From 2bddd947fd1c11b4ec461576db65a5e34fea1b07 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 21 May 2015 16:24:36 +0200 Subject: ecc: Add key generation flag "no-keytest". * src/cipher.h (PUBKEY_FLAG_NO_KEYTEST): New. * cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist): Add flag "no-keytest". Return an error for invalid flags of length 10. * cipher/ecc.c (nist_generate_key): Replace arg random_level by flags set random level depending on flags. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Ditto. * cipher/ecc.c (ecc_generate): Pass flags to generate fucntion and remove var random_level. (nist_generate_key): Implement "no-keytest" flag. * tests/keygen.c (check_ecc_keys): Add tests for transient-key and no-keytest. -- After key creation we usually run a test to check whether the keys really work. However for transient keys this might be too time consuming and given that a failed test would anyway abort the process the optional use of a flag to skip the test is appropriate. Using Ed25519 for EdDSA and the "no-keytest" flags halves the time to create such a key. This was measured by looping the last test from check_ecc_keys() 1000 times with and without the flag. Due to a bug in the flags parser unknown flags with a length of 10 characters were not detected. Thus the "no-keytest" flag can be employed by all software even for libraries before this. That bug is however solved with this version. Signed-off-by: Werner Koch --- src/cipher.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/cipher.h b/src/cipher.h index 7ad0b2cd..ef183fdc 100644 --- a/src/cipher.h +++ b/src/cipher.h @@ -40,6 +40,7 @@ #define PUBKEY_FLAG_NOCOMP (1 << 11) #define PUBKEY_FLAG_EDDSA (1 << 12) #define PUBKEY_FLAG_GOST (1 << 13) +#define PUBKEY_FLAG_NO_KEYTEST (1 << 14) enum pk_operation -- cgit v1.2.1