diff --git a/go.mod b/go.mod
index fa7af290cd771011324bd3a56efa2120731da8be..5cb3d1168056be62881db8e6af516b5ed63307b5 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
module git.autistici.org/ai3/accountserver
-go 1.21.0
+go 1.22.0
-toolchain go1.23.1
+toolchain go1.24.2
require (
git.autistici.org/ai3/go-common v0.0.0-20250125130542-62b40adde91d
@@ -10,7 +10,7 @@ require (
git.autistici.org/id/auth v0.0.0-20250125155325-7ed6705d2e1f
git.autistici.org/id/go-sso v0.0.0-20241017184626-0e26b5e055dc
git.autistici.org/id/usermetadb v0.0.0-20241017171915-b5c24a0ff9b7
- github.com/ProtonMail/gopenpgp/v3 v3.1.2
+ github.com/ProtonMail/gopenpgp/v3 v3.2.0
github.com/go-ldap/ldap/v3 v3.4.10
github.com/go-test/deep v1.1.1
github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627
@@ -18,7 +18,7 @@ require (
github.com/prometheus/client_golang v1.20.5
github.com/sethvargo/go-password v0.3.1
github.com/tv42/zbase32 v0.0.0-20220222190657-f76a9fc892fa
- golang.org/x/crypto v0.32.0
+ golang.org/x/crypto v0.33.0
golang.org/x/net v0.34.0
golang.org/x/sync v0.10.0
gopkg.in/yaml.v3 v3.0.1
@@ -28,14 +28,14 @@ require (
filippo.io/edwards25519 v1.1.0 // indirect
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
- github.com/ProtonMail/go-crypto v1.1.5 // indirect
+ github.com/ProtonMail/go-crypto v1.2.0 // indirect
github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1 // indirect
github.com/bradfitz/gomemcache v0.0.0-20230905024940-24af94b03874 // indirect
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
- github.com/cloudflare/circl v1.3.7 // indirect
+ github.com/cloudflare/circl v1.6.0 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -69,6 +69,6 @@ require (
go.opentelemetry.io/otel/metric v0.31.0 // indirect
go.opentelemetry.io/otel/sdk v1.10.0 // indirect
go.opentelemetry.io/otel/trace v1.10.0 // indirect
- golang.org/x/sys v0.29.0 // indirect
+ golang.org/x/sys v0.30.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
)
diff --git a/go.sum b/go.sum
index e34d03b06007406038fae388a0e27771072abf3e..19ad3e0b53f0485bd1356c64ff99bd1a685581d6 100644
--- a/go.sum
+++ b/go.sum
@@ -19,8 +19,12 @@ github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cq
github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4=
github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/ProtonMail/go-crypto v1.2.0 h1:+PhXXn4SPGd+qk76TlEePBfOfivE0zkWFenhGhFLzWs=
+github.com/ProtonMail/go-crypto v1.2.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
github.com/ProtonMail/gopenpgp/v3 v3.1.2 h1:boYaqDF2e47xf5Dc4DmI+67Y9SLtKmMF68thfRgpJcc=
github.com/ProtonMail/gopenpgp/v3 v3.1.2/go.mod h1:JmPhH48sRCgTSIpez4JmdCyjt4hZcrc5jVdB3FGqodU=
+github.com/ProtonMail/gopenpgp/v3 v3.2.0 h1:BGYWjoyIddNA89TUWAEVbbkI4ecomV8eOd5hvwJ18s8=
+github.com/ProtonMail/gopenpgp/v3 v3.2.0/go.mod h1:x7RduTo/0n/2PjTFRoEHApaxye/8PFbhoCquwfYBUGM=
github.com/Shopify/sarama v1.30.0/go.mod h1:zujlQQx1kzHsh4jfV1USnptCQrHAEZ2Hk8fTKCulPVs=
github.com/Shopify/toxiproxy/v2 v2.1.6-0.20210914104332-15ea381dcdae/go.mod h1:/cvHQkZ1fst0EmZnA5dFtiQdWCNCFYzb+uE2vqVgvx0=
github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI=
@@ -44,6 +48,8 @@ github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
+github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk=
+github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
@@ -265,6 +271,8 @@ golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -339,6 +347,8 @@ golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
index 0eb3937b3954c315ff5f6997a4e9a95cd2b37aec..e44b45734d4b811db7027bb7e73ed81e386daa3e 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
@@ -6,6 +6,7 @@
package errors // import "github.com/ProtonMail/go-crypto/openpgp/errors"
import (
+ "fmt"
"strconv"
)
@@ -178,3 +179,22 @@ type ErrMalformedMessage string
func (dke ErrMalformedMessage) Error() string {
return "openpgp: malformed message " + string(dke)
}
+
+// ErrEncryptionKeySelection is returned if encryption key selection fails (v2 API).
+type ErrEncryptionKeySelection struct {
+ PrimaryKeyId string
+ PrimaryKeyErr error
+ EncSelectionKeyId *string
+ EncSelectionErr error
+}
+
+func (eks ErrEncryptionKeySelection) Error() string {
+ prefix := fmt.Sprintf("openpgp: key selection for primary key %s:", eks.PrimaryKeyId)
+ if eks.PrimaryKeyErr != nil {
+ return fmt.Sprintf("%s invalid primary key: %s", prefix, eks.PrimaryKeyErr)
+ }
+ if eks.EncSelectionKeyId != nil {
+ return fmt.Sprintf("%s invalid encryption key %s: %s", prefix, *eks.EncSelectionKeyId, eks.EncSelectionErr)
+ }
+ return fmt.Sprintf("%s no encryption key: %s", prefix, eks.EncSelectionErr)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
index fec41a0e73f7c7c81cacf379709e97ae77bae330..ef100d372b73471e70b343ce9c0ed76ab648d67e 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
@@ -37,7 +37,7 @@ func (conf *AEADConfig) Mode() AEADMode {
// ChunkSizeByte returns the byte indicating the chunk size. The effective
// chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6)
-// limit to 16 = 4 MiB
+// limit chunkSizeByte to 16 which equals to 2^22 = 4 MiB
// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
func (conf *AEADConfig) ChunkSizeByte() byte {
if conf == nil || conf.ChunkSize == 0 {
@@ -49,8 +49,8 @@ func (conf *AEADConfig) ChunkSizeByte() byte {
switch {
case exponent < 6:
exponent = 6
- case exponent > 16:
- exponent = 16
+ case exponent > 22:
+ exponent = 22
}
return byte(exponent - 6)
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
index 8bf8e6e51f1bbde5dd8f4d53706ab6521c119685..257398d9dde01a25332b300241459618f3138d93 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
@@ -173,6 +173,11 @@ type Config struct {
// weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.
// The default behavior, when the config or flag is nil, is to enable the feature.
NonDeterministicSignaturesViaNotation *bool
+
+ // InsecureAllowAllKeyFlagsWhenMissing determines how a key without valid key flags is handled.
+ // When set to true, a key without flags is treated as if all flags are enabled.
+ // This behavior is consistent with GPG.
+ InsecureAllowAllKeyFlagsWhenMissing bool
}
func (c *Config) Random() io.Reader {
@@ -403,6 +408,13 @@ func (c *Config) RandomizeSignaturesViaNotation() bool {
return *c.NonDeterministicSignaturesViaNotation
}
+func (c *Config) AllowAllKeyFlagsWhenMissing() bool {
+ if c == nil {
+ return false
+ }
+ return c.InsecureAllowAllKeyFlagsWhenMissing
+}
+
// BoolPointer is a helper function to set a boolean pointer in the Config.
// e.g., config.CheckPacketSequence = BoolPointer(true)
func BoolPointer(value bool) *bool {
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
index f8da781bbe620a59dc066bd10d0f27fc353dc343..e2813396e38c4cd1884378b12570b3fa2427e1a3 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
@@ -1048,12 +1048,17 @@ func (pk *PublicKey) VerifyDirectKeySignature(sig *Signature) (err error) {
// KeyIdString returns the public key's fingerprint in capital hex
// (e.g. "6C7EE1B8621CC013").
func (pk *PublicKey) KeyIdString() string {
- return fmt.Sprintf("%X", pk.Fingerprint[12:20])
+ return fmt.Sprintf("%016X", pk.KeyId)
}
// KeyIdShortString returns the short form of public key's fingerprint
// in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
+// This function will return the full key id for v5 and v6 keys
+// since the short key id is undefined for them.
func (pk *PublicKey) KeyIdShortString() string {
+ if pk.Version >= 5 {
+ return pk.KeyIdString()
+ }
return fmt.Sprintf("%X", pk.Fingerprint[16:20])
}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
index 3a4b366d870bae3712686fb6acd00dd60b36957d..84dd3b86f8a8ca4b4588736e289f160350c320be 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
@@ -1288,7 +1288,9 @@ func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubp
if sig.IssuerKeyId != nil && sig.Version == 4 {
keyId := make([]byte, 8)
binary.BigEndian.PutUint64(keyId, *sig.IssuerKeyId)
- subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, true, keyId})
+ // Note: making this critical breaks RPM <=4.16.
+ // See: https://github.com/ProtonMail/go-crypto/issues/263
+ subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId})
}
// Notation Data
for _, notation := range sig.Notations {
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go
index 93082dd485bb435b5a18b8f547228f2d06746a99..06cbe1f10a73dae6efc30918fbf41852ec6e65c0 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/keys.go
@@ -98,27 +98,62 @@ func shouldPreferIdentity(existingId, potentialNewId *packet.Signature) bool {
// EncryptionKey returns the best candidate Key for encrypting a message to the
// given Entity.
func (e *Entity) EncryptionKey(now time.Time, config *packet.Config) (Key, bool) {
+ encryptionKey, err := e.EncryptionKeyWithError(now, config)
+ return encryptionKey, err == nil
+}
+
+// EncryptionKeyWithError returns the best candidate Key for encrypting a message to the
+// given Entity.
+// Provides an error if the function fails to find an encryption key.
+func (e *Entity) EncryptionKeyWithError(now time.Time, config *packet.Config) (Key, error) {
// The primary key has to be valid at time now
primarySelfSignature, err := e.VerifyPrimaryKey(now, config)
if err != nil { // primary key is not valid
- return Key{}, false
+ return Key{}, errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ PrimaryKeyErr: err,
+ }
}
- if checkKeyRequirements(e.PrimaryKey, config) != nil {
+ if err := checkKeyRequirements(e.PrimaryKey, config); err != nil {
// The primary key produces weak signatures
- return Key{}, false
+ return Key{}, errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ PrimaryKeyErr: err,
+ }
}
// Iterate the keys to find the newest, unexpired one
+ var latestSelectionError *errors.ErrEncryptionKeySelection
candidateSubkey := -1
var maxTime time.Time
var selectedSubkeySelfSig *packet.Signature
for i, subkey := range e.Subkeys {
+ subkeyErr := func(encSelectionErr error) *errors.ErrEncryptionKeySelection {
+ subkeyKeyId := subkey.PublicKey.KeyIdString()
+ return &errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ EncSelectionKeyId: &subkeyKeyId,
+ EncSelectionErr: encSelectionErr,
+ }
+
+ }
+ // Verify the subkey signature.
subkeySelfSig, err := subkey.Verify(now, config) // subkey has to be valid at time now
- if err == nil &&
- isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo) &&
- checkKeyRequirements(subkey.PublicKey, config) == nil &&
- (maxTime.IsZero() || subkeySelfSig.CreationTime.Unix() >= maxTime.Unix()) {
+ if err != nil {
+ latestSelectionError = subkeyErr(err)
+ continue
+ }
+ // Check the algorithm and key flags.
+ if !isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config) {
+ continue
+ }
+ // Check if the key fulfils the requirements
+ if err := checkKeyRequirements(subkey.PublicKey, config); err != nil {
+ latestSelectionError = subkeyErr(err)
+ continue
+ }
+ if maxTime.IsZero() || subkeySelfSig.CreationTime.Unix() >= maxTime.Unix() {
candidateSubkey = i
selectedSubkeySelfSig = subkeySelfSig
maxTime = subkeySelfSig.CreationTime
@@ -133,22 +168,29 @@ func (e *Entity) EncryptionKey(now time.Time, config *packet.Config) (Key, bool)
PublicKey: subkey.PublicKey,
PrivateKey: subkey.PrivateKey,
SelfSignature: selectedSubkeySelfSig,
- }, true
+ }, nil
}
// If we don't have any subkeys for encryption and the primary key
// is marked as OK to encrypt with, then we can use it.
- if isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {
+ if isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config) {
return Key{
Entity: e,
PrimarySelfSignature: primarySelfSignature,
PublicKey: e.PrimaryKey,
PrivateKey: e.PrivateKey,
SelfSignature: primarySelfSignature,
- }, true
+ }, nil
}
- return Key{}, false
+ if latestSelectionError == nil {
+ latestSelectionError = &errors.ErrEncryptionKeySelection{
+ PrimaryKeyId: e.PrimaryKey.KeyIdString(),
+ EncSelectionErr: goerrors.New("no encryption-capable key found (no key flags or invalid algorithm)"),
+ }
+ }
+
+ return Key{}, latestSelectionError
}
// DecryptionKeys returns all keys that are available for decryption, matching the keyID when given
@@ -164,12 +206,12 @@ func (e *Entity) DecryptionKeys(id uint64, date time.Time, config *packet.Config
for _, subkey := range e.Subkeys {
subkeySelfSig, err := subkey.LatestValidBindingSignature(date, config)
if err == nil &&
- (config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
+ (config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config)) &&
(id == 0 || subkey.PublicKey.KeyId == id) {
keys = append(keys, Key{subkey.Primary, primarySelfSignature, subkey.PublicKey, subkey.PrivateKey, subkeySelfSig})
}
}
- if config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {
+ if config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config) {
keys = append(keys, Key{e, primarySelfSignature, e.PrimaryKey, e.PrivateKey, primarySelfSignature})
}
return
@@ -219,8 +261,8 @@ func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int, config
for idx, subkey := range e.Subkeys {
subkeySelfSig, err := subkey.Verify(now, config)
if err == nil &&
- (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
- (flags&packet.KeyFlagSign == 0 || isValidSigningKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
+ (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config)) &&
+ (flags&packet.KeyFlagSign == 0 || isValidSigningKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo, config)) &&
checkKeyRequirements(subkey.PublicKey, config) == nil &&
(maxTime.IsZero() || subkeySelfSig.CreationTime.Unix() >= maxTime.Unix()) &&
(id == 0 || subkey.PublicKey.KeyId == id) {
@@ -243,8 +285,8 @@ func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int, config
// If we don't have any subkeys for signing and the primary key
// is marked as OK to sign with, then we can use it.
- if (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo)) &&
- (flags&packet.KeyFlagSign == 0 || isValidSigningKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo)) &&
+ if (flags&packet.KeyFlagCertify == 0 || isValidCertificationKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config)) &&
+ (flags&packet.KeyFlagSign == 0 || isValidSigningKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo, config)) &&
(id == 0 || e.PrimaryKey.KeyId == id) {
return Key{
Entity: e,
@@ -676,7 +718,7 @@ func (e *Entity) LatestValidDirectSignature(date time.Time, config *packet.Confi
if sig.Valid == nil {
err := e.PrimaryKey.VerifyDirectKeySignature(sig.Packet)
if err == nil {
- err = checkSignatureDetails(e.PrimaryKey, sig.Packet, date, config)
+ err = checkSignatureDetails(sig.Packet, date, config)
}
valid := err == nil
sig.Valid = &valid
@@ -770,20 +812,38 @@ func checkKeyRequirements(usedKey *packet.PublicKey, config *packet.Config) erro
return nil
}
-func isValidSigningKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm) bool {
- return algo.CanSign() &&
- signature.FlagsValid &&
- signature.FlagSign
+func isValidSigningKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm, config *packet.Config) bool {
+ if !algo.CanSign() {
+ return false
+ }
+
+ if signature.FlagsValid {
+ return signature.FlagSign
+ }
+
+ return config.AllowAllKeyFlagsWhenMissing()
}
-func isValidCertificationKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm) bool {
- return algo.CanSign() &&
- signature.FlagsValid &&
- signature.FlagCertify
+func isValidCertificationKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm, config *packet.Config) bool {
+ if !algo.CanSign() {
+ return false
+ }
+
+ if signature.FlagsValid {
+ return signature.FlagCertify
+ }
+
+ return config.AllowAllKeyFlagsWhenMissing()
}
-func isValidEncryptionKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm) bool {
- return algo.CanEncrypt() &&
- signature.FlagsValid &&
- (signature.FlagEncryptCommunications || signature.FlagEncryptStorage)
+func isValidEncryptionKey(signature *packet.Signature, algo packet.PublicKeyAlgorithm, config *packet.Config) bool {
+ if !algo.CanEncrypt() {
+ return false
+ }
+
+ if signature.FlagsValid {
+ return signature.FlagEncryptCommunications || signature.FlagEncryptStorage
+ }
+
+ return config.AllowAllKeyFlagsWhenMissing()
}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go
index 5ab9aff53c31888857cf18166123faf232123b8b..7cefd37b841fbfa9fd1905451c8d1f5f7e749a49 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/read.go
@@ -732,19 +732,14 @@ func verifyDetachedSignatureReader(keyring KeyRing, signed, signature io.Reader,
// It checks the following:
// - Hash function should not be invalid according to
// config.RejectHashAlgorithms.
-// - Verification key must be older than the signature creation time.
// - Check signature notations.
// - Signature is not expired (unless a zero time is passed to
// explicitly ignore expiration).
-func checkSignatureDetails(pk *packet.PublicKey, signature *packet.Signature, now time.Time, config *packet.Config) error {
+func checkSignatureDetails(signature *packet.Signature, now time.Time, config *packet.Config) error {
if config.RejectHashAlgorithm(signature.Hash) {
return errors.SignatureError("insecure hash algorithm: " + signature.Hash.String())
}
- if pk.CreationTime.Unix() > signature.CreationTime.Unix() {
- return errors.ErrSignatureOlderThanKey
- }
-
for _, notation := range signature.Notations {
if notation.IsCritical && !config.KnownNotation(notation.Name) {
return errors.SignatureError("unknown critical notation: " + notation.Name)
@@ -762,30 +757,29 @@ func checkSignatureDetails(pk *packet.PublicKey, signature *packet.Signature, no
// signature and all relevant binding signatures.
// In addition, the message signature hash algorithm is checked against
// config.RejectMessageHashAlgorithms.
+// Finally, the signature must be newer than the verification key.
func checkMessageSignatureDetails(verifiedKey *Key, signature *packet.Signature, config *packet.Config) error {
if config.RejectMessageHashAlgorithm(signature.Hash) {
return errors.SignatureError("insecure message hash algorithm: " + signature.Hash.String())
}
+ if signature.CreationTime.Unix() < verifiedKey.PublicKey.CreationTime.Unix() {
+ return errors.ErrSignatureOlderThanKey
+ }
+
sigsToCheck := []*packet.Signature{signature, verifiedKey.PrimarySelfSignature}
if !verifiedKey.IsPrimary() {
sigsToCheck = append(sigsToCheck, verifiedKey.SelfSignature, verifiedKey.SelfSignature.EmbeddedSignature)
}
var errs []error
for _, sig := range sigsToCheck {
- var pk *packet.PublicKey
- if sig == verifiedKey.PrimarySelfSignature || sig == verifiedKey.SelfSignature {
- pk = verifiedKey.Entity.PrimaryKey
- } else {
- pk = verifiedKey.PublicKey
- }
var time time.Time
if sig == signature {
time = config.Now()
} else {
time = signature.CreationTime
}
- if err := checkSignatureDetails(pk, sig, time, config); err != nil {
+ if err := checkSignatureDetails(sig, time, config); err != nil {
errs = append(errs, err)
}
}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go
index 3e9fc1890aefe378b14a70209e2edbc8f92e06d9..1b796f8cb2077df8aaddaf2503a2a334196fdaa5 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/subkeys.go
@@ -187,7 +187,7 @@ func (s *Subkey) LatestValidBindingSignature(date time.Time, config *packet.Conf
if sig.Valid == nil {
err := s.Primary.PrimaryKey.VerifyKeySignature(s.PublicKey, sig.Packet)
if err == nil {
- err = checkSignatureDetails(s.Primary.PrimaryKey, sig.Packet, date, config)
+ err = checkSignatureDetails(sig.Packet, date, config)
}
valid := err == nil
sig.Valid = &valid
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go
index 3da03bd7cbad0d2de24002d014cc78a8d5c3df69..4effa6e738e37fb7598d1e3af1271ee92b861531 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/user.go
@@ -121,7 +121,7 @@ func (i *Identity) Revoked(selfCertification *packet.Signature, date time.Time,
// Verify revocation signature (not verified yet).
err := i.Primary.PrimaryKey.VerifyUserIdSignature(i.Name, i.Primary.PrimaryKey, revocation.Packet)
if err == nil {
- err = checkSignatureDetails(i.Primary.PrimaryKey, revocation.Packet, date, config)
+ err = checkSignatureDetails(revocation.Packet, date, config)
}
valid := err == nil
revocation.Valid = &valid
@@ -206,7 +206,7 @@ func (i *Identity) LatestValidSelfCertification(date time.Time, config *packet.C
// Verify revocation signature (not verified yet).
err = i.Primary.PrimaryKey.VerifyUserIdSignature(i.Name, i.Primary.PrimaryKey, sig.Packet)
if err == nil {
- err = checkSignatureDetails(i.Primary.PrimaryKey, sig.Packet, date, config)
+ err = checkSignatureDetails(sig.Packet, date, config)
}
valid := err == nil
sig.Valid = &valid
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go
index 398f63f47d6417c75fd671543f696ac3085545ac..0d5faff5847efdd71a996005b6f224b417ab8825 100644
--- a/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/v2/write.go
@@ -611,10 +611,8 @@ func encrypt(
timeForEncryptionKey = *params.EncryptionTime
}
for i, recipient := range append(to, toHidden...) {
- var ok bool
- encryptKeys[i], ok = recipient.EncryptionKey(timeForEncryptionKey, config)
- if !ok {
- return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no valid encryption keys")
+ if encryptKeys[i], err = recipient.EncryptionKeyWithError(timeForEncryptionKey, config); err != nil {
+ return nil, err
}
primarySelfSignature, _ := recipient.PrimarySelfSignature(timeForEncryptionKey, config)
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go b/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go
index 9a9a7c1874cc7fc7e102ff16cb12ec62e3e54c69..2d8c5442c89d06288cec84c31cd55b2cd83f1f30 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/armor/armor.go
@@ -4,12 +4,12 @@ package armor
import (
"bytes"
+ "fmt"
"io"
"github.com/ProtonMail/go-crypto/openpgp/armor"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// ArmorKey armors input as a public key.
@@ -126,7 +126,7 @@ func ArmorReader(in io.Reader) (io.Reader, error) {
func Unarmor(input string) ([]byte, error) {
b, err := internal.Unarmor(input)
if err != nil {
- return nil, errors.Wrap(err, "armor: unable to unarmor")
+ return nil, fmt.Errorf("armor: unable to unarmor: %w", err)
}
return io.ReadAll(b.Body)
}
@@ -135,7 +135,7 @@ func Unarmor(input string) ([]byte, error) {
func UnarmorBytes(input []byte) ([]byte, error) {
b, err := internal.UnarmorBytes(input)
if err != nil {
- return nil, errors.Wrap(err, "armor: unable to unarmor")
+ return nil, fmt.Errorf("armor: unable to unarmor: %w", err)
}
return io.ReadAll(b.Body)
}
@@ -188,13 +188,13 @@ func armorWithTypeAndHeaders(input []byte, armorType string, headers map[string]
w, err := armor.EncodeWithChecksumOption(&b, armorType, headers, writeChecksum)
if err != nil {
- return nil, errors.Wrap(err, "armor: unable to encode armoring")
+ return nil, fmt.Errorf("armor: unable to encode armoring: %w", err)
}
if _, err = w.Write(input); err != nil {
- return nil, errors.Wrap(err, "armor: unable to write armored to buffer")
+ return nil, fmt.Errorf("armor: unable to write armored to buffer: %w", err)
}
if err := w.Close(); err != nil {
- return nil, errors.Wrap(err, "armor: unable to close armor buffer")
+ return nil, fmt.Errorf("armor: unable to close armor buffer: %w", err)
}
return &b, nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go b/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go
index eec59c4199f4b68d3299dabe3c607ef46de84a89..445da47b744d5f546e85e4478ba5fdaa55c8f624 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/constants/version.go
@@ -1,3 +1,3 @@
package constants
-const Version = "3.1.2"
+const Version = "3.2.0"
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go
index 0ca88e7d202f3dfb040c7ac22c5dcf731cd6198a..23ea24107748861077bc89ee04991b7461cf82e6 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/crypto.go
@@ -73,7 +73,9 @@ func (p *PGPHandle) LockKey(key *Key, passphrase []byte) (*Key, error) {
}
// GenerateSessionKey generates a random session key for the profile.
+// Use GenerateSessionKey on the encryption handle, if the PGP encryption keys are known.
+// This function only considers the profile to determine the session key type.
func (p *PGPHandle) GenerateSessionKey() (*SessionKey, error) {
config := p.profile.EncryptionConfig()
- return generateSessionKey(config)
+ return generateSessionKey(config, nil, nil)
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go
index d8451598ef75e5108b80a53e2fdb1c584a1fca92..953b702b055aafce5940e1b22327c25fe86c50f7 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_core.go
@@ -2,13 +2,14 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
type pgpSplitReader struct {
@@ -54,7 +55,7 @@ func (dh *decryptionHandle) decryptStream(encryptedMessage Reader) (plainMessage
// Private key based decryption
messageDetails, err = openpgp.ReadMessage(encryptedMessage, entries, nil, config)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: decrypting message with private keys failed")
+ return nil, fmt.Errorf("gopenpgp: decrypting message with private keys failed: %w", err)
}
} else {
// Password based decryption
@@ -70,7 +71,7 @@ func (dh *decryptionHandle) decryptStream(encryptedMessage Reader) (plainMessage
}
if _, err := resetReader.Reset(); err != nil {
// Should not happen.
- return nil, errors.Wrap(err, "gopenpgp: buffer reset failed")
+ return nil, fmt.Errorf("gopenpgp: buffer reset failed: %w", err)
}
}
if !foundPassword {
@@ -103,7 +104,7 @@ func (dh *decryptionHandle) decryptStream(encryptedMessage Reader) (plainMessage
func (dh *decryptionHandle) decryptStreamWithSession(dataPacketReader Reader) (plainMessage *VerifyDataReader, err error) {
messageDetails, verifyTime, err := dh.decryptStreamWithSessionAndParse(dataPacketReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading message")
+ return nil, fmt.Errorf("gopenpgp: error in reading message: %w", err)
}
// Add utf8 sanitizer if signature has type packet.SigTypeText
@@ -141,7 +142,7 @@ func (dh *decryptionHandle) decryptStreamWithSessionAndParse(messageReader io.Re
}
}
if selectedSessionKey == nil {
- return nil, 0, errors.Wrap(err, "gopenpgp: unable to decrypt message with session key")
+ return nil, 0, fmt.Errorf("gopenpgp: unable to decrypt message with session key: %w", err)
}
config := dh.decryptionConfig(dh.clock().Unix())
@@ -161,7 +162,7 @@ func (dh *decryptionHandle) decryptStreamWithSessionAndParse(messageReader io.Re
}
md, err := openpgp.ReadMessage(decrypted, keyring, nil, config)
if err != nil {
- return nil, 0, errors.Wrap(err, "gopenpgp: unable to decode symmetric packet")
+ return nil, 0, fmt.Errorf("gopenpgp: unable to decode symmetric packet: %w", err)
}
md.SessionKey = selectedSessionKey.Key
md.UnverifiedBody = checkReader{decrypted, md.UnverifiedBody}
@@ -176,7 +177,7 @@ Loop:
packets := packet.NewReader(messageReader)
p, err := packets.Next()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to read symmetric packet")
+ return nil, fmt.Errorf("gopenpgp: unable to read symmetric packet: %w", err)
}
// Decrypt data packet
@@ -191,19 +192,19 @@ Loop:
}
}
var dc packet.CipherFunction
- if !sessionKey.v6 {
+ if sessionKey.hasAlgorithm() {
dc, err = sessionKey.GetCipherFunc()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt with session key")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt with session key: %w", err)
}
}
encryptedDataPacket, isDataPacket := p.(packet.EncryptedDataPacket)
if !isDataPacket {
- return nil, errors.Wrap(err, "gopenpgp: unknown data packet")
+ return nil, fmt.Errorf("gopenpgp: unknown data packet: %w", err)
}
decrypted, err = encryptedDataPacket.Decrypt(dc, sessionKey.Key)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt symmetric packet")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt symmetric packet: %w", err)
}
break Loop
default:
@@ -222,13 +223,13 @@ func (dh *decryptionHandle) decryptStreamAndVerifyDetached(encryptedData, encryp
// Decrypt with session key.
mdData, _, err = dh.decryptStreamWithSessionAndParse(encryptedData)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading data message")
+ return nil, fmt.Errorf("gopenpgp: error in reading data message: %w", err)
}
if !isPlaintextSignature {
// Decrypting reader for the encrypted signature
mdSig, _, err := dh.decryptStreamWithSessionAndParse(encryptedSignature)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading detached signature message")
+ return nil, fmt.Errorf("gopenpgp: error in reading detached signature message: %w", err)
}
signature = mdSig.UnverifiedBody
}
@@ -253,16 +254,16 @@ func (dh *decryptionHandle) decryptStreamAndVerifyDetached(encryptedData, encryp
}
if _, err := resetReader.Reset(); err != nil {
// Should not happen
- return nil, errors.Wrap(err, "gopenpgp: buffer reset failed")
+ return nil, fmt.Errorf("gopenpgp: buffer reset failed: %w", err)
}
}
if selectedPassword == nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading data message: no password matched")
+ return nil, fmt.Errorf("gopenpgp: error in reading data message: no password matched: %w", err)
}
} else {
mdData, err = openpgp.ReadMessage(encryptedData, entries, nil, config)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading data message")
+ return nil, fmt.Errorf("gopenpgp: error in reading data message: %w", err)
}
}
@@ -273,7 +274,7 @@ func (dh *decryptionHandle) decryptStreamAndVerifyDetached(encryptedData, encryp
config.CheckPacketSequence = &noCheckPacketSequence
mdSig, err := openpgp.ReadMessage(encryptedSignature, entries, prompt, config)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading detached signature message")
+ return nil, fmt.Errorf("gopenpgp: error in reading detached signature message: %w", err)
}
signature = mdSig.UnverifiedBody
}
@@ -308,7 +309,7 @@ func getSignaturePacket(sig []byte) (*packet.Signature, error) {
}
sigPacket, ok := p.(*packet.Signature)
if !ok {
- return nil, errors.Wrap(err, "gopenpgp: invalid signature packet")
+ return nil, fmt.Errorf("gopenpgp: invalid signature packet: %w", err)
}
return sigPacket, nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go
index 10bddff09100fac9ff25e48712f7a7f99ae47f1e..8a7b688bcbd4c4e21ca699cbce7d997dbf2ed67f 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/decryption_handle.go
@@ -2,11 +2,11 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"github.com/ProtonMail/go-crypto/openpgp/armor"
"github.com/ProtonMail/gopenpgp/v3/internal"
-
- "github.com/pkg/errors"
)
// decryptionHandle collects the configuration parameters to decrypt a pgp message.
@@ -166,7 +166,7 @@ func (dh *decryptionHandle) decryptingReader(encryptedMessage Reader, encryptedS
// Wrap encryptedMessage with decode armor reader.
armoredBlock, err = armor.Decode(encryptedMessage)
if err != nil {
- err = errors.Wrap(err, "gopenpgp: unarmor failed for pgp message")
+ err = fmt.Errorf("gopenpgp: unarmor failed for pgp message: %w", err)
return nil, err
}
encryptedMessage = armoredBlock.Body
@@ -177,7 +177,7 @@ func (dh *decryptionHandle) decryptingReader(encryptedMessage Reader, encryptedS
// Wrap encryptedSignature with decode armor reader.
armoredBlock, err = armor.Decode(encryptedSignature)
if err != nil {
- err = errors.Wrap(err, "gopenpgp: unarmor failed for pgp encrypted signature message")
+ err = fmt.Errorf("gopenpgp: unarmor failed for pgp encrypted signature message: %w", err)
return nil, err
}
encryptedSignature = armoredBlock.Body
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go
index 235eeede03501c29dddc7213f1e254661f151ed7..84f222c6a4aa439e361a511609a3f5b3b537aac6 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption.go
@@ -23,6 +23,9 @@ type PGPEncryption interface {
// EncryptSessionKey encrypts a session key with the encryption handle.
// To encrypt a session key, the handle must contain either recipients or a password.
EncryptSessionKey(sessionKey *SessionKey) ([]byte, error)
+ // GenerateSessionKey generates a random session key for the given encryption handle
+ // considering the algorithm preferences of the recipient keys.
+ GenerateSessionKey() (*SessionKey, error)
// ClearPrivateParams clears all private key material contained in EncryptionHandle from memory.
ClearPrivateParams()
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go
index 89fe1acc26f1850b31eb176f87b2d52197c08878..c1af3b6cf68cbd57cbde2f15bd1d9d12ae3aef8a 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_core.go
@@ -1,6 +1,8 @@
package crypto
import (
+ "errors"
+ "fmt"
"io"
"time"
@@ -8,7 +10,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// pgpSplitWriter type implements the PGPSplitWriter
@@ -150,7 +151,7 @@ func (eh *encryptionHandle) encryptStream(
},
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in encrypting asymmetrically")
+ return nil, fmt.Errorf("gopenpgp: error in encrypting asymmetrically: %w", err)
}
return plainMessageWriter, nil
}
@@ -182,7 +183,7 @@ func (eh *encryptionHandle) encryptStreamWithPassword(
},
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in encrypting asymmetrically")
+ return nil, fmt.Errorf("gopenpgp: error in encrypting asymmetrically: %w", err)
}
return plainMessageWriter, nil
}
@@ -216,30 +217,30 @@ func (eh *encryptionHandle) encryptStreamWithSessionKeyHelper(
return nil, nil, err
}
- if !eh.SessionKey.v6 {
+ if eh.SessionKey.hasAlgorithm() {
config.DefaultCipher, err = eh.SessionKey.GetCipherFunc()
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt with session key")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt with session key: %w", err)
}
}
encryptWriter, err = packet.SerializeSymmetricallyEncrypted(
dataPacketWriter,
config.Cipher(),
- config.AEAD() != nil,
+ eh.SessionKey.v6,
packet.CipherSuite{Cipher: config.Cipher(), Mode: config.AEAD().Mode()},
eh.SessionKey.Key,
config,
)
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to encrypt")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to encrypt: %w", err)
}
if algo := config.Compression(); algo != packet.CompressionNone {
encryptWriter, err = packet.SerializeCompressed(encryptWriter, algo, config.CompressionConfig)
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: error in compression")
+ return nil, nil, fmt.Errorf("gopenpgp: error in compression: %w", err)
}
}
@@ -251,7 +252,7 @@ func (eh *encryptionHandle) encryptStreamWithSessionKeyHelper(
Config: config,
})
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to sign")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to sign: %w", err)
}
} else {
encryptWriter, err = packet.SerializeLiteral(
@@ -261,7 +262,7 @@ func (eh *encryptionHandle) encryptStreamWithSessionKeyHelper(
uint32(plainMessageMetadata.Time()),
)
if err != nil {
- return nil, nil, errors.Wrap(err, "gopenpgp: unable to serialize")
+ return nil, nil, fmt.Errorf("gopenpgp: unable to serialize: %w", err)
}
}
return encryptWriter, signWriter, nil
@@ -349,7 +350,7 @@ func (eh *encryptionHandle) encryptSignDetachedStreamToRecipients(
configInput.Time = NewConstantClock(eh.clock().Unix())
// Generate a session key for encryption.
if eh.SessionKey == nil {
- eh.SessionKey, err = generateSessionKey(configInput)
+ eh.SessionKey, err = eh.GenerateSessionKey()
if err != nil {
return nil, err
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go
index 84b73f10ac076b987e0bc6177b3905767dc94f0a..ef8f8fdfa0a22d0675dffedb4aa7f2a241c7fb23 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_handle.go
@@ -1,13 +1,13 @@
package crypto
import (
+ "errors"
"io"
"github.com/ProtonMail/go-crypto/openpgp/armor"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// encryptionHandle collects the configuration parameters for encrypting a message.
@@ -131,6 +131,14 @@ func (eh *encryptionHandle) EncryptSessionKey(sessionKey *SessionKey) ([]byte, e
return nil, errors.New("gopenpgp: no password or recipients in encryption handle")
}
+// GenerateSessionKey generates a random session key for the given encryption handle
+// considering the algorithm preferences of the recipient keys.
+func (eh *encryptionHandle) GenerateSessionKey() (*SessionKey, error) {
+ config := eh.profile.EncryptionConfig()
+ config.Time = NewConstantClock(eh.clock().Unix())
+ return generateSessionKey(config, eh.Recipients, eh.HiddenRecipients)
+}
+
// --- Helper methods on encryption handle
func (eh *encryptionHandle) validate() error {
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go
index 0398894de7dd90e4ed5cd0bd3483489b77b2029f..fa91ec91a3df7fb1d80823edfb85e4baca318b2d 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/encryption_session.go
@@ -2,12 +2,13 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"strconv"
"time"
"github.com/ProtonMail/go-crypto/openpgp/packet"
- "github.com/pkg/errors"
)
// decryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
@@ -59,14 +60,14 @@ Loop:
if !hasPacket {
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet")
+ return nil, fmt.Errorf("gopenpgp: couldn't find a session key packet: %w", err)
} else {
return nil, errors.New("gopenpgp: couldn't find a session key packet")
}
}
if decryptErr != nil {
- return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")
+ return nil, fmt.Errorf("gopenpgp: error in decrypting: %w", decryptErr)
}
if ek == nil || ek.Key == nil {
@@ -109,7 +110,7 @@ func encryptSessionKeyToWriter(
cf, err = sk.GetCipherFunc()
}
if err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key")
+ return fmt.Errorf("gopenpgp: unable to encrypt session key: %w", err)
}
pubKeys := make([]*packet.PublicKey, 0, len(recipients.getEntities())+len(hiddenRecipients.getEntities()))
aeadSupport := config.AEAD() != nil
@@ -120,7 +121,7 @@ func encryptSessionKeyToWriter(
}
primarySelfSignature, _ := e.PrimarySelfSignature(date, config)
if primarySelfSignature == nil {
- return errors.Wrap(err, "gopenpgp: entity without a self-signature")
+ return fmt.Errorf("gopenpgp: entity without a self-signature: %w", err)
}
if !primarySelfSignature.SEIPDv2 {
@@ -128,6 +129,9 @@ func encryptSessionKeyToWriter(
}
pubKeys = append(pubKeys, encryptionKey.PublicKey)
}
+ if sk.v6 {
+ aeadSupport = true
+ }
if len(pubKeys) == 0 {
return errors.New("gopenpgp: cannot set key: no public key available")
}
@@ -136,7 +140,7 @@ func encryptSessionKeyToWriter(
isHidden := index >= len(recipients.getEntities())
err := packet.SerializeEncryptedKeyAEADwithHiddenOption(outputWriter, pub, cf, aeadSupport, sk.Key, isHidden, nil)
if err != nil {
- return errors.Wrap(err, "gopenpgp: cannot set key")
+ return fmt.Errorf("gopenpgp: cannot set key: %w", err)
}
}
return nil
@@ -173,7 +177,7 @@ func decryptSessionKeyWithPassword(keyPacket, password []byte) (*SessionKey, err
}
if err = sk.checkSize(); !sk.v6 && err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key with password")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt session key with password: %w", err)
}
return sk, nil
@@ -201,23 +205,24 @@ func encryptSessionKeyWithPasswordToWriter(password []byte, sk *SessionKey, outp
cf = config.Cipher()
} else {
cf, err = sk.GetCipherFunc()
+ if err != nil {
+ return fmt.Errorf("gopenpgp: unable to encrypt session key with password: %w", err)
+ }
}
- if err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
- }
+ useAead := sk.v6
if len(password) == 0 {
return errors.New("gopenpgp: password can't be empty")
}
if err = sk.checkSize(); !sk.v6 && err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
+ return fmt.Errorf("gopenpgp: unable to encrypt session key with password: %w", err)
}
config.DefaultCipher = cf
- err = packet.SerializeSymmetricKeyEncryptedReuseKey(outputWriter, sk.Key, password, config)
+ err = packet.SerializeSymmetricKeyEncryptedAEADReuseKey(outputWriter, sk.Key, password, useAead, config)
if err != nil {
- return errors.Wrap(err, "gopenpgp: unable to encrypt session key with password")
+ return fmt.Errorf("gopenpgp: unable to encrypt session key with password: %w", err)
}
return nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go
index c22af80d953a6943d47b4cbd34105b4885dc18c9..1388ab7c85e4473f4c2fca4c55bdeb328f51c3de 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key.go
@@ -5,6 +5,7 @@ import (
"crypto/sha256"
"encoding/hex"
"encoding/json"
+ "errors"
"fmt"
"io"
"strconv"
@@ -15,7 +16,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/armor"
"github.com/ProtonMail/gopenpgp/v3/constants"
- "github.com/pkg/errors"
)
// Key contains a single private or public key.
@@ -148,7 +148,7 @@ func (key *Key) lock(passphrase []byte, profile KeyEncryptionProfile) (*Key, err
err = lockedKey.entity.EncryptPrivateKeys(passphrase, profile.KeyEncryptionConfig())
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in locking key")
+ return nil, fmt.Errorf("gopenpgp: error in locking key: %w", err)
}
locked, err := lockedKey.IsLocked()
@@ -210,7 +210,7 @@ func (key *Key) Serialize() ([]byte, error) {
}
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in serializing key")
+ return nil, fmt.Errorf("gopenpgp: error in serializing key: %w", err)
}
return buffer.Bytes(), nil
@@ -266,7 +266,7 @@ func (key *Key) GetArmoredPublicKeyWithCustomHeaders(comment, version string) (s
func (key *Key) GetPublicKey() (b []byte, err error) {
var outBuf bytes.Buffer
if err = key.entity.Serialize(&outBuf); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in serializing public key")
+ return nil, fmt.Errorf("gopenpgp: error in serializing public key: %w", err)
}
return outBuf.Bytes(), nil
@@ -469,7 +469,7 @@ func (key *Key) readFrom(r io.Reader, armored bool) error {
entities, err = openpgp.ReadKeyRing(r)
}
if err != nil {
- return errors.Wrap(err, "gopenpgp: error in reading key ring")
+ return fmt.Errorf("gopenpgp: error in reading key ring: %w", err)
}
if len(entities) > 1 {
@@ -489,11 +489,11 @@ func generateKeyWithConfig(
config *packet.Config,
) (*Key, error) {
if len(email) == 0 && len(name) == 0 {
- return nil, errors.New("gopenpgp: neither name nor email set.")
+ return nil, errors.New("gopenpgp: neither name nor email set")
}
newEntity, err := openpgp.NewEntity(name, comments, email, config)
if err != nil {
- return nil, errors.Wrap(err, "gopengpp: error in encoding new entity")
+ return nil, fmt.Errorf("gopengpp: error in encoding new entity: %w", err)
}
if newEntity.PrivateKey == nil {
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go
index 733843522e29efda8857b7c71d2d7f8754ab9d8f..996ab84433f3897a62ecf76f5b2a8ae2b1a5eeed 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/key_generation_handle.go
@@ -1,10 +1,12 @@
package crypto
import (
+ "errors"
+ "fmt"
+
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
- "github.com/pkg/errors"
)
type identity struct {
@@ -62,7 +64,7 @@ func (kgh *keyGenerationHandle) GenerateKeyWithSecurity(security int8) (key *Key
)
}
if err != nil {
- return nil, errors.Wrap(err, "gopengpp: error in creating new entity")
+ return nil, fmt.Errorf("gopengpp: error in creating new entity: %w", err)
}
for id := 1; id < len(kgh.identities); id++ {
@@ -76,7 +78,7 @@ func (kgh *keyGenerationHandle) GenerateKeyWithSecurity(security int8) (key *Key
config,
)
if err != nil {
- return nil, errors.Wrap(err, "gopengpp: error in adding user id")
+ return nil, fmt.Errorf("gopengpp: error in adding user id: %w", err)
}
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go
index 35d0133324aec2506a78e61316ab5857c7cf5463..80a46fea58e68650b84c1dbe37e18a63282d07a0 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/keyring.go
@@ -3,11 +3,12 @@ package crypto
import (
"bytes"
"encoding/json"
+ "errors"
+ "fmt"
"time"
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
- "github.com/pkg/errors"
)
// KeyRing contains multiple private and public keys.
@@ -55,18 +56,18 @@ func (keyRing *KeyRing) AddKey(key *Key) error {
func NewKeyRingFromBinary(binKeys []byte) (*KeyRing, error) {
entities, err := openpgp.ReadKeyRing(bytes.NewReader(binKeys))
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading keyring")
+ return nil, fmt.Errorf("gopenpgp: error in reading keyring: %w", err)
}
keyring := &KeyRing{}
for _, entity := range entities {
key, err := NewKeyFromEntity(entity)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading keyring")
+ return nil, fmt.Errorf("gopenpgp: error in reading keyring: %w", err)
}
if err = keyring.AddKey(key); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading keyring")
+ return nil, fmt.Errorf("gopenpgp: error in reading keyring: %w", err)
}
}
@@ -126,7 +127,7 @@ func (keyRing *KeyRing) Serialize() ([]byte, error) {
err = entity.SerializePrivateWithoutSigning(&buffer, nil)
}
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in serializing keyring")
+ return nil, fmt.Errorf("gopenpgp: error in serializing keyring: %w", err)
}
}
@@ -311,14 +312,14 @@ func (keyRing *KeyRing) Copy() (*KeyRing, error) {
}
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to copy key: error in serializing entity")
+ return nil, fmt.Errorf("gopenpgp: unable to copy key: error in serializing entity: %w", err)
}
bt := buffer.Bytes()
entities[id], err = openpgp.ReadEntity(packet.NewReader(bytes.NewReader(bt)))
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to copy key: error in reading entity")
+ return nil, fmt.Errorf("gopenpgp: unable to copy key: error in reading entity: %w", err)
}
}
newKeyRing.entities = entities
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go
index 29cd38b05123f4408c9144e05895a2064e24d203..f4032538c68b8394cd697ce2bb3c95eebf484b69 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/message.go
@@ -3,7 +3,8 @@ package crypto
import (
"bytes"
"encoding/json"
- goerrors "errors"
+ "errors"
+ "fmt"
"io"
"regexp"
@@ -11,7 +12,6 @@ import (
"github.com/ProtonMail/gopenpgp/v3/armor"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
// ---- MODELS -----
@@ -87,19 +87,19 @@ func NewPGPMessageWithCloneFlag(data []byte, doClone bool) *PGPMessage {
func NewPGPMessageFromArmored(armored string) (*PGPMessage, error) {
encryptedIO, err := internal.Unarmor(armored)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in unarmoring message")
+ return nil, fmt.Errorf("gopenpgp: error in unarmoring message: %w", err)
}
message, err := io.ReadAll(encryptedIO.Body)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in reading armored message")
+ return nil, fmt.Errorf("gopenpgp: error in reading armored message: %w", err)
}
pgpMessage := &PGPMessage{
DataPacket: message,
}
pgpMessage, err = pgpMessage.splitMessage()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in splitting message")
+ return nil, fmt.Errorf("gopenpgp: error in splitting message: %w", err)
}
return pgpMessage, nil
}
@@ -177,7 +177,7 @@ func (msg *PGPMessage) EncryptionKeyIDs() ([]uint64, bool) {
Loop:
for {
var p packet.Packet
- if p, err = packets.Next(); goerrors.Is(err, io.EOF) {
+ if p, err = packets.Next(); errors.Is(err, io.EOF) {
break
}
switch p := p.(type) {
@@ -293,7 +293,7 @@ func (msg *PGPMessage) GetNumberOfKeyPackets() (int, error) {
var keyPacketCount int
for {
p, err := packets.Next()
- if goerrors.Is(err, io.EOF) {
+ if errors.Is(err, io.EOF) {
break
}
if err != nil {
@@ -316,7 +316,7 @@ func (msg *PGPMessage) splitMessage() (*PGPMessage, error) {
Loop:
for {
p, err := packets.Next()
- if goerrors.Is(err, io.EOF) {
+ if errors.Is(err, io.EOF) {
break
}
if err != nil {
@@ -419,7 +419,7 @@ func SignatureKeyIDs(signature []byte) ([]uint64, bool) {
Loop:
for {
var p packet.Packet
- if p, err = packets.Next(); goerrors.Is(err, io.EOF) {
+ if p, err = packets.Next(); errors.Is(err, io.EOF) {
break
}
switch p := p.(type) {
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go
index b0a7b4bee000f4c19ef32e873e67eec7802e572b..965d6dbf77cf08a38600974659dc4725b9b2b975 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sessionkey.go
@@ -2,11 +2,11 @@ package crypto
import (
"encoding/base64"
+ "errors"
"fmt"
"io"
"github.com/ProtonMail/gopenpgp/v3/constants"
- "github.com/pkg/errors"
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
"github.com/ProtonMail/go-crypto/openpgp/packet"
@@ -19,7 +19,8 @@ type SessionKey struct {
// Algo defines the symmetric encryption algorithm used with this key.
// Only present if the key was not parsed from a v6 packet.
Algo string
- // v6 is a flag to indicate that the session key was parsed from a v6 PKESK or SKESK packet
+ // v6 is a flag to indicate that the session key is capable
+ // to be used in v6 PKESK or SKESK, and SEIPDv2 packets
v6 bool
}
@@ -66,8 +67,8 @@ func (cr checkReader) Read(buf []byte) (int, error) {
// with this SessionKey.
// Not supported in go-mobile clients use sk.GetCipherFuncInt instead.
func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error) {
- if sk.v6 {
- return 0, errors.New("gopenpgp: no cipher function available for a v6 session key")
+ if !sk.hasAlgorithm() {
+ return 0, errors.New("gopenpgp: no cipher function available for the session key")
}
cf, ok := symKeyAlgos[sk.Algo]
if !ok {
@@ -89,12 +90,17 @@ func (sk *SessionKey) GetBase64Key() string {
return base64.StdEncoding.EncodeToString(sk.Key)
}
+// IsV6 indicates if the session key can be used with SEIPDv2, PKESKv6/SKESKv6.
+func (sk *SessionKey) IsV6() bool {
+ return sk.v6
+}
+
// RandomToken generates a random token with the specified key size.
func RandomToken(size int) ([]byte, error) {
config := &packet.Config{DefaultCipher: packet.CipherAES256}
symKey := make([]byte, size)
if _, err := io.ReadFull(config.Random(), symKey); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in generating random token")
+ return nil, fmt.Errorf("gopenpgp: error in generating random token: %w", err)
}
return symKey, nil
}
@@ -118,13 +124,61 @@ func GenerateSessionKeyAlgo(algo string) (sk *SessionKey, err error) {
return sk, nil
}
-// GenerateSessionKey generates a random key for the default cipher.
-func generateSessionKey(config *packet.Config) (*SessionKey, error) {
- cf, ok := algosToSymKey[config.DefaultCipher]
+// GenerateSessionKey generates a random key.
+// Considers the cipher and aead preferences in recipients and hiddenRecipients for
+// session key generation.
+func generateSessionKey(config *packet.Config, recipients *KeyRing, hiddenRecipients *KeyRing) (*SessionKey, error) {
+ candidateCiphers := []uint8{
+ uint8(packet.CipherAES256),
+ uint8(packet.CipherAES128),
+ }
+
+ currentTime := config.Now()
+ aeadSupport := config.AEADConfig != nil
+ for _, e := range append(recipients.getEntities(), hiddenRecipients.getEntities()...) {
+ primarySelfSignature, _ := e.PrimarySelfSignature(currentTime, config)
+ if primarySelfSignature == nil {
+ continue
+ }
+
+ if !primarySelfSignature.SEIPDv2 {
+ aeadSupport = false
+ }
+
+ candidateCiphers = intersectPreferences(candidateCiphers, primarySelfSignature.PreferredSymmetric)
+ }
+
+ if len(candidateCiphers) == 0 {
+ candidateCiphers = []uint8{uint8(packet.CipherAES128)}
+ }
+ cipher := packet.CipherFunction(candidateCiphers[0])
+
+ // If the cipher specified by config is a candidate, we'll use that.
+ configuredCipher := config.Cipher()
+ for _, c := range candidateCiphers {
+ cipherFunc := packet.CipherFunction(c)
+ if cipherFunc == configuredCipher {
+ cipher = cipherFunc
+ break
+ }
+ }
+
+ algo, ok := algosToSymKey[cipher]
if !ok {
return nil, errors.New("gopenpgp: unsupported cipher function")
}
- return GenerateSessionKeyAlgo(cf)
+
+ r, err := RandomToken(cipher.KeySize())
+ if err != nil {
+ return nil, err
+ }
+
+ sk := &SessionKey{
+ Key: r,
+ Algo: algo,
+ v6: aeadSupport,
+ }
+ return sk, nil
}
// NewSessionKeyFromToken creates a SessionKey struct with the given token and algorithm.
@@ -136,6 +190,16 @@ func NewSessionKeyFromToken(token []byte, algo string) *SessionKey {
}
}
+// NewSessionKeyFromTokenWithAead creates a SessionKey struct with the given token and algorithm.
+// If aead is set to true, the key is used with v6 PKESK or SKESK, and SEIPDv2 packets.
+func NewSessionKeyFromTokenWithAead(token []byte, algo string, aead bool) *SessionKey {
+ return &SessionKey{
+ Key: clone(token),
+ Algo: algo,
+ v6: aead,
+ }
+}
+
func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
var algo string
for k, v := range symKeyAlgos {
@@ -155,7 +219,7 @@ func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
}
if ek.Version < 6 {
if err := sk.checkSize(); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key")
+ return nil, fmt.Errorf("gopenpgp: unable to decrypt session key: %w", err)
}
}
return sk, nil
@@ -178,6 +242,10 @@ func (sk *SessionKey) checkSize() error {
return nil
}
+func (sk *SessionKey) hasAlgorithm() bool {
+ return sk.Algo != ""
+}
+
func getAlgo(cipher packet.CipherFunction) string {
algo := ""
for k, v := range symKeyAlgos {
@@ -188,3 +256,17 @@ func getAlgo(cipher packet.CipherFunction) string {
}
return algo
}
+
+func intersectPreferences(a []uint8, b []uint8) (intersection []uint8) {
+ var currentIndex int
+ for _, valueFirst := range a {
+ for _, valueSecond := range b {
+ if valueFirst == valueSecond {
+ a[currentIndex] = valueFirst
+ currentIndex++
+ break
+ }
+ }
+ }
+ return a[:currentIndex]
+}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go
index 3d4af10d5e2ef99f04e67d44394b647e50120260..9be4a8779b21455add00febc94fdad8c5e450eed 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign.go
@@ -20,6 +20,6 @@ type PGPSign interface {
// SignCleartext produces an armored cleartext message according to the specification.
// Returns an armored message even if the PGPSign is not configured for armored output.
SignCleartext(message []byte) ([]byte, error)
- // ClearPrivateParams clears all secret key material contained in the PGPSign from memory,
+ // ClearPrivateParams clears all secret key material contained in the PGPSign from memory.
ClearPrivateParams()
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go
index 4325b0a2d2efe6a12f3cc91705c6789c565f9e12..4100db5e78ad82b64d9372189dc7f71a3d871b0f 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/sign_handle.go
@@ -2,6 +2,8 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"time"
"unicode/utf8"
@@ -12,7 +14,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
type signatureHandle struct {
@@ -227,7 +228,7 @@ func signMessageDetachedWriter(
Config: config,
})
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: error in signing")
+ return nil, fmt.Errorf("gopenpgp: error in signing: %w", err)
}
return ptWriter, nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go
index e5b9453e141901cae5762de787d2f99a20f9f700..5754b1e71bb4c93830f9da8551abf58a96dc4648 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/signature.go
@@ -2,13 +2,13 @@ package crypto
import (
"bytes"
+ "errors"
"fmt"
"time"
pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
"github.com/ProtonMail/go-crypto/openpgp/packet"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
- "github.com/pkg/errors"
"github.com/ProtonMail/gopenpgp/v3/constants"
)
@@ -119,7 +119,7 @@ func (vr *VerifyResult) Signature() ([]byte, error) {
}
var serializedSignature bytes.Buffer
if err := vr.selectedSignature.Signature.Serialize(&serializedSignature); err != nil {
- return nil, errors.Wrap(err, "gopenpgp: signature serialization failed")
+ return nil, fmt.Errorf("gopenpgp: signature serialization failed: %w", err)
}
return serializedSignature.Bytes(), nil
}
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go
index e5498e10e7aece3836425ee760bfceb83759f7fe..e7921e6b68da591f19e09eab78dadad5989912f3 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_handle.go
@@ -2,6 +2,8 @@ package crypto
import (
"bytes"
+ "errors"
+ "fmt"
"io"
"github.com/ProtonMail/go-crypto/openpgp/armor"
@@ -10,7 +12,6 @@ import (
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
"github.com/ProtonMail/gopenpgp/v3/constants"
"github.com/ProtonMail/gopenpgp/v3/internal"
- "github.com/pkg/errors"
)
type verifyHandle struct {
@@ -52,7 +53,7 @@ func (vh *verifyHandle) VerifyingReader(detachedData, signatureMessage Reader, e
// Wrap with decode armor reader.
armoredBlock, err := armor.Decode(signatureMessage)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unarmor failed")
+ return nil, fmt.Errorf("gopenpgp: unarmor failed: %w", err)
}
signatureMessage = armoredBlock.Body
}
@@ -81,11 +82,11 @@ func (vh *verifyHandle) VerifyDetached(data, signature []byte, encoding int8) (v
detachedDataReader := bytes.NewReader(data)
ptReader, err := vh.VerifyingReader(detachedDataReader, signatureMessageReader, encoding)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verifying signature failed")
+ return nil, fmt.Errorf("gopenpgp: verifying signature failed: %w", err)
}
_, err = io.Copy(io.Discard, ptReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading data to verify signature failed")
+ return nil, fmt.Errorf("gopenpgp: reading data to verify signature failed: %w", err)
}
return ptReader.VerifySignature()
}
@@ -101,15 +102,15 @@ func (vh *verifyHandle) VerifyInline(message []byte, encoding int8) (verifyDataR
messageReader := bytes.NewReader(message)
ptReader, err = vh.VerifyingReader(nil, messageReader, encoding)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verifying signature failed")
+ return nil, fmt.Errorf("gopenpgp: verifying signature failed: %w", err)
}
data, err := ptReader.ReadAll()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading data to verify signature failed")
+ return nil, fmt.Errorf("gopenpgp: reading data to verify signature failed: %w", err)
}
verifyResult, err := ptReader.VerifySignature()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verifying signature failed")
+ return nil, fmt.Errorf("gopenpgp: verifying signature failed: %w", err)
}
verifyDataResult = &VerifiedDataResult{
data: data,
@@ -143,11 +144,11 @@ func (vh *verifyHandle) verifyDetachedSignature(
signatureReader := bytes.NewReader(signature)
ptReader, err := vh.verifyingDetachedReader(origText, signatureReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verify signature failed")
+ return nil, fmt.Errorf("gopenpgp: verify signature failed: %w", err)
}
_, err = io.Copy(io.Discard, ptReader)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading all data from plaintext reader failed")
+ return nil, fmt.Errorf("gopenpgp: reading all data from plaintext reader failed: %w", err)
}
return ptReader.VerifySignature()
}
@@ -170,7 +171,7 @@ func (vh *verifyHandle) verifyingReader(
config,
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: initialize signature reader failed")
+ return nil, fmt.Errorf("gopenpgp: initialize signature reader failed: %w", err)
}
return &VerifyDataReader{
md,
@@ -209,7 +210,7 @@ func (vh *verifyHandle) verifyCleartext(cleartext []byte) (*VerifyCleartextResul
}
signature, err := io.ReadAll(block.ArmoredSignature.Body)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: signature not parsable in cleartext")
+ return nil, fmt.Errorf("gopenpgp: signature not parsable in cleartext: %w", err)
}
reader := bytes.NewReader(block.Bytes)
result, err := vh.verifyDetachedSignature(
@@ -217,7 +218,7 @@ func (vh *verifyHandle) verifyCleartext(cleartext []byte) (*VerifyCleartextResul
signature,
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: cleartext verify failed with non-signature error")
+ return nil, fmt.Errorf("gopenpgp: cleartext verify failed with non-signature error: %w", err)
}
return &VerifyCleartextResult{
VerifyResult: *result,
@@ -250,7 +251,7 @@ func verifyingDetachedReader(
config,
)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: verify signature reader failed")
+ return nil, fmt.Errorf("gopenpgp: verify signature reader failed: %w", err)
}
internalReader := md.UnverifiedBody
if len(md.SignatureCandidates) > 0 &&
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go
index 8163367faf1ab10ce3fb67a0640f249206a514f0..9ec2a955dee391fec027dd0072a5f8994a73383c 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/crypto/verify_reader.go
@@ -1,10 +1,11 @@
package crypto
import (
+ "errors"
+ "fmt"
"io"
openpgp "github.com/ProtonMail/go-crypto/openpgp/v2"
- "github.com/pkg/errors"
)
// VerifyDataReader is used for reading data that should be verified with a signature.
@@ -72,7 +73,7 @@ func (msg *VerifyDataReader) DiscardAll() (err error) {
func (msg *VerifyDataReader) DiscardAllAndVerifySignature() (vr *VerifyResult, err error) {
err = msg.DiscardAll()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: discarding data from reader failed")
+ return nil, fmt.Errorf("gopenpgp: discarding data from reader failed: %w", err)
}
return msg.VerifySignature()
}
@@ -83,7 +84,7 @@ func (msg *VerifyDataReader) DiscardAllAndVerifySignature() (vr *VerifyResult, e
func (msg *VerifyDataReader) ReadAllAndVerifySignature() (*VerifiedDataResult, error) {
plaintext, err := msg.ReadAll()
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: reading all data from reader failed")
+ return nil, fmt.Errorf("gopenpgp: reading all data from reader failed: %w", err)
}
verifyResult, err := msg.VerifySignature()
return &VerifiedDataResult{
diff --git a/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go b/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go
index 405a0060ea701d3f62ba296b51307f7ef183e46a..e1a3dec65bbf46de6c3a5c0a0103e492e2990412 100644
--- a/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go
+++ b/vendor/github.com/ProtonMail/gopenpgp/v3/internal/armor.go
@@ -2,10 +2,10 @@ package internal
import (
"bytes"
+ "fmt"
"strings"
"github.com/ProtonMail/go-crypto/openpgp/armor"
- "github.com/pkg/errors"
)
// Unarmor unarmors an armored string.
@@ -13,7 +13,7 @@ func Unarmor(input string) (*armor.Block, error) {
io := strings.NewReader(input)
b, err := armor.Decode(io)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to unarmor")
+ return nil, fmt.Errorf("gopenpgp: unable to unarmor: %w", err)
}
return b, nil
}
@@ -23,7 +23,7 @@ func UnarmorBytes(input []byte) (*armor.Block, error) {
io := bytes.NewReader(input)
b, err := armor.Decode(io)
if err != nil {
- return nil, errors.Wrap(err, "gopenpgp: unable to unarmor")
+ return nil, fmt.Errorf("gopenpgp: unable to unarmor: %w", err)
}
return b, nil
}
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
index b7723185b61a887fe9e1f80a58e40cee8a37cff7..ce9f062894a32ee8729d2335d589da8e1d80bd80 100644
--- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
index 810aa9e648120915aa4917fc6be802f8a6364b41..ed33ba3d0327a02fc9031021f98bfe61159f3b03 100644
--- a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
diff --git a/vendor/github.com/cloudflare/circl/internal/conv/conv.go b/vendor/github.com/cloudflare/circl/internal/conv/conv.go
index 649a8e931d6fcdc32e4538763d7b2cefc1c171da..3fd0df496fd74d939de268b614f8dce3d2cd727a 100644
--- a/vendor/github.com/cloudflare/circl/internal/conv/conv.go
+++ b/vendor/github.com/cloudflare/circl/internal/conv/conv.go
@@ -5,6 +5,8 @@ import (
"fmt"
"math/big"
"strings"
+
+ "golang.org/x/crypto/cryptobyte"
)
// BytesLe2Hex returns an hexadecimal string of a number stored in a
@@ -138,3 +140,34 @@ func BigInt2Uint64Le(z []uint64, x *big.Int) {
z[i] = 0
}
}
+
+// MarshalBinary encodes a value into a byte array in a format readable by UnmarshalBinary.
+func MarshalBinary(v cryptobyte.MarshalingValue) ([]byte, error) {
+ const DefaultSize = 32
+ b := cryptobyte.NewBuilder(make([]byte, 0, DefaultSize))
+ b.AddValue(v)
+ return b.Bytes()
+}
+
+// MarshalBinaryLen encodes a value into an array of n bytes in a format readable by UnmarshalBinary.
+func MarshalBinaryLen(v cryptobyte.MarshalingValue, length uint) ([]byte, error) {
+ b := cryptobyte.NewFixedBuilder(make([]byte, 0, length))
+ b.AddValue(v)
+ return b.Bytes()
+}
+
+// A UnmarshalingValue decodes itself from a cryptobyte.String and advances the pointer.
+// It reports whether the read was successful.
+type UnmarshalingValue interface {
+ Unmarshal(*cryptobyte.String) bool
+}
+
+// UnmarshalBinary recovers a value from a byte array.
+// It returns an error if the read was unsuccessful.
+func UnmarshalBinary(v UnmarshalingValue, data []byte) (err error) {
+ s := cryptobyte.String(data)
+ if data == nil || !v.Unmarshal(&s) || !s.Empty() {
+ err = fmt.Errorf("cannot read %T from input string", v)
+ }
+ return
+}
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
index 5c4aeddecb43c27881e2f79746245f650ae85368..1fcc2dee17f3446edb8853bffde3c5deddc4f89f 100644
--- a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
#include "fp_amd64.h"
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
index 435addf5e6ca3cdbb408ad3203ca02c8b8fa6bc5..3f1f07c9862fa3d5b54c5b9026b412424914303c 100644
--- a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
@@ -1,4 +1,5 @@
-// +build amd64
+//go:build amd64 && !purego
+// +build amd64,!purego
#include "textflag.h"
#include "fp_amd64.h"
diff --git a/vendor/github.com/cloudflare/circl/math/integer.go b/vendor/github.com/cloudflare/circl/math/integer.go
new file mode 100644
index 0000000000000000000000000000000000000000..9c80c23b59c5223033877e1861b2999ddb1c208b
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/integer.go
@@ -0,0 +1,16 @@
+package math
+
+import "math/bits"
+
+// NextPow2 finds the next power of two (N=2^k, k>=0) greater than n.
+// If n is already a power of two, then this function returns n, and log2(n).
+func NextPow2(n uint) (N uint, k uint) {
+ if bits.OnesCount(n) == 1 {
+ k = uint(bits.TrailingZeros(n))
+ N = n
+ } else {
+ k = uint(bits.Len(n))
+ N = uint(1) << k
+ }
+ return
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
index 324bd8f334609a28e8564f00e8c11c4e620cb331..c368b181b4912641f48ff46bbe0d38fe681df313 100644
--- a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
+++ b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
@@ -206,7 +206,7 @@ func newKeyFromSeed(privateKey, seed []byte) {
func signAll(signature []byte, privateKey PrivateKey, message, ctx []byte, preHash bool) {
if len(ctx) > ContextMaxSize {
- panic(fmt.Errorf("ed448: bad context length: " + strconv.Itoa(len(ctx))))
+ panic(fmt.Errorf("ed448: bad context length: %v", len(ctx)))
}
H := sha3.NewShake256()
diff --git a/vendor/github.com/cloudflare/circl/sign/sign.go b/vendor/github.com/cloudflare/circl/sign/sign.go
index 13b20fa4b04ae55517e1953b5f85997de858f734..557d6f09605e3054f96887fd6128cab06ee03cdc 100644
--- a/vendor/github.com/cloudflare/circl/sign/sign.go
+++ b/vendor/github.com/cloudflare/circl/sign/sign.go
@@ -107,4 +107,7 @@ var (
// ErrContextNotSupported is the error used if a context is not
// supported.
ErrContextNotSupported = errors.New("context not supported")
+
+ // ErrContextTooLong is the error used if the context string is too long.
+ ErrContextTooLong = errors.New("context string too long")
)
diff --git a/vendor/github.com/pkg/errors/.gitignore b/vendor/github.com/pkg/errors/.gitignore
deleted file mode 100644
index daf913b1b347aae6de6f48d599bc89ef8c8693d6..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
diff --git a/vendor/github.com/pkg/errors/.travis.yml b/vendor/github.com/pkg/errors/.travis.yml
deleted file mode 100644
index 9159de03e03db33c638044251c3ffe1fc2ab7e95..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/.travis.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-language: go
-go_import_path: github.com/pkg/errors
-go:
- - 1.11.x
- - 1.12.x
- - 1.13.x
- - tip
-
-script:
- - make check
diff --git a/vendor/github.com/pkg/errors/LICENSE b/vendor/github.com/pkg/errors/LICENSE
deleted file mode 100644
index 835ba3e755cef8c0dde475f1ebfd41e4ba0c79bf..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-Copyright (c) 2015, Dave Cheney <dave@cheney.net>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
- list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/pkg/errors/Makefile b/vendor/github.com/pkg/errors/Makefile
deleted file mode 100644
index ce9d7cded649a1d1c40da875136344d2130f6bff..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-PKGS := github.com/pkg/errors
-SRCDIRS := $(shell go list -f '{{.Dir}}' $(PKGS))
-GO := go
-
-check: test vet gofmt misspell unconvert staticcheck ineffassign unparam
-
-test:
- $(GO) test $(PKGS)
-
-vet: | test
- $(GO) vet $(PKGS)
-
-staticcheck:
- $(GO) get honnef.co/go/tools/cmd/staticcheck
- staticcheck -checks all $(PKGS)
-
-misspell:
- $(GO) get github.com/client9/misspell/cmd/misspell
- misspell \
- -locale GB \
- -error \
- *.md *.go
-
-unconvert:
- $(GO) get github.com/mdempsky/unconvert
- unconvert -v $(PKGS)
-
-ineffassign:
- $(GO) get github.com/gordonklaus/ineffassign
- find $(SRCDIRS) -name '*.go' | xargs ineffassign
-
-pedantic: check errcheck
-
-unparam:
- $(GO) get mvdan.cc/unparam
- unparam ./...
-
-errcheck:
- $(GO) get github.com/kisielk/errcheck
- errcheck $(PKGS)
-
-gofmt:
- @echo Checking code is gofmted
- @test -z "$(shell gofmt -s -l -d -e $(SRCDIRS) | tee /dev/stderr)"
diff --git a/vendor/github.com/pkg/errors/README.md b/vendor/github.com/pkg/errors/README.md
deleted file mode 100644
index 54dfdcb12ea1b5b2a33aba639b7ffe412cae44ce..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/README.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# errors [](https://travis-ci.org/pkg/errors) [](https://ci.appveyor.com/project/davecheney/errors/branch/master) [](http://godoc.org/github.com/pkg/errors) [](https://goreportcard.com/report/github.com/pkg/errors) [](https://sourcegraph.com/github.com/pkg/errors?badge)
-
-Package errors provides simple error handling primitives.
-
-`go get github.com/pkg/errors`
-
-The traditional error handling idiom in Go is roughly akin to
-```go
-if err != nil {
- return err
-}
-```
-which applied recursively up the call stack results in error reports without context or debugging information. The errors package allows programmers to add context to the failure path in their code in a way that does not destroy the original value of the error.
-
-## Adding context to an error
-
-The errors.Wrap function returns a new error that adds context to the original error. For example
-```go
-_, err := ioutil.ReadAll(r)
-if err != nil {
- return errors.Wrap(err, "read failed")
-}
-```
-## Retrieving the cause of an error
-
-Using `errors.Wrap` constructs a stack of errors, adding context to the preceding error. Depending on the nature of the error it may be necessary to reverse the operation of errors.Wrap to retrieve the original error for inspection. Any error value which implements this interface can be inspected by `errors.Cause`.
-```go
-type causer interface {
- Cause() error
-}
-```
-`errors.Cause` will recursively retrieve the topmost error which does not implement `causer`, which is assumed to be the original cause. For example:
-```go
-switch err := errors.Cause(err).(type) {
-case *MyError:
- // handle specifically
-default:
- // unknown error
-}
-```
-
-[Read the package documentation for more information](https://godoc.org/github.com/pkg/errors).
-
-## Roadmap
-
-With the upcoming [Go2 error proposals](https://go.googlesource.com/proposal/+/master/design/go2draft.md) this package is moving into maintenance mode. The roadmap for a 1.0 release is as follows:
-
-- 0.9. Remove pre Go 1.9 and Go 1.10 support, address outstanding pull requests (if possible)
-- 1.0. Final release.
-
-## Contributing
-
-Because of the Go2 errors changes, this package is not accepting proposals for new functionality. With that said, we welcome pull requests, bug fixes and issue reports.
-
-Before sending a PR, please discuss your change by raising an issue.
-
-## License
-
-BSD-2-Clause
diff --git a/vendor/github.com/pkg/errors/appveyor.yml b/vendor/github.com/pkg/errors/appveyor.yml
deleted file mode 100644
index a932eade0240aa2b5f9f5347b695ab173da0236a..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/appveyor.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-version: build-{build}.{branch}
-
-clone_folder: C:\gopath\src\github.com\pkg\errors
-shallow_clone: true # for startup speed
-
-environment:
- GOPATH: C:\gopath
-
-platform:
- - x64
-
-# http://www.appveyor.com/docs/installed-software
-install:
- # some helpful output for debugging builds
- - go version
- - go env
- # pre-installed MinGW at C:\MinGW is 32bit only
- # but MSYS2 at C:\msys64 has mingw64
- - set PATH=C:\msys64\mingw64\bin;%PATH%
- - gcc --version
- - g++ --version
-
-build_script:
- - go install -v ./...
-
-test_script:
- - set PATH=C:\gopath\bin;%PATH%
- - go test -v ./...
-
-#artifacts:
-# - path: '%GOPATH%\bin\*.exe'
-deploy: off
diff --git a/vendor/github.com/pkg/errors/errors.go b/vendor/github.com/pkg/errors/errors.go
deleted file mode 100644
index 161aea258296917e31752cda8d7f5aaf4f691f38..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/errors.go
+++ /dev/null
@@ -1,288 +0,0 @@
-// Package errors provides simple error handling primitives.
-//
-// The traditional error handling idiom in Go is roughly akin to
-//
-// if err != nil {
-// return err
-// }
-//
-// which when applied recursively up the call stack results in error reports
-// without context or debugging information. The errors package allows
-// programmers to add context to the failure path in their code in a way
-// that does not destroy the original value of the error.
-//
-// Adding context to an error
-//
-// The errors.Wrap function returns a new error that adds context to the
-// original error by recording a stack trace at the point Wrap is called,
-// together with the supplied message. For example
-//
-// _, err := ioutil.ReadAll(r)
-// if err != nil {
-// return errors.Wrap(err, "read failed")
-// }
-//
-// If additional control is required, the errors.WithStack and
-// errors.WithMessage functions destructure errors.Wrap into its component
-// operations: annotating an error with a stack trace and with a message,
-// respectively.
-//
-// Retrieving the cause of an error
-//
-// Using errors.Wrap constructs a stack of errors, adding context to the
-// preceding error. Depending on the nature of the error it may be necessary
-// to reverse the operation of errors.Wrap to retrieve the original error
-// for inspection. Any error value which implements this interface
-//
-// type causer interface {
-// Cause() error
-// }
-//
-// can be inspected by errors.Cause. errors.Cause will recursively retrieve
-// the topmost error that does not implement causer, which is assumed to be
-// the original cause. For example:
-//
-// switch err := errors.Cause(err).(type) {
-// case *MyError:
-// // handle specifically
-// default:
-// // unknown error
-// }
-//
-// Although the causer interface is not exported by this package, it is
-// considered a part of its stable public interface.
-//
-// Formatted printing of errors
-//
-// All error values returned from this package implement fmt.Formatter and can
-// be formatted by the fmt package. The following verbs are supported:
-//
-// %s print the error. If the error has a Cause it will be
-// printed recursively.
-// %v see %s
-// %+v extended format. Each Frame of the error's StackTrace will
-// be printed in detail.
-//
-// Retrieving the stack trace of an error or wrapper
-//
-// New, Errorf, Wrap, and Wrapf record a stack trace at the point they are
-// invoked. This information can be retrieved with the following interface:
-//
-// type stackTracer interface {
-// StackTrace() errors.StackTrace
-// }
-//
-// The returned errors.StackTrace type is defined as
-//
-// type StackTrace []Frame
-//
-// The Frame type represents a call site in the stack trace. Frame supports
-// the fmt.Formatter interface that can be used for printing information about
-// the stack trace of this error. For example:
-//
-// if err, ok := err.(stackTracer); ok {
-// for _, f := range err.StackTrace() {
-// fmt.Printf("%+s:%d\n", f, f)
-// }
-// }
-//
-// Although the stackTracer interface is not exported by this package, it is
-// considered a part of its stable public interface.
-//
-// See the documentation for Frame.Format for more details.
-package errors
-
-import (
- "fmt"
- "io"
-)
-
-// New returns an error with the supplied message.
-// New also records the stack trace at the point it was called.
-func New(message string) error {
- return &fundamental{
- msg: message,
- stack: callers(),
- }
-}
-
-// Errorf formats according to a format specifier and returns the string
-// as a value that satisfies error.
-// Errorf also records the stack trace at the point it was called.
-func Errorf(format string, args ...interface{}) error {
- return &fundamental{
- msg: fmt.Sprintf(format, args...),
- stack: callers(),
- }
-}
-
-// fundamental is an error that has a message and a stack, but no caller.
-type fundamental struct {
- msg string
- *stack
-}
-
-func (f *fundamental) Error() string { return f.msg }
-
-func (f *fundamental) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- if s.Flag('+') {
- io.WriteString(s, f.msg)
- f.stack.Format(s, verb)
- return
- }
- fallthrough
- case 's':
- io.WriteString(s, f.msg)
- case 'q':
- fmt.Fprintf(s, "%q", f.msg)
- }
-}
-
-// WithStack annotates err with a stack trace at the point WithStack was called.
-// If err is nil, WithStack returns nil.
-func WithStack(err error) error {
- if err == nil {
- return nil
- }
- return &withStack{
- err,
- callers(),
- }
-}
-
-type withStack struct {
- error
- *stack
-}
-
-func (w *withStack) Cause() error { return w.error }
-
-// Unwrap provides compatibility for Go 1.13 error chains.
-func (w *withStack) Unwrap() error { return w.error }
-
-func (w *withStack) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- if s.Flag('+') {
- fmt.Fprintf(s, "%+v", w.Cause())
- w.stack.Format(s, verb)
- return
- }
- fallthrough
- case 's':
- io.WriteString(s, w.Error())
- case 'q':
- fmt.Fprintf(s, "%q", w.Error())
- }
-}
-
-// Wrap returns an error annotating err with a stack trace
-// at the point Wrap is called, and the supplied message.
-// If err is nil, Wrap returns nil.
-func Wrap(err error, message string) error {
- if err == nil {
- return nil
- }
- err = &withMessage{
- cause: err,
- msg: message,
- }
- return &withStack{
- err,
- callers(),
- }
-}
-
-// Wrapf returns an error annotating err with a stack trace
-// at the point Wrapf is called, and the format specifier.
-// If err is nil, Wrapf returns nil.
-func Wrapf(err error, format string, args ...interface{}) error {
- if err == nil {
- return nil
- }
- err = &withMessage{
- cause: err,
- msg: fmt.Sprintf(format, args...),
- }
- return &withStack{
- err,
- callers(),
- }
-}
-
-// WithMessage annotates err with a new message.
-// If err is nil, WithMessage returns nil.
-func WithMessage(err error, message string) error {
- if err == nil {
- return nil
- }
- return &withMessage{
- cause: err,
- msg: message,
- }
-}
-
-// WithMessagef annotates err with the format specifier.
-// If err is nil, WithMessagef returns nil.
-func WithMessagef(err error, format string, args ...interface{}) error {
- if err == nil {
- return nil
- }
- return &withMessage{
- cause: err,
- msg: fmt.Sprintf(format, args...),
- }
-}
-
-type withMessage struct {
- cause error
- msg string
-}
-
-func (w *withMessage) Error() string { return w.msg + ": " + w.cause.Error() }
-func (w *withMessage) Cause() error { return w.cause }
-
-// Unwrap provides compatibility for Go 1.13 error chains.
-func (w *withMessage) Unwrap() error { return w.cause }
-
-func (w *withMessage) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- if s.Flag('+') {
- fmt.Fprintf(s, "%+v\n", w.Cause())
- io.WriteString(s, w.msg)
- return
- }
- fallthrough
- case 's', 'q':
- io.WriteString(s, w.Error())
- }
-}
-
-// Cause returns the underlying cause of the error, if possible.
-// An error value has a cause if it implements the following
-// interface:
-//
-// type causer interface {
-// Cause() error
-// }
-//
-// If the error does not implement Cause, the original error will
-// be returned. If the error is nil, nil will be returned without further
-// investigation.
-func Cause(err error) error {
- type causer interface {
- Cause() error
- }
-
- for err != nil {
- cause, ok := err.(causer)
- if !ok {
- break
- }
- err = cause.Cause()
- }
- return err
-}
diff --git a/vendor/github.com/pkg/errors/go113.go b/vendor/github.com/pkg/errors/go113.go
deleted file mode 100644
index be0d10d0c793dd8c2962300be806becfed3af273..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/go113.go
+++ /dev/null
@@ -1,38 +0,0 @@
-// +build go1.13
-
-package errors
-
-import (
- stderrors "errors"
-)
-
-// Is reports whether any error in err's chain matches target.
-//
-// The chain consists of err itself followed by the sequence of errors obtained by
-// repeatedly calling Unwrap.
-//
-// An error is considered to match a target if it is equal to that target or if
-// it implements a method Is(error) bool such that Is(target) returns true.
-func Is(err, target error) bool { return stderrors.Is(err, target) }
-
-// As finds the first error in err's chain that matches target, and if so, sets
-// target to that error value and returns true.
-//
-// The chain consists of err itself followed by the sequence of errors obtained by
-// repeatedly calling Unwrap.
-//
-// An error matches target if the error's concrete value is assignable to the value
-// pointed to by target, or if the error has a method As(interface{}) bool such that
-// As(target) returns true. In the latter case, the As method is responsible for
-// setting target.
-//
-// As will panic if target is not a non-nil pointer to either a type that implements
-// error, or to any interface type. As returns false if err is nil.
-func As(err error, target interface{}) bool { return stderrors.As(err, target) }
-
-// Unwrap returns the result of calling the Unwrap method on err, if err's
-// type contains an Unwrap method returning error.
-// Otherwise, Unwrap returns nil.
-func Unwrap(err error) error {
- return stderrors.Unwrap(err)
-}
diff --git a/vendor/github.com/pkg/errors/stack.go b/vendor/github.com/pkg/errors/stack.go
deleted file mode 100644
index 779a8348fb9c2cd08f4bcb1d3915ba7755eb187c..0000000000000000000000000000000000000000
--- a/vendor/github.com/pkg/errors/stack.go
+++ /dev/null
@@ -1,177 +0,0 @@
-package errors
-
-import (
- "fmt"
- "io"
- "path"
- "runtime"
- "strconv"
- "strings"
-)
-
-// Frame represents a program counter inside a stack frame.
-// For historical reasons if Frame is interpreted as a uintptr
-// its value represents the program counter + 1.
-type Frame uintptr
-
-// pc returns the program counter for this frame;
-// multiple frames may have the same PC value.
-func (f Frame) pc() uintptr { return uintptr(f) - 1 }
-
-// file returns the full path to the file that contains the
-// function for this Frame's pc.
-func (f Frame) file() string {
- fn := runtime.FuncForPC(f.pc())
- if fn == nil {
- return "unknown"
- }
- file, _ := fn.FileLine(f.pc())
- return file
-}
-
-// line returns the line number of source code of the
-// function for this Frame's pc.
-func (f Frame) line() int {
- fn := runtime.FuncForPC(f.pc())
- if fn == nil {
- return 0
- }
- _, line := fn.FileLine(f.pc())
- return line
-}
-
-// name returns the name of this function, if known.
-func (f Frame) name() string {
- fn := runtime.FuncForPC(f.pc())
- if fn == nil {
- return "unknown"
- }
- return fn.Name()
-}
-
-// Format formats the frame according to the fmt.Formatter interface.
-//
-// %s source file
-// %d source line
-// %n function name
-// %v equivalent to %s:%d
-//
-// Format accepts flags that alter the printing of some verbs, as follows:
-//
-// %+s function name and path of source file relative to the compile time
-// GOPATH separated by \n\t (<funcname>\n\t<path>)
-// %+v equivalent to %+s:%d
-func (f Frame) Format(s fmt.State, verb rune) {
- switch verb {
- case 's':
- switch {
- case s.Flag('+'):
- io.WriteString(s, f.name())
- io.WriteString(s, "\n\t")
- io.WriteString(s, f.file())
- default:
- io.WriteString(s, path.Base(f.file()))
- }
- case 'd':
- io.WriteString(s, strconv.Itoa(f.line()))
- case 'n':
- io.WriteString(s, funcname(f.name()))
- case 'v':
- f.Format(s, 's')
- io.WriteString(s, ":")
- f.Format(s, 'd')
- }
-}
-
-// MarshalText formats a stacktrace Frame as a text string. The output is the
-// same as that of fmt.Sprintf("%+v", f), but without newlines or tabs.
-func (f Frame) MarshalText() ([]byte, error) {
- name := f.name()
- if name == "unknown" {
- return []byte(name), nil
- }
- return []byte(fmt.Sprintf("%s %s:%d", name, f.file(), f.line())), nil
-}
-
-// StackTrace is stack of Frames from innermost (newest) to outermost (oldest).
-type StackTrace []Frame
-
-// Format formats the stack of Frames according to the fmt.Formatter interface.
-//
-// %s lists source files for each Frame in the stack
-// %v lists the source file and line number for each Frame in the stack
-//
-// Format accepts flags that alter the printing of some verbs, as follows:
-//
-// %+v Prints filename, function, and line number for each Frame in the stack.
-func (st StackTrace) Format(s fmt.State, verb rune) {
- switch verb {
- case 'v':
- switch {
- case s.Flag('+'):
- for _, f := range st {
- io.WriteString(s, "\n")
- f.Format(s, verb)
- }
- case s.Flag('#'):
- fmt.Fprintf(s, "%#v", []Frame(st))
- default:
- st.formatSlice(s, verb)
- }
- case 's':
- st.formatSlice(s, verb)
- }
-}
-
-// formatSlice will format this StackTrace into the given buffer as a slice of
-// Frame, only valid when called with '%s' or '%v'.
-func (st StackTrace) formatSlice(s fmt.State, verb rune) {
- io.WriteString(s, "[")
- for i, f := range st {
- if i > 0 {
- io.WriteString(s, " ")
- }
- f.Format(s, verb)
- }
- io.WriteString(s, "]")
-}
-
-// stack represents a stack of program counters.
-type stack []uintptr
-
-func (s *stack) Format(st fmt.State, verb rune) {
- switch verb {
- case 'v':
- switch {
- case st.Flag('+'):
- for _, pc := range *s {
- f := Frame(pc)
- fmt.Fprintf(st, "\n%+v", f)
- }
- }
- }
-}
-
-func (s *stack) StackTrace() StackTrace {
- f := make([]Frame, len(*s))
- for i := 0; i < len(f); i++ {
- f[i] = Frame((*s)[i])
- }
- return f
-}
-
-func callers() *stack {
- const depth = 32
- var pcs [depth]uintptr
- n := runtime.Callers(3, pcs[:])
- var st stack = pcs[0:n]
- return &st
-}
-
-// funcname removes the path prefix component of a function's name reported by func.Name().
-func funcname(name string) string {
- i := strings.LastIndex(name, "/")
- name = name[i+1:]
- i = strings.Index(name, ".")
- return name[i+1:]
-}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
new file mode 100644
index 0000000000000000000000000000000000000000..2492f796af97f10799401c77fb403ae07c74eaad
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go
@@ -0,0 +1,825 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+ encoding_asn1 "encoding/asn1"
+ "fmt"
+ "math/big"
+ "reflect"
+ "time"
+
+ "golang.org/x/crypto/cryptobyte/asn1"
+)
+
+// This file contains ASN.1-related methods for String and Builder.
+
+// Builder
+
+// AddASN1Int64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Int64(v int64) {
+ b.addASN1Signed(asn1.INTEGER, v)
+}
+
+// AddASN1Int64WithTag appends a DER-encoded ASN.1 INTEGER with the
+// given tag.
+func (b *Builder) AddASN1Int64WithTag(v int64, tag asn1.Tag) {
+ b.addASN1Signed(tag, v)
+}
+
+// AddASN1Enum appends a DER-encoded ASN.1 ENUMERATION.
+func (b *Builder) AddASN1Enum(v int64) {
+ b.addASN1Signed(asn1.ENUM, v)
+}
+
+func (b *Builder) addASN1Signed(tag asn1.Tag, v int64) {
+ b.AddASN1(tag, func(c *Builder) {
+ length := 1
+ for i := v; i >= 0x80 || i < -0x80; i >>= 8 {
+ length++
+ }
+
+ for ; length > 0; length-- {
+ i := v >> uint((length-1)*8) & 0xff
+ c.AddUint8(uint8(i))
+ }
+ })
+}
+
+// AddASN1Uint64 appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1Uint64(v uint64) {
+ b.AddASN1(asn1.INTEGER, func(c *Builder) {
+ length := 1
+ for i := v; i >= 0x80; i >>= 8 {
+ length++
+ }
+
+ for ; length > 0; length-- {
+ i := v >> uint((length-1)*8) & 0xff
+ c.AddUint8(uint8(i))
+ }
+ })
+}
+
+// AddASN1BigInt appends a DER-encoded ASN.1 INTEGER.
+func (b *Builder) AddASN1BigInt(n *big.Int) {
+ if b.err != nil {
+ return
+ }
+
+ b.AddASN1(asn1.INTEGER, func(c *Builder) {
+ if n.Sign() < 0 {
+ // A negative number has to be converted to two's-complement form. So we
+ // invert and subtract 1. If the most-significant-bit isn't set then
+ // we'll need to pad the beginning with 0xff in order to keep the number
+ // negative.
+ nMinus1 := new(big.Int).Neg(n)
+ nMinus1.Sub(nMinus1, bigOne)
+ bytes := nMinus1.Bytes()
+ for i := range bytes {
+ bytes[i] ^= 0xff
+ }
+ if len(bytes) == 0 || bytes[0]&0x80 == 0 {
+ c.add(0xff)
+ }
+ c.add(bytes...)
+ } else if n.Sign() == 0 {
+ c.add(0)
+ } else {
+ bytes := n.Bytes()
+ if bytes[0]&0x80 != 0 {
+ c.add(0)
+ }
+ c.add(bytes...)
+ }
+ })
+}
+
+// AddASN1OctetString appends a DER-encoded ASN.1 OCTET STRING.
+func (b *Builder) AddASN1OctetString(bytes []byte) {
+ b.AddASN1(asn1.OCTET_STRING, func(c *Builder) {
+ c.AddBytes(bytes)
+ })
+}
+
+const generalizedTimeFormatStr = "20060102150405Z0700"
+
+// AddASN1GeneralizedTime appends a DER-encoded ASN.1 GENERALIZEDTIME.
+func (b *Builder) AddASN1GeneralizedTime(t time.Time) {
+ if t.Year() < 0 || t.Year() > 9999 {
+ b.err = fmt.Errorf("cryptobyte: cannot represent %v as a GeneralizedTime", t)
+ return
+ }
+ b.AddASN1(asn1.GeneralizedTime, func(c *Builder) {
+ c.AddBytes([]byte(t.Format(generalizedTimeFormatStr)))
+ })
+}
+
+// AddASN1UTCTime appends a DER-encoded ASN.1 UTCTime.
+func (b *Builder) AddASN1UTCTime(t time.Time) {
+ b.AddASN1(asn1.UTCTime, func(c *Builder) {
+ // As utilized by the X.509 profile, UTCTime can only
+ // represent the years 1950 through 2049.
+ if t.Year() < 1950 || t.Year() >= 2050 {
+ b.err = fmt.Errorf("cryptobyte: cannot represent %v as a UTCTime", t)
+ return
+ }
+ c.AddBytes([]byte(t.Format(defaultUTCTimeFormatStr)))
+ })
+}
+
+// AddASN1BitString appends a DER-encoded ASN.1 BIT STRING. This does not
+// support BIT STRINGs that are not a whole number of bytes.
+func (b *Builder) AddASN1BitString(data []byte) {
+ b.AddASN1(asn1.BIT_STRING, func(b *Builder) {
+ b.AddUint8(0)
+ b.AddBytes(data)
+ })
+}
+
+func (b *Builder) addBase128Int(n int64) {
+ var length int
+ if n == 0 {
+ length = 1
+ } else {
+ for i := n; i > 0; i >>= 7 {
+ length++
+ }
+ }
+
+ for i := length - 1; i >= 0; i-- {
+ o := byte(n >> uint(i*7))
+ o &= 0x7f
+ if i != 0 {
+ o |= 0x80
+ }
+
+ b.add(o)
+ }
+}
+
+func isValidOID(oid encoding_asn1.ObjectIdentifier) bool {
+ if len(oid) < 2 {
+ return false
+ }
+
+ if oid[0] > 2 || (oid[0] <= 1 && oid[1] >= 40) {
+ return false
+ }
+
+ for _, v := range oid {
+ if v < 0 {
+ return false
+ }
+ }
+
+ return true
+}
+
+func (b *Builder) AddASN1ObjectIdentifier(oid encoding_asn1.ObjectIdentifier) {
+ b.AddASN1(asn1.OBJECT_IDENTIFIER, func(b *Builder) {
+ if !isValidOID(oid) {
+ b.err = fmt.Errorf("cryptobyte: invalid OID: %v", oid)
+ return
+ }
+
+ b.addBase128Int(int64(oid[0])*40 + int64(oid[1]))
+ for _, v := range oid[2:] {
+ b.addBase128Int(int64(v))
+ }
+ })
+}
+
+func (b *Builder) AddASN1Boolean(v bool) {
+ b.AddASN1(asn1.BOOLEAN, func(b *Builder) {
+ if v {
+ b.AddUint8(0xff)
+ } else {
+ b.AddUint8(0)
+ }
+ })
+}
+
+func (b *Builder) AddASN1NULL() {
+ b.add(uint8(asn1.NULL), 0)
+}
+
+// MarshalASN1 calls encoding_asn1.Marshal on its input and appends the result if
+// successful or records an error if one occurred.
+func (b *Builder) MarshalASN1(v interface{}) {
+ // NOTE(martinkr): This is somewhat of a hack to allow propagation of
+ // encoding_asn1.Marshal errors into Builder.err. N.B. if you call MarshalASN1 with a
+ // value embedded into a struct, its tag information is lost.
+ if b.err != nil {
+ return
+ }
+ bytes, err := encoding_asn1.Marshal(v)
+ if err != nil {
+ b.err = err
+ return
+ }
+ b.AddBytes(bytes)
+}
+
+// AddASN1 appends an ASN.1 object. The object is prefixed with the given tag.
+// Tags greater than 30 are not supported and result in an error (i.e.
+// low-tag-number form only). The child builder passed to the
+// BuilderContinuation can be used to build the content of the ASN.1 object.
+func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) {
+ if b.err != nil {
+ return
+ }
+ // Identifiers with the low five bits set indicate high-tag-number format
+ // (two or more octets), which we don't support.
+ if tag&0x1f == 0x1f {
+ b.err = fmt.Errorf("cryptobyte: high-tag number identifier octects not supported: 0x%x", tag)
+ return
+ }
+ b.AddUint8(uint8(tag))
+ b.addLengthPrefixed(1, true, f)
+}
+
+// String
+
+// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean
+// representation into out and advances. It reports whether the read
+// was successful.
+func (s *String) ReadASN1Boolean(out *bool) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 {
+ return false
+ }
+
+ switch bytes[0] {
+ case 0:
+ *out = false
+ case 0xff:
+ *out = true
+ default:
+ return false
+ }
+
+ return true
+}
+
+// ReadASN1Integer decodes an ASN.1 INTEGER into out and advances. If out does
+// not point to an integer, to a big.Int, or to a []byte it panics. Only
+// positive and zero values can be decoded into []byte, and they are returned as
+// big-endian binary values that share memory with s. Positive values will have
+// no leading zeroes, and zero will be returned as a single zero byte.
+// ReadASN1Integer reports whether the read was successful.
+func (s *String) ReadASN1Integer(out interface{}) bool {
+ switch out := out.(type) {
+ case *int, *int8, *int16, *int32, *int64:
+ var i int64
+ if !s.readASN1Int64(&i) || reflect.ValueOf(out).Elem().OverflowInt(i) {
+ return false
+ }
+ reflect.ValueOf(out).Elem().SetInt(i)
+ return true
+ case *uint, *uint8, *uint16, *uint32, *uint64:
+ var u uint64
+ if !s.readASN1Uint64(&u) || reflect.ValueOf(out).Elem().OverflowUint(u) {
+ return false
+ }
+ reflect.ValueOf(out).Elem().SetUint(u)
+ return true
+ case *big.Int:
+ return s.readASN1BigInt(out)
+ case *[]byte:
+ return s.readASN1Bytes(out)
+ default:
+ panic("out does not point to an integer type")
+ }
+}
+
+func checkASN1Integer(bytes []byte) bool {
+ if len(bytes) == 0 {
+ // An INTEGER is encoded with at least one octet.
+ return false
+ }
+ if len(bytes) == 1 {
+ return true
+ }
+ if bytes[0] == 0 && bytes[1]&0x80 == 0 || bytes[0] == 0xff && bytes[1]&0x80 == 0x80 {
+ // Value is not minimally encoded.
+ return false
+ }
+ return true
+}
+
+var bigOne = big.NewInt(1)
+
+func (s *String) readASN1BigInt(out *big.Int) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+ return false
+ }
+ if bytes[0]&0x80 == 0x80 {
+ // Negative number.
+ neg := make([]byte, len(bytes))
+ for i, b := range bytes {
+ neg[i] = ^b
+ }
+ out.SetBytes(neg)
+ out.Add(out, bigOne)
+ out.Neg(out)
+ } else {
+ out.SetBytes(bytes)
+ }
+ return true
+}
+
+func (s *String) readASN1Bytes(out *[]byte) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) {
+ return false
+ }
+ if bytes[0]&0x80 == 0x80 {
+ return false
+ }
+ for len(bytes) > 1 && bytes[0] == 0 {
+ bytes = bytes[1:]
+ }
+ *out = bytes
+ return true
+}
+
+func (s *String) readASN1Int64(out *int64) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Signed(out, bytes) {
+ return false
+ }
+ return true
+}
+
+func asn1Signed(out *int64, n []byte) bool {
+ length := len(n)
+ if length > 8 {
+ return false
+ }
+ for i := 0; i < length; i++ {
+ *out <<= 8
+ *out |= int64(n[i])
+ }
+ // Shift up and down in order to sign extend the result.
+ *out <<= 64 - uint8(length)*8
+ *out >>= 64 - uint8(length)*8
+ return true
+}
+
+func (s *String) readASN1Uint64(out *uint64) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.INTEGER) || !checkASN1Integer(bytes) || !asn1Unsigned(out, bytes) {
+ return false
+ }
+ return true
+}
+
+func asn1Unsigned(out *uint64, n []byte) bool {
+ length := len(n)
+ if length > 9 || length == 9 && n[0] != 0 {
+ // Too large for uint64.
+ return false
+ }
+ if n[0]&0x80 != 0 {
+ // Negative number.
+ return false
+ }
+ for i := 0; i < length; i++ {
+ *out <<= 8
+ *out |= uint64(n[i])
+ }
+ return true
+}
+
+// ReadASN1Int64WithTag decodes an ASN.1 INTEGER with the given tag into out
+// and advances. It reports whether the read was successful and resulted in a
+// value that can be represented in an int64.
+func (s *String) ReadASN1Int64WithTag(out *int64, tag asn1.Tag) bool {
+ var bytes String
+ return s.ReadASN1(&bytes, tag) && checkASN1Integer(bytes) && asn1Signed(out, bytes)
+}
+
+// ReadASN1Enum decodes an ASN.1 ENUMERATION into out and advances. It reports
+// whether the read was successful.
+func (s *String) ReadASN1Enum(out *int) bool {
+ var bytes String
+ var i int64
+ if !s.ReadASN1(&bytes, asn1.ENUM) || !checkASN1Integer(bytes) || !asn1Signed(&i, bytes) {
+ return false
+ }
+ if int64(int(i)) != i {
+ return false
+ }
+ *out = int(i)
+ return true
+}
+
+func (s *String) readBase128Int(out *int) bool {
+ ret := 0
+ for i := 0; len(*s) > 0; i++ {
+ if i == 5 {
+ return false
+ }
+ // Avoid overflowing int on a 32-bit platform.
+ // We don't want different behavior based on the architecture.
+ if ret >= 1<<(31-7) {
+ return false
+ }
+ ret <<= 7
+ b := s.read(1)[0]
+
+ // ITU-T X.690, section 8.19.2:
+ // The subidentifier shall be encoded in the fewest possible octets,
+ // that is, the leading octet of the subidentifier shall not have the value 0x80.
+ if i == 0 && b == 0x80 {
+ return false
+ }
+
+ ret |= int(b & 0x7f)
+ if b&0x80 == 0 {
+ *out = ret
+ return true
+ }
+ }
+ return false // truncated
+}
+
+// ReadASN1ObjectIdentifier decodes an ASN.1 OBJECT IDENTIFIER into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1ObjectIdentifier(out *encoding_asn1.ObjectIdentifier) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.OBJECT_IDENTIFIER) || len(bytes) == 0 {
+ return false
+ }
+
+ // In the worst case, we get two elements from the first byte (which is
+ // encoded differently) and then every varint is a single byte long.
+ components := make([]int, len(bytes)+1)
+
+ // The first varint is 40*value1 + value2:
+ // According to this packing, value1 can take the values 0, 1 and 2 only.
+ // When value1 = 0 or value1 = 1, then value2 is <= 39. When value1 = 2,
+ // then there are no restrictions on value2.
+ var v int
+ if !bytes.readBase128Int(&v) {
+ return false
+ }
+ if v < 80 {
+ components[0] = v / 40
+ components[1] = v % 40
+ } else {
+ components[0] = 2
+ components[1] = v - 80
+ }
+
+ i := 2
+ for ; len(bytes) > 0; i++ {
+ if !bytes.readBase128Int(&v) {
+ return false
+ }
+ components[i] = v
+ }
+ *out = components[:i]
+ return true
+}
+
+// ReadASN1GeneralizedTime decodes an ASN.1 GENERALIZEDTIME into out and
+// advances. It reports whether the read was successful.
+func (s *String) ReadASN1GeneralizedTime(out *time.Time) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.GeneralizedTime) {
+ return false
+ }
+ t := string(bytes)
+ res, err := time.Parse(generalizedTimeFormatStr, t)
+ if err != nil {
+ return false
+ }
+ if serialized := res.Format(generalizedTimeFormatStr); serialized != t {
+ return false
+ }
+ *out = res
+ return true
+}
+
+const defaultUTCTimeFormatStr = "060102150405Z0700"
+
+// ReadASN1UTCTime decodes an ASN.1 UTCTime into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1UTCTime(out *time.Time) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.UTCTime) {
+ return false
+ }
+ t := string(bytes)
+
+ formatStr := defaultUTCTimeFormatStr
+ var err error
+ res, err := time.Parse(formatStr, t)
+ if err != nil {
+ // Fallback to minute precision if we can't parse second
+ // precision. If we are following X.509 or X.690 we shouldn't
+ // support this, but we do.
+ formatStr = "0601021504Z0700"
+ res, err = time.Parse(formatStr, t)
+ }
+ if err != nil {
+ return false
+ }
+
+ if serialized := res.Format(formatStr); serialized != t {
+ return false
+ }
+
+ if res.Year() >= 2050 {
+ // UTCTime interprets the low order digits 50-99 as 1950-99.
+ // This only applies to its use in the X.509 profile.
+ // See https://tools.ietf.org/html/rfc5280#section-4.1.2.5.1
+ res = res.AddDate(-100, 0, 0)
+ }
+ *out = res
+ return true
+}
+
+// ReadASN1BitString decodes an ASN.1 BIT STRING into out and advances.
+// It reports whether the read was successful.
+func (s *String) ReadASN1BitString(out *encoding_asn1.BitString) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 ||
+ len(bytes)*8/8 != len(bytes) {
+ return false
+ }
+
+ paddingBits := bytes[0]
+ bytes = bytes[1:]
+ if paddingBits > 7 ||
+ len(bytes) == 0 && paddingBits != 0 ||
+ len(bytes) > 0 && bytes[len(bytes)-1]&(1<<paddingBits-1) != 0 {
+ return false
+ }
+
+ out.BitLength = len(bytes)*8 - int(paddingBits)
+ out.Bytes = bytes
+ return true
+}
+
+// ReadASN1BitStringAsBytes decodes an ASN.1 BIT STRING into out and advances. It is
+// an error if the BIT STRING is not a whole number of bytes. It reports
+// whether the read was successful.
+func (s *String) ReadASN1BitStringAsBytes(out *[]byte) bool {
+ var bytes String
+ if !s.ReadASN1(&bytes, asn1.BIT_STRING) || len(bytes) == 0 {
+ return false
+ }
+
+ paddingBits := bytes[0]
+ if paddingBits != 0 {
+ return false
+ }
+ *out = bytes[1:]
+ return true
+}
+
+// ReadASN1Bytes reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+func (s *String) ReadASN1Bytes(out *[]byte, tag asn1.Tag) bool {
+ return s.ReadASN1((*String)(out), tag)
+}
+
+// ReadASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1(out *String, tag asn1.Tag) bool {
+ var t asn1.Tag
+ if !s.ReadAnyASN1(out, &t) || t != tag {
+ return false
+ }
+ return true
+}
+
+// ReadASN1Element reads the contents of a DER-encoded ASN.1 element (including
+// tag and length bytes) into out, and advances. The element must match the
+// given tag. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadASN1Element(out *String, tag asn1.Tag) bool {
+ var t asn1.Tag
+ if !s.ReadAnyASN1Element(out, &t) || t != tag {
+ return false
+ }
+ return true
+}
+
+// ReadAnyASN1 reads the contents of a DER-encoded ASN.1 element (not including
+// tag and length bytes) into out, sets outTag to its tag, and advances.
+// It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1(out *String, outTag *asn1.Tag) bool {
+ return s.readASN1(out, outTag, true /* skip header */)
+}
+
+// ReadAnyASN1Element reads the contents of a DER-encoded ASN.1 element
+// (including tag and length bytes) into out, sets outTag to is tag, and
+// advances. It reports whether the read was successful.
+//
+// Tags greater than 30 are not supported (i.e. low-tag-number format only).
+func (s *String) ReadAnyASN1Element(out *String, outTag *asn1.Tag) bool {
+ return s.readASN1(out, outTag, false /* include header */)
+}
+
+// PeekASN1Tag reports whether the next ASN.1 value on the string starts with
+// the given tag.
+func (s String) PeekASN1Tag(tag asn1.Tag) bool {
+ if len(s) == 0 {
+ return false
+ }
+ return asn1.Tag(s[0]) == tag
+}
+
+// SkipASN1 reads and discards an ASN.1 element with the given tag. It
+// reports whether the operation was successful.
+func (s *String) SkipASN1(tag asn1.Tag) bool {
+ var unused String
+ return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1 attempts to read the contents of a DER-encoded ASN.1
+// element (not including tag and length bytes) tagged with the given tag into
+// out. It stores whether an element with the tag was found in outPresent,
+// unless outPresent is nil. It reports whether the read was successful.
+func (s *String) ReadOptionalASN1(out *String, outPresent *bool, tag asn1.Tag) bool {
+ present := s.PeekASN1Tag(tag)
+ if outPresent != nil {
+ *outPresent = present
+ }
+ if present && !s.ReadASN1(out, tag) {
+ return false
+ }
+ return true
+}
+
+// SkipOptionalASN1 advances s over an ASN.1 element with the given tag, or
+// else leaves s unchanged. It reports whether the operation was successful.
+func (s *String) SkipOptionalASN1(tag asn1.Tag) bool {
+ if !s.PeekASN1Tag(tag) {
+ return true
+ }
+ var unused String
+ return s.ReadASN1(&unused, tag)
+}
+
+// ReadOptionalASN1Integer attempts to read an optional ASN.1 INTEGER explicitly
+// tagged with tag into out and advances. If no element with a matching tag is
+// present, it writes defaultValue into out instead. Otherwise, it behaves like
+// ReadASN1Integer.
+func (s *String) ReadOptionalASN1Integer(out interface{}, tag asn1.Tag, defaultValue interface{}) bool {
+ var present bool
+ var i String
+ if !s.ReadOptionalASN1(&i, &present, tag) {
+ return false
+ }
+ if !present {
+ switch out.(type) {
+ case *int, *int8, *int16, *int32, *int64,
+ *uint, *uint8, *uint16, *uint32, *uint64, *[]byte:
+ reflect.ValueOf(out).Elem().Set(reflect.ValueOf(defaultValue))
+ case *big.Int:
+ if defaultValue, ok := defaultValue.(*big.Int); ok {
+ out.(*big.Int).Set(defaultValue)
+ } else {
+ panic("out points to big.Int, but defaultValue does not")
+ }
+ default:
+ panic("invalid integer type")
+ }
+ return true
+ }
+ if !i.ReadASN1Integer(out) || !i.Empty() {
+ return false
+ }
+ return true
+}
+
+// ReadOptionalASN1OctetString attempts to read an optional ASN.1 OCTET STRING
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to nil instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1OctetString(out *[]byte, outPresent *bool, tag asn1.Tag) bool {
+ var present bool
+ var child String
+ if !s.ReadOptionalASN1(&child, &present, tag) {
+ return false
+ }
+ if outPresent != nil {
+ *outPresent = present
+ }
+ if present {
+ var oct String
+ if !child.ReadASN1(&oct, asn1.OCTET_STRING) || !child.Empty() {
+ return false
+ }
+ *out = oct
+ } else {
+ *out = nil
+ }
+ return true
+}
+
+// ReadOptionalASN1Boolean attempts to read an optional ASN.1 BOOLEAN
+// explicitly tagged with tag into out and advances. If no element with a
+// matching tag is present, it sets "out" to defaultValue instead. It reports
+// whether the read was successful.
+func (s *String) ReadOptionalASN1Boolean(out *bool, tag asn1.Tag, defaultValue bool) bool {
+ var present bool
+ var child String
+ if !s.ReadOptionalASN1(&child, &present, tag) {
+ return false
+ }
+
+ if !present {
+ *out = defaultValue
+ return true
+ }
+
+ return child.ReadASN1Boolean(out)
+}
+
+func (s *String) readASN1(out *String, outTag *asn1.Tag, skipHeader bool) bool {
+ if len(*s) < 2 {
+ return false
+ }
+ tag, lenByte := (*s)[0], (*s)[1]
+
+ if tag&0x1f == 0x1f {
+ // ITU-T X.690 section 8.1.2
+ //
+ // An identifier octet with a tag part of 0x1f indicates a high-tag-number
+ // form identifier with two or more octets. We only support tags less than
+ // 31 (i.e. low-tag-number form, single octet identifier).
+ return false
+ }
+
+ if outTag != nil {
+ *outTag = asn1.Tag(tag)
+ }
+
+ // ITU-T X.690 section 8.1.3
+ //
+ // Bit 8 of the first length byte indicates whether the length is short- or
+ // long-form.
+ var length, headerLen uint32 // length includes headerLen
+ if lenByte&0x80 == 0 {
+ // Short-form length (section 8.1.3.4), encoded in bits 1-7.
+ length = uint32(lenByte) + 2
+ headerLen = 2
+ } else {
+ // Long-form length (section 8.1.3.5). Bits 1-7 encode the number of octets
+ // used to encode the length.
+ lenLen := lenByte & 0x7f
+ var len32 uint32
+
+ if lenLen == 0 || lenLen > 4 || len(*s) < int(2+lenLen) {
+ return false
+ }
+
+ lenBytes := String((*s)[2 : 2+lenLen])
+ if !lenBytes.readUnsigned(&len32, int(lenLen)) {
+ return false
+ }
+
+ // ITU-T X.690 section 10.1 (DER length forms) requires encoding the length
+ // with the minimum number of octets.
+ if len32 < 128 {
+ // Length should have used short-form encoding.
+ return false
+ }
+ if len32>>((lenLen-1)*8) == 0 {
+ // Leading octet is 0. Length should have been at least one byte shorter.
+ return false
+ }
+
+ headerLen = 2 + uint32(lenLen)
+ if headerLen+len32 < len32 {
+ // Overflow.
+ return false
+ }
+ length = headerLen + len32
+ }
+
+ if int(length) < 0 || !s.ReadBytes((*[]byte)(out), int(length)) {
+ return false
+ }
+ if skipHeader && !out.Skip(int(headerLen)) {
+ panic("cryptobyte: internal error")
+ }
+
+ return true
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
new file mode 100644
index 0000000000000000000000000000000000000000..90ef6a241de2f5b95521975032b35450eb187ca7
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go
@@ -0,0 +1,46 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package asn1 contains supporting types for parsing and building ASN.1
+// messages with the cryptobyte package.
+package asn1
+
+// Tag represents an ASN.1 identifier octet, consisting of a tag number
+// (indicating a type) and class (such as context-specific or constructed).
+//
+// Methods in the cryptobyte package only support the low-tag-number form, i.e.
+// a single identifier octet with bits 7-8 encoding the class and bits 1-6
+// encoding the tag number.
+type Tag uint8
+
+const (
+ classConstructed = 0x20
+ classContextSpecific = 0x80
+)
+
+// Constructed returns t with the constructed class bit set.
+func (t Tag) Constructed() Tag { return t | classConstructed }
+
+// ContextSpecific returns t with the context-specific class bit set.
+func (t Tag) ContextSpecific() Tag { return t | classContextSpecific }
+
+// The following is a list of standard tag and class combinations.
+const (
+ BOOLEAN = Tag(1)
+ INTEGER = Tag(2)
+ BIT_STRING = Tag(3)
+ OCTET_STRING = Tag(4)
+ NULL = Tag(5)
+ OBJECT_IDENTIFIER = Tag(6)
+ ENUM = Tag(10)
+ UTF8String = Tag(12)
+ SEQUENCE = Tag(16 | classConstructed)
+ SET = Tag(17 | classConstructed)
+ PrintableString = Tag(19)
+ T61String = Tag(20)
+ IA5String = Tag(22)
+ UTCTime = Tag(23)
+ GeneralizedTime = Tag(24)
+ GeneralString = Tag(27)
+)
diff --git a/vendor/golang.org/x/crypto/cryptobyte/builder.go b/vendor/golang.org/x/crypto/cryptobyte/builder.go
new file mode 100644
index 0000000000000000000000000000000000000000..cf254f5f1e87f6713d80cf7e9fd0deb81e2a67e5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/builder.go
@@ -0,0 +1,350 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptobyte
+
+import (
+ "errors"
+ "fmt"
+)
+
+// A Builder builds byte strings from fixed-length and length-prefixed values.
+// Builders either allocate space as needed, or are ‘fixed’, which means that
+// they write into a given buffer and produce an error if it's exhausted.
+//
+// The zero value is a usable Builder that allocates space as needed.
+//
+// Simple values are marshaled and appended to a Builder using methods on the
+// Builder. Length-prefixed values are marshaled by providing a
+// BuilderContinuation, which is a function that writes the inner contents of
+// the value to a given Builder. See the documentation for BuilderContinuation
+// for details.
+type Builder struct {
+ err error
+ result []byte
+ fixedSize bool
+ child *Builder
+ offset int
+ pendingLenLen int
+ pendingIsASN1 bool
+ inContinuation *bool
+}
+
+// NewBuilder creates a Builder that appends its output to the given buffer.
+// Like append(), the slice will be reallocated if its capacity is exceeded.
+// Use Bytes to get the final buffer.
+func NewBuilder(buffer []byte) *Builder {
+ return &Builder{
+ result: buffer,
+ }
+}
+
+// NewFixedBuilder creates a Builder that appends its output into the given
+// buffer. This builder does not reallocate the output buffer. Writes that
+// would exceed the buffer's capacity are treated as an error.
+func NewFixedBuilder(buffer []byte) *Builder {
+ return &Builder{
+ result: buffer,
+ fixedSize: true,
+ }
+}
+
+// SetError sets the value to be returned as the error from Bytes. Writes
+// performed after calling SetError are ignored.
+func (b *Builder) SetError(err error) {
+ b.err = err
+}
+
+// Bytes returns the bytes written by the builder or an error if one has
+// occurred during building.
+func (b *Builder) Bytes() ([]byte, error) {
+ if b.err != nil {
+ return nil, b.err
+ }
+ return b.result[b.offset:], nil
+}
+
+// BytesOrPanic returns the bytes written by the builder or panics if an error
+// has occurred during building.
+func (b *Builder) BytesOrPanic() []byte {
+ if b.err != nil {
+ panic(b.err)
+ }
+ return b.result[b.offset:]
+}
+
+// AddUint8 appends an 8-bit value to the byte string.
+func (b *Builder) AddUint8(v uint8) {
+ b.add(byte(v))
+}
+
+// AddUint16 appends a big-endian, 16-bit value to the byte string.
+func (b *Builder) AddUint16(v uint16) {
+ b.add(byte(v>>8), byte(v))
+}
+
+// AddUint24 appends a big-endian, 24-bit value to the byte string. The highest
+// byte of the 32-bit input value is silently truncated.
+func (b *Builder) AddUint24(v uint32) {
+ b.add(byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint32 appends a big-endian, 32-bit value to the byte string.
+func (b *Builder) AddUint32(v uint32) {
+ b.add(byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint48 appends a big-endian, 48-bit value to the byte string.
+func (b *Builder) AddUint48(v uint64) {
+ b.add(byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddUint64 appends a big-endian, 64-bit value to the byte string.
+func (b *Builder) AddUint64(v uint64) {
+ b.add(byte(v>>56), byte(v>>48), byte(v>>40), byte(v>>32), byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+}
+
+// AddBytes appends a sequence of bytes to the byte string.
+func (b *Builder) AddBytes(v []byte) {
+ b.add(v...)
+}
+
+// BuilderContinuation is a continuation-passing interface for building
+// length-prefixed byte sequences. Builder methods for length-prefixed
+// sequences (AddUint8LengthPrefixed etc) will invoke the BuilderContinuation
+// supplied to them. The child builder passed to the continuation can be used
+// to build the content of the length-prefixed sequence. For example:
+//
+// parent := cryptobyte.NewBuilder()
+// parent.AddUint8LengthPrefixed(func (child *Builder) {
+// child.AddUint8(42)
+// child.AddUint8LengthPrefixed(func (grandchild *Builder) {
+// grandchild.AddUint8(5)
+// })
+// })
+//
+// It is an error to write more bytes to the child than allowed by the reserved
+// length prefix. After the continuation returns, the child must be considered
+// invalid, i.e. users must not store any copies or references of the child
+// that outlive the continuation.
+//
+// If the continuation panics with a value of type BuildError then the inner
+// error will be returned as the error from Bytes. If the child panics
+// otherwise then Bytes will repanic with the same value.
+type BuilderContinuation func(child *Builder)
+
+// BuildError wraps an error. If a BuilderContinuation panics with this value,
+// the panic will be recovered and the inner error will be returned from
+// Builder.Bytes.
+type BuildError struct {
+ Err error
+}
+
+// AddUint8LengthPrefixed adds a 8-bit length-prefixed byte sequence.
+func (b *Builder) AddUint8LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(1, false, f)
+}
+
+// AddUint16LengthPrefixed adds a big-endian, 16-bit length-prefixed byte sequence.
+func (b *Builder) AddUint16LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(2, false, f)
+}
+
+// AddUint24LengthPrefixed adds a big-endian, 24-bit length-prefixed byte sequence.
+func (b *Builder) AddUint24LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(3, false, f)
+}
+
+// AddUint32LengthPrefixed adds a big-endian, 32-bit length-prefixed byte sequence.
+func (b *Builder) AddUint32LengthPrefixed(f BuilderContinuation) {
+ b.addLengthPrefixed(4, false, f)
+}
+
+func (b *Builder) callContinuation(f BuilderContinuation, arg *Builder) {
+ if !*b.inContinuation {
+ *b.inContinuation = true
+
+ defer func() {
+ *b.inContinuation = false
+
+ r := recover()
+ if r == nil {
+ return
+ }
+
+ if buildError, ok := r.(BuildError); ok {
+ b.err = buildError.Err
+ } else {
+ panic(r)
+ }
+ }()
+ }
+
+ f(arg)
+}
+
+func (b *Builder) addLengthPrefixed(lenLen int, isASN1 bool, f BuilderContinuation) {
+ // Subsequent writes can be ignored if the builder has encountered an error.
+ if b.err != nil {
+ return
+ }
+
+ offset := len(b.result)
+ b.add(make([]byte, lenLen)...)
+
+ if b.inContinuation == nil {
+ b.inContinuation = new(bool)
+ }
+
+ b.child = &Builder{
+ result: b.result,
+ fixedSize: b.fixedSize,
+ offset: offset,
+ pendingLenLen: lenLen,
+ pendingIsASN1: isASN1,
+ inContinuation: b.inContinuation,
+ }
+
+ b.callContinuation(f, b.child)
+ b.flushChild()
+ if b.child != nil {
+ panic("cryptobyte: internal error")
+ }
+}
+
+func (b *Builder) flushChild() {
+ if b.child == nil {
+ return
+ }
+ b.child.flushChild()
+ child := b.child
+ b.child = nil
+
+ if child.err != nil {
+ b.err = child.err
+ return
+ }
+
+ length := len(child.result) - child.pendingLenLen - child.offset
+
+ if length < 0 {
+ panic("cryptobyte: internal error") // result unexpectedly shrunk
+ }
+
+ if child.pendingIsASN1 {
+ // For ASN.1, we reserved a single byte for the length. If that turned out
+ // to be incorrect, we have to move the contents along in order to make
+ // space.
+ if child.pendingLenLen != 1 {
+ panic("cryptobyte: internal error")
+ }
+ var lenLen, lenByte uint8
+ if int64(length) > 0xfffffffe {
+ b.err = errors.New("pending ASN.1 child too long")
+ return
+ } else if length > 0xffffff {
+ lenLen = 5
+ lenByte = 0x80 | 4
+ } else if length > 0xffff {
+ lenLen = 4
+ lenByte = 0x80 | 3
+ } else if length > 0xff {
+ lenLen = 3
+ lenByte = 0x80 | 2
+ } else if length > 0x7f {
+ lenLen = 2
+ lenByte = 0x80 | 1
+ } else {
+ lenLen = 1
+ lenByte = uint8(length)
+ length = 0
+ }
+
+ // Insert the initial length byte, make space for successive length bytes,
+ // and adjust the offset.
+ child.result[child.offset] = lenByte
+ extraBytes := int(lenLen - 1)
+ if extraBytes != 0 {
+ child.add(make([]byte, extraBytes)...)
+ childStart := child.offset + child.pendingLenLen
+ copy(child.result[childStart+extraBytes:], child.result[childStart:])
+ }
+ child.offset++
+ child.pendingLenLen = extraBytes
+ }
+
+ l := length
+ for i := child.pendingLenLen - 1; i >= 0; i-- {
+ child.result[child.offset+i] = uint8(l)
+ l >>= 8
+ }
+ if l != 0 {
+ b.err = fmt.Errorf("cryptobyte: pending child length %d exceeds %d-byte length prefix", length, child.pendingLenLen)
+ return
+ }
+
+ if b.fixedSize && &b.result[0] != &child.result[0] {
+ panic("cryptobyte: BuilderContinuation reallocated a fixed-size buffer")
+ }
+
+ b.result = child.result
+}
+
+func (b *Builder) add(bytes ...byte) {
+ if b.err != nil {
+ return
+ }
+ if b.child != nil {
+ panic("cryptobyte: attempted write while child is pending")
+ }
+ if len(b.result)+len(bytes) < len(bytes) {
+ b.err = errors.New("cryptobyte: length overflow")
+ }
+ if b.fixedSize && len(b.result)+len(bytes) > cap(b.result) {
+ b.err = errors.New("cryptobyte: Builder is exceeding its fixed-size buffer")
+ return
+ }
+ b.result = append(b.result, bytes...)
+}
+
+// Unwrite rolls back non-negative n bytes written directly to the Builder.
+// An attempt by a child builder passed to a continuation to unwrite bytes
+// from its parent will panic.
+func (b *Builder) Unwrite(n int) {
+ if b.err != nil {
+ return
+ }
+ if b.child != nil {
+ panic("cryptobyte: attempted unwrite while child is pending")
+ }
+ length := len(b.result) - b.pendingLenLen - b.offset
+ if length < 0 {
+ panic("cryptobyte: internal error")
+ }
+ if n < 0 {
+ panic("cryptobyte: attempted to unwrite negative number of bytes")
+ }
+ if n > length {
+ panic("cryptobyte: attempted to unwrite more than was written")
+ }
+ b.result = b.result[:len(b.result)-n]
+}
+
+// A MarshalingValue marshals itself into a Builder.
+type MarshalingValue interface {
+ // Marshal is called by Builder.AddValue. It receives a pointer to a builder
+ // to marshal itself into. It may return an error that occurred during
+ // marshaling, such as unset or invalid values.
+ Marshal(b *Builder) error
+}
+
+// AddValue calls Marshal on v, passing a pointer to the builder to append to.
+// If Marshal returns an error, it is set on the Builder so that subsequent
+// appends don't have an effect.
+func (b *Builder) AddValue(v MarshalingValue) {
+ err := v.Marshal(b)
+ if err != nil {
+ b.err = err
+ }
+}
diff --git a/vendor/golang.org/x/crypto/cryptobyte/string.go b/vendor/golang.org/x/crypto/cryptobyte/string.go
new file mode 100644
index 0000000000000000000000000000000000000000..4b0f8097f9e15ec280df9431fe24b8bf1d039dc7
--- /dev/null
+++ b/vendor/golang.org/x/crypto/cryptobyte/string.go
@@ -0,0 +1,183 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cryptobyte contains types that help with parsing and constructing
+// length-prefixed, binary messages, including ASN.1 DER. (The asn1 subpackage
+// contains useful ASN.1 constants.)
+//
+// The String type is for parsing. It wraps a []byte slice and provides helper
+// functions for consuming structures, value by value.
+//
+// The Builder type is for constructing messages. It providers helper functions
+// for appending values and also for appending length-prefixed submessages –
+// without having to worry about calculating the length prefix ahead of time.
+//
+// See the documentation and examples for the Builder and String types to get
+// started.
+package cryptobyte
+
+// String represents a string of bytes. It provides methods for parsing
+// fixed-length and length-prefixed values from it.
+type String []byte
+
+// read advances a String by n bytes and returns them. If less than n bytes
+// remain, it returns nil.
+func (s *String) read(n int) []byte {
+ if len(*s) < n || n < 0 {
+ return nil
+ }
+ v := (*s)[:n]
+ *s = (*s)[n:]
+ return v
+}
+
+// Skip advances the String by n byte and reports whether it was successful.
+func (s *String) Skip(n int) bool {
+ return s.read(n) != nil
+}
+
+// ReadUint8 decodes an 8-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint8(out *uint8) bool {
+ v := s.read(1)
+ if v == nil {
+ return false
+ }
+ *out = uint8(v[0])
+ return true
+}
+
+// ReadUint16 decodes a big-endian, 16-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint16(out *uint16) bool {
+ v := s.read(2)
+ if v == nil {
+ return false
+ }
+ *out = uint16(v[0])<<8 | uint16(v[1])
+ return true
+}
+
+// ReadUint24 decodes a big-endian, 24-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint24(out *uint32) bool {
+ v := s.read(3)
+ if v == nil {
+ return false
+ }
+ *out = uint32(v[0])<<16 | uint32(v[1])<<8 | uint32(v[2])
+ return true
+}
+
+// ReadUint32 decodes a big-endian, 32-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint32(out *uint32) bool {
+ v := s.read(4)
+ if v == nil {
+ return false
+ }
+ *out = uint32(v[0])<<24 | uint32(v[1])<<16 | uint32(v[2])<<8 | uint32(v[3])
+ return true
+}
+
+// ReadUint48 decodes a big-endian, 48-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint48(out *uint64) bool {
+ v := s.read(6)
+ if v == nil {
+ return false
+ }
+ *out = uint64(v[0])<<40 | uint64(v[1])<<32 | uint64(v[2])<<24 | uint64(v[3])<<16 | uint64(v[4])<<8 | uint64(v[5])
+ return true
+}
+
+// ReadUint64 decodes a big-endian, 64-bit value into out and advances over it.
+// It reports whether the read was successful.
+func (s *String) ReadUint64(out *uint64) bool {
+ v := s.read(8)
+ if v == nil {
+ return false
+ }
+ *out = uint64(v[0])<<56 | uint64(v[1])<<48 | uint64(v[2])<<40 | uint64(v[3])<<32 | uint64(v[4])<<24 | uint64(v[5])<<16 | uint64(v[6])<<8 | uint64(v[7])
+ return true
+}
+
+func (s *String) readUnsigned(out *uint32, length int) bool {
+ v := s.read(length)
+ if v == nil {
+ return false
+ }
+ var result uint32
+ for i := 0; i < length; i++ {
+ result <<= 8
+ result |= uint32(v[i])
+ }
+ *out = result
+ return true
+}
+
+func (s *String) readLengthPrefixed(lenLen int, outChild *String) bool {
+ lenBytes := s.read(lenLen)
+ if lenBytes == nil {
+ return false
+ }
+ var length uint32
+ for _, b := range lenBytes {
+ length = length << 8
+ length = length | uint32(b)
+ }
+ v := s.read(int(length))
+ if v == nil {
+ return false
+ }
+ *outChild = v
+ return true
+}
+
+// ReadUint8LengthPrefixed reads the content of an 8-bit length-prefixed value
+// into out and advances over it. It reports whether the read was successful.
+func (s *String) ReadUint8LengthPrefixed(out *String) bool {
+ return s.readLengthPrefixed(1, out)
+}
+
+// ReadUint16LengthPrefixed reads the content of a big-endian, 16-bit
+// length-prefixed value into out and advances over it. It reports whether the
+// read was successful.
+func (s *String) ReadUint16LengthPrefixed(out *String) bool {
+ return s.readLengthPrefixed(2, out)
+}
+
+// ReadUint24LengthPrefixed reads the content of a big-endian, 24-bit
+// length-prefixed value into out and advances over it. It reports whether
+// the read was successful.
+func (s *String) ReadUint24LengthPrefixed(out *String) bool {
+ return s.readLengthPrefixed(3, out)
+}
+
+// ReadBytes reads n bytes into out and advances over them. It reports
+// whether the read was successful.
+func (s *String) ReadBytes(out *[]byte, n int) bool {
+ v := s.read(n)
+ if v == nil {
+ return false
+ }
+ *out = v
+ return true
+}
+
+// CopyBytes copies len(out) bytes into out and advances over them. It reports
+// whether the copy operation was successful
+func (s *String) CopyBytes(out []byte) bool {
+ n := len(out)
+ v := s.read(n)
+ if v == nil {
+ return false
+ }
+ return copy(out, v) == n
+}
+
+// Empty reports whether the string does not contain any bytes.
+func (s String) Empty() bool {
+ return len(s) == 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
index 02609d5b21d56a5b82ce169a3bd1f933f9d091f3..9c105f23afcdc411cd3b0368f1077943e91bff45 100644
--- a/vendor/golang.org/x/sys/cpu/cpu.go
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -72,6 +72,9 @@ var X86 struct {
HasSSSE3 bool // Supplemental streaming SIMD extension 3
HasSSE41 bool // Streaming SIMD extension 4 and 4.1
HasSSE42 bool // Streaming SIMD extension 4 and 4.2
+ HasAVXIFMA bool // Advanced vector extension Integer Fused Multiply Add
+ HasAVXVNNI bool // Advanced vector extension Vector Neural Network Instructions
+ HasAVXVNNIInt8 bool // Advanced vector extension Vector Neural Network Int8 instructions
_ CacheLinePad
}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
index 600a6807861e7fd225b672283e2bc5c984eb13d6..1e642f3304fa87b95c67d47454e2eb62825fccf2 100644
--- a/vendor/golang.org/x/sys/cpu/cpu_x86.go
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -53,6 +53,9 @@ func initOptions() {
{Name: "sse41", Feature: &X86.HasSSE41},
{Name: "sse42", Feature: &X86.HasSSE42},
{Name: "ssse3", Feature: &X86.HasSSSE3},
+ {Name: "avxifma", Feature: &X86.HasAVXIFMA},
+ {Name: "avxvnni", Feature: &X86.HasAVXVNNI},
+ {Name: "avxvnniint8", Feature: &X86.HasAVXVNNIInt8},
// These capabilities should always be enabled on amd64:
{Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
@@ -106,7 +109,7 @@ func archInit() {
return
}
- _, ebx7, ecx7, edx7 := cpuid(7, 0)
+ eax7, ebx7, ecx7, edx7 := cpuid(7, 0)
X86.HasBMI1 = isSet(3, ebx7)
X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
X86.HasBMI2 = isSet(8, ebx7)
@@ -134,14 +137,24 @@ func archInit() {
X86.HasAVX512VAES = isSet(9, ecx7)
X86.HasAVX512VBMI2 = isSet(6, ecx7)
X86.HasAVX512BITALG = isSet(12, ecx7)
-
- eax71, _, _, _ := cpuid(7, 1)
- X86.HasAVX512BF16 = isSet(5, eax71)
}
X86.HasAMXTile = isSet(24, edx7)
X86.HasAMXInt8 = isSet(25, edx7)
X86.HasAMXBF16 = isSet(22, edx7)
+
+ // These features depend on the second level of extended features.
+ if eax7 >= 1 {
+ eax71, _, _, edx71 := cpuid(7, 1)
+ if X86.HasAVX512 {
+ X86.HasAVX512BF16 = isSet(5, eax71)
+ }
+ if X86.HasAVX {
+ X86.HasAVXIFMA = isSet(23, eax71)
+ X86.HasAVXVNNI = isSet(4, eax71)
+ X86.HasAVXVNNIInt8 = isSet(4, edx71)
+ }
+ }
}
func isSet(bitpos uint, value uint32) bool {
diff --git a/vendor/golang.org/x/sys/unix/auxv.go b/vendor/golang.org/x/sys/unix/auxv.go
new file mode 100644
index 0000000000000000000000000000000000000000..37a82528f580f1a3fa7ed57d65cbb8ee7097a98e
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/auxv.go
@@ -0,0 +1,36 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos)
+
+package unix
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+// Auxv returns the ELF auxiliary vector as a sequence of key/value pairs.
+// The returned slice is always a fresh copy, owned by the caller.
+// It returns an error on non-ELF platforms, or if the auxiliary vector cannot be accessed,
+// which happens in some locked-down environments and build modes.
+func Auxv() ([][2]uintptr, error) {
+ vec := runtime_getAuxv()
+ vecLen := len(vec)
+
+ if vecLen == 0 {
+ return nil, syscall.ENOENT
+ }
+
+ if vecLen%2 != 0 {
+ return nil, syscall.EINVAL
+ }
+
+ result := make([]uintptr, vecLen)
+ copy(result, vec)
+ return unsafe.Slice((*[2]uintptr)(unsafe.Pointer(&result[0])), vecLen/2), nil
+}
diff --git a/vendor/golang.org/x/sys/unix/auxv_unsupported.go b/vendor/golang.org/x/sys/unix/auxv_unsupported.go
new file mode 100644
index 0000000000000000000000000000000000000000..1200487f2e86c60b112d6042f329ce48f677bb64
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/auxv_unsupported.go
@@ -0,0 +1,13 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.21 && (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos)
+
+package unix
+
+import "syscall"
+
+func Auxv() ([][2]uintptr, error) {
+ return nil, syscall.ENOTSUP
+}
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 21974af064ddc38e765f3543cda0a9ca29aa44aa..abc3955477c7d38a774bc46bdd8ed0fd736a7bb8 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -1102,3 +1102,90 @@ func (s *Strioctl) SetInt(i int) {
func IoctlSetStrioctlRetInt(fd int, req int, s *Strioctl) (int, error) {
return ioctlPtrRet(fd, req, unsafe.Pointer(s))
}
+
+// Ucred Helpers
+// See ucred(3c) and getpeerucred(3c)
+
+//sys getpeerucred(fd uintptr, ucred *uintptr) (err error)
+//sys ucredFree(ucred uintptr) = ucred_free
+//sys ucredGet(pid int) (ucred uintptr, err error) = ucred_get
+//sys ucredGeteuid(ucred uintptr) (uid int) = ucred_geteuid
+//sys ucredGetegid(ucred uintptr) (gid int) = ucred_getegid
+//sys ucredGetruid(ucred uintptr) (uid int) = ucred_getruid
+//sys ucredGetrgid(ucred uintptr) (gid int) = ucred_getrgid
+//sys ucredGetsuid(ucred uintptr) (uid int) = ucred_getsuid
+//sys ucredGetsgid(ucred uintptr) (gid int) = ucred_getsgid
+//sys ucredGetpid(ucred uintptr) (pid int) = ucred_getpid
+
+// Ucred is an opaque struct that holds user credentials.
+type Ucred struct {
+ ucred uintptr
+}
+
+// We need to ensure that ucredFree is called on the underlying ucred
+// when the Ucred is garbage collected.
+func ucredFinalizer(u *Ucred) {
+ ucredFree(u.ucred)
+}
+
+func GetPeerUcred(fd uintptr) (*Ucred, error) {
+ var ucred uintptr
+ err := getpeerucred(fd, &ucred)
+ if err != nil {
+ return nil, err
+ }
+ result := &Ucred{
+ ucred: ucred,
+ }
+ // set the finalizer on the result so that the ucred will be freed
+ runtime.SetFinalizer(result, ucredFinalizer)
+ return result, nil
+}
+
+func UcredGet(pid int) (*Ucred, error) {
+ ucred, err := ucredGet(pid)
+ if err != nil {
+ return nil, err
+ }
+ result := &Ucred{
+ ucred: ucred,
+ }
+ // set the finalizer on the result so that the ucred will be freed
+ runtime.SetFinalizer(result, ucredFinalizer)
+ return result, nil
+}
+
+func (u *Ucred) Geteuid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGeteuid(u.ucred)
+}
+
+func (u *Ucred) Getruid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetruid(u.ucred)
+}
+
+func (u *Ucred) Getsuid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetsuid(u.ucred)
+}
+
+func (u *Ucred) Getegid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetegid(u.ucred)
+}
+
+func (u *Ucred) Getrgid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetrgid(u.ucred)
+}
+
+func (u *Ucred) Getsgid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetsgid(u.ucred)
+}
+
+func (u *Ucred) Getpid() int {
+ defer runtime.KeepAlive(u)
+ return ucredGetpid(u.ucred)
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 6ebc48b3fecd71f891b0aeff1f2f9c8110b9e88d..4f432bfe8feeee77862ace1bbfbed983d72f6e76 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -1245,6 +1245,7 @@ const (
FAN_REPORT_DFID_NAME = 0xc00
FAN_REPORT_DFID_NAME_TARGET = 0x1e00
FAN_REPORT_DIR_FID = 0x400
+ FAN_REPORT_FD_ERROR = 0x2000
FAN_REPORT_FID = 0x200
FAN_REPORT_NAME = 0x800
FAN_REPORT_PIDFD = 0x80
@@ -1330,8 +1331,10 @@ const (
FUSE_SUPER_MAGIC = 0x65735546
FUTEXFS_SUPER_MAGIC = 0xbad1dea
F_ADD_SEALS = 0x409
+ F_CREATED_QUERY = 0x404
F_DUPFD = 0x0
F_DUPFD_CLOEXEC = 0x406
+ F_DUPFD_QUERY = 0x403
F_EXLCK = 0x4
F_GETFD = 0x1
F_GETFL = 0x3
@@ -1551,6 +1554,7 @@ const (
IPPROTO_ROUTING = 0x2b
IPPROTO_RSVP = 0x2e
IPPROTO_SCTP = 0x84
+ IPPROTO_SMC = 0x100
IPPROTO_TCP = 0x6
IPPROTO_TP = 0x1d
IPPROTO_UDP = 0x11
@@ -1623,6 +1627,8 @@ const (
IPV6_UNICAST_IF = 0x4c
IPV6_USER_FLOW = 0xe
IPV6_V6ONLY = 0x1a
+ IPV6_VERSION = 0x60
+ IPV6_VERSION_MASK = 0xf0
IPV6_XFRM_POLICY = 0x23
IP_ADD_MEMBERSHIP = 0x23
IP_ADD_SOURCE_MEMBERSHIP = 0x27
@@ -1867,6 +1873,7 @@ const (
MADV_UNMERGEABLE = 0xd
MADV_WILLNEED = 0x3
MADV_WIPEONFORK = 0x12
+ MAP_DROPPABLE = 0x8
MAP_FILE = 0x0
MAP_FIXED = 0x10
MAP_FIXED_NOREPLACE = 0x100000
@@ -1967,6 +1974,7 @@ const (
MSG_PEEK = 0x2
MSG_PROXY = 0x10
MSG_RST = 0x1000
+ MSG_SOCK_DEVMEM = 0x2000000
MSG_SYN = 0x400
MSG_TRUNC = 0x20
MSG_TRYHARD = 0x4
@@ -2083,6 +2091,7 @@ const (
NFC_ATR_REQ_MAXSIZE = 0x40
NFC_ATR_RES_GB_MAXSIZE = 0x2f
NFC_ATR_RES_MAXSIZE = 0x40
+ NFC_ATS_MAXSIZE = 0x14
NFC_COMM_ACTIVE = 0x0
NFC_COMM_PASSIVE = 0x1
NFC_DEVICE_NAME_MAXSIZE = 0x8
@@ -2163,6 +2172,7 @@ const (
NFNL_SUBSYS_QUEUE = 0x3
NFNL_SUBSYS_ULOG = 0x4
NFS_SUPER_MAGIC = 0x6969
+ NFT_BITWISE_BOOL = 0x0
NFT_CHAIN_FLAGS = 0x7
NFT_CHAIN_MAXNAMELEN = 0x100
NFT_CT_MAX = 0x17
@@ -2491,6 +2501,7 @@ const (
PR_GET_PDEATHSIG = 0x2
PR_GET_SECCOMP = 0x15
PR_GET_SECUREBITS = 0x1b
+ PR_GET_SHADOW_STACK_STATUS = 0x4a
PR_GET_SPECULATION_CTRL = 0x34
PR_GET_TAGGED_ADDR_CTRL = 0x38
PR_GET_THP_DISABLE = 0x2a
@@ -2499,6 +2510,7 @@ const (
PR_GET_TIMING = 0xd
PR_GET_TSC = 0x19
PR_GET_UNALIGN = 0x5
+ PR_LOCK_SHADOW_STACK_STATUS = 0x4c
PR_MCE_KILL = 0x21
PR_MCE_KILL_CLEAR = 0x0
PR_MCE_KILL_DEFAULT = 0x2
@@ -2525,6 +2537,8 @@ const (
PR_PAC_GET_ENABLED_KEYS = 0x3d
PR_PAC_RESET_KEYS = 0x36
PR_PAC_SET_ENABLED_KEYS = 0x3c
+ PR_PMLEN_MASK = 0x7f000000
+ PR_PMLEN_SHIFT = 0x18
PR_PPC_DEXCR_CTRL_CLEAR = 0x4
PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC = 0x10
PR_PPC_DEXCR_CTRL_EDITABLE = 0x1
@@ -2592,6 +2606,7 @@ const (
PR_SET_PTRACER = 0x59616d61
PR_SET_SECCOMP = 0x16
PR_SET_SECUREBITS = 0x1c
+ PR_SET_SHADOW_STACK_STATUS = 0x4b
PR_SET_SPECULATION_CTRL = 0x35
PR_SET_SYSCALL_USER_DISPATCH = 0x3b
PR_SET_TAGGED_ADDR_CTRL = 0x37
@@ -2602,6 +2617,9 @@ const (
PR_SET_UNALIGN = 0x6
PR_SET_VMA = 0x53564d41
PR_SET_VMA_ANON_NAME = 0x0
+ PR_SHADOW_STACK_ENABLE = 0x1
+ PR_SHADOW_STACK_PUSH = 0x4
+ PR_SHADOW_STACK_WRITE = 0x2
PR_SME_GET_VL = 0x40
PR_SME_SET_VL = 0x3f
PR_SME_SET_VL_ONEXEC = 0x40000
@@ -2911,7 +2929,6 @@ const (
RTM_NEWNEXTHOP = 0x68
RTM_NEWNEXTHOPBUCKET = 0x74
RTM_NEWNSID = 0x58
- RTM_NEWNVLAN = 0x70
RTM_NEWPREFIX = 0x34
RTM_NEWQDISC = 0x24
RTM_NEWROUTE = 0x18
@@ -2920,6 +2937,7 @@ const (
RTM_NEWTCLASS = 0x28
RTM_NEWTFILTER = 0x2c
RTM_NEWTUNNEL = 0x78
+ RTM_NEWVLAN = 0x70
RTM_NR_FAMILIES = 0x1b
RTM_NR_MSGTYPES = 0x6c
RTM_SETDCB = 0x4f
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index c0d45e320505ff6424711bbec395223c8d4ec450..75207613c785dbe3fb5e9afd152330e4ff342de3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -116,6 +116,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -304,6 +306,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index c731d24f02529136a59cf292fcfc27673e1c1396..c68acda53522d124fc1ef7c7dc889394ca4103ab 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -116,6 +116,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -305,6 +307,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index 680018a4a7c9f0f67be48f7ebd0a31a7b6438d38..a8c607ab86b51b1e69629a7131b674a533c1a05f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -310,6 +312,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index a63909f308d6d7d45db1b23ba71826ef51bd4c72..18563dd8d33a0f8e7a343377cd529ddf3eeb47fc 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -109,6 +109,7 @@ const (
F_SETOWN = 0x8
F_UNLCK = 0x2
F_WRLCK = 0x1
+ GCS_MAGIC = 0x47435300
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
@@ -119,6 +120,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -302,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index 9b0a2573fe3fb37337d0c4b87cf268bf95deeb87..22912cdaa94483d6a5a2759d4d05b72663fce96b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -116,6 +116,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -297,6 +299,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 958e6e0645acddc8287e1bdae4f672a49a3fb06b..29344eb37ab55a5982a044ccd388638be2ce0f23 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 50c7f25bd16c6b4bb48ba4f594c2c8064796075a..20d51fb96a897f5c675d91b1107efa1b0956c3b0 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index ced21d66d955aa1471413648b780ac6a79c29dda..321b60902ae5cd5686f44b8dcf9d742a6df9d30c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index 226c0441902358d4fe95110e043721360edb84f8..9bacdf1e27910f1e8f2cb8c582b37f7c54467224 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x80
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -303,6 +305,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index 3122737cd464f0b9033911d2e928a48994c7b8fd..c2242726156a94e77d1b3a6b5c8f5e0f61b643f7 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x80
IUCLC = 0x1000
IXOFF = 0x400
@@ -358,6 +360,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index eb5d3467edf0c1a6fcda2fd26ca8685a89207a1f..6270c8ee13e3f5ac37b6954b36ca972696ad092c 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x80
IUCLC = 0x1000
IXOFF = 0x400
@@ -362,6 +364,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index e921ebc60b7142bf22eb748914eaf6557ce644b9..9966c1941f8301450c052e12184340b465ad204e 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x80
IUCLC = 0x1000
IXOFF = 0x400
@@ -362,6 +364,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 38ba81c55c1fd3f8fee36578e2a5b67e1a5b1eb1..848e5fcc42e6f2f5dcc59d5a5d79199e57a856cb 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xffffff0f
+ IPV6_FLOWLABEL_MASK = 0xffff0f00
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -294,6 +296,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 71f0400977b3672a79401900b85701a23d8b0f99..669b2adb80b778d9daf8400dd00cbab41c0ea5d1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -115,6 +115,8 @@ const (
IN_CLOEXEC = 0x80000
IN_NONBLOCK = 0x800
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x7b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -366,6 +368,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
+ SCM_TS_OPT_ID = 0x51
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index c44a313322c54c61e7b1952290d2cc5f214331c3..4834e57514e44a7f8ca60a6a29e241ac1dba1c77 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -119,6 +119,8 @@ const (
IN_CLOEXEC = 0x400000
IN_NONBLOCK = 0x4000
IOCTL_VM_SOCKETS_GET_LOCAL_CID = 0x200007b9
+ IPV6_FLOWINFO_MASK = 0xfffffff
+ IPV6_FLOWLABEL_MASK = 0xfffff
ISIG = 0x1
IUCLC = 0x200
IXOFF = 0x1000
@@ -357,6 +359,7 @@ const (
SCM_TIMESTAMPING_OPT_STATS = 0x38
SCM_TIMESTAMPING_PKTINFO = 0x3c
SCM_TIMESTAMPNS = 0x21
+ SCM_TS_OPT_ID = 0x5a
SCM_TXTIME = 0x3f
SCM_WIFI_STATUS = 0x25
SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
index 829b87feb8da62f255f3b0662ed64cde8c2d01f7..c6545413c45b44cfa7876eb1ce27a1848c79b192 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
@@ -141,6 +141,16 @@ import (
//go:cgo_import_dynamic libc_getpeername getpeername "libsocket.so"
//go:cgo_import_dynamic libc_setsockopt setsockopt "libsocket.so"
//go:cgo_import_dynamic libc_recvfrom recvfrom "libsocket.so"
+//go:cgo_import_dynamic libc_getpeerucred getpeerucred "libc.so"
+//go:cgo_import_dynamic libc_ucred_get ucred_get "libc.so"
+//go:cgo_import_dynamic libc_ucred_geteuid ucred_geteuid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getegid ucred_getegid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getruid ucred_getruid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getrgid ucred_getrgid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getsuid ucred_getsuid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getsgid ucred_getsgid "libc.so"
+//go:cgo_import_dynamic libc_ucred_getpid ucred_getpid "libc.so"
+//go:cgo_import_dynamic libc_ucred_free ucred_free "libc.so"
//go:cgo_import_dynamic libc_port_create port_create "libc.so"
//go:cgo_import_dynamic libc_port_associate port_associate "libc.so"
//go:cgo_import_dynamic libc_port_dissociate port_dissociate "libc.so"
@@ -280,6 +290,16 @@ import (
//go:linkname procgetpeername libc_getpeername
//go:linkname procsetsockopt libc_setsockopt
//go:linkname procrecvfrom libc_recvfrom
+//go:linkname procgetpeerucred libc_getpeerucred
+//go:linkname procucred_get libc_ucred_get
+//go:linkname procucred_geteuid libc_ucred_geteuid
+//go:linkname procucred_getegid libc_ucred_getegid
+//go:linkname procucred_getruid libc_ucred_getruid
+//go:linkname procucred_getrgid libc_ucred_getrgid
+//go:linkname procucred_getsuid libc_ucred_getsuid
+//go:linkname procucred_getsgid libc_ucred_getsgid
+//go:linkname procucred_getpid libc_ucred_getpid
+//go:linkname procucred_free libc_ucred_free
//go:linkname procport_create libc_port_create
//go:linkname procport_associate libc_port_associate
//go:linkname procport_dissociate libc_port_dissociate
@@ -420,6 +440,16 @@ var (
procgetpeername,
procsetsockopt,
procrecvfrom,
+ procgetpeerucred,
+ procucred_get,
+ procucred_geteuid,
+ procucred_getegid,
+ procucred_getruid,
+ procucred_getrgid,
+ procucred_getsuid,
+ procucred_getsgid,
+ procucred_getpid,
+ procucred_free,
procport_create,
procport_associate,
procport_dissociate,
@@ -2029,6 +2059,90 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func getpeerucred(fd uintptr, ucred *uintptr) (err error) {
+ _, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procgetpeerucred)), 2, uintptr(fd), uintptr(unsafe.Pointer(ucred)), 0, 0, 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGet(pid int) (ucred uintptr, err error) {
+ r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procucred_get)), 1, uintptr(pid), 0, 0, 0, 0, 0)
+ ucred = uintptr(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGeteuid(ucred uintptr) (uid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_geteuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetegid(ucred uintptr) (gid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getegid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetruid(ucred uintptr) (uid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getruid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetrgid(ucred uintptr) (gid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getrgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetsuid(ucred uintptr) (uid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsuid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetsgid(ucred uintptr) (gid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getsgid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredGetpid(ucred uintptr) (pid int) {
+ r0, _, _ := sysvicall6(uintptr(unsafe.Pointer(&procucred_getpid)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ pid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func ucredFree(ucred uintptr) {
+ sysvicall6(uintptr(unsafe.Pointer(&procucred_free)), 1, uintptr(ucred), 0, 0, 0, 0, 0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func port_create() (n int, err error) {
r0, _, e1 := sysvicall6(uintptr(unsafe.Pointer(&procport_create)), 0, 0, 0, 0, 0, 0, 0)
n = int(r0)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index 524b0820cbc2ee32a4598fa64ebbe64cec2a9dda..c79aaff306ae3eebf5d338ac84c4d478f566c485 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -458,4 +458,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index f485dbf4565671fd01bc685d7de256cbbac0dee2..5eb450695e95a819f1756ff2241adda0588cf628 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -381,4 +381,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 70b35bf3b09f68cb6bd6c4065b4248ed02657766..05e5029744586103a94d9482fe3dac1bb9ca607f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -422,4 +422,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 1893e2fe884044dc9724126bf8565ca9fca04748..38c53ec51bb3e6b6fff2b168f1351758d99b6b05 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -325,4 +325,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index 16a4017da0ab2fbb8868a34cf7e90df9b052577e..31d2e71a18e17f4cd6fdd3a16f8ecffa1c2cdc91 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -321,4 +321,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 7e567f1efff21dabc0bbb99d82ac79568fa0c71e..f4184a336b0e02d1ff0a976a4d47d01667072ff7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -442,4 +442,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 4460
SYS_LSM_LIST_MODULES = 4461
SYS_MSEAL = 4462
+ SYS_SETXATTRAT = 4463
+ SYS_GETXATTRAT = 4464
+ SYS_LISTXATTRAT = 4465
+ SYS_REMOVEXATTRAT = 4466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index 38ae55e5ef8564b859a937192e6e7ff9ff75404d..05b9962278f2760f8134c2396859cb9c142fa0a2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -372,4 +372,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 5460
SYS_LSM_LIST_MODULES = 5461
SYS_MSEAL = 5462
+ SYS_SETXATTRAT = 5463
+ SYS_GETXATTRAT = 5464
+ SYS_LISTXATTRAT = 5465
+ SYS_REMOVEXATTRAT = 5466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 55e92e60a82abed887cc2e86929cf413ccc1f0e7..43a256e9e6758502f2f5883e3c43c29bb05f2bff 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -372,4 +372,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 5460
SYS_LSM_LIST_MODULES = 5461
SYS_MSEAL = 5462
+ SYS_SETXATTRAT = 5463
+ SYS_GETXATTRAT = 5464
+ SYS_LISTXATTRAT = 5465
+ SYS_REMOVEXATTRAT = 5466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index 60658d6a021f66f19d23ed38f6eae448f0fa1b21..eea5ddfc220774443034d5ad1b052c17347d626e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -442,4 +442,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 4460
SYS_LSM_LIST_MODULES = 4461
SYS_MSEAL = 4462
+ SYS_SETXATTRAT = 4463
+ SYS_GETXATTRAT = 4464
+ SYS_LISTXATTRAT = 4465
+ SYS_REMOVEXATTRAT = 4466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index e203e8a7ed4b2c76d1a08ccda193c17f82fc7e93..0d777bfbb1408e2c32b03fdc2b5652157b3872a8 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -449,4 +449,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index 5944b97d54604ea41a1dea195b26f3bd1f387343..b44636502561e6953318bb9cc942be9616340bc9 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -421,4 +421,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index c66d416dad1ccb56f1196d99545460f9d658f092..0c7d21c18816539b4d6856dbcf44f56b4217c421 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -421,4 +421,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index a5459e766f59dbfbd2751e1ecc5f7f1c4561bfb4..8405391698787a00552d807260232ad8680fd332 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -326,4 +326,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index 01d86825bb926417fbc8c9e69c5ecb5bb599d683..fcf1b790d6cfd31996ab2f95beb8f965657e70be 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -387,4 +387,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index 7b703e77cda8450621f3892f1a03d7e698f12cee..52d15b5f9d4597c74ff988c7893a0f2710963e3f 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -400,4 +400,8 @@ const (
SYS_LSM_SET_SELF_ATTR = 460
SYS_LSM_LIST_MODULES = 461
SYS_MSEAL = 462
+ SYS_SETXATTRAT = 463
+ SYS_GETXATTRAT = 464
+ SYS_LISTXATTRAT = 465
+ SYS_REMOVEXATTRAT = 466
)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 5537148dcbb3dee0a8d5c8c85f5566895decc8db..a46abe64720547a72a90330c2aa29113b4ef0552 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -4747,7 +4747,7 @@ const (
NL80211_ATTR_MAC_HINT = 0xc8
NL80211_ATTR_MAC_MASK = 0xd7
NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca
- NL80211_ATTR_MAX = 0x14c
+ NL80211_ATTR_MAX = 0x14d
NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4
NL80211_ATTR_MAX_CSA_COUNTERS = 0xce
NL80211_ATTR_MAX_MATCH_SETS = 0x85
@@ -5519,7 +5519,7 @@ const (
NL80211_MNTR_FLAG_CONTROL = 0x3
NL80211_MNTR_FLAG_COOK_FRAMES = 0x5
NL80211_MNTR_FLAG_FCSFAIL = 0x1
- NL80211_MNTR_FLAG_MAX = 0x6
+ NL80211_MNTR_FLAG_MAX = 0x7
NL80211_MNTR_FLAG_OTHER_BSS = 0x4
NL80211_MNTR_FLAG_PLCPFAIL = 0x2
NL80211_MPATH_FLAG_ACTIVE = 0x1
@@ -6174,3 +6174,5 @@ type SockDiagReq struct {
Family uint8
Protocol uint8
}
+
+const RTM_NEWNVLAN = 0x70
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 47a729be0b99bc126de50baeeea206b650ee52bf..f951bdb0c42d374698ae958a8a67af31cc657100 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -38,8 +38,8 @@ github.com/Azure/go-ntlmssp
# github.com/NYTimes/gziphandler v1.1.1
## explicit; go 1.11
github.com/NYTimes/gziphandler
-# github.com/ProtonMail/go-crypto v1.1.5
-## explicit; go 1.17
+# github.com/ProtonMail/go-crypto v1.2.0
+## explicit; go 1.22.0
github.com/ProtonMail/go-crypto/bitcurves
github.com/ProtonMail/go-crypto/brainpool
github.com/ProtonMail/go-crypto/eax
@@ -64,8 +64,8 @@ github.com/ProtonMail/go-crypto/openpgp/s2k
github.com/ProtonMail/go-crypto/openpgp/v2
github.com/ProtonMail/go-crypto/openpgp/x25519
github.com/ProtonMail/go-crypto/openpgp/x448
-# github.com/ProtonMail/gopenpgp/v3 v3.1.2
-## explicit; go 1.17
+# github.com/ProtonMail/gopenpgp/v3 v3.2.0
+## explicit; go 1.22.0
github.com/ProtonMail/gopenpgp/v3/armor
github.com/ProtonMail/gopenpgp/v3/constants
github.com/ProtonMail/gopenpgp/v3/crypto
@@ -91,8 +91,8 @@ github.com/cenkalti/backoff/v4
# github.com/cespare/xxhash/v2 v2.3.0
## explicit; go 1.11
github.com/cespare/xxhash/v2
-# github.com/cloudflare/circl v1.3.7
-## explicit; go 1.19
+# github.com/cloudflare/circl v1.6.0
+## explicit; go 1.22.0
github.com/cloudflare/circl/dh/x25519
github.com/cloudflare/circl/dh/x448
github.com/cloudflare/circl/ecc/goldilocks
@@ -197,7 +197,6 @@ github.com/openzipkin/zipkin-go/model
github.com/patrickmn/go-cache
# github.com/pkg/errors v0.9.1
## explicit
-github.com/pkg/errors
# github.com/pquerna/otp v1.4.0
## explicit; go 1.12
github.com/pquerna/otp
@@ -274,11 +273,13 @@ go.opentelemetry.io/otel/sdk/trace
# go.opentelemetry.io/otel/trace v1.10.0
## explicit; go 1.17
go.opentelemetry.io/otel/trace
-# golang.org/x/crypto v0.32.0
+# golang.org/x/crypto v0.33.0
## explicit; go 1.20
golang.org/x/crypto/argon2
golang.org/x/crypto/blake2b
golang.org/x/crypto/cast5
+golang.org/x/crypto/cryptobyte
+golang.org/x/crypto/cryptobyte/asn1
golang.org/x/crypto/ed25519
golang.org/x/crypto/hkdf
golang.org/x/crypto/md4
@@ -293,7 +294,7 @@ golang.org/x/net/publicsuffix
## explicit; go 1.18
golang.org/x/sync/errgroup
golang.org/x/sync/singleflight
-# golang.org/x/sys v0.29.0
+# golang.org/x/sys v0.30.0
## explicit; go 1.18
golang.org/x/sys/cpu
golang.org/x/sys/unix