dh: Add ssh_print_hash() function which can deal with sha256

Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-08-09 11:00:00 +02:00 · 2018-08-09 11:00:00 +02:00 · f32cb70675
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@ -681,6 +681,7 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,

 LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);

+LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
 LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
 LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
 LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
--- a/src/dh.c
+++ b/src/dh.c
@ -1200,6 +1200,38 @@ out:
    return rc;
 }

+/**
+ * @internal
+ *
+ * @brief Convert a buffer into an unpadded base64 string.
+ * The caller has to free the memory.
+ *
+ * @param  hash         What should be converted to a base64 string.
+ *
+ * @param  len          Length of the buffer to convert.
+ *
+ * @return              The base64 string or NULL on error.
+ *
+ * @see ssh_string_free_char()
+ */
+static char *ssh_get_b64_unpadded(const unsigned char *hash, size_t len)
+{
+    char *b64_padded = NULL;
+    char *b64_unpadded = NULL;
+    size_t k;
+
+    b64_padded = (char *)bin_to_base64(hash, (int)len);
+    if (b64_padded == NULL) {
+        return NULL;
+    }
+    for (k = strlen(b64_padded); k != 0 && b64_padded[k-1] == '='; k--);
+
+    b64_unpadded = strndup(b64_padded, k);
+    SAFE_FREE(b64_padded);
+
+    return b64_unpadded;
+}
+
 /**
 * @brief Convert a buffer into a colon separated hex string.
 * The caller has to free the memory.
@ -1237,6 +1269,54 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
  return hexa;
 }

+/**
+ * @brief Print a hash as a human-readable hex- or base64-string.
+ *
+ * This function prints hex strings if the given hash is a md5 sum.
+ * But prints unpadded base64 strings for sha sums.
+ * Either way, the output is prepended by the hash-type.
+ *
+ * @param  type         Which sort of hash is given.
+ *
+ * @param  hash         What should be converted to a base64 string.
+ *
+ * @param  len          Length of the buffer to convert.
+ */
+void ssh_print_hash(enum ssh_publickey_hash_type type,
+                    unsigned char *hash,
+                    size_t len) {
+    const char *prefix = "UNKNOWN";
+    char *fingerprint = NULL;
+
+    switch (type) {
+    case SSH_PUBLICKEY_HASH_SHA1:
+    case SSH_PUBLICKEY_HASH_SHA256:
+        fingerprint = ssh_get_b64_unpadded(hash, len);
+        break;
+    case SSH_PUBLICKEY_HASH_MD5:
+        fingerprint = ssh_get_hexa(hash, len);
+        break;
+    }
+    if (fingerprint == NULL) {
+        return;
+    }
+
+    switch (type) {
+    case SSH_PUBLICKEY_HASH_MD5:
+        prefix = "MD5";
+        break;
+    case SSH_PUBLICKEY_HASH_SHA1:
+        prefix = "SHA1";
+        break;
+    case SSH_PUBLICKEY_HASH_SHA256:
+        prefix = "SHA256";
+        break;
+    }
+    fprintf(stderr, "%s:%s\n", prefix, fingerprint);
+
+    SAFE_FREE(fingerprint);
+}
+
 /**
 * @brief Print a buffer as colon separated hex string.
 *