lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-08-07 08:02:56 +03:00
Code Activity

Add support for SHA256 hostkey fingerprints (#180)

Browse Source 
Looks good, thanks!
This commit is contained in:
Sune Bredahl
2017-05-24 19:15:53 +02:00
committed by Will Cosgrove
parent 97518ca8bd
commit bbc43cb333
4 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/libssh2.h
View File

@@ -403,7 +403,8 @@ typedef struct _LIBSSH2_POLLFD {
/* Hash Types */ /* Hash Types */
#define LIBSSH2_HOSTKEY_HASH_MD5 1 #define LIBSSH2_HOSTKEY_HASH_MD5 1
#define LIBSSH2_HOSTKEY_HASH_SHA1 2 #define LIBSSH2_HOSTKEY_HASH_SHA1 2
#define LIBSSH2_HOSTKEY_HASH_SHA256 3
/* Hostkey Types */ /* Hostkey Types */
#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN 0 #define LIBSSH2_HOSTKEY_TYPE_UNKNOWN 0
#define LIBSSH2_HOSTKEY_TYPE_RSA 1 #define LIBSSH2_HOSTKEY_TYPE_RSA 1

7
src/hostkey.c
View File

@@ -505,7 +505,7 @@ libssh2_hostkey_methods(void)
* Returns hash signature * Returns hash signature
* Returned buffer should NOT be freed * Returned buffer should NOT be freed
* Length of buffer is determined by hash type * Length of buffer is determined by hash type
* i.e. MD5 == 16, SHA1 == 20 * i.e. MD5 == 16, SHA1 == 20, SHA256 == 32
*/ */
LIBSSH2_API const char * LIBSSH2_API const char *
libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type) libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
@@ -523,6 +523,11 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
? (char *) session->server_hostkey_sha1 ? (char *) session->server_hostkey_sha1
: NULL; : NULL;
break; break;
case LIBSSH2_HOSTKEY_HASH_SHA256:
return (session->server_hostkey_sha256_valid)
? (char *) session->server_hostkey_sha256
: NULL;
break;
default: default:
return NULL; return NULL;
} }

55
src/kex.c
View File

@@ -305,6 +305,34 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
"Server's SHA1 Fingerprint: %s", fingerprint); "Server's SHA1 Fingerprint: %s", fingerprint);
} }
#endif /* LIBSSH2DEBUG */ #endif /* LIBSSH2DEBUG */
{
libssh2_sha256_ctx fingerprint_ctx;
if (libssh2_sha256_init(&fingerprint_ctx)) {
libssh2_sha256_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len);
libssh2_sha256_final(fingerprint_ctx,
session->server_hostkey_sha256);
session->server_hostkey_sha256_valid = TRUE;
}
else {
session->server_hostkey_sha256_valid = FALSE;
}
}
#ifdef LIBSSH2DEBUG
{
char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char*)session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint);
if (base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint);
}
}
#endif /* LIBSSH2DEBUG */
if (session->hostkey->init(session, session->server_hostkey, if (session->hostkey->init(session, session->server_hostkey,
session->server_hostkey_len, session->server_hostkey_len,
@@ -931,6 +959,33 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
"Server's SHA1 Fingerprint: %s", fingerprint); "Server's SHA1 Fingerprint: %s", fingerprint);
} }
#endif /* LIBSSH2DEBUG */ #endif /* LIBSSH2DEBUG */
{
libssh2_sha256_ctx fingerprint_ctx;
if (libssh2_sha256_init(&fingerprint_ctx)) {
libssh2_sha256_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len);
libssh2_sha256_final(fingerprint_ctx,
session->server_hostkey_sha256);
session->server_hostkey_sha256_valid = TRUE;
}
else {
session->server_hostkey_sha256_valid = FALSE;
}
}
#ifdef LIBSSH2DEBUG
{
char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char*)session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint);
if (base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint);
}
}
#endif /* LIBSSH2DEBUG */
if (session->hostkey->init(session, session->server_hostkey, if (session->hostkey->init(session, session->server_hostkey,
session->server_hostkey_len, session->server_hostkey_len,

3
src/libssh2_priv.h
View File

@@ -609,6 +609,9 @@ struct _LIBSSH2_SESSION
unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH]; unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH];
int server_hostkey_sha1_valid; int server_hostkey_sha1_valid;
unsigned char server_hostkey_sha256[SHA256_DIGEST_LENGTH];
int server_hostkey_sha256_valid;
/* (remote as source of data -- packet_read ) */ /* (remote as source of data -- packet_read ) */
libssh2_endpoint_data remote; libssh2_endpoint_data remote;