r00t2/SSHSecure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

adding GPL

Browse Source
This commit is contained in:
brent s.
2020-09-18 18:01:16 -04:00
parent c3a116c140
commit 382aaffa39
26 changed files with 1225 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
sshkeys/func.go
View File

@@ -1,7 +1,24 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
@@ -143,6 +160,8 @@ func (k *SSHKeyV1) Generate(force bool) error {
k.KeySize = keyEd25519
k.BlockSize = blockEd25519
}
k.CipherName = CipherNull
k.KDFName = KdfNull
// Currently, OpenSSH has an option for multiple private keys. However, it is hardcoded to 1.
// If multiple key support is added in the future, will need to re-tool how I do this, perhaps, in the future. TODO.
pk := SSHPrivKey{
@@ -169,6 +188,30 @@ func (k *SSHKeyV1) Generate(force bool) error {
return nil
}
func (k *SSHKeyV1) build() {
func (k *SSHKeyV1) build() error {
// We actually assemble the key buffer here. Translation to bytes where needed, case switches (ED25519 vs. RSA), etc.
k.Buffer.Truncate(0)
// First we need to do some prep for the common header.
kdfOptsBytes := []byte{}
switch k.(type) {
case EncryptedSSHKeyV1:
kdfOptsBytes = append(kdfOptsBytes, byte(len(k.KDFOpts.Salt)))
}
// For this, we can use a generic list and sequentially write.
cipher := []byte(k.CipherName)
kdf := []byte(k.KDFName)
commonHeader := [][]byte{
[]byte(KeyV1Magic + "\x00"),
{byte(len(cipher))},
cipher,
{byte(len(kdf))},
kdf,
}
for _, v := range commonHeader {
if _, err := k.Buffer.Write(v); err != nil {
k.Buffer.Truncate(0)
return err
}
}
}