kubernetes/vendor/golang.org/x/crypto/ssh/keys.go

const KeyAlgoRSA

const KeyAlgoDSA

const KeyAlgoECDSA256

const KeyAlgoSKECDSA256

const KeyAlgoECDSA384

const KeyAlgoECDSA521

const KeyAlgoED25519

const KeyAlgoSKED25519

const KeyAlgoRSASHA256

const KeyAlgoRSASHA512

const SigAlgoRSA

const SigAlgoRSASHA2256

const SigAlgoRSASHA2512

// parsePubKey parses a public key of the given algorithm.
// Use ParsePublicKey for keys with prepended algorithm.
func parsePubKey(in []byte, algo string) (pubKey PublicKey, rest []byte, err error) {}

// parseAuthorizedKey parses a public key in OpenSSH authorized_keys format
// (see sshd(8) manual page) once the options and key type fields have been
// removed.
func parseAuthorizedKey(in []byte) (out PublicKey, comment string, err error) {}

// ParseKnownHosts parses an entry in the format of the known_hosts file.
//
// The known_hosts format is documented in the sshd(8) manual page. This
// function will parse a single entry from in. On successful return, marker
// will contain the optional marker value (i.e. "cert-authority" or "revoked")
// or else be empty, hosts will contain the hosts that this entry matches,
// pubKey will contain the public key and comment will contain any trailing
// comment at the end of the line. See the sshd(8) manual page for the various
// forms that a host string can take.
//
// The unparsed remainder of the input will be returned in rest. This function
// can be called repeatedly to parse multiple entries.
//
// If no entries were found in the input then err will be io.EOF. Otherwise a
// non-nil err value indicates a parse error.
func ParseKnownHosts(in []byte) (marker string, hosts []string, pubKey PublicKey, comment string, rest []byte, err error) {}

// ParseAuthorizedKey parses a public key from an authorized_keys
// file used in OpenSSH according to the sshd(8) manual page.
func ParseAuthorizedKey(in []byte) (out PublicKey, comment string, options []string, rest []byte, err error) {}

// ParsePublicKey parses an SSH public key formatted for use in
// the SSH wire protocol according to RFC 4253, section 6.6.
func ParsePublicKey(in []byte) (out PublicKey, err error) {}

// MarshalAuthorizedKey serializes key for inclusion in an OpenSSH
// authorized_keys file. The return value ends with newline.
func MarshalAuthorizedKey(key PublicKey) []byte {}

// MarshalPrivateKey returns a PEM block with the private key serialized in the
// OpenSSH format.
func MarshalPrivateKey(key crypto.PrivateKey, comment string) (*pem.Block, error) {}

// MarshalPrivateKeyWithPassphrase returns a PEM block holding the encrypted
// private key serialized in the OpenSSH format.
func MarshalPrivateKeyWithPassphrase(key crypto.PrivateKey, comment string, passphrase []byte) (*pem.Block, error) {}

type PublicKey

type CryptoPublicKey

type Signer

type AlgorithmSigner

type MultiAlgorithmSigner

// NewSignerWithAlgorithms returns a signer restricted to the specified
// algorithms. The algorithms must be set in preference order. The list must not
// be empty, and it must not include certificate types. An error is returned if
// the specified algorithms are incompatible with the public key type.
func NewSignerWithAlgorithms(signer AlgorithmSigner, algorithms []string) (MultiAlgorithmSigner, error) {}

type multiAlgorithmSigner

func (s *multiAlgorithmSigner) Algorithms() []string {}

func (s *multiAlgorithmSigner) isAlgorithmSupported(algorithm string) bool {}

func (s *multiAlgorithmSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {}

type rsaPublicKey

func (r *rsaPublicKey) Type() string {}

// parseRSA parses an RSA key according to RFC 4253, section 6.6.
func parseRSA(in []byte) (out PublicKey, rest []byte, err error) {}

func (r *rsaPublicKey) Marshal() []byte {}

func (r *rsaPublicKey) Verify(data []byte, sig *Signature) error {}

func (r *rsaPublicKey) CryptoPublicKey() crypto.PublicKey {}

type dsaPublicKey

func (k *dsaPublicKey) Type() string {}

func checkDSAParams(param *dsa.Parameters) error {}

// parseDSA parses an DSA key according to RFC 4253, section 6.6.
func parseDSA(in []byte) (out PublicKey, rest []byte, err error) {}

func (k *dsaPublicKey) Marshal() []byte {}

func (k *dsaPublicKey) Verify(data []byte, sig *Signature) error {}

func (k *dsaPublicKey) CryptoPublicKey() crypto.PublicKey {}

type dsaPrivateKey

func (k *dsaPrivateKey) PublicKey() PublicKey {}

func (k *dsaPrivateKey) Sign(rand io.Reader, data []byte) (*Signature, error) {}

func (k *dsaPrivateKey) Algorithms() []string {}

func (k *dsaPrivateKey) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {}

type ecdsaPublicKey

func (k *ecdsaPublicKey) Type() string {}

func (k *ecdsaPublicKey) nistID() string {}

type ed25519PublicKey

func (k ed25519PublicKey) Type() string {}

func parseED25519(in []byte) (out PublicKey, rest []byte, err error) {}

func (k ed25519PublicKey) Marshal() []byte {}

func (k ed25519PublicKey) Verify(b []byte, sig *Signature) error {}

func (k ed25519PublicKey) CryptoPublicKey() crypto.PublicKey {}

func supportedEllipticCurve(curve elliptic.Curve) bool {}

// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {}

func (k *ecdsaPublicKey) Marshal() []byte {}

func (k *ecdsaPublicKey) Verify(data []byte, sig *Signature) error {}

func (k *ecdsaPublicKey) CryptoPublicKey() crypto.PublicKey {}

type skFields

type skECDSAPublicKey

func (k *skECDSAPublicKey) Type() string {}

func (k *skECDSAPublicKey) nistID() string {}

func parseSKECDSA(in []byte) (out PublicKey, rest []byte, err error) {}

func (k *skECDSAPublicKey) Marshal() []byte {}

func (k *skECDSAPublicKey) Verify(data []byte, sig *Signature) error {}

func (k *skECDSAPublicKey) CryptoPublicKey() crypto.PublicKey {}

type skEd25519PublicKey

func (k *skEd25519PublicKey) Type() string {}

func parseSKEd25519(in []byte) (out PublicKey, rest []byte, err error) {}

func (k *skEd25519PublicKey) Marshal() []byte {}

func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {}

func (k *skEd25519PublicKey) CryptoPublicKey() crypto.PublicKey {}

// NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey,
// *ecdsa.PrivateKey or any other crypto.Signer and returns a
// corresponding Signer instance. ECDSA keys must use P-256, P-384 or
// P-521. DSA keys must use parameter size L1024N160.
func NewSignerFromKey(key interface{}

func newDSAPrivateKey(key *dsa.PrivateKey) (Signer, error) {}

type wrappedSigner

// NewSignerFromSigner takes any crypto.Signer implementation and
// returns a corresponding Signer interface. This can be used, for
// example, with keys kept in hardware modules.
func NewSignerFromSigner(signer crypto.Signer) (Signer, error) {}

func (s *wrappedSigner) PublicKey() PublicKey {}

func (s *wrappedSigner) Sign(rand io.Reader, data []byte) (*Signature, error) {}

func (s *wrappedSigner) Algorithms() []string {}

func (s *wrappedSigner) SignWithAlgorithm(rand io.Reader, data []byte, algorithm string) (*Signature, error) {}

// NewPublicKey takes an *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey,
// or ed25519.PublicKey returns a corresponding PublicKey instance.
// ECDSA keys must use P-256, P-384 or P-521.
func NewPublicKey(key interface{}

// ParsePrivateKey returns a Signer from a PEM encoded private key. It supports
// the same keys as ParseRawPrivateKey. If the private key is encrypted, it
// will return a PassphraseMissingError.
func ParsePrivateKey(pemBytes []byte) (Signer, error) {}

// ParsePrivateKeyWithPassphrase returns a Signer from a PEM encoded private
// key and passphrase. It supports the same keys as
// ParseRawPrivateKeyWithPassphrase.
func ParsePrivateKeyWithPassphrase(pemBytes, passphrase []byte) (Signer, error) {}

// encryptedBlock tells whether a private key is
// encrypted by examining its Proc-Type header
// for a mention of ENCRYPTED
// according to RFC 1421 Section 4.6.1.1.
func encryptedBlock(block *pem.Block) bool {}

type PassphraseMissingError

func (*PassphraseMissingError) Error() string {}

// ParseRawPrivateKey returns a private key from a PEM encoded private key. It supports
// RSA, DSA, ECDSA, and Ed25519 private keys in PKCS#1, PKCS#8, OpenSSL, and OpenSSH
// formats. If the private key is encrypted, it will return a PassphraseMissingError.
func ParseRawPrivateKey(pemBytes []byte) (interface{}

// ParseRawPrivateKeyWithPassphrase returns a private key decrypted with
// passphrase from a PEM encoded private key. If the passphrase is wrong, it
// will return x509.IncorrectPasswordError.
func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{}

// ParseDSAPrivateKey returns a DSA private key from its ASN.1 DER encoding, as
// specified by the OpenSSL DSA man page.
func ParseDSAPrivateKey(der []byte) (*dsa.PrivateKey, error) {}

func unencryptedOpenSSHKey(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {}

func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {}

func unencryptedOpenSSHMarshaler(privKeyBlock []byte) ([]byte, string, string, string, error) {}

func passphraseProtectedOpenSSHMarshaler(passphrase []byte) openSSHEncryptFunc {}

const privateKeyAuthMagic

type openSSHDecryptFunc

type openSSHEncryptFunc

type openSSHEncryptedPrivateKey

type openSSHPrivateKey

type openSSHRSAPrivateKey

type openSSHEd25519PrivateKey

type openSSHECDSAPrivateKey

// parseOpenSSHPrivateKey parses an OpenSSH private key, using the decrypt
// function to unwrap the encrypted portion. unencryptedOpenSSHKey can be used
// as the decrypt function to parse an unencrypted private key. See
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key.
func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.PrivateKey, error) {}

func marshalOpenSSHPrivateKey(key crypto.PrivateKey, comment string, encrypt openSSHEncryptFunc) (*pem.Block, error) {}

func checkOpenSSHKeyPadding(pad []byte) error {}

func generateOpenSSHPadding(block []byte, blockSize int) []byte {}

// FingerprintLegacyMD5 returns the user presentation of the key's
// fingerprint as described by RFC 4716 section 4.
func FingerprintLegacyMD5(pubKey PublicKey) string {}

// FingerprintSHA256 returns the user presentation of the key's
// fingerprint as unpadded base64 encoded sha256 hash.
// This format was introduced from OpenSSH 6.8.
// https://www.openssh.com/txt/release-6.8
// https://tools.ietf.org/html/rfc4648#section-3.2 (unpadded base64 encoding)
func FingerprintSHA256(pubKey PublicKey) string {}