SSHSecure/sshkeys/ref/encrypted/parse_poc_rsa.go

207 lines
8.4 KiB
Go
Raw Permalink Normal View History

2020-09-18 18:01:16 -04:00
/*
SSHSecure - a program to harden OpenSSH from defaults
Copyright (C) 2020 Brent Saner
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
2020-09-17 14:13:22 -04:00
package main
import (
"crypto/aes"
"crypto/cipher"
"crypto/rsa"
"encoding/hex"
"fmt"
"github.com/dchest/bcrypt_pbkdf"
2020-09-17 14:13:22 -04:00
)
2020-09-21 01:43:22 -04:00
/*
Same key as private.rsa example.
2020-09-17 14:13:22 -04:00
*/
func main() {
const (
passphrase string = "test"
saltLen int = 16 // 3.0.0.0
rounds int = 100 // 3.0.0.1
keySize int = 4096
crtLen int = 256 // 4.0.1.4
dLen int = 512 // 4.0.1.3
e int = 65537 // 4.0.0.1
nLen int = 513 // 4.0.0.2
pLen int = 257 // 4.0.1.5
qLen int = 257 // 4.0.1.6
dataLen int = 1872 // 4.0.1
2020-09-17 14:13:22 -04:00
)
var salt []byte
var bcryptKey []byte
var crt []byte
var d []byte
var n []byte
var p []byte
var q []byte
2020-09-17 14:13:22 -04:00
var key rsa.PrivateKey
var decrypted []byte
var aesCtx cipher.Block
var encData []byte
crt = make([]byte, crtLen)
d = make([]byte, dLen)
n = make([]byte, nLen)
p = make([]byte, pLen)
q = make([]byte, qLen)
decrypted = make([]byte, dataLen)
encData = make([]byte, dataLen)
salt = make([]byte, saltLen)
2020-09-17 14:13:22 -04:00
// Import salt
if s, err := hex.DecodeString("07d4b07c0b128348916488008d6e130b"); err != nil {
fmt.Println(err)
return
} else {
salt = s
}
// Import encrypted data
if b, err := hex.DecodeString(
"966e2ce435242fef09787f6e8d93a563092e3f3bc986b44198c81e8049c5c944" +
"419effc0521401dc1ef5bc0e4d6aedeb7d05880bc3f731698b9bceeceae08e5e" +
"05f79f4d22de953c899c3271850e80e804f9b1a79bcec31bba11c08db60f9bd2" +
"206bc3d7bfef74895e4f4e3720649f924544f4a2cea5b9dfb9cc0a2bd8f3ba70" +
"f4ba2e7f42960465c9eade118630f9c832fe84ef548529979d0d6ea079f9d5c4" +
"0e396b098fc509448d26de3cb484b0334afacaba371b52c37c120a5623170c1d" +
"0a39348a151c9fb8aab1049f52cf0c08c77144af314259a90848f3dc62e5831f" +
"ac08720b1c813506f1db1e7940def52dc46c97d6363cda0ff7e2258e2637d2e0" +
"9f26099bbfeac78819198b78374d2424537fe549a2ab3dddaf5f7fdb739c3921" +
"064b04f6ffcfeb5544db533179038e11d0cc622992bc6d0600584d4068a2891d" +
"c748c9c16be32c2a08e96caa2ddec4ddd1a2ab3b018a0b0f166a15ac870a30c8" +
"0cc897dbf15af7e8c2915b3616f237a6646e43c665f7569a5ed1850ad8cd0540" +
"06d389568db55393e780e752ace8f06b70f1e99d86b9445d9c1a7a6476bcbf48" +
"4400a58e5a5a73d2c20d630a9985bbf4c691abb61ee4515aa64a727e7bac4a5e" +
"d7bb5f767c7dcf0035904231283d92445863702a995e792bde1d5ac7dd624898" +
"7b9fe4b0a6f1837ce4fbaa032ff4671a86be8c7e4f9be3718212ead0a6f1b429" +
"88863bf80af17a9814f1ffbed6c81e7f59de5b8c71b9f571fc556cc56aee22be" +
"1b57d48f8ca76a379847c67d0ceb43ead101355e541a57c254ae814f058a0361" +
"92f49d96236c88428e5f54dafefd1a5b8ca12d85cf3833d38d816c6e0e205143" +
"f33e353c471abc978d28d1ac89a724d5aab3e7c48015c5cd3a6f31c258cef131" +
"2574e692c6e495a2a8efbee785a9fe1c727379ea1fdc5b492a83a4aff7b3945a" +
"ef503a95dc52b21474172bb54054b106342f2bde6bc38ad166c1a5c6d88685b8" +
"067f529741b36991352d5df1291b9e3c746a71e2bda796fdddac29d0e2f3fadf" +
"d1f0fd33da75bc6151d3ee27f6199e76c3b9e872fb63b54ad78b0fbe2be84f10" +
"d7e48339c6e63364507074addc5a2bd8c4be5848c291bdb2740d3aa325c35039" +
"6ce28e086eecdd6256f48fb7947b84e85759b1c7e6dd91223e3f828e4253a7ec" +
"6d987ad61bd2179c229a20e8d97e6158cb0be734227698b4695c784c463cac3e" +
"a7d538056d5062a895f8ae64549bd58484a60363ab81bc43e6fde0ee12477051" +
"b53c970f063df2f0ff2fd655b7f81029be545cc841f7321d31304eeba210fdf8" +
"fdad7e1bc8accd4d990c058b30817e85e2c5695ab92c1e129ac7471f338fdd39" +
"4ede16071450c19061e07c135cbe87f01260b36206cbc169c85b9dda26fb3dff" +
"5e7d68fd51a573402dbcc1dc7f49a1cb9c34100b9b3d0bb8b8639c69c7d47490" +
"ab83c8918ad03ae62eee43165e452f854d8d4132186c21f742ee4a3cc614515a" +
"dc7c08940838538503f5c4d5781e984cad93cf7a8d17a68d678b3466afbae362" +
"055d5b6edb0007b59231d3040dbfec8b9782b39c391116f2037e218bfaba46c5" +
"2c56180aeef241d918f214b0b6480b7382875ad9dace4496c3682ea2a697b5fe" +
"43b107d93e1976b2540dbfda2ae223bc1a84d65e0d6702513b8cc442a25fb983" +
"aadfa492d09e3dfd991f9f47470bb73369f634dd50dab26d129c3ba096ad7971" +
"1f0ee4419c1226eb8da42674b2cf77e8f4a3f76ce9e9e249b4d1fcc778ef318d" +
"bd6778556c0f9878ebe6e8324916d78280f23f7e3921b29b42bba6ca2d780399" +
"ca4ed3cb2d036c9bed80b235809198422135e2d842c8f53a4dd59fe0bed889d4" +
"7840164024b1f668cc566978d431eb2a07a20ed06e575551e1b030db1350e94c" +
"929a028a5dc25340e3434f2250e3f49de171bb850875d280050e495544ba71b7" +
"1ea36c2937ad6593e2b5bca28bc38e59cea91f26cd1ca8aa4bd9fbc1c605ae46" +
"ae3f559b3a6ebf89ff569ff365c3cba4b4b91f665ffda397188fe23ea456c802" +
"c47a8062844d404fab41a0fa83fd0dd66e4db51115f026197f4c89a1bf28246b" +
"a9966ca2973b0f3afa43154896a56bfe2153dfaaa3ccd2ab011b7f91470cbdc0" +
"4af7cfe1703de7040f4d7777b068769d4035377cc7664f406b5d69356aa33045" +
"c4334a1e2ce602ea2b1ec666352d14b5996dad451a4cb886c66143dc25f8f1bc" +
"f0ed253febc9733432eada35a6afc982749fa0ec680a881db06171ea37fa8338" +
"1ec90a6afa2f269d9da07c8f302161e26c9a4c21c2560ced811bdf6be402d36a" +
"e2f11f884351241e779a22f8b69a8e3eeaa676e7150143a66b3a92d4dace9f4f" +
"9b61e3f7e0aa7656c818ecfb53303457d51e74e7ec89cf038c9a73f3834383e8" +
"22d2f50c3a7775aa0e63b127a214db7490e488f7ee91782a90de32f4ab22601a" +
"f7b190fcc6a292e42e2f8b69caace994b127e9f91532b6d8c3b7ce08f991d269" +
"220bceeed7d4e6151523e63e41bcd27154fd3a7f7370c04b1258715413ec5f17" +
"f51baa99e8e5cd59ac7af17daecd0e8926002403ab87a422e422a6fb1186b5bb" +
"7db25faffedad247fd741b2461aa3b9612342142af10decefe00c00b37a667ad" +
"7665fbc4085b5312bda690166245a93b",
); err != nil {
fmt.Println(err)
return
} else {
encData = b
}
// Bcrypt_pbkdf derivation (used for deriving decryption key for AES encrypted private key)
if k, err := bcrypt_pbkdf.Key([]byte(passphrase), salt, rounds, 32+16); err != nil {
fmt.Println(err)
return
} else {
bcryptKey = k
}
realBcryptKey := bcryptKey[0:32]
realIV := bcryptKey[32:]
// N
if b, err := hex.DecodeString(
"00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af" +
"cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689" +
"4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299" +
"2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0" +
"b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7" +
"d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5" +
"0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6" +
"55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af" +
"2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0" +
"f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf" +
"0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a" +
"37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029" +
"f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e" +
"dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074" +
"5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2" +
"bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f" +
"07",
); err != nil {
fmt.Println(err)
return
} else {
n = b
}
// Decrypter
if a, err := aes.NewCipher(realBcryptKey); err != nil {
2020-09-17 14:13:22 -04:00
fmt.Println(err)
return
2020-09-17 14:13:22 -04:00
} else {
aesCtx = a
2020-09-17 14:13:22 -04:00
}
// Actual cipher setup. AES256-CTR
decryptor := cipher.NewCTR(aesCtx, realIV)
decryptor.XORKeyStream(decrypted, encData)
// Print comparisons
fmt.Printf("Salt: %v\n", hex.EncodeToString(salt))
fmt.Printf("Bcrypt key: %v\n", hex.EncodeToString(bcryptKey))
fmt.Printf("CRT: %v\n", hex.EncodeToString(crt))
fmt.Printf("d: %v\n", hex.EncodeToString(d))
fmt.Printf("n: %v\n", hex.EncodeToString(n))
fmt.Printf("p: %v\n", hex.EncodeToString(p))
fmt.Printf("q: %v\n", hex.EncodeToString(q))
fmt.Printf("key: %v\n", key)
// var aesCtx cipher.Block
fmt.Printf("encData: %v\n", hex.EncodeToString(encData))
fmt.Printf("Decrypted?: %v\n", hex.EncodeToString(decrypted))
2020-09-17 14:13:22 -04:00
}