squash merge from dev branch

2017-09-04 22:52:14 -04:00
parent 123cd935a3
commit ed916703c6
1058 changed files with 311598 additions and 3 deletions
--- a/vendor/golang.org/x/crypto/nacl/box/box.go
+++ b/vendor/golang.org/x/crypto/nacl/box/box.go
@@ -0,0 +1,86 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package box authenticates and encrypts messages using public-key cryptography.
+
+Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate
+messages. The length of messages is not hidden.
+
+It is the caller's responsibility to ensure the uniqueness of nonces—for
+example, by using nonce 1 for the first message, nonce 2 for the second
+message, etc. Nonces are long enough that randomly generated nonces have
+negligible risk of collision.
+
+This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html.
+*/
+package box // import "golang.org/x/crypto/nacl/box"
+
+import (
+	"io"
+
+	"golang.org/x/crypto/curve25519"
+	"golang.org/x/crypto/nacl/secretbox"
+	"golang.org/x/crypto/salsa20/salsa"
+)
+
+// Overhead is the number of bytes of overhead when boxing a message.
+const Overhead = secretbox.Overhead
+
+// GenerateKey generates a new public/private key pair suitable for use with
+// Seal and Open.
+func GenerateKey(rand io.Reader) (publicKey, privateKey *[32]byte, err error) {
+	publicKey = new([32]byte)
+	privateKey = new([32]byte)
+	_, err = io.ReadFull(rand, privateKey[:])
+	if err != nil {
+		publicKey = nil
+		privateKey = nil
+		return
+	}
+
+	curve25519.ScalarBaseMult(publicKey, privateKey)
+	return
+}
+
+var zeros [16]byte
+
+// Precompute calculates the shared key between peersPublicKey and privateKey
+// and writes it to sharedKey. The shared key can be used with
+// OpenAfterPrecomputation and SealAfterPrecomputation to speed up processing
+// when using the same pair of keys repeatedly.
+func Precompute(sharedKey, peersPublicKey, privateKey *[32]byte) {
+	curve25519.ScalarMult(sharedKey, privateKey, peersPublicKey)
+	salsa.HSalsa20(sharedKey, &zeros, sharedKey, &salsa.Sigma)
+}
+
+// Seal appends an encrypted and authenticated copy of message to out, which
+// will be Overhead bytes longer than the original and must not overlap. The
+// nonce must be unique for each distinct message for a given pair of keys.
+func Seal(out, message []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) []byte {
+	var sharedKey [32]byte
+	Precompute(&sharedKey, peersPublicKey, privateKey)
+	return secretbox.Seal(out, message, nonce, &sharedKey)
+}
+
+// SealAfterPrecomputation performs the same actions as Seal, but takes a
+// shared key as generated by Precompute.
+func SealAfterPrecomputation(out, message []byte, nonce *[24]byte, sharedKey *[32]byte) []byte {
+	return secretbox.Seal(out, message, nonce, sharedKey)
+}
+
+// Open authenticates and decrypts a box produced by Seal and appends the
+// message to out, which must not overlap box. The output will be Overhead
+// bytes smaller than box.
+func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) ([]byte, bool) {
+	var sharedKey [32]byte
+	Precompute(&sharedKey, peersPublicKey, privateKey)
+	return secretbox.Open(out, box, nonce, &sharedKey)
+}
+
+// OpenAfterPrecomputation performs the same actions as Open, but takes a
+// shared key as generated by Precompute.
+func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
+	return secretbox.Open(out, box, nonce, sharedKey)
+}
--- a/vendor/golang.org/x/crypto/nacl/box/box_test.go
+++ b/vendor/golang.org/x/crypto/nacl/box/box_test.go
@@ -0,0 +1,78 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package box
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"testing"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+func TestSealOpen(t *testing.T) {
+	publicKey1, privateKey1, _ := GenerateKey(rand.Reader)
+	publicKey2, privateKey2, _ := GenerateKey(rand.Reader)
+
+	if *privateKey1 == *privateKey2 {
+		t.Fatalf("private keys are equal!")
+	}
+	if *publicKey1 == *publicKey2 {
+		t.Fatalf("public keys are equal!")
+	}
+	message := []byte("test message")
+	var nonce [24]byte
+
+	box := Seal(nil, message, &nonce, publicKey1, privateKey2)
+	opened, ok := Open(nil, box, &nonce, publicKey2, privateKey1)
+	if !ok {
+		t.Fatalf("failed to open box")
+	}
+
+	if !bytes.Equal(opened, message) {
+		t.Fatalf("got %x, want %x", opened, message)
+	}
+
+	for i := range box {
+		box[i] ^= 0x40
+		_, ok := Open(nil, box, &nonce, publicKey2, privateKey1)
+		if ok {
+			t.Fatalf("opened box with byte %d corrupted", i)
+		}
+		box[i] ^= 0x40
+	}
+}
+
+func TestBox(t *testing.T) {
+	var privateKey1, privateKey2 [32]byte
+	for i := range privateKey1[:] {
+		privateKey1[i] = 1
+	}
+	for i := range privateKey2[:] {
+		privateKey2[i] = 2
+	}
+
+	var publicKey1 [32]byte
+	curve25519.ScalarBaseMult(&publicKey1, &privateKey1)
+	var message [64]byte
+	for i := range message[:] {
+		message[i] = 3
+	}
+
+	var nonce [24]byte
+	for i := range nonce[:] {
+		nonce[i] = 4
+	}
+
+	box := Seal(nil, message[:], &nonce, &publicKey1, &privateKey2)
+
+	// expected was generated using the C implementation of NaCl.
+	expected, _ := hex.DecodeString("78ea30b19d2341ebbdba54180f821eec265cf86312549bea8a37652a8bb94f07b78a73ed1708085e6ddd0e943bbdeb8755079a37eb31d86163ce241164a47629c0539f330b4914cd135b3855bc2a2dfc")
+
+	if !bytes.Equal(box, expected) {
+		t.Fatalf("box didn't match, got\n%x\n, expected\n%x", box, expected)
+	}
+}
--- a/vendor/golang.org/x/crypto/nacl/box/example_test.go
+++ b/vendor/golang.org/x/crypto/nacl/box/example_test.go
@@ -0,0 +1,95 @@
+package box_test
+
+import (
+	crypto_rand "crypto/rand" // Custom so it's clear which rand we're using.
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/nacl/box"
+)
+
+func Example() {
+	senderPublicKey, senderPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	recipientPublicKey, recipientPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(crypto_rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	msg := []byte("Alas, poor Yorick! I knew him, Horatio")
+	// This encrypts msg and appends the result to the nonce.
+	encrypted := box.Seal(nonce[:], msg, &nonce, recipientPublicKey, senderPrivateKey)
+
+	// The recipient can decrypt the message using their private key and the
+	// sender's public key. When you decrypt, you must use the same nonce you
+	// used to encrypt the message. One way to achieve this is to store the
+	// nonce alongside the encrypted message. Above, we stored the nonce in the
+	// first 24 bytes of the encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := box.Open(nil, encrypted[24:], &decryptNonce, senderPublicKey, recipientPrivateKey)
+	if !ok {
+		panic("decryption error")
+	}
+	fmt.Println(string(decrypted))
+	// Output: Alas, poor Yorick! I knew him, Horatio
+}
+
+func Example_precompute() {
+	senderPublicKey, senderPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	recipientPublicKey, recipientPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	// The shared key can be used to speed up processing when using the same
+	// pair of keys repeatedly.
+	sharedEncryptKey := new([32]byte)
+	box.Precompute(sharedEncryptKey, recipientPublicKey, senderPrivateKey)
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(crypto_rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	msg := []byte("A fellow of infinite jest, of most excellent fancy")
+	// This encrypts msg and appends the result to the nonce.
+	encrypted := box.SealAfterPrecomputation(nonce[:], msg, &nonce, sharedEncryptKey)
+
+	// The shared key can be used to speed up processing when using the same
+	// pair of keys repeatedly.
+	var sharedDecryptKey [32]byte
+	box.Precompute(&sharedDecryptKey, senderPublicKey, recipientPrivateKey)
+
+	// The recipient can decrypt the message using the shared key. When you
+	// decrypt, you must use the same nonce you used to encrypt the message.
+	// One way to achieve this is to store the nonce alongside the encrypted
+	// message. Above, we stored the nonce in the first 24 bytes of the
+	// encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := box.OpenAfterPrecomputation(nil, encrypted[24:], &decryptNonce, &sharedDecryptKey)
+	if !ok {
+		panic("decryption error")
+	}
+	fmt.Println(string(decrypted))
+	// Output: A fellow of infinite jest, of most excellent fancy
+}