r00t2/SSHSecure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

adding GPL

Browse Source
This commit is contained in:
brent s.
2020-09-18 18:01:16 -04:00
parent c3a116c140
commit 382aaffa39
26 changed files with 1225 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
sshkeys/bufutils.go Normal file
View File

@@ -0,0 +1,32 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
// These are just here to save some typing.
func getBytelenStr(s string) []byte {
return getByteInt(len(s))
}
func getBytelenByteArr(b []byte) []byte {
return getByteInt(len(b))
}
func getByteInt(i int) []byte {
return []byte{byte(i)}
}

18
sshkeys/const.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
// Needed for V1 key format.

18
sshkeys/ed25519.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
import (

47
sshkeys/func.go
View File

@@ -1,7 +1,24 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
@@ -143,6 +160,8 @@ func (k *SSHKeyV1) Generate(force bool) error {
k.KeySize = keyEd25519
k.BlockSize = blockEd25519
}
k.CipherName = CipherNull
k.KDFName = KdfNull
// Currently, OpenSSH has an option for multiple private keys. However, it is hardcoded to 1.
// If multiple key support is added in the future, will need to re-tool how I do this, perhaps, in the future. TODO.
pk := SSHPrivKey{
@@ -169,6 +188,30 @@ func (k *SSHKeyV1) Generate(force bool) error {
return nil
}
func (k *SSHKeyV1) build() {
func (k *SSHKeyV1) build() error {
// We actually assemble the key buffer here. Translation to bytes where needed, case switches (ED25519 vs. RSA), etc.
k.Buffer.Truncate(0)
// First we need to do some prep for the common header.
kdfOptsBytes := []byte{}
switch k.(type) {
case EncryptedSSHKeyV1:
kdfOptsBytes = append(kdfOptsBytes, byte(len(k.KDFOpts.Salt)))
}
// For this, we can use a generic list and sequentially write.
cipher := []byte(k.CipherName)
kdf := []byte(k.KDFName)
commonHeader := [][]byte{
[]byte(KeyV1Magic + "\x00"),
{byte(len(cipher))},
cipher,
{byte(len(kdf))},
kdf,
}
for _, v := range commonHeader {
if _, err := k.Buffer.Write(v); err != nil {
k.Buffer.Truncate(0)
return err
}
}
}

18
sshkeys/main.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
func main() {

18
sshkeys/ref/encrypted/parse_poc_ed25519.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package main
import (

18
sshkeys/ref/encrypted/parse_poc_rsa.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package main
import (

18
sshkeys/ref/encrypted/private.ed25519
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following uses the aes256-ctr/bcrypt encryption. The passphrase is "test".
The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"

18
sshkeys/ref/encrypted/private.rsa
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following uses the aes256-ctr/bcrypt encryption. The passphrase is "test".
The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"

18
sshkeys/ref/encrypted/public.ed25519
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following uses the bcrypt encryption. The passphrase is "test".
PEM:

18
sshkeys/ref/encrypted/public.rsa
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following uses the bcrypt encryption. The passphrase is "test".
PEM:

20
sshkeys/ref/format.ed25519
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
ANNOTATED HEX REFERENCE:
PRIVATE:
@@ -42,4 +60,4 @@ PUBLIC:
0 uint32 allocator for 0.0
0.0 Public key keytype (string)
1 uint32 allocator for 1.0
1.0 Public key payload (bytes)
1.0 Public key payload (bytes)

18
sshkeys/ref/format.rsa
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
ANNOTATED HEX REFERENCE:
PRIVATE:

18
sshkeys/ref/plain/private.ed25519
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following is a plaintext key (no passphrase provided).
The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"

18
sshkeys/ref/plain/private.rsa
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following is a plaintext key (no passphrase provided).
The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"

18
sshkeys/ref/plain/public.ed25519
View File

@@ -1,3 +1,21 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################
The following is a plaintext pubkey (no passphrase provided).
Keys in the "PEM" (.pub) format are prefixed with the key type string and suffixed with the comment string.

18
sshkeys/ref/plain/public.rsa
View File

@@ -0,0 +1,18 @@
#############################################################################
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
#############################################################################

18
sshkeys/rsa.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
import (

22
sshkeys/struct.go
View File

@@ -1,3 +1,21 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
import (
@@ -8,7 +26,6 @@ import (
// EncryptedSSHKeyV1 represents an encrypted private key.
type EncryptedSSHKeyV1 struct {
SSHKeyV1
CipherName string
Crypt SSHCrypt
KDFOpts SSHKDFOpts
Passphrase []byte
@@ -30,13 +47,14 @@ type SSHKDFOpts struct {
Rounds uint32 // Also referred to as work factor.
}
// SSHKeyV1 represents an unencrypted private key.
// SSHKeyV1 represents a private key.
// We don't bother with the legacy (pre v1) keys. Sorry not sorry.
// Patch your shit.
type SSHKeyV1 struct {
Magic string
DefKeyType string
KDFName string
CipherName string
KeySize uint32
BlockSize uint32
Keys []SSHPrivKey // 1 by default.