From cf2d52cfc3ee4e557bdd093a29dc6409c1000b1a Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Fri, 14 Oct 2022 14:49:37 +0900
Subject: [PATCH] gpg: Use GCRY_KDF_ONESTEP_KDF with newer libgcrypt in future.

* g10/ecdh.c (derive_kek): Use GCRY_KDF_ONESTEP_KDF.

--

This change is not yet enabled.  We will be able to use the code when
we update NEED_LIBGCRYPT_VERSION to 1.11.0.  Before the update, gpg
compiled with libgcrypt 1.11.0 can't work with older libgcrypt
runtime.

GnuPG-bug-id: 5964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 g10/ecdh.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/g10/ecdh.c b/g10/ecdh.c
index c3337d1dc..eb14154a1 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -189,6 +189,28 @@ derive_kek (size_t kek_size,
             const unsigned char *kdf_params, size_t kdf_params_size)
 {
   gpg_error_t err;
+#if 0 /* GCRYPT_VERSION_NUMBER >= 0x010b00 */
+  /*
+   * Experimental: We will remove this if/endif-conditional
+   * compilation when we update NEED_LIBGCRYPT_VERSION to 1.11.0.
+   */
+  gcry_kdf_hd_t hd;
+  unsigned long param[1];
+
+  param[0] = kek_size;
+  err = gcry_kdf_open (&hd, GCRY_KDF_ONESTEP_KDF, kdf_hash_algo,
+                       param, 1,
+                       secret_x, secret_x_size, NULL, 0, NULL, 0,
+                       kdf_params, kdf_params_size);
+  if (!err)
+    {
+      gcry_kdf_compute (hd, NULL);
+      gcry_kdf_final (hd, kek_size, secret_x);
+      gcry_kdf_close (hd);
+      /* Clean the tail before returning.  */
+      memset (secret_x+kek_size, 0, secret_x_size - kek_size);
+    }
+#else
   gcry_md_hd_t h;
 
   log_assert( gcry_md_get_algo_dlen (kdf_hash_algo) >= 32 );
@@ -208,6 +230,7 @@ derive_kek (size_t kek_size,
   gcry_md_close (h);
   /* Clean the tail before returning.  */
   memset (secret_x+kek_size, 0, secret_x_size - kek_size);
+#endif
   if (DBG_CRYPTO)
     log_printhex (secret_x, kek_size, "ecdh KEK is:");
   return err;