From 27929981fc23fabecf6af9fa1361361b821bb2fd Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 21 Jan 2011 15:22:41 +0100 Subject: Make most of the selftests work. Note that there is still a problem with tests/openpgp/sigs.test while using the option --digest-algo SHA256. --- g10/ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 0c8cbd418..75415f466 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,7 @@ +2011-01-21 Werner Koch + + * misc.c (openpgp_pk_algo_name): Always use the gcrypt function. + 2010-12-09 Werner Koch * tdbio.c (tdbio_set_dbname) [W32CE]: Take care of missing errno. -- cgit v1.2.3 From c3db7705c049e31e678ff87e230b8160aa0027f1 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Fri, 21 Jan 2011 15:58:07 +0100 Subject: Truncate the DSA hash; fixes regression. Removed left over debug code. --- g10/ChangeLog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 75415f466..8e79587d8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,7 @@ 2011-01-21 Werner Koch + * seskey.c (encode_md_value): Truncate the DSA hash again. + * misc.c (openpgp_pk_algo_name): Always use the gcrypt function. 2010-12-09 Werner Koch -- cgit v1.2.3 From 638dca5dbc7e119ff5a05dbdb109fbc171624605 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 25 Jan 2011 16:54:18 +0100 Subject: Editorial cleanups of keygen.c Also fixed a regression introduced by me in pubkey_enc.c. Added extra checks. Removed unused code. --- g10/ChangeLog | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 4c28363a2..801146459 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,21 @@ +2011-01-25 Werner Koch + + * pubkey-enc.c (get_it): Fix assertion. + Use GPG_ERR_WRONG_SECKEY instead of log_fatal. Add safety checks + for NFRAME. + + * main.h (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): + Move back to .. + * keygen.c: .. here. + (pk_ecc_keypair_gen): Make static. + (common_key_gen): Fold back into .. + (common_gen): .. this. + (delme__pk_ecc_build_sexp): Remove unused function. + (pk_ecc_keypair_gen): Fold it into .. + (gen_ecc): .. this. + (ask_keysize): Use proper rounding for ECC. + * verify-stubs.c: Remove. + 2011-01-20 Werner Koch * keyserver.c: Rewrite most stuff for use with dirmngr. Get rid -- cgit v1.2.3 From 302c5a826c0fd0b2aab85ad3c287b65429db2066 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 25 Jan 2011 17:48:51 +0100 Subject: More ECDH code cleanups --- g10/ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 801146459..3ce4d1fac 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,9 @@ 2011-01-25 Werner Koch + * ecdh.c (pk_ecdh_default_params_to_mpi): Remove. + (pk_ecdh_default_params): Rewrite. Factor KEK table out to .. + (kek_params_table): .. here. + * pubkey-enc.c (get_it): Fix assertion. Use GPG_ERR_WRONG_SECKEY instead of log_fatal. Add safety checks for NFRAME. @@ -14,6 +18,8 @@ (pk_ecc_keypair_gen): Fold it into .. (gen_ecc): .. this. (ask_keysize): Use proper rounding for ECC. + (pk_ecc_build_key_params): Remove NBITSSTR. + * verify-stubs.c: Remove. 2011-01-20 Werner Koch -- cgit v1.2.3 From d879c287ac1da7990c97b911018d63410c60433c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 25 Jan 2011 20:28:25 +0100 Subject: Started with some code cleanups in ECDH. The goal is to have the ECDH code more uniform with the other algorithms. Also make error messages and variable names more similar to other places. --- g10/ChangeLog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 3ce4d1fac..9e1aa01da 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -3,6 +3,9 @@ * ecdh.c (pk_ecdh_default_params_to_mpi): Remove. (pk_ecdh_default_params): Rewrite. Factor KEK table out to .. (kek_params_table): .. here. + (pk_ecdh_generate_ephemeral_key): New. + (pk_ecdh_encrypt): Remove. + (pk_ecdh_encrypt_with_shared_point): Make public. * pubkey-enc.c (get_it): Fix assertion. Use GPG_ERR_WRONG_SECKEY instead of log_fatal. Add safety checks -- cgit v1.2.3 From 358afc0dc8980d5ae0cb700efbb61499625a4625 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 26 Jan 2011 17:17:43 +0100 Subject: Function name cleanups Also nuked some trailing spaces. --- g10/ChangeLog | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 9e1aa01da..b27601563 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +2011-01-26 Werner Koch + + * misc.c (ecdsa_qbits_from_Q): Use unsigned int. + + * misc.c (iobuf_read_size_body): Move and rename to .. + * parse-packet.c (read_size_body): .. here. Make static. + * misc.c (iobuf_write_size_body_mpi): Move and rename to .. + * build-packet.c (write_size_body_mpi): .. here. + (iobuf_name_oid_write, ecdh_kek_params_write, ecdh_esk_write): + Remove macros. Replace users by direct calls to + write_size_body_mpi. + 2011-01-25 Werner Koch * ecdh.c (pk_ecdh_default_params_to_mpi): Remove. -- cgit v1.2.3 From 0fb0bb8d9a960a2473ab70a021d20639a43227e0 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 31 Jan 2011 09:27:06 +0100 Subject: Reworked the ECC changes to better fit into the Libgcrypt API. See ChangeLog for details. Key generation, signing and verification works. Encryption does not yet work. Requires latest Libgcrypt changes. --- g10/ChangeLog | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index b27601563..f6c144d7c 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,37 @@ +2011-01-30 Werner Koch + + + * keyid.c (keygrip_from_pk): Adjust ECC cases. + * pkglue.c (pk_verify): Ditto. + + * parse-packet.c (read_size_body): Rewrite. + (parse_key): Simply ECC case. + (parse_pubkeyenc): Ditto. + + * misc.c (pubkey_get_npkey): Special case ECC. + (pubkey_get_nskey): Ditto. + (mpi_print): Support printfing of opaque values. + (openpgp_oid_to_str): New. + (pubkey_nbits): For ECC pass curve parameter. + + * ecdh.c (pk_ecdh_default_params): Change to return an opaque MPI. + + * build-packet.c (do_key): Automatically handle real and opaque + key parameters. + (write_fake_data): Return an error code. + (mpi_write): Support writing opaque MPIs. + (do_pubkey_enc): Simplify ECC handling. + +2011-01-28 Werner Koch + + * keygen.c (gen_ecc): Rewrite. Select a named curve and create a + keyspec based on that. + (pk_ecc_build_key_params): Remove. + (get_parameter_algo): Map algo number. + (ecckey_from_sexp): New. + * misc.c (map_pk_gcry_to_openpgp): New. + (openpgp_oid_from_str): New. Based on libksba code. + 2011-01-26 Werner Koch * misc.c (ecdsa_qbits_from_Q): Use unsigned int. -- cgit v1.2.3 From 328a642aa5ed971870a2667b06307f760fa251dc Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 31 Jan 2011 15:44:24 +0100 Subject: Fixed the ECC interface to Libgcrypt to be ABI compatible with the previous version. Quite some changes were needed but in the end we have less code than before. Instead of trying to do everything with MPIs and pass them back and forth between Libgcrypt and GnuPG, we know use the S-expression based interface and make heavy use of our opaque MPI feature. Encryption, decryption, signing and verification work with self-generared keys. Import and export does not yet work; thus it was not possible to check the test keys at https://sites.google.com/site/brainhub/pgpecckeys . --- g10/ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index f6c144d7c..587c9f158 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +2011-01-31 Werner Koch + + * ecdh.c (pk_ecdh_encrypt_with_shared_point): Return an opaque MPI. + + * build-packet.c (mpi_write): Rename to gpg_mpi_write and make global. + (write_size_body_mpi): Remove. + 2011-01-30 Werner Koch -- cgit v1.2.3 From e0d4139e19ceed9375cc7e7ba801a965d3376f7d Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 31 Jan 2011 18:19:14 +0100 Subject: Move OpenPGP OID helpers to common/. This is needed so that the agent will be able to export and import OpenPGP secret keys. Add test case. Removed unused function. --- g10/ChangeLog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 587c9f158..2a284e765 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,8 @@ 2011-01-31 Werner Koch + * misc.c (make_flagged_int, openpgp_oid_from_str) + (openpgp_oid_to_str): Move to ../common/openpgp-oids.c. + * ecdh.c (pk_ecdh_encrypt_with_shared_point): Return an opaque MPI. * build-packet.c (mpi_write): Rename to gpg_mpi_write and make global. -- cgit v1.2.3 From 4659c923a08002a72cb4bb5b3c4e6a02d7484767 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 2 Feb 2011 15:48:54 +0100 Subject: Sample ECC keys and message do now work. Import and export of secret keys does now work. Encryption has been fixed to be compatible with the sample messages. This version tests for new Libgcrypt function and thus needs to be build with a new Libgcrypt installed. --- g10/ChangeLog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index 2a284e765..bb55ff85f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +2011-02-02 Werner Koch + + * import.c (transfer_secret_keys): Make sure keyids are available. + + * keyid.c (hash_public_key): Adjust for the ECC case. + +2011-02-01 Werner Koch + + * import.c (transfer_secret_keys): Implement ECC case. + + * gpg.c (main): Call setup_libgcrypt_logging. + + * keygen.c (gpg_curve_to_oid): New. + (ecckey_from_sexp): Factor curve name mapping out to new function. + 2011-01-31 Werner Koch * misc.c (make_flagged_int, openpgp_oid_from_str) -- cgit v1.2.3 From 20f429f735d6e965e0660484f8286fe24fb6162b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 2 Feb 2011 17:40:32 +0100 Subject: Compute the fingerprint for ECDH only on demand. This also fixes a failed assertion when using a v3 key where the fingerprint size is not 20. --- g10/ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index bb55ff85f..b3358c9d9 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,5 +1,11 @@ 2011-02-02 Werner Koch + * encrypt.c (write_pubkey_enc_from_list): Don't compute the + fingerprint. + * pkglue.c (pk_encrypt): Replace PK_FP by PK and compute the + fingerprint only when needed. + * pkglue.h: Include packet.h. + * import.c (transfer_secret_keys): Make sure keyids are available. * keyid.c (hash_public_key): Adjust for the ECC case. -- cgit v1.2.3 From 0b5bcb40cf17a0e1032c113af6024c08b47d7a5c Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 3 Feb 2011 16:31:42 +0100 Subject: Finished ECC integration. Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo the cleanups I did in the last week. Adjusted my own ChangeLog entries to be consistent with that entry. Nuked quite some trailing spaces; again sorry for that, I will better take care of not saving them in the future. "git diff -b" is useful to read the actual changes ;-). The ECC-INTEGRATION-2-1 branch can be closed now. --- g10/ChangeLog | 105 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 39 deletions(-) (limited to 'g10/ChangeLog') diff --git a/g10/ChangeLog b/g10/ChangeLog index b3358c9d9..d6f93239a 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,8 @@ +2011-02-03 Werner Koch + + Finished ECC integration. + Wrote change description for 2011-01-13. + 2011-02-02 Werner Koch * encrypt.c (write_pubkey_enc_from_list): Don't compute the @@ -12,36 +17,31 @@ 2011-02-01 Werner Koch - * import.c (transfer_secret_keys): Implement ECC case. - * gpg.c (main): Call setup_libgcrypt_logging. + * import.c (transfer_secret_keys): Implement ECC case. + (one_mpi_from_pkey): New. + * export.c (transfer_format_to_openpgp): Ditto. * keygen.c (gpg_curve_to_oid): New. (ecckey_from_sexp): Factor curve name mapping out to new function. 2011-01-31 Werner Koch - * misc.c (make_flagged_int, openpgp_oid_from_str) - (openpgp_oid_to_str): Move to ../common/openpgp-oids.c. - * ecdh.c (pk_ecdh_encrypt_with_shared_point): Return an opaque MPI. * build-packet.c (mpi_write): Rename to gpg_mpi_write and make global. - (write_size_body_mpi): Remove. 2011-01-30 Werner Koch - * keyid.c (keygrip_from_pk): Adjust ECC cases. * pkglue.c (pk_verify): Ditto. - * parse-packet.c (read_size_body): Rewrite. - (parse_key): Simply ECC case. + * parse-packet.c (parse_key): Simply ECC case. (parse_pubkeyenc): Ditto. * misc.c (pubkey_get_npkey): Special case ECC. (pubkey_get_nskey): Ditto. - (mpi_print): Support printfing of opaque values. + (mpi_print): Support printing of opaque values. (openpgp_oid_to_str): New. (pubkey_nbits): For ECC pass curve parameter. @@ -61,19 +61,6 @@ (get_parameter_algo): Map algo number. (ecckey_from_sexp): New. * misc.c (map_pk_gcry_to_openpgp): New. - (openpgp_oid_from_str): New. Based on libksba code. - -2011-01-26 Werner Koch - - * misc.c (ecdsa_qbits_from_Q): Use unsigned int. - - * misc.c (iobuf_read_size_body): Move and rename to .. - * parse-packet.c (read_size_body): .. here. Make static. - * misc.c (iobuf_write_size_body_mpi): Move and rename to .. - * build-packet.c (write_size_body_mpi): .. here. - (iobuf_name_oid_write, ecdh_kek_params_write, ecdh_esk_write): - Remove macros. Replace users by direct calls to - write_size_body_mpi. 2011-01-25 Werner Koch @@ -84,28 +71,17 @@ (pk_ecdh_encrypt): Remove. (pk_ecdh_encrypt_with_shared_point): Make public. - * pubkey-enc.c (get_it): Fix assertion. - Use GPG_ERR_WRONG_SECKEY instead of log_fatal. Add safety checks - for NFRAME. - - * main.h (KEYGEN_FLAG_NO_PROTECTION, KEYGEN_FLAG_TRANSIENT_KEY): - Move back to .. - * keygen.c: .. here. - (pk_ecc_keypair_gen): Make static. - (common_key_gen): Fold back into .. - (common_gen): .. this. - (delme__pk_ecc_build_sexp): Remove unused function. - (pk_ecc_keypair_gen): Fold it into .. - (gen_ecc): .. this. + * pubkey-enc.c (get_it): Fix assertion. Use GPG_ERR_WRONG_SECKEY + instead of log_fatal. Add safety checks for NFRAME. + + * keygen.c (pk_ecc_keypair_gen): Make static. (ask_keysize): Use proper rounding for ECC. (pk_ecc_build_key_params): Remove NBITSSTR. - * verify-stubs.c: Remove. - 2011-01-20 Werner Koch * keyserver.c: Rewrite most stuff for use with dirmngr. Get rid - of all spawn code. Work work pending. + of all spawn code. More work pending. * export.c (export_pubkeys_buffer): New. @@ -116,6 +92,57 @@ * gpg.c: Include call-dirmngr.h. (gpg_deinit_default_ctrl): Call gpg_dirmngr_deinit_session_data. +2011-01-13 Andrey Jivsov (wk) + + Integrated ECC support. Below are the changes finally merged into + the git master after some cleanup by wk until 2011-02-03. + + * ecdh.c: New. + + * sign.c (mpi_from_sexp): Remove. + (match_dsa_hash): Uses SHA-512 for ECDSA with 521 bits. + (hash_for): Support ECDSA. + (make_keysig_packet): Ditto. + + * seskey.c (encode_session_key): Add arg OPENPGP_PK_ALGO. Support + ECDH. + (encode_md_value): Map pkalgo. Extend size checks to ECDSA. + + * pubkey-enc.c (get_it): Support ECDH. + + * pkglue.c (mpi_from_sexp): Make global. + (pk_verify, pk_encrypt, pk_check_secret_key): Support ECC. + + * parse-packet.c (read_size_body): New. + (parse_pubkeyenc): Support ECC. + (parse_key): Ditto. + + * misc.c (map_pk_openpgp_to_gcry, map_pk_gcry_to_openpgp): New. + (openpgp_pk_test_algo, openpgp_pk_test_algo2): Map algo numbers. + (openpgp_pk_algo_usage): Support ECDH and ECDSA. + (openpgp_pk_algo_name): Simplify. + (ecdsa_qbits_from_Q): New. + + * mainproc.c (proc_pubkey_enc): Support ECC. + + * keyid.c (pubkey_letter): Add 'E' and 'e'. + (keygrip_from_pk): Supporf ECC. + + * keygen.c: Include pkglue.h. + (ask_algo): Add option 9 for ECDSA and ECDH. + (ask_keysize): Support ECDSA and ECDH. + (do_create): Ditto. + (gen_ecc): New. + (pk_ecc_build_key_params): New. + + * getkey.c (cache_public_key): Support ECC. + + * encrypt.c (write_pubkey_enc_from_list): Pass PK to PK_ENCRYPT + and the pkalgo to encode_session_key. + + * build-packet.c (do_key, do_pubkey_enc): Support ECC. + (write_size_body_mpi): New. + 2011-01-06 Werner Koch * gpg.c (main): Use keyserver_spec_t. -- cgit v1.2.3