stubbing out keygen funcs
This commit is contained in:
parent
ff9fbdab69
commit
1624740118
9
const.go
9
const.go
@ -1,7 +1,14 @@
|
|||||||
package sshsecure
|
package sshsecure
|
||||||
|
|
||||||
|
import (
|
||||||
|
"git.square-r00t.net/sshsecure/sshkeys"
|
||||||
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
RoundsDefUser uint = 100
|
RoundsDefUser uint = 100
|
||||||
RoundsDefHost uint = 0 // 0 = Default rounds
|
RoundsDefHost uint = 100
|
||||||
RSABitSize uint = 4096
|
RSABitSize uint = 4096
|
||||||
|
DefKeyType string = sshkeys.KEY_ED25519
|
||||||
|
DefCipher string = sshkeys.CIPHER_AES256_CTR
|
||||||
|
DefKDF string = sshkeys.KDF_BCRYPT
|
||||||
)
|
)
|
@ -7,16 +7,24 @@ const (
|
|||||||
|
|
||||||
// Cipher names. I believe only AES256-CTR is supported upstream currently.
|
// Cipher names. I believe only AES256-CTR is supported upstream currently.
|
||||||
const (
|
const (
|
||||||
CIPHER_AES256_CTR = "aes256-ctr"
|
CIPHER_NULL string = "none"
|
||||||
|
CIPHER_AES256_CTR string = "aes256-ctr"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var allowed_ciphers = [...]string{CIPHER_NULL, CIPHER_AES256_CTR}
|
||||||
|
|
||||||
// Key types.
|
// Key types.
|
||||||
const (
|
const (
|
||||||
KEY_ED25519 string = "ssh-ed25519"
|
KEY_ED25519 string = "ssh-ed25519"
|
||||||
KEY_RSA string = "ssh-rsa"
|
KEY_RSA string = "ssh-rsa"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var allowed_keytypes = [...]string{KEY_ED25519, KEY_RSA}
|
||||||
|
|
||||||
// KDF names. I believe only bcrypt is supported upstream currently.
|
// KDF names. I believe only bcrypt is supported upstream currently.
|
||||||
const (
|
const (
|
||||||
|
KDF_NULL string = "none"
|
||||||
KDF_BCRYPT string = "bcrypt"
|
KDF_BCRYPT string = "bcrypt"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var allowed_kdfnames = [...]string{KDF_NULL, KDF_BCRYPT}
|
||||||
|
@ -1,22 +1,47 @@
|
|||||||
package sshkeys
|
package sshkeys
|
||||||
|
|
||||||
func (k *EncryptedSSHKeyV1) GeneratePrivate(keyType uint8) error {
|
import (
|
||||||
|
"errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
func genPrivKey(cipherAlgo string, kdf string, salt []byte, rounds uint32) ([]byte, error) {
|
||||||
|
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func genPubKey(privKey *[]byte) ([]byte, error) {
|
||||||
|
|
||||||
|
return nil, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *EncryptedSSHKeyV1) GeneratePrivate(force bool) error {
|
||||||
|
if k.Passphrase == "" {
|
||||||
|
return errors.New("cannot use encrypted key with empty passphrase")
|
||||||
|
}
|
||||||
|
if k.PrivateKeys != nil && !force {
|
||||||
|
return nil // Already generated.
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *EncryptedSSHKeyV1) GeneratePublic(keyType uint8) error {
|
func (k *EncryptedSSHKeyV1) GeneratePublic(force bool) error {
|
||||||
if err := k.GeneratePrivate(keyType); err != nil {
|
if err := k.GeneratePrivate(force); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (k *SSHKeyV1) GeneratePrivate(force bool) error {
|
||||||
|
if k.PrivateKeys != nil && !force {
|
||||||
|
return nil // Already generated.
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (k *SSHKeyV1) GeneratePrivate(keyType uint8) error {
|
func (k *SSHKeyV1) GeneratePublic(force bool) error {
|
||||||
return nil
|
if err := k.GeneratePrivate(force); err != nil {
|
||||||
}
|
|
||||||
|
|
||||||
func (k *SSHKeyV1) GeneratePublic(keyType uint8) error {
|
|
||||||
if err := k.GeneratePrivate(keyType); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
The following uses the bcrypt encryption. The passphrase is "test".
|
The following uses the aes256-ctr/bcrypt encryption. The passphrase is "test".
|
||||||
|
|
||||||
The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"
|
The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----"
|
||||||
and the footer "-----END OPENSSH PRIVATE KEY-----".
|
and the footer "-----END OPENSSH PRIVATE KEY-----".
|
||||||
@ -54,7 +54,7 @@ ANNOTATED HEX:
|
|||||||
4.0.0.1 00000020 (32)
|
4.0.0.1 00000020 (32)
|
||||||
4.0.0.1.0 bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 (bytes)
|
4.0.0.1.0 bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 (bytes)
|
||||||
4.0.1 000000a0 (160)
|
4.0.1 000000a0 (160)
|
||||||
4.0.1 (AES256-CBC encrypted block) (bytes)
|
4.0.1 (AES256-CTR encrypted block) (bytes)
|
||||||
c49777cd0d1a7d37db77a1814991278f8ce99d57
|
c49777cd0d1a7d37db77a1814991278f8ce99d57
|
||||||
2e2c666b93b99867425c60da4652fddb85550985
|
2e2c666b93b99867425c60da4652fddb85550985
|
||||||
32b51beeee2959f9db5cf5a0905052720c5de25f
|
32b51beeee2959f9db5cf5a0905052720c5de25f
|
||||||
|
@ -3,6 +3,8 @@ package sshkeys
|
|||||||
// EncryptedSSHKeyV1 represents an encrypted private key.
|
// EncryptedSSHKeyV1 represents an encrypted private key.
|
||||||
type EncryptedSSHKeyV1 struct {
|
type EncryptedSSHKeyV1 struct {
|
||||||
SSHKeyV1
|
SSHKeyV1
|
||||||
|
CipherName string
|
||||||
|
KDFName string
|
||||||
KDFOpts SSHKDFOpts
|
KDFOpts SSHKDFOpts
|
||||||
Passphrase string
|
Passphrase string
|
||||||
}
|
}
|
||||||
@ -18,9 +20,6 @@ type SSHKDFOpts struct {
|
|||||||
// Patch your shit.
|
// Patch your shit.
|
||||||
type SSHKeyV1 struct {
|
type SSHKeyV1 struct {
|
||||||
Magic string
|
Magic string
|
||||||
CipherName string
|
|
||||||
KDFName string
|
|
||||||
KDFOpts SSHKDFOpts
|
|
||||||
PublicKeys []SSHPubKey
|
PublicKeys []SSHPubKey
|
||||||
PrivateKeys []SSHPrivKey
|
PrivateKeys []SSHPrivKey
|
||||||
}
|
}
|
||||||
@ -34,4 +33,6 @@ type SSHPubKey struct {
|
|||||||
// SSHPrivKey contains the Private key of an SSH Keypair.
|
// SSHPrivKey contains the Private key of an SSH Keypair.
|
||||||
type SSHPrivKey struct {
|
type SSHPrivKey struct {
|
||||||
PublicKey *SSHPubKey
|
PublicKey *SSHPubKey
|
||||||
|
Checksum uint32
|
||||||
|
Comment string
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user