diff options
author | Nathan Dench <ndenc2@gmail.com> | 2019-05-24 15:16:44 +1000 |
---|---|---|
committer | Nathan Dench <ndenc2@gmail.com> | 2019-05-24 15:16:44 +1000 |
commit | 107c1cdb09c575aa2f61d97f48d8587eb6bada4c (patch) | |
tree | ca7d008643efc555c388baeaf1d986e0b6b3e28c /vendor/golang.org/x/crypto/openpgp/packet | |
parent | 844b5a68d8af4791755b8f0ad293cc99f5959183 (diff) | |
download | terraform-provider-statuscake-107c1cdb09c575aa2f61d97f48d8587eb6bada4c.tar.gz terraform-provider-statuscake-107c1cdb09c575aa2f61d97f48d8587eb6bada4c.tar.zst terraform-provider-statuscake-107c1cdb09c575aa2f61d97f48d8587eb6bada4c.zip |
Upgrade to 0.12
Diffstat (limited to 'vendor/golang.org/x/crypto/openpgp/packet')
6 files changed, 54 insertions, 23 deletions
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go b/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go index 266840d..02b372c 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go | |||
@@ -42,12 +42,18 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) { | |||
42 | switch e.Algo { | 42 | switch e.Algo { |
43 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: | 43 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: |
44 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) | 44 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) |
45 | if err != nil { | ||
46 | return | ||
47 | } | ||
45 | case PubKeyAlgoElGamal: | 48 | case PubKeyAlgoElGamal: |
46 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) | 49 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) |
47 | if err != nil { | 50 | if err != nil { |
48 | return | 51 | return |
49 | } | 52 | } |
50 | e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r) | 53 | e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r) |
54 | if err != nil { | ||
55 | return | ||
56 | } | ||
51 | } | 57 | } |
52 | _, err = consumeAll(r) | 58 | _, err = consumeAll(r) |
53 | return | 59 | return |
@@ -72,7 +78,8 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error { | |||
72 | // padding oracle attacks. | 78 | // padding oracle attacks. |
73 | switch priv.PubKeyAlgo { | 79 | switch priv.PubKeyAlgo { |
74 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: | 80 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: |
75 | b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1.bytes) | 81 | k := priv.PrivateKey.(*rsa.PrivateKey) |
82 | b, err = rsa.DecryptPKCS1v15(config.Random(), k, padToKeySize(&k.PublicKey, e.encryptedMPI1.bytes)) | ||
76 | case PubKeyAlgoElGamal: | 83 | case PubKeyAlgoElGamal: |
77 | c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes) | 84 | c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes) |
78 | c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes) | 85 | c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes) |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go index 3eded93..5af64c5 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go | |||
@@ -11,10 +11,12 @@ import ( | |||
11 | "crypto/aes" | 11 | "crypto/aes" |
12 | "crypto/cipher" | 12 | "crypto/cipher" |
13 | "crypto/des" | 13 | "crypto/des" |
14 | "golang.org/x/crypto/cast5" | 14 | "crypto/rsa" |
15 | "golang.org/x/crypto/openpgp/errors" | ||
16 | "io" | 15 | "io" |
17 | "math/big" | 16 | "math/big" |
17 | |||
18 | "golang.org/x/crypto/cast5" | ||
19 | "golang.org/x/crypto/openpgp/errors" | ||
18 | ) | 20 | ) |
19 | 21 | ||
20 | // readFull is the same as io.ReadFull except that reading zero bytes returns | 22 | // readFull is the same as io.ReadFull except that reading zero bytes returns |
@@ -402,14 +404,16 @@ const ( | |||
402 | type PublicKeyAlgorithm uint8 | 404 | type PublicKeyAlgorithm uint8 |
403 | 405 | ||
404 | const ( | 406 | const ( |
405 | PubKeyAlgoRSA PublicKeyAlgorithm = 1 | 407 | PubKeyAlgoRSA PublicKeyAlgorithm = 1 |
406 | PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 | 408 | PubKeyAlgoElGamal PublicKeyAlgorithm = 16 |
407 | PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 | 409 | PubKeyAlgoDSA PublicKeyAlgorithm = 17 |
408 | PubKeyAlgoElGamal PublicKeyAlgorithm = 16 | ||
409 | PubKeyAlgoDSA PublicKeyAlgorithm = 17 | ||
410 | // RFC 6637, Section 5. | 410 | // RFC 6637, Section 5. |
411 | PubKeyAlgoECDH PublicKeyAlgorithm = 18 | 411 | PubKeyAlgoECDH PublicKeyAlgorithm = 18 |
412 | PubKeyAlgoECDSA PublicKeyAlgorithm = 19 | 412 | PubKeyAlgoECDSA PublicKeyAlgorithm = 19 |
413 | |||
414 | // Deprecated in RFC 4880, Section 13.5. Use key flags instead. | ||
415 | PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 | ||
416 | PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 | ||
413 | ) | 417 | ) |
414 | 418 | ||
415 | // CanEncrypt returns true if it's possible to encrypt a message to a public | 419 | // CanEncrypt returns true if it's possible to encrypt a message to a public |
@@ -500,19 +504,17 @@ func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) { | |||
500 | numBytes := (int(bitLength) + 7) / 8 | 504 | numBytes := (int(bitLength) + 7) / 8 |
501 | mpi = make([]byte, numBytes) | 505 | mpi = make([]byte, numBytes) |
502 | _, err = readFull(r, mpi) | 506 | _, err = readFull(r, mpi) |
503 | return | 507 | // According to RFC 4880 3.2. we should check that the MPI has no leading |
504 | } | 508 | // zeroes (at least when not an encrypted MPI?), but this implementation |
505 | 509 | // does generate leading zeroes, so we keep accepting them. | |
506 | // mpiLength returns the length of the given *big.Int when serialized as an | ||
507 | // MPI. | ||
508 | func mpiLength(n *big.Int) (mpiLengthInBytes int) { | ||
509 | mpiLengthInBytes = 2 /* MPI length */ | ||
510 | mpiLengthInBytes += (n.BitLen() + 7) / 8 | ||
511 | return | 510 | return |
512 | } | 511 | } |
513 | 512 | ||
514 | // writeMPI serializes a big integer to w. | 513 | // writeMPI serializes a big integer to w. |
515 | func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) { | 514 | func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) { |
515 | // Note that we can produce leading zeroes, in violation of RFC 4880 3.2. | ||
516 | // Implementations seem to be tolerant of them, and stripping them would | ||
517 | // make it complex to guarantee matching re-serialization. | ||
516 | _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)}) | 518 | _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)}) |
517 | if err == nil { | 519 | if err == nil { |
518 | _, err = w.Write(mpiBytes) | 520 | _, err = w.Write(mpiBytes) |
@@ -525,6 +527,18 @@ func writeBig(w io.Writer, i *big.Int) error { | |||
525 | return writeMPI(w, uint16(i.BitLen()), i.Bytes()) | 527 | return writeMPI(w, uint16(i.BitLen()), i.Bytes()) |
526 | } | 528 | } |
527 | 529 | ||
530 | // padToKeySize left-pads a MPI with zeroes to match the length of the | ||
531 | // specified RSA public. | ||
532 | func padToKeySize(pub *rsa.PublicKey, b []byte) []byte { | ||
533 | k := (pub.N.BitLen() + 7) / 8 | ||
534 | if len(b) >= k { | ||
535 | return b | ||
536 | } | ||
537 | bb := make([]byte, k) | ||
538 | copy(bb[len(bb)-len(b):], b) | ||
539 | return bb | ||
540 | } | ||
541 | |||
528 | // CompressionAlgo Represents the different compression algorithms | 542 | // CompressionAlgo Represents the different compression algorithms |
529 | // supported by OpenPGP (except for BZIP2, which is not currently | 543 | // supported by OpenPGP (except for BZIP2, which is not currently |
530 | // supported). See Section 9.3 of RFC 4880. | 544 | // supported). See Section 9.3 of RFC 4880. |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go index 34734cc..bd31cce 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go | |||
@@ -64,14 +64,19 @@ func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateK | |||
64 | return pk | 64 | return pk |
65 | } | 65 | } |
66 | 66 | ||
67 | // NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that | 67 | // NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that |
68 | // implements RSA or ECDSA. | 68 | // implements RSA or ECDSA. |
69 | func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey { | 69 | func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey { |
70 | pk := new(PrivateKey) | 70 | pk := new(PrivateKey) |
71 | // In general, the public Keys should be used as pointers. We still | ||
72 | // type-switch on the values, for backwards-compatibility. | ||
71 | switch pubkey := signer.Public().(type) { | 73 | switch pubkey := signer.Public().(type) { |
74 | case *rsa.PublicKey: | ||
75 | pk.PublicKey = *NewRSAPublicKey(currentTime, pubkey) | ||
72 | case rsa.PublicKey: | 76 | case rsa.PublicKey: |
73 | pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey) | 77 | pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey) |
74 | pk.PubKeyAlgo = PubKeyAlgoRSASignOnly | 78 | case *ecdsa.PublicKey: |
79 | pk.PublicKey = *NewECDSAPublicKey(currentTime, pubkey) | ||
75 | case ecdsa.PublicKey: | 80 | case ecdsa.PublicKey: |
76 | pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey) | 81 | pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey) |
77 | default: | 82 | default: |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/public_key.go b/vendor/golang.org/x/crypto/openpgp/packet/public_key.go index ead2623..fcd5f52 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/public_key.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/public_key.go | |||
@@ -244,7 +244,12 @@ func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey | |||
244 | } | 244 | } |
245 | 245 | ||
246 | pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y) | 246 | pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y) |
247 | pk.ec.p.bitLength = uint16(8 * len(pk.ec.p.bytes)) | 247 | |
248 | // The bit length is 3 (for the 0x04 specifying an uncompressed key) | ||
249 | // plus two field elements (for x and y), which are rounded up to the | ||
250 | // nearest byte. See https://tools.ietf.org/html/rfc6637#section-6 | ||
251 | fieldBytes := (pub.Curve.Params().BitSize + 7) & ^7 | ||
252 | pk.ec.p.bitLength = uint16(3 + fieldBytes + fieldBytes) | ||
248 | 253 | ||
249 | pk.setFingerPrintAndKeyId() | 254 | pk.setFingerPrintAndKeyId() |
250 | return pk | 255 | return pk |
@@ -515,7 +520,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro | |||
515 | switch pk.PubKeyAlgo { | 520 | switch pk.PubKeyAlgo { |
516 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: | 521 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: |
517 | rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey) | 522 | rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey) |
518 | err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes) | 523 | err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes)) |
519 | if err != nil { | 524 | if err != nil { |
520 | return errors.SignatureError("RSA verification failure") | 525 | return errors.SignatureError("RSA verification failure") |
521 | } | 526 | } |
@@ -566,7 +571,7 @@ func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err | |||
566 | switch pk.PubKeyAlgo { | 571 | switch pk.PubKeyAlgo { |
567 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: | 572 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: |
568 | rsaPublicKey := pk.PublicKey.(*rsa.PublicKey) | 573 | rsaPublicKey := pk.PublicKey.(*rsa.PublicKey) |
569 | if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil { | 574 | if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes)); err != nil { |
570 | return errors.SignatureError("RSA verification failure") | 575 | return errors.SignatureError("RSA verification failure") |
571 | } | 576 | } |
572 | return | 577 | return |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/signature.go b/vendor/golang.org/x/crypto/openpgp/packet/signature.go index 6ce0cbe..b2a24a5 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/signature.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/signature.go | |||
@@ -542,7 +542,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e | |||
542 | r, s, err = ecdsa.Sign(config.Random(), pk, digest) | 542 | r, s, err = ecdsa.Sign(config.Random(), pk, digest) |
543 | } else { | 543 | } else { |
544 | var b []byte | 544 | var b []byte |
545 | b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, nil) | 545 | b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash) |
546 | if err == nil { | 546 | if err == nil { |
547 | r, s, err = unwrapECDSASig(b) | 547 | r, s, err = unwrapECDSASig(b) |
548 | } | 548 | } |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go b/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go index 96a2b38..d19ffbc 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go | |||
@@ -80,7 +80,7 @@ func (uat *UserAttribute) Serialize(w io.Writer) (err error) { | |||
80 | 80 | ||
81 | // ImageData returns zero or more byte slices, each containing | 81 | // ImageData returns zero or more byte slices, each containing |
82 | // JPEG File Interchange Format (JFIF), for each photo in the | 82 | // JPEG File Interchange Format (JFIF), for each photo in the |
83 | // the user attribute packet. | 83 | // user attribute packet. |
84 | func (uat *UserAttribute) ImageData() (imageData [][]byte) { | 84 | func (uat *UserAttribute) ImageData() (imageData [][]byte) { |
85 | for _, sp := range uat.Contents { | 85 | for _, sp := range uat.Contents { |
86 | if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 { | 86 | if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 { |