yeah so as a temporary measure, i'm using ssh-keygen for now.

but i'll need to natively incorporate it still.
2021-07-03 23:01:58 -04:00
parent d7ffbea913
commit 7f98e7aa15
9 changed files with 323 additions and 19 deletions
--- a/dh/func_gen.go
+++ b/dh/func_gen.go
@@ -18,6 +18,17 @@

 package dh

+import (
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"strings"
+
+	"github.com/Masterminds/semver"
+	"r00t2.io/sshsecure/moduli"
+	"r00t2.io/sshsecure/utils"
+)
+
 /*
 	OpenSSH does prime generation and primality checking a *little* weird.

@@ -35,4 +46,129 @@ package dh
 	And that's why I'm a sad panda and porting moduli.c to native Golang.
 */

-func SieveLarge()
+// Generate builds a slice of moduli.Entry entries.
+// TODO: DO THIS NATIVELY. Idealy with goroutines and a channel? buffer? for the primes and sieving.
+func Generate() (moduliEntries []moduli.Entry, err error) {
+
+	var outFile *os.File
+	var filteredFile string
+	var raw []byte
+	var m *moduli.Moduli = new(moduli.Moduli)
+
+	if outFile, err = genPrimes(); err != nil {
+		return
+	}
+
+	if filteredFile, err = sieve(outFile); err != nil {
+		return
+	}
+
+	if raw, err = ioutil.ReadFile(filteredFile); err != nil {
+		return
+	}
+
+	if err = moduli.Unmarshal(raw, m); err != nil {
+		return
+	}
+
+	moduliEntries = m.Groups
+
+	return
+}
+
+// genPrimes builds a slice of acceptable primes for sieve.
+// TODO: DO THIS NATIVELY.
+func genPrimes() (outFile *os.File, err error) {
+
+	var cmdStr []string = []string{"ssh-keygen", "-q"}
+	var cmdStr2 []string
+	var cmd *exec.Cmd
+	var sshVer utils.SshVerInfo
+	// These are various versions we need to compare against for determining features.
+	var ver81 *semver.Version
+
+	if outFile, err = ioutil.TempFile("", ".SSHSecure.moduli.*"); err != nil {
+		return
+	}
+	if err = outFile.Close(); err != nil {
+		return
+	}
+	if err = os.Remove(outFile.Name()); err != nil {
+		return
+	}
+
+	if sshVer, err = utils.GetSshVer(""); err != nil {
+		return
+	}
+
+	// They changed the command syntax/options in 8.1. We need to determine if we're at or above that version or not.
+	if ver81, err = semver.NewVersion("8.1.0"); err != nil {
+		return
+	}
+
+	if sshVer.SemVer.Compare(ver81) >= 0 {
+		cmdStr2 = []string{
+			"-M", "generate",
+			"-O", "bits=4096",
+			outFile.Name(),
+		}
+	} else {
+		cmdStr2 = []string{
+			"-b", "4096",
+			"-G", outFile.Name(),
+		}
+	}
+	cmdStr = append(cmdStr, cmdStr2...)
+
+	cmd = exec.Command(cmdStr[0], strings.Join(cmdStr[1:], " "))
+	if err = cmd.Run(); err != nil {
+		return
+	}
+
+	return
+}
+
+// sieve filters out unsuitable primes. See #1 and #2 in the comments at the top of this file.
+// TODO: DO THIS NATIVELY.
+func sieve(inFile *os.File) (newFile string, err error) {
+
+	var cmdStr []string = []string{"ssh-keygen", "-q"}
+	var cmdStr2 []string
+	var cmd *exec.Cmd
+	var sshVer utils.SshVerInfo
+	// These are various versions we need to compare against for determining features.
+	var ver81 *semver.Version
+
+	if sshVer, err = utils.GetSshVer(""); err != nil {
+		return
+	}
+
+	newFile = inFile.Name() + ".filtered"
+
+	// They changed the command syntax/options in 8.1. We need to determine if we're at or above that version or not.
+	if ver81, err = semver.NewVersion("8.1.0"); err != nil {
+		return
+	}
+
+	if sshVer.SemVer.Compare(ver81) >= 0 {
+		cmdStr2 = []string{
+			"-M", "screen",
+			"-O", "bits=4096",
+			"-f", inFile.Name(),
+			newFile,
+		}
+	} else {
+		cmdStr2 = []string{
+			"-T", newFile,
+			"-f", inFile.Name(),
+		}
+	}
+	cmdStr = append(cmdStr, cmdStr2...)
+
+	cmd = exec.Command(cmdStr[0], strings.Join(cmdStr[1:], " "))
+	if err = cmd.Run(); err != nil {
+		return
+	}
+
+	return
+}