[git] GnuPG - branch, master, updated. gnupg-2.1.11-107-gfc30c07
by Werner Koch
cvs at cvs.gnupg.org
Tue Mar 22 20:25:22 CET 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via fc30c079a348436868968850dabf653b91f82419 (commit)
via 7f919063d3e426104fe58ae779a9a066140014c1 (commit)
from af9a4afbf0b518c8acff98e50135b2beb6c722c3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fc30c079a348436868968850dabf653b91f82419
Author: Werner Koch <wk at gnupg.org>
Date: Tue Mar 22 20:24:52 2016 +0100
gpg: Improve message when asking for key capabilities.
* g10/keygen.c (ask_key_flags): Improve message.
--
Because the curve is only selected after the capabilities are queried
we do not know whether ECDSA or EdDSA will eventually be used. When
printing the possible capabilities we now use print "ECDSA/EdDSA" for
the algorithm.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keygen.c b/g10/keygen.c
index 9cfa5f7..a7d7d27 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1658,7 +1658,7 @@ print_key_flags(int flags)
}
-/* Ask for the key flags and return them. CURRENT gives the curren
+/* Ask for the key flags and return them. CURRENT gives the current
* usage which should normally be given as 0. */
unsigned int
ask_key_flags (int algo, int subkey, unsigned int current)
@@ -1673,10 +1673,10 @@ ask_key_flags (int algo, int subkey, unsigned int current)
a = Toggle authentication capability
q = Finish
*/
- const char *togglers=_("SsEeAaQq");
- char *answer=NULL;
+ const char *togglers = _("SsEeAaQq");
+ char *answer = NULL;
const char *s;
- unsigned int possible=openpgp_pk_algo_usage(algo);
+ unsigned int possible = openpgp_pk_algo_usage(algo);
if ( strlen(togglers) != 8 )
{
@@ -1701,7 +1701,9 @@ ask_key_flags (int algo, int subkey, unsigned int current)
{
tty_printf("\n");
tty_printf(_("Possible actions for a %s key: "),
- openpgp_pk_algo_name (algo));
+ (algo == PUBKEY_ALGO_ECDSA
+ || algo == PUBKEY_ALGO_EDDSA)
+ ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo));
print_key_flags(possible);
tty_printf("\n");
tty_printf(_("Current allowed actions: "));
commit 7f919063d3e426104fe58ae779a9a066140014c1
Author: Werner Koch <wk at gnupg.org>
Date: Tue Mar 22 19:55:25 2016 +0100
gpg: Remove the extra prompt for Curve25519.
* g10/keygen.c (MY_USE_ECDSADH): New macro local to ask_curve.
(ask_curve): Use a fixed table of curve names and reserve a slot for
Curve448. Simplify CurveNNNN/EdNNNN switching.
(ask_curve): Remove the Curve25519 is non-standard prompt.
--
Given that ECC generation is only available in export mode and that
gpg will in any case support our current ed2559/cv25519 definition the
extra prompt does not make anymore sense.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keygen.c b/g10/keygen.c
index 1cf8648..9cfa5f7 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -2143,26 +2143,32 @@ ask_keysize (int algo, unsigned int primary_keysize)
static char *
ask_curve (int *algo, int *subkey_algo)
{
+ /* NB: We always use a complete algo list so that we have stable
+ numbers in the menu regardless on how Gpg was configured. */
struct {
const char *name;
- int available;
+ int available; /* Available in Libycrypt (runtime checked) */
int expert_only;
- int fix_curve;
+ const char* eddsa_curve; /* Corresponding EdDSA curve. */
const char *pretty_name;
+ int supported; /* Supported by gpg. */
} curves[] = {
-#if GPG_USE_EDDSA
- { "Curve25519", 0, 0, 1, "Curve 25519" },
-#endif
#if GPG_USE_ECDSA || GPG_USE_ECDH
- { "NIST P-256", 0, 1, 0, },
- { "NIST P-384", 0, 0, 0, },
- { "NIST P-521", 0, 1, 0, },
- { "brainpoolP256r1", 0, 1, 0, "Brainpool P-256" },
- { "brainpoolP384r1", 0, 1, 0, "Brainpool P-384" },
- { "brainpoolP512r1", 0, 1, 0, "Brainpool P-512" },
- { "secp256k1", 0, 1, 0 },
+# define MY_USE_ECDSADH 1
+#else
+# define MY_USE_ECDSADH 0
#endif
+ { "Curve25519", 0, 0, "Ed25519", "Curve 25519", GPG_USE_EDDSA },
+ { "Curve448", 0, 1, "Ed448", "Curve 448", 0/*reserved*/ },
+ { "NIST P-256", 0, 1, NULL, NULL, MY_USE_ECDSADH },
+ { "NIST P-384", 0, 0, NULL, NULL, MY_USE_ECDSADH },
+ { "NIST P-521", 0, 1, NULL, NULL, MY_USE_ECDSADH },
+ { "brainpoolP256r1", 0, 1, NULL, "Brainpool P-256", MY_USE_ECDSADH },
+ { "brainpoolP384r1", 0, 1, NULL, "Brainpool P-384", MY_USE_ECDSADH },
+ { "brainpoolP512r1", 0, 1, NULL, "Brainpool P-512", MY_USE_ECDSADH },
+ { "secp256k1", 0, 1, NULL, NULL, MY_USE_ECDSADH },
};
+#undef MY_USE_ECDSADH
int idx;
char *answer;
char *result = NULL;
@@ -2170,32 +2176,32 @@ ask_curve (int *algo, int *subkey_algo)
tty_printf (_("Please select which elliptic curve you want:\n"));
- again:
keyparms = NULL;
for (idx=0; idx < DIM(curves); idx++)
{
int rc;
curves[idx].available = 0;
+ if (!curves[idx].supported)
+ continue;
if (!opt.expert && curves[idx].expert_only)
continue;
- /* FIXME: The strcmp below is a temporary hack during
- development. It shall be removed as soon as we have proper
- Curve25519 support in Libgcrypt. */
+ /* We need to switch from the ECDH name of the curve to the
+ EDDSA name of the curve if we want a signing key. */
gcry_sexp_release (keyparms);
rc = gcry_sexp_build (&keyparms, NULL,
"(public-key(ecc(curve %s)))",
- (!strcmp (curves[idx].name, "Curve25519")
- ? "Ed25519" : curves[idx].name));
+ curves[idx].eddsa_curve? curves[idx].eddsa_curve
+ /**/ : curves[idx].name);
if (rc)
continue;
if (!gcry_pk_get_curve (keyparms, 0, NULL))
continue;
- if (subkey_algo && curves[idx].fix_curve)
+ if (subkey_algo && curves[idx].eddsa_curve)
{
- /* Both Curve 25519 keys are to be created. Check that
- Libgcrypt also supports the real Curve25519. */
+ /* Both Curve 25519 (or 448) keys are to be created. Check that
+ Libgcrypt also supports the real Curve25519 (or 448). */
gcry_sexp_release (keyparms);
rc = gcry_sexp_build (&keyparms, NULL,
"(public-key(ecc(curve %s)))",
@@ -2242,25 +2248,15 @@ ask_curve (int *algo, int *subkey_algo)
tty_printf (_("Invalid selection.\n"));
else
{
- if (curves[idx].fix_curve)
- {
- log_info ("WARNING: Curve25519 is not yet part of the"
- " OpenPGP standard.\n");
-
- if (!cpr_get_answer_is_yes("experimental_curve.override",
- "Use this curve anyway? (y/N) ") )
- goto again;
- }
-
/* If the user selected a signing algorithm and Curve25519
- we need to update the algo and and the curve name. */
+ we need to set the algo to EdDSA and update the curve name. */
if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
- && curves[idx].fix_curve)
+ && curves[idx].eddsa_curve)
{
if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
*subkey_algo = PUBKEY_ALGO_EDDSA;
*algo = PUBKEY_ALGO_EDDSA;
- result = xstrdup ("Ed25519");
+ result = xstrdup (curves[idx].eddsa_curve);
}
else
result = xstrdup (curves[idx].name);
-----------------------------------------------------------------------
Summary of changes:
g10/keygen.c | 76 +++++++++++++++++++++++++++++-------------------------------
1 file changed, 37 insertions(+), 39 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list