diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 8ffe47d17..90e5ea10d 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +2004-01-16 David Shaw + + * pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, + test_keys, elg_sign, elg_verify, elg_get_info): Remove the last + bits of Elgamal type 20 support. + 2003-12-29 David Shaw * idea-stub.c (load_module, idea_get_info): Return the proper type @@ -1166,7 +1172,8 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de) - Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + Copyright 1998, 1999, 2000, 2001, 2002, 2003, + 2004 Free Software Foundation, Inc. This file is free software; as a special exception the author gives unlimited permission to copy and/or distribute it, with or without @@ -1175,5 +1182,3 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de) This file is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY, to the extent permitted by law; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - diff --git a/cipher/elgamal.c b/cipher/elgamal.c index 2ca784017..eb69a655c 100644 --- a/cipher/elgamal.c +++ b/cipher/elgamal.c @@ -1,5 +1,6 @@ /* elgamal.c - elgamal Public Key encryption - * Copyright (C) 1998, 2000, 2001, 2003 Free Software Foundation, Inc. + * Copyright (C) 1998, 2000, 2001, 2003, + * 2004 Free Software Foundation, Inc. * * For a description of the algorithm, see: * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. @@ -52,8 +53,6 @@ static void generate( ELG_secret_key *sk, unsigned nbits, MPI **factors ); static int check_secret_key( ELG_secret_key *sk ); static void do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey ); static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ); -static void sign(MPI a, MPI b, MPI input, ELG_secret_key *skey); -static int verify(MPI a, MPI b, MPI input, ELG_public_key *pkey); static void (*progress_cb) ( void *, int ); @@ -141,10 +140,6 @@ test_keys( ELG_secret_key *sk, unsigned nbits ) if( mpi_cmp( test, out2 ) ) log_fatal("Elgamal operation: encrypt, decrypt failed\n"); - sign( out1_a, out1_b, test, sk ); - if( !verify( out1_a, out1_b, test, &pk ) ) - log_fatal("Elgamal operation: sign, verify failed\n"); - mpi_free( test ); mpi_free( out1_a ); mpi_free( out1_b ); @@ -375,8 +370,6 @@ do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey ) } - - static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) { @@ -399,111 +392,6 @@ decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) } -/**************** - * Make an Elgamal signature out of INPUT - */ - -static void -sign(MPI a, MPI b, MPI input, ELG_secret_key *skey ) -{ - MPI k; - MPI t = mpi_alloc( mpi_get_nlimbs(a) ); - MPI inv = mpi_alloc( mpi_get_nlimbs(a) ); - MPI p_1 = mpi_copy(skey->p); - - /* - * b = (t * inv) mod (p-1) - * b = (t * inv(k,(p-1),(p-1)) mod (p-1) - * b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1) - * - */ - mpi_sub_ui(p_1, p_1, 1); - k = gen_k( skey->p, 0 /* no small K ! */ ); - mpi_powm( a, skey->g, k, skey->p ); - mpi_mul(t, skey->x, a ); - mpi_subm(t, input, t, p_1 ); - while( mpi_is_neg(t) ) { - BUG(); /* That is nonsense code - left over from a very early test?*/ - mpi_add(t, t, p_1); - } - mpi_invm(inv, k, p_1 ); - mpi_mulm(b, t, inv, p_1 ); - -#if 0 - if( DBG_CIPHER ) { - log_mpidump("elg sign p= ", skey->p); - log_mpidump("elg sign g= ", skey->g); - log_mpidump("elg sign y= ", skey->y); - log_mpidump("elg sign x= ", skey->x); - log_mpidump("elg sign k= ", k); - log_mpidump("elg sign M= ", input); - log_mpidump("elg sign a= ", a); - log_mpidump("elg sign b= ", b); - } -#endif - mpi_free(k); - mpi_free(t); - mpi_free(inv); - mpi_free(p_1); -} - - -/**************** - * Returns true if the signature composed of A and B is valid. - */ -static int -verify(MPI a, MPI b, MPI input, ELG_public_key *pkey ) -{ - int rc; - MPI t1; - MPI t2; - MPI base[4]; - MPI exp[4]; - - if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) ) - return 0; /* assertion 0 < a < p failed */ - - t1 = mpi_alloc( mpi_get_nlimbs(a) ); - t2 = mpi_alloc( mpi_get_nlimbs(a) ); - -#if 0 - /* t1 = (y^a mod p) * (a^b mod p) mod p */ - mpi_powm( t1, pkey->y, a, pkey->p ); - mpi_powm( t2, a, b, pkey->p ); - mpi_mulm( t1, t1, t2, pkey->p ); - - /* t2 = g ^ input mod p */ - mpi_powm( t2, pkey->g, input, pkey->p ); - - rc = !mpi_cmp( t1, t2 ); -#elif 0 - /* t1 = (y^a mod p) * (a^b mod p) mod p */ - base[0] = pkey->y; exp[0] = a; - base[1] = a; exp[1] = b; - base[2] = NULL; exp[2] = NULL; - mpi_mulpowm( t1, base, exp, pkey->p ); - - /* t2 = g ^ input mod p */ - mpi_powm( t2, pkey->g, input, pkey->p ); - - rc = !mpi_cmp( t1, t2 ); -#else - /* t1 = g ^ - input * y ^ a * a ^ b mod p */ - mpi_invm(t2, pkey->g, pkey->p ); - base[0] = t2 ; exp[0] = input; - base[1] = pkey->y; exp[1] = a; - base[2] = a; exp[2] = b; - base[3] = NULL; exp[3] = NULL; - mpi_mulpowm( t1, base, exp, pkey->p ); - rc = !mpi_cmp_ui( t1, 1 ); - -#endif - - mpi_free(t1); - mpi_free(t2); - return rc; -} - /********************************************* ************** interface ****************** *********************************************/ @@ -546,7 +434,6 @@ elg_check_secret_key( int algo, MPI *skey ) } - int elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) { @@ -586,45 +473,6 @@ elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey ) return 0; } -int -elg_sign( int algo, MPI *resarr, MPI data, MPI *skey ) -{ - ELG_secret_key sk; - - if( !is_ELGAMAL(algo) ) - return G10ERR_PUBKEY_ALGO; - if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] ) - return G10ERR_BAD_MPI; - - sk.p = skey[0]; - sk.g = skey[1]; - sk.y = skey[2]; - sk.x = skey[3]; - resarr[0] = mpi_alloc( mpi_get_nlimbs( sk.p ) ); - resarr[1] = mpi_alloc( mpi_get_nlimbs( sk.p ) ); - sign( resarr[0], resarr[1], data, &sk ); - return 0; -} - -int -elg_verify( int algo, MPI hash, MPI *data, MPI *pkey ) -{ - ELG_public_key pk; - - if( !is_ELGAMAL(algo) ) - return G10ERR_PUBKEY_ALGO; - if( !data[0] || !data[1] || !hash - || !pkey[0] || !pkey[1] || !pkey[2] ) - return G10ERR_BAD_MPI; - - pk.p = pkey[0]; - pk.g = pkey[1]; - pk.y = pkey[2]; - if( !verify( data[0], data[1], hash, &pk ) ) - return G10ERR_BAD_SIGN; - return 0; -} - unsigned int elg_get_nbits( int algo, MPI *pkey ) @@ -642,9 +490,6 @@ elg_get_nbits( int algo, MPI *pkey ) * the ALGO is invalid. * Usage: Bit 0 set : allows signing * 1 set : allows encryption - * NOTE: This function allows signing also for ELG-E, which is not - * okay but a bad hack to allow to work with old gpg keys. The real check - * is done in the gnupg ocde depending on the packet version. */ const char * elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig, @@ -656,11 +501,8 @@ elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig, *nsig = 2; switch( algo ) { - case PUBKEY_ALGO_ELGAMAL: - *use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC; - return "ELG"; case PUBKEY_ALGO_ELGAMAL_E: - *use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC; + *use = PUBKEY_USAGE_ENC; return "ELG-E"; default: *use = 0; return NULL; } diff --git a/cipher/pubkey.c b/cipher/pubkey.c index e3822709c..b74b17bae 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -1,5 +1,6 @@ /* pubkey.c - pubkey dispatcher - * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2003, + * 2004 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -97,23 +98,6 @@ setup_pubkey_table(void) { int i=0; - pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL; - pubkey_table[i].name = elg_get_info( pubkey_table[i].algo, - &pubkey_table[i].npkey, - &pubkey_table[i].nskey, - &pubkey_table[i].nenc, - &pubkey_table[i].nsig, - &pubkey_table[i].use ); - pubkey_table[i].generate = elg_generate; - pubkey_table[i].check_secret_key = elg_check_secret_key; - pubkey_table[i].encrypt = elg_encrypt; - pubkey_table[i].decrypt = elg_decrypt; - pubkey_table[i].sign = elg_sign; - pubkey_table[i].verify = elg_verify; - pubkey_table[i].get_nbits = elg_get_nbits; - if( !pubkey_table[i].name ) - BUG(); - i++; pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL_E; pubkey_table[i].name = elg_get_info( pubkey_table[i].algo, &pubkey_table[i].npkey,