r00t2/go_sshkeys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

stubbed out cipher funcs

Browse Source
This commit is contained in:
brent s. 2022-04-28 05:18:25 -04:00
parent ff3f8243d1
commit 5da1bbcd11
Signed by: bts
GPG Key ID: 8C004C2F93481F6B
23 changed files with 2657 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
TODO
View File

@ -4,3 +4,8 @@
--- ssh-rsa (sha1), rsa-sha2-256, rsa-sha2-512 (new default) --- ssh-rsa (sha1), rsa-sha2-256, rsa-sha2-512 (new default)
- ciphers: - ciphers:
-- 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com -- 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com

provide marshal, unmarshal for keytypes/* keys.
https://golangexample.com/encode-and-decode-binary-message-and-file-formats-in-go/ (?)

create separate package, go_sshdh

2
_ref/KEY_GUIDE.html
View File

@ -734,7 +734,7 @@ pre.rouge {
<h1>OpenSSH Key Structure Guide</h1> <h1>OpenSSH Key Structure Guide</h1>
<div class="details"> <div class="details">
<span id="author" class="author">brent saner &lt;bts@square-r00t.net&gt;, https://r00t2.io</span><br> <span id="author" class="author">brent saner &lt;bts@square-r00t.net&gt;, https://r00t2.io</span><br>
<span id="revdate">Last updated 2022-04-25 04:27:24 -0400</span> <span id="revdate">Last updated 2022-04-28 05:18:26 -0400</span>
</div> </div>
<div id="toc" class="toc2"> <div id="toc" class="toc2">
<div id="toctitle">Table of Contents</div> <div id="toctitle">Table of Contents</div>

205
cipher/aes/aes128/cbc/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package cbc

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

18
cipher/aes/aes128/cbc/types.go Normal file
View File

@ -0,0 +1,18 @@
package cbc

import (
`crypto/cipher`
)

// Cipher is an AES128-CBC cipher.Cipher.
type Cipher struct {
// key contains the encryption key.
key []byte
// iv contains the IV, or initialization vector.
iv []byte
/*
cryptBlock contains the block encryptor.
CBC is a block (all at once) encryption mode.
*/
cryptBlock cipher.Block
}

4
cipher/aes/aes128/consts.go
View File

@ -1,10 +1,10 @@
package aes128 package aes128


import ( import (
`r00t2.io/sshkeys/cipher/aes` sshAES `r00t2.io/sshkeys/cipher/aes`
) )


const ( const (
KeySize int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16 KeySize int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16
KdfKeySize int = KeySize + aes.IvSize KdfKeySize int = KeySize + sshAES.IvSize
) )

205
cipher/aes/aes128/ctr/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package ctr

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes128/gcm/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package gcm

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes192/cbc/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package cbc

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes192/ctr/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package ctr

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes192/gcm/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package gcm

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes256/cbc/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package cbc

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes256/ctr/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package ctr

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/aes/aes256/gcm/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package gcm

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/chacha20/poly1305/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package poly1305

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/null/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package null

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

205
cipher/tripledes/cbc/funcs.go Normal file
View File

@ -0,0 +1,205 @@
package cbc

import (
`bytes`
`io`

`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)

func (c *Cipher) Setup(key []byte) (err error) {

// TODO

return
}

// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {

name = Name

return
}

// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {

var err error

if name, err = internal.PackBytes(Name); err != nil {
return
}

return
}

// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {

size = aes.BlockSize

return
}

// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {

size = aes128.KeySize

return
}

/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b []byte
var cryptDst []byte
var padded *bytes.Reader

if b, err = internal.SerializeData(data); err != nil {
return
}

if padded, err = c.Pad(b); err != nil {
return
}

b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}

cryptDst = make([]byte, len(b))

// TODO
_ = cryptDst

return
}

/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.

NOTE: Padding IS applied automatically.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {

var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)

if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}

if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}

encrypted = bytes.NewReader(buf.Bytes())

return
}

/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {

// TODO

return
}

/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte
var decryptDst []byte

if b, err = internal.SerializeData(data); err != nil {
return
}

decryptDst = make([]byte, len(b))

// TODO
_ = decryptDst

return
}

/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.

Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.

NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {

var b []byte

if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}

return
}

/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).

It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {

plain = false

return
}

24
cipher/types.go
View File

@ -5,6 +5,8 @@ import (
) )


type Cipher interface { type Cipher interface {
// Setup initializes the Cipher with a given key.
Setup(key []byte) (err error)
// Name returns the string form of the cipher name. // Name returns the string form of the cipher name.
Name() (name string) Name() (name string)
// NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in. // NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in.
@ -13,8 +15,6 @@ type Cipher interface {
BlockSize() (size int) BlockSize() (size int)
// KdfKeySize returns the desired/needed key size for use with kdf.KDF. // KdfKeySize returns the desired/needed key size for use with kdf.KDF.
KdfKeySize() (size int) KdfKeySize() (size int)
// Setup initializes the Cipher with a given key.
Setup(key []byte) (err error)
/* /*
Encrypt takes plain data, either a: Encrypt takes plain data, either a:
- string - string
@ -26,6 +26,16 @@ type Cipher interface {
Encrypt(data interface{}) (encrypted *bytes.Reader, err error) Encrypt(data interface{}) (encrypted *bytes.Reader, err error)
// AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation. // AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation.
AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error)
/*
Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
data can be one of either:
- string
- raw byte slice ([]byte or []uint8)
- single byte (byte or uint8)
- *bytes.Buffer
This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
*/
Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
/* /*
Decrypt takes encrypted data, either a: Decrypt takes encrypted data, either a:
- raw byte slice ([]byte or []uint8) - raw byte slice ([]byte or []uint8)
@ -37,14 +47,4 @@ type Cipher interface {
AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error)
// IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed. // IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed.
IsPlain() (plain bool) IsPlain() (plain bool)
/*
Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
data can be one of either:
- string
- raw byte slice ([]byte or []uint8)
- single byte (byte or uint8)
- *bytes.Buffer
This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
*/
Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
} }

9
errs/errs.go Normal file
View File

@ -0,0 +1,9 @@
package errs

import (
"errors"
)

var (
ErrBadData = errors.New("unable to serialize/cast data into buffer; unknown or invalid data object")
)

172
internal/utils.go
View File

@ -3,18 +3,15 @@ package internal
import ( import (
"bytes" "bytes"
"encoding/binary" "encoding/binary"
`io`

`r00t2.io/sshkeys/errs`
) )


/* /*
ReadSizeBytes returns a uint32 allocator for a given set of data for preparation of packing into bytes. ReadSizeBytes returns a uint32 allocator for a given set of data for preparation of packing into bytes.


data can be one of: See SerializeData for valid types for data.

- string
- byte/uint8
- []byte/[]uint8
- *bytes.Buffer
- *bytes.Reader


If pack is true, the original data will be appended to the returned allocated *bytes.Reader. If pack is true, the original data will be appended to the returned allocated *bytes.Reader.


@ -26,41 +23,150 @@ func ReadSizeBytes(data interface{}, pack bool) (allocated *bytes.Reader, err er
var b []byte var b []byte
var sizer = make([]byte, 4) var sizer = make([]byte, 4)


switch t := data.(type) { if b, err = SerializeData(data); err != nil {
case string: return
b = []byte(t)
case byte:
// b = []byte{0x0, 0x0, 0x0, 0x1}
b = []byte{t}
case []byte:
b = t
case bytes.Buffer:
t2 := &t
b = t2.Bytes()
case *bytes.Buffer:
b = t.Bytes()
case bytes.Reader:
t2 := &t
b = make([]byte, t2.Len())
if _, err = t2.Read(b); err != nil {
return
}
case *bytes.Reader:
b = make([]byte, t.Len())
if _, err = t.Read(b); err != nil {
return
}
} }


u = uint32(len(b)) u = uint32(len(b))


binary.BigEndian.PutUint32(sizer, u)
if !pack { if !pack {
binary.BigEndian.PutUint32(sizer, u)
allocated = bytes.NewReader(sizer) allocated = bytes.NewReader(sizer)
} else { } else {
b = append(sizer, b...) if b, err = PackBytes(b); err != nil {
return
}
allocated = bytes.NewReader(b) allocated = bytes.NewReader(b)
} }


return return
} }

/*
PackBytes prefixes data with an allocator.

See SerializeData for valid types for data.

NOTE: If data is a *bytes.Reader, the bytes WILL be consumed within that reader.
*/
func PackBytes(data interface{}) (b []byte, err error) {

var dataBytes []byte
var size uint32

if dataBytes, err = SerializeData(data); err != nil {
return
}

size = uint32(len(dataBytes))

b = make([]byte, size)
binary.BigEndian.PutUint32(b, size)
b = append(b, dataBytes...)

return
}

/*
UnpackBytes performs the opposite of PackBytes, reading an allocator and then reading ONLY the remaining bytes.

NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.

NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func UnpackBytes(data interface{}) (unpacked []byte, err error) {

var sizeBytes []byte = make([]byte, 4)
var u uint32

// We can't use SerializeData because it'll consume the entire data set. We don't want that.
switch t := data.(type) {
case []byte:
sizeBytes = t[:4]
u = binary.BigEndian.Uint32(sizeBytes)
unpacked = t[4:u]
case *bytes.Buffer:
sizeBytes = t.Next(4)
u = binary.BigEndian.Uint32(sizeBytes)
unpacked = t.Next(int(u))
case bytes.Buffer:
t2 := &t
sizeBytes = t2.Next(4)
u = binary.BigEndian.Uint32(sizeBytes)
unpacked = t2.Next(int(u))
case *bytes.Reader:
if _, err = t.Read(sizeBytes); err != nil {
return
}
u = binary.BigEndian.Uint32(sizeBytes)
unpacked = make([]byte, u)
if _, err = io.ReadFull(t, unpacked); err != nil {
return
}
case bytes.Reader:
t2 := &t
if _, err = t2.Read(sizeBytes); err != nil {
return
}
u = binary.BigEndian.Uint32(sizeBytes)
unpacked = make([]byte, u)
if _, err = io.ReadFull(t2, unpacked); err != nil {
return
}
default:
err = errs.ErrBadData
return
}

return
}

/*
SerializeData transforms one of the following types:

- string
- []byte
- byte
- bytes.Buffer
- *bytes.Buffer
- bytes.Reader
- *bytes.Reader

into a []byte.

NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).

NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func SerializeData(data interface{}) (b []byte, err error) {

switch t := data.(type) {
case string:
b = []byte(t)
case byte:
b = []byte{t}
case []byte:
b = t
case *bytes.Buffer:
b = t.Bytes()
case bytes.Buffer:
t2 := &t
b = t2.Bytes()
case *bytes.Reader:
b = make([]byte, t.Len())
if b, err = io.ReadAll(t); err != nil {
return
}
case bytes.Reader:
t2 := &t
b = make([]byte, t2.Len())
if b, err = io.ReadAll(t2); err != nil {
return
}
default:
err = errs.ErrBadData
return
}

return
}

0
types/ed25519/consts.go → keytypes/ed25519/consts.go
View File

0
types/ed25519/funcs.go → keytypes/ed25519/funcs.go
View File

3
types/ed25519/types.go → keytypes/ed25519/types.go
View File

@ -3,13 +3,14 @@ package ed25519
import ( import (
`crypto/ed25519` `crypto/ed25519`


`r00t2.io/sshkeys/cipher`
`r00t2.io/sshkeys/kdf` `r00t2.io/sshkeys/kdf`
) )


// Key is an ed25519 OpenSSH key. // Key is an ed25519 OpenSSH key.
type Key struct { type Key struct {
KeyPairs []*Keypair `xml:"keypairs" json:"keypairs" yaml:"Keypairs"` KeyPairs []*Keypair `xml:"keypairs" json:"keypairs" yaml:"Keypairs"`
Cipher string // TODO: (sshkeys/cipher).Cipher Cipher cipher.Cipher
KDF kdf.KDF KDF kdf.KDF
} }


9
keytypes/types.go Normal file
View File

@ -0,0 +1,9 @@
package keytypes

// Key contains at least one keytypes.KeyPair, a cipher.Cipher, and a kdf.KDF.
type Key interface {
}

// KeyPair contains a private key component, public key component, and comment.
type KeyPair interface {
}