Home GnuPG
Diffusion GnuPG 68b857df13c8

sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.

Description

sm: Allow decryption using dhSinglePass-stdDH-sha1kdf-scheme.

* sm/decrypt.c (ecdh_decrypt): Support
dhSinglePass-stdDH-sha1kdf-scheme.  Factor key derive code out to ...
(ecdh_derive_kek): new global function.  Allow for hashs shorter than
the key.
(hash_ecc_cms_shared_info): Make file-only.
* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
new ecdh_derive_kek.  Add test code to create data using
dhSinglePass-stdDH-sha1kdf-scheme.
* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.

I did some test against

Governikus_Signer:       2.9.2.0
MCard security Provider: 2.4.0
Algorithm catalog from:  05.12.2019

using a Signature Card v2.0 and a nistp256 certificate. Encrypting
with Governikus used the stdDH-sha1kdf scheme which we can now
decrypt. Encrypting with GPGSM uses for that curve the recommended
scheme sha256kdf but Governikus was not able to decrypt this (no
usable error message). Encrypting using stdDH-sha1kdf with GPGSM by
using the new --debug-force-ecdh-sha1kdf option showed that
Governikus was able to decrypt this.

FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms)
has this requirement:

Implementations that support EnvelopedData with the
ephemeral-static ECDH standard primitive:

- MUST support the dhSinglePass-stdDH-sha256kdf-scheme key
  agreement algorithm, the id-aes128-wrap key wrap algorithm, and
  the id-aes128-cbc content encryption algorithm; and

which Governikus seems not to fulfill.

  • GnuPG-bug-id: T4098
  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on May 8 2020, 6:08 PM
Parents
rG439c9b5cb550: sm: Print algorithm infos in data decryption mode.
Branches
Unknown
Tags
Unknown
Tasks
T4098: GpgSM: Add ECC support