diff --git a/g10/sign.c b/g10/sign.c index 250c0cfeb..11360b95b 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -49,6 +49,12 @@ #define LF "\n" #endif + +/* Bitflags to convey hints on what kind of signayire is created. */ +#define SIGNHINT_KEYSIG 1 +#define SIGNHINT_SELFSIG 2 + + /* Hack */ static int recipient_digest_algo; @@ -309,10 +315,12 @@ hash_sigversion_to_magic (gcry_md_hd_t md, const PKT_signature *sig, /* Perform the sign operation. If CACHE_NONCE is given the agent is - advised to use that cached passphrase for the key. */ + * advised to use that cached passphrase for the key. SIGNHINTS has + * hints so that we can do some additional checks. */ static int do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, - gcry_md_hd_t md, int mdalgo, const char *cache_nonce) + gcry_md_hd_t md, int mdalgo, + const char *cache_nonce, unsigned int signhints) { gpg_error_t err; byte *dp; @@ -335,6 +343,19 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, if (!mdalgo) mdalgo = gcry_md_get_algo (md); + if ((signhints & SIGNHINT_KEYSIG) && !(signhints & SIGNHINT_SELFSIG) + && mdalgo == GCRY_MD_SHA1 + && !opt.flags.allow_weak_key_signatures) + { + /* We do not allow the creation of third-party key signatures + * using SHA-1 because we also reject them when verifying. Note + * that this will render dsa1024 keys unsuitable for such + * keysigs and in turn the WoT. */ + print_sha1_keysig_rejected_note (); + err = gpg_error (GPG_ERR_DIGEST_ALGO); + goto leave; + } + /* Check compliance. */ if (! gnupg_digest_is_allowed (opt.compliance, 1, mdalgo)) { @@ -431,12 +452,12 @@ do_sign (ctrl_t ctrl, PKT_public_key *pksk, PKT_signature *sig, static int complete_sig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pksk, gcry_md_hd_t md, - const char *cache_nonce) + const char *cache_nonce, unsigned int signhints) { int rc; /* if (!(rc = check_secret_key (pksk, 0))) */ - rc = do_sign (ctrl, pksk, sig, md, 0, cache_nonce); + rc = do_sign (ctrl, pksk, sig, md, 0, cache_nonce, signhints); return rc; } @@ -842,7 +863,7 @@ write_signature_packets (ctrl_t ctrl, hash_sigversion_to_magic (md, sig, extrahash); gcry_md_final (md); - rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce); + rc = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0); gcry_md_close (md); if (!rc) { @@ -1607,6 +1628,8 @@ make_keysig_packet (ctrl_t ctrl, int sigversion; int digest_algo; gcry_md_hd_t md; + u32 pk_keyid[2], pksk_keyid[2]; + unsigned int signhints; log_assert ((sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x1F || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x19 @@ -1634,6 +1657,12 @@ make_keysig_packet (ctrl_t ctrl, else /* Use the default. */ digest_algo = DEFAULT_DIGEST_ALGO; + signhints = SIGNHINT_KEYSIG; + keyid_from_pk (pk, pk_keyid); + keyid_from_pk (pksk, pksk_keyid); + if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1]) + signhints |= SIGNHINT_SELFSIG; + if (gcry_md_open (&md, digest_algo, 0)) BUG (); @@ -1676,7 +1705,7 @@ make_keysig_packet (ctrl_t ctrl, { hash_sigversion_to_magic (md, sig, NULL); gcry_md_final (md); - rc = complete_sig (ctrl, sig, pksk, md, cache_nonce); + rc = complete_sig (ctrl, sig, pksk, md, cache_nonce, signhints); } gcry_md_close (md); @@ -1712,6 +1741,8 @@ update_keysig_packet (ctrl_t ctrl, gpg_error_t rc = 0; int digest_algo; gcry_md_hd_t md; + u32 pk_keyid[2], pksk_keyid[2]; + unsigned int signhints = 0; if ((!orig_sig || !pk || !pksk) || (orig_sig->sig_class >= 0x10 && orig_sig->sig_class <= 0x13 && !uid) @@ -1734,6 +1765,12 @@ update_keysig_packet (ctrl_t ctrl, else digest_algo = orig_sig->digest_algo; + signhints = SIGNHINT_KEYSIG; + keyid_from_pk (pk, pk_keyid); + keyid_from_pk (pksk, pksk_keyid); + if (pk_keyid[0] == pksk_keyid[0] && pk_keyid[1] == pksk_keyid[1]) + signhints |= SIGNHINT_SELFSIG; + if (gcry_md_open (&md, digest_algo, 0)) BUG (); @@ -1787,7 +1824,7 @@ update_keysig_packet (ctrl_t ctrl, { hash_sigversion_to_magic (md, sig, NULL); gcry_md_final (md); - rc = complete_sig (ctrl, sig, pksk, md, NULL); + rc = complete_sig (ctrl, sig, pksk, md, NULL, signhints); } leave: