From bc482052f84e8340e0eebb540c39d143fac120af Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 10 Dec 2007 15:19:34 +0000
Subject: Fix for bug 851. Fixed auto generation of the stub key for the card.
 Allow to encrypt toElgamal encryption keys of type 20.

---
 scd/ChangeLog     |  5 +++++
 scd/app-openpgp.c | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 49 insertions(+), 3 deletions(-)

(limited to 'scd')

diff --git a/scd/ChangeLog b/scd/ChangeLog
index 678083692..166f30891 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -1,3 +1,8 @@
+2007-12-10  Werner Koch  <wk@g10code.com>
+
+	* app-openpgp.c (do_decipher): Take care of cryptograms shiorther
+	that 128 bytes.  Fixes bug#851.
+
 2007-11-14  Werner Koch  <wk@g10code.com>
 
 	* scdaemon.c (main): Pass STANDARD_SOCKET flag to
diff --git a/scd/app-openpgp.c b/scd/app-openpgp.c
index bf7c0afc5..5cfec0407 100644
--- a/scd/app-openpgp.c
+++ b/scd/app-openpgp.c
@@ -1,5 +1,5 @@
 /* app-openpgp.c - The OpenPGP card application.
- *	Copyright (C) 2003, 2004, 2005 Free Software Foundation, Inc.
+ * Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -2456,8 +2456,49 @@ do_decipher (app_t app, const char *keyidstr,
 
   rc = verify_chv2 (app, pincb, pincb_arg);
   if (!rc)
-    rc = iso7816_decipher (app->slot, indata, indatalen, 0,
-                           outdata, outdatalen);
+    {
+      size_t fixuplen;
+
+      /* We might encounter a couple of leading zeroes in the
+         cryptogram.  Due to internal use of MPIs thease leading
+         zeroes are stripped.  However the OpenPGp card expects
+         exactly 128 bytes for the cryptogram (for a 1k key).  Thus we
+         need to fix it up.  We do this for up to 16 leading zero
+         bytes; a cryptogram with more than this is with a very high
+         probability anyway broken.  */
+      if (indatalen >= (128-16) && indatalen < 128)      /* 1024 bit key.  */
+        fixuplen = 128 - indatalen;
+      else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key.  */
+        fixuplen = 256 - indatalen;
+      else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key.  */
+        fixuplen = 192 - indatalen;
+      else
+        fixuplen = 0;
+      if (fixuplen)
+        {
+          unsigned char *fixbuf;
+
+          /* While we have to prepend stuff anyway, we can also
+             include the padding byte here so that iso1816_decipher
+             does not need to do yet another data mangling.  */
+          fixuplen++;
+          fixbuf = xtrymalloc (fixuplen + indatalen);
+          if (!fixbuf)
+            rc = gpg_error_from_syserror ();
+          else
+            {
+              memset (fixbuf, 0, fixuplen);
+              memcpy (fixbuf+fixuplen, indata, indatalen);
+              rc = iso7816_decipher (app->slot, fixbuf, fixuplen+indatalen, -1,
+                                     outdata, outdatalen);
+              xfree (fixbuf);
+            }
+
+        }
+      else
+        rc = iso7816_decipher (app->slot, indata, indatalen, 0,
+                               outdata, outdatalen);
+    }
   return rc;
 }
 
-- 
cgit v1.2.3