1 files changed, 53 insertions, 0 deletions

diff --git a/ssha.go b/ssha.go
new file mode 100644
index 0000000..203b994
--- /dev/null
+++ b/ssha.go
@@ -0,0 +1,53 @@
+package main
+
+import (
+	"fmt"
+	"bytes"
+	"math/rand"
+	"encoding/base64"
+	"crypto/sha1"
+)
+
+// Encode encodes the []byte of raw password
+func SSHAEncode(rawPassPhrase []byte) string {
+	hash := makeSSHAHash(rawPassPhrase, makeSalt())
+	b64 := base64.StdEncoding.EncodeToString(hash)
+	return fmt.Sprintf("{ssha}%s", b64)
+}
+
+// Matches matches the encoded password and the raw password
+func SSHAMatches(encodedPassPhrase string, rawPassPhrase []byte) bool {
+	if encodedPassPhrase[:6] != "{ssha}" {
+		return false
+	}
+
+	bhash, err := base64.StdEncoding.DecodeString(encodedPassPhrase[6:])
+	if err != nil {
+		return false
+	}
+	salt := bhash[20:]
+
+	newssha := makeSSHAHash(rawPassPhrase, salt)
+
+	if bytes.Compare(newssha, bhash) != 0 {
+		return false
+	}
+	return true
+}
+
+// makeSalt make a 32 byte array containing random bytes.
+func makeSalt() []byte {
+	sbytes := make([]byte, 32)
+	rand.Read(sbytes)
+	return sbytes
+}
+
+// makeSSHAHash make hasing using SHA-1 with salt. This is not the final output though. You need to append {SSHA} string with base64 of this hash.
+func makeSSHAHash(passphrase, salt []byte) []byte {
+	sha := sha1.New()
+	sha.Write(passphrase)
+	sha.Write(salt)
+
+	h := sha.Sum(nil)
+	return append(h, salt...)
+}