minio/cmd/config/identity/openid/ecdsa-sha3.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

// +build !fips

package openid

import (
	"crypto"

	"github.com/dgrijalva/jwt-go"

	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
)

// Specific instances for EC256 and company
var (
	SigningMethodES3256 *jwt.SigningMethodECDSA
	SigningMethodES3384 *jwt.SigningMethodECDSA
	SigningMethodES3512 *jwt.SigningMethodECDSA
)

func init() {
	// ES256
	SigningMethodES3256 = &jwt.SigningMethodECDSA{Name: "ES3256", Hash: crypto.SHA3_256, KeySize: 32, CurveBits: 256}
	jwt.RegisterSigningMethod(SigningMethodES3256.Alg(), func() jwt.SigningMethod {
		return SigningMethodES3256
	})

	// ES384
	SigningMethodES3384 = &jwt.SigningMethodECDSA{Name: "ES3384", Hash: crypto.SHA3_384, KeySize: 48, CurveBits: 384}
	jwt.RegisterSigningMethod(SigningMethodES3384.Alg(), func() jwt.SigningMethod {
		return SigningMethodES3384
	})

	// ES512
	SigningMethodES3512 = &jwt.SigningMethodECDSA{Name: "ES3512", Hash: crypto.SHA3_512, KeySize: 66, CurveBits: 521}
	jwt.RegisterSigningMethod(SigningMethodES3512.Alg(), func() jwt.SigningMethod {
		return SigningMethodES3512
	})
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 15:41:13 -04:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
fips: do not use SHA-3 when building a FIPS-140 2 binary (#11710) This commit disables SHA-3 for OpenID when building a FIPS-140 2 compatible binary. While SHA-3 is a crypto. hash function accepted by NIST there is no FIPS-140 2 compliant implementation available when using the boringcrypto Go branch. Therefore, SHA-3 must not be used when building a FIPS-140 2 binary. 2021-03-05 23:43:42 -05:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 15:41:13 -04:00			`// This file is part of MinIO Object Storage stack`
fips: do not use SHA-3 when building a FIPS-140 2 binary (#11710) This commit disables SHA-3 for OpenID when building a FIPS-140 2 compatible binary. While SHA-3 is a crypto. hash function accepted by NIST there is no FIPS-140 2 compliant implementation available when using the boringcrypto Go branch. Therefore, SHA-3 must not be used when building a FIPS-140 2 binary. 2021-03-05 23:43:42 -05:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 15:41:13 -04:00			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
fips: do not use SHA-3 when building a FIPS-140 2 binary (#11710) This commit disables SHA-3 for OpenID when building a FIPS-140 2 compatible binary. While SHA-3 is a crypto. hash function accepted by NIST there is no FIPS-140 2 compliant implementation available when using the boringcrypto Go branch. Therefore, SHA-3 must not be used when building a FIPS-140 2 binary. 2021-03-05 23:43:42 -05:00			`//`
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-18 15:41:13 -04:00			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
fips: do not use SHA-3 when building a FIPS-140 2 binary (#11710) This commit disables SHA-3 for OpenID when building a FIPS-140 2 compatible binary. While SHA-3 is a crypto. hash function accepted by NIST there is no FIPS-140 2 compliant implementation available when using the boringcrypto Go branch. Therefore, SHA-3 must not be used when building a FIPS-140 2 binary. 2021-03-05 23:43:42 -05:00
			`// +build !fips`
Add SHA-3 support (#9308) 2020-04-10 17:59:52 -04:00
			`package openid`

			`import (`
			`"crypto"`
enable full linter across the codebase (#9620) enable linter using golangci-lint across codebase to run a bunch of linters together, we shall enable new linters as we fix more things the codebase. This PR fixes the first stage of this cleanup. 2020-05-18 12:59:45 -04:00
Add SHA-3 support (#9308) 2020-04-10 17:59:52 -04:00			`"github.com/dgrijalva/jwt-go"`
enable full linter across the codebase (#9620) enable linter using golangci-lint across codebase to run a bunch of linters together, we shall enable new linters as we fix more things the codebase. This PR fixes the first stage of this cleanup. 2020-05-18 12:59:45 -04:00
Add SHA-3 support (#9308) 2020-04-10 17:59:52 -04:00			`// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288`
fips: do not use SHA-3 when building a FIPS-140 2 binary (#11710) This commit disables SHA-3 for OpenID when building a FIPS-140 2 compatible binary. While SHA-3 is a crypto. hash function accepted by NIST there is no FIPS-140 2 compliant implementation available when using the boringcrypto Go branch. Therefore, SHA-3 must not be used when building a FIPS-140 2 binary. 2021-03-05 23:43:42 -05:00			`_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation`
Add SHA-3 support (#9308) 2020-04-10 17:59:52 -04:00			`)`

			`// Specific instances for EC256 and company`
			`var (`
			`SigningMethodES3256 *jwt.SigningMethodECDSA`
			`SigningMethodES3384 *jwt.SigningMethodECDSA`
			`SigningMethodES3512 *jwt.SigningMethodECDSA`
			`)`

			`func init() {`
			`// ES256`
			`SigningMethodES3256 = &jwt.SigningMethodECDSA{Name: "ES3256", Hash: crypto.SHA3_256, KeySize: 32, CurveBits: 256}`
			`jwt.RegisterSigningMethod(SigningMethodES3256.Alg(), func() jwt.SigningMethod {`
			`return SigningMethodES3256`
			`})`

			`// ES384`
			`SigningMethodES3384 = &jwt.SigningMethodECDSA{Name: "ES3384", Hash: crypto.SHA3_384, KeySize: 48, CurveBits: 384}`
			`jwt.RegisterSigningMethod(SigningMethodES3384.Alg(), func() jwt.SigningMethod {`
			`return SigningMethodES3384`
			`})`

			`// ES512`
			`SigningMethodES3512 = &jwt.SigningMethodECDSA{Name: "ES3512", Hash: crypto.SHA3_512, KeySize: 66, CurveBits: 521}`
			`jwt.RegisterSigningMethod(SigningMethodES3512.Alg(), func() jwt.SigningMethod {`
			`return SigningMethodES3512`
			`})`
			`}`