[PATCH] scd: Improve KDF-DO support

Arnaud Fontaine arnaud.fontaine at ssi.gouv.fr
Tue Feb 6 17:49:59 CET 2018


Hi,

KDF-DO support as been recently introduced in GnuPG, but the
implementation provided is not compliant with OpenPGP specifications.
The attached patch fixes two issues:
- when the KDF-DO algorithm is set to NONE (... 81 01 00 ...), no KDF
should be applied which is not the case in the current implementation
where KDF is applied as soon as the bit is set in extended capabilities
and a DO exists (which is required by the spec) whatever its content
(which is not compliant with the spec);
- the specification says the KDF-DO is encapsulated in a tag F9 + length
object, but the current implementation assumes the F9 tag + length are
not present; so the currently used offsets in the DO buffer must be
incremented by 2.

Cheers,
Arnaud Fontaine
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_kdf_do.patch
Type: text/x-patch
Size: 1842 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180206/75052c7e/attachment.bin>


More information about the Gnupg-devel mailing list