X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=sigcheck.c;h=cbc28b87ccfbeacaade0f5a2c88d2a76c1e5a788;hb=cbe819fe064045d7d040e74c66e55f83e716b0ce;hp=fc046266248df3d8dd98d6f127758a1c6d163189;hpb=4c8bebffd4bc105ebaa09256b7a57f4a6201bd52;p=onak.git diff --git a/sigcheck.c b/sigcheck.c index fc04626..cbc28b8 100644 --- a/sigcheck.c +++ b/sigcheck.c @@ -20,6 +20,7 @@ #include #include "config.h" +#include "keyid.h" #include "keystructs.h" #include "log.h" #include "openpgp.h" @@ -27,6 +28,7 @@ #ifdef HAVE_NETTLE #include +#include #include #else #include "md5.h" @@ -42,6 +44,9 @@ int check_packet_sighash(struct openpgp_publickey *key, size_t siglen, unhashedlen; struct sha1_ctx sha1_context; struct md5_ctx md5_context; +#ifdef NETTLE_WITH_RIPEMD160 + struct ripemd160_ctx ripemd160_context; +#endif #ifdef NETTLE_WITH_SHA224 struct sha224_ctx sha224_context; #endif @@ -57,10 +62,11 @@ int check_packet_sighash(struct openpgp_publickey *key, uint8_t keyheader[3]; uint8_t packetheader[5]; uint8_t v4trailer[6]; - uint8_t hash[20]; + uint8_t hash[64]; uint8_t *hashdata[8]; size_t hashlen[8]; int chunks, i; + uint64_t keyid; keyheader[0] = 0x99; keyheader[1] = key->publickey->length >> 8; @@ -145,8 +151,10 @@ int check_packet_sighash(struct openpgp_publickey *key, sighash = &sig->data[siglen + unhashedlen + 2]; break; default: - logthing(LOGTHING_ERROR, "Unknown signature version %d", - sig->data[0]); + get_keyid(key, &keyid); + logthing(LOGTHING_ERROR, + "Unknown signature version %d on 0x%016" PRIX64, + sig->data[0], keyid); return -1; } @@ -165,6 +173,20 @@ int check_packet_sighash(struct openpgp_publickey *key, } sha1_digest(&sha1_context, 20, hash); break; + case OPENPGP_HASH_RIPEMD160: +#ifdef NETTLE_WITH_RIPEMD160 + ripemd160_init(&ripemd160_context); + for (i = 0; i < chunks; i++) { + ripemd160_update(&ripemd160_context, hashlen[i], + hashdata[i]); + } + ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE, + hash); + break; +#else + logthing(LOGTHING_INFO, "RIPEMD160 support not available."); + return -1; +#endif case OPENPGP_HASH_SHA224: #ifdef NETTLE_WITH_SHA224 sha224_init(&sha224_context); @@ -173,10 +195,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA224 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA256: #ifdef NETTLE_WITH_SHA256 sha256_init(&sha256_context); @@ -185,10 +208,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA256 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA384: #ifdef NETTLE_WITH_SHA384 sha384_init(&sha384_context); @@ -197,10 +221,11 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA384 support not available."); + return -1; #endif - break; case OPENPGP_HASH_SHA512: #ifdef NETTLE_WITH_SHA512 sha512_init(&sha512_context); @@ -209,18 +234,22 @@ int check_packet_sighash(struct openpgp_publickey *key, hashdata[i]); } sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash); + break; #else logthing(LOGTHING_INFO, "SHA512 support not available."); + return -1; #endif - break; default: - logthing(LOGTHING_ERROR, "Unsupported signature hash type %d", - hashtype); + get_keyid(key, &keyid); + logthing(LOGTHING_ERROR, + "Unsupported signature hash type %d on 0x%016" PRIX64, + hashtype, + keyid); return -1; } logthing(LOGTHING_DEBUG, "Hash type: %d, %d chunks, " - "calculated: %02X%02X / actual: %02X%02X\n", + "calculated: %02X%02X / actual: %02X%02X", hashtype, chunks, hash[0], hash[1], sighash[0], sighash[1]);