Page MenuHome GnuPG

gniibe (NIIBE Yutaka)
UserAdministrator

Projects (9)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Wednesday

  • Clear sailing ahead.

User Details

User Since
Mar 27 2017, 4:47 PM (273 w, 6 d)
Roles
Administrator
Availability
Available

Recent Activity

Fri, Jun 24

gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

The change allows internal use of HMAC with shorter key.

Fri, Jun 24, 2:59 AM · libgcrypt, FIPS
gniibe committed rC58c92098d053: hmac,hkdf: Allow use of shorter salt for HKDF. (authored by gniibe).
hmac,hkdf: Allow use of shorter salt for HKDF.
Fri, Jun 24, 2:03 AM
gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

Considering again, I concluded the patch above should be applied.
The use of SALT in HKDF may be not secret and there are valid use cases with no last or shorter salt. It's different to the use case of HMAC, where KEY is secret.

Fri, Jun 24, 1:59 AM · libgcrypt, FIPS
gniibe committed rG9e2307ddf0c2: agent: Flush before calling ftruncate. (authored by gniibe).
agent: Flush before calling ftruncate.
Fri, Jun 24, 1:51 AM

Thu, Jun 23

gniibe added a project to T6035: Portability issue: ftruncate: Testing.
Thu, Jun 23, 4:27 AM · Testing, gpgagent, gnupg
gniibe committed rG99d2931887e5: agent: Flush before calling ftruncate. (authored by gniibe).
agent: Flush before calling ftruncate.
Thu, Jun 23, 4:07 AM
gniibe added a comment to T6035: Portability issue: ftruncate.

Even if it is only a single case (of old version of Wine), I think that it is worth to add es_fflush when writing to file.

Thu, Jun 23, 4:05 AM · Testing, gpgagent, gnupg
gniibe added a comment to T5988: agent: Add new command to update private key fields.

What about rejected changes to "Key:"?

Thu, Jun 23, 3:05 AM · Testing, Feature Request, ssh, gpgagent
gniibe committed rG26d5a6e862c6: agent: KEYATTR only allows access to attribute. (authored by gniibe).
agent: KEYATTR only allows access to attribute.
Thu, Jun 23, 3:04 AM
gniibe committed rG2c47c6662793: agent: Fix KEYATTR command for --delete option. (authored by gniibe).
agent: Fix KEYATTR command for --delete option.
Thu, Jun 23, 3:04 AM

Wed, Jun 22

gniibe added a project to T5988: agent: Add new command to update private key fields: Testing.
Wed, Jun 22, 8:49 AM · Testing, Feature Request, ssh, gpgagent
gniibe committed rG30b54a0ebbaa: agent: Add KEYATTR command. (authored by gniibe).
agent: Add KEYATTR command.
Wed, Jun 22, 8:49 AM
gniibe added a project to T6033: Regression in GnuPG 2.2.34 with some ECC keys: Testing.
Wed, Jun 22, 6:38 AM · Testing, Bug Report, gnupg (gpg22)
gniibe added a project to T5921: No sharing of log_fd between child process: Testing.
Wed, Jun 22, 6:37 AM · Testing, Bug Report, gnupg (gpg23)
gniibe committed rGfe535cf26592: agent,gpg,tools: Fix use of log_get_fd. (authored by gniibe).
agent,gpg,tools: Fix use of log_get_fd.
Wed, Jun 22, 6:37 AM
gniibe added projects to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF: FIPS, libgcrypt.
Wed, Jun 22, 3:48 AM · libgcrypt, FIPS
gniibe renamed T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF from FIPS: Allow salt=NULL for HKDF to FIPS: Allow salt=NULL (or shorter salt) for HKDF.
Wed, Jun 22, 3:47 AM · libgcrypt, FIPS
gniibe updated the task description for T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.
Wed, Jun 22, 3:47 AM · libgcrypt, FIPS
gniibe added a comment to T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF.

In rC76aad97dd312: fips: Reject shorter key for HMAC in FIPS mode., I added rejection, but it would be good to move the check to src/visibility.c to allow internal use.

Wed, Jun 22, 3:46 AM · libgcrypt, FIPS
gniibe triaged T6039: FIPS: Allow salt=NULL (or shorter salt) for HKDF as Normal priority.
Wed, Jun 22, 3:41 AM · libgcrypt, FIPS

Tue, Jun 21

gniibe added a comment to T6035: Portability issue: ftruncate.

Looking illumos-gate, Solaris variants have no issues.

Tue, Jun 21, 12:46 PM · Testing, gpgagent, gnupg
gniibe added a comment to T6035: Portability issue: ftruncate.

Wine 5.0.3 (on Debian bullseye) fails.
Wine 6.0.3 Debian testing does no failure.

Tue, Jun 21, 10:35 AM · Testing, gpgagent, gnupg
gniibe committed rC07722d89bac1: kdf,fips: Modify HKDF test for FIPS mode. (authored by gniibe).
kdf,fips: Modify HKDF test for FIPS mode.
Tue, Jun 21, 8:40 AM
gniibe added a comment to T6033: Regression in GnuPG 2.2.34 with some ECC keys.

My intention to refer rG7b1db7192 was to specify the HEAD of STABLE-BRANCH-2-2, meaning "the head of STABLE-BRANCH-2-2 today". The commit itself has no meaning.

Tue, Jun 21, 7:32 AM · Testing, Bug Report, gnupg (gpg22)
gniibe committed rCe0f0c788dc0f: kdf: Add input check for hkdf. (authored by gniibe).
kdf: Add input check for hkdf.
Tue, Jun 21, 7:21 AM
gniibe added a comment to T6035: Portability issue: ftruncate.

I created minimized test:

Tue, Jun 21, 4:38 AM · Testing, gpgagent, gnupg

Mon, Jun 20

gniibe added projects to T6035: Portability issue: ftruncate: gnupg, gpgagent.
Mon, Jun 20, 10:33 AM · Testing, gpgagent, gnupg
gniibe created T6035: Portability issue: ftruncate.
Mon, Jun 20, 10:33 AM · Testing, gpgagent, gnupg
gniibe added a comment to E929: Weekly Standup.

Last week:

  • Scute
    • trying to introduce major change to support multiple devices: T6002
    • it works for me with Chromium and Firefox
  • libgcrypt
    • hkdf implementation
    • T5976 to 1.10 branch (HPPA)
  • gnupg
    • T5964 for gnupg (in future), a branch named t5964
Mon, Jun 20, 9:04 AM
gniibe is attending E929: Weekly Standup.
Mon, Jun 20, 8:59 AM
gniibe added a comment to T6033: Regression in GnuPG 2.2.34 with some ECC keys.

I can replicate the error by 2.2.35, but I cannot replicate it with rG7b1db7192.
I tested:

  • GNU/Linux
    • i686
    • x86_64
  • Windows
    • i686
Mon, Jun 20, 8:33 AM · Testing, Bug Report, gnupg (gpg22)
gniibe committed rA97516d6c24b9: Don't access NULL by wipememory. (authored by gniibe).
Don't access NULL by wipememory.
Mon, Jun 20, 4:51 AM
gniibe committed rA5277f24ab4b0: Fix the previous commit. (authored by gniibe).
Fix the previous commit.
Mon, Jun 20, 4:51 AM

Thu, Jun 16

gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I pushed the change needed for GnuPG to t5964 branch.

Thu, Jun 16, 8:47 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

Added HKDF implementation to master.

Thu, Jun 16, 8:18 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request
gniibe committed rCfbddfb964f0b: kdf: Add HKDF of RFC5869. (authored by gniibe).
kdf: Add HKDF of RFC5869.
Thu, Jun 16, 8:04 AM
gniibe added a comment to T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd').

Applied to 1.10 branch.

Thu, Jun 16, 2:40 AM · Testing, hppa, libgcrypt, Gentoo, Bug Report
gniibe added a comment to T5976: libgcrypt build failure on HPPA 1.1 (./.libs/libgcrypt.so: undefined reference to `__udiv_qrnnd').

didn't seem to work with 1.9.x

Thu, Jun 16, 2:38 AM · Testing, hppa, libgcrypt, Gentoo, Bug Report

Wed, Jun 15

gniibe committed rSf7b73cb6a303: Add constant from PKCS#11 3.0. (authored by gniibe).
Add constant from PKCS#11 3.0.
Wed, Jun 15, 7:57 AM
gniibe committed rSed1be1c141b9: Tweak for GetSlotList for firefox. (authored by gniibe).
Tweak for GetSlotList for firefox.
Wed, Jun 15, 6:40 AM
gniibe committed rSc04939fb4929: Allow SeedRandom. (authored by gniibe).
Allow SeedRandom.
Wed, Jun 15, 6:40 AM
gniibe committed rS0cb3e4458c31: Cleanup. (authored by gniibe).
Cleanup.
Wed, Jun 15, 4:57 AM
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

I found this page:
https://firefox-source-docs.mozilla.org/security/nss/legacy/nss_tech_notes/nss_tech_note2/index.html

Wed, Jun 15, 3:44 AM · Feature Request, scute
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

In the branch https://dev.gnupg.org/source/Scute/history/t6002/ , by the commit rS123d617ebefe: Less administration of devices by scute., things has been changed.

Wed, Jun 15, 3:39 AM · Feature Request, scute
gniibe committed rS123d617ebefe: Less administration of devices by scute. (authored by gniibe).
Less administration of devices by scute.
Wed, Jun 15, 3:07 AM

Tue, Jun 14

gniibe committed rSe809dde00007: Fix sign/decrypt operation. (authored by gniibe).
Fix sign/decrypt operation.
Tue, Jun 14, 1:15 PM
gniibe committed rS84bca08b45a3: Add back LABEL to cert. (authored by gniibe).
Add back LABEL to cert.
Tue, Jun 14, 1:06 PM
gniibe committed rS1f1a51cd496d: Fix keyinfo listing. (authored by gniibe).
Fix keyinfo listing.
Tue, Jun 14, 10:41 AM
gniibe committed rSb075581f0a34: Change the slot allocation logic. (authored by gniibe).
Change the slot allocation logic.
Tue, Jun 14, 10:17 AM
gniibe committed rS5b456d22cb95: Fix slot_get_status. (authored by gniibe).
Fix slot_get_status.
Tue, Jun 14, 9:01 AM
gniibe committed rS573b335a32b3: Cleanup. (authored by gniibe).
Cleanup.
Tue, Jun 14, 9:01 AM
gniibe committed rS1a5d0f025318: Fix C_GetSlotInfo. (authored by gniibe).
Fix C_GetSlotInfo.
Tue, Jun 14, 9:01 AM
gniibe committed rScdef61e65657: Add back the LABEL object. (authored by gniibe).
Add back the LABEL object.
Tue, Jun 14, 9:01 AM
gniibe committed rSfe2763cb0a13: Fix for valid tokens. (authored by gniibe).
Fix for valid tokens.
Tue, Jun 14, 9:01 AM
gniibe committed rS5348944e08da: Fix for CKA_ID. (authored by gniibe).
Fix for CKA_ID.
Tue, Jun 14, 9:01 AM
gniibe committed rS07848a48bb11: Remove doc/version.texi from repo, as it's a generated file. (authored by gniibe).
Remove doc/version.texi from repo, as it's a generated file.
Tue, Jun 14, 9:01 AM
gniibe committed rS39cd3d4a9521: Allow development with no VPATH build. (authored by gniibe).
Allow development with no VPATH build.
Tue, Jun 14, 9:01 AM
gniibe committed rS22caf3116f4c: Experiment with KEYGRIP approach. (authored by gniibe).
Experiment with KEYGRIP approach.
Tue, Jun 14, 9:01 AM
gniibe committed rS75e32e4a15b1: Use serialno of the card for the label. (authored by gniibe).
Use serialno of the card for the label.
Tue, Jun 14, 9:01 AM
gniibe committed rS659d31e5d61d: Use the grip for scute_agent_get_cert. (authored by gniibe).
Use the grip for scute_agent_get_cert.
Tue, Jun 14, 9:01 AM
gniibe committed rSaa4923375d44: No CERTREF any more. Use the grip. (authored by gniibe).
No CERTREF any more. Use the grip.
Tue, Jun 14, 9:01 AM
gniibe committed rG4dbef2addca8: keygen: Fix reading AEAD preference (authored by Jakuje).
keygen: Fix reading AEAD preference
Tue, Jun 14, 8:39 AM
gniibe added a project to T6019: Parsing AEAD preference string parsing causes reads uninitialized memory: Testing.

Thank you. Applied.

Tue, Jun 14, 8:39 AM · Testing, patch, gnupg (gpg23), Bug Report

Mon, Jun 13

gniibe claimed T6019: Parsing AEAD preference string parsing causes reads uninitialized memory.
Mon, Jun 13, 10:24 AM · Testing, patch, gnupg (gpg23), Bug Report
gniibe added a comment to E928: Weekly Standup.

Last weeks:

  • libgcrypt
    • T5964
      • OneStep KDF (concatinateKDF): implemented two of them : hash and hmac
        • we don't yet have kmac (Keccak MAC), so, no kmac support for OneStep KDF yet
    • T5973
    • Remove old (now questionable) support cap_ipc_lock of secmem
  • pinentry
  • gpg-connect-agent
    • Add --unbuffered support
  • T5862
    • also tested with pinpad cardreader
    • mostly finished the feasibility study with xsecurelock
      • For X, xsecurelock is the best (as of 2022)
      • unfortunately, there is none like xsecurelock for Wayland
    • gpg-agent: T6012: Add --format-ssh support for READKEY
  • libgpg-error:
    • experimental branch added: Remove WindowsCE support
  • libassuan
  • scdaemon
    • changes for new scute T6002

This week

  • scute: T6002
  • Meeting for libgcrypt
    • TwoStep KDF
Mon, Jun 13, 8:42 AM
gniibe is attending E928: Weekly Standup.
Mon, Jun 13, 8:28 AM
gniibe added a comment to T6002: scute w/ gpg23: Support multiple cards/tokens, major update with KEYGRIP.

I realized that we need to invent a way to represent KEYGRIP (40-byte string) in the scheme of PKCS#11; PKCS#11 uses fixed-size string (space padded) for it's label (32) and serialno (16). Basically, it identifies the device by slot number.

Mon, Jun 13, 7:59 AM · Feature Request, scute

Fri, Jun 10

gniibe committed rS60f19aa4977e: First step for multiple device support. Use keygrip. (authored by gniibe).
First step for multiple device support. Use keygrip.
Fri, Jun 10, 9:19 AM
gniibe committed rS14afb3b7d293: Remove $DISPSERIALNO support. (authored by gniibe).
Remove $DISPSERIALNO support.
Fri, Jun 10, 9:19 AM
gniibe committed rS0b287cd78dd6: Only use the first slot for now. (authored by gniibe).
Only use the first slot for now.
Fri, Jun 10, 9:19 AM
gniibe committed rGdd600bbc84dd: scd: Support specifying keygrip for learn command. (authored by gniibe).
scd: Support specifying keygrip for learn command.
Fri, Jun 10, 6:55 AM
gniibe committed rG273b8ec1931d: scd,openpgp: Support READCERT by keygrip. (authored by gniibe).
scd,openpgp: Support READCERT by keygrip.
Fri, Jun 10, 4:47 AM

Thu, Jun 9

gniibe closed T5831: Backport (f808012a) scd: Use lock_slot for apdu_send_direct. to GnuPG 2.2 as Resolved.
Thu, Jun 9, 7:56 AM · gnupg (gpg22), Bug Report, scd
gniibe closed T5917: gpg-agent: Not writing password into file as Resolved.
Thu, Jun 9, 7:55 AM · Bug Report, gpgagent
gniibe added a comment to T5804: Using empty passphrase key pair, gpg2.3.4 fails to decrypt with error "No passphrase given" on a gpg1.4/2.0 keyring format even though the secret keys migration was successful .

Because it's the library which refuses null passphrase as input, only possible options are either:

Thu, Jun 9, 7:50 AM · Bug Report, gnupg (gpg23)
gniibe committed rGaeee62593ae9: agent,scd: Make sure to set CONFIDENTIAL flag in Assuan. (authored by gniibe).
agent,scd: Make sure to set CONFIDENTIAL flag in Assuan.
Thu, Jun 9, 7:44 AM
gniibe added a comment to T5977: Smartcard PIN stays in clear in memory.

Backported to GnuPG 2.2.

Thu, Jun 9, 7:39 AM · Testing, backport, libassuan, pinentry, scd, gnupg (gpg22), Bug Report

Wed, Jun 8

gniibe added a project to T6018: libassuan: Coverity reports: Testing.

Applied the changes.

Wed, Jun 8, 2:20 PM · Testing, patch, libassuan, Bug Report
gniibe committed rA850f404ef079: config: Remove 18 years unused variable (authored by Jakuje).
config: Remove 18 years unused variable
Wed, Jun 8, 12:56 PM
gniibe committed rA2e310bb10e33: tests: Remove dead code (authored by Jakuje).
tests: Remove dead code
Wed, Jun 8, 12:56 PM
gniibe committed rA70b465e0bf65: tests: Avoid leaking file descriptors on errors (authored by Jakuje).
tests: Avoid leaking file descriptors on errors
Wed, Jun 8, 12:56 PM
gniibe committed rC6d32bf80846a: kdf: Add support for One-Step KDF with MAC. (authored by gniibe).
kdf: Add support for One-Step KDF with MAC.
Wed, Jun 8, 6:42 AM
gniibe renamed T5912: libgpg-error: Drop WindowsCE support from libgpg-err: Drop WindowsCE support to libgpg-error: Drop WindowsCE support.
Wed, Jun 8, 6:40 AM
gniibe renamed T5862: authentication with USB token from authentication with USB token, ~~screen lock on token removal~~ to authentication with USB token.
Wed, Jun 8, 4:08 AM · Testing, gpgagent, Feature Request, scd
gniibe renamed T5862: authentication with USB token from authentication with USB token, screen lock on token removal to authentication with USB token, ~~screen lock on token removal~~.
Wed, Jun 8, 4:07 AM · Testing, gpgagent, Feature Request, scd
gniibe added a comment to T5862: authentication with USB token.

Now, it also supports a reader with pinpad.

Wed, Jun 8, 3:38 AM · Testing, gpgagent, Feature Request, scd

Tue, Jun 7

gniibe claimed T6018: libassuan: Coverity reports.
Tue, Jun 7, 1:56 PM · Testing, patch, libassuan, Bug Report
gniibe committed rE13e7650f4924: Remove WindowsCE support. (authored by gniibe).
Remove WindowsCE support.
Tue, Jun 7, 11:00 AM
gniibe committed rE043ce98bfb5c: More for WindowsCE support removal. (authored by gniibe).
More for WindowsCE support removal.
Tue, Jun 7, 11:00 AM
gniibe added a comment to T5912: libgpg-error: Drop WindowsCE support.

Created gniibe/t5912 branch.
It works for me.

Tue, Jun 7, 9:31 AM
gniibe committed rCf8c983cb14f8: kdf: Add One-Step KDF with hash. (authored by gniibe).
kdf: Add One-Step KDF with hash.
Tue, Jun 7, 8:58 AM
gniibe committed rC8d8e80ad7536: Fix for struct gcry_thread_cbs. (authored by gniibe).
Fix for struct gcry_thread_cbs.
Tue, Jun 7, 8:58 AM
gniibe added a comment to T5964: gnupg should use the KDFs implemented in libgcrypt.

I can only find this one: https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors

Tue, Jun 7, 8:51 AM · gnupg (gpg23), FIPS, libgcrypt, Feature Request

Mon, Jun 6

gniibe added projects to T5862: authentication with USB token: gpgagent, Testing.
Mon, Jun 6, 7:02 AM · Testing, gpgagent, Feature Request, scd
gniibe added a comment to T5862: authentication with USB token.

Updated (with T6012):


Mon, Jun 6, 7:00 AM · Testing, gpgagent, Feature Request, scd

Thu, Jun 2

gniibe added a project to T6012: gpg-agent: Add --format=ssh option for READKEY: Testing.
Thu, Jun 2, 1:48 PM · Testing, gpgagent, Feature Request
gniibe committed rGd7a3c455c5e2: agent: Support --format=ssh option for READKEY. (authored by gniibe).
agent: Support --format=ssh option for READKEY.
Thu, Jun 2, 1:47 PM
gniibe triaged T6012: gpg-agent: Add --format=ssh option for READKEY as Normal priority.
Thu, Jun 2, 10:54 AM · Testing, gpgagent, Feature Request
gniibe added a project to T6010: gpg-connect-agent: /definqprog semantics enhancement: Testing.
Thu, Jun 2, 8:53 AM · Testing, Feature Request, scd
gniibe committed rG5a327e8001c4: tools: Add a way to cancell INQUIRE for gpg-connect-agent. (authored by gniibe).
tools: Add a way to cancell INQUIRE for gpg-connect-agent.
Thu, Jun 2, 8:52 AM