Add vendor folder to git

2026-04-07 02:07:58 +00:00 · 2017-06-26 19:23:05 +03:00 · 2017-06-26 19:23:05 +03:00 · 183585f56f
commit 183585f56f
parent 66cf5eaafb
6916 changed files with 2629581 additions and 1 deletions
--- a/vendor/github.com/coreos/pkg/cryptoutil/aes.go
+++ b/vendor/github.com/coreos/pkg/cryptoutil/aes.go
@ -0,0 +1,94 @@
+package cryptoutil
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"errors"
+)
+
+// pad uses the PKCS#7 padding scheme to align the a payload to a specific block size
+func pad(plaintext []byte, bsize int) ([]byte, error) {
+	if bsize >= 256 {
+		return nil, errors.New("bsize must be < 256")
+	}
+	pad := bsize - (len(plaintext) % bsize)
+	if pad == 0 {
+		pad = bsize
+	}
+	for i := 0; i < pad; i++ {
+		plaintext = append(plaintext, byte(pad))
+	}
+	return plaintext, nil
+}
+
+// unpad strips the padding previously added using the PKCS#7 padding scheme
+func unpad(paddedtext []byte) ([]byte, error) {
+	length := len(paddedtext)
+	paddedtext, lbyte := paddedtext[:length-1], paddedtext[length-1]
+	pad := int(lbyte)
+	if pad >= 256 || pad > length {
+		return nil, errors.New("padding malformed")
+	}
+	return paddedtext[:length-(pad)], nil
+}
+
+// AESEncrypt encrypts a payload with an AES cipher.
+// The returned ciphertext has three notable properties:
+// 1. ciphertext is aligned to the standard AES block size
+// 2. ciphertext is padded using PKCS#7
+// 3. IV is prepended to the ciphertext
+func AESEncrypt(plaintext, key []byte) ([]byte, error) {
+	plaintext, err := pad(plaintext, aes.BlockSize)
+	if err != nil {
+		return nil, err
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := rand.Read(iv); err != nil {
+		return nil, err
+	}
+
+	mode := cipher.NewCBCEncrypter(block, iv)
+	mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
+
+	return ciphertext, nil
+}
+
+// AESDecrypt decrypts an encrypted payload with an AES cipher.
+// The decryption algorithm makes three assumptions:
+// 1. ciphertext is aligned to the standard AES block size
+// 2. ciphertext is padded using PKCS#7
+// 3. the IV is prepended to ciphertext
+func AESDecrypt(ciphertext, key []byte) ([]byte, error) {
+	if len(ciphertext) < aes.BlockSize {
+		return nil, errors.New("ciphertext too short")
+	}
+
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+
+	if len(ciphertext)%aes.BlockSize != 0 {
+		return nil, errors.New("ciphertext is not a multiple of the block size")
+	}
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return nil, err
+	}
+
+	mode := cipher.NewCBCDecrypter(block, iv)
+	mode.CryptBlocks(ciphertext, ciphertext)
+
+	if len(ciphertext)%aes.BlockSize != 0 {
+		return nil, errors.New("ciphertext is not a multiple of the block size")
+	}
+
+	return unpad(ciphertext)
+}
--- a/vendor/github.com/coreos/pkg/cryptoutil/aes_test.go
+++ b/vendor/github.com/coreos/pkg/cryptoutil/aes_test.go
@ -0,0 +1,93 @@
+package cryptoutil
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestPadUnpad(t *testing.T) {
+	tests := []struct {
+		plaintext []byte
+		bsize     int
+		padded    []byte
+	}{
+		{
+			plaintext: []byte{1, 2, 3, 4},
+			bsize:     7,
+			padded:    []byte{1, 2, 3, 4, 3, 3, 3},
+		},
+		{
+			plaintext: []byte{1, 2, 3, 4, 5, 6, 7},
+			bsize:     3,
+			padded:    []byte{1, 2, 3, 4, 5, 6, 7, 2, 2},
+		},
+		{
+			plaintext: []byte{9, 9, 9, 9},
+			bsize:     4,
+			padded:    []byte{9, 9, 9, 9, 4, 4, 4, 4},
+		},
+	}
+
+	for i, tt := range tests {
+		padded, err := pad(tt.plaintext, tt.bsize)
+		if err != nil {
+			t.Errorf("case %d: unexpected error: %v", i, err)
+			continue
+		}
+		if !reflect.DeepEqual(tt.padded, padded) {
+			t.Errorf("case %d: want=%v got=%v", i, tt.padded, padded)
+			continue
+		}
+
+		plaintext, err := unpad(tt.padded)
+		if err != nil {
+			t.Errorf("case %d: unexpected error: %v", i, err)
+			continue
+		}
+		if !reflect.DeepEqual(tt.plaintext, plaintext) {
+			t.Errorf("case %d: want=%v got=%v", i, tt.plaintext, plaintext)
+			continue
+		}
+	}
+}
+
+func TestPadMaxBlockSize(t *testing.T) {
+	_, err := pad([]byte{1, 2, 3}, 256)
+	if err == nil {
+		t.Errorf("Expected non-nil error")
+	}
+}
+
+func TestAESEncryptDecrypt(t *testing.T) {
+	message := []byte("Let me worry about blank.")
+	key := append([]byte("shark"), make([]byte, 27)...)
+
+	ciphertext, err := AESEncrypt(message, key)
+	if err != nil {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+	if reflect.DeepEqual(message, ciphertext) {
+		t.Fatal("Encrypted data matches original payload")
+	}
+
+	decrypted, err := AESDecrypt(ciphertext, key)
+	if !reflect.DeepEqual(message, decrypted) {
+		t.Fatalf("Decrypted data does not match original payload: want=%v got=%v", message, decrypted)
+	}
+}
+
+func TestAESDecryptWrongKey(t *testing.T) {
+	message := []byte("My bones!")
+	key := append([]byte("shark"), make([]byte, 27)...)
+
+	ciphertext, err := AESEncrypt(message, key)
+	if err != nil {
+		t.Fatalf("Unexpected error: %v", err)
+	}
+
+	wrongKey := append([]byte("sheep"), make([]byte, 27)...)
+	decrypted, _ := AESDecrypt(ciphertext, wrongKey)
+	if reflect.DeepEqual(message, decrypted) {
+		t.Fatalf("Data decrypted with different key matches original payload")
+	}
+}