Add support for aes256-ctr (#3)

* add support for AES256-CTR in new OpenSSH key format

* refactor test to use table test and include new keys

* added go module

* update travis config

* move test in a different package

* add .gitignore and exclude vendor folder

* format test using placeholders

* fixed import sorting

* reverted changes to go mod and fixed license removing

* remove old golang versions since they are not supported from golang.org/x/cryptho

.gitignore

@@ -0,0 +1 @@
+/vendor

.travis.yml

@@ -1,9 +1,17 @@
 language: go
 
+sudo: false
+
+go_import_path: github.com/ScaleFT/sshkeys
+
 go:
-  - 1.6
-  - 1.7
-  - master
+  - 1.9.x
+  - 1.10.x
+  - 1.11.x
+  - tip
+
+before_install:
+  - go get -u github.com/stretchr/testify/require github.com/dchest/bcrypt_pbkdf golang.org/x/crypto/ed25519 golang.org/x/crypto/ssh
 
-install:
- - go get -u github.com/stretchr/testify/require github.com/dchest/bcrypt_pbkdf
+script:
+  - go test -v ./...

marshal.go

@@ -1,6 +1,7 @@
 package sshkeys
 
 import (
+	"crypto/aes"
 	"crypto/cipher"
 	"crypto/dsa"
 	"crypto/ecdsa"
@@ -14,9 +15,6 @@ import (
 	mrand "math/rand"
 
 	"github.com/dchest/bcrypt_pbkdf"
-
-	"crypto/aes"
-
 	"golang.org/x/crypto/ed25519"
 	"golang.org/x/crypto/ssh"
 )

marshal_test.go

@@ -1,75 +1,92 @@
-package sshkeys
+package sshkeys_test
 
 import (
 	"crypto/rand"
 	"testing"
 
-	"golang.org/x/crypto/ssh"
-
+	"github.com/ScaleFT/sshkeys"
 	"github.com/ScaleFT/sshkeys/testdata"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/crypto/ssh"
 )
 
 func testSigners(t *testing.T, name string, a ssh.Signer, b ssh.Signer) {
 	require.Equal(t, a.PublicKey().Marshal(), b.PublicKey().Marshal())
 
 	sign := []byte("hello world")
 	sig, err := a.Sign(rand.Reader, sign)
-	require.NoError(t, err, "signer failed for "+name)
+	require.NoError(t, err, "signer failed for %s", name)
 
 	err = b.PublicKey().Verify(sign, sig)
-	require.NoError(t, err, "verify failed for "+name)
+	require.NoError(t, err, "verify failed for %s", name)
 }
 
-func TestMarshal(t *testing.T) {
+func TestMarshalOldFormat(t *testing.T) {
 	password := []byte("gopher")
 	for _, k := range testdata.PEMEncryptedKeys {
-		pk, err := ParseEncryptedRawPrivateKey(k.PEMBytes, []byte(k.EncryptionKey))
-		require.NoError(t, err, "error parsing "+k.Name)
-		require.NotNil(t, pk, "nil return from parsing "+k.Name)
+		// ed25519 is only specified in the new format
+		if k.Name == "ed25519-openssh-encrypted-aes256-cbc" || k.Name == "ed25519-openssh-encrypted-aes256-ctr" {
+			continue
+		}
+		t.Run(k.Name, func(t *testing.T) {
+			pk, err := sshkeys.ParseEncryptedRawPrivateKey(k.PEMBytes, []byte(k.EncryptionKey))
+			require.NoError(t, err, "error parsing %s", k.Name)
+			require.NotNil(t, pk, "nil return from parsing %s", k.Name)
 
-		signer, err := ssh.NewSignerFromKey(pk)
-		require.NoError(t, err)
+			signer, err := ssh.NewSignerFromKey(pk)
+			require.NoError(t, err)
 
-		data, err := Marshal(pk, &MarshalOptions{
-			Passphrase: password,
-			Format:     FormatClassicPEM,
-		})
+			data, err := sshkeys.Marshal(pk, &sshkeys.MarshalOptions{
+				Passphrase: password,
+				Format:     sshkeys.FormatClassicPEM,
+			})
 
-		// ed25519 is only specified in the new format
-		if k.Name != "ed25519-openssh-encrypted" {
 			require.NoError(t, err)
-			require.NotNil(t, data, "nil return from marshaling "+k.Name)
+			require.NotNil(t, data, "nil return from marshaling %s", k.Name)
 
-			pk2, err := ParseEncryptedRawPrivateKey(data, password)
-			require.NoError(t, err, "error from parsing "+k.Name)
-			require.NotNil(t, pk2, "nil return from parsing "+k.Name)
+			pk2, err := sshkeys.ParseEncryptedRawPrivateKey(data, password)
+			require.NoError(t, err, "error from parsing %s", k.Name)
+			require.NotNil(t, pk2, "nil return from parsing %s", k.Name)
 
 			signer2, err := ssh.NewSignerFromKey(pk2)
 			require.NoError(t, err)
 
 			testSigners(t, k.Name, signer, signer2)
-		}
-
-		// now use new format
-		data, err = Marshal(pk, &MarshalOptions{
-			Passphrase: password,
-			Format:     FormatOpenSSHv1,
 		})
-		if err != nil && err.Error() == "sshkeys: unsupported key type *dsa.PrivateKey" {
+	}
+}
+
+func TestMarshalNewFormat(t *testing.T) {
+	password := []byte("gopher")
+	for _, k := range testdata.PEMEncryptedKeys {
+		if k.Name == "dsa-encrypted-aes256-cbc" {
 			continue
 		}
-		require.NoError(t, err)
-		require.NotNil(t, data, "nil return from marshaling "+k.Name)
 
-		//		println("input: " + string(data))
-		pk3, err := ParseEncryptedRawPrivateKey(data, password)
-		require.NoError(t, err, "error from parsing "+k.Name)
-		require.NotNil(t, pk3, "nil return from parsing "+k.Name)
+		t.Run(k.Name, func(t *testing.T) {
+			pk, err := sshkeys.ParseEncryptedRawPrivateKey(k.PEMBytes, []byte(k.EncryptionKey))
+			require.NoError(t, err, "error parsing %s", k.Name)
+			require.NotNil(t, pk, "nil return from parsing %s", k.Name)
 
-		signer3, err := ssh.NewSignerFromKey(pk3)
-		require.NoError(t, err)
+			signer, err := ssh.NewSignerFromKey(pk)
+			require.NoError(t, err)
+
+			data, err := sshkeys.Marshal(pk, &sshkeys.MarshalOptions{
+				Passphrase: password,
+				Format:     sshkeys.FormatOpenSSHv1,
+			})
+
+			require.NoError(t, err)
+			require.NotNil(t, data, "nil return from marshaling %s", k.Name)
 
-		testSigners(t, k.Name, signer, signer3)
+			pk2, err := sshkeys.ParseEncryptedRawPrivateKey(data, password)
+			require.NoError(t, err, "error from parsing %s", k.Name)
+			require.NotNil(t, pk2, "nil return from parsing %s", k.Name)
+
+			signer2, err := ssh.NewSignerFromKey(pk2)
+			require.NoError(t, err)
+
+			testSigners(t, k.Name, signer, signer2)
+		})
 	}
 }

parse.go

@@ -10,6 +10,7 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/rsa"
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
@@ -18,9 +19,6 @@ import (
 	"strings"
 
 	"github.com/dchest/bcrypt_pbkdf"
-
-	"crypto/rsa"
-
 	"golang.org/x/crypto/ed25519"
 	"golang.org/x/crypto/ssh"
 )
@@ -112,39 +110,34 @@ func parseOpenSSHPrivateKey(data []byte, passphrase []byte) (interface{}, error)
 	var encrypted bool
 
 	switch {
-	// OpenSSH currently only supports bcrypt KDF w/ AES256-CBC mode
+	// OpenSSH supports bcrypt KDF w/ AES256-CBC or AES256-CTR mode
 	case w.KdfName == "bcrypt" && w.CipherName == "aes256-cbc":
-		cipherKeylen := keySizeAES256
-		cipherIvLen := aes.BlockSize
-
-		var opts struct {
-			Salt   []byte
-			Rounds uint32
-		}
-
-		if err := ssh.Unmarshal([]byte(w.KdfOpts), &opts); err != nil {
-			return nil, err
-		}
-		kdfdata, err := bcrypt_pbkdf.Key(passphrase, opts.Salt, int(opts.Rounds), cipherKeylen+cipherIvLen)
+		iv, block, err := extractBcryptIvBlock(passphrase, w)
 		if err != nil {
 			return nil, err
 		}
 
-		iv := kdfdata[cipherKeylen : cipherIvLen+cipherKeylen]
-		aeskey := kdfdata[0:cipherKeylen]
-		block, err := aes.NewCipher(aeskey)
+		cbc := cipher.NewCBCDecrypter(block, iv)
+		privateKeyBytes = []byte(w.PrivKeyBlock)
+		cbc.CryptBlocks(privateKeyBytes, privateKeyBytes)
+
+		encrypted = true
 
+	case w.KdfName == "bcrypt" && w.CipherName == "aes256-ctr":
+		iv, block, err := extractBcryptIvBlock(passphrase, w)
 		if err != nil {
 			return nil, err
 		}
 
-		cbc := cipher.NewCBCDecrypter(block, iv)
+		stream := cipher.NewCTR(block, iv)
 		privateKeyBytes = []byte(w.PrivKeyBlock)
-		cbc.CryptBlocks(privateKeyBytes, privateKeyBytes)
+		stream.XORKeyStream(privateKeyBytes, privateKeyBytes)
 
 		encrypted = true
+
 	case w.KdfName == "none" && w.CipherName == "none":
 		privateKeyBytes = []byte(w.PrivKeyBlock)
+
 	default:
 		return nil, fmt.Errorf("sshkeys: unknown Cipher/KDF: %s:%s", w.CipherName, w.KdfName)
 	}
@@ -221,3 +214,31 @@ func parseOpenSSHPrivateKey(data []byte, passphrase []byte) (interface{}, error)
 		return nil, errors.New("sshkeys: unhandled key type")
 	}
 }
+
+func extractBcryptIvBlock(passphrase []byte, w opensshHeader) ([]byte, cipher.Block, error) {
+	cipherKeylen := keySizeAES256
+	cipherIvLen := aes.BlockSize
+
+	var opts struct {
+		Salt   []byte
+		Rounds uint32
+	}
+
+	if err := ssh.Unmarshal([]byte(w.KdfOpts), &opts); err != nil {
+		return nil, nil, err
+	}
+	kdfdata, err := bcrypt_pbkdf.Key(passphrase, opts.Salt, int(opts.Rounds), cipherKeylen+cipherIvLen)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	iv := kdfdata[cipherKeylen : cipherIvLen+cipherKeylen]
+	aeskey := kdfdata[0:cipherKeylen]
+	block, err := aes.NewCipher(aeskey)
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return iv, block, nil
+}

parse_test.go

@@ -1,30 +1,35 @@
-package sshkeys
+package sshkeys_test
 
 import (
 	"testing"
 
+	"github.com/ScaleFT/sshkeys"
 	"github.com/ScaleFT/sshkeys/testdata"
 	"github.com/stretchr/testify/require"
 )
 
 func TestParse(t *testing.T) {
-	for name, k := range testdata.PEMBytes {
-		pk, err := ParseEncryptedPrivateKey(k, nil)
-		require.NoError(t, err, "error parsing "+name)
-		require.NotNil(t, pk, "nil return from parsing "+name)
+	for _, k := range testdata.PEMBytes {
+		t.Run(k.Name, func(t *testing.T) {
+			pk, err := sshkeys.ParseEncryptedPrivateKey(k.PEMBytes, nil)
+			require.NoError(t, err, "error parsing %s", k.Name)
+			require.NotNil(t, pk, "nil return from parsing %s", k.Name)
+		})
 	}
 }
 
 func TestEncryptedParse(t *testing.T) {
 	wrongKey := []byte("hello world")
 	for _, k := range testdata.PEMEncryptedKeys {
-		pk, err := ParseEncryptedPrivateKey(k.PEMBytes, wrongKey)
-		require.Error(t, err, "expected error from "+k.Name)
-		require.Equal(t, err, ErrIncorrectPassword, "expected error from "+k.Name)
-		require.Nil(t, pk, "non-nil return from parsing "+k.Name)
+		t.Run(k.Name, func(t *testing.T) {
+			pk, err := sshkeys.ParseEncryptedPrivateKey(k.PEMBytes, wrongKey)
+			require.Error(t, err, "expected error from %s", k.Name)
+			require.Equal(t, err, sshkeys.ErrIncorrectPassword, "expected error from %s", k.Name)
+			require.Nil(t, pk, "non-nil return from parsing %s", k.Name)
 
-		pk, err = ParseEncryptedPrivateKey(k.PEMBytes, []byte(k.EncryptionKey))
-		require.NoError(t, err)
-		require.NotNil(t, pk, "nil return from parsing "+k.Name)
+			pk, err = sshkeys.ParseEncryptedPrivateKey(k.PEMBytes, []byte(k.EncryptionKey))
+			require.NoError(t, err)
+			require.NotNil(t, pk, "nil return from parsing %s", k.Name)
+		})
 	}
 }