Update putty dependency, fix regression

5e7f5966 · kayrus · 2c19231c · 5e7f5966 · 5e7f5966 · 5e7f5966
Commit 5e7f5966 authored 3 years ago by kayrus
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ require (
 	github.com/gophercloud/gophercloud v0.15.1-0.20210205220151-18b16b34db5c
 	github.com/gophercloud/utils v0.0.0-20210209042946-13abf2251886
 	github.com/howeyc/gopass v0.0.0-20190910152052-7cb4b85ec19c
-	github.com/kayrus/putty v1.0.3
+	github.com/kayrus/putty v1.0.4
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/viper v1.7.1
 	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a

--- a/go.sum
+++ b/go.sum
@@ -111,8 +111,8 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kayrus/putty v1.0.3 h1:MUOf/9ePOjQZSIYFsBR5j1RKyFAQsOy0HI07YkYIJ08=
+github.com/kayrus/putty v1.0.4 h1:C9Kmk97PX+ymItSPHgVFTYJtwoN8WEhZCfRDA5ZzJsQ=
-github.com/kayrus/putty v1.0.3/go.mod h1:1vlXyu9tPZalhOmO/eUZ9Nn+wphKTlfaZaH5yDwLMsc=
+github.com/kayrus/putty v1.0.4/go.mod h1:1vlXyu9tPZalhOmO/eUZ9Nn+wphKTlfaZaH5yDwLMsc=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=

--- a/vendor/github.com/kayrus/putty/putty.go
+++ b/vendor/github.com/kayrus/putty/putty.go
@@ -331,9 +331,13 @@ func decodeFields(r reader) (*Key, error) {
 			} else {
 				k.PrivateKey = v
 			}
-		case "`Private-Hash",
+		case "Private-Hash",
 			"Private-MAC":
 			// read hash or signature
+			if k.Version == 0 {
+				return nil, fmt.Errorf("cannot read %q without a header: %v", h, err)
+			}
 			k.PrivateMac, err = hex.DecodeString(string(b))
 			if err != nil {
 				return nil, fmt.Errorf("failed to decode the %q hex string: %v", h, err)
@@ -500,6 +504,8 @@ func (k Key) deriveKeys(password []byte) ([]byte, []byte, []byte, error) {
 		h = argon2.IDKey(password, k.Argon2Salt, k.Argon2Passes, k.Argon2Memory, k.Argon2Parallelism, argon2KeyLength)
 	case "Argon2i":
 		h = argon2.Key(password, k.Argon2Salt, k.Argon2Passes, k.Argon2Memory, k.Argon2Parallelism, argon2KeyLength)
+	case "":
+		return nil, nil, nil, nil
 	default:
 		return nil, nil, nil, fmt.Errorf("%q argon2 key deriviation is not supported", k.KeyDerivation)
 	}
@@ -515,20 +521,13 @@ func (k Key) deriveKeys(password []byte) ([]byte, []byte, []byte, error) {
 // decrypt decrypts the key, when it is encrypted. and validates its signature
 func (k *Key) decrypt(password []byte) error {
-	var (
+	cipherKey, cipherIV, macKey, err := k.deriveKeys(password)
-		err error
+	if err != nil {
-		cipherKey,
+		return err
-		cipherIV,
+	}
-		macKey []byte
-	)
 	// decrypt the key, when it is encrypted
 	if !k.decrypted && k.Encryption != "none" {
-		cipherKey, cipherIV, macKey, err = k.deriveKeys(password)
-		if err != nil {
-			return err
-		}
 		err = decryptCBC(cipherKey, cipherIV, macKey, k.PrivateKey)
 		if err != nil {
 			return err

--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -39,7 +39,7 @@ github.com/hashicorp/hcl/json/token
 github.com/howeyc/gopass
 # github.com/inconshreveable/mousetrap v1.0.0
 github.com/inconshreveable/mousetrap
-# github.com/kayrus/putty v1.0.3
+# github.com/kayrus/putty v1.0.4
 ## explicit
 github.com/kayrus/putty
 # github.com/magiconair/properties v1.8.1