| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* build-aux/db2any: Update copyright notice.
* cipher/arcfour.c, cipher/blowfish.ccipher/cast5.c: Likewise.
* cipher/crc-armv8-ce.c, cipher/crc-intel-pclmul.c: Likewise.
* cipher/crc-ppc.c, cipher/crc.c, cipher/des.c: Likewise.
* cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
* cipher/primegen.c, cipher/rfc2268.c, cipher/rmd160.c: Likewise.
* cipher/seed.c, cipher/serpent.c, cipher/tiger.c: Likewise.
* cipher/twofish.c: Likewise.
* mpi/alpha/mpih-add1.S, mpi/alpha/mpih-lshift.S: Likewise.
* mpi/alpha/mpih-mul1.S, mpi/alpha/mpih-mul2.S: Likewise.
* mpi/alpha/mpih-mul3.S, mpi/alpha/mpih-rshift.S: Likewise.
* mpi/alpha/mpih-sub1.S, mpi/alpha/udiv-qrnnd.S: Likewise.
* mpi/amd64/mpih-add1.S, mpi/amd64/mpih-lshift.S: Likewise.
* mpi/amd64/mpih-mul1.S, mpi/amd64/mpih-mul2.S: Likewise.
* mpi/amd64/mpih-mul3.S, mpi/amd64/mpih-rshift.S: Likewise.
* mpi/amd64/mpih-sub1.S, mpi/config.links: Likewise.
* mpi/generic/mpih-add1.c, mpi/generic/mpih-lshift.c: Likewise.
* mpi/generic/mpih-mul1.c, mpi/generic/mpih-mul2.c: Likewise.
* mpi/generic/mpih-mul3.c, mpi/generic/mpih-rshift.c: Likewise.
* mpi/generic/mpih-sub1.c, mpi/generic/udiv-w-sdiv.c: Likewise.
* mpi/hppa/mpih-add1.S, mpi/hppa/mpih-lshift.S: Likewise.
* mpi/hppa/mpih-rshift.S, mpi/hppa/mpih-sub1.S: Likewise.
* mpi/hppa/udiv-qrnnd.S, mpi/hppa1.1/mpih-mul1.S: Likewise.
* mpi/hppa1.1/mpih-mul2.S, mpi/hppa1.1/mpih-mul3.S: Likewise.
* mpi/hppa1.1/udiv-qrnnd.S, mpi/i386/mpih-add1.S: Likewise.
* mpi/i386/mpih-lshift.S, mpi/i386/mpih-mul1.S: Likewise.
* mpi/i386/mpih-mul2.S, mpi/i386/mpih-mul3.S: Likewise.
* mpi/i386/mpih-rshift.S, mpi/i386/mpih-sub1.S: Likewise.
* mpi/i386/syntax.h, mpi/longlong.h: Likewise.
* mpi/m68k/mc68020/mpih-mul1.S, mpi/m68k/mc68020/mpih-mul2.S: Likewise.
* mpi/m68k/mc68020/mpih-mul3.S, mpi/m68k/mpih-add1.S: Likewise.
* mpi/m68k/mpih-lshift.S, mpi/m68k/mpih-rshift.S: Likewise.
* mpi/m68k/mpih-sub1.S, mpi/m68k/syntax.h: Likewise.
* mpi/mips3/mpih-add1.S, mpi/mips3/mpih-lshift.S: Likewise.
* mpi/mips3/mpih-mul1.S, mpi/mips3/mpih-mul2.S: Likewise.
* mpi/mips3/mpih-mul3.S, mpi/mips3/mpih-rshift.S: Likewise.
* mpi/mips3/mpih-sub1.S, mpi/mpi-add.c: Likewise.
* mpi/mpi-bit.c, mpi/mpi-cmp.c, mpi/mpi-div.c: Likewise.
* mpi/mpi-gcd.c, mpi/mpi-inline.c, mpi/mpi-inline.h: Likewise.
* mpi/mpi-internal.h, mpi/mpi-mpow.c, mpi/mpi-mul.c: Likewise.
* mpi/mpi-scan.c, mpi/mpih-div.c, mpi/mpih-mul.c: Likewise.
* mpi/pa7100/mpih-lshift.S, mpi/pa7100/mpih-rshift.S: Likewise.
* mpi/power/mpih-add1.S, mpi/power/mpih-lshift.S: Likewise.
* mpi/power/mpih-mul1.S, mpi/power/mpih-mul2.S: Likewise.
* mpi/power/mpih-mul3.S, mpi/power/mpih-rshift.S: Likewise.
* mpi/power/mpih-sub1.S, mpi/powerpc32/mpih-add1.S: Likewise.
* mpi/powerpc32/mpih-lshift.S, mpi/powerpc32/mpih-mul1.S: Likewise.
* mpi/powerpc32/mpih-mul2.S, mpi/powerpc32/mpih-mul3.S: Likewise.
* mpi/powerpc32/mpih-rshift.S, mpi/powerpc32/mpih-sub1.S: Likewise.
* mpi/powerpc32/syntax.h, mpi/sparc32/mpih-add1.S: Likewise.
* mpi/sparc32/mpih-lshift.S, mpi/sparc32/mpih-rshift.S: Likewise.
* mpi/sparc32/udiv.S, mpi/sparc32v8/mpih-mul1.S: Likewise.
* mpi/sparc32v8/mpih-mul2.S, mpi/sparc32v8/mpih-mul3.S: Likewise.
* mpi/supersparc/udiv.S: Likewise.
* random/random.h, random/rndegd.c: Likewise.
* src/cipher.h, src/libgcrypt.def, src/libgcrypt.vers: Likewise.
* src/missing-string.c, src/mpi.h, src/secmem.h: Likewise.
* src/stdmem.h, src/types.h: Likewise.
* tests/aeswrap.c, tests/curves.c, tests/hmac.c: Likewise.
* tests/keygrip.c, tests/prime.c, tests/random.c: Likewise.
* tests/t-kdf.c, tests/testapi.c: Likewise.
--
GnuPG-bug-id: 6271
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'aria.c'.
* cipher/aria.c: New.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add ARIA cipher
specs.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_CMAC_ARIA.
(_gcry_mac_type_spec_cmac_aria): New.
* cipher/mac-gmac.c (map_mac_algo_to_cipher): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_gmac_aria): New.
* cipher/mac-internal.h (_gcry_mac_type_spec_cmac_aria)
(_gcry_mac_type_spec_gmac_aria)
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac-poly1305.c (poly1305mac_open): Add GCRY_MAC_GMAC_ARIA.
(_gcry_mac_type_spec_poly1305mac_aria): New.
* cipher/mac.c (mac_list, mac_list_algo201, mac_list_algo401)
(mac_list_algo501): Add ARIA MAC specs.
* configure.ac (available_ciphers): Add 'aria'.
(GCRYPT_CIPHERS): Add 'aria.lo'.
(USE_ARIA): New.
* doc/gcrypt.texi: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192,
GCRY_CIPHER_ARIA256, GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* src/cipher.h (_gcry_cipher_spec_aria128, _gcry_cipher_spec_aria192)
(_gcry_cipher_spec_aria256): New.
* src/gcrypt.h.in (gcry_cipher_algos): Add GCRY_CIPHER_ARIA128,
GCRY_CIPHER_ARIA192 and GCRY_CIPHER_ARIA256.
(gcry_mac_algos): GCRY_MAC_CMAC_ARIA, GCRY_MAC_GMAC_ARIA and
GCRY_MAC_POLY1305_ARIA.
* tests/basic.c (check_ecb_cipher, check_ctr_cipher)
(check_cfb_cipher, check_ocb_cipher) [USE_ARIA]: Add ARIA test-vectors.
(check_ciphers) [USE_ARIA]: Add GCRY_CIPHER_ARIA128, GCRY_CIPHER_ARIA192
and GCRY_CIPHER_ARIA256.
(main): Also run 'check_bulk_cipher_modes' for 'cipher_modes_only'-mode.
* tests/bench-slope.c (bench_mac_init): Add GCRY_MAC_POLY1305_ARIA
setiv-handling.
* tests/benchmark.c (mac_bench): Likewise.
--
This patch adds ARIA block cipher for libgcrypt. This implementation
is based on work by Taehee Yoo, with following notable changes:
- Integration to libgcrypt, use of bithelp.h and bufhelp.h helper
functions where possible.
- Added lookup table prefetching as is done in AES, GCM and SM4
implementations.
- Changed `get_u8` to return `u32` as returning `byte` caused
sub-optimal code generation with gcc-12/x86-64 (zero extending
from 8-bit to 32-bit register, followed by extraneous sign
extending from 32-bit to 64-bit register).
- Changed 'aria_crypt' loop structure a bit for tiny performance
increase (~1% seen with gcc-12/x86-64/zen4).
Benchmark on AMD Ryzen 9 7900X (x86-64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 3.99 ns/B 239.1 MiB/s 22.43 c/B 5625
ECB dec | 4.00 ns/B 238.4 MiB/s 22.50 c/B 5625
Benchmark on AMD Ryzen 9 7900X (win32):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 4.57 ns/B 208.7 MiB/s 25.31 c/B 5538
ECB dec | 4.66 ns/B 204.8 MiB/s 25.39 c/B 5453
Benchmark on ARM Cortex-A53 (aarch64):
ARIA128 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 74.69 ns/B 12.77 MiB/s 48.40 c/B 647.9
ECB dec | 74.99 ns/B 12.72 MiB/s 48.58 c/B 647.9
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
| |
* cipher/kdf-internal.h: Move from here.
* src/cipher.h (blake2b_vl_hash): To here.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/blake2.c: Use const.
* cipher/camellia-glue.c, cipher/cipher.c, cipher/crc.c: Likewise.
* cipher/des.c, cipher/gost28147.c, cipher/gostr3411-94.c: Likewise.
* cipher/keccak.c, cipher/mac-cmac.c, cipher/mac-gmac.c: Likewise.
* cipher/mac-hmac.c, cipher/mac-internal.h: Likewise.
* cipher/mac-poly1305.c, cipher/mac.c, cipher/md.c: Likewise.
* cipher/md.c, cipher/md2.c, cipher/md4.c, cipher/md5.c: Likewise.
* cipher/pubkey.c, cipher/rfc2268.c, cipher/rijndael.c: Likewise.
* cipher/rmd160.c, cipher/seed.c, cipher/serpent.c: Likewise.
* cipher/sha1.c, cipher/sha256.c, cipher/sha512.c: Likewise.
* cipher/sm3.c, cipher/sm4.c, cipher/stribog.c: Likewise.
* cipher/pubkey.c, cipher/rfc2268.c, cipher/rijndael.c: Likewise.
* src/cipher-proto.h, src/cipher.h: Likewise.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/md.c (_gcry_md_hash_buffer): Remove used of
'spec->hash_buffer'.
* cipher/blake2.c (DEFINE_BLAKE2_VARIANT): Remove *_hash_buffer.
* cipher/crc.c: Remove spec hash_buffer NULL pointers.
* cipher/gostr3411-94.c: Remove spec hash_buffer NULL pointers.
* cipher/keccak.c (_gcry_sha3_hash_buffer
(_gcry_sha3_224_hash_buffer, _gcry_sha3_256_hash_buffer): Remove.
(_gcry_sha3_384_hash_buffer, _gcry_sha3_512_hash_buffer): Remove.
* cipher/md2.c: Remove spec hash_buffer NULL pointers.
* cipher/md4.c: Remove spec hash_buffer NULL pointers.
* cipher/md5.c: Remove spec hash_buffer NULL pointers.
* cipher/rmd160.c (_gcry_rmd160_hash_buffer): Remove.
* cipher/sha1.c (_gcry_sha1_hash_buffer): Rewrite using
_gcry_sha1_hash_buffers.
(_gcry_sha1_hash_buffers): Make static.
(_gcry_digest_spec_sha1): Remove hash_buffer pointer.
* cipher/sha256.c (_gcry_sha256_hash_buffer)
(_gcry_sha224_hash_buffer): Remove.
(_gcry_sha256_hash_buffers): Make static.
* cipher/sha512.c (_gcry_sha512_hash_buffer)
(_gcry_sha384_hash_buffer, _gcry_sha512_256_hash_buffer)
(_gcry_sha512_224_hash_buffer): Remove.
(_gcry_sha512_hash_buffers): Make static.
* cipher/sm3.c (_gcry_sm3_hash_buffer): Remove.
(_gcry_sm3_hash_buffers): Make static.
* cipher/stribog.c: Remove spec hash_buffer NULL pointers.
* cipher/tiger.c: Remove spec hash_buffer NULL pointers.
* cipher/whirlpool.c: Remove spec hash_buffer NULL pointers.
* src/cipher-proto.h (gcry_md_hash_buffer_t): Remove.
(gcry_md_spec_t): Remove 'hash_buffer'.
* src/cipher.h (_gcry_rmd160_hash_buffer, _gcry_sha1_hash_buffers)
(_gcry_sha256_hash_buffer, _gcry_sha256_hash_buffers)
(_gcry_sha512_hash_buffer, _gcry_sha512_hash_buffers)
(_gcry_sm3_hash_buffer, _gcry_sm3_hash_buffers): Remove.
--
Patch removes hash_buffer functions and uses hash_buffers instead
for code deduplication.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-internal.h (cipher_mode_ops_t, cipher_bulk_ops_t): New.
(gcry_cipher_handle): Define members 'mode_ops' and 'bulk' using new
types.
* cipher/cipher.c (_gcry_cipher_open_internal): Remove bulk function
setup.
(cipher_setkey): Pass context bulk function pointer to algorithm setkey
function.
* cipher/cipher-selftest.c (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk
function parameter; Use bulk function returned by setkey function.
* cipher/cipher-selftest.h (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Remove bulk
function parameter.
* cipher/arcfour.c (arcfour_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/blowfish.c (bf_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
(_gcry_blowfish_cfb_dec): Make static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest): Pass 'bulk_ops' to setkey function.
* cipher/camellia.c (camellia_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_camellia_ctr_enc, _gcry_camellia_cbc_dec)
(_gcry_camellia_cfb_dec, _gcry_camellia_ocb_crypt)
(_gcry_camellia_ocb_auth): Make static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest): Pass 'bulk_ops' to setkey function.
* cipher/cast5.c (cast_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec, _gcry_cast5_cfb_dec): Make
static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest): Pass 'bulk_ops' to setkey function.
* cipher/chacha20.c (chacha20_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/cast5.c (do_tripledes_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec): Make
static.
(bulk_selftest_setkey): Change 'hd' parameter to 'bulk_ops'.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(do_des_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/gost28147.c (gost_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/idea.c (idea_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/rfc2268.c (do_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/rijndael.c (do_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(rijndael_setkey): Change 'hd' parameter to 'bulk_ops'.
(_gcry_aes_cfb_enc, _gcry_aes_cfb_dec, _gcry_aes_cbc_enc)
(_gcry_aes_cbc_dec, _gcry_aes_ctr_enc, _gcry_aes_ocb_crypt)
(_gcry_aes_ocb_auth, _gcry_aes_xts_crypt): Make static.
(selftest_basic_128, selftest_basic_192, selftest_basic_256): Pass
'bulk_ops' to setkey function.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
* cipher/salsa20.c (salsa20_setkey): Change 'hd' parameter to
'bulk_ops'.
* cipher/seed.c (seed_setkey): Change 'hd' parameter to 'bulk_ops'.
* cipher/serpent.c (serpent_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec, _gcry_serpent_cfb_dec)
(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Make static.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass
bulk function to selftest helper.
* cipher/sm4.c (sm4_setkey): Change 'hd' parameter to 'bulk_ops'; Setup
'bulk_ops' with bulk acceleration functions.
(_gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec, _gcry_sm4_cfb_dec)
(_gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): Make static.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): Do not pass
bulk function to selftest helper.
* cipher/twofish.c (twofish_setkey): Change 'hd' parameter to
'bulk_ops'; Setup 'bulk_ops' with bulk acceleration functions.
(_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
(_gcry_twofish_cfb_dec, _gcry_twofish_ocb_crypt)
(_gcry_twofish_ocb_auth): Make static.
(selftest_ctr, selftest_cbc, selftest_cfb): Do not pass bulk function
to selftest helper.
(selftest, main): Pass 'bulk_ops' to setkey function.
* src/cipher-proto.h: Forward declare 'cipher_bulk_ops_t'.
(gcry_cipher_setkey_t): Replace 'hd' with 'bulk_ops'.
* src/cipher.h: Remove bulk acceleration function prototypes for
'aes', 'blowfish', 'cast5', 'camellia', '3des', 'serpent', 'sm4' and
'twofish'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_open_internal): Add SM4 bulk
functions.
* cipher/sm4.c (ATTR_ALIGNED_64): New.
(sbox): Convert to ...
(sbox_table): ... this structure for sbox hardening as is done
for AES and GCM.
(prefetch_sbox_table): New.
(sm4_t_non_lin_sub): Make inline; Optimize sbox access pattern.
(sm4_key_lin_sub): Make inline; Tune slightly.
(sm4_key_sub, sm4_enc_sub): Make inline.
(sm4_round): Make inline; Take 'x' as separate parameters instead
of array.
(sm4_expand_key): Return void; Drop keylen; Unroll loops by 4;
Wipe sensitive variables at end; Move key-length check to
'sm4_setkey'.
(sm4_setkey): Add initial self-test step; Add key-length check;
Remove burn stack (as variables wiped in 'sm4_expand_key').
(sm4_do_crypt): Return burn stack depth; Unroll loops by 4.
(sm4_encrypt, sm4_decrypt): Prefetch sbox table; Return burn
stack from 'sm4_do_crypt', as allows tail-call optimization
by compiler.
(sm4_do_crypt_blks2): New two parallel block function for greater
instruction level parallelism.
(sm4_crypt_blocks, _gcry_sm4_ctr_enc, _gcry_sm4_cbc_dec)
(_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New
bulk processing functions.
(selftest_ctr_128, selftest_cbc_128, selftest_cfb_128): New
bulk processing self-tests.
(sm4_selftest): Clear SM4 context before use; Use 'sm4_expand_key'
instead of 'sm4_setkey'; Call bulk processing self-tests.
* src/cipher.h (_gcry_sm4_ctr_enc, _gcry_sm4_ctr_dec)
(_gcry_sm4_cfb_dec, _gcry_sm4_ocb_crypt, _gcry_sm4_ocb_auth): New.
* tests/basic.c (check_ocb_cipher): Add SM4-OCB test vector.
--
Benchmark on AMD Ryzen 7 3700X (x86-64):
Before:
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 17.69 ns/B 53.92 MiB/s 76.50 c/B 4326
ECB dec | 17.74 ns/B 53.77 MiB/s 76.72 c/B 4325
CBC enc | 18.14 ns/B 52.56 MiB/s 78.47 c/B 4325
CBC dec | 18.05 ns/B 52.83 MiB/s 78.09 c/B 4326
CFB enc | 18.19 ns/B 52.44 MiB/s 78.67 c/B 4326
CFB dec | 18.16 ns/B 52.53 MiB/s 78.53 c/B 4326
OFB enc | 16.82 ns/B 56.70 MiB/s 72.96 c/B 4338
OFB dec | 16.87 ns/B 56.53 MiB/s 72.96 c/B 4325
CTR enc | 18.17 ns/B 52.47 MiB/s 78.62 c/B 4326
CTR dec | 18.02 ns/B 52.94 MiB/s 77.92 c/B 4325
XTS enc | 17.70 ns/B 53.87 MiB/s 76.11 c/B 4300
XTS dec | 17.65 ns/B 54.04 MiB/s 76.28 c/B 4323±1
CCM enc | 33.76 ns/B 28.25 MiB/s 146.9 c/B 4350
CCM dec | 34.07 ns/B 27.99 MiB/s 147.4 c/B 4326
CCM auth | 16.97 ns/B 56.19 MiB/s 73.41 c/B 4325
EAX enc | 34.02 ns/B 28.03 MiB/s 147.1 c/B 4325
EAX dec | 36.56 ns/B 26.08 MiB/s 159.1 c/B 4350
EAX auth | 17.02 ns/B 56.03 MiB/s 73.62 c/B 4325
GCM enc | 16.76 ns/B 56.90 MiB/s 72.50 c/B 4325
GCM dec | 18.01 ns/B 52.94 MiB/s 78.37 c/B 4350
GCM auth | 0.120 ns/B 7975 MiB/s 0.517 c/B 4325
OCB enc | 18.19 ns/B 52.43 MiB/s 78.68 c/B 4325
OCB dec | 18.15 ns/B 52.54 MiB/s 78.51 c/B 4325
OCB auth | 16.87 ns/B 56.54 MiB/s 72.95 c/B 4325
After (non-parallalizeble modes ~2.0x faster, parallel modes ~3.8x):
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 8.28 ns/B 115.1 MiB/s 35.84 c/B 4327±1
ECB dec | 8.33 ns/B 114.4 MiB/s 36.13 c/B 4336±1
CBC enc | 8.94 ns/B 106.7 MiB/s 38.66 c/B 4325
CBC dec | 4.78 ns/B 199.7 MiB/s 20.42 c/B 4275
CFB enc | 8.95 ns/B 106.5 MiB/s 38.72 c/B 4325
CFB dec | 4.81 ns/B 198.2 MiB/s 20.57 c/B 4275
OFB enc | 8.48 ns/B 112.5 MiB/s 36.66 c/B 4325
OFB dec | 8.42 ns/B 113.3 MiB/s 36.41 c/B 4325
CTR enc | 4.81 ns/B 198.2 MiB/s 20.69 c/B 4300
CTR dec | 4.80 ns/B 198.8 MiB/s 20.63 c/B 4300
XTS enc | 8.75 ns/B 109.0 MiB/s 37.83 c/B 4325
XTS dec | 8.86 ns/B 107.7 MiB/s 38.30 c/B 4326
CCM enc | 13.74 ns/B 69.42 MiB/s 59.42 c/B 4325
CCM dec | 13.77 ns/B 69.25 MiB/s 59.57 c/B 4326
CCM auth | 8.87 ns/B 107.5 MiB/s 38.36 c/B 4325
EAX enc | 13.76 ns/B 69.29 MiB/s 59.54 c/B 4326
EAX dec | 13.77 ns/B 69.25 MiB/s 59.57 c/B 4325
EAX auth | 8.89 ns/B 107.3 MiB/s 38.44 c/B 4325
GCM enc | 4.96 ns/B 192.3 MiB/s 21.20 c/B 4275
GCM dec | 4.91 ns/B 194.4 MiB/s 21.10 c/B 4300
GCM auth | 0.116 ns/B 8232 MiB/s 0.504 c/B 4351
OCB enc | 4.88 ns/B 195.5 MiB/s 20.86 c/B 4275
OCB dec | 4.85 ns/B 196.6 MiB/s 20.86 c/B 4301
OCB auth | 4.80 ns/B 198.9 MiB/s 20.62 c/B 4301
Benchmark on ARM Cortex-A53 (aarch64):
Before:
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 84.08 ns/B 11.34 MiB/s 54.48 c/B 648.0
ECB dec | 84.07 ns/B 11.34 MiB/s 54.47 c/B 648.0
CBC enc | 84.90 ns/B 11.23 MiB/s 55.01 c/B 647.9
CBC dec | 84.69 ns/B 11.26 MiB/s 54.87 c/B 648.0
CFB enc | 84.55 ns/B 11.28 MiB/s 54.79 c/B 648.0
CFB dec | 84.55 ns/B 11.28 MiB/s 54.78 c/B 648.0
OFB enc | 84.45 ns/B 11.29 MiB/s 54.72 c/B 647.9
OFB dec | 84.45 ns/B 11.29 MiB/s 54.72 c/B 648.0
CTR enc | 85.42 ns/B 11.16 MiB/s 55.35 c/B 648.0
CTR dec | 85.42 ns/B 11.16 MiB/s 55.35 c/B 648.0
XTS enc | 88.72 ns/B 10.75 MiB/s 57.49 c/B 648.0
XTS dec | 88.71 ns/B 10.75 MiB/s 57.48 c/B 648.0
CCM enc | 170.2 ns/B 5.60 MiB/s 110.3 c/B 647.9
CCM dec | 170.2 ns/B 5.60 MiB/s 110.3 c/B 648.0
CCM auth | 84.27 ns/B 11.32 MiB/s 54.60 c/B 648.0
EAX enc | 170.6 ns/B 5.59 MiB/s 110.5 c/B 648.0
EAX dec | 170.6 ns/B 5.59 MiB/s 110.5 c/B 648.0
EAX auth | 84.51 ns/B 11.29 MiB/s 54.76 c/B 648.0
GCM enc | 86.99 ns/B 10.96 MiB/s 56.36 c/B 648.0
GCM dec | 87.00 ns/B 10.96 MiB/s 56.37 c/B 648.0
GCM auth | 1.56 ns/B 609.9 MiB/s 1.01 c/B 648.0
OCB enc | 86.77 ns/B 10.99 MiB/s 56.22 c/B 648.0
OCB dec | 86.77 ns/B 10.99 MiB/s 56.22 c/B 648.0
OCB auth | 86.20 ns/B 11.06 MiB/s 55.85 c/B 648.0
After (non-parallalizable modes ~30% faster, parallel modes ~80%):
SM4 | nanosecs/byte mebibytes/sec cycles/byte auto Mhz
ECB enc | 64.85 ns/B 14.71 MiB/s 42.02 c/B 648.0
ECB dec | 64.78 ns/B 14.72 MiB/s 41.98 c/B 648.0
CBC enc | 64.53 ns/B 14.78 MiB/s 41.81 c/B 647.9
CBC dec | 45.09 ns/B 21.15 MiB/s 29.21 c/B 648.0
CFB enc | 64.56 ns/B 14.77 MiB/s 41.84 c/B 648.0
CFB dec | 45.52 ns/B 20.95 MiB/s 29.49 c/B 647.9
OFB enc | 64.14 ns/B 14.87 MiB/s 41.56 c/B 648.0
OFB dec | 64.14 ns/B 14.87 MiB/s 41.56 c/B 648.0
CTR enc | 45.54 ns/B 20.94 MiB/s 29.51 c/B 648.0
CTR dec | 45.53 ns/B 20.95 MiB/s 29.50 c/B 648.0
XTS enc | 67.88 ns/B 14.05 MiB/s 43.98 c/B 648.0
XTS dec | 67.69 ns/B 14.09 MiB/s 43.86 c/B 648.0
CCM enc | 110.6 ns/B 8.62 MiB/s 71.66 c/B 648.0
CCM dec | 110.2 ns/B 8.65 MiB/s 71.42 c/B 648.0
CCM auth | 64.87 ns/B 14.70 MiB/s 42.04 c/B 648.0
EAX enc | 109.9 ns/B 8.68 MiB/s 71.22 c/B 648.0
EAX dec | 109.9 ns/B 8.68 MiB/s 71.22 c/B 648.0
EAX auth | 64.37 ns/B 14.81 MiB/s 41.71 c/B 648.0
GCM enc | 47.07 ns/B 20.26 MiB/s 30.51 c/B 648.0
GCM dec | 47.08 ns/B 20.26 MiB/s 30.51 c/B 648.0
GCM auth | 1.55 ns/B 614.7 MiB/s 1.01 c/B 648.0
OCB enc | 48.38 ns/B 19.71 MiB/s 31.35 c/B 648.0
OCB dec | 48.11 ns/B 19.82 MiB/s 31.17 c/B 648.0
OCB auth | 46.71 ns/B 20.42 MiB/s 30.27 c/B 648.0
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_PREHASH): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse it.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm4.c.
* cipher/cipher.c (cipher_list, cipher_list_algo301): Add
_gcry_cipher_spec_sm4.
* cipher/mac-cmac.c (map_mac_algo_to_cipher): Add cmac SM4.
(_gcry_mac_type_spec_cmac_sm4): Add cmac SM4.
* cipher/mac-internal.h: Declare spec_cmac_sm4.
* cipher/mac.c (mac_list, mac_list_algo201): Add cmac SM4.
* cipher/sm4.c: New.
* configure.ac (available_ciphers): Add sm4.
* doc/gcrypt.texi: Add SM4 document.
* src/cipher.h: Add declarations for SM4 and cmac SM4.
* src/gcrypt.h.in (gcry_cipher_algos): Add algorithm ID for SM4.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[jk: add missing mapping in mac-cmac.c:map_mac_algo_to_cipher]
[jk: add GCRY_MAC_CMAC_SM4 to gcrypt.texi]
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/gost28147.c (gost_do_set_sbox, cryptopro_key_meshing,
CryptoProMeshingKey, gost_encrypt_block_mesh): New.
(_gcry_cipher_spec_gost28147_mesh): New cipher with keymeshing,
(_gcry_cipher_spec_gost28147): Remove OIDs for this cipher should not
be selected using these OIDs (they are for CFB with keymeshing).
* cipher/cipher.c (cipher_list, cipher_list_algo301): add
_gcry_cipher_spec_gost28147_mesh.
* src/gcrypt.h.in (GCRY_CIPHER_GOST28147_MESH): New cipher with
keymeshing.
* doc/gcrypt.texi (GCRY_CIPHER_GOST28147_MESH): Add definition.
* tests/basic.c (check_gost28147_cipher, check_gost28147_cipher_basic):
Run basic tests on GCRY_CIPHER_GOST28147_MESH.
--
Add actual cipher implementing CryptoPro KeyMeshing. This has been
requested by AltLinux team to properly support CFB-encrypted CMS files.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (enabled_pubkey_ciphers): Add ecc-sm2.
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add ecc-sm2.c.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
_gcry_pk_util_preparse_sigval): Add sm2 flags.
* cipher/ecc.c: Support ecc-sm2.
* cipher/ecc-common.h: Add declarations for ecc-sm2.
* cipher/ecc-sm2.c: New.
* src/cipher.h: Define PUBKEY_FLAG_SM2.
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping for SHA512/224
and SHA512/256.
(_gcry_mac_type_spec_hmac_sha512_256)
(_gcry_mac_type_spec_hmac_sha512_224): New.
* cipher/mac-internal.h (_gcry_mac_type_spec_hmac_sha512_256)
(_gcry_mac_type_spec_hmac_sha512_224): New.
* cipher/mac.c (mac_list, mac_list_algo101): Add SHA512/224 and
SHA512/256.
* cipher/md.c (digest_list, digest_list_algo301)
(prepare_macpads): Ditto.
* cipher/sha512.c (run_selftests): Ditto.
(sha512_init_common): Move common initialization here.
(sha512_init, sha384_init): Use common initialization function.
(sha512_224_init, sha512_256_init, _gcry_sha512_224_hash_buffer)
(_gcry_sha512_224_hash_buffers, _gcry_sha512_256_hash_buffer)
(_gcry_sha512_256_hash_buffers, selftests_sha512_224)
(selftests_sha512_256, sha512_224_asn, oid_spec_sha512_224)
(_gcry_digest_spec_sha512_224, sha512_256_asn, oid_spec_sha512_256)
(_gcry_digest_spec_sha512_256): New.
* doc/gcrypt.texi: Add SHA512/224 and SHA512/256; Add missing
HMAC-BLAKE2s and HMAC-BLAKE2b.
* src/cipher.h (_gcry_digest_spec_sha512_224)
(_gcry_digest_spec_sha512_256): New.
* src/gcrypt.h.in (GCRY_MD_SHA512_256, GCRY_MD_SHA512_224): New.
(GCRY_MAC_HMAC_SHA512_256, GCRY_MAC_HMAC_SHA512_224): New.
* tests/basic.c (check_digests): Add SHA512/224 and SHA512/256
test vectors.
--
This change adds truncated SHA512/224 and SHA512/256 algorithms
specified in FIPS 180-4.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher-proto.h (gcry_md_hash_buffer_t)
(gcry_md_hash_buffers_t): New.
(gcry_md_spec): Add hash_buffer and hash_buffers.
* cipher/md.c (_gcry_md_hash_buffer, _gcry_md_hash_buffers): Use
hash_buffer/hash_buffers from MD spec instead of hard-coding supported
algorithms.
* cipher/blake2.c: Add NULL to MD spec hash_buffer and hash_buffers
pointers.
* cipher/crc.c: Ditto.
* cipher/gostr3411-94.c: Ditto.
* cipher/keccak.c: Ditto.
* cipher/md2.c: Ditto.
* cipher/md4.c: Ditto.
* cipher/md5.c: Ditto.
* cipher/stribog.c: Ditto.
* cipher/tiger.c: Ditto.
* cipher/whirlpool.c: Ditto.
* cipher/rmd160.c (_gcry_rmd160_hash_buffers): New.
(_gcry_digest_spec_rmd160): Add hash_buffer and hash_buffers functions.
* cipher/sha1.c (_gcry_digest_spec_sha1): Add hash_buffer and
hash_buffers functions.
* cipher/sha256.c (_gcry_digest_spec_sha256): Add hash_buffer and
hash_buffers functions.
(_gcry_digest_spec_sha224): Add NULL pointers for hash_buffer and
hash_buffers.
* cipher/sha512.c (_gcry_digest_spec_sha1): Add hash_buffer and
hash_buffers functions.
(_gcry_digest_spec_sha384): Add NULL pointers for hash_buffer and
hash_buffers.
* cipher/sm3.c (_gcry_digest_spec_sha1): Add hash_buffer and
hash_buffers functions.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-internal.h (gcry_cipher_handle): Change bulk
XTS function to take cipher context.
* cipher/cipher-xts.c (_gcry_cipher_xts_crypt): Ditto.
* cipher/cipher.c (_gcry_cipher_open_internal): Setup AES-NI
XTS bulk function.
* cipher/rijndael-aesni.c (xts_gfmul_const, _gcry_aes_aesni_xts_enc)
(_gcry_aes_aesni_xts_enc, _gcry_aes_aesni_xts_crypt): New.
* cipher/rijndael.c (_gcry_aes_aesni_xts_crypt)
(_gcry_aes_xts_crypt): New.
* src/cipher.h (_gcry_aes_xts_crypt): New.
--
Benchmarks on Intel Core i7-4790K, 4.0Ghz (no turbo):
Before:
XTS enc | 1.66 ns/B 575.7 MiB/s 6.63 c/B
XTS dec | 1.66 ns/B 575.5 MiB/s 6.63 c/B
After (~6x faster):
XTS enc | 0.270 ns/B 3528.5 MiB/s 1.08 c/B
XTS dec | 0.272 ns/B 3511.5 MiB/s 1.09 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (available_digests): Add sm3.
* src/cipher.h: Add declarations for SM3.
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add sm3.c.
* cipher/md.c [USE_SM3] (digest_list): Add _gcry_digest_spec_sm3.
* cipher/pubkey-util.c (hashnames): Add "sm3".
* cipher/sm3.c: New.
* tests/basic.c (check_digests): Add test vectors for SM3.
* tests/hashtest-256g.in (algos): Add SM3.
* tests/hashtest.c (testvectors): Add for SM3.
--
GnuPG-bug-id: 3454
Signed-off-by: Jia Zhang <qianyue.zj@alibaba-inc.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/sha256.c (_gcry_sha256_hash_buffer): New.
(_gcry_sha256_hash_buffers): New.
* cipher/sha512.c (_gcry_sha512_hash_buffer): New.
(_gcry_sha512_hash_buffers): New.
* cipher/md.c (_gcry_md_hash_buffer): Optimize for SHA246 and SHA512.
(_gcry_md_hash_buffers): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/blake2.c: New.
* cipher/Makefile.am: Add 'blake2.c'.
* cipher/md.c (digest_list, prepare_macpads): Add BLAKE2.
(md_setkey): New.
(_gcry_md_setkey): Call 'md_setkey' for non-HMAC md.
* configure.ac: Add BLAKE2 digest.
* doc/gcrypt.texi: Add BLAKE2.
* src/cipher.h (_gcry_blake2_init_with_key)
(_gcry_digest_spec_blake2b_512, _gcry_digest_spec_blake2b_384)
(_gcry_digest_spec_blake2b_256, _gcry_digest_spec_blake2b_160)
(_gcry_digest_spec_blake2s_256, _gcry_digest_spec_blake2s_224)
(_gcry_digest_spec_blake2s_160, _gcry_digest_spec_blake2s_128): New.
* src/gcrypt.h.in (GCRY_MD_BLAKE2B_512, GCRY_MD_BLAKE2B_384)
(GCRY_MD_BLAKE2B_256, GCRY_MD_BLAKE2B_160, GCRY_MD_BLAKE2S_256)
(GCRY_MD_BLAKE2S_224, GCRY_MD_BLAKE2S_160, GCRY_MD_BLAKE2S_128): New.
* tests/basic.c (check_one_md): Add testing for keyed hashes.
(check_digests): Add BLAKE2 test vectors; Add testing for keyed hashes.
* tests/blake2b.h: New.
* tests/blake2s.h: New.
* tests/Makefile.am: Add 'blake2b.h' and 'blake2s.h'.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/hash-common.c (_gcry_hash_selftest_check_one): Add handling for
XOFs.
* src/keccak.c (keccak_ops_t): Rename 'extract_inplace' to 'extract'
and add 'pos' argument.
(KECCAK_CONTEXT): Add 'suffix'.
(keccak_extract_inplace64): Rename to...
(keccak_extract64): ...this; Add handling for 'pos' argument.
(keccak_extract_inplace32bi): Rename to...
(keccak_extract32bi): ...this; Add handling for 'pos' argument.
(keccak_extract_inplace64): Rename to...
(keccak_extract64): ...this; Add handling for 'pos' argument.
(keccak_extract_inplace32bi_bmi2): Rename to...
(keccak_extract32bi_bmi2): ...this; Add handling for 'pos' argument.
(keccak_init): Setup 'suffix'; add SHAKE128 & SHAKE256.
(shake128_init, shake256_init): New.
(keccak_final): Do not initial permute for SHAKE output; use correct
suffix for SHAKE.
(keccak_extract): New.
(keccak_selftests_keccak): Add SHAKE128 & SHAKE256 test-vectors.
(run_selftests): Add SHAKE128 & SHAKE256.
(shake128_asn, oid_spec_shake128, shake256_asn, oid_spec_shake256)
(_gcry_digest_spec_shake128, _gcry_digest_spec_shake256): New.
* cipher/md.c (digest_list): Add SHAKE128 & SHAKE256.
* doc/gcrypt.texi: Ditto.
* src/cipher.h (_gcry_digest_spec_shake128)
(_gcry_digest_spec_shake256): New.
* src/gcrypt.h.in (GCRY_MD_SHAKE128, GCRY_MD_SHAKE256): New.
* tests/basic.c (check_one_md): Add XOF check; Add 'elen' argument.
(check_one_md_multi): Skip if algo is XOF.
(check_digests): Add SHAKE128 & SHAKE256 test vectors.
* tests/bench-slope.c (kdf_bench_one): Skip XOFs.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_MD_SHA3_224, GCRY_MD_SHA3_256)
(GCRY_MD_SHA3_384, GCRY_MD_SHA3_512): New.
(GCRY_MAC_HMAC_SHA3_224, GCRY_MAC_HMAC_SHA3_256)
(GCRY_MAC_HMAC_SHA3_384, GCRY_MAC_HMAC_SHA3_512): New.
* cipher/keccak.c: New with stub functions.
* cipher/Makefile.am (EXTRA_libcipher_la_SOURCES): Add keccak.c.
* configure.ac (available_digests): Add sha3.
(USE_SHA3): New.
* src/fips.c (run_hmac_selftests): Add SHA3 to the required selftests.
* cipher/md.c (digest_list) [USE_SHA3]: Add standard SHA3 algos.
(md_open): Ditto for hmac processing.
* cipher/mac-hmac.c (map_mac_algo_to_md): Add mapping.
* cipher/hmac-tests.c (run_selftests): Prepare for tests.
* cipher/pubkey-util.c (get_hash_algo): Add "sha3-xxx".
--
Note that the algo GCRY_MD_SHA3_xxx are prelimanry. We should try to
sync them with OpenPGP.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519.
* tests/curves.c (N_CURVES): It's 22 now.
* src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New.
* cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New.
* cipher/ecc.c (nist_generate_key): Handle the case of
PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
(test_ecdh_only_keys, check_secret_key): Likewise.
(ecc_generate): Support Curve25519 which is Montgomery curve with flag
PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP.
(ecc_encrypt_raw): Get flags from KEYPARMS and handle
PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
(ecc_decrypt_raw): Likewise.
(compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist):
PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK.
Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
--
With PUBKEY_FLAG_DJB_TWEAK, secret key has msb set and it should be
always multiple by cofactor.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-ocb.c (_gcry_cipher_ocb_authenticate)
(ocb_crypt): Change bulk function to return number of unprocessed
blocks.
* src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth)
(_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth)
(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth)
(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
to 'size_t'.
* cipher/camellia-glue.c (get_l): Only if USE_AESNI_AVX or
USE_AESNI_AVX2 defined.
(_gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): Change return type
to 'size_t' and return remaining blocks; Remove unaccelerated common
code path. Enable remaining common code only if USE_AESNI_AVX or
USE_AESNI_AVX2 defined; Remove unaccelerated common code.
* cipher/rijndael.c (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): Change
return type to 'size_t' and return zero.
* cipher/serpent.c (get_l): Only if USE_SSE2, USE_AVX2 or USE_NEON
defined.
(_gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): Change return type
to 'size_t' and return remaining blocks; Remove unaccelerated common
code path. Enable remaining common code only if USE_SSE2, USE_AVX2 or
USE_NEON defined; Remove unaccelerated common code.
* cipher/twofish.c (get_l): Only if USE_AMD64_ASM defined.
(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): Change return type
to 'size_t' and return remaining blocks; Remove unaccelerated common
code path. Enable remaining common code only if USE_AMD64_ASM defined;
Remove unaccelerated common code.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
functions for Serpent.
* cipher/serpent-armv7-neon.S: Add OCB assembly functions.
* cipher/serpent-avx2-amd64.S: Add OCB assembly functions.
* cipher/serpent-sse2-amd64.S: Add OCB assembly functions.
* cipher/serpent.c (_gcry_serpent_sse2_ocb_enc)
(_gcry_serpent_sse2_ocb_dec, _gcry_serpent_sse2_ocb_auth)
(_gcry_serpent_neon_ocb_enc, _gcry_serpent_neon_ocb_dec)
(_gcry_serpent_neon_ocb_auth, _gcry_serpent_avx2_ocb_enc)
(_gcry_serpent_avx2_ocb_dec, _gcry_serpent_avx2_ocb_auth): New
prototypes.
(get_l, _gcry_serpent_ocb_crypt, _gcry_serpent_ocb_auth): New.
* src/cipher.h (_gcry_serpent_ocb_crypt)
(_gcry_serpent_ocb_auth): New.
* tests/basic.c (check_ocb_cipher): Add test-vector for serpent.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
functions for Twofish.
* cipher/twofish-amd64.S: Add OCB assembly functions.
* cipher/twofish.c (_gcry_twofish_amd64_ocb_enc)
(_gcry_twofish_amd64_ocb_dec, _gcry_twofish_amd64_ocb_auth): New
prototypes.
(call_sysv_fn5, call_sysv_fn6, twofish_amd64_ocb_enc)
(twofish_amd64_ocb_dec, twofish_amd64_ocb_auth, get_l)
(_gcry_twofish_ocb_crypt, _gcry_twofish_ocb_auth): New.
* src/cipher.h (_gcry_twofish_ocb_crypt)
(_gcry_twofish_ocb_auth): New.
* tests/basic.c (check_ocb_cipher): Add test-vector for Twofish.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/camellia-aesni-avx-amd64.S: Add OCB assembly functions.
* cipher/camellia-aesni-avx2-amd64.S: Add OCB assembly functions.
* cipher/camellia-glue.c (_gcry_camellia_aesni_avx_ocb_enc)
(_gcry_camellia_aesni_avx_ocb_dec, _gcry_camellia_aesni_avx_ocb_auth)
(_gcry_camellia_aesni_avx2_ocb_enc, _gcry_camellia_aesni_avx2_ocb_dec)
(_gcry_camellia_aesni_avx2_ocb_auth): New prototypes.
(get_l, _gcry_camellia_ocb_crypt, _gcry_camellia_ocb_auth): New.
* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
functions for Camellia.
* src/cipher.h (_gcry_camellia_ocb_crypt)
(_gcry_camellia_ocb_auth): New.
* tests/basic.c (check_ocb_cipher): Add test-vector for Camellia.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
"no-keytest". Return an error for invalid flags of length 10.
* cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
set random level depending on flags.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
* cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
remove var random_level.
(nist_generate_key): Implement "no-keytest" flag.
* tests/keygen.c (check_ecc_keys): Add tests for transient-key and
no-keytest.
--
After key creation we usually run a test to check whether the keys
really work. However for transient keys this might be too time
consuming and given that a failed test would anyway abort the process
the optional use of a flag to skip the test is appropriate.
Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to
create such a key. This was measured by looping the last test from
check_ecc_keys() 1000 times with and without the flag.
Due to a bug in the flags parser unknown flags with a length of 10
characters were not detected. Thus the "no-keytest" flag can be
employed by all software even for libraries before this. That bug is
however solved with this version.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/cipher-internal.h (gcry_cipher_handle): Add bulk.ocb_crypt
and bulk.ocb_auth.
(_gcry_cipher_ocb_get_l): New prototype.
* cipher/cipher-ocb.c (get_l): Rename to ...
(_gcry_cipher_ocb_get_l): ... this.
(_gcry_cipher_ocb_authenticate, ocb_crypt): Use bulk function when
available.
* cipher/cipher.c (_gcry_cipher_open_internal): Setup OCB bulk
functions for AES.
* cipher/rijndael-aesni.c (get_l, aesni_ocb_enc, aes_ocb_dec)
(_gcry_aes_aesni_ocb_crypt, _gcry_aes_aesni_ocb_auth): New.
* cipher/rijndael.c [USE_AESNI] (_gcry_aes_aesni_ocb_crypt)
(_gcry_aes_aesni_ocb_auth): New prototypes.
(_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New.
* src/cipher.h (_gcry_aes_ocb_crypt, _gcry_aes_ocb_auth): New
prototypes.
* tests/basic.c (check_ocb_cipher_largebuf): New.
(check_ocb_cipher): Add large buffer encryption/decryption test.
--
Patch adds bulk encryption/decryption/authentication code for AES-NI
accelerated AES.
Benchmark on Intel i5-4570 (3200 Mhz, turbo off):
Before:
AES | nanosecs/byte mebibytes/sec cycles/byte
OCB enc | 2.12 ns/B 449.7 MiB/s 6.79 c/B
OCB dec | 2.12 ns/B 449.6 MiB/s 6.79 c/B
OCB auth | 2.07 ns/B 459.9 MiB/s 6.64 c/B
After:
AES | nanosecs/byte mebibytes/sec cycles/byte
OCB enc | 0.292 ns/B 3262.5 MiB/s 0.935 c/B
OCB dec | 0.297 ns/B 3212.2 MiB/s 0.950 c/B
OCB auth | 0.260 ns/B 3666.1 MiB/s 0.832 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_MD_GOSTR3411_CP): New.
* src/cipher.h (_gcry_digest_spec_gost3411_cp): New.
* cipher/gost28147.c (_gcry_gost_enc_one): Differentiate between
CryptoPro and Test S-Boxes.
* cipher/gostr3411-94.c (_gcry_digest_spec_gost3411_cp,
gost3411_cp_init): New.
* cipher/md.c (md_open): GCRY_MD_GOSTR3411_CP also uses B=32.
--
RFC4357 defines only two S-Boxes that should be used together with
GOST R 34.11-94 - a testing one (from standard itself, for testing only)
and CryptoPro one. Instead of adding a separate gcry_md_ctrl() function
just to switch s-boxes, add a separate MD algorithm using CryptoPro
S-box.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'chacha20.c'.
* cipher/chacha20.c: New.
* cipher/cipher.c (cipher_list): Add ChaCha20.
* configure.ac: Add ChaCha20.
* doc/gcrypt.texi: Add ChaCha20.
* src/cipher.h (_gcry_cipher_spec_chacha20): New.
* src/gcrypt.h.in (GCRY_CIPHER_CHACHA20): Add new algo.
* tests/basic.c (MAX_DATA_LEN): Increase to 128 from 100.
(check_stream_cipher): Add ChaCha20 test-vectors.
(check_ciphers): Add ChaCha20.
--
Patch adds Bernstein's ChaCha20 cipher to libgcrypt. Implementation is based
on public domain implementations.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'des-amd64.S'.
* cipher/cipher-selftests.c (_gcry_selftest_helper_cbc)
(_gcry_selftest_helper_cfb, _gcry_selftest_helper_ctr): Handle failures
from 'setkey' function.
* cipher/cipher.c (_gcry_cipher_open_internal) [USE_DES]: Setup bulk
functions for 3DES.
* cipher/des-amd64.S: New file.
* cipher/des.c (USE_AMD64_ASM, ATTR_ALIGNED_16): New macros.
[USE_AMD64_ASM] (_gcry_3des_amd64_crypt_block)
(_gcry_3des_amd64_ctr_enc), _gcry_3des_amd64_cbc_dec)
(_gcry_3des_amd64_cfb_dec): New prototypes.
[USE_AMD64_ASM] (tripledes_ecb_crypt): New function.
(TRIPLEDES_ECB_BURN_STACK): New macro.
(_gcry_3des_ctr_enc, _gcry_3des_cbc_dec, _gcry_3des_cfb_dec)
(bulk_selftest_setkey, selftest_ctr, selftest_cbc, selftest_cfb): New
functions.
(selftest): Add call to CTR, CBC and CFB selftest functions.
(do_tripledes_encrypt, do_tripledes_decrypt): Use
TRIPLEDES_ECB_BURN_STACK.
* configure.ac [host=x86-64]: Add 'des-amd64.lo'.
* src/cipher.h (_gcry_3des_ctr_enc, _gcry_3des_cbc_dec)
(_gcry_3des_cfb_dec): New prototypes.
--
Add non-parallel functions for small speed-up and 3-way parallel functions for
modes of operation that support parallel processing.
Old vs new (Intel Core i5-4570):
================================
enc dec
ECB 1.17x 1.17x
CBC 1.17x 2.51x
CFB 1.16x 2.49x
OFB 1.17x 1.17x
CTR 2.56x 2.56x
Old vs new (Intel Core i5-2450M):
=================================
enc dec
ECB 1.28x 1.28x
CBC 1.27x 2.33x
CFB 1.27x 2.34x
OFB 1.27x 1.27x
CTR 2.36x 2.35x
New (Intel Core i5-4570):
=========================
3DES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 28.39 ns/B 33.60 MiB/s 90.84 c/B
ECB dec | 28.27 ns/B 33.74 MiB/s 90.45 c/B
CBC enc | 29.50 ns/B 32.33 MiB/s 94.40 c/B
CBC dec | 13.35 ns/B 71.45 MiB/s 42.71 c/B
CFB enc | 29.59 ns/B 32.23 MiB/s 94.68 c/B
CFB dec | 13.41 ns/B 71.12 MiB/s 42.91 c/B
OFB enc | 28.90 ns/B 33.00 MiB/s 92.47 c/B
OFB dec | 28.90 ns/B 33.00 MiB/s 92.48 c/B
CTR enc | 13.39 ns/B 71.20 MiB/s 42.86 c/B
CTR dec | 13.39 ns/B 71.21 MiB/s 42.86 c/B
Old (Intel Core i5-4570):
=========================
3DES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 33.24 ns/B 28.69 MiB/s 106.4 c/B
ECB dec | 33.26 ns/B 28.67 MiB/s 106.4 c/B
CBC enc | 34.45 ns/B 27.69 MiB/s 110.2 c/B
CBC dec | 33.45 ns/B 28.51 MiB/s 107.1 c/B
CFB enc | 34.43 ns/B 27.70 MiB/s 110.2 c/B
CFB dec | 33.41 ns/B 28.55 MiB/s 106.9 c/B
OFB enc | 33.79 ns/B 28.22 MiB/s 108.1 c/B
OFB dec | 33.79 ns/B 28.22 MiB/s 108.1 c/B
CTR enc | 34.27 ns/B 27.83 MiB/s 109.7 c/B
CTR dec | 34.27 ns/B 27.83 MiB/s 109.7 c/B
New (Intel Core i5-2450M):
==========================
3DES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 42.21 ns/B 22.59 MiB/s 105.5 c/B
ECB dec | 42.23 ns/B 22.58 MiB/s 105.6 c/B
CBC enc | 43.70 ns/B 21.82 MiB/s 109.2 c/B
CBC dec | 23.25 ns/B 41.02 MiB/s 58.12 c/B
CFB enc | 43.71 ns/B 21.82 MiB/s 109.3 c/B
CFB dec | 23.23 ns/B 41.05 MiB/s 58.08 c/B
OFB enc | 42.73 ns/B 22.32 MiB/s 106.8 c/B
OFB dec | 42.73 ns/B 22.32 MiB/s 106.8 c/B
CTR enc | 23.31 ns/B 40.92 MiB/s 58.27 c/B
CTR dec | 23.35 ns/B 40.84 MiB/s 58.38 c/B
Old (Intel Core i5-2450M):
==========================
3DES | nanosecs/byte mebibytes/sec cycles/byte
ECB enc | 53.98 ns/B 17.67 MiB/s 134.9 c/B
ECB dec | 54.00 ns/B 17.66 MiB/s 135.0 c/B
CBC enc | 55.43 ns/B 17.20 MiB/s 138.6 c/B
CBC dec | 54.27 ns/B 17.57 MiB/s 135.7 c/B
CFB enc | 55.42 ns/B 17.21 MiB/s 138.6 c/B
CFB dec | 54.35 ns/B 17.55 MiB/s 135.9 c/B
OFB enc | 54.49 ns/B 17.50 MiB/s 136.2 c/B
OFB dec | 54.49 ns/B 17.50 MiB/s 136.2 c/B
CTR enc | 55.02 ns/B 17.33 MiB/s 137.5 c/B
CTR dec | 55.01 ns/B 17.34 MiB/s 137.5 c/B
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/md2.c: New.
* cipher/md.c (digest_list): add _gcry_digest_spec_md2.
* tests/basic.c (check_digests): add MD2 test vectors.
* configure.ac (default_digests): disable md2 by default.
--
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Some minor indentation fixes by wk.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_ENC_PKCS1_RAW): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Handle pkcs1-raw
flag.
* cipher/pubkey-util.c (_gcry_pk_util_data_to_mpi):
Handle s-exp like (data (flags pkcs1-raw) (value xxxxx))
* cipher/rsa-common.c (_gcry_rsa_pkcs1_encode_raw_for_sig):
PKCS#1-encode data with embedded hash OID for signature verification.
* tests/basic.c (check_pubkey_sign): Add tests for s-exps with pkcs1-raw
flag.
--
Allow user to specify (flags pkcs1-raw) to enable pkcs1 padding of raw
value (no hash algorithm is specified). It is up to the user to verify
that the passed value is properly formatted and includes DER-encoded
ASN OID of the used hash function.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/Makefile.am: Add 'cipher-cmac.c' and 'mac-cmac.c'.
* cipher/cipher-cmac.c: New.
* cipher/cipher-internal.h (gcry_cipher_handle.u_mode): Add 'cmac'.
* cipher/cipher.c (gcry_cipher_open): Rename to...
(_gcry_cipher_open_internal): ...this and add CMAC.
(gcry_cipher_open): New wrapper that disallows use of internal
modes (CMAC) from outside.
(cipher_setkey, cipher_encrypt, cipher_decrypt)
(_gcry_cipher_authenticate, _gcry_cipher_gettag)
(_gcry_cipher_checktag): Add handling for CMAC mode.
(cipher_reset): Do not reset 'marks.key' and do not clear subkeys in
'u_mode' in CMAC mode.
* cipher/mac-cmac.c: New.
* cipher/mac-internal.h: Add CMAC support and algorithms.
* cipher/mac.c: Add CMAC algorithms.
* doc/gcrypt.texi: Add documentation for CMAC.
* src/cipher.h (gcry_cipher_internal_modes): New.
(_gcry_cipher_open_internal, _gcry_cipher_cmac_authenticate)
(_gcry_cipher_cmac_get_tag, _gcry_cipher_cmac_check_tag)
(_gcry_cipher_cmac_set_subkeys): New prototypes.
* src/gcrypt.h.in (gcry_mac_algos): Add CMAC algorithms.
* tests/basic.c (check_mac): Add CMAC test vectors.
--
Patch adds CMAC (Cipher-based MAC) as defined in RFC 4493 and NIST
Special Publication 800-38B.
Internally CMAC is added to cipher module, but is available to outside
only through MAC API.
[v2]:
- Add documentation.
[v3]:
- CMAC algorithm ids start from 201.
- Coding style fixes.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/arcfour.c (do_encrypt_stream, encrypt_stream): Use 'size_t'
for buffer lengths.
* cipher/blowfish.c (_gcry_blowfish_ctr_enc, _gcry_blowfish_cbc_dec)
(_gcry_blowfish_cfb_dec): Ditto.
* cipher/camellia-glue.c (_gcry_camellia_ctr_enc)
(_gcry_camellia_cbc_dec, _gcry_blowfish_cfb_dec): Ditto.
* cipher/cast5.c (_gcry_cast5_ctr_enc, _gcry_cast5_cbc_dec)
(_gcry_cast5_cfb_dec): Ditto.
* cipher/cipher-aeswrap.c (_gcry_cipher_aeswrap_encrypt)
(_gcry_cipher_aeswrap_decrypt): Ditto.
* cipher/cipher-cbc.c (_gcry_cipher_cbc_encrypt)
(_gcry_cipher_cbc_decrypt): Ditto.
* cipher/cipher-ccm.c (_gcry_cipher_ccm_encrypt)
(_gcry_cipher_ccm_decrypt): Ditto.
* cipher/cipher-cfb.c (_gcry_cipher_cfb_encrypt)
(_gcry_cipher_cfb_decrypt): Ditto.
* cipher/cipher-ctr.c (_gcry_cipher_ctr_encrypt): Ditto.
* cipher/cipher-internal.h (gcry_cipher_handle->bulk)
(_gcry_cipher_cbc_encrypt, _gcry_cipher_cbc_decrypt)
(_gcry_cipher_cfb_encrypt, _gcry_cipher_cfb_decrypt)
(_gcry_cipher_ofb_encrypt, _gcry_cipher_ctr_encrypt)
(_gcry_cipher_aeswrap_encrypt, _gcry_cipher_aeswrap_decrypt)
(_gcry_cipher_ccm_encrypt, _gcry_cipher_ccm_decrypt): Ditto.
* cipher/cipher-ofb.c (_gcry_cipher_cbc_encrypt): Ditto.
* cipher/cipher-selftest.h (gcry_cipher_bulk_cbc_dec_t)
(gcry_cipher_bulk_cfb_dec_t, gcry_cipher_bulk_ctr_enc_t): Ditto.
* cipher/cipher.c (cipher_setkey, cipher_setiv, do_ecb_crypt)
(do_ecb_encrypt, do_ecb_decrypt, cipher_encrypt)
(cipher_decrypt): Ditto.
* cipher/rijndael.c (_gcry_aes_ctr_enc, _gcry_aes_cbc_dec)
(_gcry_aes_cfb_dec, _gcry_aes_cbc_enc, _gcry_aes_cfb_enc): Ditto.
* cipher/salsa20.c (salsa20_setiv, salsa20_do_encrypt_stream)
(salsa20_encrypt_stream, salsa20r12_encrypt_stream): Ditto.
* cipher/serpent.c (_gcry_serpent_ctr_enc, _gcry_serpent_cbc_dec)
(_gcry_serpent_cfb_dec): Ditto.
* cipher/twofish.c (_gcry_twofish_ctr_enc, _gcry_twofish_cbc_dec)
(_gcry_twofish_cfb_dec): Ditto.
* src/cipher-proto.h (gcry_cipher_stencrypt_t)
(gcry_cipher_stdecrypt_t, cipher_setiv_fuct_t): Ditto.
* src/cipher.h (_gcry_aes_cfb_enc, _gcry_aes_cfb_dec)
(_gcry_aes_cbc_enc, _gcry_aes_cbc_dec, _gcry_aes_ctr_enc)
(_gcry_blowfish_cfb_dec, _gcry_blowfish_cbc_dec)
(_gcry_blowfish_ctr_enc, _gcry_cast5_cfb_dec, _gcry_cast5_cbc_dec)
(_gcry_cast5_ctr_enc, _gcry_camellia_cfb_dec, _gcry_camellia_cbc_dec)
(_gcry_camellia_ctr_enc, _gcry_serpent_cfb_dec, _gcry_serpent_cbc_dec)
(_gcry_serpent_ctr_enc, _gcry_twofish_cfb_dec, _gcry_twofish_cbc_dec)
(_gcry_twofish_ctr_enc): Ditto.
--
On 64-bit platforms, cipher module internally converts 64-bit size_t values
to 32-bit unsigned integers.
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_NOCOMP): New.
(PUBKEY_FLAG_NOPARAM): Remove.
(PUBKEY_FLAG_PARAM): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new
flags and ignore the obsolete "noparam" flag.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name
also for curves selected by NBITS.
(_gcry_mpi_ec_new): Support the "param" flag.
* cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto.
* tests/keygen.c (check_ecc_keys): Remove the "noparam" flag.
--
This is an API change but there are not many ECC users yet and adding
the "param" flag for those who really need the parameters (e.g. if
private keys have been stored without the curve name, it can easily be
added.
Note that no version of Libgcrypt with support for "noparam" has been
released but for the sake of projects already working with the master
version we don't bail out on "noparam".
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_ECDSA): Remove.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Remove "ecdsa".
* cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Require "eddsa" flag.
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Depend "eddsa" flag.
* tests/benchmark.c, tests/keygen.c, tests/pubkey.c
* tests/t-ed25519.c, tests/t-mpi-point.c: Adjust for changed flags.
--
This changes make using ECDSA signatures the default for all curves.
If another signing algorithm is to be used, the corresponding flag
needs to be given. In particular the flags "eddsa" is now always
required with curve Ed25519 to comply with the specs. This change
makes the code better readable by not assuming a certain signature
algorithm depending on the curve.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags
and change code for possible faster parsing.
* cipher/ecc.c (ecc_generate): Implement the "noparam" flag.
(ecc_sign): Ditto.
(ecc_verify): Ditto.
* tests/keygen.c (check_ecc_keys): Use the "noparam" flag.
* cipher/ecc.c (ecc_generate): Fix parsing of the deprecated
transient-flag parameter.
(ecc_verify): Do not make Q optional in the extract-param call.
--
Note that the "comp" flag has not yet any effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h: define PUBKEY_FLAG_GOST
* cipher/ecc-curves.c: Add GOST2001-test and GOST2012-test curves
defined in standards. Typical applications would use either those
curves, or curves defined in RFC 4357 (will be added later).
* cipher/ecc.c (sign_gost, verify_gost): New.
(ecc_sign, ecc_verify): use sign_gost/verify_gost if PUBKEY_FLAG_GOST
is set.
(ecc_names): add "gost" for gost signatures.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist,
_gcry_pk_util_preparse_sigval): set PUBKEY_FLAG_GOST if gost flag
is present in s-exp.
* tests/benchmark.c (ecc_bench): also benchmark GOST signatures.
* tests/basic.c (check_pubkey): add two public keys from
GOST R 34.10-2012 standard.
(check_pubkey_sign_ecdsa): add two data sets to check gost signatures.
* tests/curves.c: correct N_CURVES as we now have 2 more curves.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Removed some comments from the new curve definitions in ecc-curves.c
to avoid line wrapping. Eventually we will develop a precompiler to
avoid parsing those hex strings. -wk
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_ECDSA): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa".
* cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output.
(ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA.
* tests/keygen.c (check_ecc_keys): Create such a test key.
* tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New.
Take from dsa-6979.c
(check_ed25519ecdsa_sample_key): new.
(main): Call new test.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
(PUBKEY_FLAG_USE_X931): New.
(PUBKEY_FLAG_USE_FIPS186): New.
(PUBKEY_FLAG_USE_FIPS186_2): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from
parse_flags_list. Parse new flags.
* cipher/dsa.c (dsa_generate): Support flag list.
* cipher/ecc.c (ecc_generate): Ditto.
* cipher/rsa.c (rsa_generate): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey-util.c (_gcry_pk_util_preparse_encval)
(_gcry_pk_util_data_to_mpi): Factor flag parsing code out to ..
(parse_flag_list): New.
* src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New.
--
A minor disadvantage of that code is that invalid flags are not
anymore detected depending on the use. According to the documentation
this is anyway the expected behavior.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
| |
* src/gcrypt-module.h (gcry_md_spec_t): Move to ...
* src/cipher-proto.h: here. Merge with md_extra_spec_t. Add fields
ALGO and FLAGS. Set these fields in all digest modules.
* cipher/md.c: Change most code to replace the former module
system by a simpler system to gain information about the algorithms.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt-module.h (gcry_cipher_spec_t): Move to ...
* src/cipher-proto.h (gcry_cipher_spec_t): here. Merge with
cipher_extra_spec_t. Add fields ALGO and FLAGS. Set these fields in
all cipher modules.
* cipher/cipher.c: Change most code to replace the former module
system by a simpler system to gain information about the algorithms.
(disable_pubkey_algo): Simplified. Not anymore thread-safe, though.
* cipher/md.c (_gcry_md_selftest): Use correct structure. Not a real
problem because both define the same function as their first field.
* cipher/pubkey.c (_gcry_pk_selftest): Take care of the disabled flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/rfc2268.c (oids_rfc2268_128): New
(_gcry_cipher_spec_rfc2268_128): New.
* cipher/cipher.c (cipher_table_entry): Add GCRY_CIPHER_RFC2268_128.
--
This patch adds support for decrypting (and encrypting) using 128-bit
keys using the RC2 algorithm.
Signed-off-by: Peter Wu <lekensteyn@gmail.com>
Actually this is merely enabling that extra ID for 128 bit RFC2268.
We should have used one id for that algorithm only, because a second
identifier merely for having the OID in the code is a bad idea. My
initial fault and thus I better apply this patch to make the id not
entirely useless. -wk
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_PK_ECC): New.
* cipher/pubkey.c (map_algo): New.
(spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it.
* cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC.
(run_selftests): Simplify.
(ecdh_names, ecdsa_names): Merge into a new ecc_names.
(_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new
_gcry_pubkey_spec_ecc.
--
The algo ids are actually a relict from Libgcrypt's former life as
GnuPG's crypto code. They don't make much sense anymore and are often
not needed.
This patch requires some changes to the GnuPG 2.1 code (which has
still not been released). For example the secret key transfer between
gpg and gpg-agent (gpg --export and gpg --import). Fortunately this
will also require to add usage flags to the secret key storage of
gpg-agent which is is something we should have done a long time ago.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (sexp_to_enc): Remove RET_MODERN arg and merge it
into FLAGS.
(gcry_pk_decrypt): Move result s-exp building into the modules.
* src/cipher-proto.h (gcry_pk_decrypt_t): Add some args.
* cipher/ecc.c (ecc_decrypt_raw): Change to return an s-exp.
* cipher/elgamal.c (elg_decrypt): Ditto.
* cipher/rsa.c (rsa_decrypt): Ditto.
(rsa_blind, rsa_unblind): Merge into rsa_decrypt. This saves several
extra MPI allocations.
--
The extra args added to gcry_pk_decrypt_t are a temporary solution
unti we move the input s-exp parsing also into the modules.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
| |
* cipher/pubkey.c (_gcry_pk_aliased_algo_name): Remove
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/pubkey.c (pubkey_encrypt): Fold into gcry_pk_encrypt.
(pubkey_decrypt): Fold into gcry_pk_decrypt.
(pubkey_sign): Fold into gcry_pk_sign.
(pubkey_verify): Fold into gcry_pk_verify.
(octet_string_from_mpi): Make it a wrapper and factor code out to ...
* mpi/mpicoder.c (_gcry_mpi_to_octet_string): New function.
* src/cipher.h (PUBKEY_FLAG_FIXEDLEN): New.
* cipher/pubkey.c (sexp_data_to_mpi): Set flag for some encodings.
(gcry_pk_encrypt): Simply by moving the s-expr generation to the modules.
(gcry_pk_sign): Ditto.
* cipher/dsa.c (dsa_sign): Create s-expr.
* cipher/elgamal.c (elg_encrypt, elg_sign): Ditto.
* cipher/rsa.c (rsa_encrypt, rsa_sign): Ditto.
* cipher/ecc.c (ecc_sign, ecc_encrypt_raw): Ditto.
(ecdsa_names): Add "eddsa".
* tests/t-ed25519.c (one_test): Expect "eddsa" token.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/cipher-proto.h (gcry_pk_spec_t): Add fields ALGO and FLAGS.
* cipher/dsa.c (_gcry_pubkey_spec_dsa): Set these fields.
* cipher/ecc.c (_gcry_pubkey_spec_ecdsa): Ditto.
(_gcry_pubkey_spec_ecdh): Ditto.
* cipher/rsa.c (_gcry_pubkey_spec_rsa): Ditto.
* cipher/elgamal.c (_gcry_pubkey_spec_elg): Ditto
(_gcry_pubkey_spec_elg_e): New.
* cipher/pubkey.c: Change most code to replace the former module
system by a simpler system to gain information about the algorithms.
(disable_pubkey_algo): SImplified. Not anymore thread-safe, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt-module.h (gcry_pk_spec_t): Move this typedef and the
corresponding function typedefs to ...
* src/cipher-proto.h: here.
(pk_extra_spec_t): Remove typedef and merge fields into
gcry_pk_spec_t.
* cipher/rsa.c, cipher/dsa.c, cipher/elg.c, cipher/ecc.c: Ditto.
* cipher/pubkey.c: Change accordingly.
* src/cipher.h (_gcry_pubkey_extraspec_rsa): Remove.
(_gcry_pubkey_extraspec_dsa): Remove.
(_gcry_pubkey_extraspec_elg): Remove.
(_gcry_pubkey_extraspec_ecdsa): Remove.
--
Now that we don't have loadable modules anymore, we don't need to keep
the internal API between the modules and thus can simplify the code.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/gcrypt.h.in (GCRY_MD_GOSTR3411_12_256)
(GCRY_MD_GOSTR3411_12_512): New.
* cipher/stribog.c: New.
* configure.ac (available_digests_64): Add stribog.
* src/cipher.h: Declare Stribog declarations.
* cipher/md.c: Register Stribog digest.
* tests/basic.c (check_digests) Add 4 testcases for Stribog from
standard.
* doc/gcrypt.texi: Document new constants.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
