remvoe support for sha1 and md5 hashing for public keys

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
2022-05-26 15:46:19 +05:30 · 2022-05-26 15:46:19 +05:30 · 94c50fa3a8
parent 7501e8622c
commit 94c50fa3a8
3 changed files with 6 additions and 31 deletions
--- a/pkg/git/libgit2/managed/ssh.go
+++ b/pkg/git/libgit2/managed/ssh.go
@ -165,7 +165,7 @@ func (t *sshSmartSubtransport) Action(transportOptionsURL string, action git2go.
 		cert := &git2go.Certificate{
 			Kind: git2go.CertificateHostkey,
 			Hostkey: git2go.HostkeyCertificate{
-				Kind:         git2go.HostkeySHA256,
+				Kind:         git2go.HostkeySHA256 | git2go.HostkeyRaw,
 				HashSHA256:   sha256.Sum256(marshaledKey),
 				Hostkey:      marshaledKey,
 				SSHPublicKey: key,
--- a/pkg/git/libgit2/managed/transport.go
+++ b/pkg/git/libgit2/managed/transport.go
@ -1,8 +1,6 @@
 package managed

 import (
-	"crypto/md5"
-	"crypto/sha1"
 	"crypto/sha256"
 	"fmt"
 	"hash"
@ -49,16 +47,8 @@ func KnownHostsCallback(host string, knownHosts []byte) git2go.CertificateCheckC
 		case cert.Hostkey.Kind&git2go.HostkeySHA256 > 0:
 			fingerprint = cert.Hostkey.HashSHA256[:]
 			hasher = sha256.New()
-		// SHA1 and MD5 are present here, because they're used for unmanaged transport.
-		// TODO: get rid of this, when unmanaged transport is completely removed.
-		case cert.Hostkey.Kind&git2go.HostkeySHA1 > 0:
-			fingerprint = cert.Hostkey.HashSHA1[:]
-			hasher = sha1.New()
-		case cert.Hostkey.Kind&git2go.HostkeyMD5 > 0:
-			fingerprint = cert.Hostkey.HashMD5[:]
-			hasher = md5.New()
 		default:
-			return fmt.Errorf("invalid host key kind, expected to be one of SHA256, SHA1, MD5")
+			return fmt.Errorf("invalid host key kind, expected to be of kind SHA256")
 		}

 		// We are now certain that the configured host and the hostname
--- a/pkg/git/libgit2/managed/transport_test.go
+++ b/pkg/git/libgit2/managed/transport_test.go
@ -29,7 +29,7 @@ func TestKnownHostsCallback(t *testing.T) {
 			name:         "Match",
 			host:         "github.com",
 			knownHosts:   []byte(knownHostsFixture),
-			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA1 | git2go.HostkeyMD5, HashSHA1: sha1Fingerprint("v2toJdKXfFEaR1u++4iq1UqSrHM")},
+			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA256, HashSHA256: sha256Fingerprint("nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8")},
 			expectedHost: "github.com",
 			want:         nil,
 		},
@ -37,7 +37,7 @@ func TestKnownHostsCallback(t *testing.T) {
 			name:         "Match with port",
 			host:         "github.com",
 			knownHosts:   []byte(knownHostsFixture),
-			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA1 | git2go.HostkeyMD5, HashSHA1: sha1Fingerprint("v2toJdKXfFEaR1u++4iq1UqSrHM")},
+			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA256, HashSHA256: sha256Fingerprint("nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8")},
 			expectedHost: "github.com:22",
 			want:         nil,
 		},
@ -45,7 +45,7 @@ func TestKnownHostsCallback(t *testing.T) {
 			name:         "Hostname mismatch",
 			host:         "github.com",
 			knownHosts:   []byte(knownHostsFixture),
-			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA1 | git2go.HostkeyMD5, HashSHA1: sha1Fingerprint("v2toJdKXfFEaR1u++4iq1UqSrHM")},
+			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA256, HashSHA256: sha256Fingerprint("nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8")},
 			expectedHost: "example.com",
 			want:         fmt.Errorf("host mismatch: %q %q", "example.com", "github.com"),
 		},
@ -53,7 +53,7 @@ func TestKnownHostsCallback(t *testing.T) {
 			name:         "Hostkey mismatch",
 			host:         "github.com",
 			knownHosts:   []byte(knownHostsFixture),
-			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeyMD5, HashMD5: md5Fingerprint("\xb6\x03\x0e\x39\x97\x9e\xd0\xe7\x24\xce\xa3\x77\x3e\x01\x42\x09")},
+			hostkey:      git2go.HostkeyCertificate{Kind: git2go.HostkeySHA256, HashSHA256: sha256Fingerprint("ROQFvPThGrW4RuWLoL9tq9I9zJ42fK4XywyRtbOz/EQ")},
 			expectedHost: "github.com",
 			want:         fmt.Errorf("hostkey could not be verified"),
 		},
@ -73,21 +73,6 @@ func TestKnownHostsCallback(t *testing.T) {
 		})
 	}
 }
-func md5Fingerprint(in string) [16]byte {
-	var out [16]byte
-	copy(out[:], in)
-	return out
-}
-
-func sha1Fingerprint(in string) [20]byte {
-	d, err := base64.RawStdEncoding.DecodeString(in)
-	if err != nil {
-		panic(err)
-	}
-	var out [20]byte
-	copy(out[:], d)
-	return out
-}

 func sha256Fingerprint(in string) [32]byte {
 	d, err := base64.RawStdEncoding.DecodeString(in)