security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify, test_keys,

Browse Source 
elg_sign, elg_verify, elg_get_info): Remove the last bits of Elgamal type
20 support.
This commit is contained in:
David Shaw 2004-01-17 01:49:16 +00:00
parent 2f3c2f4870
commit 65f759ae68
3 changed files with 13 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cipher/ChangeLog
View File

@ -1,3 +1,9 @@
2004-01-16 David Shaw <dshaw@jabberwocky.com>
* pubkey.c (setup_pubkey_table), elgamal.c (sign, verify,
test_keys, elg_sign, elg_verify, elg_get_info): Remove the last
bits of Elgamal type 20 support.
2003-12-29 David Shaw <dshaw@jabberwocky.com> 2003-12-29 David Shaw <dshaw@jabberwocky.com>
* idea-stub.c (load_module, idea_get_info): Return the proper type * idea-stub.c (load_module, idea_get_info): Return the proper type
@ -1166,7 +1172,8 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
Copyright 1998, 1999, 2000, 2001 Free Software Foundation, Inc. Copyright 1998, 1999, 2000, 2001, 2002, 2003,
2004 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without unlimited permission to copy and/or distribute it, with or without
@ -1175,5 +1182,3 @@ Mon Feb 16 10:08:47 1998 Werner Koch (wk@isil.d.shuttle.de)
This file is distributed in the hope that it will be useful, but This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

164
cipher/elgamal.c
View File

@ -1,5 +1,6 @@
/* elgamal.c - elgamal Public Key encryption /* elgamal.c - elgamal Public Key encryption
* Copyright (C) 1998, 2000, 2001, 2003 Free Software Foundation, Inc. * Copyright (C) 1998, 2000, 2001, 2003,
* 2004 Free Software Foundation, Inc.
* *
* For a description of the algorithm, see: * For a description of the algorithm, see:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
@ -52,8 +53,6 @@ static void generate( ELG_secret_key *sk, unsigned nbits, MPI **factors );
static int check_secret_key( ELG_secret_key *sk ); static int check_secret_key( ELG_secret_key *sk );
static void do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey ); static void do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey );
static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ); static void decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey );
static void sign(MPI a, MPI b, MPI input, ELG_secret_key *skey);
static int verify(MPI a, MPI b, MPI input, ELG_public_key *pkey);
static void (*progress_cb) ( void *, int ); static void (*progress_cb) ( void *, int );
@ -141,10 +140,6 @@ test_keys( ELG_secret_key *sk, unsigned nbits )
if( mpi_cmp( test, out2 ) ) if( mpi_cmp( test, out2 ) )
log_fatal("Elgamal operation: encrypt, decrypt failed\n"); log_fatal("Elgamal operation: encrypt, decrypt failed\n");
sign( out1_a, out1_b, test, sk );
if( !verify( out1_a, out1_b, test, &pk ) )
log_fatal("Elgamal operation: sign, verify failed\n");
mpi_free( test ); mpi_free( test );
mpi_free( out1_a ); mpi_free( out1_a );
mpi_free( out1_b ); mpi_free( out1_b );
@ -375,8 +370,6 @@ do_encrypt(MPI a, MPI b, MPI input, ELG_public_key *pkey )
} }
static void static void
decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey ) decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey )
{ {
@ -399,111 +392,6 @@ decrypt(MPI output, MPI a, MPI b, ELG_secret_key *skey )
} }
/****************
* Make an Elgamal signature out of INPUT
*/
static void
sign(MPI a, MPI b, MPI input, ELG_secret_key *skey )
{
MPI k;
MPI t = mpi_alloc( mpi_get_nlimbs(a) );
MPI inv = mpi_alloc( mpi_get_nlimbs(a) );
MPI p_1 = mpi_copy(skey->p);
/*
* b = (t * inv) mod (p-1)
* b = (t * inv(k,(p-1),(p-1)) mod (p-1)
* b = (((M-x*a) mod (p-1)) * inv(k,(p-1),(p-1))) mod (p-1)
*
*/
mpi_sub_ui(p_1, p_1, 1);
k = gen_k( skey->p, 0 /* no small K ! */ );
mpi_powm( a, skey->g, k, skey->p );
mpi_mul(t, skey->x, a );
mpi_subm(t, input, t, p_1 );
while( mpi_is_neg(t) ) {
BUG(); /* That is nonsense code - left over from a very early test?*/
mpi_add(t, t, p_1);
}
mpi_invm(inv, k, p_1 );
mpi_mulm(b, t, inv, p_1 );
#if 0
if( DBG_CIPHER ) {
log_mpidump("elg sign p= ", skey->p);
log_mpidump("elg sign g= ", skey->g);
log_mpidump("elg sign y= ", skey->y);
log_mpidump("elg sign x= ", skey->x);
log_mpidump("elg sign k= ", k);
log_mpidump("elg sign M= ", input);
log_mpidump("elg sign a= ", a);
log_mpidump("elg sign b= ", b);
}
#endif
mpi_free(k);
mpi_free(t);
mpi_free(inv);
mpi_free(p_1);
}
/****************
* Returns true if the signature composed of A and B is valid.
*/
static int
verify(MPI a, MPI b, MPI input, ELG_public_key *pkey )
{
int rc;
MPI t1;
MPI t2;
MPI base[4];
MPI exp[4];
if( !(mpi_cmp_ui( a, 0 ) > 0 && mpi_cmp( a, pkey->p ) < 0) )
return 0; /* assertion 0 < a < p failed */
t1 = mpi_alloc( mpi_get_nlimbs(a) );
t2 = mpi_alloc( mpi_get_nlimbs(a) );
#if 0
/* t1 = (y^a mod p) * (a^b mod p) mod p */
mpi_powm( t1, pkey->y, a, pkey->p );
mpi_powm( t2, a, b, pkey->p );
mpi_mulm( t1, t1, t2, pkey->p );
/* t2 = g ^ input mod p */
mpi_powm( t2, pkey->g, input, pkey->p );
rc = !mpi_cmp( t1, t2 );
#elif 0
/* t1 = (y^a mod p) * (a^b mod p) mod p */
base[0] = pkey->y; exp[0] = a;
base[1] = a; exp[1] = b;
base[2] = NULL; exp[2] = NULL;
mpi_mulpowm( t1, base, exp, pkey->p );
/* t2 = g ^ input mod p */
mpi_powm( t2, pkey->g, input, pkey->p );
rc = !mpi_cmp( t1, t2 );
#else
/* t1 = g ^ - input * y ^ a * a ^ b mod p */
mpi_invm(t2, pkey->g, pkey->p );
base[0] = t2 ; exp[0] = input;
base[1] = pkey->y; exp[1] = a;
base[2] = a; exp[2] = b;
base[3] = NULL; exp[3] = NULL;
mpi_mulpowm( t1, base, exp, pkey->p );
rc = !mpi_cmp_ui( t1, 1 );
#endif
mpi_free(t1);
mpi_free(t2);
return rc;
}
/********************************************* /*********************************************
************** interface ****************** ************** interface ******************
*********************************************/ *********************************************/
@ -546,7 +434,6 @@ elg_check_secret_key( int algo, MPI *skey )
} }
int int
elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey ) elg_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
{ {
@ -586,45 +473,6 @@ elg_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
return 0; return 0;
} }
int
elg_sign( int algo, MPI *resarr, MPI data, MPI *skey )
{
ELG_secret_key sk;
if( !is_ELGAMAL(algo) )
return G10ERR_PUBKEY_ALGO;
if( !data || !skey[0] || !skey[1] || !skey[2] || !skey[3] )
return G10ERR_BAD_MPI;
sk.p = skey[0];
sk.g = skey[1];
sk.y = skey[2];
sk.x = skey[3];
resarr[0] = mpi_alloc( mpi_get_nlimbs( sk.p ) );
resarr[1] = mpi_alloc( mpi_get_nlimbs( sk.p ) );
sign( resarr[0], resarr[1], data, &sk );
return 0;
}
int
elg_verify( int algo, MPI hash, MPI *data, MPI *pkey )
{
ELG_public_key pk;
if( !is_ELGAMAL(algo) )
return G10ERR_PUBKEY_ALGO;
if( !data[0] || !data[1] || !hash
|| !pkey[0] || !pkey[1] || !pkey[2] )
return G10ERR_BAD_MPI;
pk.p = pkey[0];
pk.g = pkey[1];
pk.y = pkey[2];
if( !verify( data[0], data[1], hash, &pk ) )
return G10ERR_BAD_SIGN;
return 0;
}
unsigned int unsigned int
elg_get_nbits( int algo, MPI *pkey ) elg_get_nbits( int algo, MPI *pkey )
@ -642,9 +490,6 @@ elg_get_nbits( int algo, MPI *pkey )
* the ALGO is invalid. * the ALGO is invalid.
* Usage: Bit 0 set : allows signing * Usage: Bit 0 set : allows signing
* 1 set : allows encryption * 1 set : allows encryption
* NOTE: This function allows signing also for ELG-E, which is not
* okay but a bad hack to allow to work with old gpg keys. The real check
* is done in the gnupg ocde depending on the packet version.
*/ */
const char * const char *
elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig, elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
@ -656,11 +501,8 @@ elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
*nsig = 2; *nsig = 2;
switch( algo ) { switch( algo ) {
case PUBKEY_ALGO_ELGAMAL:
*use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC;
return "ELG";
case PUBKEY_ALGO_ELGAMAL_E: case PUBKEY_ALGO_ELGAMAL_E:
*use = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC; *use = PUBKEY_USAGE_ENC;
return "ELG-E"; return "ELG-E";
default: *use = 0; return NULL; default: *use = 0; return NULL;
} }

20
cipher/pubkey.c
View File

@ -1,5 +1,6 @@
/* pubkey.c - pubkey dispatcher /* pubkey.c - pubkey dispatcher
* Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. * Copyright (C) 1998, 1999, 2000, 2001, 2003,
* 2004 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -97,23 +98,6 @@ setup_pubkey_table(void)
{ {
int i=0; int i=0;
pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL;
pubkey_table[i].name = elg_get_info( pubkey_table[i].algo,
&pubkey_table[i].npkey,
&pubkey_table[i].nskey,
&pubkey_table[i].nenc,
&pubkey_table[i].nsig,
&pubkey_table[i].use );
pubkey_table[i].generate = elg_generate;
pubkey_table[i].check_secret_key = elg_check_secret_key;
pubkey_table[i].encrypt = elg_encrypt;
pubkey_table[i].decrypt = elg_decrypt;
pubkey_table[i].sign = elg_sign;
pubkey_table[i].verify = elg_verify;
pubkey_table[i].get_nbits = elg_get_nbits;
if( !pubkey_table[i].name )
BUG();
i++;
pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL_E; pubkey_table[i].algo = PUBKEY_ALGO_ELGAMAL_E;
pubkey_table[i].name = elg_get_info( pubkey_table[i].algo, pubkey_table[i].name = elg_get_info( pubkey_table[i].algo,
&pubkey_table[i].npkey, &pubkey_table[i].npkey,