diff options
| -rw-r--r-- | g10/ecdh.c | 9 | ||||
| -rw-r--r-- | g10/pkglue.c | 5 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 6 |
3 files changed, 10 insertions, 10 deletions
diff --git a/g10/ecdh.c b/g10/ecdh.c index ac2883cf4..9a1f535a0 100644 --- a/g10/ecdh.c +++ b/g10/ecdh.c @@ -129,6 +129,13 @@ extract_secret_x (byte **r_secret_x, } +/* Build KDF parameters */ +/* RFC 6637 defines the KDF parameters and its encoding in Section + 8. EC DH Algorighm (ECDH). Since it was written for v4 key, it + said "20 octets representing a recipient encryption subkey or a + master key fingerprint". For v5 key, it is considered "adequate" + (in terms of NIST SP 800 56A, see 5.8.2 FixedInfo) to use the first + 20 octets of its 32 octets fingerprint. */ static gpg_error_t build_kdf_params (unsigned char kdf_params[256], size_t *r_size, gcry_mpi_t *pkey, const byte pk_fp[MAX_FINGERPRINT_LEN]) @@ -150,7 +157,7 @@ build_kdf_params (unsigned char kdf_params[256], size_t *r_size, err = (err ? err : gpg_mpi_write_nohdr (obuf, pkey[2])); /* fixed-length field 4 */ iobuf_write (obuf, "Anonymous Sender ", 20); - /* fixed-length field 5, recipient fp */ + /* fixed-length field 5, recipient fp (or first 20 octets of fp) */ iobuf_write (obuf, pk_fp, 20); if (!err) diff --git a/g10/pkglue.c b/g10/pkglue.c index 13f8e2f03..cab007f01 100644 --- a/g10/pkglue.c +++ b/g10/pkglue.c @@ -419,7 +419,6 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, { gcry_mpi_t public, result; byte fp[MAX_FINGERPRINT_LEN]; - size_t fpn; byte *shared; size_t nshared; @@ -436,9 +435,7 @@ pk_encrypt (pubkey_algo_t algo, gcry_mpi_t *resarr, gcry_mpi_t data, } result = NULL; - fingerprint_from_pk (pk, fp, &fpn); - if (fpn != 20) - rc = gpg_error (GPG_ERR_INV_LENGTH); + fingerprint_from_pk (pk, fp, NULL); if (!rc) { diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 9a2c107f8..6e1b0898e 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -201,7 +201,6 @@ get_it (ctrl_t ctrl, char *desc; char *keygrip; byte fp[MAX_FINGERPRINT_LEN]; - size_t fpn; if (DBG_CLOCK) log_clock ("decryption start"); @@ -245,10 +244,7 @@ get_it (ctrl_t ctrl, goto leave; if (sk->pubkey_algo == PUBKEY_ALGO_ECDH) - { - fingerprint_from_pk (sk, fp, &fpn); - log_assert (fpn == 20); - } + fingerprint_from_pk (sk, fp, NULL); /* Decrypt. */ desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1); |