Merge branch 'master' into sliceheader

google · May 9, 2024 · d1bfb30 · d1bfb30
2 parents df0bad0 + 8d76313
commit d1bfb30
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 17 deletions.
diff --git a/.github/workflows/go_tests.yml b/.github/workflows/go_tests.yml
@@ -7,12 +7,12 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.22.x
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v3
 
-      # false positives: golang/go#41205
+      # false positives: https://github.com/golang/go/issues/41205
       #- name: Run vet
       #  run: go vet ./...
 

diff --git a/certtostore_windows.go b/certtostore_windows.go
@@ -109,10 +109,13 @@ const (
 	bCryptPadPSS   uintptr = 0x8
 
 	// Magic numbers for public key blobs.
-	rsa1Magic = 0x31415352 // "RSA1" BCRYPT_RSAPUBLIC_MAGIC
-	ecs1Magic = 0x31534345 // "ECS1" BCRYPT_ECDSA_PUBLIC_P256_MAGIC
-	ecs3Magic = 0x33534345 // "ECS3" BCRYPT_ECDSA_PUBLIC_P384_MAGIC
-	ecs5Magic = 0x35534345 // "ECS5" BCRYPT_ECDSA_PUBLIC_P521_MAGIC
+	rsa1Magic      = 0x31415352 // "RSA1" BCRYPT_RSAPUBLIC_MAGIC
+	ecdsaP256Magic = 0x31534345 // BCRYPT_ECDSA_PUBLIC_P256_MAGIC
+	ecdsaP384Magic = 0x33534345 // BCRYPT_ECDSA_PUBLIC_P384_MAGIC
+	ecdsaP521Magic = 0x35534345 // BCRYPT_ECDSA_PUBLIC_P521_MAGIC
+	ecdhP256Magic  = 0x314B4345 // BCRYPT_ECDH_PUBLIC_P256_MAGIC
+	ecdhP384Magic  = 0x334B4345 // BCRYPT_ECDH_PUBLIC_P384_MAGIC
+	ecdhP521Magic  = 0x354B4345 // BCRYPT_ECDH_PUBLIC_P521_MAGIC
 
 	// ncrypt.h constants
 	ncryptPersistFlag           = 0x80000000 // NCRYPT_PERSIST_FLAG
@@ -164,9 +167,12 @@ var (
 
 	// curveIDs maps bcrypt key blob magic numbers to elliptic curves.
 	curveIDs = map[uint32]elliptic.Curve{
-		ecs1Magic: elliptic.P256(), // BCRYPT_ECDSA_PUBLIC_P256_MAGIC
-		ecs3Magic: elliptic.P384(), // BCRYPT_ECDSA_PUBLIC_P384_MAGIC
-		ecs5Magic: elliptic.P521(), // BCRYPT_ECDSA_PUBLIC_P521_MAGIC
+		ecdsaP256Magic: elliptic.P256(), // BCRYPT_ECDSA_PUBLIC_P256_MAGIC
+		ecdsaP384Magic: elliptic.P384(), // BCRYPT_ECDSA_PUBLIC_P384_MAGIC
+		ecdsaP521Magic: elliptic.P521(), // BCRYPT_ECDSA_PUBLIC_P521_MAGIC
+		ecdhP256Magic:  elliptic.P256(), // BCRYPT_ECDH_PUBLIC_P256_MAGIC
+		ecdhP384Magic:  elliptic.P384(), // BCRYPT_ECDH_PUBLIC_P384_MAGIC
+		ecdhP521Magic:  elliptic.P521(), // BCRYPT_ECDH_PUBLIC_P521_MAGIC
 	}
 
 	// curveNames maps bcrypt curve names to elliptic curves. We use it
@@ -771,7 +777,7 @@ func (k Key) Public() crypto.PublicKey {
 // Sign returns the signature of a hash to implement crypto.Signer
 func (k Key) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
 	switch k.AlgorithmGroup {
-	case "ECDSA":
+	case "ECDSA", "ECDH":
 		return signECDSA(k.handle, digest)
 	case "RSA":
 		return signRSA(k.handle, digest, opts)
@@ -1229,7 +1235,7 @@ func keyMetadata(kh uintptr, store *WinCertStore) (*Key, error) {
 	}
 	var pub crypto.PublicKey
 	switch alg {
-	case "ECDSA":
+	case "ECDSA", "ECDH":
 		buf, err := export(kh, bCryptECCPublicBlob)
 		if err != nil {
 			return nil, fmt.Errorf("failed to export ECC public key: %v", err)

diff --git a/go.mod b/go.mod
@@ -6,8 +6,8 @@ require (
 	github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d
 	github.com/google/deck v0.0.0-20230104221208-105ad94aa8ae
 	github.com/hashicorp/go-multierror v1.1.1
-	golang.org/x/crypto v0.1.0
-	golang.org/x/sys v0.2.0
+	golang.org/x/crypto v0.17.0
+	golang.org/x/sys v0.15.0
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -8,8 +8,8 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
-golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU=
-golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
+golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
+golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=