[git] GCRYPT - branch, master, updated. libgcrypt-1.5.0-370-g9f63c0f
by Werner Koch
cvs at cvs.gnupg.org
Fri Nov 8 10:24:49 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU crypto library".
The branch, master has been updated
via 9f63c0f7a3b2c15c7e258cd17395cabd0a8f00cc (commit)
via ed45fd2e60c88e2f005282e6eadd018b59dcf65b (commit)
from bfe4f6523b80bae0040328ef324b9000ee5b38a4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9f63c0f7a3b2c15c7e258cd17395cabd0a8f00cc
Author: Werner Koch <wk at gnupg.org>
Date: Fri Nov 8 10:07:40 2013 +0100
ecc: Implement the "nocomp" flag for key generation.
* cipher/ecc.c (ecc_generate): Support the "nocomp" flag.
* tests/keygen.c (check_ecc_keys): Add a test for it.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/cipher/ecc.c b/cipher/ecc.c
index f2a0e82..d62f555 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -483,7 +483,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx))
log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G");
base = _gcry_ecc_ec2os (x, y, sk.E.p);
- if (sk.E.dialect == ECC_DIALECT_ED25519)
+ if (sk.E.dialect == ECC_DIALECT_ED25519 && !(flags & PUBKEY_FLAG_NOCOMP))
{
unsigned char *encpk;
unsigned int encpklen;
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index dd65f9a..1619f0d 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -2232,11 +2232,15 @@ are known:
@table @code
@item comp
+ at itemx nocomp
@cindex comp
-If supported and not yet the default return ECC points in compact
-(compressed) representation. The compact representation requires a
-small overhead before a point can be used but halves the size of a to
-be conveyed public key.
+ at cindex nocomp
+If supported by the algorithm and curve the @code{comp} flag requests
+that points are returned in compact (compressed) representation. The
+ at code{nocomp} flag requests that points are returned with full
+coordinates. The default depends on the the algorithm and curve.
+The compact representation requires a small overhead before a point
+can be used but halves the size of a to be conveyed public key.
@item pkcs1
@cindex PKCS1
diff --git a/tests/keygen.c b/tests/keygen.c
index 4796b5c..48663d4 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -416,15 +416,16 @@ check_ecc_keys (void)
show_sexp ("ECC key:\n", key);
if (verbose)
- show ("creating ECC key using curve Ed25519 for ECDSA\n");
+ show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n");
rc = gcry_sexp_build (&keyparm, NULL,
- "(genkey(ecc(curve Ed25519)(flags)))");
+ "(genkey(ecc(curve Ed25519)(flags nocomp)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
- die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n",
+ die ("error generating ECC key using curve Ed25519 for ECDSA"
+ " (nocomp): %s\n",
gpg_strerror (rc));
if (verbose > 1)
commit ed45fd2e60c88e2f005282e6eadd018b59dcf65b
Author: Werner Koch <wk at gnupg.org>
Date: Fri Nov 8 09:53:32 2013 +0100
ecc: Make "noparam" the default and replace by "param".
* src/cipher.h (PUBKEY_FLAG_NOCOMP): New.
(PUBKEY_FLAG_NOPARAM): Remove.
(PUBKEY_FLAG_PARAM): New.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Support the new
flags and ignore the obsolete "noparam" flag.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Return the curve name
also for curves selected by NBITS.
(_gcry_mpi_ec_new): Support the "param" flag.
* cipher/ecc.c (ecc_generate, ecc_sign, ecc_verify): Ditto.
* tests/keygen.c (check_ecc_keys): Remove the "noparam" flag.
--
This is an API change but there are not many ECC users yet and adding
the "param" flag for those who really need the parameters (e.g. if
private keys have been stored without the curve name, it can easily be
added.
Note that no version of Libgcrypt with support for "noparam" has been
released but for the sake of projects already working with the master
version we don't bail out on "noparam".
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/NEWS b/NEWS
index 8010c37..d63ca96 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,9 @@ Noteworthy changes in version 1.6.0 (unreleased)
* The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now
deprecated. Use GCRY_PK_ECC if you need an algorithm id.
+ * Changed gcry_pk_genkey for "ecc" to only include the curve name and
+ not the parameters. The flag "param" may be used to revert this.
+
* Interface changes relative to the 1.5.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_ac_* REMOVED.
@@ -63,6 +66,7 @@ Noteworthy changes in version 1.6.0 (unreleased)
GCRYCTL_SET_IV REMOVED.
GCRYCTL_SET_CTR REMOVED.
GCRYCTL_DISABLE_ALGO CHANGED: Not anymore thread-safe.
+ gcry_pk_genkey CHANGED: ECC curve params not returned.
gcry_md_hash_buffers NEW.
gcry_buffer_t NEW.
GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 1bd3679..27d2d8e 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -380,7 +380,10 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
for (idx = 0; domain_parms[idx].desc; idx++)
if (nbits == domain_parms[idx].nbits
&& domain_parms[idx].model == MPI_EC_WEIERSTRASS)
- break;
+ {
+ resname = domain_parms[idx].desc;
+ break;
+ }
}
if (!domain_parms[idx].desc)
return GPG_ERR_UNKNOWN_CURVE;
@@ -671,7 +674,12 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
goto leave;
}
- if (!(flags & PUBKEY_FLAG_NOPARAM))
+ /* Check whether a curve name was given. */
+ l1 = gcry_sexp_find_token (keyparam, "curve", 5);
+
+ /* If we don't have a curve name or if override parameters have
+ explicitly been requested, parse them. */
+ if (!l1 || (flags & PUBKEY_FLAG_PARAM))
{
errc = mpi_from_keyparam (&p, keyparam, "p");
if (errc)
@@ -690,15 +698,13 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
goto leave;
}
}
+ else
+ l1 = NULL; /* No curvename. */
/* Check whether a curve parameter is available and use that to fill
in missing values. If no curve parameter is available try an
optional provided curvename. If only the curvename has been
given use that one. */
- if (keyparam)
- l1 = gcry_sexp_find_token (keyparam, "curve", 5);
- else
- l1 = NULL;
if (l1 || curvename)
{
char *name;
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 5578e05..f2a0e82 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -509,43 +509,43 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey)
goto leave;
}
- if ((flags & PUBKEY_FLAG_NOPARAM) || (flags & PUBKEY_FLAG_EDDSA))
+ if ((flags & PUBKEY_FLAG_PARAM) || (flags & PUBKEY_FLAG_EDDSA))
{
rc = gcry_sexp_build
(&curve_flags, NULL,
- ((flags & PUBKEY_FLAG_NOPARAM) && (flags & PUBKEY_FLAG_EDDSA))?
- "(flags noparam eddsa)" :
- ((flags & PUBKEY_FLAG_NOPARAM))?
- "(flags noparam)" :
+ ((flags & PUBKEY_FLAG_PARAM) && (flags & PUBKEY_FLAG_EDDSA))?
+ "(flags param eddsa)" :
+ ((flags & PUBKEY_FLAG_PARAM))?
+ "(flags param)" :
"(flags eddsa)");
if (rc)
goto leave;
}
- if ((flags & PUBKEY_FLAG_NOPARAM) && E.name)
+ if ((flags & PUBKEY_FLAG_PARAM) && E.name)
rc = gcry_sexp_build (r_skey, NULL,
"(key-data"
" (public-key"
- " (ecc%S%S(q%m)))"
+ " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))"
" (private-key"
- " (ecc%S%S(q%m)(d%m)))"
+ " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))"
" )",
curve_info, curve_flags,
- public,
+ sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public,
curve_info, curve_flags,
- public, secret);
+ sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret);
else
rc = gcry_sexp_build (r_skey, NULL,
"(key-data"
" (public-key"
- " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)))"
+ " (ecc%S%S(q%m)))"
" (private-key"
- " (ecc%S%S(p%m)(a%m)(b%m)(g%m)(n%m)(q%m)(d%m)))"
+ " (ecc%S%S(q%m)(d%m)))"
" )",
curve_info, curve_flags,
- sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public,
+ public,
curve_info, curve_flags,
- sk.E.p, sk.E.a, sk.E.b, base, sk.E.n, public, secret);
+ public, secret);
if (rc)
goto leave;
@@ -713,13 +713,13 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
/*
* Extract the key.
*/
- if ((ctx.flags & PUBKEY_FLAG_NOPARAM))
- rc = _gcry_sexp_extract_param (keyparms, NULL, "/q?+d",
- &mpi_q, &sk.d, NULL);
- else
+ if ((ctx.flags & PUBKEY_FLAG_PARAM))
rc = _gcry_sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d",
&sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n,
&mpi_q, &sk.d, NULL);
+ else
+ rc = _gcry_sexp_extract_param (keyparms, NULL, "/q?+d",
+ &mpi_q, &sk.d, NULL);
if (rc)
goto leave;
if (mpi_g)
@@ -878,13 +878,13 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
/*
* Extract the key.
*/
- if ((ctx.flags & PUBKEY_FLAG_NOPARAM))
- rc = _gcry_sexp_extract_param (s_keyparms, NULL, "/q",
- &mpi_q, NULL);
- else
+ if ((ctx.flags & PUBKEY_FLAG_PARAM))
rc = _gcry_sexp_extract_param (s_keyparms, NULL, "-p?a?b?g?n?/q",
&pk.E.p, &pk.E.a, &pk.E.b, &mpi_g, &pk.E.n,
&mpi_q, NULL);
+ else
+ rc = _gcry_sexp_extract_param (s_keyparms, NULL, "/q",
+ &mpi_q, NULL);
if (rc)
goto leave;
if (mpi_g)
diff --git a/cipher/pubkey-util.c b/cipher/pubkey-util.c
index a591c0d..3e0b5ef 100644
--- a/cipher/pubkey-util.c
+++ b/cipher/pubkey-util.c
@@ -113,6 +113,15 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
encoding = PUBKEY_ENC_PKCS1;
flags |= PUBKEY_FLAG_FIXEDLEN;
}
+ else if (!memcmp (s, "param", 5))
+ flags |= PUBKEY_FLAG_PARAM;
+ else if (!igninvflag)
+ rc = GPG_ERR_INV_FLAG;
+ break;
+
+ case 6:
+ if (!memcmp (s, "nocomp", 6))
+ flags |= PUBKEY_FLAG_NOCOMP;
else if (!igninvflag)
rc = GPG_ERR_INV_FLAG;
break;
@@ -121,7 +130,7 @@ _gcry_pk_util_parse_flaglist (gcry_sexp_t list,
if (!memcmp (s, "rfc6979", 7))
flags |= PUBKEY_FLAG_RFC6979;
else if (!memcmp (s, "noparam", 7))
- flags |= PUBKEY_FLAG_NOPARAM;
+ ; /* Ignore - it is the default. */
else if (!igninvflag)
rc = GPG_ERR_INV_FLAG;
break;
diff --git a/doc/gcrypt.texi b/doc/gcrypt.texi
index 03ace83..dd65f9a 100644
--- a/doc/gcrypt.texi
+++ b/doc/gcrypt.texi
@@ -2267,15 +2267,11 @@ order to prevent leaking of secret information. Blinding is only
implemented by RSA, but it might be implemented by other algorithms in
the future as well, when necessary.
- at item noparam
- at cindex noparam
-For ECC key generation do not return the domain parameters but only
-the name of the curve. For ECC signing and verification ignore any
-provided domain parameters of the public or private key and use only
-the curve name. It is more secure to rely on the curve name and thus
-use the curve parameters as known by Libgcrypt. This option should
-have been the default but for backward compatibility reasons this is
-not possible. It is best to always use this flag with ECC keys.
+ at item param
+ at cindex param
+For ECC key generation also return the domain parameters. For ECC
+signing and verification override default parameters by provided
+domain parameters of the public or private key.
@item transient-key
@cindex transient-key
@@ -2849,7 +2845,7 @@ is in general not recommended.
@example
(genkey
(ecc
- (flags noparam transient-key)))
+ (flags transient-key)))
@end example
@item transient-key
@@ -2894,12 +2890,12 @@ elliptic curve key generation:
(public-key
(ecc
(curve Ed25519)
- (flags noparam eddsa)
+ (flags eddsa)
(q @var{q-value})))
(private-key
(ecc
(curve Ed25519)
- (flags noparam eddsa)
+ (flags eddsa)
(q @var{q-value})
(d @var{d-value}))))
@end example
diff --git a/src/cipher.h b/src/cipher.h
index 5ac891e..d939ade 100644
--- a/src/cipher.h
+++ b/src/cipher.h
@@ -35,10 +35,11 @@
#define PUBKEY_FLAG_USE_X931 (1 << 6)
#define PUBKEY_FLAG_USE_FIPS186 (1 << 7)
#define PUBKEY_FLAG_USE_FIPS186_2 (1 << 8)
-#define PUBKEY_FLAG_NOPARAM (1 << 9)
+#define PUBKEY_FLAG_PARAM (1 << 9)
#define PUBKEY_FLAG_COMP (1 << 10)
-#define PUBKEY_FLAG_EDDSA (1 << 11)
-#define PUBKEY_FLAG_GOST (1 << 12)
+#define PUBKEY_FLAG_NOCOMP (1 << 11)
+#define PUBKEY_FLAG_EDDSA (1 << 12)
+#define PUBKEY_FLAG_GOST (1 << 13)
enum pk_operation
diff --git a/tests/keygen.c b/tests/keygen.c
index 5879393..4796b5c 100644
--- a/tests/keygen.c
+++ b/tests/keygen.c
@@ -376,11 +376,11 @@ check_ecc_keys (void)
show ("creating ECC key using curve %s\n", curves[testno]);
if (!strcmp (curves[testno], "Ed25519"))
rc = gcry_sexp_build (&keyparm, NULL,
- "(genkey(ecc(curve %s)(flags noparam eddsa)))",
+ "(genkey(ecc(curve %s)(flags eddsa)))",
curves[testno]);
else
rc = gcry_sexp_build (&keyparm, NULL,
- "(genkey(ecc(curve %s)(flags noparam)))",
+ "(genkey(ecc(curve %s)(flags )))",
curves[testno]);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
@@ -418,7 +418,7 @@ check_ecc_keys (void)
if (verbose)
show ("creating ECC key using curve Ed25519 for ECDSA\n");
rc = gcry_sexp_build (&keyparm, NULL,
- "(genkey(ecc(curve Ed25519)(flags noparam)))");
+ "(genkey(ecc(curve Ed25519)(flags)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
cipher/ecc-curves.c | 18 ++++++++++++------
cipher/ecc.c | 46 +++++++++++++++++++++++-----------------------
cipher/pubkey-util.c | 11 ++++++++++-
doc/gcrypt.texi | 32 ++++++++++++++++----------------
src/cipher.h | 7 ++++---
tests/keygen.c | 11 ++++++-----
7 files changed, 75 insertions(+), 54 deletions(-)
hooks/post-receive
--
The GNU crypto library
http://git.gnupg.org
More information about the Gnupg-commits
mailing list