security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

gpg: Support ECDH with v5 key.

Browse source 
* g10/ecdh.c (build_kdf_params): Use the first 20 octets.
* g10/pkglue.c (pk_encrypt): Remove length check to 20.
* g10/pubkey-enc.c (get_it): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2021-03-24 14:51:42 +09:00
parent a107b24ddb
commit 90a5b4e648
3 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

9
g10/ecdh.c
View file

@ -129,6 +129,13 @@ extract_secret_x (byte **r_secret_x,
}
/* Build KDF parameters */
/* RFC 6637 defines the KDF parameters and its encoding in Section
8. EC DH Algorighm (ECDH). Since it was written for v4 key, it
said "20 octets representing a recipient encryption subkey or a
master key fingerprint". For v5 key, it is considered "adequate"
(in terms of NIST SP 800 56A, see 5.8.2 FixedInfo) to use the first
20 octets of its 32 octets fingerprint. */
static gpg_error_t
build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
gcry_mpi_t *pkey, const byte pk_fp[MAX_FINGERPRINT_LEN])
@ -150,7 +157,7 @@ build_kdf_params (unsigned char kdf_params[256], size_t *r_size,
err = (err ? err : gpg_mpi_write_nohdr (obuf, pkey[2]));
/* fixed-length field 4 */
iobuf_write (obuf, "Anonymous Sender ", 20);
/* fixed-length field 5, recipient fp */
/* fixed-length field 5, recipient fp (or first 20 octets of fp) */
iobuf_write (obuf, pk_fp, 20);
if (!err)