Merge v1.2.1-master

Signed-off-by: Emile Vauge <emile@vauge.com>
2017-04-11 17:10:46 +02:00 · 2017-04-11 17:10:46 +02:00 · aeb17182b4
commit aeb17182b4
parent a590155b0b
396 changed files with 27271 additions and 9969 deletions
--- a/vendor/gopkg.in/square/go-jose.v1/cipher/cbc_hmac.go
+++ b/vendor/gopkg.in/square/go-jose.v1/cipher/cbc_hmac.go
@ -82,7 +82,7 @@ func (ctx *cbcAEAD) Overhead() int {
 // Seal encrypts and authenticates the plaintext.
 func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte {
 	// Output buffer -- must take care not to mangle plaintext input.
-	ciphertext := make([]byte, len(plaintext)+ctx.Overhead())[:len(plaintext)]
+	ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)]
 	copy(ciphertext, plaintext)
 	ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize())

@ -91,7 +91,7 @@ func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte {
 	cbc.CryptBlocks(ciphertext, ciphertext)
 	authtag := ctx.computeAuthTag(data, nonce, ciphertext)

-	ret, out := resize(dst, len(dst)+len(ciphertext)+len(authtag))
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag)))
 	copy(out, ciphertext)
 	copy(out[len(ciphertext):], authtag)

@ -128,7 +128,7 @@ func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 		return nil, err
 	}

-	ret, out := resize(dst, len(dst)+len(plaintext))
+	ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext)))
 	copy(out, plaintext)

 	return ret, nil
@ -136,12 +136,12 @@ func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {

 // Compute an authentication tag
 func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte {
-	buffer := make([]byte, len(aad)+len(nonce)+len(ciphertext)+8)
+	buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8)
 	n := 0
 	n += copy(buffer, aad)
 	n += copy(buffer[n:], nonce)
 	n += copy(buffer[n:], ciphertext)
-	binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad)*8))
+	binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8)

 	// According to documentation, Write() on hash.Hash never fails.
 	hmac := hmac.New(ctx.hash, ctx.integrityKey)
@ -153,8 +153,8 @@ func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte {
 // resize ensures the the given slice has a capacity of at least n bytes.
 // If the capacity of the slice is less than n, a new slice is allocated
 // and the existing data will be copied.
-func resize(in []byte, n int) (head, tail []byte) {
-	if cap(in) >= n {
+func resize(in []byte, n uint64) (head, tail []byte) {
+	if uint64(cap(in)) >= n {
 		head = in[:n]
 	} else {
 		head = make([]byte, n)
@ -168,7 +168,7 @@ func resize(in []byte, n int) (head, tail []byte) {
 // Apply padding
 func padBuffer(buffer []byte, blockSize int) []byte {
 	missing := blockSize - (len(buffer) % blockSize)
-	ret, out := resize(buffer, len(buffer)+missing)
+	ret, out := resize(buffer, uint64(len(buffer))+uint64(missing))
 	padding := bytes.Repeat([]byte{byte(missing)}, missing)
 	copy(out, padding)
 	return ret
--- a/vendor/gopkg.in/square/go-jose.v1/cipher/concat_kdf.go
+++ b/vendor/gopkg.in/square/go-jose.v1/cipher/concat_kdf.go
@ -32,7 +32,7 @@ type concatKDF struct {

 // NewConcatKDF builds a KDF reader based on the given inputs.
 func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader {
-	buffer := make([]byte, len(algID)+len(ptyUInfo)+len(ptyVInfo)+len(supPubInfo)+len(supPrivInfo))
+	buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo)))
 	n := 0
 	n += copy(buffer, algID)
 	n += copy(buffer[n:], ptyUInfo)
--- a/vendor/gopkg.in/square/go-jose.v1/cipher/ecdh_es.go
+++ b/vendor/gopkg.in/square/go-jose.v1/cipher/ecdh_es.go
@ -23,7 +23,14 @@ import (
 )

 // DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA.
+// It is an error to call this function with a private/public key that are not on the same
+// curve. Callers must ensure that the keys are valid before calling this function. Output
+// size may be at most 1<<16 bytes (64 KiB).
 func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte {
+	if size > 1<<16 {
+		panic("ECDH-ES output size too large, must be less than 1<<16")
+	}
+
 	// algId, partyUInfo, partyVInfo inputs must be prefixed with the length
 	algID := lengthPrefixed([]byte(alg))
 	ptyUInfo := lengthPrefixed(apuData)
@ -33,6 +40,10 @@ func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, p
 	supPubInfo := make([]byte, 4)
 	binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8)

+	if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) {
+		panic("public key not on same curve as private key")
+	}
+
 	z, _ := priv.PublicKey.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes())
 	reader := NewConcatKDF(crypto.SHA256, z.Bytes(), algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{})