summaryrefslogtreecommitdiffstats
path: root/g10/sig-check.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2019-03-12 11:09:52 +0100
committerWerner Koch <wk@gnupg.org>2019-03-14 11:26:54 +0100
commita21ca3a1eff4722dea778cca4abe14a873ccebdf (patch)
tree265f61e68d4abd838bdef616514d781af820b3b0 /g10/sig-check.c
parentFix the previous commit. (diff)
downloadgnupg2-a21ca3a1eff4722dea778cca4abe14a873ccebdf.tar.xz
gnupg2-a21ca3a1eff4722dea778cca4abe14a873ccebdf.zip
gpg: Implemented latest rfc4880bis version 5 packet hashing.
* configure.ac (AC_CHECK_SIZEOF): Test size_t. * g10/sig-check.c (check_signature_end_simple): Support v5 signatures as per current rfc4880bis. For correctness also allow for N > 2^32. * g10/sign.c (pt_extra_hash_data_t): New. (hash_sigversion_to_magic): New arg EXTRAHASH. (write_plaintext_packet): New arg R_EXTRAHASH. (write_signature_packets): Pass EXTRAHASH. (sign_file): Ditto. (sign_symencrypt_file): Ditto. -- Take care: The code path for v5 sigs has not yet been tested. Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10/sig-check.c')
-rw-r--r--g10/sig-check.c50
1 files changed, 34 insertions, 16 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c
index d02c68e33..e8782f90d 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -513,6 +513,7 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
byte buf[10];
int i;
size_t n;
+
gcry_md_putc (digest, sig->pubkey_algo);
gcry_md_putc (digest, sig->digest_algo);
if (sig->hashed)
@@ -531,22 +532,39 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
gcry_md_putc (digest, 0);
n = 6;
}
- /* add some magic per Section 5.2.4 of RFC 4880. */
- i = 0;
- buf[i++] = sig->version;
- buf[i++] = 0xff;
- if (sig->version >= 5)
- {
- buf[i++] = 0;
- buf[i++] = 0;
- buf[i++] = 0;
- buf[i++] = 0;
- }
- buf[i++] = n >> 24;
- buf[i++] = n >> 16;
- buf[i++] = n >> 8;
- buf[i++] = n;
- gcry_md_write (digest, buf, i);
+ /* Hash data from the literal data packet. */
+ if (sig->version >= 5
+ && (sig->sig_class == 0x00 || sig->sig_class == 0x01))
+ {
+ /* - One octet content format
+ * - File name (one octet length followed by the name)
+ * - Four octet timestamp */
+ memset (buf, 0, 6);
+ gcry_md_write (digest, buf, 6);
+ }
+ /* Add some magic per Section 5.2.4 of RFC 4880. */
+ i = 0;
+ buf[i++] = sig->version;
+ buf[i++] = 0xff;
+ if (sig->version >= 5)
+ {
+#if SIZEOF_SIZE_T > 4
+ buf[i++] = n >> 56;
+ buf[i++] = n >> 48;
+ buf[i++] = n >> 40;
+ buf[i++] = n >> 32;
+#else
+ buf[i++] = 0;
+ buf[i++] = 0;
+ buf[i++] = 0;
+ buf[i++] = 0;
+#endif
+ }
+ buf[i++] = n >> 24;
+ buf[i++] = n >> 16;
+ buf[i++] = n >> 8;
+ buf[i++] = n;
+ gcry_md_write (digest, buf, i);
}
gcry_md_final( digest );
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 05:20:29 +0100