]> git.sommitrealweird.co.uk Git - onak.git/commitdiff
Add support for checking RIPEMD160 signatures
authorJonathan McDowell <noodles@earth.li>
Mon, 30 Sep 2013 11:50:01 +0000 (12:50 +0100)
committerJonathan McDowell <noodles@earth.li>
Mon, 30 Sep 2013 11:50:01 +0000 (12:50 +0100)
Sufficiently recent versions of nettle have support for RIPEMD160 and
there are various keys in the wild that use this algorithm, so add an
autoconf check for the nettle support and use it if it's available.

m4/ax_lib_nettle.m4
sigcheck.c

index 14f923fe5d0750d0cbc293d7cf7abca3eb33ca81..cff46d0658552523961b35177967efc7d05773b2 100644 (file)
@@ -68,6 +68,7 @@ AC_DEFUN([AX_LIB_NETTLE],[
         AX_CHECK_NETTLE_ALGO([MD2],[md2_digest])
         AX_CHECK_NETTLE_ALGO([MD4],[md4_digest])
         AX_CHECK_NETTLE_ALGO([MD5],[md5_digest])
         AX_CHECK_NETTLE_ALGO([MD2],[md2_digest])
         AX_CHECK_NETTLE_ALGO([MD4],[md4_digest])
         AX_CHECK_NETTLE_ALGO([MD5],[md5_digest])
+        AX_CHECK_NETTLE_ALGO([RIPEMD160],[ripemd160_digest])
         AX_CHECK_NETTLE_ALGO([SHA1],[sha1_digest])
         AX_CHECK_NETTLE_ALGO([SHA224],[sha224_digest])
         AX_CHECK_NETTLE_ALGO([SHA256],[sha256_digest])
         AX_CHECK_NETTLE_ALGO([SHA1],[sha1_digest])
         AX_CHECK_NETTLE_ALGO([SHA224],[sha224_digest])
         AX_CHECK_NETTLE_ALGO([SHA256],[sha256_digest])
index 852b53b3784a578d5d41c933b1b5b8cc2656f331..a0f4feb2d6bada946f8eaf2f73088e64d997f8e6 100644 (file)
@@ -27,6 +27,7 @@
 
 #ifdef HAVE_NETTLE
 #include <nettle/md5.h>
 
 #ifdef HAVE_NETTLE
 #include <nettle/md5.h>
+#include <nettle/ripemd160.h>
 #include <nettle/sha.h>
 #else
 #include "md5.h"
 #include <nettle/sha.h>
 #else
 #include "md5.h"
@@ -42,6 +43,9 @@ int check_packet_sighash(struct openpgp_publickey *key,
        size_t siglen, unhashedlen;
        struct sha1_ctx sha1_context;
        struct md5_ctx md5_context;
        size_t siglen, unhashedlen;
        struct sha1_ctx sha1_context;
        struct md5_ctx md5_context;
+#ifdef NETTLE_WITH_RIPEMD160
+       struct ripemd160_ctx ripemd160_context;
+#endif
 #ifdef NETTLE_WITH_SHA224
        struct sha224_ctx sha224_context;
 #endif
 #ifdef NETTLE_WITH_SHA224
        struct sha224_ctx sha224_context;
 #endif
@@ -165,6 +169,19 @@ int check_packet_sighash(struct openpgp_publickey *key,
                }
                sha1_digest(&sha1_context, 20, hash);
                break;
                }
                sha1_digest(&sha1_context, 20, hash);
                break;
+       case OPENPGP_HASH_RIPEMD160:
+#ifdef NETTLE_WITH_RIPEMD160
+               ripemd160_init(&ripemd160_context);
+               for (i = 0; i < chunks; i++) {
+                       ripemd160_update(&ripemd160_context, hashlen[i],
+                               hashdata[i]);
+               }
+               ripemd160_digest(&ripemd160_context, RIPEMD160_DIGEST_SIZE,
+                       hash);
+#else
+               logthing(LOGTHING_INFO, "RIPEMD160 support not available.");
+               return -1;
+#endif
        case OPENPGP_HASH_SHA224:
 #ifdef NETTLE_WITH_SHA224
                sha224_init(&sha224_context);
        case OPENPGP_HASH_SHA224:
 #ifdef NETTLE_WITH_SHA224
                sha224_init(&sha224_context);