r00t2/go_sshkeys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

aes128 completely done.

Browse Source 
ish. done-ish. it's entirely untested. CTR should work as i modeled it after PoC, and CBC *probably* works as it's straightforward, but I have no idea about the GCM. TODO.
This commit is contained in:
brent s.
2022-04-29 02:49:33 -04:00
parent 9027750325
commit 0203f8b0d8
19 changed files with 479 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cipher/aes/aes128/cbc/TODO
View File

@@ -1 +0,0 @@
TODO

130
cipher/aes/aes128/cbc/funcs.go
View File

@@ -1,32 +1,26 @@
package cbc
import (
`bytes`
gAes `crypto/aes`
gCipher `crypto/cipher`
`io`
"bytes"
gCipher "crypto/cipher"
`r00t2.io/sshkeys/cipher`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
"r00t2.io/sshkeys/internal"
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
)
// Setup populates a Cipher from a key. The key must include the IV suffixed to the actual key.
func (c *Cipher) Setup(key []byte) (err error) {
if key == nil || len(key) < aes128.KdfKeySize {
err = cipher.ErrBadKeyLen
if c == nil {
*c = Cipher{
&aesCommon.AesCipher{},
}
}
if err = c.CipherSetup(key, aesCommon.Aes128Bits); err != nil {
return
}
if c == nil {
c = &Cipher{}
}
c.key = key[0:aes128.KeySize]
c.iv = key[aes128.KeySize:(aes128.KdfKeySize)]
return
}
@@ -50,22 +44,6 @@ func (c *Cipher) NameBytes() (name []byte) {
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
@@ -78,33 +56,18 @@ func (c *Cipher) KdfKeySize() (size int) {
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var padded []byte
var cryptDst []byte
var padded *bytes.Reader
var cryptBlock gCipher.Block
var crypter gCipher.BlockMode
if b, err = internal.SerializeData(data); err != nil {
if cryptDst, padded, cryptBlock, err = c.GetCryptBlock(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
crypter = gCipher.NewCBCEncrypter(cryptBlock, c.IV)
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
if cryptBlock, err = gAes.NewCipher(c.key); err != nil {
return
}
crypter = gCipher.NewCBCEncrypter(cryptBlock, c.iv)
crypter.CryptBlocks(cryptDst, b)
crypter.CryptBlocks(cryptDst, padded)
encrypted = bytes.NewReader(cryptDst)
@@ -146,40 +109,6 @@ func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
var b []byte
var padNum int
var pad []byte
var buf *bytes.Buffer
if b, err = internal.UnpackBytes(data); err != nil {
return
}
buf = bytes.NewBuffer(b)
for padIdx := 1; (buf.Len() % aes.BlockSize) != 0; padIdx++ {
padNum = padIdx & cipher.PadMod
pad = []byte{byte(uint32(padNum))}
if _, err = buf.Write(pad); err != nil {
return
}
}
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
@@ -192,25 +121,20 @@ func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
var plain []byte
var padded []byte
var cryptBlock gCipher.Block
var decrypter gCipher.BlockMode
if b, err = internal.SerializeData(data); err != nil {
if plain, padded, cryptBlock, err = c.GetDecryptBlock(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
decrypter = gCipher.NewCBCDecrypter(cryptBlock, c.IV)
if cryptBlock, err = gAes.NewCipher(c.key); err != nil {
return
}
decrypter = gCipher.NewCBCDecrypter(cryptBlock, c.iv)
decrypter.CryptBlocks(plain, padded)
decrypter.CryptBlocks(decryptDst, b)
decrypted = bytes.NewReader(decryptDst)
decrypted = bytes.NewReader(plain)
return
}
@@ -239,15 +163,3 @@ func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, er
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

12
cipher/aes/aes128/cbc/types.go
View File

@@ -1,18 +1,10 @@
package cbc
import (
`crypto/cipher`
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
)
// Cipher is an AES128-CBC cipher.Cipher.
type Cipher struct {
// key contains the encryption key.
key []byte
// iv contains the IV, or initialization vector.
iv []byte
/*
cryptBlock contains the block encryptor.
CBC is a block (all at once) encryption mode.
*/
cryptBlock cipher.Block
*aesCommon.AesCipher
}

1
cipher/aes/aes128/ctr/TODO
View File

@@ -1 +0,0 @@
TODO

100
cipher/aes/aes128/ctr/funcs.go
View File

@@ -1,17 +1,25 @@
package ctr
import (
`bytes`
`io`
"bytes"
gCipher "crypto/cipher"
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
"r00t2.io/sshkeys/internal"
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
)
// Setup populates a Cipher from a key. The key must include the IV suffixed to the actual key.
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
if c == nil {
*c = Cipher{
&aesCommon.AesCipher{},
}
}
if err = c.CipherSetup(key, aesCommon.Aes128Bits); err != nil {
return
}
return
}
@@ -36,22 +44,6 @@ func (c *Cipher) NameBytes() (name []byte) {
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
@@ -64,27 +56,20 @@ func (c *Cipher) KdfKeySize() (size int) {
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var padded []byte
var cryptDst []byte
var padded *bytes.Reader
var cryptBlock gCipher.Block
var crypter gCipher.Stream
if b, err = internal.SerializeData(data); err != nil {
if cryptDst, padded, cryptBlock, err = c.GetCryptBlock(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
crypter = gCipher.NewCTR(cryptBlock, c.IV)
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
crypter.XORKeyStream(cryptDst, padded)
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
encrypted = bytes.NewReader(cryptDst)
return
}
@@ -124,22 +109,6 @@ func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
@@ -152,17 +121,20 @@ func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
var plain []byte
var padded []byte
var cryptBlock gCipher.Block
var decrypter gCipher.Stream
if b, err = internal.SerializeData(data); err != nil {
if plain, padded, cryptBlock, err = c.GetDecryptBlock(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
decrypter = gCipher.NewCTR(cryptBlock, c.IV)
// TODO
_ = decryptDst
decrypter.XORKeyStream(plain, padded)
decrypted = bytes.NewReader(plain)
return
}
@@ -191,15 +163,3 @@ func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, er
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

10
cipher/aes/aes128/ctr/types.go Normal file
View File

@@ -0,0 +1,10 @@
package ctr
import (
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
)
// Cipher is an AES128-CTR cipher.Cipher.
type Cipher struct {
*aesCommon.AesCipher
}

102
cipher/aes/aes128/gcm/funcs.go
View File

@@ -1,17 +1,25 @@
package gcm
import (
`bytes`
`io`
"bytes"
gCipher "crypto/cipher"
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
"r00t2.io/sshkeys/internal"
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
)
// Setup populates a Cipher from a key. The key must include the IV suffixed to the actual key.
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
if c == nil {
*c = Cipher{
&aesCommon.AesCipher{},
}
}
if err = c.CipherSetup(key, aesCommon.Aes128Bits); err != nil {
return
}
return
}
@@ -36,22 +44,6 @@ func (c *Cipher) NameBytes() (name []byte) {
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
@@ -64,27 +56,22 @@ func (c *Cipher) KdfKeySize() (size int) {
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var padded []byte
var cryptDst []byte
var padded *bytes.Reader
var cryptBlock gCipher.Block
var crypter gCipher.AEAD
if b, err = internal.SerializeData(data); err != nil {
if cryptDst, padded, cryptBlock, err = c.GetCryptBlock(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
if crypter, err = gCipher.NewGCM(cryptBlock); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = crypter.Seal(cryptDst, c.IV, padded, nil)
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
encrypted = bytes.NewReader(cryptDst)
return
}
@@ -124,22 +111,6 @@ func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
@@ -152,17 +123,24 @@ func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
var plain []byte
var padded []byte
var cryptBlock gCipher.Block
var decrypter gCipher.AEAD
if b, err = internal.SerializeData(data); err != nil {
if plain, padded, cryptBlock, err = c.GetDecryptBlock(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
if decrypter, err = gCipher.NewGCM(cryptBlock); err != nil {
return
}
// TODO
_ = decryptDst
if plain, err = decrypter.Open(plain, c.IV, padded, nil); err != nil {
return
}
decrypted = bytes.NewReader(plain)
return
}
@@ -191,15 +169,3 @@ func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, er
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

10
cipher/aes/aes128/gcm/types.go Normal file
View File

@@ -0,0 +1,10 @@
package gcm
import (
"r00t2.io/sshkeys/internal/ciphers/aesCommon"
)
// Cipher is an AES128-GCM cipher.Cipher.
type Cipher struct {
*aesCommon.AesCipher
}