From dhazelton at enter.net Wed Apr 5 04:04:56 2006 From: dhazelton at enter.net (D. Hazelton) Date: Wed Apr 5 10:35:21 2006 Subject: gcry_cipher_decrypt not functioning Message-ID: <200604042204.56649.dhazelton@enter.net> I'm working on a small project that is using libgcrypt for encryption. The encryption works fine, but when the decryption code is called, no decryption takes place. The following function is what I use to wrap the library calls. The input data is already aligned to the ciphers blocksize by the encryption code. From watching the process in gdb it is certain that the decryption never happens. I have tried a version where I was creating a temporary buffer for the output, and even with that step the input stream matched the output stream from the function. I'm not on the list, so could you please CC: me on the response? gcry_error_t decrypt( unsigned char *outb, unsigned int *outs, unsigned int algo ) { gcry_error_t rval; gcry_cipher_hd_t hand; gcry_md_hd_t mdh; unsigned char *store; unsigned int i, k; store = (char *)malloc(32); memset(store,0,32); blklen = gcry_cipher_get_algo_blklen(algo); rval = gcry_md_open( &mdh, GCRY_MD_SHA256, 0 ); if( rval ) return rval; k = strlen( password ); for( i = 0; i < k; i++ ) { gcry_md_putc( mdh, password[i] ); } gcry_md_final( mdh ); store = gcry_md_read( mdh, GCRY_MD_SHA256 ); gcry_md_close( mdh ); rval = gcry_cipher_open( &hand, algo, 0, 0 ); if( rval ) return rval; rval = gcry_cipher_setkey( hand, store, 32 ); if( rval ) return rval; rval = gcry_cipher_decrypt( hand, outb, outs[0], NULL, 0 ); if( rval ) return rval; gcry_cipher_close( hand ); return 0; } DRH From bradh at frogmouth.net Wed Apr 5 11:48:35 2006 From: bradh at frogmouth.net (Brad Hards) Date: Wed Apr 5 11:51:38 2006 Subject: gcry_cipher_decrypt not functioning In-Reply-To: <200604042204.56649.dhazelton@enter.net> References: <200604042204.56649.dhazelton@enter.net> Message-ID: <200604051948.46257.bradh@frogmouth.net> On Wednesday 05 April 2006 12:04 pm, D. Hazelton wrote: > >From watching the process in gdb it is certain that the decryption never > > happens. I have tried a version where I was creating a temporary buffer for > the output, and even with that step the input stream matched the output > stream from the function. It would help if you could tell us what is each gcry_* function returning. > rval = gcry_cipher_open( &hand, algo, 0, 0 ); This looks wrong. What mode are you trying to use? 0 => GCRY_CIPHER_MODE_NONE, which isn't good... You aren't setting an IV either. That is OK, as long as you are using ECB. However it looks like you are doing a lot of data, and ECB is a bad choice in this case. I like CFB (to avoid padding), but it obviously has to match whatever you are using to encrypt. Brad -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060405/60d5ac15/attachment.pgp From dhazelton at enter.net Wed Apr 5 22:15:56 2006 From: dhazelton at enter.net (D. Hazelton) Date: Thu Apr 6 08:40:59 2006 Subject: gcry_cipher_decrypt not functioning In-Reply-To: <200604051948.46257.bradh@frogmouth.net> References: <200604042204.56649.dhazelton@enter.net> <200604051948.46257.bradh@frogmouth.net> Message-ID: <200604051615.57025.dhazelton@enter.net> On Wednesday 05 April 2006 05:48, Brad Hards wrote: > On Wednesday 05 April 2006 12:04 pm, D. Hazelton wrote: > > >From watching the process in gdb it is certain that the decryption never > > > > happens. I have tried a version where I was creating a temporary buffer > > for the output, and even with that step the input stream matched the > > output stream from the function. > > It would help if you could tell us what is each gcry_* function returning. Everything returns fine. Each call returns "No Error"... When gcry_cipher_decrypt returns it returns with no decryption. > > rval = gcry_cipher_open( &hand, algo, 0, 0 ); > > This looks wrong. What mode are you trying to use? 0 => > GCRY_CIPHER_MODE_NONE, which isn't good... > > You aren't setting an IV either. That is OK, as long as you are using ECB. > However it looks like you are doing a lot of data, and ECB is a bad choice > in this case. I like CFB (to avoid padding), but it obviously has to match > whatever you are using to encrypt. Okay. So I should set an IV (and store it in the output) and use GCRY_CIPHER_MODE_CFB? Sound pretty simple to me. Thank you! DRH From bradh at frogmouth.net Fri Apr 14 02:53:02 2006 From: bradh at frogmouth.net (Brad Hards) Date: Fri Apr 14 02:56:28 2006 Subject: [patch] {ksba} change to ksba.h for building with C++ Message-ID: <200604141053.07296.bradh@frogmouth.net> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060414/4c9252ae/attachment.pgp From bradh at frogmouth.net Fri Apr 14 14:01:58 2006 From: bradh at frogmouth.net (Brad Hards) Date: Fri Apr 14 14:05:05 2006 Subject: [patch] {ksba} Minor documentation update Message-ID: <200604142202.06726.bradh@frogmouth.net> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : /pipermail/attachments/20060414/7af29aa7/attachment-0001.pgp From ndurner at web.de Mon Apr 17 01:03:15 2006 From: ndurner at web.de (N. Durner) Date: Mon Apr 17 12:23:28 2006 Subject: [patch] MinGW build Message-ID: <4442CD33.5060004@web.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the attached patch fixes a linker error and disables the "random" test under MinGW because there's fork(). The patch does not include the Windows CryptoAPI patch proposed in http://permalink.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/1366 because it was rejected by Werner Koch and the CryptoAPI seems to be unavailable on some Windows editions: http://www.gnunet.org/mantis/view.php?id=1028 Apply the patch with patch -p 0 < libgcrypt-mingw.diff and rebuild ./configure using autoconf -f -i A prebuilt DLL is available from gnunet.org: http://www.gnunet.org/download/win32/libgcrypt-1.2.2.zip Best regards, Nils Durner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3rc2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEQs0zZR3zUj0j8l0RAq7PAKDHoLf6mOr/HsB2HFa+43FNLf1WqQCfakHn FtWDRqZE7eGsXmt04BuFm3I= =s0bO -----END PGP SIGNATURE----- -------------- next part -------------- diff -Naur libgcrypt-1.2.2/acinclude.m4 libgcrypt-1.2.2.nd/acinclude.m4 --- libgcrypt-1.2.2/acinclude.m4 Fri Jul 29 13:45:48 2005 +++ libgcrypt-1.2.2.nd/acinclude.m4 Sun Apr 16 11:57:28 2006 @@ -96,7 +96,7 @@ AC_DEFUN([GNUPG_SYS_SYMBOL_UNDERSCORE], [tmp_do_check="no" case "${target}" in - i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp) + i386-emx-os2 | i[3456]86-pc-os2*emx | i386-pc-msdosdjgpp | *-*-mingw32*) ac_cv_sys_symbol_underscore=yes ;; *) diff -Naur libgcrypt-1.2.2/tests/random.c libgcrypt-1.2.2.nd/tests/random.c --- libgcrypt-1.2.2/tests/random.c Tue Sep 13 09:15:59 2005 +++ libgcrypt-1.2.2.nd/tests/random.c Sun Apr 16 11:58:12 2006 @@ -16,6 +16,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. */ +#include "config.h" + +#ifndef HAVE_DOSISH_SYSTEM + #include #include #include @@ -220,7 +224,7 @@ die ("parent and child got the same nonce\n"); } - +#endif // HAVE_DOSISH_SYSTEM @@ -228,6 +232,7 @@ int main (int argc, char **argv) { +#ifndef HAVE_DOSISH_SYSTEM int debug = 0; if ((argc > 1) && (! strcmp (argv[1], "--verbose"))) @@ -248,5 +253,7 @@ check_forking (); check_nonce_forking (); +#endif // HAVE_DOSISH_SYSTEM + return 0; } From marcus.brinkmann at ruhr-uni-bochum.de Sun Apr 23 21:04:39 2006 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: Sun Apr 23 21:04:29 2006 Subject: [patch] {ksba} change to ksba.h for building with C++ In-Reply-To: <200604141053.07296.bradh@frogmouth.net> References: <200604141053.07296.bradh@frogmouth.net> Message-ID: <87slo4glko.wl%marcus.brinkmann@ruhr-uni-bochum.de> At Fri, 14 Apr 2006 10:53:02 +1000, Brad Hards wrote: > I'm trying to use KSBA from a C++ application. It doesn't like "this" as a > parameter name. > > Patch is enclosed. This patch also corrects a couple of typos in unrelated > comments. > > Please apply to KSBA. Done. Thanks for your help! 2006-04-23 Brad Hards (mb) * ksba.h (ksba_crl_get_update_times): Rename parameter to avoid collision with C++ keywords. * ksba.h: Fix typos. Marcus