1
1
/* sign.c - Sign a message
2
* Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
2
* Copyright (C) 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
4
4
* This file is part of GnuPG.
396
396
release_signerlist = 1;
399
/* Figure out the hash algorithm to use. We do not want to use the
400
one for the certificate but if possible an OID for the plain
402
for (i=0, cl=signerlist; cl; cl = cl->next, i++)
404
const char *oid = ksba_cert_get_digest_algo (cl->cert);
406
cl->hash_algo = oid ? gcry_md_map_name (oid) : 0;
407
switch (cl->hash_algo)
409
case GCRY_MD_SHA1: oid = "1.3.14.3.2.26"; break;
410
case GCRY_MD_RMD160: oid = "1.3.36.3.2.1"; break;
411
case GCRY_MD_SHA224: oid = "2.16.840.1.101.3.4.2.4"; break;
412
case GCRY_MD_SHA256: oid = "2.16.840.1.101.3.4.2.1"; break;
413
case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break;
414
case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;
415
/* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */
417
case GCRY_MD_MD5: /* We don't want to use MD5. */
418
case 0: /* No algorithm found in cert. */
419
default: /* Other algorithms. */
420
log_info (_("hash algorithm %d (%s) for signer %d not supported;"
422
cl->hash_algo, oid? oid: "?", i,
423
gcry_md_algo_name (GCRY_MD_SHA1));
424
cl->hash_algo = GCRY_MD_SHA1;
425
oid = "1.3.14.3.2.26";
428
cl->hash_algo_oid = oid;
432
for (i=0, cl=signerlist; cl; cl = cl->next, i++)
433
log_info (_("hash algorithm used for signer %d: %s (%s)\n"),
434
i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid);
400
438
/* Gather certificates of signers and store them in the CMS object. */
401
439
for (cl=signerlist; cl; cl = cl->next)
421
459
/* Set the hash algorithm we are going to use */
422
err = ksba_cms_add_digest_algo (cms, "1.3.14.3.2.26" /*SHA-1*/);
460
err = ksba_cms_add_digest_algo (cms, cl->hash_algo_oid);
425
463
log_debug ("ksba_cms_add_digest_algo failed: %s\n",
476
515
log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");
478
&& ( !strcmp (algoid, "1.2.840.113549.1.1.2")
479
||!strcmp (algoid, "1.2.840.113549.2.2")))
480
log_info (_("(this is the MD2 algorithm)\n"));
481
516
rc = gpg_error (GPG_ERR_BUG);
488
{ /* we hash the data right now so that we can store the message
523
{ /* We hash the data right now so that we can store the message
489
524
digest. ksba_cms_build() takes this as an flag that detached
490
525
data is expected. */
491
526
unsigned char *digest;
492
527
size_t digest_len;
493
/* Fixme do this for all signers and get the algo to use from
494
the signer's certificate - does not make much sense, but we
495
should do this consistent as we have already done it above. */
497
529
hash_data (data_fd, data_md);
498
digest = gcry_md_read (data_md, algo);
499
digest_len = gcry_md_get_algo_dlen (algo);
500
if ( !digest || !digest_len)
502
log_error ("problem getting the hash of the data\n");
503
rc = gpg_error (GPG_ERR_BUG);
506
530
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
532
digest = gcry_md_read (data_md, cl->hash_algo);
533
digest_len = gcry_md_get_algo_dlen (cl->hash_algo);
534
if ( !digest || !digest_len )
536
log_error ("problem getting the hash of the data\n");
537
rc = gpg_error (GPG_ERR_BUG);
508
540
err = ksba_cms_set_message_digest (cms, signer, digest, digest_len);
561
593
if (stopreason == KSBA_SR_BEGIN_DATA)
562
{ /* hash the data and store the message digest */
595
/* Hash the data and store the message digest. */
563
596
unsigned char *digest;
564
597
size_t digest_len;
566
599
assert (!detached);
567
/* Fixme: get the algo to use from the signer's certificate
568
- does not make much sense, but we should do this
569
consistent as we have already done it above. Code is
570
mostly duplicated above. */
573
601
rc = hash_and_copy_data (data_fd, data_md, writer);
576
digest = gcry_md_read (data_md, algo);
577
digest_len = gcry_md_get_algo_dlen (algo);
578
if ( !digest || !digest_len)
580
log_error ("problem getting the hash of the data\n");
581
rc = gpg_error (GPG_ERR_BUG);
584
604
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
606
digest = gcry_md_read (data_md, cl->hash_algo);
607
digest_len = gcry_md_get_algo_dlen (cl->hash_algo);
608
if ( !digest || !digest_len )
610
log_error ("problem getting the hash of the data\n");
611
rc = gpg_error (GPG_ERR_BUG);
586
614
err = ksba_cms_set_message_digest (cms, signer,
587
615
digest, digest_len);
597
625
else if (stopreason == KSBA_SR_NEED_SIG)
598
{ /* calculate the signature for all signers */
627
/* Compute the signature for all signers. */
602
rc = gcry_md_open (&md, algo, 0);
630
rc = gcry_md_open (&md, 0, 0);
605
633
log_error ("md_open failed: %s\n", gpg_strerror (rc));