Skip to content

Commit

Permalink
feat: update crypto API usage to avoid deprecations in Go 1.22
Browse files Browse the repository at this point in the history
Also update imports for gomock rename.
  • Loading branch information
smlx committed Sep 3, 2024
1 parent ca25eec commit 9d97a1a
Show file tree
Hide file tree
Showing 10 changed files with 64 additions and 43 deletions.
3 changes: 2 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,17 @@ module github.com/smlx/piv-agent
go 1.19

require (
filippo.io/nistec v0.0.3
github.com/ProtonMail/go-crypto v0.0.0-20230316153859-cb82d937a5d9
github.com/alecthomas/kong v0.9.0
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
github.com/davecgh/go-spew v1.1.1
github.com/gen2brain/beeep v0.0.0-20200526185328-e9c15c258e28
github.com/go-piv/piv-go v1.11.0
github.com/golang/mock v1.6.0
github.com/smlx/fsm v0.2.1
github.com/twpayne/go-pinentry-minimal v0.0.0-20220113210447-2a5dc4396c2a
github.com/x13a/go-launch v0.0.0-20210715084817-fd409384939b
go.uber.org/mock v0.4.0
go.uber.org/zap v1.27.0
golang.org/x/crypto v0.25.0
golang.org/x/sync v0.7.0
Expand Down
18 changes: 4 additions & 14 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
filippo.io/nistec v0.0.3 h1:h336Je2jRDZdBCLy2fLDUd9E2unG32JLwcJi0JQE9Cw=
filippo.io/nistec v0.0.3/go.mod h1:84fxC9mi+MhC2AERXI4LSa8cmSVOzrFikg6hZ4IfCyw=
github.com/alecthomas/assert/v2 v2.6.0 h1:o3WJwILtexrEUk3cUVal3oiQY2tfgr/FHWiz/v2n4FU=
github.com/alecthomas/kong v0.9.0 h1:G5diXxc85KvoV2f0ZRVuMsi45IrBgx9zDNGNj165aPA=
github.com/alecthomas/kong v0.9.0/go.mod h1:Y47y5gKfHp1hDc7CH7OeXgLIpp+Q2m1Ni0L5s3bI8Os=
Expand All @@ -18,8 +20,6 @@ github.com/go-toast/toast v0.0.0-20190211030409-01e6764cf0a4 h1:qZNfIGkIANxGv/Oq
github.com/go-toast/toast v0.0.0-20190211030409-01e6764cf0a4/go.mod h1:kW3HQ4UdaAyrUCSSDR4xUzBKW6O2iA4uHhk7AtyYp10=
github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME=
github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
github.com/gopherjs/gopherjs v0.0.0-20180825215210-0210a2f0f73c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
Expand All @@ -40,41 +40,34 @@ github.com/twpayne/go-pinentry-minimal v0.0.0-20220113210447-2a5dc4396c2a h1:a1b
github.com/twpayne/go-pinentry-minimal v0.0.0-20220113210447-2a5dc4396c2a/go.mod h1:ARJJXqNuaxVS84jX6ST52hQh0TtuQZWABhTe95a6BI4=
github.com/x13a/go-launch v0.0.0-20210715084817-fd409384939b h1:rpNT9cyxH8nsCM8htO1SLhrehyt74GFczE9s/O6WkfE=
github.com/x13a/go-launch v0.0.0-20210715084817-fd409384939b/go.mod h1:kfVYr1hMcmOVxZt+2kFzCXf/YRX9Cz+F1QkijZQMaMM=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
Expand All @@ -96,10 +89,7 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
2 changes: 1 addition & 1 deletion internal/assuan/assuan_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,12 @@ import (
"github.com/ProtonMail/go-crypto/openpgp/ecdsa"
"github.com/ProtonMail/go-crypto/openpgp/packet"
"github.com/davecgh/go-spew/spew"
"github.com/golang/mock/gomock"
"github.com/smlx/piv-agent/internal/assuan"
"github.com/smlx/piv-agent/internal/keyservice/gpg"
"github.com/smlx/piv-agent/internal/mock"
"github.com/smlx/piv-agent/internal/notify"
"github.com/smlx/piv-agent/internal/securitykey"
"go.uber.org/mock/gomock"
"go.uber.org/zap"
"golang.org/x/crypto/cryptobyte"
"golang.org/x/crypto/cryptobyte/asn1"
Expand Down
6 changes: 5 additions & 1 deletion internal/assuan/readkey.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,11 @@ func readKeyData(pub crypto.PublicKey) (string, error) {
case *ecdsa.PublicKey:
switch k.Curve {
case elliptic.P256():
q := elliptic.Marshal(k.Curve, k.X, k.Y)
ecdhPubKey, err := k.ECDH()
if err != nil {
return "", fmt.Errorf("couldn't convert pub key to ecdh.PublicKey: %v", err)
}
q := ecdhPubKey.Bytes()
qLen := len(q)
q = PercentEncodeSExp(q)
return fmt.Sprintf(
Expand Down
23 changes: 16 additions & 7 deletions internal/keyservice/gpg/ecdhkey.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@ package gpg

import (
"crypto"
"crypto/ecdh"
"crypto/ecdsa"
"crypto/elliptic"
"fmt"
"io"
"regexp"

"filippo.io/nistec"
"github.com/smlx/piv-agent/internal/assuan"
)

Expand All @@ -28,14 +29,22 @@ func (k *ECDHKey) Decrypt(_ io.Reader, sexp []byte,
// undo the buggy encoding sent by gpg
ciphertext = assuan.PercentDecodeSExp(ciphertext)
// unmarshal the ephemeral key
ephPubX, ephPubY := elliptic.Unmarshal(elliptic.P256(), ciphertext)
if ephPubX == nil {
return nil, fmt.Errorf("couldn't unmarshal ephemeral key")
ephPub, err := ecdh.P256().NewPublicKey(ciphertext)
if err != nil {
return nil, fmt.Errorf("couldn't unmarshal ephemeral key: %v", err)
}
// perform scalar multiplication
sharedPoint := nistec.NewP256Point()
_, err = sharedPoint.SetBytes(ephPub.Bytes())
if err != nil {
return nil, fmt.Errorf("couldn't set point bytes: %v", err)
}
_, err = sharedPoint.ScalarMult(sharedPoint, k.ecdsa.D.Bytes())
if err != nil {
return nil, fmt.Errorf("couldn't perform scalar mult: %v", err)
}
// perform the scalar mult
sharedX, sharedY := k.ecdsa.ScalarMult(ephPubX, ephPubY, k.ecdsa.D.Bytes())
// marshal, encode, and return the result
shared := elliptic.Marshal(elliptic.P256(), sharedX, sharedY)
shared := sharedPoint.Bytes()
sharedLen := len(shared)
shared = assuan.PercentEncodeSExp(shared)
return []byte(fmt.Sprintf("D (5:value%d:%s)\nOK\n", sharedLen, shared)), nil
Expand Down
2 changes: 1 addition & 1 deletion internal/keyservice/gpg/keyservice_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ import (
"encoding/hex"
"testing"

"github.com/golang/mock/gomock"
"github.com/smlx/piv-agent/internal/keyservice/gpg"
"github.com/smlx/piv-agent/internal/mock"
"go.uber.org/mock/gomock"
"go.uber.org/zap"
)

Expand Down
18 changes: 10 additions & 8 deletions internal/keyservice/piv/ecdhkey.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@ package piv

import (
"crypto"
"crypto/ecdh"
"crypto/ecdsa"
"crypto/elliptic"
"fmt"
"io"
"math/big"
"regexp"
"sync"

Expand Down Expand Up @@ -34,18 +36,18 @@ func (k *ECDHKey) Decrypt(_ io.Reader, sexp []byte,
// undo the buggy encoding sent by gpg
ciphertext = assuan.PercentDecodeSExp(ciphertext)
// unmarshal the ephemeral key
ephPubX, ephPubY := elliptic.Unmarshal(elliptic.P256(), ciphertext)
if ephPubX == nil {
return nil, fmt.Errorf("couldn't unmarshal ephemeral key")
ephPub, err := ecdh.P256().NewPublicKey(ciphertext)
if err != nil {
return nil, fmt.Errorf("couldn't unmarshal ephemeral key: %v", err)
}
// create the public key
ephPub := ecdsa.PublicKey{
rawBytes := ephPub.Bytes()
ecdsaPub := ecdsa.PublicKey{
Curve: elliptic.P256(),
X: ephPubX,
Y: ephPubY,
X: new(big.Int).SetBytes(rawBytes[:len(rawBytes)/2]),
Y: new(big.Int).SetBytes(rawBytes[len(rawBytes)/2:]),
}
// marshal, encode, and return the result
shared, err := k.SharedKey(&ephPub)
shared, err := k.SharedKey(&ecdsaPub)
if err != nil {
return nil, fmt.Errorf("couldn't generate shared secret: %v", err)
}
Expand Down
13 changes: 9 additions & 4 deletions internal/mock/mock_assuan.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 7 additions & 2 deletions internal/mock/mock_keyservice.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 9 additions & 4 deletions internal/mock/mock_pivservice.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 9d97a1a

Please sign in to comment.