From 2b221fa76b136034fd06daab50890532f5b0a32d Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Mon, 19 Jul 2021 14:18:09 +0200
Subject: [PATCH] Truncate digest length for ECDSA. This fixes signing for
 nistp256 keys with Gnuk (Gnuk expects a 32 byte hash for nistp256)

---
 openpgp-card-sequoia/src/signer.rs | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/openpgp-card-sequoia/src/signer.rs b/openpgp-card-sequoia/src/signer.rs
index f9cabf7..e9a16d3 100644
--- a/openpgp-card-sequoia/src/signer.rs
+++ b/openpgp-card-sequoia/src/signer.rs
@@ -7,7 +7,7 @@ use anyhow::anyhow;
 use openpgp::crypto;
 use openpgp::crypto::mpi;
 use openpgp::policy::Policy;
-use openpgp::types::PublicKeyAlgorithm;
+use openpgp::types::{Curve, PublicKeyAlgorithm};
 use sequoia_openpgp as openpgp;
 
 use openpgp_card::card_app::CardApp;
@@ -138,8 +138,16 @@ impl<'a> crypto::Signer for CardSigner<'a> {
 
                 Ok(mpi::Signature::EdDSA { r, s })
             }
-            (PublicKeyAlgorithm::ECDSA, mpi::PublicKey::ECDSA { .. }) => {
-                let hash = Hash::ECDSA(digest);
+            (
+                PublicKeyAlgorithm::ECDSA,
+                mpi::PublicKey::ECDSA { curve, .. },
+            ) => {
+                let hash = match curve {
+                    Curve::NistP256 => Hash::ECDSA(&digest[..32]),
+                    Curve::NistP384 => Hash::ECDSA(&digest[..48]),
+                    Curve::NistP521 => Hash::ECDSA(&digest[..64]),
+                    _ => Hash::ECDSA(digest),
+                };
 
                 let sig = self.ca.signature_for_hash(hash)?;