优化

Author: deatil

cryptobin/ssh/create.go

@@ -212,6 +212,15 @@ func (this SSH) CreateOpenSSHPrivateKeyWithPassword(password []byte, opts ...Ope
     }
 
     useOpts := DefaultOpenSSHOpts
+    if this.options.CipherName != "" {
+        cip, err := ssh.ParseCipher(this.options.CipherName)
+        if err != nil {
+            return this.AppendError(err)
+        }
+
+        useOpts.Cipher = cip
+    }
+
     if len(opts) > 0 {
         useOpts = opts[0]
     }

cryptobin/ssh/from.go

@@ -143,13 +143,14 @@ func FromPublicKey(key []byte) SSH {
 
 // from OpenSSH PrivateKey
 func (this SSH) FromOpenSSHPrivateKey(key []byte) SSH {
-    privateKey, comment, err := this.ParseOpenSSHPrivateKeyFromPEM(key)
+    privateKey, comment, cipherName, err := this.ParseOpenSSHPrivateKeyFromPEM(key)
     if err != nil {
         return this.AppendError(err)
     }
 
     this.privateKey = privateKey
     this.options.Comment = comment
+    this.options.CipherName = cipherName
 
     return this
 }
@@ -161,13 +162,14 @@ func FromOpenSSHPrivateKey(key []byte) SSH {
 
 // from OpenSSH PrivateKey with password
 func (this SSH) FromOpenSSHPrivateKeyWithPassword(key []byte, password []byte) SSH {
-    privateKey, comment, err := this.ParseOpenSSHPrivateKeyFromPEMWithPassword(key, password)
+    privateKey, comment, cipherName, err := this.ParseOpenSSHPrivateKeyFromPEMWithPassword(key, password)
     if err != nil {
         return this.AppendError(err)
     }
 
     this.privateKey = privateKey
     this.options.Comment = comment
+    this.options.CipherName = cipherName
 
     return this
 }

cryptobin/ssh/get.go

@@ -75,6 +75,11 @@ func (this SSH) GetOptions() Options {
     return this.options
 }
 
+// get Options CipherName
+func (this SSH) GetCipherName() string {
+    return this.options.CipherName
+}
+
 // get Options Comment
 func (this SSH) GetComment() string {
     return this.options.Comment

cryptobin/ssh/parse.go

@@ -33,24 +33,44 @@ var (
 )
 
 // Parse OpenSSH PrivateKey From PEM
-func (this SSH) ParseOpenSSHPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, string, error) {
+func (this SSH) ParseOpenSSHPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, string, string, error) {
     // Parse PEM block
     var block *pem.Block
     if block, _ = pem.Decode(key); block == nil {
-        return nil, "", ErrKeyMustBePEMEncoded
+        return nil, "", "", ErrKeyMustBePEMEncoded
     }
 
-    return ssh.ParseOpenSSHPrivateKey(block.Bytes)
+    privateKey, comment, err := ssh.ParseOpenSSHPrivateKey(block.Bytes)
+    if err != nil {
+        return nil, "", "", err
+    }
+
+    info, err := ssh.ParseOpenSSHPrivateKeyToInfo(block.Bytes)
+    if err != nil {
+        return nil, "", "", err
+    }
+
+    return privateKey, comment, info.CipherName, nil
 }
 
 // Parse OpenSSH PrivateKey From PEM With Password
-func (this SSH) ParseOpenSSHPrivateKeyFromPEMWithPassword(key []byte, password []byte) (crypto.PrivateKey, string, error) {
+func (this SSH) ParseOpenSSHPrivateKeyFromPEMWithPassword(key []byte, password []byte) (crypto.PrivateKey, string, string, error) {
     var block *pem.Block
     if block, _ = pem.Decode(key); block == nil {
-        return nil, "", ErrKeyMustBePEMEncoded
+        return nil, "", "", ErrKeyMustBePEMEncoded
+    }
+
+    privateKey, comment, err := ssh.ParseOpenSSHPrivateKeyWithPassword(block.Bytes, password)
+    if err != nil {
+        return nil, "", "", err
+    }
+
+    info, err := ssh.ParseOpenSSHPrivateKeyToInfo(block.Bytes)
+    if err != nil {
+        return nil, "", "", err
     }
 
-    return ssh.ParseOpenSSHPrivateKeyWithPassword(block.Bytes, password)
+    return privateKey, comment, info.CipherName, nil
 }
 
 // Parse OpenSSH PublicKey From PEM

cryptobin/ssh/ssh.go

@@ -43,6 +43,9 @@ type Options struct {
     // public key type
     PublicKeyType PublicKeyType
 
+    // Cipher Name
+    CipherName string
+
     // comment data
     Comment string
 

cryptobin/ssh/ssh_test.go

@@ -8,6 +8,7 @@ import (
     "crypto/rand"
     "crypto/elliptic"
 
+    cryptobin_ssh "github.com/deatil/go-cryptobin/ssh"
     cryptobin_test "github.com/deatil/go-cryptobin/tool/test"
 )
 
@@ -341,6 +342,7 @@ func Test_Get(t *testing.T) {
     testerr := errors.New("test-error")
     opts := Options{
         PublicKeyType:  KeyTypeRSA,
+        CipherName:     "test-CipherName",
         Comment:        "test-Comment",
         ParameterSizes: dsa.L1024N160,
         Curve:          elliptic.P256(),
@@ -373,6 +375,7 @@ func Test_Get(t *testing.T) {
     assertNotEmpty(openSSHPublicKey, "Test_Get-GetOpenSSHPublicKey")
 
     assertEqual(newSSH2.GetOptions(), opts, "Test_Get-GetOptions")
+    assertEqual(newSSH2.GetCipherName(), "test-CipherName", "Test_Get-GetCipherName")
     assertEqual(newSSH2.GetComment(), "test-Comment", "Test_Get-GetComment")
     assertEqual(newSSH2.GetParameterSizes(), dsa.L1024N160, "Test_Get-GetParameterSizes")
     assertEqual(newSSH2.GetCurve(), elliptic.P256(), "Test_Get-GetCurve")
@@ -430,6 +433,12 @@ func Test_With(t *testing.T) {
     tmp = newSSH.SetPublicKeyType("ECDSA")
     assertEqual(tmp.options.PublicKeyType, KeyTypeECDSA, "Test_Get-SetPublicKeyType")
 
+    tmp = newSSH.WithCipherName("test-CipherName")
+    assertEqual(tmp.options.CipherName, "test-CipherName", "Test_Get-WithCipherName")
+
+    tmp = newSSH.SetCipher(cryptobin_ssh.AES256CBC)
+    assertEqual(tmp.options.CipherName, "aes256-cbc", "Test_Get-SetCipher")
+
     tmp = newSSH.WithComment("test-Comment")
     assertEqual(tmp.options.Comment, "test-Comment", "Test_Get-WithComment")
 

cryptobin/ssh/with.go

@@ -77,6 +77,20 @@ func (this SSH) SetPublicKeyType(keyType string) SSH {
     return this
 }
 
+// With CipherName
+func (this SSH) WithCipherName(cipherName string) SSH {
+    this.options.CipherName = cipherName
+
+    return this
+}
+
+// Set Cipher
+func (this SSH) SetCipher(cip cryptobin_ssh.Cipher) SSH {
+    this.options.CipherName = cip.Name()
+
+    return this
+}
+
 // With Comment
 func (this SSH) WithComment(comment string) SSH {
     this.options.Comment = comment

ssh/ssh.go

@@ -119,6 +119,21 @@ func ParseOpenSSHPrivateKeyWithPassword(key []byte, password []byte) (crypto.Pri
     return parsedKey, comment, nil
 }
 
+func ParseOpenSSHPrivateKeyToInfo(key []byte) (openSSHPrivateKey, error) {
+    if len(key) < len(sshMagic) || string(key[:len(sshMagic)]) != sshMagic {
+        return openSSHPrivateKey{}, errors.New("invalid openssh private key format")
+    }
+
+    remaining := key[len(sshMagic):]
+
+    var w openSSHPrivateKey
+    if err := ssh.Unmarshal(remaining, &w); err != nil {
+        return openSSHPrivateKey{}, err
+    }
+
+    return w, nil
+}
+
 // Marshal OpenSSH PrivateKey
 func MarshalOpenSSHPrivateKey(rand io.Reader, key crypto.PrivateKey, comment string) (*pem.Block, error) {
     return MarshalOpenSSHPrivateKeyWithPassword(rand, key, comment, nil)

ssh/ssh_test.go

@@ -216,6 +216,13 @@ func Test_ParseSSHKey_Ecdsa_With_Pass(t *testing.T) {
     assertNotEmpty(sshComment, "Test_ParseSSHKey_Ecdsa_With_Pass-commit")
 
     assertEqual(sshComment, "test-ssh123", "Test_ParseSSHKey_Ecdsa_With_Pass")
+
+    block2, _ := pem.Decode(blockkeyData)
+
+    w, err := ParseOpenSSHPrivateKeyToInfo(block2.Bytes)
+    assertError(err, "Test_ParseSSHKey_DSA-ParseOpenSSHPrivateKeyToInfo")
+    assertEqual(w.CipherName, "aes256-ctr", "Test_ParseSSHKey_DSA-CipherName")
+    assertEqual(w.KdfName, "bcrypt", "Test_ParseSSHKey_DSA-KdfName")
 }
 
 func test_ParseSSHKey_Ecdsa_With_Pass_And_Opts(t *testing.T, opts Opts) {