Removed deprecated functions in curve25519
* Replaced ScalarMult()/ScalarBaseMult() with X25519() * version# bump
This commit is contained in:
Sudhi Herle
parent
f32525a864
commit
fbfcd37679
4 changed files with 31 additions and 45 deletions
4
go.mod
4
go.mod
|
|
@ -7,6 +7,6 @@ require (
|
||||||
github.com/gogo/protobuf v1.3.1
|
github.com/gogo/protobuf v1.3.1
|
||||||
github.com/opencoff/go-utils v0.4.1
|
github.com/opencoff/go-utils v0.4.1
|
||||||
github.com/opencoff/pflag v0.5.0
|
github.com/opencoff/pflag v0.5.0
|
||||||
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc
|
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17
|
||||||
gopkg.in/yaml.v2 v2.2.4
|
gopkg.in/yaml.v2 v2.2.7
|
||||||
)
|
)
|
||||||
|
|
|
||||||
19
go.sum
19
go.sum
|
|
@ -4,25 +4,14 @@ github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
|
||||||
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
|
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
|
||||||
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
|
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
|
||||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||||
github.com/opencoff/go-utils v0.3.0 h1:/TQXjf50o3GSB9MItog5L8Gf4GWJ4B5+rmqjB4g2RZQ=
|
|
||||||
github.com/opencoff/go-utils v0.3.0/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
|
|
||||||
github.com/opencoff/go-utils v0.4.0 h1:pu08Om//u2+YGvLkHa2CyL6eI+/1J0bXih1Z6nuITp8=
|
|
||||||
github.com/opencoff/go-utils v0.4.0/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
|
|
||||||
github.com/opencoff/go-utils v0.4.1 h1:Ke4Q1Tl2GKMI+dwleuPNHH713ngRiNMOFIkymncHqXg=
|
github.com/opencoff/go-utils v0.4.1 h1:Ke4Q1Tl2GKMI+dwleuPNHH713ngRiNMOFIkymncHqXg=
|
||||||
github.com/opencoff/go-utils v0.4.1/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
|
github.com/opencoff/go-utils v0.4.1/go.mod h1:c+7QUAiCCHcNH6OGvsZ0fviG7cgse8Y3ucg+xy7sGXM=
|
||||||
github.com/opencoff/pflag v0.3.3 h1:yohZkwYGPkB34WXvUQzU5GyLhImnjfePDARUaE8me3U=
|
|
||||||
github.com/opencoff/pflag v0.3.3/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
|
|
||||||
github.com/opencoff/pflag v0.4.0 h1:Y+okQXIvgnGplXlKqqm0uWKQ0KaZLlvSBb4ChQ/3vFw=
|
|
||||||
github.com/opencoff/pflag v0.4.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
|
|
||||||
github.com/opencoff/pflag v0.4.1 h1:kORIcgXprp9zY60yeHqBUnz9Z/mLWzkcESzya0beJ2Y=
|
|
||||||
github.com/opencoff/pflag v0.4.1/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
|
|
||||||
github.com/opencoff/pflag v0.5.0 h1:kK3cSTlGj0fHby/PoFzHkf+Jx3PdiACJwzYDWEWlEKQ=
|
github.com/opencoff/pflag v0.5.0 h1:kK3cSTlGj0fHby/PoFzHkf+Jx3PdiACJwzYDWEWlEKQ=
|
||||||
github.com/opencoff/pflag v0.5.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
|
github.com/opencoff/pflag v0.5.0/go.mod h1:mTLzGGUGda1Av3d34iAJlh0JIlRxmFZtmc6qoWPspK0=
|
||||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||||
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc h1:c0o/qxkaO2LF5t6fQrT4b5hzyggAkLLlCUjqfRxd8Q4=
|
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 h1:nVJ3guKA9qdkEQ3TUdXI9QSINo2CUPM/cySEvw2w8I0=
|
||||||
golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
golang.org/x/crypto v0.0.0-20200109152110-61a87790db17/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||||
golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413 h1:ULYEB3JvPRE/IfO+9uO7vKV/xzVTO7XPAwm8xbf4w2g=
|
|
||||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
|
golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
|
||||||
|
|
@ -30,5 +19,5 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||||
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
|
gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
|
||||||
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||||
|
|
|
||||||
|
|
@ -481,34 +481,34 @@ func (pk *PublicKey) WrapKeyEphemeral(key []byte) (*WrappedKey, error) {
|
||||||
randread(newSK[:])
|
randread(newSK[:])
|
||||||
clamp(newSK[:])
|
clamp(newSK[:])
|
||||||
|
|
||||||
return wrapKey(pk, key, &newSK)
|
return wrapKey(pk, key, newSK[:])
|
||||||
}
|
}
|
||||||
|
|
||||||
// given a file-encryption-key, wrap it in the identity of the recipient 'pk' using our
|
// given a file-encryption-key, wrap it in the identity of the recipient 'pk' using our
|
||||||
// secret key. This function identifies the sender.
|
// secret key. This function identifies the sender.
|
||||||
func (sk *PrivateKey) WrapKey(pk *PublicKey, key []byte) (*WrappedKey, error) {
|
func (sk *PrivateKey) WrapKey(pk *PublicKey, key []byte) (*WrappedKey, error) {
|
||||||
var ourSK [32]byte
|
return wrapKey(pk, key, sk.toCurve25519SK())
|
||||||
|
|
||||||
copy(ourSK[:], sk.toCurve25519SK())
|
|
||||||
|
|
||||||
return wrapKey(pk, key, &ourSK)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
|
func wrapKey(pk *PublicKey, k []byte, ourSK []byte) (*WrappedKey, error) {
|
||||||
var curvePK, theirPK, shared [32]byte
|
curvePK, err := curve25519.X25519(ourSK, curve25519.Basepoint)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("wrap: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
copy(theirPK[:], pk.toCurve25519PK())
|
shared, err := curve25519.X25519(ourSK, pk.toCurve25519PK())
|
||||||
curve25519.ScalarBaseMult(&curvePK, ourSK)
|
if err != nil {
|
||||||
curve25519.ScalarMult(&shared, ourSK, &theirPK)
|
return nil, fmt.Errorf("wrap: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
ek, nonce, err := aeadSeal(k, shared[:], pk.Pk)
|
ek, nonce, err := aeadSeal(k, shared, pk.Pk)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("wrap: %s", err)
|
return nil, fmt.Errorf("wrap: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return &WrappedKey{
|
return &WrappedKey{
|
||||||
PkHash: pk.hash,
|
PkHash: pk.hash,
|
||||||
Pk: curvePK[:],
|
Pk: curvePK,
|
||||||
Nonce: nonce,
|
Nonce: nonce,
|
||||||
Key: ek,
|
Key: ek,
|
||||||
}, nil
|
}, nil
|
||||||
|
|
@ -516,27 +516,24 @@ func wrapKey(pk *PublicKey, k []byte, ourSK *[32]byte) (*WrappedKey, error) {
|
||||||
|
|
||||||
// Unwrap a wrapped key using the private key 'sk'
|
// Unwrap a wrapped key using the private key 'sk'
|
||||||
func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, error) {
|
func (w *WrappedKey) UnwrapKey(sk *PrivateKey, senderPk *PublicKey) ([]byte, error) {
|
||||||
var shared, theirPK, ourSK [32]byte
|
ourSK := sk.toCurve25519SK()
|
||||||
|
shared, err := curve25519.X25519(ourSK, w.Pk)
|
||||||
pk := sk.PublicKey()
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("unwrap: %s", err)
|
||||||
copy(ourSK[:], sk.toCurve25519SK())
|
}
|
||||||
copy(theirPK[:], w.Pk)
|
|
||||||
curve25519.ScalarMult(&shared, &ourSK, &theirPK)
|
|
||||||
|
|
||||||
if senderPk != nil {
|
if senderPk != nil {
|
||||||
var cPK, shared2 [32]byte
|
shared2, err := curve25519.X25519(ourSK, senderPk.toCurve25519PK())
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("unwrap: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
curvePK := senderPk.toCurve25519PK()
|
if subtle.ConstantTimeCompare(shared2, shared) != 1 {
|
||||||
|
|
||||||
copy(cPK[:], curvePK)
|
|
||||||
curve25519.ScalarMult(&shared2, &ourSK, &cPK)
|
|
||||||
|
|
||||||
if subtle.ConstantTimeCompare(shared2[:], shared[:]) != 1 {
|
|
||||||
return nil, fmt.Errorf("unwrap: sender validation failed")
|
return nil, fmt.Errorf("unwrap: sender validation failed")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pk := sk.PublicKey()
|
||||||
key, err := aeadOpen(w.Key, w.Nonce, shared[:], pk.Pk)
|
key, err := aeadOpen(w.Key, w.Nonce, shared[:], pk.Pk)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
2
version
2
version
|
|
@ -1 +1 @@
|
||||||
0.7.0
|
0.7.1
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue