From madelman at iname.com Thu Mar 3 13:44:33 2005 From: madelman at iname.com (Madelman) Date: Thu Mar 3 13:37:54 2005 Subject: Problem with public key encription Message-ID: <422706B1.1000901@iname.com> Hi, i'm having a problem when trying to encrypt the session key with the public key. The code in question is: -------------- // generate session key sessionKey = new unsigned char[16]; gcry_randomize(sessionKey, longClaveSesion, GCRY_STRONG_RANDOM); // convert session key to S-Expression gcry_sexp_build(&data, NULL, "(data (flags raw)(value %b))", (size_t) 16, sessionKey); // firmamos con la clave publica del destinatario err = gcry_pk_encrypt(&encryptedSessionKey, data, destinationKey); -------------- and the returned error is Invalid object. But this only occurs sometimes, the rest of the time everything works ok. I debugged it and saw the problem was dependant on the value of the session key, so in general it works ok but with some values of the session key it fails. I tracked it down to the function gcry_sexp_nth_mpi, which doesn't return a correct mpi when called with some of my values, but i can't find the problem. These are some of the values i got working and not: ------------------- (data (flags raw) (value #23F9C6B31389B304F44083B1F7C4E58C#) ) Result: Success (data (flags raw) (value #81ACBB98319D5EA67F63E28FC234790B#) ) Result: Invalid object (data (flags raw) (value #D2440A26F494E23DB65F7D9794DB88CA#) ) Result: Invalid object ------------------- Does anybody have any clue about what I'm doing wrong? Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1822 bytes Desc: S/MIME Cryptographic Signature Url : /pipermail/attachments/20050303/a3c0ed6b/smime.bin From eduardo.espejo at t-empresas.com.pe Thu Mar 3 21:26:52 2005 From: eduardo.espejo at t-empresas.com.pe (Eduardo Espejo Gavilano) Date: Thu Mar 3 22:10:10 2005 Subject: Error building libgcrypt in SUNOS Message-ID: Hi, I am trying to compile libgcrypt in SunOS 5.6 but I get this errors: source='mpiutil.c' object='mpiutil.lo' libtool=yes \ DEPDIR=.deps depmode=none /bin/ksh ../depcomp \ /bin/ksh ../libtool --tag=CC --mode=compile cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c -o mpiutil.lo mpiutil.c cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c mpiutil.c -KPIC -DPIC -o .libs/mpiutil.o "mpiutil.c", line 390: warning: argument #1 is incompatible with prototype: prototype: pointer to uchar : "../src/gcrypt.h", line 1369 argument : pointer to char "mpiutil.c", line 397: warning: argument #2 is incompatible with prototype: prototype: pointer to const uchar : "../src/mpi.h", line 126 argument : pointer to char cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c mpiutil.c -o mpiutil.o >/dev/null 2>&1 /bin/ksh ../libtool --mode=compile cc -g -c -o mpih-add1.lo `test -f 'mpih-add1.S' || echo './'`mpih-add1.S cc -g -c mpih-add1.S -KPIC -DPIC -o .libs/mpih-add1.o cc: No input file specified, no output generated make[2]: *** [mpih-add1.lo] Error 1 make[2]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1/mpi' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1' make: *** [all] Error 2 First I compiled libgpg-error successfully then I do configure in libgcrypt without error but when I do make the messages above appears.. I?ve tried with GNU make too and the same error.. Later I tried with --disable-asm and I got this: cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c prime.c "./../src/gcrypt.h", line 193: syntax error before or at: socklen_t "./../src/gcrypt.h", line 193: warning: undefined or missing type for: socklen_t "./../src/gcrypt.h", line 195: syntax error before or at: socklen_t "./../src/gcrypt.h", line 195: warning: undefined or missing type for: socklen_t cc: acomp failed for prime.c make[2]: *** [prime.o] Error 2 make[2]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1' make: *** [all] Error 2 I am using cc and GNUmake, what is wrong?? have anyone compiled libgcrypt successfully in SunOS?? Regards Eduardo Espejo From wk at gnupg.org Fri Mar 4 10:14:51 2005 From: wk at gnupg.org (Werner Koch) Date: Fri Mar 4 10:11:04 2005 Subject: Problem with public key encription In-Reply-To: <422706B1.1000901@iname.com> (madelman@iname.com's message of "Thu, 03 Mar 2005 13:44:33 +0100") References: <422706B1.1000901@iname.com> Message-ID: <87u0nrai2c.fsf@wheatstone.g10code.de> On Thu, 03 Mar 2005 13:44:33 +0100, Madelman said: > (data > (flags raw) > (value #81ACBB98319D5EA67F63E28FC234790B#) > ) > Result: Invalid object Negative number. You need to prefix it with 0x00. This is only required because you use raw data which is expected to be a proper (non-negative) number. Anyway, what you are trying to do is highly insecure. You need to pad the session key - use the pkcs#1 method. Shalom-Salam, Werner From eduardo.espejo at t-empresas.com.pe Fri Mar 4 22:41:32 2005 From: eduardo.espejo at t-empresas.com.pe (Eduardo Espejo Gavilano) Date: Fri Mar 4 22:38:57 2005 Subject: Error building libgcrypt in SUNOS In-Reply-To: Message-ID: Hi again, I've got fixed the mpi problem using gcc package from sunfreeware.com, also I added this in every source who calls gcrypt.h like in /tests #define socklen_t size_t Regards Eduardo Espejo "Eduardo Espejo Gavilano" gcrypt-devel@gnupg.org Enviado por: cc gcrypt-devel-boun ces@gnupg.org Asunto Error building libgcrypt in SUNOS 03/03/2005 15:26 Hi, I am trying to compile libgcrypt in SunOS 5.6 but I get this errors: source='mpiutil.c' object='mpiutil.lo' libtool=yes \ DEPDIR=.deps depmode=none /bin/ksh ../depcomp \ /bin/ksh ../libtool --tag=CC --mode=compile cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c -o mpiutil.lo mpiutil.c cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c mpiutil.c -KPIC -DPIC -o .libs/mpiutil.o "mpiutil.c", line 390: warning: argument #1 is incompatible with prototype: prototype: pointer to uchar : "../src/gcrypt.h", line 1369 argument : pointer to char "mpiutil.c", line 397: warning: argument #2 is incompatible with prototype: prototype: pointer to const uchar : "../src/mpi.h", line 126 argument : pointer to char cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c mpiutil.c -o mpiutil.o >/dev/null 2>&1 /bin/ksh ../libtool --mode=compile cc -g -c -o mpih-add1.lo `test -f 'mpih-add1.S' || echo './'`mpih-add1.S cc -g -c mpih-add1.S -KPIC -DPIC -o .libs/mpih-add1.o cc: No input file specified, no output generated make[2]: *** [mpih-add1.lo] Error 1 make[2]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1/mpi' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1' make: *** [all] Error 2 First I compiled libgpg-error successfully then I do configure in libgcrypt without error but when I do make the messages above appears.. I?ve tried with GNU make too and the same error.. Later I tried with --disable-asm and I got this: cc -DHAVE_CONFIG_H -I. -I. -I.. -I../src -I/usr/pptmain/libgpg-error-1.0/include -g -c prime.c "./../src/gcrypt.h", line 193: syntax error before or at: socklen_t "./../src/gcrypt.h", line 193: warning: undefined or missing type for: socklen_t "./../src/gcrypt.h", line 195: syntax error before or at: socklen_t "./../src/gcrypt.h", line 195: warning: undefined or missing type for: socklen_t cc: acomp failed for prime.c make[2]: *** [prime.o] Error 2 make[2]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1/tests' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/pptmain/libgcrypt-1.2.1' make: *** [all] Error 2 I am using cc and GNUmake, what is wrong?? have anyone compiled libgcrypt successfully in SunOS?? Regards Eduardo Espejo _______________________________________________ Gcrypt-devel mailing list Gcrypt-devel@gnupg.org http://lists.gnupg.org/mailman/listinfo/gcrypt-devel ForwardSourceID:NT0001053E From alangley at gmail.com Mon Mar 14 14:01:44 2005 From: alangley at gmail.com (Adam Langley) Date: Mon Mar 14 16:28:36 2005 Subject: [PATCH 1/1] 1.2.1 gcrypt.h fails to build with g++ Message-ID: <396556a205031405014940a60a@mail.gmail.com> Due to stricter typing rules in C++, including gcrypt.h and using GCRY_THREAD_OPTION_PTHREAD_IMPL fails to compile without the attached patch. (note: not on list, please reply to all) AGL -- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org (+44) (0)7906 332512 PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60 -------------- next part -------------- A non-text attachment was scrubbed... Name: gcrypt.h-1.2.1-g++-compile.patch Type: application/octet-stream Size: 0 bytes Desc: not available Url : /pipermail/attachments/20050314/dc731f13/gcrypt.h-1.2.1-g-compile.obj From bradh at frogmouth.net Sat Mar 19 05:17:26 2005 From: bradh at frogmouth.net (Brad Hards) Date: Sat Mar 19 06:15:59 2005 Subject: Symmetric cipher padding? Message-ID: <46e7183c289d20a52fa9442a327cbda7@frogmouth.net> I'm having a little trouble with padding (at least I think that is the problem, I'm a very newbie at this). I want to support both PKCS#7 padding and also avoiding padding for when the input is a block size. Is there any description of how gcrypt does padding? If I'm doing CBC, and the data is finished, how do I say "pad as required and give me the result"? Brad From mo at g10code.com Sun Mar 20 17:50:24 2005 From: mo at g10code.com (Moritz Schulte) Date: Sun Mar 20 17:46:27 2005 Subject: Symmetric cipher padding? In-Reply-To: <46e7183c289d20a52fa9442a327cbda7@frogmouth.net> References: <46e7183c289d20a52fa9442a327cbda7@frogmouth.net> Message-ID: <20050320165024.GA594@sarkutty> On Sat, Mar 19, 2005 at 03:17:26PM +1100, Brad Hards wrote: Hello, > Is there any description of how gcrypt does padding? I am not entirely sure about your question, but I assume you are asking what padding mechanisms Libgcrypt provides in respect to symmetric block ciphers. The answer is: none; you have to do your padding yourself. Note that if you are dealing with data, whose size is larger than a single block size, you can use CTS (cipher text stealing) instead of padding. Thanks, Moritz -- Moritz Schulte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 193 bytes Desc: not available Url : /pipermail/attachments/20050320/41bb7171/attachment.pgp From bradh at frogmouth.net Mon Mar 21 10:27:38 2005 From: bradh at frogmouth.net (Brad Hards) Date: Mon Mar 21 10:26:05 2005 Subject: Symmetric cipher padding? In-Reply-To: <20050320165024.GA594@sarkutty> References: <46e7183c289d20a52fa9442a327cbda7@frogmouth.net> <20050320165024.GA594@sarkutty> Message-ID: <200503212027.45413.bradh@frogmouth.net> On Mon, 21 Mar 2005 03:50 am, Moritz Schulte wrote: > I am not entirely sure about your question, but I assume you are > asking what padding mechanisms Libgcrypt provides in respect to > symmetric block ciphers. The answer is: none; you have to do your > padding yourself. Note that if you are dealing with data, whose size > is larger than a single block size, you can use CTS (cipher text > stealing) instead of padding. Hmm, OK. I guess I have three more questions then :-) If there is a -user list I should be using, please let me know... 1. I've been working on the assumption that if I pass more than block size bytes to gcry_cipher_encrypt(), then libgcrypt will buffer the residual bytes. Is this the case, or am I meant to be doing the buffering myself? 2. Is there anything that I can use to help with the padding? For example, does libgcrypt keep track of how many bytes have been encrypted already? 3. Is there any special support for CTS? (or, can I have a hint please :) Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050321/6be6d973/attachment-0001.pgp From mo at g10code.com Tue Mar 22 21:48:26 2005 From: mo at g10code.com (Moritz Schulte) Date: Tue Mar 22 22:44:12 2005 Subject: Symmetric cipher padding? In-Reply-To: <200503212027.45413.bradh@frogmouth.net> References: <46e7183c289d20a52fa9442a327cbda7@frogmouth.net> <20050320165024.GA594@sarkutty> <200503212027.45413.bradh@frogmouth.net> Message-ID: <20050322204826.GA14972@sarkutty> On Mon, Mar 21, 2005 at 08:27:38PM +1100, Brad Hards wrote: > 1. I've been working on the assumption that if I pass more than > block size bytes to gcry_cipher_encrypt(), then libgcrypt will > buffer the residual bytes. Where did you base this assumption on? Libgcrypt does not buffer such data for you - the library is a low-level library - keep this in mind. > 2. Is there anything that I can use to help with the padding? For example, > does libgcrypt keep track of how many bytes have been encrypted already? There is no such counter. > 3. Is there any special support for CTS? (or, can I have a hint please :) CTS is supported. If you enable it, you can transform chunks of data, whose size does not have to be a multiple of the block size (it only needs to be larger than a single block). Moritz -- Moritz Schulte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 193 bytes Desc: not available Url : /pipermail/attachments/20050322/455b8e06/attachment.pgp From bradh at frogmouth.net Wed Mar 23 11:06:30 2005 From: bradh at frogmouth.net (Brad Hards) Date: Wed Mar 23 11:04:47 2005 Subject: Symmetric cipher padding? In-Reply-To: <20050322204826.GA14972@sarkutty> References: <46e7183c289d20a52fa9442a327cbda7@frogmouth.net> <200503212027.45413.bradh@frogmouth.net> <20050322204826.GA14972@sarkutty> Message-ID: <200503232106.37056.bradh@frogmouth.net> On Wed, 23 Mar 2005 07:48 am, Moritz Schulte wrote: > On Mon, Mar 21, 2005 at 08:27:38PM +1100, Brad Hards wrote: > > 1. I've been working on the assumption that if I pass more than > > block size bytes to gcry_cipher_encrypt(), then libgcrypt will > > buffer the residual bytes. > > Where did you base this assumption on? Libgcrypt does not buffer such > data for you - the library is a low-level library - keep this in mind. I've previously used OpenSSL, which does this. When it didn't do padding, I started to understand the nature of the support that libgcrypt provides though. No real problem - I can probably implement the buffering along with the padding fairly easily in my interface library. Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050323/c30f96ee/attachment.pgp From bradh at frogmouth.net Mon Mar 28 08:49:15 2005 From: bradh at frogmouth.net (Brad Hards) Date: Mon Mar 28 08:45:37 2005 Subject: Figuring out if a cipher mode is available. Message-ID: <200503281649.22131.bradh@frogmouth.net> I'm trying to use OFB mode with AES and also with DES. The call: gcry_cipher_open( &context, GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_OFB, 0 ); fails (works for GCRY_CIPHER_MODE_ECB, _CFB and _CBC). I see in the code that not all modes are supported for all Ciphers, which is fair enough. That is a problem for me - I can deal with not having OFB support, but I need to know earlier. Is there a list of Cipher / mode combinations, or is there some call I can use to test for support? Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050328/d77ea2bf/attachment.pgp From mo at g10code.com Mon Mar 28 11:22:52 2005 From: mo at g10code.com (Moritz Schulte) Date: Mon Mar 28 11:18:44 2005 Subject: Figuring out if a cipher mode is available. In-Reply-To: <200503281649.22131.bradh@frogmouth.net> References: <200503281649.22131.bradh@frogmouth.net> Message-ID: <20050328092252.GA2420@sarkutty> On Mon, Mar 28, 2005 at 05:49:15PM +1100, Brad Hards wrote: > I see in the code that not all modes are supported for all Ciphers, > which is fair enough. Well, yes. There are the modes ECB, CBC, CFB and CTR for block ciphers and there is STREAM for stream ciphers; OFB is not supported for any algorithm currently. > That is a problem for me - I can deal with not having OFB support, but I need > to know earlier. As I said, there is no OFB support currently - but there is already an according constant defined, though. > Is there a list of Cipher / mode combinations, or is there some call > I can use to test for support? No, but I agree that this might be useful; I will think about it. Thanks, Moritz -- Moritz Schulte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 193 bytes Desc: not available Url : /pipermail/attachments/20050328/6c7b35ab/attachment.pgp From bradh at frogmouth.net Mon Mar 28 11:43:49 2005 From: bradh at frogmouth.net (Brad Hards) Date: Mon Mar 28 11:40:00 2005 Subject: Figuring out if a cipher mode is available. In-Reply-To: <20050328092252.GA2420@sarkutty> References: <200503281649.22131.bradh@frogmouth.net> <20050328092252.GA2420@sarkutty> Message-ID: <200503281943.55531.bradh@frogmouth.net> On Mon, 28 Mar 2005 19:22 pm, Moritz Schulte wrote: > > I see in the code that not all modes are supported for all Ciphers, > > which is fair enough. > > Well, yes. ?There are the modes ECB, CBC, CFB and CTR for block > ciphers and there is STREAM for stream ciphers; OFB is not supported > for any algorithm currently. Are those modes good for all ciphers? Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20050328/0a6a7643/attachment.pgp From mo at g10code.com Mon Mar 28 12:46:23 2005 From: mo at g10code.com (Moritz Schulte) Date: Mon Mar 28 12:41:45 2005 Subject: Figuring out if a cipher mode is available. In-Reply-To: <200503281943.55531.bradh@frogmouth.net> References: <200503281649.22131.bradh@frogmouth.net> <20050328092252.GA2420@sarkutty> <200503281943.55531.bradh@frogmouth.net> Message-ID: <20050328104527.GA24722@sarkutty> On Mon, Mar 28, 2005 at 08:43:49PM +1100, Brad Hards wrote: > Are those modes good for all ciphers? Yes. Block ciphers are seperate from their modes of operation, thus you can combine them in any way you like. Moritz -- Moritz Schulte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 193 bytes Desc: not available Url : /pipermail/attachments/20050328/72d69517/attachment.pgp From Torrey.McMahon at Sun.COM Tue Mar 29 18:25:44 2005 From: Torrey.McMahon at Sun.COM (Torrey McMahon) Date: Tue Mar 29 19:32:16 2005 Subject: gcrypt.info problem? Message-ID: <42498188.7010001@sun.com> (Not on the list please include me on replies.) I compile libgcrypt for the Solaris blastwave distro and recently someone reported a problem with the gcrypt.info file. libgcrypt comes with a gcrypt.info file in share/info. This file in the header part contains its entry that should go into the dir file for emacs in share/info. But the line is not correct. Once I added the . it all worked. This section in gcrypt.info: INFO-DIR-SECTION GNU Libraries START-INFO-DIR-ENTRY * libgcrypt: (gcrypt). Cryptographic function library. END-INFO-DIR-ENTRY That is how it should look like. Is that bug worthy and if so where would I put one? Thanks. -- Torrey McMahon Sun Microsystems Inc.