Curve25519 with the prefix 0x40

Fri Dec 4 06:21:40 CET 2015

On 12/03/2015 09:01 AM, NIIBE Yutaka wrote:
> I pushed it to master, since the impact is only scdaemon, and
> it means that it will be Gnuk Token users.

Sorry, the patch was immature.  Thanks Werner for fixing my mistakes.

More fix is needed, in fact.  My badness.  Tested with my Gnuk Token
this time.  Pushing.


    scd: More fix for Curve25519 prefix handling.

    * scd/app-openpgp.c (do_decipher): Handle trancated cipher text.
    Also fix xfree bug introduced.

    --

    In old format with no prefix, cipher text can be trancated when it
    is parsed as MPI.  Recover the value adding back zeros.

    Fixes-commit: 11b2691eddc42e91651e4f95dd2731255a3e9211

diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index f8e1460..d204740 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -4175,14 +4175,25 @@ do_decipher (app_t app, const char *keyidstr,
     }
   else if (app->app_local->keyattr[1].key_type == KEY_TYPE_ECC)
     {
-      if (app->app_local->keyattr[1].ecc.flags
-          && (indatalen%2))
-        { /*
-           * Skip the prefix.  It may be 0x40 (in new format), or MPI
-           * head of 0x00 (in old format).
-           */
-          indata = (const char *)indata + 1;
-          indatalen--;
+      int old_format_len = 0;
+
+      if (app->app_local->keyattr[1].ecc.flags)
+        {
+          if (indatalen > 32 + 1)
+            { /*
+               * Skip the prefix.  It may be 0x40 (in new format), or MPI
+               * head of 0x00 (in old format).
+               */
+              indata = (const char *)indata + 1;
+              indatalen--;
+            }
+          else if (indatalen < 32)
+            { /*
+               * Old format trancated by MPI handling.
+               */
+              old_format_len = indatalen;
+              indatalen = 32;
+            }
         }

       fixuplen = 7;
@@ -4198,7 +4209,16 @@ do_decipher (app_t app, const char *keyidstr,
       fixbuf[4] = (char)(indatalen+2);
       fixbuf[5] = '\x86';
       fixbuf[6] = (char)indatalen;
-      memcpy (fixbuf+fixuplen, indata, indatalen);
+      if (old_format_len)
+        {
+          memset (fixbuf+fixuplen, 0, 32 - old_format_len);
+          memcpy (fixbuf+fixuplen + 32 - old_format_len,
+                  indata, old_format_len);
+        }
+      else
+        {
+          memcpy (fixbuf+fixuplen, indata, indatalen);
+        }
       indata = fixbuf;
       indatalen = fixuplen + indatalen;

@@ -4230,12 +4250,12 @@ do_decipher (app_t app, const char *keyidstr,
       fixbuf = xtrymalloc (*outdatalen + 1);
       if (!fixbuf)
         {
-          xfree (outdata);
+          xfree (*outdata);
           return gpg_error_from_syserror ();
         }
       fixbuf[0] = 0x40;
       memcpy (fixbuf+1, *outdata, *outdatalen);
-      xfree (outdata);
+      xfree (*outdata);
       *outdata = fixbuf;
       *outdatalen = *outdatalen + 1;
     }
--

