Initial code commit
This commit is contained in:
Warezpeddler
86
internal/ssh/keygen.go
Normal file
86
internal/ssh/keygen.go
Normal file
@@ -0,0 +1,86 @@
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
type KeyPair struct {
|
||||
PrivateKey []byte
|
||||
PublicKey []byte
|
||||
Passphrase string
|
||||
}
|
||||
|
||||
func GenerateKeyPair(passphrase string) (*KeyPair, error) {
|
||||
if passphrase == "" {
|
||||
var err error
|
||||
passphrase, err = GenerateSecurePassphrase(32)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to generate passphrase: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Create temporary directory for key generation
|
||||
tmpDir, err := os.MkdirTemp("", "sslh-lab-keygen-*")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to create temp directory: %w", err)
|
||||
}
|
||||
defer os.RemoveAll(tmpDir)
|
||||
|
||||
tmpKeyPath := filepath.Join(tmpDir, "id_ed25519")
|
||||
|
||||
// Use ssh-keygen to generate OpenSSH format key with passphrase
|
||||
cmd := exec.Command("ssh-keygen", "-t", "ed25519", "-f", tmpKeyPath, "-N", passphrase, "-C", "sslh-lab-generated")
|
||||
cmd.Stderr = os.Stderr
|
||||
if err := cmd.Run(); err != nil {
|
||||
return nil, fmt.Errorf("failed to generate SSH key with ssh-keygen: %w", err)
|
||||
}
|
||||
|
||||
// Read the generated private key
|
||||
privateKeyBytes, err := os.ReadFile(tmpKeyPath)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read generated private key: %w", err)
|
||||
}
|
||||
|
||||
// Read the generated public key
|
||||
publicKeyBytes, err := os.ReadFile(tmpKeyPath + ".pub")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read generated public key: %w", err)
|
||||
}
|
||||
|
||||
return &KeyPair{
|
||||
PrivateKey: privateKeyBytes,
|
||||
PublicKey: publicKeyBytes,
|
||||
Passphrase: passphrase,
|
||||
}, nil
|
||||
}
|
||||
|
||||
func SaveKeyPair(keyPair *KeyPair, outputDir string) (string, string, error) {
|
||||
if err := os.MkdirAll(outputDir, 0700); err != nil {
|
||||
return "", "", fmt.Errorf("failed to create output directory: %w", err)
|
||||
}
|
||||
|
||||
privateKeyPath := filepath.Join(outputDir, "id_ed25519")
|
||||
publicKeyPath := filepath.Join(outputDir, "id_ed25519.pub")
|
||||
|
||||
if err := os.WriteFile(privateKeyPath, keyPair.PrivateKey, 0600); err != nil {
|
||||
return "", "", fmt.Errorf("failed to write private key: %w", err)
|
||||
}
|
||||
|
||||
if err := os.WriteFile(publicKeyPath, keyPair.PublicKey, 0644); err != nil {
|
||||
return "", "", fmt.Errorf("failed to write public key: %w", err)
|
||||
}
|
||||
|
||||
return privateKeyPath, publicKeyPath, nil
|
||||
}
|
||||
|
||||
func LoadPublicKey(publicKeyPath string) (string, error) {
|
||||
publicKeyBytes, err := os.ReadFile(publicKeyPath)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to read public key file: %w", err)
|
||||
}
|
||||
|
||||
return string(publicKeyBytes), nil
|
||||
}
|
||||
68
internal/ssh/passphrase.go
Normal file
68
internal/ssh/passphrase.go
Normal file
@@ -0,0 +1,68 @@
|
||||
package ssh
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"fmt"
|
||||
"math/big"
|
||||
)
|
||||
|
||||
const (
|
||||
lowercaseChars = "abcdefghijklmnopqrstuvwxyz"
|
||||
uppercaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||||
digitChars = "0123456789"
|
||||
// Exclude shell-problematic characters: $ ` \ " '
|
||||
// $ causes variable expansion, ` is command substitution, \ is escape, " and ' are quotes
|
||||
// These can cause issues when used in shell commands or when copying from terminal
|
||||
specialChars = "!@#%^&*()_+-=[]{}|;:,.<>?"
|
||||
allChars = lowercaseChars + uppercaseChars + digitChars + specialChars
|
||||
)
|
||||
|
||||
func GenerateSecurePassphrase(length int) (string, error) {
|
||||
if length < 32 {
|
||||
length = 32
|
||||
}
|
||||
|
||||
passphrase := make([]byte, length)
|
||||
|
||||
for i := 0; i < length; i++ {
|
||||
idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(allChars))))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to generate random character: %w", err)
|
||||
}
|
||||
passphrase[i] = allChars[idx.Int64()]
|
||||
}
|
||||
|
||||
passphraseStr := string(passphrase)
|
||||
|
||||
if err := validatePassphrase(passphraseStr); err != nil {
|
||||
return "", fmt.Errorf("generated passphrase failed validation: %w", err)
|
||||
}
|
||||
|
||||
return passphraseStr, nil
|
||||
}
|
||||
|
||||
func validatePassphrase(passphrase string) error {
|
||||
hasLower := false
|
||||
hasUpper := false
|
||||
hasDigit := false
|
||||
hasSpecial := false
|
||||
|
||||
for _, char := range passphrase {
|
||||
switch {
|
||||
case 'a' <= char && char <= 'z':
|
||||
hasLower = true
|
||||
case 'A' <= char && char <= 'Z':
|
||||
hasUpper = true
|
||||
case '0' <= char && char <= '9':
|
||||
hasDigit = true
|
||||
default:
|
||||
hasSpecial = true
|
||||
}
|
||||
}
|
||||
|
||||
if !hasLower || !hasUpper || !hasDigit || !hasSpecial {
|
||||
return fmt.Errorf("passphrase must contain at least one lowercase, uppercase, digit, and special character")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user