2020-09-18 18:01:16 -04:00
|
|
|
|
/*
|
|
|
|
|
SSHSecure - a program to harden OpenSSH from defaults
|
|
|
|
|
Copyright (C) 2020 Brent Saner
|
|
|
|
|
|
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
|
*/
|
|
|
|
|
|
2020-09-18 04:04:39 -04:00
|
|
|
|
package moduli
|
2020-09-24 04:38:29 -04:00
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"math/big"
|
|
|
|
|
"time"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Moduli contains all data needed for generated /etc/ssh/moduli. of ModuliEntry entries.
|
|
|
|
|
type Moduli struct {
|
|
|
|
|
Header string
|
|
|
|
|
Params []ModuliEntry
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Moduli is a struct reflecting the format of a single /etc/ssh/moduli entry. See moduli(5) for details.
|
|
|
|
|
type ModuliEntry struct {
|
|
|
|
|
Time time.Time // YYYYMMDDHHSS
|
|
|
|
|
/*
|
|
|
|
|
// man 5 moduli:
|
|
|
|
|
Decimal number specifying the internal structure of the prime modulus. Supported types are:
|
|
|
|
|
0 Unknown, not tested.
|
|
|
|
|
2 "Safe" prime; (p-1)/2 is also prime.
|
|
|
|
|
4 Sophie Germain; 2p+1 is also prime.
|
|
|
|
|
Moduli candidates initially produced by ssh-keygen(1) are Sophie Germain primes (type 4).
|
|
|
|
|
Further primality testing with ssh-keygen(1) produces safe prime moduli (type 2) that are ready for use in sshd(8).
|
|
|
|
|
Other types are not used by OpenSSH.
|
|
|
|
|
*/
|
|
|
|
|
Type uint8
|
|
|
|
|
/*
|
|
|
|
|
// man 5 moduli:
|
|
|
|
|
Decimal number indicating the type of primality tests that the number has been
|
|
|
|
|
subjected to represented as a bitmask of the following values:
|
|
|
|
|
0x00 Not tested.
|
|
|
|
|
0x01 Composite number – not prime.
|
|
|
|
|
0x02 Sieve of Eratosthenes.
|
|
|
|
|
0x04 Probabilistic Miller-Rabin primality tests.
|
|
|
|
|
The ssh-keygen(1) moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02).
|
|
|
|
|
Subsequent ssh-keygen(1) primality tests are Miller-Rabin tests (flag 0x04).
|
|
|
|
|
*/
|
|
|
|
|
Tests uint8
|
|
|
|
|
/*
|
|
|
|
|
// man 5 moduli:
|
|
|
|
|
Decimal number indicating the number of primality trials that have been performed on the modulus.
|
|
|
|
|
*/
|
|
|
|
|
Trials uint8
|
|
|
|
|
/*
|
|
|
|
|
// man 5 moduli:
|
|
|
|
|
Decimal number indicating the size of the prime in bits.
|
|
|
|
|
*/
|
|
|
|
|
Size uint8
|
|
|
|
|
/*
|
|
|
|
|
// man 5 moduli:
|
|
|
|
|
The recommended generator for use with this modulus (hexadecimal).
|
|
|
|
|
*/
|
|
|
|
|
Generator uint8
|
|
|
|
|
/*
|
|
|
|
|
// man 5 moduli:
|
|
|
|
|
The modulus itself in hexadecimal.
|
|
|
|
|
*/
|
|
|
|
|
Modulus big.Int
|
|
|
|
|
}
|