From 195da61ef8765d4fc34a56a47189ddbc993ba0e9 Mon Sep 17 00:00:00 2001 From: Chris Coulson Date: Tue, 21 Apr 2020 21:50:39 +0100 Subject: [PATCH] Switch from github.com/fullsailor/pkcs7 to go.mozilla.org/pkcs7 Fixes https://github.com/snapcore/secboot/issues/18 --- crypt_test.go | 10 +++++----- secureboot_policy.go | 3 ++- tpm_test.go | 10 +++++----- vendor/vendor.json | 13 ++++++------- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/crypt_test.go b/crypt_test.go index 0d5ce463..2e6fd521 100644 --- a/crypt_test.go +++ b/crypt_test.go @@ -846,7 +846,7 @@ func (s *cryptSuite) testActivateVolumeWithRecoveryKeyUsingKeyReader(c *C, data func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader1(c *C) { // Test with the correct recovery key supplied via a io.Reader, with a hyphen separating each group of 5 digits. s.testActivateVolumeWithRecoveryKeyUsingKeyReader(c, &testActivateVolumeWithRecoveryKeyUsingKeyReaderData{ - tries: 1, + tries: 1, recoveryKeyFileContents: strings.Join(s.recoveryKeyAscii, "-") + "\n", sdCryptsetupCalls: 1, }) @@ -855,7 +855,7 @@ func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader1(c *C) { func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader2(c *C) { // Test with the correct recovery key supplied via a io.Reader, without a hyphen separating each group of 5 digits. s.testActivateVolumeWithRecoveryKeyUsingKeyReader(c, &testActivateVolumeWithRecoveryKeyUsingKeyReaderData{ - tries: 1, + tries: 1, recoveryKeyFileContents: strings.Join(s.recoveryKeyAscii, "") + "\n", sdCryptsetupCalls: 1, }) @@ -864,7 +864,7 @@ func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader2(c *C) { func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader3(c *C) { // Test with the correct recovery key supplied via a io.Reader when the key doesn't end in a newline. s.testActivateVolumeWithRecoveryKeyUsingKeyReader(c, &testActivateVolumeWithRecoveryKeyUsingKeyReaderData{ - tries: 1, + tries: 1, recoveryKeyFileContents: strings.Join(s.recoveryKeyAscii, "-"), sdCryptsetupCalls: 1, }) @@ -873,7 +873,7 @@ func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader3(c *C) { func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader4(c *C) { // Test that falling back to requesting a recovery key works if the one provided by the io.Reader is incorrect. s.testActivateVolumeWithRecoveryKeyUsingKeyReader(c, &testActivateVolumeWithRecoveryKeyUsingKeyReaderData{ - tries: 2, + tries: 2, recoveryKeyFileContents: "00000-00000-00000-00000-00000-00000-00000-00000\n", recoveryPassphrases: []string{strings.Join(s.recoveryKeyAscii, "-")}, sdCryptsetupCalls: 2, @@ -883,7 +883,7 @@ func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader4(c *C) { func (s *cryptSuite) TestActivateVolumeWithRecoveryKeyUsingKeyReader5(c *C) { // Test that falling back to requesting a recovery key works if the one provided by the io.Reader is badly formatted. s.testActivateVolumeWithRecoveryKeyUsingKeyReader(c, &testActivateVolumeWithRecoveryKeyUsingKeyReaderData{ - tries: 2, + tries: 2, recoveryKeyFileContents: "5678\n", recoveryPassphrases: []string{strings.Join(s.recoveryKeyAscii, "-")}, sdCryptsetupCalls: 1, diff --git a/secureboot_policy.go b/secureboot_policy.go index a74026b8..51d340ca 100644 --- a/secureboot_policy.go +++ b/secureboot_policy.go @@ -36,11 +36,12 @@ import ( "github.com/canonical/go-tpm2" "github.com/chrisccoulson/tcglog-parser" - "github.com/fullsailor/pkcs7" "github.com/snapcore/snapd/osutil" "github.com/snapcore/snapd/snap" "golang.org/x/xerrors" + + "go.mozilla.org/pkcs7" ) const ( diff --git a/tpm_test.go b/tpm_test.go index 15e4c317..939b424f 100644 --- a/tpm_test.go +++ b/tpm_test.go @@ -246,8 +246,8 @@ func createTestCA() ([]byte, crypto.PrivateKey, error) { NotAfter: t.Add(time.Hour * 240), KeyUsage: x509.KeyUsageCertSign, BasicConstraintsValid: true, - IsCA: true, - SubjectKeyId: keyId} + IsCA: true, + SubjectKeyId: keyId} cert, err := x509.CreateCertificate(testRandReader, &template, &template, &key.PublicKey, key) if err != nil { @@ -304,9 +304,9 @@ func createTestEkCert(tpm *tpm2.TPMContext, caCert []byte, caKey crypto.PrivateK KeyUsage: x509.KeyUsageKeyEncipherment, UnknownExtKeyUsage: []asn1.ObjectIdentifier{OidTcgKpEkCertificate}, BasicConstraintsValid: true, - IsCA: false, - SubjectKeyId: keyId, - ExtraExtensions: []pkix.Extension{sanExtension}} + IsCA: false, + SubjectKeyId: keyId, + ExtraExtensions: []pkix.Extension{sanExtension}} root, err := x509.ParseCertificate(caCert) if err != nil { diff --git a/vendor/vendor.json b/vendor/vendor.json index 06be50cf..6aa5d3ca 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -20,13 +20,6 @@ "revision": "7b0f085a85398d368e10382a21a44ec2226c35b3", "revisionTime": "2020-02-28T14:36:39Z" }, - { - "checksumSHA1": "wHGa5uteRxMMSHJLQZtcBpIIUcw=", - "origin": "github.com/chrisccoulson/pkcs7", - "path": "github.com/fullsailor/pkcs7", - "revision": "9d98ea9f9bc8b4feee8f0d7c5ef8179f85f0e237", - "revisionTime": "2019-09-06T18:49:57Z" - }, { "checksumSHA1": "kmcZh6191ZYy/+G/tIWFZoVEkGs=", "path": "github.com/godbus/dbus", @@ -217,6 +210,12 @@ "revision": "cba748d1244e6861a5e407f7abe90fb2f76b6f80", "revisionTime": "2020-04-20T18:59:55Z" }, + { + "checksumSHA1": "/mphxOFx5uIoQCnt6YtFmmPDBao=", + "path": "go.mozilla.org/pkcs7", + "revision": "432b2356ecb18209c1cec25680b8a23632794f21", + "revisionTime": "2020-01-28T12:03:23Z" + }, { "checksumSHA1": "zJybXQZcPAht+soLp/ozc9q5teE=", "path": "golang.org/x/crypto/cast5",