From d355a146c571534acbca2210e34a01dd5480ad3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Cluseau?= Date: Mon, 28 Mar 2022 18:36:44 +0200 Subject: [PATCH] bootstrapconfig --- bootstrapconfig/config.go | 61 ++++++++++++++++++++++++++++++++ bootstrapconfig/password.go | 46 ++++++++++++++++++++++++ bootstrapconfig/password_test.go | 12 +++++++ 3 files changed, 119 insertions(+) create mode 100644 bootstrapconfig/config.go create mode 100644 bootstrapconfig/password.go create mode 100644 bootstrapconfig/password_test.go diff --git a/bootstrapconfig/config.go b/bootstrapconfig/config.go new file mode 100644 index 0000000..40e873a --- /dev/null +++ b/bootstrapconfig/config.go @@ -0,0 +1,61 @@ +package bootstrapconfig + +type Config struct { + AntiPhishingCode string `json:"anti_phishing_code"` + + Keymap string + Modules string + + Auths []Auth + + Networks []struct { + Name string + Interfaces []struct { + Var string + N int + Regexps []string + } + Script string + } + + LVM []LvmVG + Bootstrap Bootstrap +} + +type Auth struct { + Name string + SSHKey string `yaml:"sshKey"` + Password string `yaml:"password"` +} + +type LvmVG struct { + VG string + PVs struct { + N int + Regexps []string + } + + Defaults struct { + FS string + Raid *RaidConfig + } + + LVs []struct { + Name string + Crypt string + FS string + Raid *RaidConfig + Size string + Extents string + } +} + +type RaidConfig struct { + Mirrors int + Stripes int +} + +type Bootstrap struct { + Dev string + Seed string +} diff --git a/bootstrapconfig/password.go b/bootstrapconfig/password.go new file mode 100644 index 0000000..032b1ea --- /dev/null +++ b/bootstrapconfig/password.go @@ -0,0 +1,46 @@ +package bootstrapconfig + +import ( + "crypto/rand" + "crypto/sha512" + "encoding/base64" + "strings" + + "golang.org/x/crypto/pbkdf2" +) + +var ( + encoding = base64.RawStdEncoding +) + +func PasswordHashFromSeed(seed, pass []byte) string { + h := pbkdf2.Key(pass, seed, 2048, 32, sha512.New) + return encoding.EncodeToString(h) +} + +func PasswordHash(pass []byte) (hashedPassWithSeed string) { + seed := make([]byte, 10) // 8 bytes min by the RFC recommendation + _, err := rand.Read(seed) + if err != nil { + panic(err) // we do not expect this to fail... + } + return JoinSeedAndHash(seed, PasswordHashFromSeed(seed, pass)) +} + +func JoinSeedAndHash(seed []byte, hash string) string { + return encoding.EncodeToString(seed) + ":" + hash +} + +func CheckPassword(hashedPassWithSeed string, pass []byte) (ok bool) { + parts := strings.SplitN(hashedPassWithSeed, ":", 2) + + encodedSeed := parts[0] + encodedHash := parts[1] + + seed, err := encoding.DecodeString(encodedSeed) + if err != nil { + return false + } + + return encodedHash == PasswordHashFromSeed(seed, pass) +} diff --git a/bootstrapconfig/password_test.go b/bootstrapconfig/password_test.go new file mode 100644 index 0000000..cb3228d --- /dev/null +++ b/bootstrapconfig/password_test.go @@ -0,0 +1,12 @@ +package bootstrapconfig + +import "fmt" + +func ExamplePasswordHash() { + seed := []byte("myseed") + hash := PasswordHashFromSeed(seed, []byte("mypass")) + fmt.Println(JoinSeedAndHash(seed, hash)) + + // Output: + // bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0 +}