Add support for SHA256 fingerprints (#198)

* Add SHA256 * Update tests * Fix padding
2021-01-17 16:16:38 -08:00 · 2021-01-17 16:16:38 -08:00 · 4de805dd37
parent 0544287141
commit 4de805dd37
3 changed files with 25 additions and 6 deletions
--- a/SecretKit/Common/OpenSSH/OpenSSHKeyWriter.swift
+++ b/SecretKit/Common/OpenSSH/OpenSSHKeyWriter.swift
@ -19,7 +19,15 @@ public struct OpenSSHKeyWriter {
            .joined(separator: " ")
    }

-    public func openSSHFingerprint<SecretType: Secret>(secret: SecretType) -> String {
+    public func openSSHSHA256Fingerprint<SecretType: Secret>(secret: SecretType) -> String {
+        // OpenSSL format seems to strip the padding at the end.
+        let base64 = Data(SHA256.hash(data: data(secret: secret))).base64EncodedString()
+        let paddingRange = base64.index(base64.endIndex, offsetBy: -2)..<base64.endIndex
+        let cleaned = base64.replacingOccurrences(of: "=", with: "", range: paddingRange)
+        return "SHA256:\(cleaned)"
+    }
+
+    public func openSSHMD5Fingerprint<SecretType: Secret>(secret: SecretType) -> String {
        Insecure.MD5.hash(data: data(secret: secret))
            .compactMap { ("0" + String($0, radix: 16, uppercase: false)).suffix(2) }
            .joined(separator: ":")
--- a/SecretKitTests/OpenSSHWriterTests.swift
+++ b/SecretKitTests/OpenSSHWriterTests.swift
@ -6,8 +6,12 @@ class OpenSSHWriterTests: XCTestCase {

    let writer = OpenSSHKeyWriter()

-    func testECDSA256Fingerprint() {
-        XCTAssertEqual(writer.openSSHFingerprint(secret:  Constants.ecdsa256Secret), "dc:60:4d:ff:c2:d9:18:8b:2f:24:40:b5:7f:43:47:e5")
+    func testECDSA256MD5Fingerprint() {
+        XCTAssertEqual(writer.openSSHMD5Fingerprint(secret:  Constants.ecdsa256Secret), "dc:60:4d:ff:c2:d9:18:8b:2f:24:40:b5:7f:43:47:e5")
+    }
+
+    func testECDSA256SHA256Fingerprint() {
+        XCTAssertEqual(writer.openSSHSHA256Fingerprint(secret:  Constants.ecdsa256Secret), "SHA256:/VQFeGyM8qKA8rB6WGMuZZxZLJln2UgXLk3F0uTF650")
    }

    func testECDSA256PublicKey() {
@ -19,8 +23,12 @@ class OpenSSHWriterTests: XCTestCase {
    XCTAssertEqual(writer.data(secret: Constants.ecdsa256Secret), Data(base64Encoded: "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo="))
    }

-    func testECDSA384Fingerprint() {
-        XCTAssertEqual(writer.openSSHFingerprint(secret:  Constants.ecdsa384Secret), "66:e0:66:d7:41:ed:19:8e:e2:20:df:ce:ac:7e:2b:6e")
+    func testECDSA384MD5Fingerprint() {
+        XCTAssertEqual(writer.openSSHMD5Fingerprint(secret:  Constants.ecdsa384Secret), "66:e0:66:d7:41:ed:19:8e:e2:20:df:ce:ac:7e:2b:6e")
+    }
+
+    func testECDSA384SHA256Fingerprint() {
+        XCTAssertEqual(writer.openSSHSHA256Fingerprint(secret:  Constants.ecdsa384Secret), "SHA256:GJUEymQNL9ymaMRRJCMGY4rWIJHu/Lm8Yhao/PAiz1I")
    }

    func testECDSA384PublicKey() {
--- a/Secretive/Views/SecretDetailView.swift
+++ b/Secretive/Views/SecretDetailView.swift
@ -10,7 +10,10 @@ struct SecretDetailView<SecretType: Secret>: View {
    var body: some View {
        Form {
            Section {
-                CopyableView(title: "Fingerprint", image: Image(systemName: "touchid"), text: keyWriter.openSSHFingerprint(secret: secret))
+                CopyableView(title: "SHA256 Fingerprint", image: Image(systemName: "touchid"), text: keyWriter.openSSHSHA256Fingerprint(secret: secret))
+                Spacer()
+                    .frame(height: 20)
+                CopyableView(title: "MD5 Fingerprint", image: Image(systemName: "touchid"), text: keyWriter.openSSHMD5Fingerprint(secret: secret))
                Spacer()
                    .frame(height: 20)
                CopyableView(title: "Public Key", image: Image(systemName: "key"), text: keyString)