feat(clearsign): Write complete legacy hash header

Author: lubux

openpgp/clearsign/clearsign.go

@@ -390,14 +390,6 @@ func EncodeMultiWithHeader(w io.Writer, privateKeys []*packet.PrivateKey, config
 	}
 
 	hashType := config.Hash()
-	name := nameOfHash(hashType)
-	if len(name) == 0 {
-		return nil, errors.UnsupportedError("unknown hash type: " + strconv.Itoa(int(hashType)))
-	}
-
-	if !hashType.Available() {
-		return nil, errors.UnsupportedError("unsupported hash type: " + strconv.Itoa(int(hashType)))
-	}
 
 	var hashers []hash.Hash
 	var hashTypes []crypto.Hash
@@ -444,11 +436,8 @@ func EncodeMultiWithHeader(w io.Writer, privateKeys []*packet.PrivateKey, config
 	nonV6 := len(salts) < len(hashers)
 	// Crypto refresh: Headers SHOULD NOT be emitted
 	if nonV6 { // Emit header if non v6 signatures are present for compatibility
-		if _, err = buffered.WriteString(fmt.Sprintf("%s: %s", hashHeader, name)); err != nil {
-			return
-		}
-		if err = buffered.WriteByte(lf); err != nil {
-			return
+		if err := writeHashHeader(buffered, hashTypes); err != nil {
+			return nil, err
 		}
 	}
 	if err = buffered.WriteByte(lf); err != nil {
@@ -482,6 +471,40 @@ func (b *Block) VerifySignature(keyring openpgp.KeyRing, config *packet.Config)
 	return
 }
 
+// writeHashHeader writes the legacy cleartext hash header to buffered.
+func writeHashHeader(buffered *bufio.Writer, hashTypes []crypto.Hash) error {
+	seen := make(map[string]bool, len(hashTypes))
+	if _, err := buffered.WriteString(fmt.Sprintf("%s: ", hashHeader)); err != nil {
+		return err
+	}
+
+	for index, sigHashType := range hashTypes {
+		first := index == 0
+		name := nameOfHash(sigHashType)
+		if len(name) == 0 {
+			return errors.UnsupportedError("unknown hash type: " + strconv.Itoa(int(sigHashType)))
+		}
+
+		switch {
+		case !seen[name] && first:
+			if _, err := buffered.WriteString(name); err != nil {
+				return err
+			}
+		case !seen[name]:
+			if _, err := buffered.WriteString(fmt.Sprintf(",%s", name)); err != nil {
+				return err
+			}
+		}
+		seen[name] = true
+	}
+
+	if err := buffered.WriteByte(lf); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // nameOfHash returns the OpenPGP name for the given hash, or the empty string
 // if the name isn't known. See RFC 4880, section 9.4.
 func nameOfHash(h crypto.Hash) string {

openpgp/clearsign/clearsign_test.go

@@ -5,6 +5,7 @@
 package clearsign
 
 import (
+	"bufio"
 	"bytes"
 	"crypto"
 	"fmt"
@@ -171,6 +172,63 @@ func TestSigningInterop(t *testing.T) {
 	}
 }
 
+func TestHashHeader(t *testing.T) {
+	tests := []struct {
+		name      string
+		hashTypes []crypto.Hash
+		expected  string
+	}{
+		{
+			name: "unique hashes",
+			hashTypes: []crypto.Hash{
+				crypto.SHA256,
+				crypto.SHA512,
+				crypto.SHA3_512,
+			},
+			expected: "Hash: SHA256,SHA512,SHA3-512\n",
+		},
+		{
+			name: "with duplicates",
+			hashTypes: []crypto.Hash{
+				crypto.SHA256,
+				crypto.SHA512,
+				crypto.SHA512,
+				crypto.SHA3_512,
+			},
+			expected: "Hash: SHA256,SHA512,SHA3-512\n",
+		},
+		{
+			name: "with duplicates",
+			hashTypes: []crypto.Hash{
+				crypto.SHA256,
+				crypto.SHA256,
+				crypto.SHA256,
+				crypto.SHA256,
+			},
+			expected: "Hash: SHA256\n",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			var buf bytes.Buffer
+			writer := bufio.NewWriter(&buf)
+			if err := writeHashHeader(writer, tc.hashTypes); err != nil {
+				t.Fatalf("unexpected error: %v", err)
+			}
+
+			if err := writer.Flush(); err != nil {
+				t.Fatalf("flush failed: %v", err)
+			}
+
+			actual := buf.String()
+			if actual != tc.expected {
+				t.Errorf("output mismatch:\nExpected: %q\nActual:   %q", tc.expected, actual)
+			}
+		})
+	}
+}
+
 func testMultiSign(t *testing.T, v6 bool) {
 	if testing.Short() {
 		t.Skip("skipping long test in -short mode")