From d3c05cd927770a11c6e12de3e3a99c3446a1f78d Mon Sep 17 00:00:00 2001 From: Taishi Kasuga Date: Sat, 1 Oct 2022 04:30:47 +0000 Subject: [PATCH] Bump versions to the latest (#3) --- .github/workflows/release.yaml | 15 +++++++-------- .github/workflows/test.yaml | 12 ++++++++++-- .goreleaser.yaml | 31 +++++++++++++++++++++++++++++++ go.mod | 9 +++++++-- go.sum | 7 ++----- main.go | 9 +++++++-- 6 files changed, 64 insertions(+), 19 deletions(-) create mode 100644 .goreleaser.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 729440d..aeccba6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -6,29 +6,28 @@ on: push: tags: - "v*" -permissions: - contents: write jobs: release: name: Release timeout-minutes: 10 runs-on: ubuntu-latest + concurrency: scram-sha-256 + permissions: + contents: write defaults: run: shell: bash steps: - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 + uses: actions/checkout@v3 - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v3 with: - go-version: 1.16 + go-version: 1.19 - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v2 + uses: goreleaser/goreleaser-action@v3 with: distribution: goreleaser version: latest diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index f5d90c4..be63bf2 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -7,7 +7,10 @@ name: Test on: push: branches: - - "**" + - master + pull_request: + branches: + - master jobs: test: name: Test @@ -38,7 +41,12 @@ jobs: run: sudo apt update && sudo apt install -y --no-install-recommends postgresql-client - name: Check out code - uses: actions/checkout@v2 + uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v3 + with: + go-version: 1.19 - name: Build run: make diff --git a/.goreleaser.yaml b/.goreleaser.yaml new file mode 100644 index 0000000..a59950b --- /dev/null +++ b/.goreleaser.yaml @@ -0,0 +1,31 @@ +project_name: scram-sha-256 + +# https://goreleaser.com/customization/build/ +# https://go.dev/doc/install/source#environment +builds: + - env: + - CGO_ENABLED=0 + flags: + - -trimpath + ldflags: + - -s -w + goos: + - linux + - darwin + - windows + goarch: + - amd64 + - arm + - arm64 + # https://github.com/golang/go/wiki/GoArm + # https://www.cs.umd.edu/~meesh/cmsc411/website/proj01/arm/armchip.html + goarm: + - 6 + - 7 + +# https://goreleaser.com/customization/archive/ +archives: + - name_template: '{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}{{ with .Arm }}-v{{ . }}{{ end }}' + format: binary + replacements: + amd64: x86_64 diff --git a/go.mod b/go.mod index c1bdfaa..623ae6a 100644 --- a/go.mod +++ b/go.mod @@ -1,5 +1,10 @@ module github.com/supercaracal/scram-sha-256 -go 1.16 +go 1.19 -require golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e +require golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be + +require ( + golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect + golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 // indirect +) diff --git a/go.sum b/go.sum index 37745f4..ba6abb3 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,7 @@ -golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e h1:gsTQYXdTw2Gq7RBsWvlQ91b+aEQ6bXFUngBGuR8sPpI= -golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A= +golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/main.go b/main.go index 2fab986..7f13711 100644 --- a/main.go +++ b/main.go @@ -31,6 +31,11 @@ const ( iterationCnt = 4096 ) +var ( + clientRawKey = []byte("Client Key") + serverRawKey = []byte("Server Key") +) + func genSalt(size int) ([]byte, error) { salt := make([]byte, size) if _, err := io.ReadFull(rand.Reader, salt); err != nil { @@ -67,9 +72,9 @@ func getSHA256Sum(key []byte) []byte { func encryptPassword(rawPassword, salt []byte, iter, keyLen int) string { digestKey := pbkdf2.Key(rawPassword, salt, iter, keyLen, sha256.New) - clientKey := getHMACSum(digestKey, []byte("Client Key")) + clientKey := getHMACSum(digestKey, clientRawKey) storedKey := getSHA256Sum(clientKey) - serverKey := getHMACSum(digestKey, []byte("Server Key")) + serverKey := getHMACSum(digestKey, serverRawKey) return fmt.Sprintf("SCRAM-SHA-256$%d:%s$%s:%s", iter,