From 5da1bbcd11cd1cc679c23927246c58b3247b450f Mon Sep 17 00:00:00 2001 From: brent s Date: Thu, 28 Apr 2022 05:18:25 -0400 Subject: [PATCH] stubbed out cipher funcs --- TODO | 5 + _ref/KEY_GUIDE.html | 2 +- cipher/aes/aes128/cbc/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes128/cbc/types.go | 18 +++ cipher/aes/aes128/consts.go | 4 +- cipher/aes/aes128/ctr/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes128/gcm/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes192/cbc/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes192/ctr/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes192/gcm/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes256/cbc/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes256/ctr/funcs.go | 205 ++++++++++++++++++++++++++ cipher/aes/aes256/gcm/funcs.go | 205 ++++++++++++++++++++++++++ cipher/chacha20/poly1305/funcs.go | 205 ++++++++++++++++++++++++++ cipher/null/funcs.go | 205 ++++++++++++++++++++++++++ cipher/tripledes/cbc/funcs.go | 205 ++++++++++++++++++++++++++ cipher/types.go | 24 +-- errs/errs.go | 9 ++ internal/utils.go | 172 ++++++++++++++++----- {types => keytypes}/ed25519/consts.go | 0 {types => keytypes}/ed25519/funcs.go | 0 {types => keytypes}/ed25519/types.go | 3 +- keytypes/types.go | 9 ++ 23 files changed, 2657 insertions(+), 49 deletions(-) create mode 100644 cipher/aes/aes128/cbc/funcs.go create mode 100644 cipher/aes/aes128/cbc/types.go create mode 100644 cipher/aes/aes128/ctr/funcs.go create mode 100644 cipher/aes/aes128/gcm/funcs.go create mode 100644 cipher/aes/aes192/cbc/funcs.go create mode 100644 cipher/aes/aes192/ctr/funcs.go create mode 100644 cipher/aes/aes192/gcm/funcs.go create mode 100644 cipher/aes/aes256/cbc/funcs.go create mode 100644 cipher/aes/aes256/ctr/funcs.go create mode 100644 cipher/aes/aes256/gcm/funcs.go create mode 100644 cipher/chacha20/poly1305/funcs.go create mode 100644 cipher/null/funcs.go create mode 100644 cipher/tripledes/cbc/funcs.go create mode 100644 errs/errs.go rename {types => keytypes}/ed25519/consts.go (100%) rename {types => keytypes}/ed25519/funcs.go (100%) rename {types => keytypes}/ed25519/types.go (89%) create mode 100644 keytypes/types.go diff --git a/TODO b/TODO index 4f907d6..5429a3e 100644 --- a/TODO +++ b/TODO @@ -4,3 +4,8 @@ --- ssh-rsa (sha1), rsa-sha2-256, rsa-sha2-512 (new default) - ciphers: -- 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com + +provide marshal, unmarshal for keytypes/* keys. +https://golangexample.com/encode-and-decode-binary-message-and-file-formats-in-go/ (?) + +create separate package, go_sshdh diff --git a/_ref/KEY_GUIDE.html b/_ref/KEY_GUIDE.html index adf2a32..85ffcee 100644 --- a/_ref/KEY_GUIDE.html +++ b/_ref/KEY_GUIDE.html @@ -734,7 +734,7 @@ pre.rouge {

OpenSSH Key Structure Guide

brent saner <bts@square-r00t.net>, https://r00t2.io
-Last updated 2022-04-25 04:27:24 -0400 +Last updated 2022-04-28 05:18:26 -0400
Table of Contents
diff --git a/cipher/aes/aes128/cbc/funcs.go b/cipher/aes/aes128/cbc/funcs.go new file mode 100644 index 0000000..ad84cf3 --- /dev/null +++ b/cipher/aes/aes128/cbc/funcs.go @@ -0,0 +1,205 @@ +package cbc + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes128/cbc/types.go b/cipher/aes/aes128/cbc/types.go new file mode 100644 index 0000000..38cb472 --- /dev/null +++ b/cipher/aes/aes128/cbc/types.go @@ -0,0 +1,18 @@ +package cbc + +import ( + `crypto/cipher` +) + +// Cipher is an AES128-CBC cipher.Cipher. +type Cipher struct { + // key contains the encryption key. + key []byte + // iv contains the IV, or initialization vector. + iv []byte + /* + cryptBlock contains the block encryptor. + CBC is a block (all at once) encryption mode. + */ + cryptBlock cipher.Block +} diff --git a/cipher/aes/aes128/consts.go b/cipher/aes/aes128/consts.go index 6c2ca6c..c23f75f 100644 --- a/cipher/aes/aes128/consts.go +++ b/cipher/aes/aes128/consts.go @@ -1,10 +1,10 @@ package aes128 import ( - `r00t2.io/sshkeys/cipher/aes` + sshAES `r00t2.io/sshkeys/cipher/aes` ) const ( KeySize int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16 - KdfKeySize int = KeySize + aes.IvSize + KdfKeySize int = KeySize + sshAES.IvSize ) diff --git a/cipher/aes/aes128/ctr/funcs.go b/cipher/aes/aes128/ctr/funcs.go new file mode 100644 index 0000000..6303a52 --- /dev/null +++ b/cipher/aes/aes128/ctr/funcs.go @@ -0,0 +1,205 @@ +package ctr + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes128/gcm/funcs.go b/cipher/aes/aes128/gcm/funcs.go new file mode 100644 index 0000000..e05be1c --- /dev/null +++ b/cipher/aes/aes128/gcm/funcs.go @@ -0,0 +1,205 @@ +package gcm + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes192/cbc/funcs.go b/cipher/aes/aes192/cbc/funcs.go new file mode 100644 index 0000000..ad84cf3 --- /dev/null +++ b/cipher/aes/aes192/cbc/funcs.go @@ -0,0 +1,205 @@ +package cbc + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes192/ctr/funcs.go b/cipher/aes/aes192/ctr/funcs.go new file mode 100644 index 0000000..6303a52 --- /dev/null +++ b/cipher/aes/aes192/ctr/funcs.go @@ -0,0 +1,205 @@ +package ctr + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes192/gcm/funcs.go b/cipher/aes/aes192/gcm/funcs.go new file mode 100644 index 0000000..e05be1c --- /dev/null +++ b/cipher/aes/aes192/gcm/funcs.go @@ -0,0 +1,205 @@ +package gcm + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes256/cbc/funcs.go b/cipher/aes/aes256/cbc/funcs.go new file mode 100644 index 0000000..ad84cf3 --- /dev/null +++ b/cipher/aes/aes256/cbc/funcs.go @@ -0,0 +1,205 @@ +package cbc + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes256/ctr/funcs.go b/cipher/aes/aes256/ctr/funcs.go new file mode 100644 index 0000000..6303a52 --- /dev/null +++ b/cipher/aes/aes256/ctr/funcs.go @@ -0,0 +1,205 @@ +package ctr + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/aes/aes256/gcm/funcs.go b/cipher/aes/aes256/gcm/funcs.go new file mode 100644 index 0000000..e05be1c --- /dev/null +++ b/cipher/aes/aes256/gcm/funcs.go @@ -0,0 +1,205 @@ +package gcm + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/chacha20/poly1305/funcs.go b/cipher/chacha20/poly1305/funcs.go new file mode 100644 index 0000000..635cba8 --- /dev/null +++ b/cipher/chacha20/poly1305/funcs.go @@ -0,0 +1,205 @@ +package poly1305 + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/null/funcs.go b/cipher/null/funcs.go new file mode 100644 index 0000000..3026825 --- /dev/null +++ b/cipher/null/funcs.go @@ -0,0 +1,205 @@ +package null + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/tripledes/cbc/funcs.go b/cipher/tripledes/cbc/funcs.go new file mode 100644 index 0000000..ad84cf3 --- /dev/null +++ b/cipher/tripledes/cbc/funcs.go @@ -0,0 +1,205 @@ +package cbc + +import ( + `bytes` + `io` + + `r00t2.io/sshkeys/cipher/aes` + `r00t2.io/sshkeys/cipher/aes/aes128` + `r00t2.io/sshkeys/internal` +) + +func (c *Cipher) Setup(key []byte) (err error) { + + // TODO + + return +} + +// Name returns the name as used in the key file bytes. +func (c *Cipher) Name() (name string) { + + name = Name + + return +} + +// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator. +func (c *Cipher) NameBytes() (name []byte) { + + var err error + + if name, err = internal.PackBytes(Name); err != nil { + return + } + + return +} + +// BlockSize returns the blocksize of this Cipher. +func (c *Cipher) BlockSize() (size int) { + + size = aes.BlockSize + + return +} + +// KdfKeySize returns the target key length from KDF to use with this Cipher. +func (c *Cipher) KdfKeySize() (size int) { + + size = aes128.KeySize + + return +} + +/* + Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b []byte + var cryptDst []byte + var padded *bytes.Reader + + if b, err = internal.SerializeData(data); err != nil { + return + } + + if padded, err = c.Pad(b); err != nil { + return + } + + b = make([]byte, padded.Len()) + if b, err = io.ReadAll(padded); err != nil { + return + } + + cryptDst = make([]byte, len(b)) + + // TODO + _ = cryptDst + + return +} + +/* + AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix. + + NOTE: Padding IS applied automatically. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) { + + var b *bytes.Reader + var buf *bytes.Buffer = new(bytes.Buffer) + var alloc []byte = make([]byte, 4) + + if b, err = c.Encrypt(data); err != nil { + return + } + if alloc, err = internal.PackBytes(b); err != nil { + return + } + + if _, err = buf.Write(alloc); err != nil { + return + } + if _, err = b.WriteTo(buf); err != nil { + return + } + + encrypted = bytes.NewReader(buf.Bytes()) + + return +} + +/* + Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary). + The resulting padded buffer is returned. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) { + + // TODO + + return +} + +/* + Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt. + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + var decryptDst []byte + + if b, err = internal.SerializeData(data); err != nil { + return + } + + decryptDst = make([]byte, len(b)) + + // TODO + _ = decryptDst + + return +} + +/* + AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix. + + Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix. + + NOTE: The decrypted data contains padding. It is up to the caller to remove/strip. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) { + + var b []byte + + if b, err = internal.UnpackBytes(data); err != nil { + return + } + if decrypted, err = c.Decrypt(b); err != nil { + return + } + + return +} + +/* + IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null). + + It will always return false. It is included for interface compatability. +*/ +func (c *Cipher) IsPlain() (plain bool) { + + plain = false + + return +} diff --git a/cipher/types.go b/cipher/types.go index c232bb6..b866645 100644 --- a/cipher/types.go +++ b/cipher/types.go @@ -5,6 +5,8 @@ import ( ) type Cipher interface { + // Setup initializes the Cipher with a given key. + Setup(key []byte) (err error) // Name returns the string form of the cipher name. Name() (name string) // NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in. @@ -13,8 +15,6 @@ type Cipher interface { BlockSize() (size int) // KdfKeySize returns the desired/needed key size for use with kdf.KDF. KdfKeySize() (size int) - // Setup initializes the Cipher with a given key. - Setup(key []byte) (err error) /* Encrypt takes plain data, either a: - string @@ -26,6 +26,16 @@ type Cipher interface { Encrypt(data interface{}) (encrypted *bytes.Reader, err error) // AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation. AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) + /* + Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification. + data can be one of either: + - string + - raw byte slice ([]byte or []uint8) + - single byte (byte or uint8) + - *bytes.Buffer + This is a prerequisite in some ciphers, and must be performed BEFORE encrypting. + */ + Pad(data interface{}) (paddedBuf *bytes.Reader, err error) /* Decrypt takes encrypted data, either a: - raw byte slice ([]byte or []uint8) @@ -37,14 +47,4 @@ type Cipher interface { AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) // IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed. IsPlain() (plain bool) - /* - Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification. - data can be one of either: - - string - - raw byte slice ([]byte or []uint8) - - single byte (byte or uint8) - - *bytes.Buffer - This is a prerequisite in some ciphers, and must be performed BEFORE encrypting. - */ - Pad(data interface{}) (paddedBuf *bytes.Reader, err error) } diff --git a/errs/errs.go b/errs/errs.go new file mode 100644 index 0000000..89669bd --- /dev/null +++ b/errs/errs.go @@ -0,0 +1,9 @@ +package errs + +import ( + "errors" +) + +var ( + ErrBadData = errors.New("unable to serialize/cast data into buffer; unknown or invalid data object") +) diff --git a/internal/utils.go b/internal/utils.go index 5a984a7..3edccbe 100644 --- a/internal/utils.go +++ b/internal/utils.go @@ -3,18 +3,15 @@ package internal import ( "bytes" "encoding/binary" + `io` + + `r00t2.io/sshkeys/errs` ) /* ReadSizeBytes returns a uint32 allocator for a given set of data for preparation of packing into bytes. - data can be one of: - - - string - - byte/uint8 - - []byte/[]uint8 - - *bytes.Buffer - - *bytes.Reader + See SerializeData for valid types for data. If pack is true, the original data will be appended to the returned allocated *bytes.Reader. @@ -26,41 +23,150 @@ func ReadSizeBytes(data interface{}, pack bool) (allocated *bytes.Reader, err er var b []byte var sizer = make([]byte, 4) - switch t := data.(type) { - case string: - b = []byte(t) - case byte: - // b = []byte{0x0, 0x0, 0x0, 0x1} - b = []byte{t} - case []byte: - b = t - case bytes.Buffer: - t2 := &t - b = t2.Bytes() - case *bytes.Buffer: - b = t.Bytes() - case bytes.Reader: - t2 := &t - b = make([]byte, t2.Len()) - if _, err = t2.Read(b); err != nil { - return - } - case *bytes.Reader: - b = make([]byte, t.Len()) - if _, err = t.Read(b); err != nil { - return - } + if b, err = SerializeData(data); err != nil { + return } u = uint32(len(b)) - binary.BigEndian.PutUint32(sizer, u) if !pack { + binary.BigEndian.PutUint32(sizer, u) allocated = bytes.NewReader(sizer) } else { - b = append(sizer, b...) + if b, err = PackBytes(b); err != nil { + return + } allocated = bytes.NewReader(b) } return } + +/* + PackBytes prefixes data with an allocator. + + See SerializeData for valid types for data. + + NOTE: If data is a *bytes.Reader, the bytes WILL be consumed within that reader. +*/ +func PackBytes(data interface{}) (b []byte, err error) { + + var dataBytes []byte + var size uint32 + + if dataBytes, err = SerializeData(data); err != nil { + return + } + + size = uint32(len(dataBytes)) + + b = make([]byte, size) + binary.BigEndian.PutUint32(b, size) + b = append(b, dataBytes...) + + return +} + +/* + UnpackBytes performs the opposite of PackBytes, reading an allocator and then reading ONLY the remaining bytes. + + NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. + + NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more. +*/ +func UnpackBytes(data interface{}) (unpacked []byte, err error) { + + var sizeBytes []byte = make([]byte, 4) + var u uint32 + + // We can't use SerializeData because it'll consume the entire data set. We don't want that. + switch t := data.(type) { + case []byte: + sizeBytes = t[:4] + u = binary.BigEndian.Uint32(sizeBytes) + unpacked = t[4:u] + case *bytes.Buffer: + sizeBytes = t.Next(4) + u = binary.BigEndian.Uint32(sizeBytes) + unpacked = t.Next(int(u)) + case bytes.Buffer: + t2 := &t + sizeBytes = t2.Next(4) + u = binary.BigEndian.Uint32(sizeBytes) + unpacked = t2.Next(int(u)) + case *bytes.Reader: + if _, err = t.Read(sizeBytes); err != nil { + return + } + u = binary.BigEndian.Uint32(sizeBytes) + unpacked = make([]byte, u) + if _, err = io.ReadFull(t, unpacked); err != nil { + return + } + case bytes.Reader: + t2 := &t + if _, err = t2.Read(sizeBytes); err != nil { + return + } + u = binary.BigEndian.Uint32(sizeBytes) + unpacked = make([]byte, u) + if _, err = io.ReadFull(t2, unpacked); err != nil { + return + } + default: + err = errs.ErrBadData + return + } + + return +} + +/* + SerializeData transforms one of the following types: + + - string + - []byte + - byte + - bytes.Buffer + - *bytes.Buffer + - bytes.Reader + - *bytes.Reader + + into a []byte. + + NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()). + + NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed. +*/ +func SerializeData(data interface{}) (b []byte, err error) { + + switch t := data.(type) { + case string: + b = []byte(t) + case byte: + b = []byte{t} + case []byte: + b = t + case *bytes.Buffer: + b = t.Bytes() + case bytes.Buffer: + t2 := &t + b = t2.Bytes() + case *bytes.Reader: + b = make([]byte, t.Len()) + if b, err = io.ReadAll(t); err != nil { + return + } + case bytes.Reader: + t2 := &t + b = make([]byte, t2.Len()) + if b, err = io.ReadAll(t2); err != nil { + return + } + default: + err = errs.ErrBadData + return + } + + return +} diff --git a/types/ed25519/consts.go b/keytypes/ed25519/consts.go similarity index 100% rename from types/ed25519/consts.go rename to keytypes/ed25519/consts.go diff --git a/types/ed25519/funcs.go b/keytypes/ed25519/funcs.go similarity index 100% rename from types/ed25519/funcs.go rename to keytypes/ed25519/funcs.go diff --git a/types/ed25519/types.go b/keytypes/ed25519/types.go similarity index 89% rename from types/ed25519/types.go rename to keytypes/ed25519/types.go index 535f8bb..7538a18 100644 --- a/types/ed25519/types.go +++ b/keytypes/ed25519/types.go @@ -3,13 +3,14 @@ package ed25519 import ( `crypto/ed25519` + `r00t2.io/sshkeys/cipher` `r00t2.io/sshkeys/kdf` ) // Key is an ed25519 OpenSSH key. type Key struct { KeyPairs []*Keypair `xml:"keypairs" json:"keypairs" yaml:"Keypairs"` - Cipher string // TODO: (sshkeys/cipher).Cipher + Cipher cipher.Cipher KDF kdf.KDF } diff --git a/keytypes/types.go b/keytypes/types.go new file mode 100644 index 0000000..23ab4c5 --- /dev/null +++ b/keytypes/types.go @@ -0,0 +1,9 @@ +package keytypes + +// Key contains at least one keytypes.KeyPair, a cipher.Cipher, and a kdf.KDF. +type Key interface { +} + +// KeyPair contains a private key component, public key component, and comment. +type KeyPair interface { +}