[git] GnuPG - branch, master, updated. gnupg-2.1.15-289-gca0ee4e
by NIIBE Yutaka
cvs at cvs.gnupg.org
Thu Oct 27 06:06:03 CEST 2016
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via ca0ee4e381d0b6a57e4ddc8f4bb2390eb97a2540 (commit)
via 6bbd97d6c771b2e2c7cfcff6d5a823f0fb44d443 (commit)
via b648f28f9f8b889f1217a649ded1d45f261bb2bf (commit)
from 75f8aaf5bc2dc7fcffe2987a572d489155c91eb9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ca0ee4e381d0b6a57e4ddc8f4bb2390eb97a2540
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Oct 27 12:59:49 2016 +0900
g10: Fix ECDH, clarifying the format.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Returns error when
it's short. Clarify the format. Handle other prefixes correctly.
--
With the scdaemon's change, there is no case NBYTES < SECRET_X_SIZE.
This fixes the break of ECDH with X25519.
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/g10/ecdh.c b/g10/ecdh.c
index 886427b..dd47544 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -135,27 +135,29 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
/* Expected size of the x component */
secret_x_size = (nbits+7)/8;
- if (nbytes > secret_x_size)
+ /* Extract X from the result. It must be in the format of:
+ 04 || X || Y
+ 40 || X
+ 41 || X
+
+ Since it always comes with the prefix, it's larger than X. In
+ old experimental version of libgcrypt, there is a case where it
+ returns X with no prefix of 40, so, nbytes == secret_x_size
+ is allowed. */
+ if (nbytes < secret_x_size)
{
- /* Uncompressed format expected, so it must start with 04 */
- if (secret_x[0] != (byte)0x04)
- {
- return gpg_error (GPG_ERR_BAD_DATA);
- }
+ xfree (secret_x);
+ return gpg_error (GPG_ERR_BAD_DATA);
+ }
- /* Remove the "04" prefix of non-compressed format. */
- memmove (secret_x, secret_x+1, secret_x_size);
+ /* Remove the prefix. */
+ if ((nbytes & 1))
+ memmove (secret_x, secret_x+1, secret_x_size);
+
+ /* Clear the rest of data. */
+ if (nbytes - secret_x_size)
+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
- /* Zeroize the y component following */
- if (nbytes > secret_x_size)
- memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
- }
- else if (nbytes < secret_x_size)
- {
- /* Raw share secret (x coordinate), without leading zeros */
- memmove (secret_x+(secret_x_size - nbytes), secret_x, nbytes);
- memset (secret_x, 0, secret_x_size - nbytes);
- }
if (DBG_CRYPTO)
log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );
}
commit 6bbd97d6c771b2e2c7cfcff6d5a823f0fb44d443
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Thu Oct 27 11:56:18 2016 +0900
scd: Add 0x41 prefix for x-coordinate only result.
* scd/app-openpgp.c (do_decipher): When it's x-coordinate only, add the
prefix 0x41.
--
Card should return fixed size bytes, either in format of
(04 || X || Y) or (X, x-coordinate only).
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index 4e042e7..d75721f 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4406,20 +4406,29 @@ do_decipher (app_t app, const char *keyidstr,
indata, indatalen, le_value, padind,
outdata, outdatalen);
xfree (fixbuf);
- if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC
- && (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK))
- { /* Add the prefix 0x40 */
- fixbuf = xtrymalloc (*outdatalen + 1);
- if (!fixbuf)
- {
+ if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
+ {
+ unsigned char prefix = 0;
+
+ if (app->app_local->keyattr[1].ecc.flags & ECC_FLAG_DJB_TWEAK)
+ prefix = 0x40;
+ else if ((*outdatalen % 2) == 0) /* No 0x04 -> x-coordinate only */
+ prefix = 0x41;
+
+ if (prefix)
+ { /* Add the prefix */
+ fixbuf = xtrymalloc (*outdatalen + 1);
+ if (!fixbuf)
+ {
+ xfree (*outdata);
+ return gpg_error_from_syserror ();
+ }
+ fixbuf[0] = prefix;
+ memcpy (fixbuf+1, *outdata, *outdatalen);
xfree (*outdata);
- return gpg_error_from_syserror ();
+ *outdata = fixbuf;
+ *outdatalen = *outdatalen + 1;
}
- fixbuf[0] = 0x40;
- memcpy (fixbuf+1, *outdata, *outdatalen);
- xfree (*outdata);
- *outdata = fixbuf;
- *outdatalen = *outdatalen + 1;
}
if (gpg_err_code (rc) == GPG_ERR_CARD /* actual SW is 0x640a */
commit b648f28f9f8b889f1217a649ded1d45f261bb2bf
Author: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
Date: Tue Oct 25 13:43:08 2016 +0200
g10: ECDH shared point format.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Improve handling of
ECDH shared point format.
--
This handles the case where the result comes from scdaemon.
Signed-off-by: Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr>
diff --git a/g10/ecdh.c b/g10/ecdh.c
index af1d844..886427b 100644
--- a/g10/ecdh.c
+++ b/g10/ecdh.c
@@ -132,14 +132,30 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
return err;
}
+ /* Expected size of the x component */
secret_x_size = (nbits+7)/8;
- log_assert (nbytes >= secret_x_size);
- if ((nbytes & 1))
- /* Remove the "04" prefix of non-compressed format. */
- memmove (secret_x, secret_x+1, secret_x_size);
- if (nbytes - secret_x_size)
- memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
+ if (nbytes > secret_x_size)
+ {
+ /* Uncompressed format expected, so it must start with 04 */
+ if (secret_x[0] != (byte)0x04)
+ {
+ return gpg_error (GPG_ERR_BAD_DATA);
+ }
+
+ /* Remove the "04" prefix of non-compressed format. */
+ memmove (secret_x, secret_x+1, secret_x_size);
+
+ /* Zeroize the y component following */
+ if (nbytes > secret_x_size)
+ memset (secret_x+secret_x_size, 0, nbytes-secret_x_size);
+ }
+ else if (nbytes < secret_x_size)
+ {
+ /* Raw share secret (x coordinate), without leading zeros */
+ memmove (secret_x+(secret_x_size - nbytes), secret_x, nbytes);
+ memset (secret_x, 0, secret_x_size - nbytes);
+ }
if (DBG_CRYPTO)
log_printhex ("ECDH shared secret X is:", secret_x, secret_x_size );
}
@@ -235,8 +251,8 @@ pk_ecdh_encrypt_with_shared_point (int is_encrypt, gcry_mpi_t shared_mpi,
return err;
}
gcry_md_write(h, "\x00\x00\x00\x01", 4); /* counter = 1 */
- gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */
- gcry_md_write(h, message, message_size);/* KDF parameters */
+ gcry_md_write(h, secret_x, secret_x_size); /* x of the point X */
+ gcry_md_write(h, message, message_size); /* KDF parameters */
gcry_md_final (h);
-----------------------------------------------------------------------
Summary of changes:
g10/ecdh.c | 26 ++++++++++++++++++++++----
scd/app-openpgp.c | 33 +++++++++++++++++++++------------
2 files changed, 43 insertions(+), 16 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list