all the directives are copied in with their types. working on validators now.

sshkeys/const.go

@@ -43,7 +43,7 @@ const (
 	CipherAes256Ctr string = "aes256-ctr"
 )
 
-var allowed_ciphers = [...]string{CipherNull, CipherAes256Ctr}
+var allowedCiphers = [...]string{CipherNull, CipherAes256Ctr}
 
 // Key types.
 const (
@@ -51,7 +51,7 @@ const (
 	KeyRsa     string = "ssh-rsa"
 )
 
-var allowed_keytypes = [...]string{KeyEd25519, KeyRsa}
+var allowedKeytypes = [...]string{KeyEd25519, KeyRsa}
 
 // KDF names. I believe only bcrypt is supported upstream currently.
 const (
@@ -59,7 +59,7 @@ const (
 	KdfBcrypt string = "bcrypt"
 )
 
-var allowed_kdfnames = [...]string{KdfNull, KdfBcrypt}
+var allowedKdfnames = [...]string{KdfNull, KdfBcrypt}
 
 // Key lengths.
 const (

sshkeys/crypt.go

@@ -1,12 +1,30 @@
+/*
+   SSHSecure - a program to harden OpenSSH from defaults
+   Copyright (C) 2020  Brent Saner
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation, either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
 package sshkeys
 
 import (
-	`crypto/aes`
-	`crypto/cipher`
-	`errors`
+	"crypto/aes"
+	"crypto/cipher"
+	"errors"
 
 	// `golang.org/x/crypto/ssh/internal/bcrypt_pbkdf` Golang doesn't let you import "internal" libs. Fine. Lame language.
-	`github.com/dchest/bcrypt_pbkdf`
+	"github.com/dchest/bcrypt_pbkdf"
 )
 
 func (k *EncryptedSSHKeyV1) setCrypt() error {
@@ -22,6 +40,7 @@ func (k *EncryptedSSHKeyV1) setCrypt() error {
 }
 
 func (k *EncryptedSSHKeyV1) setCipher() error {
+	var err error
 	switch k.CipherName {
 	case CipherAes256Ctr:
 		if k.Crypt.Cipher, err = aes.NewCipher(k.Crypt.PrivateKey); err != nil {
@@ -37,14 +56,15 @@ func (k *EncryptedSSHKeyV1) setCipher() error {
 }
 
 func (k *EncryptedSSHKeyV1) setKDF() error {
+	var err error
 	// Upstream only currently supports bcrypt_pbkdf ("bcrypt").
 	// This should always eval to true, but is here for future planning in case other KDF are implemented.
 	switch k.KDFName {
 	case KdfBcrypt:
 		if k.Crypt.CryptKey, err = bcrypt_pbkdf.Key(k.Passphrase,
-													k.KDFOpts.Salt,
-													int(k.KDFOpts.Rounds),
-													kdfKeyLen + len(k.KDFOpts.Salt),
+			k.KDFOpts.Salt,
+			int(k.KDFOpts.Rounds),
+			kdfKeyLen+len(k.KDFOpts.Salt),
 		); err != nil {
 			return err
 		} else {
@@ -54,4 +74,5 @@ func (k *EncryptedSSHKeyV1) setKDF() error {
 	default:
 		return errors.New("could not find KDF")
 	}
-}
+	return nil
+}

sshkeys/func.go

@@ -22,7 +22,6 @@ import (
 	"bytes"
 	"crypto/rand"
 	"errors"
-	"fmt"
 
 	"r00t2.io/sshsecure/sharedconsts"
 )
@@ -34,19 +33,19 @@ func (k *EncryptedSSHKeyV1) validate() error {
 	var validCipher bool
 	var validKDF bool
 	var validKT bool
-	for _, v := range allowed_ciphers {
+	for _, v := range allowedCiphers {
 		if v == k.CipherName {
 			validCipher = true
 			break
 		}
 	}
-	for _, v := range allowed_kdfnames {
+	for _, v := range allowedKdfnames {
 		if v == k.KDFName {
 			validKDF = true
 			break
 		}
 	}
-	for _, v := range allowed_keytypes {
+	for _, v := range allowedKeytypes {
 		if v == k.DefKeyType {
 			validKT = true
 		}
@@ -107,7 +106,7 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
 		return errors.New("unknown key type; could not generate private/public keypair")
 	}
 	k.Keys = append(k.Keys, pk)
-	// We also need an encrypter/decrypter since this is an encrypted key.
+	// We also need an encryptor/decryptor since this is an encrypted key.
 	if err := k.setCrypt(); err != nil {
 		return err
 	}
@@ -120,7 +119,7 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
 
 func (k *SSHKeyV1) validate() error {
 	var validKT bool
-	for _, v := range allowed_keytypes {
+	for _, v := range allowedKeytypes {
 		if v == k.DefKeyType {
 			validKT = true
 		}
@@ -143,7 +142,7 @@ func (k *SSHKeyV1) Generate(force bool) error {
 	// Currently, OpenSSH has an option for multiple private keys. However, it is hardcoded to 1.
 	// If multiple key support is added in the future, will need to re-tool how I do this, perhaps, in the future. TODO.
 	pk := SSHPrivKey{
-		Comment: fmt.Sprintf("Autogenerated via SSHSecure (%v)", projUrl),
+		Comment: sharedconsts.IDCmnt,
 	}
 	pk.Checksum = make([]byte, 4)
 	if _, err := rand.Read(pk.Checksum); err != nil {

sshkeys/main.go

@@ -1,23 +0,0 @@
-/*
-   SSHSecure - a program to harden OpenSSH from defaults
-   Copyright (C) 2020  Brent Saner
-
-   This program is free software: you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation, either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <https://www.gnu.org/licenses/>.
-*/
-
-package sshkeys
-
-func main() {
-
-}