From ff9fbdab6967ed27b7cb95ae3f716a8c36f8986e Mon Sep 17 00:00:00 2001
From: brent s <bts@square-r00t.net>
Date: Fri, 11 Sep 2020 23:53:55 -0400
Subject: [PATCH] update format spec, working on better structs

---
 sshkeys/const.go   | 16 +++++++++++++---
 sshkeys/ref/format |  2 +-
 sshkeys/struct.go  | 32 ++++++++++++++++++++++++--------
 3 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/sshkeys/const.go b/sshkeys/const.go
index 9fd2d9e..696accf 100644
--- a/sshkeys/const.go
+++ b/sshkeys/const.go
@@ -5,8 +5,18 @@ const (
 	KeyV1Magic string = "openssh-key-v1"
 )
 
-// Key cipher names.
+// Cipher names. I believe only AES256-CTR is supported upstream currently.
 const (
-	CipherED25519 = iota
-	CipherRSA     = iota
+	CIPHER_AES256_CTR = "aes256-ctr"
+)
+
+// Key types.
+const (
+	KEY_ED25519 string = "ssh-ed25519"
+	KEY_RSA     string = "ssh-rsa"
+)
+
+// KDF names. I believe only bcrypt is supported upstream currently.
+const (
+	KDF_BCRYPT string = "bcrypt"
 )
diff --git a/sshkeys/ref/format b/sshkeys/ref/format
index b643385..6496d09 100644
--- a/sshkeys/ref/format
+++ b/sshkeys/ref/format
@@ -32,7 +32,7 @@ PRIVATE:
 		4.0.1.5 Sequential padding to align private key to cipher blocksize (8 for unencrypted keys)[1].
 
 
-[0] If it is an encrypted key, everything below 4.0.1 is AES256-CBC encrypted.
+[0] If it is an encrypted key, everything below 4.0.1 is encrypted per 1.0.0, 2.0.0, and 3.0.0.
 [1] Pad determined by: 8 - ((4.0.1.3 + 4.0.1.4) % 8) (??)
 
 
diff --git a/sshkeys/struct.go b/sshkeys/struct.go
index 23a1ca8..ac8d35e 100644
--- a/sshkeys/struct.go
+++ b/sshkeys/struct.go
@@ -3,19 +3,35 @@ package sshkeys
 // EncryptedSSHKeyV1 represents an encrypted private key.
 type EncryptedSSHKeyV1 struct {
 	SSHKeyV1
-	Salt       string
-	Rounds     uint32
+	KDFOpts    SSHKDFOpts
 	Passphrase string
 }
 
+// SSHKDFOpts contains a set of KDF options.
+type SSHKDFOpts struct {
+	Salt   []byte // Also referred to as IV (initialization vector). (https://en.wikipedia.org/wiki/Initialization_vector)
+	Rounds uint32 // Also referred to as work factor.
+}
+
 // SSHKeyV1 represents an unencrypted private key.
 // We don't bother with the legacy (pre v1) keys. Sorry not sorry.
 // Patch your shit.
 type SSHKeyV1 struct {
-	CipherName string
-	KDFName    string
-	KDFOpts    string
-	NumKeys    uint32
-	Publickey  string
-	Privatekey string
+	Magic       string
+	CipherName  string
+	KDFName     string
+	KDFOpts     SSHKDFOpts
+	PublicKeys  []SSHPubKey
+	PrivateKeys []SSHPrivKey
+}
+
+// SSHPubKey contains the Public key of an SSH Keypair.
+type SSHPubKey struct {
+	KeyType    string
+	PrivateKey *SSHPrivKey
+}
+
+// SSHPrivKey contains the Private key of an SSH Keypair.
+type SSHPrivKey struct {
+	PublicKey *SSHPubKey
 }