bcrypt and null kdf done, work on ciphers next (then keytypes)

2022-04-25 04:27:24 -04:00
parent 91d5e99404
commit ff3f8243d1
43 changed files with 755 additions and 423 deletions
--- a/cipher/aes/aes128/cbc/TODO
+++ b/cipher/aes/aes128/cbc/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes128/cbc/consts.go
+++ b/cipher/aes/aes128/cbc/consts.go
@@ -0,0 +1,5 @@
+package cbc
+
+const (
+	Name string = "aes128-cbc"
+)
--- a/cipher/aes/aes128/consts.go
+++ b/cipher/aes/aes128/consts.go
@@ -0,0 +1,10 @@
+package aes128
+
+import (
+	`r00t2.io/sshkeys/cipher/aes`
+)
+
+const (
+	KeySize    int = 16 // in bytes; AES128 is so named for its 128-bit key, thus: 128 / 8 = 16
+	KdfKeySize int = KeySize + aes.IvSize
+)
--- a/cipher/aes/aes128/ctr/TODO
+++ b/cipher/aes/aes128/ctr/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes128/ctr/consts.go
+++ b/cipher/aes/aes128/ctr/consts.go
@@ -0,0 +1,5 @@
+package ctr
+
+const (
+	Name string = "aes128-ctr"
+)
--- a/cipher/aes/aes128/gcm/TODO
+++ b/cipher/aes/aes128/gcm/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes128/gcm/consts.go
+++ b/cipher/aes/aes128/gcm/consts.go
@@ -0,0 +1,5 @@
+package gcm
+
+const (
+	Name string = "aes128-gcm@openssh.com"
+)
--- a/cipher/aes/aes192/cbc/TODO
+++ b/cipher/aes/aes192/cbc/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes192/cbc/consts.go
+++ b/cipher/aes/aes192/cbc/consts.go
@@ -0,0 +1,5 @@
+package cbc
+
+const (
+	Name string = "aes192-cbc"
+)
--- a/cipher/aes/aes192/consts.go
+++ b/cipher/aes/aes192/consts.go
@@ -0,0 +1,10 @@
+package aes192
+
+import (
+	`r00t2.io/sshkeys/cipher/aes`
+)
+
+const (
+	KeySize    int = 24 // in bytes; AES182 is so named for its 192-bit key, thus: 192 / 8 = 24
+	KdfKeySize int = KeySize + aes.IvSize
+)
--- a/cipher/aes/aes192/ctr/TODO
+++ b/cipher/aes/aes192/ctr/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes192/ctr/consts.go
+++ b/cipher/aes/aes192/ctr/consts.go
@@ -0,0 +1,5 @@
+package ctr
+
+const (
+	Name string = "aes192-ctr"
+)
--- a/cipher/aes/aes192/gcm/TODO
+++ b/cipher/aes/aes192/gcm/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes192/gcm/consts.go
+++ b/cipher/aes/aes192/gcm/consts.go
@@ -0,0 +1,5 @@
+package gcm
+
+const (
+	Name string = "aes192-gcm@openssh.com"
+)
--- a/cipher/aes/aes256/cbc/TODO
+++ b/cipher/aes/aes256/cbc/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes256/cbc/consts.go
+++ b/cipher/aes/aes256/cbc/consts.go
@@ -0,0 +1,5 @@
+package cbc
+
+const (
+	Name string = "aes256-cbc"
+)
--- a/cipher/aes/aes256/consts.go
+++ b/cipher/aes/aes256/consts.go
@@ -0,0 +1,10 @@
+package aes256
+
+import (
+	`r00t2.io/sshkeys/cipher/aes`
+)
+
+const (
+	KeySize    int = 32 // in bytes; AES256 is so named for its 256-bit key, thus: 256 / 8 = 32
+	KdfKeySize int = KeySize + aes.IvSize
+)
--- a/cipher/aes/aes256/ctr/TODO
+++ b/cipher/aes/aes256/ctr/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes256/ctr/consts.go
+++ b/cipher/aes/aes256/ctr/consts.go
@@ -0,0 +1,5 @@
+package ctr
+
+const (
+	Name string = "aes256-ctr"
+)
--- a/cipher/aes/aes256/gcm/TODO
+++ b/cipher/aes/aes256/gcm/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/aes/aes256/gcm/consts.go
+++ b/cipher/aes/aes256/gcm/consts.go
@@ -0,0 +1,5 @@
+package gcm
+
+const (
+	Name string = "aes256-gcm@openssh.com"
+)
--- a/cipher/aes/consts.go
+++ b/cipher/aes/consts.go
@@ -0,0 +1,10 @@
+package aes
+
+import (
+	`crypto/aes`
+)
+
+const (
+	BlockSize int = aes.BlockSize
+	IvSize    int = aes.BlockSize
+)
--- a/cipher/chacha20/poly1305/TODO
+++ b/cipher/chacha20/poly1305/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/null/TODO
+++ b/cipher/null/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/tripledes/cbc/TODO
+++ b/cipher/tripledes/cbc/TODO
@@ -0,0 +1 @@
+TODO
--- a/cipher/types.go
+++ b/cipher/types.go
@@ -0,0 +1,50 @@
+package cipher
+
+import (
+	`bytes`
+)
+
+type Cipher interface {
+	// Name returns the string form of the cipher name.
+	Name() (name string)
+	// NameBytes returns the Name result but in bytes, with a leading uint32 bytecount packed in.
+	NameBytes() (name []byte)
+	// BlockSize returns the blocksize of the cipher.Cipher. This is used for externally padding data for Cipher.Encrypt and Cipher.AllocateEncrypt.
+	BlockSize() (size int)
+	// KdfKeySize returns the desired/needed key size for use with kdf.KDF.
+	KdfKeySize() (size int)
+	// Setup initializes the Cipher with a given key.
+	Setup(key []byte) (err error)
+	/*
+		Encrypt takes plain data, either a:
+			- string
+			- raw byte slice ([]byte or []uint8)
+			- single byte (byte or uint8)
+			- *bytes.Buffer
+		and returns an encrypted *bytes.Buffer of data.
+	*/
+	Encrypt(data interface{}) (encrypted *bytes.Reader, err error)
+	// AllocateEncrypt is exactly like cipher.Cipher.Encrypt except that it includes a (NON-encrypted) uint32 prefix of byte allocation.
+	AllocateEncrypt(data interface{}) (encrypted *bytes.Reader, err error)
+	/*
+		Decrypt takes encrypted data, either a:
+			- raw byte slice ([]byte or []uint8)
+			- *bytes.Buffer
+		and returns a plain/decrypted *bytes.Buffer of data.
+	*/
+	Decrypt(data interface{}) (decrypted *bytes.Reader, err error)
+	// AllocatedDecrypt is exactly like cipher.Cipher.Decrypt except that it assumes that data includes a (NON-encrypted) uint32 prefix of byte allocation.
+	AllocatedDecrypt(data interface{}) (decrypted *bytes.Reader, err error)
+	// IsPlain returns true if this is a "null" cipher; i.e. no encryption is actually performed.
+	IsPlain() (plain bool)
+	/*
+		Pad returns padded bytes in a *bytes.Buffer according to the cipher's padding specification.
+		data can be one of either:
+			- string
+			- raw byte slice ([]byte or []uint8)
+			- single byte (byte or uint8)
+			- *bytes.Buffer
+		This is a prerequisite in some ciphers, and must be performed BEFORE encrypting.
+	*/
+	Pad(data interface{}) (paddedBuf *bytes.Reader, err error)
+}