diff options
| author | Hans Nilsson <[email protected]> | 2016-11-03 13:18:59 +0100 |
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2016-11-22 12:22:45 +0100 |
| commit | 2d34e43c8c37fa153927f1aae78032da5ab176a8 (patch) | |
| tree | 4f4d41ae3e0e9c7d7c03f81d82b2047de9a665ae /lib/public_key/src | |
| parent | 4683b5c227a238ee27f658bdfe2981c4b69acf09 (diff) | |
| download | otp-2d34e43c8c37fa153927f1aae78032da5ab176a8.tar.gz otp-2d34e43c8c37fa153927f1aae78032da5ab176a8.tar.bz2 otp-2d34e43c8c37fa153927f1aae78032da5ab176a8.zip | |
public_key: ssh host key fingerprint generator added
Diffstat (limited to 'lib/public_key/src')
| -rw-r--r-- | lib/public_key/src/public_key.erl | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl index d23abfe256..fed3b09f36 100644 --- a/lib/public_key/src/public_key.erl +++ b/lib/public_key/src/public_key.erl @@ -49,6 +49,7 @@ pkix_normalize_name/1, pkix_path_validation/3, ssh_decode/2, ssh_encode/2, + ssh_hostkey_fingerprint/1, ssh_hostkey_fingerprint/2, ssh_curvename2oid/1, oid2ssh_curvename/1, pkix_crls_validate/3, pkix_dist_point/1, @@ -91,7 +92,8 @@ -type public_crypt_options() :: [{rsa_pad, rsa_padding()}]. -type rsa_digest_type() :: 'md5' | 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'. -type dss_digest_type() :: 'none' | 'sha'. %% None is for backwards compatibility --type ecdsa_digest_type() :: 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'. +-type ecdsa_digest_type() :: 'sha'| 'sha224' | 'sha256' | 'sha384' | 'sha512'. +-type digest_type() :: rsa_digest_type() | dss_digest_type() | ecdsa_digest_type(). -type crl_reason() :: unspecified | keyCompromise | cACompromise | affiliationChanged | superseded | cessationOfOperation | certificateHold | privilegeWithdrawn | aACompromise. -type oid() :: tuple(). @@ -819,6 +821,41 @@ oid2ssh_curvename(?'secp384r1') -> <<"nistp384">>; oid2ssh_curvename(?'secp521r1') -> <<"nistp521">>. %%-------------------------------------------------------------------- +-spec ssh_hostkey_fingerprint(public_key()) -> string(). +-spec ssh_hostkey_fingerprint(digest_type(), public_key()) -> string(). + +ssh_hostkey_fingerprint(Key) -> + sshfp_string(md5, Key). + +ssh_hostkey_fingerprint(HashAlg, Key) -> + lists:concat([sshfp_alg_name(HashAlg), + [$: | sshfp_string(HashAlg, Key)] + ]). + +sshfp_string(HashAlg, Key) -> + %% Other HashAlgs than md5 will be printed with + %% other formats than hextstr by + %% ssh-keygen -E <alg> -lf <file> + fp_fmt(sshfp_fmt(HashAlg), crypto:hash(HashAlg, public_key:ssh_encode(Key,ssh2_pubkey))). + +sshfp_alg_name(sha) -> "SHA1"; +sshfp_alg_name(Alg) -> string:to_upper(atom_to_list(Alg)). + +sshfp_fmt(md5) -> hexstr; +sshfp_fmt(_) -> b64. + +fp_fmt(hexstr, Bin) -> + lists:flatten(string:join([io_lib:format("~2.16.0b",[C1]) || <<C1>> <= Bin], ":")); +fp_fmt(b64, Bin) -> + %% This function clause *seems* to be + %% [C || C<-base64:encode_to_string(Bin), C =/= $=] + %% but I am not sure. Must be checked. + B64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", + BitsInLast = 8*size(Bin) rem 6, + Padding = (6-BitsInLast) rem 6, % Want BitsInLast = [1:5] to map to padding [5:1] and 0 -> 0 + [lists:nth(C+1,B64Chars) || <<C:6>> <= <<Bin/binary,0:Padding>> ]. + +%%-------------------------------------------------------------------- -spec short_name_hash({rdnSequence, [#'AttributeTypeAndValue'{}]}) -> string(). |