stubbed out cipher funcs
This commit is contained in:
parent
ff3f8243d1
commit
5da1bbcd11
5
TODO
5
TODO
@ -4,3 +4,8 @@
|
||||
--- ssh-rsa (sha1), rsa-sha2-256, rsa-sha2-512 (new default)
|
||||
- ciphers:
|
||||
-- 3des-cbc, aes128-cbc, aes192-cbc, aes256-cbc, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com, chacha20-poly1305@openssh.com
|
||||
|
||||
provide marshal, unmarshal for keytypes/* keys.
|
||||
https://golangexample.com/encode-and-decode-binary-message-and-file-formats-in-go/ (?)
|
||||
|
||||
create separate package, go_sshdh
|
||||
|
@ -734,7 +734,7 @@ pre.rouge {
|
||||
<h1>OpenSSH Key Structure Guide</h1>
|
||||
<div class="details">
|
||||
<span id="author" class="author">brent saner <bts@square-r00t.net>, https://r00t2.io</span><br>
|
||||
<span id="revdate">Last updated 2022-04-25 04:27:24 -0400</span>
|
||||
<span id="revdate">Last updated 2022-04-28 05:18:26 -0400</span>
|
||||
</div>
|
||||
<div id="toc" class="toc2">
|
||||
<div id="toctitle">Table of Contents</div>
|
||||
|
205
cipher/aes/aes128/cbc/funcs.go
Normal file
205
cipher/aes/aes128/cbc/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package cbc
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
18
cipher/aes/aes128/cbc/types.go
Normal file
18
cipher/aes/aes128/cbc/types.go
Normal file
@ -0,0 +1,18 @@
|
||||
package cbc
|
||||
|
||||
import (
|
||||
`crypto/cipher`
|
||||
)
|
||||
|
||||
// Cipher is an AES128-CBC cipher.Cipher.
|
||||
type Cipher struct {
|
||||
// key contains the encryption key.
|
||||
key []byte
|
||||
// iv contains the IV, or initialization vector.
|
||||
iv []byte
|
||||
/*
|
||||
cryptBlock contains the block encryptor.
|
||||
CBC is a block (all at once) encryption mode.
|
||||
*/
|
||||
cryptBlock cipher.Block
|
||||
}
|
@ -1,10 +1,10 @@
|
||||
package aes128
|
||||
|
||||
import (
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
sshAES `r00t2.io/sshkeys/cipher/aes`
|
||||
)
|
||||
|
||||
const (
|
||||
KeySize int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16
|
||||
KdfKeySize int = KeySize + aes.IvSize
|
||||
KdfKeySize int = KeySize + sshAES.IvSize
|
||||
)
|
||||
|
205
cipher/aes/aes128/ctr/funcs.go
Normal file
205
cipher/aes/aes128/ctr/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package ctr
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes128/gcm/funcs.go
Normal file
205
cipher/aes/aes128/gcm/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package gcm
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes192/cbc/funcs.go
Normal file
205
cipher/aes/aes192/cbc/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package cbc
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes192/ctr/funcs.go
Normal file
205
cipher/aes/aes192/ctr/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package ctr
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes192/gcm/funcs.go
Normal file
205
cipher/aes/aes192/gcm/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package gcm
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes256/cbc/funcs.go
Normal file
205
cipher/aes/aes256/cbc/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package cbc
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes256/ctr/funcs.go
Normal file
205
cipher/aes/aes256/ctr/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package ctr
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/aes/aes256/gcm/funcs.go
Normal file
205
cipher/aes/aes256/gcm/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package gcm
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/chacha20/poly1305/funcs.go
Normal file
205
cipher/chacha20/poly1305/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package poly1305
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/null/funcs.go
Normal file
205
cipher/null/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package null
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
205
cipher/tripledes/cbc/funcs.go
Normal file
205
cipher/tripledes/cbc/funcs.go
Normal file
@ -0,0 +1,205 @@
|
||||
package cbc
|
||||
|
||||
import (
|
||||
`bytes`
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/cipher/aes`
|
||||
`r00t2.io/sshkeys/cipher/aes/aes128`
|
||||
`r00t2.io/sshkeys/internal`
|
||||
)
|
||||
|
||||
func (c *Cipher) Setup(key []byte) (err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// Name returns the name as used in the key file bytes.
|
||||
func (c *Cipher) Name() (name string) {
|
||||
|
||||
name = Name
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
|
||||
func (c *Cipher) NameBytes() (name []byte) {
|
||||
|
||||
var err error
|
||||
|
||||
if name, err = internal.PackBytes(Name); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// BlockSize returns the blocksize of this Cipher.
|
||||
func (c *Cipher) BlockSize() (size int) {
|
||||
|
||||
size = aes.BlockSize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
// KdfKeySize returns the target key length from KDF to use with this Cipher.
|
||||
func (c *Cipher) KdfKeySize() (size int) {
|
||||
|
||||
size = aes128.KeySize
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var cryptDst []byte
|
||||
var padded *bytes.Reader
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if padded, err = c.Pad(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
b = make([]byte, padded.Len())
|
||||
if b, err = io.ReadAll(padded); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
cryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = cryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
|
||||
|
||||
NOTE: Padding IS applied automatically.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
|
||||
|
||||
var b *bytes.Reader
|
||||
var buf *bytes.Buffer = new(bytes.Buffer)
|
||||
var alloc []byte = make([]byte, 4)
|
||||
|
||||
if b, err = c.Encrypt(data); err != nil {
|
||||
return
|
||||
}
|
||||
if alloc, err = internal.PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
if _, err = buf.Write(alloc); err != nil {
|
||||
return
|
||||
}
|
||||
if _, err = b.WriteTo(buf); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
encrypted = bytes.NewReader(buf.Bytes())
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
|
||||
The resulting padded buffer is returned.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
|
||||
|
||||
// TODO
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
var decryptDst []byte
|
||||
|
||||
if b, err = internal.SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
decryptDst = make([]byte, len(b))
|
||||
|
||||
// TODO
|
||||
_ = decryptDst
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
|
||||
|
||||
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
|
||||
|
||||
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
|
||||
|
||||
var b []byte
|
||||
|
||||
if b, err = internal.UnpackBytes(data); err != nil {
|
||||
return
|
||||
}
|
||||
if decrypted, err = c.Decrypt(b); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
|
||||
|
||||
It will always return false. It is included for interface compatability.
|
||||
*/
|
||||
func (c *Cipher) IsPlain() (plain bool) {
|
||||
|
||||
plain = false
|
||||
|
||||
return
|
||||
}
|
@ -5,6 +5,8 @@ import (
|
||||
)
|
||||
|
||||
type Cipher interface {
|
||||
// Setup initializes the Cipher with a given key.
|
||||
Setup(key []byte) (err error)
|
||||
// Name returns the string form of the cipher name.
|
||||
Name() (name string)
|
||||
// NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in.
|
||||
@ -13,8 +15,6 @@ type Cipher interface {
|
||||
BlockSize() (size int)
|
||||
// KdfKeySize returns the desired/needed key size for use with kdf.KDF.
|
||||
KdfKeySize() (size int)
|
||||
// Setup initializes the Cipher with a given key.
|
||||
Setup(key []byte) (err error)
|
||||
/*
|
||||
Encrypt takes plain data, either a:
|
||||
- string
|
||||
@ -26,6 +26,16 @@ type Cipher interface {
|
||||
Encrypt(data interface{}) (encrypted *bytes.Reader, err error)
|
||||
// AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation.
|
||||
AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error)
|
||||
/*
|
||||
Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
|
||||
data can be one of either:
|
||||
- string
|
||||
- raw byte slice ([]byte or []uint8)
|
||||
- single byte (byte or uint8)
|
||||
- *bytes.Buffer
|
||||
This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
|
||||
*/
|
||||
Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
|
||||
/*
|
||||
Decrypt takes encrypted data, either a:
|
||||
- raw byte slice ([]byte or []uint8)
|
||||
@ -37,14 +47,4 @@ type Cipher interface {
|
||||
AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error)
|
||||
// IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed.
|
||||
IsPlain() (plain bool)
|
||||
/*
|
||||
Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
|
||||
data can be one of either:
|
||||
- string
|
||||
- raw byte slice ([]byte or []uint8)
|
||||
- single byte (byte or uint8)
|
||||
- *bytes.Buffer
|
||||
This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
|
||||
*/
|
||||
Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
|
||||
}
|
||||
|
9
errs/errs.go
Normal file
9
errs/errs.go
Normal file
@ -0,0 +1,9 @@
|
||||
package errs
|
||||
|
||||
import (
|
||||
"errors"
|
||||
)
|
||||
|
||||
var (
|
||||
ErrBadData = errors.New("unable to serialize/cast data into buffer; unknown or invalid data object")
|
||||
)
|
@ -3,18 +3,15 @@ package internal
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/binary"
|
||||
`io`
|
||||
|
||||
`r00t2.io/sshkeys/errs`
|
||||
)
|
||||
|
||||
/*
|
||||
ReadSizeBytes returns a uint32 allocator for a given set of data for preparation of packing into bytes.
|
||||
|
||||
data can be one of:
|
||||
|
||||
- string
|
||||
- byte/uint8
|
||||
- []byte/[]uint8
|
||||
- *bytes.Buffer
|
||||
- *bytes.Reader
|
||||
See SerializeData for valid types for data.
|
||||
|
||||
If pack is true, the original data will be appended to the returned allocated *bytes.Reader.
|
||||
|
||||
@ -26,41 +23,150 @@ func ReadSizeBytes(data interface{}, pack bool) (allocated *bytes.Reader, err er
|
||||
var b []byte
|
||||
var sizer = make([]byte, 4)
|
||||
|
||||
switch t := data.(type) {
|
||||
case string:
|
||||
b = []byte(t)
|
||||
case byte:
|
||||
// b = []byte{0x0, 0x0, 0x0, 0x1}
|
||||
b = []byte{t}
|
||||
case []byte:
|
||||
b = t
|
||||
case bytes.Buffer:
|
||||
t2 := &t
|
||||
b = t2.Bytes()
|
||||
case *bytes.Buffer:
|
||||
b = t.Bytes()
|
||||
case bytes.Reader:
|
||||
t2 := &t
|
||||
b = make([]byte, t2.Len())
|
||||
if _, err = t2.Read(b); err != nil {
|
||||
return
|
||||
}
|
||||
case *bytes.Reader:
|
||||
b = make([]byte, t.Len())
|
||||
if _, err = t.Read(b); err != nil {
|
||||
return
|
||||
}
|
||||
if b, err = SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
u = uint32(len(b))
|
||||
|
||||
binary.BigEndian.PutUint32(sizer, u)
|
||||
if !pack {
|
||||
binary.BigEndian.PutUint32(sizer, u)
|
||||
allocated = bytes.NewReader(sizer)
|
||||
} else {
|
||||
b = append(sizer, b...)
|
||||
if b, err = PackBytes(b); err != nil {
|
||||
return
|
||||
}
|
||||
allocated = bytes.NewReader(b)
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
PackBytes prefixes data with an allocator.
|
||||
|
||||
See SerializeData for valid types for data.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, the bytes WILL be consumed within that reader.
|
||||
*/
|
||||
func PackBytes(data interface{}) (b []byte, err error) {
|
||||
|
||||
var dataBytes []byte
|
||||
var size uint32
|
||||
|
||||
if dataBytes, err = SerializeData(data); err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
size = uint32(len(dataBytes))
|
||||
|
||||
b = make([]byte, size)
|
||||
binary.BigEndian.PutUint32(b, size)
|
||||
b = append(b, dataBytes...)
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
UnpackBytes performs the opposite of PackBytes, reading an allocator and then reading ONLY the remaining bytes.
|
||||
|
||||
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
|
||||
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
|
||||
*/
|
||||
func UnpackBytes(data interface{}) (unpacked []byte, err error) {
|
||||
|
||||
var sizeBytes []byte = make([]byte, 4)
|
||||
var u uint32
|
||||
|
||||
// We can't use SerializeData because it'll consume the entire data set. We don't want that.
|
||||
switch t := data.(type) {
|
||||
case []byte:
|
||||
sizeBytes = t[:4]
|
||||
u = binary.BigEndian.Uint32(sizeBytes)
|
||||
unpacked = t[4:u]
|
||||
case *bytes.Buffer:
|
||||
sizeBytes = t.Next(4)
|
||||
u = binary.BigEndian.Uint32(sizeBytes)
|
||||
unpacked = t.Next(int(u))
|
||||
case bytes.Buffer:
|
||||
t2 := &t
|
||||
sizeBytes = t2.Next(4)
|
||||
u = binary.BigEndian.Uint32(sizeBytes)
|
||||
unpacked = t2.Next(int(u))
|
||||
case *bytes.Reader:
|
||||
if _, err = t.Read(sizeBytes); err != nil {
|
||||
return
|
||||
}
|
||||
u = binary.BigEndian.Uint32(sizeBytes)
|
||||
unpacked = make([]byte, u)
|
||||
if _, err = io.ReadFull(t, unpacked); err != nil {
|
||||
return
|
||||
}
|
||||
case bytes.Reader:
|
||||
t2 := &t
|
||||
if _, err = t2.Read(sizeBytes); err != nil {
|
||||
return
|
||||
}
|
||||
u = binary.BigEndian.Uint32(sizeBytes)
|
||||
unpacked = make([]byte, u)
|
||||
if _, err = io.ReadFull(t2, unpacked); err != nil {
|
||||
return
|
||||
}
|
||||
default:
|
||||
err = errs.ErrBadData
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
||||
/*
|
||||
SerializeData transforms one of the following types:
|
||||
|
||||
- string
|
||||
- []byte
|
||||
- byte
|
||||
- bytes.Buffer
|
||||
- *bytes.Buffer
|
||||
- bytes.Reader
|
||||
- *bytes.Reader
|
||||
|
||||
into a []byte.
|
||||
|
||||
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
|
||||
|
||||
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
|
||||
*/
|
||||
func SerializeData(data interface{}) (b []byte, err error) {
|
||||
|
||||
switch t := data.(type) {
|
||||
case string:
|
||||
b = []byte(t)
|
||||
case byte:
|
||||
b = []byte{t}
|
||||
case []byte:
|
||||
b = t
|
||||
case *bytes.Buffer:
|
||||
b = t.Bytes()
|
||||
case bytes.Buffer:
|
||||
t2 := &t
|
||||
b = t2.Bytes()
|
||||
case *bytes.Reader:
|
||||
b = make([]byte, t.Len())
|
||||
if b, err = io.ReadAll(t); err != nil {
|
||||
return
|
||||
}
|
||||
case bytes.Reader:
|
||||
t2 := &t
|
||||
b = make([]byte, t2.Len())
|
||||
if b, err = io.ReadAll(t2); err != nil {
|
||||
return
|
||||
}
|
||||
default:
|
||||
err = errs.ErrBadData
|
||||
return
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
@ -3,13 +3,14 @@ package ed25519
|
||||
import (
|
||||
`crypto/ed25519`
|
||||
|
||||
`r00t2.io/sshkeys/cipher`
|
||||
`r00t2.io/sshkeys/kdf`
|
||||
)
|
||||
|
||||
// Key is an ed25519 OpenSSH key.
|
||||
type Key struct {
|
||||
KeyPairs []*Keypair `xml:"keypairs" json:"keypairs" yaml:"Keypairs"`
|
||||
Cipher string // TODO: (sshkeys/cipher).Cipher
|
||||
Cipher cipher.Cipher
|
||||
KDF kdf.KDF
|
||||
}
|
||||
|
9
keytypes/types.go
Normal file
9
keytypes/types.go
Normal file
@ -0,0 +1,9 @@
|
||||
package keytypes
|
||||
|
||||
// Key contains at least one keytypes.KeyPair, a cipher.Cipher, and a kdf.KDF.
|
||||
type Key interface {
|
||||
}
|
||||
|
||||
// KeyPair contains a private key component, public key component, and comment.
|
||||
type KeyPair interface {
|
||||
}
|
Loading…
Reference in New Issue
Block a user