[git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-266-gd5f9146
by Werner Koch
cvs at cvs.gnupg.org
Mon Sep 23 22:56:56 CEST 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via d5f91466695c5736f441c9bf1998436184a4bf61 (commit)
from 4552437bb3c5ff96a889fd31e4bc504b2a12fac7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d5f91466695c5736f441c9bf1998436184a4bf61
Author: Werner Koch <wk at gnupg.org>
Date: Sat Sep 7 10:06:46 2013 +0200
pk: Add algo id GCRY_PK_ECC and deprecate ECDSA and ECDH.
* src/gcrypt.h.in (GCRY_PK_ECC): New.
* cipher/pubkey.c (map_algo): New.
(spec_from_algo, gcry_pk_get_param, _gcry_pk_selftest): Use it.
* cipher/ecc.c (selftests_ecdsa): Report using GCRY_PK_ECC.
(run_selftests): Simplify.
(ecdh_names, ecdsa_names): Merge into a new ecc_names.
(_gcry_pubkey_spec_ecdh, _gcry_pubkey_spec_ecdsa): Merge into new
_gcry_pubkey_spec_ecc.
--
The algo ids are actually a relict from Libgcrypt's former life as
GnuPG's crypto code. They don't make much sense anymore and are often
not needed.
This patch requires some changes to the GnuPG 2.1 code (which has
still not been released). For example the secret key transfer between
gpg and gpg-agent (gpg --export and gpg --import). Fortunately this
will also require to add usage flags to the secret key storage of
gpg-agent which is is something we should have done a long time ago.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index 678805d..1e84cbe 100644
--- a/NEWS
+++ b/NEWS
@@ -36,6 +36,9 @@ Noteworthy changes in version 1.6.0 (unreleased)
* Added support for negative numbers to gcry_mpi_print,
gcry_mpi_aprint and gcry_mpi_scan.
+ * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
+ deprecated. Use GCRY_PK_ECC instead.
+
* Interface changes relative to the 1.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_ac_* REMOVED.
@@ -103,6 +106,7 @@ Noteworthy changes in version 1.6.0 (unreleased)
GCRY_MD_STRIBOG256 NEW.
GCRY_MD_STRIBOG512 NEW.
GCRYCTL_DISABLE_ALGO CHANGED: Not anymore thread-safe.
+ GCRY_PK_ECC NEW.
Noteworthy changes in version 1.5.0 (2011-06-29)
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 2161b64..d31b4be 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1965,7 +1965,7 @@ selftests_ecdsa (selftest_report_func_t report)
failed:
if (report)
- report ("pubkey", GCRY_PK_ECDSA, what, errtxt);
+ report ("pubkey", GCRY_PK_ECC, what, errtxt);
return GPG_ERR_SELFTEST_FAILED;
}
@@ -1974,72 +1974,38 @@ selftests_ecdsa (selftest_report_func_t report)
static gpg_err_code_t
run_selftests (int algo, int extended, selftest_report_func_t report)
{
- gpg_err_code_t ec;
-
(void)extended;
- switch (algo)
- {
- case GCRY_PK_ECDSA:
- ec = selftests_ecdsa (report);
- break;
- default:
- ec = GPG_ERR_PUBKEY_ALGO;
- break;
+ if (algo != GCRY_PK_ECC)
+ return GPG_ERR_PUBKEY_ALGO;
- }
- return ec;
+ return selftests_ecdsa (report);
}
�
-static const char *ecdsa_names[] =
+static const char *ecc_names[] =
{
- "ecdsa",
- "eddsa",
"ecc",
- NULL,
- };
-static const char *ecdh_names[] =
- {
+ "ecdsa",
"ecdh",
- "ecc",
- NULL,
- };
-
-gcry_pk_spec_t _gcry_pubkey_spec_ecdsa =
- {
- GCRY_PK_ECDSA, { 0, 0 },
- GCRY_PK_USAGE_SIGN,
- "ECDSA", ecdsa_names,
- "pabgnq", "pabgnqd", "", "rs", "pabgnq",
- ecc_generate,
- ecc_check_secret_key,
- NULL,
+ "eddsa",
NULL,
- ecc_sign,
- ecc_verify,
- ecc_get_nbits,
- run_selftests,
- compute_keygrip,
- _gcry_ecc_get_param,
- _gcry_ecc_get_curve,
- _gcry_ecc_get_param_sexp
};
-gcry_pk_spec_t _gcry_pubkey_spec_ecdh =
+gcry_pk_spec_t _gcry_pubkey_spec_ecc =
{
- GCRY_PK_ECDH, { 0, 0 },
- GCRY_PK_USAGE_ENCR,
- "ECDH", ecdh_names,
- "pabgnq", "pabgnqd", "se", "", "pabgnq",
+ GCRY_PK_ECC, { 0, 0 },
+ (GCRY_PK_USAGE_SIGN | GCRY_PK_USAGE_ENCR),
+ "ECC", ecc_names,
+ "pabgnq", "pabgnqd", "sw", "rs", "pabgnq",
ecc_generate,
ecc_check_secret_key,
ecc_encrypt_raw,
ecc_decrypt_raw,
- NULL,
- NULL,
+ ecc_sign,
+ ecc_verify,
ecc_get_nbits,
run_selftests,
compute_keygrip,
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 99b9ba8..4738c29 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -38,8 +38,7 @@
static gcry_pk_spec_t *pubkey_list[] =
{
#if USE_ECC
- &_gcry_pubkey_spec_ecdsa,
- &_gcry_pubkey_spec_ecdh,
+ &_gcry_pubkey_spec_ecc,
#endif
#if USE_RSA
&_gcry_pubkey_spec_rsa,
@@ -55,6 +54,21 @@ static gcry_pk_spec_t *pubkey_list[] =
};
+static int
+map_algo (int algo)
+{
+ switch (algo)
+ {
+ case GCRY_PK_ECDSA:
+ case GCRY_PK_ECDH:
+ return GCRY_PK_ECC;
+ default:
+ return algo;
+ }
+}
+
+
+
/* Return the spec structure for the public key algorithm ALGO. For
an unknown algorithm NULL is returned. */
static gcry_pk_spec_t *
@@ -63,6 +77,8 @@ spec_from_algo (int algo)
int idx;
gcry_pk_spec_t *spec;
+ algo = map_algo (algo);
+
for (idx = 0; (spec = pubkey_list[idx]); idx++)
if (algo == spec->algo)
return spec;
@@ -2156,7 +2172,9 @@ gcry_pk_get_param (int algo, const char *name)
gcry_sexp_t result = NULL;
gcry_pk_spec_t *spec = NULL;
- if (algo != GCRY_PK_ECDSA && algo != GCRY_PK_ECDH)
+ algo = map_algo (algo);
+
+ if (algo != GCRY_PK_ECC)
return NULL;
spec = spec_from_name ("ecc");
@@ -2334,13 +2352,17 @@ gpg_error_t
_gcry_pk_selftest (int algo, int extended, selftest_report_func_t report)
{
gcry_err_code_t ec;
- gcry_pk_spec_t *spec = spec_from_algo (algo);
+ gcry_pk_spec_t *spec;
+ algo = map_algo (algo);
+ spec = spec_from_algo (algo);
if (spec && spec->selftest)
ec = spec->selftest (algo, extended, report);
else
{
ec = GPG_ERR_PUBKEY_ALGO;
+ /* Fixme: We need to change the report fucntion to allow passing
+ of an encryption mode (e.g. pkcs1, ecdsa, or ecdh). */
if (report)
report ("pubkey", algo, "module",
spec && !spec->flags.disabled?
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 4c1485c..5d1be8d 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -2124,9 +2124,10 @@ The point representing the public key @math{Q = dG}.
The private key @math{d}
@end table
-All point values are encoded in standard format; Libgcrypt does
-currently only support uncompressed points, thus the first byte needs to
-be @code{0x04}.
+All point values are encoded in standard format; Libgcrypt does in
+general only support uncompressed points, thus the first byte needs to
+be @code{0x04}. However ``EdDSA'' describes its own compression
+scheme which is used by default.
The public key is similar with "private-key" replaced by "public-key"
and no @var{d-mpi}.
@@ -2200,6 +2201,10 @@ for signing.
Use RSA-OAEP padding for encryption.
@item pss
Use RSA-PSS padding for signing.
+ at item eddsa
+Use the EdDSA scheme instead of ECDSA.
+ at item rfc6979
+For DSA and ECDSA use a deterministic scheme for the k parameter.
@item no-blinding
Do not use a technique called `blinding', which is used by default in
order to prevent leaking of secret information. Blinding is only
@@ -2680,11 +2685,11 @@ are allowed. When specifying Q all values of N in the range 512 to
15680 are valid as long as they are multiples of 8.
@item transient-key
-This is only meaningful for RSA, DSA, ECDSA, and ECDH keys. This is a flag
+This is only meaningful for RSA, DSA, and ECC keys. This is a flag
with no value. If given the key is created using a faster and a
-somewhat less secure random number generator. This flag may be used for
-keys which are only used for a short time or per-message and do not require full
-cryptographic strength.
+somewhat less secure random number generator. This flag may be used
+for keys which are only used for a short time or per-message and do
+not require full cryptographic strength.
@item domain
This is only meaningful for DLP algorithms. If specified keys are
diff --git a/src/cipher.h b/src/cipher.h
index e3a2fe0..ea7a141 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -240,8 +240,7 @@ extern gcry_pk_spec_t _gcry_pubkey_spec_rsa;
extern gcry_pk_spec_t _gcry_pubkey_spec_elg;
extern gcry_pk_spec_t _gcry_pubkey_spec_elg_e;
extern gcry_pk_spec_t _gcry_pubkey_spec_dsa;
-extern gcry_pk_spec_t _gcry_pubkey_spec_ecdsa;
-extern gcry_pk_spec_t _gcry_pubkey_spec_ecdh;
+extern gcry_pk_spec_t _gcry_pubkey_spec_ecc;
#endif /*G10_CIPHER_H*/
diff --git a/src/fips.c b/src/fips.c
index e45baba..11b2caa 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -546,7 +546,7 @@ run_pubkey_selftests (int extended)
{
GCRY_PK_RSA,
GCRY_PK_DSA,
- /* GCRY_PK_ECDSA is not enabled in fips mode. */
+ /* GCRY_PK_ECC is not enabled in fips mode. */
0
};
int idx;
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 3634c24..62c9721 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -978,9 +978,10 @@ enum gcry_pk_algos
GCRY_PK_RSA_S = 3, /* (deprecated) */
GCRY_PK_ELG_E = 16,
GCRY_PK_DSA = 17,
+ GCRY_PK_ECC = 18, /* Generic ECC. */
GCRY_PK_ELG = 20,
- GCRY_PK_ECDSA = 301,
- GCRY_PK_ECDH = 302
+ GCRY_PK_ECDSA = 301, /* (deprecated: use 18). */
+ GCRY_PK_ECDH = 302 /* (deprecated: use 18). */
};
/* Flags describing usage capabilities of a PK algorithm. */
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +++
cipher/ecc.c | 62 ++++++++++++------------------------------------------
cipher/pubkey.c | 30 +++++++++++++++++++++++---
doc/gcrypt.texi | 19 ++++++++++------
src/cipher.h | 3 +-
src/fips.c | 2 +-
src/gcrypt.h.in | 5 ++-
7 files changed, 61 insertions(+), 64 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
_______________________________________________
Gnupg-commits mailing list
Gnupg-commits at gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-commits
More information about the Gcrypt-devel
mailing list