go.mod: github.com/containerd/imgcrypt v2.0.0-rc-1
https://github.com/containerd/imgcrypt/compare/v1.2.0-rc1...v2.0.0-rc.1 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
12
go.mod
12
go.mod
@@ -4,8 +4,8 @@ go 1.22.0
|
|||||||
|
|
||||||
require (
|
require (
|
||||||
dario.cat/mergo v1.0.1
|
dario.cat/mergo v1.0.1
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2
|
||||||
github.com/Microsoft/go-winio v0.6.2
|
github.com/Microsoft/go-winio v0.6.2
|
||||||
github.com/Microsoft/hcsshim v0.12.8
|
github.com/Microsoft/hcsshim v0.12.8
|
||||||
github.com/checkpoint-restore/checkpointctl v1.2.1
|
github.com/checkpoint-restore/checkpointctl v1.2.1
|
||||||
@@ -20,7 +20,7 @@ require (
|
|||||||
github.com/containerd/fifo v1.1.0
|
github.com/containerd/fifo v1.1.0
|
||||||
github.com/containerd/go-cni v1.1.10
|
github.com/containerd/go-cni v1.1.10
|
||||||
github.com/containerd/go-runc v1.1.0
|
github.com/containerd/go-runc v1.1.0
|
||||||
github.com/containerd/imgcrypt v1.2.0-rc1
|
github.com/containerd/imgcrypt/v2 v2.0.0-rc.1
|
||||||
github.com/containerd/log v0.1.0
|
github.com/containerd/log v0.1.0
|
||||||
github.com/containerd/nri v0.7.0
|
github.com/containerd/nri v0.7.0
|
||||||
github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723
|
github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723
|
||||||
@@ -75,7 +75,7 @@ require (
|
|||||||
golang.org/x/mod v0.21.0
|
golang.org/x/mod v0.21.0
|
||||||
golang.org/x/sync v0.8.0
|
golang.org/x/sync v0.8.0
|
||||||
golang.org/x/sys v0.26.0
|
golang.org/x/sys v0.26.0
|
||||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38
|
||||||
google.golang.org/grpc v1.67.1
|
google.golang.org/grpc v1.67.1
|
||||||
google.golang.org/protobuf v1.35.1
|
google.golang.org/protobuf v1.35.1
|
||||||
k8s.io/apimachinery v0.31.1
|
k8s.io/apimachinery v0.31.1
|
||||||
@@ -99,7 +99,7 @@ require (
|
|||||||
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
|
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
|
||||||
github.com/felixge/httpsnoop v1.0.4 // indirect
|
github.com/felixge/httpsnoop v1.0.4 // indirect
|
||||||
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
|
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
|
||||||
github.com/go-jose/go-jose/v4 v4.0.2 // indirect
|
github.com/go-jose/go-jose/v4 v4.0.4 // indirect
|
||||||
github.com/go-logr/logr v1.4.2 // indirect
|
github.com/go-logr/logr v1.4.2 // indirect
|
||||||
github.com/go-logr/stdr v1.2.2 // indirect
|
github.com/go-logr/stdr v1.2.2 // indirect
|
||||||
github.com/godbus/dbus/v5 v5.1.0 // indirect
|
github.com/godbus/dbus/v5 v5.1.0 // indirect
|
||||||
@@ -130,7 +130,7 @@ require (
|
|||||||
github.com/vishvananda/netns v0.0.4 // indirect
|
github.com/vishvananda/netns v0.0.4 // indirect
|
||||||
github.com/x448/float16 v0.8.4 // indirect
|
github.com/x448/float16 v0.8.4 // indirect
|
||||||
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
|
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 // indirect
|
go.mozilla.org/pkcs7 v0.9.0 // indirect
|
||||||
go.opencensus.io v0.24.0 // indirect
|
go.opencensus.io v0.24.0 // indirect
|
||||||
go.opentelemetry.io/otel/metric v1.31.0 // indirect
|
go.opentelemetry.io/otel/metric v1.31.0 // indirect
|
||||||
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
|
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
|
||||||
|
|||||||
24
go.sum
24
go.sum
@@ -597,10 +597,10 @@ dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
|
|||||||
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
|
||||||
gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
|
gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
|
||||||
git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
|
git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
|
||||||
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
|
github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 h1:59MxjQVfjXsBpLy+dbd2/ELV5ofnUkUZBvWSC85sheA=
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 h1:dIScnXFlF784X79oi7MzVT6GWqr/W1uUt0pB5CsDs9M=
|
||||||
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU=
|
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2/go.mod h1:gCLVsLfv1egrcZu+GoJATN5ts75F2s62ih/457eWzOw=
|
||||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||||
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
|
||||||
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
|
github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
|
||||||
@@ -685,8 +685,8 @@ github.com/containerd/go-cni v1.1.10 h1:c2U73nld7spSWfiJwSh/8W9DK+/qQwYM2rngIhCy
|
|||||||
github.com/containerd/go-cni v1.1.10/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY=
|
github.com/containerd/go-cni v1.1.10/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY=
|
||||||
github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gGleA=
|
github.com/containerd/go-runc v1.1.0 h1:OX4f+/i2y5sUT7LhmcJH7GYrjjhHa1QI4e8yO0gGleA=
|
||||||
github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U=
|
github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U=
|
||||||
github.com/containerd/imgcrypt v1.2.0-rc1 h1:XESaAcMqxrGlRjQIqLdzxqsO/ddNK4vwfe7MipXKVgg=
|
github.com/containerd/imgcrypt/v2 v2.0.0-rc.1 h1:7OMu5otk5Z2GeQs24JBPOmYbTc50+q6jo02qWNJc0p8=
|
||||||
github.com/containerd/imgcrypt v1.2.0-rc1/go.mod h1:F9roK2DzKlFnV+h+ZJy/r2FoS28bIvxKgdcoV7o8Sms=
|
github.com/containerd/imgcrypt/v2 v2.0.0-rc.1/go.mod h1:3/Ab3iliBt/aBVNYOwecT1YagCqAiHidOmVsrjtHF1A=
|
||||||
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
|
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
|
||||||
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
|
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
|
||||||
github.com/containerd/nri v0.7.0 h1:scGL9JiBqNaWnghLFFPOzp0GxxWAc1uQtQ7qx8PHdCs=
|
github.com/containerd/nri v0.7.0 h1:scGL9JiBqNaWnghLFFPOzp0GxxWAc1uQtQ7qx8PHdCs=
|
||||||
@@ -765,8 +765,8 @@ github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmn
|
|||||||
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
|
||||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||||
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
|
||||||
github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk=
|
github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E=
|
||||||
github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY=
|
github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc=
|
||||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||||
github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U=
|
github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U=
|
||||||
github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk=
|
github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk=
|
||||||
@@ -1141,8 +1141,8 @@ github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN
|
|||||||
github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
|
github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
|
||||||
go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
|
go.etcd.io/bbolt v1.3.11 h1:yGEzV1wPz2yVCLsD8ZAiGHhHVlczyC9d1rP43/VCRJ0=
|
||||||
go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=
|
go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I=
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
|
go.mozilla.org/pkcs7 v0.9.0 h1:yM4/HS9dYv7ri2biPtxt8ikvB37a980dg69/pKmS+eI=
|
||||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
||||||
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
|
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
|
||||||
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
|
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
|
||||||
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
|
||||||
@@ -1772,8 +1772,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:
|
|||||||
google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M=
|
google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M=
|
||||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc=
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc=
|
||||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA=
|
||||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc=
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
|
||||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
|
||||||
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
|
||||||
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
|
||||||
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
|
||||||
|
|||||||
@@ -33,8 +33,8 @@ import (
|
|||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/containerd/errdefs"
|
"github.com/containerd/errdefs"
|
||||||
"github.com/containerd/imgcrypt"
|
"github.com/containerd/imgcrypt/v2"
|
||||||
"github.com/containerd/imgcrypt/images/encryption"
|
"github.com/containerd/imgcrypt/v2/images/encryption"
|
||||||
"github.com/containerd/log"
|
"github.com/containerd/log"
|
||||||
distribution "github.com/distribution/reference"
|
distribution "github.com/distribution/reference"
|
||||||
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
|
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||||
|
|||||||
@@ -1 +1 @@
|
|||||||
v1.2.0-rc1
|
v2.0.0-rc.1
|
||||||
|
|||||||
48
vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
generated
vendored
48
vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go
generated
vendored
@@ -48,6 +48,7 @@ type ConsumeFuzzer struct {
|
|||||||
NumberOfCalls int
|
NumberOfCalls int
|
||||||
position uint32
|
position uint32
|
||||||
fuzzUnexportedFields bool
|
fuzzUnexportedFields bool
|
||||||
|
forceUTF8Strings bool
|
||||||
curDepth int
|
curDepth int
|
||||||
Funcs map[reflect.Type]reflect.Value
|
Funcs map[reflect.Type]reflect.Value
|
||||||
}
|
}
|
||||||
@@ -104,6 +105,14 @@ func (f *ConsumeFuzzer) DisallowUnexportedFields() {
|
|||||||
f.fuzzUnexportedFields = false
|
f.fuzzUnexportedFields = false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (f *ConsumeFuzzer) AllowNonUTF8Strings() {
|
||||||
|
f.forceUTF8Strings = false
|
||||||
|
}
|
||||||
|
|
||||||
|
func (f *ConsumeFuzzer) DisallowNonUTF8Strings() {
|
||||||
|
f.forceUTF8Strings = true
|
||||||
|
}
|
||||||
|
|
||||||
func (f *ConsumeFuzzer) GenerateStruct(targetStruct interface{}) error {
|
func (f *ConsumeFuzzer) GenerateStruct(targetStruct interface{}) error {
|
||||||
e := reflect.ValueOf(targetStruct).Elem()
|
e := reflect.ValueOf(targetStruct).Elem()
|
||||||
return f.fuzzStruct(e, false)
|
return f.fuzzStruct(e, false)
|
||||||
@@ -224,6 +233,14 @@ func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error
|
|||||||
if e.CanSet() {
|
if e.CanSet() {
|
||||||
e.Set(uu)
|
e.Set(uu)
|
||||||
}
|
}
|
||||||
|
case reflect.Uint:
|
||||||
|
newInt, err := f.GetUint()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if e.CanSet() {
|
||||||
|
e.SetUint(uint64(newInt))
|
||||||
|
}
|
||||||
case reflect.Uint16:
|
case reflect.Uint16:
|
||||||
newInt, err := f.GetUint16()
|
newInt, err := f.GetUint16()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -309,6 +326,14 @@ func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error
|
|||||||
if e.CanSet() {
|
if e.CanSet() {
|
||||||
e.SetUint(uint64(b))
|
e.SetUint(uint64(b))
|
||||||
}
|
}
|
||||||
|
case reflect.Bool:
|
||||||
|
b, err := f.GetBool()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if e.CanSet() {
|
||||||
|
e.SetBool(b)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
@@ -410,6 +435,23 @@ func (f *ConsumeFuzzer) GetUint64() (uint64, error) {
|
|||||||
return binary.BigEndian.Uint64(u64), nil
|
return binary.BigEndian.Uint64(u64), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (f *ConsumeFuzzer) GetUint() (uint, error) {
|
||||||
|
var zero uint
|
||||||
|
size := int(unsafe.Sizeof(zero))
|
||||||
|
if size == 8 {
|
||||||
|
u64, err := f.GetUint64()
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
return uint(u64), nil
|
||||||
|
}
|
||||||
|
u32, err := f.GetUint32()
|
||||||
|
if err != nil {
|
||||||
|
return 0, err
|
||||||
|
}
|
||||||
|
return uint(u32), nil
|
||||||
|
}
|
||||||
|
|
||||||
func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
|
func (f *ConsumeFuzzer) GetBytes() ([]byte, error) {
|
||||||
var length uint32
|
var length uint32
|
||||||
var err error
|
var err error
|
||||||
@@ -461,7 +503,11 @@ func (f *ConsumeFuzzer) GetString() (string, error) {
|
|||||||
return "nil", errors.New("numbers overflow")
|
return "nil", errors.New("numbers overflow")
|
||||||
}
|
}
|
||||||
f.position = byteBegin + length
|
f.position = byteBegin + length
|
||||||
return string(f.data[byteBegin:f.position]), nil
|
s := string(f.data[byteBegin:f.position])
|
||||||
|
if f.forceUTF8Strings {
|
||||||
|
s = strings.ToValidUTF8(s, "")
|
||||||
|
}
|
||||||
|
return s, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (f *ConsumeFuzzer) GetBool() (bool, error) {
|
func (f *ConsumeFuzzer) GetBool() (bool, error) {
|
||||||
|
|||||||
88
vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go
generated
vendored
88
vendor/github.com/AdamKorcz/go-118-fuzz-build/testing/f.go
generated
vendored
@@ -41,147 +41,119 @@ func (f *F) Fuzz(ff any) {
|
|||||||
args := []reflect.Value{reflect.ValueOf(f.T)}
|
args := []reflect.Value{reflect.ValueOf(f.T)}
|
||||||
fuzzConsumer := fuzz.NewConsumer(f.Data)
|
fuzzConsumer := fuzz.NewConsumer(f.Data)
|
||||||
for _, v := range types {
|
for _, v := range types {
|
||||||
|
//fmt.Printf("arg %v\n", v)
|
||||||
|
newElem := reflect.New(v).Elem()
|
||||||
switch v.String() {
|
switch v.String() {
|
||||||
case "[]uint8":
|
case "[]uint8":
|
||||||
b, err := fuzzConsumer.GetBytes()
|
b, err := fuzzConsumer.GetBytes()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newBytes := reflect.New(v)
|
newElem.SetBytes(b)
|
||||||
newBytes.Elem().SetBytes(b)
|
|
||||||
args = append(args, newBytes.Elem())
|
|
||||||
case "string":
|
case "string":
|
||||||
s, err := fuzzConsumer.GetString()
|
s, err := fuzzConsumer.GetString()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newString := reflect.New(v)
|
newElem.SetString(s)
|
||||||
newString.Elem().SetString(s)
|
|
||||||
args = append(args, newString.Elem())
|
|
||||||
case "int":
|
case "int":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetUint64()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newInt := reflect.New(v)
|
newElem.SetInt(int64(int(randInt)))
|
||||||
newInt.Elem().SetInt(int64(randInt))
|
|
||||||
args = append(args, newInt.Elem())
|
|
||||||
case "int8":
|
case "int8":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetByte()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newInt := reflect.New(v)
|
newElem.SetInt(int64(randInt))
|
||||||
newInt.Elem().SetInt(int64(randInt))
|
|
||||||
args = append(args, newInt.Elem())
|
|
||||||
case "int16":
|
case "int16":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetUint16()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newInt := reflect.New(v)
|
newElem.SetInt(int64(randInt))
|
||||||
newInt.Elem().SetInt(int64(randInt))
|
|
||||||
args = append(args, newInt.Elem())
|
|
||||||
case "int32":
|
case "int32":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetUint32()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newInt := reflect.New(v)
|
newElem.SetInt(int64(int32(randInt)))
|
||||||
newInt.Elem().SetInt(int64(randInt))
|
|
||||||
args = append(args, newInt.Elem())
|
|
||||||
case "int64":
|
case "int64":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetUint64()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newInt := reflect.New(v)
|
newElem.SetInt(int64(randInt))
|
||||||
newInt.Elem().SetInt(int64(randInt))
|
|
||||||
args = append(args, newInt.Elem())
|
|
||||||
case "uint":
|
case "uint":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetUint64()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newUint := reflect.New(v)
|
newElem.SetUint(uint64(uint(randInt)))
|
||||||
newUint.Elem().SetUint(uint64(randInt))
|
|
||||||
args = append(args, newUint.Elem())
|
|
||||||
case "uint8":
|
case "uint8":
|
||||||
randInt, err := fuzzConsumer.GetInt()
|
randInt, err := fuzzConsumer.GetByte()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newUint := reflect.New(v)
|
newElem.SetUint(uint64(randInt))
|
||||||
newUint.Elem().SetUint(uint64(randInt))
|
|
||||||
args = append(args, newUint.Elem())
|
|
||||||
case "uint16":
|
case "uint16":
|
||||||
randInt, err := fuzzConsumer.GetUint16()
|
randInt, err := fuzzConsumer.GetUint16()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newUint16 := reflect.New(v)
|
newElem.SetUint(uint64(randInt))
|
||||||
newUint16.Elem().SetUint(uint64(randInt))
|
|
||||||
args = append(args, newUint16.Elem())
|
|
||||||
case "uint32":
|
case "uint32":
|
||||||
randInt, err := fuzzConsumer.GetUint32()
|
randInt, err := fuzzConsumer.GetUint32()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newUint32 := reflect.New(v)
|
newElem.SetUint(uint64(randInt))
|
||||||
newUint32.Elem().SetUint(uint64(randInt))
|
|
||||||
args = append(args, newUint32.Elem())
|
|
||||||
case "uint64":
|
case "uint64":
|
||||||
randInt, err := fuzzConsumer.GetUint64()
|
randInt, err := fuzzConsumer.GetUint64()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newUint64 := reflect.New(v)
|
newElem.SetUint(uint64(randInt))
|
||||||
newUint64.Elem().SetUint(uint64(randInt))
|
|
||||||
args = append(args, newUint64.Elem())
|
|
||||||
case "rune":
|
case "rune":
|
||||||
randRune, err := fuzzConsumer.GetRune()
|
randRune, err := fuzzConsumer.GetRune()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newRune := reflect.New(v)
|
newElem.Set(reflect.ValueOf(randRune))
|
||||||
newRune.Elem().Set(reflect.ValueOf(randRune))
|
|
||||||
args = append(args, newRune.Elem())
|
|
||||||
case "float32":
|
case "float32":
|
||||||
randFloat, err := fuzzConsumer.GetFloat32()
|
randFloat, err := fuzzConsumer.GetFloat32()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newFloat := reflect.New(v)
|
newElem.Set(reflect.ValueOf(randFloat))
|
||||||
newFloat.Elem().Set(reflect.ValueOf(randFloat))
|
|
||||||
args = append(args, newFloat.Elem())
|
|
||||||
case "float64":
|
case "float64":
|
||||||
randFloat, err := fuzzConsumer.GetFloat64()
|
randFloat, err := fuzzConsumer.GetFloat64()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newFloat := reflect.New(v)
|
newElem.Set(reflect.ValueOf(randFloat))
|
||||||
newFloat.Elem().Set(reflect.ValueOf(randFloat))
|
|
||||||
args = append(args, newFloat.Elem())
|
|
||||||
case "bool":
|
case "bool":
|
||||||
randBool, err := fuzzConsumer.GetBool()
|
randBool, err := fuzzConsumer.GetBool()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
newBool := reflect.New(v)
|
newElem.Set(reflect.ValueOf(randBool))
|
||||||
newBool.Elem().Set(reflect.ValueOf(randBool))
|
|
||||||
args = append(args, newBool.Elem())
|
|
||||||
default:
|
default:
|
||||||
fmt.Println(v.String())
|
panic(fmt.Sprintf("unsupported type: %s", v.String()))
|
||||||
}
|
}
|
||||||
|
args = append(args, newElem)
|
||||||
|
|
||||||
}
|
}
|
||||||
fn.Call(args)
|
fn.Call(args)
|
||||||
}
|
}
|
||||||
func (f *F) Helper() {}
|
func (f *F) Helper() {}
|
||||||
func (c *F) Log(args ...any) {
|
func (c *F) Log(args ...any) {
|
||||||
fmt.Println(args...)
|
fmt.Print(args...)
|
||||||
}
|
}
|
||||||
func (c *F) Logf(format string, args ...any) {
|
func (c *F) Logf(format string, args ...any) {
|
||||||
fmt.Println(format, args)
|
fmt.Println(fmt.Sprintf(format, args...))
|
||||||
}
|
}
|
||||||
func (c *F) Name() string { return "libFuzzer" }
|
func (c *F) Name() string { return "libFuzzer" }
|
||||||
func (c *F) Setenv(key, value string) {}
|
func (c *F) Setenv(key, value string) {}
|
||||||
|
|||||||
@@ -24,9 +24,10 @@ import (
|
|||||||
"github.com/containerd/containerd/v2/core/containers"
|
"github.com/containerd/containerd/v2/core/containers"
|
||||||
"github.com/containerd/containerd/v2/core/diff"
|
"github.com/containerd/containerd/v2/core/diff"
|
||||||
"github.com/containerd/errdefs"
|
"github.com/containerd/errdefs"
|
||||||
"github.com/containerd/imgcrypt"
|
|
||||||
"github.com/containerd/typeurl/v2"
|
"github.com/containerd/typeurl/v2"
|
||||||
|
|
||||||
|
"github.com/containerd/imgcrypt/v2"
|
||||||
|
|
||||||
encconfig "github.com/containers/ocicrypt/config"
|
encconfig "github.com/containers/ocicrypt/config"
|
||||||
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
|
||||||
)
|
)
|
||||||
24
vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md
generated
vendored
24
vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md
generated
vendored
@@ -1,3 +1,27 @@
|
|||||||
|
# v4.0.4
|
||||||
|
|
||||||
|
## Fixed
|
||||||
|
|
||||||
|
- Reverted "Allow unmarshalling JSONWebKeySets with unsupported key types" as a
|
||||||
|
breaking change. See #136 / #137.
|
||||||
|
|
||||||
|
# v4.0.3
|
||||||
|
|
||||||
|
## Changed
|
||||||
|
|
||||||
|
- Allow unmarshalling JSONWebKeySets with unsupported key types (#130)
|
||||||
|
- Document that OpaqueKeyEncrypter can't be implemented (for now) (#129)
|
||||||
|
- Dependency updates
|
||||||
|
|
||||||
|
# v4.0.2
|
||||||
|
|
||||||
|
## Changed
|
||||||
|
|
||||||
|
- Improved documentation of Verify() to note that JSONWebKeySet is a supported
|
||||||
|
argument type (#104)
|
||||||
|
- Defined exported error values for missing x5c header and unsupported elliptic
|
||||||
|
curves error cases (#117)
|
||||||
|
|
||||||
# v4.0.1
|
# v4.0.1
|
||||||
|
|
||||||
## Fixed
|
## Fixed
|
||||||
|
|||||||
10
vendor/github.com/go-jose/go-jose/v4/crypter.go
generated
vendored
10
vendor/github.com/go-jose/go-jose/v4/crypter.go
generated
vendored
@@ -459,7 +459,10 @@ func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error)
|
|||||||
return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
|
return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
|
||||||
}
|
}
|
||||||
|
|
||||||
key := tryJWKS(decryptionKey, obj.Header)
|
key, err := tryJWKS(decryptionKey, obj.Header)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
decrypter, err := newDecrypter(key)
|
decrypter, err := newDecrypter(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -529,7 +532,10 @@ func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Heade
|
|||||||
return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
|
return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header")
|
||||||
}
|
}
|
||||||
|
|
||||||
key := tryJWKS(decryptionKey, obj.Header)
|
key, err := tryJWKS(decryptionKey, obj.Header)
|
||||||
|
if err != nil {
|
||||||
|
return -1, Header{}, nil, err
|
||||||
|
}
|
||||||
decrypter, err := newDecrypter(key)
|
decrypter, err := newDecrypter(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return -1, Header{}, nil, err
|
return -1, Header{}, nil, err
|
||||||
|
|||||||
21
vendor/github.com/go-jose/go-jose/v4/jwk.go
generated
vendored
21
vendor/github.com/go-jose/go-jose/v4/jwk.go
generated
vendored
@@ -779,7 +779,13 @@ func (key rawJSONWebKey) symmetricKey() ([]byte, error) {
|
|||||||
return key.K.bytes(), nil
|
return key.K.bytes(), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func tryJWKS(key interface{}, headers ...Header) interface{} {
|
var (
|
||||||
|
// ErrJWKSKidNotFound is returned when a JWKS does not contain a JWK with a
|
||||||
|
// key ID which matches one in the provided tokens headers.
|
||||||
|
ErrJWKSKidNotFound = errors.New("go-jose/go-jose: JWK with matching kid not found in JWK Set")
|
||||||
|
)
|
||||||
|
|
||||||
|
func tryJWKS(key interface{}, headers ...Header) (interface{}, error) {
|
||||||
var jwks JSONWebKeySet
|
var jwks JSONWebKeySet
|
||||||
|
|
||||||
switch jwksType := key.(type) {
|
switch jwksType := key.(type) {
|
||||||
@@ -788,9 +794,11 @@ func tryJWKS(key interface{}, headers ...Header) interface{} {
|
|||||||
case JSONWebKeySet:
|
case JSONWebKeySet:
|
||||||
jwks = jwksType
|
jwks = jwksType
|
||||||
default:
|
default:
|
||||||
return key
|
// If the specified key is not a JWKS, return as is.
|
||||||
|
return key, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Determine the KID to search for from the headers.
|
||||||
var kid string
|
var kid string
|
||||||
for _, header := range headers {
|
for _, header := range headers {
|
||||||
if header.KeyID != "" {
|
if header.KeyID != "" {
|
||||||
@@ -799,14 +807,17 @@ func tryJWKS(key interface{}, headers ...Header) interface{} {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If no KID is specified in the headers, reject.
|
||||||
if kid == "" {
|
if kid == "" {
|
||||||
return key
|
return nil, ErrJWKSKidNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Find the JWK with the matching KID. If no JWK with the specified KID is
|
||||||
|
// found, reject.
|
||||||
keys := jwks.Key(kid)
|
keys := jwks.Key(kid)
|
||||||
if len(keys) == 0 {
|
if len(keys) == 0 {
|
||||||
return key
|
return nil, ErrJWKSKidNotFound
|
||||||
}
|
}
|
||||||
|
|
||||||
return keys[0].Key
|
return keys[0].Key, nil
|
||||||
}
|
}
|
||||||
|
|||||||
3
vendor/github.com/go-jose/go-jose/v4/opaque.go
generated
vendored
3
vendor/github.com/go-jose/go-jose/v4/opaque.go
generated
vendored
@@ -83,6 +83,9 @@ func (o *opaqueVerifier) verifyPayload(payload []byte, signature []byte, alg Sig
|
|||||||
}
|
}
|
||||||
|
|
||||||
// OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
|
// OpaqueKeyEncrypter is an interface that supports encrypting keys with an opaque key.
|
||||||
|
//
|
||||||
|
// Note: this cannot currently be implemented outside this package because of its
|
||||||
|
// unexported method.
|
||||||
type OpaqueKeyEncrypter interface {
|
type OpaqueKeyEncrypter interface {
|
||||||
// KeyID returns the kid
|
// KeyID returns the kid
|
||||||
KeyID() string
|
KeyID() string
|
||||||
|
|||||||
10
vendor/github.com/go-jose/go-jose/v4/signing.go
generated
vendored
10
vendor/github.com/go-jose/go-jose/v4/signing.go
generated
vendored
@@ -390,7 +390,10 @@ func (obj JSONWebSignature) UnsafePayloadWithoutVerification() []byte {
|
|||||||
// The verificationKey argument must have one of the types allowed for the
|
// The verificationKey argument must have one of the types allowed for the
|
||||||
// verificationKey argument of JSONWebSignature.Verify().
|
// verificationKey argument of JSONWebSignature.Verify().
|
||||||
func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{}) error {
|
func (obj JSONWebSignature) DetachedVerify(payload []byte, verificationKey interface{}) error {
|
||||||
key := tryJWKS(verificationKey, obj.headers()...)
|
key, err := tryJWKS(verificationKey, obj.headers()...)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
verifier, err := newVerifier(key)
|
verifier, err := newVerifier(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@@ -455,7 +458,10 @@ func (obj JSONWebSignature) VerifyMulti(verificationKey interface{}) (int, Signa
|
|||||||
// The verificationKey argument must have one of the types allowed for the
|
// The verificationKey argument must have one of the types allowed for the
|
||||||
// verificationKey argument of JSONWebSignature.Verify().
|
// verificationKey argument of JSONWebSignature.Verify().
|
||||||
func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{}) (int, Signature, error) {
|
func (obj JSONWebSignature) DetachedVerifyMulti(payload []byte, verificationKey interface{}) (int, Signature, error) {
|
||||||
key := tryJWKS(verificationKey, obj.headers()...)
|
key, err := tryJWKS(verificationKey, obj.headers()...)
|
||||||
|
if err != nil {
|
||||||
|
return -1, Signature{}, err
|
||||||
|
}
|
||||||
verifier, err := newVerifier(key)
|
verifier, err := newVerifier(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return -1, Signature{}, err
|
return -1, Signature{}, err
|
||||||
|
|||||||
2
vendor/go.mozilla.org/pkcs7/.gitignore
generated
vendored
2
vendor/go.mozilla.org/pkcs7/.gitignore
generated
vendored
@@ -22,3 +22,5 @@ _testmain.go
|
|||||||
*.exe
|
*.exe
|
||||||
*.test
|
*.test
|
||||||
*.prof
|
*.prof
|
||||||
|
|
||||||
|
coverage.out
|
||||||
|
|||||||
10
vendor/go.mozilla.org/pkcs7/.travis.yml
generated
vendored
10
vendor/go.mozilla.org/pkcs7/.travis.yml
generated
vendored
@@ -1,10 +0,0 @@
|
|||||||
language: go
|
|
||||||
go:
|
|
||||||
- "1.11"
|
|
||||||
- "1.12"
|
|
||||||
- "1.13"
|
|
||||||
- tip
|
|
||||||
before_install:
|
|
||||||
- make gettools
|
|
||||||
script:
|
|
||||||
- make
|
|
||||||
2
vendor/go.mozilla.org/pkcs7/Makefile
generated
vendored
2
vendor/go.mozilla.org/pkcs7/Makefile
generated
vendored
@@ -1,7 +1,7 @@
|
|||||||
all: vet staticcheck test
|
all: vet staticcheck test
|
||||||
|
|
||||||
test:
|
test:
|
||||||
go test -covermode=count -coverprofile=coverage.out .
|
go test -race -covermode=atomic -count=1 -coverprofile=coverage.out .
|
||||||
|
|
||||||
showcoverage: test
|
showcoverage: test
|
||||||
go tool cover -html=coverage.out
|
go tool cover -html=coverage.out
|
||||||
|
|||||||
2
vendor/go.mozilla.org/pkcs7/README.md
generated
vendored
2
vendor/go.mozilla.org/pkcs7/README.md
generated
vendored
@@ -1,7 +1,7 @@
|
|||||||
# pkcs7
|
# pkcs7
|
||||||
|
|
||||||
[](https://godoc.org/go.mozilla.org/pkcs7)
|
[](https://godoc.org/go.mozilla.org/pkcs7)
|
||||||
[](https://travis-ci.org/mozilla-services/pkcs7)
|
[](https://github.com/mozilla-services/pkcs7/actions/workflows/ci.yml?query=branch%3Amaster+event%3Apush)
|
||||||
|
|
||||||
pkcs7 implements parsing and creating signed and enveloped messages.
|
pkcs7 implements parsing and creating signed and enveloped messages.
|
||||||
|
|
||||||
|
|||||||
53
vendor/go.mozilla.org/pkcs7/ber.go
generated
vendored
53
vendor/go.mozilla.org/pkcs7/ber.go
generated
vendored
@@ -5,8 +5,6 @@ import (
|
|||||||
"errors"
|
"errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
var encodeIndent = 0
|
|
||||||
|
|
||||||
type asn1Object interface {
|
type asn1Object interface {
|
||||||
EncodeTo(writer *bytes.Buffer) error
|
EncodeTo(writer *bytes.Buffer) error
|
||||||
}
|
}
|
||||||
@@ -17,8 +15,6 @@ type asn1Structured struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s asn1Structured) EncodeTo(out *bytes.Buffer) error {
|
func (s asn1Structured) EncodeTo(out *bytes.Buffer) error {
|
||||||
//fmt.Printf("%s--> tag: % X\n", strings.Repeat("| ", encodeIndent), s.tagBytes)
|
|
||||||
encodeIndent++
|
|
||||||
inner := new(bytes.Buffer)
|
inner := new(bytes.Buffer)
|
||||||
for _, obj := range s.content {
|
for _, obj := range s.content {
|
||||||
err := obj.EncodeTo(inner)
|
err := obj.EncodeTo(inner)
|
||||||
@@ -26,7 +22,6 @@ func (s asn1Structured) EncodeTo(out *bytes.Buffer) error {
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
encodeIndent--
|
|
||||||
out.Write(s.tagBytes)
|
out.Write(s.tagBytes)
|
||||||
encodeLength(out, inner.Len())
|
encodeLength(out, inner.Len())
|
||||||
out.Write(inner.Bytes())
|
out.Write(inner.Bytes())
|
||||||
@@ -47,10 +42,7 @@ func (p asn1Primitive) EncodeTo(out *bytes.Buffer) error {
|
|||||||
if err = encodeLength(out, p.length); err != nil {
|
if err = encodeLength(out, p.length); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
//fmt.Printf("%s--> tag: % X length: %d\n", strings.Repeat("| ", encodeIndent), p.tagBytes, p.length)
|
|
||||||
//fmt.Printf("%s--> content length: %d\n", strings.Repeat("| ", encodeIndent), len(p.content))
|
|
||||||
out.Write(p.content)
|
out.Write(p.content)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -58,7 +50,6 @@ func ber2der(ber []byte) ([]byte, error) {
|
|||||||
if len(ber) == 0 {
|
if len(ber) == 0 {
|
||||||
return nil, errors.New("ber2der: input ber is empty")
|
return nil, errors.New("ber2der: input ber is empty")
|
||||||
}
|
}
|
||||||
//fmt.Printf("--> ber2der: Transcoding %d bytes\n", len(ber))
|
|
||||||
out := new(bytes.Buffer)
|
out := new(bytes.Buffer)
|
||||||
|
|
||||||
obj, _, err := readObject(ber, 0)
|
obj, _, err := readObject(ber, 0)
|
||||||
@@ -175,7 +166,7 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
|
|||||||
if offset > berLen {
|
if offset > berLen {
|
||||||
return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
|
return nil, 0, errors.New("ber2der: cannot move offset forward, end of ber data reached")
|
||||||
}
|
}
|
||||||
hack := 0
|
indefinite := false
|
||||||
if l > 0x80 {
|
if l > 0x80 {
|
||||||
numberOfBytes := (int)(l & 0x7F)
|
numberOfBytes := (int)(l & 0x7F)
|
||||||
if numberOfBytes > 4 { // int is only guaranteed to be 32bit
|
if numberOfBytes > 4 { // int is only guaranteed to be 32bit
|
||||||
@@ -197,14 +188,7 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if l == 0x80 {
|
} else if l == 0x80 {
|
||||||
// find length by searching content
|
indefinite = true
|
||||||
markerIndex := bytes.LastIndex(ber[offset:], []byte{0x0, 0x0})
|
|
||||||
if markerIndex == -1 {
|
|
||||||
return nil, 0, errors.New("ber2der: Invalid BER format")
|
|
||||||
}
|
|
||||||
length = markerIndex
|
|
||||||
hack = 2
|
|
||||||
debugprint("--> (compute length) marker found at offset: %d\n", markerIndex+offset)
|
|
||||||
} else {
|
} else {
|
||||||
length = (int)(l)
|
length = (int)(l)
|
||||||
}
|
}
|
||||||
@@ -220,6 +204,9 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
|
|||||||
debugprint("--> content end : %d\n", contentEnd)
|
debugprint("--> content end : %d\n", contentEnd)
|
||||||
debugprint("--> content : % X\n", ber[offset:contentEnd])
|
debugprint("--> content : % X\n", ber[offset:contentEnd])
|
||||||
var obj asn1Object
|
var obj asn1Object
|
||||||
|
if indefinite && kind == 0 {
|
||||||
|
return nil, 0, errors.New("ber2der: Indefinite form tag must have constructed encoding")
|
||||||
|
}
|
||||||
if kind == 0 {
|
if kind == 0 {
|
||||||
obj = asn1Primitive{
|
obj = asn1Primitive{
|
||||||
tagBytes: ber[tagStart:tagEnd],
|
tagBytes: ber[tagStart:tagEnd],
|
||||||
@@ -228,14 +215,25 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
var subObjects []asn1Object
|
var subObjects []asn1Object
|
||||||
for offset < contentEnd {
|
for (offset < contentEnd) || indefinite {
|
||||||
var subObj asn1Object
|
var subObj asn1Object
|
||||||
var err error
|
var err error
|
||||||
subObj, offset, err = readObject(ber[:contentEnd], offset)
|
subObj, offset, err = readObject(ber, offset)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, 0, err
|
return nil, 0, err
|
||||||
}
|
}
|
||||||
subObjects = append(subObjects, subObj)
|
subObjects = append(subObjects, subObj)
|
||||||
|
|
||||||
|
if indefinite {
|
||||||
|
terminated, err := isIndefiniteTermination(ber, offset)
|
||||||
|
if err != nil {
|
||||||
|
return nil, 0, err
|
||||||
|
}
|
||||||
|
|
||||||
|
if terminated {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
obj = asn1Structured{
|
obj = asn1Structured{
|
||||||
tagBytes: ber[tagStart:tagEnd],
|
tagBytes: ber[tagStart:tagEnd],
|
||||||
@@ -243,7 +241,20 @@ func readObject(ber []byte, offset int) (asn1Object, int, error) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return obj, contentEnd + hack, nil
|
// Apply indefinite form length with 0x0000 terminator.
|
||||||
|
if indefinite {
|
||||||
|
contentEnd = offset + 2
|
||||||
|
}
|
||||||
|
|
||||||
|
return obj, contentEnd, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func isIndefiniteTermination(ber []byte, offset int) (bool, error) {
|
||||||
|
if len(ber) - offset < 2 {
|
||||||
|
return false, errors.New("ber2der: Invalid BER format")
|
||||||
|
}
|
||||||
|
|
||||||
|
return bytes.Index(ber[offset:], []byte{0x0, 0x0}) == 0, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func debugprint(format string, a ...interface{}) {
|
func debugprint(format string, a ...interface{}) {
|
||||||
|
|||||||
2
vendor/go.mozilla.org/pkcs7/encrypt.go
generated
vendored
2
vendor/go.mozilla.org/pkcs7/encrypt.go
generated
vendored
@@ -35,7 +35,7 @@ type recipientInfo struct {
|
|||||||
type encryptedContentInfo struct {
|
type encryptedContentInfo struct {
|
||||||
ContentType asn1.ObjectIdentifier
|
ContentType asn1.ObjectIdentifier
|
||||||
ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
|
ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
|
||||||
EncryptedContent asn1.RawValue `asn1:"tag:0,optional,explicit"`
|
EncryptedContent asn1.RawValue `asn1:"tag:0,optional"`
|
||||||
}
|
}
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|||||||
8
vendor/go.mozilla.org/pkcs7/sign.go
generated
vendored
8
vendor/go.mozilla.org/pkcs7/sign.go
generated
vendored
@@ -124,10 +124,10 @@ func (sd *SignedData) AddSigner(ee *x509.Certificate, pkey crypto.PrivateKey, co
|
|||||||
// The signature algorithm used to hash the data is the one of the end-entity
|
// The signature algorithm used to hash the data is the one of the end-entity
|
||||||
// certificate.
|
// certificate.
|
||||||
func (sd *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate, config SignerInfoConfig) error {
|
func (sd *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate, config SignerInfoConfig) error {
|
||||||
// Following RFC 2315, 9.2 SignerInfo type, the distinguished name of
|
// Following RFC 2315, 9.2 SignerInfo type, the distinguished name of
|
||||||
// the issuer of the end-entity signer is stored in the issuerAndSerialNumber
|
// the issuer of the end-entity signer is stored in the issuerAndSerialNumber
|
||||||
// section of the SignedData.SignerInfo, alongside the serial number of
|
// section of the SignedData.SignerInfo, alongside the serial number of
|
||||||
// the end-entity.
|
// the end-entity.
|
||||||
var ias issuerAndSerial
|
var ias issuerAndSerial
|
||||||
ias.SerialNumber = ee.SerialNumber
|
ias.SerialNumber = ee.SerialNumber
|
||||||
if len(parents) == 0 {
|
if len(parents) == 0 {
|
||||||
|
|||||||
85
vendor/go.mozilla.org/pkcs7/verify.go
generated
vendored
85
vendor/go.mozilla.org/pkcs7/verify.go
generated
vendored
@@ -18,8 +18,12 @@ func (p7 *PKCS7) Verify() (err error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// VerifyWithChain checks the signatures of a PKCS7 object.
|
// VerifyWithChain checks the signatures of a PKCS7 object.
|
||||||
// If truststore is not nil, it also verifies the chain of trust of the end-entity
|
//
|
||||||
// signer cert to one of the root in the truststore.
|
// If truststore is not nil, it also verifies the chain of trust of
|
||||||
|
// the end-entity signer cert to one of the roots in the
|
||||||
|
// truststore. When the PKCS7 object includes the signing time
|
||||||
|
// authenticated attr verifies the chain at that time and UTC now
|
||||||
|
// otherwise.
|
||||||
func (p7 *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error) {
|
func (p7 *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error) {
|
||||||
if len(p7.Signers) == 0 {
|
if len(p7.Signers) == 0 {
|
||||||
return errors.New("pkcs7: Message has no signers")
|
return errors.New("pkcs7: Message has no signers")
|
||||||
@@ -32,6 +36,81 @@ func (p7 *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// VerifyWithChainAtTime checks the signatures of a PKCS7 object.
|
||||||
|
//
|
||||||
|
// If truststore is not nil, it also verifies the chain of trust of
|
||||||
|
// the end-entity signer cert to a root in the truststore at
|
||||||
|
// currentTime. It does not use the signing time authenticated
|
||||||
|
// attribute.
|
||||||
|
func (p7 *PKCS7) VerifyWithChainAtTime(truststore *x509.CertPool, currentTime time.Time) (err error) {
|
||||||
|
if len(p7.Signers) == 0 {
|
||||||
|
return errors.New("pkcs7: Message has no signers")
|
||||||
|
}
|
||||||
|
for _, signer := range p7.Signers {
|
||||||
|
if err := verifySignatureAtTime(p7, signer, truststore, currentTime); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func verifySignatureAtTime(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool, currentTime time.Time) (err error) {
|
||||||
|
signedData := p7.Content
|
||||||
|
ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
|
||||||
|
if ee == nil {
|
||||||
|
return errors.New("pkcs7: No certificate for signer")
|
||||||
|
}
|
||||||
|
if len(signer.AuthenticatedAttributes) > 0 {
|
||||||
|
// TODO(fullsailor): First check the content type match
|
||||||
|
var (
|
||||||
|
digest []byte
|
||||||
|
signingTime time.Time
|
||||||
|
)
|
||||||
|
err := unmarshalAttribute(signer.AuthenticatedAttributes, OIDAttributeMessageDigest, &digest)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
hash, err := getHashForOID(signer.DigestAlgorithm.Algorithm)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
h := hash.New()
|
||||||
|
h.Write(p7.Content)
|
||||||
|
computed := h.Sum(nil)
|
||||||
|
if subtle.ConstantTimeCompare(digest, computed) != 1 {
|
||||||
|
return &MessageDigestMismatchError{
|
||||||
|
ExpectedDigest: digest,
|
||||||
|
ActualDigest: computed,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
signedData, err = marshalAttributes(signer.AuthenticatedAttributes)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
err = unmarshalAttribute(signer.AuthenticatedAttributes, OIDAttributeSigningTime, &signingTime)
|
||||||
|
if err == nil {
|
||||||
|
// signing time found, performing validity check
|
||||||
|
if signingTime.After(ee.NotAfter) || signingTime.Before(ee.NotBefore) {
|
||||||
|
return fmt.Errorf("pkcs7: signing time %q is outside of certificate validity %q to %q",
|
||||||
|
signingTime.Format(time.RFC3339),
|
||||||
|
ee.NotBefore.Format(time.RFC3339),
|
||||||
|
ee.NotAfter.Format(time.RFC3339))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if truststore != nil {
|
||||||
|
_, err = verifyCertChain(ee, p7.Certificates, truststore, currentTime)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
sigalg, err := getSignatureAlgorithm(signer.DigestEncryptionAlgorithm, signer.DigestAlgorithm)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return ee.CheckSignature(sigalg, signedData, signer.EncryptedDigest)
|
||||||
|
}
|
||||||
|
|
||||||
func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (err error) {
|
func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (err error) {
|
||||||
signedData := p7.Content
|
signedData := p7.Content
|
||||||
ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
|
ee := getCertFromCertsByIssuerAndSerial(p7.Certificates, signer.IssuerAndSerialNumber)
|
||||||
@@ -70,7 +149,7 @@ func verifySignature(p7 *PKCS7, signer signerInfo, truststore *x509.CertPool) (e
|
|||||||
return fmt.Errorf("pkcs7: signing time %q is outside of certificate validity %q to %q",
|
return fmt.Errorf("pkcs7: signing time %q is outside of certificate validity %q to %q",
|
||||||
signingTime.Format(time.RFC3339),
|
signingTime.Format(time.RFC3339),
|
||||||
ee.NotBefore.Format(time.RFC3339),
|
ee.NotBefore.Format(time.RFC3339),
|
||||||
ee.NotBefore.Format(time.RFC3339))
|
ee.NotAfter.Format(time.RFC3339))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
182
vendor/go.mozilla.org/pkcs7/verify_test_dsa.go
generated
vendored
Normal file
182
vendor/go.mozilla.org/pkcs7/verify_test_dsa.go
generated
vendored
Normal file
@@ -0,0 +1,182 @@
|
|||||||
|
// +build go1.11 go1.12 go1.13 go1.14 go1.15
|
||||||
|
|
||||||
|
package pkcs7
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/x509"
|
||||||
|
"encoding/pem"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
"os"
|
||||||
|
"os/exec"
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestVerifyEC2(t *testing.T) {
|
||||||
|
fixture := UnmarshalDSATestFixture(EC2IdentityDocumentFixture)
|
||||||
|
p7, err := Parse(fixture.Input)
|
||||||
|
if err != nil {
|
||||||
|
t.Errorf("Parse encountered unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
p7.Certificates = []*x509.Certificate{fixture.Certificate}
|
||||||
|
if err := p7.Verify(); err != nil {
|
||||||
|
t.Errorf("Verify failed with error: %v", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var EC2IdentityDocumentFixture = `
|
||||||
|
-----BEGIN PKCS7-----
|
||||||
|
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCA
|
||||||
|
JIAEggGmewogICJwcml2YXRlSXAiIDogIjE3Mi4zMC4wLjI1MiIsCiAgImRldnBh
|
||||||
|
eVByb2R1Y3RDb2RlcyIgOiBudWxsLAogICJhdmFpbGFiaWxpdHlab25lIiA6ICJ1
|
||||||
|
cy1lYXN0LTFhIiwKICAidmVyc2lvbiIgOiAiMjAxMC0wOC0zMSIsCiAgImluc3Rh
|
||||||
|
bmNlSWQiIDogImktZjc5ZmU1NmMiLAogICJiaWxsaW5nUHJvZHVjdHMiIDogbnVs
|
||||||
|
bCwKICAiaW5zdGFuY2VUeXBlIiA6ICJ0Mi5taWNybyIsCiAgImFjY291bnRJZCIg
|
||||||
|
OiAiMTIxNjU5MDE0MzM0IiwKICAiaW1hZ2VJZCIgOiAiYW1pLWZjZTNjNjk2IiwK
|
||||||
|
ICAicGVuZGluZ1RpbWUiIDogIjIwMTYtMDQtMDhUMDM6MDE6MzhaIiwKICAiYXJj
|
||||||
|
aGl0ZWN0dXJlIiA6ICJ4ODZfNjQiLAogICJrZXJuZWxJZCIgOiBudWxsLAogICJy
|
||||||
|
YW1kaXNrSWQiIDogbnVsbCwKICAicmVnaW9uIiA6ICJ1cy1lYXN0LTEiCn0AAAAA
|
||||||
|
AAAxggEYMIIBFAIBATBpMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5n
|
||||||
|
dG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2Vi
|
||||||
|
IFNlcnZpY2VzIExMQwIJAJa6SNnlXhpnMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0B
|
||||||
|
CQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xNjA0MDgwMzAxNDRaMCMG
|
||||||
|
CSqGSIb3DQEJBDEWBBTuUc28eBXmImAautC+wOjqcFCBVjAJBgcqhkjOOAQDBC8w
|
||||||
|
LQIVAKA54NxGHWWCz5InboDmY/GHs33nAhQ6O/ZI86NwjA9Vz3RNMUJrUPU5tAAA
|
||||||
|
AAAAAA==
|
||||||
|
-----END PKCS7-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC7TCCAq0CCQCWukjZ5V4aZzAJBgcqhkjOOAQDMFwxCzAJBgNVBAYTAlVTMRkw
|
||||||
|
FwYDVQQIExBXYXNoaW5ndG9uIFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYD
|
||||||
|
VQQKExdBbWF6b24gV2ViIFNlcnZpY2VzIExMQzAeFw0xMjAxMDUxMjU2MTJaFw0z
|
||||||
|
ODAxMDUxMjU2MTJaMFwxCzAJBgNVBAYTAlVTMRkwFwYDVQQIExBXYXNoaW5ndG9u
|
||||||
|
IFN0YXRlMRAwDgYDVQQHEwdTZWF0dGxlMSAwHgYDVQQKExdBbWF6b24gV2ViIFNl
|
||||||
|
cnZpY2VzIExMQzCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQCjkvcS2bb1VQ4yt/5e
|
||||||
|
ih5OO6kK/n1Lzllr7D8ZwtQP8fOEpp5E2ng+D6Ud1Z1gYipr58Kj3nssSNpI6bX3
|
||||||
|
VyIQzK7wLclnd/YozqNNmgIyZecN7EglK9ITHJLP+x8FtUpt3QbyYXJdmVMegN6P
|
||||||
|
hviYt5JH/nYl4hh3Pa1HJdskgQIVALVJ3ER11+Ko4tP6nwvHwh6+ERYRAoGBAI1j
|
||||||
|
k+tkqMVHuAFcvAGKocTgsjJem6/5qomzJuKDmbJNu9Qxw3rAotXau8Qe+MBcJl/U
|
||||||
|
hhy1KHVpCGl9fueQ2s6IL0CaO/buycU1CiYQk40KNHCcHfNiZbdlx1E9rpUp7bnF
|
||||||
|
lRa2v1ntMX3caRVDdbtPEWmdxSCYsYFDk4mZrOLBA4GEAAKBgEbmeve5f8LIE/Gf
|
||||||
|
MNmP9CM5eovQOGx5ho8WqD+aTebs+k2tn92BBPqeZqpWRa5P/+jrdKml1qx4llHW
|
||||||
|
MXrs3IgIb6+hUIB+S8dz8/mmO0bpr76RoZVCXYab2CZedFut7qc3WUH9+EUAH5mw
|
||||||
|
vSeDCOUMYQR7R9LINYwouHIziqQYMAkGByqGSM44BAMDLwAwLAIUWXBlk40xTwSw
|
||||||
|
7HX32MxXYruse9ACFBNGmdX2ZBrVNGrN9N2f6ROk0k9K
|
||||||
|
-----END CERTIFICATE-----`
|
||||||
|
|
||||||
|
func TestDSASignWithOpenSSLAndVerify(t *testing.T) {
|
||||||
|
content := []byte(`
|
||||||
|
A ship in port is safe,
|
||||||
|
but that's not what ships are built for.
|
||||||
|
-- Grace Hopper`)
|
||||||
|
// write the content to a temp file
|
||||||
|
tmpContentFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_content")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
ioutil.WriteFile(tmpContentFile.Name(), content, 0755)
|
||||||
|
|
||||||
|
// write the signer cert to a temp file
|
||||||
|
tmpSignerCertFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signer")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
ioutil.WriteFile(tmpSignerCertFile.Name(), dsaPublicCert, 0755)
|
||||||
|
|
||||||
|
// write the signer key to a temp file
|
||||||
|
tmpSignerKeyFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_key")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
ioutil.WriteFile(tmpSignerKeyFile.Name(), dsaPrivateKey, 0755)
|
||||||
|
|
||||||
|
tmpSignedFile, err := ioutil.TempFile("", "TestDSASignWithOpenSSLAndVerify_signature")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
// call openssl to sign the content
|
||||||
|
opensslCMD := exec.Command("openssl", "smime", "-sign", "-nodetach", "-md", "sha1",
|
||||||
|
"-in", tmpContentFile.Name(), "-out", tmpSignedFile.Name(),
|
||||||
|
"-signer", tmpSignerCertFile.Name(), "-inkey", tmpSignerKeyFile.Name(),
|
||||||
|
"-certfile", tmpSignerCertFile.Name(), "-outform", "PEM")
|
||||||
|
out, err := opensslCMD.CombinedOutput()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("openssl command failed with %s: %s", err, out)
|
||||||
|
}
|
||||||
|
|
||||||
|
// verify the signed content
|
||||||
|
pemSignature, err := ioutil.ReadFile(tmpSignedFile.Name())
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
fmt.Printf("%s\n", pemSignature)
|
||||||
|
derBlock, _ := pem.Decode(pemSignature)
|
||||||
|
if derBlock == nil {
|
||||||
|
t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name())
|
||||||
|
}
|
||||||
|
p7, err := Parse(derBlock.Bytes)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Parse encountered unexpected error: %v", err)
|
||||||
|
}
|
||||||
|
if err := p7.Verify(); err != nil {
|
||||||
|
t.Fatalf("Verify failed with error: %v", err)
|
||||||
|
}
|
||||||
|
os.Remove(tmpSignerCertFile.Name()) // clean up
|
||||||
|
os.Remove(tmpSignerKeyFile.Name()) // clean up
|
||||||
|
os.Remove(tmpContentFile.Name()) // clean up
|
||||||
|
}
|
||||||
|
|
||||||
|
var dsaPrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIBSwIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdS
|
||||||
|
PO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVCl
|
||||||
|
pJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
|
||||||
|
1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7L
|
||||||
|
vKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
|
||||||
|
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
|
||||||
|
g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFgIUfW4aPdQBn9gJZp2KuNpzgHzvfsE=
|
||||||
|
-----END PRIVATE KEY-----`)
|
||||||
|
|
||||||
|
var dsaPublicCert = []byte(`-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDOjCCAvWgAwIBAgIEPCY/UDANBglghkgBZQMEAwIFADBsMRAwDgYDVQQGEwdV
|
||||||
|
bmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAwDgYD
|
||||||
|
VQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3du
|
||||||
|
MB4XDTE4MTAyMjEzNDMwN1oXDTQ2MDMwOTEzNDMwN1owbDEQMA4GA1UEBhMHVW5r
|
||||||
|
bm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UE
|
||||||
|
ChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm93bjCC
|
||||||
|
AbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADD
|
||||||
|
Hj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gE
|
||||||
|
exAiwk+7qdf+t8Yb+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/Ii
|
||||||
|
Axmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4
|
||||||
|
V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozI
|
||||||
|
puE8FnqLVHyNKOCjrh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl
|
||||||
|
nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDCriMPbEVBoRK4SOUeFwg7+VRf4TTp
|
||||||
|
rcOQC9IVVoCjXzuWEGrp3ZI7YWJSpFnSch4lk29RH8O0HpI/NOzKnOBtnKr782pt
|
||||||
|
1k/bJVMH9EaLd6MKnAVjrCDMYBB0MhebZ8QHY2elZZCWoqDYAcIDOsEx+m4NLErT
|
||||||
|
ypPnjS5M0jm1PKMhMB8wHQYDVR0OBBYEFC0Yt5XdM0Kc95IX8NQ8XRssGPx7MA0G
|
||||||
|
CWCGSAFlAwQDAgUAAzAAMC0CFQCIgQtrZZ9hdZG1ROhR5hc8nYEmbgIUAIlgC688
|
||||||
|
qzy/7yePTlhlpj+ahMM=
|
||||||
|
-----END CERTIFICATE-----`)
|
||||||
|
|
||||||
|
type DSATestFixture struct {
|
||||||
|
Input []byte
|
||||||
|
Certificate *x509.Certificate
|
||||||
|
}
|
||||||
|
|
||||||
|
func UnmarshalDSATestFixture(testPEMBlock string) DSATestFixture {
|
||||||
|
var result DSATestFixture
|
||||||
|
var derBlock *pem.Block
|
||||||
|
var pemBlock = []byte(testPEMBlock)
|
||||||
|
for {
|
||||||
|
derBlock, pemBlock = pem.Decode(pemBlock)
|
||||||
|
if derBlock == nil {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
switch derBlock.Type {
|
||||||
|
case "PKCS7":
|
||||||
|
result.Input = derBlock.Bytes
|
||||||
|
case "CERTIFICATE":
|
||||||
|
result.Certificate, _ = x509.ParseCertificate(derBlock.Bytes)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return result
|
||||||
|
}
|
||||||
16
vendor/modules.txt
vendored
16
vendor/modules.txt
vendored
@@ -1,10 +1,10 @@
|
|||||||
# dario.cat/mergo v1.0.1
|
# dario.cat/mergo v1.0.1
|
||||||
## explicit; go 1.13
|
## explicit; go 1.13
|
||||||
dario.cat/mergo
|
dario.cat/mergo
|
||||||
# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24
|
# github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6
|
||||||
## explicit; go 1.20
|
## explicit; go 1.20
|
||||||
github.com/AdaLogics/go-fuzz-headers
|
github.com/AdaLogics/go-fuzz-headers
|
||||||
# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0
|
# github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2
|
||||||
## explicit; go 1.18
|
## explicit; go 1.18
|
||||||
github.com/AdamKorcz/go-118-fuzz-build/testing
|
github.com/AdamKorcz/go-118-fuzz-build/testing
|
||||||
# github.com/Microsoft/go-winio v0.6.2
|
# github.com/Microsoft/go-winio v0.6.2
|
||||||
@@ -163,10 +163,10 @@ github.com/containerd/go-cni
|
|||||||
# github.com/containerd/go-runc v1.1.0
|
# github.com/containerd/go-runc v1.1.0
|
||||||
## explicit; go 1.18
|
## explicit; go 1.18
|
||||||
github.com/containerd/go-runc
|
github.com/containerd/go-runc
|
||||||
# github.com/containerd/imgcrypt v1.2.0-rc1
|
# github.com/containerd/imgcrypt/v2 v2.0.0-rc.1
|
||||||
## explicit; go 1.22.0
|
## explicit; go 1.22.0
|
||||||
github.com/containerd/imgcrypt
|
github.com/containerd/imgcrypt/v2
|
||||||
github.com/containerd/imgcrypt/images/encryption
|
github.com/containerd/imgcrypt/v2/images/encryption
|
||||||
# github.com/containerd/log v0.1.0
|
# github.com/containerd/log v0.1.0
|
||||||
## explicit; go 1.20
|
## explicit; go 1.20
|
||||||
github.com/containerd/log
|
github.com/containerd/log
|
||||||
@@ -272,7 +272,7 @@ github.com/fsnotify/fsnotify
|
|||||||
# github.com/fxamacker/cbor/v2 v2.7.0
|
# github.com/fxamacker/cbor/v2 v2.7.0
|
||||||
## explicit; go 1.17
|
## explicit; go 1.17
|
||||||
github.com/fxamacker/cbor/v2
|
github.com/fxamacker/cbor/v2
|
||||||
# github.com/go-jose/go-jose/v4 v4.0.2
|
# github.com/go-jose/go-jose/v4 v4.0.4
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
github.com/go-jose/go-jose/v4
|
github.com/go-jose/go-jose/v4
|
||||||
github.com/go-jose/go-jose/v4/cipher
|
github.com/go-jose/go-jose/v4/cipher
|
||||||
@@ -489,7 +489,7 @@ github.com/xrash/smetrics
|
|||||||
# go.etcd.io/bbolt v1.3.11
|
# go.etcd.io/bbolt v1.3.11
|
||||||
## explicit; go 1.22
|
## explicit; go 1.22
|
||||||
go.etcd.io/bbolt
|
go.etcd.io/bbolt
|
||||||
# go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1
|
# go.mozilla.org/pkcs7 v0.9.0
|
||||||
## explicit; go 1.11
|
## explicit; go 1.11
|
||||||
go.mozilla.org/pkcs7
|
go.mozilla.org/pkcs7
|
||||||
# go.opencensus.io v0.24.0
|
# go.opencensus.io v0.24.0
|
||||||
@@ -632,7 +632,7 @@ golang.org/x/time/rate
|
|||||||
# google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9
|
# google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
google.golang.org/genproto/googleapis/api/httpbody
|
google.golang.org/genproto/googleapis/api/httpbody
|
||||||
# google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9
|
# google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38
|
||||||
## explicit; go 1.21
|
## explicit; go 1.21
|
||||||
google.golang.org/genproto/googleapis/rpc/code
|
google.golang.org/genproto/googleapis/rpc/code
|
||||||
google.golang.org/genproto/googleapis/rpc/errdetails
|
google.golang.org/genproto/googleapis/rpc/errdetails
|
||||||
|
|||||||
Reference in New Issue
Block a user