Implement git-lfs-authenticate

author: Rutger Broekhoff 2023-12-30 14:00:34 +0100
committer: Rutger Broekhoff 2023-12-30 14:00:34 +0100
commit: f6c92c5e2d87ab1334648b0d1293771de7aae4a5 (patch)
tree: 265c3a06accd398a1e0a173af56d7392a5f94a24 /vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
parent: 4f167c0fa991aa9ddb3f0252e23694b3aa6532b1 (diff)
download: gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.tar.gz
gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.zip
1 files changed, 134 insertions, 0 deletions
diff --git a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
new file mode 100644
index 0000000..ca85659
--- /dev/null
+++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
@@ -0,0 +1,134 @@
+package jwt
+import (
+        "crypto"
+        "crypto/ecdsa"
+        "crypto/rand"
+        "errors"
+        "math/big"
+)
+var (
+        // Sadly this is missing from crypto/ecdsa compared to crypto/rsa
+        ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
+)
+// SigningMethodECDSA implements the ECDSA family of signing methods.
+// Expects *ecdsa.PrivateKey for signing and *ecdsa.PublicKey for verification
+type SigningMethodECDSA struct {
+        Name      string
+        Hash      crypto.Hash
+        KeySize   int
+        CurveBits int
+}
+// Specific instances for EC256 and company
+var (
+        SigningMethodES256 *SigningMethodECDSA
+        SigningMethodES384 *SigningMethodECDSA
+        SigningMethodES512 *SigningMethodECDSA
+)
+func init() {
+        // ES256
+        SigningMethodES256 = &SigningMethodECDSA{"ES256", crypto.SHA256, 32, 256}
+        RegisterSigningMethod(SigningMethodES256.Alg(), func() SigningMethod {
+                return SigningMethodES256
+        })
+        // ES384
+        SigningMethodES384 = &SigningMethodECDSA{"ES384", crypto.SHA384, 48, 384}
+        RegisterSigningMethod(SigningMethodES384.Alg(), func() SigningMethod {
+                return SigningMethodES384
+        })
+        // ES512
+        SigningMethodES512 = &SigningMethodECDSA{"ES512", crypto.SHA512, 66, 521}
+        RegisterSigningMethod(SigningMethodES512.Alg(), func() SigningMethod {
+                return SigningMethodES512
+        })
+}
+func (m *SigningMethodECDSA) Alg() string {
+        return m.Name
+}
+// Verify implements token verification for the SigningMethod.
+// For this verify method, key must be an ecdsa.PublicKey struct
+func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interface{}) error {
+        // Get the key
+        var ecdsaKey *ecdsa.PublicKey
+        switch k := key.(type) {
+        case *ecdsa.PublicKey:
+                ecdsaKey = k
+        default:
+                return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType)
+        }
+        if len(sig) != 2*m.KeySize {
+                return ErrECDSAVerification
+        }
+        r := big.NewInt(0).SetBytes(sig[:m.KeySize])
+        s := big.NewInt(0).SetBytes(sig[m.KeySize:])
+        // Create hasher
+        if !m.Hash.Available() {
+                return ErrHashUnavailable
+        }
+        hasher := m.Hash.New()
+        hasher.Write([]byte(signingString))
+        // Verify the signature
+        if verifystatus := ecdsa.Verify(ecdsaKey, hasher.Sum(nil), r, s); verifystatus {
+                return nil
+        }
+        return ErrECDSAVerification
+}
+// Sign implements token signing for the SigningMethod.
+// For this signing method, key must be an ecdsa.PrivateKey struct
+func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte, error) {
+        // Get the key
+        var ecdsaKey *ecdsa.PrivateKey
+        switch k := key.(type) {
+        case *ecdsa.PrivateKey:
+                ecdsaKey = k
+        default:
+                return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType)
+        }
+        // Create the hasher
+        if !m.Hash.Available() {
+                return nil, ErrHashUnavailable
+        }
+        hasher := m.Hash.New()
+        hasher.Write([]byte(signingString))
+        // Sign the string and return r, s
+        if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {
+                curveBits := ecdsaKey.Curve.Params().BitSize
+                if m.CurveBits != curveBits {
+                        return nil, ErrInvalidKey
+                }
+                keyBytes := curveBits / 8
+                if curveBits%8 > 0 {
+                        keyBytes += 1
+                }
+                // We serialize the outputs (r and s) into big-endian byte arrays
+                // padded with zeros on the left to make sure the sizes work out.
+                // Output must be 2*keyBytes long.
+                out := make([]byte, 2*keyBytes)
+                r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.
+                s.FillBytes(out[keyBytes:])  // s is assigned to the second half of output.
+                return out, nil
+        } else {
+                return nil, err
+        }
+}
author	Rutger Broekhoff	2023-12-30 14:00:34 +0100
committer	Rutger Broekhoff	2023-12-30 14:00:34 +0100
commit	f6c92c5e2d87ab1334648b0d1293771de7aae4a5 (patch)
tree	265c3a06accd398a1e0a173af56d7392a5f94a24 /vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
parent	4f167c0fa991aa9ddb3f0252e23694b3aa6532b1 (diff)
download	gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.tar.gz gitolfs3-f6c92c5e2d87ab1334648b0d1293771de7aae4a5.zip

diff --git a/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go new file mode 100644 index 0000000..ca85659 --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/v5/ecdsa.go
@@ -0,0 +1,134 @@
	1	package jwt
	2
	3	import (
	4	"crypto"
	5	"crypto/ecdsa"
	6	"crypto/rand"
	7	"errors"
	8	"math/big"
	9	)
	10
	11	var (
	12	// Sadly this is missing from crypto/ecdsa compared to crypto/rsa
	13	ErrECDSAVerification = errors.New("crypto/ecdsa: verification error")
	14	)
	15
	16	// SigningMethodECDSA implements the ECDSA family of signing methods.
	17	// Expects ecdsa.PrivateKey for signing and ecdsa.PublicKey for verification
	18	type SigningMethodECDSA struct {
	19	Name string
	20	Hash crypto.Hash
	21	KeySize int
	22	CurveBits int
	23	}
	24
	25	// Specific instances for EC256 and company
	26	var (
	27	SigningMethodES256 *SigningMethodECDSA
	28	SigningMethodES384 *SigningMethodECDSA
	29	SigningMethodES512 *SigningMethodECDSA
	30	)
	31
	32	func init() {
	33	// ES256
	34	SigningMethodES256 = &SigningMethodECDSA{"ES256", crypto.SHA256, 32, 256}
	35	RegisterSigningMethod(SigningMethodES256.Alg(), func() SigningMethod {
	36	return SigningMethodES256
	37	})
	38
	39	// ES384
	40	SigningMethodES384 = &SigningMethodECDSA{"ES384", crypto.SHA384, 48, 384}
	41	RegisterSigningMethod(SigningMethodES384.Alg(), func() SigningMethod {
	42	return SigningMethodES384
	43	})
	44
	45	// ES512
	46	SigningMethodES512 = &SigningMethodECDSA{"ES512", crypto.SHA512, 66, 521}
	47	RegisterSigningMethod(SigningMethodES512.Alg(), func() SigningMethod {
	48	return SigningMethodES512
	49	})
	50	}
	51
	52	func (m *SigningMethodECDSA) Alg() string {
	53	return m.Name
	54	}
	55
	56	// Verify implements token verification for the SigningMethod.
	57	// For this verify method, key must be an ecdsa.PublicKey struct
	58	func (m *SigningMethodECDSA) Verify(signingString string, sig []byte, key interface{}) error {
	59	// Get the key
	60	var ecdsaKey *ecdsa.PublicKey
	61	switch k := key.(type) {
	62	case *ecdsa.PublicKey:
	63	ecdsaKey = k
	64	default:
	65	return newError("ECDSA verify expects *ecsda.PublicKey", ErrInvalidKeyType)
	66	}
	67
	68	if len(sig) != 2*m.KeySize {
	69	return ErrECDSAVerification
	70	}
	71
	72	r := big.NewInt(0).SetBytes(sig[:m.KeySize])
	73	s := big.NewInt(0).SetBytes(sig[m.KeySize:])
	74
	75	// Create hasher
	76	if !m.Hash.Available() {
	77	return ErrHashUnavailable
	78	}
	79	hasher := m.Hash.New()
	80	hasher.Write([]byte(signingString))
	81
	82	// Verify the signature
	83	if verifystatus := ecdsa.Verify(ecdsaKey, hasher.Sum(nil), r, s); verifystatus {
	84	return nil
	85	}
	86
	87	return ErrECDSAVerification
	88	}
	89
	90	// Sign implements token signing for the SigningMethod.
	91	// For this signing method, key must be an ecdsa.PrivateKey struct
	92	func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) ([]byte, error) {
	93	// Get the key
	94	var ecdsaKey *ecdsa.PrivateKey
	95	switch k := key.(type) {
	96	case *ecdsa.PrivateKey:
	97	ecdsaKey = k
	98	default:
	99	return nil, newError("ECDSA sign expects *ecsda.PrivateKey", ErrInvalidKeyType)
	100	}
	101
	102	// Create the hasher
	103	if !m.Hash.Available() {
	104	return nil, ErrHashUnavailable
	105	}
	106
	107	hasher := m.Hash.New()
	108	hasher.Write([]byte(signingString))
	109
	110	// Sign the string and return r, s
	111	if r, s, err := ecdsa.Sign(rand.Reader, ecdsaKey, hasher.Sum(nil)); err == nil {
	112	curveBits := ecdsaKey.Curve.Params().BitSize
	113
	114	if m.CurveBits != curveBits {
	115	return nil, ErrInvalidKey
	116	}
	117
	118	keyBytes := curveBits / 8
	119	if curveBits%8 > 0 {
	120	keyBytes += 1
	121	}
	122
	123	// We serialize the outputs (r and s) into big-endian byte arrays
	124	// padded with zeros on the left to make sure the sizes work out.
	125	// Output must be 2*keyBytes long.
	126	out := make([]byte, 2*keyBytes)
	127	r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output.
	128	s.FillBytes(out[keyBytes:]) // s is assigned to the second half of output.
	129
	130	return out, nil
	131	} else {
	132	return nil, err
	133	}
	134	}