vendor

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/aws/aws-sdk-go v1.36.0 // indirect
 	github.com/axw/gocov v1.0.0
+	github.com/codahale/etm v0.0.0-20141003032925-c00c9e6fb4c9
 	github.com/containers/image/v5 v5.8.1
 	github.com/containers/libtrust v0.0.0-20200511145503-9c3a6c22cd9a // indirect
 	github.com/containers/storage v1.24.1 // indirect

go.sum

@@ -341,6 +341,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
 github.com/cockroachdb/cockroach-go v0.0.0-20181001143604-e0a95dfd547c/go.mod h1:XGLbWH/ujMcbPbhZq52Nv6UrCghb1yGn//133kEsvDk=
 github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
+github.com/codahale/etm v0.0.0-20141003032925-c00c9e6fb4c9 h1:88tJLy+/ao5kPBv1EtNyduXeWrTHV47seJPgI7pWgDs=
+github.com/codahale/etm v0.0.0-20141003032925-c00c9e6fb4c9/go.mod h1:jy75q4Q7stkoOx8bCRnIm0t1Vh6Pt4OJvcwA9+oJsqI=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
 github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM=
 github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=

vendor/github.com/codahale/etm/.travis.yml

@@ -0,0 +1,9 @@
+language: go
+go:
+  - 1.3.3
+notifications:
+  # See http://about.travis-ci.org/docs/user/build-configuration/ to learn more
+  # about configuring notification recipients and more.
+  email:
+    recipients:
+      - coda.hale@gmail.com

vendor/github.com/codahale/etm/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Coda Hale
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

vendor/github.com/codahale/etm/README.md

@@ -0,0 +1,9 @@
+etm
+===
+
+[![Build Status](https://travis-ci.org/codahale/etm.png?branch=master)](https://travis-ci.org/codahale/etm)
+
+A Go implementation of AES/CBC/HMAC-based AEAD constructions from
+[draft-mcgrew-aead-aes-cbc-hmac-sha2-02](http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-02).
+
+For documentation, check [godoc](http://godoc.org/github.com/codahale/etm).

vendor/github.com/codahale/etm/etm.go

@@ -0,0 +1,270 @@
+// Package etm provides a set of Encrypt-Then-MAC AEAD implementations, which
+// combine block ciphers like AES with HMACs.
+//
+// AEADs
+//
+// An AEAD (Authenticated Encryption with Associated Data) construction provides
+// a unified API for sealing messages in a way which provides both
+// confidentiality *and* integrity.
+//
+// This not only prevents malicious tampering but also eliminates online attacks
+// like padding oracle attacks which can allow an attacker to recover plaintexts
+// without knowledge of the secret key (e.g., Lucky 13 attack, BEAST attack,
+// etc.).
+//
+// By rejecting ciphertexts which have been modified, these types of attacks are
+// eliminated.
+//
+// Constructions
+//
+// This package implements five proposed standards:
+//
+//		AEAD_AES_128_CBC_HMAC_SHA_256
+//		AEAD_AES_192_CBC_HMAC_SHA_384
+//		AEAD_AES_256_CBC_HMAC_SHA_384
+//		AEAD_AES_256_CBC_HMAC_SHA_512
+//		AEAD_AES_128_CBC_HMAC_SHA1
+//
+// All five constructions combine AES in CBC mode with an HMAC, but vary in the
+// degree of security offered and the amount of overhead required. See
+// http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-02 for full
+// technical details.
+//
+// AES-128-CBC-HMAC-SHA-256
+//
+// AEAD_AES_128_CBC_HMAC_SHA_256 requires a 32-byte key, provides 128 bits of
+// security for both confidentiality and integrity, and adds up to 56 bytes of
+// overhead per message.
+//
+// AES-192-CBC-HMAC-SHA-384
+//
+// AEAD_AES_192_CBC_HMAC_SHA_384 requires a 48-byte key, provides 192 bits of
+// security for both confidentiality and integrity, and adds up to 64 bytes of
+// overhead per message.
+//
+// AES-256-CBC-HMAC-SHA-384
+//
+// AEAD_AES_256_CBC_HMAC_SHA_384 requires a 56-byte key, provides 256 bits of
+// security for confidentiality, provides 192 bits of security for integrity, and
+// adds up to 64 bytes of overhead per message.
+//
+// AES-256-CBC-HMAC-SHA-512
+//
+// AEAD_AES_256_CBC_HMAC_SHA_512 requires a 64-byte key, provides 256 bits of
+// security for both confidentiality and integrity, and adds up to 72 bytes of
+// overhead per message.
+//
+// AES-128-CBC-HMAC-SHA1
+//
+// AEAD_AES_128_CBC_HMAC_SHA1 requires a 36-byte key, provides 128 bits of
+// security for confidentiality, provides 96 bits of security for integrity, and
+// adds up to 52 bytes of overhead per message. (This construction uses SHA-1,
+// and should only be used when the use of SHA2 is not possible.)
+package etm
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/hmac"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
+	"encoding/binary"
+	"errors"
+	"fmt"
+	"hash"
+)
+
+// NewAES128SHA256 returns an AEAD_AES_128_CBC_HMAC_SHA_256 instance given a
+// 32-byte key or an error if the key is the wrong size.
+// AEAD_AES_128_CBC_HMAC_SHA_256 combines AES-128 in CBC mode with
+// HMAC-SHA-256-128.
+func NewAES128SHA256(key []byte) (cipher.AEAD, error) {
+	return create(etmParams{
+		cipherParams: aesCBC,
+		macAlg:       sha256.New,
+		encKeySize:   16,
+		macKeySize:   16,
+		tagSize:      16,
+		key:          key,
+	})
+}
+
+// NewAES192SHA384 returns an AEAD_AES_192_CBC_HMAC_SHA_384 instance given a
+// 48-byte key or an error if the key is the wrong size.
+// AEAD_AES_192_CBC_HMAC_SHA_384 combines AES-192 in CBC mode with
+// HMAC-SHA-384-192.
+func NewAES192SHA384(key []byte) (cipher.AEAD, error) {
+	return create(etmParams{
+		cipherParams: aesCBC,
+		macAlg:       sha512.New384,
+		encKeySize:   24,
+		macKeySize:   24,
+		tagSize:      24,
+		key:          key,
+	})
+}
+
+// NewAES256SHA384 returns an AEAD_AES_256_CBC_HMAC_SHA_384 instance given a
+// 56-byte key or an error if the key is the wrong size.
+// AEAD_AES_256_CBC_HMAC_SHA_384 combines AES-256 in CBC mode with
+// HMAC-SHA-384-192.
+func NewAES256SHA384(key []byte) (cipher.AEAD, error) {
+	return create(etmParams{
+		cipherParams: aesCBC,
+		macAlg:       sha512.New384,
+		encKeySize:   32,
+		macKeySize:   24,
+		tagSize:      24,
+		key:          key,
+	})
+}
+
+// NewAES256SHA512 returns an AEAD_AES_256_CBC_HMAC_SHA_512 instance given a
+// 64-byte key or an error if the key is the wrong size.
+// AEAD_AES_256_CBC_HMAC_SHA_512 combines AES-256 in CBC mode with
+// HMAC-SHA-512-256.
+func NewAES256SHA512(key []byte) (cipher.AEAD, error) {
+	return create(etmParams{
+		cipherParams: aesCBC,
+		macAlg:       sha512.New,
+		encKeySize:   32,
+		macKeySize:   32,
+		tagSize:      32,
+		key:          key,
+	})
+}
+
+// NewAES128SHA1 returns an AEAD_AES_128_CBC_HMAC_SHA1 instance given a 36-byte
+// key or an error if the key is the wrong size.
+// AEAD_AES_128_CBC_HMAC_SHA1 combines AES-128 in CBC mode with HMAC-SHA1-96.
+func NewAES128SHA1(key []byte) (cipher.AEAD, error) {
+	return create(etmParams{
+		cipherParams: aesCBC,
+		macAlg:       sha1.New,
+		encKeySize:   16,
+		macKeySize:   20,
+		tagSize:      12,
+		key:          key,
+	})
+}
+
+type etmParams struct {
+	cipherParams
+	encKeySize, macKeySize, tagSize int
+
+	key    []byte
+	macAlg func() hash.Hash
+}
+
+func create(p etmParams) (cipher.AEAD, error) {
+	l := p.encKeySize + p.macKeySize
+	if len(p.key) != l {
+		return nil, fmt.Errorf("etm: key must be %d bytes long", l)
+	}
+	encKey, macKey := split(p.key, p.encKeySize, p.macKeySize)
+	return &etmAEAD{
+		etmParams: p,
+		encKey:    encKey,
+		macKey:    macKey,
+	}, nil
+}
+
+const (
+	dataLenSize = 8
+)
+
+type etmAEAD struct {
+	etmParams
+	encKey, macKey []byte
+}
+
+func (aead *etmAEAD) Overhead() int {
+	return aead.padSize + aead.tagSize + dataLenSize + aead.NonceSize()
+}
+
+func (aead *etmAEAD) NonceSize() int {
+	return aead.nonceSize
+}
+
+func (aead *etmAEAD) Seal(dst, nonce, plaintext, data []byte) []byte {
+	b, _ := aead.encAlg(aead.encKey) // guaranteed to work
+
+	c := aead.encrypter(b, nonce)
+	i := aead.pad(plaintext, aead.blockSize)
+	s := make([]byte, len(i))
+	c.CryptBlocks(s, i)
+	s = append(nonce, s...)
+
+	t := tag(hmac.New(aead.macAlg, aead.macKey), data, s, aead.tagSize)
+
+	return append(dst, append(s, t...)...)
+}
+
+func (aead *etmAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
+	s := ciphertext[:len(ciphertext)-aead.tagSize]
+	t := ciphertext[len(ciphertext)-aead.tagSize:]
+	t2 := tag(hmac.New(aead.macAlg, aead.macKey), data, s, aead.tagSize)
+	if nonce == nil {
+		nonce = s[:aead.NonceSize()]
+	}
+
+	if !hmac.Equal(t, t2) {
+		return nil, errors.New("message authentication failed")
+	}
+
+	b, _ := aead.encAlg(aead.encKey) // guaranteed to work
+
+	c := aead.decrypter(b, nonce)
+	o := make([]byte, len(s)-len(nonce))
+	c.CryptBlocks(o, s[len(nonce):])
+
+	return append(dst, aead.unpad(o, aead.blockSize)...), nil
+}
+
+type cipherParams struct {
+	nonceSize, blockSize, padSize int
+
+	encAlg    func(key []byte) (cipher.Block, error)
+	encrypter func(cipher.Block, []byte) cipher.BlockMode
+	decrypter func(cipher.Block, []byte) cipher.BlockMode
+	pad       func([]byte, int) []byte
+	unpad     func([]byte, int) []byte
+}
+
+// AES-CBC-PKCS7
+var aesCBC = cipherParams{
+	encAlg:    aes.NewCipher,
+	blockSize: aes.BlockSize,
+	nonceSize: aes.BlockSize,
+	encrypter: cipher.NewCBCEncrypter,
+	decrypter: cipher.NewCBCDecrypter,
+	padSize:   aes.BlockSize,
+	pad:       pkcs7pad,
+	unpad:     pkcs7unpad,
+}
+
+func tag(h hash.Hash, data, s []byte, l int) []byte {
+	al := make([]byte, dataLenSize)
+	binary.BigEndian.PutUint64(al, uint64(len(data)*8)) // in bits
+	h.Write(data)
+	h.Write(s)
+	h.Write(al)
+	return h.Sum(nil)[:l]
+}
+
+func split(key []byte, encKeyLen, macKeyLen int) ([]byte, []byte) {
+	return key[0:encKeyLen], key[len(key)-macKeyLen:]
+}
+
+func pkcs7pad(b []byte, blockSize int) []byte {
+	ps := make([]byte, blockSize-(len(b)%blockSize))
+	for i := range ps {
+		ps[i] = byte(len(ps))
+	}
+	return append(b, ps...)
+}
+
+func pkcs7unpad(b []byte, blockSize int) []byte {
+	return b[:len(b)-int(b[len(b)-1])]
+}

vendor/modules.txt

@@ -143,6 +143,9 @@ github.com/beorn7/perks/quantile
 github.com/bombsimon/wsl/v3
 # github.com/cespare/xxhash/v2 v2.1.1
 github.com/cespare/xxhash/v2
+# github.com/codahale/etm v0.0.0-20141003032925-c00c9e6fb4c9
+## explicit
+github.com/codahale/etm
 # github.com/containers/image v3.0.2+incompatible
 github.com/containers/image/docker/reference
 github.com/containers/image/pkg/sysregistriesv2