diff options
| author | Werner Koch <[email protected]> | 2020-05-08 16:08:50 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2020-05-08 16:08:50 +0000 |
| commit | 68b857df13c8a4e6cae5e3a29fd065bf90764547 (patch) | |
| tree | fe3884661130ed2968406b4d391db93df3caf5e6 /sm/gpgsm.h | |
| parent | sm: Print algorithm infos in data decryption mode. (diff) | |
| download | gnupg-68b857df13c8a4e6cae5e3a29fd065bf90764547.tar.gz gnupg-68b857df13c8a4e6cae5e3a29fd065bf90764547.zip | |
sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.
* sm/decrypt.c (ecdh_decrypt): Support
dhSinglePass-stdDH-sha1kdf-scheme. Factor key derive code out to ...
(ecdh_derive_kek): new global function. Allow for hashs shorter than
the key.
(hash_ecc_cms_shared_info): Make file-only.
* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
new ecdh_derive_kek. Add test code to create data using
dhSinglePass-stdDH-sha1kdf-scheme.
* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
--
I did some test against
Governikus_Signer: 2.9.2.0
MCard security Provider: 2.4.0
Algorithm catalog from: 05.12.2019
using a Signature Card v2.0 and a nistp256 certificate. Encrypting
with Governikus used the stdDH-sha1kdf scheme which we can now
decrypt. Encrypting with GPGSM uses for that curve the recommended
scheme sha256kdf but Governikus was not able to decrypt this (no
usable error message). Encrypting using stdDH-sha1kdf with GPGSM by
using the new --debug-force-ecdh-sha1kdf option showed that
Governikus was able to decrypt this.
FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms)
has this requirement:
Implementations that support EnvelopedData with the
ephemeral-static ECDH standard primitive:
- MUST support the dhSinglePass-stdDH-sha256kdf-scheme key
agreement algorithm, the id-aes128-wrap key wrap algorithm, and
the id-aes128-cbc content encryption algorithm; and
which Governikus seems not to fulfill.
GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'sm/gpgsm.h')
| -rw-r--r-- | sm/gpgsm.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sm/gpgsm.h b/sm/gpgsm.h index c4df8496e..9e4694a64 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -106,6 +106,8 @@ struct int forced_digest_algo; /* User forced hash algorithm. */ + int force_ecdh_sha1kdf; /* Only for debugging and testing. */ + char *def_recipient; /* userID of the default recipient */ int def_recipient_self; /* The default recipient is the default key */ @@ -392,10 +394,10 @@ int gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int in_fd, estream_t out_fp); /*-- decrypt.c --*/ -gpg_error_t hash_ecc_cms_shared_info (gcry_md_hd_t hash_hd, - const char *wrap_algo_str, - unsigned int keylen, - const void *ukm, unsigned int ukmlen); +gpg_error_t ecdh_derive_kek (unsigned char *key, unsigned int keylen, + int hash_algo, const char *wrap_algo_str, + const void *secret, unsigned int secretlen, + const void *ukm, unsigned int ukmlen); int gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp); /*-- certreqgen.c --*/ |