Allo RMD160 signatures

NEWS

@@ -11,6 +11,8 @@ Noteworthy changes in version 1.9.21
  * [gpgsm] Kludge to allow use of Bundesnetzagentur issued
    certificates.
 
+ * [scdaemon] Added --hash=xxx option to the PKSIGN command.
+
 
 Noteworthy changes in version 1.9.20 (2005-12-20)
 -------------------------------------------------

TODO

@@ -3,6 +3,7 @@
 * src/base64
 ** Make parsing more robust
 Currently we don't cope with overlong lines in the best way.
+** Check that we really release the ksba reader/writer objects.
 
 * sm/call-agent.c
 ** The protocol uses an incomplete S-expression

doc/scdaemon.texi

@@ -444,7 +444,14 @@ hex notation.  The actual signing is done using the command
 @end example
 
 where @var{keyid} is the hexified ID of the key to be used.  The key id
-may have been retrieved using the command @code{LEARN}.
+may have been retrieved using the command @code{LEARN}.  If another
+hash algorithm than SHA-1 is used, that algorithm may be given like:
+
+@example
+  PKSIGN --hash=@var{algoname} @var{keyid}
+@end example
+
+With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}.
 
 
 @node Scdaemon PKDECRYPT

scd/ChangeLog

@@ -1,3 +1,7 @@
+2006-03-21  Werner Koch  <wk@g10code.com>
+
+	* command.c (cmd_pksign): Add --hash option.
+
 2006-03-01  Werner Koch  <wk@g10code.com>
 
 	* command.c (status_file_update_lock): New.

scd/command.c

@@ -708,7 +708,9 @@ pin_cb (void *opaque, const char *info, char **retstr)
 }
 
 
-/* PKSIGN <hexified_id>
+/* PKSIGN [--hash=[rmd160|sha1|md5]] <hexified_id>
+
+   The --hash option is optional; the default is SHA1.
 
  */
 static int
@@ -719,6 +721,26 @@ cmd_pksign (assuan_context_t ctx, char *line)
   unsigned char *outdata;
   size_t outdatalen;
   char *keyidstr;
+  int hash_algo;
+
+  if (has_option (line, "--hash=rmd160"))
+    hash_algo = GCRY_MD_RMD160;
+  else if (has_option (line, "--hash=sha1"))
+    hash_algo = GCRY_MD_SHA1;
+  else if (has_option (line, "--hash=md5"))
+    hash_algo = GCRY_MD_MD5;
+  else if (!strstr (line, "--"))
+    hash_algo = GCRY_MD_SHA1; 
+  else
+    return set_error (Parameter_Error, "invalid hash algorithm");
+  /* Skip over options. */
+  while ( *line == '-' && line[1] == '-' )
+    {
+      while (*line && !spacep (line))
+        line++;
+      while (spacep (line))
+        line++;
+    }
 
   if ( IS_LOCKED (ctrl) )
     return gpg_error (GPG_ERR_LOCKED);
@@ -734,7 +756,7 @@ cmd_pksign (assuan_context_t ctx, char *line)
     return ASSUAN_Out_Of_Core;
   
   rc = app_sign (ctrl->app_ctx,
-                 keyidstr, GCRY_MD_SHA1,
+                 keyidstr, hash_algo,
                  pin_cb, ctx,
                  ctrl->in_data.value, ctrl->in_data.valuelen,
                  &outdata, &outdatalen);
@@ -777,7 +799,7 @@ cmd_pkauth (assuan_context_t ctx, char *line)
   if (!ctrl->app_ctx)
     return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION);
 
-  /* We have to use a copy of the key ID because the function may use
+ /* We have to use a copy of the key ID because the function may use
      the pin_cb which in turn uses the assuan line buffer and thus
      overwriting the original line with the keyid */
   keyidstr = xtrystrdup (line);