mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, test_keys,
elg_sign, elg_verify, elg_get_info): Remove the last bits of Elgamal type 20 support.
This commit is contained in:
parent
2f3c2f4870
commit
65f759ae68
@ -1,3 +1,9 @@
|
||||
2004-01-16 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify,
|
||||
test_keys, elg_sign, elg_verify, elg_get_info): Remove the last
|
||||
bits of Elgamal type 20 support.
|
||||
|
||||
2003-12-29 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* idea-stub.c (load_module, idea_get_info): Return the proper type
|
||||
@ -1166,7 +1172,8 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
|
||||
|
||||
|
||||
Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
|
||||
Copyright 1998, 1999, 2000, 2001, 2002, 2003,
|
||||
2004 Free Software Foundation, Inc.
|
||||
|
||||
This file is free software; as a special exception the author gives
|
||||
unlimited permission to copy and/or distribute it, with or without
|
||||
@ -1175,5 +1182,3 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
|
||||
This file is distributed in the hope that it will be useful, but
|
||||
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
|
||||
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
|
||||
|
||||
|
164
cipher/elgamal.c
164
cipher/elgamal.c
@ -1,5 +1,6 @@
|
||||
/* elgamal.c - elgamal Public Key encryption
|
||||
* Copyright (C) 1998, 2000, 2001, 2003 Free Software Foundation, Inc.
|
||||
* Copyright (C) 1998, 2000, 2001, 2003,
|
||||
* 2004 Free Software Foundation, Inc.
|
||||
*
|
||||
* For a description of the algorithm, see:
|
||||
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
|
||||
@ -52,8 +53,6 @@ static void generate( ELG_secret_key *sk, unsigned nbits, MPI **factors );
|
||||
static int check_secret_key( ELG_secret_key *sk );
|
||||
static void do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey );
|
||||
static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey );
|
||||
static void sign(MPI a, MPI b, MPI input, ELG_secret_key *skey);
|
||||
static int verify(MPI a, MPI b, MPI input, ELG_public_key *pkey);
|
||||
|
||||
|
||||
static void (*progress_cb) ( void *, int );
|
||||
@ -141,10 +140,6 @@ test_keys( ELG_secret_key *sk, unsigned nbits )
|
||||
if( mpi_cmp( test, out2 ) )
|
||||
log_fatal("Elgamal operation: encrypt, decrypt failed\n");
|
||||
|
||||
sign( out1_a, out1_b, test, sk );
|
||||
if( !verify( out1_a, out1_b, test, &pk ) )
|
||||
log_fatal("Elgamal operation: sign, verify failed\n");
|
||||
|
||||
mpi_free( test );
|
||||
mpi_free( out1_a );
|
||||
mpi_free( out1_b );
|
||||
@ -375,8 +370,6 @@ do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey )
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
static void
|
||||
decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey )
|
||||
{
|
||||
@ -399,111 +392,6 @@ decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey )
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Make an Elgamal signature out of INPUT
|
||||
*/
|
||||
|
||||
static void
|
||||
sign(MPI a, MPI b, MPI input, ELG_secret_key *skey )
|
||||
{
|
||||
MPI k;
|
||||
MPI t = mpi_alloc( mpi_get_nlimbs(a) );
|
||||
MPI inv = mpi_alloc( mpi_get_nlimbs(a) );
|
||||
MPI p_1 = mpi_copy(skey->p);
|
||||
|
||||
/*
|
||||
* b = (t * inv) mod (p-1)
|
||||
* b = (t * inv(k,(p-1),(p-1)) mod (p-1)
|
||||
* b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)
|
||||
*
|
||||
*/
|
||||
mpi_sub_ui(p_1, p_1, 1);
|
||||
k = gen_k( skey->p, 0 /* no small K ! */ );
|
||||
mpi_powm( a, skey->g, k, skey->p );
|
||||
mpi_mul(t, skey->x, a );
|
||||
mpi_subm(t, input, t, p_1 );
|
||||
while( mpi_is_neg(t) ) {
|
||||
BUG(); /* That is nonsense code - left over from a very early test?*/
|
||||
mpi_add(t, t, p_1);
|
||||
}
|
||||
mpi_invm(inv, k, p_1 );
|
||||
mpi_mulm(b, t, inv, p_1 );
|
||||
|
||||
#if 0
|
||||
if( DBG_CIPHER ) {
|
||||
log_mpidump("elg sign p= ", skey->p);
|
||||
log_mpidump("elg sign g= ", skey->g);
|
||||
log_mpidump("elg sign y= ", skey->y);
|
||||
log_mpidump("elg sign x= ", skey->x);
|
||||
log_mpidump("elg sign k= ", k);
|
||||
log_mpidump("elg sign M= ", input);
|
||||
log_mpidump("elg sign a= ", a);
|
||||
log_mpidump("elg sign b= ", b);
|
||||
}
|
||||
#endif
|
||||
mpi_free(k);
|
||||
mpi_free(t);
|
||||
mpi_free(inv);
|
||||
mpi_free(p_1);
|
||||
}
|
||||
|
||||
|
||||
/****************
|
||||
* Returns true if the signature composed of A and B is valid.
|
||||
*/
|
||||
static int
|
||||
verify(MPI a, MPI b, MPI input, ELG_public_key *pkey )
|
||||
{
|
||||
int rc;
|
||||
MPI t1;
|
||||
MPI t2;
|
||||
MPI base[4];
|
||||
MPI exp[4];
|
||||
|
||||
if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )
|
||||
return 0; /* assertion 0 < a < p failed */
|
||||
|
||||
t1 = mpi_alloc( mpi_get_nlimbs(a) );
|
||||
t2 = mpi_alloc( mpi_get_nlimbs(a) );
|
||||
|
||||
#if 0
|
||||
/* t1 = (y^a mod p) * (a^b mod p) mod p */
|
||||
mpi_powm( t1, pkey->y, a, pkey->p );
|
||||
mpi_powm( t2, a, b, pkey->p );
|
||||
mpi_mulm( t1, t1, t2, pkey->p );
|
||||
|
||||
/* t2 = g ^ input mod p */
|
||||
mpi_powm( t2, pkey->g, input, pkey->p );
|
||||
|
||||
rc = !mpi_cmp( t1, t2 );
|
||||
#elif 0
|
||||
/* t1 = (y^a mod p) * (a^b mod p) mod p */
|
||||
base[0] = pkey->y; exp[0] = a;
|
||||
base[1] = a; exp[1] = b;
|
||||
base[2] = NULL; exp[2] = NULL;
|
||||
mpi_mulpowm( t1, base, exp, pkey->p );
|
||||
|
||||
/* t2 = g ^ input mod p */
|
||||
mpi_powm( t2, pkey->g, input, pkey->p );
|
||||
|
||||
rc = !mpi_cmp( t1, t2 );
|
||||
#else
|
||||
/* t1 = g ^ - input * y ^ a * a ^ b mod p */
|
||||
mpi_invm(t2, pkey->g, pkey->p );
|
||||
base[0] = t2 ; exp[0] = input;
|
||||
base[1] = pkey->y; exp[1] = a;
|
||||
base[2] = a; exp[2] = b;
|
||||
base[3] = NULL; exp[3] = NULL;
|
||||
mpi_mulpowm( t1, base, exp, pkey->p );
|
||||
rc = !mpi_cmp_ui( t1, 1 );
|
||||
|
||||
#endif
|
||||
|
||||
mpi_free(t1);
|
||||
mpi_free(t2);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/*********************************************
|
||||
************** interface ******************
|
||||
*********************************************/
|
||||
@ -546,7 +434,6 @@ elg_check_secret_key( int algo, MPI *skey )
|
||||
}
|
||||
|
||||
|
||||
|
||||
int
|
||||
elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
|
||||
{
|
||||
@ -586,45 +473,6 @@ elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
elg_sign( int algo, MPI *resarr, MPI data, MPI *skey )
|
||||
{
|
||||
ELG_secret_key sk;
|
||||
|
||||
if( !is_ELGAMAL(algo) )
|
||||
return G10ERR_PUBKEY_ALGO;
|
||||
if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] )
|
||||
return G10ERR_BAD_MPI;
|
||||
|
||||
sk.p = skey[0];
|
||||
sk.g = skey[1];
|
||||
sk.y = skey[2];
|
||||
sk.x = skey[3];
|
||||
resarr[0] = mpi_alloc( mpi_get_nlimbs( sk.p ) );
|
||||
resarr[1] = mpi_alloc( mpi_get_nlimbs( sk.p ) );
|
||||
sign( resarr[0], resarr[1], data, &sk );
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
elg_verify( int algo, MPI hash, MPI *data, MPI *pkey )
|
||||
{
|
||||
ELG_public_key pk;
|
||||
|
||||
if( !is_ELGAMAL(algo) )
|
||||
return G10ERR_PUBKEY_ALGO;
|
||||
if( !data[0] || !data[1] || !hash
|
||||
|| !pkey[0] || !pkey[1] || !pkey[2] )
|
||||
return G10ERR_BAD_MPI;
|
||||
|
||||
pk.p = pkey[0];
|
||||
pk.g = pkey[1];
|
||||
pk.y = pkey[2];
|
||||
if( !verify( data[0], data[1], hash, &pk ) )
|
||||
return G10ERR_BAD_SIGN;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
unsigned int
|
||||
elg_get_nbits( int algo, MPI *pkey )
|
||||
@ -642,9 +490,6 @@ elg_get_nbits( int algo, MPI *pkey )
|
||||
* the ALGO is invalid.
|
||||
* Usage: Bit 0 set : allows signing
|
||||
* 1 set : allows encryption
|
||||
* NOTE: This function allows signing also for ELG-E, which is not
|
||||
* okay but a bad hack to allow to work with old gpg keys. The real check
|
||||
* is done in the gnupg ocde depending on the packet version.
|
||||
*/
|
||||
const char *
|
||||
elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
|
||||
@ -656,11 +501,8 @@ elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
|
||||
*nsig = 2;
|
||||
|
||||
switch( algo ) {
|
||||
case PUBKEY_ALGO_ELGAMAL:
|
||||
*use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC;
|
||||
return "ELG";
|
||||
case PUBKEY_ALGO_ELGAMAL_E:
|
||||
*use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC;
|
||||
*use = PUBKEY_USAGE_ENC;
|
||||
return "ELG-E";
|
||||
default: *use = 0; return NULL;
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
/* pubkey.c - pubkey dispatcher
|
||||
* Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
|
||||
* Copyright (C) 1998, 1999, 2000, 2001, 2003,
|
||||
* 2004 Free Software Foundation, Inc.
|
||||
*
|
||||
* This file is part of GnuPG.
|
||||
*
|
||||
@ -97,23 +98,6 @@ setup_pubkey_table(void)
|
||||
{
|
||||
int i=0;
|
||||
|
||||
pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL;
|
||||
pubkey_table[i].name = elg_get_info( pubkey_table[i].algo,
|
||||
&pubkey_table[i].npkey,
|
||||
&pubkey_table[i].nskey,
|
||||
&pubkey_table[i].nenc,
|
||||
&pubkey_table[i].nsig,
|
||||
&pubkey_table[i].use );
|
||||
pubkey_table[i].generate = elg_generate;
|
||||
pubkey_table[i].check_secret_key = elg_check_secret_key;
|
||||
pubkey_table[i].encrypt = elg_encrypt;
|
||||
pubkey_table[i].decrypt = elg_decrypt;
|
||||
pubkey_table[i].sign = elg_sign;
|
||||
pubkey_table[i].verify = elg_verify;
|
||||
pubkey_table[i].get_nbits = elg_get_nbits;
|
||||
if( !pubkey_table[i].name )
|
||||
BUG();
|
||||
i++;
|
||||
pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL_E;
|
||||
pubkey_table[i].name = elg_get_info( pubkey_table[i].algo,
|
||||
&pubkey_table[i].npkey,
|
||||
|
Loading…
x
Reference in New Issue
Block a user