diff options
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 4 | ||||
| -rw-r--r-- | vendor/code.superseriousbusiness.org/httpsig/algorithms.gen.go | 49 | ||||
| -rw-r--r-- | vendor/code.superseriousbusiness.org/httpsig/algorithms.go | 97 | ||||
| -rw-r--r-- | vendor/code.superseriousbusiness.org/httpsig/digest.go | 52 | ||||
| -rw-r--r-- | vendor/code.superseriousbusiness.org/httpsig/httpsig.go | 42 | ||||
| -rw-r--r-- | vendor/code.superseriousbusiness.org/httpsig/signing.go | 1 | ||||
| -rw-r--r-- | vendor/golang.org/x/crypto/ripemd160/ripemd160.go | 124 | ||||
| -rw-r--r-- | vendor/golang.org/x/crypto/ripemd160/ripemd160block.go | 165 | ||||
| -rw-r--r-- | vendor/modules.txt | 3 |
10 files changed, 150 insertions, 389 deletions
@@ -11,7 +11,7 @@ replace modernc.org/sqlite => gitlab.com/NyaaaWhatsUpDoc/sqlite v1.39.1-concurre require ( code.superseriousbusiness.org/activity v1.17.0 code.superseriousbusiness.org/exif-terminator v0.11.0 - code.superseriousbusiness.org/httpsig v1.4.0 + code.superseriousbusiness.org/httpsig v1.5.0 code.superseriousbusiness.org/oauth2/v4 v4.5.4-0.20250812115401-3961e46a7384 codeberg.org/gruf/go-bytesize v1.0.4 codeberg.org/gruf/go-byteutil v1.3.0 @@ -6,8 +6,8 @@ code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0 h1:r9uq8StaSHYKJ code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0/go.mod h1:IK1OlR6APjVB3E9tuYGvf0qXMrwP+TrzcHS5rf4wffQ= code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 h1:I512jiIeXDC4//2BeSPrRM2ZS4wpBKUaPeTPxakMNGA= code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0/go.mod h1:SNHomXNW88o1pFfLHpD4KsCZLfcr4z5dm+xcX5SV10A= -code.superseriousbusiness.org/httpsig v1.4.0 h1:g9+KQMoTG0oR0II5gYb5pVVdNjbc7CiiuqK8vcZjeQg= -code.superseriousbusiness.org/httpsig v1.4.0/go.mod h1:i2AKpj/WbA/o/UTvia9TAREzt0jP1AH3T1Uxjyhdzlw= +code.superseriousbusiness.org/httpsig v1.5.0 h1:jw/qc//yYWSoOYytTZXHvW7yh8kceCipNIBfUeXQghA= +code.superseriousbusiness.org/httpsig v1.5.0/go.mod h1:i2AKpj/WbA/o/UTvia9TAREzt0jP1AH3T1Uxjyhdzlw= code.superseriousbusiness.org/oauth2/v4 v4.5.4-0.20250812115401-3961e46a7384 h1:eJzULGUyhHGk2DdQxX/jbH9FKZOyoIF90p3dzukCfLA= code.superseriousbusiness.org/oauth2/v4 v4.5.4-0.20250812115401-3961e46a7384/go.mod h1:4x61i4C725jkXOpnUPFNfmiEthF6FZc/byADbalp+F8= codeberg.org/gruf/go-bytesize v1.0.4 h1:LEojK46lUoE748Om7yldx6kLe6jCCuiytz5IZ8vH35g= diff --git a/vendor/code.superseriousbusiness.org/httpsig/algorithms.gen.go b/vendor/code.superseriousbusiness.org/httpsig/algorithms.gen.go new file mode 100644 index 000000000..94080f611 --- /dev/null +++ b/vendor/code.superseriousbusiness.org/httpsig/algorithms.gen.go @@ -0,0 +1,49 @@ +// generated using: go run ./gen/ algorithms.go algorithms.gen.go +package httpsig + +import "crypto" + +func stringToHash(name string) crypto.Hash { + switch name { + case md4String: + return crypto.MD4 + case md5String: + return crypto.MD5 + case ripemd160String: + return crypto.RIPEMD160 + case md5sha1String: + return crypto.MD5SHA1 + case sha1String: + return crypto.SHA1 + case sha224String: + return crypto.SHA224 + case sha256String: + return crypto.SHA256 + case sha384String: + return crypto.SHA384 + case sha512String: + return crypto.SHA512 + case sha3_224String: + return crypto.SHA3_224 + case sha3_256String: + return crypto.SHA3_256 + case sha3_384String: + return crypto.SHA3_384 + case sha3_512String: + return crypto.SHA3_512 + case sha512_224String: + return crypto.SHA512_224 + case sha512_256String: + return crypto.SHA512_256 + case blake2s_256String: + return crypto.BLAKE2s_256 + case blake2b_256String: + return crypto.BLAKE2b_256 + case blake2b_384String: + return crypto.BLAKE2b_384 + case blake2b_512String: + return crypto.BLAKE2b_512 + default: + return 0 + } +} diff --git a/vendor/code.superseriousbusiness.org/httpsig/algorithms.go b/vendor/code.superseriousbusiness.org/httpsig/algorithms.go index 9595941be..2e3481d73 100644 --- a/vendor/code.superseriousbusiness.org/httpsig/algorithms.go +++ b/vendor/code.superseriousbusiness.org/httpsig/algorithms.go @@ -20,7 +20,6 @@ import ( "golang.org/x/crypto/blake2b" "golang.org/x/crypto/blake2s" "golang.org/x/crypto/ed25519" - "golang.org/x/crypto/ripemd160" "golang.org/x/crypto/sha3" "golang.org/x/crypto/ssh" ) @@ -52,14 +51,7 @@ const ( blake2b_512String = "blake2b-512" ) -var blake2Algorithms = map[crypto.Hash]bool{ - crypto.BLAKE2s_256: true, - crypto.BLAKE2b_256: true, - crypto.BLAKE2b_384: true, - crypto.BLAKE2b_512: true, -} - -var hashToDef = map[crypto.Hash]struct { +var hashToDef = [...]struct { name string new func(key []byte) (hash.Hash, error) // Only MACers will accept a key }{ @@ -68,40 +60,36 @@ var hashToDef = map[crypto.Hash]struct { // http://www.iana.org/assignments/signature-algorithms // // Note that the forbidden hashes have an invalid 'new' function. - crypto.MD4: {md4String, func(key []byte) (hash.Hash, error) { return nil, nil }}, - crypto.MD5: {md5String, func(key []byte) (hash.Hash, error) { return nil, nil }}, + crypto.MD4: {md4String, nil}, + crypto.MD5: {md5String, nil}, + crypto.RIPEMD160: {ripemd160String, nil}, + crypto.MD5SHA1: {md5sha1String, nil}, // shorthand for crypto/tls, not actually implemented + // Temporarily enable SHA1 because of issue https://github.com/golang/go/issues/37278 + // Still cryptographically secure: crypto.SHA1: {sha1String, func(key []byte) (hash.Hash, error) { return sha1.New(), nil }}, crypto.SHA224: {sha224String, func(key []byte) (hash.Hash, error) { return sha256.New224(), nil }}, crypto.SHA256: {sha256String, func(key []byte) (hash.Hash, error) { return sha256.New(), nil }}, crypto.SHA384: {sha384String, func(key []byte) (hash.Hash, error) { return sha512.New384(), nil }}, crypto.SHA512: {sha512String, func(key []byte) (hash.Hash, error) { return sha512.New(), nil }}, - crypto.MD5SHA1: {md5sha1String, func(key []byte) (hash.Hash, error) { return nil, nil }}, - crypto.RIPEMD160: {ripemd160String, func(key []byte) (hash.Hash, error) { return ripemd160.New(), nil }}, crypto.SHA3_224: {sha3_224String, func(key []byte) (hash.Hash, error) { return sha3.New224(), nil }}, crypto.SHA3_256: {sha3_256String, func(key []byte) (hash.Hash, error) { return sha3.New256(), nil }}, crypto.SHA3_384: {sha3_384String, func(key []byte) (hash.Hash, error) { return sha3.New384(), nil }}, crypto.SHA3_512: {sha3_512String, func(key []byte) (hash.Hash, error) { return sha3.New512(), nil }}, crypto.SHA512_224: {sha512_224String, func(key []byte) (hash.Hash, error) { return sha512.New512_224(), nil }}, crypto.SHA512_256: {sha512_256String, func(key []byte) (hash.Hash, error) { return sha512.New512_256(), nil }}, - crypto.BLAKE2s_256: {blake2s_256String, func(key []byte) (hash.Hash, error) { return blake2s.New256(key) }}, - crypto.BLAKE2b_256: {blake2b_256String, func(key []byte) (hash.Hash, error) { return blake2b.New256(key) }}, - crypto.BLAKE2b_384: {blake2b_384String, func(key []byte) (hash.Hash, error) { return blake2b.New384(key) }}, - crypto.BLAKE2b_512: {blake2b_512String, func(key []byte) (hash.Hash, error) { return blake2b.New512(key) }}, + crypto.BLAKE2s_256: {blake2s_256String, blake2s.New256}, + crypto.BLAKE2b_256: {blake2b_256String, blake2b.New256}, + crypto.BLAKE2b_384: {blake2b_384String, blake2b.New384}, + crypto.BLAKE2b_512: {blake2b_512String, blake2b.New512}, } -var stringToHash map[string]crypto.Hash - const ( defaultAlgorithm = RSA_SHA256 defaultAlgorithmHashing = sha256String ) func init() { - stringToHash = make(map[string]crypto.Hash, len(hashToDef)) - for k, v := range hashToDef { - stringToHash[v.name] = k - } // This should guarantee that at runtime the defaultAlgorithm will not // result in errors when fetching a macer or signer (see algorithms.go) if ok, err := isAvailable(string(defaultAlgorithmHashing)); err != nil { @@ -112,17 +100,7 @@ func init() { } func isForbiddenHash(h crypto.Hash) bool { - switch h { - // Not actually cryptographically secure - case crypto.MD4: - fallthrough - case crypto.MD5: - fallthrough - case crypto.MD5SHA1: // shorthand for crypto/tls, not actually implemented - return true - } - // Still cryptographically secure - return false + return int(h) >= len(hashToDef) || hashToDef[h].new == nil } // signer is an internally public type. @@ -148,6 +126,9 @@ type hmacAlgorithm struct { func (h *hmacAlgorithm) Sign(sig, key []byte) ([]byte, error) { hs, err := h.fn(key) + if err != nil { + return nil, err + } if err = setSig(hs, sig); err != nil { return nil, err } @@ -169,7 +150,7 @@ func (h *hmacAlgorithm) Equal(sig, actualMAC, key []byte) (bool, error) { } func (h *hmacAlgorithm) String() string { - return fmt.Sprintf("%s-%s", hmacPrefix, hashToDef[h.kind].name) + return hmacPrefix + "-" + hashToDef[h.kind].name } var _ signer = &rsaAlgorithm{} @@ -226,7 +207,7 @@ func (r *rsaAlgorithm) Verify(pub crypto.PublicKey, toHash, signature []byte) er } func (r *rsaAlgorithm) String() string { - return fmt.Sprintf("%s-%s", rsaPrefix, hashToDef[r.kind].name) + return rsaPrefix + "-" + hashToDef[r.kind].name } var _ signer = &ed25519Algorithm{} @@ -265,7 +246,7 @@ func (r *ed25519Algorithm) Verify(pub crypto.PublicKey, toHash, signature []byte } func (r *ed25519Algorithm) String() string { - return fmt.Sprintf("%s", ed25519Prefix) + return ed25519Prefix } var _ signer = &ecdsaAlgorithm{} @@ -335,7 +316,7 @@ func (r *ecdsaAlgorithm) Verify(pub crypto.PublicKey, toHash, signature []byte) } func (r *ecdsaAlgorithm) String() string { - return fmt.Sprintf("%s-%s", ecdsaPrefix, hashToDef[r.kind].name) + return ecdsaPrefix + "-" + hashToDef[r.kind].name } var _ macer = &blakeMacAlgorithm{} @@ -371,7 +352,7 @@ func (r *blakeMacAlgorithm) Equal(sig, actualMAC, key []byte) (bool, error) { } func (r *blakeMacAlgorithm) String() string { - return fmt.Sprintf("%s", hashToDef[r.kind].name) + return hashToDef[r.kind].name } func setSig(a hash.Hash, b []byte) error { @@ -395,8 +376,8 @@ func IsSupportedHttpSigAlgorithm(algo string) bool { // isAvailable is an internally public function func isAvailable(algo string) (bool, error) { - c, ok := stringToHash[algo] - if !ok { + c := stringToHash(algo) + if c == 0 { return false, fmt.Errorf("no match for %q", algo) } if isForbiddenHash(c) { @@ -406,9 +387,8 @@ func isAvailable(algo string) (bool, error) { } func newAlgorithmConstructor(algo string) (fn func(k []byte) (hash.Hash, error), c crypto.Hash, e error) { - ok := false - c, ok = stringToHash[algo] - if !ok { + c = stringToHash(algo) + if c == 0 { e = fmt.Errorf("no match for %q", algo) return } @@ -416,18 +396,12 @@ func newAlgorithmConstructor(algo string) (fn func(k []byte) (hash.Hash, error), e = fmt.Errorf("forbidden hash type in %q", algo) return } - algoDef, ok := hashToDef[c] - if !ok { + if int(c) > len(hashToDef) { e = fmt.Errorf("have crypto.Hash %v but no definition", c) return } - fn = func(key []byte) (hash.Hash, error) { - h, err := algoDef.new(key) - if err != nil { - return nil, err - } - return h, nil - } + algoDef := hashToDef[c] + fn = algoDef.new return } @@ -517,7 +491,7 @@ func macerFromString(s string) (macer, error) { }, kind: cHash, }, nil - } else if bl, ok := stringToHash[s]; ok && blake2Algorithms[bl] { + } else if bl := stringToHash(s); bl != 0 && isBlake2(bl) { hashFn, cHash, err := newAlgorithmConstructor(s) if err != nil { return nil, err @@ -530,3 +504,18 @@ func macerFromString(s string) (macer, error) { return nil, fmt.Errorf("no MACer matching %q", s) } } + +func isBlake2(h crypto.Hash) bool { + switch h { + case crypto.BLAKE2s_256: + return true + case crypto.BLAKE2b_256: + return true + case crypto.BLAKE2b_384: + return true + case crypto.BLAKE2b_512: + return true + default: + return false + } +} diff --git a/vendor/code.superseriousbusiness.org/httpsig/digest.go b/vendor/code.superseriousbusiness.org/httpsig/digest.go index bf9e3a914..140b10ac5 100644 --- a/vendor/code.superseriousbusiness.org/httpsig/digest.go +++ b/vendor/code.superseriousbusiness.org/httpsig/digest.go @@ -14,32 +14,38 @@ type DigestAlgorithm string const ( DigestSha256 DigestAlgorithm = "SHA-256" - DigestSha512 = "SHA-512" + DigestSha512 DigestAlgorithm = "SHA-512" ) -var digestToDef = map[DigestAlgorithm]crypto.Hash{ - DigestSha256: crypto.SHA256, - DigestSha512: crypto.SHA512, +// hashForDigest returns a hash algorithm for digest algorithm string. +func hashForDigest(algo DigestAlgorithm) crypto.Hash { + switch algo { + case DigestSha256: + return crypto.SHA256 + case DigestSha512: + return crypto.SHA512 + default: + return 0 + } } // IsSupportedDigestAlgorithm returns true if hte string is supported by this // library, is not a hash known to be weak, and is supported by the hardware. func IsSupportedDigestAlgorithm(algo string) bool { uc := DigestAlgorithm(strings.ToUpper(algo)) - c, ok := digestToDef[uc] - return ok && c.Available() + return hashForDigest(uc).Available() } -func getHash(alg DigestAlgorithm) (h hash.Hash, toUse DigestAlgorithm, err error) { - upper := DigestAlgorithm(strings.ToUpper(string(alg))) - c, ok := digestToDef[upper] - if !ok { - err = fmt.Errorf("unknown or unsupported Digest algorithm: %s", alg) +func getHash(algo DigestAlgorithm) (h hash.Hash, toUse DigestAlgorithm, err error) { + uc := DigestAlgorithm(strings.ToUpper(string(algo))) + c := hashForDigest(uc) + if c == 0 { + err = fmt.Errorf("unknown or unsupported Digest algorithm: %s", algo) } else if !c.Available() { - err = fmt.Errorf("unavailable Digest algorithm: %s", alg) + err = fmt.Errorf("unavailable Digest algorithm: %s", algo) } else { h = c.New() - toUse = upper + toUse = uc } return } @@ -56,18 +62,16 @@ func addDigest(r *http.Request, algo DigestAlgorithm, b []byte) (err error) { return } var h hash.Hash - var a DigestAlgorithm - h, a, err = getHash(algo) + h, algo, err = getHash(algo) if err != nil { return } h.Write(b) sum := h.Sum(nil) r.Header.Add(digestHeader, - fmt.Sprintf("%s%s%s", - a, - digestDelim, - base64.StdEncoding.EncodeToString(sum[:]))) + string(algo)+ + digestDelim+ + base64.StdEncoding.EncodeToString(sum[:])) return } @@ -78,18 +82,16 @@ func addDigestResponse(r http.ResponseWriter, algo DigestAlgorithm, b []byte) (e return } var h hash.Hash - var a DigestAlgorithm - h, a, err = getHash(algo) + h, algo, err = getHash(algo) if err != nil { return } h.Write(b) sum := h.Sum(nil) r.Header().Add(digestHeader, - fmt.Sprintf("%s%s%s", - a, - digestDelim, - base64.StdEncoding.EncodeToString(sum[:]))) + string(algo)+ + digestDelim+ + base64.StdEncoding.EncodeToString(sum[:])) return } diff --git a/vendor/code.superseriousbusiness.org/httpsig/httpsig.go b/vendor/code.superseriousbusiness.org/httpsig/httpsig.go index 8864da055..022b8ff70 100644 --- a/vendor/code.superseriousbusiness.org/httpsig/httpsig.go +++ b/vendor/code.superseriousbusiness.org/httpsig/httpsig.go @@ -17,8 +17,8 @@ import ( "golang.org/x/crypto/ssh" ) -// Algorithm specifies a cryptography secure algorithm for signing HTTP requests -// and responses. +// Algorithm specifies a cryptography secure +// algorithm for signing HTTP requests and responses. type Algorithm string const ( @@ -42,20 +42,24 @@ const ( BLAKE2B_256 Algorithm = blake2b_256String BLAKE2B_384 Algorithm = blake2b_384String BLAKE2B_512 Algorithm = blake2b_512String + // RSA-based algorithms. RSA_SHA1 Algorithm = rsaPrefix + "-" + sha1String RSA_SHA224 Algorithm = rsaPrefix + "-" + sha224String + // RSA_SHA256 is the default algorithm. RSA_SHA256 Algorithm = rsaPrefix + "-" + sha256String RSA_SHA384 Algorithm = rsaPrefix + "-" + sha384String RSA_SHA512 Algorithm = rsaPrefix + "-" + sha512String RSA_RIPEMD160 Algorithm = rsaPrefix + "-" + ripemd160String + // ECDSA algorithms ECDSA_SHA224 Algorithm = ecdsaPrefix + "-" + sha224String ECDSA_SHA256 Algorithm = ecdsaPrefix + "-" + sha256String ECDSA_SHA384 Algorithm = ecdsaPrefix + "-" + sha384String ECDSA_SHA512 Algorithm = ecdsaPrefix + "-" + sha512String ECDSA_RIPEMD160 Algorithm = ecdsaPrefix + "-" + ripemd160String + // ED25519 algorithms // can only be SHA512 ED25519 Algorithm = ed25519Prefix @@ -74,16 +78,17 @@ const ( rsa_BLAKE2B_512 Algorithm = rsaPrefix + "-" + blake2b_512String ) -// HTTP Signatures can be applied to different HTTP headers, depending on the -// expected application behavior. +// HTTP Signatures can be applied to different HTTP headers, +// depending on the expected application behavior. type SignatureScheme string const ( - // Signature will place the HTTP Signature into the 'Signature' HTTP - // header. + // Signature will place the HTTP Signature + // into the 'Signature' HTTP header. Signature SignatureScheme = "Signature" - // Authorization will place the HTTP Signature into the 'Authorization' - // HTTP header. + + // Authorization will place the HTTP Signature + // into the 'Authorization' HTTP header. Authorization SignatureScheme = "Authorization" ) @@ -123,6 +128,7 @@ type SignatureOption struct { // Note that signatures do set the deprecated 'algorithm' parameter for // backwards compatibility. type Signer interface { + // SignRequest signs the request using a private key. The public key id // is used by the HTTP server to identify which key to use to verify the // signature. @@ -139,6 +145,7 @@ type Signer interface { // HTTP Signature will then ensure both the Digest and body are not both // modified to maliciously represent different content. SignRequest(pKey crypto.PrivateKey, pubKeyId string, r *http.Request, body []byte) error + // SignResponse signs the response using a private key. The public key // id is used by the HTTP client to identify which key to use to verify // the signature. @@ -176,6 +183,7 @@ type SignerWithOptions interface { // HTTP Signature will then ensure both the Digest and body are not both // modified to maliciously represent different content. SignRequestWithOptions(pKey crypto.PrivateKey, pubKeyId string, r *http.Request, body []byte, opts SignatureOption) error + // SignResponseWithOptions signs the response using a private key. The public key // id is used by the HTTP client to identify which key to use to verify // the signature. @@ -228,6 +236,7 @@ func NewSigner(prefs []Algorithm, dAlgo DigestAlgorithm, headers []string, schem // Note that signatures do set the deprecated 'algorithm' parameter for // backwards compatibility. type SSHSigner interface { + // SignRequest signs the request using ssh.Signer. // The public key id is used by the HTTP server to identify which key to use // to verify the signature. @@ -239,6 +248,7 @@ type SSHSigner interface { // HTTP Signature will then ensure both the Digest and body are not both // modified to maliciously represent different content. SignRequest(pubKeyId string, r *http.Request, body []byte) error + // SignResponse signs the response using ssh.Signer. The public key // id is used by the HTTP client to identify which key to use to verify // the signature. @@ -295,11 +305,13 @@ func getSSHAlgorithm(pkType string) Algorithm { // // Note that verification ignores the deprecated 'algorithm' parameter. type Verifier interface { + // KeyId gets the public key id that the signature is signed with. // // Note that the application is expected to determine the algorithm // used based on metadata or out-of-band information for this key id. KeyId() string + // Verify accepts the public key specified by KeyId and returns an // error if verification fails or if the signature is malformed. The // algorithm must be the one used to create the signature in order to @@ -360,7 +372,7 @@ func newSSHSigner(sshSigner ssh.Signer, algo Algorithm, dAlgo DigestAlgorithm, h return nil, fmt.Errorf("no crypto implementation available for ssh algo %q: %s", algo, err) } - a := &asymmSSHSigner{ + return &asymmSSHSigner{ asymmSigner: &asymmSigner{ s: s, dAlgo: dAlgo, @@ -370,13 +382,10 @@ func newSSHSigner(sshSigner ssh.Signer, algo Algorithm, dAlgo DigestAlgorithm, h created: created, expires: expires, }, - } - - return a, nil + }, nil } func newSigner(algo Algorithm, dAlgo DigestAlgorithm, headers []string, scheme SignatureScheme, expiresIn int64) (SignerWithOptions, error) { - var expires, created int64 = 0, 0 if expiresIn != 0 { created = time.Now().Unix() @@ -396,11 +405,13 @@ func newSigner(algo Algorithm, dAlgo DigestAlgorithm, headers []string, scheme S } return a, nil } + m, err := macerFromString(string(algo)) if err != nil { return nil, fmt.Errorf("no crypto implementation available for %q: %s", algo, err) } - c := &macSigner{ + + return &macSigner{ m: m, dAlgo: dAlgo, headers: headers, @@ -408,6 +419,5 @@ func newSigner(algo Algorithm, dAlgo DigestAlgorithm, headers []string, scheme S prefix: scheme.authScheme(), created: created, expires: expires, - } - return c, nil + }, nil } diff --git a/vendor/code.superseriousbusiness.org/httpsig/signing.go b/vendor/code.superseriousbusiness.org/httpsig/signing.go index a2fa38c5b..f1c8d2f1b 100644 --- a/vendor/code.superseriousbusiness.org/httpsig/signing.go +++ b/vendor/code.superseriousbusiness.org/httpsig/signing.go @@ -23,6 +23,7 @@ const ( parameterValueDelimiter = "\"" parameterSeparater = "," headerParameterValueDelim = " " + // RequestTarget specifies to include the http request method and // entire URI in the signature. Pass it as a header to NewSigner. RequestTarget = "(request-target)" diff --git a/vendor/golang.org/x/crypto/ripemd160/ripemd160.go b/vendor/golang.org/x/crypto/ripemd160/ripemd160.go deleted file mode 100644 index b6d33ef07..000000000 --- a/vendor/golang.org/x/crypto/ripemd160/ripemd160.go +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package ripemd160 implements the RIPEMD-160 hash algorithm. -// -// Deprecated: RIPEMD-160 is a legacy hash and should not be used for new -// applications. Also, this package does not and will not provide an optimized -// implementation. Instead, use a modern hash like SHA-256 (from crypto/sha256). -package ripemd160 - -// RIPEMD-160 is designed by Hans Dobbertin, Antoon Bosselaers, and Bart -// Preneel with specifications available at: -// http://homes.esat.kuleuven.be/~cosicart/pdf/AB-9601/AB-9601.pdf. - -import ( - "crypto" - "hash" -) - -func init() { - crypto.RegisterHash(crypto.RIPEMD160, New) -} - -// The size of the checksum in bytes. -const Size = 20 - -// The block size of the hash algorithm in bytes. -const BlockSize = 64 - -const ( - _s0 = 0x67452301 - _s1 = 0xefcdab89 - _s2 = 0x98badcfe - _s3 = 0x10325476 - _s4 = 0xc3d2e1f0 -) - -// digest represents the partial evaluation of a checksum. -type digest struct { - s [5]uint32 // running context - x [BlockSize]byte // temporary buffer - nx int // index into x - tc uint64 // total count of bytes processed -} - -func (d *digest) Reset() { - d.s[0], d.s[1], d.s[2], d.s[3], d.s[4] = _s0, _s1, _s2, _s3, _s4 - d.nx = 0 - d.tc = 0 -} - -// New returns a new hash.Hash computing the checksum. -func New() hash.Hash { - result := new(digest) - result.Reset() - return result -} - -func (d *digest) Size() int { return Size } - -func (d *digest) BlockSize() int { return BlockSize } - -func (d *digest) Write(p []byte) (nn int, err error) { - nn = len(p) - d.tc += uint64(nn) - if d.nx > 0 { - n := len(p) - if n > BlockSize-d.nx { - n = BlockSize - d.nx - } - for i := 0; i < n; i++ { - d.x[d.nx+i] = p[i] - } - d.nx += n - if d.nx == BlockSize { - _Block(d, d.x[0:]) - d.nx = 0 - } - p = p[n:] - } - n := _Block(d, p) - p = p[n:] - if len(p) > 0 { - d.nx = copy(d.x[:], p) - } - return -} - -func (d0 *digest) Sum(in []byte) []byte { - // Make a copy of d0 so that caller can keep writing and summing. - d := *d0 - - // Padding. Add a 1 bit and 0 bits until 56 bytes mod 64. - tc := d.tc - var tmp [64]byte - tmp[0] = 0x80 - if tc%64 < 56 { - d.Write(tmp[0 : 56-tc%64]) - } else { - d.Write(tmp[0 : 64+56-tc%64]) - } - - // Length in bits. - tc <<= 3 - for i := uint(0); i < 8; i++ { - tmp[i] = byte(tc >> (8 * i)) - } - d.Write(tmp[0:8]) - - if d.nx != 0 { - panic("d.nx != 0") - } - - var digest [Size]byte - for i, s := range d.s { - digest[i*4] = byte(s) - digest[i*4+1] = byte(s >> 8) - digest[i*4+2] = byte(s >> 16) - digest[i*4+3] = byte(s >> 24) - } - - return append(in, digest[:]...) -} diff --git a/vendor/golang.org/x/crypto/ripemd160/ripemd160block.go b/vendor/golang.org/x/crypto/ripemd160/ripemd160block.go deleted file mode 100644 index e0edc02f0..000000000 --- a/vendor/golang.org/x/crypto/ripemd160/ripemd160block.go +++ /dev/null @@ -1,165 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// RIPEMD-160 block step. -// In its own file so that a faster assembly or C version -// can be substituted easily. - -package ripemd160 - -import ( - "math/bits" -) - -// work buffer indices and roll amounts for one line -var _n = [80]uint{ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, - 7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8, - 3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12, - 1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2, - 4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13, -} - -var _r = [80]uint{ - 11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8, - 7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12, - 11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5, - 11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12, - 9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6, -} - -// same for the other parallel one -var n_ = [80]uint{ - 5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12, - 6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2, - 15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13, - 8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14, - 12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11, -} - -var r_ = [80]uint{ - 8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6, - 9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11, - 9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5, - 15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8, - 8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11, -} - -func _Block(md *digest, p []byte) int { - n := 0 - var x [16]uint32 - var alpha, beta uint32 - for len(p) >= BlockSize { - a, b, c, d, e := md.s[0], md.s[1], md.s[2], md.s[3], md.s[4] - aa, bb, cc, dd, ee := a, b, c, d, e - j := 0 - for i := 0; i < 16; i++ { - x[i] = uint32(p[j]) | uint32(p[j+1])<<8 | uint32(p[j+2])<<16 | uint32(p[j+3])<<24 - j += 4 - } - - // round 1 - i := 0 - for i < 16 { - alpha = a + (b ^ c ^ d) + x[_n[i]] - s := int(_r[i]) - alpha = bits.RotateLeft32(alpha, s) + e - beta = bits.RotateLeft32(c, 10) - a, b, c, d, e = e, alpha, b, beta, d - - // parallel line - alpha = aa + (bb ^ (cc | ^dd)) + x[n_[i]] + 0x50a28be6 - s = int(r_[i]) - alpha = bits.RotateLeft32(alpha, s) + ee - beta = bits.RotateLeft32(cc, 10) - aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd - - i++ - } - - // round 2 - for i < 32 { - alpha = a + (b&c | ^b&d) + x[_n[i]] + 0x5a827999 - s := int(_r[i]) - alpha = bits.RotateLeft32(alpha, s) + e - beta = bits.RotateLeft32(c, 10) - a, b, c, d, e = e, alpha, b, beta, d - - // parallel line - alpha = aa + (bb&dd | cc&^dd) + x[n_[i]] + 0x5c4dd124 - s = int(r_[i]) - alpha = bits.RotateLeft32(alpha, s) + ee - beta = bits.RotateLeft32(cc, 10) - aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd - - i++ - } - - // round 3 - for i < 48 { - alpha = a + (b | ^c ^ d) + x[_n[i]] + 0x6ed9eba1 - s := int(_r[i]) - alpha = bits.RotateLeft32(alpha, s) + e - beta = bits.RotateLeft32(c, 10) - a, b, c, d, e = e, alpha, b, beta, d - - // parallel line - alpha = aa + (bb | ^cc ^ dd) + x[n_[i]] + 0x6d703ef3 - s = int(r_[i]) - alpha = bits.RotateLeft32(alpha, s) + ee - beta = bits.RotateLeft32(cc, 10) - aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd - - i++ - } - - // round 4 - for i < 64 { - alpha = a + (b&d | c&^d) + x[_n[i]] + 0x8f1bbcdc - s := int(_r[i]) - alpha = bits.RotateLeft32(alpha, s) + e - beta = bits.RotateLeft32(c, 10) - a, b, c, d, e = e, alpha, b, beta, d - - // parallel line - alpha = aa + (bb&cc | ^bb&dd) + x[n_[i]] + 0x7a6d76e9 - s = int(r_[i]) - alpha = bits.RotateLeft32(alpha, s) + ee - beta = bits.RotateLeft32(cc, 10) - aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd - - i++ - } - - // round 5 - for i < 80 { - alpha = a + (b ^ (c | ^d)) + x[_n[i]] + 0xa953fd4e - s := int(_r[i]) - alpha = bits.RotateLeft32(alpha, s) + e - beta = bits.RotateLeft32(c, 10) - a, b, c, d, e = e, alpha, b, beta, d - - // parallel line - alpha = aa + (bb ^ cc ^ dd) + x[n_[i]] - s = int(r_[i]) - alpha = bits.RotateLeft32(alpha, s) + ee - beta = bits.RotateLeft32(cc, 10) - aa, bb, cc, dd, ee = ee, alpha, bb, beta, dd - - i++ - } - - // combine results - dd += c + md.s[1] - md.s[1] = md.s[2] + d + ee - md.s[2] = md.s[3] + e + aa - md.s[3] = md.s[4] + a + bb - md.s[4] = md.s[0] + b + cc - md.s[0] = dd - - p = p[BlockSize:] - n += BlockSize - } - return n -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 19b2ef773..d768c157e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -210,7 +210,7 @@ code.superseriousbusiness.org/go-jpeg-image-structure/v2 # code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 ## explicit; go 1.12 code.superseriousbusiness.org/go-png-image-structure/v2 -# code.superseriousbusiness.org/httpsig v1.4.0 +# code.superseriousbusiness.org/httpsig v1.5.0 ## explicit; go 1.21 code.superseriousbusiness.org/httpsig # code.superseriousbusiness.org/oauth2/v4 v4.5.4-0.20250812115401-3961e46a7384 @@ -1179,7 +1179,6 @@ golang.org/x/crypto/hkdf golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/poly1305 golang.org/x/crypto/pbkdf2 -golang.org/x/crypto/ripemd160 golang.org/x/crypto/scrypt golang.org/x/crypto/sha3 golang.org/x/crypto/ssh |