diff options
author | Nathan Dench <ndenc2@gmail.com> | 2019-05-24 15:16:44 +1000 |
---|---|---|
committer | Nathan Dench <ndenc2@gmail.com> | 2019-05-24 15:16:44 +1000 |
commit | 107c1cdb09c575aa2f61d97f48d8587eb6bada4c (patch) | |
tree | ca7d008643efc555c388baeaf1d986e0b6b3e28c /vendor/golang.org/x/crypto | |
parent | 844b5a68d8af4791755b8f0ad293cc99f5959183 (diff) | |
download | terraform-provider-statuscake-107c1cdb09c575aa2f61d97f48d8587eb6bada4c.tar.gz terraform-provider-statuscake-107c1cdb09c575aa2f61d97f48d8587eb6bada4c.tar.zst terraform-provider-statuscake-107c1cdb09c575aa2f61d97f48d8587eb6bada4c.zip |
Upgrade to 0.12
Diffstat (limited to 'vendor/golang.org/x/crypto')
-rw-r--r-- | vendor/golang.org/x/crypto/blowfish/cipher.go | 8 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/cast5/cast5.go | 11 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/keys.go | 165 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go | 9 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/packet.go | 44 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/private_key.go | 9 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/public_key.go | 11 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/signature.go | 2 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/packet/userattribute.go | 2 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/openpgp/write.go | 174 |
10 files changed, 289 insertions, 146 deletions
diff --git a/vendor/golang.org/x/crypto/blowfish/cipher.go b/vendor/golang.org/x/crypto/blowfish/cipher.go index 2641dad..213bf20 100644 --- a/vendor/golang.org/x/crypto/blowfish/cipher.go +++ b/vendor/golang.org/x/crypto/blowfish/cipher.go | |||
@@ -3,6 +3,14 @@ | |||
3 | // license that can be found in the LICENSE file. | 3 | // license that can be found in the LICENSE file. |
4 | 4 | ||
5 | // Package blowfish implements Bruce Schneier's Blowfish encryption algorithm. | 5 | // Package blowfish implements Bruce Schneier's Blowfish encryption algorithm. |
6 | // | ||
7 | // Blowfish is a legacy cipher and its short block size makes it vulnerable to | ||
8 | // birthday bound attacks (see https://sweet32.info). It should only be used | ||
9 | // where compatibility with legacy systems, not security, is the goal. | ||
10 | // | ||
11 | // Deprecated: any new system should use AES (from crypto/aes, if necessary in | ||
12 | // an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from | ||
13 | // golang.org/x/crypto/chacha20poly1305). | ||
6 | package blowfish // import "golang.org/x/crypto/blowfish" | 14 | package blowfish // import "golang.org/x/crypto/blowfish" |
7 | 15 | ||
8 | // The code is a port of Bruce Schneier's C implementation. | 16 | // The code is a port of Bruce Schneier's C implementation. |
diff --git a/vendor/golang.org/x/crypto/cast5/cast5.go b/vendor/golang.org/x/crypto/cast5/cast5.go index 0b4af37..ddcbeb6 100644 --- a/vendor/golang.org/x/crypto/cast5/cast5.go +++ b/vendor/golang.org/x/crypto/cast5/cast5.go | |||
@@ -2,8 +2,15 @@ | |||
2 | // Use of this source code is governed by a BSD-style | 2 | // Use of this source code is governed by a BSD-style |
3 | // license that can be found in the LICENSE file. | 3 | // license that can be found in the LICENSE file. |
4 | 4 | ||
5 | // Package cast5 implements CAST5, as defined in RFC 2144. CAST5 is a common | 5 | // Package cast5 implements CAST5, as defined in RFC 2144. |
6 | // OpenPGP cipher. | 6 | // |
7 | // CAST5 is a legacy cipher and its short block size makes it vulnerable to | ||
8 | // birthday bound attacks (see https://sweet32.info). It should only be used | ||
9 | // where compatibility with legacy systems, not security, is the goal. | ||
10 | // | ||
11 | // Deprecated: any new system should use AES (from crypto/aes, if necessary in | ||
12 | // an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from | ||
13 | // golang.org/x/crypto/chacha20poly1305). | ||
7 | package cast5 // import "golang.org/x/crypto/cast5" | 14 | package cast5 // import "golang.org/x/crypto/cast5" |
8 | 15 | ||
9 | import "errors" | 16 | import "errors" |
diff --git a/vendor/golang.org/x/crypto/openpgp/keys.go b/vendor/golang.org/x/crypto/openpgp/keys.go index 744e293..3e25186 100644 --- a/vendor/golang.org/x/crypto/openpgp/keys.go +++ b/vendor/golang.org/x/crypto/openpgp/keys.go | |||
@@ -333,7 +333,6 @@ func ReadEntity(packets *packet.Reader) (*Entity, error) { | |||
333 | return nil, errors.StructuralError("primary key cannot be used for signatures") | 333 | return nil, errors.StructuralError("primary key cannot be used for signatures") |
334 | } | 334 | } |
335 | 335 | ||
336 | var current *Identity | ||
337 | var revocations []*packet.Signature | 336 | var revocations []*packet.Signature |
338 | EachPacket: | 337 | EachPacket: |
339 | for { | 338 | for { |
@@ -346,32 +345,8 @@ EachPacket: | |||
346 | 345 | ||
347 | switch pkt := p.(type) { | 346 | switch pkt := p.(type) { |
348 | case *packet.UserId: | 347 | case *packet.UserId: |
349 | current = new(Identity) | 348 | if err := addUserID(e, packets, pkt); err != nil { |
350 | current.Name = pkt.Id | 349 | return nil, err |
351 | current.UserId = pkt | ||
352 | e.Identities[pkt.Id] = current | ||
353 | |||
354 | for { | ||
355 | p, err = packets.Next() | ||
356 | if err == io.EOF { | ||
357 | return nil, io.ErrUnexpectedEOF | ||
358 | } else if err != nil { | ||
359 | return nil, err | ||
360 | } | ||
361 | |||
362 | sig, ok := p.(*packet.Signature) | ||
363 | if !ok { | ||
364 | return nil, errors.StructuralError("user ID packet not followed by self-signature") | ||
365 | } | ||
366 | |||
367 | if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId { | ||
368 | if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil { | ||
369 | return nil, errors.StructuralError("user ID self-signature invalid: " + err.Error()) | ||
370 | } | ||
371 | current.SelfSignature = sig | ||
372 | break | ||
373 | } | ||
374 | current.Signatures = append(current.Signatures, sig) | ||
375 | } | 350 | } |
376 | case *packet.Signature: | 351 | case *packet.Signature: |
377 | if pkt.SigType == packet.SigTypeKeyRevocation { | 352 | if pkt.SigType == packet.SigTypeKeyRevocation { |
@@ -380,11 +355,9 @@ EachPacket: | |||
380 | // TODO: RFC4880 5.2.1 permits signatures | 355 | // TODO: RFC4880 5.2.1 permits signatures |
381 | // directly on keys (eg. to bind additional | 356 | // directly on keys (eg. to bind additional |
382 | // revocation keys). | 357 | // revocation keys). |
383 | } else if current == nil { | ||
384 | return nil, errors.StructuralError("signature packet found before user id packet") | ||
385 | } else { | ||
386 | current.Signatures = append(current.Signatures, pkt) | ||
387 | } | 358 | } |
359 | // Else, ignoring the signature as it does not follow anything | ||
360 | // we would know to attach it to. | ||
388 | case *packet.PrivateKey: | 361 | case *packet.PrivateKey: |
389 | if pkt.IsSubkey == false { | 362 | if pkt.IsSubkey == false { |
390 | packets.Unread(p) | 363 | packets.Unread(p) |
@@ -425,33 +398,105 @@ EachPacket: | |||
425 | return e, nil | 398 | return e, nil |
426 | } | 399 | } |
427 | 400 | ||
401 | func addUserID(e *Entity, packets *packet.Reader, pkt *packet.UserId) error { | ||
402 | // Make a new Identity object, that we might wind up throwing away. | ||
403 | // We'll only add it if we get a valid self-signature over this | ||
404 | // userID. | ||
405 | identity := new(Identity) | ||
406 | identity.Name = pkt.Id | ||
407 | identity.UserId = pkt | ||
408 | |||
409 | for { | ||
410 | p, err := packets.Next() | ||
411 | if err == io.EOF { | ||
412 | break | ||
413 | } else if err != nil { | ||
414 | return err | ||
415 | } | ||
416 | |||
417 | sig, ok := p.(*packet.Signature) | ||
418 | if !ok { | ||
419 | packets.Unread(p) | ||
420 | break | ||
421 | } | ||
422 | |||
423 | if (sig.SigType == packet.SigTypePositiveCert || sig.SigType == packet.SigTypeGenericCert) && sig.IssuerKeyId != nil && *sig.IssuerKeyId == e.PrimaryKey.KeyId { | ||
424 | if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil { | ||
425 | return errors.StructuralError("user ID self-signature invalid: " + err.Error()) | ||
426 | } | ||
427 | identity.SelfSignature = sig | ||
428 | e.Identities[pkt.Id] = identity | ||
429 | } else { | ||
430 | identity.Signatures = append(identity.Signatures, sig) | ||
431 | } | ||
432 | } | ||
433 | |||
434 | return nil | ||
435 | } | ||
436 | |||
428 | func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error { | 437 | func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error { |
429 | var subKey Subkey | 438 | var subKey Subkey |
430 | subKey.PublicKey = pub | 439 | subKey.PublicKey = pub |
431 | subKey.PrivateKey = priv | 440 | subKey.PrivateKey = priv |
432 | p, err := packets.Next() | 441 | |
433 | if err == io.EOF { | 442 | for { |
434 | return io.ErrUnexpectedEOF | 443 | p, err := packets.Next() |
435 | } | 444 | if err == io.EOF { |
436 | if err != nil { | 445 | break |
437 | return errors.StructuralError("subkey signature invalid: " + err.Error()) | 446 | } else if err != nil { |
447 | return errors.StructuralError("subkey signature invalid: " + err.Error()) | ||
448 | } | ||
449 | |||
450 | sig, ok := p.(*packet.Signature) | ||
451 | if !ok { | ||
452 | packets.Unread(p) | ||
453 | break | ||
454 | } | ||
455 | |||
456 | if sig.SigType != packet.SigTypeSubkeyBinding && sig.SigType != packet.SigTypeSubkeyRevocation { | ||
457 | return errors.StructuralError("subkey signature with wrong type") | ||
458 | } | ||
459 | |||
460 | if err := e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, sig); err != nil { | ||
461 | return errors.StructuralError("subkey signature invalid: " + err.Error()) | ||
462 | } | ||
463 | |||
464 | switch sig.SigType { | ||
465 | case packet.SigTypeSubkeyRevocation: | ||
466 | subKey.Sig = sig | ||
467 | case packet.SigTypeSubkeyBinding: | ||
468 | |||
469 | if shouldReplaceSubkeySig(subKey.Sig, sig) { | ||
470 | subKey.Sig = sig | ||
471 | } | ||
472 | } | ||
438 | } | 473 | } |
439 | var ok bool | 474 | |
440 | subKey.Sig, ok = p.(*packet.Signature) | 475 | if subKey.Sig == nil { |
441 | if !ok { | ||
442 | return errors.StructuralError("subkey packet not followed by signature") | 476 | return errors.StructuralError("subkey packet not followed by signature") |
443 | } | 477 | } |
444 | if subKey.Sig.SigType != packet.SigTypeSubkeyBinding && subKey.Sig.SigType != packet.SigTypeSubkeyRevocation { | 478 | |
445 | return errors.StructuralError("subkey signature with wrong type") | ||
446 | } | ||
447 | err = e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, subKey.Sig) | ||
448 | if err != nil { | ||
449 | return errors.StructuralError("subkey signature invalid: " + err.Error()) | ||
450 | } | ||
451 | e.Subkeys = append(e.Subkeys, subKey) | 479 | e.Subkeys = append(e.Subkeys, subKey) |
480 | |||
452 | return nil | 481 | return nil |
453 | } | 482 | } |
454 | 483 | ||
484 | func shouldReplaceSubkeySig(existingSig, potentialNewSig *packet.Signature) bool { | ||
485 | if potentialNewSig == nil { | ||
486 | return false | ||
487 | } | ||
488 | |||
489 | if existingSig == nil { | ||
490 | return true | ||
491 | } | ||
492 | |||
493 | if existingSig.SigType == packet.SigTypeSubkeyRevocation { | ||
494 | return false // never override a revocation signature | ||
495 | } | ||
496 | |||
497 | return potentialNewSig.CreationTime.After(existingSig.CreationTime) | ||
498 | } | ||
499 | |||
455 | const defaultRSAKeyBits = 2048 | 500 | const defaultRSAKeyBits = 2048 |
456 | 501 | ||
457 | // NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a | 502 | // NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a |
@@ -486,7 +531,7 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err | |||
486 | } | 531 | } |
487 | isPrimaryId := true | 532 | isPrimaryId := true |
488 | e.Identities[uid.Id] = &Identity{ | 533 | e.Identities[uid.Id] = &Identity{ |
489 | Name: uid.Name, | 534 | Name: uid.Id, |
490 | UserId: uid, | 535 | UserId: uid, |
491 | SelfSignature: &packet.Signature{ | 536 | SelfSignature: &packet.Signature{ |
492 | CreationTime: currentTime, | 537 | CreationTime: currentTime, |
@@ -500,6 +545,10 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err | |||
500 | IssuerKeyId: &e.PrimaryKey.KeyId, | 545 | IssuerKeyId: &e.PrimaryKey.KeyId, |
501 | }, | 546 | }, |
502 | } | 547 | } |
548 | err = e.Identities[uid.Id].SelfSignature.SignUserId(uid.Id, e.PrimaryKey, e.PrivateKey, config) | ||
549 | if err != nil { | ||
550 | return nil, err | ||
551 | } | ||
503 | 552 | ||
504 | // If the user passes in a DefaultHash via packet.Config, | 553 | // If the user passes in a DefaultHash via packet.Config, |
505 | // set the PreferredHash for the SelfSignature. | 554 | // set the PreferredHash for the SelfSignature. |
@@ -507,6 +556,11 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err | |||
507 | e.Identities[uid.Id].SelfSignature.PreferredHash = []uint8{hashToHashId(config.DefaultHash)} | 556 | e.Identities[uid.Id].SelfSignature.PreferredHash = []uint8{hashToHashId(config.DefaultHash)} |
508 | } | 557 | } |
509 | 558 | ||
559 | // Likewise for DefaultCipher. | ||
560 | if config != nil && config.DefaultCipher != 0 { | ||
561 | e.Identities[uid.Id].SelfSignature.PreferredSymmetric = []uint8{uint8(config.DefaultCipher)} | ||
562 | } | ||
563 | |||
510 | e.Subkeys = make([]Subkey, 1) | 564 | e.Subkeys = make([]Subkey, 1) |
511 | e.Subkeys[0] = Subkey{ | 565 | e.Subkeys[0] = Subkey{ |
512 | PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey), | 566 | PublicKey: packet.NewRSAPublicKey(currentTime, &encryptingPriv.PublicKey), |
@@ -524,13 +578,16 @@ func NewEntity(name, comment, email string, config *packet.Config) (*Entity, err | |||
524 | } | 578 | } |
525 | e.Subkeys[0].PublicKey.IsSubkey = true | 579 | e.Subkeys[0].PublicKey.IsSubkey = true |
526 | e.Subkeys[0].PrivateKey.IsSubkey = true | 580 | e.Subkeys[0].PrivateKey.IsSubkey = true |
527 | 581 | err = e.Subkeys[0].Sig.SignKey(e.Subkeys[0].PublicKey, e.PrivateKey, config) | |
582 | if err != nil { | ||
583 | return nil, err | ||
584 | } | ||
528 | return e, nil | 585 | return e, nil |
529 | } | 586 | } |
530 | 587 | ||
531 | // SerializePrivate serializes an Entity, including private key material, to | 588 | // SerializePrivate serializes an Entity, including private key material, but |
532 | // the given Writer. For now, it must only be used on an Entity returned from | 589 | // excluding signatures from other entities, to the given Writer. |
533 | // NewEntity. | 590 | // Identities and subkeys are re-signed in case they changed since NewEntry. |
534 | // If config is nil, sensible defaults will be used. | 591 | // If config is nil, sensible defaults will be used. |
535 | func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) { | 592 | func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) { |
536 | err = e.PrivateKey.Serialize(w) | 593 | err = e.PrivateKey.Serialize(w) |
@@ -568,8 +625,8 @@ func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error | |||
568 | return nil | 625 | return nil |
569 | } | 626 | } |
570 | 627 | ||
571 | // Serialize writes the public part of the given Entity to w. (No private | 628 | // Serialize writes the public part of the given Entity to w, including |
572 | // key material will be output). | 629 | // signatures from other entities. No private key material will be output. |
573 | func (e *Entity) Serialize(w io.Writer) error { | 630 | func (e *Entity) Serialize(w io.Writer) error { |
574 | err := e.PrimaryKey.Serialize(w) | 631 | err := e.PrimaryKey.Serialize(w) |
575 | if err != nil { | 632 | if err != nil { |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go b/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go index 266840d..02b372c 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go | |||
@@ -42,12 +42,18 @@ func (e *EncryptedKey) parse(r io.Reader) (err error) { | |||
42 | switch e.Algo { | 42 | switch e.Algo { |
43 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: | 43 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: |
44 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) | 44 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) |
45 | if err != nil { | ||
46 | return | ||
47 | } | ||
45 | case PubKeyAlgoElGamal: | 48 | case PubKeyAlgoElGamal: |
46 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) | 49 | e.encryptedMPI1.bytes, e.encryptedMPI1.bitLength, err = readMPI(r) |
47 | if err != nil { | 50 | if err != nil { |
48 | return | 51 | return |
49 | } | 52 | } |
50 | e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r) | 53 | e.encryptedMPI2.bytes, e.encryptedMPI2.bitLength, err = readMPI(r) |
54 | if err != nil { | ||
55 | return | ||
56 | } | ||
51 | } | 57 | } |
52 | _, err = consumeAll(r) | 58 | _, err = consumeAll(r) |
53 | return | 59 | return |
@@ -72,7 +78,8 @@ func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error { | |||
72 | // padding oracle attacks. | 78 | // padding oracle attacks. |
73 | switch priv.PubKeyAlgo { | 79 | switch priv.PubKeyAlgo { |
74 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: | 80 | case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: |
75 | b, err = rsa.DecryptPKCS1v15(config.Random(), priv.PrivateKey.(*rsa.PrivateKey), e.encryptedMPI1.bytes) | 81 | k := priv.PrivateKey.(*rsa.PrivateKey) |
82 | b, err = rsa.DecryptPKCS1v15(config.Random(), k, padToKeySize(&k.PublicKey, e.encryptedMPI1.bytes)) | ||
76 | case PubKeyAlgoElGamal: | 83 | case PubKeyAlgoElGamal: |
77 | c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes) | 84 | c1 := new(big.Int).SetBytes(e.encryptedMPI1.bytes) |
78 | c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes) | 85 | c2 := new(big.Int).SetBytes(e.encryptedMPI2.bytes) |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go index 3eded93..5af64c5 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go | |||
@@ -11,10 +11,12 @@ import ( | |||
11 | "crypto/aes" | 11 | "crypto/aes" |
12 | "crypto/cipher" | 12 | "crypto/cipher" |
13 | "crypto/des" | 13 | "crypto/des" |
14 | "golang.org/x/crypto/cast5" | 14 | "crypto/rsa" |
15 | "golang.org/x/crypto/openpgp/errors" | ||
16 | "io" | 15 | "io" |
17 | "math/big" | 16 | "math/big" |
17 | |||
18 | "golang.org/x/crypto/cast5" | ||
19 | "golang.org/x/crypto/openpgp/errors" | ||
18 | ) | 20 | ) |
19 | 21 | ||
20 | // readFull is the same as io.ReadFull except that reading zero bytes returns | 22 | // readFull is the same as io.ReadFull except that reading zero bytes returns |
@@ -402,14 +404,16 @@ const ( | |||
402 | type PublicKeyAlgorithm uint8 | 404 | type PublicKeyAlgorithm uint8 |
403 | 405 | ||
404 | const ( | 406 | const ( |
405 | PubKeyAlgoRSA PublicKeyAlgorithm = 1 | 407 | PubKeyAlgoRSA PublicKeyAlgorithm = 1 |
406 | PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 | 408 | PubKeyAlgoElGamal PublicKeyAlgorithm = 16 |
407 | PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 | 409 | PubKeyAlgoDSA PublicKeyAlgorithm = 17 |
408 | PubKeyAlgoElGamal PublicKeyAlgorithm = 16 | ||
409 | PubKeyAlgoDSA PublicKeyAlgorithm = 17 | ||
410 | // RFC 6637, Section 5. | 410 | // RFC 6637, Section 5. |
411 | PubKeyAlgoECDH PublicKeyAlgorithm = 18 | 411 | PubKeyAlgoECDH PublicKeyAlgorithm = 18 |
412 | PubKeyAlgoECDSA PublicKeyAlgorithm = 19 | 412 | PubKeyAlgoECDSA PublicKeyAlgorithm = 19 |
413 | |||
414 | // Deprecated in RFC 4880, Section 13.5. Use key flags instead. | ||
415 | PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 | ||
416 | PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 | ||
413 | ) | 417 | ) |
414 | 418 | ||
415 | // CanEncrypt returns true if it's possible to encrypt a message to a public | 419 | // CanEncrypt returns true if it's possible to encrypt a message to a public |
@@ -500,19 +504,17 @@ func readMPI(r io.Reader) (mpi []byte, bitLength uint16, err error) { | |||
500 | numBytes := (int(bitLength) + 7) / 8 | 504 | numBytes := (int(bitLength) + 7) / 8 |
501 | mpi = make([]byte, numBytes) | 505 | mpi = make([]byte, numBytes) |
502 | _, err = readFull(r, mpi) | 506 | _, err = readFull(r, mpi) |
503 | return | 507 | // According to RFC 4880 3.2. we should check that the MPI has no leading |
504 | } | 508 | // zeroes (at least when not an encrypted MPI?), but this implementation |
505 | 509 | // does generate leading zeroes, so we keep accepting them. | |
506 | // mpiLength returns the length of the given *big.Int when serialized as an | ||
507 | // MPI. | ||
508 | func mpiLength(n *big.Int) (mpiLengthInBytes int) { | ||
509 | mpiLengthInBytes = 2 /* MPI length */ | ||
510 | mpiLengthInBytes += (n.BitLen() + 7) / 8 | ||
511 | return | 510 | return |
512 | } | 511 | } |
513 | 512 | ||
514 | // writeMPI serializes a big integer to w. | 513 | // writeMPI serializes a big integer to w. |
515 | func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) { | 514 | func writeMPI(w io.Writer, bitLength uint16, mpiBytes []byte) (err error) { |
515 | // Note that we can produce leading zeroes, in violation of RFC 4880 3.2. | ||
516 | // Implementations seem to be tolerant of them, and stripping them would | ||
517 | // make it complex to guarantee matching re-serialization. | ||
516 | _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)}) | 518 | _, err = w.Write([]byte{byte(bitLength >> 8), byte(bitLength)}) |
517 | if err == nil { | 519 | if err == nil { |
518 | _, err = w.Write(mpiBytes) | 520 | _, err = w.Write(mpiBytes) |
@@ -525,6 +527,18 @@ func writeBig(w io.Writer, i *big.Int) error { | |||
525 | return writeMPI(w, uint16(i.BitLen()), i.Bytes()) | 527 | return writeMPI(w, uint16(i.BitLen()), i.Bytes()) |
526 | } | 528 | } |
527 | 529 | ||
530 | // padToKeySize left-pads a MPI with zeroes to match the length of the | ||
531 | // specified RSA public. | ||
532 | func padToKeySize(pub *rsa.PublicKey, b []byte) []byte { | ||
533 | k := (pub.N.BitLen() + 7) / 8 | ||
534 | if len(b) >= k { | ||
535 | return b | ||
536 | } | ||
537 | bb := make([]byte, k) | ||
538 | copy(bb[len(bb)-len(b):], b) | ||
539 | return bb | ||
540 | } | ||
541 | |||
528 | // CompressionAlgo Represents the different compression algorithms | 542 | // CompressionAlgo Represents the different compression algorithms |
529 | // supported by OpenPGP (except for BZIP2, which is not currently | 543 | // supported by OpenPGP (except for BZIP2, which is not currently |
530 | // supported). See Section 9.3 of RFC 4880. | 544 | // supported). See Section 9.3 of RFC 4880. |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go index 34734cc..bd31cce 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/private_key.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/private_key.go | |||
@@ -64,14 +64,19 @@ func NewECDSAPrivateKey(currentTime time.Time, priv *ecdsa.PrivateKey) *PrivateK | |||
64 | return pk | 64 | return pk |
65 | } | 65 | } |
66 | 66 | ||
67 | // NewSignerPrivateKey creates a sign-only PrivateKey from a crypto.Signer that | 67 | // NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that |
68 | // implements RSA or ECDSA. | 68 | // implements RSA or ECDSA. |
69 | func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey { | 69 | func NewSignerPrivateKey(currentTime time.Time, signer crypto.Signer) *PrivateKey { |
70 | pk := new(PrivateKey) | 70 | pk := new(PrivateKey) |
71 | // In general, the public Keys should be used as pointers. We still | ||
72 | // type-switch on the values, for backwards-compatibility. | ||
71 | switch pubkey := signer.Public().(type) { | 73 | switch pubkey := signer.Public().(type) { |
74 | case *rsa.PublicKey: | ||
75 | pk.PublicKey = *NewRSAPublicKey(currentTime, pubkey) | ||
72 | case rsa.PublicKey: | 76 | case rsa.PublicKey: |
73 | pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey) | 77 | pk.PublicKey = *NewRSAPublicKey(currentTime, &pubkey) |
74 | pk.PubKeyAlgo = PubKeyAlgoRSASignOnly | 78 | case *ecdsa.PublicKey: |
79 | pk.PublicKey = *NewECDSAPublicKey(currentTime, pubkey) | ||
75 | case ecdsa.PublicKey: | 80 | case ecdsa.PublicKey: |
76 | pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey) | 81 | pk.PublicKey = *NewECDSAPublicKey(currentTime, &pubkey) |
77 | default: | 82 | default: |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/public_key.go b/vendor/golang.org/x/crypto/openpgp/packet/public_key.go index ead2623..fcd5f52 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/public_key.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/public_key.go | |||
@@ -244,7 +244,12 @@ func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey | |||
244 | } | 244 | } |
245 | 245 | ||
246 | pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y) | 246 | pk.ec.p.bytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y) |
247 | pk.ec.p.bitLength = uint16(8 * len(pk.ec.p.bytes)) | 247 | |
248 | // The bit length is 3 (for the 0x04 specifying an uncompressed key) | ||
249 | // plus two field elements (for x and y), which are rounded up to the | ||
250 | // nearest byte. See https://tools.ietf.org/html/rfc6637#section-6 | ||
251 | fieldBytes := (pub.Curve.Params().BitSize + 7) & ^7 | ||
252 | pk.ec.p.bitLength = uint16(3 + fieldBytes + fieldBytes) | ||
248 | 253 | ||
249 | pk.setFingerPrintAndKeyId() | 254 | pk.setFingerPrintAndKeyId() |
250 | return pk | 255 | return pk |
@@ -515,7 +520,7 @@ func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err erro | |||
515 | switch pk.PubKeyAlgo { | 520 | switch pk.PubKeyAlgo { |
516 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: | 521 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: |
517 | rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey) | 522 | rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey) |
518 | err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes) | 523 | err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes)) |
519 | if err != nil { | 524 | if err != nil { |
520 | return errors.SignatureError("RSA verification failure") | 525 | return errors.SignatureError("RSA verification failure") |
521 | } | 526 | } |
@@ -566,7 +571,7 @@ func (pk *PublicKey) VerifySignatureV3(signed hash.Hash, sig *SignatureV3) (err | |||
566 | switch pk.PubKeyAlgo { | 571 | switch pk.PubKeyAlgo { |
567 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: | 572 | case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: |
568 | rsaPublicKey := pk.PublicKey.(*rsa.PublicKey) | 573 | rsaPublicKey := pk.PublicKey.(*rsa.PublicKey) |
569 | if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, sig.RSASignature.bytes); err != nil { | 574 | if err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.bytes)); err != nil { |
570 | return errors.SignatureError("RSA verification failure") | 575 | return errors.SignatureError("RSA verification failure") |
571 | } | 576 | } |
572 | return | 577 | return |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/signature.go b/vendor/golang.org/x/crypto/openpgp/packet/signature.go index 6ce0cbe..b2a24a5 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/signature.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/signature.go | |||
@@ -542,7 +542,7 @@ func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err e | |||
542 | r, s, err = ecdsa.Sign(config.Random(), pk, digest) | 542 | r, s, err = ecdsa.Sign(config.Random(), pk, digest) |
543 | } else { | 543 | } else { |
544 | var b []byte | 544 | var b []byte |
545 | b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, nil) | 545 | b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash) |
546 | if err == nil { | 546 | if err == nil { |
547 | r, s, err = unwrapECDSASig(b) | 547 | r, s, err = unwrapECDSASig(b) |
548 | } | 548 | } |
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go b/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go index 96a2b38..d19ffbc 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/userattribute.go | |||
@@ -80,7 +80,7 @@ func (uat *UserAttribute) Serialize(w io.Writer) (err error) { | |||
80 | 80 | ||
81 | // ImageData returns zero or more byte slices, each containing | 81 | // ImageData returns zero or more byte slices, each containing |
82 | // JPEG File Interchange Format (JFIF), for each photo in the | 82 | // JPEG File Interchange Format (JFIF), for each photo in the |
83 | // the user attribute packet. | 83 | // user attribute packet. |
84 | func (uat *UserAttribute) ImageData() (imageData [][]byte) { | 84 | func (uat *UserAttribute) ImageData() (imageData [][]byte) { |
85 | for _, sp := range uat.Contents { | 85 | for _, sp := range uat.Contents { |
86 | if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 { | 86 | if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 { |
diff --git a/vendor/golang.org/x/crypto/openpgp/write.go b/vendor/golang.org/x/crypto/openpgp/write.go index 65a304c..4ee7178 100644 --- a/vendor/golang.org/x/crypto/openpgp/write.go +++ b/vendor/golang.org/x/crypto/openpgp/write.go | |||
@@ -164,12 +164,12 @@ func hashToHashId(h crypto.Hash) uint8 { | |||
164 | return v | 164 | return v |
165 | } | 165 | } |
166 | 166 | ||
167 | // Encrypt encrypts a message to a number of recipients and, optionally, signs | 167 | // writeAndSign writes the data as a payload package and, optionally, signs |
168 | // it. hints contains optional information, that is also encrypted, that aids | 168 | // it. hints contains optional information, that is also encrypted, |
169 | // the recipients in processing the message. The resulting WriteCloser must | 169 | // that aids the recipients in processing the message. The resulting |
170 | // be closed after the contents of the file have been written. | 170 | // WriteCloser must be closed after the contents of the file have been |
171 | // If config is nil, sensible defaults will be used. | 171 | // written. If config is nil, sensible defaults will be used. |
172 | func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { | 172 | func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { |
173 | var signer *packet.PrivateKey | 173 | var signer *packet.PrivateKey |
174 | if signed != nil { | 174 | if signed != nil { |
175 | signKey, ok := signed.signingKey(config.Now()) | 175 | signKey, ok := signed.signingKey(config.Now()) |
@@ -185,6 +185,83 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint | |||
185 | } | 185 | } |
186 | } | 186 | } |
187 | 187 | ||
188 | var hash crypto.Hash | ||
189 | for _, hashId := range candidateHashes { | ||
190 | if h, ok := s2k.HashIdToHash(hashId); ok && h.Available() { | ||
191 | hash = h | ||
192 | break | ||
193 | } | ||
194 | } | ||
195 | |||
196 | // If the hash specified by config is a candidate, we'll use that. | ||
197 | if configuredHash := config.Hash(); configuredHash.Available() { | ||
198 | for _, hashId := range candidateHashes { | ||
199 | if h, ok := s2k.HashIdToHash(hashId); ok && h == configuredHash { | ||
200 | hash = h | ||
201 | break | ||
202 | } | ||
203 | } | ||
204 | } | ||
205 | |||
206 | if hash == 0 { | ||
207 | hashId := candidateHashes[0] | ||
208 | name, ok := s2k.HashIdToString(hashId) | ||
209 | if !ok { | ||
210 | name = "#" + strconv.Itoa(int(hashId)) | ||
211 | } | ||
212 | return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)") | ||
213 | } | ||
214 | |||
215 | if signer != nil { | ||
216 | ops := &packet.OnePassSignature{ | ||
217 | SigType: packet.SigTypeBinary, | ||
218 | Hash: hash, | ||
219 | PubKeyAlgo: signer.PubKeyAlgo, | ||
220 | KeyId: signer.KeyId, | ||
221 | IsLast: true, | ||
222 | } | ||
223 | if err := ops.Serialize(payload); err != nil { | ||
224 | return nil, err | ||
225 | } | ||
226 | } | ||
227 | |||
228 | if hints == nil { | ||
229 | hints = &FileHints{} | ||
230 | } | ||
231 | |||
232 | w := payload | ||
233 | if signer != nil { | ||
234 | // If we need to write a signature packet after the literal | ||
235 | // data then we need to stop literalData from closing | ||
236 | // encryptedData. | ||
237 | w = noOpCloser{w} | ||
238 | |||
239 | } | ||
240 | var epochSeconds uint32 | ||
241 | if !hints.ModTime.IsZero() { | ||
242 | epochSeconds = uint32(hints.ModTime.Unix()) | ||
243 | } | ||
244 | literalData, err := packet.SerializeLiteral(w, hints.IsBinary, hints.FileName, epochSeconds) | ||
245 | if err != nil { | ||
246 | return nil, err | ||
247 | } | ||
248 | |||
249 | if signer != nil { | ||
250 | return signatureWriter{payload, literalData, hash, hash.New(), signer, config}, nil | ||
251 | } | ||
252 | return literalData, nil | ||
253 | } | ||
254 | |||
255 | // Encrypt encrypts a message to a number of recipients and, optionally, signs | ||
256 | // it. hints contains optional information, that is also encrypted, that aids | ||
257 | // the recipients in processing the message. The resulting WriteCloser must | ||
258 | // be closed after the contents of the file have been written. | ||
259 | // If config is nil, sensible defaults will be used. | ||
260 | func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { | ||
261 | if len(to) == 0 { | ||
262 | return nil, errors.InvalidArgumentError("no encryption recipient provided") | ||
263 | } | ||
264 | |||
188 | // These are the possible ciphers that we'll use for the message. | 265 | // These are the possible ciphers that we'll use for the message. |
189 | candidateCiphers := []uint8{ | 266 | candidateCiphers := []uint8{ |
190 | uint8(packet.CipherAES128), | 267 | uint8(packet.CipherAES128), |
@@ -194,6 +271,7 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint | |||
194 | // These are the possible hash functions that we'll use for the signature. | 271 | // These are the possible hash functions that we'll use for the signature. |
195 | candidateHashes := []uint8{ | 272 | candidateHashes := []uint8{ |
196 | hashToHashId(crypto.SHA256), | 273 | hashToHashId(crypto.SHA256), |
274 | hashToHashId(crypto.SHA384), | ||
197 | hashToHashId(crypto.SHA512), | 275 | hashToHashId(crypto.SHA512), |
198 | hashToHashId(crypto.SHA1), | 276 | hashToHashId(crypto.SHA1), |
199 | hashToHashId(crypto.RIPEMD160), | 277 | hashToHashId(crypto.RIPEMD160), |
@@ -241,33 +319,6 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint | |||
241 | } | 319 | } |
242 | } | 320 | } |
243 | 321 | ||
244 | var hash crypto.Hash | ||
245 | for _, hashId := range candidateHashes { | ||
246 | if h, ok := s2k.HashIdToHash(hashId); ok && h.Available() { | ||
247 | hash = h | ||
248 | break | ||
249 | } | ||
250 | } | ||
251 | |||
252 | // If the hash specified by config is a candidate, we'll use that. | ||
253 | if configuredHash := config.Hash(); configuredHash.Available() { | ||
254 | for _, hashId := range candidateHashes { | ||
255 | if h, ok := s2k.HashIdToHash(hashId); ok && h == configuredHash { | ||
256 | hash = h | ||
257 | break | ||
258 | } | ||
259 | } | ||
260 | } | ||
261 | |||
262 | if hash == 0 { | ||
263 | hashId := candidateHashes[0] | ||
264 | name, ok := s2k.HashIdToString(hashId) | ||
265 | if !ok { | ||
266 | name = "#" + strconv.Itoa(int(hashId)) | ||
267 | } | ||
268 | return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)") | ||
269 | } | ||
270 | |||
271 | symKey := make([]byte, cipher.KeySize()) | 322 | symKey := make([]byte, cipher.KeySize()) |
272 | if _, err := io.ReadFull(config.Random(), symKey); err != nil { | 323 | if _, err := io.ReadFull(config.Random(), symKey); err != nil { |
273 | return nil, err | 324 | return nil, err |
@@ -279,49 +330,38 @@ func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHint | |||
279 | } | 330 | } |
280 | } | 331 | } |
281 | 332 | ||
282 | encryptedData, err := packet.SerializeSymmetricallyEncrypted(ciphertext, cipher, symKey, config) | 333 | payload, err := packet.SerializeSymmetricallyEncrypted(ciphertext, cipher, symKey, config) |
283 | if err != nil { | 334 | if err != nil { |
284 | return | 335 | return |
285 | } | 336 | } |
286 | 337 | ||
287 | if signer != nil { | 338 | return writeAndSign(payload, candidateHashes, signed, hints, config) |
288 | ops := &packet.OnePassSignature{ | 339 | } |
289 | SigType: packet.SigTypeBinary, | ||
290 | Hash: hash, | ||
291 | PubKeyAlgo: signer.PubKeyAlgo, | ||
292 | KeyId: signer.KeyId, | ||
293 | IsLast: true, | ||
294 | } | ||
295 | if err := ops.Serialize(encryptedData); err != nil { | ||
296 | return nil, err | ||
297 | } | ||
298 | } | ||
299 | 340 | ||
300 | if hints == nil { | 341 | // Sign signs a message. The resulting WriteCloser must be closed after the |
301 | hints = &FileHints{} | 342 | // contents of the file have been written. hints contains optional information |
343 | // that aids the recipients in processing the message. | ||
344 | // If config is nil, sensible defaults will be used. | ||
345 | func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Config) (input io.WriteCloser, err error) { | ||
346 | if signed == nil { | ||
347 | return nil, errors.InvalidArgumentError("no signer provided") | ||
302 | } | 348 | } |
303 | 349 | ||
304 | w := encryptedData | 350 | // These are the possible hash functions that we'll use for the signature. |
305 | if signer != nil { | 351 | candidateHashes := []uint8{ |
306 | // If we need to write a signature packet after the literal | 352 | hashToHashId(crypto.SHA256), |
307 | // data then we need to stop literalData from closing | 353 | hashToHashId(crypto.SHA384), |
308 | // encryptedData. | 354 | hashToHashId(crypto.SHA512), |
309 | w = noOpCloser{encryptedData} | 355 | hashToHashId(crypto.SHA1), |
310 | 356 | hashToHashId(crypto.RIPEMD160), | |
311 | } | ||
312 | var epochSeconds uint32 | ||
313 | if !hints.ModTime.IsZero() { | ||
314 | epochSeconds = uint32(hints.ModTime.Unix()) | ||
315 | } | ||
316 | literalData, err := packet.SerializeLiteral(w, hints.IsBinary, hints.FileName, epochSeconds) | ||
317 | if err != nil { | ||
318 | return nil, err | ||
319 | } | 357 | } |
320 | 358 | defaultHashes := candidateHashes[len(candidateHashes)-1:] | |
321 | if signer != nil { | 359 | preferredHashes := signed.primaryIdentity().SelfSignature.PreferredHash |
322 | return signatureWriter{encryptedData, literalData, hash, hash.New(), signer, config}, nil | 360 | if len(preferredHashes) == 0 { |
361 | preferredHashes = defaultHashes | ||
323 | } | 362 | } |
324 | return literalData, nil | 363 | candidateHashes = intersectPreferences(candidateHashes, preferredHashes) |
364 | return writeAndSign(noOpCloser{output}, candidateHashes, signed, hints, config) | ||
325 | } | 365 | } |
326 | 366 | ||
327 | // signatureWriter hashes the contents of a message while passing it along to | 367 | // signatureWriter hashes the contents of a message while passing it along to |