stubbing out keygen funcs

This commit is contained in:
brent s. 2020-09-12 00:58:58 -04:00
parent ff9fbdab69
commit 1624740118
Signed by: bts
GPG Key ID: 8C004C2F93481F6B
5 changed files with 60 additions and 19 deletions

View File

@ -1,7 +1,14 @@
package sshsecure

import (
"git.square-r00t.net/sshsecure/sshkeys"
)

const (
RoundsDefUser uint = 100
RoundsDefHost uint = 0 // 0 = Default rounds
RSABitSize uint = 4096
)
RoundsDefUser uint = 100
RoundsDefHost uint = 100
RSABitSize uint = 4096
DefKeyType string = sshkeys.KEY_ED25519
DefCipher string = sshkeys.CIPHER_AES256_CTR
DefKDF string = sshkeys.KDF_BCRYPT
)

View File

@ -7,16 +7,24 @@ const (

// Cipher names. I believe only AES256-CTR is supported upstream currently.
const (
CIPHER_AES256_CTR = "aes256-ctr"
CIPHER_NULL string = "none"
CIPHER_AES256_CTR string = "aes256-ctr"
)

var allowed_ciphers = [...]string{CIPHER_NULL, CIPHER_AES256_CTR}

// Key types.
const (
KEY_ED25519 string = "ssh-ed25519"
KEY_RSA string = "ssh-rsa"
)

var allowed_keytypes = [...]string{KEY_ED25519, KEY_RSA}

// KDF names. I believe only bcrypt is supported upstream currently.
const (
KDF_NULL string = "none"
KDF_BCRYPT string = "bcrypt"
)

var allowed_kdfnames = [...]string{KDF_NULL, KDF_BCRYPT}

View File

@ -1,22 +1,47 @@
package sshkeys

func (k *EncryptedSSHKeyV1) GeneratePrivate(keyType uint8) error {
import (
"errors"
)

func genPrivKey(cipherAlgo string, kdf string, salt []byte, rounds uint32) ([]byte, error) {

return nil, nil
}

func genPubKey(privKey *[]byte) ([]byte, error) {

return nil, nil
}

func (k *EncryptedSSHKeyV1) GeneratePrivate(force bool) error {
if k.Passphrase == "" {
return errors.New("cannot use encrypted key with empty passphrase")
}
if k.PrivateKeys != nil && !force {
return nil // Already generated.
}

return nil
}

func (k *EncryptedSSHKeyV1) GeneratePublic(keyType uint8) error {
if err := k.GeneratePrivate(keyType); err != nil {
func (k *EncryptedSSHKeyV1) GeneratePublic(force bool) error {
if err := k.GeneratePrivate(force); err != nil {
return err
}

return nil
}

func (k *SSHKeyV1) GeneratePrivate(force bool) error {
if k.PrivateKeys != nil && !force {
return nil // Already generated.
}
return nil
}

func (k *SSHKeyV1) GeneratePrivate(keyType uint8) error {
return nil
}

func (k *SSHKeyV1) GeneratePublic(keyType uint8) error {
if err := k.GeneratePrivate(keyType); err != nil {
func (k *SSHKeyV1) GeneratePublic(force bool) error {
if err := k.GeneratePrivate(force); err != nil {
return err
}
return nil

View File

@ -1,4 +1,4 @@
The following uses the bcrypt encryption. The passphrase is "test".
The following uses the aes256-ctr/bcrypt encryption. The passphrase is "test".

The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"
and the footer "-----END OPENSSH PRIVATE KEY-----".
@ -54,7 +54,7 @@ ANNOTATED HEX:
4.0.0.1 00000020 (32)
4.0.0.1.0 bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 (bytes)
4.0.1 000000a0 (160)
4.0.1 (AES256-CBC encrypted block) (bytes)
4.0.1 (AES256-CTR encrypted block) (bytes)
c49777cd0d1a7d37db77a1814991278f8ce99d57
2e2c666b93b99867425c60da4652fddb85550985
32b51beeee2959f9db5cf5a0905052720c5de25f

View File

@ -3,6 +3,8 @@ package sshkeys
// EncryptedSSHKeyV1 represents an encrypted private key.
type EncryptedSSHKeyV1 struct {
SSHKeyV1
CipherName string
KDFName string
KDFOpts SSHKDFOpts
Passphrase string
}
@ -18,9 +20,6 @@ type SSHKDFOpts struct {
// Patch your shit.
type SSHKeyV1 struct {
Magic string
CipherName string
KDFName string
KDFOpts SSHKDFOpts
PublicKeys []SSHPubKey
PrivateKeys []SSHPrivKey
}
@ -34,4 +33,6 @@ type SSHPubKey struct {
// SSHPrivKey contains the Private key of an SSH Keypair.
type SSHPrivKey struct {
PublicKey *SSHPubKey
Checksum uint32
Comment string
}