81 lines
2.3 KiB
Go
81 lines
2.3 KiB
Go
/*
|
|
SSHSecure - a program to harden OpenSSH from defaults
|
|
Copyright (C) 2020 Brent Saner
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package sshkeys
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/cipher"
|
|
)
|
|
|
|
// EncryptedSSHKeyV1 represents an encrypted private key.
|
|
type EncryptedSSHKeyV1 struct {
|
|
SSHKeyV1
|
|
Crypt SSHCrypt
|
|
KDFOpts SSHKDFOpts
|
|
Passphrase []byte
|
|
}
|
|
|
|
// SSHCrypt contains the encryption object Stream, the cipher object Cipher, the ephemeral salt (CryptSalt), and the ephemeral key (CryptKey).
|
|
// the Cipher, and the stream.
|
|
type SSHCrypt struct {
|
|
Stream cipher.Stream
|
|
Cipher cipher.Block
|
|
PrivateKey []byte // encryption key
|
|
CryptSalt []byte // ephemeral salt
|
|
CryptKey []byte // ephemeral key (not really used)
|
|
}
|
|
|
|
// SSHKDFOpts contains a set of KDF options.
|
|
type SSHKDFOpts struct {
|
|
Salt []byte // Also referred to as IV (initialization vector). (https://en.wikipedia.org/wiki/Initialization_vector)
|
|
Rounds uint32 // Also referred to as work factor.
|
|
}
|
|
|
|
// SSHKeyV1 represents a private key.
|
|
// We don't bother with the legacy (pre v1) keys. Sorry not sorry.
|
|
// Patch your shit.
|
|
type SSHKeyV1 struct {
|
|
Magic string
|
|
DefKeyType string
|
|
KDFName string
|
|
CipherName string
|
|
KeySize uint32
|
|
Keys []SSHPrivKey // 1 by default.
|
|
Buffer bytes.Buffer
|
|
}
|
|
|
|
// SSHPubKey contains the Public key of an SSH Keypair.
|
|
type SSHPubKey struct {
|
|
KeyType string
|
|
Key interface{}
|
|
}
|
|
|
|
// SSHPrivKey contains the Private key of an SSH Keypair.
|
|
type SSHPrivKey struct {
|
|
PublicKey *SSHPubKey
|
|
BitSize uint32
|
|
BlockSize int
|
|
Key interface{}
|
|
// ED25519 keys are actually "sk + pk", where sk is the secret key and pk is the pubkey.
|
|
// We store that here.
|
|
KeyAlt []byte
|
|
Checksum []byte
|
|
Comment string
|
|
}
|