r00t2/go_sshkeys
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

stubbed out cipher funcs

Browse Source
This commit is contained in:
brent s.
2022-04-28 05:18:25 -04:00
parent ff3f8243d1
commit 5da1bbcd11
23 changed files with 2657 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
cipher/aes/aes128/cbc/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package cbc
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

18
cipher/aes/aes128/cbc/types.go Normal file
View File

@@ -0,0 +1,18 @@
package cbc
import (
`crypto/cipher`
)
// Cipher is an AES128-CBC cipher.Cipher.
type Cipher struct {
// key contains the encryption key.
key []byte
// iv contains the IV, or initialization vector.
iv []byte
/*
cryptBlock contains the block encryptor.
CBC is a block (all at once) encryption mode.
*/
cryptBlock cipher.Block
}

4
cipher/aes/aes128/consts.go
View File

@@ -1,10 +1,10 @@
package aes128
import (
`r00t2.io/sshkeys/cipher/aes`
sshAES `r00t2.io/sshkeys/cipher/aes`
)
const (
KeySize int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16
KdfKeySize int = KeySize + aes.IvSize
KdfKeySize int = KeySize + sshAES.IvSize
)

205
cipher/aes/aes128/ctr/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package ctr
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes128/gcm/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package gcm
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes192/cbc/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package cbc
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes192/ctr/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package ctr
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes192/gcm/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package gcm
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes256/cbc/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package cbc
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes256/ctr/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package ctr
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/aes/aes256/gcm/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package gcm
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/chacha20/poly1305/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package poly1305
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/null/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package null
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

205
cipher/tripledes/cbc/funcs.go Normal file
View File

@@ -0,0 +1,205 @@
package cbc
import (
`bytes`
`io`
`r00t2.io/sshkeys/cipher/aes`
`r00t2.io/sshkeys/cipher/aes/aes128`
`r00t2.io/sshkeys/internal`
)
func (c *Cipher) Setup(key []byte) (err error) {
// TODO
return
}
// Name returns the name as used in the key file bytes.
func (c *Cipher) Name() (name string) {
name = Name
return
}
// NameBytes returns the byte form of Cipher.Name with leading bytecount allocator.
func (c *Cipher) NameBytes() (name []byte) {
var err error
if name, err = internal.PackBytes(Name); err != nil {
return
}
return
}
// BlockSize returns the blocksize of this Cipher.
func (c *Cipher) BlockSize() (size int) {
size = aes.BlockSize
return
}
// KdfKeySize returns the target key length from KDF to use with this Cipher.
func (c *Cipher) KdfKeySize() (size int) {
size = aes128.KeySize
return
}
/*
Encrypt encrypts data (a string, []byte, byte, *bytes.Buffer, or *bytes.Reader) to the *bytes.Reader encrypted.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Encrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Encrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b []byte
var cryptDst []byte
var padded *bytes.Reader
if b, err = internal.SerializeData(data); err != nil {
return
}
if padded, err = c.Pad(b); err != nil {
return
}
b = make([]byte, padded.Len())
if b, err = io.ReadAll(padded); err != nil {
return
}
cryptDst = make([]byte, len(b))
// TODO
_ = cryptDst
return
}
/*
AllocateEncrypt is the same as Cipher.Encrypt but includes an unencrypted byte allocator prefix.
NOTE: Padding IS applied automatically.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.AllocateEncrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error) {
var b *bytes.Reader
var buf *bytes.Buffer = new(bytes.Buffer)
var alloc []byte = make([]byte, 4)
if b, err = c.Encrypt(data); err != nil {
return
}
if alloc, err = internal.PackBytes(b); err != nil {
return
}
if _, err = buf.Write(alloc); err != nil {
return
}
if _, err = b.WriteTo(buf); err != nil {
return
}
encrypted = bytes.NewReader(buf.Bytes())
return
}
/*
Pad will pad data (a string, []byte, byte, or *bytes.Buffer) to the Cipher.BlockSize (if necessary).
The resulting padded buffer is returned.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Pad.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Pad(data interface{}) (paddedBuf *bytes.Reader, err error) {
// TODO
return
}
/*
Decrypt takes a raw byte slice, a *bytes.Buffer, or a *bytes.Reader and returns a plain/decrypted *bytes.Reader.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a *bytes.Buffer, no bytes will be consumed -- the bytes are taken in entirety without consuming them (Buffer.Bytes()).
It is up to the caller to consume the buffer as desired beforehand or isolate to a specific sub-buffer beforehand to pass to Cipher.Decrypt.
NOTE: If data is a *bytes.Reader, ALL bytes WILL be consumed.
*/
func (c *Cipher) Decrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
var decryptDst []byte
if b, err = internal.SerializeData(data); err != nil {
return
}
decryptDst = make([]byte, len(b))
// TODO
_ = decryptDst
return
}
/*
AllocatedDecrypt is the same as Cipher.Decrypt but assumes that data includes an unencrypted uint32 byte allocator prefix.
Be *extremely* certain of this, as things can get REALLY weird if you pass in data that doesn't actually have that prefix.
NOTE: The decrypted data contains padding. It is up to the caller to remove/strip.
NOTE: If data is a bytes.Buffer pointer, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
NOTE: If data is a *bytes.Reader, it will consume ONLY the leading prefix and the length of bytes the prefix indicates and no more.
*/
func (c *Cipher) AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error) {
var b []byte
if b, err = internal.UnpackBytes(data); err != nil {
return
}
if decrypted, err = c.Decrypt(b); err != nil {
return
}
return
}
/*
IsPlain indicates if this Cipher is a plain/null encryption (cipher.null.Null).
It will always return false. It is included for interface compatability.
*/
func (c *Cipher) IsPlain() (plain bool) {
plain = false
return
}

24
cipher/types.go
View File

@@ -5,6 +5,8 @@ import (
)
type Cipher interface {
// Setup initializes the Cipher with a given key.
Setup(key []byte) (err error)
// Name returns the string form of the cipher name.
Name() (name string)
// NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in.
@@ -13,8 +15,6 @@ type Cipher interface {
BlockSize() (size int)
// KdfKeySize returns the desired/needed key size for use with kdf.KDF.
KdfKeySize() (size int)
// Setup initializes the Cipher with a given key.
Setup(key []byte) (err error)
/*
Encrypt takes plain data, either a:
- string
@@ -26,6 +26,16 @@ type Cipher interface {
Encrypt(data interface{}) (encrypted *bytes.Reader, err error)
// AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation.
AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error)
/*
Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
data can be one of either:
- string
- raw byte slice ([]byte or []uint8)
- single byte (byte or uint8)
- *bytes.Buffer
This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
*/
Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
/*
Decrypt takes encrypted data, either a:
- raw byte slice ([]byte or []uint8)
@@ -37,14 +47,4 @@ type Cipher interface {
AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error)
// IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed.
IsPlain() (plain bool)
/*
Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
data can be one of either:
- string
- raw byte slice ([]byte or []uint8)
- single byte (byte or uint8)
- *bytes.Buffer
This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
*/
Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
}