diff options
| author | Werner Koch <wk@gnupg.org> | 2000-09-18 16:35:34 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2000-09-18 16:35:34 +0200 |
| commit | 986d928ce2a561b04fda7730de6a94f9b1e703d6 (patch) | |
| tree | 9d815bcf427ee76f678153f4b000d8843816a2bd /cipher | |
| parent | See ChangeLog: Tue Aug 22 14:31:15 CEST 2000 Werner Koch (diff) | |
| download | gnupg2-986d928ce2a561b04fda7730de6a94f9b1e703d6.tar.xz gnupg2-986d928ce2a561b04fda7730de6a94f9b1e703d6.zip | |
See ChangeLog: Mon Sep 18 16:35:45 CEST 2000 Werner Koch
Diffstat (limited to 'cipher')
| -rw-r--r-- | cipher/ChangeLog | 18 | ||||
| -rw-r--r-- | cipher/Makefile.am | 1 | ||||
| -rw-r--r-- | cipher/pubkey.c | 26 | ||||
| -rw-r--r-- | cipher/random.c | 4 | ||||
| -rw-r--r-- | cipher/rndlinux.c | 7 | ||||
| -rw-r--r-- | cipher/rndunix.c | 5 | ||||
| -rw-r--r-- | cipher/rsa.c | 136 |
7 files changed, 161 insertions, 36 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog index e37e3c351..2e4ebe53e 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,21 @@ +Mon Sep 18 16:35:45 CEST 2000 Werner Koch <wk@openit.de> + + * rndlinux.c (open_device): Loose random device checking. + By Nils Ellmenreich. + + * random.c (fast_random_poll): Check ENOSYS for getrusage. + * rndunix.c: Add 2 sources for QNX. By Sam Roberts. + + * pubkey.c (gcry_pk_algo_info): Add GCRYCTL_GET_ALGO_USAGE. + + * rsa.c: Changed the comment about the patent. + (secret): Speed up by using the CRT. For a 2k keys this + is about 3 times faster. + (stronger_key_check): New but unused code to check the secret key. + * Makefile.am: Included rsa.[ch]. + * pubkey.c: Enabled RSA support. + (pubkey_get_npkey): Removed RSA workaround. + Mon Jul 31 10:04:47 CEST 2000 Werner Koch <wk@openit.de> * pubkey.c: Replaced all gcry_sexp_{car,cdr}_{data,mpi} by the new diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 2ed370f05..26de92520 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -50,6 +50,7 @@ libcipher_la_SOURCES = cipher.c \ rmd.h \ dsa.h \ dsa.c \ + rsa.c rsa.h \ smallprime.c \ construct.c diff --git a/cipher/pubkey.c b/cipher/pubkey.c index bbf592bb4..3dab336d7 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -30,9 +30,7 @@ #include "cipher.h" #include "elgamal.h" #include "dsa.h" -#if 0 #include "rsa.h" -#endif #include "dynload.h" /* FIXME: use set_lasterr() */ @@ -196,7 +194,6 @@ setup_pubkey_table(void) BUG(); i++; - #if 0 pubkey_table[i].algo = PUBKEY_ALGO_RSA; pubkey_table[i].name = rsa_get_info( pubkey_table[i].algo, &pubkey_table[i].npkey, @@ -248,7 +245,6 @@ setup_pubkey_table(void) if( !pubkey_table[i].name ) BUG(); i++; - #endif for( ; i < TABLE_SIZE; i++ ) pubkey_table[i].name = NULL; @@ -433,8 +429,6 @@ pubkey_get_npkey( int algo ) if( pubkey_table[i].algo == algo ) return pubkey_table[i].npkey; } while( load_pubkey_modules() ); - if( is_RSA(algo) ) /* special hack, so that we are able to */ - return 2; /* see the RSA keyids */ return 0; } @@ -450,8 +444,6 @@ pubkey_get_nskey( int algo ) if( pubkey_table[i].algo == algo ) return pubkey_table[i].nskey; } while( load_pubkey_modules() ); - if( is_RSA(algo) ) /* special hack, so that we are able to */ - return 6; /* see the RSA keyids */ return 0; } @@ -467,8 +459,6 @@ pubkey_get_nsig( int algo ) if( pubkey_table[i].algo == algo ) return pubkey_table[i].nsig; } while( load_pubkey_modules() ); - if( is_RSA(algo) ) /* special hack, so that we are able to */ - return 1; /* see the RSA keyids */ return 0; } @@ -484,8 +474,6 @@ pubkey_get_nenc( int algo ) if( pubkey_table[i].algo == algo ) return pubkey_table[i].nenc; } while( load_pubkey_modules() ); - if( is_RSA(algo) ) /* special hack, so that we are able to */ - return 1; /* see the RSA keyids */ return 0; } @@ -1509,6 +1497,11 @@ gcry_pk_ctl( int cmd, void *buffer, size_t buflen) * Buffer must be NULL, nbytes may have the address of a variable * with the required usage of the algorithm. It may be 0 for don't * care or a combination of the GCRY_PK_USAGE_xxx flags; + * GCRYCTL_GET_ALGO_USAGE: + * Return the usage glafs for the give algo. An invalid alog + * does return 0. Disabled algos are ignored here becuase we + * only want to know whether the algo is at all capable of + * the usage. * * On error the value -1 is returned and the error reason may be * retrieved by gcry_errno(). @@ -1535,6 +1528,15 @@ gcry_pk_algo_info( int algo, int what, void *buffer, size_t *nbytes) } break; + case GCRYCTL_GET_ALGO_USAGE: + do { + int i; + for(i=0; pubkey_table[i].name; i++ ) + if( pubkey_table[i].algo == algo ) + return pubkey_table[i].use; + } while( load_pubkey_modules() ); + return 0; + case GCRYCTL_GET_ALGO_NPKEY: return pubkey_get_npkey( algo ); case GCRYCTL_GET_ALGO_NSKEY: return pubkey_get_nskey( algo ); case GCRYCTL_GET_ALGO_NSIGN: return pubkey_get_nsig( algo ); diff --git a/cipher/random.c b/cipher/random.c index 0258f5dd0..6f31b5625 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -604,7 +604,9 @@ fast_random_poll() #endif #else { struct rusage buf; - if( getrusage( RUSAGE_SELF, &buf ) ) + /* QNX/Neutrino does return ENOSYS - so we just ignore it and + * add whatever is in buf */ + if( getrusage( RUSAGE_SELF, &buf ) && errno != ENOSYS ) BUG(); add_randomness( &buf, sizeof buf, 1 ); memset( &buf, 0, sizeof buf ); diff --git a/cipher/rndlinux.c b/cipher/rndlinux.c index bca596fd1..c23269644 100644 --- a/cipher/rndlinux.c +++ b/cipher/rndlinux.c @@ -63,7 +63,7 @@ get_entropy_count( int fd ) #endif /**************** - * Used to open the Linux and xBSD /dev/random devices + * Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists), ...) */ static int open_device( const char *name, int minor ) @@ -76,8 +76,9 @@ open_device( const char *name, int minor ) g10_log_fatal("can't open %s: %s\n", name, strerror(errno) ); if( fstat( fd, &sb ) ) g10_log_fatal("stat() off %s failed: %s\n", name, strerror(errno) ); - if( !S_ISCHR(sb.st_mode) ) - g10_log_fatal("invalid random device!\n" ); + /* Don't check device type for better portability */ + /* if( (!S_ISCHR(sb.st_mode)) && (!S_ISFIFO(sb.st_mode)) ) + g10_log_fatal("invalid random device!\n" ); */ return fd; } diff --git a/cipher/rndunix.c b/cipher/rndunix.c index 99a416ea7..6c8e680b2 100644 --- a/cipher/rndunix.c +++ b/cipher/rndunix.c @@ -244,6 +244,7 @@ static struct RI { { "/usr/ucb/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 }, { "/usr/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 1 }, { "/bin/ps", "aux", SC(0.3), NULL, 0, 0, 0, 0 }, + { "/bin/ps", "-A", SC(0.3), NULL, 0, 0, 0, 0 }, /*QNX*/ { "/usr/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 1 }, { "/bin/ipcs", "-a", SC(0.5), NULL, 0, 0, 0, 0 }, /* Unreliable source, depends on system usage */ @@ -292,6 +293,10 @@ static struct RI { /* This is a complex and screwball program. Some systems have things * like rX_dmn, x = integer, for RAID systems, but the statistics are * pretty dodgy */ +#ifdef __QNXNTO__ + { "/bin/pidin", "-F%A%B%c%d%E%I%J%K%m%M%n%N%p%P%S%s%T", SC(0.3), + NULL, 0, 0, 0, 0 }, +#endif #if 0 /* The following aren't enabled since they're somewhat slow and not very * unpredictable, however they give an indication of the sort of sources diff --git a/cipher/rsa.c b/cipher/rsa.c index 5d852cd88..2bb451002 100644 --- a/cipher/rsa.c +++ b/cipher/rsa.c @@ -1,10 +1,6 @@ /* rsa.c - RSA function * Copyright (C) 1997, 1998, 1999 by Werner Koch (dd9jn) * Copyright (C) 2000 Free Software Foundation, Inc. - *********************************************************************** - * ATTENTION: This code should not be used in the United States - * before the U.S. Patent #4,405,829 expires on September 20, 2000! - *********************************************************************** * * This file is part of GnuPG. * @@ -23,11 +19,16 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ +/* This code uses an algorithm protected by U.S. Patent #4,405,829 + which expires on September 20, 2000. The patent holder placed that + patent into the public domain on Sep 6th, 2000. +*/ + #include <config.h> #include <stdio.h> #include <stdlib.h> #include <string.h> -#include "util.h" +#include "g10lib.h" #include "mpi.h" #include "cipher.h" #include "rsa.h" @@ -68,7 +69,7 @@ test_keys( RSA_secret_key *sk, unsigned nbits ) pk.e = sk->e; { char *p = get_random_bits( nbits, 0, 0 ); mpi_set_buffer( test, p, (nbits+7)/8, 0 ); - m_free(p); + g10_free(p); } public( out1, test, &pk ); @@ -200,22 +201,111 @@ public(MPI output, MPI input, RSA_public_key *pkey ) mpi_powm( output, input, pkey->e, pkey->n ); } +#if 0 +static void +stronger_key_check ( RSA_secret_key *skey ) +{ + MPI t = mpi_alloc_secure ( 0 ); + MPI t1 = mpi_alloc_secure ( 0 ); + MPI t2 = mpi_alloc_secure ( 0 ); + MPI phi = mpi_alloc_secure ( 0 ); + + /* check that n == p * q */ + mpi_mul( t, skey->p, skey->q); + if (mpi_cmp( t, skey->n) ) + log_info ( "RSA Oops: n != p * q\n" ); + + /* check that p is less than q */ + if( mpi_cmp( skey->p, skey->q ) > 0 ) + log_info ("RSA Oops: p >= q\n"); + + + /* check that e divides neither p-1 nor q-1 */ + mpi_sub_ui(t, skey->p, 1 ); + mpi_fdiv_r(t, t, skey->e ); + if ( !mpi_cmp_ui( t, 0) ) + log_info ( "RSA Oops: e divides p-1\n" ); + mpi_sub_ui(t, skey->q, 1 ); + mpi_fdiv_r(t, t, skey->e ); + if ( !mpi_cmp_ui( t, 0) ) + log_info ( "RSA Oops: e divides q-1\n" ); + + /* check that d is correct */ + mpi_sub_ui( t1, skey->p, 1 ); + mpi_sub_ui( t2, skey->q, 1 ); + mpi_mul( phi, t1, t2 ); + mpi_gcd(t, t1, t2); + mpi_fdiv_q(t, phi, t); + mpi_invm(t, skey->e, t ); + if ( mpi_cmp(t, skey->d ) ) + log_info ( "RSA Oops: d is wrong\n"); + + /* check for crrectness of u */ + mpi_invm(t, skey->p, skey->q ); + if ( mpi_cmp(t, skey->u ) ) + log_info ( "RSA Oops: u is wrong\n"); + + log_info ( "RSA secret key check finished\n"); + + mpi_free (t); + mpi_free (t1); + mpi_free (t2); + mpi_free (phi); +} +#endif + + + /**************** * Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT. * * m = c^d mod n * - * Where m is OUTPUT, c is INPUT and d,n are elements of PKEY. + * Or faster: * - * FIXME: We should better use the Chinese Remainder Theorem + * m1 = c ^ (d mod (p-1)) mod p + * m2 = c ^ (d mod (q-1)) mod q + * h = u * (m2 - m1) mod q + * m = m1 + h * p + * + * Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY. */ static void secret(MPI output, MPI input, RSA_secret_key *skey ) { + #if 0 mpi_powm( output, input, skey->d, skey->n ); + #else + MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); + MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); + MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 ); + + /* m1 = c ^ (d mod (p-1)) mod p */ + mpi_sub_ui( h, skey->p, 1 ); + mpi_fdiv_r( h, skey->d, h ); + mpi_powm( m1, input, h, skey->p ); + /* m2 = c ^ (d mod (q-1)) mod q */ + mpi_sub_ui( h, skey->q, 1 ); + mpi_fdiv_r( h, skey->d, h ); + mpi_powm( m2, input, h, skey->q ); + /* h = u * ( m2 - m1 ) mod q */ + mpi_sub( h, m2, m1 ); + if ( mpi_is_neg( h ) ) + mpi_add ( h, h, skey->q ); + mpi_mulm( h, skey->u, h, skey->q ); + /* m = m2 + h * p */ + mpi_mul ( h, h, skey->p ); + mpi_add ( output, m1, h ); + /* ready */ + + mpi_free ( h ); + mpi_free ( m1 ); + mpi_free ( m2 ); + #endif } + /********************************************* ************** interface ****************** *********************************************/ @@ -226,7 +316,7 @@ rsa_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors ) RSA_secret_key sk; if( !is_RSA(algo) ) - return G10ERR_PUBKEY_ALGO; + return GCRYERR_INV_PK_ALGO; generate( &sk, nbits ); skey[0] = sk.n; @@ -236,7 +326,7 @@ rsa_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors ) skey[4] = sk.q; skey[5] = sk.u; /* make an empty list of factors */ - *retfactors = m_alloc_clear( 1 * sizeof **retfactors ); + *retfactors = g10_xcalloc( 1, sizeof **retfactors ); return 0; } @@ -247,7 +337,7 @@ rsa_check_secret_key( int algo, MPI *skey ) RSA_secret_key sk; if( !is_RSA(algo) ) - return G10ERR_PUBKEY_ALGO; + return GCRYERR_INV_PK_ALGO; sk.n = skey[0]; sk.e = skey[1]; @@ -256,7 +346,7 @@ rsa_check_secret_key( int algo, MPI *skey ) sk.q = skey[4]; sk.u = skey[5]; if( !check_secret_key( &sk ) ) - return G10ERR_BAD_SECKEY; + return GCRYERR_INV_PK_ALGO; return 0; } @@ -269,7 +359,7 @@ rsa_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) RSA_public_key pk; if( algo != 1 && algo != 2 ) - return G10ERR_PUBKEY_ALGO; + return GCRYERR_INV_PK_ALGO; pk.n = pkey[0]; pk.e = pkey[1]; @@ -284,7 +374,7 @@ rsa_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) RSA_secret_key sk; if( algo != 1 && algo != 2 ) - return G10ERR_PUBKEY_ALGO; + return GCRYERR_INV_PK_ALGO; sk.n = skey[0]; sk.e = skey[1]; @@ -303,7 +393,7 @@ rsa_sign( int algo, MPI *resarr, MPI data, MPI *skey ) RSA_secret_key sk; if( algo != 1 && algo != 3 ) - return G10ERR_PUBKEY_ALGO; + return GCRYERR_INV_PK_ALGO; sk.n = skey[0]; sk.e = skey[1]; @@ -326,13 +416,13 @@ rsa_verify( int algo, MPI hash, MPI *data, MPI *pkey, int rc; if( algo != 1 && algo != 3 ) - return G10ERR_PUBKEY_ALGO; + return GCRYERR_INV_PK_ALGO; pk.n = pkey[0]; pk.e = pkey[1]; result = mpi_alloc( (160+BITS_PER_MPI_LIMB-1)/BITS_PER_MPI_LIMB); public( result, data[0], &pk ); /*rc = (*cmp)( opaquev, result );*/ - rc = mpi_cmp( result, hash )? G10ERR_BAD_SIGN:0; + rc = mpi_cmp( result, hash )? GCRYERR_BAD_SIGNATURE:0; mpi_free(result); return rc; @@ -366,10 +456,16 @@ rsa_get_info( int algo, *nsig = 1; switch( algo ) { - case 1: *usage = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC; return "RSA"; - case 2: *usage = PUBKEY_USAGE_ENC; return "RSA-E"; - case 3: *usage = PUBKEY_USAGE_SIG; return "RSA-S"; + case 1: *usage = GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR; return "RSA"; + case 2: *usage = GCRY_PK_USAGE_ENCR; return "RSA-E"; + case 3: *usage = GCRY_PK_USAGE_SIGN; return "RSA-S"; default:*usage = 0; return NULL; } } + + + + + + |