From 79f749fec99173a2711c48b34fc514fba29032d8 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 21 Mar 2006 12:48:51 +0000 Subject: [PATCH] Allo RMD160 signatures --- NEWS | 2 ++ TODO | 1 + doc/scdaemon.texi | 9 ++++++++- scd/ChangeLog | 4 ++++ scd/command.c | 28 +++++++++++++++++++++++++--- 5 files changed, 40 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 0d520f3ac..a003b3f90 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,8 @@ Noteworthy changes in version 1.9.21 * [gpgsm] Kludge to allow use of Bundesnetzagentur issued certificates. + * [scdaemon] Added --hash=xxx option to the PKSIGN command. + Noteworthy changes in version 1.9.20 (2005-12-20) ------------------------------------------------- diff --git a/TODO b/TODO index 6033d9150..3e4d21dc6 100644 --- a/TODO +++ b/TODO @@ -3,6 +3,7 @@ * src/base64 ** Make parsing more robust Currently we don't cope with overlong lines in the best way. +** Check that we really release the ksba reader/writer objects. * sm/call-agent.c ** The protocol uses an incomplete S-expression diff --git a/doc/scdaemon.texi b/doc/scdaemon.texi index 8bc5810cb..24a22355e 100644 --- a/doc/scdaemon.texi +++ b/doc/scdaemon.texi @@ -444,7 +444,14 @@ hex notation. The actual signing is done using the command @end example where @var{keyid} is the hexified ID of the key to be used. The key id -may have been retrieved using the command @code{LEARN}. +may have been retrieved using the command @code{LEARN}. If another +hash algorithm than SHA-1 is used, that algorithm may be given like: + +@example + PKSIGN --hash=@var{algoname} @var{keyid} +@end example + +With @var{algoname} are one of @code{sha1}, @code{rmd160} or @code{md5}. @node Scdaemon PKDECRYPT diff --git a/scd/ChangeLog b/scd/ChangeLog index d539d210e..27c362d10 100644 --- a/scd/ChangeLog +++ b/scd/ChangeLog @@ -1,3 +1,7 @@ +2006-03-21 Werner Koch + + * command.c (cmd_pksign): Add --hash option. + 2006-03-01 Werner Koch * command.c (status_file_update_lock): New. diff --git a/scd/command.c b/scd/command.c index 805164d0f..70a426959 100644 --- a/scd/command.c +++ b/scd/command.c @@ -708,7 +708,9 @@ pin_cb (void *opaque, const char *info, char **retstr) } -/* PKSIGN +/* PKSIGN [--hash=[rmd160|sha1|md5]] + + The --hash option is optional; the default is SHA1. */ static int @@ -719,6 +721,26 @@ cmd_pksign (assuan_context_t ctx, char *line) unsigned char *outdata; size_t outdatalen; char *keyidstr; + int hash_algo; + + if (has_option (line, "--hash=rmd160")) + hash_algo = GCRY_MD_RMD160; + else if (has_option (line, "--hash=sha1")) + hash_algo = GCRY_MD_SHA1; + else if (has_option (line, "--hash=md5")) + hash_algo = GCRY_MD_MD5; + else if (!strstr (line, "--")) + hash_algo = GCRY_MD_SHA1; + else + return set_error (Parameter_Error, "invalid hash algorithm"); + /* Skip over options. */ + while ( *line == '-' && line[1] == '-' ) + { + while (*line && !spacep (line)) + line++; + while (spacep (line)) + line++; + } if ( IS_LOCKED (ctrl) ) return gpg_error (GPG_ERR_LOCKED); @@ -734,7 +756,7 @@ cmd_pksign (assuan_context_t ctx, char *line) return ASSUAN_Out_Of_Core; rc = app_sign (ctrl->app_ctx, - keyidstr, GCRY_MD_SHA1, + keyidstr, hash_algo, pin_cb, ctx, ctrl->in_data.value, ctrl->in_data.valuelen, &outdata, &outdatalen); @@ -777,7 +799,7 @@ cmd_pkauth (assuan_context_t ctx, char *line) if (!ctrl->app_ctx) return gpg_error (GPG_ERR_UNSUPPORTED_OPERATION); - /* We have to use a copy of the key ID because the function may use + /* We have to use a copy of the key ID because the function may use the pin_cb which in turn uses the assuan line buffer and thus overwriting the original line with the keyid */ keyidstr = xtrystrdup (line);