package sshkeys

import (
	"bytes"
	"crypto/cipher"
)

// EncryptedSSHKeyV1 represents an encrypted private key.
type EncryptedSSHKeyV1 struct {
	SSHKeyV1
	CipherName string
	Crypt      SSHCrypt
	KDFOpts    SSHKDFOpts
	Passphrase []byte
}

// SSHEncryptionKey contains the PublicKey and PrivateKey bytes (as derived by KDF, different from the actual SSH keypair),
// the Cipher, and the stream.
type SSHCrypt struct {
	Stream     cipher.Stream
	Cipher     cipher.Block
	CryptSalt  []byte
	PrivateKey []byte
	CryptKey   []byte
}

// SSHKDFOpts contains a set of KDF options.
type SSHKDFOpts struct {
	Salt   []byte // Also referred to as IV (initialization vector). (https://en.wikipedia.org/wiki/Initialization_vector)
	Rounds uint32 // Also referred to as work factor.
}

// SSHKeyV1 represents an unencrypted private key.
// We don't bother with the legacy (pre v1) keys. Sorry not sorry.
// Patch your shit.
type SSHKeyV1 struct {
	Magic      string
	DefKeyType string
	KDFName    string
	KeySize    uint32
	BlockSize  uint32
	Keys       []SSHPrivKey // 1 by default.
	Buffer     bytes.Buffer
}

// SSHPubKey contains the Public key of an SSH Keypair.
type SSHPubKey struct {
	KeyType string
	Key     interface{}
}

// SSHPrivKey contains the Private key of an SSH Keypair.
type SSHPrivKey struct {
	PublicKey *SSHPubKey
	BitSize   uint32
	Key       interface{}
	// ED25519 keys are actually "sk + pk", where sk is the secret key and pk is the pubkey.
	// We store that here.
	KeyAlt   []byte
	Checksum []byte
	Comment  string
}