Image encryption/decryption support in skopeo

Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com> Signed-off-by: Brandon Lum <lumjjb@gmail.com>
2025-09-22 18:37:21 +00:00 · 2019-09-23 14:17:42 +05:30
parent 912b7e1e09
commit 39ff039b3b
176 changed files with 21673 additions and 3828 deletions
--- a/vendor/github.com/klauspost/compress/flate/inflate.go
+++ b/vendor/github.com/klauspost/compress/flate/inflate.go
@@ -9,6 +9,7 @@ package flate

 import (
 	"bufio"
+	"fmt"
 	"io"
 	"math/bits"
 	"strconv"
@@ -24,6 +25,8 @@ const (
 	maxNumLit  = 286
 	maxNumDist = 30
 	numCodes   = 19 // number of codes in Huffman meta-code
+
+	debugDecode = false
 )

 // Initialize the fixedHuffmanDecoder only once upon first use.
@@ -104,8 +107,8 @@ const (

 type huffmanDecoder struct {
 	min      int                       // the minimum code length
-	chunks   *[huffmanNumChunks]uint32 // chunks as described above
-	links    [][]uint32                // overflow links
+	chunks   *[huffmanNumChunks]uint16 // chunks as described above
+	links    [][]uint16                // overflow links
 	linkMask uint32                    // mask the width of the link table
 }

@@ -121,7 +124,7 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 	const sanity = false

 	if h.chunks == nil {
-		h.chunks = &[huffmanNumChunks]uint32{}
+		h.chunks = &[huffmanNumChunks]uint16{}
 	}
 	if h.min != 0 {
 		*h = huffmanDecoder{chunks: h.chunks, links: h.links}
@@ -169,6 +172,9 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 	// accept degenerate single-code codings. See also
 	// TestDegenerateHuffmanCoding.
 	if code != 1<<uint(max) && !(code == 1 && max == 1) {
+		if debugDecode {
+			fmt.Println("coding failed, code, max:", code, max, code == 1<<uint(max), code == 1 && max == 1, "(one should be true)")
+		}
 		return false
 	}

@@ -185,7 +191,7 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 		// create link tables
 		link := nextcode[huffmanChunkBits+1] >> 1
 		if cap(h.links) < huffmanNumChunks-link {
-			h.links = make([][]uint32, huffmanNumChunks-link)
+			h.links = make([][]uint16, huffmanNumChunks-link)
 		} else {
 			h.links = h.links[:huffmanNumChunks-link]
 		}
@@ -196,9 +202,9 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 			if sanity && h.chunks[reverse] != 0 {
 				panic("impossible: overwriting existing chunk")
 			}
-			h.chunks[reverse] = uint32(off<<huffmanValueShift | (huffmanChunkBits + 1))
+			h.chunks[reverse] = uint16(off<<huffmanValueShift | (huffmanChunkBits + 1))
 			if cap(h.links[off]) < numLinks {
-				h.links[off] = make([]uint32, numLinks)
+				h.links[off] = make([]uint16, numLinks)
 			} else {
 				links := h.links[off][:0]
 				h.links[off] = links[:numLinks]
@@ -214,7 +220,7 @@ func (h *huffmanDecoder) init(lengths []int) bool {
 		}
 		code := nextcode[n]
 		nextcode[n]++
-		chunk := uint32(i<<huffmanValueShift | n)
+		chunk := uint16(i<<huffmanValueShift | n)
 		reverse := int(bits.Reverse16(uint16(code)))
 		reverse >>= uint(16 - n)
 		if n <= huffmanChunkBits {
@@ -347,6 +353,9 @@ func (f *decompressor) nextBlock() {
 		f.huffmanBlock()
 	default:
 		// 3 is reserved.
+		if debugDecode {
+			fmt.Println("reserved data block encountered")
+		}
 		f.err = CorruptInputError(f.roffset)
 	}
 }
@@ -425,11 +434,17 @@ func (f *decompressor) readHuffman() error {
 	}
 	nlit := int(f.b&0x1F) + 257
 	if nlit > maxNumLit {
+		if debugDecode {
+			fmt.Println("nlit > maxNumLit", nlit)
+		}
 		return CorruptInputError(f.roffset)
 	}
 	f.b >>= 5
 	ndist := int(f.b&0x1F) + 1
 	if ndist > maxNumDist {
+		if debugDecode {
+			fmt.Println("ndist > maxNumDist", ndist)
+		}
 		return CorruptInputError(f.roffset)
 	}
 	f.b >>= 5
@@ -453,6 +468,9 @@ func (f *decompressor) readHuffman() error {
 		f.codebits[codeOrder[i]] = 0
 	}
 	if !f.h1.init(f.codebits[0:]) {
+		if debugDecode {
+			fmt.Println("init codebits failed")
+		}
 		return CorruptInputError(f.roffset)
 	}

@@ -480,6 +498,9 @@ func (f *decompressor) readHuffman() error {
 			rep = 3
 			nb = 2
 			if i == 0 {
+				if debugDecode {
+					fmt.Println("i==0")
+				}
 				return CorruptInputError(f.roffset)
 			}
 			b = f.bits[i-1]
@@ -494,6 +515,9 @@ func (f *decompressor) readHuffman() error {
 		}
 		for f.nb < nb {
 			if err := f.moreBits(); err != nil {
+				if debugDecode {
+					fmt.Println("morebits:", err)
+				}
 				return err
 			}
 		}
@@ -501,6 +525,9 @@ func (f *decompressor) readHuffman() error {
 		f.b >>= nb
 		f.nb -= nb
 		if i+rep > n {
+			if debugDecode {
+				fmt.Println("i+rep > n", i, rep, n)
+			}
 			return CorruptInputError(f.roffset)
 		}
 		for j := 0; j < rep; j++ {
@@ -510,6 +537,9 @@ func (f *decompressor) readHuffman() error {
 	}

 	if !f.h1.init(f.bits[0:nlit]) || !f.h2.init(f.bits[nlit:nlit+ndist]) {
+		if debugDecode {
+			fmt.Println("init2 failed")
+		}
 		return CorruptInputError(f.roffset)
 	}

@@ -587,12 +617,18 @@ readLiteral:
 			length = 258
 			n = 0
 		default:
+			if debugDecode {
+				fmt.Println(v, ">= maxNumLit")
+			}
 			f.err = CorruptInputError(f.roffset)
 			return
 		}
 		if n > 0 {
 			for f.nb < n {
 				if err = f.moreBits(); err != nil {
+					if debugDecode {
+						fmt.Println("morebits n>0:", err)
+					}
 					f.err = err
 					return
 				}
@@ -606,6 +642,9 @@ readLiteral:
 		if f.hd == nil {
 			for f.nb < 5 {
 				if err = f.moreBits(); err != nil {
+					if debugDecode {
+						fmt.Println("morebits f.nb<5:", err)
+					}
 					f.err = err
 					return
 				}
@@ -615,6 +654,9 @@ readLiteral:
 			f.nb -= 5
 		} else {
 			if dist, err = f.huffSym(f.hd); err != nil {
+				if debugDecode {
+					fmt.Println("huffsym:", err)
+				}
 				f.err = err
 				return
 			}
@@ -629,6 +671,9 @@ readLiteral:
 			extra := (dist & 1) << nb
 			for f.nb < nb {
 				if err = f.moreBits(); err != nil {
+					if debugDecode {
+						fmt.Println("morebits f.nb<nb:", err)
+					}
 					f.err = err
 					return
 				}
@@ -638,12 +683,18 @@ readLiteral:
 			f.nb -= nb
 			dist = 1<<(nb+1) + 1 + extra
 		default:
+			if debugDecode {
+				fmt.Println("dist too big:", dist, maxNumDist)
+			}
 			f.err = CorruptInputError(f.roffset)
 			return
 		}

 		// No check on length; encoding can be prescient.
 		if dist > f.dict.histSize() {
+			if debugDecode {
+				fmt.Println("dist > f.dict.histSize():", dist, f.dict.histSize())
+			}
 			f.err = CorruptInputError(f.roffset)
 			return
 		}
@@ -688,6 +739,9 @@ func (f *decompressor) dataBlock() {
 	n := int(f.buf[0]) | int(f.buf[1])<<8
 	nn := int(f.buf[2]) | int(f.buf[3])<<8
 	if uint16(nn) != uint16(^n) {
+		if debugDecode {
+			fmt.Println("uint16(nn) != uint16(^n)", nn, ^n)
+		}
 		f.err = CorruptInputError(f.roffset)
 		return
 	}
@@ -789,6 +843,9 @@ func (f *decompressor) huffSym(h *huffmanDecoder) (int, error) {
 			if n == 0 {
 				f.b = b
 				f.nb = nb
+				if debugDecode {
+					fmt.Println("huffsym: n==0")
+				}
 				f.err = CorruptInputError(f.roffset)
 				return 0, f.err
 			}