Removed deprecated functions in curve25519

* Replaced ScalarMult()/ScalarBaseMult() with X25519()
* version# bump
This commit is contained in:
Sudhi Herle 2020-01-09 15:19:17 -08:00
parent f32525a864
commit fbfcd37679
4 changed files with 31 additions and 45 deletions

4
go.mod
View file

@ -7,6 +7,6 @@ require (
github.com/gogo/protobuf v1.3.1 github.com/gogo/protobuf v1.3.1
github.com/opencoff/go-utils v0.4.1 github.com/opencoff/go-utils v0.4.1
github.com/opencoff/pflag v0.5.0 github.com/opencoff/pflag v0.5.0
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc golang.org/x/crypto v0.0.0-20200109152110-61a87790db17
gopkg.in/yaml.v2 v2.2.4 gopkg.in/yaml.v2 v2.2.7
) )

19
go.sum
View file

@ -4,25 +4,14 @@ github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/opencoff/go-utils v0.3.0 h1:/TQXjf50o3GSB9MItog5L8Gf4GWJ4B5+rmqjB4g2RZQ=
github.com/opencoff/go-utils v0.3.0/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
github.com/opencoff/go-utils v0.4.0 h1:pu08Om//u2+YGvLkHa2CyL6eI+/1J0bXih1Z6nuITp8=
github.com/opencoff/go-utils v0.4.0/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
github.com/opencoff/go-utils v0.4.1 h1:Ke4Q1Tl2GKMI+dwleuPNHH713ngRiNMOFIkymncHqXg= github.com/opencoff/go-utils v0.4.1 h1:Ke4Q1Tl2GKMI+dwleuPNHH713ngRiNMOFIkymncHqXg=
github.com/opencoff/go-utils v0.4.1/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM= github.com/opencoff/go-utils v0.4.1/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
github.com/opencoff/pflag v0.3.3 h1:yohZkwYGPkB34WXvUQzU5GyLhImnjfePDARUaE8me3U=
github.com/opencoff/pflag v0.3.3/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
github.com/opencoff/pflag v0.4.0 h1:Y+okQXIvgnGplXlKqqm0uWKQ0KaZLlvSBb4ChQ/3vFw=
github.com/opencoff/pflag v0.4.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
github.com/opencoff/pflag v0.4.1 h1:kORIcgXprp9zY60yeHqBUnz9Z/mLWzkcESzya0beJ2Y=
github.com/opencoff/pflag v0.4.1/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
github.com/opencoff/pflag v0.5.0 h1:kK3cSTlGj0fHby/PoFzHkf+Jx3PdiACJwzYDWEWlEKQ= github.com/opencoff/pflag v0.5.0 h1:kK3cSTlGj0fHby/PoFzHkf+Jx3PdiACJwzYDWEWlEKQ=
github.com/opencoff/pflag v0.5.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0= github.com/opencoff/pflag v0.5.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc h1:c0o/qxkaO2LF5t6fQrT4b5hzyggAkLLlCUjqfRxd8Q4= golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 h1:nVJ3guKA9qdkEQ3TUdXI9QSINo2CUPM/cySEvw2w8I0=
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200109152110-61a87790db17/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
@ -30,5 +19,5 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

View file

@ -481,34 +481,34 @@ func (pk *PublicKey) WrapKeyEphemeral(key []byte) (*WrappedKey, error) {
randread(newSK[:]) randread(newSK[:])
clamp(newSK[:]) clamp(newSK[:])
return wrapKey(pk, key, &newSK) return wrapKey(pk, key, newSK[:])
} }
// given a file-encryption-key, wrap it in the identity of the recipient 'pk' using our // given a file-encryption-key, wrap it in the identity of the recipient 'pk' using our
// secret key. This function identifies the sender. // secret key. This function identifies the sender.
func (sk *PrivateKey) WrapKey(pk *PublicKey, key []byte) (*WrappedKey, error) { func (sk *PrivateKey) WrapKey(pk *PublicKey, key []byte) (*WrappedKey, error) {
var ourSK [32]byte return wrapKey(pk, key, sk.toCurve25519SK())
copy(ourSK[:], sk.toCurve25519SK())
return wrapKey(pk, key, &ourSK)
} }
func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) { func wrapKey(pk *PublicKey, k []byte, ourSK []byte) (*WrappedKey, error) {
var curvePK, theirPK, shared [32]byte curvePK, err := curve25519.X25519(ourSK, curve25519.Basepoint)
if err != nil {
return nil, fmt.Errorf("wrap: %s", err)
}
copy(theirPK[:], pk.toCurve25519PK()) shared, err := curve25519.X25519(ourSK, pk.toCurve25519PK())
curve25519.ScalarBaseMult(&curvePK, ourSK) if err != nil {
curve25519.ScalarMult(&shared, ourSK, &theirPK) return nil, fmt.Errorf("wrap: %s", err)
}
ek, nonce, err := aeadSeal(k, shared[:], pk.Pk) ek, nonce, err := aeadSeal(k, shared, pk.Pk)
if err != nil { if err != nil {
return nil, fmt.Errorf("wrap: %s", err) return nil, fmt.Errorf("wrap: %s", err)
} }
return &WrappedKey{ return &WrappedKey{
PkHash: pk.hash, PkHash: pk.hash,
Pk: curvePK[:], Pk: curvePK,
Nonce: nonce, Nonce: nonce,
Key: ek, Key: ek,
}, nil }, nil
@ -516,27 +516,24 @@ func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
// Unwrap a wrapped key using the private key 'sk' // Unwrap a wrapped key using the private key 'sk'
func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, error) { func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, error) {
var shared, theirPK, ourSK [32]byte ourSK := sk.toCurve25519SK()
shared, err := curve25519.X25519(ourSK, w.Pk)
pk := sk.PublicKey() if err != nil {
return nil, fmt.Errorf("unwrap: %s", err)
copy(ourSK[:], sk.toCurve25519SK()) }
copy(theirPK[:], w.Pk)
curve25519.ScalarMult(&shared, &ourSK, &theirPK)
if senderPk != nil { if senderPk != nil {
var cPK, shared2 [32]byte shared2, err := curve25519.X25519(ourSK, senderPk.toCurve25519PK())
if err != nil {
return nil, fmt.Errorf("unwrap: %s", err)
}
curvePK := senderPk.toCurve25519PK() if subtle.ConstantTimeCompare(shared2, shared) != 1 {
copy(cPK[:], curvePK)
curve25519.ScalarMult(&shared2, &ourSK, &cPK)
if subtle.ConstantTimeCompare(shared2[:], shared[:]) != 1 {
return nil, fmt.Errorf("unwrap: sender validation failed") return nil, fmt.Errorf("unwrap: sender validation failed")
} }
} }
pk := sk.PublicKey()
key, err := aeadOpen(w.Key, w.Nonce, shared[:], pk.Pk) key, err := aeadOpen(w.Key, w.Nonce, shared[:], pk.Pk)
if err != nil { if err != nil {
return nil, err return nil, err

View file

@ -1 +1 @@
0.7.0 0.7.1