[PATCH] scd: Improve KDF-DO support
gniibe at fsij.org
Thu Feb 8 01:19:57 CET 2018
Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr> writes:
> The attached patch fixes two issues:
> - when the KDF-DO algorithm is set to NONE (... 81 01 00 ...), no KDF
> should be applied which is not the case in the current implementation
> where KDF is applied as soon as the bit is set in extended capabilities
> and a DO exists (which is required by the spec) whatever its content
> (which is not compliant with the spec);
I will apply this part. It's good if you submit this part only, at first.
> - the specification says the KDF-DO is encapsulated in a tag F9 + length
> object, but the current implementation assumes the F9 tag + length are
> not present; so the currently used offsets in the DO buffer must be
> incremented by 2.
My interpretation is different. It is a constructed DO. For all other
constructed DOs, OpenPGPcard responds with the constructed DO's
tag+length omitted. For example, 65 or 6E. Is F9 special?
More information about the Gnupg-devel