diff options
| author | Jhon Honce <jhonce@redhat.com> | 2020-09-23 08:19:05 -0700 |
|---|---|---|
| committer | Jhon Honce <jhonce@redhat.com> | 2020-09-29 08:46:44 -0700 |
| commit | 5aead1509c681de533b8966e781e15327fe35ab6 (patch) | |
| tree | 8ba86faa76299b04e902b3bf11c5b7ce9872192a /vendor/gopkg.in/square/go-jose.v2/cipher | |
| parent | 2ee415be90b8d6ab75f9fe579fc1b8690e023d3c (diff) | |
| download | podman-5aead1509c681de533b8966e781e15327fe35ab6.tar.gz podman-5aead1509c681de533b8966e781e15327fe35ab6.tar.bz2 podman-5aead1509c681de533b8966e781e15327fe35ab6.zip | |
Add X-Registry-Config support
* Refactor auth pkg to support X-Registry-Config
* Refactor build endpoint to support X-Registry-Config. Supports:
* --creds
* --authfile
* Added X-Reference-Id Header to http.Request to support log event
correlation
* Log headers from http.Request
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Diffstat (limited to 'vendor/gopkg.in/square/go-jose.v2/cipher')
| -rw-r--r-- | vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go b/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go index c128e327f..093c64674 100644 --- a/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go +++ b/vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go @@ -17,8 +17,10 @@ package josecipher import ( + "bytes" "crypto" "crypto/ecdsa" + "crypto/elliptic" "encoding/binary" ) @@ -44,16 +46,38 @@ func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, p panic("public key not on same curve as private key") } - z, _ := priv.PublicKey.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes()) - reader := NewConcatKDF(crypto.SHA256, z.Bytes(), algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{}) + z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes()) + zBytes := z.Bytes() + // Note that calling z.Bytes() on a big.Int may strip leading zero bytes from + // the returned byte array. This can lead to a problem where zBytes will be + // shorter than expected which breaks the key derivation. Therefore we must pad + // to the full length of the expected coordinate here before calling the KDF. + octSize := dSize(priv.Curve) + if len(zBytes) != octSize { + zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...) + } + + reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{}) key := make([]byte, size) // Read on the KDF will never fail _, _ = reader.Read(key) + return key } +// dSize returns the size in octets for a coordinate on a elliptic curve. +func dSize(curve elliptic.Curve) int { + order := curve.Params().P + bitLen := order.BitLen() + size := bitLen / 8 + if bitLen%8 != 0 { + size++ + } + return size +} + func lengthPrefixed(data []byte) []byte { out := make([]byte, len(data)+4) binary.BigEndian.PutUint32(out, uint32(len(data))) |