Check hostkey type when validating hostkey

Signed-off-by: Philip Laine <philip.laine@gmail.com>
fluxcd · Feb 11, 2021 · e92a852 · e92a852
1 parent c32d11c
commit e92a852
Showing 1 changed file with 21 additions and 4 deletions.
diff --git a/pkg/git/libgit2/transport.go b/pkg/git/libgit2/transport.go
@@ -19,7 +19,9 @@ package libgit2
 import (
 	"bufio"
 	"bytes"
+	"crypto/md5"
 	"crypto/sha1"
+	"crypto/sha256"
 	"crypto/x509"
 	"fmt"
 	"net/url"
@@ -135,7 +137,7 @@ func (s *PublicKeyAuth) Method(secret corev1.Secret) (*git.Auth, error) {
 	}
 	certCallback := func(cert *git2go.Certificate, valid bool, hostname string) git2go.ErrorCode {
 		for _, k := range kk {
-			if k.matches(hostname, cert.Hostkey.HashSHA1[:]) {
+			if k.matches(hostname, cert.Hostkey) {
 				return git2go.ErrOk
 			}
 		}
@@ -173,13 +175,28 @@ func parseKnownHosts(s string) ([]knownKey, error) {
 	return knownHosts, nil
 }
 
-func (k knownKey) matches(host string, key []byte) bool {
+func (k knownKey) matches(host string, hostkey git2go.HostkeyCertificate) bool {
 	if !containsHost(k.hosts, host) {
 		return false
 	}
 
-	hash := sha1.Sum([]byte(k.key.Marshal()))
-	if bytes.Compare(hash[:], key) != 0 {
+	var hash []byte
+	var key []byte
+	switch hostkey.Kind {
+	case git2go.HostkeyMD5:
+		sum := md5.Sum(k.key.Marshal())
+		hash = sum[:]
+		key = hostkey.HashMD5[:]
+	case git2go.HostkeySHA1:
+		sum := sha1.Sum(k.key.Marshal())
+		hash = sum[:]
+		key = hostkey.HashSHA1[:]
+	case git2go.HostkeySHA256:
+		sum := sha256.Sum256(k.key.Marshal())
+		hash = sum[:]
+		key = hostkey.HashSHA256[:]
+	}
+	if bytes.Compare(hash, key) != 0 {
 		return false
 	}