mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-11 13:14:25 +01:00
See ChangeLog: Wed Sep 13 18:12:34 CEST 2000 Werner Koch
This commit is contained in:
parent
3c3ad064b6
commit
8f6b40ff1c
@ -1,3 +1,9 @@
|
|||||||
|
Wed Sep 13 18:12:34 CEST 2000 Werner Koch <wk@openit.de>
|
||||||
|
|
||||||
|
* rsa.c (secret): Speed up by using the CRT. For a 2k keys this
|
||||||
|
is about 3 times faster.
|
||||||
|
(stronger_key_check): New but unused code to check the secret key.
|
||||||
|
|
||||||
Wed Sep 6 17:55:47 CEST 2000 Werner Koch <wk@openit.de>
|
Wed Sep 6 17:55:47 CEST 2000 Werner Koch <wk@openit.de>
|
||||||
|
|
||||||
* rsa.c: Changed the comment about the patent.
|
* rsa.c: Changed the comment about the patent.
|
||||||
|
93
cipher/rsa.c
93
cipher/rsa.c
@ -98,7 +98,7 @@ generate( RSA_secret_key *sk, unsigned nbits )
|
|||||||
MPI t1, t2;
|
MPI t1, t2;
|
||||||
MPI n; /* the public key */
|
MPI n; /* the public key */
|
||||||
MPI e; /* the exponent */
|
MPI e; /* the exponent */
|
||||||
MPI phi; /* helper: (p-a)(q-1) */
|
MPI phi; /* helper: (p-1)(q-1) */
|
||||||
MPI g;
|
MPI g;
|
||||||
MPI f;
|
MPI f;
|
||||||
|
|
||||||
@ -201,19 +201,106 @@ public(MPI output, MPI input, RSA_public_key *pkey )
|
|||||||
mpi_powm( output, input, pkey->e, pkey->n );
|
mpi_powm( output, input, pkey->e, pkey->n );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
static void
|
||||||
|
stronger_key_check ( RSA_secret_key *skey )
|
||||||
|
{
|
||||||
|
MPI t = mpi_alloc_secure ( 0 );
|
||||||
|
MPI t1 = mpi_alloc_secure ( 0 );
|
||||||
|
MPI t2 = mpi_alloc_secure ( 0 );
|
||||||
|
MPI phi = mpi_alloc_secure ( 0 );
|
||||||
|
|
||||||
|
/* check that n == p * q */
|
||||||
|
mpi_mul( t, skey->p, skey->q);
|
||||||
|
if (mpi_cmp( t, skey->n) )
|
||||||
|
log_info ( "RSA Oops: n != p * q\n" );
|
||||||
|
|
||||||
|
/* check that p is less than q */
|
||||||
|
if( mpi_cmp( skey->p, skey->q ) > 0 )
|
||||||
|
log_info ("RSA Oops: p >= q\n");
|
||||||
|
|
||||||
|
|
||||||
|
/* check that e divides neither p-1 nor q-1 */
|
||||||
|
mpi_sub_ui(t, skey->p, 1 );
|
||||||
|
mpi_fdiv_r(t, t, skey->e );
|
||||||
|
if ( !mpi_cmp_ui( t, 0) )
|
||||||
|
log_info ( "RSA Oops: e divides p-1\n" );
|
||||||
|
mpi_sub_ui(t, skey->q, 1 );
|
||||||
|
mpi_fdiv_r(t, t, skey->e );
|
||||||
|
if ( !mpi_cmp_ui( t, 0) )
|
||||||
|
log_info ( "RSA Oops: e divides q-1\n" );
|
||||||
|
|
||||||
|
/* check that d is correct */
|
||||||
|
mpi_sub_ui( t1, skey->p, 1 );
|
||||||
|
mpi_sub_ui( t2, skey->q, 1 );
|
||||||
|
mpi_mul( phi, t1, t2 );
|
||||||
|
mpi_gcd(t, t1, t2);
|
||||||
|
mpi_fdiv_q(t, phi, t);
|
||||||
|
mpi_invm(t, skey->e, t );
|
||||||
|
if ( mpi_cmp(t, skey->d ) )
|
||||||
|
log_info ( "RSA Oops: d is wrong\n");
|
||||||
|
|
||||||
|
/* check for crrectness of u */
|
||||||
|
mpi_invm(t, skey->p, skey->q );
|
||||||
|
if ( mpi_cmp(t, skey->u ) )
|
||||||
|
log_info ( "RSA Oops: u is wrong\n");
|
||||||
|
|
||||||
|
log_info ( "RSA secret key check finished\n");
|
||||||
|
|
||||||
|
mpi_free (t);
|
||||||
|
mpi_free (t1);
|
||||||
|
mpi_free (t2);
|
||||||
|
mpi_free (phi);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/****************
|
/****************
|
||||||
* Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
|
* Secret key operation. Encrypt INPUT with SKEY and put result into OUTPUT.
|
||||||
*
|
*
|
||||||
* m = c^d mod n
|
* m = c^d mod n
|
||||||
*
|
*
|
||||||
* Where m is OUTPUT, c is INPUT and d,n are elements of PKEY.
|
* Or faster:
|
||||||
*
|
*
|
||||||
* FIXME: We should better use the Chinese Remainder Theorem
|
* m1 = c ^ (d mod (p-1)) mod p
|
||||||
|
* m2 = c ^ (d mod (q-1)) mod q
|
||||||
|
* h = u * (m2 - m1) mod q
|
||||||
|
* m = m1 + h * p
|
||||||
|
*
|
||||||
|
* Where m is OUTPUT, c is INPUT and d,n,p,q,u are elements of SKEY.
|
||||||
*/
|
*/
|
||||||
static void
|
static void
|
||||||
secret(MPI output, MPI input, RSA_secret_key *skey )
|
secret(MPI output, MPI input, RSA_secret_key *skey )
|
||||||
{
|
{
|
||||||
|
#if 0
|
||||||
mpi_powm( output, input, skey->d, skey->n );
|
mpi_powm( output, input, skey->d, skey->n );
|
||||||
|
#else
|
||||||
|
MPI m1 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
|
||||||
|
MPI m2 = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
|
||||||
|
MPI h = mpi_alloc_secure( mpi_get_nlimbs(skey->n)+1 );
|
||||||
|
|
||||||
|
/* m1 = c ^ (d mod (p-1)) mod p */
|
||||||
|
mpi_sub_ui( h, skey->p, 1 );
|
||||||
|
mpi_fdiv_r( h, skey->d, h );
|
||||||
|
mpi_powm( m1, input, h, skey->p );
|
||||||
|
/* m2 = c ^ (d mod (q-1)) mod q */
|
||||||
|
mpi_sub_ui( h, skey->q, 1 );
|
||||||
|
mpi_fdiv_r( h, skey->d, h );
|
||||||
|
mpi_powm( m2, input, h, skey->q );
|
||||||
|
/* h = u * ( m2 - m1 ) mod q */
|
||||||
|
mpi_sub( h, m2, m1 );
|
||||||
|
if ( mpi_is_neg( h ) )
|
||||||
|
mpi_add ( h, h, skey->q );
|
||||||
|
mpi_mulm( h, skey->u, h, skey->q );
|
||||||
|
/* m = m2 + h * p */
|
||||||
|
mpi_mul ( h, h, skey->p );
|
||||||
|
mpi_add ( output, m1, h );
|
||||||
|
/* ready */
|
||||||
|
|
||||||
|
mpi_free ( h );
|
||||||
|
mpi_free ( m1 );
|
||||||
|
mpi_free ( m2 );
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,3 +1,10 @@
|
|||||||
|
Wed Sep 13 18:12:34 CEST 2000 Werner Koch <wk@openit.de>
|
||||||
|
|
||||||
|
* keyedit.c (keyedit_menu): Allow to use "debug" on the secret key.
|
||||||
|
|
||||||
|
* ringedit.c (cmp_seckey): Fix for v4 RSA keys.
|
||||||
|
* seckey-cert.c (do_check): Workaround for PGP 7 bug.
|
||||||
|
|
||||||
Wed Sep 6 17:55:47 CEST 2000 Werner Koch <wk@openit.de>
|
Wed Sep 6 17:55:47 CEST 2000 Werner Koch <wk@openit.de>
|
||||||
|
|
||||||
* misc.c (print_pubkey_algo_note): Do not print the RSA notice.
|
* misc.c (print_pubkey_algo_note): Do not print the RSA notice.
|
||||||
|
@ -592,7 +592,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
|
|||||||
{ N_("sign") , cmdSIGN , 0,1,1, N_("sign the key") },
|
{ N_("sign") , cmdSIGN , 0,1,1, N_("sign the key") },
|
||||||
{ N_("s") , cmdSIGN , 0,1,1, NULL },
|
{ N_("s") , cmdSIGN , 0,1,1, NULL },
|
||||||
{ N_("lsign") , cmdLSIGN , 0,1,1, N_("sign the key locally") },
|
{ N_("lsign") , cmdLSIGN , 0,1,1, N_("sign the key locally") },
|
||||||
{ N_("debug") , cmdDEBUG , 0,1,0, NULL },
|
{ N_("debug") , cmdDEBUG , 0,0,0, NULL },
|
||||||
{ N_("adduid") , cmdADDUID , 1,1,0, N_("add a user ID") },
|
{ N_("adduid") , cmdADDUID , 1,1,0, N_("add a user ID") },
|
||||||
{ N_("deluid") , cmdDELUID , 0,1,0, N_("delete user ID") },
|
{ N_("deluid") , cmdDELUID , 0,1,0, N_("delete user ID") },
|
||||||
{ N_("addkey") , cmdADDKEY , 1,1,0, N_("add a secondary key") },
|
{ N_("addkey") , cmdADDKEY , 1,1,0, N_("add a secondary key") },
|
||||||
|
@ -1070,7 +1070,13 @@ cmp_seckey( PKT_secret_key *req_sk, PKT_secret_key *sk )
|
|||||||
|
|
||||||
n = pubkey_get_nskey( req_sk->pubkey_algo );
|
n = pubkey_get_nskey( req_sk->pubkey_algo );
|
||||||
for(i=0; i < n; i++ ) {
|
for(i=0; i < n; i++ ) {
|
||||||
if( mpi_cmp( req_sk->skey[i], sk->skey[i] ) )
|
/* Note: becuase v4 protected keys have nothing in the
|
||||||
|
* mpis except for the first one, we skip all NULL MPIs.
|
||||||
|
* This might not be always correct in cases where the both
|
||||||
|
* keys do not match in their secret parts but we can ignore that
|
||||||
|
* because the need for this function is quite ugly. */
|
||||||
|
if( req_sk->skey[1] && sk->skey[i]
|
||||||
|
&& mpi_cmp( req_sk->skey[i], sk->skey[i] ) )
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -80,10 +80,13 @@ do_check( PKT_secret_key *sk )
|
|||||||
if( sk->version >= 4 ) {
|
if( sk->version >= 4 ) {
|
||||||
int ndata;
|
int ndata;
|
||||||
byte *p, *data;
|
byte *p, *data;
|
||||||
|
u16 csumc = 0;
|
||||||
|
|
||||||
i = pubkey_get_npkey(sk->pubkey_algo);
|
i = pubkey_get_npkey(sk->pubkey_algo);
|
||||||
assert( mpi_is_opaque( sk->skey[i] ) );
|
assert( mpi_is_opaque( sk->skey[i] ) );
|
||||||
p = mpi_get_opaque( sk->skey[i], &ndata );
|
p = mpi_get_opaque( sk->skey[i], &ndata );
|
||||||
|
if ( ndata > 1 )
|
||||||
|
csumc = p[ndata-2] << 8 | p[ndata-1];
|
||||||
data = m_alloc_secure( ndata );
|
data = m_alloc_secure( ndata );
|
||||||
cipher_decrypt( cipher_hd, data, p, ndata );
|
cipher_decrypt( cipher_hd, data, p, ndata );
|
||||||
mpi_free( sk->skey[i] ); sk->skey[i] = NULL ;
|
mpi_free( sk->skey[i] ); sk->skey[i] = NULL ;
|
||||||
@ -96,9 +99,14 @@ do_check( PKT_secret_key *sk )
|
|||||||
else {
|
else {
|
||||||
csum = checksum( data, ndata-2);
|
csum = checksum( data, ndata-2);
|
||||||
sk->csum = data[ndata-2] << 8 | data[ndata-1];
|
sk->csum = data[ndata-2] << 8 | data[ndata-1];
|
||||||
|
if ( sk->csum != csum ) {
|
||||||
|
/* This is a PGP 7.0.0 workaround */
|
||||||
|
sk->csum = csumc; /* take the encrypted one */
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* must check it here otherwise the mpi_read_xx would fail
|
/* must check it here otherwise the mpi_read_xx would fail
|
||||||
* because the length das an abritary value */
|
* because the length may have an arbitrary value */
|
||||||
if( sk->csum == csum ) {
|
if( sk->csum == csum ) {
|
||||||
for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
|
for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
|
||||||
nbytes = ndata;
|
nbytes = ndata;
|
||||||
@ -106,6 +114,7 @@ do_check( PKT_secret_key *sk )
|
|||||||
ndata -= nbytes;
|
ndata -= nbytes;
|
||||||
p += nbytes;
|
p += nbytes;
|
||||||
}
|
}
|
||||||
|
/* at this point ndata should be equal to 2 (the checksum) */
|
||||||
}
|
}
|
||||||
m_free(data);
|
m_free(data);
|
||||||
}
|
}
|
||||||
@ -237,8 +246,6 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
|
|||||||
randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1);
|
randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1);
|
||||||
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
|
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
|
||||||
if( sk->version >= 4 ) {
|
if( sk->version >= 4 ) {
|
||||||
/* FIXME: There is a bug in this function for all algorithms
|
|
||||||
* where the secret MPIs are more than 1 */
|
|
||||||
byte *bufarr[PUBKEY_MAX_NSKEY];
|
byte *bufarr[PUBKEY_MAX_NSKEY];
|
||||||
unsigned narr[PUBKEY_MAX_NSKEY];
|
unsigned narr[PUBKEY_MAX_NSKEY];
|
||||||
unsigned nbits[PUBKEY_MAX_NSKEY];
|
unsigned nbits[PUBKEY_MAX_NSKEY];
|
||||||
|
Loading…
x
Reference in New Issue
Block a user