common: Support different digest algorithms for ssh fingerprints.

* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter. (ssh_get_fingerprint{,_string}): Likewise. * common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes. * common/t-ssh-utils.c (main): Adapt accordingly. * agent/command-ssh.c (agent_raw_key_from_file): Likewise. (ssh_identity_register): Likewise. * agent/command.c (do_one_keyinfo): Likewise. * agent/findkey.c (modify_description): Likewise. -- This lays the foundation to support other algorithms. GnuPG-bug-id: 2106 Signed-off-by: Justus Winter <justus@g10code.com>
2025-07-03 22:56:33 +02:00 · 2015-12-04 15:19:07 +01:00 · 2015-12-04 15:19:07 +01:00 · 3ac1a9d3a0
commit 3ac1a9d3a0
parent 0c628321a1
6 changed files with 41 additions and 36 deletions
--- a/common/ssh-utils.c
+++ b/common/ssh-utils.c
@ -65,12 +65,13 @@ is_eddsa (gcry_sexp_t keyparms)
 }


-/* Return the Secure Shell type fingerprint for KEY.  The length of
-   the fingerprint is returned at R_LEN and the fingerprint itself at
-   R_FPR.  In case of a error code is returned and NULL stored at
-   R_FPR.  */
+/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
+   The length of the fingerprint is returned at R_LEN and the
+   fingerprint itself at R_FPR.  In case of a error code is returned
+   and NULL stored at R_FPR.  */
 static gpg_error_t
-get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
+get_fingerprint (gcry_sexp_t key, int algo,
+                 void **r_fpr, size_t *r_len, int as_string)
 {
  gpg_error_t err;
  gcry_sexp_t list = NULL;
@ -111,7 +112,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
      goto leave;
    }

-  err = gcry_md_open (&md, GCRY_MD_MD5, 0);
+  err = gcry_md_open (&md, algo, 0);
  if (err)
    goto leave;

@ -229,23 +230,23 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
        }
    }

-  *r_fpr = gcry_malloc (as_string? 61:20);
-  if (!*r_fpr)
-    {
-      err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
-      goto leave;
-    }
-
  if (as_string)
    {
-      bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr);
-      *r_len = 3*16+1;
+      *r_fpr = (algo == GCRY_MD_MD5 ? bin2hexcolon : /* XXX we need base64 */ bin2hex)
+        (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), NULL);
+      *r_len = strlen (*r_fpr) + 1;
      strlwr (*r_fpr);
    }
  else
    {
-      memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16);
-      *r_len = 16;
+      *r_len = gcry_md_get_algo_dlen (algo);
+      *r_fpr = xtrymalloc (*r_len);
+      if (!*r_fpr)
+        {
+          err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
+          goto leave;
+        }
+      memcpy (*r_fpr, gcry_md_read (md, algo), *r_len);
    }
  err = 0;

@ -257,28 +258,30 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
  return err;
 }

-/* Return the Secure Shell type fingerprint for KEY.  The length of
-   the fingerprint is returned at R_LEN and the fingerprint itself at
-   R_FPR.  In case of an error an error code is returned and NULL
-   stored at R_FPR.  */
+/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
+   The length of the fingerprint is returned at R_LEN and the
+   fingerprint itself at R_FPR.  In case of an error an error code is
+   returned and NULL stored at R_FPR.  */
 gpg_error_t
-ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len)
+ssh_get_fingerprint (gcry_sexp_t key, int algo,
+                     void **r_fpr, size_t *r_len)
 {
-  return get_fingerprint (key, r_fpr, r_len, 0);
+  return get_fingerprint (key, algo, r_fpr, r_len, 0);
 }


-/* Return the Secure Shell type fingerprint for KEY as a string.  The
-   fingerprint is mallcoed and stored at R_FPRSTR.  In case of an
-   error an error code is returned and NULL stored at R_FPRSTR.  */
+/* Return the Secure Shell type fingerprint for KEY using digest ALGO
+   as a string.  The fingerprint is mallcoed and stored at R_FPRSTR.
+   In case of an error an error code is returned and NULL stored at
+   R_FPRSTR.  */
 gpg_error_t
-ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr)
+ssh_get_fingerprint_string (gcry_sexp_t key, int algo, char **r_fprstr)
 {
  gpg_error_t err;
  size_t dummy;
  void *string;

-  err = get_fingerprint (key, &string, &dummy, 1);
+  err = get_fingerprint (key, algo, &string, &dummy, 1);
  *r_fprstr = string;
  return err;
 }