Upgrading dependencies to include logrus.

vendor/golang.org/x/crypto/nacl/auth/auth.go

@@ -0,0 +1,58 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package auth authenticates a message using a secret key.
+
+The Sum function, viewed as a function of the message for a uniform random
+key, is designed to meet the standard notion of unforgeability. This means
+that an attacker cannot find authenticators for any messages not authenticated
+by the sender, even if the attacker has adaptively influenced the messages
+authenticated by the sender. For a formal definition see, e.g., Section 2.4
+of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining
+message authentication code," Journal of Computer and System Sciences 61 (2000),
+362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html.
+
+auth does not make any promises regarding "strong" unforgeability; perhaps
+one valid authenticator can be converted into another valid authenticator for
+the same message. NaCl also does not make any promises regarding "truncated
+unforgeability."
+
+This package is interoperable with NaCl: https://nacl.cr.yp.to/auth.html.
+*/
+package auth
+
+import (
+	"crypto/hmac"
+	"crypto/sha512"
+)
+
+const (
+	// Size is the size, in bytes, of an authenticated digest.
+	Size = 32
+	// KeySize is the size, in bytes, of an authentication key.
+	KeySize = 32
+)
+
+// Sum generates an authenticator for m using a secret key and returns the
+// 32-byte digest.
+func Sum(m []byte, key *[KeySize]byte) *[Size]byte {
+	mac := hmac.New(sha512.New, key[:])
+	mac.Write(m)
+	out := new([KeySize]byte)
+	copy(out[:], mac.Sum(nil)[:Size])
+	return out
+}
+
+// Verify checks that digest is a valid authenticator of message m under the
+// given secret key. Verify does not leak timing information.
+func Verify(digest []byte, m []byte, key *[KeySize]byte) bool {
+	if len(digest) != Size {
+		return false
+	}
+	mac := hmac.New(sha512.New, key[:])
+	mac.Write(m)
+	expectedMAC := mac.Sum(nil) // first 256 bits of 512-bit sum
+	return hmac.Equal(digest, expectedMAC[:Size])
+}

vendor/golang.org/x/crypto/nacl/auth/auth_test.go

@@ -0,0 +1,172 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package auth
+
+import (
+	"bytes"
+	rand "crypto/rand"
+	mrand "math/rand"
+	"testing"
+)
+
+// Test cases are from RFC 4231, and match those present in the tests directory
+// of the download here: https://nacl.cr.yp.to/install.html
+var testCases = []struct {
+	key [32]byte
+	msg []byte
+	out [32]byte
+}{
+	{
+		key: [32]byte{
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+			0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+			0x0b, 0x0b, 0x0b, 0x0b,
+		},
+		msg: []byte("Hi There"),
+		out: [32]byte{
+			0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
+			0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
+			0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
+			0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
+		},
+	},
+	{
+		key: [32]byte{'J', 'e', 'f', 'e'},
+		msg: []byte("what do ya want for nothing?"),
+		out: [32]byte{
+			0x16, 0x4b, 0x7a, 0x7b, 0xfc, 0xf8, 0x19, 0xe2,
+			0xe3, 0x95, 0xfb, 0xe7, 0x3b, 0x56, 0xe0, 0xa3,
+			0x87, 0xbd, 0x64, 0x22, 0x2e, 0x83, 0x1f, 0xd6,
+			0x10, 0x27, 0x0c, 0xd7, 0xea, 0x25, 0x05, 0x54,
+		},
+	},
+	{
+		key: [32]byte{
+			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+			0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+			0xaa, 0xaa, 0xaa, 0xaa,
+		},
+		msg: []byte{ // 50 bytes of 0xdd
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd, 0xdd,
+			0xdd, 0xdd,
+		},
+		out: [32]byte{
+			0xfa, 0x73, 0xb0, 0x08, 0x9d, 0x56, 0xa2, 0x84,
+			0xef, 0xb0, 0xf0, 0x75, 0x6c, 0x89, 0x0b, 0xe9,
+			0xb1, 0xb5, 0xdb, 0xdd, 0x8e, 0xe8, 0x1a, 0x36,
+			0x55, 0xf8, 0x3e, 0x33, 0xb2, 0x27, 0x9d, 0x39,
+		},
+	},
+	{
+		key: [32]byte{
+			0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+			0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+			0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+			0x19,
+		},
+		msg: []byte{
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd, 0xcd,
+			0xcd, 0xcd,
+		},
+		out: [32]byte{
+			0xb0, 0xba, 0x46, 0x56, 0x37, 0x45, 0x8c, 0x69,
+			0x90, 0xe5, 0xa8, 0xc5, 0xf6, 0x1d, 0x4a, 0xf7,
+			0xe5, 0x76, 0xd9, 0x7f, 0xf9, 0x4b, 0x87, 0x2d,
+			0xe7, 0x6f, 0x80, 0x50, 0x36, 0x1e, 0xe3, 0xdb,
+		},
+	},
+}
+
+func TestSum(t *testing.T) {
+	for i, test := range testCases {
+		tag := Sum(test.msg, &test.key)
+		if !bytes.Equal(tag[:], test.out[:]) {
+			t.Errorf("#%d: Sum: got\n%x\nwant\n%x", i, tag, test.out)
+		}
+	}
+}
+
+func TestVerify(t *testing.T) {
+	wrongMsg := []byte("unknown msg")
+
+	for i, test := range testCases {
+		if !Verify(test.out[:], test.msg, &test.key) {
+			t.Errorf("#%d: Verify(%x, %q, %x) failed", i, test.out, test.msg, test.key)
+		}
+		if Verify(test.out[:], wrongMsg, &test.key) {
+			t.Errorf("#%d: Verify(%x, %q, %x) unexpectedly passed", i, test.out, wrongMsg, test.key)
+		}
+	}
+}
+
+func TestStress(t *testing.T) {
+	if testing.Short() {
+		t.Skip("exhaustiveness test")
+	}
+
+	var key [32]byte
+	msg := make([]byte, 10000)
+	prng := mrand.New(mrand.NewSource(0))
+
+	// copied from tests/auth5.c in nacl
+	for i := 0; i < 10000; i++ {
+		if _, err := rand.Read(key[:]); err != nil {
+			t.Fatal(err)
+		}
+		if _, err := rand.Read(msg[:i]); err != nil {
+			t.Fatal(err)
+		}
+		tag := Sum(msg[:i], &key)
+		if !Verify(tag[:], msg[:i], &key) {
+			t.Errorf("#%d: unexpected failure from Verify", i)
+		}
+		if i > 0 {
+			msgIndex := prng.Intn(i)
+			oldMsgByte := msg[msgIndex]
+			msg[msgIndex] += byte(1 + prng.Intn(255))
+			if Verify(tag[:], msg[:i], &key) {
+				t.Errorf("#%d: unexpected success from Verify after corrupting message", i)
+			}
+			msg[msgIndex] = oldMsgByte
+
+			tag[prng.Intn(len(tag))] += byte(1 + prng.Intn(255))
+			if Verify(tag[:], msg[:i], &key) {
+				t.Errorf("#%d: unexpected success from Verify after corrupting authenticator", i)
+			}
+		}
+	}
+}
+
+func BenchmarkAuth(b *testing.B) {
+	var key [32]byte
+	if _, err := rand.Read(key[:]); err != nil {
+		b.Fatal(err)
+	}
+	buf := make([]byte, 1024)
+	if _, err := rand.Read(buf[:]); err != nil {
+		b.Fatal(err)
+	}
+
+	b.SetBytes(int64(len(buf)))
+	b.ReportAllocs()
+	b.ResetTimer()
+
+	for i := 0; i < b.N; i++ {
+		tag := Sum(buf, &key)
+		if Verify(tag[:], buf, &key) == false {
+			b.Fatal("unexpected failure from Verify")
+		}
+	}
+}

vendor/golang.org/x/crypto/nacl/auth/example_test.go

@@ -0,0 +1,36 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package auth_test
+
+import (
+	"encoding/hex"
+	"fmt"
+
+	"golang.org/x/crypto/nacl/auth"
+)
+
+func Example() {
+	// Load your secret key from a safe place and reuse it across multiple
+	// Sum calls. (Obviously don't use this example key for anything
+	// real.) If you want to convert a passphrase to a key, use a suitable
+	// package like bcrypt or scrypt.
+	secretKeyBytes, err := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
+	if err != nil {
+		panic(err)
+	}
+
+	var secretKey [32]byte
+	copy(secretKey[:], secretKeyBytes)
+
+	mac := auth.Sum([]byte("hello world"), &secretKey)
+	fmt.Printf("%x\n", *mac)
+	result := auth.Verify(mac[:], []byte("hello world"), &secretKey)
+	fmt.Println(result)
+	badResult := auth.Verify(mac[:], []byte("different message"), &secretKey)
+	fmt.Println(badResult)
+	// Output: eca5a521f3d77b63f567fb0cb6f5f2d200641bc8dada42f60c5f881260c30317
+	// true
+	// false
+}

vendor/golang.org/x/crypto/nacl/box/box.go

@@ -0,0 +1,103 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package box authenticates and encrypts small messages using public-key cryptography.
+
+Box uses Curve25519, XSalsa20 and Poly1305 to encrypt and authenticate
+messages. The length of messages is not hidden.
+
+It is the caller's responsibility to ensure the uniqueness of nonces—for
+example, by using nonce 1 for the first message, nonce 2 for the second
+message, etc. Nonces are long enough that randomly generated nonces have
+negligible risk of collision.
+
+Messages should be small because:
+
+1. The whole message needs to be held in memory to be processed.
+
+2. Using large messages pressures implementations on small machines to decrypt
+and process plaintext before authenticating it. This is very dangerous, and
+this API does not allow it, but a protocol that uses excessive message sizes
+might present some implementations with no other choice.
+
+3. Fixed overheads will be sufficiently amortised by messages as small as 8KB.
+
+4. Performance may be improved by working with messages that fit into data caches.
+
+Thus large amounts of data should be chunked so that each message is small.
+(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable
+chunk size.
+
+This package is interoperable with NaCl: https://nacl.cr.yp.to/box.html.
+*/
+package box // import "golang.org/x/crypto/nacl/box"
+
+import (
+	"io"
+
+	"golang.org/x/crypto/curve25519"
+	"golang.org/x/crypto/nacl/secretbox"
+	"golang.org/x/crypto/salsa20/salsa"
+)
+
+// Overhead is the number of bytes of overhead when boxing a message.
+const Overhead = secretbox.Overhead
+
+// GenerateKey generates a new public/private key pair suitable for use with
+// Seal and Open.
+func GenerateKey(rand io.Reader) (publicKey, privateKey *[32]byte, err error) {
+	publicKey = new([32]byte)
+	privateKey = new([32]byte)
+	_, err = io.ReadFull(rand, privateKey[:])
+	if err != nil {
+		publicKey = nil
+		privateKey = nil
+		return
+	}
+
+	curve25519.ScalarBaseMult(publicKey, privateKey)
+	return
+}
+
+var zeros [16]byte
+
+// Precompute calculates the shared key between peersPublicKey and privateKey
+// and writes it to sharedKey. The shared key can be used with
+// OpenAfterPrecomputation and SealAfterPrecomputation to speed up processing
+// when using the same pair of keys repeatedly.
+func Precompute(sharedKey, peersPublicKey, privateKey *[32]byte) {
+	curve25519.ScalarMult(sharedKey, privateKey, peersPublicKey)
+	salsa.HSalsa20(sharedKey, &zeros, sharedKey, &salsa.Sigma)
+}
+
+// Seal appends an encrypted and authenticated copy of message to out, which
+// will be Overhead bytes longer than the original and must not overlap it. The
+// nonce must be unique for each distinct message for a given pair of keys.
+func Seal(out, message []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) []byte {
+	var sharedKey [32]byte
+	Precompute(&sharedKey, peersPublicKey, privateKey)
+	return secretbox.Seal(out, message, nonce, &sharedKey)
+}
+
+// SealAfterPrecomputation performs the same actions as Seal, but takes a
+// shared key as generated by Precompute.
+func SealAfterPrecomputation(out, message []byte, nonce *[24]byte, sharedKey *[32]byte) []byte {
+	return secretbox.Seal(out, message, nonce, sharedKey)
+}
+
+// Open authenticates and decrypts a box produced by Seal and appends the
+// message to out, which must not overlap box. The output will be Overhead
+// bytes smaller than box.
+func Open(out, box []byte, nonce *[24]byte, peersPublicKey, privateKey *[32]byte) ([]byte, bool) {
+	var sharedKey [32]byte
+	Precompute(&sharedKey, peersPublicKey, privateKey)
+	return secretbox.Open(out, box, nonce, &sharedKey)
+}
+
+// OpenAfterPrecomputation performs the same actions as Open, but takes a
+// shared key as generated by Precompute.
+func OpenAfterPrecomputation(out, box []byte, nonce *[24]byte, sharedKey *[32]byte) ([]byte, bool) {
+	return secretbox.Open(out, box, nonce, sharedKey)
+}

vendor/golang.org/x/crypto/nacl/box/box_test.go

@@ -0,0 +1,78 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package box
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"testing"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+func TestSealOpen(t *testing.T) {
+	publicKey1, privateKey1, _ := GenerateKey(rand.Reader)
+	publicKey2, privateKey2, _ := GenerateKey(rand.Reader)
+
+	if *privateKey1 == *privateKey2 {
+		t.Fatalf("private keys are equal!")
+	}
+	if *publicKey1 == *publicKey2 {
+		t.Fatalf("public keys are equal!")
+	}
+	message := []byte("test message")
+	var nonce [24]byte
+
+	box := Seal(nil, message, &nonce, publicKey1, privateKey2)
+	opened, ok := Open(nil, box, &nonce, publicKey2, privateKey1)
+	if !ok {
+		t.Fatalf("failed to open box")
+	}
+
+	if !bytes.Equal(opened, message) {
+		t.Fatalf("got %x, want %x", opened, message)
+	}
+
+	for i := range box {
+		box[i] ^= 0x40
+		_, ok := Open(nil, box, &nonce, publicKey2, privateKey1)
+		if ok {
+			t.Fatalf("opened box with byte %d corrupted", i)
+		}
+		box[i] ^= 0x40
+	}
+}
+
+func TestBox(t *testing.T) {
+	var privateKey1, privateKey2 [32]byte
+	for i := range privateKey1[:] {
+		privateKey1[i] = 1
+	}
+	for i := range privateKey2[:] {
+		privateKey2[i] = 2
+	}
+
+	var publicKey1 [32]byte
+	curve25519.ScalarBaseMult(&publicKey1, &privateKey1)
+	var message [64]byte
+	for i := range message[:] {
+		message[i] = 3
+	}
+
+	var nonce [24]byte
+	for i := range nonce[:] {
+		nonce[i] = 4
+	}
+
+	box := Seal(nil, message[:], &nonce, &publicKey1, &privateKey2)
+
+	// expected was generated using the C implementation of NaCl.
+	expected, _ := hex.DecodeString("78ea30b19d2341ebbdba54180f821eec265cf86312549bea8a37652a8bb94f07b78a73ed1708085e6ddd0e943bbdeb8755079a37eb31d86163ce241164a47629c0539f330b4914cd135b3855bc2a2dfc")
+
+	if !bytes.Equal(box, expected) {
+		t.Fatalf("box didn't match, got\n%x\n, expected\n%x", box, expected)
+	}
+}

vendor/golang.org/x/crypto/nacl/box/example_test.go

@@ -0,0 +1,95 @@
+package box_test
+
+import (
+	crypto_rand "crypto/rand" // Custom so it's clear which rand we're using.
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/nacl/box"
+)
+
+func Example() {
+	senderPublicKey, senderPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	recipientPublicKey, recipientPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(crypto_rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	msg := []byte("Alas, poor Yorick! I knew him, Horatio")
+	// This encrypts msg and appends the result to the nonce.
+	encrypted := box.Seal(nonce[:], msg, &nonce, recipientPublicKey, senderPrivateKey)
+
+	// The recipient can decrypt the message using their private key and the
+	// sender's public key. When you decrypt, you must use the same nonce you
+	// used to encrypt the message. One way to achieve this is to store the
+	// nonce alongside the encrypted message. Above, we stored the nonce in the
+	// first 24 bytes of the encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := box.Open(nil, encrypted[24:], &decryptNonce, senderPublicKey, recipientPrivateKey)
+	if !ok {
+		panic("decryption error")
+	}
+	fmt.Println(string(decrypted))
+	// Output: Alas, poor Yorick! I knew him, Horatio
+}
+
+func Example_precompute() {
+	senderPublicKey, senderPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	recipientPublicKey, recipientPrivateKey, err := box.GenerateKey(crypto_rand.Reader)
+	if err != nil {
+		panic(err)
+	}
+
+	// The shared key can be used to speed up processing when using the same
+	// pair of keys repeatedly.
+	sharedEncryptKey := new([32]byte)
+	box.Precompute(sharedEncryptKey, recipientPublicKey, senderPrivateKey)
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(crypto_rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	msg := []byte("A fellow of infinite jest, of most excellent fancy")
+	// This encrypts msg and appends the result to the nonce.
+	encrypted := box.SealAfterPrecomputation(nonce[:], msg, &nonce, sharedEncryptKey)
+
+	// The shared key can be used to speed up processing when using the same
+	// pair of keys repeatedly.
+	var sharedDecryptKey [32]byte
+	box.Precompute(&sharedDecryptKey, senderPublicKey, recipientPrivateKey)
+
+	// The recipient can decrypt the message using the shared key. When you
+	// decrypt, you must use the same nonce you used to encrypt the message.
+	// One way to achieve this is to store the nonce alongside the encrypted
+	// message. Above, we stored the nonce in the first 24 bytes of the
+	// encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := box.OpenAfterPrecomputation(nil, encrypted[24:], &decryptNonce, &sharedDecryptKey)
+	if !ok {
+		panic("decryption error")
+	}
+	fmt.Println(string(decrypted))
+	// Output: A fellow of infinite jest, of most excellent fancy
+}

vendor/golang.org/x/crypto/nacl/secretbox/example_test.go

@@ -0,0 +1,53 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package secretbox_test
+
+import (
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/nacl/secretbox"
+)
+
+func Example() {
+	// Load your secret key from a safe place and reuse it across multiple
+	// Seal calls. (Obviously don't use this example key for anything
+	// real.) If you want to convert a passphrase to a key, use a suitable
+	// package like bcrypt or scrypt.
+	secretKeyBytes, err := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
+	if err != nil {
+		panic(err)
+	}
+
+	var secretKey [32]byte
+	copy(secretKey[:], secretKeyBytes)
+
+	// You must use a different nonce for each message you encrypt with the
+	// same key. Since the nonce here is 192 bits long, a random value
+	// provides a sufficiently small probability of repeats.
+	var nonce [24]byte
+	if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil {
+		panic(err)
+	}
+
+	// This encrypts "hello world" and appends the result to the nonce.
+	encrypted := secretbox.Seal(nonce[:], []byte("hello world"), &nonce, &secretKey)
+
+	// When you decrypt, you must use the same nonce and key you used to
+	// encrypt the message. One way to achieve this is to store the nonce
+	// alongside the encrypted message. Above, we stored the nonce in the first
+	// 24 bytes of the encrypted text.
+	var decryptNonce [24]byte
+	copy(decryptNonce[:], encrypted[:24])
+	decrypted, ok := secretbox.Open(nil, encrypted[24:], &decryptNonce, &secretKey)
+	if !ok {
+		panic("decryption error")
+	}
+
+	fmt.Println(string(decrypted))
+	// Output: hello world
+}

vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go

@@ -0,0 +1,173 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package secretbox encrypts and authenticates small messages.
+
+Secretbox uses XSalsa20 and Poly1305 to encrypt and authenticate messages with
+secret-key cryptography. The length of messages is not hidden.
+
+It is the caller's responsibility to ensure the uniqueness of nonces—for
+example, by using nonce 1 for the first message, nonce 2 for the second
+message, etc. Nonces are long enough that randomly generated nonces have
+negligible risk of collision.
+
+Messages should be small because:
+
+1. The whole message needs to be held in memory to be processed.
+
+2. Using large messages pressures implementations on small machines to decrypt
+and process plaintext before authenticating it. This is very dangerous, and
+this API does not allow it, but a protocol that uses excessive message sizes
+might present some implementations with no other choice.
+
+3. Fixed overheads will be sufficiently amortised by messages as small as 8KB.
+
+4. Performance may be improved by working with messages that fit into data caches.
+
+Thus large amounts of data should be chunked so that each message is small.
+(Each message still needs a unique nonce.) If in doubt, 16KB is a reasonable
+chunk size.
+
+This package is interoperable with NaCl: https://nacl.cr.yp.to/secretbox.html.
+*/
+package secretbox // import "golang.org/x/crypto/nacl/secretbox"
+
+import (
+	"golang.org/x/crypto/internal/subtle"
+	"golang.org/x/crypto/poly1305"
+	"golang.org/x/crypto/salsa20/salsa"
+)
+
+// Overhead is the number of bytes of overhead when boxing a message.
+const Overhead = poly1305.TagSize
+
+// setup produces a sub-key and Salsa20 counter given a nonce and key.
+func setup(subKey *[32]byte, counter *[16]byte, nonce *[24]byte, key *[32]byte) {
+	// We use XSalsa20 for encryption so first we need to generate a
+	// key and nonce with HSalsa20.
+	var hNonce [16]byte
+	copy(hNonce[:], nonce[:])
+	salsa.HSalsa20(subKey, &hNonce, key, &salsa.Sigma)
+
+	// The final 8 bytes of the original nonce form the new nonce.
+	copy(counter[:], nonce[16:])
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}
+
+// Seal appends an encrypted and authenticated copy of message to out, which
+// must not overlap message. The key and nonce pair must be unique for each
+// distinct message and the output will be Overhead bytes longer than message.
+func Seal(out, message []byte, nonce *[24]byte, key *[32]byte) []byte {
+	var subKey [32]byte
+	var counter [16]byte
+	setup(&subKey, &counter, nonce, key)
+
+	// The Poly1305 key is generated by encrypting 32 bytes of zeros. Since
+	// Salsa20 works with 64-byte blocks, we also generate 32 bytes of
+	// keystream as a side effect.
+	var firstBlock [64]byte
+	salsa.XORKeyStream(firstBlock[:], firstBlock[:], &counter, &subKey)
+
+	var poly1305Key [32]byte
+	copy(poly1305Key[:], firstBlock[:])
+
+	ret, out := sliceForAppend(out, len(message)+poly1305.TagSize)
+	if subtle.AnyOverlap(out, message) {
+		panic("nacl: invalid buffer overlap")
+	}
+
+	// We XOR up to 32 bytes of message with the keystream generated from
+	// the first block.
+	firstMessageBlock := message
+	if len(firstMessageBlock) > 32 {
+		firstMessageBlock = firstMessageBlock[:32]
+	}
+
+	tagOut := out
+	out = out[poly1305.TagSize:]
+	for i, x := range firstMessageBlock {
+		out[i] = firstBlock[32+i] ^ x
+	}
+	message = message[len(firstMessageBlock):]
+	ciphertext := out
+	out = out[len(firstMessageBlock):]
+
+	// Now encrypt the rest.
+	counter[8] = 1
+	salsa.XORKeyStream(out, message, &counter, &subKey)
+
+	var tag [poly1305.TagSize]byte
+	poly1305.Sum(&tag, ciphertext, &poly1305Key)
+	copy(tagOut, tag[:])
+
+	return ret
+}
+
+// Open authenticates and decrypts a box produced by Seal and appends the
+// message to out, which must not overlap box. The output will be Overhead
+// bytes smaller than box.
+func Open(out, box []byte, nonce *[24]byte, key *[32]byte) ([]byte, bool) {
+	if len(box) < Overhead {
+		return nil, false
+	}
+
+	var subKey [32]byte
+	var counter [16]byte
+	setup(&subKey, &counter, nonce, key)
+
+	// The Poly1305 key is generated by encrypting 32 bytes of zeros. Since
+	// Salsa20 works with 64-byte blocks, we also generate 32 bytes of
+	// keystream as a side effect.
+	var firstBlock [64]byte
+	salsa.XORKeyStream(firstBlock[:], firstBlock[:], &counter, &subKey)
+
+	var poly1305Key [32]byte
+	copy(poly1305Key[:], firstBlock[:])
+	var tag [poly1305.TagSize]byte
+	copy(tag[:], box)
+
+	if !poly1305.Verify(&tag, box[poly1305.TagSize:], &poly1305Key) {
+		return nil, false
+	}
+
+	ret, out := sliceForAppend(out, len(box)-Overhead)
+	if subtle.AnyOverlap(out, box) {
+		panic("nacl: invalid buffer overlap")
+	}
+
+	// We XOR up to 32 bytes of box with the keystream generated from
+	// the first block.
+	box = box[Overhead:]
+	firstMessageBlock := box
+	if len(firstMessageBlock) > 32 {
+		firstMessageBlock = firstMessageBlock[:32]
+	}
+	for i, x := range firstMessageBlock {
+		out[i] = firstBlock[32+i] ^ x
+	}
+
+	box = box[len(firstMessageBlock):]
+	out = out[len(firstMessageBlock):]
+
+	// Now decrypt the rest.
+	counter[8] = 1
+	salsa.XORKeyStream(out, box, &counter, &subKey)
+
+	return ret, true
+}

vendor/golang.org/x/crypto/nacl/secretbox/secretbox_test.go

@@ -0,0 +1,154 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package secretbox
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"testing"
+)
+
+func TestSealOpen(t *testing.T) {
+	var key [32]byte
+	var nonce [24]byte
+
+	rand.Reader.Read(key[:])
+	rand.Reader.Read(nonce[:])
+
+	var box, opened []byte
+
+	for msgLen := 0; msgLen < 128; msgLen += 17 {
+		message := make([]byte, msgLen)
+		rand.Reader.Read(message)
+
+		box = Seal(box[:0], message, &nonce, &key)
+		var ok bool
+		opened, ok = Open(opened[:0], box, &nonce, &key)
+		if !ok {
+			t.Errorf("%d: failed to open box", msgLen)
+			continue
+		}
+
+		if !bytes.Equal(opened, message) {
+			t.Errorf("%d: got %x, expected %x", msgLen, opened, message)
+			continue
+		}
+	}
+
+	for i := range box {
+		box[i] ^= 0x20
+		_, ok := Open(opened[:0], box, &nonce, &key)
+		if ok {
+			t.Errorf("box was opened after corrupting byte %d", i)
+		}
+		box[i] ^= 0x20
+	}
+}
+
+func TestSecretBox(t *testing.T) {
+	var key [32]byte
+	var nonce [24]byte
+	var message [64]byte
+
+	for i := range key[:] {
+		key[i] = 1
+	}
+	for i := range nonce[:] {
+		nonce[i] = 2
+	}
+	for i := range message[:] {
+		message[i] = 3
+	}
+
+	box := Seal(nil, message[:], &nonce, &key)
+	// expected was generated using the C implementation of NaCl.
+	expected, _ := hex.DecodeString("8442bc313f4626f1359e3b50122b6ce6fe66ddfe7d39d14e637eb4fd5b45beadab55198df6ab5368439792a23c87db70acb6156dc5ef957ac04f6276cf6093b84be77ff0849cc33e34b7254d5a8f65ad")
+
+	if !bytes.Equal(box, expected) {
+		t.Fatalf("box didn't match, got\n%x\n, expected\n%x", box, expected)
+	}
+}
+
+func TestAppend(t *testing.T) {
+	var key [32]byte
+	var nonce [24]byte
+	var message [8]byte
+
+	out := make([]byte, 4)
+	box := Seal(out, message[:], &nonce, &key)
+	if !bytes.Equal(box[:4], out[:4]) {
+		t.Fatalf("Seal didn't correctly append")
+	}
+
+	out = make([]byte, 4, 100)
+	box = Seal(out, message[:], &nonce, &key)
+	if !bytes.Equal(box[:4], out[:4]) {
+		t.Fatalf("Seal didn't correctly append with sufficient capacity.")
+	}
+}
+
+func benchmarkSealSize(b *testing.B, size int) {
+	message := make([]byte, size)
+	out := make([]byte, size+Overhead)
+	var nonce [24]byte
+	var key [32]byte
+
+	b.SetBytes(int64(size))
+	b.ResetTimer()
+
+	for i := 0; i < b.N; i++ {
+		out = Seal(out[:0], message, &nonce, &key)
+	}
+}
+
+func BenchmarkSeal8Bytes(b *testing.B) {
+	benchmarkSealSize(b, 8)
+}
+
+func BenchmarkSeal100Bytes(b *testing.B) {
+	benchmarkSealSize(b, 100)
+}
+
+func BenchmarkSeal1K(b *testing.B) {
+	benchmarkSealSize(b, 1024)
+}
+
+func BenchmarkSeal8K(b *testing.B) {
+	benchmarkSealSize(b, 8192)
+}
+
+func benchmarkOpenSize(b *testing.B, size int) {
+	msg := make([]byte, size)
+	result := make([]byte, size)
+	var nonce [24]byte
+	var key [32]byte
+	box := Seal(nil, msg, &nonce, &key)
+
+	b.SetBytes(int64(size))
+	b.ResetTimer()
+
+	for i := 0; i < b.N; i++ {
+		if _, ok := Open(result[:0], box, &nonce, &key); !ok {
+			panic("Open failed")
+		}
+	}
+}
+
+func BenchmarkOpen8Bytes(b *testing.B) {
+	benchmarkOpenSize(b, 8)
+}
+
+func BenchmarkOpen100Bytes(b *testing.B) {
+	benchmarkOpenSize(b, 100)
+}
+
+func BenchmarkOpen1K(b *testing.B) {
+	benchmarkOpenSize(b, 1024)
+}
+
+func BenchmarkOpen8K(b *testing.B) {
+	benchmarkOpenSize(b, 8192)
+}

vendor/golang.org/x/crypto/nacl/sign/sign.go

@@ -0,0 +1,90 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sign signs small messages using public-key cryptography.
+//
+// Sign uses Ed25519 to sign messages. The length of messages is not hidden.
+// Messages should be small because:
+// 1. The whole message needs to be held in memory to be processed.
+// 2. Using large messages pressures implementations on small machines to process
+// plaintext without verifying the signature. This is very dangerous, and this API
+// discourages it, but a protocol that uses excessive message sizes might present
+// some implementations with no other choice.
+// 3. Performance may be improved by working with messages that fit into data caches.
+// Thus large amounts of data should be chunked so that each message is small.
+//
+// This package is not interoperable with the current release of NaCl
+// (https://nacl.cr.yp.to/sign.html), which does not support Ed25519 yet. However,
+// it is compatible with the NaCl fork libsodium (https://www.libsodium.org), as well
+// as TweetNaCl (https://tweetnacl.cr.yp.to/).
+package sign
+
+import (
+	"io"
+
+	"golang.org/x/crypto/ed25519"
+	"golang.org/x/crypto/internal/subtle"
+)
+
+// Overhead is the number of bytes of overhead when signing a message.
+const Overhead = 64
+
+// GenerateKey generates a new public/private key pair suitable for use with
+// Sign and Open.
+func GenerateKey(rand io.Reader) (publicKey *[32]byte, privateKey *[64]byte, err error) {
+	pub, priv, err := ed25519.GenerateKey(rand)
+	if err != nil {
+		return nil, nil, err
+	}
+	publicKey, privateKey = new([32]byte), new([64]byte)
+	copy((*publicKey)[:], pub)
+	copy((*privateKey)[:], priv)
+	return publicKey, privateKey, nil
+}
+
+// Sign appends a signed copy of message to out, which will be Overhead bytes
+// longer than the original and must not overlap it.
+func Sign(out, message []byte, privateKey *[64]byte) []byte {
+	sig := ed25519.Sign(ed25519.PrivateKey((*privateKey)[:]), message)
+	ret, out := sliceForAppend(out, Overhead+len(message))
+	if subtle.AnyOverlap(out, message) {
+		panic("nacl: invalid buffer overlap")
+	}
+	copy(out, sig)
+	copy(out[Overhead:], message)
+	return ret
+}
+
+// Open verifies a signed message produced by Sign and appends the message to
+// out, which must not overlap the signed message. The output will be Overhead
+// bytes smaller than the signed message.
+func Open(out, signedMessage []byte, publicKey *[32]byte) ([]byte, bool) {
+	if len(signedMessage) < Overhead {
+		return nil, false
+	}
+	if !ed25519.Verify(ed25519.PublicKey((*publicKey)[:]), signedMessage[Overhead:], signedMessage[:Overhead]) {
+		return nil, false
+	}
+	ret, out := sliceForAppend(out, len(signedMessage)-Overhead)
+	if subtle.AnyOverlap(out, signedMessage) {
+		panic("nacl: invalid buffer overlap")
+	}
+	copy(out, signedMessage[Overhead:])
+	return ret, true
+}
+
+// sliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func sliceForAppend(in []byte, n int) (head, tail []byte) {
+	if total := len(in) + n; cap(in) >= total {
+		head = in[:total]
+	} else {
+		head = make([]byte, total)
+		copy(head, in)
+	}
+	tail = head[len(in):]
+	return
+}

vendor/golang.org/x/crypto/nacl/sign/sign_test.go

@@ -0,0 +1,74 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sign
+
+import (
+	"bytes"
+	"crypto/rand"
+	"encoding/hex"
+	"testing"
+)
+
+var testSignedMessage, _ = hex.DecodeString("26a0a47f733d02ddb74589b6cbd6f64a7dab1947db79395a1a9e00e4c902c0f185b119897b89b248d16bab4ea781b5a3798d25c2984aec833dddab57e0891e0d68656c6c6f20776f726c64")
+var testMessage = testSignedMessage[Overhead:]
+var testPublicKey [32]byte
+var testPrivateKey = [64]byte{
+	0x98, 0x3c, 0x6a, 0xa6, 0x21, 0xcc, 0xbb, 0xb2, 0xa7, 0xe8, 0x97, 0x94, 0xde, 0x5f, 0xf8, 0x11,
+	0x8a, 0xf3, 0x33, 0x1a, 0x03, 0x5c, 0x43, 0x99, 0x03, 0x13, 0x2d, 0xd7, 0xb4, 0xc4, 0x8b, 0xb0,
+	0xf6, 0x33, 0x20, 0xa3, 0x34, 0x8b, 0x7b, 0xe2, 0xfe, 0xb4, 0xe7, 0x3a, 0x54, 0x08, 0x2d, 0xd7,
+	0x0c, 0xb7, 0xc0, 0xe3, 0xbf, 0x62, 0x6c, 0x55, 0xf0, 0x33, 0x28, 0x52, 0xf8, 0x48, 0x7d, 0xfd,
+}
+
+func init() {
+	copy(testPublicKey[:], testPrivateKey[32:])
+}
+
+func TestSign(t *testing.T) {
+	signedMessage := Sign(nil, testMessage, &testPrivateKey)
+	if !bytes.Equal(signedMessage, testSignedMessage) {
+		t.Fatalf("signed message did not match, got\n%x\n, expected\n%x", signedMessage, testSignedMessage)
+	}
+}
+
+func TestOpen(t *testing.T) {
+	message, ok := Open(nil, testSignedMessage, &testPublicKey)
+	if !ok {
+		t.Fatalf("valid signed message not successfully verified")
+	}
+	if !bytes.Equal(message, testMessage) {
+		t.Fatalf("message did not match, got\n%x\n, expected\n%x", message, testMessage)
+	}
+	message, ok = Open(nil, testSignedMessage[1:], &testPublicKey)
+	if ok {
+		t.Fatalf("invalid signed message successfully verified")
+	}
+
+	badMessage := make([]byte, len(testSignedMessage))
+	copy(badMessage, testSignedMessage)
+	badMessage[5] ^= 1
+	if _, ok := Open(nil, badMessage, &testPublicKey); ok {
+		t.Fatalf("Open succeeded with a corrupt message")
+	}
+
+	var badPublicKey [32]byte
+	copy(badPublicKey[:], testPublicKey[:])
+	badPublicKey[5] ^= 1
+	if _, ok := Open(nil, testSignedMessage, &badPublicKey); ok {
+		t.Fatalf("Open succeeded with a corrupt public key")
+	}
+}
+
+func TestGenerateSignOpen(t *testing.T) {
+	publicKey, privateKey, _ := GenerateKey(rand.Reader)
+	signedMessage := Sign(nil, testMessage, privateKey)
+	message, ok := Open(nil, signedMessage, publicKey)
+	if !ok {
+		t.Fatalf("failed to verify signed message")
+	}
+
+	if !bytes.Equal(message, testMessage) {
+		t.Fatalf("verified message does not match signed messge, got\n%x\n, expected\n%x", message, testMessage)
+	}
+}