checking in for the night.
key generation should be done, need to finish packing/formatting. also need to start on moduli generation.
This commit is contained in:
104
sshkeys/func.go
104
sshkeys/func.go
@@ -1,6 +1,9 @@
|
||||
package sshkeys
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/rand"
|
||||
"errors"
|
||||
"fmt"
|
||||
@@ -52,7 +55,7 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
|
||||
if err := k.validate(); err != nil {
|
||||
return err
|
||||
}
|
||||
if k.PrivateKeys != nil && !force {
|
||||
if len(k.Keys) > 0 && !force {
|
||||
return nil // Already generated.
|
||||
}
|
||||
if k.KDFOpts.Salt == nil {
|
||||
@@ -64,10 +67,7 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
|
||||
if k.KDFOpts.Rounds == 0 {
|
||||
k.KDFOpts.Rounds = defRounds
|
||||
}
|
||||
if k.DefKeyType == KeyRsa && k.BitSize == 0 {
|
||||
k.BitSize = defRSABitSize
|
||||
} else if k.DefKeyType == KeyEd25519 {
|
||||
k.BitSize = ed25519Len
|
||||
if k.DefKeyType == KeyEd25519 {
|
||||
k.KeySize = keyEd25519
|
||||
k.BlockSize = blockEd25519
|
||||
}
|
||||
@@ -80,25 +80,95 @@ func (k *EncryptedSSHKeyV1) Generate(force bool) error {
|
||||
if _, err := rand.Read(pk.Checksum); err != nil {
|
||||
return err
|
||||
}
|
||||
// Upstream only currently supports bcrypt_pbkdf ("bcrypt").
|
||||
// This should always eval to true, but is here for future planning in case other KDF are implemented.
|
||||
if k.KDFName == KdfBcrypt {
|
||||
if pk.Key, err = bcrypt_pbkdf.Key(k.Passphrase, k.KDFOpts.Salt, int(k.KDFOpts.Rounds), int(k.KeySize)); err != nil {
|
||||
switch k.DefKeyType {
|
||||
case KeyRsa:
|
||||
if err := pk.generateRsa(); err != nil {
|
||||
return err
|
||||
}
|
||||
case KeyEd25519:
|
||||
if err := pk.generateEd25519(); err != nil {
|
||||
return err
|
||||
}
|
||||
default:
|
||||
return errors.New("unknown key type; could not generate private/public keypair")
|
||||
}
|
||||
|
||||
k.Keys = append(k.Keys, pk)
|
||||
// We also need an encrypter/decrypter since this is an encrypted key.
|
||||
// Upstream only currently supports bcrypt_pbkdf ("bcrypt").
|
||||
// This should always eval to true, but is here for future planning in case other KDF are implemented.
|
||||
switch k.KDFName {
|
||||
case KdfBcrypt:
|
||||
if k.Crypt.CryptKey, err = bcrypt_pbkdf.Key(k.Passphrase, k.KDFOpts.Salt, int(k.KDFOpts.Rounds), kdfKeyLen+len(k.KDFOpts.Salt)); err != nil {
|
||||
return err
|
||||
} else {
|
||||
k.Crypt.PrivateKey = k.Crypt.CryptKey[0:kdfSplit]
|
||||
k.Crypt.CryptSalt = k.Crypt.CryptKey[kdfSplit:]
|
||||
}
|
||||
default:
|
||||
return errors.New("could not find KDF")
|
||||
}
|
||||
switch k.CipherName {
|
||||
case CipherAes256Ctr:
|
||||
if k.Crypt.Cipher, err = aes.NewCipher(k.Crypt.PrivateKey); err != nil {
|
||||
return err
|
||||
} else {
|
||||
k.Crypt.Stream = cipher.NewCTR(k.Crypt.Cipher, k.Crypt.CryptSalt)
|
||||
// Can then be used as k.Crypt.Stream.XORKeyStream(dst []byte, src []byte)
|
||||
}
|
||||
default:
|
||||
return errors.New("could not find Cipher")
|
||||
}
|
||||
k.build()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (k *SSHKeyV1) validate() error {
|
||||
return nil
|
||||
}
|
||||
|
||||
func (k *SSHKeyV1) GeneratePrivate(force bool) error {
|
||||
k.validate()
|
||||
if k.PrivateKeys != nil && !force {
|
||||
return nil // Already generated.
|
||||
var validKT bool
|
||||
for _, v := range allowed_keytypes {
|
||||
if v == k.DefKeyType {
|
||||
validKT = true
|
||||
}
|
||||
}
|
||||
if !validKT {
|
||||
return errors.New("invalid DefKeyType specified")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (k *SSHKeyV1) Generate(force bool) error {
|
||||
if len(k.Keys) > 0 && !force {
|
||||
return nil // Already generated.
|
||||
}
|
||||
if k.DefKeyType == KeyEd25519 {
|
||||
k.KeySize = keyEd25519
|
||||
k.BlockSize = blockEd25519
|
||||
}
|
||||
// Currently, OpenSSH has an option for multiple private keys. However, it is hardcoded to 1.
|
||||
// If multiple key support is added in the future, will need to re-tool how I do this, perhaps, in the future. TODO.
|
||||
pk := SSHPrivKey{
|
||||
Comment: fmt.Sprintf("Autogenerated via SSHSecure (%v)", projUrl),
|
||||
}
|
||||
pk.Checksum = make([]byte, 4)
|
||||
if _, err := rand.Read(pk.Checksum); err != nil {
|
||||
return err
|
||||
}
|
||||
switch k.DefKeyType {
|
||||
case KeyRsa:
|
||||
if err := pk.generateRsa(); err != nil {
|
||||
return err
|
||||
}
|
||||
case KeyEd25519:
|
||||
if err := pk.generateEd25519(); err != nil {
|
||||
return err
|
||||
}
|
||||
default:
|
||||
return errors.New("unknown key type; could not generate private/public keypair")
|
||||
}
|
||||
k.Keys = append(k.Keys, pk)
|
||||
k.build()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (k *SSHKeyV1) build() {
|
||||
// We actually assemble the key buffer here. Translation to bytes where needed, case switches (ED25519 vs. RSA), etc.
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user