~ubuntu-branches/ubuntu/natty/gnupg2/natty

Viewing changes to sm/sign.c

Committer: Bazaar Package Importer
Author(s): Eric Dorland
Date: 2009-03-08 22:46:47 UTC
mfrom: (1.1.11 upstream)
Revision ID: james.westby@ubuntu.com-20090308224647-gq17gatcl71lrc2k

Tags: 2.0.11-1

http://bugs.debian.org/496663

http://bugs.debian.org/496323

* New upstream release. (Closes: #496663)
* debian/control: Make the description a little more distinctive than
gnupg v1's. Thanks Jari Aalto. (Closes: #496323)

files added:
common/b64dec.c

common/percent.c

common/t-b64.c

common/t-percent.c

g10/rmd160.c

g10/rmd160.h

g10/t-rmd160.c

keyserver/gpgkeys_kdns.c

m4/socklen.m4

m4/sys_socket_h.m4

scd/app-geldkarte.c

files modified:
AUTHORS

ChangeLog

Makefile.am

Makefile.in

NEWS

README

THANKS

TODO

VERSION

aclocal.m4

agent/ChangeLog

agent/Makefile.in

agent/agent.h

agent/call-pinentry.c

agent/call-scd.c

agent/command-ssh.c

agent/command.c

agent/divert-scd.c

agent/findkey.c

agent/genkey.c

agent/gpg-agent.c

agent/learncard.c

agent/minip12.c

agent/pksign.c

agent/preset-passphrase.c

agent/protect-tool.c

agent/t-protect.c

agent/trustlist.c

autogen.sh

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/asshelp.c

common/audit.c

common/b64enc.c

common/convert.c

common/estream-printf.c

common/estream.c

common/exechelp.c

common/gettime.c

common/homedir.c

common/http.c

common/i18n.c

common/iobuf.c

common/localename.c

common/miscellaneous.c

common/pka.c

common/signal.c

common/sysutils.c

common/t-convert.c

common/t-gettime.c

common/t-sexputil.c

common/util.h

config.h.in

configure

configure.ac

debian/changelog

debian/control

doc/ChangeLog

doc/DETAILS

doc/FAQ

doc/Makefile.am

doc/Makefile.in

doc/TRANSLATE

doc/com-certs.pem

doc/debugging.texi

doc/examples/trustlist.txt

doc/faq.html

doc/faq.raw

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/gpgv.texi

doc/help.de.txt

doc/help.txt

doc/opt-homedir.texi

doc/qualified.txt

doc/scdaemon.texi

doc/stamp-vti

doc/tools.texi

doc/version.texi

doc/yat2m.c

g10/ChangeLog

g10/Makefile.am

g10/Makefile.in

g10/build-packet.c

g10/call-agent.c

g10/call-agent.h

g10/card-util.c

g10/cpr.c

g10/exec.c

g10/getkey.c

g10/gpg.c

g10/gpgv.c

g10/import.c

g10/keydb.c

g10/keydb.h

g10/keyedit.c

g10/keygen.c

g10/keyid.c

g10/keylist.c

g10/keyring.c

g10/keyserver.c

g10/main.h

g10/mainproc.c

g10/misc.c

g10/options.h

g10/options.skel

g10/parse-packet.c

g10/passphrase.c

g10/photoid.c

g10/photoid.h

g10/pkclist.c

g10/pkglue.c

g10/pubkey-enc.c

g10/server.c

g10/seskey.c

g10/sig-check.c

g10/sign.c

g10/skclist.c

g10/tdbdump.c

g10/tdbio.c

g10/trustdb.c

g10/trustdb.h

g10/verify.c

gl/Makefile.in

include/ChangeLog

include/Makefile.in

include/cipher.h

jnlib/ChangeLog

jnlib/Makefile.am

jnlib/Makefile.in

jnlib/argparse.c

jnlib/argparse.h

jnlib/dotlock.c

jnlib/dynload.h

jnlib/libjnlib-config.h

jnlib/logging.c

jnlib/logging.h

jnlib/stringhelp.c

jnlib/stringhelp.h

jnlib/t-stringhelp.c

jnlib/t-support.c

jnlib/utf8conv.c

jnlib/w32-afunix.c

jnlib/w32-gettext.c

jnlib/w32help.h

kbx/ChangeLog

kbx/Makefile.am

kbx/Makefile.in

kbx/kbxutil.c

kbx/keybox-blob.c

kbx/keybox-defs.h

kbx/keybox-dump.c

kbx/keybox-file.c

kbx/keybox-init.c

kbx/keybox-search.c

kbx/keybox-update.c

keyserver/ChangeLog

keyserver/Makefile.am

keyserver/Makefile.in

keyserver/curl-shim.c

keyserver/gpgkeys_curl.c

keyserver/gpgkeys_finger.c

keyserver/gpgkeys_hkp.c

keyserver/ksutil.c

keyserver/ksutil.h

keyserver/no-libgcrypt.c

m4/ChangeLog

m4/Makefile.am

m4/Makefile.in

po/ChangeLog

po/POTFILES.in

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.am

scd/Makefile.in

scd/apdu.c

scd/apdu.h

scd/app-common.h

scd/app-dinsig.c

scd/app-help.c

scd/app-nks.c

scd/app-openpgp.c

scd/app-p15.c

scd/app.c

scd/ccid-driver.c

scd/command.c

scd/iso7816.c

scd/iso7816.h

scd/pcsc-wrapper.c

scd/scdaemon.c

scd/scdaemon.h

sm/ChangeLog

sm/Makefile.in

sm/call-agent.c

sm/call-dirmngr.c

sm/certchain.c

sm/certcheck.c

sm/certdump.c

sm/certlist.c

sm/certreqgen-ui.c

sm/certreqgen.c

sm/encrypt.c

sm/export.c

sm/fingerprint.c

sm/gpgsm.c

sm/gpgsm.h

sm/import.c

sm/keydb.c

sm/keylist.c

sm/qualified.c

sm/server.c

sm/sign.c

sm/verify.c

tests/ChangeLog

tests/Makefile.am

tests/Makefile.in

tests/asschk.c

tests/inittests

tests/openpgp/ChangeLog

tests/openpgp/Makefile.in

tests/openpgp/clearsig.test

tests/pkits/ChangeLog

tests/pkits/Makefile.am

tests/pkits/Makefile.in

tests/pkits/common.sh

tests/pkits/inittests

tools/ChangeLog

tools/Makefile.in

tools/clean-sat.c

tools/gpg-check-pattern.c

tools/gpg-connect-agent.c

tools/gpgconf-comp.c

tools/gpgconf.c

tools/gpgconf.h

tools/gpgkey2ssh.c

tools/gpgparsemail.c

tools/gpgsplit.c

tools/make-dns-cert.c

tools/mk-tdata.c

tools/no-libgcrypt.c

tools/symcryptrun.c

version

Show diffs side-by-side

added added

removed removed

sm/sign.c

/* sign.c - Sign a message

* This file is part of GnuPG.

396

release_signerlist = 1;

397

}

398

399

/* Figure out the hash algorithm to use. We do not want to use the

400

one for the certificate but if possible an OID for the plain

401

algorithm. */

402

for (i=0, cl=signerlist; cl; cl = cl->next, i++)

403

{

404

const char *oid = ksba_cert_get_digest_algo (cl->cert);

405

406

cl->hash_algo = oid ? gcry_md_map_name (oid) : 0;

407

switch (cl->hash_algo)

408

{

409

case GCRY_MD_SHA1: oid = "1.3.14.3.2.26"; break;

410

case GCRY_MD_RMD160: oid = "1.3.36.3.2.1"; break;

411

case GCRY_MD_SHA224: oid = "2.16.840.1.101.3.4.2.4"; break;

412

case GCRY_MD_SHA256: oid = "2.16.840.1.101.3.4.2.1"; break;

413

case GCRY_MD_SHA384: oid = "2.16.840.1.101.3.4.2.2"; break;

414

case GCRY_MD_SHA512: oid = "2.16.840.1.101.3.4.2.3"; break;

415

/* case GCRY_MD_WHIRLPOOL: oid = "No OID yet"; break; */

416

417

case GCRY_MD_MD5: /* We don't want to use MD5. */

418

case 0: /* No algorithm found in cert. */

419

default: /* Other algorithms. */

420

log_info (_("hash algorithm %d (%s) for signer %d not supported;"

421

" using %s\n"),

422

cl->hash_algo, oid? oid: "?", i,

423

gcry_md_algo_name (GCRY_MD_SHA1));

424

cl->hash_algo = GCRY_MD_SHA1;

425

oid = "1.3.14.3.2.26";

426

break;

427

}

428

cl->hash_algo_oid = oid;

429

}

430

if (opt.verbose)

431

{

432

for (i=0, cl=signerlist; cl; cl = cl->next, i++)

433

log_info (_("hash algorithm used for signer %d: %s (%s)\n"),

434

i, gcry_md_algo_name (cl->hash_algo), cl->hash_algo_oid);

435

}

436

399

437

400

438

/* Gather certificates of signers and store them in the CMS object. */

401

439

for (cl=signerlist; cl; cl = cl->next)

419

457

goto leave;

420

458

}

421

459

/* Set the hash algorithm we are going to use */

422

err = ksba_cms_add_digest_algo (cms, "1.3.14.3.2.26" /*SHA-1*/);

460

err = ksba_cms_add_digest_algo (cms, cl->hash_algo_oid);

423

461

if (err)

424

462

{

425

463

log_debug ("ksba_cms_add_digest_algo failed: %s\n",

458

496

}

459

497

}

460

498

461

/* Prepare hashing (actually we are figuring out what we have set above)*/

499

/* Prepare hashing (actually we are figuring out what we have set

500

above). */

462

501

rc = gcry_md_open (&data_md, 0, 0);

463

502

if (rc)

464

503

{

474

513

if (!algo)

475

514

{

476

515

log_error ("unknown hash algorithm `%s'\n", algoid? algoid:"?");

477

if (algoid

478

&& ( !strcmp (algoid, "1.2.840.113549.1.1.2")

479

||!strcmp (algoid, "1.2.840.113549.2.2")))

480

log_info (_("(this is the MD2 algorithm)\n"));

481

516

rc = gpg_error (GPG_ERR_BUG);

482

517

goto leave;

483

518

}

485

520

}

486

521

487

522

if (detached)

488

{ /* we hash the data right now so that we can store the message

523

{ /* We hash the data right now so that we can store the message

489

524

digest. ksba_cms_build() takes this as an flag that detached

490

525

data is expected. */

491

526

unsigned char *digest;

492

527

size_t digest_len;

493

/* Fixme do this for all signers and get the algo to use from

494

the signer's certificate - does not make much sense, but we

495

should do this consistent as we have already done it above. */

496

algo = GCRY_MD_SHA1;

528

497

529

hash_data (data_fd, data_md);

498

digest = gcry_md_read (data_md, algo);

499

digest_len = gcry_md_get_algo_dlen (algo);

500

if ( !digest || !digest_len)

501

{

502

log_error ("problem getting the hash of the data\n");

503

rc = gpg_error (GPG_ERR_BUG);

504

goto leave;

505

}

506

530

for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)

507

531

{

532

digest = gcry_md_read (data_md, cl->hash_algo);

533

digest_len = gcry_md_get_algo_dlen (cl->hash_algo);

534

if ( !digest || !digest_len )

535

{

536

log_error ("problem getting the hash of the data\n");

537

rc = gpg_error (GPG_ERR_BUG);

538

goto leave;

539

}

508

540

err = ksba_cms_set_message_digest (cms, signer, digest, digest_len);

509

541

if (err)

510

542

{

559

591

}

560

592

561

593

if (stopreason == KSBA_SR_BEGIN_DATA)

562

{ /* hash the data and store the message digest */

594

{

595

/* Hash the data and store the message digest. */

563

596

unsigned char *digest;

564

597

size_t digest_len;

565

598

566

599

assert (!detached);

567

/* Fixme: get the algo to use from the signer's certificate

568

- does not make much sense, but we should do this

569

consistent as we have already done it above. Code is

570

mostly duplicated above. */

571

600

572

algo = GCRY_MD_SHA1;

573

601

rc = hash_and_copy_data (data_fd, data_md, writer);

574

602

if (rc)

575

603

goto leave;

576

digest = gcry_md_read (data_md, algo);

577

digest_len = gcry_md_get_algo_dlen (algo);

578

if ( !digest || !digest_len)

579

{

580

log_error ("problem getting the hash of the data\n");

581

rc = gpg_error (GPG_ERR_BUG);

582

goto leave;

583

}

584

604

for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)

585

605

{

606

digest = gcry_md_read (data_md, cl->hash_algo);

607

digest_len = gcry_md_get_algo_dlen (cl->hash_algo);

608

if ( !digest || !digest_len )

609

{

610

log_error ("problem getting the hash of the data\n");

611

rc = gpg_error (GPG_ERR_BUG);

612

goto leave;

613

}

586

614

err = ksba_cms_set_message_digest (cms, signer,

587

615

digest, digest_len);

588

616

if (err)

595

623

}

596

624

}

597

625

else if (stopreason == KSBA_SR_NEED_SIG)

598

{ /* calculate the signature for all signers */

626

{

627

/* Compute the signature for all signers. */

599

628

gcry_md_hd_t md;

600

629

601

algo = GCRY_MD_SHA1;

602

rc = gcry_md_open (&md, algo, 0);

630

rc = gcry_md_open (&md, 0, 0);

603

631

if (rc)

604

632

{

605

633

log_error ("md_open failed: %s\n", gpg_strerror (rc));

615

643

616

644

if (signer)

617

645

gcry_md_reset (md);

646

{

647

certlist_t cl_tmp;

648

649

for (cl_tmp=signerlist; cl_tmp; cl_tmp = cl_tmp->next)

650

gcry_md_enable (md, cl_tmp->hash_algo);

651

}

652

618

653

rc = ksba_cms_hash_signed_attrs (cms, signer);

619

654

if (rc)

620

655

{

625

660

}

626

661

627

662

rc = gpgsm_create_cms_signature (ctrl, cl->cert,

628

md, algo, &sigval);

663

md, cl->hash_algo, &sigval);

629

664

if (rc)

630

665

{

631

666

gcry_md_close (md);

656

691

rc = asprintf (&buf, "%c %d %d 00 %s %s",

657

692

detached? 'D':'S',

658

693

pkalgo,

659

algo,

694

cl->hash_algo,

660

695

signed_at,

661

696

fpr);

662

697

}

Older »