Merge pull request #391 from sylabs/dependabot/go_modules/main/github.com/ProtonMail/go-crypto-1.1.2

build(deps): bump github.com/ProtonMail/go-crypto from 1.0.0 to 1.1.2

Author: tri-adam

go.mod

@@ -3,7 +3,7 @@ module github.com/sylabs/sif/v2
 go 1.22.8
 
 require (
-	github.com/ProtonMail/go-crypto v1.0.0
+	github.com/ProtonMail/go-crypto v1.1.2
 	github.com/google/go-containerregistry v0.20.2
 	github.com/google/uuid v1.6.0
 	github.com/sebdah/goldie/v2 v2.5.5

go.sum

@@ -1,11 +1,9 @@
-github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
-github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0=
+github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE=
@@ -74,53 +72,12 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 h1:e/5i7d4oYZ+C1wj2THlRK+oAhjeS/TRQwMfkIuet3w0=
 github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399/go.mod h1:LdwHTNJT99C5fTAzDz0ud328OgXz+gierycbcIx2fRs=
-github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
 golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
 golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
 golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
 golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240520151616-dc85e6b867a5 h1:Q2RxlXqh1cgzzUgV261vBO2jI5R/3DD1J2pM0nI4NhU=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240520151616-dc85e6b867a5/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY=

internal/app/siftool/testdata/TestApp_Info/DataSignature.golden

@@ -3,6 +3,6 @@
   Group ID:   NONE
   Linked ID:  1 (G)
   Offset:     303104
-  Size:       1054
+  Size:       1048
   Hash Type:  SHA-256
   Entity:     12045C8C0B1004D058DE4BEDA20C27EE7FF7BA84

internal/app/siftool/testdata/TestApp_List/OneGroupSignedPGP.golden

@@ -3,4 +3,4 @@ ID   |GROUP   |LINK    |SIF POSITION (start-end)  |TYPE
 ------------------------------------------------------------------------------
 1    |1       |NONE    |32768-32772               |FS (Raw/System/386)
 2    |1       |NONE    |36864-40960               |FS (Squashfs/*System/386)
-3    |NONE    |1   (G) |40960-42014               |Signature (SHA-256)
+3    |NONE    |1   (G) |40960-42008               |Signature (SHA-256)

internal/app/siftool/testdata/TestApp_List/TwoGroupsSignedPGP.golden

@@ -4,5 +4,5 @@ ID   |GROUP   |LINK    |SIF POSITION (start-end)  |TYPE
 1    |1       |NONE    |32768-32772               |FS (Raw/System/386)
 2    |1       |NONE    |36864-40960               |FS (Squashfs/*System/386)
 3    |2       |NONE    |40960-303104              |FS (Ext3/System/amd64)
-4    |NONE    |1   (G) |303104-304158             |Signature (SHA-256)
-5    |NONE    |2   (G) |304158-305013             |Signature (SHA-256)
+4    |NONE    |1   (G) |303104-304152             |Signature (SHA-256)
+5    |NONE    |2   (G) |304152-305001             |Signature (SHA-256)

pkg/integrity/clearsign.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved.
+// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file
 // distributed with the sources of this project regarding your rights to use or distribute this
 // software.
@@ -11,7 +11,6 @@ import (
 	"crypto"
 	"errors"
 	"io"
-	"time"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/clearsign"
@@ -25,14 +24,12 @@ type clearsignEncoder struct {
 	config *packet.Config
 }
 
-// newClearsignEncoder returns an encoder that signs messages in clear-sign format using entity e.
-// If timeFunc is not nil, it is used to generate signature timestamps.
-func newClearsignEncoder(e *openpgp.Entity, timeFunc func() time.Time) *clearsignEncoder {
+// newClearsignEncoder returns an encoder that signs messages in clear-sign format using entity e,
+// according to config.
+func newClearsignEncoder(e *openpgp.Entity, config *packet.Config) *clearsignEncoder {
 	return &clearsignEncoder{
-		e: e,
-		config: &packet.Config{
-			Time: timeFunc,
-		},
+		e:      e,
+		config: config,
 	}
 }
 

pkg/integrity/clearsign_test.go

@@ -39,12 +39,12 @@ func Test_clearsignEncoder_signMessage(t *testing.T) {
 	}{
 		{
 			name:    "EncryptedKey",
-			en:      newClearsignEncoder(encrypted, fixedTime),
+			en:      newClearsignEncoder(encrypted, &packet.Config{Time: fixedTime}),
 			wantErr: true,
 		},
 		{
 			name:     "OK",
-			en:       newClearsignEncoder(e, fixedTime),
+			en:       newClearsignEncoder(e, &packet.Config{Time: fixedTime}),
 			de:       newClearsignDecoder(openpgp.EntityList{e}),
 			wantHash: crypto.SHA256,
 		},

pkg/integrity/sign.go

@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sylabs/sif/v2/pkg/sif"
 )
@@ -179,13 +180,14 @@ func (gs *groupSigner) sign(ctx context.Context) (sif.DescriptorInput, error) {
 }
 
 type signOpts struct {
-	ss            []signature.Signer
-	e             *openpgp.Entity
-	groupIDs      []uint32
-	objectIDs     [][]uint32
-	timeFunc      func() time.Time
-	deterministic bool
-	ctx           context.Context //nolint:containedctx
+	ss                      []signature.Signer
+	e                       *openpgp.Entity
+	groupIDs                []uint32
+	objectIDs               [][]uint32
+	timeFunc                func() time.Time
+	deterministic           bool
+	ctx                     context.Context //nolint:containedctx
+	withoutPGPSignatureSalt bool
 }
 
 // SignerOpt are used to configure so.
@@ -257,6 +259,16 @@ func OptSignWithContext(ctx context.Context) SignerOpt {
 	}
 }
 
+// OptSignWithoutPGPSignatureSalt disables the addition of a salt notation for v4 and v5 PGP keys.
+// While this increases determinism, it should be used with caution as the salt notation increases
+// protection for certain kinds of attacks.
+func OptSignWithoutPGPSignatureSalt() SignerOpt {
+	return func(so *signOpts) error {
+		so.withoutPGPSignatureSalt = true
+		return nil
+	}
+}
+
 // withGroupedObjects splits the objects represented by ids into object groups, and calls fn once
 // per object group.
 func withGroupedObjects(f *sif.FileImage, ids []uint32, fn func(uint32, []uint32) error) error {
@@ -339,11 +351,10 @@ func NewSigner(f *sif.FileImage, opts ...SignerOpt) (*Signer, error) {
 	case so.ss != nil:
 		en = newDSSEEncoder(so.ss)
 	case so.e != nil:
-		timeFunc := time.Now
-		if so.timeFunc != nil {
-			timeFunc = so.timeFunc
-		}
-		en = newClearsignEncoder(so.e, timeFunc)
+		en = newClearsignEncoder(so.e, &packet.Config{
+			Time:                                  so.timeFunc,
+			NonDeterministicSignaturesViaNotation: packet.BoolPointer(!so.withoutPGPSignatureSalt),
+		})
 		commonOpts = append(commonOpts, optSignGroupFingerprint(so.e.PrimaryKey.Fingerprint))
 	default:
 		return nil, fmt.Errorf("integrity: %w", ErrNoKeyMaterial)

pkg/integrity/sign_test.go

@@ -16,6 +16,7 @@ import (
 	"testing"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/sylabs/sif/v2/pkg/sif"
 )
 
@@ -195,7 +196,7 @@ func TestNewGroupSigner(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			en := newClearsignEncoder(getTestEntity(t), fixedTime)
+			en := newClearsignEncoder(getTestEntity(t), &packet.Config{Time: fixedTime})
 
 			s, err := newGroupSigner(en, tt.fi, tt.groupID, tt.opts...)
 			if got, want := err, tt.wantErr; !errors.Is(got, want) {
@@ -254,12 +255,12 @@ func TestGroupSigner_Sign(t *testing.T) {
 	}
 
 	e := getTestEntity(t)
-	clearsign := newClearsignEncoder(e, fixedTime)
+	clearsign := newClearsignEncoder(e, &packet.Config{Time: fixedTime})
 
 	encrypted := getTestEntity(t)
 	encrypted.PrivateKey.Encrypted = true
 
-	clearsignEncrypted := newClearsignEncoder(encrypted, fixedTime)
+	clearsignEncrypted := newClearsignEncoder(encrypted, &packet.Config{Time: fixedTime})
 
 	tests := []struct {
 		name    string
@@ -449,6 +450,11 @@ func TestNewSigner(t *testing.T) {
 			},
 			wantErr: sif.ErrNoObjects,
 		},
+		{
+			name:    "NoKeyMaterial",
+			fi:      oneGroupImage,
+			wantErr: ErrNoKeyMaterial,
+		},
 		{
 			name: "InvalidObjectID",
 			fi:   oneGroupImage,
@@ -820,6 +826,18 @@ func TestSigner_Sign(t *testing.T) {
 				OptVerifyWithKeyRing(openpgp.EntityList{e}),
 			},
 		},
+		{
+			name:      "OptSignWithoutPGPSignatureSalt",
+			inputFile: "one-group.sif",
+			signOpts: []SignerOpt{
+				OptSignWithEntity(e),
+				OptSignWithTime(fixedTime),
+				OptSignWithoutPGPSignatureSalt(),
+			},
+			verifyOpts: []VerifierOpt{
+				OptVerifyWithKeyRing(openpgp.EntityList{e}),
+			},
+		},
 	}
 
 	for _, tt := range tests {

pkg/siftool/testdata/Test_command_getInfo/Three/out.golden

@@ -3,6 +3,6 @@
   Group ID:   NONE
   Linked ID:  1 (G)
   Offset:     40960
-  Size:       1054
+  Size:       1048
   Hash Type:  SHA-256
   Entity:     12045C8C0B1004D058DE4BEDA20C27EE7FF7BA84

pkg/siftool/testdata/Test_command_getList/OneGroupSignedPGP/out.golden

@@ -3,4 +3,4 @@ ID   |GROUP   |LINK    |SIF POSITION (start-end)  |TYPE
 ------------------------------------------------------------------------------
 1    |1       |NONE    |32768-32772               |FS (Raw/System/386)
 2    |1       |NONE    |36864-40960               |FS (Squashfs/*System/386)
-3    |NONE    |1   (G) |40960-42014               |Signature (SHA-256)
+3    |NONE    |1   (G) |40960-42008               |Signature (SHA-256)

pkg/siftool/testdata/Test_command_getList/TwoGroupsSignedPGP/out.golden

@@ -4,5 +4,5 @@ ID   |GROUP   |LINK    |SIF POSITION (start-end)  |TYPE
 1    |1       |NONE    |32768-32772               |FS (Raw/System/386)
 2    |1       |NONE    |36864-40960               |FS (Squashfs/*System/386)
 3    |2       |NONE    |40960-303104              |FS (Ext3/System/amd64)
-4    |NONE    |1   (G) |303104-304158             |Signature (SHA-256)
-5    |NONE    |2   (G) |304158-305013             |Signature (SHA-256)
+4    |NONE    |1   (G) |303104-304152             |Signature (SHA-256)
+5    |NONE    |2   (G) |304152-305001             |Signature (SHA-256)

test/images/gen_sifs.go

@@ -1,4 +1,4 @@
-// Copyright (c) 2020-2023, Sylabs Inc. All rights reserved.
+// Copyright (c) 2020-2024, Sylabs Inc. All rights reserved.
 // This software is licensed under a 3-clause BSD license. Please consult the LICENSE.md file
 // distributed with the sources of this project regarding your rights to use or distribute this
 // software.
@@ -294,6 +294,7 @@ func generateImages() error {
 			opts = append(opts,
 				integrity.OptSignWithTime(func() time.Time { return time.Date(2020, 6, 30, 0, 1, 56, 0, time.UTC) }),
 				integrity.OptSignDeterministic(),
+				integrity.OptSignWithoutPGPSignatureSalt(),
 			)
 
 			s, err := integrity.NewSigner(f, opts...)