use go1.11 with go mod

vendor/gopkg.in/mgo.v2/internal/scram/scram.go

@@ -1,266 +0,0 @@
-// mgo - MongoDB driver for Go
-//
-// Copyright (c) 2014 - Gustavo Niemeyer <gustavo@niemeyer.net>
-//
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice, this
-//    list of conditions and the following disclaimer.
-// 2. Redistributions in binary form must reproduce the above copyright notice,
-//    this list of conditions and the following disclaimer in the documentation
-//    and/or other materials provided with the distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
-// ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-// (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-// LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-// ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-// SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-// Pacakage scram implements a SCRAM-{SHA-1,etc} client per RFC5802.
-//
-// http://tools.ietf.org/html/rfc5802
-//
-package scram
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/rand"
-	"encoding/base64"
-	"fmt"
-	"hash"
-	"strconv"
-	"strings"
-)
-
-// Client implements a SCRAM-* client (SCRAM-SHA-1, SCRAM-SHA-256, etc).
-//
-// A Client may be used within a SASL conversation with logic resembling:
-//
-//    var in []byte
-//    var client = scram.NewClient(sha1.New, user, pass)
-//    for client.Step(in) {
-//            out := client.Out()
-//            // send out to server
-//            in := serverOut
-//    }
-//    if client.Err() != nil {
-//            // auth failed
-//    }
-//
-type Client struct {
-	newHash func() hash.Hash
-
-	user string
-	pass string
-	step int
-	out  bytes.Buffer
-	err  error
-
-	clientNonce []byte
-	serverNonce []byte
-	saltedPass  []byte
-	authMsg     bytes.Buffer
-}
-
-// NewClient returns a new SCRAM-* client with the provided hash algorithm.
-//
-// For SCRAM-SHA-1, for example, use:
-//
-//    client := scram.NewClient(sha1.New, user, pass)
-//
-func NewClient(newHash func() hash.Hash, user, pass string) *Client {
-	c := &Client{
-		newHash: newHash,
-		user:    user,
-		pass:    pass,
-	}
-	c.out.Grow(256)
-	c.authMsg.Grow(256)
-	return c
-}
-
-// Out returns the data to be sent to the server in the current step.
-func (c *Client) Out() []byte {
-	if c.out.Len() == 0 {
-		return nil
-	}
-	return c.out.Bytes()
-}
-
-// Err returns the error that ocurred, or nil if there were no errors.
-func (c *Client) Err() error {
-	return c.err
-}
-
-// SetNonce sets the client nonce to the provided value.
-// If not set, the nonce is generated automatically out of crypto/rand on the first step.
-func (c *Client) SetNonce(nonce []byte) {
-	c.clientNonce = nonce
-}
-
-var escaper = strings.NewReplacer("=", "=3D", ",", "=2C")
-
-// Step processes the incoming data from the server and makes the
-// next round of data for the server available via Client.Out.
-// Step returns false if there are no errors and more data is
-// still expected.
-func (c *Client) Step(in []byte) bool {
-	c.out.Reset()
-	if c.step > 2 || c.err != nil {
-		return false
-	}
-	c.step++
-	switch c.step {
-	case 1:
-		c.err = c.step1(in)
-	case 2:
-		c.err = c.step2(in)
-	case 3:
-		c.err = c.step3(in)
-	}
-	return c.step > 2 || c.err != nil
-}
-
-func (c *Client) step1(in []byte) error {
-	if len(c.clientNonce) == 0 {
-		const nonceLen = 6
-		buf := make([]byte, nonceLen + b64.EncodedLen(nonceLen))
-		if _, err := rand.Read(buf[:nonceLen]); err != nil {
-			return fmt.Errorf("cannot read random SCRAM-SHA-1 nonce from operating system: %v", err)
-		}
-		c.clientNonce = buf[nonceLen:]
-		b64.Encode(c.clientNonce, buf[:nonceLen])
-	}
-	c.authMsg.WriteString("n=")
-	escaper.WriteString(&c.authMsg, c.user)
-	c.authMsg.WriteString(",r=")
-	c.authMsg.Write(c.clientNonce)
-
-	c.out.WriteString("n,,")
-	c.out.Write(c.authMsg.Bytes())
-	return nil
-}
-
-var b64 = base64.StdEncoding
-
-func (c *Client) step2(in []byte) error {
-	c.authMsg.WriteByte(',')
-	c.authMsg.Write(in)
-
-	fields := bytes.Split(in, []byte(","))
-	if len(fields) != 3 {
-		return fmt.Errorf("expected 3 fields in first SCRAM-SHA-1 server message, got %d: %q", len(fields), in)
-	}
-	if !bytes.HasPrefix(fields[0], []byte("r=")) || len(fields[0]) < 2 {
-		return fmt.Errorf("server sent an invalid SCRAM-SHA-1 nonce: %q", fields[0])
-	}
-	if !bytes.HasPrefix(fields[1], []byte("s=")) || len(fields[1]) < 6 {
-		return fmt.Errorf("server sent an invalid SCRAM-SHA-1 salt: %q", fields[1])
-	}
-	if !bytes.HasPrefix(fields[2], []byte("i=")) || len(fields[2]) < 6 {
-		return fmt.Errorf("server sent an invalid SCRAM-SHA-1 iteration count: %q", fields[2])
-	}
-
-	c.serverNonce = fields[0][2:]
-	if !bytes.HasPrefix(c.serverNonce, c.clientNonce) {
-		return fmt.Errorf("server SCRAM-SHA-1 nonce is not prefixed by client nonce: got %q, want %q+\"...\"", c.serverNonce, c.clientNonce)
-	}
-
-	salt := make([]byte, b64.DecodedLen(len(fields[1][2:])))
-	n, err := b64.Decode(salt, fields[1][2:])
-	if err != nil {
-		return fmt.Errorf("cannot decode SCRAM-SHA-1 salt sent by server: %q", fields[1])
-	}
-	salt = salt[:n]
-	iterCount, err := strconv.Atoi(string(fields[2][2:]))
-	if err != nil {
-		return fmt.Errorf("server sent an invalid SCRAM-SHA-1 iteration count: %q", fields[2])
-	}
-	c.saltPassword(salt, iterCount)
-
-	c.authMsg.WriteString(",c=biws,r=")
-	c.authMsg.Write(c.serverNonce)
-
-	c.out.WriteString("c=biws,r=")
-	c.out.Write(c.serverNonce)
-	c.out.WriteString(",p=")
-	c.out.Write(c.clientProof())
-	return nil
-}
-
-func (c *Client) step3(in []byte) error {
-	var isv, ise bool
-	var fields = bytes.Split(in, []byte(","))
-	if len(fields) == 1 {
-		isv = bytes.HasPrefix(fields[0], []byte("v="))
-		ise = bytes.HasPrefix(fields[0], []byte("e="))
-	}
-	if ise {
-		return fmt.Errorf("SCRAM-SHA-1 authentication error: %s", fields[0][2:])
-	} else if !isv {
-		return fmt.Errorf("unsupported SCRAM-SHA-1 final message from server: %q", in)
-	}
-	if !bytes.Equal(c.serverSignature(), fields[0][2:]) {
-		return fmt.Errorf("cannot authenticate SCRAM-SHA-1 server signature: %q", fields[0][2:])
-	}
-	return nil
-}
-
-func (c *Client) saltPassword(salt []byte, iterCount int) {
-	mac := hmac.New(c.newHash, []byte(c.pass))
-	mac.Write(salt)
-	mac.Write([]byte{0, 0, 0, 1})
-	ui := mac.Sum(nil)
-	hi := make([]byte, len(ui))
-	copy(hi, ui)
-	for i := 1; i < iterCount; i++ {
-		mac.Reset()
-		mac.Write(ui)
-		mac.Sum(ui[:0])
-		for j, b := range ui {
-			hi[j] ^= b
-		}
-	}
-	c.saltedPass = hi
-}
-
-func (c *Client) clientProof() []byte {
-	mac := hmac.New(c.newHash, c.saltedPass)
-	mac.Write([]byte("Client Key"))
-	clientKey := mac.Sum(nil)
-	hash := c.newHash()
-	hash.Write(clientKey)
-	storedKey := hash.Sum(nil)
-	mac = hmac.New(c.newHash, storedKey)
-	mac.Write(c.authMsg.Bytes())
-	clientProof := mac.Sum(nil)
-	for i, b := range clientKey {
-		clientProof[i] ^= b
-	}
-	clientProof64 := make([]byte, b64.EncodedLen(len(clientProof)))
-	b64.Encode(clientProof64, clientProof)
-	return clientProof64
-}
-
-func (c *Client) serverSignature() []byte {
-	mac := hmac.New(c.newHash, c.saltedPass)
-	mac.Write([]byte("Server Key"))
-	serverKey := mac.Sum(nil)
-
-	mac = hmac.New(c.newHash, serverKey)
-	mac.Write(c.authMsg.Bytes())
-	serverSignature := mac.Sum(nil)
-
-	encoded := make([]byte, b64.EncodedLen(len(serverSignature)))
-	b64.Encode(encoded, serverSignature)
-	return encoded
-}

vendor/gopkg.in/mgo.v2/internal/scram/scram_test.go

@@ -1,67 +0,0 @@
-package scram_test
-
-import (
-	"crypto/sha1"
-	"testing"
-
-	. "gopkg.in/check.v1"
-	"gopkg.in/mgo.v2/internal/scram"
-	"strings"
-)
-
-var _ = Suite(&S{})
-
-func Test(t *testing.T) { TestingT(t) }
-
-type S struct{}
-
-var tests = [][]string{{
-	"U: user pencil",
-	"N: fyko+d2lbbFgONRv9qkxdawL",
-	"C: n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL",
-	"S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096",
-	"C: c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=",
-	"S: v=rmF9pqV8S7suAoZWja4dJRkFsKQ=",
-}, {
-	"U: root fe8c89e308ec08763df36333cbf5d3a2",
-	"N: OTcxNDk5NjM2MzE5",
-	"C: n,,n=root,r=OTcxNDk5NjM2MzE5",
-	"S: r=OTcxNDk5NjM2MzE581Ra3provgG0iDsMkDiIAlrh4532dDLp,s=XRDkVrFC9JuL7/F4tG0acQ==,i=10000",
-	"C: c=biws,r=OTcxNDk5NjM2MzE581Ra3provgG0iDsMkDiIAlrh4532dDLp,p=6y1jp9R7ETyouTXS9fW9k5UHdBc=",
-	"S: v=LBnd9dUJRxdqZiEq91NKP3z/bHA=",
-}}
-
-func (s *S) TestExamples(c *C) {
-	for _, steps := range tests {
-		if len(steps) < 2 || len(steps[0]) < 3 || !strings.HasPrefix(steps[0], "U: ") {
-			c.Fatalf("Invalid test: %#v", steps)
-		}
-		auth := strings.Fields(steps[0][3:])
-		client := scram.NewClient(sha1.New, auth[0], auth[1])
-		first, done := true, false
-		c.Logf("-----")
-		c.Logf("%s", steps[0])
-		for _, step := range steps[1:] {
-			c.Logf("%s", step)
-			switch step[:3] {
-			case "N: ":
-				client.SetNonce([]byte(step[3:]))
-			case "C: ":
-				if first {
-					first = false
-					done = client.Step(nil)
-				}
-				c.Assert(done, Equals, false)
-				c.Assert(client.Err(), IsNil)
-				c.Assert(string(client.Out()), Equals, step[3:])
-			case "S: ":
-				first = false
-				done = client.Step([]byte(step[3:]))
-			default:
-				panic("invalid test line: " + step)
-			}
-		}
-		c.Assert(done, Equals, true)
-		c.Assert(client.Err(), IsNil)
-	}
-}