Add SHA1x hash support

[onak.git] / sigcheck.c

diff --git a/sigcheck.c b/sigcheck.c
index 852b53b3784a578d5d41c933b1b5b8cc2656f331..900d3514fab414bd30ee85580b58a5c7108c9067 100644 (file)
--- a/sigcheck.c
+++ b/sigcheck.c
@@ -20,6 +20,7 @@
 #include <stdint.h>
 
 #include "config.h"
+#include "keyid.h"
 #include "keystructs.h"
 #include "log.h"
 #include "openpgp.h"
@@ -27,11 +28,13 @@
 
 #ifdef HAVE_NETTLE
 #include <nettle/md5.h>
+#include <nettle/ripemd160.h>
 #include <nettle/sha.h>
 #else
 #include "md5.h"
 #include "sha1.h"
 #endif
+#include "sha1x.h"
 
 int check_packet_sighash(struct openpgp_publickey *key,
                        struct openpgp_packet *packet,
@@ -41,7 +44,11 @@ int check_packet_sighash(struct openpgp_publickey *key,
        uint8_t *sighash;
        size_t siglen, unhashedlen;
        struct sha1_ctx sha1_context;
+       struct sha1x_ctx sha1x_context;
        struct md5_ctx md5_context;
+#ifdef NETTLE_WITH_RIPEMD160
+       struct ripemd160_ctx ripemd160_context;
+#endif
 #ifdef NETTLE_WITH_SHA224
        struct sha224_ctx sha224_context;
 #endif
@@ -61,6 +68,7 @@ int check_packet_sighash(struct openpgp_publickey *key,
        uint8_t *hashdata[8];
        size_t hashlen[8];
        int chunks, i;
+       uint64_t keyid;
 
        keyheader[0] = 0x99;
        keyheader[1] = key->publickey->length >> 8;
@@ -145,8 +153,10 @@ int check_packet_sighash(struct openpgp_publickey *key,
                sighash = &sig->data[siglen + unhashedlen + 2];
                break;
        default:
-               logthing(LOGTHING_ERROR, "Unknown signature version %d",
-                               sig->data[0]);
+               get_keyid(key, &keyid);
+               logthing(LOGTHING_ERROR,
+                       "Unknown signature version %d on 0x%016" PRIX64,
+                       sig->data[0], keyid);
                return -1;
        }
 
@@ -165,6 +175,27 @@ int check_packet_sighash(struct openpgp_publickey *key,
                }
                sha1_digest(&sha1_context, 20, hash);
                break;
+       case OPENPGP_HASH_RIPEMD160:
+#ifdef NETTLE_WITH_RIPEMD160
+               ripemd160_init(&ripemd160_context);
+               for (i = 0; i < chunks; i++) {
+                       ripemd160_update(&ripemd160_context, hashlen[i],
+                               hashdata[i]);
+               }
+               ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE,
+                       hash);
+               break;
+#else
+               logthing(LOGTHING_INFO, "RIPEMD160 support not available.");
+               return -1;
+#endif
+       case OPENPGP_HASH_SHA1X:
+               sha1x_init(&sha1x_context);
+               for (i = 0; i < chunks; i++) {
+                       sha1x_update(&sha1x_context, hashlen[i], hashdata[i]);
+               }
+               sha1x_digest(&sha1x_context, 20, hash);
+               break;
        case OPENPGP_HASH_SHA224:
 #ifdef NETTLE_WITH_SHA224
                sha224_init(&sha224_context);
@@ -218,13 +249,16 @@ int check_packet_sighash(struct openpgp_publickey *key,
                return -1;
 #endif
        default:
-               logthing(LOGTHING_ERROR, "Unsupported signature hash type %d",
-                               hashtype);
+               get_keyid(key, &keyid);
+               logthing(LOGTHING_ERROR,
+                       "Unsupported signature hash type %d on 0x%016" PRIX64,
+                       hashtype,
+                       keyid);
                return -1;
        }
 
        logthing(LOGTHING_DEBUG, "Hash type: %d, %d chunks, "
-               "calculated: %02X%02X / actual: %02X%02X\n",
+               "calculated: %02X%02X / actual: %02X%02X",
                hashtype, chunks,
                hash[0], hash[1], sighash[0], sighash[1]);