Merge pull request #9264 from hashicorp/update-cty-funcs
Update github.com/hashicorp/go-cty-funcs to master
This commit is contained in:
commit
c084be974b
10
go.mod
10
go.mod
|
@ -70,11 +70,7 @@ require (
|
|||
github.com/hashicorp/errwrap v1.0.0
|
||||
github.com/hashicorp/go-checkpoint v0.0.0-20171009173528-1545e56e46de
|
||||
github.com/hashicorp/go-cleanhttp v0.5.1
|
||||
github.com/hashicorp/go-cty-funcs/cidr v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs/crypto v0.0.0-20200124154056-476681ae9d62
|
||||
github.com/hashicorp/go-cty-funcs/encoding v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs/filesystem v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs/uuid v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs v0.0.0-20200520133146-0d04eb807361
|
||||
github.com/hashicorp/go-getter/v2 v2.0.0-20200511085045-ad575698c524
|
||||
github.com/hashicorp/go-immutable-radix v1.1.0 // indirect
|
||||
github.com/hashicorp/go-msgpack v0.5.5 // indirect
|
||||
|
@ -152,10 +148,10 @@ require (
|
|||
github.com/xanzy/go-cloudstack v0.0.0-20190526095453-42f262b63ed0
|
||||
github.com/yandex-cloud/go-genproto v0.0.0-20190916101622-7617782d381e
|
||||
github.com/yandex-cloud/go-sdk v0.0.0-20190916101744-c781afa45829
|
||||
github.com/zclconf/go-cty v1.3.2-0.20200309235747-0b5d9cf50df7
|
||||
github.com/zclconf/go-cty v1.4.0
|
||||
github.com/zclconf/go-cty-yaml v1.0.1
|
||||
go.opencensus.io v0.22.3 // indirect
|
||||
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad
|
||||
golang.org/x/crypto v0.0.0-20200422194213-44a606286825
|
||||
golang.org/x/exp v0.0.0-20191129062945-2f5052295587 // indirect
|
||||
golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f // indirect
|
||||
golang.org/x/mobile v0.0.0-20191130191448-5c0e7e404af8
|
||||
|
|
21
go.sum
21
go.sum
|
@ -277,16 +277,8 @@ github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6K
|
|||
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
|
||||
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
|
||||
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
|
||||
github.com/hashicorp/go-cty-funcs/cidr v0.0.0-20200203151509-c92509f48b18 h1:XkNsY3+ulbaCO5Dubd9gpFI9FWRIjRWj7m/dn881cAU=
|
||||
github.com/hashicorp/go-cty-funcs/cidr v0.0.0-20200203151509-c92509f48b18/go.mod h1:0vJoZqJA0f/UCUiRBASXqc1TTlQufBwZpGfXfHAxSNA=
|
||||
github.com/hashicorp/go-cty-funcs/crypto v0.0.0-20200124154056-476681ae9d62 h1:lopgaqFWgt25jxPgadIuZxg1+AMt6NtZ9n2n/SWsR/A=
|
||||
github.com/hashicorp/go-cty-funcs/crypto v0.0.0-20200124154056-476681ae9d62/go.mod h1:e5OaPJuWGKrYY0miHdwWgnlKOtQ+itgsl/AtQqMdaWU=
|
||||
github.com/hashicorp/go-cty-funcs/encoding v0.0.0-20200203151509-c92509f48b18 h1:9njD0lH4TmWPf3RpgW4KVohsgOOZs8eTxO5l2fNZ5bs=
|
||||
github.com/hashicorp/go-cty-funcs/encoding v0.0.0-20200203151509-c92509f48b18/go.mod h1:Q/aJ+s3PMRuuQvDHQLzECc7IdUGT+Q64gxUXa6djhDc=
|
||||
github.com/hashicorp/go-cty-funcs/filesystem v0.0.0-20200203151509-c92509f48b18 h1:VfWkSNJneNfW5gIk8Mi338gTiKeMqhryLDKLx8R5p70=
|
||||
github.com/hashicorp/go-cty-funcs/filesystem v0.0.0-20200203151509-c92509f48b18/go.mod h1:Ax0PN5Le7AV107LPtaMyCzQ8JVcR5uHcSP9ytZj/yv8=
|
||||
github.com/hashicorp/go-cty-funcs/uuid v0.0.0-20200203151509-c92509f48b18 h1:CxYihpdHlBui2AhjjrpfyZ/ulB/SfPaiiiuz6jJm8q8=
|
||||
github.com/hashicorp/go-cty-funcs/uuid v0.0.0-20200203151509-c92509f48b18/go.mod h1:QFbv9KeSic7KIgfOYbUW02G4LxOf3Fh9Ylm4n174LUQ=
|
||||
github.com/hashicorp/go-cty-funcs v0.0.0-20200520133146-0d04eb807361 h1:qFuR7ZaMDC5xelTZeNwsJ90I4+4km7ACDdAP+2w84xI=
|
||||
github.com/hashicorp/go-cty-funcs v0.0.0-20200520133146-0d04eb807361/go.mod h1:Abjk0jbRkDaNCzsRhOv2iDCofYpX1eVsjozoiK63qLA=
|
||||
github.com/hashicorp/go-getter v1.4.1 h1:3A2Mh8smGFcf5M+gmcv898mZdrxpseik45IpcyISLsA=
|
||||
github.com/hashicorp/go-getter v1.4.1/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY=
|
||||
github.com/hashicorp/go-getter/v2 v2.0.0-20200511085045-ad575698c524 h1:xjV9iDvMeEgjUYEG3GB3KwN6OciqotOQk0J5ggl/B+E=
|
||||
|
@ -597,9 +589,8 @@ github.com/yandex-cloud/go-sdk v0.0.0-20190916101744-c781afa45829 h1:2FGwbx03GpP
|
|||
github.com/yandex-cloud/go-sdk v0.0.0-20190916101744-c781afa45829/go.mod h1:Eml0jFLU4VVHgIN8zPHMuNwZXVzUMILyO6lQZSfz854=
|
||||
github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s=
|
||||
github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
github.com/zclconf/go-cty v1.3.2-0.20200309235747-0b5d9cf50df7 h1:YyicOFRGFLIyzuZCaKFhIwg1JFpi+x1hEPlfNQUHq2I=
|
||||
github.com/zclconf/go-cty v1.3.2-0.20200309235747-0b5d9cf50df7/go.mod h1:nHzOclRkoj++EU9ZjSrZvRG0BXIWt8c7loYc0qXAFGQ=
|
||||
github.com/zclconf/go-cty v1.4.0 h1:+q+tmgyUB94HIdH/uVTIi/+kt3pt4sHwEZAcTyLoGsQ=
|
||||
github.com/zclconf/go-cty v1.4.0/go.mod h1:nHzOclRkoj++EU9ZjSrZvRG0BXIWt8c7loYc0qXAFGQ=
|
||||
github.com/zclconf/go-cty-yaml v1.0.1 h1:up11wlgAaDvlAGENcFDnZgkn0qUJurso7k6EpURKNF8=
|
||||
github.com/zclconf/go-cty-yaml v1.0.1/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
|
||||
go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
|
||||
|
@ -624,8 +615,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
|
|||
golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad h1:Jh8cai0fqIK+f6nG0UgPW5wFk8wmiMhM3AyciDBdtQg=
|
||||
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20200422194213-44a606286825 h1:dSChiwOTvzwbHFTMq2l6uRardHH7/E6SqEkqccinS/o=
|
||||
golang.org/x/crypto v0.0.0-20200422194213-44a606286825/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
module github.com/hashicorp/go-cty-funcs/cidr
|
||||
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/apparentlymart/go-cidr v1.0.1
|
||||
github.com/zclconf/go-cty v1.2.1
|
||||
golang.org/x/text v0.3.2 // indirect
|
||||
)
|
|
@ -1,22 +0,0 @@
|
|||
github.com/apparentlymart/go-cidr v1.0.1 h1:NmIwLZ/KdsjIUlhf+/Np40atNXm/+lZ5txfTJ/SpF+U=
|
||||
github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
|
||||
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8=
|
||||
github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
@ -1,12 +0,0 @@
|
|||
module github.com/hashicorp/go-cty-funcs/crypto
|
||||
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/google/uuid v1.1.1
|
||||
github.com/hashicorp/go-uuid v1.0.2
|
||||
github.com/mitchellh/go-homedir v1.1.0
|
||||
github.com/zclconf/go-cty v1.2.1
|
||||
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad
|
||||
golang.org/x/text v0.3.2 // indirect
|
||||
)
|
|
@ -1,32 +0,0 @@
|
|||
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
|
||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
|
||||
github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
|
||||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8=
|
||||
github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad h1:Jh8cai0fqIK+f6nG0UgPW5wFk8wmiMhM3AyciDBdtQg=
|
||||
golang.org/x/crypto v0.0.0-20200117160349-530e935923ad/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
@ -1,132 +1,12 @@
|
|||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"crypto/rsa"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
"encoding/hex"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"hash"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/mitchellh/go-homedir"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/function"
|
||||
)
|
||||
|
||||
// Base64Sha256Func is a function that computes the SHA256 hash of a given
|
||||
// string and encodes it with Base64.
|
||||
var Base64Sha256Func = makeStringHashFunction(sha256.New, base64.StdEncoding.EncodeToString)
|
||||
|
||||
// MakeFileBase64Sha256Func is a function that is like Base64Sha256Func but
|
||||
// reads the contents of a file rather than hashing a given literal string.
|
||||
func MakeFileBase64Sha256Func(baseDir string) function.Function {
|
||||
return makeFileHashFunction(baseDir, sha256.New, base64.StdEncoding.EncodeToString)
|
||||
}
|
||||
|
||||
// Base64Sha512Func is a function that computes the SHA256 hash of a given
|
||||
// string and encodes it with Base64.
|
||||
var Base64Sha512Func = makeStringHashFunction(sha512.New, base64.StdEncoding.EncodeToString)
|
||||
|
||||
// MakeFileBase64Sha512Func is a function that is like Base64Sha512Func but
|
||||
// reads the contents of a file rather than hashing a given literal string.
|
||||
func MakeFileBase64Sha512Func(baseDir string) function.Function {
|
||||
return makeFileHashFunction(baseDir, sha512.New, base64.StdEncoding.EncodeToString)
|
||||
}
|
||||
|
||||
// Md5Func is a function that computes the MD5 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Md5Func = makeStringHashFunction(md5.New, hex.EncodeToString)
|
||||
|
||||
// MakeFileMd5Func is a function that is like Md5Func but reads the contents of
|
||||
// a file rather than hashing a given literal string.
|
||||
func MakeFileMd5Func(baseDir string) function.Function {
|
||||
return makeFileHashFunction(baseDir, md5.New, hex.EncodeToString)
|
||||
}
|
||||
|
||||
// RsaDecryptFunc is a function that decrypts an RSA-encrypted ciphertext.
|
||||
var RsaDecryptFunc = function.New(&function.Spec{
|
||||
Params: []function.Parameter{
|
||||
{
|
||||
Name: "ciphertext",
|
||||
Type: cty.String,
|
||||
},
|
||||
{
|
||||
Name: "privatekey",
|
||||
Type: cty.String,
|
||||
},
|
||||
},
|
||||
Type: function.StaticReturnType(cty.String),
|
||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||
s := args[0].AsString()
|
||||
key := args[1].AsString()
|
||||
|
||||
b, err := base64.StdEncoding.DecodeString(s)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf("failed to decode input %q: cipher text must be base64-encoded", s)
|
||||
}
|
||||
|
||||
block, _ := pem.Decode([]byte(key))
|
||||
if block == nil {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf("failed to parse key: no key found")
|
||||
}
|
||||
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf(
|
||||
"failed to parse key: password protected keys are not supported. Please decrypt the key prior to use",
|
||||
)
|
||||
}
|
||||
|
||||
x509Key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
|
||||
out, err := rsa.DecryptPKCS1v15(nil, x509Key, b)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
|
||||
return cty.StringVal(string(out)), nil
|
||||
},
|
||||
})
|
||||
|
||||
// Sha1Func is a function that computes the SHA1 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Sha1Func = makeStringHashFunction(sha1.New, hex.EncodeToString)
|
||||
|
||||
// MakeFileSha1Func is a function that is like Sha1Func but reads the contents
|
||||
// of a file rather than hashing a given literal string.
|
||||
func MakeFileSha1Func(baseDir string) function.Function {
|
||||
return makeFileHashFunction(baseDir, sha1.New, hex.EncodeToString)
|
||||
}
|
||||
|
||||
// Sha256Func is a function that computes the SHA256 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Sha256Func = makeStringHashFunction(sha256.New, hex.EncodeToString)
|
||||
|
||||
// MakeFileSha256Func is a function that is like Sha256Func but reads the
|
||||
// contents of a file rather than hashing a given literal string.
|
||||
func MakeFileSha256Func(baseDir string) function.Function {
|
||||
return makeFileHashFunction(baseDir, sha256.New, hex.EncodeToString)
|
||||
}
|
||||
|
||||
// Sha512Func is a function that computes the SHA512 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Sha512Func = makeStringHashFunction(sha512.New, hex.EncodeToString)
|
||||
|
||||
// MakeFileSha512Func is a function that is like Sha512Func but reads the
|
||||
// contents of a file rather than hashing a given literal string.
|
||||
func MakeFileSha512Func(baseDir string) function.Function {
|
||||
return makeFileHashFunction(baseDir, sha512.New, hex.EncodeToString)
|
||||
}
|
||||
|
||||
func makeStringHashFunction(hf func() hash.Hash, enc func([]byte) string) function.Function {
|
||||
return function.New(&function.Spec{
|
||||
Params: []function.Parameter{
|
||||
|
@ -145,105 +25,3 @@ func makeStringHashFunction(hf func() hash.Hash, enc func([]byte) string) functi
|
|||
},
|
||||
})
|
||||
}
|
||||
|
||||
func makeFileHashFunction(baseDir string, hf func() hash.Hash, enc func([]byte) string) function.Function {
|
||||
return function.New(&function.Spec{
|
||||
Params: []function.Parameter{
|
||||
{
|
||||
Name: "path",
|
||||
Type: cty.String,
|
||||
},
|
||||
},
|
||||
Type: function.StaticReturnType(cty.String),
|
||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||
path := args[0].AsString()
|
||||
src, err := readFileBytes(baseDir, path)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
|
||||
h := hf()
|
||||
h.Write(src)
|
||||
rv := enc(h.Sum(nil))
|
||||
return cty.StringVal(rv), nil
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
// Base64Sha256 computes the SHA256 hash of a given string and encodes it with
|
||||
// Base64.
|
||||
//
|
||||
// The given string is first encoded as UTF-8 and then the SHA256 algorithm is
|
||||
// applied as defined in RFC 4634. The raw hash is then encoded with Base64
|
||||
// before returning. Terraform uses the "standard" Base64 alphabet as defined
|
||||
// in RFC 4648 section 4.
|
||||
func Base64Sha256(str cty.Value) (cty.Value, error) {
|
||||
return Base64Sha256Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// Base64Sha512 computes the SHA512 hash of a given string and encodes it with
|
||||
// Base64.
|
||||
//
|
||||
// The given string is first encoded as UTF-8 and then the SHA256 algorithm is
|
||||
// applied as defined in RFC 4634. The raw hash is then encoded with Base64
|
||||
// before returning. Terraform uses the "standard" Base64 alphabet as defined
|
||||
// in RFC 4648 section 4
|
||||
func Base64Sha512(str cty.Value) (cty.Value, error) {
|
||||
return Base64Sha512Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// Md5 computes the MD5 hash of a given string and encodes it with hexadecimal
|
||||
// digits.
|
||||
func Md5(str cty.Value) (cty.Value, error) {
|
||||
return Md5Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// RsaDecrypt decrypts an RSA-encrypted ciphertext, returning the corresponding
|
||||
// cleartext.
|
||||
func RsaDecrypt(ciphertext, privatekey cty.Value) (cty.Value, error) {
|
||||
return RsaDecryptFunc.Call([]cty.Value{ciphertext, privatekey})
|
||||
}
|
||||
|
||||
// Sha1 computes the SHA1 hash of a given string and encodes it with
|
||||
// hexadecimal digits.
|
||||
func Sha1(str cty.Value) (cty.Value, error) {
|
||||
return Sha1Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// Sha256 computes the SHA256 hash of a given string and encodes it with
|
||||
// hexadecimal digits.
|
||||
func Sha256(str cty.Value) (cty.Value, error) {
|
||||
return Sha256Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// Sha512 computes the SHA512 hash of a given string and encodes it with
|
||||
// hexadecimal digits.
|
||||
func Sha512(str cty.Value) (cty.Value, error) {
|
||||
return Sha512Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
func readFileBytes(baseDir, path string) ([]byte, error) {
|
||||
path, err := homedir.Expand(path)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to expand ~: %s", err)
|
||||
}
|
||||
|
||||
if !filepath.IsAbs(path) {
|
||||
path = filepath.Join(baseDir, path)
|
||||
}
|
||||
|
||||
// Ensure that the path is canonical for the host OS
|
||||
path = filepath.Clean(path)
|
||||
|
||||
src, err := ioutil.ReadFile(path)
|
||||
if err != nil {
|
||||
// ReadFile does not return Terraform-user-friendly error messages, so
|
||||
// we'll provide our own.
|
||||
if os.IsNotExist(err) {
|
||||
return nil, fmt.Errorf("no file exists at %s", path)
|
||||
}
|
||||
return nil, fmt.Errorf("failed to read %s", path)
|
||||
}
|
||||
|
||||
return src, nil
|
||||
}
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/md5"
|
||||
"encoding/hex"
|
||||
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
)
|
||||
|
||||
// Md5Func is a function that computes the MD5 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Md5Func = makeStringHashFunction(md5.New, hex.EncodeToString)
|
||||
|
||||
// Md5 computes the MD5 hash of a given string and encodes it with hexadecimal
|
||||
// digits.
|
||||
func Md5(str cty.Value) (cty.Value, error) {
|
||||
return Md5Func.Call([]cty.Value{str})
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/base64"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/function"
|
||||
)
|
||||
|
||||
// RsaDecryptFunc is a function that decrypts an RSA-encrypted ciphertext.
|
||||
var RsaDecryptFunc = function.New(&function.Spec{
|
||||
Params: []function.Parameter{
|
||||
{
|
||||
Name: "ciphertext",
|
||||
Type: cty.String,
|
||||
},
|
||||
{
|
||||
Name: "privatekey",
|
||||
Type: cty.String,
|
||||
},
|
||||
},
|
||||
Type: function.StaticReturnType(cty.String),
|
||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||
s := args[0].AsString()
|
||||
key := args[1].AsString()
|
||||
|
||||
b, err := base64.StdEncoding.DecodeString(s)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf("failed to decode input %q: cipher text must be base64-encoded", s)
|
||||
}
|
||||
|
||||
block, _ := pem.Decode([]byte(key))
|
||||
if block == nil {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf("failed to parse key: no key found")
|
||||
}
|
||||
if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf(
|
||||
"failed to parse key: password protected keys are not supported. Please decrypt the key prior to use",
|
||||
)
|
||||
}
|
||||
|
||||
x509Key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
|
||||
out, err := rsa.DecryptPKCS1v15(nil, x509Key, b)
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
|
||||
return cty.StringVal(string(out)), nil
|
||||
},
|
||||
})
|
||||
|
||||
// RsaDecrypt decrypts an RSA-encrypted ciphertext, returning the corresponding
|
||||
// cleartext.
|
||||
func RsaDecrypt(ciphertext, privatekey cty.Value) (cty.Value, error) {
|
||||
return RsaDecryptFunc.Call([]cty.Value{ciphertext, privatekey})
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"encoding/hex"
|
||||
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
)
|
||||
|
||||
// Sha1Func is a function that computes the SHA1 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Sha1Func = makeStringHashFunction(sha1.New, hex.EncodeToString)
|
||||
|
||||
// Sha256Func is a function that computes the SHA256 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Sha256Func = makeStringHashFunction(sha256.New, hex.EncodeToString)
|
||||
|
||||
// Sha512Func is a function that computes the SHA512 hash of a given string and
|
||||
// encodes it with hexadecimal digits.
|
||||
var Sha512Func = makeStringHashFunction(sha512.New, hex.EncodeToString)
|
||||
|
||||
// Sha1 computes the SHA1 hash of a given string and encodes it with
|
||||
// hexadecimal digits.
|
||||
func Sha1(str cty.Value) (cty.Value, error) {
|
||||
return Sha1Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// Sha256 computes the SHA256 hash of a given string and encodes it with
|
||||
// hexadecimal digits.
|
||||
func Sha256(str cty.Value) (cty.Value, error) {
|
||||
return Sha256Func.Call([]cty.Value{str})
|
||||
}
|
||||
|
||||
// Sha512 computes the SHA512 hash of a given string and encodes it with
|
||||
// hexadecimal digits.
|
||||
func Sha512(str cty.Value) (cty.Value, error) {
|
||||
return Sha512Func.Call([]cty.Value{str})
|
||||
}
|
|
@ -1,29 +0,0 @@
|
|||
package crypto
|
||||
|
||||
import (
|
||||
uuid "github.com/hashicorp/go-uuid"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/function"
|
||||
)
|
||||
|
||||
var UUIDFunc = function.New(&function.Spec{
|
||||
Params: []function.Parameter{},
|
||||
Type: function.StaticReturnType(cty.String),
|
||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||
result, err := uuid.GenerateUUID()
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
return cty.StringVal(result), nil
|
||||
},
|
||||
})
|
||||
|
||||
// UUID generates and returns a Type-4 UUID in the standard hexadecimal string
|
||||
// format.
|
||||
//
|
||||
// This is not a pure function: it will generate a different result for each
|
||||
// call. It must therefore be registered as an impure function in the function
|
||||
// table in the "lang" package.
|
||||
func UUID() (cty.Value, error) {
|
||||
return UUIDFunc.Call(nil)
|
||||
}
|
|
@ -1,48 +0,0 @@
|
|||
package crypto
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
uuidv5 "github.com/google/uuid"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/function"
|
||||
)
|
||||
|
||||
var UUIDV5Func = function.New(&function.Spec{
|
||||
Params: []function.Parameter{
|
||||
{
|
||||
Name: "namespace",
|
||||
Type: cty.String,
|
||||
},
|
||||
{
|
||||
Name: "name",
|
||||
Type: cty.String,
|
||||
},
|
||||
},
|
||||
Type: function.StaticReturnType(cty.String),
|
||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||
var namespace uuidv5.UUID
|
||||
switch {
|
||||
case args[0].AsString() == "dns":
|
||||
namespace = uuidv5.NameSpaceDNS
|
||||
case args[0].AsString() == "url":
|
||||
namespace = uuidv5.NameSpaceURL
|
||||
case args[0].AsString() == "oid":
|
||||
namespace = uuidv5.NameSpaceOID
|
||||
case args[0].AsString() == "x500":
|
||||
namespace = uuidv5.NameSpaceX500
|
||||
default:
|
||||
if namespace, err = uuidv5.Parse(args[0].AsString()); err != nil {
|
||||
return cty.UnknownVal(cty.String), fmt.Errorf("uuidv5() doesn't support namespace %s (%v)", args[0].AsString(), err)
|
||||
}
|
||||
}
|
||||
val := args[1].AsString()
|
||||
return cty.StringVal(uuidv5.NewSHA1(namespace, []byte(val)).String()), nil
|
||||
},
|
||||
})
|
||||
|
||||
// UUIDV5 generates and returns a Type-5 UUID in the standard hexadecimal
|
||||
// string format.
|
||||
func UUIDV5(namespace cty.Value, name cty.Value) (cty.Value, error) {
|
||||
return UUIDV5Func.Call([]cty.Value{namespace, name})
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
module github.com/hashicorp/go-cty-funcs/encoding
|
||||
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/zclconf/go-cty v1.2.1
|
||||
golang.org/x/text v0.3.2 // indirect
|
||||
)
|
|
@ -1,20 +0,0 @@
|
|||
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8=
|
||||
github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
@ -1,9 +0,0 @@
|
|||
module github.com/hashicorp/go-cty-funcs/filesystem
|
||||
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/bmatcuk/doublestar v1.1.5
|
||||
github.com/mitchellh/go-homedir v1.1.0
|
||||
github.com/zclconf/go-cty v1.2.1
|
||||
)
|
|
@ -1,21 +0,0 @@
|
|||
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
|
||||
github.com/bmatcuk/doublestar v1.1.5 h1:2bNwBOmhyFEFcoB3tGvTD5xanq+4kyOZlB8wFYbMjkk=
|
||||
github.com/bmatcuk/doublestar v1.1.5/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
|
||||
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8=
|
||||
github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
@ -1,9 +0,0 @@
|
|||
module github.com/hashicorp/go-cty-funcs/uuid
|
||||
|
||||
go 1.13
|
||||
|
||||
require (
|
||||
github.com/google/uuid v1.1.1
|
||||
github.com/hashicorp/go-uuid v1.0.2
|
||||
github.com/zclconf/go-cty v1.2.1
|
||||
)
|
|
@ -1,21 +0,0 @@
|
|||
github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
|
||||
github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||
github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
|
||||
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
|
||||
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
|
||||
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
|
||||
github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE=
|
||||
github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
|
||||
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
|
||||
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
|
||||
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
|
||||
github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk=
|
||||
github.com/zclconf/go-cty v1.2.1 h1:vGMsygfmeCl4Xb6OA5U5XVAaQZ69FvoG7X2jUtQujb8=
|
||||
github.com/zclconf/go-cty v1.2.1/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8=
|
||||
golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
|
||||
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
|
@ -1,7 +1,7 @@
|
|||
package uuid
|
||||
|
||||
import (
|
||||
uuid "github.com/hashicorp/go-uuid"
|
||||
"github.com/google/uuid"
|
||||
"github.com/zclconf/go-cty/cty"
|
||||
"github.com/zclconf/go-cty/cty/function"
|
||||
)
|
||||
|
@ -10,11 +10,11 @@ var V4Func = function.New(&function.Spec{
|
|||
Params: []function.Parameter{},
|
||||
Type: function.StaticReturnType(cty.String),
|
||||
Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
|
||||
result, err := uuid.GenerateUUID()
|
||||
uuid, err := uuid.NewRandom()
|
||||
if err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
return cty.StringVal(result), nil
|
||||
return cty.StringVal(uuid.String()), nil
|
||||
},
|
||||
})
|
||||
|
||||
|
|
|
@ -375,6 +375,9 @@ var CeilFunc = function.New(&function.Spec{
|
|||
if err := gocty.FromCtyValue(args[0], &val); err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
if math.IsInf(val, 0) {
|
||||
return cty.NumberFloatVal(val), nil
|
||||
}
|
||||
return cty.NumberIntVal(int64(math.Ceil(val))), nil
|
||||
},
|
||||
})
|
||||
|
@ -394,6 +397,9 @@ var FloorFunc = function.New(&function.Spec{
|
|||
if err := gocty.FromCtyValue(args[0], &val); err != nil {
|
||||
return cty.UnknownVal(cty.String), err
|
||||
}
|
||||
if math.IsInf(val, 0) {
|
||||
return cty.NumberFloatVal(val), nil
|
||||
}
|
||||
return cty.NumberIntVal(int64(math.Floor(val))), nil
|
||||
},
|
||||
})
|
||||
|
|
|
@ -51,11 +51,31 @@ func (p Path) Index(v Value) Path {
|
|||
return ret
|
||||
}
|
||||
|
||||
// IndexInt is a typed convenience method for Index.
|
||||
func (p Path) IndexInt(v int) Path {
|
||||
return p.Index(NumberIntVal(int64(v)))
|
||||
}
|
||||
|
||||
// IndexString is a typed convenience method for Index.
|
||||
func (p Path) IndexString(v string) Path {
|
||||
return p.Index(StringVal(v))
|
||||
}
|
||||
|
||||
// IndexPath is a convenience method to start a new Path with an IndexStep.
|
||||
func IndexPath(v Value) Path {
|
||||
return Path{}.Index(v)
|
||||
}
|
||||
|
||||
// IndexIntPath is a typed convenience method for IndexPath.
|
||||
func IndexIntPath(v int) Path {
|
||||
return IndexPath(NumberIntVal(int64(v)))
|
||||
}
|
||||
|
||||
// IndexStringPath is a typed convenience method for IndexPath.
|
||||
func IndexStringPath(v string) Path {
|
||||
return IndexPath(StringVal(v))
|
||||
}
|
||||
|
||||
// GetAttr returns a new Path that is the reciever with a GetAttrStep appended
|
||||
// to the end.
|
||||
//
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build go1.11
|
||||
// +build !gccgo,!appengine
|
||||
// +build go1.11,!gccgo,!purego
|
||||
|
||||
package chacha20
|
||||
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build go1.11
|
||||
// +build !gccgo,!appengine
|
||||
// +build go1.11,!gccgo,!purego
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
|
|
|
@ -89,6 +89,7 @@ func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
|
|||
return nil, errors.New("chacha20: wrong nonce size")
|
||||
}
|
||||
|
||||
key, nonce = key[:KeySize], nonce[:NonceSize] // bounds check elimination hint
|
||||
c.key = [8]uint32{
|
||||
binary.LittleEndian.Uint32(key[0:4]),
|
||||
binary.LittleEndian.Uint32(key[4:8]),
|
||||
|
@ -136,6 +137,33 @@ func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
|
|||
return a, b, c, d
|
||||
}
|
||||
|
||||
// SetCounter sets the Cipher counter. The next invocation of XORKeyStream will
|
||||
// behave as if (64 * counter) bytes had been encrypted so far.
|
||||
//
|
||||
// To prevent accidental counter reuse, SetCounter panics if counter is
|
||||
// less than the current value.
|
||||
func (s *Cipher) SetCounter(counter uint32) {
|
||||
// Internally, s may buffer multiple blocks, which complicates this
|
||||
// implementation slightly. When checking whether the counter has rolled
|
||||
// back, we must use both s.counter and s.len to determine how many blocks
|
||||
// we have already output.
|
||||
outputCounter := s.counter - uint32(s.len)/blockSize
|
||||
if counter < outputCounter {
|
||||
panic("chacha20: SetCounter attempted to rollback counter")
|
||||
}
|
||||
|
||||
// In the general case, we set the new counter value and reset s.len to 0,
|
||||
// causing the next call to XORKeyStream to refill the buffer. However, if
|
||||
// we're advancing within the existing buffer, we can save work by simply
|
||||
// setting s.len.
|
||||
if counter < s.counter {
|
||||
s.len = int(s.counter-counter) * blockSize
|
||||
} else {
|
||||
s.counter = counter
|
||||
s.len = 0
|
||||
}
|
||||
}
|
||||
|
||||
// XORKeyStream XORs each byte in the given slice with a byte from the
|
||||
// cipher's key stream. Dst and src must overlap entirely or not at all.
|
||||
//
|
||||
|
@ -233,7 +261,9 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
|
|||
s.precompDone = true
|
||||
}
|
||||
|
||||
for i := 0; i < len(src); i += blockSize {
|
||||
// A condition of len(src) > 0 would be sufficient, but this also
|
||||
// acts as a bounds check elimination hint.
|
||||
for len(src) >= 64 && len(dst) >= 64 {
|
||||
// The remainder of the first column round.
|
||||
fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
|
||||
|
||||
|
@ -258,49 +288,31 @@ func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
|
|||
x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
|
||||
}
|
||||
|
||||
// Finally, add back the initial state to generate the key stream.
|
||||
x0 += c0
|
||||
x1 += c1
|
||||
x2 += c2
|
||||
x3 += c3
|
||||
x4 += c4
|
||||
x5 += c5
|
||||
x6 += c6
|
||||
x7 += c7
|
||||
x8 += c8
|
||||
x9 += c9
|
||||
x10 += c10
|
||||
x11 += c11
|
||||
x12 += s.counter
|
||||
x13 += c13
|
||||
x14 += c14
|
||||
x15 += c15
|
||||
// Add back the initial state to generate the key stream, then
|
||||
// XOR the key stream with the source and write out the result.
|
||||
addXor(dst[0:4], src[0:4], x0, c0)
|
||||
addXor(dst[4:8], src[4:8], x1, c1)
|
||||
addXor(dst[8:12], src[8:12], x2, c2)
|
||||
addXor(dst[12:16], src[12:16], x3, c3)
|
||||
addXor(dst[16:20], src[16:20], x4, c4)
|
||||
addXor(dst[20:24], src[20:24], x5, c5)
|
||||
addXor(dst[24:28], src[24:28], x6, c6)
|
||||
addXor(dst[28:32], src[28:32], x7, c7)
|
||||
addXor(dst[32:36], src[32:36], x8, c8)
|
||||
addXor(dst[36:40], src[36:40], x9, c9)
|
||||
addXor(dst[40:44], src[40:44], x10, c10)
|
||||
addXor(dst[44:48], src[44:48], x11, c11)
|
||||
addXor(dst[48:52], src[48:52], x12, s.counter)
|
||||
addXor(dst[52:56], src[52:56], x13, c13)
|
||||
addXor(dst[56:60], src[56:60], x14, c14)
|
||||
addXor(dst[60:64], src[60:64], x15, c15)
|
||||
|
||||
s.counter += 1
|
||||
if s.counter == 0 {
|
||||
panic("chacha20: internal error: counter overflow")
|
||||
}
|
||||
|
||||
in, out := src[i:], dst[i:]
|
||||
in, out = in[:blockSize], out[:blockSize] // bounds check elimination hint
|
||||
|
||||
// XOR the key stream with the source and write out the result.
|
||||
xor(out[0:], in[0:], x0)
|
||||
xor(out[4:], in[4:], x1)
|
||||
xor(out[8:], in[8:], x2)
|
||||
xor(out[12:], in[12:], x3)
|
||||
xor(out[16:], in[16:], x4)
|
||||
xor(out[20:], in[20:], x5)
|
||||
xor(out[24:], in[24:], x6)
|
||||
xor(out[28:], in[28:], x7)
|
||||
xor(out[32:], in[32:], x8)
|
||||
xor(out[36:], in[36:], x9)
|
||||
xor(out[40:], in[40:], x10)
|
||||
xor(out[44:], in[44:], x11)
|
||||
xor(out[48:], in[48:], x12)
|
||||
xor(out[52:], in[52:], x13)
|
||||
xor(out[56:], in[56:], x14)
|
||||
xor(out[60:], in[60:], x15)
|
||||
src, dst = src[blockSize:], dst[blockSize:]
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo appengine
|
||||
// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo purego
|
||||
|
||||
package chacha20
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
package chacha20
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
// The differences in this and the original implementation are
|
||||
// due to the calling conventions and initialization of constants.
|
||||
|
||||
// +build !gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
package chacha20
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
#include "go_asm.h"
|
||||
#include "textflag.h"
|
||||
|
|
|
@ -13,10 +13,10 @@ const unaligned = runtime.GOARCH == "386" ||
|
|||
runtime.GOARCH == "ppc64le" ||
|
||||
runtime.GOARCH == "s390x"
|
||||
|
||||
// xor reads a little endian uint32 from src, XORs it with u and
|
||||
// addXor reads a little endian uint32 from src, XORs it with (a + b) and
|
||||
// places the result in little endian byte order in dst.
|
||||
func xor(dst, src []byte, u uint32) {
|
||||
_, _ = src[3], dst[3] // eliminate bounds checks
|
||||
func addXor(dst, src []byte, a, b uint32) {
|
||||
_, _ = src[3], dst[3] // bounds check elimination hint
|
||||
if unaligned {
|
||||
// The compiler should optimize this code into
|
||||
// 32-bit unaligned little endian loads and stores.
|
||||
|
@ -27,15 +27,16 @@ func xor(dst, src []byte, u uint32) {
|
|||
v |= uint32(src[1]) << 8
|
||||
v |= uint32(src[2]) << 16
|
||||
v |= uint32(src[3]) << 24
|
||||
v ^= u
|
||||
v ^= a + b
|
||||
dst[0] = byte(v)
|
||||
dst[1] = byte(v >> 8)
|
||||
dst[2] = byte(v >> 16)
|
||||
dst[3] = byte(v >> 24)
|
||||
} else {
|
||||
dst[0] = src[0] ^ byte(u)
|
||||
dst[1] = src[1] ^ byte(u>>8)
|
||||
dst[2] = src[2] ^ byte(u>>16)
|
||||
dst[3] = src[3] ^ byte(u>>24)
|
||||
a += b
|
||||
dst[0] = src[0] ^ byte(a)
|
||||
dst[1] = src[1] ^ byte(a>>8)
|
||||
dst[2] = src[2] ^ byte(a>>16)
|
||||
dst[3] = src[3] ^ byte(a>>24)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,10 +2,8 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build !amd64,!ppc64le gccgo appengine
|
||||
// +build !amd64,!ppc64le gccgo purego
|
||||
|
||||
package poly1305
|
||||
|
||||
type mac struct{ macGeneric }
|
||||
|
||||
func newMAC(key *[32]byte) mac { return mac{newMACGeneric(key)} }
|
||||
|
|
|
@ -46,10 +46,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
|
|||
// two different messages with the same key allows an attacker
|
||||
// to forge messages at will.
|
||||
func New(key *[32]byte) *MAC {
|
||||
return &MAC{
|
||||
mac: newMAC(key),
|
||||
finalized: false,
|
||||
}
|
||||
m := &MAC{}
|
||||
initialize(key, &m.macState)
|
||||
return m
|
||||
}
|
||||
|
||||
// MAC is an io.Writer computing an authentication tag
|
||||
|
@ -58,7 +57,7 @@ func New(key *[32]byte) *MAC {
|
|||
// MAC cannot be used like common hash.Hash implementations,
|
||||
// because using a poly1305 key twice breaks its security.
|
||||
// Therefore writing data to a running MAC after calling
|
||||
// Sum causes it to panic.
|
||||
// Sum or Verify causes it to panic.
|
||||
type MAC struct {
|
||||
mac // platform-dependent implementation
|
||||
|
||||
|
@ -71,10 +70,10 @@ func (h *MAC) Size() int { return TagSize }
|
|||
// Write adds more data to the running message authentication code.
|
||||
// It never returns an error.
|
||||
//
|
||||
// It must not be called after the first call of Sum.
|
||||
// It must not be called after the first call of Sum or Verify.
|
||||
func (h *MAC) Write(p []byte) (n int, err error) {
|
||||
if h.finalized {
|
||||
panic("poly1305: write to MAC after Sum")
|
||||
panic("poly1305: write to MAC after Sum or Verify")
|
||||
}
|
||||
return h.mac.Write(p)
|
||||
}
|
||||
|
@ -87,3 +86,12 @@ func (h *MAC) Sum(b []byte) []byte {
|
|||
h.finalized = true
|
||||
return append(b, mac[:]...)
|
||||
}
|
||||
|
||||
// Verify returns whether the authenticator of all data written to
|
||||
// the message authentication code matches the expected value.
|
||||
func (h *MAC) Verify(expected []byte) bool {
|
||||
var mac [TagSize]byte
|
||||
h.mac.Sum(&mac)
|
||||
h.finalized = true
|
||||
return subtle.ConstantTimeCompare(expected, mac[:]) == 1
|
||||
}
|
||||
|
|
|
@ -2,24 +2,13 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build amd64,!gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
package poly1305
|
||||
|
||||
//go:noescape
|
||||
func update(state *macState, msg []byte)
|
||||
|
||||
func sum(out *[16]byte, m []byte, key *[32]byte) {
|
||||
h := newMAC(key)
|
||||
h.Write(m)
|
||||
h.Sum(out)
|
||||
}
|
||||
|
||||
func newMAC(key *[32]byte) (h mac) {
|
||||
initialize(key, &h.r, &h.s)
|
||||
return
|
||||
}
|
||||
|
||||
// mac is a wrapper for macGeneric that redirects calls that would have gone to
|
||||
// updateGeneric to update.
|
||||
//
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build amd64,!gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
|
|
|
@ -31,9 +31,10 @@ func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
|
|||
h.Sum(out)
|
||||
}
|
||||
|
||||
func newMACGeneric(key *[32]byte) (h macGeneric) {
|
||||
initialize(key, &h.r, &h.s)
|
||||
return
|
||||
func newMACGeneric(key *[32]byte) macGeneric {
|
||||
m := macGeneric{}
|
||||
initialize(key, &m.macState)
|
||||
return m
|
||||
}
|
||||
|
||||
// macState holds numbers in saturated 64-bit little-endian limbs. That is,
|
||||
|
@ -97,11 +98,12 @@ const (
|
|||
rMask1 = 0x0FFFFFFC0FFFFFFC
|
||||
)
|
||||
|
||||
func initialize(key *[32]byte, r, s *[2]uint64) {
|
||||
r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
|
||||
r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
|
||||
s[0] = binary.LittleEndian.Uint64(key[16:24])
|
||||
s[1] = binary.LittleEndian.Uint64(key[24:32])
|
||||
// initialize loads the 256-bit key into the two 128-bit secret values r and s.
|
||||
func initialize(key *[32]byte, m *macState) {
|
||||
m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
|
||||
m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
|
||||
m.s[0] = binary.LittleEndian.Uint64(key[16:24])
|
||||
m.s[1] = binary.LittleEndian.Uint64(key[24:32])
|
||||
}
|
||||
|
||||
// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
|
||||
|
|
|
@ -2,12 +2,17 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build s390x,!go1.11 !amd64,!s390x,!ppc64le gccgo appengine nacl
|
||||
// At this point only s390x has an assembly implementation of sum. All other
|
||||
// platforms have assembly implementations of mac, and just define sum as using
|
||||
// that through New. Once s390x is ported, this file can be deleted and the body
|
||||
// of sum moved into Sum.
|
||||
|
||||
// +build !go1.11 !s390x gccgo purego
|
||||
|
||||
package poly1305
|
||||
|
||||
func sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
|
||||
h := newMAC(key)
|
||||
h := New(key)
|
||||
h.Write(msg)
|
||||
h.Sum(out)
|
||||
h.Sum(out[:0])
|
||||
}
|
||||
|
|
|
@ -2,24 +2,13 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build ppc64le,!gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
package poly1305
|
||||
|
||||
//go:noescape
|
||||
func update(state *macState, msg []byte)
|
||||
|
||||
func sum(out *[16]byte, m []byte, key *[32]byte) {
|
||||
h := newMAC(key)
|
||||
h.Write(m)
|
||||
h.Sum(out)
|
||||
}
|
||||
|
||||
func newMAC(key *[32]byte) (h mac) {
|
||||
initialize(key, &h.r, &h.s)
|
||||
return
|
||||
}
|
||||
|
||||
// mac is a wrapper for macGeneric that redirects calls that would have gone to
|
||||
// updateGeneric to update.
|
||||
//
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build ppc64le,!gccgo,!appengine
|
||||
// +build !gccgo,!purego
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build s390x,go1.11,!gccgo,!appengine
|
||||
// +build go1.11,!gccgo,!purego
|
||||
|
||||
package poly1305
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build s390x,go1.11,!gccgo,!appengine
|
||||
// +build go1.11,!gccgo,!purego
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// +build s390x,go1.11,!gccgo,!appengine
|
||||
// +build go1.11,!gccgo,!purego
|
||||
|
||||
#include "textflag.h"
|
||||
|
||||
|
|
|
@ -102,8 +102,9 @@ type ConstraintExtension struct {
|
|||
|
||||
// AddedKey describes an SSH key to be added to an Agent.
|
||||
type AddedKey struct {
|
||||
// PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey or
|
||||
// *ecdsa.PrivateKey, which will be inserted into the agent.
|
||||
// PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey,
|
||||
// ed25519.PrivateKey or *ecdsa.PrivateKey, which will be inserted into the
|
||||
// agent.
|
||||
PrivateKey interface{}
|
||||
// Certificate, if not nil, is communicated to the agent and will be
|
||||
// stored with the key.
|
||||
|
@ -566,6 +567,17 @@ func (c *client) insertKey(s interface{}, comment string, constraints []byte) er
|
|||
Comments: comment,
|
||||
Constraints: constraints,
|
||||
})
|
||||
case ed25519.PrivateKey:
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
Pub: []byte(k)[32:],
|
||||
Priv: []byte(k),
|
||||
Comments: comment,
|
||||
Constraints: constraints,
|
||||
})
|
||||
// This function originally supported only *ed25519.PrivateKey, however the
|
||||
// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
|
||||
// We still support the pointer variant for backwards compatibility.
|
||||
case *ed25519.PrivateKey:
|
||||
req = ssh.Marshal(ed25519KeyMsg{
|
||||
Type: ssh.KeyAlgoED25519,
|
||||
|
@ -683,6 +695,18 @@ func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string
|
|||
Comments: comment,
|
||||
Constraints: constraints,
|
||||
})
|
||||
case ed25519.PrivateKey:
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
CertBytes: cert.Marshal(),
|
||||
Pub: []byte(k)[32:],
|
||||
Priv: []byte(k),
|
||||
Comments: comment,
|
||||
Constraints: constraints,
|
||||
})
|
||||
// This function originally supported only *ed25519.PrivateKey, however the
|
||||
// general idiom is to pass ed25519.PrivateKey by value, not by pointer.
|
||||
// We still support the pointer variant for backwards compatibility.
|
||||
case *ed25519.PrivateKey:
|
||||
req = ssh.Marshal(ed25519CertMsg{
|
||||
Type: cert.Type(),
|
||||
|
|
|
@ -119,7 +119,7 @@ var cipherModes = map[string]*cipherMode{
|
|||
chacha20Poly1305ID: {64, 0, newChaCha20Cipher},
|
||||
|
||||
// CBC mode is insecure and so is not included in the default config.
|
||||
// (See http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf). If absolutely
|
||||
// (See https://www.ieee-security.org/TC/SP2013/papers/4977a526.pdf). If absolutely
|
||||
// needed, it's possible to specify a custom Config to enable it.
|
||||
// You should expect that an active attacker can recover plaintext if
|
||||
// you do.
|
||||
|
|
93
vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
generated
vendored
Normal file
93
vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go
generated
vendored
Normal file
|
@ -0,0 +1,93 @@
|
|||
// Copyright 2014 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package bcrypt_pbkdf implements bcrypt_pbkdf(3) from OpenBSD.
|
||||
//
|
||||
// See https://flak.tedunangst.com/post/bcrypt-pbkdf and
|
||||
// https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c.
|
||||
package bcrypt_pbkdf
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"errors"
|
||||
"golang.org/x/crypto/blowfish"
|
||||
)
|
||||
|
||||
const blockSize = 32
|
||||
|
||||
// Key derives a key from the password, salt and rounds count, returning a
|
||||
// []byte of length keyLen that can be used as cryptographic key.
|
||||
func Key(password, salt []byte, rounds, keyLen int) ([]byte, error) {
|
||||
if rounds < 1 {
|
||||
return nil, errors.New("bcrypt_pbkdf: number of rounds is too small")
|
||||
}
|
||||
if len(password) == 0 {
|
||||
return nil, errors.New("bcrypt_pbkdf: empty password")
|
||||
}
|
||||
if len(salt) == 0 || len(salt) > 1<<20 {
|
||||
return nil, errors.New("bcrypt_pbkdf: bad salt length")
|
||||
}
|
||||
if keyLen > 1024 {
|
||||
return nil, errors.New("bcrypt_pbkdf: keyLen is too large")
|
||||
}
|
||||
|
||||
numBlocks := (keyLen + blockSize - 1) / blockSize
|
||||
key := make([]byte, numBlocks*blockSize)
|
||||
|
||||
h := sha512.New()
|
||||
h.Write(password)
|
||||
shapass := h.Sum(nil)
|
||||
|
||||
shasalt := make([]byte, 0, sha512.Size)
|
||||
cnt, tmp := make([]byte, 4), make([]byte, blockSize)
|
||||
for block := 1; block <= numBlocks; block++ {
|
||||
h.Reset()
|
||||
h.Write(salt)
|
||||
cnt[0] = byte(block >> 24)
|
||||
cnt[1] = byte(block >> 16)
|
||||
cnt[2] = byte(block >> 8)
|
||||
cnt[3] = byte(block)
|
||||
h.Write(cnt)
|
||||
bcryptHash(tmp, shapass, h.Sum(shasalt))
|
||||
|
||||
out := make([]byte, blockSize)
|
||||
copy(out, tmp)
|
||||
for i := 2; i <= rounds; i++ {
|
||||
h.Reset()
|
||||
h.Write(tmp)
|
||||
bcryptHash(tmp, shapass, h.Sum(shasalt))
|
||||
for j := 0; j < len(out); j++ {
|
||||
out[j] ^= tmp[j]
|
||||
}
|
||||
}
|
||||
|
||||
for i, v := range out {
|
||||
key[i*numBlocks+(block-1)] = v
|
||||
}
|
||||
}
|
||||
return key[:keyLen], nil
|
||||
}
|
||||
|
||||
var magic = []byte("OxychromaticBlowfishSwatDynamite")
|
||||
|
||||
func bcryptHash(out, shapass, shasalt []byte) {
|
||||
c, err := blowfish.NewSaltedCipher(shapass, shasalt)
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
for i := 0; i < 64; i++ {
|
||||
blowfish.ExpandKey(shasalt, c)
|
||||
blowfish.ExpandKey(shapass, c)
|
||||
}
|
||||
copy(out, magic)
|
||||
for i := 0; i < 32; i += 8 {
|
||||
for j := 0; j < 64; j++ {
|
||||
c.Encrypt(out[i:i+8], out[i:i+8])
|
||||
}
|
||||
}
|
||||
// Swap bytes due to different endianness.
|
||||
for i := 0; i < 32; i += 4 {
|
||||
out[i+3], out[i+2], out[i+1], out[i] = out[i], out[i+1], out[i+2], out[i+3]
|
||||
}
|
||||
}
|
|
@ -572,7 +572,7 @@ func (gex *dhGEXSHA) diffieHellman(theirPublic, myPrivate *big.Int) (*big.Int, e
|
|||
return new(big.Int).Exp(theirPublic, myPrivate, gex.p), nil
|
||||
}
|
||||
|
||||
func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
|
||||
func (gex dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshakeMagics) (*kexResult, error) {
|
||||
// Send GexRequest
|
||||
kexDHGexRequest := kexDHGexRequestMsg{
|
||||
MinBits: dhGroupExchangeMinimumBits,
|
||||
|
@ -677,7 +677,7 @@ func (gex *dhGEXSHA) Client(c packetConn, randSource io.Reader, magics *handshak
|
|||
// Server half implementation of the Diffie Hellman Key Exchange with SHA1 and SHA256.
|
||||
//
|
||||
// This is a minimal implementation to satisfy the automated tests.
|
||||
func (gex *dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
|
||||
func (gex dhGEXSHA) Server(c packetConn, randSource io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
|
||||
// Receive GexRequest
|
||||
packet, err := c.readPacket()
|
||||
if err != nil {
|
||||
|
|
|
@ -7,6 +7,8 @@ package ssh
|
|||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"crypto/dsa"
|
||||
"crypto/ecdsa"
|
||||
"crypto/elliptic"
|
||||
|
@ -25,6 +27,7 @@ import (
|
|||
"strings"
|
||||
|
||||
"golang.org/x/crypto/ed25519"
|
||||
"golang.org/x/crypto/ssh/internal/bcrypt_pbkdf"
|
||||
)
|
||||
|
||||
// These constants represent the algorithm names for key types supported by this
|
||||
|
@ -559,9 +562,11 @@ func parseED25519(in []byte) (out PublicKey, rest []byte, err error) {
|
|||
return nil, nil, err
|
||||
}
|
||||
|
||||
key := ed25519.PublicKey(w.KeyBytes)
|
||||
if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
|
||||
return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
|
||||
}
|
||||
|
||||
return (ed25519PublicKey)(key), w.Rest, nil
|
||||
return ed25519PublicKey(w.KeyBytes), w.Rest, nil
|
||||
}
|
||||
|
||||
func (k ed25519PublicKey) Marshal() []byte {
|
||||
|
@ -579,9 +584,11 @@ func (k ed25519PublicKey) Verify(b []byte, sig *Signature) error {
|
|||
if sig.Format != k.Type() {
|
||||
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
|
||||
}
|
||||
if l := len(k); l != ed25519.PublicKeySize {
|
||||
return fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
|
||||
}
|
||||
|
||||
edKey := (ed25519.PublicKey)(k)
|
||||
if ok := ed25519.Verify(edKey, b, sig.Blob); !ok {
|
||||
if ok := ed25519.Verify(ed25519.PublicKey(k), b, sig.Blob); !ok {
|
||||
return errors.New("ssh: signature did not verify")
|
||||
}
|
||||
|
||||
|
@ -835,6 +842,10 @@ func parseSKEd25519(in []byte) (out PublicKey, rest []byte, err error) {
|
|||
return nil, nil, err
|
||||
}
|
||||
|
||||
if l := len(w.KeyBytes); l != ed25519.PublicKeySize {
|
||||
return nil, nil, fmt.Errorf("invalid size %d for Ed25519 public key", l)
|
||||
}
|
||||
|
||||
key := new(skEd25519PublicKey)
|
||||
key.application = w.Application
|
||||
key.PublicKey = ed25519.PublicKey(w.KeyBytes)
|
||||
|
@ -859,6 +870,9 @@ func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {
|
|||
if sig.Format != k.Type() {
|
||||
return fmt.Errorf("ssh: signature type %s for key type %s", sig.Format, k.Type())
|
||||
}
|
||||
if l := len(k.PublicKey); l != ed25519.PublicKeySize {
|
||||
return fmt.Errorf("invalid size %d for Ed25519 public key", l)
|
||||
}
|
||||
|
||||
h := sha256.New()
|
||||
h.Write([]byte(k.application))
|
||||
|
@ -895,8 +909,7 @@ func (k *skEd25519PublicKey) Verify(data []byte, sig *Signature) error {
|
|||
|
||||
original := Marshal(blob)
|
||||
|
||||
edKey := (ed25519.PublicKey)(k.PublicKey)
|
||||
if ok := ed25519.Verify(edKey, original, edSig.Signature); !ok {
|
||||
if ok := ed25519.Verify(k.PublicKey, original, edSig.Signature); !ok {
|
||||
return errors.New("ssh: signature did not verify")
|
||||
}
|
||||
|
||||
|
@ -1048,7 +1061,10 @@ func NewPublicKey(key interface{}) (PublicKey, error) {
|
|||
case *dsa.PublicKey:
|
||||
return (*dsaPublicKey)(key), nil
|
||||
case ed25519.PublicKey:
|
||||
return (ed25519PublicKey)(key), nil
|
||||
if l := len(key); l != ed25519.PublicKeySize {
|
||||
return nil, fmt.Errorf("ssh: invalid size %d for Ed25519 public key", l)
|
||||
}
|
||||
return ed25519PublicKey(key), nil
|
||||
default:
|
||||
return nil, fmt.Errorf("ssh: unsupported key type %T", key)
|
||||
}
|
||||
|
@ -1122,21 +1138,25 @@ func ParseRawPrivateKey(pemBytes []byte) (interface{}, error) {
|
|||
case "DSA PRIVATE KEY":
|
||||
return ParseDSAPrivateKey(block.Bytes)
|
||||
case "OPENSSH PRIVATE KEY":
|
||||
return parseOpenSSHPrivateKey(block.Bytes)
|
||||
return parseOpenSSHPrivateKey(block.Bytes, unencryptedOpenSSHKey)
|
||||
default:
|
||||
return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
|
||||
}
|
||||
}
|
||||
|
||||
// ParseRawPrivateKeyWithPassphrase returns a private key decrypted with
|
||||
// passphrase from a PEM encoded private key. If wrong passphrase, return
|
||||
// x509.IncorrectPasswordError.
|
||||
// passphrase from a PEM encoded private key. If the passphrase is wrong, it
|
||||
// will return x509.IncorrectPasswordError.
|
||||
func ParseRawPrivateKeyWithPassphrase(pemBytes, passphrase []byte) (interface{}, error) {
|
||||
block, _ := pem.Decode(pemBytes)
|
||||
if block == nil {
|
||||
return nil, errors.New("ssh: no key found")
|
||||
}
|
||||
|
||||
if block.Type == "OPENSSH PRIVATE KEY" {
|
||||
return parseOpenSSHPrivateKey(block.Bytes, passphraseProtectedOpenSSHKey(passphrase))
|
||||
}
|
||||
|
||||
if !encryptedBlock(block) || !x509.IsEncryptedPEMBlock(block) {
|
||||
return nil, errors.New("ssh: not an encrypted key")
|
||||
}
|
||||
|
@ -1193,9 +1213,68 @@ func ParseDSAPrivateKey(der []byte) (*dsa.PrivateKey, error) {
|
|||
}, nil
|
||||
}
|
||||
|
||||
// Implemented based on the documentation at
|
||||
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
|
||||
func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
||||
func unencryptedOpenSSHKey(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
|
||||
if kdfName != "none" || cipherName != "none" {
|
||||
return nil, &PassphraseMissingError{}
|
||||
}
|
||||
if kdfOpts != "" {
|
||||
return nil, errors.New("ssh: invalid openssh private key")
|
||||
}
|
||||
return privKeyBlock, nil
|
||||
}
|
||||
|
||||
func passphraseProtectedOpenSSHKey(passphrase []byte) openSSHDecryptFunc {
|
||||
return func(cipherName, kdfName, kdfOpts string, privKeyBlock []byte) ([]byte, error) {
|
||||
if kdfName == "none" || cipherName == "none" {
|
||||
return nil, errors.New("ssh: key is not password protected")
|
||||
}
|
||||
if kdfName != "bcrypt" {
|
||||
return nil, fmt.Errorf("ssh: unknown KDF %q, only supports %q", kdfName, "bcrypt")
|
||||
}
|
||||
|
||||
var opts struct {
|
||||
Salt string
|
||||
Rounds uint32
|
||||
}
|
||||
if err := Unmarshal([]byte(kdfOpts), &opts); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
k, err := bcrypt_pbkdf.Key(passphrase, []byte(opts.Salt), int(opts.Rounds), 32+16)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
key, iv := k[:32], k[32:]
|
||||
|
||||
c, err := aes.NewCipher(key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
switch cipherName {
|
||||
case "aes256-ctr":
|
||||
ctr := cipher.NewCTR(c, iv)
|
||||
ctr.XORKeyStream(privKeyBlock, privKeyBlock)
|
||||
case "aes256-cbc":
|
||||
if len(privKeyBlock)%c.BlockSize() != 0 {
|
||||
return nil, fmt.Errorf("ssh: invalid encrypted private key length, not a multiple of the block size")
|
||||
}
|
||||
cbc := cipher.NewCBCDecrypter(c, iv)
|
||||
cbc.CryptBlocks(privKeyBlock, privKeyBlock)
|
||||
default:
|
||||
return nil, fmt.Errorf("ssh: unknown cipher %q, only supports %q or %q", cipherName, "aes256-ctr", "aes256-cbc")
|
||||
}
|
||||
|
||||
return privKeyBlock, nil
|
||||
}
|
||||
}
|
||||
|
||||
type openSSHDecryptFunc func(CipherName, KdfName, KdfOpts string, PrivKeyBlock []byte) ([]byte, error)
|
||||
|
||||
// parseOpenSSHPrivateKey parses an OpenSSH private key, using the decrypt
|
||||
// function to unwrap the encrypted portion. unencryptedOpenSSHKey can be used
|
||||
// as the decrypt function to parse an unencrypted private key. See
|
||||
// https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key.
|
||||
func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.PrivateKey, error) {
|
||||
const magic = "openssh-key-v1\x00"
|
||||
if len(key) < len(magic) || string(key[:len(magic)]) != magic {
|
||||
return nil, errors.New("ssh: invalid openssh private key format")
|
||||
|
@ -1214,9 +1293,22 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
|||
if err := Unmarshal(remaining, &w); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if w.NumKeys != 1 {
|
||||
// We only support single key files, and so does OpenSSH.
|
||||
// https://github.com/openssh/openssh-portable/blob/4103a3ec7/sshkey.c#L4171
|
||||
return nil, errors.New("ssh: multi-key files are not supported")
|
||||
}
|
||||
|
||||
if w.KdfName != "none" || w.CipherName != "none" {
|
||||
return nil, errors.New("ssh: cannot decode encrypted private keys")
|
||||
privKeyBlock, err := decrypt(w.CipherName, w.KdfName, w.KdfOpts, w.PrivKeyBlock)
|
||||
if err != nil {
|
||||
if err, ok := err.(*PassphraseMissingError); ok {
|
||||
pub, errPub := ParsePublicKey(w.PubKey)
|
||||
if errPub != nil {
|
||||
return nil, fmt.Errorf("ssh: failed to parse embedded public key: %v", errPub)
|
||||
}
|
||||
err.PublicKey = pub
|
||||
}
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pk1 := struct {
|
||||
|
@ -1226,15 +1318,13 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
|||
Rest []byte `ssh:"rest"`
|
||||
}{}
|
||||
|
||||
if err := Unmarshal(w.PrivKeyBlock, &pk1); err != nil {
|
||||
return nil, err
|
||||
if err := Unmarshal(privKeyBlock, &pk1); err != nil || pk1.Check1 != pk1.Check2 {
|
||||
if w.CipherName != "none" {
|
||||
return nil, x509.IncorrectPasswordError
|
||||
}
|
||||
return nil, errors.New("ssh: malformed OpenSSH key")
|
||||
}
|
||||
|
||||
if pk1.Check1 != pk1.Check2 {
|
||||
return nil, errors.New("ssh: checkint mismatch")
|
||||
}
|
||||
|
||||
// we only handle ed25519 and rsa keys currently
|
||||
switch pk1.Keytype {
|
||||
case KeyAlgoRSA:
|
||||
// https://github.com/openssh/openssh-portable/blob/master/sshkey.c#L2760-L2773
|
||||
|
@ -1253,10 +1343,8 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
for i, b := range key.Pad {
|
||||
if int(b) != i+1 {
|
||||
return nil, errors.New("ssh: padding not as expected")
|
||||
}
|
||||
if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pk := &rsa.PrivateKey{
|
||||
|
@ -1291,20 +1379,78 @@ func parseOpenSSHPrivateKey(key []byte) (crypto.PrivateKey, error) {
|
|||
return nil, errors.New("ssh: private key unexpected length")
|
||||
}
|
||||
|
||||
for i, b := range key.Pad {
|
||||
if int(b) != i+1 {
|
||||
return nil, errors.New("ssh: padding not as expected")
|
||||
}
|
||||
if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
pk := ed25519.PrivateKey(make([]byte, ed25519.PrivateKeySize))
|
||||
copy(pk, key.Priv)
|
||||
return &pk, nil
|
||||
case KeyAlgoECDSA256, KeyAlgoECDSA384, KeyAlgoECDSA521:
|
||||
key := struct {
|
||||
Curve string
|
||||
Pub []byte
|
||||
D *big.Int
|
||||
Comment string
|
||||
Pad []byte `ssh:"rest"`
|
||||
}{}
|
||||
|
||||
if err := Unmarshal(pk1.Rest, &key); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := checkOpenSSHKeyPadding(key.Pad); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var curve elliptic.Curve
|
||||
switch key.Curve {
|
||||
case "nistp256":
|
||||
curve = elliptic.P256()
|
||||
case "nistp384":
|
||||
curve = elliptic.P384()
|
||||
case "nistp521":
|
||||
curve = elliptic.P521()
|
||||
default:
|
||||
return nil, errors.New("ssh: unhandled elliptic curve: " + key.Curve)
|
||||
}
|
||||
|
||||
X, Y := elliptic.Unmarshal(curve, key.Pub)
|
||||
if X == nil || Y == nil {
|
||||
return nil, errors.New("ssh: failed to unmarshal public key")
|
||||
}
|
||||
|
||||
if key.D.Cmp(curve.Params().N) >= 0 {
|
||||
return nil, errors.New("ssh: scalar is out of range")
|
||||
}
|
||||
|
||||
x, y := curve.ScalarBaseMult(key.D.Bytes())
|
||||
if x.Cmp(X) != 0 || y.Cmp(Y) != 0 {
|
||||
return nil, errors.New("ssh: public key does not match private key")
|
||||
}
|
||||
|
||||
return &ecdsa.PrivateKey{
|
||||
PublicKey: ecdsa.PublicKey{
|
||||
Curve: curve,
|
||||
X: X,
|
||||
Y: Y,
|
||||
},
|
||||
D: key.D,
|
||||
}, nil
|
||||
default:
|
||||
return nil, errors.New("ssh: unhandled key type")
|
||||
}
|
||||
}
|
||||
|
||||
func checkOpenSSHKeyPadding(pad []byte) error {
|
||||
for i, b := range pad {
|
||||
if int(b) != i+1 {
|
||||
return errors.New("ssh: padding not as expected")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// FingerprintLegacyMD5 returns the user presentation of the key's
|
||||
// fingerprint as described by RFC 4716 section 4.
|
||||
func FingerprintLegacyMD5(pubKey PublicKey) string {
|
||||
|
|
|
@ -7,6 +7,7 @@ package terminal
|
|||
import (
|
||||
"bytes"
|
||||
"io"
|
||||
"runtime"
|
||||
"strconv"
|
||||
"sync"
|
||||
"unicode/utf8"
|
||||
|
@ -112,6 +113,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal {
|
|||
}
|
||||
|
||||
const (
|
||||
keyCtrlC = 3
|
||||
keyCtrlD = 4
|
||||
keyCtrlU = 21
|
||||
keyEnter = '\r'
|
||||
|
@ -150,8 +152,12 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) {
|
|||
switch b[0] {
|
||||
case 1: // ^A
|
||||
return keyHome, b[1:]
|
||||
case 2: // ^B
|
||||
return keyLeft, b[1:]
|
||||
case 5: // ^E
|
||||
return keyEnd, b[1:]
|
||||
case 6: // ^F
|
||||
return keyRight, b[1:]
|
||||
case 8: // ^H
|
||||
return keyBackspace, b[1:]
|
||||
case 11: // ^K
|
||||
|
@ -737,6 +743,9 @@ func (t *Terminal) readLine() (line string, err error) {
|
|||
return "", io.EOF
|
||||
}
|
||||
}
|
||||
if key == keyCtrlC {
|
||||
return "", io.EOF
|
||||
}
|
||||
if key == keyPasteStart {
|
||||
t.pasteActive = true
|
||||
if len(t.line) == 0 {
|
||||
|
@ -939,6 +948,8 @@ func (s *stRingBuffer) NthPreviousEntry(n int) (value string, ok bool) {
|
|||
// readPasswordLine reads from reader until it finds \n or io.EOF.
|
||||
// The slice returned does not include the \n.
|
||||
// readPasswordLine also ignores any \r it finds.
|
||||
// Windows uses \r as end of line. So, on Windows, readPasswordLine
|
||||
// reads until it finds \r and ignores any \n it finds during processing.
|
||||
func readPasswordLine(reader io.Reader) ([]byte, error) {
|
||||
var buf [1]byte
|
||||
var ret []byte
|
||||
|
@ -952,9 +963,15 @@ func readPasswordLine(reader io.Reader) ([]byte, error) {
|
|||
ret = ret[:len(ret)-1]
|
||||
}
|
||||
case '\n':
|
||||
return ret, nil
|
||||
if runtime.GOOS != "windows" {
|
||||
return ret, nil
|
||||
}
|
||||
// otherwise ignore \n
|
||||
case '\r':
|
||||
// remove \r from passwords on Windows
|
||||
if runtime.GOOS == "windows" {
|
||||
return ret, nil
|
||||
}
|
||||
// otherwise ignore \r
|
||||
default:
|
||||
ret = append(ret, buf[0])
|
||||
}
|
||||
|
|
|
@ -309,15 +309,11 @@ github.com/hashicorp/errwrap
|
|||
github.com/hashicorp/go-checkpoint
|
||||
# github.com/hashicorp/go-cleanhttp v0.5.1
|
||||
github.com/hashicorp/go-cleanhttp
|
||||
# github.com/hashicorp/go-cty-funcs/cidr v0.0.0-20200203151509-c92509f48b18
|
||||
# github.com/hashicorp/go-cty-funcs v0.0.0-20200520133146-0d04eb807361
|
||||
github.com/hashicorp/go-cty-funcs/cidr
|
||||
# github.com/hashicorp/go-cty-funcs/crypto v0.0.0-20200124154056-476681ae9d62
|
||||
github.com/hashicorp/go-cty-funcs/crypto
|
||||
# github.com/hashicorp/go-cty-funcs/encoding v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs/encoding
|
||||
# github.com/hashicorp/go-cty-funcs/filesystem v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs/filesystem
|
||||
# github.com/hashicorp/go-cty-funcs/uuid v0.0.0-20200203151509-c92509f48b18
|
||||
github.com/hashicorp/go-cty-funcs/uuid
|
||||
# github.com/hashicorp/go-getter v1.4.1
|
||||
github.com/hashicorp/go-getter/helper/url
|
||||
|
@ -646,7 +642,7 @@ github.com/yandex-cloud/go-sdk/pkg/retry
|
|||
github.com/yandex-cloud/go-sdk/pkg/sdkerrors
|
||||
github.com/yandex-cloud/go-sdk/pkg/singleflight
|
||||
github.com/yandex-cloud/go-sdk/sdkresolvers
|
||||
# github.com/zclconf/go-cty v1.3.2-0.20200309235747-0b5d9cf50df7
|
||||
# github.com/zclconf/go-cty v1.4.0
|
||||
github.com/zclconf/go-cty/cty
|
||||
github.com/zclconf/go-cty/cty/convert
|
||||
github.com/zclconf/go-cty/cty/function
|
||||
|
@ -673,7 +669,7 @@ go.opencensus.io/trace
|
|||
go.opencensus.io/trace/internal
|
||||
go.opencensus.io/trace/propagation
|
||||
go.opencensus.io/trace/tracestate
|
||||
# golang.org/x/crypto v0.0.0-20200117160349-530e935923ad
|
||||
# golang.org/x/crypto v0.0.0-20200422194213-44a606286825
|
||||
golang.org/x/crypto/bcrypt
|
||||
golang.org/x/crypto/blowfish
|
||||
golang.org/x/crypto/chacha20
|
||||
|
@ -688,6 +684,7 @@ golang.org/x/crypto/pkcs12/internal/rc2
|
|||
golang.org/x/crypto/poly1305
|
||||
golang.org/x/crypto/ssh
|
||||
golang.org/x/crypto/ssh/agent
|
||||
golang.org/x/crypto/ssh/internal/bcrypt_pbkdf
|
||||
golang.org/x/crypto/ssh/terminal
|
||||
# golang.org/x/exp v0.0.0-20191129062945-2f5052295587
|
||||
golang.org/x/exp/apidiff
|
||||
|
|
Loading…
Reference in New Issue