From 6cda28834af077889fbfd60adfaab5feafbaf1d3 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Fri, 1 Mar 2024 20:54:30 +0100
Subject: [PATCH] fix: configure hash_alg based on signing key type

Don't set a default HashAlgorithm: not all combinations are legal (e.g. SHA256 and NIST P-521 will error on use).
---
 src/composed/key/public.rs     | 1 +
 src/composed/key/secret.rs     | 1 +
 src/composed/key/shared.rs     | 2 ++
 src/packet/public_key_macro.rs | 1 +
 src/packet/secret_key_macro.rs | 1 +
 src/packet/signature/config.rs | 2 --
 src/packet/user_attribute.rs   | 1 +
 src/packet/user_id.rs          | 1 +
 8 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/composed/key/public.rs b/src/composed/key/public.rs
index 1933cd3b..3d81cd3a 100644
--- a/src/composed/key/public.rs
+++ b/src/composed/key/public.rs
@@ -112,6 +112,7 @@ impl PublicSubkey {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::SubkeyBinding)
             .pub_alg(sec_key.algorithm())
+            .hash_alg(sec_key.hash_alg())
             .hashed_subpackets(hashed_subpackets)
             .unhashed_subpackets(vec![Subpacket::regular(SubpacketData::Issuer(
                 sec_key.key_id(),
diff --git a/src/composed/key/secret.rs b/src/composed/key/secret.rs
index 0807dd83..8a23152f 100644
--- a/src/composed/key/secret.rs
+++ b/src/composed/key/secret.rs
@@ -103,6 +103,7 @@ impl SecretSubkey {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::SubkeyBinding)
             .pub_alg(sec_key.algorithm())
+            .hash_alg(sec_key.hash_alg())
             .hashed_subpackets(hashed_subpackets)
             .unhashed_subpackets(vec![Subpacket::regular(SubpacketData::Issuer(
                 sec_key.key_id(),
diff --git a/src/composed/key/shared.rs b/src/composed/key/shared.rs
index 0bf51ce5..a49ecc32 100644
--- a/src/composed/key/shared.rs
+++ b/src/composed/key/shared.rs
@@ -89,6 +89,7 @@ impl KeyDetails {
             let config = SignatureConfigBuilder::default()
                 .typ(SignatureType::CertGeneric)
                 .pub_alg(key.algorithm())
+                .hash_alg(key.hash_alg())
                 .hashed_subpackets(hashed_subpackets)
                 .unhashed_subpackets(vec![Subpacket::regular(SubpacketData::Issuer(
                     key.key_id(),
@@ -109,6 +110,7 @@ impl KeyDetails {
                     let config = SignatureConfigBuilder::default()
                         .typ(SignatureType::CertGeneric)
                         .pub_alg(key.algorithm())
+                        .hash_alg(key.hash_alg())
                         .hashed_subpackets(vec![
                             Subpacket::regular(SubpacketData::SignatureCreationTime(
                                 chrono::Utc::now().trunc_subsecs(0),
diff --git a/src/packet/public_key_macro.rs b/src/packet/public_key_macro.rs
index 1539fd54..3707c813 100644
--- a/src/packet/public_key_macro.rs
+++ b/src/packet/public_key_macro.rs
@@ -141,6 +141,7 @@ macro_rules! impl_public_key {
 
                 config
                     .pub_alg(key.algorithm())
+                    .hash_alg(key.hash_alg())
                     .hashed_subpackets(vec![$crate::packet::Subpacket::regular(
                         $crate::packet::SubpacketData::SignatureCreationTime(
                             chrono::Utc::now().trunc_subsecs(0),
diff --git a/src/packet/secret_key_macro.rs b/src/packet/secret_key_macro.rs
index cf347b21..cce27673 100644
--- a/src/packet/secret_key_macro.rs
+++ b/src/packet/secret_key_macro.rs
@@ -138,6 +138,7 @@ macro_rules! impl_secret_key {
 
                 config
                     .pub_alg(key.algorithm())
+                    .hash_alg(key.hash_alg())
                     .hashed_subpackets(vec![$crate::packet::Subpacket::regular(
                         $crate::packet::SubpacketData::SignatureCreationTime(
                             chrono::Utc::now().trunc_subsecs(0),
diff --git a/src/packet/signature/config.rs b/src/packet/signature/config.rs
index 2cda3655..45bf3172 100644
--- a/src/packet/signature/config.rs
+++ b/src/packet/signature/config.rs
@@ -18,8 +18,6 @@ pub struct SignatureConfig {
     pub version: SignatureVersion,
     pub typ: SignatureType,
     pub pub_alg: PublicKeyAlgorithm,
-
-    #[builder(default)]
     pub hash_alg: HashAlgorithm,
 
     pub unhashed_subpackets: Vec<Subpacket>,
diff --git a/src/packet/user_attribute.rs b/src/packet/user_attribute.rs
index 90126edf..2ba2300f 100644
--- a/src/packet/user_attribute.rs
+++ b/src/packet/user_attribute.rs
@@ -68,6 +68,7 @@ impl UserAttribute {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::CertGeneric)
             .pub_alg(key.algorithm())
+            .hash_alg(key.hash_alg())
             .hashed_subpackets(vec![Subpacket::regular(
                 SubpacketData::SignatureCreationTime(Utc::now().trunc_subsecs(0)),
             )])
diff --git a/src/packet/user_id.rs b/src/packet/user_id.rs
index fc70ed5f..96f6e0cb 100644
--- a/src/packet/user_id.rs
+++ b/src/packet/user_id.rs
@@ -45,6 +45,7 @@ impl UserId {
         let config = SignatureConfigBuilder::default()
             .typ(SignatureType::CertGeneric)
             .pub_alg(key.algorithm())
+            .hash_alg(key.hash_alg())
             .hashed_subpackets(vec![Subpacket::regular(
                 SubpacketData::SignatureCreationTime(Utc::now().trunc_subsecs(0)),
             )])