Google Git
Sign in
go / crypto.git / ede567c8e044a5913dad1d1af3696d9da953104c^! / .
commitede567c8e044a5913dad1d1af3696d9da953104c[log] [tgz]
authorRyuzo Yamamoto <ryuzo.yamamoto@gmail.com>Fri Nov 04 15:41:44 2016 -0400
committerHan-Wen Nienhuys <hanwen@google.com>Tue Nov 22 14:27:12 2016 +0000
treed3fde156025806123dbcd443d677d286e92c49d9
parent9477e0b78b9ac3d0b03822fd95422e2fe07627cd [diff]
x/crypto/ssh: Add FingerprintLegacyMD5 and FingerprintSHA256 methods

Implement a standards-compliant fingerprint format method (RFC 4716 section 4)
and a newer SHA256 fingerprint format method.

Fixes golang/go#12292

Change-Id: I4f3f8fc1d0a263cb3b0964d0078e69006a39d1a5
Reviewed-on: https://go-review.googlesource.com/32814
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

diff --git a/ssh/keys.go b/ssh/keys.go
index f2fc9b6..21f7d0d 100644
--- a/ssh/keys.go
+++ b/ssh/keys.go

@@ -10,10 +10,13 @@
 	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/md5"
 	"crypto/rsa"
+	"crypto/sha256"
 	"crypto/x509"
 	"encoding/asn1"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/pem"
 	"errors"
 	"fmt"
@@ -878,3 +881,25 @@
 	copy(pk, pk1.Priv)
 	return &pk, nil
 }
+
+// FingerprintLegacyMD5 returns the user presentation of the key's
+// fingerprint as described by RFC 4716 section 4.
+func FingerprintLegacyMD5(pubKey PublicKey) string {
+	md5sum := md5.Sum(pubKey.Marshal())
+	hexarray := make([]string, len(md5sum))
+	for i, c := range md5sum {
+		hexarray[i] = hex.EncodeToString([]byte{c})
+	}
+	return strings.Join(hexarray, ":")
+}
+
+// FingerprintSHA256 returns the user presentation of the key's
+// fingerprint as unpadded base64 encoded sha256 hash.
+// This format was introduced from OpenSSH 6.8.
+// https://www.openssh.com/txt/release-6.8
+// https://tools.ietf.org/html/rfc4648#section-3.2 (unpadded base64 encoding)
+func FingerprintSHA256(pubKey PublicKey) string {
+	sha256sum := sha256.Sum256(pubKey.Marshal())
+	hash := base64.RawStdEncoding.EncodeToString(sha256sum[:])
+	return "SHA256:" + hash
+}

diff --git a/ssh/keys_test.go b/ssh/keys_test.go
index 0739c66..a65e87e 100644
--- a/ssh/keys_test.go
+++ b/ssh/keys_test.go

@@ -454,3 +454,21 @@
 		}
 	}
 }
+
+func TestFingerprintLegacyMD5(t *testing.T) {
+	pub, _ := getTestKey()
+	fingerprint := FingerprintLegacyMD5(pub)
+	want := "fb:61:6d:1a:e3:f0:95:45:3c:a0:79:be:4a:93:63:66" // ssh-keygen -lf -E md5 rsa
+	if fingerprint != want {
+		t.Errorf("got fingerprint %q want %q", fingerprint, want)
+	}
+}
+
+func TestFingerprintSHA256(t *testing.T) {
+	pub, _ := getTestKey()
+	fingerprint := FingerprintSHA256(pub)
+	want := "SHA256:Anr3LjZK8YVpjrxu79myrW9Hrb/wpcMNpVvTq/RcBm8" // ssh-keygen -lf rsa
+	if fingerprint != want {
+		t.Errorf("got fingerprint %q want %q", fingerprint, want)
+	}
+}