From b8b166044fe5faa7773cf6470e71c726465794c1 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 8 Oct 2024 11:49:55 +0200 Subject: [PATCH] nts: don't include compliant-128gcm record for other AEADs If the client included the NTS-KE record requesting compliant key exporter context for AES-128-GCM-SIV, but the server doesn't select this AEAD algorithm (it's not supported by the crypto library or it is disabled by the ntsaeads directive), don't include the NTS-KE record in the response. It's not relevant to the other AEAD algorithms. --- nts_ke_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nts_ke_server.c b/nts_ke_server.c index 5f10bc1..dfdebb8 100644 --- a/nts_ke_server.c +++ b/nts_ke_server.c @@ -373,7 +373,7 @@ prepare_response(NKSN_Instance session, int error, int next_protocol, int aead_a if (!NKSN_AddRecord(session, 1, NKE_RECORD_AEAD_ALGORITHM, &datum, sizeof (datum))) return 0; - if (compliant_128gcm) { + if (aead_algorithm == AEAD_AES_128_GCM_SIV && compliant_128gcm) { if (!NKSN_AddRecord(session, 0, NKE_RECORD_COMPLIANT_128GCM_EXPORT, NULL, 0)) return 0; }