Merge branch 'hans/public_key/ssh_fingerprint_algorithm_list/OTP-14223' into maint

6 files changed, 122 insertions, 48 deletions

diff --git a/lib/public_key/doc/src/public_key.xml b/lib/public_key/doc/src/public_key.xml
index 37aa05e0fd..c97ec361d1 100644
--- a/lib/public_key/doc/src/public_key.xml
+++ b/lib/public_key/doc/src/public_key.xml
@@ -857,6 +857,7 @@ fun(#'DistributionPoint'{}, #'CertificateList'{},
   <func>
     <name>ssh_hostkey_fingerprint(HostKey) -> string()</name>
     <name>ssh_hostkey_fingerprint(DigestType, HostKey) -> string()</name>
+    <name>ssh_hostkey_fingerprint([DigestType], HostKey) -> [string()]</name>
     <fsummary>Calculates a ssh fingerprint for a hostkey.</fsummary>
     <type>
       <v>Key = public_key()</v>
@@ -880,6 +881,10 @@ fun(#'DistributionPoint'{}, #'CertificateList'{},
 
  5> public_key:ssh_hostkey_fingerprint(sha256,Key).
  "SHA256:aZGXhabfbf4oxglxltItWeHU7ub3Dc31NcNw2cMJePQ"
+
+ 6> public_key:ssh_hostkey_fingerprint([sha,sha256],Key).
+ ["SHA1:bSLY/C4QXLDL/Iwmhyg0PGW9UbY",
+  "SHA256:aZGXhabfbf4oxglxltItWeHU7ub3Dc31NcNw2cMJePQ"]
     </code>
   </desc>
   </func>
diff --git a/lib/public_key/src/public_key.erl b/lib/public_key/src/public_key.erl
index 402f514803..adc35073d6 100644
--- a/lib/public_key/src/public_key.erl
+++ b/lib/public_key/src/public_key.erl
@@ -893,21 +893,31 @@ oid2ssh_curvename(?'secp521r1') -> <<"nistp521">>.
 
 %%--------------------------------------------------------------------
 -spec ssh_hostkey_fingerprint(public_key()) -> string().
--spec ssh_hostkey_fingerprint(digest_type(), public_key()) -> string().
+-spec ssh_hostkey_fingerprint( digest_type(),  public_key()) ->  string()
+                           ; ([digest_type()], public_key())   -> [string()]
+                           .
 
 ssh_hostkey_fingerprint(Key) ->
-    sshfp_string(md5, Key).
+    sshfp_string(md5, public_key:ssh_encode(Key,ssh2_pubkey) ).
+
+ssh_hostkey_fingerprint(HashAlgs, Key) when is_list(HashAlgs) ->
+    EncKey = public_key:ssh_encode(Key, ssh2_pubkey),
+    [sshfp_full_string(HashAlg,EncKey) || HashAlg <- HashAlgs];
+ssh_hostkey_fingerprint(HashAlg, Key) when is_atom(HashAlg) ->
+    EncKey = public_key:ssh_encode(Key, ssh2_pubkey),
+    sshfp_full_string(HashAlg, EncKey).
 
-ssh_hostkey_fingerprint(HashAlg, Key) ->
-    lists:concat([sshfp_alg_name(HashAlg),
-		  [$: | sshfp_string(HashAlg, Key)]
-		 ]).
 
-sshfp_string(HashAlg, Key) ->
+sshfp_string(HashAlg, EncodedKey) ->
     %% Other HashAlgs than md5 will be printed with
     %% other formats than hextstr by
     %%    ssh-keygen -E <alg> -lf <file>
-    fp_fmt(sshfp_fmt(HashAlg), crypto:hash(HashAlg, public_key:ssh_encode(Key,ssh2_pubkey))).
+    fp_fmt(sshfp_fmt(HashAlg), crypto:hash(HashAlg, EncodedKey)).
+
+sshfp_full_string(HashAlg, EncKey) ->
+    lists:concat([sshfp_alg_name(HashAlg),
+		  [$: | sshfp_string(HashAlg, EncKey)]
+		 ]).
 
 sshfp_alg_name(sha) -> "SHA1";
 sshfp_alg_name(Alg) -> string:to_upper(atom_to_list(Alg)).
diff --git a/lib/public_key/test/public_key_SUITE.erl b/lib/public_key/test/public_key_SUITE.erl
index 615ff32539..68aa152911 100644
--- a/lib/public_key/test/public_key_SUITE.erl
+++ b/lib/public_key/test/public_key_SUITE.erl
@@ -54,7 +54,8 @@ all() ->
      ssh_hostkey_fingerprint_sha,
      ssh_hostkey_fingerprint_sha256,
      ssh_hostkey_fingerprint_sha384,
-     ssh_hostkey_fingerprint_sha512
+     ssh_hostkey_fingerprint_sha512,
+     ssh_hostkey_fingerprint_list
     ].
 
 groups() -> 
@@ -93,20 +94,21 @@ end_per_group(_GroupName, Config) ->
 %%-------------------------------------------------------------------
 init_per_testcase(TestCase, Config) ->
     case TestCase of
-	ssh_hostkey_fingerprint_md5_implicit -> init_fingerprint_testcase(md5, Config);
-	ssh_hostkey_fingerprint_md5 ->    init_fingerprint_testcase(md5, Config);
-	ssh_hostkey_fingerprint_sha ->    init_fingerprint_testcase(sha, Config);
-	ssh_hostkey_fingerprint_sha256 -> init_fingerprint_testcase(sha256, Config);
-	ssh_hostkey_fingerprint_sha384 -> init_fingerprint_testcase(sha384, Config);
-	ssh_hostkey_fingerprint_sha512 -> init_fingerprint_testcase(sha512, Config);
+	ssh_hostkey_fingerprint_md5_implicit -> init_fingerprint_testcase([md5], Config);
+	ssh_hostkey_fingerprint_md5 ->    init_fingerprint_testcase([md5], Config);
+	ssh_hostkey_fingerprint_sha ->    init_fingerprint_testcase([sha], Config);
+	ssh_hostkey_fingerprint_sha256 -> init_fingerprint_testcase([sha256], Config);
+	ssh_hostkey_fingerprint_sha384 -> init_fingerprint_testcase([sha384], Config);
+	ssh_hostkey_fingerprint_sha512 -> init_fingerprint_testcase([sha512], Config);
+	ssh_hostkey_fingerprint_list   -> init_fingerprint_testcase([sha,md5], Config);
 	_ -> init_common_per_testcase(Config)
     end.
 	
-init_fingerprint_testcase(Alg, Config) ->
-    CryptoSupports = lists:member(Alg, proplists:get_value(hashs, crypto:supports())),
-    case CryptoSupports of
-	false -> {skip,{Alg,not_supported}};
-	true -> init_common_per_testcase(Config)
+init_fingerprint_testcase(Algs, Config) ->
+    Hashs = proplists:get_value(hashs, crypto:supports(), []),
+    case Algs -- Hashs of
+        [] -> init_common_per_testcase(Config);
+        UnsupportedAlgs ->  {skip,{UnsupportedAlgs,not_supported}}
     end.
 
 init_common_per_testcase(Config0) ->
@@ -600,6 +602,14 @@ ssh_hostkey_fingerprint_sha512(_Config) ->
     Expected = public_key:ssh_hostkey_fingerprint(sha512, ssh_hostkey(rsa)).
 
 %%--------------------------------------------------------------------
+%% Since this kind of fingerprint is not available yet on standard
+%% distros, we do like this instead.
+ssh_hostkey_fingerprint_list(_Config) ->
+    Expected = ["SHA1:Soammnaqg06jrm2jivMSnzQGlmk",
+                "MD5:4b:0b:63:de:0f:a7:3a:ab:2c:cc:2d:d1:21:37:1d:3a"],
+    Expected = public_key:ssh_hostkey_fingerprint([sha,md5], ssh_hostkey(rsa)).
+
+%%--------------------------------------------------------------------
 encrypt_decrypt() ->
     [{doc, "Test public_key:encrypt_private and public_key:decrypt_public"}].
 encrypt_decrypt(Config) when is_list(Config) -> 
diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml
index 6b49f89449..f6e26f5ee8 100644
--- a/lib/ssh/doc/src/ssh.xml
+++ b/lib/ssh/doc/src/ssh.xml
@@ -153,7 +153,7 @@
 	  <item>
 	  <p>IP version to use.</p>
 	  </item>
-          <tag><c><![CDATA[{user_dir, string()}]]></c></tag>
+          <tag><marker id="opt_user_dir"></marker><c><![CDATA[{user_dir, string()}]]></c></tag>
 	  <item>
 	    <p>Sets the user directory, that is, the directory containing
 	    <c>ssh</c> configuration files for the user, such as
@@ -175,22 +175,48 @@
 	    supplied with this option.
 	    </p>
 	  </item>
-          <tag><c><![CDATA[{silently_accept_hosts, boolean() | accept_fun() | {crypto:digest_type(), accept_fun()} }]]></c>
-	  <br/>
-	  <c><![CDATA[accept_fun() :: fun(PeerName::string(), FingerPrint::string()) -> boolean()]]></c>
+          <tag>
+            <c><![CDATA[{silently_accept_hosts, boolean()}]]></c> <br/>
+            <c><![CDATA[{silently_accept_hosts, CallbackFun}]]></c> <br/>
+            <c><![CDATA[{silently_accept_hosts, {HashAlgoSpec, CallbackFun} }]]></c> <br/>
+            <br/>
+	    <c><![CDATA[HashAlgoSpec = crypto:digest_type() | [ crypto:digest_type() ] ]]></c><br/>
+	    <c><![CDATA[CallbackFun = fun(PeerName, FingerPrint) -> boolean()]]></c><br/>
+	    <c><![CDATA[PeerName = string()]]></c><br/>
+	    <c><![CDATA[FingerPrint = string() | [ string() ] ]]></c>
 	  </tag>
 	  <item>
-	    <p>When <c>true</c>, hosts are added to the
-	    file <c><![CDATA[known_hosts]]></c> without asking the user.
-	    Defaults to <c>false</c> which will give a user question on stdio of whether to accept or reject a previously
-	    unseen host.</p>
-	    <p>If the option value is has an <c>accept_fun()</c>, that fun will called with the arguments
-	    <c>(PeerName, PeerHostKeyFingerPrint)</c>.  The fingerprint is calculated on the Peer's Host Key with
-	    <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-1">public_key:ssh_hostkey_fingerprint/1</seealso>.
-	    </p>
-	    <p>If the <c>crypto:digest_type()</c> is present, the fingerprint is calculated with that digest type by the function
-	    <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-2">public_key:ssh_hostkey_fingerprint/2</seealso>.
-	    </p>
+            <p>This option guides the <c>connect</c> function how to act when the connected server presents a Host 
+            Key that the client has not seen before. The default is to ask the user with a question on stdio of whether to
+            accept or reject the new Host Key.
+            See also the option <seealso marker="#opt_user_dir"><c>user_dir</c></seealso>
+            for the path to the file <c>known_hosts</c> where previously accepted Host Keys are recorded.
+            </p>
+            <p>The option can be given in three different forms as seen above:</p>
+	    <list>
+	      <item>The value is a <c>boolean()</c>.  The value <c>true</c> will make the client accept any unknown
+              Host Key without any user interaction.  The value <c>false</c> keeps the default behaviour of asking the
+              the user on stdio.
+              </item>
+              <item>A <c>CallbackFun</c> will be called and the boolean return value <c>true</c> will make the client
+              accept the Host Key. A return value of <c>false</c> will make the client to reject the Host Key and therefore
+              also the connection will be closed. The arguments to the fun are:
+              <list type="bulleted">
+	        <item><c>PeerName</c> - a string with the name or address of the remote host.</item>
+                <item><c>FingerPrint</c> - the fingerprint of the Host Key as 
+                <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-1">public_key:ssh_hostkey_fingerprint/1</seealso>
+                calculates it.
+                </item>
+              </list>
+              </item>
+              <item>A tuple <c>{HashAlgoSpec, CallbackFun}</c>. The <c>HashAlgoSpec</c> specifies which hash algorithm
+                shall be used to calculate the fingerprint used in the call of the <c>CallbackFun</c>. The <c>HashALgoSpec</c>
+                is either an atom or a list of atoms as the first argument in
+                <seealso marker="public_key:public_key#ssh_hostkey_fingerprint-2">public_key:ssh_hostkey_fingerprint/2</seealso>.
+                If it is a list of hash algorithm names, the <c>FingerPrint</c> argument in the <c>CallbackFun</c> will be 
+                a list of fingerprints in the same order as the corresponding name in the <c>HashAlgoSpec</c> list.
+              </item>
+            </list>
 	  </item>
 	  <tag><c><![CDATA[{user_interaction, boolean()}]]></c></tag>
 	  <item>
@@ -200,7 +226,7 @@
 	    supplying a password. Defaults to <c>true</c>.
 	    Even if user interaction is allowed it can be
 	    suppressed by other options, such as <c>silently_accept_hosts</c>
-	    and <c>password</c>. However, those optins are not always desirable
+	    and <c>password</c>. However, those options are not always desirable
 	    to use from a security point of view.</p>
 	  </item>
 
diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl
index 31e343e81b..f408086c0f 100644
--- a/lib/ssh/src/ssh.erl
+++ b/lib/ssh/src/ssh.erl
@@ -620,11 +620,22 @@ handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_boolean(Value) -
 handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_function(Value,2) ->
     Opt;
 handle_ssh_option({silently_accept_hosts, {DigestAlg,Value}} = Opt) when is_function(Value,2) ->
-    case lists:member(DigestAlg, [md5, sha, sha224, sha256, sha384, sha512]) of
-	true ->
-	    Opt;
-	false ->
-	    throw({error, {eoptions, Opt}})
+    Algs = if is_atom(DigestAlg) -> [DigestAlg];
+              is_list(DigestAlg) -> DigestAlg;
+              true -> throw({error, {eoptions, Opt}})
+           end,
+    case [A || A <- Algs,
+               not lists:member(A, [md5, sha, sha224, sha256, sha384, sha512])] of
+        [_|_] = UnSup1 ->
+            throw({error, {{eoptions, Opt}, {not_fingerprint_algos,UnSup1}}});
+        [] ->
+            CryptoHashAlgs = proplists:get_value(hashs, crypto:supports(), []),
+            case [A || A <- Algs,
+                       not lists:member(A, CryptoHashAlgs)] of
+                [_|_] = UnSup2 ->
+                    throw({error, {{eoptions, Opt}, {unsupported_algo,UnSup2}}});
+                [] -> Opt
+            end
     end;
 handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) ->
     Opt;
diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl
index 86f5cb1746..d07c596411 100644
--- a/lib/ssh/test/ssh_options_SUITE.erl
+++ b/lib/ssh/test/ssh_options_SUITE.erl
@@ -67,7 +67,8 @@
 	 hostkey_fingerprint_check_sha/1,
 	 hostkey_fingerprint_check_sha256/1,
 	 hostkey_fingerprint_check_sha384/1,
-	 hostkey_fingerprint_check_sha512/1
+	 hostkey_fingerprint_check_sha512/1,
+	 hostkey_fingerprint_check_list/1
 	]).
 
 %%% Common test callbacks
@@ -112,6 +113,7 @@ all() ->
      hostkey_fingerprint_check_sha256,
      hostkey_fingerprint_check_sha384,
      hostkey_fingerprint_check_sha512,
+     hostkey_fingerprint_check_list,
      id_string_no_opt_client,
      id_string_own_string_client,
      id_string_random_client,
@@ -812,6 +814,8 @@ hostkey_fingerprint_check_sha384(Config) ->
 hostkey_fingerprint_check_sha512(Config) ->
     do_hostkey_fingerprint_check(Config, sha512).
 
+hostkey_fingerprint_check_list(Config) ->
+    do_hostkey_fingerprint_check(Config, [sha,md5,sha256]).
 
 %%%----
 do_hostkey_fingerprint_check(Config, HashAlg) ->
@@ -824,9 +828,10 @@ do_hostkey_fingerprint_check(Config, HashAlg) ->
 
 supported_hash(old) -> true;
 supported_hash(HashAlg) ->
-   proplists:get_value(HashAlg,
-		       proplists:get_value(hashs, crypto:supports(), []),
-		       false).
+    Hs = if is_atom(HashAlg) -> [HashAlg];
+            is_list(HashAlg) -> HashAlg
+         end,
+    [] == (Hs -- proplists:get_value(hashs, crypto:supports(), [])).
 
 
 really_do_hostkey_fingerprint_check(Config, HashAlg) ->
@@ -840,7 +845,7 @@ really_do_hostkey_fingerprint_check(Config, HashAlg) ->
 
     %% All host key fingerprints.  Trust that public_key has checked the ssh_hostkey_fingerprint
     %% function since that function is used by the ssh client...
-    FPs = [case HashAlg of
+    FPs0 = [case HashAlg of
 	       old -> public_key:ssh_hostkey_fingerprint(Key);
 	       _ -> public_key:ssh_hostkey_fingerprint(HashAlg, Key)
 	   end
@@ -856,6 +861,9 @@ really_do_hostkey_fingerprint_check(Config, HashAlg) ->
 				      _:_ -> []
 				  end
 			      end],
+    FPs = if is_atom(HashAlg) -> FPs0;
+             is_list(HashAlg) -> lists:concat(FPs0)
+          end,
     ct:log("Fingerprints(~p) = ~p",[HashAlg,FPs]),
 
     %% Start daemon with the public keys that we got fingerprints from
@@ -866,8 +874,12 @@ really_do_hostkey_fingerprint_check(Config, HashAlg) ->
     FP_check_fun = fun(PeerName, FP) ->
 			   ct:pal("PeerName = ~p, FP = ~p",[PeerName,FP]),
 			   HostCheck = (Host == PeerName),
-			   FPCheck = lists:member(FP, FPs),
-			   ct:log("check ~p == ~p (~p) and ~n~p in ~p (~p)~n",
+			   FPCheck = 
+                               if is_atom(HashAlg) -> lists:member(FP, FPs);
+                                  is_list(HashAlg) -> lists:all(fun(FP1) -> lists:member(FP1,FPs) end,
+                                                                FP)
+                               end,
+			   ct:log("check ~p == ~p (~p) and ~n~p~n in ~p (~p)~n",
 				  [PeerName,Host,HostCheck,FP,FPs,FPCheck]),
 			   HostCheck and FPCheck
 		   end,