1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

gpg: Support ECDH with v5 key.

* g10/ecdh.c (build_kdf_params): Use the first 20 octets.
* g10/pkglue.c (pk_encrypt): Remove length check to 20.
* g10/pubkey-enc.c (get_it): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2021-03-24 14:51:42 +09:00
parent a107b24ddb
commit 90a5b4e648
3 changed files with 10 additions and 10 deletions

View File

@ -129,6 +129,13 @@ extract_secret_x (byte **r_secret_x,
}
/* Build KDF parameters */
/* RFC 6637 defines the KDF parameters and its encoding in Section
8. EC DH Algorighm (ECDH). Since it was written for v4 key, it
said "20 octets representing a recipient encryption subkey or a
master key fingerprint". For v5 key, it is considered "adequate"
(in terms of NIST SP 800 56A, see 5.8.2 FixedInfo) to use the first
20 octets of its 32 octets fingerprint. */
static gpg_error_t
build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
gcry_mpi_t *pkey, const byte pk_fp[MAX_FINGERPRINT_LEN])
@ -150,7 +157,7 @@ build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
err = (err ? err : gpg_mpi_write_nohdr (obuf, pkey[2]));
/* fixed-length field 4 */
iobuf_write (obuf, "Anonymous Sender ", 20);
/* fixed-length field 5, recipient fp */
/* fixed-length field 5, recipient fp (or first 20 octets of fp) */
iobuf_write (obuf, pk_fp, 20);
if (!err)

View File

@ -419,7 +419,6 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
{
gcry_mpi_t public, result;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
byte *shared;
size_t nshared;
@ -436,9 +435,7 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
}
result = NULL;
fingerprint_from_pk (pk, fp, &fpn);
if (fpn != 20)
rc = gpg_error (GPG_ERR_INV_LENGTH);
fingerprint_from_pk (pk, fp, NULL);
if (!rc)
{

View File

@ -201,7 +201,6 @@ get_it (ctrl_t ctrl,
char *desc;
char *keygrip;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
if (DBG_CLOCK)
log_clock ("decryption start");
@ -245,10 +244,7 @@ get_it (ctrl_t ctrl,
goto leave;
if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
{
fingerprint_from_pk (sk, fp, &fpn);
log_assert (fpn == 20);
}
fingerprint_from_pk (sk, fp, NULL);
/* Decrypt. */
desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1);