2 * sigcheck.c - routines to check OpenPGP signatures
4 * Copyright 2012 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
22 #include "build-config.h"
23 #include "decodekey.h"
25 #include "keystructs.h"
32 #include <nettle/md5.h>
33 #include <nettle/ripemd160.h>
34 #include <nettle/sha.h>
44 #include <nettle/dsa.h>
45 #include <nettle/ecc.h>
46 #include <nettle/ecc-curve.h>
47 #include <nettle/ecdsa.h>
48 #include <nettle/eddsa.h>
49 #include <nettle/rsa.h>
53 /* Take an MPI from a buffer and import it into a GMP mpz_t */
54 #define MPI_TO_MPZ(pk, v) \
56 /* MPI length is stored in bits, convert it to bytes */ \
57 if (pk->length < (ofs + 2)) { \
58 ret = ONAK_E_INVALID_PKT; \
60 len = pk->data[ofs] << 8 | pk->data[ofs + 1]; \
63 if (pk->length < (ofs + len + 2)) { \
64 ret = ONAK_E_INVALID_PKT; \
66 mpz_import(v, len, 1, 1, 0, 0, &pk->data[ofs + 2]); \
75 * Hold the crypto material for a public key.
76 * May want to move to a header at some point.
78 struct onak_key_material {
81 struct dsa_params dsa;
83 struct rsa_public_key rsa;
89 static void onak_free_key_material(struct onak_key_material *key)
92 case OPENPGP_PKALGO_ECDSA:
93 ecc_point_clear(&key->ecc);
95 case OPENPGP_PKALGO_DSA:
96 mpz_clear(key->dsa.p);
97 mpz_clear(key->dsa.q);
98 mpz_clear(key->dsa.g);
101 case OPENPGP_PKALGO_RSA:
102 case OPENPGP_PKALGO_RSA_ENC:
103 case OPENPGP_PKALGO_RSA_SIGN:
104 mpz_clear(key->rsa.n);
105 mpz_clear(key->rsa.e);
109 /* Set the key type back to 0 to indicate we cleared it */
115 static onak_status_t onak_parse_key_material(struct openpgp_packet *pk,
116 struct onak_key_material *key)
121 onak_status_t ret = ONAK_E_OK;
123 /* Clear the key type; only set it when fully parsed */
127 * Shortest valid key is v4 Ed25519, which takes 51 bytes, so do a
128 * quick sanity check which will ensure we have enough data to check
129 * the packet header and OID info.
132 return ONAK_E_INVALID_PKT;
134 if (pk->data[0] != 4 && pk->data[0] != 5)
135 return ONAK_E_UNSUPPORTED_FEATURE;
138 * MPIs are after version byte, 4 byte creation time +
139 * type byte plus length for v5.
141 ofs = (pk->data[0] == 4) ? 6 : 10;
142 switch (pk->data[5]) {
143 case OPENPGP_PKALGO_ECDSA:
144 oid = onak_parse_oid(&pk->data[ofs], pk->length - ofs);
145 if (oid == ONAK_OID_INVALID)
146 return ONAK_E_INVALID_PKT;
147 if (oid == ONAK_OID_UNKNOWN)
148 return ONAK_E_UNSUPPORTED_FEATURE;
150 if (oid == ONAK_OID_NISTP256) {
151 if (pk->length - ofs != 76)
152 return ONAK_E_INVALID_PKT;
153 /* Move past the OID to the key data MPI */
154 ofs += pk->data[ofs] + 1;
155 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
157 return ONAK_E_INVALID_PKT;
158 if (pk->data[ofs + 2] != 4)
159 return ONAK_E_INVALID_PKT;
162 ecc_point_init(&key->ecc, nettle_get_secp_256r1());
164 mpz_import(x, 32, 1, 1, 0, 0, &pk->data[ofs]);
166 mpz_import(y, 32, 1, 1, 0, 0, &pk->data[ofs]);
168 ecc_point_set(&key->ecc, x, y);
169 } else if (oid == ONAK_OID_NISTP384) {
170 if (pk->length - ofs != 105)
171 return ONAK_E_INVALID_PKT;
172 /* Move past the OID to the key data MPI */
173 ofs += pk->data[ofs] + 1;
174 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
176 return ONAK_E_INVALID_PKT;
177 if (pk->data[ofs + 2] != 4)
178 return ONAK_E_INVALID_PKT;
181 ecc_point_init(&key->ecc, nettle_get_secp_384r1());
183 mpz_import(x, 48, 1, 1, 0, 0, &pk->data[ofs]);
185 mpz_import(y, 48, 1, 1, 0, 0, &pk->data[ofs]);
187 ecc_point_set(&key->ecc, x, y);
188 } else if (oid == ONAK_OID_NISTP521) {
189 if (pk->length - ofs != 141)
190 return ONAK_E_INVALID_PKT;
191 /* Move past the OID to the key data MPI */
192 ofs += pk->data[ofs] + 1;
193 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
195 return ONAK_E_INVALID_PKT;
196 if (pk->data[ofs + 2] != 4)
197 return ONAK_E_INVALID_PKT;
200 ecc_point_init(&key->ecc, nettle_get_secp_521r1());
202 mpz_import(x, 66, 1, 1, 0, 0, &pk->data[ofs]);
204 mpz_import(y, 66, 1, 1, 0, 0, &pk->data[ofs]);
206 ecc_point_set(&key->ecc, x, y);
208 return ONAK_E_UNSUPPORTED_FEATURE;
213 case OPENPGP_PKALGO_EDDSA:
214 if (pk->length - ofs != 45)
215 return ONAK_E_INVALID_PKT;
216 oid = onak_parse_oid(&pk->data[ofs], pk->length - ofs);
217 if (oid == ONAK_OID_INVALID)
218 return ONAK_E_INVALID_PKT;
219 if (oid == ONAK_OID_UNKNOWN)
220 return ONAK_E_UNSUPPORTED_FEATURE;
222 /* Move past the OID to the key data MPI */
223 ofs += pk->data[ofs] + 1;
225 if (oid == ONAK_OID_ED25519) {
226 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
228 return ONAK_E_INVALID_PKT;
229 if (pk->data[ofs + 2] != 0x40)
230 return ONAK_E_INVALID_PKT;
232 memcpy(key->ed25519, &pk->data[ofs], 32);
235 return ONAK_E_UNSUPPORTED_FEATURE;
238 case OPENPGP_PKALGO_DSA:
239 mpz_init(key->dsa.p);
240 mpz_init(key->dsa.q);
241 mpz_init(key->dsa.g);
243 MPI_TO_MPZ(pk, key->dsa.p);
244 if (ret == ONAK_E_OK)
245 MPI_TO_MPZ(pk, key->dsa.q);
246 if (ret == ONAK_E_OK)
247 MPI_TO_MPZ(pk, key->dsa.g);
248 if (ret == ONAK_E_OK)
249 MPI_TO_MPZ(pk, key->y);
251 case OPENPGP_PKALGO_RSA:
252 case OPENPGP_PKALGO_RSA_ENC:
253 case OPENPGP_PKALGO_RSA_SIGN:
254 mpz_init(key->rsa.n);
255 mpz_init(key->rsa.e);
256 key->rsa.size = ((pk->data[6] << 8) + pk->data[7] + 7) >> 3;
257 MPI_TO_MPZ(pk, key->rsa.n);
258 if (ret == ONAK_E_OK)
259 MPI_TO_MPZ(pk, key->rsa.e);
262 return ONAK_E_UNSUPPORTED_FEATURE;
265 key->type = pk->data[5];
267 if (ret != ONAK_E_OK) {
268 onak_free_key_material(key);
274 onak_status_t onak_check_hash_sig(struct openpgp_publickey *sigkey,
275 struct openpgp_packet *sig,
280 struct onak_key_material pubkey;
281 struct dsa_signature dsasig;
287 ret = onak_parse_key_material(sigkey->publickey, &pubkey);
288 if (ret != ONAK_E_OK) {
292 /* Sanity check the length of the signature packet */
293 if (sig->length < 8) {
294 ret = ONAK_E_INVALID_PKT;
298 /* Is the key the same type as the signature we're checking? */
299 if (pubkey.type != sig->data[2]) {
300 ret = ONAK_E_INVALID_PARAM;
304 /* Skip the hashed data */
305 ofs = (sig->data[4] << 8) + sig->data[5] + 6;
306 if (sig->length < ofs + 2) {
307 ret = ONAK_E_INVALID_PKT;
310 /* Skip the unhashed data */
311 ofs += (sig->data[ofs] << 8) + sig->data[ofs + 1] + 2;
312 if (sig->length < ofs + 2) {
313 ret = ONAK_E_INVALID_PKT;
316 /* Skip the sig hash bytes */
319 /* Parse the actual signature values */
320 switch (sig->data[2]) {
321 case OPENPGP_PKALGO_ECDSA:
322 case OPENPGP_PKALGO_DSA:
325 MPI_TO_MPZ(sig, dsasig.r);
326 if (ret == ONAK_E_OK)
327 MPI_TO_MPZ(sig, dsasig.s);
329 case OPENPGP_PKALGO_EDDSA:
332 MPI_TO_MPZ(sig, dsasig.r);
333 if (ret == ONAK_E_OK)
334 MPI_TO_MPZ(sig, dsasig.s);
335 mpz_export(edsig, NULL, 1, 1, 0, 0, dsasig.r);
336 mpz_export(&edsig[32], NULL, 1, 1, 0, 0, dsasig.s);
338 case OPENPGP_PKALGO_RSA:
339 case OPENPGP_PKALGO_RSA_SIGN:
345 /* If we didn't parse the signature properly then do clean-up */
346 if (ret != ONAK_E_OK)
349 /* Squash a signing only RSA key to a standard RSA key for below */
350 if (pubkey.type == OPENPGP_PKALGO_RSA_SIGN) {
351 pubkey.type = OPENPGP_PKALGO_RSA;
354 #define KEYHASH(key, hash) ((key << 8) | hash)
356 switch KEYHASH(pubkey.type, hashtype) {
357 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_MD5):
358 ret = dsa_verify(&pubkey.dsa, pubkey.y,
359 MD5_DIGEST_SIZE, hash, &dsasig) ?
360 ONAK_E_WEAK_SIGNATURE : ONAK_E_BAD_SIGNATURE;
362 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_RIPEMD160):
363 ret = dsa_verify(&pubkey.dsa, pubkey.y,
364 RIPEMD160_DIGEST_SIZE, hash, &dsasig) ?
365 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
367 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA1):
368 ret = dsa_verify(&pubkey.dsa, pubkey.y,
369 SHA1_DIGEST_SIZE, hash, &dsasig) ?
370 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
372 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA1X):
373 ret = dsa_verify(&pubkey.dsa, pubkey.y,
374 SHA1X_DIGEST_SIZE, hash, &dsasig) ?
375 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
377 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA224):
378 ret = dsa_verify(&pubkey.dsa, pubkey.y,
379 SHA224_DIGEST_SIZE, hash, &dsasig) ?
380 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
382 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA256):
383 ret = dsa_verify(&pubkey.dsa, pubkey.y,
384 SHA256_DIGEST_SIZE, hash, &dsasig) ?
385 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
387 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA384):
388 ret = dsa_verify(&pubkey.dsa, pubkey.y,
389 SHA384_DIGEST_SIZE, hash, &dsasig) ?
390 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
392 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA512):
393 ret = dsa_verify(&pubkey.dsa, pubkey.y,
394 SHA512_DIGEST_SIZE, hash, &dsasig) ?
395 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
397 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA1):
398 ret = ecdsa_verify(&pubkey.ecc,
399 SHA1_DIGEST_SIZE, hash, &dsasig) ?
400 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
401 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA256):
402 ret = ecdsa_verify(&pubkey.ecc,
403 SHA256_DIGEST_SIZE, hash, &dsasig) ?
404 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
406 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA384):
407 ret = ecdsa_verify(&pubkey.ecc,
408 SHA384_DIGEST_SIZE, hash, &dsasig) ?
409 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
411 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA512):
412 ret = ecdsa_verify(&pubkey.ecc,
413 SHA512_DIGEST_SIZE, hash, &dsasig) ?
414 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
416 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_RIPEMD160):
417 ret = ed25519_sha512_verify(pubkey.ed25519,
418 RIPEMD160_DIGEST_SIZE, hash, edsig) ?
419 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
421 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_SHA256):
422 ret = ed25519_sha512_verify(pubkey.ed25519,
423 SHA256_DIGEST_SIZE, hash, edsig) ?
424 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
426 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_SHA384):
427 ret = ed25519_sha512_verify(pubkey.ed25519,
428 SHA384_DIGEST_SIZE, hash, edsig) ?
429 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
431 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_SHA512):
432 ret = ed25519_sha512_verify(pubkey.ed25519,
433 SHA512_DIGEST_SIZE, hash, edsig) ?
434 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
436 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_MD5):
437 ret = rsa_md5_verify_digest(&pubkey.rsa, hash, s) ?
438 ONAK_E_WEAK_SIGNATURE : ONAK_E_BAD_SIGNATURE;
440 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_RIPEMD160):
441 ret = rsa_ripemd160_verify_digest(&pubkey.rsa, hash, s) ?
442 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
444 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA1):
445 ret = rsa_sha1_verify_digest(&pubkey.rsa, hash, s) ?
446 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
448 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA224):
449 ret = rsa_sha224_verify_digest(&pubkey.rsa, hash, s) ?
450 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
452 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA256):
453 ret = rsa_sha256_verify_digest(&pubkey.rsa, hash, s) ?
454 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
456 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA384):
457 ret = rsa_sha384_verify_digest(&pubkey.rsa, hash, s) ?
458 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
460 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA512):
461 ret = rsa_sha512_verify_digest(&pubkey.rsa, hash, s) ?
462 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
465 ret = ONAK_E_UNSUPPORTED_FEATURE;
469 switch (sig->data[2]) {
470 case OPENPGP_PKALGO_ECDSA:
471 case OPENPGP_PKALGO_EDDSA:
472 case OPENPGP_PKALGO_DSA:
476 case OPENPGP_PKALGO_RSA:
477 case OPENPGP_PKALGO_RSA_SIGN:
483 onak_free_key_material(&pubkey);
488 #endif /* HAVE_CRYPTO */
490 onak_status_t calculate_packet_sighash(struct openpgp_publickey *key,
491 struct openpgp_packet *packet,
492 struct openpgp_packet *sig,
497 size_t siglen, unhashedlen;
498 struct sha1_ctx sha1_context;
499 struct sha1x_ctx sha1x_context;
500 struct md5_ctx md5_context;
502 struct ripemd160_ctx ripemd160_context;
503 struct sha224_ctx sha224_context;
504 struct sha256_ctx sha256_context;
505 struct sha384_ctx sha384_context;
506 struct sha512_ctx sha512_context;
508 uint8_t keyheader[5];
509 uint8_t packetheader[5];
511 uint8_t *hashdata[8];
520 switch (sig->data[0]) {
524 keyheader[1] = key->publickey->length >> 8;
525 keyheader[2] = key->publickey->length & 0xFF;
526 hashdata[0] = keyheader;
528 hashdata[1] = key->publickey->data;
529 hashlen[1] = key->publickey->length;
532 *hashtype = sig->data[16];
534 if (packet != NULL) {
535 if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
536 packetheader[0] = 0x99;
537 packetheader[1] = packet->length >> 8;
538 packetheader[2] = packet->length & 0xFF;
539 hashdata[chunks] = packetheader;
544 // TODO: Things other than UIDS/subkeys?
545 hashdata[chunks] = packet->data;
546 hashlen[chunks] = packet->length;
550 hashdata[chunks] = &sig->data[2];
553 *sighash = &sig->data[17];
557 keyheader[1] = key->publickey->length >> 8;
558 keyheader[2] = key->publickey->length & 0xFF;
559 hashdata[0] = keyheader;
561 hashdata[1] = key->publickey->data;
562 hashlen[1] = key->publickey->length;
565 /* Check to see if this is an X509 based signature */
566 if (sig->data[2] == 0 || sig->data[2] == 100) {
570 res = parse_subpackets(&sig->data[4],
571 sig->length - 4, &len,
573 if (res != ONAK_E_OK) {
577 /* No unhashed data */
578 sig->data[4 + len] == 0 &&
579 sig->data[5 + len] == 0 &&
580 /* Dummy 0 checksum */
581 sig->data[6 + len] == 0 &&
582 sig->data[7 + len] == 0 &&
584 sig->data[8 + len] == 0 &&
585 sig->data[9 + len] == 1 &&
586 sig->data[10 + len] == 1) {
587 return ONAK_E_UNSUPPORTED_FEATURE;
591 *hashtype = sig->data[3];
593 if (packet != NULL) {
594 if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
595 packetheader[0] = 0x99;
596 packetheader[1] = packet->length >> 8;
597 packetheader[2] = packet->length & 0xFF;
598 hashdata[chunks] = packetheader;
601 } else if (packet->tag == OPENPGP_PACKET_UID ||
602 packet->tag == OPENPGP_PACKET_UAT) {
603 packetheader[0] = (packet->tag ==
604 OPENPGP_PACKET_UID) ? 0xB4 : 0xD1;
605 packetheader[1] = packet->length >> 24;
606 packetheader[2] = (packet->length >> 16) & 0xFF;
607 packetheader[3] = (packet->length >> 8) & 0xFF;
608 packetheader[4] = packet->length & 0xFF;
609 hashdata[chunks] = packetheader;
613 hashdata[chunks] = packet->data;
614 hashlen[chunks] = packet->length;
618 hashdata[chunks] = sig->data;
619 hashlen[chunks] = siglen = (sig->data[4] << 8) +
621 if (siglen > sig->length) {
622 /* Signature data exceed packet length, bogus */
623 return ONAK_E_INVALID_PKT;
629 trailer[2] = siglen >> 24;
630 trailer[3] = (siglen >> 16) & 0xFF;
631 trailer[4] = (siglen >> 8) & 0xFF;
632 trailer[5] = siglen & 0xFF;
633 hashdata[chunks] = trailer;
637 unhashedlen = (sig->data[siglen] << 8) +
638 sig->data[siglen + 1];
639 *sighash = &sig->data[siglen + unhashedlen + 2];
645 keyheader[3] = key->publickey->length >> 8;
646 keyheader[4] = key->publickey->length & 0xFF;
647 hashdata[0] = keyheader;
649 hashdata[1] = key->publickey->data;
650 hashlen[1] = key->publickey->length;
653 *hashtype = sig->data[3];
655 if (packet != NULL) {
656 if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
657 packetheader[0] = 0x9A;
660 packetheader[3] = packet->length >> 8;
661 packetheader[4] = packet->length & 0xFF;
662 hashdata[chunks] = packetheader;
665 } else if (packet->tag == OPENPGP_PACKET_UID ||
666 packet->tag == OPENPGP_PACKET_UAT) {
667 packetheader[0] = (packet->tag ==
668 OPENPGP_PACKET_UID) ? 0xB4 : 0xD1;
669 packetheader[1] = packet->length >> 24;
670 packetheader[2] = (packet->length >> 16) & 0xFF;
671 packetheader[3] = (packet->length >> 8) & 0xFF;
672 packetheader[4] = packet->length & 0xFF;
673 hashdata[chunks] = packetheader;
677 hashdata[chunks] = packet->data;
678 hashlen[chunks] = packet->length;
682 hashdata[chunks] = sig->data;
683 hashlen[chunks] = siglen = (sig->data[4] << 8) +
685 if (siglen > sig->length) {
686 /* Signature data exceed packet length, bogus */
687 return ONAK_E_INVALID_PKT;
697 trailer[6] = siglen >> 24;
698 trailer[7] = (siglen >> 16) & 0xFF;
699 trailer[8] = (siglen >> 8) & 0xFF;
700 trailer[9] = siglen & 0xFF;
701 hashdata[chunks] = trailer;
702 hashlen[chunks] = 10;
705 unhashedlen = (sig->data[siglen] << 8) +
706 sig->data[siglen + 1];
707 *sighash = &sig->data[siglen + unhashedlen + 2];
710 return ONAK_E_UNSUPPORTED_FEATURE;
714 case OPENPGP_HASH_MD5:
715 md5_init(&md5_context);
716 for (i = 0; i < chunks; i++) {
717 md5_update(&md5_context, hashlen[i], hashdata[i]);
719 md5_digest(&md5_context, MD5_DIGEST_SIZE, hash);
721 case OPENPGP_HASH_SHA1:
722 sha1_init(&sha1_context);
723 for (i = 0; i < chunks; i++) {
724 sha1_update(&sha1_context, hashlen[i], hashdata[i]);
726 sha1_digest(&sha1_context, SHA1_DIGEST_SIZE, hash);
728 case OPENPGP_HASH_SHA1X:
729 sha1x_init(&sha1x_context);
730 for (i = 0; i < chunks; i++) {
731 sha1x_update(&sha1x_context, hashlen[i], hashdata[i]);
733 sha1x_digest(&sha1x_context, SHA1X_DIGEST_SIZE, hash);
736 case OPENPGP_HASH_RIPEMD160:
737 ripemd160_init(&ripemd160_context);
738 for (i = 0; i < chunks; i++) {
739 ripemd160_update(&ripemd160_context, hashlen[i],
742 ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE,
745 case OPENPGP_HASH_SHA224:
746 sha224_init(&sha224_context);
747 for (i = 0; i < chunks; i++) {
748 sha224_update(&sha224_context, hashlen[i],
751 sha224_digest(&sha224_context, SHA224_DIGEST_SIZE, hash);
753 case OPENPGP_HASH_SHA256:
754 sha256_init(&sha256_context);
755 for (i = 0; i < chunks; i++) {
756 sha256_update(&sha256_context, hashlen[i],
759 sha256_digest(&sha256_context, SHA256_DIGEST_SIZE, hash);
761 case OPENPGP_HASH_SHA384:
762 sha384_init(&sha384_context);
763 for (i = 0; i < chunks; i++) {
764 sha384_update(&sha384_context, hashlen[i],
767 sha384_digest(&sha384_context, SHA384_DIGEST_SIZE, hash);
769 case OPENPGP_HASH_SHA512:
770 sha512_init(&sha512_context);
771 for (i = 0; i < chunks; i++) {
772 sha512_update(&sha512_context, hashlen[i],
775 sha512_digest(&sha512_context, SHA512_DIGEST_SIZE, hash);
779 return ONAK_E_UNSUPPORTED_FEATURE;