stubbing out keygen funcs

const.go

@@ -1,7 +1,14 @@
 package sshsecure
 
+import (
+	"git.square-r00t.net/sshsecure/sshkeys"
+)
+
 const (
-	RoundsDefUser uint = 100
-	RoundsDefHost uint = 0  // 0 = Default rounds
-	RSABitSize uint = 4096
-)
+	RoundsDefUser uint   = 100
+	RoundsDefHost uint   = 100
+	RSABitSize    uint   = 4096
+	DefKeyType    string = sshkeys.KEY_ED25519
+	DefCipher     string = sshkeys.CIPHER_AES256_CTR
+	DefKDF        string = sshkeys.KDF_BCRYPT
+)

sshkeys/const.go

@@ -7,16 +7,24 @@ const (
 
 // Cipher names. I believe only AES256-CTR is supported upstream currently.
 const (
-	CIPHER_AES256_CTR = "aes256-ctr"
+	CIPHER_NULL       string = "none"
+	CIPHER_AES256_CTR string = "aes256-ctr"
 )
 
+var allowed_ciphers = [...]string{CIPHER_NULL, CIPHER_AES256_CTR}
+
 // Key types.
 const (
 	KEY_ED25519 string = "ssh-ed25519"
 	KEY_RSA     string = "ssh-rsa"
 )
 
+var allowed_keytypes = [...]string{KEY_ED25519, KEY_RSA}
+
 // KDF names. I believe only bcrypt is supported upstream currently.
 const (
+	KDF_NULL   string = "none"
 	KDF_BCRYPT string = "bcrypt"
 )
+
+var allowed_kdfnames = [...]string{KDF_NULL, KDF_BCRYPT}

sshkeys/func.go

@@ -1,22 +1,47 @@
 package sshkeys
 
-func (k *EncryptedSSHKeyV1) GeneratePrivate(keyType uint8) error {
+import (
+	"errors"
+)
+
+func genPrivKey(cipherAlgo string, kdf string, salt []byte, rounds uint32) ([]byte, error) {
+
+	return nil, nil
+}
+
+func genPubKey(privKey *[]byte) ([]byte, error) {
+
+	return nil, nil
+}
+
+func (k *EncryptedSSHKeyV1) GeneratePrivate(force bool) error {
+	if k.Passphrase == "" {
+		return errors.New("cannot use encrypted key with empty passphrase")
+	}
+	if k.PrivateKeys != nil && !force {
+		return nil // Already generated.
+	}
+
 	return nil
 }
 
-func (k *EncryptedSSHKeyV1) GeneratePublic(keyType uint8) error {
-	if err := k.GeneratePrivate(keyType); err != nil {
+func (k *EncryptedSSHKeyV1) GeneratePublic(force bool) error {
+	if err := k.GeneratePrivate(force); err != nil {
 		return err
 	}
+
+	return nil
+}
+
+func (k *SSHKeyV1) GeneratePrivate(force bool) error {
+	if k.PrivateKeys != nil && !force {
+		return nil // Already generated.
+	}
 	return nil
 }
 
-func (k *SSHKeyV1) GeneratePrivate(keyType uint8) error {
-	return nil
-}
-
-func (k *SSHKeyV1) GeneratePublic(keyType uint8) error {
-	if err := k.GeneratePrivate(keyType); err != nil {
+func (k *SSHKeyV1) GeneratePublic(force bool) error {
+	if err := k.GeneratePrivate(force); err != nil {
 		return err
 	}
 	return nil

sshkeys/ref/encrypted/private

@@ -1,4 +1,4 @@
-The following uses the bcrypt encryption. The passphrase is "test".
+The following uses the aes256-ctr/bcrypt encryption. The passphrase is "test".
 
 The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"
 and the footer "-----END OPENSSH PRIVATE KEY-----".
@@ -54,7 +54,7 @@ ANNOTATED HEX:
 		4.0.0.1 00000020 (32)
 			4.0.0.1.0 bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 (bytes)
 	4.0.1 000000a0 (160)
-		4.0.1 (AES256-CBC encrypted block) (bytes)
+		4.0.1 (AES256-CTR encrypted block) (bytes)
 			c49777cd0d1a7d37db77a1814991278f8ce99d57
 			2e2c666b93b99867425c60da4652fddb85550985
 			32b51beeee2959f9db5cf5a0905052720c5de25f

sshkeys/struct.go

@@ -3,6 +3,8 @@ package sshkeys
 // EncryptedSSHKeyV1 represents an encrypted private key.
 type EncryptedSSHKeyV1 struct {
 	SSHKeyV1
+	CipherName string
+	KDFName    string
 	KDFOpts    SSHKDFOpts
 	Passphrase string
 }
@@ -18,9 +20,6 @@ type SSHKDFOpts struct {
 // Patch your shit.
 type SSHKeyV1 struct {
 	Magic       string
-	CipherName  string
-	KDFName     string
-	KDFOpts     SSHKDFOpts
 	PublicKeys  []SSHPubKey
 	PrivateKeys []SSHPrivKey
 }
@@ -34,4 +33,6 @@ type SSHPubKey struct {
 // SSHPrivKey contains the Private key of an SSH Keypair.
 type SSHPrivKey struct {
 	PublicKey *SSHPubKey
+	Checksum  uint32
+	Comment   string
 }