char *(*mapf)(int), int (*chkf)(int) ); -static char *build_lib_list (const char *text); static void set_cmd( enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd ); static void print_mds( const char *fname, int algo ); @@ -776,11 +775,30 @@ static void emergency_cleanup (void); +static char * +make_libversion (const char *libname, const char *(*getfnc)(const char*)) +{ + const char *s; + char *result; + + if (maybe_setuid) + { + gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); + result = xmalloc (strlen (libname) + 1 + strlen (s) + 1); + strcpy (stpcpy (stpcpy (result, libname), " "), s); + return result; +} + + static const char * my_strusage( int level ) { - static char *digests, *pubkeys, *ciphers, *zips, *libs; - const char *p; + static char *digests, *pubkeys, *ciphers, *zips, *ver_gcry; + const char *p; + switch( level ) { case 11: p = "gpg (GnuPG)"; break; @@ -790,14 +808,20 @@ _("Please report bugs to .\n"); break; + case 20: + if (!ver_gcry) + ver_gcry = make_libversion ("libgcrypt", gcry_check_version); + p = ver_gcry; + break; + #ifdef IS_DEVELOPMENT_VERSION - case 20: + case 25: p="NOTE: THIS IS A DEVELOPMENT VERSION!"; break; - case 21: + case 26: p="It is only intended for test purposes and should NOT be"; break; - case 22: + case 27: p="used in a production environment or with production keys!"; break; #endif @@ -847,11 +871,6 @@ check_compress_algo); p = zips; break; - case 38: - if (!libs) - libs = build_lib_list(_("Used libraries:")); - p = libs; - break; default: p = NULL; } @@ -914,46 +933,6 @@ } -static char * -build_lib_list (const char *text) -{ - struct { const char *name; const char *version; } array[3]; - int idx; - size_t n; - char *list, *p; - - if (maybe_setuid) - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - - idx = 0; - array[idx].name = "gcrypt"; - array[idx++].version = gcry_check_version (NULL); - array[idx].name = NULL; - array[idx++].version = NULL; - - n = strlen (text) + 1; - for (idx=0; array[idx].name; idx++) - { - n += 2 + strlen (array[idx].name); - if (array[idx].version) - n += 1 + strlen (array[idx].version) + 1; - } - n++; - list = xmalloc (n+1); - p = stpcpy (stpcpy (list, text), " "); - for (idx=0; array[idx].name; idx++) - { - if (idx) - p = stpcpy (p, ", "); - p = stpcpy (p, array[idx].name); - if (array[idx].version) - p = stpcpy (stpcpy (stpcpy (p, "("), array[idx].version), ")"); - } - strcpy (p, "\n"); - return list; -} - - static void wrong_args( const char *text) { Modified: trunk/g10/gpgv.c =================================================================== --- trunk/g10/gpgv.c 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/g10/gpgv.c 2008-11-18 18:01:03 UTC (rev 4876) @@ -87,10 +87,24 @@ int g10_errors_seen = 0; +static char * +make_libversion (const char *libname, const char *(*getfnc)(const char*)) +{ + const char *s; + char *result; + + s = getfnc (NULL); + result = xmalloc (strlen (libname) + 1 + strlen (s) + 1); + strcpy (stpcpy (stpcpy (result, libname), " "), s); + return result; +} + static const char * my_strusage( int level ) { + static char *ver_gcry; const char *p; + switch (level) { case 11: p = "gpgv (GnuPG)"; @@ -106,6 +120,13 @@ "Check signatures against known trusted keys\n"); break; + case 20: + if (!ver_gcry) + ver_gcry = make_libversion ("libgcrypt", gcry_check_version); + p = ver_gcry; + break; + + default: p = NULL; } return p; Modified: trunk/scd/scdaemon.c =================================================================== --- trunk/scd/scdaemon.c 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/scd/scdaemon.c 2008-11-18 18:01:03 UTC (rev 4876) @@ -200,10 +200,30 @@ +static char * +make_libversion (const char *libname, const char *(*getfnc)(const char*)) +{ + const char *s; + char *result; + + if (maybe_setuid) + { + gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); + result = xmalloc (strlen (libname) + 1 + strlen (s) + 1); + strcpy (stpcpy (stpcpy (result, libname), " "), s); + return result; +} + + static const char * my_strusage (int level) { + static char *ver_gcry, *ver_ksba; const char *p; + switch (level) { case 11: p = "scdaemon (GnuPG)"; @@ -212,6 +232,16 @@ case 17: p = PRINTABLE_OS_NAME; break; case 19: p = _("Please report bugs to <" PACKAGE_BUGREPORT ">.\n"); break; + case 20: + if (!ver_gcry) + ver_gcry = make_libversion ("libgcrypt", gcry_check_version); + p = ver_gcry; + break; + case 21: + if (!ver_ksba) + ver_ksba = make_libversion ("libksba", ksba_check_version); + p = ver_ksba; + break; case 1: case 40: p = _("Usage: scdaemon [options] (-h for help)"); break; Modified: trunk/sm/gpgsm.c =================================================================== --- trunk/sm/gpgsm.c 2008-11-18 17:15:07 UTC (rev 4875) +++ trunk/sm/gpgsm.c 2008-11-18 18:01:03 UTC (rev 4876) @@ -413,7 +413,6 @@ static char *build_list (const char *text, const char *(*mapf)(int), int (*chkf)(int)); -static char *build_lib_list (const char *text); static void set_cmd (enum cmd_and_opt_values *ret_cmd, enum cmd_and_opt_values new_cmd ); @@ -479,10 +478,29 @@ } +static char * +make_libversion (const char *libname, const char *(*getfnc)(const char*)) +{ + const char *s; + char *result; + + if (maybe_setuid) + { + gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ + maybe_setuid = 0; + } + s = getfnc (NULL); + result = xmalloc (strlen (libname) + 1 + strlen (s) + 1); + strcpy (stpcpy (stpcpy (result, libname), " "), s); + return result; +} + + static const char * my_strusage( int level ) { - static char *digests, *pubkeys, *ciphers, *libs; + static char *digests, *pubkeys, *ciphers; + static char *ver_gcry, *ver_ksba; const char *p; switch (level) @@ -502,6 +520,17 @@ "default operation depends on the input data\n"); break; + case 20: + if (!ver_gcry) + ver_gcry = make_libversion ("libgcrypt", gcry_check_version); + p = ver_gcry; + break; + case 21: + if (!ver_ksba) + ver_ksba = make_libversion ("libksba", ksba_check_version); + p = ver_ksba; + break; + case 31: p = "\nHome: "; break; case 32: p = opt.homedir; break; case 33: p = _("\nSupported algorithms:\n"); break; @@ -522,11 +551,6 @@ digests = build_list("Hash: ", gcry_md_algo_name, our_md_test_algo ); p = digests; break; - case 38: - if (!libs) - libs = build_lib_list(_("Used libraries:")); - p = libs; - break; default: p = NULL; break; } @@ -566,50 +590,7 @@ return list; } -static char * -build_lib_list (const char *text) -{ - struct { const char *name; const char *version; } array[5]; - int idx; - size_t n; - char *list, *p; - if (maybe_setuid) - gcry_control (GCRYCTL_INIT_SECMEM, 0, 0); /* Drop setuid. */ - - idx = 0; - array[idx].name = "gcrypt"; - array[idx++].version = gcry_check_version (NULL); - array[idx].name = "ksba"; - array[idx++].version = ksba_check_version (NULL); - array[idx].name = "assuan"; - array[idx++].version = GNUPG_LIBASSUAN_VERSION; - array[idx].name = NULL; - array[idx++].version = NULL; - - n = strlen (text) + 1; - for (idx=0; array[idx].name; idx++) - { - n += 2 + strlen (array[idx].name); - if (array[idx].version) - n += 1 + strlen (array[idx].version) + 1; - } - n++; - list = xmalloc (n+1); - p = stpcpy (stpcpy (list, text), " "); - for (idx=0; array[idx].name; idx++) - { - if (idx) - p = stpcpy (p, ", "); - p = stpcpy (p, array[idx].name); - if (array[idx].version) - p = stpcpy (stpcpy (stpcpy (p, "("), array[idx].version), ")"); - } - strcpy (p, "\n"); - return list; -} - - /* Set the file pointer into binary mode if required. */ static void set_binary (FILE *fp) @@ -939,7 +920,7 @@ } - /* initialize the secure memory. */ + /* Initialize the secure memory. */ gcry_control (GCRYCTL_INIT_SECMEM, 16384, 0); maybe_setuid = 0; From cvs at cvs.gnupg.org Tue Nov 18 19:17:10 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 18 Nov 2008 19:17:10 +0100 Subject: [svn] GnuPG - r4877 - branches/STABLE-BRANCH-1-4/keyserver Message-ID: Author: wk Date: 2008-11-18 19:17:10 +0100 (Tue, 18 Nov 2008) New Revision: 4877 Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c Log: Make --version close to GNU standards. Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2008-11-18 18:01:03 UTC (rev 4876) +++ branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2008-11-18 18:17:10 UTC (rev 4877) @@ -1,3 +1,9 @@ +2008-11-18 Werner Koch + + * gpgkeys_curl.c (main): Print curl version according to GNU standards. + * gpgkeys_hkp.c (main): Ditto. + * curl-shim.h (curl_is_gnupg_curl_shim): New. + 2008-11-18 David Shaw * curl-shim.h (curl_version): No need to provide a version for Modified: branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h 2008-11-18 18:01:03 UTC (rev 4876) +++ branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h 2008-11-18 18:17:10 UTC (rev 4877) @@ -83,6 +83,8 @@ #define CURL_GLOBAL_DEFAULT 0 #define CURLVERSION_NOW 0 +#define curl_is_gnupg_curl_shim 1 + CURLcode curl_global_init(long flags); void curl_global_cleanup(void); CURL *curl_easy_init(void); Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2008-11-18 18:01:03 UTC (rev 4876) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2008-11-18 18:17:10 UTC (rev 4877) @@ -124,7 +124,10 @@ /* Kludge to implement standard GNU options. */ if (argc > 1 && !strcmp (argv[1], "--version")) { - printf("gpgkeys_curl (GnuPG) "VERSION" (uses %s)\n",curl_version()); + printf ("gpgkeys_curl (GnuPG) %s\n", VERSION); +#ifndef curl_is_gnupg_curl_shim + printf ("libcurl %s\n", curl_version()); +#endif /*curl_is_gnupg_curl_shim*/ return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2008-11-18 18:01:03 UTC (rev 4876) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2008-11-18 18:17:10 UTC (rev 4877) @@ -517,7 +517,10 @@ /* Kludge to implement standard GNU options. */ if (argc > 1 && !strcmp (argv[1], "--version")) { - printf("gpgkeys_hkp (GnuPG) "VERSION" (uses %s)\n",curl_version()); + printf ("gpgkeys_hkp (GnuPG) %s\n", VERSION); +#ifndef curl_is_gnupg_curl_shim + printf ("libcurl %s\n", curl_version()); +#endif /*curl_is_gnupg_curl_shim*/ return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) From cvs at cvs.gnupg.org Tue Nov 18 19:43:13 2008 From: cvs at cvs.gnupg.org (svn author dshaw) Date: Tue, 18 Nov 2008 19:43:13 +0100 Subject: [svn] GnuPG - r4878 - branches/STABLE-BRANCH-1-4/keyserver Message-ID: Author: dshaw Date: 2008-11-18 19:43:13 +0100 (Tue, 18 Nov 2008) New Revision: 4878 Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c Log: * curl-shim.h, gpgkeys_curl.c, gpgkeys_hkp.c (main): Always show curl version (even for curl-shim). Modified: branches/STABLE-BRANCH-1-4/keyserver/ChangeLog =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2008-11-18 18:17:10 UTC (rev 4877) +++ branches/STABLE-BRANCH-1-4/keyserver/ChangeLog 2008-11-18 18:43:13 UTC (rev 4878) @@ -1,3 +1,8 @@ +2008-11-18 David Shaw + + * curl-shim.h, gpgkeys_curl.c, gpgkeys_hkp.c (main): Always show + curl version (even for curl-shim). + 2008-11-18 Werner Koch * gpgkeys_curl.c (main): Print curl version according to GNU standards. Modified: branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h 2008-11-18 18:17:10 UTC (rev 4877) +++ branches/STABLE-BRANCH-1-4/keyserver/curl-shim.h 2008-11-18 18:43:13 UTC (rev 4878) @@ -1,5 +1,5 @@ /* curl-shim.h - * Copyright (C) 2005, 2006, 2007 Free Software Foundation, Inc. + * Copyright (C) 2005, 2006, 2007, 2008 Free Software Foundation, Inc. * * This file is part of GNUPG. * @@ -83,8 +83,6 @@ #define CURL_GLOBAL_DEFAULT 0 #define CURLVERSION_NOW 0 -#define curl_is_gnupg_curl_shim 1 - CURLcode curl_global_init(long flags); void curl_global_cleanup(void); CURL *curl_easy_init(void); Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2008-11-18 18:17:10 UTC (rev 4877) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_curl.c 2008-11-18 18:43:13 UTC (rev 4878) @@ -125,9 +125,7 @@ if (argc > 1 && !strcmp (argv[1], "--version")) { printf ("gpgkeys_curl (GnuPG) %s\n", VERSION); -#ifndef curl_is_gnupg_curl_shim - printf ("libcurl %s\n", curl_version()); -#endif /*curl_is_gnupg_curl_shim*/ + printf ("Uses: %s\n", curl_version()); return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) Modified: branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c =================================================================== --- branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2008-11-18 18:17:10 UTC (rev 4877) +++ branches/STABLE-BRANCH-1-4/keyserver/gpgkeys_hkp.c 2008-11-18 18:43:13 UTC (rev 4878) @@ -518,9 +518,7 @@ if (argc > 1 && !strcmp (argv[1], "--version")) { printf ("gpgkeys_hkp (GnuPG) %s\n", VERSION); -#ifndef curl_is_gnupg_curl_shim - printf ("libcurl %s\n", curl_version()); -#endif /*curl_is_gnupg_curl_shim*/ + printf ("Uses: %s\n", curl_version()); return 0; } else if (argc > 1 && !strcmp (argv[1], "--help")) From cvs at cvs.gnupg.org Wed Nov 19 14:52:49 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 19 Nov 2008 14:52:49 +0100 Subject: [svn] gcry - r1357 - trunk/cipher Message-ID: Author: wk Date: 2008-11-19 14:52:48 +0100 (Wed, 19 Nov 2008) New Revision: 1357 Modified: trunk/cipher/ChangeLog trunk/cipher/rsa.c Log: Minor cleanups. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-07 16:07:02 UTC (rev 1356) +++ trunk/cipher/ChangeLog 2008-11-19 13:52:48 UTC (rev 1357) @@ -1,3 +1,8 @@ +2008-11-19 Werner Koch + + * rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding. + (generate): Rename to generate_std. + 2008-11-05 Werner Koch * md.c (md_open): Use a switch to set the Bsize. Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2008-11-07 16:07:02 UTC (rev 1356) +++ trunk/cipher/rsa.c 2008-11-19 13:52:48 UTC (rev 1357) @@ -85,9 +85,6 @@ static int test_keys (RSA_secret_key *sk, unsigned nbits); -static gpg_err_code_t generate (RSA_secret_key *sk, - unsigned int nbits, unsigned long use_e, - int transient_key); static int check_secret_key (RSA_secret_key *sk); static void public (gcry_mpi_t output, gcry_mpi_t input, RSA_public_key *skey); static void secret (gcry_mpi_t output, gcry_mpi_t input, RSA_secret_key *skey); @@ -181,8 +178,8 @@ * Returns: 2 structures filled with all needed values */ static gpg_err_code_t -generate (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, - int transient_key) +generate_std (RSA_secret_key *sk, unsigned int nbits, unsigned long use_e, + int transient_key) { gcry_mpi_t p, q; /* the two primes */ gcry_mpi_t d; /* the private key */ @@ -548,8 +545,8 @@ (void)name; (void)domain; - ec = generate (&sk, nbits, use_e, - !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) ); + ec = generate_std (&sk, nbits, use_e, + !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) ); if (!ec) { skey[0] = sk.n; @@ -661,12 +658,14 @@ /* Initialize blinding. */ /* First, we need a random number r between 0 and n - 1, which - is relatively prime to n (i.e. it is neither p nor q). */ + is relatively prime to n (i.e. it is neither p nor q). The + random number needs to be only unpredictable, thus we employ + the gcry_create_nonce function by using GCRY_WEAK_RANDOM with + gcry_mpi_randomize. */ r = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n)); ri = gcry_mpi_snew (gcry_mpi_get_nbits (sk.n)); - gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), - GCRY_STRONG_RANDOM); + gcry_mpi_randomize (r, gcry_mpi_get_nbits (sk.n), GCRY_WEAK_RANDOM); gcry_mpi_mod (r, r, sk.n); /* Calculate inverse of r. It practically impossible that the From cvs at cvs.gnupg.org Thu Nov 20 14:08:27 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 20 Nov 2008 14:08:27 +0100 Subject: [svn] GnuPG - r4879 - trunk/jnlib Message-ID: Author: wk Date: 2008-11-20 14:08:26 +0100 (Thu, 20 Nov 2008) New Revision: 4879 Modified: trunk/jnlib/ChangeLog trunk/jnlib/argparse.c Log: Fix last change. Modified: trunk/jnlib/ChangeLog =================================================================== --- trunk/jnlib/ChangeLog 2008-11-18 18:43:13 UTC (rev 4878) +++ trunk/jnlib/ChangeLog 2008-11-20 13:08:26 UTC (rev 4879) @@ -1,3 +1,7 @@ +2008-11-20 Werner Koch + + * argparse.c (arg_parse): Fix last change. + 2008-11-11 Werner Koch * argparse.h: Add a bunch of macros and constants. Modified: trunk/jnlib/argparse.c =================================================================== --- trunk/jnlib/argparse.c 2008-11-18 18:43:13 UTC (rev 4878) +++ trunk/jnlib/argparse.c 2008-11-20 13:08:26 UTC (rev 4879) @@ -585,7 +585,7 @@ s = *argv; arg->internal.last = s; - if (arg->internal.stopped && (arg->flags & ARGPARSE_FLAG_KEEP)) + if (arg->internal.stopped && (arg->flags & ARGPARSE_FLAG_ALL)) { arg->r_opt = ARGPARSE_IS_ARG; /* Not an option but an argument. */ arg->r_type = 2; @@ -603,7 +603,7 @@ char *argpos; arg->internal.inarg = 0; - if (!s[2] && !(arg->flags & ARGPARSE_FLAG_MIXED)) + if (!s[2] && !(arg->flags & ARGPARSE_FLAG_NOSTOP)) { /* Stop option processing. */ arg->internal.stopped = 1; @@ -786,7 +786,7 @@ argc--; argv++; idx++; } } - else if ( arg->flags & ARGPARSE_FLAG_ALL ) + else if ( arg->flags & ARGPARSE_FLAG_MIXED ) { arg->r_opt = ARGPARSE_IS_ARG; arg->r_type = 2; From cvs at cvs.gnupg.org Thu Nov 20 17:26:40 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 20 Nov 2008 17:26:40 +0100 Subject: [svn] GnuPG - r4880 - in trunk: . kbx sm Message-ID: Author: wk Date: 2008-11-20 17:26:40 +0100 (Thu, 20 Nov 2008) New Revision: 4880 Modified: trunk/NEWS trunk/kbx/ChangeLog trunk/kbx/keybox-file.c trunk/kbx/keybox-update.c trunk/sm/ChangeLog Log: Fixed a temporary file name collision between gpg and gpgsm under Windows. Modified: trunk/kbx/ChangeLog =================================================================== --- trunk/kbx/ChangeLog 2008-11-20 13:08:26 UTC (rev 4879) +++ trunk/kbx/ChangeLog 2008-11-20 16:26:40 UTC (rev 4880) @@ -1,3 +1,8 @@ +2008-11-20 Werner Koch + + * keybox-update.c (create_tmp_file) [USE_ONLY_8DOT3]: Use other + suffixes to avoid conflicts with gpg uses filenames. + 2008-11-11 Werner Koch * Makefile.am (kbxutil_LDADD): Change order of libs. Modified: trunk/sm/ChangeLog =================================================================== --- trunk/sm/ChangeLog 2008-11-20 13:08:26 UTC (rev 4879) +++ trunk/sm/ChangeLog 2008-11-20 16:26:40 UTC (rev 4880) @@ -1,7 +1,7 @@ 2008-11-18 Werner Koch * gpgsm.c (make_libversion): New. - (my_strusage): Use new fucntion. + (my_strusage): Use new function. (build_lib_list): Remove. 2008-11-13 Werner Koch Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-20 13:08:26 UTC (rev 4879) +++ trunk/NEWS 2008-11-20 16:26:40 UTC (rev 4880) @@ -38,6 +38,9 @@ * [w32] The gnupg2.nls directory is not anymore used. The standard locale directory is now used. + * [w32] Fixed a race condition bteween gpg and gpgsm in the use of + temporary file names. + * The gpg-preset-passphrase mechanism works again. * Admin PINs are cached again (bug in 2.0.9). Modified: trunk/kbx/keybox-file.c =================================================================== --- trunk/kbx/keybox-file.c 2008-11-20 13:08:26 UTC (rev 4879) +++ trunk/kbx/keybox-file.c 2008-11-20 16:26:40 UTC (rev 4880) @@ -1,4 +1,4 @@ -/* keybox-file.c - file oeprations +/* keybox-file.c - File operations * Copyright (C) 2001, 2003 Free Software Foundation, Inc. * * This file is part of GnuPG. Modified: trunk/kbx/keybox-update.c =================================================================== --- trunk/kbx/keybox-update.c 2008-11-20 13:08:26 UTC (rev 4879) +++ trunk/kbx/keybox-update.c 2008-11-20 16:26:40 UTC (rev 4880) @@ -75,7 +75,9 @@ /* Here is another Windoze bug?: * you cant rename("pubring.kbx.tmp", "pubring.kbx"); * but rename("pubring.kbx.tmp", "pubring.aaa"); - * works. So we replace .kbx by .bak or .tmp + * works. So we replace ".kbx" by ".kb_" or ".k__". Note that we + * can't use ".bak" and ".tmp", because these suffixes are used by + * gpg and would lead to a sharing violation or data corruption. */ if (strlen (template) > 4 && !strcmp (template+strlen(template)-4, EXTSEP_S "kbx") ) @@ -84,7 +86,7 @@ if (!bakfname) return gpg_error_from_syserror (); strcpy (bakfname, template); - strcpy (bakfname+strlen(template)-4, EXTSEP_S "bak"); + strcpy (bakfname+strlen(template)-4, EXTSEP_S "kb_"); tmpfname = xtrymalloc (strlen (template) + 1); if (!tmpfname) @@ -94,14 +96,15 @@ return tmperr; } strcpy (tmpfname,template); - strcpy (tmpfname + strlen (template)-4, EXTSEP_S "tmp"); + strcpy (tmpfname + strlen (template)-4, EXTSEP_S "k__"); } else - { /* File does not end with kbx; hmmm. */ + { /* File does not end with kbx, thus we hope we are working on a + modern file system and appending a suffix works. */ bakfname = xtrymalloc ( strlen (template) + 5); if (!bakfname) return gpg_error_from_syserror (); - strcpy (stpcpy (bakfname, template), EXTSEP_S "bak"); + strcpy (stpcpy (bakfname, template), EXTSEP_S "kb_"); tmpfname = xtrymalloc ( strlen (template) + 5); if (!tmpfname) @@ -110,7 +113,7 @@ xfree (bakfname); return tmperr; } - strcpy (stpcpy (tmpfname, template), EXTSEP_S "tmp"); + strcpy (stpcpy (tmpfname, template), EXTSEP_S "k__"); } # else /* Posix file names */ bakfname = xtrymalloc (strlen (template) + 2); From cvs at cvs.gnupg.org Thu Nov 20 22:54:47 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Thu, 20 Nov 2008 22:54:47 +0100 Subject: [svn] GnuPG - r4881 - trunk/common Message-ID: Author: wk Date: 2008-11-20 22:54:47 +0100 (Thu, 20 Nov 2008) New Revision: 4881 Modified: trunk/common/ChangeLog trunk/common/audit.c Log: Translate the oktext (yes/no). Modified: trunk/common/ChangeLog =================================================================== --- trunk/common/ChangeLog 2008-11-20 16:26:40 UTC (rev 4880) +++ trunk/common/ChangeLog 2008-11-20 21:54:47 UTC (rev 4881) @@ -1,3 +1,7 @@ +2008-11-20 Werner Koch + + * audit.c (writeout_li): Translate OKTEXT. + 2008-11-04 Werner Koch * i18n.c (i18n_init) [USE_SIMPLE_GETTEXT]: Adjust for changed Modified: trunk/common/audit.c =================================================================== --- trunk/common/audit.c 2008-11-20 16:26:40 UTC (rev 4880) +++ trunk/common/audit.c 2008-11-20 21:54:47 UTC (rev 4881) @@ -457,6 +457,14 @@ color = "red"; } + if (format && oktext) + { + if (!strcmp (oktext, "Yes")) + oktext = _("Yes"); + else if (!strcmp (oktext, "No")) + oktext = _("No"); + } + if (ctx->use_html) { int i; From cvs at cvs.gnupg.org Sun Nov 23 19:09:57 2008 From: cvs at cvs.gnupg.org (svn author mo) Date: Sun, 23 Nov 2008 19:09:57 +0100 Subject: [svn] gpgme - r1347 - trunk/lang/cl Message-ID: Author: mo Date: 2008-11-23 19:09:57 +0100 (Sun, 23 Nov 2008) New Revision: 1347 Modified: trunk/lang/cl/ChangeLog trunk/lang/cl/gpgme.lisp Log: 2008-11-08 Moritz * gpgme.lisp (size-t): Wrong call to defctype: function accepts optional, not keyword argument. (ssize-t): Likewise. (off-t): Likewise. (gpgme-data-t, gpgme-ctx-t): Likewise. (gpgme-error-t): Likewise. (gpgme-error-no-signal-t): Likewise. (gpgme-err-code-t): Likewise. (gpgme-err-source-t): Likewise. (gpgme-sig-notation-t, gpgme-engine-info-t): Likewise. (gpgme-subkey-t): Likewise. (gpgme-key-sig-t): Likewise. (gpgme-user-id-t): Likewise. (gpgme-key-t): Likewise. (gpgme-data-cbs-t): Likewise. (gpgme-invalid-key-t): Likewise. (gpgme-op-encrypt-result-t): Likewise. (gpgme-recipient-t): Likewise. (gpgme-op-decrypt-result-t): Likewise. (gpgme-new-signature-t): Likewise. (gpgme-op-sign-result-t): Likewise. (gpgme-signature-t): Likewise. (gpgme-op-verify-result-t): Likewise. (gpgme-import-status-t): Likewise. (gpgme-op-import-result-t): Likewise. (gpgme-op-genkey-result-t): Likewise. (gpgme-op-keylist-result-t): Likewise. Modified: trunk/lang/cl/ChangeLog =================================================================== --- trunk/lang/cl/ChangeLog 2008-11-18 11:12:36 UTC (rev 1346) +++ trunk/lang/cl/ChangeLog 2008-11-23 18:09:57 UTC (rev 1347) @@ -1,3 +1,33 @@ +2008-11-08 Moritz + + * gpgme.lisp (size-t): Wrong call to defctype: function accepts + optional, not keyword argument. + (ssize-t): Likewise. + (off-t): Likewise. + (gpgme-data-t, gpgme-ctx-t): Likewise. + (gpgme-error-t): Likewise. + (gpgme-error-no-signal-t): Likewise. + (gpgme-err-code-t): Likewise. + (gpgme-err-source-t): Likewise. + (gpgme-sig-notation-t, gpgme-engine-info-t): Likewise. + (gpgme-subkey-t): Likewise. + (gpgme-key-sig-t): Likewise. + (gpgme-user-id-t): Likewise. + (gpgme-key-t): Likewise. + (gpgme-data-cbs-t): Likewise. + (gpgme-invalid-key-t): Likewise. + (gpgme-op-encrypt-result-t): Likewise. + (gpgme-recipient-t): Likewise. + (gpgme-op-decrypt-result-t): Likewise. + (gpgme-new-signature-t): Likewise. + (gpgme-op-sign-result-t): Likewise. + (gpgme-signature-t): Likewise. + (gpgme-op-verify-result-t): Likewise. + (gpgme-import-status-t): Likewise. + (gpgme-op-import-result-t): Likewise. + (gpgme-op-genkey-result-t): Likewise. + (gpgme-op-keylist-result-t): Likewise. + 2006-07-06 Marcus Brinkmann * Initial release. Modified: trunk/lang/cl/gpgme.lisp =================================================================== --- trunk/lang/cl/gpgme.lisp 2008-11-18 11:12:36 UTC (rev 1346) +++ trunk/lang/cl/gpgme.lisp 2008-11-23 18:09:57 UTC (rev 1347) @@ -40,18 +40,15 @@ ; FIXME: Use cffi-grovel? cffi-unix? -(defctype size-t :unsigned-int - :documentation "The system size_t type.") +(defctype size-t :unsigned-int "The system size_t type.") -(defctype ssize-t :int - :documentation "The system ssize_t type.") +(defctype ssize-t :int "The system ssize_t type.") ; FIXME: Ouch. Grovel? Helper function? (defconstant +seek-set+ 0) (defconstant +seek-cur+ 1) (defconstant +seek-end+ 2) -(defctype off-t :long-long - :documentation "The system off_t type.") +(defctype off-t :long-long "The system off_t type.") (defcfun ("strerror" c-strerror) :string (err :int)) @@ -110,26 +107,22 @@ ;;; Some opaque data types used by GPGME. -(defctype gpgme-ctx-t :pointer - :documentation "The GPGME context type.") +(defctype gpgme-ctx-t :pointer "The GPGME context type.") -(defctype gpgme-data-t :pointer - :documentation "The GPGME data object type.") +(defctype gpgme-data-t :pointer "The GPGME data object type.") ;;; Wrappers for the libgpg-error library. -(defctype gpgme-error-t gpg-error::gpg-error-t - :documentation "The GPGME error type.") +(defctype gpgme-error-t gpg-error::gpg-error-t "The GPGME error type.") (defctype gpgme-error-no-signal-t gpg-error::gpg-error-t - :documentation "The GPGME error type (this version does not - signal conditions in translation.") + "The GPGME error type (this version does not signal conditions in translation.") (defctype gpgme-err-code-t gpg-error::gpg-err-code-t - :documentation "The GPGME error code type.") + "The GPGME error code type.") (defctype gpgme-err-source-t gpg-error::gpg-err-source-t - :documentation "The GPGME error source type.") + "The GPGME error source type.") (defun gpgme-err-make (source code) "Construct an error value from an error code and source." @@ -251,7 +244,7 @@ (:critical 2)) (defctype gpgme-sig-notation-t :pointer - :documentation "Signature notation pointer type.") + "Signature notation pointer type.") ;; FIXME: Doesn't this depend on endianess? (defbitfield (gpgme-sig-notation-bitfield :unsigned-int) @@ -279,7 +272,7 @@ ;;; (defctype gpgme-engine-info-t :pointer - :documentation "The engine information structure pointer type.") + "The engine information structure pointer type.") (defcstruct gpgme-engine-info "Engine information." @@ -292,8 +285,7 @@ ;;; -(defctype gpgme-subkey-t :pointer - :documentation "A subkey from a key.") +(defctype gpgme-subkey-t :pointer "A subkey from a key.") ;; FIXME: Doesn't this depend on endianess? (defbitfield (gpgme-subkey-bitfield :unsigned-int) @@ -323,7 +315,7 @@ (defctype gpgme-key-sig-t :pointer - :documentation "A signature on a user ID.") + "A signature on a user ID.") ;; FIXME: Doesn't this depend on endianess? (defbitfield (gpgme-key-sig-bitfield :unsigned-int) @@ -352,7 +344,7 @@ (defctype gpgme-user-id-t :pointer - :documentation "A user ID from a key.") + "A user ID from a key.") ;; FIXME: Doesn't this depend on endianess? (defbitfield (gpgme-user-id-bitfield :unsigned-int) @@ -374,7 +366,7 @@ (defctype gpgme-key-t :pointer - :documentation "A key from the keyring.") + "A key from the keyring.") ;; FIXME: Doesn't this depend on endianess? (defbitfield (gpgme-key-bitfield :unsigned-int) @@ -603,7 +595,7 @@ (release gpgme-data-release-cb-t)) (defctype gpgme-data-cbs-t :pointer - :documentation "Data callbacks pointer.") + "Data callbacks pointer.") (defcfun ("gpgme_data_read" c-gpgme-data-read) ssize-t (dh gpgme-data-t) @@ -702,7 +694,7 @@ ;;; (defctype gpgme-invalid-key-t :pointer - :documentation "An invalid key structure.") + "An invalid key structure.") (defcstruct gpgme-invalid-key "An invalid key structure." @@ -717,7 +709,7 @@ (invalid-recipients gpgme-invalid-key-t)) (defctype gpgme-op-encrypt-result-t :pointer - :documentation "An encryption result structure.") + "An encryption result structure.") (defcfun ("gpgme_op_encrypt_result" c-gpgme-op-encrypt-result) gpgme-op-encrypt-result-t @@ -758,7 +750,7 @@ ;;; Decryption. (defctype gpgme-recipient-t :pointer - :documentation "A recipient structure.") + "A recipient structure.") (defcstruct gpgme-recipient "Recipient structure." @@ -780,7 +772,7 @@ (file-name :string)) (defctype gpgme-op-decrypt-result-t :pointer - :documentation "A decryption result structure.") + "A decryption result structure.") (defcfun ("gpgme_op_decrypt_result" c-gpgme-op-decrypt-result) gpgme-op-decrypt-result-t @@ -810,7 +802,7 @@ ;;; Signing. (defctype gpgme-new-signature-t :pointer - :documentation "A new signature structure.") + "A new signature structure.") (defcstruct gpgme-new-signature "New signature structure." @@ -830,7 +822,7 @@ (signatures gpgme-new-signature-t)) (defctype gpgme-op-sign-result-t :pointer - :documentation "A signing result structure.") + "A signing result structure.") (defcfun ("gpgme_op_sign_result" c-gpgme-op-sign-result) gpgme-op-sign-result-t @@ -865,7 +857,7 @@ (:sys-error #x0800)) (defctype gpgme-signature-t :pointer - :documentation "A signature structure.") + "A signature structure.") ;; FIXME: Doesn't this depend on endianess? (defbitfield (gpgme-signature-bitfield :unsigned-int) @@ -893,7 +885,7 @@ (file-name :string)) (defctype gpgme-op-verify-result-t :pointer - :documentation "A verify result structure.") + "A verify result structure.") (defcfun ("gpgme_op_verify_result" c-gpgme-op-verify-result) gpgme-op-verify-result-t @@ -922,7 +914,7 @@ (:secret #x0010)) (defctype gpgme-import-status-t :pointer - :documentation "An import status structure.") + "An import status structure.") (defcstruct gpgme-import-status "New import status structure." @@ -950,7 +942,7 @@ (imports gpgme-import-status-t)) (defctype gpgme-op-import-result-t :pointer - :documentation "An import status result structure.") + "An import status result structure.") (defcfun ("gpgme_op_import_result" c-gpgme-op-import-result) gpgme-op-import-result-t @@ -993,7 +985,7 @@ (fpr :string)) (defctype gpgme-op-genkey-result-t :pointer - :documentation "A key generation result structure.") + "A key generation result structure.") (defcfun ("gpgme_op_genkey_result" c-gpgme-op-genkey-result) gpgme-op-genkey-result-t @@ -1036,7 +1028,7 @@ (bitfield gpgme-keylist-flags-t)) (defctype gpgme-op-keylist-result-t :pointer - :documentation "A key listing result structure.") + "A key listing result structure.") (defcfun ("gpgme_op_keylist_result" c-gpgme-op-keylist-result) gpgme-op-keylist-result-t From cvs at cvs.gnupg.org Mon Nov 24 17:37:51 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Mon, 24 Nov 2008 17:37:51 +0100 Subject: [svn] gcry - r1358 - in trunk: cipher doc src tests Message-ID: Author: wk Date: 2008-11-24 17:37:50 +0100 (Mon, 24 Nov 2008) New Revision: 1358 Modified: trunk/cipher/ChangeLog trunk/cipher/dsa.c trunk/cipher/ecc.c trunk/cipher/elgamal.c trunk/cipher/primegen.c trunk/cipher/pubkey.c trunk/cipher/rsa.c trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/cipher-proto.h trunk/src/cipher.h trunk/src/g10lib.h trunk/tests/ChangeLog trunk/tests/cavs_driver.pl trunk/tests/fipsdrv.c trunk/tests/pubkey.c Log: Cleaned up the public key module calling conventions. Add a way to derive RSA keys according to X9.31. [The diff below has been truncated] Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/ChangeLog 2008-11-24 16:37:50 UTC (rev 1358) @@ -1,3 +1,38 @@ +2008-11-24 Werner Koch + + * pubkey.c (gcry_pk_genkey): Remove parsing of almost all + parameters and pass the parameter S-expression to pubkey_generate. + (pubkey_generate): Simplify by requitring modules to parse the + parameters. Remove the special cases for Elgamal and ECC. + (sexp_elements_extract_ecc): Add arg EXTRASPEC and use it. Fix + small memory leak. + (sexp_to_key): Pass EXTRASPEC to sexp_elements_extract_ecc. + (pubkey_table) [USE_ELGAMAL]: Add real extraspec. + * rsa.c (rsa_generate_ext): Adjust for new calling convention. + * dsa.c (dsa_generate_ext): Ditto. + * elgamal.c (_gcry_elg_generate): Ditto. Rename to elg_generate_ext. + (elg_generate): New. + (_gcry_elg_generate_using_x): Remove after merging code with + elg_generate_ext. + (_gcry_pubkey_extraspec_elg): New. + (_gcry_elg_check_secret_key, _gcry_elg_encrypt, _gcry_elg_sign) + (_gcry_elg_verify, _gcry_elg_get_nbits): Make static and remove + _gcry_ prefix. + * ecc.c (_gcry_ecc_generate): Rename to ecc_generate_ext and + adjust for new calling convention. + (_gcry_ecc_get_param): Rename to ecc_get_param and make static. + (_gcry_pubkey_extraspec_ecdsa): Add ecc_generate_ext and + ecc_get_param. + +2008-11-20 Werner Koch + + * pubkey.c (pubkey_generate): Add arg DERIVEPARMS. + (gcry_pk_genkey): Parse derive-parms and pass it to above. + * rsa.c (generate_x931): New. + (rsa_generate_ext): Add arg DERIVEPARMS and call new function in + fips mode or if DERIVEPARMS is given. + * primegen.c (_gcry_derive_x931_prime, find_x931_prime): New. + 2008-11-19 Werner Koch * rsa.c (rsa_decrypt): Use gcry_create_nonce for blinding. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/src/ChangeLog 2008-11-24 16:37:50 UTC (rev 1358) @@ -1,3 +1,11 @@ +2008-11-24 Werner Koch + + * cipher-proto.h (pk_ext_generate_t): Simplify. + (pk_get_param): New. + (pk_extra_spec_t): Add field GET_PARAM. + * cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): Remove. + (_gcry_pubkey_extraspec_elg): New. + 2008-11-05 Werner Koch * cipher.h (CIPHER_INFO_NO_WEAK_KEY): New. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/tests/ChangeLog 2008-11-24 16:37:50 UTC (rev 1358) @@ -1,3 +1,7 @@ +2008-11-24 Werner Koch + + * pubkey.c (check_x931_derived_key): New. + 2008-11-07 Werner Koch * fipsdrv.c (run_cipher_mct_loop, get_current_iv): New. Modified: trunk/cipher/dsa.c =================================================================== --- trunk/cipher/dsa.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/dsa.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -459,21 +459,41 @@ *********************************************/ static gcry_err_code_t -dsa_generate_ext (int algo, unsigned int nbits, unsigned int qbits, - unsigned long use_e, - const char *name, const gcry_sexp_t domain, - unsigned int keygen_flags, +dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue, + const gcry_sexp_t genparms, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { gpg_err_code_t ec; DSA_secret_key sk; + gcry_sexp_t l1; + unsigned int qbits = 0; - (void)algo; - (void)use_e; - (void)name; - (void)domain; - (void)keygen_flags; + (void)algo; /* No need to check it. */ + (void)evalue; /* Not required for DSA. */ + /* Parse the optional qbits element. */ + if (genparms) + { + l1 = gcry_sexp_find_token (genparms, "qbits", 0); + if (l1) + { + char buf[50]; + const char *s; + size_t n; + + s = gcry_sexp_nth_data (l1, 1, &n); + if (!s || n >= DIM (buf) - 1 ) + { + gcry_sexp_release (l1); + return GPG_ERR_INV_OBJ; /* No value or value too large. */ + } + memcpy (buf, s, n); + buf[n] = 0; + qbits = (unsigned int)strtoul (buf, NULL, 0); + gcry_sexp_release (l1); + } + } + ec = generate (&sk, nbits, qbits, retfactors); if (!ec) { @@ -489,11 +509,11 @@ static gcry_err_code_t -dsa_generate (int algo, unsigned int nbits, unsigned long dummy, +dsa_generate (int algo, unsigned int nbits, unsigned long evalue, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { - (void)dummy; - return dsa_generate_ext (algo, nbits, 0, 0, NULL, NULL, 0, skey, retfactors); + (void)evalue; + return dsa_generate_ext (algo, nbits, 0, NULL, skey, retfactors); } Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/ecc.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -949,35 +949,47 @@ return 0; } -/* Extended version of ecc_generate which is called directly by - pubkey.c. If CURVE is not NULL, that name will be used to select - the domain parameters. NBITS is not used in this case. */ -gcry_err_code_t -_gcry_ecc_generate (int algo, unsigned int nbits, const char *curve, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) + +/* Extended version of ecc_generate. */ +static gcry_err_code_t +ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue, + const gcry_sexp_t genparms, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) { - gpg_err_code_t err; + gpg_err_code_t ec; ECC_secret_key sk; gcry_mpi_t g_x, g_y, q_x, q_y; + char *curve_name = NULL; + gcry_sexp_t l1; (void)algo; + (void)evalue; - /* Make an empty list of factors. */ - *retfactors = gcry_calloc ( 1, sizeof **retfactors ); - if (!*retfactors) - return gpg_err_code_from_syserror (); + if (genparms) + { + /* Parse the optional "curve" parameter. */ + l1 = gcry_sexp_find_token (genparms, "curve", 0); + if (l1) + { + curve_name = _gcry_sexp_nth_string (l1, 1); + gcry_sexp_release (l1); + if (!curve_name) + return GPG_ERR_INV_OBJ; /* No curve name or value too large. */ + } + } + /* NBITS is required if no curve name has been given. */ + if (!nbits && !curve_name) + return GPG_ERR_NO_OBJ; /* No NBITS parameter. */ + g_x = mpi_new (0); g_y = mpi_new (0); q_x = mpi_new (0); q_y = mpi_new (0); - err = generate_key (&sk, nbits, curve, g_x, g_y, q_x, q_y); - if (err) - { - gcry_free (*retfactors); - *retfactors = NULL; - return err; - } + ec = generate_key (&sk, nbits, curve_name, g_x, g_y, q_x, q_y); + gcry_free (curve_name); + if (ec) + return ec; skey[0] = sk.E.p; skey[1] = sk.E.a; @@ -992,12 +1004,27 @@ point_free (&sk.E.G); point_free (&sk.Q); + /* Make an empty list of factors. */ + *retfactors = gcry_calloc ( 1, sizeof **retfactors ); + if (!*retfactors) + return gpg_err_code_from_syserror (); + return 0; } + +static gcry_err_code_t +ecc_generate (int algo, unsigned int nbits, unsigned long evalue, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) +{ + (void)evalue; + return ecc_generate_ext (algo, nbits, 0, NULL, skey, retfactors); +} + + /* Return the parameters of the curve NAME. */ -gcry_err_code_t -_gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey) +static gcry_err_code_t +ecc_get_param (const char *name, gcry_mpi_t *pkey) { gpg_err_code_t err; unsigned int nbits; @@ -1027,15 +1054,7 @@ return 0; } -static gcry_err_code_t -ecc_generate (int algo, unsigned int nbits, unsigned long dummy, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) -{ - (void)dummy; - return _gcry_ecc_generate (algo, nbits, NULL, skey, retfactors); -} - static gcry_err_code_t ecc_check_secret_key (int algo, gcry_mpi_t *skey) { @@ -1230,7 +1249,7 @@ ec = GPG_ERR_INV_OBJ; /* Name missing or out of core. */ goto leave; } - ec = _gcry_ecc_get_param (curve, tmpvalues); + ec = ecc_get_param (curve, tmpvalues); gcry_free (curve); if (ec) goto leave; @@ -1358,10 +1377,12 @@ ecc_verify, ecc_get_nbits }; + pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa = { run_selftests, - NULL, - compute_keygrip + ecc_generate_ext, + compute_keygrip, + ecc_get_param }; Modified: trunk/cipher/elgamal.c =================================================================== --- trunk/cipher/elgamal.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/elgamal.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -1,10 +1,11 @@ /* Elgamal.c - Elgamal Public Key encryption - * Copyright (C) 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. + * Copyright (C) 1998, 2000, 2001, 2002, 2003, + * 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * * Libgcrypt is free software; you can redistribute it and/or modify - * it under the terms of the GNU Lesser general Public License as + * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * @@ -14,8 +15,7 @@ * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public - * License along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + * License along with this program; if not, see . * * For a description of the algorithm, see: * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. @@ -612,50 +612,70 @@ ************** interface ****************** *********************************************/ -gcry_err_code_t -_gcry_elg_generate (int algo, unsigned int nbits, unsigned long dummy, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) +static gpg_err_code_t +elg_generate_ext (int algo, unsigned int nbits, unsigned long evalue, + const gcry_sexp_t genparms, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) { + gpg_err_code_t ec; ELG_secret_key sk; + gcry_mpi_t xvalue = NULL; + gcry_sexp_t l1; (void)algo; - (void)dummy; + (void)evalue; - generate (&sk, nbits, retfactors); + if (genparms) + { + /* Parse the optional xvalue element. */ + l1 = gcry_sexp_find_token (genparms, "xvalue", 0); + if (l1) + { + xvalue = gcry_sexp_nth_mpi (l1, 1, 0); + gcry_sexp_release (l1); + if (!xvalue) + return GPG_ERR_BAD_MPI; + } + } + + if (xvalue) + ec = generate_using_x (&sk, nbits, xvalue, retfactors); + else + { + generate (&sk, nbits, retfactors); + ec = 0; + } + skey[0] = sk.p; skey[1] = sk.g; skey[2] = sk.y; skey[3] = sk.x; - return GPG_ERR_NO_ERROR; + return ec; } -/* This is a specila generate function which is not called via the - module interface. */ -gcry_err_code_t -_gcry_elg_generate_using_x (int algo, unsigned int nbits, gcry_mpi_t x, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) +static gcry_err_code_t +elg_generate (int algo, unsigned int nbits, unsigned long evalue, + gcry_mpi_t *skey, gcry_mpi_t **retfactors) { - gcry_err_code_t ec; ELG_secret_key sk; (void)algo; + (void)evalue; - ec = generate_using_x (&sk, nbits, x, retfactors); - if (!ec) - { - skey[0] = sk.p; - skey[1] = sk.g; - skey[2] = sk.y; - skey[3] = sk.x; - } - return ec; + generate (&sk, nbits, retfactors); + skey[0] = sk.p; + skey[1] = sk.g; + skey[2] = sk.y; + skey[3] = sk.x; + + return GPG_ERR_NO_ERROR; } -gcry_err_code_t -_gcry_elg_check_secret_key (int algo, gcry_mpi_t *skey) +static gcry_err_code_t +elg_check_secret_key (int algo, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; @@ -679,9 +699,9 @@ } -gcry_err_code_t -_gcry_elg_encrypt (int algo, gcry_mpi_t *resarr, - gcry_mpi_t data, gcry_mpi_t *pkey, int flags) +static gcry_err_code_t +elg_encrypt (int algo, gcry_mpi_t *resarr, + gcry_mpi_t data, gcry_mpi_t *pkey, int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_public_key pk; @@ -704,9 +724,9 @@ } -gcry_err_code_t -_gcry_elg_decrypt (int algo, gcry_mpi_t *result, - gcry_mpi_t *data, gcry_mpi_t *skey, int flags) +static gcry_err_code_t +elg_decrypt (int algo, gcry_mpi_t *result, + gcry_mpi_t *data, gcry_mpi_t *skey, int flags) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; @@ -730,8 +750,8 @@ } -gcry_err_code_t -_gcry_elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) +static gcry_err_code_t +elg_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_secret_key sk; @@ -755,9 +775,10 @@ return err; } -gcry_err_code_t -_gcry_elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, - int (*cmp) (void *, gcry_mpi_t), void *opaquev) + +static gcry_err_code_t +elg_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey, + int (*cmp) (void *, gcry_mpi_t), void *opaquev) { gcry_err_code_t err = GPG_ERR_NO_ERROR; ELG_public_key pk; @@ -782,14 +803,15 @@ } -unsigned int -_gcry_elg_get_nbits (int algo, gcry_mpi_t *pkey) +static unsigned int +elg_get_nbits (int algo, gcry_mpi_t *pkey) { (void)algo; return mpi_get_nbits (pkey[0]); } + static const char *elg_names[] = { "elg", @@ -804,11 +826,19 @@ "ELG", elg_names, "pgy", "pgyx", "ab", "rs", "pgy", GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR, - _gcry_elg_generate, - _gcry_elg_check_secret_key, - _gcry_elg_encrypt, - _gcry_elg_decrypt, - _gcry_elg_sign, - _gcry_elg_verify, - _gcry_elg_get_nbits, + elg_generate, + elg_check_secret_key, + elg_encrypt, + elg_decrypt, + elg_sign, + elg_verify, + elg_get_nbits }; + +pk_extra_spec_t _gcry_pubkey_extraspec_elg = + { + NULL, + elg_generate_ext, + NULL + }; + Modified: trunk/cipher/primegen.c =================================================================== --- trunk/cipher/primegen.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/primegen.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -1,6 +1,6 @@ /* primegen.c - prime number generator * Copyright (C) 1998, 2000, 2001, 2002, 2003 - * 2004 Free Software Foundation, Inc. + * 2004, 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -1272,3 +1272,142 @@ gcry_free (factors); } } + + +/* Helper for _gcry_generate_x931_prime. */ +static gcry_mpi_t +find_x931_prime (const gcry_mpi_t pfirst) +{ + gcry_mpi_t val_2 = mpi_alloc_set_ui (2); + gcry_mpi_t prime; + + prime = gcry_mpi_copy (pfirst); + /* If P is even add 1. */ + mpi_set_bit (prime, 0); + + /* We use 64 Rabin-Miller rounds which is better and thus + sufficient. We do not have a Lucas test implementaion thus we + can't do it in the X9.31 preferred way of running a few + Rabin-Miller followed by one Lucas test. */ + while ( !check_prime (prime, val_2, 64, NULL, NULL) ) + mpi_add_ui (prime, prime, 2); + + mpi_free (val_2); + + return prime; +} + + +/* Generate a prime using the algorithm from X9.31 appendix B.4. + + This function requires that the provided public exponent E is odd. + XP, XP1 and XP2 are the seed values. All values are mandatory. + + On success the prime is returned. If R_P1 or R_P2 are given the + internal values P1 and P2 are saved at these addresses. On error + NULL is returned. */ +gcry_mpi_t +_gcry_derive_x931_prime (const gcry_mpi_t xp, + const gcry_mpi_t xp1, const gcry_mpi_t xp2, + const gcry_mpi_t e, + gcry_mpi_t *r_p1, gcry_mpi_t *r_p2) +{ + gcry_mpi_t p1, p2, p1p2, yp0; + + if (!xp || !xp1 || !xp2) + return NULL; + if (!e || !mpi_test_bit (e, 0)) + return NULL; /* We support only odd values for E. */ + + p1 = find_x931_prime (xp1); + p2 = find_x931_prime (xp2); + p1p2 = mpi_alloc_like (xp); + mpi_mul (p1p2, p1, p2); + + { + gcry_mpi_t r1, tmp; + + /* r1 = (p2^{-1} mod p1)p2 - (p1^{-1} mod p2) */ + tmp = mpi_alloc_like (p1); + mpi_invm (tmp, p2, p1); + mpi_mul (tmp, tmp, p2); + r1 = tmp; + + tmp = mpi_alloc_like (p2); + mpi_invm (tmp, p1, p2); + mpi_mul (tmp, tmp, p1); + mpi_sub (r1, r1, tmp); + + /* Fixup a negative value. */ + if (mpi_is_neg (r1)) + mpi_add (r1, r1, p1p2); + + /* yp0 = xp + (r1 - xp mod p1*p2) */ + yp0 = tmp; tmp = NULL; + mpi_subm (yp0, r1, xp, p1p2); + mpi_add (yp0, yp0, xp); + mpi_free (r1); + + /* Fixup a negative value. */ + if (mpi_cmp (yp0, xp) < 0 ) + mpi_add (yp0, yp0, p1p2); + } + + /* yp0 is now the first integer greater than xp with p1 being a + large prime factor of yp0-1 and p2 a large prime factor of yp0+1. */ + + /* Note that the first example from X9.31 (D.1.1) which uses + (Xq1 #1A5CF72EE770DE50CB09ACCEA9#) + (Xq2 #134E4CAA16D2350A21D775C404#) + (Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D + 7C9953388F97DDDC3E1CA19C35CA659EDC2FC325 + 6D29C2627479C086A699A49C4C9CEE7EF7BD1B34 + 321DE34A#)))) + returns an yp0 of + #CC1092495D867E64065DEE3E7955F2EBC7D47A2D + 7C9953388F97DDDC3E1CA19C35CA659EDC2FC4E3 + BF20CB896EE37E098A906313271422162CB6C642 + 75C1201F# + and not + #CC1092495D867E64065DEE3E7955F2EBC7D47A2D + 7C9953388F97DDDC3E1CA19C35CA659EDC2FC2E6 + C88FE299D52D78BE405A97E01FD71DD7819ECB91 + FA85A076# + as stated in the standard. This seems to be a bug in X9.31. + */ + + { + gcry_mpi_t val_2 = mpi_alloc_set_ui (2); + gcry_mpi_t gcdtmp = mpi_alloc_like (yp0); + int gcdres; + + mpi_sub_ui (p1p2, p1p2, 1); /* Adjust for loop body. */ + mpi_sub_ui (yp0, yp0, 1); /* Ditto. */ + for (;;) + { + gcdres = gcry_mpi_gcd (gcdtmp, e, yp0); + mpi_add_ui (yp0, yp0, 1); + if (!gcdres) + progress ('/'); /* gcd (e, yp0-1) != 1 */ + else if (check_prime (yp0, val_2, 64, NULL, NULL)) + break; /* Found. */ + /* We add p1p2-1 because yp0 is incremented after the gcd test. */ + mpi_add (yp0, yp0, p1p2); + } + mpi_free (gcdtmp); + mpi_free (val_2); + } + + mpi_free (p1p2); + + progress('\n'); + if (r_p1) + *r_p1 = p1; + else + mpi_free (p1); + if (r_p2) + *r_p2 = p2; + else + mpi_free (p2); + return yp0; +} Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/pubkey.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -64,9 +64,9 @@ #endif #if USE_ELGAMAL { &_gcry_pubkey_spec_elg, - &dummy_extra_spec, GCRY_PK_ELG }, + &_gcry_pubkey_extraspec_elg, GCRY_PK_ELG }, { &_gcry_pubkey_spec_elg, - &dummy_extra_spec, GCRY_PK_ELG_E }, + &_gcry_pubkey_extraspec_elg, GCRY_PK_ELG_E }, #endif #if USE_DSA { &_gcry_pubkey_spec_dsa, @@ -530,17 +530,18 @@ /* Generate a new public key with algorithm ALGORITHM of size NBITS - and return it at SKEY. The use of the arguments QBITS, USE_E, - XVALUE, CURVE_NAME and DOMAIN depend on the ALGORITHM. RETFACTOR - is used by some algorithms to return certain additional information - which are in general not required. + and return it at SKEY. USE_E depends on the ALGORITHM. GENPARMS + is passed to the algorithm module if it features an extended + generation function. RETFACTOR is used by some algorithms to + return certain additional information which are in general not + required. The function returns the error code number or 0 on success. */ static gcry_err_code_t -pubkey_generate (int algorithm, unsigned int nbits, unsigned int qbits, - unsigned long use_e, gcry_mpi_t xvalue, - const char *curve_name, gcry_sexp_t domain, - unsigned int keygen_flags, +pubkey_generate (int algorithm, + unsigned int nbits, + unsigned long use_e, + gcry_sexp_t genparms, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { gcry_err_code_t ec = GPG_ERR_PUBKEY_ALGO; @@ -554,44 +555,12 @@ { pk_extra_spec_t *extraspec = pubkey->extraspec; - if (keygen_flags && (!extraspec || !extraspec->ext_generate)) + if (extraspec && extraspec->ext_generate) { - /* A keygen flag has been given but the module does not - provide an ext_generate function. We don't want to - ignore such a condition as it might eventually be - security sensitive.. */ - ec = GPG_ERR_INV_FLAG; + /* Use the extended generate function. */ + ec = extraspec->ext_generate + (algorithm, nbits, use_e, genparms, skey, retfactors); } -#ifdef USE_ELGAMAL - else if (xvalue && pubkey->spec == &_gcry_pubkey_spec_elg) - { - /* Fixme: Merge this into an ext_generate fucntion. */ - ec = _gcry_elg_generate_using_x - (algorithm, nbits, xvalue, skey, retfactors); - } -#endif /*USE_ELGAMAL*/ -#ifdef USE_ECC - else if (curve_name && pubkey->spec == &_gcry_pubkey_spec_ecdsa) - { - /* Fixme: Merge this into an ext_generate fucntion. */ - ec = _gcry_ecc_generate - (algorithm, nbits, curve_name, skey, retfactors); - } -#endif /*USE_ECC*/ - else if (extraspec && extraspec->ext_generate) - { - /* Use the extended generate function if available. */ - ec = extraspec->ext_generate (algorithm, nbits, qbits, use_e, - NULL, domain, keygen_flags, - skey, retfactors); - } - else if (qbits || domain) - { - /* A qbits or domain parameter is specified but the - algorithm does not feature an extended generation - function. */ - ec = GPG_ERR_INV_PARAMETER; - } else { /* Use the standard generate function. */ @@ -605,6 +574,7 @@ return ec; } + static gcry_err_code_t pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey) { @@ -868,11 +838,13 @@ return err; } + /* Internal function used for ecc. Note, that this function makes use of its intimate knowledge about the ECC parameters from ecc.c. */ static gcry_err_code_t sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names, - gcry_mpi_t *elements) + gcry_mpi_t *elements, pk_extra_spec_t *extraspec) + { gcry_err_code_t err = 0; int idx; @@ -907,35 +879,41 @@ list = gcry_sexp_find_token (key_sexp, "curve", 5); if (list) { -#if USE_ECC - char *curve; - gcry_mpi_t params[6]; - - for (idx = 0; idx < DIM(params); idx++) - params[idx] = NULL; - - curve = _gcry_sexp_nth_string (list, 1); - if (!curve) + if (extraspec->get_param) { - err = GPG_ERR_INV_OBJ; /* No curve name given (or out of core). */ - goto leave; + char *curve; + gcry_mpi_t params[6]; + + for (idx = 0; idx < DIM(params); idx++) + params[idx] = NULL; + + curve = _gcry_sexp_nth_string (list, 1); + gcry_sexp_release (list); + if (!curve) + { + /* No curve name given (or out of core). */ + err = GPG_ERR_INV_OBJ; + goto leave; + } + err = extraspec->get_param (curve, params); + gcry_free (curve); + if (err) + goto leave; + + for (idx = 0; idx < DIM(params); idx++) + { + if (!elements[idx]) + elements[idx] = params[idx]; + else + mpi_free (params[idx]); + } } - err = _gcry_ecc_get_param (curve, params); - gcry_free (curve); - if (err) - goto leave; - - for (idx = 0; idx < DIM(params); idx++) + else { - if (!elements[idx]) - elements[idx] = params[idx]; - else - mpi_free (params[idx]); + gcry_sexp_release (list); + err = GPG_ERR_INV_OBJ; /* "curve" given but ECC not supported. */ + goto leave; } -#else /* !USE_ECC */ - err = GPG_ERR_INV_OBJ; /* "curve" given but ECC not supported. */ - goto leave; -#endif /* !USE_ECC */ } /* Check that all parameters are known. */ @@ -1001,6 +979,7 @@ gcry_mpi_t *array; gcry_module_t module; gcry_pk_spec_t *pubkey; + pk_extra_spec_t *extraspec; int is_ecc; /* Check that the first element is valid. */ @@ -1038,7 +1017,10 @@ return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */ } else - pubkey = (gcry_pk_spec_t *) module->spec; + { + pubkey = (gcry_pk_spec_t *) module->spec; + extraspec = module->extraspec; + } elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey; array = gcry_calloc (strlen (elems) + 1, sizeof (*array)); @@ -1047,7 +1029,7 @@ if (!err) { if (is_ecc) - err = sexp_elements_extract_ecc (list, elems, array); + err = sexp_elements_extract_ecc (list, elems, array, extraspec); else err = sexp_elements_extract (list, elems, array, pubkey->name); } @@ -2084,7 +2066,9 @@ { gcry_pk_spec_t *pubkey = NULL; gcry_module_t module = NULL; - gcry_sexp_t list = NULL, l2 = NULL; + gcry_sexp_t list = NULL; + gcry_sexp_t l2 = NULL; + gcry_sexp_t l3 = NULL; char *name = NULL; size_t n; gcry_err_code_t rc = GPG_ERR_NO_ERROR; @@ -2095,10 +2079,6 @@ gcry_mpi_t skey[12], *factors = NULL; unsigned int nbits = 0; unsigned long use_e = 0; - unsigned int qbits; - gcry_mpi_t xvalue = NULL; - char *curve = NULL; - unsigned int keygen_flags = 0; skey[0] = NULL; *r_key = NULL; @@ -2150,7 +2130,9 @@ if (strlen (sec_elems) >= DIM(skey)) BUG (); - /* Handle the optional rsa-use-e element. */ + /* Handle the optional rsa-use-e element. Actually this belong into + the algorithm module but we have this parameter in the public + moudle API, so we need to parse it right here. */ l2 = gcry_sexp_find_token (list, "rsa-use-e", 0); if (l2) { @@ -2172,8 +2154,9 @@ else use_e = 65537; /* Not given, use the value generated by old versions. */ - /* Handle the optional qbits element. */ - l2 = gcry_sexp_find_token (list, "qbits", 0); + + /* Get the "nbits" parameter. */ + l2 = gcry_sexp_find_token (list, "nbits", 0); if (l2) { char buf[50]; @@ -2182,91 +2165,24 @@ s = gcry_sexp_nth_data (l2, 1, &n); if (!s || n >= DIM (buf) - 1 ) { - rc = GPG_ERR_INV_OBJ; /* No value or value too large. */ - goto leave; - } - memcpy (buf, s, n); - buf[n] = 0; - qbits = (unsigned int)strtoul (buf, NULL, 0); - gcry_sexp_release (l2); - l2 = NULL; - } - else - qbits = 0; - - /* Parse the optional xvalue element. */ - l2 = gcry_sexp_find_token (list, "xvalue", 0); - if (l2) - { - xvalue = gcry_sexp_nth_mpi (l2, 1, 0); - if (!xvalue) - { - rc = GPG_ERR_BAD_MPI; - goto leave; - } - } - - /* Parse the optional "curve" parameter. */ - l2 = gcry_sexp_find_token (list, "curve", 0); - if (l2) - { - curve = _gcry_sexp_nth_string (l2, 1); - if (!curve) - { - rc = GPG_ERR_INV_OBJ; /* No curve name or value too large. */ - goto leave; - } - gcry_sexp_release (l2); - l2 = NULL; - } - - /* Parse the optional "transient-key" flag. */ - l2 = gcry_sexp_find_token (list, "transient-key", 0); - if (l2) - { - keygen_flags |= PUBKEY_FLAG_TRANSIENT_KEY; - gcry_sexp_release (l2); - l2 = NULL; - } - - - /* Unless a curve name has been given, the "nbits" parameter is - required. */ - l2 = gcry_sexp_find_token (list, "nbits", 0); - gcry_sexp_release (list); - list = l2; - l2 = NULL; - if (!list && !curve) - { - rc = GPG_ERR_NO_OBJ; /* No nbits parameter. */ - goto leave; - } - if (list) - { - char buf[50]; - const char *s; - - s = gcry_sexp_nth_data (list, 1, &n); - if (!s || n >= DIM (buf) - 1 ) - { rc = GPG_ERR_INV_OBJ; /* NBITS given without a cdr. */ goto leave; } memcpy (buf, s, n); buf[n] = 0; nbits = (unsigned int)strtoul (buf, NULL, 0); + gcry_sexp_release (l2); l2 = NULL; } else nbits = 0; - /* Extract the optional domain parameter and call the key generation. */ - l2 = gcry_sexp_find_token (list, "domain", 0); - rc = pubkey_generate (module->mod_id, nbits, qbits, use_e, xvalue, - curve, l2, keygen_flags, skey, &factors); - gcry_sexp_release (l2); + /* Pass control to the algorithm module. */ + rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey, &factors); + gcry_sexp_release (list); list = NULL; if (rc) goto leave; + /* Key generation succeeded: Build an S-expression. */ { char *string, *p; size_t nelem=0, nelem_cp = 0, needed=0; @@ -2312,7 +2228,7 @@ } p = stpcpy (p, "))"); - /* Very ugly hack to make release_mpi_array() work FIXME */ + /* Hack to make release_mpi_array() work. */ skey[i] = NULL; if (factors[0]) @@ -2359,22 +2275,18 @@ leave: gcry_free (name); - gcry_free (curve); release_mpi_array (skey); - /* Don't free SKEY itself, it is a static array. */ + /* Don't free SKEY itself, it is an stack allocated array. */ - gcry_mpi_release (xvalue); - if (factors) { release_mpi_array ( factors ); gcry_free (factors); } - if (l2) - gcry_sexp_release (l2); - if (list) - gcry_sexp_release (list); + gcry_sexp_release (l3); + gcry_sexp_release (l2); + gcry_sexp_release (list); if (module) { Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/cipher/rsa.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -207,8 +207,8 @@ if ( (nbits&1) ) nbits++; - if (use_e == 1) /* Alias for a secure value. */ - use_e = 65537; /* as demanded by Spinx. */ + if (use_e == 1) /* Alias for a secure value */ + use_e = 65537; /* as demanded by Sphinx. */ /* Public exponent: In general we use 41 as this is quite fast and more secure than the @@ -328,6 +328,191 @@ } +/* Variant of the standard key generation code using the algorithm + from X9.31. Using this algorithm has the advantage that the + generation can be made deterministic which is required for CAVS + testing. */ +static gpg_err_code_t +generate_x931 (RSA_secret_key *sk, unsigned int nbits, unsigned long e_value, + gcry_sexp_t deriveparms, int *swapped) +{ + gcry_mpi_t p, q; /* The two primes. */ + gcry_mpi_t e; /* The public exponent. */ + gcry_mpi_t n; /* The public key. */ + gcry_mpi_t d; /* The private key */ + gcry_mpi_t u; /* The inverse of p and q. */ + gcry_mpi_t pm1; /* p - 1 */ + gcry_mpi_t qm1; /* q - 1 */ + gcry_mpi_t phi; /* Euler totient. */ + gcry_mpi_t f, g; /* Helper. */ + + *swapped = 0; + + if (e_value == 1) /* Alias for a secure value. */ + e_value = 65537; + + /* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */ + if (nbits < 1024 || (nbits % 256)) + return GPG_ERR_INV_VALUE; + + /* Point 2: 2 <= bitlength(e) < 2^{k-2} + Note that we do not need to check the upper bound because we use + an unsigned long for E and thus there is no way for E to reach + that limit. */ + if (e_value < 3) + return GPG_ERR_INV_VALUE; + + /* Our implementaion requires E to be odd. */ + if (!(e_value & 1)) + return GPG_ERR_INV_VALUE; + + /* Point 3: e > 0 or e 0 if it is to be randomly generated. + We support only a fixed E and thus there is no need for an extra test. */ + + + /* Compute or extract the derive parameters. */ + { + gcry_mpi_t xp1 = NULL; + gcry_mpi_t xp2 = NULL; + gcry_mpi_t xp = NULL; + gcry_mpi_t xq1 = NULL; + gcry_mpi_t xq2 = NULL; + gcry_mpi_t xq = NULL; + + if (!deriveparms) + { + /* Fixme: Create them. */ + return GPG_ERR_INV_VALUE; + } + else + { + struct { const char *name; gcry_mpi_t *value; } tbl[] = { + { "Xp1", &xp1 }, + { "Xp2", &xp2 }, + { "Xp", &xp }, + { "Xq1", &xq1 }, + { "Xq2", &xq2 }, + { "Xq", &xq }, + { NULL, NULL } + }; + int idx; + gcry_sexp_t oneparm; + + for (idx=0; tbl[idx].name; idx++) + { + oneparm = gcry_sexp_find_token (deriveparms, tbl[idx].name, 0); + if (oneparm) + { + *tbl[idx].value = gcry_sexp_nth_mpi (oneparm, 1, + GCRYMPI_FMT_USG); + gcry_sexp_release (oneparm); + } + } + for (idx=0; tbl[idx].name; idx++) + if (!*tbl[idx].value) + break; + if (tbl[idx].name) + { + /* At least one parameter is missing. */ + for (idx=0; tbl[idx].name; idx++) + gcry_mpi_release (*tbl[idx].value); + return GPG_ERR_MISSING_VALUE; + } + } + + e = mpi_alloc_set_ui (e_value); + + /* Find two prime numbers. */ + p = _gcry_derive_x931_prime (xp, xp1, xp2, e, NULL, NULL); + q = _gcry_derive_x931_prime (xq, xq1, xq2, e, NULL, NULL); + gcry_mpi_release (xp); xp = NULL; + gcry_mpi_release (xp1); xp1 = NULL; + gcry_mpi_release (xp2); xp2 = NULL; + gcry_mpi_release (xq); xq = NULL; + gcry_mpi_release (xq1); xq1 = NULL; + gcry_mpi_release (xq2); xq2 = NULL; + if (!p || !q) + { + gcry_mpi_release (p); + gcry_mpi_release (q); + gcry_mpi_release (e); + return GPG_ERR_NO_PRIME; + } + } + + + /* Compute the public modulus. We make sure that p is smaller than + q to allow the use of the CRT. */ + if (mpi_cmp (p, q) > 0 ) + { + mpi_swap (p, q); + *swapped = 1; + } + n = gcry_mpi_new (nbits); + mpi_mul (n, p, q); + + /* Compute the Euler totient: phi = (p-1)(q-1) */ + pm1 = gcry_mpi_snew (nbits/2); + qm1 = gcry_mpi_snew (nbits/2); + phi = gcry_mpi_snew (nbits); + mpi_sub_ui (pm1, p, 1); + mpi_sub_ui (qm1, q, 1); + mpi_mul (phi, pm1, qm1); + + g = gcry_mpi_snew (nbits); + gcry_assert (gcry_mpi_gcd (g, e, phi)); + + /* Compute: f = lcm(p-1,q-1) = phi / gcd(p-1,q-1) */ + gcry_mpi_gcd (g, pm1, qm1); + f = pm1; pm1 = NULL; + gcry_mpi_release (qm1); qm1 = NULL; + mpi_fdiv_q (f, phi, g); + gcry_mpi_release (phi); phi = NULL; + d = g; g = NULL; + /* Compute the secret key: d = e^{-1} mod lcm(p-1,q-1) */ + mpi_invm (d, e, f); + + /* Compute the inverse of p and q. */ + u = f; f = NULL; + mpi_invm (u, p, q ); + + if( DBG_CIPHER ) + { + if (swapped) + log_debug ("p and q are swapped\n"); + log_mpidump(" p", p ); + log_mpidump(" q", q ); + log_mpidump(" n", n ); + log_mpidump(" e", e ); + log_mpidump(" d", d ); + log_mpidump(" u", u ); + } + + + sk->n = n; + sk->e = e; + sk->p = p; + sk->q = q; + sk->d = d; + sk->u = u; + + /* Now we can test our keys. */ + if (test_keys (sk, nbits - 64)) + { + gcry_mpi_release (sk->n); sk->n = NULL; + gcry_mpi_release (sk->e); sk->e = NULL; + gcry_mpi_release (sk->p); sk->p = NULL; + gcry_mpi_release (sk->q); sk->q = NULL; + gcry_mpi_release (sk->d); sk->d = NULL; + gcry_mpi_release (sk->u); sk->u = NULL; + fips_signal_error ("self-test after key generation failed"); + return GPG_ERR_SELFTEST_FAILED; + } + + return 0; +} + + /**************** * Test wether the secret key is valid. * Returns: true if this is a valid key. @@ -530,23 +715,42 @@ *********************************************/ static gcry_err_code_t -rsa_generate_ext (int algo, unsigned int nbits, unsigned int qbits, - unsigned long use_e, - const char *name, const gcry_sexp_t domain, - unsigned int keygen_flags, +rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue, + const gcry_sexp_t genparms, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { RSA_secret_key sk; gpg_err_code_t ec; + gcry_sexp_t deriveparms; + int transient_key = 0; + gcry_sexp_t l1; + int swapped; int i; (void)algo; - (void)qbits; - (void)name; - (void)domain; - ec = generate_std (&sk, nbits, use_e, - !!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) ); + deriveparms = (genparms? + gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL); + + if (deriveparms || fips_mode ()) + { + ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped); + gcry_sexp_release (deriveparms); + } + else + { + /* Parse the optional "transient-key" flag. */ + l1 = gcry_sexp_find_token (genparms, "transient-key", 0); + if (l1) + { + transient_key = 1; + gcry_sexp_release (l1); + l1 = NULL; + } + /* Generate. */ + ec = generate_std (&sk, nbits, evalue, transient_key); + } + if (!ec) { skey[0] = sk.n; @@ -576,11 +780,10 @@ static gcry_err_code_t -rsa_generate (int algo, unsigned int nbits, unsigned long use_e, +rsa_generate (int algo, unsigned int nbits, unsigned long evalue, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { - return rsa_generate_ext (algo, nbits, 0, use_e, NULL, NULL, 0, - skey, retfactors); + return rsa_generate_ext (algo, nbits, evalue, NULL, skey, retfactors); } Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/doc/gcrypt.texi 2008-11-24 16:37:50 UTC (rev 1358) @@ -2725,6 +2725,33 @@ The @code{seed}, @code{counter} and @code{h} domain parameters are optional and currently not used. + at item derive-parms +This is currently only meaningful for RSA keys. If given, it is used +to derive the RSA keys using the given parameters. This is in general +only useful for key generation tests. If given for an RSA key the +X9.31 key generation algorithm is used even if libgcrypt is not in +FIPS mode. + + at example +(genkey + (rsa + (nbits 4:1024) + (rsa-use-e 1:3) + (derive-parms + (Xp1 #1A1916DDB29B4EB7EB6732E128#) + (Xp2 #192E8AAC41C576C822D93EA433#) + (Xp #D8CD81F035EC57EFE822955149D3BFF70C53520D + 769D6D76646C7A792E16EBD89FE6FC5B605A6493 + 39DFC925A86A4C6D150B71B9EEA02D68885F5009 + B98BD984#) + (Xq1 #1A5CF72EE770DE50CB09ACCEA9#) + (Xq2 #134E4CAA16D2350A21D775C404#) + (Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D + 7C9953388F97DDDC3E1CA19C35CA659EDC2FC325 + 6D29C2627479C086A699A49C4C9CEE7EF7BD1B34 + 321DE34A#)))) + at end example + @end table @c end table of parameters @@ -2750,16 +2777,17 @@ (y @var{y-mpi}) (x @var{x-mpi}))) (misc-key-info - (pm1-factors @var{n1 n2 ... nn}))) + (pm1-factors @var{n1 n2 ... nn})) @end example @noindent -As you can see, some of the information is duplicated, but this provides -an easy way to extract either the public or the private key. Note that -the order of the elements is not defined, e.g. the private key may be -stored before the public key. @var{n1 n2 ... nn} is a list of prime -numbers used to composite @var{p-mpi}; this is in general not a very -useful information. +As you can see, some of the information is duplicated, but this +provides an easy way to extract either the public or the private key. +Note that the order of the elements is not defined, e.g. the private +key may be stored before the public key. @var{n1 n2 ... nn} is a list +of prime numbers used to composite @var{p-mpi}; this is in general not +a very useful information and only available if the key generation +algorithm provides them. @end deftypefun @c end gcry_pk_genkey Modified: trunk/src/cipher-proto.h =================================================================== --- trunk/src/cipher-proto.h 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/src/cipher-proto.h 2008-11-24 16:37:50 UTC (rev 1358) @@ -43,18 +43,19 @@ typedef gcry_err_code_t (*pk_ext_generate_t) (int algo, unsigned int nbits, - unsigned int qbits, - unsigned long use_e, - const char *name, - gcry_sexp_t domain, - unsigned int keygen_flags, + unsigned long evalue, + gcry_sexp_t genparms, gcry_mpi_t *skey, gcry_mpi_t **retfactors); -/* The type is used to compute the keygrip. */ +/* The type used to compute the keygrip. */ typedef gpg_err_code_t (*pk_comp_keygrip_t) (gcry_md_hd_t md, gcry_sexp_t keyparm); +/* The type used to quert ECC curve parameters. */ +typedef gcry_err_code_t (*pk_get_param_t) + (const char *name, gcry_mpi_t *pkey); + /* The type used to convey additional information to a cipher. */ typedef gpg_err_code_t (*cipher_set_extra_info_t) (void *c, int what, const void *buffer, size_t buflen); @@ -79,6 +80,7 @@ selftest_func_t selftest; pk_ext_generate_t ext_generate; pk_comp_keygrip_t comp_keygrip; + pk_get_param_t get_param; } pk_extra_spec_t; Modified: trunk/src/cipher.h =================================================================== --- trunk/src/cipher.h 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/src/cipher.h 2008-11-24 16:37:50 UTC (rev 1358) @@ -27,7 +27,6 @@ #include "../random/random.h" #define PUBKEY_FLAG_NO_BLINDING (1 << 0) -#define PUBKEY_FLAG_TRANSIENT_KEY (1 << 1) #define CIPHER_INFO_NO_WEAK_KEY 1 @@ -62,18 +61,11 @@ /*-- elgamal.c --*/ void _gcry_register_pk_elg_progress (gcry_handler_progress_t cb, void *cb_data); -gcry_err_code_t _gcry_elg_generate_using_x (int algo, unsigned int nbits, - gcry_mpi_t x, - gcry_mpi_t *skey, - gcry_mpi_t **retfactors); + /*-- ecc.c --*/ void _gcry_register_pk_ecc_progress (gcry_handler_progress_t cbc, void *cb_data); -gcry_err_code_t _gcry_ecc_generate (int algo, unsigned int nbits, - const char *curve, - gcry_mpi_t *skey, gcry_mpi_t **retfactors); -gcry_err_code_t _gcry_ecc_get_param (const char *name, gcry_mpi_t *pkey); /*-- primegen.c --*/ @@ -138,6 +130,7 @@ extern pk_extra_spec_t _gcry_pubkey_extraspec_rsa; extern pk_extra_spec_t _gcry_pubkey_extraspec_dsa; +extern pk_extra_spec_t _gcry_pubkey_extraspec_elg; extern pk_extra_spec_t _gcry_pubkey_extraspec_ecdsa; Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/src/g10lib.h 2008-11-24 16:37:50 UTC (rev 1358) @@ -175,6 +175,10 @@ gcry_mpi_t _gcry_generate_elg_prime (int mode, unsigned int pbits, unsigned int qbits, gcry_mpi_t g, gcry_mpi_t **factors); +gcry_mpi_t _gcry_derive_x931_prime (const gcry_mpi_t xp, + const gcry_mpi_t xp1, const gcry_mpi_t xp2, + const gcry_mpi_t e, + gcry_mpi_t *r_p1, gcry_mpi_t *r_p2); /* replacements of missing functions (missing-string.c)*/ Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/tests/cavs_driver.pl 2008-11-24 16:37:50 UTC (rev 1358) @@ -1035,6 +1035,7 @@ my $old_calc_data; my $old_old_calc_data; my $ov; + my $iv_arg; $out .= "COUNT = $i\n"; if (defined($key2)) { @@ -1059,10 +1060,15 @@ $out .= "CIPHERTEXT = ". bin2hex($source_data). "\n"; } + # Need to provide a dummy IV in case of ECB mode. + $iv_arg = (defined($iv) && $iv ne "") + ? bin2hex($iv) + : "00"x(length($source_data)); + print $CI "1\n" .$iloop."\n" .bin2hex($key1)."\n" - .bin2hex($iv)."\n" + .$iv_arg."\n" .bin2hex($source_data)."\n\n" or die; # fixme: We should skip over empty lines here. @@ -1130,7 +1136,7 @@ } if ($ciph =~ /des/) { - $iv = $ov; + $iv = $ov if (defined($iv) && $iv ne ""); if ($cipher =~ /des-ede3-ofb/) { $source_data = $source_data ^ $next_source; } else { Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/tests/fipsdrv.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -240,6 +240,8 @@ any = 1; } while (*line == '#'); /* Always skip comment lines. */ + if (verbose > 1) + fprintf (stderr, PGM ": received line: %s\n", line); return gcry_xstrdup (line); } @@ -800,6 +802,8 @@ { const unsigned char *p = buffer; + if (verbose > 1) + showhex ("sent line", buffer, length); while (length-- && !ferror (stdout) ) printf ("%02X", *p++); if (ferror (stdout)) @@ -1099,6 +1103,8 @@ putchar ('\n'); print_buffer (input, blocklen); /* Next input text. */ putchar ('\n'); + if (verbose > 1) + showhex ("sent line", "", 0); putchar ('\n'); fflush (stdout); Modified: trunk/tests/pubkey.c =================================================================== --- trunk/tests/pubkey.c 2008-11-19 13:52:48 UTC (rev 1357) +++ trunk/tests/pubkey.c 2008-11-24 16:37:50 UTC (rev 1358) @@ -114,6 +114,23 @@ } static void +show_sexp (const char *prefix, gcry_sexp_t a) +{ + char *buf; + size_t size; + + if (prefix) + fputs (prefix, stderr); + size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); + buf = gcry_xmalloc (size); + From cvs at cvs.gnupg.org Tue Nov 25 12:05:15 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 25 Nov 2008 12:05:15 +0100 Subject: [svn] gcry - r1359 - in trunk: cipher doc src tests Message-ID: Author: wk Date: 2008-11-25 12:05:14 +0100 (Tue, 25 Nov 2008) New Revision: 1359 Modified: trunk/cipher/ChangeLog trunk/cipher/dsa.c trunk/cipher/ecc.c trunk/cipher/elgamal.c trunk/cipher/pubkey.c trunk/cipher/rsa.c trunk/doc/gcrypt.texi trunk/src/ChangeLog trunk/src/cipher-proto.h trunk/src/gcrypt.h.in trunk/src/sexp.c trunk/tests/ChangeLog trunk/tests/pubkey.c trunk/tests/tsexp.c Log: Finished RSA X9.31 key generation. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/cipher/ChangeLog 2008-11-25 11:05:14 UTC (rev 1359) @@ -1,5 +1,15 @@ 2008-11-24 Werner Koch + * pubkey.c (gcry_pk_genkey): Insert code to output extrainfo. + (pubkey_generate): Add arg R_EXTRAINFO and pass it to the extended + key generation function. + * rsa.c (gen_x931_parm_xp, gen_x931_parm_xi): New. + (generate_x931): Generate params if not given. + (rsa_generate_ext): Parse use-x931 flag. Return p-q-swapped + indicator. + * dsa.c (dsa_generate_ext): Put RETFACTORS into R_EXTRAINFO if + possible. + * pubkey.c (gcry_pk_genkey): Remove parsing of almost all parameters and pass the parameter S-expression to pubkey_generate. (pubkey_generate): Simplify by requitring modules to parse the Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/src/ChangeLog 2008-11-25 11:05:14 UTC (rev 1359) @@ -1,5 +1,10 @@ 2008-11-24 Werner Koch + * sexp.c (get_internal_buffer): New. + (sexp_sscan): Add format character S. + * cipher-proto.h (pk_ext_generate_t): Add field EXTRAINFO changed + all implementors. + * cipher-proto.h (pk_ext_generate_t): Simplify. (pk_get_param): New. (pk_extra_spec_t): Add field GET_PARAM. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/tests/ChangeLog 2008-11-25 11:05:14 UTC (rev 1359) @@ -1,6 +1,14 @@ +2008-11-25 Werner Koch + + * pubkey.c (get_dsa_key_new): New. + 2008-11-24 Werner Koch + * tsexp.c (basic): Add test for format character S. + * pubkey.c (check_x931_derived_key): New. + (get_keys_x931_new): New. + (check_run): Check X9.31 generated RSA key. 2008-11-07 Werner Koch Modified: trunk/cipher/dsa.c =================================================================== --- trunk/cipher/dsa.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/cipher/dsa.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -461,7 +461,8 @@ static gcry_err_code_t dsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue, const gcry_sexp_t genparms, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) + gcry_mpi_t *skey, gcry_mpi_t **retfactors, + gcry_sexp_t *r_extrainfo) { gpg_err_code_t ec; DSA_secret_key sk; @@ -502,6 +503,77 @@ skey[2] = sk.g; skey[3] = sk.y; skey[4] = sk.x; + + if (!r_extrainfo) + { + /* Old style interface - return the factors - if any - at + retfactors. */ + } + else if (r_extrainfo && !*retfactors) + { + /* No factors, thus there is nothing to return. */ + *r_extrainfo = NULL; + } + else + { + /* Put the factors into extrainfo and set retfactors to NULL + to make use of the new interface. Note that the factors + are not confidential thus we can store them in standard + memory. */ + int nfactors, i; + char *p; + char *format = NULL; + void **arg_list = NULL; + + for (nfactors=0; (*retfactors)[nfactors]; nfactors++) + ; + /* Allocate space for the format string: + "(misc-key-info(pm1-factors%m))" + with one "%m" for each factor and build the string */ + format = gcry_malloc (40 + 2*nfactors); + if (!format) + ec = gpg_err_code_from_syserror (); + else + { + p = stpcpy (format, "(misc-key-info(pm1-factors"); + for (i=0; i < nfactors; i++) + p = stpcpy (p, "%m"); + p = stpcpy (p, "))"); + + /* Allocate space for the argument list plus an extra + NULL entry for safety and fill it with the + factors. */ + arg_list = gcry_calloc (nfactors+1, sizeof *arg_list); + if (!arg_list) + ec = gpg_err_code_from_syserror (); + else + { + for (i=0; i < nfactors; i++) + arg_list[i] = (*retfactors) + i; + arg_list[i] = NULL; + + ec = gpg_err_code (gcry_sexp_build_array + (r_extrainfo, NULL, format, arg_list)); + } + } + + gcry_free (arg_list); + gcry_free (format); + for (i=0; i < nfactors; i++) + { + gcry_mpi_release ((*retfactors)[i]); + (*retfactors)[i] = NULL; + } + *retfactors = NULL; + if (ec) + { + for (i=0; i < 5; i++) + { + gcry_mpi_release (skey[i]); + skey[i] = NULL; + } + } + } } return ec; @@ -513,7 +585,7 @@ gcry_mpi_t *skey, gcry_mpi_t **retfactors) { (void)evalue; - return dsa_generate_ext (algo, nbits, 0, NULL, skey, retfactors); + return dsa_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL); } Modified: trunk/cipher/ecc.c =================================================================== --- trunk/cipher/ecc.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/cipher/ecc.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -954,7 +954,8 @@ static gcry_err_code_t ecc_generate_ext (int algo, unsigned int nbits, unsigned long evalue, const gcry_sexp_t genparms, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) + gcry_mpi_t *skey, gcry_mpi_t **retfactors, + gcry_sexp_t *r_extrainfo) { gpg_err_code_t ec; ECC_secret_key sk; @@ -964,6 +965,7 @@ (void)algo; (void)evalue; + (void)r_extrainfo; if (genparms) { @@ -1018,7 +1020,7 @@ gcry_mpi_t *skey, gcry_mpi_t **retfactors) { (void)evalue; - return ecc_generate_ext (algo, nbits, 0, NULL, skey, retfactors); + return ecc_generate_ext (algo, nbits, 0, NULL, skey, retfactors, NULL); } Modified: trunk/cipher/elgamal.c =================================================================== --- trunk/cipher/elgamal.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/cipher/elgamal.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -615,7 +615,8 @@ static gpg_err_code_t elg_generate_ext (int algo, unsigned int nbits, unsigned long evalue, const gcry_sexp_t genparms, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) + gcry_mpi_t *skey, gcry_mpi_t **retfactors, + gcry_sexp_t *r_extrainfo) { gpg_err_code_t ec; ELG_secret_key sk; @@ -624,6 +625,7 @@ (void)algo; (void)evalue; + (void)r_extrainfo; if (genparms) { Modified: trunk/cipher/pubkey.c =================================================================== --- trunk/cipher/pubkey.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/cipher/pubkey.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -542,7 +542,8 @@ unsigned int nbits, unsigned long use_e, gcry_sexp_t genparms, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) + gcry_mpi_t *skey, gcry_mpi_t **retfactors, + gcry_sexp_t *r_extrainfo) { gcry_err_code_t ec = GPG_ERR_PUBKEY_ALGO; gcry_module_t pubkey; @@ -559,7 +560,7 @@ { /* Use the extended generate function. */ ec = extraspec->ext_generate - (algorithm, nbits, use_e, genparms, skey, retfactors); + (algorithm, nbits, use_e, genparms, skey, retfactors, r_extrainfo); } else { @@ -2076,7 +2077,9 @@ const char *algo_name = NULL; int algo; const char *sec_elems = NULL, *pub_elems = NULL; - gcry_mpi_t skey[12], *factors = NULL; + gcry_mpi_t skey[12]; + gcry_mpi_t *factors = NULL; + gcry_sexp_t extrainfo = NULL; unsigned int nbits = 0; unsigned long use_e = 0; @@ -2132,7 +2135,7 @@ /* Handle the optional rsa-use-e element. Actually this belong into the algorithm module but we have this parameter in the public - moudle API, so we need to parse it right here. */ + module API, so we need to parse it right here. */ l2 = gcry_sexp_find_token (list, "rsa-use-e", 0); if (l2) { @@ -2177,7 +2180,8 @@ nbits = 0; /* Pass control to the algorithm module. */ - rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey, &factors); + rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey, + &factors, &extrainfo); gcry_sexp_release (list); list = NULL; if (rc) goto leave; @@ -2188,13 +2192,18 @@ size_t nelem=0, nelem_cp = 0, needed=0; gcry_mpi_t mpis[30]; + /* Estimate size of format string. */ nelem = strlen (pub_elems) + strlen (sec_elems); - for (i = 0; factors[i]; i++) - nelem++; + if (factors) + { + for (i = 0; factors[i]; i++) + nelem++; + } nelem_cp = nelem; needed += nelem * 10; - needed += 2 * strlen (algo_name) + 300; + /* (+5 is for EXTRAINFO ("%S")). */ + needed += 2 * strlen (algo_name) + 300 + 5; if (nelem > DIM (mpis)) BUG (); @@ -2231,8 +2240,13 @@ /* Hack to make release_mpi_array() work. */ skey[i] = NULL; - if (factors[0]) + if (extrainfo) { + /* If we have extrainfo we should not have any factors. */ + p = stpcpy (p, "%S"); + } + else if (factors && factors[0]) + { p = stpcpy (p, "(misc-key-info(pm1-factors"); for(i = 0; factors[i]; i++) { @@ -2251,7 +2265,8 @@ int elem_n = strlen (pub_elems) + strlen (sec_elems); void **arg_list; - arg_list = malloc (nelem_cp * sizeof *arg_list); + /* Allocate one extra for EXTRAINFO ("%S"). */ + arg_list = gcry_calloc (nelem_cp+1, sizeof *arg_list); if (!arg_list) { rc = gpg_err_code_from_errno (errno); @@ -2259,11 +2274,16 @@ } for (i = 0; i < elem_n; i++) arg_list[i] = mpis + i; - for (; i < nelem_cp; i++) - arg_list[i] = factors + i - elem_n; + if (extrainfo) + arg_list[i] = &extrainfo; + else if (factors && factors[0]) + { + for (; i < nelem_cp; i++) + arg_list[i] = factors + i - elem_n; + } rc = gcry_sexp_build_array (r_key, NULL, string, arg_list); - free (arg_list); + gcry_free (arg_list); if (rc) BUG (); gcry_assert (DIM (mpis) == 30); /* Reminder to make sure that @@ -2275,6 +2295,7 @@ leave: gcry_free (name); + gcry_sexp_release (extrainfo); release_mpi_array (skey); /* Don't free SKEY itself, it is an stack allocated array. */ Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/cipher/rsa.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -328,6 +328,46 @@ } +/* Helper for generate_x931. */ +static gcry_mpi_t +gen_x931_parm_xp (unsigned int nbits) +{ + gcry_mpi_t xp; + + xp = gcry_mpi_snew (nbits); + gcry_mpi_randomize (xp, nbits, GCRY_VERY_STRONG_RANDOM); + + /* The requirement for Xp is: + + sqrt{2}*2^{nbits-1} <= xp <= 2^{nbits} - 1 + + We set the two high order bits to 1 to satisfy the lower bound. + By using mpi_set_highbit we make sure that the upper bound is + satisfied as well. */ + mpi_set_highbit (xp, nbits-1); + mpi_set_bit (xp, nbits-2); + gcry_assert ( mpi_get_nbits (xp) == nbits ); + + return xp; +} + + +/* Helper for generate_x931. */ +static gcry_mpi_t +gen_x931_parm_xi (void) +{ + gcry_mpi_t xi; + + xi = gcry_mpi_snew (101); + gcry_mpi_randomize (xi, 101, GCRY_VERY_STRONG_RANDOM); + mpi_set_highbit (xi, 100); + gcry_assert ( mpi_get_nbits (xi) == 101 ); + + return xi; +} + + + /* Variant of the standard key generation code using the algorithm from X9.31. Using this algorithm has the advantage that the generation can be made deterministic which is required for CAVS @@ -378,14 +418,32 @@ gcry_mpi_t xq1 = NULL; gcry_mpi_t xq2 = NULL; gcry_mpi_t xq = NULL; + gcry_mpi_t tmpval; if (!deriveparms) { - /* Fixme: Create them. */ - return GPG_ERR_INV_VALUE; + /* Not given: Generate them. */ + xp = gen_x931_parm_xp (nbits/2); + /* Make sure that |xp - xq| > 2^{nbits - 100} holds. */ + tmpval = gcry_mpi_snew (nbits/2); + do + { + gcry_mpi_release (xq); + xq = gen_x931_parm_xp (nbits/2); + mpi_sub (tmpval, xp, xq); + } + while (mpi_get_nbits (tmpval) <= (nbits/2 - 100)); + gcry_mpi_release (tmpval); + + xp1 = gen_x931_parm_xi (); + xp2 = gen_x931_parm_xi (); + xq1 = gen_x931_parm_xi (); + xq2 = gen_x931_parm_xi (); + } else { + /* Parameters to derive the key are given. */ struct { const char *name; gcry_mpi_t *value; } tbl[] = { { "Xp1", &xp1 }, { "Xp2", &xp2 }, @@ -478,7 +536,7 @@ if( DBG_CIPHER ) { - if (swapped) + if (*swapped) log_debug ("p and q are swapped\n"); log_mpidump(" p", p ); log_mpidump(" q", q ); @@ -717,25 +775,52 @@ static gcry_err_code_t rsa_generate_ext (int algo, unsigned int nbits, unsigned long evalue, const gcry_sexp_t genparms, - gcry_mpi_t *skey, gcry_mpi_t **retfactors) + gcry_mpi_t *skey, gcry_mpi_t **retfactors, + gcry_sexp_t *r_extrainfo) { RSA_secret_key sk; gpg_err_code_t ec; gcry_sexp_t deriveparms; int transient_key = 0; + int use_x931 = 0; gcry_sexp_t l1; - int swapped; - int i; (void)algo; + + *retfactors = NULL; /* We don't return them. */ deriveparms = (genparms? gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL); + if (!deriveparms) + { + /* Parse the optional "rsa-use-x931" flag. */ + l1 = gcry_sexp_find_token (genparms, "use-x931", 0); + if (l1) + { + use_x931 = 1; + gcry_sexp_release (l1); + } + } - if (deriveparms || fips_mode ()) + if (deriveparms || use_x931 || fips_mode ()) { + int swapped; ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped); gcry_sexp_release (deriveparms); + if (!ec && r_extrainfo && swapped) + { + ec = gcry_sexp_new (r_extrainfo, + "(misc-key-info(p-q-swapped))", 0, 1); + if (ec) + { + gcry_mpi_release (sk.n); sk.n = NULL; + gcry_mpi_release (sk.e); sk.e = NULL; + gcry_mpi_release (sk.p); sk.p = NULL; + gcry_mpi_release (sk.q); sk.q = NULL; + gcry_mpi_release (sk.d); sk.d = NULL; + gcry_mpi_release (sk.u); sk.u = NULL; + } + } } else { @@ -745,7 +830,6 @@ { transient_key = 1; gcry_sexp_release (l1); - l1 = NULL; } /* Generate. */ ec = generate_std (&sk, nbits, evalue, transient_key); @@ -759,20 +843,6 @@ skey[3] = sk.p; skey[4] = sk.q; skey[5] = sk.u; - - /* Make an empty list of factors. */ - *retfactors = gcry_calloc ( 1, sizeof **retfactors ); - if (!*retfactors) - { - ec = gpg_err_code_from_syserror (); - for (i=0; i <= 5; i++) - { - gcry_mpi_release (skey[i]); - skey[i] = NULL; - } - } - else - ec = 0; } return ec; @@ -783,7 +853,7 @@ rsa_generate (int algo, unsigned int nbits, unsigned long evalue, gcry_mpi_t *skey, gcry_mpi_t **retfactors) { - return rsa_generate_ext (algo, nbits, evalue, NULL, skey, retfactors); + return rsa_generate_ext (algo, nbits, evalue, NULL, skey, retfactors, NULL); } Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/doc/gcrypt.texi 2008-11-25 11:05:14 UTC (rev 1359) @@ -2752,6 +2752,13 @@ 321DE34A#)))) @end example + at item use-x931 +Force the use of the ANSI X9.31 key generation algorithm instead of +the default algorithm. This flag is only meaningful for RSA and +usullat not required. Note that this algorithm is implicitly used if +either @code{derive-parms} are given or Libgcrypt is in FIPS mode. + + @end table @c end table of parameters Modified: trunk/src/cipher-proto.h =================================================================== --- trunk/src/cipher-proto.h 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/src/cipher-proto.h 2008-11-25 11:05:14 UTC (rev 1359) @@ -46,7 +46,8 @@ unsigned long evalue, gcry_sexp_t genparms, gcry_mpi_t *skey, - gcry_mpi_t **retfactors); + gcry_mpi_t **retfactors, + gcry_sexp_t *extrainfo); /* The type used to compute the keygrip. */ typedef gpg_err_code_t (*pk_comp_keygrip_t) Modified: trunk/src/gcrypt.h.in =================================================================== --- trunk/src/gcrypt.h.in 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/src/gcrypt.h.in 2008-11-25 11:05:14 UTC (rev 1359) @@ -1654,8 +1654,8 @@ /* Set the big integer W to a random value of NBITS using a random - generator with quality LEVEL. Note that using a level of - GCRY_WEAK_RANDOM here, uses gcry_create_nonce internally. */ + generator with quality LEVEL. Note that by using a level of + GCRY_WEAK_RANDOM gcry_create_nonce is used internally. */ void gcry_mpi_randomize (gcry_mpi_t w, unsigned int nbits, enum gcry_random_level level); Modified: trunk/src/sexp.c =================================================================== --- trunk/src/sexp.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/src/sexp.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -1,6 +1,6 @@ /* sexp.c - S-Expression handling * Copyright (C) 1999, 2000, 2001, 2002, 2003, - * 2004, 2006, 2007 Free Software Foundation, Inc. + * 2004, 2006, 2007, 2008 Free Software Foundation, Inc. * * This file is part of Libgcrypt. * @@ -191,7 +191,7 @@ } /* Create a new S-expression object by reading LENGTH bytes from - BUFFER, assuming it is canonilized encoded or autodetected encoding + BUFFER, assuming it is canonical encoded or autodetected encoding when AUTODETECT is set to 1. With FREEFNC not NULL, ownership of the buffer is transferred to the newly created object. FREEFNC should be the freefnc used to release BUFFER; there is no guarantee @@ -492,7 +492,48 @@ } +/* Return the internal lengths offset of LIST. That is the size of + the buffer from the first ST_OPEN, which is retruned at R_OFF, to + the corresponding ST_CLOSE inclusive. */ +static size_t +get_internal_buffer (const gcry_sexp_t list, size_t *r_off) +{ + const unsigned char *p; + DATALEN n; + int type; + int level = 0; + + *r_off = 0; + if (list) + { + p = list->d; + while ( (type=*p) != ST_STOP ) + { + p++; + if (type == ST_DATA) + { + memcpy (&n, p, sizeof n); + p += sizeof n + n; + } + else if (type == ST_OPEN) + { + if (!level) + *r_off = (p-1) - list->d; + level++; + } + else if ( type == ST_CLOSE ) + { + level--; + if (!level) + return p - list->d; + } + } + } + return 0; /* Not a proper list. */ +} + + /* Extract the CAR of the given list. May return NULL for bad lists or memory failure. */ gcry_sexp_t @@ -920,6 +961,9 @@ * %d - integer stored as string (no autoswitch to secure allocation) * %b - memory buffer; this takes _two_ arguments: an integer with the * length of the buffer and a pointer to the buffer. + * %S - Copy an gcry_sexp_t here. The S-expression needs to be a + * regular one, starting with a parenthesis. + * (no autoswitch to secure allocation) * all other format elements are currently not defined and return an error. * this includes the "%%" sequence becauce the percent sign is not an * allowed character. @@ -966,7 +1010,7 @@ #define ARG_NEXT(storage, type) \ do \ { \ - if (!arg_list) \ + if (!arg_list) \ storage = va_arg (arg_ptr, type); \ else \ storage = *((type *) (arg_list[arg_counter++])); \ @@ -1310,6 +1354,21 @@ memcpy (c.pos, buf, alen); c.pos += alen; } + else if (*p == 'S') + { + /* Insert a gcry_sexp_t. */ + gcry_sexp_t asexp; + size_t alen, aoff; + + ARG_NEXT (asexp, gcry_sexp_t); + alen = get_internal_buffer (asexp, &aoff); + if (alen) + { + MAKE_SPACE (alen); + memcpy (c.pos, asexp->d + aoff, alen); + c.pos += alen; + } + } else { *erroff = p - buffer; Modified: trunk/tests/pubkey.c =================================================================== --- trunk/tests/pubkey.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/tests/pubkey.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -266,6 +266,9 @@ if (rc) die ("error generating RSA key: %s\n", gcry_strerror (rc)); + if (verbose > 1) + show_sexp ("generated RSA key:\n", key); + pub_key = gcry_sexp_find_token (key, "public-key", 0); if (! pub_key) die ("public part missing in key\n"); @@ -281,6 +284,38 @@ static void +get_keys_x931_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) +{ + gcry_sexp_t key_spec, key, pub_key, sec_key; + int rc; + + rc = gcry_sexp_new (&key_spec, + "(genkey (rsa (nbits 4:1024)(use-x931)))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gcry_strerror (rc)); + rc = gcry_pk_genkey (&key, key_spec); + gcry_sexp_release (key_spec); + if (rc) + die ("error generating RSA key: %s\n", gcry_strerror (rc)); + + if (verbose > 1) + show_sexp ("generated RSA (X9.31) key:\n", key); + + pub_key = gcry_sexp_find_token (key, "public-key", 0); + if (!pub_key) + die ("public part missing in key\n"); + + sec_key = gcry_sexp_find_token (key, "private-key", 0); + if (!sec_key) + die ("private part missing in key\n"); + + gcry_sexp_release (key); + *pkey = pub_key; + *skey = sec_key; +} + + +static void get_elg_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int fixed_x) { gcry_sexp_t key_spec, key, pub_key, sec_key; @@ -300,6 +335,9 @@ if (rc) die ("error generating Elgamal key: %s\n", gcry_strerror (rc)); + if (verbose > 1) + show_sexp ("generated ELG key:\n", key); + pub_key = gcry_sexp_find_token (key, "public-key", 0); if (!pub_key) die ("public part missing in key\n"); @@ -313,7 +351,38 @@ *skey = sec_key; } +static void +get_dsa_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) +{ + gcry_sexp_t key_spec, key, pub_key, sec_key; + int rc; + rc = gcry_sexp_new + (&key_spec, "(genkey (dsa (nbits 4:1024)))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gcry_strerror (rc)); + rc = gcry_pk_genkey (&key, key_spec); + gcry_sexp_release (key_spec); + if (rc) + die ("error generating Elgamal key: %s\n", gcry_strerror (rc)); + + if (verbose > 1) + show_sexp ("generated DSA key:\n", key); + + pub_key = gcry_sexp_find_token (key, "public-key", 0); + if (!pub_key) + die ("public part missing in key\n"); + + sec_key = gcry_sexp_find_token (key, "private-key", 0); + if (!sec_key) + die ("private part missing in key\n"); + + gcry_sexp_release (key); + *pkey = pub_key; + *skey = sec_key; +} + + static void check_run (void) { @@ -345,6 +414,13 @@ gcry_sexp_release (skey); if (verbose) + fprintf (stderr, "Checking generated RSA key (X9.31).\n"); + get_keys_x931_new (&pkey, &skey); + check_keys (pkey, skey, 800, 0); + gcry_sexp_release (pkey); + gcry_sexp_release (skey); + + if (verbose) fprintf (stderr, "Checking generated Elgamal key.\n"); get_elg_key_new (&pkey, &skey, 0); check_keys (pkey, skey, 400, 0); @@ -357,6 +433,13 @@ check_keys (pkey, skey, 800, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); + + if (verbose) + fprintf (stderr, "Generating DSA key.\n"); + get_dsa_key_new (&pkey, &skey); + /* Fixme: Add a check function for DSA keys. */ + gcry_sexp_release (pkey); + gcry_sexp_release (skey); } @@ -377,6 +460,7 @@ gcry_sexp_release (l1); return NULL; } + result = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); gcry_sexp_release (l2); gcry_sexp_release (l1); @@ -552,8 +636,9 @@ if (err) die ("error converting string [%d]\n", what); - if (verbose) - show_sexp ("generated private key:\n", sec_key); + if (verbose > 1) + show_sexp ("generated key:\n", key); + d_have = key_param_from_sexp (sec_key, "rsa", "d"); if (!d_have) die ("parameter d not found in RSA secret key [%d]\n", what); @@ -582,7 +667,10 @@ if (argc > 1 && !strcmp (argv[1], "--verbose")) verbose = 1; else if (argc > 1 && !strcmp (argv[1], "--debug")) - verbose = debug = 1; + { + verbose = 2; + debug = 1; + } gcry_control (GCRYCTL_DISABLE_SECMEM, 0); if (!gcry_check_version (GCRYPT_VERSION)) Modified: trunk/tests/tsexp.c =================================================================== --- trunk/tests/tsexp.c 2008-11-24 16:37:50 UTC (rev 1358) +++ trunk/tests/tsexp.c 2008-11-25 11:05:14 UTC (rev 1359) @@ -130,7 +130,32 @@ if (!gcry_is_secure (sexp)) fail ("gcry_sexp_build did not switch to secure memory\n"); break; + + case 3: + { + gcry_sexp_t help_sexp; + + if (gcry_sexp_new (&help_sexp, + "(foobar-parms (xp #1234#)(xq #03#))", 0, 1)) + { + fail (" scanning fixed string failed\n"); + return; + } + + string = ("(public-key (dsa (p #41424344#) (parm %S) " + "(y dummy)(q %b) (g %m)))"); + if ( gcry_sexp_build (&sexp, NULL, string, help_sexp, + secure_buffer_len, secure_buffer, + gcry_mpi_set_ui (NULL, 17)) ) + { + fail (" scanning `%s' failed\n", string); + return; + } + gcry_sexp_release (help_sexp); + } + break; + default: return; /* Ready. */ } @@ -416,7 +441,7 @@ int main (int argc, char **argv) { - if (argc > 1 && !strcmp (argv[1], "-v")) + if (argc > 1 && !strcmp (argv[1], "--verbose")) verbose = 1; gcry_control (GCRYCTL_DISABLE_SECMEM_WARN); From cvs at cvs.gnupg.org Tue Nov 25 22:09:55 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Tue, 25 Nov 2008 22:09:55 +0100 Subject: [svn] gcry - r1360 - in trunk: . cipher doc src tests Message-ID: Author: wk Date: 2008-11-25 22:09:55 +0100 (Tue, 25 Nov 2008) New Revision: 1360 Modified: trunk/NEWS trunk/cipher/ChangeLog trunk/cipher/dsa.c trunk/cipher/primegen.c trunk/cipher/rsa.c trunk/doc/gcrypt.texi trunk/src/g10lib.h trunk/tests/pubkey.c Log: Implement FIPS 186-2 key generation. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/cipher/ChangeLog 2008-11-25 21:09:55 UTC (rev 1360) @@ -1,3 +1,10 @@ +2008-11-25 Werner Koch + + * dsa.c (generate_fips186): New. + (dsa_generate_ext): Use new function if derive-parms are given or + if in FIPS mode. + * primegen.c (_gcry_generate_fips186_2_prime): New. + 2008-11-24 Werner Koch * pubkey.c (gcry_pk_genkey): Insert code to output extrainfo. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/NEWS 2008-11-25 21:09:55 UTC (rev 1360) @@ -8,7 +8,10 @@ * Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes. + * In fips mode, RSA keys are now generated using the X9.31 algorithm + and DSA keys using the FIPS 186-2 algorithm. + Noteworthy changes in version 1.4.3 (2008-09-18) ------------------------------------------------ Modified: trunk/cipher/dsa.c =================================================================== --- trunk/cipher/dsa.c 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/cipher/dsa.c 2008-11-25 21:09:55 UTC (rev 1360) @@ -325,11 +325,11 @@ if( DBG_CIPHER ) { progress('\n'); - log_mpidump("dsa p= ", p ); - log_mpidump("dsa q= ", q ); - log_mpidump("dsa g= ", g ); - log_mpidump("dsa y= ", y ); - log_mpidump("dsa x= ", x ); + log_mpidump("dsa p", p ); + log_mpidump("dsa q", q ); + log_mpidump("dsa g", g ); + log_mpidump("dsa y", y ); + log_mpidump("dsa x", x ); } /* Copy the stuff to the key structures. */ @@ -354,7 +354,147 @@ } +/* Generate a DSA key pair with a key of size NBITS using the + algorithm given in FIPS-186. At the time of implementation FIPS + 186-3 was not released; the Draft from November 2008 was used + instead to avoid limiting ourself to FIPS 186-2. */ +static gpg_err_code_t +generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, + int *r_counter, void **r_seed, size_t *r_seedlen, + gcry_mpi_t *r_h) +{ + gpg_err_code_t ec; + gcry_mpi_t prime_q = NULL; + gcry_mpi_t prime_p = NULL; + gcry_mpi_t value_g = NULL; /* The generator. */ + gcry_mpi_t value_y = NULL; /* g^x mod p */ + gcry_mpi_t value_x = NULL; /* The secret exponent. */ + gcry_mpi_t value_h = NULL; /* Helper. */ + gcry_mpi_t value_e = NULL; /* Helper. */ + /* Preset return values. */ + *r_counter = 0; + *r_seed = NULL; + *r_seedlen = 0; + *r_h = NULL; + + /* Derive QBITS from NBITS if requested */ + if (!qbits) + { + if (nbits == 1024) + qbits = 160; + else if (nbits == 2048) + qbits = 224; + else if (nbits == 3072) + qbits = 256; + } + + /* Check that QBITS and NBITS match the standard. Note that FIPS + 186-3 uses N for QBITS and L for NBITS. */ + if (nbits == 1024 && qbits == 160) + ; + else if (nbits == 2048 && qbits == 224) + ; + else if (nbits == 2048 && qbits == 256) + ; + else if (nbits == 2048 && qbits == 256) + ; + else + return GPG_ERR_INV_VALUE; + + /* Note that we currently do not yet support 186-3 for prime + generation becuase it is not clear whether CAVS is prepared for + it. */ + ec = _gcry_generate_fips186_2_prime (nbits, qbits, NULL, 0, + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen); + if (ec) + goto leave; + + /* Find a generator g (h and e are helpers). + e = (p-1)/q */ + value_e = mpi_alloc_like (prime_p); + mpi_sub_ui (value_e, prime_p, 1); + mpi_fdiv_q (value_e, value_e, prime_q ); + value_g = mpi_alloc_like (prime_p); + value_h = mpi_alloc_set_ui (1); + do + { + mpi_add_ui (value_h, value_h, 1); + /* g = h^e mod p */ + mpi_powm (value_g, value_h, value_e, prime_p); + } + while (!mpi_cmp_ui (value_g, 1)); /* Continue until g != 1. */ + + /* Select a random number x with: 0 < x < q */ + value_x = gcry_mpi_snew (qbits); + do + { + if( DBG_CIPHER ) + progress('.'); + gcry_mpi_randomize (value_x, qbits, GCRY_VERY_STRONG_RANDOM); + mpi_clear_highbit (value_x, qbits+1); + } + while (!(mpi_cmp_ui (value_x, 0) > 0 && mpi_cmp (value_x, prime_q) < 0)); + + /* y = g^x mod p */ + value_y = mpi_alloc_like (prime_p); + gcry_mpi_powm (value_y, value_g, value_x, prime_p); + + if (DBG_CIPHER) + { + progress('\n'); + log_mpidump("dsa p", prime_p ); + log_mpidump("dsa q", prime_q ); + log_mpidump("dsa g", value_g ); + log_mpidump("dsa y", value_y ); + log_mpidump("dsa x", value_x ); + log_mpidump("dsa h", value_h ); + } + + /* Copy the stuff to the key structures. */ + sk->p = prime_p; prime_p = NULL; + sk->q = prime_q; prime_q = NULL; + sk->g = value_g; value_g = NULL; + sk->y = value_y; value_y = NULL; + sk->x = value_x; value_x = NULL; + *r_h = value_h; value_h = NULL; + + leave: + gcry_mpi_release (prime_p); + gcry_mpi_release (prime_q); + gcry_mpi_release (value_g); + gcry_mpi_release (value_y); + gcry_mpi_release (value_x); + gcry_mpi_release (value_h); + gcry_mpi_release (value_e); + + /* As a last step test this keys (this should never fail of course). */ + if (!ec && test_keys (sk, qbits) ) + { + gcry_mpi_release (sk->p); sk->p = NULL; + gcry_mpi_release (sk->q); sk->q = NULL; + gcry_mpi_release (sk->g); sk->g = NULL; + gcry_mpi_release (sk->y); sk->y = NULL; + gcry_mpi_release (sk->x); sk->x = NULL; + fips_signal_error ("self-test after key generation failed"); + ec = GPG_ERR_SELFTEST_FAILED; + } + + if (ec) + { + *r_counter = 0; + gcry_free (*r_seed); *r_seed = NULL; + *r_seedlen = 0; + gcry_mpi_release (*r_h); *r_h = NULL; + } + + return ec; +} + + + /* Test whether the secret key is valid. Returns: if this is a valid key. @@ -468,13 +608,17 @@ DSA_secret_key sk; gcry_sexp_t l1; unsigned int qbits = 0; + gcry_sexp_t deriveparms = NULL; + gcry_sexp_t seedinfo = NULL; + int use_fips186 = 0; + (void)algo; /* No need to check it. */ (void)evalue; /* Not required for DSA. */ - /* Parse the optional qbits element. */ if (genparms) { + /* Parse the optional qbits element. */ l1 = gcry_sexp_find_token (genparms, "qbits", 0); if (l1) { @@ -493,9 +637,50 @@ qbits = (unsigned int)strtoul (buf, NULL, 0); gcry_sexp_release (l1); } + + deriveparms = gcry_sexp_find_token (genparms, "derive-parms", 0); + + /* Parse the optional "use-fips186" flag. */ + l1 = gcry_sexp_find_token (genparms, "use-fips186", 0); + if (l1) + { + use_fips186 = 1; + gcry_sexp_release (l1); + } } - ec = generate (&sk, nbits, qbits, retfactors); + if (deriveparms || use_fips186 || fips_mode ()) + { + int counter; + void *seed; + size_t seedlen; + gcry_mpi_t h_value; + + ec = generate_fips186 (&sk, nbits, qbits, + &counter, &seed, &seedlen, &h_value); + gcry_sexp_release (deriveparms); + if (!ec) + { + ec = gpg_err_code (gcry_sexp_build + (&seedinfo, NULL, + "(seed-values(counter %d)(seed %b)(h %m))", + counter, (int)seedlen, seed, h_value)); + if (ec) + { + gcry_mpi_release (sk.p); sk.p = NULL; + gcry_mpi_release (sk.q); sk.q = NULL; + gcry_mpi_release (sk.g); sk.g = NULL; + gcry_mpi_release (sk.y); sk.y = NULL; + gcry_mpi_release (sk.x); sk.x = NULL; + } + gcry_free (seed); + gcry_mpi_release (h_value); + } + } + else + { + ec = generate (&sk, nbits, qbits, retfactors); + } if (!ec) { skey[0] = sk.p; @@ -509,9 +694,9 @@ /* Old style interface - return the factors - if any - at retfactors. */ } - else if (r_extrainfo && !*retfactors) + else if (!*retfactors && !seedinfo) { - /* No factors, thus there is nothing to return. */ + /* No factors and no seedinfo, thus there is nothing to return. */ *r_extrainfo = NULL; } else @@ -520,36 +705,46 @@ to make use of the new interface. Note that the factors are not confidential thus we can store them in standard memory. */ - int nfactors, i; + int nfactors, i, j; char *p; char *format = NULL; void **arg_list = NULL; - for (nfactors=0; (*retfactors)[nfactors]; nfactors++) + for (nfactors=0; *retfactors && (*retfactors)[nfactors]; nfactors++) ; /* Allocate space for the format string: - "(misc-key-info(pm1-factors%m))" - with one "%m" for each factor and build the string */ - format = gcry_malloc (40 + 2*nfactors); + "(misc-key-info%S(pm1-factors%m))" + with one "%m" for each factor and construct it. */ + format = gcry_malloc (50 + 2*nfactors); if (!format) ec = gpg_err_code_from_syserror (); else { - p = stpcpy (format, "(misc-key-info(pm1-factors"); - for (i=0; i < nfactors; i++) - p = stpcpy (p, "%m"); - p = stpcpy (p, "))"); + p = stpcpy (format, "(misc-key-info"); + if (seedinfo) + p = stpcpy (p, "%S"); + if (nfactors) + { + p = stpcpy (p, "(pm1-factors"); + for (i=0; i < nfactors; i++) + p = stpcpy (p, "%m"); + p = stpcpy (p, ")"); + } + p = stpcpy (p, ")"); - /* Allocate space for the argument list plus an extra - NULL entry for safety and fill it with the - factors. */ - arg_list = gcry_calloc (nfactors+1, sizeof *arg_list); + /* Allocate space for the list of factors plus one for + an S-expression plus an extra NULL entry for safety + and fill it with the factors. */ + arg_list = gcry_calloc (nfactors+1+1, sizeof *arg_list); if (!arg_list) ec = gpg_err_code_from_syserror (); else { - for (i=0; i < nfactors; i++) - arg_list[i] = (*retfactors) + i; + i = 0; + if (seedinfo) + arg_list[i++] = &seedinfo; + for (j=0; j < nfactors; j++) + arg_list[i++] = (*retfactors) + j; arg_list[i] = NULL; ec = gpg_err_code (gcry_sexp_build_array @@ -576,6 +771,7 @@ } } + gcry_sexp_release (seedinfo); return ec; } Modified: trunk/cipher/primegen.c =================================================================== --- trunk/cipher/primegen.c 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/cipher/primegen.c 2008-11-25 21:09:55 UTC (rev 1360) @@ -1274,7 +1274,8 @@ } -/* Helper for _gcry_generate_x931_prime. */ + +/* Helper for _gcry_derive_x931_prime. */ static gcry_mpi_t find_x931_prime (const gcry_mpi_t pfirst) { @@ -1411,3 +1412,207 @@ mpi_free (p2); return yp0; } + + + +/* Generate the two prime used for DSA using the algorithm specified + in FIPS 186-2. PBITS is the desired length of the prime P and a + QBIST the length of the prime Q. If SEED is not supplied and + SEEDLEN is 0 the function generates an appropriate SEED. On + success the generated primes are stored at R_Q and R_P, the counter + value is stored at R_COUNTER and the seed actually used for + generation is stored at R_SEED and R_SEEDVALUE. */ +gpg_err_code_t +_gcry_generate_fips186_2_prime (unsigned int pbits, unsigned int qbits, + const void *seed, size_t seedlen, + gcry_mpi_t *r_q, gcry_mpi_t *r_p, + int *r_counter, + void **r_seed, size_t *r_seedlen) +{ + gpg_err_code_t ec; + unsigned char seed_help_buffer[160/8]; /* Used to hold a generated SEED. */ + unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */ + unsigned char digest[160/8]; /* Helper buffer for SHA-1 digest. */ + gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */ + gcry_mpi_t tmpval = NULL; /* Helper variable. */ + int i; + + unsigned char value_u[160/8]; + int value_n, value_b, value_k; + int counter; + gcry_mpi_t value_w = NULL; + gcry_mpi_t value_x = NULL; + gcry_mpi_t prime_q = NULL; + gcry_mpi_t prime_p = NULL; + + /* FIPS 186-2 allows only for 1024/160 bit. */ + if (pbits != 1024 || qbits != 160) + return GPG_ERR_INV_KEYLEN; + + if (!seed && !seedlen) + ; /* No seed value given: We are asked to generate it. */ + else if (!seed || seedlen < qbits/8) + return GPG_ERR_INV_ARG; + + /* Allocate a buffer to later compute SEED+some_increment. */ + seed_plus = gcry_malloc (seedlen < 20? 20:seedlen); + if (!seed_plus) + { + ec = gpg_err_code_from_syserror (); + goto leave; + } + + val_2 = mpi_alloc_set_ui (2); + value_n = (pbits - 1) / qbits; + value_b = (pbits - 1) - value_n * qbits; + value_w = gcry_mpi_new (pbits); + value_x = gcry_mpi_new (pbits); + + restart: + /* Generate Q. */ + for (;;) + { + /* Step 1: Generate a (new) seed unless one has been supplied. */ + if (!seed) + { + seedlen = sizeof seed_help_buffer; + gcry_create_nonce (seed_help_buffer, seedlen); + seed = seed_help_buffer; + } + + /* Step 2: U = sha1(seed) ^ sha1((seed+1) mod 2^{qbits}) */ + memcpy (seed_plus, seed, seedlen); + for (i=seedlen-1; i >= 0; i--) + { + seed_plus[i]++; + if (seed_plus[i]) + break; + } + gcry_md_hash_buffer (GCRY_MD_SHA1, value_u, seed, seedlen); + gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + for (i=0; i < sizeof value_u; i++) + value_u[i] ^= digest[i]; + + /* Step 3: Form q from U */ + gcry_mpi_release (prime_q); prime_q = NULL; + ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, + value_u, sizeof value_u, NULL)); + if (ec) + goto leave; + mpi_set_highbit (prime_q, qbits-1 ); + mpi_set_bit (prime_q, 0); + + /* Step 4: Test whether Q is prime using 64 round of Rabin-Miller. */ + if (check_prime (prime_q, val_2, 64, NULL, NULL)) + break; /* Yes, Q is prime. */ + + /* Step 5. */ + seed = NULL; /* Force a new seed at Step 1. */ + } + + /* Step 6. Note that we do no use an explicit offset but increment + SEED_PLUS accordingly. SEED_PLUS is currently SEED+1. */ + counter = 0; + + /* Generate P. */ + prime_p = gcry_mpi_new (pbits); + for (;;) + { + /* Step 7: For k = 0,...n let + V_k = sha1(seed+offset+k) mod 2^{qbits} + Step 8: W = V_0 + V_1*2^160 + + ... + + V_{n-1}*2^{(n-1)*160} + + (V_{n} mod 2^b)*2^{n*160} + */ + mpi_set_ui (value_w, 0); + for (value_k=0; value_k <= value_n; value_k++) + { + /* There is no need to have an explicit offset variable: In + the first round we shall have an offset of 2, this is + achieved by using SEED_PLUS which is already at SEED+1, + thus we just need to increment it once again. The + requirement for the next round is to update offset by N, + which we implictly did at the end of this loop, and then + to add one; this one is the same as in the first round. */ + for (i=seedlen-1; i >= 0; i--) + { + seed_plus[i]++; + if (seed_plus[i]) + break; + } + gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + + gcry_mpi_release (tmpval); tmpval = NULL; + ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, + digest, sizeof digest, NULL)); + if (ec) + goto leave; + if (value_k == value_n) + mpi_clear_highbit (tmpval, value_b+1); /* (V_n mod 2^b) */ + mpi_lshift (tmpval, tmpval, value_k*qbits); + mpi_add (value_w, value_w, tmpval); + } + + /* Step 8 continued: X = W + 2^{L-1} */ + mpi_set_ui (value_x, 0); + mpi_set_highbit (value_x, pbits-1); + mpi_add (value_x, value_x, value_w); + + /* Step 9: c = X mod 2q, p = X - (c - 1) */ + mpi_mul_2exp (tmpval, prime_q, 1); + mpi_mod (tmpval, value_x, tmpval); + mpi_sub_ui (tmpval, tmpval, 1); + mpi_sub (prime_p, value_x, tmpval); + + /* Step 10: If p < 2^{L-1} skip the primality test. */ + /* Step 11 and 12: Primality test. */ + if (mpi_get_nbits (prime_p) >= pbits-1 + && check_prime (prime_p, val_2, 64, NULL, NULL) ) + break; /* Yes, P is prime, continue with Step 15. */ + + /* Step 13: counter = counter + 1, offset = offset + n + 1. */ + counter++; + + /* Step 14: If counter >= 2^12 goto Step 1. */ + if (counter >= 4096) + goto restart; + } + + /* Step 15: Save p, q, counter and seed. */ +/* log_debug ("fips186-2 nbits p=%u q=%u counter=%d\n", */ +/* mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); */ +/* log_printhex("fips186-2 seed:", seed, seedlen); */ +/* log_mpidump ("fips186-2 prime p", prime_p); */ +/* log_mpidump ("fips186-2 prime q", prime_q); */ + if (r_q) + { + *r_q = prime_q; + prime_q = NULL; + } + if (r_p) + { + *r_p = prime_p; + prime_p = NULL; + } + if (r_counter) + *r_counter = counter; + if (r_seed && r_seedlen) + { + memcpy (seed_plus, seed, seedlen); + *r_seed = seed_plus; + seed_plus = NULL; + *r_seedlen = seedlen; + } + + + leave: + gcry_mpi_release (tmpval); + gcry_mpi_release (value_x); + gcry_mpi_release (value_w); + gcry_mpi_release (prime_p); + gcry_mpi_release (prime_q); + gcry_free (seed_plus); + gcry_mpi_release (val_2); + return ec; +} Modified: trunk/cipher/rsa.c =================================================================== --- trunk/cipher/rsa.c 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/cipher/rsa.c 2008-11-25 21:09:55 UTC (rev 1360) @@ -793,7 +793,7 @@ gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL); if (!deriveparms) { - /* Parse the optional "rsa-use-x931" flag. */ + /* Parse the optional "use-x931" flag. */ l1 = gcry_sexp_find_token (genparms, "use-x931", 0); if (l1) { Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/doc/gcrypt.texi 2008-11-25 21:09:55 UTC (rev 1360) @@ -2755,10 +2755,18 @@ @item use-x931 Force the use of the ANSI X9.31 key generation algorithm instead of the default algorithm. This flag is only meaningful for RSA and -usullat not required. Note that this algorithm is implicitly used if -either @code{derive-parms} are given or Libgcrypt is in FIPS mode. +usually not required. Note that this algorithm is implicitly used if +either @code{derive-parms} is given or Libgcrypt is in FIPS mode. + at item use-fips186 +Force the use of the FIPS 186-2 key generation algorithm instead of +the default algorithm. This flag is only meaningful for DSA and +usually not required. Note that this algorithm is implicitly used if +either @code{derive-parms} is given or Libgcrypt is in FIPS mode. +This implementation may be changed in future to use the forthcoming +FIPS 186-3 algorithm. + @end table @c end table of parameters Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/src/g10lib.h 2008-11-25 21:09:55 UTC (rev 1360) @@ -179,6 +179,12 @@ const gcry_mpi_t xp1, const gcry_mpi_t xp2, const gcry_mpi_t e, gcry_mpi_t *r_p1, gcry_mpi_t *r_p2); +gpg_err_code_t _gcry_generate_fips186_2_prime + (unsigned int pbits, unsigned int qbits, + const void *seed, size_t seedlen, + gcry_mpi_t *r_q, gcry_mpi_t *r_p, + int *r_counter, + void **r_seed, size_t *r_seedlen); /* replacements of missing functions (missing-string.c)*/ Modified: trunk/tests/pubkey.c =================================================================== --- trunk/tests/pubkey.c 2008-11-25 11:05:14 UTC (rev 1359) +++ trunk/tests/pubkey.c 2008-11-25 21:09:55 UTC (rev 1360) @@ -364,7 +364,7 @@ rc = gcry_pk_genkey (&key, key_spec); gcry_sexp_release (key_spec); if (rc) - die ("error generating Elgamal key: %s\n", gcry_strerror (rc)); + die ("error generating DSA key: %s\n", gcry_strerror (rc)); if (verbose > 1) show_sexp ("generated DSA key:\n", key); @@ -384,6 +384,37 @@ static void +get_dsa_key_fips186_new (gcry_sexp_t *pkey, gcry_sexp_t *skey) +{ + gcry_sexp_t key_spec, key, pub_key, sec_key; + int rc; + + rc = gcry_sexp_new + (&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1); + if (rc) + die ("error creating S-expression: %s\n", gcry_strerror (rc)); + rc = gcry_pk_genkey (&key, key_spec); + gcry_sexp_release (key_spec); + if (rc) + die ("error generating DSA key: %s\n", gcry_strerror (rc)); + + if (verbose > 1) + show_sexp ("generated DSA key (fips 186):\n", key); + + pub_key = gcry_sexp_find_token (key, "public-key", 0); + if (!pub_key) + die ("public part missing in key\n"); + + sec_key = gcry_sexp_find_token (key, "private-key", 0); + if (!sec_key) + die ("private part missing in key\n"); + + gcry_sexp_release (key); + *pkey = pub_key; + *skey = sec_key; +} + +static void check_run (void) { gpg_error_t err; @@ -440,6 +471,13 @@ /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); + + if (verbose) + fprintf (stderr, "Generating DSA key (FIPS 186).\n"); + get_dsa_key_fips186_new (&pkey, &skey); + /* Fixme: Add a check function for DSA keys. */ + gcry_sexp_release (pkey); + gcry_sexp_release (skey); } @@ -684,7 +722,7 @@ for (i=0; i < 2; i++) check_run (); - for (i=0; i < 4; i++) + for (i=0; i < 4; i++) check_x931_derived_key (i); return 0; From cvs at cvs.gnupg.org Wed Nov 26 12:59:14 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 12:59:14 +0100 Subject: [svn] gcry - r1361 - in trunk: cipher doc src Message-ID: Author: wk Date: 2008-11-26 12:59:14 +0100 (Wed, 26 Nov 2008) New Revision: 1361 Modified: trunk/cipher/ChangeLog trunk/cipher/dsa.c trunk/cipher/primegen.c trunk/doc/gcrypt.texi trunk/src/g10lib.h Log: Prepare for FIPS186-3. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-25 21:09:55 UTC (rev 1360) +++ trunk/cipher/ChangeLog 2008-11-26 11:59:14 UTC (rev 1361) @@ -1,3 +1,9 @@ +2008-11-26 Werner Koch + + * primegen.c (_gcry_generate_fips186_3_prime): New. + * dsa.c (generate_fips186): Add arg USE_FIPS186_2. + (dsa_generate_ext): Parse new flag use-fips183-2. + 2008-11-25 Werner Koch * dsa.c (generate_fips186): New. Modified: trunk/cipher/dsa.c =================================================================== --- trunk/cipher/dsa.c 2008-11-25 21:09:55 UTC (rev 1360) +++ trunk/cipher/dsa.c 2008-11-26 11:59:14 UTC (rev 1361) @@ -355,11 +355,12 @@ /* Generate a DSA key pair with a key of size NBITS using the - algorithm given in FIPS-186. At the time of implementation FIPS - 186-3 was not released; the Draft from November 2008 was used - instead to avoid limiting ourself to FIPS 186-2. */ + algorithm given in FIPS-186-3. If USE_FIPS186_2 is true, + FIPS-186-2 is used and thus the length is restricted to + 1024/160. */ static gpg_err_code_t generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, + int use_fips186_2, int *r_counter, void **r_seed, size_t *r_seedlen, gcry_mpi_t *r_h) { @@ -397,18 +398,23 @@ ; else if (nbits == 2048 && qbits == 256) ; - else if (nbits == 2048 && qbits == 256) + else if (nbits == 3072 && qbits == 256) ; else return GPG_ERR_INV_VALUE; - /* Note that we currently do not yet support 186-3 for prime - generation becuase it is not clear whether CAVS is prepared for - it. */ - ec = _gcry_generate_fips186_2_prime (nbits, qbits, NULL, 0, - &prime_q, &prime_p, - r_counter, - r_seed, r_seedlen); + /* Fixme: Enable 186-3 after it has been approved and after fixing + the generation fucntion. */ +/* if (use_fips186_2) */ + ec = _gcry_generate_fips186_2_prime (nbits, qbits, NULL, 0, + &prime_q, &prime_p, + r_counter, + r_seed, r_seedlen); +/* else */ +/* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */ +/* &prime_q, &prime_p, */ +/* r_counter, */ +/* r_seed, r_seedlen, NULL); */ if (ec) goto leave; @@ -610,6 +616,7 @@ unsigned int qbits = 0; gcry_sexp_t deriveparms = NULL; gcry_sexp_t seedinfo = NULL; + int use_fips186_2 = 0; int use_fips186 = 0; @@ -640,23 +647,29 @@ deriveparms = gcry_sexp_find_token (genparms, "derive-parms", 0); - /* Parse the optional "use-fips186" flag. */ + /* Parse the optional "use-fips186" flags. */ l1 = gcry_sexp_find_token (genparms, "use-fips186", 0); if (l1) { use_fips186 = 1; gcry_sexp_release (l1); } + l1 = gcry_sexp_find_token (genparms, "use-fips186-2", 0); + if (l1) + { + use_fips186_2 = 1; + gcry_sexp_release (l1); + } } - if (deriveparms || use_fips186 || fips_mode ()) + if (deriveparms || use_fips186 || use_fips186_2 || fips_mode ()) { int counter; void *seed; size_t seedlen; gcry_mpi_t h_value; - ec = generate_fips186 (&sk, nbits, qbits, + ec = generate_fips186 (&sk, nbits, qbits, use_fips186_2, &counter, &seed, &seedlen, &h_value); gcry_sexp_release (deriveparms); if (!ec) Modified: trunk/cipher/primegen.c =================================================================== --- trunk/cipher/primegen.c 2008-11-25 21:09:55 UTC (rev 1360) +++ trunk/cipher/primegen.c 2008-11-26 11:59:14 UTC (rev 1361) @@ -1417,7 +1417,7 @@ /* Generate the two prime used for DSA using the algorithm specified in FIPS 186-2. PBITS is the desired length of the prime P and a - QBIST the length of the prime Q. If SEED is not supplied and + QBITS the length of the prime Q. If SEED is not supplied and SEEDLEN is 0 the function generates an appropriate SEED. On success the generated primes are stored at R_Q and R_P, the counter value is stored at R_COUNTER and the seed actually used for @@ -1580,7 +1580,7 @@ } /* Step 15: Save p, q, counter and seed. */ -/* log_debug ("fips186-2 nbits p=%u q=%u counter=%d\n", */ +/* log_debug ("fips186-2 pbits p=%u q=%u counter=%d\n", */ /* mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); */ /* log_printhex("fips186-2 seed:", seed, seedlen); */ /* log_mpidump ("fips186-2 prime p", prime_p); */ @@ -1616,3 +1616,247 @@ gcry_mpi_release (val_2); return ec; } + + + +/* WARNING: The code below has not yet been tested! However, it is + not yet used. We need to wait for FIPS 186-3 final and for test + vectors. + + Generate the two prime used for DSA using the algorithm specified + in FIPS 186-3, A.1.1.2. PBITS is the desired length of the prime P + and a QBITS the length of the prime Q. If SEED is not supplied and + SEEDLEN is 0 the function generates an appropriate SEED. On + success the generated primes are stored at R_Q and R_P, the counter + value is stored at R_COUNTER and the seed actually used for + generation is stored at R_SEED and R_SEEDVALUE. The hash algorithm + used is stored at R_HASHALGO. + + Note that this function is very similar to the fips186_2 code. Due + to the minor differences, other buffer sizes and for documentarion, + we use a separate function. +*/ +gpg_err_code_t +_gcry_generate_fips186_3_prime (unsigned int pbits, unsigned int qbits, + const void *seed, size_t seedlen, + gcry_mpi_t *r_q, gcry_mpi_t *r_p, + int *r_counter, + void **r_seed, size_t *r_seedlen, + int *r_hashalgo) +{ + gpg_err_code_t ec; + unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */ + unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */ + unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */ + gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */ + gcry_mpi_t tmpval = NULL; /* Helper variable. */ + int hashalgo; /* The id of the Approved Hash Function. */ + int i; + + unsigned char value_u[256/8]; + int value_n, value_b, value_j; + int counter; + gcry_mpi_t value_w = NULL; + gcry_mpi_t value_x = NULL; + gcry_mpi_t prime_q = NULL; + gcry_mpi_t prime_p = NULL; + + gcry_assert (sizeof seed_help_buffer == sizeof digest + && sizeof seed_help_buffer == sizeof value_u); + + /* Step 1: Check the requested prime lengths. */ + /* Note that due to the size of our buffers QBITS is limited to 256. */ + if (pbits == 1024 && qbits == 160) + hashalgo = GCRY_MD_SHA1; + else if (pbits == 2048 && qbits == 224) + hashalgo = GCRY_MD_SHA224; + else if (pbits == 2048 && qbits == 256) + hashalgo = GCRY_MD_SHA256; + else if (pbits == 3072 && qbits == 256) + hashalgo = GCRY_MD_SHA256; + else + return GPG_ERR_INV_KEYLEN; + + /* Also check that the hash algorithm is available. */ + ec = gpg_err_code (gcry_md_test_algo (hashalgo)); + if (ec) + return ec; + gcry_assert (qbits/8 <= sizeof digest); + gcry_assert (gcry_md_get_algo_dlen (hashalgo) == qbits/8); + + + /* Step 2: Check seedlen. */ + if (!seed && !seedlen) + ; /* No seed value given: We are asked to generate it. */ + else if (!seed || seedlen < qbits/8) + return GPG_ERR_INV_ARG; + + /* Allocate a buffer to later compute SEED+some_increment and a few + helper variables. */ + seed_plus = gcry_malloc (seedlen < sizeof seed_help_buffer? + sizeof seed_help_buffer : seedlen); + if (!seed_plus) + { + ec = gpg_err_code_from_syserror (); + goto leave; + } + val_2 = mpi_alloc_set_ui (2); + value_w = gcry_mpi_new (pbits); + value_x = gcry_mpi_new (pbits); + + /* Step 3: n = \lceil L / outlen \rceil - 1 */ + value_n = (pbits + qbits - 1) / qbits - 1; + /* Step 4: b = L - 1 - (n * outlen) */ + value_b = pbits - 1 - (value_n * qbits); + + restart: + /* Generate Q. */ + for (;;) + { + /* Step 5: Generate a (new) seed unless one has been supplied. */ + if (!seed) + { + seedlen = qbits/8; + gcry_assert (seedlen <= sizeof seed_help_buffer); + gcry_create_nonce (seed_help_buffer, seedlen); + seed = seed_help_buffer; + } + + /* Step 6: U = hash(seed) */ + gcry_md_hash_buffer (hashalgo, value_u, seed, seedlen); + + /* Step 7: q = 2^{N-1} + U + 1 - (U mod 2) */ + if ( !(value_u[qbits/8-1] & 0x01) ) + { + for (i=qbits/8-1; i >= 0; i--) + { + value_u[i]++; + if (value_u[i]) + break; + } + } + gcry_mpi_release (prime_q); prime_q = NULL; + ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG, + value_u, sizeof value_u, NULL)); + if (ec) + goto leave; + mpi_set_highbit (prime_q, qbits-1 ); + + /* Step 8: Test whether Q is prime using 64 round of Rabin-Miller. + According to table C.1 this is sufficient for all + supported prime sizes (i.e. up 3072/256). */ + if (check_prime (prime_q, val_2, 64, NULL, NULL)) + break; /* Yes, Q is prime. */ + + /* Step 8. */ + seed = NULL; /* Force a new seed at Step 5. */ + } + + /* Step 11. Note that we do no use an explicit offset but increment + SEED_PLUS accordingly. */ + memcpy (seed_plus, seed, seedlen); + counter = 0; + + /* Generate P. */ + prime_p = gcry_mpi_new (pbits); + for (;;) + { + /* Step 11.1: For j = 0,...n let + V_j = hash(seed+offset+j) + Step 11.2: W = V_0 + V_1*2^outlen + + ... + + V_{n-1}*2^{(n-1)*outlen} + + (V_{n} mod 2^b)*2^{n*outlen} + */ + mpi_set_ui (value_w, 0); + for (value_j=0; value_j <= value_n; value_j++) + { + /* There is no need to have an explicit offset variable: In + the first round we shall have an offset of 1 and a j of + 0. This is achieved by incrementing SEED_PLUS here. For + the next round offset is implicitly updated by using + SEED_PLUS again. */ + for (i=seedlen-1; i >= 0; i--) + { + seed_plus[i]++; + if (seed_plus[i]) + break; + } + gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen); + + gcry_mpi_release (tmpval); tmpval = NULL; + ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG, + digest, sizeof digest, NULL)); + if (ec) + goto leave; + if (value_j == value_n) + mpi_clear_highbit (tmpval, value_b+1); /* (V_n mod 2^b) */ + mpi_lshift (tmpval, tmpval, value_j*qbits); + mpi_add (value_w, value_w, tmpval); + } + + /* Step 11.3: X = W + 2^{L-1} */ + mpi_set_ui (value_x, 0); + mpi_set_highbit (value_x, pbits-1); + mpi_add (value_x, value_x, value_w); + + /* Step 11.4: c = X mod 2q */ + mpi_mul_2exp (tmpval, prime_q, 1); + mpi_mod (tmpval, value_x, tmpval); + + /* Step 11.5: p = X - (c - 1) */ + mpi_sub_ui (tmpval, tmpval, 1); + mpi_sub (prime_p, value_x, tmpval); + + /* Step 11.6: If p < 2^{L-1} skip the primality test. */ + /* Step 11.7 and 11.8: Primality test. */ + if (mpi_get_nbits (prime_p) >= pbits-1 + && check_prime (prime_p, val_2, 64, NULL, NULL) ) + break; /* Yes, P is prime, continue with Step 15. */ + + /* Step 11.9: counter = counter + 1, offset = offset + n + 1. + If counter >= 4L goto Step 5. */ + counter++; + if (counter >= 4*pbits) + goto restart; + } + + /* Step 12: Save p, q, counter and seed. */ + log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n", + mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); + log_printhex("fips186-3 seed:", seed, seedlen); + log_mpidump ("fips186-3 prime p", prime_p); + log_mpidump ("fips186-3 prime q", prime_q); + if (r_q) + { + *r_q = prime_q; + prime_q = NULL; + } + if (r_p) + { + *r_p = prime_p; + prime_p = NULL; + } + if (r_counter) + *r_counter = counter; + if (r_seed && r_seedlen) + { + memcpy (seed_plus, seed, seedlen); + *r_seed = seed_plus; + seed_plus = NULL; + *r_seedlen = seedlen; + } + if (r_hashalgo) + *r_hashalgo = hashalgo; + + leave: + gcry_mpi_release (tmpval); + gcry_mpi_release (value_x); + gcry_mpi_release (value_w); + gcry_mpi_release (prime_p); + gcry_mpi_release (prime_q); + gcry_free (seed_plus); + gcry_mpi_release (val_2); + return ec; +} + Modified: trunk/doc/gcrypt.texi =================================================================== --- trunk/doc/gcrypt.texi 2008-11-25 21:09:55 UTC (rev 1360) +++ trunk/doc/gcrypt.texi 2008-11-26 11:59:14 UTC (rev 1361) @@ -2759,12 +2759,19 @@ either @code{derive-parms} is given or Libgcrypt is in FIPS mode. @item use-fips186 +Force the use of the FIPS 186 key generation algorithm instead of the +default algorithm. This flag is only meaningful for DSA and usually +not required. Note that this algorithm is implicitly used if either + at code{derive-parms} is given or Libgcrypt is in FIPS mode. As of now +FIPS 186-2 is implemented; after the approval of FIPS 186-3 the code +will be changed to implement 186-3. + + + at item use-fips186-2 Force the use of the FIPS 186-2 key generation algorithm instead of -the default algorithm. This flag is only meaningful for DSA and -usually not required. Note that this algorithm is implicitly used if -either @code{derive-parms} is given or Libgcrypt is in FIPS mode. -This implementation may be changed in future to use the forthcoming -FIPS 186-3 algorithm. +the default algorithm. This algorithm has a slighlty different from +FIPS 186-3 and allws only 1024 bit keys. This flag is only meaningful +for DSA and only required for FIPS testing backward compatibility. @end table Modified: trunk/src/g10lib.h =================================================================== --- trunk/src/g10lib.h 2008-11-25 21:09:55 UTC (rev 1360) +++ trunk/src/g10lib.h 2008-11-26 11:59:14 UTC (rev 1361) @@ -185,9 +185,15 @@ gcry_mpi_t *r_q, gcry_mpi_t *r_p, int *r_counter, void **r_seed, size_t *r_seedlen); +gpg_err_code_t _gcry_generate_fips186_3_prime + (unsigned int pbits, unsigned int qbits, + const void *seed, size_t seedlen, + gcry_mpi_t *r_q, gcry_mpi_t *r_p, + int *r_counter, + void **r_seed, size_t *r_seedlen, int *r_hashalgo); -/* replacements of missing functions (missing-string.c)*/ +/* Replacements of missing functions (missing-string.c). */ #ifndef HAVE_STPCPY char *stpcpy (char *a, const char *b); #endif @@ -195,7 +201,7 @@ int strcasecmp (const char *a, const char *b) _GCRY_GCC_ATTR_PURE; #endif -/* macros used to rename missing functions */ +/* Macros used to rename missing functions. */ #ifndef HAVE_STRTOUL #define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c))) #endif From cvs at cvs.gnupg.org Wed Nov 26 15:19:49 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 15:19:49 +0100 Subject: [svn] gpg-error - r210 - trunk Message-ID: Author: wk Date: 2008-11-26 15:19:48 +0100 (Wed, 26 Nov 2008) New Revision: 210 Modified: trunk/ChangeLog trunk/NEWS trunk/configure.ac Log: Preparing a release. Modified: trunk/ChangeLog =================================================================== --- trunk/ChangeLog 2008-11-12 14:31:53 UTC (rev 209) +++ trunk/ChangeLog 2008-11-26 14:19:48 UTC (rev 210) @@ -1,3 +1,9 @@ +2008-11-26 Werner Koch + + Release 1.7. + + * configure.ac: Set LT version to C5/A5/R0. + 2008-11-12 Werner Koch * src/err-codes.h.in: Add GPG_ERR_NO_PASSPHRASE and GPG_ERR_NO_PIN. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-12 14:31:53 UTC (rev 209) +++ trunk/NEWS 2008-11-26 14:19:48 UTC (rev 210) @@ -1,6 +1,7 @@ -Noteworthy changes in version 1.7 +Noteworthy changes in version 1.7 (2008-11-26) ---------------------------------------------- + * Minor fixes and a few new error codes. * Interface changes relative to the 1.6 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-11-12 14:31:53 UTC (rev 209) +++ trunk/configure.ac 2008-11-26 14:19:48 UTC (rev 210) @@ -26,10 +26,10 @@ # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. m4_define([my_version], [1.7]) -m4_define([my_issvn], [yes]) +m4_define([my_issvn], [no]) -m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ - || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) +m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ + | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) AC_INIT([libgpg-error], [my_version[]m4_if(my_issvn,[yes],[-svn[]svn_revision])], [bug-gnupg at gnupg.org]) @@ -39,8 +39,8 @@ # (Interfaces added: AGE++) # (Interfaces removed: AGE=0) # Note that added error codes don't constitute an interface change. -LIBGPG_ERROR_LT_CURRENT=4 -LIBGPG_ERROR_LT_AGE=4 +LIBGPG_ERROR_LT_CURRENT=5 +LIBGPG_ERROR_LT_AGE=5 LIBGPG_ERROR_LT_REVISION=0 AC_SUBST(LIBGPG_ERROR_LT_CURRENT) AC_SUBST(LIBGPG_ERROR_LT_AGE) From cvs at cvs.gnupg.org Wed Nov 26 15:34:30 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 15:34:30 +0100 Subject: [svn] gpg-error - r211 - tags Message-ID: Author: wk Date: 2008-11-26 15:34:30 +0100 (Wed, 26 Nov 2008) New Revision: 211 Added: tags/libgpg-error-1.7/ Log: Release tag. From cvs at cvs.gnupg.org Wed Nov 26 15:41:24 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 15:41:24 +0100 Subject: [svn] GpgOL - r288 - in trunk: . po src Message-ID: Author: wk Date: 2008-11-26 15:41:24 +0100 (Wed, 26 Nov 2008) New Revision: 288 Modified: trunk/configure.ac trunk/po/de.po trunk/src/ChangeLog trunk/src/common.h trunk/src/config-dialog.c trunk/src/dialogs.h trunk/src/dialogs.rc trunk/src/ext-commands.cpp trunk/src/olflange-dlgs.cpp trunk/src/olflange.cpp Log: Minor GUI fixes. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/ChangeLog 2008-11-26 14:41:24 UTC (rev 288) @@ -1,3 +1,17 @@ +2008-11-26 Werner Koch + + * config-dialog.c (start_key_manager): Remove. + * ext-commands.cpp (DoCommand): Do not use start_key_manager as a + fallback. + + * olflange.cpp (GpgolExt): Show new version warning only once. + + * dialogs.rc: Do not display the logo. Move version info around. + * dialogs.h (IDC_G10CODE_STRING): New. + * olflange-dlgs.cpp (GPGOptionsDlgProc): Active product page by a + click on IDC_G10CODE_STRING. + (set_labels): Remove the build date from the Version field. + 2008-11-14 Werner Koch * dialogs.rc: Remove preview-decrypt check button. Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/configure.ac 2008-11-26 14:41:24 UTC (rev 288) @@ -16,8 +16,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [0.10.17]) -m4_define([my_issvn], [no]) +m4_define([my_version], [0.10.18]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \ || echo 'Revision: 0')|sed -n '/^Revision:/ {s/[^0-9]//gp;q;}')])) Modified: trunk/po/de.po [not shown] Modified: trunk/src/common.h =================================================================== --- trunk/src/common.h 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/common.h 2008-11-26 14:41:24 UTC (rev 288) @@ -229,7 +229,6 @@ /*-- config-dialog.c --*/ void config_dialog_box (HWND parent); -int start_key_manager (void); int store_extension_value (const char *key, const char *val); int load_extension_value (const char *key, char **val); Modified: trunk/src/config-dialog.c =================================================================== --- trunk/src/config-dialog.c 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/config-dialog.c 2008-11-26 14:41:24 UTC (rev 288) @@ -192,84 +192,7 @@ } -/* Start the key manager specified by the registry entry 'keyManager'. */ -int -start_key_manager (void) -{ - PROCESS_INFORMATION pi; - STARTUPINFO si; - char *p; - char *keyman = NULL; - - if (load_config_value (NULL, REGPATH, "keyManager", &keyman)) - { - /* In case we did not found a registry entry we try to locate - the keymanager in the same directory as the gpgme backend. */ - gpgme_engine_info_t info; - if (gpgme_get_engine_info (&info)) - { - log_debug ("%s:%s: get_engine_info failed\n", SRCNAME, __func__); - return -1; - } - - while (info && info->protocol != GPGME_PROTOCOL_OpenPGP) - info = info->next; - if (info && info->file_name && *info->file_name) - { - keyman = xmalloc (strlen (info->file_name) + 50); - strcpy (keyman, info->file_name); - for (p=keyman; *p; p++) - if (*p == '/') - *p = '\\'; - p = strrchr (keyman, '\\'); - if (!p) - { - xfree (keyman); - return -1; - } - strcpy (p+1, "winpt.exe"); - if (!access (keyman, F_OK)) - strcat (keyman, " --keymanager"); - else - { - log_debug ("%s:%s: accessing `%s' failed\n", - SRCNAME, __func__, keyman ); - strcpy (p+1, "gpa.exe"); - if (!access (keyman, F_OK)) - strcat (keyman, " --keyring"); - else - { - log_debug ("%s:%s: accessing `%s' failed\n", - SRCNAME, __func__, keyman ); - xfree (keyman); - return -1; - } - } - } - } - - /* Create startup info for the keymanager process. */ - memset (&si, 0, sizeof (si)); - si.cb = sizeof (STARTUPINFO); - si.dwFlags = STARTF_USESHOWWINDOW; - si.wShowWindow = SW_SHOW; - - log_debug ("%s:%s: running `%s' ...\n", - SRCNAME, __func__, keyman ); - if (CreateProcess (NULL, keyman, - NULL, NULL, TRUE, CREATE_DEFAULT_ERROR_MODE, - NULL, NULL, &si, &pi) == TRUE) - { - CloseHandle (pi.hProcess); - CloseHandle (pi.hThread); - } - - xfree (keyman); - return 0; -} - - /* Store a key in the registry with the key given by @key and the value @value. */ int Modified: trunk/src/dialogs.h =================================================================== --- trunk/src/dialogs.h 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/dialogs.h 2008-11-26 14:41:24 UTC (rev 288) @@ -41,6 +41,7 @@ #define IDC_G_RECV 4025 #define IDC_BODY_AS_ATTACHMENT 4026 #define IDC_GPG_CONF 4027 +#define IDC_G10CODE_STRING 4028 /* Ids for the extended options dialog. */ Modified: trunk/src/dialogs.rc =================================================================== --- trunk/src/dialogs.rc 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/dialogs.rc 2008-11-26 14:41:24 UTC (rev 288) @@ -88,15 +88,16 @@ "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 24, 125, 215, 10 - /* Stuff below the group boxes. */ - LTEXT "GpgOL by g10 Code GmbH", IDC_STATIC, - 8, 197, 100, 8 + /* Stuff at the lower left corner. */ + LTEXT "GpgOL by g10 Code GmbH", IDC_G10CODE_STRING, + 8, 229, 100, 8 LTEXT "Version x ", IDC_VERSION_INFO, - 130, 197, 129, 9 + 8, 240, 100, 9 - CONTROL IDB_BANNER, IDC_BITMAP, - "Static", SS_BITMAP | SS_REALSIZEIMAGE, - 8, 212, 150, 64 + /* No more logo due to problems with the background colour. */ +/* CONTROL IDB_BANNER, IDC_BITMAP, */ +/* "Static", SS_BITMAP | SS_REALSIZEIMAGE, */ +/* 8, 212, 150, 64 */ PUSHBUTTON "advanced", IDC_GPG_OPTIONS, 130, 240, 50, 14 Modified: trunk/src/ext-commands.cpp =================================================================== --- trunk/src/ext-commands.cpp 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/ext-commands.cpp 2008-11-26 14:41:24 UTC (rev 288) @@ -769,9 +769,8 @@ { log_debug ("%s:%s: command KeyManager called\n", SRCNAME, __func__); if (engine_start_keymanager (hwnd)) - if (start_key_manager ()) - MessageBox (NULL, _("Could not start certificate manager"), - _("GpgOL"), MB_ICONERROR|MB_OK); + MessageBox (NULL, _("Could not start certificate manager"), + _("GpgOL"), MB_ICONERROR|MB_OK); } else if (nCommandID == m_nCmdRevertFolder && m_lContext == EECONTEXT_VIEWER) @@ -1039,6 +1038,8 @@ ULONG flags) { toolbar_info_t tb_info; + size_t n; + (void)description_size; (void)flags; @@ -1066,7 +1067,10 @@ pTBB->dwData = 0; pTBB->iString = -1; - lstrcpyn (description, tb_info->desc, strlen (tb_info->desc)); + n = strlen (tb_info->desc); + if (n > description_size) + n = description_size; + lstrcpyn (description, tb_info->desc, n); if (tb_info->cmd_id == m_nCmdEncrypt) { Modified: trunk/src/olflange-dlgs.cpp =================================================================== --- trunk/src/olflange-dlgs.cpp 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/olflange-dlgs.cpp 2008-11-26 14:41:24 UTC (rev 288) @@ -57,7 +57,7 @@ { IDC_GPG_OPTIONS, "Debug..."}, { IDC_GPG_CONF, N_("Crypto Engine")}, - { IDC_VERSION_INFO, "Version "VERSION " ("__DATE__")"}, + { IDC_VERSION_INFO, "Version "VERSION}, { 0, NULL} }; int i; @@ -102,7 +102,7 @@ HWND bitmap; GetWindowRect (hDlg, &rect_dlg); - bitmap = GetDlgItem (hDlg, IDC_BITMAP); + bitmap = GetDlgItem (hDlg, IDC_G10CODE_STRING); if (bitmap) GetWindowRect (bitmap, &rect_banner); @@ -237,8 +237,9 @@ opt.body_as_attachment = !!SendDlgItemMessage (hDlg, IDC_BODY_AS_ATTACHMENT, BM_GETCHECK, 0, 0L); - /* Now that the user has confirmed the options dialog, we - mark the Registry with revision of this build. */ + /* Make sure that no new-version-installed warning will pop + up on the next start. Not really needed as the warning + dialog set this too, but it doesn't harm to do it again. */ opt.svn_revision = SVN_REVISION; write_options (); Modified: trunk/src/olflange.cpp =================================================================== --- trunk/src/olflange.cpp 2008-11-14 09:05:44 UTC (rev 287) +++ trunk/src/olflange.cpp 2008-11-26 14:41:24 UTC (rev 288) @@ -431,7 +431,8 @@ log_debug ("%s:%s: first time initialization done\n", SRCNAME, __func__); if ( SVN_REVISION > opt.svn_revision ) - MessageBox (NULL, + { + MessageBox (NULL, _("You have installed a new version of GpgOL.\n" "\n" "Please open the option dialog and confirm that" @@ -439,6 +440,10 @@ " dialog can be found in the main menu at:" " Extras->Options->GpgOL.\n"), "GpgOL", MB_ICONINFORMATION|MB_OK); + /* Show this warning only once. */ + opt.svn_revision = SVN_REVISION; + write_options (); + } if ( SVN_REVISION > opt.forms_revision ) install_forms (); } From cvs at cvs.gnupg.org Wed Nov 26 15:42:42 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 15:42:42 +0100 Subject: [svn] gpg-error - r212 - trunk Message-ID: Author: wk Date: 2008-11-26 15:42:42 +0100 (Wed, 26 Nov 2008) New Revision: 212 Modified: trunk/NEWS trunk/configure.ac Log: Post release updates. Modified: trunk/NEWS =================================================================== --- trunk/NEWS 2008-11-26 14:34:30 UTC (rev 211) +++ trunk/NEWS 2008-11-26 14:42:42 UTC (rev 212) @@ -1,3 +1,10 @@ +Noteworthy changes in version 1.8 +---------------------------------------------- + + * Interface changes relative to the 1.7 release: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + Noteworthy changes in version 1.7 (2008-11-26) ---------------------------------------------- Modified: trunk/configure.ac =================================================================== --- trunk/configure.ac 2008-11-26 14:34:30 UTC (rev 211) +++ trunk/configure.ac 2008-11-26 14:42:42 UTC (rev 212) @@ -25,8 +25,8 @@ # Remember to change the version number immediately *after* a release. # Set my_issvn to "yes" for non-released code. Remember to run an # "svn up" and "autogen.sh" right before creating a distribution. -m4_define([my_version], [1.7]) -m4_define([my_issvn], [no]) +m4_define([my_version], [1.8]) +m4_define([my_issvn], [yes]) m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \ | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)])) From cvs at cvs.gnupg.org Wed Nov 26 16:19:43 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 16:19:43 +0100 Subject: [svn] GpgOL - r289 - trunk/po Message-ID: Author: wk Date: 2008-11-26 16:19:42 +0100 (Wed, 26 Nov 2008) New Revision: 289 Modified: trunk/po/de.po Log: String change Modified: trunk/po/de.po [not shown] From cvs at cvs.gnupg.org Wed Nov 26 17:09:46 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Wed, 26 Nov 2008 17:09:46 +0100 Subject: [svn] GpgOL - r290 - trunk/src Message-ID: Author: wk Date: 2008-11-26 17:09:46 +0100 (Wed, 26 Nov 2008) New Revision: 290 Modified: trunk/src/ChangeLog trunk/src/ext-commands.cpp Log: Status icon fix. Modified: trunk/src/ChangeLog =================================================================== --- trunk/src/ChangeLog 2008-11-26 15:19:42 UTC (rev 289) +++ trunk/src/ChangeLog 2008-11-26 16:09:46 UTC (rev 290) @@ -1,5 +1,8 @@ 2008-11-26 Werner Koch + * ext-commands.cpp (InstallCommands): Don't show status icon for + non-gpgol messages. + * config-dialog.c (start_key_manager): Remove. * ext-commands.cpp (DoCommand): Do not use start_key_manager as a fallback. Modified: trunk/src/ext-commands.cpp =================================================================== --- trunk/src/ext-commands.cpp 2008-11-26 15:19:42 UTC (rev 289) +++ trunk/src/ext-commands.cpp 2008-11-26 16:09:46 UTC (rev 290) @@ -502,6 +502,8 @@ if (m_lContext == EECONTEXT_READNOTEMESSAGE) { int is_encrypted = 0; + int not_a_gpgol_message = 0; + LPMDB mdb = NULL; LPMESSAGE message = NULL; @@ -519,6 +521,11 @@ if ( mapi_test_sig_status (message) ) is_encrypted++; break; + case MSGTYPE_GPGOL: + case MSGTYPE_SMIME: + case MSGTYPE_UNKNOWN: + not_a_gpgol_message = 1; + break; default: break; } @@ -541,7 +548,7 @@ &m_nCmdDebug3, NULL); - if (!opt.disable_gpgol) + if (!opt.disable_gpgol && !not_a_gpgol_message) add_toolbar (pTBEArray, nTBECnt, is_encrypted == 2 ? _("This is a signed and encrypted message.\n" From cvs at cvs.gnupg.org Fri Nov 28 11:32:13 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 28 Nov 2008 11:32:13 +0100 Subject: [svn] gpgme - r1348 - trunk/doc Message-ID: Author: wk Date: 2008-11-28 11:32:12 +0100 (Fri, 28 Nov 2008) New Revision: 1348 Modified: trunk/doc/ChangeLog trunk/doc/gpgme.texi Log: Fix doc bug. Modified: trunk/doc/ChangeLog =================================================================== --- trunk/doc/ChangeLog 2008-11-23 18:09:57 UTC (rev 1347) +++ trunk/doc/ChangeLog 2008-11-28 10:32:12 UTC (rev 1348) @@ -1,3 +1,8 @@ +2008-11-28 Werner Koch + + * gpgme.texi (Listing Keys): Change description of the return + value to match the code. Spotted by Colin Leroy. + 2008-10-15 Werner Koch * uiserver.texi (Miscellaneous UI Server Commands): Add option Modified: trunk/doc/gpgme.texi =================================================================== --- trunk/doc/gpgme.texi 2008-11-23 18:09:57 UTC (rev 1347) +++ trunk/doc/gpgme.texi 2008-11-28 10:32:12 UTC (rev 1348) @@ -2837,7 +2837,7 @@ will have one reference for the user. If the key is not found in the keyring, @code{gpgme_get_key} returns -the error code @code{GPG_ERR_NO_ERROR} and *@var{r_key} will be set to +the error code @code{GPG_ERR_EOF} and *@var{r_key} will be set to @code{NULL}. The function returns the error code @code{GPG_ERR_INV_VALUE} if From cvs at cvs.gnupg.org Fri Nov 28 20:10:16 2008 From: cvs at cvs.gnupg.org (svn author wk) Date: Fri, 28 Nov 2008 20:10:16 +0100 Subject: [svn] gcry - r1362 - in trunk: cipher tests Message-ID: Author: wk Date: 2008-11-28 20:10:15 +0100 (Fri, 28 Nov 2008) New Revision: 1362 Added: trunk/tests/fips186-dsa.c Modified: trunk/cipher/ChangeLog trunk/cipher/dsa.c trunk/cipher/primegen.c trunk/tests/ChangeLog trunk/tests/Makefile.am trunk/tests/cavs_driver.pl trunk/tests/fipsdrv.c Log: Fixed the fips 186 dsa key generation. Allow apssing of a seed value. Add a new regression test. Updated the cavs driver. Modified: trunk/cipher/ChangeLog =================================================================== --- trunk/cipher/ChangeLog 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/cipher/ChangeLog 2008-11-28 19:10:15 UTC (rev 1362) @@ -1,3 +1,10 @@ +2008-11-28 Werner Koch + + * dsa.c (generate_fips186): Add arg DERIVEPARMS and use the seed + value if available. + + * primegen.c (_gcry_generate_fips186_2_prime): Fix inner p loop. + 2008-11-26 Werner Koch * primegen.c (_gcry_generate_fips186_3_prime): New. Modified: trunk/tests/ChangeLog =================================================================== --- trunk/tests/ChangeLog 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/tests/ChangeLog 2008-11-28 19:10:15 UTC (rev 1362) @@ -1,3 +1,11 @@ +2008-11-28 Werner Koch + + * fips186-dsa.c: New. + + * fipsdrv.c (print_mpi_line, print_data_line): New. + (run_dsa_pqg_gen): New. + (usage): Add mode dsa-pqg-gen. + 2008-11-25 Werner Koch * pubkey.c (get_dsa_key_new): New. Modified: trunk/cipher/dsa.c =================================================================== --- trunk/cipher/dsa.c 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/cipher/dsa.c 2008-11-28 19:10:15 UTC (rev 1362) @@ -356,15 +356,20 @@ /* Generate a DSA key pair with a key of size NBITS using the algorithm given in FIPS-186-3. If USE_FIPS186_2 is true, - FIPS-186-2 is used and thus the length is restricted to - 1024/160. */ + FIPS-186-2 is used and thus the length is restricted to 1024/160. + If DERIVEPARMS are not NULL the may contain a seed value. */ static gpg_err_code_t generate_fips186 (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits, - int use_fips186_2, + gcry_sexp_t deriveparms, int use_fips186_2, int *r_counter, void **r_seed, size_t *r_seedlen, gcry_mpi_t *r_h) { gpg_err_code_t ec; + struct { + gcry_sexp_t sexp; + const void *seed; + size_t seedlen; + } initial_seed = { NULL, NULL, 0 }; gcry_mpi_t prime_q = NULL; gcry_mpi_t prime_p = NULL; gcry_mpi_t value_g = NULL; /* The generator. */ @@ -403,10 +408,22 @@ else return GPG_ERR_INV_VALUE; + /* Get an initial seed value. */ + if (deriveparms) + { + initial_seed.sexp = gcry_sexp_find_token (deriveparms, "seed", 0); + if (initial_seed.sexp) + initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1, + &initial_seed.seedlen); + } + /* Fixme: Enable 186-3 after it has been approved and after fixing - the generation fucntion. */ + the generation function. */ /* if (use_fips186_2) */ - ec = _gcry_generate_fips186_2_prime (nbits, qbits, NULL, 0, + (void)use_fips186_2; + ec = _gcry_generate_fips186_2_prime (nbits, qbits, + initial_seed.seed, + initial_seed.seedlen, &prime_q, &prime_p, r_counter, r_seed, r_seedlen); @@ -415,6 +432,7 @@ /* &prime_q, &prime_p, */ /* r_counter, */ /* r_seed, r_seedlen, NULL); */ + gcry_sexp_release (initial_seed.sexp); if (ec) goto leave; @@ -669,7 +687,7 @@ size_t seedlen; gcry_mpi_t h_value; - ec = generate_fips186 (&sk, nbits, qbits, use_fips186_2, + ec = generate_fips186 (&sk, nbits, qbits, deriveparms, use_fips186_2, &counter, &seed, &seedlen, &h_value); gcry_sexp_release (deriveparms); if (!ec) Modified: trunk/cipher/primegen.c =================================================================== --- trunk/cipher/primegen.c 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/cipher/primegen.c 2008-11-28 19:10:15 UTC (rev 1362) @@ -1549,7 +1549,7 @@ if (ec) goto leave; if (value_k == value_n) - mpi_clear_highbit (tmpval, value_b+1); /* (V_n mod 2^b) */ + mpi_clear_highbit (tmpval, value_b); /* (V_n mod 2^b) */ mpi_lshift (tmpval, tmpval, value_k*qbits); mpi_add (value_w, value_w, tmpval); } @@ -1570,7 +1570,7 @@ if (mpi_get_nbits (prime_p) >= pbits-1 && check_prime (prime_p, val_2, 64, NULL, NULL) ) break; /* Yes, P is prime, continue with Step 15. */ - + /* Step 13: counter = counter + 1, offset = offset + n + 1. */ counter++; @@ -1582,7 +1582,7 @@ /* Step 15: Save p, q, counter and seed. */ /* log_debug ("fips186-2 pbits p=%u q=%u counter=%d\n", */ /* mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter); */ -/* log_printhex("fips186-2 seed:", seed, seedlen); */ +/* log_printhex("fips186-2 seed:", seed, seedlen); */ /* log_mpidump ("fips186-2 prime p", prime_p); */ /* log_mpidump ("fips186-2 prime q", prime_q); */ if (r_q) @@ -1790,7 +1790,7 @@ if (ec) goto leave; if (value_j == value_n) - mpi_clear_highbit (tmpval, value_b+1); /* (V_n mod 2^b) */ + mpi_clear_highbit (tmpval, value_b); /* (V_n mod 2^b) */ mpi_lshift (tmpval, tmpval, value_j*qbits); mpi_add (value_w, value_w, tmpval); } Modified: trunk/tests/Makefile.am =================================================================== --- trunk/tests/Makefile.am 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/tests/Makefile.am 2008-11-28 19:10:15 UTC (rev 1362) @@ -19,7 +19,7 @@ ## Process this file with automake to produce Makefile.in TESTS = version t-mpi-bit prime register ac ac-schemes ac-data basic \ - mpitests tsexp keygen pubkey hmac keygrip + mpitests tsexp keygen pubkey hmac keygrip fips186-dsa # random.c uses fork() thus a test for W32 does not make any sense. Modified: trunk/tests/cavs_driver.pl =================================================================== --- trunk/tests/cavs_driver.pl 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/tests/cavs_driver.pl 2008-11-28 19:10:15 UTC (rev 1362) @@ -1,6 +1,6 @@ #!/usr/bin/env perl # -# $Id: cavs_driver.pl 1383 2008-10-30 11:45:31Z smueller $ +# $Id: cavs_driver.pl 1395 2008-11-10 15:18:03Z smueller $ # # CAVS test driver (based on the OpenSSL driver) # Written by: Stephan M?ller @@ -89,6 +89,11 @@ # ANSI931_AES128MCT # ANSI931_AES128VST # +# DSA +# PQGGen +# SigGen +# SigVer +# # RC4 (atsec developed tests) # RC4KeyBD # RC4MCT @@ -105,7 +110,6 @@ # Contains the command line options my %opt; - ################################################################# ##### Central interface functions to the external ciphers ####### ################################################################# @@ -143,7 +147,7 @@ # $2: hash algo # $3: file holding the public RSA key in PEM format # $4: file holding the signature in binary form -# return: 1 == verfied / 0 == not verified +# return: 1 == verified / 0 == not verified my $rsa_verify; # generate a new private RSA key with the following properties: @@ -171,6 +175,9 @@ # $5: IV in binary form # return: command line to execute the application my $state_cipher; +# the only difference of the DES version is that it implements the inner loop +# of the TDES tests +my $state_cipher_des; # supplying the call to the external cipher implementation # that is being used to keep STDIN and STDOUT open @@ -196,6 +203,40 @@ # return: calculated HMAC in hex format my $hmac; +# +# Generate the P, Q, G, Seed, counter, h (value used to generate g) values +# for DSA +# $1: modulus size +# return: string with the calculated values in hex format, where each value +# is separated from the previous with a \n in the following order: +# P\n +# Q\n +# G\n +# Seed\n +# counter\n +# h +my $dsa_pqggen; + +# Verify a message with DSA +# $1: data to be verified in hex form +# $2: file holding the public DSA key in PEM format +# $3: R value of the signature +# $4: S value of the signature +# return: 1 == verified / 0 == not verified +my $dsa_verify; + +# generate a new DSA key with the following properties: +# PEM format +# $1 keyfile name +# return: file created, hash with keys of P, Q, G in hex format +my $gen_dsakey; + +# Sign a message with DSA +# $1: data to be signed in hex form +# $2: Key file in PEM format with the private key +# return: hash of digest information in hex format with Y, R, S as keys +my $dsa_sign; + ################################################################ ##### OpenSSL interface functions ################################################################ @@ -273,8 +314,6 @@ my $key = shift; my $iv = shift; - #FIXME: Implement the inner loop right here. - my $enc = $encdec ? "-e": "-d"; # We only invoke the driver with the IV parameter, if we have @@ -362,7 +401,28 @@ my $key = shift; my $iv = shift; + # We only invoke the driver with the IV parameter, if we have + # an IV, otherwise, we skip it + $iv = "--iv ".bin2hex($iv) if ($iv); + + my $program="fipsdrv --binary --key ".bin2hex($key)." $iv --algo '$cipher' --chunk '$bufsize' $enc"; + + return $program; +} + +sub libgcrypt_state_cipher_des($$$$$) { + my $cipher = shift; + my $enc = (shift) ? "encrypt": "decrypt"; + my $bufsize = shift; + my $key = shift; + my $iv = shift; + + # We only invoke the driver with the IV parameter, if we have + # an IV, otherwise, we skip it + $iv = "--iv ".bin2hex($iv) if ($iv); + my $program="fipsdrv --algo '$cipher' --mct-server $enc"; + return $program; } @@ -384,6 +444,13 @@ return pipe_through_program($msg, $program); } +sub libgcrypt_dsa_pqggen($) { + my $mod = shift; + + my $program = "fipsdrv --keysize $mod dsa-pqg-gen"; + return pipe_through_program("", $program); +} + ######### End of libgcrypt implementation ################ ################################################################ @@ -532,39 +599,6 @@ } #################################################### -# Encrypt/Decrypt routines - -# encryption -# $1 key in hex form -# $2 iv in hex form -# $3 cipher -# $4 data in hex form -# return encrypted data -sub encrypt($$$$) { - my $key=shift; - my $iv=shift; - my $cipher=shift; - my $data=shift; - - return &$encdec($key, $iv, $cipher, 1, $data); -} - -# decryption -# $1 key in hex form -# $2 iv in hex form -# $3 cipher -# $4 data in hex form -# return encrypted data -sub decrypt($$$$) { - my $key=shift; - my $iv=shift; - my $cipher=shift; - my $data=shift; - - return &$encdec($key, $iv, $cipher, 0, $data); -} - -#################################################### # DER/PEM utility functions # Cf. http://www.columbia.edu/~ariel/ssleay/layman.html @@ -920,10 +954,10 @@ $out .= "IV = $iv\n" if (defined($iv) && $iv ne ""); if ($enc) { $out .= "PLAINTEXT = $pt\n"; - $out .= "CIPHERTEXT = " . encrypt($key1, $iv, $cipher, $pt) . "\n"; + $out .= "CIPHERTEXT = " . &$encdec($key1, $iv, $cipher, 1, $pt) . "\n"; } else { $out .= "CIPHERTEXT = $pt\n"; - $out .= "PLAINTEXT = " . decrypt($key1, $iv, $cipher, $pt) . "\n"; + $out .= "PLAINTEXT = " . &$encdec($key1, $iv, $cipher, 0, $pt) . "\n"; } return $out; @@ -1008,8 +1042,6 @@ my $source_data = hex2bin(shift); my $cipher = shift; my $enc = shift; - my $line; - my $next_source; my $out = ""; @@ -1025,18 +1057,7 @@ my $iloop=1000; if ($ciph =~ /des/) {$oloop=400;$iloop=10000;} - my ($CO, $CI); - my $cipher_imp = &$state_cipher($cipher, $enc, $bufsize, $key1, $iv); - my $pid = open2($CO, $CI, $cipher_imp); - my $len; - for (my $i=0; $i<$oloop; ++$i) { - my $calc_data; - my $old_calc_data; - my $old_old_calc_data; - my $ov; - my $iv_arg; - $out .= "COUNT = $i\n"; if (defined($key2)) { $out .= "$keytype = ". bin2hex($key1). "\n"; @@ -1059,45 +1080,69 @@ } else { $out .= "CIPHERTEXT = ". bin2hex($source_data). "\n"; } + my ($CO, $CI); + my $cipher_imp = &$state_cipher($cipher, $enc, $bufsize, $key1, $iv); + $cipher_imp = &$state_cipher_des($cipher, $enc, $bufsize, $key1, $iv) if($cipher =~ /des/); + my $pid = open2($CO, $CI, $cipher_imp); - # Need to provide a dummy IV in case of ECB mode. - $iv_arg = (defined($iv) && $iv ne "") - ? bin2hex($iv) - : "00"x(length($source_data)); + my $calc_data = $iv; # CT[j] + my $old_calc_data; # CT[j-1] + my $old_old_calc_data; # CT[j-2] + my $next_source; - print $CI "1\n" - .$iloop."\n" - .bin2hex($key1)."\n" - .$iv_arg."\n" - .bin2hex($source_data)."\n\n" or die; - - # fixme: We should skip over empty lines here. + # TDES inner loop implements logic within driver + if ($cipher =~ /des/) { + print $CI "1\n" + .$iloop."\n" + .bin2hex($key1)."\n" + .bin2hex($iv)."\n" + .bin2hex($source_data)."\n\n" or die; + chomp(my $line = <$CO>); + $calc_data = hex2bin($line); + chomp($line = <$CO>); + $old_calc_data = hex2bin($line); + chomp($line = <$CO>); + $old_old_calc_data = hex2bin($line); + chomp($line = <$CO>); + $iv = hex2bin($line); + chomp($line = <$CO>); + $next_source = hex2bin($line); + # Skip over empty line. + $line = <$CO>; + } else { + for (my $j = 0; $j < $iloop; ++$j) { + $old_old_calc_data = $old_calc_data; + $old_calc_data = $calc_data; - chomp($line = <$CO>); #print STDERR " calc=$line\n"; - $calc_data = hex2bin($line); + #print STDERR "source_data=", bin2hex($source_data), "\n"; + syswrite $CI, $source_data or die $!; + my $len = sysread $CO, $calc_data, $bufsize; - chomp($line = <$CO>); #print STDERR " old_calc=$line\n"; - $old_calc_data = hex2bin($line); + #print STDERR "len=$len, bufsize=$bufsize\n"; + die if $len ne $bufsize; + #print STDERR "calc_data=", bin2hex($calc_data), "\n"; - chomp($line = <$CO>); #print STDERR "old_old_calc=$line\n"; - $old_old_calc_data = hex2bin($line); - - chomp($line = <$CO>); #print STDERR " ov=$line\n"; - $ov = hex2bin($line); - - chomp($line = <$CO>); #print STDERR " next source=$line\n"; - $next_source = hex2bin($line); + if ( (!$enc && $ciph =~ /des/) || + $ciph =~ /rc4/ || + $cipher =~ /ecb/ ) { + #TDES in decryption mode, RC4 and ECB mode + #have a special rule + $source_data = $calc_data; + } else { + $source_data = $old_calc_data; + } + } + } + close $CO; + close $CI; + waitpid $pid, 0; - # Skip over empty line. - $line = <$CO>; - - if ($enc) { $out .= "CIPHERTEXT = ". bin2hex($calc_data). "\n\n"; } else { $out .= "PLAINTEXT = ". bin2hex($calc_data). "\n\n"; } - + if ( $ciph =~ /aes/ ) { $key1 ^= substr($old_calc_data . $calc_data, -$keylen); #print STDERR bin2hex($key1)."\n"; @@ -1135,13 +1180,15 @@ die "Test limitation: cipher '$cipher' not supported in Monte Carlo testing"; } - if ($ciph =~ /des/) { - $iv = $ov if (defined($iv) && $iv ne ""); - if ($cipher =~ /des-ede3-ofb/) { + if ($cipher =~ /des-ede3-ofb/) { $source_data = $source_data ^ $next_source; - } else { - $source_data = $next_source; - } + } elsif (!$enc && $cipher =~ /des-ede3-cfb/) { + #TDES decryption CFB has a special rule + $source_data = $next_source; + } elsif (! $enc && $ciph =~ /des/ ) { + #TDES in decryption mode has a special rule + $iv = $old_calc_data; + $source_data = $calc_data; } elsif ( $ciph =~ /rc4/ || $cipher =~ /ecb/ ) { #No resetting of IV as the IV is all zero set initially (i.e. no IV) $source_data = $calc_data; @@ -1149,11 +1196,7 @@ $iv = $calc_data; $source_data = $old_calc_data; } - } - close $CO; - close $CI; - waitpid $pid, 0; return $out; } @@ -1291,6 +1334,96 @@ return $out; } +# DSA PQGGen test +# $1 modulus size +# $2 number of rounds to perform the test +# return: string formatted as expected by CAVS +sub dsa_pqggen_driver($$) { + my $mod = shift; + my $rounds = shift; + + my $out = ""; + for(my $i=0; $i<$rounds; $i++) { + my $ret = &$dsa_pqggen($mod); + my ($P, $Q, $G, $Seed, $c, $H) = split(/\n/, $ret); + die "Return value does not contain all expected values of P, Q, G, Seed, c, H for dsa_pqggen" + if (!defined($P) || !defined($Q) || !defined($G) || + !defined($Seed) || !defined($c) || !defined($H)); + $out .= "P = $P\n"; + $out .= "Q = $Q\n"; + $out .= "G = $G\n"; + $out .= "Seed = $Seed\n"; + $out .= "c = $c\n"; + $out .= "H = $H\n\n"; + } + + return $out; +} + + +# DSA SigGen test +# $1: Message to be signed in hex form +# $2: file name with DSA key in PEM form +# return: string formatted as expected by CAVS +sub dsa_siggen($$) { + my $data = shift; + my $keyfile = shift; + + my $out = ""; + + my %ret = &$dsa_sign($data, $keyfile); + + $out .= "Msg = $data\n"; + $out .= "Y = " . $ret{'Y'} . "\n"; + $out .= "R = " . $ret{'R'} . "\n"; + $out .= "S = " . $ret{'S'} . "\n"; + + return $out; +} + + +# DSA signature verification +# $1 modulus +# $2 P +# $3 Q +# $4 G +# $5 Y - public key +# $6 r +# $7 s +# $8 message to be verified +# return: string formatted as expected by CAVS +sub dsa_sigver($$$$$$$$) { + my $modulus = shift; + my $p = shift; + my $q = shift; + my $g = shift; + my $y = shift; + my $r = shift; + my $s = shift; + my $msg = shift; + + my $out = ""; + + #PQG are already printed - do not print them here + + $out .= "Msg = $msg\n"; + $out .= "Y = $y\n"; + $out .= "R = $r\n"; + $out .= "S = $s\n"; + + # XXX maybe a secure temp file name is better here + # but since it is not run on a security sensitive + # system, I hope that this is fine + my $keyfile = "dsa_sigver.tmp.$$"; + gen_pubdsakey($keyfile, $p, $q, $g, $y); + + $out .= "Result = " . (&$dsa_verify($msg, $keyfile, $r, $s) ? "P\n" : "F\n"); + + unlink($keyfile); + + return $out; +} + ############################################################## # Parser of input file and generator of result file # @@ -1298,12 +1431,16 @@ sub usage() { print STDERR "Usage: -$0 [-R] [-I name] +$0 [-R] [-D] [-I name] -R execution of ARCFOUR instead of OpenSSL -I NAME Use interface style NAME: openssl OpenSSL (default) - libgcrypt Libgcrypt"; + libgcrypt Libgcrypt +-D SigGen and SigVer are executed with DSA + Please note that the DSA CAVS vectors do not allow distinguishing + them from the RSA vectors. As the RSA test is the default, you have + to supply this option to apply the DSA logic"; } # Parser of CAVS test vector file @@ -1316,9 +1453,6 @@ my $out = ""; - # Do I need to generate the key? - my $rsa_keygen = 0; - # this is my cipher/hash type my $cipher = ""; @@ -1344,10 +1478,19 @@ my $e = ""; my $signature = ""; my $rsa_keyfile = ""; + my $dsa_keyfile = ""; my $dt = ""; my $v = ""; my $klen = ""; my $tlen = ""; + my $modulus = ""; + my $capital_n = 0; + my $capital_p = ""; + my $capital_q = ""; + my $capital_g = ""; + my $capital_y = ""; + my $capital_r = ""; + my $capital_s = ""; my $mode = ""; @@ -1378,7 +1521,7 @@ ##### Extract cipher # XXX there may be more - to be added - if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested)/) { + if ($tmpline =~ /^#.*(CBC|ECB|OFB|CFB|SHA-|SigGen|SigVer|RC4VS|ANSI X9\.31|Hash sizes tested|PQGGen)/) { if ($tmpline =~ /CBC/) { $mode="cbc"; } elsif ($tmpline =~ /ECB/) { $mode="ecb"; } elsif ($tmpline =~ /OFB/) { $mode="ofb"; } @@ -1397,10 +1540,6 @@ $cipher="sha1"; #place holder - might be overwritten later } - # RSA Key Generation test - if ($tmpline =~ /SigGen/) { - $rsa_keygen = 1; - } if ($tmpline =~ /^#.*AESVS/) { # AES cipher (part of it) $cipher="aes"; @@ -1431,12 +1570,19 @@ if ($tt == 0) { ##### Identify the test type - if ($tmpline =~ /KeyGen RSA \(X9.31\)/) { - $tt =~ 10; - die "Interface function for RSA KeyGen testing not defined for tested library" - if (!defined($gen_rsakey)); - } - if ($tmpline =~ /Hash sizes tested/) { + if ($tmpline =~ /SigVer/ && $opt{'D'} ) { + $tt = 12; + die "Interface function dsa_verify for dSA verification not defined for tested library" + if (!defined($dsa_verify)); + } elsif ($tmpline =~ /SigGen/ && $opt{'D'}) { + $tt = 11; + die "Interface function dsa_sign or gen_dsakey for DSA sign not defined for tested library" + if (!defined($dsa_sign) || !defined($gen_rsakey)); + } elsif ($tmpline =~ /PQGGen/) { + $tt = 10; + die "Interface function for DSA PQGGen testing not defined for tested library" + if (!defined($dsa_pqggen)); + } elsif ($tmpline =~ /Hash sizes tested/) { $tt = 9; die "Interface function hmac for HMAC testing not defined for tested library" if (!defined($hmac)); @@ -1463,7 +1609,7 @@ } elsif ($tmpline =~ /Monte|MCT|Carlo/) { $tt = 2; die "Interface function state_cipher for Stateful Cipher operation defined for tested library" - if (!defined($state_cipher)); + if (!defined($state_cipher) || !defined($state_cipher_des)); } elsif ($cipher =~ /^sha/) { $tt = 3; die "Interface function hash for Hashing not defined for tested library" @@ -1547,19 +1693,26 @@ $pt=$2; } elsif ($line =~ /^\[mod\s*=\s*(.*)\]$/) { # found in RSA requests - $out .= $line . "\n"; # print it + $modulus = $1; + $out .= $line . "\n\n"; # print it # generate the private key with given bit length now # as we have the required key length in bit - if ($tt == 5) { + if ($tt == 11) { + $dsa_keyfile = "dsa_siggen.tmp.$$"; + my %pqg = &$gen_dsakey($dsa_keyfile); + $out .= "P = " . $pqg{'P'} . "\n"; + $out .= "Q = " . $pqg{'Q'} . "\n"; + $out .= "G = " . $pqg{'G'} . "\n"; + } elsif ( $tt == 5 ) { # XXX maybe a secure temp file name is better here # but since it is not run on a security sensitive # system, I hope that this is fine $rsa_keyfile = "rsa_siggen.tmp.$$"; - &$gen_rsakey($1, $rsa_keyfile); + &$gen_rsakey($modulus, $rsa_keyfile); my $modulus = pipe_through_program("", "openssl rsa -pubout -modulus -in $rsa_keyfile"); $modulus =~ s/Modulus=(.*?)\s(.|\s)*/$1/; - $out .= "\nn = $modulus\n"; - $out .= "\ne = 10001\n" + $out .= "n = $modulus\n"; + $out .= "\ne = 10001\n" } } elsif ($line =~ /^SHAAlg\s*=\s*(.*)/) { #found in RSA requests @@ -1596,6 +1749,44 @@ if ($tlen ne ""); $tlen=$1; } + elsif ($line =~ /^N\s*=\s*(.)/) { #DSA PQGGen + die "N seen twice - check input file" + if ($capital_n); + $capital_n = $1; + } + elsif ($line =~ /^P\s*=\s*(.)/) { #DSA SigVer + die "P seen twice - check input file" + if ($capital_p); + $capital_p = $1; + $out .= $line . "\n"; # print it + } + elsif ($line =~ /^Q\s*=\s*(.)/) { #DSA SigVer + die "Q seen twice - check input file" + if ($capital_q); + $capital_q = $1; + $out .= $line . "\n"; # print it + } + elsif ($line =~ /^G\s*=\s*(.)/) { #DSA SigVer + die "G seen twice - check input file" + if ($capital_g); + $capital_g = $1; + $out .= $line . "\n"; # print it + } + elsif ($line =~ /^Y\s*=\s*(.)/) { #DSA SigVer + die "Y seen twice - check input file" + if ($capital_y); + $capital_y = $1; + } + elsif ($line =~ /^R\s*=\s*(.)/) { #DSA SigVer + die "R seen twice - check input file" + if ($capital_r); + $capital_r = $1; + } + elsif ($line =~ /^S\s*=\s*(.)/) { #DSA SigVer + die "S seen twice - check input file" + if ($capital_s); + $capital_s = $1; + } else { $out .= $line . "\n"; } @@ -1674,6 +1865,48 @@ $pt = ""; } } + elsif ($tt == 10) { + if ($modulus ne "" && $capital_n > 0) { + $out .= dsa_pqggen_driver($modulus, $capital_n); + #$mod is not resetted + $capital_n = 0; + } + } + elsif ($tt == 11) { + if ($pt ne "" && $dsa_keyfile ne "") { + $out .= dsa_siggen($pt, $dsa_keyfile); + $pt = ""; + } + } + elsif ($tt == 12) { + if ($modulus ne "" && + $capital_p ne "" && + $capital_q ne "" && + $capital_g ne "" && + $capital_y ne "" && + $capital_r ne "" && + $capital_s ne "" && + $pt ne "") { + $out .= dsa_sigver($modulus, + $capital_p, + $capital_q, + $capital_g, + $capital_y, + $capital_r, + $capital_s, + $pt); + + # We do not clear the domain values PQG and + # the modulus value as they + # are specified only once in a file + # and we do not need to print them as they + # are already printed above + $capital_y = ""; + $capital_r = ""; + $capital_s = ""; + $pt = ""; + } + } elsif ($tt > 0) { die "Test case $tt not defined"; } @@ -1704,7 +1937,7 @@ usage() unless @ARGV; - getopts("RI:", \%opt) or die "bad option"; + getopts("DRI:", \%opt) or die "bad option"; ##### Set library @@ -1724,8 +1957,10 @@ $gen_rsakey = \&libgcrypt_gen_rsakey; $hash = \&libgcrypt_hash; $state_cipher = \&libgcrypt_state_cipher; + $state_cipher_des = \&libgcrypt_state_cipher_des; $state_rng = \&libgcrypt_state_rng; $hmac = \&libgcrypt_hmac; + $dsa_pqggen = \&libgcrypt_dsa_pqggen; } else { die "Invalid interface option given"; } Added: trunk/tests/fips186-dsa.c =================================================================== --- trunk/tests/fips186-dsa.c (rev 0) +++ trunk/tests/fips186-dsa.c 2008-11-28 19:10:15 UTC (rev 1362) @@ -0,0 +1,460 @@ +/* fips186-dsa.c - FIPS 186 DSA tests + * Copyright (C) 2008 Free Software Foundation, Inc. + * + * This file is part of Libgcrypt. + * + * Libgcrypt is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * Libgcrypt is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this program; if not, see . + */ + +#ifdef HAVE_CONFIG_H +# include +#endif +#include +#include +#include +#include + +#include "../src/gcrypt.h" + +#define my_isascii(c) (!((c) & 0x80)) +#define digitp(p) (*(p) >= '0' && *(p) <= '9') +#define hexdigitp(a) (digitp (a) \ + || (*(a) >= 'A' && *(a) <= 'F') \ + || (*(a) >= 'a' && *(a) <= 'f')) +#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \ + *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10)) +#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1)) +#define DIM(v) (sizeof(v)/sizeof((v)[0])) +#define DIMof(type,member) DIM(((type *)0)->member) + +static int verbose; +static int error_count; + +static void +info (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); +} + +static void +fail (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + error_count++; +} + +static void +die (const char *format, ...) +{ + va_list arg_ptr; + + va_start (arg_ptr, format); + vfprintf (stderr, format, arg_ptr); + va_end (arg_ptr); + exit (1); +} + +static void +show_sexp (const char *prefix, gcry_sexp_t a) +{ + char *buf; + size_t size; + + if (prefix) + fputs (prefix, stderr); + size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); + buf = gcry_xmalloc (size); + + gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size); + fprintf (stderr, "%.*s", (int)size, buf); + gcry_free (buf); +} + +static gcry_mpi_t +mpi_from_string (const char *string) +{ + gpg_error_t err; + gcry_mpi_t a; + + err = gcry_mpi_scan (&a, GCRYMPI_FMT_HEX, string, 0, NULL); + if (err) + die ("error converting string to mpi: %s\n", gpg_strerror (err)); + return a; +} + +/* Convert STRING consisting of hex characters into its binary + representation and return it as an allocated buffer. The valid + length of the buffer is returned at R_LENGTH. The string is + delimited by end of string. The function returns NULL on + error. */ +static void * +data_from_hex (const char *string, size_t *r_length) +{ + const char *s; + unsigned char *buffer; + size_t length; + + buffer = gcry_xmalloc (strlen(string)/2+1); + length = 0; + for (s=string; *s; s +=2 ) + { + if (!hexdigitp (s) || !hexdigitp (s+1)) + die ("error parsing hex string `%s'\n", string); + ((unsigned char*)buffer)[length++] = xtoi_2 (s); + } + *r_length = length; + return buffer; +} + + +static void +extract_cmp_mpi (gcry_sexp_t sexp, const char *name, const char *expected) +{ + gcry_sexp_t l1; + gcry_mpi_t a, b; + + l1 = gcry_sexp_find_token (sexp, name, 0); + a = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG); + b = mpi_from_string (expected); + if (!a) + fail ("parameter \"%s\" missing in key\n", name); + else if ( gcry_mpi_cmp (a, b) ) + fail ("parameter \"%s\" does not match expected value\n", name); + gcry_mpi_release (b); + gcry_mpi_release (a); + gcry_sexp_release (l1); +} + + +static void +extract_cmp_data (gcry_sexp_t sexp, const char *name, const char *expected) +{ + gcry_sexp_t l1; + const void *a; + size_t alen; + void *b; + size_t blen; + + l1 = gcry_sexp_find_token (sexp, name, 0); + a = gcry_sexp_nth_data (l1, 1, &alen); + b = data_from_hex (expected, &blen); + if (!a) + fail ("parameter \"%s\" missing in key\n", name); + else if ( alen != blen || memcmp (a, b, alen) ) + fail ("parameter \"%s\" does not match expected value\n", name); + gcry_free (b); + gcry_sexp_release (l1); +} + +static void +extract_cmp_int (gcry_sexp_t sexp, const char *name, int expected) +{ + gcry_sexp_t l1; + char *a; + + l1 = gcry_sexp_find_token (sexp, name, 0); + a = gcry_sexp_nth_string (l1, 1); + if (!a) + fail ("parameter \"%s\" missing in key\n", name); + else if ( strtoul (a, NULL, 10) != expected ) + fail ("parameter \"%s\" does not match expected value\n", name); + gcry_free (a); + gcry_sexp_release (l1); +} + + +static void +check_dsa_gen_186_2 (void) +{ + static struct { + int nbits; + const char *p, *q, *g; + const char *seed; + int counter; + const char *h; + } tbl[] = { + /* These tests are from FIPS 186-2, B.3.1. */ + { + 1024, + "d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921" + "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7" + "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0" + "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69", + "9c916d121de9a03f71fb21bc2e1c0d116f065a4f", + "8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab" + "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad" + "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e" + "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44", + "0cb1990c1fd3626055d7a0096f8fa99807399871", + 98, + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000002" + }, + { + 1024, + "f5c73304080353357de1b5967597c27d65f70aa2fe9b6aed1d0afc2b499adf22f" + "8e37937096d88548ac36c4a067f8353c7fed73f96f0d688b19b0624aedbae5dbb" + "0ee8835a4c269288c0e1d69479e701ee266bb767af39d748fe7d6afc73fdf44be" + "3eb6e661e599670061203e75fc8b3dbd59e40b54f358d0097013a0f3867f9", + "f8751166cf4f6f3b07c081fd2a9071f23ca1988d", + "1e288a442e02461c418ed67a66d24cacbeb8936fbde62ff995f5fd569dee6be62" + "4e4f0f9f8c8093f5d192ab3b3f9ae3f2665d95d27fb10e382f45cd356e7f4eb7a" + "665db432113ed06478f93b7cf188ec7a1ee97aec8f91ea7bfceaf8b6e7e5a349c" + "4ad3225362ef440c57cbc6e69df15b6699caac85f733555075f04781b2b33", + "34b3520d45d240a8861b82c8b61ffa16e67b5cce", + 622, + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000002", + }, + { + 1024, + "c6c6f4f4eed927fb1c3b0c81010967e530658e6f9698ebe058b4f47b2dc8fcbc7" + "b69296b9e8b6cf55681181fe72492668061b262b0046a0d409902e269b0cb69a4" + "55ed1a086caf41927f5912bf0e0cbc45ee81a4f98bf6146f6168a228aec80e9cc" + "1162d6f6aa412efe82d4f18b95e34ab790daac5bd7aef0b22fa08ba5dbaad", + "d32b29f065c1394a30490b6fcbf812a32a8634ab", + "06f973c879e2e89345d0ac04f9c34ad69b9eff1680f18d1c8f3e1596c2e8fa8e1" + "ecef6830409e9012d4788bef6ec7414d09c981b47c941b77f39dfc49caff5e714" + "c97abe25a7a8b5d1fe88700bb96eff91cca64d53700a28b1146d81bad1212d231" + "80154c95a01f5aeebb553a8365c38a5ebe05539b51734233776ce9aff98b2", + "b6ec750da2f824cb42c5f7e28c81350d97f75125", + 185, + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000002", + }, + { + 1024, + "b827a9dc9221a6ed1bec7b64d61232aacb2812f888b0a0b3a95033d7a22e77d0b" + "ff23bfeed0fb1281b21b8ff7421f0c727d1fb8aa2b843d6885f067e763f83d41f" + "d800ab15a7e2b12f71ec2058ee7bd62cd72c26989b272e519785da57bfa1f974b" + "c652e1a2d6cfb68477de5635fd019b37add656cff0b802558b31b6d2851e5", + "de822c03445b77cec4ad3a6fb0ca39ff97059ddf", + "65a9e2d43a378d7063813104586868cacf2fccd51aec1e0b6af8ba3e66dee6371" + "681254c3fb5e3929d65e3c4bcd20abd4ddc7cf815623e17b9fc92f02b8d44278b" + "848480ffd193104cf5612639511e45bd247708ff6028bd3824f8844c263b46c69" + "1f2076f8cd13c5d0be95f1f2a1a17ab1f7e5bc73500bac27d57b473ba9748", + "cd2221dd73815a75224e9fde7faf52829b81ac7a", + 62, + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000002", + }, + { + 1024, + "898a8d93e295c8ef2ffd46976225a1543640640d155a576fafa0be32136165803" + "ba2eff2782a2be75cc9ec65db6bd3238cca695b3a5a14726a2a314775c377d891" + "354b3de6c89e714a05599ca04132c987f889f72c4fe298ccb31f711c03b07e1d9" + "8d72af590754cf3847398b60cecd55a4611692b308809560a83880404c227", + "c6d786643d2acfc6b8d576863fda8cfbfbd5e03f", + "2fd38b8d21c58e8fb5315a177b8d5dc4c450d574e69348b7b9da367c26e72438d" + "af8372e7f0bee84ef5dcbbc3727194a2228431192f1779be24837f22a0e14d10d" + "5344da1b8b403df9f9b2655095b3d0f67418ed6cd989f35aa4232e4b7001764fb" + "e85d6b2c716980f13272fc4271ac1e234f7e24c023cfc2d2dc0aa1e9af2fb", + "73483e697599871af983a281e3afa22e0ed86b68", + 272, + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000002", + }, + + /* These tests are generated by the OpenSSL FIPS version. */ + { + 1024, + "A404363903FDCE86839BCFD953AAD2DA2B0E70CAED3B5FF5D68F15A1C4BB0A793C" + "A9D58FC956804C5901DE0AF99F345ED1A8617C687864BAC044B7C3C3E732A2B255" + "EC986AA76EA8CB0E0815B3E0E605650AF7D8058EE7E8EBCDEFFDAB8100D3FC1033" + "11BA3AB232EF06BB74BA9A949EC0C7ED324C19B202F4AB725BBB4080C9", + "C643946CEA8748E12D430C48DB038F9165814389", + "59B7E7BA0033CCE8E6837173420FBB382A784D4154A3C166043F5A68CB92945D16" + "892D4CC5585F2D28C780E75A6C20A379E2B58304C1E5FC0D8C15E4E89C4498C8BC" + "B90FB36ED8DC0489B9D0BC09EC4411FB0BFADF25485EEAB6700BE0ACF5C44A6ED7" + "44A015382FF9B8DA7EAA00DEA135FADC59212DBBFFC1537336FA4B7225", + "02708ab36e3f0bfd67ec3b8bd8829d03b84f56bd", + 50, + "02" + }, + { + 1024, + "9C664033DB8B203D826F896D2293C62EF9351D5CFD0F4C0AD7EFDA4DDC7F15987" + "6A3C68CAB2586B44FD1BD4DEF7A17905D88D321DD77C4E1720D848CA21D79F9B3" + "D8F537338E09B44E9F481E8DA3C56569F63146596A050EF8FAEE8ACA32C666450" + "04F675C8806EB4025B0A5ECC39CE89983EA40A183A7CF5208BA958045ABD5", + "AD0D8CBA369AF6CD0D2BAC0B4CFCAF0A1F9BCDF7", + "74D717F7092A2AF725FDD6C2561D1DBE5AEE40203C638BA8B9F49003857873701" + "95A44E515C4E8B344F5CDC7F4A6D38097CD57675E7643AB9700692C69F0A99B0E" + "039FDDDFCA8CEB607BDB4ADF2834DE1690F5823FC8199FB8F6F29E5A583B6786A" + "C14C7E67106C3B30568CBB9383F89287D578159778EB18216799D16D46498", + "6481a12a50384888ee84b61024f7c9c685d6ac96", + 289, + "02" + }, + { + 1024, + + "B0DFB602EB8462B1DC8C2214A52B587D3E6842CCF1C38D0F7C7F967ED30CF6828" + "1E2675B3BAB594755FB1634E66B4C23936F0725A358F8DFF3C307E2601FD66D63" + "5B17270450C50BD2BEC29E0E9A471DF1C15B0191517952268A2763D4BD28B8503" + "B3399686272B76B11227F693D7833105EF70C2289C3194CF4527024B272DF", + "EA649C04911FAB5A41440287A517EF752A40354B", + "88C5A4563ECB949763E0B696CD04B21321360F54C0EE7B23E2CEDC30E9E486162" + "01BFB1619E7C54B653D1F890C50E04B29205F5E3E2F93A13B0751AF25491C5194" + "93C09DDF6B9C173B3846DFB0E7A5C870BBFC78419260C90E20315410691C8326C" + "858D7063E7921F3F601158E912C7EE487FF259202BEEB10F6D9E99190F696", + "5bf9d17bc62fbbf3d569c92bd4505586b2e5ef1a", + 626, + "02" + }, + { + 1024, + "F783C08D7F9463E48BA87893805C4B34B63C85DF7EBDD9EBEE94DB4AF4E4A415C" + "F0F3793AE55096BA1199598798FA8403B28DED7F7C7AFD54FD535861A0150EF4D" + "5871465B13837CCF46BEB0A22F8D38DC7D6AE0E14A3845FD0C027CFA97791B977" + "CE2808BAD9B43CE69390C0F40016056722D82C0D7B1B27413D026A39D7DAD", + "A40D9EE456AED4C8A653FDB47B6629C0B843FE8F", + "DF876263E21F263AE6DA57409BD517DCEADB9216048F066D6B58867F8E59A5EEE" + "700283A946C1455534618979BE6C227673C1B803910262BD93BC94D5089850614" + "F3E29AB64E8C989A7E3E28FE670FFA3EE21DEEEC1AB0B60E1D8E2AA39663BADD7" + "2C9F957D7F3D4F17D9FDAD050EB373A6DEFD09F5DA752EAFE046836E14B67", + "8a9a57706f69f4f566252cdf6d5cbfdf2020150b", + 397, + "02" + }, + { + 1024, + "D40E4F6461E145859CCF60FD57962840BD75FFF12C22F76626F566842252AD068" + "29745F0147056354F6C016CF12762B0E331787925B8128CF5AF81F9B176A51934" + "96D792430FF83C7B79BD595BDA10787B34600787FA552EFE3662F37B99AAD3F3A" + "093732680A01345192A19BECCE6BF5D498E44ED6BED5B0BA72AAD49E8276B", + "D12F1BD0AA78B99247FD9F18EAFEE5C136686EA5", + "468EBD20C99449C1E440E6F8E452C6A6BC7551C555FE5E94996E20CFD4DA3B9CC" + "58499D6CC2374CCF9C392715A537DE10CFCA8A6A37AFBD187CF6B88D26881E5F5" + "7521D9D2C9BBA51E7B87B070BBE73F5C5FE31E752CAF88183516D8503BAAC1159" + "928EF50DEE52D96F396B93FB4138D786464C315401A853E57C9A0F9D25839", + "30b3599944a914a330a3f49d11ec88f555422aef", + 678, + "02" + } + }; + gpg_error_t err; + int tno; + gcry_sexp_t key_spec, key, pub_key, sec_key, seed_values; + gcry_sexp_t l1; + + for (tno = 0; tno < DIM (tbl); tno++) + { + if (verbose) + info ("generating FIPS 186-2 test key %d\n", tno); + + { + void *data; + size_t datalen; + + data = data_from_hex (tbl[tno].seed, &datalen); + err = gcry_sexp_build (&key_spec, NULL, + "(genkey (dsa (nbits %d)(use-fips186-2)" + "(derive-parms(seed %b))))", + tbl[tno].nbits, (int)datalen, data); + gcry_free (data); + } + if (err) + die ("error creating S-expression %d: %s\n", tno, gpg_strerror (err)); + + err = gcry_pk_genkey (&key, key_spec); + gcry_sexp_release (key_spec); + if (err) + { + fail ("error generating key %d: %s\n", tno, gpg_strerror (err)); + continue; + } + + if (verbose > 1) + show_sexp ("generated key:\n", key); + + pub_key = gcry_sexp_find_token (key, "public-key", 0); + if (!pub_key) + fail ("public part missing in key %d\n", tno); + + sec_key = gcry_sexp_find_token (key, "private-key", 0); + if (!sec_key) + fail ("private part missing in key %d\n", tno); + + l1 = gcry_sexp_find_token (key, "misc-key-info", 0); + if (!l1) + fail ("misc_key_info part missing in key %d\n", tno); + seed_values = gcry_sexp_find_token (l1, "seed-values", 0); + if (!seed_values) + fail ("seed-values part missing in key %d\n", tno); + gcry_sexp_release (l1); + + extract_cmp_mpi (sec_key, "p", tbl[tno].p); + extract_cmp_mpi (sec_key, "q", tbl[tno].q); + extract_cmp_mpi (sec_key, "g", tbl[tno].g); + + extract_cmp_data (seed_values, "seed", tbl[tno].seed); + extract_cmp_int (seed_values, "counter", tbl[tno].counter); + extract_cmp_mpi (seed_values, "h", tbl[tno].h); + + gcry_sexp_release (seed_values); + gcry_sexp_release (sec_key); + gcry_sexp_release (pub_key); + gcry_sexp_release (key); + } +} + + + +int +main (int argc, char **argv) +{ + int debug = 0; + + if (argc > 1 && !strcmp (argv[1], "--verbose")) + verbose = 1; + else if (argc > 1 && !strcmp (argv[1], "--debug")) + { + verbose = 2; + debug = 1; + } + + gcry_control (GCRYCTL_DISABLE_SECMEM, 0); + if (!gcry_check_version (GCRYPT_VERSION)) + die ("version mismatch\n"); + gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); + if (debug) + gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0); + /* No valuable keys are create, so we can speed up our RNG. */ + gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); + + + check_dsa_gen_186_2 (); + + + return error_count ? 1 : 0; +} Modified: trunk/tests/fipsdrv.c =================================================================== --- trunk/tests/fipsdrv.c 2008-11-26 11:59:14 UTC (rev 1361) +++ trunk/tests/fipsdrv.c 2008-11-28 19:10:15 UTC (rev 1362) @@ -823,7 +823,54 @@ } +/* Print an MPI on a line. */ +static void +print_mpi_line (gcry_mpi_t a, int no_lz) +{ + unsigned char *buf, *p; + gcry_error_t err; + int writerr = 0; + err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, a); + if (err) + die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err)); + + p = buf; + if (no_lz && p[0] == '0' && p[1] == '0' && p[2]) + p +=2; + + printf ("%s\n", p); + if (ferror (stdout)) + writerr++; + if (!writerr && fflush (stdout) == EOF) + writerr++; + if (writerr) + die ("writing output failed: %s\n", strerror (errno)); + gcry_free (buf); +} + + +/* Print some data on hex format on a line. */ +static void +print_data_line (const void *data, size_t datalen) +{ + const unsigned char *p = data; + int writerr = 0; + + while (data && datalen-- && !ferror (stdout) ) + printf ("%02X", *p++); + putchar ('\n'); + if (ferror (stdout)) + writerr++; + if (!writerr && fflush (stdout) == EOF) + writerr++; + if (writerr) + die ("writing output failed: %s\n", strerror (errno)); +} + + + + static gcry_error_t init_external_rng_test (void **r_context, unsigned int flags, @@ -1487,7 +1534,106 @@ } + +/* Generate DSA donmain parameters for a modulus size of KEYSIZE. The + result is printed to stdout with one parameter per line in hex + format and in this order: p, q, g, seed, counter, h. */ +static void +run_dsa_pqg_gen (int keysize) +{ + gpg_error_t err; + gcry_sexp_t keyspec, key, l1, l2; + gcry_mpi_t mpi; + int idx; + const void *data; + size_t datalen; + char *string; + /* Note that we create a complete key but don't return the x and y + values. */ + err = gcry_sexp_build (&keyspec, NULL, + "(genkey (dsa (nbits %d)(use-fips186-2)))", + keysize); + if (err) + die ("gcry_sexp_build failed for DSA domain parameter generation: %s\n", + gpg_strerror (err)); + + err = gcry_pk_genkey (&key, keyspec); + if (err) + die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err)); + + gcry_sexp_release (keyspec); + + l1 = gcry_sexp_find_token (key, "private-key", 0); + if (!l1) + die ("private key not found in genkey result\n"); + + l2 = gcry_sexp_find_token (l1, "dsa", 0); + if (!l2) + die ("returned private key not formed as expected\n"); + gcry_sexp_release (l1); + l1 = l2; + + /* Extract the parameters from the S-expression and print them to stdout. */ + for (idx=0; "pqg"[idx]; idx++) + { + l2 = gcry_sexp_find_token (l1, "pqg"+idx, 1); + if (!l2) + die ("no %c parameter in returned private key\n", "pqg"[idx]); + mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!mpi) + die ("no value for %c parameter in returned private key\n","pqg"[idx]); + gcry_sexp_release (l2); + print_mpi_line (mpi, 1); + gcry_mpi_release (mpi); + } + gcry_sexp_release (l1); + + /* Extract the seed values. */ + l1 = gcry_sexp_find_token (key, "misc-key-info", 0); + if (!l1) + die ("misc-key-info not found in genkey result\n"); + + l2 = gcry_sexp_find_token (l1, "seed-values", 0); + if (!l2) + die ("no seed-values in returned private key\n"); + gcry_sexp_release (l1); + l1 = l2; + + l2 = gcry_sexp_find_token (l1, "seed", 0); + if (!l2) + die ("no seed value in returned private key\n"); + data = gcry_sexp_nth_data (l2, 1, &datalen); + if (!data) + die ("no seed value in returned private key\n"); + print_data_line (data, datalen); + gcry_sexp_release (l2); + + l2 = gcry_sexp_find_token (l1, "counter", 0); + if (!l2) + die ("no counter value in returned private key\n"); + string = gcry_sexp_nth_string (l2, 1); + if (!string) + die ("no counter value in returned private key\n"); + printf ("%lX\n", strtoul (string, NULL, 10)); + gcry_free (string); + gcry_sexp_release (l2); + + l2 = gcry_sexp_find_token (l1, "h", 0); + if (!l2) + die ("no n value in returned private key\n"); + mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + if (!mpi) + die ("no h value in returned private key\n"); + print_mpi_line (mpi, 1); + gcry_mpi_release (mpi); + gcry_sexp_release (l2); + + gcry_sexp_release (l1); + gcry_sexp_release (key); +} + + static void usage (int show_help) @@ -1502,7 +1648,8 @@ ("Usage: " PGM " [OPTIONS] MODE [FILE]\n" "Run a crypto operation using hex encoded input and output.\n" "MODE:\n" - " encrypt, decrypt, digest, random, hmac-sha, rsa-{gen,sign,verify}\n" + " encrypt, decrypt, digest, random, hmac-sha, rsa-{gen,sign,verify},\n" + " dsa-pqg-gen\n" "OPTIONS:\n" " --verbose Print additional information\n" " --binary Input and output is in binary form\n" @@ -1695,7 +1842,8 @@ if (!chunksize && !mct_server && strcmp (mode_string, "random") - && strcmp (mode_string, "rsa-gen") ) + && strcmp (mode_string, "rsa-gen") + && strcmp (mode_string, "dsa-pqg-gen") ) { data = read_file (input, !binary_input, &datalen); if (!data) @@ -1933,6 +2081,15 @@ signature_string); } + else if (!strcmp (mode_string, "dsa-pqg-gen")) + { + int keysize; + + keysize = keysize_string? atoi (keysize_string) : 0; + if (keysize < 1024 || keysize > 3072) + die ("invalid keysize specified; needs to be 1024 .. 3072\n"); + run_dsa_pqg_gen (keysize); + } else usage (0);