/* SSHSecure - a program to harden OpenSSH from defaults Copyright (C) 2020 Brent Saner This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ package main import ( "crypto/aes" "crypto/cipher" "crypto/rsa" "encoding/hex" "fmt" "github.com/dchest/bcrypt_pbkdf" ) /* Same key as private.rsa example. */ func main() { const ( passphrase string = "test" saltLen int = 16 // 3.0.0.0 rounds int = 100 // 3.0.0.1 keySize int = 4096 crtLen int = 256 // 4.0.1.4 dLen int = 512 // 4.0.1.3 e int = 65537 // 4.0.0.1 nLen int = 513 // 4.0.0.2 pLen int = 257 // 4.0.1.5 qLen int = 257 // 4.0.1.6 dataLen int = 1872 // 4.0.1 ) var salt []byte var bcryptKey []byte var crt []byte var d []byte var n []byte var p []byte var q []byte var key rsa.PrivateKey var decrypted []byte var aesCtx cipher.Block var encData []byte crt = make([]byte, crtLen) d = make([]byte, dLen) n = make([]byte, nLen) p = make([]byte, pLen) q = make([]byte, qLen) decrypted = make([]byte, dataLen) encData = make([]byte, dataLen) salt = make([]byte, saltLen) // Import salt if s, err := hex.DecodeString("07d4b07c0b128348916488008d6e130b"); err != nil { fmt.Println(err) return } else { salt = s } // Import encrypted data if b, err := hex.DecodeString( "966e2ce435242fef09787f6e8d93a563092e3f3bc986b44198c81e8049c5c944" + "419effc0521401dc1ef5bc0e4d6aedeb7d05880bc3f731698b9bceeceae08e5e" + "05f79f4d22de953c899c3271850e80e804f9b1a79bcec31bba11c08db60f9bd2" + "206bc3d7bfef74895e4f4e3720649f924544f4a2cea5b9dfb9cc0a2bd8f3ba70" + "f4ba2e7f42960465c9eade118630f9c832fe84ef548529979d0d6ea079f9d5c4" + "0e396b098fc509448d26de3cb484b0334afacaba371b52c37c120a5623170c1d" + "0a39348a151c9fb8aab1049f52cf0c08c77144af314259a90848f3dc62e5831f" + "ac08720b1c813506f1db1e7940def52dc46c97d6363cda0ff7e2258e2637d2e0" + "9f26099bbfeac78819198b78374d2424537fe549a2ab3dddaf5f7fdb739c3921" + "064b04f6ffcfeb5544db533179038e11d0cc622992bc6d0600584d4068a2891d" + "c748c9c16be32c2a08e96caa2ddec4ddd1a2ab3b018a0b0f166a15ac870a30c8" + "0cc897dbf15af7e8c2915b3616f237a6646e43c665f7569a5ed1850ad8cd0540" + "06d389568db55393e780e752ace8f06b70f1e99d86b9445d9c1a7a6476bcbf48" + "4400a58e5a5a73d2c20d630a9985bbf4c691abb61ee4515aa64a727e7bac4a5e" + "d7bb5f767c7dcf0035904231283d92445863702a995e792bde1d5ac7dd624898" + "7b9fe4b0a6f1837ce4fbaa032ff4671a86be8c7e4f9be3718212ead0a6f1b429" + "88863bf80af17a9814f1ffbed6c81e7f59de5b8c71b9f571fc556cc56aee22be" + "1b57d48f8ca76a379847c67d0ceb43ead101355e541a57c254ae814f058a0361" + "92f49d96236c88428e5f54dafefd1a5b8ca12d85cf3833d38d816c6e0e205143" + "f33e353c471abc978d28d1ac89a724d5aab3e7c48015c5cd3a6f31c258cef131" + "2574e692c6e495a2a8efbee785a9fe1c727379ea1fdc5b492a83a4aff7b3945a" + "ef503a95dc52b21474172bb54054b106342f2bde6bc38ad166c1a5c6d88685b8" + "067f529741b36991352d5df1291b9e3c746a71e2bda796fdddac29d0e2f3fadf" + "d1f0fd33da75bc6151d3ee27f6199e76c3b9e872fb63b54ad78b0fbe2be84f10" + "d7e48339c6e63364507074addc5a2bd8c4be5848c291bdb2740d3aa325c35039" + "6ce28e086eecdd6256f48fb7947b84e85759b1c7e6dd91223e3f828e4253a7ec" + "6d987ad61bd2179c229a20e8d97e6158cb0be734227698b4695c784c463cac3e" + "a7d538056d5062a895f8ae64549bd58484a60363ab81bc43e6fde0ee12477051" + "b53c970f063df2f0ff2fd655b7f81029be545cc841f7321d31304eeba210fdf8" + "fdad7e1bc8accd4d990c058b30817e85e2c5695ab92c1e129ac7471f338fdd39" + "4ede16071450c19061e07c135cbe87f01260b36206cbc169c85b9dda26fb3dff" + "5e7d68fd51a573402dbcc1dc7f49a1cb9c34100b9b3d0bb8b8639c69c7d47490" + "ab83c8918ad03ae62eee43165e452f854d8d4132186c21f742ee4a3cc614515a" + "dc7c08940838538503f5c4d5781e984cad93cf7a8d17a68d678b3466afbae362" + "055d5b6edb0007b59231d3040dbfec8b9782b39c391116f2037e218bfaba46c5" + "2c56180aeef241d918f214b0b6480b7382875ad9dace4496c3682ea2a697b5fe" + "43b107d93e1976b2540dbfda2ae223bc1a84d65e0d6702513b8cc442a25fb983" + "aadfa492d09e3dfd991f9f47470bb73369f634dd50dab26d129c3ba096ad7971" + "1f0ee4419c1226eb8da42674b2cf77e8f4a3f76ce9e9e249b4d1fcc778ef318d" + "bd6778556c0f9878ebe6e8324916d78280f23f7e3921b29b42bba6ca2d780399" + "ca4ed3cb2d036c9bed80b235809198422135e2d842c8f53a4dd59fe0bed889d4" + "7840164024b1f668cc566978d431eb2a07a20ed06e575551e1b030db1350e94c" + "929a028a5dc25340e3434f2250e3f49de171bb850875d280050e495544ba71b7" + "1ea36c2937ad6593e2b5bca28bc38e59cea91f26cd1ca8aa4bd9fbc1c605ae46" + "ae3f559b3a6ebf89ff569ff365c3cba4b4b91f665ffda397188fe23ea456c802" + "c47a8062844d404fab41a0fa83fd0dd66e4db51115f026197f4c89a1bf28246b" + "a9966ca2973b0f3afa43154896a56bfe2153dfaaa3ccd2ab011b7f91470cbdc0" + "4af7cfe1703de7040f4d7777b068769d4035377cc7664f406b5d69356aa33045" + "c4334a1e2ce602ea2b1ec666352d14b5996dad451a4cb886c66143dc25f8f1bc" + "f0ed253febc9733432eada35a6afc982749fa0ec680a881db06171ea37fa8338" + "1ec90a6afa2f269d9da07c8f302161e26c9a4c21c2560ced811bdf6be402d36a" + "e2f11f884351241e779a22f8b69a8e3eeaa676e7150143a66b3a92d4dace9f4f" + "9b61e3f7e0aa7656c818ecfb53303457d51e74e7ec89cf038c9a73f3834383e8" + "22d2f50c3a7775aa0e63b127a214db7490e488f7ee91782a90de32f4ab22601a" + "f7b190fcc6a292e42e2f8b69caace994b127e9f91532b6d8c3b7ce08f991d269" + "220bceeed7d4e6151523e63e41bcd27154fd3a7f7370c04b1258715413ec5f17" + "f51baa99e8e5cd59ac7af17daecd0e8926002403ab87a422e422a6fb1186b5bb" + "7db25faffedad247fd741b2461aa3b9612342142af10decefe00c00b37a667ad" + "7665fbc4085b5312bda690166245a93b", ); err != nil { fmt.Println(err) return } else { encData = b } // Bcrypt_pbkdf derivation (used for deriving decryption key for AES encrypted private key) if k, err := bcrypt_pbkdf.Key([]byte(passphrase), salt, rounds, 32+16); err != nil { fmt.Println(err) return } else { bcryptKey = k } realBcryptKey := bcryptKey[0:32] realIV := bcryptKey[32:] // N if b, err := hex.DecodeString( "00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af" + "cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689" + "4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299" + "2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0" + "b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7" + "d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5" + "0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6" + "55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af" + "2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0" + "f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf" + "0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a" + "37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029" + "f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e" + "dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074" + "5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2" + "bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f" + "07", ); err != nil { fmt.Println(err) return } else { n = b } // Decrypter if a, err := aes.NewCipher(realBcryptKey); err != nil { fmt.Println(err) return } else { aesCtx = a } // Actual cipher setup. AES256-CTR decryptor := cipher.NewCTR(aesCtx, realIV) decryptor.XORKeyStream(decrypted, encData) // Print comparisons fmt.Printf("Salt: %v\n", hex.EncodeToString(salt)) fmt.Printf("Bcrypt key: %v\n", hex.EncodeToString(bcryptKey)) fmt.Printf("CRT: %v\n", hex.EncodeToString(crt)) fmt.Printf("d: %v\n", hex.EncodeToString(d)) fmt.Printf("n: %v\n", hex.EncodeToString(n)) fmt.Printf("p: %v\n", hex.EncodeToString(p)) fmt.Printf("q: %v\n", hex.EncodeToString(q)) fmt.Printf("key: %v\n", key) // var aesCtx cipher.Block fmt.Printf("encData: %v\n", hex.EncodeToString(encData)) fmt.Printf("Decrypted?: %v\n", hex.EncodeToString(decrypted)) }