From ff9fbdab6967ed27b7cb95ae3f716a8c36f8986e Mon Sep 17 00:00:00 2001 From: brent s Date: Fri, 11 Sep 2020 23:53:55 -0400 Subject: [PATCH] update format spec, working on better structs --- sshkeys/const.go | 16 +++++++++++++--- sshkeys/ref/format | 2 +- sshkeys/struct.go | 32 ++++++++++++++++++++++++-------- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/sshkeys/const.go b/sshkeys/const.go index 9fd2d9e..696accf 100644 --- a/sshkeys/const.go +++ b/sshkeys/const.go @@ -5,8 +5,18 @@ const ( KeyV1Magic string = "openssh-key-v1" ) -// Key cipher names. +// Cipher names. I believe only AES256-CTR is supported upstream currently. const ( - CipherED25519 = iota - CipherRSA = iota + CIPHER_AES256_CTR = "aes256-ctr" +) + +// Key types. +const ( + KEY_ED25519 string = "ssh-ed25519" + KEY_RSA string = "ssh-rsa" +) + +// KDF names. I believe only bcrypt is supported upstream currently. +const ( + KDF_BCRYPT string = "bcrypt" ) diff --git a/sshkeys/ref/format b/sshkeys/ref/format index b643385..6496d09 100644 --- a/sshkeys/ref/format +++ b/sshkeys/ref/format @@ -32,7 +32,7 @@ PRIVATE: 4.0.1.5 Sequential padding to align private key to cipher blocksize (8 for unencrypted keys)[1]. -[0] If it is an encrypted key, everything below 4.0.1 is AES256-CBC encrypted. +[0] If it is an encrypted key, everything below 4.0.1 is encrypted per 1.0.0, 2.0.0, and 3.0.0. [1] Pad determined by: 8 - ((4.0.1.3 + 4.0.1.4) % 8) (??) diff --git a/sshkeys/struct.go b/sshkeys/struct.go index 23a1ca8..ac8d35e 100644 --- a/sshkeys/struct.go +++ b/sshkeys/struct.go @@ -3,19 +3,35 @@ package sshkeys // EncryptedSSHKeyV1 represents an encrypted private key. type EncryptedSSHKeyV1 struct { SSHKeyV1 - Salt string - Rounds uint32 + KDFOpts SSHKDFOpts Passphrase string } +// SSHKDFOpts contains a set of KDF options. +type SSHKDFOpts struct { + Salt []byte // Also referred to as IV (initialization vector). (https://en.wikipedia.org/wiki/Initialization_vector) + Rounds uint32 // Also referred to as work factor. +} + // SSHKeyV1 represents an unencrypted private key. // We don't bother with the legacy (pre v1) keys. Sorry not sorry. // Patch your shit. type SSHKeyV1 struct { - CipherName string - KDFName string - KDFOpts string - NumKeys uint32 - Publickey string - Privatekey string + Magic string + CipherName string + KDFName string + KDFOpts SSHKDFOpts + PublicKeys []SSHPubKey + PrivateKeys []SSHPrivKey +} + +// SSHPubKey contains the Public key of an SSH Keypair. +type SSHPubKey struct { + KeyType string + PrivateKey *SSHPrivKey +} + +// SSHPrivKey contains the Private key of an SSH Keypair. +type SSHPrivKey struct { + PublicKey *SSHPubKey }