security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-13 22:21:09 +02:00
Code Activity

common: Support different digest algorithms for ssh fingerprints.

Browse Source 
* common/ssh-utils.c (get_fingerprint): Add and honor 'algo' parameter.
(ssh_get_fingerprint{,_string}): Likewise.
* common/ssh-utils.h (ssh_get_fingerprint{,_string}): Update prototypes.
* common/t-ssh-utils.c (main): Adapt accordingly.
* agent/command-ssh.c (agent_raw_key_from_file): Likewise.
(ssh_identity_register): Likewise.
* agent/command.c (do_one_keyinfo): Likewise.
* agent/findkey.c (modify_description): Likewise.
--
This lays the foundation to support other algorithms.

GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
This commit is contained in:
Justus Winter 2015-12-04 15:19:07 +01:00
parent 0c628321a1
commit 3ac1a9d3a0
No known key found for this signature in database
GPG Key ID: DD1A52F9DA8C9020
6 changed files with 41 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/command-ssh.c
View File

@ -2760,7 +2760,7 @@ data_sign (ctrl_t ctrl, ssh_key_type_spec_t *spec,
err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key); err = agent_raw_key_from_file (ctrl, ctrl->keygrip, &key);
if (err) if (err)
goto out; goto out;
err = ssh_get_fingerprint_string (key, &fpr); err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
if (!err) if (!err)
{ {
gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0); gcry_sexp_t tmpsxp = gcry_sexp_find_token (key, "comment", 0);
@ -3038,7 +3038,7 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
bin2hex (key_grip_raw, 20, key_grip); bin2hex (key_grip_raw, 20, key_grip);
err = ssh_get_fingerprint_string (key, &key_fpr); err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &key_fpr);
if (err) if (err)
goto out; goto out;

2
agent/command.c
View File

@ -1201,7 +1201,7 @@ do_one_keyinfo (ctrl_t ctrl, const unsigned char *grip, assuan_context_t ctx,
if (!agent_raw_key_from_file (ctrl, grip, &key)) if (!agent_raw_key_from_file (ctrl, grip, &key))
{ {
ssh_get_fingerprint_string (key, &fpr); ssh_get_fingerprint_string (key, GCRY_MD_MD5, &fpr);
gcry_sexp_release (key); gcry_sexp_release (key);
} }
} }

2
agent/findkey.c
View File

@ -412,7 +412,7 @@ agent_modify_description (const char *in, const char *comment,
case 'F': /* SSH style fingerprint. */ case 'F': /* SSH style fingerprint. */
if (!ssh_fpr && key) if (!ssh_fpr && key)
ssh_get_fingerprint_string (key, &ssh_fpr); ssh_get_fingerprint_string (key, GCRY_MD_MD5, &ssh_fpr);
if (ssh_fpr) if (ssh_fpr)
{ {
if (out) if (out)

59
common/ssh-utils.c
View File

@ -65,12 +65,13 @@ is_eddsa (gcry_sexp_t keyparms)
} }
/* Return the Secure Shell type fingerprint for KEY. The length of /* Return the Secure Shell type fingerprint for KEY using digest ALGO.
the fingerprint is returned at R_LEN and the fingerprint itself at The length of the fingerprint is returned at R_LEN and the
R_FPR. In case of a error code is returned and NULL stored at fingerprint itself at R_FPR. In case of a error code is returned
R_FPR. */ and NULL stored at R_FPR. */
static gpg_error_t static gpg_error_t
get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string) get_fingerprint (gcry_sexp_t key, int algo,
void **r_fpr, size_t *r_len, int as_string)
{ {
gpg_error_t err; gpg_error_t err;
gcry_sexp_t list = NULL; gcry_sexp_t list = NULL;
@ -111,7 +112,7 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
goto leave; goto leave;
} }
err = gcry_md_open (&md, GCRY_MD_MD5, 0); err = gcry_md_open (&md, algo, 0);
if (err) if (err)
goto leave; goto leave;
@ -229,23 +230,23 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
} }
} }
*r_fpr = gcry_malloc (as_string? 61:20);
if (!*r_fpr)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
goto leave;
}
if (as_string) if (as_string)
{ {
bin2hexcolon (gcry_md_read (md, GCRY_MD_MD5), 16, *r_fpr); *r_fpr = (algo == GCRY_MD_MD5 ? bin2hexcolon : /* XXX we need base64 */ bin2hex)
*r_len = 3*16+1; (gcry_md_read (md, algo), gcry_md_get_algo_dlen (algo), NULL);
*r_len = strlen (*r_fpr) + 1;
strlwr (*r_fpr); strlwr (*r_fpr);
} }
else else
{ {
memcpy (*r_fpr, gcry_md_read (md, GCRY_MD_MD5), 16); *r_len = gcry_md_get_algo_dlen (algo);
*r_len = 16; *r_fpr = xtrymalloc (*r_len);
if (!*r_fpr)
{
err = gpg_err_make (default_errsource, gpg_err_code_from_syserror ());
goto leave;
}
memcpy (*r_fpr, gcry_md_read (md, algo), *r_len);
} }
err = 0; err = 0;
@ -257,28 +258,30 @@ get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len, int as_string)
return err; return err;
} }
/* Return the Secure Shell type fingerprint for KEY. The length of /* Return the Secure Shell type fingerprint for KEY using digest ALGO.
the fingerprint is returned at R_LEN and the fingerprint itself at The length of the fingerprint is returned at R_LEN and the
R_FPR. In case of an error an error code is returned and NULL fingerprint itself at R_FPR. In case of an error an error code is
stored at R_FPR. */ returned and NULL stored at R_FPR. */
gpg_error_t gpg_error_t
ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len) ssh_get_fingerprint (gcry_sexp_t key, int algo,
void **r_fpr, size_t *r_len)
{ {
return get_fingerprint (key, r_fpr, r_len, 0); return get_fingerprint (key, algo, r_fpr, r_len, 0);
} }
/* Return the Secure Shell type fingerprint for KEY as a string. The /* Return the Secure Shell type fingerprint for KEY using digest ALGO
fingerprint is mallcoed and stored at R_FPRSTR. In case of an as a string. The fingerprint is mallcoed and stored at R_FPRSTR.
error an error code is returned and NULL stored at R_FPRSTR. */ In case of an error an error code is returned and NULL stored at
R_FPRSTR. */
gpg_error_t gpg_error_t
ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr) ssh_get_fingerprint_string (gcry_sexp_t key, int algo, char **r_fprstr)
{ {
gpg_error_t err; gpg_error_t err;
size_t dummy; size_t dummy;
void *string; void *string;
err = get_fingerprint (key, &string, &dummy, 1); err = get_fingerprint (key, algo, &string, &dummy, 1);
*r_fprstr = string; *r_fprstr = string;
return err; return err;
} }

6
common/ssh-utils.h
View File

@ -31,9 +31,11 @@
#define GNUPG_COMMON_SSH_UTILS_H #define GNUPG_COMMON_SSH_UTILS_H
gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, void **r_fpr, size_t *r_len); gpg_error_t ssh_get_fingerprint (gcry_sexp_t key, int algo,
void **r_fpr, size_t *r_len);
gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, char **r_fprstr); gpg_error_t ssh_get_fingerprint_string (gcry_sexp_t key, int algo,
char **r_fprstr);
#endif /*GNUPG_COMMON_SSH_UTILS_H*/ #endif /*GNUPG_COMMON_SSH_UTILS_H*/

4
common/t-ssh-utils.c
View File

@ -262,7 +262,7 @@ main (int argc, char **argv)
if (argc == 2) if (argc == 2)
{ {
key = read_key (argv[1]); key = read_key (argv[1]);
err = ssh_get_fingerprint_string (key, &string); err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
if (err) if (err)
{ {
fprintf (stderr, "%s:%d: error getting fingerprint: %s\n", fprintf (stderr, "%s:%d: error getting fingerprint: %s\n",
@ -287,7 +287,7 @@ main (int argc, char **argv)
exit (1); exit (1);
} }
err = ssh_get_fingerprint_string (key, &string); err = ssh_get_fingerprint_string (key, GCRY_MD_MD5, &string);
gcry_sexp_release (key); gcry_sexp_release (key);
if (err) if (err)
{ {