diff options
Diffstat (limited to 'vendor/gopkg.in/square/go-jose.v2/symmetric.go')
-rw-r--r-- | vendor/gopkg.in/square/go-jose.v2/symmetric.go | 360 |
1 files changed, 0 insertions, 360 deletions
diff --git a/vendor/gopkg.in/square/go-jose.v2/symmetric.go b/vendor/gopkg.in/square/go-jose.v2/symmetric.go deleted file mode 100644 index 5be00f925..000000000 --- a/vendor/gopkg.in/square/go-jose.v2/symmetric.go +++ /dev/null @@ -1,360 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/hmac" - "crypto/rand" - "crypto/sha256" - "crypto/sha512" - "crypto/subtle" - "errors" - "fmt" - "hash" - "io" - - "gopkg.in/square/go-jose.v2/cipher" -) - -// Random reader (stubbed out in tests) -var randReader = rand.Reader - -// Dummy key cipher for shared symmetric key mode -type symmetricKeyCipher struct { - key []byte // Pre-shared content-encryption key -} - -// Signer/verifier for MAC modes -type symmetricMac struct { - key []byte -} - -// Input/output from an AEAD operation -type aeadParts struct { - iv, ciphertext, tag []byte -} - -// A content cipher based on an AEAD construction -type aeadContentCipher struct { - keyBytes int - authtagBytes int - getAead func(key []byte) (cipher.AEAD, error) -} - -// Random key generator -type randomKeyGenerator struct { - size int -} - -// Static key generator -type staticKeyGenerator struct { - key []byte -} - -// Create a new content cipher based on AES-GCM -func newAESGCM(keySize int) contentCipher { - return &aeadContentCipher{ - keyBytes: keySize, - authtagBytes: 16, - getAead: func(key []byte) (cipher.AEAD, error) { - aes, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - - return cipher.NewGCM(aes) - }, - } -} - -// Create a new content cipher based on AES-CBC+HMAC -func newAESCBC(keySize int) contentCipher { - return &aeadContentCipher{ - keyBytes: keySize * 2, - authtagBytes: 16, - getAead: func(key []byte) (cipher.AEAD, error) { - return josecipher.NewCBCHMAC(key, aes.NewCipher) - }, - } -} - -// Get an AEAD cipher object for the given content encryption algorithm -func getContentCipher(alg ContentEncryption) contentCipher { - switch alg { - case A128GCM: - return newAESGCM(16) - case A192GCM: - return newAESGCM(24) - case A256GCM: - return newAESGCM(32) - case A128CBC_HS256: - return newAESCBC(16) - case A192CBC_HS384: - return newAESCBC(24) - case A256CBC_HS512: - return newAESCBC(32) - default: - return nil - } -} - -// newSymmetricRecipient creates a JWE encrypter based on AES-GCM key wrap. -func newSymmetricRecipient(keyAlg KeyAlgorithm, key []byte) (recipientKeyInfo, error) { - switch keyAlg { - case DIRECT, A128GCMKW, A192GCMKW, A256GCMKW, A128KW, A192KW, A256KW: - default: - return recipientKeyInfo{}, ErrUnsupportedAlgorithm - } - - return recipientKeyInfo{ - keyAlg: keyAlg, - keyEncrypter: &symmetricKeyCipher{ - key: key, - }, - }, nil -} - -// newSymmetricSigner creates a recipientSigInfo based on the given key. -func newSymmetricSigner(sigAlg SignatureAlgorithm, key []byte) (recipientSigInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch sigAlg { - case HS256, HS384, HS512: - default: - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - return recipientSigInfo{ - sigAlg: sigAlg, - signer: &symmetricMac{ - key: key, - }, - }, nil -} - -// Generate a random key for the given content cipher -func (ctx randomKeyGenerator) genKey() ([]byte, rawHeader, error) { - key := make([]byte, ctx.size) - _, err := io.ReadFull(randReader, key) - if err != nil { - return nil, rawHeader{}, err - } - - return key, rawHeader{}, nil -} - -// Key size for random generator -func (ctx randomKeyGenerator) keySize() int { - return ctx.size -} - -// Generate a static key (for direct mode) -func (ctx staticKeyGenerator) genKey() ([]byte, rawHeader, error) { - cek := make([]byte, len(ctx.key)) - copy(cek, ctx.key) - return cek, rawHeader{}, nil -} - -// Key size for static generator -func (ctx staticKeyGenerator) keySize() int { - return len(ctx.key) -} - -// Get key size for this cipher -func (ctx aeadContentCipher) keySize() int { - return ctx.keyBytes -} - -// Encrypt some data -func (ctx aeadContentCipher) encrypt(key, aad, pt []byte) (*aeadParts, error) { - // Get a new AEAD instance - aead, err := ctx.getAead(key) - if err != nil { - return nil, err - } - - // Initialize a new nonce - iv := make([]byte, aead.NonceSize()) - _, err = io.ReadFull(randReader, iv) - if err != nil { - return nil, err - } - - ciphertextAndTag := aead.Seal(nil, iv, pt, aad) - offset := len(ciphertextAndTag) - ctx.authtagBytes - - return &aeadParts{ - iv: iv, - ciphertext: ciphertextAndTag[:offset], - tag: ciphertextAndTag[offset:], - }, nil -} - -// Decrypt some data -func (ctx aeadContentCipher) decrypt(key, aad []byte, parts *aeadParts) ([]byte, error) { - aead, err := ctx.getAead(key) - if err != nil { - return nil, err - } - - return aead.Open(nil, parts.iv, append(parts.ciphertext, parts.tag...), aad) -} - -// Encrypt the content encryption key. -func (ctx *symmetricKeyCipher) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { - switch alg { - case DIRECT: - return recipientInfo{ - header: &rawHeader{}, - }, nil - case A128GCMKW, A192GCMKW, A256GCMKW: - aead := newAESGCM(len(ctx.key)) - - parts, err := aead.encrypt(ctx.key, []byte{}, cek) - if err != nil { - return recipientInfo{}, err - } - - header := &rawHeader{} - header.set(headerIV, newBuffer(parts.iv)) - header.set(headerTag, newBuffer(parts.tag)) - - return recipientInfo{ - header: header, - encryptedKey: parts.ciphertext, - }, nil - case A128KW, A192KW, A256KW: - block, err := aes.NewCipher(ctx.key) - if err != nil { - return recipientInfo{}, err - } - - jek, err := josecipher.KeyWrap(block, cek) - if err != nil { - return recipientInfo{}, err - } - - return recipientInfo{ - encryptedKey: jek, - header: &rawHeader{}, - }, nil - } - - return recipientInfo{}, ErrUnsupportedAlgorithm -} - -// Decrypt the content encryption key. -func (ctx *symmetricKeyCipher) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - switch headers.getAlgorithm() { - case DIRECT: - cek := make([]byte, len(ctx.key)) - copy(cek, ctx.key) - return cek, nil - case A128GCMKW, A192GCMKW, A256GCMKW: - aead := newAESGCM(len(ctx.key)) - - iv, err := headers.getIV() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid IV: %v", err) - } - tag, err := headers.getTag() - if err != nil { - return nil, fmt.Errorf("square/go-jose: invalid tag: %v", err) - } - - parts := &aeadParts{ - iv: iv.bytes(), - ciphertext: recipient.encryptedKey, - tag: tag.bytes(), - } - - cek, err := aead.decrypt(ctx.key, []byte{}, parts) - if err != nil { - return nil, err - } - - return cek, nil - case A128KW, A192KW, A256KW: - block, err := aes.NewCipher(ctx.key) - if err != nil { - return nil, err - } - - cek, err := josecipher.KeyUnwrap(block, recipient.encryptedKey) - if err != nil { - return nil, err - } - return cek, nil - } - - return nil, ErrUnsupportedAlgorithm -} - -// Sign the given payload -func (ctx symmetricMac) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - mac, err := ctx.hmac(payload, alg) - if err != nil { - return Signature{}, errors.New("square/go-jose: failed to compute hmac") - } - - return Signature{ - Signature: mac, - protected: &rawHeader{}, - }, nil -} - -// Verify the given payload -func (ctx symmetricMac) verifyPayload(payload []byte, mac []byte, alg SignatureAlgorithm) error { - expected, err := ctx.hmac(payload, alg) - if err != nil { - return errors.New("square/go-jose: failed to compute hmac") - } - - if len(mac) != len(expected) { - return errors.New("square/go-jose: invalid hmac") - } - - match := subtle.ConstantTimeCompare(mac, expected) - if match != 1 { - return errors.New("square/go-jose: invalid hmac") - } - - return nil -} - -// Compute the HMAC based on the given alg value -func (ctx symmetricMac) hmac(payload []byte, alg SignatureAlgorithm) ([]byte, error) { - var hash func() hash.Hash - - switch alg { - case HS256: - hash = sha256.New - case HS384: - hash = sha512.New384 - case HS512: - hash = sha512.New - default: - return nil, ErrUnsupportedAlgorithm - } - - hmac := hmac.New(hash, ctx.key) - - // According to documentation, Write() on hash never fails - _, _ = hmac.Write(payload) - return hmac.Sum(nil), nil -} |