From 116cde3f9debaf485b57b5a4991c58f39c0377c8 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@cryptonomic.net>
Date: Sat, 9 Oct 2021 17:45:18 -0400
Subject: Use SSHFP keyhash-based filename for private key

The same should be used for the public key, but isn't (yet).
---
 cryptonomic-vpn | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/cryptonomic-vpn b/cryptonomic-vpn
index 68669da..364606c 100755
--- a/cryptonomic-vpn
+++ b/cryptonomic-vpn
@@ -48,11 +48,6 @@ NO_ACT=y
 REMOTE_KEY_TYPE=rsa
 LOCAL_KEY=ssh_host_rsa_key
 
-# Hard-coded private key source and destinations.
-LOCAL_KEY_DEST_BASENAME=ssh_host_rsa_key
-LOCAL_PRIVATE_KEY_DEST=/etc/swanctl/private/$LOCAL_KEY_DEST_BASENAME
-LOCAL_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$LOCAL_KEY_DEST_BASENAME.pub
-
 die() { printf 'Error: %s\n' "$*" >&2; exit 1; }
 warn() { printf 'Warning: %s\n' "$*" >&2; }
 
@@ -129,12 +124,15 @@ validate_remote_key_type()
 
 validate_local_key()
 {
-    # TODO: check that it is RSA
     case "$LOCAL_KEY" in
         */*) ;;
         *) LOCAL_KEY=/etc/ssh/$LOCAL_KEY ;;
     esac
     [ -f "$LOCAL_KEY" -a -r "$LOCAL_KEY" ] || die "could not read local key (filename=$LOCAL_KEY)"
+
+    LOCAL_KEY_DEST_BASENAME=$(sshfp_filename_string "$LOCAL_KEY") || die "parsing local key (filename=$LOCAL_KEY)"
+    LOCAL_PRIVATE_KEY_DEST=/etc/swanctl/private/$LOCAL_KEY_DEST_BASENAME
+    LOCAL_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$LOCAL_KEY_DEST_BASENAME.pub
 }
 
 main()
@@ -248,6 +246,13 @@ write_remote_key()
     esac
 }
 
+sshfp_filename_string()
+{
+    local keytype=1 hashtype=2
+    ssh-keygen -r. -f "$1" | sed -ne "/^. IN SSHFP $keytype $hashtype / { s/. IN //; y/ /_/; p; q; }"
+}
+
+
 install_local_private_key()
 {
     private_key_tmp=$(mktemp) || return
-- 
cgit v1.2.3