Bump dependencies

src/go.mod

@@ -30,10 +30,10 @@ require (
 	github.com/elazarl/goproxy v0.0.0-20230731152917-f99041a5c027 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	go.step.sm/crypto v0.48.1 // indirect
+	go.step.sm/crypto v0.49.0 // indirect
 	golang.org/x/crypto v0.25.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 // indirect
 )
 
 require (

src/go.sum

@@ -332,8 +332,8 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
-go.step.sm/crypto v0.48.1 h1:Z13PjRjL4bQN44L1mOIABUYLrpDQexam3yAEcf3q9hE=
-go.step.sm/crypto v0.48.1/go.mod h1:np/n/iXF3tBX/WXKyDIgz8iHT7mqmGHppTr9MKqw5gY=
+go.step.sm/crypto v0.49.0 h1:J4qW5/ODYeHJFAM4PuNLSHKBMGWh4iwX6Tcrsp42r+U=
+go.step.sm/crypto v0.49.0/go.mod h1:NCFMhLS6FJXQ9sD9PP282oHtsBWLrI6wXZY0eOkq7t8=
 golang.org/x/crypto v0.0.0-20181127143415-eb0de9b17e85/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -745,10 +745,10 @@ google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljW
 google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA=
 google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc=
 google.golang.org/genproto v0.0.0-20220808204814-fd01256a5276/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk=
-google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b h1:y/kpOWeX2pWERnbsvh/hF+Zmo69wVmjyZhstreXQQeA=
-google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 h1:a/Z0jgw03aJ2rQnp5PlPpznJqJft0HyvyrcUcxgzPwY=
+google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 h1:SbSDUWW1PAO24TNpLdeheoYPd7kllICcLU52x6eD4kQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=

src/vendor/go.step.sm/crypto/pemutil/pem.go

@@ -5,6 +5,7 @@ package pemutil
 
 import (
 	"bytes"
+	"crypto/ecdh"
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/elliptic"
@@ -732,24 +733,48 @@ func ParseSSH(b []byte) (interface{}, error) {
 			return nil, errors.Wrap(err, "error unmarshaling key")
 		}
 
-		key := new(ecdsa.PublicKey)
+		var c ecdh.Curve
 		switch w.Name {
 		case ssh.KeyAlgoECDSA256:
-			key.Curve = elliptic.P256()
+			c = ecdh.P256()
 		case ssh.KeyAlgoECDSA384:
-			key.Curve = elliptic.P384()
+			c = ecdh.P384()
 		case ssh.KeyAlgoECDSA521:
-			key.Curve = elliptic.P521()
+			c = ecdh.P521()
 		default:
 			return nil, errors.Errorf("unsupported ecdsa curve %s", w.Name)
 		}
 
-		key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
-		if key.X == nil || key.Y == nil {
-			return nil, errors.New("invalid ecdsa curve point")
+		var p *ecdh.PublicKey
+		if p, err = c.NewPublicKey(w.KeyBytes); err != nil {
+			return nil, errors.Wrapf(err, "failed decoding %s key", w.Name)
+		}
+
+		// convert ECDH public key to ECDSA public key to keep
+		// the returned type backwards compatible.
+		rawKey := p.Bytes()
+		switch p.Curve() {
+		case ecdh.P256():
+			return &ecdsa.PublicKey{
+				Curve: elliptic.P256(),
+				X:     big.NewInt(0).SetBytes(rawKey[1:33]),
+				Y:     big.NewInt(0).SetBytes(rawKey[33:]),
+			}, nil
+		case ecdh.P384():
+			return &ecdsa.PublicKey{
+				Curve: elliptic.P384(),
+				X:     big.NewInt(0).SetBytes(rawKey[1:49]),
+				Y:     big.NewInt(0).SetBytes(rawKey[49:]),
+			}, nil
+		case ecdh.P521():
+			return &ecdsa.PublicKey{
+				Curve: elliptic.P521(),
+				X:     big.NewInt(0).SetBytes(rawKey[1:67]),
+				Y:     big.NewInt(0).SetBytes(rawKey[67:]),
+			}, nil
+		default:
+			return nil, errors.New("cannot convert non-NIST *ecdh.PublicKey to *ecdsa.PublicKey")
 		}
-		return key, nil
-
 	case ssh.KeyAlgoED25519:
 		var w struct {
 			Name     string
@@ -759,10 +784,8 @@ func ParseSSH(b []byte) (interface{}, error) {
 			return nil, errors.Wrap(err, "error unmarshaling key")
 		}
 		return ed25519.PublicKey(w.KeyBytes), nil
-
 	case ssh.KeyAlgoDSA:
-		return nil, errors.Errorf("step does not support DSA keys")
-
+		return nil, errors.Errorf("DSA keys not supported")
 	default:
 		return nil, errors.Errorf("unsupported key type %T", key)
 	}

src/vendor/go.step.sm/crypto/pemutil/ssh.go

@@ -10,7 +10,6 @@ import (
 	"crypto/cipher"
 	"crypto/ecdsa"
 	"crypto/ed25519"
-	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"encoding/binary"
@@ -188,15 +187,18 @@ func SerializeOpenSSHPrivateKey(key crypto.PrivateKey, opts ...Options) (*pem.Bl
 			return nil, errors.Errorf("error serializing key: unsupported curve %s", k.Curve.Params().Name)
 		}
 
-		pub := elliptic.Marshal(k.Curve, k.PublicKey.X, k.PublicKey.Y)
+		p, err := k.PublicKey.ECDH()
+		if err != nil {
+			return nil, errors.Wrapf(err, "failed converting *ecdsa.PublicKey to *ecdh.PublicKey")
+		}
 
 		// Marshal public key.
 		pubKey := struct {
 			KeyType string
 			Curve   string
 			Pub     []byte
 		}{
-			keyType, curve, pub,
+			keyType, curve, p.Bytes(),
 		}
 		w.PubKey = ssh.Marshal(pubKey)
 
@@ -207,7 +209,7 @@ func SerializeOpenSSHPrivateKey(key crypto.PrivateKey, opts ...Options) (*pem.Bl
 			D       *big.Int
 			Comment string
 		}{
-			curve, pub, k.D,
+			curve, p.Bytes(), k.D,
 			ctx.comment,
 		}
 		pk1.Keytype = keyType

src/vendor/modules.txt

@@ -161,8 +161,8 @@ github.com/prometheus/procfs/internal/util
 # github.com/square/certstrap v1.3.0
 ## explicit; go 1.18
 github.com/square/certstrap/pkix
-# go.step.sm/crypto v0.48.1
-## explicit; go 1.20
+# go.step.sm/crypto v0.49.0
+## explicit; go 1.21
 go.step.sm/crypto/fingerprint
 go.step.sm/crypto/internal/bcrypt_pbkdf
 go.step.sm/crypto/internal/emoji
@@ -228,12 +228,12 @@ golang.org/x/text/unicode/norm
 # golang.org/x/tools v0.23.0
 ## explicit; go 1.19
 golang.org/x/tools/go/ast/inspector
-# google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b
+# google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5
 ## explicit; go 1.20
 google.golang.org/genproto/googleapis/api
 google.golang.org/genproto/googleapis/api/annotations
 google.golang.org/genproto/googleapis/api/httpbody
-# google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b
+# google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5
 ## explicit; go 1.20
 google.golang.org/genproto/googleapis/rpc/status
 # google.golang.org/grpc v1.65.0