sashakoshka/go-gemini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert to using hexadecimal to encode fingerprints

Browse Source
This commit is contained in:
Adnan Maolood 2020-12-16 23:58:02 -05:00
parent 16739d20d0
commit 611a7d54c0
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
client.go
View File

@ -2,7 +2,6 @@ package gemini
import ( import (
"bufio" "bufio"
"bytes"
"crypto/tls" "crypto/tls"
"crypto/x509" "crypto/x509"
"errors" "errors"
@ -251,7 +250,7 @@ func (c *Client) verifyConnection(req *Request, cs tls.ConnectionState) error {
} }
fingerprint := NewFingerprint(cert.Raw, cert.NotAfter) fingerprint := NewFingerprint(cert.Raw, cert.NotAfter)
if bytes.Equal(knownHost.Raw, fingerprint.Raw) { if knownHost.Hex == fingerprint.Hex {
return nil return nil
} }
return errors.New("gemini: fingerprint does not match") return errors.New("gemini: fingerprint does not match")

23
tofu.go
View File

@ -3,7 +3,6 @@ package gemini
import ( import (
"bufio" "bufio"
"crypto/sha512" "crypto/sha512"
"encoding/base64"
"fmt" "fmt"
"io" "io"
"os" "os"
@ -70,8 +69,7 @@ func (k *KnownHostsFile) WriteAll(w io.Writer) error {
// writeKnownHost writes a known host to the provided io.Writer. // writeKnownHost writes a known host to the provided io.Writer.
func (k *KnownHostsFile) writeKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) { func (k *KnownHostsFile) writeKnownHost(w io.Writer, hostname string, f Fingerprint) (int, error) {
s := base64.StdEncoding.EncodeToString([]byte(f.Raw)) return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, f.Hex, f.Expires.Unix())
return fmt.Fprintf(w, "%s %s %s %d\n", hostname, f.Algorithm, s, f.Expires.Unix())
} }
// Load loads the known hosts from the provided path. // Load loads the known hosts from the provided path.
@ -112,11 +110,7 @@ func (k *KnownHostsFile) Parse(r io.Reader) {
if algorithm != "SHA-512" { if algorithm != "SHA-512" {
continue continue
} }
fingerprint := parts[2] hex := parts[2]
raw, err := base64.StdEncoding.DecodeString(fingerprint)
if err != nil {
continue
}
unix, err := strconv.ParseInt(parts[3], 10, 0) unix, err := strconv.ParseInt(parts[3], 10, 0)
if err != nil { if err != nil {
@ -125,8 +119,8 @@ func (k *KnownHostsFile) Parse(r io.Reader) {
expires := time.Unix(unix, 0) expires := time.Unix(unix, 0)
k.KnownHosts[hostname] = Fingerprint{ k.KnownHosts[hostname] = Fingerprint{
Raw: raw,
Algorithm: algorithm, Algorithm: algorithm,
Hex: hex,
Expires: expires, Expires: expires,
} }
} }
@ -134,17 +128,24 @@ func (k *KnownHostsFile) Parse(r io.Reader) {
// Fingerprint represents a fingerprint using a certain algorithm. // Fingerprint represents a fingerprint using a certain algorithm.
type Fingerprint struct { type Fingerprint struct {
Raw []byte // raw fingerprint data
Algorithm string // fingerprint algorithm e.g. SHA-512 Algorithm string // fingerprint algorithm e.g. SHA-512
Hex string // fingerprint in hexadecimal, with ':' between each octet
Expires time.Time // unix time of the fingerprint expiration date Expires time.Time // unix time of the fingerprint expiration date
} }
// NewFingerprint returns the SHA-512 fingerprint of the provided raw data. // NewFingerprint returns the SHA-512 fingerprint of the provided raw data.
func NewFingerprint(raw []byte, expires time.Time) Fingerprint { func NewFingerprint(raw []byte, expires time.Time) Fingerprint {
sum512 := sha512.Sum512(raw) sum512 := sha512.Sum512(raw)
var b strings.Builder
for i, f := range sum512 {
if i > 0 {
b.WriteByte(':')
}
fmt.Fprintf(&b, "%02X", f)
}
return Fingerprint{ return Fingerprint{
Raw: sum512[:],
Algorithm: "SHA-512", Algorithm: "SHA-512",
Hex: b.String(),
Expires: expires, Expires: expires,
} }
} }