Updated to go1.18; minor code cleanups; updated dependencies

2022-03-20 20:15:15 -07:00 · 2022-03-20 20:15:15 -07:00 · bce89dacb0
commit bce89dacb0
parent 460f1cf703
4 changed files with 40 additions and 30 deletions
--- a/1
+++ b/1
@ -113,6 +113,7 @@ Options:
    -v, --verbose       Build verbosely (adds "-v" to go tooling) [False]
    --vet               Run "go vet" on modules named on the command line [False]
    -x                  Run in debug/trace mode [False]
+    --print-arch        Print the target architecture and exit
 EOF

    exit 0
--- a/go.mod
+++ b/go.mod
@ -1,14 +1,17 @@
 module github.com/opencoff/sigtool

-go 1.17
+go 1.18

 require (
 	github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a
 	github.com/gogo/protobuf v1.3.2
 	github.com/opencoff/go-utils v0.4.1
 	github.com/opencoff/pflag v0.5.0
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
-	gopkg.in/yaml.v2 v2.2.7
+	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
+	gopkg.in/yaml.v2 v2.4.0
 )

-require golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f // indirect
+require (
+	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
+	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect
+)
--- a/go.sum
+++ b/go.sum
@ -13,8 +13,9 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
+golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@ -26,8 +27,12 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@ -40,5 +45,5 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
-gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
--- a/sign/encrypt.go
+++ b/sign/encrypt.go
@ -129,22 +129,7 @@ func NewEncryptor(sk *PrivateKey, blksize uint64) (*Encryptor, error) {
 	randRead(key)
 	randRead(salt)

-	// if sender has provided their identity to authenticate, we sign the data-enc key
-	// and encrypt the signature. At no point will we send the sender's identity.
-	var senderSig []byte
-	if sk != nil {
-		sig, err := sk.SignMessage(key, "")
-		if err != nil {
-			return nil, fmt.Errorf("encrypt: can't sign: %w", err)
-		}
-
-		senderSig = sig.Sig
-	} else {
-		var zero [ed25519.SignatureSize]byte
-		senderSig = zero[:]
-	}
-
-	wSig, err := wrapSenderSig(senderSig, key, salt)
+	wSig, err := wrapSenderSig(sk, key, salt)
 	if err != nil {
 		return nil, fmt.Errorf("encrypt: %w", err)
 	}
@ -543,7 +528,25 @@ func (d *Decryptor) decrypt(i uint32) ([]byte, bool, error) {
 }

 // Wrap sender's signature of the encryption key
-func wrapSenderSig(sig []byte, key, salt []byte) ([]byte, error) {
+// if sender has provided their identity to authenticate, we sign the data-enc key
+// and encrypt the signature. At no point will we send the sender's identity.
+func wrapSenderSig(sk *PrivateKey, key, salt []byte) ([]byte, error) {
+	var zero [ed25519.SignatureSize]byte
+	var sig []byte
+
+	switch {
+	case sk == nil:
+		sig = zero[:]
+
+	default:
+		xsig, err := sk.SignMessage(key, "")
+		if err != nil {
+			return nil, fmt.Errorf("wrap: can't sign: %w", err)
+		}
+
+		sig = xsig.Sig
+	}
+
 	aes, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, fmt.Errorf("wrap: %w", err)
@ -588,6 +591,7 @@ func (d *Decryptor) verifySender(key []byte, sk *PrivateKey, senderPK *PublicKey

 	// Did the sender actually sign anything?
 	if subtle.ConstantTimeCompare(zero[:], sig) == 0 {
+		// we set this to indicate that the sender authenticated themselves;
 		d.auth = true

 		if senderPK != nil {
@ -595,8 +599,7 @@ func (d *Decryptor) verifySender(key []byte, sk *PrivateKey, senderPK *PublicKey
 				Sig: sig,
 			}

-			ok := senderPK.VerifyMessage(key, ss)
-			if !ok {
+			if ok := senderPK.VerifyMessage(key, ss); !ok {
 				return fmt.Errorf("unwrap: sender verification failed")
 			}
 		}
@ -605,9 +608,7 @@ func (d *Decryptor) verifySender(key []byte, sk *PrivateKey, senderPK *PublicKey
 }

 // Wrap data encryption key 'k' with the sender's PK and our ephemeral curve SK
-//  basically, we do two scalarmults:
-//    a) Ephemeral encryption/decryption SK x receiver PK
-//    b) Sender's  SK x receiver PK
+//  basically, we do a scalarmult: Ephemeral encryption/decryption SK x receiver PK
 func (e *Encryptor) wrapKey(pk *PublicKey) (*pb.WrappedKey, error) {
 	rxPK := pk.toCurve25519PK()
 	dkek, err := curve25519.X25519(e.encSK, rxPK)