[git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-308-g537969f

by Werner Koch cvs at cvs.gnupg.org
Tue Oct 15 09:10:34 CEST 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  537969fbbb1104b8305a7edb331b7666d54eff2c (commit)
       via  d3a605d7827b8a73ef844e9e5183590bd6b1389a (commit)
       via  5be2345ddec4147e535d5b039ee74f84bcacf9e4 (commit)
       via  0cd551faa775ad5309a40629ae30bf86b75fca09 (commit)
      from  a951c061523e1c13f1358c9760fc3a9d787ab2d4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 537969fbbb1104b8305a7edb331b7666d54eff2c
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 15 09:08:31 2013 +0200

    ecc:  Support use of Ed25519 with ECDSA.
    
    * src/cipher.h (PUBKEY_FLAG_ECDSA): New.
    * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "ecdsa".
    * cipher/ecc.c (verify_ecdsa, verify_eddsa): Remove some debug output.
    (ecc_generate, ecc_sign, ecc_verify): Support Ed25519 with ECDSA.
    * tests/keygen.c (check_ecc_keys): Create such a test key.
    * tests/pubkey.c (fail, info, data_from_hex, extract_cmp_data): New.
    Take from dsa-6979.c
    (check_ed25519ecdsa_sample_key): new.
    (main): Call new test.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index da384e8..3b75fea 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -558,13 +558,10 @@ verify_ecdsa (gcry_mpi_t input, ECC_public_key *pkey,
           log_mpidump ("     x", x);
           log_mpidump ("     r", r);
           log_mpidump ("     s", s);
-          log_debug ("ecc verify: Not verified\n");
         }
       err = GPG_ERR_BAD_SIGNATURE;
       goto leave;
     }
-  if (DBG_CIPHER)
-    log_debug ("ecc verify: Accepted\n");
 
  leave:
   _gcry_mpi_ec_free (ctx);
@@ -1208,14 +1205,10 @@ verify_eddsa (gcry_mpi_t input, ECC_public_key *pkey,
     goto leave;
   if (tlen != rlen || memcmp (tbuf, rbuf, tlen))
     {
-      if (DBG_CIPHER)
-        log_debug ("eddsa verify: Not verified\n");
       rc = GPG_ERR_BAD_SIGNATURE;
       goto leave;
     }
 
-  if (DBG_CIPHER)
-    log_debug ("eddsa verify: Accepted\n");
   rc = 0;
 
  leave:
@@ -1250,10 +1243,12 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   gcry_random_level_t random_level;
   mpi_ec_t ctx = NULL;
   gcry_sexp_t curve_info = NULL;
+  gcry_sexp_t curve_flags = NULL;
   gcry_mpi_t base = NULL;
   gcry_mpi_t public = NULL;
   gcry_mpi_t secret = NULL;
   int flags = 0;
+  int ed25519_with_ecdsa = 0;
 
   memset (&E, 0, sizeof E);
   memset (&sk, 0, sizeof sk);
@@ -1328,7 +1323,13 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       rc = nist_generate_key (&sk, &E, ctx, random_level, nbits);
       break;
     case ECC_DIALECT_ED25519:
-      rc = eddsa_generate_key (&sk, &E, ctx, random_level);
+      if ((flags & PUBKEY_FLAG_ECDSA))
+        {
+          ed25519_with_ecdsa = 1;
+          rc = nist_generate_key (&sk, &E, ctx, random_level, nbits);
+        }
+      else
+        rc = eddsa_generate_key (&sk, &E, ctx, random_level);
       break;
     default:
       rc = GPG_ERR_INTERNAL;
@@ -1341,7 +1342,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx))
     log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G");
   base = _gcry_ecc_ec2os (x, y, sk.E.p);
-  if (sk.E.dialect == ECC_DIALECT_ED25519)
+  if (sk.E.dialect == ECC_DIALECT_ED25519 && !ed25519_with_ecdsa)
     {
       unsigned char *encpk;
       unsigned int encpklen;
@@ -1367,16 +1368,23 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         goto leave;
     }
 
+  if (ed25519_with_ecdsa)
+    {
+      rc = gcry_sexp_build (&curve_info, NULL, "(flags ecdsa)");
+      if (rc)
+        goto leave;
+    }
+
   rc = gcry_sexp_build (r_skey, NULL,
                         "(key-data"
                         " (public-key"
-                        "  (ecc%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))"
+                        "  (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))"
                         " (private-key"
-                        "  (ecc%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))"
+                        "  (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))"
                         " )",
-                        curve_info,
+                        curve_info, curve_flags,
                         sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public,
-                        curve_info,
+                        curve_info, curve_flags,
                         sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret);
   if (rc)
     goto leave;
@@ -1390,6 +1398,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       log_printmpi ("ecgen result  n", sk.E.n);
       log_printmpi ("ecgen result  Q", public);
       log_printmpi ("ecgen result  d", secret);
+      if (ed25519_with_ecdsa)
+        log_debug ("ecgen result  using Ed25519/ECDSA\n");
     }
 
  leave:
@@ -1580,9 +1590,11 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
     }
   if (DBG_CIPHER)
     {
-      log_debug ("ecc_sign   info: %s/%s\n",
+      log_debug ("ecc_sign   info: %s/%s%s\n",
                  _gcry_ecc_model2str (sk.E.model),
-                 _gcry_ecc_dialect2str (sk.E.dialect));
+                 _gcry_ecc_dialect2str (sk.E.dialect),
+                 (sk.E.dialect == ECC_DIALECT_ED25519
+                  && (ctx.flags & PUBKEY_FLAG_ECDSA))? "ECDSA":"");
       if (sk.E.name)
         log_debug  ("ecc_sign   name: %s\n", sk.E.name);
       log_printmpi ("ecc_sign      p", sk.E.p);
@@ -1733,9 +1745,11 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
 
   if (DBG_CIPHER)
     {
-      log_debug ("ecc_verify info: %s/%s\n",
+      log_debug ("ecc_verify info: %s/%s%s\n",
                  _gcry_ecc_model2str (pk.E.model),
-                 _gcry_ecc_dialect2str (pk.E.dialect));
+                 _gcry_ecc_dialect2str (pk.E.dialect),
+                 (pk.E.dialect == ECC_DIALECT_ED25519
+                  && !(sigflags & PUBKEY_FLAG_EDDSA))? "/ECDSA":"");
       if (pk.E.name)
         log_debug  ("ecc_verify name: %s\n", pk.E.name);
       log_printmpi ("ecc_verify    p", pk.E.p);
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 3dfc027..caf715e 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -75,6 +75,10 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
           encoding = PUBKEY_ENC_RAW;
           flags |= PUBKEY_FLAG_EDDSA;
         }
+      else if (n == 5 && !memcmp (s, "ecdsa", 5))
+        {
+          flags |= PUBKEY_FLAG_ECDSA;
+        }
       else if (n == 3 && !memcmp (s, "raw", 3)
                && encoding == PUBKEY_ENC_UNKNOWN)
         {
diff --git a/src/cipher.h b/src/cipher.h
index b3469e5..077af98 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -28,14 +28,15 @@
 
 #define PUBKEY_FLAG_NO_BLINDING    (1 << 0)
 #define PUBKEY_FLAG_RFC6979        (1 << 1)
-#define PUBKEY_FLAG_EDDSA          (1 << 2)
-#define PUBKEY_FLAG_FIXEDLEN       (1 << 3)
-#define PUBKEY_FLAG_LEGACYRESULT   (1 << 4)
-#define PUBKEY_FLAG_RAW_FLAG       (1 << 5)
-#define PUBKEY_FLAG_TRANSIENT_KEY  (1 << 6)
-#define PUBKEY_FLAG_USE_X931       (1 << 7)
-#define PUBKEY_FLAG_USE_FIPS186    (1 << 8)
-#define PUBKEY_FLAG_USE_FIPS186_2  (1 << 9)
+#define PUBKEY_FLAG_FIXEDLEN       (1 << 2)
+#define PUBKEY_FLAG_LEGACYRESULT   (1 << 3)
+#define PUBKEY_FLAG_RAW_FLAG       (1 << 4)
+#define PUBKEY_FLAG_TRANSIENT_KEY  (1 << 5)
+#define PUBKEY_FLAG_USE_X931       (1 << 6)
+#define PUBKEY_FLAG_USE_FIPS186    (1 << 7)
+#define PUBKEY_FLAG_USE_FIPS186_2  (1 << 8)
+#define PUBKEY_FLAG_ECDSA          (1 << 9)
+#define PUBKEY_FLAG_EDDSA          (1 << 10)
 
 
 enum pk_operation
diff --git a/tests/keygen.c b/tests/keygen.c
index b955116..2b98c42 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -394,6 +394,23 @@ check_ecc_keys (void)
 
       gcry_sexp_release (key);
     }
+
+  if (verbose)
+    show ("creating ECC key using curve Ed25519 for ECDSA\n");
+  rc = gcry_sexp_build (&keyparm, NULL,
+                        "(genkey(ecc(curve Ed25519)(flags ecdsa)))");
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n",
+         gpg_strerror (rc));
+
+  if (verbose > 1)
+    show_sexp ("ECC key:\n", key);
+
+  gcry_sexp_release (key);
 }
 
 
diff --git a/tests/pubkey.c b/tests/pubkey.c
index baf234c..4dadf88 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -28,6 +28,18 @@
 
 #include "../src/gcrypt-int.h"
 
+#define my_isascii(c) (!((c) & 0x80))
+#define digitp(p)   (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a)                     \
+                      || (*(a) >= 'A' && *(a) <= 'F')  \
+                      || (*(a) >= 'a' && *(a) <= 'f'))
+#define xtoi_1(p)   (*(p) <= '9'? (*(p)- '0'): \
+                     *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p)   ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+#define DIM(v)		     (sizeof(v)/sizeof((v)[0]))
+#define DIMof(type,member)   DIM(((type *)0)->member)
+
+
 /* Sample RSA keys, taken from basic.c.  */
 
 static const char sample_private_key_1[] =
@@ -101,6 +113,7 @@ static const char sample_public_key_1[] =
 
 
 static int verbose;
+static int error_count;
 
 static void
 die (const char *format, ...)
@@ -116,6 +129,27 @@ die (const char *format, ...)
 }
 
 static void
+fail (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+  error_count++;
+}
+
+static void
+info (const char *format, ...)
+{
+  va_list arg_ptr;
+
+  va_start (arg_ptr, format);
+  vfprintf (stderr, format, arg_ptr);
+  va_end (arg_ptr);
+}
+
+static void
 show_sexp (const char *prefix, gcry_sexp_t a)
 {
   char *buf;
@@ -132,6 +166,59 @@ show_sexp (const char *prefix, gcry_sexp_t a)
 }
 
 
+/* Convert STRING consisting of hex characters into its binary
+   representation and return it as an allocated buffer. The valid
+   length of the buffer is returned at R_LENGTH.  The string is
+   delimited by end of string.  The function returns NULL on
+   error.  */
+static void *
+data_from_hex (const char *string, size_t *r_length)
+{
+  const char *s;
+  unsigned char *buffer;
+  size_t length;
+
+  buffer = gcry_xmalloc (strlen(string)/2+1);
+  length = 0;
+  for (s=string; *s; s +=2 )
+    {
+      if (!hexdigitp (s) || !hexdigitp (s+1))
+        die ("error parsing hex string `%s'\n", string);
+      ((unsigned char*)buffer)[length++] = xtoi_2 (s);
+    }
+  *r_length = length;
+  return buffer;
+}
+
+
+static void
+extract_cmp_data (gcry_sexp_t sexp, const char *name, const char *expected)
+{
+  gcry_sexp_t l1;
+  const void *a;
+  size_t alen;
+  void *b;
+  size_t blen;
+
+  l1 = gcry_sexp_find_token (sexp, name, 0);
+  a = gcry_sexp_nth_data (l1, 1, &alen);
+  b = data_from_hex (expected, &blen);
+  if (!a)
+    fail ("parameter \"%s\" missing in key\n", name);
+  else if ( alen != blen || memcmp (a, b, alen) )
+    {
+      fail ("parameter \"%s\" does not match expected value\n", name);
+      if (verbose)
+        {
+          info ("expected: %s\n", expected);
+          show_sexp ("sexp: ", sexp);
+        }
+    }
+  gcry_free (b);
+  gcry_sexp_release (l1);
+}
+
+
 static void
 check_keys_crypt (gcry_sexp_t pkey, gcry_sexp_t skey,
 		  gcry_sexp_t plain0, gpg_err_code_t decrypt_fail_code)
@@ -939,6 +1026,85 @@ check_ecc_sample_key (void)
 }
 
 
+static void
+check_ed25519ecdsa_sample_key (void)
+{
+  static const char ecc_private_key[] =
+    "(private-key\n"
+    " (ecc\n"
+    "  (curve \"Ed25519\")\n"
+    "  (q #044C056555BE4084BB3D8D8895FDF7C2893DFE0256251923053010977D12658321"
+    "        156D1ADDC07987713A418783658B476358D48D582DB53233D9DED3C1C2577B04#)"
+    "  (d #09A0C38E0F1699073541447C19DA12E3A07A7BFDB0C186E4AC5BCE6F23D55252#)"
+    "))";
+  static const char ecc_private_key_wo_q[] =
+    "(private-key\n"
+    " (ecc\n"
+    "  (curve \"Ed25519\")\n"
+    "  (d #09A0C38E0F1699073541447C19DA12E3A07A7BFDB0C186E4AC5BCE6F23D55252#)"
+    "))";
+  static const char ecc_public_key[] =
+    "(public-key\n"
+    " (ecc\n"
+    "  (curve \"Ed25519\")\n"
+    "  (q #044C056555BE4084BB3D8D8895FDF7C2893DFE0256251923053010977D12658321"
+    "        156D1ADDC07987713A418783658B476358D48D582DB53233D9DED3C1C2577B04#)"
+    "))";
+  static const char hash_string[] =
+    "(data (flags ecdsa rfc6979)\n"
+    " (hash sha256 #00112233445566778899AABBCCDDEEFF"
+    /* */          "000102030405060708090A0B0C0D0E0F#))";
+
+  gpg_error_t err;
+  gcry_sexp_t key, hash, sig;
+
+  if (verbose)
+    fprintf (stderr, "Checking sample Ed25519/ECDSA key.\n");
+
+  if ((err = gcry_sexp_new (&hash, hash_string, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+  if ((err = gcry_sexp_new (&key, ecc_private_key, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+  if ((err = gcry_pk_sign (&sig, hash, key)))
+    die ("gcry_pk_sign failed: %s", gpg_strerror (err));
+
+  gcry_sexp_release (key);
+  if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+  if ((err = gcry_pk_verify (sig, hash, key)))
+    die ("gcry_pk_verify failed: %s", gpg_strerror (err));
+
+  /* Now try signing without the Q parameter.  */
+
+  gcry_sexp_release (key);
+  if ((err = gcry_sexp_new (&key, ecc_private_key_wo_q, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+  gcry_sexp_release (sig);
+  if ((err = gcry_pk_sign (&sig, hash, key)))
+    die ("gcry_pk_sign without Q failed: %s", gpg_strerror (err));
+
+  gcry_sexp_release (key);
+  if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
+
+  if ((err = gcry_pk_verify (sig, hash, key)))
+    die ("gcry_pk_verify signed without Q failed: %s", gpg_strerror (err));
+
+  extract_cmp_data (sig, "r", ("a63123a783ef29b8276e08987daca4"
+                               "655d0179e22199bf63691fd88eb64e15"));
+  extract_cmp_data (sig, "s", ("0d9b45c696ab90b96b08812b485df185"
+                               "623ddaf5d02fa65ca5056cb6bd0f16f1"));
+
+  gcry_sexp_release (sig);
+  gcry_sexp_release (key);
+  gcry_sexp_release (hash);
+}
+
+
 int
 main (int argc, char **argv)
 {
@@ -969,6 +1135,7 @@ main (int argc, char **argv)
     check_x931_derived_key (i);
 
   check_ecc_sample_key ();
+  check_ed25519ecdsa_sample_key ();
 
-  return 0;
+  return !!error_count;
 }

commit d3a605d7827b8a73ef844e9e5183590bd6b1389a
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 14 19:48:10 2013 +0200

    pubkey: Support flags list in gcry_pk_genkey.
    
    * src/cipher.h (PUBKEY_FLAG_TRANSIENT_KEY): New.
    (PUBKEY_FLAG_USE_X931): New.
    (PUBKEY_FLAG_USE_FIPS186): New.
    (PUBKEY_FLAG_USE_FIPS186_2): New.
    * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Rename from
    parse_flags_list.  Parse new flags.
    * cipher/dsa.c (dsa_generate): Support flag list.
    * cipher/ecc.c (ecc_generate): Ditto.
    * cipher/rsa.c (rsa_generate): Ditto.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/dsa.c b/cipher/dsa.c
index f86ff15..e43bdf4 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -710,9 +710,7 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   gcry_sexp_t deriveparms = NULL;
   gcry_sexp_t seedinfo = NULL;
   gcry_sexp_t misc_info = NULL;
-  int transient_key = 0;
-  int use_fips186_2 = 0;
-  int use_fips186 = 0;
+  int flags = 0;
   dsa_domain_t domain;
   gcry_mpi_t *factors = NULL;
 
@@ -723,6 +721,16 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   if (rc)
     return rc;
 
+  /* Parse the optional flags list.  */
+  l1 = gcry_sexp_find_token (genparms, "flags", 0);
+  if (l1)
+    {
+      rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL);
+      gcry_sexp_release (l1);
+      if (rc)
+        return rc;\
+    }
+
   /* Parse the optional qbits element.  */
   l1 = gcry_sexp_find_token (genparms, "qbits", 0);
   if (l1)
@@ -744,28 +752,37 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
     }
 
   /* Parse the optional transient-key flag.  */
-  l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
-  if (l1)
+  if (!(flags & PUBKEY_FLAG_TRANSIENT_KEY))
     {
-      transient_key = 1;
-      gcry_sexp_release (l1);
+      l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+      if (l1)
+        {
+          flags |= PUBKEY_FLAG_TRANSIENT_KEY;
+          gcry_sexp_release (l1);
+        }
     }
 
   /* Get the optional derive parameters.  */
   deriveparms = gcry_sexp_find_token (genparms, "derive-parms", 0);
 
   /* Parse the optional "use-fips186" flags.  */
-  l1 = gcry_sexp_find_token (genparms, "use-fips186", 0);
-  if (l1)
+  if (!(flags & PUBKEY_FLAG_USE_FIPS186))
     {
-      use_fips186 = 1;
-      gcry_sexp_release (l1);
+      l1 = gcry_sexp_find_token (genparms, "use-fips186", 0);
+      if (l1)
+        {
+          flags |= PUBKEY_FLAG_USE_FIPS186;
+          gcry_sexp_release (l1);
+        }
     }
-  l1 = gcry_sexp_find_token (genparms, "use-fips186-2", 0);
-  if (l1)
+  if (!(flags & PUBKEY_FLAG_USE_FIPS186_2))
     {
-      use_fips186_2 = 1;
-      gcry_sexp_release (l1);
+      l1 = gcry_sexp_find_token (genparms, "use-fips186-2", 0);
+      if (l1)
+        {
+          flags |= PUBKEY_FLAG_USE_FIPS186_2;
+          gcry_sexp_release (l1);
+        }
     }
 
   /* Check whether domain parameters are given.  */
@@ -809,14 +826,18 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       qbits = mpi_get_nbits (domain.q);
     }
 
-  if (deriveparms || use_fips186 || use_fips186_2 || fips_mode ())
+  if (deriveparms
+      || (flags & PUBKEY_FLAG_USE_FIPS186)
+      || (flags & PUBKEY_FLAG_USE_FIPS186_2)
+      || fips_mode ())
     {
       int counter;
       void *seed;
       size_t seedlen;
       gcry_mpi_t h_value;
 
-      rc = generate_fips186 (&sk, nbits, qbits, deriveparms, use_fips186_2,
+      rc = generate_fips186 (&sk, nbits, qbits, deriveparms,
+                             !!(flags & PUBKEY_FLAG_USE_FIPS186_2),
                              &domain,
                              &counter, &seed, &seedlen, &h_value);
       if (!rc && h_value)
@@ -832,7 +853,9 @@ dsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
     }
   else
     {
-      rc = generate (&sk, nbits, qbits, transient_key, &domain, &factors);
+      rc = generate (&sk, nbits, qbits,
+                     !!(flags & PUBKEY_FLAG_TRANSIENT_KEY),
+                     &domain, &factors);
     }
 
   if (!rc)
diff --git a/cipher/ecc.c b/cipher/ecc.c
index bd4d253..da384e8 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1247,13 +1247,13 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   gcry_mpi_t y = NULL;
   char *curve_name = NULL;
   gcry_sexp_t l1;
-  int transient_key = 0;
   gcry_random_level_t random_level;
   mpi_ec_t ctx = NULL;
   gcry_sexp_t curve_info = NULL;
   gcry_mpi_t base = NULL;
   gcry_mpi_t public = NULL;
   gcry_mpi_t secret = NULL;
+  int flags = 0;
 
   memset (&E, 0, sizeof E);
   memset (&sk, 0, sizeof sk);
@@ -1276,10 +1276,20 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
   if (l1)
     {
-      transient_key = 1;
+      flags |= PUBKEY_FLAG_TRANSIENT_KEY;
       gcry_sexp_release (l1);
     }
 
+  /* Parse the optional flags list.  */
+  l1 = gcry_sexp_find_token (genparms, "flags", 0);
+  if (l1)
+    {
+      rc = _gcry_pk_util_parse_flaglist (l1, &flags, NULL);
+      gcry_sexp_release (l1);
+      if (rc)
+        goto leave;
+    }
+
   /* NBITS is required if no curve name has been given.  */
   if (!nbits && !curve_name)
     return GPG_ERR_NO_OBJ; /* No NBITS parameter. */
@@ -1303,7 +1313,11 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       log_printpnt ("ecgen curve G", &E.G, NULL);
     }
 
-  random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM;
+  if ((flags & PUBKEY_FLAG_TRANSIENT_KEY))
+    random_level = GCRY_STRONG_RANDOM;
+  else
+    random_level = GCRY_VERY_STRONG_RANDOM;
+
   ctx = _gcry_mpi_ec_p_internal_new (E.model, E.dialect, E.p, E.a, E.b);
   x = mpi_new (0);
   y = mpi_new (0);
diff --git a/cipher/pubkey-internal.h b/cipher/pubkey-internal.h
index 7e3667e..cb2721d 100644
--- a/cipher/pubkey-internal.h
+++ b/cipher/pubkey-internal.h
@@ -21,6 +21,9 @@
 #define GCRY_PUBKEY_INTERNAL_H
 
 /*-- pubkey-util.c --*/
+gpg_err_code_t _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
+                                             int *r_flags,
+                                             enum pk_encoding *r_encoding);
 gpg_err_code_t _gcry_pk_util_get_nbits (gcry_sexp_t list,
                                         unsigned int *r_nbits);
 gpg_err_code_t _gcry_pk_util_get_rsa_use_e (gcry_sexp_t list,
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 52d69cf..3dfc027 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -50,9 +50,9 @@ pss_verify_cmp (void *opaque, gcry_mpi_t tmp)
    R_ENCODING and the flags are stored at R_FLAGS.  if any of them is
    not needed, NULL may be passed.  The function returns 0 on success
    or an error code. */
-static gpg_err_code_t
-parse_flag_list (gcry_sexp_t list,
-                 int *r_flags, enum pk_encoding *r_encoding)
+gpg_err_code_t
+_gcry_pk_util_parse_flaglist (gcry_sexp_t list,
+                              int *r_flags, enum pk_encoding *r_encoding)
 {
   gpg_err_code_t rc = 0;
   const char *s;
@@ -101,6 +101,14 @@ parse_flag_list (gcry_sexp_t list,
         }
       else if (n == 11 && ! memcmp (s, "no-blinding", 11))
         flags |= PUBKEY_FLAG_NO_BLINDING;
+      else if (n == 13 && ! memcmp (s, "transient-key", 13))
+        flags |= PUBKEY_FLAG_TRANSIENT_KEY;
+      else if (n == 8 && ! memcmp (s, "use-x931", 8))
+        flags |= PUBKEY_FLAG_USE_X931;
+      else if (n == 11 && ! memcmp (s, "use-fips186", 11))
+        flags |= PUBKEY_FLAG_USE_FIPS186;
+      else if (n == 13 && ! memcmp (s, "use-fips186-2", 13))
+        flags |= PUBKEY_FLAG_USE_FIPS186_2;
       else
         rc = GPG_ERR_INV_FLAG;
     }
@@ -524,7 +532,7 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names,
       const char *s;
 
       /* There is a flags element - process it.  */
-      rc = parse_flag_list (l2, &parsed_flags, &ctx->encoding);
+      rc = _gcry_pk_util_parse_flaglist (l2, &parsed_flags, &ctx->encoding);
       if (rc)
         goto leave;
       if (ctx->encoding == PUBKEY_ENC_PSS)
@@ -701,12 +709,13 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
       return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ;
     }
 
-  /* see whether there is a flags object */
+  /* See whether there is a flags list.  */
   {
     gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);
     if (lflags)
       {
-        if (parse_flag_list (lflags, &parsed_flags, &ctx->encoding))
+        if (_gcry_pk_util_parse_flaglist (lflags,
+                                          &parsed_flags, &ctx->encoding))
           unknown_flag = 1;
         gcry_sexp_release (lflags);
       }
diff --git a/cipher/rsa.c b/cipher/rsa.c
index fc6bbe5..d4d2a0a 100644
--- a/cipher/rsa.c
+++ b/cipher/rsa.c
@@ -760,8 +760,7 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   unsigned long evalue;
   RSA_secret_key sk;
   gcry_sexp_t deriveparms;
-  int transient_key = 0;
-  int use_x931 = 0;
+  int flags = 0;
   gcry_sexp_t l1;
   gcry_sexp_t swap_info = NULL;
 
@@ -775,6 +774,16 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   if (ec)
     return ec;
 
+  /* Parse the optional flags list.  */
+  l1 = gcry_sexp_find_token (genparms, "flags", 0);
+  if (l1)
+    {
+      ec = _gcry_pk_util_parse_flaglist (l1, &flags, NULL);
+      gcry_sexp_release (l1);
+      if (ec)
+        return ec;
+    }
+
   deriveparms = (genparms?
                  gcry_sexp_find_token (genparms, "derive-parms", 0) : NULL);
   if (!deriveparms)
@@ -783,12 +792,12 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
       l1 = gcry_sexp_find_token (genparms, "use-x931", 0);
       if (l1)
         {
-          use_x931 = 1;
+          flags |= PUBKEY_FLAG_USE_X931;
           gcry_sexp_release (l1);
         }
     }
 
-  if (deriveparms || use_x931 || fips_mode ())
+  if (deriveparms || (flags & PUBKEY_FLAG_USE_X931) || fips_mode ())
     {
       int swapped;
       ec = generate_x931 (&sk, nbits, evalue, deriveparms, &swapped);
@@ -799,14 +808,18 @@ rsa_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   else
     {
       /* Parse the optional "transient-key" flag. */
-      l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
-      if (l1)
+      if (!(flags & PUBKEY_FLAG_TRANSIENT_KEY))
         {
-          transient_key = 1;
-          gcry_sexp_release (l1);
+          l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+          if (l1)
+            {
+              flags |= PUBKEY_FLAG_TRANSIENT_KEY;
+              gcry_sexp_release (l1);
+            }
         }
       /* Generate.  */
-      ec = generate_std (&sk, nbits, evalue, transient_key);
+      ec = generate_std (&sk, nbits, evalue,
+                         !!(flags & PUBKEY_FLAG_TRANSIENT_KEY));
     }
 
   if (!ec)
diff --git a/src/cipher.h b/src/cipher.h
index 28f5070..b3469e5 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -32,6 +32,11 @@
 #define PUBKEY_FLAG_FIXEDLEN       (1 << 3)
 #define PUBKEY_FLAG_LEGACYRESULT   (1 << 4)
 #define PUBKEY_FLAG_RAW_FLAG       (1 << 5)
+#define PUBKEY_FLAG_TRANSIENT_KEY  (1 << 6)
+#define PUBKEY_FLAG_USE_X931       (1 << 7)
+#define PUBKEY_FLAG_USE_FIPS186    (1 << 8)
+#define PUBKEY_FLAG_USE_FIPS186_2  (1 << 9)
+
 
 enum pk_operation
   {

commit 5be2345ddec4147e535d5b039ee74f84bcacf9e4
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 14 10:21:53 2013 +0200

    pubkey: Remove duplicated flag parsing code.
    
    * cipher/pubkey-util.c (_gcry_pk_util_preparse_encval)
    (_gcry_pk_util_data_to_mpi): Factor flag parsing code out to ..
    (parse_flag_list): New.
    * src/cipher.h (PUBKEY_FLAG_RAW_FLAG): New.
    --
    
    A minor disadvantage of that code is that invalid flags are not
    anymore detected depending on the use.  According to the documentation
    this is anyway the expected behavior.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 2838802..52d69cf 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -46,6 +46,74 @@ pss_verify_cmp (void *opaque, gcry_mpi_t tmp)
 }
 
 
+/* Parser for a flag list.  On return the encoding is stored at
+   R_ENCODING and the flags are stored at R_FLAGS.  if any of them is
+   not needed, NULL may be passed.  The function returns 0 on success
+   or an error code. */
+static gpg_err_code_t
+parse_flag_list (gcry_sexp_t list,
+                 int *r_flags, enum pk_encoding *r_encoding)
+{
+  gpg_err_code_t rc = 0;
+  const char *s;
+  size_t n;
+  int i;
+  int encoding = PUBKEY_ENC_UNKNOWN;
+  int flags = 0;
+
+  for (i=list?gcry_sexp_length (list)-1:0; i > 0; i--)
+    {
+      s = gcry_sexp_nth_data (list, i, &n);
+      if (!s)
+        ; /* not a data element*/
+      else if (n == 7 && !memcmp (s, "rfc6979", 7))
+        {
+          flags |= PUBKEY_FLAG_RFC6979;
+        }
+      else if (n == 5 && !memcmp (s, "eddsa", 5))
+        {
+          encoding = PUBKEY_ENC_RAW;
+          flags |= PUBKEY_FLAG_EDDSA;
+        }
+      else if (n == 3 && !memcmp (s, "raw", 3)
+               && encoding == PUBKEY_ENC_UNKNOWN)
+        {
+          encoding = PUBKEY_ENC_RAW;
+          flags |= PUBKEY_FLAG_RAW_FLAG; /* Explicitly given.  */
+        }
+      else if (n == 5 && !memcmp (s, "pkcs1", 5)
+               && encoding == PUBKEY_ENC_UNKNOWN)
+        {
+          encoding = PUBKEY_ENC_PKCS1;
+          flags |= PUBKEY_FLAG_FIXEDLEN;
+        }
+      else if (n == 4 && !memcmp (s, "oaep", 4)
+               && encoding == PUBKEY_ENC_UNKNOWN)
+        {
+          encoding = PUBKEY_ENC_OAEP;
+          flags |= PUBKEY_FLAG_FIXEDLEN;
+        }
+      else if (n == 3 && !memcmp (s, "pss", 3)
+               && encoding == PUBKEY_ENC_UNKNOWN)
+        {
+          encoding = PUBKEY_ENC_PSS;
+          flags |= PUBKEY_FLAG_FIXEDLEN;
+        }
+      else if (n == 11 && ! memcmp (s, "no-blinding", 11))
+        flags |= PUBKEY_FLAG_NO_BLINDING;
+      else
+        rc = GPG_ERR_INV_FLAG;
+    }
+
+  if (r_flags)
+    *r_flags = flags;
+  if (r_encoding)
+    *r_encoding = encoding;
+
+  return rc;
+}
+
+
 static int
 get_hash_algo (const char *s, size_t n)
 {
@@ -453,36 +521,16 @@ _gcry_pk_util_preparse_encval (gcry_sexp_t sexp, const char **algo_names,
 
   if (!strcmp (name, "flags"))
     {
-      /* There is a flags element - process it.  */
       const char *s;
 
-      for (i = gcry_sexp_length (l2) - 1; i > 0; i--)
+      /* There is a flags element - process it.  */
+      rc = parse_flag_list (l2, &parsed_flags, &ctx->encoding);
+      if (rc)
+        goto leave;
+      if (ctx->encoding == PUBKEY_ENC_PSS)
         {
-          s = gcry_sexp_nth_data (l2, i, &n);
-          if (! s)
-            ; /* Not a data element - ignore.  */
-          else if (n == 3 && !memcmp (s, "raw", 3)
-                   && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-            ctx->encoding = PUBKEY_ENC_RAW;
-          else if (n == 5 && !memcmp (s, "pkcs1", 5)
-                   && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-	    ctx->encoding = PUBKEY_ENC_PKCS1;
-          else if (n == 4 && !memcmp (s, "oaep", 4)
-                   && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-	    ctx->encoding = PUBKEY_ENC_OAEP;
-          else if (n == 3 && !memcmp (s, "pss", 3)
-                   && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-	    {
-	      rc = GPG_ERR_CONFLICT;
-	      goto leave;
-	    }
-          else if (n == 11 && !memcmp (s, "no-blinding", 11))
-            parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
-          else
-            {
-              rc = GPG_ERR_INV_FLAG;
-              goto leave;
-            }
+          rc = GPG_ERR_CONFLICT;
+          goto leave;
         }
 
       /* Get the OAEP parameters HASH-ALGO and LABEL, if any. */
@@ -640,12 +688,10 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
 {
   gcry_err_code_t rc = 0;
   gcry_sexp_t ldata, lhash, lvalue;
-  int i;
   size_t n;
   const char *s;
   int unknown_flag = 0;
   int parsed_flags = 0;
-  int explicit_raw = 0;
 
   *ret_mpi = NULL;
   ldata = gcry_sexp_find_token (input, "data", 0);
@@ -659,48 +705,9 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
   {
     gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);
     if (lflags)
-      { /* parse the flags list. */
-        for (i=gcry_sexp_length (lflags)-1; i > 0; i--)
-          {
-            s = gcry_sexp_nth_data (lflags, i, &n);
-            if (!s)
-              ; /* not a data element*/
-	    else if (n == 7 && !memcmp (s, "rfc6979", 7))
-	      parsed_flags |= PUBKEY_FLAG_RFC6979;
-	    else if (n == 5 && !memcmp (s, "eddsa", 5))
-              {
-                ctx->encoding = PUBKEY_ENC_RAW;
-                parsed_flags |= PUBKEY_FLAG_EDDSA;
-              }
-            else if ( n == 3 && !memcmp (s, "raw", 3)
-                      && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-              {
-                ctx->encoding = PUBKEY_ENC_RAW;
-                explicit_raw = 1;
-              }
-            else if ( n == 5 && !memcmp (s, "pkcs1", 5)
-                      && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-              {
-                ctx->encoding = PUBKEY_ENC_PKCS1;
-                parsed_flags |= PUBKEY_FLAG_FIXEDLEN;
-              }
-            else if ( n == 4 && !memcmp (s, "oaep", 4)
-                      && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-              {
-                ctx->encoding = PUBKEY_ENC_OAEP;
-                parsed_flags |= PUBKEY_FLAG_FIXEDLEN;
-              }
-            else if ( n == 3 && !memcmp (s, "pss", 3)
-                      && ctx->encoding == PUBKEY_ENC_UNKNOWN)
-              {
-                ctx->encoding = PUBKEY_ENC_PSS;
-                parsed_flags |= PUBKEY_FLAG_FIXEDLEN;
-              }
-	    else if (n == 11 && ! memcmp (s, "no-blinding", 11))
-	      parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
-            else
-              unknown_flag = 1;
-          }
+      {
+        if (parse_flag_list (lflags, &parsed_flags, &ctx->encoding))
+          unknown_flag = 1;
         gcry_sexp_release (lflags);
       }
   }
@@ -773,7 +780,8 @@ _gcry_pk_util_data_to_mpi (gcry_sexp_t input, gcry_mpi_t *ret_mpi,
       *ret_mpi = gcry_mpi_set_opaque (NULL, value, valuelen*8);
     }
   else if (ctx->encoding == PUBKEY_ENC_RAW && lhash
-           && (explicit_raw || (parsed_flags & PUBKEY_FLAG_RFC6979)))
+           && ((parsed_flags & PUBKEY_FLAG_RAW_FLAG)
+               || (parsed_flags & PUBKEY_FLAG_RFC6979)))
     {
       /* Raw encoding along with a hash element.  This is commonly
          used for DSA.  For better backward error compatibility we
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 4585a32..79d4d74 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -2181,33 +2181,78 @@ or @code{oid.}.
 @section Cryptographic Functions
 
 @noindent
-Note that we will in future allow to use keys without p,q and u
-specified and may also support other parameters for performance
-reasons.
-
- at noindent
-
-Some functions operating on S-expressions support `flags', that
-influence the operation.  These flags have to be listed in a
-sub-S-expression named `flags'; the following flags are known:
+Some functions operating on S-expressions support `flags' to influence
+the operation.  These flags have to be listed in a sub-S-expression
+named `flags'.  Flag names are case-sensitive.  The following flags
+are known:
 
 @table @code
 @item pkcs1
+ at cindex PKCS1
 Use PKCS#1 block type 2 padding for encryption, block type 1 padding
 for signing.
+
 @item oaep
+ at cindex OAEP
 Use RSA-OAEP padding for encryption.
+
 @item pss
+ at cindex PSS
 Use RSA-PSS padding for signing.
+
+ at item ecdsa
+ at cindex ECDSA
+Create an ECDSA public key instead of using the default key generation
+of the specified curve.
+
 @item eddsa
-Use the EdDSA scheme instead of ECDSA.
+ at cindex EdDSA
+Use the EdDSA scheme instead of the default signature algorithm of the
+used curve.
+
 @item rfc6979
+ at cindex RFC6979
 For DSA and ECDSA use a deterministic scheme for the k parameter.
+
 @item no-blinding
+ at cindex no-blinding
 Do not use a technique called `blinding', which is used by default in
 order to prevent leaking of secret information.  Blinding is only
 implemented by RSA, but it might be implemented by other algorithms in
 the future as well, when necessary.
+
+ at item transient-key
+ at cindex transient-key
+This flag is only meaningful for RSA, DSA, and ECC key generation.  If
+given the key is created using a faster and a somewhat less secure
+random number generator.  This flag may be used for keys which are
+only used for a short time or per-message and do not require full
+cryptographic strength.
+
+ at item use-x931
+ at cindex X9.31
+Force the use of the ANSI X9.31 key generation algorithm instead of
+the default algorithm. This flag is only meaningful for RSA key
+generation and usually not required.  Note that this algorithm is
+implicitly used if either @code{derive-parms} is given or Libgcrypt is
+in FIPS mode.
+
+ at item use-fips186
+ at cindex FIPS 186
+Force the use of the FIPS 186 key generation algorithm instead of the
+default algorithm.  This flag is only meaningful for DSA and usually
+not required.  Note that this algorithm is implicitly used if either
+ at code{derive-parms} is given or Libgcrypt is in FIPS mode.  As of now
+FIPS 186-2 is implemented; after the approval of FIPS 186-3 the code
+will be changed to implement 186-3.
+
+ at item use-fips186-2
+ at cindex FIPS 186-2
+Force the use of the FIPS 186-2 key generation algorithm instead of
+the default algorithm.  This algorithm is slighlty different from
+FIPS 186-3 and allows only 1024 bit keys.  This flag is only meaningful
+for DSA and only required for FIPS testing backward compatibility.
+
 @end table
 
 @noindent
@@ -2641,10 +2686,10 @@ default selection Libgcrypt would have taken if @code{nbits} has been
 given.  The available names are listed with the description of the ECC
 public key parameters.
 
- at item rsa-use-e
+ at item rsa-use-e @var{value}
 This is only used with RSA to give a hint for the public exponent. The
-value will be used as a base to test for a usable exponent. Some values
-are special:
+ at var{value} will be used as a base to test for a usable exponent. Some
+values are special:
 
 @table @samp
 @item 0
@@ -2662,10 +2707,10 @@ Use the given value.
 If this parameter is not used, Libgcrypt uses for historic reasons
 65537.
 
- at item qbits
+ at item qbits @var{n}
 This is only meanigful for DSA keys.  If it is given the DSA key is
-generated with a Q parameyer of this size.  If it is not given or zero
-Q is deduced from NBITS in this way:
+generated with a Q parameyer of size @var{n} bits.  If it is not given
+or zero Q is deduced from NBITS in this way:
 @table @samp
 @item 512 <= N <= 1024
 Q = 160
@@ -2682,14 +2727,7 @@ Note that in this case only the values for N, as given in the table,
 are allowed.  When specifying Q all values of N in the range 512 to
 15680 are valid as long as they are multiples of 8.
 
- at item transient-key
-This is only meaningful for RSA, DSA, and ECC keys.  This is a flag
-with no value.  If given the key is created using a faster and a
-somewhat less secure random number generator.  This flag may be used
-for keys which are only used for a short time or per-message and do
-not require full cryptographic strength.
-
- at item domain
+ at item domain @var{list}
 This is only meaningful for DLP algorithms.  If specified keys are
 generated with domain parameters taken from this list.  The exact
 format of this parameter depends on the actual algorithm.  It is
@@ -2707,7 +2745,7 @@ currently only implemented for DSA using this format:
 @code{nbits} and @code{qbits} may not be specified because they are
 derived from the domain parameters.
 
- at item derive-parms
+ at item derive-parms @var{list}
 This is currently only implemented for RSA and DSA keys.  It is not
 allowed to use this together with a @code{domain} specification.  If
 given, it is used to derive the keys using the given parameters.
@@ -2745,28 +2783,25 @@ FIPS 186 algorithm is used even if libgcrypt is not in FIPS mode.
 @end example
 
 
- at item use-x931
- at cindex X9.31
-Force the use of the ANSI X9.31 key generation algorithm instead of
-the default algorithm. This flag is only meaningful for RSA and
-usually not required.  Note that this algorithm is implicitly used if
-either @code{derive-parms} is given or Libgcrypt is in FIPS mode.
-
- at item use-fips186
- at cindex FIPS 186
-Force the use of the FIPS 186 key generation algorithm instead of the
-default algorithm.  This flag is only meaningful for DSA and usually
-not required.  Note that this algorithm is implicitly used if either
- at code{derive-parms} is given or Libgcrypt is in FIPS mode.  As of now
-FIPS 186-2 is implemented; after the approval of FIPS 186-3 the code
-will be changed to implement 186-3.
+ at item flags @var{flaglist}
+This is preferred way to define flags.  @var{flaglist} may contain any
+number of flags.  See above for a specification of these flags.
 
+Here is an example on how to create a key using curve Ed25519 with the
+ECDSA signature algorithm.  Note that the use of ECDSA with that curve
+is in general not recommended.
+ at example
+(genkey
+  (ecc
+    (flags transient-key ecdsa)))
+ at end example
 
- at item use-fips186-2
-Force the use of the FIPS 186-2 key generation algorithm instead of
-the default algorithm.  This algorithm is slighlty different from
-FIPS 186-3 and allows only 1024 bit keys.  This flag is only meaningful
-for DSA and only required for FIPS testing backward compatibility.
+ at item transient-key
+ at itemx use-x931
+ at itemx use-fips186
+ at itemx use-fips186-2
+These are deprecated ways to set a flag with that name; see above for
+a description of each flag.
 
 
 @end table
diff --git a/src/cipher.h b/src/cipher.h
index 3b7744a..28f5070 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -31,6 +31,7 @@
 #define PUBKEY_FLAG_EDDSA          (1 << 2)
 #define PUBKEY_FLAG_FIXEDLEN       (1 << 3)
 #define PUBKEY_FLAG_LEGACYRESULT   (1 << 4)
+#define PUBKEY_FLAG_RAW_FLAG       (1 << 5)
 
 enum pk_operation
   {

commit 0cd551faa775ad5309a40629ae30bf86b75fca09
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 14 08:09:31 2013 +0200

    mpicalc: Accept lowercase hex digits.
    
    * src/mpicalc.c (main): Test for lowercase hex digits.
    --
    
    This change is useful so to make use of Libgcrypt debug code easier.

diff --git a/src/mpicalc.c b/src/mpicalc.c
index dd85227..335b7c3 100644
--- a/src/mpicalc.c
+++ b/src/mpicalc.c
@@ -399,7 +399,9 @@ main (int argc, char **argv)
                 case '-':
 		  if ((c = my_getc ()) == '-')
 		    do_dec ();
-		  else if (isdigit (c) || (c >= 'A' && c <= 'F'))
+		  else if (isdigit (c)
+                           || (c >= 'A' && c <= 'F')
+                           || (c >= 'a' && c <= 'f'))
 		    {
 		      state = 1;
 		      ungetc (c, stdin);

-----------------------------------------------------------------------

Summary of changes:
 cipher/dsa.c             |   59 +++++++++++-----
 cipher/ecc.c             |   68 +++++++++++++------
 cipher/pubkey-internal.h |    3 +
 cipher/pubkey-util.c     |  167 +++++++++++++++++++++++++--------------------
 cipher/rsa.c             |   31 ++++++---
 doc/gcrypt.texi          |  125 ++++++++++++++++++++++------------
 src/cipher.h             |   13 +++-
 src/mpicalc.c            |    4 +-
 tests/keygen.c           |   17 +++++
 tests/pubkey.c           |  169 +++++++++++++++++++++++++++++++++++++++++++++-
 10 files changed, 486 insertions(+), 170 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits




More information about the Gcrypt-devel mailing list