scd: Fix for Curve25519 prefix handling.

* scd/app-openpgp.c (do_decipher): More condition for AES decipher. Handle the prefix in cipher text. Always add the prefix in result.
2024-12-22 10:19:57 +01:00 · 2015-12-03 08:48:51 +09:00 · 2015-12-03 08:48:51 +09:00 · 11b2691edd
commit 11b2691edd
parent cedbd4709e
1 changed files with 26 additions and 1 deletions
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@ -4114,7 +4114,8 @@ do_decipher (app_t app, const char *keyidstr,
  if (rc)
    return rc;

-  if (indatalen == 16 + 1 || indatalen == 32 + 1)
+  if (indatalen == 16 + 1 || indatalen == 32 + 1
+      && ((char *)indata)[0] == 0x02)
    /* PSO:DECIPHER with symmetric key.  */
    padind = -1;
  else if (app->app_local->keyattr[1].key_type == KEY_TYPE_RSA)
@ -4172,6 +4173,16 @@ do_decipher (app_t app, const char *keyidstr,
    }
  else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
    {
+      if (app->app_local->keyattr[1].ecc.flags
+          && (indatalen%2))
+        { /*
+           * Skip the prefix.  It may be 0x40 (in new format), or MPI
+           * head of 0x00 (in old format).
+           */
+          indata++;
+          indatalen--;
+        }
+
      fixuplen = 7;
      fixbuf = xtrymalloc (fixuplen + indatalen);
      if (!fixbuf)
@ -4211,6 +4222,20 @@ do_decipher (app_t app, const char *keyidstr,
                         indata, indatalen, le_value, padind,
                         outdata, outdatalen);
  xfree (fixbuf);
+  if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC
+      && app->app_local->keyattr[1].ecc.flags)
+    { /* Add the prefix 0x40 */
+      fixbuf = xtrymalloc (*outdatalen + 1);
+      if (!fixbuf)
+        {
+          xfree (outdata);
+          return gpg_error_from_syserror ();
+        }
+      xfree (outdata);
+      outdata = fixbuf;
+      outdata[0] = 0x40;
+      *outdatalen = *outdatalen + 1;
+    }

  if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
      && app->app_local->manufacturer == 5