forked from toolshed/abra
		
	chore: bump deps
This commit is contained in:
		
							
								
								
									
										124
									
								
								vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
									
									
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										124
									
								
								vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
									
									
									
										generated
									
									
										vendored
									
									
								
							| @ -253,34 +253,12 @@ func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entit | ||||
| 	} | ||||
|  | ||||
| 	var hash crypto.Hash | ||||
| 	for _, hashId := range candidateHashes { | ||||
| 		if h, ok := algorithm.HashIdToHash(hashId); ok && h.Available() { | ||||
| 			hash = h | ||||
| 			break | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	// If the hash specified by config is a candidate, we'll use that. | ||||
| 	if configuredHash := config.Hash(); configuredHash.Available() { | ||||
| 		for _, hashId := range candidateHashes { | ||||
| 			if h, ok := algorithm.HashIdToHash(hashId); ok && h == configuredHash { | ||||
| 				hash = h | ||||
| 				break | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	if hash == 0 { | ||||
| 		hashId := candidateHashes[0] | ||||
| 		name, ok := algorithm.HashIdToString(hashId) | ||||
| 		if !ok { | ||||
| 			name = "#" + strconv.Itoa(int(hashId)) | ||||
| 		} | ||||
| 		return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)") | ||||
| 	} | ||||
|  | ||||
| 	var salt []byte | ||||
| 	if signer != nil { | ||||
| 		if hash, err = selectHash(candidateHashes, config.Hash(), signer); err != nil { | ||||
| 			return nil, err | ||||
| 		} | ||||
|  | ||||
| 		var opsVersion = 3 | ||||
| 		if signer.Version == 6 { | ||||
| 			opsVersion = signer.Version | ||||
| @ -558,13 +536,34 @@ func (s signatureWriter) Close() error { | ||||
| 	return s.encryptedData.Close() | ||||
| } | ||||
|  | ||||
| func selectHashForSigningKey(config *packet.Config, signer *packet.PublicKey) crypto.Hash { | ||||
| 	acceptableHashes := acceptableHashesToWrite(signer) | ||||
| 	hash, ok := algorithm.HashToHashId(config.Hash()) | ||||
| 	if !ok { | ||||
| 		return config.Hash() | ||||
| 	} | ||||
| 	for _, acceptableHashes := range acceptableHashes { | ||||
| 		if acceptableHashes == hash { | ||||
| 			return config.Hash() | ||||
| 		} | ||||
| 	} | ||||
| 	if len(acceptableHashes) > 0 { | ||||
| 		defaultAcceptedHash, ok := algorithm.HashIdToHash(acceptableHashes[0]) | ||||
| 		if ok { | ||||
| 			return defaultAcceptedHash | ||||
| 		} | ||||
| 	} | ||||
| 	return config.Hash() | ||||
| } | ||||
|  | ||||
| func createSignaturePacket(signer *packet.PublicKey, sigType packet.SignatureType, config *packet.Config) *packet.Signature { | ||||
| 	sigLifetimeSecs := config.SigLifetime() | ||||
| 	hash := selectHashForSigningKey(config, signer) | ||||
| 	return &packet.Signature{ | ||||
| 		Version:           signer.Version, | ||||
| 		SigType:           sigType, | ||||
| 		PubKeyAlgo:        signer.PubKeyAlgo, | ||||
| 		Hash:              config.Hash(), | ||||
| 		Hash:              hash, | ||||
| 		CreationTime:      config.Now(), | ||||
| 		IssuerKeyId:       &signer.KeyId, | ||||
| 		IssuerFingerprint: signer.Fingerprint, | ||||
| @ -618,3 +617,74 @@ func handleCompression(compressed io.WriteCloser, candidateCompression []uint8, | ||||
| 	} | ||||
| 	return data, nil | ||||
| } | ||||
|  | ||||
| // selectHash selects the preferred hash given the candidateHashes and the configuredHash | ||||
| func selectHash(candidateHashes []byte, configuredHash crypto.Hash, signer *packet.PrivateKey) (hash crypto.Hash, err error) { | ||||
| 	acceptableHashes := acceptableHashesToWrite(&signer.PublicKey) | ||||
| 	candidateHashes = intersectPreferences(acceptableHashes, candidateHashes) | ||||
|  | ||||
| 	for _, hashId := range candidateHashes { | ||||
| 		if h, ok := algorithm.HashIdToHash(hashId); ok && h.Available() { | ||||
| 			hash = h | ||||
| 			break | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	// If the hash specified by config is a candidate, we'll use that. | ||||
| 	if configuredHash.Available() { | ||||
| 		for _, hashId := range candidateHashes { | ||||
| 			if h, ok := algorithm.HashIdToHash(hashId); ok && h == configuredHash { | ||||
| 				hash = h | ||||
| 				break | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	if hash == 0 { | ||||
| 		if len(acceptableHashes) > 0 { | ||||
| 			if h, ok := algorithm.HashIdToHash(acceptableHashes[0]); ok { | ||||
| 				hash = h | ||||
| 			} else { | ||||
| 				return 0, errors.UnsupportedError("no candidate hash functions are compiled in.") | ||||
| 			} | ||||
| 		} else { | ||||
| 			return 0, errors.UnsupportedError("no candidate hash functions are compiled in.") | ||||
| 		} | ||||
| 	} | ||||
| 	return | ||||
| } | ||||
|  | ||||
| func acceptableHashesToWrite(singingKey *packet.PublicKey) []uint8 { | ||||
| 	switch singingKey.PubKeyAlgo { | ||||
| 	case packet.PubKeyAlgoEd448: | ||||
| 		return []uint8{ | ||||
| 			hashToHashId(crypto.SHA512), | ||||
| 			hashToHashId(crypto.SHA3_512), | ||||
| 		} | ||||
| 	case packet.PubKeyAlgoECDSA, packet.PubKeyAlgoEdDSA: | ||||
| 		if curve, err := singingKey.Curve(); err == nil { | ||||
| 			if curve == packet.Curve448 || | ||||
| 				curve == packet.CurveNistP521 || | ||||
| 				curve == packet.CurveBrainpoolP512 { | ||||
| 				return []uint8{ | ||||
| 					hashToHashId(crypto.SHA512), | ||||
| 					hashToHashId(crypto.SHA3_512), | ||||
| 				} | ||||
| 			} else if curve == packet.CurveBrainpoolP384 || | ||||
| 				curve == packet.CurveNistP384 { | ||||
| 				return []uint8{ | ||||
| 					hashToHashId(crypto.SHA384), | ||||
| 					hashToHashId(crypto.SHA512), | ||||
| 					hashToHashId(crypto.SHA3_512), | ||||
| 				} | ||||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 	return []uint8{ | ||||
| 		hashToHashId(crypto.SHA256), | ||||
| 		hashToHashId(crypto.SHA384), | ||||
| 		hashToHashId(crypto.SHA512), | ||||
| 		hashToHashId(crypto.SHA3_256), | ||||
| 		hashToHashId(crypto.SHA3_512), | ||||
| 	} | ||||
| } | ||||
|  | ||||
		Reference in New Issue
	
	Block a user