mirrors/age
1
0
Fork 0
mirror of https://github.com/FiloSottile/age.git synced 2026-05-02 16:15:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

internal/age: unexport SSHFingerprint

Browse Source
This commit is contained in:
Filippo Valsorda
2020-05-17 13:49:11 -04:00
parent f0f8092d60
commit 7088a73234
2 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/age/encrypted_keys.go
View File

@@ -9,6 +9,7 @@ package main
import (
"crypto/ed25519"
"crypto/rsa"
"crypto/sha256"
"fmt"
"os"
@@ -77,6 +78,11 @@ func (i *EncryptedSSHIdentity) Unwrap(block *format.Recipient) (fileKey []byte,
return i.decrypted.Unwrap(block)
}
func sshFingerprint(pk ssh.PublicKey) string {
h := sha256.Sum256(pk.Marshal())
return format.EncodeToString(h[:4])
}
func (i *EncryptedSSHIdentity) Matches(block *format.Recipient) error {
if block.Type != i.Type() {
return age.ErrIncorrectIdentity
@@ -85,7 +91,7 @@ func (i *EncryptedSSHIdentity) Matches(block *format.Recipient) error {
return fmt.Errorf("invalid %v recipient block", i.Type())
}
if block.Args[0] != age.SSHFingerprint(i.pubKey) {
if block.Args[0] != sshFingerprint(i.pubKey) {
return age.ErrIncorrectIdentity
}
return nil

16
internal/age/ssh.go
View File

@@ -24,11 +24,9 @@ import (
"golang.org/x/crypto/ssh"
)
func SSHFingerprint(pk ssh.PublicKey) string {
h := sha256.New()
h.Write(pk.Marshal())
hh := h.Sum(nil)
return format.EncodeToString(hh[:4])
func sshFingerprint(pk ssh.PublicKey) string {
h := sha256.Sum256(pk.Marshal())
return format.EncodeToString(h[:4])
}
const oaepLabel = "age-encryption.org/v1/ssh-rsa"
@@ -65,7 +63,7 @@ func NewSSHRSARecipient(pk ssh.PublicKey) (*SSHRSARecipient, error) {
func (r *SSHRSARecipient) Wrap(fileKey []byte) (*format.Recipient, error) {
l := &format.Recipient{
Type: "ssh-rsa",
Args: []string{SSHFingerprint(r.sshKey)},
Args: []string{sshFingerprint(r.sshKey)},
}
wrappedKey, err := rsa.EncryptOAEP(sha256.New(), rand.Reader,
@@ -106,7 +104,7 @@ func (i *SSHRSAIdentity) Unwrap(block *format.Recipient) ([]byte, error) {
return nil, errors.New("invalid ssh-rsa recipient block")
}
if block.Args[0] != SSHFingerprint(i.sshKey) {
if block.Args[0] != sshFingerprint(i.sshKey) {
return nil, ErrIncorrectIdentity
}
@@ -226,7 +224,7 @@ func (r *SSHEd25519Recipient) Wrap(fileKey []byte) (*format.Recipient, error) {
l := &format.Recipient{
Type: "ssh-ed25519",
Args: []string{SSHFingerprint(r.sshKey),
Args: []string{sshFingerprint(r.sshKey),
format.EncodeToString(ourPublicKey[:])},
}
@@ -308,7 +306,7 @@ func (i *SSHEd25519Identity) Unwrap(block *format.Recipient) ([]byte, error) {
return nil, errors.New("invalid ssh-ed25519 recipient block")
}
if block.Args[0] != SSHFingerprint(i.sshKey) {
if block.Args[0] != sshFingerprint(i.sshKey) {
return nil, ErrIncorrectIdentity
}