[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-29-g91d3a2c
by Werner Koch
cvs at cvs.gnupg.org
Mon Jan 13 11:13:46 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 91d3a2cc7ed2114b9f1821133eafc79efb55edca (commit)
via 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225 (commit)
via 2c5ec803100ed8261e51442fb93b75367b7725ea (commit)
via 9bedc5c3b646dfe481678ca58f5466ac46decaf7 (commit)
via 7edcb574d8d6dffb6e234c2ba1996a9a04923859 (commit)
via 653b58cb5e85511b6c04c3f85ef3e372c2e9f74f (commit)
via 8439a379c86ef1088465ea70ac10840759a1638e (commit)
via 36c9e0e4eb4f935da90df1c8df484d1940bda5eb (commit)
via 2ef48ba59c32bfa1a9265d5eea8ab225a658903a (commit)
from ef3e66e168c4b9b86bfc4903001631e53a7125d8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 91d3a2cc7ed2114b9f1821133eafc79efb55edca
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 9 19:14:09 2014 +0100
Update NEWS.
--
diff --git a/NEWS b/NEWS
index 878742e..4bf4a06 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,18 @@
Noteworthy changes in version 1.7.0 (unreleased)
------------------------------------------------
+ * Fix a 1.6.0 introduced regression in looking up an message digest
+ by OID.
+
+ * Support curve sec256k1.
+
+ * Support curves GOST R 34.10-2001 and GOST R 34.10-2012.
+
+ * Interface changes relative to the 1.6.0 release:
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ gcry_mac_get_algo NEW.
+ GCRY_MAC_HMAC_MD2 NEW.
+
Noteworthy changes in version 1.6.0 (2013-12-16)
------------------------------------------------
commit 9edcf1090e0485f9f383b6c54b18ea8ca3d4a225
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Tue Dec 31 00:38:37 2013 +0400
Truncate hash values for ECDSA signature scheme
* cipher/dsa-common (_gcry_dsa_normalize_hash): New. Truncate opaque
mpis as required for DSA and ECDSA signature schemas.
* cipher/dsa.c (verify): Return gpg_err_code_t value from verify() to
behave like the rest of internal sign/verify functions.
* cipher/dsa.c (sign, verify, dsa_verify): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Factor out hash truncation.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_verify):
as required by ECDSA scheme, truncate hash values to bitlength of
used curve.
* tests/pubkey.c (check_ecc_sample_key): add a testcase for hash
truncation.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/cipher/dsa-common.c b/cipher/dsa-common.c
index d251eae..a5e42a2 100644
--- a/cipher/dsa-common.c
+++ b/cipher/dsa-common.c
@@ -359,3 +359,36 @@ _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k,
*r_k = k;
return rc;
}
+
+/*
+ * Truncate opaque hash value to qbits for DSA.
+ * Non-opaque input is not truncated, in hope that user
+ * knows what is passed. It is not possible to correctly
+ * trucate non-opaque inputs.
+ */
+gpg_err_code_t
+_gcry_dsa_normalize_hash (gcry_mpi_t input,
+ gcry_mpi_t *out,
+ unsigned int qbits)
+{
+ gpg_err_code_t rc = 0;
+ const void *abuf;
+ unsigned int abits;
+ gcry_mpi_t hash;
+
+ if (mpi_is_opaque (input))
+ {
+ abuf = mpi_get_opaque (input, &abits);
+ rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
+ if (rc)
+ return rc;
+ if (abits > qbits)
+ mpi_rshift (hash, hash, abits - qbits);
+ }
+ else
+ hash = input;
+
+ *out = hash;
+
+ return rc;
+}
diff --git a/cipher/dsa.c b/cipher/dsa.c
index 50bdab1..1707d8c 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -115,7 +115,7 @@ static gpg_err_code_t generate (DSA_secret_key *sk,
gcry_mpi_t **ret_factors);
static gpg_err_code_t sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
DSA_secret_key *skey, int flags, int hashalgo);
-static int verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
+static gpg_err_code_t verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input,
DSA_public_key *pkey);
static unsigned int dsa_get_nbits (gcry_sexp_t parms);
@@ -165,12 +165,12 @@ test_keys (DSA_secret_key *sk, unsigned int qbits)
sign (sig_a, sig_b, data, sk, 0, 0);
/* Verify the signature using the public key. */
- if ( !verify (sig_a, sig_b, data, &pk) )
+ if ( verify (sig_a, sig_b, data, &pk) )
goto leave; /* Signature does not match. */
/* Modify the data and check that the signing fails. */
mpi_add_ui (data, data, 1);
- if ( verify (sig_a, sig_b, data, &pk) )
+ if ( !verify (sig_a, sig_b, data, &pk) )
goto leave; /* Signature matches but should not. */
result = 0; /* The test succeeded. */
@@ -573,20 +573,9 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey,
qbits = mpi_get_nbits (skey->q);
/* Convert the INPUT into an MPI. */
- if (mpi_is_opaque (input))
- {
- abuf = mpi_get_opaque (input, &abits);
- rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
- if (rc)
- return rc;
- if (abits > qbits)
- mpi_rshift (hash, hash, abits - qbits);
- }
- else
- {
- mpi_normalize (input);
- hash = input;
- }
+ rc = _gcry_dsa_normalize_hash (input, &hash, qbits);
+ if (rc)
+ return rc;
again:
/* Create the K value. */
@@ -651,18 +640,25 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey,
/*
Returns true if the signature composed from R and S is valid.
*/
-static int
-verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )
+static gpg_err_code_t
+verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_public_key *pkey )
{
- int rc;
+ gpg_err_code_t rc = 0;
gcry_mpi_t w, u1, u2, v;
gcry_mpi_t base[3];
gcry_mpi_t ex[3];
+ gcry_mpi_t hash;
+ unsigned int nbits;
if( !(mpi_cmp_ui( r, 0 ) > 0 && mpi_cmp( r, pkey->q ) < 0) )
- return 0; /* assertion 0 < r < q failed */
+ return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < r < n failed. */
if( !(mpi_cmp_ui( s, 0 ) > 0 && mpi_cmp( s, pkey->q ) < 0) )
- return 0; /* assertion 0 < s < q failed */
+ return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < s < n failed. */
+
+ nbits = mpi_get_nbits (pkey->q);
+ rc = _gcry_dsa_normalize_hash (input, &hash, nbits);
+ if (rc)
+ return rc;
w = mpi_alloc( mpi_get_nlimbs(pkey->q) );
u1 = mpi_alloc( mpi_get_nlimbs(pkey->q) );
@@ -685,12 +681,25 @@ verify (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t hash, DSA_public_key *pkey )
mpi_mulpowm( v, base, ex, pkey->p );
mpi_fdiv_r( v, v, pkey->q );
- rc = !mpi_cmp( v, r );
+ if (mpi_cmp( v, r ))
+ {
+ if (DBG_CIPHER)
+ {
+ log_mpidump (" i", input);
+ log_mpidump (" h", hash);
+ log_mpidump (" v", v);
+ log_mpidump (" r", r);
+ log_mpidump (" s", s);
+ }
+ rc = GPG_ERR_BAD_SIGNATURE;
+ }
mpi_free(w);
mpi_free(u1);
mpi_free(u2);
mpi_free(v);
+ if (hash != input)
+ mpi_free (hash);
return rc;
}
@@ -1090,31 +1099,7 @@ dsa_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
}
/* Verify the signature. */
- if (mpi_is_opaque (data))
- {
- const void *abuf;
- unsigned int abits, qbits;
- gcry_mpi_t a;
-
- qbits = mpi_get_nbits (pk.q);
-
- abuf = mpi_get_opaque (data, &abits);
- rc = _gcry_mpi_scan (&a, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
- if (!rc)
- {
- if (abits > qbits)
- mpi_rshift (a, a, abits - qbits);
-
- if (!verify (sig_r, sig_s, a, &pk))
- rc = GPG_ERR_BAD_SIGNATURE;
- _gcry_mpi_release (a);
- }
- }
- else
- {
- if (!verify (sig_r, sig_s, data, &pk))
- rc = GPG_ERR_BAD_SIGNATURE;
- }
+ rc = verify (sig_r, sig_s, data, &pk);
leave:
_gcry_mpi_release (pk.p);
diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c
index b4bbe2c..1484830 100644
--- a/cipher/ecc-ecdsa.c
+++ b/cipher/ecc-ecdsa.c
@@ -57,18 +57,9 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, ECC_secret_key *skey,
qbits = mpi_get_nbits (skey->E.n);
/* Convert the INPUT into an MPI if needed. */
- if (mpi_is_opaque (input))
- {
- abuf = mpi_get_opaque (input, &abits);
- rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
- if (rc)
- return rc;
- if (abits > qbits)
- mpi_rshift (hash, hash, abits - qbits);
- }
- else
- hash = input;
-
+ rc = _gcry_dsa_normalize_hash (input, &hash, qbits);
+ if (rc)
+ return rc;
k = NULL;
dr = mpi_alloc (0);
@@ -161,15 +152,21 @@ _gcry_ecc_ecdsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
gcry_mpi_t r, gcry_mpi_t s)
{
gpg_err_code_t err = 0;
- gcry_mpi_t h, h1, h2, x;
+ gcry_mpi_t hash, h, h1, h2, x;
mpi_point_struct Q, Q1, Q2;
mpi_ec_t ctx;
+ unsigned int nbits;
if( !(mpi_cmp_ui (r, 0) > 0 && mpi_cmp (r, pkey->E.n) < 0) )
return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < r < n failed. */
if( !(mpi_cmp_ui (s, 0) > 0 && mpi_cmp (s, pkey->E.n) < 0) )
return GPG_ERR_BAD_SIGNATURE; /* Assertion 0 < s < n failed. */
+ nbits = mpi_get_nbits (pkey->E.n);
+ err = _gcry_dsa_normalize_hash (input, &hash, nbits);
+ if (err)
+ return err;
+
h = mpi_alloc (0);
h1 = mpi_alloc (0);
h2 = mpi_alloc (0);
@@ -184,7 +181,7 @@ _gcry_ecc_ecdsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
/* h = s^(-1) (mod n) */
mpi_invm (h, s, pkey->E.n);
/* h1 = hash * s^(-1) (mod n) */
- mpi_mulm (h1, input, h, pkey->E.n);
+ mpi_mulm (h1, hash, h, pkey->E.n);
/* Q1 = [ hash * s^(-1) ]G */
_gcry_mpi_ec_mul_point (&Q1, h1, &pkey->E.G, ctx);
/* h2 = r * s^(-1) (mod n) */
@@ -230,5 +227,8 @@ _gcry_ecc_ecdsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
mpi_free (h2);
mpi_free (h1);
mpi_free (h);
+ if (hash != input)
+ mpi_free (hash);
+
return err;
}
diff --git a/cipher/pubkey-internal.h b/cipher/pubkey-internal.h
index db1399d..193248c 100644
--- a/cipher/pubkey-internal.h
+++ b/cipher/pubkey-internal.h
@@ -88,6 +88,9 @@ gpg_err_code_t _gcry_dsa_gen_rfc6979_k (gcry_mpi_t *r_k,
int halgo,
unsigned int extraloops);
+gpg_err_code_t _gcry_dsa_normalize_hash (gcry_mpi_t input,
+ gcry_mpi_t *out,
+ unsigned int qbits);
/*-- ecc.c --*/
gpg_err_code_t _gcry_pk_ecc_get_sexp (gcry_sexp_t *r_sexp, int mode,
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 4e12dfd..ae5eea2 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -980,9 +980,23 @@ check_ecc_sample_key (void)
"(data (flags raw)\n"
" (value #00112233445566778899AABBCCDDEEFF"
/* */ "000102030405060708090A0B0C0D0E0F#))";
+ static const char hash2_string[] =
+ "(data (flags raw)\n"
+ " (hash sha1 #00112233445566778899AABBCCDDEEFF"
+ /* */ "000102030405060708090A0B0C0D0E0F"
+ /* */ "000102030405060708090A0B0C0D0E0F"
+ /* */ "00112233445566778899AABBCCDDEEFF#))";
+ /* hash2, but longer than curve length, so it will be truncated */
+ static const char hash3_string[] =
+ "(data (flags raw)\n"
+ " (hash sha1 #00112233445566778899AABBCCDDEEFF"
+ /* */ "000102030405060708090A0B0C0D0E0F"
+ /* */ "000102030405060708090A0B0C0D0E0F"
+ /* */ "00112233445566778899AABBCCDDEEFF"
+ /* */ "000102030405060708090A0B0C0D0E0F#))";
gpg_error_t err;
- gcry_sexp_t key, hash, sig;
+ gcry_sexp_t key, hash, hash2, hash3, sig, sig2;
if (verbose)
fprintf (stderr, "Checking sample ECC key.\n");
@@ -990,6 +1004,12 @@ check_ecc_sample_key (void)
if ((err = gcry_sexp_new (&hash, hash_string, 0, 1)))
die ("line %d: %s", __LINE__, gpg_strerror (err));
+ if ((err = gcry_sexp_new (&hash2, hash2_string, 0, 1)))
+ die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+ if ((err = gcry_sexp_new (&hash3, hash3_string, 0, 1)))
+ die ("line %d: %s", __LINE__, gpg_strerror (err));
+
if ((err = gcry_sexp_new (&key, ecc_private_key, 0, 1)))
die ("line %d: %s", __LINE__, gpg_strerror (err));
@@ -1003,6 +1023,28 @@ check_ecc_sample_key (void)
if ((err = gcry_pk_verify (sig, hash, key)))
die ("gcry_pk_verify failed: %s", gpg_strerror (err));
+ /* Verify hash truncation */
+ gcry_sexp_release (key);
+ if ((err = gcry_sexp_new (&key, ecc_private_key, 0, 1)))
+ die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+ if ((err = gcry_pk_sign (&sig2, hash2, key)))
+ die ("gcry_pk_sign failed: %s", gpg_strerror (err));
+
+ gcry_sexp_release (sig);
+ if ((err = gcry_pk_sign (&sig, hash3, key)))
+ die ("gcry_pk_sign failed: %s", gpg_strerror (err));
+
+ gcry_sexp_release (key);
+ if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1)))
+ die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+ if ((err = gcry_pk_verify (sig, hash2, key)))
+ die ("gcry_pk_verify failed: %s", gpg_strerror (err));
+
+ if ((err = gcry_pk_verify (sig2, hash3, key)))
+ die ("gcry_pk_verify failed: %s", gpg_strerror (err));
+
/* Now try signing without the Q parameter. */
gcry_sexp_release (key);
@@ -1021,8 +1063,11 @@ check_ecc_sample_key (void)
die ("gcry_pk_verify signed without Q failed: %s", gpg_strerror (err));
gcry_sexp_release (sig);
+ gcry_sexp_release (sig2);
gcry_sexp_release (key);
gcry_sexp_release (hash);
+ gcry_sexp_release (hash2);
+ gcry_sexp_release (hash3);
}
commit 2c5ec803100ed8261e51442fb93b75367b7725ea
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Tue Dec 31 00:39:58 2013 +0400
Add GOST R 34.10-2012 curves proposed by TC26
* cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves
proposed/pending to standardization by TC26 (Russian cryptography
technical comitee).
* cipher/ecc-curves.c (curve_alias): Add OID aliases.
* tests/curves.c: Increase N_CURVES.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 5e2d9a4..dc74ee0 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -82,6 +82,9 @@ static const struct
{ "GOST2001-CryptoPro-A", "1.2.643.2.2.36.0" },
{ "GOST2001-CryptoPro-C", "1.2.643.2.2.36.1" },
+ { "GOST2012-tc26-A", "1.2.643.7.1.2.1.2.1" },
+ { "GOST2012-tc26-B", "1.2.643.7.1.2.1.2.2" },
+
{ "secp256k1", "1.3.132.0.10" },
{ NULL, NULL}
@@ -352,6 +355,38 @@ static const ecc_domain_parms_t domain_parms[] =
"0x2bb312a43bd2ce6e0d020613c857acddcfbf061e91e5f2c3f32447c259f39b2"
"c83ab156d77f1496bf7eb3351e1ee4e43dc1a18b91b24640b6dbb92cb1add371e",
},
+ {
+ "GOST2012-tc26-A", 512, 0,
+ MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc7",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc4",
+ "0xe8c2505dedfc86ddc1bd0b2b6667f1da34b82574761cb0e879bd081cfd0b6265"
+ "ee3cb090f30d27614cb4574010da90dd862ef9d4ebee4761503190785a71c760",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "27e69532f48d89116ff22b8d4e0560609b4b38abfad2b85dcacdb1411f10b275",
+ "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0000000000000000000000000000000000000000000000000000000000000003",
+ "0x7503cfe87a836ae3a61b8816e25450e6ce5e1c93acf1abc1778064fdcbefa921"
+ "df1626be4fd036e93d75e6a50e3a41e98028fe5fc235f5b889a589cb5215f2a4",
+ },
+ {
+ "GOST2012-tc26-B", 512, 0,
+ MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
+ "0x8000000000000000000000000000000000000000000000000000000000000000"
+ "000000000000000000000000000000000000000000000000000000000000006f",
+ "0x8000000000000000000000000000000000000000000000000000000000000000"
+ "000000000000000000000000000000000000000000000000000000000000006c",
+ "0x687d1b459dc841457e3e06cf6f5e2517b97c7d614af138bcbf85dc806c4b289f"
+ "3e965d2db1416d217f8b276fad1ab69c50f78bee1fa3106efb8ccbc7c5140116",
+ "0x8000000000000000000000000000000000000000000000000000000000000001"
+ "49a1ec142565a545acfdb77bd9d40cfa8b996712101bea0ec6346c54374f25bd",
+ "0x0000000000000000000000000000000000000000000000000000000000000000"
+ "0000000000000000000000000000000000000000000000000000000000000002",
+ "0x1a8f7eda389b094c2c071e3647a8940f3c123b697578c213be6dd9e6c8ec7335"
+ "dcb228fd1edf4a39152cbcaaf8c0398828041055f94ceeec7e21340780fe41bd",
+ },
{
"secp256k1", 256, 0,
diff --git a/tests/curves.c b/tests/curves.c
index de5ae46..0581452 100644
--- a/tests/curves.c
+++ b/tests/curves.c
@@ -29,7 +29,7 @@
#include "../src/gcrypt-int.h"
/* Number of curves defined in ../cipger/ecc.c */
-#define N_CURVES 19
+#define N_CURVES 21
/* A real world sample public key. */
static char const sample_key_1[] =
commit 9bedc5c3b646dfe481678ca58f5466ac46decaf7
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Tue Dec 31 00:39:57 2013 +0400
Add GOST R 34.10-2001 curves per RFC4357
* cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357.
* cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST
curves.
* tests/curves.c (N_CURVES): Update value.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 9016ec6..5e2d9a4 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -73,6 +73,15 @@ static const struct
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11"},
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13"},
+ { "GOST2001-test", "1.2.643.2.2.35.0" },
+ { "GOST2001-CryptoPro-A", "1.2.643.2.2.35.1" },
+ { "GOST2001-CryptoPro-B", "1.2.643.2.2.35.2" },
+ { "GOST2001-CryptoPro-C", "1.2.643.2.2.35.3" },
+ { "GOST2001-CryptoPro-A", "GOST2001-CryptoPro-XchA" },
+ { "GOST2001-CryptoPro-C", "GOST2001-CryptoPro-XchB" },
+ { "GOST2001-CryptoPro-A", "1.2.643.2.2.36.0" },
+ { "GOST2001-CryptoPro-C", "1.2.643.2.2.36.1" },
+
{ "secp256k1", "1.3.132.0.10" },
{ NULL, NULL}
@@ -297,7 +306,36 @@ static const ecc_domain_parms_t domain_parms[] =
"0x0000000000000000000000000000000000000000000000000000000000000002",
"0x08e2a8a0e65147d4bd6316030e16d19c85c97f0a9ca267122b96abbcea7e8fc8",
},
-
+ {
+ "GOST2001-CryptoPro-A", 256, 0,
+ MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd97",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd94",
+ "0x00000000000000000000000000000000000000000000000000000000000000a6",
+ "0xffffffffffffffffffffffffffffffff6c611070995ad10045841b09b761b893",
+ "0x0000000000000000000000000000000000000000000000000000000000000001",
+ "0x8d91e471e0989cda27df505a453f2b7635294f2ddf23e3b122acc99c9e9f1e14"
+ },
+ {
+ "GOST2001-CryptoPro-B", 256, 0,
+ MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
+ "0x8000000000000000000000000000000000000000000000000000000000000c99",
+ "0x8000000000000000000000000000000000000000000000000000000000000c96",
+ "0x3e1af419a269a5f866a7d3c25c3df80ae979259373ff2b182f49d4ce7e1bbc8b",
+ "0x800000000000000000000000000000015f700cfff1a624e5e497161bcc8a198f",
+ "0x0000000000000000000000000000000000000000000000000000000000000001",
+ "0x3fa8124359f96680b83d1c3eb2c070e5c545c9858d03ecfb744bf8d717717efc"
+ },
+ {
+ "GOST2001-CryptoPro-C", 256, 0,
+ MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
+ "0x9b9f605f5a858107ab1ec85e6b41c8aacf846e86789051d37998f7b9022d759b",
+ "0x9b9f605f5a858107ab1ec85e6b41c8aacf846e86789051d37998f7b9022d7598",
+ "0x000000000000000000000000000000000000000000000000000000000000805a",
+ "0x9b9f605f5a858107ab1ec85e6b41c8aa582ca3511eddfb74f02f3a6598980bb9",
+ "0x0000000000000000000000000000000000000000000000000000000000000000",
+ "0x41ece55743711a8c3cbf3783cd08c0ee4d4dc440d4641a8f366e550dfdb3bb67"
+ },
{
"GOST2012-test", 511, 0,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
diff --git a/tests/curves.c b/tests/curves.c
index 04e6bc9..de5ae46 100644
--- a/tests/curves.c
+++ b/tests/curves.c
@@ -29,7 +29,7 @@
#include "../src/gcrypt-int.h"
/* Number of curves defined in ../cipger/ecc.c */
-#define N_CURVES 16
+#define N_CURVES 19
/* A real world sample public key. */
static char const sample_key_1[] =
commit 7edcb574d8d6dffb6e234c2ba1996a9a04923859
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Tue Dec 31 00:39:56 2013 +0400
Fix typo in search_oid
* cipher/md.c (search_oid): Invert condition on oid comparison.
--
Function stricmp() returns 0 in case strings match, so proper condition
that checks for matching OID strings should be if (!stricmp(...))
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/cipher/md.c b/cipher/md.c
index d9c1ad4..1b59765 100644
--- a/cipher/md.c
+++ b/cipher/md.c
@@ -195,7 +195,7 @@ search_oid (const char *oid, gcry_md_oid_spec_t *oid_spec)
if (spec && spec->oids)
{
for (i = 0; spec->oids[i].oidstring; i++)
- if (stricmp (oid, spec->oids[i].oidstring))
+ if (!stricmp (oid, spec->oids[i].oidstring))
{
if (oid_spec)
*oid_spec = spec->oids[i];
commit 653b58cb5e85511b6c04c3f85ef3e372c2e9f74f
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Fri Dec 27 12:37:12 2013 +0400
Add MD2-HMAC calculation support
* src/gcrypt.h.in (GCRY_MAC_HMAC_MD2): New.
* cipher/mac-hmac.c: Support GCRY_MAC_HMAC_MD2.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/cipher/mac-hmac.c b/cipher/mac-hmac.c
index 5edd7e8..2c660e9 100644
--- a/cipher/mac-hmac.c
+++ b/cipher/mac-hmac.c
@@ -35,6 +35,8 @@ map_mac_algo_to_md (int mac_algo)
{
default:
return GCRY_MD_NONE;
+ case GCRY_MAC_HMAC_MD2:
+ return GCRY_MD_MD2;
case GCRY_MAC_HMAC_MD4:
return GCRY_MD_MD4;
case GCRY_MAC_HMAC_MD5:
@@ -270,3 +272,9 @@ gcry_mac_spec_t _gcry_mac_type_spec_hmac_md4 = {
&hmac_ops
};
#endif
+#if USE_MD2
+gcry_mac_spec_t _gcry_mac_type_spec_hmac_md2 = {
+ GCRY_MAC_HMAC_MD2, {0, 0}, "HMAC_MD2",
+ &hmac_ops
+};
+#endif
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 402e4fd..f8318c0 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1319,6 +1319,7 @@ enum gcry_mac_algos
GCRY_MAC_HMAC_GOSTR3411_94 = 111,
GCRY_MAC_HMAC_STRIBOG256 = 112,
GCRY_MAC_HMAC_STRIBOG512 = 113,
+ GCRY_MAC_HMAC_MD2 = 114,
GCRY_MAC_CMAC_AES = 201,
GCRY_MAC_CMAC_3DES = 202,
commit 8439a379c86ef1088465ea70ac10840759a1638e
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Fri Dec 27 12:37:11 2013 +0400
Add a function to retrieve algorithm used by MAC handler
* cipher/mac.c (_gcry_mac_get_algo): New function, returns used algo.
* src/visibility.c (gcry_mac_get_algo): New wrapper.
* src/visibility.h: Hanlde gcry_mac_get_algo.
* src/gcrypt-int.h (_gcry_mac_get_algo): New.
* src/gcrypt.h.in (gcry_mac_get_algo): New.
* src/libgcrypt.def (gcry_mac_get_algo): New.
* src/libgcrypt.vers (gcry_mac_get_algo): New.
* doc/gcrypt.texi: Document gcry_mac_get_algo.
* tests/basic.c (check_one_mac): Verify gcry_mac_get_algo.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/cipher/mac.c b/cipher/mac.c
index 3daf2ee..7805467 100644
--- a/cipher/mac.c
+++ b/cipher/mac.c
@@ -369,6 +369,13 @@ _gcry_mac_verify (gcry_mac_hd_t hd, const void *buf, size_t buflen)
}
+int
+_gcry_mac_get_algo (gcry_mac_hd_t hd)
+{
+ return hd->algo;
+}
+
+
unsigned int
_gcry_mac_get_algo_maclen (int algo)
{
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index ce17c8e..25d8227 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3722,6 +3722,16 @@ the MAC calculated in object @var{h}.
@end deftypefun
+In some situations it might be hard to remember the algorithm used for
+the MAC calculation. The following function might be used to get that
+information:
+
+ at deftypefun {int} gcry_mac_get_algo (gcry_mac_hd_t @var{h})
+
+Retrieve the algorithm used with the handle @var{h}.
+ at end deftypefun
+
+
@c ***********************************
@c ***** MAC info functions **********
@c ***********************************
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 65dcb4d..8a6df84 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -180,6 +180,7 @@ gpg_err_code_t _gcry_mac_write (gcry_mac_hd_t hd, const void *buffer,
gpg_err_code_t _gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen);
gpg_err_code_t _gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer,
size_t buflen);
+int _gcry_mac_get_algo (gcry_mac_hd_t hd);
unsigned int _gcry_mac_get_algo_maclen (int algo);
unsigned int _gcry_mac_get_algo_keylen (int algo);
const char *_gcry_mac_algo_name (int algorithm) _GCRY_GCC_ATTR_PURE;
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 5c771e5..402e4fd 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -1382,6 +1382,9 @@ gcry_error_t gcry_mac_read (gcry_mac_hd_t hd, void *buffer, size_t *buflen);
gcry_error_t gcry_mac_verify (gcry_mac_hd_t hd, const void *buffer,
size_t buflen);
+/* Retrieve the algorithm used with MAC. */
+int gcry_mac_get_algo (gcry_mac_hd_t hd);
+
/* Retrieve the length in bytes of the MAC yielded by algorithm ALGO. */
unsigned int gcry_mac_get_algo_maclen (int algo);
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index a90efce..57ed490 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -274,6 +274,7 @@ EXPORTS
gcry_mac_read @240
gcry_mac_verify @241
gcry_mac_ctl @242
+ gcry_mac_get_algo @243
;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 5118c81..7ee0541 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -54,7 +54,7 @@ GCRYPT_1.6 {
gcry_cipher_authenticate; gcry_cipher_gettag; gcry_cipher_checktag;
gcry_mac_algo_info; gcry_mac_algo_name; gcry_mac_map_name;
- gcry_mac_get_algo_maclen; gcry_mac_get_algo_keylen;
+ gcry_mac_get_algo_maclen; gcry_mac_get_algo_keylen; gcry_mac_get_algo;
gcry_mac_open; gcry_mac_close; gcry_mac_setkey; gcry_mac_setiv;
gcry_mac_write; gcry_mac_read; gcry_mac_verify; gcry_mac_ctl;
diff --git a/src/visibility.c b/src/visibility.c
index 2989498..6ed57ca 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -855,6 +855,12 @@ gcry_mac_map_name (const char *string)
return _gcry_mac_map_name (string);
}
+int
+gcry_mac_get_algo (gcry_mac_hd_t hd)
+{
+ return _gcry_mac_get_algo (hd);
+}
+
unsigned int
gcry_mac_get_algo_maclen (int algo)
{
diff --git a/src/visibility.h b/src/visibility.h
index 4127a43..96b5235 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -137,6 +137,7 @@ MARK_VISIBLEX (gcry_cipher_open)
MARK_VISIBLEX (gcry_mac_algo_info)
MARK_VISIBLEX (gcry_mac_algo_name)
MARK_VISIBLEX (gcry_mac_map_name)
+MARK_VISIBLEX (gcry_mac_get_algo)
MARK_VISIBLEX (gcry_mac_get_algo_maclen)
MARK_VISIBLEX (gcry_mac_get_algo_keylen)
MARK_VISIBLEX (gcry_mac_open)
@@ -380,6 +381,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
#define gcry_mac_algo_info _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mac_algo_name _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mac_map_name _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mac_get_algo _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mac_get_algo_maclen _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mac_get_algo_keylen _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mac_open _gcry_USE_THE_UNDERSCORED_FUNCTION
diff --git a/tests/basic.c b/tests/basic.c
index 56328d1..697485e 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -4469,6 +4469,12 @@ check_one_mac (int algo, const char *data, int datalen,
return;
}
+ i = gcry_mac_get_algo (hd);
+ if (i != algo)
+ {
+ fail ("algo %d, gcry_mac_get_algo failed: %d\n", algo, i);
+ }
+
maclen = gcry_mac_get_algo_maclen (algo);
if (maclen < 1 || maclen > 500)
{
commit 36c9e0e4eb4f935da90df1c8df484d1940bda5eb
Author: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
Date: Fri Dec 27 12:37:10 2013 +0400
Correct formatting of gcry_mac_get_algo_keylen documentation
* doc/gcrypt.texi: add braces near gcry_mac_get_algo_keylen
documentation.
Use braces around unsigned int in gcry_mac_get_algo_keylen
documentation, otherwise texinfo breaks that and uses 'int' as a
function definition.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov at gmail.com>
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index cef6318..ce17c8e 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -3767,7 +3767,7 @@ for the MAC value. On error @code{0} is returned.
@end deftypefun
- at deftypefun unsigned int gcry_mac_get_algo_keylen (@var{algo})
+ at deftypefun {unsigned int} gcry_mac_get_algo_keylen (@var{algo})
This function returns length of the key for MAC algorithm @var{algo}. If
the algorithm supports multiple key lengths, the default supported key
commit 2ef48ba59c32bfa1a9265d5eea8ab225a658903a
Author: Werner Koch <wk at gnupg.org>
Date: Thu Jan 9 19:14:09 2014 +0100
ecc: Make a macro shorter.
* src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage
all users.
* cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
comment.
* mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
(add_points_twistededwards): Rename to add_points_edwards.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index a4bce67..9016ec6 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -107,7 +107,7 @@ static const ecc_domain_parms_t domain_parms[] =
{
/* (-x^2 + y^2 = 1 + dx^2y^2) */
"Ed25519", 256, 0,
- MPI_EC_TWISTEDEDWARDS, ECC_DIALECT_ED25519,
+ MPI_EC_EDWARDS, ECC_DIALECT_ED25519,
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
"-0x01",
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
@@ -115,6 +115,22 @@ static const ecc_domain_parms_t domain_parms[] =
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658"
},
+#if 0 /* No real specs yet found. */
+ {
+ /* x^2 + y^2 = 1 + 3617x^2y^2 mod 2^414 - 17 */
+ "Curve3617",
+ "0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF",
+ MPI_EC_EDWARDS, 0,
+ "0x01",
+ "0x0e21",
+ "0x07FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEB3CC92414CF"
+ "706022B36F1C0338AD63CF181B0E71A5E106AF79",
+ "0x1A334905141443300218C0631C326E5FCD46369F44C03EC7F57FF35498A4AB4D"
+ "6D6BA111301A73FAA8537C64C4FD3812F3CBC595",
+ "0x22"
+ },
+#endif /*0*/
{
"NIST P-192", 192, 1,
MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
@@ -417,7 +433,7 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
switch (domain_parms[idx].model)
{
case MPI_EC_WEIERSTRASS:
- case MPI_EC_TWISTEDEDWARDS:
+ case MPI_EC_EDWARDS:
break;
case MPI_EC_MONTGOMERY:
return GPG_ERR_NOT_SUPPORTED;
@@ -1038,7 +1054,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
if (name[1] != '@')
return _gcry_mpi_ec_ec2os (ec->Q, ec);
- if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_TWISTEDEDWARDS)
+ if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_EDWARDS)
{
unsigned char *encpk;
unsigned int encpklen;
diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c
index 7b750c0..3f284fe 100644
--- a/cipher/ecc-misc.c
+++ b/cipher/ecc-misc.c
@@ -79,7 +79,7 @@ _gcry_ecc_model2str (enum gcry_mpi_ec_models model)
{
case MPI_EC_WEIERSTRASS: str = "Weierstrass"; break;
case MPI_EC_MONTGOMERY: str = "Montgomery"; break;
- case MPI_EC_TWISTEDEDWARDS: str = "Twisted Edwards"; break;
+ case MPI_EC_EDWARDS: str = "Edwards"; break;
}
return str;
}
@@ -252,7 +252,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec,
if (!d || !G || !ec->p || !ec->a)
return NULL;
- if (ec->model == MPI_EC_TWISTEDEDWARDS && !ec->b)
+ if (ec->model == MPI_EC_EDWARDS && !ec->b)
return NULL;
if (ec->dialect == ECC_DIALECT_ED25519
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 06bfb47..0e5776c 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -643,7 +643,7 @@ ecc_check_secret_key (gcry_sexp_t keyparms)
if (!curvename)
{
sk.E.model = ((flags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
@@ -775,7 +775,7 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
if (!curvename)
{
sk.E.model = ((ctx.flags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
sk.E.dialect = ((ctx.flags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
@@ -939,7 +939,7 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
if (!curvename)
{
pk.E.model = ((sigflags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
pk.E.dialect = ((sigflags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
@@ -1529,7 +1529,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
if (!curvename)
{
model = ((flags & PUBKEY_FLAG_EDDSA)
- ? MPI_EC_TWISTEDEDWARDS
+ ? MPI_EC_EDWARDS
: MPI_EC_WEIERSTRASS);
dialect = ((flags & PUBKEY_FLAG_EDDSA)
? ECC_DIALECT_ED25519
diff --git a/mpi/ec.c b/mpi/ec.c
index 168076f..9e007cd 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -605,7 +605,7 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point,
}
return -1;
- case MPI_EC_TWISTEDEDWARDS:
+ case MPI_EC_EDWARDS:
{
gcry_mpi_t z;
@@ -725,7 +725,7 @@ dup_point_montgomery (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
/* RESULT = 2 * POINT (Twisted Edwards version). */
static void
-dup_point_twistededwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
+dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
{
#define X1 (point->x)
#define Y1 (point->y)
@@ -811,8 +811,8 @@ _gcry_mpi_ec_dup_point (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
case MPI_EC_MONTGOMERY:
dup_point_montgomery (result, point, ctx);
break;
- case MPI_EC_TWISTEDEDWARDS:
- dup_point_twistededwards (result, point, ctx);
+ case MPI_EC_EDWARDS:
+ dup_point_edwards (result, point, ctx);
break;
}
}
@@ -977,9 +977,9 @@ add_points_montgomery (mpi_point_t result,
/* RESULT = P1 + P2 (Twisted Edwards version).*/
static void
-add_points_twistededwards (mpi_point_t result,
- mpi_point_t p1, mpi_point_t p2,
- mpi_ec_t ctx)
+add_points_edwards (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
{
#define X1 (p1->x)
#define Y1 (p1->y)
@@ -1087,8 +1087,8 @@ _gcry_mpi_ec_add_points (mpi_point_t result,
case MPI_EC_MONTGOMERY:
add_points_montgomery (result, p1, p2, ctx);
break;
- case MPI_EC_TWISTEDEDWARDS:
- add_points_twistededwards (result, p1, p2, ctx);
+ case MPI_EC_EDWARDS:
+ add_points_edwards (result, p1, p2, ctx);
break;
}
}
@@ -1106,7 +1106,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
unsigned int i, loops;
mpi_point_struct p1, p2, p1inv;
- if (ctx->model == MPI_EC_TWISTEDEDWARDS)
+ if (ctx->model == MPI_EC_EDWARDS)
{
/* Simple left to right binary method. GECC Algorithm 3.27 */
unsigned int nbits;
@@ -1269,7 +1269,7 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
log_fatal ("%s: %s not yet supported\n",
"_gcry_mpi_ec_curve_point", "Montgomery");
break;
- case MPI_EC_TWISTEDEDWARDS:
+ case MPI_EC_EDWARDS:
{
/* a · x^2 + y^2 - 1 - b · x^2 · y^2 == 0 */
ec_pow2 (x, x, ctx);
diff --git a/src/mpi.h b/src/mpi.h
index 7a57b9a..eb0730e 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -239,13 +239,18 @@ void _gcry_mpi_snatch_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
/* Models describing an elliptic curve. */
enum gcry_mpi_ec_models
{
-
+ /* The Short Weierstrass equation is
+ y^2 = x^3 + ax + b
+ */
MPI_EC_WEIERSTRASS = 0,
+ /* The Montgomery equation is
+ by^2 = x^3 + ax^2 + x
+ */
MPI_EC_MONTGOMERY,
- MPI_EC_TWISTEDEDWARDS
- /* The equation for Twisted Edwards curves is
+ /* The Twisted Edwards equation is
ax^2 + y^2 = 1 + bx^2y^2
Note that we use 'b' instead of the commonly used 'd'. */
+ MPI_EC_EDWARDS
};
/* Dialects used with elliptic curves. It is easier to keep the
-----------------------------------------------------------------------
Summary of changes:
NEWS | 12 ++++++
cipher/dsa-common.c | 33 ++++++++++++++++
cipher/dsa.c | 81 ++++++++++++++++----------------------
cipher/ecc-curves.c | 97 ++++++++++++++++++++++++++++++++++++++++++++--
cipher/ecc-ecdsa.c | 28 ++++++-------
cipher/ecc-misc.c | 4 +-
cipher/ecc.c | 8 ++--
cipher/mac-hmac.c | 8 ++++
cipher/mac.c | 7 ++++
cipher/md.c | 2 +-
cipher/pubkey-internal.h | 3 ++
doc/gcrypt.texi | 12 +++++-
mpi/ec.c | 22 +++++------
src/gcrypt-int.h | 1 +
src/gcrypt.h.in | 4 ++
src/libgcrypt.def | 1 +
src/libgcrypt.vers | 2 +-
src/mpi.h | 11 ++++--
src/visibility.c | 6 +++
src/visibility.h | 2 +
tests/basic.c | 6 +++
tests/curves.c | 2 +-
tests/pubkey.c | 47 +++++++++++++++++++++-
23 files changed, 308 insertions(+), 91 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list