diff options
Diffstat (limited to 'vendor/golang.org/x/crypto')
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go (renamed from vendor/golang.org/x/crypto/poly1305/bits_compat.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go (renamed from vendor/golang.org/x/crypto/poly1305/bits_go1.13.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go (renamed from vendor/golang.org/x/crypto/poly1305/mac_noasm.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/poly1305.go (renamed from vendor/golang.org/x/crypto/poly1305/poly1305.go) | 2 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go (renamed from vendor/golang.org/x/crypto/poly1305/sum_amd64.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s (renamed from vendor/golang.org/x/crypto/poly1305/sum_amd64.s) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go (renamed from vendor/golang.org/x/crypto/poly1305/sum_generic.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go (renamed from vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s (renamed from vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go (renamed from vendor/golang.org/x/crypto/poly1305/sum_s390x.go) | 0 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s (renamed from vendor/golang.org/x/crypto/poly1305/sum_s390x.s) | 2 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/certs.go | 24 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/cipher.go | 10 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/client.go | 15 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/common.go | 30 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/handshake.go | 29 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/keys.go | 9 | ||||
-rw-r--r-- | vendor/golang.org/x/crypto/ssh/server.go | 2 |
18 files changed, 100 insertions, 23 deletions
diff --git a/vendor/golang.org/x/crypto/poly1305/bits_compat.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go index 45b5c966b..45b5c966b 100644 --- a/vendor/golang.org/x/crypto/poly1305/bits_compat.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_compat.go diff --git a/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go index ed52b3418..ed52b3418 100644 --- a/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/bits_go1.13.go diff --git a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go index f184b67d9..f184b67d9 100644 --- a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go index 9d7a6af09..4aaea810a 100644 --- a/vendor/golang.org/x/crypto/poly1305/poly1305.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/poly1305.go @@ -15,7 +15,7 @@ // used with a fixed key in order to generate one-time keys from an nonce. // However, in this package AES isn't used and the one-time key is specified // directly. -package poly1305 // import "golang.org/x/crypto/poly1305" +package poly1305 import "crypto/subtle" diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go index 6d522333f..6d522333f 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.go diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s index 1d74f0f88..1d74f0f88 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s diff --git a/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go index c942a6590..c942a6590 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_generic.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go index 4a069941a..4a069941a 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.go diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s index 58422aad2..58422aad2 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64le.s diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go index 62cc9f847..62cc9f847 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s index 69c64f842..aa9e0494c 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s +++ b/vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s @@ -18,7 +18,7 @@ // value. These limbs are, for the most part, zero extended and // placed into 64-bit vector register elements. Each vector // register is 128-bits wide and so holds 2 of these elements. -// Using 26-bit limbs allows us plenty of headroom to accomodate +// Using 26-bit limbs allows us plenty of headroom to accommodate // accumulations before and after multiplication without // overflowing either 32-bits (before multiplication) or 64-bits // (after multiplication). diff --git a/vendor/golang.org/x/crypto/ssh/certs.go b/vendor/golang.org/x/crypto/ssh/certs.go index 916c840b6..6605bf644 100644 --- a/vendor/golang.org/x/crypto/ssh/certs.go +++ b/vendor/golang.org/x/crypto/ssh/certs.go @@ -14,7 +14,7 @@ import ( "time" ) -// These constants from [PROTOCOL.certkeys] represent the algorithm names +// These constants from [PROTOCOL.certkeys] represent the key algorithm names // for certificate types supported by this package. const ( CertAlgoRSAv01 = "ssh-rsa-cert-v01@openssh.com" @@ -27,6 +27,14 @@ const ( CertAlgoSKED25519v01 = "sk-ssh-ed25519-cert-v01@openssh.com" ) +// These constants from [PROTOCOL.certkeys] represent additional signature +// algorithm names for certificate types supported by this package. +const ( + CertSigAlgoRSAv01 = "ssh-rsa-cert-v01@openssh.com" + CertSigAlgoRSASHA2256v01 = "rsa-sha2-256-cert-v01@openssh.com" + CertSigAlgoRSASHA2512v01 = "rsa-sha2-512-cert-v01@openssh.com" +) + // Certificate types distinguish between host and user // certificates. The values can be set in the CertType field of // Certificate. @@ -423,6 +431,12 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error { } c.SignatureKey = authority.PublicKey() + if v, ok := authority.(AlgorithmSigner); ok { + if v.PublicKey().Type() == KeyAlgoRSA { + authority = &rsaSigner{v, SigAlgoRSASHA2512} + } + } + sig, err := authority.Sign(rand, c.bytesForSigning()) if err != nil { return err @@ -431,8 +445,14 @@ func (c *Certificate) SignCert(rand io.Reader, authority Signer) error { return nil } +// certAlgoNames includes a mapping from signature algorithms to the +// corresponding certificate signature algorithm. When a key type (such +// as ED25516) is associated with only one algorithm, the KeyAlgo +// constant is used instead of the SigAlgo. var certAlgoNames = map[string]string{ - KeyAlgoRSA: CertAlgoRSAv01, + SigAlgoRSA: CertSigAlgoRSAv01, + SigAlgoRSASHA2256: CertSigAlgoRSASHA2256v01, + SigAlgoRSASHA2512: CertSigAlgoRSASHA2512v01, KeyAlgoDSA: CertAlgoDSAv01, KeyAlgoECDSA256: CertAlgoECDSA256v01, KeyAlgoECDSA384: CertAlgoECDSA384v01, diff --git a/vendor/golang.org/x/crypto/ssh/cipher.go b/vendor/golang.org/x/crypto/ssh/cipher.go index 8bd6b3daf..f8bdf4984 100644 --- a/vendor/golang.org/x/crypto/ssh/cipher.go +++ b/vendor/golang.org/x/crypto/ssh/cipher.go @@ -18,7 +18,7 @@ import ( "io/ioutil" "golang.org/x/crypto/chacha20" - "golang.org/x/crypto/poly1305" + "golang.org/x/crypto/internal/poly1305" ) const ( @@ -394,6 +394,10 @@ func (c *gcmCipher) readCipherPacket(seqNum uint32, r io.Reader) ([]byte, error) } c.incIV() + if len(plain) == 0 { + return nil, errors.New("ssh: empty packet") + } + padding := plain[0] if padding < 4 { // padding is a byte, so it automatically satisfies @@ -710,6 +714,10 @@ func (c *chacha20Poly1305Cipher) readCipherPacket(seqNum uint32, r io.Reader) ([ plain := c.buf[4:contentEnd] s.XORKeyStream(plain, plain) + if len(plain) == 0 { + return nil, errors.New("ssh: empty packet") + } + padding := plain[0] if padding < 4 { // padding is a byte, so it automatically satisfies diff --git a/vendor/golang.org/x/crypto/ssh/client.go b/vendor/golang.org/x/crypto/ssh/client.go index 99f68bd32..ba8621a89 100644 --- a/vendor/golang.org/x/crypto/ssh/client.go +++ b/vendor/golang.org/x/crypto/ssh/client.go @@ -115,12 +115,25 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e // verifyHostKeySignature verifies the host key obtained in the key // exchange. -func verifyHostKeySignature(hostKey PublicKey, result *kexResult) error { +func verifyHostKeySignature(hostKey PublicKey, algo string, result *kexResult) error { sig, rest, ok := parseSignatureBody(result.Signature) if len(rest) > 0 || !ok { return errors.New("ssh: signature parse error") } + // For keys, underlyingAlgo is exactly algo. For certificates, + // we have to look up the underlying key algorithm that SSH + // uses to evaluate signatures. + underlyingAlgo := algo + for sigAlgo, certAlgo := range certAlgoNames { + if certAlgo == algo { + underlyingAlgo = sigAlgo + } + } + if sig.Format != underlyingAlgo { + return fmt.Errorf("ssh: invalid signature algorithm %q, expected %q", sig.Format, underlyingAlgo) + } + return hostKey.Verify(result.H, sig) } diff --git a/vendor/golang.org/x/crypto/ssh/common.go b/vendor/golang.org/x/crypto/ssh/common.go index 290382d05..5ae227574 100644 --- a/vendor/golang.org/x/crypto/ssh/common.go +++ b/vendor/golang.org/x/crypto/ssh/common.go @@ -69,11 +69,13 @@ var preferredKexAlgos = []string{ // supportedHostKeyAlgos specifies the supported host-key algorithms (i.e. methods // of authenticating servers) in preference order. var supportedHostKeyAlgos = []string{ - CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, + CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01, + CertSigAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoED25519v01, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, - KeyAlgoRSA, KeyAlgoDSA, + SigAlgoRSASHA2512, SigAlgoRSASHA2256, + SigAlgoRSA, KeyAlgoDSA, KeyAlgoED25519, } @@ -90,16 +92,20 @@ var supportedCompressions = []string{compressionNone} // hashFuncs keeps the mapping of supported algorithms to their respective // hashes needed for signature verification. var hashFuncs = map[string]crypto.Hash{ - KeyAlgoRSA: crypto.SHA1, - KeyAlgoDSA: crypto.SHA1, - KeyAlgoECDSA256: crypto.SHA256, - KeyAlgoECDSA384: crypto.SHA384, - KeyAlgoECDSA521: crypto.SHA512, - CertAlgoRSAv01: crypto.SHA1, - CertAlgoDSAv01: crypto.SHA1, - CertAlgoECDSA256v01: crypto.SHA256, - CertAlgoECDSA384v01: crypto.SHA384, - CertAlgoECDSA521v01: crypto.SHA512, + SigAlgoRSA: crypto.SHA1, + SigAlgoRSASHA2256: crypto.SHA256, + SigAlgoRSASHA2512: crypto.SHA512, + KeyAlgoDSA: crypto.SHA1, + KeyAlgoECDSA256: crypto.SHA256, + KeyAlgoECDSA384: crypto.SHA384, + KeyAlgoECDSA521: crypto.SHA512, + CertSigAlgoRSAv01: crypto.SHA1, + CertSigAlgoRSASHA2256v01: crypto.SHA256, + CertSigAlgoRSASHA2512v01: crypto.SHA512, + CertAlgoDSAv01: crypto.SHA1, + CertAlgoECDSA256v01: crypto.SHA256, + CertAlgoECDSA384v01: crypto.SHA384, + CertAlgoECDSA521v01: crypto.SHA512, } // unexpectedMessageError results when the SSH message that we received didn't diff --git a/vendor/golang.org/x/crypto/ssh/handshake.go b/vendor/golang.org/x/crypto/ssh/handshake.go index 2b10b05a4..05ad49c36 100644 --- a/vendor/golang.org/x/crypto/ssh/handshake.go +++ b/vendor/golang.org/x/crypto/ssh/handshake.go @@ -457,8 +457,15 @@ func (t *handshakeTransport) sendKexInit() error { if len(t.hostKeys) > 0 { for _, k := range t.hostKeys { - msg.ServerHostKeyAlgos = append( - msg.ServerHostKeyAlgos, k.PublicKey().Type()) + algo := k.PublicKey().Type() + switch algo { + case KeyAlgoRSA: + msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, []string{SigAlgoRSASHA2512, SigAlgoRSASHA2256, SigAlgoRSA}...) + case CertAlgoRSAv01: + msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, []string{CertSigAlgoRSASHA2512v01, CertSigAlgoRSASHA2256v01, CertSigAlgoRSAv01}...) + default: + msg.ServerHostKeyAlgos = append(msg.ServerHostKeyAlgos, algo) + } } } else { msg.ServerHostKeyAlgos = t.hostKeyAlgorithms @@ -614,8 +621,22 @@ func (t *handshakeTransport) enterKeyExchange(otherInitPacket []byte) error { func (t *handshakeTransport) server(kex kexAlgorithm, algs *algorithms, magics *handshakeMagics) (*kexResult, error) { var hostKey Signer for _, k := range t.hostKeys { - if algs.hostKey == k.PublicKey().Type() { + kt := k.PublicKey().Type() + if kt == algs.hostKey { hostKey = k + } else if signer, ok := k.(AlgorithmSigner); ok { + // Some signature algorithms don't show up as key types + // so we have to manually check for a compatible host key. + switch kt { + case KeyAlgoRSA: + if algs.hostKey == SigAlgoRSASHA2256 || algs.hostKey == SigAlgoRSASHA2512 { + hostKey = &rsaSigner{signer, algs.hostKey} + } + case CertAlgoRSAv01: + if algs.hostKey == CertSigAlgoRSASHA2256v01 || algs.hostKey == CertSigAlgoRSASHA2512v01 { + hostKey = &rsaSigner{signer, certToPrivAlgo(algs.hostKey)} + } + } } } @@ -634,7 +655,7 @@ func (t *handshakeTransport) client(kex kexAlgorithm, algs *algorithms, magics * return nil, err } - if err := verifyHostKeySignature(hostKey, result); err != nil { + if err := verifyHostKeySignature(hostKey, algs.hostKey, result); err != nil { return nil, err } diff --git a/vendor/golang.org/x/crypto/ssh/keys.go b/vendor/golang.org/x/crypto/ssh/keys.go index 31f26349a..c67d3a31c 100644 --- a/vendor/golang.org/x/crypto/ssh/keys.go +++ b/vendor/golang.org/x/crypto/ssh/keys.go @@ -939,6 +939,15 @@ func newDSAPrivateKey(key *dsa.PrivateKey) (Signer, error) { return &dsaPrivateKey{key}, nil } +type rsaSigner struct { + AlgorithmSigner + defaultAlgorithm string +} + +func (s *rsaSigner) Sign(rand io.Reader, data []byte) (*Signature, error) { + return s.AlgorithmSigner.SignWithAlgorithm(rand, data, s.defaultAlgorithm) +} + type wrappedSigner struct { signer crypto.Signer pubKey PublicKey diff --git a/vendor/golang.org/x/crypto/ssh/server.go b/vendor/golang.org/x/crypto/ssh/server.go index b6911e830..6a58e1208 100644 --- a/vendor/golang.org/x/crypto/ssh/server.go +++ b/vendor/golang.org/x/crypto/ssh/server.go @@ -284,7 +284,7 @@ func (s *connection) serverHandshake(config *ServerConfig) (*Permissions, error) func isAcceptableAlgo(algo string) bool { switch algo { - case KeyAlgoRSA, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519, + case SigAlgoRSA, SigAlgoRSASHA2256, SigAlgoRSASHA2512, KeyAlgoDSA, KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521, KeyAlgoSKECDSA256, KeyAlgoED25519, KeyAlgoSKED25519, CertAlgoRSAv01, CertAlgoDSAv01, CertAlgoECDSA256v01, CertAlgoECDSA384v01, CertAlgoECDSA521v01, CertAlgoSKECDSA256v01, CertAlgoED25519v01, CertAlgoSKED25519v01: return true } |