From: Jonathan McDowell Date: Mon, 30 Sep 2013 11:50:01 +0000 (+0100) Subject: Add support for checking RIPEMD160 signatures X-Git-Tag: onak-0.4.2~6 X-Git-Url: https://the.earth.li/gitweb/?a=commitdiff_plain;h=a8eae82dbcc70ecb4380cf6393c6b594b9abe995;p=onak.git Add support for checking RIPEMD160 signatures Sufficiently recent versions of nettle have support for RIPEMD160 and there are various keys in the wild that use this algorithm, so add an autoconf check for the nettle support and use it if it's available. --- diff --git a/m4/ax_lib_nettle.m4 b/m4/ax_lib_nettle.m4 index 14f923f..cff46d0 100644 --- a/m4/ax_lib_nettle.m4 +++ b/m4/ax_lib_nettle.m4 @@ -68,6 +68,7 @@ AC_DEFUN([AX_LIB_NETTLE],[ AX_CHECK_NETTLE_ALGO([MD2],[md2_digest]) AX_CHECK_NETTLE_ALGO([MD4],[md4_digest]) AX_CHECK_NETTLE_ALGO([MD5],[md5_digest]) + AX_CHECK_NETTLE_ALGO([RIPEMD160],[ripemd160_digest]) AX_CHECK_NETTLE_ALGO([SHA1],[sha1_digest]) AX_CHECK_NETTLE_ALGO([SHA224],[sha224_digest]) AX_CHECK_NETTLE_ALGO([SHA256],[sha256_digest]) diff --git a/sigcheck.c b/sigcheck.c index 852b53b..a0f4feb 100644 --- a/sigcheck.c +++ b/sigcheck.c @@ -27,6 +27,7 @@ #ifdef HAVE_NETTLE #include +#include #include #else #include "md5.h" @@ -42,6 +43,9 @@ int check_packet_sighash(struct openpgp_publickey *key, size_t siglen, unhashedlen; struct sha1_ctx sha1_context; struct md5_ctx md5_context; +#ifdef NETTLE_WITH_RIPEMD160 + struct ripemd160_ctx ripemd160_context; +#endif #ifdef NETTLE_WITH_SHA224 struct sha224_ctx sha224_context; #endif @@ -165,6 +169,19 @@ int check_packet_sighash(struct openpgp_publickey *key, } sha1_digest(&sha1_context, 20, hash); break; + case OPENPGP_HASH_RIPEMD160: +#ifdef NETTLE_WITH_RIPEMD160 + ripemd160_init(&ripemd160_context); + for (i = 0; i < chunks; i++) { + ripemd160_update(&ripemd160_context, hashlen[i], + hashdata[i]); + } + ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE, + hash); +#else + logthing(LOGTHING_INFO, "RIPEMD160 support not available."); + return -1; +#endif case OPENPGP_HASH_SHA224: #ifdef NETTLE_WITH_SHA224 sha224_init(&sha224_context);