Support SHA1 & SHA256

Author: MarcPaquette

helpers/fingerprint.go

@@ -2,6 +2,7 @@ package helpers
 
 import (
 	"crypto/md5"
+	"crypto/sha1"
 	"crypto/sha256"
 	"fmt"
 	"strings"
@@ -10,6 +11,7 @@ import (
 )
 
 const MD5_FINGERPRINT_LENGTH = 47
+const SHA1_FINGERPRINT_LENGTH = 59
 const SHA256_FINGERPRINT_LENGTH = 95
 
 func MD5Fingerprint(key ssh.PublicKey) string {
@@ -22,6 +24,11 @@ func SHA256Fingerprint(key ssh.PublicKey) string {
 	return colonize(fmt.Sprintf("% x", sha256sum))
 }
 
+func SHA1Fingerprint(key ssh.PublicKey) string {
+	sha1sum := sha1.Sum(key.Marshal())
+	return colonize(fmt.Sprintf("% x", sha1sum))
+}
+
 func colonize(s string) string {
 	return strings.Replace(s, " ", ":", -1)
 }

helpers/fingerprint_test.go

@@ -40,6 +40,7 @@ HbXzxBM4Ki0l1kaUjDVKjz3fsIq9Pl/lBoKYAmDvkK4xoxcs05ws
 -----END RSA PRIVATE KEY-----`
 
 	ExpectedMD5Fingerprint    = `24:2e:53:c3:72:4f:25:b8:72:29:2d:e3:56:63:4b:c8`
+	ExpectedSHA1Fingerprint   = `8b:d1:ce:b8:3a:f0:37:7f:56:9e:33:1a:72:4b:32:5a:bc:9d:3b:49`
 	ExpectedSHA256Fingerprint = `c7:e1:1c:47:3b:7b:11:f5:6e:5d:3c:67:16:dd:35:96:4c:5a:6c:f5:0b:82:e5:20:a6:f7:29:a3:9d:bf:3e:e7`
 )
 
@@ -68,6 +69,20 @@ var _ = Describe("Fingerprint", func() {
 		})
 	})
 
+	Describe("SHA1 Fingerprint", func() {
+		BeforeEach(func() {
+			fingerprint = helpers.SHA1Fingerprint(publicKey)
+		})
+
+		It("should have the correct length", func() {
+			Expect(utf8.RuneCountInString(fingerprint)).To(Equal(helpers.SHA1_FINGERPRINT_LENGTH))
+		})
+
+		It("should match the expected fingerprint", func() {
+			Expect(fingerprint).To(Equal(ExpectedSHA1Fingerprint))
+		})
+	})
+
 	Describe("SHA256 Fingerprint", func() {
 		BeforeEach(func() {
 			fingerprint = helpers.SHA256Fingerprint(publicKey)

proxy/proxy.go

@@ -401,6 +401,8 @@ func NewClientConn(logger lager.Logger, permissions *ssh.Permissions, tlsConfig
 			switch utf8.RuneCountInString(expectedFingerprint) {
 			case helpers.MD5_FINGERPRINT_LENGTH:
 				actualFingerprint = helpers.MD5Fingerprint(key)
+			case helpers.SHA1_FINGERPRINT_LENGTH:
+				actualFingerprint = helpers.SHA1Fingerprint(key)
 			case helpers.SHA256_FINGERPRINT_LENGTH:
 				actualFingerprint = helpers.SHA256Fingerprint(key)
 			}

proxy/proxy_test.go

@@ -245,6 +245,29 @@ var _ = Describe("Proxy", func() {
 					})
 
 					Context("when the host fingerprint is a sha1 hash", func() {
+						BeforeEach(func() {
+							targetConfigJson, err := json.Marshal(proxy.TargetConfig{
+								Address:         sshdListener.Addr().String(),
+								HostFingerprint: helpers.SHA1Fingerprint(TestHostKey.PublicKey()),
+								User:            "some-user",
+								Password:        "fake-some-password",
+							})
+							Expect(err).NotTo(HaveOccurred())
+
+							permissions := &ssh.Permissions{
+								CriticalOptions: map[string]string{
+									"proxy-target-config": string(targetConfigJson),
+								},
+							}
+							proxyAuthenticator.AuthenticateReturns(permissions, nil)
+						})
+
+						It("handshakes with the target using the provided configuration", func() {
+							Eventually(daemonAuthenticator.AuthenticateCallCount).Should(Equal(1))
+						})
+					})
+
+					Context("when the host fingerprint is a sha256 hash", func() {
 						BeforeEach(func() {
 							targetConfigJson, err := json.Marshal(proxy.TargetConfig{
 								Address:         sshdListener.Addr().String(),