updated deps; updated healthchecks.io integration

vendor/maunium.net/go/mautrix/crypto/goolm/account/account.go

@@ -110,12 +110,13 @@ func (a Account) IdentityKeys() (id.Ed25519, id.Curve25519) {
 	return ed25519, curve25519
 }
 
-// Sign returns the signature of a message using the Ed25519 key for this Account.
+// Sign returns the base64-encoded signature of a message using the Ed25519 key
+// for this Account.
 func (a Account) Sign(message []byte) ([]byte, error) {
 	if len(message) == 0 {
 		return nil, fmt.Errorf("sign: %w", goolm.ErrEmptyInput)
 	}
-	return goolm.Base64Encode(a.IdKeys.Ed25519.Sign(message)), nil
+	return []byte(base64.RawStdEncoding.EncodeToString(a.IdKeys.Ed25519.Sign(message))), nil
 }
 
 // OneTimeKeys returns the public parts of the unpublished one time keys of the Account.

vendor/maunium.net/go/mautrix/crypto/goolm/cipher/aes_sha256.go

@@ -2,8 +2,10 @@ package cipher
 
 import (
 	"bytes"
+	"crypto/aes"
 	"io"
 
+	"maunium.net/go/mautrix/crypto/aescbc"
 	"maunium.net/go/mautrix/crypto/goolm/crypto"
 )
 
@@ -36,7 +38,7 @@ func deriveAESKeys(kdfInfo []byte, key []byte) (*derivedAESKeys, error) {
 
 // AESSha512BlockSize resturns the blocksize of the cipher AESSHA256.
 func AESSha512BlockSize() int {
-	return crypto.AESCBCBlocksize()
+	return aes.BlockSize
 }
 
 // AESSHA256 is a valid cipher using AES with CBC and HKDFSha256.
@@ -57,7 +59,7 @@ func (c AESSHA256) Encrypt(key, plaintext []byte) (ciphertext []byte, err error)
 	if err != nil {
 		return nil, err
 	}
-	ciphertext, err = crypto.AESCBCEncrypt(keys.key, keys.iv, plaintext)
+	ciphertext, err = aescbc.Encrypt(keys.key, keys.iv, plaintext)
 	if err != nil {
 		return nil, err
 	}
@@ -70,7 +72,7 @@ func (c AESSHA256) Decrypt(key, ciphertext []byte) (plaintext []byte, err error)
 	if err != nil {
 		return nil, err
 	}
-	plaintext, err = crypto.AESCBCDecrypt(keys.key, keys.iv, ciphertext)
+	plaintext, err = aescbc.Decrypt(keys.key, keys.iv, ciphertext)
 	if err != nil {
 		return nil, err
 	}

vendor/maunium.net/go/mautrix/crypto/goolm/cipher/cipher.go

@@ -1,4 +1,5 @@
-// cipher provides the methods and structs to do encryptions for olm/megolm.
+// Package cipher provides the methods and structs to do encryptions for
+// olm/megolm.
 package cipher
 
 // Cipher defines a valid cipher.

vendor/maunium.net/go/mautrix/crypto/goolm/crypto/aes_cbc.go

@@ -1,75 +0,0 @@
-package crypto
-
-import (
-	"bytes"
-	"crypto/aes"
-	"crypto/cipher"
-	"fmt"
-
-	"maunium.net/go/mautrix/crypto/goolm"
-)
-
-// AESCBCBlocksize returns the blocksize of the encryption method
-func AESCBCBlocksize() int {
-	return aes.BlockSize
-}
-
-// AESCBCEncrypt encrypts the plaintext with the key and iv. len(iv) must be equal to the blocksize!
-func AESCBCEncrypt(key, iv, plaintext []byte) ([]byte, error) {
-	if len(key) == 0 {
-		return nil, fmt.Errorf("AESCBCEncrypt: %w", goolm.ErrNoKeyProvided)
-	}
-	if len(iv) != AESCBCBlocksize() {
-		return nil, fmt.Errorf("iv: %w", goolm.ErrNotBlocksize)
-	}
-	var cipherText []byte
-	plaintext = pkcs5Padding(plaintext, AESCBCBlocksize())
-	if len(plaintext)%AESCBCBlocksize() != 0 {
-		return nil, fmt.Errorf("message: %w", goolm.ErrNotMultipleBlocksize)
-	}
-	block, err := aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-	cipherText = make([]byte, len(plaintext))
-	cbc := cipher.NewCBCEncrypter(block, iv)
-	cbc.CryptBlocks(cipherText, plaintext)
-	return cipherText, nil
-}
-
-// AESCBCDecrypt decrypts the ciphertext with the key and iv. len(iv) must be equal to the blocksize!
-func AESCBCDecrypt(key, iv, ciphertext []byte) ([]byte, error) {
-	if len(key) == 0 {
-		return nil, fmt.Errorf("AESCBCEncrypt: %w", goolm.ErrNoKeyProvided)
-	}
-	if len(iv) != AESCBCBlocksize() {
-		return nil, fmt.Errorf("iv: %w", goolm.ErrNotBlocksize)
-	}
-	var block cipher.Block
-	var err error
-	block, err = aes.NewCipher(key)
-	if err != nil {
-		return nil, err
-	}
-	if len(ciphertext) < AESCBCBlocksize() {
-		return nil, fmt.Errorf("ciphertext: %w", goolm.ErrNotMultipleBlocksize)
-	}
-
-	cbc := cipher.NewCBCDecrypter(block, iv)
-	cbc.CryptBlocks(ciphertext, ciphertext)
-	return pkcs5Unpadding(ciphertext), nil
-}
-
-// pkcs5Padding paddes the plaintext to be used in the AESCBC encryption.
-func pkcs5Padding(plaintext []byte, blockSize int) []byte {
-	padding := (blockSize - len(plaintext)%blockSize)
-	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
-	return append(plaintext, padtext...)
-}
-
-// pkcs5Unpadding undoes the padding to the plaintext after AESCBC decryption.
-func pkcs5Unpadding(plaintext []byte) []byte {
-	length := len(plaintext)
-	unpadding := int(plaintext[length-1])
-	return plaintext[:(length - unpadding)]
-}

vendor/maunium.net/go/mautrix/crypto/goolm/crypto/doc.go

@@ -0,0 +1,2 @@
+// Package crpyto provides the nessesary encryption methods for olm/megolm
+package crypto

vendor/maunium.net/go/mautrix/crypto/goolm/crypto/main.go

@@ -1,2 +0,0 @@
-// crpyto provides the nessesary encryption methods for olm/megolm
-package crypto

vendor/maunium.net/go/mautrix/crypto/goolm/errors.go

@@ -21,8 +21,6 @@ var (
 	ErrChainTooHigh         = errors.New("chain index too high")
 	ErrBadInput             = errors.New("bad input")
 	ErrBadVersion           = errors.New("wrong version")
-	ErrNotBlocksize         = errors.New("length != blocksize")
-	ErrNotMultipleBlocksize = errors.New("length not a multiple of the blocksize")
 	ErrWrongPickleVersion   = errors.New("wrong pickle version")
 	ErrValueTooShort        = errors.New("value too short")
 	ErrInputToSmall         = errors.New("input too small (truncated?)")

vendor/maunium.net/go/mautrix/crypto/goolm/pk/decryption.go

@@ -45,8 +45,8 @@ func NewDecryptionFromPrivate(privateKey crypto.Curve25519PrivateKey) (*Decrypti
 	return s, nil
 }
 
-// PubKey returns the public key base 64 encoded.
-func (s Decryption) PubKey() id.Curve25519 {
+// PublicKey returns the public key base 64 encoded.
+func (s Decryption) PublicKey() id.Curve25519 {
 	return s.KeyPair.B64Encoded()
 }
 

vendor/maunium.net/go/mautrix/crypto/goolm/pk/signing.go

@@ -2,7 +2,11 @@ package pk
 
 import (
 	"crypto/rand"
+	"encoding/json"
 
+	"github.com/tidwall/sjson"
+
+	"maunium.net/go/mautrix/crypto/canonicaljson"
 	"maunium.net/go/mautrix/crypto/goolm"
 	"maunium.net/go/mautrix/crypto/goolm/crypto"
 	"maunium.net/go/mautrix/id"
@@ -10,15 +14,15 @@ import (
 
 // Signing is used for signing a pk
 type Signing struct {
-	KeyPair crypto.Ed25519KeyPair `json:"key_pair"`
-	Seed    []byte                `json:"seed"`
+	keyPair crypto.Ed25519KeyPair
+	seed    []byte
 }
 
 // NewSigningFromSeed constructs a new Signing based on a seed.
 func NewSigningFromSeed(seed []byte) (*Signing, error) {
 	s := &Signing{}
-	s.Seed = seed
-	s.KeyPair = crypto.Ed25519GenerateFromSeed(seed)
+	s.seed = seed
+	s.keyPair = crypto.Ed25519GenerateFromSeed(seed)
 	return s, nil
 }
 
@@ -32,13 +36,34 @@ func NewSigning() (*Signing, error) {
 	return NewSigningFromSeed(seed)
 }
 
-// Sign returns the signature of the message base64 encoded.
-func (s Signing) Sign(message []byte) []byte {
-	signature := s.KeyPair.Sign(message)
-	return goolm.Base64Encode(signature)
+// Seed returns the seed of the key pair.
+func (s Signing) Seed() []byte {
+	return s.seed
 }
 
 // PublicKey returns the public key of the key pair base 64 encoded.
 func (s Signing) PublicKey() id.Ed25519 {
-	return s.KeyPair.B64Encoded()
+	return s.keyPair.B64Encoded()
+}
+
+// Sign returns the signature of the message base64 encoded.
+func (s Signing) Sign(message []byte) ([]byte, error) {
+	signature := s.keyPair.Sign(message)
+	return goolm.Base64Encode(signature), nil
+}
+
+// SignJSON creates a signature for the given object after encoding it to
+// canonical JSON.
+func (s Signing) SignJSON(obj any) (string, error) {
+	objJSON, err := json.Marshal(obj)
+	if err != nil {
+		return "", err
+	}
+	objJSON, _ = sjson.DeleteBytes(objJSON, "unsigned")
+	objJSON, _ = sjson.DeleteBytes(objJSON, "signatures")
+	signature, err := s.Sign(canonicaljson.CanonicalJSONAssumeValid(objJSON))
+	if err != nil {
+		return "", err
+	}
+	return string(signature), nil
 }

vendor/maunium.net/go/mautrix/crypto/goolm/sas/main.go

@@ -1,76 +0,0 @@
-// sas provides the means to do SAS between keys
-package sas
-
-import (
-	"io"
-
-	"maunium.net/go/mautrix/crypto/goolm"
-	"maunium.net/go/mautrix/crypto/goolm/crypto"
-)
-
-// SAS contains the key pair and secret for SAS.
-type SAS struct {
-	KeyPair crypto.Curve25519KeyPair
-	Secret  []byte
-}
-
-// New creates a new SAS with a new key pair.
-func New() (*SAS, error) {
-	kp, err := crypto.Curve25519GenerateKey(nil)
-	if err != nil {
-		return nil, err
-	}
-	s := &SAS{
-		KeyPair: kp,
-	}
-	return s, nil
-}
-
-// GetPubkey returns the public key of the key pair base64 encoded
-func (s SAS) GetPubkey() []byte {
-	return goolm.Base64Encode(s.KeyPair.PublicKey)
-}
-
-// SetTheirKey sets the key of the other party and computes the shared secret.
-func (s *SAS) SetTheirKey(key []byte) error {
-	keyDecoded, err := goolm.Base64Decode(key)
-	if err != nil {
-		return err
-	}
-	sharedSecret, err := s.KeyPair.SharedSecret(keyDecoded)
-	if err != nil {
-		return err
-	}
-	s.Secret = sharedSecret
-	return nil
-}
-
-// GenerateBytes creates length bytes from the shared secret and info.
-func (s SAS) GenerateBytes(info []byte, length uint) ([]byte, error) {
-	byteReader := crypto.HKDFSHA256(s.Secret, nil, info)
-	output := make([]byte, length)
-	if _, err := io.ReadFull(byteReader, output); err != nil {
-		return nil, err
-	}
-	return output, nil
-}
-
-// calculateMAC returns a base64 encoded MAC of input.
-func (s *SAS) calculateMAC(input, info []byte, length uint) ([]byte, error) {
-	key, err := s.GenerateBytes(info, length)
-	if err != nil {
-		return nil, err
-	}
-	mac := crypto.HMACSHA256(key, input)
-	return goolm.Base64Encode(mac), nil
-}
-
-// CalculateMACFixes returns a base64 encoded, 32 byte long MAC of input.
-func (s SAS) CalculateMAC(input, info []byte) ([]byte, error) {
-	return s.calculateMAC(input, info, 32)
-}
-
-// CalculateMACLongKDF returns a base64 encoded, 256 byte long MAC of input.
-func (s SAS) CalculateMACLongKDF(input, info []byte) ([]byte, error) {
-	return s.calculateMAC(input, info, 256)
-}

vendor/maunium.net/go/mautrix/crypto/goolm/session/doc.go

@@ -0,0 +1,3 @@
+// Package session provides the different types of sessions for en/decrypting
+// of messages
+package session

vendor/maunium.net/go/mautrix/crypto/goolm/session/main.go

@@ -1,2 +0,0 @@
-// session provides the different types of sessions for en/decrypting of messages
-package session

vendor/maunium.net/go/mautrix/crypto/goolm/utilities/main.go

@@ -1,23 +0,0 @@
-package utilities
-
-import (
-	"encoding/base64"
-
-	"maunium.net/go/mautrix/crypto/goolm"
-	"maunium.net/go/mautrix/crypto/goolm/crypto"
-	"maunium.net/go/mautrix/id"
-)
-
-// VerifySignature verifies an ed25519 signature.
-func VerifySignature(message []byte, key id.Ed25519, signature []byte) (ok bool, err error) {
-	keyDecoded, err := base64.RawStdEncoding.DecodeString(string(key))
-	if err != nil {
-		return false, err
-	}
-	signatureDecoded, err := goolm.Base64Decode(signature)
-	if err != nil {
-		return false, err
-	}
-	publicKey := crypto.Ed25519PublicKey(keyDecoded)
-	return publicKey.Verify(message, signatureDecoded), nil
-}