turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Truncate digest length for ECDSA.

Browse source 
This fixes signing for nistp256 keys with Gnuk (Gnuk expects a 32 byte hash for nistp256)
This commit is contained in:
Heiko Schaefer 2021-07-19 14:18:09 +02:00
parent b47b7930f0
commit 2b221fa76b
1 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
openpgp-card-sequoia/src/signer.rs
View file

@ -7,7 +7,7 @@ use anyhow::anyhow;
use openpgp::crypto;
use openpgp::crypto::mpi;
use openpgp::policy::Policy;
use openpgp::types::PublicKeyAlgorithm;
use openpgp::types::{Curve, PublicKeyAlgorithm};
use sequoia_openpgp as openpgp;
use openpgp_card::card_app::CardApp;
@ -138,8 +138,16 @@ impl<'a> crypto::Signer for CardSigner<'a> {
Ok(mpi::Signature::EdDSA { r, s })
}
(PublicKeyAlgorithm::ECDSA, mpi::PublicKey::ECDSA { .. }) => {
let hash = Hash::ECDSA(digest);
(
PublicKeyAlgorithm::ECDSA,
mpi::PublicKey::ECDSA { curve, .. },
) => {
let hash = match curve {
Curve::NistP256 => Hash::ECDSA(&digest[..32]),
Curve::NistP384 => Hash::ECDSA(&digest[..48]),
Curve::NistP521 => Hash::ECDSA(&digest[..64]),
_ => Hash::ECDSA(digest),
};
let sig = self.ca.signature_for_hash(hash)?;