12285846667

Committed 11 Dec 2024 10:17PM UTC coverage: 87.082%. Remained the same

Build # 12285846667

Build Type

Pull #93

github

Committed by

web-flow

Commit Message

Bump golang.org/x/crypto

Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20200709230013-948cd5f35899 to 0.31.0.
- [Commits](https://github.com/golang/crypto/commits/v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Pull Request Pull Request #93: Bump golang.org/x/crypto from 0.0.0-20200709230013-948cd5f35899 to 0.31.0

Run Details

573 of 658 relevant lines covered (87.08%)

1.99 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.5

/crypto.go

package pusher

import (
        "crypto/hmac"
        "crypto/md5"
        "crypto/rand"
        "crypto/sha256"
        "encoding/base64"
        "encoding/hex"
        "encoding/json"
        "errors"
        "io"
        "strings"

        "golang.org/x/crypto/nacl/secretbox"
)

// EncryptedMessage contains an encrypted message
type EncryptedMessage struct {
        Nonce      string `json:"nonce"`
        Ciphertext string `json:"ciphertext"`
}

func hmacSignature(toSign, secret string) string {
        return hex.EncodeToString(hmacBytes([]byte(toSign), []byte(secret)))
}

func hmacBytes(toSign, secret []byte) []byte {
        _authSignature := hmac.New(sha256.New, secret)
        _authSignature.Write(toSign)
        return _authSignature.Sum(nil)
}

func checkSignature(result, secret string, body []byte) bool {
        expected := hmacBytes(body, []byte(secret))
        resultBytes, err := hex.DecodeString(result)
        if err != nil {
                return false
        }
        return hmac.Equal(expected, resultBytes)
}

func createAuthMap(key, secret, stringToSign string, sharedSecret string) map[string]string {
        authSignature := hmacSignature(stringToSign, secret)
        authString := strings.Join([]string{key, authSignature}, ":")
        if sharedSecret != "" {
                return map[string]string{"auth": authString, "shared_secret": sharedSecret}
        }
        return map[string]string{"auth": authString}
}

func md5Signature(body []byte) string {
        _bodyMD5 := md5.New()
        _bodyMD5.Write([]byte(body))
        return hex.EncodeToString(_bodyMD5.Sum(nil))
}

func encrypt(channel string, data []byte, encryptionKey []byte) string {
        sharedSecret := generateSharedSecret(channel, encryptionKey)
        nonce := generateNonce()
        nonceB64 := base64.StdEncoding.EncodeToString(nonce[:])
        cipherText := secretbox.Seal([]byte{}, data, &nonce, &sharedSecret)
        cipherTextB64 := base64.StdEncoding.EncodeToString(cipherText)
        return formatMessage(nonceB64, cipherTextB64)
}

func formatMessage(nonce string, cipherText string) string {
        encryptedMessage := &EncryptedMessage{
                Nonce:      nonce,
                Ciphertext: cipherText,
        }
        json, err := json.Marshal(encryptedMessage)
        if err != nil {
                panic(err)
        }

        return string(json)
}

func generateNonce() [24]byte {
        var nonce [24]byte
        //Trick ReadFull into thinking nonce is a slice
        if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
                panic(err)
        }
        return nonce
}

func generateSharedSecret(channel string, encryptionKey []byte) [32]byte {
        return sha256.Sum256(append([]byte(channel), encryptionKey...))
}

func decryptEvents(webhookData Webhook, encryptionKey []byte) (*Webhook, error) {
        decryptedWebhooks := &Webhook{}
        decryptedWebhooks.TimeMs = webhookData.TimeMs
        for _, event := range webhookData.Events {
                if isEncryptedChannel(event.Channel) {
                        var encryptedMessage EncryptedMessage
                        json.Unmarshal([]byte(event.Data), &encryptedMessage)
                        cipherTextBytes, decodePayloadErr := base64.StdEncoding.DecodeString(encryptedMessage.Ciphertext)
                        if decodePayloadErr != nil {
                                return decryptedWebhooks, decodePayloadErr
                        }
                        nonceBytes, decodeNonceErr := base64.StdEncoding.DecodeString(encryptedMessage.Nonce)
                        if decodeNonceErr != nil {
                                return decryptedWebhooks, decodeNonceErr
                        }
                        // Convert slice to fixed length array for secretbox
                        var nonce [24]byte
                        copy(nonce[:], []byte(nonceBytes[:]))

                        sharedSecret := generateSharedSecret(event.Channel, encryptionKey)
                        box := []byte(cipherTextBytes)
                        decryptedBox, ok := secretbox.Open([]byte{}, box, &nonce, &sharedSecret)
                        if !ok {
                                return decryptedWebhooks, errors.New("Failed to decrypt event, possibly wrong key?")
                        }
                        event.Data = string(decryptedBox)
                }
                decryptedWebhooks.Events = append(decryptedWebhooks.Events, event)
        }
        return decryptedWebhooks, nil
}

1	package pusher
2
3	import (
4	"crypto/hmac"
5	"crypto/md5"
6	"crypto/rand"
7	"crypto/sha256"
8	"encoding/base64"
9	"encoding/hex"
10	"encoding/json"
11	"errors"
12	"io"
13	"strings"
14
15	"golang.org/x/crypto/nacl/secretbox"
16	)
17
18	// EncryptedMessage contains an encrypted message
19	type EncryptedMessage struct {
20	Nonce string `json:"nonce"`
21	Ciphertext string `json:"ciphertext"`
22	}
23
24	func hmacSignature(toSign, secret string) string {	2✔
25	return hex.EncodeToString(hmacBytes([]byte(toSign), []byte(secret)))	2✔
26	}	2✔
27
28	func hmacBytes(toSign, secret []byte) []byte {	2✔
29	_authSignature := hmac.New(sha256.New, secret)	2✔
30	_authSignature.Write(toSign)	2✔
31	return _authSignature.Sum(nil)	2✔
32	}	2✔
33
34	func checkSignature(result, secret string, body []byte) bool {	2✔
35	expected := hmacBytes(body, []byte(secret))	2✔
36	resultBytes, err := hex.DecodeString(result)	2✔
37	if err != nil {	4✔
38	return false	2✔
39	}	2✔
40	return hmac.Equal(expected, resultBytes)	2✔
41	}
42
43	func createAuthMap(key, secret, stringToSign string, sharedSecret string) map[string]string {	2✔
44	authSignature := hmacSignature(stringToSign, secret)	2✔
45	authString := strings.Join([]string{key, authSignature}, ":")	2✔
46	if sharedSecret != "" {	4✔
47	return map[string]string{"auth": authString, "shared_secret": sharedSecret}	2✔
48	}	2✔
49	return map[string]string{"auth": authString}	2✔
50	}
51
52	func md5Signature(body []byte) string {	2✔
53	_bodyMD5 := md5.New()	2✔
54	_bodyMD5.Write([]byte(body))	2✔
55	return hex.EncodeToString(_bodyMD5.Sum(nil))	2✔
56	}	2✔
57
58	func encrypt(channel string, data []byte, encryptionKey []byte) string {	2✔
59	sharedSecret := generateSharedSecret(channel, encryptionKey)	2✔
60	nonce := generateNonce()	2✔
61	nonceB64 := base64.StdEncoding.EncodeToString(nonce[:])	2✔
62	cipherText := secretbox.Seal([]byte{}, data, &nonce, &sharedSecret)	2✔
63	cipherTextB64 := base64.StdEncoding.EncodeToString(cipherText)	2✔
64	return formatMessage(nonceB64, cipherTextB64)	2✔
65	}	2✔
66
67	func formatMessage(nonce string, cipherText string) string {	2✔
68	encryptedMessage := &EncryptedMessage{	2✔
69	Nonce: nonce,	2✔
70	Ciphertext: cipherText,	2✔
71	}	2✔
72	json, err := json.Marshal(encryptedMessage)	2✔
73	if err != nil {	2✔
74	panic(err)	×
75	}
76
77	return string(json)	2✔
78	}
79
80	func generateNonce() [24]byte {	2✔
81	var nonce [24]byte	2✔
82	//Trick ReadFull into thinking nonce is a slice	2✔
83	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {	2✔
84	panic(err)	×
85	}
86	return nonce	2✔
87	}
88
89	func generateSharedSecret(channel string, encryptionKey []byte) [32]byte {	2✔
90	return sha256.Sum256(append([]byte(channel), encryptionKey...))	2✔
91	}	2✔
92
93	func decryptEvents(webhookData Webhook, encryptionKey []byte) (*Webhook, error) {	2✔
94	decryptedWebhooks := &Webhook{}	2✔
95	decryptedWebhooks.TimeMs = webhookData.TimeMs	2✔
96	for _, event := range webhookData.Events {	4✔
97	if isEncryptedChannel(event.Channel) {	4✔
98	var encryptedMessage EncryptedMessage	2✔
99	json.Unmarshal([]byte(event.Data), &encryptedMessage)	2✔
100	cipherTextBytes, decodePayloadErr := base64.StdEncoding.DecodeString(encryptedMessage.Ciphertext)	2✔
101	if decodePayloadErr != nil {	2✔
102	return decryptedWebhooks, decodePayloadErr	×
103	}	×
104	nonceBytes, decodeNonceErr := base64.StdEncoding.DecodeString(encryptedMessage.Nonce)	2✔
105	if decodeNonceErr != nil {	2✔
106	return decryptedWebhooks, decodeNonceErr	×
107	}	×
108	// Convert slice to fixed length array for secretbox
109	var nonce [24]byte	2✔
110	copy(nonce[:], []byte(nonceBytes[:]))	2✔
111		2✔
112	sharedSecret := generateSharedSecret(event.Channel, encryptionKey)	2✔
113	box := []byte(cipherTextBytes)	2✔
114	decryptedBox, ok := secretbox.Open([]byte{}, box, &nonce, &sharedSecret)	2✔
115	if !ok {	4✔
116	return decryptedWebhooks, errors.New("Failed to decrypt event, possibly wrong key?")	2✔
117	}	2✔
118	event.Data = string(decryptedBox)	2✔
119	}
120	decryptedWebhooks.Events = append(decryptedWebhooks.Events, event)	2✔
121	}
122	return decryptedWebhooks, nil	2✔
123	}

pusher / pusher-http-go / 12285846667

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous