Table of Contents
diff --git a/cipher/aes/aes128/cbc/funcs.go b/cipher/aes/aes128/cbc/funcs.go
new file mode 100644
index 0000000..ad84cf3
--- /dev/null
+++ b/cipher/aes/aes128/cbc/funcs.go
@@ -0,0 +1,205 @@
+package cbc
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes128/cbc/types.go b/cipher/aes/aes128/cbc/types.go
new file mode 100644
index 0000000..38cb472
--- /dev/null
+++ b/cipher/aes/aes128/cbc/types.go
@@ -0,0 +1,18 @@
+package cbc
+
+import (
+ `crypto/cipher`
+)
+
+// Cipher is an AES128-CBC cipher.Cipher.
+type Cipher struct {
+ // key contains the encryption key.
+ key []byte
+ // iv contains the IV, or initialization vector.
+ iv []byte
+ /*
+ cryptBlock contains the block encryptor.
+ CBC is a block (all at once) encryption mode.
+ */
+ cryptBlock cipher.Block
+}
diff --git a/cipher/aes/aes128/consts.go b/cipher/aes/aes128/consts.go
index 6c2ca6c..c23f75f 100644
--- a/cipher/aes/aes128/consts.go
+++ b/cipher/aes/aes128/consts.go
@@ -1,10 +1,10 @@
package aes128
import (
- `r00t2.io/sshkeys/cipher/aes`
+ sshAES `r00t2.io/sshkeys/cipher/aes`
)
const (
KeySize int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16
- KdfKeySize int = KeySize + aes.IvSize
+ KdfKeySize int = KeySize + sshAES.IvSize
)
diff --git a/cipher/aes/aes128/ctr/funcs.go b/cipher/aes/aes128/ctr/funcs.go
new file mode 100644
index 0000000..6303a52
--- /dev/null
+++ b/cipher/aes/aes128/ctr/funcs.go
@@ -0,0 +1,205 @@
+package ctr
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes128/gcm/funcs.go b/cipher/aes/aes128/gcm/funcs.go
new file mode 100644
index 0000000..e05be1c
--- /dev/null
+++ b/cipher/aes/aes128/gcm/funcs.go
@@ -0,0 +1,205 @@
+package gcm
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes192/cbc/funcs.go b/cipher/aes/aes192/cbc/funcs.go
new file mode 100644
index 0000000..ad84cf3
--- /dev/null
+++ b/cipher/aes/aes192/cbc/funcs.go
@@ -0,0 +1,205 @@
+package cbc
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes192/ctr/funcs.go b/cipher/aes/aes192/ctr/funcs.go
new file mode 100644
index 0000000..6303a52
--- /dev/null
+++ b/cipher/aes/aes192/ctr/funcs.go
@@ -0,0 +1,205 @@
+package ctr
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes192/gcm/funcs.go b/cipher/aes/aes192/gcm/funcs.go
new file mode 100644
index 0000000..e05be1c
--- /dev/null
+++ b/cipher/aes/aes192/gcm/funcs.go
@@ -0,0 +1,205 @@
+package gcm
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes256/cbc/funcs.go b/cipher/aes/aes256/cbc/funcs.go
new file mode 100644
index 0000000..ad84cf3
--- /dev/null
+++ b/cipher/aes/aes256/cbc/funcs.go
@@ -0,0 +1,205 @@
+package cbc
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes256/ctr/funcs.go b/cipher/aes/aes256/ctr/funcs.go
new file mode 100644
index 0000000..6303a52
--- /dev/null
+++ b/cipher/aes/aes256/ctr/funcs.go
@@ -0,0 +1,205 @@
+package ctr
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/aes/aes256/gcm/funcs.go b/cipher/aes/aes256/gcm/funcs.go
new file mode 100644
index 0000000..e05be1c
--- /dev/null
+++ b/cipher/aes/aes256/gcm/funcs.go
@@ -0,0 +1,205 @@
+package gcm
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/chacha20/poly1305/funcs.go b/cipher/chacha20/poly1305/funcs.go
new file mode 100644
index 0000000..635cba8
--- /dev/null
+++ b/cipher/chacha20/poly1305/funcs.go
@@ -0,0 +1,205 @@
+package poly1305
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/null/funcs.go b/cipher/null/funcs.go
new file mode 100644
index 0000000..3026825
--- /dev/null
+++ b/cipher/null/funcs.go
@@ -0,0 +1,205 @@
+package null
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/tripledes/cbc/funcs.go b/cipher/tripledes/cbc/funcs.go
new file mode 100644
index 0000000..ad84cf3
--- /dev/null
+++ b/cipher/tripledes/cbc/funcs.go
@@ -0,0 +1,205 @@
+package cbc
+
+import (
+ `bytes`
+ `io`
+
+ `r00t2.io/sshkeys/cipher/aes`
+ `r00t2.io/sshkeys/cipher/aes/aes128`
+ `r00t2.io/sshkeys/internal`
+)
+
+func (c *Cipher) Setup(key []byte) (err error) {
+
+ // TODO
+
+ return
+}
+
+// Name returns the name as used in the key file bytes.
+func (c *Cipher) Name() (name string) {
+
+ name = Name
+
+ return
+}
+
+// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
+func (c *Cipher) NameBytes() (name []byte) {
+
+ var err error
+
+ if name, err = internal.PackBytes(Name); err != nil {
+ return
+ }
+
+ return
+}
+
+// BlockSize returns the blocksize of this Cipher.
+func (c *Cipher) BlockSize() (size int) {
+
+ size = aes.BlockSize
+
+ return
+}
+
+// KdfKeySize returns the target key length from KDF to use with this Cipher.
+func (c *Cipher) KdfKeySize() (size int) {
+
+ size = aes128.KeySize
+
+ return
+}
+
+/*
+ Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var cryptDst []byte
+ var padded *bytes.Reader
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ if padded, err = c.Pad(b); err != nil {
+ return
+ }
+
+ b = make([]byte, padded.Len())
+ if b, err = io.ReadAll(padded); err != nil {
+ return
+ }
+
+ cryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = cryptDst
+
+ return
+}
+
+/*
+ AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
+
+ NOTE: Padding IS applied automatically.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
+
+ var b *bytes.Reader
+ var buf *bytes.Buffer = new(bytes.Buffer)
+ var alloc []byte = make([]byte, 4)
+
+ if b, err = c.Encrypt(data); err != nil {
+ return
+ }
+ if alloc, err = internal.PackBytes(b); err != nil {
+ return
+ }
+
+ if _, err = buf.Write(alloc); err != nil {
+ return
+ }
+ if _, err = b.WriteTo(buf); err != nil {
+ return
+ }
+
+ encrypted = bytes.NewReader(buf.Bytes())
+
+ return
+}
+
+/*
+ Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
+ The resulting padded buffer is returned.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
+
+ // TODO
+
+ return
+}
+
+/*
+ Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+ It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+ var decryptDst []byte
+
+ if b, err = internal.SerializeData(data); err != nil {
+ return
+ }
+
+ decryptDst = make([]byte, len(b))
+
+ // TODO
+ _ = decryptDst
+
+ return
+}
+
+/*
+ AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
+
+ Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
+
+ NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
+
+ var b []byte
+
+ if b, err = internal.UnpackBytes(data); err != nil {
+ return
+ }
+ if decrypted, err = c.Decrypt(b); err != nil {
+ return
+ }
+
+ return
+}
+
+/*
+ IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
+
+ It will always return false. It is included for interface compatability.
+*/
+func (c *Cipher) IsPlain() (plain bool) {
+
+ plain = false
+
+ return
+}
diff --git a/cipher/types.go b/cipher/types.go
index c232bb6..b866645 100644
--- a/cipher/types.go
+++ b/cipher/types.go
@@ -5,6 +5,8 @@ import (
)
type Cipher interface {
+ // Setup initializes the Cipher with a given key.
+ Setup(key []byte) (err error)
// Name returns the string form of the cipher name.
Name() (name string)
// NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in.
@@ -13,8 +15,6 @@ type Cipher interface {
BlockSize() (size int)
// KdfKeySize returns the desired/needed key size for use with kdf.KDF.
KdfKeySize() (size int)
- // Setup initializes the Cipher with a given key.
- Setup(key []byte) (err error)
/*
Encrypt takes plain data, either a:
- string
@@ -26,6 +26,16 @@ type Cipher interface {
Encrypt(data interface{}) (encrypted *bytes.Reader, err error)
// AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation.
AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error)
+ /*
+ Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
+ data can be one of either:
+ - string
+ - raw byte slice ([]byte or []uint8)
+ - single byte (byte or uint8)
+ - *bytes.Buffer
+ This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
+ */
+ Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
/*
Decrypt takes encrypted data, either a:
- raw byte slice ([]byte or []uint8)
@@ -37,14 +47,4 @@ type Cipher interface {
AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error)
// IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed.
IsPlain() (plain bool)
- /*
- Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
- data can be one of either:
- - string
- - raw byte slice ([]byte or []uint8)
- - single byte (byte or uint8)
- - *bytes.Buffer
- This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
- */
- Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
}
diff --git a/errs/errs.go b/errs/errs.go
new file mode 100644
index 0000000..89669bd
--- /dev/null
+++ b/errs/errs.go
@@ -0,0 +1,9 @@
+package errs
+
+import (
+ "errors"
+)
+
+var (
+ ErrBadData = errors.New("unable to serialize/cast data into buffer; unknown or invalid data object")
+)
diff --git a/internal/utils.go b/internal/utils.go
index 5a984a7..3edccbe 100644
--- a/internal/utils.go
+++ b/internal/utils.go
@@ -3,18 +3,15 @@ package internal
import (
"bytes"
"encoding/binary"
+ `io`
+
+ `r00t2.io/sshkeys/errs`
)
/*
ReadSizeBytes returns a uint32 allocator for a given set of data for preparation of packing into bytes.
- data can be one of:
-
- - string
- - byte/uint8
- - []byte/[]uint8
- - *bytes.Buffer
- - *bytes.Reader
+ See SerializeData for valid types for data.
If pack is true, the original data will be appended to the returned allocated *bytes.Reader.
@@ -26,41 +23,150 @@ func ReadSizeBytes(data interface{}, pack bool) (allocated *bytes.Reader, err er
var b []byte
var sizer = make([]byte, 4)
- switch t := data.(type) {
- case string:
- b = []byte(t)
- case byte:
- // b = []byte{0x0, 0x0, 0x0, 0x1}
- b = []byte{t}
- case []byte:
- b = t
- case bytes.Buffer:
- t2 := &t
- b = t2.Bytes()
- case *bytes.Buffer:
- b = t.Bytes()
- case bytes.Reader:
- t2 := &t
- b = make([]byte, t2.Len())
- if _, err = t2.Read(b); err != nil {
- return
- }
- case *bytes.Reader:
- b = make([]byte, t.Len())
- if _, err = t.Read(b); err != nil {
- return
- }
+ if b, err = SerializeData(data); err != nil {
+ return
}
u = uint32(len(b))
- binary.BigEndian.PutUint32(sizer, u)
if !pack {
+ binary.BigEndian.PutUint32(sizer, u)
allocated = bytes.NewReader(sizer)
} else {
- b = append(sizer, b...)
+ if b, err = PackBytes(b); err != nil {
+ return
+ }
allocated = bytes.NewReader(b)
}
return
}
+
+/*
+ PackBytes prefixes data with an allocator.
+
+ See SerializeData for valid types for data.
+
+ NOTE: If data is a *bytes.Reader, the bytes WILL be consumed within that reader.
+*/
+func PackBytes(data interface{}) (b []byte, err error) {
+
+ var dataBytes []byte
+ var size uint32
+
+ if dataBytes, err = SerializeData(data); err != nil {
+ return
+ }
+
+ size = uint32(len(dataBytes))
+
+ b = make([]byte, size)
+ binary.BigEndian.PutUint32(b, size)
+ b = append(b, dataBytes...)
+
+ return
+}
+
+/*
+ UnpackBytes performs the opposite of PackBytes, reading an allocator and then reading ONLY the remaining bytes.
+
+ NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+
+ NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
+*/
+func UnpackBytes(data interface{}) (unpacked []byte, err error) {
+
+ var sizeBytes []byte = make([]byte, 4)
+ var u uint32
+
+ // We can't use SerializeData because it'll consume the entire data set. We don't want that.
+ switch t := data.(type) {
+ case []byte:
+ sizeBytes = t[:4]
+ u = binary.BigEndian.Uint32(sizeBytes)
+ unpacked = t[4:u]
+ case *bytes.Buffer:
+ sizeBytes = t.Next(4)
+ u = binary.BigEndian.Uint32(sizeBytes)
+ unpacked = t.Next(int(u))
+ case bytes.Buffer:
+ t2 := &t
+ sizeBytes = t2.Next(4)
+ u = binary.BigEndian.Uint32(sizeBytes)
+ unpacked = t2.Next(int(u))
+ case *bytes.Reader:
+ if _, err = t.Read(sizeBytes); err != nil {
+ return
+ }
+ u = binary.BigEndian.Uint32(sizeBytes)
+ unpacked = make([]byte, u)
+ if _, err = io.ReadFull(t, unpacked); err != nil {
+ return
+ }
+ case bytes.Reader:
+ t2 := &t
+ if _, err = t2.Read(sizeBytes); err != nil {
+ return
+ }
+ u = binary.BigEndian.Uint32(sizeBytes)
+ unpacked = make([]byte, u)
+ if _, err = io.ReadFull(t2, unpacked); err != nil {
+ return
+ }
+ default:
+ err = errs.ErrBadData
+ return
+ }
+
+ return
+}
+
+/*
+ SerializeData transforms one of the following types:
+
+ - string
+ - []byte
+ - byte
+ - bytes.Buffer
+ - *bytes.Buffer
+ - bytes.Reader
+ - *bytes.Reader
+
+ into a []byte.
+
+ NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
+
+ NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
+*/
+func SerializeData(data interface{}) (b []byte, err error) {
+
+ switch t := data.(type) {
+ case string:
+ b = []byte(t)
+ case byte:
+ b = []byte{t}
+ case []byte:
+ b = t
+ case *bytes.Buffer:
+ b = t.Bytes()
+ case bytes.Buffer:
+ t2 := &t
+ b = t2.Bytes()
+ case *bytes.Reader:
+ b = make([]byte, t.Len())
+ if b, err = io.ReadAll(t); err != nil {
+ return
+ }
+ case bytes.Reader:
+ t2 := &t
+ b = make([]byte, t2.Len())
+ if b, err = io.ReadAll(t2); err != nil {
+ return
+ }
+ default:
+ err = errs.ErrBadData
+ return
+ }
+
+ return
+}
diff --git a/types/ed25519/consts.go b/keytypes/ed25519/consts.go
similarity index 100%
rename from types/ed25519/consts.go
rename to keytypes/ed25519/consts.go
diff --git a/types/ed25519/funcs.go b/keytypes/ed25519/funcs.go
similarity index 100%
rename from types/ed25519/funcs.go
rename to keytypes/ed25519/funcs.go
diff --git a/types/ed25519/types.go b/keytypes/ed25519/types.go
similarity index 89%
rename from types/ed25519/types.go
rename to keytypes/ed25519/types.go
index 535f8bb..7538a18 100644
--- a/types/ed25519/types.go
+++ b/keytypes/ed25519/types.go
@@ -3,13 +3,14 @@ package ed25519
import (
`crypto/ed25519`
+ `r00t2.io/sshkeys/cipher`
`r00t2.io/sshkeys/kdf`
)
// Key is an ed25519 OpenSSH key.
type Key struct {
KeyPairs []*Keypair `xml:"keypairs" json:"keypairs" yaml:"Keypairs"`
- Cipher string // TODO: (sshkeys/cipher).Cipher
+ Cipher cipher.Cipher
KDF kdf.KDF
}
diff --git a/keytypes/types.go b/keytypes/types.go
new file mode 100644
index 0000000..23ab4c5
--- /dev/null
+++ b/keytypes/types.go
@@ -0,0 +1,9 @@
+package keytypes
+
+// Key contains at least one keytypes.KeyPair, a cipher.Cipher, and a kdf.KDF.
+type Key interface {
+}
+
+// KeyPair contains a private key component, public key component, and comment.
+type KeyPair interface {
+}