go_sshkeys/kdf/types.go

package kdf

import (
	"bytes"
)

// KDF is a type of KDF (Key Derivation Function).
type KDF interface {
	// Name returns the string form of the KDF name.
	Name() (name string)
	// NameBytes returns the Name result but in bytes with a leading uint32 bytecount packed in.
	NameBytes() (name []byte)
	// Rounds returns the number of rounds used in derivation.
	Rounds() (rounds uint32)
	// Salt returns the salt bytes.
	Salt() (salt []byte)
	// Setup initializes the KDF with the given derivation secret (password) and KDF options.
	Setup(secret, salt []byte, rounds, keyLen uint32) (err error)
	// DeriveKey derives the key. Setup (or SetupAuto) must have been run first.
	DeriveKey() (key []byte, err error)
	// SetupAuto configures a partially reconstructed KDF options that were parsed from GetKdfFromBytes (if KDF.AutoOK returns true).
	SetupAuto(secret []byte, keyLen uint32) (err error)
	// AutoOK returns true if all components were able to be parsed from GetKdfFromBytes.
	AutoOK() (ok bool)
	// IsPlain returns true if this is a "null" kdf; i.e. no derivation is actually performed.
	IsPlain() (plain bool)
	// PackedBytes returns the bytes suitable for serializing into a key file.
	PackedBytes() (buf *bytes.Reader, err error)
	// addSalt adds the salt as parsed from the private key.
	addSalt(salt []byte) (err error)
	// addRounds adds the rounds as parsed from the private key.
	addRounds(rounds uint32) (err error)
}

/*
	BcryptPbkdf combines bcrypt hashing algorithm with PBKDF2 key derivation.

	(bcrypt) https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html
	(PBKDF2) https://datatracker.ietf.org/doc/html/rfc2898
	http://www.tedunangst.com/flak/post/bcrypt-pbkdf
*/
type BcryptPbkdf struct {
	// salt is used to salt the hash for each round in rounds.
	salt []byte
	// rounds controls how many iterations that salting/hashing is done.
	rounds uint32
	// keyLen is how long the derived key should be in bytes.
	keyLen uint32
	// secret is the "passphrase" used to seed the key creation.
	secret []byte
	// key is used to store the derived key.
	key []byte
}

// Null is a dummy KDF that is used for unencrypted/plain SSH private keys. It literally does nothing.
type Null struct{}
checking in prelim stuff 2022-03-05 19:22:40 -05:00			`package kdf`

			`import (`
			`"bytes"`
			`)`

			`// KDF is a type of KDF (Key Derivation Function).`
			`type KDF interface {`
			`// Name returns the string form of the KDF name.`
			`Name() (name string)`
			`// NameBytes returns the Name result but in bytes with a leading uint32 bytecount packed in.`
			`NameBytes() (name []byte)`
			`// Rounds returns the number of rounds used in derivation.`
			`Rounds() (rounds uint32)`
			`// Salt returns the salt bytes.`
			`Salt() (salt []byte)`
			`// Setup initializes the KDF with the given derivation secret (password) and KDF options.`
			`Setup(secret, salt []byte, rounds, keyLen uint32) (err error)`
			`// DeriveKey derives the key. Setup (or SetupAuto) must have been run first.`
			`DeriveKey() (key []byte, err error)`
			`// SetupAuto configures a partially reconstructed KDF options that were parsed from GetKdfFromBytes (if KDF.AutoOK returns true).`
			`SetupAuto(secret []byte, keyLen uint32) (err error)`
			`// AutoOK returns true if all components were able to be parsed from GetKdfFromBytes.`
			`AutoOK() (ok bool)`
			`// IsPlain returns true if this is a "null" kdf; i.e. no derivation is actually performed.`
			`IsPlain() (plain bool)`
			`// PackedBytes returns the bytes suitable for serializing into a key file.`
			`PackedBytes() (buf *bytes.Reader, err error)`
			`// addSalt adds the salt as parsed from the private key.`
			`addSalt(salt []byte) (err error)`
			`// addRounds adds the rounds as parsed from the private key.`
			`addRounds(rounds uint32) (err error)`
			`}`

			`/*`
			`BcryptPbkdf combines bcrypt hashing algorithm with PBKDF2 key derivation.`

			`(bcrypt) https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html`
			`(PBKDF2) https://datatracker.ietf.org/doc/html/rfc2898`
			`http://www.tedunangst.com/flak/post/bcrypt-pbkdf`
			`*/`
			`type BcryptPbkdf struct {`
			`// salt is used to salt the hash for each round in rounds.`
			`salt []byte`
			`// rounds controls how many iterations that salting/hashing is done.`
			`rounds uint32`
			`// keyLen is how long the derived key should be in bytes.`
			`keyLen uint32`
			`// secret is the "passphrase" used to seed the key creation.`
			`secret []byte`
			`// key is used to store the derived key.`
			`key []byte`
			`}`

			`// Null is a dummy KDF that is used for unencrypted/plain SSH private keys. It literally does nothing.`
			`type Null struct{}`