third_party/github/paypal/gatt: Update the library to pick up the
upstream changes that add support for fetching long characteristics.
Change-Id: I0114d0e934492f8c1197df58683f086d1611b183
diff --git a/go/src/github.com/paypal/gatt/README.google b/go/src/github.com/paypal/gatt/README.google
index e3326c7..1c1be44 100644
--- a/go/src/github.com/paypal/gatt/README.google
+++ b/go/src/github.com/paypal/gatt/README.google
@@ -1,5 +1,5 @@
-URL: https://github.com/paypal/gatt/archive/fc9c77133e3b89c5ff904b9c7c41fee62f9ebab7.zip
-Version: fc9c77133e3b89c5ff904b9c7c41fee62f9ebab7
+URL: https://github.com/paypal/gatt/archive/b9fc93c14a321fa542c824baa911471deec736fa.zip
+Version: b9fc93c14a321fa542c824baa911471deec736fa
License: BSD
License File: LICENSE
@@ -7,4 +7,4 @@
Gatt is a Go package for building Bluetooth Low Energy peripherals
Local Modifications:
-No modifications.
+Modified xpc/xpc_darwin_test.go to get tests to pass. This will be upstreamed shortly.
diff --git a/go/src/github.com/paypal/gatt/central_linux.go b/go/src/github.com/paypal/gatt/central_linux.go
index 0e77233..3ae6994 100644
--- a/go/src/github.com/paypal/gatt/central_linux.go
+++ b/go/src/github.com/paypal/gatt/central_linux.go
@@ -387,7 +387,11 @@
} else if d, ok := a.pvt.(*Characteristic); ok {
d.whandler.ServeWrite(r, value)
}
- return []byte{attOpWriteRsp}
+ if noRsp {
+ return nil
+ } else {
+ return []byte{attOpWriteRsp}
+ }
}
// CCC/descriptor write
diff --git a/go/src/github.com/paypal/gatt/central_linux_test.go b/go/src/github.com/paypal/gatt/central_linux_test.go
index 6bf3dbb..9789c5f 100644
--- a/go/src/github.com/paypal/gatt/central_linux_test.go
+++ b/go/src/github.com/paypal/gatt/central_linux_test.go
@@ -64,6 +64,23 @@
}()
})
+ longString := "A really long characteristic"
+ svc.AddCharacteristic(MustParseUUID("11fac9e0-c111-11e3-9246-0002a5d5c51c")).HandleReadFunc(
+ func(resp ResponseWriter, req *ReadRequest) {
+ start := req.Offset
+ end := req.Offset + req.Cap
+ if len(longString) < start {
+ start = len(longString)
+ }
+
+ if len(longString) < end {
+ end = len(longString)
+ }
+ io.WriteString(resp, longString[start:end])
+ })
+
+ svc.AddCharacteristic(MustParseUUID("11fac9e0-c111-11e3-9246-0002a5d5c51d")).SetValue([]byte(longString))
+
gapSvc := NewService(attrGAPUUID)
gapSvc.AddCharacteristic(attrDeviceNameUUID).SetValue([]byte("Gopher"))
@@ -87,7 +104,10 @@
// 0x000C 0x2803 0x30 0x00 *gatt.Characteristic [ 30 0D 00 66 9A 0C 20 00 08 33 8A E3 11 16 C1 50 7B 92 1C ]
// 0x000D 0x1c927b50c11611e38a330800200c9a66 0x30 0x00 *gatt.Characteristic [ ]
// 0x000E 0x2902 0x0E 0x00 *gatt.Descriptor [ 00 00 ]
-
+ // 0x000F 0x2803 0x02 0x00 *gatt.Characteristic [ 02 10 00 1C C5 D5 A5 02 00 46 92 E3 11 11 C1 E0 C9 FA 11 ]
+ // 0x0010 0x11fac9e0c11111e392460002a5d5c51c 0x02 0x00 *gatt.Characteristic [ ]
+ // 0x0011 0x2803 0x02 0x00 *gatt.Characteristic [ 02 12 00 1D C5 D5 A5 02 00 46 92 E3 11 11 C1 E0 C9 FA 11 ]
+ // 0x0012 0x11fac9e0c11111e392460002a5d5c51d 0x02 0x00 *gatt.Characteristic [ 41 20 72 65 61 6C 6C 79 20 6C 6F 6E 67 20 63 68 61 72 61 63 74 65 72 69 73 74 69 63 ]
rxtx := []struct {
name string
send string
@@ -160,6 +180,27 @@
want: "0b636f756e743a2031",
},
{
+ name: "read long char with handler -- 'A really long characte'",
+ send: "0a1000",
+ want: "0b41207265616c6c79206c6f6e67206368617261637465",
+ },
+ {
+ name: "finish read long char with handler - '6973746963'",
+ send: "0c10001700",
+ want: "0d6973746963",
+ },
+ {
+ name: "read long char with value -- 'A really long characte'",
+ send: "0a1200",
+ want: "0b41207265616c6c79206c6f6e67206368617261637465",
+ },
+ {
+ name: "finish read long char with value - '6973746963'",
+ send: "0c12001700",
+ want: "0d6973746963",
+ },
+
+ {
name: "write char 'abcdef' -- ok",
send: "120b00616263646566",
want: "13",
diff --git a/go/src/github.com/paypal/gatt/common.go b/go/src/github.com/paypal/gatt/common.go
index 8092c39..4fa2389 100644
--- a/go/src/github.com/paypal/gatt/common.go
+++ b/go/src/github.com/paypal/gatt/common.go
@@ -101,6 +101,21 @@
return knownServices[s.uuid.String()].Name
}
+// Handle returns the Handle of the service.
+func (s *Service) Handle() uint16 { return s.h }
+
+// EndHandle returns the End Handle of the service.
+func (s *Service) EndHandle() uint16 { return s.endh }
+
+// SetHandle sets the Handle of the service.
+func (s *Service) SetHandle(h uint16) { s.h = h }
+
+// SetEndHandle sets the End Handle of the service.
+func (s *Service) SetEndHandle(endh uint16) { s.endh = endh }
+
+// SetCharacteristics sets the Characteristics of the service.
+func (s *Service) SetCharacteristics(chars []*Characteristic) { s.chars = chars }
+
// Characteristic returns the contained characteristic of this service.
func (s *Service) Characteristics() []*Characteristic { return s.chars }
@@ -125,6 +140,46 @@
endh uint16
}
+// NewCharacteristic creates and returns a Characteristic.
+func NewCharacteristic(u UUID, s *Service, props Property, h uint16, vh uint16) *Characteristic {
+ c := &Characteristic{
+ uuid: u,
+ svc: s,
+ props: props,
+ h: h,
+ vh: vh,
+ }
+
+ return c
+}
+
+// Handle returns the Handle of the characteristic.
+func (c *Characteristic) Handle() uint16 { return c.h }
+
+// VHandle returns the Value Handle of the characteristic.
+func (c *Characteristic) VHandle() uint16 { return c.vh }
+
+// EndHandle returns the End Handle of the characteristic.
+func (c *Characteristic) EndHandle() uint16 { return c.endh }
+
+// Descriptor returns the Descriptor of the characteristic.
+func (c *Characteristic) Descriptor() *Descriptor { return c.cccd }
+
+// SetHandle sets the Handle of the characteristic.
+func (c *Characteristic) SetHandle(h uint16) { c.h = h }
+
+// SetVHandle sets the Value Handle of the characteristic.
+func (c *Characteristic) SetVHandle(vh uint16) { c.vh = vh }
+
+// SetEndHandle sets the End Handle of the characteristic.
+func (c *Characteristic) SetEndHandle(endh uint16) { c.endh = endh }
+
+// SetDescriptor sets the Descriptor of the characteristic.
+func (c *Characteristic) SetDescriptor(cccd *Descriptor) { c.cccd = cccd }
+
+// SetDescriptors sets the list of Descriptor of the characteristic.
+func (c *Characteristic) SetDescriptors(descs []*Descriptor) { c.descs = descs }
+
// UUID returns the UUID of the characteristic.
func (c *Characteristic) UUID() UUID {
return c.uuid
@@ -267,6 +322,22 @@
whandler WriteHandler
}
+// Handle returns the Handle of the descriptor.
+func (d *Descriptor) Handle() uint16 { return d.h }
+
+// SetHandle sets the Handle of the descriptor.
+func (d *Descriptor) SetHandle(h uint16) { d.h = h }
+
+// NewDescriptor creates and returns a Descriptor.
+func NewDescriptor(u UUID, h uint16, char *Characteristic) *Descriptor {
+ cd := &Descriptor{
+ uuid: u,
+ h: h,
+ char: char,
+ }
+ return cd
+}
+
// UUID returns the UUID of the descriptor.
func (d *Descriptor) UUID() UUID {
return d.uuid
diff --git a/go/src/github.com/paypal/gatt/device.go b/go/src/github.com/paypal/gatt/device.go
index a2cff86..93d423e 100644
--- a/go/src/github.com/paypal/gatt/device.go
+++ b/go/src/github.com/paypal/gatt/device.go
@@ -36,6 +36,9 @@
type Device interface {
Init(stateChanged func(Device, State)) error
+ // Advertise advertise AdvPacket
+ Advertise(a *AdvPacket) error
+
// AdvertiseNameAndServices advertises device name, and specified service UUIDs.
// It tres to fit the UUIDs in the advertising packet as much as possible.
// If name doesn't fit in the advertising packet, it will be put in scan response.
diff --git a/go/src/github.com/paypal/gatt/device_darwin.go b/go/src/github.com/paypal/gatt/device_darwin.go
index 7b89b22..e880988 100644
--- a/go/src/github.com/paypal/gatt/device_darwin.go
+++ b/go/src/github.com/paypal/gatt/device_darwin.go
@@ -63,6 +63,11 @@
return nil
}
+func (d *device) Advertise(a *AdvPacket) error {
+ // TODO
+ return notImplemented
+}
+
func (d *device) AdvertiseNameAndServices(name string, ss []UUID) error {
us := uuidSlice(ss)
rsp := d.sendReq(8, xpc.Dict{
diff --git a/go/src/github.com/paypal/gatt/device_linux.go b/go/src/github.com/paypal/gatt/device_linux.go
index cb52a06..a3d53ee 100644
--- a/go/src/github.com/paypal/gatt/device_linux.go
+++ b/go/src/github.com/paypal/gatt/device_linux.go
@@ -133,6 +133,19 @@
return nil
}
+func (d *device) Advertise(a *AdvPacket) error {
+ d.advData = &cmd.LESetAdvertisingData{
+ AdvertisingDataLength: uint8(a.Len()),
+ AdvertisingData: a.Bytes(),
+ }
+
+ if err := d.update(); err != nil {
+ return err
+ }
+
+ return d.hci.SetAdvertiseEnable(true)
+}
+
func (d *device) AdvertiseNameAndServices(name string, uu []UUID) error {
a := &AdvPacket{}
a.AppendFlags(flagGeneralDiscoverable | flagLEOnly)
@@ -155,15 +168,8 @@
ScanResponseData: a.Bytes(),
}
}
- d.advData = &cmd.LESetAdvertisingData{
- AdvertisingDataLength: uint8(a.Len()),
- AdvertisingData: a.Bytes(),
- }
- if err := d.update(); err != nil {
- return err
- }
- return d.hci.SetAdvertiseEnable(true)
+ return d.Advertise(a)
}
func (d *device) AdvertiseIBeaconData(b []byte) error {
@@ -174,10 +180,8 @@
AdvertisingDataLength: uint8(a.Len()),
AdvertisingData: a.Bytes(),
}
- if err := d.update(); err != nil {
- return err
- }
- return d.hci.SetAdvertiseEnable(true)
+
+ return d.Advertise(a)
}
func (d *device) AdvertiseIBeacon(u UUID, major, minor uint16, pwr int8) error {
diff --git a/go/src/github.com/paypal/gatt/examples/explorer.go b/go/src/github.com/paypal/gatt/examples/explorer.go
index 3861cd9..a25fa2f 100644
--- a/go/src/github.com/paypal/gatt/examples/explorer.go
+++ b/go/src/github.com/paypal/gatt/examples/explorer.go
@@ -50,6 +50,11 @@
fmt.Println("Connected")
defer p.Device().CancelConnection(p)
+ if err := p.SetMTU(500); err != nil {
+ fmt.Printf("Failed to set MTU, err: %s\n", err)
+ return
+ }
+
// Discovery services
ss, err := p.DiscoverServices(nil)
if err != nil {
@@ -81,7 +86,7 @@
// Read the characteristic, if possible.
if (c.Properties() & gatt.CharRead) != 0 {
- b, err := p.ReadCharacteristic(c)
+ b, err := p.ReadLongCharacteristic(c)
if err != nil {
fmt.Printf("Failed to read characteristic, err: %s\n", err)
continue
diff --git a/go/src/github.com/paypal/gatt/peripheral.go b/go/src/github.com/paypal/gatt/peripheral.go
index 3aa61f8..36ad578 100644
--- a/go/src/github.com/paypal/gatt/peripheral.go
+++ b/go/src/github.com/paypal/gatt/peripheral.go
@@ -39,6 +39,10 @@
// ReadCharacteristic retrieves the value of a specified characteristic.
ReadCharacteristic(c *Characteristic) ([]byte, error)
+ // ReadLongCharacteristic retrieves the value of a specified characteristic that is longer than the
+ // MTU.
+ ReadLongCharacteristic(c *Characteristic) ([]byte, error)
+
// ReadDescriptor retrieves the value of a specified characteristic descriptor.
ReadDescriptor(d *Descriptor) ([]byte, error)
@@ -56,6 +60,9 @@
// ReadRSSI retrieves the current RSSI value for the remote peripheral.
ReadRSSI() int
+
+ // SetMTU sets the mtu for the remote peripheral.
+ SetMTU(mtu uint16) error
}
type subscriber struct {
diff --git a/go/src/github.com/paypal/gatt/peripheral_darwin.go b/go/src/github.com/paypal/gatt/peripheral_darwin.go
index 434e65e..dc2abe2 100644
--- a/go/src/github.com/paypal/gatt/peripheral_darwin.go
+++ b/go/src/github.com/paypal/gatt/peripheral_darwin.go
@@ -1,6 +1,7 @@
package gatt
import (
+ "errors"
"log"
"github.com/paypal/gatt/xpc"
@@ -120,6 +121,10 @@
return b, nil
}
+func (p *peripheral) ReadLongCharacteristic(c *Characteristic) ([]byte, error) {
+ return nil, errors.New("Not implemented")
+}
+
func (p *peripheral) WriteCharacteristic(c *Characteristic, b []byte, noRsp bool) error {
args := xpc.Dict{
"kCBMsgArgDeviceUUID": p.id,
@@ -200,6 +205,10 @@
return rsp.MustGetInt("kCBMsgArgData")
}
+func (p *peripheral) SetMTU(mtu uint16) error {
+ return errors.New("Not implemented")
+}
+
func uuidSlice(uu []UUID) [][]byte {
us := [][]byte{}
for _, u := range uu {
diff --git a/go/src/github.com/paypal/gatt/peripheral_linux.go b/go/src/github.com/paypal/gatt/peripheral_linux.go
index 3cd9abc..ce256fa 100644
--- a/go/src/github.com/paypal/gatt/peripheral_linux.go
+++ b/go/src/github.com/paypal/gatt/peripheral_linux.go
@@ -1,6 +1,7 @@
package gatt
import (
+ "bytes"
"encoding/binary"
"errors"
"fmt"
@@ -215,6 +216,43 @@
return b, nil
}
+func (p *peripheral) ReadLongCharacteristic(c *Characteristic) ([]byte, error) {
+ // The spec says that a read blob request should fail if the characteristic
+ // is smaller than mtu - 1. To simplify the API, the first read is done
+ // with a regular read request. If the buffer received is equal to mtu -1,
+ // then we read the rest of the data using read blob.
+ firstRead, err := p.ReadCharacteristic(c)
+ if err != nil {
+ return nil, err
+ }
+ if len(firstRead) < int(p.mtu)-1 {
+ return firstRead, nil
+ }
+
+ var buf bytes.Buffer
+ buf.Write(firstRead)
+ off := uint16(len(firstRead))
+ for {
+ b := make([]byte, 5)
+ op := byte(attOpReadBlobReq)
+ b[0] = op
+ binary.LittleEndian.PutUint16(b[1:3], c.vh)
+ binary.LittleEndian.PutUint16(b[3:5], off)
+
+ b = p.sendReq(op, b)
+ b = b[1:]
+ if len(b) == 0 {
+ break
+ }
+ buf.Write(b)
+ off += uint16(len(b))
+ if len(b) < int(p.mtu)-1 {
+ break
+ }
+ }
+ return buf.Bytes(), nil
+}
+
func (p *peripheral) WriteCharacteristic(c *Characteristic, value []byte, noRsp bool) error {
b := make([]byte, 3+len(value))
op := byte(attOpWriteReq)
@@ -295,7 +333,6 @@
return p.setNotifyValue(c, gattCCCIndicateFlag, f)
}
-
func (p *peripheral) ReadRSSI() int {
// TODO: implement
return -1
@@ -391,3 +428,18 @@
}
}
+
+func (p *peripheral) SetMTU(mtu uint16) error {
+ b := make([]byte, 3)
+ op := byte(attOpMtuReq)
+ b[0] = op
+ binary.LittleEndian.PutUint16(b[1:3], uint16(mtu))
+
+ b = p.sendReq(op, b)
+ serverMTU := binary.LittleEndian.Uint16(b[1:3])
+ if serverMTU < mtu {
+ mtu = serverMTU
+ }
+ p.mtu = mtu
+ return nil
+}
diff --git a/go/src/golang.org/x/crypto/README.google b/go/src/golang.org/x/crypto/README.google
index 64b4cac..2fd2c7f 100644
--- a/go/src/golang.org/x/crypto/README.google
+++ b/go/src/golang.org/x/crypto/README.google
@@ -1,5 +1,5 @@
-URL: https://go.googlesource.com/crypto/+archive/81bf7719a6b7ce9b665598222362b50122dfc13b.tar.gz
-Version: 81bf7719a6b7ce9b665598222362b50122dfc13b
+URL: https://go.googlesource.com/crypto/+archive/02a186af8b62cb007f392270669b91be5527d39c.tar.gz
+Version: 602a186af8b62cb007f392270669b91be5527d39c
License: New BSD
License File: LICENSE
diff --git a/go/src/golang.org/x/crypto/ocsp/ocsp.go b/go/src/golang.org/x/crypto/ocsp/ocsp.go
index 1850e1b..602fefa 100644
--- a/go/src/golang.org/x/crypto/ocsp/ocsp.go
+++ b/go/src/golang.org/x/crypto/ocsp/ocsp.go
@@ -87,7 +87,7 @@
type singleResponse struct {
CertID certID
Good asn1.Flag `asn1:"tag:0,optional"`
- Revoked revokedInfo `asn1:"tag:1,optional"`
+ Revoked revokedInfo `asn1:"explicit,tag:1,optional"`
Unknown asn1.Flag `asn1:"tag:2,optional"`
ThisUpdate time.Time `asn1:"generalized"`
NextUpdate time.Time `asn1:"generalized,explicit,tag:0,optional"`
diff --git a/go/src/golang.org/x/crypto/openpgp/keys.go b/go/src/golang.org/x/crypto/openpgp/keys.go
index bfe3260..fe12cfa 100644
--- a/go/src/golang.org/x/crypto/openpgp/keys.go
+++ b/go/src/golang.org/x/crypto/openpgp/keys.go
@@ -464,20 +464,15 @@
func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
currentTime := config.Now()
- bits := defaultRSAKeyBits
- if config != nil && config.RSABits != 0 {
- bits = config.RSABits
- }
-
uid := packet.NewUserId(name, comment, email)
if uid == nil {
return nil, errors.InvalidArgumentError("user id field contained invalid characters")
}
- signingPriv, err := rsa.GenerateKey(config.Random(), bits)
+ signingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits)
if err != nil {
return nil, err
}
- encryptingPriv, err := rsa.GenerateKey(config.Random(), bits)
+ encryptingPriv, err := rsa.GenerateKey(config.Random(), defaultRSAKeyBits)
if err != nil {
return nil, err
}
diff --git a/go/src/golang.org/x/crypto/openpgp/packet/config.go b/go/src/golang.org/x/crypto/openpgp/packet/config.go
index c76eecc..d977cde 100644
--- a/go/src/golang.org/x/crypto/openpgp/packet/config.go
+++ b/go/src/golang.org/x/crypto/openpgp/packet/config.go
@@ -43,9 +43,6 @@
// use a value that is at least 65536. See RFC 4880 Section
// 3.7.1.3.
S2KCount int
- // RSABits is the number of bits in new RSA keys made with NewEntity.
- // If zero, then 2048 bit keys are created.
- RSABits int
}
func (c *Config) Random() io.Reader {
diff --git a/go/src/golang.org/x/crypto/openpgp/packet/opaque.go b/go/src/golang.org/x/crypto/openpgp/packet/opaque.go
index 456d807..f2e00b9 100644
--- a/go/src/golang.org/x/crypto/openpgp/packet/opaque.go
+++ b/go/src/golang.org/x/crypto/openpgp/packet/opaque.go
@@ -6,10 +6,9 @@
import (
"bytes"
+ "golang.org/x/crypto/openpgp/errors"
"io"
"io/ioutil"
-
- "golang.org/x/crypto/openpgp/errors"
)
// OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is
@@ -139,7 +138,7 @@
uint32(contents[4])
contents = contents[5:]
}
- if subLen > uint32(len(contents)) || subLen == 0 {
+ if subLen > uint32(len(contents)) {
goto Truncated
}
subPacket.SubType = contents[0]
diff --git a/go/src/golang.org/x/crypto/openpgp/packet/private_key.go b/go/src/golang.org/x/crypto/openpgp/packet/private_key.go
index cddecfa..9685a34 100644
--- a/go/src/golang.org/x/crypto/openpgp/packet/private_key.go
+++ b/go/src/golang.org/x/crypto/openpgp/packet/private_key.go
@@ -263,9 +263,6 @@
rsaPriv.Primes = make([]*big.Int, 2)
rsaPriv.Primes[0] = new(big.Int).SetBytes(p)
rsaPriv.Primes[1] = new(big.Int).SetBytes(q)
- if err := rsaPriv.Validate(); err != nil {
- return err
- }
rsaPriv.Precompute()
pk.PrivateKey = rsaPriv
pk.Encrypted = false
diff --git a/go/src/golang.org/x/crypto/openpgp/packet/private_key_test.go b/go/src/golang.org/x/crypto/openpgp/packet/private_key_test.go
index 25c8931..6a6197a 100644
--- a/go/src/golang.org/x/crypto/openpgp/packet/private_key_test.go
+++ b/go/src/golang.org/x/crypto/openpgp/packet/private_key_test.go
@@ -56,11 +56,6 @@
}
}
-func TestIssue11505(t *testing.T) {
- // parsing a rsa private key with p or q == 1 used to panic due to a divide by zero
- _, _ = Read(readerFromHex("9c3004303030300100000011303030000000000000010130303030303030303030303030303030303030303030303030303030303030303030303030303030303030"))
-}
-
// Generated with `gpg --export-secret-keys "Test Key 2"`
const privKeyRSAHex = "9501fe044cc349a8010400b70ca0010e98c090008d45d1ee8f9113bd5861fd57b88bacb7c68658747663f1e1a3b5a98f32fda6472373c024b97359cd2efc88ff60f77751adfbf6af5e615e6a1408cfad8bf0cea30b0d5f53aa27ad59089ba9b15b7ebc2777a25d7b436144027e3bcd203909f147d0e332b240cf63d3395f5dfe0df0a6c04e8655af7eacdf0011010001fe0303024a252e7d475fd445607de39a265472aa74a9320ba2dac395faa687e9e0336aeb7e9a7397e511b5afd9dc84557c80ac0f3d4d7bfec5ae16f20d41c8c84a04552a33870b930420e230e179564f6d19bb153145e76c33ae993886c388832b0fa042ddda7f133924f3854481533e0ede31d51278c0519b29abc3bf53da673e13e3e1214b52413d179d7f66deee35cac8eacb060f78379d70ef4af8607e68131ff529439668fc39c9ce6dfef8a5ac234d234802cbfb749a26107db26406213ae5c06d4673253a3cbee1fcbae58d6ab77e38d6e2c0e7c6317c48e054edadb5a40d0d48acb44643d998139a8a66bb820be1f3f80185bc777d14b5954b60effe2448a036d565c6bc0b915fcea518acdd20ab07bc1529f561c58cd044f723109b93f6fd99f876ff891d64306b5d08f48bab59f38695e9109c4dec34013ba3153488ce070268381ba923ee1eb77125b36afcb4347ec3478c8f2735b06ef17351d872e577fa95d0c397c88c71b59629a36aec"
diff --git a/go/src/golang.org/x/crypto/openpgp/packet/public_key_v3.go b/go/src/golang.org/x/crypto/openpgp/packet/public_key_v3.go
index 26337f5..1641248 100644
--- a/go/src/golang.org/x/crypto/openpgp/packet/public_key_v3.go
+++ b/go/src/golang.org/x/crypto/openpgp/packet/public_key_v3.go
@@ -95,11 +95,6 @@
return
}
- // RFC 4880 Section 12.2 requires the low 8 bytes of the
- // modulus to form the key id.
- if len(pk.n.bytes) < 8 {
- return errors.StructuralError("v3 public key modulus is too short")
- }
if len(pk.e.bytes) > 3 {
err = errors.UnsupportedError("large public exponent")
return
diff --git a/go/src/golang.org/x/crypto/openpgp/read_test.go b/go/src/golang.org/x/crypto/openpgp/read_test.go
index 3d74ea3..03bf5d8 100644
--- a/go/src/golang.org/x/crypto/openpgp/read_test.go
+++ b/go/src/golang.org/x/crypto/openpgp/read_test.go
@@ -8,12 +8,11 @@
"bytes"
_ "crypto/sha512"
"encoding/hex"
+ "golang.org/x/crypto/openpgp/errors"
"io"
"io/ioutil"
"strings"
"testing"
-
- "golang.org/x/crypto/openpgp/errors"
)
func readerFromHex(s string) io.Reader {
@@ -369,35 +368,6 @@
}
}
-func testReadMessageError(t *testing.T, messageHex string) {
- buf, err := hex.DecodeString(messageHex)
- if err != nil {
- t.Errorf("hex.DecodeString(): %v", err)
- }
-
- kr, err := ReadKeyRing(new(bytes.Buffer))
- if err != nil {
- t.Errorf("ReadKeyring(): %v", err)
- }
-
- _, err = ReadMessage(bytes.NewBuffer(buf), kr,
- func([]Key, bool) ([]byte, error) {
- return []byte("insecure"), nil
- }, nil)
-
- if err == nil {
- t.Errorf("ReadMessage(): Unexpected nil error")
- }
-}
-
-func TestIssue11503(t *testing.T) {
- testReadMessageError(t, "8c040402000aa430aa8228b9248b01fc899a91197130303030")
-}
-
-func TestIssue11504(t *testing.T) {
- testReadMessageError(t, "9303000130303030303030303030983002303030303030030000000130")
-}
-
const testKey1KeyId = 0xA34D7E18C20C31BB
const testKey3KeyId = 0x338934250CCC0360
diff --git a/go/src/golang.org/x/crypto/openpgp/write_test.go b/go/src/golang.org/x/crypto/openpgp/write_test.go
index 8e9a335..9f8c358 100644
--- a/go/src/golang.org/x/crypto/openpgp/write_test.go
+++ b/go/src/golang.org/x/crypto/openpgp/write_test.go
@@ -10,8 +10,6 @@
"io/ioutil"
"testing"
"time"
-
- "golang.org/x/crypto/openpgp/packet"
)
func TestSignDetached(t *testing.T) {
@@ -55,34 +53,11 @@
return
}
- // Check bit-length with no config.
e, err := NewEntity("Test User", "test", "test@example.com", nil)
if err != nil {
t.Errorf("failed to create entity: %s", err)
return
}
- bl, err := e.PrimaryKey.BitLength()
- if err != nil {
- t.Errorf("failed to find bit length: %s", err)
- }
- if int(bl) != defaultRSAKeyBits {
- t.Errorf("BitLength %v, expected %v", defaultRSAKeyBits)
- }
-
- // Check bit-length with a config.
- cfg := &packet.Config{RSABits: 1024}
- e, err = NewEntity("Test User", "test", "test@example.com", cfg)
- if err != nil {
- t.Errorf("failed to create entity: %s", err)
- return
- }
- bl, err = e.PrimaryKey.BitLength()
- if err != nil {
- t.Errorf("failed to find bit length: %s", err)
- }
- if int(bl) != cfg.RSABits {
- t.Errorf("BitLength %v, expected %v", bl, cfg.RSABits)
- }
w := bytes.NewBuffer(nil)
if err := e.SerializePrivate(w, nil); err != nil {
diff --git a/go/src/golang.org/x/crypto/poly1305/poly1305_arm.s b/go/src/golang.org/x/crypto/poly1305/poly1305_arm.s
index c153867..c9ceaeb 100644
--- a/go/src/golang.org/x/crypto/poly1305/poly1305_arm.s
+++ b/go/src/golang.org/x/crypto/poly1305/poly1305_arm.s
@@ -47,16 +47,6 @@
MOVM.IA.W (R13), [R4-R11]
RET
-#define MOVW_UNALIGNED(Rsrc, Rdst, Rtmp, offset) \
- MOVBU (offset+0)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+0)(Rdst); \
- MOVBU (offset+1)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+1)(Rdst); \
- MOVBU (offset+2)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+2)(Rdst); \
- MOVBU (offset+3)(Rsrc), Rtmp; \
- MOVBU Rtmp, (offset+3)(Rdst)
-
TEXT poly1305_blocks_armv6<>(SB),4,$-4
MOVM.DB.W [R4, R5, R6, R7, R8, R9, g, R11, R14], (R13)
SUB $128, R13
@@ -76,19 +66,7 @@
CMP $16, R12
BLO poly1305_blocks_armv6_done
poly1305_blocks_armv6_mainloop:
- WORD $0xe31e0003 // TST R14, #3 not working see issue 5921
- BEQ poly1305_blocks_armv6_mainloop_aligned
- ADD $48, R13, g
- MOVW_UNALIGNED(R14, g, R0, 0)
- MOVW_UNALIGNED(R14, g, R0, 4)
- MOVW_UNALIGNED(R14, g, R0, 8)
- MOVW_UNALIGNED(R14, g, R0, 12)
- MOVM.IA (g), [R0-R3]
- ADD $16, R14
- B poly1305_blocks_armv6_mainloop_loaded
-poly1305_blocks_armv6_mainloop_aligned:
MOVM.IA.W (R14), [R0-R3]
-poly1305_blocks_armv6_mainloop_loaded:
MOVW R0>>26, g
MOVW R1>>20, R11
MOVW R2>>14, R12
@@ -196,16 +174,6 @@
MOVM.IA.W (R13), [R4, R5, R6, R7, R8, R9, g, R11, R14]
RET
-#define MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp) \
- MOVBU.P 1(Rsrc), Rtmp; \
- MOVBU.P Rtmp, 1(Rdst); \
- MOVBU.P 1(Rsrc), Rtmp; \
- MOVBU.P Rtmp, 1(Rdst)
-
-#define MOVWP_UNALIGNED(Rsrc, Rdst, Rtmp) \
- MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp); \
- MOVHUP_UNALIGNED(Rsrc, Rdst, Rtmp)
-
TEXT poly1305_finish_ext_armv6<>(SB),4,$-4
MOVM.DB.W [R4, R5, R6, R7, R8, R9, g, R11, R14], (R13)
SUB $16, R13, R13
@@ -221,32 +189,16 @@
MOVW R0, 4(R13)
MOVW R0, 8(R13)
MOVW R0, 12(R13)
- WORD $0xe3110003 // TST R1, #3 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_aligned
WORD $0xe3120008 // TST R2, #8 not working see issue 5921
BEQ poly1305_finish_ext_armv6_skip8
- MOVWP_UNALIGNED(R1, R9, g)
- MOVWP_UNALIGNED(R1, R9, g)
+ MOVM.IA.W (R1), [g-R11]
+ MOVM.IA.W [g-R11], (R9)
poly1305_finish_ext_armv6_skip8:
WORD $0xe3120004 // TST $4, R2 not working see issue 5921
BEQ poly1305_finish_ext_armv6_skip4
- MOVWP_UNALIGNED(R1, R9, g)
-poly1305_finish_ext_armv6_skip4:
- WORD $0xe3120002 // TST $2, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip2
- MOVHUP_UNALIGNED(R1, R9, g)
- B poly1305_finish_ext_armv6_skip2
-poly1305_finish_ext_armv6_aligned:
- WORD $0xe3120008 // TST R2, #8 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip8_aligned
- MOVM.IA.W (R1), [g-R11]
- MOVM.IA.W [g-R11], (R9)
-poly1305_finish_ext_armv6_skip8_aligned:
- WORD $0xe3120004 // TST $4, R2 not working see issue 5921
- BEQ poly1305_finish_ext_armv6_skip4_aligned
MOVW.P 4(R1), g
MOVW.P g, 4(R9)
-poly1305_finish_ext_armv6_skip4_aligned:
+poly1305_finish_ext_armv6_skip4:
WORD $0xe3120002 // TST $2, R2 not working see issue 5921
BEQ poly1305_finish_ext_armv6_skip2
MOVHU.P 2(R1), g
diff --git a/go/src/golang.org/x/crypto/poly1305/poly1305_test.go b/go/src/golang.org/x/crypto/poly1305/poly1305_test.go
index b3e9231..2c6d1bc 100644
--- a/go/src/golang.org/x/crypto/poly1305/poly1305_test.go
+++ b/go/src/golang.org/x/crypto/poly1305/poly1305_test.go
@@ -7,7 +7,6 @@
import (
"bytes"
"testing"
- "unsafe"
)
var testData = []struct {
@@ -35,52 +34,41 @@
},
}
-func testSum(t *testing.T, unaligned bool) {
+func TestSum(t *testing.T) {
var out [16]byte
var key [32]byte
for i, v := range testData {
- in := v.in
- if unaligned {
- in = unalignBytes(in)
- }
copy(key[:], v.k)
- Sum(&out, in, &key)
+ Sum(&out, v.in, &key)
if !bytes.Equal(out[:], v.correct) {
t.Errorf("%d: expected %x, got %x", i, v.correct, out[:])
}
}
}
-func TestSum(t *testing.T) { testSum(t, false) }
-func TestSumUnaligned(t *testing.T) { testSum(t, true) }
-
-func benchmark(b *testing.B, size int, unaligned bool) {
+func Benchmark1K(b *testing.B) {
+ b.StopTimer()
var out [16]byte
var key [32]byte
- in := make([]byte, size)
- if unaligned {
- in = unalignBytes(in)
- }
+ in := make([]byte, 1024)
b.SetBytes(int64(len(in)))
- b.ResetTimer()
+ b.StartTimer()
+
for i := 0; i < b.N; i++ {
Sum(&out, in, &key)
}
}
-func Benchmark64(b *testing.B) { benchmark(b, 64, false) }
-func Benchmark1K(b *testing.B) { benchmark(b, 1024, false) }
-func Benchmark64Unaligned(b *testing.B) { benchmark(b, 64, true) }
-func Benchmark1KUnaligned(b *testing.B) { benchmark(b, 1024, true) }
+func Benchmark64(b *testing.B) {
+ b.StopTimer()
+ var out [16]byte
+ var key [32]byte
+ in := make([]byte, 64)
+ b.SetBytes(int64(len(in)))
+ b.StartTimer()
-func unalignBytes(in []byte) []byte {
- out := make([]byte, len(in)+1)
- if uintptr(unsafe.Pointer(&out[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
- out = out[1:]
- } else {
- out = out[:len(in)]
+ for i := 0; i < b.N; i++ {
+ Sum(&out, in, &key)
}
- copy(out, in)
- return out
}
diff --git a/go/src/golang.org/x/crypto/sha3/keccakKats.json.deflate b/go/src/golang.org/x/crypto/sha3/keccakKats.json.deflate
new file mode 100644
index 0000000..62e85ae
--- /dev/null
+++ b/go/src/golang.org/x/crypto/sha3/keccakKats.json.deflate
Binary files differ
diff --git a/go/src/golang.org/x/crypto/ssh/agent/client.go b/go/src/golang.org/x/crypto/ssh/agent/client.go
index 8c856a0..f5527e8 100644
--- a/go/src/golang.org/x/crypto/ssh/agent/client.go
+++ b/go/src/golang.org/x/crypto/ssh/agent/client.go
@@ -36,8 +36,9 @@
// in [PROTOCOL.agent] section 2.6.2.
Sign(key ssh.PublicKey, data []byte) (*ssh.Signature, error)
- // Add adds a private key to the agent.
- Add(key AddedKey) error
+ // Add adds a private key to the agent. If a certificate
+ // is given, that certificate is added as public key.
+ Add(s interface{}, cert *ssh.Certificate, comment string) error
// Remove removes all identities with the given public key.
Remove(key ssh.PublicKey) error
@@ -55,24 +56,6 @@
Signers() ([]ssh.Signer, error)
}
-// AddedKey describes an SSH key to be added to an Agent.
-type AddedKey struct {
- // PrivateKey must be a *rsa.PrivateKey, *dsa.PrivateKey or
- // *ecdsa.PrivateKey, which will be inserted into the agent.
- PrivateKey interface{}
- // Certificate, if not nil, is communicated to the agent and will be
- // stored with the key.
- Certificate *ssh.Certificate
- // Comment is an optional, free-form string.
- Comment string
- // LifetimeSecs, if not zero, is the number of seconds that the
- // agent will store the key for.
- LifetimeSecs uint32
- // ConfirmBeforeUse, if true, requests that the agent confirm with the
- // user before each use of this key.
- ConfirmBeforeUse bool
-}
-
// See [PROTOCOL.agent], section 3.
const (
agentRequestV1Identities = 1
@@ -385,39 +368,36 @@
}
type rsaKeyMsg struct {
- Type string `sshtype:"17"`
- N *big.Int
- E *big.Int
- D *big.Int
- Iqmp *big.Int // IQMP = Inverse Q Mod P
- P *big.Int
- Q *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
+ Type string `sshtype:"17"`
+ N *big.Int
+ E *big.Int
+ D *big.Int
+ Iqmp *big.Int // IQMP = Inverse Q Mod P
+ P *big.Int
+ Q *big.Int
+ Comments string
}
type dsaKeyMsg struct {
- Type string `sshtype:"17"`
- P *big.Int
- Q *big.Int
- G *big.Int
- Y *big.Int
- X *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
+ Type string `sshtype:"17"`
+ P *big.Int
+ Q *big.Int
+ G *big.Int
+ Y *big.Int
+ X *big.Int
+ Comments string
}
type ecdsaKeyMsg struct {
- Type string `sshtype:"17"`
- Curve string
- KeyBytes []byte
- D *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
+ Type string `sshtype:"17"`
+ Curve string
+ KeyBytes []byte
+ D *big.Int
+ Comments string
}
// Insert adds a private key to the agent.
-func (c *client) insertKey(s interface{}, comment string, constraints []byte) error {
+func (c *client) insertKey(s interface{}, comment string) error {
var req []byte
switch k := s.(type) {
case *rsa.PrivateKey:
@@ -426,46 +406,37 @@
}
k.Precompute()
req = ssh.Marshal(rsaKeyMsg{
- Type: ssh.KeyAlgoRSA,
- N: k.N,
- E: big.NewInt(int64(k.E)),
- D: k.D,
- Iqmp: k.Precomputed.Qinv,
- P: k.Primes[0],
- Q: k.Primes[1],
- Comments: comment,
- Constraints: constraints,
+ Type: ssh.KeyAlgoRSA,
+ N: k.N,
+ E: big.NewInt(int64(k.E)),
+ D: k.D,
+ Iqmp: k.Precomputed.Qinv,
+ P: k.Primes[0],
+ Q: k.Primes[1],
+ Comments: comment,
})
case *dsa.PrivateKey:
req = ssh.Marshal(dsaKeyMsg{
- Type: ssh.KeyAlgoDSA,
- P: k.P,
- Q: k.Q,
- G: k.G,
- Y: k.Y,
- X: k.X,
- Comments: comment,
- Constraints: constraints,
+ Type: ssh.KeyAlgoDSA,
+ P: k.P,
+ Q: k.Q,
+ G: k.G,
+ Y: k.Y,
+ X: k.X,
+ Comments: comment,
})
case *ecdsa.PrivateKey:
nistID := fmt.Sprintf("nistp%d", k.Params().BitSize)
req = ssh.Marshal(ecdsaKeyMsg{
- Type: "ecdsa-sha2-" + nistID,
- Curve: nistID,
- KeyBytes: elliptic.Marshal(k.Curve, k.X, k.Y),
- D: k.D,
- Comments: comment,
- Constraints: constraints,
+ Type: "ecdsa-sha2-" + nistID,
+ Curve: nistID,
+ KeyBytes: elliptic.Marshal(k.Curve, k.X, k.Y),
+ D: k.D,
+ Comments: comment,
})
default:
return fmt.Errorf("agent: unsupported key type %T", s)
}
-
- // if constraints are present then the message type needs to be changed.
- if len(constraints) != 0 {
- req[0] = agentAddIdConstrained
- }
-
resp, err := c.call(req)
if err != nil {
return err
@@ -477,57 +448,40 @@
}
type rsaCertMsg struct {
- Type string `sshtype:"17"`
- CertBytes []byte
- D *big.Int
- Iqmp *big.Int // IQMP = Inverse Q Mod P
- P *big.Int
- Q *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
+ Type string `sshtype:"17"`
+ CertBytes []byte
+ D *big.Int
+ Iqmp *big.Int // IQMP = Inverse Q Mod P
+ P *big.Int
+ Q *big.Int
+ Comments string
}
type dsaCertMsg struct {
- Type string `sshtype:"17"`
- CertBytes []byte
- X *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
+ Type string `sshtype:"17"`
+ CertBytes []byte
+ X *big.Int
+ Comments string
}
type ecdsaCertMsg struct {
- Type string `sshtype:"17"`
- CertBytes []byte
- D *big.Int
- Comments string
- Constraints []byte `ssh:"rest"`
+ Type string `sshtype:"17"`
+ CertBytes []byte
+ D *big.Int
+ Comments string
}
// Insert adds a private key to the agent. If a certificate is given,
// that certificate is added instead as public key.
-func (c *client) Add(key AddedKey) error {
- var constraints []byte
-
- if secs := key.LifetimeSecs; secs != 0 {
- constraints = append(constraints, agentConstrainLifetime)
-
- var secsBytes [4]byte
- binary.BigEndian.PutUint32(secsBytes[:], secs)
- constraints = append(constraints, secsBytes[:]...)
- }
-
- if key.ConfirmBeforeUse {
- constraints = append(constraints, agentConstrainConfirm)
- }
-
- if cert := key.Certificate; cert == nil {
- return c.insertKey(key.PrivateKey, key.Comment, constraints)
+func (c *client) Add(s interface{}, cert *ssh.Certificate, comment string) error {
+ if cert == nil {
+ return c.insertKey(s, comment)
} else {
- return c.insertCert(key.PrivateKey, cert, key.Comment, constraints)
+ return c.insertCert(s, cert, comment)
}
}
-func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string, constraints []byte) error {
+func (c *client) insertCert(s interface{}, cert *ssh.Certificate, comment string) error {
var req []byte
switch k := s.(type) {
case *rsa.PrivateKey:
@@ -536,14 +490,13 @@
}
k.Precompute()
req = ssh.Marshal(rsaCertMsg{
- Type: cert.Type(),
- CertBytes: cert.Marshal(),
- D: k.D,
- Iqmp: k.Precomputed.Qinv,
- P: k.Primes[0],
- Q: k.Primes[1],
- Comments: comment,
- Constraints: constraints,
+ Type: cert.Type(),
+ CertBytes: cert.Marshal(),
+ D: k.D,
+ Iqmp: k.Precomputed.Qinv,
+ P: k.Primes[0],
+ Q: k.Primes[1],
+ Comments: comment,
})
case *dsa.PrivateKey:
req = ssh.Marshal(dsaCertMsg{
@@ -563,11 +516,6 @@
return fmt.Errorf("agent: unsupported key type %T", s)
}
- // if constraints are present then the message type needs to be changed.
- if len(constraints) != 0 {
- req[0] = agentAddIdConstrained
- }
-
signer, err := ssh.NewSignerFromKey(s)
if err != nil {
return err
diff --git a/go/src/golang.org/x/crypto/ssh/agent/client_test.go b/go/src/golang.org/x/crypto/ssh/agent/client_test.go
index ec7198d..80e2c2c 100644
--- a/go/src/golang.org/x/crypto/ssh/agent/client_test.go
+++ b/go/src/golang.org/x/crypto/ssh/agent/client_test.go
@@ -78,14 +78,14 @@
}
}
-func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
+func testAgent(t *testing.T, key interface{}, cert *ssh.Certificate) {
agent, _, cleanup := startAgent(t)
defer cleanup()
- testAgentInterface(t, agent, key, cert, lifetimeSecs)
+ testAgentInterface(t, agent, key, cert)
}
-func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate, lifetimeSecs uint32) {
+func testAgentInterface(t *testing.T, agent Agent, key interface{}, cert *ssh.Certificate) {
signer, err := ssh.NewSignerFromKey(key)
if err != nil {
t.Fatalf("NewSignerFromKey(%T): %v", key, err)
@@ -100,15 +100,10 @@
// Attempt to insert the key, with certificate if specified.
var pubKey ssh.PublicKey
if cert != nil {
- err = agent.Add(AddedKey{
- PrivateKey: key,
- Certificate: cert,
- Comment: "comment",
- LifetimeSecs: lifetimeSecs,
- })
+ err = agent.Add(key, cert, "comment")
pubKey = cert
} else {
- err = agent.Add(AddedKey{PrivateKey: key, Comment: "comment", LifetimeSecs: lifetimeSecs})
+ err = agent.Add(key, nil, "comment")
pubKey = signer.PublicKey()
}
if err != nil {
@@ -140,7 +135,7 @@
func TestAgent(t *testing.T) {
for _, keyType := range []string{"rsa", "dsa", "ecdsa"} {
- testAgent(t, testPrivateKeys[keyType], nil, 0)
+ testAgent(t, testPrivateKeys[keyType], nil)
}
}
@@ -152,11 +147,7 @@
}
cert.SignCert(rand.Reader, testSigners["ecdsa"])
- testAgent(t, testPrivateKeys["rsa"], cert, 0)
-}
-
-func TestConstraints(t *testing.T) {
- testAgent(t, testPrivateKeys["rsa"], nil, 3600 /* lifetime in seconds */)
+ testAgent(t, testPrivateKeys["rsa"], cert)
}
// netPipe is analogous to net.Pipe, but it uses a real net.Conn, and
@@ -194,7 +185,7 @@
agent, _, cleanup := startAgent(t)
defer cleanup()
- if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment"}); err != nil {
+ if err := agent.Add(testPrivateKeys["rsa"], nil, "comment"); err != nil {
t.Errorf("Add: %v", err)
}
@@ -232,10 +223,10 @@
}
func testLockAgent(agent Agent, t *testing.T) {
- if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["rsa"], Comment: "comment 1"}); err != nil {
+ if err := agent.Add(testPrivateKeys["rsa"], nil, "comment 1"); err != nil {
t.Errorf("Add: %v", err)
}
- if err := agent.Add(AddedKey{PrivateKey: testPrivateKeys["dsa"], Comment: "comment dsa"}); err != nil {
+ if err := agent.Add(testPrivateKeys["dsa"], nil, "comment dsa"); err != nil {
t.Errorf("Add: %v", err)
}
if keys, err := agent.List(); err != nil {
diff --git a/go/src/golang.org/x/crypto/ssh/agent/keyring.go b/go/src/golang.org/x/crypto/ssh/agent/keyring.go
index 11b72df..8ac2009 100644
--- a/go/src/golang.org/x/crypto/ssh/agent/keyring.go
+++ b/go/src/golang.org/x/crypto/ssh/agent/keyring.go
@@ -125,28 +125,27 @@
}
// Insert adds a private key to the keyring. If a certificate
-// is given, that certificate is added as public key. Note that
-// any constraints given are ignored.
-func (r *keyring) Add(key AddedKey) error {
+// is given, that certificate is added as public key.
+func (r *keyring) Add(priv interface{}, cert *ssh.Certificate, comment string) error {
r.mu.Lock()
defer r.mu.Unlock()
if r.locked {
return errLocked
}
- signer, err := ssh.NewSignerFromKey(key.PrivateKey)
+ signer, err := ssh.NewSignerFromKey(priv)
if err != nil {
return err
}
- if cert := key.Certificate; cert != nil {
+ if cert != nil {
signer, err = ssh.NewCertSigner(cert, signer)
if err != nil {
return err
}
}
- r.keys = append(r.keys, privKey{signer, key.Comment})
+ r.keys = append(r.keys, privKey{signer, comment})
return nil
}
diff --git a/go/src/golang.org/x/crypto/ssh/agent/server.go b/go/src/golang.org/x/crypto/ssh/agent/server.go
index b21a201..be9df0e 100644
--- a/go/src/golang.org/x/crypto/ssh/agent/server.go
+++ b/go/src/golang.org/x/crypto/ssh/agent/server.go
@@ -167,7 +167,7 @@
}
priv.Precompute()
- return s.agent.Add(AddedKey{PrivateKey: &priv, Comment: k.Comments})
+ return s.agent.Add(&priv, nil, k.Comments)
}
return fmt.Errorf("not implemented: %s", record.Type)
}
diff --git a/go/src/golang.org/x/crypto/ssh/agent/server_test.go b/go/src/golang.org/x/crypto/ssh/agent/server_test.go
index ef0ab29..def5f8c 100644
--- a/go/src/golang.org/x/crypto/ssh/agent/server_test.go
+++ b/go/src/golang.org/x/crypto/ssh/agent/server_test.go
@@ -21,7 +21,7 @@
go ServeAgent(NewKeyring(), c2)
- testAgentInterface(t, client, testPrivateKeys["rsa"], nil, 0)
+ testAgentInterface(t, client, testPrivateKeys["rsa"], nil)
}
func TestLockServer(t *testing.T) {
@@ -72,6 +72,6 @@
go ssh.DiscardRequests(reqs)
agentClient := NewClient(ch)
- testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil, 0)
+ testAgentInterface(t, agentClient, testPrivateKeys["rsa"], nil)
conn.Close()
}
diff --git a/go/src/golang.org/x/crypto/ssh/certs_test.go b/go/src/golang.org/x/crypto/ssh/certs_test.go
index c5f2e53..d6c4a33 100644
--- a/go/src/golang.org/x/crypto/ssh/certs_test.go
+++ b/go/src/golang.org/x/crypto/ssh/certs_test.go
@@ -186,15 +186,15 @@
defer c1.Close()
defer c2.Close()
- errc := make(chan error)
-
go func() {
conf := ServerConfig{
NoClientAuth: true,
}
conf.AddHostKey(certSigner)
_, _, _, err := NewServerConn(c1, &conf)
- errc <- err
+ if err != nil {
+ t.Fatalf("NewServerConn: %v", err)
+ }
}()
config := &ClientConfig{
@@ -207,10 +207,5 @@
if (err == nil) != succeed {
t.Fatalf("NewClientConn(%q): %v", name, err)
}
-
- err = <-errc
- if (err == nil) != succeed {
- t.Fatalf("NewServerConn(%q): %v", name, err)
- }
}
}
diff --git a/go/src/golang.org/x/crypto/ssh/client.go b/go/src/golang.org/x/crypto/ssh/client.go
index 0b9fbe5..72bd27f 100644
--- a/go/src/golang.org/x/crypto/ssh/client.go
+++ b/go/src/golang.org/x/crypto/ssh/client.go
@@ -203,11 +203,4 @@
// ClientVersion contains the version identification string that will
// be used for the connection. If empty, a reasonable default is used.
ClientVersion string
-
- // HostKeyAlgorithms lists the key types that the client will
- // accept from the server as host key, in order of
- // preference. If empty, a reasonable default is used. Any
- // string returned from PublicKey.Type method may be used, or
- // any of the CertAlgoXxxx and KeyAlgoXxxx constants.
- HostKeyAlgorithms []string
}
diff --git a/go/src/golang.org/x/crypto/ssh/common.go b/go/src/golang.org/x/crypto/ssh/common.go
index 1aef9c0..0a9df1f 100644
--- a/go/src/golang.org/x/crypto/ssh/common.go
+++ b/go/src/golang.org/x/crypto/ssh/common.go
@@ -33,7 +33,6 @@
// supportedKexAlgos specifies the supported key-exchange algorithms in
// preference order.
var supportedKexAlgos = []string{
- kexAlgoCurve25519SHA256,
// P384 and P521 are not constant-time yet, but since we don't
// reuse ephemeral keys, using them for ECDH should be OK.
kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
diff --git a/go/src/golang.org/x/crypto/ssh/handshake.go b/go/src/golang.org/x/crypto/ssh/handshake.go
index 12633c8..a1e2c23 100644
--- a/go/src/golang.org/x/crypto/ssh/handshake.go
+++ b/go/src/golang.org/x/crypto/ssh/handshake.go
@@ -59,14 +59,7 @@
serverVersion []byte
clientVersion []byte
- // hostKeys is non-empty if we are the server. In that case,
- // it contains all host keys that can be used to sign the
- // connection.
- hostKeys []Signer
-
- // hostKeyAlgorithms is non-empty if we are the client. In that case,
- // we accept these key types from the server as host key.
- hostKeyAlgorithms []string
+ hostKeys []Signer // If hostKeys are given, we are the server.
// On read error, incoming is closed, and readError is set.
incoming chan []byte
@@ -105,11 +98,6 @@
t.dialAddress = dialAddr
t.remoteAddr = addr
t.hostKeyCallback = config.HostKeyCallback
- if config.HostKeyAlgorithms != nil {
- t.hostKeyAlgorithms = config.HostKeyAlgorithms
- } else {
- t.hostKeyAlgorithms = supportedHostKeyAlgos
- }
go t.readLoop()
return t
}
@@ -153,14 +141,6 @@
}
t.incoming <- p
}
-
- // If we can't read, declare the writing part dead too.
- t.mu.Lock()
- defer t.mu.Unlock()
- if t.writeError == nil {
- t.writeError = t.readError
- }
- t.cond.Broadcast()
}
func (t *handshakeTransport) readOnePacket() ([]byte, error) {
@@ -254,7 +234,7 @@
msg.ServerHostKeyAlgos, k.PublicKey().Type())
}
} else {
- msg.ServerHostKeyAlgos = t.hostKeyAlgorithms
+ msg.ServerHostKeyAlgos = supportedHostKeyAlgos
}
packet := Marshal(msg)
@@ -273,12 +253,10 @@
func (t *handshakeTransport) writePacket(p []byte) error {
t.mu.Lock()
- defer t.mu.Unlock()
-
if t.writtenSinceKex > t.config.RekeyThreshold {
t.sendKexInitLocked()
}
- for t.sentInitMsg != nil && t.writeError == nil {
+ for t.sentInitMsg != nil {
t.cond.Wait()
}
if t.writeError != nil {
@@ -286,14 +264,17 @@
}
t.writtenSinceKex += uint64(len(p))
+ var err error
switch p[0] {
case msgKexInit:
- return errors.New("ssh: only handshakeTransport can send kexInit")
+ err = errors.New("ssh: only handshakeTransport can send kexInit")
case msgNewKeys:
- return errors.New("ssh: only handshakeTransport can send newKeys")
+ err = errors.New("ssh: only handshakeTransport can send newKeys")
default:
- return t.conn.writePacket(p)
+ err = t.conn.writePacket(p)
}
+ t.mu.Unlock()
+ return err
}
func (t *handshakeTransport) Close() error {
diff --git a/go/src/golang.org/x/crypto/ssh/handshake_test.go b/go/src/golang.org/x/crypto/ssh/handshake_test.go
index b86d369..613c498 100644
--- a/go/src/golang.org/x/crypto/ssh/handshake_test.go
+++ b/go/src/golang.org/x/crypto/ssh/handshake_test.go
@@ -7,12 +7,8 @@
import (
"bytes"
"crypto/rand"
- "errors"
"fmt"
"net"
- "runtime"
- "strings"
- "sync"
"testing"
)
@@ -72,7 +68,6 @@
serverConf := &ServerConfig{}
serverConf.AddHostKey(testSigners["ecdsa"])
- serverConf.AddHostKey(testSigners["rsa"])
serverConf.SetDefaults()
server = newServerTransport(trS, v, v, serverConf)
@@ -80,9 +75,6 @@
}
func TestHandshakeBasic(t *testing.T) {
- if runtime.GOOS == "plan9" {
- t.Skip("see golang.org/issue/7237")
- }
checker := &testChecker{}
trC, trS, err := handshakePair(&ClientConfig{HostKeyCallback: checker.Check}, "addr")
if err != nil {
@@ -317,99 +309,3 @@
<-sync.called
}
-
-// errorKeyingTransport generates errors after a given number of
-// read/write operations.
-type errorKeyingTransport struct {
- packetConn
- readLeft, writeLeft int
-}
-
-func (n *errorKeyingTransport) prepareKeyChange(*algorithms, *kexResult) error {
- return nil
-}
-func (n *errorKeyingTransport) getSessionID() []byte {
- return nil
-}
-
-func (n *errorKeyingTransport) writePacket(packet []byte) error {
- if n.writeLeft == 0 {
- n.Close()
- return errors.New("barf")
- }
-
- n.writeLeft--
- return n.packetConn.writePacket(packet)
-}
-
-func (n *errorKeyingTransport) readPacket() ([]byte, error) {
- if n.readLeft == 0 {
- n.Close()
- return nil, errors.New("barf")
- }
-
- n.readLeft--
- return n.packetConn.readPacket()
-}
-
-func TestHandshakeErrorHandlingRead(t *testing.T) {
- for i := 0; i < 20; i++ {
- testHandshakeErrorHandlingN(t, i, -1)
- }
-}
-
-func TestHandshakeErrorHandlingWrite(t *testing.T) {
- for i := 0; i < 20; i++ {
- testHandshakeErrorHandlingN(t, -1, i)
- }
-}
-
-// testHandshakeErrorHandlingN runs handshakes, injecting errors. If
-// handshakeTransport deadlocks, the go runtime will detect it and
-// panic.
-func testHandshakeErrorHandlingN(t *testing.T, readLimit, writeLimit int) {
- msg := Marshal(&serviceRequestMsg{strings.Repeat("x", int(minRekeyThreshold)/4)})
-
- a, b := memPipe()
- defer a.Close()
- defer b.Close()
-
- key := testSigners["ecdsa"]
- serverConf := Config{RekeyThreshold: minRekeyThreshold}
- serverConf.SetDefaults()
- serverConn := newHandshakeTransport(&errorKeyingTransport{a, readLimit, writeLimit}, &serverConf, []byte{'a'}, []byte{'b'})
- serverConn.hostKeys = []Signer{key}
- go serverConn.readLoop()
-
- clientConf := Config{RekeyThreshold: 10 * minRekeyThreshold}
- clientConf.SetDefaults()
- clientConn := newHandshakeTransport(&errorKeyingTransport{b, -1, -1}, &clientConf, []byte{'a'}, []byte{'b'})
- clientConn.hostKeyAlgorithms = []string{key.PublicKey().Type()}
- go clientConn.readLoop()
-
- var wg sync.WaitGroup
- wg.Add(4)
-
- for _, hs := range []packetConn{serverConn, clientConn} {
- go func(c packetConn) {
- for {
- err := c.writePacket(msg)
- if err != nil {
- break
- }
- }
- wg.Done()
- }(hs)
- go func(c packetConn) {
- for {
- _, err := c.readPacket()
- if err != nil {
- break
- }
- }
- wg.Done()
- }(hs)
- }
-
- wg.Wait()
-}
diff --git a/go/src/golang.org/x/crypto/ssh/kex.go b/go/src/golang.org/x/crypto/ssh/kex.go
index ea19d53..6a835c7 100644
--- a/go/src/golang.org/x/crypto/ssh/kex.go
+++ b/go/src/golang.org/x/crypto/ssh/kex.go
@@ -8,22 +8,18 @@
"crypto"
"crypto/ecdsa"
"crypto/elliptic"
- "crypto/subtle"
"crypto/rand"
"errors"
"io"
"math/big"
-
- "golang.org/x/crypto/curve25519"
)
const (
- kexAlgoDH1SHA1 = "diffie-hellman-group1-sha1"
- kexAlgoDH14SHA1 = "diffie-hellman-group14-sha1"
- kexAlgoECDH256 = "ecdh-sha2-nistp256"
- kexAlgoECDH384 = "ecdh-sha2-nistp384"
- kexAlgoECDH521 = "ecdh-sha2-nistp521"
- kexAlgoCurve25519SHA256 = "curve25519-sha256@libssh.org"
+ kexAlgoDH1SHA1 = "diffie-hellman-group1-sha1"
+ kexAlgoDH14SHA1 = "diffie-hellman-group14-sha1"
+ kexAlgoECDH256 = "ecdh-sha2-nistp256"
+ kexAlgoECDH384 = "ecdh-sha2-nistp384"
+ kexAlgoECDH521 = "ecdh-sha2-nistp521"
)
// kexResult captures the outcome of a key exchange.
@@ -387,140 +383,4 @@
kexAlgoMap[kexAlgoECDH521] = &ecdh{elliptic.P521()}
kexAlgoMap[kexAlgoECDH384] = &ecdh{elliptic.P384()}
kexAlgoMap[kexAlgoECDH256] = &ecdh{elliptic.P256()}
- kexAlgoMap[kexAlgoCurve25519SHA256] = &curve25519sha256{}
-}
-
-// curve25519sha256 implements the curve25519-sha256@libssh.org key
-// agreement protocol, as described in
-// https://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt
-type curve25519sha256 struct{}
-
-type curve25519KeyPair struct {
- priv [32]byte
- pub [32]byte
-}
-
-func (kp *curve25519KeyPair) generate(rand io.Reader) error {
- if _, err := io.ReadFull(rand, kp.priv[:]); err != nil {
- return err
- }
- curve25519.ScalarBaseMult(&kp.pub, &kp.priv)
- return nil
-}
-
-// curve25519Zeros is just an array of 32 zero bytes so that we have something
-// convenient to compare against in order to reject curve25519 points with the
-// wrong order.
-var curve25519Zeros [32]byte
-
-func (kex *curve25519sha256) Client(c packetConn, rand io.Reader, magics *handshakeMagics) (*kexResult, error) {
- var kp curve25519KeyPair
- if err := kp.generate(rand); err != nil {
- return nil, err
- }
- if err := c.writePacket(Marshal(&kexECDHInitMsg{kp.pub[:]})); err != nil {
- return nil, err
- }
-
- packet, err := c.readPacket()
- if err != nil {
- return nil, err
- }
-
- var reply kexECDHReplyMsg
- if err = Unmarshal(packet, &reply); err != nil {
- return nil, err
- }
- if len(reply.EphemeralPubKey) != 32 {
- return nil, errors.New("ssh: peer's curve25519 public value has wrong length")
- }
-
- var servPub, secret [32]byte
- copy(servPub[:], reply.EphemeralPubKey)
- curve25519.ScalarMult(&secret, &kp.priv, &servPub)
- if subtle.ConstantTimeCompare(secret[:], curve25519Zeros[:]) == 1 {
- return nil, errors.New("ssh: peer's curve25519 public value has wrong order")
- }
-
- h := crypto.SHA256.New()
- magics.write(h)
- writeString(h, reply.HostKey)
- writeString(h, kp.pub[:])
- writeString(h, reply.EphemeralPubKey)
-
- kInt := new(big.Int).SetBytes(secret[:])
- K := make([]byte, intLength(kInt))
- marshalInt(K, kInt)
- h.Write(K)
-
- return &kexResult{
- H: h.Sum(nil),
- K: K,
- HostKey: reply.HostKey,
- Signature: reply.Signature,
- Hash: crypto.SHA256,
- }, nil
-}
-
-func (kex *curve25519sha256) Server(c packetConn, rand io.Reader, magics *handshakeMagics, priv Signer) (result *kexResult, err error) {
- packet, err := c.readPacket()
- if err != nil {
- return
- }
- var kexInit kexECDHInitMsg
- if err = Unmarshal(packet, &kexInit); err != nil {
- return
- }
-
- if len(kexInit.ClientPubKey) != 32 {
- return nil, errors.New("ssh: peer's curve25519 public value has wrong length")
- }
-
- var kp curve25519KeyPair
- if err := kp.generate(rand); err != nil {
- return nil, err
- }
-
- var clientPub, secret [32]byte
- copy(clientPub[:], kexInit.ClientPubKey)
- curve25519.ScalarMult(&secret, &kp.priv, &clientPub)
- if subtle.ConstantTimeCompare(secret[:], curve25519Zeros[:]) == 1 {
- return nil, errors.New("ssh: peer's curve25519 public value has wrong order")
- }
-
- hostKeyBytes := priv.PublicKey().Marshal()
-
- h := crypto.SHA256.New()
- magics.write(h)
- writeString(h, hostKeyBytes)
- writeString(h, kexInit.ClientPubKey)
- writeString(h, kp.pub[:])
-
- kInt := new(big.Int).SetBytes(secret[:])
- K := make([]byte, intLength(kInt))
- marshalInt(K, kInt)
- h.Write(K)
-
- H := h.Sum(nil)
-
- sig, err := signAndMarshal(priv, rand, H)
- if err != nil {
- return nil, err
- }
-
- reply := kexECDHReplyMsg{
- EphemeralPubKey: kp.pub[:],
- HostKey: hostKeyBytes,
- Signature: sig,
- }
- if err := c.writePacket(Marshal(&reply)); err != nil {
- return nil, err
- }
- return &kexResult{
- H: H,
- K: K,
- HostKey: hostKeyBytes,
- Signature: sig,
- Hash: crypto.SHA256,
- }, nil
}
diff --git a/go/src/golang.org/x/crypto/ssh/kex_test.go b/go/src/golang.org/x/crypto/ssh/kex_test.go
index 12ca0ac..0db5f9b 100644
--- a/go/src/golang.org/x/crypto/ssh/kex_test.go
+++ b/go/src/golang.org/x/crypto/ssh/kex_test.go
@@ -26,12 +26,10 @@
var magics handshakeMagics
go func() {
r, e := kex.Client(a, rand.Reader, &magics)
- a.Close()
c <- kexResultErr{r, e}
}()
go func() {
r, e := kex.Server(b, rand.Reader, &magics, testSigners["ecdsa"])
- b.Close()
s <- kexResultErr{r, e}
}()
diff --git a/go/src/golang.org/x/crypto/ssh/mempipe_test.go b/go/src/golang.org/x/crypto/ssh/mempipe_test.go
index 8697cd6..92519dd 100644
--- a/go/src/golang.org/x/crypto/ssh/mempipe_test.go
+++ b/go/src/golang.org/x/crypto/ssh/mempipe_test.go
@@ -76,7 +76,7 @@
return &t1, &t2
}
-func TestMemPipe(t *testing.T) {
+func TestmemPipe(t *testing.T) {
a, b := memPipe()
if err := a.writePacket([]byte{42}); err != nil {
t.Fatalf("writePacket: %v", err)
diff --git a/go/src/golang.org/x/crypto/ssh/session_test.go b/go/src/golang.org/x/crypto/ssh/session_test.go
index f7f0f76..7ce44f5 100644
--- a/go/src/golang.org/x/crypto/ssh/session_test.go
+++ b/go/src/golang.org/x/crypto/ssh/session_test.go
@@ -718,57 +718,3 @@
t.Fatalf("NewServerConn attempted to Read() from Conn while configuration is missing authentication method")
}
}
-
-func TestHostKeyAlgorithms(t *testing.T) {
- serverConf := &ServerConfig{
- NoClientAuth: true,
- }
- serverConf.AddHostKey(testSigners["rsa"])
- serverConf.AddHostKey(testSigners["ecdsa"])
-
- connect := func(clientConf *ClientConfig, want string) {
- var alg string
- clientConf.HostKeyCallback = func(h string, a net.Addr, key PublicKey) error {
- alg = key.Type()
- return nil
- }
- c1, c2, err := netPipe()
- if err != nil {
- t.Fatalf("netPipe: %v", err)
- }
- defer c1.Close()
- defer c2.Close()
-
- go NewServerConn(c1, serverConf)
- _, _, _, err = NewClientConn(c2, "", clientConf)
- if err != nil {
- t.Fatalf("NewClientConn: %v", err)
- }
- if alg != want {
- t.Errorf("selected key algorithm %s, want %s", alg, want)
- }
- }
-
- // By default, we get the preferred algorithm, which is ECDSA 256.
-
- clientConf := &ClientConfig{}
- connect(clientConf, KeyAlgoECDSA256)
-
- // Client asks for RSA explicitly.
- clientConf.HostKeyAlgorithms = []string{KeyAlgoRSA}
- connect(clientConf, KeyAlgoRSA)
-
- c1, c2, err := netPipe()
- if err != nil {
- t.Fatalf("netPipe: %v", err)
- }
- defer c1.Close()
- defer c2.Close()
-
- go NewServerConn(c1, serverConf)
- clientConf.HostKeyAlgorithms = []string{"nonexistent-hostkey-algo"}
- _, _, _, err = NewClientConn(c2, "", clientConf)
- if err == nil {
- t.Fatal("succeeded connecting with unknown hostkey algorithm")
- }
-}
diff --git a/go/src/golang.org/x/crypto/ssh/tcpip.go b/go/src/golang.org/x/crypto/ssh/tcpip.go
index 6151241..4ecad0b 100644
--- a/go/src/golang.org/x/crypto/ssh/tcpip.go
+++ b/go/src/golang.org/x/crypto/ssh/tcpip.go
@@ -355,9 +355,6 @@
lport: uint32(lport),
}
ch, in, err := c.OpenChannel("direct-tcpip", Marshal(&msg))
- if err != nil {
- return nil, err
- }
go DiscardRequests(in)
return ch, err
}
diff --git a/go/src/golang.org/x/crypto/ssh/test/agent_unix_test.go b/go/src/golang.org/x/crypto/ssh/test/agent_unix_test.go
index f481253..502e24f 100644
--- a/go/src/golang.org/x/crypto/ssh/test/agent_unix_test.go
+++ b/go/src/golang.org/x/crypto/ssh/test/agent_unix_test.go
@@ -21,16 +21,7 @@
defer conn.Close()
keyring := agent.NewKeyring()
- if err := keyring.Add(agent.AddedKey{PrivateKey: testPrivateKeys["dsa"]}); err != nil {
- t.Fatalf("Error adding key: %s", err)
- }
- if err := keyring.Add(agent.AddedKey{
- PrivateKey: testPrivateKeys["dsa"],
- ConfirmBeforeUse: true,
- LifetimeSecs: 3600,
- }); err != nil {
- t.Fatalf("Error adding key with constraints: %s", err)
- }
+ keyring.Add(testPrivateKeys["dsa"], nil, "")
pub := testPublicKeys["dsa"]
sess, err := conn.NewSession()
diff --git a/go/src/golang.org/x/crypto/ssh/test/session_test.go b/go/src/golang.org/x/crypto/ssh/test/session_test.go
index c0e714b..fbd1044 100644
--- a/go/src/golang.org/x/crypto/ssh/test/session_test.go
+++ b/go/src/golang.org/x/crypto/ssh/test/session_test.go
@@ -319,22 +319,3 @@
}
}
}
-
-func TestKeyExchanges(t *testing.T) {
- var config ssh.Config
- config.SetDefaults()
- kexOrder := config.KeyExchanges
- for _, kex := range kexOrder {
- server := newServer(t)
- defer server.Shutdown()
- conf := clientConfig()
- // Don't fail if sshd doesnt have the kex.
- conf.KeyExchanges = append([]string{kex}, kexOrder...)
- conn, err := server.TryDial(conf)
- if err == nil {
- conn.Close()
- } else {
- t.Errorf("failed for kex %q", kex)
- }
- }
-}
diff --git a/go/src/golang.org/x/crypto/tea/cipher.go b/go/src/golang.org/x/crypto/tea/cipher.go
deleted file mode 100644
index 9c13d12..0000000
--- a/go/src/golang.org/x/crypto/tea/cipher.go
+++ /dev/null
@@ -1,109 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package tea implements the TEA algorithm, as defined in Needham and
-// Wheeler's 1994 technical report, “TEA, a Tiny Encryption Algorithm”. See
-// http://www.cix.co.uk/~klockstone/tea.pdf for details.
-
-package tea
-
-import (
- "crypto/cipher"
- "encoding/binary"
- "errors"
-)
-
-const (
- // BlockSize is the size of a TEA block, in bytes.
- BlockSize = 8
-
- // KeySize is the size of a TEA key, in bytes.
- KeySize = 16
-
- // delta is the TEA key schedule constant.
- delta = 0x9e3779b9
-
- // numRounds is the standard number of rounds in TEA.
- numRounds = 64
-)
-
-// tea is an instance of the TEA cipher with a particular key.
-type tea struct {
- key [16]byte
- rounds int
-}
-
-// NewCipher returns an instance of the TEA cipher with the standard number of
-// rounds. The key argument must be 16 bytes long.
-func NewCipher(key []byte) (cipher.Block, error) {
- return NewCipherWithRounds(key, numRounds)
-}
-
-// NewCipherWithRounds returns an instance of the TEA cipher with a given
-// number of rounds, which must be even. The key argument must be 16 bytes
-// long.
-func NewCipherWithRounds(key []byte, rounds int) (cipher.Block, error) {
- if len(key) != 16 {
- return nil, errors.New("tea: incorrect key size")
- }
-
- if rounds&1 != 0 {
- return nil, errors.New("tea: odd number of rounds specified")
- }
-
- c := &tea{
- rounds: rounds,
- }
- copy(c.key[:], key)
-
- return c, nil
-}
-
-// BlockSize returns the TEA block size, which is eight bytes. It is necessary
-// to satisfy the Block interface in the package "crypto/cipher".
-func (*tea) BlockSize() int {
- return BlockSize
-}
-
-// Encrypt encrypts the 8 byte buffer src using the key in t and stores the
-// result in dst. Note that for amounts of data larger than a block, it is not
-// safe to just call Encrypt on successive blocks; instead, use an encryption
-// mode like CBC (see crypto/cipher/cbc.go).
-func (t *tea) Encrypt(dst, src []byte) {
- e := binary.BigEndian
- v0, v1 := e.Uint32(src), e.Uint32(src[4:])
- k0, k1, k2, k3 := e.Uint32(t.key[0:]), e.Uint32(t.key[4:]), e.Uint32(t.key[8:]), e.Uint32(t.key[12:])
-
- sum := uint32(0)
- delta := uint32(delta)
-
- for i := 0; i < t.rounds/2; i++ {
- sum += delta
- v0 += ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1)
- v1 += ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3)
- }
-
- e.PutUint32(dst, v0)
- e.PutUint32(dst[4:], v1)
-}
-
-// Decrypt decrypts the 8 byte buffer src using the key in t and stores the
-// result in dst.
-func (t *tea) Decrypt(dst, src []byte) {
- e := binary.BigEndian
- v0, v1 := e.Uint32(src), e.Uint32(src[4:])
- k0, k1, k2, k3 := e.Uint32(t.key[0:]), e.Uint32(t.key[4:]), e.Uint32(t.key[8:]), e.Uint32(t.key[12:])
-
- delta := uint32(delta)
- sum := delta * uint32(t.rounds/2) // in general, sum = delta * n
-
- for i := 0; i < t.rounds/2; i++ {
- v1 -= ((v0 << 4) + k2) ^ (v0 + sum) ^ ((v0 >> 5) + k3)
- v0 -= ((v1 << 4) + k0) ^ (v1 + sum) ^ ((v1 >> 5) + k1)
- sum -= delta
- }
-
- e.PutUint32(dst, v0)
- e.PutUint32(dst[4:], v1)
-}
diff --git a/go/src/golang.org/x/crypto/tea/tea_test.go b/go/src/golang.org/x/crypto/tea/tea_test.go
deleted file mode 100644
index eb98d1e..0000000
--- a/go/src/golang.org/x/crypto/tea/tea_test.go
+++ /dev/null
@@ -1,93 +0,0 @@
-// Copyright 2015 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tea
-
-import (
- "bytes"
- "testing"
-)
-
-// A sample test key for when we just want to initialize a cipher
-var testKey = []byte{0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF}
-
-// Test that the block size for tea is correct
-func TestBlocksize(t *testing.T) {
- c, err := NewCipher(testKey)
- if err != nil {
- t.Fatalf("NewCipher returned error: %s", err)
- }
-
- if result := c.BlockSize(); result != BlockSize {
- t.Errorf("cipher.BlockSize returned %d, but expected %d", result, BlockSize)
- }
-}
-
-// Test that invalid key sizes return an error
-func TestInvalidKeySize(t *testing.T) {
- var key [KeySize + 1]byte
-
- if _, err := NewCipher(key[:]); err == nil {
- t.Errorf("invalid key size %d didn't result in an error.", len(key))
- }
-
- if _, err := NewCipher(key[:KeySize-1]); err == nil {
- t.Errorf("invalid key size %d didn't result in an error.", KeySize-1)
- }
-}
-
-// Test Vectors
-type teaTest struct {
- rounds int
- key []byte
- plaintext []byte
- ciphertext []byte
-}
-
-var teaTests = []teaTest{
- // These were sourced from https://github.com/froydnj/ironclad/blob/master/testing/test-vectors/tea.testvec
- {
- numRounds,
- []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- []byte{0x41, 0xea, 0x3a, 0x0a, 0x94, 0xba, 0xa9, 0x40},
- },
- {
- numRounds,
- []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
- []byte{0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
- []byte{0x31, 0x9b, 0xbe, 0xfb, 0x01, 0x6a, 0xbd, 0xb2},
- },
- {
- 16,
- []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- []byte{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00},
- []byte{0xed, 0x28, 0x5d, 0xa1, 0x45, 0x5b, 0x33, 0xc1},
- },
-}
-
-// Test encryption
-func TestCipherEncrypt(t *testing.T) {
- // Test encryption with standard 64 rounds
- for i, test := range teaTests {
- c, err := NewCipherWithRounds(test.key, test.rounds)
- if err != nil {
- t.Fatalf("#%d: NewCipher returned error: %s", i, err)
- }
-
- var ciphertext [BlockSize]byte
- c.Encrypt(ciphertext[:], test.plaintext)
-
- if !bytes.Equal(ciphertext[:], test.ciphertext) {
- t.Errorf("#%d: incorrect ciphertext. Got %x, wanted %x", i, ciphertext, test.ciphertext)
- }
-
- var plaintext2 [BlockSize]byte
- c.Decrypt(plaintext2[:], ciphertext[:])
-
- if !bytes.Equal(plaintext2[:], test.plaintext) {
- t.Errorf("#%d: incorrect plaintext. Got %x, wanted %x", i, plaintext2, test.plaintext)
- }
- }
-}