From 27a411fe69cd3d8f669acb76b56d2390efc86deb Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 9 Feb 2020 17:45:22 +0100
Subject: Password change

---
 ssha.go | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 ssha.go

(limited to 'ssha.go')

diff --git a/ssha.go b/ssha.go
new file mode 100644
index 0000000..fb7f3d8
--- /dev/null
+++ b/ssha.go
@@ -0,0 +1,37 @@
+package main
+
+import (
+	"crypto/rand"
+	"crypto/sha1"
+	"encoding/base64"
+	"fmt"
+
+	log "github.com/sirupsen/logrus"
+)
+
+// Encode encodes the []byte of raw password
+func SSHAEncode(rawPassPhrase []byte) string {
+	hash := makeSSHAHash(rawPassPhrase, makeSalt())
+	b64 := base64.StdEncoding.EncodeToString(hash)
+	return fmt.Sprintf("{ssha}%s", b64)
+}
+
+// makeSalt make a 32 byte array containing random bytes.
+func makeSalt() []byte {
+	sbytes := make([]byte, 32)
+	_, err := rand.Read(sbytes)
+	if err != nil {
+		log.Panicf("Could not read random bytes: %s", err)
+	}
+	return sbytes
+}
+
+// makeSSHAHash make hasing using SHA-1 with salt. This is not the final output though. You need to append {SSHA} string with base64 of this hash.
+func makeSSHAHash(passphrase, salt []byte) []byte {
+	sha := sha1.New()
+	sha.Write(passphrase)
+	sha.Write(salt)
+
+	h := sha.Sum(nil)
+	return append(h, salt...)
+}
-- 
cgit v1.2.3