SSHSecure/sshkeys/const.go

/*
   SSHSecure - a program to harden OpenSSH from defaults
   Copyright (C) 2020  Brent Saner

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <https://www.gnu.org/licenses/>.
*/

package sshkeys

// Needed for V1 key format.
const (
	KeyV1Magic string = "openssh-key-v1"
)

// Defaults.
const (
	defCipher     string = CipherAes256Ctr
	defKeyType    string = KeyEd25519
	defKDF        string = KdfBcrypt
	defRounds     uint32 = 100
	defRSABitSize uint32 = 4096
	defSaltLen    int    = 16
	// bcrypt_pbkdf maxes out at 32 for private key gen (sk is actually 64; sk+pk)
	// But per OpenSSH code, we pass a key len of kdfKeyLen + len(salt)
	kdfKeyLen int = 32
	kdfSplit  int = 32
)

// Cipher names. I believe only AES256-CTR is supported upstream currently.
const (
	CipherNull      string = "none"
	CipherAes256Ctr string = "aes256-ctr"
)

var allowedCiphers = [...]string{CipherNull, CipherAes256Ctr}

// Key types.
const (
	KeyEd25519 string = "ssh-ed25519"
	KeyRsa     string = "ssh-rsa"
)

var allowedKeytypes = [...]string{KeyEd25519, KeyRsa}

// KDF names. I believe only bcrypt is supported upstream currently.
const (
	KdfNull   string = "none"
	KdfBcrypt string = "bcrypt"
)

var allowedKdfnames = [...]string{KdfNull, KdfBcrypt}

// Key lengths.
const (
	// ED25519 in OpenSSH uses a static key size of 64 bytes.
	ed25519Len uint32 = 64
)

// Key/Block sizes.
const (
	keyEd25519 uint32 = 32
	// Is this correct? Based on PROTOCOL.key's "padlen % 255", it seems to be.
	blockPad     uint32 = 255
	blockEd25519 uint32 = 16
	// Blocksize for RSA depends on key bits, I think.
	blockNull uint32 = 8
)
adding GPL 2020-09-18 18:01:16 -04:00			`/*`
			`SSHSecure - a program to harden OpenSSH from defaults`
			`Copyright (C) 2020 Brent Saner`

			`This program is free software: you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation, either version 3 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`*/`

checking in 2020-09-03 19:11:42 -04:00			`package sshkeys`

adding documentation/analysis of key format 2020-09-11 23:06:51 -04:00			`// Needed for V1 key format.`
checking in 2020-09-03 19:11:42 -04:00			`const (`
adding documentation/analysis of key format 2020-09-11 23:06:51 -04:00			`KeyV1Magic string = "openssh-key-v1"`
checking in 2020-09-03 19:11:42 -04:00			`)`

checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`// Defaults.`
			`const (`
			`defCipher string = CipherAes256Ctr`
			`defKeyType string = KeyEd25519`
			`defKDF string = KdfBcrypt`
			`defRounds uint32 = 100`
			`defRSABitSize uint32 = 4096`
			`defSaltLen int = 16`
checking in for the night. key generation should be done, need to finish packing/formatting. also need to start on moduli generation. 2020-09-18 04:04:39 -04:00			`// bcrypt_pbkdf maxes out at 32 for private key gen (sk is actually 64; sk+pk)`
			`// But per OpenSSH code, we pass a key len of kdfKeyLen + len(salt)`
			`kdfKeyLen int = 32`
			`kdfSplit int = 32`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`)`

update format spec, working on better structs 2020-09-11 23:53:55 -04:00			`// Cipher names. I believe only AES256-CTR is supported upstream currently.`
adding documentation/analysis of key format 2020-09-11 23:06:51 -04:00			`const (`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`CipherNull string = "none"`
			`CipherAes256Ctr string = "aes256-ctr"`
update format spec, working on better structs 2020-09-11 23:53:55 -04:00			`)`

all the directives are copied in with their types. working on validators now. 2020-09-27 03:23:58 -04:00			`var allowedCiphers = [...]string{CipherNull, CipherAes256Ctr}`
stubbing out keygen funcs 2020-09-12 00:58:58 -04:00
update format spec, working on better structs 2020-09-11 23:53:55 -04:00			`// Key types.`
			`const (`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`KeyEd25519 string = "ssh-ed25519"`
			`KeyRsa string = "ssh-rsa"`
update format spec, working on better structs 2020-09-11 23:53:55 -04:00			`)`

all the directives are copied in with their types. working on validators now. 2020-09-27 03:23:58 -04:00			`var allowedKeytypes = [...]string{KeyEd25519, KeyRsa}`
stubbing out keygen funcs 2020-09-12 00:58:58 -04:00
update format spec, working on better structs 2020-09-11 23:53:55 -04:00			`// KDF names. I believe only bcrypt is supported upstream currently.`
			`const (`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`KdfNull string = "none"`
			`KdfBcrypt string = "bcrypt"`
adding documentation/analysis of key format 2020-09-11 23:06:51 -04:00			`)`
stubbing out keygen funcs 2020-09-12 00:58:58 -04:00
all the directives are copied in with their types. working on validators now. 2020-09-27 03:23:58 -04:00			`var allowedKdfnames = [...]string{KdfNull, KdfBcrypt}`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00
			`// Key lengths.`
			`const (`
			`// ED25519 in OpenSSH uses a static key size of 64 bytes.`
			`ed25519Len uint32 = 64`
			`)`

			`// Key/Block sizes.`
			`const (`
checking in for the night. key generation should be done, need to finish packing/formatting. also need to start on moduli generation. 2020-09-18 04:04:39 -04:00			`keyEd25519 uint32 = 32`
			`// Is this correct? Based on PROTOCOL.key's "padlen % 255", it seems to be.`
			`blockPad uint32 = 255`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`blockEd25519 uint32 = 16`
checking in for the night. key generation should be done, need to finish packing/formatting. also need to start on moduli generation. 2020-09-18 04:04:39 -04:00			`// Blocksize for RSA depends on key bits, I think.`
			`blockNull uint32 = 8`
checking in some more research and primitive functions. i cannot, for the life of me, figure out why i can't (seemingly) properly decrypt private keys. 2020-09-17 08:37:05 -04:00			`)`