|
|
fbc29b |
From f3f140e65f0e58fc37b04dbe4173d6ecda0127ac Mon Sep 17 00:00:00 2001
|
|
|
fbc29b |
From: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
|
|
fbc29b |
Date: Thu, 9 Aug 2018 11:00:00 +0200
|
|
|
fbc29b |
Subject: dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash()
|
|
|
fbc29b |
|
|
|
fbc29b |
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
|
|
fbc29b |
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
fbc29b |
(cherry picked from commit 1499b38aef17beac8b438522535daf428600d529)
|
|
|
fbc29b |
---
|
|
|
fbc29b |
include/libssh/libssh.h | 3 ++-
|
|
|
fbc29b |
src/dh.c | 23 +++++++++++++++++++++++
|
|
|
fbc29b |
2 files changed, 25 insertions(+), 1 deletion(-)
|
|
|
fbc29b |
|
|
|
fbc29b |
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
|
|
|
fbc29b |
index 37214898..320dc032 100644
|
|
|
fbc29b |
--- a/include/libssh/libssh.h
|
|
|
fbc29b |
+++ b/include/libssh/libssh.h
|
|
|
fbc29b |
@@ -444,7 +444,8 @@ LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key);
|
|
|
fbc29b |
|
|
|
fbc29b |
enum ssh_publickey_hash_type {
|
|
|
fbc29b |
SSH_PUBLICKEY_HASH_SHA1,
|
|
|
fbc29b |
- SSH_PUBLICKEY_HASH_MD5
|
|
|
fbc29b |
+ SSH_PUBLICKEY_HASH_MD5,
|
|
|
fbc29b |
+ SSH_PUBLICKEY_HASH_SHA256
|
|
|
fbc29b |
};
|
|
|
fbc29b |
LIBSSH_API int ssh_get_publickey_hash(const ssh_key key,
|
|
|
fbc29b |
enum ssh_publickey_hash_type type,
|
|
|
fbc29b |
diff --git a/src/dh.c b/src/dh.c
|
|
|
fbc29b |
index d27b66eb..bf1ade8b 100644
|
|
|
fbc29b |
--- a/src/dh.c
|
|
|
fbc29b |
+++ b/src/dh.c
|
|
|
fbc29b |
@@ -1039,6 +1039,29 @@ int ssh_get_publickey_hash(const ssh_key key,
|
|
|
fbc29b |
*hlen = SHA_DIGEST_LEN;
|
|
|
fbc29b |
}
|
|
|
fbc29b |
break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
+ {
|
|
|
fbc29b |
+ SHA256CTX ctx;
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ h = malloc(SHA256_DIGEST_LEN);
|
|
|
fbc29b |
+ if (h == NULL) {
|
|
|
fbc29b |
+ rc = -1;
|
|
|
fbc29b |
+ goto out;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ ctx = sha256_init();
|
|
|
fbc29b |
+ if (ctx == NULL) {
|
|
|
fbc29b |
+ free(h);
|
|
|
fbc29b |
+ rc = -1;
|
|
|
fbc29b |
+ goto out;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
|
|
|
fbc29b |
+ sha256_final(h, ctx);
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ *hlen = SHA256_DIGEST_LEN;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
{
|
|
|
fbc29b |
MD5CTX ctx;
|
|
|
fbc29b |
--
|
|
|
fbc29b |
cgit v1.2.1
|
|
|
fbc29b |
|
|
|
fbc29b |
From 9c62d6dfcd798d28895f5dd1b76a28524bcf18d3 Mon Sep 17 00:00:00 2001
|
|
|
fbc29b |
From: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
|
|
fbc29b |
Date: Thu, 9 Aug 2018 11:00:00 +0200
|
|
|
fbc29b |
Subject: dh: Add ssh_print_hash() function which can deal with sha256
|
|
|
fbc29b |
|
|
|
fbc29b |
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
|
|
|
fbc29b |
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
fbc29b |
(cherry picked from commit f32cb706752d8dc35ad53a64f51e432cc0bc41cd)
|
|
|
fbc29b |
---
|
|
|
fbc29b |
include/libssh/libssh.h | 1 +
|
|
|
fbc29b |
src/dh.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
fbc29b |
2 files changed, 81 insertions(+)
|
|
|
fbc29b |
|
|
|
fbc29b |
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
|
|
|
fbc29b |
index 320dc032..f6cce1e4 100644
|
|
|
fbc29b |
--- a/include/libssh/libssh.h
|
|
|
fbc29b |
+++ b/include/libssh/libssh.h
|
|
|
fbc29b |
@@ -564,6 +564,7 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
|
|
|
fbc29b |
|
|
|
fbc29b |
LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
|
|
|
fbc29b |
|
|
|
fbc29b |
+LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
|
|
|
fbc29b |
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
|
|
|
fbc29b |
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
|
|
|
fbc29b |
LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
|
|
|
fbc29b |
diff --git a/src/dh.c b/src/dh.c
|
|
|
fbc29b |
index bf1ade8b..66a0e704 100644
|
|
|
fbc29b |
--- a/src/dh.c
|
|
|
fbc29b |
+++ b/src/dh.c
|
|
|
fbc29b |
@@ -1097,6 +1097,38 @@ out:
|
|
|
fbc29b |
return rc;
|
|
|
fbc29b |
}
|
|
|
fbc29b |
|
|
|
fbc29b |
+/**
|
|
|
fbc29b |
+ * @internal
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @brief Convert a buffer into an unpadded base64 string.
|
|
|
fbc29b |
+ * The caller has to free the memory.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param hash What should be converted to a base64 string.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param len Length of the buffer to convert.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @return The base64 string or NULL on error.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @see ssh_string_free_char()
|
|
|
fbc29b |
+ */
|
|
|
fbc29b |
+static char *ssh_get_b64_unpadded(const unsigned char *hash, size_t len)
|
|
|
fbc29b |
+{
|
|
|
fbc29b |
+ char *b64_padded = NULL;
|
|
|
fbc29b |
+ char *b64_unpadded = NULL;
|
|
|
fbc29b |
+ size_t k;
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ b64_padded = (char *)bin_to_base64(hash, (int)len);
|
|
|
fbc29b |
+ if (b64_padded == NULL) {
|
|
|
fbc29b |
+ return NULL;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ for (k = strlen(b64_padded); k != 0 && b64_padded[k-1] == '='; k--);
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ b64_unpadded = strndup(b64_padded, k);
|
|
|
fbc29b |
+ SAFE_FREE(b64_padded);
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ return b64_unpadded;
|
|
|
fbc29b |
+}
|
|
|
fbc29b |
+
|
|
|
fbc29b |
/**
|
|
|
fbc29b |
* @brief Convert a buffer into a colon separated hex string.
|
|
|
fbc29b |
* The caller has to free the memory.
|
|
|
fbc29b |
@@ -1134,6 +1166,54 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
|
|
|
fbc29b |
return hexa;
|
|
|
fbc29b |
}
|
|
|
fbc29b |
|
|
|
fbc29b |
+/**
|
|
|
fbc29b |
+ * @brief Print a hash as a human-readable hex- or base64-string.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * This function prints hex strings if the given hash is a md5 sum.
|
|
|
fbc29b |
+ * But prints unpadded base64 strings for sha sums.
|
|
|
fbc29b |
+ * Either way, the output is prepended by the hash-type.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param type Which sort of hash is given.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param hash What should be converted to a base64 string.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param len Length of the buffer to convert.
|
|
|
fbc29b |
+ */
|
|
|
fbc29b |
+void ssh_print_hash(enum ssh_publickey_hash_type type,
|
|
|
fbc29b |
+ unsigned char *hash,
|
|
|
fbc29b |
+ size_t len) {
|
|
|
fbc29b |
+ const char *prefix = "UNKNOWN";
|
|
|
fbc29b |
+ char *fingerprint = NULL;
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ switch (type) {
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA1:
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
+ fingerprint = ssh_get_b64_unpadded(hash, len);
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
+ fingerprint = ssh_get_hexa(hash, len);
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ if (fingerprint == NULL) {
|
|
|
fbc29b |
+ return;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ switch (type) {
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
+ prefix = "MD5";
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA1:
|
|
|
fbc29b |
+ prefix = "SHA1";
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
+ prefix = "SHA256";
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ fprintf(stderr, "%s:%s\n", prefix, fingerprint);
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ SAFE_FREE(fingerprint);
|
|
|
fbc29b |
+}
|
|
|
fbc29b |
+
|
|
|
fbc29b |
/**
|
|
|
fbc29b |
* @brief Print a buffer as colon separated hex string.
|
|
|
fbc29b |
*
|
|
|
fbc29b |
--
|
|
|
fbc29b |
cgit v1.2.1
|
|
|
fbc29b |
|
|
|
fbc29b |
From 7a7c0a54bc24391fcff0aaccd983de621cb3e60d Mon Sep 17 00:00:00 2001
|
|
|
fbc29b |
From: Andreas Schneider <asn@cryptomilk.org>
|
|
|
fbc29b |
Date: Sun, 2 Sep 2018 15:45:41 +0200
|
|
|
fbc29b |
Subject: dh: Add ssh_get_fingerprint_hash()
|
|
|
fbc29b |
|
|
|
fbc29b |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
fbc29b |
(cherry picked from commit bbed139ecab26cb46b0bb3a21fa4cd2a4f12dadd)
|
|
|
fbc29b |
---
|
|
|
fbc29b |
include/libssh/libssh.h | 3 ++
|
|
|
fbc29b |
src/dh.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
fbc29b |
2 files changed, 76 insertions(+)
|
|
|
fbc29b |
|
|
|
fbc29b |
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
|
|
|
fbc29b |
index f6cce1e4..7f59abe4 100644
|
|
|
fbc29b |
--- a/include/libssh/libssh.h
|
|
|
fbc29b |
+++ b/include/libssh/libssh.h
|
|
|
fbc29b |
@@ -564,6 +564,9 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
|
|
|
fbc29b |
|
|
|
fbc29b |
LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
|
|
|
fbc29b |
|
|
|
fbc29b |
+LIBSSH_API char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
|
|
|
fbc29b |
+ unsigned char *hash,
|
|
|
fbc29b |
+ size_t len);
|
|
|
fbc29b |
LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
|
|
|
fbc29b |
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
|
|
|
fbc29b |
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
|
|
|
fbc29b |
diff --git a/src/dh.c b/src/dh.c
|
|
|
fbc29b |
index 66a0e704..38298b2d 100644
|
|
|
fbc29b |
--- a/src/dh.c
|
|
|
fbc29b |
+++ b/src/dh.c
|
|
|
fbc29b |
@@ -1166,6 +1166,79 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
|
|
|
fbc29b |
return hexa;
|
|
|
fbc29b |
}
|
|
|
fbc29b |
|
|
|
fbc29b |
+/**
|
|
|
fbc29b |
+ * @brief Get a hash as a human-readable hex- or base64-string.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * This gets an allocated fingerprint hash. It is a hex strings if the given
|
|
|
fbc29b |
+ * hash is a md5 sum. If it is a SHA sum, it will return an unpadded base64
|
|
|
fbc29b |
+ * strings. Either way, the output is prepended by the hash-type.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param type Which sort of hash is given.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param hash What should be converted to a base64 string.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @param len Length of the buffer to convert.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @return Returns the allocated fingerprint hash or NULL on error.
|
|
|
fbc29b |
+ *
|
|
|
fbc29b |
+ * @see ssh_string_free_char()
|
|
|
fbc29b |
+ */
|
|
|
fbc29b |
+char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
|
|
|
fbc29b |
+ unsigned char *hash,
|
|
|
fbc29b |
+ size_t len)
|
|
|
fbc29b |
+{
|
|
|
fbc29b |
+ const char *prefix = "UNKNOWN";
|
|
|
fbc29b |
+ char *fingerprint = NULL;
|
|
|
fbc29b |
+ char *str = NULL;
|
|
|
fbc29b |
+ size_t str_len;
|
|
|
fbc29b |
+ int rc;
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ switch (type) {
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA1:
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
+ fingerprint = ssh_get_b64_unpadded(hash, len);
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
+ fingerprint = ssh_get_hexa(hash, len);
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ if (fingerprint == NULL) {
|
|
|
fbc29b |
+ return NULL;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ switch (type) {
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
+ prefix = "MD5";
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA1:
|
|
|
fbc29b |
+ prefix = "SHA1";
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
+ prefix = "SHA256";
|
|
|
fbc29b |
+ break;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ str_len = strlen(prefix);
|
|
|
fbc29b |
+ if (str_len + 1 + strlen(fingerprint) + 1 < str_len) {
|
|
|
fbc29b |
+ SAFE_FREE(fingerprint);
|
|
|
fbc29b |
+ return NULL;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ str_len += 1 + strlen(fingerprint) + 1;
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ str = malloc(str_len);
|
|
|
fbc29b |
+ if (str == NULL) {
|
|
|
fbc29b |
+ SAFE_FREE(fingerprint);
|
|
|
fbc29b |
+ return NULL;
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+ rc = snprintf(str, str_len, "%s:%s", prefix, fingerprint);
|
|
|
fbc29b |
+ SAFE_FREE(fingerprint);
|
|
|
fbc29b |
+ if (rc < 0 || rc < (int)(str_len - 1)) {
|
|
|
fbc29b |
+ SAFE_FREE(str);
|
|
|
fbc29b |
+ }
|
|
|
fbc29b |
+
|
|
|
fbc29b |
+ return str;
|
|
|
fbc29b |
+}
|
|
|
fbc29b |
+
|
|
|
fbc29b |
/**
|
|
|
fbc29b |
* @brief Print a hash as a human-readable hex- or base64-string.
|
|
|
fbc29b |
*
|
|
|
fbc29b |
--
|
|
|
fbc29b |
cgit v1.2.1
|
|
|
fbc29b |
|
|
|
fbc29b |
From e765c1400a724cc5009fd03395ef54b28de9c296 Mon Sep 17 00:00:00 2001
|
|
|
fbc29b |
From: Andreas Schneider <asn@cryptomilk.org>
|
|
|
fbc29b |
Date: Sun, 2 Sep 2018 15:47:41 +0200
|
|
|
fbc29b |
Subject: dh: Use ssh_get_fingerprint_hash() in ssh_print_hash()
|
|
|
fbc29b |
|
|
|
fbc29b |
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
|
|
fbc29b |
(cherry picked from commit 92aa2cf4963b714d0f30d4fb0f9e609200224f7a)
|
|
|
fbc29b |
---
|
|
|
fbc29b |
src/dh.c | 29 ++++++-----------------------
|
|
|
fbc29b |
1 file changed, 6 insertions(+), 23 deletions(-)
|
|
|
fbc29b |
|
|
|
fbc29b |
diff --git a/src/dh.c b/src/dh.c
|
|
|
fbc29b |
index 38298b2d..d7182798 100644
|
|
|
fbc29b |
--- a/src/dh.c
|
|
|
fbc29b |
+++ b/src/dh.c
|
|
|
fbc29b |
@@ -1254,35 +1254,18 @@ char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
|
|
|
fbc29b |
*/
|
|
|
fbc29b |
void ssh_print_hash(enum ssh_publickey_hash_type type,
|
|
|
fbc29b |
unsigned char *hash,
|
|
|
fbc29b |
- size_t len) {
|
|
|
fbc29b |
- const char *prefix = "UNKNOWN";
|
|
|
fbc29b |
+ size_t len)
|
|
|
fbc29b |
+{
|
|
|
fbc29b |
char *fingerprint = NULL;
|
|
|
fbc29b |
|
|
|
fbc29b |
- switch (type) {
|
|
|
fbc29b |
- case SSH_PUBLICKEY_HASH_SHA1:
|
|
|
fbc29b |
- case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
- fingerprint = ssh_get_b64_unpadded(hash, len);
|
|
|
fbc29b |
- break;
|
|
|
fbc29b |
- case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
- fingerprint = ssh_get_hexa(hash, len);
|
|
|
fbc29b |
- break;
|
|
|
fbc29b |
- }
|
|
|
fbc29b |
+ fingerprint = ssh_get_fingerprint_hash(type,
|
|
|
fbc29b |
+ hash,
|
|
|
fbc29b |
+ len);
|
|
|
fbc29b |
if (fingerprint == NULL) {
|
|
|
fbc29b |
return;
|
|
|
fbc29b |
}
|
|
|
fbc29b |
|
|
|
fbc29b |
- switch (type) {
|
|
|
fbc29b |
- case SSH_PUBLICKEY_HASH_MD5:
|
|
|
fbc29b |
- prefix = "MD5";
|
|
|
fbc29b |
- break;
|
|
|
fbc29b |
- case SSH_PUBLICKEY_HASH_SHA1:
|
|
|
fbc29b |
- prefix = "SHA1";
|
|
|
fbc29b |
- break;
|
|
|
fbc29b |
- case SSH_PUBLICKEY_HASH_SHA256:
|
|
|
fbc29b |
- prefix = "SHA256";
|
|
|
fbc29b |
- break;
|
|
|
fbc29b |
- }
|
|
|
fbc29b |
- fprintf(stderr, "%s:%s\n", prefix, fingerprint);
|
|
|
fbc29b |
+ fprintf(stderr, "%s\n", fingerprint);
|
|
|
fbc29b |
|
|
|
fbc29b |
SAFE_FREE(fingerprint);
|
|
|
fbc29b |
}
|
|
|
fbc29b |
--
|
|
|
fbc29b |
cgit v1.2.1
|
|
|
fbc29b |
|