You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by ut...@apache.org on 2018/10/12 16:07:58 UTC
[mynewt-newt] 02/04: Add vendored go-aes-key-wrap
This is an automated email from the ASF dual-hosted git repository.
utzig pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mynewt-newt.git
commit d7f1c69a6817ee5a2670101a183e30298780a9b2
Author: Fabio Utzig <ut...@apache.org>
AuthorDate: Tue Sep 11 20:26:55 2018 -0300
Add vendored go-aes-key-wrap
---
.rat-excludes | 3 +
.../github.com/NickBall/go-aes-key-wrap/.gitignore | 14 +++
.../NickBall/go-aes-key-wrap/.travis.yml | 7 ++
vendor/github.com/NickBall/go-aes-key-wrap/LICENSE | 21 ++++
.../github.com/NickBall/go-aes-key-wrap/README.md | 4 +
.../github.com/NickBall/go-aes-key-wrap/keywrap.go | 111 +++++++++++++++++++++
6 files changed, 160 insertions(+)
diff --git a/.rat-excludes b/.rat-excludes
index e305895..bc81e58 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -71,3 +71,6 @@ ugorji
# go-coap - MIT license.
go-coap
+
+# go-aes-key-wrap - MIT license.
+go-aes-key-wrap
diff --git a/vendor/github.com/NickBall/go-aes-key-wrap/.gitignore b/vendor/github.com/NickBall/go-aes-key-wrap/.gitignore
new file mode 100644
index 0000000..a1338d6
--- /dev/null
+++ b/vendor/github.com/NickBall/go-aes-key-wrap/.gitignore
@@ -0,0 +1,14 @@
+# Binaries for programs and plugins
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
+.glide/
diff --git a/vendor/github.com/NickBall/go-aes-key-wrap/.travis.yml b/vendor/github.com/NickBall/go-aes-key-wrap/.travis.yml
new file mode 100644
index 0000000..714bd3d
--- /dev/null
+++ b/vendor/github.com/NickBall/go-aes-key-wrap/.travis.yml
@@ -0,0 +1,7 @@
+language: go
+go:
+ - 1.x
+script:
+ - go test -race -coverprofile=coverage.txt -covermode=atomic
+after_success:
+ - bash <(curl -s https://codecov.io/bash)
diff --git a/vendor/github.com/NickBall/go-aes-key-wrap/LICENSE b/vendor/github.com/NickBall/go-aes-key-wrap/LICENSE
new file mode 100644
index 0000000..1ccb4e1
--- /dev/null
+++ b/vendor/github.com/NickBall/go-aes-key-wrap/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Nick Ball
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/NickBall/go-aes-key-wrap/README.md b/vendor/github.com/NickBall/go-aes-key-wrap/README.md
new file mode 100644
index 0000000..d29469e
--- /dev/null
+++ b/vendor/github.com/NickBall/go-aes-key-wrap/README.md
@@ -0,0 +1,4 @@
+[![Build Status](https://travis-ci.org/NickBall/go-aes-key-wrap.svg?branch=master)](https://travis-ci.org/NickBall/go-aes-key-wrap) [![Go Report Card](https://goreportcard.com/badge/github.com/nickball/go-aes-key-wrap)](https://goreportcard.com/report/github.com/nickball/go-aes-key-wrap) [![codecov](https://codecov.io/gh/nickball/go-aes-key-wrap/branch/master/graph/badge.svg)](https://codecov.io/gh/nickball/go-aes-key-wrap)
+
+# go-aes-key-wrap
+Golang implementation of the AES Key Wrap algorithm as specified in RFC 3394
diff --git a/vendor/github.com/NickBall/go-aes-key-wrap/keywrap.go b/vendor/github.com/NickBall/go-aes-key-wrap/keywrap.go
new file mode 100644
index 0000000..0b90bd3
--- /dev/null
+++ b/vendor/github.com/NickBall/go-aes-key-wrap/keywrap.go
@@ -0,0 +1,111 @@
+//Package keywrap provides an AES-KW keywrap implementation as defined in RFC-3394
+package keywrap
+
+import (
+ "crypto/cipher"
+ "crypto/subtle"
+ "encoding/binary"
+ "errors"
+)
+
+//defaultIV as specified in RFC-3394
+var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6}
+
+//Wrap encrypts the provided key data (cek) with the given AES cipher (and corresponding key), using the AES Key Wrap algorithm (RFC-3394)
+func Wrap(block cipher.Block, cek []byte) ([]byte, error) {
+ if len(cek)%8 != 0 {
+ return nil, errors.New("cek must be in 8-byte blocks")
+ }
+
+ //Initialize variables
+ a := make([]byte, 8)
+ copy(a, defaultIV)
+ n := len(cek) / 8
+
+ //Calculate intermediate
+ r := make([][]byte, n)
+ for i := range r {
+ r[i] = make([]byte, 8)
+ copy(r[i], cek[i*8:])
+ }
+
+ for j := 0; j <= 5; j++ {
+ for i := 1; i <= n; i++ {
+ b := arrConcat(a, r[i-1])
+ block.Encrypt(b, b)
+
+ t := (n * j) + i
+ tBytes := make([]byte, 8)
+ binary.BigEndian.PutUint64(tBytes, uint64(t))
+
+ copy(a, arrXor(b[:len(b)/2], tBytes))
+ copy(r[i-1], b[len(b)/2:])
+ }
+ }
+
+ //Output
+ c := make([]byte, (n+1)*8)
+ copy(c, a)
+ for i := 1; i <= n; i++ {
+ for j := range r[i-1] {
+ c[(i*8)+j] = r[i-1][j]
+ }
+ }
+ return c, nil
+}
+
+//Unwrap decrypts the provided cipher text with the given AES cipher (and corresponding key), using the AES Key Wrap algorithm (RFC-3394).
+//The decrypted cipher text is verified using the default IV and will return an error if validation fails.
+func Unwrap(block cipher.Block, cipherText []byte) ([]byte, error) {
+ //Initialize variables
+ a := make([]byte, 8)
+ n := (len(cipherText) / 8) - 1
+
+ r := make([][]byte, n)
+ for i := range r {
+ r[i] = make([]byte, 8)
+ copy(r[i], cipherText[(i+1)*8:])
+ }
+ copy(a, cipherText[:8])
+
+ //Compute intermediate values
+ for j := 5; j >= 0; j-- {
+ for i := n; i >= 1; i-- {
+ t := (n * j) + i
+ tBytes := make([]byte, 8)
+ binary.BigEndian.PutUint64(tBytes, uint64(t))
+
+ b := arrConcat(arrXor(a, tBytes), r[i-1])
+ block.Decrypt(b, b)
+
+ copy(a, b[:len(b)/2])
+ copy(r[i-1], b[len(b)/2:])
+ }
+ }
+
+ if subtle.ConstantTimeCompare(a, defaultIV) != 1 {
+ return nil, errors.New("integrity check failed - unexpected IV")
+ }
+
+ //Output
+ c := arrConcat(r...)
+ return c, nil
+}
+
+func arrConcat(arrays ...[]byte) []byte {
+ out := make([]byte, len(arrays[0]))
+ copy(out, arrays[0])
+ for _, array := range arrays[1:] {
+ out = append(out, array...)
+ }
+
+ return out
+}
+
+func arrXor(arrL []byte, arrR []byte) []byte {
+ out := make([]byte, len(arrL))
+ for x := range arrL {
+ out[x] = arrL[x] ^ arrR[x]
+ }
+ return out
+}