need to finish dh stuff still.

2021-07-03 03:58:06 -04:00 · 2021-07-03 03:58:06 -04:00 · d7ffbea913
parent 4eb554aa38
commit d7ffbea913
5 changed files with 64 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -33,17 +33,19 @@ the default configuration and keys used may not be the strongest they can be (an
 This software will harden your OpenSSH security as much as possible to currently known weaknesses.

 ## How?
-This program will generate/replace:
+This program will generate/modify and replace:

- * your hostkeys (typically `/etc/ssh/ssh_host_*_key*`)
- * the client keys (`~/.ssh/id_*`) for the running user
- * your `sshd` (server) configuration (typically `/etc/ssh/sshd_config`)
- * your system-wide `ssh` (client) configuration (typically `/etc/ssh/ssh_config`)
- * the `ssh` (client) configuration for the running user (`~/.ssh/config`)
- * the SSH DH parameters (typically `/etc/ssh/moduli`)
+ * Your hostkeys (typically `/etc/ssh/ssh_host_*_key*`)
+ * The client keys (`~/.ssh/id_*`) for the running user
+ * Your `sshd` (server) configuration (typically `/etc/ssh/sshd_config`)
+ * Your system-wide `ssh` (client) configuration (typically `/etc/ssh/ssh_config`)
+ * The `ssh` (client) configuration for the running user (`~/.ssh/config`)
+ * The SSH DH parameters (typically `/etc/ssh/moduli`)

 with much stronger implementations from typical/upstream defaults.

+Any and all pre-existing files are backed up before being replaced.
+
 It takes the recommendations from _[Secure Secure Shell](https://stribika.github.io/2015/01/04/secure-secure-shell.html)_ (and perhaps other sources) and automatically applies
 them.
 
@ -67,11 +69,18 @@ running already).
 ## FAQ

 ### Why a binary?
-I originally wrote this as a python script. However, some machines don't have the python 
+I originally wrote this as a Python script. However, some machines don't have the Python 
 interpreter installed and due to the lack of low-level access, I ended up making a lot 
 of calls to the shell anyways.
 
-I wrote it in Golang so the source would be easily read for auditing purposes.
+I wrote it in Golang because:
+
+* The source would be easily read for auditing purposes
+* Golang is, admittedly, incredibly faster at some tasks than Python
+* Multiprocessing/multithreading is *incredibly* more simple in Golang than Python
+* Building widely-deployable binaries is easier in Golang than C or C++
+
+As much as I like Python, Golang should offer significant improvements.

 ### How can I contact you?
 You can either [file a bug](https://bugs.square-r00t.net/index.php?do=newtask&project=15) 
--- a/dh/README
+++ b/dh/README
@ -1,6 +1,11 @@
-The functions found in this sub-component are ported almost directly from the
-openssh-portable[0]'s `moduli.c`[1] code (with, of course, changes made where
-appropriate to match and take advantage of Golang).
+THIS SUBMODULE IS INCOMPLETE. DO NOT USE IT.
+It technically is not necessary as upstream offers generated parameters.
+Theoretically as long as we filter anything 2048 bits and lower, it should be fine.
+
+The functions, etc. (even a significant amount of the comments) found in this
+sub-component are ported almost directly from the openssh-portable[0]'s
+`moduli.c`[1] code (with, of course, changes made where appropriate to match
+and take advantage of Golang and its patterns).

 The OpenBSD and OpenSSH(-portable) teams have my gratitude.

--- a/dh/const.go
+++ b/dh/const.go
@ -1,5 +1,9 @@
 package dh

+import (
+	"math/big"
+)
+
 const (
 	// QSizeMinimum Specifies the number of the most significant bit (0 to M).
 	// WARNING: internally, usually 1 to N.
@ -7,9 +11,9 @@ const (

 	// Prime sieving constants
 	// Assuming 8 bit bytes and 32 bit words.
-	ShiftBit = 3
-	ShiftByte = 2
-	ShiftWord = ShiftBit + ShiftByte
+	ShiftBit      = 3
+	ShiftByte     = 2
+	ShiftWord     = ShiftBit + ShiftByte
 	ShiftMegabyte = 20
 	ShiftMegaWord = ShiftMegabyte - ShiftBit

@ -25,8 +29,33 @@ const (
 	// Ensure enough bit space for testing 2*q.
 	TestMaximum = uint32(1) << 16
 	TestMinimum = QSizeMinimum + 1 // (uint32(1) << (ShiftWord - TestPower))
-	TestPower = 3 // 2**n, n < ShiftWord
+	TestPower   = 3                // 2**n, n < ShiftWord
+	// Minimum number of primality tests to perform
+	TrialMinimum = 4
 )

-var (
+type (
+
+	/*
+		Sieving data (XXX - move to struct)
+	*/
+
+	// sieve 2**16
+	TinySieve *uint32
+	tinybits  uint32
+
+	// sieve 2**30 in 2**16 parts
+	SmallSieve *uint32
+	smallbits  uint32
+	smallbase  uint32
+
+	// sieve relative to the initial value
+	LargeSieve   *uint32
+	largewords   uint32
+	largetries   uint32
+	largenumbers uint32
+	largebits    uint32 // Megabytes..
+	largememory  uint32 // ""
+
+	largebase big.Int
 )
--- a/dh/func_gen.go
+++ b/dh/func_gen.go
@ -34,3 +34,5 @@ package dh

 	And that's why I'm a sad panda and porting moduli.c to native Golang.
 */
+
+func SieveLarge()
--- a/dh/func_utils.go
+++ b/dh/func_utils.go
@ -50,3 +50,5 @@ func BitTest(a []uint32, n uint32) (i uint32) {

 	return
 }
+
+// The qfileout function is replaced by a moduli.Entry method Write.