[git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-348-gba6bffa

by Werner Koch cvs at cvs.gnupg.org
Tue Oct 29 15:02:44 CET 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".

The branch, master has been updated
       via  ba6bffafd17bea11985afc500022d66da261d59a (commit)
       via  c284f15db99e9cb135612de710199abb23baafd3 (commit)
       via  39ccf743a11ca349ecf00d086fef53135cc4fbe0 (commit)
       via  ba892a0a874c8b2a83dbf0940608cd7e2911ce01 (commit)
      from  1faa61845f180bd47e037e400dde2d864ee83c89 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit ba6bffafd17bea11985afc500022d66da261d59a
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 29 15:01:01 2013 +0100

    tests: Add feature to skip benchmarks.
    
    * tests/benchmark.c (main): Add feature to skip the test.
    * tests/bench-slope.c (main): Ditto.
    (get_slope): Repace C++ style comment.
    (double_cmp, cipher_bench, _hash_bench): Repalce system reserved
    symbols.
    --
    
    During development a quick run of the regression is often useful,
    however the benchmarks take a lot of time and thus this feature
    allows to skip theses tests.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tests/bench-slope.c b/tests/bench-slope.c
index 62543bc..5687bf1 100644
--- a/tests/bench-slope.c
+++ b/tests/bench-slope.c
@@ -239,7 +239,7 @@ get_slope (double (*const get_x) (unsigned int idx, void *priv),
       sumx += x;
       sumy += y;
       sumx2 += x * x;
-      //sumy2 += y * y;
+      /*sumy2 += y * y;*/
       sumxy += x * y;
     }
 
@@ -275,12 +275,12 @@ get_num_measurements (struct bench_obj *obj)
 
 
 static int
-double_cmp (const void *__a, const void *__b)
+double_cmp (const void *_a, const void *_b)
 {
   const double *a, *b;
 
-  a = __a;
-  b = __b;
+  a = _a;
+  b = _b;
 
   if (*a > *b)
     return 1;
@@ -847,7 +847,7 @@ cipher_bench_one (int algo, struct bench_cipher_mode *pmode)
 
 
 static void
-__cipher_bench (int algo)
+_cipher_bench (int algo)
 {
   const char *algoname;
   int i;
@@ -876,14 +876,14 @@ cipher_bench (char **argv, int argc)
 	{
 	  algo = gcry_cipher_map_name (argv[i]);
 	  if (algo)
-	    __cipher_bench (algo);
+	    _cipher_bench (algo);
 	}
     }
   else
     {
       for (i = 1; i < 400; i++)
 	if (!gcry_cipher_test_algo (i))
-	  __cipher_bench (i);
+	  _cipher_bench (i);
     }
 }
 
@@ -978,7 +978,7 @@ hash_bench_one (int algo, struct bench_hash_mode *pmode)
 }
 
 static void
-__hash_bench (int algo)
+_hash_bench (int algo)
 {
   int i;
 
@@ -1001,14 +1001,14 @@ hash_bench (char **argv, int argc)
 	{
 	  algo = gcry_md_map_name (argv[i]);
 	  if (algo)
-	    __hash_bench (algo);
+	    _hash_bench (algo);
 	}
     }
   else
     {
       for (i = 1; i < 400; i++)
 	if (!gcry_md_test_algo (i))
-	  __hash_bench (i);
+	  _hash_bench (i);
     }
 
   bench_print_footer ();
@@ -1064,6 +1064,11 @@ main (int argc, char **argv)
       argv++;
     }
 
+  /* We skip this test if we are running under the test suite (no args
+     and srcdir defined) and GCRYPT_NO_BENCHMARKS is set.  */
+  if (!argc && getenv ("srcdir") && getenv ("GCRYPT_NO_BENCHMARKS"))
+    exit (77);
+
   while (argc && last_argc != argc)
     {
       last_argc = argc;
diff --git a/tests/benchmark.c b/tests/benchmark.c
index d3ef1a2..8326ab2 100644
--- a/tests/benchmark.c
+++ b/tests/benchmark.c
@@ -1169,6 +1169,11 @@ main( int argc, char **argv )
   if (argc)
     { argc--; argv++; }
 
+  /* We skip this test if we are running under the test suite (no args
+     and srcdir defined) and GCRYPT_NO_BENCHMARKS is set.  */
+  if (!argc && getenv ("srcdir") && getenv ("GCRYPT_NO_BENCHMARKS"))
+    exit (77);
+
   while (argc && last_argc != argc )
     {
       last_argc = argc;

commit c284f15db99e9cb135612de710199abb23baafd3
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 29 14:36:58 2013 +0100

    ecc: Finish Ed25519/ECDSA hack.
    
    * cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case.
    (ecc_verify): Implement ED25519/ECDSA uncompression.
    --
    
    With this change Ed25519 may be used with ECDSA while using the
    Ed25519 standard compression technique.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 5a52829..752dfc1 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -498,7 +498,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
   if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx))
     log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G");
   base = _gcry_ecc_ec2os (x, y, sk.E.p);
-  if (sk.E.dialect == ECC_DIALECT_ED25519 && !ed25519_with_ecdsa)
+  if (sk.E.dialect == ECC_DIALECT_ED25519)
     {
       unsigned char *encpk;
       unsigned int encpklen;
@@ -978,7 +978,22 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
   else
     {
       point_init (&pk.Q);
-      rc = _gcry_ecc_os2ec (&pk.Q, mpi_q);
+      if (pk.E.dialect == ECC_DIALECT_ED25519)
+        {
+          mpi_ec_t ec;
+
+          /* Fixme: Factor the curve context setup out of eddsa_verify
+             and ecdsa_verify. So that we don't do it twice.  */
+          ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect,
+                                            pk.E.p, pk.E.a, pk.E.b);
+
+          rc = _gcry_ecc_eddsa_decodepoint (mpi_q, ec, &pk.Q, NULL, NULL);
+          _gcry_mpi_ec_free (ec);
+        }
+      else
+        {
+          rc = _gcry_ecc_os2ec (&pk.Q, mpi_q);
+        }
       if (rc)
         goto leave;
 
diff --git a/tests/pubkey.c b/tests/pubkey.c
index 4dadf88..e41050c 100644
--- a/tests/pubkey.c
+++ b/tests/pubkey.c
@@ -1050,6 +1050,12 @@ check_ed25519ecdsa_sample_key (void)
     "  (q #044C056555BE4084BB3D8D8895FDF7C2893DFE0256251923053010977D12658321"
     "        156D1ADDC07987713A418783658B476358D48D582DB53233D9DED3C1C2577B04#)"
     "))";
+  static const char ecc_public_key_comp[] =
+    "(public-key\n"
+    " (ecc\n"
+    "  (curve \"Ed25519\")\n"
+    "  (q #047b57c2c1d3ded93332b52d588dd45863478b658387413a718779c0dd1a6d95#)"
+    "))";
   static const char hash_string[] =
     "(data (flags ecdsa rfc6979)\n"
     " (hash sha256 #00112233445566778899AABBCCDDEEFF"
@@ -1061,38 +1067,49 @@ check_ed25519ecdsa_sample_key (void)
   if (verbose)
     fprintf (stderr, "Checking sample Ed25519/ECDSA key.\n");
 
+  /* Sign.  */
   if ((err = gcry_sexp_new (&hash, hash_string, 0, 1)))
     die ("line %d: %s", __LINE__, gpg_strerror (err));
-
   if ((err = gcry_sexp_new (&key, ecc_private_key, 0, 1)))
     die ("line %d: %s", __LINE__, gpg_strerror (err));
-
   if ((err = gcry_pk_sign (&sig, hash, key)))
     die ("gcry_pk_sign failed: %s", gpg_strerror (err));
 
+  /* Verify.  */
   gcry_sexp_release (key);
   if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1)))
     die ("line %d: %s", __LINE__, gpg_strerror (err));
-
   if ((err = gcry_pk_verify (sig, hash, key)))
     die ("gcry_pk_verify failed: %s", gpg_strerror (err));
 
-  /* Now try signing without the Q parameter.  */
+  /* Verify again using a compressed public key.  */
+  gcry_sexp_release (key);
+  if ((err = gcry_sexp_new (&key, ecc_public_key_comp, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
+  if ((err = gcry_pk_verify (sig, hash, key)))
+    die ("gcry_pk_verify failed (comp): %s", gpg_strerror (err));
 
+  /* Sign without a Q parameter.  */
   gcry_sexp_release (key);
   if ((err = gcry_sexp_new (&key, ecc_private_key_wo_q, 0, 1)))
     die ("line %d: %s", __LINE__, gpg_strerror (err));
-
   gcry_sexp_release (sig);
   if ((err = gcry_pk_sign (&sig, hash, key)))
-    die ("gcry_pk_sign without Q failed: %s", gpg_strerror (err));
+    die ("gcry_pk_sign w/o Q failed: %s", gpg_strerror (err));
 
+  /* Verify.  */
   gcry_sexp_release (key);
   if ((err = gcry_sexp_new (&key, ecc_public_key, 0, 1)))
     die ("line %d: %s", __LINE__, gpg_strerror (err));
+  if ((err = gcry_pk_verify (sig, hash, key)))
+    die ("gcry_pk_verify signed w/o Q failed: %s", gpg_strerror (err));
 
+  /* Verify again using a compressed public key.  */
+  gcry_sexp_release (key);
+  if ((err = gcry_sexp_new (&key, ecc_public_key_comp, 0, 1)))
+    die ("line %d: %s", __LINE__, gpg_strerror (err));
   if ((err = gcry_pk_verify (sig, hash, key)))
-    die ("gcry_pk_verify signed without Q failed: %s", gpg_strerror (err));
+    die ("gcry_pk_verify signed w/o Q failed (comp): %s", gpg_strerror (err));
 
   extract_cmp_data (sig, "r", ("a63123a783ef29b8276e08987daca4"
                                "655d0179e22199bf63691fd88eb64e15"));

commit 39ccf743a11ca349ecf00d086fef53135cc4fbe0
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Oct 29 11:27:58 2013 +0100

    Typo fix.
    
    --

diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c
index b598521..7c4f5ca 100644
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@@ -179,7 +179,7 @@ mpi_fromstr (gcry_mpi_t val, const char *str)
 /* Return an allocated buffer with the MPI (msb first).  NBYTES
    receives the length of this buffer.  If FILL_LE is not 0, the
    returned value is stored as little endian and right padded with
-   zeroes so that the returned buffer has at least LILL_LE bytes.
+   zeroes so that the returned buffer has at least FILL_LE bytes.
 
    Caller must free the return string.  This function returns an
    allocated buffer with NBYTES set to zero if the value of A is zero.

commit ba892a0a874c8b2a83dbf0940608cd7e2911ce01
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Oct 25 15:44:03 2013 +0200

    ecc: Add flags "noparam" and "comp".
    
    * src/cipher.h (PUBKEY_FLAG_NOPARAM, PUBKEY_FLAG_COMP): New.
    * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Parse new flags
    and change code for possible faster parsing.
    * cipher/ecc.c (ecc_generate): Implement the "noparam" flag.
    (ecc_sign): Ditto.
    (ecc_verify): Ditto.
    * tests/keygen.c (check_ecc_keys): Use the "noparam" flag.
    
    * cipher/ecc.c (ecc_generate): Fix parsing of the deprecated
    transient-flag parameter.
    (ecc_verify): Do not make Q optional in the extract-param call.
    --
    
    Note that the "comp" flag has not yet any effect.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/cipher/ecc.c b/cipher/ecc.c
index dca0423..5a52829 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -423,14 +423,6 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         return GPG_ERR_INV_OBJ; /* No curve name or value too large. */
     }
 
-  /* Parse the optional transient-key flag.  */
-  l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
-  if (l1)
-    {
-      flags |= PUBKEY_FLAG_TRANSIENT_KEY;
-      gcry_sexp_release (l1);
-    }
-
   /* Parse the optional flags list.  */
   l1 = gcry_sexp_find_token (genparms, "flags", 0);
   if (l1)
@@ -441,6 +433,14 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         goto leave;
     }
 
+  /* Parse the deprecated optional transient-key flag.  */
+  l1 = gcry_sexp_find_token (genparms, "transient-key", 0);
+  if (l1)
+    {
+      flags |= PUBKEY_FLAG_TRANSIENT_KEY;
+      gcry_sexp_release (l1);
+    }
+
   /* NBITS is required if no curve name has been given.  */
   if (!nbits && !curve_name)
     return GPG_ERR_NO_OBJ; /* No NBITS parameter. */
@@ -524,24 +524,43 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
         goto leave;
     }
 
-  if (ed25519_with_ecdsa)
+  if ((flags & PUBKEY_FLAG_NOPARAM) || ed25519_with_ecdsa)
     {
-      rc = gcry_sexp_build (&curve_flags, NULL, "(flags ecdsa)");
+      rc = gcry_sexp_build
+        (&curve_flags, NULL,
+         ((flags & PUBKEY_FLAG_NOPARAM) && ed25519_with_ecdsa)?
+         "(flags noparam ecdsa)" :
+         ((flags & PUBKEY_FLAG_NOPARAM))?
+         "(flags noparam)" :
+         "(flags ecdsa)");
       if (rc)
         goto leave;
     }
 
-  rc = gcry_sexp_build (r_skey, NULL,
-                        "(key-data"
-                        " (public-key"
-                        "  (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))"
-                        " (private-key"
-                        "  (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))"
-                        " )",
-                        curve_info, curve_flags,
-                        sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public,
-                        curve_info, curve_flags,
-                        sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret);
+  if ((flags & PUBKEY_FLAG_NOPARAM) && E.name)
+    rc = gcry_sexp_build (r_skey, NULL,
+                          "(key-data"
+                          " (public-key"
+                          "  (ecc%S%S(q%m)))"
+                          " (private-key"
+                          "  (ecc%S%S(q%m)(d%m)))"
+                          " )",
+                          curve_info, curve_flags,
+                          public,
+                          curve_info, curve_flags,
+                          public, secret);
+  else
+    rc = gcry_sexp_build (r_skey, NULL,
+                          "(key-data"
+                          " (public-key"
+                          "  (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))"
+                          " (private-key"
+                          "  (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))"
+                          " )",
+                          curve_info, curve_flags,
+                          sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public,
+                          curve_info, curve_flags,
+                          sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret);
   if (rc)
     goto leave;
 
@@ -709,9 +728,13 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   /*
    * Extract the key.
    */
-  rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d",
-                                 &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n,
-                                 &mpi_q, &sk.d, NULL);
+  if ((ctx.flags & PUBKEY_FLAG_NOPARAM))
+    rc = _gcry_sexp_extract_param (keyparms, NULL, "/q?+d",
+                                   &mpi_q, &sk.d, NULL);
+  else
+    rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d",
+                                   &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n,
+                                   &mpi_q, &sk.d, NULL);
   if (rc)
     goto leave;
   if (mpi_g)
@@ -871,9 +894,13 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
   /*
    * Extract the key.
    */
-  rc = _gcry_sexp_extract_param (s_keyparms, NULL, "-p?a?b?g?n?/q?",
-                                 &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n,
-                                 &mpi_q, NULL);
+  if ((ctx.flags & PUBKEY_FLAG_NOPARAM))
+    rc = _gcry_sexp_extract_param (s_keyparms, NULL, "/q",
+                                   &mpi_q, NULL);
+  else
+    rc = _gcry_sexp_extract_param (s_keyparms, NULL, "-p?a?b?g?n?/q",
+                                   &pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n,
+                                   &mpi_q, NULL);
   if (rc)
     goto leave;
   if (mpi_g)
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index 0db5840..88d6bb6 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -47,7 +47,7 @@ pss_verify_cmp (void *opaque, gcry_mpi_t tmp)
 
 
 /* Parser for a flag list.  On return the encoding is stored at
-   R_ENCODING and the flags are stored at R_FLAGS.  if any of them is
+   R_ENCODING and the flags are stored at R_FLAGS.  If any of them is
    not needed, NULL may be passed.  The function returns 0 on success
    or an error code. */
 gpg_err_code_t
@@ -65,61 +65,99 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
     {
       s = gcry_sexp_nth_data (list, i, &n);
       if (!s)
-        ; /* not a data element*/
-      else if (n == 7 && !memcmp (s, "rfc6979", 7))
-        {
-          flags |= PUBKEY_FLAG_RFC6979;
-        }
-      else if (n == 5 && !memcmp (s, "eddsa", 5))
-        {
-          encoding = PUBKEY_ENC_RAW;
-          flags |= PUBKEY_FLAG_EDDSA;
-        }
-      else if (n == 5 && !memcmp (s, "ecdsa", 5))
-        {
-          flags |= PUBKEY_FLAG_ECDSA;
-        }
-      else if (n == 4 && !memcmp (s, "gost", 4))
-        {
-          encoding = PUBKEY_ENC_RAW;
-          flags |= PUBKEY_FLAG_GOST;
-        }
-      else if (n == 3 && !memcmp (s, "raw", 3)
-               && encoding == PUBKEY_ENC_UNKNOWN)
-        {
-          encoding = PUBKEY_ENC_RAW;
-          flags |= PUBKEY_FLAG_RAW_FLAG; /* Explicitly given.  */
-        }
-      else if (n == 5 && !memcmp (s, "pkcs1", 5)
-               && encoding == PUBKEY_ENC_UNKNOWN)
-        {
-          encoding = PUBKEY_ENC_PKCS1;
-          flags |= PUBKEY_FLAG_FIXEDLEN;
-        }
-      else if (n == 4 && !memcmp (s, "oaep", 4)
-               && encoding == PUBKEY_ENC_UNKNOWN)
-        {
-          encoding = PUBKEY_ENC_OAEP;
-          flags |= PUBKEY_FLAG_FIXEDLEN;
-        }
-      else if (n == 3 && !memcmp (s, "pss", 3)
-               && encoding == PUBKEY_ENC_UNKNOWN)
+        continue; /* Not a data element. */
+
+      switch (n)
         {
-          encoding = PUBKEY_ENC_PSS;
-          flags |= PUBKEY_FLAG_FIXEDLEN;
+        case 3:
+          if (!memcmp (s, "pss", 3) && encoding == PUBKEY_ENC_UNKNOWN)
+            {
+              encoding = PUBKEY_ENC_PSS;
+              flags |= PUBKEY_FLAG_FIXEDLEN;
+            }
+          else if (!memcmp (s, "raw", 3) && encoding == PUBKEY_ENC_UNKNOWN)
+            {
+              encoding = PUBKEY_ENC_RAW;
+              flags |= PUBKEY_FLAG_RAW_FLAG; /* Explicitly given.  */
+            }
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        case 4:
+          if (!memcmp (s, "comp", 4))
+            flags |= PUBKEY_FLAG_COMP;
+          else if (!memcmp (s, "oaep", 4) && encoding == PUBKEY_ENC_UNKNOWN)
+            {
+              encoding = PUBKEY_ENC_OAEP;
+              flags |= PUBKEY_FLAG_FIXEDLEN;
+            }
+          else if (!memcmp (s, "gost", 4))
+            {
+              encoding = PUBKEY_ENC_RAW;
+              flags |= PUBKEY_FLAG_GOST;
+            }
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        case 5:
+          if (!memcmp (s, "eddsa", 5))
+            {
+              encoding = PUBKEY_ENC_RAW;
+              flags |= PUBKEY_FLAG_EDDSA;
+            }
+          else if (!memcmp (s, "ecdsa", 5))
+            {
+              flags |= PUBKEY_FLAG_ECDSA;
+            }
+          else if (!memcmp (s, "pkcs1", 5) && encoding == PUBKEY_ENC_UNKNOWN)
+            {
+              encoding = PUBKEY_ENC_PKCS1;
+              flags |= PUBKEY_FLAG_FIXEDLEN;
+            }
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        case 7:
+          if (!memcmp (s, "rfc6979", 7))
+            flags |= PUBKEY_FLAG_RFC6979;
+          else if (!memcmp (s, "noparam", 7))
+            flags |= PUBKEY_FLAG_NOPARAM;
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        case 8:
+          if (!memcmp (s, "use-x931", 8))
+            flags |= PUBKEY_FLAG_USE_X931;
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        case 11:
+          if (!memcmp (s, "no-blinding", 11))
+            flags |= PUBKEY_FLAG_NO_BLINDING;
+          else if (!memcmp (s, "use-fips186", 11))
+            flags |= PUBKEY_FLAG_USE_FIPS186;
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        case 13:
+          if (!memcmp (s, "use-fips186-2", 13))
+            flags |= PUBKEY_FLAG_USE_FIPS186_2;
+          else if (!memcmp (s, "transient-key", 13))
+            flags |= PUBKEY_FLAG_TRANSIENT_KEY;
+          else
+            rc = GPG_ERR_INV_FLAG;
+          break;
+
+        default:
+          rc = GPG_ERR_INV_FLAG;
+          break;
         }
-      else if (n == 11 && ! memcmp (s, "no-blinding", 11))
-        flags |= PUBKEY_FLAG_NO_BLINDING;
-      else if (n == 13 && ! memcmp (s, "transient-key", 13))
-        flags |= PUBKEY_FLAG_TRANSIENT_KEY;
-      else if (n == 8 && ! memcmp (s, "use-x931", 8))
-        flags |= PUBKEY_FLAG_USE_X931;
-      else if (n == 11 && ! memcmp (s, "use-fips186", 11))
-        flags |= PUBKEY_FLAG_USE_FIPS186;
-      else if (n == 13 && ! memcmp (s, "use-fips186-2", 13))
-        flags |= PUBKEY_FLAG_USE_FIPS186_2;
-      else
-        rc = GPG_ERR_INV_FLAG;
     }
 
   if (r_flags)
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 6dcb4b1..4a202dd 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -2230,6 +2230,14 @@ named `flags'.  Flag names are case-sensitive.  The following flags
 are known:
 
 @table @code
+
+ at item comp
+ at cindex comp
+If supported and not yet the default return ECC points in compact
+(compressed) representation.  The compact representation requires a
+small overhead before a point can be used but halves the size of a to
+be conveyed public key.
+
 @item pkcs1
 @cindex PKCS1
 Use PKCS#1 block type 2 padding for encryption, block type 1 padding
@@ -2264,6 +2272,16 @@ order to prevent leaking of secret information.  Blinding is only
 implemented by RSA, but it might be implemented by other algorithms in
 the future as well, when necessary.
 
+ at item noparam
+ at cindex noparam
+For ECC key generation do not return the domain parameters but only
+the name of the curve.  For ECC signing and verification ignore any
+provided domain parameters of the public or private key and use only
+the curve name.  It is more secure to rely on the curve name and thus
+use the curve parameters as known by Libgcrypt.  This option shouild
+have been the default but for backward compatibility reasons this is
+not possible.  It is best to always use this flag with ECC keys.
+
 @item transient-key
 @cindex transient-key
 This flag is only meaningful for RSA, DSA, and ECC key generation.  If
@@ -2836,7 +2854,7 @@ is in general not recommended.
 @example
 (genkey
   (ecc
-    (flags transient-key ecdsa)))
+    (flags noparam transient-key ecdsa)))
 @end example
 
 @item transient-key
@@ -2856,7 +2874,8 @@ private and public keys are returned in one container and may be
 accompanied by some miscellaneous information.
 
 @noindent
-As an example, here is what the Elgamal key generation returns:
+Here are two examples; the first for Elgamal and the second for
+elliptic curve key generation:
 
 @example
 (key-data
@@ -2875,6 +2894,21 @@ As an example, here is what the Elgamal key generation returns:
     (pm1-factors @var{n1 n2 ... nn}))
 @end example
 
+ at example
+(key-data
+  (public-key
+    (ecc
+      (curve Ed25519)
+      (flags noparam)
+      (q @var{q-value})))
+  (private-key
+    (ecc
+      (curve Ed25519)
+      (flags noparam)
+      (q @var{q-value})
+      (d @var{d-value}))))
+ at end example
+
 @noindent
 As you can see, some of the information is duplicated, but this
 provides an easy way to extract either the public or the private key.
diff --git a/src/cipher.h b/src/cipher.h
index 20818ba..551dc66 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -38,6 +38,8 @@
 #define PUBKEY_FLAG_ECDSA          (1 << 9)
 #define PUBKEY_FLAG_EDDSA          (1 << 10)
 #define PUBKEY_FLAG_GOST           (1 << 11)
+#define PUBKEY_FLAG_NOPARAM        (1 << 12)
+#define PUBKEY_FLAG_COMP           (1 << 12)
 
 
 enum pk_operation
diff --git a/tests/keygen.c b/tests/keygen.c
index 5ab8e9d..18fe211 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -375,7 +375,8 @@ check_ecc_keys (void)
       if (verbose)
         show ("creating ECC key using curve %s\n", curves[testno]);
       rc = gcry_sexp_build (&keyparm, NULL,
-                            "(genkey(ecc(curve %s)))", curves[testno]);
+                            "(genkey(ecc(curve %s)(flags noparam)))",
+                            curves[testno]);
       if (rc)
         die ("error creating S-expression: %s\n", gpg_strerror (rc));
       rc = gcry_pk_genkey (&key, keyparm);
@@ -410,6 +411,21 @@ check_ecc_keys (void)
   if (verbose > 1)
     show_sexp ("ECC key:\n", key);
 
+  if (verbose)
+    show ("creating ECC key using curve Ed25519 for ECDSA\n");
+  rc = gcry_sexp_build (&keyparm, NULL,
+                        "(genkey(ecc(curve Ed25519)(flags noparam ecdsa)))");
+  if (rc)
+    die ("error creating S-expression: %s\n", gpg_strerror (rc));
+  rc = gcry_pk_genkey (&key, keyparm);
+  gcry_sexp_release (keyparm);
+  if (rc)
+    die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n",
+         gpg_strerror (rc));
+
+  if (verbose > 1)
+    show_sexp ("ECC key:\n", key);
+
   gcry_sexp_release (key);
 }
 

-----------------------------------------------------------------------

Summary of changes:
 cipher/ecc.c         |  100 ++++++++++++++++++++++++----------
 cipher/pubkey-util.c |  146 +++++++++++++++++++++++++++++++-------------------
 doc/gcrypt.texi      |   38 ++++++++++++-
 mpi/mpicoder.c       |    2 +-
 src/cipher.h         |    2 +
 tests/bench-slope.c  |   25 +++++----
 tests/benchmark.c    |    5 ++
 tests/keygen.c       |   18 ++++++-
 tests/pubkey.c       |   31 ++++++++---
 9 files changed, 263 insertions(+), 104 deletions(-)


hooks/post-receive
-- 
The GNU crypto library
http://git.gnupg.org


_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits




More information about the Gcrypt-devel mailing list