Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expiration parameter #145

Closed
wants to merge 87 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
87 commits
Select commit Hold shift + click to select a range
d86a2b9
if user has no hash prefs in signature, default to sha1/sha256/sha512…
Feb 2, 2017
b9c3c61
Export contents of sym encrypted packet
May 22, 2017
570d0c5
Add secp256k1 / x25519 / brainpool curves to openpgp
Mar 28, 2018
53f119a
fixing `imported but not used`
cuthix Mar 29, 2018
42d0a4f
Add EncryptText function
KAYLukas Apr 3, 2018
3d5ae49
Fix: canonizing of literal data for encrypted messages
jalehotsky Apr 5, 2018
845885a
Correct signature type
jalehotsky Apr 16, 2018
10058cf
Check if signature is created in the future
jalehotsky Apr 17, 2018
94acb36
Verify expiration of signature while checking
jalehotsky Apr 18, 2018
a34213f
Fixes + unit test for time expiration for signature verification
jalehotsky Apr 19, 2018
b7621a1
Merge pull request #3 from ProtonMail/canonizing
sanjanarajan May 7, 2018
687d2b3
on my way to fix tests
cuthix May 9, 2018
e504ad0
add encrypt private key
zhj4478 May 25, 2018
cef4d89
add a notes
zhj4478 May 25, 2018
f32898e
Merge pull request #4 from ProtonMail/private_key_encryption
sanjanarajan May 25, 2018
9a94ee5
add SerializePrivate without sign function
zhj4478 May 25, 2018
6d7576e
Merge pull request #5 from ProtonMail/private_key_encryption
zhj4478 May 25, 2018
2029d42
update private key serializer
zhj4478 May 25, 2018
0b735be
Merge pull request #6 from ProtonMail/private_key_encryption
sanjanarajan Jun 4, 2018
1807512
refactoring to prepare for new keygen
May 29, 2018
29411dc
WIP tests
May 31, 2018
77a676d
go fmt
Jun 6, 2018
dcc2718
oops
Jun 6, 2018
c460db4
WIP curve25519 keygen
Jun 9, 2018
e7c1c8c
Bug fix ECPoint
KAYLukas Jun 9, 2018
7b468c2
Merge pull request #7 from ProtonMail/keygen
sanjanarajan Jun 12, 2018
2b200e9
move rsa and rand packages into library
Jun 14, 2018
f9ef011
rsa optimizations
Jun 14, 2018
cbc96a9
add syscall
Jun 15, 2018
0b5f176
step after first random number generated
Jun 15, 2018
83c70fd
allow prepopulated primes
Jun 18, 2018
685acb5
don't support sym enc with no MDC
Jun 18, 2018
9e42511
subkey primes
Jun 18, 2018
2636381
force release of memory
cuthix Jan 7, 2019
44302ed
Work around old OpenPGP.js bug encrypting ECDH messages
twiss Feb 4, 2019
02c1a38
Merge pull request #12 from twiss/ecdh-workaround
sanjanarajan Feb 4, 2019
c8eb4ef
Fix panic when decrypting session key with the wrong private key
twiss Feb 5, 2019
2379f60
Merge pull request #13 from twiss/sessionkey-decrypt-panic
sanjanarajan Feb 5, 2019
5bcbe46
disable the code case the ECC key padding issue
zhj4478 Feb 10, 2019
0978818
Buffer partialLengthWriter to write in chunks of >= 512 bytes
twiss Feb 11, 2019
25f88b7
Merge pull request #14 from twiss/buffered-streaming
sanjanarajan Feb 20, 2019
64ba000
Fix missing leading zeros in ECDH messages
twiss Mar 1, 2019
1bfafb5
Merge pull request #15 from twiss/fix-ecdh
sanjanarajan Mar 4, 2019
5756cae
Use latest-created valid self-signature
twiss Mar 28, 2019
3ab2feb
Merge pull request #17 from twiss/use-latest-self-sig
sanjanarajan Mar 28, 2019
fc5a2b7
Disallow generating RSA keys of less than 1024 bits
twiss Apr 4, 2019
a05b07e
Default to SHA128 instead of CAST5 for keys without preferred algorithms
twiss Apr 9, 2019
5173560
Bump default and minimum S2K parameters
twiss Apr 9, 2019
01f2cca
Add higher-level function to verify clearsigned messages
twiss Apr 10, 2019
27c95c8
Merge pull request #18 from twiss/security-fixes
twiss Apr 11, 2019
bb79d83
Merge remote-tracking branch 'golang/master'
twiss Apr 12, 2019
ea6ef6c
Fix merge
twiss Apr 12, 2019
7abb221
Fix packet tests
twiss Apr 11, 2019
b110f49
Disable MPI test case of disabled workaround
twiss Apr 11, 2019
309e5a9
Fix Check[Armored]DetachedSignature tests
twiss Apr 11, 2019
68a1e81
Fix RSA tests
twiss Apr 12, 2019
3431f2e
Add Travis CI
twiss Apr 12, 2019
31f8b48
Fix and move Signature.KeyExpired to PublicKey.KeyExpired; add Signat…
twiss Apr 12, 2019
6909f06
Restore NewEntity compatibility with upstream; fix tests
twiss Apr 12, 2019
3a07e4a
Re-fix bitlength for generated ECC keys
twiss Apr 12, 2019
c45e2a1
Update README.md
sanjanarajan Apr 23, 2019
33a45b6
Merge pull request #19 from twiss/fix-tests
twiss Apr 27, 2019
4acdaca
Merge remote-tracking branch 'golang/master'
twiss Apr 27, 2019
efb430e
Accept multiple Hash headers / header values in clearsigned messages
twiss Apr 27, 2019
7627031
Add back relevant parts of README.md
twiss May 13, 2019
b36c0eb
Merge remote-tracking branch 'golang/master'
twiss May 13, 2019
ebf3fa0
openpgp: fix signing (#20)
horejsek May 14, 2019
a36a95c
Merge remote-tracking branch 'golang/master'
twiss May 14, 2019
504a3e8
Export EncryptionKey, SigningKey and PrimaryIdentity
twiss May 23, 2019
d3d8a14
Fix serialization and handling of MPIs with leading zeros (#22)
Jun 4, 2019
b5b07a6
Fix index out of range error with some X25519 keys (#25)
twiss Aug 14, 2019
ef109c6
Fix EdDSA key parsing with leading zeros (#30)
twiss Aug 28, 2019
ac9b7da
Implement EAX and OCB encryption modes (#26)
zugzwang Sep 3, 2019
15a616a
openpgp: support GNU dummy S2K for missing private keys
syadav2015 Aug 20, 2019
60837c4
Refactor end-to-end tests (#37)
zugzwang Nov 9, 2019
53909a3
Fix ECDH-Curve25519 private key masking (#40)
zugzwang Nov 20, 2019
18fc5a7
Support re-serializing parsed encrypted private keys (#42)
wussler Nov 22, 2019
e77a1f0
Add support for AEAD Encrypted Data Packets (#36)
zugzwang Nov 22, 2019
3e71139
openpgp: Add SerializeForHash function to public keys (#46)
wussler Apr 6, 2020
1e8bf1c
openpgp: Add SerializeForHash to v3 keys (#47)
wussler Apr 6, 2020
142ca78
Merge remote-tracking branch 'upstream/master'
twiss Apr 14, 2020
af60022
Fix tests for old Go (#48)
twiss Apr 14, 2020
a103d74
Implement GNU-dummy keys
twiss Apr 15, 2020
1fa7f40
Randomize tests, fix broken key (#34)
Apr 16, 2020
71bec36
Fix build on OpenBSD
twiss Apr 20, 2020
00945d6
openpgp: Always generate preferred algorithms at key generation (#50)
May 27, 2020
11f6ee2
openpgp: add RevokeKey, RevokeSubkey, AddSigningSubkey and AddEncrypt…
twiss Jun 5, 2020
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
language: go

script:
- go test -short ./...
- go test ./... -run RandomizeFast -count=512
- go test ./... -run RandomizeSlow -count=32

go_import_path: golang.org/x/crypto

go:
- 1.10.x
- 1.11.x
- 1.12.x
- 1.13.x
- 1.14.x
- master
jobs:
allow_failures:
- go: 1.10.x
16 changes: 1 addition & 15 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,4 @@ This repository holds supplementary Go cryptography libraries.

## Download/Install

The easiest way to install is to run `go get -u golang.org/x/crypto/...`. You
can also manually git clone the repository to `$GOPATH/src/golang.org/x/crypto`.

## Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to
this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the crypto repository is located at
https://github.com/golang/go/issues. Prefix your issue with "x/crypto:" in the
subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny
due to their sensitive nature. Patches may take longer than normal to receive
feedback.
Manually `git clone` the repository into `$GOPATH/src/golang.org/x/crypto`.
145 changes: 67 additions & 78 deletions bcrypt/bcrypt_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,19 @@ package bcrypt

import (
"bytes"
"crypto/rand"
"fmt"
mathrand "math/rand"
"testing"
)

func TestBcryptingIsEasy(t *testing.T) {
pass := []byte("mypassword")
const (
maxPasswordLength = 80
)

func TestRandomBcryptMismatchRandomizeSlow(t *testing.T) {
pass := make([]byte, mathrand.Intn(maxPasswordLength))
rand.Read(pass)
hp, err := GenerateFromPassword(pass, 0)
if err != nil {
t.Fatalf("GenerateFromPassword error: %s", err)
Expand All @@ -21,74 +28,57 @@ func TestBcryptingIsEasy(t *testing.T) {
t.Errorf("%v should hash %s correctly", hp, pass)
}

notPass := "notthepass"
err = CompareHashAndPassword(hp, []byte(notPass))
notPass := make([]byte, mathrand.Intn(maxPasswordLength))
for rand.Read(notPass); bytes.Equal(notPass, pass); {
rand.Read(notPass)
}

err = CompareHashAndPassword(hp, notPass)
if err != ErrMismatchedHashAndPassword {
t.Errorf("%v and %s should be mismatched", hp, notPass)
}
}

func TestBcryptingIsCorrect(t *testing.T) {
pass := []byte("allmine")
salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
expectedHash := []byte("$2a$10$XajjQvNhvvRt5GSeFk1xFeyqRrsxkhBkUiQeg0dt.wU1qD4aFDcga")
func TestExternalBcryptingCorrectness(t *testing.T) {
for _, sample := range externalBcryptHashes {
pass := []byte(sample.pass)
salt := []byte(sample.salt)
expectedHash := []byte(sample.hash)
cost := sample.cost

hash, err := bcrypt(pass, 10, salt)
if err != nil {
t.Fatalf("bcrypt blew up: %v", err)
}
if !bytes.HasSuffix(expectedHash, hash) {
t.Errorf("%v should be the suffix of %v", hash, expectedHash)
}
hash, err := bcrypt(pass, cost, salt)
if err != nil {
t.Fatalf("bcrypt blew up: %v", err)
}
if !bytes.HasSuffix(expectedHash, hash) {
fmt.Println(sample.pass)
t.Errorf("%v should be the suffix of %v", hash, expectedHash)
}

h, err := newFromHash(expectedHash)
if err != nil {
t.Errorf("Unable to parse %s: %v", string(expectedHash), err)
}
h, err := newFromHash(expectedHash)
if err != nil {
t.Errorf("Unable to parse %s: %v", string(expectedHash), err)
}

// This is not the safe way to compare these hashes. We do this only for
// testing clarity. Use bcrypt.CompareHashAndPassword()
if err == nil && !bytes.Equal(expectedHash, h.Hash()) {
t.Errorf("Parsed hash %v should equal %v", h.Hash(), expectedHash)
// This is not the safe way to compare these hashes. We do this only for
// testing clarity. Use bcrypt.CompareHashAndPassword()
if err == nil && !bytes.Equal(expectedHash, h.Hash()) {
t.Errorf("Parsed hash %v should equal %v", h.Hash(), expectedHash)
}
}
}

func TestVeryShortPasswords(t *testing.T) {
key := []byte("k")
salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
_, err := bcrypt(key, 10, salt)
if err != nil {
t.Errorf("One byte key resulted in error: %s", err)
}
}

func TestTooLongPasswordsWork(t *testing.T) {
salt := []byte("XajjQvNhvvRt5GSeFk1xFe")
// One byte over the usual 56 byte limit that blowfish has
tooLongPass := []byte("012345678901234567890123456789012345678901234567890123456")
tooLongExpected := []byte("$2a$10$XajjQvNhvvRt5GSeFk1xFe5l47dONXg781AmZtd869sO8zfsHuw7C")
hash, err := bcrypt(tooLongPass, 10, salt)
if err != nil {
t.Fatalf("bcrypt blew up on long password: %v", err)
}
if !bytes.HasSuffix(tooLongExpected, hash) {
t.Errorf("%v should be the suffix of %v", hash, tooLongExpected)
for _, salt := range randomSalts {
key := make([]byte, mathrand.Intn(5))
rand.Read(key)
_, err := bcrypt(key, 10, []byte(salt))
if err != nil {
t.Errorf("One byte key resulted in error: %s", err)
}
}
}

type InvalidHashTest struct {
err error
hash []byte
}

var invalidTests = []InvalidHashTest{
{ErrHashTooShort, []byte("$2a$10$fooo")},
{ErrHashTooShort, []byte("$2a")},
{HashVersionTooNewError('3'), []byte("$3a$10$sssssssssssssssssssssshhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh")},
{InvalidHashPrefixError('%'), []byte("%2a$10$sssssssssssssssssssssshhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh")},
{InvalidCostError(32), []byte("$2a$32$sssssssssssssssssssssshhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh")},
}

func TestInvalidHashErrors(t *testing.T) {
check := func(name string, expected, err error) {
if err == nil {
Expand Down Expand Up @@ -149,11 +139,8 @@ func TestCost(t *testing.T) {
}

func TestCostValidationInHash(t *testing.T) {
if testing.Short() {
return
}

pass := []byte("mypassword")
pass := make([]byte, maxPasswordLength)
rand.Read(pass)

for c := 0; c < MinCost; c++ {
p, _ := newFromPassword(pass, c)
Expand Down Expand Up @@ -182,7 +169,9 @@ func TestCostValidationInHash(t *testing.T) {
}

func TestCostReturnsWithLeadingZeroes(t *testing.T) {
hp, _ := newFromPassword([]byte("abcdefgh"), 7)
pass := make([]byte, maxPasswordLength)
rand.Read(pass)
hp, _ := newFromPassword(pass, 7)
cost := hp.Hash()[4:7]
expected := []byte("07$")

Expand All @@ -206,6 +195,23 @@ func TestMinorNotRequired(t *testing.T) {
}
}

// See Issue https://github.com/golang/go/issues/20425.
func TestNoSideEffectsFromCompare(t *testing.T) {
source := []byte("passw0rd123456")
password := source[:len(source)-6]
token := source[len(source)-6:]
want := make([]byte, len(source))
copy(want, source)

wantHash := []byte("$2a$10$LK9XRuhNxHHCvjX3tdkRKei1QiCDUKrJRhZv7WWZPuQGRUM92rOUa")
_ = CompareHashAndPassword(wantHash, password)

got := bytes.Join([][]byte{password, token}, []byte(""))
if !bytes.Equal(got, want) {
t.Errorf("got=%q want=%q", got, want)
}
}

func BenchmarkEqual(b *testing.B) {
b.StopTimer()
passwd := []byte("somepasswordyoulike")
Expand All @@ -224,20 +230,3 @@ func BenchmarkDefaultCost(b *testing.B) {
GenerateFromPassword(passwd, DefaultCost)
}
}

// See Issue https://github.com/golang/go/issues/20425.
func TestNoSideEffectsFromCompare(t *testing.T) {
source := []byte("passw0rd123456")
password := source[:len(source)-6]
token := source[len(source)-6:]
want := make([]byte, len(source))
copy(want, source)

wantHash := []byte("$2a$10$LK9XRuhNxHHCvjX3tdkRKei1QiCDUKrJRhZv7WWZPuQGRUM92rOUa")
_ = CompareHashAndPassword(wantHash, password)

got := bytes.Join([][]byte{password, token}, []byte(""))
if !bytes.Equal(got, want) {
t.Errorf("got=%q want=%q", got, want)
}
}
111 changes: 111 additions & 0 deletions bcrypt/bcrypt_test_data.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
package bcrypt

// Passphrases contacto@martinugarte.com generated with dev/urandom entropy
// Bcrypt hashes computed with python's bcrypt https://pypi.org/project/bcrypt/

type InvalidHashTest struct {
err error
hash []byte
}
var externalBcryptHashes = []struct {
pass string
salt string
hash string
cost int
}{
{
"",
"JGZJSHED/woRIKSoTp5bZe",
"$2b$12$JGZJSHED/woRIKSoTp5bZea/99GHy6jGK1ToltiTObaiRQMLxH3we",
12,
},
{
"allmine",
"XajjQvNhvvRt5GSeFk1xFe",
"$2a$10$XajjQuNhvvRt5GSeFk1xFeyqRrsxkhBkUiQeg0dt.wU1qD4aFDcga",
10,
},
{
"pass",
"GNk.4LiPcEcQxTb/FiWhfu",
"$2b$12$GNk.4LiPcEcQxTb/FiWhfu52a11RA6Jh5r4mLpezmg6.DlYS3MKzy",
12,
},
{
"letmein",
"biCUWeQbpfJiIT0hZJqOWO",
"$2b$12$biCUWeQbpfJiIT0hZJqOWOQAPN93iU3MPDHkvsnKx3tqV2yWRtiNK",
12,
},
{
"010203040506070809",
"60xRZwFvBNfExmNnV.twIO",
"$2b$12$60xRZwFvBNfExmNnV.twIOgz89kFEpp83ruKh5bufkUWQvVikbfL2",
12,
},
{
"1.e4 e5 2. Nf3 Nc6 3. Bb4 Bb5",
"9cgE2qZ1LbIKMPerEq/gIe",
"$2b$12$9cgE2qZ1LbIKMPerEq/gIeTCKUHaB6v9QJmjmEY1A01lkT3hL3eb6",
12,
},
{
"!@#$%^&*()",
"51NJndAjnyZOvS7YSH6rWe",
"$2b$12$51NJndAjnyZOvS7YSH6rWesdaN02VMVMQnxv2b48Oe.pBxe1mFg6K",
12,
},
{
"LI\"}41SWG(SD@^:~td",
"hakLP0gLwtpiA0LB.jgEP.",
"$2b$12$hakLP0gLwtpiA0LB.jgEP.NCyuc8GkA.k943vBdX6qMJie5flQaJO",
12,
},
{
"VTaT^O<b%[8\\M7CJ&krtVTaT^O<b%[8\\M7CJ&krt",
"o3Q7Grn/7RHqockRlJWave",
"$2b$12$o3Q7Grn/7RHqockRlJWaveTMz1KcClmMaDR.KAnV3gPUlwcNsSfKq",
12,
},
{
"\"j%MgQ\"c{dRr07FDO{qo1j%MgQ\"c{dRr07FDO{qo1",
"uG5.qLAVM6g9oFp6ucDAZe",
"$2b$12$uG5.qLAVM6g9oFp6ucDAZe7QfjAz8qSFB8pFEximoK856UbnXCD.i",
12,
},
{
"HI`#ZWSY,wCXj>jIz(=-8AM[+\"L$${l(:]LBih&?)KHe*rLN$,z_g<]WWP1#Udh#\\gN+M9n*4",
"qJAEBcCXXO5bF.O1iZhy9u",
"$2b$12$qJAEBcCXXO5bF.O1iZhy9uEl35W84j9d1H6OAVfP19uR8hhS4QQzy",
12,
},
// 57 byte password of old TestTooLongPasswordWord test. Notice that salt is repeated.
{
"012345678901234567890123456789012345678901234567890123456",
"XajjQvNhvvRt5GSeFk1xFe",
"$2a$10$XajjQvNhvvRt5GSeFk1xFe5l47dONXg781AmZtd869sO8zfsHuw7C",
10,
},
}

// Generated with python's bcrypt
var randomSalts = []string {
"Te0tzvXK54kCPxTib.Yrqe",
"Sk24alQjTsdXwSlaUdUGNe",
"CSzKaVGc70Z74Nbsu0lJje",
"xXMqLl4/t21aJHlTcBN4h.",
"GU.WqBHNelnEkg5ZfVDUR.",
"qh0/aSSVJBx4cvMOtBsucO",
"Oy5dSRPysuM6X/mVxuKmJO",
"wuFoMgC2HEPHh87aifJOl.",
"AiPCQjKBaVGaul9/XMp6Xe",
"UdNZfjHo56pN9s7yawvWEu",
}

var invalidTests = []InvalidHashTest{
{ErrHashTooShort, []byte("$2a$10$fooo")},
{ErrHashTooShort, []byte("$2a")},
{HashVersionTooNewError('3'), []byte("$3a$10$sssssssssssssssssssssshhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh")},
{InvalidHashPrefixError('%'), []byte("%2a$10$sssssssssssssssssssssshhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh")},
{InvalidCostError(32), []byte("$2a$32$sssssssssssssssssssssshhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh")},
}
Loading