aboutsummaryrefslogtreecommitdiff
path: root/ssha.go
diff options
context:
space:
mode:
Diffstat (limited to 'ssha.go')
-rw-r--r--ssha.go53
1 files changed, 53 insertions, 0 deletions
diff --git a/ssha.go b/ssha.go
new file mode 100644
index 0000000..203b994
--- /dev/null
+++ b/ssha.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+ "fmt"
+ "bytes"
+ "math/rand"
+ "encoding/base64"
+ "crypto/sha1"
+)
+
+// Encode encodes the []byte of raw password
+func SSHAEncode(rawPassPhrase []byte) string {
+ hash := makeSSHAHash(rawPassPhrase, makeSalt())
+ b64 := base64.StdEncoding.EncodeToString(hash)
+ return fmt.Sprintf("{ssha}%s", b64)
+}
+
+// Matches matches the encoded password and the raw password
+func SSHAMatches(encodedPassPhrase string, rawPassPhrase []byte) bool {
+ if encodedPassPhrase[:6] != "{ssha}" {
+ return false
+ }
+
+ bhash, err := base64.StdEncoding.DecodeString(encodedPassPhrase[6:])
+ if err != nil {
+ return false
+ }
+ salt := bhash[20:]
+
+ newssha := makeSSHAHash(rawPassPhrase, salt)
+
+ if bytes.Compare(newssha, bhash) != 0 {
+ return false
+ }
+ return true
+}
+
+// makeSalt make a 32 byte array containing random bytes.
+func makeSalt() []byte {
+ sbytes := make([]byte, 32)
+ rand.Read(sbytes)
+ return sbytes
+}
+
+// makeSSHAHash make hasing using SHA-1 with salt. This is not the final output though. You need to append {SSHA} string with base64 of this hash.
+func makeSSHAHash(passphrase, salt []byte) []byte {
+ sha := sha1.New()
+ sha.Write(passphrase)
+ sha.Write(salt)
+
+ h := sha.Sum(nil)
+ return append(h, salt...)
+}