Vendor Update (#16121)

* update github.com/PuerkitoBio/goquery * update github.com/alecthomas/chroma * update github.com/blevesearch/bleve/v2 * update github.com/caddyserver/certmagic * update github.com/go-enry/go-enry/v2 * update github.com/go-git/go-billy/v5 * update github.com/go-git/go-git/v5 * update github.com/go-redis/redis/v8 * update github.com/go-testfixtures/testfixtures/v3 * update github.com/jaytaylor/html2text * update github.com/json-iterator/go * update github.com/klauspost/compress * update github.com/markbates/goth * update github.com/mattn/go-isatty * update github.com/mholt/archiver/v3 * update github.com/microcosm-cc/bluemonday * update github.com/minio/minio-go/v7 * update github.com/prometheus/client_golang * update github.com/unrolled/render * update github.com/xanzy/go-gitlab * update github.com/yuin/goldmark * update github.com/yuin/goldmark-highlighting Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-06-10 16:44:25 +02:00 · 2021-06-10 16:44:25 +02:00 · 86e2789960
commit 86e2789960
parent f088dc4ea1
819 changed files with 38072 additions and 34969 deletions
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/x25519.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/x25519.go
@ -0,0 +1,157 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package ecdh implements ECDH encryption, suitable for OpenPGP,
+// as specified in RFC 6637, section 8.
+package ecdh
+
+import (
+	"errors"
+	"io"
+	"math/big"
+
+	"github.com/ProtonMail/go-crypto/openpgp/aes/keywrap"
+	"github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
+	"golang.org/x/crypto/curve25519"
+)
+
+// Generates a private-public key-pair.
+// 'priv' is a private key; a scalar belonging to the set
+// 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of the
+// curve. 'pub' is simply 'priv' * G where G is the base point.
+// See https://cr.yp.to/ecdh.html and RFC7748, sec 5.
+func x25519GenerateKeyPairBytes(rand io.Reader) (priv [32]byte, pub [32]byte, err error) {
+	var n, helper = new(big.Int), new(big.Int)
+	n.SetUint64(1)
+	n.Lsh(n, 252)
+	helper.SetString("27742317777372353535851937790883648493", 10)
+	n.Add(n, helper)
+
+	for true {
+		_, err = io.ReadFull(rand, priv[:])
+		if err != nil {
+			return
+		}
+		// The following ensures that the private key is a number of the form
+		// 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of
+		// of the curve.
+		priv[0] &= 248
+		priv[31] &= 127
+		priv[31] |= 64
+
+		// If the scalar is out of range, sample another random number.
+		if new(big.Int).SetBytes(priv[:]).Cmp(n) >= 0 {
+			continue
+		}
+
+		curve25519.ScalarBaseMult(&pub, &priv)
+		return
+	}
+	return
+}
+
+// X25519GenerateKey samples the key pair according to the correct distribution.
+// It also sets the given key-derivation function and returns the *PrivateKey
+// object along with an error.
+func X25519GenerateKey(rand io.Reader, kdf KDF) (priv *PrivateKey, err error) {
+	ci := ecc.FindByName("Curve25519")
+	priv = new(PrivateKey)
+	priv.PublicKey.Curve = ci.Curve
+	d, pubKey, err := x25519GenerateKeyPairBytes(rand)
+	if err != nil {
+		return nil, err
+	}
+	priv.PublicKey.KDF = kdf
+	priv.D = make([]byte, 32)
+	copyReversed(priv.D, d[:])
+	priv.PublicKey.CurveType = ci.CurveType
+	priv.PublicKey.Curve = ci.Curve
+	/*
+	 * Note that ECPoint.point differs from the definition of public keys in
+	 * [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is
+	 * more uniform with how big integers are represented in TLS, and (2) there
+	 * is an additional length byte (so ECpoint.point is actually 33 bytes),
+	 * again for uniformity (and extensibility).
+	 */
+	var encodedKey = make([]byte, 33)
+	encodedKey[0] = 0x40
+	copy(encodedKey[1:], pubKey[:])
+	priv.PublicKey.X = new(big.Int).SetBytes(encodedKey[:])
+	priv.PublicKey.Y = new(big.Int)
+	return priv, nil
+}
+
+func X25519Encrypt(random io.Reader, pub *PublicKey, msg, curveOID, fingerprint []byte) (vsG, c []byte, err error) {
+	d, ephemeralKey, err := x25519GenerateKeyPairBytes(random)
+	if err != nil {
+		return nil, nil, err
+	}
+	var pubKey [32]byte
+
+	if pub.X.BitLen() > 33*264 {
+		return nil, nil, errors.New("ecdh: invalid key")
+	}
+	copy(pubKey[:], pub.X.Bytes()[1:])
+
+	var zb [32]byte
+	curve25519.ScalarBaseMult(&zb, &d)
+	curve25519.ScalarMult(&zb, &d, &pubKey)
+	z, err := buildKey(pub, zb[:], curveOID, fingerprint, false, false)
+
+	if err != nil {
+		return nil, nil, err
+	}
+
+	if c, err = keywrap.Wrap(z, msg); err != nil {
+		return nil, nil, err
+	}
+
+	var vsg [33]byte
+	vsg[0] = 0x40
+	copy(vsg[1:], ephemeralKey[:])
+
+	return vsg[:], c, nil
+}
+
+func X25519Decrypt(priv *PrivateKey, vsG, m, curveOID, fingerprint []byte) (msg []byte, err error) {
+	var zb, d, ephemeralKey [32]byte
+	if len(vsG) != 33 || vsG[0] != 0x40 {
+		return nil, errors.New("ecdh: invalid key")
+	}
+	copy(ephemeralKey[:], vsG[1:33])
+
+	copyReversed(d[:], priv.D)
+	curve25519.ScalarBaseMult(&zb, &d)
+	curve25519.ScalarMult(&zb, &d, &ephemeralKey)
+
+	var c []byte
+
+	for i := 0; i < 3; i++ {
+		// Try buildKey three times for compat, see comments in buildKey.
+		z, err := buildKey(&priv.PublicKey, zb[:], curveOID, fingerprint, i == 1, i == 2)
+		if err != nil {
+			return nil, err
+		}
+
+		res, err := keywrap.Unwrap(z, m)
+		if i == 2 && err != nil {
+			// Only return an error after we've tried all variants of buildKey.
+			return nil, err
+		}
+
+		c = res
+		if err == nil {
+			break
+		}
+	}
+
+	return c[:len(c)-int(c[len(c)-1])], nil
+}
+
+func copyReversed(out []byte, in []byte) {
+	l := len(in)
+	for i := 0; i < l; i++ {
+		out[i] = in[l-i-1]
+	}
+}