gpg: Implemented latest rfc4880bis version 5 packet hashing.

* configure.ac (AC_CHECK_SIZEOF): Test size_t. * g10/sig-check.c (check_signature_end_simple): Support v5 signatures as per current rfc4880bis. For correctness also allow for N > 2^32. * g10/sign.c (pt_extra_hash_data_t): New. (hash_sigversion_to_magic): New arg EXTRAHASH. (write_plaintext_packet): New arg R_EXTRAHASH. (write_signature_packets): Pass EXTRAHASH. (sign_file): Ditto. (sign_symencrypt_file): Ditto. -- Take care: The code path for v5 sigs has not yet been tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2019-03-12 11:09:52 +01:00 · 2019-03-12 11:09:52 +01:00 · a21ca3a1ef
commit a21ca3a1ef
parent f199b627ce
3 changed files with 131 additions and 33 deletions
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -513,6 +513,7 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
      byte buf[10];
      int i;
      size_t n;
+
      gcry_md_putc (digest, sig->pubkey_algo);
      gcry_md_putc (digest, sig->digest_algo);
      if (sig->hashed)
@ -531,22 +532,39 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
 	  gcry_md_putc (digest, 0);
 	  n = 6;
 	}
-	/* add some magic per Section 5.2.4 of RFC 4880.  */
-        i = 0;
-	buf[i++] = sig->version;
-	buf[i++] = 0xff;
-        if (sig->version >= 5)
-          {
-            buf[i++] = 0;
-            buf[i++] = 0;
-            buf[i++] = 0;
-            buf[i++] = 0;
-          }
-	buf[i++] = n >> 24;
-	buf[i++] = n >> 16;
-	buf[i++] = n >>  8;
-	buf[i++] = n;
-	gcry_md_write (digest, buf, i);
+      /* Hash data from the literal data packet.  */
+      if (sig->version >= 5
+          && (sig->sig_class == 0x00 || sig->sig_class == 0x01))
+        {
+          /* - One octet content format
+           * - File name (one octet length followed by the name)
+           * - Four octet timestamp */
+          memset (buf, 0, 6);
+          gcry_md_write (digest, buf, 6);
+        }
+      /* Add some magic per Section 5.2.4 of RFC 4880.  */
+      i = 0;
+      buf[i++] = sig->version;
+      buf[i++] = 0xff;
+      if (sig->version >= 5)
+        {
+#if SIZEOF_SIZE_T > 4
+          buf[i++] = n >> 56;
+          buf[i++] = n >> 48;
+          buf[i++] = n >> 40;
+          buf[i++] = n >> 32;
+#else
+          buf[i++] = 0;
+          buf[i++] = 0;
+          buf[i++] = 0;
+          buf[i++] = 0;
+#endif
+        }
+      buf[i++] = n >> 24;
+      buf[i++] = n >> 16;
+      buf[i++] = n >>  8;
+      buf[i++] = n;
+      gcry_md_write (digest, buf, i);
    }
    gcry_md_final( digest );