lib/libssh2
1
0
Fork 0
mirror of https://github.com/libssh2/libssh2.git synced 2025-08-07 08:02:56 +03:00
Code Activity

Add support for SHA256 hostkey fingerprints (#180)

Browse Source 
Looks good, thanks!
This commit is contained in:
Sune Bredahl
2017-05-24 19:15:53 +02:00
committed by Will Cosgrove
parent 97518ca8bd
commit bbc43cb333
4 changed files with 66 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/libssh2.h
View File

@@ -403,6 +403,7 @@ typedef struct _LIBSSH2_POLLFD {
/* Hash Types */
#define LIBSSH2_HOSTKEY_HASH_MD5 1
#define LIBSSH2_HOSTKEY_HASH_SHA1 2
#define LIBSSH2_HOSTKEY_HASH_SHA256 3
/* Hostkey Types */
#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN 0

7
src/hostkey.c
View File

@@ -505,7 +505,7 @@ libssh2_hostkey_methods(void)
* Returns hash signature
* Returned buffer should NOT be freed
* Length of buffer is determined by hash type
* i.e. MD5 == 16, SHA1 == 20
* i.e. MD5 == 16, SHA1 == 20, SHA256 == 32
*/
LIBSSH2_API const char *
libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
@@ -523,6 +523,11 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
? (char *) session->server_hostkey_sha1
: NULL;
break;
case LIBSSH2_HOSTKEY_HASH_SHA256:
return (session->server_hostkey_sha256_valid)
? (char *) session->server_hostkey_sha256
: NULL;
break;
default:
return NULL;
}

55
src/kex.c
View File

@@ -306,6 +306,34 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
}
#endif /* LIBSSH2DEBUG */
{
libssh2_sha256_ctx fingerprint_ctx;
if (libssh2_sha256_init(&fingerprint_ctx)) {
libssh2_sha256_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len);
libssh2_sha256_final(fingerprint_ctx,
session->server_hostkey_sha256);
session->server_hostkey_sha256_valid = TRUE;
}
else {
session->server_hostkey_sha256_valid = FALSE;
}
}
#ifdef LIBSSH2DEBUG
{
char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char*)session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint);
if (base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint);
}
}
#endif /* LIBSSH2DEBUG */
if (session->hostkey->init(session, session->server_hostkey,
session->server_hostkey_len,
&session->server_hostkey_abstract)) {
@@ -932,6 +960,33 @@ static int diffie_hellman_sha256(LIBSSH2_SESSION *session,
}
#endif /* LIBSSH2DEBUG */
{
libssh2_sha256_ctx fingerprint_ctx;
if (libssh2_sha256_init(&fingerprint_ctx)) {
libssh2_sha256_update(fingerprint_ctx, session->server_hostkey,
session->server_hostkey_len);
libssh2_sha256_final(fingerprint_ctx,
session->server_hostkey_sha256);
session->server_hostkey_sha256_valid = TRUE;
}
else {
session->server_hostkey_sha256_valid = FALSE;
}
}
#ifdef LIBSSH2DEBUG
{
char *base64Fingerprint = NULL;
_libssh2_base64_encode(session, (const char*)session->server_hostkey_sha256,
SHA256_DIGEST_LENGTH, &base64Fingerprint);
if (base64Fingerprint != NULL) {
_libssh2_debug(session, LIBSSH2_TRACE_KEX,
"Server's SHA256 Fingerprint: %s", base64Fingerprint);
LIBSSH2_FREE(session, base64Fingerprint);
}
}
#endif /* LIBSSH2DEBUG */
if (session->hostkey->init(session, session->server_hostkey,
session->server_hostkey_len,
&session->server_hostkey_abstract)) {

3
src/libssh2_priv.h
View File

@@ -609,6 +609,9 @@ struct _LIBSSH2_SESSION
unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH];
int server_hostkey_sha1_valid;
unsigned char server_hostkey_sha256[SHA256_DIGEST_LENGTH];
int server_hostkey_sha256_valid;
/* (remote as source of data -- packet_read ) */
libssh2_endpoint_data remote;