checking in prelim stuff
This commit is contained in:
56
kdf/types.go
Normal file
56
kdf/types.go
Normal file
@@ -0,0 +1,56 @@
|
||||
package kdf
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
)
|
||||
|
||||
// KDF is a type of KDF (Key Derivation Function).
|
||||
type KDF interface {
|
||||
// Name returns the string form of the KDF name.
|
||||
Name() (name string)
|
||||
// NameBytes returns the Name result but in bytes with a leading uint32 bytecount packed in.
|
||||
NameBytes() (name []byte)
|
||||
// Rounds returns the number of rounds used in derivation.
|
||||
Rounds() (rounds uint32)
|
||||
// Salt returns the salt bytes.
|
||||
Salt() (salt []byte)
|
||||
// Setup initializes the KDF with the given derivation secret (password) and KDF options.
|
||||
Setup(secret, salt []byte, rounds, keyLen uint32) (err error)
|
||||
// DeriveKey derives the key. Setup (or SetupAuto) must have been run first.
|
||||
DeriveKey() (key []byte, err error)
|
||||
// SetupAuto configures a partially reconstructed KDF options that were parsed from GetKdfFromBytes (if KDF.AutoOK returns true).
|
||||
SetupAuto(secret []byte, keyLen uint32) (err error)
|
||||
// AutoOK returns true if all components were able to be parsed from GetKdfFromBytes.
|
||||
AutoOK() (ok bool)
|
||||
// IsPlain returns true if this is a "null" kdf; i.e. no derivation is actually performed.
|
||||
IsPlain() (plain bool)
|
||||
// PackedBytes returns the bytes suitable for serializing into a key file.
|
||||
PackedBytes() (buf *bytes.Reader, err error)
|
||||
// addSalt adds the salt as parsed from the private key.
|
||||
addSalt(salt []byte) (err error)
|
||||
// addRounds adds the rounds as parsed from the private key.
|
||||
addRounds(rounds uint32) (err error)
|
||||
}
|
||||
|
||||
/*
|
||||
BcryptPbkdf combines bcrypt hashing algorithm with PBKDF2 key derivation.
|
||||
|
||||
(bcrypt) https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node1.html
|
||||
(PBKDF2) https://datatracker.ietf.org/doc/html/rfc2898
|
||||
http://www.tedunangst.com/flak/post/bcrypt-pbkdf
|
||||
*/
|
||||
type BcryptPbkdf struct {
|
||||
// salt is used to salt the hash for each round in rounds.
|
||||
salt []byte
|
||||
// rounds controls how many iterations that salting/hashing is done.
|
||||
rounds uint32
|
||||
// keyLen is how long the derived key should be in bytes.
|
||||
keyLen uint32
|
||||
// secret is the "passphrase" used to seed the key creation.
|
||||
secret []byte
|
||||
// key is used to store the derived key.
|
||||
key []byte
|
||||
}
|
||||
|
||||
// Null is a dummy KDF that is used for unencrypted/plain SSH private keys. It literally does nothing.
|
||||
type Null struct{}
|
||||
Reference in New Issue
Block a user