[PATCH] scd: Improve KDF-DO support
Arnaud Fontaine
arnaud.fontaine at ssi.gouv.fr
Thu Feb 8 09:35:41 CET 2018
Hello,
the specification (section 4.4.1, page 22, in v3.3) says:
"Constructed DOs (C, marked yellow) are returned including their tag and
length"
and in the same section, page 25, F9 (KDF-DO) in marked as a constructed
DO, "format C".
So, from my understanding of these elements, the KDF-DO must be returned
with its tag and length.
Cheers
--
Arnaud Fontaine
Le 08/02/2018 à 01:19, NIIBE Yutaka a écrit :
> Hello,
>
> Arnaud Fontaine <arnaud.fontaine at ssi.gouv.fr> writes:
>> The attached patch fixes two issues:
>> - when the KDF-DO algorithm is set to NONE (... 81 01 00 ...), no KDF
>> should be applied which is not the case in the current implementation
>> where KDF is applied as soon as the bit is set in extended capabilities
>> and a DO exists (which is required by the spec) whatever its content
>> (which is not compliant with the spec);
>
> I will apply this part. It's good if you submit this part only, at first.
>
>> - the specification says the KDF-DO is encapsulated in a tag F9 + length
>> object, but the current implementation assumes the F9 tag + length are
>> not present; so the currently used offsets in the DO buffer must be
>> incremented by 2.
>
> My interpretation is different. It is a constructed DO. For all other
> constructed DOs, OpenPGPcard responds with the constructed DO's
> tag+length omitted. For example, 65 or 6E. Is F9 special?
>
More information about the Gnupg-devel
mailing list