r00t2/SSHSecure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

all the directives are copied in with their types. working on validators now.

Browse Source
This commit is contained in:
brent s.
2020-09-27 03:23:58 -04:00
parent c22786204a
commit 4b912a8dae
21 changed files with 859 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
sshkeys/crypt.go
View File

@@ -1,12 +1,30 @@
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package sshkeys
import (
`crypto/aes`
`crypto/cipher`
`errors`
"crypto/aes"
"crypto/cipher"
"errors"
// `golang.org/x/crypto/ssh/internal/bcrypt_pbkdf` Golang doesn't let you import "internal" libs. Fine. Lame language.
`github.com/dchest/bcrypt_pbkdf`
"github.com/dchest/bcrypt_pbkdf"
)
func (k *EncryptedSSHKeyV1) setCrypt() error {
@@ -22,6 +40,7 @@ func (k *EncryptedSSHKeyV1) setCrypt() error {
}
func (k *EncryptedSSHKeyV1) setCipher() error {
var err error
switch k.CipherName {
case CipherAes256Ctr:
if k.Crypt.Cipher, err = aes.NewCipher(k.Crypt.PrivateKey); err != nil {
@@ -37,14 +56,15 @@ func (k *EncryptedSSHKeyV1) setCipher() error {
}
func (k *EncryptedSSHKeyV1) setKDF() error {
var err error
// Upstream only currently supports bcrypt_pbkdf ("bcrypt").
// This should always eval to true, but is here for future planning in case other KDF are implemented.
switch k.KDFName {
case KdfBcrypt:
if k.Crypt.CryptKey, err = bcrypt_pbkdf.Key(k.Passphrase,
k.KDFOpts.Salt,
int(k.KDFOpts.Rounds),
kdfKeyLen + len(k.KDFOpts.Salt),
k.KDFOpts.Salt,
int(k.KDFOpts.Rounds),
kdfKeyLen+len(k.KDFOpts.Salt),
); err != nil {
return err
} else {
@@ -54,4 +74,5 @@ func (k *EncryptedSSHKeyV1) setKDF() error {
default:
return errors.New("could not find KDF")
}
}
return nil
}