323
/* If it's a DSA key, and q is 160 bits, it might be an
324
old-style DSA key. If the hash doesn't match the q, fail
325
unless --enable-dsa2 is set. If the q isn't 160 bits, then
326
allow any hash since it must be a DSA2 key (if the hash is
327
too small, we'll fail in encode_md_value). */
328
if (sk->pubkey_algo==PUBKEY_ALGO_DSA
329
&& (gcry_mpi_get_nbits (sk->skey[1])/8)==20
331
&& gcry_md_get_algo_dlen (digest_algo)!=20)
333
log_error(_("DSA requires the use of a 160 bit hash algorithm\n"));
334
return G10ERR_GENERAL;
337
323
frame = encode_md_value( NULL, sk, md, digest_algo );
339
325
return G10ERR_GENERAL;
749
735
* uncompressed, non-armored and in binary mode.
752
sign_file( STRLIST filenames, int detached, STRLIST locusr,
753
int encryptflag, STRLIST remusr, const char *outfile )
738
sign_file( strlist_t filenames, int detached, strlist_t locusr,
739
int encryptflag, strlist_t remusr, const char *outfile )
755
741
const char *fname;
756
742
armor_filter_context_t afx;
863
849
gcry_md_start_debug (mfx.md, "sign");
865
/* If we're encrypting and signing, it is reasonable to pick the
866
hash algorithm to use out of the recepient key prefs. */
851
/* If we're encrypting and signing, it is reasonable to pick the
852
hash algorithm to use out of the recepient key prefs. This is
853
best effort only, as in a DSA2 and smartcard world there are
854
cases where we cannot please everyone with a single hash (DSA2
855
wants >160 and smartcards want =160). In the future this could
856
be more complex with different hashes for each sk, but the
857
current design requires a single hash for all SKs. */
869
860
if(opt.def_digest_algo)
873
int algo, smartcard=0;
874
union pref_hint hint;
876
hint.digest_length = 0;
884
878
/* Of course, if the recipient asks for something
885
unreasonable (like a non-160-bit hash for DSA, for
886
example), then don't do it. Check all sk's - if any
887
are DSA, then the hash must be 160-bit. In the future
888
this can be more complex with different hashes for each
889
sk, but so long as there is only one signing algorithm
890
with hash restrictions, this is ok. -dms */
892
/* Current smartcards only do 160-bit hashes as well.
893
Note that this may well have to change as the cards add
896
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
897
if(sk_rover->sk->pubkey_algo==PUBKEY_ALGO_DSA
898
|| (sk_rover->sk->is_protected
899
&& sk_rover->sk->protect.s2k.mode==1002))
903
select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,
904
hashlen?&hashlen:NULL))>0)
905
recipient_digest_algo=algo;
879
unreasonable (like the wrong hash for a DSA key) then
880
don't do it. Check all sk's - if any are DSA or live
881
on a smartcard, then the hash has restrictions and we
882
may not be able to give the recipient what they want.
883
For DSA, pass a hint for the largest q we have. Note
884
that this means that a q>160 key will override a q=160
885
key and force the use of truncation for the q=160 key.
886
The alternative would be to ignore the recipient prefs
887
completely and get a different hash for each DSA key in
888
hash_for(). The override behavior here is more or less
889
reasonable as it is under the control of the user which
890
keys they sign with for a given message and the fact
891
that the message with multiple signatures won't be
892
usable on an implementation that doesn't understand
895
for (sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next )
897
if (sk_rover->sk->pubkey_algo == PUBKEY_ALGO_DSA)
899
int temp_hashlen = gcry_mpi_get_nbits
900
(sk_rover->sk->skey[1])+7/8;
902
/* Pick a hash that is large enough for our
905
if (hint.digest_length<temp_hashlen)
906
hint.digest_length=temp_hashlen;
908
else if (sk_rover->sk->is_protected
909
&& sk_rover->sk->protect.s2k.mode == 1002)
913
/* Current smartcards only do 160-bit hashes. If we have
914
to have a >160-bit hash, then we can't use the
915
recipient prefs as we'd need both =160 and >160 at the
916
same time and recipient prefs currently require a
917
single hash for all signatures. All this may well have
918
to change as the cards add algorithms. */
920
if (!smartcard || (smartcard && hint.digest_length==20))
922
select_algo_from_prefs(pk_list,PREFTYPE_HASH,-1,&hint)) > 0)
923
recipient_digest_algo=algo;
added
removed
g10/sign.c
