TUN-7584: Bump go 1.20.6

Pins all docker and cfsetup builds to a specific go patch version.
Also ran go fix on repo.

vendor/github.com/quic-go/qtls-go1-19/cfkem.go

@@ -1,170 +0,0 @@
-// Copyright 2022 Cloudflare, Inc. All rights reserved. Use of this source code
-// is governed by a BSD-style license that can be found in the LICENSE file.
-//
-// Glue to add Circl's (post-quantum) hybrid KEMs.
-//
-// To enable set CurvePreferences with the desired scheme as the first element:
-//
-//   import (
-//      "github.com/cloudflare/circl/kem/tls"
-//      "github.com/cloudflare/circl/kem/hybrid"
-//
-//          [...]
-//
-//   config.CurvePreferences = []tls.CurveID{
-//      qtls.X25519Kyber512Draft00,
-//      qtls.X25519,
-//      qtls.P256,
-//   }
-
-package qtls
-
-import (
-	"github.com/cloudflare/circl/kem"
-	"github.com/cloudflare/circl/kem/hybrid"
-
-	"crypto/tls"
-	"fmt"
-	"io"
-	"sync"
-	"time"
-)
-
-// Either ecdheParameters or kem.PrivateKey
-type clientKeySharePrivate interface{}
-
-var (
-	X25519Kyber512Draft00 = CurveID(0xfe30)
-	X25519Kyber768Draft00 = CurveID(0xfe31)
-	invalidCurveID        = CurveID(0)
-)
-
-func kemSchemeKeyToCurveID(s kem.Scheme) CurveID {
-	switch s.Name() {
-	case "Kyber512-X25519":
-		return X25519Kyber512Draft00
-	case "Kyber768-X25519":
-		return X25519Kyber768Draft00
-	default:
-		return invalidCurveID
-	}
-}
-
-// Extract CurveID from clientKeySharePrivate
-func clientKeySharePrivateCurveID(ks clientKeySharePrivate) CurveID {
-	switch v := ks.(type) {
-	case kem.PrivateKey:
-		ret := kemSchemeKeyToCurveID(v.Scheme())
-		if ret == invalidCurveID {
-			panic("cfkem: internal error: don't know CurveID for this KEM")
-		}
-		return ret
-	case ecdheParameters:
-		return v.CurveID()
-	default:
-		panic("cfkem: internal error: unknown clientKeySharePrivate")
-	}
-}
-
-// Returns scheme by CurveID if supported by Circl
-func curveIdToCirclScheme(id CurveID) kem.Scheme {
-	switch id {
-	case X25519Kyber512Draft00:
-		return hybrid.Kyber512X25519()
-	case X25519Kyber768Draft00:
-		return hybrid.Kyber768X25519()
-	}
-	return nil
-}
-
-// Generate a new shared secret and encapsulates it for the packed
-// public key in ppk using randomness from rnd.
-func encapsulateForKem(scheme kem.Scheme, rnd io.Reader, ppk []byte) (
-	ct, ss []byte, alert alert, err error) {
-	pk, err := scheme.UnmarshalBinaryPublicKey(ppk)
-	if err != nil {
-		return nil, nil, alertIllegalParameter, fmt.Errorf("unpack pk: %w", err)
-	}
-	seed := make([]byte, scheme.EncapsulationSeedSize())
-	if _, err := io.ReadFull(rnd, seed); err != nil {
-		return nil, nil, alertInternalError, fmt.Errorf("random: %w", err)
-	}
-	ct, ss, err = scheme.EncapsulateDeterministically(pk, seed)
-	return ct, ss, alertIllegalParameter, err
-}
-
-// Generate a new keypair using randomness from rnd.
-func generateKemKeyPair(scheme kem.Scheme, rnd io.Reader) (
-	kem.PublicKey, kem.PrivateKey, error) {
-	seed := make([]byte, scheme.SeedSize())
-	if _, err := io.ReadFull(rnd, seed); err != nil {
-		return nil, nil, err
-	}
-	pk, sk := scheme.DeriveKeyPair(seed)
-	return pk, sk, nil
-}
-
-// Events. We cannot use the same approach as used in our plain Go fork
-// as we cannot change tls.Config, tls.ConnectionState, etc. Also we do
-// not want to maintain a fork of quic-go itself as well. This seems
-// the simplest option.
-
-// CFEvent. There are two events: one emitted on HRR and one emitted
-type CFEvent interface {
-	// Common to all events
-	ServerSide() bool // true if server-side; false if on client-side
-
-	// HRR event. Emitted when an HRR happened.
-	IsHRR() bool // true if this is an HRR event
-
-	// Handshake event.
-	IsHandshake() bool       // true if this is a handshake event.
-	Duration() time.Duration // how long did the handshake take?
-	KEX() tls.CurveID        // which kex was established?
-}
-
-type CFEventHandler func(CFEvent)
-
-// Registers a handler to be called when a CFEvent is emitted; returns
-// the previous handler.
-func SetCFEventHandler(handler CFEventHandler) CFEventHandler {
-	cfEventMux.Lock()
-	ret := cfEventHandler
-	cfEventHandler = handler
-	cfEventMux.Unlock()
-	return ret
-}
-
-func raiseCFEvent(ev CFEvent) {
-	cfEventMux.Lock()
-	handler := cfEventHandler
-	cfEventMux.Unlock()
-	if handler != nil {
-		handler(ev)
-	}
-}
-
-var (
-	cfEventMux     sync.Mutex
-	cfEventHandler CFEventHandler
-)
-
-type cfEventHRR struct{ serverSide bool }
-
-func (*cfEventHRR) IsHRR() bool                { return true }
-func (ev *cfEventHRR) ServerSide() bool        { return ev.serverSide }
-func (*cfEventHRR) IsHandshake() bool          { return false }
-func (ev *cfEventHRR) Duration() time.Duration { panic("wrong event") }
-func (ev *cfEventHRR) KEX() tls.CurveID        { panic("wrong event") }
-
-type cfEventHandshake struct {
-	serverSide bool
-	duration   time.Duration
-	kex        tls.CurveID
-}
-
-func (*cfEventHandshake) IsHRR() bool                { return false }
-func (ev *cfEventHandshake) ServerSide() bool        { return ev.serverSide }
-func (*cfEventHandshake) IsHandshake() bool          { return true }
-func (ev *cfEventHandshake) Duration() time.Duration { return ev.duration }
-func (ev *cfEventHandshake) KEX() tls.CurveID        { return ev.kex }

vendor/github.com/quic-go/qtls-go1-19/handshake_client.go

@@ -40,7 +40,7 @@ type clientHandshakeState struct {
 
 var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme
 
-func (c *Conn) makeClientHello() (*clientHelloMsg, clientKeySharePrivate, error) {
+func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
 	config := c.config
 	if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
 		return nil, nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config")
@@ -142,8 +142,11 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, clientKeySharePrivate, error)
 		hello.supportedSignatureAlgorithms = testingOnlyForceClientHelloSignatureAlgorithms
 	}
 
-	var secret clientKeySharePrivate
+	var params ecdheParameters
 	if hello.supportedVersions[0] == VersionTLS13 {
+		if len(hello.supportedVersions) == 1 {
+			hello.cipherSuites = hello.cipherSuites[:0]
+		}
 		if hasAESGCMHardwareSupport {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
 		} else {
@@ -151,37 +154,21 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, clientKeySharePrivate, error)
 		}
 
 		curveID := config.curvePreferences()[0]
-		if scheme := curveIdToCirclScheme(curveID); scheme != nil {
-			pk, sk, err := generateKemKeyPair(scheme, config.rand())
-			if err != nil {
-				return nil, nil, fmt.Errorf("generateKemKeyPair %s: %w",
-					scheme.Name(), err)
-			}
-			packedPk, err := pk.MarshalBinary()
-			if err != nil {
-				return nil, nil, fmt.Errorf("pack circl public key %s: %w",
-					scheme.Name(), err)
-			}
-			hello.keyShares = []keyShare{{group: curveID, data: packedPk}}
-			secret = sk
-		} else {
-			if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
-				return nil, nil, errors.New("tls: CurvePreferences includes unsupported curve")
-			}
-			params, err := generateECDHEParameters(config.rand(), curveID)
-			if err != nil {
-				return nil, nil, err
-			}
-			hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
-			secret = params
+		if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
+			return nil, nil, errors.New("tls: CurvePreferences includes unsupported curve")
 		}
+		params, err = generateECDHEParameters(config.rand(), curveID)
+		if err != nil {
+			return nil, nil, err
+		}
+		hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
 	}
 
 	if hello.supportedVersions[0] == VersionTLS13 && c.extraConfig != nil && c.extraConfig.GetExtensions != nil {
 		hello.additionalExtensions = c.extraConfig.GetExtensions(typeClientHello)
 	}
 
-	return hello, secret, nil
+	return hello, params, nil
 }
 
 func (c *Conn) clientHandshake(ctx context.Context) (err error) {
@@ -274,14 +261,14 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 
 	if c.vers == VersionTLS13 {
 		hs := &clientHandshakeStateTLS13{
-			c:               c,
-			ctx:             ctx,
-			serverHello:     serverHello,
-			hello:           hello,
-			keySharePrivate: ecdheParams,
-			session:         session,
-			earlySecret:     earlySecret,
-			binderKey:       binderKey,
+			c:           c,
+			ctx:         ctx,
+			serverHello: serverHello,
+			hello:       hello,
+			ecdheParams: ecdheParams,
+			session:     session,
+			earlySecret: earlySecret,
+			binderKey:   binderKey,
 		}
 
 		// In TLS 1.3, session tickets are delivered after the handshake.

vendor/github.com/quic-go/qtls-go1-19/handshake_client_tls13.go

@@ -12,12 +12,10 @@ import (
 	"crypto/rsa"
 	"encoding/binary"
 	"errors"
-	"fmt"
 	"hash"
 	"sync/atomic"
 	"time"
 
-	circlKem "github.com/cloudflare/circl/kem"
 	"golang.org/x/crypto/cryptobyte"
 )
 
@@ -26,8 +24,7 @@ type clientHandshakeStateTLS13 struct {
 	ctx         context.Context
 	serverHello *serverHelloMsg
 	hello       *clientHelloMsg
-
-	keySharePrivate clientKeySharePrivate
+	ecdheParams ecdheParameters
 
 	session     *clientSessionState
 	earlySecret []byte
@@ -47,8 +44,6 @@ type clientHandshakeStateTLS13 struct {
 func (hs *clientHandshakeStateTLS13) handshake() error {
 	c := hs.c
 
-	startTime := time.Now()
-
 	if needFIPS() {
 		return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
 	}
@@ -61,7 +56,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	}
 
 	// Consistency check on the presence of a keyShare and its parameters.
-	if hs.keySharePrivate == nil || len(hs.hello.keyShares) != 1 {
+	if hs.ecdheParams == nil || len(hs.hello.keyShares) != 1 {
 		return c.sendAlert(alertInternalError)
 	}
 
@@ -119,12 +114,6 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 		return err
 	}
 
-	raiseCFEvent(&cfEventHandshake{
-		serverSide: false,
-		duration:   time.Since(startTime),
-		kex:        hs.serverHello.serverShare.group,
-	})
-
 	atomic.StoreUint32(&c.handshakeStatus, 1)
 	c.updateConnectionState()
 	return nil
@@ -201,8 +190,6 @@ func (hs *clientHandshakeStateTLS13) sendDummyChangeCipherSpec() error {
 func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
 	c := hs.c
 
-	raiseCFEvent(&cfEventHRR{serverSide: false})
-
 	// The first ClientHello gets double-hashed into the transcript upon a
 	// HelloRetryRequest. (The idea is that the server might offload transcript
 	// storage to the client in the cookie.) See RFC 8446, Section 4.4.1.
@@ -246,38 +233,21 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: server selected unsupported group")
 		}
-		if clientKeySharePrivateCurveID(hs.keySharePrivate) == curveID {
+		if hs.ecdheParams.CurveID() == curveID {
 			c.sendAlert(alertIllegalParameter)
 			return errors.New("tls: server sent an unnecessary HelloRetryRequest key_share")
 		}
-		if scheme := curveIdToCirclScheme(curveID); scheme != nil {
-			pk, sk, err := generateKemKeyPair(scheme, c.config.rand())
-			if err != nil {
-				c.sendAlert(alertInternalError)
-				return fmt.Errorf("HRR generateKeyPair %s: %w",
-					scheme.Name(), err)
-			}
-			packedPk, err := pk.MarshalBinary()
-			if err != nil {
-				c.sendAlert(alertInternalError)
-				return fmt.Errorf("HRR pack circl public key %s: %w",
-					scheme.Name(), err)
-			}
-			hs.keySharePrivate = sk
-			hs.hello.keyShares = []keyShare{{group: curveID, data: packedPk}}
-		} else {
-			if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
-				c.sendAlert(alertInternalError)
-				return errors.New("tls: CurvePreferences includes unsupported curve")
-			}
-			params, err := generateECDHEParameters(c.config.rand(), curveID)
-			if err != nil {
-				c.sendAlert(alertInternalError)
-				return err
-			}
-			hs.keySharePrivate = params
-			hs.hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
+		if _, ok := curveForCurveID(curveID); curveID != X25519 && !ok {
+			c.sendAlert(alertInternalError)
+			return errors.New("tls: CurvePreferences includes unsupported curve")
 		}
+		params, err := generateECDHEParameters(c.config.rand(), curveID)
+		if err != nil {
+			c.sendAlert(alertInternalError)
+			return err
+		}
+		hs.ecdheParams = params
+		hs.hello.keyShares = []keyShare{{group: curveID, data: params.PublicKey()}}
 	}
 
 	hs.hello.raw = nil
@@ -363,7 +333,7 @@ func (hs *clientHandshakeStateTLS13) processServerHello() error {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: server did not send a key share")
 	}
-	if hs.serverHello.serverShare.group != clientKeySharePrivateCurveID(hs.keySharePrivate) {
+	if hs.serverHello.serverShare.group != hs.ecdheParams.CurveID() {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: server selected unsupported group")
 	}
@@ -401,18 +371,7 @@ func (hs *clientHandshakeStateTLS13) processServerHello() error {
 func (hs *clientHandshakeStateTLS13) establishHandshakeKeys() error {
 	c := hs.c
 
-	var sharedKey []byte
-	if params, ok := hs.keySharePrivate.(ecdheParameters); ok {
-		sharedKey = params.SharedKey(hs.serverHello.serverShare.data)
-	} else if sk, ok := hs.keySharePrivate.(circlKem.PrivateKey); ok {
-		var err error
-		sharedKey, err = sk.Scheme().Decapsulate(sk, hs.serverHello.serverShare.data)
-		if err != nil {
-			c.sendAlert(alertIllegalParameter)
-			return fmt.Errorf("%s decaps: %w", sk.Scheme().Name(), err)
-		}
-	}
-
+	sharedKey := hs.ecdheParams.SharedKey(hs.serverHello.serverShare.data)
 	if sharedKey == nil {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: invalid server key share")

vendor/github.com/quic-go/qtls-go1-19/handshake_server_tls13.go

@@ -11,7 +11,6 @@ import (
 	"crypto/hmac"
 	"crypto/rsa"
 	"errors"
-	"fmt"
 	"hash"
 	"io"
 	"sync/atomic"
@@ -47,8 +46,6 @@ type serverHandshakeStateTLS13 struct {
 func (hs *serverHandshakeStateTLS13) handshake() error {
 	c := hs.c
 
-	startTime := time.Now()
-
 	if needFIPS() {
 		return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
 	}
@@ -88,12 +85,6 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 		return err
 	}
 
-	raiseCFEvent(&cfEventHandshake{
-		serverSide: true,
-		duration:   time.Since(startTime),
-		kex:        hs.hello.serverShare.group,
-	})
-
 	atomic.StoreUint32(&c.handshakeStatus, 1)
 	c.updateConnectionState()
 	return nil
@@ -208,27 +199,17 @@ GroupSelection:
 		clientKeyShare = &hs.clientHello.keyShares[0]
 	}
 
-	if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && curveIdToCirclScheme(selectedGroup) == nil && !ok {
+	if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && !ok {
 		c.sendAlert(alertInternalError)
 		return errors.New("tls: CurvePreferences includes unsupported curve")
 	}
-	if kem := curveIdToCirclScheme(selectedGroup); kem != nil {
-		ct, ss, alert, err := encapsulateForKem(kem, c.config.rand(), clientKeyShare.data)
-		if err != nil {
-			c.sendAlert(alert)
-			return fmt.Errorf("%s encap: %w", kem.Name(), err)
-		}
-		hs.hello.serverShare = keyShare{group: selectedGroup, data: ct}
-		hs.sharedKey = ss
-	} else {
-		params, err := generateECDHEParameters(c.config.rand(), selectedGroup)
-		if err != nil {
-			c.sendAlert(alertInternalError)
-			return err
-		}
-		hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()}
-		hs.sharedKey = params.SharedKey(clientKeyShare.data)
+	params, err := generateECDHEParameters(c.config.rand(), selectedGroup)
+	if err != nil {
+		c.sendAlert(alertInternalError)
+		return err
 	}
+	hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()}
+	hs.sharedKey = params.SharedKey(clientKeyShare.data)
 	if hs.sharedKey == nil {
 		c.sendAlert(alertIllegalParameter)
 		return errors.New("tls: invalid client key share")
@@ -458,8 +439,6 @@ func (hs *serverHandshakeStateTLS13) sendDummyChangeCipherSpec() error {
 func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) error {
 	c := hs.c
 
-	raiseCFEvent(&cfEventHRR{serverSide: true})
-
 	// The first ClientHello gets double-hashed into the transcript upon a
 	// HelloRetryRequest. See RFC 8446, Section 4.4.1.
 	if err := transcriptMsg(hs.clientHello, hs.transcript); err != nil {

vendor/github.com/quic-go/qtls-go1-19/key_agreement.go

@@ -168,7 +168,7 @@ type ecdheKeyAgreement struct {
 func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
 	var curveID CurveID
 	for _, c := range clientHello.supportedCurves {
-		if config.supportsCurve(c) && curveIdToCirclScheme(c) == nil {
+		if config.supportsCurve(c) {
 			curveID = c
 			break
 		}

vendor/modules.txt

@@ -258,7 +258,7 @@ github.com/prometheus/common/model
 github.com/prometheus/procfs
 github.com/prometheus/procfs/internal/fs
 github.com/prometheus/procfs/internal/util
-# github.com/quic-go/qtls-go1-19 v0.3.2 => github.com/cloudflare/qtls-pq v0.0.0-20230320123031-3faac1a945b2
+# github.com/quic-go/qtls-go1-19 v0.3.2
 ## explicit; go 1.19
 github.com/quic-go/qtls-go1-19
 # github.com/quic-go/qtls-go1-20 v0.2.2 => github.com/cloudflare/qtls-pq v0.0.0-20230320122459-4ed280d0d633
@@ -577,5 +577,4 @@ zombiezen.com/go/capnproto2/std/capnp/rpc
 # github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1
 # gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
 # github.com/quic-go/quic-go => github.com/devincarr/quic-go v0.0.0-20230502200822-d1f4edacbee7
-# github.com/quic-go/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20230320123031-3faac1a945b2
 # github.com/quic-go/qtls-go1-20 => github.com/cloudflare/qtls-pq v0.0.0-20230320122459-4ed280d0d633