r00t2/SSHSecure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

updating refs, finished key gen buffer

Browse Source
This commit is contained in:
brent s.
2020-09-21 01:43:22 -04:00
parent 382aaffa39
commit b80b823c02
15 changed files with 567 additions and 550 deletions
Download Patch File Download Diff File Expand all files Collapse all files

272
sshkeys/func.go
View File

@@ -19,14 +19,10 @@
package sshkeys
import (
"crypto/aes"
"crypto/cipher"
`bytes`
"crypto/rand"
"errors"
"fmt"
// `golang.org/x/crypto/ssh/internal/bcrypt_pbkdf` Golang doesn't let you import "internal" libs. Fine. Lame language.
"github.com/dchest/bcrypt_pbkdf"
)
func (k *EncryptedSSHKeyV1) validate() error {
@@ -86,7 +82,6 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
}
if k.DefKeyType == KeyEd25519 {
k.KeySize = keyEd25519
k.BlockSize = blockEd25519
}
// Currently, OpenSSH has an option for multiple private keys. However, it is hardcoded to 1.
// If multiple key support is added in the future, will need to re-tool how I do this, perhaps, in the future. TODO.
@@ -111,31 +106,13 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
}
k.Keys = append(k.Keys, pk)
// We also need an encrypter/decrypter since this is an encrypted key.
// Upstream only currently supports bcrypt_pbkdf ("bcrypt").
// This should always eval to true, but is here for future planning in case other KDF are implemented.
switch k.KDFName {
case KdfBcrypt:
if k.Crypt.CryptKey, err = bcrypt_pbkdf.Key(k.Passphrase, k.KDFOpts.Salt, int(k.KDFOpts.Rounds), kdfKeyLen+len(k.KDFOpts.Salt)); err != nil {
return err
} else {
k.Crypt.PrivateKey = k.Crypt.CryptKey[0:kdfSplit]
k.Crypt.CryptSalt = k.Crypt.CryptKey[kdfSplit:]
}
default:
return errors.New("could not find KDF")
if err := k.setCrypt(); err != nil {
return err
}
switch k.CipherName {
case CipherAes256Ctr:
if k.Crypt.Cipher, err = aes.NewCipher(k.Crypt.PrivateKey); err != nil {
return err
} else {
k.Crypt.Stream = cipher.NewCTR(k.Crypt.Cipher, k.Crypt.CryptSalt)
// Can then be used as k.Crypt.Stream.XORKeyStream(dst []byte, src []byte)
}
default:
return errors.New("could not find Cipher")
// And then we need to build the key buffer.
if err := k.buildKeybuf(); err != nil {
return err
}
k.build()
return nil
}
@@ -158,7 +135,6 @@ func (k *SSHKeyV1) Generate(force bool) error {
}
if k.DefKeyType == KeyEd25519 {
k.KeySize = keyEd25519
k.BlockSize = blockEd25519
}
k.CipherName = CipherNull
k.KDFName = KdfNull
@@ -184,34 +160,232 @@ func (k *SSHKeyV1) Generate(force bool) error {
return errors.New("unknown key type; could not generate private/public keypair")
}
k.Keys = append(k.Keys, pk)
k.build()
if err := k.buildKeybuf(); err != nil {
return err
}
return nil
}
func (k *SSHKeyV1) build() error {
// We actually assemble the key buffer here. Translation to bytes where needed, case switches (ED25519 vs. RSA), etc.
k.Buffer.Truncate(0)
// First we need to do some prep for the common header.
kdfOptsBytes := []byte{}
switch k.(type) {
case EncryptedSSHKeyV1:
kdfOptsBytes = append(kdfOptsBytes, byte(len(k.KDFOpts.Salt)))
// buildKeybuf is where an EncryptedSSHKeyV1 key buffer is actually assembled.
// Entries are commented with their annotated reference.
// (see ref/(encrypted|plain)/(public|private).(rsa|ed25519) and ref/format.(ed25519|rsa) for details)
func (k *EncryptedSSHKeyV1) buildKeybuf() error {
// TODO: error handling for each <buf>.Write()?
// Before anything, we want a clean buffer. Just in case.
k.Buffer.Reset()
// Add the common header.
if err := k.addHeader(); err != nil {
return err
}
// For this, we can use a generic list and sequentially write.
cipher := []byte(k.CipherName)
kdf := []byte(k.KDFName)
// Add the keypairs.
// Since this is encrypted, the private key blobs are encrypted.
// OpenSSH keys currently only support 1 keypair but support more *in theory*. This *seems* to be how they plan on doing it.
// But boy, is it a pain. So much wasted RAM and CPU cycles. They should use terminating byte sequences IMHO but whatever.
for _, i := range k.Keys { // 4.0.0 and 4.0.1
switch k.CipherName {
case CipherAes256Ctr:
i.BlockSize = k.Crypt.Cipher.BlockSize()
}
kbPtr, err := i.keyBlob(&k.Crypt, true)
if err != nil {
return err
}
k.Buffer.Write(*kbPtr)
}
return nil
}
// buildKeybuf is where an SSHKeyV1 key buffer is actually assembled.
// Entries are commented with their annotated reference.
// (see ref/(encrypted|plain)/(public|private).(rsa|ed25519) and ref/format.(ed25519|rsa) for details)
func (k *SSHKeyV1) buildKeybuf() error {
// TODO: error handling for each <buf>.Write()?
// Before anything, we want a clean buffer. Just in case.
k.Buffer.Reset()
// Add the common header.
if err := k.addHeader(); err != nil {
return err
}
// Add the keypairs.
// OpenSSH keys currently only support 1 keypair but support more *in theory*. This *seems* to be how they plan on doing it.
// But boy, is it a pain. So much wasted RAM and CPU cycles. They should use terminating byte sequences IMHO but whatever.
for _, i := range k.Keys { // 4.0.0 and 4.0.1
i.BlockSize = 8
kbPtr, err := i.keyBlob(nil, false)
if err != nil {
return err
}
k.Buffer.Write(*kbPtr)
}
return nil
}
func (k *SSHKeyV1) addHeader() error {
// TODO: error handling for each <buf>.Write()?
// First we need to do some prep for the plaintext header.
var kdfOptsBytes []byte
kdfOptsBytes = k.getKdfOptBytes() // 3.0.0
cipherBytes := []byte(k.CipherName) // 1.0
kdf := []byte(k.KDFName) // 2.0.0
// This is just cast to an array for visual readability.
commonHeader := [][]byte{
[]byte(KeyV1Magic + "\x00"),
{byte(len(cipher))},
cipher,
{byte(len(kdf))},
kdf,
[]byte(KeyV1Magic + "\x00"), // 0
getBytelenByteArr(cipherBytes), // 1.0
cipherBytes, // 1.0.0
getBytelenByteArr(kdf), // 2.0
kdf, // 2.0.0
getBytelenByteArr(kdfOptsBytes), // 3.0
kdfOptsBytes, // 3.0.0
getByteInt(len(k.Keys)), // 4.0
}
for _, v := range commonHeader {
if _, err := k.Buffer.Write(v); err != nil {
k.Buffer.Truncate(0)
return err
}
}
return nil
}
func (k *EncryptedSSHKeyV1) getKdfOptBytes() []byte {
var kdfOptsBytes []byte // 3.0.0
// This is *probably* more efficient than using a buffer just for these bytes.
kdfOptsBytes = append(kdfOptsBytes, byte(len(k.KDFOpts.Salt))) // 3.0.0.0
kdfOptsBytes = append(kdfOptsBytes, k.KDFOpts.Salt...) // 3.0.0.0.0
kdfOptsBytes = append(kdfOptsBytes, byte(k.KDFOpts.Rounds)) // 3.0.0.1
return kdfOptsBytes
}
func (k *SSHKeyV1) getKdfOptBytes() []byte {
var kdfOptsBytes []byte // 3.0.0
// No-op; unencrypted keys' KDFOpts are encapsulated by a single null byte (which the caller implements).
return kdfOptsBytes
}
func (pk *SSHPrivKey) keyBlob(c *SSHCrypt, encrypt bool) (*[]byte, error) {
// TODO: error handling for each <buf>.Write()?
var keypairBytes bytes.Buffer // (4.0's children)
var pubkeyBytes bytes.Buffer // 4.0.0 children (4.0.0 itself is handled before writing to keypairBytes)
var privkeyBytes bytes.Buffer // 4.0.1 (and children)
pubkeyName := []byte(pk.PublicKey.KeyType) // (4.0.0.0.0, cast to var because I'm lazy)
pubkeyBytes.Write(getBytelenByteArr(pubkeyName)) // 4.0.0.0
pubkeyBytes.Write(pubkeyName) // 4.0.0.0.0
// TODO: Optimize?
/*
THE PUBLIC KEY
This is unencrypted, even if it's an encrypted key.
*/
switch pk.PublicKey.KeyType {
case KeyEd25519:
pubkeyBytes.Write(getBytelenByteArr(pk.PublicKey.Key.([]byte))) // 4.0.0.1
pubkeyBytes.Write(pk.PublicKey.Key.([]byte)) // 4.0.0.1.0
case KeyRsa:
// How messy.
var en bytes.Buffer // 4.0.0.1 and 4.0.0.2
// TODO: does e need getByteInt()?
e := pk.PublicKey.Key.E.Bytes() // 4.0.0.1.0
// TODO: does n need nullbyte prefix?
n := pk.PublicKey.Key.N.Bytes() // 4.0.0.2.0
en.Write(getBytelenByteArr(e)) // 4.0.0.1
en.Write(e) // 4.0.0.1.0
en.Write(getBytelenByteArr(n)) // 4.0.0.2
en.Write(n) // 4.0.0.2.0
pubkeyBytes.Write(getBytelenByteArr(en.Bytes())) // 4.0.0
if _, err := en.WriteTo(&pubkeyBytes); err != nil { // (4.0.0 children)
return nil, err
}
}
/*
THE PRIVATE KEY
This is encrypted if it's an encrypted key, otherwise it's just plain readable bytes.
*/
// First we need two checksums.
for i := 1; i <= 2; i++ {
privkeyBytes.Write(pk.Checksum) // 4.0.1.0 and 4.0.1.1
}
// And then add the public keys. Yes, the public keys are included in the private keys.
privkeyBytes.Write(getBytelenByteArr(pubkeyName)) // 4.0.1.2.0
privkeyBytes.Write(pubkeyName) // 4.0.1.2.0.0
switch pk.PublicKey.KeyType {
case KeyEd25519:
// This is easy.
privkeyBytes.Write(pubkeyBytes.Bytes()) // 4.0.1.2.1
if _, err := pubkeyBytes.WriteTo(&privkeyBytes); err != nil { // 4.0.1.2.1.0
return nil, err
}
case KeyRsa:
// This is not. We more or less have to do the same thing as the public key, BUT with e and n flipped. Gorram it.
var ne bytes.Buffer // (4.0.1.2 children)
// TODO: does n need nullbyte prefix?
n := pk.PublicKey.Key.N.Bytes() // 4.0.1.2.1.0
// TODO: does e need getByteInt()?
e := pk.PublicKey.Key.E.Bytes() // 4.0.1.2.2.0
ne.Write(getBytelenByteArr(n)) // 4.0.1.2.1
ne.Write(n) // 4.0.1.2.1.0
ne.Write(getBytelenByteArr(e)) // 4.0.1.2.2
ne.Write(e) // 4.0.1.2.2.0
if _, err := ne.WriteTo(&privkeyBytes); err != nil { // (4.0.1.2 children)
return nil, err
}
}
// And then we add the *actual* private keys.
switch pk.PublicKey.KeyType {
case KeyEd25519:
privkeyBytes.Write(getBytelenByteArr(pk.KeyAlt)) // 4.0.1.3
privkeyBytes.Write(pk.KeyAlt) // 4.0.1.3.0
case KeyRsa:
var dcpq bytes.Buffer // 4.0.1.3 to 4.0.1.6
d := pk.Key.D.Bytes() // 4.0.1.3.0
crt := pk.Key.Precomputed.Qinv.Bytes() // 4.0.1.4.0
// TODO: does p need nullbyte prefix?
p := pk.Key.Primes[0].Bytes() // 4.0.1.5.0
// TODO: does q need nullbyte prefix?
q := pk.Key.Primes[1].Bytes() // 4.0.1.6.0
dcpq.Write(getBytelenByteArr(d)) // 4.0.1.3
dcpq.Write(d) // 4.0.1.3.0
dcpq.Write(getBytelenByteArr(crt)) // 4.0.1.4
dcpq.Write(crt) // 4.0.1.4.0
dcpq.Write(getBytelenByteArr(p)) // 4.0.1.5
dcpq.Write(p) // 4.0.1.5.0
dcpq.Write(getBytelenByteArr(q)) // 4.0.1.6
dcpq.Write(q) // 4.0.1.6.0
if _, err := dcpq.WriteTo(&privkeyBytes); err != nil { // 4.0.1.3 to 4.0.1.6
return nil, err
}
}
// Add the comment.
privkeyBytes.Write(getBytelenByteArr([]byte(pk.Comment))) // 4.0.1.4 (ED25519), 4.0.1.7 (RSA)
privkeyBytes.Write([]byte(pk.Comment)) // 4.0.1.4.0 (ED25519), 4.0.1.7.0 (RSA)
// Add padding
pad := 0
n := 0
for len(privkeyBytes.Bytes()) % pk.BlockSize != 0 { // 4.0.1.5 (ED25519), 4.0.1.8 (RSA)
n++
pad = n & pk.BlockSize
privkeyBytes.Write(getSingleByteInt(pad))
}
// Check if the private key should be encrypted or not.
if encrypt {
// We encrypt here to a "new" buffer.
// We actually just clear the buffer and then write the new encrypted data to it, and then clear the intermediate byte slice.
if c == nil || c.Stream == nil {
return nil, errors.New("if encrypting, you must specify a populated SSHCrypt in c")
}
var encBytes []byte
c.Stream.XORKeyStream(encBytes, privkeyBytes.Bytes())
privkeyBytes.Reset()
privkeyBytes.Write(encBytes)
encBytes = []byte{}
}
// Get the respective lengths and add child buffers to buffer.
keypairBytes.Write(getByteInt(len(pubkeyBytes.Bytes()))) // 4.0.0
if _, err := pubkeyBytes.WriteTo(&keypairBytes); err != nil { // (4.0.0 children)
return nil, err
}
keypairBytes.Write(getByteInt(len(privkeyBytes.Bytes()))) // 4.0.1
if _, err := privkeyBytes.WriteTo(&keypairBytes); err != nil { // (4.0.1 children)
return nil, err
}
// Done!
kpSlice := keypairBytes.Bytes()
return &kpSlice, nil
}