[svn] gcry - r1345 - trunk/cipher
svn author wk
cvs at cvs.gnupg.org
Tue Sep 30 19:58:23 CEST 2008
Author: wk
Date: 2008-09-30 19:58:22 +0200 (Tue, 30 Sep 2008)
New Revision: 1345
Modified:
trunk/cipher/ChangeLog
trunk/cipher/dsa.c
trunk/cipher/pubkey.c
trunk/cipher/rijndael.c
trunk/cipher/rsa.c
Log:
Fix bug #936.
cleaned up internal symbol usage.
Add domain parameter.
Modified: trunk/cipher/ChangeLog
===================================================================
--- trunk/cipher/ChangeLog 2008-09-20 10:00:36 UTC (rev 1344)
+++ trunk/cipher/ChangeLog 2008-09-30 17:58:22 UTC (rev 1345)
@@ -1,3 +1,29 @@
+2008-09-30 Werner Koch <wk at g10code.com>
+
+ * rijndael.c (do_setkey): Properly align "t" and "tk".
+ (prepare_decryption): Properly align "w". Fixes bug #936.
+
+2008-09-18 Werner Koch <wk at g10code.com>
+
+
+ * pubkey.c (gcry_pk_genkey): Parse domain parameter.
+ (pubkey_generate): Add new arg DOMAIN and remove special case for
+ DSA with qbits.
+ * rsa.c (rsa_generate): Add dummy args QBITS, NAME and DOMAIN and
+ rename to rsa_generate_ext. Change caller.
+ (_gcry_rsa_generate, _gcry_rsa_check_secret_key)
+ (_gcry_rsa_encrypt, _gcry_rsa_decrypt, _gcry_rsa_sign)
+ (_gcry_rsa_verify, _gcry_rsa_get_nbits): Make static and remove
+ _gcry_ prefix.
+ (_gcry_pubkey_spec_rsa, _gcry_pubkey_extraspec_rsa): Adjust names.
+ * dsa.c (dsa_generate_ext): New.
+ (_gcry_dsa_generate): Replace code by a call to dsa_generate.
+ (_gcry_dsa_check_secret_key, _gcry_dsa_sign, _gcry_dsa_verify)
+ (_gcry_dsa_get_nbits): Make static and remove _gcry prefix.
+ (_gcry_dsa_generate2): Remove.
+ (_gcry_pubkey_spec_dsa): Adjust to name changes.
+ (_gcry_pubkey_extraspec_rsa): Add dsa_generate_ext.
+
2008-09-16 Werner Koch <wk at g10code.com>
* ecc.c (run_selftests): Add arg EXTENDED.
Modified: trunk/cipher/dsa.c
===================================================================
--- trunk/cipher/dsa.c 2008-09-20 10:00:36 UTC (rev 1344)
+++ trunk/cipher/dsa.c 2008-09-30 17:58:22 UTC (rev 1345)
@@ -1,4 +1,4 @@
-/* dsa.c - DSA signature scheme
+/* dsa.c - DSA signature algorithm
* Copyright (C) 1998, 2000, 2001, 2002, 2003,
* 2006, 2008 Free Software Foundation, Inc.
*
@@ -458,18 +458,24 @@
************** interface ******************
*********************************************/
-gcry_err_code_t
-_gcry_dsa_generate (int algo, unsigned int nbits, unsigned long dummy,
- gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+static gcry_err_code_t
+dsa_generate_ext (int algo, unsigned int nbits, unsigned int qbits,
+ unsigned long use_e,
+ const char *name, const gcry_sexp_t domain,
+ unsigned int keygen_flags,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
{
- gpg_err_code_t err;
+ gpg_err_code_t ec;
DSA_secret_key sk;
(void)algo;
- (void)dummy;
+ (void)use_e;
+ (void)name;
+ (void)domain;
+ (void)keygen_flags;
- err = generate (&sk, nbits, 0, retfactors);
- if (!err)
+ ec = generate (&sk, nbits, qbits, retfactors);
+ if (!ec)
{
skey[0] = sk.p;
skey[1] = sk.q;
@@ -478,42 +484,22 @@
skey[4] = sk.x;
}
- return err;
+ return ec;
}
-/* We don't want to break our API. Thus we use a hack in pubkey.c to
- link directly to this function. Note that we can't reuse the dummy
- parameter because we can't be sure that applicaions accidently pass
- a USE_E (that is for what dummy is used with RSA) to a DSA
- generation. */
-gcry_err_code_t
-_gcry_dsa_generate2 (int algo, unsigned int nbits, unsigned int qbits,
- unsigned long dummy,
- gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+static gcry_err_code_t
+dsa_generate (int algo, unsigned int nbits, unsigned long dummy,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
{
- gpg_err_code_t err;
- DSA_secret_key sk;
-
- (void)algo;
(void)dummy;
-
- err = generate (&sk, nbits, qbits, retfactors);
- if (!err)
- {
- skey[0] = sk.p;
- skey[1] = sk.q;
- skey[2] = sk.g;
- skey[3] = sk.y;
- skey[4] = sk.x;
- }
-
- return err;
+ return dsa_generate_ext (algo, nbits, 0, 0, NULL, NULL, 0, skey, retfactors);
}
-gcry_err_code_t
-_gcry_dsa_check_secret_key (int algo, gcry_mpi_t *skey)
+
+static gcry_err_code_t
+dsa_check_secret_key (int algo, gcry_mpi_t *skey)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
DSA_secret_key sk;
@@ -537,8 +523,8 @@
}
-gcry_err_code_t
-_gcry_dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+static gcry_err_code_t
+dsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
DSA_secret_key sk;
@@ -563,9 +549,9 @@
return err;
}
-gcry_err_code_t
-_gcry_dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
- int (*cmp) (void *, gcry_mpi_t), void *opaquev)
+static gcry_err_code_t
+dsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+ int (*cmp) (void *, gcry_mpi_t), void *opaquev)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
DSA_public_key pk;
@@ -590,8 +576,8 @@
}
-unsigned int
-_gcry_dsa_get_nbits (int algo, gcry_mpi_t *pkey)
+static unsigned int
+dsa_get_nbits (int algo, gcry_mpi_t *pkey)
{
(void)algo;
@@ -743,16 +729,17 @@
"DSA", dsa_names,
"pqgy", "pqgyx", "", "rs", "pqgy",
GCRY_PK_USAGE_SIGN,
- _gcry_dsa_generate,
- _gcry_dsa_check_secret_key,
+ dsa_generate,
+ dsa_check_secret_key,
NULL,
NULL,
- _gcry_dsa_sign,
- _gcry_dsa_verify,
- _gcry_dsa_get_nbits,
+ dsa_sign,
+ dsa_verify,
+ dsa_get_nbits
};
pk_extra_spec_t _gcry_pubkey_extraspec_dsa =
{
- run_selftests
+ run_selftests,
+ dsa_generate_ext
};
Modified: trunk/cipher/pubkey.c
===================================================================
--- trunk/cipher/pubkey.c 2008-09-20 10:00:36 UTC (rev 1344)
+++ trunk/cipher/pubkey.c 2008-09-30 17:58:22 UTC (rev 1345)
@@ -531,15 +531,16 @@
/* Generate a new public key with algorithm ALGORITHM of size NBITS
and return it at SKEY. The use of the arguments QBITS, USE_E,
- XVALUE and CURVE_NAME depend on the ALGORITHM. RETFACTOR is used
- by some algorithms to return certain additional information which
- are in general not required.
+ XVALUE, CURVE_NAME and DOMAIN depend on the ALGORITHM. RETFACTOR
+ is used by some algorithms to return certain additional information
+ which are in general not required.
The function returns the error code number or 0 on success. */
static gcry_err_code_t
pubkey_generate (int algorithm, unsigned int nbits, unsigned int qbits,
unsigned long use_e, gcry_mpi_t xvalue,
- const char *curve_name, unsigned int keygen_flags,
+ const char *curve_name, gcry_sexp_t domain,
+ unsigned int keygen_flags,
gcry_mpi_t *skey, gcry_mpi_t **retfactors)
{
gcry_err_code_t ec = GPG_ERR_PUBKEY_ALGO;
@@ -561,13 +562,6 @@
security sensitive.. */
ec = GPG_ERR_INV_FLAG;
}
- else if (qbits && pubkey->spec == &_gcry_pubkey_spec_dsa)
- {
- /* Hack to pass QBITS to the DSA generation. fixme: We
- should merge this into an ext_generate fucntion. */
- ec = _gcry_dsa_generate2
- (algorithm, nbits, qbits, 0, skey, retfactors);
- }
#ifdef USE_ELGAMAL
else if (xvalue && pubkey->spec == &_gcry_pubkey_spec_elg)
{
@@ -587,10 +581,17 @@
else if (extraspec && extraspec->ext_generate)
{
/* Use the extended generate function if available. */
- ec = extraspec->ext_generate (algorithm, nbits, use_e,
- keygen_flags,
+ ec = extraspec->ext_generate (algorithm, nbits, qbits, use_e,
+ NULL, domain, keygen_flags,
skey, retfactors);
}
+ else if (qbits || domain)
+ {
+ /* A qbits or domain parameter is specified but the
+ algorithm does not feature an extended generation
+ function. */
+ ec = GPG_ERR_INV_PARAMETER;
+ }
else
{
/* Use the standard generate function. */
@@ -2258,8 +2259,11 @@
else
nbits = 0;
+ /* Extract the optional domain parameter and call the key generation. */
+ l2 = gcry_sexp_find_token (list, "domain", 0);
rc = pubkey_generate (module->mod_id, nbits, qbits, use_e, xvalue,
- curve, keygen_flags, skey, &factors);
+ curve, l2, keygen_flags, skey, &factors);
+ gcry_sexp_release (l2);
if (rc)
goto leave;
Modified: trunk/cipher/rijndael.c
===================================================================
--- trunk/cipher/rijndael.c 2008-09-20 10:00:36 UTC (rev 1344)
+++ trunk/cipher/rijndael.c 2008-09-30 17:58:22 UTC (rev 1345)
@@ -97,11 +97,21 @@
static int initialized = 0;
static const char *selftest_failed=0;
int ROUNDS;
- byte k[MAXKC][4];
int i,j, r, t, rconpointer = 0;
- byte tk[MAXKC][4];
int KC;
-
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte k[MAXKC][4];
+ } k;
+#define k k.k
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte tk[MAXKC][4];
+ } tk;
+#define tk tk.tk
+
/* The on-the-fly self tests are only run in non-fips mode. In fips
mode explicit self-tests are required. Actually the on-the-fly
self-tests are not fully thread-safe and it might happen that a
@@ -237,6 +247,8 @@
}
return 0;
+#undef tk
+#undef k
}
@@ -256,7 +268,12 @@
prepare_decryption( RIJNDAEL_context *ctx )
{
int r;
- byte *w;
+ union
+ {
+ PROPERLY_ALIGNED_TYPE dummy;
+ byte *w;
+ } w;
+#define w w.w
for (r=0; r < MAXROUNDS+1; r++ )
{
@@ -285,6 +302,7 @@
^ *((u32*)U3[w[2]]) ^ *((u32*)U4[w[3]]);
}
#undef W
+#undef w
}
Modified: trunk/cipher/rsa.c
===================================================================
--- trunk/cipher/rsa.c 2008-09-20 10:00:36 UTC (rev 1344)
+++ trunk/cipher/rsa.c 2008-09-30 17:58:22 UTC (rev 1345)
@@ -532,15 +532,20 @@
*********************************************/
static gcry_err_code_t
-rsa_generate (int algo, unsigned int nbits, unsigned long use_e,
- unsigned int keygen_flags,
- gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+rsa_generate_ext (int algo, unsigned int nbits, unsigned int qbits,
+ unsigned long use_e,
+ const char *name, const gcry_sexp_t domain,
+ unsigned int keygen_flags,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
{
RSA_secret_key sk;
gpg_err_code_t ec;
int i;
(void)algo;
+ (void)qbits;
+ (void)name;
+ (void)domain;
ec = generate (&sk, nbits, use_e,
!!(keygen_flags & PUBKEY_FLAG_TRANSIENT_KEY) );
@@ -572,16 +577,17 @@
}
-gcry_err_code_t
-_gcry_rsa_generate (int algo, unsigned int nbits, unsigned long use_e,
- gcry_mpi_t *skey, gcry_mpi_t **retfactors)
+static gcry_err_code_t
+rsa_generate (int algo, unsigned int nbits, unsigned long use_e,
+ gcry_mpi_t *skey, gcry_mpi_t **retfactors)
{
- return rsa_generate (algo, nbits, use_e, 0, skey, retfactors);
+ return rsa_generate_ext (algo, nbits, 0, use_e, NULL, NULL, 0,
+ skey, retfactors);
}
-gcry_err_code_t
-_gcry_rsa_check_secret_key( int algo, gcry_mpi_t *skey )
+static gcry_err_code_t
+rsa_check_secret_key (int algo, gcry_mpi_t *skey)
{
gcry_err_code_t err = GPG_ERR_NO_ERROR;
RSA_secret_key sk;
@@ -605,9 +611,9 @@
}
-gcry_err_code_t
-_gcry_rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
- gcry_mpi_t *pkey, int flags)
+static gcry_err_code_t
+rsa_encrypt (int algo, gcry_mpi_t *resarr, gcry_mpi_t data,
+ gcry_mpi_t *pkey, int flags)
{
RSA_public_key pk;
@@ -622,9 +628,10 @@
return GPG_ERR_NO_ERROR;
}
-gcry_err_code_t
-_gcry_rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
- gcry_mpi_t *skey, int flags)
+
+static gcry_err_code_t
+rsa_decrypt (int algo, gcry_mpi_t *result, gcry_mpi_t *data,
+ gcry_mpi_t *skey, int flags)
{
RSA_secret_key sk;
gcry_mpi_t r = MPI_NULL; /* Random number needed for blinding. */
@@ -701,8 +708,9 @@
return GPG_ERR_NO_ERROR;
}
-gcry_err_code_t
-_gcry_rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
+
+static gcry_err_code_t
+rsa_sign (int algo, gcry_mpi_t *resarr, gcry_mpi_t data, gcry_mpi_t *skey)
{
RSA_secret_key sk;
@@ -720,8 +728,9 @@
return GPG_ERR_NO_ERROR;
}
-gcry_err_code_t
-_gcry_rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
+
+static gcry_err_code_t
+rsa_verify (int algo, gcry_mpi_t hash, gcry_mpi_t *data, gcry_mpi_t *pkey,
int (*cmp) (void *opaque, gcry_mpi_t tmp),
void *opaquev)
{
@@ -752,8 +761,8 @@
}
-unsigned int
-_gcry_rsa_get_nbits (int algo, gcry_mpi_t *pkey)
+static unsigned int
+rsa_get_nbits (int algo, gcry_mpi_t *pkey)
{
(void)algo;
@@ -1080,18 +1089,18 @@
"RSA", rsa_names,
"ne", "nedpqu", "a", "s", "n",
GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR,
- _gcry_rsa_generate,
- _gcry_rsa_check_secret_key,
- _gcry_rsa_encrypt,
- _gcry_rsa_decrypt,
- _gcry_rsa_sign,
- _gcry_rsa_verify,
- _gcry_rsa_get_nbits,
+ rsa_generate,
+ rsa_check_secret_key,
+ rsa_encrypt,
+ rsa_decrypt,
+ rsa_sign,
+ rsa_verify,
+ rsa_get_nbits,
};
pk_extra_spec_t _gcry_pubkey_extraspec_rsa =
{
run_selftests,
- rsa_generate,
+ rsa_generate_ext,
compute_keygrip
};
More information about the Gnupg-commits
mailing list