[PATCH] scd: Improve KDF-DO support

Arnaud Fontaine arnaud.fontaine at ssi.gouv.fr
Thu Feb 8 09:35:41 CET 2018


the specification (section 4.4.1, page 22, in v3.3) says:
"Constructed DOs (C, marked yellow) are returned including their tag and
and in the same section, page 25, F9 (KDF-DO) in marked as a constructed
DO, "format C".

So, from my understanding of these elements, the KDF-DO must be returned
with its tag and length.

Arnaud Fontaine

Le 08/02/2018 à 01:19, NIIBE Yutaka a écrit :
> Hello,
> Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr> writes:
>> The attached patch fixes two issues:
>> - when the KDF-DO algorithm is set to NONE (... 81 01 00 ...), no KDF
>> should be applied which is not the case in the current implementation
>> where KDF is applied as soon as the bit is set in extended capabilities
>> and a DO exists (which is required by the spec) whatever its content
>> (which is not compliant with the spec);
> I will apply this part.  It's good if you submit this part only, at first.
>> - the specification says the KDF-DO is encapsulated in a tag F9 + length
>> object, but the current implementation assumes the F9 tag + length are
>> not present; so the currently used offsets in the DO buffer must be
>> incremented by 2.
> My interpretation is different.  It is a constructed DO.  For all other
> constructed DOs, OpenPGPcard responds with the constructed DO's
> tag+length omitted.  For example, 65 or 6E.  Is F9 special?

More information about the Gnupg-devel mailing list