| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (struct getattr_one_parm_s): New.
(getattr_one_status_cb): New.
(agent_scd_getattr_one): New.
* g10/pubkey-enc.c (get_it): Allow the standard leading zero byte from
pkcs#1.
* g10/skclist.c (enum_secret_keys): Handle non-OpenPGP cards.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_scd_keypairinfo): Use --keypairinfo.
* sm/call-agent.c (gpgsm_agent_scd_keypairinfo): Ditto.
* scd/app-openpgp.c (do_getattr): Add attributes "$ENCRKEYID" and
"$SIGNKEYID".
* scd/app-piv.c (do_getattr): Ditto.
--
We already have $AUTHKEYID to locate the keyref of the key to be used
with ssh. It will also be useful to have default keyref for
encryption and signing. For example, this will allow us to repalce
the use of "OPENPGP.2" by a app type specific keyref.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/skclist.c (enum_secret_keys): Move list forward on error.
--
The error is not easy to reproduce but may occur if a card is removed
at the wrong time. Tested by changing the code.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (print_pkenc_list): Simplify.
--
This changes the output from
# ------------------------ >8 ------------------------
gpg: encrypted with 2048-bit RSA key, ID D20073D46DF6C97D, created 2019-04-02
"Test with PIV card"
to
gpg: encrypted with rsa2048 key, ID D20073D46DF6C97D, created 2019-04-02
"Test with PIV card"
Signed-off-by: Werner Koch <[email protected]>
# ------------------------ 8< ------------------------
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--
Note that this new menu 14 is always displayed. The usage flags can
be changed only in --expert mode, though. Creating and using signing
keys works but decryption does not yet work; we will need to tweak a
couple of other places for that. Tested with a Yubikey's PIV app.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
flags.
* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/call-agent.c (start_agent): Use card app auto selection.
* g10/card-util.c (current_card_status): Print the Application type.
(card_status): Put empty line between card listings.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (scd_keypairinfo_status_cb)
(agent_scd_keypairinfo): New. Taken from gpgsm.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
| |
* g10/call-agent.c (inq_writekey_parms): Remove.
(agent_scd_writekey): Remove.
(agent_clear_pin_cache): Remove this stub.
|
| |
|
|
|
|
| |
* g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.
--
This change matters when it is called from ask_card_keyattr.
Some-comments-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic. Change to take ownership of
arg keyblock. Implement extra secret key import logic. Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--
The PGP desktops exported secret keys are really stupid. And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):
[...] Implementations SHOULD include self-signatures on any user
IDs and subkeys, as this allows for a complete public key to be
automatically extracted from the transferable secret key.
Implementations MAY choose to omit the self-signatures, especially
if a transferable public key accompanies the transferable secret
key.
Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.
GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t. Return an
error code if sec_to_pub_keyblock failed. Resync secret keyblock.
--
When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway. This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key. After importing
the public key the secret keys suddenly showed up.
This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.
Caution: The ecc.scm test now fails because two of the sample keys
don't have binding signatures.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'. Remove
useless code for "sub" and "ssb".
* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info. Do
not print the first keyinfo in FROM_SK mode.
printing.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/cpr.c (write_status_printf): Escape CR and LF.
* g10/import.c (print_import_check): Simplify by using
write_status_printf and hexfingerprint.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_plaintext): Do not use freed memory.
--
GnuPG-bug-id: 4407
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove. Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--
These search modes were added over time and there has until recently
be no incentive to remove the cruft. With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include
rfc4880bis features.
(main): Change rfc4880bis warning to a note.
--
Note that the default is CO_GNUPG and not CO_OPENPGP. CO_OPENPGP does
not include rfc4880bis yet and has a couple of things we don't like,
like --allow-non-selfsigned-uids.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/build-packet.c (gpg_mpi_write): New optional arg
R_NWRITTEN. Allow NULL for OUT. Change all callers.
(do_key): Support v5 keys.
(build_sig_subpkt_from_sig): Support 32 byte fingerprints.
* g10/parse-packet.c (parse_signature): First try to set the keyid
from the issuer fingerprint.
(parse_key): Support v5 keys.
(create_gpg_control): Better make sure to always allocate the static
size of the struct in case future compilers print warnings.
* g10/keyid.c (hash_public_key): Add v5 support.
(keyid_from_pk): Ditto.
(keyid_from_fingerprint): Ditto.
(fingerprint_from_pk): Ditto.
* g10/keygen.c (KEYGEN_FLAG_CREATE_V5_KEY): New.
(pVERSION, pSUBVERSION): New.
(add_feature_v5): New.
(keygen_upd_std_prefs): Call it.
(do_create_from_keygrip): Add arg keygen_flags and support the v5
flag.
(common_gen): Support the v5 flag.
(parse_key_parameter_part): New flags v4 and v5.
(parse_key_parameter_string): Add args for version and subversion.
(read_parameter_file): New keywords "Key-Version" and
"Subkey-Version".
(quickgen_set_para): Add arg 'version'.
(quick_generate_keypair, generate_keypair): Support version parms.
(do_generate_keypair): Support v5 key flag.
(generate_subkeypair): Ditto.
(generate_card_subkeypair): Preparse for keyflags.
(gen_card_key): Ditto.
* g10/sig-check.c (check_signature2): Add args extrahash and
extrahashlen.
(check_signature_end): Ditto.
(check_signature_end_simple): Ditto. Use them.
* g10/mainproc.c (proc_plaintext): Put extra hash infor into the
control packet.
(do_check_sig): Add args extrahas and extrahashlen and pass them on.
(issuer_fpr_raw): Support 32 byte fingerprint.
(check_sig_and_print): get extra hash data and pass it on.
--
Note that this is only basic support and requires more fine
tuning/fixing.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/userids.c (classify_user_id): Support 32 byte fingerprints.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
(struct keydb_search_desc): Add field fprlen.
* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
version and increase size of fpr to 32.
* kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
(struct keyboxblob_key): Add field fprlen and increase size of fpr.
(pgp_create_key_part_single): Allow larger fingerprints.
(create_blob_header): Implement blob version 2 and add arg want_fpr32.
(_keybox_create_openpgp_blob): Detect the need for blob version 2.
* kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
fingerprints.
(blob_cmp_fpr): Ditto.
(blob_cmp_fpr_part): Ditto.
(has_fingerprint): Add arg fprlen and pass on.
(keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
changed has_fingerprint.
* kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
* kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.
* g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
* g10/export.c (exact_subkey_match_p): Ditto.
* g10/gpg.c (main): Ditto.
* g10/getkey.c (get_pubkey_byfprint): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
* g10/keydb.c (keydb_search_desc_dump): Support
KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
(keydb_search): Add new arg fprlen and change all callers.
* g10/keyedit.c (find_by_primary_fpr): Ditto.
* g10/keyid.c (keystr_from_desc): Ditto.
* g10/keyring.c (keyring_search): Ditto.
* g10/keyserver.c (print_keyrec): Ditto.
(parse_keyrec): Ditto.
(keyserver_export): Ditto.
(keyserver_retrieval_screener): Ditto.
(keyserver_import): Ditto.
(keyserver_import_fprint): Ditto.
(keyidlist): Ditto.
(keyserver_get_chunk): Ditto.
* g10/keydb.c (keydb_search): Add new arg fprlen and change all
callers.
* sm/keydb.c (keydb_search_fpr): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
--
This prepares the support for OpenPGP v5 keys. The new version 2 blob
format is needed for the longer fingerprints and we also use this
opportunity to prepare for storing the keygrip in the blob for faster
lookup by keygrip. Right now this is not yet functional.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac (AC_CHECK_SIZEOF): Test size_t.
* g10/sig-check.c (check_signature_end_simple): Support v5 signatures
as per current rfc4880bis. For correctness also allow for N > 2^32.
* g10/sign.c (pt_extra_hash_data_t): New.
(hash_sigversion_to_magic): New arg EXTRAHASH.
(write_plaintext_packet): New arg R_EXTRAHASH.
(write_signature_packets): Pass EXTRAHASH.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
--
Take care: The code path for v5 sigs has not yet been tested.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c (kek_params_table): Revert the change.
* scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
for 384-bit key.
--
Avoiding CIPHER_ALGO_AES192 is intentional here.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.
--
Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_key_line): Print a warning for invalid algos.
--
Non-OpenPGP compliant keys now show a warning flag on the sec or pub
line like in:
gpg: can't encode a 256 bit MD into a 88 bits frame, algo=8
sec cv25519 2019-01-30 [INVALID_ALGO]
4239F3D606A19258E7A88C3F9A3F4F909C5034C5
uid [ultimate] ffffff
Instead of showing the usage flags "[CE]". Without this patch only
the error message is printed and the reason for it was not immediately
obvious (cv25519 is encryption only but we always consider the primary
key as having the "C" flag).
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/keylist.c (list_one): Emit status line.
--
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
--
Due to this missing mapping a "gpg --export --full-gen-key" with
selection "13 - Existing key" did not worked for an ed25519 key.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/call-agent.c (agent_get_s2k_count): Actually return the count.
--
The previous push was definitely a bit to hasty.
Fixes-Commit: ec13b1c562e34c0fcbc7b848ab6dc187b79cf2c1
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file. Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--
The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created. See the code
comment for details.
GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (struct pubkey_enc_list): Add result.
* g10/mainproc.c (proc_pubkey_enc): Initialize ->result.
(proc_encrypted): Report STATUS_NO_SECKEY status.
* g10/pubkey-enc.c (get_session_key): Set ->result.
--
This change is for GPGME compatibility. Before this change,
gpgme/tests/json/t-json failed with t-decrypt-verify.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* g10/call-agent.c (agent_scd_cardlist): Add
FLAG_FOR_CARD_SUPPRESS_ERRORS.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/keyserver.c (keyserver_search): Check for NO_DATA.
--
GnuPG-bug-id: 3830
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/keylist.c (print_pubkey_info): Reverse the condition.
--
This mistakes were introduced when replacing by estream.
It resulted 'gpg --card-status' from a process with no controlling
terminal fails.
Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/packet.h (struct revocation_key): Add field 'fprlen'.
* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
keys. Also fix reading of unitialized data at place where
MAX_FINGERPRINT_LEN is used.
* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
Do an explicit compare to avoid reading unitialized data.
* g10/sig-check.c (check_revocation_keys): Use the fprlen.
* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
reading unitialized data.
* g10/import.c (revocation_present): Use fprlen.
* g10/keyedit.c (show_key_with_all_names): Use fprlen.
(menu_addrevoker): Use fprlen. Allow for v5 keys.
* g10/keygen.c (keygen_add_revkey): Use fprlen.
(parse_revocation_key): Allow for v5 keys.
* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys. Print a
better error message in case of bogus fingerprints.
* g10/keylist.c (print_revokers): Use fprlen.
--
The reading of uninitialized data is harmless but we better fix it to
make valgrind happy. More serious was that we always passed
MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet
fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
| |
* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
* g10/keylist.c (list_keyblock_simple): New.
(list_keyblock): Call it.
(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
mode.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
--
Signed-off-by: Jussi Kivilinna <[email protected]>
|
| |
|
|
|
|
| |
* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
--
GnuPG-bug-id: 4259
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/call-agent.h (agent_card_info_s): Add UIF fields.
* g10/call-agent.c (learn_status_cb): Put UIF DOs info.
* g10/card-util.c (current_card_status): Output for UIF.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
| |
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
| |
* g10/call-agent.h (kdf_do_enabled): New field.
* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
* g10/card-util.c (current_card_status): Inform the availability.
Signed-off-by: NIIBE Yutaka <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement. Change all callers to pass false for it.
* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--
Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it. After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.
To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command
t-mbox-util --verbose --filter
can be used; to output w/o sub-addresses add --no-sub.
GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
| |
--
For size_t use "%zu"
For ssize_t use "%zd"
Signed-off-by: Werner Koch <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_aead'.
(release_list): Clear 'seen_pkt_encrypted_aead'.
(proc_encrypted): Set 'seen_pkt_encrypted_aead'.
(have_seen_pkt_encrypted_aead): New.
(proc_plaintext): Do not enable extra hash contexts when decryption
AEAD input.
--
Signed-off-by: Jussi Kivilinna <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/armor.c (asctobin): Larger look-up table for fast path.
(initialize): Update 'asctobin' initialization.
(radix64_read): Add fast path for radix64 to binary conversion.
--
This patch adds fast path for radix64 to binary conversion in
armored decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
gpg process
armor: user time pipe transfer rate
decrypt-aead: 9.8 200 MB/s
decrypt-cfb: 11.9 168 MB/s
Signed-off-by: Jussi Kivilinna <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/armor.c (bintoasc): Change to read-only.
(initialize): Use const pointer for 'bintoasc'.
(armor_output_buf_as_radix64): New function for faster binary to
radix64 conversion.
(armor_filter): Use new conversion function.
--
This patch adds faster binary to radix64 conversion to speed up
armored encryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 2.7 523 MB/s
encrypt-cfb: 6.7 264 MB/s
Signed-off-by: Jussi Kivilinna <[email protected]>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
(new_armor_context): Open libgcrypt CRC24 context.
(release_armor_context): Close CRC24 context.
(initialize): Remove CRC table generation.
(get_afx_crc): New.
(check_input, fake_packet, radix64_read, armor_filter): Update to use
CRC24 context.
* g10/filter.h (armor_filter_context_t): Replace crc intermediate value
with libgcrypt md context pointer.
--
This patch changes armor filter to use optimized CRC24 implementation
from libgcrypt to speed up encryption and decryption.
Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.
before patch-set
----------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 13.8 140 MB/s
decrypt-aead: 30.6 68 MB/s
encrypt-cfb: 17.4 114 MB/s
decrypt-cfb: 32.6 64 MB/s
after (decrypt+iobuf+crc opt)
-----------------------------
gpg process
armor: user time pipe transfer rate
encrypt-aead: 8.7 211 MB/s
decrypt-aead: 17.6 116 MB/s
encrypt-cfb: 12.6 153 MB/s
decrypt-cfb: 19.6 105 MB/s
Signed-off-by: Jussi Kivilinna <[email protected]>
|
| |
|
|
|
|
|
|
|
|
| |
* g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
(unarmor_pump_release, unarmor_pump): Remove.
* g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
(unarmor_pump): Remove.
--
Signed-off-by: Jussi Kivilinna <[email protected]>
|
