Add function get-public-key-fingerprint

nicolas-graves · nicolas-graves · commit 3e447253fcc7 · 2025-06-07T19:04:31.000+02:00
diff --git a/libguile-ssh/key-func.c b/libguile-ssh/key-func.c
@@ -384,9 +384,10 @@ Read public key from a file FILENAME.  Return a SSH key.\
 #undef FUNC_NAME
 
 static gssh_symbol_t hash_types[] = {
-  { "sha1", SSH_PUBLICKEY_HASH_SHA1 },
-  { "md5",  SSH_PUBLICKEY_HASH_MD5  },
-  { NULL,   -1                      }
+  { "sha1",   SSH_PUBLICKEY_HASH_SHA1   },
+  { "sha256", SSH_PUBLICKEY_HASH_SHA256 },
+  { "md5",    SSH_PUBLICKEY_HASH_MD5    },
+  { NULL,     -1                        }
 };
 
 SCM_DEFINE (guile_ssh_get_public_key_hash, "get-public-key-hash", 2, 0, 0,
@@ -434,6 +435,57 @@ Return a bytevector on success, #f on error.\
 }
 #undef FUNC_NAME
 
+SCM_DEFINE (guile_ssh_get_public_key_fingerprint, "get-public-key-fingerprint", 2, 0, 0,
+            (SCM key, SCM type),
+            "\
+Get fingerprint of the public KEY as a formatted string.\n\
+Possible types are: 'sha1, 'md5\n\
+Return a fingerprint string on success, #f on error.\
+")
+#define FUNC_NAME s_guile_ssh_get_public_key_fingerprint
+{
+  gssh_key_t *kd = gssh_key_from_scm (key);
+  unsigned char *hash = NULL;
+  size_t hash_len;
+  char *fingerprint = NULL;
+  int res;
+  SCM ret;
+  const gssh_symbol_t *hash_type = NULL;
+
+  SCM_ASSERT (scm_is_symbol (type), type, SCM_ARG2, FUNC_NAME);
+
+  scm_dynwind_begin (0);
+
+  hash_type = gssh_symbol_from_scm (hash_types, type);
+  if (! hash_type)
+    guile_ssh_error1 (FUNC_NAME, "Wrong type", type);
+
+  res = ssh_get_publickey_hash (kd->ssh_key, hash_type->value,
+                                &hash, &hash_len);
+  scm_dynwind_free (hash);
+
+  if (res == SSH_OK)
+    {
+      fingerprint = ssh_get_fingerprint_hash (hash_type->value, hash, hash_len);
+      if (fingerprint)
+        {
+          ret = scm_take_locale_string (fingerprint);
+        }
+      else
+        {
+          ret = SCM_BOOL_F;
+        }
+    }
+  else
+    {
+      ret = SCM_BOOL_F;
+    }
+
+  scm_dynwind_end ();
+  return ret;
+}
+#undef FUNC_NAME
+
 
 /* Initialize Scheme procedures. */
 void
diff --git a/libguile-ssh/key-func.h b/libguile-ssh/key-func.h
@@ -25,6 +25,7 @@ extern SCM guile_ssh_string_to_public_key (SCM arg1, SCM arg2);
 extern SCM guile_ssh_public_key_to_string (SCM arg1);
 extern SCM guile_ssh_private_key_from_file (SCM arg1, SCM arg2);
 extern SCM guile_ssh_public_key_from_file (SCM arg1, SCM arg2);
+extern SCM guile_ssh_get_public_key_fingerprint (SCM arg1, SCM arg2);
 
 extern void init_key_func (void);
 
diff --git a/modules/ssh/key.scm b/modules/ssh/key.scm
@@ -57,6 +57,7 @@
             private-key->public-key
             private-key-from-file
             private-key-to-file
+            get-public-key-fingerprint
             get-public-key-hash
             bytevector->hex-string))
 
diff --git a/tests/key.scm b/tests/key.scm
@@ -243,6 +243,24 @@
          (or (eq? (get-key-type key) 'ecdsa) ; libssh < 0.9
              (eq? (get-key-type key) 'ecdsa-p256)))))
 
+
+;;; Key fingerprints.
+
+(test-assert-with-log "get-public-key-fingerprint: RSA SHA1"
+  (let ((fingerprint (get-public-key-fingerprint *rsa-pub-key* 'sha1)))
+    (and (string? fingerprint)
+         (> (string-length fingerprint) 0))))
+
+(test-assert-with-log "get-public-key-fingerprint: RSA SHA256"
+  (let ((fingerprint (get-public-key-fingerprint *rsa-pub-key* 'sha256)))
+    (and (string? fingerprint)
+         (> (string-length fingerprint) 0))))
+
+(test-assert-with-log "get-public-key-fingerprint: RSA MD5"
+  (let ((fingerprint (get-public-key-fingerprint *rsa-pub-key* 'md5)))
+    (and (string? fingerprint)
+         (> (string-length fingerprint) 0))))
+
 
 ;;; Check reading encrypted keys.
 
