triple DH

Werner Koch wk at
Thu May 21 17:05:31 CEST 2015

On Thu, 21 May 2015 13:36, christian at said:

> ECDHE nist_generate_key() calls 38x gcry_mpi_ec_mul_point via
> _gcry_ecc_ecdsa_sign and 77x via gcry_ecc_ecdsa_verify and 38x via
> gcry_ecc_eddsa_genkey

Frankly, I don't understand this report: Why is gcry_ecc_edddsa_genkey
reported - it is only used if you request an EdDSA key using the eddsa

Anyway, the tests take quite some time.  I have pushed another change:

    ecc: Add key generation flag "no-keytest".
    * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New.
    * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag
    "no-keytest".  Return an error for invalid flags of length 10.
    * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags
    set random level depending on flags.
    * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto.
    * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and
    remove var random_level.
    (nist_generate_key): Implement "no-keytest" flag.
    * tests/keygen.c (check_ecc_keys): Add tests for transient-key and
    After key creation we usually run a test to check whether the keys
    really work.  However for transient keys this might be too time
    consuming and given that a failed test would anyway abort the process
    the optional use of a flag to skip the test is appropriate.
    Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to
    create such a key.  This was measured by looping the last test from
    check_ecc_keys() 1000 times with and without the flag.
    Due to a bug in the flags parser unknown flags with a length of 10
    characters were not detected.  Thus the "no-keytest" flag can be
    employed by all software even for libraries before this.  That bug is
    however solved with this version.

I also pushed the tweak for the RNG which was discussed earlier this

If that improves things for you, shall I backport them to 1.6 ?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list