new upstream version breaking ABI compatibility
- this release temporarily includes old compatibility .so
This commit is contained in:
parent
a2cb9937d8
commit
247b2115d1
4
curves.c
4
curves.c
@ -26,10 +26,10 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
|
||||||
#include "../src/gcrypt.h"
|
#include "../src/gcrypt-int.h"
|
||||||
|
|
||||||
/* Number of curves defined in ../cipger/ecc.c */
|
/* Number of curves defined in ../cipger/ecc.c */
|
||||||
#define N_CURVES 3
|
#define N_CURVES 4
|
||||||
|
|
||||||
/* A real world sample public key. */
|
/* A real world sample public key. */
|
||||||
static char const sample_key_1[] =
|
static char const sample_key_1[] =
|
||||||
|
1007
ecc-curves.c
Normal file
1007
ecc-curves.c
Normal file
File diff suppressed because it is too large
Load Diff
@ -6,4 +6,6 @@ set -e -x
|
|||||||
# Clean out patent-or-otherwise-encumbered code.
|
# Clean out patent-or-otherwise-encumbered code.
|
||||||
# EC: ????????? ??/??/2015
|
# EC: ????????? ??/??/2015
|
||||||
|
|
||||||
rm -f cipher/ecc.c
|
rm -f cipher/ecc-curves.c
|
||||||
|
rm -f tests/curves.c
|
||||||
|
rm -f tests/t_mpi_point.c
|
||||||
|
@ -1,73 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.0/cipher/elgamal.c.leak libgcrypt-1.5.0/cipher/elgamal.c
|
|
||||||
--- libgcrypt-1.5.0/cipher/elgamal.c.leak 2011-02-04 20:09:38.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/cipher/elgamal.c 2012-12-03 14:51:10.743067964 +0100
|
|
||||||
@@ -641,7 +641,10 @@ elg_generate_ext (int algo, unsigned int
|
|
||||||
}
|
|
||||||
|
|
||||||
if (xvalue)
|
|
||||||
- ec = generate_using_x (&sk, nbits, xvalue, retfactors);
|
|
||||||
+ {
|
|
||||||
+ ec = generate_using_x (&sk, nbits, xvalue, retfactors);
|
|
||||||
+ gcry_mpi_release(xvalue);
|
|
||||||
+ }
|
|
||||||
else
|
|
||||||
{
|
|
||||||
generate (&sk, nbits, retfactors);
|
|
||||||
diff -up libgcrypt-1.5.0/cipher/primegen.c.leak libgcrypt-1.5.0/cipher/primegen.c
|
|
||||||
--- libgcrypt-1.5.0/cipher/primegen.c.leak 2012-04-05 15:37:52.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/cipher/primegen.c 2012-12-03 14:44:14.610010867 +0100
|
|
||||||
@@ -1198,10 +1198,7 @@ gcry_prime_group_generator (gcry_mpi_t *
|
|
||||||
gcry_mpi_t prime, gcry_mpi_t *factors,
|
|
||||||
gcry_mpi_t start_g)
|
|
||||||
{
|
|
||||||
- gcry_mpi_t tmp = gcry_mpi_new (0);
|
|
||||||
- gcry_mpi_t b = gcry_mpi_new (0);
|
|
||||||
- gcry_mpi_t pmin1 = gcry_mpi_new (0);
|
|
||||||
- gcry_mpi_t g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
|
|
||||||
+ gcry_mpi_t tmp, b, pmin1, g;
|
|
||||||
int first = 1;
|
|
||||||
int i, n;
|
|
||||||
|
|
||||||
@@ -1214,6 +1211,11 @@ gcry_prime_group_generator (gcry_mpi_t *
|
|
||||||
if (n < 2)
|
|
||||||
return gpg_error (GPG_ERR_INV_ARG);
|
|
||||||
|
|
||||||
+ tmp = gcry_mpi_new (0);
|
|
||||||
+ b = gcry_mpi_new (0);
|
|
||||||
+ pmin1 = gcry_mpi_new (0);
|
|
||||||
+ g = start_g? gcry_mpi_copy (start_g) : gcry_mpi_set_ui (NULL, 3);
|
|
||||||
+
|
|
||||||
/* Extra sanity check - usually disabled. */
|
|
||||||
/* mpi_set (tmp, factors[0]); */
|
|
||||||
/* for(i = 1; i < n; i++) */
|
|
||||||
diff -up libgcrypt-1.5.0/cipher/pubkey.c.leak libgcrypt-1.5.0/cipher/pubkey.c
|
|
||||||
--- libgcrypt-1.5.0/cipher/pubkey.c.leak 2011-06-13 12:23:50.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/cipher/pubkey.c 2012-12-03 15:23:42.377183489 +0100
|
|
||||||
@@ -2853,6 +2853,8 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc
|
|
||||||
|
|
||||||
REGISTER_DEFAULT_PUBKEYS;
|
|
||||||
|
|
||||||
+ init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, gcry_pk_get_nbits (s_pkey));
|
|
||||||
+
|
|
||||||
/* Get the key. */
|
|
||||||
rc = sexp_to_key (s_pkey, 0, NULL, &pkey, &module);
|
|
||||||
if (rc)
|
|
||||||
@@ -2873,7 +2875,6 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc
|
|
||||||
algo_elems = pubkey->elements_enc;
|
|
||||||
|
|
||||||
/* Get the stuff we want to encrypt. */
|
|
||||||
- init_encoding_ctx (&ctx, PUBKEY_OP_ENCRYPT, gcry_pk_get_nbits (s_pkey));
|
|
||||||
rc = sexp_data_to_mpi (s_data, &data, &ctx);
|
|
||||||
if (rc)
|
|
||||||
goto leave;
|
|
||||||
diff -up libgcrypt-1.5.0/src/hmac256.c.leak libgcrypt-1.5.0/src/hmac256.c
|
|
||||||
--- libgcrypt-1.5.0/src/hmac256.c.leak 2011-02-04 20:17:33.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/src/hmac256.c 2012-12-03 15:37:36.504955809 +0100
|
|
||||||
@@ -435,7 +435,6 @@ _gcry_hmac256_finalize (hmac256_context_
|
|
||||||
tmphd = _gcry_hmac256_new (NULL, 0);
|
|
||||||
if (!tmphd)
|
|
||||||
{
|
|
||||||
- free (hd);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
_gcry_hmac256_update (tmphd, hd->opad, 64);
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.0/tests/Makefile.noecc libgcrypt-1.5.0/tests/Makefile
|
|
||||||
--- libgcrypt-1.5.0/tests/Makefile.in.noecc 2011-07-21 15:34:33.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/tests/Makefile.in 2011-07-21 15:39:35.000000000 +0200
|
|
||||||
@@ -57,7 +57,7 @@ TESTS = version$(EXEEXT) t-mpi-bit$(EXEE
|
|
||||||
ac-data$(EXEEXT) basic$(EXEEXT) mpitests$(EXEEXT) \
|
|
||||||
tsexp$(EXEEXT) keygen$(EXEEXT) pubkey$(EXEEXT) hmac$(EXEEXT) \
|
|
||||||
keygrip$(EXEEXT) fips186-dsa$(EXEEXT) aeswrap$(EXEEXT) \
|
|
||||||
- curves$(EXEEXT) t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
|
|
||||||
+ t-kdf$(EXEEXT) pkcs1v2$(EXEEXT) \
|
|
||||||
$(am__EXEEXT_1) benchmark$(EXEEXT)
|
|
||||||
|
|
||||||
# random.c uses fork() thus a test for W32 does not make any sense.
|
|
@ -1,214 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.0/cipher/dsa.c.tests libgcrypt-1.5.0/cipher/dsa.c
|
|
||||||
--- libgcrypt-1.5.0/cipher/dsa.c.tests 2011-06-13 12:24:46.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-20 16:44:51.000000000 +0200
|
|
||||||
@@ -479,22 +479,21 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
||||||
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
|
|
||||||
&initial_seed.seedlen);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- /* Fixme: Enable 186-3 after it has been approved and after fixing
|
|
||||||
- the generation function. */
|
|
||||||
- /* if (use_fips186_2) */
|
|
||||||
- (void)use_fips186_2;
|
|
||||||
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|
||||||
- initial_seed.seed,
|
|
||||||
+
|
|
||||||
+ if (use_fips186_2)
|
|
||||||
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|
||||||
+ initial_seed.seed,
|
|
||||||
initial_seed.seedlen,
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen);
|
|
||||||
- /* else */
|
|
||||||
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
|
|
||||||
- /* &prime_q, &prime_p, */
|
|
||||||
- /* r_counter, */
|
|
||||||
- /* r_seed, r_seedlen, NULL); */
|
|
||||||
+ else
|
|
||||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
|
||||||
+ initial_seed.seed,
|
|
||||||
+ initial_seed.seedlen,
|
|
||||||
+ &prime_q, &prime_p,
|
|
||||||
+ r_counter,
|
|
||||||
+ r_seed, r_seedlen, NULL);
|
|
||||||
gcry_sexp_release (initial_seed.sexp);
|
|
||||||
if (ec)
|
|
||||||
goto leave;
|
|
||||||
diff -up libgcrypt-1.5.0/cipher/primegen.c.tests libgcrypt-1.5.0/cipher/primegen.c
|
|
||||||
--- libgcrypt-1.5.0/cipher/primegen.c.tests 2011-03-28 14:19:52.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/cipher/primegen.c 2011-07-21 14:36:03.000000000 +0200
|
|
||||||
@@ -1647,7 +1647,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
||||||
gpg_err_code_t ec;
|
|
||||||
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
|
||||||
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
|
|
||||||
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
|
|
||||||
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
|
|
||||||
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
|
|
||||||
gcry_mpi_t tmpval = NULL; /* Helper variable. */
|
|
||||||
int hashalgo; /* The id of the Approved Hash Function. */
|
|
||||||
@@ -1737,7 +1737,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
||||||
}
|
|
||||||
gcry_mpi_release (prime_q); prime_q = NULL;
|
|
||||||
ec = gpg_err_code (gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
|
|
||||||
- value_u, sizeof value_u, NULL));
|
|
||||||
+ value_u, qbits/8, NULL));
|
|
||||||
if (ec)
|
|
||||||
goto leave;
|
|
||||||
mpi_set_highbit (prime_q, qbits-1 );
|
|
||||||
@@ -1782,11 +1782,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
||||||
if (seed_plus[i])
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
- gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
|
|
||||||
+ gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
|
|
||||||
|
|
||||||
gcry_mpi_release (tmpval); tmpval = NULL;
|
|
||||||
ec = gpg_err_code (gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
|
|
||||||
- digest, sizeof digest, NULL));
|
|
||||||
+ digest, qbits/8, NULL));
|
|
||||||
if (ec)
|
|
||||||
goto leave;
|
|
||||||
if (value_j == value_n)
|
|
||||||
@@ -1822,11 +1822,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Step 12: Save p, q, counter and seed. */
|
|
||||||
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
|
||||||
+/* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
|
||||||
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
|
|
||||||
log_printhex("fips186-3 seed:", seed, seedlen);
|
|
||||||
log_mpidump ("fips186-3 prime p", prime_p);
|
|
||||||
- log_mpidump ("fips186-3 prime q", prime_q);
|
|
||||||
+ log_mpidump ("fips186-3 prime q", prime_q); */
|
|
||||||
if (r_q)
|
|
||||||
{
|
|
||||||
*r_q = prime_q;
|
|
||||||
diff -up libgcrypt-1.5.0/cipher/rsa.c.tests libgcrypt-1.5.0/cipher/rsa.c
|
|
||||||
--- libgcrypt-1.5.0/cipher/rsa.c.tests 2011-06-10 10:53:41.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/cipher/rsa.c 2011-07-21 14:36:59.000000000 +0200
|
|
||||||
@@ -388,7 +388,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
|
||||||
|
|
||||||
*swapped = 0;
|
|
||||||
|
|
||||||
- if (e_value == 1) /* Alias for a secure value. */
|
|
||||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
|
||||||
e_value = 65537;
|
|
||||||
|
|
||||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
|
||||||
diff -up libgcrypt-1.5.0/random/random-fips.c.tests libgcrypt-1.5.0/random/random-fips.c
|
|
||||||
--- libgcrypt-1.5.0/random/random-fips.c.tests 2011-07-20 16:40:59.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.0/random/random-fips.c 2011-07-20 16:40:59.000000000 +0200
|
|
||||||
@@ -691,6 +691,7 @@ get_random (void *buffer, size_t length,
|
|
||||||
|
|
||||||
check_guards (rng_ctx);
|
|
||||||
|
|
||||||
+ reinitialize:
|
|
||||||
/* Initialize the cipher handle and thus setup the key if needed. */
|
|
||||||
if (!rng_ctx->cipher_hd)
|
|
||||||
{
|
|
||||||
@@ -710,13 +711,11 @@ get_random (void *buffer, size_t length,
|
|
||||||
if (rng_ctx->key_init_pid != getpid ()
|
|
||||||
|| rng_ctx->seed_init_pid != getpid ())
|
|
||||||
{
|
|
||||||
- /* We are in a child of us. Because we have no way yet to do
|
|
||||||
- proper re-initialization (including self-checks etc), the
|
|
||||||
- only chance we have is to bail out. Obviusly a fork/exec
|
|
||||||
- won't harm because the exec overwrites the old image. */
|
|
||||||
- fips_signal_error ("fork without proper re-initialization "
|
|
||||||
- "detected in RNG");
|
|
||||||
- goto bailout;
|
|
||||||
+ /* Just reinitialize the key & seed. */
|
|
||||||
+ gcry_cipher_close(rng_ctx->cipher_hd);
|
|
||||||
+ rng_ctx->cipher_hd = NULL;
|
|
||||||
+ rng_ctx->is_seeded = 0;
|
|
||||||
+ goto reinitialize;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (x931_aes_driver (buffer, length, rng_ctx))
|
|
||||||
diff -up libgcrypt-1.5.0/tests/ac.c.tests libgcrypt-1.5.0/tests/ac.c
|
|
||||||
--- libgcrypt-1.5.0/tests/ac.c.tests 2011-02-04 20:18:20.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/tests/ac.c 2011-07-20 16:40:59.000000000 +0200
|
|
||||||
@@ -150,6 +150,9 @@ main (int argc, char **argv)
|
|
||||||
if (!gcry_check_version (GCRYPT_VERSION))
|
|
||||||
die ("version mismatch\n");
|
|
||||||
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
+ if (gcry_fips_mode_active())
|
|
||||||
+ /* ac not functional in the fips mode, skip it */
|
|
||||||
+ return 77;
|
|
||||||
if (debug)
|
|
||||||
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
|
||||||
/* No valuable keys are create, so we can speed up our RNG. */
|
|
||||||
diff -up libgcrypt-1.5.0/tests/ac-data.c.tests libgcrypt-1.5.0/tests/ac-data.c
|
|
||||||
--- libgcrypt-1.5.0/tests/ac-data.c.tests 2011-02-04 20:18:20.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/tests/ac-data.c 2011-07-20 16:40:59.000000000 +0200
|
|
||||||
@@ -198,6 +198,9 @@ main (int argc, char **argv)
|
|
||||||
if (!gcry_check_version (GCRYPT_VERSION))
|
|
||||||
die ("version mismatch\n");
|
|
||||||
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
+ if (gcry_fips_mode_active())
|
|
||||||
+ /* ac not functional in the fips mode, skip it */
|
|
||||||
+ return 77;
|
|
||||||
if (debug)
|
|
||||||
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.5.0/tests/ac-schemes.c.tests libgcrypt-1.5.0/tests/ac-schemes.c
|
|
||||||
--- libgcrypt-1.5.0/tests/ac-schemes.c.tests 2011-02-04 20:18:20.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/tests/ac-schemes.c 2011-07-20 16:40:59.000000000 +0200
|
|
||||||
@@ -338,6 +338,9 @@ main (int argc, char **argv)
|
|
||||||
if (! gcry_check_version (GCRYPT_VERSION))
|
|
||||||
die ("version mismatch\n");
|
|
||||||
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
|
||||||
+ if (gcry_fips_mode_active())
|
|
||||||
+ /* ac not functional in the fips mode, skip it */
|
|
||||||
+ return 77;
|
|
||||||
if (debug)
|
|
||||||
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.5.0/tests/keygen.c.tests libgcrypt-1.5.0/tests/keygen.c
|
|
||||||
--- libgcrypt-1.5.0/tests/keygen.c.tests 2011-02-04 20:18:20.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/tests/keygen.c 2011-07-21 14:39:03.000000000 +0200
|
|
||||||
@@ -148,12 +148,12 @@ check_rsa_keys (void)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (verbose)
|
|
||||||
- fprintf (stderr, "creating 1536 bit DSA key\n");
|
|
||||||
+ fprintf (stderr, "creating 2048 bit DSA key\n");
|
|
||||||
rc = gcry_sexp_new (&keyparm,
|
|
||||||
"(genkey\n"
|
|
||||||
" (dsa\n"
|
|
||||||
- " (nbits 4:1536)\n"
|
|
||||||
- " (qbits 3:224)\n"
|
|
||||||
+ " (nbits 4:2048)\n"
|
|
||||||
+ " (qbits 3:256)\n"
|
|
||||||
" ))", 0, 1);
|
|
||||||
if (rc)
|
|
||||||
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
|
||||||
@@ -190,11 +190,11 @@ check_rsa_keys (void)
|
|
||||||
|
|
||||||
|
|
||||||
if (verbose)
|
|
||||||
- fprintf (stderr, "creating 512 bit RSA key with e=257\n");
|
|
||||||
+ fprintf (stderr, "creating 1024 bit RSA key with e=257\n");
|
|
||||||
rc = gcry_sexp_new (&keyparm,
|
|
||||||
"(genkey\n"
|
|
||||||
" (rsa\n"
|
|
||||||
- " (nbits 3:512)\n"
|
|
||||||
+ " (nbits 4:1024)\n"
|
|
||||||
" (rsa-use-e 3:257)\n"
|
|
||||||
" ))", 0, 1);
|
|
||||||
if (rc)
|
|
||||||
@@ -208,11 +208,11 @@ check_rsa_keys (void)
|
|
||||||
gcry_sexp_release (key);
|
|
||||||
|
|
||||||
if (verbose)
|
|
||||||
- fprintf (stderr, "creating 512 bit RSA key with default e\n");
|
|
||||||
+ fprintf (stderr, "creating 1024 bit RSA key with default secure e\n");
|
|
||||||
rc = gcry_sexp_new (&keyparm,
|
|
||||||
"(genkey\n"
|
|
||||||
" (rsa\n"
|
|
||||||
- " (nbits 3:512)\n"
|
|
||||||
+ " (nbits 4:1024)\n"
|
|
||||||
" (rsa-use-e 1:0)\n"
|
|
||||||
" ))", 0, 1);
|
|
||||||
if (rc)
|
|
@ -60,7 +60,7 @@ diff -up libgcrypt-1.5.0/src/fips.c.use-fipscheck libgcrypt-1.5.0/src/fips.c
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
|
- fname = gcry_malloc (strlen (info.dli_fname) + 1 + 5 + 1 );
|
||||||
+ fname = gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
|
+ fname = _gcry_malloc (strlen (libpath) + 1 + 5 + 1 );
|
||||||
if (!fname)
|
if (!fname)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
else
|
else
|
||||||
|
@ -1,102 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.2/mpi/mpicoder.c.gccopt libgcrypt-1.5.2/mpi/mpicoder.c
|
|
||||||
--- libgcrypt-1.5.2/mpi/mpicoder.c.gccopt 2013-04-18 16:48:42.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.2/mpi/mpicoder.c 2013-06-20 10:24:57.241510589 +0200
|
|
||||||
@@ -555,16 +555,16 @@ gcry_mpi_print (enum gcry_mpi_format for
|
|
||||||
extra=1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (buffer && n > len)
|
|
||||||
- {
|
|
||||||
- /* The provided buffer is too short. */
|
|
||||||
- gcry_free (tmp);
|
|
||||||
- return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
- }
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (n > len)
|
|
||||||
+ {
|
|
||||||
+ /* The provided buffer is too short. */
|
|
||||||
+ gcry_free (tmp);
|
|
||||||
+ return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
+ }
|
|
||||||
if (extra)
|
|
||||||
*s++ = 0;
|
|
||||||
memcpy (s, tmp, n-extra);
|
|
||||||
@@ -580,12 +580,12 @@ gcry_mpi_print (enum gcry_mpi_format for
|
|
||||||
/* Note: We ignore the sign for this format. */
|
|
||||||
/* FIXME: for performance reasons we should put this into
|
|
||||||
mpi_aprint because we can then use the buffer directly. */
|
|
||||||
- if (buffer && n > len)
|
|
||||||
- return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *tmp;
|
|
||||||
|
|
||||||
+ if (n > len)
|
|
||||||
+ return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
tmp = _gcry_mpi_get_buffer (a, &n, NULL);
|
|
||||||
if (!tmp)
|
|
||||||
return gpg_error_from_syserror ();
|
|
||||||
@@ -603,14 +603,13 @@ gcry_mpi_print (enum gcry_mpi_format for
|
|
||||||
if( a->sign )
|
|
||||||
return gcry_error (GPG_ERR_INV_ARG);
|
|
||||||
|
|
||||||
- if (buffer && n+2 > len)
|
|
||||||
- return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
-
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *tmp;
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (n+2 > len)
|
|
||||||
+ return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
s[0] = nbits >> 8;
|
|
||||||
s[1] = nbits;
|
|
||||||
|
|
||||||
@@ -641,16 +640,16 @@ gcry_mpi_print (enum gcry_mpi_format for
|
|
||||||
extra=1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (buffer && n+4 > len)
|
|
||||||
- {
|
|
||||||
- gcry_free(tmp);
|
|
||||||
- return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (n+4 > len)
|
|
||||||
+ {
|
|
||||||
+ gcry_free(tmp);
|
|
||||||
+ return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
*s++ = n >> 24;
|
|
||||||
*s++ = n >> 16;
|
|
||||||
*s++ = n >> 8;
|
|
||||||
@@ -677,15 +676,15 @@ gcry_mpi_print (enum gcry_mpi_format for
|
|
||||||
if (!n || (*tmp & 0x80))
|
|
||||||
extra = 2;
|
|
||||||
|
|
||||||
- if (buffer && 2*n + extra + !!a->sign + 1 > len)
|
|
||||||
- {
|
|
||||||
- gcry_free(tmp);
|
|
||||||
- return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
- }
|
|
||||||
if (buffer)
|
|
||||||
{
|
|
||||||
unsigned char *s = buffer;
|
|
||||||
|
|
||||||
+ if (2*n + extra + !!a->sign + 1 > len)
|
|
||||||
+ {
|
|
||||||
+ gcry_free(tmp);
|
|
||||||
+ return gcry_error (GPG_ERR_TOO_SHORT);
|
|
||||||
+ }
|
|
||||||
if (a->sign)
|
|
||||||
*s++ = '-';
|
|
||||||
if (extra)
|
|
@ -1,12 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.3/tests/benchmark.c.eccfix libgcrypt-1.5.3/tests/benchmark.c
|
|
||||||
--- libgcrypt-1.5.3/tests/benchmark.c.eccfix 2013-10-20 23:45:32.157297611 +0100
|
|
||||||
+++ libgcrypt-1.5.3/tests/benchmark.c 2013-10-20 23:45:42.683275072 +0100
|
|
||||||
@@ -962,7 +962,7 @@ ecc_bench (int iterations, int print_hea
|
|
||||||
{
|
|
||||||
#if USE_ECC
|
|
||||||
gpg_error_t err;
|
|
||||||
- int p_sizes[] = { 192, 224, 256, 384, 521 };
|
|
||||||
+ int p_sizes[] = { 256, 384 };
|
|
||||||
int testno;
|
|
||||||
|
|
||||||
if (print_header)
|
|
@ -1,32 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup libgcrypt-1.5.3/cipher/kdf.c
|
|
||||||
--- libgcrypt-1.5.3/cipher/kdf.c.pbkdf-speedup 2014-01-21 15:49:22.676638703 +0100
|
|
||||||
+++ libgcrypt-1.5.3/cipher/kdf.c 2014-01-21 15:52:40.115047218 +0100
|
|
||||||
@@ -172,19 +172,21 @@ pkdf2 (const void *passphrase, size_t pa
|
|
||||||
return ec;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
|
|
||||||
+ if (ec)
|
|
||||||
+ {
|
|
||||||
+ gcry_md_close (md);
|
|
||||||
+ gcry_free (sbuf);
|
|
||||||
+ return ec;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Step 3 and 4. */
|
|
||||||
memcpy (sbuf, salt, saltlen);
|
|
||||||
for (lidx = 1; lidx <= l; lidx++)
|
|
||||||
{
|
|
||||||
for (iter = 0; iter < iterations; iter++)
|
|
||||||
{
|
|
||||||
- ec = gpg_err_code (gcry_md_setkey (md, passphrase, passphraselen));
|
|
||||||
- if (ec)
|
|
||||||
- {
|
|
||||||
- gcry_md_close (md);
|
|
||||||
- gcry_free (sbuf);
|
|
||||||
- return ec;
|
|
||||||
- }
|
|
||||||
+ gcry_md_reset (md);
|
|
||||||
if (!iter) /* Compute U_1: */
|
|
||||||
{
|
|
||||||
sbuf[saltlen] = (lidx >> 24);
|
|
@ -1,28 +0,0 @@
|
|||||||
diff -up libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug libgcrypt-1.5.3/cipher/whirlpool.c
|
|
||||||
--- libgcrypt-1.5.3/cipher/whirlpool.c.whirlpool-bug 2013-05-22 18:02:54.000000000 +0200
|
|
||||||
+++ libgcrypt-1.5.3/cipher/whirlpool.c 2014-01-21 15:45:51.308919415 +0100
|
|
||||||
@@ -56,6 +56,7 @@ typedef struct {
|
|
||||||
unsigned char buffer[BLOCK_SIZE];
|
|
||||||
size_t count;
|
|
||||||
unsigned char length[32];
|
|
||||||
+ int bug;
|
|
||||||
} whirlpool_context_t;
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1185,6 +1186,7 @@ whirlpool_init (void *ctx)
|
|
||||||
whirlpool_context_t *context = ctx;
|
|
||||||
|
|
||||||
memset (context, 0, sizeof (*context));
|
|
||||||
+ context->bug = secure_getenv("GCRYPT_WHIRLPOOL_BUG") != NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@@ -1316,7 +1318,7 @@ whirlpool_add (whirlpool_context_t *cont
|
|
||||||
buffer_n--;
|
|
||||||
}
|
|
||||||
whirlpool_add (context, NULL, 0);
|
|
||||||
- if (!buffer_n)
|
|
||||||
+ if (context->bug && !buffer_n)
|
|
||||||
/* Done. */
|
|
||||||
return;
|
|
||||||
}
|
|
214
libgcrypt-1.6.1-ecc-test-fix.patch
Normal file
214
libgcrypt-1.6.1-ecc-test-fix.patch
Normal file
@ -0,0 +1,214 @@
|
|||||||
|
diff -up libgcrypt-1.6.1/tests/benchmark.c.eccfix libgcrypt-1.6.1/tests/benchmark.c
|
||||||
|
--- libgcrypt-1.6.1/tests/benchmark.c.eccfix 2014-01-27 14:36:43.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/tests/benchmark.c 2014-02-28 16:14:13.042505538 +0100
|
||||||
|
@@ -1087,8 +1087,7 @@ ecc_bench (int iterations, int print_hea
|
||||||
|
{
|
||||||
|
#if USE_ECC
|
||||||
|
gpg_error_t err;
|
||||||
|
- const char *p_sizes[] = { "192", "224", "256", "384", "521", "Ed25519",
|
||||||
|
- "gost256", "gost512" };
|
||||||
|
+ const char *p_sizes[] = { "256", "384", "521", "Ed25519" };
|
||||||
|
int testno;
|
||||||
|
|
||||||
|
if (print_header)
|
||||||
|
diff -up libgcrypt-1.6.1/tests/dsa-rfc6979.c.eccfix libgcrypt-1.6.1/tests/dsa-rfc6979.c
|
||||||
|
--- libgcrypt-1.6.1/tests/dsa-rfc6979.c.eccfix 2013-12-16 18:44:32.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/tests/dsa-rfc6979.c 2014-02-28 16:18:44.138771523 +0100
|
||||||
|
@@ -210,27 +210,6 @@ check_dsa_rfc6979 (void)
|
||||||
|
" ))"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "(private-key"
|
||||||
|
- " (ecdsa"
|
||||||
|
- " (curve \"NIST P-192\")"
|
||||||
|
- " (q #04AC2C77F529F91689FEA0EA5EFEC7F210D8EEA0B9E047ED56"
|
||||||
|
- " 3BC723E57670BD4887EBC732C523063D0A7C957BC97C1C43#)"
|
||||||
|
- " (d #6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4#)"
|
||||||
|
- " ))"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "(private-key"
|
||||||
|
- " (ecdsa"
|
||||||
|
- " (curve \"NIST P-224\")"
|
||||||
|
- " (q #04"
|
||||||
|
- " 00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C"
|
||||||
|
- " EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A#)"
|
||||||
|
- " (d #F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1#)"
|
||||||
|
- " ))"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
"ECDSA, 256 bits (prime field)",
|
||||||
|
"(private-key"
|
||||||
|
" (ecdsa"
|
||||||
|
@@ -443,169 +422,6 @@ check_dsa_rfc6979 (void)
|
||||||
|
"C9F0BDABCC0D880BB137A994CC7F3980CE91CC10FAF529FC46565B15CEA854E1"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-1, message = \"sample\"",
|
||||||
|
- "sha1", "sample",
|
||||||
|
- "37D7CA00D2C7B0E5E412AC03BD44BA837FDD5B28CD3B0021",
|
||||||
|
- "98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF",
|
||||||
|
- "57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-224, message = \"sample\"",
|
||||||
|
- "sha224", "sample",
|
||||||
|
- "4381526B3FC1E7128F202E194505592F01D5FF4C5AF015D8",
|
||||||
|
- "A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5",
|
||||||
|
- "E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-256, message = \"sample\"",
|
||||||
|
- "sha256", "sample",
|
||||||
|
- "32B1B6D7D42A05CB449065727A84804FB1A3E34D8F261496",
|
||||||
|
- "4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55",
|
||||||
|
- "CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-384, message = \"sample\"",
|
||||||
|
- "sha384", "sample",
|
||||||
|
- "4730005C4FCB01834C063A7B6760096DBE284B8252EF4311",
|
||||||
|
- "DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5",
|
||||||
|
- "C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-512, message = \"sample\"",
|
||||||
|
- "sha512", "sample",
|
||||||
|
- "A2AC7AB055E4F20692D49209544C203A7D1F2C0BFBC75DB1",
|
||||||
|
- "4D60C5AB1996BD848343B31C00850205E2EA6922DAC2E4B8",
|
||||||
|
- "3F6E837448F027A1BF4B34E796E32A811CBB4050908D8F67"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-1, message = \"test\"",
|
||||||
|
- "sha1", "test",
|
||||||
|
- "D9CF9C3D3297D3260773A1DA7418DB5537AB8DD93DE7FA25",
|
||||||
|
- "0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D",
|
||||||
|
- "EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-224, message = \"test\"",
|
||||||
|
- "sha224", "test",
|
||||||
|
- "F5DC805F76EF851800700CCE82E7B98D8911B7D510059FBE",
|
||||||
|
- "6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34",
|
||||||
|
- "B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-256, message = \"test\"",
|
||||||
|
- "sha256", "test",
|
||||||
|
- "5C4CE89CF56D9E7C77C8585339B006B97B5F0680B4306C6C",
|
||||||
|
- "3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE",
|
||||||
|
- "5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-384, message = \"test\"",
|
||||||
|
- "sha384", "test",
|
||||||
|
- "5AFEFB5D3393261B828DB6C91FBC68C230727B030C975693",
|
||||||
|
- "B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367",
|
||||||
|
- "7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 192 bits (prime field)",
|
||||||
|
- "With SHA-512, message = \"test\"",
|
||||||
|
- "sha512", "test",
|
||||||
|
- "0758753A5254759C7CFBAD2E2D9B0792EEE44136C9480527",
|
||||||
|
- "FE4F4AE86A58B6507946715934FE2D8FF9D95B6B098FE739",
|
||||||
|
- "74CF5605C98FBA0E1EF34D4B5A1577A7DCF59457CAE52290"
|
||||||
|
- },
|
||||||
|
-
|
||||||
|
-
|
||||||
|
-
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-1, message = \"sample\"",
|
||||||
|
- "sha1", "sample",
|
||||||
|
- "7EEFADD91110D8DE6C2C470831387C50D3357F7F4D477054B8B426BC",
|
||||||
|
- "22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC",
|
||||||
|
- "66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-224, message = \"sample\"",
|
||||||
|
- "sha224", "sample",
|
||||||
|
- "C1D1F2F10881088301880506805FEB4825FE09ACB6816C36991AA06D",
|
||||||
|
- "1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E",
|
||||||
|
- "A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-256, message = \"sample\"",
|
||||||
|
- "sha256", "sample",
|
||||||
|
- "AD3029E0278F80643DE33917CE6908C70A8FF50A411F06E41DEDFCDC",
|
||||||
|
- "61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA",
|
||||||
|
- "BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-384, message = \"sample\"",
|
||||||
|
- "sha384", "sample",
|
||||||
|
- "52B40F5A9D3D13040F494E83D3906C6079F29981035C7BD51E5CAC40",
|
||||||
|
- "0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953",
|
||||||
|
- "830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-512, message = \"sample\"",
|
||||||
|
- "sha512", "sample",
|
||||||
|
- "9DB103FFEDEDF9CFDBA05184F925400C1653B8501BAB89CEA0FBEC14",
|
||||||
|
- "074BD1D979D5F32BF958DDC61E4FB4872ADCAFEB2256497CDAC30397",
|
||||||
|
- "A4CECA196C3D5A1FF31027B33185DC8EE43F288B21AB342E5D8EB084"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-1, message = \"test\"",
|
||||||
|
- "sha1", "test",
|
||||||
|
- "2519178F82C3F0E4F87ED5883A4E114E5B7A6E374043D8EFD329C253",
|
||||||
|
- "DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C",
|
||||||
|
- "95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-224, message = \"test\"",
|
||||||
|
- "sha224", "test",
|
||||||
|
- "DF8B38D40DCA3E077D0AC520BF56B6D565134D9B5F2EAE0D34900524",
|
||||||
|
- "C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019",
|
||||||
|
- "902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-256, message = \"test\"",
|
||||||
|
- "sha256", "test",
|
||||||
|
- "FF86F57924DA248D6E44E8154EB69F0AE2AEBAEE9931D0B5A969F904",
|
||||||
|
- "AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6",
|
||||||
|
- "178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-384, message = \"test\"",
|
||||||
|
- "sha384", "test",
|
||||||
|
- "7046742B839478C1B5BD31DB2E862AD868E1A45C863585B5F22BDC2D",
|
||||||
|
- "389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4",
|
||||||
|
- "414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
- "ECDSA, 224 bits (prime field)",
|
||||||
|
- "With SHA-512, message = \"test\"",
|
||||||
|
- "sha512", "test",
|
||||||
|
- "E39C2AA4EA6BE2306C72126D40ED77BF9739BB4D6EF2BBB1DCB6169D",
|
||||||
|
- "049F050477C5ADD858CAC56208394B5A55BAEBBE887FDF765047C17C",
|
||||||
|
- "077EB13E7005929CEFA3CD0403C7CDCC077ADF4E44F3C41B2F60ECFF"
|
||||||
|
- },
|
||||||
|
- {
|
||||||
|
"ECDSA, 256 bits (prime field)",
|
||||||
|
"With SHA-1, message = \"sample\"",
|
||||||
|
"sha1", "sample",
|
@ -1,57 +1,6 @@
|
|||||||
diff -up libgcrypt-1.5.0/cipher/dsa.c.cavs libgcrypt-1.5.0/cipher/dsa.c
|
diff -up libgcrypt-1.6.1/tests/cavs_driver.pl.cavs libgcrypt-1.6.1/tests/cavs_driver.pl
|
||||||
--- libgcrypt-1.5.0/cipher/dsa.c.cavs 2011-07-21 14:56:35.000000000 +0200
|
--- libgcrypt-1.6.1/tests/cavs_driver.pl.cavs 2013-03-15 20:25:38.000000000 +0100
|
||||||
+++ libgcrypt-1.5.0/cipher/dsa.c 2011-07-21 14:58:06.000000000 +0200
|
+++ libgcrypt-1.6.1/tests/cavs_driver.pl 2014-02-28 14:46:16.436544639 +0100
|
||||||
@@ -479,7 +479,6 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
||||||
initial_seed.seed = gcry_sexp_nth_data (initial_seed.sexp, 1,
|
|
||||||
&initial_seed.seedlen);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
if (use_fips186_2)
|
|
||||||
ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
|
||||||
initial_seed.seed,
|
|
||||||
@@ -487,13 +486,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen);
|
|
||||||
- else
|
|
||||||
+ else if (!domain->p || !domain->q)
|
|
||||||
ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
|
||||||
initial_seed.seed,
|
|
||||||
initial_seed.seedlen,
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen, NULL);
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ /* Domain parameters p and q are given; use them. */
|
|
||||||
+ prime_p = mpi_copy (domain->p);
|
|
||||||
+ prime_q = mpi_copy (domain->q);
|
|
||||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
|
||||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
|
||||||
+ ec = 0;
|
|
||||||
+ }
|
|
||||||
gcry_sexp_release (initial_seed.sexp);
|
|
||||||
if (ec)
|
|
||||||
goto leave;
|
|
||||||
@@ -784,13 +792,12 @@ dsa_generate_ext (int algo, unsigned int
|
|
||||||
gcry_sexp_release (l1);
|
|
||||||
gcry_sexp_release (domainsexp);
|
|
||||||
|
|
||||||
- /* Check that all domain parameters are available. */
|
|
||||||
- if (!domain.p || !domain.q || !domain.g)
|
|
||||||
+ /* Check that p and q domain parameters are available. */
|
|
||||||
+ if (!domain.p || !domain.q || (!domain.g && !use_fips186))
|
|
||||||
{
|
|
||||||
gcry_mpi_release (domain.p);
|
|
||||||
gcry_mpi_release (domain.q);
|
|
||||||
gcry_mpi_release (domain.g);
|
|
||||||
- gcry_sexp_release (deriveparms);
|
|
||||||
return GPG_ERR_MISSING_VALUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.5.0/tests/cavs_driver.pl.cavs libgcrypt-1.5.0/tests/cavs_driver.pl
|
|
||||||
--- libgcrypt-1.5.0/tests/cavs_driver.pl.cavs 2011-02-04 20:18:20.000000000 +0100
|
|
||||||
+++ libgcrypt-1.5.0/tests/cavs_driver.pl 2011-07-21 15:01:47.000000000 +0200
|
|
||||||
@@ -1,9 +1,11 @@
|
@@ -1,9 +1,11 @@
|
||||||
#!/usr/bin/env perl
|
#!/usr/bin/env perl
|
||||||
#
|
#
|
||||||
@ -725,9 +674,9 @@ diff -up libgcrypt-1.5.0/tests/cavs_driver.pl.cavs libgcrypt-1.5.0/tests/cavs_dr
|
|||||||
$dsa_sign = \&libgcrypt_dsa_sign;
|
$dsa_sign = \&libgcrypt_dsa_sign;
|
||||||
$dsa_verify = \&libgcrypt_dsa_verify;
|
$dsa_verify = \&libgcrypt_dsa_verify;
|
||||||
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
|
$dsa_genpubkey = \&libgcrypt_dsa_genpubkey;
|
||||||
diff -up libgcrypt-1.5.0/tests/cavs_tests.sh.cavs libgcrypt-1.5.0/tests/cavs_tests.sh
|
diff -up libgcrypt-1.6.1/tests/cavs_tests.sh.cavs libgcrypt-1.6.1/tests/cavs_tests.sh
|
||||||
--- libgcrypt-1.5.0/tests/cavs_tests.sh.cavs 2011-02-04 20:18:20.000000000 +0100
|
--- libgcrypt-1.6.1/tests/cavs_tests.sh.cavs 2013-03-15 20:25:38.000000000 +0100
|
||||||
+++ libgcrypt-1.5.0/tests/cavs_tests.sh 2011-07-21 15:02:16.000000000 +0200
|
+++ libgcrypt-1.6.1/tests/cavs_tests.sh 2014-02-28 14:46:16.437544662 +0100
|
||||||
@@ -55,7 +55,7 @@ function run_one_test () {
|
@@ -55,7 +55,7 @@ function run_one_test () {
|
||||||
[ -d "$respdir" ] || mkdir "$respdir"
|
[ -d "$respdir" ] || mkdir "$respdir"
|
||||||
[ -f "$rspfile" ] && rm "$rspfile"
|
[ -f "$rspfile" ] && rm "$rspfile"
|
||||||
@ -737,9 +686,9 @@ diff -up libgcrypt-1.5.0/tests/cavs_tests.sh.cavs libgcrypt-1.5.0/tests/cavs_tes
|
|||||||
dflag="-D"
|
dflag="-D"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
diff -up libgcrypt-1.5.0/tests/fipsdrv.c.cavs libgcrypt-1.5.0/tests/fipsdrv.c
|
diff -up libgcrypt-1.6.1/tests/fipsdrv.c.cavs libgcrypt-1.6.1/tests/fipsdrv.c
|
||||||
--- libgcrypt-1.5.0/tests/fipsdrv.c.cavs 2011-02-04 20:18:20.000000000 +0100
|
--- libgcrypt-1.6.1/tests/fipsdrv.c.cavs 2013-12-16 18:44:32.000000000 +0100
|
||||||
+++ libgcrypt-1.5.0/tests/fipsdrv.c 2011-07-21 15:06:44.000000000 +0200
|
+++ libgcrypt-1.6.1/tests/fipsdrv.c 2014-02-28 14:46:16.437544662 +0100
|
||||||
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
@@ -893,6 +893,9 @@ print_mpi_line (gcry_mpi_t a, int no_lz)
|
||||||
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
|
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up libgcrypt-1.5.0/random/random-fips.c.cfgrandom libgcrypt-1.5.0/random/random-fips.c
|
diff -up libgcrypt-1.6.1/random/random-fips.c.cfgrandom libgcrypt-1.6.1/random/random-fips.c
|
||||||
--- libgcrypt-1.5.0/random/random-fips.c.cfgrandom 2011-07-21 14:50:34.000000000 +0200
|
--- libgcrypt-1.6.1/random/random-fips.c.cfgrandom 2014-02-28 16:06:20.026572478 +0100
|
||||||
+++ libgcrypt-1.5.0/random/random-fips.c 2011-07-21 14:50:34.000000000 +0200
|
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 16:06:34.851915121 +0100
|
||||||
@@ -27,10 +27,10 @@
|
@@ -27,10 +27,10 @@
|
||||||
There are 3 random context which map to the different levels of
|
There are 3 random context which map to the different levels of
|
||||||
random quality:
|
random quality:
|
||||||
@ -44,65 +44,76 @@ diff -up libgcrypt-1.5.0/random/random-fips.c.cfgrandom libgcrypt-1.5.0/random/r
|
|||||||
#elif USE_RNDW32
|
#elif USE_RNDW32
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
diff -up libgcrypt-1.5.0/random/rndlinux.c.cfgrandom libgcrypt-1.5.0/random/rndlinux.c
|
@@ -713,7 +719,7 @@ get_random (void *buffer, size_t length,
|
||||||
--- libgcrypt-1.5.0/random/rndlinux.c.cfgrandom 2011-02-04 20:16:03.000000000 +0100
|
|| rng_ctx->seed_init_pid != getpid ())
|
||||||
+++ libgcrypt-1.5.0/random/rndlinux.c 2011-07-21 14:50:34.000000000 +0200
|
{
|
||||||
|
/* Just reinitialize the key & seed. */
|
||||||
|
- gcry_cipher_close(rng_ctx->cipher_hd);
|
||||||
|
+ _gcry_cipher_close(rng_ctx->cipher_hd);
|
||||||
|
rng_ctx->cipher_hd = NULL;
|
||||||
|
rng_ctx->is_seeded = 0;
|
||||||
|
goto reinitialize;
|
||||||
|
diff -up libgcrypt-1.6.1/random/rndlinux.c.cfgrandom libgcrypt-1.6.1/random/rndlinux.c
|
||||||
|
--- libgcrypt-1.6.1/random/rndlinux.c.cfgrandom 2013-12-16 18:44:32.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/random/rndlinux.c 2014-02-28 16:06:20.027572501 +0100
|
||||||
@@ -36,7 +36,9 @@
|
@@ -36,7 +36,9 @@
|
||||||
#include "g10lib.h"
|
#include "g10lib.h"
|
||||||
#include "rand-internal.h"
|
#include "rand-internal.h"
|
||||||
|
|
||||||
-static int open_device ( const char *name );
|
-static int open_device (const char *name, int retry);
|
||||||
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
+#define NAME_OF_CFG_RNGSEED "/etc/gcrypt/rngseed"
|
||||||
+
|
+
|
||||||
+static int open_device ( const char *name, int fatal );
|
+static int open_device (const char *name, int retry, int fatal);
|
||||||
|
|
||||||
|
|
||||||
static int
|
static int
|
||||||
@@ -57,13 +59,17 @@ set_cloexec_flag (int fd)
|
@@ -59,7 +61,7 @@ set_cloexec_flag (int fd)
|
||||||
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
|
* a fatal error but retries until it is able to reopen the device.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
-open_device ( const char *name )
|
-open_device (const char *name, int retry)
|
||||||
+open_device ( const char *name, int fatal )
|
+open_device (const char *name, int retry, int fatal)
|
||||||
{
|
{
|
||||||
int fd;
|
int fd;
|
||||||
|
|
||||||
|
@@ -67,6 +69,8 @@ open_device (const char *name, int retry
|
||||||
|
_gcry_random_progress ("open_dev_random", 'X', 1, 0);
|
||||||
|
again:
|
||||||
fd = open (name, O_RDONLY);
|
fd = open (name, O_RDONLY);
|
||||||
if ( fd == -1 )
|
+ if (fd == -1 && !fatal)
|
||||||
- log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
|
||||||
+ {
|
|
||||||
+ if (! fatal)
|
|
||||||
+ return fd;
|
+ return fd;
|
||||||
+ log_fatal ("can't open %s: %s\n", name, strerror(errno) );
|
if (fd == -1 && retry)
|
||||||
+ }
|
{
|
||||||
|
struct timeval tv;
|
||||||
if (set_cloexec_flag (fd))
|
@@ -111,6 +115,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
|
|
||||||
@@ -92,6 +98,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
{
|
{
|
||||||
static int fd_urandom = -1;
|
static int fd_urandom = -1;
|
||||||
static int fd_random = -1;
|
static int fd_random = -1;
|
||||||
+ static int fd_configured = -1;
|
+ static int fd_configured = -1;
|
||||||
|
static unsigned char ever_opened;
|
||||||
int fd;
|
int fd;
|
||||||
int n;
|
int n;
|
||||||
byte buffer[768];
|
@@ -134,6 +139,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
@@ -100,6 +107,7 @@ _gcry_rndlinux_gather_random (void (*add
|
close (fd_urandom);
|
||||||
size_t last_so_far = 0;
|
fd_urandom = -1;
|
||||||
int any_need_entropy = 0;
|
}
|
||||||
int delay;
|
+ if (fd_configured != -1)
|
||||||
+ size_t orig_length = length;
|
+ {
|
||||||
|
+ close (fd_configured);
|
||||||
|
+ fd_configured = -1;
|
||||||
|
+ }
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* First read from a hardware source. However let it account only
|
@@ -153,20 +163,30 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
for up to 50% of the requested bytes. */
|
that we always require the device to be existent but want a more
|
||||||
@@ -110,16 +118,26 @@ _gcry_rndlinux_gather_random (void (*add
|
graceful behaviour if the rarely needed close operation has been
|
||||||
length -= n_hw;
|
used and the device needs to be re-opened later. */
|
||||||
|
|
||||||
/* Open the requested device. */
|
|
||||||
+
|
+
|
||||||
+ if (level == -1)
|
+ if (level == -1)
|
||||||
+ {
|
+ {
|
||||||
+ if (fd_configured == -1)
|
+ if (fd_configured == -1)
|
||||||
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0 );
|
+ fd_configured = open_device ( NAME_OF_CFG_RNGSEED, 0, 0 );
|
||||||
+ fd = fd_configured;
|
+ fd = fd_configured;
|
||||||
+ if (fd == -1)
|
+ if (fd == -1)
|
||||||
+ return -1;
|
+ return -1;
|
||||||
@ -111,16 +122,20 @@ diff -up libgcrypt-1.5.0/random/rndlinux.c.cfgrandom libgcrypt-1.5.0/random/rndl
|
|||||||
if (level >= 2)
|
if (level >= 2)
|
||||||
{
|
{
|
||||||
if (fd_random == -1)
|
if (fd_random == -1)
|
||||||
- fd_random = open_device ( NAME_OF_DEV_RANDOM );
|
{
|
||||||
+ fd_random = open_device ( NAME_OF_DEV_RANDOM, 1 );
|
- fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1));
|
||||||
|
+ fd_random = open_device (NAME_OF_DEV_RANDOM, (ever_opened & 1), 1);
|
||||||
|
ever_opened |= 1;
|
||||||
|
}
|
||||||
fd = fd_random;
|
fd = fd_random;
|
||||||
}
|
}
|
||||||
- else
|
- else
|
||||||
+ else if (level != -1)
|
+ else if (level != -1)
|
||||||
{
|
{
|
||||||
if (fd_urandom == -1)
|
if (fd_urandom == -1)
|
||||||
- fd_urandom = open_device ( NAME_OF_DEV_URANDOM );
|
{
|
||||||
+ fd_urandom = open_device ( NAME_OF_DEV_URANDOM, 1 );
|
- fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
||||||
fd = fd_urandom;
|
+ fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2), 1);
|
||||||
|
ever_opened |= 2;
|
||||||
}
|
}
|
||||||
|
fd = fd_urandom;
|
38
libgcrypt-1.6.1-leak.patch
Normal file
38
libgcrypt-1.6.1-leak.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
diff -up libgcrypt-1.6.1/cipher/primegen.c.leak libgcrypt-1.6.1/cipher/primegen.c
|
||||||
|
--- libgcrypt-1.6.1/cipher/primegen.c.leak 2014-02-28 15:06:24.394464790 +0100
|
||||||
|
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-02-28 15:09:22.938591664 +0100
|
||||||
|
@@ -1204,10 +1204,7 @@ _gcry_prime_group_generator (gcry_mpi_t
|
||||||
|
gcry_mpi_t prime, gcry_mpi_t *factors,
|
||||||
|
gcry_mpi_t start_g)
|
||||||
|
{
|
||||||
|
- gcry_mpi_t tmp = mpi_new (0);
|
||||||
|
- gcry_mpi_t b = mpi_new (0);
|
||||||
|
- gcry_mpi_t pmin1 = mpi_new (0);
|
||||||
|
- gcry_mpi_t g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
|
||||||
|
+ gcry_mpi_t tmp, b, pmin1, g;
|
||||||
|
int first = 1;
|
||||||
|
int i, n;
|
||||||
|
|
||||||
|
@@ -1220,6 +1217,11 @@ _gcry_prime_group_generator (gcry_mpi_t
|
||||||
|
if (n < 2)
|
||||||
|
return GPG_ERR_INV_ARG;
|
||||||
|
|
||||||
|
+ tmp = mpi_new (0);
|
||||||
|
+ b = mpi_new (0);
|
||||||
|
+ pmin1 = mpi_new (0);
|
||||||
|
+ g = start_g? mpi_copy (start_g) : mpi_set_ui (NULL, 3);
|
||||||
|
+
|
||||||
|
/* Extra sanity check - usually disabled. */
|
||||||
|
/* mpi_set (tmp, factors[0]); */
|
||||||
|
/* for(i = 1; i < n; i++) */
|
||||||
|
diff -up libgcrypt-1.6.1/src/hmac256.c.leak libgcrypt-1.6.1/src/hmac256.c
|
||||||
|
--- libgcrypt-1.6.1/src/hmac256.c.leak 2013-12-16 18:44:32.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/src/hmac256.c 2014-02-28 15:06:24.394464790 +0100
|
||||||
|
@@ -427,7 +427,6 @@ _gcry_hmac256_finalize (hmac256_context_
|
||||||
|
tmphd = _gcry_hmac256_new (NULL, 0);
|
||||||
|
if (!tmphd)
|
||||||
|
{
|
||||||
|
- free (hd);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
_gcry_hmac256_update (tmphd, hd->opad, 64);
|
104
libgcrypt-1.6.1-mpicoder-gccopt.patch
Normal file
104
libgcrypt-1.6.1-mpicoder-gccopt.patch
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
diff -up libgcrypt-1.6.1/mpi/mpicoder.c.gccopt libgcrypt-1.6.1/mpi/mpicoder.c
|
||||||
|
--- libgcrypt-1.6.1/mpi/mpicoder.c.gccopt 2014-02-28 15:37:53.983139821 +0100
|
||||||
|
+++ libgcrypt-1.6.1/mpi/mpicoder.c 2014-02-28 15:47:35.312576387 +0100
|
||||||
|
@@ -627,16 +627,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||||
|
extra = 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (buffer && n > len)
|
||||||
|
- {
|
||||||
|
- /* The provided buffer is too short. */
|
||||||
|
- xfree (tmp);
|
||||||
|
- return GPG_ERR_TOO_SHORT;
|
||||||
|
- }
|
||||||
|
if (buffer)
|
||||||
|
{
|
||||||
|
unsigned char *s = buffer;
|
||||||
|
|
||||||
|
+ if (n > len)
|
||||||
|
+ {
|
||||||
|
+ /* The provided buffer is too short. */
|
||||||
|
+ xfree (tmp);
|
||||||
|
+ return GPG_ERR_TOO_SHORT;
|
||||||
|
+ }
|
||||||
|
if (extra == 1)
|
||||||
|
*s++ = 0;
|
||||||
|
else if (extra)
|
||||||
|
@@ -654,13 +654,12 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||||
|
/* Note: We ignore the sign for this format. */
|
||||||
|
/* FIXME: for performance reasons we should put this into
|
||||||
|
mpi_aprint because we can then use the buffer directly. */
|
||||||
|
-
|
||||||
|
- if (buffer && n > len)
|
||||||
|
- return GPG_ERR_TOO_SHORT;
|
||||||
|
if (buffer)
|
||||||
|
{
|
||||||
|
unsigned char *tmp;
|
||||||
|
|
||||||
|
+ if (n > len)
|
||||||
|
+ return GPG_ERR_TOO_SHORT;
|
||||||
|
tmp = _gcry_mpi_get_buffer (a, 0, &n, NULL);
|
||||||
|
if (!tmp)
|
||||||
|
return gpg_err_code_from_syserror ();
|
||||||
|
@@ -678,14 +677,14 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||||
|
if (negative)
|
||||||
|
return GPG_ERR_INV_ARG;
|
||||||
|
|
||||||
|
- if (buffer && n+2 > len)
|
||||||
|
- return GPG_ERR_TOO_SHORT;
|
||||||
|
-
|
||||||
|
if (buffer)
|
||||||
|
{
|
||||||
|
unsigned char *tmp;
|
||||||
|
unsigned char *s = buffer;
|
||||||
|
|
||||||
|
+ if (n+2 > len)
|
||||||
|
+ return GPG_ERR_TOO_SHORT;
|
||||||
|
+
|
||||||
|
s[0] = nbits >> 8;
|
||||||
|
s[1] = nbits;
|
||||||
|
|
||||||
|
@@ -724,16 +723,16 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||||
|
extra=1;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (buffer && n+4 > len)
|
||||||
|
- {
|
||||||
|
- xfree(tmp);
|
||||||
|
- return GPG_ERR_TOO_SHORT;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
if (buffer)
|
||||||
|
{
|
||||||
|
unsigned char *s = buffer;
|
||||||
|
|
||||||
|
+ if (n+4 > len)
|
||||||
|
+ {
|
||||||
|
+ xfree(tmp);
|
||||||
|
+ return GPG_ERR_TOO_SHORT;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
*s++ = n >> 24;
|
||||||
|
*s++ = n >> 16;
|
||||||
|
*s++ = n >> 8;
|
||||||
|
@@ -761,15 +760,15 @@ _gcry_mpi_print (enum gcry_mpi_format fo
|
||||||
|
if (!n || (*tmp & 0x80))
|
||||||
|
extra = 2;
|
||||||
|
|
||||||
|
- if (buffer && 2*n + extra + negative + 1 > len)
|
||||||
|
- {
|
||||||
|
- xfree(tmp);
|
||||||
|
- return GPG_ERR_TOO_SHORT;
|
||||||
|
- }
|
||||||
|
if (buffer)
|
||||||
|
{
|
||||||
|
unsigned char *s = buffer;
|
||||||
|
|
||||||
|
+ if (2*n + extra + negative + 1 > len)
|
||||||
|
+ {
|
||||||
|
+ xfree(tmp);
|
||||||
|
+ return GPG_ERR_TOO_SHORT;
|
||||||
|
+ }
|
||||||
|
if (negative)
|
||||||
|
*s++ = '-';
|
||||||
|
if (extra)
|
198
libgcrypt-1.6.1-tests.patch
Normal file
198
libgcrypt-1.6.1-tests.patch
Normal file
@ -0,0 +1,198 @@
|
|||||||
|
diff -up libgcrypt-1.6.1/cipher/dsa.c.tests libgcrypt-1.6.1/cipher/dsa.c
|
||||||
|
--- libgcrypt-1.6.1/cipher/dsa.c.tests 2014-02-28 13:39:01.727288335 +0100
|
||||||
|
+++ libgcrypt-1.6.1/cipher/dsa.c 2014-02-28 13:46:21.727458285 +0100
|
||||||
|
@@ -423,22 +423,29 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||||
|
initial_seed.seed = sexp_nth_data (initial_seed.sexp, 1,
|
||||||
|
&initial_seed.seedlen);
|
||||||
|
}
|
||||||
|
-
|
||||||
|
- /* Fixme: Enable 186-3 after it has been approved and after fixing
|
||||||
|
- the generation function. */
|
||||||
|
- /* if (use_fips186_2) */
|
||||||
|
- (void)use_fips186_2;
|
||||||
|
- ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||||
|
+ if (use_fips186_2)
|
||||||
|
+ ec = _gcry_generate_fips186_2_prime (nbits, qbits,
|
||||||
|
initial_seed.seed,
|
||||||
|
initial_seed.seedlen,
|
||||||
|
&prime_q, &prime_p,
|
||||||
|
r_counter,
|
||||||
|
r_seed, r_seedlen);
|
||||||
|
- /* else */
|
||||||
|
- /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */
|
||||||
|
- /* &prime_q, &prime_p, */
|
||||||
|
- /* r_counter, */
|
||||||
|
- /* r_seed, r_seedlen, NULL); */
|
||||||
|
+ else if (!domain->p || !domain->q)
|
||||||
|
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||||
|
+ initial_seed.seed,
|
||||||
|
+ initial_seed.seedlen,
|
||||||
|
+ &prime_q, &prime_p,
|
||||||
|
+ r_counter,
|
||||||
|
+ r_seed, r_seedlen, NULL);
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /* Domain parameters p and q are given; use them. */
|
||||||
|
+ prime_p = mpi_copy (domain->p);
|
||||||
|
+ prime_q = mpi_copy (domain->q);
|
||||||
|
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||||
|
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||||
|
+ ec = 0;
|
||||||
|
+ }
|
||||||
|
sexp_release (initial_seed.sexp);
|
||||||
|
if (ec)
|
||||||
|
goto leave;
|
||||||
|
@@ -829,13 +829,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||||
|
sexp_release (l1);
|
||||||
|
sexp_release (domainsexp);
|
||||||
|
|
||||||
|
- /* Check that all domain parameters are available. */
|
||||||
|
- if (!domain.p || !domain.q || !domain.g)
|
||||||
|
+ /* Check that p and q domain parameters are available. */
|
||||||
|
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||||
|
{
|
||||||
|
_gcry_mpi_release (domain.p);
|
||||||
|
_gcry_mpi_release (domain.q);
|
||||||
|
_gcry_mpi_release (domain.g);
|
||||||
|
- sexp_release (deriveparms);
|
||||||
|
return GPG_ERR_MISSING_VALUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up libgcrypt-1.6.1/cipher/primegen.c.tests libgcrypt-1.6.1/cipher/primegen.c
|
||||||
|
--- libgcrypt-1.6.1/cipher/primegen.c.tests 2014-01-29 10:48:38.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/cipher/primegen.c 2014-02-28 13:49:52.291325147 +0100
|
||||||
|
@@ -1649,7 +1649,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
|
gpg_err_code_t ec;
|
||||||
|
unsigned char seed_help_buffer[256/8]; /* Used to hold a generated SEED. */
|
||||||
|
unsigned char *seed_plus; /* Malloced buffer to hold SEED+x. */
|
||||||
|
- unsigned char digest[256/8]; /* Helper buffer for SHA-1 digest. */
|
||||||
|
+ unsigned char digest[256/8]; /* Helper buffer for SHA-x digest. */
|
||||||
|
gcry_mpi_t val_2 = NULL; /* Helper for the prime test. */
|
||||||
|
gcry_mpi_t tmpval = NULL; /* Helper variable. */
|
||||||
|
int hashalgo; /* The id of the Approved Hash Function. */
|
||||||
|
@@ -1739,7 +1739,7 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
|
}
|
||||||
|
_gcry_mpi_release (prime_q); prime_q = NULL;
|
||||||
|
ec = _gcry_mpi_scan (&prime_q, GCRYMPI_FMT_USG,
|
||||||
|
- value_u, sizeof value_u, NULL);
|
||||||
|
+ value_u, qbits/8, NULL);
|
||||||
|
if (ec)
|
||||||
|
goto leave;
|
||||||
|
mpi_set_highbit (prime_q, qbits-1 );
|
||||||
|
@@ -1784,11 +1784,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
|
if (seed_plus[i])
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- _gcry_md_hash_buffer (GCRY_MD_SHA1, digest, seed_plus, seedlen);
|
||||||
|
+ _gcry_md_hash_buffer (hashalgo, digest, seed_plus, seedlen);
|
||||||
|
|
||||||
|
_gcry_mpi_release (tmpval); tmpval = NULL;
|
||||||
|
ec = _gcry_mpi_scan (&tmpval, GCRYMPI_FMT_USG,
|
||||||
|
- digest, sizeof digest, NULL);
|
||||||
|
+ digest, qbits/8, NULL);
|
||||||
|
if (ec)
|
||||||
|
goto leave;
|
||||||
|
if (value_j == value_n)
|
||||||
|
@@ -1824,11 +1824,11 @@ _gcry_generate_fips186_3_prime (unsigned
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Step 12: Save p, q, counter and seed. */
|
||||||
|
- log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
||||||
|
+ /* log_debug ("fips186-3 pbits p=%u q=%u counter=%d\n",
|
||||||
|
mpi_get_nbits (prime_p), mpi_get_nbits (prime_q), counter);
|
||||||
|
log_printhex ("fips186-3 seed", seed, seedlen);
|
||||||
|
log_printmpi ("fips186-3 p", prime_p);
|
||||||
|
- log_printmpi ("fips186-3 q", prime_q);
|
||||||
|
+ log_printmpi ("fips186-3 q", prime_q); */
|
||||||
|
if (r_q)
|
||||||
|
{
|
||||||
|
*r_q = prime_q;
|
||||||
|
diff -up libgcrypt-1.6.1/cipher/rsa.c.tests libgcrypt-1.6.1/cipher/rsa.c
|
||||||
|
--- libgcrypt-1.6.1/cipher/rsa.c.tests 2014-01-29 08:49:49.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/cipher/rsa.c 2014-02-28 13:39:01.727288335 +0100
|
||||||
|
@@ -399,7 +399,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||||
|
|
||||||
|
*swapped = 0;
|
||||||
|
|
||||||
|
- if (e_value == 1) /* Alias for a secure value. */
|
||||||
|
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||||
|
e_value = 65537;
|
||||||
|
|
||||||
|
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
||||||
|
diff -up libgcrypt-1.6.1/random/random-fips.c.tests libgcrypt-1.6.1/random/random-fips.c
|
||||||
|
--- libgcrypt-1.6.1/random/random-fips.c.tests 2014-01-29 10:48:38.000000000 +0100
|
||||||
|
+++ libgcrypt-1.6.1/random/random-fips.c 2014-02-28 13:39:01.727288335 +0100
|
||||||
|
@@ -692,6 +692,7 @@ get_random (void *buffer, size_t length,
|
||||||
|
|
||||||
|
check_guards (rng_ctx);
|
||||||
|
|
||||||
|
+ reinitialize:
|
||||||
|
/* Initialize the cipher handle and thus setup the key if needed. */
|
||||||
|
if (!rng_ctx->cipher_hd)
|
||||||
|
{
|
||||||
|
@@ -711,13 +712,11 @@ get_random (void *buffer, size_t length,
|
||||||
|
if (rng_ctx->key_init_pid != getpid ()
|
||||||
|
|| rng_ctx->seed_init_pid != getpid ())
|
||||||
|
{
|
||||||
|
- /* We are in a child of us. Because we have no way yet to do
|
||||||
|
- proper re-initialization (including self-checks etc), the
|
||||||
|
- only chance we have is to bail out. Obviusly a fork/exec
|
||||||
|
- won't harm because the exec overwrites the old image. */
|
||||||
|
- fips_signal_error ("fork without proper re-initialization "
|
||||||
|
- "detected in RNG");
|
||||||
|
- goto bailout;
|
||||||
|
+ /* Just reinitialize the key & seed. */
|
||||||
|
+ gcry_cipher_close(rng_ctx->cipher_hd);
|
||||||
|
+ rng_ctx->cipher_hd = NULL;
|
||||||
|
+ rng_ctx->is_seeded = 0;
|
||||||
|
+ goto reinitialize;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (x931_aes_driver (buffer, length, rng_ctx))
|
||||||
|
diff -up libgcrypt-1.6.1/tests/keygen.c.tests libgcrypt-1.6.1/tests/keygen.c
|
||||||
|
--- libgcrypt-1.6.1/tests/keygen.c.tests 2014-02-28 13:39:01.728288358 +0100
|
||||||
|
+++ libgcrypt-1.6.1/tests/keygen.c 2014-02-28 13:42:18.288831563 +0100
|
||||||
|
@@ -215,11 +215,11 @@ check_rsa_keys (void)
|
||||||
|
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
- show ("creating 512 bit RSA key with e=257\n");
|
||||||
|
+ show ("creating 1024 bit RSA key with e=257\n");
|
||||||
|
rc = gcry_sexp_new (&keyparm,
|
||||||
|
"(genkey\n"
|
||||||
|
" (rsa\n"
|
||||||
|
- " (nbits 3:512)\n"
|
||||||
|
+ " (nbits 4:1024)\n"
|
||||||
|
" (rsa-use-e 3:257)\n"
|
||||||
|
" ))", 0, 1);
|
||||||
|
if (rc)
|
||||||
|
@@ -233,11 +233,11 @@ check_rsa_keys (void)
|
||||||
|
gcry_sexp_release (key);
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
- show ("creating 512 bit RSA key with default e\n");
|
||||||
|
+ show ("creating 1024 bit RSA key with default e\n");
|
||||||
|
rc = gcry_sexp_new (&keyparm,
|
||||||
|
"(genkey\n"
|
||||||
|
" (rsa\n"
|
||||||
|
- " (nbits 3:512)\n"
|
||||||
|
+ " (nbits 4:1024)\n"
|
||||||
|
" (rsa-use-e 1:0)\n"
|
||||||
|
" ))", 0, 1);
|
||||||
|
if (rc)
|
||||||
|
@@ -307,12 +307,12 @@ check_dsa_keys (void)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (verbose)
|
||||||
|
- show ("creating 1536 bit DSA key\n");
|
||||||
|
+ show ("creating 2048 bit DSA key\n");
|
||||||
|
rc = gcry_sexp_new (&keyparm,
|
||||||
|
"(genkey\n"
|
||||||
|
" (dsa\n"
|
||||||
|
- " (nbits 4:1536)\n"
|
||||||
|
- " (qbits 3:224)\n"
|
||||||
|
+ " (nbits 4:2048)\n"
|
||||||
|
+ " (qbits 3:256)\n"
|
||||||
|
" ))", 0, 1);
|
||||||
|
if (rc)
|
||||||
|
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
@ -1,6 +1,6 @@
|
|||||||
diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndlinux.c
|
diff -up libgcrypt-1.6.1/random/rndlinux.c.use-poll libgcrypt-1.6.1/random/rndlinux.c
|
||||||
--- libgcrypt-1.5.1/random/rndlinux.c.use-poll 2013-03-20 15:33:26.504867356 +0100
|
--- libgcrypt-1.6.1/random/rndlinux.c.use-poll 2014-02-28 15:17:55.294433915 +0100
|
||||||
+++ libgcrypt-1.5.1/random/rndlinux.c 2013-03-20 15:37:24.999944048 +0100
|
+++ libgcrypt-1.6.1/random/rndlinux.c 2014-02-28 15:34:52.505945274 +0100
|
||||||
@@ -32,6 +32,7 @@
|
@@ -32,6 +32,7 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@ -9,14 +9,7 @@ diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndli
|
|||||||
#include "types.h"
|
#include "types.h"
|
||||||
#include "g10lib.h"
|
#include "g10lib.h"
|
||||||
#include "rand-internal.h"
|
#include "rand-internal.h"
|
||||||
@@ -142,49 +143,37 @@ _gcry_rndlinux_gather_random (void (*add
|
@@ -199,9 +200,11 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
}
|
|
||||||
|
|
||||||
/* Enter the read loop. */
|
|
||||||
- delay = 0; /* Start with 0 seconds so that we do no block on the
|
|
||||||
+ delay = 100; /* Start with 0 seconds so that we do no block on the
|
|
||||||
first iteration and in turn call the progress function
|
|
||||||
before blocking. To give the OS a better chance to
|
|
||||||
return with something we will actually use 100ms. */
|
return with something we will actually use 100ms. */
|
||||||
while (length)
|
while (length)
|
||||||
{
|
{
|
||||||
@ -24,6 +17,15 @@ diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndli
|
|||||||
- struct timeval tv;
|
- struct timeval tv;
|
||||||
int rc;
|
int rc;
|
||||||
+ struct pollfd pfd;
|
+ struct pollfd pfd;
|
||||||
|
+
|
||||||
|
+ pfd.fd = fd;
|
||||||
|
+ pfd.events = POLLIN;
|
||||||
|
|
||||||
|
/* If we collected some bytes update the progress indicator. We
|
||||||
|
do this always and not just if the select timed out because
|
||||||
|
@@ -215,33 +218,18 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
any_need_entropy = 1;
|
||||||
|
}
|
||||||
|
|
||||||
- /* If the system has no limit on the number of file descriptors
|
- /* If the system has no limit on the number of file descriptors
|
||||||
- and we encounter an fd which is larger than the fd_set size,
|
- and we encounter an fd which is larger than the fd_set size,
|
||||||
@ -33,38 +35,27 @@ diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndli
|
|||||||
-#ifdef FD_SETSIZE
|
-#ifdef FD_SETSIZE
|
||||||
- if (fd < FD_SETSIZE)
|
- if (fd < FD_SETSIZE)
|
||||||
-#endif
|
-#endif
|
||||||
+ pfd.fd = fd;
|
- {
|
||||||
+ pfd.events = POLLIN;
|
|
||||||
+
|
|
||||||
+ if ( !(rc=poll(&pfd, 1, delay)) )
|
|
||||||
{
|
|
||||||
- FD_ZERO(&rfds);
|
- FD_ZERO(&rfds);
|
||||||
- FD_SET(fd, &rfds);
|
- FD_SET(fd, &rfds);
|
||||||
- tv.tv_sec = delay;
|
- tv.tv_sec = delay;
|
||||||
- tv.tv_usec = delay? 0 : 100000;
|
- tv.tv_usec = delay? 0 : 100000;
|
||||||
- if ( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
|
- if ( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
|
||||||
- {
|
- {
|
||||||
- if (!any_need_entropy || last_so_far != (want - length) )
|
|
||||||
- {
|
|
||||||
- last_so_far = want - length;
|
|
||||||
- _gcry_random_progress ("need_entropy", 'X',
|
|
||||||
- (int)last_so_far, (int)want);
|
|
||||||
- any_need_entropy = 1;
|
- any_need_entropy = 1;
|
||||||
- }
|
|
||||||
- delay = 3; /* Use 3 seconds henceforth. */
|
- delay = 3; /* Use 3 seconds henceforth. */
|
||||||
- continue;
|
- continue;
|
||||||
- }
|
- }
|
||||||
- else if( rc == -1 )
|
- else if( rc == -1 )
|
||||||
+ if (!any_need_entropy || last_so_far != (want - length) )
|
- {
|
||||||
{
|
|
||||||
- log_error ("select() error: %s\n", strerror(errno));
|
- log_error ("select() error: %s\n", strerror(errno));
|
||||||
- if (!delay)
|
- if (!delay)
|
||||||
- delay = 1; /* Use 1 second if we encounter an error before
|
- delay = 1; /* Use 1 second if we encounter an error before
|
||||||
+ last_so_far = want - length;
|
- we have ever blocked. */
|
||||||
+ _gcry_random_progress ("need_entropy", 'X',
|
- continue;
|
||||||
+ (int)last_so_far, (int)want);
|
- }
|
||||||
+ any_need_entropy = 1;
|
+ if ( !(rc=poll(&pfd, 1, delay)) )
|
||||||
+ }
|
+ {
|
||||||
+ delay = 3000; /* Use 3 seconds henceforth. */
|
+ delay = 3000; /* Use 3 seconds henceforth. */
|
||||||
+ continue;
|
+ continue;
|
||||||
+ }
|
+ }
|
||||||
@ -73,9 +64,7 @@ diff -up libgcrypt-1.5.1/random/rndlinux.c.use-poll libgcrypt-1.5.1/random/rndli
|
|||||||
+ log_error ("poll() error: %s\n", strerror(errno));
|
+ log_error ("poll() error: %s\n", strerror(errno));
|
||||||
+ if (!delay)
|
+ if (!delay)
|
||||||
+ delay = 1000; /* Use 1 second if we encounter an error before
|
+ delay = 1000; /* Use 1 second if we encounter an error before
|
||||||
we have ever blocked. */
|
+ we have ever blocked. */
|
||||||
- continue;
|
|
||||||
- }
|
|
||||||
+ continue;
|
+ continue;
|
||||||
}
|
}
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.5.3
|
Version: 1.6.1
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
URL: http://www.gnupg.org/
|
URL: http://www.gnupg.org/
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||||
# The original libgcrypt sources now contain potentially patented ECC
|
# The original libgcrypt sources now contain potentially patented ECC
|
||||||
@ -11,34 +11,29 @@ Source0: libgcrypt-%{version}-hobbled.tar.xz
|
|||||||
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
#Source1: ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-%{version}.tar.bz2.sig
|
||||||
Source2: wk@g10code.com
|
Source2: wk@g10code.com
|
||||||
Source3: hobble-libgcrypt
|
Source3: hobble-libgcrypt
|
||||||
# Approved ECC support (from 1.5.3)
|
# Approved ECC support (from 1.6.1)
|
||||||
Source4: ecc.c
|
Source4: ecc-curves.c
|
||||||
Source5: curves.c
|
Source5: curves.c
|
||||||
|
Source6: t-mpi-point.c
|
||||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||||
Patch2: libgcrypt-1.5.0-use-fipscheck.patch
|
Patch2: libgcrypt-1.5.0-use-fipscheck.patch
|
||||||
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
|
# fix tests in the FIPS mode, fix the FIPS-186-3 DSA keygen
|
||||||
Patch5: libgcrypt-1.5.0-tests.patch
|
Patch5: libgcrypt-1.6.1-tests.patch
|
||||||
# add configurable source of RNG seed and seed by default
|
# add configurable source of RNG seed and seed by default
|
||||||
# from /dev/urandom in the FIPS mode
|
# from /dev/urandom in the FIPS mode
|
||||||
Patch6: libgcrypt-1.5.0-fips-cfgrandom.patch
|
Patch6: libgcrypt-1.6.1-fips-cfgrandom.patch
|
||||||
# make the FIPS-186-3 DSA CAVS testable
|
# make the FIPS-186-3 DSA CAVS testable
|
||||||
Patch7: libgcrypt-1.5.0-fips-cavs.patch
|
Patch7: libgcrypt-1.6.1-fips-cavs.patch
|
||||||
# fix for memory leaks an other errors found by Coverity scan
|
# fix for memory leaks an other errors found by Coverity scan
|
||||||
Patch9: libgcrypt-1.5.0-leak.patch
|
Patch9: libgcrypt-1.6.1-leak.patch
|
||||||
# use poll instead of select when gathering randomness
|
# use poll instead of select when gathering randomness
|
||||||
Patch11: libgcrypt-1.5.1-use-poll.patch
|
Patch11: libgcrypt-1.6.1-use-poll.patch
|
||||||
# compile rijndael with -fno-strict-aliasing
|
# compile rijndael with -fno-strict-aliasing
|
||||||
Patch12: libgcrypt-1.5.2-aliasing.patch
|
Patch12: libgcrypt-1.5.2-aliasing.patch
|
||||||
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
||||||
Patch13: libgcrypt-1.5.2-mpicoder-gccopt.patch
|
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
||||||
# fix tests to work with approved ECC
|
# fix tests to work with approved ECC
|
||||||
Patch14: libgcrypt-1.5.3-ecc-test-fix.patch
|
Patch14: libgcrypt-1.6.1-ecc-test-fix.patch
|
||||||
# pbkdf2 speedup - upstream
|
|
||||||
Patch15: libgcrypt-1.5.3-pbkdf-speedup.patch
|
|
||||||
# fix bug in whirlpool implementation (for backwards compatibility
|
|
||||||
# with files generated with buggy version set environment
|
|
||||||
# varible GCRYPT_WHIRLPOOL_BUG
|
|
||||||
Patch16: libgcrypt-1.5.3-whirlpool-bug.patch
|
|
||||||
|
|
||||||
%define gcrylibdir %{_libdir}
|
%define gcrylibdir %{_libdir}
|
||||||
|
|
||||||
@ -80,14 +75,11 @@ applications using libgcrypt.
|
|||||||
%patch7 -p1 -b .cavs
|
%patch7 -p1 -b .cavs
|
||||||
%patch9 -p1 -b .leak
|
%patch9 -p1 -b .leak
|
||||||
%patch11 -p1 -b .use-poll
|
%patch11 -p1 -b .use-poll
|
||||||
%patch12 -p1 -b .aliasing
|
#%patch12 -p1 -b .aliasing
|
||||||
%patch13 -p1 -b .gccopt
|
%patch13 -p1 -b .gccopt
|
||||||
%patch14 -p1 -b .eccfix
|
%patch14 -p1 -b .eccfix
|
||||||
%patch15 -p1 -b .pbkdf-speedup
|
|
||||||
%patch16 -p1 -b .whirlpool-bug
|
|
||||||
cp %{SOURCE4} cipher/
|
cp %{SOURCE4} cipher/
|
||||||
rm -rf tests/curves.c
|
cp %{SOURCE5} %{SOURCE6} tests/
|
||||||
cp %{SOURCE5} tests/curves.c
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --disable-static \
|
%configure --disable-static \
|
||||||
@ -98,6 +90,7 @@ cp %{SOURCE5} tests/curves.c
|
|||||||
--enable-hmac-binary-check \
|
--enable-hmac-binary-check \
|
||||||
--enable-pubkey-ciphers='dsa elgamal rsa ecc' \
|
--enable-pubkey-ciphers='dsa elgamal rsa ecc' \
|
||||||
--disable-O-flag-munging
|
--disable-O-flag-munging
|
||||||
|
sed -i -e '/^sys_lib_dlsearch_path_spec/s,/lib /usr/lib,/usr/lib /lib64 /usr/lib64 /lib,g' libtool
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
%check
|
%check
|
||||||
@ -147,8 +140,11 @@ popd
|
|||||||
|
|
||||||
# Add soname symlink.
|
# Add soname symlink.
|
||||||
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/
|
/sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# temporary compat library for buildroots
|
||||||
|
install %{gcrylibdir}/libgcrypt.so.11.*.* $RPM_BUILD_ROOT/%{_libdir}
|
||||||
|
|
||||||
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
|
# Create /etc/gcrypt (hardwired, not dependent on the configure invocation) so
|
||||||
# that _someone_ owns it.
|
# that _someone_ owns it.
|
||||||
@ -181,14 +177,20 @@ exit 0
|
|||||||
%{_bindir}/%{name}-config
|
%{_bindir}/%{name}-config
|
||||||
%{_bindir}/dumpsexp
|
%{_bindir}/dumpsexp
|
||||||
%{_bindir}/hmac256
|
%{_bindir}/hmac256
|
||||||
|
%{_bindir}/mpicalc
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
%{_libdir}/*.so
|
%{_libdir}/*.so
|
||||||
%{_datadir}/aclocal/*
|
%{_datadir}/aclocal/*
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
|
||||||
%{_infodir}/gcrypt.info*
|
%{_infodir}/gcrypt.info*
|
||||||
%doc COPYING
|
%doc COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Feb 28 2014 Tomáš Mráz <tmraz@redhat.com> 1.6.1-1
|
||||||
|
- new upstream version breaking ABI compatibility
|
||||||
|
- this release temporarily includes old compatibility .so
|
||||||
|
|
||||||
* Tue Jan 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-3
|
* Tue Jan 21 2014 Tomáš Mráz <tmraz@redhat.com> 1.5.3-3
|
||||||
- add back the nistp521r1 EC curve
|
- add back the nistp521r1 EC curve
|
||||||
- fix a bug in the Whirlpool hash implementation
|
- fix a bug in the Whirlpool hash implementation
|
||||||
|
970
t-mpi-point.c
Normal file
970
t-mpi-point.c
Normal file
@ -0,0 +1,970 @@
|
|||||||
|
/* t-mpi-point.c - Tests for mpi point functions
|
||||||
|
* Copyright (C) 2013 g10 Code GmbH
|
||||||
|
*
|
||||||
|
* This file is part of Libgcrypt.
|
||||||
|
*
|
||||||
|
* Libgcrypt is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Lesser General Public License as
|
||||||
|
* published by the Free Software Foundation; either version 2.1 of
|
||||||
|
* the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Libgcrypt is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
# include <config.h>
|
||||||
|
#endif
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
|
#include <assert.h>
|
||||||
|
#include <stdarg.h>
|
||||||
|
|
||||||
|
#include "../src/gcrypt-int.h"
|
||||||
|
|
||||||
|
#define PGM "t-mpi-point"
|
||||||
|
|
||||||
|
static const char *wherestr;
|
||||||
|
static int verbose;
|
||||||
|
static int debug;
|
||||||
|
static int error_count;
|
||||||
|
|
||||||
|
|
||||||
|
#define my_isascii(c) (!((c) & 0x80))
|
||||||
|
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
|
||||||
|
#define hexdigitp(a) (digitp (a) \
|
||||||
|
|| (*(a) >= 'A' && *(a) <= 'F') \
|
||||||
|
|| (*(a) >= 'a' && *(a) <= 'f'))
|
||||||
|
#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
|
||||||
|
*(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
|
||||||
|
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
|
||||||
|
#define xmalloc(a) gcry_xmalloc ((a))
|
||||||
|
#define xcalloc(a,b) gcry_xcalloc ((a),(b))
|
||||||
|
#define xfree(a) gcry_free ((a))
|
||||||
|
#define pass() do { ; } while (0)
|
||||||
|
|
||||||
|
|
||||||
|
static struct
|
||||||
|
{
|
||||||
|
const char *desc; /* Description of the curve. */
|
||||||
|
const char *p; /* Order of the prime field. */
|
||||||
|
const char *a, *b; /* The coefficients. */
|
||||||
|
const char *n; /* The order of the base point. */
|
||||||
|
const char *g_x, *g_y; /* Base point. */
|
||||||
|
} test_curve[] =
|
||||||
|
{
|
||||||
|
{
|
||||||
|
"NIST P-256",
|
||||||
|
"0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
|
||||||
|
"0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
|
||||||
|
"0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
|
||||||
|
"0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
|
||||||
|
|
||||||
|
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
|
||||||
|
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NIST P-384",
|
||||||
|
"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
|
||||||
|
"ffffffff0000000000000000ffffffff",
|
||||||
|
"0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
|
||||||
|
"ffffffff0000000000000000fffffffc",
|
||||||
|
"0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875a"
|
||||||
|
"c656398d8a2ed19d2a85c8edd3ec2aef",
|
||||||
|
"0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf"
|
||||||
|
"581a0db248b0a77aecec196accc52973",
|
||||||
|
|
||||||
|
"0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a38"
|
||||||
|
"5502f25dbf55296c3a545e3872760ab7",
|
||||||
|
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
|
||||||
|
"0a60b1ce1d7e819d7a431d7c90ea0e5f"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"NIST P-521",
|
||||||
|
"0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||||
|
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
|
||||||
|
"0x01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||||
|
"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
|
||||||
|
"0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef10"
|
||||||
|
"9e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
|
||||||
|
"0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
|
||||||
|
"ffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
|
||||||
|
|
||||||
|
"0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3d"
|
||||||
|
"baa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
|
||||||
|
"0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e6"
|
||||||
|
"62c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"Ed25519",
|
||||||
|
"0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
|
||||||
|
"-0x01",
|
||||||
|
"-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
|
||||||
|
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
|
||||||
|
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
|
||||||
|
"0x6666666666666666666666666666666666666666666666666666666666666658"
|
||||||
|
},
|
||||||
|
{ NULL, NULL, NULL, NULL, NULL }
|
||||||
|
};
|
||||||
|
|
||||||
|
/* A sample public key for NIST P-256. */
|
||||||
|
static const char sample_p256_q[] =
|
||||||
|
"04"
|
||||||
|
"42B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146E"
|
||||||
|
"E86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E";
|
||||||
|
static const char sample_p256_q_x[] =
|
||||||
|
"42B927242237639A36CE9221B340DB1A9AB76DF2FE3E171277F6A4023DED146E";
|
||||||
|
static const char sample_p256_q_y[] =
|
||||||
|
"00E86525E38CCECFF3FB8D152CC6334F70D23A525175C1BCBDDE6E023B2228770E";
|
||||||
|
|
||||||
|
|
||||||
|
/* A sample public key for Ed25519. */
|
||||||
|
static const char sample_ed25519_q[] =
|
||||||
|
"04"
|
||||||
|
"55d0e09a2b9d34292297e08d60d0f620c513d47253187c24b12786bd777645ce"
|
||||||
|
"1a5107f7681a02af2523a6daf372e10e3a0764c9d3fe4bd5b70ab18201985ad7";
|
||||||
|
static const char sample_ed25519_q_x[] =
|
||||||
|
"55d0e09a2b9d34292297e08d60d0f620c513d47253187c24b12786bd777645ce";
|
||||||
|
static const char sample_ed25519_q_y[] =
|
||||||
|
"1a5107f7681a02af2523a6daf372e10e3a0764c9d3fe4bd5b70ab18201985ad7";
|
||||||
|
static const char sample_ed25519_q_eddsa[] =
|
||||||
|
"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a";
|
||||||
|
static const char sample_ed25519_d[] =
|
||||||
|
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60";
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
show (const char *format, ...)
|
||||||
|
{
|
||||||
|
va_list arg_ptr;
|
||||||
|
|
||||||
|
if (!verbose)
|
||||||
|
return;
|
||||||
|
fprintf (stderr, "%s: ", PGM);
|
||||||
|
va_start (arg_ptr, format);
|
||||||
|
vfprintf (stderr, format, arg_ptr);
|
||||||
|
va_end (arg_ptr);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
fail (const char *format, ...)
|
||||||
|
{
|
||||||
|
va_list arg_ptr;
|
||||||
|
|
||||||
|
fflush (stdout);
|
||||||
|
fprintf (stderr, "%s: ", PGM);
|
||||||
|
if (wherestr)
|
||||||
|
fprintf (stderr, "%s: ", wherestr);
|
||||||
|
va_start (arg_ptr, format);
|
||||||
|
vfprintf (stderr, format, arg_ptr);
|
||||||
|
va_end (arg_ptr);
|
||||||
|
error_count++;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
die (const char *format, ...)
|
||||||
|
{
|
||||||
|
va_list arg_ptr;
|
||||||
|
|
||||||
|
fflush (stdout);
|
||||||
|
fprintf (stderr, "%s: ", PGM);
|
||||||
|
if (wherestr)
|
||||||
|
fprintf (stderr, "%s: ", wherestr);
|
||||||
|
va_start (arg_ptr, format);
|
||||||
|
vfprintf (stderr, format, arg_ptr);
|
||||||
|
va_end (arg_ptr);
|
||||||
|
exit (1);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_mpi_2 (const char *text, const char *text2, gcry_mpi_t a)
|
||||||
|
{
|
||||||
|
gcry_error_t err;
|
||||||
|
char *buf;
|
||||||
|
void *bufaddr = &buf;
|
||||||
|
|
||||||
|
err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a);
|
||||||
|
if (err)
|
||||||
|
fprintf (stderr, "%s%s: [error printing number: %s]\n",
|
||||||
|
text, text2? text2:"", gpg_strerror (err));
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fprintf (stderr, "%s%s: %s\n", text, text2? text2:"", buf);
|
||||||
|
gcry_free (buf);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_mpi (const char *text, gcry_mpi_t a)
|
||||||
|
{
|
||||||
|
print_mpi_2 (text, NULL, a);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_point (const char *text, gcry_mpi_point_t a)
|
||||||
|
{
|
||||||
|
gcry_mpi_t x, y, z;
|
||||||
|
|
||||||
|
x = gcry_mpi_new (0);
|
||||||
|
y = gcry_mpi_new (0);
|
||||||
|
z = gcry_mpi_new (0);
|
||||||
|
gcry_mpi_point_get (x, y, z, a);
|
||||||
|
print_mpi_2 (text, ".x", x);
|
||||||
|
print_mpi_2 (text, ".y", y);
|
||||||
|
print_mpi_2 (text, ".z", z);
|
||||||
|
gcry_mpi_release (x);
|
||||||
|
gcry_mpi_release (y);
|
||||||
|
gcry_mpi_release (z);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
print_sexp (const char *prefix, gcry_sexp_t a)
|
||||||
|
{
|
||||||
|
char *buf;
|
||||||
|
size_t size;
|
||||||
|
|
||||||
|
if (prefix)
|
||||||
|
fputs (prefix, stderr);
|
||||||
|
size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0);
|
||||||
|
buf = gcry_xmalloc (size);
|
||||||
|
|
||||||
|
gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size);
|
||||||
|
fprintf (stderr, "%.*s", (int)size, buf);
|
||||||
|
gcry_free (buf);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static gcry_mpi_t
|
||||||
|
hex2mpi (const char *string)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
gcry_mpi_t val;
|
||||||
|
|
||||||
|
err = gcry_mpi_scan (&val, GCRYMPI_FMT_HEX, string, 0, NULL);
|
||||||
|
if (err)
|
||||||
|
die ("hex2mpi '%s' failed: %s\n", string, gpg_strerror (err));
|
||||||
|
return val;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Convert STRING consisting of hex characters into its binary
|
||||||
|
representation and return it as an allocated buffer. The valid
|
||||||
|
length of the buffer is returned at R_LENGTH. The string is
|
||||||
|
delimited by end of string. The function returns NULL on
|
||||||
|
error. */
|
||||||
|
static void *
|
||||||
|
hex2buffer (const char *string, size_t *r_length)
|
||||||
|
{
|
||||||
|
const char *s;
|
||||||
|
unsigned char *buffer;
|
||||||
|
size_t length;
|
||||||
|
|
||||||
|
buffer = xmalloc (strlen(string)/2+1);
|
||||||
|
length = 0;
|
||||||
|
for (s=string; *s; s +=2 )
|
||||||
|
{
|
||||||
|
if (!hexdigitp (s) || !hexdigitp (s+1))
|
||||||
|
return NULL; /* Invalid hex digits. */
|
||||||
|
((unsigned char*)buffer)[length++] = xtoi_2 (s);
|
||||||
|
}
|
||||||
|
*r_length = length;
|
||||||
|
return buffer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static gcry_mpi_t
|
||||||
|
hex2mpiopa (const char *string)
|
||||||
|
{
|
||||||
|
char *buffer;
|
||||||
|
size_t buflen;
|
||||||
|
gcry_mpi_t val;
|
||||||
|
|
||||||
|
buffer = hex2buffer (string, &buflen);
|
||||||
|
if (!buffer)
|
||||||
|
die ("hex2mpiopa '%s' failed: parser error\n", string);
|
||||||
|
val = gcry_mpi_set_opaque (NULL, buffer, buflen*8);
|
||||||
|
if (!buffer)
|
||||||
|
die ("hex2mpiopa '%s' failed: set_opaque error%s\n", string);
|
||||||
|
return val;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Compare A to B, where B is given as a hex string. */
|
||||||
|
static int
|
||||||
|
cmp_mpihex (gcry_mpi_t a, const char *b)
|
||||||
|
{
|
||||||
|
gcry_mpi_t bval;
|
||||||
|
int res;
|
||||||
|
|
||||||
|
if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
|
||||||
|
bval = hex2mpiopa (b);
|
||||||
|
else
|
||||||
|
bval = hex2mpi (b);
|
||||||
|
res = gcry_mpi_cmp (a, bval);
|
||||||
|
gcry_mpi_release (bval);
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Wrapper to emulate the libgcrypt internal EC context allocation
|
||||||
|
function. */
|
||||||
|
static gpg_error_t
|
||||||
|
ec_p_new (gcry_ctx_t *r_ctx, gcry_mpi_t p, gcry_mpi_t a)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
gcry_sexp_t sexp;
|
||||||
|
|
||||||
|
if (p && a)
|
||||||
|
err = gcry_sexp_build (&sexp, NULL, "(ecdsa (p %m)(a %m))", p, a);
|
||||||
|
else if (p)
|
||||||
|
err = gcry_sexp_build (&sexp, NULL, "(ecdsa (p %m))", p);
|
||||||
|
else if (a)
|
||||||
|
err = gcry_sexp_build (&sexp, NULL, "(ecdsa (a %m))", a);
|
||||||
|
else
|
||||||
|
err = gcry_sexp_build (&sexp, NULL, "(ecdsa)");
|
||||||
|
if (err)
|
||||||
|
return err;
|
||||||
|
err = gcry_mpi_ec_new (r_ctx, sexp, NULL);
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
set_get_point (void)
|
||||||
|
{
|
||||||
|
gcry_mpi_point_t point;
|
||||||
|
gcry_mpi_t x, y, z;
|
||||||
|
|
||||||
|
wherestr = "set_get_point";
|
||||||
|
show ("checking point setting functions\n");
|
||||||
|
|
||||||
|
point = gcry_mpi_point_new (0);
|
||||||
|
x = gcry_mpi_set_ui (NULL, 17);
|
||||||
|
y = gcry_mpi_set_ui (NULL, 42);
|
||||||
|
z = gcry_mpi_set_ui (NULL, 11371);
|
||||||
|
gcry_mpi_point_get (x, y, z, point);
|
||||||
|
if (gcry_mpi_cmp_ui (x, 0)
|
||||||
|
|| gcry_mpi_cmp_ui (y, 0) || gcry_mpi_cmp_ui (z, 0))
|
||||||
|
fail ("new point not initialized to (0,0,0)\n");
|
||||||
|
gcry_mpi_point_snatch_get (x, y, z, point);
|
||||||
|
point = NULL;
|
||||||
|
if (gcry_mpi_cmp_ui (x, 0)
|
||||||
|
|| gcry_mpi_cmp_ui (y, 0) || gcry_mpi_cmp_ui (z, 0))
|
||||||
|
fail ("snatch_get failed\n");
|
||||||
|
gcry_mpi_release (x);
|
||||||
|
gcry_mpi_release (y);
|
||||||
|
gcry_mpi_release (z);
|
||||||
|
|
||||||
|
point = gcry_mpi_point_new (0);
|
||||||
|
x = gcry_mpi_set_ui (NULL, 17);
|
||||||
|
y = gcry_mpi_set_ui (NULL, 42);
|
||||||
|
z = gcry_mpi_set_ui (NULL, 11371);
|
||||||
|
gcry_mpi_point_set (point, x, y, z);
|
||||||
|
gcry_mpi_set_ui (x, 23);
|
||||||
|
gcry_mpi_set_ui (y, 24);
|
||||||
|
gcry_mpi_set_ui (z, 25);
|
||||||
|
gcry_mpi_point_get (x, y, z, point);
|
||||||
|
if (gcry_mpi_cmp_ui (x, 17)
|
||||||
|
|| gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371))
|
||||||
|
fail ("point_set/point_get failed\n");
|
||||||
|
gcry_mpi_point_snatch_set (point, x, y, z);
|
||||||
|
x = gcry_mpi_new (0);
|
||||||
|
y = gcry_mpi_new (0);
|
||||||
|
z = gcry_mpi_new (0);
|
||||||
|
gcry_mpi_point_get (x, y, z, point);
|
||||||
|
if (gcry_mpi_cmp_ui (x, 17)
|
||||||
|
|| gcry_mpi_cmp_ui (y, 42) || gcry_mpi_cmp_ui (z, 11371))
|
||||||
|
fail ("point_snatch_set/point_get failed\n");
|
||||||
|
|
||||||
|
gcry_mpi_point_release (point);
|
||||||
|
gcry_mpi_release (x);
|
||||||
|
gcry_mpi_release (y);
|
||||||
|
gcry_mpi_release (z);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
context_alloc (void)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
gcry_ctx_t ctx;
|
||||||
|
gcry_mpi_t p, a;
|
||||||
|
|
||||||
|
wherestr = "context_alloc";
|
||||||
|
show ("checking context functions\n");
|
||||||
|
|
||||||
|
p = gcry_mpi_set_ui (NULL, 1);
|
||||||
|
a = gcry_mpi_set_ui (NULL, 1);
|
||||||
|
err = ec_p_new (&ctx, p, a);
|
||||||
|
if (err)
|
||||||
|
die ("ec_p_new returned an error: %s\n", gpg_strerror (err));
|
||||||
|
gcry_mpi_release (p);
|
||||||
|
gcry_mpi_release (a);
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
|
||||||
|
p = gcry_mpi_set_ui (NULL, 0);
|
||||||
|
a = gcry_mpi_set_ui (NULL, 0);
|
||||||
|
err = ec_p_new (&ctx, p, a);
|
||||||
|
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||||
|
fail ("ec_p_new: bad parameter detection failed (1)\n");
|
||||||
|
|
||||||
|
gcry_mpi_set_ui (p, 1);
|
||||||
|
err = ec_p_new (&ctx, p, a);
|
||||||
|
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||||
|
fail ("ec_p_new: bad parameter detection failed (2)\n");
|
||||||
|
|
||||||
|
gcry_mpi_release (p);
|
||||||
|
p = NULL;
|
||||||
|
err = ec_p_new (&ctx, p, a);
|
||||||
|
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||||
|
fail ("ec_p_new: bad parameter detection failed (3)\n");
|
||||||
|
|
||||||
|
gcry_mpi_release (a);
|
||||||
|
a = NULL;
|
||||||
|
err = ec_p_new (&ctx, p, a);
|
||||||
|
if (!err || gpg_err_code (err) != GPG_ERR_EINVAL)
|
||||||
|
fail ("ec_p_new: bad parameter detection failed (4)\n");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
get_and_cmp_mpi (const char *name, const char *mpistring, const char *desc,
|
||||||
|
gcry_ctx_t ctx)
|
||||||
|
{
|
||||||
|
gcry_mpi_t mpi;
|
||||||
|
|
||||||
|
mpi = gcry_mpi_ec_get_mpi (name, ctx, 1);
|
||||||
|
if (!mpi)
|
||||||
|
{
|
||||||
|
fail ("error getting parameter '%s' of curve '%s'\n", name, desc);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (debug)
|
||||||
|
print_mpi (name, mpi);
|
||||||
|
if (cmp_mpihex (mpi, mpistring))
|
||||||
|
{
|
||||||
|
fail ("parameter '%s' of curve '%s' does not match\n", name, desc);
|
||||||
|
gcry_mpi_release (mpi);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
gcry_mpi_release (mpi);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static int
|
||||||
|
get_and_cmp_point (const char *name,
|
||||||
|
const char *mpi_x_string, const char *mpi_y_string,
|
||||||
|
const char *desc, gcry_ctx_t ctx)
|
||||||
|
{
|
||||||
|
gcry_mpi_point_t point;
|
||||||
|
gcry_mpi_t x, y, z;
|
||||||
|
int result = 0;
|
||||||
|
|
||||||
|
point = gcry_mpi_ec_get_point (name, ctx, 1);
|
||||||
|
if (!point)
|
||||||
|
{
|
||||||
|
fail ("error getting point parameter '%s' of curve '%s'\n", name, desc);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
if (debug)
|
||||||
|
print_point (name, point);
|
||||||
|
|
||||||
|
x = gcry_mpi_new (0);
|
||||||
|
y = gcry_mpi_new (0);
|
||||||
|
z = gcry_mpi_new (0);
|
||||||
|
gcry_mpi_point_snatch_get (x, y, z, point);
|
||||||
|
if (cmp_mpihex (x, mpi_x_string))
|
||||||
|
{
|
||||||
|
fail ("x coordinate of '%s' of curve '%s' does not match\n", name, desc);
|
||||||
|
result = 1;
|
||||||
|
}
|
||||||
|
if (cmp_mpihex (y, mpi_y_string))
|
||||||
|
{
|
||||||
|
fail ("y coordinate of '%s' of curve '%s' does not match\n", name, desc);
|
||||||
|
result = 1;
|
||||||
|
}
|
||||||
|
if (cmp_mpihex (z, "01"))
|
||||||
|
{
|
||||||
|
fail ("z coordinate of '%s' of curve '%s' is not 1\n", name, desc);
|
||||||
|
result = 1;
|
||||||
|
}
|
||||||
|
gcry_mpi_release (x);
|
||||||
|
gcry_mpi_release (y);
|
||||||
|
gcry_mpi_release (z);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void
|
||||||
|
context_param (void)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
int idx;
|
||||||
|
gcry_ctx_t ctx = NULL;
|
||||||
|
gcry_mpi_t q, d;
|
||||||
|
gcry_sexp_t keyparam;
|
||||||
|
|
||||||
|
wherestr = "context_param";
|
||||||
|
|
||||||
|
show ("checking standard curves\n");
|
||||||
|
for (idx=0; test_curve[idx].desc; idx++)
|
||||||
|
{
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
err = gcry_mpi_ec_new (&ctx, NULL, test_curve[idx].desc);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
fail ("can't create context for curve '%s': %s\n",
|
||||||
|
test_curve[idx].desc, gpg_strerror (err));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (get_and_cmp_mpi ("p", test_curve[idx].p, test_curve[idx].desc, ctx))
|
||||||
|
continue;
|
||||||
|
if (get_and_cmp_mpi ("a", test_curve[idx].a, test_curve[idx].desc, ctx))
|
||||||
|
continue;
|
||||||
|
if (get_and_cmp_mpi ("b", test_curve[idx].b, test_curve[idx].desc, ctx))
|
||||||
|
continue;
|
||||||
|
if (get_and_cmp_mpi ("g.x",test_curve[idx].g_x, test_curve[idx].desc,ctx))
|
||||||
|
continue;
|
||||||
|
if (get_and_cmp_mpi ("g.y",test_curve[idx].g_y, test_curve[idx].desc,ctx))
|
||||||
|
continue;
|
||||||
|
if (get_and_cmp_mpi ("n", test_curve[idx].n, test_curve[idx].desc, ctx))
|
||||||
|
continue;
|
||||||
|
if (get_and_cmp_point ("g", test_curve[idx].g_x, test_curve[idx].g_y,
|
||||||
|
test_curve[idx].desc, ctx))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
show ("checking sample public key (nistp256)\n");
|
||||||
|
q = hex2mpi (sample_p256_q);
|
||||||
|
err = gcry_sexp_build (&keyparam, NULL,
|
||||||
|
"(public-key(ecc(curve %s)(q %m)))",
|
||||||
|
"NIST P-256", q);
|
||||||
|
if (err)
|
||||||
|
die ("gcry_sexp_build failed: %s\n", gpg_strerror (err));
|
||||||
|
gcry_mpi_release (q);
|
||||||
|
|
||||||
|
/* We can't call gcry_pk_testkey because it is only implemented for
|
||||||
|
private keys. */
|
||||||
|
/* err = gcry_pk_testkey (keyparam); */
|
||||||
|
/* if (err) */
|
||||||
|
/* fail ("gcry_pk_testkey failed for sample public key: %s\n", */
|
||||||
|
/* gpg_strerror (err)); */
|
||||||
|
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
err = gcry_mpi_ec_new (&ctx, keyparam, NULL);
|
||||||
|
if (err)
|
||||||
|
fail ("gcry_mpi_ec_new failed for sample public key (nistp256): %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
else
|
||||||
|
{
|
||||||
|
gcry_sexp_t sexp;
|
||||||
|
|
||||||
|
get_and_cmp_mpi ("q", sample_p256_q, "nistp256", ctx);
|
||||||
|
get_and_cmp_point ("q", sample_p256_q_x, sample_p256_q_y, "nistp256",
|
||||||
|
ctx);
|
||||||
|
|
||||||
|
/* Delete Q. */
|
||||||
|
err = gcry_mpi_ec_set_mpi ("q", NULL, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("clearing Q for nistp256 failed: %s\n", gpg_strerror (err));
|
||||||
|
if (gcry_mpi_ec_get_mpi ("q", ctx, 0))
|
||||||
|
fail ("clearing Q for nistp256 did not work\n");
|
||||||
|
|
||||||
|
/* Set Q again. */
|
||||||
|
q = hex2mpi (sample_p256_q);
|
||||||
|
err = gcry_mpi_ec_set_mpi ("q", q, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("setting Q for nistp256 failed: %s\n", gpg_strerror (err));
|
||||||
|
get_and_cmp_mpi ("q", sample_p256_q, "nistp256(2)", ctx);
|
||||||
|
gcry_mpi_release (q);
|
||||||
|
|
||||||
|
/* Get as s-expression. */
|
||||||
|
err = gcry_pubkey_get_sexp (&sexp, 0, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("gcry_pubkey_get_sexp(0) failed: %s\n", gpg_strerror (err));
|
||||||
|
else if (debug)
|
||||||
|
print_sexp ("Result of gcry_pubkey_get_sexp (0):\n", sexp);
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
|
||||||
|
err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_PUBKEY, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("gcry_pubkey_get_sexp(GET_PUBKEY) failed: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
else if (debug)
|
||||||
|
print_sexp ("Result of gcry_pubkey_get_sexp (GET_PUBKEY):\n", sexp);
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
|
||||||
|
err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_SECKEY, ctx);
|
||||||
|
if (gpg_err_code (err) != GPG_ERR_NO_SECKEY)
|
||||||
|
fail ("gcry_pubkey_get_sexp(GET_SECKEY) returned wrong error: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
}
|
||||||
|
|
||||||
|
show ("checking sample public key (Ed25519)\n");
|
||||||
|
q = hex2mpi (sample_ed25519_q);
|
||||||
|
gcry_sexp_release (keyparam);
|
||||||
|
err = gcry_sexp_build (&keyparam, NULL,
|
||||||
|
"(public-key(ecc(curve %s)(flags eddsa)(q %m)))",
|
||||||
|
"Ed25519", q);
|
||||||
|
if (err)
|
||||||
|
die ("gcry_sexp_build failed: %s\n", gpg_strerror (err));
|
||||||
|
gcry_mpi_release (q);
|
||||||
|
|
||||||
|
/* We can't call gcry_pk_testkey because it is only implemented for
|
||||||
|
private keys. */
|
||||||
|
/* err = gcry_pk_testkey (keyparam); */
|
||||||
|
/* if (err) */
|
||||||
|
/* fail ("gcry_pk_testkey failed for sample public key: %s\n", */
|
||||||
|
/* gpg_strerror (err)); */
|
||||||
|
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
err = gcry_mpi_ec_new (&ctx, keyparam, NULL);
|
||||||
|
if (err)
|
||||||
|
fail ("gcry_mpi_ec_new failed for sample public key: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
else
|
||||||
|
{
|
||||||
|
gcry_sexp_t sexp;
|
||||||
|
|
||||||
|
get_and_cmp_mpi ("q", sample_ed25519_q, "Ed25519", ctx);
|
||||||
|
get_and_cmp_point ("q", sample_ed25519_q_x, sample_ed25519_q_y,
|
||||||
|
"Ed25519", ctx);
|
||||||
|
get_and_cmp_mpi ("q@eddsa", sample_ed25519_q_eddsa, "Ed25519", ctx);
|
||||||
|
|
||||||
|
/* Set d to see whether Q is correctly re-computed. */
|
||||||
|
d = hex2mpi (sample_ed25519_d);
|
||||||
|
err = gcry_mpi_ec_set_mpi ("d", d, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("setting d for Ed25519 failed: %s\n", gpg_strerror (err));
|
||||||
|
gcry_mpi_release (d);
|
||||||
|
get_and_cmp_mpi ("q", sample_ed25519_q, "Ed25519(recompute Q)", ctx);
|
||||||
|
|
||||||
|
/* Delete Q by setting d and then clearing d. The clearing is
|
||||||
|
required so that we can check whether Q has been cleared and
|
||||||
|
because further tests only expect a public key. */
|
||||||
|
d = hex2mpi (sample_ed25519_d);
|
||||||
|
err = gcry_mpi_ec_set_mpi ("d", d, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("setting d for Ed25519 failed: %s\n", gpg_strerror (err));
|
||||||
|
gcry_mpi_release (d);
|
||||||
|
err = gcry_mpi_ec_set_mpi ("d", NULL, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("setting d for Ed25519 failed(2): %s\n", gpg_strerror (err));
|
||||||
|
if (gcry_mpi_ec_get_mpi ("q", ctx, 0))
|
||||||
|
fail ("setting d for Ed25519 did not reset Q\n");
|
||||||
|
|
||||||
|
/* Set Q again. We need to use an opaque MPI here because
|
||||||
|
sample_ed25519_q is in uncompressed format which can only be
|
||||||
|
auto-detected if passed opaque. */
|
||||||
|
q = hex2mpiopa (sample_ed25519_q);
|
||||||
|
err = gcry_mpi_ec_set_mpi ("q", q, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("setting Q for Ed25519 failed: %s\n", gpg_strerror (err));
|
||||||
|
gcry_mpi_release (q);
|
||||||
|
get_and_cmp_mpi ("q", sample_ed25519_q, "Ed25519(2)", ctx);
|
||||||
|
|
||||||
|
/* Get as s-expression. */
|
||||||
|
err = gcry_pubkey_get_sexp (&sexp, 0, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("gcry_pubkey_get_sexp(0) failed: %s\n", gpg_strerror (err));
|
||||||
|
else if (debug)
|
||||||
|
print_sexp ("Result of gcry_pubkey_get_sexp (0):\n", sexp);
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
|
||||||
|
err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_PUBKEY, ctx);
|
||||||
|
if (err)
|
||||||
|
fail ("gcry_pubkey_get_sexp(GET_PUBKEY) failed: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
else if (debug)
|
||||||
|
print_sexp ("Result of gcry_pubkey_get_sexp (GET_PUBKEY):\n", sexp);
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
|
||||||
|
err = gcry_pubkey_get_sexp (&sexp, GCRY_PK_GET_SECKEY, ctx);
|
||||||
|
if (gpg_err_code (err) != GPG_ERR_NO_SECKEY)
|
||||||
|
fail ("gcry_pubkey_get_sexp(GET_SECKEY) returned wrong error: %s\n",
|
||||||
|
gpg_strerror (err));
|
||||||
|
gcry_sexp_release (sexp);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
gcry_sexp_release (keyparam);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/* Create a new point from (X,Y,Z) given as hex strings. */
|
||||||
|
gcry_mpi_point_t
|
||||||
|
make_point (const char *x, const char *y, const char *z)
|
||||||
|
{
|
||||||
|
gcry_mpi_point_t point;
|
||||||
|
|
||||||
|
point = gcry_mpi_point_new (0);
|
||||||
|
gcry_mpi_point_snatch_set (point, hex2mpi (x), hex2mpi (y), hex2mpi (z));
|
||||||
|
|
||||||
|
return point;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* This tests checks that the low-level EC API yields the same result
|
||||||
|
as using the high level API. The values have been taken from a
|
||||||
|
test run using the high level API. */
|
||||||
|
static void
|
||||||
|
basic_ec_math (void)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
gcry_ctx_t ctx;
|
||||||
|
gcry_mpi_t P, A;
|
||||||
|
gcry_mpi_point_t G, Q;
|
||||||
|
gcry_mpi_t d;
|
||||||
|
gcry_mpi_t x, y, z;
|
||||||
|
|
||||||
|
wherestr = "basic_ec_math";
|
||||||
|
show ("checking basic math functions for EC\n");
|
||||||
|
|
||||||
|
P = hex2mpi ("0xfffffffffffffffffffffffffffffffeffffffffffffffff");
|
||||||
|
A = hex2mpi ("0xfffffffffffffffffffffffffffffffefffffffffffffffc");
|
||||||
|
G = make_point ("188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
|
||||||
|
"7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
|
||||||
|
"1");
|
||||||
|
d = hex2mpi ("D4EF27E32F8AD8E2A1C6DDEBB1D235A69E3CEF9BCE90273D");
|
||||||
|
Q = gcry_mpi_point_new (0);
|
||||||
|
|
||||||
|
err = ec_p_new (&ctx, P, A);
|
||||||
|
if (err)
|
||||||
|
die ("ec_p_new failed: %s\n", gpg_strerror (err));
|
||||||
|
|
||||||
|
x = gcry_mpi_new (0);
|
||||||
|
y = gcry_mpi_new (0);
|
||||||
|
z = gcry_mpi_new (0);
|
||||||
|
|
||||||
|
{
|
||||||
|
/* A quick check that multiply by zero works. */
|
||||||
|
gcry_mpi_t tmp;
|
||||||
|
|
||||||
|
tmp = gcry_mpi_new (0);
|
||||||
|
gcry_mpi_ec_mul (Q, tmp, G, ctx);
|
||||||
|
gcry_mpi_release (tmp);
|
||||||
|
gcry_mpi_point_get (x, y, z, Q);
|
||||||
|
if (gcry_mpi_cmp_ui (x, 0) || gcry_mpi_cmp_ui (y, 0)
|
||||||
|
|| gcry_mpi_cmp_ui (z, 0))
|
||||||
|
fail ("multiply a point by zero failed\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_mpi_ec_mul (Q, d, G, ctx);
|
||||||
|
gcry_mpi_point_get (x, y, z, Q);
|
||||||
|
if (cmp_mpihex (x, "222D9EC717C89D047E0898C9185B033CD11C0A981EE6DC66")
|
||||||
|
|| cmp_mpihex (y, "605DE0A82D70D3E0F84A127D0739ED33D657DF0D054BFDE8")
|
||||||
|
|| cmp_mpihex (z, "00B06B519071BC536999AC8F2D3934B3C1FC9EACCD0A31F88F"))
|
||||||
|
fail ("computed public key does not match\n");
|
||||||
|
if (debug)
|
||||||
|
{
|
||||||
|
print_mpi ("Q.x", x);
|
||||||
|
print_mpi ("Q.y", y);
|
||||||
|
print_mpi ("Q.z", z);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
|
||||||
|
fail ("failed to get affine coordinates\n");
|
||||||
|
if (cmp_mpihex (x, "008532093BA023F4D55C0424FA3AF9367E05F309DC34CDC3FE")
|
||||||
|
|| cmp_mpihex (y, "00C13CA9E617C6C8487BFF6A726E3C4F277913D97117939966"))
|
||||||
|
fail ("computed affine coordinates of public key do not match\n");
|
||||||
|
if (debug)
|
||||||
|
{
|
||||||
|
print_mpi ("q.x", x);
|
||||||
|
print_mpi ("q.y", y);
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_mpi_release (z);
|
||||||
|
gcry_mpi_release (y);
|
||||||
|
gcry_mpi_release (x);
|
||||||
|
gcry_mpi_point_release (Q);
|
||||||
|
gcry_mpi_release (d);
|
||||||
|
gcry_mpi_point_release (G);
|
||||||
|
gcry_mpi_release (A);
|
||||||
|
gcry_mpi_release (P);
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Check the math used with Twisted Edwards curves. */
|
||||||
|
static void
|
||||||
|
twistededwards_math (void)
|
||||||
|
{
|
||||||
|
gpg_error_t err;
|
||||||
|
gcry_ctx_t ctx;
|
||||||
|
gcry_mpi_point_t G, Q;
|
||||||
|
gcry_mpi_t k;
|
||||||
|
gcry_mpi_t w, a, x, y, z, p, n, b, I;
|
||||||
|
|
||||||
|
wherestr = "twistededwards_math";
|
||||||
|
show ("checking basic Twisted Edwards math\n");
|
||||||
|
|
||||||
|
err = gcry_mpi_ec_new (&ctx, NULL, "Ed25519");
|
||||||
|
if (err)
|
||||||
|
die ("gcry_mpi_ec_new failed: %s\n", gpg_strerror (err));
|
||||||
|
|
||||||
|
k = hex2mpi
|
||||||
|
("2D3501E723239632802454EE5DDC406EFB0BDF18486A5BDE9C0390A9C2984004"
|
||||||
|
"F47252B628C953625B8DEB5DBCB8DA97AA43A1892D11FA83596F42E0D89CB1B6");
|
||||||
|
G = gcry_mpi_ec_get_point ("g", ctx, 1);
|
||||||
|
if (!G)
|
||||||
|
die ("gcry_mpi_ec_get_point(G) failed\n");
|
||||||
|
Q = gcry_mpi_point_new (0);
|
||||||
|
|
||||||
|
|
||||||
|
w = gcry_mpi_new (0);
|
||||||
|
a = gcry_mpi_new (0);
|
||||||
|
x = gcry_mpi_new (0);
|
||||||
|
y = gcry_mpi_new (0);
|
||||||
|
z = gcry_mpi_new (0);
|
||||||
|
I = gcry_mpi_new (0);
|
||||||
|
p = gcry_mpi_ec_get_mpi ("p", ctx, 1);
|
||||||
|
n = gcry_mpi_ec_get_mpi ("n", ctx, 1);
|
||||||
|
b = gcry_mpi_ec_get_mpi ("b", ctx, 1);
|
||||||
|
|
||||||
|
/* Check: 2^{p-1} mod p == 1 */
|
||||||
|
gcry_mpi_sub_ui (a, p, 1);
|
||||||
|
gcry_mpi_powm (w, GCRYMPI_CONST_TWO, a, p);
|
||||||
|
if (gcry_mpi_cmp_ui (w, 1))
|
||||||
|
fail ("failed assertion: 2^{p-1} mod p == 1\n");
|
||||||
|
|
||||||
|
/* Check: p % 4 == 1 */
|
||||||
|
gcry_mpi_mod (w, p, GCRYMPI_CONST_FOUR);
|
||||||
|
if (gcry_mpi_cmp_ui (w, 1))
|
||||||
|
fail ("failed assertion: p % 4 == 1\n");
|
||||||
|
|
||||||
|
/* Check: 2^{n-1} mod n == 1 */
|
||||||
|
gcry_mpi_sub_ui (a, n, 1);
|
||||||
|
gcry_mpi_powm (w, GCRYMPI_CONST_TWO, a, n);
|
||||||
|
if (gcry_mpi_cmp_ui (w, 1))
|
||||||
|
fail ("failed assertion: 2^{n-1} mod n == 1\n");
|
||||||
|
|
||||||
|
/* Check: b^{(p-1)/2} mod p == p-1 */
|
||||||
|
gcry_mpi_sub_ui (a, p, 1);
|
||||||
|
gcry_mpi_div (x, NULL, a, GCRYMPI_CONST_TWO, -1);
|
||||||
|
gcry_mpi_powm (w, b, x, p);
|
||||||
|
gcry_mpi_abs (w);
|
||||||
|
if (gcry_mpi_cmp (w, a))
|
||||||
|
fail ("failed assertion: b^{(p-1)/2} mod p == p-1\n");
|
||||||
|
|
||||||
|
/* I := 2^{(p-1)/4} mod p */
|
||||||
|
gcry_mpi_sub_ui (a, p, 1);
|
||||||
|
gcry_mpi_div (x, NULL, a, GCRYMPI_CONST_FOUR, -1);
|
||||||
|
gcry_mpi_powm (I, GCRYMPI_CONST_TWO, x, p);
|
||||||
|
|
||||||
|
/* Check: I^2 mod p == p-1 */
|
||||||
|
gcry_mpi_powm (w, I, GCRYMPI_CONST_TWO, p);
|
||||||
|
if (gcry_mpi_cmp (w, a))
|
||||||
|
fail ("failed assertion: I^2 mod p == p-1\n");
|
||||||
|
|
||||||
|
/* Check: G is on the curve */
|
||||||
|
if (!gcry_mpi_ec_curve_point (G, ctx))
|
||||||
|
fail ("failed assertion: G is on the curve\n");
|
||||||
|
|
||||||
|
/* Check: nG == (0,1) */
|
||||||
|
gcry_mpi_ec_mul (Q, n, G, ctx);
|
||||||
|
if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
|
||||||
|
fail ("failed to get affine coordinates\n");
|
||||||
|
if (gcry_mpi_cmp_ui (x, 0) || gcry_mpi_cmp_ui (y, 1))
|
||||||
|
fail ("failed assertion: nG == (0,1)\n");
|
||||||
|
|
||||||
|
/* Now two arbitrary point operations taken from the ed25519.py
|
||||||
|
sample data. */
|
||||||
|
gcry_mpi_release (a);
|
||||||
|
a = hex2mpi
|
||||||
|
("4f71d012df3c371af3ea4dc38385ca5bb7272f90cb1b008b3ed601c76de1d496"
|
||||||
|
"e30cbf625f0a756a678d8f256d5325595cccc83466f36db18f0178eb9925edd3");
|
||||||
|
gcry_mpi_ec_mul (Q, a, G, ctx);
|
||||||
|
if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
|
||||||
|
fail ("failed to get affine coordinates\n");
|
||||||
|
if (cmp_mpihex (x, ("157f7361c577aad36f67ed33e38dc7be"
|
||||||
|
"00014fecc2165ca5cee9eee19fe4d2c1"))
|
||||||
|
|| cmp_mpihex (y, ("5a69dbeb232276b38f3f5016547bb2a2"
|
||||||
|
"4025645f0b820e72b8cad4f0a909a092")))
|
||||||
|
{
|
||||||
|
fail ("sample point multiply failed:\n");
|
||||||
|
print_mpi ("r", a);
|
||||||
|
print_mpi ("Rx", x);
|
||||||
|
print_mpi ("Ry", y);
|
||||||
|
}
|
||||||
|
|
||||||
|
gcry_mpi_release (a);
|
||||||
|
a = hex2mpi
|
||||||
|
("2d3501e723239632802454ee5ddc406efb0bdf18486a5bde9c0390a9c2984004"
|
||||||
|
"f47252b628c953625b8deb5dbcb8da97aa43a1892d11fa83596f42e0d89cb1b6");
|
||||||
|
gcry_mpi_ec_mul (Q, a, G, ctx);
|
||||||
|
if (gcry_mpi_ec_get_affine (x, y, Q, ctx))
|
||||||
|
fail ("failed to get affine coordinates\n");
|
||||||
|
if (cmp_mpihex (x, ("6218e309d40065fcc338b3127f468371"
|
||||||
|
"82324bd01ce6f3cf81ab44e62959c82a"))
|
||||||
|
|| cmp_mpihex (y, ("5501492265e073d874d9e5b81e7f8784"
|
||||||
|
"8a826e80cce2869072ac60c3004356e5")))
|
||||||
|
{
|
||||||
|
fail ("sample point multiply failed:\n");
|
||||||
|
print_mpi ("r", a);
|
||||||
|
print_mpi ("Rx", x);
|
||||||
|
print_mpi ("Ry", y);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
gcry_mpi_release (I);
|
||||||
|
gcry_mpi_release (b);
|
||||||
|
gcry_mpi_release (n);
|
||||||
|
gcry_mpi_release (p);
|
||||||
|
gcry_mpi_release (w);
|
||||||
|
gcry_mpi_release (a);
|
||||||
|
gcry_mpi_release (x);
|
||||||
|
gcry_mpi_release (y);
|
||||||
|
gcry_mpi_release (z);
|
||||||
|
gcry_mpi_point_release (Q);
|
||||||
|
gcry_mpi_point_release (G);
|
||||||
|
gcry_mpi_release (k);
|
||||||
|
gcry_ctx_release (ctx);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
int
|
||||||
|
main (int argc, char **argv)
|
||||||
|
{
|
||||||
|
|
||||||
|
if (argc > 1 && !strcmp (argv[1], "--verbose"))
|
||||||
|
verbose = 1;
|
||||||
|
else if (argc > 1 && !strcmp (argv[1], "--debug"))
|
||||||
|
verbose = debug = 1;
|
||||||
|
|
||||||
|
if (!gcry_check_version (GCRYPT_VERSION))
|
||||||
|
die ("version mismatch\n");
|
||||||
|
|
||||||
|
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
|
||||||
|
gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
||||||
|
if (debug)
|
||||||
|
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u, 0);
|
||||||
|
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
||||||
|
|
||||||
|
set_get_point ();
|
||||||
|
context_alloc ();
|
||||||
|
context_param ();
|
||||||
|
basic_ec_math ();
|
||||||
|
twistededwards_math ();
|
||||||
|
|
||||||
|
show ("All tests completed. Errors: %d\n", error_count);
|
||||||
|
return error_count ? 1 : 0;
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user