From f199b627ce512c8495af5c9bd1c81127ccde3ca0 Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Thu, 14 Mar 2019 08:23:38 +0900 Subject: [PATCH] Fix the previous commit. * g10/ecdh.c (kek_params_table): Revert the change. * scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256 for 384-bit key. -- Avoiding CIPHER_ALGO_AES192 is intentional here. Signed-off-by: NIIBE Yutaka --- g10/ecdh.c | 2 +- scd/app-openpgp.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/g10/ecdh.c b/g10/ecdh.c index 5bbea96c0..6587cc4b4 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -39,7 +39,7 @@ static const struct /* Note: Must be sorted by ascending values for QBITS. */ { { 256, DIGEST_ALGO_SHA256, CIPHER_ALGO_AES }, - { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES192 }, + { 384, DIGEST_ALGO_SHA384, CIPHER_ALGO_AES256 }, /* Note: 528 is 521 rounded to the 8 bit boundary */ { 528, DIGEST_ALGO_SHA512, CIPHER_ALGO_AES256 } diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c index 62b3cbc2f..1e904b578 100644 --- a/scd/app-openpgp.c +++ b/scd/app-openpgp.c @@ -1448,13 +1448,13 @@ ecdh_params (const char *curve) /* See RFC-6637 for those constants. 0x03: Number of bytes 0x01: Version for this parameter format - KDF hash algo - KEK symmetric cipher algo + KEK digest algorithm + KEK cipher algorithm */ if (nbits <= 256) return (const unsigned char*)"\x03\x01\x08\x07"; else if (nbits <= 384) - return (const unsigned char*)"\x03\x01\x09\x08"; + return (const unsigned char*)"\x03\x01\x09\x09"; else return (const unsigned char*)"\x03\x01\x0a\x09"; }