Jussi Kivilinna | 21 Dec 16:38 2014

[PATCH 1/2] chacha20: allow setting counter for stream random access

* cipher/chacha20.c (CHACHA20_CTR_SIZE): New.
(chacha20_ivsetup): Add setup for full counter.
(chacha20_setiv): Allow ivlen == CHACHA20_CTR_SIZE.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
 cipher/chacha20.c |   21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/cipher/chacha20.c b/cipher/chacha20.c
index c1847aa..2eaeffd 100644
--- a/cipher/chacha20.c
+++ b/cipher/chacha20.c
 <at>  <at>  -45,6 +45,7  <at>  <at> 
 #define CHACHA20_BLOCK_SIZE   64        /* Bytes.  */
 #define CHACHA20_MIN_IV_SIZE   8        /* Bytes.  */
 #define CHACHA20_MAX_IV_SIZE  12        /* Bytes.  */
+#define CHACHA20_CTR_SIZE     16        /* Bytes.  */

 /* USE_SSE2 indicates whether to compile with Intel SSE2 code. */
 <at>  <at>  -312,22 +313,30  <at>  <at>  chacha20_keysetup (CHACHA20_context_t * ctx, const byte * key,
 static void
 chacha20_ivsetup (CHACHA20_context_t * ctx, const byte * iv, size_t ivlen)
-  ctx->input[12] = 0;
-  if (ivlen == CHACHA20_MAX_IV_SIZE)
+  if (ivlen == CHACHA20_CTR_SIZE)
(Continue reading)

Jussi Kivilinna | 20 Dec 16:21 2014

[PATCH] gcm: do not pass extra key pointer for setupM/fillM

* cipher/cipher-gcm-intel-pclmul.c
(_gcry_ghash_setup_intel_pclmul): Remove 'h' parameter.
* cipher/cipher-gcm.c (_gcry_ghash_setup_intel_pclmul): Ditto.
(fillM): Get 'h' pointer from 'c'.
(setupM): Remome 'h' parameter.
(_gcry_cipher_gcm_setkey): Only pass 'c' to setupM.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
 cipher/cipher-gcm-intel-pclmul.c |    2 +-
 cipher/cipher-gcm.c              |   15 ++++++++-------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/cipher/cipher-gcm-intel-pclmul.c b/cipher/cipher-gcm-intel-pclmul.c
index 02e7701..0314458 100644
--- a/cipher/cipher-gcm-intel-pclmul.c
+++ b/cipher/cipher-gcm-intel-pclmul.c
 <at>  <at>  -239,7 +239,7  <at>  <at>  static inline void gfmul_pclmul_aggr4(void)

-_gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c, byte *h)
+_gcry_ghash_setup_intel_pclmul (gcry_cipher_hd_t c)
   u64 tmp[2];

diff --git a/cipher/cipher-gcm.c b/cipher/cipher-gcm.c
index f89b81e..6b13fc5 100644
--- a/cipher/cipher-gcm.c
(Continue reading)

Max | 18 Dec 17:06 2014

hex conversion

Hi all.

After some basic experimentation with libgcrypt and reading through API docs it seems
like just the thing I need. However one utility piece seems to be missing -
conversion to and from hexadecimal strings.

For example I receive data as a command-line argument, calculate hash from it and
print it onto the screen:

./a.out 39ef13c5aaaaaaaaaaaaaaaaa
test hash: 2b567dd47b587955f1a83f60f94138ad

I can use gcry_md_hash_buffer(...) but first I've got to prepare buffer, so I need to
convert ascii string "39ef13c5aaaaaaaaaaaaaaaaa" into hexadecimal uint8_t * buffer.
Similarly, I've got to convert resulting digest into proper ascii representation.

Am I missing something obvious or every user of libgcrypt writes its own hex2bin()
and bin2hex() functions?

best regards,
by Werner Koch | 15 Dec 12:15 2014

[git] GCRYPT - branch, master, updated. libgcrypt-1.6.0-135-gad50e36

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  ad50e360ef4851e66e51a03fc420175636336b58 (commit)
      from  4f46374502eb988d701b904f83819e2cf7b1755c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ad50e360ef4851e66e51a03fc420175636336b58
Author: Werner Koch <wk <at> gnupg.org>
Date:   Mon Dec 15 12:05:32 2014 +0100

    build: Add configure option --disable-doc.

    * Makefile.am (AUTOMAKE_OPTIONS): Remove.
    (doc) [!BUILD_DOC]: Do not recurse into the dir.
    * configure.ac (AM_INIT_AUTOMAKE): Add option formerly in Makefile.am.
    (BUILD_DOC): Add new am_conditional.

diff --git a/Makefile.am b/Makefile.am
index 937bdaf..2d7ca43 100644
--- a/Makefile.am
+++ b/Makefile.am
 <at>  <at>  -18,15 +18,21  <at>  <at> 
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
(Continue reading)

Jussi Kivilinna | 12 Dec 23:52 2014

[PATCH] rijndael: use more compact look-up tables and add table prefetching

* cipher/rijndael-internal.h (rijndael_prefetchfn_t): New.
(RIJNDAEL_context): Add 'prefetch_enc_fn' and 'prefetch_dec_fn'.
* cipher/rijndael-tables.h (S, T1, T2, T3, T4, T5, T6, T7, T8, S5, U1)
(U2, U3, U4): Remove.
(encT, decT): Add.
* cipher/rijndael.c (_gcry_aes_amd64_encrypt_block)
(_gcry_aes_amd64_decrypt_block, _gcry_aes_arm_encrypt_block)
(_gcry_aes_arm_encrypt_block): Add parameter for passing table pointer
to assembly implementation.
(prefetch_table, prefetch_enc, prefetch_dec): New.
(do_setkey): Setup context prefetch functions depending on selected
rijndael implementation; Use new tables for key setup.
(prepare_decryption): Use new tables for decryption key setup.
(do_encrypt_aligned): Rename to...
(do_encrypt_fn): ... to this, change to use new compact tables and
make handle unaligned input.
(do_encrypt): Remove handling of unaligned input/output; pass table
pointer to assembly implementations.
(rijndael_encrypt, _gcry_aes_cfb_enc, _gcry_aes_cbc_enc)
(_gcry_aes_ctr_enc, _gcry_aes_cfb_dec): Prefetch encryption tables
before encryption.
(do_decrypt_aligned): Rename to...
(do_decrypt_fn): ... to this, change to use new compact tables and
make handle unaligned input.
(do_decrypt): Remove handling of unaligned input/output; pass table
pointer to assembly implementations.
(rijndael_decrypt, _gcry_aes_cbc_dec): Prefetch decryption tables
before decryption.
* cipher/rijndael-amd64.S: Use 2+2 KiB tables for
encryption+decryption; remove tables from assembly file.
(Continue reading)

Jussi Kivilinna | 6 Dec 14:22 2014

[PATCH] GCM: move Intel PCLMUL accelerated implementation to separate file

* cipher/Makefile.am: Add 'cipher-gcm-intel-pclmul.c'.
* cipher/cipher-gcm-intel-pclmul.c: New.
* cipher/cipher-gcm.c [GCM_USE_INTEL_PCLMUL]
(_gcry_ghash_setup_intel_pclmul, _gcry_ghash_intel_pclmul): New
[GCM_USE_INTEL_PCLMUL] (gfmul_pclmul, gfmul_pclmul_aggr4): Move
to 'cipher-gcm-intel-pclmul.c'.
(ghash): Rename to...
(ghash_internal): ...this and move GCM_USE_INTEL_PCLMUL part to new
function in 'cipher-gcm-intel-pclmul.c'.
(setupM): Move GCM_USE_INTEL_PCLMUL part to new function in
'cipher-gcm-intel-pclmul.c'; Add selection of ghash function based
on available HW acceleration.
(do_ghash_buf): Change use of 'ghash' to 'c->u_mode.gcm.ghash_fn'.
* cipher/internal.h (ghash_fn_t): New.
(gcry_cipher_handle): Remove 'use_intel_pclmul'; Add 'ghash_fn'.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
 cipher/Makefile.am               |    4 
 cipher/cipher-gcm-intel-pclmul.c |  395 ++++++++++++++++++++++++++++++++++++++
 cipher/cipher-gcm.c              |  395 ++------------------------------------
 cipher/cipher-internal.h         |   13 +
 4 files changed, 430 insertions(+), 377 deletions(-)
 create mode 100644 cipher/cipher-gcm-intel-pclmul.c

diff --git a/cipher/Makefile.am b/cipher/Makefile.am
index d7e7773..98142ed 100644
--- a/cipher/Makefile.am
(Continue reading)

Jussi Kivilinna | 6 Dec 14:22 2014

[PATCH] rijndael: further optimizations for AES-NI accelerated CBC and CFB bulk modes

* cipher/rijndael-aesni.c (do_aesni_enc, do_aesni_dec): Pass
input/output through SSE register XMM0.
(do_aesni_cfb): Remove.
(_gcry_aes_aesni_encrypt, _gcry_aes_aesni_decrypt): Add loading/storing
input/output to/from XMM0.
(_gcry_aes_aesni_cfb_enc, _gcry_aes_aesni_cbc_enc)
(_gcry_aes_aesni_cfb_dec): Update to use renewed 'do_aesni_enc' and
move IV loading/storing outside loop.
(_gcry_aes_aesni_cbc_dec): Update to use renewed 'do_aesni_dec'.

CBC encryption speed is improved ~16% on Intel Haswell and CFB encryption ~8%.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
 cipher/rijndael-aesni.c |  244 ++++++++++++++++++++---------------------------
 1 file changed, 104 insertions(+), 140 deletions(-)

diff --git a/cipher/rijndael-aesni.c b/cipher/rijndael-aesni.c
index e6c1051..3c367ce 100644
--- a/cipher/rijndael-aesni.c
+++ b/cipher/rijndael-aesni.c
 <at>  <at>  -340,33 +340,14  <at>  <at>  _gcry_aes_aesni_prepare_decryption (RIJNDAEL_context *ctx)

-/* Encrypt one block using the Intel AES-NI instructions.  A and B may
-   be the same.
-   Our problem here is that gcc does not allow the "x" constraint for
(Continue reading)

Mike Crowe | 3 Dec 18:57 2014

lock_pool drops capabilities even when running as root

We're using libgcrypt in an embedded application that runs as root
(i.e. UID=EUID=0.) We recently discovered that libgcrypt operations that
allocate secure memory caused all the process's capabilities to be dropped
causing surprises later when the rest of the application tries to perform
privileged operations.

We upgraded libgcrypt so we could use
gcry_control(GCRYCTL_DISABLE_PRIV_DROP) but this did not help (for reasons
that were obvious once I looked more closely.)

The culprit would appear to be the code at the start of secmem.c:lock_pool
that calls cap_set_proc. Before calling my capabilities are:

 CapInh: 0000000000000000
 CapPrm: 0000001fffffffff
 CapEff: 0000001fffffffff
 CapBnd: 0000001fffffffff

afterwards they are:

 CapInh: 0000000000000000
 CapPrm: 0000000000004000
 CapEff: 0000000000000000
 CapBnd: 0000001fffffffff

Borrowing the "uid && !geteuid()" check from lower down fixes the problem
for me but I suspect that isn't sufficient for all use cases.

--- secmem.c~	2014-08-21 13:50:39.000000000 +0100
+++ secmem.c	2014-12-03 17:55:08.446683419 +0000
(Continue reading)

Jussi Kivilinna | 1 Dec 20:12 2014

[PATCH 1/4] rijndael: split AES-NI functions to separate file

* cipher/Makefile.in: Add 'rijndael-aesni.c'.
* cipher/rijndael-aesni.c: New.
* cipher/rijndael-internal.h: New.
(keyschenc, keyschdec, padlockkey): Move to 'rijndael-internal.h'.
(u128_s, aesni_prepare, aesni_cleanup, aesni_cleanup_2_6)
(aesni_do_setkey, do_aesni_enc, do_aesni_dec, do_aesni_enc_vec4)
(do_aesni_dec_vec4, do_aesni_cfb, do_aesni_ctr, do_aesni_ctr_4): Move
to 'rijndael-aesni.c'.
(prepare_decryption, rijndael_encrypt, _gcry_aes_cfb_enc)
(_gcry_aes_cbc_enc, _gcry_aes_ctr_enc, rijndael_decrypt)
(_gcry_aes_cfb_dec, _gcry_aes_cbc_dec) [USE_AESNI]: Move to functions
in 'rijdael-aesni.c'.
* configure.ac [mpi_cpu_arch=x86]: Add 'rijndael-aesni.lo'.

Clean-up rijndael.c before new new hardware acceleration support gets added.

Signed-off-by: Jussi Kivilinna <jussi.kivilinna <at> iki.fi>
 cipher/Makefile.am         |    3 
 cipher/rijndael-aesni.c    | 1288 +++++++++++++++++++++++++++++++++++++++++
 cipher/rijndael-internal.h |  118 ++++
 cipher/rijndael.c          | 1393 ++------------------------------------------
 configure.ac               |    7 
 5 files changed, 1478 insertions(+), 1331 deletions(-)
 create mode 100644 cipher/rijndael-aesni.c
 create mode 100644 cipher/rijndael-internal.h

(Continue reading)

Jan Bilek | 30 Nov 14:18 2014

Re: AES192 & AES256 in CBC mode [libgcrypt]

Resending as previous email seemed to be bounced back by the  
http://www.dnsbl.manitu.net/'s spam filter.

Kind Regards,

On 30/11/14 23:02, Jan Bilek wrote:
> Hello Jussi,
> thanks for this, however I'm not sure how to interpret your email. 
> Does it mean that my test vectors are wrong? I calculated those "in 
> hand" so this might be the case, but then my understanding of CBC is 
> incorrect.
> Thank you,
> Jan
> On 30/11/14 19:07, Jussi Kivilinna wrote:
>> Hello,
>> On 28.11.2014 03:10, Jan Bilek wrote:> Hello,
>>> I've just bounced in a potential problem with libgcrypt while trying 
>>> to do AES192 & AES256 in CBC mode.
>>> All works well with AES128 for all cipher modes, however when moving 
>>> to AES192 & AES256 and GCRY_CIPHER_MODE_CBC it looks like all 
>>> buffers are being written just in first 128 bits of output.
>>> Please see example code attached.
(Continue reading)

Jan Bilek | 28 Nov 02:10 2014

AES192 & AES256 in CBC mode [libgcrypt]


I've just bounced in a potential problem with libgcrypt while trying to do AES192 & AES256 in CBC mode.

All works well with AES128 for all cipher modes, however when moving to AES192 & AES256 and GCRY_CIPHER_MODE_CBC it looks like all buffers are being written just in first 128 bits of output.

Please see example code attached.

Let me know if you'll be able to confirm that and if confirmed if I may help with fixing it.

Thank you & Kind Regards,
Jan Bilek CTO, EFTlab Pty Ltd email: jan.bilek <at> eftlab.co.uk mob: +61 (0) 498 103 179 This message contains confidential information and is intended only for the addressee(s). E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. EFTlab Ltd cannot accept liability for any errors or omissions in the contents of this message, which may arise as a result of e-mail transmission. Please note that EFTlab Ltd may monitor, analyse and archive email traffic, data and the content of email for the purposes of security, legal compliance and staff training. If you have received this email in error please notify us at support <at> eftlab.co.uk. EFTlab is a limited company registered in England & Wales with Reg No. 07528943. The Registered Office is 21-27 Lamb's Conduit Street, London, WC1N 3GS.
Attachment (crypto_aes.cpp): text/x-c++src, 6065 bytes
Gcrypt-devel mailing list
Gcrypt-devel <at> gnupg.org