Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Support_better_than_MD5_hostkey
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Gustafsson via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 8 Jul 2021 14:56:16 +0200
> On 8 Jul 2021, at 14:05, Mats Lindestam via curl-library <curl-library_at_cool.haxx.se> wrote:
> I am trying to implement support for SHA256 public keys. I have been able to reach as far as the lib/vssh/libssh2.c file and the ssh_check_fingerprint function. Now I have no idea on how to calculate the SHA156 public key from the hostkey hash, a.k.a. 'fingerprint, in the same manner as done for the MD5 public key (See https://github.com/curl/curl/blob/master/lib/vssh/libssh2.c#L627). From where have you picked up the algorithm for MD5, from the 'The MD5 Message-Digest Algorithm' RFC (https://www.ietf.org/rfc/rfc1321.txt)?
> Is there an RFC that explains the 'The SHA256 Message-Digest Algorithm'?
> Does any know where to get information about this?
You don’t need to implment SHA256 on your own, in fact you really shouldn’t.
AFAICT libssh2 supports SHA256 by passing LIBSSH2_HOSTKEY_HASH_SHA256 to
libssh2_hostkey_hash().
Date: Thu, 8 Jul 2021 14:56:16 +0200
> On 8 Jul 2021, at 14:05, Mats Lindestam via curl-library <curl-library_at_cool.haxx.se> wrote:
> I am trying to implement support for SHA256 public keys. I have been able to reach as far as the lib/vssh/libssh2.c file and the ssh_check_fingerprint function. Now I have no idea on how to calculate the SHA156 public key from the hostkey hash, a.k.a. 'fingerprint, in the same manner as done for the MD5 public key (See https://github.com/curl/curl/blob/master/lib/vssh/libssh2.c#L627). From where have you picked up the algorithm for MD5, from the 'The MD5 Message-Digest Algorithm' RFC (https://www.ietf.org/rfc/rfc1321.txt)?
> Is there an RFC that explains the 'The SHA256 Message-Digest Algorithm'?
> Does any know where to get information about this?
You don’t need to implment SHA256 on your own, in fact you really shouldn’t.
AFAICT libssh2 supports SHA256 by passing LIBSSH2_HOSTKEY_HASH_SHA256 to
libssh2_hostkey_hash().
-- Daniel Gustafsson https://vmware.com/ ------------------------------------------------------------------- Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2021-07-08