1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-09 23:39:51 +02:00
gnupg/sm
Werner Koch 68b857df13
sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
* sm/decrypt.c (ecdh_decrypt): Support
dhSinglePass-stdDH-sha1kdf-scheme.  Factor key derive code out to ...
(ecdh_derive_kek): new global function.  Allow for hashs shorter than
the key.
(hash_ecc_cms_shared_info): Make file-only.
* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
new ecdh_derive_kek.  Add test code to create data using
dhSinglePass-stdDH-sha1kdf-scheme.
* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
--

I did some test against

  Governikus_Signer:       2.9.2.0
  MCard security Provider: 2.4.0
  Algorithm catalog from:  05.12.2019

using a Signature Card v2.0 and a nistp256 certificate.  Encrypting
with Governikus used the stdDH-sha1kdf scheme which we can now
decrypt.  Encrypting with GPGSM uses for that curve the recommended
scheme sha256kdf but Governikus was not able to decrypt this (no
usable error message).  Encrypting using stdDH-sha1kdf with GPGSM by
using the new --debug-force-ecdh-sha1kdf option showed that
Governikus was able to decrypt this.

FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms)
has this requirement:

   Implementations that support EnvelopedData with the
   ephemeral-static ECDH standard primitive:

   - MUST support the dhSinglePass-stdDH-sha256kdf-scheme key
     agreement algorithm, the id-aes128-wrap key wrap algorithm, and
     the id-aes128-cbc content encryption algorithm; and

which Governikus seems not to fulfill.

GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-05-08 18:08:50 +02:00
..
call-agent.c sm: Minor debug output format changes. 2020-04-23 10:00:18 +02:00
call-dirmngr.c sm: Lookup missing issuers first using authorityInfoAccess. 2020-04-16 18:03:13 +02:00
certchain.c sm: Always allow authorityInfoAccess lookup if CRLs are also enabled. 2020-04-16 19:05:49 +02:00
certcheck.c sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA. 2020-05-08 15:10:13 +02:00
certdump.c sm: Fix a warning in an es_fopencooie function. 2020-04-01 09:58:11 +02:00
certlist.c sm: Print a better diagnostic for encryption certificate selection. 2019-06-04 09:24:03 +02:00
certreqgen-ui.c sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA. 2020-05-08 15:10:13 +02:00
certreqgen.c sm: Fix possible NULL deref in error messages of --gen-key. 2020-03-30 17:16:30 +02:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
decrypt.c sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme. 2020-05-08 18:08:50 +02:00
delete.c sm: Change keydb code to use the keybox locking. 2019-05-14 13:36:08 +02:00
encrypt.c sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme. 2020-05-08 18:08:50 +02:00
export.c sm: Add support to export ECC private keys. 2020-04-27 19:54:39 +02:00
fingerprint.c sm: Print the key types as standard key algorithm strings. 2020-05-07 09:45:49 +02:00
gpgsm-w32info.rc w32: Add icons and version information. 2013-05-07 21:35:48 +02:00
gpgsm.c sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme. 2020-05-08 18:08:50 +02:00
gpgsm.h sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme. 2020-05-08 18:08:50 +02:00
import.c sm: Minor debug output format changes. 2020-04-23 10:00:18 +02:00
keydb.c Merge branch 'switch-to-gpgk' into master 2019-09-27 15:44:23 +02:00
keydb.h sm: Add a couple of debug calls to the keydb module. 2019-05-15 08:52:21 +02:00
keylist.c sm: Print the key types as standard key algorithm strings. 2020-05-07 09:45:49 +02:00
Makefile.am sm: Add support to export ECC private keys. 2020-04-27 19:54:39 +02:00
minip12.c doc: Typo fixes in code comments 2020-05-04 14:55:34 +02:00
minip12.h sm: Support import of PKCS#12 encoded ECC private keys. 2020-04-21 21:05:39 +02:00
misc.c sm: Prepare algo mapping to handle values > 255. 2019-02-21 08:51:50 +01:00
passphrase.c Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
passphrase.h Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
qualified.c all: fix spelling and typos 2018-10-24 15:56:18 -04:00
server.c sm: New option --issuer-der for the listkey commands. 2020-02-03 14:54:23 +01:00
sign.c sm: Fix annoying warning about not yet implemented --attribute. 2020-05-07 14:04:43 +02:00
t-minip12.c sm: Add support to export ECC private keys. 2020-04-27 19:54:39 +02:00
verify.c sm: Cleanup the use of GCRY_PK_ECC and GCRY_PK_ECDSA. 2020-05-08 15:10:13 +02:00