gpg: Support ECDH with v5 key.

* g10/ecdh.c (build_kdf_params): Use the first 20 octets. * g10/pkglue.c (pk_encrypt): Remove length check to 20. * g10/pubkey-enc.c (get_it): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-03-24 14:51:42 +09:00 · 2021-03-24 14:51:42 +09:00 · 90a5b4e648
parent a107b24ddb
commit 90a5b4e648
3 changed files with 10 additions and 10 deletions
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@ -129,6 +129,13 @@ extract_secret_x (byte **r_secret_x,
 }


+/* Build KDF parameters */
+/* RFC 6637 defines the KDF parameters and its encoding in Section
+   8. EC DH Algorighm (ECDH).  Since it was written for v4 key, it
+   said "20 octets representing a recipient encryption subkey or a
+   master key fingerprint".  For v5 key, it is considered "adequate"
+   (in terms of NIST SP 800 56A, see 5.8.2 FixedInfo) to use the first
+   20 octets of its 32 octets fingerprint.  */
 static gpg_error_t
 build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
                  gcry_mpi_t *pkey, const byte pk_fp[MAX_FINGERPRINT_LEN])
@ -150,7 +157,7 @@ build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
  err = (err ? err : gpg_mpi_write_nohdr (obuf, pkey[2]));
  /* fixed-length field 4 */
  iobuf_write (obuf, "Anonymous Sender    ", 20);
-  /* fixed-length field 5, recipient fp */
+  /* fixed-length field 5, recipient fp (or first 20 octets of fp) */
  iobuf_write (obuf, pk_fp, 20);

  if (!err)
--- a/g10/pkglue.c
+++ b/g10/pkglue.c
@ -419,7 +419,6 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
    {
      gcry_mpi_t public, result;
      byte fp[MAX_FINGERPRINT_LEN];
-      size_t fpn;
      byte *shared;
      size_t nshared;

@ -436,9 +435,7 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data,
        }

      result = NULL;
-      fingerprint_from_pk (pk, fp, &fpn);
-      if (fpn != 20)
-        rc = gpg_error (GPG_ERR_INV_LENGTH);
+      fingerprint_from_pk (pk, fp, NULL);

      if (!rc)
        {
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -201,7 +201,6 @@ get_it (ctrl_t ctrl,
  char *desc;
  char *keygrip;
  byte fp[MAX_FINGERPRINT_LEN];
-  size_t fpn;

  if (DBG_CLOCK)
    log_clock ("decryption start");
@ -245,10 +244,7 @@ get_it (ctrl_t ctrl,
    goto leave;

  if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
-    {
-      fingerprint_from_pk (sk, fp, &fpn);
-      log_assert (fpn == 20);
-    }
+    fingerprint_from_pk (sk, fp, NULL);

  /* Decrypt. */
  desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1);