From 4dc6d011b0bb436a19bd8a77d8b5b5a4eeb6de5c Mon Sep 17 00:00:00 2001 From: Henry Barreto Date: Mon, 2 Dec 2024 15:24:07 -0300 Subject: [PATCH] chore(agent,pkg): migrate from libxcrypt to yescrypt-go --- agent/Dockerfile | 11 ---- agent/Dockerfile.amd64 | 10 ---- agent/Dockerfile.arm32v6 | 10 ---- agent/Dockerfile.arm32v7 | 10 ---- agent/Dockerfile.arm64v8 | 9 ---- agent/Dockerfile.i386 | 10 ---- agent/Dockerfile.test | 11 ---- agent/go.mod | 11 ++-- agent/go.sum | 18 ++++--- api/go.mod | 4 +- cli/go.mod | 4 +- go.mod | 13 +++-- pkg/agent/pkg/yescrypt/yescript.go | 26 --------- pkg/agent/pkg/yescrypt/yescrypt.go | 18 +++++++ pkg/agent/pkg/yescrypt/yescrypt_test.go | 70 +++++++++++++++++++++++++ ssh/go.mod | 6 ++- tests/go.mod | 12 +++-- tests/go.sum | 17 +++--- 18 files changed, 138 insertions(+), 132 deletions(-) delete mode 100644 pkg/agent/pkg/yescrypt/yescript.go create mode 100644 pkg/agent/pkg/yescrypt/yescrypt.go create mode 100644 pkg/agent/pkg/yescrypt/yescrypt_test.go diff --git a/agent/Dockerfile b/agent/Dockerfile index 6c2b540bac6..9d5d213a023 100644 --- a/agent/Dockerfile +++ b/agent/Dockerfile @@ -3,17 +3,6 @@ FROM golang:1.22.6-alpine3.19 AS base ARG GOPROXY -RUN apk add --update git ca-certificates build-base bash util-linux setpriv perl xz linux-headers - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* - -RUN ln -sf /bin/bash /bin/sh - WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub COPY ./go.mod ./ diff --git a/agent/Dockerfile.amd64 b/agent/Dockerfile.amd64 index a452ed2e200..6fb5accb934 100644 --- a/agent/Dockerfile.amd64 +++ b/agent/Dockerfile.amd64 @@ -2,15 +2,6 @@ FROM golang:1.22.6-alpine3.19 ARG SHELLHUB_VERSION=latest -RUN apk add --update git ca-certificates util-linux build-base bash setpriv perl xz linux-headers - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* - WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub COPY ./go.mod ./ @@ -37,7 +28,6 @@ COPY --from=0 /usr/bin/nsenter /usr/bin/ COPY --from=0 /usr/bin/setpriv /usr/bin/ COPY --from=0 /usr/lib/libcap-ng.so.* /usr/lib/ COPY --from=0 /lib/ld-musl-x86_64.so.1 /lib/ -COPY --from=0 /usr/lib/libcrypt.so* /usr/lib/ COPY --from=0 /go/src/github.com/shellhub-io/shellhub/agent/agent /bin/agent ENTRYPOINT ["/bin/agent"] diff --git a/agent/Dockerfile.arm32v6 b/agent/Dockerfile.arm32v6 index cd916271c55..50341cfb6e4 100644 --- a/agent/Dockerfile.arm32v6 +++ b/agent/Dockerfile.arm32v6 @@ -4,15 +4,6 @@ FROM arm32v6/golang:1.22.6-alpine3.19 ARG SHELLHUB_VERSION=latest -RUN apk add --update git ca-certificates util-linux build-base bash setpriv perl xz linux-headers - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* - WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub COPY ./go.mod ./ @@ -39,7 +30,6 @@ COPY --from=0 /usr/bin/nsenter /usr/bin/ COPY --from=0 /usr/bin/setpriv /usr/bin/ COPY --from=0 /usr/lib/libcap-ng.so.* /usr/lib/ COPY --from=0 /lib/ld-musl-armhf.so.1 /lib/ -COPY --from=0 /usr/lib/libcrypt.so* /usr/lib/ COPY --from=0 /go/src/github.com/shellhub-io/shellhub/agent/agent /bin/agent ENTRYPOINT ["/bin/agent"] diff --git a/agent/Dockerfile.arm32v7 b/agent/Dockerfile.arm32v7 index 66f9af65f43..f8b622ffbe9 100644 --- a/agent/Dockerfile.arm32v7 +++ b/agent/Dockerfile.arm32v7 @@ -4,15 +4,6 @@ FROM arm32v7/golang:1.22.6-alpine3.19 ARG SHELLHUB_VERSION=latest -RUN apk add --update git ca-certificates util-linux build-base bash setpriv perl xz linux-headers - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* - WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub COPY ./go.mod ./ @@ -39,7 +30,6 @@ COPY --from=0 /usr/bin/nsenter /usr/bin/ COPY --from=0 /usr/bin/setpriv /usr/bin/ COPY --from=0 /usr/lib/libcap-ng.so.* /usr/lib/ COPY --from=0 /lib/ld-musl-armhf.so.1 /lib/ -COPY --from=0 /usr/lib/libcrypt.so* /usr/lib/ COPY --from=0 /go/src/github.com/shellhub-io/shellhub/agent/agent /bin/agent ENTRYPOINT ["/bin/agent"] diff --git a/agent/Dockerfile.arm64v8 b/agent/Dockerfile.arm64v8 index a72568cb51d..0f50e47a614 100644 --- a/agent/Dockerfile.arm64v8 +++ b/agent/Dockerfile.arm64v8 @@ -4,14 +4,6 @@ FROM arm64v8/golang:1.22.6-alpine3.19 ARG SHELLHUB_VERSION=latest -RUN apk add --update git ca-certificates util-linux build-base bash setpriv perl xz linux-headers - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub @@ -39,7 +31,6 @@ COPY --from=0 /usr/bin/nsenter /usr/bin/ COPY --from=0 /usr/bin/setpriv /usr/bin/ COPY --from=0 /usr/lib/libcap-ng.so.* /usr/lib/ COPY --from=0 /lib/ld-musl-aarch64.so.1 /lib/ -COPY --from=0 /usr/lib/libcrypt.so* /usr/lib/ COPY --from=0 /go/src/github.com/shellhub-io/shellhub/agent/agent /bin/agent ENTRYPOINT ["/bin/agent"] diff --git a/agent/Dockerfile.i386 b/agent/Dockerfile.i386 index 62d97728a51..7dc14e9107e 100644 --- a/agent/Dockerfile.i386 +++ b/agent/Dockerfile.i386 @@ -2,15 +2,6 @@ FROM golang:1.22.6-alpine3.19 ARG SHELLHUB_VERSION=latest -RUN apk add --update git ca-certificates util-linux build-base bash setpriv perl xz linux-headers - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* - WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub COPY ./go.mod ./ @@ -37,7 +28,6 @@ COPY --from=0 /usr/bin/nsenter /usr/bin/ COPY --from=0 /usr/bin/setpriv /usr/bin/ COPY --from=0 /usr/lib/libcap-ng.so.* /usr/lib/ COPY --from=0 /lib/ld-musl-*.so.1 /lib/ -COPY --from=0 /usr/lib/libcrypt.so* /usr/lib/ COPY --from=0 /go/src/github.com/shellhub-io/shellhub/agent/agent /bin/agent ENTRYPOINT ["/bin/agent"] diff --git a/agent/Dockerfile.test b/agent/Dockerfile.test index bd15b67ddfe..d5fac157873 100644 --- a/agent/Dockerfile.test +++ b/agent/Dockerfile.test @@ -2,17 +2,6 @@ FROM golang:1.22.6-alpine3.19 ARG GOPROXY -RUN apk add --update git ca-certificates util-linux build-base bash setpriv perl xz linux-headers - -RUN apk add openssh - -# We are using libxcrypt to support yescrypt password hashing method -# Since libxcrypt package is not available in Alpine, so we need to build libxcrypt from source code -RUN wget -q https://github.com/besser82/libxcrypt/releases/download/v4.4.36/libxcrypt-4.4.36.tar.xz && \ - tar xvf libxcrypt-4.4.36.tar.xz && cd libxcrypt-4.4.36 && \ - ./configure --prefix /usr && make -j$(nproc) && make install && \ - cd .. && rm -rf libxcrypt-4.4.36* - RUN ln -sf /bin/bash /bin/sh WORKDIR $GOPATH/src/github.com/shellhub-io/shellhub diff --git a/agent/go.mod b/agent/go.mod index 3a258d8d3c3..2031ba81d3d 100644 --- a/agent/go.mod +++ b/agent/go.mod @@ -1,6 +1,8 @@ module github.com/shellhub-io/shellhub/agent -go 1.21 +go 1.22.4 + +toolchain go1.23.0 require ( github.com/Masterminds/semver v1.5.0 @@ -45,6 +47,7 @@ require ( github.com/moby/docker-image-spec v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect + github.com/openwall/yescrypt-go v1.0.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pkg/sftp v1.13.5 // indirect github.com/sethvargo/go-envconfig v0.9.0 // indirect @@ -55,10 +58,10 @@ require ( go.opentelemetry.io/otel/metric v1.26.0 // indirect go.opentelemetry.io/otel/trace v1.26.0 // indirect go.opentelemetry.io/proto/otlp v1.2.0 // indirect - golang.org/x/crypto v0.22.0 // indirect + golang.org/x/crypto v0.25.0 // indirect golang.org/x/net v0.23.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/text v0.16.0 // indirect gotest.tools/v3 v3.5.1 // indirect ) diff --git a/agent/go.sum b/agent/go.sum index 341adc2c9ea..b24a5efebb4 100644 --- a/agent/go.sum +++ b/agent/go.sum @@ -84,6 +84,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= +github.com/openwall/yescrypt-go v1.0.0 h1:jsGk48zkFvtUjGVOhYPGh+CS595JmTRcKnpggK2AON4= +github.com/openwall/yescrypt-go v1.0.0/go.mod h1:e6CWtFizUEOUttaOjeVMiv1lJaJie3mfOtLJ9CCD6sA= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.5 h1:a3RLUqkyjYRtBTZJZ1VRrKbN3zhuPLlUc3sphVz81go= @@ -141,8 +143,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= @@ -173,19 +175,19 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/api/go.mod b/api/go.mod index dc1d00605e4..8fc16d2f50b 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,8 +1,8 @@ module github.com/shellhub-io/shellhub/api -go 1.22 +go 1.22.4 -toolchain go1.22.5 +toolchain go1.23.0 require ( github.com/cnf/structhash v0.0.0-20201127153200-e1b16c1ebc08 diff --git a/cli/go.mod b/cli/go.mod index a42908794c9..3030916e6ca 100644 --- a/cli/go.mod +++ b/cli/go.mod @@ -1,8 +1,8 @@ module github.com/shellhub-io/shellhub/cli -go 1.22 +go 1.22.4 -toolchain go1.22.8 +toolchain go1.23.0 require ( github.com/shellhub-io/shellhub v0.13.4 diff --git a/go.mod b/go.mod index 3120316d111..ba857feb640 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/shellhub-io/shellhub -go 1.21 +go 1.22.4 + +toolchain go1.23.0 require ( github.com/GehirnInc/crypt v0.0.0-20230320061759-8cc1b52080c5 @@ -22,6 +24,7 @@ require ( github.com/labstack/echo/v4 v4.10.2 github.com/mattn/go-shellwords v1.0.12 github.com/mholt/archiver/v4 v4.0.0-alpha.8 + github.com/openwall/yescrypt-go v1.0.0 github.com/oschwald/geoip2-golang v1.8.0 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.5 @@ -29,9 +32,9 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 github.com/testcontainers/testcontainers-go/modules/redis v0.32.0 - golang.org/x/crypto v0.22.0 - golang.org/x/sync v0.6.0 - golang.org/x/sys v0.19.0 + golang.org/x/crypto v0.25.0 + golang.org/x/sync v0.7.0 + golang.org/x/sys v0.22.0 ) require ( @@ -116,7 +119,7 @@ require ( go.opentelemetry.io/otel/trace v1.26.0 // indirect go4.org v0.0.0-20200411211856-f5505b9728dd // indirect golang.org/x/net v0.23.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/grpc v1.63.2 // indirect diff --git a/pkg/agent/pkg/yescrypt/yescript.go b/pkg/agent/pkg/yescrypt/yescript.go deleted file mode 100644 index b6df9adccf6..00000000000 --- a/pkg/agent/pkg/yescrypt/yescript.go +++ /dev/null @@ -1,26 +0,0 @@ -//go:build !without_cgo -// +build !without_cgo - -package yescrypt - -/* -#cgo LDFLAGS: -lcrypt -#include -#include -*/ -import "C" -import "unsafe" - -// Verify verifies a yescrypt hash against a given key. -func Verify(key, hash string) bool { - cdata := C.struct_crypt_data{} - ckey := C.CString(key) - chash := C.CString(hash) - - out := C.crypt_r(ckey, chash, &cdata) - - C.free(unsafe.Pointer(ckey)) - C.free(unsafe.Pointer(chash)) - - return C.GoString(out) == hash -} diff --git a/pkg/agent/pkg/yescrypt/yescrypt.go b/pkg/agent/pkg/yescrypt/yescrypt.go new file mode 100644 index 00000000000..7c206fd7f31 --- /dev/null +++ b/pkg/agent/pkg/yescrypt/yescrypt.go @@ -0,0 +1,18 @@ +package yescrypt + +import ( + "github.com/openwall/yescrypt-go" + log "github.com/sirupsen/logrus" +) + +// Verify verifies a yescrypt hash against a given key. +func Verify(password, hash string) bool { + hashed, err := yescrypt.Hash([]byte(password), []byte(hash)) + if err != nil { + log.WithError(err).Debug("failed to hash the password for comparision") + + return false + } + + return hash == string(hashed) +} diff --git a/pkg/agent/pkg/yescrypt/yescrypt_test.go b/pkg/agent/pkg/yescrypt/yescrypt_test.go new file mode 100644 index 00000000000..5ec7caf6559 --- /dev/null +++ b/pkg/agent/pkg/yescrypt/yescrypt_test.go @@ -0,0 +1,70 @@ +package yescrypt + +import ( + "crypto/rand" + "math/big" + "testing" + + "github.com/openwall/yescrypt-go" + "github.com/stretchr/testify/assert" +) + +func FuzzVerify(f *testing.F) { + const settings = "$y$j9T$AAt9R641xPvCI9nXw1HHW/" + + for i := 0; i < 100; i++ { + v, err := rand.Int(rand.Reader, big.NewInt(64)) + assert.NoError(f, err) + + password := make([]byte, v.Int64()) + _, err = rand.Read(password) + assert.NoError(f, err) + + hash, err := yescrypt.Hash(password, []byte(settings)) + assert.NoError(f, err) + + f.Add(string(password), string(hash)) + } + + f.Fuzz(func(t *testing.T, a string, b string) { + assert.True(f, Verify(a, b)) + }) +} + +func TestVeirfy(t *testing.T) { + const settings = "$y$j9T$AAt9R641xPvCI9nXw1HHW/" + + cases := []struct { + description string + password string + hash string + expected bool + }{ + { + description: "invalid password", + password: "invalid", + hash: "$y$j9T$AAt9R641xPvCI9nXw1HHW/$nCv3bckjDEC9Q5ahIEpyXVNGZhySye/ZdjxNxTY5ttB", + expected: false, + }, + { + description: "invalid hash", + password: "password", + hash: "invalid", + expected: false, + }, + { + description: "valid", + password: "password", + hash: "$y$j9T$AAt9R641xPvCI9nXw1HHW/$nCv3bckjDEC9Q5ahIEpyXVNGZhySye/ZdjxNxTY5ttB", + expected: true, + }, + } + + for _, test := range cases { + t.Run(test.description, func(tt *testing.T) { + result := Verify(test.password, string(test.hash)) + + assert.Equal(tt, test.expected, result) + }) + } +} diff --git a/ssh/go.mod b/ssh/go.mod index 908835cdaf0..dc326b02b1b 100644 --- a/ssh/go.mod +++ b/ssh/go.mod @@ -1,11 +1,14 @@ module github.com/shellhub-io/shellhub/ssh -go 1.21 +go 1.22.4 + +toolchain go1.23.0 require ( github.com/Masterminds/semver v1.5.0 github.com/gliderlabs/ssh v0.3.7 github.com/golang-jwt/jwt v3.2.2+incompatible + github.com/gorilla/websocket v1.5.0 github.com/labstack/echo-contrib v0.17.1 github.com/labstack/echo/v4 v4.12.0 github.com/pires/go-proxyproto v0.8.0 @@ -30,7 +33,6 @@ require ( github.com/go-resty/resty/v2 v2.11.0 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.0 // indirect github.com/hibiken/asynq v0.24.1 // indirect github.com/klauspost/compress v1.17.4 // indirect github.com/labstack/gommon v0.4.2 // indirect diff --git a/tests/go.mod b/tests/go.mod index f6b0c8237eb..2dc7e3f0cb0 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -1,6 +1,8 @@ module github.com/shellhub-io/shellhub/tests -go 1.21 +go 1.22.4 + +toolchain go1.23.0 require ( github.com/bramvdbogaerde/go-scp v1.4.0 @@ -13,7 +15,7 @@ require ( github.com/stretchr/testify v1.9.0 github.com/testcontainers/testcontainers-go v0.32.0 github.com/testcontainers/testcontainers-go/modules/compose v0.32.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.25.0 golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 ) @@ -182,9 +184,9 @@ require ( golang.org/x/net v0.25.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect diff --git a/tests/go.sum b/tests/go.sum index 3508d93f894..28a786d7e71 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -570,8 +570,9 @@ golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9/go.mod h1:jdWPYTVW3xRLrWP golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -637,8 +638,8 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -646,8 +647,9 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= @@ -656,8 +658,9 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -666,8 +669,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=