From 300f5b88bc4d2f96f7429bd5078c436b16b7627c Mon Sep 17 00:00:00 2001 From: Steve Hipwell Date: Mon, 16 Feb 2026 14:10:17 +0000 Subject: [PATCH] feat: Generate docs Signed-off-by: Steve Hipwell --- .github/pull_request_template.md | 4 +- .github/workflows/ci.yaml | 19 +- .golangci.yml | 2 - .markdownlint.yaml | 4 - .rumdl.toml | 15 + CHANGELOG.md | 336 +- CODE_OF_CONDUCT.md | 6 +- CONTRIBUTING.md | 5 +- GNUmakefile | 35 +- README.md | 17 +- RELEASE.md | 2 +- SECURITY.md | 2 + docs.go | 10 + .../actions_environment_public_key.md | 28 + .../actions_environment_secrets.md | 27 + .../actions_environment_variables.md | 28 + ...dc_subject_claim_customization_template.md | 22 + .../actions_organization_public_key.md | 20 + ...actions_organization_registration_token.md | 23 + .../actions_organization_secrets.md | 26 + .../actions_organization_variables.md | 27 + docs/data-sources/actions_public_key.md | 26 + .../actions_registration_token.md | 26 + ...dc_subject_claim_customization_template.md | 26 + docs/data-sources/actions_secrets.md | 29 + docs/data-sources/actions_variables.md | 30 + docs/data-sources/app.md | 33 + docs/data-sources/app_token.md | 35 + docs/data-sources/branch.md | 36 + docs/data-sources/branch_protection_rules.md | 29 + .../codespaces_organization_public_key.md | 20 + .../codespaces_organization_secrets.md | 26 + docs/data-sources/codespaces_public_key.md | 26 + docs/data-sources/codespaces_secrets.md | 33 + .../codespaces_user_public_key.md | 20 + docs/data-sources/codespaces_user_secrets.md | 26 + docs/data-sources/collaborators.md | 68 + .../dependabot_organization_public_key.md | 20 + .../dependabot_organization_secrets.md | 26 + docs/data-sources/dependabot_public_key.md | 26 + docs/data-sources/dependabot_secrets.md | 29 + docs/data-sources/enterprise.md | 27 + docs/data-sources/external_groups.md | 37 + docs/data-sources/ip_ranges.md | 45 + docs/data-sources/issue_labels.md | 29 + docs/data-sources/membership.md | 30 + docs/data-sources/organization.md | 58 + .../organization_custom_properties.md | 39 + docs/data-sources/organization_custom_role.md | 36 + .../organization_external_identities.md | 45 + .../organization_ip_allow_list.md | 30 + .../organization_repository_role.md | 32 + .../organization_repository_roles.md | 34 + docs/data-sources/organization_role.md | 31 + docs/data-sources/organization_role_teams.md | 36 + docs/data-sources/organization_role_users.md | 34 + docs/data-sources/organization_roles.md | 33 + .../organization_security_managers.md | 30 + .../organization_team_sync_groups.md | 29 + docs/data-sources/organization_teams.md | 48 + docs/data-sources/organization_webhooks.md | 31 + docs/data-sources/ref.md | 39 + docs/data-sources/release.md | 85 + docs/data-sources/release_asset.md | 86 + docs/data-sources/repositories.md | 35 + docs/data-sources/repository.md | 129 + .../repository_autolink_references.md | 28 + docs/data-sources/repository_branches.md | 31 + .../repository_custom_properties.md | 27 + docs/data-sources/repository_deploy_keys.md | 29 + .../repository_deployment_branch_policies.md | 32 + ...ository_environment_deployment_policies.md | 30 + docs/data-sources/repository_environments.md | 27 + docs/data-sources/repository_file.md | 47 + docs/data-sources/repository_milestone.md | 34 + docs/data-sources/repository_pull_request.md | 56 + docs/data-sources/repository_pull_requests.md | 73 + docs/data-sources/repository_teams.md | 29 + docs/data-sources/repository_webhooks.md | 33 + docs/data-sources/rest_api.md | 29 + docs/data-sources/ssh_keys.md | 19 + docs/data-sources/team.md | 37 + docs/data-sources/tree.md | 42 + docs/data-sources/user.md | 55 + docs/data-sources/user_external_identity.md | 46 + docs/data-sources/users.md | 37 + docs/index.md | 136 + docs/resources/actions_environment_secret.md | 112 + .../resources/actions_environment_variable.md | 76 + docs/resources/actions_hosted_runner.md | 153 + ...dc_subject_claim_customization_template.md | 33 + .../actions_organization_permissions.md | 62 + docs/resources/actions_organization_secret.md | 110 + ...ctions_organization_secret_repositories.md | 61 + .../actions_organization_secret_repository.md | 61 + .../actions_organization_variable.md | 69 + ...ions_organization_variable_repositories.md | 61 + ...ctions_organization_variable_repository.md | 61 + ...tions_organization_workflow_permissions.md | 64 + .../actions_repository_access_level.md | 38 + ...dc_subject_claim_customization_template.md | 48 + .../actions_repository_permissions.md | 53 + docs/resources/actions_runner_group.md | 55 + docs/resources/actions_secret.md | 90 + docs/resources/actions_variable.md | 56 + .../app_installation_repositories.md | 51 + docs/resources/app_installation_repository.md | 45 + docs/resources/branch.md | 64 + docs/resources/branch_default.md | 67 + docs/resources/branch_protection.md | 141 + docs/resources/branch_protection_v3.md | 142 + .../codespaces_organization_secret.md | 74 + ...spaces_organization_secret_repositories.md | 41 + docs/resources/codespaces_secret.md | 57 + docs/resources/codespaces_user_secret.md | 57 + .../dependabot_organization_secret.md | 107 + ...ndabot_organization_secret_repositories.md | 61 + ...pendabot_organization_secret_repository.md | 61 + docs/resources/dependabot_secret.md | 89 + docs/resources/emu_group_mapping.md | 33 + .../enterprise_actions_permissions.md | 63 + .../enterprise_actions_runner_group.md | 64 + ...enterprise_actions_workflow_permissions.md | 64 + docs/resources/enterprise_organization.md | 48 + .../enterprise_security_analysis_settings.md | 82 + docs/resources/issue.md | 87 + docs/resources/issue_label.md | 50 + docs/resources/issue_labels.md | 60 + docs/resources/membership.md | 37 + docs/resources/organization_block.md | 31 + .../organization_custom_properties.md | 97 + docs/resources/organization_custom_role.md | 67 + docs/resources/organization_project.md | 34 + .../resources/organization_repository_role.md | 49 + docs/resources/organization_role.md | 49 + docs/resources/organization_role_team.md | 33 + .../organization_role_team_assignment.md | 43 + docs/resources/organization_role_user.md | 33 + docs/resources/organization_ruleset.md | 360 + .../organization_security_manager.md | 36 + docs/resources/organization_settings.md | 87 + docs/resources/organization_webhook.md | 55 + docs/resources/project_card.md | 85 + docs/resources/project_column.md | 33 + docs/resources/release.md | 102 + docs/resources/repository.md | 245 + .../repository_autolink_reference.md | 64 + docs/resources/repository_collaborator.md | 62 + docs/resources/repository_collaborators.md | 90 + docs/resources/repository_custom_property.md | 46 + .../repository_dependabot_security_updates.md | 46 + docs/resources/repository_deploy_key.md | 55 + .../repository_deployment_branch_policy.md | 54 + docs/resources/repository_environment.md | 73 + ...epository_environment_deployment_policy.md | 93 + docs/resources/repository_file.md | 106 + docs/resources/repository_milestone.md | 52 + docs/resources/repository_project.md | 43 + docs/resources/repository_pull_request.md | 57 + docs/resources/repository_ruleset.md | 340 + docs/resources/repository_topics.md | 40 + docs/resources/repository_webhook.md | 77 + docs/resources/team.md | 51 + docs/resources/team_members.md | 83 + docs/resources/team_membership.md | 53 + docs/resources/team_repository.md | 56 + docs/resources/team_settings.md | 63 + docs/resources/team_sync_group_mapping.md | 55 + docs/resources/user_gpg_key.md | 36 + docs/resources/user_invitation_accepter.md | 50 + docs/resources/user_ssh_key.md | 42 + .../workflow_repository_permissions.md | 39 + examples/README.md | 2 +- .../example_1.tf | 4 + .../actions_environment_secrets/example_1.tf | 4 + .../example_1.tf | 4 + .../example_1.tf | 2 + .../example_1.tf | 1 + .../example_1.tf | 2 + .../actions_organization_secrets/example_1.tf | 2 + .../example_1.tf | 2 + .../actions_public_key/example_1.tf | 3 + .../actions_registration_token/example_1.tf | 3 + .../example_1.tf | 3 + .../data-sources/actions_secrets/example_1.tf | 3 + .../actions_variables/example_1.tf | 3 + examples/data-sources/app/example_1.tf | 3 + examples/data-sources/app_token/example_1.tf | 5 + examples/data-sources/branch/example_1.tf | 4 + .../branch_protection_rules/example_1.tf | 3 + .../example_1.tf | 1 + .../example_1.tf | 2 + .../codespaces_public_key/example_1.tf | 3 + .../codespaces_secrets/example_1.tf | 7 + .../codespaces_user_public_key/example_1.tf | 1 + .../codespaces_user_secrets/example_1.tf | 2 + .../data-sources/collaborators/example_1.tf | 4 + .../example_1.tf | 1 + .../example_1.tf | 2 + .../dependabot_public_key/example_1.tf | 3 + .../dependabot_secrets/example_1.tf | 3 + .../data-sources/external_groups/example_1.tf | 9 + examples/data-sources/ip_ranges/example_1.tf | 1 + .../data-sources/issue_labels/example_1.tf | 3 + examples/data-sources/membership/example_1.tf | 3 + .../data-sources/organization/example_1.tf | 3 + .../example_1.tf | 3 + .../organization_custom_role/example_1.tf | 3 + .../example_1.tf | 1 + .../organization_ip_allow_list/example_1.tf | 1 + .../organization_repository_role/example_1.tf | 3 + .../example_1.tf | 2 + .../organization_role/example_1.tf | 3 + .../organization_role_teams/example_1.tf | 3 + .../organization_role_users/example_1.tf | 3 + .../organization_roles/example_1.tf | 2 + .../example_1.tf | 1 + .../example_1.tf | 1 + .../organization_teams/example_1.tf | 1 + .../organization_teams/example_2.tf | 3 + .../organization_webhooks/example_1.tf | 1 + examples/data-sources/ref/example_1.tf | 5 + examples/data-sources/release/example_1.tf | 5 + examples/data-sources/release/example_2.tf | 6 + examples/data-sources/release/example_3.tf | 6 + .../data-sources/release_asset/example_1.tf | 5 + .../data-sources/release_asset/example_2.tf | 6 + .../data-sources/release_asset/example_3.tf | 11 + .../data-sources/release_asset/example_4.tf | 12 + .../data-sources/repositories/example_1.tf | 4 + examples/data-sources/repository/example_1.tf | 3 + .../example_1.tf | 3 + .../repository_branches/example_1.tf | 3 + .../repository_custom_properties/example_1.tf | 3 + .../repository_deploy_keys/example_1.tf | 3 + .../example_1.tf | 4 + .../example_1.tf | 4 + .../repository_environments/example_1.tf | 3 + .../data-sources/repository_file/example_1.tf | 6 + .../repository_milestone/example_1.tf | 5 + .../repository_pull_request/example_1.tf | 4 + .../repository_pull_requests/example_1.tf | 7 + .../repository_teams/example_1.tf | 3 + .../repository_webhooks/example_1.tf | 3 + examples/data-sources/rest_api/example_1.tf | 3 + examples/data-sources/ssh_keys/example_1.tf | 1 + examples/data-sources/team/example_1.tf | 3 + examples/data-sources/tree/example_1.tf | 19 + examples/data-sources/user/example_1.tf | 14 + .../user_external_identity/example_1.tf | 3 + examples/data-sources/users/example_1.tf | 12 + examples/enterprise_settings/README.md | 18 +- examples/enterprise_settings/main.tf | 28 +- examples/example_1.tf | 16 + examples/example_2.tf | 9 + examples/example_3.tf | 3 + examples/example_4.tf | 8 + examples/example_5.tf | 4 + examples/hosted_runner/main.tf | 8 +- .../organization_security_manager/README.md | 1 + examples/release/README.md | 4 +- examples/repository_collaborator/README.md | 2 +- .../README.md | 2 +- examples/repository_non_org_owner/README.md | 2 +- examples/repository_org_internal/README.md | 2 +- .../README.md | 6 +- examples/repository_team/README.md | 4 +- examples/repository_visibility/README.md | 2 +- .../actions_environment_secret/example_1.tf | 14 + .../actions_environment_secret/example_2.tf | 15 + .../actions_environment_secret/example_3.tf | 10 + .../actions_environment_secret/example_4.tf | 4 + .../actions_environment_variable/example_1.tf | 6 + .../actions_environment_variable/example_2.tf | 15 + .../actions_environment_variable/example_3.tf | 4 + .../actions_hosted_runner/example_1.tf | 16 + .../actions_hosted_runner/example_2.tf | 18 + .../actions_hosted_runner/example_3.tf | 15 + .../example_1.tf | 3 + .../example_1.tf | 16 + .../actions_organization_secret/example_1.tf | 11 + .../actions_organization_secret/example_2.tf | 17 + .../actions_organization_secret/example_3.tf | 9 + .../actions_organization_secret/example_4.tf | 4 + .../example_1.tf | 15 + .../example_2.tf | 4 + .../example_1.tf | 15 + .../example_2.tf | 4 + .../example_1.tf | 5 + .../example_2.tf | 10 + .../example_3.tf | 4 + .../example_1.tf | 15 + .../example_2.tf | 4 + .../example_1.tf | 15 + .../example_2.tf | 4 + .../example_1.tf | 15 + .../example_1.tf | 9 + .../example_1.tf | 9 + .../example_1.tf | 13 + .../actions_runner_group/example_1.tf | 9 + .../resources/actions_secret/example_1.tf | 11 + .../resources/actions_secret/example_2.tf | 9 + .../resources/actions_secret/example_3.tf | 4 + .../resources/actions_variable/example_1.tf | 5 + .../resources/actions_variable/example_2.tf | 4 + .../example_1.tf | 14 + .../app_installation_repository/example_1.tf | 10 + examples/resources/branch/example_1.tf | 4 + .../resources/branch_default/example_1.tf | 15 + .../resources/branch_default/example_2.tf | 11 + .../resources/branch_protection/example_1.tf | 69 + .../branch_protection_v3/example_1.tf | 9 + .../branch_protection_v3/example_2.tf | 49 + .../example_1.tf | 11 + .../example_2.tf | 17 + .../example_1.tf | 8 + .../resources/codespaces_secret/example_1.tf | 15 + .../codespaces_user_secret/example_1.tf | 15 + .../example_1.tf | 11 + .../example_2.tf | 17 + .../example_3.tf | 9 + .../example_4.tf | 4 + .../example_1.tf | 15 + .../example_2.tf | 4 + .../example_1.tf | 15 + .../example_2.tf | 4 + .../resources/dependabot_secret/example_1.tf | 11 + .../resources/dependabot_secret/example_2.tf | 9 + .../resources/dependabot_secret/example_3.tf | 4 + .../resources/emu_group_mapping/example_1.tf | 4 + .../example_1.tf | 17 + .../example_1.tf | 20 + .../example_1.tf | 15 + .../example_1.tf | 17 + examples/resources/issue/example_1.tf | 12 + examples/resources/issue/example_2.tf | 24 + examples/resources/issue_label/example_1.tf | 6 + examples/resources/issue_labels/example_1.tf | 14 + examples/resources/membership/example_1.tf | 5 + .../resources/organization_block/example_1.tf | 3 + .../example_1.tf | 12 + .../example_2.tf | 7 + .../example_3.tf | 6 + .../example_4.tf | 7 + .../organization_custom_role/example_1.tf | 26 + .../organization_project/example_1.tf | 4 + .../organization_repository_role/example_1.tf | 9 + .../resources/organization_role/example_1.tf | 9 + .../organization_role_team/example_1.tf | 4 + .../example_1.tf | 8 + .../organization_role_user/example_1.tf | 4 + .../organization_ruleset/example_1.tf | 85 + .../example_1.tf | 8 + .../organization_settings/example_1.tf | 28 + .../organization_webhook/example_1.tf | 13 + examples/resources/project_card/example_1.tf | 14 + examples/resources/project_card/example_2.tf | 28 + .../resources/project_column/example_1.tf | 9 + examples/resources/release/example_1.tf | 11 + examples/resources/release/example_2.tf | 18 + examples/resources/repository/example_1.tf | 12 + examples/resources/repository/example_2.tf | 13 + examples/resources/repository/example_3.tf | 7 + .../example_1.tf | 14 + .../repository_collaborator/example_1.tf | 6 + .../repository_collaborators/example_1.tf | 23 + .../repository_custom_property/example_1.tf | 10 + .../example_1.tf | 14 + .../repository_deploy_key/example_1.tf | 12 + .../example_1.tf | 16 + .../repository_environment/example_1.tf | 21 + .../example_1.tf | 26 + .../example_2.tf | 27 + .../resources/repository_file/example_1.tf | 17 + .../resources/repository_file/example_2.tf | 18 + .../repository_milestone/example_1.tf | 6 + .../resources/repository_project/example_1.tf | 11 + .../repository_pull_request/example_1.tf | 7 + .../resources/repository_ruleset/example_1.tf | 70 + .../resources/repository_topics/example_1.tf | 8 + .../resources/repository_webhook/example_1.tf | 21 + examples/resources/team/example_1.tf | 6 + examples/resources/team_members/example_1.tf | 29 + .../resources/team_membership/example_1.tf | 16 + .../resources/team_repository/example_1.tf | 15 + examples/resources/team_settings/example_1.tf | 14 + .../team_sync_group_mapping/example_1.tf | 15 + examples/resources/user_gpg_key/example_1.tf | 3 + .../user_invitation_accepter/example_1.tf | 19 + examples/resources/user_ssh_key/example_1.tf | 4 + .../example_1.tf | 9 + examples/secret-drifting/main.tf | 8 +- github/test-fixtures/README.md | 2 +- go.mod | 35 +- go.sum | 75 +- .../actions_environment_public_key.md.tmpl | 23 + .../actions_environment_secrets.md.tmpl | 22 + .../actions_environment_variables.md.tmpl | 23 + ...bject_claim_customization_template.md.tmpl | 19 + .../actions_organization_public_key.md.tmpl | 18 + ...ns_organization_registration_token.md.tmpl | 20 + .../actions_organization_secrets.md.tmpl | 23 + .../actions_organization_variables.md.tmpl | 24 + .../data-sources/actions_public_key.md.tmpl | 22 + .../actions_registration_token.md.tmpl | 22 + ...bject_claim_customization_template.md.tmpl | 22 + .../data-sources/actions_secrets.md.tmpl | 25 + .../data-sources/actions_variables.md.tmpl | 26 + templates/data-sources/app.md.tmpl | 29 + templates/data-sources/app_token.md.tmpl | 29 + templates/data-sources/branch.md.tmpl | 31 + .../branch_protection_rules.md.tmpl | 25 + ...codespaces_organization_public_key.md.tmpl | 18 + .../codespaces_organization_secrets.md.tmpl | 23 + .../codespaces_public_key.md.tmpl | 22 + .../data-sources/codespaces_secrets.md.tmpl | 25 + .../codespaces_user_public_key.md.tmpl | 18 + .../codespaces_user_secrets.md.tmpl | 23 + templates/data-sources/collaborators.md.tmpl | 63 + ...dependabot_organization_public_key.md.tmpl | 18 + .../dependabot_organization_secrets.md.tmpl | 23 + .../dependabot_public_key.md.tmpl | 22 + .../data-sources/dependabot_secrets.md.tmpl | 25 + templates/data-sources/enterprise.md.tmpl | 27 + .../data-sources/external_groups.md.tmpl | 27 + templates/data-sources/ip_ranges.md.tmpl | 43 + templates/data-sources/issue_labels.md.tmpl | 25 + templates/data-sources/membership.md.tmpl | 26 + templates/data-sources/organization.md.tmpl | 54 + .../organization_custom_properties.md.tmpl | 35 + .../organization_custom_role.md.tmpl | 32 + .../organization_external_identities.md.tmpl | 43 + .../organization_ip_allow_list.md.tmpl | 28 + .../organization_repository_role.md.tmpl | 28 + .../organization_repository_roles.md.tmpl | 31 + .../data-sources/organization_role.md.tmpl | 27 + .../organization_role_teams.md.tmpl | 32 + .../organization_role_users.md.tmpl | 30 + .../data-sources/organization_roles.md.tmpl | 30 + .../organization_security_managers.md.tmpl | 28 + .../organization_team_sync_groups.md.tmpl | 27 + .../data-sources/organization_teams.md.tmpl | 42 + .../organization_webhooks.md.tmpl | 29 + templates/data-sources/ref.md.tmpl | 33 + templates/data-sources/release.md.tmpl | 65 + templates/data-sources/release_asset.md.tmpl | 48 + templates/data-sources/repositories.md.tmpl | 30 + templates/data-sources/repository.md.tmpl | 125 + .../repository_autolink_references.md.tmpl | 24 + .../data-sources/repository_branches.md.tmpl | 27 + .../repository_custom_properties.md.tmpl | 23 + .../repository_deploy_keys.md.tmpl | 25 + ...ository_deployment_branch_policies.md.tmpl | 27 + ...ry_environment_deployment_policies.md.tmpl | 25 + .../repository_environments.md.tmpl | 23 + .../data-sources/repository_file.md.tmpl | 41 + .../data-sources/repository_milestone.md.tmpl | 28 + .../repository_pull_request.md.tmpl | 51 + .../repository_pull_requests.md.tmpl | 65 + .../data-sources/repository_teams.md.tmpl | 25 + .../data-sources/repository_webhooks.md.tmpl | 29 + templates/data-sources/rest_api.md.tmpl | 25 + templates/data-sources/ssh_keys.md.tmpl | 17 + templates/data-sources/team.md.tmpl | 33 + templates/data-sources/tree.md.tmpl | 23 + templates/data-sources/user.md.tmpl | 41 + .../user_external_identity.md.tmpl | 42 + templates/data-sources/users.md.tmpl | 24 + templates/index.md.tmpl | 91 + .../actions_environment_secret.md.tmpl | 65 + .../actions_environment_variable.md.tmpl | 48 + .../resources/actions_hosted_runner.md.tmpl | 101 + ...bject_claim_customization_template.md.tmpl | 29 + .../actions_organization_permissions.md.tmpl | 45 + .../actions_organization_secret.md.tmpl | 65 + ...s_organization_secret_repositories.md.tmpl | 40 + ...ons_organization_secret_repository.md.tmpl | 40 + .../actions_organization_variable.md.tmpl | 47 + ...organization_variable_repositories.md.tmpl | 40 + ...s_organization_variable_repository.md.tmpl | 40 + ..._organization_workflow_permissions.md.tmpl | 48 + .../actions_repository_access_level.md.tmpl | 28 + ...bject_claim_customization_template.md.tmpl | 38 + .../actions_repository_permissions.md.tmpl | 39 + .../resources/actions_runner_group.md.tmpl | 45 + templates/resources/actions_secret.md.tmpl | 63 + templates/resources/actions_variable.md.tmpl | 45 + .../app_installation_repositories.md.tmpl | 36 + .../app_installation_repository.md.tmpl | 34 + templates/resources/branch.md.tmpl | 59 + templates/resources/branch_default.md.tmpl | 39 + templates/resources/branch_protection.md.tmpl | 71 + .../resources/branch_protection_v3.md.tmpl | 82 + .../codespaces_organization_secret.md.tmpl | 44 + ...s_organization_secret_repositories.md.tmpl | 32 + templates/resources/codespaces_secret.md.tmpl | 41 + .../resources/codespaces_user_secret.md.tmpl | 41 + .../dependabot_organization_secret.md.tmpl | 62 + ...t_organization_secret_repositories.md.tmpl | 40 + ...bot_organization_secret_repository.md.tmpl | 40 + templates/resources/dependabot_secret.md.tmpl | 62 + templates/resources/emu_group_mapping.md.tmpl | 28 + .../enterprise_actions_permissions.md.tmpl | 45 + .../enterprise_actions_runner_group.md.tmpl | 43 + ...prise_actions_workflow_permissions.md.tmpl | 48 + .../resources/enterprise_organization.md.tmpl | 48 + ...erprise_security_analysis_settings.md.tmpl | 64 + templates/resources/issue.md.tmpl | 49 + templates/resources/issue_label.md.tmpl | 43 + templates/resources/issue_labels.md.tmpl | 45 + templates/resources/membership.md.tmpl | 31 + .../resources/organization_block.md.tmpl | 27 + .../organization_custom_properties.md.tmpl | 61 + .../organization_custom_role.md.tmpl | 40 + .../resources/organization_project.md.tmpl | 29 + .../organization_repository_role.md.tmpl | 39 + templates/resources/organization_role.md.tmpl | 39 + .../resources/organization_role_team.md.tmpl | 28 + .../organization_role_team_assignment.md.tmpl | 34 + .../resources/organization_role_user.md.tmpl | 28 + .../resources/organization_ruleset.md.tmpl | 274 + .../organization_security_manager.md.tmpl | 27 + .../resources/organization_settings.md.tmpl | 58 + .../resources/organization_webhook.md.tmpl | 41 + templates/resources/project_card.md.tmpl | 41 + templates/resources/project_column.md.tmpl | 23 + templates/resources/release.md.tmpl | 71 + templates/resources/repository.md.tmpl | 210 + .../repository_autolink_reference.md.tmpl | 49 + .../resources/repository_collaborator.md.tmpl | 55 + .../repository_collaborators.md.tmpl | 66 + .../repository_custom_property.md.tmpl | 35 + ...sitory_dependabot_security_updates.md.tmpl | 31 + .../resources/repository_deploy_key.md.tmpl | 42 + ...epository_deployment_branch_policy.md.tmpl | 37 + .../resources/repository_environment.md.tmpl | 51 + ...tory_environment_deployment_policy.md.tmpl | 39 + templates/resources/repository_file.md.tmpl | 73 + .../resources/repository_milestone.md.tmpl | 45 + .../resources/repository_project.md.tmpl | 31 + .../resources/repository_pull_request.md.tmpl | 49 + .../resources/repository_ruleset.md.tmpl | 269 + templates/resources/repository_topics.md.tmpl | 31 + .../resources/repository_webhook.md.tmpl | 55 + templates/resources/team.md.tmpl | 44 + templates/resources/team_members.md.tmpl | 53 + templates/resources/team_membership.md.tmpl | 36 + templates/resources/team_repository.md.tmpl | 40 + templates/resources/team_settings.md.tmpl | 48 + .../resources/team_sync_group_mapping.md.tmpl | 40 + templates/resources/user_gpg_key.md.tmpl | 32 + .../user_invitation_accepter.md.tmpl | 30 + templates/resources/user_ssh_key.md.tmpl | 37 + .../workflow_repository_permissions.md.tmpl | 29 + .../github.com/ProtonMail/go-crypto/AUTHORS | 3 - .../ProtonMail/go-crypto/CONTRIBUTORS | 3 - .../github.com/ProtonMail/go-crypto/LICENSE | 27 - .../github.com/ProtonMail/go-crypto/PATENTS | 22 - .../go-crypto/bitcurves/bitcurve.go | 381 - .../go-crypto/brainpool/brainpool.go | 134 - .../ProtonMail/go-crypto/brainpool/rcurve.go | 83 - .../ProtonMail/go-crypto/eax/eax.go | 162 - .../go-crypto/eax/eax_test_vectors.go | 58 - .../go-crypto/eax/random_vectors.go | 131 - .../go-crypto/internal/byteutil/byteutil.go | 90 - .../ProtonMail/go-crypto/ocb/ocb.go | 313 - .../go-crypto/ocb/random_vectors.go | 136 - .../ocb/rfc7253_test_vectors_suite_a.go | 78 - .../ocb/rfc7253_test_vectors_suite_b.go | 25 - .../go-crypto/openpgp/aes/keywrap/keywrap.go | 153 - .../go-crypto/openpgp/armor/armor.go | 183 - .../go-crypto/openpgp/armor/encode.go | 206 - .../go-crypto/openpgp/canonical_text.go | 71 - .../ProtonMail/go-crypto/openpgp/ecdh/ecdh.go | 206 - .../go-crypto/openpgp/ecdsa/ecdsa.go | 80 - .../go-crypto/openpgp/ed25519/ed25519.go | 115 - .../go-crypto/openpgp/ed448/ed448.go | 119 - .../go-crypto/openpgp/eddsa/eddsa.go | 91 - .../go-crypto/openpgp/elgamal/elgamal.go | 124 - .../go-crypto/openpgp/errors/errors.go | 200 - .../ProtonMail/go-crypto/openpgp/hash.go | 24 - .../openpgp/internal/algorithm/aead.go | 65 - .../openpgp/internal/algorithm/cipher.go | 97 - .../openpgp/internal/algorithm/hash.go | 143 - .../openpgp/internal/ecc/curve25519.go | 171 - .../openpgp/internal/ecc/curve_info.go | 143 - .../go-crypto/openpgp/internal/ecc/curves.go | 48 - .../go-crypto/openpgp/internal/ecc/ed25519.go | 120 - .../go-crypto/openpgp/internal/ecc/ed448.go | 119 - .../go-crypto/openpgp/internal/ecc/generic.go | 149 - .../go-crypto/openpgp/internal/ecc/x448.go | 107 - .../openpgp/internal/encoding/encoding.go | 27 - .../openpgp/internal/encoding/mpi.go | 91 - .../openpgp/internal/encoding/oid.go | 88 - .../go-crypto/openpgp/key_generation.go | 456 - .../ProtonMail/go-crypto/openpgp/keys.go | 901 - .../go-crypto/openpgp/keys_test_data.go | 538 - .../go-crypto/openpgp/packet/aead_config.go | 67 - .../go-crypto/openpgp/packet/aead_crypter.go | 250 - .../openpgp/packet/aead_encrypted.go | 100 - .../go-crypto/openpgp/packet/compressed.go | 161 - .../go-crypto/openpgp/packet/config.go | 422 - .../go-crypto/openpgp/packet/config_v5.go | 7 - .../go-crypto/openpgp/packet/encrypted_key.go | 584 - .../go-crypto/openpgp/packet/literal.go | 91 - .../go-crypto/openpgp/packet/marker.go | 33 - .../go-crypto/openpgp/packet/notation.go | 29 - .../go-crypto/openpgp/packet/ocfb.go | 137 - .../openpgp/packet/one_pass_signature.go | 157 - .../go-crypto/openpgp/packet/opaque.go | 170 - .../go-crypto/openpgp/packet/packet.go | 675 - .../openpgp/packet/packet_sequence.go | 222 - .../openpgp/packet/packet_unsupported.go | 24 - .../go-crypto/openpgp/packet/padding.go | 26 - .../go-crypto/openpgp/packet/private_key.go | 1191 - .../openpgp/packet/private_key_test_data.go | 12 - .../go-crypto/openpgp/packet/public_key.go | 1125 - .../openpgp/packet/public_key_test_data.go | 24 - .../go-crypto/openpgp/packet/reader.go | 209 - .../go-crypto/openpgp/packet/recipient.go | 15 - .../go-crypto/openpgp/packet/signature.go | 1511 - .../openpgp/packet/symmetric_key_encrypted.go | 331 - .../openpgp/packet/symmetrically_encrypted.go | 94 - .../packet/symmetrically_encrypted_aead.go | 168 - .../packet/symmetrically_encrypted_mdc.go | 256 - .../go-crypto/openpgp/packet/userattribute.go | 100 - .../go-crypto/openpgp/packet/userid.go | 166 - .../ProtonMail/go-crypto/openpgp/read.go | 619 - .../go-crypto/openpgp/read_write_test_data.go | 457 - .../ProtonMail/go-crypto/openpgp/s2k/s2k.go | 436 - .../go-crypto/openpgp/s2k/s2k_cache.go | 26 - .../go-crypto/openpgp/s2k/s2k_config.go | 129 - .../ProtonMail/go-crypto/openpgp/write.go | 620 - .../go-crypto/openpgp/x25519/x25519.go | 221 - .../ProtonMail/go-crypto/openpgp/x448/x448.go | 229 - .../github.com/agext/levenshtein/.gitignore | 53 - .../github.com/agext/levenshtein/.travis.yml | 25 - vendor/github.com/agext/levenshtein/DCO | 36 - vendor/github.com/agext/levenshtein/LICENSE | 201 - .../github.com/agext/levenshtein/MAINTAINERS | 1 - vendor/github.com/agext/levenshtein/NOTICE | 5 - vendor/github.com/agext/levenshtein/README.md | 38 - .../agext/levenshtein/levenshtein.go | 290 - vendor/github.com/agext/levenshtein/params.go | 152 - vendor/github.com/agext/levenshtein/test.sh | 10 - .../apparentlymart/go-textseg/v15/LICENSE | 95 - .../go-textseg/v15/textseg/all_tokens.go | 30 - .../go-textseg/v15/textseg/emoji_table.rl | 545 - .../go-textseg/v15/textseg/generate.go | 8 - .../v15/textseg/grapheme_clusters.go | 4349 --- .../v15/textseg/grapheme_clusters.rl | 133 - .../v15/textseg/grapheme_clusters_table.rl | 1637 - .../go-textseg/v15/textseg/tables.go | 6120 --- .../go-textseg/v15/textseg/unicode2ragel.rb | 335 - .../go-textseg/v15/textseg/utf8_seqs.go | 19 - vendor/github.com/cloudflare/circl/LICENSE | 57 - .../cloudflare/circl/dh/x25519/curve.go | 96 - .../cloudflare/circl/dh/x25519/curve_amd64.go | 30 - .../cloudflare/circl/dh/x25519/curve_amd64.h | 111 - .../cloudflare/circl/dh/x25519/curve_amd64.s | 157 - .../circl/dh/x25519/curve_generic.go | 85 - .../cloudflare/circl/dh/x25519/curve_noasm.go | 11 - .../cloudflare/circl/dh/x25519/doc.go | 19 - .../cloudflare/circl/dh/x25519/key.go | 47 - .../cloudflare/circl/dh/x25519/table.go | 268 - .../cloudflare/circl/dh/x448/curve.go | 104 - .../cloudflare/circl/dh/x448/curve_amd64.go | 30 - .../cloudflare/circl/dh/x448/curve_amd64.h | 111 - .../cloudflare/circl/dh/x448/curve_amd64.s | 194 - .../cloudflare/circl/dh/x448/curve_generic.go | 100 - .../cloudflare/circl/dh/x448/curve_noasm.go | 11 - .../cloudflare/circl/dh/x448/doc.go | 19 - .../cloudflare/circl/dh/x448/key.go | 46 - .../cloudflare/circl/dh/x448/table.go | 460 - .../circl/ecc/goldilocks/constants.go | 71 - .../cloudflare/circl/ecc/goldilocks/curve.go | 84 - .../circl/ecc/goldilocks/isogeny.go | 52 - .../cloudflare/circl/ecc/goldilocks/point.go | 171 - .../cloudflare/circl/ecc/goldilocks/scalar.go | 203 - .../cloudflare/circl/ecc/goldilocks/twist.go | 138 - .../circl/ecc/goldilocks/twistPoint.go | 135 - .../circl/ecc/goldilocks/twistTables.go | 216 - .../circl/ecc/goldilocks/twist_basemult.go | 62 - .../cloudflare/circl/internal/conv/conv.go | 173 - .../cloudflare/circl/internal/sha3/doc.go | 62 - .../cloudflare/circl/internal/sha3/hashes.go | 69 - .../cloudflare/circl/internal/sha3/keccakf.go | 391 - .../cloudflare/circl/internal/sha3/rc.go | 29 - .../cloudflare/circl/internal/sha3/sha3.go | 200 - .../circl/internal/sha3/sha3_s390x.s | 33 - .../cloudflare/circl/internal/sha3/shake.go | 119 - .../cloudflare/circl/internal/sha3/xor.go | 15 - .../circl/internal/sha3/xor_generic.go | 33 - .../circl/internal/sha3/xor_unaligned.go | 61 - .../cloudflare/circl/math/fp25519/fp.go | 205 - .../cloudflare/circl/math/fp25519/fp_amd64.go | 45 - .../cloudflare/circl/math/fp25519/fp_amd64.h | 351 - .../cloudflare/circl/math/fp25519/fp_amd64.s | 112 - .../circl/math/fp25519/fp_generic.go | 317 - .../cloudflare/circl/math/fp25519/fp_noasm.go | 13 - .../cloudflare/circl/math/fp448/fp.go | 164 - .../cloudflare/circl/math/fp448/fp_amd64.go | 43 - .../cloudflare/circl/math/fp448/fp_amd64.h | 591 - .../cloudflare/circl/math/fp448/fp_amd64.s | 75 - .../cloudflare/circl/math/fp448/fp_generic.go | 339 - .../cloudflare/circl/math/fp448/fp_noasm.go | 12 - .../cloudflare/circl/math/fp448/fuzzer.go | 75 - .../cloudflare/circl/math/integer.go | 16 - .../cloudflare/circl/math/mlsbset/mlsbset.go | 122 - .../cloudflare/circl/math/mlsbset/power.go | 64 - .../cloudflare/circl/math/primes.go | 34 - .../github.com/cloudflare/circl/math/wnaf.go | 84 - .../cloudflare/circl/sign/ed25519/ed25519.go | 453 - .../cloudflare/circl/sign/ed25519/modular.go | 175 - .../cloudflare/circl/sign/ed25519/mult.go | 180 - .../cloudflare/circl/sign/ed25519/point.go | 195 - .../cloudflare/circl/sign/ed25519/pubkey.go | 9 - .../circl/sign/ed25519/pubkey112.go | 7 - .../cloudflare/circl/sign/ed25519/signapi.go | 87 - .../cloudflare/circl/sign/ed25519/tables.go | 213 - .../cloudflare/circl/sign/ed448/ed448.go | 411 - .../cloudflare/circl/sign/ed448/signapi.go | 87 - .../github.com/cloudflare/circl/sign/sign.go | 113 - vendor/github.com/fatih/color/LICENSE.md | 20 - vendor/github.com/fatih/color/README.md | 189 - vendor/github.com/fatih/color/color.go | 685 - .../github.com/fatih/color/color_windows.go | 19 - vendor/github.com/fatih/color/doc.go | 134 - .../github.com/go-jose/go-jose/v3/.gitignore | 2 - .../go-jose/go-jose/v3/.golangci.yml | 53 - .../github.com/go-jose/go-jose/v3/.travis.yml | 33 - .../go-jose/go-jose/v3/CHANGELOG.md | 78 - .../go-jose/go-jose/v3/CONTRIBUTING.md | 15 - vendor/github.com/go-jose/go-jose/v3/LICENSE | 202 - .../github.com/go-jose/go-jose/v3/README.md | 108 - .../github.com/go-jose/go-jose/v3/SECURITY.md | 13 - .../go-jose/go-jose/v3/asymmetric.go | 595 - .../go-jose/go-jose/v3/cipher/cbc_hmac.go | 196 - .../go-jose/go-jose/v3/cipher/concat_kdf.go | 75 - .../go-jose/go-jose/v3/cipher/ecdh_es.go | 86 - .../go-jose/go-jose/v3/cipher/key_wrap.go | 109 - .../github.com/go-jose/go-jose/v3/crypter.go | 593 - vendor/github.com/go-jose/go-jose/v3/doc.go | 25 - .../github.com/go-jose/go-jose/v3/encoding.go | 237 - .../go-jose/go-jose/v3/json/LICENSE | 27 - .../go-jose/go-jose/v3/json/README.md | 13 - .../go-jose/go-jose/v3/json/decode.go | 1216 - .../go-jose/go-jose/v3/json/encode.go | 1197 - .../go-jose/go-jose/v3/json/indent.go | 141 - .../go-jose/go-jose/v3/json/scanner.go | 623 - .../go-jose/go-jose/v3/json/stream.go | 484 - .../go-jose/go-jose/v3/json/tags.go | 44 - vendor/github.com/go-jose/go-jose/v3/jwe.go | 296 - vendor/github.com/go-jose/go-jose/v3/jwk.go | 812 - vendor/github.com/go-jose/go-jose/v3/jws.go | 370 - .../go-jose/go-jose/v3/jwt/builder.go | 334 - .../go-jose/go-jose/v3/jwt/claims.go | 130 - .../github.com/go-jose/go-jose/v3/jwt/doc.go | 20 - .../go-jose/go-jose/v3/jwt/errors.go | 53 - .../github.com/go-jose/go-jose/v3/jwt/jwt.go | 133 - .../go-jose/go-jose/v3/jwt/validation.go | 120 - .../github.com/go-jose/go-jose/v3/opaque.go | 144 - .../github.com/go-jose/go-jose/v3/shared.go | 525 - .../github.com/go-jose/go-jose/v3/signing.go | 487 - .../go-jose/go-jose/v3/symmetric.go | 505 - vendor/github.com/golang/protobuf/AUTHORS | 3 - .../github.com/golang/protobuf/CONTRIBUTORS | 3 - vendor/github.com/golang/protobuf/LICENSE | 28 - .../golang/protobuf/proto/buffer.go | 324 - .../golang/protobuf/proto/defaults.go | 63 - .../golang/protobuf/proto/deprecated.go | 113 - .../golang/protobuf/proto/discard.go | 58 - .../golang/protobuf/proto/extensions.go | 356 - .../golang/protobuf/proto/properties.go | 306 - .../github.com/golang/protobuf/proto/proto.go | 167 - .../golang/protobuf/proto/registry.go | 317 - .../golang/protobuf/proto/text_decode.go | 801 - .../golang/protobuf/proto/text_encode.go | 560 - .../github.com/golang/protobuf/proto/wire.go | 78 - .../golang/protobuf/proto/wrappers.go | 34 - .../golang/protobuf/ptypes/empty/empty.pb.go | 62 - vendor/github.com/google/go-cmp/LICENSE | 27 - .../github.com/google/go-cmp/cmp/compare.go | 671 - vendor/github.com/google/go-cmp/cmp/export.go | 31 - .../go-cmp/cmp/internal/diff/debug_disable.go | 18 - .../go-cmp/cmp/internal/diff/debug_enable.go | 123 - .../google/go-cmp/cmp/internal/diff/diff.go | 402 - .../google/go-cmp/cmp/internal/flags/flags.go | 9 - .../go-cmp/cmp/internal/function/func.go | 106 - .../google/go-cmp/cmp/internal/value/name.go | 164 - .../go-cmp/cmp/internal/value/pointer.go | 34 - .../google/go-cmp/cmp/internal/value/sort.go | 106 - .../github.com/google/go-cmp/cmp/options.go | 562 - vendor/github.com/google/go-cmp/cmp/path.go | 390 - vendor/github.com/google/go-cmp/cmp/report.go | 54 - .../google/go-cmp/cmp/report_compare.go | 433 - .../google/go-cmp/cmp/report_references.go | 264 - .../google/go-cmp/cmp/report_reflect.go | 414 - .../google/go-cmp/cmp/report_slices.go | 614 - .../google/go-cmp/cmp/report_text.go | 432 - .../google/go-cmp/cmp/report_value.go | 121 - .../github.com/google/go-github/v82/AUTHORS | 573 - .../github.com/google/go-github/v82/LICENSE | 27 - .../google/go-github/v82/github/actions.go | 12 - .../go-github/v82/github/actions_artifacts.go | 224 - .../go-github/v82/github/actions_cache.go | 249 - .../v82/github/actions_hosted_runners.go | 379 - .../go-github/v82/github/actions_oidc.go | 81 - .../github/actions_permissions_enterprise.go | 414 - .../v82/github/actions_permissions_orgs.go | 523 - .../v82/github/actions_runner_groups.go | 342 - .../go-github/v82/github/actions_runners.go | 377 - .../go-github/v82/github/actions_secrets.go | 428 - .../go-github/v82/github/actions_variables.go | 368 - .../v82/github/actions_workflow_jobs.go | 193 - .../v82/github/actions_workflow_runs.go | 547 - .../go-github/v82/github/actions_workflows.go | 267 - .../google/go-github/v82/github/activity.go | 77 - .../go-github/v82/github/activity_events.go | 237 - .../v82/github/activity_notifications.go | 258 - .../go-github/v82/github/activity_star.go | 151 - .../go-github/v82/github/activity_watching.go | 159 - .../google/go-github/v82/github/admin.go | 123 - .../google/go-github/v82/github/admin_orgs.go | 103 - .../go-github/v82/github/admin_stats.go | 172 - .../go-github/v82/github/admin_users.go | 137 - .../google/go-github/v82/github/apps.go | 498 - .../google/go-github/v82/github/apps_hooks.go | 52 - .../v82/github/apps_hooks_deliveries.go | 78 - .../go-github/v82/github/apps_installation.go | 121 - .../go-github/v82/github/apps_manifest.go | 51 - .../go-github/v82/github/apps_marketplace.go | 211 - .../go-github/v82/github/attestations.go | 27 - .../go-github/v82/github/authorizations.go | 293 - .../google/go-github/v82/github/billing.go | 394 - .../google/go-github/v82/github/checks.go | 482 - .../google/go-github/v82/github/classroom.go | 256 - .../go-github/v82/github/code_scanning.go | 673 - .../go-github/v82/github/codesofconduct.go | 85 - .../google/go-github/v82/github/codespaces.go | 591 - .../v82/github/codespaces_machines.go | 74 - .../go-github/v82/github/codespaces_orgs.go | 173 - .../v82/github/codespaces_secrets.go | 492 - .../google/go-github/v82/github/copilot.go | 786 - .../go-github/v82/github/credentials.go | 37 - .../google/go-github/v82/github/dependabot.go | 12 - .../go-github/v82/github/dependabot_alerts.go | 186 - .../v82/github/dependabot_secrets.go | 312 - .../go-github/v82/github/dependency_graph.go | 129 - .../v82/github/dependency_graph_snapshots.go | 124 - .../google/go-github/v82/github/doc.go | 200 - .../google/go-github/v82/github/emojis.go | 40 - .../google/go-github/v82/github/enterprise.go | 12 - .../enterprise_actions_hosted_runners.go | 234 - .../enterprise_actions_runner_groups.go | 336 - .../v82/github/enterprise_actions_runners.go | 139 - .../v82/github/enterprise_app_installation.go | 159 - .../go-github/v82/github/enterprise_apps.go | 116 - .../v82/github/enterprise_audit_log.go | 37 - .../github/enterprise_billing_cost_centers.go | 233 - .../enterprise_code_security_and_analysis.go | 85 - .../enterprise_codesecurity_configurations.go | 232 - .../v82/github/enterprise_licenses.go | 138 - .../v82/github/enterprise_manage_ghes.go | 163 - .../github/enterprise_manage_ghes_config.go | 516 - .../enterprise_manage_ghes_maintenance.go | 94 - .../v82/github/enterprise_manage_ghes_ssh.go | 99 - .../enterprise_network_configurations.go | 139 - .../enterprise_organization_properties.go | 189 - .../v82/github/enterprise_properties.go | 121 - .../go-github/v82/github/enterprise_rules.go | 93 - .../go-github/v82/github/enterprise_scim.go | 481 - .../go-github/v82/github/enterprise_team.go | 420 - .../google/go-github/v82/github/event.go | 54 - .../go-github/v82/github/event_types.go | 2007 - .../google/go-github/v82/github/gists.go | 398 - .../go-github/v82/github/gists_comments.go | 128 - .../google/go-github/v82/github/git.go | 12 - .../google/go-github/v82/github/git_blobs.go | 88 - .../go-github/v82/github/git_commits.go | 224 - .../google/go-github/v82/github/git_refs.go | 187 - .../google/go-github/v82/github/git_tags.go | 75 - .../google/go-github/v82/github/git_trees.go | 180 - .../go-github/v82/github/github-accessors.go | 32175 ---------------- .../google/go-github/v82/github/github.go | 1826 - .../google/go-github/v82/github/gitignore.go | 68 - .../go-github/v82/github/interactions.go | 28 - .../go-github/v82/github/interactions_orgs.go | 83 - .../v82/github/interactions_repos.go | 83 - .../go-github/v82/github/issue_import.go | 152 - .../google/go-github/v82/github/issues.go | 410 - .../go-github/v82/github/issues_assignees.go | 103 - .../go-github/v82/github/issues_comments.go | 168 - .../go-github/v82/github/issues_events.go | 189 - .../go-github/v82/github/issues_labels.go | 253 - .../go-github/v82/github/issues_milestones.go | 157 - .../go-github/v82/github/issues_timeline.go | 201 - .../google/go-github/v82/github/licenses.go | 101 - .../google/go-github/v82/github/markdown.go | 69 - .../google/go-github/v82/github/messages.go | 357 - .../google/go-github/v82/github/meta.go | 188 - .../google/go-github/v82/github/migrations.go | 252 - .../v82/github/migrations_source_import.go | 321 - .../go-github/v82/github/migrations_user.go | 224 - .../google/go-github/v82/github/orgs.go | 335 - .../v82/github/orgs_actions_allowed.go | 34 - .../v82/github/orgs_actions_permissions.go | 34 - .../go-github/v82/github/orgs_attestations.go | 40 - .../go-github/v82/github/orgs_audit_log.go | 144 - .../orgs_codesecurity_configurations.go | 380 - .../github/orgs_credential_authorizations.go | 108 - .../github/orgs_custom_repository_roles.go | 154 - .../google/go-github/v82/github/orgs_hooks.go | 147 - .../v82/github/orgs_hooks_configuration.go | 53 - .../v82/github/orgs_hooks_deliveries.go | 79 - .../v82/github/orgs_immutable_releases.go | 174 - .../go-github/v82/github/orgs_issue_types.go | 99 - .../go-github/v82/github/orgs_members.go | 439 - .../v82/github/orgs_network_configurations.go | 236 - .../github/orgs_organization_properties.go | 60 - .../v82/github/orgs_organization_roles.go | 295 - .../v82/github/orgs_outside_collaborators.go | 87 - .../go-github/v82/github/orgs_packages.go | 180 - .../v82/github/orgs_personal_access_tokens.go | 177 - .../go-github/v82/github/orgs_properties.go | 315 - .../google/go-github/v82/github/orgs_rules.go | 120 - .../v82/github/orgs_security_managers.go | 69 - .../v82/github/orgs_users_blocking.go | 95 - .../google/go-github/v82/github/packages.go | 319 - .../v82/github/private_registries.go | 263 - .../google/go-github/v82/github/projects.go | 703 - .../google/go-github/v82/github/pulls.go | 524 - .../go-github/v82/github/pulls_comments.go | 219 - .../go-github/v82/github/pulls_reviewers.go | 103 - .../go-github/v82/github/pulls_reviews.go | 333 - .../go-github/v82/github/pulls_threads.go | 17 - .../google/go-github/v82/github/rate_limit.go | 137 - .../google/go-github/v82/github/reactions.go | 610 - .../google/go-github/v82/github/repos.go | 2536 -- .../v82/github/repos_actions_access.go | 59 - .../v82/github/repos_actions_allowed.go | 53 - .../v82/github/repos_actions_permissions.go | 230 - .../v82/github/repos_attestations.go | 39 - .../go-github/v82/github/repos_autolinks.go | 112 - .../go-github/v82/github/repos_codeowners.go | 61 - .../v82/github/repos_collaborators.go | 178 - .../go-github/v82/github/repos_comments.go | 170 - .../go-github/v82/github/repos_commits.go | 324 - .../v82/github/repos_community_health.go | 63 - .../go-github/v82/github/repos_contents.go | 411 - .../repos_deployment_branch_policies.go | 135 - .../repos_deployment_protection_rules.go | 148 - .../go-github/v82/github/repos_deployments.go | 260 - .../v82/github/repos_environments.go | 252 - .../go-github/v82/github/repos_forks.go | 98 - .../go-github/v82/github/repos_hooks.go | 276 - .../v82/github/repos_hooks_configuration.go | 68 - .../v82/github/repos_hooks_deliveries.go | 163 - .../go-github/v82/github/repos_invitations.go | 96 - .../google/go-github/v82/github/repos_keys.go | 99 - .../google/go-github/v82/github/repos_lfs.go | 53 - .../go-github/v82/github/repos_merging.go | 76 - .../go-github/v82/github/repos_pages.go | 356 - .../v82/github/repos_prereceive_hooks.go | 114 - .../go-github/v82/github/repos_properties.go | 60 - .../go-github/v82/github/repos_releases.go | 564 - .../go-github/v82/github/repos_rules.go | 158 - .../go-github/v82/github/repos_stats.go | 242 - .../go-github/v82/github/repos_statuses.go | 138 - .../google/go-github/v82/github/repos_tags.go | 88 - .../go-github/v82/github/repos_traffic.go | 149 - .../google/go-github/v82/github/rules.go | 1450 - .../google/go-github/v82/github/scim.go | 233 - .../google/go-github/v82/github/search.go | 347 - .../go-github/v82/github/secret_scanning.go | 383 - .../github/secret_scanning_pattern_configs.go | 165 - .../v82/github/security_advisories.go | 285 - .../google/go-github/v82/github/strings.go | 119 - .../google/go-github/v82/github/sub_issue.go | 140 - .../google/go-github/v82/github/teams.go | 1093 - .../v82/github/teams_discussion_comments.go | 262 - .../go-github/v82/github/teams_discussions.go | 267 - .../go-github/v82/github/teams_members.go | 263 - .../google/go-github/v82/github/timestamp.go | 52 - .../google/go-github/v82/github/users.go | 303 - .../v82/github/users_administration.go | 80 - .../v82/github/users_attestations.go | 40 - .../go-github/v82/github/users_blocking.go | 95 - .../go-github/v82/github/users_emails.go | 105 - .../go-github/v82/github/users_followers.go | 138 - .../go-github/v82/github/users_gpg_keys.go | 139 - .../google/go-github/v82/github/users_keys.go | 123 - .../go-github/v82/github/users_packages.go | 244 - .../v82/github/users_social_accounts.go | 110 - .../v82/github/users_ssh_signing_keys.go | 118 - .../go-github/v82/github/with_appengine.go | 20 - .../go-github/v82/github/without_appengine.go | 19 - .../github.com/google/go-querystring/LICENSE | 27 - .../google/go-querystring/query/encode.go | 362 - vendor/github.com/google/uuid/CHANGELOG.md | 41 - vendor/github.com/google/uuid/CONTRIBUTING.md | 26 - vendor/github.com/google/uuid/CONTRIBUTORS | 9 - vendor/github.com/google/uuid/LICENSE | 27 - vendor/github.com/google/uuid/README.md | 21 - vendor/github.com/google/uuid/dce.go | 80 - vendor/github.com/google/uuid/doc.go | 12 - vendor/github.com/google/uuid/hash.go | 59 - vendor/github.com/google/uuid/marshal.go | 38 - vendor/github.com/google/uuid/node.go | 90 - vendor/github.com/google/uuid/node_js.go | 12 - vendor/github.com/google/uuid/node_net.go | 33 - vendor/github.com/google/uuid/null.go | 118 - vendor/github.com/google/uuid/sql.go | 59 - vendor/github.com/google/uuid/time.go | 134 - vendor/github.com/google/uuid/util.go | 43 - vendor/github.com/google/uuid/uuid.go | 365 - vendor/github.com/google/uuid/version1.go | 44 - vendor/github.com/google/uuid/version4.go | 76 - vendor/github.com/google/uuid/version6.go | 56 - vendor/github.com/google/uuid/version7.go | 104 - vendor/github.com/hashicorp/errwrap/LICENSE | 354 - vendor/github.com/hashicorp/errwrap/README.md | 89 - .../github.com/hashicorp/errwrap/errwrap.go | 169 - .../hashicorp/go-checkpoint/LICENSE | 354 - .../hashicorp/go-checkpoint/README.md | 22 - .../hashicorp/go-checkpoint/check.go | 368 - .../hashicorp/go-checkpoint/telemetry.go | 118 - .../hashicorp/go-checkpoint/versions.go | 90 - .../github.com/hashicorp/go-cleanhttp/LICENSE | 363 - .../hashicorp/go-cleanhttp/README.md | 30 - .../hashicorp/go-cleanhttp/cleanhttp.go | 58 - .../github.com/hashicorp/go-cleanhttp/doc.go | 20 - .../hashicorp/go-cleanhttp/handlers.go | 48 - vendor/github.com/hashicorp/go-cty/LICENSE | 21 - .../hashicorp/go-cty/cty/capsule.go | 128 - .../hashicorp/go-cty/cty/capsule_ops.go | 132 - .../hashicorp/go-cty/cty/collection.go | 34 - .../go-cty/cty/convert/compare_types.go | 165 - .../go-cty/cty/convert/conversion.go | 190 - .../go-cty/cty/convert/conversion_capsule.go | 31 - .../cty/convert/conversion_collection.go | 551 - .../go-cty/cty/convert/conversion_dynamic.go | 33 - .../go-cty/cty/convert/conversion_object.go | 76 - .../cty/convert/conversion_primitive.go | 57 - .../go-cty/cty/convert/conversion_tuple.go | 71 - .../hashicorp/go-cty/cty/convert/doc.go | 15 - .../go-cty/cty/convert/mismatch_msg.go | 220 - .../hashicorp/go-cty/cty/convert/public.go | 83 - .../go-cty/cty/convert/sort_types.go | 69 - .../hashicorp/go-cty/cty/convert/unify.go | 357 - vendor/github.com/hashicorp/go-cty/cty/doc.go | 18 - .../hashicorp/go-cty/cty/element_iterator.go | 194 - .../github.com/hashicorp/go-cty/cty/error.go | 55 - vendor/github.com/hashicorp/go-cty/cty/gob.go | 204 - .../hashicorp/go-cty/cty/gocty/doc.go | 7 - .../hashicorp/go-cty/cty/gocty/helpers.go | 43 - .../hashicorp/go-cty/cty/gocty/in.go | 548 - .../hashicorp/go-cty/cty/gocty/out.go | 686 - .../go-cty/cty/gocty/type_implied.go | 108 - .../github.com/hashicorp/go-cty/cty/helper.go | 99 - .../github.com/hashicorp/go-cty/cty/json.go | 176 - .../hashicorp/go-cty/cty/json/doc.go | 11 - .../hashicorp/go-cty/cty/json/marshal.go | 193 - .../hashicorp/go-cty/cty/json/simple.go | 41 - .../hashicorp/go-cty/cty/json/type.go | 23 - .../hashicorp/go-cty/cty/json/type_implied.go | 170 - .../hashicorp/go-cty/cty/json/unmarshal.go | 459 - .../hashicorp/go-cty/cty/json/value.go | 65 - .../hashicorp/go-cty/cty/list_type.go | 74 - .../hashicorp/go-cty/cty/map_type.go | 74 - .../github.com/hashicorp/go-cty/cty/marks.go | 296 - .../hashicorp/go-cty/cty/msgpack/doc.go | 14 - .../hashicorp/go-cty/cty/msgpack/dynamic.go | 31 - .../hashicorp/go-cty/cty/msgpack/infinity.go | 8 - .../hashicorp/go-cty/cty/msgpack/marshal.go | 211 - .../go-cty/cty/msgpack/type_implied.go | 167 - .../hashicorp/go-cty/cty/msgpack/unknown.go | 16 - .../hashicorp/go-cty/cty/msgpack/unmarshal.go | 334 - .../github.com/hashicorp/go-cty/cty/null.go | 14 - .../hashicorp/go-cty/cty/object_type.go | 135 - .../github.com/hashicorp/go-cty/cty/path.go | 270 - .../hashicorp/go-cty/cty/path_set.go | 204 - .../hashicorp/go-cty/cty/primitive_type.go | 122 - .../hashicorp/go-cty/cty/set/gob.go | 76 - .../hashicorp/go-cty/cty/set/iterator.go | 15 - .../hashicorp/go-cty/cty/set/ops.go | 210 - .../hashicorp/go-cty/cty/set/rules.go | 47 - .../hashicorp/go-cty/cty/set/set.go | 62 - .../hashicorp/go-cty/cty/set_helper.go | 132 - .../hashicorp/go-cty/cty/set_internals.go | 255 - .../hashicorp/go-cty/cty/set_type.go | 72 - .../hashicorp/go-cty/cty/tuple_type.go | 121 - .../github.com/hashicorp/go-cty/cty/type.go | 120 - .../hashicorp/go-cty/cty/type_conform.go | 139 - .../hashicorp/go-cty/cty/types_to_register.go | 57 - .../hashicorp/go-cty/cty/unknown.go | 84 - .../hashicorp/go-cty/cty/unknown_as_null.go | 64 - .../github.com/hashicorp/go-cty/cty/value.go | 142 - .../hashicorp/go-cty/cty/value_init.go | 324 - .../hashicorp/go-cty/cty/value_ops.go | 1298 - .../github.com/hashicorp/go-cty/cty/walk.go | 182 - .../github.com/hashicorp/go-hclog/.gitignore | 1 - vendor/github.com/hashicorp/go-hclog/LICENSE | 19 - .../github.com/hashicorp/go-hclog/README.md | 149 - .../hashicorp/go-hclog/colorize_unix.go | 44 - .../hashicorp/go-hclog/colorize_windows.go | 41 - .../github.com/hashicorp/go-hclog/context.go | 41 - .../github.com/hashicorp/go-hclog/exclude.go | 74 - .../github.com/hashicorp/go-hclog/global.go | 67 - .../hashicorp/go-hclog/interceptlogger.go | 207 - .../hashicorp/go-hclog/intlogger.go | 1007 - .../github.com/hashicorp/go-hclog/logger.go | 415 - .../hashicorp/go-hclog/nulllogger.go | 63 - .../hashicorp/go-hclog/stacktrace.go | 109 - .../github.com/hashicorp/go-hclog/stdlog.go | 113 - .../github.com/hashicorp/go-hclog/writer.go | 85 - .../hashicorp/go-multierror/LICENSE | 353 - .../hashicorp/go-multierror/Makefile | 31 - .../hashicorp/go-multierror/README.md | 150 - .../hashicorp/go-multierror/append.go | 43 - .../hashicorp/go-multierror/flatten.go | 26 - .../hashicorp/go-multierror/format.go | 27 - .../hashicorp/go-multierror/group.go | 38 - .../hashicorp/go-multierror/multierror.go | 121 - .../hashicorp/go-multierror/prefix.go | 37 - .../hashicorp/go-multierror/sort.go | 16 - .../github.com/hashicorp/go-plugin/.gitignore | 2 - .../hashicorp/go-plugin/.go-version | 1 - .../hashicorp/go-plugin/CHANGELOG.md | 132 - vendor/github.com/hashicorp/go-plugin/LICENSE | 355 - .../github.com/hashicorp/go-plugin/README.md | 165 - .../hashicorp/go-plugin/buf.gen.yaml | 14 - .../github.com/hashicorp/go-plugin/buf.yaml | 7 - .../github.com/hashicorp/go-plugin/client.go | 1277 - .../hashicorp/go-plugin/constants.go | 16 - .../hashicorp/go-plugin/discover.go | 31 - .../github.com/hashicorp/go-plugin/error.go | 27 - .../hashicorp/go-plugin/grpc_broker.go | 653 - .../hashicorp/go-plugin/grpc_client.go | 134 - .../hashicorp/go-plugin/grpc_controller.go | 26 - .../hashicorp/go-plugin/grpc_server.go | 167 - .../hashicorp/go-plugin/grpc_stdio.go | 210 - .../internal/cmdrunner/addr_translator.go | 16 - .../internal/cmdrunner/cmd_reattach.go | 62 - .../internal/cmdrunner/cmd_runner.go | 129 - .../internal/cmdrunner/notes_unix.go | 70 - .../internal/cmdrunner/notes_windows.go | 46 - .../go-plugin/internal/cmdrunner/process.go | 25 - .../internal/cmdrunner/process_posix.go | 23 - .../internal/cmdrunner/process_windows.go | 33 - .../grpcmux/blocked_client_listener.go | 51 - .../grpcmux/blocked_server_listener.go | 49 - .../internal/grpcmux/grpc_client_muxer.go | 105 - .../go-plugin/internal/grpcmux/grpc_muxer.go | 41 - .../internal/grpcmux/grpc_server_muxer.go | 190 - .../internal/plugin/grpc_broker.pb.go | 264 - .../internal/plugin/grpc_broker.proto | 22 - .../internal/plugin/grpc_broker_grpc.pb.go | 142 - .../internal/plugin/grpc_controller.pb.go | 141 - .../internal/plugin/grpc_controller.proto | 14 - .../plugin/grpc_controller_grpc.pb.go | 110 - .../internal/plugin/grpc_stdio.pb.go | 225 - .../internal/plugin/grpc_stdio.proto | 33 - .../internal/plugin/grpc_stdio_grpc.pb.go | 148 - .../hashicorp/go-plugin/log_entry.go | 76 - vendor/github.com/hashicorp/go-plugin/mtls.go | 76 - .../hashicorp/go-plugin/mux_broker.go | 205 - .../github.com/hashicorp/go-plugin/plugin.go | 61 - .../github.com/hashicorp/go-plugin/process.go | 4 - .../hashicorp/go-plugin/protocol.go | 48 - .../hashicorp/go-plugin/rpc_client.go | 173 - .../hashicorp/go-plugin/rpc_server.go | 209 - .../hashicorp/go-plugin/runner/runner.go | 72 - .../github.com/hashicorp/go-plugin/server.go | 665 - .../hashicorp/go-plugin/server_mux.go | 34 - .../github.com/hashicorp/go-plugin/stream.go | 21 - .../github.com/hashicorp/go-plugin/testing.go | 187 - .../hashicorp/go-retryablehttp/.gitignore | 4 - .../hashicorp/go-retryablehttp/.go-version | 1 - .../hashicorp/go-retryablehttp/CHANGELOG.md | 33 - .../hashicorp/go-retryablehttp/CODEOWNERS | 1 - .../hashicorp/go-retryablehttp/LICENSE | 365 - .../hashicorp/go-retryablehttp/Makefile | 11 - .../hashicorp/go-retryablehttp/README.md | 62 - .../go-retryablehttp/cert_error_go119.go | 14 - .../go-retryablehttp/cert_error_go120.go | 14 - .../hashicorp/go-retryablehttp/client.go | 919 - .../go-retryablehttp/roundtripper.go | 55 - .../github.com/hashicorp/go-uuid/.travis.yml | 12 - vendor/github.com/hashicorp/go-uuid/LICENSE | 365 - vendor/github.com/hashicorp/go-uuid/README.md | 8 - vendor/github.com/hashicorp/go-uuid/uuid.go | 83 - .../hashicorp/go-version/CHANGELOG.md | 64 - .../github.com/hashicorp/go-version/LICENSE | 356 - .../github.com/hashicorp/go-version/README.md | 67 - .../hashicorp/go-version/constraint.go | 307 - .../hashicorp/go-version/version.go | 459 - .../go-version/version_collection.go | 20 - .../hashicorp/hc-install/.copywrite.hcl | 7 - .../hashicorp/hc-install/.go-version | 1 - .../github.com/hashicorp/hc-install/LICENSE | 375 - .../github.com/hashicorp/hc-install/README.md | 124 - .../hashicorp/hc-install/catalog-info.yaml | 17 - .../hc-install/checkpoint/latest_version.go | 166 - .../hashicorp/hc-install/errors/errors.go | 21 - .../hashicorp/hc-install/fs/any_version.go | 98 - .../hashicorp/hc-install/fs/exact_version.go | 98 - .../github.com/hashicorp/hc-install/fs/fs.go | 17 - .../hashicorp/hc-install/fs/fs_unix.go | 46 - .../hashicorp/hc-install/fs/fs_windows.go | 84 - .../hashicorp/hc-install/fs/version.go | 100 - .../hashicorp/hc-install/installer.go | 157 - .../internal/build/get_go_version.go | 40 - .../hc-install/internal/build/go_build.go | 196 - .../internal/build/go_is_installed.go | 31 - .../internal/build/install_go_version.go | 75 - .../internal/httpclient/httpclient.go | 38 - .../hc-install/internal/pubkey/pubkey.go | 130 - .../releasesjson/checksum_downloader.go | 198 - .../internal/releasesjson/downloader.go | 257 - .../internal/releasesjson/product_version.go | 43 - .../internal/releasesjson/releases.go | 169 - .../hashicorp/hc-install/internal/src/src.go | 6 - .../internal/validators/validators.go | 21 - .../hashicorp/hc-install/product/consul.go | 86 - .../hashicorp/hc-install/product/nomad.go | 54 - .../hashicorp/hc-install/product/packer.go | 54 - .../hashicorp/hc-install/product/product.go | 65 - .../hashicorp/hc-install/product/terraform.go | 86 - .../hashicorp/hc-install/product/vault.go | 56 - .../hc-install/releases/enterprise.go | 35 - .../hc-install/releases/exact_version.go | 189 - .../hc-install/releases/latest_version.go | 198 - .../hashicorp/hc-install/releases/releases.go | 16 - .../hashicorp/hc-install/releases/versions.go | 105 - .../hashicorp/hc-install/src/src.go | 45 - .../hashicorp/hc-install/version/VERSION | 1 - .../hashicorp/hc-install/version/version.go | 27 - .../hashicorp/hcl/v2/.copywrite.hcl | 16 - .../github.com/hashicorp/hcl/v2/.go-version | 1 - .../hashicorp/hcl/v2/.golangci.yaml | 18 - .../github.com/hashicorp/hcl/v2/CHANGELOG.md | 364 - vendor/github.com/hashicorp/hcl/v2/LICENSE | 355 - vendor/github.com/hashicorp/hcl/v2/Makefile | 18 - vendor/github.com/hashicorp/hcl/v2/README.md | 219 - .../github.com/hashicorp/hcl/v2/diagnostic.go | 189 - .../hashicorp/hcl/v2/diagnostic_text.go | 345 - .../hashicorp/hcl/v2/diagnostic_typeparams.go | 42 - .../github.com/hashicorp/hcl/v2/didyoumean.go | 27 - vendor/github.com/hashicorp/hcl/v2/doc.go | 37 - .../hashicorp/hcl/v2/eval_context.go | 28 - .../github.com/hashicorp/hcl/v2/expr_call.go | 49 - .../github.com/hashicorp/hcl/v2/expr_list.go | 40 - .../github.com/hashicorp/hcl/v2/expr_map.go | 47 - .../hashicorp/hcl/v2/expr_unwrap.go | 71 - .../hcl/v2/ext/customdecode/README.md | 209 - .../hcl/v2/ext/customdecode/customdecode.go | 59 - .../v2/ext/customdecode/expression_type.go | 149 - .../hashicorp/hcl/v2/hclsyntax/diagnostics.go | 26 - .../hashicorp/hcl/v2/hclsyntax/didyoumean.go | 27 - .../hashicorp/hcl/v2/hclsyntax/doc.go | 10 - .../hashicorp/hcl/v2/hclsyntax/expression.go | 2077 - .../hcl/v2/hclsyntax/expression_ops.go | 365 - .../hcl/v2/hclsyntax/expression_template.go | 260 - .../hcl/v2/hclsyntax/expression_vars.go | 83 - .../hashicorp/hcl/v2/hclsyntax/file.go | 23 - .../hashicorp/hcl/v2/hclsyntax/generate.go | 12 - .../hashicorp/hcl/v2/hclsyntax/keywords.go | 24 - .../hashicorp/hcl/v2/hclsyntax/navigation.go | 62 - .../hashicorp/hcl/v2/hclsyntax/node.go | 25 - .../hashicorp/hcl/v2/hclsyntax/parser.go | 2232 -- .../hcl/v2/hclsyntax/parser_template.go | 865 - .../hcl/v2/hclsyntax/parser_traversal.go | 211 - .../hashicorp/hcl/v2/hclsyntax/peeker.go | 215 - .../hashicorp/hcl/v2/hclsyntax/public.go | 205 - .../hcl/v2/hclsyntax/scan_string_lit.go | 303 - .../hcl/v2/hclsyntax/scan_string_lit.rl | 107 - .../hashicorp/hcl/v2/hclsyntax/scan_tokens.go | 5273 --- .../hashicorp/hcl/v2/hclsyntax/scan_tokens.rl | 399 - .../hashicorp/hcl/v2/hclsyntax/spec.md | 943 - .../hashicorp/hcl/v2/hclsyntax/structure.go | 396 - .../hcl/v2/hclsyntax/structure_at_pos.go | 121 - .../hashicorp/hcl/v2/hclsyntax/token.go | 337 - .../hcl/v2/hclsyntax/token_type_string.go | 133 - .../hcl/v2/hclsyntax/unicode2ragel.rb | 338 - .../hcl/v2/hclsyntax/unicode_derived.rl | 2135 - .../hashicorp/hcl/v2/hclsyntax/variables.go | 90 - .../hashicorp/hcl/v2/hclsyntax/walk.go | 44 - vendor/github.com/hashicorp/hcl/v2/merged.go | 227 - vendor/github.com/hashicorp/hcl/v2/ops.go | 436 - vendor/github.com/hashicorp/hcl/v2/pos.go | 278 - .../hashicorp/hcl/v2/pos_scanner.go | 155 - vendor/github.com/hashicorp/hcl/v2/schema.go | 24 - vendor/github.com/hashicorp/hcl/v2/spec.md | 691 - .../hashicorp/hcl/v2/static_expr.go | 43 - .../github.com/hashicorp/hcl/v2/structure.go | 154 - .../hashicorp/hcl/v2/structure_at_pos.go | 120 - vendor/github.com/hashicorp/hcl/v2/tools.go | 11 - .../github.com/hashicorp/hcl/v2/traversal.go | 296 - .../hashicorp/hcl/v2/traversal_for_expr.go | 127 - .../github.com/hashicorp/logutils/.gitignore | 22 - vendor/github.com/hashicorp/logutils/LICENSE | 354 - .../github.com/hashicorp/logutils/README.md | 36 - vendor/github.com/hashicorp/logutils/level.go | 81 - .../hashicorp/terraform-exec/LICENSE | 375 - .../internal/version/version.go | 12 - .../hashicorp/terraform-exec/tfexec/apply.go | 275 - .../hashicorp/terraform-exec/tfexec/cmd.go | 364 - .../terraform-exec/tfexec/cmd_default.go | 95 - .../terraform-exec/tfexec/cmd_linux.go | 100 - .../terraform-exec/tfexec/destroy.go | 204 - .../hashicorp/terraform-exec/tfexec/doc.go | 7 - .../hashicorp/terraform-exec/tfexec/errors.go | 71 - .../hashicorp/terraform-exec/tfexec/fmt.go | 162 - .../terraform-exec/tfexec/force_unlock.go | 61 - .../hashicorp/terraform-exec/tfexec/get.go | 55 - .../hashicorp/terraform-exec/tfexec/graph.go | 88 - .../hashicorp/terraform-exec/tfexec/import.go | 144 - .../hashicorp/terraform-exec/tfexec/init.go | 255 - .../tfexec/metadata_functions.go | 37 - .../terraform-exec/tfexec/options.go | 460 - .../hashicorp/terraform-exec/tfexec/output.go | 66 - .../hashicorp/terraform-exec/tfexec/plan.go | 286 - .../terraform-exec/tfexec/providers_lock.go | 85 - .../terraform-exec/tfexec/providers_schema.go | 36 - .../hashicorp/terraform-exec/tfexec/query.go | 127 - .../terraform-exec/tfexec/refresh.go | 187 - .../hashicorp/terraform-exec/tfexec/show.go | 219 - .../terraform-exec/tfexec/state_mv.go | 108 - .../terraform-exec/tfexec/state_pull.go | 58 - .../terraform-exec/tfexec/state_push.go | 70 - .../terraform-exec/tfexec/state_rm.go | 107 - .../hashicorp/terraform-exec/tfexec/taint.go | 81 - .../terraform-exec/tfexec/terraform.go | 256 - .../hashicorp/terraform-exec/tfexec/test.go | 66 - .../terraform-exec/tfexec/untaint.go | 81 - .../terraform-exec/tfexec/upgrade012.go | 83 - .../terraform-exec/tfexec/upgrade013.go | 71 - .../terraform-exec/tfexec/validate.go | 47 - .../terraform-exec/tfexec/version.go | 234 - .../terraform-exec/tfexec/workspace_delete.go | 84 - .../terraform-exec/tfexec/workspace_list.go | 49 - .../terraform-exec/tfexec/workspace_new.go | 86 - .../terraform-exec/tfexec/workspace_select.go | 13 - .../terraform-exec/tfexec/workspace_show.go | 38 - .../hashicorp/terraform-json/.copywrite.hcl | 13 - .../hashicorp/terraform-json/.gitignore | 3 - .../hashicorp/terraform-json/.go-version | 1 - .../hashicorp/terraform-json/CODEOWNERS | 2 - .../hashicorp/terraform-json/CONTRIBUTING.md | 22 - .../hashicorp/terraform-json/LICENSE | 375 - .../hashicorp/terraform-json/Makefile | 21 - .../hashicorp/terraform-json/README.md | 64 - .../hashicorp/terraform-json/action.go | 119 - .../terraform-json/catalog-info.yaml | 17 - .../hashicorp/terraform-json/checks.go | 145 - .../hashicorp/terraform-json/config.go | 197 - .../hashicorp/terraform-json/expression.go | 130 - .../hashicorp/terraform-json/logging.go | 84 - .../terraform-json/logging_generic.go | 27 - .../hashicorp/terraform-json/logging_query.go | 50 - .../hashicorp/terraform-json/logging_types.go | 65 - .../hashicorp/terraform-json/metadata.go | 115 - .../hashicorp/terraform-json/plan.go | 332 - .../hashicorp/terraform-json/schemas.go | 339 - .../hashicorp/terraform-json/state.go | 221 - .../hashicorp/terraform-json/tfjson.go | 12 - .../hashicorp/terraform-json/validate.go | 152 - .../hashicorp/terraform-json/version.go | 14 - .../hashicorp/terraform-plugin-go/LICENSE | 356 - .../internal/logging/context.go | 119 - .../internal/logging/doc.go | 5 - .../internal/logging/environment_variables.go | 25 - .../internal/logging/keys.go | 92 - .../internal/logging/protocol.go | 36 - .../internal/logging/protocol_data.go | 147 - .../internal/logging/provider.go | 21 - .../terraform-plugin-go/tfprotov5/action.go | 159 - .../tfprotov5/action_schema.go | 10 - .../tfprotov5/client_capabilities.go | 85 - .../tfprotov5/data_source.go | 116 - .../terraform-plugin-go/tfprotov5/deferred.go | 44 - .../tfprotov5/diagnostic.go | 61 - .../terraform-plugin-go/tfprotov5/doc.go | 32 - .../tfprotov5/dynamic_value.go | 132 - .../tfprotov5/ephemeral_resource.go | 185 - .../terraform-plugin-go/tfprotov5/function.go | 141 - .../tfprotov5/function_error.go | 14 - .../tfprotov5/internal/diag/diagnostics.go | 84 - .../tfprotov5/internal/diag/doc.go | 6 - .../tfprotov5/internal/fromproto/action.go | 48 - .../internal/fromproto/client_capabilities.go | 115 - .../internal/fromproto/data_source.go | 37 - .../tfprotov5/internal/fromproto/doc.go | 6 - .../internal/fromproto/dynamic_value.go | 22 - .../internal/fromproto/ephemeral_resource.go | 54 - .../tfprotov5/internal/fromproto/function.go | 36 - .../internal/fromproto/list_resource.go | 35 - .../tfprotov5/internal/fromproto/provider.go | 75 - .../tfprotov5/internal/fromproto/raw_state.go | 22 - .../tfprotov5/internal/fromproto/resource.go | 138 - .../fromproto/resource_identity_data.go | 21 - .../tfprotov5/internal/funcerr/doc.go | 6 - .../internal/funcerr/function_error.go | 50 - .../tf5serverlogging/client_capabilities.go | 123 - .../internal/tf5serverlogging/context_keys.go | 11 - .../internal/tf5serverlogging/deferred.go | 24 - .../internal/tf5serverlogging/doc.go | 6 - .../tf5serverlogging/downstream_request.go | 83 - .../tf5serverlogging/server_capabilities.go | 28 - .../internal/tfplugin5/tfplugin5.pb.go | 7689 ---- .../internal/tfplugin5/tfplugin5.proto | 943 - .../internal/tfplugin5/tfplugin5_grpc.pb.go | 1398 - .../tfprotov5/internal/toproto/action.go | 75 - .../internal/toproto/action_schema.go | 21 - .../internal/toproto/attribute_path.go | 92 - .../tfprotov5/internal/toproto/data_source.go | 47 - .../tfprotov5/internal/toproto/deferred.go | 21 - .../tfprotov5/internal/toproto/diagnostic.go | 93 - .../tfprotov5/internal/toproto/doc.go | 6 - .../internal/toproto/dynamic_value.go | 35 - .../internal/toproto/ephemeral_resource.go | 65 - .../tfprotov5/internal/toproto/function.go | 102 - .../internal/toproto/function_error.go | 22 - .../internal/toproto/list_resource.go | 38 - .../tfprotov5/internal/toproto/provider.go | 151 - .../tfprotov5/internal/toproto/resource.go | 163 - .../toproto/resource_identity_data.go | 21 - .../toproto/resource_identity_schema.go | 52 - .../tfprotov5/internal/toproto/schema.go | 100 - .../internal/toproto/server_capabilities.go | 23 - .../tfprotov5/internal/toproto/string_kind.go | 13 - .../tfprotov5/internal/toproto/timestamp.go | 18 - .../tfprotov5/list_resource.go | 130 - .../terraform-plugin-go/tfprotov5/provider.go | 335 - .../terraform-plugin-go/tfprotov5/resource.go | 640 - .../tfprotov5/resource_identity_data.go | 15 - .../tfprotov5/resource_identity_schema.go | 100 - .../terraform-plugin-go/tfprotov5/schema.go | 334 - .../tfprotov5/server_capabilities.go | 26 - .../terraform-plugin-go/tfprotov5/state.go | 101 - .../tfprotov5/string_kind.go | 28 - .../tfprotov5/tf5server/doc.go | 9 - .../tfprotov5/tf5server/plugin.go | 50 - .../tfprotov5/tf5server/server.go | 1495 - .../terraform-plugin-go/tfprotov6/action.go | 159 - .../tfprotov6/action_schema.go | 10 - .../tfprotov6/client_capabilities.go | 85 - .../tfprotov6/data_source.go | 116 - .../terraform-plugin-go/tfprotov6/deferred.go | 44 - .../tfprotov6/diagnostic.go | 61 - .../terraform-plugin-go/tfprotov6/doc.go | 32 - .../tfprotov6/dynamic_value.go | 132 - .../tfprotov6/ephemeral_resource.go | 185 - .../terraform-plugin-go/tfprotov6/function.go | 141 - .../tfprotov6/function_error.go | 14 - .../tfprotov6/internal/diag/diagnostics.go | 84 - .../tfprotov6/internal/diag/doc.go | 6 - .../tfprotov6/internal/fromproto/action.go | 48 - .../internal/fromproto/client_capabilities.go | 115 - .../internal/fromproto/data_source.go | 37 - .../tfprotov6/internal/fromproto/doc.go | 6 - .../internal/fromproto/dynamic_value.go | 22 - .../internal/fromproto/ephemeral_resource.go | 54 - .../tfprotov6/internal/fromproto/function.go | 36 - .../internal/fromproto/list_resource.go | 35 - .../tfprotov6/internal/fromproto/provider.go | 75 - .../tfprotov6/internal/fromproto/raw_state.go | 22 - .../tfprotov6/internal/fromproto/resource.go | 138 - .../fromproto/resource_identity_data.go | 21 - .../tfprotov6/internal/funcerr/doc.go | 6 - .../internal/funcerr/function_error.go | 50 - .../tf6serverlogging/client_capabilities.go | 123 - .../internal/tf6serverlogging/context_keys.go | 11 - .../internal/tf6serverlogging/deferred.go | 24 - .../internal/tf6serverlogging/doc.go | 6 - .../tf6serverlogging/downstream_request.go | 83 - .../tf6serverlogging/server_capabilities.go | 28 - .../internal/tfplugin6/tfplugin6.pb.go | 7403 ---- .../internal/tfplugin6/tfplugin6.proto | 926 - .../internal/tfplugin6/tfplugin6_grpc.pb.go | 1178 - .../tfprotov6/internal/toproto/action.go | 75 - .../internal/toproto/action_schema.go | 20 - .../internal/toproto/attribute_path.go | 92 - .../tfprotov6/internal/toproto/data_source.go | 45 - .../tfprotov6/internal/toproto/deferred.go | 21 - .../tfprotov6/internal/toproto/diagnostic.go | 93 - .../tfprotov6/internal/toproto/doc.go | 6 - .../internal/toproto/dynamic_value.go | 35 - .../internal/toproto/ephemeral_resource.go | 65 - .../tfprotov6/internal/toproto/function.go | 100 - .../internal/toproto/function_error.go | 22 - .../internal/toproto/list_resource.go | 38 - .../tfprotov6/internal/toproto/provider.go | 150 - .../tfprotov6/internal/toproto/resource.go | 163 - .../toproto/resource_identity_data.go | 21 - .../toproto/resource_identity_schema.go | 52 - .../tfprotov6/internal/toproto/schema.go | 118 - .../internal/toproto/server_capabilities.go | 23 - .../tfprotov6/internal/toproto/string_kind.go | 13 - .../tfprotov6/internal/toproto/timestamp.go | 18 - .../tfprotov6/list_resource.go | 130 - .../terraform-plugin-go/tfprotov6/provider.go | 335 - .../terraform-plugin-go/tfprotov6/resource.go | 637 - .../tfprotov6/resource_identity_data.go | 15 - .../tfprotov6/resource_identity_schema.go | 100 - .../terraform-plugin-go/tfprotov6/schema.go | 449 - .../tfprotov6/server_capabilities.go | 26 - .../terraform-plugin-go/tfprotov6/state.go | 101 - .../tfprotov6/string_kind.go | 28 - .../tfprotov6/tf6server/doc.go | 9 - .../tfprotov6/tf6server/plugin.go | 50 - .../tfprotov6/tf6server/server.go | 1494 - .../tftypes/attribute_path.go | 425 - .../tftypes/attribute_path_error.go | 46 - .../terraform-plugin-go/tftypes/diff.go | 298 - .../terraform-plugin-go/tftypes/doc.go | 60 - .../terraform-plugin-go/tftypes/list.go | 129 - .../terraform-plugin-go/tftypes/map.go | 132 - .../terraform-plugin-go/tftypes/object.go | 319 - .../terraform-plugin-go/tftypes/primitive.go | 411 - .../terraform-plugin-go/tftypes/set.go | 125 - .../terraform-plugin-go/tftypes/tuple.go | 169 - .../terraform-plugin-go/tftypes/type.go | 236 - .../tftypes/unknown_value.go | 12 - .../terraform-plugin-go/tftypes/value.go | 634 - .../tftypes/value_equal.go | 213 - .../terraform-plugin-go/tftypes/value_json.go | 514 - .../tftypes/value_msgpack.go | 584 - .../terraform-plugin-go/tftypes/value_walk.go | 33 - .../terraform-plugin-go/tftypes/walk.go | 349 - .../hashicorp/terraform-plugin-log/LICENSE | 356 - .../internal/fieldutils/field_maps.go | 48 - .../internal/hclogutils/args.go | 29 - .../internal/hclogutils/logger_options.go | 32 - .../internal/logging/filtering.go | 136 - .../internal/logging/log.go | 120 - .../internal/logging/options.go | 372 - .../internal/logging/provider.go | 120 - .../internal/logging/sdk.go | 121 - .../internal/logging/sink.go | 60 - .../terraform-plugin-log/tflog/doc.go | 16 - .../terraform-plugin-log/tflog/options.go | 63 - .../terraform-plugin-log/tflog/provider.go | 348 - .../terraform-plugin-log/tflog/subsystem.go | 427 - .../terraform-plugin-log/tfsdklog/doc.go | 13 - .../terraform-plugin-log/tfsdklog/levels.go | 84 - .../terraform-plugin-log/tfsdklog/options.go | 81 - .../terraform-plugin-log/tfsdklog/sdk.go | 439 - .../terraform-plugin-log/tfsdklog/sink.go | 206 - .../tfsdklog/subsystem.go | 450 - .../hashicorp/terraform-plugin-sdk/v2/LICENSE | 356 - .../v2/diag/diagnostic.go | 107 - .../terraform-plugin-sdk/v2/diag/helpers.go | 42 - .../v2/helper/customdiff/compose.go | 76 - .../v2/helper/customdiff/computed.go | 36 - .../v2/helper/customdiff/condition.go | 65 - .../v2/helper/customdiff/doc.go | 14 - .../v2/helper/customdiff/force_new.go | 74 - .../v2/helper/customdiff/validate.go | 43 - .../v2/helper/logging/logging.go | 140 - .../helper/logging/logging_http_transport.go | 291 - .../v2/helper/logging/transport.go | 82 - .../v2/helper/retry/error.go | 94 - .../v2/helper/retry/state.go | 283 - .../v2/helper/retry/wait.go | 116 - .../v2/helper/schema/README.md | 11 - .../v2/helper/schema/context.go | 10 - .../v2/helper/schema/core_schema.go | 436 - .../schema/data_source_resource_shim.go | 62 - .../v2/helper/schema/deferred.go | 45 - .../v2/helper/schema/equal.go | 9 - .../v2/helper/schema/field_reader.go | 338 - .../v2/helper/schema/field_reader_config.go | 331 - .../v2/helper/schema/field_reader_diff.go | 248 - .../v2/helper/schema/field_reader_map.go | 202 - .../v2/helper/schema/field_reader_multi.go | 66 - .../v2/helper/schema/field_writer.go | 11 - .../v2/helper/schema/field_writer_map.go | 359 - .../v2/helper/schema/getsource_string.go | 46 - .../v2/helper/schema/grpc_provider.go | 2496 -- .../v2/helper/schema/identity_data.go | 142 - .../v2/helper/schema/json.go | 15 - .../v2/helper/schema/provider.go | 645 - .../v2/helper/schema/resource.go | 1605 - .../v2/helper/schema/resource_data.go | 867 - .../helper/schema/resource_data_get_source.go | 23 - .../v2/helper/schema/resource_diff.go | 709 - .../v2/helper/schema/resource_identity.go | 89 - .../v2/helper/schema/resource_importer.go | 132 - .../v2/helper/schema/resource_timeout.go | 272 - .../v2/helper/schema/schema.go | 2581 -- .../v2/helper/schema/serialize.go | 133 - .../v2/helper/schema/set.go | 246 - .../v2/helper/schema/shims.go | 133 - .../v2/helper/schema/testing.go | 49 - .../v2/helper/schema/unknown.go | 135 - .../v2/helper/schema/valuetype.go | 27 - .../v2/helper/schema/valuetype_string.go | 31 - .../v2/helper/schema/write_only.go | 214 - .../v2/helper/structure/expand_json.go | 14 - .../v2/helper/structure/flatten_json.go | 19 - .../v2/helper/structure/normalize_json.go | 27 - .../v2/helper/structure/suppress_json_diff.go | 24 - .../v2/helper/validation/float.go | 67 - .../v2/helper/validation/int.go | 128 - .../v2/helper/validation/list.go | 35 - .../v2/helper/validation/map.go | 159 - .../v2/helper/validation/meta.go | 132 - .../v2/helper/validation/network.go | 174 - .../v2/helper/validation/path.go | 55 - .../v2/helper/validation/strings.go | 240 - .../v2/helper/validation/testing.go | 90 - .../v2/helper/validation/time.go | 57 - .../v2/helper/validation/uuid.go | 25 - .../v2/helper/validation/web.go | 58 - .../v2/helper/validation/write_only.go | 120 - .../v2/internal/addrs/doc.go | 20 - .../v2/internal/addrs/instance_key.go | 50 - .../v2/internal/addrs/module.go | 16 - .../v2/internal/addrs/module_instance.go | 242 - .../configs/configschema/coerce_value.go | 253 - .../v2/internal/configs/configschema/doc.go | 17 - .../configs/configschema/empty_value.go | 62 - .../configs/configschema/implied_type.go | 71 - .../configschema/nestingmode_string.go | 28 - .../internal/configs/configschema/schema.go | 183 - .../v2/internal/configs/hcl2shim/flatmap.go | 426 - .../v2/internal/configs/hcl2shim/paths.go | 279 - .../v2/internal/configs/hcl2shim/values.go | 233 - .../internal/configs/hcl2shim/values_equiv.go | 217 - .../v2/internal/helper/hashcode/hashcode.go | 38 - .../v2/internal/logging/context.go | 78 - .../internal/logging/environment_variables.go | 27 - .../v2/internal/logging/helper_resource.go | 35 - .../v2/internal/logging/helper_schema.go | 35 - .../v2/internal/logging/keys.go | 66 - .../internal/plans/objchange/normalize_obj.go | 136 - .../v2/internal/plugin/convert/diagnostics.go | 165 - .../v2/internal/plugin/convert/schema.go | 331 - .../v2/internal/plugin/convert/value.go | 213 - .../v2/internal/tfdiags/config_traversals.go | 59 - .../v2/internal/tfdiags/contextual.go | 84 - .../v2/internal/tfdiags/diagnostic.go | 26 - .../v2/internal/tfdiags/diagnostic_base.go | 34 - .../v2/internal/tfdiags/diagnostics.go | 196 - .../v2/internal/tfdiags/doc.go | 19 - .../v2/internal/tfdiags/error.go | 27 - .../v2/internal/tfdiags/severity_string.go | 29 - .../v2/internal/tfdiags/simple_warning.go | 23 - .../terraform-plugin-sdk/v2/meta/meta.go | 48 - .../terraform-plugin-sdk/v2/plugin/debug.go | 91 - .../terraform-plugin-sdk/v2/plugin/serve.go | 238 - .../terraform-plugin-sdk/v2/terraform/diff.go | 1002 - .../v2/terraform/instancetype.go | 19 - .../v2/terraform/instancetype_string.go | 26 - .../v2/terraform/resource.go | 355 - .../v2/terraform/resource_address.go | 229 - .../v2/terraform/resource_mode.go | 18 - .../v2/terraform/resource_mode_string.go | 24 - .../v2/terraform/resource_provider.go | 29 - .../v2/terraform/schemas.go | 29 - .../v2/terraform/state.go | 1672 - .../v2/terraform/state_filter.go | 273 - .../terraform-plugin-sdk/v2/terraform/util.go | 25 - .../terraform-plugin-testing/LICENSE | 375 - .../terraform-plugin-testing/compare/doc.go | 5 - .../compare/value_comparer.go | 13 - .../compare/values_differ.go | 31 - .../compare/values_same.go | 31 - .../terraform-plugin-testing/config/config.go | 38 - .../config/constraints.go | 27 - .../config/directory.go | 63 - .../terraform-plugin-testing/config/doc.go | 6 - .../terraform-plugin-testing/config/file.go | 63 - .../config/variable.go | 324 - .../helper/acctest/random.go | 215 - .../helper/resource/additional_cli_options.go | 29 - .../helper/resource/environment_variables.go | 45 - .../helper/resource/error.go | 132 - .../helper/resource/id.go | 62 - .../helper/resource/json.go | 15 - .../helper/resource/plan_checks.go | 28 - .../helper/resource/plugin.go | 528 - .../helper/resource/query/query_checks.go | 96 - .../helper/resource/state.go | 292 - .../helper/resource/state_checks.go | 29 - .../helper/resource/state_shim.go | 344 - .../helper/resource/testcase_providers.go | 61 - .../helper/resource/testcase_validate.go | 113 - .../helper/resource/testing.go | 2167 -- .../helper/resource/testing_config.go | 29 - .../helper/resource/testing_new.go | 699 - .../helper/resource/testing_new_config.go | 475 - .../resource/testing_new_import_state.go | 571 - .../helper/resource/testing_new_query.go | 47 - .../resource/testing_new_refresh_state.go | 105 - .../helper/resource/testing_sets.go | 492 - .../helper/resource/teststep_providers.go | 258 - .../helper/resource/teststep_validate.go | 245 - .../helper/resource/tfversion_checks.go | 31 - .../helper/resource/wait.go | 135 - .../internal/addrs/doc.go | 20 - .../internal/addrs/instance_key.go | 50 - .../internal/addrs/module.go | 16 - .../internal/addrs/module_instance.go | 242 - .../configs/configschema/coerce_value.go | 253 - .../internal/configs/configschema/doc.go | 17 - .../configs/configschema/empty_value.go | 62 - .../configs/configschema/implied_type.go | 71 - .../configschema/nestingmode_string.go | 28 - .../internal/configs/configschema/schema.go | 161 - .../internal/configs/hcl2shim/flatmap.go | 426 - .../internal/configs/hcl2shim/paths.go | 279 - .../internal/configs/hcl2shim/values.go | 233 - .../internal/configs/hcl2shim/values_equiv.go | 217 - .../internal/logging/context.go | 62 - .../internal/logging/environment_variables.go | 22 - .../internal/logging/helper_resource.go | 35 - .../internal/logging/keys.go | 63 - .../internal/plugintest/config.go | 96 - .../internal/plugintest/doc.go | 10 - .../plugintest/environment_variables.go | 119 - .../internal/plugintest/guard.go | 52 - .../internal/plugintest/helper.go | 322 - .../internal/plugintest/util.go | 186 - .../internal/plugintest/working_dir.go | 565 - .../internal/teststep/config.go | 269 - .../internal/teststep/directory.go | 132 - .../internal/teststep/file.go | 112 - .../internal/teststep/string.go | 82 - .../internal/tfdiags/config_traversals.go | 59 - .../internal/tfdiags/contextual.go | 84 - .../internal/tfdiags/diagnostic.go | 26 - .../internal/tfdiags/diagnostic_base.go | 34 - .../internal/tfdiags/diagnostics.go | 196 - .../internal/tfdiags/doc.go | 19 - .../internal/tfdiags/error.go | 27 - .../internal/tfdiags/severity_string.go | 29 - .../internal/tfdiags/simple_warning.go | 23 - .../knownvalue/bool.go | 44 - .../knownvalue/bool_func.go | 39 - .../knownvalue/check.go | 14 - .../knownvalue/doc.go | 5 - .../knownvalue/float32.go | 51 - .../knownvalue/float32_func.go | 48 - .../knownvalue/float64.go | 51 - .../knownvalue/float64_func.go | 48 - .../knownvalue/int32.go | 51 - .../knownvalue/int32_func.go | 48 - .../knownvalue/int64.go | 51 - .../knownvalue/int64_func.go | 48 - .../knownvalue/list.go | 67 - .../knownvalue/list_partial.go | 89 - .../knownvalue/list_size.go | 55 - .../knownvalue/map.go | 93 - .../knownvalue/map_partial.go | 80 - .../knownvalue/map_size.go | 55 - .../knownvalue/not_null.go | 32 - .../knownvalue/null.go | 32 - .../knownvalue/number.go | 56 - .../knownvalue/number_func.go | 48 - .../knownvalue/object.go | 116 - .../knownvalue/object_partial.go | 80 - .../knownvalue/set.go | 86 - .../knownvalue/set_partial.go | 72 - .../knownvalue/set_size.go | 55 - .../knownvalue/string.go | 41 - .../knownvalue/string_func.go | 39 - .../knownvalue/string_regexp.go | 45 - .../knownvalue/tuple.go | 67 - .../knownvalue/tuple_partial.go | 89 - .../knownvalue/tuple_size.go | 55 - .../plancheck/deferred_reason.go | 21 - .../terraform-plugin-testing/plancheck/doc.go | 5 - .../plancheck/expect_deferred_change.go | 49 - .../plancheck/expect_empty_plan.go | 39 - .../plancheck/expect_known_output_value.go | 68 - .../expect_known_output_value_at_path.go | 71 - .../plancheck/expect_known_value.go | 70 - .../plancheck/expect_no_deferred_changes.go | 52 - .../plancheck/expect_non_empty_plan.go | 35 - .../plancheck/expect_null_output_value.go | 74 - .../expect_null_output_value_at_path.go | 76 - .../plancheck/expect_resource_action.go | 90 - .../plancheck/expect_sensitive_value.go | 61 - .../plancheck/expect_unknown_output_value.go | 82 - .../expect_unknown_output_value_at_path.go | 85 - .../plancheck/expect_unknown_value.go | 75 - .../plancheck/plan_check.go | 30 - .../plancheck/resource_action.go | 50 - .../querycheck/doc.go | 5 - .../querycheck/expect_identity.go | 105 - .../querycheck/expect_no_identity.go | 89 - .../expect_resource_display_name.go | 70 - .../expect_resource_known_values.go | 93 - .../expect_result_length_atleast.go | 39 - .../querycheck/expect_result_length_exact.go | 39 - .../querycheck/known_value.go | 19 - .../querycheck/query_check.go | 43 - .../querycheck/queryfilter/filter.go | 32 - .../queryfilter/filter_by_display_name.go | 29 - .../filter_by_resource_identity.go | 59 - .../statecheck/compare_value.go | 114 - .../statecheck/compare_value_collection.go | 223 - .../statecheck/compare_value_pairs.go | 111 - .../statecheck/doc.go | 5 - .../statecheck/expect_identity.go | 138 - .../statecheck/expect_identity_value.go | 91 - .../expect_identity_value_matches_state.go | 97 - ...ct_identity_value_matches_state_at_path.go | 106 - .../statecheck/expect_known_output_value.go | 76 - .../expect_known_output_value_at_path.go | 78 - .../statecheck/expect_known_value.go | 84 - .../statecheck/expect_sensitive_value.go | 101 - .../statecheck/state_check.go | 30 - .../terraform/diff.go | 1055 - .../terraform/instancetype.go | 19 - .../terraform/instancetype_string.go | 26 - .../terraform/resource.go | 362 - .../terraform/resource_address.go | 229 - .../terraform/resource_mode.go | 18 - .../terraform/resource_mode_string.go | 24 - .../terraform/resource_provider.go | 37 - .../terraform/schemas.go | 37 - .../terraform/state.go | 1876 - .../terraform/state_filter.go | 273 - .../terraform/unknown_value_walk.go | 85 - .../terraform/util.go | 25 - .../tfjsonpath/doc.go | 6 - .../tfjsonpath/path.go | 135 - .../tfjsonpath/step.go | 14 - .../terraform-plugin-testing/tfversion/all.go | 45 - .../terraform-plugin-testing/tfversion/any.go | 54 - .../terraform-plugin-testing/tfversion/doc.go | 5 - .../tfversion/require_above.go | 54 - .../tfversion/require_below.go | 54 - .../tfversion/require_between.go | 67 - .../tfversion/require_not.go | 51 - .../tfversion/skip_above.go | 54 - .../tfversion/skip_below.go | 54 - .../tfversion/skip_between.go | 67 - .../tfversion/skip_if.go | 51 - .../tfversion/skip_if_not_alpha.go | 31 - .../tfversion/skip_if_not_prerelease.go | 28 - .../tfversion/version_check.go | 39 - .../tfversion/versions.go | 44 - .../terraform-registry-address/.copywrite.hcl | 7 - .../terraform-registry-address/.go-version | 1 - .../CONTRIBUTING.md | 22 - .../terraform-registry-address/LICENSE | 356 - .../terraform-registry-address/README.md | 204 - .../terraform-registry-address/component.go | 167 - .../component_package.go | 82 - .../terraform-registry-address/errors.go | 17 - .../terraform-registry-address/module.go | 254 - .../module_package.go | 61 - .../terraform-registry-address/provider.go | 525 - .../hashicorp/terraform-svchost/CHANGELOG.md | 13 - .../terraform-svchost/CONTRIBUTING.md | 3 - .../hashicorp/terraform-svchost/LICENSE | 355 - .../hashicorp/terraform-svchost/README.md | 9 - .../hashicorp/terraform-svchost/label_iter.go | 71 - .../hashicorp/terraform-svchost/svchost.go | 221 - vendor/github.com/hashicorp/yamux/.gitignore | 23 - vendor/github.com/hashicorp/yamux/LICENSE | 364 - vendor/github.com/hashicorp/yamux/README.md | 86 - vendor/github.com/hashicorp/yamux/addr.go | 60 - vendor/github.com/hashicorp/yamux/const.go | 182 - vendor/github.com/hashicorp/yamux/mux.go | 118 - vendor/github.com/hashicorp/yamux/session.go | 749 - vendor/github.com/hashicorp/yamux/spec.md | 140 - vendor/github.com/hashicorp/yamux/stream.go | 556 - vendor/github.com/hashicorp/yamux/util.go | 50 - vendor/github.com/mattn/go-colorable/LICENSE | 21 - .../github.com/mattn/go-colorable/README.md | 48 - .../mattn/go-colorable/colorable_others.go | 38 - .../mattn/go-colorable/colorable_windows.go | 1047 - .../github.com/mattn/go-colorable/go.test.sh | 12 - .../mattn/go-colorable/noncolorable.go | 57 - vendor/github.com/mattn/go-isatty/LICENSE | 9 - vendor/github.com/mattn/go-isatty/README.md | 50 - vendor/github.com/mattn/go-isatty/doc.go | 2 - vendor/github.com/mattn/go-isatty/go.test.sh | 12 - .../github.com/mattn/go-isatty/isatty_bsd.go | 20 - .../mattn/go-isatty/isatty_others.go | 17 - .../mattn/go-isatty/isatty_plan9.go | 23 - .../mattn/go-isatty/isatty_solaris.go | 21 - .../mattn/go-isatty/isatty_tcgets.go | 20 - .../mattn/go-isatty/isatty_windows.go | 125 - .../mitchellh/copystructure/LICENSE | 21 - .../mitchellh/copystructure/README.md | 21 - .../mitchellh/copystructure/copier_time.go | 15 - .../mitchellh/copystructure/copystructure.go | 631 - .../go-testing-interface/.travis.yml | 12 - .../mitchellh/go-testing-interface/LICENSE | 21 - .../mitchellh/go-testing-interface/README.md | 60 - .../mitchellh/go-testing-interface/testing.go | 112 - .../mitchellh/go-wordwrap/LICENSE.md | 21 - .../mitchellh/go-wordwrap/README.md | 39 - .../mitchellh/go-wordwrap/wordwrap.go | 83 - .../mitchellh/mapstructure/CHANGELOG.md | 96 - .../github.com/mitchellh/mapstructure/LICENSE | 21 - .../mitchellh/mapstructure/README.md | 46 - .../mitchellh/mapstructure/decode_hooks.go | 279 - .../mitchellh/mapstructure/error.go | 50 - .../mitchellh/mapstructure/mapstructure.go | 1540 - .../mitchellh/reflectwalk/.travis.yml | 1 - .../github.com/mitchellh/reflectwalk/LICENSE | 21 - .../mitchellh/reflectwalk/README.md | 6 - .../mitchellh/reflectwalk/location.go | 19 - .../mitchellh/reflectwalk/location_string.go | 16 - .../mitchellh/reflectwalk/reflectwalk.go | 420 - vendor/github.com/oklog/run/.gitignore | 14 - vendor/github.com/oklog/run/LICENSE | 201 - vendor/github.com/oklog/run/README.md | 75 - vendor/github.com/oklog/run/actors.go | 38 - vendor/github.com/oklog/run/group.go | 62 - .../github.com/shurcooL/githubv4/.travis.yml | 16 - vendor/github.com/shurcooL/githubv4/LICENSE | 21 - vendor/github.com/shurcooL/githubv4/README.md | 413 - .../shurcooL/githubv4/deprecated.go | 8 - vendor/github.com/shurcooL/githubv4/doc.go | 10 - vendor/github.com/shurcooL/githubv4/enum.go | 2089 - .../github.com/shurcooL/githubv4/githubv4.go | 56 - vendor/github.com/shurcooL/githubv4/input.go | 3301 -- vendor/github.com/shurcooL/githubv4/scalar.go | 145 - .../github.com/shurcooL/graphql/.travis.yml | 16 - vendor/github.com/shurcooL/graphql/LICENSE | 21 - vendor/github.com/shurcooL/graphql/README.md | 291 - vendor/github.com/shurcooL/graphql/doc.go | 8 - vendor/github.com/shurcooL/graphql/graphql.go | 123 - .../shurcooL/graphql/ident/ident.go | 241 - .../graphql/internal/jsonutil/graphql.go | 310 - vendor/github.com/shurcooL/graphql/query.go | 131 - vendor/github.com/shurcooL/graphql/scalar.go | 51 - .../vmihailenco/msgpack/.travis.yml | 18 - .../vmihailenco/msgpack/CHANGELOG.md | 24 - vendor/github.com/vmihailenco/msgpack/LICENSE | 25 - .../github.com/vmihailenco/msgpack/Makefile | 6 - .../github.com/vmihailenco/msgpack/README.md | 69 - .../vmihailenco/msgpack/appengine.go | 64 - .../vmihailenco/msgpack/codes/codes.go | 90 - .../github.com/vmihailenco/msgpack/decode.go | 547 - .../vmihailenco/msgpack/decode_map.go | 339 - .../vmihailenco/msgpack/decode_number.go | 307 - .../vmihailenco/msgpack/decode_query.go | 158 - .../vmihailenco/msgpack/decode_slice.go | 193 - .../vmihailenco/msgpack/decode_string.go | 175 - .../vmihailenco/msgpack/decode_value.go | 236 - .../github.com/vmihailenco/msgpack/encode.go | 177 - .../vmihailenco/msgpack/encode_map.go | 172 - .../vmihailenco/msgpack/encode_number.go | 230 - .../vmihailenco/msgpack/encode_slice.go | 124 - .../vmihailenco/msgpack/encode_value.go | 167 - vendor/github.com/vmihailenco/msgpack/ext.go | 244 - .../github.com/vmihailenco/msgpack/msgpack.go | 17 - vendor/github.com/vmihailenco/msgpack/tag.go | 42 - vendor/github.com/vmihailenco/msgpack/time.go | 149 - .../github.com/vmihailenco/msgpack/types.go | 310 - .../vmihailenco/msgpack/v5/.prettierrc | 4 - .../vmihailenco/msgpack/v5/.travis.yml | 20 - .../vmihailenco/msgpack/v5/CHANGELOG.md | 75 - .../github.com/vmihailenco/msgpack/v5/LICENSE | 25 - .../vmihailenco/msgpack/v5/Makefile | 6 - .../vmihailenco/msgpack/v5/README.md | 100 - .../msgpack/v5/commitlint.config.js | 1 - .../vmihailenco/msgpack/v5/decode.go | 708 - .../vmihailenco/msgpack/v5/decode_map.go | 356 - .../vmihailenco/msgpack/v5/decode_number.go | 295 - .../vmihailenco/msgpack/v5/decode_query.go | 157 - .../vmihailenco/msgpack/v5/decode_slice.go | 198 - .../vmihailenco/msgpack/v5/decode_string.go | 192 - .../vmihailenco/msgpack/v5/decode_typgen.go | 46 - .../vmihailenco/msgpack/v5/decode_value.go | 251 - .../vmihailenco/msgpack/v5/encode.go | 270 - .../vmihailenco/msgpack/v5/encode_map.go | 225 - .../vmihailenco/msgpack/v5/encode_number.go | 252 - .../vmihailenco/msgpack/v5/encode_slice.go | 139 - .../vmihailenco/msgpack/v5/encode_value.go | 254 - .../github.com/vmihailenco/msgpack/v5/ext.go | 303 - .../vmihailenco/msgpack/v5/intern.go | 236 - .../vmihailenco/msgpack/v5/msgpack.go | 52 - .../msgpack/v5/msgpcode/msgpcode.go | 88 - .../vmihailenco/msgpack/v5/package.json | 4 - .../github.com/vmihailenco/msgpack/v5/safe.go | 13 - .../github.com/vmihailenco/msgpack/v5/time.go | 151 - .../vmihailenco/msgpack/v5/types.go | 413 - .../vmihailenco/msgpack/v5/unsafe.go | 22 - .../vmihailenco/msgpack/v5/version.go | 6 - .../vmihailenco/tagparser/v2/.travis.yml | 19 - .../vmihailenco/tagparser/v2/LICENSE | 25 - .../vmihailenco/tagparser/v2/Makefile | 9 - .../vmihailenco/tagparser/v2/README.md | 24 - .../tagparser/v2/internal/parser/parser.go | 82 - .../vmihailenco/tagparser/v2/internal/safe.go | 11 - .../tagparser/v2/internal/unsafe.go | 22 - .../vmihailenco/tagparser/v2/tagparser.go | 166 - vendor/github.com/zclconf/go-cty/LICENSE | 21 - .../github.com/zclconf/go-cty/cty/capsule.go | 128 - .../zclconf/go-cty/cty/capsule_ops.go | 144 - .../zclconf/go-cty/cty/collection.go | 34 - .../go-cty/cty/convert/compare_types.go | 165 - .../zclconf/go-cty/cty/convert/conversion.go | 266 - .../go-cty/cty/convert/conversion_capsule.go | 31 - .../cty/convert/conversion_collection.go | 629 - .../go-cty/cty/convert/conversion_dynamic.go | 136 - .../go-cty/cty/convert/conversion_object.go | 101 - .../cty/convert/conversion_primitive.go | 57 - .../go-cty/cty/convert/conversion_tuple.go | 71 - .../zclconf/go-cty/cty/convert/doc.go | 15 - .../go-cty/cty/convert/mismatch_msg.go | 281 - .../zclconf/go-cty/cty/convert/public.go | 83 - .../zclconf/go-cty/cty/convert/sort_types.go | 69 - .../zclconf/go-cty/cty/convert/unify.go | 500 - .../zclconf/go-cty/cty/ctymarks/doc.go | 3 - .../zclconf/go-cty/cty/ctymarks/wrangle.go | 58 - .../zclconf/go-cty/cty/ctystrings/doc.go | 26 - .../go-cty/cty/ctystrings/normalize.go | 14 - .../zclconf/go-cty/cty/ctystrings/prefix.go | 135 - vendor/github.com/zclconf/go-cty/cty/doc.go | 18 - .../zclconf/go-cty/cty/element_iterator.go | 194 - vendor/github.com/zclconf/go-cty/cty/error.go | 55 - .../zclconf/go-cty/cty/function/argument.go | 73 - .../zclconf/go-cty/cty/function/doc.go | 6 - .../zclconf/go-cty/cty/function/error.go | 50 - .../zclconf/go-cty/cty/function/function.go | 463 - .../go-cty/cty/function/stdlib/bool.go | 84 - .../go-cty/cty/function/stdlib/bytes.go | 116 - .../go-cty/cty/function/stdlib/collection.go | 1545 - .../go-cty/cty/function/stdlib/conversion.go | 123 - .../zclconf/go-cty/cty/function/stdlib/csv.go | 104 - .../go-cty/cty/function/stdlib/datetime.go | 445 - .../cty/function/stdlib/datetime_rfc3339.go | 219 - .../zclconf/go-cty/cty/function/stdlib/doc.go | 13 - .../go-cty/cty/function/stdlib/format.go | 534 - .../go-cty/cty/function/stdlib/format_fsm.go | 374 - .../go-cty/cty/function/stdlib/format_fsm.rl | 198 - .../go-cty/cty/function/stdlib/general.go | 117 - .../go-cty/cty/function/stdlib/json.go | 146 - .../go-cty/cty/function/stdlib/number.go | 715 - .../go-cty/cty/function/stdlib/regexp.go | 237 - .../go-cty/cty/function/stdlib/sequence.go | 239 - .../zclconf/go-cty/cty/function/stdlib/set.go | 232 - .../go-cty/cty/function/stdlib/string.go | 624 - .../cty/function/stdlib/string_replace.go | 87 - .../go-cty/cty/function/unpredictable.go | 31 - .../zclconf/go-cty/cty/gocty/doc.go | 7 - .../zclconf/go-cty/cty/gocty/helpers.go | 43 - .../github.com/zclconf/go-cty/cty/gocty/in.go | 548 - .../zclconf/go-cty/cty/gocty/out.go | 686 - .../zclconf/go-cty/cty/gocty/type_implied.go | 108 - .../github.com/zclconf/go-cty/cty/helper.go | 99 - vendor/github.com/zclconf/go-cty/cty/json.go | 199 - .../github.com/zclconf/go-cty/cty/json/doc.go | 11 - .../zclconf/go-cty/cty/json/marshal.go | 195 - .../zclconf/go-cty/cty/json/simple.go | 41 - .../zclconf/go-cty/cty/json/type.go | 23 - .../zclconf/go-cty/cty/json/type_implied.go | 193 - .../zclconf/go-cty/cty/json/unmarshal.go | 459 - .../zclconf/go-cty/cty/json/value.go | 65 - .../zclconf/go-cty/cty/list_type.go | 74 - .../github.com/zclconf/go-cty/cty/map_type.go | 74 - vendor/github.com/zclconf/go-cty/cty/marks.go | 439 - .../zclconf/go-cty/cty/marks_wrangle.go | 289 - vendor/github.com/zclconf/go-cty/cty/null.go | 14 - .../zclconf/go-cty/cty/object_type.go | 220 - vendor/github.com/zclconf/go-cty/cty/path.go | 272 - .../github.com/zclconf/go-cty/cty/path_set.go | 200 - .../zclconf/go-cty/cty/primitive_type.go | 183 - .../zclconf/go-cty/cty/set/iterator.go | 15 - .../github.com/zclconf/go-cty/cty/set/ops.go | 210 - .../zclconf/go-cty/cty/set/rules.go | 47 - .../github.com/zclconf/go-cty/cty/set/set.go | 62 - .../zclconf/go-cty/cty/set_helper.go | 132 - .../zclconf/go-cty/cty/set_internals.go | 278 - .../github.com/zclconf/go-cty/cty/set_type.go | 72 - .../zclconf/go-cty/cty/tuple_type.go | 121 - vendor/github.com/zclconf/go-cty/cty/type.go | 161 - .../zclconf/go-cty/cty/type_conform.go | 139 - .../github.com/zclconf/go-cty/cty/unknown.go | 93 - .../zclconf/go-cty/cty/unknown_as_null.go | 69 - .../zclconf/go-cty/cty/unknown_refinement.go | 788 - vendor/github.com/zclconf/go-cty/cty/value.go | 143 - .../zclconf/go-cty/cty/value_init.go | 366 - .../zclconf/go-cty/cty/value_ops.go | 1547 - .../zclconf/go-cty/cty/value_range.go | 412 - vendor/github.com/zclconf/go-cty/cty/walk.go | 266 - vendor/golang.org/x/crypto/LICENSE | 27 - vendor/golang.org/x/crypto/PATENTS | 22 - vendor/golang.org/x/crypto/argon2/argon2.go | 287 - vendor/golang.org/x/crypto/argon2/blake2b.go | 53 - .../x/crypto/argon2/blamka_amd64.go | 60 - .../golang.org/x/crypto/argon2/blamka_amd64.s | 2791 -- .../x/crypto/argon2/blamka_generic.go | 163 - .../golang.org/x/crypto/argon2/blamka_ref.go | 15 - vendor/golang.org/x/crypto/blake2b/blake2b.go | 291 - .../x/crypto/blake2b/blake2bAVX2_amd64.go | 37 - .../x/crypto/blake2b/blake2bAVX2_amd64.s | 4559 --- .../x/crypto/blake2b/blake2b_amd64.s | 1441 - .../x/crypto/blake2b/blake2b_generic.go | 182 - .../x/crypto/blake2b/blake2b_ref.go | 11 - vendor/golang.org/x/crypto/blake2b/blake2x.go | 185 - vendor/golang.org/x/crypto/blake2b/go125.go | 11 - .../golang.org/x/crypto/blake2b/register.go | 30 - vendor/golang.org/x/crypto/blowfish/block.go | 159 - vendor/golang.org/x/crypto/blowfish/cipher.go | 99 - vendor/golang.org/x/crypto/blowfish/const.go | 199 - vendor/golang.org/x/crypto/cast5/cast5.go | 536 - .../x/crypto/chacha20/chacha_arm64.go | 16 - .../x/crypto/chacha20/chacha_arm64.s | 307 - .../x/crypto/chacha20/chacha_generic.go | 398 - .../x/crypto/chacha20/chacha_noasm.go | 13 - .../x/crypto/chacha20/chacha_ppc64x.go | 16 - .../x/crypto/chacha20/chacha_ppc64x.s | 501 - .../x/crypto/chacha20/chacha_s390x.go | 27 - .../x/crypto/chacha20/chacha_s390x.s | 224 - vendor/golang.org/x/crypto/chacha20/xor.go | 42 - vendor/golang.org/x/crypto/cryptobyte/asn1.go | 825 - .../x/crypto/cryptobyte/asn1/asn1.go | 46 - .../golang.org/x/crypto/cryptobyte/builder.go | 350 - .../golang.org/x/crypto/cryptobyte/string.go | 183 - .../x/crypto/curve25519/curve25519.go | 93 - vendor/golang.org/x/crypto/hkdf/hkdf.go | 95 - .../x/crypto/internal/alias/alias.go | 31 - .../x/crypto/internal/alias/alias_purego.go | 34 - .../x/crypto/internal/poly1305/mac_noasm.go | 9 - .../x/crypto/internal/poly1305/poly1305.go | 99 - .../x/crypto/internal/poly1305/sum_amd64.s | 93 - .../x/crypto/internal/poly1305/sum_asm.go | 47 - .../x/crypto/internal/poly1305/sum_generic.go | 312 - .../x/crypto/internal/poly1305/sum_loong64.s | 123 - .../x/crypto/internal/poly1305/sum_ppc64x.s | 187 - .../x/crypto/internal/poly1305/sum_s390x.go | 76 - .../x/crypto/internal/poly1305/sum_s390x.s | 503 - vendor/golang.org/x/crypto/nacl/box/box.go | 182 - .../x/crypto/nacl/secretbox/secretbox.go | 173 - vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go | 77 - .../x/crypto/salsa20/salsa/hsalsa20.go | 150 - .../x/crypto/salsa20/salsa/salsa208.go | 201 - .../x/crypto/salsa20/salsa/salsa20_amd64.go | 23 - .../x/crypto/salsa20/salsa/salsa20_amd64.s | 880 - .../x/crypto/salsa20/salsa/salsa20_noasm.go | 14 - .../x/crypto/salsa20/salsa/salsa20_ref.go | 233 - vendor/golang.org/x/crypto/sha3/hashes.go | 95 - .../golang.org/x/crypto/sha3/legacy_hash.go | 263 - .../x/crypto/sha3/legacy_keccakf.go | 416 - vendor/golang.org/x/crypto/sha3/shake.go | 119 - vendor/golang.org/x/crypto/ssh/buffer.go | 97 - vendor/golang.org/x/crypto/ssh/certs.go | 624 - vendor/golang.org/x/crypto/ssh/channel.go | 645 - vendor/golang.org/x/crypto/ssh/cipher.go | 789 - vendor/golang.org/x/crypto/ssh/client.go | 283 - vendor/golang.org/x/crypto/ssh/client_auth.go | 788 - vendor/golang.org/x/crypto/ssh/common.go | 727 - vendor/golang.org/x/crypto/ssh/connection.go | 155 - vendor/golang.org/x/crypto/ssh/doc.go | 34 - vendor/golang.org/x/crypto/ssh/handshake.go | 847 - .../ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go | 93 - vendor/golang.org/x/crypto/ssh/kex.go | 807 - vendor/golang.org/x/crypto/ssh/keys.go | 1823 - vendor/golang.org/x/crypto/ssh/mac.go | 84 - vendor/golang.org/x/crypto/ssh/messages.go | 893 - vendor/golang.org/x/crypto/ssh/mlkem.go | 168 - vendor/golang.org/x/crypto/ssh/mux.go | 357 - vendor/golang.org/x/crypto/ssh/server.go | 955 - vendor/golang.org/x/crypto/ssh/session.go | 647 - vendor/golang.org/x/crypto/ssh/ssh_gss.go | 145 - vendor/golang.org/x/crypto/ssh/streamlocal.go | 116 - vendor/golang.org/x/crypto/ssh/tcpip.go | 545 - vendor/golang.org/x/crypto/ssh/transport.go | 377 - vendor/golang.org/x/mod/LICENSE | 27 - vendor/golang.org/x/mod/PATENTS | 22 - .../x/mod/internal/lazyregexp/lazyre.go | 78 - vendor/golang.org/x/mod/modfile/print.go | 184 - vendor/golang.org/x/mod/modfile/read.go | 964 - vendor/golang.org/x/mod/modfile/rule.go | 1904 - vendor/golang.org/x/mod/modfile/work.go | 333 - vendor/golang.org/x/mod/module/module.go | 840 - vendor/golang.org/x/mod/module/pseudo.go | 250 - vendor/golang.org/x/mod/semver/semver.go | 407 - vendor/golang.org/x/net/LICENSE | 27 - vendor/golang.org/x/net/PATENTS | 22 - .../x/net/context/ctxhttp/ctxhttp.go | 71 - vendor/golang.org/x/net/http/httpguts/guts.go | 50 - .../golang.org/x/net/http/httpguts/httplex.go | 347 - vendor/golang.org/x/net/http2/.gitignore | 2 - vendor/golang.org/x/net/http2/ascii.go | 53 - vendor/golang.org/x/net/http2/ciphers.go | 641 - .../x/net/http2/client_conn_pool.go | 311 - vendor/golang.org/x/net/http2/config.go | 169 - vendor/golang.org/x/net/http2/config_go125.go | 15 - vendor/golang.org/x/net/http2/config_go126.go | 15 - vendor/golang.org/x/net/http2/databuffer.go | 149 - vendor/golang.org/x/net/http2/errors.go | 145 - vendor/golang.org/x/net/http2/flow.go | 120 - vendor/golang.org/x/net/http2/frame.go | 1753 - vendor/golang.org/x/net/http2/gotrack.go | 181 - vendor/golang.org/x/net/http2/hpack/encode.go | 245 - vendor/golang.org/x/net/http2/hpack/hpack.go | 523 - .../golang.org/x/net/http2/hpack/huffman.go | 226 - .../x/net/http2/hpack/static_table.go | 188 - vendor/golang.org/x/net/http2/hpack/tables.go | 403 - vendor/golang.org/x/net/http2/http2.go | 409 - vendor/golang.org/x/net/http2/pipe.go | 184 - vendor/golang.org/x/net/http2/server.go | 3341 -- vendor/golang.org/x/net/http2/transport.go | 3439 -- vendor/golang.org/x/net/http2/unencrypted.go | 32 - vendor/golang.org/x/net/http2/write.go | 381 - vendor/golang.org/x/net/http2/writesched.go | 288 - .../net/http2/writesched_priority_rfc7540.go | 450 - .../net/http2/writesched_priority_rfc9218.go | 224 - .../x/net/http2/writesched_random.go | 77 - .../x/net/http2/writesched_roundrobin.go | 119 - vendor/golang.org/x/net/idna/go118.go | 13 - vendor/golang.org/x/net/idna/idna10.0.0.go | 769 - vendor/golang.org/x/net/idna/idna9.0.0.go | 717 - vendor/golang.org/x/net/idna/pre_go118.go | 11 - vendor/golang.org/x/net/idna/punycode.go | 217 - vendor/golang.org/x/net/idna/tables10.0.0.go | 4559 --- vendor/golang.org/x/net/idna/tables11.0.0.go | 4653 --- vendor/golang.org/x/net/idna/tables12.0.0.go | 4733 --- vendor/golang.org/x/net/idna/tables13.0.0.go | 4959 --- vendor/golang.org/x/net/idna/tables15.0.0.go | 5144 --- vendor/golang.org/x/net/idna/tables9.0.0.go | 4486 --- vendor/golang.org/x/net/idna/trie.go | 51 - vendor/golang.org/x/net/idna/trie12.0.0.go | 30 - vendor/golang.org/x/net/idna/trie13.0.0.go | 30 - vendor/golang.org/x/net/idna/trieval.go | 119 - .../x/net/internal/httpcommon/ascii.go | 53 - .../x/net/internal/httpcommon/headermap.go | 115 - .../x/net/internal/httpcommon/request.go | 467 - .../x/net/internal/timeseries/timeseries.go | 525 - vendor/golang.org/x/net/trace/events.go | 532 - vendor/golang.org/x/net/trace/histogram.go | 365 - vendor/golang.org/x/net/trace/trace.go | 1130 - vendor/golang.org/x/oauth2/.travis.yml | 13 - vendor/golang.org/x/oauth2/CONTRIBUTING.md | 26 - vendor/golang.org/x/oauth2/LICENSE | 27 - vendor/golang.org/x/oauth2/README.md | 35 - vendor/golang.org/x/oauth2/deviceauth.go | 227 - vendor/golang.org/x/oauth2/internal/doc.go | 6 - vendor/golang.org/x/oauth2/internal/oauth2.go | 37 - vendor/golang.org/x/oauth2/internal/token.go | 356 - .../golang.org/x/oauth2/internal/transport.go | 28 - vendor/golang.org/x/oauth2/oauth2.go | 423 - vendor/golang.org/x/oauth2/pkce.go | 69 - vendor/golang.org/x/oauth2/token.go | 213 - vendor/golang.org/x/oauth2/transport.go | 75 - vendor/golang.org/x/sync/LICENSE | 27 - vendor/golang.org/x/sync/PATENTS | 22 - vendor/golang.org/x/sync/errgroup/errgroup.go | 151 - vendor/golang.org/x/sys/LICENSE | 27 - vendor/golang.org/x/sys/PATENTS | 22 - vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s | 17 - .../golang.org/x/sys/cpu/asm_darwin_x86_gc.s | 17 - vendor/golang.org/x/sys/cpu/byteorder.go | 66 - vendor/golang.org/x/sys/cpu/cpu.go | 338 - vendor/golang.org/x/sys/cpu/cpu_aix.go | 33 - vendor/golang.org/x/sys/cpu/cpu_arm.go | 73 - vendor/golang.org/x/sys/cpu/cpu_arm64.go | 194 - vendor/golang.org/x/sys/cpu/cpu_arm64.s | 35 - vendor/golang.org/x/sys/cpu/cpu_darwin_x86.go | 61 - vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go | 12 - vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go | 21 - vendor/golang.org/x/sys/cpu/cpu_gc_x86.go | 15 - vendor/golang.org/x/sys/cpu/cpu_gc_x86.s | 26 - .../golang.org/x/sys/cpu/cpu_gccgo_arm64.go | 11 - .../golang.org/x/sys/cpu/cpu_gccgo_s390x.go | 22 - vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c | 37 - vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go | 25 - vendor/golang.org/x/sys/cpu/cpu_linux.go | 15 - vendor/golang.org/x/sys/cpu/cpu_linux_arm.go | 39 - .../golang.org/x/sys/cpu/cpu_linux_arm64.go | 120 - .../golang.org/x/sys/cpu/cpu_linux_loong64.go | 22 - .../golang.org/x/sys/cpu/cpu_linux_mips64x.go | 22 - .../golang.org/x/sys/cpu/cpu_linux_noinit.go | 9 - .../golang.org/x/sys/cpu/cpu_linux_ppc64x.go | 30 - .../golang.org/x/sys/cpu/cpu_linux_riscv64.go | 160 - .../golang.org/x/sys/cpu/cpu_linux_s390x.go | 40 - vendor/golang.org/x/sys/cpu/cpu_loong64.go | 50 - vendor/golang.org/x/sys/cpu/cpu_loong64.s | 13 - vendor/golang.org/x/sys/cpu/cpu_mips64x.go | 15 - vendor/golang.org/x/sys/cpu/cpu_mipsx.go | 11 - .../golang.org/x/sys/cpu/cpu_netbsd_arm64.go | 173 - .../golang.org/x/sys/cpu/cpu_openbsd_arm64.go | 65 - .../golang.org/x/sys/cpu/cpu_openbsd_arm64.s | 11 - vendor/golang.org/x/sys/cpu/cpu_other_arm.go | 9 - .../golang.org/x/sys/cpu/cpu_other_arm64.go | 9 - .../golang.org/x/sys/cpu/cpu_other_mips64x.go | 11 - .../golang.org/x/sys/cpu/cpu_other_ppc64x.go | 12 - .../golang.org/x/sys/cpu/cpu_other_riscv64.go | 11 - vendor/golang.org/x/sys/cpu/cpu_other_x86.go | 11 - vendor/golang.org/x/sys/cpu/cpu_ppc64x.go | 16 - vendor/golang.org/x/sys/cpu/cpu_riscv64.go | 32 - vendor/golang.org/x/sys/cpu/cpu_s390x.go | 172 - vendor/golang.org/x/sys/cpu/cpu_s390x.s | 57 - vendor/golang.org/x/sys/cpu/cpu_wasm.go | 17 - .../golang.org/x/sys/cpu/cpu_windows_arm64.go | 42 - vendor/golang.org/x/sys/cpu/cpu_x86.go | 236 - vendor/golang.org/x/sys/cpu/cpu_zos.go | 10 - vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go | 25 - vendor/golang.org/x/sys/cpu/endian_big.go | 10 - vendor/golang.org/x/sys/cpu/endian_little.go | 10 - vendor/golang.org/x/sys/cpu/hwcap_linux.go | 71 - vendor/golang.org/x/sys/cpu/parse.go | 43 - .../x/sys/cpu/proc_cpuinfo_linux.go | 53 - vendor/golang.org/x/sys/cpu/runtime_auxv.go | 16 - .../x/sys/cpu/runtime_auxv_go121.go | 18 - .../golang.org/x/sys/cpu/syscall_aix_gccgo.go | 26 - .../x/sys/cpu/syscall_aix_ppc64_gc.go | 35 - .../x/sys/cpu/syscall_darwin_x86_gc.go | 98 - vendor/golang.org/x/sys/unix/.gitignore | 2 - vendor/golang.org/x/sys/unix/README.md | 184 - .../golang.org/x/sys/unix/affinity_linux.go | 93 - vendor/golang.org/x/sys/unix/aliases.go | 13 - vendor/golang.org/x/sys/unix/asm_aix_ppc64.s | 17 - vendor/golang.org/x/sys/unix/asm_bsd_386.s | 27 - vendor/golang.org/x/sys/unix/asm_bsd_amd64.s | 27 - vendor/golang.org/x/sys/unix/asm_bsd_arm.s | 27 - vendor/golang.org/x/sys/unix/asm_bsd_arm64.s | 27 - vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s | 29 - .../golang.org/x/sys/unix/asm_bsd_riscv64.s | 27 - vendor/golang.org/x/sys/unix/asm_linux_386.s | 65 - .../golang.org/x/sys/unix/asm_linux_amd64.s | 57 - vendor/golang.org/x/sys/unix/asm_linux_arm.s | 56 - .../golang.org/x/sys/unix/asm_linux_arm64.s | 50 - .../golang.org/x/sys/unix/asm_linux_loong64.s | 51 - .../golang.org/x/sys/unix/asm_linux_mips64x.s | 54 - .../golang.org/x/sys/unix/asm_linux_mipsx.s | 52 - .../golang.org/x/sys/unix/asm_linux_ppc64x.s | 42 - .../golang.org/x/sys/unix/asm_linux_riscv64.s | 47 - .../golang.org/x/sys/unix/asm_linux_s390x.s | 54 - .../x/sys/unix/asm_openbsd_mips64.s | 29 - .../golang.org/x/sys/unix/asm_solaris_amd64.s | 17 - vendor/golang.org/x/sys/unix/asm_zos_s390x.s | 382 - vendor/golang.org/x/sys/unix/auxv.go | 36 - .../golang.org/x/sys/unix/auxv_unsupported.go | 13 - .../golang.org/x/sys/unix/bluetooth_linux.go | 36 - vendor/golang.org/x/sys/unix/bpxsvc_zos.go | 657 - vendor/golang.org/x/sys/unix/bpxsvc_zos.s | 192 - vendor/golang.org/x/sys/unix/cap_freebsd.go | 195 - vendor/golang.org/x/sys/unix/constants.go | 13 - vendor/golang.org/x/sys/unix/dev_aix_ppc.go | 26 - vendor/golang.org/x/sys/unix/dev_aix_ppc64.go | 28 - vendor/golang.org/x/sys/unix/dev_darwin.go | 24 - vendor/golang.org/x/sys/unix/dev_dragonfly.go | 30 - vendor/golang.org/x/sys/unix/dev_freebsd.go | 30 - vendor/golang.org/x/sys/unix/dev_linux.go | 42 - vendor/golang.org/x/sys/unix/dev_netbsd.go | 29 - vendor/golang.org/x/sys/unix/dev_openbsd.go | 29 - vendor/golang.org/x/sys/unix/dev_zos.go | 28 - vendor/golang.org/x/sys/unix/dirent.go | 102 - vendor/golang.org/x/sys/unix/endian_big.go | 9 - vendor/golang.org/x/sys/unix/endian_little.go | 9 - vendor/golang.org/x/sys/unix/env_unix.go | 31 - vendor/golang.org/x/sys/unix/fcntl.go | 36 - vendor/golang.org/x/sys/unix/fcntl_darwin.go | 24 - .../x/sys/unix/fcntl_linux_32bit.go | 13 - vendor/golang.org/x/sys/unix/fdset.go | 27 - vendor/golang.org/x/sys/unix/gccgo.go | 59 - vendor/golang.org/x/sys/unix/gccgo_c.c | 44 - .../x/sys/unix/gccgo_linux_amd64.go | 20 - vendor/golang.org/x/sys/unix/ifreq_linux.go | 139 - vendor/golang.org/x/sys/unix/ioctl_linux.go | 334 - vendor/golang.org/x/sys/unix/ioctl_signed.go | 74 - .../golang.org/x/sys/unix/ioctl_unsigned.go | 74 - vendor/golang.org/x/sys/unix/ioctl_zos.go | 71 - vendor/golang.org/x/sys/unix/mkall.sh | 250 - vendor/golang.org/x/sys/unix/mkerrors.sh | 811 - vendor/golang.org/x/sys/unix/mmap_nomremap.go | 13 - vendor/golang.org/x/sys/unix/mremap.go | 57 - vendor/golang.org/x/sys/unix/pagesize_unix.go | 15 - .../golang.org/x/sys/unix/pledge_openbsd.go | 111 - vendor/golang.org/x/sys/unix/ptrace_darwin.go | 11 - vendor/golang.org/x/sys/unix/ptrace_ios.go | 11 - vendor/golang.org/x/sys/unix/race.go | 30 - vendor/golang.org/x/sys/unix/race0.go | 25 - .../x/sys/unix/readdirent_getdents.go | 12 - .../x/sys/unix/readdirent_getdirentries.go | 19 - .../x/sys/unix/sockcmsg_dragonfly.go | 16 - .../golang.org/x/sys/unix/sockcmsg_linux.go | 85 - vendor/golang.org/x/sys/unix/sockcmsg_unix.go | 106 - .../x/sys/unix/sockcmsg_unix_other.go | 46 - vendor/golang.org/x/sys/unix/sockcmsg_zos.go | 58 - .../golang.org/x/sys/unix/symaddr_zos_s390x.s | 75 - vendor/golang.org/x/sys/unix/syscall.go | 86 - vendor/golang.org/x/sys/unix/syscall_aix.go | 582 - .../golang.org/x/sys/unix/syscall_aix_ppc.go | 52 - .../x/sys/unix/syscall_aix_ppc64.go | 83 - vendor/golang.org/x/sys/unix/syscall_bsd.go | 609 - .../golang.org/x/sys/unix/syscall_darwin.go | 800 - .../x/sys/unix/syscall_darwin_amd64.go | 50 - .../x/sys/unix/syscall_darwin_arm64.go | 50 - .../x/sys/unix/syscall_darwin_libSystem.go | 26 - .../x/sys/unix/syscall_dragonfly.go | 359 - .../x/sys/unix/syscall_dragonfly_amd64.go | 56 - .../golang.org/x/sys/unix/syscall_freebsd.go | 455 - .../x/sys/unix/syscall_freebsd_386.go | 64 - .../x/sys/unix/syscall_freebsd_amd64.go | 64 - .../x/sys/unix/syscall_freebsd_arm.go | 60 - .../x/sys/unix/syscall_freebsd_arm64.go | 60 - .../x/sys/unix/syscall_freebsd_riscv64.go | 60 - vendor/golang.org/x/sys/unix/syscall_hurd.go | 30 - .../golang.org/x/sys/unix/syscall_hurd_386.go | 28 - .../golang.org/x/sys/unix/syscall_illumos.go | 78 - vendor/golang.org/x/sys/unix/syscall_linux.go | 2651 -- .../x/sys/unix/syscall_linux_386.go | 314 - .../x/sys/unix/syscall_linux_alarm.go | 12 - .../x/sys/unix/syscall_linux_amd64.go | 145 - .../x/sys/unix/syscall_linux_amd64_gc.go | 12 - .../x/sys/unix/syscall_linux_arm.go | 216 - .../x/sys/unix/syscall_linux_arm64.go | 186 - .../golang.org/x/sys/unix/syscall_linux_gc.go | 14 - .../x/sys/unix/syscall_linux_gc_386.go | 16 - .../x/sys/unix/syscall_linux_gc_arm.go | 13 - .../x/sys/unix/syscall_linux_gccgo_386.go | 30 - .../x/sys/unix/syscall_linux_gccgo_arm.go | 20 - .../x/sys/unix/syscall_linux_loong64.go | 218 - .../x/sys/unix/syscall_linux_mips64x.go | 188 - .../x/sys/unix/syscall_linux_mipsx.go | 174 - .../x/sys/unix/syscall_linux_ppc.go | 204 - .../x/sys/unix/syscall_linux_ppc64x.go | 115 - .../x/sys/unix/syscall_linux_riscv64.go | 191 - .../x/sys/unix/syscall_linux_s390x.go | 296 - .../x/sys/unix/syscall_linux_sparc64.go | 112 - .../golang.org/x/sys/unix/syscall_netbsd.go | 388 - .../x/sys/unix/syscall_netbsd_386.go | 37 - .../x/sys/unix/syscall_netbsd_amd64.go | 37 - .../x/sys/unix/syscall_netbsd_arm.go | 37 - .../x/sys/unix/syscall_netbsd_arm64.go | 37 - .../golang.org/x/sys/unix/syscall_openbsd.go | 342 - .../x/sys/unix/syscall_openbsd_386.go | 41 - .../x/sys/unix/syscall_openbsd_amd64.go | 41 - .../x/sys/unix/syscall_openbsd_arm.go | 41 - .../x/sys/unix/syscall_openbsd_arm64.go | 41 - .../x/sys/unix/syscall_openbsd_libc.go | 26 - .../x/sys/unix/syscall_openbsd_mips64.go | 39 - .../x/sys/unix/syscall_openbsd_ppc64.go | 41 - .../x/sys/unix/syscall_openbsd_riscv64.go | 41 - .../golang.org/x/sys/unix/syscall_solaris.go | 1183 - .../x/sys/unix/syscall_solaris_amd64.go | 27 - vendor/golang.org/x/sys/unix/syscall_unix.go | 619 - .../golang.org/x/sys/unix/syscall_unix_gc.go | 14 - .../x/sys/unix/syscall_unix_gc_ppc64x.go | 22 - .../x/sys/unix/syscall_zos_s390x.go | 3213 -- vendor/golang.org/x/sys/unix/sysvshm_linux.go | 20 - vendor/golang.org/x/sys/unix/sysvshm_unix.go | 51 - .../x/sys/unix/sysvshm_unix_other.go | 13 - vendor/golang.org/x/sys/unix/timestruct.go | 76 - .../golang.org/x/sys/unix/unveil_openbsd.go | 51 - .../golang.org/x/sys/unix/vgetrandom_linux.go | 13 - .../x/sys/unix/vgetrandom_unsupported.go | 11 - vendor/golang.org/x/sys/unix/xattr_bsd.go | 280 - .../golang.org/x/sys/unix/zerrors_aix_ppc.go | 1384 - .../x/sys/unix/zerrors_aix_ppc64.go | 1385 - .../x/sys/unix/zerrors_darwin_amd64.go | 1922 - .../x/sys/unix/zerrors_darwin_arm64.go | 1922 - .../x/sys/unix/zerrors_dragonfly_amd64.go | 1737 - .../x/sys/unix/zerrors_freebsd_386.go | 2042 - .../x/sys/unix/zerrors_freebsd_amd64.go | 2039 - .../x/sys/unix/zerrors_freebsd_arm.go | 2033 - .../x/sys/unix/zerrors_freebsd_arm64.go | 2033 - .../x/sys/unix/zerrors_freebsd_riscv64.go | 2147 -- vendor/golang.org/x/sys/unix/zerrors_linux.go | 4144 -- .../x/sys/unix/zerrors_linux_386.go | 878 - .../x/sys/unix/zerrors_linux_amd64.go | 878 - .../x/sys/unix/zerrors_linux_arm.go | 883 - .../x/sys/unix/zerrors_linux_arm64.go | 880 - .../x/sys/unix/zerrors_linux_loong64.go | 870 - .../x/sys/unix/zerrors_linux_mips.go | 884 - .../x/sys/unix/zerrors_linux_mips64.go | 884 - .../x/sys/unix/zerrors_linux_mips64le.go | 884 - .../x/sys/unix/zerrors_linux_mipsle.go | 884 - .../x/sys/unix/zerrors_linux_ppc.go | 936 - .../x/sys/unix/zerrors_linux_ppc64.go | 940 - .../x/sys/unix/zerrors_linux_ppc64le.go | 940 - .../x/sys/unix/zerrors_linux_riscv64.go | 867 - .../x/sys/unix/zerrors_linux_s390x.go | 939 - .../x/sys/unix/zerrors_linux_sparc64.go | 982 - .../x/sys/unix/zerrors_netbsd_386.go | 1779 - .../x/sys/unix/zerrors_netbsd_amd64.go | 1769 - .../x/sys/unix/zerrors_netbsd_arm.go | 1758 - .../x/sys/unix/zerrors_netbsd_arm64.go | 1769 - .../x/sys/unix/zerrors_openbsd_386.go | 1905 - .../x/sys/unix/zerrors_openbsd_amd64.go | 1905 - .../x/sys/unix/zerrors_openbsd_arm.go | 1905 - .../x/sys/unix/zerrors_openbsd_arm64.go | 1905 - .../x/sys/unix/zerrors_openbsd_mips64.go | 1905 - .../x/sys/unix/zerrors_openbsd_ppc64.go | 1904 - .../x/sys/unix/zerrors_openbsd_riscv64.go | 1903 - .../x/sys/unix/zerrors_solaris_amd64.go | 1556 - .../x/sys/unix/zerrors_zos_s390x.go | 990 - .../x/sys/unix/zptrace_armnn_linux.go | 40 - .../x/sys/unix/zptrace_linux_arm64.go | 17 - .../x/sys/unix/zptrace_mipsnn_linux.go | 49 - .../x/sys/unix/zptrace_mipsnnle_linux.go | 49 - .../x/sys/unix/zptrace_x86_linux.go | 79 - .../x/sys/unix/zsymaddr_zos_s390x.s | 364 - .../golang.org/x/sys/unix/zsyscall_aix_ppc.go | 1461 - .../x/sys/unix/zsyscall_aix_ppc64.go | 1420 - .../x/sys/unix/zsyscall_aix_ppc64_gc.go | 1188 - .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go | 1069 - .../x/sys/unix/zsyscall_darwin_amd64.go | 2728 -- .../x/sys/unix/zsyscall_darwin_amd64.s | 799 - .../x/sys/unix/zsyscall_darwin_arm64.go | 2728 -- .../x/sys/unix/zsyscall_darwin_arm64.s | 799 - .../x/sys/unix/zsyscall_dragonfly_amd64.go | 1666 - .../x/sys/unix/zsyscall_freebsd_386.go | 1886 - .../x/sys/unix/zsyscall_freebsd_amd64.go | 1886 - .../x/sys/unix/zsyscall_freebsd_arm.go | 1886 - .../x/sys/unix/zsyscall_freebsd_arm64.go | 1886 - .../x/sys/unix/zsyscall_freebsd_riscv64.go | 1886 - .../x/sys/unix/zsyscall_illumos_amd64.go | 101 - .../golang.org/x/sys/unix/zsyscall_linux.go | 2250 -- .../x/sys/unix/zsyscall_linux_386.go | 486 - .../x/sys/unix/zsyscall_linux_amd64.go | 653 - .../x/sys/unix/zsyscall_linux_arm.go | 601 - .../x/sys/unix/zsyscall_linux_arm64.go | 552 - .../x/sys/unix/zsyscall_linux_loong64.go | 486 - .../x/sys/unix/zsyscall_linux_mips.go | 653 - .../x/sys/unix/zsyscall_linux_mips64.go | 647 - .../x/sys/unix/zsyscall_linux_mips64le.go | 636 - .../x/sys/unix/zsyscall_linux_mipsle.go | 653 - .../x/sys/unix/zsyscall_linux_ppc.go | 658 - .../x/sys/unix/zsyscall_linux_ppc64.go | 704 - .../x/sys/unix/zsyscall_linux_ppc64le.go | 704 - .../x/sys/unix/zsyscall_linux_riscv64.go | 548 - .../x/sys/unix/zsyscall_linux_s390x.go | 495 - .../x/sys/unix/zsyscall_linux_sparc64.go | 648 - .../x/sys/unix/zsyscall_netbsd_386.go | 1848 - .../x/sys/unix/zsyscall_netbsd_amd64.go | 1848 - .../x/sys/unix/zsyscall_netbsd_arm.go | 1848 - .../x/sys/unix/zsyscall_netbsd_arm64.go | 1848 - .../x/sys/unix/zsyscall_openbsd_386.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_386.s | 699 - .../x/sys/unix/zsyscall_openbsd_amd64.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_amd64.s | 699 - .../x/sys/unix/zsyscall_openbsd_arm.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_arm.s | 699 - .../x/sys/unix/zsyscall_openbsd_arm64.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_arm64.s | 699 - .../x/sys/unix/zsyscall_openbsd_mips64.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_mips64.s | 699 - .../x/sys/unix/zsyscall_openbsd_ppc64.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_ppc64.s | 838 - .../x/sys/unix/zsyscall_openbsd_riscv64.go | 2323 -- .../x/sys/unix/zsyscall_openbsd_riscv64.s | 699 - .../x/sys/unix/zsyscall_solaris_amd64.go | 2217 -- .../x/sys/unix/zsyscall_zos_s390x.go | 3458 -- .../x/sys/unix/zsysctl_openbsd_386.go | 280 - .../x/sys/unix/zsysctl_openbsd_amd64.go | 280 - .../x/sys/unix/zsysctl_openbsd_arm.go | 280 - .../x/sys/unix/zsysctl_openbsd_arm64.go | 280 - .../x/sys/unix/zsysctl_openbsd_mips64.go | 280 - .../x/sys/unix/zsysctl_openbsd_ppc64.go | 280 - .../x/sys/unix/zsysctl_openbsd_riscv64.go | 281 - .../x/sys/unix/zsysnum_darwin_amd64.go | 439 - .../x/sys/unix/zsysnum_darwin_arm64.go | 437 - .../x/sys/unix/zsysnum_dragonfly_amd64.go | 316 - .../x/sys/unix/zsysnum_freebsd_386.go | 393 - .../x/sys/unix/zsysnum_freebsd_amd64.go | 393 - .../x/sys/unix/zsysnum_freebsd_arm.go | 393 - .../x/sys/unix/zsysnum_freebsd_arm64.go | 393 - .../x/sys/unix/zsysnum_freebsd_riscv64.go | 393 - .../x/sys/unix/zsysnum_linux_386.go | 466 - .../x/sys/unix/zsysnum_linux_amd64.go | 389 - .../x/sys/unix/zsysnum_linux_arm.go | 430 - .../x/sys/unix/zsysnum_linux_arm64.go | 333 - .../x/sys/unix/zsysnum_linux_loong64.go | 329 - .../x/sys/unix/zsysnum_linux_mips.go | 450 - .../x/sys/unix/zsysnum_linux_mips64.go | 380 - .../x/sys/unix/zsysnum_linux_mips64le.go | 380 - .../x/sys/unix/zsysnum_linux_mipsle.go | 450 - .../x/sys/unix/zsysnum_linux_ppc.go | 457 - .../x/sys/unix/zsysnum_linux_ppc64.go | 429 - .../x/sys/unix/zsysnum_linux_ppc64le.go | 429 - .../x/sys/unix/zsysnum_linux_riscv64.go | 334 - .../x/sys/unix/zsysnum_linux_s390x.go | 395 - .../x/sys/unix/zsysnum_linux_sparc64.go | 408 - .../x/sys/unix/zsysnum_netbsd_386.go | 274 - .../x/sys/unix/zsysnum_netbsd_amd64.go | 274 - .../x/sys/unix/zsysnum_netbsd_arm.go | 274 - .../x/sys/unix/zsysnum_netbsd_arm64.go | 274 - .../x/sys/unix/zsysnum_openbsd_386.go | 219 - .../x/sys/unix/zsysnum_openbsd_amd64.go | 219 - .../x/sys/unix/zsysnum_openbsd_arm.go | 219 - .../x/sys/unix/zsysnum_openbsd_arm64.go | 218 - .../x/sys/unix/zsysnum_openbsd_mips64.go | 221 - .../x/sys/unix/zsysnum_openbsd_ppc64.go | 217 - .../x/sys/unix/zsysnum_openbsd_riscv64.go | 218 - .../x/sys/unix/zsysnum_zos_s390x.go | 2852 -- .../golang.org/x/sys/unix/ztypes_aix_ppc.go | 353 - .../golang.org/x/sys/unix/ztypes_aix_ppc64.go | 357 - .../x/sys/unix/ztypes_darwin_amd64.go | 878 - .../x/sys/unix/ztypes_darwin_arm64.go | 878 - .../x/sys/unix/ztypes_dragonfly_amd64.go | 473 - .../x/sys/unix/ztypes_freebsd_386.go | 651 - .../x/sys/unix/ztypes_freebsd_amd64.go | 656 - .../x/sys/unix/ztypes_freebsd_arm.go | 642 - .../x/sys/unix/ztypes_freebsd_arm64.go | 636 - .../x/sys/unix/ztypes_freebsd_riscv64.go | 638 - vendor/golang.org/x/sys/unix/ztypes_linux.go | 6365 --- .../golang.org/x/sys/unix/ztypes_linux_386.go | 705 - .../x/sys/unix/ztypes_linux_amd64.go | 719 - .../golang.org/x/sys/unix/ztypes_linux_arm.go | 699 - .../x/sys/unix/ztypes_linux_arm64.go | 698 - .../x/sys/unix/ztypes_linux_loong64.go | 699 - .../x/sys/unix/ztypes_linux_mips.go | 704 - .../x/sys/unix/ztypes_linux_mips64.go | 701 - .../x/sys/unix/ztypes_linux_mips64le.go | 701 - .../x/sys/unix/ztypes_linux_mipsle.go | 704 - .../golang.org/x/sys/unix/ztypes_linux_ppc.go | 712 - .../x/sys/unix/ztypes_linux_ppc64.go | 707 - .../x/sys/unix/ztypes_linux_ppc64le.go | 707 - .../x/sys/unix/ztypes_linux_riscv64.go | 786 - .../x/sys/unix/ztypes_linux_s390x.go | 721 - .../x/sys/unix/ztypes_linux_sparc64.go | 702 - .../x/sys/unix/ztypes_netbsd_386.go | 585 - .../x/sys/unix/ztypes_netbsd_amd64.go | 593 - .../x/sys/unix/ztypes_netbsd_arm.go | 590 - .../x/sys/unix/ztypes_netbsd_arm64.go | 593 - .../x/sys/unix/ztypes_openbsd_386.go | 568 - .../x/sys/unix/ztypes_openbsd_amd64.go | 568 - .../x/sys/unix/ztypes_openbsd_arm.go | 575 - .../x/sys/unix/ztypes_openbsd_arm64.go | 568 - .../x/sys/unix/ztypes_openbsd_mips64.go | 568 - .../x/sys/unix/ztypes_openbsd_ppc64.go | 570 - .../x/sys/unix/ztypes_openbsd_riscv64.go | 570 - .../x/sys/unix/ztypes_solaris_amd64.go | 516 - .../golang.org/x/sys/unix/ztypes_zos_s390x.go | 552 - vendor/golang.org/x/sys/windows/aliases.go | 12 - .../golang.org/x/sys/windows/dll_windows.go | 415 - .../golang.org/x/sys/windows/env_windows.go | 57 - vendor/golang.org/x/sys/windows/eventlog.go | 20 - .../golang.org/x/sys/windows/exec_windows.go | 248 - .../x/sys/windows/memory_windows.go | 48 - vendor/golang.org/x/sys/windows/mkerrors.bash | 70 - .../x/sys/windows/mkknownfolderids.bash | 27 - vendor/golang.org/x/sys/windows/mksyscall.go | 9 - vendor/golang.org/x/sys/windows/race.go | 30 - vendor/golang.org/x/sys/windows/race0.go | 25 - .../x/sys/windows/security_windows.go | 1497 - vendor/golang.org/x/sys/windows/service.go | 257 - .../x/sys/windows/setupapi_windows.go | 1425 - vendor/golang.org/x/sys/windows/str.go | 22 - vendor/golang.org/x/sys/windows/syscall.go | 104 - .../x/sys/windows/syscall_windows.go | 1952 - .../golang.org/x/sys/windows/types_windows.go | 4025 -- .../x/sys/windows/types_windows_386.go | 35 - .../x/sys/windows/types_windows_amd64.go | 34 - .../x/sys/windows/types_windows_arm.go | 35 - .../x/sys/windows/types_windows_arm64.go | 34 - .../x/sys/windows/zerrors_windows.go | 9468 ----- .../x/sys/windows/zknownfolderids_windows.go | 149 - .../x/sys/windows/zsyscall_windows.go | 4757 --- vendor/golang.org/x/text/LICENSE | 27 - vendor/golang.org/x/text/PATENTS | 22 - .../x/text/secure/bidirule/bidirule.go | 340 - .../golang.org/x/text/transform/transform.go | 709 - vendor/golang.org/x/text/unicode/bidi/bidi.go | 359 - .../golang.org/x/text/unicode/bidi/bracket.go | 335 - vendor/golang.org/x/text/unicode/bidi/core.go | 1064 - vendor/golang.org/x/text/unicode/bidi/prop.go | 206 - .../x/text/unicode/bidi/tables15.0.0.go | 2042 - .../x/text/unicode/bidi/tables17.0.0.go | 2135 - .../golang.org/x/text/unicode/bidi/trieval.go | 48 - .../x/text/unicode/norm/composition.go | 512 - .../x/text/unicode/norm/forminfo.go | 289 - .../golang.org/x/text/unicode/norm/input.go | 109 - vendor/golang.org/x/text/unicode/norm/iter.go | 458 - .../x/text/unicode/norm/normalize.go | 610 - .../x/text/unicode/norm/readwriter.go | 125 - .../x/text/unicode/norm/tables15.0.0.go | 7907 ---- .../x/text/unicode/norm/tables17.0.0.go | 8104 ---- .../x/text/unicode/norm/transform.go | 88 - vendor/golang.org/x/text/unicode/norm/trie.go | 54 - vendor/golang.org/x/tools/LICENSE | 27 - vendor/golang.org/x/tools/PATENTS | 22 - .../x/tools/cmd/stringer/stringer.go | 715 - vendor/golang.org/x/tools/go/ast/edge/edge.go | 295 - .../x/tools/go/ast/inspector/cursor.go | 527 - .../x/tools/go/ast/inspector/inspector.go | 311 - .../x/tools/go/ast/inspector/iter.go | 85 - .../x/tools/go/ast/inspector/typeof.go | 227 - .../x/tools/go/ast/inspector/walk.go | 341 - .../x/tools/go/gcexportdata/gcexportdata.go | 236 - .../x/tools/go/gcexportdata/importer.go | 75 - vendor/golang.org/x/tools/go/packages/doc.go | 253 - .../x/tools/go/packages/external.go | 153 - .../golang.org/x/tools/go/packages/golist.go | 1086 - .../x/tools/go/packages/golist_overlay.go | 83 - .../x/tools/go/packages/loadmode_string.go | 56 - .../x/tools/go/packages/packages.go | 1568 - .../golang.org/x/tools/go/packages/visit.go | 133 - .../x/tools/go/types/objectpath/objectpath.go | 820 - .../x/tools/go/types/typeutil/callee.go | 86 - .../x/tools/go/types/typeutil/imports.go | 30 - .../x/tools/go/types/typeutil/map.go | 459 - .../tools/go/types/typeutil/methodsetcache.go | 71 - .../x/tools/go/types/typeutil/ui.go | 53 - .../x/tools/internal/aliases/aliases.go | 38 - .../x/tools/internal/aliases/aliases_go122.go | 80 - .../x/tools/internal/event/core/event.go | 80 - .../x/tools/internal/event/core/export.go | 67 - .../x/tools/internal/event/core/fast.go | 77 - .../golang.org/x/tools/internal/event/doc.go | 7 - .../x/tools/internal/event/event.go | 127 - .../x/tools/internal/event/keys/keys.go | 564 - .../x/tools/internal/event/keys/standard.go | 22 - .../x/tools/internal/event/keys/util.go | 21 - .../x/tools/internal/event/label/label.go | 208 - .../x/tools/internal/gcimporter/bimport.go | 89 - .../x/tools/internal/gcimporter/exportdata.go | 421 - .../x/tools/internal/gcimporter/gcimporter.go | 108 - .../x/tools/internal/gcimporter/iexport.go | 1603 - .../x/tools/internal/gcimporter/iimport.go | 1120 - .../tools/internal/gcimporter/predeclared.go | 91 - .../x/tools/internal/gcimporter/support.go | 30 - .../tools/internal/gcimporter/ureader_yes.go | 761 - .../x/tools/internal/gocommand/invoke.go | 567 - .../internal/gocommand/invoke_notunix.go | 13 - .../x/tools/internal/gocommand/invoke_unix.go | 13 - .../x/tools/internal/gocommand/vendor.go | 163 - .../x/tools/internal/gocommand/version.go | 71 - .../internal/packagesinternal/packages.go | 23 - .../x/tools/internal/pkgbits/codes.go | 77 - .../x/tools/internal/pkgbits/decoder.go | 519 - .../x/tools/internal/pkgbits/doc.go | 32 - .../x/tools/internal/pkgbits/encoder.go | 392 - .../x/tools/internal/pkgbits/flags.go | 9 - .../x/tools/internal/pkgbits/reloc.go | 42 - .../x/tools/internal/pkgbits/support.go | 17 - .../x/tools/internal/pkgbits/sync.go | 136 - .../internal/pkgbits/syncmarker_string.go | 92 - .../x/tools/internal/pkgbits/version.go | 85 - .../x/tools/internal/stdlib/deps.go | 527 - .../x/tools/internal/stdlib/import.go | 97 - .../x/tools/internal/stdlib/manifest.go | 18328 --------- .../x/tools/internal/stdlib/stdlib.go | 105 - .../x/tools/internal/typeparams/common.go | 68 - .../x/tools/internal/typeparams/coretype.go | 155 - .../x/tools/internal/typeparams/free.go | 131 - .../x/tools/internal/typeparams/normalize.go | 216 - .../x/tools/internal/typeparams/termlist.go | 169 - .../x/tools/internal/typeparams/typeterm.go | 172 - .../internal/typesinternal/classify_call.go | 137 - .../x/tools/internal/typesinternal/element.go | 133 - .../tools/internal/typesinternal/errorcode.go | 1560 - .../typesinternal/errorcode_string.go | 179 - .../x/tools/internal/typesinternal/fx.go | 88 - .../x/tools/internal/typesinternal/isnamed.go | 71 - .../tools/internal/typesinternal/qualifier.go | 54 - .../x/tools/internal/typesinternal/recv.go | 44 - .../x/tools/internal/typesinternal/toonew.go | 89 - .../x/tools/internal/typesinternal/types.go | 197 - .../x/tools/internal/typesinternal/varkind.go | 23 - .../internal/typesinternal/varkind_go124.go | 39 - .../tools/internal/typesinternal/zerovalue.go | 381 - .../x/tools/internal/versions/features.go | 48 - .../x/tools/internal/versions/gover.go | 172 - .../x/tools/internal/versions/types.go | 33 - .../x/tools/internal/versions/versions.go | 57 - .../appengine/CONTRIBUTING.md | 88 - vendor/google.golang.org/appengine/LICENSE | 202 - vendor/google.golang.org/appengine/README.md | 100 - .../google.golang.org/appengine/appengine.go | 138 - .../appengine/appengine_vm.go | 20 - .../appengine/datastore/datastore.go | 407 - .../appengine/datastore/doc.go | 354 - .../datastore/internal/cloudkey/cloudkey.go | 120 - .../datastore/internal/cloudpb/entity.pb.go | 344 - .../appengine/datastore/key.go | 400 - .../appengine/datastore/keycompat.go | 88 - .../appengine/datastore/load.go | 429 - .../appengine/datastore/metadata.go | 79 - .../appengine/datastore/prop.go | 330 - .../appengine/datastore/query.go | 774 - .../appengine/datastore/save.go | 333 - .../appengine/datastore/transaction.go | 95 - vendor/google.golang.org/appengine/errors.go | 46 - .../google.golang.org/appengine/identity.go | 141 - .../appengine/internal/api.go | 653 - .../appengine/internal/api_classic.go | 170 - .../appengine/internal/api_common.go | 141 - .../appengine/internal/app_id.go | 28 - .../app_identity/app_identity_service.pb.go | 611 - .../app_identity/app_identity_service.proto | 64 - .../appengine/internal/base/api_base.pb.go | 308 - .../appengine/internal/base/api_base.proto | 33 - .../internal/datastore/datastore_v3.pb.go | 4367 --- .../internal/datastore/datastore_v3.proto | 551 - .../appengine/internal/identity.go | 54 - .../appengine/internal/identity_classic.go | 62 - .../appengine/internal/identity_flex.go | 12 - .../appengine/internal/identity_vm.go | 134 - .../appengine/internal/internal.go | 110 - .../appengine/internal/log/log_service.pb.go | 1313 - .../appengine/internal/log/log_service.proto | 150 - .../appengine/internal/main.go | 17 - .../appengine/internal/main_common.go | 7 - .../appengine/internal/main_vm.go | 70 - .../appengine/internal/metadata.go | 60 - .../internal/modules/modules_service.pb.go | 786 - .../internal/modules/modules_service.proto | 80 - .../appengine/internal/net.go | 56 - .../appengine/internal/regen.sh | 40 - .../internal/remote_api/remote_api.pb.go | 361 - .../internal/remote_api/remote_api.proto | 44 - .../appengine/internal/transaction.go | 115 - .../google.golang.org/appengine/namespace.go | 24 - vendor/google.golang.org/appengine/timeout.go | 20 - .../genproto/googleapis/rpc/LICENSE | 202 - .../googleapis/rpc/status/status.pb.go | 203 - vendor/google.golang.org/grpc/AUTHORS | 1 - .../google.golang.org/grpc/CODE-OF-CONDUCT.md | 3 - vendor/google.golang.org/grpc/CONTRIBUTING.md | 102 - vendor/google.golang.org/grpc/GOVERNANCE.md | 1 - vendor/google.golang.org/grpc/LICENSE | 202 - vendor/google.golang.org/grpc/MAINTAINERS.md | 36 - vendor/google.golang.org/grpc/Makefile | 49 - vendor/google.golang.org/grpc/NOTICE.txt | 13 - vendor/google.golang.org/grpc/README.md | 108 - vendor/google.golang.org/grpc/SECURITY.md | 3 - .../grpc/attributes/attributes.go | 141 - vendor/google.golang.org/grpc/backoff.go | 61 - .../google.golang.org/grpc/backoff/backoff.go | 52 - .../grpc/balancer/balancer.go | 394 - .../grpc/balancer/base/balancer.go | 262 - .../grpc/balancer/base/base.go | 71 - .../grpc/balancer/conn_state_evaluator.go | 74 - .../endpointsharding/endpointsharding.go | 389 - .../grpc/balancer/grpclb/state/state.go | 51 - .../balancer/pickfirst/internal/internal.go | 35 - .../grpc/balancer/pickfirst/pickfirst.go | 291 - .../pickfirst/pickfirstleaf/pickfirstleaf.go | 906 - .../grpc/balancer/roundrobin/roundrobin.go | 72 - .../grpc/balancer/subconn.go | 134 - .../grpc/balancer_wrapper.go | 520 - .../grpc_binarylog_v1/binarylog.pb.go | 1004 - vendor/google.golang.org/grpc/call.go | 74 - .../grpc/channelz/channelz.go | 36 - vendor/google.golang.org/grpc/clientconn.go | 1832 - vendor/google.golang.org/grpc/codec.go | 105 - .../grpc/codes/code_string.go | 111 - vendor/google.golang.org/grpc/codes/codes.go | 250 - .../grpc/connectivity/connectivity.go | 94 - .../grpc/credentials/credentials.go | 338 - .../grpc/credentials/insecure/insecure.go | 104 - .../google.golang.org/grpc/credentials/tls.go | 320 - vendor/google.golang.org/grpc/dialoptions.go | 797 - vendor/google.golang.org/grpc/doc.go | 26 - .../grpc/encoding/encoding.go | 131 - .../grpc/encoding/encoding_v2.go | 81 - .../grpc/encoding/proto/proto.go | 96 - .../grpc/experimental/stats/metricregistry.go | 270 - .../grpc/experimental/stats/metrics.go | 54 - .../grpc/grpclog/component.go | 115 - .../google.golang.org/grpc/grpclog/grpclog.go | 186 - .../grpc/grpclog/internal/grpclog.go | 26 - .../grpc/grpclog/internal/logger.go | 87 - .../grpc/grpclog/internal/loggerv2.go | 267 - .../google.golang.org/grpc/grpclog/logger.go | 34 - .../grpc/grpclog/loggerv2.go | 97 - .../google.golang.org/grpc/health/client.go | 117 - .../grpc/health/grpc_health_v1/health.pb.go | 350 - .../health/grpc_health_v1/health_grpc.pb.go | 290 - .../google.golang.org/grpc/health/logging.go | 23 - .../google.golang.org/grpc/health/producer.go | 106 - .../google.golang.org/grpc/health/server.go | 187 - vendor/google.golang.org/grpc/interceptor.go | 104 - .../grpc/internal/backoff/backoff.go | 109 - .../balancer/gracefulswitch/config.go | 84 - .../balancer/gracefulswitch/gracefulswitch.go | 409 - .../grpc/internal/balancerload/load.go | 46 - .../grpc/internal/binarylog/binarylog.go | 192 - .../internal/binarylog/binarylog_testutil.go | 42 - .../grpc/internal/binarylog/env_config.go | 208 - .../grpc/internal/binarylog/method_logger.go | 446 - .../grpc/internal/binarylog/sink.go | 170 - .../grpc/internal/buffer/unbounded.go | 116 - .../grpc/internal/channelz/channel.go | 270 - .../grpc/internal/channelz/channelmap.go | 395 - .../grpc/internal/channelz/funcs.go | 230 - .../grpc/internal/channelz/logging.go | 75 - .../grpc/internal/channelz/server.go | 121 - .../grpc/internal/channelz/socket.go | 137 - .../grpc/internal/channelz/subchannel.go | 153 - .../grpc/internal/channelz/syscall_linux.go | 65 - .../internal/channelz/syscall_nonlinux.go | 47 - .../grpc/internal/channelz/trace.go | 213 - .../grpc/internal/credentials/credentials.go | 35 - .../grpc/internal/credentials/spiffe.go | 75 - .../grpc/internal/credentials/syscallconn.go | 58 - .../grpc/internal/credentials/util.go | 52 - .../grpc/internal/envconfig/envconfig.go | 101 - .../grpc/internal/envconfig/observability.go | 42 - .../grpc/internal/envconfig/xds.go | 71 - .../grpc/internal/experimental.go | 28 - .../grpc/internal/grpclog/prefix_logger.go | 79 - .../internal/grpcsync/callback_serializer.go | 112 - .../grpc/internal/grpcsync/event.go | 58 - .../grpc/internal/grpcsync/pubsub.go | 121 - .../grpc/internal/grpcutil/compressor.go | 42 - .../grpc/internal/grpcutil/encode_duration.go | 63 - .../grpc/internal/grpcutil/grpcutil.go | 20 - .../grpc/internal/grpcutil/metadata.go | 40 - .../grpc/internal/grpcutil/method.go | 88 - .../grpc/internal/grpcutil/regex.go | 31 - .../grpc/internal/idle/idle.go | 280 - .../grpc/internal/internal.go | 293 - .../grpc/internal/metadata/metadata.go | 144 - .../grpc/internal/pretty/pretty.go | 73 - .../proxyattributes/proxyattributes.go | 54 - .../grpc/internal/resolver/config_selector.go | 167 - .../delegatingresolver/delegatingresolver.go | 427 - .../internal/resolver/dns/dns_resolver.go | 461 - .../resolver/dns/internal/internal.go | 77 - .../resolver/passthrough/passthrough.go | 64 - .../grpc/internal/resolver/unix/unix.go | 78 - .../grpc/internal/serviceconfig/duration.go | 130 - .../internal/serviceconfig/serviceconfig.go | 180 - .../grpc/internal/stats/labels.go | 42 - .../internal/stats/metrics_recorder_list.go | 105 - .../grpc/internal/status/status.go | 246 - .../grpc/internal/syscall/syscall_linux.go | 112 - .../grpc/internal/syscall/syscall_nonlinux.go | 77 - .../grpc/internal/tcp_keepalive_others.go | 29 - .../grpc/internal/tcp_keepalive_unix.go | 54 - .../grpc/internal/tcp_keepalive_windows.go | 54 - .../grpc/internal/transport/bdp_estimator.go | 141 - .../grpc/internal/transport/client_stream.go | 144 - .../grpc/internal/transport/controlbuf.go | 1061 - .../grpc/internal/transport/defaults.go | 55 - .../grpc/internal/transport/flowcontrol.go | 212 - .../grpc/internal/transport/handler_server.go | 504 - .../grpc/internal/transport/http2_client.go | 1845 - .../grpc/internal/transport/http2_server.go | 1508 - .../grpc/internal/transport/http_util.go | 468 - .../grpc/internal/transport/logging.go | 40 - .../transport/networktype/networktype.go | 46 - .../grpc/internal/transport/proxy.go | 116 - .../grpc/internal/transport/server_stream.go | 180 - .../grpc/internal/transport/transport.go | 700 - .../grpc/keepalive/keepalive.go | 99 - .../google.golang.org/grpc/mem/buffer_pool.go | 194 - .../grpc/mem/buffer_slice.go | 292 - vendor/google.golang.org/grpc/mem/buffers.go | 268 - .../grpc/metadata/metadata.go | 295 - vendor/google.golang.org/grpc/peer/peer.go | 83 - .../google.golang.org/grpc/picker_wrapper.go | 219 - vendor/google.golang.org/grpc/preloader.go | 85 - .../grpc/reflection/README.md | 18 - .../grpc/reflection/adapt.go | 57 - .../grpc_reflection_v1/reflection.pb.go | 777 - .../grpc_reflection_v1/reflection_grpc.pb.go | 138 - .../grpc_reflection_v1alpha/reflection.pb.go | 847 - .../reflection_grpc.pb.go | 135 - .../grpc/reflection/internal/internal.go | 436 - .../grpc/reflection/serverreflection.go | 160 - .../grpc/resolver/dns/dns_resolver.go | 60 - vendor/google.golang.org/grpc/resolver/map.go | 247 - .../grpc/resolver/resolver.go | 358 - .../grpc/resolver_wrapper.go | 221 - vendor/google.golang.org/grpc/rpc_util.go | 1086 - vendor/google.golang.org/grpc/server.go | 2245 -- .../google.golang.org/grpc/service_config.go | 360 - .../grpc/serviceconfig/serviceconfig.go | 44 - .../google.golang.org/grpc/stats/handlers.go | 72 - .../google.golang.org/grpc/stats/metrics.go | 81 - vendor/google.golang.org/grpc/stats/stats.go | 318 - .../google.golang.org/grpc/status/status.go | 162 - vendor/google.golang.org/grpc/stream.go | 1860 - .../grpc/stream_interfaces.go | 238 - vendor/google.golang.org/grpc/tap/tap.go | 62 - vendor/google.golang.org/grpc/trace.go | 143 - .../google.golang.org/grpc/trace_notrace.go | 52 - .../google.golang.org/grpc/trace_withtrace.go | 39 - vendor/google.golang.org/grpc/version.go | 22 - vendor/google.golang.org/protobuf/LICENSE | 27 - vendor/google.golang.org/protobuf/PATENTS | 22 - .../protobuf/encoding/protojson/decode.go | 680 - .../protobuf/encoding/protojson/doc.go | 11 - .../protobuf/encoding/protojson/encode.go | 380 - .../encoding/protojson/well_known_types.go | 880 - .../protobuf/encoding/prototext/decode.go | 767 - .../protobuf/encoding/prototext/doc.go | 7 - .../protobuf/encoding/prototext/encode.go | 380 - .../protobuf/encoding/protowire/wire.go | 571 - .../protobuf/internal/descfmt/stringer.go | 414 - .../protobuf/internal/descopts/options.go | 29 - .../protobuf/internal/detrand/rand.go | 69 - .../internal/editiondefaults/defaults.go | 12 - .../editiondefaults/editions_defaults.binpb | Bin 154 -> 0 bytes .../internal/editionssupport/editions.go | 18 - .../internal/encoding/defval/default.go | 213 - .../protobuf/internal/encoding/json/decode.go | 340 - .../internal/encoding/json/decode_number.go | 254 - .../internal/encoding/json/decode_string.go | 91 - .../internal/encoding/json/decode_token.go | 192 - .../protobuf/internal/encoding/json/encode.go | 278 - .../encoding/messageset/messageset.go | 242 - .../protobuf/internal/encoding/tag/tag.go | 201 - .../protobuf/internal/encoding/text/decode.go | 686 - .../internal/encoding/text/decode_number.go | 211 - .../internal/encoding/text/decode_string.go | 161 - .../internal/encoding/text/decode_token.go | 373 - .../protobuf/internal/encoding/text/doc.go | 29 - .../protobuf/internal/encoding/text/encode.go | 272 - .../protobuf/internal/errors/errors.go | 104 - .../protobuf/internal/filedesc/build.go | 157 - .../protobuf/internal/filedesc/desc.go | 748 - .../protobuf/internal/filedesc/desc_init.go | 560 - .../protobuf/internal/filedesc/desc_lazy.go | 694 - .../protobuf/internal/filedesc/desc_list.go | 457 - .../internal/filedesc/desc_list_gen.go | 367 - .../protobuf/internal/filedesc/editions.go | 172 - .../protobuf/internal/filedesc/placeholder.go | 110 - .../protobuf/internal/filedesc/presence.go | 33 - .../protobuf/internal/filetype/build.go | 296 - .../protobuf/internal/flags/flags.go | 24 - .../internal/flags/proto_legacy_disable.go | 10 - .../internal/flags/proto_legacy_enable.go | 10 - .../protobuf/internal/genid/any_gen.go | 34 - .../protobuf/internal/genid/api_gen.go | 112 - .../protobuf/internal/genid/descriptor_gen.go | 1332 - .../protobuf/internal/genid/doc.go | 11 - .../protobuf/internal/genid/duration_gen.go | 34 - .../protobuf/internal/genid/empty_gen.go | 19 - .../protobuf/internal/genid/field_mask_gen.go | 31 - .../internal/genid/go_features_gen.go | 70 - .../protobuf/internal/genid/goname.go | 20 - .../protobuf/internal/genid/map_entry.go | 16 - .../protobuf/internal/genid/name.go | 12 - .../internal/genid/source_context_gen.go | 31 - .../protobuf/internal/genid/struct_gen.go | 121 - .../protobuf/internal/genid/timestamp_gen.go | 34 - .../protobuf/internal/genid/type_gen.go | 228 - .../protobuf/internal/genid/wrappers.go | 13 - .../protobuf/internal/genid/wrappers_gen.go | 175 - .../protobuf/internal/impl/api_export.go | 177 - .../internal/impl/api_export_opaque.go | 128 - .../protobuf/internal/impl/bitmap.go | 34 - .../protobuf/internal/impl/bitmap_race.go | 126 - .../protobuf/internal/impl/checkinit.go | 174 - .../protobuf/internal/impl/codec_extension.go | 228 - .../protobuf/internal/impl/codec_field.go | 788 - .../internal/impl/codec_field_opaque.go | 264 - .../protobuf/internal/impl/codec_gen.go | 5724 --- .../protobuf/internal/impl/codec_map.go | 399 - .../protobuf/internal/impl/codec_message.go | 230 - .../internal/impl/codec_message_opaque.go | 154 - .../internal/impl/codec_messageset.go | 145 - .../protobuf/internal/impl/codec_tables.go | 557 - .../protobuf/internal/impl/codec_unsafe.go | 15 - .../protobuf/internal/impl/convert.go | 495 - .../protobuf/internal/impl/convert_list.go | 141 - .../protobuf/internal/impl/convert_map.go | 121 - .../protobuf/internal/impl/decode.go | 333 - .../protobuf/internal/impl/encode.go | 315 - .../protobuf/internal/impl/enum.go | 21 - .../protobuf/internal/impl/equal.go | 224 - .../protobuf/internal/impl/extension.go | 156 - .../protobuf/internal/impl/lazy.go | 433 - .../protobuf/internal/impl/legacy_enum.go | 219 - .../protobuf/internal/impl/legacy_export.go | 92 - .../internal/impl/legacy_extension.go | 177 - .../protobuf/internal/impl/legacy_file.go | 81 - .../protobuf/internal/impl/legacy_message.go | 569 - .../protobuf/internal/impl/merge.go | 203 - .../protobuf/internal/impl/merge_gen.go | 209 - .../protobuf/internal/impl/message.go | 283 - .../protobuf/internal/impl/message_opaque.go | 598 - .../internal/impl/message_opaque_gen.go | 132 - .../protobuf/internal/impl/message_reflect.go | 462 - .../internal/impl/message_reflect_field.go | 423 - .../impl/message_reflect_field_gen.go | 273 - .../internal/impl/message_reflect_gen.go | 271 - .../protobuf/internal/impl/pointer_unsafe.go | 220 - .../internal/impl/pointer_unsafe_opaque.go | 42 - .../protobuf/internal/impl/presence.go | 139 - .../protobuf/internal/impl/validate.go | 570 - .../protobuf/internal/order/order.go | 89 - .../protobuf/internal/order/range.go | 115 - .../protobuf/internal/pragma/pragma.go | 29 - .../internal/protolazy/bufferreader.go | 364 - .../protobuf/internal/protolazy/lazy.go | 359 - .../internal/protolazy/pointer_unsafe.go | 17 - .../protobuf/internal/set/ints.go | 58 - .../protobuf/internal/strs/strings.go | 196 - .../protobuf/internal/strs/strings_unsafe.go | 71 - .../protobuf/internal/version/version.go | 79 - .../protobuf/proto/checkinit.go | 71 - .../protobuf/proto/decode.go | 307 - .../protobuf/proto/decode_gen.go | 603 - .../google.golang.org/protobuf/proto/doc.go | 86 - .../protobuf/proto/encode.go | 355 - .../protobuf/proto/encode_gen.go | 97 - .../google.golang.org/protobuf/proto/equal.go | 66 - .../protobuf/proto/extension.go | 166 - .../google.golang.org/protobuf/proto/merge.go | 145 - .../protobuf/proto/messageset.go | 98 - .../google.golang.org/protobuf/proto/proto.go | 45 - .../protobuf/proto/proto_methods.go | 20 - .../protobuf/proto/proto_reflect.go | 20 - .../google.golang.org/protobuf/proto/reset.go | 43 - .../google.golang.org/protobuf/proto/size.go | 111 - .../protobuf/proto/size_gen.go | 55 - .../protobuf/proto/wrapperopaque.go | 80 - .../protobuf/proto/wrappers.go | 29 - .../protobuf/protoadapt/convert.go | 31 - .../protobuf/reflect/protodesc/desc.go | 286 - .../protobuf/reflect/protodesc/desc_init.go | 288 - .../reflect/protodesc/desc_resolve.go | 291 - .../reflect/protodesc/desc_validate.go | 359 - .../protobuf/reflect/protodesc/editions.go | 181 - .../protobuf/reflect/protodesc/proto.go | 271 - .../protobuf/reflect/protoreflect/methods.go | 88 - .../protobuf/reflect/protoreflect/proto.go | 513 - .../protobuf/reflect/protoreflect/source.go | 129 - .../reflect/protoreflect/source_gen.go | 583 - .../protobuf/reflect/protoreflect/type.go | 666 - .../protobuf/reflect/protoreflect/value.go | 285 - .../reflect/protoreflect/value_equal.go | 168 - .../reflect/protoreflect/value_union.go | 438 - .../reflect/protoreflect/value_unsafe.go | 84 - .../reflect/protoregistry/registry.go | 882 - .../protobuf/runtime/protoiface/legacy.go | 15 - .../protobuf/runtime/protoiface/methods.go | 202 - .../protobuf/runtime/protoimpl/impl.go | 48 - .../protobuf/runtime/protoimpl/version.go | 60 - .../types/descriptorpb/descriptor.pb.go | 5238 --- .../types/gofeaturespb/go_features.pb.go | 311 - .../protobuf/types/known/anypb/any.pb.go | 469 - .../types/known/durationpb/duration.pb.go | 346 - .../protobuf/types/known/emptypb/empty.pb.go | 142 - .../types/known/timestamppb/timestamp.pb.go | 355 - vendor/modules.txt | 479 - ...tions_environment_public_key.html.markdown | 31 - .../actions_environment_secrets.html.markdown | 28 - ...ctions_environment_variables.html.markdown | 29 - ...claim_customization_template.html.markdown | 23 - ...ions_organization_public_key.html.markdown | 22 - ...anization_registration_token.html.markdown | 24 - ...actions_organization_secrets.html.markdown | 28 - ...tions_organization_variables.html.markdown | 28 - .../docs/d/actions_public_key.html.markdown | 29 - .../actions_registration_token.html.markdown | 27 - ...claim_customization_template.html.markdown | 27 - website/docs/d/actions_secrets.html.markdown | 31 - .../docs/d/actions_variables.html.markdown | 32 - website/docs/d/app.html.markdown | 35 - website/docs/d/app_token.html.markdown | 36 - website/docs/d/branch.html.markdown | 37 - .../d/branch_protection_rules.html.markdown | 30 - ...aces_organization_public_key.html.markdown | 22 - ...espaces_organization_secrets.html.markdown | 28 - .../d/codespaces_public_key.html.markdown | 28 - .../docs/d/codespaces_secrets.html.markdown | 35 - .../codespaces_user_public_key.html.markdown | 22 - .../d/codespaces_user_secrets.html.markdown | 28 - website/docs/d/collaborators.html.markdown | 69 - ...abot_organization_public_key.html.markdown | 22 - ...endabot_organization_secrets.html.markdown | 28 - .../d/dependabot_public_key.html.markdown | 28 - .../docs/d/dependabot_secrets.html.markdown | 31 - website/docs/d/enterprise.html.markdown | 28 - website/docs/d/external_groups.html.markdown | 40 - website/docs/d/ip_ranges.html.markdown | 46 - website/docs/d/issue_labels.html.markdown | 30 - website/docs/d/membership.html.markdown | 34 - website/docs/d/organization.html.markdown | 59 - ...ganization_custom_properties.html.markdown | 40 - .../d/organization_custom_role.html.markdown | 37 - .../organization_external_identities.markdown | 50 - .../organization_ip_allow_list.html.markdown | 32 - ...organization_repository_role.html.markdown | 33 - ...rganization_repository_roles.html.markdown | 35 - .../docs/d/organization_role.html.markdown | 32 - .../d/organization_role_teams.html.markdown | 37 - .../d/organization_role_users.html.markdown | 35 - .../docs/d/organization_roles.html.markdown | 34 - ...ganization_security_managers.html.markdown | 31 - ...rganization_team_sync_groups.html.markdown | 31 - .../docs/d/organization_teams.html.markdown | 49 - .../d/organization_webhooks.html.markdown | 31 - website/docs/d/ref.html.markdown | 40 - website/docs/d/release.html.markdown | 87 - website/docs/d/release_asset.html.markdown | 88 - website/docs/d/repositories.html.markdown | 37 - website/docs/d/repository.html.markdown | 130 - ...pository_autolink_references.html.markdown | 29 - .../docs/d/repository_branches.html.markdown | 32 - ...repository_custom_properties.html.markdown | 28 - .../d/repository_deploy_keys.html.markdown | 30 - ...y_deployment_branch_policies.html.markdown | 33 - ...ironment_deployment_policies.html.markdown | 31 - .../d/repository_environments.html.markdown | 28 - website/docs/d/repository_file.html.markdown | 52 - .../docs/d/repository_milestone.html.markdown | 35 - .../d/repository_pull_request.html.markdown | 58 - .../d/repository_pull_requests.html.markdown | 74 - website/docs/d/repository_teams.html.markdown | 31 - .../docs/d/repository_webhooks.html.markdown | 33 - website/docs/d/rest_api.html.markdown | 30 - website/docs/d/ssh_keys.html.markdown | 20 - website/docs/d/team.html.markdown | 38 - website/docs/d/tree.html.markdown | 44 - website/docs/d/user.html.markdown | 57 - .../d/user_external_identity.html.markdown | 51 - website/docs/d/users.html.markdown | 38 - website/docs/index.html.markdown | 142 - .../actions_environment_secret.html.markdown | 119 - ...actions_environment_variable.html.markdown | 78 - .../r/actions_hosted_runner.html.markdown | 153 - ...claim_customization_template.html.markdown | 36 - ...ons_organization_permissions.html.markdown | 64 - .../actions_organization_secret.html.markdown | 117 - ...nization_secret_repositories.html.markdown | 63 - ...ganization_secret_repository.html.markdown | 63 - ...ctions_organization_variable.html.markdown | 71 - ...zation_variable_repositories.html.markdown | 63 - ...nization_variable_repository.html.markdown | 63 - ...ization_workflow_permissions.html.markdown | 65 - ...ions_repository_access_level.html.markdown | 40 - ...claim_customization_template.html.markdown | 52 - ...tions_repository_permissions.html.markdown | 55 - .../docs/r/actions_runner_group.html.markdown | 57 - website/docs/r/actions_secret.html.markdown | 97 - website/docs/r/actions_variable.html.markdown | 58 - ...pp_installation_repositories.html.markdown | 57 - .../app_installation_repository.html.markdown | 51 - website/docs/r/branch.html.markdown | 67 - website/docs/r/branch_default.html.markdown | 68 - .../docs/r/branch_protection.html.markdown | 146 - .../docs/r/branch_protection_v3.html.markdown | 148 - ...despaces_organization_secret.html.markdown | 83 - ...nization_secret_repositories.html.markdown | 42 - .../docs/r/codespaces_secret.html.markdown | 65 - .../r/codespaces_user_secret.html.markdown | 65 - ...pendabot_organization_secret.html.markdown | 115 - ...nization_secret_repositories.html.markdown | 63 - ...ganization_secret_repository.html.markdown | 63 - .../docs/r/dependabot_secret.html.markdown | 96 - .../docs/r/emu_group_mapping.html.markdown | 34 - ...terprise_actions_permissions.html.markdown | 64 - ...erprise_actions_runner_group.html.markdown | 65 - ...actions_workflow_permissions.html.markdown | 64 - .../r/enterprise_organization.html.markdown | 49 - ...e_security_analysis_settings.html.markdown | 83 - website/docs/r/issue.html.markdown | 89 - website/docs/r/issue_label.html.markdown | 56 - website/docs/r/issue_labels.html.markdown | 62 - website/docs/r/membership.html.markdown | 46 - .../docs/r/organization_block.html.markdown | 32 - ...ganization_custom_properties.html.markdown | 98 - .../r/organization_custom_role.html.markdown | 69 - .../docs/r/organization_project.html.markdown | 35 - ...organization_repository_role.html.markdown | 50 - .../docs/r/organization_role.html.markdown | 50 - .../r/organization_role_team.html.markdown | 34 - ...ization_role_team_assignment.html.markdown | 46 - .../r/organization_role_user.html.markdown | 34 - .../docs/r/organization_ruleset.html.markdown | 361 - ...rganization_security_manager.html.markdown | 37 - .../r/organization_settings.html.markdown | 91 - .../docs/r/organization_webhook.html.markdown | 57 - website/docs/r/project_card.html.markdown | 86 - website/docs/r/project_column.html.markdown | 34 - website/docs/r/release.html.markdown | 104 - website/docs/r/repository.html.markdown | 252 - ...epository_autolink_reference.html.markdown | 65 - .../r/repository_collaborator.html.markdown | 74 - .../r/repository_collaborators.html.markdown | 105 - .../repository_custom_property.html.markdown | 47 - ..._dependabot_security_updates.html.markdown | 49 - .../r/repository_deploy_key.html.markdown | 58 - ...ory_deployment_branch_policy.html.markdown | 55 - .../r/repository_environment.html.markdown | 74 - ...nvironment_deployment_policy.html.markdown | 95 - website/docs/r/repository_file.html.markdown | 113 - .../docs/r/repository_milestone.html.markdown | 54 - .../docs/r/repository_project.html.markdown | 44 - .../r/repository_pull_request.html.markdown | 58 - .../docs/r/repository_ruleset.html.markdown | 341 - .../docs/r/repository_topics.html.markdown | 42 - .../docs/r/repository_webhook.html.markdown | 80 - website/docs/r/team.html.markdown | 55 - website/docs/r/team_members.html.markdown | 85 - website/docs/r/team_membership.html.markdown | 58 - website/docs/r/team_repository.html.markdown | 65 - website/docs/r/team_settings.html.markdown | 63 - .../r/team_sync_group_mapping.html.markdown | 58 - website/docs/r/user_gpg_key.html.markdown | 39 - .../r/user_invitation_accepter.html.markdown | 53 - website/docs/r/user_ssh_key.html.markdown | 43 - ...kflow_repository_permissions.html.markdown | 41 - website/github.erb | 461 - 3298 files changed, 18048 insertions(+), 820811 deletions(-) delete mode 100644 .markdownlint.yaml create mode 100644 .rumdl.toml create mode 100644 docs.go create mode 100644 docs/data-sources/actions_environment_public_key.md create mode 100644 docs/data-sources/actions_environment_secrets.md create mode 100644 docs/data-sources/actions_environment_variables.md create mode 100644 docs/data-sources/actions_organization_oidc_subject_claim_customization_template.md create mode 100644 docs/data-sources/actions_organization_public_key.md create mode 100644 docs/data-sources/actions_organization_registration_token.md create mode 100644 docs/data-sources/actions_organization_secrets.md create mode 100644 docs/data-sources/actions_organization_variables.md create mode 100644 docs/data-sources/actions_public_key.md create mode 100644 docs/data-sources/actions_registration_token.md create mode 100644 docs/data-sources/actions_repository_oidc_subject_claim_customization_template.md create mode 100644 docs/data-sources/actions_secrets.md create mode 100644 docs/data-sources/actions_variables.md create mode 100644 docs/data-sources/app.md create mode 100644 docs/data-sources/app_token.md create mode 100644 docs/data-sources/branch.md create mode 100644 docs/data-sources/branch_protection_rules.md create mode 100644 docs/data-sources/codespaces_organization_public_key.md create mode 100644 docs/data-sources/codespaces_organization_secrets.md create mode 100644 docs/data-sources/codespaces_public_key.md create mode 100644 docs/data-sources/codespaces_secrets.md create mode 100644 docs/data-sources/codespaces_user_public_key.md create mode 100644 docs/data-sources/codespaces_user_secrets.md create mode 100644 docs/data-sources/collaborators.md create mode 100644 docs/data-sources/dependabot_organization_public_key.md create mode 100644 docs/data-sources/dependabot_organization_secrets.md create mode 100644 docs/data-sources/dependabot_public_key.md create mode 100644 docs/data-sources/dependabot_secrets.md create mode 100644 docs/data-sources/enterprise.md create mode 100644 docs/data-sources/external_groups.md create mode 100644 docs/data-sources/ip_ranges.md create mode 100644 docs/data-sources/issue_labels.md create mode 100644 docs/data-sources/membership.md create mode 100644 docs/data-sources/organization.md create mode 100644 docs/data-sources/organization_custom_properties.md create mode 100644 docs/data-sources/organization_custom_role.md create mode 100644 docs/data-sources/organization_external_identities.md create mode 100644 docs/data-sources/organization_ip_allow_list.md create mode 100644 docs/data-sources/organization_repository_role.md create mode 100644 docs/data-sources/organization_repository_roles.md create mode 100644 docs/data-sources/organization_role.md create mode 100644 docs/data-sources/organization_role_teams.md create mode 100644 docs/data-sources/organization_role_users.md create mode 100644 docs/data-sources/organization_roles.md create mode 100644 docs/data-sources/organization_security_managers.md create mode 100644 docs/data-sources/organization_team_sync_groups.md create mode 100644 docs/data-sources/organization_teams.md create mode 100644 docs/data-sources/organization_webhooks.md create mode 100644 docs/data-sources/ref.md create mode 100644 docs/data-sources/release.md create mode 100644 docs/data-sources/release_asset.md create mode 100644 docs/data-sources/repositories.md create mode 100644 docs/data-sources/repository.md create mode 100644 docs/data-sources/repository_autolink_references.md create mode 100644 docs/data-sources/repository_branches.md create mode 100644 docs/data-sources/repository_custom_properties.md create mode 100644 docs/data-sources/repository_deploy_keys.md create mode 100644 docs/data-sources/repository_deployment_branch_policies.md create mode 100644 docs/data-sources/repository_environment_deployment_policies.md create mode 100644 docs/data-sources/repository_environments.md create mode 100644 docs/data-sources/repository_file.md create mode 100644 docs/data-sources/repository_milestone.md create mode 100644 docs/data-sources/repository_pull_request.md create mode 100644 docs/data-sources/repository_pull_requests.md create mode 100644 docs/data-sources/repository_teams.md create mode 100644 docs/data-sources/repository_webhooks.md create mode 100644 docs/data-sources/rest_api.md create mode 100644 docs/data-sources/ssh_keys.md create mode 100644 docs/data-sources/team.md create mode 100644 docs/data-sources/tree.md create mode 100644 docs/data-sources/user.md create mode 100644 docs/data-sources/user_external_identity.md create mode 100644 docs/data-sources/users.md create mode 100644 docs/index.md create mode 100644 docs/resources/actions_environment_secret.md create mode 100644 docs/resources/actions_environment_variable.md create mode 100644 docs/resources/actions_hosted_runner.md create mode 100644 docs/resources/actions_organization_oidc_subject_claim_customization_template.md create mode 100644 docs/resources/actions_organization_permissions.md create mode 100644 docs/resources/actions_organization_secret.md create mode 100644 docs/resources/actions_organization_secret_repositories.md create mode 100644 docs/resources/actions_organization_secret_repository.md create mode 100644 docs/resources/actions_organization_variable.md create mode 100644 docs/resources/actions_organization_variable_repositories.md create mode 100644 docs/resources/actions_organization_variable_repository.md create mode 100644 docs/resources/actions_organization_workflow_permissions.md create mode 100644 docs/resources/actions_repository_access_level.md create mode 100644 docs/resources/actions_repository_oidc_subject_claim_customization_template.md create mode 100644 docs/resources/actions_repository_permissions.md create mode 100644 docs/resources/actions_runner_group.md create mode 100644 docs/resources/actions_secret.md create mode 100644 docs/resources/actions_variable.md create mode 100644 docs/resources/app_installation_repositories.md create mode 100644 docs/resources/app_installation_repository.md create mode 100644 docs/resources/branch.md create mode 100644 docs/resources/branch_default.md create mode 100644 docs/resources/branch_protection.md create mode 100644 docs/resources/branch_protection_v3.md create mode 100644 docs/resources/codespaces_organization_secret.md create mode 100644 docs/resources/codespaces_organization_secret_repositories.md create mode 100644 docs/resources/codespaces_secret.md create mode 100644 docs/resources/codespaces_user_secret.md create mode 100644 docs/resources/dependabot_organization_secret.md create mode 100644 docs/resources/dependabot_organization_secret_repositories.md create mode 100644 docs/resources/dependabot_organization_secret_repository.md create mode 100644 docs/resources/dependabot_secret.md create mode 100644 docs/resources/emu_group_mapping.md create mode 100644 docs/resources/enterprise_actions_permissions.md create mode 100644 docs/resources/enterprise_actions_runner_group.md create mode 100644 docs/resources/enterprise_actions_workflow_permissions.md create mode 100644 docs/resources/enterprise_organization.md create mode 100644 docs/resources/enterprise_security_analysis_settings.md create mode 100644 docs/resources/issue.md create mode 100644 docs/resources/issue_label.md create mode 100644 docs/resources/issue_labels.md create mode 100644 docs/resources/membership.md create mode 100644 docs/resources/organization_block.md create mode 100644 docs/resources/organization_custom_properties.md create mode 100644 docs/resources/organization_custom_role.md create mode 100644 docs/resources/organization_project.md create mode 100644 docs/resources/organization_repository_role.md create mode 100644 docs/resources/organization_role.md create mode 100644 docs/resources/organization_role_team.md create mode 100644 docs/resources/organization_role_team_assignment.md create mode 100644 docs/resources/organization_role_user.md create mode 100644 docs/resources/organization_ruleset.md create mode 100644 docs/resources/organization_security_manager.md create mode 100644 docs/resources/organization_settings.md create mode 100644 docs/resources/organization_webhook.md create mode 100644 docs/resources/project_card.md create mode 100644 docs/resources/project_column.md create mode 100644 docs/resources/release.md create mode 100644 docs/resources/repository.md create mode 100644 docs/resources/repository_autolink_reference.md create mode 100644 docs/resources/repository_collaborator.md create mode 100644 docs/resources/repository_collaborators.md create mode 100644 docs/resources/repository_custom_property.md create mode 100644 docs/resources/repository_dependabot_security_updates.md create mode 100644 docs/resources/repository_deploy_key.md create mode 100644 docs/resources/repository_deployment_branch_policy.md create mode 100644 docs/resources/repository_environment.md create mode 100644 docs/resources/repository_environment_deployment_policy.md create mode 100644 docs/resources/repository_file.md create mode 100644 docs/resources/repository_milestone.md create mode 100644 docs/resources/repository_project.md create mode 100644 docs/resources/repository_pull_request.md create mode 100644 docs/resources/repository_ruleset.md create mode 100644 docs/resources/repository_topics.md create mode 100644 docs/resources/repository_webhook.md create mode 100644 docs/resources/team.md create mode 100644 docs/resources/team_members.md create mode 100644 docs/resources/team_membership.md create mode 100644 docs/resources/team_repository.md create mode 100644 docs/resources/team_settings.md create mode 100644 docs/resources/team_sync_group_mapping.md create mode 100644 docs/resources/user_gpg_key.md create mode 100644 docs/resources/user_invitation_accepter.md create mode 100644 docs/resources/user_ssh_key.md create mode 100644 docs/resources/workflow_repository_permissions.md create mode 100644 examples/data-sources/actions_environment_public_key/example_1.tf create mode 100644 examples/data-sources/actions_environment_secrets/example_1.tf create mode 100644 examples/data-sources/actions_environment_variables/example_1.tf create mode 100644 examples/data-sources/actions_organization_oidc_subject_claim_customization_template/example_1.tf create mode 100644 examples/data-sources/actions_organization_public_key/example_1.tf create mode 100644 examples/data-sources/actions_organization_registration_token/example_1.tf create mode 100644 examples/data-sources/actions_organization_secrets/example_1.tf create mode 100644 examples/data-sources/actions_organization_variables/example_1.tf create mode 100644 examples/data-sources/actions_public_key/example_1.tf create mode 100644 examples/data-sources/actions_registration_token/example_1.tf create mode 100644 examples/data-sources/actions_repository_oidc_subject_claim_customization_template/example_1.tf create mode 100644 examples/data-sources/actions_secrets/example_1.tf create mode 100644 examples/data-sources/actions_variables/example_1.tf create mode 100644 examples/data-sources/app/example_1.tf create mode 100644 examples/data-sources/app_token/example_1.tf create mode 100644 examples/data-sources/branch/example_1.tf create mode 100644 examples/data-sources/branch_protection_rules/example_1.tf create mode 100644 examples/data-sources/codespaces_organization_public_key/example_1.tf create mode 100644 examples/data-sources/codespaces_organization_secrets/example_1.tf create mode 100644 examples/data-sources/codespaces_public_key/example_1.tf create mode 100644 examples/data-sources/codespaces_secrets/example_1.tf create mode 100644 examples/data-sources/codespaces_user_public_key/example_1.tf create mode 100644 examples/data-sources/codespaces_user_secrets/example_1.tf create mode 100644 examples/data-sources/collaborators/example_1.tf create mode 100644 examples/data-sources/dependabot_organization_public_key/example_1.tf create mode 100644 examples/data-sources/dependabot_organization_secrets/example_1.tf create mode 100644 examples/data-sources/dependabot_public_key/example_1.tf create mode 100644 examples/data-sources/dependabot_secrets/example_1.tf create mode 100644 examples/data-sources/external_groups/example_1.tf create mode 100644 examples/data-sources/ip_ranges/example_1.tf create mode 100644 examples/data-sources/issue_labels/example_1.tf create mode 100644 examples/data-sources/membership/example_1.tf create mode 100644 examples/data-sources/organization/example_1.tf create mode 100644 examples/data-sources/organization_custom_properties/example_1.tf create mode 100644 examples/data-sources/organization_custom_role/example_1.tf create mode 100644 examples/data-sources/organization_external_identities/example_1.tf create mode 100644 examples/data-sources/organization_ip_allow_list/example_1.tf create mode 100644 examples/data-sources/organization_repository_role/example_1.tf create mode 100644 examples/data-sources/organization_repository_roles/example_1.tf create mode 100644 examples/data-sources/organization_role/example_1.tf create mode 100644 examples/data-sources/organization_role_teams/example_1.tf create mode 100644 examples/data-sources/organization_role_users/example_1.tf create mode 100644 examples/data-sources/organization_roles/example_1.tf create mode 100644 examples/data-sources/organization_security_managers/example_1.tf create mode 100644 examples/data-sources/organization_team_sync_groups/example_1.tf create mode 100644 examples/data-sources/organization_teams/example_1.tf create mode 100644 examples/data-sources/organization_teams/example_2.tf create mode 100644 examples/data-sources/organization_webhooks/example_1.tf create mode 100644 examples/data-sources/ref/example_1.tf create mode 100644 examples/data-sources/release/example_1.tf create mode 100644 examples/data-sources/release/example_2.tf create mode 100644 examples/data-sources/release/example_3.tf create mode 100644 examples/data-sources/release_asset/example_1.tf create mode 100644 examples/data-sources/release_asset/example_2.tf create mode 100644 examples/data-sources/release_asset/example_3.tf create mode 100644 examples/data-sources/release_asset/example_4.tf create mode 100644 examples/data-sources/repositories/example_1.tf create mode 100644 examples/data-sources/repository/example_1.tf create mode 100644 examples/data-sources/repository_autolink_references/example_1.tf create mode 100644 examples/data-sources/repository_branches/example_1.tf create mode 100644 examples/data-sources/repository_custom_properties/example_1.tf create mode 100644 examples/data-sources/repository_deploy_keys/example_1.tf create mode 100644 examples/data-sources/repository_deployment_branch_policies/example_1.tf create mode 100644 examples/data-sources/repository_environment_deployment_policies/example_1.tf create mode 100644 examples/data-sources/repository_environments/example_1.tf create mode 100644 examples/data-sources/repository_file/example_1.tf create mode 100644 examples/data-sources/repository_milestone/example_1.tf create mode 100644 examples/data-sources/repository_pull_request/example_1.tf create mode 100644 examples/data-sources/repository_pull_requests/example_1.tf create mode 100644 examples/data-sources/repository_teams/example_1.tf create mode 100644 examples/data-sources/repository_webhooks/example_1.tf create mode 100644 examples/data-sources/rest_api/example_1.tf create mode 100644 examples/data-sources/ssh_keys/example_1.tf create mode 100644 examples/data-sources/team/example_1.tf create mode 100644 examples/data-sources/tree/example_1.tf create mode 100644 examples/data-sources/user/example_1.tf create mode 100644 examples/data-sources/user_external_identity/example_1.tf create mode 100644 examples/data-sources/users/example_1.tf create mode 100644 examples/example_1.tf create mode 100644 examples/example_2.tf create mode 100644 examples/example_3.tf create mode 100644 examples/example_4.tf create mode 100644 examples/example_5.tf create mode 100644 examples/resources/actions_environment_secret/example_1.tf create mode 100644 examples/resources/actions_environment_secret/example_2.tf create mode 100644 examples/resources/actions_environment_secret/example_3.tf create mode 100644 examples/resources/actions_environment_secret/example_4.tf create mode 100644 examples/resources/actions_environment_variable/example_1.tf create mode 100644 examples/resources/actions_environment_variable/example_2.tf create mode 100644 examples/resources/actions_environment_variable/example_3.tf create mode 100644 examples/resources/actions_hosted_runner/example_1.tf create mode 100644 examples/resources/actions_hosted_runner/example_2.tf create mode 100644 examples/resources/actions_hosted_runner/example_3.tf create mode 100644 examples/resources/actions_organization_oidc_subject_claim_customization_template/example_1.tf create mode 100644 examples/resources/actions_organization_permissions/example_1.tf create mode 100644 examples/resources/actions_organization_secret/example_1.tf create mode 100644 examples/resources/actions_organization_secret/example_2.tf create mode 100644 examples/resources/actions_organization_secret/example_3.tf create mode 100644 examples/resources/actions_organization_secret/example_4.tf create mode 100644 examples/resources/actions_organization_secret_repositories/example_1.tf create mode 100644 examples/resources/actions_organization_secret_repositories/example_2.tf create mode 100644 examples/resources/actions_organization_secret_repository/example_1.tf create mode 100644 examples/resources/actions_organization_secret_repository/example_2.tf create mode 100644 examples/resources/actions_organization_variable/example_1.tf create mode 100644 examples/resources/actions_organization_variable/example_2.tf create mode 100644 examples/resources/actions_organization_variable/example_3.tf create mode 100644 examples/resources/actions_organization_variable_repositories/example_1.tf create mode 100644 examples/resources/actions_organization_variable_repositories/example_2.tf create mode 100644 examples/resources/actions_organization_variable_repository/example_1.tf create mode 100644 examples/resources/actions_organization_variable_repository/example_2.tf create mode 100644 examples/resources/actions_organization_workflow_permissions/example_1.tf create mode 100644 examples/resources/actions_repository_access_level/example_1.tf create mode 100644 examples/resources/actions_repository_oidc_subject_claim_customization_template/example_1.tf create mode 100644 examples/resources/actions_repository_permissions/example_1.tf create mode 100644 examples/resources/actions_runner_group/example_1.tf create mode 100644 examples/resources/actions_secret/example_1.tf create mode 100644 examples/resources/actions_secret/example_2.tf create mode 100644 examples/resources/actions_secret/example_3.tf create mode 100644 examples/resources/actions_variable/example_1.tf create mode 100644 examples/resources/actions_variable/example_2.tf create mode 100644 examples/resources/app_installation_repositories/example_1.tf create mode 100644 examples/resources/app_installation_repository/example_1.tf create mode 100644 examples/resources/branch/example_1.tf create mode 100644 examples/resources/branch_default/example_1.tf create mode 100644 examples/resources/branch_default/example_2.tf create mode 100644 examples/resources/branch_protection/example_1.tf create mode 100644 examples/resources/branch_protection_v3/example_1.tf create mode 100644 examples/resources/branch_protection_v3/example_2.tf create mode 100644 examples/resources/codespaces_organization_secret/example_1.tf create mode 100644 examples/resources/codespaces_organization_secret/example_2.tf create mode 100644 examples/resources/codespaces_organization_secret_repositories/example_1.tf create mode 100644 examples/resources/codespaces_secret/example_1.tf create mode 100644 examples/resources/codespaces_user_secret/example_1.tf create mode 100644 examples/resources/dependabot_organization_secret/example_1.tf create mode 100644 examples/resources/dependabot_organization_secret/example_2.tf create mode 100644 examples/resources/dependabot_organization_secret/example_3.tf create mode 100644 examples/resources/dependabot_organization_secret/example_4.tf create mode 100644 examples/resources/dependabot_organization_secret_repositories/example_1.tf create mode 100644 examples/resources/dependabot_organization_secret_repositories/example_2.tf create mode 100644 examples/resources/dependabot_organization_secret_repository/example_1.tf create mode 100644 examples/resources/dependabot_organization_secret_repository/example_2.tf create mode 100644 examples/resources/dependabot_secret/example_1.tf create mode 100644 examples/resources/dependabot_secret/example_2.tf create mode 100644 examples/resources/dependabot_secret/example_3.tf create mode 100644 examples/resources/emu_group_mapping/example_1.tf create mode 100644 examples/resources/enterprise_actions_permissions/example_1.tf create mode 100644 examples/resources/enterprise_actions_runner_group/example_1.tf create mode 100644 examples/resources/enterprise_actions_workflow_permissions/example_1.tf create mode 100644 examples/resources/enterprise_security_analysis_settings/example_1.tf create mode 100644 examples/resources/issue/example_1.tf create mode 100644 examples/resources/issue/example_2.tf create mode 100644 examples/resources/issue_label/example_1.tf create mode 100644 examples/resources/issue_labels/example_1.tf create mode 100644 examples/resources/membership/example_1.tf create mode 100644 examples/resources/organization_block/example_1.tf create mode 100644 examples/resources/organization_custom_properties/example_1.tf create mode 100644 examples/resources/organization_custom_properties/example_2.tf create mode 100644 examples/resources/organization_custom_properties/example_3.tf create mode 100644 examples/resources/organization_custom_properties/example_4.tf create mode 100644 examples/resources/organization_custom_role/example_1.tf create mode 100644 examples/resources/organization_project/example_1.tf create mode 100644 examples/resources/organization_repository_role/example_1.tf create mode 100644 examples/resources/organization_role/example_1.tf create mode 100644 examples/resources/organization_role_team/example_1.tf create mode 100644 examples/resources/organization_role_team_assignment/example_1.tf create mode 100644 examples/resources/organization_role_user/example_1.tf create mode 100644 examples/resources/organization_ruleset/example_1.tf create mode 100644 examples/resources/organization_security_manager/example_1.tf create mode 100644 examples/resources/organization_settings/example_1.tf create mode 100644 examples/resources/organization_webhook/example_1.tf create mode 100644 examples/resources/project_card/example_1.tf create mode 100644 examples/resources/project_card/example_2.tf create mode 100644 examples/resources/project_column/example_1.tf create mode 100644 examples/resources/release/example_1.tf create mode 100644 examples/resources/release/example_2.tf create mode 100644 examples/resources/repository/example_1.tf create mode 100644 examples/resources/repository/example_2.tf create mode 100644 examples/resources/repository/example_3.tf create mode 100644 examples/resources/repository_autolink_reference/example_1.tf create mode 100644 examples/resources/repository_collaborator/example_1.tf create mode 100644 examples/resources/repository_collaborators/example_1.tf create mode 100644 examples/resources/repository_custom_property/example_1.tf create mode 100644 examples/resources/repository_dependabot_security_updates/example_1.tf create mode 100644 examples/resources/repository_deploy_key/example_1.tf create mode 100644 examples/resources/repository_deployment_branch_policy/example_1.tf create mode 100644 examples/resources/repository_environment/example_1.tf create mode 100644 examples/resources/repository_environment_deployment_policy/example_1.tf create mode 100644 examples/resources/repository_environment_deployment_policy/example_2.tf create mode 100644 examples/resources/repository_file/example_1.tf create mode 100644 examples/resources/repository_file/example_2.tf create mode 100644 examples/resources/repository_milestone/example_1.tf create mode 100644 examples/resources/repository_project/example_1.tf create mode 100644 examples/resources/repository_pull_request/example_1.tf create mode 100644 examples/resources/repository_ruleset/example_1.tf create mode 100644 examples/resources/repository_topics/example_1.tf create mode 100644 examples/resources/repository_webhook/example_1.tf create mode 100644 examples/resources/team/example_1.tf create mode 100644 examples/resources/team_members/example_1.tf create mode 100644 examples/resources/team_membership/example_1.tf create mode 100644 examples/resources/team_repository/example_1.tf create mode 100644 examples/resources/team_settings/example_1.tf create mode 100644 examples/resources/team_sync_group_mapping/example_1.tf create mode 100644 examples/resources/user_gpg_key/example_1.tf create mode 100644 examples/resources/user_invitation_accepter/example_1.tf create mode 100644 examples/resources/user_ssh_key/example_1.tf create mode 100644 examples/resources/workflow_repository_permissions/example_1.tf create mode 100644 templates/data-sources/actions_environment_public_key.md.tmpl create mode 100644 templates/data-sources/actions_environment_secrets.md.tmpl create mode 100644 templates/data-sources/actions_environment_variables.md.tmpl create mode 100644 templates/data-sources/actions_organization_oidc_subject_claim_customization_template.md.tmpl create mode 100644 templates/data-sources/actions_organization_public_key.md.tmpl create mode 100644 templates/data-sources/actions_organization_registration_token.md.tmpl create mode 100644 templates/data-sources/actions_organization_secrets.md.tmpl create mode 100644 templates/data-sources/actions_organization_variables.md.tmpl create mode 100644 templates/data-sources/actions_public_key.md.tmpl create mode 100644 templates/data-sources/actions_registration_token.md.tmpl create mode 100644 templates/data-sources/actions_repository_oidc_subject_claim_customization_template.md.tmpl create mode 100644 templates/data-sources/actions_secrets.md.tmpl create mode 100644 templates/data-sources/actions_variables.md.tmpl create mode 100644 templates/data-sources/app.md.tmpl create mode 100644 templates/data-sources/app_token.md.tmpl create mode 100644 templates/data-sources/branch.md.tmpl create mode 100644 templates/data-sources/branch_protection_rules.md.tmpl create mode 100644 templates/data-sources/codespaces_organization_public_key.md.tmpl create mode 100644 templates/data-sources/codespaces_organization_secrets.md.tmpl create mode 100644 templates/data-sources/codespaces_public_key.md.tmpl create mode 100644 templates/data-sources/codespaces_secrets.md.tmpl create mode 100644 templates/data-sources/codespaces_user_public_key.md.tmpl create mode 100644 templates/data-sources/codespaces_user_secrets.md.tmpl create mode 100644 templates/data-sources/collaborators.md.tmpl create mode 100644 templates/data-sources/dependabot_organization_public_key.md.tmpl create mode 100644 templates/data-sources/dependabot_organization_secrets.md.tmpl create mode 100644 templates/data-sources/dependabot_public_key.md.tmpl create mode 100644 templates/data-sources/dependabot_secrets.md.tmpl create mode 100644 templates/data-sources/enterprise.md.tmpl create mode 100644 templates/data-sources/external_groups.md.tmpl create mode 100644 templates/data-sources/ip_ranges.md.tmpl create mode 100644 templates/data-sources/issue_labels.md.tmpl create mode 100644 templates/data-sources/membership.md.tmpl create mode 100644 templates/data-sources/organization.md.tmpl create mode 100644 templates/data-sources/organization_custom_properties.md.tmpl create mode 100644 templates/data-sources/organization_custom_role.md.tmpl create mode 100644 templates/data-sources/organization_external_identities.md.tmpl create mode 100644 templates/data-sources/organization_ip_allow_list.md.tmpl create mode 100644 templates/data-sources/organization_repository_role.md.tmpl create mode 100644 templates/data-sources/organization_repository_roles.md.tmpl create mode 100644 templates/data-sources/organization_role.md.tmpl create mode 100644 templates/data-sources/organization_role_teams.md.tmpl create mode 100644 templates/data-sources/organization_role_users.md.tmpl create mode 100644 templates/data-sources/organization_roles.md.tmpl create mode 100644 templates/data-sources/organization_security_managers.md.tmpl create mode 100644 templates/data-sources/organization_team_sync_groups.md.tmpl create mode 100644 templates/data-sources/organization_teams.md.tmpl create mode 100644 templates/data-sources/organization_webhooks.md.tmpl create mode 100644 templates/data-sources/ref.md.tmpl create mode 100644 templates/data-sources/release.md.tmpl create mode 100644 templates/data-sources/release_asset.md.tmpl create mode 100644 templates/data-sources/repositories.md.tmpl create mode 100644 templates/data-sources/repository.md.tmpl create mode 100644 templates/data-sources/repository_autolink_references.md.tmpl create mode 100644 templates/data-sources/repository_branches.md.tmpl create mode 100644 templates/data-sources/repository_custom_properties.md.tmpl create mode 100644 templates/data-sources/repository_deploy_keys.md.tmpl create mode 100644 templates/data-sources/repository_deployment_branch_policies.md.tmpl create mode 100644 templates/data-sources/repository_environment_deployment_policies.md.tmpl create mode 100644 templates/data-sources/repository_environments.md.tmpl create mode 100644 templates/data-sources/repository_file.md.tmpl create mode 100644 templates/data-sources/repository_milestone.md.tmpl create mode 100644 templates/data-sources/repository_pull_request.md.tmpl create mode 100644 templates/data-sources/repository_pull_requests.md.tmpl create mode 100644 templates/data-sources/repository_teams.md.tmpl create mode 100644 templates/data-sources/repository_webhooks.md.tmpl create mode 100644 templates/data-sources/rest_api.md.tmpl create mode 100644 templates/data-sources/ssh_keys.md.tmpl create mode 100644 templates/data-sources/team.md.tmpl create mode 100644 templates/data-sources/tree.md.tmpl create mode 100644 templates/data-sources/user.md.tmpl create mode 100644 templates/data-sources/user_external_identity.md.tmpl create mode 100644 templates/data-sources/users.md.tmpl create mode 100644 templates/index.md.tmpl create mode 100644 templates/resources/actions_environment_secret.md.tmpl create mode 100644 templates/resources/actions_environment_variable.md.tmpl create mode 100644 templates/resources/actions_hosted_runner.md.tmpl create mode 100644 templates/resources/actions_organization_oidc_subject_claim_customization_template.md.tmpl create mode 100644 templates/resources/actions_organization_permissions.md.tmpl create mode 100644 templates/resources/actions_organization_secret.md.tmpl create mode 100644 templates/resources/actions_organization_secret_repositories.md.tmpl create mode 100644 templates/resources/actions_organization_secret_repository.md.tmpl create mode 100644 templates/resources/actions_organization_variable.md.tmpl create mode 100644 templates/resources/actions_organization_variable_repositories.md.tmpl create mode 100644 templates/resources/actions_organization_variable_repository.md.tmpl create mode 100644 templates/resources/actions_organization_workflow_permissions.md.tmpl create mode 100644 templates/resources/actions_repository_access_level.md.tmpl create mode 100644 templates/resources/actions_repository_oidc_subject_claim_customization_template.md.tmpl create mode 100644 templates/resources/actions_repository_permissions.md.tmpl create mode 100644 templates/resources/actions_runner_group.md.tmpl create mode 100644 templates/resources/actions_secret.md.tmpl create mode 100644 templates/resources/actions_variable.md.tmpl create mode 100644 templates/resources/app_installation_repositories.md.tmpl create mode 100644 templates/resources/app_installation_repository.md.tmpl create mode 100644 templates/resources/branch.md.tmpl create mode 100644 templates/resources/branch_default.md.tmpl create mode 100644 templates/resources/branch_protection.md.tmpl create mode 100644 templates/resources/branch_protection_v3.md.tmpl create mode 100644 templates/resources/codespaces_organization_secret.md.tmpl create mode 100644 templates/resources/codespaces_organization_secret_repositories.md.tmpl create mode 100644 templates/resources/codespaces_secret.md.tmpl create mode 100644 templates/resources/codespaces_user_secret.md.tmpl create mode 100644 templates/resources/dependabot_organization_secret.md.tmpl create mode 100644 templates/resources/dependabot_organization_secret_repositories.md.tmpl create mode 100644 templates/resources/dependabot_organization_secret_repository.md.tmpl create mode 100644 templates/resources/dependabot_secret.md.tmpl create mode 100644 templates/resources/emu_group_mapping.md.tmpl create mode 100644 templates/resources/enterprise_actions_permissions.md.tmpl create mode 100644 templates/resources/enterprise_actions_runner_group.md.tmpl create mode 100644 templates/resources/enterprise_actions_workflow_permissions.md.tmpl create mode 100644 templates/resources/enterprise_organization.md.tmpl create mode 100644 templates/resources/enterprise_security_analysis_settings.md.tmpl create mode 100644 templates/resources/issue.md.tmpl create mode 100644 templates/resources/issue_label.md.tmpl create mode 100644 templates/resources/issue_labels.md.tmpl create mode 100644 templates/resources/membership.md.tmpl create mode 100644 templates/resources/organization_block.md.tmpl create mode 100644 templates/resources/organization_custom_properties.md.tmpl create mode 100644 templates/resources/organization_custom_role.md.tmpl create mode 100644 templates/resources/organization_project.md.tmpl create mode 100644 templates/resources/organization_repository_role.md.tmpl create mode 100644 templates/resources/organization_role.md.tmpl create mode 100644 templates/resources/organization_role_team.md.tmpl create mode 100644 templates/resources/organization_role_team_assignment.md.tmpl create mode 100644 templates/resources/organization_role_user.md.tmpl create mode 100644 templates/resources/organization_ruleset.md.tmpl create mode 100644 templates/resources/organization_security_manager.md.tmpl create mode 100644 templates/resources/organization_settings.md.tmpl create mode 100644 templates/resources/organization_webhook.md.tmpl create mode 100644 templates/resources/project_card.md.tmpl create mode 100644 templates/resources/project_column.md.tmpl create mode 100644 templates/resources/release.md.tmpl create mode 100644 templates/resources/repository.md.tmpl create mode 100644 templates/resources/repository_autolink_reference.md.tmpl create mode 100644 templates/resources/repository_collaborator.md.tmpl create mode 100644 templates/resources/repository_collaborators.md.tmpl create mode 100644 templates/resources/repository_custom_property.md.tmpl create mode 100644 templates/resources/repository_dependabot_security_updates.md.tmpl create mode 100644 templates/resources/repository_deploy_key.md.tmpl create mode 100644 templates/resources/repository_deployment_branch_policy.md.tmpl create mode 100644 templates/resources/repository_environment.md.tmpl create mode 100644 templates/resources/repository_environment_deployment_policy.md.tmpl create mode 100644 templates/resources/repository_file.md.tmpl create mode 100644 templates/resources/repository_milestone.md.tmpl create mode 100644 templates/resources/repository_project.md.tmpl create mode 100644 templates/resources/repository_pull_request.md.tmpl create mode 100644 templates/resources/repository_ruleset.md.tmpl create mode 100644 templates/resources/repository_topics.md.tmpl create mode 100644 templates/resources/repository_webhook.md.tmpl create mode 100644 templates/resources/team.md.tmpl create mode 100644 templates/resources/team_members.md.tmpl create mode 100644 templates/resources/team_membership.md.tmpl create mode 100644 templates/resources/team_repository.md.tmpl create mode 100644 templates/resources/team_settings.md.tmpl create mode 100644 templates/resources/team_sync_group_mapping.md.tmpl create mode 100644 templates/resources/user_gpg_key.md.tmpl create mode 100644 templates/resources/user_invitation_accepter.md.tmpl create mode 100644 templates/resources/user_ssh_key.md.tmpl create mode 100644 templates/resources/workflow_repository_permissions.md.tmpl delete mode 100644 vendor/github.com/ProtonMail/go-crypto/AUTHORS delete mode 100644 vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS delete mode 100644 vendor/github.com/ProtonMail/go-crypto/LICENSE delete mode 100644 vendor/github.com/ProtonMail/go-crypto/PATENTS delete mode 100644 vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/eax/eax.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/read.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/write.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go delete mode 100644 vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go delete mode 100644 vendor/github.com/agext/levenshtein/.gitignore delete mode 100644 vendor/github.com/agext/levenshtein/.travis.yml delete mode 100644 vendor/github.com/agext/levenshtein/DCO delete mode 100644 vendor/github.com/agext/levenshtein/LICENSE delete mode 100644 vendor/github.com/agext/levenshtein/MAINTAINERS delete mode 100644 vendor/github.com/agext/levenshtein/NOTICE delete mode 100644 vendor/github.com/agext/levenshtein/README.md delete mode 100644 vendor/github.com/agext/levenshtein/levenshtein.go delete mode 100644 vendor/github.com/agext/levenshtein/params.go delete mode 100644 vendor/github.com/agext/levenshtein/test.sh delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/LICENSE delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/all_tokens.go delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/emoji_table.rl delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/generate.go delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters.go delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters.rl delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters_table.rl delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/tables.go delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/unicode2ragel.rb delete mode 100644 vendor/github.com/apparentlymart/go-textseg/v15/textseg/utf8_seqs.go delete mode 100644 vendor/github.com/cloudflare/circl/LICENSE delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/curve.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/doc.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/key.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x25519/table.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/curve.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/doc.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/key.go delete mode 100644 vendor/github.com/cloudflare/circl/dh/x448/table.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go delete mode 100644 vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/conv/conv.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/doc.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/hashes.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/rc.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/sha3.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/shake.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/xor.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go delete mode 100644 vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp25519/fp.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h delete mode 100644 vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s delete mode 100644 vendor/github.com/cloudflare/circl/math/fp25519/fp_generic.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fp.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go delete mode 100644 vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go delete mode 100644 vendor/github.com/cloudflare/circl/math/integer.go delete mode 100644 vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go delete mode 100644 vendor/github.com/cloudflare/circl/math/mlsbset/power.go delete mode 100644 vendor/github.com/cloudflare/circl/math/primes.go delete mode 100644 vendor/github.com/cloudflare/circl/math/wnaf.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/modular.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/mult.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/point.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed25519/tables.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed448/ed448.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/ed448/signapi.go delete mode 100644 vendor/github.com/cloudflare/circl/sign/sign.go delete mode 100644 vendor/github.com/fatih/color/LICENSE.md delete mode 100644 vendor/github.com/fatih/color/README.md delete mode 100644 vendor/github.com/fatih/color/color.go delete mode 100644 vendor/github.com/fatih/color/color_windows.go delete mode 100644 vendor/github.com/fatih/color/doc.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/.gitignore delete mode 100644 vendor/github.com/go-jose/go-jose/v3/.golangci.yml delete mode 100644 vendor/github.com/go-jose/go-jose/v3/.travis.yml delete mode 100644 vendor/github.com/go-jose/go-jose/v3/CHANGELOG.md delete mode 100644 vendor/github.com/go-jose/go-jose/v3/CONTRIBUTING.md delete mode 100644 vendor/github.com/go-jose/go-jose/v3/LICENSE delete mode 100644 vendor/github.com/go-jose/go-jose/v3/README.md delete mode 100644 vendor/github.com/go-jose/go-jose/v3/SECURITY.md delete mode 100644 vendor/github.com/go-jose/go-jose/v3/asymmetric.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/cipher/cbc_hmac.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/cipher/concat_kdf.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/cipher/ecdh_es.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/cipher/key_wrap.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/crypter.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/doc.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/encoding.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/LICENSE delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/README.md delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/decode.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/encode.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/indent.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/scanner.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/stream.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/json/tags.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwe.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwk.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jws.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwt/builder.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwt/claims.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwt/doc.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwt/errors.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwt/jwt.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/jwt/validation.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/opaque.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/shared.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/signing.go delete mode 100644 vendor/github.com/go-jose/go-jose/v3/symmetric.go delete mode 100644 vendor/github.com/golang/protobuf/AUTHORS delete mode 100644 vendor/github.com/golang/protobuf/CONTRIBUTORS delete mode 100644 vendor/github.com/golang/protobuf/LICENSE delete mode 100644 vendor/github.com/golang/protobuf/proto/buffer.go delete mode 100644 vendor/github.com/golang/protobuf/proto/defaults.go delete mode 100644 vendor/github.com/golang/protobuf/proto/deprecated.go delete mode 100644 vendor/github.com/golang/protobuf/proto/discard.go delete mode 100644 vendor/github.com/golang/protobuf/proto/extensions.go delete mode 100644 vendor/github.com/golang/protobuf/proto/properties.go delete mode 100644 vendor/github.com/golang/protobuf/proto/proto.go delete mode 100644 vendor/github.com/golang/protobuf/proto/registry.go delete mode 100644 vendor/github.com/golang/protobuf/proto/text_decode.go delete mode 100644 vendor/github.com/golang/protobuf/proto/text_encode.go delete mode 100644 vendor/github.com/golang/protobuf/proto/wire.go delete mode 100644 vendor/github.com/golang/protobuf/proto/wrappers.go delete mode 100644 vendor/github.com/golang/protobuf/ptypes/empty/empty.pb.go delete mode 100644 vendor/github.com/google/go-cmp/LICENSE delete mode 100644 vendor/github.com/google/go-cmp/cmp/compare.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/export.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/diff/diff.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/flags/flags.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/function/func.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/value/name.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/value/pointer.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/internal/value/sort.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/options.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/path.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report_compare.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report_references.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report_reflect.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report_slices.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report_text.go delete mode 100644 vendor/github.com/google/go-cmp/cmp/report_value.go delete mode 100644 vendor/github.com/google/go-github/v82/AUTHORS delete mode 100644 vendor/github.com/google/go-github/v82/LICENSE delete mode 100644 vendor/github.com/google/go-github/v82/github/actions.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_artifacts.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_cache.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_hosted_runners.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_oidc.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_permissions_enterprise.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_permissions_orgs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_runner_groups.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_runners.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_secrets.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_variables.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_workflow_jobs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_workflow_runs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/actions_workflows.go delete mode 100644 vendor/github.com/google/go-github/v82/github/activity.go delete mode 100644 vendor/github.com/google/go-github/v82/github/activity_events.go delete mode 100644 vendor/github.com/google/go-github/v82/github/activity_notifications.go delete mode 100644 vendor/github.com/google/go-github/v82/github/activity_star.go delete mode 100644 vendor/github.com/google/go-github/v82/github/activity_watching.go delete mode 100644 vendor/github.com/google/go-github/v82/github/admin.go delete mode 100644 vendor/github.com/google/go-github/v82/github/admin_orgs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/admin_stats.go delete mode 100644 vendor/github.com/google/go-github/v82/github/admin_users.go delete mode 100644 vendor/github.com/google/go-github/v82/github/apps.go delete mode 100644 vendor/github.com/google/go-github/v82/github/apps_hooks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/apps_hooks_deliveries.go delete mode 100644 vendor/github.com/google/go-github/v82/github/apps_installation.go delete mode 100644 vendor/github.com/google/go-github/v82/github/apps_manifest.go delete mode 100644 vendor/github.com/google/go-github/v82/github/apps_marketplace.go delete mode 100644 vendor/github.com/google/go-github/v82/github/attestations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/authorizations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/billing.go delete mode 100644 vendor/github.com/google/go-github/v82/github/checks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/classroom.go delete mode 100644 vendor/github.com/google/go-github/v82/github/code_scanning.go delete mode 100644 vendor/github.com/google/go-github/v82/github/codesofconduct.go delete mode 100644 vendor/github.com/google/go-github/v82/github/codespaces.go delete mode 100644 vendor/github.com/google/go-github/v82/github/codespaces_machines.go delete mode 100644 vendor/github.com/google/go-github/v82/github/codespaces_orgs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/codespaces_secrets.go delete mode 100644 vendor/github.com/google/go-github/v82/github/copilot.go delete mode 100644 vendor/github.com/google/go-github/v82/github/credentials.go delete mode 100644 vendor/github.com/google/go-github/v82/github/dependabot.go delete mode 100644 vendor/github.com/google/go-github/v82/github/dependabot_alerts.go delete mode 100644 vendor/github.com/google/go-github/v82/github/dependabot_secrets.go delete mode 100644 vendor/github.com/google/go-github/v82/github/dependency_graph.go delete mode 100644 vendor/github.com/google/go-github/v82/github/dependency_graph_snapshots.go delete mode 100644 vendor/github.com/google/go-github/v82/github/doc.go delete mode 100644 vendor/github.com/google/go-github/v82/github/emojis.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_actions_hosted_runners.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_actions_runner_groups.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_actions_runners.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_app_installation.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_apps.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_audit_log.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_billing_cost_centers.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_code_security_and_analysis.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_codesecurity_configurations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_licenses.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_manage_ghes.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_manage_ghes_config.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_manage_ghes_maintenance.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_manage_ghes_ssh.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_network_configurations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_organization_properties.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_properties.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_rules.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_scim.go delete mode 100644 vendor/github.com/google/go-github/v82/github/enterprise_team.go delete mode 100644 vendor/github.com/google/go-github/v82/github/event.go delete mode 100644 vendor/github.com/google/go-github/v82/github/event_types.go delete mode 100644 vendor/github.com/google/go-github/v82/github/gists.go delete mode 100644 vendor/github.com/google/go-github/v82/github/gists_comments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/git.go delete mode 100644 vendor/github.com/google/go-github/v82/github/git_blobs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/git_commits.go delete mode 100644 vendor/github.com/google/go-github/v82/github/git_refs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/git_tags.go delete mode 100644 vendor/github.com/google/go-github/v82/github/git_trees.go delete mode 100644 vendor/github.com/google/go-github/v82/github/github-accessors.go delete mode 100644 vendor/github.com/google/go-github/v82/github/github.go delete mode 100644 vendor/github.com/google/go-github/v82/github/gitignore.go delete mode 100644 vendor/github.com/google/go-github/v82/github/interactions.go delete mode 100644 vendor/github.com/google/go-github/v82/github/interactions_orgs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/interactions_repos.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issue_import.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues_assignees.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues_comments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues_events.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues_labels.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues_milestones.go delete mode 100644 vendor/github.com/google/go-github/v82/github/issues_timeline.go delete mode 100644 vendor/github.com/google/go-github/v82/github/licenses.go delete mode 100644 vendor/github.com/google/go-github/v82/github/markdown.go delete mode 100644 vendor/github.com/google/go-github/v82/github/messages.go delete mode 100644 vendor/github.com/google/go-github/v82/github/meta.go delete mode 100644 vendor/github.com/google/go-github/v82/github/migrations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/migrations_source_import.go delete mode 100644 vendor/github.com/google/go-github/v82/github/migrations_user.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_actions_allowed.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_actions_permissions.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_attestations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_audit_log.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_codesecurity_configurations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_credential_authorizations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_custom_repository_roles.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_hooks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_hooks_configuration.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_hooks_deliveries.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_immutable_releases.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_issue_types.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_members.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_network_configurations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_organization_properties.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_organization_roles.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_outside_collaborators.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_packages.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_personal_access_tokens.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_properties.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_rules.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_security_managers.go delete mode 100644 vendor/github.com/google/go-github/v82/github/orgs_users_blocking.go delete mode 100644 vendor/github.com/google/go-github/v82/github/packages.go delete mode 100644 vendor/github.com/google/go-github/v82/github/private_registries.go delete mode 100644 vendor/github.com/google/go-github/v82/github/projects.go delete mode 100644 vendor/github.com/google/go-github/v82/github/pulls.go delete mode 100644 vendor/github.com/google/go-github/v82/github/pulls_comments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/pulls_reviewers.go delete mode 100644 vendor/github.com/google/go-github/v82/github/pulls_reviews.go delete mode 100644 vendor/github.com/google/go-github/v82/github/pulls_threads.go delete mode 100644 vendor/github.com/google/go-github/v82/github/rate_limit.go delete mode 100644 vendor/github.com/google/go-github/v82/github/reactions.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_actions_access.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_actions_allowed.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_actions_permissions.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_attestations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_autolinks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_codeowners.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_collaborators.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_comments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_commits.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_community_health.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_contents.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_deployment_branch_policies.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_deployment_protection_rules.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_deployments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_environments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_forks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_hooks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_hooks_configuration.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_hooks_deliveries.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_invitations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_keys.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_lfs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_merging.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_pages.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_prereceive_hooks.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_properties.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_releases.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_rules.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_stats.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_statuses.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_tags.go delete mode 100644 vendor/github.com/google/go-github/v82/github/repos_traffic.go delete mode 100644 vendor/github.com/google/go-github/v82/github/rules.go delete mode 100644 vendor/github.com/google/go-github/v82/github/scim.go delete mode 100644 vendor/github.com/google/go-github/v82/github/search.go delete mode 100644 vendor/github.com/google/go-github/v82/github/secret_scanning.go delete mode 100644 vendor/github.com/google/go-github/v82/github/secret_scanning_pattern_configs.go delete mode 100644 vendor/github.com/google/go-github/v82/github/security_advisories.go delete mode 100644 vendor/github.com/google/go-github/v82/github/strings.go delete mode 100644 vendor/github.com/google/go-github/v82/github/sub_issue.go delete mode 100644 vendor/github.com/google/go-github/v82/github/teams.go delete mode 100644 vendor/github.com/google/go-github/v82/github/teams_discussion_comments.go delete mode 100644 vendor/github.com/google/go-github/v82/github/teams_discussions.go delete mode 100644 vendor/github.com/google/go-github/v82/github/teams_members.go delete mode 100644 vendor/github.com/google/go-github/v82/github/timestamp.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_administration.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_attestations.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_blocking.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_emails.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_followers.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_gpg_keys.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_keys.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_packages.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_social_accounts.go delete mode 100644 vendor/github.com/google/go-github/v82/github/users_ssh_signing_keys.go delete mode 100644 vendor/github.com/google/go-github/v82/github/with_appengine.go delete mode 100644 vendor/github.com/google/go-github/v82/github/without_appengine.go delete mode 100644 vendor/github.com/google/go-querystring/LICENSE delete mode 100644 vendor/github.com/google/go-querystring/query/encode.go delete mode 100644 vendor/github.com/google/uuid/CHANGELOG.md delete mode 100644 vendor/github.com/google/uuid/CONTRIBUTING.md delete mode 100644 vendor/github.com/google/uuid/CONTRIBUTORS delete mode 100644 vendor/github.com/google/uuid/LICENSE delete mode 100644 vendor/github.com/google/uuid/README.md delete mode 100644 vendor/github.com/google/uuid/dce.go delete mode 100644 vendor/github.com/google/uuid/doc.go delete mode 100644 vendor/github.com/google/uuid/hash.go delete mode 100644 vendor/github.com/google/uuid/marshal.go delete mode 100644 vendor/github.com/google/uuid/node.go delete mode 100644 vendor/github.com/google/uuid/node_js.go delete mode 100644 vendor/github.com/google/uuid/node_net.go delete mode 100644 vendor/github.com/google/uuid/null.go delete mode 100644 vendor/github.com/google/uuid/sql.go delete mode 100644 vendor/github.com/google/uuid/time.go delete mode 100644 vendor/github.com/google/uuid/util.go delete mode 100644 vendor/github.com/google/uuid/uuid.go delete mode 100644 vendor/github.com/google/uuid/version1.go delete mode 100644 vendor/github.com/google/uuid/version4.go delete mode 100644 vendor/github.com/google/uuid/version6.go delete mode 100644 vendor/github.com/google/uuid/version7.go delete mode 100644 vendor/github.com/hashicorp/errwrap/LICENSE delete mode 100644 vendor/github.com/hashicorp/errwrap/README.md delete mode 100644 vendor/github.com/hashicorp/errwrap/errwrap.go delete mode 100644 vendor/github.com/hashicorp/go-checkpoint/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-checkpoint/README.md delete mode 100644 vendor/github.com/hashicorp/go-checkpoint/check.go delete mode 100644 vendor/github.com/hashicorp/go-checkpoint/telemetry.go delete mode 100644 vendor/github.com/hashicorp/go-checkpoint/versions.go delete mode 100644 vendor/github.com/hashicorp/go-cleanhttp/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-cleanhttp/README.md delete mode 100644 vendor/github.com/hashicorp/go-cleanhttp/cleanhttp.go delete mode 100644 vendor/github.com/hashicorp/go-cleanhttp/doc.go delete mode 100644 vendor/github.com/hashicorp/go-cleanhttp/handlers.go delete mode 100644 vendor/github.com/hashicorp/go-cty/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/capsule.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/capsule_ops.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/collection.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/compare_types.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion_capsule.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion_collection.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion_dynamic.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion_object.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion_primitive.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/conversion_tuple.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/doc.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/mismatch_msg.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/public.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/sort_types.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/convert/unify.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/doc.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/element_iterator.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/error.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/gob.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/gocty/doc.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/gocty/helpers.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/gocty/in.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/gocty/out.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/gocty/type_implied.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/helper.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/doc.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/marshal.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/simple.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/type_implied.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/unmarshal.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/json/value.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/list_type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/map_type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/marks.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/doc.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/dynamic.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/infinity.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/marshal.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/type_implied.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/unknown.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/msgpack/unmarshal.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/null.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/object_type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/path.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/path_set.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/primitive_type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set/gob.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set/iterator.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set/ops.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set/rules.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set/set.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set_helper.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set_internals.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/set_type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/tuple_type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/type.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/type_conform.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/types_to_register.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/unknown.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/unknown_as_null.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/value.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/value_init.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/value_ops.go delete mode 100644 vendor/github.com/hashicorp/go-cty/cty/walk.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/.gitignore delete mode 100644 vendor/github.com/hashicorp/go-hclog/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-hclog/README.md delete mode 100644 vendor/github.com/hashicorp/go-hclog/colorize_unix.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/colorize_windows.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/context.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/exclude.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/global.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/interceptlogger.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/intlogger.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/logger.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/nulllogger.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/stacktrace.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/stdlog.go delete mode 100644 vendor/github.com/hashicorp/go-hclog/writer.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-multierror/Makefile delete mode 100644 vendor/github.com/hashicorp/go-multierror/README.md delete mode 100644 vendor/github.com/hashicorp/go-multierror/append.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/flatten.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/format.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/group.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/multierror.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/prefix.go delete mode 100644 vendor/github.com/hashicorp/go-multierror/sort.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/.gitignore delete mode 100644 vendor/github.com/hashicorp/go-plugin/.go-version delete mode 100644 vendor/github.com/hashicorp/go-plugin/CHANGELOG.md delete mode 100644 vendor/github.com/hashicorp/go-plugin/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-plugin/README.md delete mode 100644 vendor/github.com/hashicorp/go-plugin/buf.gen.yaml delete mode 100644 vendor/github.com/hashicorp/go-plugin/buf.yaml delete mode 100644 vendor/github.com/hashicorp/go-plugin/client.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/constants.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/discover.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/error.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_broker.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_client.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_controller.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_server.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_stdio.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/addr_translator.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/cmd_reattach.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/cmd_runner.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/notes_unix.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/notes_windows.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/process.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/process_posix.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/cmdrunner/process_windows.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/grpcmux/blocked_client_listener.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/grpcmux/blocked_server_listener.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/grpcmux/grpc_client_muxer.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/grpcmux/grpc_muxer.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/grpcmux/grpc_server_muxer.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker_grpc.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller_grpc.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_stdio.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_stdio.proto delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_stdio_grpc.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/log_entry.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/mtls.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/mux_broker.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/plugin.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/process.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/protocol.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/rpc_client.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/rpc_server.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/runner/runner.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/server.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/server_mux.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/stream.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/testing.go delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/.gitignore delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/.go-version delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/CHANGELOG.md delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/CODEOWNERS delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/Makefile delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/README.md delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/cert_error_go119.go delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/cert_error_go120.go delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/client.go delete mode 100644 vendor/github.com/hashicorp/go-retryablehttp/roundtripper.go delete mode 100644 vendor/github.com/hashicorp/go-uuid/.travis.yml delete mode 100644 vendor/github.com/hashicorp/go-uuid/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-uuid/README.md delete mode 100644 vendor/github.com/hashicorp/go-uuid/uuid.go delete mode 100644 vendor/github.com/hashicorp/go-version/CHANGELOG.md delete mode 100644 vendor/github.com/hashicorp/go-version/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-version/README.md delete mode 100644 vendor/github.com/hashicorp/go-version/constraint.go delete mode 100644 vendor/github.com/hashicorp/go-version/version.go delete mode 100644 vendor/github.com/hashicorp/go-version/version_collection.go delete mode 100644 vendor/github.com/hashicorp/hc-install/.copywrite.hcl delete mode 100644 vendor/github.com/hashicorp/hc-install/.go-version delete mode 100644 vendor/github.com/hashicorp/hc-install/LICENSE delete mode 100644 vendor/github.com/hashicorp/hc-install/README.md delete mode 100644 vendor/github.com/hashicorp/hc-install/catalog-info.yaml delete mode 100644 vendor/github.com/hashicorp/hc-install/checkpoint/latest_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/errors/errors.go delete mode 100644 vendor/github.com/hashicorp/hc-install/fs/any_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/fs/exact_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/fs/fs.go delete mode 100644 vendor/github.com/hashicorp/hc-install/fs/fs_unix.go delete mode 100644 vendor/github.com/hashicorp/hc-install/fs/fs_windows.go delete mode 100644 vendor/github.com/hashicorp/hc-install/fs/version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/installer.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/build/get_go_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/build/go_build.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/build/go_is_installed.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/build/install_go_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/httpclient/httpclient.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/pubkey/pubkey.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/releasesjson/checksum_downloader.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/releasesjson/downloader.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/releasesjson/product_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/releasesjson/releases.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/src/src.go delete mode 100644 vendor/github.com/hashicorp/hc-install/internal/validators/validators.go delete mode 100644 vendor/github.com/hashicorp/hc-install/product/consul.go delete mode 100644 vendor/github.com/hashicorp/hc-install/product/nomad.go delete mode 100644 vendor/github.com/hashicorp/hc-install/product/packer.go delete mode 100644 vendor/github.com/hashicorp/hc-install/product/product.go delete mode 100644 vendor/github.com/hashicorp/hc-install/product/terraform.go delete mode 100644 vendor/github.com/hashicorp/hc-install/product/vault.go delete mode 100644 vendor/github.com/hashicorp/hc-install/releases/enterprise.go delete mode 100644 vendor/github.com/hashicorp/hc-install/releases/exact_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/releases/latest_version.go delete mode 100644 vendor/github.com/hashicorp/hc-install/releases/releases.go delete mode 100644 vendor/github.com/hashicorp/hc-install/releases/versions.go delete mode 100644 vendor/github.com/hashicorp/hc-install/src/src.go delete mode 100644 vendor/github.com/hashicorp/hc-install/version/VERSION delete mode 100644 vendor/github.com/hashicorp/hc-install/version/version.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/.copywrite.hcl delete mode 100644 vendor/github.com/hashicorp/hcl/v2/.go-version delete mode 100644 vendor/github.com/hashicorp/hcl/v2/.golangci.yaml delete mode 100644 vendor/github.com/hashicorp/hcl/v2/CHANGELOG.md delete mode 100644 vendor/github.com/hashicorp/hcl/v2/LICENSE delete mode 100644 vendor/github.com/hashicorp/hcl/v2/Makefile delete mode 100644 vendor/github.com/hashicorp/hcl/v2/README.md delete mode 100644 vendor/github.com/hashicorp/hcl/v2/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/diagnostic_text.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/diagnostic_typeparams.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/didyoumean.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/doc.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/eval_context.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/expr_call.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/expr_list.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/expr_map.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/expr_unwrap.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/ext/customdecode/README.md delete mode 100644 vendor/github.com/hashicorp/hcl/v2/ext/customdecode/customdecode.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/ext/customdecode/expression_type.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/diagnostics.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/didyoumean.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/doc.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/expression.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/expression_ops.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/expression_template.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/expression_vars.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/file.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/generate.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/keywords.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/navigation.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/node.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/parser.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/parser_template.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/parser_traversal.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/peeker.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/public.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/scan_string_lit.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/scan_string_lit.rl delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/scan_tokens.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/scan_tokens.rl delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/spec.md delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/structure.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/structure_at_pos.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/token.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/token_type_string.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/unicode2ragel.rb delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/unicode_derived.rl delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/variables.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/hclsyntax/walk.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/merged.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/ops.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/pos.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/pos_scanner.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/schema.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/spec.md delete mode 100644 vendor/github.com/hashicorp/hcl/v2/static_expr.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/structure.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/structure_at_pos.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/tools.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/traversal.go delete mode 100644 vendor/github.com/hashicorp/hcl/v2/traversal_for_expr.go delete mode 100644 vendor/github.com/hashicorp/logutils/.gitignore delete mode 100644 vendor/github.com/hashicorp/logutils/LICENSE delete mode 100644 vendor/github.com/hashicorp/logutils/README.md delete mode 100644 vendor/github.com/hashicorp/logutils/level.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-exec/internal/version/version.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/apply.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/cmd.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/cmd_default.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/cmd_linux.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/destroy.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/errors.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/fmt.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/force_unlock.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/get.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/graph.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/import.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/init.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/metadata_functions.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/options.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/output.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/plan.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/providers_lock.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/providers_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/query.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/refresh.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/show.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/state_mv.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/state_pull.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/state_push.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/state_rm.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/taint.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/terraform.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/test.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/untaint.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/upgrade012.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/upgrade013.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/validate.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/version.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/workspace_delete.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/workspace_list.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/workspace_new.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/workspace_select.go delete mode 100644 vendor/github.com/hashicorp/terraform-exec/tfexec/workspace_show.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/.copywrite.hcl delete mode 100644 vendor/github.com/hashicorp/terraform-json/.gitignore delete mode 100644 vendor/github.com/hashicorp/terraform-json/.go-version delete mode 100644 vendor/github.com/hashicorp/terraform-json/CODEOWNERS delete mode 100644 vendor/github.com/hashicorp/terraform-json/CONTRIBUTING.md delete mode 100644 vendor/github.com/hashicorp/terraform-json/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-json/Makefile delete mode 100644 vendor/github.com/hashicorp/terraform-json/README.md delete mode 100644 vendor/github.com/hashicorp/terraform-json/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/catalog-info.yaml delete mode 100644 vendor/github.com/hashicorp/terraform-json/checks.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/config.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/expression.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/logging.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/logging_generic.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/logging_query.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/logging_types.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/metadata.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/plan.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/schemas.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/tfjson.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/validate.go delete mode 100644 vendor/github.com/hashicorp/terraform-json/version.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/context.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/environment_variables.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/keys.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/protocol.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/protocol_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/internal/logging/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/action_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/client_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/data_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/dynamic_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/ephemeral_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/function.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/function_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/diag/diagnostics.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/diag/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/client_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/data_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/dynamic_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/ephemeral_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/function.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/list_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/raw_state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/fromproto/resource_identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/funcerr/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/funcerr/function_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tf5serverlogging/client_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tf5serverlogging/context_keys.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tf5serverlogging/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tf5serverlogging/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tf5serverlogging/downstream_request.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tf5serverlogging/server_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5/tfplugin5.pb.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5/tfplugin5.proto delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/action_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/attribute_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/data_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/dynamic_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/ephemeral_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/function.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/function_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/list_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/resource_identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/resource_identity_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/server_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/string_kind.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/toproto/timestamp.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/list_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/resource_identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/resource_identity_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/server_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/string_kind.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/plugin.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server/server.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/action_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/client_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/data_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/dynamic_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/ephemeral_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/function.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/function_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/diag/diagnostics.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/diag/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/client_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/data_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/dynamic_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/ephemeral_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/function.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/list_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/raw_state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/fromproto/resource_identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/funcerr/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/funcerr/function_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tf6serverlogging/client_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tf6serverlogging/context_keys.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tf6serverlogging/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tf6serverlogging/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tf6serverlogging/downstream_request.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tf6serverlogging/server_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6/tfplugin6.pb.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6/tfplugin6.proto delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/tfplugin6/tfplugin6_grpc.pb.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/action_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/attribute_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/data_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/dynamic_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/ephemeral_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/function.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/function_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/list_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/resource_identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/resource_identity_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/server_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/string_kind.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/internal/toproto/timestamp.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/list_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/resource_identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/resource_identity_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/server_capabilities.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/string_kind.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server/plugin.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tfprotov6/tf6server/server.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/attribute_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/attribute_path_error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/diff.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/list.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/map.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/object.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/primitive.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/set.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/tuple.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/type.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/unknown_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/value_equal.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/value_json.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/value_msgpack.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/value_walk.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-go/tftypes/walk.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/fieldutils/field_maps.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/hclogutils/args.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/hclogutils/logger_options.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/logging/filtering.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/logging/log.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/logging/options.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/logging/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/logging/sdk.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/internal/logging/sink.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tflog/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tflog/options.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tflog/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tflog/subsystem.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tfsdklog/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tfsdklog/levels.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tfsdklog/options.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tfsdklog/sdk.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tfsdklog/sink.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-log/tfsdklog/subsystem.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/diag/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/diag/helpers.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff/compose.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff/computed.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff/condition.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff/force_new.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff/validate.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging/logging.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging/logging_http_transport.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/logging/transport.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry/error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/retry/wait.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/README.md delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/context.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/core_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/data_source_resource_shim.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/deferred.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/equal.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_reader.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_reader_config.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_reader_diff.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_reader_map.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_reader_multi.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_writer.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/field_writer_map.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/getsource_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/grpc_provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/identity_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/json.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource_data.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource_data_get_source.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource_diff.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource_identity.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource_importer.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/resource_timeout.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/serialize.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/set.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/shims.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/testing.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/unknown.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/valuetype.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/valuetype_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema/write_only.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure/expand_json.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure/flatten_json.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure/normalize_json.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/structure/suppress_json_diff.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/float.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/int.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/list.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/map.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/meta.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/network.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/strings.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/testing.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/time.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/uuid.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/web.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation/write_only.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/addrs/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/addrs/instance_key.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/addrs/module.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/addrs/module_instance.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/configschema/coerce_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/configschema/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/configschema/empty_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/configschema/implied_type.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/configschema/nestingmode_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/configschema/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/hcl2shim/flatmap.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/hcl2shim/paths.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/hcl2shim/values.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/configs/hcl2shim/values_equiv.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/helper/hashcode/hashcode.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/logging/context.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/logging/environment_variables.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/logging/helper_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/logging/helper_schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/logging/keys.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/plans/objchange/normalize_obj.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert/diagnostics.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/plugin/convert/value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/config_traversals.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/contextual.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/diagnostic_base.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/diagnostics.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/severity_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/internal/tfdiags/simple_warning.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/meta/meta.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/plugin/debug.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/plugin/serve.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/diff.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/instancetype.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/instancetype_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/resource_address.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/resource_mode.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/resource_mode_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/resource_provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/schemas.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/state_filter.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-sdk/v2/terraform/util.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/compare/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/compare/value_comparer.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/compare/values_differ.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/compare/values_same.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/config/config.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/config/constraints.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/config/directory.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/config/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/config/file.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/config/variable.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/acctest/random.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/additional_cli_options.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/environment_variables.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/id.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/json.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/plan_checks.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/plugin.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/query/query_checks.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/state_checks.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/state_shim.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testcase_providers.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testcase_validate.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_config.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_new.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_new_config.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_new_import_state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_new_query.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_new_refresh_state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/testing_sets.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/teststep_providers.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/teststep_validate.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/tfversion_checks.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/helper/resource/wait.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/addrs/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/addrs/instance_key.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/addrs/module.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/addrs/module_instance.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/configschema/coerce_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/configschema/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/configschema/empty_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/configschema/implied_type.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/configschema/nestingmode_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/configschema/schema.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/hcl2shim/flatmap.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/hcl2shim/paths.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/hcl2shim/values.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/configs/hcl2shim/values_equiv.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/logging/context.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/logging/environment_variables.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/logging/helper_resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/logging/keys.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/config.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/environment_variables.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/guard.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/helper.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/util.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/plugintest/working_dir.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/teststep/config.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/teststep/directory.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/teststep/file.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/teststep/string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/config_traversals.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/contextual.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/diagnostic.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/diagnostic_base.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/diagnostics.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/error.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/severity_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/internal/tfdiags/simple_warning.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/bool.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/bool_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/check.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/float32.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/float32_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/float64.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/float64_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/int32.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/int32_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/int64.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/int64_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/list.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/list_partial.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/list_size.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/map.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/map_partial.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/map_size.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/not_null.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/null.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/number.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/number_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/object.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/object_partial.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/set.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/set_partial.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/set_size.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/string_func.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/string_regexp.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/tuple.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/tuple_partial.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/knownvalue/tuple_size.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/deferred_reason.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_deferred_change.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_empty_plan.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_known_output_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_known_output_value_at_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_known_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_no_deferred_changes.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_non_empty_plan.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_null_output_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_null_output_value_at_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_resource_action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_sensitive_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_output_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_output_value_at_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/expect_unknown_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/plan_check.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/plancheck/resource_action.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/expect_identity.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/expect_no_identity.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/expect_resource_display_name.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/expect_resource_known_values.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/expect_result_length_atleast.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/expect_result_length_exact.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/known_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/query_check.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/queryfilter/filter.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/queryfilter/filter_by_display_name.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/querycheck/queryfilter/filter_by_resource_identity.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/compare_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/compare_value_collection.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/compare_value_pairs.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_identity.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_identity_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_identity_value_matches_state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_identity_value_matches_state_at_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_known_output_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_known_output_value_at_path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_known_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/expect_sensitive_value.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/statecheck/state_check.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/diff.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/instancetype.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/instancetype_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/resource.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/resource_address.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/resource_mode.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/resource_mode_string.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/resource_provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/schemas.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/state.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/state_filter.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/unknown_value_walk.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/terraform/util.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/path.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfjsonpath/step.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/all.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/any.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/doc.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/require_above.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/require_below.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/require_between.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/require_not.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/skip_above.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/skip_below.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/skip_between.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/skip_if.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/skip_if_not_alpha.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/skip_if_not_prerelease.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/version_check.go delete mode 100644 vendor/github.com/hashicorp/terraform-plugin-testing/tfversion/versions.go delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/.copywrite.hcl delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/.go-version delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/CONTRIBUTING.md delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/README.md delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/component.go delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/component_package.go delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/errors.go delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/module.go delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/module_package.go delete mode 100644 vendor/github.com/hashicorp/terraform-registry-address/provider.go delete mode 100644 vendor/github.com/hashicorp/terraform-svchost/CHANGELOG.md delete mode 100644 vendor/github.com/hashicorp/terraform-svchost/CONTRIBUTING.md delete mode 100644 vendor/github.com/hashicorp/terraform-svchost/LICENSE delete mode 100644 vendor/github.com/hashicorp/terraform-svchost/README.md delete mode 100644 vendor/github.com/hashicorp/terraform-svchost/label_iter.go delete mode 100644 vendor/github.com/hashicorp/terraform-svchost/svchost.go delete mode 100644 vendor/github.com/hashicorp/yamux/.gitignore delete mode 100644 vendor/github.com/hashicorp/yamux/LICENSE delete mode 100644 vendor/github.com/hashicorp/yamux/README.md delete mode 100644 vendor/github.com/hashicorp/yamux/addr.go delete mode 100644 vendor/github.com/hashicorp/yamux/const.go delete mode 100644 vendor/github.com/hashicorp/yamux/mux.go delete mode 100644 vendor/github.com/hashicorp/yamux/session.go delete mode 100644 vendor/github.com/hashicorp/yamux/spec.md delete mode 100644 vendor/github.com/hashicorp/yamux/stream.go delete mode 100644 vendor/github.com/hashicorp/yamux/util.go delete mode 100644 vendor/github.com/mattn/go-colorable/LICENSE delete mode 100644 vendor/github.com/mattn/go-colorable/README.md delete mode 100644 vendor/github.com/mattn/go-colorable/colorable_others.go delete mode 100644 vendor/github.com/mattn/go-colorable/colorable_windows.go delete mode 100644 vendor/github.com/mattn/go-colorable/go.test.sh delete mode 100644 vendor/github.com/mattn/go-colorable/noncolorable.go delete mode 100644 vendor/github.com/mattn/go-isatty/LICENSE delete mode 100644 vendor/github.com/mattn/go-isatty/README.md delete mode 100644 vendor/github.com/mattn/go-isatty/doc.go delete mode 100644 vendor/github.com/mattn/go-isatty/go.test.sh delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_bsd.go delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_others.go delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_plan9.go delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_solaris.go delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_tcgets.go delete mode 100644 vendor/github.com/mattn/go-isatty/isatty_windows.go delete mode 100644 vendor/github.com/mitchellh/copystructure/LICENSE delete mode 100644 vendor/github.com/mitchellh/copystructure/README.md delete mode 100644 vendor/github.com/mitchellh/copystructure/copier_time.go delete mode 100644 vendor/github.com/mitchellh/copystructure/copystructure.go delete mode 100644 vendor/github.com/mitchellh/go-testing-interface/.travis.yml delete mode 100644 vendor/github.com/mitchellh/go-testing-interface/LICENSE delete mode 100644 vendor/github.com/mitchellh/go-testing-interface/README.md delete mode 100644 vendor/github.com/mitchellh/go-testing-interface/testing.go delete mode 100644 vendor/github.com/mitchellh/go-wordwrap/LICENSE.md delete mode 100644 vendor/github.com/mitchellh/go-wordwrap/README.md delete mode 100644 vendor/github.com/mitchellh/go-wordwrap/wordwrap.go delete mode 100644 vendor/github.com/mitchellh/mapstructure/CHANGELOG.md delete mode 100644 vendor/github.com/mitchellh/mapstructure/LICENSE delete mode 100644 vendor/github.com/mitchellh/mapstructure/README.md delete mode 100644 vendor/github.com/mitchellh/mapstructure/decode_hooks.go delete mode 100644 vendor/github.com/mitchellh/mapstructure/error.go delete mode 100644 vendor/github.com/mitchellh/mapstructure/mapstructure.go delete mode 100644 vendor/github.com/mitchellh/reflectwalk/.travis.yml delete mode 100644 vendor/github.com/mitchellh/reflectwalk/LICENSE delete mode 100644 vendor/github.com/mitchellh/reflectwalk/README.md delete mode 100644 vendor/github.com/mitchellh/reflectwalk/location.go delete mode 100644 vendor/github.com/mitchellh/reflectwalk/location_string.go delete mode 100644 vendor/github.com/mitchellh/reflectwalk/reflectwalk.go delete mode 100644 vendor/github.com/oklog/run/.gitignore delete mode 100644 vendor/github.com/oklog/run/LICENSE delete mode 100644 vendor/github.com/oklog/run/README.md delete mode 100644 vendor/github.com/oklog/run/actors.go delete mode 100644 vendor/github.com/oklog/run/group.go delete mode 100644 vendor/github.com/shurcooL/githubv4/.travis.yml delete mode 100644 vendor/github.com/shurcooL/githubv4/LICENSE delete mode 100644 vendor/github.com/shurcooL/githubv4/README.md delete mode 100644 vendor/github.com/shurcooL/githubv4/deprecated.go delete mode 100644 vendor/github.com/shurcooL/githubv4/doc.go delete mode 100644 vendor/github.com/shurcooL/githubv4/enum.go delete mode 100644 vendor/github.com/shurcooL/githubv4/githubv4.go delete mode 100644 vendor/github.com/shurcooL/githubv4/input.go delete mode 100644 vendor/github.com/shurcooL/githubv4/scalar.go delete mode 100644 vendor/github.com/shurcooL/graphql/.travis.yml delete mode 100644 vendor/github.com/shurcooL/graphql/LICENSE delete mode 100644 vendor/github.com/shurcooL/graphql/README.md delete mode 100644 vendor/github.com/shurcooL/graphql/doc.go delete mode 100644 vendor/github.com/shurcooL/graphql/graphql.go delete mode 100644 vendor/github.com/shurcooL/graphql/ident/ident.go delete mode 100644 vendor/github.com/shurcooL/graphql/internal/jsonutil/graphql.go delete mode 100644 vendor/github.com/shurcooL/graphql/query.go delete mode 100644 vendor/github.com/shurcooL/graphql/scalar.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/.travis.yml delete mode 100644 vendor/github.com/vmihailenco/msgpack/CHANGELOG.md delete mode 100644 vendor/github.com/vmihailenco/msgpack/LICENSE delete mode 100644 vendor/github.com/vmihailenco/msgpack/Makefile delete mode 100644 vendor/github.com/vmihailenco/msgpack/README.md delete mode 100644 vendor/github.com/vmihailenco/msgpack/appengine.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/codes/codes.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode_map.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode_number.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode_query.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode_slice.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode_string.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/decode_value.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/encode.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/encode_map.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/encode_number.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/encode_slice.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/encode_value.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/ext.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/msgpack.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/tag.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/time.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/types.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/.prettierrc delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/.travis.yml delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/CHANGELOG.md delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/LICENSE delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/Makefile delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/README.md delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/commitlint.config.js delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_map.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_number.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_query.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_slice.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_string.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_typgen.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/decode_value.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/encode.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/encode_map.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/encode_number.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/encode_slice.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/encode_value.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/ext.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/intern.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/msgpack.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/msgpcode/msgpcode.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/package.json delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/safe.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/time.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/types.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/unsafe.go delete mode 100644 vendor/github.com/vmihailenco/msgpack/v5/version.go delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/.travis.yml delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/LICENSE delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/Makefile delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/README.md delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/internal/parser/parser.go delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/internal/safe.go delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/internal/unsafe.go delete mode 100644 vendor/github.com/vmihailenco/tagparser/v2/tagparser.go delete mode 100644 vendor/github.com/zclconf/go-cty/LICENSE delete mode 100644 vendor/github.com/zclconf/go-cty/cty/capsule.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/capsule_ops.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/collection.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/compare_types.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion_capsule.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion_collection.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion_dynamic.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion_object.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion_primitive.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/conversion_tuple.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/mismatch_msg.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/public.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/sort_types.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/convert/unify.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/ctymarks/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/ctymarks/wrangle.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/ctystrings/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/ctystrings/normalize.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/ctystrings/prefix.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/element_iterator.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/error.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/argument.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/error.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/function.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/bool.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/bytes.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/collection.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/conversion.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/csv.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/datetime.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/datetime_rfc3339.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/format.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/format_fsm.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/format_fsm.rl delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/general.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/json.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/number.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/regexp.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/sequence.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/set.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/string.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/stdlib/string_replace.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/function/unpredictable.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/gocty/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/gocty/helpers.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/gocty/in.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/gocty/out.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/gocty/type_implied.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/helper.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/doc.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/marshal.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/simple.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/type_implied.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/unmarshal.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/json/value.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/list_type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/map_type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/marks.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/marks_wrangle.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/null.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/object_type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/path.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/path_set.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/primitive_type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set/iterator.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set/ops.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set/rules.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set/set.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set_helper.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set_internals.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/set_type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/tuple_type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/type.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/type_conform.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/unknown.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/unknown_as_null.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/unknown_refinement.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/value.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/value_init.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/value_ops.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/value_range.go delete mode 100644 vendor/github.com/zclconf/go-cty/cty/walk.go delete mode 100644 vendor/golang.org/x/crypto/LICENSE delete mode 100644 vendor/golang.org/x/crypto/PATENTS delete mode 100644 vendor/golang.org/x/crypto/argon2/argon2.go delete mode 100644 vendor/golang.org/x/crypto/argon2/blake2b.go delete mode 100644 vendor/golang.org/x/crypto/argon2/blamka_amd64.go delete mode 100644 vendor/golang.org/x/crypto/argon2/blamka_amd64.s delete mode 100644 vendor/golang.org/x/crypto/argon2/blamka_generic.go delete mode 100644 vendor/golang.org/x/crypto/argon2/blamka_ref.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_generic.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2b_ref.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/blake2x.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/go125.go delete mode 100644 vendor/golang.org/x/crypto/blake2b/register.go delete mode 100644 vendor/golang.org/x/crypto/blowfish/block.go delete mode 100644 vendor/golang.org/x/crypto/blowfish/cipher.go delete mode 100644 vendor/golang.org/x/crypto/blowfish/const.go delete mode 100644 vendor/golang.org/x/crypto/cast5/cast5.go delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_arm64.go delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_arm64.s delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_generic.go delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_noasm.go delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.go delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_ppc64x.s delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_s390x.go delete mode 100644 vendor/golang.org/x/crypto/chacha20/chacha_s390x.s delete mode 100644 vendor/golang.org/x/crypto/chacha20/xor.go delete mode 100644 vendor/golang.org/x/crypto/cryptobyte/asn1.go delete mode 100644 vendor/golang.org/x/crypto/cryptobyte/asn1/asn1.go delete mode 100644 vendor/golang.org/x/crypto/cryptobyte/builder.go delete mode 100644 vendor/golang.org/x/crypto/cryptobyte/string.go delete mode 100644 vendor/golang.org/x/crypto/curve25519/curve25519.go delete mode 100644 vendor/golang.org/x/crypto/hkdf/hkdf.go delete mode 100644 vendor/golang.org/x/crypto/internal/alias/alias.go delete mode 100644 vendor/golang.org/x/crypto/internal/alias/alias_purego.go delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/mac_noasm.go delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/poly1305.go delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_amd64.s delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_asm.go delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_generic.go delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_loong64.s delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_ppc64x.s delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.go delete mode 100644 vendor/golang.org/x/crypto/internal/poly1305/sum_s390x.s delete mode 100644 vendor/golang.org/x/crypto/nacl/box/box.go delete mode 100644 vendor/golang.org/x/crypto/nacl/secretbox/secretbox.go delete mode 100644 vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa208.go delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.go delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_amd64.s delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_noasm.go delete mode 100644 vendor/golang.org/x/crypto/salsa20/salsa/salsa20_ref.go delete mode 100644 vendor/golang.org/x/crypto/sha3/hashes.go delete mode 100644 vendor/golang.org/x/crypto/sha3/legacy_hash.go delete mode 100644 vendor/golang.org/x/crypto/sha3/legacy_keccakf.go delete mode 100644 vendor/golang.org/x/crypto/sha3/shake.go delete mode 100644 vendor/golang.org/x/crypto/ssh/buffer.go delete mode 100644 vendor/golang.org/x/crypto/ssh/certs.go delete mode 100644 vendor/golang.org/x/crypto/ssh/channel.go delete mode 100644 vendor/golang.org/x/crypto/ssh/cipher.go delete mode 100644 vendor/golang.org/x/crypto/ssh/client.go delete mode 100644 vendor/golang.org/x/crypto/ssh/client_auth.go delete mode 100644 vendor/golang.org/x/crypto/ssh/common.go delete mode 100644 vendor/golang.org/x/crypto/ssh/connection.go delete mode 100644 vendor/golang.org/x/crypto/ssh/doc.go delete mode 100644 vendor/golang.org/x/crypto/ssh/handshake.go delete mode 100644 vendor/golang.org/x/crypto/ssh/internal/bcrypt_pbkdf/bcrypt_pbkdf.go delete mode 100644 vendor/golang.org/x/crypto/ssh/kex.go delete mode 100644 vendor/golang.org/x/crypto/ssh/keys.go delete mode 100644 vendor/golang.org/x/crypto/ssh/mac.go delete mode 100644 vendor/golang.org/x/crypto/ssh/messages.go delete mode 100644 vendor/golang.org/x/crypto/ssh/mlkem.go delete mode 100644 vendor/golang.org/x/crypto/ssh/mux.go delete mode 100644 vendor/golang.org/x/crypto/ssh/server.go delete mode 100644 vendor/golang.org/x/crypto/ssh/session.go delete mode 100644 vendor/golang.org/x/crypto/ssh/ssh_gss.go delete mode 100644 vendor/golang.org/x/crypto/ssh/streamlocal.go delete mode 100644 vendor/golang.org/x/crypto/ssh/tcpip.go delete mode 100644 vendor/golang.org/x/crypto/ssh/transport.go delete mode 100644 vendor/golang.org/x/mod/LICENSE delete mode 100644 vendor/golang.org/x/mod/PATENTS delete mode 100644 vendor/golang.org/x/mod/internal/lazyregexp/lazyre.go delete mode 100644 vendor/golang.org/x/mod/modfile/print.go delete mode 100644 vendor/golang.org/x/mod/modfile/read.go delete mode 100644 vendor/golang.org/x/mod/modfile/rule.go delete mode 100644 vendor/golang.org/x/mod/modfile/work.go delete mode 100644 vendor/golang.org/x/mod/module/module.go delete mode 100644 vendor/golang.org/x/mod/module/pseudo.go delete mode 100644 vendor/golang.org/x/mod/semver/semver.go delete mode 100644 vendor/golang.org/x/net/LICENSE delete mode 100644 vendor/golang.org/x/net/PATENTS delete mode 100644 vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go delete mode 100644 vendor/golang.org/x/net/http/httpguts/guts.go delete mode 100644 vendor/golang.org/x/net/http/httpguts/httplex.go delete mode 100644 vendor/golang.org/x/net/http2/.gitignore delete mode 100644 vendor/golang.org/x/net/http2/ascii.go delete mode 100644 vendor/golang.org/x/net/http2/ciphers.go delete mode 100644 vendor/golang.org/x/net/http2/client_conn_pool.go delete mode 100644 vendor/golang.org/x/net/http2/config.go delete mode 100644 vendor/golang.org/x/net/http2/config_go125.go delete mode 100644 vendor/golang.org/x/net/http2/config_go126.go delete mode 100644 vendor/golang.org/x/net/http2/databuffer.go delete mode 100644 vendor/golang.org/x/net/http2/errors.go delete mode 100644 vendor/golang.org/x/net/http2/flow.go delete mode 100644 vendor/golang.org/x/net/http2/frame.go delete mode 100644 vendor/golang.org/x/net/http2/gotrack.go delete mode 100644 vendor/golang.org/x/net/http2/hpack/encode.go delete mode 100644 vendor/golang.org/x/net/http2/hpack/hpack.go delete mode 100644 vendor/golang.org/x/net/http2/hpack/huffman.go delete mode 100644 vendor/golang.org/x/net/http2/hpack/static_table.go delete mode 100644 vendor/golang.org/x/net/http2/hpack/tables.go delete mode 100644 vendor/golang.org/x/net/http2/http2.go delete mode 100644 vendor/golang.org/x/net/http2/pipe.go delete mode 100644 vendor/golang.org/x/net/http2/server.go delete mode 100644 vendor/golang.org/x/net/http2/transport.go delete mode 100644 vendor/golang.org/x/net/http2/unencrypted.go delete mode 100644 vendor/golang.org/x/net/http2/write.go delete mode 100644 vendor/golang.org/x/net/http2/writesched.go delete mode 100644 vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go delete mode 100644 vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go delete mode 100644 vendor/golang.org/x/net/http2/writesched_random.go delete mode 100644 vendor/golang.org/x/net/http2/writesched_roundrobin.go delete mode 100644 vendor/golang.org/x/net/idna/go118.go delete mode 100644 vendor/golang.org/x/net/idna/idna10.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/idna9.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/pre_go118.go delete mode 100644 vendor/golang.org/x/net/idna/punycode.go delete mode 100644 vendor/golang.org/x/net/idna/tables10.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables11.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables12.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables13.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables15.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/tables9.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/trie.go delete mode 100644 vendor/golang.org/x/net/idna/trie12.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/trie13.0.0.go delete mode 100644 vendor/golang.org/x/net/idna/trieval.go delete mode 100644 vendor/golang.org/x/net/internal/httpcommon/ascii.go delete mode 100644 vendor/golang.org/x/net/internal/httpcommon/headermap.go delete mode 100644 vendor/golang.org/x/net/internal/httpcommon/request.go delete mode 100644 vendor/golang.org/x/net/internal/timeseries/timeseries.go delete mode 100644 vendor/golang.org/x/net/trace/events.go delete mode 100644 vendor/golang.org/x/net/trace/histogram.go delete mode 100644 vendor/golang.org/x/net/trace/trace.go delete mode 100644 vendor/golang.org/x/oauth2/.travis.yml delete mode 100644 vendor/golang.org/x/oauth2/CONTRIBUTING.md delete mode 100644 vendor/golang.org/x/oauth2/LICENSE delete mode 100644 vendor/golang.org/x/oauth2/README.md delete mode 100644 vendor/golang.org/x/oauth2/deviceauth.go delete mode 100644 vendor/golang.org/x/oauth2/internal/doc.go delete mode 100644 vendor/golang.org/x/oauth2/internal/oauth2.go delete mode 100644 vendor/golang.org/x/oauth2/internal/token.go delete mode 100644 vendor/golang.org/x/oauth2/internal/transport.go delete mode 100644 vendor/golang.org/x/oauth2/oauth2.go delete mode 100644 vendor/golang.org/x/oauth2/pkce.go delete mode 100644 vendor/golang.org/x/oauth2/token.go delete mode 100644 vendor/golang.org/x/oauth2/transport.go delete mode 100644 vendor/golang.org/x/sync/LICENSE delete mode 100644 vendor/golang.org/x/sync/PATENTS delete mode 100644 vendor/golang.org/x/sync/errgroup/errgroup.go delete mode 100644 vendor/golang.org/x/sys/LICENSE delete mode 100644 vendor/golang.org/x/sys/PATENTS delete mode 100644 vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s delete mode 100644 vendor/golang.org/x/sys/cpu/asm_darwin_x86_gc.s delete mode 100644 vendor/golang.org/x/sys/cpu/byteorder.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_aix.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_arm64.s delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_darwin_x86.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_x86.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gc_x86.s delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_arm.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_loong64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_loong64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_loong64.s delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_mips64x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_mipsx.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_other_arm.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_other_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_other_x86.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_ppc64x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_riscv64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_s390x.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_s390x.s delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_wasm.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_x86.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_zos.go delete mode 100644 vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go delete mode 100644 vendor/golang.org/x/sys/cpu/endian_big.go delete mode 100644 vendor/golang.org/x/sys/cpu/endian_little.go delete mode 100644 vendor/golang.org/x/sys/cpu/hwcap_linux.go delete mode 100644 vendor/golang.org/x/sys/cpu/parse.go delete mode 100644 vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go delete mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv.go delete mode 100644 vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go delete mode 100644 vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go delete mode 100644 vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go delete mode 100644 vendor/golang.org/x/sys/cpu/syscall_darwin_x86_gc.go delete mode 100644 vendor/golang.org/x/sys/unix/.gitignore delete mode 100644 vendor/golang.org/x/sys/unix/README.md delete mode 100644 vendor/golang.org/x/sys/unix/affinity_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/aliases.go delete mode 100644 vendor/golang.org/x/sys/unix/asm_aix_ppc64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_386.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_amd64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_arm.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_arm64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_386.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_amd64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_arm.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_arm64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_loong64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_mips64x.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_mipsx.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_riscv64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_linux_s390x.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_solaris_amd64.s delete mode 100644 vendor/golang.org/x/sys/unix/asm_zos_s390x.s delete mode 100644 vendor/golang.org/x/sys/unix/auxv.go delete mode 100644 vendor/golang.org/x/sys/unix/auxv_unsupported.go delete mode 100644 vendor/golang.org/x/sys/unix/bluetooth_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/bpxsvc_zos.go delete mode 100644 vendor/golang.org/x/sys/unix/bpxsvc_zos.s delete mode 100644 vendor/golang.org/x/sys/unix/cap_freebsd.go delete mode 100644 vendor/golang.org/x/sys/unix/constants.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_aix_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_aix_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_darwin.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_dragonfly.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_freebsd.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_netbsd.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_openbsd.go delete mode 100644 vendor/golang.org/x/sys/unix/dev_zos.go delete mode 100644 vendor/golang.org/x/sys/unix/dirent.go delete mode 100644 vendor/golang.org/x/sys/unix/endian_big.go delete mode 100644 vendor/golang.org/x/sys/unix/endian_little.go delete mode 100644 vendor/golang.org/x/sys/unix/env_unix.go delete mode 100644 vendor/golang.org/x/sys/unix/fcntl.go delete mode 100644 vendor/golang.org/x/sys/unix/fcntl_darwin.go delete mode 100644 vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go delete mode 100644 vendor/golang.org/x/sys/unix/fdset.go delete mode 100644 vendor/golang.org/x/sys/unix/gccgo.go delete mode 100644 vendor/golang.org/x/sys/unix/gccgo_c.c delete mode 100644 vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ifreq_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/ioctl_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/ioctl_signed.go delete mode 100644 vendor/golang.org/x/sys/unix/ioctl_unsigned.go delete mode 100644 vendor/golang.org/x/sys/unix/ioctl_zos.go delete mode 100644 vendor/golang.org/x/sys/unix/mkall.sh delete mode 100644 vendor/golang.org/x/sys/unix/mkerrors.sh delete mode 100644 vendor/golang.org/x/sys/unix/mmap_nomremap.go delete mode 100644 vendor/golang.org/x/sys/unix/mremap.go delete mode 100644 vendor/golang.org/x/sys/unix/pagesize_unix.go delete mode 100644 vendor/golang.org/x/sys/unix/pledge_openbsd.go delete mode 100644 vendor/golang.org/x/sys/unix/ptrace_darwin.go delete mode 100644 vendor/golang.org/x/sys/unix/ptrace_ios.go delete mode 100644 vendor/golang.org/x/sys/unix/race.go delete mode 100644 vendor/golang.org/x/sys/unix/race0.go delete mode 100644 vendor/golang.org/x/sys/unix/readdirent_getdents.go delete mode 100644 vendor/golang.org/x/sys/unix/readdirent_getdirentries.go delete mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go delete mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_unix.go delete mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go delete mode 100644 vendor/golang.org/x/sys/unix/sockcmsg_zos.go delete mode 100644 vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s delete mode 100644 vendor/golang.org/x/sys/unix/syscall.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_aix.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_aix_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_bsd.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_darwin.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_dragonfly.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_hurd.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_hurd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_illumos.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_alarm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_gc.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_loong64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_netbsd.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_netbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_solaris.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_unix.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_unix_gc.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go delete mode 100644 vendor/golang.org/x/sys/unix/syscall_zos_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/sysvshm_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/sysvshm_unix.go delete mode 100644 vendor/golang.org/x/sys/unix/sysvshm_unix_other.go delete mode 100644 vendor/golang.org/x/sys/unix/timestruct.go delete mode 100644 vendor/golang.org/x/sys/unix/unveil_openbsd.go delete mode 100644 vendor/golang.org/x/sys/unix/vgetrandom_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go delete mode 100644 vendor/golang.org/x/sys/unix/xattr_bsd.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_mips.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/zptrace_x86_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_386.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_mips.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go delete mode 100644 vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go delete mode 100644 vendor/golang.org/x/sys/windows/aliases.go delete mode 100644 vendor/golang.org/x/sys/windows/dll_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/env_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/eventlog.go delete mode 100644 vendor/golang.org/x/sys/windows/exec_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/memory_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/mkerrors.bash delete mode 100644 vendor/golang.org/x/sys/windows/mkknownfolderids.bash delete mode 100644 vendor/golang.org/x/sys/windows/mksyscall.go delete mode 100644 vendor/golang.org/x/sys/windows/race.go delete mode 100644 vendor/golang.org/x/sys/windows/race0.go delete mode 100644 vendor/golang.org/x/sys/windows/security_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/service.go delete mode 100644 vendor/golang.org/x/sys/windows/setupapi_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/str.go delete mode 100644 vendor/golang.org/x/sys/windows/syscall.go delete mode 100644 vendor/golang.org/x/sys/windows/syscall_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/types_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/types_windows_386.go delete mode 100644 vendor/golang.org/x/sys/windows/types_windows_amd64.go delete mode 100644 vendor/golang.org/x/sys/windows/types_windows_arm.go delete mode 100644 vendor/golang.org/x/sys/windows/types_windows_arm64.go delete mode 100644 vendor/golang.org/x/sys/windows/zerrors_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/zknownfolderids_windows.go delete mode 100644 vendor/golang.org/x/sys/windows/zsyscall_windows.go delete mode 100644 vendor/golang.org/x/text/LICENSE delete mode 100644 vendor/golang.org/x/text/PATENTS delete mode 100644 vendor/golang.org/x/text/secure/bidirule/bidirule.go delete mode 100644 vendor/golang.org/x/text/transform/transform.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/bidi.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/bracket.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/core.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/prop.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/tables17.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/bidi/trieval.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/composition.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/forminfo.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/input.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/iter.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/normalize.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/readwriter.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables15.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/tables17.0.0.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/transform.go delete mode 100644 vendor/golang.org/x/text/unicode/norm/trie.go delete mode 100644 vendor/golang.org/x/tools/LICENSE delete mode 100644 vendor/golang.org/x/tools/PATENTS delete mode 100644 vendor/golang.org/x/tools/cmd/stringer/stringer.go delete mode 100644 vendor/golang.org/x/tools/go/ast/edge/edge.go delete mode 100644 vendor/golang.org/x/tools/go/ast/inspector/cursor.go delete mode 100644 vendor/golang.org/x/tools/go/ast/inspector/inspector.go delete mode 100644 vendor/golang.org/x/tools/go/ast/inspector/iter.go delete mode 100644 vendor/golang.org/x/tools/go/ast/inspector/typeof.go delete mode 100644 vendor/golang.org/x/tools/go/ast/inspector/walk.go delete mode 100644 vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go delete mode 100644 vendor/golang.org/x/tools/go/gcexportdata/importer.go delete mode 100644 vendor/golang.org/x/tools/go/packages/doc.go delete mode 100644 vendor/golang.org/x/tools/go/packages/external.go delete mode 100644 vendor/golang.org/x/tools/go/packages/golist.go delete mode 100644 vendor/golang.org/x/tools/go/packages/golist_overlay.go delete mode 100644 vendor/golang.org/x/tools/go/packages/loadmode_string.go delete mode 100644 vendor/golang.org/x/tools/go/packages/packages.go delete mode 100644 vendor/golang.org/x/tools/go/packages/visit.go delete mode 100644 vendor/golang.org/x/tools/go/types/objectpath/objectpath.go delete mode 100644 vendor/golang.org/x/tools/go/types/typeutil/callee.go delete mode 100644 vendor/golang.org/x/tools/go/types/typeutil/imports.go delete mode 100644 vendor/golang.org/x/tools/go/types/typeutil/map.go delete mode 100644 vendor/golang.org/x/tools/go/types/typeutil/methodsetcache.go delete mode 100644 vendor/golang.org/x/tools/go/types/typeutil/ui.go delete mode 100644 vendor/golang.org/x/tools/internal/aliases/aliases.go delete mode 100644 vendor/golang.org/x/tools/internal/aliases/aliases_go122.go delete mode 100644 vendor/golang.org/x/tools/internal/event/core/event.go delete mode 100644 vendor/golang.org/x/tools/internal/event/core/export.go delete mode 100644 vendor/golang.org/x/tools/internal/event/core/fast.go delete mode 100644 vendor/golang.org/x/tools/internal/event/doc.go delete mode 100644 vendor/golang.org/x/tools/internal/event/event.go delete mode 100644 vendor/golang.org/x/tools/internal/event/keys/keys.go delete mode 100644 vendor/golang.org/x/tools/internal/event/keys/standard.go delete mode 100644 vendor/golang.org/x/tools/internal/event/keys/util.go delete mode 100644 vendor/golang.org/x/tools/internal/event/label/label.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/bimport.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/exportdata.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/iexport.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/iimport.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/predeclared.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/support.go delete mode 100644 vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go delete mode 100644 vendor/golang.org/x/tools/internal/gocommand/invoke.go delete mode 100644 vendor/golang.org/x/tools/internal/gocommand/invoke_notunix.go delete mode 100644 vendor/golang.org/x/tools/internal/gocommand/invoke_unix.go delete mode 100644 vendor/golang.org/x/tools/internal/gocommand/vendor.go delete mode 100644 vendor/golang.org/x/tools/internal/gocommand/version.go delete mode 100644 vendor/golang.org/x/tools/internal/packagesinternal/packages.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/codes.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/decoder.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/doc.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/encoder.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/flags.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/reloc.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/support.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/sync.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go delete mode 100644 vendor/golang.org/x/tools/internal/pkgbits/version.go delete mode 100644 vendor/golang.org/x/tools/internal/stdlib/deps.go delete mode 100644 vendor/golang.org/x/tools/internal/stdlib/import.go delete mode 100644 vendor/golang.org/x/tools/internal/stdlib/manifest.go delete mode 100644 vendor/golang.org/x/tools/internal/stdlib/stdlib.go delete mode 100644 vendor/golang.org/x/tools/internal/typeparams/common.go delete mode 100644 vendor/golang.org/x/tools/internal/typeparams/coretype.go delete mode 100644 vendor/golang.org/x/tools/internal/typeparams/free.go delete mode 100644 vendor/golang.org/x/tools/internal/typeparams/normalize.go delete mode 100644 vendor/golang.org/x/tools/internal/typeparams/termlist.go delete mode 100644 vendor/golang.org/x/tools/internal/typeparams/typeterm.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/classify_call.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/element.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/errorcode.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/fx.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/isnamed.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/qualifier.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/recv.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/toonew.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/types.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/varkind.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.go delete mode 100644 vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go delete mode 100644 vendor/golang.org/x/tools/internal/versions/features.go delete mode 100644 vendor/golang.org/x/tools/internal/versions/gover.go delete mode 100644 vendor/golang.org/x/tools/internal/versions/types.go delete mode 100644 vendor/golang.org/x/tools/internal/versions/versions.go delete mode 100644 vendor/google.golang.org/appengine/CONTRIBUTING.md delete mode 100644 vendor/google.golang.org/appengine/LICENSE delete mode 100644 vendor/google.golang.org/appengine/README.md delete mode 100644 vendor/google.golang.org/appengine/appengine.go delete mode 100644 vendor/google.golang.org/appengine/appengine_vm.go delete mode 100644 vendor/google.golang.org/appengine/datastore/datastore.go delete mode 100644 vendor/google.golang.org/appengine/datastore/doc.go delete mode 100644 vendor/google.golang.org/appengine/datastore/internal/cloudkey/cloudkey.go delete mode 100644 vendor/google.golang.org/appengine/datastore/internal/cloudpb/entity.pb.go delete mode 100644 vendor/google.golang.org/appengine/datastore/key.go delete mode 100644 vendor/google.golang.org/appengine/datastore/keycompat.go delete mode 100644 vendor/google.golang.org/appengine/datastore/load.go delete mode 100644 vendor/google.golang.org/appengine/datastore/metadata.go delete mode 100644 vendor/google.golang.org/appengine/datastore/prop.go delete mode 100644 vendor/google.golang.org/appengine/datastore/query.go delete mode 100644 vendor/google.golang.org/appengine/datastore/save.go delete mode 100644 vendor/google.golang.org/appengine/datastore/transaction.go delete mode 100644 vendor/google.golang.org/appengine/errors.go delete mode 100644 vendor/google.golang.org/appengine/identity.go delete mode 100644 vendor/google.golang.org/appengine/internal/api.go delete mode 100644 vendor/google.golang.org/appengine/internal/api_classic.go delete mode 100644 vendor/google.golang.org/appengine/internal/api_common.go delete mode 100644 vendor/google.golang.org/appengine/internal/app_id.go delete mode 100644 vendor/google.golang.org/appengine/internal/app_identity/app_identity_service.pb.go delete mode 100644 vendor/google.golang.org/appengine/internal/app_identity/app_identity_service.proto delete mode 100644 vendor/google.golang.org/appengine/internal/base/api_base.pb.go delete mode 100644 vendor/google.golang.org/appengine/internal/base/api_base.proto delete mode 100644 vendor/google.golang.org/appengine/internal/datastore/datastore_v3.pb.go delete mode 100644 vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto delete mode 100644 vendor/google.golang.org/appengine/internal/identity.go delete mode 100644 vendor/google.golang.org/appengine/internal/identity_classic.go delete mode 100644 vendor/google.golang.org/appengine/internal/identity_flex.go delete mode 100644 vendor/google.golang.org/appengine/internal/identity_vm.go delete mode 100644 vendor/google.golang.org/appengine/internal/internal.go delete mode 100644 vendor/google.golang.org/appengine/internal/log/log_service.pb.go delete mode 100644 vendor/google.golang.org/appengine/internal/log/log_service.proto delete mode 100644 vendor/google.golang.org/appengine/internal/main.go delete mode 100644 vendor/google.golang.org/appengine/internal/main_common.go delete mode 100644 vendor/google.golang.org/appengine/internal/main_vm.go delete mode 100644 vendor/google.golang.org/appengine/internal/metadata.go delete mode 100644 vendor/google.golang.org/appengine/internal/modules/modules_service.pb.go delete mode 100644 vendor/google.golang.org/appengine/internal/modules/modules_service.proto delete mode 100644 vendor/google.golang.org/appengine/internal/net.go delete mode 100644 vendor/google.golang.org/appengine/internal/regen.sh delete mode 100644 vendor/google.golang.org/appengine/internal/remote_api/remote_api.pb.go delete mode 100644 vendor/google.golang.org/appengine/internal/remote_api/remote_api.proto delete mode 100644 vendor/google.golang.org/appengine/internal/transaction.go delete mode 100644 vendor/google.golang.org/appengine/namespace.go delete mode 100644 vendor/google.golang.org/appengine/timeout.go delete mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/LICENSE delete mode 100644 vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go delete mode 100644 vendor/google.golang.org/grpc/AUTHORS delete mode 100644 vendor/google.golang.org/grpc/CODE-OF-CONDUCT.md delete mode 100644 vendor/google.golang.org/grpc/CONTRIBUTING.md delete mode 100644 vendor/google.golang.org/grpc/GOVERNANCE.md delete mode 100644 vendor/google.golang.org/grpc/LICENSE delete mode 100644 vendor/google.golang.org/grpc/MAINTAINERS.md delete mode 100644 vendor/google.golang.org/grpc/Makefile delete mode 100644 vendor/google.golang.org/grpc/NOTICE.txt delete mode 100644 vendor/google.golang.org/grpc/README.md delete mode 100644 vendor/google.golang.org/grpc/SECURITY.md delete mode 100644 vendor/google.golang.org/grpc/attributes/attributes.go delete mode 100644 vendor/google.golang.org/grpc/backoff.go delete mode 100644 vendor/google.golang.org/grpc/backoff/backoff.go delete mode 100644 vendor/google.golang.org/grpc/balancer/balancer.go delete mode 100644 vendor/google.golang.org/grpc/balancer/base/balancer.go delete mode 100644 vendor/google.golang.org/grpc/balancer/base/base.go delete mode 100644 vendor/google.golang.org/grpc/balancer/conn_state_evaluator.go delete mode 100644 vendor/google.golang.org/grpc/balancer/endpointsharding/endpointsharding.go delete mode 100644 vendor/google.golang.org/grpc/balancer/grpclb/state/state.go delete mode 100644 vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go delete mode 100644 vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go delete mode 100644 vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go delete mode 100644 vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go delete mode 100644 vendor/google.golang.org/grpc/balancer/subconn.go delete mode 100644 vendor/google.golang.org/grpc/balancer_wrapper.go delete mode 100644 vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go delete mode 100644 vendor/google.golang.org/grpc/call.go delete mode 100644 vendor/google.golang.org/grpc/channelz/channelz.go delete mode 100644 vendor/google.golang.org/grpc/clientconn.go delete mode 100644 vendor/google.golang.org/grpc/codec.go delete mode 100644 vendor/google.golang.org/grpc/codes/code_string.go delete mode 100644 vendor/google.golang.org/grpc/codes/codes.go delete mode 100644 vendor/google.golang.org/grpc/connectivity/connectivity.go delete mode 100644 vendor/google.golang.org/grpc/credentials/credentials.go delete mode 100644 vendor/google.golang.org/grpc/credentials/insecure/insecure.go delete mode 100644 vendor/google.golang.org/grpc/credentials/tls.go delete mode 100644 vendor/google.golang.org/grpc/dialoptions.go delete mode 100644 vendor/google.golang.org/grpc/doc.go delete mode 100644 vendor/google.golang.org/grpc/encoding/encoding.go delete mode 100644 vendor/google.golang.org/grpc/encoding/encoding_v2.go delete mode 100644 vendor/google.golang.org/grpc/encoding/proto/proto.go delete mode 100644 vendor/google.golang.org/grpc/experimental/stats/metricregistry.go delete mode 100644 vendor/google.golang.org/grpc/experimental/stats/metrics.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/component.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/grpclog.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/internal/grpclog.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/internal/logger.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/internal/loggerv2.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/logger.go delete mode 100644 vendor/google.golang.org/grpc/grpclog/loggerv2.go delete mode 100644 vendor/google.golang.org/grpc/health/client.go delete mode 100644 vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go delete mode 100644 vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go delete mode 100644 vendor/google.golang.org/grpc/health/logging.go delete mode 100644 vendor/google.golang.org/grpc/health/producer.go delete mode 100644 vendor/google.golang.org/grpc/health/server.go delete mode 100644 vendor/google.golang.org/grpc/interceptor.go delete mode 100644 vendor/google.golang.org/grpc/internal/backoff/backoff.go delete mode 100644 vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/config.go delete mode 100644 vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go delete mode 100644 vendor/google.golang.org/grpc/internal/balancerload/load.go delete mode 100644 vendor/google.golang.org/grpc/internal/binarylog/binarylog.go delete mode 100644 vendor/google.golang.org/grpc/internal/binarylog/binarylog_testutil.go delete mode 100644 vendor/google.golang.org/grpc/internal/binarylog/env_config.go delete mode 100644 vendor/google.golang.org/grpc/internal/binarylog/method_logger.go delete mode 100644 vendor/google.golang.org/grpc/internal/binarylog/sink.go delete mode 100644 vendor/google.golang.org/grpc/internal/buffer/unbounded.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/channel.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/channelmap.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/funcs.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/logging.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/server.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/socket.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/subchannel.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/syscall_linux.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/syscall_nonlinux.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/trace.go delete mode 100644 vendor/google.golang.org/grpc/internal/credentials/credentials.go delete mode 100644 vendor/google.golang.org/grpc/internal/credentials/spiffe.go delete mode 100644 vendor/google.golang.org/grpc/internal/credentials/syscallconn.go delete mode 100644 vendor/google.golang.org/grpc/internal/credentials/util.go delete mode 100644 vendor/google.golang.org/grpc/internal/envconfig/envconfig.go delete mode 100644 vendor/google.golang.org/grpc/internal/envconfig/observability.go delete mode 100644 vendor/google.golang.org/grpc/internal/envconfig/xds.go delete mode 100644 vendor/google.golang.org/grpc/internal/experimental.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpclog/prefix_logger.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcsync/event.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcsync/pubsub.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcutil/compressor.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcutil/encode_duration.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcutil/grpcutil.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcutil/metadata.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcutil/method.go delete mode 100644 vendor/google.golang.org/grpc/internal/grpcutil/regex.go delete mode 100644 vendor/google.golang.org/grpc/internal/idle/idle.go delete mode 100644 vendor/google.golang.org/grpc/internal/internal.go delete mode 100644 vendor/google.golang.org/grpc/internal/metadata/metadata.go delete mode 100644 vendor/google.golang.org/grpc/internal/pretty/pretty.go delete mode 100644 vendor/google.golang.org/grpc/internal/proxyattributes/proxyattributes.go delete mode 100644 vendor/google.golang.org/grpc/internal/resolver/config_selector.go delete mode 100644 vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go delete mode 100644 vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go delete mode 100644 vendor/google.golang.org/grpc/internal/resolver/dns/internal/internal.go delete mode 100644 vendor/google.golang.org/grpc/internal/resolver/passthrough/passthrough.go delete mode 100644 vendor/google.golang.org/grpc/internal/resolver/unix/unix.go delete mode 100644 vendor/google.golang.org/grpc/internal/serviceconfig/duration.go delete mode 100644 vendor/google.golang.org/grpc/internal/serviceconfig/serviceconfig.go delete mode 100644 vendor/google.golang.org/grpc/internal/stats/labels.go delete mode 100644 vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go delete mode 100644 vendor/google.golang.org/grpc/internal/status/status.go delete mode 100644 vendor/google.golang.org/grpc/internal/syscall/syscall_linux.go delete mode 100644 vendor/google.golang.org/grpc/internal/syscall/syscall_nonlinux.go delete mode 100644 vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go delete mode 100644 vendor/google.golang.org/grpc/internal/tcp_keepalive_unix.go delete mode 100644 vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/bdp_estimator.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/client_stream.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/controlbuf.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/defaults.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/flowcontrol.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/handler_server.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/http2_client.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/http2_server.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/http_util.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/logging.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/networktype/networktype.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/proxy.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/server_stream.go delete mode 100644 vendor/google.golang.org/grpc/internal/transport/transport.go delete mode 100644 vendor/google.golang.org/grpc/keepalive/keepalive.go delete mode 100644 vendor/google.golang.org/grpc/mem/buffer_pool.go delete mode 100644 vendor/google.golang.org/grpc/mem/buffer_slice.go delete mode 100644 vendor/google.golang.org/grpc/mem/buffers.go delete mode 100644 vendor/google.golang.org/grpc/metadata/metadata.go delete mode 100644 vendor/google.golang.org/grpc/peer/peer.go delete mode 100644 vendor/google.golang.org/grpc/picker_wrapper.go delete mode 100644 vendor/google.golang.org/grpc/preloader.go delete mode 100644 vendor/google.golang.org/grpc/reflection/README.md delete mode 100644 vendor/google.golang.org/grpc/reflection/adapt.go delete mode 100644 vendor/google.golang.org/grpc/reflection/grpc_reflection_v1/reflection.pb.go delete mode 100644 vendor/google.golang.org/grpc/reflection/grpc_reflection_v1/reflection_grpc.pb.go delete mode 100644 vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection.pb.go delete mode 100644 vendor/google.golang.org/grpc/reflection/grpc_reflection_v1alpha/reflection_grpc.pb.go delete mode 100644 vendor/google.golang.org/grpc/reflection/internal/internal.go delete mode 100644 vendor/google.golang.org/grpc/reflection/serverreflection.go delete mode 100644 vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go delete mode 100644 vendor/google.golang.org/grpc/resolver/map.go delete mode 100644 vendor/google.golang.org/grpc/resolver/resolver.go delete mode 100644 vendor/google.golang.org/grpc/resolver_wrapper.go delete mode 100644 vendor/google.golang.org/grpc/rpc_util.go delete mode 100644 vendor/google.golang.org/grpc/server.go delete mode 100644 vendor/google.golang.org/grpc/service_config.go delete mode 100644 vendor/google.golang.org/grpc/serviceconfig/serviceconfig.go delete mode 100644 vendor/google.golang.org/grpc/stats/handlers.go delete mode 100644 vendor/google.golang.org/grpc/stats/metrics.go delete mode 100644 vendor/google.golang.org/grpc/stats/stats.go delete mode 100644 vendor/google.golang.org/grpc/status/status.go delete mode 100644 vendor/google.golang.org/grpc/stream.go delete mode 100644 vendor/google.golang.org/grpc/stream_interfaces.go delete mode 100644 vendor/google.golang.org/grpc/tap/tap.go delete mode 100644 vendor/google.golang.org/grpc/trace.go delete mode 100644 vendor/google.golang.org/grpc/trace_notrace.go delete mode 100644 vendor/google.golang.org/grpc/trace_withtrace.go delete mode 100644 vendor/google.golang.org/grpc/version.go delete mode 100644 vendor/google.golang.org/protobuf/LICENSE delete mode 100644 vendor/google.golang.org/protobuf/PATENTS delete mode 100644 vendor/google.golang.org/protobuf/encoding/protojson/decode.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/protojson/doc.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/protojson/encode.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/prototext/decode.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/prototext/doc.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/prototext/encode.go delete mode 100644 vendor/google.golang.org/protobuf/encoding/protowire/wire.go delete mode 100644 vendor/google.golang.org/protobuf/internal/descfmt/stringer.go delete mode 100644 vendor/google.golang.org/protobuf/internal/descopts/options.go delete mode 100644 vendor/google.golang.org/protobuf/internal/detrand/rand.go delete mode 100644 vendor/google.golang.org/protobuf/internal/editiondefaults/defaults.go delete mode 100644 vendor/google.golang.org/protobuf/internal/editiondefaults/editions_defaults.binpb delete mode 100644 vendor/google.golang.org/protobuf/internal/editionssupport/editions.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/defval/default.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/json/decode.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/json/decode_number.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/json/decode_string.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/json/decode_token.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/json/encode.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/messageset/messageset.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/tag/tag.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/text/decode.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/text/decode_number.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/text/decode_string.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/text/decode_token.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/text/doc.go delete mode 100644 vendor/google.golang.org/protobuf/internal/encoding/text/encode.go delete mode 100644 vendor/google.golang.org/protobuf/internal/errors/errors.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/build.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/desc.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/desc_list.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/desc_list_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/editions.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/placeholder.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filedesc/presence.go delete mode 100644 vendor/google.golang.org/protobuf/internal/filetype/build.go delete mode 100644 vendor/google.golang.org/protobuf/internal/flags/flags.go delete mode 100644 vendor/google.golang.org/protobuf/internal/flags/proto_legacy_disable.go delete mode 100644 vendor/google.golang.org/protobuf/internal/flags/proto_legacy_enable.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/any_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/api_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/descriptor_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/doc.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/duration_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/empty_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/field_mask_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/go_features_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/goname.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/map_entry.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/name.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/source_context_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/struct_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/timestamp_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/type_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/wrappers.go delete mode 100644 vendor/google.golang.org/protobuf/internal/genid/wrappers_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/api_export.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/api_export_opaque.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/bitmap.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/bitmap_race.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/checkinit.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_extension.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_field.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_field_opaque.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_map.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_message.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_message_opaque.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_messageset.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_tables.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/codec_unsafe.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/convert.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/convert_list.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/convert_map.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/decode.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/encode.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/enum.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/equal.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/extension.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/lazy.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/legacy_enum.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/legacy_export.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/legacy_extension.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/legacy_file.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/legacy_message.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/merge.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/merge_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_opaque.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_opaque_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_reflect.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_reflect_field.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_reflect_field_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/message_reflect_gen.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/pointer_unsafe_opaque.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/presence.go delete mode 100644 vendor/google.golang.org/protobuf/internal/impl/validate.go delete mode 100644 vendor/google.golang.org/protobuf/internal/order/order.go delete mode 100644 vendor/google.golang.org/protobuf/internal/order/range.go delete mode 100644 vendor/google.golang.org/protobuf/internal/pragma/pragma.go delete mode 100644 vendor/google.golang.org/protobuf/internal/protolazy/bufferreader.go delete mode 100644 vendor/google.golang.org/protobuf/internal/protolazy/lazy.go delete mode 100644 vendor/google.golang.org/protobuf/internal/protolazy/pointer_unsafe.go delete mode 100644 vendor/google.golang.org/protobuf/internal/set/ints.go delete mode 100644 vendor/google.golang.org/protobuf/internal/strs/strings.go delete mode 100644 vendor/google.golang.org/protobuf/internal/strs/strings_unsafe.go delete mode 100644 vendor/google.golang.org/protobuf/internal/version/version.go delete mode 100644 vendor/google.golang.org/protobuf/proto/checkinit.go delete mode 100644 vendor/google.golang.org/protobuf/proto/decode.go delete mode 100644 vendor/google.golang.org/protobuf/proto/decode_gen.go delete mode 100644 vendor/google.golang.org/protobuf/proto/doc.go delete mode 100644 vendor/google.golang.org/protobuf/proto/encode.go delete mode 100644 vendor/google.golang.org/protobuf/proto/encode_gen.go delete mode 100644 vendor/google.golang.org/protobuf/proto/equal.go delete mode 100644 vendor/google.golang.org/protobuf/proto/extension.go delete mode 100644 vendor/google.golang.org/protobuf/proto/merge.go delete mode 100644 vendor/google.golang.org/protobuf/proto/messageset.go delete mode 100644 vendor/google.golang.org/protobuf/proto/proto.go delete mode 100644 vendor/google.golang.org/protobuf/proto/proto_methods.go delete mode 100644 vendor/google.golang.org/protobuf/proto/proto_reflect.go delete mode 100644 vendor/google.golang.org/protobuf/proto/reset.go delete mode 100644 vendor/google.golang.org/protobuf/proto/size.go delete mode 100644 vendor/google.golang.org/protobuf/proto/size_gen.go delete mode 100644 vendor/google.golang.org/protobuf/proto/wrapperopaque.go delete mode 100644 vendor/google.golang.org/protobuf/proto/wrappers.go delete mode 100644 vendor/google.golang.org/protobuf/protoadapt/convert.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc_resolve.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/desc_validate.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/editions.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protodesc/proto.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/methods.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/proto.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/source.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/source_gen.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/type.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_equal.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoreflect/value_unsafe.go delete mode 100644 vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go delete mode 100644 vendor/google.golang.org/protobuf/runtime/protoiface/legacy.go delete mode 100644 vendor/google.golang.org/protobuf/runtime/protoiface/methods.go delete mode 100644 vendor/google.golang.org/protobuf/runtime/protoimpl/impl.go delete mode 100644 vendor/google.golang.org/protobuf/runtime/protoimpl/version.go delete mode 100644 vendor/google.golang.org/protobuf/types/descriptorpb/descriptor.pb.go delete mode 100644 vendor/google.golang.org/protobuf/types/gofeaturespb/go_features.pb.go delete mode 100644 vendor/google.golang.org/protobuf/types/known/anypb/any.pb.go delete mode 100644 vendor/google.golang.org/protobuf/types/known/durationpb/duration.pb.go delete mode 100644 vendor/google.golang.org/protobuf/types/known/emptypb/empty.pb.go delete mode 100644 vendor/google.golang.org/protobuf/types/known/timestamppb/timestamp.pb.go delete mode 100644 vendor/modules.txt delete mode 100644 website/docs/d/actions_environment_public_key.html.markdown delete mode 100644 website/docs/d/actions_environment_secrets.html.markdown delete mode 100644 website/docs/d/actions_environment_variables.html.markdown delete mode 100644 website/docs/d/actions_organization_oidc_subject_claim_customization_template.html.markdown delete mode 100644 website/docs/d/actions_organization_public_key.html.markdown delete mode 100644 website/docs/d/actions_organization_registration_token.html.markdown delete mode 100644 website/docs/d/actions_organization_secrets.html.markdown delete mode 100644 website/docs/d/actions_organization_variables.html.markdown delete mode 100644 website/docs/d/actions_public_key.html.markdown delete mode 100644 website/docs/d/actions_registration_token.html.markdown delete mode 100644 website/docs/d/actions_repository_oidc_subject_claim_customization_template.html.markdown delete mode 100644 website/docs/d/actions_secrets.html.markdown delete mode 100644 website/docs/d/actions_variables.html.markdown delete mode 100644 website/docs/d/app.html.markdown delete mode 100644 website/docs/d/app_token.html.markdown delete mode 100644 website/docs/d/branch.html.markdown delete mode 100644 website/docs/d/branch_protection_rules.html.markdown delete mode 100644 website/docs/d/codespaces_organization_public_key.html.markdown delete mode 100644 website/docs/d/codespaces_organization_secrets.html.markdown delete mode 100644 website/docs/d/codespaces_public_key.html.markdown delete mode 100644 website/docs/d/codespaces_secrets.html.markdown delete mode 100644 website/docs/d/codespaces_user_public_key.html.markdown delete mode 100644 website/docs/d/codespaces_user_secrets.html.markdown delete mode 100644 website/docs/d/collaborators.html.markdown delete mode 100644 website/docs/d/dependabot_organization_public_key.html.markdown delete mode 100644 website/docs/d/dependabot_organization_secrets.html.markdown delete mode 100644 website/docs/d/dependabot_public_key.html.markdown delete mode 100644 website/docs/d/dependabot_secrets.html.markdown delete mode 100644 website/docs/d/enterprise.html.markdown delete mode 100644 website/docs/d/external_groups.html.markdown delete mode 100644 website/docs/d/ip_ranges.html.markdown delete mode 100644 website/docs/d/issue_labels.html.markdown delete mode 100644 website/docs/d/membership.html.markdown delete mode 100644 website/docs/d/organization.html.markdown delete mode 100644 website/docs/d/organization_custom_properties.html.markdown delete mode 100644 website/docs/d/organization_custom_role.html.markdown delete mode 100644 website/docs/d/organization_external_identities.markdown delete mode 100644 website/docs/d/organization_ip_allow_list.html.markdown delete mode 100644 website/docs/d/organization_repository_role.html.markdown delete mode 100644 website/docs/d/organization_repository_roles.html.markdown delete mode 100644 website/docs/d/organization_role.html.markdown delete mode 100644 website/docs/d/organization_role_teams.html.markdown delete mode 100644 website/docs/d/organization_role_users.html.markdown delete mode 100644 website/docs/d/organization_roles.html.markdown delete mode 100644 website/docs/d/organization_security_managers.html.markdown delete mode 100644 website/docs/d/organization_team_sync_groups.html.markdown delete mode 100644 website/docs/d/organization_teams.html.markdown delete mode 100644 website/docs/d/organization_webhooks.html.markdown delete mode 100644 website/docs/d/ref.html.markdown delete mode 100644 website/docs/d/release.html.markdown delete mode 100644 website/docs/d/release_asset.html.markdown delete mode 100644 website/docs/d/repositories.html.markdown delete mode 100644 website/docs/d/repository.html.markdown delete mode 100644 website/docs/d/repository_autolink_references.html.markdown delete mode 100644 website/docs/d/repository_branches.html.markdown delete mode 100644 website/docs/d/repository_custom_properties.html.markdown delete mode 100644 website/docs/d/repository_deploy_keys.html.markdown delete mode 100644 website/docs/d/repository_deployment_branch_policies.html.markdown delete mode 100644 website/docs/d/repository_environment_deployment_policies.html.markdown delete mode 100644 website/docs/d/repository_environments.html.markdown delete mode 100644 website/docs/d/repository_file.html.markdown delete mode 100644 website/docs/d/repository_milestone.html.markdown delete mode 100644 website/docs/d/repository_pull_request.html.markdown delete mode 100644 website/docs/d/repository_pull_requests.html.markdown delete mode 100644 website/docs/d/repository_teams.html.markdown delete mode 100644 website/docs/d/repository_webhooks.html.markdown delete mode 100644 website/docs/d/rest_api.html.markdown delete mode 100644 website/docs/d/ssh_keys.html.markdown delete mode 100644 website/docs/d/team.html.markdown delete mode 100644 website/docs/d/tree.html.markdown delete mode 100644 website/docs/d/user.html.markdown delete mode 100644 website/docs/d/user_external_identity.html.markdown delete mode 100644 website/docs/d/users.html.markdown delete mode 100644 website/docs/index.html.markdown delete mode 100644 website/docs/r/actions_environment_secret.html.markdown delete mode 100644 website/docs/r/actions_environment_variable.html.markdown delete mode 100644 website/docs/r/actions_hosted_runner.html.markdown delete mode 100644 website/docs/r/actions_organization_oidc_subject_claim_customization_template.html.markdown delete mode 100644 website/docs/r/actions_organization_permissions.html.markdown delete mode 100644 website/docs/r/actions_organization_secret.html.markdown delete mode 100644 website/docs/r/actions_organization_secret_repositories.html.markdown delete mode 100644 website/docs/r/actions_organization_secret_repository.html.markdown delete mode 100644 website/docs/r/actions_organization_variable.html.markdown delete mode 100644 website/docs/r/actions_organization_variable_repositories.html.markdown delete mode 100644 website/docs/r/actions_organization_variable_repository.html.markdown delete mode 100644 website/docs/r/actions_organization_workflow_permissions.html.markdown delete mode 100644 website/docs/r/actions_repository_access_level.html.markdown delete mode 100644 website/docs/r/actions_repository_oidc_subject_claim_customization_template.html.markdown delete mode 100644 website/docs/r/actions_repository_permissions.html.markdown delete mode 100644 website/docs/r/actions_runner_group.html.markdown delete mode 100644 website/docs/r/actions_secret.html.markdown delete mode 100644 website/docs/r/actions_variable.html.markdown delete mode 100644 website/docs/r/app_installation_repositories.html.markdown delete mode 100644 website/docs/r/app_installation_repository.html.markdown delete mode 100644 website/docs/r/branch.html.markdown delete mode 100644 website/docs/r/branch_default.html.markdown delete mode 100644 website/docs/r/branch_protection.html.markdown delete mode 100644 website/docs/r/branch_protection_v3.html.markdown delete mode 100644 website/docs/r/codespaces_organization_secret.html.markdown delete mode 100644 website/docs/r/codespaces_organization_secret_repositories.html.markdown delete mode 100644 website/docs/r/codespaces_secret.html.markdown delete mode 100644 website/docs/r/codespaces_user_secret.html.markdown delete mode 100644 website/docs/r/dependabot_organization_secret.html.markdown delete mode 100644 website/docs/r/dependabot_organization_secret_repositories.html.markdown delete mode 100644 website/docs/r/dependabot_organization_secret_repository.html.markdown delete mode 100644 website/docs/r/dependabot_secret.html.markdown delete mode 100644 website/docs/r/emu_group_mapping.html.markdown delete mode 100644 website/docs/r/enterprise_actions_permissions.html.markdown delete mode 100644 website/docs/r/enterprise_actions_runner_group.html.markdown delete mode 100644 website/docs/r/enterprise_actions_workflow_permissions.html.markdown delete mode 100644 website/docs/r/enterprise_organization.html.markdown delete mode 100644 website/docs/r/enterprise_security_analysis_settings.html.markdown delete mode 100644 website/docs/r/issue.html.markdown delete mode 100644 website/docs/r/issue_label.html.markdown delete mode 100644 website/docs/r/issue_labels.html.markdown delete mode 100644 website/docs/r/membership.html.markdown delete mode 100644 website/docs/r/organization_block.html.markdown delete mode 100644 website/docs/r/organization_custom_properties.html.markdown delete mode 100644 website/docs/r/organization_custom_role.html.markdown delete mode 100644 website/docs/r/organization_project.html.markdown delete mode 100644 website/docs/r/organization_repository_role.html.markdown delete mode 100644 website/docs/r/organization_role.html.markdown delete mode 100644 website/docs/r/organization_role_team.html.markdown delete mode 100644 website/docs/r/organization_role_team_assignment.html.markdown delete mode 100644 website/docs/r/organization_role_user.html.markdown delete mode 100644 website/docs/r/organization_ruleset.html.markdown delete mode 100644 website/docs/r/organization_security_manager.html.markdown delete mode 100644 website/docs/r/organization_settings.html.markdown delete mode 100644 website/docs/r/organization_webhook.html.markdown delete mode 100644 website/docs/r/project_card.html.markdown delete mode 100644 website/docs/r/project_column.html.markdown delete mode 100644 website/docs/r/release.html.markdown delete mode 100644 website/docs/r/repository.html.markdown delete mode 100644 website/docs/r/repository_autolink_reference.html.markdown delete mode 100644 website/docs/r/repository_collaborator.html.markdown delete mode 100644 website/docs/r/repository_collaborators.html.markdown delete mode 100644 website/docs/r/repository_custom_property.html.markdown delete mode 100644 website/docs/r/repository_dependabot_security_updates.html.markdown delete mode 100644 website/docs/r/repository_deploy_key.html.markdown delete mode 100644 website/docs/r/repository_deployment_branch_policy.html.markdown delete mode 100644 website/docs/r/repository_environment.html.markdown delete mode 100644 website/docs/r/repository_environment_deployment_policy.html.markdown delete mode 100644 website/docs/r/repository_file.html.markdown delete mode 100644 website/docs/r/repository_milestone.html.markdown delete mode 100644 website/docs/r/repository_project.html.markdown delete mode 100644 website/docs/r/repository_pull_request.html.markdown delete mode 100644 website/docs/r/repository_ruleset.html.markdown delete mode 100644 website/docs/r/repository_topics.html.markdown delete mode 100644 website/docs/r/repository_webhook.html.markdown delete mode 100644 website/docs/r/team.html.markdown delete mode 100644 website/docs/r/team_members.html.markdown delete mode 100644 website/docs/r/team_membership.html.markdown delete mode 100644 website/docs/r/team_repository.html.markdown delete mode 100644 website/docs/r/team_settings.html.markdown delete mode 100644 website/docs/r/team_sync_group_mapping.html.markdown delete mode 100644 website/docs/r/user_gpg_key.html.markdown delete mode 100644 website/docs/r/user_invitation_accepter.html.markdown delete mode 100644 website/docs/r/user_ssh_key.html.markdown delete mode 100644 website/docs/r/workflow_repository_permissions.html.markdown delete mode 100644 website/github.erb diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ee010fd2cb..6c294a626d 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -7,12 +7,12 @@ Resolves #ISSUE_NUMBER ### Before the change? -- +- ### After the change? -- +- ### Pull request checklist diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 926202b13a..d157141423 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -33,8 +33,25 @@ jobs: with: go-version-file: go.mod cache: true + - name: Set-up Terraform + uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 + with: + terraform_version: latest + terraform_wrapper: false + - name: Set-up rumdl + uses: action-stars/install-tool-from-github-release@1fa61c3bea52eca3bcdb1f5c961a3b113fe7fa54 # v0.2.6 + with: + github_token: ${{ github.token }} + owner: rvben + repository: rumdl + filename_format: "{name}-v{version}-{arch}-{os}.{ext}" + arch_amd64: x86_64 + os_linux: unknown-linux-gnu + check_command: rumdl --version + version: latest - run: make tools - run: make lintcheck - - run: make website-lint - run: make build - run: make test + - run: make checkdocs + - run: make lintdocs RUMDL_ARGS="--output-format github" diff --git a/.golangci.yml b/.golangci.yml index 3e0f9d49dc..10890c6c1a 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,4 @@ version: "2" -run: - modules-download-mode: vendor linters: default: none diff --git a/.markdownlint.yaml b/.markdownlint.yaml deleted file mode 100644 index 518e76a2af..0000000000 --- a/.markdownlint.yaml +++ /dev/null @@ -1,4 +0,0 @@ -MD013: false -MD024: - siblings_only: true -MD028: false diff --git a/.rumdl.toml b/.rumdl.toml new file mode 100644 index 0000000000..9f753ada01 --- /dev/null +++ b/.rumdl.toml @@ -0,0 +1,15 @@ +[global] +disable = ["MD013", "MD028"] + +[per-file-ignores] +".github/pull_request_template.md" = ["MD041"] +"docs/**/*.md" = ["MD059"] + +[MD024] +siblings-only = true + +[MD033] +allowed-elements = ["a", "br", "details", "img", "summary", "sub", "sup"] + +[MD052] +shortcut-syntax = true diff --git a/CHANGELOG.md b/CHANGELOG.md index 98b391f118..ba57be23a6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,207 +2,201 @@ After the release of v4.24.0, please see the [GitHub release notes](https://github.com/integrations/terraform-provider-github/releases) for the provider in order to view the most up-to-date changes. -# 4.24.0 (Apr 28, 2022) +## 4.24.0 (Apr 28, 2022) ENHANCEMENTS: -* Support for allow_forking on a repository/update to go-github v42 by @diogopms in https://github.com/integrations/terraform-provider-github/pull/1033 -* Upgrade go-github to v43.0.0 by @btkostner in https://github.com/integrations/terraform-provider-github/pull/1087 -BUG FIXES: +* Support for allow_forking on a repository/update to go-github v42 by @diogopms in +* Upgrade go-github to v43.0.0 by @btkostner in -* Fix go module path by @turkenh in https://github.com/integrations/terraform-provider-github/pull/961 -* fix: remove incorrect required schema key on ref data source by @youcandanch in https://github.com/integrations/terraform-provider-github/pull/1109 -* Bump Go version for Actions release CI to 1.18 by @kfcampbell in https://github.com/integrations/terraform-provider-github/pull/1134 -* build(deps): bump actions/setup-go from 2 to 3 by @dependabot in https://github.com/integrations/terraform-provider-github/pull/1110 -* Fix linting issues by @kfcampbell in https://github.com/integrations/terraform-provider-github/pull/1107 +BUG FIXES: +* Fix go module path by @turkenh in +* fix: remove incorrect required schema key on ref data source by @youcandanch in +* Bump Go version for Actions release CI to 1.18 by @kfcampbell in +* build(deps): bump actions/setup-go from 2 to 3 by @dependabot in +* Fix linting issues by @kfcampbell in -# 4.23.0 (Mar 25, 2022) +## 4.23.0 (Mar 25, 2022) ENHANCEMENTS: -* Add support for disabling the use of the vulnerability management endpoint by @enieuw in https://github.com/integrations/terraform-provider-github/pull/1022 -* Added orgname in github_orgranization attributes by @Kavinraja-G in https://github.com/integrations/terraform-provider-github/pull/1052 -* Add a data source for refs. by @youcandanch in https://github.com/integrations/terraform-provider-github/pull/1084 -* build(deps): bump actions/checkout from 2 to 3 by @dependabot in https://github.com/integrations/terraform-provider-github/pull/1086 +* Add support for disabling the use of the vulnerability management endpoint by @enieuw in +* Added orgname in github_orgranization attributes by @Kavinraja-G in +* Add a data source for refs. by @youcandanch in +* build(deps): bump actions/checkout from 2 to 3 by @dependabot in BUG FIXES: -* fix: use pagination to fetch all team members by @carocad in https://github.com/integrations/terraform-provider-github/pull/1092 -* docs: fix typos in d/users.html.markdown by @pallxk in https://github.com/integrations/terraform-provider-github/pull/1049 +* fix: use pagination to fetch all team members by @carocad in +* docs: fix typos in d/users.html.markdown by @pallxk in -# 4.22.0 (Mar 18, 2022) +## 4.22.0 (Mar 18, 2022) ENHANCEMENTS: -* feat: add `tree` data source by @jasonwalsh in https://github.com/integrations/terraform-provider-github/pull/1027 -* feat: support for issues using github_issue resource by @ewilde in https://github.com/integrations/terraform-provider-github/pull/1047 -* feat: add configurable read_delay_ms by @morremeyer in https://github.com/integrations/terraform-provider-github/pull/1054 +* feat: add `tree` data source by @jasonwalsh in +* feat: support for issues using github_issue resource by @ewilde in +* feat: add configurable read_delay_ms by @morremeyer in ## 4.21.0 (Mar 11, 2022) ENHANCEMENTS: -* Adding BypassPullRequestActorIDs to branch protection by @jtyr in https://github.com/integrations/terraform-provider-github/pull/1030 -* Adding suspended_at attribute to github_user data source by @mrobinson-anaplan in https://github.com/integrations/terraform-provider-github/pull/1070 -* Documentation: Add id to github_user data dource by @kangaechu in https://github.com/integrations/terraform-provider-github/pull/1061 +* Adding BypassPullRequestActorIDs to branch protection by @jtyr in +* Adding suspended_at attribute to github_user data source by @mrobinson-anaplan in +* Documentation: Add id to github_user data dource by @kangaechu in BUG FIXES: -* fix: use the appropriate ID when trying to import `github_team_members` objects by @bison-brandon in https://github.com/integrations/terraform-provider-github/pull/1074 -* Environment ID gets set incorrectly on update by @aceresia-bg in https://github.com/integrations/terraform-provider-github/pull/1058 -* Fix whitespace in documentation for branch_protection_v3 by @JCradock in https://github.com/integrations/terraform-provider-github/pull/1059 +* fix: use the appropriate ID when trying to import `github_team_members` objects by @bison-brandon in +* Environment ID gets set incorrectly on update by @aceresia-bg in +* Fix whitespace in documentation for branch_protection_v3 by @JCradock in ## 4.20.1 (Mar 3, 2022) BUG FIXES: -* Remove team from state if deletion failed and it does not exist by @cytopia in https://github.com/integrations/terraform-provider-github/pull/1039 - * Note that this is a behavior change from previous GitHub Terraform provider releases: now, if a GitHub team deletion operation fails and the team does not exist, the team will be automatically removed from state. -* Make data_github_repository work with non-existing repositories by @tobiassjosten in https://github.com/integrations/terraform-provider-github/pull/1031 -* Standardize logs by @kfcampbell in https://github.com/integrations/terraform-provider-github/pull/1053 +* Remove team from state if deletion failed and it does not exist by @cytopia in + * Note that this is a behavior change from previous GitHub Terraform provider releases: now, if a GitHub team deletion operation fails and the team does not exist, the team will be automatically removed from state. +* Make data_github_repository work with non-existing repositories by @tobiassjosten in +* Standardize logs by @kfcampbell in ## 4.20.0 (Feb 3, 2022) ENHANCEMENTS: -* Add new resource `github_team_members` to allow authoritative team management by @stawik-mesa in https://github.com/integrations/terraform-provider-github/pull/975 +* Add new resource `github_team_members` to allow authoritative team management by @stawik-mesa in BUG FIXES: -* test: checkout pull request via sha instead of ref by @jcudit in https://github.com/integrations/terraform-provider-github/pull/1043 -* Small CI cleanup by @kfcampbell in https://github.com/integrations/terraform-provider-github/pull/1048 - -**Full Changelog**: https://github.com/integrations/terraform-provider-github/compare/v4.19.2...v4.20.0 +* test: checkout pull request via sha instead of ref by @jcudit in +* Small CI cleanup by @kfcampbell in +**Full Changelog**: ## 4.19.2 (Jan 20, 2022) BUG FIXES: -- Update `go-github` to v42.0.0 ([#1035](https://github.com/integrations/terraform-provider-github/pull/1035)) -- Adjust count requirement of `required_approving_review_count` option for `github_branch_protection` ([#971](https://github.com/integrations/terraform-provider-github/pull/971)) -- Add `nil` check for `require_conversation_resolution` field of `github_branch_protection` resource ([#1032](https://github.com/integrations/terraform-provider-github/pull/1032)) +* Update `go-github` to v42.0.0 ([#1035](https://github.com/integrations/terraform-provider-github/pull/1035)) +* Adjust count requirement of `required_approving_review_count` option for `github_branch_protection` ([#971](https://github.com/integrations/terraform-provider-github/pull/971)) +* Add `nil` check for `require_conversation_resolution` field of `github_branch_protection` resource ([#1032](https://github.com/integrations/terraform-provider-github/pull/1032)) ## 4.19.1 (Jan 5, 2022) BUG FIXES: -- Update `go-github` to v41.0.0 ([#993](https://github.com/integrations/terraform-provider-github/pull/993)) -- Add `nil` check for `plan` field of `github_organization` data source ([#1016](https://github.com/integrations/terraform-provider-github/pull/1016)) - +* Update `go-github` to v41.0.0 ([#993](https://github.com/integrations/terraform-provider-github/pull/993)) +* Add `nil` check for `plan` field of `github_organization` data source ([#1016](https://github.com/integrations/terraform-provider-github/pull/1016)) ## 4.19.0 (Dec 13, 2021) ENHANCEMENTS: -- Export `branches` attribute of `github_repository` resource ([[#959](https://github.com/integrations/terraform-provider-github/pull/959)]) -- Add `require_conversation_resolution` support for `github_branch_protection` resource ([[#904](https://github.com/integrations/terraform-provider-github/pull/904)]) +* Export `branches` attribute of `github_repository` resource ([[#959](https://github.com/integrations/terraform-provider-github/pull/959)]) +* Add `require_conversation_resolution` support for `github_branch_protection` resource ([[#904](https://github.com/integrations/terraform-provider-github/pull/904)]) BUG FIXES: -- Adjust length requirement to `topics` option for `github_repository` ([[#996](https://github.com/integrations/terraform-provider-github/pull/996)]) -- Add `required_linear_history` support for `github_branch_protection` resource ([[#935](https://github.com/integrations/terraform-provider-github/pull/935)]) - +* Adjust length requirement to `topics` option for `github_repository` ([[#996](https://github.com/integrations/terraform-provider-github/pull/996)]) +* Add `required_linear_history` support for `github_branch_protection` resource ([[#935](https://github.com/integrations/terraform-provider-github/pull/935)]) ## 4.18.2 (Nov 30, 2021) BUG FIXES: -- Add length requirement to `name` option for `github_repository` ([[#965](https://github.com/integrations/terraform-provider-github/pull/965)]) -- Various documentation fixes 🙇 +* Add length requirement to `name` option for `github_repository` ([[#965](https://github.com/integrations/terraform-provider-github/pull/965)]) +* Various documentation fixes 🙇 ## 4.18.1 (Nov 22, 2021) BUG FIXES: -- Add length requirement to `topics` option for `github_repository` ([[#951](https://github.com/integrations/terraform-provider-github/pull/951)]) -- Add pagination to `selected_repositories` option for `github_actions_runner_group` ([[#970](https://github.com/integrations/terraform-provider-github/pull/970)]) -- Add handling for new `node_id` format introduced to the GitHub GraphQL API (`github_repository`) ([[#914](https://github.com/integrations/terraform-provider-github/pull/914)]) +* Add length requirement to `topics` option for `github_repository` ([[#951](https://github.com/integrations/terraform-provider-github/pull/951)]) +* Add pagination to `selected_repositories` option for `github_actions_runner_group` ([[#970](https://github.com/integrations/terraform-provider-github/pull/970)]) +* Add handling for new `node_id` format introduced to the GitHub GraphQL API (`github_repository`) ([[#914](https://github.com/integrations/terraform-provider-github/pull/914)]) ## 4.18.0 (Nov 8, 2021) ENHANCEMENTS: -- **New Resource:** `github_actions_organization_permissions` ([[#920](https://github.com/integrations/terraform-provider-github/pull/920)]) +* **New Resource:** `github_actions_organization_permissions` ([[#920](https://github.com/integrations/terraform-provider-github/pull/920)]) BUG FIXES: -- Add newline compatbility to GitHub App provider authentication ([[#931](https://github.com/integrations/terraform-provider-github/pull/931)]) -- Fix `strict` setting of `required_status_checks` for `github_branch_protection` resource ([[#880](https://github.com/integrations/terraform-provider-github/issues/880)]) - +* Add newline compatbility to GitHub App provider authentication ([[#931](https://github.com/integrations/terraform-provider-github/pull/931)]) +* Fix `strict` setting of `required_status_checks` for `github_branch_protection` resource ([[#880](https://github.com/integrations/terraform-provider-github/issues/880)]) ## 4.17.0 (Oct 17, 2021) ENHANCEMENTS: -- **New Resource:** `github_repository_autolink_reference` ([[#924](https://github.com/integrations/terraform-provider-github/pull/924)]) -- **New Data Sources** `github_users` ([#900](https://github.com/integrations/terraform-provider-github/pull/900)) -- Add `allow_auto_merge` option for `github_repository` ([#923](https://github.com/integrations/terraform-provider-github/pull/923)) +* **New Resource:** `github_repository_autolink_reference` ([[#924](https://github.com/integrations/terraform-provider-github/pull/924)]) +* **New Data Sources** `github_users` ([#900](https://github.com/integrations/terraform-provider-github/pull/900)) +* Add `allow_auto_merge` option for `github_repository` ([#923](https://github.com/integrations/terraform-provider-github/pull/923)) BUG FIXES: -- Various documentation fixes 🙇 +* Various documentation fixes 🙇 ## 4.16.0 (Oct 5, 2021) ENHANCEMENTS: * **New Data Source:** `github_repository_file` ([#896](https://github.com/integrations/terraform-provider-github/pull/896)) -- Add `write_delay_ms` provider option [#907](https://github.com/integrations/terraform-provider-github/pull/907)) +* Add `write_delay_ms` provider option [#907](https://github.com/integrations/terraform-provider-github/pull/907)) BUG FIXES: -- Update `go-github` to v39.0.0 ([#905](https://github.com/integrations/terraform-provider-github/pull/905)) +* Update `go-github` to v39.0.0 ([#905](https://github.com/integrations/terraform-provider-github/pull/905)) ## 4.15.1 (Sep 23, 2021) BUG FIXES: -- Revert suppression of `etag` changes for `github_repository` resources ([[#910](https://github.com/integrations/terraform-provider-github/issues/910)]) +* Revert suppression of `etag` changes for `github_repository` resources ([[#910](https://github.com/integrations/terraform-provider-github/issues/910)]) ## 4.15.0 (Sep 22, 2021) ENHANCEMENTS: -- **New Resource:** `github_actions_organization_secret_repositories` ([[#882](https://github.com/integrations/terraform-provider-github/issues/882)]) -- **New Resource:** `github_actions_runner_group` ([[#821](https://github.com/integrations/terraform-provider-github/issues/821)]) -- Add `require_linear_history` to `github_branch_protection` resource ([[#887](https://github.com/integrations/terraform-provider-github/issues/887)]) -- Add `branches` attribute to `github_repository` resource ([[#892](https://github.com/integrations/terraform-provider-github/issues/892)]) - +* **New Resource:** `github_actions_organization_secret_repositories` ([[#882](https://github.com/integrations/terraform-provider-github/issues/882)]) +* **New Resource:** `github_actions_runner_group` ([[#821](https://github.com/integrations/terraform-provider-github/issues/821)]) +* Add `require_linear_history` to `github_branch_protection` resource ([[#887](https://github.com/integrations/terraform-provider-github/issues/887)]) +* Add `branches` attribute to `github_repository` resource ([[#892](https://github.com/integrations/terraform-provider-github/issues/892)]) BUG FIXES: -- Update documentation for `d/github_ip_ranges` ([#895](https://github.com/integrations/terraform-provider-github/issues/895)) -- Update `go-github` to v38 ([#901](https://github.com/integrations/terraform-provider-github/issues/901)) -- Suppress `etag` changes for `github_repository` resources ([[#909](https://github.com/integrations/terraform-provider-github/issues/909)]) - +* Update documentation for `d/github_ip_ranges` ([#895](https://github.com/integrations/terraform-provider-github/issues/895)) +* Update `go-github` to v38 ([#901](https://github.com/integrations/terraform-provider-github/issues/901)) +* Suppress `etag` changes for `github_repository` resources ([[#909](https://github.com/integrations/terraform-provider-github/issues/909)]) ## 4.14.0 (Sep 2, 2021) BUG FIXES: -- Adds support for recreating a `github_team_repository` when repository is renamed ([#870](https://github.com/integrations/terraform-provider-github/issues/870)) -- Adds logging of configured authentication on provider startup ([#867](https://github.com/integrations/terraform-provider-github/issues/867)) -- Update documentation for `github_ip_ranges` data source ([#857](https://github.com/integrations/terraform-provider-github/issues/857)) -- Add support for IPv6 addresses returned by `github_ip_ranges` data source ([#883](https://github.com/integrations/terraform-provider-github/issues/883)) -- Update `go-github` to v37.0.0 ([#893](https://github.com/integrations/terraform-provider-github/issues/893)) +* Adds support for recreating a `github_team_repository` when repository is renamed ([#870](https://github.com/integrations/terraform-provider-github/issues/870)) +* Adds logging of configured authentication on provider startup ([#867](https://github.com/integrations/terraform-provider-github/issues/867)) +* Update documentation for `github_ip_ranges` data source ([#857](https://github.com/integrations/terraform-provider-github/issues/857)) +* Add support for IPv6 addresses returned by `github_ip_ranges` data source ([#883](https://github.com/integrations/terraform-provider-github/issues/883)) +* Update `go-github` to v37.0.0 ([#893](https://github.com/integrations/terraform-provider-github/issues/893)) ## 4.13.0 (Jul 26, 2021) BUG FIXES: -- Fix setting `vulnerability_alerts` on private `github_repository` creation ([#768](https://github.com/integrations/terraform-provider-github/issues/768)) +* Fix setting `vulnerability_alerts` on private `github_repository` creation ([#768](https://github.com/integrations/terraform-provider-github/issues/768)) ENHANCEMENTS: -- Add `restrict_dismissals` option to `github_branch_protection` resource ([#839](https://github.com/integrations/terraform-provider-github/issues/839)) +* Add `restrict_dismissals` option to `github_branch_protection` resource ([#839](https://github.com/integrations/terraform-provider-github/issues/839)) ## 4.12.2 (Jul 12, 2021) BUG FIXES: -- Update `go-github` to v36.0.0 ([#841](https://github.com/integrations/terraform-provider-github/issues/841)) +* Update `go-github` to v36.0.0 ([#841](https://github.com/integrations/terraform-provider-github/issues/841)) ## 4.12.0 (Jun 18, 2021) @@ -214,27 +208,25 @@ ENHANCEMENTS: * Add `repositories` field to `github_team` data source ([[#791](https://github.com/integrations/terraform-provider-github/issues/791)]) * Add `repositories` field to `github_organization_teams` data source ([[#791](https://github.com/integrations/terraform-provider-github/issues/791)]) - BUG FIXES: -- Document incompatibility between `github_app_installation_repository` and GitHub App authentication ([#818](https://github.com/integrations/terraform-provider-github/issues/818)) -- Document migration from `hashicorp/terraform-provider-github ([#816](https://github.com/integrations/terraform-provider-github/issues/816)) -- Allow users and apps to also be applied to push restrictions for `github_branch_protection` ([#824](https://github.com/integrations/terraform-provider-github/issues/824)) - +* Document incompatibility between `github_app_installation_repository` and GitHub App authentication ([#818](https://github.com/integrations/terraform-provider-github/issues/818)) +* Document migration from `hashicorp/terraform-provider-github ([#816](https://github.com/integrations/terraform-provider-github/issues/816)) +* Allow users and apps to also be applied to push restrictions for `github_branch_protection` ([#824](https://github.com/integrations/terraform-provider-github/issues/824)) ## 4.11.0 (Jun 7, 2021) BREAKING CHANGES: -- Allow PEM data to be passed directly for GitHub App provider authentication ([#803](https://github.com/integrations/terraform-provider-github/issues/803)) +* Allow PEM data to be passed directly for GitHub App provider authentication ([#803](https://github.com/integrations/terraform-provider-github/issues/803)) ENHANCEMENTS: -- Add `encrypted_value` field to `github_actions_secret` and `github_actions_organization_secret` resources ([#807](https://github.com/integrations/terraform-provider-github/issues/807)) +* Add `encrypted_value` field to `github_actions_secret` and `github_actions_organization_secret` resources ([#807](https://github.com/integrations/terraform-provider-github/issues/807)) BUG FIXES: -- Fix error handling when branch does not exist for `github_branch` resource ([#806](https://github.com/integrations/terraform-provider-github/issues/806)) +* Fix error handling when branch does not exist for `github_branch` resource ([#806](https://github.com/integrations/terraform-provider-github/issues/806)) ## 4.10.1 (May 25, 2021) @@ -242,7 +234,6 @@ BUG FIXES: * Improve documentation for provider authentication options ([#801](https://github.com/integrations/terraform-provider-github/issues/801)) - ## 4.10.0 (May 21, 2021) ENHANCEMENTS: @@ -255,29 +246,28 @@ ENHANCEMENTS: BUG FIXES: -- Add EMU support by allowing `internal` visibility to be configured for `github_repository` ([#781](https://github.com/integrations/terraform-provider-github/issues/781)) -- Update `go-github` to 35.1.0 ([#772](https://github.com/integrations/terraform-provider-github/issues/772)) +* Add EMU support by allowing `internal` visibility to be configured for `github_repository` ([#781](https://github.com/integrations/terraform-provider-github/issues/781)) +* Update `go-github` to 35.1.0 ([#772](https://github.com/integrations/terraform-provider-github/issues/772)) ## 4.9.3 (May 7, 2021) BUG FIXES: -- Mark `slug` as `computed` when `name` is changed for `github_team` ([#757](https://github.com/integrations/terraform-provider-github/issues/757)) +* Mark `slug` as `computed` when `name` is changed for `github_team` ([#757](https://github.com/integrations/terraform-provider-github/issues/757)) ## 4.9.2 (April 18, 2021) BUG FIXES: -- correct visibility for repositories created via a template ([#761](https://github.com/integrations/terraform-provider-github/issues/761)) - +* correct visibility for repositories created via a template ([#761](https://github.com/integrations/terraform-provider-github/issues/761)) ## 4.9.1 (April 17, 2021) BUG FIXES: -- Bump Go version to 1.16 for acceptance tests and darwin/arm64 releases -- Update acceptance tests to v2.2.0 -- Re-instate releases of darwin/arm64 +* Bump Go version to 1.16 for acceptance tests and darwin/arm64 releases +* Update acceptance tests to v2.2.0 +* Re-instate releases of darwin/arm64 ## 4.9.0 (April 17, 2021) @@ -290,22 +280,22 @@ ENHANCEMENTS: BUG FIXES: -- Detect and overwrite value drift for `github_actions_secret` and `github_actions_organization_secret` ([#740](https://github.com/integrations/terraform-provider-github/pull/740)) -- Do not destroy repositories when `name` attribute changes ([#699](https://github.com/integrations/terraform-provider-github/pull/699)) +* Detect and overwrite value drift for `github_actions_secret` and `github_actions_organization_secret` ([#740](https://github.com/integrations/terraform-provider-github/pull/740)) +* Do not destroy repositories when `name` attribute changes ([#699](https://github.com/integrations/terraform-provider-github/pull/699)) ## 4.8.0 (April 9, 2021) BUG FIXES: -- Deprecate `organization` / `GITHUB_ORGANIZATION` provider configuration options ([#735](https://github.com/integrations/terraform-provider-github/pull/735)) +* Deprecate `organization` / `GITHUB_ORGANIZATION` provider configuration options ([#735](https://github.com/integrations/terraform-provider-github/pull/735)) ## 4.7.0 (April 9, 2021) REGRESSIONS: -- new repositories created via a template have a public visibility ([#758](https://github.com/integrations/terraform-provider-github/issues/758)) - - workaround: a subsequent plan / apply will set the visibility to what is configured - - fix: see v4.9.2 +* new repositories created via a template have a public visibility ([#758](https://github.com/integrations/terraform-provider-github/issues/758)) + * workaround: a subsequent plan / apply will set the visibility to what is configured + * fix: see v4.9.2 ENHANCEMENTS: @@ -313,8 +303,8 @@ ENHANCEMENTS: BUG FIXES: -- Set visibility on create instead of update for `github_repository` ([#746](https://github.com/integrations/terraform-provider-github/pull/746)) -- Various documentation updates +* Set visibility on create instead of update for `github_repository` ([#746](https://github.com/integrations/terraform-provider-github/pull/746)) +* Various documentation updates ## 4.6.0 (March 23, 2021) @@ -324,46 +314,42 @@ ENHANCEMENTS: BUG FIXES: -- Fix panic for `github_repository_file` ([#732](https://github.com/integrations/terraform-provider-github/pull/732)) -- Improve error messaging for `github_branch` ([#734](https://github.com/integrations/terraform-provider-github/pull/734)) -- Improve error messaging for `github_branch_protection` ([#721](https://github.com/integrations/terraform-provider-github/pull/721)) -- Fix update operation for `github_default_branch` ([#719](https://github.com/integrations/terraform-provider-github/pull/719)) -- Add name validation for `github_actions_organization_secret` ([#714](https://github.com/integrations/terraform-provider-github/pull/714)) - +* Fix panic for `github_repository_file` ([#732](https://github.com/integrations/terraform-provider-github/pull/732)) +* Improve error messaging for `github_branch` ([#734](https://github.com/integrations/terraform-provider-github/pull/734)) +* Improve error messaging for `github_branch_protection` ([#721](https://github.com/integrations/terraform-provider-github/pull/721)) +* Fix update operation for `github_default_branch` ([#719](https://github.com/integrations/terraform-provider-github/pull/719)) +* Add name validation for `github_actions_organization_secret` ([#714](https://github.com/integrations/terraform-provider-github/pull/714)) ## 4.5.2 (March 16, 2021) BUG FIXES: -- Fix updating `default_branch` on `github_repository` ([#719](https://github.com/integrations/terraform-provider-github/pull/719)) - +* Fix updating `default_branch` on `github_repository` ([#719](https://github.com/integrations/terraform-provider-github/pull/719)) ## 4.5.1 (March 3, 2021) BUG FIXES: -- Fix `github_branch_protection` import by repository node ID and pattern ([#713](https://github.com/integrations/terraform-provider-github/pull/713)) -- Add pagination when retrieving team members for `data_source_github_team` ([#702](https://github.com/integrations/terraform-provider-github/pull/702)) - +* Fix `github_branch_protection` import by repository node ID and pattern ([#713](https://github.com/integrations/terraform-provider-github/pull/713)) +* Add pagination when retrieving team members for `data_source_github_team` ([#702](https://github.com/integrations/terraform-provider-github/pull/702)) ## 4.5.0 (February 17, 2021) ENHANCEMENTS: -- Add ability for `github_team_repository` to accept slug as a valid `team_id` ([#693](https://github.com/integrations/terraform-provider-github/pull/693)) +* Add ability for `github_team_repository` to accept slug as a valid `team_id` ([#693](https://github.com/integrations/terraform-provider-github/pull/693)) BUG FIXES: -- Add more context to error messaging for `github_branch_protection` ([#691](https://github.com/integrations/terraform-provider-github/pull/691)) -- Satisfy linter recommendation for `github_branch_protection` ([#694](https://github.com/integrations/terraform-provider-github/pull/694)) +* Add more context to error messaging for `github_branch_protection` ([#691](https://github.com/integrations/terraform-provider-github/pull/691)) +* Satisfy linter recommendation for `github_branch_protection` ([#694](https://github.com/integrations/terraform-provider-github/pull/694)) ## 4.4.0 (February 5, 2021) BUG FIXES: -- Add `create_default_maintainer` option to `github_team` ([#527](https://github.com/integrations/terraform-provider-github/pull/527)), ([#104](https://github.com/integrations/terraform-provider-github/pull/104)), ([#130](https://github.com/integrations/terraform-provider-github/pull/130)) -- Add diff-suppression option to `repository_collaborator` ([#683](https://github.com/integrations/terraform-provider-github/pull/683)) - +* Add `create_default_maintainer` option to `github_team` ([#527](https://github.com/integrations/terraform-provider-github/pull/527)), ([#104](https://github.com/integrations/terraform-provider-github/pull/104)), ([#130](https://github.com/integrations/terraform-provider-github/pull/130)) +* Add diff-suppression option to `repository_collaborator` ([#683](https://github.com/integrations/terraform-provider-github/pull/683)) ## 4.3.2 (February 2, 2021) @@ -376,7 +362,7 @@ BUG FIXES: REGRESSIONS: -- provider configuration breaks for individual accounts ([#678](https://github.com/integrations/terraform-provider-github/issues/678)) +* provider configuration breaks for individual accounts ([#678](https://github.com/integrations/terraform-provider-github/issues/678)) BUG FIXES: @@ -390,131 +376,125 @@ ENHANCEMENTS: * **New Resource** `github_branch_protection_v3` ([#642](https://github.com/integrations/terraform-provider-github/issues/642)) * Add `pages` feature to `github_repository` ([#490](https://github.com/integrations/terraform-provider-github/issues/490)) - ## 4.2.0 (January 07, 2021) BREAKING CHANGES: -- Project transfer from `terraform-providers` organization to `integrations` - - See [#652](https://github.com/integrations/terraform-provider-github/issues/652) for migration steps and [#656](https://github.com/integrations/terraform-provider-github/issues/656) for discussion +* Project transfer from `terraform-providers` organization to `integrations` + * See [#652](https://github.com/integrations/terraform-provider-github/issues/652) for migration steps and [#656](https://github.com/integrations/terraform-provider-github/issues/656) for discussion ENHANCEMENTS: -- Add `allowDeletions` and `allowsForcePushes` to `github_branch_protection` ([#623](https://github.com/integrations/terraform-provider-github/pull/623)) -- Add GitHub App actor support to `github_branch_protection` ([#615](https://github.com/integrations/terraform-provider-github/pull/615)) +* Add `allowDeletions` and `allowsForcePushes` to `github_branch_protection` ([#623](https://github.com/integrations/terraform-provider-github/pull/623)) +* Add GitHub App actor support to `github_branch_protection` ([#615](https://github.com/integrations/terraform-provider-github/pull/615)) BUG FIXES: -- Allow `required_status_checks` `strict` to be `false` for `github_branch_protection` ([#614](https://github.com/integrations/terraform-provider-github/pull/614)) -- Remove `ForceNew` on template-related options for `github_repository` ([#609](https://github.com/integrations/terraform-provider-github/pull/609)) -- Fix parsing of input during imports of `github_branch_protection` ([#610](https://github.com/integrations/terraform-provider-github/pull/610)) -- `github_repository_file` resource no longer iterates through all commits ([#644](https://github.com/integrations/terraform-provider-github/pull/644)) +* Allow `required_status_checks` `strict` to be `false` for `github_branch_protection` ([#614](https://github.com/integrations/terraform-provider-github/pull/614)) +* Remove `ForceNew` on template-related options for `github_repository` ([#609](https://github.com/integrations/terraform-provider-github/pull/609)) +* Fix parsing of input during imports of `github_branch_protection` ([#610](https://github.com/integrations/terraform-provider-github/pull/610)) +* `github_repository_file` resource no longer iterates through all commits ([#644](https://github.com/integrations/terraform-provider-github/pull/644)) ## 4.1.0 (December 01, 2020) ENHANCEMENTS: -- Add `github_actions_organization_secret` resource ([#261](https://github.com/integrations/terraform-provider-github/pull/261)) -- Add `github_repository_milestone` resource ([#470](https://github.com/integrations/terraform-provider-github/pull/470)) -- Add `github_repository_milestone` data source ([#470](https://github.com/integrations/terraform-provider-github/pull/470)) -- Add `github_project_card` resource ([#460](https://github.com/integrations/terraform-provider-github/pull/460)) -- Add `github_branch_default` resource ([#194](https://github.com/integrations/terraform-provider-github/pull/194)) - +* Add `github_actions_organization_secret` resource ([#261](https://github.com/integrations/terraform-provider-github/pull/261)) +* Add `github_repository_milestone` resource ([#470](https://github.com/integrations/terraform-provider-github/pull/470)) +* Add `github_repository_milestone` data source ([#470](https://github.com/integrations/terraform-provider-github/pull/470)) +* Add `github_project_card` resource ([#460](https://github.com/integrations/terraform-provider-github/pull/460)) +* Add `github_branch_default` resource ([#194](https://github.com/integrations/terraform-provider-github/pull/194)) ## 4.0.1 (November 18, 2020) BUG FIXES: -- `github_team` data source query no longer iterates through a list of teams ([#579](https://github.com/integrations/terraform-provider-github/pull/579)) -- `github_repository_file` resource no longer iterates through all commits ([#589](https://github.com/integrations/terraform-provider-github/pull/589)) -- fix parsing of `repo:pattern` format during `github_branch_protection` import ([#599](https://github.com/integrations/terraform-provider-github/pull/599)) - +* `github_team` data source query no longer iterates through a list of teams ([#579](https://github.com/integrations/terraform-provider-github/pull/579)) +* `github_repository_file` resource no longer iterates through all commits ([#589](https://github.com/integrations/terraform-provider-github/pull/589)) +* fix parsing of `repo:pattern` format during `github_branch_protection` import ([#599](https://github.com/integrations/terraform-provider-github/pull/599)) ## 4.0.0 (November 10, 2020) REGRESSIONS: -- fails parsing of `repo:pattern` format during `github_branch_protection` import ([#597](https://github.com/integrations/terraform-provider-github/issues/597)) +* fails parsing of `repo:pattern` format during `github_branch_protection` import ([#597](https://github.com/integrations/terraform-provider-github/issues/597)) BREAKING CHANGES: -- `pattern` replaces `branch` in changes to `github_branch_protection` introduced in `v3.1.0` ([#566](https://github.com/integrations/terraform-provider-github/issues/566)) -- `dismissal_restrictions` documented for `github_branch_protection` ([#569](https://github.com/integrations/terraform-provider-github/pull/569)) -- project license changes from MPL2 to MIT ([#591](https://github.com/integrations/terraform-provider-github/pull/591)) +* `pattern` replaces `branch` in changes to `github_branch_protection` introduced in `v3.1.0` ([#566](https://github.com/integrations/terraform-provider-github/issues/566)) +* `dismissal_restrictions` documented for `github_branch_protection` ([#569](https://github.com/integrations/terraform-provider-github/pull/569)) +* project license changes from MPL2 to MIT ([#591](https://github.com/integrations/terraform-provider-github/pull/591)) BUG FIXES: -- `repository_id` for `github_branch_protection` accepts repository name as well as node ID ([#593](https://github.com/integrations/terraform-provider-github/issues/593)) +* `repository_id` for `github_branch_protection` accepts repository name as well as node ID ([#593](https://github.com/integrations/terraform-provider-github/issues/593)) ENHANCEMENTS: -- Add support to get currently authenticated user to `data_source_github_user` ([#261](https://github.com/integrations/terraform-provider-github/pull/261)) -- Add importing to `github_organization_webhook` ([#487](https://github.com/integrations/terraform-provider-github/pull/487)) - +* Add support to get currently authenticated user to `data_source_github_user` ([#261](https://github.com/integrations/terraform-provider-github/pull/261)) +* Add importing to `github_organization_webhook` ([#487](https://github.com/integrations/terraform-provider-github/pull/487)) ## 3.1.0 (October 12, 2020) REGRESSIONS: -- undocumented, breaking configuration changes to `github_branch_protection` ([#566](https://github.com/integrations/terraform-provider-github/issues/566)) -- slowed performance of `github_branch_protection` ([#567](https://github.com/integrations/terraform-provider-github/issues/567)) -- change to default branch breaks refresh of existing `github_repository_file` resources ([#564](https://github.com/integrations/terraform-provider-github/issues/564)) +* undocumented, breaking configuration changes to `github_branch_protection` ([#566](https://github.com/integrations/terraform-provider-github/issues/566)) +* slowed performance of `github_branch_protection` ([#567](https://github.com/integrations/terraform-provider-github/issues/567)) +* change to default branch breaks refresh of existing `github_repository_file` resources ([#564](https://github.com/integrations/terraform-provider-github/issues/564)) BREAKING CHANGES: -- Deprecate `anonymous` Flag For Provider Configuration ([#506](https://github.com/integrations/terraform-provider-github/issues/506)) +* Deprecate `anonymous` Flag For Provider Configuration ([#506](https://github.com/integrations/terraform-provider-github/issues/506)) BUG FIXES: -- re-instante resources unavailable in the context of an organization ([#501](https://github.com/integrations/terraform-provider-github/issues/501)) -- allow overwrite-on-create behaviour for `github_repository_file` resource ([#459](https://github.com/integrations/terraform-provider-github/issues/459)) - +* re-instante resources unavailable in the context of an organization ([#501](https://github.com/integrations/terraform-provider-github/issues/501)) +* allow overwrite-on-create behaviour for `github_repository_file` resource ([#459](https://github.com/integrations/terraform-provider-github/issues/459)) ENHANCEMENTS: -- update `go-github` to `v32.1.0` ([#475](https://github.com/integrations/terraform-provider-github/issues/475)) -- add `vulnerability_alerts` to `github_repository` ([#444](https://github.com/integrations/terraform-provider-github/issues/444)) -- add `archive_on_destroy` to `github_repository` ([#432](https://github.com/integrations/terraform-provider-github/issues/432)) -- uplift `branch_protection` to GraphQL ([#337](https://github.com/integrations/terraform-provider-github/issues/337)) - +* update `go-github` to `v32.1.0` ([#475](https://github.com/integrations/terraform-provider-github/issues/475)) +* add `vulnerability_alerts` to `github_repository` ([#444](https://github.com/integrations/terraform-provider-github/issues/444)) +* add `archive_on_destroy` to `github_repository` ([#432](https://github.com/integrations/terraform-provider-github/issues/432)) +* uplift `branch_protection` to GraphQL ([#337](https://github.com/integrations/terraform-provider-github/issues/337)) ## 3.0.0 (September 08, 2020) BREAKING CHANGES: -- `token` becomes optional -- `organization` no longer deprecated -- `individual` and `anonymous` removed -- `owner` inferred from `organization` -- `base_url` provider parameter no longer requires `/api/v3` suffix +* `token` becomes optional +* `organization` no longer deprecated +* `individual` and `anonymous` removed +* `owner` inferred from `organization` +* `base_url` provider parameter no longer requires `/api/v3` suffix BUG FIXES: -- `terraform validate` fails because of missing token ([#503](https://github.com/integrations/terraform-provider-github/issues/503)) -- organization support for various resources ([#501](https://github.com/integrations/terraform-provider-github/issues/501)) +* `terraform validate` fails because of missing token ([#503](https://github.com/integrations/terraform-provider-github/issues/503)) +* organization support for various resources ([#501](https://github.com/integrations/terraform-provider-github/issues/501)) ENHANCEMENTS: * **New Data Source** `github_organization` ([#521](https://github.com/integrations/terraform-provider-github/issues/521)) - ## 2.9.2 (July 14, 2020) -- Adds deprecation of `anonymous` flag for provider configuration ahead of next major release ([#506](https://github.com/integrations/terraform-provider-github/issues/506)) -- Adds deprecation of `individual` flag for provider configuration ahead of next major release ([#512](https://github.com/integrations/terraform-provider-github/issues/512)) +* Adds deprecation of `anonymous` flag for provider configuration ahead of next major release ([#506](https://github.com/integrations/terraform-provider-github/issues/506)) +* Adds deprecation of `individual` flag for provider configuration ahead of next major release ([#512](https://github.com/integrations/terraform-provider-github/issues/512)) ## 2.9.1 (July 01, 2020) BUG FIXES: -- Reverts changes introduced in v2.9.0, deferring to the next major release +* Reverts changes introduced in v2.9.0, deferring to the next major release ## 2.9.0 (June 29, 2020) **NOTE**: This release introduced a provider-level breaking change around `anonymous` use. -See [here](https://github.com/integrations/terraform-provider-github/pull/464#discussion_r427961161) for details and [here](https://github.com/integrations/terraform-provider-github/issues/502#issuecomment-652379322) to discuss a fix. +See [here](https://github.com/integrations/terraform-provider-github/pull/464#discussion_r427961161) for details and [here](https://github.com/integrations/terraform-provider-github/issues/502#issuecomment-652379322) to discuss a fix. ENHANCEMENTS: + * Add Ability To Manage Resources For Non-Organization Accounts ([#464](https://github.com/integrations/terraform-provider-github/issues/464)) * resource/github_repository: Add "internal" Visibility Option ([#454](https://github.com/integrations/terraform-provider-github/issues/454)) @@ -533,7 +513,7 @@ BUG FIXES: BUG FIXES: * resource/github_branch_protection: Prevent enabling `dismissal_restrictions` in GitHub console if `dismissal_users` and `dismissal_teams` are not set ([#453](https://github.com/integrations/terraform-provider-github/issues/453)) -* resource/github_repository_collaborator: Allow modifying permissions from `maintain` and `triage` ([#457](https://github.com/integrations/terraform-provider-github/issues/457)) +* resource/github_repository_collaborator: Allow modifying permissions from `maintain` and `triage` ([#457](https://github.com/integrations/terraform-provider-github/issues/457)) * Documentation Fix for `github_actions_public_key` data-source ([#458](https://github.com/integrations/terraform-provider-github/issues/458)) * Documentation Fix for `github_branch_protection` resource ([#410](https://github.com/integrations/terraform-provider-github/issues/410)) * Documentation Layout Fix for `github_ip_ranges` and `github_membership` data sources ([#423](https://github.com/integrations/terraform-provider-github/issues/423)) @@ -541,6 +521,7 @@ BUG FIXES: * Update `go-github` to `v31.0.0` ([#424](https://github.com/integrations/terraform-provider-github/issues/424)) ENHANCEMENTS: + * **New Data Source** `github_organization_team_sync_groups` ([#400](https://github.com/integrations/terraform-provider-github/issues/400)) * **New Resource** `github_team_sync_group_mapping` ([#400](https://github.com/integrations/terraform-provider-github/issues/400)) @@ -556,7 +537,6 @@ ENHANCEMENTS: * **New Data Source** `github_branch` ([#364](https://github.com/integrations/terraform-provider-github/issues/364)) * **New Resource** `github_branch` ([#364](https://github.com/integrations/terraform-provider-github/issues/364)) - ## 2.6.1 (April 07, 2020) BUG FIXES: @@ -598,13 +578,12 @@ BUG FIXES: * Update `go` to `1.13` ([[#372](https://github.com/integrations/terraform-provider-github/issues/372)]) * Documentation Fixes For Consistency And Typography - ## 2.4.1 (March 05, 2020) BUG FIXES: * Updates `go-github` to `v29` to unblock planned feature development ([#342](https://github.com/integrations/terraform-provider-github/issues/342)) -* Fixes `insecure_ssl` parameter behaviour for `github_organization_webhook` and `github_repository_webhook` ([#365](https://github.com/integrations/terraform-provider-github/issues/365)) +* Fixes `insecure_ssl` parameter behaviour for `github_organization_webhook` and `github_repository_webhook` ([#365](https://github.com/integrations/terraform-provider-github/issues/365)) * Fixes label behaviour to not create new labels when renaming a `github_issue_label` ([#288](https://github.com/integrations/terraform-provider-github/issues/288)) ## 2.4.0 (February 26, 2020) @@ -646,6 +625,7 @@ ENHANCEMENTS: * `provider`: Added optional `anonymous` attribute, and made `token` optional ([#255](https://github.com/integrations/terraform-provider-github/issues/255)) BUG FIXES: + * `resource/github_repository`: Allow setting `default_branch` to `master` on creation ([#150](https://github.com/integrations/terraform-provider-github/issues/150)) * `resource/github_team_repository`: Validation of `team_id` ([#253](https://github.com/integrations/terraform-provider-github/issues/253)) * `resource/github_team_membership`: Validation of `team_id` ([#253](https://github.com/integrations/terraform-provider-github/issues/253)) @@ -670,7 +650,6 @@ BUG FIXES: * `resource/github_repository_collaborator`: `username` property is now case insensitive [[#241](https://github.com/integrations/terraform-provider-github/issues/241)) * `resource/github_team_membership`: `username` property is now case insensitive ([#241](https://github.com/integrations/terraform-provider-github/issues/241)) - ## 2.1.0 (May 15, 2019) ENHANCEMENTS: @@ -753,7 +732,6 @@ BUG FIXES: * `resource/github_repository_deploy_key`: Avoid spurious diff of `key` ([#132](https://github.com/integrations/terraform-provider-github/issues/132)) * `resource/github_repository_webhook`: Avoid spurious diff of `secret` ([#133](https://github.com/integrations/terraform-provider-github/issues/133)) - ## 1.1.0 (May 11, 2018) FEATURES: diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 3a64696bc2..5b0ac72362 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,7 +55,7 @@ a project may be further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at opensource@github.com. All +reported by contacting the project team at . All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. @@ -68,9 +68,9 @@ members of the project's leadership. ## Attribution This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +available at [homepage]: https://www.contributor-covenant.org For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq + diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4362bb2970..f0619a7df5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -13,8 +13,9 @@ Before submitting an issue or a pull request, please search the repository for e 1. Fork and clone the repository. 2. Create a new branch: `git switch -c my-branch-name`. 3. Make your change, add tests, and make sure the tests still pass. -4. Push to your fork and submit a pull request. -5. Pat yourself on the back and wait for your pull request to be reviewed and merged. +4. Make sure the documentation has been updated, and run `make generatedocs`. +5. Push to your fork and submit a pull request. +6. Pat yourself on the back and wait for your pull request to be reviewed and merged. Here are a few things you can do that will increase the likelihood of your pull request being accepted: diff --git a/GNUmakefile b/GNUmakefile index 4d39de3b47..0a0392b9a4 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -1,10 +1,11 @@ SWEEP?=repositories,teams PKG_NAME=github TEST?=./$(PKG_NAME)/... -WEBSITE_REPO=github.com/hashicorp/terraform-website COVERAGEARGS?=-race -coverprofile=coverage.txt -covermode=atomic +RUMDL_ARGS?=--output-format text + # VARIABLE REFERENCE: # # Test-specific variables: @@ -28,7 +29,6 @@ endif default: build tools: - go install github.com/client9/misspell/cmd/misspell@v0.3.4 go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.0 build: lintcheck @@ -66,22 +66,21 @@ sweep: @echo "WARNING: This will destroy infrastructure. Use only in development accounts." go test $(TEST) -v -sweep=$(SWEEP) $(SWEEPARGS) -website: -ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) - echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..." - git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO) -endif - @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) +generatedocs: + @go generate ./... -website-lint: - @echo "==> Checking website against linters..." - @misspell -error -source=text website/ +fmtdocs: + @rumdl fmt --fix . -website-test: -ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) - echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..." - git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO) -endif - @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) +lintdocs: + @rumdl check $(RUMDL_ARGS) . + @go tool tfplugindocs validate + +checkdocs: generatedocs + @git diff --quiet ||\ + { echo "New file modification detected in the Git working tree. Please check in before commit."; git --no-pager diff --name-only | uniq | awk '{print " - " $$0}'; \ + if [ "${CI}" = true ]; then\ + exit 1;\ + fi;} -.PHONY: build test testacc fmt lint lintcheck tools website website-lint website-test sweep +.PHONY: tools build fmt lint lintcheck test testacc sweep generatedocs fmtdocs lintdocs checkdocs diff --git a/README.md b/README.md index 197c6a6bf0..3605aee51b 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,21 @@ -Terraform Provider GitHub -========================= +# Terraform Provider GitHub - +| | | - - -This project is used to manipulate GitHub resources (repositories, teams, files, etc.) using Terraform. Its Terraform Registry page can be found [here](https://registry.terraform.io/providers/integrations/github/). +This project is used to manipulate GitHub resources (repositories, teams, files, etc.) using Terraform; it can be found in the [Terraform Registry](https://registry.terraform.io/providers/integrations/github). ## Requirements -- [Terraform](https://www.terraform.io/downloads.html) 0.10.x -- [Go](https://golang.org/doc/install) 1.24.x (to build the provider plugin) +- [Terraform](https://www.terraform.io/downloads.html) 1.x +- [Go](https://golang.org/doc/install) 1.24.x (to build the provider plugin) ## Usage -Detailed documentation for the GitHub provider can be found [here](https://registry.terraform.io/providers/integrations/github). +Detailed documentation for the GitHub provider can be found in the [Terraform Registry](https://registry.terraform.io/providers/integrations/github). ## Contributing -Detailed documentation for contributing to the GitHub provider can be found [here](CONTRIBUTING.md). +Detailed documentation for contributing to the GitHub provider can be found in the [contributing guide](CONTRIBUTING.md). ## Roadmap diff --git a/RELEASE.md b/RELEASE.md index 1384bf3e01..1844a3424c 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,4 +1,4 @@ -## Release Flow +# Release Flow The release process uses GitHub Actions and [`goreleaser`](https://github.com/goreleaser/goreleaser) to build, sign, and upload provider binaries to a GitHub release. Release are triggered by a tag with the pattern `v*` (e.g. `v1.2.3`); these tags may only be created from the default branch (`main`) or branches that match the pattern `release-v*`. diff --git a/SECURITY.md b/SECURITY.md index 798d64bce9..b83f8bf3b7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,5 @@ +# Security Policy + If you discover a security issue in this repo, please submit it through the [GitHub Security Bug Bounty](https://hackerone.com/github) Thanks for helping make this project safe for everyone. diff --git a/docs.go b/docs.go new file mode 100644 index 0000000000..3548321d4f --- /dev/null +++ b/docs.go @@ -0,0 +1,10 @@ +package main + +// Format Terraform code for use in documentation. +//go:generate terraform fmt -recursive examples/ + +// Generate documentation. +//go:generate go tool github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs generate --rendered-provider-name=GitHub + +// Check for misspellings in documentation. +//go:generate go tool github.com/client9/misspell/cmd/misspell -error -i "docs/**/*.md" diff --git a/docs/data-sources/actions_environment_public_key.md b/docs/data-sources/actions_environment_public_key.md new file mode 100644 index 0000000000..7d4283825f --- /dev/null +++ b/docs/data-sources/actions_environment_public_key.md @@ -0,0 +1,28 @@ +--- +page_title: "github_actions_environment_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Actions Environment Public Key. +--- + +# github_actions_environment_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Actions public key of a specific environment. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve the action public keys of it's environments. + +## Example Usage + +```terraform +data "github_actions_environment_public_key" "example" { + repository = "example_repo" + environment = "example_environment" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. +- `environment` - (Required) Name of the environment to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/actions_environment_secrets.md b/docs/data-sources/actions_environment_secrets.md new file mode 100644 index 0000000000..06f0989ba3 --- /dev/null +++ b/docs/data-sources/actions_environment_secrets.md @@ -0,0 +1,27 @@ +--- +page_title: "github_actions_environment_secrets (Data Source) - GitHub" +description: |- + Get Actions secrets of the repository environment +--- + +# github\_actions\_environment\_secrets + +Use this data source to retrieve the list of secrets of the repository environment. + +## Example Usage + +```terraform +data "github_actions_environment_secrets" "example" { + name = "exampleRepo" + environment = "exampleEnvironment" +} +``` + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the environment + - `name` - Name of the secret + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/actions_environment_variables.md b/docs/data-sources/actions_environment_variables.md new file mode 100644 index 0000000000..a5076bf32e --- /dev/null +++ b/docs/data-sources/actions_environment_variables.md @@ -0,0 +1,28 @@ +--- +page_title: "github_actions_environment_variables (Data Source) - GitHub" +description: |- + Get Actions variables of the repository environment +--- + +# github\_actions\_environment\_variables + +Use this data source to retrieve the list of variables of the repository environment. + +## Example Usage + +```terraform +data "github_actions_environment_variables" "example" { + name = "exampleRepo" + environment = "exampleEnvironment" +} +``` + +## Argument Reference + +## Attributes Reference + +- `variables` - list of variables for the environment + - `name` - Name of the variable + - `value` - Value of the variable + - `created_at` - Timestamp of the variable creation + - `updated_at` - Timestamp of the variable last update diff --git a/docs/data-sources/actions_organization_oidc_subject_claim_customization_template.md b/docs/data-sources/actions_organization_oidc_subject_claim_customization_template.md new file mode 100644 index 0000000000..f67d5f083d --- /dev/null +++ b/docs/data-sources/actions_organization_oidc_subject_claim_customization_template.md @@ -0,0 +1,22 @@ +--- +page_title: "github_actions_organization_oidc_subject_claim_customization_template (Data Source) - GitHub" +description: |- + Get a GitHub Actions organization OpenID Connect customization template +--- + +# actions_organization_oidc_subject_claim_customization_template + +Use this data source to retrieve the OpenID Connect subject claim customization template for an organization + +## Example Usage + +```terraform +data "github_actions_organization_oidc_subject_claim_customization_template" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `include_claim_keys` - The list of OpenID Connect claim keys. diff --git a/docs/data-sources/actions_organization_public_key.md b/docs/data-sources/actions_organization_public_key.md new file mode 100644 index 0000000000..5078afdff5 --- /dev/null +++ b/docs/data-sources/actions_organization_public_key.md @@ -0,0 +1,20 @@ +--- +page_title: "github_actions_organization_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Actions Organization Public Key. +--- + +# github_actions_organization_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Actions Organization public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an organization to retrieve it's action public key. + +## Example Usage + +```terraform +data "github_actions_organization_public_key" "example" {} +``` + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/actions_organization_registration_token.md b/docs/data-sources/actions_organization_registration_token.md new file mode 100644 index 0000000000..1d7a958c1d --- /dev/null +++ b/docs/data-sources/actions_organization_registration_token.md @@ -0,0 +1,23 @@ +--- +page_title: "github_actions_organization_registration_token (Data Source) - GitHub" +description: |- + Get a GitHub Actions organization registration token. +--- + +# actions_registration_token + +Use this data source to retrieve a GitHub Actions organization registration token. This token can then be used to register a self-hosted runner. + +## Example Usage + +```terraform +data "github_actions_organization_registration_token" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `token` - The token that has been retrieved. +- `expires_at` - The token expiration date. diff --git a/docs/data-sources/actions_organization_secrets.md b/docs/data-sources/actions_organization_secrets.md new file mode 100644 index 0000000000..5a2fd5ccf7 --- /dev/null +++ b/docs/data-sources/actions_organization_secrets.md @@ -0,0 +1,26 @@ +--- +page_title: "github_actions_organization_secrets (Data Source) - GitHub" +description: |- + Get actions secrets of the organization +--- + +# github\_actions\_organization\_secrets + +Use this data source to retrieve the list of secrets of the organization. + +## Example Usage + +```terraform +data "github_actions_organization_secrets" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/actions_organization_variables.md b/docs/data-sources/actions_organization_variables.md new file mode 100644 index 0000000000..9af1d95f9f --- /dev/null +++ b/docs/data-sources/actions_organization_variables.md @@ -0,0 +1,27 @@ +--- +page_title: "github_actions_organization_variables (Data Source) - GitHub" +description: |- + Get Actions variables of the organization +--- + +# github\_actions\_organization\_variables + +Use this data source to retrieve the list of variables of the organization. + +## Example Usage + +```terraform +data "github_actions_organization_variables" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `variables` - list of variables for the repository + - `name` - Name of the variable + - `value` - Value of the variable + - `visibility` - Visibility of the variable + - `created_at` - Timestamp of the variable creation + - `updated_at` - Timestamp of the variable last update diff --git a/docs/data-sources/actions_public_key.md b/docs/data-sources/actions_public_key.md new file mode 100644 index 0000000000..9c96f273be --- /dev/null +++ b/docs/data-sources/actions_public_key.md @@ -0,0 +1,26 @@ +--- +page_title: "github_actions_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Actions Public Key. +--- + +# github_actions_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Actions public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve it's action public key. + +## Example Usage + +```terraform +data "github_actions_public_key" "example" { + repository = "example_repo" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/actions_registration_token.md b/docs/data-sources/actions_registration_token.md new file mode 100644 index 0000000000..9e03c70d91 --- /dev/null +++ b/docs/data-sources/actions_registration_token.md @@ -0,0 +1,26 @@ +--- +page_title: "github_actions_registration_token (Data Source) - GitHub" +description: |- + Get a GitHub Actions repository registration token. +--- + +# actions_registration_token + +Use this data source to retrieve a GitHub Actions repository registration token. This token can then be used to register a self-hosted runner. + +## Example Usage + +```terraform +data "github_actions_registration_token" "example" { + repository = "example_repo" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to get a GitHub Actions registration token for. + +## Attributes Reference + +- `token` - The token that has been retrieved. +- `expires_at` - The token expiration date. diff --git a/docs/data-sources/actions_repository_oidc_subject_claim_customization_template.md b/docs/data-sources/actions_repository_oidc_subject_claim_customization_template.md new file mode 100644 index 0000000000..953b637c36 --- /dev/null +++ b/docs/data-sources/actions_repository_oidc_subject_claim_customization_template.md @@ -0,0 +1,26 @@ +--- +page_title: "github_actions_repository_oidc_subject_claim_customization_template (Data Source) - GitHub" +description: |- + Get a GitHub Actions repository's OpenID Connect customization template +--- + +# actions_repository_oidc_subject_claim_customization_template + +Use this data source to retrieve the OpenID Connect subject claim customization template for a repository + +## Example Usage + +```terraform +data "github_actions_repository_oidc_subject_claim_customization_template" "example" { + name = "example_repository" +} +``` + +## Argument Reference + +- `name` - (Required) Name of the repository to get the OpenID Connect subject claim customization template for. + +## Attributes Reference + +- `use_default` - Whether the repository uses the default template. +- `include_claim_keys` - The list of OpenID Connect claim keys. diff --git a/docs/data-sources/actions_secrets.md b/docs/data-sources/actions_secrets.md new file mode 100644 index 0000000000..24d489f488 --- /dev/null +++ b/docs/data-sources/actions_secrets.md @@ -0,0 +1,29 @@ +--- +page_title: "github_actions_secrets (Data Source) - GitHub" +description: |- + Get actions secrets for a repository +--- + +# github\_actions\_secrets + +Use this data source to retrieve the list of secrets for a GitHub repository. + +## Example Usage + +```terraform +data "github_actions_secrets" "example" { + name = "example" +} +``` + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/actions_variables.md b/docs/data-sources/actions_variables.md new file mode 100644 index 0000000000..0e9b2d176f --- /dev/null +++ b/docs/data-sources/actions_variables.md @@ -0,0 +1,30 @@ +--- +page_title: "github_actions_variables (Data Source) - GitHub" +description: |- + Get Actions variables for a repository +--- + +# github\_actions\_variables + +Use this data source to retrieve the list of variables for a GitHub repository. + +## Example Usage + +```terraform +data "github_actions_variables" "example" { + name = "example" +} +``` + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `variables` - list of variables for the repository + - `name` - Name of the variable + - `value` - Value of the variable + - `created_at` - Timestamp of the variable creation + - `updated_at` - Timestamp of the variable last update diff --git a/docs/data-sources/app.md b/docs/data-sources/app.md new file mode 100644 index 0000000000..9db371e0ac --- /dev/null +++ b/docs/data-sources/app.md @@ -0,0 +1,33 @@ +--- +page_title: "github_app (Data Source) - GitHub" +description: |- + Get information about an app. +--- + +# github\_app + +Use this data source to retrieve information about an app. + +## Example Usage + +```terraform +data "github_app" "foobar" { + slug = "foobar" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `slug` - (Required) The URL-friendly name of your GitHub App. + +## Attribute Reference + +The following additional attributes are exported: + +- `description` - The app's description. + +- `name` - The app's full name. + +- `node_id` - The Node ID of the app. diff --git a/docs/data-sources/app_token.md b/docs/data-sources/app_token.md new file mode 100644 index 0000000000..180b8c8f53 --- /dev/null +++ b/docs/data-sources/app_token.md @@ -0,0 +1,35 @@ +--- +page_title: "github_app_token (Data Source) - GitHub" +description: |- + Generate a GitHub APP JWT. +--- + +# github\_app\_token + +Use this data source to generate a [GitHub App JWT](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app). + +## Example Usage + +```terraform +data "github_app_token" "this" { + app_id = "123456" + installation_id = "78910" + pem_file = file("foo/bar.pem") +} +``` + +## Argument Reference + +The following arguments are supported: + +- `app_id` - (Required) This is the ID of the GitHub App. + +- `installation_id` - (Required) This is the ID of the GitHub App installation. + +- `pem_file` - (Required) This is the contents of the GitHub App private key PEM file. + +## Attribute Reference + +The following additional attributes are exported: + +- `token` - The generated GitHub APP JWT. diff --git a/docs/data-sources/branch.md b/docs/data-sources/branch.md new file mode 100644 index 0000000000..4a8a4b28d7 --- /dev/null +++ b/docs/data-sources/branch.md @@ -0,0 +1,36 @@ +--- +page_title: "github_branch (Data Source) - GitHub" +description: |- + Get information about a repository branch. +--- + +# github\_branch + +Use this data source to retrieve information about a repository branch. + +## Example Usage + +```terraform +data "github_branch" "development" { + repository = "example" + branch = "development" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. + +- `branch` - (Required) The repository branch to retrieve. + +## Attribute Reference + +The following additional attributes are exported: + +- `etag` - An etag representing the Branch object. + +- `ref` - A string representing a branch reference, in the form of `refs/heads/`. + +- `sha` - A string storing the reference's `HEAD` commit's SHA1. diff --git a/docs/data-sources/branch_protection_rules.md b/docs/data-sources/branch_protection_rules.md new file mode 100644 index 0000000000..ebe48542fe --- /dev/null +++ b/docs/data-sources/branch_protection_rules.md @@ -0,0 +1,29 @@ +--- +page_title: "github_branch_protection_rules (Data Source) - GitHub" +description: |- + Get information about a repository branch protection rules. +--- + +# github\_branch\_protection\_rules + +Use this data source to retrieve a list of repository branch protection rules. + +## Example Usage + +```terraform +data "github_branch_protection_rules" "example" { + repository = "example" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. + +## Attribute Reference + +- `rules` - Collection of Branch Protection Rules. Each of the results conforms to the following scheme: + + - `pattern` - Identifies the protection rule pattern. diff --git a/docs/data-sources/codespaces_organization_public_key.md b/docs/data-sources/codespaces_organization_public_key.md new file mode 100644 index 0000000000..4c612cb17f --- /dev/null +++ b/docs/data-sources/codespaces_organization_public_key.md @@ -0,0 +1,20 @@ +--- +page_title: "github_codespaces_organization_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Codespaces Organization Public Key. +--- + +# github_codespaces_organization_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Codespaces Organization public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an organization to retrieve it's Codespaces public key. + +## Example Usage + +```terraform +data "github_codespaces_organization_public_key" "example" {} +``` + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/codespaces_organization_secrets.md b/docs/data-sources/codespaces_organization_secrets.md new file mode 100644 index 0000000000..ff7d2e5ea5 --- /dev/null +++ b/docs/data-sources/codespaces_organization_secrets.md @@ -0,0 +1,26 @@ +--- +page_title: "github_codespaces_organization_secrets (Data Source) - GitHub" +description: |- + Get codespaces secrets of the organization +--- + +# github\_codespaces\_organization\_secrets + +Use this data source to retrieve the list of codespaces secrets of the organization. + +## Example Usage + +```terraform +data "github_codespaces_organization_secrets" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/codespaces_public_key.md b/docs/data-sources/codespaces_public_key.md new file mode 100644 index 0000000000..7bfc4fc514 --- /dev/null +++ b/docs/data-sources/codespaces_public_key.md @@ -0,0 +1,26 @@ +--- +page_title: "github_codespaces_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Codespaces Public Key. +--- + +# github_codespaces_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Codespaces public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve it's Codespaces public key. + +## Example Usage + +```terraform +data "github_codespaces_public_key" "example" { + repository = "example_repo" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/codespaces_secrets.md b/docs/data-sources/codespaces_secrets.md new file mode 100644 index 0000000000..5d80942573 --- /dev/null +++ b/docs/data-sources/codespaces_secrets.md @@ -0,0 +1,33 @@ +--- +page_title: "github_codespaces_secrets (Data Source) - GitHub" +description: |- + Get codespaces secrets for a repository +--- + +# github\_codespaces\_secrets + +Use this data source to retrieve the list of codespaces secrets for a GitHub repository. + +## Example Usage + +```terraform +data "github_codespaces_secrets" "example" { + name = "example_repository" +} + +data "github_codespaces_secrets" "example_2" { + full_name = "org/example_repository" +} +``` + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `secrets` - list of codespaces secrets for the repository + - `name` - Secret name + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/codespaces_user_public_key.md b/docs/data-sources/codespaces_user_public_key.md new file mode 100644 index 0000000000..29ef9a0b06 --- /dev/null +++ b/docs/data-sources/codespaces_user_public_key.md @@ -0,0 +1,20 @@ +--- +page_title: "github_codespaces_user_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Codespaces User Public Key. +--- + +# github_codespaces_user_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Codespaces User public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an user to retrieve it's Codespaces public key. + +## Example Usage + +```terraform +data "github_codespaces_user_public_key" "example" {} +``` + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/codespaces_user_secrets.md b/docs/data-sources/codespaces_user_secrets.md new file mode 100644 index 0000000000..fc95178354 --- /dev/null +++ b/docs/data-sources/codespaces_user_secrets.md @@ -0,0 +1,26 @@ +--- +page_title: "github_codespaces_user_secrets (Data Source) - GitHub" +description: |- + Get codespaces secrets of the user +--- + +# github\_codespaces\_user\_secrets + +Use this data source to retrieve the list of codespaces secrets of the user. + +## Example Usage + +```terraform +data "github_codespaces_user_secrets" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/collaborators.md b/docs/data-sources/collaborators.md new file mode 100644 index 0000000000..532a7d762a --- /dev/null +++ b/docs/data-sources/collaborators.md @@ -0,0 +1,68 @@ +--- +page_title: "github_collaborators (Data Source) - GitHub" +description: |- + Get the collaborators for a given repository. +--- + +# github_collaborators (Data Source) + +Use this data source to retrieve the collaborators for a given repository. + +## Example Usage + +```terraform +data "github_collaborators" "test" { + owner = "example_owner" + repository = "example_repository" +} +``` + +## Arguments Reference + +- `owner` - (Required) The organization that owns the repository. + +- `repository` - (Required) The name of the repository. + +- `affiliation` - (Optional) Filter collaborators returned by their affiliation. Can be one of: `outside`, `direct`, `all`. Defaults to `all`. + +- `permission` - (Optional) Filter collaborators returned by their permission. Can be one of: `pull`, `triage`, `push`, `maintain`, `admin`. Defaults to not doing any filtering on permission. + +## Attributes Reference + +- `collaborator` - An Array of GitHub collaborators. Each `collaborator` block consists of the fields documented below. + +--- + +The `collaborator` block consists of: + +- `login` - The collaborator's login. + +- `id` - The ID of the collaborator. + +- `url` - The GitHub API URL for the collaborator. + +- `html_url` - The GitHub HTML URL for the collaborator. + +- `followers_url` - The GitHub API URL for the collaborator's followers. + +- `following_url` - The GitHub API URL for those following the collaborator. + +- `gists_url` - The GitHub API URL for the collaborator's gists. + +- `starred_url` - The GitHub API URL for the collaborator's starred repositories. + +- `subscriptions_url` - The GitHub API URL for the collaborator's subscribed repositories. + +- `organizations_url` - The GitHub API URL for the collaborator's organizations. + +- `repos_url` - The GitHub API URL for the collaborator's repositories. + +- `events_url` - The GitHub API URL for the collaborator's events. + +- `received_events_url` - The GitHub API URL for the collaborator's received events. + +- `type` - The type of the collaborator (ex. `user`). + +- `site_admin` - Whether the user is a GitHub admin. + +- `permission` - The permission of the collaborator. diff --git a/docs/data-sources/dependabot_organization_public_key.md b/docs/data-sources/dependabot_organization_public_key.md new file mode 100644 index 0000000000..14e52b4b87 --- /dev/null +++ b/docs/data-sources/dependabot_organization_public_key.md @@ -0,0 +1,20 @@ +--- +page_title: "github_dependabot_organization_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Dependabot Organization Public Key. +--- + +# github_dependabot_organization_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Dependabot Organization public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an organization to retrieve it's Dependabot public key. + +## Example Usage + +```terraform +data "github_dependabot_organization_public_key" "example" {} +``` + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/dependabot_organization_secrets.md b/docs/data-sources/dependabot_organization_secrets.md new file mode 100644 index 0000000000..c3fe6da2a4 --- /dev/null +++ b/docs/data-sources/dependabot_organization_secrets.md @@ -0,0 +1,26 @@ +--- +page_title: "github_dependabot_organization_secrets (Data Source) - GitHub" +description: |- + Get dependabot secrets of the organization +--- + +# github\_dependabot\_organization\_secrets + +Use this data source to retrieve the list of dependabot secrets of the organization. + +## Example Usage + +```terraform +data "github_dependabot_organization_secrets" "example" { +} +``` + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/dependabot_public_key.md b/docs/data-sources/dependabot_public_key.md new file mode 100644 index 0000000000..9540c60c2d --- /dev/null +++ b/docs/data-sources/dependabot_public_key.md @@ -0,0 +1,26 @@ +--- +page_title: "github_dependabot_public_key (Data Source) - GitHub" +description: |- + Get information on a GitHub Dependabot Public Key. +--- + +# github_dependabot_public_key (Data Source) + +Use this data source to retrieve information about a GitHub Dependabot public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve it's Dependabot public key. + +## Example Usage + +```terraform +data "github_dependabot_public_key" "example" { + repository = "example_repo" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/docs/data-sources/dependabot_secrets.md b/docs/data-sources/dependabot_secrets.md new file mode 100644 index 0000000000..68d4b79818 --- /dev/null +++ b/docs/data-sources/dependabot_secrets.md @@ -0,0 +1,29 @@ +--- +page_title: "github_dependabot_secrets (Data Source) - GitHub" +description: |- + Get dependabot secrets for a repository +--- + +# github\_dependabot\_secrets + +Use this data source to retrieve the list of dependabot secrets for a GitHub repository. + +## Example Usage + +```terraform +data "github_dependabot_secrets" "example" { + name = "example" +} +``` + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `secrets` - list of dependabot secrets for the repository + - `name` - Secret name + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/docs/data-sources/enterprise.md b/docs/data-sources/enterprise.md new file mode 100644 index 0000000000..b9e1cf9d4d --- /dev/null +++ b/docs/data-sources/enterprise.md @@ -0,0 +1,27 @@ +--- +page_title: "github_enterprise (Data Source) - GitHub" +description: |- + Get an enterprise. +--- + +# github_enterprise (Data Source) + +Use this data source to retrieve basic information about a GitHub enterprise. + +## Example Usage + +```hcl +data "github_enterprise" "example" { + slug = "example-co" +} +``` + +## Attributes Reference + +- `id` - The ID of the enterprise. +- `database_id` - The database ID of the enterprise. +- `slug` - The URL slug identifying the enterprise. +- `name` - The name of the enterprise. +- `description` - The description of the enterprise. +- `created_at` - The time the enterprise was created. +- `url` - The url for the enterprise. diff --git a/docs/data-sources/external_groups.md b/docs/data-sources/external_groups.md new file mode 100644 index 0000000000..1974238b02 --- /dev/null +++ b/docs/data-sources/external_groups.md @@ -0,0 +1,37 @@ +--- +page_title: "github_external_groups (Data Source) - GitHub" +description: |- + Retrieve external groups belonging to an organization. +--- + +# github\_external\_groups + +Use this data source to retrieve external groups belonging to an organization. + +## Example Usage + +```terraform +data "github_external_groups" "example_external_groups" {} + +locals { + local_groups = data.github_external_groups.example_external_groups +} + +output "groups" { + value = local.local_groups +} +``` + +## Argument Reference + +N/A. This resource will retrieve all the external groups belonging to an organization. + +## Attributes Reference + +- `external_groups` - an array of external groups belonging to the organization. Each group consists of the fields documented below. + +--- + +- `group_id` - the ID of the group. +- `group_name` - the name of the group. +- `updated_at` - the date the group was last updated. diff --git a/docs/data-sources/ip_ranges.md b/docs/data-sources/ip_ranges.md new file mode 100644 index 0000000000..09cf60448a --- /dev/null +++ b/docs/data-sources/ip_ranges.md @@ -0,0 +1,45 @@ +--- +page_title: "github_ip_ranges (Data Source) - GitHub" +description: |- + Get information on GitHub's IP addresses. +--- + +# github_ip_ranges (Data Source) + +Use this data source to retrieve information about GitHub's IP addresses. + +## Example Usage + +```terraform +data "github_ip_ranges" "test" {} +``` + +## Attributes Reference + +- `actions` - An array of IP addresses in CIDR format specifying the addresses that incoming requests from GitHub actions will originate from. +- `actions_ipv4` - A subset of the `actions` array that contains IP addresses in IPv4 CIDR format. +- `actions_ipv6` - A subset of the `actions` array that contains IP addresses in IPv6 CIDR format. +- `dependabot` - An array of IP addresses in CIDR format specifying the A records for dependabot. +- `dependabot_ipv4` - A subset of the `dependabot` array that contains IP addresses in IPv4 CIDR format. +- `dependabot_ipv6` - A subset of the `dependabot` array that contains IP addresses in IPv6 CIDR format. +- `hooks` - An Array of IP addresses in CIDR format specifying the addresses that incoming service hooks will originate from. +- `hooks_ipv4` - A subset of the `hooks` array that contains IP addresses in IPv4 CIDR format. +- `hooks_ipv6` - A subset of the `hooks` array that contains IP addresses in IPv6 CIDR format. +- `git` - An Array of IP addresses in CIDR format specifying the Git servers. +- `git_ipv4` - A subset of the `git` array that contains IP addresses in IPv4 CIDR format. +- `git_ipv6` - A subset of the `git` array that contains IP addresses in IPv6 CIDR format. +- `web` - An Array of IP addresses in CIDR format for GitHub Web. +- `web_ipv4` - A subset of the `web` array that contains IP addresses in IPv4 CIDR format. +- `web_ipv6` - A subset of the `web` array that contains IP addresses in IPv6 CIDR format. +- `api` - An Array of IP addresses in CIDR format for the GitHub API. +- `api_ipv4` - A subset of the `api` array that contains IP addresses in IPv4 CIDR format. +- `api_ipv6` - A subset of the `api` array that contains IP addresses in IPv6 CIDR format. +- `packages` - An Array of IP addresses in CIDR format specifying the A records for GitHub Packages. +- `packages_ipv4` - A subset of the `packages` array that contains IP addresses in IPv4 CIDR format. +- `packages_ipv6` - A subset of the `packages` array that contains IP addresses in IPv6 CIDR format. +- `pages` - An Array of IP addresses in CIDR format specifying the A records for GitHub Pages. +- `pages_ipv4` - A subset of the `pages` array that contains IP addresses in IPv4 CIDR format. +- `pages_ipv6` - A subset of the `pages` array that contains IP addresses in IPv6 CIDR format. +- `importer` - An Array of IP addresses in CIDR format specifying the A records for GitHub Importer. +- `importer_ipv4` - A subset of the `importer` array that contains IP addresses in IPv4 CIDR format. +- `importer_ipv6` - A subset of the `importer` array that contains IP addresses in IPv6 CIDR format. diff --git a/docs/data-sources/issue_labels.md b/docs/data-sources/issue_labels.md new file mode 100644 index 0000000000..643bc0b972 --- /dev/null +++ b/docs/data-sources/issue_labels.md @@ -0,0 +1,29 @@ +--- +page_title: "github_issue_labels (Data Source) - GitHub" +description: |- + Get the labels for a given repository. +--- + +# github_issue_labels (Data Source) + +Use this data source to retrieve the labels for a given repository. + +## Example Usage + +```terraform +data "github_labels" "test" { + repository = "example_repository" +} +``` + +## Arguments Reference + +- `repository` - (Required) The name of the repository. + +## Attributes Reference + +- `labels` - The list of this repository's labels. Each element of `labels` has the following attributes: + - `name` - The name of the label. + - `color` - The hexadecimal color code for the label, without the leading #. + - `description` - A short description of the label. + - `url` - The URL of the label. diff --git a/docs/data-sources/membership.md b/docs/data-sources/membership.md new file mode 100644 index 0000000000..4bb9284f27 --- /dev/null +++ b/docs/data-sources/membership.md @@ -0,0 +1,30 @@ +--- +page_title: "github_membership (Data Source) - GitHub" +description: |- + Get information on user membership in an organization. +--- + +# github_membership (Data Source) + +Use this data source to find out if a user is a member of your organization, as well as what role they have within it. If the user's membership in the organization is pending their acceptance of an invite, the role they would have once they accept will be returned. + +## Example Usage + +```terraform +data "github_membership" "membership_for_some_user" { + username = "SomeUser" +} +``` + +## Argument Reference + +- `username` - (Required) The username to lookup in the organization. + +- `organization` - (Optional) The organization to check for the above username. + +## Attributes Reference + +- `username` - The username. +- `role` - `admin` or `member` -- the role the user has within the organization. +- `etag` - An etag representing the membership object. +- `state` - `active` or `pending` -- the state of membership within the organization. `active` if the member has accepted the invite, or `pending` if the invite is still pending. diff --git a/docs/data-sources/organization.md b/docs/data-sources/organization.md new file mode 100644 index 0000000000..def786ba5d --- /dev/null +++ b/docs/data-sources/organization.md @@ -0,0 +1,58 @@ +--- +page_title: "github_organization (Data Source) - GitHub" +description: |- + Get an organization. +--- + +# github_organization (Data Source) + +Use this data source to retrieve basic information about a GitHub Organization. + +## Example Usage + +```terraform +data "github_organization" "example" { + name = "github" +} +``` + +## Argument Reference + +- `name` - (Required) The name of the organization. +- `ignore_archived_repos` - (Optional) Whether or not to include archived repos in the `repositories` list. Defaults to `false`. +- `summary_only` - (Optional) Exclude the repos, members and other attributes from the returned result. Defaults to `false`. + +## Attributes Reference + +- `id` - The ID of the organization +- `node_id` - GraphQL global node ID for use with the v4 API +- `name` - The organization's public profile name +- `orgname` - The organization's name as used in URLs and the API +- `login` - The organization account login +- `description` - The organization account description +- `plan` - The organization account plan name +- `repositories` - (`list`) A list of the full names of the repositories in the organization formatted as `owner/name` strings +- `members` - **Deprecated**: use `users` instead by replacing `github_organization.example.members` to `github_organization.example.users[*].login` which will give you the same value, expect this field to be removed in next major version +- `users` - (`list`) A list with the members of the organization with following fields: + - `id` - The ID of the member + - `login` - The members login + - `email` - Publicly available email + - `role` - Member role `ADMIN`, `MEMBER` +- `two_factor_requirement_enabled` - Whether two-factor authentication is required for all members of the organization. +- `default_repository_permission` - Default permission level members have for organization repositories. +- `members_allowed_repository_creation_type` - The type of repository allowed to be created by members of the organization. Can be one of `ALL`, `PUBLIC`, `PRIVATE`, `NONE`. +- `members_can_create_repositories` - Whether non-admin organization members can create repositories. +- `members_can_create_internal_repositories` - Whether organization members can create internal repositories. +- `members_can_create_private_repositories` - Whether organization members can create private repositories. +- `members_can_create_public_repositories` - Whether organization members can create public repositories. +- `members_can_create_pages` - Whether organization members can create pages sites. +- `members_can_create_public_pages` - Whether organization members can create public pages sites. +- `members_can_create_private_pages` - Whether organization members can create private pages sites. +- `members_can_fork_private_repositories` - Whether organization members can create private repository forks. +- `web_commit_signoff_required` - Whether organization members must sign all commits. +- `advanced_security_enabled_for_new_repositories` - Whether advanced security is enabled for new repositories. +- `dependabot_alerts_enabled_for_new_repositories` - Whether Dependabot alerts is automatically enabled for new repositories. +- `dependabot_security_updates_enabled_for_new_repositories` - Whether Dependabot security updates is automatically enabled for new repositories. +- `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. +- `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. +- `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. diff --git a/docs/data-sources/organization_custom_properties.md b/docs/data-sources/organization_custom_properties.md new file mode 100644 index 0000000000..1564509fd7 --- /dev/null +++ b/docs/data-sources/organization_custom_properties.md @@ -0,0 +1,39 @@ +--- +page_title: "github_organization_custom_properties (Data Source) - GitHub" +description: |- + Get information about a GitHub organization custom property +--- + +# github_organization_custom_properties (Data Source) + +Use this data source to retrieve information about a GitHub organization custom property. + +## Example Usage + +```terraform +data "github_organization_custom_properties" "environment" { + property_name = "environment" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `property_name` - (Required) The name of the custom property to retrieve. + +## Attributes Reference + +- `property_name` - The name of the custom property. + +- `value_type` - The type of the custom property. Can be one of `string`, `single_select`, `multi_select`, or `true_false`. + +- `required` - Whether the custom property is required. + +- `description` - The description of the custom property. + +- `default_value` - The default value of the custom property. + +- `allowed_values` - List of allowed values for the custom property. Only populated when `value_type` is `single_select` or `multi_select`. + +- `values_editable_by` - Who can edit the values of the custom property. Can be one of `org_actors` or `org_and_repo_actors`. diff --git a/docs/data-sources/organization_custom_role.md b/docs/data-sources/organization_custom_role.md new file mode 100644 index 0000000000..e04339b9c5 --- /dev/null +++ b/docs/data-sources/organization_custom_role.md @@ -0,0 +1,36 @@ +--- +page_title: "github_organization_custom_role (Data Source) - GitHub" +description: |- + Get a custom role from a GitHub Organization for use in repositories. +--- + +# github\_organization\_custom\_role + +~> **Note:*- This data source is deprecated, please use the `github_organization_repository_role` data source instead. + +Use this data source to retrieve information about a custom role in a GitHub Organization. + +~> Note: Custom roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +data "github_organization_custom_role" "example" { + name = "example" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the custom role. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the custom role. +- `description` - The description for the custom role. +- `base_role` - The system role from which the role inherits permissions. +- `permissions` - A list of additional permissions included in this role. diff --git a/docs/data-sources/organization_external_identities.md b/docs/data-sources/organization_external_identities.md new file mode 100644 index 0000000000..02456099e1 --- /dev/null +++ b/docs/data-sources/organization_external_identities.md @@ -0,0 +1,45 @@ +--- +page_title: "github_organization_external_identities (Data Source) - GitHub" +description: |- + Get a list of organization members and their SAML linked external identity NameID +--- + +# github_organization_external_identities (Data Source) + +Use this data source to retrieve each organization member's SAML or SCIM user attributes. + +## Example Usage + +```terraform +data "github_organization_external_identities" "all" {} +``` + +## Attributes Reference + +- `identities` - An Array of identities returned from GitHub + +--- + +Each element in the `identities` block consists of: + +- `login` - The username of the GitHub user +- `saml_identity` - An Object containing the user's SAML data. This object will be empty if the user is not managed by SAML. +- `scim_identity` - An Object contining the user's SCIM data. This object will be empty if the user is not managed by SCIM. + +--- + +If a user is managed by SAML, the `saml_identity` object will contain: + +- `name_id` - The member's SAML NameID +- `username` - The member's SAML Username +- `family_name` - The member's SAML Family Name +- `given_name` - The member's SAML Given Name + +--- + +If a user is managed by SCIM, the `scim_identity` object will contain: + +- `username` - The member's SCIM Username. (will be empty string if user is not managed by SCIM) +- `groups` - The member's SCIM Groups +- `family_name` - The member's SCIM Family Name +- `given_name` - The member's SCIM Given Name diff --git a/docs/data-sources/organization_ip_allow_list.md b/docs/data-sources/organization_ip_allow_list.md new file mode 100644 index 0000000000..ea3984ea0b --- /dev/null +++ b/docs/data-sources/organization_ip_allow_list.md @@ -0,0 +1,30 @@ +--- +page_title: "github_organization_ip_allow_list (Data Source) - GitHub" +description: |- + Get the IP allow list of an organization. +--- + +# github_organization_ip_allow_list (Data Source) + +Use this data source to retrieve information about the IP allow list of an organization. The allow list for IP addresses will block access to private resources via the web, API, and Git from any IP addresses that are not on the allow list. + +## Example Usage + +```terraform +data "github_organization_ip_allow_list" "all" {} +``` + +## Attributes Reference + +- `ip_allow_list` - An Array of allowed IP addresses. + +--- + +Each element in the `ip_allow_list` block consists of: + +- `id` - The ID of the IP allow list entry. +- `name` - The name of the IP allow list entry. +- `allow_list_value` - A single IP address or range of IP addresses in CIDR notation. +- `is_active` - Whether the entry is currently active. +- `created_at` - Identifies the date and time when the object was created. +- `updated_at` - Identifies the date and time when the object was last updated. diff --git a/docs/data-sources/organization_repository_role.md b/docs/data-sources/organization_repository_role.md new file mode 100644 index 0000000000..596342c5b8 --- /dev/null +++ b/docs/data-sources/organization_repository_role.md @@ -0,0 +1,32 @@ +--- +page_title: "github_organization_repository_role (Data Source) - GitHub" +description: |- + Lookup a custom organization repository role. +--- + +# github_organization_repository_role (Data Source) + +Lookup a custom organization repository role. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +data "github_organization_repository_role" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization repository role. + +### Read-Only + +- `name` (String) The name of the organization repository role. +- `description` (String) The description of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/docs/data-sources/organization_repository_roles.md b/docs/data-sources/organization_repository_roles.md new file mode 100644 index 0000000000..ea436cce8d --- /dev/null +++ b/docs/data-sources/organization_repository_roles.md @@ -0,0 +1,34 @@ +--- +page_title: "github_organization_repository_roles (Data Source) - GitHub" +description: |- + Lookup all custom repository roles in an organization. +--- + +# github_organization_repository_roles (Data Source) + +Lookup all custom repository roles in an organization. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +data "github_organization_repository_roles" "example" { +} +``` + +## Schema + +### Read-Only + +- `roles` (Set of Object, see [schema](#nested-schema-for-roles)) Available organization repository roles. + +## Nested Schema for `roles` + +### Read-Only + +- `role_id` (Number) The ID of the organization repository role. +- `name` (String) The name of the organization repository role. +- `description` (String) The description of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/docs/data-sources/organization_role.md b/docs/data-sources/organization_role.md new file mode 100644 index 0000000000..9eb8d25c05 --- /dev/null +++ b/docs/data-sources/organization_role.md @@ -0,0 +1,31 @@ +--- +page_title: "github_organization_role (Data Source) - GitHub" +description: |- + Lookup a custom organization role. +--- + +# github_organization_role (Data Source) + +Lookup a custom organization role. + +## Example Usage + +```terraform +data "github_organization_role" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `name` (String) The name of the organization role. +- `description` (String) The description of the organization role. +- `source` (String) The source of this role; one of `Predefined`, `Organization`, or `Enterprise`. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/docs/data-sources/organization_role_teams.md b/docs/data-sources/organization_role_teams.md new file mode 100644 index 0000000000..0d6e957a30 --- /dev/null +++ b/docs/data-sources/organization_role_teams.md @@ -0,0 +1,36 @@ +--- +page_title: "github_organization_role_teams (Data Source) - GitHub" +description: |- + Lookup all teams assigned to a custom organization role. +--- + +# github_organization_role_teams (Data Source) + +Lookup all teams assigned to a custom organization role. + +## Example Usage + +```terraform +data "github_organization_role_teams" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `teams` (Set of Object, see [schema](#nested-schema-for-teams)) Teams assigned to the organization role. + +## Nested Schema for `teams` + +### Read-Only + +- `team_id` (Number) The ID of the team. +- `slug` (String) The Slug of the team name. +- `name` (String) The name of the team. +- `permission` (String) The permission that the team will have for its repositories. diff --git a/docs/data-sources/organization_role_users.md b/docs/data-sources/organization_role_users.md new file mode 100644 index 0000000000..f2d799038c --- /dev/null +++ b/docs/data-sources/organization_role_users.md @@ -0,0 +1,34 @@ +--- +page_title: "github_organization_role_users (Data Source) - GitHub" +description: |- + Lookup all users assigned to a custom organization role. +--- + +# github_organization_role_users (Data Source) + +Lookup all users assigned to a custom organization role. + +## Example Usage + +```terraform +data "github_organization_role_users" "example" { + role_id = 1234 +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `users` (Set of Object, see [schema](#nested-schema-for-users)) Users assigned to the organization role. + +## Nested Schema for `users` + +### Read-Only + +- `user_id` (Number) The ID of the user. +- `login` (String) The login for the GitHub user account. diff --git a/docs/data-sources/organization_roles.md b/docs/data-sources/organization_roles.md new file mode 100644 index 0000000000..0ed41aaee8 --- /dev/null +++ b/docs/data-sources/organization_roles.md @@ -0,0 +1,33 @@ +--- +page_title: "github_organization_roles (Data Source) - GitHub" +description: |- + Lookup all custom roles in an organization. +--- + +# github_organization_roles (Data Source) + +Lookup all custom roles in an organization. + +## Example Usage + +```terraform +data "github_organization_roles" "example" { +} +``` + +## Schema + +### Read-Only + +- `roles` (Set of Object, see [schema](#nested-schema-for-roles)) Available organization roles. + +## Nested Schema for `roles` + +### Read-Only + +- `role_id` (Number) The ID of the organization role. +- `name` (String) The name of the organization role. +- `description` (String) The description of the organization role. +- `source` (String) The source of this role; one of `Predefined`, `Organization`, or `Enterprise`. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/docs/data-sources/organization_security_managers.md b/docs/data-sources/organization_security_managers.md new file mode 100644 index 0000000000..e3a5d101ec --- /dev/null +++ b/docs/data-sources/organization_security_managers.md @@ -0,0 +1,30 @@ +--- +page_title: "github_organization_security_managers (Data Source) - GitHub" +description: |- + Get the security managers for an organization. +--- + +# github_organization_security_managers (Data Source) + +~> **Note:*- This data source is deprecated, please use the `github_organization_role_team` resource instead. + +Use this data source to retrieve the security managers for an organization. + +## Example Usage + +```terraform +data "github_organization_security_managers" "test" {} +``` + +## Attributes Reference + +- `teams` - An list of GitHub teams. Each `team` block consists of the fields documented below. + +---___ + +The `team` block consists of: + +- `id` - Unique identifier of the team. +- `slug` - Name based identifier of the team. +- `name` - Name of the team. +- `permission` - Permission that the team will have for its repositories. diff --git a/docs/data-sources/organization_team_sync_groups.md b/docs/data-sources/organization_team_sync_groups.md new file mode 100644 index 0000000000..c3a23f7aff --- /dev/null +++ b/docs/data-sources/organization_team_sync_groups.md @@ -0,0 +1,29 @@ +--- +page_title: "github_organization_team_sync_groups (Data Source) - GitHub" +description: |- + Get the external identity provider (IdP) groups for an organization. +--- + +# github_organization_team_sync_groups (Data Source) + +Use this data source to retrieve the identity provider (IdP) groups for an organization. + +## Example Usage + +```terraform +data "github_organization_team_sync_groups" "test" {} +``` + +## Attributes Reference + +- `groups` - An Array of GitHub Identity Provider Groups. Each `group` block consists of the fields documented below. + +--- + +The `group` block consists of: + +- `group_id` - The ID of the IdP group. + +- `group_name` - The name of the IdP group. + +- `group_description` - The description of the IdP group. diff --git a/docs/data-sources/organization_teams.md b/docs/data-sources/organization_teams.md new file mode 100644 index 0000000000..2b9855e99b --- /dev/null +++ b/docs/data-sources/organization_teams.md @@ -0,0 +1,48 @@ +--- +page_title: "github_organization_teams (Data Source) - GitHub" +description: |- + Get information on all GitHub teams of an organization. +--- + +# github\_organization\_teams + +Use this data source to retrieve information about all GitHub teams in an organization. + +## Example Usage + +To retrieve *all- teams of the organization: + +```terraform +data "github_organization_teams" "all" {} +``` + +To retrieve only the team's at the root of the organization: + +```terraform +data "github_organization_teams" "root_teams" { + root_teams_only = true +} +``` + +## Attributes Reference + +- `teams` - (Required) An Array of GitHub Teams. Each `team` block consists of the fields documented below. +- `root_teams_only` - (Optional) Only return teams that are at the organization's root, i.e. no nested teams. Defaults to `false`. +- `summary_only` - (Optional) Exclude the members and repositories of the team from the returned result. Defaults to `false`. +- `results_per_page` - (Optional) Set the number of results per graphql query. Reducing this number can alleviate timeout errors. Accepts a value between 0 - 100. Defaults to `100`. + +--- + +The `team` block consists of: + +- `id` - The ID of the team. +- `node_id` - The Node ID of the team. +- `slug` - The slug of the team. +- `name` - The team's full name. +- `description` - The team's description. +- `privacy` - The team's privacy type. +- `members` - List of team members. Not returned if `summary_only = true` +- `repositories` - List of team repositories. Not returned if `summary_only = true` +- `parent_team_id` - The ID of the parent team, if there is one. +- `parent_team_slug` - The slug of the parent team, if there is one. +- `parent` - (**DEPRECATED**) The parent team, use `parent_team_id` or `parent_team_slug` instead. diff --git a/docs/data-sources/organization_webhooks.md b/docs/data-sources/organization_webhooks.md new file mode 100644 index 0000000000..48d161c00a --- /dev/null +++ b/docs/data-sources/organization_webhooks.md @@ -0,0 +1,31 @@ +--- +page_title: "github_organization_webhooks (Data Source) - GitHub" +description: |- + Get information on all GitHub webhooks of the organization. +--- + +# github\_organization\_webhooks + +Use this data source to retrieve all webhooks of the organization. + +## Example Usage + +To retrieve *all- webhooks of the organization: + +```terraform +data "github_organization_webhooks" "all" {} +``` + +## Attributes Reference + +- `webhooks` - An Array of GitHub Webhooks. Each `webhook` block consists of the fields documented below. + +--- + +The `webhook` block consists of: + +- `id` - the ID of the webhook. +- `type` - the type of the webhook. +- `name` - the name of the webhook. +- `url` - the url of the webhook. +- `active` - `true` if the webhook is active. diff --git a/docs/data-sources/ref.md b/docs/data-sources/ref.md new file mode 100644 index 0000000000..e5c980896b --- /dev/null +++ b/docs/data-sources/ref.md @@ -0,0 +1,39 @@ +--- +page_title: "github_ref (Data Source) - GitHub" +description: |- + Get information about a repository ref. +--- + +# github_ref (Data Source) + +Use this data source to retrieve information about a repository ref. + +## Example Usage + +```terraform +data "github_ref" "development" { + owner = "example" + repository = "example" + ref = "heads/development" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `owner` - (Required) Owner of the repository. + +- `repository` - (Required) The GitHub repository name. + +- `ref` - (Required) The repository ref to look up. Must be formatted `heads/` for branches, and `tags/` for tags. + +## Attribute Reference + +The following additional attributes are exported: + +- `etag` - An etag representing the ref. + +- `id` - A string storing a reference to the repository name and ref. + +- `sha` - A string storing the reference's `HEAD` commit's SHA1. diff --git a/docs/data-sources/release.md b/docs/data-sources/release.md new file mode 100644 index 0000000000..84944f819b --- /dev/null +++ b/docs/data-sources/release.md @@ -0,0 +1,85 @@ +--- +page_title: "github_release (Data Source) - GitHub" +description: |- + Get information on a GitHub release. +--- + +# github\_release + +Use this data source to retrieve information about a GitHub release in a specific repository. + +## Example Usage + +To retrieve the latest release that is present in a repository: + +```terraform +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "latest" +} +``` + +To retrieve a specific release from a repository based on its ID: + +```terraform +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "id" + id = 12345 +} +``` + +Finally, to retrieve a release based on its tag: + +```terraform +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "tag" + release_tag = "v1.0.0" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the release from. + +- `owner` - (Required) Owner of the repository. + +- `retrieve_by` - (Required) Describes how to fetch the release. Valid values are `id`, `tag`, `latest`. + +- `release_id` - (Optional) ID of the release to retrieve. Must be specified when `retrieve_by` = `id`. + +- `release_tag` - (Optional) Tag of the release to retrieve. Must be specified when `retrieve_by` = `tag`. + +## Attributes Reference + +- `release_tag` - Tag of release +- `release_id` - ID of release +- `target_commitish` - Commitish value that determines where the Git release is created from +- `name` - Name of release +- `body` - Contents of the description (body) of a release +- `draft` - (`Boolean`) indicates whether the release is a draft +- `prerelease` - (`Boolean`) indicates whether the release is a prerelease +- `created_at` - Date of release creation +- `published_at` - Date of release publishing +- `url` - Base URL of the release +- `html_url` - URL directing to detailed information on the release +- `assets_url` - URL of any associated assets with the release +- `asserts_url` - **Deprecated**: Use `assets_url` resource instead +- `upload_url` - URL that can be used to upload Assets to the release +- `zipball_url` - Download URL of a specific release in `zip` format +- `tarball_url` - Download URL of a specific release in `tar.gz` format +- `assets` - Collection of assets for the release. Each asset conforms to the following schema: + - `id` - ID of the asset + - `url` - URL of the asset + - `node_id` - Node ID of the asset + - `name` - The file name of the asset + - `label` - Label for the asset + - `content_type` - MIME type of the asset + - `size` - Size in byte + - `created_at` - Date the asset was created + - `updated_at` - Date the asset was last updated + - `browser_download_url` - Browser download URL diff --git a/docs/data-sources/release_asset.md b/docs/data-sources/release_asset.md new file mode 100644 index 0000000000..3111c4a47a --- /dev/null +++ b/docs/data-sources/release_asset.md @@ -0,0 +1,86 @@ +--- +page_title: "github_release_asset (Data Source) - GitHub" +description: |- + Get information on a GitHub release asset. +--- + +# github\_release\_asset + +Use this data source to retrieve information about a GitHub release asset. + +## Example Usage + +To retrieve a specific release asset from a repository based on its ID: + +```terraform +data "github_release_asset" "example" { + repository = "example-repository" + owner = "example-owner" + asset_id = 12345 +} +``` + +To retrieve a specific release asset from a repository, and download the file into a `file` attribute on the data source: + +```terraform +data "github_release_asset" "example" { + repository = "example-repository" + owner = "example-owner" + asset_id = 12345 + download_file = true +} +``` + +To retrieve the first release asset associated with the latest release in a repository: + +```terraform +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "latest" +} + +data "github_release_asset" "example" { + repository = "example-repository" + owner = "example-owner" + asset_id = data.github_release.example.assets[0].id +} +``` + +To retrieve all release assets associated with the the latest release in a repository: + +```terraform +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "latest" +} + +data "github_release_asset" "example" { + count = length(data.github_release.example.assets) + repository = "example-repository" + owner = "example-owner" + asset_id = data.github_release.example.assets[count.index].id +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the release from +- `owner` - (Required) Owner of the repository +- `asset_id` - (Required) ID of the release asset to retrieve +- `download_file_contents` - (Optional) Whether to download the asset file content into the `file_contents` attribute (defaults to `false`) + +## Attributes Reference + +- `id` - ID of the asset +- `url` - URL of the asset +- `node_id` - Node ID of the asset +- `name` - The file name of the asset +- `label` - Label for the asset +- `content_type` - MIME type of the asset +- `size` - Asset size in bytes +- `created_at` - Date the asset was created +- `updated_at` - Date the asset was last updated +- `browser_download_url` - Browser URL from which the release asset can be downloaded +- `file_contents` - The base64-encoded release asset file contents (requires `download_file_contents` to be `true`) diff --git a/docs/data-sources/repositories.md b/docs/data-sources/repositories.md new file mode 100644 index 0000000000..e0baf03773 --- /dev/null +++ b/docs/data-sources/repositories.md @@ -0,0 +1,35 @@ +--- +page_title: "github_repositories (Data Source) - GitHub" +description: |- + Search for GitHub repositories +--- + +# github_repositories (Data Source) + +-> **Note:*- The data source will return a maximum of `1000` repositories [as documented in official API docs](https://developer.github.com/v3/search/#about-the-search-api). + +Use this data source to retrieve a list of GitHub repositories using a search query. + +## Example Usage + +```terraform +data "github_repositories" "example" { + query = "org:hashicorp language:Go" + include_repo_id = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `query` - (Required) Search query. See [documentation for the search syntax](https://help.github.com/articles/understanding-the-search-syntax/). +- `sort` - (Optional) Sorts the repositories returned by the specified attribute. Valid values include `stars`, `fork`, and `updated`. Defaults to `updated`. +- `include_repo_id` - (Optional) Returns a list of found repository IDs +- `results_per_page` - (Optional) Set the number of repositories requested per API call. Can be useful to decrease if requests are timing out or to increase to reduce the number of API calls. Defaults to 100. + +## Attributes Reference + +- `full_names` - A list of full names of found repositories (e.g. `hashicorp/terraform`) +- `names` - A list of found repository names (e.g. `terraform`) +- `repo_ids` - (Optional) A list of found repository IDs (e.g. `449898861`) diff --git a/docs/data-sources/repository.md b/docs/data-sources/repository.md new file mode 100644 index 0000000000..edfdebbbf1 --- /dev/null +++ b/docs/data-sources/repository.md @@ -0,0 +1,129 @@ +--- +page_title: "github_repository (Data Source) - GitHub" +description: |- + Get details about GitHub repository +--- + +# github_repository (Data Source) + +Use this data source to retrieve information about a GitHub repository. + +## Example Usage + +```terraform +data "github_repository" "example" { + full_name = "hashicorp/terraform" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Optional) The name of the repository. + +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `node_id` - the Node ID of the repository. + +- `description` - A description of the repository. + +- `homepage_url` - URL of a page describing the project. + +- `private` - Whether the repository is private. + +- `visibility` - Whether the repository is public, private or internal. + +- `has_issues` - Whether the repository has GitHub Issues enabled. + +- `has_discussions` - Whether the repository has GitHub Discussions enabled. + +- `has_projects` - Whether the repository has the GitHub Projects enabled. + +- `has_wiki` - Whether the repository has the GitHub Wiki enabled. + +- `is_template` - Whether the repository is a template repository. + +- `fork` - Whether the repository is a fork. + +- `allow_merge_commit` - Whether the repository allows merge commits. + +- `allow_squash_merge` - Whether the repository allows squash merges. + +- `allow_rebase_merge` - Whether the repository allows rebase merges. + +- `allow_auto_merge` - Whether the repository allows auto-merging pull requests. + +- `allow_forking` - Whether the repository allows private forking; this is only relevant if the repository is owned by an organization and is private or internal. + +- `squash_merge_commit_title` - The default value for a squash merge commit title. + +- `squash_merge_commit_message` - The default value for a squash merge commit message. + +- `merge_commit_title` - The default value for a merge commit title. + +- `merge_commit_message` - The default value for a merge commit message. + +- `has_downloads` - (**DEPRECATED**) Whether the repository has Downloads feature enabled. This attribute is no longer in use, but it hasn't been removed yet. It will be removed in a future version. See [this discussion](https://github.com/orgs/community/discussions/102145#discussioncomment-8351756). + +- `default_branch` - The name of the default branch of the repository. + +- `primary_language` - The primary language used in the repository. + +- `archived` - Whether the repository is archived. + +- `pages` - The repository's GitHub Pages configuration. + +- `topics` - The list of topics of the repository. + +- `template` - The repository source template configuration. + +- `html_url` - URL to the repository on the web. + +- `ssh_clone_url` - URL that can be provided to `git clone` to clone the repository via SSH. + +- `http_clone_url` - URL that can be provided to `git clone` to clone the repository via HTTPS. + +- `git_clone_url` - URL that can be provided to `git clone` to clone the repository anonymously via the git protocol. + +- `svn_url` - URL that can be provided to `svn checkout` to check out the repository via GitHub's Subversion protocol emulation. + +- `node_id` - GraphQL global node id for use with v4 API + +- `repo_id` - GitHub ID for the repository + +- `repository_license` - An Array of GitHub repository licenses. Each `repository_license` block consists of the fields documented below. + +--- + +The `repository_license` block consists of: + +- `content` - Content of the license file, encoded by encoding scheme mentioned below. +- `download_url` - The URL to download the raw content of the license file. +- `encoding` - The encoding used for the content (e.g., "base64"). +- `git_url` - The URL to access information about the license file as a Git blob. +- `html_url` - The URL to view the license file on GitHub. +- `license` - `license` block consists of the fields documented below. +- `name` - The name of the license file (e.g., "LICENSE"). +- `path` - The path to the license file within the repository. +- `sha` - The SHA hash of the license file. +- `size` - The size of the license file in bytes. +- `type` - The type of the content, (e.g., "file"). +- `url` - The URL to access information about the license file on GitHub. + +The `license` block consists of: + +- `body` - The text of the license. +- `conditions` - Conditions associated with the license. +- `description` - A description of the license. +- `featured` - Indicates if the license is featured. +- `html_url` - The URL to view the license details on GitHub. +- `implementation` - Details about the implementation of the license. +- `key` - A key representing the license type (e.g., "apache-2.0"). +- `limitations` - Limitations associated with the license. +- `name` - The name of the license (e.g., "Apache License 2.0"). +- `permissions` - Permissions associated with the license. +- `spdx_id` - The SPDX identifier for the license (e.g., "Apache-2.0"). +- `url` - The URL to access information about the license on GitHub. diff --git a/docs/data-sources/repository_autolink_references.md b/docs/data-sources/repository_autolink_references.md new file mode 100644 index 0000000000..4c01bbff30 --- /dev/null +++ b/docs/data-sources/repository_autolink_references.md @@ -0,0 +1,28 @@ +--- +page_title: "github_repository_autolink_references (Data Source) - GitHub" +description: |- + Get autolink references for a Github repository. +--- + +# github_repository_autolink_references (Data Source) + +Use this data source to retrieve autolink references for a repository. + +## Example Usage + +```terraform +data "github_repository_autolink_references" "example" { + repository = "example-repository" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the autolink references from. + +## Attributes Reference + +- `autolink_references` - The list of this repository's autolink references. Each element of `autolink_references` has the following attributes: + - `key_prefix` - Key prefix. + - `target_url_template` - Target url template. + - `is_alphanumeric` - True if alphanumeric. diff --git a/docs/data-sources/repository_branches.md b/docs/data-sources/repository_branches.md new file mode 100644 index 0000000000..bc809e0f38 --- /dev/null +++ b/docs/data-sources/repository_branches.md @@ -0,0 +1,31 @@ +--- +page_title: "github_repository_branches (Data Source) - GitHub" +description: |- + Get information on a GitHub repository's branches. +--- + +# github_repository_branches (Data Source) + +Use this data source to retrieve information about branches in a repository. + +## Example Usage + +```terraform +data "github_repository_branches" "example" { + repository = "example-repository" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the branches from. + +- `only_protected_branches` - (Optional). If true, the `branches` attributes will be populated only with protected branches. Default: `false`. + +- `only_non_protected_branches` - (Optional). If true, the `branches` attributes will be populated only with non protected branches. Default: `false`. + +## Attributes Reference + +- `branches` - The list of this repository's branches. Each element of `branches` has the following attributes: + - `name` - Name of the branch. + - `protected` - Whether the branch is protected. diff --git a/docs/data-sources/repository_custom_properties.md b/docs/data-sources/repository_custom_properties.md new file mode 100644 index 0000000000..60a3f6b588 --- /dev/null +++ b/docs/data-sources/repository_custom_properties.md @@ -0,0 +1,27 @@ +--- +page_title: "github_repository_custom_properties (Data Source) - GitHub" +description: |- + Get all custom properties of a repository +--- + +# github_repository_custom_properties (Data Source) + +Use this data source to retrieve all custom properties of a repository. + +## Example Usage + +```terraform +data "github_repository_custom_properties" "example" { + repository = "example-repository" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the custom properties from. + +## Attributes Reference + +- `property` - The list of this repository's custom properties. Each element of `property` has the following attributes: + - `property_name` - Name of the property + - `property_value` - Value of the property diff --git a/docs/data-sources/repository_deploy_keys.md b/docs/data-sources/repository_deploy_keys.md new file mode 100644 index 0000000000..94ac3f9d3c --- /dev/null +++ b/docs/data-sources/repository_deploy_keys.md @@ -0,0 +1,29 @@ +--- +page_title: "github_repository_deploy_keys (Data Source) - GitHub" +description: |- + Get all deploy keys of a repository +--- + +# github_repository_deploy_keys (Data Source) + +Use this data source to retrieve all deploy keys of a repository. + +## Example Usage + +```terraform +data "github_repository_deploy_keys" "example" { + repository = "example-repository" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the branches from. + +## Attributes Reference + +- `keys` - The list of this repository's deploy keys. Each element of `keys` has the following attributes: + - `id` - Key id + - `title` - Key title + - `key` - Key itself + - `verified` - `true` if the key was verified. diff --git a/docs/data-sources/repository_deployment_branch_policies.md b/docs/data-sources/repository_deployment_branch_policies.md new file mode 100644 index 0000000000..f3b952f8bf --- /dev/null +++ b/docs/data-sources/repository_deployment_branch_policies.md @@ -0,0 +1,32 @@ +--- +page_title: "github_repository_deployment_branch_policies (Data Source) - GitHub" +description: |- + Get the list of deployment branch policies for a given repo / env. +--- + +# github_repository_deployment_branch_policies (Data Source) + +~> **Note:*- This data source is deprecated, please use the `github_repository_environment_deployment_policies` data source instead. + +Use this data source to retrieve deployment branch policies for a repository / environment. + +## Example Usage + +```terraform +data "github_repository_deployment_branch_policies" "example" { + repository = "example-repository" + environment_name = "env_name" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the deployment branch policies from. + +- `environment_name` - (Required) Name of the environment to retrieve the deployment branch policies from. + +## Attributes Reference + +- `deployment_branch_policies` - The list of this repository / environment deployment policies. Each element of `deployment_branch_policies` has the following attributes: + - `id` - Id of the policy. + - `name` - The name pattern that branches must match in order to deploy to the environment. diff --git a/docs/data-sources/repository_environment_deployment_policies.md b/docs/data-sources/repository_environment_deployment_policies.md new file mode 100644 index 0000000000..d71d717492 --- /dev/null +++ b/docs/data-sources/repository_environment_deployment_policies.md @@ -0,0 +1,30 @@ +--- +page_title: "github_repository_environment_deployment_policies (Data Source) - GitHub" +description: |- + Get the list of environment deployment policies for a given repository environment. +--- + +# github_repository_environment_deployment_policies (Data Source) + +Use this data source to retrieve deployment branch policies for a repository environment. + +## Example Usage + +```terraform +data "github_repository_environment_deployment_policies" "example" { + repository = "example-repository" + environment = "env-name" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the deployment branch policies from. + +- `environment` - (Required) Name of the environment to retrieve the deployment branch policies from. + +## Attributes Reference + +- `policies` - The list of deployment policies for the repository environment. Each element of `policies` has the following attributes: + - `type` - Type of the policy; this could be `branch` or `tag`. + - `pattern` - The pattern that branch or tag names must match in order to deploy to the environment. diff --git a/docs/data-sources/repository_environments.md b/docs/data-sources/repository_environments.md new file mode 100644 index 0000000000..4f922e8baf --- /dev/null +++ b/docs/data-sources/repository_environments.md @@ -0,0 +1,27 @@ +--- +page_title: "github_repository_environments (Data Source) - GitHub" +description: |- + Get information on a GitHub repository's environments. +--- + +# github_repository_environments (Data Source) + +Use this data source to retrieve information about environments for a repository. + +## Example Usage + +```terraform +data "github_repository_environments" "example" { + repository = "example-repository" +} +``` + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the environments from. + +## Attributes Reference + +- `environments` - The list of this repository's environments. Each element of `environments` has the following attributes: + - `name` - Environment name. + - `node_id` - Environment node id. diff --git a/docs/data-sources/repository_file.md b/docs/data-sources/repository_file.md new file mode 100644 index 0000000000..9b59757879 --- /dev/null +++ b/docs/data-sources/repository_file.md @@ -0,0 +1,47 @@ +--- +page_title: "github_repository_file (Data Source) - GitHub" +description: |- + Reads files within a GitHub repository +--- + +# github_repository_file (Data Source) + +This data source allows you to read files within a GitHub repository. + +## Example Usage + +```terraform +data "github_repository_file" "foo" { + repository = github_repository.foo.name + branch = "main" + file = ".gitignore" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository to read the file from. If an unqualified repo name (without an owner) is passed, the owner will be inferred from the owner of the token used to execute the plan. If a name of the type "owner/repo" (with a slash in the middle) is passed, the owner will be as specified and not the owner of the token. + +- `file` - (Required) The path of the file to read. + +- `branch` - (Optional) Git branch. Defaults to the repository's default branch. + +## Attributes Reference + +The following additional attributes are exported: + +- `content` - The file content. + +- `commit_sha` - The SHA of the commit that modified the file. + +- `sha` - The SHA blob of the file. + +- `commit_author` - Committer author name. + +- `commit_email` - Committer email address. + +- `commit_message` - Commit message when file was last updated. + +- `ref` - The name of the commit/branch/tag. diff --git a/docs/data-sources/repository_milestone.md b/docs/data-sources/repository_milestone.md new file mode 100644 index 0000000000..13e138b0cd --- /dev/null +++ b/docs/data-sources/repository_milestone.md @@ -0,0 +1,34 @@ +--- +page_title: "github_repository_milestone (Data Source) - GitHub" +description: |- + Get information on a GitHub Repository Milestone. +--- + +# github_repository_milestone (Data Source) + +Use this data source to retrieve information about a specific GitHub milestone in a repository. + +## Example Usage + +```terraform +data "github_repository_milestone" "example" { + owner = "example-owner" + repository = "example-repository" + number = 1 +} +``` + +## Argument Reference + +- `owner` - (Required) Owner of the repository. + +- `repository` - (Required) Name of the repository to retrieve the milestone from. + +- `number` - (Required) The number of the milestone. + +## Attributes Reference + +- `description` - Description of the milestone. +- `due_date` - The milestone due date (in ISO-8601 `yyyy-mm-dd` format). +- `state` - State of the milestone. +- `title` - Title of the milestone. diff --git a/docs/data-sources/repository_pull_request.md b/docs/data-sources/repository_pull_request.md new file mode 100644 index 0000000000..97c4715eb3 --- /dev/null +++ b/docs/data-sources/repository_pull_request.md @@ -0,0 +1,56 @@ +--- +page_title: "github_repository_pull_request (Data Source) - GitHub" +description: |- + Get information on a single GitHub Pull Request. +--- + +# github_repository_pull_request (Data Source) + +Use this data source to retrieve information about a specific GitHub Pull Request in a repository. + +## Example Usage + +```terraform +data "github_repository_pull_request" "example" { + base_repository = "example_repository" + number = 1 +} +``` + +## Argument Reference + +- `base_repository` - (Required) Name of the base repository to retrieve the Pull Request from. + +- `number` - (Required) The number of the Pull Request within the repository. + +- `owner` - (Optional) Owner of the repository. If not provided, the provider's default owner is used. + +## Attributes Reference + +- `base_ref` - Name of the ref (branch) of the Pull Request base. + +- `base_sha` - Head commit SHA of the Pull Request base. + +- `body` - Body of the Pull Request. + +- `draft` - Indicates Whether this Pull Request is a draft. + +- `head_owner` - Owner of the Pull Request head repository. + +- `head_repository` - Name of the Pull Request head repository. + +- `head_sha` - Head commit SHA of the Pull Request head. + +- `labels` - List of label names set on the Pull Request. + +- `maintainer_can_modify` - Indicates whether the base repository maintainers can modify the Pull Request. + +- `opened_at` - Unix timestamp indicating the Pull Request creation time. + +- `opened_by` - GitHub login of the user who opened the Pull Request. + +- `state` - the current Pull Request state - can be "open", "closed" or "merged". + +- `title` - The title of the Pull Request. + +- `updated_at` - The timestamp of the last Pull Request update. diff --git a/docs/data-sources/repository_pull_requests.md b/docs/data-sources/repository_pull_requests.md new file mode 100644 index 0000000000..ac2fb21cd2 --- /dev/null +++ b/docs/data-sources/repository_pull_requests.md @@ -0,0 +1,73 @@ +--- +page_title: "github_repository_pull_requests (Data Source) - GitHub" +description: |- + Get information on multiple GitHub Pull Requests. +--- + +# github_repository_pull_requests (Data Source) + +Use this data source to retrieve information about multiple GitHub Pull Requests in a repository. + +## Example Usage + +```terraform +data "github_repository_pull_requests" "example" { + base_repository = "example-repository" + base_ref = "main" + sort_by = "updated" + sort_direction = "desc" + state = "open" +} +``` + +## Argument Reference + +- `base_repository` - (Required) Name of the base repository to retrieve the Pull Requests from. + +- `owner` - (Optional) Owner of the repository. If not provided, the provider's default owner is used. + +- `base_ref` - (Optional) If set, filters Pull Requests by base branch name. + +- `head_ref` - (Optional) If set, filters Pull Requests by head user or head organization and branch name in the format of "user:ref-name" or "organization:ref-name". For example: "github:new-script-format" or "octocat:test-branch". + +- `sort_by` - (Optional) If set, indicates what to sort results by. Can be either "created", "updated", "popularity" (comment count) or "long-running" (age, filtering by pulls updated in the last month). Default: "created". + +- `sort_direction` - (Optional) If set, controls the direction of the sort. Can be either "asc" or "desc". Default: "asc". + +- `state` - (Optional) If set, filters Pull Requests by state. Can be "open", "closed", or "all". Default: "open". + +## Attributes Reference + +- `results` - Collection of Pull Requests matching the filters. Each of the results conforms to the following scheme: + + - `base_ref` - Name of the ref (branch) of the Pull Request base. + + - `base_sha` - Head commit SHA of the Pull Request base. + + - `body` - Body of the Pull Request. + + - `draft` - Indicates Whether this Pull Request is a draft. + + - `head_owner` - Owner of the Pull Request head repository. + + - `head_ref` - Value of the Pull Request `HEAD` reference. + + - `head_repository` - Name of the Pull Request head repository. + + - `head_sha` - Head commit SHA of the Pull Request head. + + - `labels` - List of label names set on the Pull Request. + + - `maintainer_can_modify` - Indicates whether the base repository maintainers can modify the Pull Request. + + - `number` - The number of the Pull Request within the repository. + + - `opened_at` - Unix timestamp indicating the Pull Request creation time. + + - `opened_by` - GitHub login of the user who opened the Pull Request. + + - `state` - the current Pull Request state - can be "open", "closed" or "merged". + + - `title` - The title of the Pull Request. + + - `updated_at` - The timestamp of the last Pull Request update. diff --git a/docs/data-sources/repository_teams.md b/docs/data-sources/repository_teams.md new file mode 100644 index 0000000000..de8a739bdf --- /dev/null +++ b/docs/data-sources/repository_teams.md @@ -0,0 +1,29 @@ +--- +page_title: "github_repository_teams (Data Source) - GitHub" +description: |- + Get teams which have permission on the given repo. +--- + +# github\_repository\_teams + +Use this data source to retrieve the list of teams which have access to a GitHub repository. + +## Example Usage + +```terraform +data "github_repository_teams" "example" { + name = "example" +} +``` + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `teams` - List of teams which have access to the repository + - `name` - Team name + - `slug` - Team slug + - `permission` - Team permission diff --git a/docs/data-sources/repository_webhooks.md b/docs/data-sources/repository_webhooks.md new file mode 100644 index 0000000000..9087ab06c7 --- /dev/null +++ b/docs/data-sources/repository_webhooks.md @@ -0,0 +1,33 @@ +--- +page_title: "github_repository_webhooks (Data Source) - GitHub" +description: |- + Get information on all GitHub webhooks of the organization. +--- + +# github\_repository\_webhooks + +Use this data source to retrieve webhooks for a given repository. + +## Example Usage + +To retrieve webhooks of a repository: + +```terraform +data "github_repository_webhooks" "repo" { + repository = "foo" +} +``` + +## Attributes Reference + +- `webhooks` - An Array of GitHub Webhooks. Each `webhook` block consists of the fields documented below. + +--- + +The `webhook` block consists of: + +- `id` - the ID of the webhook. +- `type` - the type of the webhook. +- `name` - the name of the webhook. +- `url` - the url of the webhook. +- `active` - `true` if the webhook is active. diff --git a/docs/data-sources/rest_api.md b/docs/data-sources/rest_api.md new file mode 100644 index 0000000000..4927920c95 --- /dev/null +++ b/docs/data-sources/rest_api.md @@ -0,0 +1,29 @@ +--- +page_title: "github_rest_api (Data Source) - GitHub" +description: |- + Get information on a GitHub resource with a custom GET request to GitHub REST API. +--- + +# github_rest_api (Data Source) + +Use this data source to retrieve information about a GitHub resource through REST API. + +## Example Usage + +```terraform +data "github_rest_api" "example" { + endpoint = "repos/example_repo/git/refs/heads/main" +} +``` + +## Argument Reference + +- `endpoint` - (Required) REST API endpoint to send the GET request to. + +## Attributes Reference + +- `id` - The GitHub API Request ID +- `code` - A response status code. +- `status` - A response status string. +- `headers` - A JSON string containing response headers. +- `body` - A JSON string containing response body. diff --git a/docs/data-sources/ssh_keys.md b/docs/data-sources/ssh_keys.md new file mode 100644 index 0000000000..6ab48892f2 --- /dev/null +++ b/docs/data-sources/ssh_keys.md @@ -0,0 +1,19 @@ +--- +page_title: "github_ssh_keys (Data Source) - GitHub" +description: |- + Get information on GitHub's SSH keys. +--- + +# github_ssh_keys (Data Source) + +Use this data source to retrieve information about GitHub's SSH keys. + +## Example Usage + +```terraform +data "github_ssh_keys" "test" {} +``` + +## Attributes Reference + +- `keys` - An array of GitHub's SSH public keys. diff --git a/docs/data-sources/team.md b/docs/data-sources/team.md new file mode 100644 index 0000000000..cc1cde8cb7 --- /dev/null +++ b/docs/data-sources/team.md @@ -0,0 +1,37 @@ +--- +page_title: "github_team (Data Source) - GitHub" +description: |- + Get information on a GitHub team. +--- + +# github\_team + +Use this data source to retrieve information about a GitHub team. + +## Example Usage + +```terraform +data "github_team" "example" { + slug = "example" +} +``` + +## Argument Reference + +- `slug` - (Required) The team slug. +- `membership_type` - (Optional) Type of membership to be requested to fill the list of members. Can be either `all` *(default)- or `immediate`. +- `summary_only` - (Optional) Exclude the members and repositories of the team from the returned result. Defaults to `false`. +- `results_per_page` - (**DEPRECATED**) (Optional) Set the number of results per REST API query. Accepts a value between 0 - 100 *(defaults to `100`)*. + +## Attributes Reference + +- `id` - ID of the team. +- `node_id` - Node ID of the team. +- `name` - Team's full name. +- `description` - Team's description. +- `privacy` - Team's privacy type. Can either be `closed` or `secret`. +- `notification_setting` - Teams's notification setting. Can be either `notifications_enabled` or `notifications_disabled`. +- `permission` - (**DEPRECATED**) The permission that new repositories will be added to the team with when none is specified. +- `members` - List of team members (list of GitHub usernames). Not returned if `summary_only = true`. +- `repositories` - (**DEPRECATED**) List of team repositories (list of repo names). Not returned if `summary_only = true`. +- `repositories_detailed` - List of team repositories (each item comprises of `repo_id`, `repo_name` & [`role_name`](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_repository#permission)). Not returned if `summary_only = true`. diff --git a/docs/data-sources/tree.md b/docs/data-sources/tree.md new file mode 100644 index 0000000000..8dd0ce3985 --- /dev/null +++ b/docs/data-sources/tree.md @@ -0,0 +1,42 @@ +--- +page_title: "github_tree (Data Source) - GitHub" +description: |- + Returns a single tree using the SHA1 value for that tree. +--- + +# github_tree (Data Source) + +Use this data source to retrieve information about a single tree. + +## Example Usage + +```terraform +data "github_repository" "this" { + name = "example" +} + +data "github_branch" "this" { + branch = data.github_repository.this.default_branch + repository = data.github_repository.this.name +} + +data "github_tree" "this" { + recursive = false + repository = data.github_repository.this.name + tree_sha = data.github_branch.this.sha +} + +output "entries" { + value = data.github_tree.this.entries +} +``` + +## Argument Reference + +- `recursive` - (Optional) Setting this parameter to `true` returns the objects or subtrees referenced by the tree specified in `tree_sha`. +- `repository` - (Required) The name of the repository. +- `tree_sha` - (Required) The SHA1 value for the tree. + +## Attributes Reference + +- `entries` - Objects (of `path`, `mode`, `type`, `size`, and `sha`) specifying a tree structure. diff --git a/docs/data-sources/user.md b/docs/data-sources/user.md new file mode 100644 index 0000000000..b5df33a68d --- /dev/null +++ b/docs/data-sources/user.md @@ -0,0 +1,55 @@ +--- +page_title: "github_user (Data Source) - GitHub" +description: |- + Get information on a GitHub user. +--- + +# github\_user + +Use this data source to retrieve information about a GitHub user. + +## Example Usage + +```terraform +# Retrieve information about a GitHub user. +data "github_user" "example" { + username = "example" +} + +# Retrieve information about the currently authenticated user. +data "github_user" "current" { + username = "" +} + +output "current_github_login" { + value = data.github_user.current.login +} +``` + +## Argument Reference + +- `username` - (Required) The username. Use an empty string `""` to retrieve information about the currently authenticated user. + +## Attributes Reference + +- `id` - the ID of the user. +- `node_id` - the Node ID of the user. +- `login` - the user's login. +- `avatar_url` - the user's avatar URL. +- `gravatar_id` - the user's gravatar ID. +- `site_admin` - whether the user is a GitHub admin. +- `name` - the user's full name. +- `company` - the user's company name. +- `blog` - the user's blog location. +- `location` - the user's location. +- `email` - the user's email. +- `gpg_keys` - list of user's GPG keys. +- `ssh_keys` - list of user's SSH keys. +- `bio` - the user's bio. +- `public_repos` - the number of public repositories. +- `public_gists` - the number of public gists. +- `followers` - the number of followers. +- `following` - the number of following users. +- `created_at` - the creation date. +- `updated_at` - the update date. +- `suspended_at` - the suspended date if the user is suspended. diff --git a/docs/data-sources/user_external_identity.md b/docs/data-sources/user_external_identity.md new file mode 100644 index 0000000000..2129e8ac95 --- /dev/null +++ b/docs/data-sources/user_external_identity.md @@ -0,0 +1,46 @@ +--- +page_title: "github_user_external_identity (Data Source) - GitHub" +description: |- + Get a specific organization member's SAML/SCIM linked external identity +--- + +# github_user_external_identity (Data Source) + +Use this data source to retrieve a specific organization member's SAML or SCIM user attributes. + +## Example Usage + +```terraform +data "github_user_external_identity" "example_user" { + username = "example-user" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `username` - (Required) The username of the member to fetch external identity for. + +## Attributes Reference + +- `login` - The username of the GitHub user +- `saml_identity` - An Object containing the user's SAML data. This object will be empty if the user is not managed by SAML. +- `scim_identity` - An Object contining the user's SCIM data. This object will be empty if the user is not managed by SCIM. + +--- + +If a user is managed by SAML, the `saml_identity` object will contain: + +- `name_id` - The member's SAML NameID +- `username` - The member's SAML Username +- `family_name` - The member's SAML Family Name +- `given_name` - The member's SAML Given Name + +--- + +If a user is managed by SCIM, the `scim_identity` object will contain: + +- `scim_username` - The member's SCIM Username. (will be empty string if user is not managed by SCIM) +- `scim_family_name` - The member's SCIM Family Name +- `scim_given_name` - The member's SCIM Given Name diff --git a/docs/data-sources/users.md b/docs/data-sources/users.md new file mode 100644 index 0000000000..e73c35c6e1 --- /dev/null +++ b/docs/data-sources/users.md @@ -0,0 +1,37 @@ +--- +page_title: "github_users (Data Source) - GitHub" +description: |- + Get information about multiple GitHub users. +--- + +# github\_users + +Use this data source to retrieve information about multiple GitHub users at once. + +## Example Usage + +```terraform +# Retrieve information about multiple GitHub users. +data "github_users" "example" { + usernames = ["example1", "example2", "example3"] +} + +output "valid_users" { + value = data.github_users.example.logins +} + +output "invalid_users" { + value = data.github_users.example.unknown_logins +} +``` + +## Argument Reference + +- `usernames` - (Required) List of usernames. + +## Attributes Reference + +- `node_ids` - list of Node IDs of users that could be found. +- `logins` - list of logins of users that could be found. +- `emails` - list of the user's publicly visible profile email (will be empty string in case if user decided not to show it). +- `unknown_logins` - list of logins without matching user. diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000000..adb23a450d --- /dev/null +++ b/docs/index.md @@ -0,0 +1,136 @@ +--- +page_title: "GitHub Provider" +description: |- + The GitHub provider is used to interact with GitHub resources. +--- + +# GitHub Provider + +The GitHub provider is used to interact with GitHub resources. + +The provider allows you to manage your GitHub organization's members and teams easily. It needs to be configured with the proper credentials before it can be used. + +Use the navigation to the left to read about the available resources. + +## Example Usage + +Terraform 0.13 and later: + +```terraform +terraform { + required_providers { + github = { + source = "integrations/github" + version = "~> 6.0" + } + } +} + +# Configure the GitHub Provider +provider "github" {} + +# Add a user to the organization +resource "github_membership" "membership_for_user_x" { + # ... +} +``` + +- You **must*- add a `required_providers` block to every module that will create resources with this provider. If you do not explicitly require `integrations/github` in a submodule, your terraform run may [break in hard-to-troubleshoot ways](https://github.com/integrations/terraform-provider-github/issues/876#issuecomment-1303790559). + +Terraform 0.12 and earlier: + +```terraform +# Configure the GitHub Provider +provider "github" { + version = "~> 5.0" +} + +# Add a user to the organization +resource "github_membership" "membership_for_user_x" { + # ... +} +``` + +~> **Note:*- When upgrading from `hashicorp/github` to `integrations/github`, use `terraform state replace-provider`. Otherwise, Terraform will still require the old provider to interact with the state file. + +## Authentication + +The GitHub provider offers multiple ways to authenticate with GitHub API. + +### GitHub CLI + +The GitHub provider taps into [GitHub CLI](https://cli.github.com/) authentication, where it picks up the token issued by [`gh auth login`](https://cli.github.com/manual/gh_auth_login) command. It is possible to specify the path to the `gh` executable in the `GH_PATH` environment variable, which is useful for when the GitHub Terraform provider can not properly determine its the path to GitHub CLI such as in the cygwin terminal. + +### OAuth / Personal Access Token + +To authenticate using OAuth tokens, ensure that the `token` argument or the `GITHUB_TOKEN` environment variable is set. + +```terraform +provider "github" { + token = var.token # or `GITHUB_TOKEN` +} +``` + +### GitHub App Installation + +To authenticate using a GitHub App installation, ensure that arguments in the `app_auth` block or the `GITHUB_APP_XXX` environment variables are set. The `owner` parameter required in this situation. Leaving out will throw a `403 "Resource not accessible by integration"` error. + +Some API operations may not be available when using a GitHub App installation configuration. For more information, refer to the list of [supported endpoints](https://docs.github.com/en/rest/overview/endpoints-available-for-github-apps). + +```terraform +provider "github" { + owner = var.github_organization + app_auth { + id = var.app_id # or `GITHUB_APP_ID` + installation_id = var.app_installation_id # or `GITHUB_APP_INSTALLATION_ID` + pem_file = var.app_pem_file # or `GITHUB_APP_PEM_FILE` + } +} +``` + +~> **Note:*- When using environment variables, an empty `app_auth` block is required to allow provider configurations from environment variables to be specified. See: + +```terraform +provider "github" { + owner = var.github_organization + app_auth {} # When using `GITHUB_APP_XXX` environment variables +} +``` + +## Argument Reference + +The following arguments are supported in the `provider` block: + +- `token` - (Optional) A GitHub OAuth / Personal Access Token. When not provided or made available via the `GITHUB_TOKEN` environment variable, the provider can only access resources available anonymously. + +- `base_url` - (Optional) This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the `GITHUB_BASE_URL` environment variable. The value must end with a slash, for example: `https://terraformtesting-ghe.westus.cloudapp.azure.com/` + +- `owner` - (Optional) This is the target GitHub organization or individual user account to manage. For example, `torvalds` and `github` are valid owners. It is optional to provide this value and it can also be sourced from the `GITHUB_OWNER` environment variable. When not provided and a `token` is available, the individual user account owning the `token` will be used. When not provided and no `token` is available, the provider may not function correctly. It is required in case of GitHub App Installation. + +- `organization` - (Deprecated) This behaves the same as `owner`, which should be used instead. This value can also be sourced from the `GITHUB_ORGANIZATION` environment variable. + +- `app_auth` - (Optional) Configuration block to use GitHub App installation token. When not provided, the provider can only access resources available anonymously. + - `id` - (Required) This is the ID of the GitHub App. It can sourced from the `GITHUB_APP_ID` environment variable. + - `installation_id` - (Required) This is the ID of the GitHub App installation. It can sourced from the `GITHUB_APP_INSTALLATION_ID` environment variable. + - `pem_file` - (Required) This is the contents of the GitHub App private key PEM file. It can also be sourced from the `GITHUB_APP_PEM_FILE` environment variable and may use `\n` instead of actual new lines. + +- `write_delay_ms` - (Optional) The number of milliseconds to sleep in between write operations in order to satisfy the GitHub API rate limits. Note that requests to the GraphQL API are implemented as `POST` requests under the hood, so this setting affects those calls as well. Defaults to 1000ms or 1 second if not provided. + +- `retry_delay_ms` - (Optional) Amount of time in milliseconds to sleep in between requests to GitHub API after an error response. Defaults to 1000ms or 1 second if not provided, the max_retries must be set to greater than zero. + +- `read_delay_ms` - (Optional) The number of milliseconds to sleep in between non-write operations in order to satisfy the GitHub API rate limits. Defaults to 0ms. + +- `retryable_errors` - (Optional) "Allow the provider to retry after receiving an error status code, the max_retries should be set for this to work. Defaults to [500, 502, 503, 504] + +- `max_retries` - (Optional) Number of times to retry a request after receiving an error status code. Defaults to 3 + +Note: If you have a PEM file on disk, you can pass it in via `pem_file = file("path/to/file.pem")`. + +For backwards compatibility, if more than one of `owner`, `organization`, `GITHUB_OWNER` and `GITHUB_ORGANIZATION` are set, the first in this list takes priority. + +1. Setting `organization` in the GitHub provider configuration. +2. Setting the `GITHUB_ORGANIZATION` environment variable. +3. Setting the `GITHUB_OWNER` environment variable. +4. Setting `owner` in the GitHub provider configuration. + +~> It is a bug that `GITHUB_OWNER` takes precedence over `owner`, which may be fixed in a future major release. For compatibility with future releases, please set only one of `GITHUB_OWNER` and `owner`. diff --git a/docs/resources/actions_environment_secret.md b/docs/resources/actions_environment_secret.md new file mode 100644 index 0000000000..3a29acd51a --- /dev/null +++ b/docs/resources/actions_environment_secret.md @@ -0,0 +1,112 @@ +--- +page_title: "github_actions_environment_secret (Resource) - GitHub" +description: |- + Creates and manages an Action Secret within a GitHub repository environment +--- + +# github_actions_environment_secret (Resource) + +This resource allows you to create and manage GitHub Actions secrets within your GitHub repository environments. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +resource "github_actions_environment_secret" "example_plaintext" { + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + plaintext_value = "example-value" +} + +resource "github_actions_environment_secret" "example_encrypted" { + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + key_id = var.key_id + encrypted_value = var.encrypted_secret_string +} +``` + +```terraform +data "github_repository" "example" { + full_name = "my-org/repo" +} + +resource "github_repository_environment" "example_plaintext" { + repository = data.github_repository.example.name + environment = "example-environment" +} + +resource "github_actions_environment_secret" "example_encrypted" { + repository = data.github_repository.example.name + environment = github_repository_environment.example.environment + secret_name = "test_secret_name" + plaintext_value = "example-value" +} +``` + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +```terraform +resource "github_actions_environment_secret" "example_allow_drift" { + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `environment` - (Required) Name of the environment. +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using an ID made of the repository name, environment name (URL escaped), and secret name all separated by a `:`. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub actions environment secret named `mysecret` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_secret` resource named `example`. + +```terraform +import { + to = github_actions_environment_secret.example + id = "myrepo:myenv:mysecret" +} +``` + +### Import Command + +The following command imports a GitHub actions environment secret named `mysecret` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_secret` resource named `example`. + +```shell +terraform import github_actions_environment_secret.example myrepo:myenv:mysecret +``` diff --git a/docs/resources/actions_environment_variable.md b/docs/resources/actions_environment_variable.md new file mode 100644 index 0000000000..3398c4bd1d --- /dev/null +++ b/docs/resources/actions_environment_variable.md @@ -0,0 +1,76 @@ +--- +page_title: "github_actions_environment_variable (Resource) - GitHub" +description: |- + Creates and manages an Action variable within a GitHub repository environment +--- + +# github_actions_environment_variable (Resource) + +This resource allows you to create and manage GitHub Actions variables within your GitHub repository environments. You must have write access to a repository to use this resource. + +## Example Usage + +```terraform +resource "github_actions_environment_variable" "example" { + repository = "example-repo" + environment = "example-environment" + variable_name = "example_variable_name" + value = "example-value" +} +``` + +```terraform +data "github_repository" "example" { + full_name = "my-org/repo" +} + +resource "github_repository_environment" "example" { + repository = data.github_repository.example.name + environment = "example_environment" +} + +resource "github_actions_environment_variable" "example" { + repository = data.github_repository.example.name + environment = github_repository_environment.example.environment + variable_name = "example_variable_name" + value = "example-value" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `environment` - (Required) Name of the environment. +- `variable_name` - (Required) Name of the variable. +- `value` - (Required) Value of the variable. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the variable was created. +- `updated_at` - Date the variable was last updated. + +## Import + +This resource can be imported using an ID made of the repository name, environment name (any `:` in the environment name need to be escaped as `??`), and variable name all separated by a `:`. + +### Import Block + +The following import imports a GitHub actions environment variable named `myvariable` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_variable` resource named `example`. + +```terraform +import { + to = github_actions_environment_variable.example + id = "myrepo:myenv:myvariable" +} +``` + +### Import Command + +The following command imports a GitHub actions environment variable named `myvariable` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_variable` resource named `example`. + +```shell +terraform import github_actions_environment_variable.example myrepo:myenv:myvariable +``` diff --git a/docs/resources/actions_hosted_runner.md b/docs/resources/actions_hosted_runner.md new file mode 100644 index 0000000000..14b17fe28b --- /dev/null +++ b/docs/resources/actions_hosted_runner.md @@ -0,0 +1,153 @@ +--- +page_title: "github_actions_hosted_runner (Resource) - GitHub" +description: |- + Creates and manages GitHub-hosted runners within a GitHub organization +--- + +# github_actions_hosted_runner (Resource) + +This resource allows you to create and manage GitHub-hosted runners within your GitHub organization. You must have admin access to an organization to use this resource. + +GitHub-hosted runners are fully managed virtual machines that run your GitHub Actions workflows. Unlike self-hosted runners, GitHub handles the infrastructure, maintenance, and scaling. + +## Example Usage + +### Basic Usage + +```terraform +resource "github_actions_runner_group" "example" { + name = "example-runner-group" + visibility = "all" +} + +resource "github_actions_hosted_runner" "example" { + name = "example-hosted-runner" + + image { + id = "2306" + source = "github" + } + + size = "4-core" + runner_group_id = github_actions_runner_group.example.id +} +``` + +### Advanced Usage with Optional Parameters + +```terraform +resource "github_actions_runner_group" "advanced" { + name = "advanced-runner-group" + visibility = "selected" +} + +resource "github_actions_hosted_runner" "advanced" { + name = "advanced-hosted-runner" + + image { + id = "2306" + source = "github" + } + + size = "8-core" + runner_group_id = github_actions_runner_group.advanced.id + maximum_runners = 10 + public_ip_enabled = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the hosted runner. Must be between 1 and 64 characters and may only contain alphanumeric characters, '.', '-', and '_'. +- `image` - (Required) Image configuration for the hosted runner. Cannot be changed after creation. Block supports: + - `id` - (Required) The image ID. For GitHub-owned images, use numeric IDs like "2306" for Ubuntu Latest 24.04. To get available images, use the GitHub API: `GET /orgs/{org}/actions/hosted-runners/images/github-owned`. + - `source` - (Optional) The image source. Valid values are "github", "partner", or "custom". Defaults to "github". +- `size` - (Required) Machine size for the hosted runner (e.g., "4-core", "8-core"). Can be updated to scale the runner. To list available sizes, use the GitHub API: `GET /orgs/{org}/actions/hosted-runners/machine-sizes`. +- `runner_group_id` - (Required) The ID of the runner group to assign this runner to. +- `maximum_runners` - (Optional) Maximum number of runners to scale up to. Runners will not auto-scale above this number. Use this setting to limit costs. +- `public_ip_enabled` - (Optional) Whether to enable static public IP for the runner. Note there are account limits. To list limits, use the GitHub API: `GET /orgs/{org}/actions/hosted-runners/limits`. Defaults to false. +- `image_version` - (Optional) The version of the runner image to deploy. This is only relevant for runners using custom images. + +## Timeouts + +The `timeouts` block allows you to specify timeouts for certain actions: + +- `delete` - (Defaults to 10 minutes) Used for waiting for the hosted runner deletion to complete. + +Example: + +```terraform +resource "github_actions_hosted_runner" "example" { + name = "example-hosted-runner" + + image { + id = "2306" + source = "github" + } + + size = "4-core" + runner_group_id = github_actions_runner_group.example.id + + timeouts { + delete = "15m" + } +} +``` + +## Attributes Reference + +In addition to the arguments above, the following attributes are exported: + +- `id` - The ID of the hosted runner. +- `status` - Current status of the runner (e.g., "Ready", "Provisioning"). +- `platform` - Platform of the runner (e.g., "linux-x64", "win-x64"). +- `image` - In addition to the arguments above, the image block exports: + - `size_gb` - The size of the image in gigabytes. +- `machine_size_details` - Detailed specifications of the machine size: + - `id` - Machine size identifier. + - `cpu_cores` - Number of CPU cores. + - `memory_gb` - Amount of memory in gigabytes. + - `storage_gb` - Amount of storage in gigabytes. +- `public_ips` - List of public IP ranges assigned to this runner (only if `public_ip_enabled` is true): + - `enabled` - Whether this IP range is enabled. + - `prefix` - IP address prefix. + - `length` - Subnet length. +- `last_active_on` - Timestamp (RFC3339) when the runner was last active. + +## Import + +Hosted runners can be imported using the runner ID: + +```hcl +$ terraform import github_actions_hosted_runner.example 123456 +``` + +## Notes + +- This resource is **organization-only*- and cannot be used with individual accounts. +- The `image` field cannot be changed after the runner is created. Changing it will force recreation of the runner. +- The `size` field can be updated to scale the runner up or down as needed. +- Image IDs for GitHub-owned images are numeric strings (e.g., "2306" for Ubuntu Latest 24.04), not names like "ubuntu-latest". +- Deletion of hosted runners is asynchronous. The provider will poll for up to 10 minutes (configurable via timeouts) to confirm deletion. +- Runner creation and updates may take several minutes as GitHub provisions the infrastructure. +- Static public IPs are subject to account limits. Check your organization's limits before enabling. + +## Getting Available Images and Sizes + +To get a list of available images: + +```bash +curl -H "Authorization: Bearer YOUR_TOKEN" \ + -H "Accept: application/vnd.github+json" \ + https://api.github.com/orgs/YOUR_ORG/actions/hosted-runners/images/github-owned +``` + +To get available machine sizes: + +```bash +curl -H "Authorization: Bearer YOUR_TOKEN" \ + -H "Accept: application/vnd.github+json" \ + https://api.github.com/orgs/YOUR_ORG/actions/hosted-runners/machine-sizes +``` diff --git a/docs/resources/actions_organization_oidc_subject_claim_customization_template.md b/docs/resources/actions_organization_oidc_subject_claim_customization_template.md new file mode 100644 index 0000000000..76f20502ef --- /dev/null +++ b/docs/resources/actions_organization_oidc_subject_claim_customization_template.md @@ -0,0 +1,33 @@ +--- +page_title: "github_actions_organization_oidc_subject_claim_customization_template (Resource) - GitHub" +description: |- + Creates and manages an OpenID Connect subject claim customization template for an organization. +--- + +# github_actions_organization_oidc_subject_claim_customization_template (Resource) + +This resource allows you to create and manage an OpenID Connect subject claim customization template within a GitHub organization. + +More information on integrating GitHub with cloud providers using OpenID Connect and a list of available claims is available in the [Actions documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect). + +## Example Usage + +```terraform +resource "github_actions_organization_oidc_subject_claim_customization_template" "example_template" { + include_claim_keys = ["actor", "context", "repository_owner"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `include_claim_keys` - (Required) A list of OpenID Connect claims. + +## Import + +This resource can be imported using the organization's name. + +```hcl +$ terraform import github_actions_organization_oidc_subject_claim_customization_template.test example_organization +``` diff --git a/docs/resources/actions_organization_permissions.md b/docs/resources/actions_organization_permissions.md new file mode 100644 index 0000000000..d4f218ed08 --- /dev/null +++ b/docs/resources/actions_organization_permissions.md @@ -0,0 +1,62 @@ +--- +page_title: "github_actions_organization_permissions (Resource) - GitHub" +description: |- + Creates and manages Actions permissions within a GitHub organization +--- + +# github_actions_organization_permissions (Resource) + +This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise organizations. You must have admin access to an organization to use this resource. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_actions_organization_permissions" "test" { + allowed_actions = "selected" + enabled_repositories = "selected" + allowed_actions_config { + github_owned_allowed = true + patterns_allowed = ["actions/cache@*", "actions/checkout@*"] + verified_allowed = true + } + enabled_repositories_config { + repository_ids = [github_repository.example.repo_id] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `allowed_actions` - (Optional) The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`. +- `enabled_repositories` - (Required) The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`. +- `allowed_actions_config` - (Optional) Sets the actions that are allowed in an organization. Only available when `allowed_actions` = `selected`. See [Allowed Actions Config](#allowed-actions-config) below for details. +- `enabled_repositories_config` - (Optional) Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when `enabled_repositories` = `selected`. See [Enabled Repositories Config](#enabled-repositories-config) below for details. +- `sha_pinning_required` - (Optional) Whether pinning to a specific SHA is required for all actions and reusable workflows in the organization. + +### Allowed Actions Config + +The `allowed_actions_config` block supports the following: + +- `github_owned_allowed` - (Required) Whether GitHub-owned actions are allowed in the organization. +- `patterns_allowed` - (Optional) Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*." +- `verified_allowed` - (Optional) Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators. + +### Enabled Repositories Config + +The `enabled_repositories_config` block supports the following: + +- `repository_ids` - (Required) List of repository IDs to enable for GitHub Actions. + +## Import + +This resource can be imported using the name of the GitHub organization: + +```hcl +$ terraform import github_actions_organization_permissions.test github_organization_name +``` diff --git a/docs/resources/actions_organization_secret.md b/docs/resources/actions_organization_secret.md new file mode 100644 index 0000000000..0fdf2557ab --- /dev/null +++ b/docs/resources/actions_organization_secret.md @@ -0,0 +1,110 @@ +--- +page_title: "github_actions_organization_secret (Resource) - GitHub" +description: |- + Creates and manages an Action Secret within a GitHub organization +--- + +# github_actions_organization_secret (Resource) + +This resource allows you to create and manage GitHub Actions secrets within your GitHub organization. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +resource "github_actions_organization_secret" "example_plaintext" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = var.some_secret_string +} + +resource "github_actions_organization_secret" "example_encrypted" { + secret_name = "example_secret_name" + visibility = "all" + encrypted_value = var.some_encrypted_secret_string +} +``` + +```terraform +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_actions_organization_secret" "example_encrypted" { + secret_name = "example_secret_name" + visibility = "selected" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_actions_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "selected" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} +``` + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +```terraform +resource "github_actions_organization_secret" "example_allow_drift" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `visibility` - (Required) Configures the access that repositories have to the organization secret; must be one of `all`, `private`, or `selected`. +- `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. +- `destroy_on_drift` - (**DEPRECATED**) (Optional) This is ignored as drift detection is built into the resource. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using the secret name as the ID. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub actions organization secret named `mysecret` to a `github_actions_organization_secret` resource named `example`. + +```terraform +import { + to = github_actions_organization_secret.example + id = "mysecret" +} +``` + +### Import Command + +The following command imports a GitHub actions organization secret named `mysecret` to a `github_actions_organization_secret` resource named `example`. + +```shell +terraform import github_actions_organization_secret.example mysecret +``` diff --git a/docs/resources/actions_organization_secret_repositories.md b/docs/resources/actions_organization_secret_repositories.md new file mode 100644 index 0000000000..c3526b66dd --- /dev/null +++ b/docs/resources/actions_organization_secret_repositories.md @@ -0,0 +1,61 @@ +--- +page_title: "github_actions_organization_secret_repositories (Resource) - GitHub" +description: |- + Manages repository allow list for an Actions Secret within a GitHub organization. +--- + +# github_actions_organization_secret_repositories (Resource) + +This resource allows you to manage the repositories allowed to access an actions secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +```terraform +resource "github_actions_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_secret_repositories" "example" { + secret_name = github_actions_organization_secret.example.name + selected_repository_ids = [github_repository.example.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the actions organization secret. +- `selected_repository_ids` - (Required) List of IDs for the repositories that should be able to access the secret. + +## Import + +This resource can be imported using the secret name as the ID. + +### Import Block + +The following import block imports the repositories able to access the actions organization secret named `mysecret` to a `github_actions_organization_secret_repositories` resource named `example`. + +```terraform +import { + to = github_actions_organization_secret_repositories.example + id = "mysecret" +} +``` + +### Import Command + +The following command imports the repositories able to access the actions organization secret named `mysecret` to a `github_actions_organization_secret_repositories` resource named `example`. + +```shell +terraform import github_actions_organization_secret_repositories.example mysecret +``` diff --git a/docs/resources/actions_organization_secret_repository.md b/docs/resources/actions_organization_secret_repository.md new file mode 100644 index 0000000000..34745a8d80 --- /dev/null +++ b/docs/resources/actions_organization_secret_repository.md @@ -0,0 +1,61 @@ +--- +page_title: "github_actions_organization_secret_repository (Resource) - GitHub" +description: |- + Add access for a repository to an Actions Secret within a GitHub organization. +--- + +# github_actions_organization_secret_repository (Resource) + +This resource adds permission for a repository to use an actions secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +```terraform +resource "github_actions_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_secret_repository" "example" { + secret_name = github_actions_organization_secret.example.name + repository_id = github_repository.example.repo_id +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the actions organization secret. +- `repository_id` - (Required) ID of the repository that should be able to access the secret. + +## Import + +This resource can be imported using an ID made of the secret name and repository name separated by a `:`. + +### Import Block + +The following import block imports the access of repository ID `123456` for the actions organization secret named `mysecret` to a `github_actions_organization_secret_repository` resource named `example`. + +```terraform +import { + to = github_actions_organization_secret_repository.example + id = "mysecret:123456" +} +``` + +### Import Command + +The following command imports the access of repository ID `123456` for the actions organization secret named `mysecret` to a `github_actions_organization_secret_repository` resource named `example`. + +```shell +terraform import github_actions_organization_secret_repository.example mysecret:123456 +``` diff --git a/docs/resources/actions_organization_variable.md b/docs/resources/actions_organization_variable.md new file mode 100644 index 0000000000..bfcdd07ace --- /dev/null +++ b/docs/resources/actions_organization_variable.md @@ -0,0 +1,69 @@ +--- +page_title: "github_actions_organization_variable (Resource) - GitHub" +description: |- + Creates and manages an Action variable within a GitHub organization +--- + +# github_actions_organization_variable (Resource) + +This resource allows you to create and manage GitHub Actions variables within your GitHub organization. You must have write access to a repository to use this resource. + +## Example Usage + +```terraform +resource "github_actions_organization_variable" "example_variable" { + variable_name = "example_variable_name" + visibility = "private" + value = "example_variable_value" +} +``` + +```terraform +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_actions_organization_variable" "example_variable" { + variable_name = "example_variable_name" + visibility = "selected" + value = "example_variable_value" + selected_repository_ids = [data.github_repository.repo.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `variable_name` - (Required) Name of the variable. +- `value` - (Required) Value of the variable. +- `visibility` - (Required) Configures the access that repositories have to the organization variable; must be one of `all`, `private`, or `selected`. +- `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. + +## Attributes Reference + +- `created_at` - Date the variable was created. +- `updated_at` - Date the variable was last updated. + +## Import + +This resource can be imported using the variable name as the ID. + +### Import Block + +The following import imports a GitHub actions organization variable named `myvariable`to a `github_actions_organization_variable` resource named `example`. + +```terraform +import { + to = github_actions_organization_variable.example + id = "myvariable" +} +``` + +### Import Command + +The following command imports a GitHub actions organization variable named `myvariable` to a `github_actions_organization_variable` resource named `example`. + +```shell +terraform import github_actions_organization_variable.example myvariable +``` diff --git a/docs/resources/actions_organization_variable_repositories.md b/docs/resources/actions_organization_variable_repositories.md new file mode 100644 index 0000000000..f126dd0593 --- /dev/null +++ b/docs/resources/actions_organization_variable_repositories.md @@ -0,0 +1,61 @@ +--- +page_title: "github_actions_organization_variable_repositories (Resource) - GitHub" +description: |- + Manages repository allow list for an Actions Variable within a GitHub organization. +--- + +# github_actions_organization_variable_repositories (Resource) + +This resource allows you to manage the repositories allowed to access an actions variable within your GitHub organization. You must have write access to an organization variable to use this resource. + +This resource is only applicable when `visibility` of the existing organization variable has been set to `selected`. + +## Example Usage + +```terraform +resource "github_actions_organization_variable" "example" { + variable_name = "myvariable" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_variable_repositories" "example" { + variable_name = github_actions_organization_variable.example.name + selected_repository_ids = [github_repository.example.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `variable_name` - (Required) Name of the actions organization variable. +- `selected_repository_ids` - (Required) List of IDs for the repositories that should be able to access the variable. + +## Import + +This resource can be imported using the variable name as the ID. + +### Import Block + +The following import block imports the repositories able to access the actions organization variable named `myvariable` to a `github_actions_organization_variable_repositories` resource named `example`. + +```terraform +import { + to = github_actions_organization_variable_repositories.example + id = "myvariable" +} +``` + +### Import Command + +The following command imports the repositories able to access the actions organization variable named `myvariable` to a `github_actions_organization_variable_repositories` resource named `example`. + +```shell +terraform import github_actions_organization_variable_repositories.example myvariable +``` diff --git a/docs/resources/actions_organization_variable_repository.md b/docs/resources/actions_organization_variable_repository.md new file mode 100644 index 0000000000..d1d89a6b99 --- /dev/null +++ b/docs/resources/actions_organization_variable_repository.md @@ -0,0 +1,61 @@ +--- +page_title: "github_actions_organization_variable_repository (Resource) - GitHub" +description: |- + Add access for a repository to an Actions Variable within a GitHub organization. +--- + +# github_actions_organization_variable_repository (Resource) + +This resource adds permission for a repository to use an actions variables within your GitHub organization. You must have write access to an organization variable to use this resource. + +This resource is only applicable when `visibility` of the existing organization variable has been set to `selected`. + +## Example Usage + +```terraform +resource "github_actions_organization_variable" "example" { + variable_name = "myvariable" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_variable_repository" "example" { + variable_name = github_actions_organization_variable.example.name + repository_id = github_repository.example.repo_id +} +``` + +## Argument Reference + +The following arguments are supported: + +- `variable_name` - (Required) Name of the actions organization variable. +- `repository_id` - (Required) ID of the repository that should be able to access the variable. + +## Import + +This resource can be imported using an ID made of the variable name and repository name separated by a `:`. + +### Import Block + +The following import block imports the access of repository ID `123456` for the actions organization variable named `myvariable` to a `github_actions_organization_variable_repository` resource named `example`. + +```terraform +import { + to = github_actions_organization_variable_repository.example + id = "myvariable:123456" +} +``` + +### Import Command + +The following command imports the access of repository ID `123456` for the actions organization variable named `myvariable` to a `github_actions_organization_variable_repository` resource named `example`. + +```shell +terraform import github_actions_organization_variable_repository.example myvariable:123456 +``` diff --git a/docs/resources/actions_organization_workflow_permissions.md b/docs/resources/actions_organization_workflow_permissions.md new file mode 100644 index 0000000000..0e68891e42 --- /dev/null +++ b/docs/resources/actions_organization_workflow_permissions.md @@ -0,0 +1,64 @@ +--- +page_title: "github_actions_organization_workflow_permissions (Resource) - GitHub" +description: |- + Manages GitHub Actions workflow permissions for a GitHub Organization. +--- + +# github_actions_organization_workflow_permissions (Resource) + +This resource allows you to manage GitHub Actions workflow permissions for a GitHub Organization account. This controls the default permissions granted to the GITHUB_TOKEN when running workflows and whether GitHub Actions can approve pull request reviews. + +You must have organization admin access to use this resource. + +## Example Usage + +```terraform +# Basic workflow permissions configuration +resource "github_actions_organization_workflow_permissions" "example" { + organization_slug = "my-organization" + + default_workflow_permissions = "read" + can_approve_pull_request_reviews = false +} + +# Allow write permissions and PR approvals +resource "github_actions_organization_workflow_permissions" "permissive" { + organization_slug = "my-organization" + + default_workflow_permissions = "write" + can_approve_pull_request_reviews = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `organization_slug` - (Required) The slug of the organization. + +- `default_workflow_permissions` - (Optional) The default workflow permissions granted to the GITHUB_TOKEN when running workflows. Can be `read` or `write`. Defaults to `read`. + +- `can_approve_pull_request_reviews` - (Optional) Whether GitHub Actions can approve pull request reviews. Defaults to `false`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `id` - The organization slug. + +## Import + +Organization Actions workflow permissions can be imported using the organization slug: + +```sh +terraform import github_actions_organization_workflow_permissions.example my-organization +``` + +## Notes + +~> **Note:*- This resource requires a GitHub Organization account and organization admin permissions. + +When this resource is destroyed, the workflow permissions will be reset to safe defaults: + +- `default_workflow_permissions` = `read` +- `can_approve_pull_request_reviews` = `false` diff --git a/docs/resources/actions_repository_access_level.md b/docs/resources/actions_repository_access_level.md new file mode 100644 index 0000000000..0d18d689c7 --- /dev/null +++ b/docs/resources/actions_repository_access_level.md @@ -0,0 +1,38 @@ +--- +page_title: "github_actions_repository_access_level (Resource) - GitHub" +description: |- + Manages Actions and Reusable Workflow access for a GitHub repository +--- + +# github_actions_repository_access_level (Resource) + +This resource allows you to set the access level of a non-public repositories actions and reusable workflows for use in other repositories. You must have admin access to a repository to use this resource. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "my-repository" + visibility = "private" +} + +resource "github_actions_repository_access_level" "test" { + access_level = "user" + repository = github_repository.example.name +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `access_level` - (Required) Where the actions or reusable workflows of the repository may be used. Possible values are `none`, `user`, `organization`, or `enterprise`. + +## Import + +This resource can be imported using the name of the GitHub repository: + +```hcl +$ terraform import github_actions_repository_access_level.test my-repository +``` diff --git a/docs/resources/actions_repository_oidc_subject_claim_customization_template.md b/docs/resources/actions_repository_oidc_subject_claim_customization_template.md new file mode 100644 index 0000000000..619a75609d --- /dev/null +++ b/docs/resources/actions_repository_oidc_subject_claim_customization_template.md @@ -0,0 +1,48 @@ +--- +page_title: "github_actions_repository_oidc_subject_claim_customization_template (Resource) - GitHub" +description: |- + Creates and manages an OpenID Connect subject claim customization template for a repository +--- + +# github_actions_repository_oidc_subject_claim_customization_template (Resource) + +This resource allows you to create and manage an OpenID Connect subject claim customization template for a GitHub repository. + +More information on integrating GitHub with cloud providers using OpenID Connect and a list of available claims is available in the [Actions documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect). + +The following table lists the behaviour of `use_default`: + +| `use_default` | `include_claim_keys` | Template used | +|---------------|----------------------|-----------------------------------------------------------| +| `true` | Unset | GitHub's default | +| `false` | Set | `include_claim_keys` | +| `false` | Unset | Organization's default if set, otherwise GitHub's default | + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "example-repository" +} + +resource "github_actions_repository_oidc_subject_claim_customization_template" "example_template" { + repository = github_repository.example.name + use_default = false + include_claim_keys = ["actor", "context", "repository_owner"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `use_default` - (Required) Whether to use the default template or not. If `true`, `include_claim_keys` must not be set. +- `include_claim_keys` - (Optional) A list of OpenID Connect claims. + +## Import + +This resource can be imported using the repository's name. + +```hcl +$ terraform import github_actions_repository_oidc_subject_claim_customization_template.test example_repository +``` diff --git a/docs/resources/actions_repository_permissions.md b/docs/resources/actions_repository_permissions.md new file mode 100644 index 0000000000..6cedf2ce39 --- /dev/null +++ b/docs/resources/actions_repository_permissions.md @@ -0,0 +1,53 @@ +--- +page_title: "github_actions_repository_permissions (Resource) - GitHub" +description: |- + Enables and manages Actions permissions for a GitHub repository +--- + +# github_actions_repository_permissions (Resource) + +This resource allows you to enable and manage GitHub Actions permissions for a given repository. You must have admin access to an repository to use this resource. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_actions_repository_permissions" "test" { + allowed_actions = "selected" + allowed_actions_config { + github_owned_allowed = true + patterns_allowed = ["actions/cache@*", "actions/checkout@*"] + verified_allowed = true + } + repository = github_repository.example.name +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `allowed_actions` - (Optional) The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`. +- `enabled` - (Optional) Should GitHub actions be enabled on this repository? +- `allowed_actions_config` - (Optional) Sets the actions that are allowed in an repository. Only available when `allowed_actions` = `selected`. See [Allowed Actions Config](#allowed-actions-config) below for details. +- `sha_pinning_required` - (Optional) Whether pinning to a specific SHA is required for all actions and reusable workflows in the repository. + +### Allowed Actions Config + +The `allowed_actions_config` block supports the following: + +- `github_owned_allowed` - (Required) Whether GitHub-owned actions are allowed in the repository. +- `patterns_allowed` - (Optional) Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*." +- `verified_allowed` - (Optional) Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators. + +## Import + +This resource can be imported using the name of the GitHub repository: + +```hcl +$ terraform import github_actions_repository_permissions.test my-repository +``` diff --git a/docs/resources/actions_runner_group.md b/docs/resources/actions_runner_group.md new file mode 100644 index 0000000000..90f013dc27 --- /dev/null +++ b/docs/resources/actions_runner_group.md @@ -0,0 +1,55 @@ +--- +page_title: "github_actions_runner_group (Resource) - GitHub" +description: |- + Creates and manages an Actions Runner Group within a GitHub organization +--- + +# github_actions_runner_group (Resource) + +This resource allows you to create and manage GitHub Actions runner groups within your GitHub enterprise organizations. You must have admin access to an organization to use this resource. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_actions_runner_group" "example" { + name = github_repository.example.name + visibility = "selected" + selected_repository_ids = [github_repository.example.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the runner group +- `restricted_to_workflows` - (Optional) If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. +- `selected_repository_ids` - (Optional) IDs of the repositories which should be added to the runner group +- `selected_workflows` - (Optional) List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. +- `visibility` - (Optional) Visibility of a runner group. Whether the runner group can include `all`, `selected`, or `private` repositories. A value of `private` is not currently supported due to limitations in the GitHub API. +- `allows_public_repositories` - (Optional) Whether public repositories can be added to the runner group. Defaults to false. + +## Attributes Reference + +- `allows_public_repositories` - Whether public repositories can be added to the runner group +- `default` - Whether this is the default runner group +- `etag` - An etag representing the runner group object +- `inherited` - Whether the runner group is inherited from the enterprise level +- `runners_url` - The GitHub API URL for the runner group's runners +- `selected_repository_ids` - List of repository IDs that can access the runner group +- `selected_repositories_url` - GitHub API URL for the runner group's repositories +- `visibility` - The visibility of the runner group +- `restricted_to_workflows` - If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. +- `selected_workflows` - List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. + +## Import + +This resource can be imported using the ID of the runner group: + +```hcl +$ terraform import github_actions_runner_group.test 7 +``` diff --git a/docs/resources/actions_secret.md b/docs/resources/actions_secret.md new file mode 100644 index 0000000000..3ead75ecd8 --- /dev/null +++ b/docs/resources/actions_secret.md @@ -0,0 +1,90 @@ +--- +page_title: "github_actions_secret (Resource) - GitHub" +description: |- + Creates and manages an Action Secret within a GitHub repository +--- + +# github_actions_secret (Resource) + +This resource allows you to create and manage GitHub Actions secrets within your GitHub repositories. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +resource "github_actions_secret" "example_plaintext" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string +} + +resource "github_actions_secret" "example_encrypted" { + repository = "example_repository" + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string +} +``` + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +```terraform +resource "github_actions_secret" "example_allow_drift" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `destroy_on_drift` - (**DEPRECATED**) (Optional) This is ignored as drift detection is built into the resource. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using an ID made of the repository name, and secret name separated by a `:`. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub actions secret named `mysecret` for the repo `myrepo` to a `github_actions_secret` resource named `example`. + +```terraform +import { + to = github_actions_secret.example + id = "myrepo:mysecret" +} +``` + +### Import Command + +The following command imports a GitHub actions secret named `mysecret` for the repo `myrepo` to a `github_actions_secret` resource named `example`. + +```shell +terraform import github_actions_secret.example myrepo:mysecret +``` diff --git a/docs/resources/actions_variable.md b/docs/resources/actions_variable.md new file mode 100644 index 0000000000..7ea56fc59b --- /dev/null +++ b/docs/resources/actions_variable.md @@ -0,0 +1,56 @@ +--- +page_title: "github_actions_variable (Resource) - GitHub" +description: |- + Creates and manages an Action variable within a GitHub repository +--- + +# github_actions_variable (Resource) + +This resource allows you to create and manage GitHub Actions variables within your GitHub repositories. You must have write access to a repository to use this resource. + +## Example Usage + +```terraform +resource "github_actions_variable" "example_variable" { + repository = "example_repository" + variable_name = "example_variable_name" + value = "example_variable_value" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `variable_name` - (Required) Name of the variable. +- `value` - (Required) Value of the variable. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the variable was created. +- `updated_at` - Date the variable was last updated. + +## Import + +This resource can be imported using an ID made of the repository name, and variable name separated by a `:`. + +### Import Block + +The following import imports a GitHub actions variable named `myvariable` for the repo `myrepo` to a `github_actions_variable` resource named `example`. + +```terraform +import { + to = github_actions_variable.example + id = "myrepo:myvariable" +} +``` + +### Import Command + +The following command imports a GitHub actions variable named `myvariable` for the repo `myrepo` to a `github_actions_variable` resource named `example`. + +```shell +terraform import github_actions_variable.example myrepo:myvariable +``` diff --git a/docs/resources/app_installation_repositories.md b/docs/resources/app_installation_repositories.md new file mode 100644 index 0000000000..77fb1c4e5b --- /dev/null +++ b/docs/resources/app_installation_repositories.md @@ -0,0 +1,51 @@ +--- +page_title: "github_app_installation_repositories (Resource) - GitHub" +description: |- + Manages the associations between app installations and repositories. +--- + +# github_app_installation_repositories (Resource) + +~> **Note**: This resource is not compatible with the GitHub App Installation authentication method. + +This resource manages relationships between app installations and repositories in your GitHub organization or your user account. + +Creating this resource installs a particular app on multiple repositories. + +The app installation and the repositories must all belong to the same organization or user account on GitHub. Note: you can review your organization's installations by the following the instructions at this [link](https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-your-organizations-installed-integrations) or for your user account at this [link](https://docs.github.com/en/apps/using-github-apps/reviewing-and-modifying-installed-github-apps). + +## Example Usage + +```terraform +# Create some repositories. +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_repository" "another_repo" { + name = "another-repo" +} + +resource "github_app_installation_repositories" "some_app_repos" { + # The installation id of the app (in the organization). + installation_id = "1234567" + selected_repositories = [github_repository.some_repo.name, github_repository.another_repo.name] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `installation_id` - (Required) The GitHub app installation id. +- `selected_repositories` - (Required) A list of repository names to install the app on. + +~> **Note**: Due to how GitHub implements app installations, apps cannot be installed with no repositories selected. Therefore deleting this resource will leave one repository with the app installed. Manually uninstall the app or set the installation to all repositories via the GUI as after deleting this resource. + +## Import + +GitHub App Installation Repositories can be imported using an ID made up of `installation_id`, e.g. + +```hcl +$ terraform import github_app_installation_repositories.some_app_repos 1234567 +``` diff --git a/docs/resources/app_installation_repository.md b/docs/resources/app_installation_repository.md new file mode 100644 index 0000000000..5410165b49 --- /dev/null +++ b/docs/resources/app_installation_repository.md @@ -0,0 +1,45 @@ +--- +page_title: "github_app_installation_repository (Resource) - GitHub" +description: |- + Manages the associations between app installations and repositories. +--- + +# github_app_installation_repository (Resource) + +~> **Note**: This resource is not compatible with the GitHub App Installation authentication method. + +This resource manages relationships between app installations and repositories in your GitHub organization or your user account. + +Creating this resource installs a particular app on a particular repository. + +The app installation and the repository must both belong to the same organization or user account on GitHub. Note: you can review your organization's installations by the following the instructions at this [link](https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-your-organizations-installed-integrations) or for your user account at this [link](https://docs.github.com/en/apps/using-github-apps/reviewing-and-modifying-installed-github-apps). + +## Example Usage + +```terraform +# Create a repository. +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_app_installation_repository" "some_app_repo" { + # The installation id of the app (in the organization). + installation_id = "1234567" + repository = github_repository.some_repo.name +} +``` + +## Argument Reference + +The following arguments are supported: + +- `installation_id` - (Required) The GitHub app installation id. +- `repository` - (Required) The repository to install the app on. + +## Import + +GitHub App Installation Repository can be imported using an ID made up of `installation_id:repository`, e.g. + +```hcl +$ terraform import github_app_installation_repository.terraform_repo 1234567:terraform +``` diff --git a/docs/resources/branch.md b/docs/resources/branch.md new file mode 100644 index 0000000000..eca21e2799 --- /dev/null +++ b/docs/resources/branch.md @@ -0,0 +1,64 @@ +--- +page_title: "github_branch (Resource) - GitHub" +description: |- + Creates and manages branches within GitHub repositories. +--- + +# github\_branch + +This resource allows you to create and manage branches within your repository. + +Additional constraints can be applied to ensure your branch is created from another branch or commit. + +## Example Usage + +```terraform +resource "github_branch" "development" { + repository = "example" + branch = "development" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. + +- `branch` - (Required) The repository branch to create. + +- `source_branch` - (Optional) The branch name to start from. Defaults to `main`. + +- `source_sha` - (Optional) The commit hash to start from. Defaults to the tip of `source_branch`. If provided, `source_branch` is ignored. + +## Attribute Reference + +The following additional attributes are exported: + +- `source_sha` - A string storing the commit this branch was started from. Not populated when imported. + +- `etag` - An etag representing the Branch object. + +- `ref` - A string representing a branch reference, in the form of `refs/heads/`. + +- `sha` - A string storing the reference's `HEAD` commit's SHA1. + +## Import + +GitHub Branch can be imported using an ID made up of `repository:branch`, e.g. + +```hcl +$ terraform import github_branch.terraform terraform:main +``` + +Importing github branch into an instance object (when using a for each block to manage multiple branches) + +```hcl +$ terraform import github_branch.terraform["terraform"] terraform:main +``` + +Optionally, a source branch may be specified using an ID of `repository:branch:source_branch`. This is useful for importing branches that do not branch directly off main. + +```hcl +$ terraform import github_branch.terraform terraform:feature-branch:dev +``` diff --git a/docs/resources/branch_default.md b/docs/resources/branch_default.md new file mode 100644 index 0000000000..a8a7b4af89 --- /dev/null +++ b/docs/resources/branch_default.md @@ -0,0 +1,67 @@ +--- +page_title: "github_branch_default (Resource) - GitHub" +description: |- + Provides a GitHub branch default for a given repository. +--- + +# github_branch_default (Resource) + +Provides a GitHub branch default resource. + +This resource allows you to set the default branch for a given repository. + +Note that use of this resource is incompatible with the `default_branch` option of the `github_repository` resource. Using both will result in plans always showing a diff. + +## Example Usage + +Basic usage: + +```terraform +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + auto_init = true +} + +resource "github_branch" "development" { + repository = github_repository.example.name + branch = "development" +} + +resource "github_branch_default" "default" { + repository = github_repository.example.name + branch = github_branch.development.branch +} +``` + +Renaming to a branch that doesn't exist: + +```terraform +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + auto_init = true +} + +resource "github_branch_default" "default" { + repository = github_repository.example.name + branch = "development" + rename = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `branch` - (Required) The branch (e.g. `main`) +- `rename` - (Optional) Indicate if it should rename the branch rather than use an existing branch. Defaults to `false`. + +## Import + +GitHub Branch Defaults can be imported using an ID made up of `repository`, e.g. + +```hcl +$ terraform import github_branch_default.branch_default my-repo +``` diff --git a/docs/resources/branch_protection.md b/docs/resources/branch_protection.md new file mode 100644 index 0000000000..99ee0dab4c --- /dev/null +++ b/docs/resources/branch_protection.md @@ -0,0 +1,141 @@ +--- +page_title: "github_branch_protection (Resource) - GitHub" +description: |- + Protects a GitHub branch. +--- + +# github\_branch\_protection + +Protects a GitHub branch. + +This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured. + +Note: for the `push_allowances` a given user or team must have specific write access to the repository. If specific write access not provided, github will reject the given actor, which will be the cause of terraform drift. + +## Example Usage + +```terraform +# Protect the main branch of the foo repository. Additionally, require that +# the "ci/travis" context to be passing and only allow the engineers team merge +# to the branch. + +resource "github_branch_protection" "example" { + repository_id = github_repository.example.node_id + # also accepts repository name + # repository_id = github_repository.example.name + + pattern = "main" + enforce_admins = true + allows_deletions = true + + required_status_checks { + strict = false + contexts = ["ci/travis"] + } + + required_pull_request_reviews { + dismiss_stale_reviews = true + restrict_dismissals = true + dismissal_restrictions = [ + data.github_user.example.node_id, + github_team.example.node_id, + "/exampleuser", + "exampleorganization/exampleteam", + ] + } + + restrict_pushes { + push_allowances = [ + data.github_user.example.node_id, + "/exampleuser", + "exampleorganization/exampleteam", + # you can have more than one type of restriction (teams + users). If you use + # more than one type, you must use node_ids of each user and each team. + # github_team.example.node_id + # github_user.example-2.node_id + ] + } + + force_push_bypassers = [ + data.github_user.example.node_id, + "/exampleuser", + "exampleorganization/exampleteam", + # you can have more than one type of restriction (teams + users) + # github_team.example.node_id + # github_team.example-2.node_id + ] + +} + +resource "github_repository" "example" { + name = "test" +} + +data "github_user" "example" { + username = "example" +} + +resource "github_team" "example" { + name = "Example Name" +} + +resource "github_team_repository" "example" { + team_id = github_team.example.id + repository = github_repository.example.name + permission = "pull" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository_id` - (Required) The name or node ID of the repository associated with this branch protection rule. +- `pattern` - (Required) Identifies the protection rule pattern. +- `enforce_admins` - (Optional) Boolean, setting this to `true` enforces status checks for repository administrators. +- `require_signed_commits` - (Optional) Boolean, setting this to `true` requires all commits to be signed with GPG. +- `required_linear_history` - (Optional) Boolean, setting this to `true` enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch +- `require_conversation_resolution` - (Optional) Boolean, setting this to `true` requires all conversations on code must be resolved before a pull request can be merged. +- `required_status_checks` - (Optional) Enforce restrictions for required status checks. See [Required Status Checks](#required-status-checks) below for details. +- `required_pull_request_reviews` - (Optional) Enforce restrictions for pull request reviews. See [Required Pull Request Reviews](#required-pull-request-reviews) below for details. +- `restrict_pushes` - (Optional) Restrict pushes to matching branches. See [Restrict Pushes](#restrict-pushes) below for details. +- `force_push_bypassers` - (Optional) The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, `allows_force_pushes` should be set to `false`. +- `allows_deletions` - (Optional) Boolean, setting this to `true` to allow the branch to be deleted. +- `allows_force_pushes` - (Optional) Boolean, setting this to `true` to allow force pushes on the branch to everyone. Set it to `false` if you specify `force_push_bypassers`. +- `lock_branch` - (Optional) Boolean, Setting this to `true` will make the branch read-only and preventing any pushes to it. Defaults to `false` + +### Required Status Checks + +`required_status_checks` supports the following arguments: + +- `strict`: (Optional) Require branches to be up to date before merging. Defaults to `false`. +- `contexts`: (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default. + +~> Note: This attribute can contain multiple string patterns. If specified, usual value is the [job name](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname). Otherwise, the [job id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname) is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern `([, ])`. Matrixes should be specified based on the order of matrix properties in the workflow file. See [GitHub Documentation](https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#using-a-matrix-strategy) for more information. For workflows that use reusable workflows, the pattern is ` / `. This can extend multiple levels. + +### Required Pull Request Reviews + +`required_pull_request_reviews` supports the following arguments: + +- `dismiss_stale_reviews`: (Optional) Dismiss approved reviews automatically when a new commit is pushed. Defaults to `false`. +- `restrict_dismissals`: (Optional) Restrict pull request review dismissals. +- `dismissal_restrictions`: (Optional) The list of actor Names/IDs with dismissal access. If not empty, `restrict_dismissals` is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. +- `pull_request_bypassers`: (Optional) The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. +- `require_code_owner_reviews`: (Optional) Require an approved review in pull requests including files with a designated code owner. Defaults to `false`. +- `required_approving_review_count`: (Optional) Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream [documentation](https://developer.github.com/v3/repos/branches/#parameters-1) for more information. () for more information. +- `require_last_push_approval`: (Optional) Require that The most recent push must be approved by someone other than the last pusher. Defaults to `false` + +### Restrict Pushes + +`restrict_pushes` supports the following arguments: + +- `blocks_creations` - (Optional) Boolean, setting this to `false` allows people, teams, or apps to create new branches matching this rule. Defaults to `true`. +- `push_allowances` - (Optional) A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed. + +## Import + +GitHub Branch Protection can be imported using an ID made up of `repository:pattern`, e.g. + +```hcl +$ terraform import github_branch_protection.terraform terraform:main +``` diff --git a/docs/resources/branch_protection_v3.md b/docs/resources/branch_protection_v3.md new file mode 100644 index 0000000000..a27ee8f037 --- /dev/null +++ b/docs/resources/branch_protection_v3.md @@ -0,0 +1,142 @@ +--- +page_title: "github_branch_protection_v3 (Resource) - GitHub" +description: |- + Protects a GitHub branch using the v3 / REST implementation. The `github_branch_protection` resource has moved to the GraphQL API, while this resource will continue to leverage the REST API +--- + +# github_branch_protection_v3 (Resource) + +Protects a GitHub branch. + +The `github_branch_protection` resource has moved to the GraphQL API, while this resource will continue to leverage the REST API. + +This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured. + +## Example Usage + +```terraform +# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch. +resource "github_branch_protection_v3" "example" { + repository = github_repository.example.name + branch = "main" + + restrictions { + users = ["foo-user"] + } +} +``` + +```terraform +# Protect the main branch of the foo repository. Additionally, require that +# the "ci/check" check ran by the Github Actions app is passing and only allow +# the engineers team merge to the branch. + +resource "github_branch_protection_v3" "example" { + repository = github_repository.example.name + branch = "main" + enforce_admins = true + + required_status_checks { + strict = false + checks = [ + "ci/check:824642007264" + ] + } + + required_pull_request_reviews { + dismiss_stale_reviews = true + dismissal_users = ["foo-user"] + dismissal_teams = [github_team.example.slug] + dismissal_app = ["foo-app"] + + bypass_pull_request_allowances { + users = ["foo-user"] + teams = [github_team.example.slug] + apps = ["foo-app"] + } + } + + restrictions { + users = ["foo-user"] + teams = [github_team.example.slug] + apps = ["foo-app"] + } +} + +resource "github_repository" "example" { + name = "example" +} + +resource "github_team" "example" { + name = "Example Name" +} + +resource "github_team_repository" "example" { + team_id = github_team.example.id + repository = github_repository.example.name + permission = "pull" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. +- `branch` - (Required) The Git branch to protect. +- `enforce_admins` - (Optional) Boolean, setting this to `true` enforces status checks for repository administrators. +- `require_signed_commits` - (Optional) Boolean, setting this to `true` requires all commits to be signed with GPG. +- `require_conversation_resolution` - (Optional) Boolean, setting this to `true` requires all conversations on code must be resolved before a pull request can be merged. +- `required_status_checks` - (Optional) Enforce restrictions for required status checks. See [Required Status Checks](#required-status-checks) below for details. +- `required_pull_request_reviews` - (Optional) Enforce restrictions for pull request reviews. See [Required Pull Request Reviews](#required-pull-request-reviews) below for details. +- `restrictions` - (Optional) Enforce restrictions for the users and teams that may push to the branch. See [Restrictions](#restrictions) below for details. + +### Required Status Checks + +`required_status_checks` supports the following arguments: + +- `strict`: (Optional) Require branches to be up to date before merging. Defaults to `false`. +- `contexts`: (**DEPRECATED**) (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default. + +~> Note: This attribute can contain multiple string patterns. If specified, usual value is the [job name](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname). Otherwise, the [job id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname) is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern `([, ])`. Matrixes should be specified based on the order of matrix properties in the workflow file. See [GitHub Documentation](https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#using-a-matrix-strategy) for more information. For workflows that use reusable workflows, the pattern is ` / `. This can extend multiple levels. + +- `checks`: (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id". + +### Required Pull Request Reviews + +`required_pull_request_reviews` supports the following arguments: + +- `dismiss_stale_reviews`: (Optional) Dismiss approved reviews automatically when a new commit is pushed. Defaults to `false`. +- `dismissal_users`: (Optional) The list of user logins with dismissal access +- `dismissal_teams`: (Optional) The list of team slugs with dismissal access. Always use `slug` of the team, **not*- its name. Each team already **has*- to have access to the repository. +- `dismissal_apps`: (Optional) The list of app slugs with dismissal access. +- `require_code_owner_reviews`: (Optional) Require an approved review in pull requests including files with a designated code owner. Defaults to `false`. +- `required_approving_review_count`: (Optional) Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream [documentation](https://developer.github.com/v3/repos/branches/#parameters-1) for more information. +- `bypass_pull_request_allowances`: (Optional) Allow specific users, teams, or apps to bypass pull request requirements. See [Bypass Pull Request Allowances](#bypass-pull-request-allowances) below for details. +- `require_last_push_approval`: (Optional) Require that the most recent push must be approved by someone other than the last pusher. Defaults to `false` + +### Restrictions + +`restrictions` supports the following arguments: + +- `users`: (Optional) The list of user logins with push access. +- `teams`: (Optional) The list of team slugs with push access. Always use `slug` of the team, **not*- its name. Each team already **has*- to have access to the repository. +- `apps`: (Optional) The list of app slugs with push access. + +`restrictions` is only available for organization-owned repositories. + +### Bypass Pull Request Allowances + +`bypass_pull_request_allowances` supports the following arguments: + +- `users`: (Optional) The list of user logins allowed to bypass pull request requirements. +- `teams`: (Optional) The list of team slugs allowed to bypass pull request requirements. +- `apps`: (Optional) The list of app slugs allowed to bypass pull request requirements. + +## Import + +GitHub Branch Protection can be imported using an ID made up of `repository:branch`, e.g. + +```hcl +$ terraform import github_branch_protection_v3.terraform terraform:main +``` diff --git a/docs/resources/codespaces_organization_secret.md b/docs/resources/codespaces_organization_secret.md new file mode 100644 index 0000000000..d68fbc77b0 --- /dev/null +++ b/docs/resources/codespaces_organization_secret.md @@ -0,0 +1,74 @@ +--- +page_title: "github_codespaces_organization_secret (Resource) - GitHub" +description: |- + Creates and manages an Codespaces Secret within a GitHub organization +--- + +# github_codespaces_organization_secret (Resource) + +This resource allows you to create and manage GitHub Codespaces secrets within your GitHub organization. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "private" + plaintext_value = var.some_secret_string +} + +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "private" + encrypted_value = var.some_encrypted_secret_string +} +``` + +```terraform +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "selected" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "selected" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted +- `visibility` - (Required) Configures the access that repositories have to the organization secret. Must be one of `all`, `private`, `selected`. `selected_repository_ids` is required if set to `selected`. +- `selected_repository_ids` - (Optional) An array of repository ids that can access the organization secret. + +## Attributes Reference + +- `created_at` - Date of codespaces_secret creation. +- `updated_at` - Date of codespaces_secret update. + +## Import + +This resource can be imported using an ID made up of the secret name: + +```hcl +terraform import github_codespaces_organization_secret.test_secret test_secret_name +``` + +NOTE: the implementation is limited in that it won't fetch the value of the `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround. diff --git a/docs/resources/codespaces_organization_secret_repositories.md b/docs/resources/codespaces_organization_secret_repositories.md new file mode 100644 index 0000000000..4c645a017e --- /dev/null +++ b/docs/resources/codespaces_organization_secret_repositories.md @@ -0,0 +1,41 @@ +--- +page_title: "github_codespaces_organization_secret_repositories (Resource) - GitHub" +description: |- + Manages repository allow list for a Codespaces Secret within a GitHub organization +--- + +# github_codespaces_organization_secret_repositories (Resource) + +This resource allows you to manage repository allow list for existing GitHub Codespaces secrets within your GitHub organization. + +You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +```terraform +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_codespaces_organization_secret_repositories" "org_secret_repos" { + secret_name = "existing_secret_name" + selected_repository_ids = [data.github_repository.repo.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the existing secret +- `selected_repository_ids` - (Required) An array of repository ids that can access the organization secret. + +## Import + +This resource can be imported using an ID made up of the secret name: + +```hcl +$ terraform import github_codespaces_organization_secret_repositories.org_secret_repos existing_secret_name +``` diff --git a/docs/resources/codespaces_secret.md b/docs/resources/codespaces_secret.md new file mode 100644 index 0000000000..c06cbceb6e --- /dev/null +++ b/docs/resources/codespaces_secret.md @@ -0,0 +1,57 @@ +--- +page_title: "github_codespaces_secret (Resource) - GitHub" +description: |- + Creates and manages an Codespaces Secret within a GitHub repository +--- + +# github_codespaces_secret (Resource) + +This resource allows you to create and manage GitHub Codespaces secrets within your GitHub repositories. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +data "github_codespaces_public_key" "example_public_key" { + repository = "example_repository" +} + +resource "github_codespaces_secret" "example_secret" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string +} + +resource "github_codespaces_secret" "example_secret" { + repository = "example_repository" + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository +- `secret_name` - (Required) Name of the secret +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted + +## Attributes Reference + +- `created_at` - Date of codespaces_secret creation. +- `updated_at` - Date of codespaces_secret update. + +## Import + +This resource can be imported using an ID made up of the `repository` and `secret_name`: + +```hcl +$ terraform import github_codespaces_secret.example_secret example_repository/example_secret_name +``` + +NOTE: the implementation is limited in that it won't fetch the value of the `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround. diff --git a/docs/resources/codespaces_user_secret.md b/docs/resources/codespaces_user_secret.md new file mode 100644 index 0000000000..01514e471b --- /dev/null +++ b/docs/resources/codespaces_user_secret.md @@ -0,0 +1,57 @@ +--- +page_title: "github_codespaces_user_secret (Resource) - GitHub" +description: |- + Creates and manages an Codespaces Secret within a GitHub user +--- + +# github_codespaces_user_secret (Resource) + +This resource allows you to create and manage GitHub Codespaces secrets within your GitHub user. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_codespaces_user_secret" "example_secret" { + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_codespaces_user_secret" "example_secret" { + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted +- `selected_repository_ids` - (Optional) An array of repository ids that can access the user secret. + +## Attributes Reference + +- `created_at` - Date of codespaces_secret creation. +- `updated_at` - Date of codespaces_secret update. + +## Import + +This resource can be imported using an ID made up of the secret name: + +```hcl +terraform import github_codespaces_user_secret.test_secret test_secret_name +``` + +NOTE: the implementation is limited in that it won't fetch the value of the `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround. diff --git a/docs/resources/dependabot_organization_secret.md b/docs/resources/dependabot_organization_secret.md new file mode 100644 index 0000000000..8cdbe0fca6 --- /dev/null +++ b/docs/resources/dependabot_organization_secret.md @@ -0,0 +1,107 @@ +--- +page_title: "github_dependabot_organization_secret (Resource) - GitHub" +description: |- + Creates and manages an Dependabot Secret within a GitHub organization +--- + +# github_dependabot_organization_secret (Resource) + +This resource allows you to create and manage GitHub Dependabot secrets within your GitHub organization. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +resource "github_dependabot_organization_secret" "example_plaintext" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = var.some_secret_string +} + +resource "github_dependabot_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "all" + encrypted_value = var.some_encrypted_secret_string +} +``` + +```terraform +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_dependabot_organization_secret" "example_plaintext" { + secret_name = "example_secret_name" + visibility = "selected" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_dependabot_organization_secret" "example_encrypted" { + secret_name = "example_secret_name" + visibility = "selected" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} +``` + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +```terraform +resource "github_dependabot_organization_secret" "example_allow_drift" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `visibility` - (Required) Configures the access that repositories have to the organization secret; must be one of `all`, `private`, or `selected`. +- `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. + +## Attributes Reference + +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using the secret name as the ID. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret` resource named `example`. + +```terraform +import { + to = github_dependabot_organization_secret.example + id = "mysecret" +} +``` + +### Import Command + +The following command imports a GitHub Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret` resource named `example`. + +```shell +terraform import github_dependabot_organization_secret.example mysecret +``` diff --git a/docs/resources/dependabot_organization_secret_repositories.md b/docs/resources/dependabot_organization_secret_repositories.md new file mode 100644 index 0000000000..c752231030 --- /dev/null +++ b/docs/resources/dependabot_organization_secret_repositories.md @@ -0,0 +1,61 @@ +--- +page_title: "github_dependabot_organization_secret_repositories (Resource) - GitHub" +description: |- + Manages repository allow list for an Dependabot Secret within a GitHub organization. +--- + +# github_dependabot_organization_secret_repositories (Resource) + +This resource allows you to manage the repositories allowed to access a Dependabot secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +```terraform +resource "github_dependabot_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_dependabot_organization_secret_repositories" "example" { + secret_name = github_dependabot_organization_secret.example.name + selected_repository_ids = [github_repository.example.repo_id] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the Dependabot organization secret. +- `selected_repository_ids` - (Required) List of IDs for the repositories that should be able to access the secret. + +## Import + +This resource can be imported using the secret name as the ID. + +### Import Block + +The following import block imports the repositories able to access the Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret_repositories` resource named `example`. + +```terraform +import { + to = github_dependabot_organization_secret_repositories.example + id = "mysecret" +} +``` + +### Import Command + +The following command imports the repositories able to access the Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret_repositories` resource named `example`. + +```shell +terraform import github_dependabot_organization_secret_repositories.example mysecret +``` diff --git a/docs/resources/dependabot_organization_secret_repository.md b/docs/resources/dependabot_organization_secret_repository.md new file mode 100644 index 0000000000..1273361850 --- /dev/null +++ b/docs/resources/dependabot_organization_secret_repository.md @@ -0,0 +1,61 @@ +--- +page_title: "github_dependabot_organization_secret_repository (Resource) - GitHub" +description: |- + Add access for a repository to a Dependabot Secret within a GitHub organization. +--- + +# github_dependabot_organization_secret_repository (Resource) + +This resource adds permission for a repository to use a Dependabot secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +```terraform +resource "github_dependabot_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_dependabot_organization_secret_repository" "example" { + secret_name = github_dependabot_organization_secret.example.name + repository_id = github_repository.example.repo_id +} +``` + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the Dependabot organization secret. +- `repository_id` - (Required) ID of the repository that should be able to access the secret. + +## Import + +This resource can be imported using an ID made of the secret name and repository name separated by a `:`. + +### Import Block + +The following import block imports the access of repository ID `123456` for the Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret_repository` resource named `example`. + +```terraform +import { + to = github_dependabot_organization_secret_repository.example + id = "mysecret:123456" +} +``` + +### Import Command + +The following command imports the access of repository ID `123456` for the Dependabot organization secret named `mysecret` to a `v` resource named `example`. + +```shell +terraform import github_dependabot_organization_secret_repository.example mysecret:123456 +``` diff --git a/docs/resources/dependabot_secret.md b/docs/resources/dependabot_secret.md new file mode 100644 index 0000000000..bf40ff6f18 --- /dev/null +++ b/docs/resources/dependabot_secret.md @@ -0,0 +1,89 @@ +--- +page_title: "github_dependabot_secret (Resource) - GitHub" +description: |- + Creates and manages an Dependabot Secret within a GitHub repository +--- + +# github_dependabot_secret (Resource) + +This resource allows you to create and manage GitHub Dependabot secrets within your GitHub repositories. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +```terraform +resource "github_dependabot_secret" "example_plaintext" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string +} + +resource "github_dependabot_secret" "example_encrypted" { + repository = "example_repository" + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string +} +``` + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +```terraform +resource "github_dependabot_secret" "example_allow_drift" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using an ID made of the repository name, and secret name separated by a `:`. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub Dependabot secret named `mysecret` for the repo `myrepo` to a `github_dependabot_secret` resource named `example`. + +```terraform +import { + to = github_dependabot_secret.example + id = "myrepo:mysecret" +} +``` + +### Import Command + +The following command imports a GitHub Dependabot secret named `mysecret` for the repo `myrepo` to a `github_dependabot_secret` resource named `example`. + +```shell +terraform import github_dependabot_secret.example myrepo:mysecret +``` diff --git a/docs/resources/emu_group_mapping.md b/docs/resources/emu_group_mapping.md new file mode 100644 index 0000000000..6c531f34b2 --- /dev/null +++ b/docs/resources/emu_group_mapping.md @@ -0,0 +1,33 @@ +--- +page_title: "github_emu_group_mapping (Resource) - GitHub" +description: |- + Manages mappings between external groups for enterprise managed users. +--- + +# github_emu_group_mapping (Resource) + +This resource manages mappings between external groups for enterprise managed users and GitHub teams. It wraps the [Teams#ExternalGroups API](https://docs.github.com/en/rest/reference/teams#external-groups). Note that this is a distinct resource from `github_team_sync_group_mapping`. `github_emu_group_mapping` is special to the Enterprise Managed User (EMU) external group feature, whereas `github_team_sync_group_mapping` is specific to Identity Provider Groups. + +## Example Usage + +```terraform +resource "github_emu_group_mapping" "example_emu_group_mapping" { + team_slug = "emu-test-team" # The GitHub team name to modify + group_id = 28836 # The group ID of the external group to link +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) Slug of the GitHub team +- `group_id` - (Required) Integer corresponding to the external group ID to be linked + +## Import + +GitHub EMU External Group Mappings can be imported using the external `group_id` and `team_slug` separated by a colon, e.g. + +```sh +terraform import github_emu_group_mapping.example_emu_group_mapping 28836:emu-test-team +``` diff --git a/docs/resources/enterprise_actions_permissions.md b/docs/resources/enterprise_actions_permissions.md new file mode 100644 index 0000000000..86a8af9d29 --- /dev/null +++ b/docs/resources/enterprise_actions_permissions.md @@ -0,0 +1,63 @@ +--- +page_title: "github_enterprise_actions_permissions (Resource) - GitHub" +description: |- + Creates and manages Actions permissions within a GitHub enterprise +--- + +# github_enterprise_actions_permissions (Resource) + +This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise. You must have admin access to an enterprise to use this resource. + +## Example Usage + +```terraform +data "github_organization" "example-org" { + name = "my-org" +} + +resource "github_enterprise_actions_permissions" "test" { + enterprise_slug = "my-enterprise" + allowed_actions = "selected" + enabled_organizations = "selected" + allowed_actions_config { + github_owned_allowed = true + patterns_allowed = ["actions/cache@*", "actions/checkout@*"] + verified_allowed = true + } + enabled_organizations_config { + organization_ids = [data.github_organization.example-org.id] + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `"my-enterprise"` - (Required) The slug of the enterprise. +- `allowed_actions` - (Optional) The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`. +- `enabled_organizations` - (Required) The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`. +- `allowed_actions_config` - (Optional) Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See [Allowed Actions Config](#allowed-actions-config) below for details. +- `enabled_organizations_config` - (Optional) Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See [Enabled Organizations Config](#enabled-organizations-config) below for details. + +### Allowed Actions Config + +The `allowed_actions_config` block supports the following: + +- `github_owned_allowed` - (Required) Whether GitHub-owned actions are allowed in the organization. +- `patterns_allowed` - (Optional) Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*." +- `verified_allowed` - (Optional) Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators. + +### Enabled Organizations Config + +The `enabled_organizations_config` block supports the following: + +- `organization_ids` - (Required) List of organization IDs to enable for GitHub Actions. + +## Import + +This resource can be imported using the name of the GitHub enterprise: + +```hcl +$ terraform import github_enterprise_actions_permissions.test github_enterprise_name +``` diff --git a/docs/resources/enterprise_actions_runner_group.md b/docs/resources/enterprise_actions_runner_group.md new file mode 100644 index 0000000000..be3b2c70f3 --- /dev/null +++ b/docs/resources/enterprise_actions_runner_group.md @@ -0,0 +1,64 @@ +--- +page_title: "github_enterprise_actions_runner_group (Resource) - GitHub" +description: |- + Creates and manages an Actions Runner Group within a GitHub enterprise. +--- + +# github_enterprise_actions_runner_group (Resource) + +This resource allows you to create and manage GitHub Actions runner groups within your GitHub enterprise. You must have admin access to an enterprise to use this resource. + +## Example Usage + +```terraform +data "github_enterprise" "enterprise" { + slug = "my-enterprise" +} + +resource "github_enterprise_organization" "enterprise_organization" { + enterprise_id = data.github_enterprise.enterprise.id + name = "my-organization" + billing_email = "octocat@octo.cat" + admin_logins = ["octocat"] +} + +resource "github_enterprise_actions_runner_group" "example" { + name = "my-awesome-runner-group" + enterprise_slug = data.github_enterprise.enterprise.slug + allows_public_repositories = true + visibility = "selected" + selected_organization_ids = [github_enterprise_organization.enterprise_organization.database_id] + restricted_to_workflows = true + selected_workflows = ["my-organization/my-repo/.github/workflows/cool-workflow.yaml@refs/tags/v1"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `enterprise_slug` - (Required) The slug of the enterprise. +- `name` - (Required) Name of the runner group +- `visibility` - (Required) Visibility of a runner group to enterprise organizations. Whether the runner group can include `all` or `selected` +- `selected_organization_ids` - (Optional) IDs of the organizations which should be added to the runner group +- `allows_public_repositories` - (Optional) Whether public repositories can be added to the runner group. Defaults to false. +- `restricted_to_workflows` - (Optional) If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. +- `selected_workflows` - (Optional) List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the runner group +- `default` - Whether this is the default runner group +- `etag` - An etag representing the runner group object +- `runners_url` - The GitHub API URL for the runner group's runners +- `selected_organizations_url` - The GitHub API URL for the runner group's selected organizations + +## Import + +This resource can be imported using the enterprise slug and the ID of the runner group: + +```hcl +$ terraform import github_enterprise_actions_runner_group.test enterprise-slug/42 +``` diff --git a/docs/resources/enterprise_actions_workflow_permissions.md b/docs/resources/enterprise_actions_workflow_permissions.md new file mode 100644 index 0000000000..592a37defb --- /dev/null +++ b/docs/resources/enterprise_actions_workflow_permissions.md @@ -0,0 +1,64 @@ +--- +page_title: "github_enterprise_actions_workflow_permissions (Resource) - GitHub" +description: |- + Manages GitHub Actions workflow permissions for a GitHub Enterprise. +--- + +# github_enterprise_actions_workflow_permissions (Resource) + +This resource allows you to manage GitHub Actions workflow permissions for a GitHub Enterprise account. This controls the default permissions granted to the GITHUB_TOKEN when running workflows and whether GitHub Actions can approve pull request reviews. + +You must have enterprise admin access to use this resource. + +## Example Usage + +```terraform +# Basic workflow permissions configuration +resource "github_enterprise_actions_workflow_permissions" "example" { + enterprise_slug = "my-enterprise" + + default_workflow_permissions = "read" + can_approve_pull_request_reviews = false +} + +# Allow write permissions and PR approvals +resource "github_enterprise_actions_workflow_permissions" "permissive" { + enterprise_slug = "my-enterprise" + + default_workflow_permissions = "write" + can_approve_pull_request_reviews = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `enterprise_slug` - (Required) The slug of the enterprise. + +- `default_workflow_permissions` - (Optional) The default workflow permissions granted to the GITHUB_TOKEN when running workflows. Can be `read` or `write`. Defaults to `read`. + +- `can_approve_pull_request_reviews` - (Optional) Whether GitHub Actions can approve pull request reviews. Defaults to `false`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `id` - The enterprise slug. + +## Import + +Enterprise Actions workflow permissions can be imported using the enterprise slug: + +```hcl +terraform import github_enterprise_actions_workflow_permissions.example my-enterprise +``` + +## Notes + +~> **Note:*- This resource requires a GitHub Enterprise account and enterprise admin permissions. + +When this resource is destroyed, the workflow permissions will be reset to safe defaults: + +- `default_workflow_permissions` = `read` +- `can_approve_pull_request_reviews` = `false` diff --git a/docs/resources/enterprise_organization.md b/docs/resources/enterprise_organization.md new file mode 100644 index 0000000000..a9bb2b955c --- /dev/null +++ b/docs/resources/enterprise_organization.md @@ -0,0 +1,48 @@ +--- +page_title: "github_enterprise_organization (Resource) - GitHub" +description: |- + Create and manages a GitHub enterprise organization. +--- + +# github_enterprise_organization (Resource) + +This resource allows you to create and manage a GitHub enterprise organization. + +## Example Usage + +```hcl +resource "github_enterprise_organization" "org" { + enterprise_id = data.github_enterprise.enterprise.id + name = "some-awesome-org" + display_name = "Some Awesome Org" + description = "Organization created with terraform" + billing_email = "jon@winteriscoming.com" + admin_logins = [ + "jon-snow" + ] +} +``` + +## Argument Reference + +- `enterprise_id` - (Required) The ID of the enterprise. +- `name` - (Required) The name of the organization. +- `description` - (Optional) The description of the organization. +- `display_name` - (Optional) The display name of the organization. +- `billing_email` - (Required) The billing email address. +- `admin_logins` - (Required) List of organization owner usernames. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The node ID of the organization for use with the v4 API. +- `database_id` - The ID of the organization. + +## Import + +GitHub Enterprise Organization can be imported using the `slug` of the enterprise, combined with the `orgname` of the organization, separated by a `/` character. + +```hcl +$ terraform import github_enterprise_organization.org enterp/some-awesome-org +``` diff --git a/docs/resources/enterprise_security_analysis_settings.md b/docs/resources/enterprise_security_analysis_settings.md new file mode 100644 index 0000000000..86152bab8a --- /dev/null +++ b/docs/resources/enterprise_security_analysis_settings.md @@ -0,0 +1,82 @@ +--- +page_title: "github_enterprise_security_analysis_settings (Resource) - GitHub" +description: |- + Manages GitHub Enterprise security analysis settings. +--- + +# github_enterprise_security_analysis_settings (Resource) + +This resource allows you to manage code security and analysis settings for a GitHub Enterprise account. This controls Advanced Security, Secret Scanning, and related security features that are automatically enabled for new repositories in the enterprise. + +You must have enterprise admin access to use this resource. + +## Example Usage + +```terraform +# Basic security settings - enable secret scanning only +resource "github_enterprise_security_analysis_settings" "basic" { + enterprise_slug = "my-enterprise" + + secret_scanning_enabled_for_new_repositories = true +} + +# Full security configuration with all features enabled +resource "github_enterprise_security_analysis_settings" "comprehensive" { + enterprise_slug = "my-enterprise" + + advanced_security_enabled_for_new_repositories = true + secret_scanning_enabled_for_new_repositories = true + secret_scanning_push_protection_enabled_for_new_repositories = true + secret_scanning_validity_checks_enabled = true + secret_scanning_push_protection_custom_link = "https://octokit.com/security-guidelines" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `enterprise_slug` - (Required) The slug of the enterprise. + +- `advanced_security_enabled_for_new_repositories` - (Optional) Whether GitHub Advanced Security is automatically enabled for new repositories. Defaults to `false`. Requires Advanced Security license. + +- `secret_scanning_enabled_for_new_repositories` - (Optional) Whether secret scanning is automatically enabled for new repositories. Defaults to `false`. + +- `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether secret scanning push protection is automatically enabled for new repositories. Defaults to `false`. + +- `secret_scanning_push_protection_custom_link` - (Optional) Custom URL for secret scanning push protection bypass instructions. + +- `secret_scanning_validity_checks_enabled` - (Optional) Whether secret scanning validity checks are enabled. Defaults to `false`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `id` - The enterprise slug. + +## Import + +Enterprise security analysis settings can be imported using the enterprise slug: + +```hcl +terraform import github_enterprise_security_analysis_settings.example my-enterprise +``` + +## Notes + +~> **Note:*- This resource requires a GitHub Enterprise account and enterprise admin permissions. + +~> **Note:*- Advanced Security features require a GitHub Advanced Security license. + +When this resource is destroyed, all security analysis settings will be reset to disabled defaults for security reasons. + +## Dependencies + +This resource manages the following security features: + +- **Advanced Security**: Code scanning, secret scanning, and dependency review +- **Secret Scanning**: Automatic detection of secrets in code +- **Push Protection**: Prevents secrets from being committed to repositories +- **Validity Checks**: Verifies that detected secrets are actually valid + +These settings only apply to **new repositories*- created after the settings are enabled. Existing repositories are not affected and must be configured individually. diff --git a/docs/resources/issue.md b/docs/resources/issue.md new file mode 100644 index 0000000000..3a0dea5e06 --- /dev/null +++ b/docs/resources/issue.md @@ -0,0 +1,87 @@ +--- +page_title: "github_issue (Resource) - GitHub" +description: |- + Provides a GitHub issue resource. +--- + +# github_issue (Resource) + +Provides a GitHub issue resource. + +This resource allows you to create and manage issue within your GitHub repository. + +## Example Usage + +```terraform +# Create a simple issue +resource "github_repository" "test" { + name = "tf-acc-test-%s" + auto_init = true + has_issues = true +} + +resource "github_issue" "test" { + repository = github_repository.test.name + title = "My issue title" + body = "The body of my issue" +} +``` + +## Example Usage with milestone and project assignment + +```terraform +# Create an issue with milestone and project assignment +resource "github_repository" "test" { + name = "tf-acc-test-%s" + auto_init = true + has_issues = true +} + +resource "github_repository_milestone" "test" { + owner = split("/", "${github_repository.test.full_name}")[0] + repository = github_repository.test.name + title = "v1.0.0" + description = "General Availability" + due_date = "2022-11-22" + state = "open" +} + +resource "github_issue" "test" { + repository = github_repository.test.name + title = "My issue" + body = "My issue body" + labels = ["bug", "documentation"] + assignees = ["bob-github"] + milestone_number = github_repository_milestone.test.number +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name + +- `title` - (Required) Title of the issue + +- `body` - (Optional) Body of the issue + +- `labels` - (Optional) List of labels to attach to the issue + +- `assignees` - (Optional) List of Logins to assign the to the issue + +- `milestone_number` - (Optional) Milestone number to assign to the issue + +## Attributes Reference + +- `number` - (Computed) - The issue number + +- `issue_id` - (Computed) - The issue id + +## Import + +GitHub Issues can be imported using an ID made up of `repository:number`, e.g. + +```hcl +$ terraform import github_issue.issue_15 myrepo:15 +``` diff --git a/docs/resources/issue_label.md b/docs/resources/issue_label.md new file mode 100644 index 0000000000..cef835216e --- /dev/null +++ b/docs/resources/issue_label.md @@ -0,0 +1,50 @@ +--- +page_title: "github_issue_label (Resource) - GitHub" +description: |- + Provides a GitHub issue label resource. +--- + +# github_issue_label (Resource) + +Provides a GitHub issue label resource. + +This resource allows you to create and manage issue labels within your GitHub organization. + +Issue labels are keyed off of their "name", so pre-existing issue labels result in a 422 HTTP error if they exist outside of Terraform. Normally this would not be an issue, except new repositories are created with a "default" set of labels, and those labels easily conflict with custom ones. + +This resource will first check if the label exists, and then issue an update, otherwise it will create. + +~> **Note:*- When a repository is archived, Terraform will skip deletion of issue labels to avoid API errors, as archived repositories are read-only. The labels will be removed from Terraform state without attempting to delete them from GitHub. + +## Example Usage + +```terraform +# Create a new, red colored label +resource "github_issue_label" "test_repo" { + repository = "test-repo" + name = "Urgent" + color = "FF0000" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository + +- `name` - (Required) The name of the label. + +- `color` - (Required) A 6 character hex code, **without the leading #**, identifying the color of the label. + +- `description` - (Optional) A short description of the label. + +- `url` - (Computed) The URL to the issue label + +## Import + +GitHub Issue Labels can be imported using an ID made up of `repository:name`, e.g. + +```hcl +$ terraform import github_issue_label.panic_label terraform:panic +``` diff --git a/docs/resources/issue_labels.md b/docs/resources/issue_labels.md new file mode 100644 index 0000000000..40d62bceed --- /dev/null +++ b/docs/resources/issue_labels.md @@ -0,0 +1,60 @@ +--- +page_title: "github_issue_labels (Resource) - GitHub" +description: |- + Provides GitHub issue labels resource. +--- + +# github_issue_labels (Resource) + +Provides GitHub issue labels resource. + +This resource allows you to create and manage issue labels within your GitHub organization. + +~> Note: github_issue_labels cannot be used in conjunction with github_issue_label or they will fight over what your policy should be. + +This resource is authoritative. For adding a label to a repo in a non-authoritative manner, use github_issue_label instead. + +If you change the case of a label's name, its' color, or description, this resource will edit the existing label to match the new values. However, if you change the name of a label, this resource will create a new label with the new name and delete the old label. Beware that this will remove the label from any issues it was previously attached to. + +~> **Note:*- When a repository is archived, Terraform will skip deletion of issue labels to avoid API errors, as archived repositories are read-only. The labels will be removed from Terraform state without attempting to delete them from GitHub. + +## Example Usage + +```terraform +# Create a new, red colored label +resource "github_issue_labels" "test_repo" { + repository = "test-repo" + + label { + name = "Urgent" + color = "FF0000" + } + + label { + name = "Critical" + color = "FF0000" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository + +- `name` - (Required) The name of the label. + +- `color` - (Required) A 6 character hex code, **without the leading #**, identifying the color of the label. + +- `description` - (Optional) A short description of the label. + +- `url` - (Computed) The URL to the issue label + +## Import + +GitHub Issue Labels can be imported using the repository `name`, e.g. + +```hcl +$ terraform import github_issue_labels.test_repo test_repo +``` diff --git a/docs/resources/membership.md b/docs/resources/membership.md new file mode 100644 index 0000000000..d5beef0960 --- /dev/null +++ b/docs/resources/membership.md @@ -0,0 +1,37 @@ +--- +page_title: "github_membership (Resource) - GitHub" +description: |- + Provides a GitHub membership resource. +--- + +# github_membership (Resource) + +Provides a GitHub membership resource. + +This resource allows you to add/remove users from your organization. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed. + +## Example Usage + +```terraform +# Add a user to the organization +resource "github_membership" "membership_for_some_user" { + username = "SomeUser" + role = "member" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `username` - (Required) The user to add to the organization. +- `role` - (Optional) The role of the user within the organization. Must be one of `member` or `admin`. Defaults to `member`. `admin` role represents the `owner` role available via GitHub UI. +- `downgrade_on_destroy` - (Optional) Defaults to `false`. If set to true, when this resource is destroyed, the member will not be removed from the organization. Instead, the member's role will be downgraded to 'member'. + +## Import + +GitHub Membership can be imported using an ID made up of `organization:username`, e.g. + +```hcl +$ terraform import github_membership.member hashicorp:someuser +``` diff --git a/docs/resources/organization_block.md b/docs/resources/organization_block.md new file mode 100644 index 0000000000..c3eb88780b --- /dev/null +++ b/docs/resources/organization_block.md @@ -0,0 +1,31 @@ +--- +page_title: "github_organization_block (Resource) - GitHub" +description: |- + Creates and manages blocks for GitHub organizations +--- + +# github_organization_block (Resource) + +This resource allows you to create and manage blocks for GitHub organizations. + +## Example Usage + +```terraform +resource "github_organization_block" "example" { + username = "paultyng" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `username` - (Required) The name of the user to block. + +## Import + +GitHub organization block can be imported using a username, e.g. + +```hcl +$ terraform import github_github_organization_block.example someuser +``` diff --git a/docs/resources/organization_custom_properties.md b/docs/resources/organization_custom_properties.md new file mode 100644 index 0000000000..f27d8af532 --- /dev/null +++ b/docs/resources/organization_custom_properties.md @@ -0,0 +1,97 @@ +--- +page_title: "github_organization_custom_properties (Resource) - GitHub" +description: |- + Creates and manages custom properties for a GitHub organization +--- + +# github_organization_custom_properties (Resource) + +This resource allows you to create and manage custom properties for a GitHub organization. + +Custom properties enable you to add metadata to repositories within your organization. You can use custom properties to add context about repositories, such as who owns them, when they expire, or compliance requirements. + +## Example Usage + +```terraform +resource "github_organization_custom_properties" "environment" { + property_name = "environment" + value_type = "single_select" + required = true + description = "The deployment environment for this repository" + default_value = "development" + allowed_values = [ + "development", + "staging", + "production" + ] +} +``` + +## Example Usage - Allow Repository Actors to Edit + +This example shows how to allow repository administrators to edit the property values: + +```terraform +resource "github_organization_custom_properties" "team_contact" { + property_name = "team_contact" + value_type = "string" + required = false + description = "Contact information for the team managing this repository" + values_editable_by = "org_and_repo_actors" +} +``` + +## Example Usage - Text Property + +```terraform +resource "github_organization_custom_properties" "owner" { + property_name = "owner" + value_type = "string" + required = true + description = "The team or individual responsible for this repository" +} +``` + +## Example Usage - Boolean Property + +```terraform +resource "github_organization_custom_properties" "archived" { + property_name = "archived" + value_type = "true_false" + required = false + description = "Whether this repository is archived" + default_value = "false" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `property_name` - (Required) The name of the custom property. + +- `value_type` - (Optional) The type of the custom property. Can be one of `string`, `single_select`, `multi_select`, or `true_false`. Defaults to `string`. + +- `required` - (Optional) Whether the custom property is required. Defaults to `false`. + +- `description` - (Optional) The description of the custom property. + +- `default_value` - (Optional) The default value of the custom property. + +- `allowed_values` - (Optional) List of allowed values for the custom property. Only applicable when `value_type` is `single_select` or `multi_select`. + +- `values_editable_by` - (Optional) Who can edit the values of the custom property. Can be one of `org_actors` or `org_and_repo_actors`. When set to `org_actors` (the default), only organization owners can edit the property values on repositories. When set to `org_and_repo_actors`, both organization owners and repository administrators with the custom properties permission can edit the values. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `property_name` - The name of the custom property. + +## Import + +Organization custom properties can be imported using the property name: + +```hcl +terraform import github_organization_custom_properties.environment environment +``` diff --git a/docs/resources/organization_custom_role.md b/docs/resources/organization_custom_role.md new file mode 100644 index 0000000000..c202cb56c2 --- /dev/null +++ b/docs/resources/organization_custom_role.md @@ -0,0 +1,67 @@ +--- +page_title: "github_organization_custom_role (Resource) - GitHub" +description: |- + Creates and manages a custom role in a GitHub Organization for use in repositories. +--- + +# github\_organization\_custom\_role + +~> **Note:*- This resource is deprecated, please use the `github_organization_repository_role` resource instead. + +This resource allows you to create and manage custom roles in a GitHub Organization for use in repositories. + +~> Note: Custom roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +resource "github_organization_custom_role" "example" { + name = "example" + description = "Example custom role that uses the read role as its base" + base_role = "read" + permissions = [ + "add_assignee", + "add_label", + "bypass_branch_protection", + "close_issue", + "close_pull_request", + "mark_as_duplicate", + "create_tag", + "delete_issue", + "delete_tag", + "manage_deploy_keys", + "push_protected_branch", + "read_code_scanning", + "reopen_issue", + "reopen_pull_request", + "request_pr_review", + "resolve_dependabot_alerts", + "resolve_secret_scanning_alerts", + "view_secret_scanning_alerts", + "write_code_scanning" + ] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the custom role. +- `description` - (Optional) The description for the custom role. +- `base_role` - (Required) The system role from which the role inherits permissions. Can be one of: `read`, `triage`, `write`, or `maintain`. +- `permissions` - (Required) A list of additional permissions included in this role. Must have a minimum of 1 additional permission. The list of available permissions can be found using the [list repository fine-grained permissions for an organization](https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/custom-roles?apiVersion=2022-11-28#list-repository-fine-grained-permissions-for-an-organization) API. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the custom role. + +## Import + +Custom roles can be imported using the `id` of the role. The `id` of the custom role can be found using the [list custom roles in an organization](https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization) API. + +```hcl +$ terraform import github_organization_custom_role.example 1234 +``` diff --git a/docs/resources/organization_project.md b/docs/resources/organization_project.md new file mode 100644 index 0000000000..ff2874d97b --- /dev/null +++ b/docs/resources/organization_project.md @@ -0,0 +1,34 @@ +--- +page_title: "github_organization_project (Resource) - GitHub" +description: |- + Creates and manages projects for GitHub organizations +--- + +# github_organization_project (Resource) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage projects for GitHub organization. + +## Example Usage + +```terraform +resource "github_organization_project" "project" { + name = "A Organization Project" + body = "This is a organization project." +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the project. + +- `body` - (Optional) The body of the project. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the project diff --git a/docs/resources/organization_repository_role.md b/docs/resources/organization_repository_role.md new file mode 100644 index 0000000000..1436510379 --- /dev/null +++ b/docs/resources/organization_repository_role.md @@ -0,0 +1,49 @@ +--- +page_title: "github_organization_repository_role (Resource) - GitHub" +description: |- + Manage a custom organization repository role. +--- + +# github_organization_repository_role (Resource) + +Manage a custom organization repository role. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +resource "github_organization_repository_role" "example" { + name = "example" + base_role = "read" + + permissions = [ + "add_assignee", + "add_label" + ] +} +``` + +## Schema + +### Required + +- `name` (String) The name of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String, Min: 1) The permissions included in this role. + +### Optional + +- `description` (String) The description of the organization repository role. + +### Read-Only + +- `role_id` (Number) The ID of the organization repository role. + +## Import + +A custom organization repository role can be imported using its ID. + +```shell +terraform import github_organization_repository_role.example 1234 +``` diff --git a/docs/resources/organization_role.md b/docs/resources/organization_role.md new file mode 100644 index 0000000000..4770d66913 --- /dev/null +++ b/docs/resources/organization_role.md @@ -0,0 +1,49 @@ +--- +page_title: "github_organization_role (Resource) - GitHub" +description: |- + Manage a custom organization role. +--- + +# github_organization_role (Resource) + +Manage a custom organization role. + +~> **Note**: Custom organization roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +```terraform +resource "github_organization_role" "example" { + name = "example" + base_role = "read" + + permissions = [ + "read_organization_custom_org_role", + "read_organization_custom_repo_role" + ] +} +``` + +## Schema + +### Required + +- `name` (String) The name of the organization role. +- `permissions` (Set of String) The permissions included in this role. Only organization permissions can be set if the `base_role` isn't set or is set to `none`. + +### Optional + +- `description` (String) The description of the organization role. +- `base_role` (String) The system role from which this role inherits permissions; one of `none`, `read`, `triage`, `write`, `maintain`, or `admin`. Defaults to `none`. + +### Read-Only + +- `role_id` (Number) The ID of the organization role. + +## Import + +A custom organization role can be imported using its ID. + +```shell +terraform import github_organization_role.example 1234 +``` diff --git a/docs/resources/organization_role_team.md b/docs/resources/organization_role_team.md new file mode 100644 index 0000000000..9e29d0763d --- /dev/null +++ b/docs/resources/organization_role_team.md @@ -0,0 +1,33 @@ +--- +page_title: "github_organization_role_team (Resource) - GitHub" +description: |- + Manage an association between an organization role and a team. +--- + +# github_organization_role_team (Resource) + +Manage an association between an organization role and a team. + +## Example Usage + +```terraform +resource "github_organization_role_team" "example" { + role_id = 1234 + team_slug = "example-team" +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. +- `team_slug` (String) The slug of the team name. + +## Import + +An organization role team association can be imported using the role ID and the team slug separated by a `:`. + +```shell +terraform import github_organization_role_team.example "1234:example-team" +``` diff --git a/docs/resources/organization_role_team_assignment.md b/docs/resources/organization_role_team_assignment.md new file mode 100644 index 0000000000..98137822d9 --- /dev/null +++ b/docs/resources/organization_role_team_assignment.md @@ -0,0 +1,43 @@ +--- +page_title: "github_organization_role_team_assignment (Resource) - GitHub" +description: |- + Manages the associations between teams and organization roles. +--- + +# github_organization_role_team_assignment (Resource) + +~> **Note:*- This resource is deprecated, please use the `github_organization_role_team` resource instead. + +This resource manages relationships between teams and organization roles in your GitHub organization. This works on predefined roles, and custom roles, where the latter is an Enterprise feature. + +Creating this resource assigns the role to a team. + +The organization role and team must both belong to the same organization on GitHub. + +## Example Usage + +```terraform +resource "github_team" "test-team" { + name = "test-team" +} + +resource "github_organization_role_team_assignment" "test-team-role-assignment" { + team_slug = github_team.test-team.slug + role_id = "8132" # all_repo_read (predefined) +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) The GitHub team slug +- `role_id` - (Required) The GitHub organization role id + +## Import + +GitHub Team Organization Role Assignment can be imported using an ID made up of `team_slug:role_id` + +```hcl +$ terraform import github_organization_role_team_assignment.role_assignment test-team:8132 +``` diff --git a/docs/resources/organization_role_user.md b/docs/resources/organization_role_user.md new file mode 100644 index 0000000000..4115a547a9 --- /dev/null +++ b/docs/resources/organization_role_user.md @@ -0,0 +1,33 @@ +--- +page_title: "github_organization_role_user (Resource) - GitHub" +description: |- + Manage an association between an organization role and a user. +--- + +# github_organization_role_user (Resource) + +Manage an association between an organization role and a user. + +## Example Usage + +```terraform +resource "github_organization_role_user" "example" { + role_id = 1234 + login = "example-user" +} +``` + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. +- `login` (String) The login for the GitHub user account. + +## Import + +An organization role user association can be imported using the role ID and the user login separated by a `:`. + +```shell +terraform import github_organization_role_team.example "1234:example-user" +``` diff --git a/docs/resources/organization_ruleset.md b/docs/resources/organization_ruleset.md new file mode 100644 index 0000000000..7891b3be3e --- /dev/null +++ b/docs/resources/organization_ruleset.md @@ -0,0 +1,360 @@ +--- +page_title: "github_organization_ruleset (Resource) - GitHub" +description: |- + Creates a GitHub organization ruleset. +--- + +# github_organization_ruleset (Resource) + +Creates a GitHub organization ruleset. + +This resource allows you to create and manage rulesets on the organization level. When applied, a new ruleset will be created. When destroyed, that ruleset will be removed. + +## Example Usage + +```terraform +resource "github_organization_ruleset" "example" { + name = "example" + target = "branch" + enforcement = "active" + + conditions { + ref_name { + include = ["~ALL"] + exclude = [] + } + } + + bypass_actors { + actor_id = 13473 + actor_type = "Integration" + bypass_mode = "always" + } + + rules { + creation = true + update = true + deletion = true + required_linear_history = true + required_signatures = true + + branch_name_pattern { + name = "example" + negate = false + operator = "starts_with" + pattern = "ex" + } + + required_workflows { + do_not_enforce_on_create = true + required_workflow { + repository_id = 1234 + path = ".github/workflows/ci.yml" + ref = "main" + } + } + + required_code_scanning { + required_code_scanning_tool { + alerts_threshold = "errors" + security_alerts_threshold = "high_or_higher" + tool = "CodeQL" + } + } + } +} + +# Example with push ruleset +# Note: Push targets must NOT have ref_name in conditions, only repository_name or repository_id +resource "github_organization_ruleset" "example_push" { + name = "example_push" + target = "push" + enforcement = "active" + + conditions { + repository_name { + include = ["~ALL"] + exclude = [] + } + } + + rules { + # Push targets only support these rules: + # file_path_restriction, max_file_size, max_file_path_length, file_extension_restriction + file_path_restriction { + restricted_file_paths = [".github/workflows/*", "*.env"] + } + + max_file_size { + max_file_size = 100 # 100 MB + } + + max_file_path_length { + max_file_path_length = 255 + } + + file_extension_restriction { + restricted_file_extensions = ["*.exe", "*.dll", "*.so"] + } + } +} +``` + +## Argument Reference + +- `enforcement` - (Required) (String) Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`. + +- `name` - (Required) (String) The name of the ruleset. + +- `rules` - (Required) (Block List, Min: 1, Max: 1) Rules within the ruleset. (see [below for nested schema](#rules)) + +- `target` - (Required) (String) Possible values are `branch`, `tag` and `push`. + +- `bypass_actors` - (Optional) (Block List) The actors that can bypass the rules in this ruleset. (see [below for nested schema](#bypass_actors)) + +- `conditions` - (Optional) (Block List, Max: 1) Parameters for an organization ruleset condition. For `branch` and `tag` targets, `ref_name` is required alongside one of `repository_name` or `repository_id`. For `push` targets, `ref_name` must NOT be set - only `repository_name` or `repository_id` should be used. (see [below for nested schema](#conditions)) + +### Rules + +The `rules` block supports the following: + +~> **Note:*- Rules are target-specific. `branch` and `tag` targets support rules like `creation`, `deletion`, `pull_request`, `required_status_checks`, etc. `push` targets only support `file_path_restriction`, `max_file_size`, `max_file_path_length`, and `file_extension_restriction`. Using the wrong rules for a target will result in a validation error. + +- `branch_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`. (see [below for nested schema](#rulesbranch_name_pattern)) + +- `commit_author_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_author_email_pattern)) + +- `commit_message_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_message_pattern)) + +- `committer_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommitter_email_pattern)) + +- `creation` - (Optional) (Boolean) Only allow users with bypass permission to create matching refs. + +- `deletion` - (Optional) (Boolean) Only allow users with bypass permissions to delete matching refs. + +- `non_fast_forward` - (Optional) (Boolean) Prevent users with push access from force pushing to branches. + +- `pull_request` - (Optional) (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see [below for nested schema](#rulespull_request)) + +- `copilot_code_review` - (Optional) (Block List, Max: 1) Automatically request Copilot code review for new pull requests if the author has access to Copilot code review and their premium requests quota has not reached the limit. (see [below for nested schema](#rulescopilot_code_review)) + +- `required_linear_history` - (Optional) (Boolean) Prevent merge commits from being pushed to matching branches. + +- `required_signatures` - (Optional) (Boolean) Commits pushed to matching branches must have verified signatures. + +- `required_status_checks` - (Optional) (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see [below for nested schema](#rulesrequired_status_checks)) + +- `required_workflows` - (Optional) (Block List, Max: 1) Define which Actions workflows must pass before changes can be merged into a branch matching the rule. Multiple workflows can be specified. (see [below for nested schema](#rulesrequired_workflows)) + +- `required_code_scanning` - (Optional) (Block List, Max: 1) Define which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated. Multiple code scanning tools can be specified. (see [below for nested schema](#rulesrequired_code_scanning)) + +- `tag_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`. (see [below for nested schema](#rulestag_name_pattern)) + +- `file_path_restriction` - (Optional) (Block List, Max: 1) Prevent commits that include changes to specified file paths from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesfile_path_restriction)) + +- `max_file_size` - (Optional) (Block List, Max: 1) Prevent commits that include files with a specified file size from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesmax_file_size)) + +- `max_file_path_length` - (Optional) (Block List, Max: 1) Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesmax_file_path_length)) + +- `file_extension_restriction` - (Optional) (Block List, Max: 1) Prevent commits that include files with specified file extensions from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesfile_extension_restriction)) + +- `update` - (Optional) (Boolean) Only allow users with bypass permission to update matching refs. + +#### rules.branch_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_author_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_message_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.committer_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.pull_request + +- `allowed_merge_methods` - (Optional) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. +- `dismiss_stale_reviews_on_push` - (Optional) (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`. + +- `require_code_owner_review` - (Optional) (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`. + +- `require_last_push_approval` - (Optional) (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`. + +- `required_approving_review_count` - (Optional) (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to `0`. + +- `required_review_thread_resolution` - (Optional) (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to `false`. + +#### rules.copilot_code_review + +- `review_on_push` - (Optional) (Boolean) Copilot automatically reviews each new push to the pull request. Defaults to `false`. + +- `review_draft_pull_requests` - (Optional) (Boolean) Copilot automatically reviews draft pull requests before they are marked as ready for review. Defaults to `false`. + +- `allowed_merge_methods` - (Required) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. + +- `required_reviewers` - (Optional) (Block List) Require specific reviewers to approve pull requests. Note: This feature is in beta. (see [below for nested schema](#rulespull_requestrequired_reviewers)) + +#### rules.pull_request.required_reviewers + +- `reviewer` - (Required) (Block List, Max: 1) The reviewer that must review matching files. (see [below for nested schema](#rulespull_requestrequired_reviewersreviewer)) + +- `file_patterns` - (Required) (List of String) File patterns (fnmatch syntax) that this reviewer must approve. + +- `minimum_approvals` - (Required) (Number) Minimum number of approvals required from this reviewer. Set to 0 to make approval optional. + +#### rules.pull_request.required_reviewers.reviewer + +- `id` - (Required) (Number) The ID of the reviewer (Team ID). + +- `type` - (Required) (String) The type of reviewer. Currently only `Team` is supported. + +#### rules.required_status_checks + +- `required_check` - (Required) (Block Set, Min: 1) Status checks that are required. Several can be defined. (see [below for nested schema](#required_status_checksrequired_check)) + +- `strict_required_status_checks_policy` - (Optional) (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`. + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +#### required_status_checks.required_check + +- `context` - (Required) (String) The status check context name that must be present on the commit. + +- `integration_id` - (Optional) (Number) The optional integration ID that this status check must originate from. + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +#### rules.required_workflows + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +- `required_workflow` - (Required) (Block Set, Min: 1) Actions workflows that are required. Multiple can be defined. (see [below for nested schema](#rulesrequired_workflowsrequired_workflow)) + +#### rules.required_workflows.required_workflow + +- `repository_id` - (Required) (Number) The ID of the repository. Names, full names and repository URLs are not supported. + +- `path` - (Required) (String) The path to the YAML definition file of the workflow. + +- `ref` - (Optional) (String) The optional ref from which to fetch the workflow. Defaults to `master`. + +#### rules.required_code_scanning + +- `required_code_scanning_tool` - (Required) (Block Set, Min: 1) Actions code scanning tools that are required. Multiple can be defined. (see [below for nested schema](#rulesrequired_code_scanningrequired_code_scanning_tool)) + +#### rules.required_code_scanning.required_code_scanning_tool + +- `alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise alerts block a reference update. Can be one of: `none`, `errors`, `errors_and_warnings`, `all`. + +- `security_alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise security alerts block a reference update. Can be one of: `none`, `critical`, `high_or_higher`, `medium_or_higher`, `all`. + +- `tool` - (Required) (String) The name of a code scanning tool. + +#### rules.tag_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.file_path_restriction + +- `restricted_file_paths` - (Required) (Block Set, Min: 1) The file paths that are restricted from being pushed to the commit graph. + +#### rules.max_file_size + +- `max_file_size` - (Required) (Integer) The maximum allowed size, in megabytes (MB), of a file. Valid range is 1-100 MB. + +#### rules.max_file_path_length + +- `max_file_path_length` - (Required) (Integer) The maximum number of characters allowed in file paths. + +#### rules.file_extension_restriction + +- `restricted_file_extensions` - (Required) (Block Set, Min: 1) The file extensions that are restricted from being pushed to the commit graph. + +#### bypass_actors + +- `actor_id` - (Optional) (Number) The ID of the actor that can bypass a ruleset. Some actor types such as `DeployKey` do not have an ID. + +- `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`. + +- `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`, `exempt`. + +~>Note: at the time of writing this, the following actor types correspond to the following actor IDs: + +- `OrganizationAdmin` -> `1` +- `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.) + - `maintain` -> `2` + - `write` -> `4` + - `admin` -> `5` + +#### conditions + +- `ref_name` - (Optional) (Block List, Max: 1) Required for `branch` and `tag` targets. Must NOT be set for `push` targets. (see [below for nested schema](#conditionsref_name)) +- `repository_id` (Optional) (List of Number) The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass. Conflicts with `repository_name`. +- `repository_name` (Optional) (Block List, Max: 1) Conflicts with `repository_id`. (see [below for nested schema](#conditionsrepository_name)) + +One of `repository_id` and `repository_name` must be set for the rule to target any repositories. + +~> **Note:*- For `push` targets, do not include `ref_name` in conditions. Push rulesets operate on file content, not on refs. + +#### conditions.ref_name + +- `exclude` - (Required) (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match. + +- `include` - (Required) (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches. + +#### conditions.repository_name + +- `exclude` - (Required) (List of String) Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match. +- `include` - (Required) (List of String) Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories. +- `protected` - (Optional) (Boolean) Whether renaming of target repositories is prevented. Defaults to `false`. + +## Attributes Reference + +The following additional attributes are exported: + +- `etag` (String) + +- `node_id` (String) GraphQL global node id for use with v4 API. + +- `ruleset_id` (Number) GitHub ID for the ruleset. + +## Import + +GitHub Organization Rulesets can be imported using the GitHub ruleset ID e.g. + +`$ terraform import github_organization_ruleset.example 12345` diff --git a/docs/resources/organization_security_manager.md b/docs/resources/organization_security_manager.md new file mode 100644 index 0000000000..c6f4f508cc --- /dev/null +++ b/docs/resources/organization_security_manager.md @@ -0,0 +1,36 @@ +--- +page_title: "github_organization_security_manager (Resource) - GitHub" +description: |- + Manages the Security manager teams for a GitHub Organization. +--- + +# github_organization_security_manager (Resource) + +~> **Note:*- This resource is deprecated, please use the `github_organization_role_team` resource instead. + +## Example Usage + +```terraform +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_organization_security_manager" "some_team" { + team_slug = github_team.some_team.slug +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) The slug of the team to manage. + +## Import + +GitHub Security Manager Teams can be imported using the GitHub team ID e.g. + +```hcl +$ terraform import github_organization_security_manager.core 1234567 +``` diff --git a/docs/resources/organization_settings.md b/docs/resources/organization_settings.md new file mode 100644 index 0000000000..5e17408f48 --- /dev/null +++ b/docs/resources/organization_settings.md @@ -0,0 +1,87 @@ +--- +page_title: "github_organization_settings (Resource) - GitHub" +description: |- + Creates and manages settings for a GitHub Organization. +--- + +# github_organization_settings (Resource) + +This resource allows you to create and manage settings for a GitHub Organization. + +## Example Usage + +```terraform +resource "github_organization_settings" "test" { + billing_email = "test@example.com" + company = "Test Company" + blog = "https://example.com" + email = "test@example.com" + twitter_username = "Test" + location = "Test Location" + name = "Test Name" + description = "Test Description" + has_organization_projects = true + has_repository_projects = true + default_repository_permission = "read" + members_can_create_repositories = true + members_can_create_public_repositories = true + members_can_create_private_repositories = true + members_can_create_internal_repositories = true + members_can_create_pages = true + members_can_create_public_pages = true + members_can_create_private_pages = true + members_can_fork_private_repositories = true + web_commit_signoff_required = true + advanced_security_enabled_for_new_repositories = false + dependabot_alerts_enabled_for_new_repositories = false + dependabot_security_updates_enabled_for_new_repositories = false + dependency_graph_enabled_for_new_repositories = false + secret_scanning_enabled_for_new_repositories = false + secret_scanning_push_protection_enabled_for_new_repositories = false +} +``` + +## Argument Reference + +The following arguments are supported: + +- `billing_email` - (Required) The billing email address for the organization. +- `company` - (Optional) The company name for the organization. +- `blog` - (Optional) The blog URL for the organization. +- `email` - (Optional) The email address for the organization. +- `twitter_username` - (Optional) The Twitter username for the organization. +- `location` - (Optional) The location for the organization. +- `name` - (Optional) The name for the organization. +- `description` - (Optional) The description for the organization. +- `has_organization_projects` - (Optional) Whether or not organization projects are enabled for the organization. +- `has_repository_projects` - (Optional) Whether or not repository projects are enabled for the organization. +- `default_repository_permission` - (Optional) The default permission for organization members to create new repositories. Can be one of `read`, `write`, `admin`, or `none`. Defaults to `read`. +- `members_can_create_repositories` - (Optional) Whether or not organization members can create new repositories. Defaults to `true`. +- `members_can_create_public_repositories` - (Optional) Whether or not organization members can create new public repositories. Defaults to `true`. +- `members_can_create_private_repositories` - (Optional) Whether or not organization members can create new private repositories. Defaults to `true`. +- `members_can_create_internal_repositories` - (Optional) Whether or not organization members can create new internal repositories. For Enterprise Organizations only. +- `members_can_create_pages` - (Optional) Whether or not organization members can create new pages. Defaults to `true`. +- `members_can_create_public_pages` - (Optional) Whether or not organization members can create new public pages. Defaults to `true`. +- `members_can_create_private_pages` - (Optional) Whether or not organization members can create new private pages. Defaults to `true`. +- `members_can_fork_private_repositories` - (Optional) Whether or not organization members can fork private repositories. Defaults to `false`. +- `web_commit_signoff_required` - (Optional) Whether or not commit signatures are required for commits to the organization. Defaults to `false`. +- `advanced_security_enabled_for_new_repositories` - (Optional) Whether or not advanced security is enabled for new repositories. Defaults to `false`. +- `dependabot_alerts_enabled_for_new_repositories` - (Optional) Whether or not dependabot alerts are enabled for new repositories. Defaults to `false`. +- `dependabot_security_updates_enabled_for_new_repositories` - (Optional) Whether or not dependabot security updates are enabled for new repositories. Defaults to `false`. +- `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. +- `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. +- `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the organization settings. + +## Import + +Organization settings can be imported using the `id` of the organization. The `id` of the organization can be found using the [get an organization](https://docs.github.com/en/rest/orgs/orgs#get-an-organization) API. + +```hcl +$ terraform import github_organization_settings.test 123456789 +``` diff --git a/docs/resources/organization_webhook.md b/docs/resources/organization_webhook.md new file mode 100644 index 0000000000..d4a8f2a9f8 --- /dev/null +++ b/docs/resources/organization_webhook.md @@ -0,0 +1,55 @@ +--- +page_title: "github_organization_webhook (Resource) - GitHub" +description: |- + Creates and manages webhooks for GitHub organizations +--- + +# github_organization_webhook (Resource) + +This resource allows you to create and manage webhooks for GitHub organization. + +## Example Usage + +```terraform +resource "github_organization_webhook" "foo" { + name = "web" + + configuration { + url = "https://google.de/" + content_type = "form" + insecure_ssl = false + } + + active = false + + events = ["issues"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `events` - (Required) A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) + +- `configuration` - (Required) key/value pair of configuration for this webhook. Available keys are `url`, `content_type`, `secret` and `insecure_ssl`. + +- `active` - (Optional) Indicate of the webhook should receive events. Defaults to `true`. + +- `name` - (Optional) The type of the webhook. `web` is the default and the only option. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the webhook + +## Import + +Organization webhooks can be imported using the `id` of the webhook. The `id` of the webhook can be found in the URL of the webhook. For example, `"https://github.com/organizations/foo-org/settings/hooks/123456789"`. + +```hcl +$ terraform import github_organization_webhook.terraform 123456789 +``` + +If secret is populated in the webhook's configuration, the value will be imported as "********". diff --git a/docs/resources/project_card.md b/docs/resources/project_card.md new file mode 100644 index 0000000000..d778e8cb67 --- /dev/null +++ b/docs/resources/project_card.md @@ -0,0 +1,85 @@ +--- +page_title: "github_project_card (Resource) - GitHub" +description: |- + Creates and manages project cards for GitHub projects +--- + +# github_project_card (Resource) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage cards for GitHub projects. + +## Example Usage + +```terraform +resource "github_organization_project" "project" { + name = "An Organization Project" + body = "This is an organization project." +} + +resource "github_project_column" "column" { + project_id = github_organization_project.project.id + name = "Backlog" +} + +resource "github_project_card" "card" { + column_id = github_project_column.column.column_id + note = "## Unaccepted 👇" +} +``` + +## Example Usage adding an Issue to a Project + +```terraform +resource "github_repository" "test" { + name = "myrepo" + has_projects = true + has_issues = true +} + +resource "github_issue" "test" { + repository = github_repository.test.id + title = "Test issue title" + body = "Test issue body" +} + +resource "github_repository_project" "test" { + name = "test" + repository = github_repository.test.name + body = "this is a test project" +} + +resource "github_project_column" "test" { + project_id = github_repository_project.test.id + name = "Backlog" +} + +resource "github_project_card" "test" { + column_id = github_project_column.test.column_id + content_id = github_issue.test.issue_id + content_type = "Issue" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `column_id` - (Required) The ID of the card. + +- `note` - (Optional) The note contents of the card. Markdown supported. + +- `content_id` - (Optional) `github_issue.issue_id`. + +- `content_type` - (Optional) Must be either `Issue` or `PullRequest` + +**Remarks:*- You must either set the `note` attribute or both `content_id` and `content_type`. See [note example](#example-usage) or [issue example](#example-usage-adding-an-issue-to-a-project) for more information. + +## Import + +A GitHub Project Card can be imported using its [Card ID](https://developer.github.com/v3/projects/cards/#get-a-project-card): + +```hcl +$ terraform import github_project_card.card 01234567 +``` diff --git a/docs/resources/project_column.md b/docs/resources/project_column.md new file mode 100644 index 0000000000..6b747e84b7 --- /dev/null +++ b/docs/resources/project_column.md @@ -0,0 +1,33 @@ +--- +page_title: "github_project_column (Resource) - GitHub" +description: |- + Creates and manages project columns for GitHub projects +--- + +# github_project_column (Resource) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage columns for GitHub projects. + +## Example Usage + +```terraform +resource "github_organization_project" "project" { + name = "A Organization Project" + body = "This is an organization project." +} + +resource "github_project_column" "column" { + project_id = github_organization_project.project.id + name = "a column" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `project_id` - (Required) The ID of an existing project that the column will be created in. + +- `name` - (Required) The name of the column. diff --git a/docs/resources/release.md b/docs/resources/release.md new file mode 100644 index 0000000000..b994eff4e6 --- /dev/null +++ b/docs/resources/release.md @@ -0,0 +1,102 @@ +--- +page_title: "github_release (Resource) - GitHub" +description: |- + Creates and manages releases within a single GitHub repository +--- + +# github_release (Resource) + +This resource allows you to create and manage a release in a specific GitHub repository. + +## Example Usage + +```terraform +resource "github_repository" "repo" { + name = "repo" + description = "GitHub repo managed by Terraform" + + private = false +} + +resource "github_release" "example" { + repository = github_repository.repo.name + tag_name = "v1.0.0" +} +``` + +## Example Usage on Non-Default Branch + +```terraform +resource "github_repository" "example" { + name = "repo" + auto_init = true +} + +resource "github_branch" "example" { + repository = github_repository.example.name + branch = "branch_name" + source_branch = github_repository.example.default_branch +} + +resource "github_release" "example" { + repository = github_repository.example.name + tag_name = "v1.0.0" + target_commitish = github_branch.example.branch + draft = false + prerelease = false +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The name of the repository. + +- `tag_name` - (Required) The name of the tag. + +- `target_commitish` - (Optional) The branch name or commit SHA the tag is created from. Defaults to the default branch of the repository. + +- `name` - (Optional) The name of the release. + +- `body` - (Optional) Text describing the contents of the tag. + +- `draft` - (Optional) Set to `false` to create a published release. + +- `prerelease` - (Optional) Set to `false` to identify the release as a full release. + +- `generate_release_notes` - (Optional) Set to `true` to automatically generate the name and body for this release. If `name` is specified, the specified `name` will be used; otherwise, a name will be automatically generated. If `body` is specified, the `body` will be pre-pended to the automatically generated notes. + +- `discussion_category_name` - (Optional) If specified, a discussion of the specified category is created and linked to the release. The value must be a category that already exists in the repository. For more information, see [Managing categories for discussions in your repository](https://docs.github.com/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository). + +## Attributes Reference + +The following additional attributes are exported: + +- `release_id` - The ID of the release. + +- `created_at` - This is the date of the commit used for the release, and not the date when the release was drafted or published. + +- `published_at` - This is the date when the release was published. This will be empty if the release is a draft. + +- `html_url` - URL of the release in GitHub. + +- `url` - URL that can be provided to API calls that reference this release. + +- `assets_url` - URL that can be provided to API calls displaying the attached assets to this release. + +- `upload_url` - URL that can be provided to API calls to upload assets. + +- `zipball_url` - URL that can be provided to API calls to fetch the release ZIP archive. + +- `tarball_url` - URL that can be provided to API calls to fetch the release TAR archive. + +- `node_id` - GraphQL global node id for use with v4 API + +## Import + +This resource can be imported using the `name` of the repository, combined with the `id` of the release, and a `:` character for separating components, e.g. + +```sh +terraform import github_release.example repo:12345678 +``` diff --git a/docs/resources/repository.md b/docs/resources/repository.md new file mode 100644 index 0000000000..7aa1709f05 --- /dev/null +++ b/docs/resources/repository.md @@ -0,0 +1,245 @@ +--- +page_title: "github_repository (Resource) - GitHub" +description: |- + Creates and manages repositories within GitHub organizations or personal accounts +--- + +# github_repository (Resource) + +This resource allows you to create and manage repositories within your GitHub organization or personal account. + +~> **Note*- When used with GitHub App authentication, even GET requests must have the `contents:write` permission. Without it, the following arguments will be ignored, leading to unexpected behavior and confusing diffs: `allow_merge_commit`, `allow_squash_merge`, `allow_rebase_merge`, `merge_commit_title`, `merge_commit_message`, `squash_merge_commit_title` and `squash_merge_commit_message`. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + + visibility = "public" + + template { + owner = "github" + repository = "terraform-template-module" + include_all_branches = true + } +} +``` + +## Example Usage with GitHub Pages Enabled + +```terraform +resource "github_repository" "example" { + name = "example" + description = "My awesome web page" + + private = false + + pages { + source { + branch = "master" + path = "/docs" + } + } +} +``` + +## Example Usage with Repository Forking + +```terraform +resource "github_repository" "forked_repo" { + name = "forked-repository" + description = "This is a fork of another repository" + fork = true + source_owner = "some-org" + source_repo = "original-repository" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the repository. + +- `description` - (Optional) A description of the repository. + +- `homepage_url` - (Optional) URL of a page describing the project. + +- `fork` - (Optional) Set to `true` to create a fork of an existing repository. When set to `true`, both `source_owner` and `source_repo` must also be specified. + +- `source_owner` - (Optional) The GitHub username or organization that owns the repository being forked. Required when `fork` is `true`. + +- `source_repo` - (Optional) The name of the repository to fork. Required when `fork` is `true`. + +- `private` - (Optional) Set to `true` to create a private repository. Repositories are created as public (e.g. open source) by default. + +- `visibility` - (Optional) Can be `public` or `private`. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be `internal`. The `visibility` parameter overrides the `private` parameter. + +- `has_issues` - (Optional) Set to `true` to enable the GitHub Issues features on the repository. + +- `has_discussions` - (Optional) Set to `true` to enable GitHub Discussions on the repository. Defaults to `false`. + +- `has_projects` - (Optional) Set to `true` to enable the GitHub Projects features on the repository. Per the GitHub [documentation](https://developer.github.com/v3/repos/#create) when in an organization that has disabled repository projects it will default to `false` and will otherwise default to `true`. If you specify `true` when it has been disabled it will return an error. + +- `has_wiki` - (Optional) Set to `true` to enable the GitHub Wiki features on the repository. + +- `is_template` - (Optional) Set to `true` to tell GitHub that this is a template repository. + +- `allow_merge_commit` - (Optional) Set to `false` to disable merge commits on the repository. + +- `allow_squash_merge` - (Optional) Set to `false` to disable squash merges on the repository. + +- `allow_rebase_merge` - (Optional) Set to `false` to disable rebase merges on the repository. + +- `allow_auto_merge` - (Optional) Set to `true` to allow auto-merging pull requests on the repository. + +- `allow_forking` - (Optional) Configure private forking for organization owned private and internal repositories; set to `true` to enable, `false` to disable, and leave unset for the default behaviour. Configuring this requires that private forking is not being explicitly configured at the organization level. + +- `squash_merge_commit_title` - (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if `allow_squash_merge` is `true`. + +- `squash_merge_commit_message` - (Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if `allow_squash_merge` is `true`. + +- `merge_commit_title` - Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if `allow_merge_commit` is `true`. + +- `merge_commit_message` - Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if `allow_merge_commit` is `true`. + +- `delete_branch_on_merge` - (Optional) Automatically delete head branch after a pull request is merged. Defaults to `false`. + +- `web_commit_signoff_required` - (Optional) Require contributors to sign off on web-based commits. See more [here](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-commit-signoff-policy-for-your-repository). Defaults to `false`. + +- `has_downloads` - (**DEPRECATED**) (Optional) Set to `true` to enable the (deprecated) downloads features on the repository. This attribute is no longer in use, but it hasn't been removed yet. It will be removed in a future version. See [this discussion](https://github.com/orgs/community/discussions/102145#discussioncomment-8351756). + +- `auto_init` - (Optional) Set to `true` to produce an initial commit in the repository. + +- `gitignore_template` - (Optional) Use the [name of the template](https://github.com/github/gitignore) without the extension. For example, "Haskell". + +- `license_template` - (Optional) Use the [name of the template](https://github.com/github/choosealicense.com/tree/gh-pages/_licenses) without the extension. For example, "mit" or "mpl-2.0". + +- `default_branch` - (Optional) (Deprecated: Use `github_branch_default` resource instead) The name of the default branch of the repository. **NOTE:*- This can only be set after a repository has already been created, and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the initial repository creation and create the target branch inside of the repository prior to setting this attribute. + +- `archived` - (Optional) Specifies if the repository should be archived. Defaults to `false`. **NOTE*- Currently, the API does not support unarchiving. + +- `archive_on_destroy` - (Optional) Set to `true` to archive the repository instead of deleting on destroy. + +- `pages` - (Optional) The repository's GitHub Pages configuration. See [GitHub Pages Configuration](#github-pages-configuration) below for details. + +- `security_and_analysis` - (Optional) The repository's [security and analysis](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository) configuration. See [Security and Analysis Configuration](#security-and-analysis-configuration) below for details. + +- `topics` - (Optional) The list of topics of the repository. + +~> Note: This attribute is not compatible with the `github_repository_topics` resource. Use one of them. `github_repository_topics` is only meant to be used if the repository itself is not handled via terraform, for example if it's only read as a datasource (see [issue #1845](https://github.com/integrations/terraform-provider-github/issues/1845)). + +- `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. + +- `vulnerability_alerts` - (Optional) Configure [Dependabot security alerts](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for vulnerable dependencies; set to `true` to enable, set to `false` to disable, and leave unset for the default behavior. Configuring this requires that alerts are not being explicitly configured at the organization level. + +- `ignore_vulnerability_alerts_during_read` (**DEPRECATED**) (Optional) - This is ignored as the provider now handles lack of permissions automatically. + +- `allow_update_branch` (Optional) - Set to `true` to always suggest updating pull request branches. + +### GitHub Pages Configuration + +The `pages` block supports the following: + +- `source` - (Optional) The source branch and directory for the rendered Pages site. See [GitHub Pages Source](#github-pages-source) below for details. + +- `build_type` - (Optional) The type of GitHub Pages site to build. Can be `legacy` or `workflow`. If you use `legacy` as build type you need to set the option `source`. + +- `cname` - (Optional) The custom domain for the repository. This can only be set after the repository has been created. + +#### GitHub Pages Source + +The `source` block supports the following: + +- `branch` - (Required) The repository branch used to publish the site's source files. (i.e. `main` or `gh-pages`. + +- `path` - (Optional) The repository directory from which the site publishes (Default: `/`). + +### Security and Analysis Configuration + +The `security_and_analysis` block supports the following: + +- `advanced_security` - (Optional) The advanced security configuration for the repository. See [Advanced Security Configuration](#advanced-security-configuration) below for details. If a repository's visibility is `public`, advanced security is always enabled and cannot be changed, so this setting cannot be supplied. + +- `code_security` - (Optional) The code security configuration for the repository. See [Code Security](#code-security-configuration) below for details. + +- `secret_scanning` - (Optional) The secret scanning configuration for the repository. See [Secret Scanning Configuration](#secret-scanning-configuration) below for details. + +- `secret_scanning_push_protection` - (Optional) The secret scanning push protection configuration for the repository. See [Secret Scanning Push Protection Configuration](#secret-scanning-push-protection-configuration) below for details. + +- `secret_scanning_ai_detection` - (Optional) The secret scanning ai detection configuration for the repository. See [Secret Scanning AI Detection Configuration](#secret-scanning-ai-detection) below for details. + +- `secret_scanning_non_provider_patterns` - (Optional) The secret scanning non-provider patterns configuration for this repository. See [Secret Scanning Non-Provider Patterns Configuration](#secret-scanning-non-provider-patterns) below for more details. + +#### Advanced Security Configuration + +The `advanced_security` block supports the following: + +- `status` - (Required) Set to `enabled` to enable advanced security features on the repository. Can be `enabled` or `disabled`. + +#### Code Security Configuration + +- `status` - (Required) Set to `enabled` to enable GitHub Code Security on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning Configuration + +- `status` - (Required) Set to `enabled` to enable secret scanning on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning Push Protection Configuration + +- `status` - (Required) Set to `enabled` to enable secret scanning push protection on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning AI Detection + +- `status` - (Required) Set to `enabled` to enable secret scanning AI detection on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning Non-Provider Patterns + +- `status` - (Required) Set to `enabled` to enable secret scanning non-provider patterns on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +### Template Repositories + +`template` supports the following arguments: + +- `owner`: The GitHub organization or user the template repository is owned by. +- `repository`: The name of the template repository. +- `include_all_branches`: Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template). + +~> **Note on `internal` visibility with templates**: When creating a repository from a template with `visibility = "internal"`, the provider uses a two-step process due to GitHub API limitations. The template creation API only supports a `private` boolean parameter. Therefore, repositories with `visibility = "internal"` are initially created as private and then immediately updated to internal visibility. This ensures internal repositories are never exposed publicly during creation. + +## Attributes Reference + +The following additional attributes are exported: + +- `full_name` - A string of the form "orgname/reponame". + +- `html_url` - URL to the repository on the web. + +- `ssh_clone_url` - URL that can be provided to `git clone` to clone the repository via SSH. + +- `http_clone_url` - URL that can be provided to `git clone` to clone the repository via HTTPS. + +- `git_clone_url` - URL that can be provided to `git clone` to clone the repository anonymously via the git protocol. + +- `svn_url` - URL that can be provided to `svn checkout` to check out the repository via GitHub's Subversion protocol emulation. + +- `node_id` - GraphQL global node id for use with v4 API + +- `repo_id` - GitHub ID for the repository + +- `primary_language` - The primary language used in the repository. + +- `pages` - The block consisting of the repository's GitHub Pages configuration with the following additional attributes: +- `custom_404` - Whether the rendered GitHub Pages site has a custom 404 page. +- `html_url` - The absolute URL (including scheme) of the rendered GitHub Pages site e.g. `https://username.github.io`. +- `status` - The GitHub Pages site's build status e.g. `building` or `built`. + +## Import + +Repositories can be imported using the `name`, e.g. + +```shell +terraform import github_repository.terraform myrepo +``` diff --git a/docs/resources/repository_autolink_reference.md b/docs/resources/repository_autolink_reference.md new file mode 100644 index 0000000000..3d1a435001 --- /dev/null +++ b/docs/resources/repository_autolink_reference.md @@ -0,0 +1,64 @@ +--- +page_title: "github_repository_autolink_reference (Resource) - GitHub" +description: |- + Creates and manages autolink references for a single repository +--- + +# github_repository_autolink_reference (Resource) + +This resource allows you to create and manage an autolink reference for a single repository. + +## Example Usage + +```terraform +resource "github_repository" "repo" { + name = "my-repo" + description = "GitHub repo managed by Terraform" + + private = false +} + +resource "github_repository_autolink_reference" "autolink" { + repository = github_repository.repo.name + + key_prefix = "TICKET-" + + target_url_template = "https://example.com/TICKET?query=" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository of the autolink reference. + +- `key_prefix` - (Required) This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit. + +- `target_url_template` - (Required) The template of the target URL used for the links; must be a valid URL and contain `` for the reference number + +- `is_alphanumeric` - (Optional) Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true. + +## Attributes Reference + +The following additional attributes are exported: + +- `etag` - An etag representing the autolink reference object. + +## Import + +Autolink references can be imported using the `name` of the repository, combined with the `id` or `key prefix` of the autolink reference and a `/` character for separating components, e.g. + +### Import by ID + +```sh +terraform import github_repository_autolink_reference.auto my-repo/123 +``` + +See the GitHub documentation for how to [list all autolinks of a repository](https://docs.github.com/en/rest/repos/autolinks#list-all-autolinks-of-a-repository) to learn the autolink ids to use with the import command. + +### Import by key prefix + +```sh +terraform import github_repository_autolink_reference.auto oof/OOF- +``` diff --git a/docs/resources/repository_collaborator.md b/docs/resources/repository_collaborator.md new file mode 100644 index 0000000000..a6d476c221 --- /dev/null +++ b/docs/resources/repository_collaborator.md @@ -0,0 +1,62 @@ +--- +page_title: "github_repository_collaborator (Resource) - GitHub" +description: |- + Provides a GitHub repository collaborator resource. +--- + +# github_repository_collaborator (Resource) + +Provides a GitHub repository collaborator resource. + +~> Note: github_repository_collaborator cannot be used in conjunction with github_repository_collaborators or they will fight over what your policy should be. + +This resource allows you to add/remove collaborators from repositories in your organization or personal account. For organization repositories, collaborators can have explicit (and differing levels of) read, write, or administrator access to specific repositories, without giving the user full organization membership. For personal repositories, collaborators can only be granted write (implicitly includes read) permission. + +When applied, an invitation will be sent to the user to become a collaborator on a repository. When destroyed, either the invitation will be cancelled or the collaborator will be removed from the repository. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing collaborator modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +This resource is non-authoritative, for managing ALL collaborators of a repo, use github_repository_collaborators instead. + +Further documentation on GitHub collaborators: + +- [Adding outside collaborators to your personal repositories](https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories) +- [Adding outside collaborators to repositories in your organization](https://help.github.com/articles/adding-outside-collaborators-to-repositories-in-your-organization/) +- [Converting an organization member to an outside collaborator](https://help.github.com/articles/converting-an-organization-member-to-an-outside-collaborator/) + +## Example Usage + +```terraform +# Add a collaborator to a repository +resource "github_repository_collaborator" "a_repo_collaborator" { + repository = "our-cool-repo" + username = "SomeUser" + permission = "admin" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository + +~> Note: The owner of the repository can be passed as part of the repository name e.g. `owner-org-name/repo-name`. If owner is not supplied as part of the repository name, it may also be supplied by setting the environment variable `GITHUB_OWNER`. + +- `username` - (Required) The user to add to the repository as a collaborator. +- `permission` - (Optional) The permission of the outside collaborator for the repository. Must be one of `pull`, `push`, `maintain`, `triage` or `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organization for organization-owned repositories. Must be `push` for personal repositories. Defaults to `push`. +- `permission_diff_suppression` - (Optional) Suppress plan diffs for `triage` and `maintain`. Defaults to `false`. + +## Attribute Reference + +In addition to the above arguments, the following attributes are exported: + +- `invitation_id` - ID of the invitation to be used in `github_user_invitation_accepter`. + +## Import + +GitHub Repository Collaborators can be imported using an ID made up of `repository:username`, e.g. + +```hcl +$ terraform import github_repository_collaborator.collaborator terraform:someuser +``` diff --git a/docs/resources/repository_collaborators.md b/docs/resources/repository_collaborators.md new file mode 100644 index 0000000000..550fd56ca8 --- /dev/null +++ b/docs/resources/repository_collaborators.md @@ -0,0 +1,90 @@ +--- +page_title: "github_repository_collaborators (Resource) - GitHub" +description: |- + Provides a GitHub repository collaborators resource. +--- + +# github_repository_collaborators (Resource) + +Provides a GitHub repository collaborators resource. + +~> Note: github_repository_collaborators cannot be used in conjunction with github_repository_collaborator and github_team_repository or they will fight over what your policy should be. + +This resource allows you to manage all collaborators for repositories in your organization or personal account. For organization repositories, collaborators can have explicit (and differing levels of) read, write, or administrator access to specific repositories, without giving the user full organization membership. For personal repositories, collaborators can only be granted write (implicitly includes read) permission. + +When applied, an invitation will be sent to the user to become a collaborators on a repository. When destroyed, either the invitation will be cancelled or the collaborators will be removed from the repository. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing collaborator modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +This resource is authoritative. For adding a collaborator to a repo in a non-authoritative manner, use github_repository_collaborator instead. + +Further documentation on GitHub collaborators: + +- [Adding outside collaborators to your personal repositories](https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories) +- [Adding outside collaborators to repositories in your organization](https://help.github.com/articles/adding-outside-collaborators-to-repositories-in-your-organization/) +- [Converting an organization member to an outside collaborators](https://help.github.com/articles/converting-an-organization-member-to-an-outside-collaborator/) + +## Example Usage + +```terraform +# Add collaborators to a repository +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_repository_collaborators" "some_repo_collaborators" { + repository = github_repository.some_repo.name + + user { + permission = "admin" + username = "SomeUser" + } + + team { + permission = "pull" + team_id = github_team.some_team.slug + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository. +- `user` - (Optional) List of users to grant access to the repository. +- `team` - (Optional) List of teams to grant access to the repository. +- `ignore_team` - (Optional) List of teams to ignore when checking for repository access. This supports ignoring teams granted access at an organizational level. + +The `user` block supports: + +- `username` - (Required) The user to add to the repository as a collaborator. +- `permission` - (Optional) The permission of the outside collaborators for the repository. Must be one of `pull`, `push`, `maintain`, `triage` or `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organization for organization-owned repositories. Must be `push` for personal repositories. Defaults to `push`. + +The `team` block supports: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug. +- `permission` - (Optional) The permission of the outside collaborators for the repository. Must be one of `pull`, `triage`, `push`, `maintain`, `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organisation. Defaults to `pull`. Must be `push` for personal repositories. Defaults to `push`. + +The `ignore_team` block supports: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug. + +## Attribute Reference + +In addition to the above arguments, the following attributes are exported: + +- `invitation_ids` - Map of usernames to invitation ID for any users added as part of creation of this resource to be used in `github_user_invitation_accepter`. + +## Import + +GitHub Repository Collaborators can be imported using the name `name`, e.g. + +```hcl +$ terraform import github_repository_collaborators.collaborators terraform +``` diff --git a/docs/resources/repository_custom_property.md b/docs/resources/repository_custom_property.md new file mode 100644 index 0000000000..4e2f33c3a0 --- /dev/null +++ b/docs/resources/repository_custom_property.md @@ -0,0 +1,46 @@ +--- +page_title: "github_repository_custom_property (Resource) - GitHub" +description: |- + Creates and a specific custom property for a GitHub repository +--- + +# github_repository_custom_property (Resource) + +This resource allows you to create and manage a specific custom property for a GitHub repository. + +## Example Usage + +> Note that this assumes there already is a custom property defined on the org level called `my-cool-property` of type `string` + +```terraform +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" +} +resource "github_repository_custom_property" "string" { + repository = github_repository.example.name + property_name = "my-cool-property" + property_type = "string" + property_value = ["test"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository of the environment. + +- `property_type` - (Required) Type of the custom property. Can be one of `single_select`, `multi_select`, `string`, or `true_false` + +- `property_name` - (Required) Name of the custom property. Note that a pre-requisiste for this resource is that a custom property of this name has already been defined on the organization level + +- `property_value` - (Required) Value of the custom property in the form of an array. Properties of type `single_select`, `string`, and `true_false` are represented as a string array of length 1 + +## Import + +GitHub Repository Custom Property can be imported using an ID made up of a combination of the names of the organization, repository, custom property separated by a `:` character, e.g. + +```hcl +$ terraform import github_repository_custom_property.example organization-name:repo-name:custom-property-name +``` diff --git a/docs/resources/repository_dependabot_security_updates.md b/docs/resources/repository_dependabot_security_updates.md new file mode 100644 index 0000000000..c459aa28bb --- /dev/null +++ b/docs/resources/repository_dependabot_security_updates.md @@ -0,0 +1,46 @@ +--- +page_title: "github_repository_dependabot_security_updates (Resource) - GitHub" +description: |- + Manages automated security fixes for a single repository +--- + +# github_repository_dependabot_security_updates (Resource) + +This resource allows you to manage dependabot automated security fixes for a single repository. See the [documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) for details of usage and how this will impact your repository + +## Example Usage + +```terraform +resource "github_repository" "repo" { + name = "my-repo" + description = "GitHub repo managed by Terraform" + + private = false + + vulnerability_alerts = true +} + + +resource "github_repository_dependabot_security_updates" "example" { + repository = github_repository.test.name + enabled = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The name of the GitHub repository. + +- `enabled` - (Required) The state of the automated security fixes. + +## Import + +Automated security references can be imported using the `name` of the repository + +### Import by name + +```sh +terraform import github_repository_dependabot_security_updates.example my-repo +``` diff --git a/docs/resources/repository_deploy_key.md b/docs/resources/repository_deploy_key.md new file mode 100644 index 0000000000..997ee1daed --- /dev/null +++ b/docs/resources/repository_deploy_key.md @@ -0,0 +1,55 @@ +--- +page_title: "github_repository_deploy_key (Resource) - GitHub" +description: |- + Provides a GitHub repository deploy key resource. +--- + +# github_repository_deploy_key (Resource) + +Provides a GitHub repository deploy key resource. + +A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository. This key is attached directly to the repository instead of to a personal user account. + +This resource allows you to add/remove repository deploy keys. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing deploy key modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +Further documentation on GitHub repository deploy keys: + +- [About deploy keys](https://developer.github.com/guides/managing-deploy-keys/#deploy-keys) + +## Example Usage + +```terraform +# Generate an ssh key using provider "hashicorp/tls" +resource "tls_private_key" "example_repository_deploy_key" { + algorithm = "ED25519" +} + +# Add the ssh key as a deploy key +resource "github_repository_deploy_key" "example_repository_deploy_key" { + title = "Repository test key" + repository = "test-repo" + key = tls_private_key.example_repository_deploy_key.public_key_openssh + read_only = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `key` - (Required) A SSH key. +- `read_only` - (Required) A boolean qualifying the key to be either read only or read/write. +- `repository` - (Required) Name of the GitHub repository. +- `title` - (Required) A title. + +Changing any of the fields forces re-creating the resource. + +## Import + +Repository deploy keys can be imported using a colon-separated pair of repository name and GitHub's key id. The latter can be obtained by GitHub's SDKs and API. + +```hcl +$ terraform import github_repository_deploy_key.foo test-repo:23824728 +``` diff --git a/docs/resources/repository_deployment_branch_policy.md b/docs/resources/repository_deployment_branch_policy.md new file mode 100644 index 0000000000..4781a7bb7e --- /dev/null +++ b/docs/resources/repository_deployment_branch_policy.md @@ -0,0 +1,54 @@ +--- +page_title: "github_repository_deployment_branch_policy (Resource) - GitHub" +description: |- + Creates and manages deployment branch policies +--- + +# github_repository_deployment_branch_policy (Resource) + +~> **Note:*- This resource is deprecated, please use the `github_repository_environment_deployment_policy` resource instead. + +This resource allows you to create and manage deployment branch policies. + +## Example Usage + +```terraform +resource "github_repository_environment" "env" { + repository = "my_repo" + environment = "my_env" + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_deployment_branch_policy" "foo" { + depends_on = [github_repository_environment.env] + + repository = "my_repo" + environment_name = "my_env" + name = "foo" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository to create the policy in. + +- `environment_name` - (Required) The name of the environment. This environment must have `deployment_branch_policy.custom_branch_policies` set to true or a 404 error will be thrown. + +- `name` - (Required) The name pattern that branches must match in order to deploy to the environment. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the deployment branch policy. + +## Import + +```hcl +$ terraform import github_repository_deployment_branch_policy.foo repo:env:id +``` diff --git a/docs/resources/repository_environment.md b/docs/resources/repository_environment.md new file mode 100644 index 0000000000..ed3c4ed713 --- /dev/null +++ b/docs/resources/repository_environment.md @@ -0,0 +1,73 @@ +--- +page_title: "github_repository_environment (Resource) - GitHub" +description: |- + Creates and manages environments for GitHub repositories +--- + +# github_repository_environment (Resource) + +This resource allows you to create and manage environments for a GitHub repository. + +## Example Usage + +```terraform +data "github_user" "current" { + username = "" +} + +resource "github_repository" "example" { + name = "A Repository Project" + description = "My awesome codebase" +} + +resource "github_repository_environment" "example" { + environment = "example" + repository = github_repository.example.name + prevent_self_review = true + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = true + custom_branch_policies = false + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `environment` - (Required) The name of the environment. + +- `repository` - (Required) The repository of the environment. + +- `wait_timer` - (Optional) Amount of time to delay a job after the job is initially triggered. + +- `can_admins_bypass` - (Optional) Can repository admins bypass the environment protections. Defaults to `true`. + +- `prevent_self_review` - (Optional) Whether or not a user who created the job is prevented from approving their own job. Defaults to `false`. + +### Reviewers + +The `reviewers` block supports the following: + +- `teams` - (Optional) Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed. + +- `users` - (Optional) Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed. + +#### Deployment Branch Policy + +The `deployment_branch_policy` block supports the following: + +- `protected_branches` - (Required) Whether only branches with branch protection rules can deploy to this environment. + +- `custom_branch_policies` - (Required) Whether only branches that match the specified name patterns can deploy to this environment. + +## Import + +This resource can be imported using an ID made of the repository name, and environment name (any `:` in the name need to be escaped as `??`) separated by a `:`. + +```shell +terraform import github_repository_environment.example myrepo:myenv +``` diff --git a/docs/resources/repository_environment_deployment_policy.md b/docs/resources/repository_environment_deployment_policy.md new file mode 100644 index 0000000000..8663e96f90 --- /dev/null +++ b/docs/resources/repository_environment_deployment_policy.md @@ -0,0 +1,93 @@ +--- +page_title: "github_repository_environment_deployment_policy (Resource) - GitHub" +description: |- + Creates and manages environment deployment branch policies for GitHub repositories +--- + +# github_repository_environment_deployment_policy (Resource) + +This resource allows you to create and manage environment deployment branch policies for a GitHub repository. + +## Example Usage + +Create a branch-based deployment policy: + +```terraform +data "github_user" "current" { + username = "" +} + +resource "github_repository" "test" { + name = "tf-acc-test-%s" +} + +resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + branch_pattern = "releases/*" +} +``` + +Create a tag-based deployment policy: + +```terraform +data "github_user" "current" { + username = "" +} + +resource "github_repository" "test" { + name = "tf-acc-test-%s" +} + +resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `environment` - (Required) The name of the environment. + +- `repository` - (Required) The repository of the environment. + +- `branch_pattern` - (Optional) The name pattern that branches must match in order to deploy to the environment. If not specified, `tag_pattern` must be specified. + +- `tag_pattern` - (Optional) The name pattern that tags must match in order to deploy to the environment. If not specified, `branch_pattern` must be specified. + +## Import + +This resource can be imported using an ID made of the repository name, environment name (any `:` in the name need to be escaped as `??`), and deployment policy ID all separated by a `:`. + +```shell +terraform import github_repository_environment.example myrepo:myenv:123456 +``` diff --git a/docs/resources/repository_file.md b/docs/resources/repository_file.md new file mode 100644 index 0000000000..43bd2efb3a --- /dev/null +++ b/docs/resources/repository_file.md @@ -0,0 +1,106 @@ +--- +page_title: "github_repository_file (Resource) - GitHub" +description: |- + Creates and manages files within a GitHub repository +--- + +# github_repository_file (Resource) + +This resource allows you to create and manage files within a GitHub repository. + +~> **Note:*- When a repository is archived, Terraform will skip deletion of repository files to avoid API errors, as archived repositories are read-only. The files will be removed from Terraform state without attempting to delete them from GitHub. + +## Example Usage + +### Existing Branch + +```terraform +resource "github_repository" "foo" { + name = "example" + auto_init = true +} + +resource "github_repository_file" "foo" { + repository = github_repository.foo.name + branch = "main" + file = ".gitignore" + content = "**/*.tfstate" + commit_message = "Managed by Terraform" + commit_author = "Terraform User" + commit_email = "terraform@example.com" + overwrite_on_create = true +} +``` + +### Auto Created Branch + +```terraform +resource "github_repository" "foo" { + name = "example" + auto_init = true +} + +resource "github_repository_file" "foo" { + repository = github_repository.foo.name + branch = "does/not/exist" + file = ".gitignore" + content = "**/*.tfstate" + commit_message = "Managed by Terraform" + commit_author = "Terraform User" + commit_email = "terraform@example.com" + overwrite_on_create = true + autocreate_branch = true +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository to create the file in. + +- `file` - (Required) The path of the file to manage. + +- `content` - (Required) The file content. + +- `branch` - (Optional) Git branch (defaults to the repository's default branch). The branch must already exist, it will only be created automatically if 'autocreate_branch' is set true. + +- `commit_author` - (Optional) Committer author name to use. **NOTE:*- GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits. + +- `commit_email` - (Optional) Committer email address to use. **NOTE:*- GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits. + +- `commit_message` - (Optional) The commit message when creating, updating or deleting the managed file. + +- `overwrite_on_create` - (Optional) Enable overwriting existing files. If set to `true` it will overwrite an existing file with the same name. If set to `false` it will fail if there is an existing file with the same name. + +- `autocreate_branch` - (Optional) **Deprecated*- Automatically create the branch if it could not be found. Defaults to false. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'. Use the `github_branch` resource instead. + +- `autocreate_branch_source_branch` - (Optional) **Deprecated*- The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'. Use the `github_branch` resource instead. + +- `autocreate_branch_source_sha` - (Optional) **Deprecated*- The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored. Use the `github_branch` resource instead. + +## Attributes Reference + +The following additional attributes are exported: + +- `commit_sha` - The SHA of the commit that modified the file. + +- `repository_id` - The ID of the repository. + +- `sha` - The SHA blob of the file. + +- `ref` - The name of the commit/branch/tag. + +## Import + +Repository files can be imported using a combination of the `repo`, `file` and `branch` or empty branch for the default branch, e.g. + +```sh +terraform import github_repository_file.gitignore example:.gitignore:feature-branch +``` + +and using default branch: + +```sh +terraform import github_repository_file.gitignore example:.gitignore: +``` diff --git a/docs/resources/repository_milestone.md b/docs/resources/repository_milestone.md new file mode 100644 index 0000000000..d42989437c --- /dev/null +++ b/docs/resources/repository_milestone.md @@ -0,0 +1,52 @@ +--- +page_title: "github_repository_milestone (Resource) - GitHub" +description: |- + Provides a GitHub repository milestone resource. +--- + +# github_repository_milestone (Resource) + +Provides a GitHub repository milestone resource. + +This resource allows you to create and manage milestones for a GitHub Repository within an organization or user account. + +## Example Usage + +```terraform +# Create a milestone for a repository +resource "github_repository_milestone" "example" { + owner = "example-owner" + repository = "example-repository" + title = "v1.1.0" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `owner` - (Required) The owner of the GitHub Repository. + +- `repository` - (Required) The name of the GitHub Repository. + +- `title` - (Required) The title of the milestone. + +- `description` - (Optional) A description of the milestone. + +- `due_date` - (Optional) The milestone due date. In `yyyy-mm-dd` format. + +- `state` - (Optional) The state of the milestone. Either `open` or `closed`. Default: `open` + +## Attributes Reference + +The following additional attributes are exported: + +- `number` - The number of the milestone. + +## Import + +A GitHub Repository Milestone can be imported using an ID made up of `owner/repository/number`, e.g. + +```hcl +$ terraform import github_repository_milestone.example example-owner/example-repository/1 +``` diff --git a/docs/resources/repository_project.md b/docs/resources/repository_project.md new file mode 100644 index 0000000000..49adbe3f27 --- /dev/null +++ b/docs/resources/repository_project.md @@ -0,0 +1,43 @@ +--- +page_title: "github_repository_project (Resource) - GitHub" +description: |- + Creates and manages projects for GitHub repositories +--- + +# github_repository_project (Resource) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage projects for GitHub repository. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + has_projects = true +} + +resource "github_repository_project" "project" { + name = "A Repository Project" + repository = github_repository.example.name + body = "This is a repository project." +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the project. + +- `repository` - (Required) The repository of the project. + +- `body` - (Optional) The body of the project. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the project diff --git a/docs/resources/repository_pull_request.md b/docs/resources/repository_pull_request.md new file mode 100644 index 0000000000..8d39f35950 --- /dev/null +++ b/docs/resources/repository_pull_request.md @@ -0,0 +1,57 @@ +--- +page_title: "github_repository_pull_request (Resource) - GitHub" +description: |- + Get information on a single GitHub Pull Request. +--- + +# github_repository_pull_request (Resource) + +This resource allows you to create and manage PullRequests for repositories within your GitHub organization or personal account. + +## Example Usage + +```terraform +resource "github_repository_pull_request" "example" { + base_repository = "example-repository" + base_ref = "main" + head_ref = "feature-branch" + title = "My newest feature" + body = "This will change everything" +} +``` + +## Argument Reference + +- `base_repository` - (Required) Name of the base repository to retrieve the Pull Requests from. + +- `base_ref` - (Required) Name of the branch serving as the base of the Pull Request. + +- `head_ref` - (Required) Name of the branch serving as the head of the Pull Request. + +- `owner` - (Optional) Owner of the repository. If not provided, the provider's default owner is used. + +- `title` - (Optional) The title of the Pull Request. + +- `body` - (Optional) Body of the Pull Request. + +- `maintainer_can_modify` - Controls whether the base repository maintainers can modify the Pull Request. Default: false. + +## Attributes Reference + +- `base_sha` - Head commit SHA of the Pull Request base. + +- `draft` - Indicates Whether this Pull Request is a draft. + +- `head_sha` - Head commit SHA of the Pull Request head. + +- `labels` - List of label names set on the Pull Request. + +- `number` - The number of the Pull Request within the repository. + +- `opened_at` - Unix timestamp indicating the Pull Request creation time. + +- `opened_by` - GitHub login of the user who opened the Pull Request. + +- `state` - the current Pull Request state - can be "open", "closed" or "merged". + +- `updated_at` - The timestamp of the last Pull Request update. diff --git a/docs/resources/repository_ruleset.md b/docs/resources/repository_ruleset.md new file mode 100644 index 0000000000..af7f76343c --- /dev/null +++ b/docs/resources/repository_ruleset.md @@ -0,0 +1,340 @@ +--- +page_title: "github_repository_ruleset (Resource) - GitHub" +description: |- + Creates a GitHub repository ruleset. +--- + +# github_repository_ruleset (Resource) + +Creates a GitHub repository ruleset. + +This resource allows you to create and manage rulesets on the repository level. When applied, a new ruleset will be created. When destroyed, that ruleset will be removed. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "example" + description = "Example repository" +} + +resource "github_repository_ruleset" "example" { + name = "example" + repository = github_repository.example.name + target = "branch" + enforcement = "active" + + conditions { + ref_name { + include = ["~ALL"] + exclude = [] + } + } + + bypass_actors { + actor_id = 13473 + actor_type = "Integration" + bypass_mode = "always" + } + + rules { + creation = true + update = true + deletion = true + required_linear_history = true + required_signatures = true + + required_deployments { + required_deployment_environments = ["test"] + } + + required_code_scanning { + required_code_scanning_tool { + alerts_threshold = "errors" + security_alerts_threshold = "high_or_higher" + tool = "CodeQL" + } + } + } +} + +# Example with push ruleset +resource "github_repository_ruleset" "example_push" { + name = "example_push" + repository = github_repository.example.name + target = "push" + enforcement = "active" + + rules { + file_path_restriction { + restricted_file_paths = [".github/workflows/*", "*.env"] + } + + max_file_size { + max_file_size = 100 # 100 MB + } + + max_file_path_length { + max_file_path_length = 255 + } + + file_extension_restriction { + restricted_file_extensions = ["*.exe", "*.dll", "*.so"] + } + } +} +``` + +## Argument Reference + +- `enforcement` - (Required) (String) Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`. + +- `name` - (Required) (String) The name of the ruleset. + +- `rules` - (Required) (Block List, Min: 1, Max: 1) Rules within the ruleset. (see [below for nested schema](#rules)) + +- `target` - (Required) (String) Possible values are `branch`, `tag` and `push`. + +- `bypass_actors` - (Optional) (Block List) The actors that can bypass the rules in this ruleset. (see [below for nested schema](#bypass_actors)) + +- `conditions` - (Optional) (Block List, Max: 1) Parameters for a repository ruleset condition. For `branch` and `tag` targets, `ref_name` is required. For `push` targets, `ref_name` must NOT be set - conditions are optional for push targets. (see [below for nested schema](#conditions)) + +- `repository` - (Required) (String) Name of the repository to apply ruleset to. + +### Rules + +The `rules` block supports the following: + +~> **Note:*- Rules are target-specific. `branch` and `tag` targets support rules like `creation`, `deletion`, `pull_request`, `required_status_checks`, etc. `push` targets only support `file_path_restriction`, `max_file_size`, `max_file_path_length`, and `file_extension_restriction`. Using the wrong rules for a target will result in a validation error. + +- `branch_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applied to rulesets with target `branch`. (see [below for nested schema](#rulesbranch_name_pattern)) + +- `commit_author_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_author_email_pattern)) + +- `commit_message_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_message_pattern)) + +- `committer_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommitter_email_pattern)) + +- `creation` - (Optional) (Boolean) Only allow users with bypass permission to create matching refs. + +- `deletion` - (Optional) (Boolean) Only allow users with bypass permissions to delete matching refs. + +- `non_fast_forward` - (Optional) (Boolean) Prevent users with push access from force pushing to branches. + +- `merge_queue` - (Optional) (Block List, Max: 1) Merges must be performed via a merge queue. (see [below for nested schema](#rulesmerge_queue)) + +- `pull_request` - (Optional) (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see [below for nested schema](#rulespull_request)) + +- `copilot_code_review` - (Optional) (Block List, Max: 1) Automatically request Copilot code review for new pull requests if the author has access to Copilot code review and their premium requests quota has not reached the limit. (see [below for nested schema](#rulescopilot_code_review)) + +- `required_deployments` - (Optional) (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see [below for nested schema](#rulesrequired_deployments)) + +- `required_linear_history` - (Optional) (Boolean) Prevent merge commits from being pushed to matching branches. + +- `required_signatures` - (Optional) (Boolean) Commits pushed to matching branches must have verified signatures. + +- `required_status_checks` - (Optional) (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see [below for nested schema](#rulesrequired_status_checks)) + +- `tag_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applied to rulesets with target `tag`. (see [below for nested schema](#rulestag_name_pattern)) + +- `required_code_scanning` - (Optional) (Block List, Max: 1) Define which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated. Multiple code scanning tools can be specified. (see [below for nested schema](#rulesrequired_code_scanning)) + +- `file_path_restriction` - (Optional) (Block List, Max 1) Parameters to be used for the file_path_restriction rule. When enabled restricts access to files within the repository. (See [below for nested schema](#rulesfile_path_restriction)) + +- `max_file_size` - (Optional) (Block List, Max 1) Parameters to be used for the max_file_size rule. When enabled restricts the maximum size of a file that can be pushed to the repository. (See [below for nested schema](#rulesmax_file_size)) + +- `max_file_path_length` - (Optional) (Block List, Max: 1) Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesmax_file_path_length)) + +- `file_extension_restriction` - (Optional) (Block List, Max: 1) Prevent commits that include files with specified file extensions from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesfile_extension_restriction)) +- `update` - (Optional) (Boolean) Only allow users with bypass permission to update matching refs. + +- `update_allows_fetch_and_merge` - (Optional) (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter. + +#### rules.branch_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_author_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_message_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.committer_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.merge_queue + +- `check_response_timeout_minutes` - (Optional) (Number) Maximum time for a required status check to report a conclusion. After this much time has elapsed, checks that have not reported a conclusion will be assumed to have failed. Defaults to `60`. + +- `grouping_strategy` - (Optional) (String) When set to `ALLGREEN`, the merge commit created by merge queue for each PR in the group must pass all required checks to merge. When set to `HEADGREEN`, only the commit at the head of the merge group, i.e. the commit containing changes from all of the PRs in the group, must pass its required checks to merge. Can be one of: `ALLGREEN`, `HEADGREEN`. Defaults to `ALLGREEN`. + +- `max_entries_to_build` - (Optional) (Number) Limit the number of queued pull requests requesting checks and workflow runs at the same time. Defaults to `5`. + +- `max_entries_to_merge` - (Optional) (Number) Limit the number of queued pull requests that will be merged together in a group. Defaults to `5`. + +- `merge_method` - (Optional) (String) Method to use when merging changes from queued pull requests. Can be one of: `MERGE`, `SQUASH`, `REBASE`. Defaults to `MERGE`. + +- `min_entries_to_merge` - (Optional) (Number) The minimum number of PRs that will be merged together in a group. Defaults to `1`. + +- `min_entries_to_merge_wait_minutes` - (Optional) (Number) The time merge queue should wait after the first PR is added to the queue for the minimum group size to be met. After this time has elapsed, the minimum group size will be ignored and a smaller group will be merged. Defaults to `5`. + +#### rules.pull_request + +- `allowed_merge_methods` - (Optional) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. +- `dismiss_stale_reviews_on_push` - (Optional) (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`. +- `require_code_owner_review` - (Optional) (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`. +- `require_last_push_approval` - (Optional) (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`. +- `required_approving_review_count` - (Optional) (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to `0`. +- `required_review_thread_resolution` - (Optional) (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to `false`. + +#### rules.copilot_code_review + +- `review_on_push` - (Optional) (Boolean) Copilot automatically reviews each new push to the pull request. Defaults to `false`. + +- `review_draft_pull_requests` - (Optional) (Boolean) Copilot automatically reviews draft pull requests before they are marked as ready for review. Defaults to `false`. + +- `allowed_merge_methods` - (Required) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. + +- `required_reviewers` - (Optional) (Block List) Require specific reviewers to approve pull requests. Note: This feature is in beta. (see [below for nested schema](#rulespull_requestrequired_reviewers)) + +#### rules.pull_request.required_reviewers + +- `reviewer` - (Required) (Block List, Max: 1) The reviewer that must review matching files. (see [below for nested schema](#rulespull_requestrequired_reviewersreviewer)) + +- `file_patterns` - (Required) (List of String) File patterns (fnmatch syntax) that this reviewer must approve. + +- `minimum_approvals` - (Required) (Number) Minimum number of approvals required from this reviewer. Set to 0 to make approval optional. + +#### rules.pull_request.required_reviewers.reviewer + +- `id` - (Required) (Number) The ID of the reviewer (Team ID). + +- `type` - (Required) (String) The type of reviewer. Currently only `Team` is supported. + +#### rules.required_deployments + +- `required_deployment_environments` - (Required) (List of String) The environments that must be successfully deployed to before branches can be merged. + +#### rules.required_status_checks + +- `required_check` - (Required) (Block Set, Min: 1) Status checks that are required. Several can be defined. (see [below for nested schema](#rulesrequired_status_checksrequired_check)) + +- `strict_required_status_checks_policy` - (Optional) (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`. + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +#### rules.required_status_checks.required_check + +- `context` - (Required) (String) The status check context name that must be present on the commit. + +- `integration_id` - (Optional) (Number) The optional integration ID that this status check must originate from. It's a GitHub App ID, which can be obtained by following instructions from the [Get an App API docs](https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-app). + +#### rules.tag_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.required_code_scanning + +- `required_code_scanning_tool` - (Required) (Block Set, Min: 1) Actions code scanning tools that are required. Multiple can be defined. (see [below for nested schema](#rulesrequired_code_scanningrequired_code_scanning_tool)) + +#### rules.required_code_scanning.required_code_scanning_tool + +- `alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise alerts block a reference update. Can be one of: `none`, `errors`, `errors_and_warnings`, `all`. + +- `security_alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise security alerts block a reference update. Can be one of: `none`, `critical`, `high_or_higher`, `medium_or_higher`, `all`. + +- `tool` - (Required) (String) The name of a code scanning tool. + +#### rules.file_path_restriction + +- `restricted_file_paths` - (Required) (Block Set, Min: 1) The file paths that are restricted from being pushed to the commit graph. + +#### rules.max_file_size + +- `max_file_size` - (Required) (Integer) The maximum allowed size, in megabytes (MB), of a file. Valid range is 1-100 MB. + +#### rules.max_file_path_length + +- `max_file_path_length` - (Required) (Integer) The maximum number of characters allowed in file paths. + +#### rules.file_extension_restriction + +- `restricted_file_extensions` - (Required) (Block Set, Min: 1) The file extensions that are restricted from being pushed to the commit graph. + +#### bypass_actors + +- `actor_id` - (Optional) (Number) The ID of the actor that can bypass a ruleset. If `actor_type` is `Integration`, `actor_id` is a GitHub App ID. App ID can be obtained by following instructions from the [Get an App API docs](https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-app). Some actor types such as `DeployKey` do not have an ID. + +- `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`. + +- `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`, `exempt`. + +~> Note: at the time of writing this, the following actor types correspond to the following actor IDs: + +- `OrganizationAdmin` -> `1` +- `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.) + - `maintain` -> `2` + - `write` -> `4` + - `admin` -> `5` + +#### conditions + +- `ref_name` - (Optional) (Block List, Max: 1) Required for `branch` and `tag` targets. Must NOT be set for `push` targets. (see [below for nested schema](#conditionsref_name)) + +~> **Note:*- For `push` targets, do not include `ref_name` in conditions. Push rulesets operate on file content, not on refs. The `conditions` block is optional for push targets. + +#### conditions.ref_name + +- `exclude` - (Required) (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match. + +- `include` - (Required) (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches. + +## Attributes Reference + +The following additional attributes are exported: + +- `etag` (String) + +- `node_id` (String) GraphQL global node id for use with v4 API. + +- `ruleset_id` (Number) GitHub ID for the ruleset. + +## Import + +GitHub Repository Rulesets can be imported using the GitHub repository name and ruleset ID e.g. + +`$ terraform import github_repository_ruleset.example example:12345` diff --git a/docs/resources/repository_topics.md b/docs/resources/repository_topics.md new file mode 100644 index 0000000000..ae0d21dc4e --- /dev/null +++ b/docs/resources/repository_topics.md @@ -0,0 +1,40 @@ +--- +page_title: "github_repository_topics (Resource) - GitHub" +description: |- + Creates and manages the topics on a repository +--- + +# github_repository_topics (Resource) + +This resource allows you to create and manage topics for repositories within your GitHub organization or personal account. + +~> Note: This resource is not compatible with the `topic` attribute of the `github_repository` Use either `github_repository_topics` or `topic` in `github_repository`. `github_repository_topics` is only meant to be used if the repository itself is not handled via terraform, for example if it's only read as a datasource (see [issue #1845](https://github.com/integrations/terraform-provider-github/issues/1845)). + +## Example Usage + +```terraform +data "github_repository" "test" { + name = "test" +} + +resource "github_repository_topics" "test" { + repository = github_repository.test.name + topics = ["topic-1", "topic-2"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository name. + +- `topics` - (Required) A list of topics to add to the repository. + +## Import + +Repository topics can be imported using the `name` of the repository. + +```hcl +$ terraform import github_repository_topics.terraform terraform +``` diff --git a/docs/resources/repository_webhook.md b/docs/resources/repository_webhook.md new file mode 100644 index 0000000000..36eba6b78f --- /dev/null +++ b/docs/resources/repository_webhook.md @@ -0,0 +1,77 @@ +--- +page_title: "github_repository_webhook (Resource) - GitHub" +description: |- + Creates and manages repository webhooks within GitHub organizations or personal accounts +--- + +# github_repository_webhook (Resource) + +This resource allows you to create and manage webhooks for repositories within your GitHub organization or personal account. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing webhook modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +## Example Usage + +```terraform +resource "github_repository" "repo" { + name = "foo" + description = "Terraform acceptance tests" + homepage_url = "http://example.com/" + + visibility = "public" +} + +resource "github_repository_webhook" "foo" { + repository = github_repository.repo.name + + configuration { + url = "https://google.de/" + content_type = "form" + insecure_ssl = false + } + + active = false + + events = ["issues"] +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository of the webhook. + +- `events` - (Required) A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/). + +- `configuration` - (Required) Configuration block for the webhook. [Detailed below.](#configuration) + +- `active` - (Optional) Indicate if the webhook should receive events. Defaults to `true`. + +### configuration + +- `url` - (Required) The URL of the webhook. + +- `content_type` - (Required) The content type for the payload. Valid values are either `form` or `json`. + +- `secret` - (Optional) The shared secret for the webhook. [See API documentation](https://developer.github.com/v3/repos/hooks/#create-a-hook). + +- `insecure_ssl` - (Optional) Insecure SSL boolean toggle. Defaults to `false`. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the webhook. This is a sensitive attribute because it may include basic auth credentials. + +## Import + +Repository webhooks can be imported using the `name` of the repository, combined with the `id` of the webhook, separated by a `/` character. The `id` of the webhook can be found in the URL of the webhook. For example: `"https://github.com/foo-org/foo-repo/settings/hooks/14711452"`. + +Importing uses the name of the repository, as well as the ID of the webhook, e.g. + +```hcl +$ terraform import github_repository_webhook.terraform terraform/11235813 +``` + +If secret is populated in the webhook's configuration, the value will be imported as "********". diff --git a/docs/resources/team.md b/docs/resources/team.md new file mode 100644 index 0000000000..8caca0daf8 --- /dev/null +++ b/docs/resources/team.md @@ -0,0 +1,51 @@ +--- +page_title: "github_team (Resource) - GitHub" +description: |- + Provides a GitHub team resource. +--- + +# github_team (Resource) + +Provides a GitHub team resource. + +This resource allows you to add/remove teams from your organization. When applied, a new team will be created. When destroyed, that team will be removed. + +## Example Usage + +```terraform +# Add a team to the organization +resource "github_team" "some_team" { + name = "some-team" + description = "Some cool team" + privacy = "closed" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the team. +- `description` - (Optional) A description of the team. +- `privacy` - (Optional) The level of privacy for the team. Must be one of `secret` *(default)- or `closed`. +- `notification_setting` - (Optional) The notification setting for the team. Must be one of `notifications_enabled` *(default)- or `notifications_disabled`. +- `parent_team_id` - (Optional) The ID or slug of the parent team, if this is a nested team. +- `ldap_dn` - (Optional) The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server. +- `create_default_maintainer` - (**DEPRECATED**) (Optional) Adds a default maintainer to the team. Defaults to `false` and adds the creating user to the team when `true`. + +## Attributes Reference + +The following attributes are exported: + +- `id` - The ID of the created team. +- `node_id` - The Node ID of the created team. +- `slug` - The slug of the created team, which may or may not differ from `name`, depending on whether `name` contains "URL-unsafe" characters. + +## Import + +GitHub Teams can be imported using the GitHub team ID or name e.g. + +```shell +terraform import github_team.core 1234567 +terraform import github_team.core Administrators +``` diff --git a/docs/resources/team_members.md b/docs/resources/team_members.md new file mode 100644 index 0000000000..8b49a3c924 --- /dev/null +++ b/docs/resources/team_members.md @@ -0,0 +1,83 @@ +--- +page_title: "github_team_members (Resource) - GitHub" +description: |- + Provides an authoritative GitHub team members resource. +--- + +# github_team_members (Resource) + +Provides a GitHub team members resource. + +This resource allows you to manage members of teams in your organization. It sets the requested team members for the team and removes all users not managed by Terraform. + +When applied, if the user hasn't accepted their invitation to the organization, they won't be part of the team until they do. + +When destroyed, all users will be removed from the team. + +~> **Note*- This resource is not compatible with `github_team_membership`. Use either `github_team_members` or `github_team_membership`. + +~> **Note*- You can accidentally lock yourself out of your team using this resource. Deleting a `github_team_members` resource removes access from anyone without organization-level access to the team. Proceed with caution. It should generally only be used with teams fully managed by Terraform. + +~> **Note*- Attempting to set a user who is an organization owner to "member" will result in the user being granted "maintainer" instead; this can result in a perpetual `terraform plan` diff that changes their status back to "member". + +## Example Usage + +```terraform +# Add a user to the organization +resource "github_membership" "membership_for_some_user" { + username = "SomeUser" + role = "member" +} + +resource "github_membership" "membership_for_another_user" { + username = "AnotherUser" + role = "member" +} + +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_team_members" "some_team_members" { + team_id = github_team.some_team.id + + members { + username = "SomeUser" + role = "maintainer" + } + + members { + username = "AnotherUser" + role = "member" + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The team id or the team slug + +~> **Note*- Although the team id or team slug can be used it is recommended to use the team id. Using the team slug will cause the team members associations to the team to be destroyed and recreated if the team name is updated. + +- `members` - (Required) List of team members. See [Members](#members) below for details. + +### Members + +`members` supports the following arguments: + +- `username` - (Required) The user to add to the team. +- `role` - (Optional) The role of the user within the team. Must be one of `member` or `maintainer`. Defaults to `member`. + +## Import + +~> **Note*- Although the team id or team slug can be used it is recommended to use the team id. Using the team slug will result in terraform doing conversions between the team slug and team id. This will cause team members associations to the team to be destroyed and recreated on import. + +GitHub Team Membership can be imported using the team ID team id or team slug, e.g. + +```hcl +$ terraform import github_team_members.some_team 1234567 +$ terraform import github_team_members.some_team Administrators +``` diff --git a/docs/resources/team_membership.md b/docs/resources/team_membership.md new file mode 100644 index 0000000000..1cd8a8b02f --- /dev/null +++ b/docs/resources/team_membership.md @@ -0,0 +1,53 @@ +--- +page_title: "github_team_membership (Resource) - GitHub" +description: |- + Provides a GitHub team membership resource. +--- + +# github_team_membership (Resource) + +Provides a GitHub team membership resource. + +This resource allows you to add/remove users from teams in your organization. When applied, the user will be added to the team. If the user hasn't accepted their invitation to the organization, they won't be part of the team until they do. When destroyed, the user will be removed from the team. + +~> **Note*- This resource is not compatible with `github_team_members`. Use either `github_team_members` or `github_team_membership`. + +~> **Note*- Organization owners may not be set as "members" of a team; they may only be set as "maintainers". Attempting to set an organization owner as a "member" of a team may result in a `terraform plan` diff that changes their status back to "maintainer". + +## Example Usage + +```terraform +# Add a user to the organization +resource "github_membership" "membership_for_some_user" { + username = "SomeUser" + role = "member" +} + +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_team_membership" "some_team_membership" { + team_id = github_team.some_team.id + username = "SomeUser" + role = "member" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug +- `username` - (Required) The user to add to the team. +- `role` - (Optional) The role of the user within the team. Must be one of `member` or `maintainer`. Defaults to `member`. + +## Import + +GitHub Team Membership can be imported using an ID made up of `teamid:username` or `teamname:username`, e.g. + +```hcl +$ terraform import github_team_membership.member 1234567:someuser +$ terraform import github_team_membership.member Administrators:someuser +``` diff --git a/docs/resources/team_repository.md b/docs/resources/team_repository.md new file mode 100644 index 0000000000..baeab46735 --- /dev/null +++ b/docs/resources/team_repository.md @@ -0,0 +1,56 @@ +--- +page_title: "github_team_repository (Resource) - GitHub" +description: |- + Manages the associations between teams and repositories. +--- + +# github_team_repository (Resource) + +~> Note: github_team_repository cannot be used in conjunction with github_repository_collaborators or they will fight over what your policy should be. + +This resource manages relationships between teams and repositories in your GitHub organization. + +Creating this resource grants a particular team permissions on a particular repository. + +The repository and the team must both belong to the same organization on GitHub. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing team permission modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +This resource is non-authoritative, for managing ALL collaborators of a repo, use github_repository_collaborators instead. + +## Example Usage + +```terraform +# Add a repository to the team +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_team_repository" "some_team_repo" { + team_id = github_team.some_team.id + repository = github_repository.some_repo.name + permission = "pull" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug +- `repository` - (Required) The repository to add to the team. +- `permission` - (Optional) The permissions of team members regarding the repository. Must be one of `pull`, `triage`, `push`, `maintain`, `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organisation. Defaults to `pull`. + +## Import + +GitHub Team Repository can be imported using an ID made up of `team_id:repository` or `team_name:repository`, e.g. + +```hcl +$ terraform import github_team_repository.terraform_repo 1234567:terraform +$ terraform import github_team_repository.terraform_repo Administrators:terraform +``` diff --git a/docs/resources/team_settings.md b/docs/resources/team_settings.md new file mode 100644 index 0000000000..2af044a29f --- /dev/null +++ b/docs/resources/team_settings.md @@ -0,0 +1,63 @@ +--- +page_title: "github_team_settings (Resource) - GitHub" +description: |- + Manages the team settings (in particular the request review delegation settings) +--- + +# github_team_settings (Resource) + +This resource manages the team settings (in particular the request review delegation settings) within the organization + +Creating this resource will alter the team Code Review settings. + +The team must both belong to the same organization configured in the provider on GitHub. + +~> **Note**: This resource relies on the v4 GraphQl GitHub API. If this API is not available, or the Stone Crop schema preview is not available, then this resource will not work as intended. + +## Example Usage + +```terraform +# Add a repository to the team +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_team_settings" "code_review_settings" { + team_id = github_team.some_team.id + review_request_delegation { + algorithm = "ROUND_ROBIN" + member_count = 1 + notify = true + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug +- `review_request_delegation` - (Optional) The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See [GitHub Review Request Delegation](#github-review-request-delegation-configuration) below for details. See [GitHub's documentation](https://docs.github.com/en/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team#configuring-team-notifications) for more configuration details. + +### GitHub Review Request Delegation Configuration + +The following arguments are supported: + +- `algorithm` - (Optional) The algorithm to use when assigning pull requests to team members. Supported values are `ROUND_ROBIN` and `LOAD_BALANCE`. Default value is `ROUND_ROBIN` +- `member_count` - (Optional) The number of team members to assign to a pull request +- `notify` - (Optional) whether to notify the entire team when at least one member is also assigned to the pull request + +## Import + +GitHub Teams can be imported using the GitHub team ID, or the team slug e.g. + +```hcl +$ terraform import github_team.code_review_settings 1234567 +``` + +or, + +```hcl +$ terraform import github_team_settings.code_review_settings SomeTeam +``` diff --git a/docs/resources/team_sync_group_mapping.md b/docs/resources/team_sync_group_mapping.md new file mode 100644 index 0000000000..782e7762de --- /dev/null +++ b/docs/resources/team_sync_group_mapping.md @@ -0,0 +1,55 @@ +--- +page_title: "github_team_sync_group_mapping (Resource) - GitHub" +description: |- + Creates and manages the connections between a team and its IdP group(s). +--- + +# github_team_sync_group_mapping (Resource) + +This resource allows you to create and manage Identity Provider (IdP) group connections within your GitHub teams. You must have team synchronization enabled for organizations owned by enterprise accounts. + +To learn more about team synchronization between IdPs and GitHub, please refer to: + +## Example Usage + +```terraform +data "github_organization_team_sync_groups" "example_groups" {} + +resource "github_team_sync_group_mapping" "example_group_mapping" { + team_slug = "example" + + dynamic "group" { + for_each = [for g in data.github_organization_team_sync_groups.example_groups.groups : g if g.group_name == "some_team_group"] + content { + group_id = group.value.group_id + group_name = group.value.group_name + group_description = group.value.group_description + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) Slug of the team +- `group` - (Required) An Array of GitHub Identity Provider Groups (or empty []). Each `group` block consists of the fields documented below. + +--- + +The `group` block consists of: + +- `group_id` - The ID of the IdP group. + +- `group_name` - The name of the IdP group. + +- `group_description` - The description of the IdP group. + +## Import + +GitHub Team Sync Group Mappings can be imported using the GitHub team `slug` e.g. + +```hcl +$ terraform import github_team_sync_group_mapping.example some_team +``` diff --git a/docs/resources/user_gpg_key.md b/docs/resources/user_gpg_key.md new file mode 100644 index 0000000000..9ba050535d --- /dev/null +++ b/docs/resources/user_gpg_key.md @@ -0,0 +1,36 @@ +--- +page_title: "github_user_gpg_key (Resource) - GitHub" +description: |- + Provides a GitHub user's GPG key resource. +--- + +# github_user_gpg_key (Resource) + +Provides a GitHub user's GPG key resource. + +This resource allows you to add/remove GPG keys from your user account. + +## Example Usage + +```terraform +resource "github_user_gpg_key" "example" { + armored_public_key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n...\n-----END PGP PUBLIC KEY BLOCK-----" +} +``` + +## Argument Reference + +The following arguments are supported: + +- `armored_public_key` - (Required) Your public GPG key, generated in ASCII-armored format. See [Generating a new GPG key](https://help.github.com/articles/generating-a-new-gpg-key/) for help on creating a GPG key. + +## Attributes Reference + +The following attributes are exported: + +- `id` - The GitHub ID of the GPG key, e.g. `401586` +- `key_id` - The key ID of the GPG key, e.g. `3262EFF25BA0D270` + +## Import + +GPG keys are not importable due to the fact that [API](https://developer.github.com/v3/users/gpg_keys/#gpg-keys) does not return previously uploaded GPG key. diff --git a/docs/resources/user_invitation_accepter.md b/docs/resources/user_invitation_accepter.md new file mode 100644 index 0000000000..4dba21bd26 --- /dev/null +++ b/docs/resources/user_invitation_accepter.md @@ -0,0 +1,50 @@ +--- +page_title: "github_user_invitation_accepter (Resource) - GitHub" +description: |- + Provides a resource to manage GitHub repository collaborator invitations. +--- + +# github_user_invitation_accepter (Resource) + +Provides a resource to manage GitHub repository collaborator invitations. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "example-repo" +} + +resource "github_repository_collaborator" "example" { + repository = github_repository.example.name + username = "example-username" + permission = "push" +} + +provider "github" { + alias = "invitee" + token = var.invitee_token +} + +resource "github_user_invitation_accepter" "example" { + provider = "github.invitee" + invitation_id = github_repository_collaborator.example.invitation_id +} +``` + +## Allowing empty invitation IDs + +Set `allow_empty_id` when using `for_each` over a list of `github_repository_collaborator.invitation_id`'s. + +This allows applying a module again when a new `github_repository_collaborator` resource is added to the `for_each` loop. This is needed as the `github_repository_collaborator.invitation_id` will be empty after a state refresh when the invitation has been accepted. + +Note that when an invitation is accepted manually or by another tool between a state refresh and a `terraform apply` using that refreshed state, the plan will contain the invitation ID, but the apply will receive an HTTP 404 from the API since the invitation has already been accepted. + +This is tracked in [#1157](https://github.com/integrations/terraform-provider-github/issues/1157). + +## Argument Reference + +The following arguments are supported: + +- `invitation_id` - (Optional) ID of the invitation to accept. Must be set when `allow_empty_id` is `false`. +- `allow_empty_id` - (Optional) Allow the ID to be unset. This will result in the resource being skipped when the ID is not set instead of returning an error. diff --git a/docs/resources/user_ssh_key.md b/docs/resources/user_ssh_key.md new file mode 100644 index 0000000000..ec27405986 --- /dev/null +++ b/docs/resources/user_ssh_key.md @@ -0,0 +1,42 @@ +--- +page_title: "github_user_ssh_key (Resource) - GitHub" +description: |- + Provides a GitHub user's SSH key resource. +--- + +# github_user_ssh_key (Resource) + +Provides a GitHub user's SSH key resource. + +This resource allows you to add/remove SSH keys from your user account. + +## Example Usage + +```terraform +resource "github_user_ssh_key" "example" { + title = "example title" + key = file("~/.ssh/id_rsa.pub") +} +``` + +## Argument Reference + +The following arguments are supported: + +- `title` - (Required) A descriptive name for the new key. e.g. `Personal MacBook Air` +- `key` - (Required) The public SSH key to add to your GitHub account. + +## Attributes Reference + +The following attributes are exported: + +- `id` - The ID of the SSH key +- `url` - The URL of the SSH key + +## Import + +SSH keys can be imported using their ID e.g. + +```hcl +$ terraform import github_user_ssh_key.example 1234567 +``` diff --git a/docs/resources/workflow_repository_permissions.md b/docs/resources/workflow_repository_permissions.md new file mode 100644 index 0000000000..cf2d74e4ce --- /dev/null +++ b/docs/resources/workflow_repository_permissions.md @@ -0,0 +1,39 @@ +--- +page_title: "github_workflow_repository_permissions (Resource) - GitHub" +description: |- + Enables and manages Workflow permissions for a GitHub repository +--- + +# github_workflow_repository_permissions (Resource) + +This resource allows you to manage GitHub Workflow permissions for a given repository. You must have admin access to a repository to use this resource. + +## Example Usage + +```terraform +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_workflow_repository_permissions" "test" { + default_workflow_permissions = "read" + can_approve_pull_request_reviews = true + repository = github_repository.example.name +} +``` + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `default_workflow_permissions` - (Optional) The default workflow permissions granted to the GITHUB_TOKEN when running workflows. Can be one of: `read` or `write`. +- `can_approve_pull_request_reviews` - (Optional) Whether GitHub Actions can approve pull requests. Enabling this can be a security risk. + +## Import + +This resource can be imported using the name of the GitHub repository: + +```hcl +$ terraform import github_workflow_repository_permissions.test my-repository +``` diff --git a/examples/README.md b/examples/README.md index 36e59a9c45..01adc0cf12 100644 --- a/examples/README.md +++ b/examples/README.md @@ -9,7 +9,7 @@ the example's own directory. For example: -``` +```text $ git clone https://github.com/integrations/terraform-provider-github $ cd terraform-provider-github/examples/repository_collaborator $ terraform init diff --git a/examples/data-sources/actions_environment_public_key/example_1.tf b/examples/data-sources/actions_environment_public_key/example_1.tf new file mode 100644 index 0000000000..7678f03eb7 --- /dev/null +++ b/examples/data-sources/actions_environment_public_key/example_1.tf @@ -0,0 +1,4 @@ +data "github_actions_environment_public_key" "example" { + repository = "example_repo" + environment = "example_environment" +} diff --git a/examples/data-sources/actions_environment_secrets/example_1.tf b/examples/data-sources/actions_environment_secrets/example_1.tf new file mode 100644 index 0000000000..cbde88c0c6 --- /dev/null +++ b/examples/data-sources/actions_environment_secrets/example_1.tf @@ -0,0 +1,4 @@ +data "github_actions_environment_secrets" "example" { + name = "exampleRepo" + environment = "exampleEnvironment" +} diff --git a/examples/data-sources/actions_environment_variables/example_1.tf b/examples/data-sources/actions_environment_variables/example_1.tf new file mode 100644 index 0000000000..cde6faf77f --- /dev/null +++ b/examples/data-sources/actions_environment_variables/example_1.tf @@ -0,0 +1,4 @@ +data "github_actions_environment_variables" "example" { + name = "exampleRepo" + environment = "exampleEnvironment" +} diff --git a/examples/data-sources/actions_organization_oidc_subject_claim_customization_template/example_1.tf b/examples/data-sources/actions_organization_oidc_subject_claim_customization_template/example_1.tf new file mode 100644 index 0000000000..be5ecb9002 --- /dev/null +++ b/examples/data-sources/actions_organization_oidc_subject_claim_customization_template/example_1.tf @@ -0,0 +1,2 @@ +data "github_actions_organization_oidc_subject_claim_customization_template" "example" { +} diff --git a/examples/data-sources/actions_organization_public_key/example_1.tf b/examples/data-sources/actions_organization_public_key/example_1.tf new file mode 100644 index 0000000000..cb13e7930a --- /dev/null +++ b/examples/data-sources/actions_organization_public_key/example_1.tf @@ -0,0 +1 @@ +data "github_actions_organization_public_key" "example" {} diff --git a/examples/data-sources/actions_organization_registration_token/example_1.tf b/examples/data-sources/actions_organization_registration_token/example_1.tf new file mode 100644 index 0000000000..bb6c6edd2e --- /dev/null +++ b/examples/data-sources/actions_organization_registration_token/example_1.tf @@ -0,0 +1,2 @@ +data "github_actions_organization_registration_token" "example" { +} diff --git a/examples/data-sources/actions_organization_secrets/example_1.tf b/examples/data-sources/actions_organization_secrets/example_1.tf new file mode 100644 index 0000000000..e9bf52a4f8 --- /dev/null +++ b/examples/data-sources/actions_organization_secrets/example_1.tf @@ -0,0 +1,2 @@ +data "github_actions_organization_secrets" "example" { +} diff --git a/examples/data-sources/actions_organization_variables/example_1.tf b/examples/data-sources/actions_organization_variables/example_1.tf new file mode 100644 index 0000000000..81c954e460 --- /dev/null +++ b/examples/data-sources/actions_organization_variables/example_1.tf @@ -0,0 +1,2 @@ +data "github_actions_organization_variables" "example" { +} diff --git a/examples/data-sources/actions_public_key/example_1.tf b/examples/data-sources/actions_public_key/example_1.tf new file mode 100644 index 0000000000..6ebd23a389 --- /dev/null +++ b/examples/data-sources/actions_public_key/example_1.tf @@ -0,0 +1,3 @@ +data "github_actions_public_key" "example" { + repository = "example_repo" +} diff --git a/examples/data-sources/actions_registration_token/example_1.tf b/examples/data-sources/actions_registration_token/example_1.tf new file mode 100644 index 0000000000..0ad6656fe1 --- /dev/null +++ b/examples/data-sources/actions_registration_token/example_1.tf @@ -0,0 +1,3 @@ +data "github_actions_registration_token" "example" { + repository = "example_repo" +} diff --git a/examples/data-sources/actions_repository_oidc_subject_claim_customization_template/example_1.tf b/examples/data-sources/actions_repository_oidc_subject_claim_customization_template/example_1.tf new file mode 100644 index 0000000000..bc94f6bba2 --- /dev/null +++ b/examples/data-sources/actions_repository_oidc_subject_claim_customization_template/example_1.tf @@ -0,0 +1,3 @@ +data "github_actions_repository_oidc_subject_claim_customization_template" "example" { + name = "example_repository" +} diff --git a/examples/data-sources/actions_secrets/example_1.tf b/examples/data-sources/actions_secrets/example_1.tf new file mode 100644 index 0000000000..89c4036f2a --- /dev/null +++ b/examples/data-sources/actions_secrets/example_1.tf @@ -0,0 +1,3 @@ +data "github_actions_secrets" "example" { + name = "example" +} diff --git a/examples/data-sources/actions_variables/example_1.tf b/examples/data-sources/actions_variables/example_1.tf new file mode 100644 index 0000000000..e6a62d67c3 --- /dev/null +++ b/examples/data-sources/actions_variables/example_1.tf @@ -0,0 +1,3 @@ +data "github_actions_variables" "example" { + name = "example" +} diff --git a/examples/data-sources/app/example_1.tf b/examples/data-sources/app/example_1.tf new file mode 100644 index 0000000000..e6dd3e0a51 --- /dev/null +++ b/examples/data-sources/app/example_1.tf @@ -0,0 +1,3 @@ +data "github_app" "foobar" { + slug = "foobar" +} diff --git a/examples/data-sources/app_token/example_1.tf b/examples/data-sources/app_token/example_1.tf new file mode 100644 index 0000000000..2d578f3876 --- /dev/null +++ b/examples/data-sources/app_token/example_1.tf @@ -0,0 +1,5 @@ +data "github_app_token" "this" { + app_id = "123456" + installation_id = "78910" + pem_file = file("foo/bar.pem") +} diff --git a/examples/data-sources/branch/example_1.tf b/examples/data-sources/branch/example_1.tf new file mode 100644 index 0000000000..e78991a304 --- /dev/null +++ b/examples/data-sources/branch/example_1.tf @@ -0,0 +1,4 @@ +data "github_branch" "development" { + repository = "example" + branch = "development" +} diff --git a/examples/data-sources/branch_protection_rules/example_1.tf b/examples/data-sources/branch_protection_rules/example_1.tf new file mode 100644 index 0000000000..f829069632 --- /dev/null +++ b/examples/data-sources/branch_protection_rules/example_1.tf @@ -0,0 +1,3 @@ +data "github_branch_protection_rules" "example" { + repository = "example" +} diff --git a/examples/data-sources/codespaces_organization_public_key/example_1.tf b/examples/data-sources/codespaces_organization_public_key/example_1.tf new file mode 100644 index 0000000000..3fc45d0858 --- /dev/null +++ b/examples/data-sources/codespaces_organization_public_key/example_1.tf @@ -0,0 +1 @@ +data "github_codespaces_organization_public_key" "example" {} diff --git a/examples/data-sources/codespaces_organization_secrets/example_1.tf b/examples/data-sources/codespaces_organization_secrets/example_1.tf new file mode 100644 index 0000000000..a1cdf2742e --- /dev/null +++ b/examples/data-sources/codespaces_organization_secrets/example_1.tf @@ -0,0 +1,2 @@ +data "github_codespaces_organization_secrets" "example" { +} diff --git a/examples/data-sources/codespaces_public_key/example_1.tf b/examples/data-sources/codespaces_public_key/example_1.tf new file mode 100644 index 0000000000..4e40e874e6 --- /dev/null +++ b/examples/data-sources/codespaces_public_key/example_1.tf @@ -0,0 +1,3 @@ +data "github_codespaces_public_key" "example" { + repository = "example_repo" +} diff --git a/examples/data-sources/codespaces_secrets/example_1.tf b/examples/data-sources/codespaces_secrets/example_1.tf new file mode 100644 index 0000000000..c00b20454d --- /dev/null +++ b/examples/data-sources/codespaces_secrets/example_1.tf @@ -0,0 +1,7 @@ +data "github_codespaces_secrets" "example" { + name = "example_repository" +} + +data "github_codespaces_secrets" "example_2" { + full_name = "org/example_repository" +} diff --git a/examples/data-sources/codespaces_user_public_key/example_1.tf b/examples/data-sources/codespaces_user_public_key/example_1.tf new file mode 100644 index 0000000000..f2c40f1862 --- /dev/null +++ b/examples/data-sources/codespaces_user_public_key/example_1.tf @@ -0,0 +1 @@ +data "github_codespaces_user_public_key" "example" {} diff --git a/examples/data-sources/codespaces_user_secrets/example_1.tf b/examples/data-sources/codespaces_user_secrets/example_1.tf new file mode 100644 index 0000000000..9daa1908c1 --- /dev/null +++ b/examples/data-sources/codespaces_user_secrets/example_1.tf @@ -0,0 +1,2 @@ +data "github_codespaces_user_secrets" "example" { +} diff --git a/examples/data-sources/collaborators/example_1.tf b/examples/data-sources/collaborators/example_1.tf new file mode 100644 index 0000000000..cb25f12da8 --- /dev/null +++ b/examples/data-sources/collaborators/example_1.tf @@ -0,0 +1,4 @@ +data "github_collaborators" "test" { + owner = "example_owner" + repository = "example_repository" +} diff --git a/examples/data-sources/dependabot_organization_public_key/example_1.tf b/examples/data-sources/dependabot_organization_public_key/example_1.tf new file mode 100644 index 0000000000..52373c44d8 --- /dev/null +++ b/examples/data-sources/dependabot_organization_public_key/example_1.tf @@ -0,0 +1 @@ +data "github_dependabot_organization_public_key" "example" {} diff --git a/examples/data-sources/dependabot_organization_secrets/example_1.tf b/examples/data-sources/dependabot_organization_secrets/example_1.tf new file mode 100644 index 0000000000..4f92aec63d --- /dev/null +++ b/examples/data-sources/dependabot_organization_secrets/example_1.tf @@ -0,0 +1,2 @@ +data "github_dependabot_organization_secrets" "example" { +} diff --git a/examples/data-sources/dependabot_public_key/example_1.tf b/examples/data-sources/dependabot_public_key/example_1.tf new file mode 100644 index 0000000000..b650d702ab --- /dev/null +++ b/examples/data-sources/dependabot_public_key/example_1.tf @@ -0,0 +1,3 @@ +data "github_dependabot_public_key" "example" { + repository = "example_repo" +} diff --git a/examples/data-sources/dependabot_secrets/example_1.tf b/examples/data-sources/dependabot_secrets/example_1.tf new file mode 100644 index 0000000000..eef8dbc22d --- /dev/null +++ b/examples/data-sources/dependabot_secrets/example_1.tf @@ -0,0 +1,3 @@ +data "github_dependabot_secrets" "example" { + name = "example" +} diff --git a/examples/data-sources/external_groups/example_1.tf b/examples/data-sources/external_groups/example_1.tf new file mode 100644 index 0000000000..6c0f3976c1 --- /dev/null +++ b/examples/data-sources/external_groups/example_1.tf @@ -0,0 +1,9 @@ +data "github_external_groups" "example_external_groups" {} + +locals { + local_groups = data.github_external_groups.example_external_groups +} + +output "groups" { + value = local.local_groups +} diff --git a/examples/data-sources/ip_ranges/example_1.tf b/examples/data-sources/ip_ranges/example_1.tf new file mode 100644 index 0000000000..c1b4dd4083 --- /dev/null +++ b/examples/data-sources/ip_ranges/example_1.tf @@ -0,0 +1 @@ +data "github_ip_ranges" "test" {} diff --git a/examples/data-sources/issue_labels/example_1.tf b/examples/data-sources/issue_labels/example_1.tf new file mode 100644 index 0000000000..8da56c7def --- /dev/null +++ b/examples/data-sources/issue_labels/example_1.tf @@ -0,0 +1,3 @@ +data "github_labels" "test" { + repository = "example_repository" +} diff --git a/examples/data-sources/membership/example_1.tf b/examples/data-sources/membership/example_1.tf new file mode 100644 index 0000000000..aaeeb72bdf --- /dev/null +++ b/examples/data-sources/membership/example_1.tf @@ -0,0 +1,3 @@ +data "github_membership" "membership_for_some_user" { + username = "SomeUser" +} diff --git a/examples/data-sources/organization/example_1.tf b/examples/data-sources/organization/example_1.tf new file mode 100644 index 0000000000..8c59e7f212 --- /dev/null +++ b/examples/data-sources/organization/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization" "example" { + name = "github" +} diff --git a/examples/data-sources/organization_custom_properties/example_1.tf b/examples/data-sources/organization_custom_properties/example_1.tf new file mode 100644 index 0000000000..5bda02686d --- /dev/null +++ b/examples/data-sources/organization_custom_properties/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization_custom_properties" "environment" { + property_name = "environment" +} diff --git a/examples/data-sources/organization_custom_role/example_1.tf b/examples/data-sources/organization_custom_role/example_1.tf new file mode 100644 index 0000000000..469a9d2f16 --- /dev/null +++ b/examples/data-sources/organization_custom_role/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization_custom_role" "example" { + name = "example" +} diff --git a/examples/data-sources/organization_external_identities/example_1.tf b/examples/data-sources/organization_external_identities/example_1.tf new file mode 100644 index 0000000000..3111709a63 --- /dev/null +++ b/examples/data-sources/organization_external_identities/example_1.tf @@ -0,0 +1 @@ +data "github_organization_external_identities" "all" {} diff --git a/examples/data-sources/organization_ip_allow_list/example_1.tf b/examples/data-sources/organization_ip_allow_list/example_1.tf new file mode 100644 index 0000000000..b86d8115a0 --- /dev/null +++ b/examples/data-sources/organization_ip_allow_list/example_1.tf @@ -0,0 +1 @@ +data "github_organization_ip_allow_list" "all" {} diff --git a/examples/data-sources/organization_repository_role/example_1.tf b/examples/data-sources/organization_repository_role/example_1.tf new file mode 100644 index 0000000000..52b359b824 --- /dev/null +++ b/examples/data-sources/organization_repository_role/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization_repository_role" "example" { + role_id = 1234 +} diff --git a/examples/data-sources/organization_repository_roles/example_1.tf b/examples/data-sources/organization_repository_roles/example_1.tf new file mode 100644 index 0000000000..83ac79284c --- /dev/null +++ b/examples/data-sources/organization_repository_roles/example_1.tf @@ -0,0 +1,2 @@ +data "github_organization_repository_roles" "example" { +} diff --git a/examples/data-sources/organization_role/example_1.tf b/examples/data-sources/organization_role/example_1.tf new file mode 100644 index 0000000000..b747f2df0d --- /dev/null +++ b/examples/data-sources/organization_role/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization_role" "example" { + role_id = 1234 +} diff --git a/examples/data-sources/organization_role_teams/example_1.tf b/examples/data-sources/organization_role_teams/example_1.tf new file mode 100644 index 0000000000..23721f4648 --- /dev/null +++ b/examples/data-sources/organization_role_teams/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization_role_teams" "example" { + role_id = 1234 +} diff --git a/examples/data-sources/organization_role_users/example_1.tf b/examples/data-sources/organization_role_users/example_1.tf new file mode 100644 index 0000000000..62e2554343 --- /dev/null +++ b/examples/data-sources/organization_role_users/example_1.tf @@ -0,0 +1,3 @@ +data "github_organization_role_users" "example" { + role_id = 1234 +} diff --git a/examples/data-sources/organization_roles/example_1.tf b/examples/data-sources/organization_roles/example_1.tf new file mode 100644 index 0000000000..ad06a5fd68 --- /dev/null +++ b/examples/data-sources/organization_roles/example_1.tf @@ -0,0 +1,2 @@ +data "github_organization_roles" "example" { +} diff --git a/examples/data-sources/organization_security_managers/example_1.tf b/examples/data-sources/organization_security_managers/example_1.tf new file mode 100644 index 0000000000..a8cb38d5a8 --- /dev/null +++ b/examples/data-sources/organization_security_managers/example_1.tf @@ -0,0 +1 @@ +data "github_organization_security_managers" "test" {} diff --git a/examples/data-sources/organization_team_sync_groups/example_1.tf b/examples/data-sources/organization_team_sync_groups/example_1.tf new file mode 100644 index 0000000000..19c77b153c --- /dev/null +++ b/examples/data-sources/organization_team_sync_groups/example_1.tf @@ -0,0 +1 @@ +data "github_organization_team_sync_groups" "test" {} diff --git a/examples/data-sources/organization_teams/example_1.tf b/examples/data-sources/organization_teams/example_1.tf new file mode 100644 index 0000000000..29688f01f4 --- /dev/null +++ b/examples/data-sources/organization_teams/example_1.tf @@ -0,0 +1 @@ +data "github_organization_teams" "all" {} diff --git a/examples/data-sources/organization_teams/example_2.tf b/examples/data-sources/organization_teams/example_2.tf new file mode 100644 index 0000000000..10ad7ef2c5 --- /dev/null +++ b/examples/data-sources/organization_teams/example_2.tf @@ -0,0 +1,3 @@ +data "github_organization_teams" "root_teams" { + root_teams_only = true +} diff --git a/examples/data-sources/organization_webhooks/example_1.tf b/examples/data-sources/organization_webhooks/example_1.tf new file mode 100644 index 0000000000..89b1a08651 --- /dev/null +++ b/examples/data-sources/organization_webhooks/example_1.tf @@ -0,0 +1 @@ +data "github_organization_webhooks" "all" {} diff --git a/examples/data-sources/ref/example_1.tf b/examples/data-sources/ref/example_1.tf new file mode 100644 index 0000000000..cc0d570d41 --- /dev/null +++ b/examples/data-sources/ref/example_1.tf @@ -0,0 +1,5 @@ +data "github_ref" "development" { + owner = "example" + repository = "example" + ref = "heads/development" +} diff --git a/examples/data-sources/release/example_1.tf b/examples/data-sources/release/example_1.tf new file mode 100644 index 0000000000..48f1b7f6b7 --- /dev/null +++ b/examples/data-sources/release/example_1.tf @@ -0,0 +1,5 @@ +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "latest" +} diff --git a/examples/data-sources/release/example_2.tf b/examples/data-sources/release/example_2.tf new file mode 100644 index 0000000000..22a2088a31 --- /dev/null +++ b/examples/data-sources/release/example_2.tf @@ -0,0 +1,6 @@ +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "id" + id = 12345 +} diff --git a/examples/data-sources/release/example_3.tf b/examples/data-sources/release/example_3.tf new file mode 100644 index 0000000000..832dfb4622 --- /dev/null +++ b/examples/data-sources/release/example_3.tf @@ -0,0 +1,6 @@ +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "tag" + release_tag = "v1.0.0" +} diff --git a/examples/data-sources/release_asset/example_1.tf b/examples/data-sources/release_asset/example_1.tf new file mode 100644 index 0000000000..2b7f90fc0a --- /dev/null +++ b/examples/data-sources/release_asset/example_1.tf @@ -0,0 +1,5 @@ +data "github_release_asset" "example" { + repository = "example-repository" + owner = "example-owner" + asset_id = 12345 +} diff --git a/examples/data-sources/release_asset/example_2.tf b/examples/data-sources/release_asset/example_2.tf new file mode 100644 index 0000000000..d250fa17a7 --- /dev/null +++ b/examples/data-sources/release_asset/example_2.tf @@ -0,0 +1,6 @@ +data "github_release_asset" "example" { + repository = "example-repository" + owner = "example-owner" + asset_id = 12345 + download_file = true +} diff --git a/examples/data-sources/release_asset/example_3.tf b/examples/data-sources/release_asset/example_3.tf new file mode 100644 index 0000000000..3318883e64 --- /dev/null +++ b/examples/data-sources/release_asset/example_3.tf @@ -0,0 +1,11 @@ +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "latest" +} + +data "github_release_asset" "example" { + repository = "example-repository" + owner = "example-owner" + asset_id = data.github_release.example.assets[0].id +} diff --git a/examples/data-sources/release_asset/example_4.tf b/examples/data-sources/release_asset/example_4.tf new file mode 100644 index 0000000000..a327d30be7 --- /dev/null +++ b/examples/data-sources/release_asset/example_4.tf @@ -0,0 +1,12 @@ +data "github_release" "example" { + repository = "example-repository" + owner = "example-owner" + retrieve_by = "latest" +} + +data "github_release_asset" "example" { + count = length(data.github_release.example.assets) + repository = "example-repository" + owner = "example-owner" + asset_id = data.github_release.example.assets[count.index].id +} diff --git a/examples/data-sources/repositories/example_1.tf b/examples/data-sources/repositories/example_1.tf new file mode 100644 index 0000000000..03e246705e --- /dev/null +++ b/examples/data-sources/repositories/example_1.tf @@ -0,0 +1,4 @@ +data "github_repositories" "example" { + query = "org:hashicorp language:Go" + include_repo_id = true +} diff --git a/examples/data-sources/repository/example_1.tf b/examples/data-sources/repository/example_1.tf new file mode 100644 index 0000000000..f1a2db8b84 --- /dev/null +++ b/examples/data-sources/repository/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository" "example" { + full_name = "hashicorp/terraform" +} diff --git a/examples/data-sources/repository_autolink_references/example_1.tf b/examples/data-sources/repository_autolink_references/example_1.tf new file mode 100644 index 0000000000..b2a6b64e6b --- /dev/null +++ b/examples/data-sources/repository_autolink_references/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_autolink_references" "example" { + repository = "example-repository" +} diff --git a/examples/data-sources/repository_branches/example_1.tf b/examples/data-sources/repository_branches/example_1.tf new file mode 100644 index 0000000000..733508faec --- /dev/null +++ b/examples/data-sources/repository_branches/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_branches" "example" { + repository = "example-repository" +} diff --git a/examples/data-sources/repository_custom_properties/example_1.tf b/examples/data-sources/repository_custom_properties/example_1.tf new file mode 100644 index 0000000000..81700d6fb9 --- /dev/null +++ b/examples/data-sources/repository_custom_properties/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_custom_properties" "example" { + repository = "example-repository" +} diff --git a/examples/data-sources/repository_deploy_keys/example_1.tf b/examples/data-sources/repository_deploy_keys/example_1.tf new file mode 100644 index 0000000000..c5c13993df --- /dev/null +++ b/examples/data-sources/repository_deploy_keys/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_deploy_keys" "example" { + repository = "example-repository" +} diff --git a/examples/data-sources/repository_deployment_branch_policies/example_1.tf b/examples/data-sources/repository_deployment_branch_policies/example_1.tf new file mode 100644 index 0000000000..3af736d213 --- /dev/null +++ b/examples/data-sources/repository_deployment_branch_policies/example_1.tf @@ -0,0 +1,4 @@ +data "github_repository_deployment_branch_policies" "example" { + repository = "example-repository" + environment_name = "env_name" +} diff --git a/examples/data-sources/repository_environment_deployment_policies/example_1.tf b/examples/data-sources/repository_environment_deployment_policies/example_1.tf new file mode 100644 index 0000000000..6fcfaecfee --- /dev/null +++ b/examples/data-sources/repository_environment_deployment_policies/example_1.tf @@ -0,0 +1,4 @@ +data "github_repository_environment_deployment_policies" "example" { + repository = "example-repository" + environment = "env-name" +} diff --git a/examples/data-sources/repository_environments/example_1.tf b/examples/data-sources/repository_environments/example_1.tf new file mode 100644 index 0000000000..cd390dbf9a --- /dev/null +++ b/examples/data-sources/repository_environments/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_environments" "example" { + repository = "example-repository" +} diff --git a/examples/data-sources/repository_file/example_1.tf b/examples/data-sources/repository_file/example_1.tf new file mode 100644 index 0000000000..3729961433 --- /dev/null +++ b/examples/data-sources/repository_file/example_1.tf @@ -0,0 +1,6 @@ +data "github_repository_file" "foo" { + repository = github_repository.foo.name + branch = "main" + file = ".gitignore" +} + diff --git a/examples/data-sources/repository_milestone/example_1.tf b/examples/data-sources/repository_milestone/example_1.tf new file mode 100644 index 0000000000..a30c7a14eb --- /dev/null +++ b/examples/data-sources/repository_milestone/example_1.tf @@ -0,0 +1,5 @@ +data "github_repository_milestone" "example" { + owner = "example-owner" + repository = "example-repository" + number = 1 +} diff --git a/examples/data-sources/repository_pull_request/example_1.tf b/examples/data-sources/repository_pull_request/example_1.tf new file mode 100644 index 0000000000..4f4d7fc269 --- /dev/null +++ b/examples/data-sources/repository_pull_request/example_1.tf @@ -0,0 +1,4 @@ +data "github_repository_pull_request" "example" { + base_repository = "example_repository" + number = 1 +} diff --git a/examples/data-sources/repository_pull_requests/example_1.tf b/examples/data-sources/repository_pull_requests/example_1.tf new file mode 100644 index 0000000000..aeed51df5a --- /dev/null +++ b/examples/data-sources/repository_pull_requests/example_1.tf @@ -0,0 +1,7 @@ +data "github_repository_pull_requests" "example" { + base_repository = "example-repository" + base_ref = "main" + sort_by = "updated" + sort_direction = "desc" + state = "open" +} diff --git a/examples/data-sources/repository_teams/example_1.tf b/examples/data-sources/repository_teams/example_1.tf new file mode 100644 index 0000000000..f507ba7a3f --- /dev/null +++ b/examples/data-sources/repository_teams/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_teams" "example" { + name = "example" +} diff --git a/examples/data-sources/repository_webhooks/example_1.tf b/examples/data-sources/repository_webhooks/example_1.tf new file mode 100644 index 0000000000..d740a8a02f --- /dev/null +++ b/examples/data-sources/repository_webhooks/example_1.tf @@ -0,0 +1,3 @@ +data "github_repository_webhooks" "repo" { + repository = "foo" +} diff --git a/examples/data-sources/rest_api/example_1.tf b/examples/data-sources/rest_api/example_1.tf new file mode 100644 index 0000000000..c0a2ca49cc --- /dev/null +++ b/examples/data-sources/rest_api/example_1.tf @@ -0,0 +1,3 @@ +data "github_rest_api" "example" { + endpoint = "repos/example_repo/git/refs/heads/main" +} diff --git a/examples/data-sources/ssh_keys/example_1.tf b/examples/data-sources/ssh_keys/example_1.tf new file mode 100644 index 0000000000..72159b2f54 --- /dev/null +++ b/examples/data-sources/ssh_keys/example_1.tf @@ -0,0 +1 @@ +data "github_ssh_keys" "test" {} diff --git a/examples/data-sources/team/example_1.tf b/examples/data-sources/team/example_1.tf new file mode 100644 index 0000000000..9769d1b1e4 --- /dev/null +++ b/examples/data-sources/team/example_1.tf @@ -0,0 +1,3 @@ +data "github_team" "example" { + slug = "example" +} diff --git a/examples/data-sources/tree/example_1.tf b/examples/data-sources/tree/example_1.tf new file mode 100644 index 0000000000..f071612178 --- /dev/null +++ b/examples/data-sources/tree/example_1.tf @@ -0,0 +1,19 @@ +data "github_repository" "this" { + name = "example" +} + +data "github_branch" "this" { + branch = data.github_repository.this.default_branch + repository = data.github_repository.this.name +} + +data "github_tree" "this" { + recursive = false + repository = data.github_repository.this.name + tree_sha = data.github_branch.this.sha +} + +output "entries" { + value = data.github_tree.this.entries +} + diff --git a/examples/data-sources/user/example_1.tf b/examples/data-sources/user/example_1.tf new file mode 100644 index 0000000000..ed02deb62a --- /dev/null +++ b/examples/data-sources/user/example_1.tf @@ -0,0 +1,14 @@ +# Retrieve information about a GitHub user. +data "github_user" "example" { + username = "example" +} + +# Retrieve information about the currently authenticated user. +data "github_user" "current" { + username = "" +} + +output "current_github_login" { + value = data.github_user.current.login +} + diff --git a/examples/data-sources/user_external_identity/example_1.tf b/examples/data-sources/user_external_identity/example_1.tf new file mode 100644 index 0000000000..c4df822cd5 --- /dev/null +++ b/examples/data-sources/user_external_identity/example_1.tf @@ -0,0 +1,3 @@ +data "github_user_external_identity" "example_user" { + username = "example-user" +} diff --git a/examples/data-sources/users/example_1.tf b/examples/data-sources/users/example_1.tf new file mode 100644 index 0000000000..ab3d3faae0 --- /dev/null +++ b/examples/data-sources/users/example_1.tf @@ -0,0 +1,12 @@ +# Retrieve information about multiple GitHub users. +data "github_users" "example" { + usernames = ["example1", "example2", "example3"] +} + +output "valid_users" { + value = data.github_users.example.logins +} + +output "invalid_users" { + value = data.github_users.example.unknown_logins +} diff --git a/examples/enterprise_settings/README.md b/examples/enterprise_settings/README.md index 3a6bd9ae57..7d51a2261d 100644 --- a/examples/enterprise_settings/README.md +++ b/examples/enterprise_settings/README.md @@ -40,7 +40,7 @@ terraform apply # Allow all actions for all organizations resource "github_enterprise_actions_permissions" "basic" { enterprise_slug = "my-enterprise" - + enabled_organizations = "all" allowed_actions = "all" } @@ -48,7 +48,7 @@ resource "github_enterprise_actions_permissions" "basic" { # Use restrictive workflow permissions resource "github_enterprise_actions_workflow_permissions" "basic" { enterprise_slug = "my-enterprise" - + default_workflow_permissions = "read" can_approve_pull_request_reviews = false } @@ -60,10 +60,10 @@ resource "github_enterprise_actions_workflow_permissions" "basic" { # Selective actions and organizations resource "github_enterprise_actions_permissions" "advanced" { enterprise_slug = "my-enterprise" - + enabled_organizations = "selected" allowed_actions = "selected" - + allowed_actions_config { github_owned_allowed = true verified_allowed = true @@ -73,7 +73,7 @@ resource "github_enterprise_actions_permissions" "advanced" { "my-org/custom-action@v1" ] } - + enabled_organizations_config { organization_ids = [123456, 789012] # Replace with actual org IDs } @@ -82,7 +82,7 @@ resource "github_enterprise_actions_permissions" "advanced" { # More permissive workflow settings resource "github_enterprise_actions_workflow_permissions" "advanced" { enterprise_slug = "my-enterprise" - + default_workflow_permissions = "write" can_approve_pull_request_reviews = true } @@ -91,13 +91,16 @@ resource "github_enterprise_actions_workflow_permissions" "advanced" { ## Available Enterprise Resources ### Actions & Workflow Management + - **`github_enterprise_actions_permissions`** - Controls which organizations can use GitHub Actions and which actions are allowed to run - **`github_enterprise_actions_workflow_permissions`** - Manages default GITHUB_TOKEN permissions and whether GitHub Actions can approve pull requests ### Security & Analysis + - **`github_enterprise_security_analysis_settings`** - Manages Advanced Security, secret scanning, and code analysis features for new repositories ### Additional Resources (Available) + - **`github_enterprise_actions_runner_group`** - Manages enterprise-level runner groups for GitHub Actions ## Security Recommendations @@ -167,6 +170,7 @@ terraform import github_enterprise_settings.example my-enterprise ### Verification After applying, verify settings in the GitHub Enterprise dashboard: + 1. Go to your enterprise settings 2. Navigate to "Policies" > "Actions" -3. Check that the configured settings match your Terraform configuration \ No newline at end of file +3. Check that the configured settings match your Terraform configuration diff --git a/examples/enterprise_settings/main.tf b/examples/enterprise_settings/main.tf index 695b47a35d..a7ab7eb095 100644 --- a/examples/enterprise_settings/main.tf +++ b/examples/enterprise_settings/main.tf @@ -25,9 +25,9 @@ variable "enterprise_slug" { # Basic Enterprise Actions Permissions - Allow all actions for all organizations resource "github_enterprise_actions_permissions" "basic" { enterprise_slug = var.enterprise_slug - + enabled_organizations = "all" - allowed_actions = "all" + allowed_actions = "all" } # Basic Enterprise Workflow Permissions - Restrictive settings @@ -41,17 +41,17 @@ resource "github_enterprise_actions_workflow_permissions" "basic" { # Advanced Enterprise Actions Permissions - Selective configuration resource "github_enterprise_actions_permissions" "advanced" { enterprise_slug = var.enterprise_slug - + enabled_organizations = "selected" - allowed_actions = "selected" - + allowed_actions = "selected" + # Configure allowed actions when "selected" policy is used allowed_actions_config { github_owned_allowed = true verified_allowed = true patterns_allowed = [ "actions/cache@*", - "actions/checkout@*", + "actions/checkout@*", "actions/setup-node@*", "actions/setup-python@*", "actions/upload-artifact@*", @@ -59,7 +59,7 @@ resource "github_enterprise_actions_permissions" "advanced" { "my-org/custom-action@v1" ] } - + # Configure enabled organizations when "selected" policy is used enabled_organizations_config { organization_ids = [123456, 789012] # Replace with actual org IDs @@ -77,12 +77,12 @@ resource "github_enterprise_actions_workflow_permissions" "advanced" { # Security Analysis Settings - Enable security features for new repositories resource "github_enterprise_security_analysis_settings" "example" { enterprise_slug = var.enterprise_slug - - advanced_security_enabled_for_new_repositories = true - secret_scanning_enabled_for_new_repositories = true + + advanced_security_enabled_for_new_repositories = true + secret_scanning_enabled_for_new_repositories = true secret_scanning_push_protection_enabled_for_new_repositories = true - secret_scanning_validity_checks_enabled = true - secret_scanning_push_protection_custom_link = "https://octokit.com/security-help" + secret_scanning_validity_checks_enabled = true + secret_scanning_push_protection_custom_link = "https://octokit.com/security-help" } output "basic_enterprise_actions" { @@ -90,7 +90,7 @@ output "basic_enterprise_actions" { value = { enterprise_slug = github_enterprise_actions_permissions.basic.enterprise_slug enabled_organizations = github_enterprise_actions_permissions.basic.enabled_organizations - allowed_actions = github_enterprise_actions_permissions.basic.allowed_actions + allowed_actions = github_enterprise_actions_permissions.basic.allowed_actions } } @@ -108,7 +108,7 @@ output "advanced_enterprise_actions" { value = { enterprise_slug = github_enterprise_actions_permissions.advanced.enterprise_slug enabled_organizations = github_enterprise_actions_permissions.advanced.enabled_organizations - allowed_actions = github_enterprise_actions_permissions.advanced.allowed_actions + allowed_actions = github_enterprise_actions_permissions.advanced.allowed_actions } } diff --git a/examples/example_1.tf b/examples/example_1.tf new file mode 100644 index 0000000000..285894e915 --- /dev/null +++ b/examples/example_1.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + github = { + source = "integrations/github" + version = "~> 6.0" + } + } +} + +# Configure the GitHub Provider +provider "github" {} + +# Add a user to the organization +resource "github_membership" "membership_for_user_x" { + # ... +} diff --git a/examples/example_2.tf b/examples/example_2.tf new file mode 100644 index 0000000000..247641b8a0 --- /dev/null +++ b/examples/example_2.tf @@ -0,0 +1,9 @@ +# Configure the GitHub Provider +provider "github" { + version = "~> 5.0" +} + +# Add a user to the organization +resource "github_membership" "membership_for_user_x" { + # ... +} diff --git a/examples/example_3.tf b/examples/example_3.tf new file mode 100644 index 0000000000..0e0f42fb61 --- /dev/null +++ b/examples/example_3.tf @@ -0,0 +1,3 @@ +provider "github" { + token = var.token # or `GITHUB_TOKEN` +} diff --git a/examples/example_4.tf b/examples/example_4.tf new file mode 100644 index 0000000000..abf529aae9 --- /dev/null +++ b/examples/example_4.tf @@ -0,0 +1,8 @@ +provider "github" { + owner = var.github_organization + app_auth { + id = var.app_id # or `GITHUB_APP_ID` + installation_id = var.app_installation_id # or `GITHUB_APP_INSTALLATION_ID` + pem_file = var.app_pem_file # or `GITHUB_APP_PEM_FILE` + } +} diff --git a/examples/example_5.tf b/examples/example_5.tf new file mode 100644 index 0000000000..0c3fb2cfd9 --- /dev/null +++ b/examples/example_5.tf @@ -0,0 +1,4 @@ +provider "github" { + owner = var.github_organization + app_auth {} # When using `GITHUB_APP_XXX` environment variables +} diff --git a/examples/hosted_runner/main.tf b/examples/hosted_runner/main.tf index 0f1838cb40..435724ef9b 100644 --- a/examples/hosted_runner/main.tf +++ b/examples/hosted_runner/main.tf @@ -8,9 +8,9 @@ resource "github_actions_runner_group" "example" { # The image ID is numeric, not a string like "ubuntu-latest" resource "github_actions_hosted_runner" "example" { name = "example-hosted-runner" - + image { - id = "2306" # Ubuntu Latest (24.04) - query your org for available IDs + id = "2306" # Ubuntu Latest (24.04) - query your org for available IDs source = "github" } @@ -21,9 +21,9 @@ resource "github_actions_hosted_runner" "example" { # Advanced example with optional parameters resource "github_actions_hosted_runner" "advanced" { name = "advanced-hosted-runner" - + image { - id = "2306" # Ubuntu Latest (24.04) - query your org for available IDs + id = "2306" # Ubuntu Latest (24.04) - query your org for available IDs source = "github" } diff --git a/examples/organization_security_manager/README.md b/examples/organization_security_manager/README.md index 249708bfb6..af07360890 100644 --- a/examples/organization_security_manager/README.md +++ b/examples/organization_security_manager/README.md @@ -3,6 +3,7 @@ This example demonstrates creating an organization security manager team. It will: + - Create a team with the specified `team_name` in the specified `owner` organization - Assign the organization security manager role to the team diff --git a/examples/release/README.md b/examples/release/README.md index 573afe0891..d1ed586225 100644 --- a/examples/release/README.md +++ b/examples/release/README.md @@ -2,7 +2,7 @@ This displays retrieval of a GitHub release. -This example will look up a GitHub release available to the specified `owner` organization or a personal account. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will look up a GitHub release available to the specified `owner` organization or a personal account. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: @@ -13,6 +13,8 @@ export RELEASE_OWNER= export RELEASE_REPOSITORY= export RELEASE_TAG= ``` + + ```console terraform apply \ -var "organization=${GITHUB_ORG}" \ diff --git a/examples/repository_collaborator/README.md b/examples/repository_collaborator/README.md index 49ff4d3d0e..12c47ae0fe 100644 --- a/examples/repository_collaborator/README.md +++ b/examples/repository_collaborator/README.md @@ -2,7 +2,7 @@ This provides a template for managing [repository collaborators](https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/inviting-collaborators-to-a-personal-repository). -This example will also create a repository in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will also create a repository in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: diff --git a/examples/repository_delete_branch_on_merge/README.md b/examples/repository_delete_branch_on_merge/README.md index 0d42a2c731..94fbae9559 100644 --- a/examples/repository_delete_branch_on_merge/README.md +++ b/examples/repository_delete_branch_on_merge/README.md @@ -2,7 +2,7 @@ This displays configurability of the `delete_branch_on_merge` feature for GitHub repositories. -This example will create a repository in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will create a repository in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: diff --git a/examples/repository_non_org_owner/README.md b/examples/repository_non_org_owner/README.md index ca2d99bb6b..7000b55a57 100644 --- a/examples/repository_non_org_owner/README.md +++ b/examples/repository_non_org_owner/README.md @@ -2,7 +2,7 @@ This displays repository management for non-organization GitHub accounts. -This example will create a repository in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will create a repository in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: diff --git a/examples/repository_org_internal/README.md b/examples/repository_org_internal/README.md index 20c5fa91e5..706c58f934 100644 --- a/examples/repository_org_internal/README.md +++ b/examples/repository_org_internal/README.md @@ -2,7 +2,7 @@ This demos various repository [visibility settings](https://help.github.com/en/github/administering-a-repository/setting-repository-visibility) for repositories. -This example will create a repository in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will create a repository in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. In order to build the provider for use with this example, see [Building the Provider docs](https://github.com/integrations/terraform-provider-github/blob/master/CONTRIBUTING.md#building-the-provider) diff --git a/examples/repository_security_and_analysis/README.md b/examples/repository_security_and_analysis/README.md index 074f68e824..ff74f54de7 100644 --- a/examples/repository_security_and_analysis/README.md +++ b/examples/repository_security_and_analysis/README.md @@ -1,8 +1,8 @@ # Repository Visibility Example -This demos setting `security_and_analysis` for a repository. See https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository for details on what these settings do. +This demos setting `security_and_analysis` for a repository. See for details on what these settings do. -This example will create a repositories in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will create a repositories in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: @@ -15,4 +15,4 @@ export GITHUB_TOKEN= terraform apply \ -var "owner=${GITHUB_OWNER}" \ -var "github_token=${GITHUB_TOKEN}" -``` \ No newline at end of file +``` diff --git a/examples/repository_team/README.md b/examples/repository_team/README.md index e81708d4bb..6d9df73fae 100644 --- a/examples/repository_team/README.md +++ b/examples/repository_team/README.md @@ -1,8 +1,8 @@ # Repository Team Example -This demos populating a repository with a team. +This demos populating a repository with a team. -This example will create a repositories in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will create a repositories in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: diff --git a/examples/repository_visibility/README.md b/examples/repository_visibility/README.md index 28bfad39b6..b1e5ccbefa 100644 --- a/examples/repository_visibility/README.md +++ b/examples/repository_visibility/README.md @@ -2,7 +2,7 @@ This demos various repository [visibility settings](https://help.github.com/en/github/administering-a-repository/setting-repository-visibility) for repositories. -This example will create a repositories in the specified `owner` organization. See https://www.terraform.io/docs/providers/github/index.html for details on configuring [`providers.tf`](./providers.tf) accordingly. +This example will create a repositories in the specified `owner` organization. See for details on configuring [`providers.tf`](./providers.tf) accordingly. Alternatively, you may use variables passed via command line: diff --git a/examples/resources/actions_environment_secret/example_1.tf b/examples/resources/actions_environment_secret/example_1.tf new file mode 100644 index 0000000000..8b17f7632c --- /dev/null +++ b/examples/resources/actions_environment_secret/example_1.tf @@ -0,0 +1,14 @@ +resource "github_actions_environment_secret" "example_plaintext" { + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + plaintext_value = "example-value" +} + +resource "github_actions_environment_secret" "example_encrypted" { + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + key_id = var.key_id + encrypted_value = var.encrypted_secret_string +} diff --git a/examples/resources/actions_environment_secret/example_2.tf b/examples/resources/actions_environment_secret/example_2.tf new file mode 100644 index 0000000000..3e0fbb9ec1 --- /dev/null +++ b/examples/resources/actions_environment_secret/example_2.tf @@ -0,0 +1,15 @@ +data "github_repository" "example" { + full_name = "my-org/repo" +} + +resource "github_repository_environment" "example_plaintext" { + repository = data.github_repository.example.name + environment = "example-environment" +} + +resource "github_actions_environment_secret" "example_encrypted" { + repository = data.github_repository.example.name + environment = github_repository_environment.example.environment + secret_name = "test_secret_name" + plaintext_value = "example-value" +} diff --git a/examples/resources/actions_environment_secret/example_3.tf b/examples/resources/actions_environment_secret/example_3.tf new file mode 100644 index 0000000000..a622c1b1b9 --- /dev/null +++ b/examples/resources/actions_environment_secret/example_3.tf @@ -0,0 +1,10 @@ +resource "github_actions_environment_secret" "example_allow_drift" { + repository = "example-repo" + environment = "example-environment" + secret_name = "example_secret_name" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} diff --git a/examples/resources/actions_environment_secret/example_4.tf b/examples/resources/actions_environment_secret/example_4.tf new file mode 100644 index 0000000000..d832c9bc01 --- /dev/null +++ b/examples/resources/actions_environment_secret/example_4.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_environment_secret.example + id = "myrepo:myenv:mysecret" +} diff --git a/examples/resources/actions_environment_variable/example_1.tf b/examples/resources/actions_environment_variable/example_1.tf new file mode 100644 index 0000000000..52da906824 --- /dev/null +++ b/examples/resources/actions_environment_variable/example_1.tf @@ -0,0 +1,6 @@ +resource "github_actions_environment_variable" "example" { + repository = "example-repo" + environment = "example-environment" + variable_name = "example_variable_name" + value = "example-value" +} diff --git a/examples/resources/actions_environment_variable/example_2.tf b/examples/resources/actions_environment_variable/example_2.tf new file mode 100644 index 0000000000..bf90f30a5a --- /dev/null +++ b/examples/resources/actions_environment_variable/example_2.tf @@ -0,0 +1,15 @@ +data "github_repository" "example" { + full_name = "my-org/repo" +} + +resource "github_repository_environment" "example" { + repository = data.github_repository.example.name + environment = "example_environment" +} + +resource "github_actions_environment_variable" "example" { + repository = data.github_repository.example.name + environment = github_repository_environment.example.environment + variable_name = "example_variable_name" + value = "example-value" +} diff --git a/examples/resources/actions_environment_variable/example_3.tf b/examples/resources/actions_environment_variable/example_3.tf new file mode 100644 index 0000000000..0677166071 --- /dev/null +++ b/examples/resources/actions_environment_variable/example_3.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_environment_variable.example + id = "myrepo:myenv:myvariable" +} diff --git a/examples/resources/actions_hosted_runner/example_1.tf b/examples/resources/actions_hosted_runner/example_1.tf new file mode 100644 index 0000000000..ef5ae400c3 --- /dev/null +++ b/examples/resources/actions_hosted_runner/example_1.tf @@ -0,0 +1,16 @@ +resource "github_actions_runner_group" "example" { + name = "example-runner-group" + visibility = "all" +} + +resource "github_actions_hosted_runner" "example" { + name = "example-hosted-runner" + + image { + id = "2306" + source = "github" + } + + size = "4-core" + runner_group_id = github_actions_runner_group.example.id +} diff --git a/examples/resources/actions_hosted_runner/example_2.tf b/examples/resources/actions_hosted_runner/example_2.tf new file mode 100644 index 0000000000..ee7e3f69f7 --- /dev/null +++ b/examples/resources/actions_hosted_runner/example_2.tf @@ -0,0 +1,18 @@ +resource "github_actions_runner_group" "advanced" { + name = "advanced-runner-group" + visibility = "selected" +} + +resource "github_actions_hosted_runner" "advanced" { + name = "advanced-hosted-runner" + + image { + id = "2306" + source = "github" + } + + size = "8-core" + runner_group_id = github_actions_runner_group.advanced.id + maximum_runners = 10 + public_ip_enabled = true +} diff --git a/examples/resources/actions_hosted_runner/example_3.tf b/examples/resources/actions_hosted_runner/example_3.tf new file mode 100644 index 0000000000..195b7aeb8c --- /dev/null +++ b/examples/resources/actions_hosted_runner/example_3.tf @@ -0,0 +1,15 @@ +resource "github_actions_hosted_runner" "example" { + name = "example-hosted-runner" + + image { + id = "2306" + source = "github" + } + + size = "4-core" + runner_group_id = github_actions_runner_group.example.id + + timeouts { + delete = "15m" + } +} diff --git a/examples/resources/actions_organization_oidc_subject_claim_customization_template/example_1.tf b/examples/resources/actions_organization_oidc_subject_claim_customization_template/example_1.tf new file mode 100644 index 0000000000..ac86ab0f65 --- /dev/null +++ b/examples/resources/actions_organization_oidc_subject_claim_customization_template/example_1.tf @@ -0,0 +1,3 @@ +resource "github_actions_organization_oidc_subject_claim_customization_template" "example_template" { + include_claim_keys = ["actor", "context", "repository_owner"] +} diff --git a/examples/resources/actions_organization_permissions/example_1.tf b/examples/resources/actions_organization_permissions/example_1.tf new file mode 100644 index 0000000000..fa97dab7c7 --- /dev/null +++ b/examples/resources/actions_organization_permissions/example_1.tf @@ -0,0 +1,16 @@ +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_actions_organization_permissions" "test" { + allowed_actions = "selected" + enabled_repositories = "selected" + allowed_actions_config { + github_owned_allowed = true + patterns_allowed = ["actions/cache@*", "actions/checkout@*"] + verified_allowed = true + } + enabled_repositories_config { + repository_ids = [github_repository.example.repo_id] + } +} diff --git a/examples/resources/actions_organization_secret/example_1.tf b/examples/resources/actions_organization_secret/example_1.tf new file mode 100644 index 0000000000..2966a7d986 --- /dev/null +++ b/examples/resources/actions_organization_secret/example_1.tf @@ -0,0 +1,11 @@ +resource "github_actions_organization_secret" "example_plaintext" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = var.some_secret_string +} + +resource "github_actions_organization_secret" "example_encrypted" { + secret_name = "example_secret_name" + visibility = "all" + encrypted_value = var.some_encrypted_secret_string +} diff --git a/examples/resources/actions_organization_secret/example_2.tf b/examples/resources/actions_organization_secret/example_2.tf new file mode 100644 index 0000000000..f8326d6a10 --- /dev/null +++ b/examples/resources/actions_organization_secret/example_2.tf @@ -0,0 +1,17 @@ +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_actions_organization_secret" "example_encrypted" { + secret_name = "example_secret_name" + visibility = "selected" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_actions_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "selected" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} diff --git a/examples/resources/actions_organization_secret/example_3.tf b/examples/resources/actions_organization_secret/example_3.tf new file mode 100644 index 0000000000..0298d21782 --- /dev/null +++ b/examples/resources/actions_organization_secret/example_3.tf @@ -0,0 +1,9 @@ +resource "github_actions_organization_secret" "example_allow_drift" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} diff --git a/examples/resources/actions_organization_secret/example_4.tf b/examples/resources/actions_organization_secret/example_4.tf new file mode 100644 index 0000000000..01fbd76ede --- /dev/null +++ b/examples/resources/actions_organization_secret/example_4.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_organization_secret.example + id = "mysecret" +} diff --git a/examples/resources/actions_organization_secret_repositories/example_1.tf b/examples/resources/actions_organization_secret_repositories/example_1.tf new file mode 100644 index 0000000000..8fff9780cc --- /dev/null +++ b/examples/resources/actions_organization_secret_repositories/example_1.tf @@ -0,0 +1,15 @@ +resource "github_actions_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_secret_repositories" "example" { + secret_name = github_actions_organization_secret.example.name + selected_repository_ids = [github_repository.example.repo_id] +} diff --git a/examples/resources/actions_organization_secret_repositories/example_2.tf b/examples/resources/actions_organization_secret_repositories/example_2.tf new file mode 100644 index 0000000000..d6159c884e --- /dev/null +++ b/examples/resources/actions_organization_secret_repositories/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_organization_secret_repositories.example + id = "mysecret" +} diff --git a/examples/resources/actions_organization_secret_repository/example_1.tf b/examples/resources/actions_organization_secret_repository/example_1.tf new file mode 100644 index 0000000000..c7a9041937 --- /dev/null +++ b/examples/resources/actions_organization_secret_repository/example_1.tf @@ -0,0 +1,15 @@ +resource "github_actions_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_secret_repository" "example" { + secret_name = github_actions_organization_secret.example.name + repository_id = github_repository.example.repo_id +} diff --git a/examples/resources/actions_organization_secret_repository/example_2.tf b/examples/resources/actions_organization_secret_repository/example_2.tf new file mode 100644 index 0000000000..70a81dbfa7 --- /dev/null +++ b/examples/resources/actions_organization_secret_repository/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_organization_secret_repository.example + id = "mysecret:123456" +} diff --git a/examples/resources/actions_organization_variable/example_1.tf b/examples/resources/actions_organization_variable/example_1.tf new file mode 100644 index 0000000000..f6ce615735 --- /dev/null +++ b/examples/resources/actions_organization_variable/example_1.tf @@ -0,0 +1,5 @@ +resource "github_actions_organization_variable" "example_variable" { + variable_name = "example_variable_name" + visibility = "private" + value = "example_variable_value" +} diff --git a/examples/resources/actions_organization_variable/example_2.tf b/examples/resources/actions_organization_variable/example_2.tf new file mode 100644 index 0000000000..cb19a329da --- /dev/null +++ b/examples/resources/actions_organization_variable/example_2.tf @@ -0,0 +1,10 @@ +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_actions_organization_variable" "example_variable" { + variable_name = "example_variable_name" + visibility = "selected" + value = "example_variable_value" + selected_repository_ids = [data.github_repository.repo.repo_id] +} diff --git a/examples/resources/actions_organization_variable/example_3.tf b/examples/resources/actions_organization_variable/example_3.tf new file mode 100644 index 0000000000..cb11903e03 --- /dev/null +++ b/examples/resources/actions_organization_variable/example_3.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_organization_variable.example + id = "myvariable" +} diff --git a/examples/resources/actions_organization_variable_repositories/example_1.tf b/examples/resources/actions_organization_variable_repositories/example_1.tf new file mode 100644 index 0000000000..a5d19f1bb4 --- /dev/null +++ b/examples/resources/actions_organization_variable_repositories/example_1.tf @@ -0,0 +1,15 @@ +resource "github_actions_organization_variable" "example" { + variable_name = "myvariable" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_variable_repositories" "example" { + variable_name = github_actions_organization_variable.example.name + selected_repository_ids = [github_repository.example.repo_id] +} diff --git a/examples/resources/actions_organization_variable_repositories/example_2.tf b/examples/resources/actions_organization_variable_repositories/example_2.tf new file mode 100644 index 0000000000..b5eb3fff4b --- /dev/null +++ b/examples/resources/actions_organization_variable_repositories/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_organization_variable_repositories.example + id = "myvariable" +} diff --git a/examples/resources/actions_organization_variable_repository/example_1.tf b/examples/resources/actions_organization_variable_repository/example_1.tf new file mode 100644 index 0000000000..39531f0597 --- /dev/null +++ b/examples/resources/actions_organization_variable_repository/example_1.tf @@ -0,0 +1,15 @@ +resource "github_actions_organization_variable" "example" { + variable_name = "myvariable" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_actions_organization_variable_repository" "example" { + variable_name = github_actions_organization_variable.example.name + repository_id = github_repository.example.repo_id +} diff --git a/examples/resources/actions_organization_variable_repository/example_2.tf b/examples/resources/actions_organization_variable_repository/example_2.tf new file mode 100644 index 0000000000..cc1d45ca0c --- /dev/null +++ b/examples/resources/actions_organization_variable_repository/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_organization_variable_repository.example + id = "myvariable:123456" +} diff --git a/examples/resources/actions_organization_workflow_permissions/example_1.tf b/examples/resources/actions_organization_workflow_permissions/example_1.tf new file mode 100644 index 0000000000..db182194ca --- /dev/null +++ b/examples/resources/actions_organization_workflow_permissions/example_1.tf @@ -0,0 +1,15 @@ +# Basic workflow permissions configuration +resource "github_actions_organization_workflow_permissions" "example" { + organization_slug = "my-organization" + + default_workflow_permissions = "read" + can_approve_pull_request_reviews = false +} + +# Allow write permissions and PR approvals +resource "github_actions_organization_workflow_permissions" "permissive" { + organization_slug = "my-organization" + + default_workflow_permissions = "write" + can_approve_pull_request_reviews = true +} diff --git a/examples/resources/actions_repository_access_level/example_1.tf b/examples/resources/actions_repository_access_level/example_1.tf new file mode 100644 index 0000000000..6ea586b92d --- /dev/null +++ b/examples/resources/actions_repository_access_level/example_1.tf @@ -0,0 +1,9 @@ +resource "github_repository" "example" { + name = "my-repository" + visibility = "private" +} + +resource "github_actions_repository_access_level" "test" { + access_level = "user" + repository = github_repository.example.name +} diff --git a/examples/resources/actions_repository_oidc_subject_claim_customization_template/example_1.tf b/examples/resources/actions_repository_oidc_subject_claim_customization_template/example_1.tf new file mode 100644 index 0000000000..6dbbc9b32b --- /dev/null +++ b/examples/resources/actions_repository_oidc_subject_claim_customization_template/example_1.tf @@ -0,0 +1,9 @@ +resource "github_repository" "example" { + name = "example-repository" +} + +resource "github_actions_repository_oidc_subject_claim_customization_template" "example_template" { + repository = github_repository.example.name + use_default = false + include_claim_keys = ["actor", "context", "repository_owner"] +} diff --git a/examples/resources/actions_repository_permissions/example_1.tf b/examples/resources/actions_repository_permissions/example_1.tf new file mode 100644 index 0000000000..f5ca96575f --- /dev/null +++ b/examples/resources/actions_repository_permissions/example_1.tf @@ -0,0 +1,13 @@ +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_actions_repository_permissions" "test" { + allowed_actions = "selected" + allowed_actions_config { + github_owned_allowed = true + patterns_allowed = ["actions/cache@*", "actions/checkout@*"] + verified_allowed = true + } + repository = github_repository.example.name +} diff --git a/examples/resources/actions_runner_group/example_1.tf b/examples/resources/actions_runner_group/example_1.tf new file mode 100644 index 0000000000..88a1344df2 --- /dev/null +++ b/examples/resources/actions_runner_group/example_1.tf @@ -0,0 +1,9 @@ +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_actions_runner_group" "example" { + name = github_repository.example.name + visibility = "selected" + selected_repository_ids = [github_repository.example.repo_id] +} diff --git a/examples/resources/actions_secret/example_1.tf b/examples/resources/actions_secret/example_1.tf new file mode 100644 index 0000000000..f9e1d73dcd --- /dev/null +++ b/examples/resources/actions_secret/example_1.tf @@ -0,0 +1,11 @@ +resource "github_actions_secret" "example_plaintext" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string +} + +resource "github_actions_secret" "example_encrypted" { + repository = "example_repository" + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string +} diff --git a/examples/resources/actions_secret/example_2.tf b/examples/resources/actions_secret/example_2.tf new file mode 100644 index 0000000000..bc6e77a0a4 --- /dev/null +++ b/examples/resources/actions_secret/example_2.tf @@ -0,0 +1,9 @@ +resource "github_actions_secret" "example_allow_drift" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} diff --git a/examples/resources/actions_secret/example_3.tf b/examples/resources/actions_secret/example_3.tf new file mode 100644 index 0000000000..e3c387a977 --- /dev/null +++ b/examples/resources/actions_secret/example_3.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_secret.example + id = "myrepo:mysecret" +} diff --git a/examples/resources/actions_variable/example_1.tf b/examples/resources/actions_variable/example_1.tf new file mode 100644 index 0000000000..72dfdbb114 --- /dev/null +++ b/examples/resources/actions_variable/example_1.tf @@ -0,0 +1,5 @@ +resource "github_actions_variable" "example_variable" { + repository = "example_repository" + variable_name = "example_variable_name" + value = "example_variable_value" +} diff --git a/examples/resources/actions_variable/example_2.tf b/examples/resources/actions_variable/example_2.tf new file mode 100644 index 0000000000..3446ad0c97 --- /dev/null +++ b/examples/resources/actions_variable/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_actions_variable.example + id = "myrepo:myvariable" +} diff --git a/examples/resources/app_installation_repositories/example_1.tf b/examples/resources/app_installation_repositories/example_1.tf new file mode 100644 index 0000000000..e3d6086038 --- /dev/null +++ b/examples/resources/app_installation_repositories/example_1.tf @@ -0,0 +1,14 @@ +# Create some repositories. +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_repository" "another_repo" { + name = "another-repo" +} + +resource "github_app_installation_repositories" "some_app_repos" { + # The installation id of the app (in the organization). + installation_id = "1234567" + selected_repositories = [github_repository.some_repo.name, github_repository.another_repo.name] +} diff --git a/examples/resources/app_installation_repository/example_1.tf b/examples/resources/app_installation_repository/example_1.tf new file mode 100644 index 0000000000..c392cc7158 --- /dev/null +++ b/examples/resources/app_installation_repository/example_1.tf @@ -0,0 +1,10 @@ +# Create a repository. +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_app_installation_repository" "some_app_repo" { + # The installation id of the app (in the organization). + installation_id = "1234567" + repository = github_repository.some_repo.name +} diff --git a/examples/resources/branch/example_1.tf b/examples/resources/branch/example_1.tf new file mode 100644 index 0000000000..d6b2903047 --- /dev/null +++ b/examples/resources/branch/example_1.tf @@ -0,0 +1,4 @@ +resource "github_branch" "development" { + repository = "example" + branch = "development" +} diff --git a/examples/resources/branch_default/example_1.tf b/examples/resources/branch_default/example_1.tf new file mode 100644 index 0000000000..4606efe8ae --- /dev/null +++ b/examples/resources/branch_default/example_1.tf @@ -0,0 +1,15 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + auto_init = true +} + +resource "github_branch" "development" { + repository = github_repository.example.name + branch = "development" +} + +resource "github_branch_default" "default" { + repository = github_repository.example.name + branch = github_branch.development.branch +} diff --git a/examples/resources/branch_default/example_2.tf b/examples/resources/branch_default/example_2.tf new file mode 100644 index 0000000000..3974b93ca7 --- /dev/null +++ b/examples/resources/branch_default/example_2.tf @@ -0,0 +1,11 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + auto_init = true +} + +resource "github_branch_default" "default" { + repository = github_repository.example.name + branch = "development" + rename = true +} diff --git a/examples/resources/branch_protection/example_1.tf b/examples/resources/branch_protection/example_1.tf new file mode 100644 index 0000000000..d1fe8d96ac --- /dev/null +++ b/examples/resources/branch_protection/example_1.tf @@ -0,0 +1,69 @@ +# Protect the main branch of the foo repository. Additionally, require that +# the "ci/travis" context to be passing and only allow the engineers team merge +# to the branch. + +resource "github_branch_protection" "example" { + repository_id = github_repository.example.node_id + # also accepts repository name + # repository_id = github_repository.example.name + + pattern = "main" + enforce_admins = true + allows_deletions = true + + required_status_checks { + strict = false + contexts = ["ci/travis"] + } + + required_pull_request_reviews { + dismiss_stale_reviews = true + restrict_dismissals = true + dismissal_restrictions = [ + data.github_user.example.node_id, + github_team.example.node_id, + "/exampleuser", + "exampleorganization/exampleteam", + ] + } + + restrict_pushes { + push_allowances = [ + data.github_user.example.node_id, + "/exampleuser", + "exampleorganization/exampleteam", + # you can have more than one type of restriction (teams + users). If you use + # more than one type, you must use node_ids of each user and each team. + # github_team.example.node_id + # github_user.example-2.node_id + ] + } + + force_push_bypassers = [ + data.github_user.example.node_id, + "/exampleuser", + "exampleorganization/exampleteam", + # you can have more than one type of restriction (teams + users) + # github_team.example.node_id + # github_team.example-2.node_id + ] + +} + +resource "github_repository" "example" { + name = "test" +} + +data "github_user" "example" { + username = "example" +} + +resource "github_team" "example" { + name = "Example Name" +} + +resource "github_team_repository" "example" { + team_id = github_team.example.id + repository = github_repository.example.name + permission = "pull" +} diff --git a/examples/resources/branch_protection_v3/example_1.tf b/examples/resources/branch_protection_v3/example_1.tf new file mode 100644 index 0000000000..843d3cfba0 --- /dev/null +++ b/examples/resources/branch_protection_v3/example_1.tf @@ -0,0 +1,9 @@ +# Protect the main branch of the foo repository. Only allow a specific user to merge to the branch. +resource "github_branch_protection_v3" "example" { + repository = github_repository.example.name + branch = "main" + + restrictions { + users = ["foo-user"] + } +} diff --git a/examples/resources/branch_protection_v3/example_2.tf b/examples/resources/branch_protection_v3/example_2.tf new file mode 100644 index 0000000000..a8c4710298 --- /dev/null +++ b/examples/resources/branch_protection_v3/example_2.tf @@ -0,0 +1,49 @@ +# Protect the main branch of the foo repository. Additionally, require that +# the "ci/check" check ran by the Github Actions app is passing and only allow +# the engineers team merge to the branch. + +resource "github_branch_protection_v3" "example" { + repository = github_repository.example.name + branch = "main" + enforce_admins = true + + required_status_checks { + strict = false + checks = [ + "ci/check:824642007264" + ] + } + + required_pull_request_reviews { + dismiss_stale_reviews = true + dismissal_users = ["foo-user"] + dismissal_teams = [github_team.example.slug] + dismissal_app = ["foo-app"] + + bypass_pull_request_allowances { + users = ["foo-user"] + teams = [github_team.example.slug] + apps = ["foo-app"] + } + } + + restrictions { + users = ["foo-user"] + teams = [github_team.example.slug] + apps = ["foo-app"] + } +} + +resource "github_repository" "example" { + name = "example" +} + +resource "github_team" "example" { + name = "Example Name" +} + +resource "github_team_repository" "example" { + team_id = github_team.example.id + repository = github_repository.example.name + permission = "pull" +} diff --git a/examples/resources/codespaces_organization_secret/example_1.tf b/examples/resources/codespaces_organization_secret/example_1.tf new file mode 100644 index 0000000000..6b76567b33 --- /dev/null +++ b/examples/resources/codespaces_organization_secret/example_1.tf @@ -0,0 +1,11 @@ +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "private" + plaintext_value = var.some_secret_string +} + +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "private" + encrypted_value = var.some_encrypted_secret_string +} diff --git a/examples/resources/codespaces_organization_secret/example_2.tf b/examples/resources/codespaces_organization_secret/example_2.tf new file mode 100644 index 0000000000..684cb8cb9e --- /dev/null +++ b/examples/resources/codespaces_organization_secret/example_2.tf @@ -0,0 +1,17 @@ +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "selected" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_codespaces_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "selected" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} diff --git a/examples/resources/codespaces_organization_secret_repositories/example_1.tf b/examples/resources/codespaces_organization_secret_repositories/example_1.tf new file mode 100644 index 0000000000..b83685e60b --- /dev/null +++ b/examples/resources/codespaces_organization_secret_repositories/example_1.tf @@ -0,0 +1,8 @@ +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_codespaces_organization_secret_repositories" "org_secret_repos" { + secret_name = "existing_secret_name" + selected_repository_ids = [data.github_repository.repo.repo_id] +} diff --git a/examples/resources/codespaces_secret/example_1.tf b/examples/resources/codespaces_secret/example_1.tf new file mode 100644 index 0000000000..59d12cb3df --- /dev/null +++ b/examples/resources/codespaces_secret/example_1.tf @@ -0,0 +1,15 @@ +data "github_codespaces_public_key" "example_public_key" { + repository = "example_repository" +} + +resource "github_codespaces_secret" "example_secret" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string +} + +resource "github_codespaces_secret" "example_secret" { + repository = "example_repository" + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string +} diff --git a/examples/resources/codespaces_user_secret/example_1.tf b/examples/resources/codespaces_user_secret/example_1.tf new file mode 100644 index 0000000000..6cefaeec3f --- /dev/null +++ b/examples/resources/codespaces_user_secret/example_1.tf @@ -0,0 +1,15 @@ +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_codespaces_user_secret" "example_secret" { + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_codespaces_user_secret" "example_secret" { + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} diff --git a/examples/resources/dependabot_organization_secret/example_1.tf b/examples/resources/dependabot_organization_secret/example_1.tf new file mode 100644 index 0000000000..9cc517b0c7 --- /dev/null +++ b/examples/resources/dependabot_organization_secret/example_1.tf @@ -0,0 +1,11 @@ +resource "github_dependabot_organization_secret" "example_plaintext" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = var.some_secret_string +} + +resource "github_dependabot_organization_secret" "example_secret" { + secret_name = "example_secret_name" + visibility = "all" + encrypted_value = var.some_encrypted_secret_string +} diff --git a/examples/resources/dependabot_organization_secret/example_2.tf b/examples/resources/dependabot_organization_secret/example_2.tf new file mode 100644 index 0000000000..0007e67124 --- /dev/null +++ b/examples/resources/dependabot_organization_secret/example_2.tf @@ -0,0 +1,17 @@ +data "github_repository" "repo" { + full_name = "my-org/repo" +} + +resource "github_dependabot_organization_secret" "example_plaintext" { + secret_name = "example_secret_name" + visibility = "selected" + plaintext_value = var.some_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} + +resource "github_dependabot_organization_secret" "example_encrypted" { + secret_name = "example_secret_name" + visibility = "selected" + encrypted_value = var.some_encrypted_secret_string + selected_repository_ids = [data.github_repository.repo.repo_id] +} diff --git a/examples/resources/dependabot_organization_secret/example_3.tf b/examples/resources/dependabot_organization_secret/example_3.tf new file mode 100644 index 0000000000..7a5f176641 --- /dev/null +++ b/examples/resources/dependabot_organization_secret/example_3.tf @@ -0,0 +1,9 @@ +resource "github_dependabot_organization_secret" "example_allow_drift" { + secret_name = "example_secret_name" + visibility = "all" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} diff --git a/examples/resources/dependabot_organization_secret/example_4.tf b/examples/resources/dependabot_organization_secret/example_4.tf new file mode 100644 index 0000000000..efa9daac70 --- /dev/null +++ b/examples/resources/dependabot_organization_secret/example_4.tf @@ -0,0 +1,4 @@ +import { + to = github_dependabot_organization_secret.example + id = "mysecret" +} diff --git a/examples/resources/dependabot_organization_secret_repositories/example_1.tf b/examples/resources/dependabot_organization_secret_repositories/example_1.tf new file mode 100644 index 0000000000..b56a79c93b --- /dev/null +++ b/examples/resources/dependabot_organization_secret_repositories/example_1.tf @@ -0,0 +1,15 @@ +resource "github_dependabot_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_dependabot_organization_secret_repositories" "example" { + secret_name = github_dependabot_organization_secret.example.name + selected_repository_ids = [github_repository.example.repo_id] +} diff --git a/examples/resources/dependabot_organization_secret_repositories/example_2.tf b/examples/resources/dependabot_organization_secret_repositories/example_2.tf new file mode 100644 index 0000000000..aafc2ea494 --- /dev/null +++ b/examples/resources/dependabot_organization_secret_repositories/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_dependabot_organization_secret_repositories.example + id = "mysecret" +} diff --git a/examples/resources/dependabot_organization_secret_repository/example_1.tf b/examples/resources/dependabot_organization_secret_repository/example_1.tf new file mode 100644 index 0000000000..9158520069 --- /dev/null +++ b/examples/resources/dependabot_organization_secret_repository/example_1.tf @@ -0,0 +1,15 @@ +resource "github_dependabot_organization_secret" "example" { + secret_name = "mysecret" + plaintext_value = "foo" + visibility = "selected" +} + +resource "github_repository" "example" { + name = "myrepo" + visibility = "public" +} + +resource "github_dependabot_organization_secret_repository" "example" { + secret_name = github_dependabot_organization_secret.example.name + repository_id = github_repository.example.repo_id +} diff --git a/examples/resources/dependabot_organization_secret_repository/example_2.tf b/examples/resources/dependabot_organization_secret_repository/example_2.tf new file mode 100644 index 0000000000..3171f9f186 --- /dev/null +++ b/examples/resources/dependabot_organization_secret_repository/example_2.tf @@ -0,0 +1,4 @@ +import { + to = github_dependabot_organization_secret_repository.example + id = "mysecret:123456" +} diff --git a/examples/resources/dependabot_secret/example_1.tf b/examples/resources/dependabot_secret/example_1.tf new file mode 100644 index 0000000000..3641436753 --- /dev/null +++ b/examples/resources/dependabot_secret/example_1.tf @@ -0,0 +1,11 @@ +resource "github_dependabot_secret" "example_plaintext" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = var.some_secret_string +} + +resource "github_dependabot_secret" "example_encrypted" { + repository = "example_repository" + secret_name = "example_secret_name" + encrypted_value = var.some_encrypted_secret_string +} diff --git a/examples/resources/dependabot_secret/example_2.tf b/examples/resources/dependabot_secret/example_2.tf new file mode 100644 index 0000000000..7aac3f1e66 --- /dev/null +++ b/examples/resources/dependabot_secret/example_2.tf @@ -0,0 +1,9 @@ +resource "github_dependabot_secret" "example_allow_drift" { + repository = "example_repository" + secret_name = "example_secret_name" + plaintext_value = "placeholder" + + lifecycle { + ignore_changes = [remote_updated_at] + } +} diff --git a/examples/resources/dependabot_secret/example_3.tf b/examples/resources/dependabot_secret/example_3.tf new file mode 100644 index 0000000000..dc5642e41a --- /dev/null +++ b/examples/resources/dependabot_secret/example_3.tf @@ -0,0 +1,4 @@ +import { + to = github_dependabot_secret.example + id = "myrepo:mysecret" +} diff --git a/examples/resources/emu_group_mapping/example_1.tf b/examples/resources/emu_group_mapping/example_1.tf new file mode 100644 index 0000000000..535514a18c --- /dev/null +++ b/examples/resources/emu_group_mapping/example_1.tf @@ -0,0 +1,4 @@ +resource "github_emu_group_mapping" "example_emu_group_mapping" { + team_slug = "emu-test-team" # The GitHub team name to modify + group_id = 28836 # The group ID of the external group to link +} diff --git a/examples/resources/enterprise_actions_permissions/example_1.tf b/examples/resources/enterprise_actions_permissions/example_1.tf new file mode 100644 index 0000000000..1cf49e4907 --- /dev/null +++ b/examples/resources/enterprise_actions_permissions/example_1.tf @@ -0,0 +1,17 @@ +data "github_organization" "example-org" { + name = "my-org" +} + +resource "github_enterprise_actions_permissions" "test" { + enterprise_slug = "my-enterprise" + allowed_actions = "selected" + enabled_organizations = "selected" + allowed_actions_config { + github_owned_allowed = true + patterns_allowed = ["actions/cache@*", "actions/checkout@*"] + verified_allowed = true + } + enabled_organizations_config { + organization_ids = [data.github_organization.example-org.id] + } +} diff --git a/examples/resources/enterprise_actions_runner_group/example_1.tf b/examples/resources/enterprise_actions_runner_group/example_1.tf new file mode 100644 index 0000000000..165dd482d5 --- /dev/null +++ b/examples/resources/enterprise_actions_runner_group/example_1.tf @@ -0,0 +1,20 @@ +data "github_enterprise" "enterprise" { + slug = "my-enterprise" +} + +resource "github_enterprise_organization" "enterprise_organization" { + enterprise_id = data.github_enterprise.enterprise.id + name = "my-organization" + billing_email = "octocat@octo.cat" + admin_logins = ["octocat"] +} + +resource "github_enterprise_actions_runner_group" "example" { + name = "my-awesome-runner-group" + enterprise_slug = data.github_enterprise.enterprise.slug + allows_public_repositories = true + visibility = "selected" + selected_organization_ids = [github_enterprise_organization.enterprise_organization.database_id] + restricted_to_workflows = true + selected_workflows = ["my-organization/my-repo/.github/workflows/cool-workflow.yaml@refs/tags/v1"] +} diff --git a/examples/resources/enterprise_actions_workflow_permissions/example_1.tf b/examples/resources/enterprise_actions_workflow_permissions/example_1.tf new file mode 100644 index 0000000000..5c02e1a18c --- /dev/null +++ b/examples/resources/enterprise_actions_workflow_permissions/example_1.tf @@ -0,0 +1,15 @@ +# Basic workflow permissions configuration +resource "github_enterprise_actions_workflow_permissions" "example" { + enterprise_slug = "my-enterprise" + + default_workflow_permissions = "read" + can_approve_pull_request_reviews = false +} + +# Allow write permissions and PR approvals +resource "github_enterprise_actions_workflow_permissions" "permissive" { + enterprise_slug = "my-enterprise" + + default_workflow_permissions = "write" + can_approve_pull_request_reviews = true +} diff --git a/examples/resources/enterprise_security_analysis_settings/example_1.tf b/examples/resources/enterprise_security_analysis_settings/example_1.tf new file mode 100644 index 0000000000..e82f5414a7 --- /dev/null +++ b/examples/resources/enterprise_security_analysis_settings/example_1.tf @@ -0,0 +1,17 @@ +# Basic security settings - enable secret scanning only +resource "github_enterprise_security_analysis_settings" "basic" { + enterprise_slug = "my-enterprise" + + secret_scanning_enabled_for_new_repositories = true +} + +# Full security configuration with all features enabled +resource "github_enterprise_security_analysis_settings" "comprehensive" { + enterprise_slug = "my-enterprise" + + advanced_security_enabled_for_new_repositories = true + secret_scanning_enabled_for_new_repositories = true + secret_scanning_push_protection_enabled_for_new_repositories = true + secret_scanning_validity_checks_enabled = true + secret_scanning_push_protection_custom_link = "https://octokit.com/security-guidelines" +} diff --git a/examples/resources/issue/example_1.tf b/examples/resources/issue/example_1.tf new file mode 100644 index 0000000000..35431162c6 --- /dev/null +++ b/examples/resources/issue/example_1.tf @@ -0,0 +1,12 @@ +# Create a simple issue +resource "github_repository" "test" { + name = "tf-acc-test-%s" + auto_init = true + has_issues = true +} + +resource "github_issue" "test" { + repository = github_repository.test.name + title = "My issue title" + body = "The body of my issue" +} diff --git a/examples/resources/issue/example_2.tf b/examples/resources/issue/example_2.tf new file mode 100644 index 0000000000..fc4ddcec69 --- /dev/null +++ b/examples/resources/issue/example_2.tf @@ -0,0 +1,24 @@ +# Create an issue with milestone and project assignment +resource "github_repository" "test" { + name = "tf-acc-test-%s" + auto_init = true + has_issues = true +} + +resource "github_repository_milestone" "test" { + owner = split("/", "${github_repository.test.full_name}")[0] + repository = github_repository.test.name + title = "v1.0.0" + description = "General Availability" + due_date = "2022-11-22" + state = "open" +} + +resource "github_issue" "test" { + repository = github_repository.test.name + title = "My issue" + body = "My issue body" + labels = ["bug", "documentation"] + assignees = ["bob-github"] + milestone_number = github_repository_milestone.test.number +} diff --git a/examples/resources/issue_label/example_1.tf b/examples/resources/issue_label/example_1.tf new file mode 100644 index 0000000000..4610cf8fc5 --- /dev/null +++ b/examples/resources/issue_label/example_1.tf @@ -0,0 +1,6 @@ +# Create a new, red colored label +resource "github_issue_label" "test_repo" { + repository = "test-repo" + name = "Urgent" + color = "FF0000" +} diff --git a/examples/resources/issue_labels/example_1.tf b/examples/resources/issue_labels/example_1.tf new file mode 100644 index 0000000000..dd9ea9236c --- /dev/null +++ b/examples/resources/issue_labels/example_1.tf @@ -0,0 +1,14 @@ +# Create a new, red colored label +resource "github_issue_labels" "test_repo" { + repository = "test-repo" + + label { + name = "Urgent" + color = "FF0000" + } + + label { + name = "Critical" + color = "FF0000" + } +} diff --git a/examples/resources/membership/example_1.tf b/examples/resources/membership/example_1.tf new file mode 100644 index 0000000000..ffc6e358ee --- /dev/null +++ b/examples/resources/membership/example_1.tf @@ -0,0 +1,5 @@ +# Add a user to the organization +resource "github_membership" "membership_for_some_user" { + username = "SomeUser" + role = "member" +} diff --git a/examples/resources/organization_block/example_1.tf b/examples/resources/organization_block/example_1.tf new file mode 100644 index 0000000000..0b8af6fafe --- /dev/null +++ b/examples/resources/organization_block/example_1.tf @@ -0,0 +1,3 @@ +resource "github_organization_block" "example" { + username = "paultyng" +} diff --git a/examples/resources/organization_custom_properties/example_1.tf b/examples/resources/organization_custom_properties/example_1.tf new file mode 100644 index 0000000000..f30a8ca52d --- /dev/null +++ b/examples/resources/organization_custom_properties/example_1.tf @@ -0,0 +1,12 @@ +resource "github_organization_custom_properties" "environment" { + property_name = "environment" + value_type = "single_select" + required = true + description = "The deployment environment for this repository" + default_value = "development" + allowed_values = [ + "development", + "staging", + "production" + ] +} diff --git a/examples/resources/organization_custom_properties/example_2.tf b/examples/resources/organization_custom_properties/example_2.tf new file mode 100644 index 0000000000..98ee261a19 --- /dev/null +++ b/examples/resources/organization_custom_properties/example_2.tf @@ -0,0 +1,7 @@ +resource "github_organization_custom_properties" "team_contact" { + property_name = "team_contact" + value_type = "string" + required = false + description = "Contact information for the team managing this repository" + values_editable_by = "org_and_repo_actors" +} diff --git a/examples/resources/organization_custom_properties/example_3.tf b/examples/resources/organization_custom_properties/example_3.tf new file mode 100644 index 0000000000..569bc0a24f --- /dev/null +++ b/examples/resources/organization_custom_properties/example_3.tf @@ -0,0 +1,6 @@ +resource "github_organization_custom_properties" "owner" { + property_name = "owner" + value_type = "string" + required = true + description = "The team or individual responsible for this repository" +} diff --git a/examples/resources/organization_custom_properties/example_4.tf b/examples/resources/organization_custom_properties/example_4.tf new file mode 100644 index 0000000000..cf449c4d54 --- /dev/null +++ b/examples/resources/organization_custom_properties/example_4.tf @@ -0,0 +1,7 @@ +resource "github_organization_custom_properties" "archived" { + property_name = "archived" + value_type = "true_false" + required = false + description = "Whether this repository is archived" + default_value = "false" +} diff --git a/examples/resources/organization_custom_role/example_1.tf b/examples/resources/organization_custom_role/example_1.tf new file mode 100644 index 0000000000..ea2ab6854a --- /dev/null +++ b/examples/resources/organization_custom_role/example_1.tf @@ -0,0 +1,26 @@ +resource "github_organization_custom_role" "example" { + name = "example" + description = "Example custom role that uses the read role as its base" + base_role = "read" + permissions = [ + "add_assignee", + "add_label", + "bypass_branch_protection", + "close_issue", + "close_pull_request", + "mark_as_duplicate", + "create_tag", + "delete_issue", + "delete_tag", + "manage_deploy_keys", + "push_protected_branch", + "read_code_scanning", + "reopen_issue", + "reopen_pull_request", + "request_pr_review", + "resolve_dependabot_alerts", + "resolve_secret_scanning_alerts", + "view_secret_scanning_alerts", + "write_code_scanning" + ] +} diff --git a/examples/resources/organization_project/example_1.tf b/examples/resources/organization_project/example_1.tf new file mode 100644 index 0000000000..d758491b32 --- /dev/null +++ b/examples/resources/organization_project/example_1.tf @@ -0,0 +1,4 @@ +resource "github_organization_project" "project" { + name = "A Organization Project" + body = "This is a organization project." +} diff --git a/examples/resources/organization_repository_role/example_1.tf b/examples/resources/organization_repository_role/example_1.tf new file mode 100644 index 0000000000..62905b7e26 --- /dev/null +++ b/examples/resources/organization_repository_role/example_1.tf @@ -0,0 +1,9 @@ +resource "github_organization_repository_role" "example" { + name = "example" + base_role = "read" + + permissions = [ + "add_assignee", + "add_label" + ] +} diff --git a/examples/resources/organization_role/example_1.tf b/examples/resources/organization_role/example_1.tf new file mode 100644 index 0000000000..a9d7605c62 --- /dev/null +++ b/examples/resources/organization_role/example_1.tf @@ -0,0 +1,9 @@ +resource "github_organization_role" "example" { + name = "example" + base_role = "read" + + permissions = [ + "read_organization_custom_org_role", + "read_organization_custom_repo_role" + ] +} diff --git a/examples/resources/organization_role_team/example_1.tf b/examples/resources/organization_role_team/example_1.tf new file mode 100644 index 0000000000..1b8f396be3 --- /dev/null +++ b/examples/resources/organization_role_team/example_1.tf @@ -0,0 +1,4 @@ +resource "github_organization_role_team" "example" { + role_id = 1234 + team_slug = "example-team" +} diff --git a/examples/resources/organization_role_team_assignment/example_1.tf b/examples/resources/organization_role_team_assignment/example_1.tf new file mode 100644 index 0000000000..8331e100b9 --- /dev/null +++ b/examples/resources/organization_role_team_assignment/example_1.tf @@ -0,0 +1,8 @@ +resource "github_team" "test-team" { + name = "test-team" +} + +resource "github_organization_role_team_assignment" "test-team-role-assignment" { + team_slug = github_team.test-team.slug + role_id = "8132" # all_repo_read (predefined) +} diff --git a/examples/resources/organization_role_user/example_1.tf b/examples/resources/organization_role_user/example_1.tf new file mode 100644 index 0000000000..743929075a --- /dev/null +++ b/examples/resources/organization_role_user/example_1.tf @@ -0,0 +1,4 @@ +resource "github_organization_role_user" "example" { + role_id = 1234 + login = "example-user" +} diff --git a/examples/resources/organization_ruleset/example_1.tf b/examples/resources/organization_ruleset/example_1.tf new file mode 100644 index 0000000000..5a5ac17bdd --- /dev/null +++ b/examples/resources/organization_ruleset/example_1.tf @@ -0,0 +1,85 @@ +resource "github_organization_ruleset" "example" { + name = "example" + target = "branch" + enforcement = "active" + + conditions { + ref_name { + include = ["~ALL"] + exclude = [] + } + } + + bypass_actors { + actor_id = 13473 + actor_type = "Integration" + bypass_mode = "always" + } + + rules { + creation = true + update = true + deletion = true + required_linear_history = true + required_signatures = true + + branch_name_pattern { + name = "example" + negate = false + operator = "starts_with" + pattern = "ex" + } + + required_workflows { + do_not_enforce_on_create = true + required_workflow { + repository_id = 1234 + path = ".github/workflows/ci.yml" + ref = "main" + } + } + + required_code_scanning { + required_code_scanning_tool { + alerts_threshold = "errors" + security_alerts_threshold = "high_or_higher" + tool = "CodeQL" + } + } + } +} + +# Example with push ruleset +# Note: Push targets must NOT have ref_name in conditions, only repository_name or repository_id +resource "github_organization_ruleset" "example_push" { + name = "example_push" + target = "push" + enforcement = "active" + + conditions { + repository_name { + include = ["~ALL"] + exclude = [] + } + } + + rules { + # Push targets only support these rules: + # file_path_restriction, max_file_size, max_file_path_length, file_extension_restriction + file_path_restriction { + restricted_file_paths = [".github/workflows/*", "*.env"] + } + + max_file_size { + max_file_size = 100 # 100 MB + } + + max_file_path_length { + max_file_path_length = 255 + } + + file_extension_restriction { + restricted_file_extensions = ["*.exe", "*.dll", "*.so"] + } + } +} diff --git a/examples/resources/organization_security_manager/example_1.tf b/examples/resources/organization_security_manager/example_1.tf new file mode 100644 index 0000000000..17b2487944 --- /dev/null +++ b/examples/resources/organization_security_manager/example_1.tf @@ -0,0 +1,8 @@ +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_organization_security_manager" "some_team" { + team_slug = github_team.some_team.slug +} diff --git a/examples/resources/organization_settings/example_1.tf b/examples/resources/organization_settings/example_1.tf new file mode 100644 index 0000000000..1dab26f0ab --- /dev/null +++ b/examples/resources/organization_settings/example_1.tf @@ -0,0 +1,28 @@ +resource "github_organization_settings" "test" { + billing_email = "test@example.com" + company = "Test Company" + blog = "https://example.com" + email = "test@example.com" + twitter_username = "Test" + location = "Test Location" + name = "Test Name" + description = "Test Description" + has_organization_projects = true + has_repository_projects = true + default_repository_permission = "read" + members_can_create_repositories = true + members_can_create_public_repositories = true + members_can_create_private_repositories = true + members_can_create_internal_repositories = true + members_can_create_pages = true + members_can_create_public_pages = true + members_can_create_private_pages = true + members_can_fork_private_repositories = true + web_commit_signoff_required = true + advanced_security_enabled_for_new_repositories = false + dependabot_alerts_enabled_for_new_repositories = false + dependabot_security_updates_enabled_for_new_repositories = false + dependency_graph_enabled_for_new_repositories = false + secret_scanning_enabled_for_new_repositories = false + secret_scanning_push_protection_enabled_for_new_repositories = false +} diff --git a/examples/resources/organization_webhook/example_1.tf b/examples/resources/organization_webhook/example_1.tf new file mode 100644 index 0000000000..71142bc08d --- /dev/null +++ b/examples/resources/organization_webhook/example_1.tf @@ -0,0 +1,13 @@ +resource "github_organization_webhook" "foo" { + name = "web" + + configuration { + url = "https://google.de/" + content_type = "form" + insecure_ssl = false + } + + active = false + + events = ["issues"] +} diff --git a/examples/resources/project_card/example_1.tf b/examples/resources/project_card/example_1.tf new file mode 100644 index 0000000000..173cf7856b --- /dev/null +++ b/examples/resources/project_card/example_1.tf @@ -0,0 +1,14 @@ +resource "github_organization_project" "project" { + name = "An Organization Project" + body = "This is an organization project." +} + +resource "github_project_column" "column" { + project_id = github_organization_project.project.id + name = "Backlog" +} + +resource "github_project_card" "card" { + column_id = github_project_column.column.column_id + note = "## Unaccepted 👇" +} diff --git a/examples/resources/project_card/example_2.tf b/examples/resources/project_card/example_2.tf new file mode 100644 index 0000000000..91c5c6129a --- /dev/null +++ b/examples/resources/project_card/example_2.tf @@ -0,0 +1,28 @@ +resource "github_repository" "test" { + name = "myrepo" + has_projects = true + has_issues = true +} + +resource "github_issue" "test" { + repository = github_repository.test.id + title = "Test issue title" + body = "Test issue body" +} + +resource "github_repository_project" "test" { + name = "test" + repository = github_repository.test.name + body = "this is a test project" +} + +resource "github_project_column" "test" { + project_id = github_repository_project.test.id + name = "Backlog" +} + +resource "github_project_card" "test" { + column_id = github_project_column.test.column_id + content_id = github_issue.test.issue_id + content_type = "Issue" +} diff --git a/examples/resources/project_column/example_1.tf b/examples/resources/project_column/example_1.tf new file mode 100644 index 0000000000..ecdf9bfb83 --- /dev/null +++ b/examples/resources/project_column/example_1.tf @@ -0,0 +1,9 @@ +resource "github_organization_project" "project" { + name = "A Organization Project" + body = "This is an organization project." +} + +resource "github_project_column" "column" { + project_id = github_organization_project.project.id + name = "a column" +} diff --git a/examples/resources/release/example_1.tf b/examples/resources/release/example_1.tf new file mode 100644 index 0000000000..2b2372444f --- /dev/null +++ b/examples/resources/release/example_1.tf @@ -0,0 +1,11 @@ +resource "github_repository" "repo" { + name = "repo" + description = "GitHub repo managed by Terraform" + + private = false +} + +resource "github_release" "example" { + repository = github_repository.repo.name + tag_name = "v1.0.0" +} diff --git a/examples/resources/release/example_2.tf b/examples/resources/release/example_2.tf new file mode 100644 index 0000000000..8ae9659c58 --- /dev/null +++ b/examples/resources/release/example_2.tf @@ -0,0 +1,18 @@ +resource "github_repository" "example" { + name = "repo" + auto_init = true +} + +resource "github_branch" "example" { + repository = github_repository.example.name + branch = "branch_name" + source_branch = github_repository.example.default_branch +} + +resource "github_release" "example" { + repository = github_repository.example.name + tag_name = "v1.0.0" + target_commitish = github_branch.example.branch + draft = false + prerelease = false +} diff --git a/examples/resources/repository/example_1.tf b/examples/resources/repository/example_1.tf new file mode 100644 index 0000000000..5d87ccdfa8 --- /dev/null +++ b/examples/resources/repository/example_1.tf @@ -0,0 +1,12 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + + visibility = "public" + + template { + owner = "github" + repository = "terraform-template-module" + include_all_branches = true + } +} diff --git a/examples/resources/repository/example_2.tf b/examples/resources/repository/example_2.tf new file mode 100644 index 0000000000..fcf599b252 --- /dev/null +++ b/examples/resources/repository/example_2.tf @@ -0,0 +1,13 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome web page" + + private = false + + pages { + source { + branch = "master" + path = "/docs" + } + } +} diff --git a/examples/resources/repository/example_3.tf b/examples/resources/repository/example_3.tf new file mode 100644 index 0000000000..b2e9f0b7a9 --- /dev/null +++ b/examples/resources/repository/example_3.tf @@ -0,0 +1,7 @@ +resource "github_repository" "forked_repo" { + name = "forked-repository" + description = "This is a fork of another repository" + fork = true + source_owner = "some-org" + source_repo = "original-repository" +} diff --git a/examples/resources/repository_autolink_reference/example_1.tf b/examples/resources/repository_autolink_reference/example_1.tf new file mode 100644 index 0000000000..13b723b3bc --- /dev/null +++ b/examples/resources/repository_autolink_reference/example_1.tf @@ -0,0 +1,14 @@ +resource "github_repository" "repo" { + name = "my-repo" + description = "GitHub repo managed by Terraform" + + private = false +} + +resource "github_repository_autolink_reference" "autolink" { + repository = github_repository.repo.name + + key_prefix = "TICKET-" + + target_url_template = "https://example.com/TICKET?query=" +} diff --git a/examples/resources/repository_collaborator/example_1.tf b/examples/resources/repository_collaborator/example_1.tf new file mode 100644 index 0000000000..8aa3a72428 --- /dev/null +++ b/examples/resources/repository_collaborator/example_1.tf @@ -0,0 +1,6 @@ +# Add a collaborator to a repository +resource "github_repository_collaborator" "a_repo_collaborator" { + repository = "our-cool-repo" + username = "SomeUser" + permission = "admin" +} diff --git a/examples/resources/repository_collaborators/example_1.tf b/examples/resources/repository_collaborators/example_1.tf new file mode 100644 index 0000000000..2c23d503aa --- /dev/null +++ b/examples/resources/repository_collaborators/example_1.tf @@ -0,0 +1,23 @@ +# Add collaborators to a repository +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_repository_collaborators" "some_repo_collaborators" { + repository = github_repository.some_repo.name + + user { + permission = "admin" + username = "SomeUser" + } + + team { + permission = "pull" + team_id = github_team.some_team.slug + } +} diff --git a/examples/resources/repository_custom_property/example_1.tf b/examples/resources/repository_custom_property/example_1.tf new file mode 100644 index 0000000000..be5eb8fb8c --- /dev/null +++ b/examples/resources/repository_custom_property/example_1.tf @@ -0,0 +1,10 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" +} +resource "github_repository_custom_property" "string" { + repository = github_repository.example.name + property_name = "my-cool-property" + property_type = "string" + property_value = ["test"] +} diff --git a/examples/resources/repository_dependabot_security_updates/example_1.tf b/examples/resources/repository_dependabot_security_updates/example_1.tf new file mode 100644 index 0000000000..894bd1b753 --- /dev/null +++ b/examples/resources/repository_dependabot_security_updates/example_1.tf @@ -0,0 +1,14 @@ +resource "github_repository" "repo" { + name = "my-repo" + description = "GitHub repo managed by Terraform" + + private = false + + vulnerability_alerts = true +} + + +resource "github_repository_dependabot_security_updates" "example" { + repository = github_repository.test.name + enabled = true +} diff --git a/examples/resources/repository_deploy_key/example_1.tf b/examples/resources/repository_deploy_key/example_1.tf new file mode 100644 index 0000000000..2bf08c4167 --- /dev/null +++ b/examples/resources/repository_deploy_key/example_1.tf @@ -0,0 +1,12 @@ +# Generate an ssh key using provider "hashicorp/tls" +resource "tls_private_key" "example_repository_deploy_key" { + algorithm = "ED25519" +} + +# Add the ssh key as a deploy key +resource "github_repository_deploy_key" "example_repository_deploy_key" { + title = "Repository test key" + repository = "test-repo" + key = tls_private_key.example_repository_deploy_key.public_key_openssh + read_only = true +} diff --git a/examples/resources/repository_deployment_branch_policy/example_1.tf b/examples/resources/repository_deployment_branch_policy/example_1.tf new file mode 100644 index 0000000000..ae13bf3be7 --- /dev/null +++ b/examples/resources/repository_deployment_branch_policy/example_1.tf @@ -0,0 +1,16 @@ +resource "github_repository_environment" "env" { + repository = "my_repo" + environment = "my_env" + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_deployment_branch_policy" "foo" { + depends_on = [github_repository_environment.env] + + repository = "my_repo" + environment_name = "my_env" + name = "foo" +} diff --git a/examples/resources/repository_environment/example_1.tf b/examples/resources/repository_environment/example_1.tf new file mode 100644 index 0000000000..fa22218d71 --- /dev/null +++ b/examples/resources/repository_environment/example_1.tf @@ -0,0 +1,21 @@ +data "github_user" "current" { + username = "" +} + +resource "github_repository" "example" { + name = "A Repository Project" + description = "My awesome codebase" +} + +resource "github_repository_environment" "example" { + environment = "example" + repository = github_repository.example.name + prevent_self_review = true + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = true + custom_branch_policies = false + } +} diff --git a/examples/resources/repository_environment_deployment_policy/example_1.tf b/examples/resources/repository_environment_deployment_policy/example_1.tf new file mode 100644 index 0000000000..bdf98f28eb --- /dev/null +++ b/examples/resources/repository_environment_deployment_policy/example_1.tf @@ -0,0 +1,26 @@ +data "github_user" "current" { + username = "" +} + +resource "github_repository" "test" { + name = "tf-acc-test-%s" +} + +resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + branch_pattern = "releases/*" +} diff --git a/examples/resources/repository_environment_deployment_policy/example_2.tf b/examples/resources/repository_environment_deployment_policy/example_2.tf new file mode 100644 index 0000000000..c5e33b9f02 --- /dev/null +++ b/examples/resources/repository_environment_deployment_policy/example_2.tf @@ -0,0 +1,27 @@ + +data "github_user" "current" { + username = "" +} + +resource "github_repository" "test" { + name = "tf-acc-test-%s" +} + +resource "github_repository_environment" "test" { + repository = github_repository.test.name + environment = "environment/test" + wait_timer = 10000 + reviewers { + users = [data.github_user.current.id] + } + deployment_branch_policy { + protected_branches = false + custom_branch_policies = true + } +} + +resource "github_repository_environment_deployment_policy" "test" { + repository = github_repository.test.name + environment = github_repository_environment.test.environment + tag_pattern = "v*" +} diff --git a/examples/resources/repository_file/example_1.tf b/examples/resources/repository_file/example_1.tf new file mode 100644 index 0000000000..8fda073871 --- /dev/null +++ b/examples/resources/repository_file/example_1.tf @@ -0,0 +1,17 @@ + +resource "github_repository" "foo" { + name = "example" + auto_init = true +} + +resource "github_repository_file" "foo" { + repository = github_repository.foo.name + branch = "main" + file = ".gitignore" + content = "**/*.tfstate" + commit_message = "Managed by Terraform" + commit_author = "Terraform User" + commit_email = "terraform@example.com" + overwrite_on_create = true +} + diff --git a/examples/resources/repository_file/example_2.tf b/examples/resources/repository_file/example_2.tf new file mode 100644 index 0000000000..0cd472fba5 --- /dev/null +++ b/examples/resources/repository_file/example_2.tf @@ -0,0 +1,18 @@ + +resource "github_repository" "foo" { + name = "example" + auto_init = true +} + +resource "github_repository_file" "foo" { + repository = github_repository.foo.name + branch = "does/not/exist" + file = ".gitignore" + content = "**/*.tfstate" + commit_message = "Managed by Terraform" + commit_author = "Terraform User" + commit_email = "terraform@example.com" + overwrite_on_create = true + autocreate_branch = true +} + diff --git a/examples/resources/repository_milestone/example_1.tf b/examples/resources/repository_milestone/example_1.tf new file mode 100644 index 0000000000..7d15cf570a --- /dev/null +++ b/examples/resources/repository_milestone/example_1.tf @@ -0,0 +1,6 @@ +# Create a milestone for a repository +resource "github_repository_milestone" "example" { + owner = "example-owner" + repository = "example-repository" + title = "v1.1.0" +} diff --git a/examples/resources/repository_project/example_1.tf b/examples/resources/repository_project/example_1.tf new file mode 100644 index 0000000000..753d08d18a --- /dev/null +++ b/examples/resources/repository_project/example_1.tf @@ -0,0 +1,11 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + has_projects = true +} + +resource "github_repository_project" "project" { + name = "A Repository Project" + repository = github_repository.example.name + body = "This is a repository project." +} diff --git a/examples/resources/repository_pull_request/example_1.tf b/examples/resources/repository_pull_request/example_1.tf new file mode 100644 index 0000000000..539f7ed4b8 --- /dev/null +++ b/examples/resources/repository_pull_request/example_1.tf @@ -0,0 +1,7 @@ +resource "github_repository_pull_request" "example" { + base_repository = "example-repository" + base_ref = "main" + head_ref = "feature-branch" + title = "My newest feature" + body = "This will change everything" +} diff --git a/examples/resources/repository_ruleset/example_1.tf b/examples/resources/repository_ruleset/example_1.tf new file mode 100644 index 0000000000..f8c018146f --- /dev/null +++ b/examples/resources/repository_ruleset/example_1.tf @@ -0,0 +1,70 @@ +resource "github_repository" "example" { + name = "example" + description = "Example repository" +} + +resource "github_repository_ruleset" "example" { + name = "example" + repository = github_repository.example.name + target = "branch" + enforcement = "active" + + conditions { + ref_name { + include = ["~ALL"] + exclude = [] + } + } + + bypass_actors { + actor_id = 13473 + actor_type = "Integration" + bypass_mode = "always" + } + + rules { + creation = true + update = true + deletion = true + required_linear_history = true + required_signatures = true + + required_deployments { + required_deployment_environments = ["test"] + } + + required_code_scanning { + required_code_scanning_tool { + alerts_threshold = "errors" + security_alerts_threshold = "high_or_higher" + tool = "CodeQL" + } + } + } +} + +# Example with push ruleset +resource "github_repository_ruleset" "example_push" { + name = "example_push" + repository = github_repository.example.name + target = "push" + enforcement = "active" + + rules { + file_path_restriction { + restricted_file_paths = [".github/workflows/*", "*.env"] + } + + max_file_size { + max_file_size = 100 # 100 MB + } + + max_file_path_length { + max_file_path_length = 255 + } + + file_extension_restriction { + restricted_file_extensions = ["*.exe", "*.dll", "*.so"] + } + } +} diff --git a/examples/resources/repository_topics/example_1.tf b/examples/resources/repository_topics/example_1.tf new file mode 100644 index 0000000000..53b9533089 --- /dev/null +++ b/examples/resources/repository_topics/example_1.tf @@ -0,0 +1,8 @@ +data "github_repository" "test" { + name = "test" +} + +resource "github_repository_topics" "test" { + repository = github_repository.test.name + topics = ["topic-1", "topic-2"] +} diff --git a/examples/resources/repository_webhook/example_1.tf b/examples/resources/repository_webhook/example_1.tf new file mode 100644 index 0000000000..07ce862c9e --- /dev/null +++ b/examples/resources/repository_webhook/example_1.tf @@ -0,0 +1,21 @@ +resource "github_repository" "repo" { + name = "foo" + description = "Terraform acceptance tests" + homepage_url = "http://example.com/" + + visibility = "public" +} + +resource "github_repository_webhook" "foo" { + repository = github_repository.repo.name + + configuration { + url = "https://google.de/" + content_type = "form" + insecure_ssl = false + } + + active = false + + events = ["issues"] +} diff --git a/examples/resources/team/example_1.tf b/examples/resources/team/example_1.tf new file mode 100644 index 0000000000..6c0ed30c98 --- /dev/null +++ b/examples/resources/team/example_1.tf @@ -0,0 +1,6 @@ +# Add a team to the organization +resource "github_team" "some_team" { + name = "some-team" + description = "Some cool team" + privacy = "closed" +} diff --git a/examples/resources/team_members/example_1.tf b/examples/resources/team_members/example_1.tf new file mode 100644 index 0000000000..cb46d6d340 --- /dev/null +++ b/examples/resources/team_members/example_1.tf @@ -0,0 +1,29 @@ +# Add a user to the organization +resource "github_membership" "membership_for_some_user" { + username = "SomeUser" + role = "member" +} + +resource "github_membership" "membership_for_another_user" { + username = "AnotherUser" + role = "member" +} + +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_team_members" "some_team_members" { + team_id = github_team.some_team.id + + members { + username = "SomeUser" + role = "maintainer" + } + + members { + username = "AnotherUser" + role = "member" + } +} diff --git a/examples/resources/team_membership/example_1.tf b/examples/resources/team_membership/example_1.tf new file mode 100644 index 0000000000..c96a4d2c38 --- /dev/null +++ b/examples/resources/team_membership/example_1.tf @@ -0,0 +1,16 @@ +# Add a user to the organization +resource "github_membership" "membership_for_some_user" { + username = "SomeUser" + role = "member" +} + +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_team_membership" "some_team_membership" { + team_id = github_team.some_team.id + username = "SomeUser" + role = "member" +} diff --git a/examples/resources/team_repository/example_1.tf b/examples/resources/team_repository/example_1.tf new file mode 100644 index 0000000000..c2276ec830 --- /dev/null +++ b/examples/resources/team_repository/example_1.tf @@ -0,0 +1,15 @@ +# Add a repository to the team +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_repository" "some_repo" { + name = "some-repo" +} + +resource "github_team_repository" "some_team_repo" { + team_id = github_team.some_team.id + repository = github_repository.some_repo.name + permission = "pull" +} diff --git a/examples/resources/team_settings/example_1.tf b/examples/resources/team_settings/example_1.tf new file mode 100644 index 0000000000..a90d4aca25 --- /dev/null +++ b/examples/resources/team_settings/example_1.tf @@ -0,0 +1,14 @@ +# Add a repository to the team +resource "github_team" "some_team" { + name = "SomeTeam" + description = "Some cool team" +} + +resource "github_team_settings" "code_review_settings" { + team_id = github_team.some_team.id + review_request_delegation { + algorithm = "ROUND_ROBIN" + member_count = 1 + notify = true + } +} diff --git a/examples/resources/team_sync_group_mapping/example_1.tf b/examples/resources/team_sync_group_mapping/example_1.tf new file mode 100644 index 0000000000..5c8c175704 --- /dev/null +++ b/examples/resources/team_sync_group_mapping/example_1.tf @@ -0,0 +1,15 @@ + +data "github_organization_team_sync_groups" "example_groups" {} + +resource "github_team_sync_group_mapping" "example_group_mapping" { + team_slug = "example" + + dynamic "group" { + for_each = [for g in data.github_organization_team_sync_groups.example_groups.groups : g if g.group_name == "some_team_group"] + content { + group_id = group.value.group_id + group_name = group.value.group_name + group_description = group.value.group_description + } + } +} diff --git a/examples/resources/user_gpg_key/example_1.tf b/examples/resources/user_gpg_key/example_1.tf new file mode 100644 index 0000000000..3b3165f269 --- /dev/null +++ b/examples/resources/user_gpg_key/example_1.tf @@ -0,0 +1,3 @@ +resource "github_user_gpg_key" "example" { + armored_public_key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n...\n-----END PGP PUBLIC KEY BLOCK-----" +} diff --git a/examples/resources/user_invitation_accepter/example_1.tf b/examples/resources/user_invitation_accepter/example_1.tf new file mode 100644 index 0000000000..eaf70ea04e --- /dev/null +++ b/examples/resources/user_invitation_accepter/example_1.tf @@ -0,0 +1,19 @@ +resource "github_repository" "example" { + name = "example-repo" +} + +resource "github_repository_collaborator" "example" { + repository = github_repository.example.name + username = "example-username" + permission = "push" +} + +provider "github" { + alias = "invitee" + token = var.invitee_token +} + +resource "github_user_invitation_accepter" "example" { + provider = "github.invitee" + invitation_id = github_repository_collaborator.example.invitation_id +} diff --git a/examples/resources/user_ssh_key/example_1.tf b/examples/resources/user_ssh_key/example_1.tf new file mode 100644 index 0000000000..d6d3f5d702 --- /dev/null +++ b/examples/resources/user_ssh_key/example_1.tf @@ -0,0 +1,4 @@ +resource "github_user_ssh_key" "example" { + title = "example title" + key = file("~/.ssh/id_rsa.pub") +} diff --git a/examples/resources/workflow_repository_permissions/example_1.tf b/examples/resources/workflow_repository_permissions/example_1.tf new file mode 100644 index 0000000000..3ef762c6b1 --- /dev/null +++ b/examples/resources/workflow_repository_permissions/example_1.tf @@ -0,0 +1,9 @@ +resource "github_repository" "example" { + name = "my-repository" +} + +resource "github_workflow_repository_permissions" "test" { + default_workflow_permissions = "read" + can_approve_pull_request_reviews = true + repository = github_repository.example.name +} diff --git a/examples/secret-drifting/main.tf b/examples/secret-drifting/main.tf index b228efccf2..83fd11804b 100644 --- a/examples/secret-drifting/main.tf +++ b/examples/secret-drifting/main.tf @@ -4,15 +4,15 @@ provider "github" { terraform { required_providers { github = { - source = "integrations/github" + source = "integrations/github" } } } resource "github_actions_organization_secret" "plaintext_secret" { - secret_name = "test_plaintext_secret" - plaintext_value = "123" - visibility = "private" + secret_name = "test_plaintext_secret" + plaintext_value = "123" + visibility = "private" } resource "github_actions_organization_secret" "encrypted_secret" { diff --git a/github/test-fixtures/README.md b/github/test-fixtures/README.md index 874f61a31a..e55c27fed7 100644 --- a/github/test-fixtures/README.md +++ b/github/test-fixtures/README.md @@ -1,4 +1,4 @@ -# Hi fellow bots and humans :wave: +# Hi fellow bots and humans :wave If you're about to panic about leaked private keys, then please don't. These are purposefully exposed cryptographic materials used in tests of diff --git a/go.mod b/go.mod index 37688eb484..c173418fbb 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/integrations/terraform-provider-github/v6 -go 1.24.4 +go 1.24.0 require ( github.com/go-jose/go-jose/v3 v3.0.4 @@ -16,15 +16,25 @@ require ( ) require ( + github.com/BurntSushi/toml v1.5.0 // indirect + github.com/Kunde21/markdownfmt/v3 v3.1.0 // indirect + github.com/Masterminds/goutils v1.1.1 // indirect + github.com/Masterminds/semver/v3 v3.4.0 // indirect + github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/ProtonMail/go-crypto v1.1.6 // indirect github.com/agext/levenshtein v1.2.2 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect + github.com/armon/go-radix v1.0.0 // indirect + github.com/bgentry/speakeasy v0.1.0 // indirect + github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect + github.com/client9/misspell v0.3.4 // indirect github.com/cloudflare/circl v1.6.1 // indirect github.com/fatih/color v1.18.0 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-querystring v1.2.0 // indirect - github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/cli v1.1.7 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-checkpoint v0.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect @@ -38,24 +48,36 @@ require ( github.com/hashicorp/logutils v1.0.0 // indirect github.com/hashicorp/terraform-exec v0.24.0 // indirect github.com/hashicorp/terraform-json v0.27.2 // indirect + github.com/hashicorp/terraform-plugin-docs v0.24.0 // indirect github.com/hashicorp/terraform-plugin-go v0.29.0 // indirect github.com/hashicorp/terraform-registry-address v0.4.0 // indirect github.com/hashicorp/terraform-svchost v0.1.1 // indirect github.com/hashicorp/yamux v0.1.2 // indirect - github.com/kr/text v0.2.0 // indirect + github.com/huandu/xstrings v1.3.3 // indirect + github.com/imdario/mergo v0.3.15 // indirect github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-runewidth v0.0.16 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/oklog/run v1.1.0 // indirect + github.com/posener/complete v1.2.3 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/shopspring/decimal v1.3.1 // indirect github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 // indirect + github.com/spf13/cast v1.5.0 // indirect + github.com/stretchr/testify v1.11.1 // indirect github.com/vmihailenco/msgpack v4.0.4+incompatible // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect + github.com/yuin/goldmark v1.7.7 // indirect + github.com/yuin/goldmark-meta v1.1.0 // indirect github.com/zclconf/go-cty v1.17.0 // indirect + go.abhg.dev/goldmark/frontmatter v0.2.0 // indirect + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect golang.org/x/mod v0.32.0 // indirect golang.org/x/net v0.49.0 // indirect golang.org/x/sync v0.19.0 // indirect @@ -66,4 +88,11 @@ require ( google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect google.golang.org/grpc v1.75.1 // indirect google.golang.org/protobuf v1.36.9 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) + +tool ( + github.com/client9/misspell/cmd/misspell + github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs ) diff --git a/go.sum b/go.sum index e3f5d03912..2838a86f26 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,16 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg= +github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= +github.com/Kunde21/markdownfmt/v3 v3.1.0 h1:KiZu9LKs+wFFBQKhrZJrFZwtLnCCWJahL+S+E/3VnM0= +github.com/Kunde21/markdownfmt/v3 v3.1.0/go.mod h1:tPXN1RTyOzJwhfHoon9wUr4HGYmWgVxSQN6VBJDkrVc= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= +github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= +github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/ProtonMail/go-crypto v1.1.6 h1:ZcV+Ropw6Qn0AX9brlQLAUXfqLBc7Bl+f/DmNxpLfdw= @@ -9,11 +20,18 @@ github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= +github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY= +github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE= +github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= +github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s= github.com/cyphar/filepath-securejoin v0.4.1/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -25,6 +43,8 @@ github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FM github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= +github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM= @@ -56,10 +76,14 @@ github.com/google/go-github/v82 v82.0.0 h1:OH09ESON2QwKCUVMYmMcVu1IFKFoaZHwqYaUt github.com/google/go-github/v82 v82.0.0/go.mod h1:hQ6Xo0VKfL8RZ7z1hSfB4fvISg0QqHOqe9BP0qo+WvM= github.com/google/go-querystring v1.2.0 h1:yhqkPbu2/OH+V9BfpCVPZkNmUXhb2gBxJArfhIxNtP0= github.com/google/go-querystring v1.2.0/go.mod h1:8IFJqpSRITyJ8QhQ13bmbeMBDfmeEJZD5A0egEOmkqU= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/cli v1.1.7 h1:/fZJ+hNdwfTSfsxMBa9WWMlfjUZbX8/LnUxgAd7lCVU= +github.com/hashicorp/cli v1.1.7/go.mod h1:e6Mfpga9OCT1vqzFuoGZiiF/KaG9CbUfO5s3ghU3YgU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= @@ -69,6 +93,7 @@ github.com/hashicorp/go-cty v1.5.0 h1:EkQ/v+dDNUqnuVpmS5fPqyY71NXVgT5gf32+57xY8g github.com/hashicorp/go-cty v1.5.0/go.mod h1:lFUCG5kd8exDobgSfyj4ONE/dc822kiYMguVKdHGMLM= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= @@ -90,6 +115,8 @@ github.com/hashicorp/terraform-exec v0.24.0 h1:mL0xlk9H5g2bn0pPF6JQZk5YlByqSqrO5 github.com/hashicorp/terraform-exec v0.24.0/go.mod h1:lluc/rDYfAhYdslLJQg3J0oDqo88oGQAdHR+wDqFvo4= github.com/hashicorp/terraform-json v0.27.2 h1:BwGuzM6iUPqf9JYM/Z4AF1OJ5VVJEEzoKST/tRDBJKU= github.com/hashicorp/terraform-json v0.27.2/go.mod h1:GzPLJ1PLdUG5xL6xn1OXWIjteQRT2CNT9o/6A9mi9hE= +github.com/hashicorp/terraform-plugin-docs v0.24.0 h1:YNZYd+8cpYclQyXbl1EEngbld8w7/LPOm99GD5nikIU= +github.com/hashicorp/terraform-plugin-docs v0.24.0/go.mod h1:YLg+7LEwVmRuJc0EuCw0SPLxuQXw5mW8iJ5ml/kvi+o= github.com/hashicorp/terraform-plugin-go v0.29.0 h1:1nXKl/nSpaYIUBU1IG/EsDOX0vv+9JxAltQyDMpq5mU= github.com/hashicorp/terraform-plugin-go v0.29.0/go.mod h1:vYZbIyvxyy0FWSmDHChCqKvI40cFTDGSb3D8D70i9GM= github.com/hashicorp/terraform-plugin-log v0.10.0 h1:eu2kW6/QBVdN4P3Ju2WiB2W3ObjkAsyfBsL3Wh1fj3g= @@ -104,6 +131,11 @@ github.com/hashicorp/terraform-svchost v0.1.1 h1:EZZimZ1GxdqFRinZ1tpJwVxxt49xc/S github.com/hashicorp/terraform-svchost v0.1.1/go.mod h1:mNsjQfZyf/Jhz35v6/0LWcv26+X7JPS+buii2c9/ctc= github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8= github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns= +github.com/huandu/xstrings v1.3.3 h1:/Gcsuc1x8JVbJ9/rlye4xZnVAbEkGauT8lbebqcQws4= +github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM= +github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jhump/protoreflect v1.17.0 h1:qOEr613fac2lOuTgWN4tPAtLL7fUSbuJL5X5XumQh94= @@ -125,6 +157,9 @@ github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Ky github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= +github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= @@ -133,6 +168,7 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= @@ -142,21 +178,35 @@ github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxu github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= +github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= +github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/githubv4 v0.0.0-20221126192849-0b5c4c7994eb h1:foJysa74+t41fG7adnt+TkfcNxQUWid8R/HlXe+Mmbw= github.com/shurcooL/githubv4 v0.0.0-20221126192849-0b5c4c7994eb/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 h1:B1PEwpArrNp4dkQrfxh/abbBAOZBVp0ds+fBEOUOqOc= github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29/go.mod h1:AuYgA5Kyo4c7HfUmvRGs/6rGlMMV/6B1bVnB9JxJEEg= github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8= github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY= +github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= +github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= +github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= @@ -167,10 +217,16 @@ github.com/vmihailenco/tagparser/v2 v2.0.0/go.mod h1:Wri+At7QHww0WTrCBeu4J6bNtoV github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/yuin/goldmark v1.7.7 h1:5m9rrB1sW3JUMToKFQfb+FGt1U7r57IHu5GrYrG2nqU= +github.com/yuin/goldmark v1.7.7/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E= +github.com/yuin/goldmark-meta v1.1.0 h1:pWw+JLHGZe8Rk0EGsMVssiNb/AaPMHfSRszZeUeiOUc= +github.com/yuin/goldmark-meta v1.1.0/go.mod h1:U4spWENafuA7Zyg+Lj5RqK/MF+ovMYtBvXi1lBb2VP0= github.com/zclconf/go-cty v1.17.0 h1:seZvECve6XX4tmnvRzWtJNHdscMtYEx5R7bnnVyd/d0= github.com/zclconf/go-cty v1.17.0/go.mod h1:wqFzcImaLTI6A5HfsRwB0nj5n0MRZFwmey8YoFPPs3U= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM= +go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw= +go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px76YjkOzhB4YlU= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= @@ -185,9 +241,12 @@ go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mx go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c= @@ -196,6 +255,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= @@ -218,6 +278,7 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -226,6 +287,7 @@ golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= @@ -235,6 +297,7 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= @@ -267,6 +330,10 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/templates/data-sources/actions_environment_public_key.md.tmpl b/templates/data-sources/actions_environment_public_key.md.tmpl new file mode 100644 index 0000000000..59b26f18ed --- /dev/null +++ b/templates/data-sources/actions_environment_public_key.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Actions Environment Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Actions public key of a specific environment. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve the action public keys of it's environments. + +## Example Usage + +{{ tffile "examples/data-sources/actions_environment_public_key/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. +- `environment` - (Required) Name of the environment to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/actions_environment_secrets.md.tmpl b/templates/data-sources/actions_environment_secrets.md.tmpl new file mode 100644 index 0000000000..0ef95a0421 --- /dev/null +++ b/templates/data-sources/actions_environment_secrets.md.tmpl @@ -0,0 +1,22 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get Actions secrets of the repository environment +--- + +# github\_actions\_environment\_secrets + +Use this data source to retrieve the list of secrets of the repository environment. + +## Example Usage + +{{ tffile "examples/data-sources/actions_environment_secrets/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the environment + - `name` - Name of the secret + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/actions_environment_variables.md.tmpl b/templates/data-sources/actions_environment_variables.md.tmpl new file mode 100644 index 0000000000..4b443e54ac --- /dev/null +++ b/templates/data-sources/actions_environment_variables.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get Actions variables of the repository environment +--- + +# github\_actions\_environment\_variables + +Use this data source to retrieve the list of variables of the repository environment. + +## Example Usage + +{{ tffile "examples/data-sources/actions_environment_variables/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `variables` - list of variables for the environment + - `name` - Name of the variable + - `value` - Value of the variable + - `created_at` - Timestamp of the variable creation + - `updated_at` - Timestamp of the variable last update diff --git a/templates/data-sources/actions_organization_oidc_subject_claim_customization_template.md.tmpl b/templates/data-sources/actions_organization_oidc_subject_claim_customization_template.md.tmpl new file mode 100644 index 0000000000..dd63b3a36d --- /dev/null +++ b/templates/data-sources/actions_organization_oidc_subject_claim_customization_template.md.tmpl @@ -0,0 +1,19 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a GitHub Actions organization OpenID Connect customization template +--- + +# actions_organization_oidc_subject_claim_customization_template + +Use this data source to retrieve the OpenID Connect subject claim customization template for an organization + +## Example Usage + +{{ tffile "examples/data-sources/actions_organization_oidc_subject_claim_customization_template/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `include_claim_keys` - The list of OpenID Connect claim keys. diff --git a/templates/data-sources/actions_organization_public_key.md.tmpl b/templates/data-sources/actions_organization_public_key.md.tmpl new file mode 100644 index 0000000000..0f2e9fa431 --- /dev/null +++ b/templates/data-sources/actions_organization_public_key.md.tmpl @@ -0,0 +1,18 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Actions Organization Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Actions Organization public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an organization to retrieve it's action public key. + +## Example Usage + +{{ tffile "examples/data-sources/actions_organization_public_key/example_1.tf" }} + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/actions_organization_registration_token.md.tmpl b/templates/data-sources/actions_organization_registration_token.md.tmpl new file mode 100644 index 0000000000..32e04addda --- /dev/null +++ b/templates/data-sources/actions_organization_registration_token.md.tmpl @@ -0,0 +1,20 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a GitHub Actions organization registration token. +--- + +# actions_registration_token + +Use this data source to retrieve a GitHub Actions organization registration token. This token can then be used to register a self-hosted runner. + +## Example Usage + +{{ tffile "examples/data-sources/actions_organization_registration_token/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `token` - The token that has been retrieved. +- `expires_at` - The token expiration date. diff --git a/templates/data-sources/actions_organization_secrets.md.tmpl b/templates/data-sources/actions_organization_secrets.md.tmpl new file mode 100644 index 0000000000..8c28b308fe --- /dev/null +++ b/templates/data-sources/actions_organization_secrets.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get actions secrets of the organization +--- + +# github\_actions\_organization\_secrets + +Use this data source to retrieve the list of secrets of the organization. + +## Example Usage + +{{ tffile "examples/data-sources/actions_organization_secrets/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/actions_organization_variables.md.tmpl b/templates/data-sources/actions_organization_variables.md.tmpl new file mode 100644 index 0000000000..9b4c4ccf2a --- /dev/null +++ b/templates/data-sources/actions_organization_variables.md.tmpl @@ -0,0 +1,24 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get Actions variables of the organization +--- + +# github\_actions\_organization\_variables + +Use this data source to retrieve the list of variables of the organization. + +## Example Usage + +{{ tffile "examples/data-sources/actions_organization_variables/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `variables` - list of variables for the repository + - `name` - Name of the variable + - `value` - Value of the variable + - `visibility` - Visibility of the variable + - `created_at` - Timestamp of the variable creation + - `updated_at` - Timestamp of the variable last update diff --git a/templates/data-sources/actions_public_key.md.tmpl b/templates/data-sources/actions_public_key.md.tmpl new file mode 100644 index 0000000000..dabdac6976 --- /dev/null +++ b/templates/data-sources/actions_public_key.md.tmpl @@ -0,0 +1,22 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Actions Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Actions public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve it's action public key. + +## Example Usage + +{{ tffile "examples/data-sources/actions_public_key/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/actions_registration_token.md.tmpl b/templates/data-sources/actions_registration_token.md.tmpl new file mode 100644 index 0000000000..a93991bd78 --- /dev/null +++ b/templates/data-sources/actions_registration_token.md.tmpl @@ -0,0 +1,22 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a GitHub Actions repository registration token. +--- + +# actions_registration_token + +Use this data source to retrieve a GitHub Actions repository registration token. This token can then be used to register a self-hosted runner. + +## Example Usage + +{{ tffile "examples/data-sources/actions_registration_token/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to get a GitHub Actions registration token for. + +## Attributes Reference + +- `token` - The token that has been retrieved. +- `expires_at` - The token expiration date. diff --git a/templates/data-sources/actions_repository_oidc_subject_claim_customization_template.md.tmpl b/templates/data-sources/actions_repository_oidc_subject_claim_customization_template.md.tmpl new file mode 100644 index 0000000000..c0a9a483fc --- /dev/null +++ b/templates/data-sources/actions_repository_oidc_subject_claim_customization_template.md.tmpl @@ -0,0 +1,22 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a GitHub Actions repository's OpenID Connect customization template +--- + +# actions_repository_oidc_subject_claim_customization_template + +Use this data source to retrieve the OpenID Connect subject claim customization template for a repository + +## Example Usage + +{{ tffile "examples/data-sources/actions_repository_oidc_subject_claim_customization_template/example_1.tf" }} + +## Argument Reference + +- `name` - (Required) Name of the repository to get the OpenID Connect subject claim customization template for. + +## Attributes Reference + +- `use_default` - Whether the repository uses the default template. +- `include_claim_keys` - The list of OpenID Connect claim keys. diff --git a/templates/data-sources/actions_secrets.md.tmpl b/templates/data-sources/actions_secrets.md.tmpl new file mode 100644 index 0000000000..f84e868425 --- /dev/null +++ b/templates/data-sources/actions_secrets.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get actions secrets for a repository +--- + +# github\_actions\_secrets + +Use this data source to retrieve the list of secrets for a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/actions_secrets/example_1.tf" }} + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/actions_variables.md.tmpl b/templates/data-sources/actions_variables.md.tmpl new file mode 100644 index 0000000000..f08c6c47df --- /dev/null +++ b/templates/data-sources/actions_variables.md.tmpl @@ -0,0 +1,26 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get Actions variables for a repository +--- + +# github\_actions\_variables + +Use this data source to retrieve the list of variables for a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/actions_variables/example_1.tf" }} + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `variables` - list of variables for the repository + - `name` - Name of the variable + - `value` - Value of the variable + - `created_at` - Timestamp of the variable creation + - `updated_at` - Timestamp of the variable last update diff --git a/templates/data-sources/app.md.tmpl b/templates/data-sources/app.md.tmpl new file mode 100644 index 0000000000..9c042ba8f8 --- /dev/null +++ b/templates/data-sources/app.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information about an app. +--- + +# github\_app + +Use this data source to retrieve information about an app. + +## Example Usage + +{{ tffile "examples/data-sources/app/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `slug` - (Required) The URL-friendly name of your GitHub App. + +## Attribute Reference + +The following additional attributes are exported: + +- `description` - The app's description. + +- `name` - The app's full name. + +- `node_id` - The Node ID of the app. diff --git a/templates/data-sources/app_token.md.tmpl b/templates/data-sources/app_token.md.tmpl new file mode 100644 index 0000000000..e006802bd3 --- /dev/null +++ b/templates/data-sources/app_token.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Generate a GitHub APP JWT. +--- + +# github\_app\_token + +Use this data source to generate a [GitHub App JWT](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app). + +## Example Usage + +{{ tffile "examples/data-sources/app_token/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `app_id` - (Required) This is the ID of the GitHub App. + +- `installation_id` - (Required) This is the ID of the GitHub App installation. + +- `pem_file` - (Required) This is the contents of the GitHub App private key PEM file. + +## Attribute Reference + +The following additional attributes are exported: + +- `token` - The generated GitHub APP JWT. diff --git a/templates/data-sources/branch.md.tmpl b/templates/data-sources/branch.md.tmpl new file mode 100644 index 0000000000..0cd38571b3 --- /dev/null +++ b/templates/data-sources/branch.md.tmpl @@ -0,0 +1,31 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information about a repository branch. +--- + +# github\_branch + +Use this data source to retrieve information about a repository branch. + +## Example Usage + +{{ tffile "examples/data-sources/branch/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. + +- `branch` - (Required) The repository branch to retrieve. + +## Attribute Reference + +The following additional attributes are exported: + +- `etag` - An etag representing the Branch object. + +- `ref` - A string representing a branch reference, in the form of `refs/heads/`. + +- `sha` - A string storing the reference's `HEAD` commit's SHA1. diff --git a/templates/data-sources/branch_protection_rules.md.tmpl b/templates/data-sources/branch_protection_rules.md.tmpl new file mode 100644 index 0000000000..eabb26080b --- /dev/null +++ b/templates/data-sources/branch_protection_rules.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information about a repository branch protection rules. +--- + +# github\_branch\_protection\_rules + +Use this data source to retrieve a list of repository branch protection rules. + +## Example Usage + +{{ tffile "examples/data-sources/branch_protection_rules/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. + +## Attribute Reference + +- `rules` - Collection of Branch Protection Rules. Each of the results conforms to the following scheme: + + - `pattern` - Identifies the protection rule pattern. diff --git a/templates/data-sources/codespaces_organization_public_key.md.tmpl b/templates/data-sources/codespaces_organization_public_key.md.tmpl new file mode 100644 index 0000000000..09295b9b2c --- /dev/null +++ b/templates/data-sources/codespaces_organization_public_key.md.tmpl @@ -0,0 +1,18 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Codespaces Organization Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Codespaces Organization public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an organization to retrieve it's Codespaces public key. + +## Example Usage + +{{ tffile "examples/data-sources/codespaces_organization_public_key/example_1.tf" }} + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/codespaces_organization_secrets.md.tmpl b/templates/data-sources/codespaces_organization_secrets.md.tmpl new file mode 100644 index 0000000000..cc39022e76 --- /dev/null +++ b/templates/data-sources/codespaces_organization_secrets.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get codespaces secrets of the organization +--- + +# github\_codespaces\_organization\_secrets + +Use this data source to retrieve the list of codespaces secrets of the organization. + +## Example Usage + +{{ tffile "examples/data-sources/codespaces_organization_secrets/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/codespaces_public_key.md.tmpl b/templates/data-sources/codespaces_public_key.md.tmpl new file mode 100644 index 0000000000..dbd9233adf --- /dev/null +++ b/templates/data-sources/codespaces_public_key.md.tmpl @@ -0,0 +1,22 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Codespaces Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Codespaces public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve it's Codespaces public key. + +## Example Usage + +{{ tffile "examples/data-sources/codespaces_public_key/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/codespaces_secrets.md.tmpl b/templates/data-sources/codespaces_secrets.md.tmpl new file mode 100644 index 0000000000..653fa46fb8 --- /dev/null +++ b/templates/data-sources/codespaces_secrets.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get codespaces secrets for a repository +--- + +# github\_codespaces\_secrets + +Use this data source to retrieve the list of codespaces secrets for a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/codespaces_secrets/example_1.tf" }} + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `secrets` - list of codespaces secrets for the repository + - `name` - Secret name + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/codespaces_user_public_key.md.tmpl b/templates/data-sources/codespaces_user_public_key.md.tmpl new file mode 100644 index 0000000000..ef6ae21fdd --- /dev/null +++ b/templates/data-sources/codespaces_user_public_key.md.tmpl @@ -0,0 +1,18 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Codespaces User Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Codespaces User public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an user to retrieve it's Codespaces public key. + +## Example Usage + +{{ tffile "examples/data-sources/codespaces_user_public_key/example_1.tf" }} + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/codespaces_user_secrets.md.tmpl b/templates/data-sources/codespaces_user_secrets.md.tmpl new file mode 100644 index 0000000000..d7096dbab7 --- /dev/null +++ b/templates/data-sources/codespaces_user_secrets.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get codespaces secrets of the user +--- + +# github\_codespaces\_user\_secrets + +Use this data source to retrieve the list of codespaces secrets of the user. + +## Example Usage + +{{ tffile "examples/data-sources/codespaces_user_secrets/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/collaborators.md.tmpl b/templates/data-sources/collaborators.md.tmpl new file mode 100644 index 0000000000..b982267d33 --- /dev/null +++ b/templates/data-sources/collaborators.md.tmpl @@ -0,0 +1,63 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the collaborators for a given repository. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve the collaborators for a given repository. + +## Example Usage + +{{ tffile "examples/data-sources/collaborators/example_1.tf" }} + +## Arguments Reference + +- `owner` - (Required) The organization that owns the repository. + +- `repository` - (Required) The name of the repository. + +- `affiliation` - (Optional) Filter collaborators returned by their affiliation. Can be one of: `outside`, `direct`, `all`. Defaults to `all`. + +- `permission` - (Optional) Filter collaborators returned by their permission. Can be one of: `pull`, `triage`, `push`, `maintain`, `admin`. Defaults to not doing any filtering on permission. + +## Attributes Reference + +- `collaborator` - An Array of GitHub collaborators. Each `collaborator` block consists of the fields documented below. + +--- + +The `collaborator` block consists of: + +- `login` - The collaborator's login. + +- `id` - The ID of the collaborator. + +- `url` - The GitHub API URL for the collaborator. + +- `html_url` - The GitHub HTML URL for the collaborator. + +- `followers_url` - The GitHub API URL for the collaborator's followers. + +- `following_url` - The GitHub API URL for those following the collaborator. + +- `gists_url` - The GitHub API URL for the collaborator's gists. + +- `starred_url` - The GitHub API URL for the collaborator's starred repositories. + +- `subscriptions_url` - The GitHub API URL for the collaborator's subscribed repositories. + +- `organizations_url` - The GitHub API URL for the collaborator's organizations. + +- `repos_url` - The GitHub API URL for the collaborator's repositories. + +- `events_url` - The GitHub API URL for the collaborator's events. + +- `received_events_url` - The GitHub API URL for the collaborator's received events. + +- `type` - The type of the collaborator (ex. `user`). + +- `site_admin` - Whether the user is a GitHub admin. + +- `permission` - The permission of the collaborator. diff --git a/templates/data-sources/dependabot_organization_public_key.md.tmpl b/templates/data-sources/dependabot_organization_public_key.md.tmpl new file mode 100644 index 0000000000..9221c33280 --- /dev/null +++ b/templates/data-sources/dependabot_organization_public_key.md.tmpl @@ -0,0 +1,18 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Dependabot Organization Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Dependabot Organization public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to an organization to retrieve it's Dependabot public key. + +## Example Usage + +{{ tffile "examples/data-sources/dependabot_organization_public_key/example_1.tf" }} + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/dependabot_organization_secrets.md.tmpl b/templates/data-sources/dependabot_organization_secrets.md.tmpl new file mode 100644 index 0000000000..a630b96d79 --- /dev/null +++ b/templates/data-sources/dependabot_organization_secrets.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get dependabot secrets of the organization +--- + +# github\_dependabot\_organization\_secrets + +Use this data source to retrieve the list of dependabot secrets of the organization. + +## Example Usage + +{{ tffile "examples/data-sources/dependabot_organization_secrets/example_1.tf" }} + +## Argument Reference + +## Attributes Reference + +- `secrets` - list of secrets for the repository + - `name` - Secret name + - `visibility` - Secret visibility + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/dependabot_public_key.md.tmpl b/templates/data-sources/dependabot_public_key.md.tmpl new file mode 100644 index 0000000000..74020ac944 --- /dev/null +++ b/templates/data-sources/dependabot_public_key.md.tmpl @@ -0,0 +1,22 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Dependabot Public Key. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub Dependabot public key. This data source is required to be used with other GitHub secrets interactions. Note that the provider `token` must have admin rights to a repository to retrieve it's Dependabot public key. + +## Example Usage + +{{ tffile "examples/data-sources/dependabot_public_key/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to get public key from. + +## Attributes Reference + +- `key_id` - ID of the key that has been retrieved. +- `key` - Actual key retrieved. diff --git a/templates/data-sources/dependabot_secrets.md.tmpl b/templates/data-sources/dependabot_secrets.md.tmpl new file mode 100644 index 0000000000..49a3eba279 --- /dev/null +++ b/templates/data-sources/dependabot_secrets.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get dependabot secrets for a repository +--- + +# github\_dependabot\_secrets + +Use this data source to retrieve the list of dependabot secrets for a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/dependabot_secrets/example_1.tf" }} + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `secrets` - list of dependabot secrets for the repository + - `name` - Secret name + - `created_at` - Timestamp of the secret creation + - `updated_at` - Timestamp of the secret last update diff --git a/templates/data-sources/enterprise.md.tmpl b/templates/data-sources/enterprise.md.tmpl new file mode 100644 index 0000000000..a1c8435bbc --- /dev/null +++ b/templates/data-sources/enterprise.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get an enterprise. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve basic information about a GitHub enterprise. + +## Example Usage + +```hcl +data "github_enterprise" "example" { + slug = "example-co" +} +``` + +## Attributes Reference + +- `id` - The ID of the enterprise. +- `database_id` - The database ID of the enterprise. +- `slug` - The URL slug identifying the enterprise. +- `name` - The name of the enterprise. +- `description` - The description of the enterprise. +- `created_at` - The time the enterprise was created. +- `url` - The url for the enterprise. diff --git a/templates/data-sources/external_groups.md.tmpl b/templates/data-sources/external_groups.md.tmpl new file mode 100644 index 0000000000..c9b8fbb4ce --- /dev/null +++ b/templates/data-sources/external_groups.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Retrieve external groups belonging to an organization. +--- + +# github\_external\_groups + +Use this data source to retrieve external groups belonging to an organization. + +## Example Usage + +{{ tffile "examples/data-sources/external_groups/example_1.tf" }} + +## Argument Reference + +N/A. This resource will retrieve all the external groups belonging to an organization. + +## Attributes Reference + +- `external_groups` - an array of external groups belonging to the organization. Each group consists of the fields documented below. + +--- + +- `group_id` - the ID of the group. +- `group_name` - the name of the group. +- `updated_at` - the date the group was last updated. diff --git a/templates/data-sources/ip_ranges.md.tmpl b/templates/data-sources/ip_ranges.md.tmpl new file mode 100644 index 0000000000..a68fce1d14 --- /dev/null +++ b/templates/data-sources/ip_ranges.md.tmpl @@ -0,0 +1,43 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on GitHub's IP addresses. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about GitHub's IP addresses. + +## Example Usage + +{{ tffile "examples/data-sources/ip_ranges/example_1.tf" }} + +## Attributes Reference + +- `actions` - An array of IP addresses in CIDR format specifying the addresses that incoming requests from GitHub actions will originate from. +- `actions_ipv4` - A subset of the `actions` array that contains IP addresses in IPv4 CIDR format. +- `actions_ipv6` - A subset of the `actions` array that contains IP addresses in IPv6 CIDR format. +- `dependabot` - An array of IP addresses in CIDR format specifying the A records for dependabot. +- `dependabot_ipv4` - A subset of the `dependabot` array that contains IP addresses in IPv4 CIDR format. +- `dependabot_ipv6` - A subset of the `dependabot` array that contains IP addresses in IPv6 CIDR format. +- `hooks` - An Array of IP addresses in CIDR format specifying the addresses that incoming service hooks will originate from. +- `hooks_ipv4` - A subset of the `hooks` array that contains IP addresses in IPv4 CIDR format. +- `hooks_ipv6` - A subset of the `hooks` array that contains IP addresses in IPv6 CIDR format. +- `git` - An Array of IP addresses in CIDR format specifying the Git servers. +- `git_ipv4` - A subset of the `git` array that contains IP addresses in IPv4 CIDR format. +- `git_ipv6` - A subset of the `git` array that contains IP addresses in IPv6 CIDR format. +- `web` - An Array of IP addresses in CIDR format for GitHub Web. +- `web_ipv4` - A subset of the `web` array that contains IP addresses in IPv4 CIDR format. +- `web_ipv6` - A subset of the `web` array that contains IP addresses in IPv6 CIDR format. +- `api` - An Array of IP addresses in CIDR format for the GitHub API. +- `api_ipv4` - A subset of the `api` array that contains IP addresses in IPv4 CIDR format. +- `api_ipv6` - A subset of the `api` array that contains IP addresses in IPv6 CIDR format. +- `packages` - An Array of IP addresses in CIDR format specifying the A records for GitHub Packages. +- `packages_ipv4` - A subset of the `packages` array that contains IP addresses in IPv4 CIDR format. +- `packages_ipv6` - A subset of the `packages` array that contains IP addresses in IPv6 CIDR format. +- `pages` - An Array of IP addresses in CIDR format specifying the A records for GitHub Pages. +- `pages_ipv4` - A subset of the `pages` array that contains IP addresses in IPv4 CIDR format. +- `pages_ipv6` - A subset of the `pages` array that contains IP addresses in IPv6 CIDR format. +- `importer` - An Array of IP addresses in CIDR format specifying the A records for GitHub Importer. +- `importer_ipv4` - A subset of the `importer` array that contains IP addresses in IPv4 CIDR format. +- `importer_ipv6` - A subset of the `importer` array that contains IP addresses in IPv6 CIDR format. diff --git a/templates/data-sources/issue_labels.md.tmpl b/templates/data-sources/issue_labels.md.tmpl new file mode 100644 index 0000000000..338005a673 --- /dev/null +++ b/templates/data-sources/issue_labels.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the labels for a given repository. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve the labels for a given repository. + +## Example Usage + +{{ tffile "examples/data-sources/issue_labels/example_1.tf" }} + +## Arguments Reference + +- `repository` - (Required) The name of the repository. + +## Attributes Reference + +- `labels` - The list of this repository's labels. Each element of `labels` has the following attributes: + - `name` - The name of the label. + - `color` - The hexadecimal color code for the label, without the leading #. + - `description` - A short description of the label. + - `url` - The URL of the label. diff --git a/templates/data-sources/membership.md.tmpl b/templates/data-sources/membership.md.tmpl new file mode 100644 index 0000000000..c034a8ee98 --- /dev/null +++ b/templates/data-sources/membership.md.tmpl @@ -0,0 +1,26 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on user membership in an organization. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to find out if a user is a member of your organization, as well as what role they have within it. If the user's membership in the organization is pending their acceptance of an invite, the role they would have once they accept will be returned. + +## Example Usage + +{{ tffile "examples/data-sources/membership/example_1.tf" }} + +## Argument Reference + +- `username` - (Required) The username to lookup in the organization. + +- `organization` - (Optional) The organization to check for the above username. + +## Attributes Reference + +- `username` - The username. +- `role` - `admin` or `member` -- the role the user has within the organization. +- `etag` - An etag representing the membership object. +- `state` - `active` or `pending` -- the state of membership within the organization. `active` if the member has accepted the invite, or `pending` if the invite is still pending. diff --git a/templates/data-sources/organization.md.tmpl b/templates/data-sources/organization.md.tmpl new file mode 100644 index 0000000000..bc36284217 --- /dev/null +++ b/templates/data-sources/organization.md.tmpl @@ -0,0 +1,54 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get an organization. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve basic information about a GitHub Organization. + +## Example Usage + +{{ tffile "examples/data-sources/organization/example_1.tf" }} + +## Argument Reference + +- `name` - (Required) The name of the organization. +- `ignore_archived_repos` - (Optional) Whether or not to include archived repos in the `repositories` list. Defaults to `false`. +- `summary_only` - (Optional) Exclude the repos, members and other attributes from the returned result. Defaults to `false`. + +## Attributes Reference + +- `id` - The ID of the organization +- `node_id` - GraphQL global node ID for use with the v4 API +- `name` - The organization's public profile name +- `orgname` - The organization's name as used in URLs and the API +- `login` - The organization account login +- `description` - The organization account description +- `plan` - The organization account plan name +- `repositories` - (`list`) A list of the full names of the repositories in the organization formatted as `owner/name` strings +- `members` - **Deprecated**: use `users` instead by replacing `github_organization.example.members` to `github_organization.example.users[*].login` which will give you the same value, expect this field to be removed in next major version +- `users` - (`list`) A list with the members of the organization with following fields: + - `id` - The ID of the member + - `login` - The members login + - `email` - Publicly available email + - `role` - Member role `ADMIN`, `MEMBER` +- `two_factor_requirement_enabled` - Whether two-factor authentication is required for all members of the organization. +- `default_repository_permission` - Default permission level members have for organization repositories. +- `members_allowed_repository_creation_type` - The type of repository allowed to be created by members of the organization. Can be one of `ALL`, `PUBLIC`, `PRIVATE`, `NONE`. +- `members_can_create_repositories` - Whether non-admin organization members can create repositories. +- `members_can_create_internal_repositories` - Whether organization members can create internal repositories. +- `members_can_create_private_repositories` - Whether organization members can create private repositories. +- `members_can_create_public_repositories` - Whether organization members can create public repositories. +- `members_can_create_pages` - Whether organization members can create pages sites. +- `members_can_create_public_pages` - Whether organization members can create public pages sites. +- `members_can_create_private_pages` - Whether organization members can create private pages sites. +- `members_can_fork_private_repositories` - Whether organization members can create private repository forks. +- `web_commit_signoff_required` - Whether organization members must sign all commits. +- `advanced_security_enabled_for_new_repositories` - Whether advanced security is enabled for new repositories. +- `dependabot_alerts_enabled_for_new_repositories` - Whether Dependabot alerts is automatically enabled for new repositories. +- `dependabot_security_updates_enabled_for_new_repositories` - Whether Dependabot security updates is automatically enabled for new repositories. +- `dependency_graph_enabled_for_new_repositories` - Whether dependency graph is automatically enabled for new repositories. +- `secret_scanning_enabled_for_new_repositories` - Whether secret scanning is automatically enabled for new repositories. +- `secret_scanning_push_protection_enabled_for_new_repositories` - Whether secret scanning push protection is automatically enabled for new repositories. diff --git a/templates/data-sources/organization_custom_properties.md.tmpl b/templates/data-sources/organization_custom_properties.md.tmpl new file mode 100644 index 0000000000..45a0ddfe97 --- /dev/null +++ b/templates/data-sources/organization_custom_properties.md.tmpl @@ -0,0 +1,35 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information about a GitHub organization custom property +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub organization custom property. + +## Example Usage + +{{ tffile "examples/data-sources/organization_custom_properties/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `property_name` - (Required) The name of the custom property to retrieve. + +## Attributes Reference + +- `property_name` - The name of the custom property. + +- `value_type` - The type of the custom property. Can be one of `string`, `single_select`, `multi_select`, or `true_false`. + +- `required` - Whether the custom property is required. + +- `description` - The description of the custom property. + +- `default_value` - The default value of the custom property. + +- `allowed_values` - List of allowed values for the custom property. Only populated when `value_type` is `single_select` or `multi_select`. + +- `values_editable_by` - Who can edit the values of the custom property. Can be one of `org_actors` or `org_and_repo_actors`. diff --git a/templates/data-sources/organization_custom_role.md.tmpl b/templates/data-sources/organization_custom_role.md.tmpl new file mode 100644 index 0000000000..55dd06e732 --- /dev/null +++ b/templates/data-sources/organization_custom_role.md.tmpl @@ -0,0 +1,32 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a custom role from a GitHub Organization for use in repositories. +--- + +# github\_organization\_custom\_role + +~> **Note:*- This data source is deprecated, please use the `github_organization_repository_role` data source instead. + +Use this data source to retrieve information about a custom role in a GitHub Organization. + +~> Note: Custom roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +{{ tffile "examples/data-sources/organization_custom_role/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the custom role. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the custom role. +- `description` - The description for the custom role. +- `base_role` - The system role from which the role inherits permissions. +- `permissions` - A list of additional permissions included in this role. diff --git a/templates/data-sources/organization_external_identities.md.tmpl b/templates/data-sources/organization_external_identities.md.tmpl new file mode 100644 index 0000000000..1d2d51655e --- /dev/null +++ b/templates/data-sources/organization_external_identities.md.tmpl @@ -0,0 +1,43 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a list of organization members and their SAML linked external identity NameID +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve each organization member's SAML or SCIM user attributes. + +## Example Usage + +{{ tffile "examples/data-sources/organization_external_identities/example_1.tf" }} + +## Attributes Reference + +- `identities` - An Array of identities returned from GitHub + +--- + +Each element in the `identities` block consists of: + +- `login` - The username of the GitHub user +- `saml_identity` - An Object containing the user's SAML data. This object will be empty if the user is not managed by SAML. +- `scim_identity` - An Object contining the user's SCIM data. This object will be empty if the user is not managed by SCIM. + +--- + +If a user is managed by SAML, the `saml_identity` object will contain: + +- `name_id` - The member's SAML NameID +- `username` - The member's SAML Username +- `family_name` - The member's SAML Family Name +- `given_name` - The member's SAML Given Name + +--- + +If a user is managed by SCIM, the `scim_identity` object will contain: + +- `username` - The member's SCIM Username. (will be empty string if user is not managed by SCIM) +- `groups` - The member's SCIM Groups +- `family_name` - The member's SCIM Family Name +- `given_name` - The member's SCIM Given Name diff --git a/templates/data-sources/organization_ip_allow_list.md.tmpl b/templates/data-sources/organization_ip_allow_list.md.tmpl new file mode 100644 index 0000000000..6e6488a434 --- /dev/null +++ b/templates/data-sources/organization_ip_allow_list.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the IP allow list of an organization. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about the IP allow list of an organization. The allow list for IP addresses will block access to private resources via the web, API, and Git from any IP addresses that are not on the allow list. + +## Example Usage + +{{ tffile "examples/data-sources/organization_ip_allow_list/example_1.tf" }} + +## Attributes Reference + +- `ip_allow_list` - An Array of allowed IP addresses. + +--- + +Each element in the `ip_allow_list` block consists of: + +- `id` - The ID of the IP allow list entry. +- `name` - The name of the IP allow list entry. +- `allow_list_value` - A single IP address or range of IP addresses in CIDR notation. +- `is_active` - Whether the entry is currently active. +- `created_at` - Identifies the date and time when the object was created. +- `updated_at` - Identifies the date and time when the object was last updated. diff --git a/templates/data-sources/organization_repository_role.md.tmpl b/templates/data-sources/organization_repository_role.md.tmpl new file mode 100644 index 0000000000..86610161d0 --- /dev/null +++ b/templates/data-sources/organization_repository_role.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Lookup a custom organization repository role. +--- + +# {{.Name}} ({{.Type}}) + +Lookup a custom organization repository role. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +{{ tffile "examples/data-sources/organization_repository_role/example_1.tf" }} + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization repository role. + +### Read-Only + +- `name` (String) The name of the organization repository role. +- `description` (String) The description of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/templates/data-sources/organization_repository_roles.md.tmpl b/templates/data-sources/organization_repository_roles.md.tmpl new file mode 100644 index 0000000000..d217b29314 --- /dev/null +++ b/templates/data-sources/organization_repository_roles.md.tmpl @@ -0,0 +1,31 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Lookup all custom repository roles in an organization. +--- + +# {{.Name}} ({{.Type}}) + +Lookup all custom repository roles in an organization. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +{{ tffile "examples/data-sources/organization_repository_roles/example_1.tf" }} + +## Schema + +### Read-Only + +- `roles` (Set of Object, see [schema](#nested-schema-for-roles)) Available organization repository roles. + +## Nested Schema for `roles` + +### Read-Only + +- `role_id` (Number) The ID of the organization repository role. +- `name` (String) The name of the organization repository role. +- `description` (String) The description of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/templates/data-sources/organization_role.md.tmpl b/templates/data-sources/organization_role.md.tmpl new file mode 100644 index 0000000000..f3fba000df --- /dev/null +++ b/templates/data-sources/organization_role.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Lookup a custom organization role. +--- + +# {{.Name}} ({{.Type}}) + +Lookup a custom organization role. + +## Example Usage + +{{ tffile "examples/data-sources/organization_role/example_1.tf" }} + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `name` (String) The name of the organization role. +- `description` (String) The description of the organization role. +- `source` (String) The source of this role; one of `Predefined`, `Organization`, or `Enterprise`. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/templates/data-sources/organization_role_teams.md.tmpl b/templates/data-sources/organization_role_teams.md.tmpl new file mode 100644 index 0000000000..9219b7ffb0 --- /dev/null +++ b/templates/data-sources/organization_role_teams.md.tmpl @@ -0,0 +1,32 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Lookup all teams assigned to a custom organization role. +--- + +# {{.Name}} ({{.Type}}) + +Lookup all teams assigned to a custom organization role. + +## Example Usage + +{{ tffile "examples/data-sources/organization_role_teams/example_1.tf" }} + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `teams` (Set of Object, see [schema](#nested-schema-for-teams)) Teams assigned to the organization role. + +## Nested Schema for `teams` + +### Read-Only + +- `team_id` (Number) The ID of the team. +- `slug` (String) The Slug of the team name. +- `name` (String) The name of the team. +- `permission` (String) The permission that the team will have for its repositories. diff --git a/templates/data-sources/organization_role_users.md.tmpl b/templates/data-sources/organization_role_users.md.tmpl new file mode 100644 index 0000000000..56e9d26212 --- /dev/null +++ b/templates/data-sources/organization_role_users.md.tmpl @@ -0,0 +1,30 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Lookup all users assigned to a custom organization role. +--- + +# {{.Name}} ({{.Type}}) + +Lookup all users assigned to a custom organization role. + +## Example Usage + +{{ tffile "examples/data-sources/organization_role_users/example_1.tf" }} + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. + +### Read-Only + +- `users` (Set of Object, see [schema](#nested-schema-for-users)) Users assigned to the organization role. + +## Nested Schema for `users` + +### Read-Only + +- `user_id` (Number) The ID of the user. +- `login` (String) The login for the GitHub user account. diff --git a/templates/data-sources/organization_roles.md.tmpl b/templates/data-sources/organization_roles.md.tmpl new file mode 100644 index 0000000000..15ea0ef7cd --- /dev/null +++ b/templates/data-sources/organization_roles.md.tmpl @@ -0,0 +1,30 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Lookup all custom roles in an organization. +--- + +# {{.Name}} ({{.Type}}) + +Lookup all custom roles in an organization. + +## Example Usage + +{{ tffile "examples/data-sources/organization_roles/example_1.tf" }} + +## Schema + +### Read-Only + +- `roles` (Set of Object, see [schema](#nested-schema-for-roles)) Available organization roles. + +## Nested Schema for `roles` + +### Read-Only + +- `role_id` (Number) The ID of the organization role. +- `name` (String) The name of the organization role. +- `description` (String) The description of the organization role. +- `source` (String) The source of this role; one of `Predefined`, `Organization`, or `Enterprise`. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String) The permissions included in this role. diff --git a/templates/data-sources/organization_security_managers.md.tmpl b/templates/data-sources/organization_security_managers.md.tmpl new file mode 100644 index 0000000000..2f369e5a30 --- /dev/null +++ b/templates/data-sources/organization_security_managers.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the security managers for an organization. +--- + +# {{.Name}} ({{.Type}}) + +~> **Note:*- This data source is deprecated, please use the `github_organization_role_team` resource instead. + +Use this data source to retrieve the security managers for an organization. + +## Example Usage + +{{ tffile "examples/data-sources/organization_security_managers/example_1.tf" }} + +## Attributes Reference + +- `teams` - An list of GitHub teams. Each `team` block consists of the fields documented below. + +---___ + +The `team` block consists of: + +- `id` - Unique identifier of the team. +- `slug` - Name based identifier of the team. +- `name` - Name of the team. +- `permission` - Permission that the team will have for its repositories. diff --git a/templates/data-sources/organization_team_sync_groups.md.tmpl b/templates/data-sources/organization_team_sync_groups.md.tmpl new file mode 100644 index 0000000000..119f4639d3 --- /dev/null +++ b/templates/data-sources/organization_team_sync_groups.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the external identity provider (IdP) groups for an organization. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve the identity provider (IdP) groups for an organization. + +## Example Usage + +{{ tffile "examples/data-sources/organization_team_sync_groups/example_1.tf" }} + +## Attributes Reference + +- `groups` - An Array of GitHub Identity Provider Groups. Each `group` block consists of the fields documented below. + +--- + +The `group` block consists of: + +- `group_id` - The ID of the IdP group. + +- `group_name` - The name of the IdP group. + +- `group_description` - The description of the IdP group. diff --git a/templates/data-sources/organization_teams.md.tmpl b/templates/data-sources/organization_teams.md.tmpl new file mode 100644 index 0000000000..f30e42aae0 --- /dev/null +++ b/templates/data-sources/organization_teams.md.tmpl @@ -0,0 +1,42 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on all GitHub teams of an organization. +--- + +# github\_organization\_teams + +Use this data source to retrieve information about all GitHub teams in an organization. + +## Example Usage + +To retrieve *all- teams of the organization: + +{{ tffile "examples/data-sources/organization_teams/example_1.tf" }} + +To retrieve only the team's at the root of the organization: + +{{ tffile "examples/data-sources/organization_teams/example_2.tf" }} + +## Attributes Reference + +- `teams` - (Required) An Array of GitHub Teams. Each `team` block consists of the fields documented below. +- `root_teams_only` - (Optional) Only return teams that are at the organization's root, i.e. no nested teams. Defaults to `false`. +- `summary_only` - (Optional) Exclude the members and repositories of the team from the returned result. Defaults to `false`. +- `results_per_page` - (Optional) Set the number of results per graphql query. Reducing this number can alleviate timeout errors. Accepts a value between 0 - 100. Defaults to `100`. + +--- + +The `team` block consists of: + +- `id` - The ID of the team. +- `node_id` - The Node ID of the team. +- `slug` - The slug of the team. +- `name` - The team's full name. +- `description` - The team's description. +- `privacy` - The team's privacy type. +- `members` - List of team members. Not returned if `summary_only = true` +- `repositories` - List of team repositories. Not returned if `summary_only = true` +- `parent_team_id` - The ID of the parent team, if there is one. +- `parent_team_slug` - The slug of the parent team, if there is one. +- `parent` - (**DEPRECATED**) The parent team, use `parent_team_id` or `parent_team_slug` instead. diff --git a/templates/data-sources/organization_webhooks.md.tmpl b/templates/data-sources/organization_webhooks.md.tmpl new file mode 100644 index 0000000000..a78d373a0b --- /dev/null +++ b/templates/data-sources/organization_webhooks.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on all GitHub webhooks of the organization. +--- + +# github\_organization\_webhooks + +Use this data source to retrieve all webhooks of the organization. + +## Example Usage + +To retrieve *all- webhooks of the organization: + +{{ tffile "examples/data-sources/organization_webhooks/example_1.tf" }} + +## Attributes Reference + +- `webhooks` - An Array of GitHub Webhooks. Each `webhook` block consists of the fields documented below. + +--- + +The `webhook` block consists of: + +- `id` - the ID of the webhook. +- `type` - the type of the webhook. +- `name` - the name of the webhook. +- `url` - the url of the webhook. +- `active` - `true` if the webhook is active. diff --git a/templates/data-sources/ref.md.tmpl b/templates/data-sources/ref.md.tmpl new file mode 100644 index 0000000000..724db9a03a --- /dev/null +++ b/templates/data-sources/ref.md.tmpl @@ -0,0 +1,33 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information about a repository ref. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a repository ref. + +## Example Usage + +{{ tffile "examples/data-sources/ref/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `owner` - (Required) Owner of the repository. + +- `repository` - (Required) The GitHub repository name. + +- `ref` - (Required) The repository ref to look up. Must be formatted `heads/` for branches, and `tags/` for tags. + +## Attribute Reference + +The following additional attributes are exported: + +- `etag` - An etag representing the ref. + +- `id` - A string storing a reference to the repository name and ref. + +- `sha` - A string storing the reference's `HEAD` commit's SHA1. diff --git a/templates/data-sources/release.md.tmpl b/templates/data-sources/release.md.tmpl new file mode 100644 index 0000000000..4d7ead0729 --- /dev/null +++ b/templates/data-sources/release.md.tmpl @@ -0,0 +1,65 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub release. +--- + +# github\_release + +Use this data source to retrieve information about a GitHub release in a specific repository. + +## Example Usage + +To retrieve the latest release that is present in a repository: + +{{ tffile "examples/data-sources/release/example_1.tf" }} + +To retrieve a specific release from a repository based on its ID: + +{{ tffile "examples/data-sources/release/example_2.tf" }} + +Finally, to retrieve a release based on its tag: + +{{ tffile "examples/data-sources/release/example_3.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the release from. + +- `owner` - (Required) Owner of the repository. + +- `retrieve_by` - (Required) Describes how to fetch the release. Valid values are `id`, `tag`, `latest`. + +- `release_id` - (Optional) ID of the release to retrieve. Must be specified when `retrieve_by` = `id`. + +- `release_tag` - (Optional) Tag of the release to retrieve. Must be specified when `retrieve_by` = `tag`. + +## Attributes Reference + +- `release_tag` - Tag of release +- `release_id` - ID of release +- `target_commitish` - Commitish value that determines where the Git release is created from +- `name` - Name of release +- `body` - Contents of the description (body) of a release +- `draft` - (`Boolean`) indicates whether the release is a draft +- `prerelease` - (`Boolean`) indicates whether the release is a prerelease +- `created_at` - Date of release creation +- `published_at` - Date of release publishing +- `url` - Base URL of the release +- `html_url` - URL directing to detailed information on the release +- `assets_url` - URL of any associated assets with the release +- `asserts_url` - **Deprecated**: Use `assets_url` resource instead +- `upload_url` - URL that can be used to upload Assets to the release +- `zipball_url` - Download URL of a specific release in `zip` format +- `tarball_url` - Download URL of a specific release in `tar.gz` format +- `assets` - Collection of assets for the release. Each asset conforms to the following schema: + - `id` - ID of the asset + - `url` - URL of the asset + - `node_id` - Node ID of the asset + - `name` - The file name of the asset + - `label` - Label for the asset + - `content_type` - MIME type of the asset + - `size` - Size in byte + - `created_at` - Date the asset was created + - `updated_at` - Date the asset was last updated + - `browser_download_url` - Browser download URL diff --git a/templates/data-sources/release_asset.md.tmpl b/templates/data-sources/release_asset.md.tmpl new file mode 100644 index 0000000000..4c600d334e --- /dev/null +++ b/templates/data-sources/release_asset.md.tmpl @@ -0,0 +1,48 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub release asset. +--- + +# github\_release\_asset + +Use this data source to retrieve information about a GitHub release asset. + +## Example Usage + +To retrieve a specific release asset from a repository based on its ID: + +{{ tffile "examples/data-sources/release_asset/example_1.tf" }} + +To retrieve a specific release asset from a repository, and download the file into a `file` attribute on the data source: + +{{ tffile "examples/data-sources/release_asset/example_2.tf" }} + +To retrieve the first release asset associated with the latest release in a repository: + +{{ tffile "examples/data-sources/release_asset/example_3.tf" }} + +To retrieve all release assets associated with the the latest release in a repository: + +{{ tffile "examples/data-sources/release_asset/example_4.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the release from +- `owner` - (Required) Owner of the repository +- `asset_id` - (Required) ID of the release asset to retrieve +- `download_file_contents` - (Optional) Whether to download the asset file content into the `file_contents` attribute (defaults to `false`) + +## Attributes Reference + +- `id` - ID of the asset +- `url` - URL of the asset +- `node_id` - Node ID of the asset +- `name` - The file name of the asset +- `label` - Label for the asset +- `content_type` - MIME type of the asset +- `size` - Asset size in bytes +- `created_at` - Date the asset was created +- `updated_at` - Date the asset was last updated +- `browser_download_url` - Browser URL from which the release asset can be downloaded +- `file_contents` - The base64-encoded release asset file contents (requires `download_file_contents` to be `true`) diff --git a/templates/data-sources/repositories.md.tmpl b/templates/data-sources/repositories.md.tmpl new file mode 100644 index 0000000000..f931b723ce --- /dev/null +++ b/templates/data-sources/repositories.md.tmpl @@ -0,0 +1,30 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Search for GitHub repositories +--- + +# {{.Name}} ({{.Type}}) + +-> **Note:*- The data source will return a maximum of `1000` repositories [as documented in official API docs](https://developer.github.com/v3/search/#about-the-search-api). + +Use this data source to retrieve a list of GitHub repositories using a search query. + +## Example Usage + +{{ tffile "examples/data-sources/repositories/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `query` - (Required) Search query. See [documentation for the search syntax](https://help.github.com/articles/understanding-the-search-syntax/). +- `sort` - (Optional) Sorts the repositories returned by the specified attribute. Valid values include `stars`, `fork`, and `updated`. Defaults to `updated`. +- `include_repo_id` - (Optional) Returns a list of found repository IDs +- `results_per_page` - (Optional) Set the number of repositories requested per API call. Can be useful to decrease if requests are timing out or to increase to reduce the number of API calls. Defaults to 100. + +## Attributes Reference + +- `full_names` - A list of full names of found repositories (e.g. `hashicorp/terraform`) +- `names` - A list of found repository names (e.g. `terraform`) +- `repo_ids` - (Optional) A list of found repository IDs (e.g. `449898861`) diff --git a/templates/data-sources/repository.md.tmpl b/templates/data-sources/repository.md.tmpl new file mode 100644 index 0000000000..a17b05ba5a --- /dev/null +++ b/templates/data-sources/repository.md.tmpl @@ -0,0 +1,125 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get details about GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Optional) The name of the repository. + +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `node_id` - the Node ID of the repository. + +- `description` - A description of the repository. + +- `homepage_url` - URL of a page describing the project. + +- `private` - Whether the repository is private. + +- `visibility` - Whether the repository is public, private or internal. + +- `has_issues` - Whether the repository has GitHub Issues enabled. + +- `has_discussions` - Whether the repository has GitHub Discussions enabled. + +- `has_projects` - Whether the repository has the GitHub Projects enabled. + +- `has_wiki` - Whether the repository has the GitHub Wiki enabled. + +- `is_template` - Whether the repository is a template repository. + +- `fork` - Whether the repository is a fork. + +- `allow_merge_commit` - Whether the repository allows merge commits. + +- `allow_squash_merge` - Whether the repository allows squash merges. + +- `allow_rebase_merge` - Whether the repository allows rebase merges. + +- `allow_auto_merge` - Whether the repository allows auto-merging pull requests. + +- `allow_forking` - Whether the repository allows private forking; this is only relevant if the repository is owned by an organization and is private or internal. + +- `squash_merge_commit_title` - The default value for a squash merge commit title. + +- `squash_merge_commit_message` - The default value for a squash merge commit message. + +- `merge_commit_title` - The default value for a merge commit title. + +- `merge_commit_message` - The default value for a merge commit message. + +- `has_downloads` - (**DEPRECATED**) Whether the repository has Downloads feature enabled. This attribute is no longer in use, but it hasn't been removed yet. It will be removed in a future version. See [this discussion](https://github.com/orgs/community/discussions/102145#discussioncomment-8351756). + +- `default_branch` - The name of the default branch of the repository. + +- `primary_language` - The primary language used in the repository. + +- `archived` - Whether the repository is archived. + +- `pages` - The repository's GitHub Pages configuration. + +- `topics` - The list of topics of the repository. + +- `template` - The repository source template configuration. + +- `html_url` - URL to the repository on the web. + +- `ssh_clone_url` - URL that can be provided to `git clone` to clone the repository via SSH. + +- `http_clone_url` - URL that can be provided to `git clone` to clone the repository via HTTPS. + +- `git_clone_url` - URL that can be provided to `git clone` to clone the repository anonymously via the git protocol. + +- `svn_url` - URL that can be provided to `svn checkout` to check out the repository via GitHub's Subversion protocol emulation. + +- `node_id` - GraphQL global node id for use with v4 API + +- `repo_id` - GitHub ID for the repository + +- `repository_license` - An Array of GitHub repository licenses. Each `repository_license` block consists of the fields documented below. + +--- + +The `repository_license` block consists of: + +- `content` - Content of the license file, encoded by encoding scheme mentioned below. +- `download_url` - The URL to download the raw content of the license file. +- `encoding` - The encoding used for the content (e.g., "base64"). +- `git_url` - The URL to access information about the license file as a Git blob. +- `html_url` - The URL to view the license file on GitHub. +- `license` - `license` block consists of the fields documented below. +- `name` - The name of the license file (e.g., "LICENSE"). +- `path` - The path to the license file within the repository. +- `sha` - The SHA hash of the license file. +- `size` - The size of the license file in bytes. +- `type` - The type of the content, (e.g., "file"). +- `url` - The URL to access information about the license file on GitHub. + +The `license` block consists of: + +- `body` - The text of the license. +- `conditions` - Conditions associated with the license. +- `description` - A description of the license. +- `featured` - Indicates if the license is featured. +- `html_url` - The URL to view the license details on GitHub. +- `implementation` - Details about the implementation of the license. +- `key` - A key representing the license type (e.g., "apache-2.0"). +- `limitations` - Limitations associated with the license. +- `name` - The name of the license (e.g., "Apache License 2.0"). +- `permissions` - Permissions associated with the license. +- `spdx_id` - The SPDX identifier for the license (e.g., "Apache-2.0"). +- `url` - The URL to access information about the license on GitHub. diff --git a/templates/data-sources/repository_autolink_references.md.tmpl b/templates/data-sources/repository_autolink_references.md.tmpl new file mode 100644 index 0000000000..e09b5514e7 --- /dev/null +++ b/templates/data-sources/repository_autolink_references.md.tmpl @@ -0,0 +1,24 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get autolink references for a Github repository. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve autolink references for a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_autolink_references/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the autolink references from. + +## Attributes Reference + +- `autolink_references` - The list of this repository's autolink references. Each element of `autolink_references` has the following attributes: + - `key_prefix` - Key prefix. + - `target_url_template` - Target url template. + - `is_alphanumeric` - True if alphanumeric. diff --git a/templates/data-sources/repository_branches.md.tmpl b/templates/data-sources/repository_branches.md.tmpl new file mode 100644 index 0000000000..eef68848aa --- /dev/null +++ b/templates/data-sources/repository_branches.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub repository's branches. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about branches in a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_branches/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the branches from. + +- `only_protected_branches` - (Optional). If true, the `branches` attributes will be populated only with protected branches. Default: `false`. + +- `only_non_protected_branches` - (Optional). If true, the `branches` attributes will be populated only with non protected branches. Default: `false`. + +## Attributes Reference + +- `branches` - The list of this repository's branches. Each element of `branches` has the following attributes: + - `name` - Name of the branch. + - `protected` - Whether the branch is protected. diff --git a/templates/data-sources/repository_custom_properties.md.tmpl b/templates/data-sources/repository_custom_properties.md.tmpl new file mode 100644 index 0000000000..418a8a5731 --- /dev/null +++ b/templates/data-sources/repository_custom_properties.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get all custom properties of a repository +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve all custom properties of a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_custom_properties/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the custom properties from. + +## Attributes Reference + +- `property` - The list of this repository's custom properties. Each element of `property` has the following attributes: + - `property_name` - Name of the property + - `property_value` - Value of the property diff --git a/templates/data-sources/repository_deploy_keys.md.tmpl b/templates/data-sources/repository_deploy_keys.md.tmpl new file mode 100644 index 0000000000..8981969d8b --- /dev/null +++ b/templates/data-sources/repository_deploy_keys.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get all deploy keys of a repository +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve all deploy keys of a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_deploy_keys/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the branches from. + +## Attributes Reference + +- `keys` - The list of this repository's deploy keys. Each element of `keys` has the following attributes: + - `id` - Key id + - `title` - Key title + - `key` - Key itself + - `verified` - `true` if the key was verified. diff --git a/templates/data-sources/repository_deployment_branch_policies.md.tmpl b/templates/data-sources/repository_deployment_branch_policies.md.tmpl new file mode 100644 index 0000000000..75a5762d5e --- /dev/null +++ b/templates/data-sources/repository_deployment_branch_policies.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the list of deployment branch policies for a given repo / env. +--- + +# {{.Name}} ({{.Type}}) + +~> **Note:*- This data source is deprecated, please use the `github_repository_environment_deployment_policies` data source instead. + +Use this data source to retrieve deployment branch policies for a repository / environment. + +## Example Usage + +{{ tffile "examples/data-sources/repository_deployment_branch_policies/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the deployment branch policies from. + +- `environment_name` - (Required) Name of the environment to retrieve the deployment branch policies from. + +## Attributes Reference + +- `deployment_branch_policies` - The list of this repository / environment deployment policies. Each element of `deployment_branch_policies` has the following attributes: + - `id` - Id of the policy. + - `name` - The name pattern that branches must match in order to deploy to the environment. diff --git a/templates/data-sources/repository_environment_deployment_policies.md.tmpl b/templates/data-sources/repository_environment_deployment_policies.md.tmpl new file mode 100644 index 0000000000..508a82ed11 --- /dev/null +++ b/templates/data-sources/repository_environment_deployment_policies.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get the list of environment deployment policies for a given repository environment. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve deployment branch policies for a repository environment. + +## Example Usage + +{{ tffile "examples/data-sources/repository_environment_deployment_policies/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the deployment branch policies from. + +- `environment` - (Required) Name of the environment to retrieve the deployment branch policies from. + +## Attributes Reference + +- `policies` - The list of deployment policies for the repository environment. Each element of `policies` has the following attributes: + - `type` - Type of the policy; this could be `branch` or `tag`. + - `pattern` - The pattern that branch or tag names must match in order to deploy to the environment. diff --git a/templates/data-sources/repository_environments.md.tmpl b/templates/data-sources/repository_environments.md.tmpl new file mode 100644 index 0000000000..5e654383e7 --- /dev/null +++ b/templates/data-sources/repository_environments.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub repository's environments. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about environments for a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_environments/example_1.tf" }} + +## Argument Reference + +- `repository` - (Required) Name of the repository to retrieve the environments from. + +## Attributes Reference + +- `environments` - The list of this repository's environments. Each element of `environments` has the following attributes: + - `name` - Environment name. + - `node_id` - Environment node id. diff --git a/templates/data-sources/repository_file.md.tmpl b/templates/data-sources/repository_file.md.tmpl new file mode 100644 index 0000000000..21f7855f48 --- /dev/null +++ b/templates/data-sources/repository_file.md.tmpl @@ -0,0 +1,41 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Reads files within a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This data source allows you to read files within a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_file/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository to read the file from. If an unqualified repo name (without an owner) is passed, the owner will be inferred from the owner of the token used to execute the plan. If a name of the type "owner/repo" (with a slash in the middle) is passed, the owner will be as specified and not the owner of the token. + +- `file` - (Required) The path of the file to read. + +- `branch` - (Optional) Git branch. Defaults to the repository's default branch. + +## Attributes Reference + +The following additional attributes are exported: + +- `content` - The file content. + +- `commit_sha` - The SHA of the commit that modified the file. + +- `sha` - The SHA blob of the file. + +- `commit_author` - Committer author name. + +- `commit_email` - Committer email address. + +- `commit_message` - Commit message when file was last updated. + +- `ref` - The name of the commit/branch/tag. diff --git a/templates/data-sources/repository_milestone.md.tmpl b/templates/data-sources/repository_milestone.md.tmpl new file mode 100644 index 0000000000..52b4674494 --- /dev/null +++ b/templates/data-sources/repository_milestone.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub Repository Milestone. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a specific GitHub milestone in a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_milestone/example_1.tf" }} + +## Argument Reference + +- `owner` - (Required) Owner of the repository. + +- `repository` - (Required) Name of the repository to retrieve the milestone from. + +- `number` - (Required) The number of the milestone. + +## Attributes Reference + +- `description` - Description of the milestone. +- `due_date` - The milestone due date (in ISO-8601 `yyyy-mm-dd` format). +- `state` - State of the milestone. +- `title` - Title of the milestone. diff --git a/templates/data-sources/repository_pull_request.md.tmpl b/templates/data-sources/repository_pull_request.md.tmpl new file mode 100644 index 0000000000..480baedd33 --- /dev/null +++ b/templates/data-sources/repository_pull_request.md.tmpl @@ -0,0 +1,51 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a single GitHub Pull Request. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a specific GitHub Pull Request in a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_pull_request/example_1.tf" }} + +## Argument Reference + +- `base_repository` - (Required) Name of the base repository to retrieve the Pull Request from. + +- `number` - (Required) The number of the Pull Request within the repository. + +- `owner` - (Optional) Owner of the repository. If not provided, the provider's default owner is used. + +## Attributes Reference + +- `base_ref` - Name of the ref (branch) of the Pull Request base. + +- `base_sha` - Head commit SHA of the Pull Request base. + +- `body` - Body of the Pull Request. + +- `draft` - Indicates Whether this Pull Request is a draft. + +- `head_owner` - Owner of the Pull Request head repository. + +- `head_repository` - Name of the Pull Request head repository. + +- `head_sha` - Head commit SHA of the Pull Request head. + +- `labels` - List of label names set on the Pull Request. + +- `maintainer_can_modify` - Indicates whether the base repository maintainers can modify the Pull Request. + +- `opened_at` - Unix timestamp indicating the Pull Request creation time. + +- `opened_by` - GitHub login of the user who opened the Pull Request. + +- `state` - the current Pull Request state - can be "open", "closed" or "merged". + +- `title` - The title of the Pull Request. + +- `updated_at` - The timestamp of the last Pull Request update. diff --git a/templates/data-sources/repository_pull_requests.md.tmpl b/templates/data-sources/repository_pull_requests.md.tmpl new file mode 100644 index 0000000000..b5976521cd --- /dev/null +++ b/templates/data-sources/repository_pull_requests.md.tmpl @@ -0,0 +1,65 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on multiple GitHub Pull Requests. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about multiple GitHub Pull Requests in a repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_pull_requests/example_1.tf" }} + +## Argument Reference + +- `base_repository` - (Required) Name of the base repository to retrieve the Pull Requests from. + +- `owner` - (Optional) Owner of the repository. If not provided, the provider's default owner is used. + +- `base_ref` - (Optional) If set, filters Pull Requests by base branch name. + +- `head_ref` - (Optional) If set, filters Pull Requests by head user or head organization and branch name in the format of "user:ref-name" or "organization:ref-name". For example: "github:new-script-format" or "octocat:test-branch". + +- `sort_by` - (Optional) If set, indicates what to sort results by. Can be either "created", "updated", "popularity" (comment count) or "long-running" (age, filtering by pulls updated in the last month). Default: "created". + +- `sort_direction` - (Optional) If set, controls the direction of the sort. Can be either "asc" or "desc". Default: "asc". + +- `state` - (Optional) If set, filters Pull Requests by state. Can be "open", "closed", or "all". Default: "open". + +## Attributes Reference + +- `results` - Collection of Pull Requests matching the filters. Each of the results conforms to the following scheme: + + - `base_ref` - Name of the ref (branch) of the Pull Request base. + + - `base_sha` - Head commit SHA of the Pull Request base. + + - `body` - Body of the Pull Request. + + - `draft` - Indicates Whether this Pull Request is a draft. + + - `head_owner` - Owner of the Pull Request head repository. + + - `head_ref` - Value of the Pull Request `HEAD` reference. + + - `head_repository` - Name of the Pull Request head repository. + + - `head_sha` - Head commit SHA of the Pull Request head. + + - `labels` - List of label names set on the Pull Request. + + - `maintainer_can_modify` - Indicates whether the base repository maintainers can modify the Pull Request. + + - `number` - The number of the Pull Request within the repository. + + - `opened_at` - Unix timestamp indicating the Pull Request creation time. + + - `opened_by` - GitHub login of the user who opened the Pull Request. + + - `state` - the current Pull Request state - can be "open", "closed" or "merged". + + - `title` - The title of the Pull Request. + + - `updated_at` - The timestamp of the last Pull Request update. diff --git a/templates/data-sources/repository_teams.md.tmpl b/templates/data-sources/repository_teams.md.tmpl new file mode 100644 index 0000000000..0b62fa1a57 --- /dev/null +++ b/templates/data-sources/repository_teams.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get teams which have permission on the given repo. +--- + +# github\_repository\_teams + +Use this data source to retrieve the list of teams which have access to a GitHub repository. + +## Example Usage + +{{ tffile "examples/data-sources/repository_teams/example_1.tf" }} + +## Argument Reference + +- `name` - (Optional) The name of the repository. +- `full_name` - (Optional) Full name of the repository (in `org/name` format). + +## Attributes Reference + +- `teams` - List of teams which have access to the repository + - `name` - Team name + - `slug` - Team slug + - `permission` - Team permission diff --git a/templates/data-sources/repository_webhooks.md.tmpl b/templates/data-sources/repository_webhooks.md.tmpl new file mode 100644 index 0000000000..177ec01cf3 --- /dev/null +++ b/templates/data-sources/repository_webhooks.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on all GitHub webhooks of the organization. +--- + +# github\_repository\_webhooks + +Use this data source to retrieve webhooks for a given repository. + +## Example Usage + +To retrieve webhooks of a repository: + +{{ tffile "examples/data-sources/repository_webhooks/example_1.tf" }} + +## Attributes Reference + +- `webhooks` - An Array of GitHub Webhooks. Each `webhook` block consists of the fields documented below. + +--- + +The `webhook` block consists of: + +- `id` - the ID of the webhook. +- `type` - the type of the webhook. +- `name` - the name of the webhook. +- `url` - the url of the webhook. +- `active` - `true` if the webhook is active. diff --git a/templates/data-sources/rest_api.md.tmpl b/templates/data-sources/rest_api.md.tmpl new file mode 100644 index 0000000000..d3480a5885 --- /dev/null +++ b/templates/data-sources/rest_api.md.tmpl @@ -0,0 +1,25 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub resource with a custom GET request to GitHub REST API. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a GitHub resource through REST API. + +## Example Usage + +{{ tffile "examples/data-sources/rest_api/example_1.tf" }} + +## Argument Reference + +- `endpoint` - (Required) REST API endpoint to send the GET request to. + +## Attributes Reference + +- `id` - The GitHub API Request ID +- `code` - A response status code. +- `status` - A response status string. +- `headers` - A JSON string containing response headers. +- `body` - A JSON string containing response body. diff --git a/templates/data-sources/ssh_keys.md.tmpl b/templates/data-sources/ssh_keys.md.tmpl new file mode 100644 index 0000000000..c73edd40f7 --- /dev/null +++ b/templates/data-sources/ssh_keys.md.tmpl @@ -0,0 +1,17 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on GitHub's SSH keys. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about GitHub's SSH keys. + +## Example Usage + +{{ tffile "examples/data-sources/ssh_keys/example_1.tf" }} + +## Attributes Reference + +- `keys` - An array of GitHub's SSH public keys. diff --git a/templates/data-sources/team.md.tmpl b/templates/data-sources/team.md.tmpl new file mode 100644 index 0000000000..86920ae69d --- /dev/null +++ b/templates/data-sources/team.md.tmpl @@ -0,0 +1,33 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub team. +--- + +# github\_team + +Use this data source to retrieve information about a GitHub team. + +## Example Usage + +{{ tffile "examples/data-sources/team/example_1.tf" }} + +## Argument Reference + +- `slug` - (Required) The team slug. +- `membership_type` - (Optional) Type of membership to be requested to fill the list of members. Can be either `all` *(default)- or `immediate`. +- `summary_only` - (Optional) Exclude the members and repositories of the team from the returned result. Defaults to `false`. +- `results_per_page` - (**DEPRECATED**) (Optional) Set the number of results per REST API query. Accepts a value between 0 - 100 *(defaults to `100`)*. + +## Attributes Reference + +- `id` - ID of the team. +- `node_id` - Node ID of the team. +- `name` - Team's full name. +- `description` - Team's description. +- `privacy` - Team's privacy type. Can either be `closed` or `secret`. +- `notification_setting` - Teams's notification setting. Can be either `notifications_enabled` or `notifications_disabled`. +- `permission` - (**DEPRECATED**) The permission that new repositories will be added to the team with when none is specified. +- `members` - List of team members (list of GitHub usernames). Not returned if `summary_only = true`. +- `repositories` - (**DEPRECATED**) List of team repositories (list of repo names). Not returned if `summary_only = true`. +- `repositories_detailed` - List of team repositories (each item comprises of `repo_id`, `repo_name` & [`role_name`](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_repository#permission)). Not returned if `summary_only = true`. diff --git a/templates/data-sources/tree.md.tmpl b/templates/data-sources/tree.md.tmpl new file mode 100644 index 0000000000..e02e2623c6 --- /dev/null +++ b/templates/data-sources/tree.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Returns a single tree using the SHA1 value for that tree. +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve information about a single tree. + +## Example Usage + +{{ tffile "examples/data-sources/tree/example_1.tf" }} + +## Argument Reference + +- `recursive` - (Optional) Setting this parameter to `true` returns the objects or subtrees referenced by the tree specified in `tree_sha`. +- `repository` - (Required) The name of the repository. +- `tree_sha` - (Required) The SHA1 value for the tree. + +## Attributes Reference + +- `entries` - Objects (of `path`, `mode`, `type`, `size`, and `sha`) specifying a tree structure. diff --git a/templates/data-sources/user.md.tmpl b/templates/data-sources/user.md.tmpl new file mode 100644 index 0000000000..8b9a13e3b6 --- /dev/null +++ b/templates/data-sources/user.md.tmpl @@ -0,0 +1,41 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a GitHub user. +--- + +# github\_user + +Use this data source to retrieve information about a GitHub user. + +## Example Usage + +{{ tffile "examples/data-sources/user/example_1.tf" }} + +## Argument Reference + +- `username` - (Required) The username. Use an empty string `""` to retrieve information about the currently authenticated user. + +## Attributes Reference + +- `id` - the ID of the user. +- `node_id` - the Node ID of the user. +- `login` - the user's login. +- `avatar_url` - the user's avatar URL. +- `gravatar_id` - the user's gravatar ID. +- `site_admin` - whether the user is a GitHub admin. +- `name` - the user's full name. +- `company` - the user's company name. +- `blog` - the user's blog location. +- `location` - the user's location. +- `email` - the user's email. +- `gpg_keys` - list of user's GPG keys. +- `ssh_keys` - list of user's SSH keys. +- `bio` - the user's bio. +- `public_repos` - the number of public repositories. +- `public_gists` - the number of public gists. +- `followers` - the number of followers. +- `following` - the number of following users. +- `created_at` - the creation date. +- `updated_at` - the update date. +- `suspended_at` - the suspended date if the user is suspended. diff --git a/templates/data-sources/user_external_identity.md.tmpl b/templates/data-sources/user_external_identity.md.tmpl new file mode 100644 index 0000000000..ffe0f4b324 --- /dev/null +++ b/templates/data-sources/user_external_identity.md.tmpl @@ -0,0 +1,42 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get a specific organization member's SAML/SCIM linked external identity +--- + +# {{.Name}} ({{.Type}}) + +Use this data source to retrieve a specific organization member's SAML or SCIM user attributes. + +## Example Usage + +{{ tffile "examples/data-sources/user_external_identity/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `username` - (Required) The username of the member to fetch external identity for. + +## Attributes Reference + +- `login` - The username of the GitHub user +- `saml_identity` - An Object containing the user's SAML data. This object will be empty if the user is not managed by SAML. +- `scim_identity` - An Object contining the user's SCIM data. This object will be empty if the user is not managed by SCIM. + +--- + +If a user is managed by SAML, the `saml_identity` object will contain: + +- `name_id` - The member's SAML NameID +- `username` - The member's SAML Username +- `family_name` - The member's SAML Family Name +- `given_name` - The member's SAML Given Name + +--- + +If a user is managed by SCIM, the `scim_identity` object will contain: + +- `scim_username` - The member's SCIM Username. (will be empty string if user is not managed by SCIM) +- `scim_family_name` - The member's SCIM Family Name +- `scim_given_name` - The member's SCIM Given Name diff --git a/templates/data-sources/users.md.tmpl b/templates/data-sources/users.md.tmpl new file mode 100644 index 0000000000..935fe481f6 --- /dev/null +++ b/templates/data-sources/users.md.tmpl @@ -0,0 +1,24 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information about multiple GitHub users. +--- + +# github\_users + +Use this data source to retrieve information about multiple GitHub users at once. + +## Example Usage + +{{ tffile "examples/data-sources/users/example_1.tf" }} + +## Argument Reference + +- `usernames` - (Required) List of usernames. + +## Attributes Reference + +- `node_ids` - list of Node IDs of users that could be found. +- `logins` - list of logins of users that could be found. +- `emails` - list of the user's publicly visible profile email (will be empty string in case if user decided not to show it). +- `unknown_logins` - list of logins without matching user. diff --git a/templates/index.md.tmpl b/templates/index.md.tmpl new file mode 100644 index 0000000000..7c302c576b --- /dev/null +++ b/templates/index.md.tmpl @@ -0,0 +1,91 @@ +--- +page_title: "{{.RenderedProviderName}} Provider" +description: |- + The GitHub provider is used to interact with GitHub resources. +--- + +# {{.RenderedProviderName}} Provider + +The GitHub provider is used to interact with GitHub resources. + +The provider allows you to manage your GitHub organization's members and teams easily. It needs to be configured with the proper credentials before it can be used. + +Use the navigation to the left to read about the available resources. + +## Example Usage + +Terraform 0.13 and later: + +{{ tffile "examples/example_1.tf" }} + +- You **must*- add a `required_providers` block to every module that will create resources with this provider. If you do not explicitly require `integrations/github` in a submodule, your terraform run may [break in hard-to-troubleshoot ways](https://github.com/integrations/terraform-provider-github/issues/876#issuecomment-1303790559). + +Terraform 0.12 and earlier: + +{{ tffile "examples/example_2.tf"}} + +~> **Note:*- When upgrading from `hashicorp/github` to `integrations/github`, use `terraform state replace-provider`. Otherwise, Terraform will still require the old provider to interact with the state file. + +## Authentication + +The GitHub provider offers multiple ways to authenticate with GitHub API. + +### GitHub CLI + +The GitHub provider taps into [GitHub CLI](https://cli.github.com/) authentication, where it picks up the token issued by [`gh auth login`](https://cli.github.com/manual/gh_auth_login) command. It is possible to specify the path to the `gh` executable in the `GH_PATH` environment variable, which is useful for when the GitHub Terraform provider can not properly determine its the path to GitHub CLI such as in the cygwin terminal. + +### OAuth / Personal Access Token + +To authenticate using OAuth tokens, ensure that the `token` argument or the `GITHUB_TOKEN` environment variable is set. + +{{ tffile "examples/example_3.tf" }} + +### GitHub App Installation + +To authenticate using a GitHub App installation, ensure that arguments in the `app_auth` block or the `GITHUB_APP_XXX` environment variables are set. The `owner` parameter required in this situation. Leaving out will throw a `403 "Resource not accessible by integration"` error. + +Some API operations may not be available when using a GitHub App installation configuration. For more information, refer to the list of [supported endpoints](https://docs.github.com/en/rest/overview/endpoints-available-for-github-apps). + +{{ tffile "examples/example_4.tf" }} + +~> **Note:*- When using environment variables, an empty `app_auth` block is required to allow provider configurations from environment variables to be specified. See: + +{{ tffile "examples/example_5.tf" }} + +## Argument Reference + +The following arguments are supported in the `provider` block: + +- `token` - (Optional) A GitHub OAuth / Personal Access Token. When not provided or made available via the `GITHUB_TOKEN` environment variable, the provider can only access resources available anonymously. + +- `base_url` - (Optional) This is the target GitHub base API endpoint. Providing a value is a requirement when working with GitHub Enterprise. It is optional to provide this value and it can also be sourced from the `GITHUB_BASE_URL` environment variable. The value must end with a slash, for example: `https://terraformtesting-ghe.westus.cloudapp.azure.com/` + +- `owner` - (Optional) This is the target GitHub organization or individual user account to manage. For example, `torvalds` and `github` are valid owners. It is optional to provide this value and it can also be sourced from the `GITHUB_OWNER` environment variable. When not provided and a `token` is available, the individual user account owning the `token` will be used. When not provided and no `token` is available, the provider may not function correctly. It is required in case of GitHub App Installation. + +- `organization` - (Deprecated) This behaves the same as `owner`, which should be used instead. This value can also be sourced from the `GITHUB_ORGANIZATION` environment variable. + +- `app_auth` - (Optional) Configuration block to use GitHub App installation token. When not provided, the provider can only access resources available anonymously. + - `id` - (Required) This is the ID of the GitHub App. It can sourced from the `GITHUB_APP_ID` environment variable. + - `installation_id` - (Required) This is the ID of the GitHub App installation. It can sourced from the `GITHUB_APP_INSTALLATION_ID` environment variable. + - `pem_file` - (Required) This is the contents of the GitHub App private key PEM file. It can also be sourced from the `GITHUB_APP_PEM_FILE` environment variable and may use `\n` instead of actual new lines. + +- `write_delay_ms` - (Optional) The number of milliseconds to sleep in between write operations in order to satisfy the GitHub API rate limits. Note that requests to the GraphQL API are implemented as `POST` requests under the hood, so this setting affects those calls as well. Defaults to 1000ms or 1 second if not provided. + +- `retry_delay_ms` - (Optional) Amount of time in milliseconds to sleep in between requests to GitHub API after an error response. Defaults to 1000ms or 1 second if not provided, the max_retries must be set to greater than zero. + +- `read_delay_ms` - (Optional) The number of milliseconds to sleep in between non-write operations in order to satisfy the GitHub API rate limits. Defaults to 0ms. + +- `retryable_errors` - (Optional) "Allow the provider to retry after receiving an error status code, the max_retries should be set for this to work. Defaults to [500, 502, 503, 504] + +- `max_retries` - (Optional) Number of times to retry a request after receiving an error status code. Defaults to 3 + +Note: If you have a PEM file on disk, you can pass it in via `pem_file = file("path/to/file.pem")`. + +For backwards compatibility, if more than one of `owner`, `organization`, `GITHUB_OWNER` and `GITHUB_ORGANIZATION` are set, the first in this list takes priority. + +1. Setting `organization` in the GitHub provider configuration. +2. Setting the `GITHUB_ORGANIZATION` environment variable. +3. Setting the `GITHUB_OWNER` environment variable. +4. Setting `owner` in the GitHub provider configuration. + +~> It is a bug that `GITHUB_OWNER` takes precedence over `owner`, which may be fixed in a future major release. For compatibility with future releases, please set only one of `GITHUB_OWNER` and `owner`. diff --git a/templates/resources/actions_environment_secret.md.tmpl b/templates/resources/actions_environment_secret.md.tmpl new file mode 100644 index 0000000000..0ef0bd8683 --- /dev/null +++ b/templates/resources/actions_environment_secret.md.tmpl @@ -0,0 +1,65 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Action Secret within a GitHub repository environment +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions secrets within your GitHub repository environments. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/actions_environment_secret/example_1.tf" }} + +{{ tffile "examples/resources/actions_environment_secret/example_2.tf" }} + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +{{ tffile "examples/resources/actions_environment_secret/example_3.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `environment` - (Required) Name of the environment. +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using an ID made of the repository name, environment name (URL escaped), and secret name all separated by a `:`. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub actions environment secret named `mysecret` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_secret` resource named `example`. + +{{ tffile "examples/resources/actions_environment_secret/example_4.tf" }} + +### Import Command + +The following command imports a GitHub actions environment secret named `mysecret` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_secret` resource named `example`. + +```shell +terraform import github_actions_environment_secret.example myrepo:myenv:mysecret +``` diff --git a/templates/resources/actions_environment_variable.md.tmpl b/templates/resources/actions_environment_variable.md.tmpl new file mode 100644 index 0000000000..df2da6a8ad --- /dev/null +++ b/templates/resources/actions_environment_variable.md.tmpl @@ -0,0 +1,48 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Action variable within a GitHub repository environment +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions variables within your GitHub repository environments. You must have write access to a repository to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_environment_variable/example_1.tf" }} + +{{ tffile "examples/resources/actions_environment_variable/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `environment` - (Required) Name of the environment. +- `variable_name` - (Required) Name of the variable. +- `value` - (Required) Value of the variable. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the variable was created. +- `updated_at` - Date the variable was last updated. + +## Import + +This resource can be imported using an ID made of the repository name, environment name (any `:` in the environment name need to be escaped as `??`), and variable name all separated by a `:`. + +### Import Block + +The following import imports a GitHub actions environment variable named `myvariable` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_variable` resource named `example`. + +{{ tffile "examples/resources/actions_environment_variable/example_3.tf" }} + +### Import Command + +The following command imports a GitHub actions environment variable named `myvariable` for the repo `myrepo` and environment `myenv` to a `github_actions_environment_variable` resource named `example`. + +```shell +terraform import github_actions_environment_variable.example myrepo:myenv:myvariable +``` diff --git a/templates/resources/actions_hosted_runner.md.tmpl b/templates/resources/actions_hosted_runner.md.tmpl new file mode 100644 index 0000000000..5ee0413a1f --- /dev/null +++ b/templates/resources/actions_hosted_runner.md.tmpl @@ -0,0 +1,101 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages GitHub-hosted runners within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub-hosted runners within your GitHub organization. You must have admin access to an organization to use this resource. + +GitHub-hosted runners are fully managed virtual machines that run your GitHub Actions workflows. Unlike self-hosted runners, GitHub handles the infrastructure, maintenance, and scaling. + +## Example Usage + +### Basic Usage + +{{ tffile "examples/resources/actions_hosted_runner/example_1.tf" }} + +### Advanced Usage with Optional Parameters + +{{ tffile "examples/resources/actions_hosted_runner/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the hosted runner. Must be between 1 and 64 characters and may only contain alphanumeric characters, '.', '-', and '_'. +- `image` - (Required) Image configuration for the hosted runner. Cannot be changed after creation. Block supports: + - `id` - (Required) The image ID. For GitHub-owned images, use numeric IDs like "2306" for Ubuntu Latest 24.04. To get available images, use the GitHub API: `GET /orgs/{org}/actions/hosted-runners/images/github-owned`. + - `source` - (Optional) The image source. Valid values are "github", "partner", or "custom". Defaults to "github". +- `size` - (Required) Machine size for the hosted runner (e.g., "4-core", "8-core"). Can be updated to scale the runner. To list available sizes, use the GitHub API: `GET /orgs/{org}/actions/hosted-runners/machine-sizes`. +- `runner_group_id` - (Required) The ID of the runner group to assign this runner to. +- `maximum_runners` - (Optional) Maximum number of runners to scale up to. Runners will not auto-scale above this number. Use this setting to limit costs. +- `public_ip_enabled` - (Optional) Whether to enable static public IP for the runner. Note there are account limits. To list limits, use the GitHub API: `GET /orgs/{org}/actions/hosted-runners/limits`. Defaults to false. +- `image_version` - (Optional) The version of the runner image to deploy. This is only relevant for runners using custom images. + +## Timeouts + +The `timeouts` block allows you to specify timeouts for certain actions: + +- `delete` - (Defaults to 10 minutes) Used for waiting for the hosted runner deletion to complete. + +Example: + +{{ tffile "examples/resources/actions_hosted_runner/example_3.tf" }} + +## Attributes Reference + +In addition to the arguments above, the following attributes are exported: + +- `id` - The ID of the hosted runner. +- `status` - Current status of the runner (e.g., "Ready", "Provisioning"). +- `platform` - Platform of the runner (e.g., "linux-x64", "win-x64"). +- `image` - In addition to the arguments above, the image block exports: + - `size_gb` - The size of the image in gigabytes. +- `machine_size_details` - Detailed specifications of the machine size: + - `id` - Machine size identifier. + - `cpu_cores` - Number of CPU cores. + - `memory_gb` - Amount of memory in gigabytes. + - `storage_gb` - Amount of storage in gigabytes. +- `public_ips` - List of public IP ranges assigned to this runner (only if `public_ip_enabled` is true): + - `enabled` - Whether this IP range is enabled. + - `prefix` - IP address prefix. + - `length` - Subnet length. +- `last_active_on` - Timestamp (RFC3339) when the runner was last active. + +## Import + +Hosted runners can be imported using the runner ID: + +```hcl +$ terraform import github_actions_hosted_runner.example 123456 +``` + +## Notes + +- This resource is **organization-only*- and cannot be used with individual accounts. +- The `image` field cannot be changed after the runner is created. Changing it will force recreation of the runner. +- The `size` field can be updated to scale the runner up or down as needed. +- Image IDs for GitHub-owned images are numeric strings (e.g., "2306" for Ubuntu Latest 24.04), not names like "ubuntu-latest". +- Deletion of hosted runners is asynchronous. The provider will poll for up to 10 minutes (configurable via timeouts) to confirm deletion. +- Runner creation and updates may take several minutes as GitHub provisions the infrastructure. +- Static public IPs are subject to account limits. Check your organization's limits before enabling. + +## Getting Available Images and Sizes + +To get a list of available images: + +```bash +curl -H "Authorization: Bearer YOUR_TOKEN" \ + -H "Accept: application/vnd.github+json" \ + https://api.github.com/orgs/YOUR_ORG/actions/hosted-runners/images/github-owned +``` + +To get available machine sizes: + +```bash +curl -H "Authorization: Bearer YOUR_TOKEN" \ + -H "Accept: application/vnd.github+json" \ + https://api.github.com/orgs/YOUR_ORG/actions/hosted-runners/machine-sizes +``` diff --git a/templates/resources/actions_organization_oidc_subject_claim_customization_template.md.tmpl b/templates/resources/actions_organization_oidc_subject_claim_customization_template.md.tmpl new file mode 100644 index 0000000000..fa19422d5f --- /dev/null +++ b/templates/resources/actions_organization_oidc_subject_claim_customization_template.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an OpenID Connect subject claim customization template for an organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage an OpenID Connect subject claim customization template within a GitHub organization. + +More information on integrating GitHub with cloud providers using OpenID Connect and a list of available claims is available in the [Actions documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect). + +## Example Usage + +{{ tffile "examples/resources/actions_organization_oidc_subject_claim_customization_template/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `include_claim_keys` - (Required) A list of OpenID Connect claims. + +## Import + +This resource can be imported using the organization's name. + +```hcl +$ terraform import github_actions_organization_oidc_subject_claim_customization_template.test example_organization +``` diff --git a/templates/resources/actions_organization_permissions.md.tmpl b/templates/resources/actions_organization_permissions.md.tmpl new file mode 100644 index 0000000000..0a02441f3b --- /dev/null +++ b/templates/resources/actions_organization_permissions.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages Actions permissions within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise organizations. You must have admin access to an organization to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_permissions/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `allowed_actions` - (Optional) The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`. +- `enabled_repositories` - (Required) The policy that controls the repositories in the organization that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`. +- `allowed_actions_config` - (Optional) Sets the actions that are allowed in an organization. Only available when `allowed_actions` = `selected`. See [Allowed Actions Config](#allowed-actions-config) below for details. +- `enabled_repositories_config` - (Optional) Sets the list of selected repositories that are enabled for GitHub Actions in an organization. Only available when `enabled_repositories` = `selected`. See [Enabled Repositories Config](#enabled-repositories-config) below for details. +- `sha_pinning_required` - (Optional) Whether pinning to a specific SHA is required for all actions and reusable workflows in the organization. + +### Allowed Actions Config + +The `allowed_actions_config` block supports the following: + +- `github_owned_allowed` - (Required) Whether GitHub-owned actions are allowed in the organization. +- `patterns_allowed` - (Optional) Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*." +- `verified_allowed` - (Optional) Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators. + +### Enabled Repositories Config + +The `enabled_repositories_config` block supports the following: + +- `repository_ids` - (Required) List of repository IDs to enable for GitHub Actions. + +## Import + +This resource can be imported using the name of the GitHub organization: + +```hcl +$ terraform import github_actions_organization_permissions.test github_organization_name +``` diff --git a/templates/resources/actions_organization_secret.md.tmpl b/templates/resources/actions_organization_secret.md.tmpl new file mode 100644 index 0000000000..b1fccdc8cb --- /dev/null +++ b/templates/resources/actions_organization_secret.md.tmpl @@ -0,0 +1,65 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Action Secret within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions secrets within your GitHub organization. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_secret/example_1.tf" }} + +{{ tffile "examples/resources/actions_organization_secret/example_2.tf" }} + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +{{ tffile "examples/resources/actions_organization_secret/example_3.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `visibility` - (Required) Configures the access that repositories have to the organization secret; must be one of `all`, `private`, or `selected`. +- `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. +- `destroy_on_drift` - (**DEPRECATED**) (Optional) This is ignored as drift detection is built into the resource. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using the secret name as the ID. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub actions organization secret named `mysecret` to a `github_actions_organization_secret` resource named `example`. + +{{ tffile "examples/resources/actions_organization_secret/example_4.tf" }} + +### Import Command + +The following command imports a GitHub actions organization secret named `mysecret` to a `github_actions_organization_secret` resource named `example`. + +```shell +terraform import github_actions_organization_secret.example mysecret +``` diff --git a/templates/resources/actions_organization_secret_repositories.md.tmpl b/templates/resources/actions_organization_secret_repositories.md.tmpl new file mode 100644 index 0000000000..429ba5de1b --- /dev/null +++ b/templates/resources/actions_organization_secret_repositories.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages repository allow list for an Actions Secret within a GitHub organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage the repositories allowed to access an actions secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_secret_repositories/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the actions organization secret. +- `selected_repository_ids` - (Required) List of IDs for the repositories that should be able to access the secret. + +## Import + +This resource can be imported using the secret name as the ID. + +### Import Block + +The following import block imports the repositories able to access the actions organization secret named `mysecret` to a `github_actions_organization_secret_repositories` resource named `example`. + +{{ tffile "examples/resources/actions_organization_secret_repositories/example_2.tf" }} + +### Import Command + +The following command imports the repositories able to access the actions organization secret named `mysecret` to a `github_actions_organization_secret_repositories` resource named `example`. + +```shell +terraform import github_actions_organization_secret_repositories.example mysecret +``` diff --git a/templates/resources/actions_organization_secret_repository.md.tmpl b/templates/resources/actions_organization_secret_repository.md.tmpl new file mode 100644 index 0000000000..377bcabd33 --- /dev/null +++ b/templates/resources/actions_organization_secret_repository.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Add access for a repository to an Actions Secret within a GitHub organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource adds permission for a repository to use an actions secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_secret_repository/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the actions organization secret. +- `repository_id` - (Required) ID of the repository that should be able to access the secret. + +## Import + +This resource can be imported using an ID made of the secret name and repository name separated by a `:`. + +### Import Block + +The following import block imports the access of repository ID `123456` for the actions organization secret named `mysecret` to a `github_actions_organization_secret_repository` resource named `example`. + +{{ tffile "examples/resources/actions_organization_secret_repository/example_2.tf" }} + +### Import Command + +The following command imports the access of repository ID `123456` for the actions organization secret named `mysecret` to a `github_actions_organization_secret_repository` resource named `example`. + +```shell +terraform import github_actions_organization_secret_repository.example mysecret:123456 +``` diff --git a/templates/resources/actions_organization_variable.md.tmpl b/templates/resources/actions_organization_variable.md.tmpl new file mode 100644 index 0000000000..10738e09ca --- /dev/null +++ b/templates/resources/actions_organization_variable.md.tmpl @@ -0,0 +1,47 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Action variable within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions variables within your GitHub organization. You must have write access to a repository to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_variable/example_1.tf" }} + +{{ tffile "examples/resources/actions_organization_variable/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `variable_name` - (Required) Name of the variable. +- `value` - (Required) Value of the variable. +- `visibility` - (Required) Configures the access that repositories have to the organization variable; must be one of `all`, `private`, or `selected`. +- `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. + +## Attributes Reference + +- `created_at` - Date the variable was created. +- `updated_at` - Date the variable was last updated. + +## Import + +This resource can be imported using the variable name as the ID. + +### Import Block + +The following import imports a GitHub actions organization variable named `myvariable`to a `github_actions_organization_variable` resource named `example`. + +{{ tffile "examples/resources/actions_organization_variable/example_3.tf" }} + +### Import Command + +The following command imports a GitHub actions organization variable named `myvariable` to a `github_actions_organization_variable` resource named `example`. + +```shell +terraform import github_actions_organization_variable.example myvariable +``` diff --git a/templates/resources/actions_organization_variable_repositories.md.tmpl b/templates/resources/actions_organization_variable_repositories.md.tmpl new file mode 100644 index 0000000000..b31dc9f796 --- /dev/null +++ b/templates/resources/actions_organization_variable_repositories.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages repository allow list for an Actions Variable within a GitHub organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage the repositories allowed to access an actions variable within your GitHub organization. You must have write access to an organization variable to use this resource. + +This resource is only applicable when `visibility` of the existing organization variable has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_variable_repositories/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `variable_name` - (Required) Name of the actions organization variable. +- `selected_repository_ids` - (Required) List of IDs for the repositories that should be able to access the variable. + +## Import + +This resource can be imported using the variable name as the ID. + +### Import Block + +The following import block imports the repositories able to access the actions organization variable named `myvariable` to a `github_actions_organization_variable_repositories` resource named `example`. + +{{ tffile "examples/resources/actions_organization_variable_repositories/example_2.tf" }} + +### Import Command + +The following command imports the repositories able to access the actions organization variable named `myvariable` to a `github_actions_organization_variable_repositories` resource named `example`. + +```shell +terraform import github_actions_organization_variable_repositories.example myvariable +``` diff --git a/templates/resources/actions_organization_variable_repository.md.tmpl b/templates/resources/actions_organization_variable_repository.md.tmpl new file mode 100644 index 0000000000..8bac3b079a --- /dev/null +++ b/templates/resources/actions_organization_variable_repository.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Add access for a repository to an Actions Variable within a GitHub organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource adds permission for a repository to use an actions variables within your GitHub organization. You must have write access to an organization variable to use this resource. + +This resource is only applicable when `visibility` of the existing organization variable has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_variable_repository/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `variable_name` - (Required) Name of the actions organization variable. +- `repository_id` - (Required) ID of the repository that should be able to access the variable. + +## Import + +This resource can be imported using an ID made of the variable name and repository name separated by a `:`. + +### Import Block + +The following import block imports the access of repository ID `123456` for the actions organization variable named `myvariable` to a `github_actions_organization_variable_repository` resource named `example`. + +{{ tffile "examples/resources/actions_organization_variable_repository/example_2.tf" }} + +### Import Command + +The following command imports the access of repository ID `123456` for the actions organization variable named `myvariable` to a `github_actions_organization_variable_repository` resource named `example`. + +```shell +terraform import github_actions_organization_variable_repository.example myvariable:123456 +``` diff --git a/templates/resources/actions_organization_workflow_permissions.md.tmpl b/templates/resources/actions_organization_workflow_permissions.md.tmpl new file mode 100644 index 0000000000..6acaac3022 --- /dev/null +++ b/templates/resources/actions_organization_workflow_permissions.md.tmpl @@ -0,0 +1,48 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages GitHub Actions workflow permissions for a GitHub Organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage GitHub Actions workflow permissions for a GitHub Organization account. This controls the default permissions granted to the GITHUB_TOKEN when running workflows and whether GitHub Actions can approve pull request reviews. + +You must have organization admin access to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_organization_workflow_permissions/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `organization_slug` - (Required) The slug of the organization. + +- `default_workflow_permissions` - (Optional) The default workflow permissions granted to the GITHUB_TOKEN when running workflows. Can be `read` or `write`. Defaults to `read`. + +- `can_approve_pull_request_reviews` - (Optional) Whether GitHub Actions can approve pull request reviews. Defaults to `false`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `id` - The organization slug. + +## Import + +Organization Actions workflow permissions can be imported using the organization slug: + +```sh +terraform import github_actions_organization_workflow_permissions.example my-organization +``` + +## Notes + +~> **Note:*- This resource requires a GitHub Organization account and organization admin permissions. + +When this resource is destroyed, the workflow permissions will be reset to safe defaults: + +- `default_workflow_permissions` = `read` +- `can_approve_pull_request_reviews` = `false` diff --git a/templates/resources/actions_repository_access_level.md.tmpl b/templates/resources/actions_repository_access_level.md.tmpl new file mode 100644 index 0000000000..9f3ab7a8d7 --- /dev/null +++ b/templates/resources/actions_repository_access_level.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages Actions and Reusable Workflow access for a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to set the access level of a non-public repositories actions and reusable workflows for use in other repositories. You must have admin access to a repository to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_repository_access_level/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `access_level` - (Required) Where the actions or reusable workflows of the repository may be used. Possible values are `none`, `user`, `organization`, or `enterprise`. + +## Import + +This resource can be imported using the name of the GitHub repository: + +```hcl +$ terraform import github_actions_repository_access_level.test my-repository +``` diff --git a/templates/resources/actions_repository_oidc_subject_claim_customization_template.md.tmpl b/templates/resources/actions_repository_oidc_subject_claim_customization_template.md.tmpl new file mode 100644 index 0000000000..3064cebd64 --- /dev/null +++ b/templates/resources/actions_repository_oidc_subject_claim_customization_template.md.tmpl @@ -0,0 +1,38 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an OpenID Connect subject claim customization template for a repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage an OpenID Connect subject claim customization template for a GitHub repository. + +More information on integrating GitHub with cloud providers using OpenID Connect and a list of available claims is available in the [Actions documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect). + +The following table lists the behaviour of `use_default`: + +| `use_default` | `include_claim_keys` | Template used | +|---------------|----------------------|-----------------------------------------------------------| +| `true` | Unset | GitHub's default | +| `false` | Set | `include_claim_keys` | +| `false` | Unset | Organization's default if set, otherwise GitHub's default | + +## Example Usage + +{{ tffile "examples/resources/actions_repository_oidc_subject_claim_customization_template/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `use_default` - (Required) Whether to use the default template or not. If `true`, `include_claim_keys` must not be set. +- `include_claim_keys` - (Optional) A list of OpenID Connect claims. + +## Import + +This resource can be imported using the repository's name. + +```hcl +$ terraform import github_actions_repository_oidc_subject_claim_customization_template.test example_repository +``` diff --git a/templates/resources/actions_repository_permissions.md.tmpl b/templates/resources/actions_repository_permissions.md.tmpl new file mode 100644 index 0000000000..3ae0b968e5 --- /dev/null +++ b/templates/resources/actions_repository_permissions.md.tmpl @@ -0,0 +1,39 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Enables and manages Actions permissions for a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to enable and manage GitHub Actions permissions for a given repository. You must have admin access to an repository to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_repository_permissions/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `allowed_actions` - (Optional) The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`. +- `enabled` - (Optional) Should GitHub actions be enabled on this repository? +- `allowed_actions_config` - (Optional) Sets the actions that are allowed in an repository. Only available when `allowed_actions` = `selected`. See [Allowed Actions Config](#allowed-actions-config) below for details. +- `sha_pinning_required` - (Optional) Whether pinning to a specific SHA is required for all actions and reusable workflows in the repository. + +### Allowed Actions Config + +The `allowed_actions_config` block supports the following: + +- `github_owned_allowed` - (Required) Whether GitHub-owned actions are allowed in the repository. +- `patterns_allowed` - (Optional) Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*." +- `verified_allowed` - (Optional) Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators. + +## Import + +This resource can be imported using the name of the GitHub repository: + +```hcl +$ terraform import github_actions_repository_permissions.test my-repository +``` diff --git a/templates/resources/actions_runner_group.md.tmpl b/templates/resources/actions_runner_group.md.tmpl new file mode 100644 index 0000000000..5e3cac4c4d --- /dev/null +++ b/templates/resources/actions_runner_group.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Actions Runner Group within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions runner groups within your GitHub enterprise organizations. You must have admin access to an organization to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_runner_group/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) Name of the runner group +- `restricted_to_workflows` - (Optional) If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. +- `selected_repository_ids` - (Optional) IDs of the repositories which should be added to the runner group +- `selected_workflows` - (Optional) List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. +- `visibility` - (Optional) Visibility of a runner group. Whether the runner group can include `all`, `selected`, or `private` repositories. A value of `private` is not currently supported due to limitations in the GitHub API. +- `allows_public_repositories` - (Optional) Whether public repositories can be added to the runner group. Defaults to false. + +## Attributes Reference + +- `allows_public_repositories` - Whether public repositories can be added to the runner group +- `default` - Whether this is the default runner group +- `etag` - An etag representing the runner group object +- `inherited` - Whether the runner group is inherited from the enterprise level +- `runners_url` - The GitHub API URL for the runner group's runners +- `selected_repository_ids` - List of repository IDs that can access the runner group +- `selected_repositories_url` - GitHub API URL for the runner group's repositories +- `visibility` - The visibility of the runner group +- `restricted_to_workflows` - If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. +- `selected_workflows` - List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. + +## Import + +This resource can be imported using the ID of the runner group: + +```hcl +$ terraform import github_actions_runner_group.test 7 +``` diff --git a/templates/resources/actions_secret.md.tmpl b/templates/resources/actions_secret.md.tmpl new file mode 100644 index 0000000000..ecd2964a63 --- /dev/null +++ b/templates/resources/actions_secret.md.tmpl @@ -0,0 +1,63 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Action Secret within a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions secrets within your GitHub repositories. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/actions_secret/example_1.tf" }} + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +{{ tffile "examples/resources/actions_secret/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `destroy_on_drift` - (**DEPRECATED**) (Optional) This is ignored as drift detection is built into the resource. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using an ID made of the repository name, and secret name separated by a `:`. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub actions secret named `mysecret` for the repo `myrepo` to a `github_actions_secret` resource named `example`. + +{{ tffile "examples/resources/actions_secret/example_3.tf" }} + +### Import Command + +The following command imports a GitHub actions secret named `mysecret` for the repo `myrepo` to a `github_actions_secret` resource named `example`. + +```shell +terraform import github_actions_secret.example myrepo:mysecret +``` diff --git a/templates/resources/actions_variable.md.tmpl b/templates/resources/actions_variable.md.tmpl new file mode 100644 index 0000000000..8b23571f71 --- /dev/null +++ b/templates/resources/actions_variable.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Action variable within a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions variables within your GitHub repositories. You must have write access to a repository to use this resource. + +## Example Usage + +{{ tffile "examples/resources/actions_variable/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `variable_name` - (Required) Name of the variable. +- `value` - (Required) Value of the variable. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the variable was created. +- `updated_at` - Date the variable was last updated. + +## Import + +This resource can be imported using an ID made of the repository name, and variable name separated by a `:`. + +### Import Block + +The following import imports a GitHub actions variable named `myvariable` for the repo `myrepo` to a `github_actions_variable` resource named `example`. + +{{ tffile "examples/resources/actions_variable/example_2.tf" }} + +### Import Command + +The following command imports a GitHub actions variable named `myvariable` for the repo `myrepo` to a `github_actions_variable` resource named `example`. + +```shell +terraform import github_actions_variable.example myrepo:myvariable +``` diff --git a/templates/resources/app_installation_repositories.md.tmpl b/templates/resources/app_installation_repositories.md.tmpl new file mode 100644 index 0000000000..f622597608 --- /dev/null +++ b/templates/resources/app_installation_repositories.md.tmpl @@ -0,0 +1,36 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages the associations between app installations and repositories. +--- + +# {{.Name}} ({{.Type}}) + +~> **Note**: This resource is not compatible with the GitHub App Installation authentication method. + +This resource manages relationships between app installations and repositories in your GitHub organization or your user account. + +Creating this resource installs a particular app on multiple repositories. + +The app installation and the repositories must all belong to the same organization or user account on GitHub. Note: you can review your organization's installations by the following the instructions at this [link](https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-your-organizations-installed-integrations) or for your user account at this [link](https://docs.github.com/en/apps/using-github-apps/reviewing-and-modifying-installed-github-apps). + +## Example Usage + +{{ tffile "examples/resources/app_installation_repositories/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `installation_id` - (Required) The GitHub app installation id. +- `selected_repositories` - (Required) A list of repository names to install the app on. + +~> **Note**: Due to how GitHub implements app installations, apps cannot be installed with no repositories selected. Therefore deleting this resource will leave one repository with the app installed. Manually uninstall the app or set the installation to all repositories via the GUI as after deleting this resource. + +## Import + +GitHub App Installation Repositories can be imported using an ID made up of `installation_id`, e.g. + +```hcl +$ terraform import github_app_installation_repositories.some_app_repos 1234567 +``` diff --git a/templates/resources/app_installation_repository.md.tmpl b/templates/resources/app_installation_repository.md.tmpl new file mode 100644 index 0000000000..de9dbaa95a --- /dev/null +++ b/templates/resources/app_installation_repository.md.tmpl @@ -0,0 +1,34 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages the associations between app installations and repositories. +--- + +# {{.Name}} ({{.Type}}) + +~> **Note**: This resource is not compatible with the GitHub App Installation authentication method. + +This resource manages relationships between app installations and repositories in your GitHub organization or your user account. + +Creating this resource installs a particular app on a particular repository. + +The app installation and the repository must both belong to the same organization or user account on GitHub. Note: you can review your organization's installations by the following the instructions at this [link](https://docs.github.com/en/github/setting-up-and-managing-organizations-and-teams/reviewing-your-organizations-installed-integrations) or for your user account at this [link](https://docs.github.com/en/apps/using-github-apps/reviewing-and-modifying-installed-github-apps). + +## Example Usage + +{{ tffile "examples/resources/app_installation_repository/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `installation_id` - (Required) The GitHub app installation id. +- `repository` - (Required) The repository to install the app on. + +## Import + +GitHub App Installation Repository can be imported using an ID made up of `installation_id:repository`, e.g. + +```hcl +$ terraform import github_app_installation_repository.terraform_repo 1234567:terraform +``` diff --git a/templates/resources/branch.md.tmpl b/templates/resources/branch.md.tmpl new file mode 100644 index 0000000000..3d787e683c --- /dev/null +++ b/templates/resources/branch.md.tmpl @@ -0,0 +1,59 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages branches within GitHub repositories. +--- + +# github\_branch + +This resource allows you to create and manage branches within your repository. + +Additional constraints can be applied to ensure your branch is created from another branch or commit. + +## Example Usage + +{{ tffile "examples/resources/branch/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. + +- `branch` - (Required) The repository branch to create. + +- `source_branch` - (Optional) The branch name to start from. Defaults to `main`. + +- `source_sha` - (Optional) The commit hash to start from. Defaults to the tip of `source_branch`. If provided, `source_branch` is ignored. + +## Attribute Reference + +The following additional attributes are exported: + +- `source_sha` - A string storing the commit this branch was started from. Not populated when imported. + +- `etag` - An etag representing the Branch object. + +- `ref` - A string representing a branch reference, in the form of `refs/heads/`. + +- `sha` - A string storing the reference's `HEAD` commit's SHA1. + +## Import + +GitHub Branch can be imported using an ID made up of `repository:branch`, e.g. + +```hcl +$ terraform import github_branch.terraform terraform:main +``` + +Importing github branch into an instance object (when using a for each block to manage multiple branches) + +```hcl +$ terraform import github_branch.terraform["terraform"] terraform:main +``` + +Optionally, a source branch may be specified using an ID of `repository:branch:source_branch`. This is useful for importing branches that do not branch directly off main. + +```hcl +$ terraform import github_branch.terraform terraform:feature-branch:dev +``` diff --git a/templates/resources/branch_default.md.tmpl b/templates/resources/branch_default.md.tmpl new file mode 100644 index 0000000000..47d02f0f4f --- /dev/null +++ b/templates/resources/branch_default.md.tmpl @@ -0,0 +1,39 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub branch default for a given repository. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub branch default resource. + +This resource allows you to set the default branch for a given repository. + +Note that use of this resource is incompatible with the `default_branch` option of the `github_repository` resource. Using both will result in plans always showing a diff. + +## Example Usage + +Basic usage: + +{{ tffile "examples/resources/branch_default/example_1.tf" }} + +Renaming to a branch that doesn't exist: + +{{ tffile "examples/resources/branch_default/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `branch` - (Required) The branch (e.g. `main`) +- `rename` - (Optional) Indicate if it should rename the branch rather than use an existing branch. Defaults to `false`. + +## Import + +GitHub Branch Defaults can be imported using an ID made up of `repository`, e.g. + +```hcl +$ terraform import github_branch_default.branch_default my-repo +``` diff --git a/templates/resources/branch_protection.md.tmpl b/templates/resources/branch_protection.md.tmpl new file mode 100644 index 0000000000..9fe011934c --- /dev/null +++ b/templates/resources/branch_protection.md.tmpl @@ -0,0 +1,71 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Protects a GitHub branch. +--- + +# github\_branch\_protection + +Protects a GitHub branch. + +This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured. + +Note: for the `push_allowances` a given user or team must have specific write access to the repository. If specific write access not provided, github will reject the given actor, which will be the cause of terraform drift. + +## Example Usage + +{{ tffile "examples/resources/branch_protection/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository_id` - (Required) The name or node ID of the repository associated with this branch protection rule. +- `pattern` - (Required) Identifies the protection rule pattern. +- `enforce_admins` - (Optional) Boolean, setting this to `true` enforces status checks for repository administrators. +- `require_signed_commits` - (Optional) Boolean, setting this to `true` requires all commits to be signed with GPG. +- `required_linear_history` - (Optional) Boolean, setting this to `true` enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch +- `require_conversation_resolution` - (Optional) Boolean, setting this to `true` requires all conversations on code must be resolved before a pull request can be merged. +- `required_status_checks` - (Optional) Enforce restrictions for required status checks. See [Required Status Checks](#required-status-checks) below for details. +- `required_pull_request_reviews` - (Optional) Enforce restrictions for pull request reviews. See [Required Pull Request Reviews](#required-pull-request-reviews) below for details. +- `restrict_pushes` - (Optional) Restrict pushes to matching branches. See [Restrict Pushes](#restrict-pushes) below for details. +- `force_push_bypassers` - (Optional) The list of actor Names/IDs that are allowed to bypass force push restrictions. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. If the list is not empty, `allows_force_pushes` should be set to `false`. +- `allows_deletions` - (Optional) Boolean, setting this to `true` to allow the branch to be deleted. +- `allows_force_pushes` - (Optional) Boolean, setting this to `true` to allow force pushes on the branch to everyone. Set it to `false` if you specify `force_push_bypassers`. +- `lock_branch` - (Optional) Boolean, Setting this to `true` will make the branch read-only and preventing any pushes to it. Defaults to `false` + +### Required Status Checks + +`required_status_checks` supports the following arguments: + +- `strict`: (Optional) Require branches to be up to date before merging. Defaults to `false`. +- `contexts`: (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default. + +~> Note: This attribute can contain multiple string patterns. If specified, usual value is the [job name](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname). Otherwise, the [job id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname) is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern `([, ])`. Matrixes should be specified based on the order of matrix properties in the workflow file. See [GitHub Documentation](https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#using-a-matrix-strategy) for more information. For workflows that use reusable workflows, the pattern is ` / `. This can extend multiple levels. + +### Required Pull Request Reviews + +`required_pull_request_reviews` supports the following arguments: + +- `dismiss_stale_reviews`: (Optional) Dismiss approved reviews automatically when a new commit is pushed. Defaults to `false`. +- `restrict_dismissals`: (Optional) Restrict pull request review dismissals. +- `dismissal_restrictions`: (Optional) The list of actor Names/IDs with dismissal access. If not empty, `restrict_dismissals` is ignored. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. +- `pull_request_bypassers`: (Optional) The list of actor Names/IDs that are allowed to bypass pull request requirements. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. +- `require_code_owner_reviews`: (Optional) Require an approved review in pull requests including files with a designated code owner. Defaults to `false`. +- `required_approving_review_count`: (Optional) Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream [documentation](https://developer.github.com/v3/repos/branches/#parameters-1) for more information. () for more information. +- `require_last_push_approval`: (Optional) Require that The most recent push must be approved by someone other than the last pusher. Defaults to `false` + +### Restrict Pushes + +`restrict_pushes` supports the following arguments: + +- `blocks_creations` - (Optional) Boolean, setting this to `false` allows people, teams, or apps to create new branches matching this rule. Defaults to `true`. +- `push_allowances` - (Optional) A list of actor Names/IDs that may push to the branch. Actor names must either begin with a "/" for users or the organization name followed by a "/" for teams. Organization administrators, repository administrators, and users with the Maintain role on the repository can always push when all other requirements have passed. + +## Import + +GitHub Branch Protection can be imported using an ID made up of `repository:pattern`, e.g. + +```hcl +$ terraform import github_branch_protection.terraform terraform:main +``` diff --git a/templates/resources/branch_protection_v3.md.tmpl b/templates/resources/branch_protection_v3.md.tmpl new file mode 100644 index 0000000000..ab9f6abd9e --- /dev/null +++ b/templates/resources/branch_protection_v3.md.tmpl @@ -0,0 +1,82 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Protects a GitHub branch using the v3 / REST implementation. The `github_branch_protection` resource has moved to the GraphQL API, while this resource will continue to leverage the REST API +--- + +# {{.Name}} ({{.Type}}) + +Protects a GitHub branch. + +The `github_branch_protection` resource has moved to the GraphQL API, while this resource will continue to leverage the REST API. + +This resource allows you to configure branch protection for repositories in your organization. When applied, the branch will be protected from forced pushes and deletion. Additional constraints, such as required status checks or restrictions on users, teams, and apps, can also be configured. + +## Example Usage + +{{ tffile "examples/resources/branch_protection_v3/example_1.tf" }} + +{{ tffile "examples/resources/branch_protection_v3/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name. +- `branch` - (Required) The Git branch to protect. +- `enforce_admins` - (Optional) Boolean, setting this to `true` enforces status checks for repository administrators. +- `require_signed_commits` - (Optional) Boolean, setting this to `true` requires all commits to be signed with GPG. +- `require_conversation_resolution` - (Optional) Boolean, setting this to `true` requires all conversations on code must be resolved before a pull request can be merged. +- `required_status_checks` - (Optional) Enforce restrictions for required status checks. See [Required Status Checks](#required-status-checks) below for details. +- `required_pull_request_reviews` - (Optional) Enforce restrictions for pull request reviews. See [Required Pull Request Reviews](#required-pull-request-reviews) below for details. +- `restrictions` - (Optional) Enforce restrictions for the users and teams that may push to the branch. See [Restrictions](#restrictions) below for details. + +### Required Status Checks + +`required_status_checks` supports the following arguments: + +- `strict`: (Optional) Require branches to be up to date before merging. Defaults to `false`. +- `contexts`: (**DEPRECATED**) (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default. + +~> Note: This attribute can contain multiple string patterns. If specified, usual value is the [job name](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname). Otherwise, the [job id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idname) is defaulted to. For workflows that use matrixes, append the matrix name to the value using the following pattern `([, ])`. Matrixes should be specified based on the order of matrix properties in the workflow file. See [GitHub Documentation](https://docs.github.com/en/actions/using-jobs/using-a-matrix-for-your-jobs#using-a-matrix-strategy) for more information. For workflows that use reusable workflows, the pattern is ` / `. This can extend multiple levels. + +- `checks`: (Optional) The list of status checks to require in order to merge into this branch. No status checks are required by default. Checks should be strings containing the context and app_id like so "context:app_id". + +### Required Pull Request Reviews + +`required_pull_request_reviews` supports the following arguments: + +- `dismiss_stale_reviews`: (Optional) Dismiss approved reviews automatically when a new commit is pushed. Defaults to `false`. +- `dismissal_users`: (Optional) The list of user logins with dismissal access +- `dismissal_teams`: (Optional) The list of team slugs with dismissal access. Always use `slug` of the team, **not*- its name. Each team already **has*- to have access to the repository. +- `dismissal_apps`: (Optional) The list of app slugs with dismissal access. +- `require_code_owner_reviews`: (Optional) Require an approved review in pull requests including files with a designated code owner. Defaults to `false`. +- `required_approving_review_count`: (Optional) Require x number of approvals to satisfy branch protection requirements. If this is specified it must be a number between 0-6. This requirement matches GitHub's API, see the upstream [documentation](https://developer.github.com/v3/repos/branches/#parameters-1) for more information. +- `bypass_pull_request_allowances`: (Optional) Allow specific users, teams, or apps to bypass pull request requirements. See [Bypass Pull Request Allowances](#bypass-pull-request-allowances) below for details. +- `require_last_push_approval`: (Optional) Require that the most recent push must be approved by someone other than the last pusher. Defaults to `false` + +### Restrictions + +`restrictions` supports the following arguments: + +- `users`: (Optional) The list of user logins with push access. +- `teams`: (Optional) The list of team slugs with push access. Always use `slug` of the team, **not*- its name. Each team already **has*- to have access to the repository. +- `apps`: (Optional) The list of app slugs with push access. + +`restrictions` is only available for organization-owned repositories. + +### Bypass Pull Request Allowances + +`bypass_pull_request_allowances` supports the following arguments: + +- `users`: (Optional) The list of user logins allowed to bypass pull request requirements. +- `teams`: (Optional) The list of team slugs allowed to bypass pull request requirements. +- `apps`: (Optional) The list of app slugs allowed to bypass pull request requirements. + +## Import + +GitHub Branch Protection can be imported using an ID made up of `repository:branch`, e.g. + +```hcl +$ terraform import github_branch_protection_v3.terraform terraform:main +``` diff --git a/templates/resources/codespaces_organization_secret.md.tmpl b/templates/resources/codespaces_organization_secret.md.tmpl new file mode 100644 index 0000000000..d36acd2a94 --- /dev/null +++ b/templates/resources/codespaces_organization_secret.md.tmpl @@ -0,0 +1,44 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Codespaces Secret within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Codespaces secrets within your GitHub organization. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/codespaces_organization_secret/example_1.tf" }} + +{{ tffile "examples/resources/codespaces_organization_secret/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted +- `visibility` - (Required) Configures the access that repositories have to the organization secret. Must be one of `all`, `private`, `selected`. `selected_repository_ids` is required if set to `selected`. +- `selected_repository_ids` - (Optional) An array of repository ids that can access the organization secret. + +## Attributes Reference + +- `created_at` - Date of codespaces_secret creation. +- `updated_at` - Date of codespaces_secret update. + +## Import + +This resource can be imported using an ID made up of the secret name: + +```hcl +terraform import github_codespaces_organization_secret.test_secret test_secret_name +``` + +NOTE: the implementation is limited in that it won't fetch the value of the `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround. diff --git a/templates/resources/codespaces_organization_secret_repositories.md.tmpl b/templates/resources/codespaces_organization_secret_repositories.md.tmpl new file mode 100644 index 0000000000..e6ab50e31b --- /dev/null +++ b/templates/resources/codespaces_organization_secret_repositories.md.tmpl @@ -0,0 +1,32 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages repository allow list for a Codespaces Secret within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage repository allow list for existing GitHub Codespaces secrets within your GitHub organization. + +You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/codespaces_organization_secret_repositories/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the existing secret +- `selected_repository_ids` - (Required) An array of repository ids that can access the organization secret. + +## Import + +This resource can be imported using an ID made up of the secret name: + +```hcl +$ terraform import github_codespaces_organization_secret_repositories.org_secret_repos existing_secret_name +``` diff --git a/templates/resources/codespaces_secret.md.tmpl b/templates/resources/codespaces_secret.md.tmpl new file mode 100644 index 0000000000..958fda1c10 --- /dev/null +++ b/templates/resources/codespaces_secret.md.tmpl @@ -0,0 +1,41 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Codespaces Secret within a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Codespaces secrets within your GitHub repositories. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/codespaces_secret/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository +- `secret_name` - (Required) Name of the secret +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted + +## Attributes Reference + +- `created_at` - Date of codespaces_secret creation. +- `updated_at` - Date of codespaces_secret update. + +## Import + +This resource can be imported using an ID made up of the `repository` and `secret_name`: + +```hcl +$ terraform import github_codespaces_secret.example_secret example_repository/example_secret_name +``` + +NOTE: the implementation is limited in that it won't fetch the value of the `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround. diff --git a/templates/resources/codespaces_user_secret.md.tmpl b/templates/resources/codespaces_user_secret.md.tmpl new file mode 100644 index 0000000000..c29c019709 --- /dev/null +++ b/templates/resources/codespaces_user_secret.md.tmpl @@ -0,0 +1,41 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Codespaces Secret within a GitHub user +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Codespaces secrets within your GitHub user. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/codespaces_user_secret/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted +- `selected_repository_ids` - (Optional) An array of repository ids that can access the user secret. + +## Attributes Reference + +- `created_at` - Date of codespaces_secret creation. +- `updated_at` - Date of codespaces_secret update. + +## Import + +This resource can be imported using an ID made up of the secret name: + +```hcl +terraform import github_codespaces_user_secret.test_secret test_secret_name +``` + +NOTE: the implementation is limited in that it won't fetch the value of the `plaintext_value` or `encrypted_value` fields when importing. You may need to ignore changes for these as a workaround. diff --git a/templates/resources/dependabot_organization_secret.md.tmpl b/templates/resources/dependabot_organization_secret.md.tmpl new file mode 100644 index 0000000000..db6a0d1d6a --- /dev/null +++ b/templates/resources/dependabot_organization_secret.md.tmpl @@ -0,0 +1,62 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Dependabot Secret within a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Dependabot secrets within your GitHub organization. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/dependabot_organization_secret/example_1.tf" }} + +{{ tffile "examples/resources/dependabot_organization_secret/example_2.tf" }} + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +{{ tffile "examples/resources/dependabot_organization_secret/example_3.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. +- `visibility` - (Required) Configures the access that repositories have to the organization secret; must be one of `all`, `private`, or `selected`. +- `selected_repository_ids` - (Optional) An array of repository IDs that can access the organization variable; this requires `visibility` to be set to `selected`. + +## Attributes Reference + +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using the secret name as the ID. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret` resource named `example`. + +{{ tffile "examples/resources/dependabot_organization_secret/example_4.tf" }} + +### Import Command + +The following command imports a GitHub Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret` resource named `example`. + +```shell +terraform import github_dependabot_organization_secret.example mysecret +``` diff --git a/templates/resources/dependabot_organization_secret_repositories.md.tmpl b/templates/resources/dependabot_organization_secret_repositories.md.tmpl new file mode 100644 index 0000000000..c6eb817d06 --- /dev/null +++ b/templates/resources/dependabot_organization_secret_repositories.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages repository allow list for an Dependabot Secret within a GitHub organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage the repositories allowed to access a Dependabot secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/dependabot_organization_secret_repositories/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the Dependabot organization secret. +- `selected_repository_ids` - (Required) List of IDs for the repositories that should be able to access the secret. + +## Import + +This resource can be imported using the secret name as the ID. + +### Import Block + +The following import block imports the repositories able to access the Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret_repositories` resource named `example`. + +{{ tffile "examples/resources/dependabot_organization_secret_repositories/example_2.tf" }} + +### Import Command + +The following command imports the repositories able to access the Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret_repositories` resource named `example`. + +```shell +terraform import github_dependabot_organization_secret_repositories.example mysecret +``` diff --git a/templates/resources/dependabot_organization_secret_repository.md.tmpl b/templates/resources/dependabot_organization_secret_repository.md.tmpl new file mode 100644 index 0000000000..414be898fd --- /dev/null +++ b/templates/resources/dependabot_organization_secret_repository.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Add access for a repository to a Dependabot Secret within a GitHub organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource adds permission for a repository to use a Dependabot secret within your GitHub organization. You must have write access to an organization secret to use this resource. + +This resource is only applicable when `visibility` of the existing organization secret has been set to `selected`. + +## Example Usage + +{{ tffile "examples/resources/dependabot_organization_secret_repository/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `secret_name` - (Required) Name of the Dependabot organization secret. +- `repository_id` - (Required) ID of the repository that should be able to access the secret. + +## Import + +This resource can be imported using an ID made of the secret name and repository name separated by a `:`. + +### Import Block + +The following import block imports the access of repository ID `123456` for the Dependabot organization secret named `mysecret` to a `github_dependabot_organization_secret_repository` resource named `example`. + +{{ tffile "examples/resources/dependabot_organization_secret_repository/example_2.tf" }} + +### Import Command + +The following command imports the access of repository ID `123456` for the Dependabot organization secret named `mysecret` to a `v` resource named `example`. + +```shell +terraform import github_dependabot_organization_secret_repository.example mysecret:123456 +``` diff --git a/templates/resources/dependabot_secret.md.tmpl b/templates/resources/dependabot_secret.md.tmpl new file mode 100644 index 0000000000..853cba84e2 --- /dev/null +++ b/templates/resources/dependabot_secret.md.tmpl @@ -0,0 +1,62 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Dependabot Secret within a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Dependabot secrets within your GitHub repositories. You must have write access to a repository to use this resource. + +Secret values are encrypted using the [Go '/crypto/box' module](https://godoc.org/golang.org/x/crypto/nacl/box) which is interoperable with [libsodium](https://libsodium.gitbook.io/doc/). Libsodium is used by GitHub to decrypt secret values. + +For the purposes of security, the contents of the `plaintext_value` field have been marked as `sensitive` to Terraform, but it is important to note that **this does not hide it from state files**. You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the `encrypted_value` using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction. + +## Example Usage + +{{ tffile "examples/resources/dependabot_secret/example_1.tf" }} + +## Example Lifecycle Ignore Changes + +This resource supports using the `lifecycle` `ignore_changes` block on `remote_updated_at` to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file. + +{{ tffile "examples/resources/dependabot_secret/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) Name of the repository. +- `secret_name` - (Required) Name of the secret. +- `key_id` - (Optional) ID of the public key used to encrypt the secret. This should be provided when setting `encrypted_value`; if it isn't then the current public key will be looked up, which could cause a missmatch. This conflicts with `plaintext_value`. +- `encrypted_value` - (Optional) Encrypted value of the secret using the GitHub public key in Base64 format. +- `plaintext_value` - (Optional) Plaintext value of the secret to be encrypted. + +~> **Note**: One of either `encrypted_value` or `plaintext_value` must be specified. + +## Attributes Reference + +- `repository_id` - ID of the repository. +- `created_at` - Date the secret was created. +- `updated_at` - Date the secret was last updated by the provider. +- `remote_updated_at` - Date the secret was last updated in GitHub. + +## Import + +This resource can be imported using an ID made of the repository name, and secret name separated by a `:`. + +~> **Note**: When importing secrets, the `plaintext_value` or `encrypted_value` fields will not be populated in the state. You may need to ignore changes for these as a workaround if you're not planning on updating the secret through Terraform. + +### Import Block + +The following import imports a GitHub Dependabot secret named `mysecret` for the repo `myrepo` to a `github_dependabot_secret` resource named `example`. + +{{ tffile "examples/resources/dependabot_secret/example_3.tf" }} + +### Import Command + +The following command imports a GitHub Dependabot secret named `mysecret` for the repo `myrepo` to a `github_dependabot_secret` resource named `example`. + +```shell +terraform import github_dependabot_secret.example myrepo:mysecret +``` diff --git a/templates/resources/emu_group_mapping.md.tmpl b/templates/resources/emu_group_mapping.md.tmpl new file mode 100644 index 0000000000..1e09b678ed --- /dev/null +++ b/templates/resources/emu_group_mapping.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages mappings between external groups for enterprise managed users. +--- + +# {{.Name}} ({{.Type}}) + +This resource manages mappings between external groups for enterprise managed users and GitHub teams. It wraps the [Teams#ExternalGroups API](https://docs.github.com/en/rest/reference/teams#external-groups). Note that this is a distinct resource from `github_team_sync_group_mapping`. `github_emu_group_mapping` is special to the Enterprise Managed User (EMU) external group feature, whereas `github_team_sync_group_mapping` is specific to Identity Provider Groups. + +## Example Usage + +{{ tffile "examples/resources/emu_group_mapping/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) Slug of the GitHub team +- `group_id` - (Required) Integer corresponding to the external group ID to be linked + +## Import + +GitHub EMU External Group Mappings can be imported using the external `group_id` and `team_slug` separated by a colon, e.g. + +```sh +terraform import github_emu_group_mapping.example_emu_group_mapping 28836:emu-test-team +``` diff --git a/templates/resources/enterprise_actions_permissions.md.tmpl b/templates/resources/enterprise_actions_permissions.md.tmpl new file mode 100644 index 0000000000..142f48fd1e --- /dev/null +++ b/templates/resources/enterprise_actions_permissions.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages Actions permissions within a GitHub enterprise +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions permissions within your GitHub enterprise. You must have admin access to an enterprise to use this resource. + +## Example Usage + +{{ tffile "examples/resources/enterprise_actions_permissions/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `"my-enterprise"` - (Required) The slug of the enterprise. +- `allowed_actions` - (Optional) The permissions policy that controls the actions that are allowed to run. Can be one of: `all`, `local_only`, or `selected`. +- `enabled_organizations` - (Required) The policy that controls the organizations in the enterprise that are allowed to run GitHub Actions. Can be one of: `all`, `none`, or `selected`. +- `allowed_actions_config` - (Optional) Sets the actions that are allowed in an enterprise. Only available when `allowed_actions` = `selected`. See [Allowed Actions Config](#allowed-actions-config) below for details. +- `enabled_organizations_config` - (Optional) Sets the list of selected organizations that are enabled for GitHub Actions in an enterprise. Only available when `enabled_organizations` = `selected`. See [Enabled Organizations Config](#enabled-organizations-config) below for details. + +### Allowed Actions Config + +The `allowed_actions_config` block supports the following: + +- `github_owned_allowed` - (Required) Whether GitHub-owned actions are allowed in the organization. +- `patterns_allowed` - (Optional) Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, monalisa/octocat@*, monalisa/octocat@v2, monalisa/*." +- `verified_allowed` - (Optional) Whether actions in GitHub Marketplace from verified creators are allowed. Set to true to allow all GitHub Marketplace actions by verified creators. + +### Enabled Organizations Config + +The `enabled_organizations_config` block supports the following: + +- `organization_ids` - (Required) List of organization IDs to enable for GitHub Actions. + +## Import + +This resource can be imported using the name of the GitHub enterprise: + +```hcl +$ terraform import github_enterprise_actions_permissions.test github_enterprise_name +``` diff --git a/templates/resources/enterprise_actions_runner_group.md.tmpl b/templates/resources/enterprise_actions_runner_group.md.tmpl new file mode 100644 index 0000000000..fbaec84d7b --- /dev/null +++ b/templates/resources/enterprise_actions_runner_group.md.tmpl @@ -0,0 +1,43 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages an Actions Runner Group within a GitHub enterprise. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage GitHub Actions runner groups within your GitHub enterprise. You must have admin access to an enterprise to use this resource. + +## Example Usage + +{{ tffile "examples/resources/enterprise_actions_runner_group/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `enterprise_slug` - (Required) The slug of the enterprise. +- `name` - (Required) Name of the runner group +- `visibility` - (Required) Visibility of a runner group to enterprise organizations. Whether the runner group can include `all` or `selected` +- `selected_organization_ids` - (Optional) IDs of the organizations which should be added to the runner group +- `allows_public_repositories` - (Optional) Whether public repositories can be added to the runner group. Defaults to false. +- `restricted_to_workflows` - (Optional) If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false. +- `selected_workflows` - (Optional) List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the runner group +- `default` - Whether this is the default runner group +- `etag` - An etag representing the runner group object +- `runners_url` - The GitHub API URL for the runner group's runners +- `selected_organizations_url` - The GitHub API URL for the runner group's selected organizations + +## Import + +This resource can be imported using the enterprise slug and the ID of the runner group: + +```hcl +$ terraform import github_enterprise_actions_runner_group.test enterprise-slug/42 +``` diff --git a/templates/resources/enterprise_actions_workflow_permissions.md.tmpl b/templates/resources/enterprise_actions_workflow_permissions.md.tmpl new file mode 100644 index 0000000000..7082ea9040 --- /dev/null +++ b/templates/resources/enterprise_actions_workflow_permissions.md.tmpl @@ -0,0 +1,48 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages GitHub Actions workflow permissions for a GitHub Enterprise. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage GitHub Actions workflow permissions for a GitHub Enterprise account. This controls the default permissions granted to the GITHUB_TOKEN when running workflows and whether GitHub Actions can approve pull request reviews. + +You must have enterprise admin access to use this resource. + +## Example Usage + +{{ tffile "examples/resources/enterprise_actions_workflow_permissions/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `enterprise_slug` - (Required) The slug of the enterprise. + +- `default_workflow_permissions` - (Optional) The default workflow permissions granted to the GITHUB_TOKEN when running workflows. Can be `read` or `write`. Defaults to `read`. + +- `can_approve_pull_request_reviews` - (Optional) Whether GitHub Actions can approve pull request reviews. Defaults to `false`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `id` - The enterprise slug. + +## Import + +Enterprise Actions workflow permissions can be imported using the enterprise slug: + +```hcl +terraform import github_enterprise_actions_workflow_permissions.example my-enterprise +``` + +## Notes + +~> **Note:*- This resource requires a GitHub Enterprise account and enterprise admin permissions. + +When this resource is destroyed, the workflow permissions will be reset to safe defaults: + +- `default_workflow_permissions` = `read` +- `can_approve_pull_request_reviews` = `false` diff --git a/templates/resources/enterprise_organization.md.tmpl b/templates/resources/enterprise_organization.md.tmpl new file mode 100644 index 0000000000..44fb1c76d8 --- /dev/null +++ b/templates/resources/enterprise_organization.md.tmpl @@ -0,0 +1,48 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Create and manages a GitHub enterprise organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage a GitHub enterprise organization. + +## Example Usage + +```hcl +resource "github_enterprise_organization" "org" { + enterprise_id = data.github_enterprise.enterprise.id + name = "some-awesome-org" + display_name = "Some Awesome Org" + description = "Organization created with terraform" + billing_email = "jon@winteriscoming.com" + admin_logins = [ + "jon-snow" + ] +} +``` + +## Argument Reference + +- `enterprise_id` - (Required) The ID of the enterprise. +- `name` - (Required) The name of the organization. +- `description` - (Optional) The description of the organization. +- `display_name` - (Optional) The display name of the organization. +- `billing_email` - (Required) The billing email address. +- `admin_logins` - (Required) List of organization owner usernames. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The node ID of the organization for use with the v4 API. +- `database_id` - The ID of the organization. + +## Import + +GitHub Enterprise Organization can be imported using the `slug` of the enterprise, combined with the `orgname` of the organization, separated by a `/` character. + +```hcl +$ terraform import github_enterprise_organization.org enterp/some-awesome-org +``` diff --git a/templates/resources/enterprise_security_analysis_settings.md.tmpl b/templates/resources/enterprise_security_analysis_settings.md.tmpl new file mode 100644 index 0000000000..4136798879 --- /dev/null +++ b/templates/resources/enterprise_security_analysis_settings.md.tmpl @@ -0,0 +1,64 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages GitHub Enterprise security analysis settings. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage code security and analysis settings for a GitHub Enterprise account. This controls Advanced Security, Secret Scanning, and related security features that are automatically enabled for new repositories in the enterprise. + +You must have enterprise admin access to use this resource. + +## Example Usage + +{{ tffile "examples/resources/enterprise_security_analysis_settings/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `enterprise_slug` - (Required) The slug of the enterprise. + +- `advanced_security_enabled_for_new_repositories` - (Optional) Whether GitHub Advanced Security is automatically enabled for new repositories. Defaults to `false`. Requires Advanced Security license. + +- `secret_scanning_enabled_for_new_repositories` - (Optional) Whether secret scanning is automatically enabled for new repositories. Defaults to `false`. + +- `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether secret scanning push protection is automatically enabled for new repositories. Defaults to `false`. + +- `secret_scanning_push_protection_custom_link` - (Optional) Custom URL for secret scanning push protection bypass instructions. + +- `secret_scanning_validity_checks_enabled` - (Optional) Whether secret scanning validity checks are enabled. Defaults to `false`. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `id` - The enterprise slug. + +## Import + +Enterprise security analysis settings can be imported using the enterprise slug: + +```hcl +terraform import github_enterprise_security_analysis_settings.example my-enterprise +``` + +## Notes + +~> **Note:*- This resource requires a GitHub Enterprise account and enterprise admin permissions. + +~> **Note:*- Advanced Security features require a GitHub Advanced Security license. + +When this resource is destroyed, all security analysis settings will be reset to disabled defaults for security reasons. + +## Dependencies + +This resource manages the following security features: + +- **Advanced Security**: Code scanning, secret scanning, and dependency review +- **Secret Scanning**: Automatic detection of secrets in code +- **Push Protection**: Prevents secrets from being committed to repositories +- **Validity Checks**: Verifies that detected secrets are actually valid + +These settings only apply to **new repositories*- created after the settings are enabled. Existing repositories are not affected and must be configured individually. diff --git a/templates/resources/issue.md.tmpl b/templates/resources/issue.md.tmpl new file mode 100644 index 0000000000..fa085d4e8c --- /dev/null +++ b/templates/resources/issue.md.tmpl @@ -0,0 +1,49 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub issue resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub issue resource. + +This resource allows you to create and manage issue within your GitHub repository. + +## Example Usage + +{{ tffile "examples/resources/issue/example_1.tf" }} + +## Example Usage with milestone and project assignment + +{{ tffile "examples/resources/issue/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository name + +- `title` - (Required) Title of the issue + +- `body` - (Optional) Body of the issue + +- `labels` - (Optional) List of labels to attach to the issue + +- `assignees` - (Optional) List of Logins to assign the to the issue + +- `milestone_number` - (Optional) Milestone number to assign to the issue + +## Attributes Reference + +- `number` - (Computed) - The issue number + +- `issue_id` - (Computed) - The issue id + +## Import + +GitHub Issues can be imported using an ID made up of `repository:number`, e.g. + +```hcl +$ terraform import github_issue.issue_15 myrepo:15 +``` diff --git a/templates/resources/issue_label.md.tmpl b/templates/resources/issue_label.md.tmpl new file mode 100644 index 0000000000..3c1813f5a6 --- /dev/null +++ b/templates/resources/issue_label.md.tmpl @@ -0,0 +1,43 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub issue label resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub issue label resource. + +This resource allows you to create and manage issue labels within your GitHub organization. + +Issue labels are keyed off of their "name", so pre-existing issue labels result in a 422 HTTP error if they exist outside of Terraform. Normally this would not be an issue, except new repositories are created with a "default" set of labels, and those labels easily conflict with custom ones. + +This resource will first check if the label exists, and then issue an update, otherwise it will create. + +~> **Note:*- When a repository is archived, Terraform will skip deletion of issue labels to avoid API errors, as archived repositories are read-only. The labels will be removed from Terraform state without attempting to delete them from GitHub. + +## Example Usage + +{{ tffile "examples/resources/issue_label/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository + +- `name` - (Required) The name of the label. + +- `color` - (Required) A 6 character hex code, **without the leading #**, identifying the color of the label. + +- `description` - (Optional) A short description of the label. + +- `url` - (Computed) The URL to the issue label + +## Import + +GitHub Issue Labels can be imported using an ID made up of `repository:name`, e.g. + +```hcl +$ terraform import github_issue_label.panic_label terraform:panic +``` diff --git a/templates/resources/issue_labels.md.tmpl b/templates/resources/issue_labels.md.tmpl new file mode 100644 index 0000000000..3ab8d8558b --- /dev/null +++ b/templates/resources/issue_labels.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides GitHub issue labels resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides GitHub issue labels resource. + +This resource allows you to create and manage issue labels within your GitHub organization. + +~> Note: github_issue_labels cannot be used in conjunction with github_issue_label or they will fight over what your policy should be. + +This resource is authoritative. For adding a label to a repo in a non-authoritative manner, use github_issue_label instead. + +If you change the case of a label's name, its' color, or description, this resource will edit the existing label to match the new values. However, if you change the name of a label, this resource will create a new label with the new name and delete the old label. Beware that this will remove the label from any issues it was previously attached to. + +~> **Note:*- When a repository is archived, Terraform will skip deletion of issue labels to avoid API errors, as archived repositories are read-only. The labels will be removed from Terraform state without attempting to delete them from GitHub. + +## Example Usage + +{{ tffile "examples/resources/issue_labels/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository + +- `name` - (Required) The name of the label. + +- `color` - (Required) A 6 character hex code, **without the leading #**, identifying the color of the label. + +- `description` - (Optional) A short description of the label. + +- `url` - (Computed) The URL to the issue label + +## Import + +GitHub Issue Labels can be imported using the repository `name`, e.g. + +```hcl +$ terraform import github_issue_labels.test_repo test_repo +``` diff --git a/templates/resources/membership.md.tmpl b/templates/resources/membership.md.tmpl new file mode 100644 index 0000000000..e3bff578b4 --- /dev/null +++ b/templates/resources/membership.md.tmpl @@ -0,0 +1,31 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub membership resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub membership resource. + +This resource allows you to add/remove users from your organization. When applied, an invitation will be sent to the user to become part of the organization. When destroyed, either the invitation will be cancelled or the user will be removed. + +## Example Usage + +{{ tffile "examples/resources/membership/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `username` - (Required) The user to add to the organization. +- `role` - (Optional) The role of the user within the organization. Must be one of `member` or `admin`. Defaults to `member`. `admin` role represents the `owner` role available via GitHub UI. +- `downgrade_on_destroy` - (Optional) Defaults to `false`. If set to true, when this resource is destroyed, the member will not be removed from the organization. Instead, the member's role will be downgraded to 'member'. + +## Import + +GitHub Membership can be imported using an ID made up of `organization:username`, e.g. + +```hcl +$ terraform import github_membership.member hashicorp:someuser +``` diff --git a/templates/resources/organization_block.md.tmpl b/templates/resources/organization_block.md.tmpl new file mode 100644 index 0000000000..da415671ab --- /dev/null +++ b/templates/resources/organization_block.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages blocks for GitHub organizations +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage blocks for GitHub organizations. + +## Example Usage + +{{ tffile "examples/resources/organization_block/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `username` - (Required) The name of the user to block. + +## Import + +GitHub organization block can be imported using a username, e.g. + +```hcl +$ terraform import github_github_organization_block.example someuser +``` diff --git a/templates/resources/organization_custom_properties.md.tmpl b/templates/resources/organization_custom_properties.md.tmpl new file mode 100644 index 0000000000..a65ecca029 --- /dev/null +++ b/templates/resources/organization_custom_properties.md.tmpl @@ -0,0 +1,61 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages custom properties for a GitHub organization +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage custom properties for a GitHub organization. + +Custom properties enable you to add metadata to repositories within your organization. You can use custom properties to add context about repositories, such as who owns them, when they expire, or compliance requirements. + +## Example Usage + +{{ tffile "examples/resources/organization_custom_properties/example_1.tf" }} + +## Example Usage - Allow Repository Actors to Edit + +This example shows how to allow repository administrators to edit the property values: + +{{ tffile "examples/resources/organization_custom_properties/example_2.tf" }} + +## Example Usage - Text Property + +{{ tffile "examples/resources/organization_custom_properties/example_3.tf" }} + +## Example Usage - Boolean Property + +{{ tffile "examples/resources/organization_custom_properties/example_4.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `property_name` - (Required) The name of the custom property. + +- `value_type` - (Optional) The type of the custom property. Can be one of `string`, `single_select`, `multi_select`, or `true_false`. Defaults to `string`. + +- `required` - (Optional) Whether the custom property is required. Defaults to `false`. + +- `description` - (Optional) The description of the custom property. + +- `default_value` - (Optional) The default value of the custom property. + +- `allowed_values` - (Optional) List of allowed values for the custom property. Only applicable when `value_type` is `single_select` or `multi_select`. + +- `values_editable_by` - (Optional) Who can edit the values of the custom property. Can be one of `org_actors` or `org_and_repo_actors`. When set to `org_actors` (the default), only organization owners can edit the property values on repositories. When set to `org_and_repo_actors`, both organization owners and repository administrators with the custom properties permission can edit the values. + +## Attributes Reference + +In addition to all arguments above, the following attributes are exported: + +- `property_name` - The name of the custom property. + +## Import + +Organization custom properties can be imported using the property name: + +```hcl +terraform import github_organization_custom_properties.environment environment +``` diff --git a/templates/resources/organization_custom_role.md.tmpl b/templates/resources/organization_custom_role.md.tmpl new file mode 100644 index 0000000000..4d2077e2cc --- /dev/null +++ b/templates/resources/organization_custom_role.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages a custom role in a GitHub Organization for use in repositories. +--- + +# github\_organization\_custom\_role + +~> **Note:*- This resource is deprecated, please use the `github_organization_repository_role` resource instead. + +This resource allows you to create and manage custom roles in a GitHub Organization for use in repositories. + +~> Note: Custom roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +{{ tffile "examples/resources/organization_custom_role/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the custom role. +- `description` - (Optional) The description for the custom role. +- `base_role` - (Required) The system role from which the role inherits permissions. Can be one of: `read`, `triage`, `write`, or `maintain`. +- `permissions` - (Required) A list of additional permissions included in this role. Must have a minimum of 1 additional permission. The list of available permissions can be found using the [list repository fine-grained permissions for an organization](https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/custom-roles?apiVersion=2022-11-28#list-repository-fine-grained-permissions-for-an-organization) API. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the custom role. + +## Import + +Custom roles can be imported using the `id` of the role. The `id` of the custom role can be found using the [list custom roles in an organization](https://docs.github.com/en/enterprise-cloud@latest/rest/orgs/custom-roles#list-custom-repository-roles-in-an-organization) API. + +```hcl +$ terraform import github_organization_custom_role.example 1234 +``` diff --git a/templates/resources/organization_project.md.tmpl b/templates/resources/organization_project.md.tmpl new file mode 100644 index 0000000000..3d5dedb210 --- /dev/null +++ b/templates/resources/organization_project.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages projects for GitHub organizations +--- + +# {{.Name}} ({{.Type}}) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage projects for GitHub organization. + +## Example Usage + +{{ tffile "examples/resources/organization_project/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the project. + +- `body` - (Optional) The body of the project. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the project diff --git a/templates/resources/organization_repository_role.md.tmpl b/templates/resources/organization_repository_role.md.tmpl new file mode 100644 index 0000000000..79b7c84e92 --- /dev/null +++ b/templates/resources/organization_repository_role.md.tmpl @@ -0,0 +1,39 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manage a custom organization repository role. +--- + +# {{.Name}} ({{.Type}}) + +Manage a custom organization repository role. + +~> **Note**: Custom organization repository roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +{{ tffile "examples/resources/organization_repository_role/example_1.tf" }} + +## Schema + +### Required + +- `name` (String) The name of the organization repository role. +- `base_role` (String) The system role from which this role inherits permissions. +- `permissions` (Set of String, Min: 1) The permissions included in this role. + +### Optional + +- `description` (String) The description of the organization repository role. + +### Read-Only + +- `role_id` (Number) The ID of the organization repository role. + +## Import + +A custom organization repository role can be imported using its ID. + +```shell +terraform import github_organization_repository_role.example 1234 +``` diff --git a/templates/resources/organization_role.md.tmpl b/templates/resources/organization_role.md.tmpl new file mode 100644 index 0000000000..7e7d4c126d --- /dev/null +++ b/templates/resources/organization_role.md.tmpl @@ -0,0 +1,39 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manage a custom organization role. +--- + +# {{.Name}} ({{.Type}}) + +Manage a custom organization role. + +~> **Note**: Custom organization roles are currently only available in GitHub Enterprise Cloud. + +## Example Usage + +{{ tffile "examples/resources/organization_role/example_1.tf" }} + +## Schema + +### Required + +- `name` (String) The name of the organization role. +- `permissions` (Set of String) The permissions included in this role. Only organization permissions can be set if the `base_role` isn't set or is set to `none`. + +### Optional + +- `description` (String) The description of the organization role. +- `base_role` (String) The system role from which this role inherits permissions; one of `none`, `read`, `triage`, `write`, `maintain`, or `admin`. Defaults to `none`. + +### Read-Only + +- `role_id` (Number) The ID of the organization role. + +## Import + +A custom organization role can be imported using its ID. + +```shell +terraform import github_organization_role.example 1234 +``` diff --git a/templates/resources/organization_role_team.md.tmpl b/templates/resources/organization_role_team.md.tmpl new file mode 100644 index 0000000000..d82da57142 --- /dev/null +++ b/templates/resources/organization_role_team.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manage an association between an organization role and a team. +--- + +# {{.Name}} ({{.Type}}) + +Manage an association between an organization role and a team. + +## Example Usage + +{{ tffile "examples/resources/organization_role_team/example_1.tf" }} + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. +- `team_slug` (String) The slug of the team name. + +## Import + +An organization role team association can be imported using the role ID and the team slug separated by a `:`. + +```shell +terraform import github_organization_role_team.example "1234:example-team" +``` diff --git a/templates/resources/organization_role_team_assignment.md.tmpl b/templates/resources/organization_role_team_assignment.md.tmpl new file mode 100644 index 0000000000..35069dc326 --- /dev/null +++ b/templates/resources/organization_role_team_assignment.md.tmpl @@ -0,0 +1,34 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages the associations between teams and organization roles. +--- + +# {{.Name}} ({{.Type}}) + +~> **Note:*- This resource is deprecated, please use the `github_organization_role_team` resource instead. + +This resource manages relationships between teams and organization roles in your GitHub organization. This works on predefined roles, and custom roles, where the latter is an Enterprise feature. + +Creating this resource assigns the role to a team. + +The organization role and team must both belong to the same organization on GitHub. + +## Example Usage + +{{ tffile "examples/resources/organization_role_team_assignment/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) The GitHub team slug +- `role_id` - (Required) The GitHub organization role id + +## Import + +GitHub Team Organization Role Assignment can be imported using an ID made up of `team_slug:role_id` + +```hcl +$ terraform import github_organization_role_team_assignment.role_assignment test-team:8132 +``` diff --git a/templates/resources/organization_role_user.md.tmpl b/templates/resources/organization_role_user.md.tmpl new file mode 100644 index 0000000000..f8685b83e9 --- /dev/null +++ b/templates/resources/organization_role_user.md.tmpl @@ -0,0 +1,28 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manage an association between an organization role and a user. +--- + +# {{.Name}} ({{.Type}}) + +Manage an association between an organization role and a user. + +## Example Usage + +{{ tffile "examples/resources/organization_role_user/example_1.tf" }} + +## Schema + +### Required + +- `role_id` (Number) The ID of the organization role. +- `login` (String) The login for the GitHub user account. + +## Import + +An organization role user association can be imported using the role ID and the user login separated by a `:`. + +```shell +terraform import github_organization_role_team.example "1234:example-user" +``` diff --git a/templates/resources/organization_ruleset.md.tmpl b/templates/resources/organization_ruleset.md.tmpl new file mode 100644 index 0000000000..342acdcfe6 --- /dev/null +++ b/templates/resources/organization_ruleset.md.tmpl @@ -0,0 +1,274 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates a GitHub organization ruleset. +--- + +# {{.Name}} ({{.Type}}) + +Creates a GitHub organization ruleset. + +This resource allows you to create and manage rulesets on the organization level. When applied, a new ruleset will be created. When destroyed, that ruleset will be removed. + +## Example Usage + +{{ tffile "examples/resources/organization_ruleset/example_1.tf" }} + +## Argument Reference + +- `enforcement` - (Required) (String) Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`. + +- `name` - (Required) (String) The name of the ruleset. + +- `rules` - (Required) (Block List, Min: 1, Max: 1) Rules within the ruleset. (see [below for nested schema](#rules)) + +- `target` - (Required) (String) Possible values are `branch`, `tag` and `push`. + +- `bypass_actors` - (Optional) (Block List) The actors that can bypass the rules in this ruleset. (see [below for nested schema](#bypass_actors)) + +- `conditions` - (Optional) (Block List, Max: 1) Parameters for an organization ruleset condition. For `branch` and `tag` targets, `ref_name` is required alongside one of `repository_name` or `repository_id`. For `push` targets, `ref_name` must NOT be set - only `repository_name` or `repository_id` should be used. (see [below for nested schema](#conditions)) + +### Rules + +The `rules` block supports the following: + +~> **Note:*- Rules are target-specific. `branch` and `tag` targets support rules like `creation`, `deletion`, `pull_request`, `required_status_checks`, etc. `push` targets only support `file_path_restriction`, `max_file_size`, `max_file_path_length`, and `file_extension_restriction`. Using the wrong rules for a target will result in a validation error. + +- `branch_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applies to rulesets with target `branch`. (see [below for nested schema](#rulesbranch_name_pattern)) + +- `commit_author_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_author_email_pattern)) + +- `commit_message_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_message_pattern)) + +- `committer_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommitter_email_pattern)) + +- `creation` - (Optional) (Boolean) Only allow users with bypass permission to create matching refs. + +- `deletion` - (Optional) (Boolean) Only allow users with bypass permissions to delete matching refs. + +- `non_fast_forward` - (Optional) (Boolean) Prevent users with push access from force pushing to branches. + +- `pull_request` - (Optional) (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see [below for nested schema](#rulespull_request)) + +- `copilot_code_review` - (Optional) (Block List, Max: 1) Automatically request Copilot code review for new pull requests if the author has access to Copilot code review and their premium requests quota has not reached the limit. (see [below for nested schema](#rulescopilot_code_review)) + +- `required_linear_history` - (Optional) (Boolean) Prevent merge commits from being pushed to matching branches. + +- `required_signatures` - (Optional) (Boolean) Commits pushed to matching branches must have verified signatures. + +- `required_status_checks` - (Optional) (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see [below for nested schema](#rulesrequired_status_checks)) + +- `required_workflows` - (Optional) (Block List, Max: 1) Define which Actions workflows must pass before changes can be merged into a branch matching the rule. Multiple workflows can be specified. (see [below for nested schema](#rulesrequired_workflows)) + +- `required_code_scanning` - (Optional) (Block List, Max: 1) Define which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated. Multiple code scanning tools can be specified. (see [below for nested schema](#rulesrequired_code_scanning)) + +- `tag_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applies to rulesets with target `tag`. (see [below for nested schema](#rulestag_name_pattern)) + +- `file_path_restriction` - (Optional) (Block List, Max: 1) Prevent commits that include changes to specified file paths from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesfile_path_restriction)) + +- `max_file_size` - (Optional) (Block List, Max: 1) Prevent commits that include files with a specified file size from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesmax_file_size)) + +- `max_file_path_length` - (Optional) (Block List, Max: 1) Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesmax_file_path_length)) + +- `file_extension_restriction` - (Optional) (Block List, Max: 1) Prevent commits that include files with specified file extensions from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesfile_extension_restriction)) + +- `update` - (Optional) (Boolean) Only allow users with bypass permission to update matching refs. + +#### rules.branch_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_author_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_message_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.committer_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.pull_request + +- `allowed_merge_methods` - (Optional) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. +- `dismiss_stale_reviews_on_push` - (Optional) (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`. + +- `require_code_owner_review` - (Optional) (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`. + +- `require_last_push_approval` - (Optional) (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`. + +- `required_approving_review_count` - (Optional) (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to `0`. + +- `required_review_thread_resolution` - (Optional) (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to `false`. + +#### rules.copilot_code_review + +- `review_on_push` - (Optional) (Boolean) Copilot automatically reviews each new push to the pull request. Defaults to `false`. + +- `review_draft_pull_requests` - (Optional) (Boolean) Copilot automatically reviews draft pull requests before they are marked as ready for review. Defaults to `false`. + +- `allowed_merge_methods` - (Required) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. + +- `required_reviewers` - (Optional) (Block List) Require specific reviewers to approve pull requests. Note: This feature is in beta. (see [below for nested schema](#rulespull_requestrequired_reviewers)) + +#### rules.pull_request.required_reviewers + +- `reviewer` - (Required) (Block List, Max: 1) The reviewer that must review matching files. (see [below for nested schema](#rulespull_requestrequired_reviewersreviewer)) + +- `file_patterns` - (Required) (List of String) File patterns (fnmatch syntax) that this reviewer must approve. + +- `minimum_approvals` - (Required) (Number) Minimum number of approvals required from this reviewer. Set to 0 to make approval optional. + +#### rules.pull_request.required_reviewers.reviewer + +- `id` - (Required) (Number) The ID of the reviewer (Team ID). + +- `type` - (Required) (String) The type of reviewer. Currently only `Team` is supported. + +#### rules.required_status_checks + +- `required_check` - (Required) (Block Set, Min: 1) Status checks that are required. Several can be defined. (see [below for nested schema](#required_status_checksrequired_check)) + +- `strict_required_status_checks_policy` - (Optional) (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`. + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +#### required_status_checks.required_check + +- `context` - (Required) (String) The status check context name that must be present on the commit. + +- `integration_id` - (Optional) (Number) The optional integration ID that this status check must originate from. + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +#### rules.required_workflows + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +- `required_workflow` - (Required) (Block Set, Min: 1) Actions workflows that are required. Multiple can be defined. (see [below for nested schema](#rulesrequired_workflowsrequired_workflow)) + +#### rules.required_workflows.required_workflow + +- `repository_id` - (Required) (Number) The ID of the repository. Names, full names and repository URLs are not supported. + +- `path` - (Required) (String) The path to the YAML definition file of the workflow. + +- `ref` - (Optional) (String) The optional ref from which to fetch the workflow. Defaults to `master`. + +#### rules.required_code_scanning + +- `required_code_scanning_tool` - (Required) (Block Set, Min: 1) Actions code scanning tools that are required. Multiple can be defined. (see [below for nested schema](#rulesrequired_code_scanningrequired_code_scanning_tool)) + +#### rules.required_code_scanning.required_code_scanning_tool + +- `alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise alerts block a reference update. Can be one of: `none`, `errors`, `errors_and_warnings`, `all`. + +- `security_alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise security alerts block a reference update. Can be one of: `none`, `critical`, `high_or_higher`, `medium_or_higher`, `all`. + +- `tool` - (Required) (String) The name of a code scanning tool. + +#### rules.tag_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.file_path_restriction + +- `restricted_file_paths` - (Required) (Block Set, Min: 1) The file paths that are restricted from being pushed to the commit graph. + +#### rules.max_file_size + +- `max_file_size` - (Required) (Integer) The maximum allowed size, in megabytes (MB), of a file. Valid range is 1-100 MB. + +#### rules.max_file_path_length + +- `max_file_path_length` - (Required) (Integer) The maximum number of characters allowed in file paths. + +#### rules.file_extension_restriction + +- `restricted_file_extensions` - (Required) (Block Set, Min: 1) The file extensions that are restricted from being pushed to the commit graph. + +#### bypass_actors + +- `actor_id` - (Optional) (Number) The ID of the actor that can bypass a ruleset. Some actor types such as `DeployKey` do not have an ID. + +- `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`. + +- `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`, `exempt`. + +~>Note: at the time of writing this, the following actor types correspond to the following actor IDs: + +- `OrganizationAdmin` -> `1` +- `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.) + - `maintain` -> `2` + - `write` -> `4` + - `admin` -> `5` + +#### conditions + +- `ref_name` - (Optional) (Block List, Max: 1) Required for `branch` and `tag` targets. Must NOT be set for `push` targets. (see [below for nested schema](#conditionsref_name)) +- `repository_id` (Optional) (List of Number) The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass. Conflicts with `repository_name`. +- `repository_name` (Optional) (Block List, Max: 1) Conflicts with `repository_id`. (see [below for nested schema](#conditionsrepository_name)) + +One of `repository_id` and `repository_name` must be set for the rule to target any repositories. + +~> **Note:*- For `push` targets, do not include `ref_name` in conditions. Push rulesets operate on file content, not on refs. + +#### conditions.ref_name + +- `exclude` - (Required) (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match. + +- `include` - (Required) (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches. + +#### conditions.repository_name + +- `exclude` - (Required) (List of String) Array of repository names or patterns to exclude. The condition will not pass if any of these patterns match. +- `include` - (Required) (List of String) Array of repository names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~ALL` to include all repositories. +- `protected` - (Optional) (Boolean) Whether renaming of target repositories is prevented. Defaults to `false`. + +## Attributes Reference + +The following additional attributes are exported: + +- `etag` (String) + +- `node_id` (String) GraphQL global node id for use with v4 API. + +- `ruleset_id` (Number) GitHub ID for the ruleset. + +## Import + +GitHub Organization Rulesets can be imported using the GitHub ruleset ID e.g. + +`$ terraform import github_organization_ruleset.example 12345` diff --git a/templates/resources/organization_security_manager.md.tmpl b/templates/resources/organization_security_manager.md.tmpl new file mode 100644 index 0000000000..4f8e605af7 --- /dev/null +++ b/templates/resources/organization_security_manager.md.tmpl @@ -0,0 +1,27 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages the Security manager teams for a GitHub Organization. +--- + +# {{.Name}} ({{.Type}}) + +~> **Note:*- This resource is deprecated, please use the `github_organization_role_team` resource instead. + +## Example Usage + +{{ tffile "examples/resources/organization_security_manager/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) The slug of the team to manage. + +## Import + +GitHub Security Manager Teams can be imported using the GitHub team ID e.g. + +```hcl +$ terraform import github_organization_security_manager.core 1234567 +``` diff --git a/templates/resources/organization_settings.md.tmpl b/templates/resources/organization_settings.md.tmpl new file mode 100644 index 0000000000..5eb1affafd --- /dev/null +++ b/templates/resources/organization_settings.md.tmpl @@ -0,0 +1,58 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages settings for a GitHub Organization. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage settings for a GitHub Organization. + +## Example Usage + +{{ tffile "examples/resources/organization_settings/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `billing_email` - (Required) The billing email address for the organization. +- `company` - (Optional) The company name for the organization. +- `blog` - (Optional) The blog URL for the organization. +- `email` - (Optional) The email address for the organization. +- `twitter_username` - (Optional) The Twitter username for the organization. +- `location` - (Optional) The location for the organization. +- `name` - (Optional) The name for the organization. +- `description` - (Optional) The description for the organization. +- `has_organization_projects` - (Optional) Whether or not organization projects are enabled for the organization. +- `has_repository_projects` - (Optional) Whether or not repository projects are enabled for the organization. +- `default_repository_permission` - (Optional) The default permission for organization members to create new repositories. Can be one of `read`, `write`, `admin`, or `none`. Defaults to `read`. +- `members_can_create_repositories` - (Optional) Whether or not organization members can create new repositories. Defaults to `true`. +- `members_can_create_public_repositories` - (Optional) Whether or not organization members can create new public repositories. Defaults to `true`. +- `members_can_create_private_repositories` - (Optional) Whether or not organization members can create new private repositories. Defaults to `true`. +- `members_can_create_internal_repositories` - (Optional) Whether or not organization members can create new internal repositories. For Enterprise Organizations only. +- `members_can_create_pages` - (Optional) Whether or not organization members can create new pages. Defaults to `true`. +- `members_can_create_public_pages` - (Optional) Whether or not organization members can create new public pages. Defaults to `true`. +- `members_can_create_private_pages` - (Optional) Whether or not organization members can create new private pages. Defaults to `true`. +- `members_can_fork_private_repositories` - (Optional) Whether or not organization members can fork private repositories. Defaults to `false`. +- `web_commit_signoff_required` - (Optional) Whether or not commit signatures are required for commits to the organization. Defaults to `false`. +- `advanced_security_enabled_for_new_repositories` - (Optional) Whether or not advanced security is enabled for new repositories. Defaults to `false`. +- `dependabot_alerts_enabled_for_new_repositories` - (Optional) Whether or not dependabot alerts are enabled for new repositories. Defaults to `false`. +- `dependabot_security_updates_enabled_for_new_repositories` - (Optional) Whether or not dependabot security updates are enabled for new repositories. Defaults to `false`. +- `dependency_graph_enabled_for_new_repositories` - (Optional) Whether or not dependency graph is enabled for new repositories. Defaults to `false`. +- `secret_scanning_enabled_for_new_repositories` - (Optional) Whether or not secret scanning is enabled for new repositories. Defaults to `false`. +- `secret_scanning_push_protection_enabled_for_new_repositories` - (Optional) Whether or not secret scanning push protection is enabled for new repositories. Defaults to `false`. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the organization settings. + +## Import + +Organization settings can be imported using the `id` of the organization. The `id` of the organization can be found using the [get an organization](https://docs.github.com/en/rest/orgs/orgs#get-an-organization) API. + +```hcl +$ terraform import github_organization_settings.test 123456789 +``` diff --git a/templates/resources/organization_webhook.md.tmpl b/templates/resources/organization_webhook.md.tmpl new file mode 100644 index 0000000000..c065e98fd0 --- /dev/null +++ b/templates/resources/organization_webhook.md.tmpl @@ -0,0 +1,41 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages webhooks for GitHub organizations +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage webhooks for GitHub organization. + +## Example Usage + +{{ tffile "examples/resources/organization_webhook/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `events` - (Required) A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) + +- `configuration` - (Required) key/value pair of configuration for this webhook. Available keys are `url`, `content_type`, `secret` and `insecure_ssl`. + +- `active` - (Optional) Indicate of the webhook should receive events. Defaults to `true`. + +- `name` - (Optional) The type of the webhook. `web` is the default and the only option. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the webhook + +## Import + +Organization webhooks can be imported using the `id` of the webhook. The `id` of the webhook can be found in the URL of the webhook. For example, `"https://github.com/organizations/foo-org/settings/hooks/123456789"`. + +```hcl +$ terraform import github_organization_webhook.terraform 123456789 +``` + +If secret is populated in the webhook's configuration, the value will be imported as "********". diff --git a/templates/resources/project_card.md.tmpl b/templates/resources/project_card.md.tmpl new file mode 100644 index 0000000000..f0dbe852a7 --- /dev/null +++ b/templates/resources/project_card.md.tmpl @@ -0,0 +1,41 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages project cards for GitHub projects +--- + +# {{.Name}} ({{.Type}}) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage cards for GitHub projects. + +## Example Usage + +{{ tffile "examples/resources/project_card/example_1.tf" }} + +## Example Usage adding an Issue to a Project + +{{ tffile "examples/resources/project_card/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `column_id` - (Required) The ID of the card. + +- `note` - (Optional) The note contents of the card. Markdown supported. + +- `content_id` - (Optional) `github_issue.issue_id`. + +- `content_type` - (Optional) Must be either `Issue` or `PullRequest` + +**Remarks:*- You must either set the `note` attribute or both `content_id` and `content_type`. See [note example](#example-usage) or [issue example](#example-usage-adding-an-issue-to-a-project) for more information. + +## Import + +A GitHub Project Card can be imported using its [Card ID](https://developer.github.com/v3/projects/cards/#get-a-project-card): + +```hcl +$ terraform import github_project_card.card 01234567 +``` diff --git a/templates/resources/project_column.md.tmpl b/templates/resources/project_column.md.tmpl new file mode 100644 index 0000000000..4dc0fe8c48 --- /dev/null +++ b/templates/resources/project_column.md.tmpl @@ -0,0 +1,23 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages project columns for GitHub projects +--- + +# {{.Name}} ({{.Type}}) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage columns for GitHub projects. + +## Example Usage + +{{ tffile "examples/resources/project_column/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `project_id` - (Required) The ID of an existing project that the column will be created in. + +- `name` - (Required) The name of the column. diff --git a/templates/resources/release.md.tmpl b/templates/resources/release.md.tmpl new file mode 100644 index 0000000000..eede9749d4 --- /dev/null +++ b/templates/resources/release.md.tmpl @@ -0,0 +1,71 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages releases within a single GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage a release in a specific GitHub repository. + +## Example Usage + +{{ tffile "examples/resources/release/example_1.tf" }} + +## Example Usage on Non-Default Branch + +{{ tffile "examples/resources/release/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The name of the repository. + +- `tag_name` - (Required) The name of the tag. + +- `target_commitish` - (Optional) The branch name or commit SHA the tag is created from. Defaults to the default branch of the repository. + +- `name` - (Optional) The name of the release. + +- `body` - (Optional) Text describing the contents of the tag. + +- `draft` - (Optional) Set to `false` to create a published release. + +- `prerelease` - (Optional) Set to `false` to identify the release as a full release. + +- `generate_release_notes` - (Optional) Set to `true` to automatically generate the name and body for this release. If `name` is specified, the specified `name` will be used; otherwise, a name will be automatically generated. If `body` is specified, the `body` will be pre-pended to the automatically generated notes. + +- `discussion_category_name` - (Optional) If specified, a discussion of the specified category is created and linked to the release. The value must be a category that already exists in the repository. For more information, see [Managing categories for discussions in your repository](https://docs.github.com/discussions/managing-discussions-for-your-community/managing-categories-for-discussions-in-your-repository). + +## Attributes Reference + +The following additional attributes are exported: + +- `release_id` - The ID of the release. + +- `created_at` - This is the date of the commit used for the release, and not the date when the release was drafted or published. + +- `published_at` - This is the date when the release was published. This will be empty if the release is a draft. + +- `html_url` - URL of the release in GitHub. + +- `url` - URL that can be provided to API calls that reference this release. + +- `assets_url` - URL that can be provided to API calls displaying the attached assets to this release. + +- `upload_url` - URL that can be provided to API calls to upload assets. + +- `zipball_url` - URL that can be provided to API calls to fetch the release ZIP archive. + +- `tarball_url` - URL that can be provided to API calls to fetch the release TAR archive. + +- `node_id` - GraphQL global node id for use with v4 API + +## Import + +This resource can be imported using the `name` of the repository, combined with the `id` of the release, and a `:` character for separating components, e.g. + +```sh +terraform import github_release.example repo:12345678 +``` diff --git a/templates/resources/repository.md.tmpl b/templates/resources/repository.md.tmpl new file mode 100644 index 0000000000..61302406e3 --- /dev/null +++ b/templates/resources/repository.md.tmpl @@ -0,0 +1,210 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages repositories within GitHub organizations or personal accounts +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage repositories within your GitHub organization or personal account. + +~> **Note*- When used with GitHub App authentication, even GET requests must have the `contents:write` permission. Without it, the following arguments will be ignored, leading to unexpected behavior and confusing diffs: `allow_merge_commit`, `allow_squash_merge`, `allow_rebase_merge`, `merge_commit_title`, `merge_commit_message`, `squash_merge_commit_title` and `squash_merge_commit_message`. + +## Example Usage + +{{ tffile "examples/resources/repository/example_1.tf" }} + +## Example Usage with GitHub Pages Enabled + +{{ tffile "examples/resources/repository/example_2.tf" }} + +## Example Usage with Repository Forking + +{{ tffile "examples/resources/repository/example_3.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the repository. + +- `description` - (Optional) A description of the repository. + +- `homepage_url` - (Optional) URL of a page describing the project. + +- `fork` - (Optional) Set to `true` to create a fork of an existing repository. When set to `true`, both `source_owner` and `source_repo` must also be specified. + +- `source_owner` - (Optional) The GitHub username or organization that owns the repository being forked. Required when `fork` is `true`. + +- `source_repo` - (Optional) The name of the repository to fork. Required when `fork` is `true`. + +- `private` - (Optional) Set to `true` to create a private repository. Repositories are created as public (e.g. open source) by default. + +- `visibility` - (Optional) Can be `public` or `private`. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be `internal`. The `visibility` parameter overrides the `private` parameter. + +- `has_issues` - (Optional) Set to `true` to enable the GitHub Issues features on the repository. + +- `has_discussions` - (Optional) Set to `true` to enable GitHub Discussions on the repository. Defaults to `false`. + +- `has_projects` - (Optional) Set to `true` to enable the GitHub Projects features on the repository. Per the GitHub [documentation](https://developer.github.com/v3/repos/#create) when in an organization that has disabled repository projects it will default to `false` and will otherwise default to `true`. If you specify `true` when it has been disabled it will return an error. + +- `has_wiki` - (Optional) Set to `true` to enable the GitHub Wiki features on the repository. + +- `is_template` - (Optional) Set to `true` to tell GitHub that this is a template repository. + +- `allow_merge_commit` - (Optional) Set to `false` to disable merge commits on the repository. + +- `allow_squash_merge` - (Optional) Set to `false` to disable squash merges on the repository. + +- `allow_rebase_merge` - (Optional) Set to `false` to disable rebase merges on the repository. + +- `allow_auto_merge` - (Optional) Set to `true` to allow auto-merging pull requests on the repository. + +- `allow_forking` - (Optional) Configure private forking for organization owned private and internal repositories; set to `true` to enable, `false` to disable, and leave unset for the default behaviour. Configuring this requires that private forking is not being explicitly configured at the organization level. + +- `squash_merge_commit_title` - (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if `allow_squash_merge` is `true`. + +- `squash_merge_commit_message` - (Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if `allow_squash_merge` is `true`. + +- `merge_commit_title` - Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if `allow_merge_commit` is `true`. + +- `merge_commit_message` - Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if `allow_merge_commit` is `true`. + +- `delete_branch_on_merge` - (Optional) Automatically delete head branch after a pull request is merged. Defaults to `false`. + +- `web_commit_signoff_required` - (Optional) Require contributors to sign off on web-based commits. See more [here](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-commit-signoff-policy-for-your-repository). Defaults to `false`. + +- `has_downloads` - (**DEPRECATED**) (Optional) Set to `true` to enable the (deprecated) downloads features on the repository. This attribute is no longer in use, but it hasn't been removed yet. It will be removed in a future version. See [this discussion](https://github.com/orgs/community/discussions/102145#discussioncomment-8351756). + +- `auto_init` - (Optional) Set to `true` to produce an initial commit in the repository. + +- `gitignore_template` - (Optional) Use the [name of the template](https://github.com/github/gitignore) without the extension. For example, "Haskell". + +- `license_template` - (Optional) Use the [name of the template](https://github.com/github/choosealicense.com/tree/gh-pages/_licenses) without the extension. For example, "mit" or "mpl-2.0". + +- `default_branch` - (Optional) (Deprecated: Use `github_branch_default` resource instead) The name of the default branch of the repository. **NOTE:*- This can only be set after a repository has already been created, and after a correct reference has been created for the target branch inside the repository. This means a user will have to omit this parameter from the initial repository creation and create the target branch inside of the repository prior to setting this attribute. + +- `archived` - (Optional) Specifies if the repository should be archived. Defaults to `false`. **NOTE*- Currently, the API does not support unarchiving. + +- `archive_on_destroy` - (Optional) Set to `true` to archive the repository instead of deleting on destroy. + +- `pages` - (Optional) The repository's GitHub Pages configuration. See [GitHub Pages Configuration](#github-pages-configuration) below for details. + +- `security_and_analysis` - (Optional) The repository's [security and analysis](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository) configuration. See [Security and Analysis Configuration](#security-and-analysis-configuration) below for details. + +- `topics` - (Optional) The list of topics of the repository. + +~> Note: This attribute is not compatible with the `github_repository_topics` resource. Use one of them. `github_repository_topics` is only meant to be used if the repository itself is not handled via terraform, for example if it's only read as a datasource (see [issue #1845](https://github.com/integrations/terraform-provider-github/issues/1845)). + +- `template` - (Optional) Use a template repository to create this resource. See [Template Repositories](#template-repositories) below for details. + +- `vulnerability_alerts` - (Optional) Configure [Dependabot security alerts](https://help.github.com/en/github/managing-security-vulnerabilities/about-security-alerts-for-vulnerable-dependencies) for vulnerable dependencies; set to `true` to enable, set to `false` to disable, and leave unset for the default behavior. Configuring this requires that alerts are not being explicitly configured at the organization level. + +- `ignore_vulnerability_alerts_during_read` (**DEPRECATED**) (Optional) - This is ignored as the provider now handles lack of permissions automatically. + +- `allow_update_branch` (Optional) - Set to `true` to always suggest updating pull request branches. + +### GitHub Pages Configuration + +The `pages` block supports the following: + +- `source` - (Optional) The source branch and directory for the rendered Pages site. See [GitHub Pages Source](#github-pages-source) below for details. + +- `build_type` - (Optional) The type of GitHub Pages site to build. Can be `legacy` or `workflow`. If you use `legacy` as build type you need to set the option `source`. + +- `cname` - (Optional) The custom domain for the repository. This can only be set after the repository has been created. + +#### GitHub Pages Source + +The `source` block supports the following: + +- `branch` - (Required) The repository branch used to publish the site's source files. (i.e. `main` or `gh-pages`. + +- `path` - (Optional) The repository directory from which the site publishes (Default: `/`). + +### Security and Analysis Configuration + +The `security_and_analysis` block supports the following: + +- `advanced_security` - (Optional) The advanced security configuration for the repository. See [Advanced Security Configuration](#advanced-security-configuration) below for details. If a repository's visibility is `public`, advanced security is always enabled and cannot be changed, so this setting cannot be supplied. + +- `code_security` - (Optional) The code security configuration for the repository. See [Code Security](#code-security-configuration) below for details. + +- `secret_scanning` - (Optional) The secret scanning configuration for the repository. See [Secret Scanning Configuration](#secret-scanning-configuration) below for details. + +- `secret_scanning_push_protection` - (Optional) The secret scanning push protection configuration for the repository. See [Secret Scanning Push Protection Configuration](#secret-scanning-push-protection-configuration) below for details. + +- `secret_scanning_ai_detection` - (Optional) The secret scanning ai detection configuration for the repository. See [Secret Scanning AI Detection Configuration](#secret-scanning-ai-detection) below for details. + +- `secret_scanning_non_provider_patterns` - (Optional) The secret scanning non-provider patterns configuration for this repository. See [Secret Scanning Non-Provider Patterns Configuration](#secret-scanning-non-provider-patterns) below for more details. + +#### Advanced Security Configuration + +The `advanced_security` block supports the following: + +- `status` - (Required) Set to `enabled` to enable advanced security features on the repository. Can be `enabled` or `disabled`. + +#### Code Security Configuration + +- `status` - (Required) Set to `enabled` to enable GitHub Code Security on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning Configuration + +- `status` - (Required) Set to `enabled` to enable secret scanning on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning Push Protection Configuration + +- `status` - (Required) Set to `enabled` to enable secret scanning push protection on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning AI Detection + +- `status` - (Required) Set to `enabled` to enable secret scanning AI detection on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +#### Secret Scanning Non-Provider Patterns + +- `status` - (Required) Set to `enabled` to enable secret scanning non-provider patterns on the repository. Can be `enabled` or `disabled`. If set to `enabled`, the repository's visibility must be `public`, `security_and_analysis[0].advanced_security[0].status` must also be set to `enabled`, or your Organization must have split licensing for Advanced security. + +### Template Repositories + +`template` supports the following arguments: + +- `owner`: The GitHub organization or user the template repository is owned by. +- `repository`: The name of the template repository. +- `include_all_branches`: Whether the new repository should include all the branches from the template repository (defaults to false, which includes only the default branch from the template). + +~> **Note on `internal` visibility with templates**: When creating a repository from a template with `visibility = "internal"`, the provider uses a two-step process due to GitHub API limitations. The template creation API only supports a `private` boolean parameter. Therefore, repositories with `visibility = "internal"` are initially created as private and then immediately updated to internal visibility. This ensures internal repositories are never exposed publicly during creation. + +## Attributes Reference + +The following additional attributes are exported: + +- `full_name` - A string of the form "orgname/reponame". + +- `html_url` - URL to the repository on the web. + +- `ssh_clone_url` - URL that can be provided to `git clone` to clone the repository via SSH. + +- `http_clone_url` - URL that can be provided to `git clone` to clone the repository via HTTPS. + +- `git_clone_url` - URL that can be provided to `git clone` to clone the repository anonymously via the git protocol. + +- `svn_url` - URL that can be provided to `svn checkout` to check out the repository via GitHub's Subversion protocol emulation. + +- `node_id` - GraphQL global node id for use with v4 API + +- `repo_id` - GitHub ID for the repository + +- `primary_language` - The primary language used in the repository. + +- `pages` - The block consisting of the repository's GitHub Pages configuration with the following additional attributes: +- `custom_404` - Whether the rendered GitHub Pages site has a custom 404 page. +- `html_url` - The absolute URL (including scheme) of the rendered GitHub Pages site e.g. `https://username.github.io`. +- `status` - The GitHub Pages site's build status e.g. `building` or `built`. + +## Import + +Repositories can be imported using the `name`, e.g. + +```shell +terraform import github_repository.terraform myrepo +``` diff --git a/templates/resources/repository_autolink_reference.md.tmpl b/templates/resources/repository_autolink_reference.md.tmpl new file mode 100644 index 0000000000..8be8a60e05 --- /dev/null +++ b/templates/resources/repository_autolink_reference.md.tmpl @@ -0,0 +1,49 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages autolink references for a single repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage an autolink reference for a single repository. + +## Example Usage + +{{ tffile "examples/resources/repository_autolink_reference/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository of the autolink reference. + +- `key_prefix` - (Required) This prefix appended by a number will generate a link any time it is found in an issue, pull request, or commit. + +- `target_url_template` - (Required) The template of the target URL used for the links; must be a valid URL and contain `` for the reference number + +- `is_alphanumeric` - (Optional) Whether this autolink reference matches alphanumeric characters. If false, this autolink reference only matches numeric characters. Default is true. + +## Attributes Reference + +The following additional attributes are exported: + +- `etag` - An etag representing the autolink reference object. + +## Import + +Autolink references can be imported using the `name` of the repository, combined with the `id` or `key prefix` of the autolink reference and a `/` character for separating components, e.g. + +### Import by ID + +```sh +terraform import github_repository_autolink_reference.auto my-repo/123 +``` + +See the GitHub documentation for how to [list all autolinks of a repository](https://docs.github.com/en/rest/repos/autolinks#list-all-autolinks-of-a-repository) to learn the autolink ids to use with the import command. + +### Import by key prefix + +```sh +terraform import github_repository_autolink_reference.auto oof/OOF- +``` diff --git a/templates/resources/repository_collaborator.md.tmpl b/templates/resources/repository_collaborator.md.tmpl new file mode 100644 index 0000000000..73a6227f66 --- /dev/null +++ b/templates/resources/repository_collaborator.md.tmpl @@ -0,0 +1,55 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub repository collaborator resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub repository collaborator resource. + +~> Note: github_repository_collaborator cannot be used in conjunction with github_repository_collaborators or they will fight over what your policy should be. + +This resource allows you to add/remove collaborators from repositories in your organization or personal account. For organization repositories, collaborators can have explicit (and differing levels of) read, write, or administrator access to specific repositories, without giving the user full organization membership. For personal repositories, collaborators can only be granted write (implicitly includes read) permission. + +When applied, an invitation will be sent to the user to become a collaborator on a repository. When destroyed, either the invitation will be cancelled or the collaborator will be removed from the repository. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing collaborator modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +This resource is non-authoritative, for managing ALL collaborators of a repo, use github_repository_collaborators instead. + +Further documentation on GitHub collaborators: + +- [Adding outside collaborators to your personal repositories](https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories) +- [Adding outside collaborators to repositories in your organization](https://help.github.com/articles/adding-outside-collaborators-to-repositories-in-your-organization/) +- [Converting an organization member to an outside collaborator](https://help.github.com/articles/converting-an-organization-member-to-an-outside-collaborator/) + +## Example Usage + +{{ tffile "examples/resources/repository_collaborator/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository + +~> Note: The owner of the repository can be passed as part of the repository name e.g. `owner-org-name/repo-name`. If owner is not supplied as part of the repository name, it may also be supplied by setting the environment variable `GITHUB_OWNER`. + +- `username` - (Required) The user to add to the repository as a collaborator. +- `permission` - (Optional) The permission of the outside collaborator for the repository. Must be one of `pull`, `push`, `maintain`, `triage` or `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organization for organization-owned repositories. Must be `push` for personal repositories. Defaults to `push`. +- `permission_diff_suppression` - (Optional) Suppress plan diffs for `triage` and `maintain`. Defaults to `false`. + +## Attribute Reference + +In addition to the above arguments, the following attributes are exported: + +- `invitation_id` - ID of the invitation to be used in `github_user_invitation_accepter`. + +## Import + +GitHub Repository Collaborators can be imported using an ID made up of `repository:username`, e.g. + +```hcl +$ terraform import github_repository_collaborator.collaborator terraform:someuser +``` diff --git a/templates/resources/repository_collaborators.md.tmpl b/templates/resources/repository_collaborators.md.tmpl new file mode 100644 index 0000000000..8b3e6d4a16 --- /dev/null +++ b/templates/resources/repository_collaborators.md.tmpl @@ -0,0 +1,66 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub repository collaborators resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub repository collaborators resource. + +~> Note: github_repository_collaborators cannot be used in conjunction with github_repository_collaborator and github_team_repository or they will fight over what your policy should be. + +This resource allows you to manage all collaborators for repositories in your organization or personal account. For organization repositories, collaborators can have explicit (and differing levels of) read, write, or administrator access to specific repositories, without giving the user full organization membership. For personal repositories, collaborators can only be granted write (implicitly includes read) permission. + +When applied, an invitation will be sent to the user to become a collaborators on a repository. When destroyed, either the invitation will be cancelled or the collaborators will be removed from the repository. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing collaborator modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +This resource is authoritative. For adding a collaborator to a repo in a non-authoritative manner, use github_repository_collaborator instead. + +Further documentation on GitHub collaborators: + +- [Adding outside collaborators to your personal repositories](https://help.github.com/en/github/setting-up-and-managing-your-github-user-account/managing-access-to-your-personal-repositories) +- [Adding outside collaborators to repositories in your organization](https://help.github.com/articles/adding-outside-collaborators-to-repositories-in-your-organization/) +- [Converting an organization member to an outside collaborators](https://help.github.com/articles/converting-an-organization-member-to-an-outside-collaborator/) + +## Example Usage + +{{ tffile "examples/resources/repository_collaborators/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository. +- `user` - (Optional) List of users to grant access to the repository. +- `team` - (Optional) List of teams to grant access to the repository. +- `ignore_team` - (Optional) List of teams to ignore when checking for repository access. This supports ignoring teams granted access at an organizational level. + +The `user` block supports: + +- `username` - (Required) The user to add to the repository as a collaborator. +- `permission` - (Optional) The permission of the outside collaborators for the repository. Must be one of `pull`, `push`, `maintain`, `triage` or `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organization for organization-owned repositories. Must be `push` for personal repositories. Defaults to `push`. + +The `team` block supports: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug. +- `permission` - (Optional) The permission of the outside collaborators for the repository. Must be one of `pull`, `triage`, `push`, `maintain`, `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organisation. Defaults to `pull`. Must be `push` for personal repositories. Defaults to `push`. + +The `ignore_team` block supports: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug. + +## Attribute Reference + +In addition to the above arguments, the following attributes are exported: + +- `invitation_ids` - Map of usernames to invitation ID for any users added as part of creation of this resource to be used in `github_user_invitation_accepter`. + +## Import + +GitHub Repository Collaborators can be imported using the name `name`, e.g. + +```hcl +$ terraform import github_repository_collaborators.collaborators terraform +``` diff --git a/templates/resources/repository_custom_property.md.tmpl b/templates/resources/repository_custom_property.md.tmpl new file mode 100644 index 0000000000..c411d703e6 --- /dev/null +++ b/templates/resources/repository_custom_property.md.tmpl @@ -0,0 +1,35 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and a specific custom property for a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage a specific custom property for a GitHub repository. + +## Example Usage + +> Note that this assumes there already is a custom property defined on the org level called `my-cool-property` of type `string` + +{{ tffile "examples/resources/repository_custom_property/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository of the environment. + +- `property_type` - (Required) Type of the custom property. Can be one of `single_select`, `multi_select`, `string`, or `true_false` + +- `property_name` - (Required) Name of the custom property. Note that a pre-requisiste for this resource is that a custom property of this name has already been defined on the organization level + +- `property_value` - (Required) Value of the custom property in the form of an array. Properties of type `single_select`, `string`, and `true_false` are represented as a string array of length 1 + +## Import + +GitHub Repository Custom Property can be imported using an ID made up of a combination of the names of the organization, repository, custom property separated by a `:` character, e.g. + +```hcl +$ terraform import github_repository_custom_property.example organization-name:repo-name:custom-property-name +``` diff --git a/templates/resources/repository_dependabot_security_updates.md.tmpl b/templates/resources/repository_dependabot_security_updates.md.tmpl new file mode 100644 index 0000000000..f34ff80ab6 --- /dev/null +++ b/templates/resources/repository_dependabot_security_updates.md.tmpl @@ -0,0 +1,31 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages automated security fixes for a single repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage dependabot automated security fixes for a single repository. See the [documentation](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) for details of usage and how this will impact your repository + +## Example Usage + +{{ tffile "examples/resources/repository_dependabot_security_updates/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The name of the GitHub repository. + +- `enabled` - (Required) The state of the automated security fixes. + +## Import + +Automated security references can be imported using the `name` of the repository + +### Import by name + +```sh +terraform import github_repository_dependabot_security_updates.example my-repo +``` diff --git a/templates/resources/repository_deploy_key.md.tmpl b/templates/resources/repository_deploy_key.md.tmpl new file mode 100644 index 0000000000..bbe4b340e4 --- /dev/null +++ b/templates/resources/repository_deploy_key.md.tmpl @@ -0,0 +1,42 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub repository deploy key resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub repository deploy key resource. + +A deploy key is an SSH key that is stored on your server and grants access to a single GitHub repository. This key is attached directly to the repository instead of to a personal user account. + +This resource allows you to add/remove repository deploy keys. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing deploy key modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +Further documentation on GitHub repository deploy keys: + +- [About deploy keys](https://developer.github.com/guides/managing-deploy-keys/#deploy-keys) + +## Example Usage + +{{ tffile "examples/resources/repository_deploy_key/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `key` - (Required) A SSH key. +- `read_only` - (Required) A boolean qualifying the key to be either read only or read/write. +- `repository` - (Required) Name of the GitHub repository. +- `title` - (Required) A title. + +Changing any of the fields forces re-creating the resource. + +## Import + +Repository deploy keys can be imported using a colon-separated pair of repository name and GitHub's key id. The latter can be obtained by GitHub's SDKs and API. + +```hcl +$ terraform import github_repository_deploy_key.foo test-repo:23824728 +``` diff --git a/templates/resources/repository_deployment_branch_policy.md.tmpl b/templates/resources/repository_deployment_branch_policy.md.tmpl new file mode 100644 index 0000000000..5937a12327 --- /dev/null +++ b/templates/resources/repository_deployment_branch_policy.md.tmpl @@ -0,0 +1,37 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages deployment branch policies +--- + +# {{.Name}} ({{.Type}}) + +~> **Note:*- This resource is deprecated, please use the `github_repository_environment_deployment_policy` resource instead. + +This resource allows you to create and manage deployment branch policies. + +## Example Usage + +{{ tffile "examples/resources/repository_deployment_branch_policy/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository to create the policy in. + +- `environment_name` - (Required) The name of the environment. This environment must have `deployment_branch_policy.custom_branch_policies` set to true or a 404 error will be thrown. + +- `name` - (Required) The name pattern that branches must match in order to deploy to the environment. + +## Attributes Reference + +The following additional attributes are exported: + +- `id` - The ID of the deployment branch policy. + +## Import + +```hcl +$ terraform import github_repository_deployment_branch_policy.foo repo:env:id +``` diff --git a/templates/resources/repository_environment.md.tmpl b/templates/resources/repository_environment.md.tmpl new file mode 100644 index 0000000000..f91f1b51af --- /dev/null +++ b/templates/resources/repository_environment.md.tmpl @@ -0,0 +1,51 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages environments for GitHub repositories +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage environments for a GitHub repository. + +## Example Usage + +{{ tffile "examples/resources/repository_environment/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `environment` - (Required) The name of the environment. + +- `repository` - (Required) The repository of the environment. + +- `wait_timer` - (Optional) Amount of time to delay a job after the job is initially triggered. + +- `can_admins_bypass` - (Optional) Can repository admins bypass the environment protections. Defaults to `true`. + +- `prevent_self_review` - (Optional) Whether or not a user who created the job is prevented from approving their own job. Defaults to `false`. + +### Reviewers + +The `reviewers` block supports the following: + +- `teams` - (Optional) Up to 6 IDs for teams who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed. + +- `users` - (Optional) Up to 6 IDs for users who may review jobs that reference the environment. Reviewers must have at least read access to the repository. Only one of the required reviewers needs to approve the job for it to proceed. + +#### Deployment Branch Policy + +The `deployment_branch_policy` block supports the following: + +- `protected_branches` - (Required) Whether only branches with branch protection rules can deploy to this environment. + +- `custom_branch_policies` - (Required) Whether only branches that match the specified name patterns can deploy to this environment. + +## Import + +This resource can be imported using an ID made of the repository name, and environment name (any `:` in the name need to be escaped as `??`) separated by a `:`. + +```shell +terraform import github_repository_environment.example myrepo:myenv +``` diff --git a/templates/resources/repository_environment_deployment_policy.md.tmpl b/templates/resources/repository_environment_deployment_policy.md.tmpl new file mode 100644 index 0000000000..038bfff0f2 --- /dev/null +++ b/templates/resources/repository_environment_deployment_policy.md.tmpl @@ -0,0 +1,39 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages environment deployment branch policies for GitHub repositories +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage environment deployment branch policies for a GitHub repository. + +## Example Usage + +Create a branch-based deployment policy: + +{{ tffile "examples/resources/repository_environment_deployment_policy/example_1.tf" }} + +Create a tag-based deployment policy: + +{{ tffile "examples/resources/repository_environment_deployment_policy/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `environment` - (Required) The name of the environment. + +- `repository` - (Required) The repository of the environment. + +- `branch_pattern` - (Optional) The name pattern that branches must match in order to deploy to the environment. If not specified, `tag_pattern` must be specified. + +- `tag_pattern` - (Optional) The name pattern that tags must match in order to deploy to the environment. If not specified, `branch_pattern` must be specified. + +## Import + +This resource can be imported using an ID made of the repository name, environment name (any `:` in the name need to be escaped as `??`), and deployment policy ID all separated by a `:`. + +```shell +terraform import github_repository_environment.example myrepo:myenv:123456 +``` diff --git a/templates/resources/repository_file.md.tmpl b/templates/resources/repository_file.md.tmpl new file mode 100644 index 0000000000..38771c8102 --- /dev/null +++ b/templates/resources/repository_file.md.tmpl @@ -0,0 +1,73 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages files within a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage files within a GitHub repository. + +~> **Note:*- When a repository is archived, Terraform will skip deletion of repository files to avoid API errors, as archived repositories are read-only. The files will be removed from Terraform state without attempting to delete them from GitHub. + +## Example Usage + +### Existing Branch + +{{ tffile "examples/resources/repository_file/example_1.tf" }} + +### Auto Created Branch + +{{ tffile "examples/resources/repository_file/example_2.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository to create the file in. + +- `file` - (Required) The path of the file to manage. + +- `content` - (Required) The file content. + +- `branch` - (Optional) Git branch (defaults to the repository's default branch). The branch must already exist, it will only be created automatically if 'autocreate_branch' is set true. + +- `commit_author` - (Optional) Committer author name to use. **NOTE:*- GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This maybe useful when a branch protection rule requires signed commits. + +- `commit_email` - (Optional) Committer email address to use. **NOTE:*- GitHub app users may omit author and email information so GitHub can verify commits as the GitHub App. This may be useful when a branch protection rule requires signed commits. + +- `commit_message` - (Optional) The commit message when creating, updating or deleting the managed file. + +- `overwrite_on_create` - (Optional) Enable overwriting existing files. If set to `true` it will overwrite an existing file with the same name. If set to `false` it will fail if there is an existing file with the same name. + +- `autocreate_branch` - (Optional) **Deprecated*- Automatically create the branch if it could not be found. Defaults to false. Subsequent reads if the branch is deleted will occur from 'autocreate_branch_source_branch'. Use the `github_branch` resource instead. + +- `autocreate_branch_source_branch` - (Optional) **Deprecated*- The branch name to start from, if 'autocreate_branch' is set. Defaults to 'main'. Use the `github_branch` resource instead. + +- `autocreate_branch_source_sha` - (Optional) **Deprecated*- The commit hash to start from, if 'autocreate_branch' is set. Defaults to the tip of 'autocreate_branch_source_branch'. If provided, 'autocreate_branch_source_branch' is ignored. Use the `github_branch` resource instead. + +## Attributes Reference + +The following additional attributes are exported: + +- `commit_sha` - The SHA of the commit that modified the file. + +- `repository_id` - The ID of the repository. + +- `sha` - The SHA blob of the file. + +- `ref` - The name of the commit/branch/tag. + +## Import + +Repository files can be imported using a combination of the `repo`, `file` and `branch` or empty branch for the default branch, e.g. + +```sh +terraform import github_repository_file.gitignore example:.gitignore:feature-branch +``` + +and using default branch: + +```sh +terraform import github_repository_file.gitignore example:.gitignore: +``` diff --git a/templates/resources/repository_milestone.md.tmpl b/templates/resources/repository_milestone.md.tmpl new file mode 100644 index 0000000000..bb1b16e1a3 --- /dev/null +++ b/templates/resources/repository_milestone.md.tmpl @@ -0,0 +1,45 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub repository milestone resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub repository milestone resource. + +This resource allows you to create and manage milestones for a GitHub Repository within an organization or user account. + +## Example Usage + +{{ tffile "examples/resources/repository_milestone/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `owner` - (Required) The owner of the GitHub Repository. + +- `repository` - (Required) The name of the GitHub Repository. + +- `title` - (Required) The title of the milestone. + +- `description` - (Optional) A description of the milestone. + +- `due_date` - (Optional) The milestone due date. In `yyyy-mm-dd` format. + +- `state` - (Optional) The state of the milestone. Either `open` or `closed`. Default: `open` + +## Attributes Reference + +The following additional attributes are exported: + +- `number` - The number of the milestone. + +## Import + +A GitHub Repository Milestone can be imported using an ID made up of `owner/repository/number`, e.g. + +```hcl +$ terraform import github_repository_milestone.example example-owner/example-repository/1 +``` diff --git a/templates/resources/repository_project.md.tmpl b/templates/resources/repository_project.md.tmpl new file mode 100644 index 0000000000..fe32652d6a --- /dev/null +++ b/templates/resources/repository_project.md.tmpl @@ -0,0 +1,31 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages projects for GitHub repositories +--- + +# {{.Name}} ({{.Type}}) + +!> **Warning:*- This resource no longer works as the [Projects (classic) REST API](https://docs.github.com/en/rest/projects/projects?apiVersion=2022-11-28) has been [removed](https://github.blog/changelog/2024-05-23-sunset-notice-projects-classic/) and as such has been deprecated. It will be removed in a future release. + +This resource allows you to create and manage projects for GitHub repository. + +## Example Usage + +{{ tffile "examples/resources/repository_project/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the project. + +- `repository` - (Required) The repository of the project. + +- `body` - (Optional) The body of the project. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the project diff --git a/templates/resources/repository_pull_request.md.tmpl b/templates/resources/repository_pull_request.md.tmpl new file mode 100644 index 0000000000..8e2fae63de --- /dev/null +++ b/templates/resources/repository_pull_request.md.tmpl @@ -0,0 +1,49 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Get information on a single GitHub Pull Request. +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage PullRequests for repositories within your GitHub organization or personal account. + +## Example Usage + +{{ tffile "examples/resources/repository_pull_request/example_1.tf" }} + +## Argument Reference + +- `base_repository` - (Required) Name of the base repository to retrieve the Pull Requests from. + +- `base_ref` - (Required) Name of the branch serving as the base of the Pull Request. + +- `head_ref` - (Required) Name of the branch serving as the head of the Pull Request. + +- `owner` - (Optional) Owner of the repository. If not provided, the provider's default owner is used. + +- `title` - (Optional) The title of the Pull Request. + +- `body` - (Optional) Body of the Pull Request. + +- `maintainer_can_modify` - Controls whether the base repository maintainers can modify the Pull Request. Default: false. + +## Attributes Reference + +- `base_sha` - Head commit SHA of the Pull Request base. + +- `draft` - Indicates Whether this Pull Request is a draft. + +- `head_sha` - Head commit SHA of the Pull Request head. + +- `labels` - List of label names set on the Pull Request. + +- `number` - The number of the Pull Request within the repository. + +- `opened_at` - Unix timestamp indicating the Pull Request creation time. + +- `opened_by` - GitHub login of the user who opened the Pull Request. + +- `state` - the current Pull Request state - can be "open", "closed" or "merged". + +- `updated_at` - The timestamp of the last Pull Request update. diff --git a/templates/resources/repository_ruleset.md.tmpl b/templates/resources/repository_ruleset.md.tmpl new file mode 100644 index 0000000000..7062f5c4b8 --- /dev/null +++ b/templates/resources/repository_ruleset.md.tmpl @@ -0,0 +1,269 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates a GitHub repository ruleset. +--- + +# {{.Name}} ({{.Type}}) + +Creates a GitHub repository ruleset. + +This resource allows you to create and manage rulesets on the repository level. When applied, a new ruleset will be created. When destroyed, that ruleset will be removed. + +## Example Usage + +{{ tffile "examples/resources/repository_ruleset/example_1.tf" }} + +## Argument Reference + +- `enforcement` - (Required) (String) Possible values for Enforcement are `disabled`, `active`, `evaluate`. Note: `evaluate` is currently only supported for owners of type `organization`. + +- `name` - (Required) (String) The name of the ruleset. + +- `rules` - (Required) (Block List, Min: 1, Max: 1) Rules within the ruleset. (see [below for nested schema](#rules)) + +- `target` - (Required) (String) Possible values are `branch`, `tag` and `push`. + +- `bypass_actors` - (Optional) (Block List) The actors that can bypass the rules in this ruleset. (see [below for nested schema](#bypass_actors)) + +- `conditions` - (Optional) (Block List, Max: 1) Parameters for a repository ruleset condition. For `branch` and `tag` targets, `ref_name` is required. For `push` targets, `ref_name` must NOT be set - conditions are optional for push targets. (see [below for nested schema](#conditions)) + +- `repository` - (Required) (String) Name of the repository to apply ruleset to. + +### Rules + +The `rules` block supports the following: + +~> **Note:*- Rules are target-specific. `branch` and `tag` targets support rules like `creation`, `deletion`, `pull_request`, `required_status_checks`, etc. `push` targets only support `file_path_restriction`, `max_file_size`, `max_file_path_length`, and `file_extension_restriction`. Using the wrong rules for a target will result in a validation error. + +- `branch_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the branch_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `tag_name_pattern` as it only applied to rulesets with target `branch`. (see [below for nested schema](#rulesbranch_name_pattern)) + +- `commit_author_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_author_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_author_email_pattern)) + +- `commit_message_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the commit_message_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommit_message_pattern)) + +- `committer_email_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the committer_email_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. (see [below for nested schema](#rulescommitter_email_pattern)) + +- `creation` - (Optional) (Boolean) Only allow users with bypass permission to create matching refs. + +- `deletion` - (Optional) (Boolean) Only allow users with bypass permissions to delete matching refs. + +- `non_fast_forward` - (Optional) (Boolean) Prevent users with push access from force pushing to branches. + +- `merge_queue` - (Optional) (Block List, Max: 1) Merges must be performed via a merge queue. (see [below for nested schema](#rulesmerge_queue)) + +- `pull_request` - (Optional) (Block List, Max: 1) Require all commits be made to a non-target branch and submitted via a pull request before they can be merged. (see [below for nested schema](#rulespull_request)) + +- `copilot_code_review` - (Optional) (Block List, Max: 1) Automatically request Copilot code review for new pull requests if the author has access to Copilot code review and their premium requests quota has not reached the limit. (see [below for nested schema](#rulescopilot_code_review)) + +- `required_deployments` - (Optional) (Block List, Max: 1) Choose which environments must be successfully deployed to before branches can be merged into a branch that matches this rule. (see [below for nested schema](#rulesrequired_deployments)) + +- `required_linear_history` - (Optional) (Boolean) Prevent merge commits from being pushed to matching branches. + +- `required_signatures` - (Optional) (Boolean) Commits pushed to matching branches must have verified signatures. + +- `required_status_checks` - (Optional) (Block List, Max: 1) Choose which status checks must pass before branches can be merged into a branch that matches this rule. When enabled, commits must first be pushed to another branch, then merged or pushed directly to a branch that matches this rule after status checks have passed. (see [below for nested schema](#rulesrequired_status_checks)) + +- `tag_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applied to rulesets with target `tag`. (see [below for nested schema](#rulestag_name_pattern)) + +- `required_code_scanning` - (Optional) (Block List, Max: 1) Define which tools must provide code scanning results before the reference is updated. When configured, code scanning must be enabled and have results for both the commit and the reference being updated. Multiple code scanning tools can be specified. (see [below for nested schema](#rulesrequired_code_scanning)) + +- `file_path_restriction` - (Optional) (Block List, Max 1) Parameters to be used for the file_path_restriction rule. When enabled restricts access to files within the repository. (See [below for nested schema](#rulesfile_path_restriction)) + +- `max_file_size` - (Optional) (Block List, Max 1) Parameters to be used for the max_file_size rule. When enabled restricts the maximum size of a file that can be pushed to the repository. (See [below for nested schema](#rulesmax_file_size)) + +- `max_file_path_length` - (Optional) (Block List, Max: 1) Prevent commits that include file paths that exceed a specified character limit from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesmax_file_path_length)) + +- `file_extension_restriction` - (Optional) (Block List, Max: 1) Prevent commits that include files with specified file extensions from being pushed to the commit graph. This rule only applies to rulesets with target `push`. (see [below for nested schema](#rulesfile_extension_restriction)) +- `update` - (Optional) (Boolean) Only allow users with bypass permission to update matching refs. + +- `update_allows_fetch_and_merge` - (Optional) (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter. + +#### rules.branch_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_author_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.commit_message_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.committer_email_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.merge_queue + +- `check_response_timeout_minutes` - (Optional) (Number) Maximum time for a required status check to report a conclusion. After this much time has elapsed, checks that have not reported a conclusion will be assumed to have failed. Defaults to `60`. + +- `grouping_strategy` - (Optional) (String) When set to `ALLGREEN`, the merge commit created by merge queue for each PR in the group must pass all required checks to merge. When set to `HEADGREEN`, only the commit at the head of the merge group, i.e. the commit containing changes from all of the PRs in the group, must pass its required checks to merge. Can be one of: `ALLGREEN`, `HEADGREEN`. Defaults to `ALLGREEN`. + +- `max_entries_to_build` - (Optional) (Number) Limit the number of queued pull requests requesting checks and workflow runs at the same time. Defaults to `5`. + +- `max_entries_to_merge` - (Optional) (Number) Limit the number of queued pull requests that will be merged together in a group. Defaults to `5`. + +- `merge_method` - (Optional) (String) Method to use when merging changes from queued pull requests. Can be one of: `MERGE`, `SQUASH`, `REBASE`. Defaults to `MERGE`. + +- `min_entries_to_merge` - (Optional) (Number) The minimum number of PRs that will be merged together in a group. Defaults to `1`. + +- `min_entries_to_merge_wait_minutes` - (Optional) (Number) The time merge queue should wait after the first PR is added to the queue for the minimum group size to be met. After this time has elapsed, the minimum group size will be ignored and a smaller group will be merged. Defaults to `5`. + +#### rules.pull_request + +- `allowed_merge_methods` - (Optional) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. +- `dismiss_stale_reviews_on_push` - (Optional) (Boolean) New, reviewable commits pushed will dismiss previous pull request review approvals. Defaults to `false`. +- `require_code_owner_review` - (Optional) (Boolean) Require an approving review in pull requests that modify files that have a designated code owner. Defaults to `false`. +- `require_last_push_approval` - (Optional) (Boolean) Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`. +- `required_approving_review_count` - (Optional) (Number) The number of approving reviews that are required before a pull request can be merged. Defaults to `0`. +- `required_review_thread_resolution` - (Optional) (Boolean) All conversations on code must be resolved before a pull request can be merged. Defaults to `false`. + +#### rules.copilot_code_review + +- `review_on_push` - (Optional) (Boolean) Copilot automatically reviews each new push to the pull request. Defaults to `false`. + +- `review_draft_pull_requests` - (Optional) (Boolean) Copilot automatically reviews draft pull requests before they are marked as ready for review. Defaults to `false`. + +- `allowed_merge_methods` - (Required) (List of String, Min: 1) Array of merge methods to be allowed. Allowed values include `merge`, `squash`, and `rebase`. At least one must be enabled. + +- `required_reviewers` - (Optional) (Block List) Require specific reviewers to approve pull requests. Note: This feature is in beta. (see [below for nested schema](#rulespull_requestrequired_reviewers)) + +#### rules.pull_request.required_reviewers + +- `reviewer` - (Required) (Block List, Max: 1) The reviewer that must review matching files. (see [below for nested schema](#rulespull_requestrequired_reviewersreviewer)) + +- `file_patterns` - (Required) (List of String) File patterns (fnmatch syntax) that this reviewer must approve. + +- `minimum_approvals` - (Required) (Number) Minimum number of approvals required from this reviewer. Set to 0 to make approval optional. + +#### rules.pull_request.required_reviewers.reviewer + +- `id` - (Required) (Number) The ID of the reviewer (Team ID). + +- `type` - (Required) (String) The type of reviewer. Currently only `Team` is supported. + +#### rules.required_deployments + +- `required_deployment_environments` - (Required) (List of String) The environments that must be successfully deployed to before branches can be merged. + +#### rules.required_status_checks + +- `required_check` - (Required) (Block Set, Min: 1) Status checks that are required. Several can be defined. (see [below for nested schema](#rulesrequired_status_checksrequired_check)) + +- `strict_required_status_checks_policy` - (Optional) (Boolean) Whether pull requests targeting a matching branch must be tested with the latest code. This setting will not take effect unless at least one status check is enabled. Defaults to `false`. + +- `do_not_enforce_on_create` - (Optional) (Boolean) Allow repositories and branches to be created if a check would otherwise prohibit it. Defaults to `false`. + +#### rules.required_status_checks.required_check + +- `context` - (Required) (String) The status check context name that must be present on the commit. + +- `integration_id` - (Optional) (Number) The optional integration ID that this status check must originate from. It's a GitHub App ID, which can be obtained by following instructions from the [Get an App API docs](https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-app). + +#### rules.tag_name_pattern + +- `operator` - (Required) (String) The operator to use for matching. Can be one of: `starts_with`, `ends_with`, `contains`, `regex`. + +- `pattern` - (Required) (String) The pattern to match with. + +- `name` - (Optional) (String) How this rule will appear to users. + +- `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches. + +#### rules.required_code_scanning + +- `required_code_scanning_tool` - (Required) (Block Set, Min: 1) Actions code scanning tools that are required. Multiple can be defined. (see [below for nested schema](#rulesrequired_code_scanningrequired_code_scanning_tool)) + +#### rules.required_code_scanning.required_code_scanning_tool + +- `alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise alerts block a reference update. Can be one of: `none`, `errors`, `errors_and_warnings`, `all`. + +- `security_alerts_threshold` - (Required) (String) The severity level at which code scanning results that raise security alerts block a reference update. Can be one of: `none`, `critical`, `high_or_higher`, `medium_or_higher`, `all`. + +- `tool` - (Required) (String) The name of a code scanning tool. + +#### rules.file_path_restriction + +- `restricted_file_paths` - (Required) (Block Set, Min: 1) The file paths that are restricted from being pushed to the commit graph. + +#### rules.max_file_size + +- `max_file_size` - (Required) (Integer) The maximum allowed size, in megabytes (MB), of a file. Valid range is 1-100 MB. + +#### rules.max_file_path_length + +- `max_file_path_length` - (Required) (Integer) The maximum number of characters allowed in file paths. + +#### rules.file_extension_restriction + +- `restricted_file_extensions` - (Required) (Block Set, Min: 1) The file extensions that are restricted from being pushed to the commit graph. + +#### bypass_actors + +- `actor_id` - (Optional) (Number) The ID of the actor that can bypass a ruleset. If `actor_type` is `Integration`, `actor_id` is a GitHub App ID. App ID can be obtained by following instructions from the [Get an App API docs](https://docs.github.com/en/rest/apps/apps?apiVersion=2022-11-28#get-an-app). Some actor types such as `DeployKey` do not have an ID. + +- `actor_type` (String) The type of actor that can bypass a ruleset. Can be one of: `RepositoryRole`, `Team`, `Integration`, `OrganizationAdmin`, `DeployKey`. + +- `bypass_mode` - (Optional) (String) When the specified actor can bypass the ruleset. pull_request means that an actor can only bypass rules on pull requests. Can be one of: `always`, `pull_request`, `exempt`. + +~> Note: at the time of writing this, the following actor types correspond to the following actor IDs: + +- `OrganizationAdmin` -> `1` +- `RepositoryRole` (This is the actor type, the following are the base repository roles and their associated IDs.) + - `maintain` -> `2` + - `write` -> `4` + - `admin` -> `5` + +#### conditions + +- `ref_name` - (Optional) (Block List, Max: 1) Required for `branch` and `tag` targets. Must NOT be set for `push` targets. (see [below for nested schema](#conditionsref_name)) + +~> **Note:*- For `push` targets, do not include `ref_name` in conditions. Push rulesets operate on file content, not on refs. The `conditions` block is optional for push targets. + +#### conditions.ref_name + +- `exclude` - (Required) (List of String) Array of ref names or patterns to exclude. The condition will not pass if any of these patterns match. + +- `include` - (Required) (List of String) Array of ref names or patterns to include. One of these patterns must match for the condition to pass. Also accepts `~DEFAULT_BRANCH` to include the default branch or `~ALL` to include all branches. + +## Attributes Reference + +The following additional attributes are exported: + +- `etag` (String) + +- `node_id` (String) GraphQL global node id for use with v4 API. + +- `ruleset_id` (Number) GitHub ID for the ruleset. + +## Import + +GitHub Repository Rulesets can be imported using the GitHub repository name and ruleset ID e.g. + +`$ terraform import github_repository_ruleset.example example:12345` diff --git a/templates/resources/repository_topics.md.tmpl b/templates/resources/repository_topics.md.tmpl new file mode 100644 index 0000000000..0e8a8f6650 --- /dev/null +++ b/templates/resources/repository_topics.md.tmpl @@ -0,0 +1,31 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages the topics on a repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage topics for repositories within your GitHub organization or personal account. + +~> Note: This resource is not compatible with the `topic` attribute of the `github_repository` Use either `github_repository_topics` or `topic` in `github_repository`. `github_repository_topics` is only meant to be used if the repository itself is not handled via terraform, for example if it's only read as a datasource (see [issue #1845](https://github.com/integrations/terraform-provider-github/issues/1845)). + +## Example Usage + +{{ tffile "examples/resources/repository_topics/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository name. + +- `topics` - (Required) A list of topics to add to the repository. + +## Import + +Repository topics can be imported using the `name` of the repository. + +```hcl +$ terraform import github_repository_topics.terraform terraform +``` diff --git a/templates/resources/repository_webhook.md.tmpl b/templates/resources/repository_webhook.md.tmpl new file mode 100644 index 0000000000..0e1ecb5fc5 --- /dev/null +++ b/templates/resources/repository_webhook.md.tmpl @@ -0,0 +1,55 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages repository webhooks within GitHub organizations or personal accounts +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage webhooks for repositories within your GitHub organization or personal account. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing webhook modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +## Example Usage + +{{ tffile "examples/resources/repository_webhook/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The repository of the webhook. + +- `events` - (Required) A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/). + +- `configuration` - (Required) Configuration block for the webhook. [Detailed below.](#configuration) + +- `active` - (Optional) Indicate if the webhook should receive events. Defaults to `true`. + +### configuration + +- `url` - (Required) The URL of the webhook. + +- `content_type` - (Required) The content type for the payload. Valid values are either `form` or `json`. + +- `secret` - (Optional) The shared secret for the webhook. [See API documentation](https://developer.github.com/v3/repos/hooks/#create-a-hook). + +- `insecure_ssl` - (Optional) Insecure SSL boolean toggle. Defaults to `false`. + +## Attributes Reference + +The following additional attributes are exported: + +- `url` - URL of the webhook. This is a sensitive attribute because it may include basic auth credentials. + +## Import + +Repository webhooks can be imported using the `name` of the repository, combined with the `id` of the webhook, separated by a `/` character. The `id` of the webhook can be found in the URL of the webhook. For example: `"https://github.com/foo-org/foo-repo/settings/hooks/14711452"`. + +Importing uses the name of the repository, as well as the ID of the webhook, e.g. + +```hcl +$ terraform import github_repository_webhook.terraform terraform/11235813 +``` + +If secret is populated in the webhook's configuration, the value will be imported as "********". diff --git a/templates/resources/team.md.tmpl b/templates/resources/team.md.tmpl new file mode 100644 index 0000000000..c0305b43c8 --- /dev/null +++ b/templates/resources/team.md.tmpl @@ -0,0 +1,44 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub team resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub team resource. + +This resource allows you to add/remove teams from your organization. When applied, a new team will be created. When destroyed, that team will be removed. + +## Example Usage + +{{ tffile "examples/resources/team/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `name` - (Required) The name of the team. +- `description` - (Optional) A description of the team. +- `privacy` - (Optional) The level of privacy for the team. Must be one of `secret` *(default)- or `closed`. +- `notification_setting` - (Optional) The notification setting for the team. Must be one of `notifications_enabled` *(default)- or `notifications_disabled`. +- `parent_team_id` - (Optional) The ID or slug of the parent team, if this is a nested team. +- `ldap_dn` - (Optional) The LDAP Distinguished Name of the group where membership will be synchronized. Only available in GitHub Enterprise Server. +- `create_default_maintainer` - (**DEPRECATED**) (Optional) Adds a default maintainer to the team. Defaults to `false` and adds the creating user to the team when `true`. + +## Attributes Reference + +The following attributes are exported: + +- `id` - The ID of the created team. +- `node_id` - The Node ID of the created team. +- `slug` - The slug of the created team, which may or may not differ from `name`, depending on whether `name` contains "URL-unsafe" characters. + +## Import + +GitHub Teams can be imported using the GitHub team ID or name e.g. + +```shell +terraform import github_team.core 1234567 +terraform import github_team.core Administrators +``` diff --git a/templates/resources/team_members.md.tmpl b/templates/resources/team_members.md.tmpl new file mode 100644 index 0000000000..99b3c6e8c5 --- /dev/null +++ b/templates/resources/team_members.md.tmpl @@ -0,0 +1,53 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides an authoritative GitHub team members resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub team members resource. + +This resource allows you to manage members of teams in your organization. It sets the requested team members for the team and removes all users not managed by Terraform. + +When applied, if the user hasn't accepted their invitation to the organization, they won't be part of the team until they do. + +When destroyed, all users will be removed from the team. + +~> **Note*- This resource is not compatible with `github_team_membership`. Use either `github_team_members` or `github_team_membership`. + +~> **Note*- You can accidentally lock yourself out of your team using this resource. Deleting a `github_team_members` resource removes access from anyone without organization-level access to the team. Proceed with caution. It should generally only be used with teams fully managed by Terraform. + +~> **Note*- Attempting to set a user who is an organization owner to "member" will result in the user being granted "maintainer" instead; this can result in a perpetual `terraform plan` diff that changes their status back to "member". + +## Example Usage + +{{ tffile "examples/resources/team_members/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The team id or the team slug + +~> **Note*- Although the team id or team slug can be used it is recommended to use the team id. Using the team slug will cause the team members associations to the team to be destroyed and recreated if the team name is updated. + +- `members` - (Required) List of team members. See [Members](#members) below for details. + +### Members + +`members` supports the following arguments: + +- `username` - (Required) The user to add to the team. +- `role` - (Optional) The role of the user within the team. Must be one of `member` or `maintainer`. Defaults to `member`. + +## Import + +~> **Note*- Although the team id or team slug can be used it is recommended to use the team id. Using the team slug will result in terraform doing conversions between the team slug and team id. This will cause team members associations to the team to be destroyed and recreated on import. + +GitHub Team Membership can be imported using the team ID team id or team slug, e.g. + +```hcl +$ terraform import github_team_members.some_team 1234567 +$ terraform import github_team_members.some_team Administrators +``` diff --git a/templates/resources/team_membership.md.tmpl b/templates/resources/team_membership.md.tmpl new file mode 100644 index 0000000000..fb41a59418 --- /dev/null +++ b/templates/resources/team_membership.md.tmpl @@ -0,0 +1,36 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub team membership resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub team membership resource. + +This resource allows you to add/remove users from teams in your organization. When applied, the user will be added to the team. If the user hasn't accepted their invitation to the organization, they won't be part of the team until they do. When destroyed, the user will be removed from the team. + +~> **Note*- This resource is not compatible with `github_team_members`. Use either `github_team_members` or `github_team_membership`. + +~> **Note*- Organization owners may not be set as "members" of a team; they may only be set as "maintainers". Attempting to set an organization owner as a "member" of a team may result in a `terraform plan` diff that changes their status back to "maintainer". + +## Example Usage + +{{ tffile "examples/resources/team_membership/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug +- `username` - (Required) The user to add to the team. +- `role` - (Optional) The role of the user within the team. Must be one of `member` or `maintainer`. Defaults to `member`. + +## Import + +GitHub Team Membership can be imported using an ID made up of `teamid:username` or `teamname:username`, e.g. + +```hcl +$ terraform import github_team_membership.member 1234567:someuser +$ terraform import github_team_membership.member Administrators:someuser +``` diff --git a/templates/resources/team_repository.md.tmpl b/templates/resources/team_repository.md.tmpl new file mode 100644 index 0000000000..49d2838b64 --- /dev/null +++ b/templates/resources/team_repository.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages the associations between teams and repositories. +--- + +# {{.Name}} ({{.Type}}) + +~> Note: github_team_repository cannot be used in conjunction with github_repository_collaborators or they will fight over what your policy should be. + +This resource manages relationships between teams and repositories in your GitHub organization. + +Creating this resource grants a particular team permissions on a particular repository. + +The repository and the team must both belong to the same organization on GitHub. + +~> **Note on Archived Repositories**: When a repository is archived, GitHub makes it read-only, preventing team permission modifications. If you attempt to destroy resources associated with archived repositories, the provider will gracefully handle the operation by logging an informational message and removing the resource from Terraform state without attempting to modify the archived repository. + +This resource is non-authoritative, for managing ALL collaborators of a repo, use github_repository_collaborators instead. + +## Example Usage + +{{ tffile "examples/resources/team_repository/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug +- `repository` - (Required) The repository to add to the team. +- `permission` - (Optional) The permissions of team members regarding the repository. Must be one of `pull`, `triage`, `push`, `maintain`, `admin` or the name of an existing [custom repository role](https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-peoples-access-to-your-organization-with-roles/managing-custom-repository-roles-for-an-organization) within the organisation. Defaults to `pull`. + +## Import + +GitHub Team Repository can be imported using an ID made up of `team_id:repository` or `team_name:repository`, e.g. + +```hcl +$ terraform import github_team_repository.terraform_repo 1234567:terraform +$ terraform import github_team_repository.terraform_repo Administrators:terraform +``` diff --git a/templates/resources/team_settings.md.tmpl b/templates/resources/team_settings.md.tmpl new file mode 100644 index 0000000000..f2d83aeb6a --- /dev/null +++ b/templates/resources/team_settings.md.tmpl @@ -0,0 +1,48 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Manages the team settings (in particular the request review delegation settings) +--- + +# {{.Name}} ({{.Type}}) + +This resource manages the team settings (in particular the request review delegation settings) within the organization + +Creating this resource will alter the team Code Review settings. + +The team must both belong to the same organization configured in the provider on GitHub. + +~> **Note**: This resource relies on the v4 GraphQl GitHub API. If this API is not available, or the Stone Crop schema preview is not available, then this resource will not work as intended. + +## Example Usage + +{{ tffile "examples/resources/team_settings/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_id` - (Required) The GitHub team id or the GitHub team slug +- `review_request_delegation` - (Optional) The settings for delegating code reviews to individuals on behalf of the team. If this block is present, even without any fields, then review request delegation will be enabled for the team. See [GitHub Review Request Delegation](#github-review-request-delegation-configuration) below for details. See [GitHub's documentation](https://docs.github.com/en/organizations/organizing-members-into-teams/managing-code-review-settings-for-your-team#configuring-team-notifications) for more configuration details. + +### GitHub Review Request Delegation Configuration + +The following arguments are supported: + +- `algorithm` - (Optional) The algorithm to use when assigning pull requests to team members. Supported values are `ROUND_ROBIN` and `LOAD_BALANCE`. Default value is `ROUND_ROBIN` +- `member_count` - (Optional) The number of team members to assign to a pull request +- `notify` - (Optional) whether to notify the entire team when at least one member is also assigned to the pull request + +## Import + +GitHub Teams can be imported using the GitHub team ID, or the team slug e.g. + +```hcl +$ terraform import github_team.code_review_settings 1234567 +``` + +or, + +```hcl +$ terraform import github_team_settings.code_review_settings SomeTeam +``` diff --git a/templates/resources/team_sync_group_mapping.md.tmpl b/templates/resources/team_sync_group_mapping.md.tmpl new file mode 100644 index 0000000000..f31dbf1c74 --- /dev/null +++ b/templates/resources/team_sync_group_mapping.md.tmpl @@ -0,0 +1,40 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Creates and manages the connections between a team and its IdP group(s). +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to create and manage Identity Provider (IdP) group connections within your GitHub teams. You must have team synchronization enabled for organizations owned by enterprise accounts. + +To learn more about team synchronization between IdPs and GitHub, please refer to: + +## Example Usage + +{{ tffile "examples/resources/team_sync_group_mapping/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `team_slug` - (Required) Slug of the team +- `group` - (Required) An Array of GitHub Identity Provider Groups (or empty []). Each `group` block consists of the fields documented below. + +--- + +The `group` block consists of: + +- `group_id` - The ID of the IdP group. + +- `group_name` - The name of the IdP group. + +- `group_description` - The description of the IdP group. + +## Import + +GitHub Team Sync Group Mappings can be imported using the GitHub team `slug` e.g. + +```hcl +$ terraform import github_team_sync_group_mapping.example some_team +``` diff --git a/templates/resources/user_gpg_key.md.tmpl b/templates/resources/user_gpg_key.md.tmpl new file mode 100644 index 0000000000..07829cde6b --- /dev/null +++ b/templates/resources/user_gpg_key.md.tmpl @@ -0,0 +1,32 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub user's GPG key resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub user's GPG key resource. + +This resource allows you to add/remove GPG keys from your user account. + +## Example Usage + +{{ tffile "examples/resources/user_gpg_key/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `armored_public_key` - (Required) Your public GPG key, generated in ASCII-armored format. See [Generating a new GPG key](https://help.github.com/articles/generating-a-new-gpg-key/) for help on creating a GPG key. + +## Attributes Reference + +The following attributes are exported: + +- `id` - The GitHub ID of the GPG key, e.g. `401586` +- `key_id` - The key ID of the GPG key, e.g. `3262EFF25BA0D270` + +## Import + +GPG keys are not importable due to the fact that [API](https://developer.github.com/v3/users/gpg_keys/#gpg-keys) does not return previously uploaded GPG key. diff --git a/templates/resources/user_invitation_accepter.md.tmpl b/templates/resources/user_invitation_accepter.md.tmpl new file mode 100644 index 0000000000..1f21d70ca1 --- /dev/null +++ b/templates/resources/user_invitation_accepter.md.tmpl @@ -0,0 +1,30 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a resource to manage GitHub repository collaborator invitations. +--- + +# {{.Name}} ({{.Type}}) + +Provides a resource to manage GitHub repository collaborator invitations. + +## Example Usage + +{{ tffile "examples/resources/user_invitation_accepter/example_1.tf" }} + +## Allowing empty invitation IDs + +Set `allow_empty_id` when using `for_each` over a list of `github_repository_collaborator.invitation_id`'s. + +This allows applying a module again when a new `github_repository_collaborator` resource is added to the `for_each` loop. This is needed as the `github_repository_collaborator.invitation_id` will be empty after a state refresh when the invitation has been accepted. + +Note that when an invitation is accepted manually or by another tool between a state refresh and a `terraform apply` using that refreshed state, the plan will contain the invitation ID, but the apply will receive an HTTP 404 from the API since the invitation has already been accepted. + +This is tracked in [#1157](https://github.com/integrations/terraform-provider-github/issues/1157). + +## Argument Reference + +The following arguments are supported: + +- `invitation_id` - (Optional) ID of the invitation to accept. Must be set when `allow_empty_id` is `false`. +- `allow_empty_id` - (Optional) Allow the ID to be unset. This will result in the resource being skipped when the ID is not set instead of returning an error. diff --git a/templates/resources/user_ssh_key.md.tmpl b/templates/resources/user_ssh_key.md.tmpl new file mode 100644 index 0000000000..7a073a4051 --- /dev/null +++ b/templates/resources/user_ssh_key.md.tmpl @@ -0,0 +1,37 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Provides a GitHub user's SSH key resource. +--- + +# {{.Name}} ({{.Type}}) + +Provides a GitHub user's SSH key resource. + +This resource allows you to add/remove SSH keys from your user account. + +## Example Usage + +{{ tffile "examples/resources/user_ssh_key/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `title` - (Required) A descriptive name for the new key. e.g. `Personal MacBook Air` +- `key` - (Required) The public SSH key to add to your GitHub account. + +## Attributes Reference + +The following attributes are exported: + +- `id` - The ID of the SSH key +- `url` - The URL of the SSH key + +## Import + +SSH keys can be imported using their ID e.g. + +```hcl +$ terraform import github_user_ssh_key.example 1234567 +``` diff --git a/templates/resources/workflow_repository_permissions.md.tmpl b/templates/resources/workflow_repository_permissions.md.tmpl new file mode 100644 index 0000000000..d1e06c53f4 --- /dev/null +++ b/templates/resources/workflow_repository_permissions.md.tmpl @@ -0,0 +1,29 @@ +--- +page_title: "{{.Name}} ({{.Type}}) - {{.RenderedProviderName}}" +description: |- + Enables and manages Workflow permissions for a GitHub repository +--- + +# {{.Name}} ({{.Type}}) + +This resource allows you to manage GitHub Workflow permissions for a given repository. You must have admin access to a repository to use this resource. + +## Example Usage + +{{ tffile "examples/resources/workflow_repository_permissions/example_1.tf" }} + +## Argument Reference + +The following arguments are supported: + +- `repository` - (Required) The GitHub repository +- `default_workflow_permissions` - (Optional) The default workflow permissions granted to the GITHUB_TOKEN when running workflows. Can be one of: `read` or `write`. +- `can_approve_pull_request_reviews` - (Optional) Whether GitHub Actions can approve pull requests. Enabling this can be a security risk. + +## Import + +This resource can be imported using the name of the GitHub repository: + +```hcl +$ terraform import github_workflow_repository_permissions.test my-repository +``` diff --git a/vendor/github.com/ProtonMail/go-crypto/AUTHORS b/vendor/github.com/ProtonMail/go-crypto/AUTHORS deleted file mode 100644 index 2b00ddba0d..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/AUTHORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code refers to The Go Authors for copyright purposes. -# The master list of authors is in the main Go distribution, -# visible at https://tip.golang.org/AUTHORS. diff --git a/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS b/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS deleted file mode 100644 index 1fbd3e976f..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS +++ /dev/null @@ -1,3 +0,0 @@ -# This source code was written by the Go contributors. -# The master list of contributors is in the main Go distribution, -# visible at https://tip.golang.org/CONTRIBUTORS. diff --git a/vendor/github.com/ProtonMail/go-crypto/LICENSE b/vendor/github.com/ProtonMail/go-crypto/LICENSE deleted file mode 100644 index 6a66aea5ea..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/ProtonMail/go-crypto/PATENTS b/vendor/github.com/ProtonMail/go-crypto/PATENTS deleted file mode 100644 index 733099041f..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/PATENTS +++ /dev/null @@ -1,22 +0,0 @@ -Additional IP Rights Grant (Patents) - -"This implementation" means the copyrightable works distributed by -Google as part of the Go project. - -Google hereby grants to You a perpetual, worldwide, non-exclusive, -no-charge, royalty-free, irrevocable (except as stated in this section) -patent license to make, have made, use, offer to sell, sell, import, -transfer and otherwise run, modify and propagate the contents of this -implementation of Go, where such license applies only to those patent -claims, both currently owned or controlled by Google and acquired in -the future, licensable by Google that are necessarily infringed by this -implementation of Go. This grant does not include claims that would be -infringed only as a consequence of further modification of this -implementation. If you or your agent or exclusive licensee institute or -order or agree to the institution of patent litigation against any -entity (including a cross-claim or counterclaim in a lawsuit) alleging -that this implementation of Go or any code incorporated within this -implementation of Go constitutes direct or contributory patent -infringement, or inducement of patent infringement, then any patent -rights granted to you under this License for this implementation of Go -shall terminate as of the date such litigation is filed. diff --git a/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go b/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go deleted file mode 100644 index c85e6befec..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go +++ /dev/null @@ -1,381 +0,0 @@ -package bitcurves - -// Copyright 2010 The Go Authors. All rights reserved. -// Copyright 2011 ThePiachu. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package bitelliptic implements several Koblitz elliptic curves over prime -// fields. - -// This package operates, internally, on Jacobian coordinates. For a given -// (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1) -// where x = x1/z1² and y = y1/z1³. The greatest speedups come when the whole -// calculation can be performed within the transform (as in ScalarMult and -// ScalarBaseMult). But even for Add and Double, it's faster to apply and -// reverse the transform than to operate in affine coordinates. - -import ( - "crypto/elliptic" - "io" - "math/big" - "sync" -) - -// A BitCurve represents a Koblitz Curve with a=0. -// See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html -type BitCurve struct { - Name string - P *big.Int // the order of the underlying field - N *big.Int // the order of the base point - B *big.Int // the constant of the BitCurve equation - Gx, Gy *big.Int // (x,y) of the base point - BitSize int // the size of the underlying field -} - -// Params returns the parameters of the given BitCurve (see BitCurve struct) -func (bitCurve *BitCurve) Params() (cp *elliptic.CurveParams) { - cp = new(elliptic.CurveParams) - cp.Name = bitCurve.Name - cp.P = bitCurve.P - cp.N = bitCurve.N - cp.Gx = bitCurve.Gx - cp.Gy = bitCurve.Gy - cp.BitSize = bitCurve.BitSize - return cp -} - -// IsOnCurve returns true if the given (x,y) lies on the BitCurve. -func (bitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool { - // y² = x³ + b - y2 := new(big.Int).Mul(y, y) //y² - y2.Mod(y2, bitCurve.P) //y²%P - - x3 := new(big.Int).Mul(x, x) //x² - x3.Mul(x3, x) //x³ - - x3.Add(x3, bitCurve.B) //x³+B - x3.Mod(x3, bitCurve.P) //(x³+B)%P - - return x3.Cmp(y2) == 0 -} - -// affineFromJacobian reverses the Jacobian transform. See the comment at the -// top of the file. -func (bitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) { - if z.Cmp(big.NewInt(0)) == 0 { - panic("bitcurve: Can't convert to affine with Jacobian Z = 0") - } - // x = YZ^2 mod P - zinv := new(big.Int).ModInverse(z, bitCurve.P) - zinvsq := new(big.Int).Mul(zinv, zinv) - - xOut = new(big.Int).Mul(x, zinvsq) - xOut.Mod(xOut, bitCurve.P) - // y = YZ^3 mod P - zinvsq.Mul(zinvsq, zinv) - yOut = new(big.Int).Mul(y, zinvsq) - yOut.Mod(yOut, bitCurve.P) - return xOut, yOut -} - -// Add returns the sum of (x1,y1) and (x2,y2) -func (bitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) { - z := new(big.Int).SetInt64(1) - x, y, z := bitCurve.addJacobian(x1, y1, z, x2, y2, z) - return bitCurve.affineFromJacobian(x, y, z) -} - -// addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and -// (x2, y2, z2) and returns their sum, also in Jacobian form. -func (bitCurve *BitCurve) addJacobian(x1, y1, z1, x2, y2, z2 *big.Int) (*big.Int, *big.Int, *big.Int) { - // See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl - z1z1 := new(big.Int).Mul(z1, z1) - z1z1.Mod(z1z1, bitCurve.P) - z2z2 := new(big.Int).Mul(z2, z2) - z2z2.Mod(z2z2, bitCurve.P) - - u1 := new(big.Int).Mul(x1, z2z2) - u1.Mod(u1, bitCurve.P) - u2 := new(big.Int).Mul(x2, z1z1) - u2.Mod(u2, bitCurve.P) - h := new(big.Int).Sub(u2, u1) - if h.Sign() == -1 { - h.Add(h, bitCurve.P) - } - i := new(big.Int).Lsh(h, 1) - i.Mul(i, i) - j := new(big.Int).Mul(h, i) - - s1 := new(big.Int).Mul(y1, z2) - s1.Mul(s1, z2z2) - s1.Mod(s1, bitCurve.P) - s2 := new(big.Int).Mul(y2, z1) - s2.Mul(s2, z1z1) - s2.Mod(s2, bitCurve.P) - r := new(big.Int).Sub(s2, s1) - if r.Sign() == -1 { - r.Add(r, bitCurve.P) - } - r.Lsh(r, 1) - v := new(big.Int).Mul(u1, i) - - x3 := new(big.Int).Set(r) - x3.Mul(x3, x3) - x3.Sub(x3, j) - x3.Sub(x3, v) - x3.Sub(x3, v) - x3.Mod(x3, bitCurve.P) - - y3 := new(big.Int).Set(r) - v.Sub(v, x3) - y3.Mul(y3, v) - s1.Mul(s1, j) - s1.Lsh(s1, 1) - y3.Sub(y3, s1) - y3.Mod(y3, bitCurve.P) - - z3 := new(big.Int).Add(z1, z2) - z3.Mul(z3, z3) - z3.Sub(z3, z1z1) - if z3.Sign() == -1 { - z3.Add(z3, bitCurve.P) - } - z3.Sub(z3, z2z2) - if z3.Sign() == -1 { - z3.Add(z3, bitCurve.P) - } - z3.Mul(z3, h) - z3.Mod(z3, bitCurve.P) - - return x3, y3, z3 -} - -// Double returns 2*(x,y) -func (bitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) { - z1 := new(big.Int).SetInt64(1) - return bitCurve.affineFromJacobian(bitCurve.doubleJacobian(x1, y1, z1)) -} - -// doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and -// returns its double, also in Jacobian form. -func (bitCurve *BitCurve) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, *big.Int) { - // See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l - - a := new(big.Int).Mul(x, x) //X1² - b := new(big.Int).Mul(y, y) //Y1² - c := new(big.Int).Mul(b, b) //B² - - d := new(big.Int).Add(x, b) //X1+B - d.Mul(d, d) //(X1+B)² - d.Sub(d, a) //(X1+B)²-A - d.Sub(d, c) //(X1+B)²-A-C - d.Mul(d, big.NewInt(2)) //2*((X1+B)²-A-C) - - e := new(big.Int).Mul(big.NewInt(3), a) //3*A - f := new(big.Int).Mul(e, e) //E² - - x3 := new(big.Int).Mul(big.NewInt(2), d) //2*D - x3.Sub(f, x3) //F-2*D - x3.Mod(x3, bitCurve.P) - - y3 := new(big.Int).Sub(d, x3) //D-X3 - y3.Mul(e, y3) //E*(D-X3) - y3.Sub(y3, new(big.Int).Mul(big.NewInt(8), c)) //E*(D-X3)-8*C - y3.Mod(y3, bitCurve.P) - - z3 := new(big.Int).Mul(y, z) //Y1*Z1 - z3.Mul(big.NewInt(2), z3) //3*Y1*Z1 - z3.Mod(z3, bitCurve.P) - - return x3, y3, z3 -} - -// TODO: double check if it is okay -// ScalarMult returns k*(Bx,By) where k is a number in big-endian form. -func (bitCurve *BitCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) { - // We have a slight problem in that the identity of the group (the - // point at infinity) cannot be represented in (x, y) form on a finite - // machine. Thus the standard add/double algorithm has to be tweaked - // slightly: our initial state is not the identity, but x, and we - // ignore the first true bit in |k|. If we don't find any true bits in - // |k|, then we return nil, nil, because we cannot return the identity - // element. - - Bz := new(big.Int).SetInt64(1) - x := Bx - y := By - z := Bz - - seenFirstTrue := false - for _, byte := range k { - for bitNum := 0; bitNum < 8; bitNum++ { - if seenFirstTrue { - x, y, z = bitCurve.doubleJacobian(x, y, z) - } - if byte&0x80 == 0x80 { - if !seenFirstTrue { - seenFirstTrue = true - } else { - x, y, z = bitCurve.addJacobian(Bx, By, Bz, x, y, z) - } - } - byte <<= 1 - } - } - - if !seenFirstTrue { - return nil, nil - } - - return bitCurve.affineFromJacobian(x, y, z) -} - -// ScalarBaseMult returns k*G, where G is the base point of the group and k is -// an integer in big-endian form. -func (bitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) { - return bitCurve.ScalarMult(bitCurve.Gx, bitCurve.Gy, k) -} - -var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f} - -// TODO: double check if it is okay -// GenerateKey returns a public/private key pair. The private key is generated -// using the given reader, which must return random data. -func (bitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) { - byteLen := (bitCurve.BitSize + 7) >> 3 - priv = make([]byte, byteLen) - - for x == nil { - _, err = io.ReadFull(rand, priv) - if err != nil { - return - } - // We have to mask off any excess bits in the case that the size of the - // underlying field is not a whole number of bytes. - priv[0] &= mask[bitCurve.BitSize%8] - // This is because, in tests, rand will return all zeros and we don't - // want to get the point at infinity and loop forever. - priv[1] ^= 0x42 - x, y = bitCurve.ScalarBaseMult(priv) - } - return -} - -// Marshal converts a point into the form specified in section 4.3.6 of ANSI -// X9.62. -func (bitCurve *BitCurve) Marshal(x, y *big.Int) []byte { - byteLen := (bitCurve.BitSize + 7) >> 3 - - ret := make([]byte, 1+2*byteLen) - ret[0] = 4 // uncompressed point - - xBytes := x.Bytes() - copy(ret[1+byteLen-len(xBytes):], xBytes) - yBytes := y.Bytes() - copy(ret[1+2*byteLen-len(yBytes):], yBytes) - return ret -} - -// Unmarshal converts a point, serialised by Marshal, into an x, y pair. On -// error, x = nil. -func (bitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int) { - byteLen := (bitCurve.BitSize + 7) >> 3 - if len(data) != 1+2*byteLen { - return - } - if data[0] != 4 { // uncompressed form - return - } - x = new(big.Int).SetBytes(data[1 : 1+byteLen]) - y = new(big.Int).SetBytes(data[1+byteLen:]) - return -} - -//curve parameters taken from: -//http://www.secg.org/collateral/sec2_final.pdf - -var initonce sync.Once -var secp160k1 *BitCurve -var secp192k1 *BitCurve -var secp224k1 *BitCurve -var secp256k1 *BitCurve - -func initAll() { - initS160() - initS192() - initS224() - initS256() -} - -func initS160() { - // See SEC 2 section 2.4.1 - secp160k1 = new(BitCurve) - secp160k1.Name = "secp160k1" - secp160k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16) - secp160k1.N, _ = new(big.Int).SetString("0100000000000000000001B8FA16DFAB9ACA16B6B3", 16) - secp160k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000007", 16) - secp160k1.Gx, _ = new(big.Int).SetString("3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 16) - secp160k1.Gy, _ = new(big.Int).SetString("938CF935318FDCED6BC28286531733C3F03C4FEE", 16) - secp160k1.BitSize = 160 -} - -func initS192() { - // See SEC 2 section 2.5.1 - secp192k1 = new(BitCurve) - secp192k1.Name = "secp192k1" - secp192k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 16) - secp192k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 16) - secp192k1.B, _ = new(big.Int).SetString("000000000000000000000000000000000000000000000003", 16) - secp192k1.Gx, _ = new(big.Int).SetString("DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 16) - secp192k1.Gy, _ = new(big.Int).SetString("9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 16) - secp192k1.BitSize = 192 -} - -func initS224() { - // See SEC 2 section 2.6.1 - secp224k1 = new(BitCurve) - secp224k1.Name = "secp224k1" - secp224k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 16) - secp224k1.N, _ = new(big.Int).SetString("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 16) - secp224k1.B, _ = new(big.Int).SetString("00000000000000000000000000000000000000000000000000000005", 16) - secp224k1.Gx, _ = new(big.Int).SetString("A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 16) - secp224k1.Gy, _ = new(big.Int).SetString("7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 16) - secp224k1.BitSize = 224 -} - -func initS256() { - // See SEC 2 section 2.7.1 - secp256k1 = new(BitCurve) - secp256k1.Name = "secp256k1" - secp256k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16) - secp256k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16) - secp256k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000000000000000000000000000007", 16) - secp256k1.Gx, _ = new(big.Int).SetString("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16) - secp256k1.Gy, _ = new(big.Int).SetString("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 16) - secp256k1.BitSize = 256 -} - -// S160 returns a BitCurve which implements secp160k1 (see SEC 2 section 2.4.1) -func S160() *BitCurve { - initonce.Do(initAll) - return secp160k1 -} - -// S192 returns a BitCurve which implements secp192k1 (see SEC 2 section 2.5.1) -func S192() *BitCurve { - initonce.Do(initAll) - return secp192k1 -} - -// S224 returns a BitCurve which implements secp224k1 (see SEC 2 section 2.6.1) -func S224() *BitCurve { - initonce.Do(initAll) - return secp224k1 -} - -// S256 returns a BitCurve which implements bitcurves (see SEC 2 section 2.7.1) -func S256() *BitCurve { - initonce.Do(initAll) - return secp256k1 -} diff --git a/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go b/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go deleted file mode 100644 index cb6676de24..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go +++ /dev/null @@ -1,134 +0,0 @@ -// Package brainpool implements Brainpool elliptic curves. -// Implementation of rcurves is from github.com/ebfe/brainpool -// Note that these curves are implemented with naive, non-constant time operations -// and are likely not suitable for environments where timing attacks are a concern. -package brainpool - -import ( - "crypto/elliptic" - "math/big" - "sync" -) - -var ( - once sync.Once - p256t1, p384t1, p512t1 *elliptic.CurveParams - p256r1, p384r1, p512r1 *rcurve -) - -func initAll() { - initP256t1() - initP384t1() - initP512t1() - initP256r1() - initP384r1() - initP512r1() -} - -func initP256t1() { - p256t1 = &elliptic.CurveParams{Name: "brainpoolP256t1"} - p256t1.P, _ = new(big.Int).SetString("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16) - p256t1.N, _ = new(big.Int).SetString("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16) - p256t1.B, _ = new(big.Int).SetString("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16) - p256t1.Gx, _ = new(big.Int).SetString("A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4", 16) - p256t1.Gy, _ = new(big.Int).SetString("2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE", 16) - p256t1.BitSize = 256 -} - -func initP256r1() { - twisted := p256t1 - params := &elliptic.CurveParams{ - Name: "brainpoolP256r1", - P: twisted.P, - N: twisted.N, - BitSize: twisted.BitSize, - } - params.Gx, _ = new(big.Int).SetString("8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 16) - params.Gy, _ = new(big.Int).SetString("547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 16) - z, _ := new(big.Int).SetString("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0", 16) - p256r1 = newrcurve(twisted, params, z) -} - -func initP384t1() { - p384t1 = &elliptic.CurveParams{Name: "brainpoolP384t1"} - p384t1.P, _ = new(big.Int).SetString("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16) - p384t1.N, _ = new(big.Int).SetString("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16) - p384t1.B, _ = new(big.Int).SetString("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16) - p384t1.Gx, _ = new(big.Int).SetString("18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946A5F54D8D0AA2F418808CC", 16) - p384t1.Gy, _ = new(big.Int).SetString("25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC2B2912675BF5B9E582928", 16) - p384t1.BitSize = 384 -} - -func initP384r1() { - twisted := p384t1 - params := &elliptic.CurveParams{ - Name: "brainpoolP384r1", - P: twisted.P, - N: twisted.N, - BitSize: twisted.BitSize, - } - params.Gx, _ = new(big.Int).SetString("1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", 16) - params.Gy, _ = new(big.Int).SetString("8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", 16) - z, _ := new(big.Int).SetString("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C", 16) - p384r1 = newrcurve(twisted, params, z) -} - -func initP512t1() { - p512t1 = &elliptic.CurveParams{Name: "brainpoolP512t1"} - p512t1.P, _ = new(big.Int).SetString("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16) - p512t1.N, _ = new(big.Int).SetString("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16) - p512t1.B, _ = new(big.Int).SetString("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16) - p512t1.Gx, _ = new(big.Int).SetString("640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA", 16) - p512t1.Gy, _ = new(big.Int).SetString("5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332", 16) - p512t1.BitSize = 512 -} - -func initP512r1() { - twisted := p512t1 - params := &elliptic.CurveParams{ - Name: "brainpoolP512r1", - P: twisted.P, - N: twisted.N, - BitSize: twisted.BitSize, - } - params.Gx, _ = new(big.Int).SetString("81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", 16) - params.Gy, _ = new(big.Int).SetString("7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", 16) - z, _ := new(big.Int).SetString("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB", 16) - p512r1 = newrcurve(twisted, params, z) -} - -// P256t1 returns a Curve which implements Brainpool P256t1 (see RFC 5639, section 3.4) -func P256t1() elliptic.Curve { - once.Do(initAll) - return p256t1 -} - -// P256r1 returns a Curve which implements Brainpool P256r1 (see RFC 5639, section 3.4) -func P256r1() elliptic.Curve { - once.Do(initAll) - return p256r1 -} - -// P384t1 returns a Curve which implements Brainpool P384t1 (see RFC 5639, section 3.6) -func P384t1() elliptic.Curve { - once.Do(initAll) - return p384t1 -} - -// P384r1 returns a Curve which implements Brainpool P384r1 (see RFC 5639, section 3.6) -func P384r1() elliptic.Curve { - once.Do(initAll) - return p384r1 -} - -// P512t1 returns a Curve which implements Brainpool P512t1 (see RFC 5639, section 3.7) -func P512t1() elliptic.Curve { - once.Do(initAll) - return p512t1 -} - -// P512r1 returns a Curve which implements Brainpool P512r1 (see RFC 5639, section 3.7) -func P512r1() elliptic.Curve { - once.Do(initAll) - return p512r1 -} diff --git a/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go b/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go deleted file mode 100644 index 7e291d6aa4..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go +++ /dev/null @@ -1,83 +0,0 @@ -package brainpool - -import ( - "crypto/elliptic" - "math/big" -) - -var _ elliptic.Curve = (*rcurve)(nil) - -type rcurve struct { - twisted elliptic.Curve - params *elliptic.CurveParams - z *big.Int - zinv *big.Int - z2 *big.Int - z3 *big.Int - zinv2 *big.Int - zinv3 *big.Int -} - -var ( - two = big.NewInt(2) - three = big.NewInt(3) -) - -func newrcurve(twisted elliptic.Curve, params *elliptic.CurveParams, z *big.Int) *rcurve { - zinv := new(big.Int).ModInverse(z, params.P) - return &rcurve{ - twisted: twisted, - params: params, - z: z, - zinv: zinv, - z2: new(big.Int).Exp(z, two, params.P), - z3: new(big.Int).Exp(z, three, params.P), - zinv2: new(big.Int).Exp(zinv, two, params.P), - zinv3: new(big.Int).Exp(zinv, three, params.P), - } -} - -func (curve *rcurve) toTwisted(x, y *big.Int) (*big.Int, *big.Int) { - var tx, ty big.Int - tx.Mul(x, curve.z2) - tx.Mod(&tx, curve.params.P) - ty.Mul(y, curve.z3) - ty.Mod(&ty, curve.params.P) - return &tx, &ty -} - -func (curve *rcurve) fromTwisted(tx, ty *big.Int) (*big.Int, *big.Int) { - var x, y big.Int - x.Mul(tx, curve.zinv2) - x.Mod(&x, curve.params.P) - y.Mul(ty, curve.zinv3) - y.Mod(&y, curve.params.P) - return &x, &y -} - -func (curve *rcurve) Params() *elliptic.CurveParams { - return curve.params -} - -func (curve *rcurve) IsOnCurve(x, y *big.Int) bool { - return curve.twisted.IsOnCurve(curve.toTwisted(x, y)) -} - -func (curve *rcurve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) { - tx1, ty1 := curve.toTwisted(x1, y1) - tx2, ty2 := curve.toTwisted(x2, y2) - return curve.fromTwisted(curve.twisted.Add(tx1, ty1, tx2, ty2)) -} - -func (curve *rcurve) Double(x1, y1 *big.Int) (x, y *big.Int) { - return curve.fromTwisted(curve.twisted.Double(curve.toTwisted(x1, y1))) -} - -func (curve *rcurve) ScalarMult(x1, y1 *big.Int, scalar []byte) (x, y *big.Int) { - tx1, ty1 := curve.toTwisted(x1, y1) - return curve.fromTwisted(curve.twisted.ScalarMult(tx1, ty1, scalar)) -} - -func (curve *rcurve) ScalarBaseMult(scalar []byte) (x, y *big.Int) { - return curve.fromTwisted(curve.twisted.ScalarBaseMult(scalar)) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/eax/eax.go b/vendor/github.com/ProtonMail/go-crypto/eax/eax.go deleted file mode 100644 index 3ae91d594c..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/eax/eax.go +++ /dev/null @@ -1,162 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG - -// Package eax provides an implementation of the EAX -// (encrypt-authenticate-translate) mode of operation, as described in -// Bellare, Rogaway, and Wagner "THE EAX MODE OF OPERATION: A TWO-PASS -// AUTHENTICATED-ENCRYPTION SCHEME OPTIMIZED FOR SIMPLICITY AND EFFICIENCY." -// In FSE'04, volume 3017 of LNCS, 2004 -package eax - -import ( - "crypto/cipher" - "crypto/subtle" - "errors" - "github.com/ProtonMail/go-crypto/internal/byteutil" -) - -const ( - defaultTagSize = 16 - defaultNonceSize = 16 -) - -type eax struct { - block cipher.Block // Only AES-{128, 192, 256} supported - tagSize int // At least 12 bytes recommended - nonceSize int -} - -func (e *eax) NonceSize() int { - return e.nonceSize -} - -func (e *eax) Overhead() int { - return e.tagSize -} - -// NewEAX returns an EAX instance with AES-{KEYLENGTH} and default nonce and -// tag lengths. Supports {128, 192, 256}- bit key length. -func NewEAX(block cipher.Block) (cipher.AEAD, error) { - return NewEAXWithNonceAndTagSize(block, defaultNonceSize, defaultTagSize) -} - -// NewEAXWithNonceAndTagSize returns an EAX instance with AES-{keyLength} and -// given nonce and tag lengths in bytes. Panics on zero nonceSize and -// exceedingly long tags. -// -// It is recommended to use at least 12 bytes as tag length (see, for instance, -// NIST SP 800-38D). -// -// Only to be used for compatibility with existing cryptosystems with -// non-standard parameters. For all other cases, prefer NewEAX. -func NewEAXWithNonceAndTagSize( - block cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) { - if nonceSize < 1 { - return nil, eaxError("Cannot initialize EAX with nonceSize = 0") - } - if tagSize > block.BlockSize() { - return nil, eaxError("Custom tag length exceeds blocksize") - } - return &eax{ - block: block, - tagSize: tagSize, - nonceSize: nonceSize, - }, nil -} - -func (e *eax) Seal(dst, nonce, plaintext, adata []byte) []byte { - if len(nonce) > e.nonceSize { - panic("crypto/eax: Nonce too long for this instance") - } - ret, out := byteutil.SliceForAppend(dst, len(plaintext)+e.tagSize) - omacNonce := e.omacT(0, nonce) - omacAdata := e.omacT(1, adata) - - // Encrypt message using CTR mode and omacNonce as IV - ctr := cipher.NewCTR(e.block, omacNonce) - ciphertextData := out[:len(plaintext)] - ctr.XORKeyStream(ciphertextData, plaintext) - - omacCiphertext := e.omacT(2, ciphertextData) - - tag := out[len(plaintext):] - for i := 0; i < e.tagSize; i++ { - tag[i] = omacCiphertext[i] ^ omacNonce[i] ^ omacAdata[i] - } - return ret -} - -func (e *eax) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) { - if len(nonce) > e.nonceSize { - panic("crypto/eax: Nonce too long for this instance") - } - if len(ciphertext) < e.tagSize { - return nil, eaxError("Ciphertext shorter than tag length") - } - sep := len(ciphertext) - e.tagSize - - // Compute tag - omacNonce := e.omacT(0, nonce) - omacAdata := e.omacT(1, adata) - omacCiphertext := e.omacT(2, ciphertext[:sep]) - - tag := make([]byte, e.tagSize) - for i := 0; i < e.tagSize; i++ { - tag[i] = omacCiphertext[i] ^ omacNonce[i] ^ omacAdata[i] - } - - // Compare tags - if subtle.ConstantTimeCompare(ciphertext[sep:], tag) != 1 { - return nil, eaxError("Tag authentication failed") - } - - // Decrypt ciphertext - ret, out := byteutil.SliceForAppend(dst, len(ciphertext)) - ctr := cipher.NewCTR(e.block, omacNonce) - ctr.XORKeyStream(out, ciphertext[:sep]) - - return ret[:sep], nil -} - -// Tweakable OMAC - Calls OMAC_K([t]_n || plaintext) -func (e *eax) omacT(t byte, plaintext []byte) []byte { - blockSize := e.block.BlockSize() - byteT := make([]byte, blockSize) - byteT[blockSize-1] = t - concat := append(byteT, plaintext...) - return e.omac(concat) -} - -func (e *eax) omac(plaintext []byte) []byte { - blockSize := e.block.BlockSize() - // L ← E_K(0^n); B ← 2L; P ← 4L - L := make([]byte, blockSize) - e.block.Encrypt(L, L) - B := byteutil.GfnDouble(L) - P := byteutil.GfnDouble(B) - - // CBC with IV = 0 - cbc := cipher.NewCBCEncrypter(e.block, make([]byte, blockSize)) - padded := e.pad(plaintext, B, P) - cbcCiphertext := make([]byte, len(padded)) - cbc.CryptBlocks(cbcCiphertext, padded) - - return cbcCiphertext[len(cbcCiphertext)-blockSize:] -} - -func (e *eax) pad(plaintext, B, P []byte) []byte { - // if |M| in {n, 2n, 3n, ...} - blockSize := e.block.BlockSize() - if len(plaintext) != 0 && len(plaintext)%blockSize == 0 { - return byteutil.RightXor(plaintext, B) - } - - // else return (M || 1 || 0^(n−1−(|M| % n))) xor→ P - ending := make([]byte, blockSize-len(plaintext)%blockSize) - ending[0] = 0x80 - padded := append(plaintext, ending...) - return byteutil.RightXor(padded, P) -} - -func eaxError(err string) error { - return errors.New("crypto/eax: " + err) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go b/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go deleted file mode 100644 index ddb53d0790..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go +++ /dev/null @@ -1,58 +0,0 @@ -package eax - -// Test vectors from -// https://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf -var testVectors = []struct { - msg, key, nonce, header, ciphertext string -}{ - {"", - "233952DEE4D5ED5F9B9C6D6FF80FF478", - "62EC67F9C3A4A407FCB2A8C49031A8B3", - "6BFB914FD07EAE6B", - "E037830E8389F27B025A2D6527E79D01"}, - {"F7FB", - "91945D3F4DCBEE0BF45EF52255F095A4", - "BECAF043B0A23D843194BA972C66DEBD", - "FA3BFD4806EB53FA", - "19DD5C4C9331049D0BDAB0277408F67967E5"}, - {"1A47CB4933", - "01F74AD64077F2E704C0F60ADA3DD523", - "70C3DB4F0D26368400A10ED05D2BFF5E", - "234A3463C1264AC6", - "D851D5BAE03A59F238A23E39199DC9266626C40F80"}, - {"481C9E39B1", - "D07CF6CBB7F313BDDE66B727AFD3C5E8", - "8408DFFF3C1A2B1292DC199E46B7D617", - "33CCE2EABFF5A79D", - "632A9D131AD4C168A4225D8E1FF755939974A7BEDE"}, - {"40D0C07DA5E4", - "35B6D0580005BBC12B0587124557D2C2", - "FDB6B06676EEDC5C61D74276E1F8E816", - "AEB96EAEBE2970E9", - "071DFE16C675CB0677E536F73AFE6A14B74EE49844DD"}, - {"4DE3B35C3FC039245BD1FB7D", - "BD8E6E11475E60B268784C38C62FEB22", - "6EAC5C93072D8E8513F750935E46DA1B", - "D4482D1CA78DCE0F", - "835BB4F15D743E350E728414ABB8644FD6CCB86947C5E10590210A4F"}, - {"8B0A79306C9CE7ED99DAE4F87F8DD61636", - "7C77D6E813BED5AC98BAA417477A2E7D", - "1A8C98DCD73D38393B2BF1569DEEFC19", - "65D2017990D62528", - "02083E3979DA014812F59F11D52630DA30137327D10649B0AA6E1C181DB617D7F2"}, - {"1BDA122BCE8A8DBAF1877D962B8592DD2D56", - "5FFF20CAFAB119CA2FC73549E20F5B0D", - "DDE59B97D722156D4D9AFF2BC7559826", - "54B9F04E6A09189A", - "2EC47B2C4954A489AFC7BA4897EDCDAE8CC33B60450599BD02C96382902AEF7F832A"}, - {"6CF36720872B8513F6EAB1A8A44438D5EF11", - "A4A4782BCFFD3EC5E7EF6D8C34A56123", - "B781FCF2F75FA5A8DE97A9CA48E522EC", - "899A175897561D7E", - "0DE18FD0FDD91E7AF19F1D8EE8733938B1E8E7F6D2231618102FDB7FE55FF1991700"}, - {"CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7", - "8395FCF1E95BEBD697BD010BC766AAC3", - "22E7ADD93CFC6393C57EC0B3C17D6B44", - "126735FCC320D25A", - "CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC253B4652B1AF3795B124AB6E"}, -} diff --git a/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go b/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go deleted file mode 100644 index 4eb19f28d9..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go +++ /dev/null @@ -1,131 +0,0 @@ -// These vectors include key length in {128, 192, 256}, tag size 128, and -// random nonce, header, and plaintext lengths. - -// This file was automatically generated. - -package eax - -var randomVectors = []struct { - key, nonce, header, plaintext, ciphertext string -}{ - {"DFDE093F36B0356E5A81F609786982E3", - "1D8AC604419001816905BA72B14CED7E", - "152A1517A998D7A24163FCDD146DE81AC347C8B97088F502093C1ABB8F6E33D9A219C34D7603A18B1F5ABE02E56661B7D7F67E81EC08C1302EF38D80A859486D450E94A4F26AD9E68EEBBC0C857A0FC5CF9E641D63D565A7E361BC8908F5A8DC8FD6", - "1C8EAAB71077FE18B39730A3156ADE29C5EE824C7EE86ED2A253B775603FB237116E654F6FEC588DD27F523A0E01246FE73FE348491F2A8E9ABC6CA58D663F71CDBCF4AD798BE46C42AE6EE8B599DB44A1A48D7BBBBA0F7D2750181E1C5E66967F7D57CBD30AFBDA5727", - "79E7E150934BBEBF7013F61C60462A14D8B15AF7A248AFB8A344EF021C1500E16666891D6E973D8BB56B71A371F12CA34660C4410C016982B20F547E3762A58B7BF4F20236CADCF559E2BE7D783B13723B2741FC7CDC8997D839E39A3DDD2BADB96743DD7049F1BDB0516A262869915B3F70498AFB7B191BF960"}, - {"F10619EF02E5D94D7550EB84ED364A21", - "8DC0D4F2F745BBAE835CC5574B942D20", - "FE561358F2E8DF7E1024FF1AE9A8D36EBD01352214505CB99D644777A8A1F6027FA2BDBFC529A9B91136D5F2416CFC5F0F4EC3A1AFD32BDDA23CA504C5A5CB451785FABF4DFE4CD50D817491991A60615B30286361C100A95D1712F2A45F8E374461F4CA2B", - "D7B5A971FC219631D30EFC3664AE3127D9CF3097DAD9C24AC7905D15E8D9B25B026B31D68CAE00975CDB81EB1FD96FD5E1A12E2BB83FA25F1B1D91363457657FC03875C27F2946C5", - "2F336ED42D3CC38FC61660C4CD60BA4BD438B05F5965D8B7B399D2E7167F5D34F792D318F94DB15D67463AC449E13D568CC09BFCE32A35EE3EE96A041927680AE329811811E27F2D1E8E657707AF99BA96D13A478D695D59"}, - {"429F514EFC64D98A698A9247274CFF45", - "976AA5EB072F912D126ACEBC954FEC38", - "A71D89DC5B6CEDBB7451A27C3C2CAE09126DB4C421", - "5632FE62AB1DC549D54D3BC3FC868ACCEDEFD9ECF5E9F8", - "848AE4306CA8C7F416F8707625B7F55881C0AB430353A5C967CDA2DA787F581A70E34DBEBB2385"}, - {"398138F309085F47F8457CDF53895A63", - "F8A8A7F2D28E5FFF7BBC2F24353F7A36", - "5D633C21BA7764B8855CAB586F3746E236AD486039C83C6B56EFA9C651D38A41D6B20DAEE3418BFEA44B8BD6", - "A3BBAA91920AF5E10659818B1B3B300AC79BFC129C8329E75251F73A66D3AE0128EB91D5031E0A65C329DB7D1E9C0493E268", - "D078097267606E5FB07CFB7E2B4B718172A82C6A4CEE65D549A4DFB9838003BD2FBF64A7A66988AC1A632FD88F9E9FBB57C5A78AD2E086EACBA3DB68511D81C2970A"}, - {"7A4151EBD3901B42CBA45DAFB2E931BA", - "0FC88ACEE74DD538040321C330974EB8", - "250464FB04733BAB934C59E6AD2D6AE8D662CBCFEFBE61E5A308D4211E58C4C25935B72C69107722E946BFCBF416796600542D76AEB73F2B25BF53BAF97BDEB36ED3A7A51C31E7F170EB897457E7C17571D1BA0A908954E9", - "88C41F3EBEC23FAB8A362D969CAC810FAD4F7CA6A7F7D0D44F060F92E37E1183768DD4A8C733F71C96058D362A39876D183B86C103DE", - "74A25B2182C51096D48A870D80F18E1CE15867778E34FCBA6BD7BFB3739FDCD42AD0F2D9F4EBA29085285C6048C15BCE5E5166F1F962D3337AA88E6062F05523029D0A7F0BF9"}, - {"BFB147E1CD5459424F8C0271FC0E0DC5", - "EABCC126442BF373969EA3015988CC45", - "4C0880E1D71AA2C7", - "BE1B5EC78FBF73E7A6682B21BA7E0E5D2D1C7ABE", - "5660D7C1380E2F306895B1402CB2D6C37876504276B414D120F4CF92FDDDBB293A238EA0"}, - {"595DD6F52D18BC2CA8EB4EDAA18D9FA3", - "0F84B5D36CF4BC3B863313AF3B4D2E97", - "30AE6CC5F99580F12A779D98BD379A60948020C0B6FBD5746B30BA3A15C6CD33DAF376C70A9F15B6C0EB410A93161F7958AE23", - "8EF3687A1642B070970B0B91462229D1D76ABC154D18211F7152AA9FF368", - "317C1DDB11417E5A9CC4DDE7FDFF6659A5AC4B31DE025212580A05CDAC6024D3E4AE7C2966E52B9129E9ECDBED86"}, - {"44E6F2DC8FDC778AD007137D11410F50", - "270A237AD977F7187AA6C158A0BAB24F", - "509B0F0EB12E2AA5C5BA2DE553C07FAF4CE0C9E926531AA709A3D6224FCB783ACCF1559E10B1123EBB7D52E8AB54E6B5352A9ED0D04124BF0E9D9BACFD7E32B817B2E625F5EE94A64EDE9E470DE7FE6886C19B294F9F828209FE257A78", - "8B3D7815DF25618A5D0C55A601711881483878F113A12EC36CF64900549A3199555528559DC118F789788A55FAFD944E6E99A9CA3F72F238CD3F4D88223F7A745992B3FAED1848", - "1CC00D79F7AD82FDA71B58D286E5F34D0CC4CEF30704E771CC1E50746BDF83E182B078DB27149A42BAE619DF0F85B0B1090AD55D3B4471B0D6F6ECCD09C8F876B30081F0E7537A9624F8AAF29DA85E324122EFB4D68A56"}, - {"BB7BC352A03044B4428D8DBB4B0701FDEC4649FD17B81452", - "8B4BBE26CCD9859DCD84884159D6B0A4", - "2212BEB0E78E0F044A86944CF33C8D5C80D9DBE1034BF3BCF73611835C7D3A52F5BD2D81B68FD681B68540A496EE5DA16FD8AC8824E60E1EC2042BE28FB0BFAD4E4B03596446BDD8C37D936D9B3D5295BE19F19CF5ACE1D33A46C952CE4DE5C12F92C1DD051E04AEED", - "9037234CC44FFF828FABED3A7084AF40FA7ABFF8E0C0EFB57A1CC361E18FC4FAC1AB54F3ABFE9FF77263ACE16C3A", - "A9391B805CCD956081E0B63D282BEA46E7025126F1C1631239C33E92AA6F92CD56E5A4C56F00FF9658E93D48AF4EF0EF81628E34AD4DB0CDAEDCD2A17EE7"}, - {"99C0AD703196D2F60A74E6B378B838B31F82EA861F06FC4E", - "92745C018AA708ECFEB1667E9F3F1B01", - "828C69F376C0C0EC651C67749C69577D589EE39E51404D80EBF70C8660A8F5FD375473F4A7C611D59CB546A605D67446CE2AA844135FCD78BB5FBC90222A00D42920BB1D7EEDFB0C4672554F583EF23184F89063CDECBE482367B5F9AF3ACBC3AF61392BD94CBCD9B64677", - "A879214658FD0A5B0E09836639BF82E05EC7A5EF71D4701934BDA228435C68AC3D5CEB54997878B06A655EEACEFB1345C15867E7FE6C6423660C8B88DF128EBD6BCD85118DBAE16E9252FFB204324E5C8F38CA97759BDBF3CB0083", - "51FE87996F194A2585E438B023B345439EA60D1AEBED4650CDAF48A4D4EEC4FC77DC71CC4B09D3BEEF8B7B7AF716CE2B4EFFB3AC9E6323C18AC35E0AA6E2BBBC8889490EB6226C896B0D105EAB42BFE7053CCF00ED66BA94C1BA09A792AA873F0C3B26C5C5F9A936E57B25"}, - {"7086816D00D648FB8304AA8C9E552E1B69A9955FB59B25D1", - "0F45CF7F0BF31CCEB85D9DA10F4D749F", - "93F27C60A417D9F0669E86ACC784FC8917B502DAF30A6338F11B30B94D74FEFE2F8BE1BBE2EAD10FAB7EED3C6F72B7C3ECEE1937C32ED4970A6404E139209C05", - "877F046601F3CBE4FB1491943FA29487E738F94B99AF206262A1D6FF856C9AA0B8D4D08A54370C98F8E88FA3DCC2B14C1F76D71B2A4C7963AEE8AF960464C5BEC8357AD00DC8", - "FE96906B895CE6A8E72BC72344E2C8BB3C63113D70EAFA26C299BAFE77A8A6568172EB447FB3E86648A0AF3512DEB1AAC0819F3EC553903BF28A9FB0F43411237A774BF9EE03E445D280FBB9CD12B9BAAB6EF5E52691"}, - {"062F65A896D5BF1401BADFF70E91B458E1F9BD4888CB2E4D", - "5B11EA1D6008EBB41CF892FCA5B943D1", - "BAF4FF5C8242", - "A8870E091238355984EB2F7D61A865B9170F440BFF999A5993DD41A10F4440D21FF948DDA2BF663B2E03AC3324492DC5E40262ECC6A65C07672353BE23E7FB3A9D79FF6AA38D97960905A38DECC312CB6A59E5467ECF06C311CD43ADC0B543EDF34FE8BE611F176460D5627CA51F8F8D9FED71F55C", - "B10E127A632172CF8AA7539B140D2C9C2590E6F28C3CB892FC498FCE56A34F732FBFF32E79C7B9747D9094E8635A0C084D6F0247F9768FB5FF83493799A9BEC6C39572120C40E9292C8C947AE8573462A9108C36D9D7112E6995AE5867E6C8BB387D1C5D4BEF524F391B9FD9F0A3B4BFA079E915BCD920185CFD38D114C558928BD7D47877"}, - {"38A8E45D6D705A11AF58AED5A1344896998EACF359F2E26A", - "FD82B5B31804FF47D44199B533D0CF84", - "DE454D4E62FE879F2050EE3E25853623D3E9AC52EEC1A1779A48CFAF5ECA0BFDE44749391866D1", - "B804", - "164BB965C05EBE0931A1A63293EDF9C38C27"}, - {"34C33C97C6D7A0850DA94D78A58DC61EC717CD7574833068", - "343BE00DA9483F05C14F2E9EB8EA6AE8", - "78312A43EFDE3CAE34A65796FF059A3FE15304EEA5CF1D9306949FE5BF3349D4977D4EBE76C040FE894C5949E4E4D6681153DA87FB9AC5062063CA2EA183566343362370944CE0362D25FC195E124FD60E8682E665D13F2229DDA3E4B2CB1DCA", - "CC11BB284B1153578E4A5ED9D937B869DAF00F5B1960C23455CA9CC43F486A3BE0B66254F1041F04FDF459C8640465B6E1D2CF899A381451E8E7FCB50CF87823BE77E24B132BBEEDC72E53369B275E1D8F49ECE59F4F215230AC4FE133FC80E4F634EE80BA4682B62C86", - "E7F703DC31A95E3A4919FF957836CB76C063D81702AEA4703E1C2BF30831E58C4609D626EC6810E12EAA5B930F049FF9EFC22C3E3F1EBD4A1FB285CB02A1AC5AD46B425199FC0A85670A5C4E3DAA9636C8F64C199F42F18AAC8EA7457FD377F322DD7752D7D01B946C8F0A97E6113F0D50106F319AFD291AAACE"}, - {"C6ECF7F053573E403E61B83052A343D93CBCC179D1E835BE", - "E280E13D7367042E3AA09A80111B6184", - "21486C9D7A9647", - "5F2639AFA6F17931853791CD8C92382BBB677FD72D0AB1A080D0E49BFAA21810E963E4FACD422E92F65CBFAD5884A60CD94740DF31AF02F95AA57DA0C4401B0ED906", - "5C51DB20755302070C45F52E50128A67C8B2E4ED0EACB7E29998CCE2E8C289DD5655913EC1A51CC3AABE5CDC2402B2BE7D6D4BF6945F266FBD70BA9F37109067157AE7530678B45F64475D4EBFCB5FFF46A5"}, - {"5EC6CF7401BC57B18EF154E8C38ACCA8959E57D2F3975FF5", - "656B41CB3F9CF8C08BAD7EBFC80BD225", - "6B817C2906E2AF425861A7EF59BA5801F143EE2A139EE72697CDE168B4", - "2C0E1DDC9B1E5389BA63845B18B1F8A1DB062037151BCC56EF7C21C0BB4DAE366636BBA975685D7CC5A94AFBE89C769016388C56FB7B57CE750A12B718A8BDCF70E80E8659A8330EFC8F86640F21735E8C80E23FE43ABF23507CE3F964AE4EC99D", - "ED780CF911E6D1AA8C979B889B0B9DC1ABE261832980BDBFB576901D9EF5AB8048998E31A15BE54B3E5845A4D136AD24D0BDA1C3006168DF2F8AC06729CB0818867398150020131D8F04EDF1923758C9EABB5F735DE5EA1758D4BC0ACFCA98AFD202E9839B8720253693B874C65586C6F0"}, - {"C92F678EB2208662F5BCF3403EC05F5961E957908A3E79421E1D25FC19054153", - "DA0F3A40983D92F2D4C01FED33C7A192", - "2B6E9D26DB406A0FAB47608657AA10EFC2B4AA5F459B29FF85AC9A40BFFE7AEB04F77E9A11FAAA116D7F6D4DA417671A9AB02C588E0EF59CB1BFB4B1CC931B63A3B3A159FCEC97A04D1E6F0C7E6A9CEF6B0ABB04758A69F1FE754DF4C2610E8C46B6CF413BDB31351D55BEDCB7B4A13A1C98E10984475E0F2F957853", - "F37326A80E08", - "83519E53E321D334F7C10B568183775C0E9AAE55F806"}, - {"6847E0491BE57E72995D186D50094B0B3593957A5146798FCE68B287B2FB37B5", - "3EE1182AEBB19A02B128F28E1D5F7F99", - "D9F35ABB16D776CE", - "DB7566ED8EA95BDF837F23DB277BAFBC5E70D1105ADFD0D9EF15475051B1EF94709C67DCA9F8D5", - "2CDCED0C9EBD6E2A508822A685F7DCD1CDD99E7A5FCA786C234E7F7F1D27EC49751AD5DCFA30C5EDA87C43CAE3B919B6BBCFE34C8EDA59"}, - {"82B019673642C08388D3E42075A4D5D587558C229E4AB8F660E37650C4C41A0A", - "336F5D681E0410FAE7B607246092C6DC", - "D430CBD8FE435B64214E9E9CDC5DE99D31CFCFB8C10AA0587A49DF276611", - "998404153AD77003E1737EDE93ED79859EE6DCCA93CB40C4363AA817ABF2DBBD46E42A14A7183B6CC01E12A577888141363D0AE011EB6E8D28C0B235", - "9BEF69EEB60BD3D6065707B7557F25292A8872857CFBD24F2F3C088E4450995333088DA50FD9121221C504DF1D0CD5EFE6A12666C5D5BB12282CF4C19906E9CFAB97E9BDF7F49DC17CFC384B"}, - {"747B2E269B1859F0622C15C8BAD6A725028B1F94B8DB7326948D1E6ED663A8BC", - "AB91F7245DDCE3F1C747872D47BE0A8A", - "3B03F786EF1DDD76E1D42646DA4CD2A5165DC5383CE86D1A0B5F13F910DC278A4E451EE0192CBA178E13B3BA27FDC7840DF73D2E104B", - "6B803F4701114F3E5FE21718845F8416F70F626303F545BE197189E0A2BA396F37CE06D389EB2658BC7D56D67868708F6D0D32", - "1570DDB0BCE75AA25D1957A287A2C36B1A5F2270186DA81BA6112B7F43B0F3D1D0ED072591DCF1F1C99BBB25621FC39B896FF9BD9413A2845363A9DCD310C32CF98E57"}, - {"02E59853FB29AEDA0FE1C5F19180AD99A12FF2F144670BB2B8BADF09AD812E0A", - "C691294EF67CD04D1B9242AF83DD1421", - "879334DAE3", - "1E17F46A98FEF5CBB40759D95354", - "FED8C3FF27DDF6313AED444A2985B36CBA268AAD6AAC563C0BA28F6DB5DB"}, - {"F6C1FB9B4188F2288FF03BD716023198C3582CF2A037FC2F29760916C2B7FCDB", - "4228DA0678CA3534588859E77DFF014C", - "D8153CAF35539A61DD8D05B3C9B44F01E564FB9348BCD09A1C23B84195171308861058F0A3CD2A55B912A3AAEE06FF4D356C77275828F2157C2FC7C115DA39E443210CCC56BEDB0CC99BBFB227ABD5CC454F4E7F547C7378A659EEB6A7E809101A84F866503CB18D4484E1FA09B3EC7FC75EB2E35270800AA7", - "23B660A779AD285704B12EC1C580387A47BEC7B00D452C6570", - "5AA642BBABA8E49849002A2FAF31DB8FC7773EFDD656E469CEC19B3206D4174C9A263D0A05484261F6"}, - {"8FF6086F1FADB9A3FBE245EAC52640C43B39D43F89526BB5A6EBA47710931446", - "943188480C99437495958B0AE4831AA9", - "AD5CD0BDA426F6EBA23C8EB23DC73FF9FEC173355EDBD6C9344C4C4383F211888F7CE6B29899A6801DF6B38651A7C77150941A", - "80CD5EA8D7F81DDF5070B934937912E8F541A5301877528EB41AB60C020968D459960ED8FB73083329841A", - "ABAE8EB7F36FCA2362551E72DAC890BA1BB6794797E0FC3B67426EC9372726ED4725D379EA0AC9147E48DCD0005C502863C2C5358A38817C8264B5"}, - {"A083B54E6B1FE01B65D42FCD248F97BB477A41462BBFE6FD591006C022C8FD84", - "B0490F5BD68A52459556B3749ACDF40E", - "8892E047DA5CFBBDF7F3CFCBD1BD21C6D4C80774B1826999234394BD3E513CC7C222BB40E1E3140A152F19B3802F0D036C24A590512AD0E8", - "D7B15752789DC94ED0F36778A5C7BBB207BEC32BAC66E702B39966F06E381E090C6757653C3D26A81EC6AD6C364D66867A334C91BB0B8A8A4B6EACDF0783D09010AEBA2DD2062308FE99CC1F", - "C071280A732ADC93DF272BF1E613B2BB7D46FC6665EF2DC1671F3E211D6BDE1D6ADDD28DF3AA2E47053FC8BB8AE9271EC8BC8B2CFFA320D225B451685B6D23ACEFDD241FE284F8ADC8DB07F456985B14330BBB66E0FB212213E05B3E"}, -} diff --git a/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go b/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go deleted file mode 100644 index d558b9bd82..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG -// This file contains necessary tools for the aex and ocb packages. -// -// These functions SHOULD NOT be used elsewhere, since they are optimized for -// specific input nature in the EAX and OCB modes of operation. - -package byteutil - -// GfnDouble computes 2 * input in the field of 2^n elements. -// The irreducible polynomial in the finite field for n=128 is -// x^128 + x^7 + x^2 + x + 1 (equals 0x87) -// Constant-time execution in order to avoid side-channel attacks -func GfnDouble(input []byte) []byte { - if len(input) != 16 { - panic("Doubling in GFn only implemented for n = 128") - } - // If the first bit is zero, return 2L = L << 1 - // Else return (L << 1) xor 0^120 10000111 - shifted := ShiftBytesLeft(input) - shifted[15] ^= ((input[0] >> 7) * 0x87) - return shifted -} - -// ShiftBytesLeft outputs the byte array corresponding to x << 1 in binary. -func ShiftBytesLeft(x []byte) []byte { - l := len(x) - dst := make([]byte, l) - for i := 0; i < l-1; i++ { - dst[i] = (x[i] << 1) | (x[i+1] >> 7) - } - dst[l-1] = x[l-1] << 1 - return dst -} - -// ShiftNBytesLeft puts in dst the byte array corresponding to x << n in binary. -func ShiftNBytesLeft(dst, x []byte, n int) { - // Erase first n / 8 bytes - copy(dst, x[n/8:]) - - // Shift the remaining n % 8 bits - bits := uint(n % 8) - l := len(dst) - for i := 0; i < l-1; i++ { - dst[i] = (dst[i] << bits) | (dst[i+1] >> uint(8-bits)) - } - dst[l-1] = dst[l-1] << bits - - // Append trailing zeroes - dst = append(dst, make([]byte, n/8)...) -} - -// XorBytesMut replaces X with X XOR Y. len(X) must be >= len(Y). -func XorBytesMut(X, Y []byte) { - for i := 0; i < len(Y); i++ { - X[i] ^= Y[i] - } -} - -// XorBytes puts X XOR Y into Z. len(Z) and len(X) must be >= len(Y). -func XorBytes(Z, X, Y []byte) { - for i := 0; i < len(Y); i++ { - Z[i] = X[i] ^ Y[i] - } -} - -// RightXor XORs smaller input (assumed Y) at the right of the larger input (assumed X) -func RightXor(X, Y []byte) []byte { - offset := len(X) - len(Y) - xored := make([]byte, len(X)) - copy(xored, X) - for i := 0; i < len(Y); i++ { - xored[offset+i] ^= Y[i] - } - return xored -} - -// SliceForAppend takes a slice and a requested number of bytes. It returns a -// slice with the contents of the given slice followed by that many bytes and a -// second slice that aliases into it and contains only the extra bytes. If the -// original slice has sufficient capacity then no allocation is performed. -func SliceForAppend(in []byte, n int) (head, tail []byte) { - if total := len(in) + n; cap(in) >= total { - head = in[:total] - } else { - head = make([]byte, total) - copy(head, in) - } - tail = head[len(in):] - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go b/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go deleted file mode 100644 index 24f893017b..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go +++ /dev/null @@ -1,313 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG - -// Package ocb provides an implementation of the OCB (offset codebook) mode of -// operation, as described in RFC-7253 of the IRTF and in Rogaway, Bellare, -// Black and Krovetz - OCB: A BLOCK-CIPHER MODE OF OPERATION FOR EFFICIENT -// AUTHENTICATED ENCRYPTION (2003). -// Security considerations (from RFC-7253): A private key MUST NOT be used to -// encrypt more than 2^48 blocks. Tag length should be at least 12 bytes (a -// brute-force forging adversary succeeds after 2^{tag length} attempts). A -// single key SHOULD NOT be used to decrypt ciphertext with different tag -// lengths. Nonces need not be secret, but MUST NOT be reused. -// This package only supports underlying block ciphers with 128-bit blocks, -// such as AES-{128, 192, 256}, but may be extended to other sizes. -package ocb - -import ( - "bytes" - "crypto/cipher" - "crypto/subtle" - "errors" - "math/bits" - - "github.com/ProtonMail/go-crypto/internal/byteutil" -) - -type ocb struct { - block cipher.Block - tagSize int - nonceSize int - mask mask - // Optimized en/decrypt: For each nonce N used to en/decrypt, the 'Ktop' - // internal variable can be reused for en/decrypting with nonces sharing - // all but the last 6 bits with N. The prefix of the first nonce used to - // compute the new Ktop, and the Ktop value itself, are stored in - // reusableKtop. If using incremental nonces, this saves one block cipher - // call every 63 out of 64 OCB encryptions, and stores one nonce and one - // output of the block cipher in memory only. - reusableKtop reusableKtop -} - -type mask struct { - // L_*, L_$, (L_i)_{i ∈ N} - lAst []byte - lDol []byte - L [][]byte -} - -type reusableKtop struct { - noncePrefix []byte - Ktop []byte -} - -const ( - defaultTagSize = 16 - defaultNonceSize = 15 -) - -const ( - enc = iota - dec -) - -func (o *ocb) NonceSize() int { - return o.nonceSize -} - -func (o *ocb) Overhead() int { - return o.tagSize -} - -// NewOCB returns an OCB instance with the given block cipher and default -// tag and nonce sizes. -func NewOCB(block cipher.Block) (cipher.AEAD, error) { - return NewOCBWithNonceAndTagSize(block, defaultNonceSize, defaultTagSize) -} - -// NewOCBWithNonceAndTagSize returns an OCB instance with the given block -// cipher, nonce length, and tag length. Panics on zero nonceSize and -// exceedingly long tag size. -// -// It is recommended to use at least 12 bytes as tag length. -func NewOCBWithNonceAndTagSize( - block cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) { - if block.BlockSize() != 16 { - return nil, ocbError("Block cipher must have 128-bit blocks") - } - if nonceSize < 1 { - return nil, ocbError("Incorrect nonce length") - } - if nonceSize >= block.BlockSize() { - return nil, ocbError("Nonce length exceeds blocksize - 1") - } - if tagSize > block.BlockSize() { - return nil, ocbError("Custom tag length exceeds blocksize") - } - return &ocb{ - block: block, - tagSize: tagSize, - nonceSize: nonceSize, - mask: initializeMaskTable(block), - reusableKtop: reusableKtop{ - noncePrefix: nil, - Ktop: nil, - }, - }, nil -} - -func (o *ocb) Seal(dst, nonce, plaintext, adata []byte) []byte { - if len(nonce) > o.nonceSize { - panic("crypto/ocb: Incorrect nonce length given to OCB") - } - sep := len(plaintext) - ret, out := byteutil.SliceForAppend(dst, sep+o.tagSize) - tag := o.crypt(enc, out[:sep], nonce, adata, plaintext) - copy(out[sep:], tag) - return ret -} - -func (o *ocb) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) { - if len(nonce) > o.nonceSize { - panic("Nonce too long for this instance") - } - if len(ciphertext) < o.tagSize { - return nil, ocbError("Ciphertext shorter than tag length") - } - sep := len(ciphertext) - o.tagSize - ret, out := byteutil.SliceForAppend(dst, sep) - ciphertextData := ciphertext[:sep] - tag := o.crypt(dec, out, nonce, adata, ciphertextData) - if subtle.ConstantTimeCompare(tag, ciphertext[sep:]) == 1 { - return ret, nil - } - for i := range out { - out[i] = 0 - } - return nil, ocbError("Tag authentication failed") -} - -// On instruction enc (resp. dec), crypt is the encrypt (resp. decrypt) -// function. It writes the resulting plain/ciphertext into Y and returns -// the tag. -func (o *ocb) crypt(instruction int, Y, nonce, adata, X []byte) []byte { - // - // Consider X as a sequence of 128-bit blocks - // - // Note: For encryption (resp. decryption), X is the plaintext (resp., the - // ciphertext without the tag). - blockSize := o.block.BlockSize() - - // - // Nonce-dependent and per-encryption variables - // - // Zero out the last 6 bits of the nonce into truncatedNonce to see if Ktop - // is already computed. - truncatedNonce := make([]byte, len(nonce)) - copy(truncatedNonce, nonce) - truncatedNonce[len(truncatedNonce)-1] &= 192 - var Ktop []byte - if bytes.Equal(truncatedNonce, o.reusableKtop.noncePrefix) { - Ktop = o.reusableKtop.Ktop - } else { - // Nonce = num2str(TAGLEN mod 128, 7) || zeros(120 - bitlen(N)) || 1 || N - paddedNonce := append(make([]byte, blockSize-1-len(nonce)), 1) - paddedNonce = append(paddedNonce, truncatedNonce...) - paddedNonce[0] |= byte(((8 * o.tagSize) % (8 * blockSize)) << 1) - // Last 6 bits of paddedNonce are already zero. Encrypt into Ktop - paddedNonce[blockSize-1] &= 192 - Ktop = paddedNonce - o.block.Encrypt(Ktop, Ktop) - o.reusableKtop.noncePrefix = truncatedNonce - o.reusableKtop.Ktop = Ktop - } - - // Stretch = Ktop || ((lower half of Ktop) XOR (lower half of Ktop << 8)) - xorHalves := make([]byte, blockSize/2) - byteutil.XorBytes(xorHalves, Ktop[:blockSize/2], Ktop[1:1+blockSize/2]) - stretch := append(Ktop, xorHalves...) - bottom := int(nonce[len(nonce)-1] & 63) - offset := make([]byte, len(stretch)) - byteutil.ShiftNBytesLeft(offset, stretch, bottom) - offset = offset[:blockSize] - - // - // Process any whole blocks - // - // Note: For encryption Y is ciphertext || tag, for decryption Y is - // plaintext || tag. - checksum := make([]byte, blockSize) - m := len(X) / blockSize - for i := 0; i < m; i++ { - index := bits.TrailingZeros(uint(i + 1)) - if len(o.mask.L)-1 < index { - o.mask.extendTable(index) - } - byteutil.XorBytesMut(offset, o.mask.L[bits.TrailingZeros(uint(i+1))]) - blockX := X[i*blockSize : (i+1)*blockSize] - blockY := Y[i*blockSize : (i+1)*blockSize] - switch instruction { - case enc: - byteutil.XorBytesMut(checksum, blockX) - byteutil.XorBytes(blockY, blockX, offset) - o.block.Encrypt(blockY, blockY) - byteutil.XorBytesMut(blockY, offset) - case dec: - byteutil.XorBytes(blockY, blockX, offset) - o.block.Decrypt(blockY, blockY) - byteutil.XorBytesMut(blockY, offset) - byteutil.XorBytesMut(checksum, blockY) - } - } - // - // Process any final partial block and compute raw tag - // - tag := make([]byte, blockSize) - if len(X)%blockSize != 0 { - byteutil.XorBytesMut(offset, o.mask.lAst) - pad := make([]byte, blockSize) - o.block.Encrypt(pad, offset) - chunkX := X[blockSize*m:] - chunkY := Y[blockSize*m : len(X)] - switch instruction { - case enc: - byteutil.XorBytesMut(checksum, chunkX) - checksum[len(chunkX)] ^= 128 - byteutil.XorBytes(chunkY, chunkX, pad[:len(chunkX)]) - // P_* || bit(1) || zeroes(127) - len(P_*) - case dec: - byteutil.XorBytes(chunkY, chunkX, pad[:len(chunkX)]) - // P_* || bit(1) || zeroes(127) - len(P_*) - byteutil.XorBytesMut(checksum, chunkY) - checksum[len(chunkY)] ^= 128 - } - } - byteutil.XorBytes(tag, checksum, offset) - byteutil.XorBytesMut(tag, o.mask.lDol) - o.block.Encrypt(tag, tag) - byteutil.XorBytesMut(tag, o.hash(adata)) - return tag[:o.tagSize] -} - -// This hash function is used to compute the tag. Per design, on empty input it -// returns a slice of zeros, of the same length as the underlying block cipher -// block size. -func (o *ocb) hash(adata []byte) []byte { - // - // Consider A as a sequence of 128-bit blocks - // - A := make([]byte, len(adata)) - copy(A, adata) - blockSize := o.block.BlockSize() - - // - // Process any whole blocks - // - sum := make([]byte, blockSize) - offset := make([]byte, blockSize) - m := len(A) / blockSize - for i := 0; i < m; i++ { - chunk := A[blockSize*i : blockSize*(i+1)] - index := bits.TrailingZeros(uint(i + 1)) - // If the mask table is too short - if len(o.mask.L)-1 < index { - o.mask.extendTable(index) - } - byteutil.XorBytesMut(offset, o.mask.L[index]) - byteutil.XorBytesMut(chunk, offset) - o.block.Encrypt(chunk, chunk) - byteutil.XorBytesMut(sum, chunk) - } - - // - // Process any final partial block; compute final hash value - // - if len(A)%blockSize != 0 { - byteutil.XorBytesMut(offset, o.mask.lAst) - // Pad block with 1 || 0 ^ 127 - bitlength(a) - ending := make([]byte, blockSize-len(A)%blockSize) - ending[0] = 0x80 - encrypted := append(A[blockSize*m:], ending...) - byteutil.XorBytesMut(encrypted, offset) - o.block.Encrypt(encrypted, encrypted) - byteutil.XorBytesMut(sum, encrypted) - } - return sum -} - -func initializeMaskTable(block cipher.Block) mask { - // - // Key-dependent variables - // - lAst := make([]byte, block.BlockSize()) - block.Encrypt(lAst, lAst) - lDol := byteutil.GfnDouble(lAst) - L := make([][]byte, 1) - L[0] = byteutil.GfnDouble(lDol) - - return mask{ - lAst: lAst, - lDol: lDol, - L: L, - } -} - -// Extends the L array of mask m up to L[limit], with L[i] = GfnDouble(L[i-1]) -func (m *mask) extendTable(limit int) { - for i := len(m.L); i <= limit; i++ { - m.L = append(m.L, byteutil.GfnDouble(m.L[i-1])) - } -} - -func ocbError(err string) error { - return errors.New("crypto/ocb: " + err) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go b/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go deleted file mode 100644 index 0efaf344fd..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go +++ /dev/null @@ -1,136 +0,0 @@ -// In the test vectors provided by RFC 7253, the "bottom" -// internal variable, which defines "offset" for the first time, does not -// exceed 15. However, it can attain values up to 63. - -// These vectors include key length in {128, 192, 256}, tag size 128, and -// random nonce, header, and plaintext lengths. - -// This file was automatically generated. - -package ocb - -var randomVectors = []struct { - key, nonce, header, plaintext, ciphertext string -}{ - - {"9438C5D599308EAF13F800D2D31EA7F0", - "C38EE4801BEBFFA1CD8635BE", - "0E507B7DADD8A98CDFE272D3CB6B3E8332B56AE583FB049C0874D4200BED16BD1A044182434E9DA0E841F182DFD5B3016B34641CED0784F1745F63AB3D0DA22D3351C9EF9A658B8081E24498EBF61FCE40DA6D8E184536", - "962D227786FB8913A8BAD5DC3250", - "EEDEF5FFA5986D1E3BF86DDD33EF9ADC79DCA06E215FA772CCBA814F63AD"}, - {"BA7DE631C7D6712167C6724F5B9A2B1D", - "35263EBDA05765DC0E71F1F5", - "0103257B4224507C0242FEFE821EA7FA42E0A82863E5F8B68F7D881B4B44FA428A2B6B21D2F591260802D8AB6D83", - "9D6D1FC93AE8A64E7889B7B2E3521EFA9B920A8DDB692E6F833DDC4A38AFA535E5E2A3ED82CB7E26404AB86C54D01C4668F28398C2DF33D5D561CBA1C8DCFA7A912F5048E545B59483C0E3221F54B14DAA2E4EB657B3BEF9554F34CAD69B2724AE962D3D8A", - "E93852D1985C5E775655E937FA79CE5BF28A585F2AF53A5018853B9634BE3C84499AC0081918FDCE0624494D60E25F76ACD6853AC7576E3C350F332249BFCABD4E73CEABC36BE4EDDA40914E598AE74174A0D7442149B26990899491BDDFE8FC54D6C18E83AE9E9A6FFBF5D376565633862EEAD88D"}, - {"2E74B25289F6FD3E578C24866E9C72A5", - "FD912F15025AF8414642BA1D1D", - "FB5FB8C26F365EEDAB5FE260C6E3CCD27806729C8335F146063A7F9EA93290E56CF84576EB446350D22AD730547C267B1F0BBB97EB34E1E2C41A", - "6C092EBF78F76EE8C1C6E592277D9545BA16EDB67BC7D8480B9827702DC2F8A129E2B08A2CE710CA7E1DA45CE162BB6CD4B512E632116E2211D3C90871EFB06B8D4B902681C7FB", - "6AC0A77F26531BF4F354A1737F99E49BE32ECD909A7A71AD69352906F54B08A9CE9B8CA5D724CBFFC5673437F23F630697F3B84117A1431D6FA8CC13A974FB4AD360300522E09511B99E71065D5AC4BBCB1D791E864EF4"}, - {"E7EC507C802528F790AFF5303A017B17", - "4B97A7A568940A9E3CE7A99E93031E", - "28349BDC5A09390C480F9B8AA3EDEA3DDB8B9D64BCA322C570B8225DF0E31190DAB25A4014BA39519E02ABFB12B89AA28BBFD29E486E7FB28734258C817B63CED9912DBAFEBB93E2798AB2890DE3B0ACFCFF906AB15563EF7823CE83D27CDB251195E22BD1337BCBDE65E7C2C427321C463C2777BFE5AEAA", - "9455B3EA706B74", - "7F33BA3EA848D48A96B9530E26888F43EBD4463C9399B6"}, - {"6C928AA3224736F28EE7378DE0090191", - "8936138E2E4C6A13280017A1622D", - "6202717F2631565BDCDC57C6584543E72A7C8BD444D0D108ED35069819633C", - "DA0691439E5F035F3E455269D14FE5C201C8C9B0A3FE2D3F86BCC59387C868FE65733D388360B31E3CE28B4BF6A8BE636706B536D5720DB66B47CF1C7A5AFD6F61E0EF90F1726D6B0E169F9A768B2B7AE4EE00A17F630AC905FCAAA1B707FFF25B3A1AAE83B504837C64A5639B2A34002B300EC035C9B43654DA55", - "B8804D182AB0F0EEB464FA7BD1329AD6154F982013F3765FEDFE09E26DAC078C9C1439BFC1159D6C02A25E3FF83EF852570117B315852AD5EE20E0FA3AA0A626B0E43BC0CEA38B44579DD36803455FB46989B90E6D229F513FD727AF8372517E9488384C515D6067704119C931299A0982EDDFB9C2E86A90C450C077EB222511EC9CCABC9FCFDB19F70088"}, - {"ECEA315CA4B3F425B0C9957A17805EA4", - "664CDAE18403F4F9BA13015A44FC", - "642AFB090D6C6DB46783F08B01A3EF2A8FEB5736B531EAC226E7888FCC8505F396818F83105065FACB3267485B9E5E4A0261F621041C08FCCB2A809A49AB5252A91D0971BCC620B9D614BD77E57A0EED2FA5", - "6852C31F8083E20E364CEA21BB7854D67CEE812FE1C9ED2425C0932A90D3780728D1BB", - "2ECEF962A9695A463ADABB275BDA9FF8B2BA57AEC2F52EFFB700CD9271A74D2A011C24AEA946051BD6291776429B7E681BA33E"}, - {"4EE616C4A58AAA380878F71A373461F6", - "91B8C9C176D9C385E9C47E52", - "CDA440B7F9762C572A718AC754EDEECC119E5EE0CCB9FEA4FFB22EEE75087C032EBF3DA9CDD8A28CC010B99ED45143B41A4BA50EA2A005473F89639237838867A57F23B0F0ED3BF22490E4501DAC9C658A9B9F", - "D6E645FA9AE410D15B8123FD757FA356A8DBE9258DDB5BE88832E615910993F497EC", - "B70ED7BF959FB2AAED4F36174A2A99BFB16992C8CDF369C782C4DB9C73DE78C5DB8E0615F647243B97ACDB24503BC9CADC48"}, - {"DCD475773136C830D5E3D0C5FE05B7FF", - "BB8E1FBB483BE7616A922C4A", - "36FEF2E1CB29E76A6EA663FC3AF66ECD7404F466382F7B040AABED62293302B56E8783EF7EBC21B4A16C3E78A7483A0A403F253A2CDC5BBF79DC3DAE6C73F39A961D8FBBE8D41B", - "441E886EA38322B2437ECA7DEB5282518865A66780A454E510878E61BFEC3106A3CD93D2A02052E6F9E1832F9791053E3B76BF4C07EFDD6D4106E3027FABB752E60C1AA425416A87D53938163817A1051EBA1D1DEEB4B9B25C7E97368B52E5911A31810B0EC5AF547559B6142D9F4C4A6EF24A4CF75271BF9D48F62B", - "1BE4DD2F4E25A6512C2CC71D24BBB07368589A94C2714962CD0ACE5605688F06342587521E75F0ACAFFD86212FB5C34327D238DB36CF2B787794B9A4412E7CD1410EA5DDD2450C265F29CF96013CD213FD2880657694D718558964BC189B4A84AFCF47EB012935483052399DBA5B088B0A0477F20DFE0E85DCB735E21F22A439FB837DD365A93116D063E607"}, - {"3FBA2B3D30177FFE15C1C59ED2148BB2C091F5615FBA7C07", - "FACF804A4BEBF998505FF9DE", - "8213B9263B2971A5BDA18DBD02208EE1", - "15B323926993B326EA19F892D704439FC478828322AF72118748284A1FD8A6D814E641F70512FD706980337379F31DC63355974738D7FEA87AD2858C0C2EBBFBE74371C21450072373C7B651B334D7C4D43260B9D7CCD3AF9EDB", - "6D35DC1469B26E6AAB26272A41B46916397C24C485B61162E640A062D9275BC33DDCFD3D9E1A53B6C8F51AC89B66A41D59B3574197A40D9B6DCF8A4E2A001409C8112F16B9C389E0096179DB914E05D6D11ED0005AD17E1CE105A2F0BAB8F6B1540DEB968B7A5428FF44"}, - {"53B52B8D4D748BCDF1DDE68857832FA46227FA6E2F32EFA1", - "0B0EF53D4606B28D1398355F", - "F23882436349094AF98BCACA8218E81581A043B19009E28EFBF2DE37883E04864148CC01D240552CA8844EC1456F42034653067DA67E80F87105FD06E14FF771246C9612867BE4D215F6D761", - "F15030679BD4088D42CAC9BF2E9606EAD4798782FA3ED8C57EBE7F84A53236F51B25967C6489D0CD20C9EEA752F9BC", - "67B96E2D67C3729C96DAEAEDF821D61C17E648643A2134C5621FEC621186915AD80864BFD1EB5B238BF526A679385E012A457F583AFA78134242E9D9C1B4E4"}, - {"0272DD80F23399F49BFC320381A5CD8225867245A49A7D41", - "5C83F4896D0738E1366B1836", - "69B0337289B19F73A12BAEEA857CCAF396C11113715D9500CCCF48BA08CFF12BC8B4BADB3084E63B85719DB5058FA7C2C11DEB096D7943CFA7CAF5", - "C01AD10FC8B562CD17C7BC2FAB3E26CBDFF8D7F4DEA816794BBCC12336991712972F52816AABAB244EB43B0137E2BAC1DD413CE79531E78BEF782E6B439612BB3AEF154DE3502784F287958EBC159419F9EBA27916A28D6307324129F506B1DE80C1755A929F87", - "FEFE52DD7159C8DD6E8EC2D3D3C0F37AB6CB471A75A071D17EC4ACDD8F3AA4D7D4F7BB559F3C09099E3D9003E5E8AA1F556B79CECDE66F85B08FA5955E6976BF2695EA076388A62D2AD5BAB7CBF1A7F3F4C8D5CDF37CDE99BD3E30B685D9E5EEE48C7C89118EF4878EB89747F28271FA2CC45F8E9E7601"}, - {"3EEAED04A455D6E5E5AB53CFD5AFD2F2BC625C7BF4BE49A5", - "36B88F63ADBB5668588181D774", - "D367E3CB3703E762D23C6533188EF7028EFF9D935A3977150361997EC9DEAF1E4794BDE26AA8B53C124980B1362EC86FCDDFC7A90073171C1BAEE351A53234B86C66E8AB92FAE99EC6967A6D3428892D80", - "573454C719A9A55E04437BF7CBAAF27563CCCD92ADD5E515CD63305DFF0687E5EEF790C5DCA5C0033E9AB129505E2775438D92B38F08F3B0356BA142C6F694", - "E9F79A5B432D9E682C9AAA5661CFC2E49A0FCB81A431E54B42EB73DD3BED3F377FEC556ABA81624BA64A5D739AD41467460088F8D4F442180A9382CA635745473794C382FCDDC49BA4EB6D8A44AE3C"}, - {"B695C691538F8CBD60F039D0E28894E3693CC7C36D92D79D", - "BC099AEB637361BAC536B57618", - "BFFF1A65AE38D1DC142C71637319F5F6508E2CB33C9DCB94202B359ED5A5ED8042E7F4F09231D32A7242976677E6F4C549BF65FADC99E5AF43F7A46FD95E16C2", - "081DF3FD85B415D803F0BE5AC58CFF0023FDDED99788296C3731D8", - "E50C64E3614D94FE69C47092E46ACC9957C6FEA2CCBF96BC62FBABE7424753C75F9C147C42AE26FE171531"}, - {"C9ACBD2718F0689A1BE9802A551B6B8D9CF5614DAF5E65ED", - "B1B0AAF373B8B026EB80422051D8", - "6648C0E61AC733C76119D23FB24548D637751387AA2EAE9D80E912B7BD486CAAD9EAF4D7A5FE2B54AAD481E8EC94BB4D558000896E2010462B70C9FED1E7273080D1", - "189F591F6CB6D59AFEDD14C341741A8F1037DC0DF00FC57CE65C30F49E860255CEA5DC6019380CC0FE8880BC1A9E685F41C239C38F36E3F2A1388865C5C311059C0A", - "922A5E949B61D03BE34AB5F4E58607D4504EA14017BB363DAE3C873059EA7A1C77A746FB78981671D26C2CF6D9F24952D510044CE02A10177E9DB42D0145211DFE6E84369C5E3BC2669EAB4147B2822895F9"}, - {"7A832BD2CF5BF4919F353CE2A8C86A5E406DA2D52BE16A72", - "2F2F17CECF7E5A756D10785A3CB9DB", - "61DA05E3788CC2D8405DBA70C7A28E5AF699863C9F72E6C6770126929F5D6FA267F005EBCF49495CB46400958A3AE80D1289D1C671", - "44E91121195A41AF14E8CFDBD39A4B517BE0DF1A72977ED8A3EEF8EEDA1166B2EB6DB2C4AE2E74FA0F0C74537F659BFBD141E5DDEC67E64EDA85AABD3F52C85A785B9FB3CECD70E7DF", - "BEDF596EA21288D2B84901E188F6EE1468B14D5161D3802DBFE00D60203A24E2AB62714BF272A45551489838C3A7FEAADC177B591836E73684867CCF4E12901DCF2064058726BBA554E84ADC5136F507E961188D4AF06943D3"}, - {"1508E8AE9079AA15F1CEC4F776B4D11BCCB061B58AA56C18", - "BCA625674F41D1E3AB47672DC0C3", - "8B12CF84F16360F0EAD2A41BC021530FFCEC7F3579CAE658E10E2D3D81870F65AFCED0C77C6C4C6E6BA424FF23088C796BA6195ABA35094BF1829E089662E7A95FC90750AE16D0C8AFA55DAC789D7735B970B58D4BE7CEC7341DA82A0179A01929C27A59C5063215B859EA43", - "E525422519ECE070E82C", - "B47BC07C3ED1C0A43BA52C43CBACBCDBB29CAF1001E09FDF7107"}, - {"7550C2761644E911FE9ADD119BAC07376BEA442845FEAD876D7E7AC1B713E464", - "36D2EC25ADD33CDEDF495205BBC923", - "7FCFE81A3790DE97FFC3DE160C470847EA7E841177C2F759571CBD837EA004A6CA8C6F4AEBFF2E9FD552D73EB8A30705D58D70C0B67AEEA280CBBF0A477358ACEF1E7508F2735CD9A0E4F9AC92B8C008F575D3B6278F1C18BD01227E3502E5255F3AB1893632AD00C717C588EF652A51A43209E7EE90", - "2B1A62F8FDFAA3C16470A21AD307C9A7D03ADE8EF72C69B06F8D738CDE578D7AEFD0D40BD9C022FB9F580DF5394C998ACCCEFC5471A3996FB8F1045A81FDC6F32D13502EA65A211390C8D882B8E0BEFD8DD8CBEF51D1597B124E9F7F", - "C873E02A22DB89EB0787DB6A60B99F7E4A0A085D5C4232A81ADCE2D60AA36F92DDC33F93DD8640AC0E08416B187FB382B3EC3EE85A64B0E6EE41C1366A5AD2A282F66605E87031CCBA2FA7B2DA201D975994AADE3DD1EE122AE09604AD489B84BF0C1AB7129EE16C6934850E"}, - {"A51300285E554FDBDE7F771A9A9A80955639DD87129FAEF74987C91FB9687C71", - "81691D5D20EC818FCFF24B33DECC", - "C948093218AA9EB2A8E44A87EEA73FC8B6B75A196819A14BD83709EA323E8DF8B491045220E1D88729A38DBCFFB60D3056DAD4564498FD6574F74512945DEB34B69329ACED9FFC05D5D59DFCD5B973E2ACAFE6AD1EF8BBBC49351A2DD12508ED89ED", - "EB861165DAF7625F827C6B574ED703F03215", - "C6CD1CE76D2B3679C1B5AA1CFD67CCB55444B6BFD3E22C81CBC9BB738796B83E54E3"}, - {"8CE0156D26FAEB7E0B9B800BBB2E9D4075B5EAC5C62358B0E7F6FCE610223282", - "D2A7B94DD12CDACA909D3AD7", - "E021A78F374FC271389AB9A3E97077D755", - "7C26000B58929F5095E1CEE154F76C2A299248E299F9B5ADE6C403AA1FD4A67FD4E0232F214CE7B919EE7A1027D2B76C57475715CD078461", - "C556FB38DF069B56F337B5FF5775CE6EAA16824DFA754F20B78819028EA635C3BB7AA731DE8776B2DCB67DCA2D33EEDF3C7E52EA450013722A41755A0752433ED17BDD5991AAE77A"}, - {"1E8000A2CE00A561C9920A30BF0D7B983FEF8A1014C8F04C35CA6970E6BA02BD", - "65ED3D63F79F90BBFD19775E", - "336A8C0B7243582A46B221AA677647FCAE91", - "134A8B34824A290E7B", - "914FBEF80D0E6E17F8BDBB6097EBF5FBB0554952DC2B9E5151"}, - {"53D5607BBE690B6E8D8F6D97F3DF2BA853B682597A214B8AA0EA6E598650AF15", - "C391A856B9FE234E14BA1AC7BB40FF", - "479682BC21349C4BE1641D5E78FE2C79EC1B9CF5470936DCAD9967A4DCD7C4EFADA593BC9EDE71E6A08829B8580901B61E274227E9D918502DE3", - "EAD154DC09C5E26C5D26FF33ED148B27120C7F2C23225CC0D0631B03E1F6C6D96FEB88C1A4052ACB4CE746B884B6502931F407021126C6AAB8C514C077A5A38438AE88EE", - "938821286EBB671D999B87C032E1D6055392EB564E57970D55E545FC5E8BAB90E6E3E3C0913F6320995FC636D72CD9919657CC38BD51552F4A502D8D1FE56DB33EBAC5092630E69EBB986F0E15CEE9FC8C052501"}, - {"294362FCC984F440CEA3E9F7D2C06AF20C53AAC1B3738CA2186C914A6E193ABB", - "B15B61C8BB39261A8F55AB178EC3", - "D0729B6B75BB", - "2BD089ADCE9F334BAE3B065996C7D616DD0C27DF4218DCEEA0FBCA0F968837CE26B0876083327E25681FDDD620A32EC0DA12F73FAE826CC94BFF2B90A54D2651", - "AC94B25E4E21DE2437B806966CCD5D9385EF0CD4A51AB9FA6DE675C7B8952D67802E9FEC1FDE9F5D1EAB06057498BC0EEA454804FC9D2068982A3E24182D9AC2E7AB9994DDC899A604264583F63D066B"}, - {"959DBFEB039B1A5B8CE6A44649B602AAA5F98A906DB96143D202CD2024F749D9", - "01D7BDB1133E9C347486C1EFA6", - "F3843955BD741F379DD750585EDC55E2CDA05CCBA8C1F4622AC2FE35214BC3A019B8BD12C4CC42D9213D1E1556941E8D8450830287FFB3B763A13722DD4140ED9846FB5FFF745D7B0B967D810A068222E10B259AF1D392035B0D83DC1498A6830B11B2418A840212599171E0258A1C203B05362978", - "A21811232C950FA8B12237C2EBD6A7CD2C3A155905E9E0C7C120", - "63C1CE397B22F1A03F1FA549B43178BC405B152D3C95E977426D519B3DFCA28498823240592B6EEE7A14"}, - {"096AE499F5294173F34FF2B375F0E5D5AB79D0D03B33B1A74D7D576826345DF4", - "0C52B3D11D636E5910A4DD76D32C", - "229E9ECA3053789E937447BC719467075B6138A142DA528DA8F0CF8DDF022FD9AF8E74779BA3AC306609", - "8B7A00038783E8BAF6EDEAE0C4EAB48FC8FD501A588C7E4A4DB71E3604F2155A97687D3D2FFF8569261375A513CF4398CE0F87CA1658A1050F6EF6C4EA3E25", - "C20B6CF8D3C8241825FD90B2EDAC7593600646E579A8D8DAAE9E2E40C3835FE801B2BE4379131452BC5182C90307B176DFBE2049544222FE7783147B690774F6D9D7CEF52A91E61E298E9AA15464AC"}, -} diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go deleted file mode 100644 index 330309ff5f..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go +++ /dev/null @@ -1,78 +0,0 @@ -package ocb - -import ( - "encoding/hex" -) - -// Test vectors from https://tools.ietf.org/html/rfc7253. Note that key is -// shared across tests. -var testKey, _ = hex.DecodeString("000102030405060708090A0B0C0D0E0F") - -var rfc7253testVectors = []struct { - nonce, header, plaintext, ciphertext string -}{ - {"BBAA99887766554433221100", - "", - "", - "785407BFFFC8AD9EDCC5520AC9111EE6"}, - {"BBAA99887766554433221101", - "0001020304050607", - "0001020304050607", - "6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009"}, - {"BBAA99887766554433221102", - "0001020304050607", - "", - "81017F8203F081277152FADE694A0A00"}, - {"BBAA99887766554433221103", - "", - "0001020304050607", - "45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9"}, - {"BBAA99887766554433221104", - "000102030405060708090A0B0C0D0E0F", - "000102030405060708090A0B0C0D0E0F", - "571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5701C1CCEC8FC3358"}, - {"BBAA99887766554433221105", - "000102030405060708090A0B0C0D0E0F", - "", - "8CF761B6902EF764462AD86498CA6B97"}, - {"BBAA99887766554433221106", - "", - "000102030405060708090A0B0C0D0E0F", - "5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436BDF06D8FA1ECA343D"}, - {"BBAA99887766554433221107", - "000102030405060708090A0B0C0D0E0F1011121314151617", - "000102030405060708090A0B0C0D0E0F1011121314151617", - "1CA2207308C87C010756104D8840CE1952F09673A448A122C92C62241051F57356D7F3C90BB0E07F"}, - {"BBAA99887766554433221108", - "000102030405060708090A0B0C0D0E0F1011121314151617", - "", - "6DC225A071FC1B9F7C69F93B0F1E10DE"}, - {"BBAA99887766554433221109", - "", - "000102030405060708090A0B0C0D0E0F1011121314151617", - "221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3CE725F32494B9F914D85C0B1EB38357FF"}, - {"BBAA9988776655443322110A", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", - "BD6F6C496201C69296C11EFD138A467ABD3C707924B964DEAFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240"}, - {"BBAA9988776655443322110B", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", - "", - "FE80690BEE8A485D11F32965BC9D2A32"}, - {"BBAA9988776655443322110C", - "", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", - "2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF46040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF"}, - {"BBAA9988776655443322110D", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "D5CA91748410C1751FF8A2F618255B68A0A12E093FF454606E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483A7035490C5769E60"}, - {"BBAA9988776655443322110E", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "", - "C5CD9D1850C141E358649994EE701B68"}, - {"BBAA9988776655443322110F", - "", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95A98CA5F3000B1479"}, -} diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go deleted file mode 100644 index 14a3c336fb..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go +++ /dev/null @@ -1,25 +0,0 @@ -package ocb - -// Second set of test vectors from https://tools.ietf.org/html/rfc7253 -var rfc7253TestVectorTaglen96 = struct { - key, nonce, header, plaintext, ciphertext string -}{"0F0E0D0C0B0A09080706050403020100", - "BBAA9988776655443322110D", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FDAC4F02AA"} - -var rfc7253AlgorithmTest = []struct { - KEYLEN, TAGLEN int - OUTPUT string -}{ - {128, 128, "67E944D23256C5E0B6C61FA22FDF1EA2"}, - {192, 128, "F673F2C3E7174AAE7BAE986CA9F29E17"}, - {256, 128, "D90EB8E9C977C88B79DD793D7FFA161C"}, - {128, 96, "77A3D8E73589158D25D01209"}, - {192, 96, "05D56EAD2752C86BE6932C5E"}, - {256, 96, "5458359AC23B0CBA9E6330DD"}, - {128, 64, "192C9B7BD90BA06A"}, - {192, 64, "0066BC6E0EF34E24"}, - {256, 64, "7D4EA5D445501CBE"}, -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go deleted file mode 100644 index 3c6251d1ce..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go +++ /dev/null @@ -1,153 +0,0 @@ -// Copyright 2014 Matthew Endsley -// All rights reserved -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted providing that the following conditions -// are met: -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the distribution. -// -// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING -// IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -// POSSIBILITY OF SUCH DAMAGE. - -// Package keywrap is an implementation of the RFC 3394 AES key wrapping -// algorithm. This is used in OpenPGP with elliptic curve keys. -package keywrap - -import ( - "crypto/aes" - "encoding/binary" - "errors" -) - -var ( - // ErrWrapPlaintext is returned if the plaintext is not a multiple - // of 64 bits. - ErrWrapPlaintext = errors.New("keywrap: plainText must be a multiple of 64 bits") - - // ErrUnwrapCiphertext is returned if the ciphertext is not a - // multiple of 64 bits. - ErrUnwrapCiphertext = errors.New("keywrap: cipherText must by a multiple of 64 bits") - - // ErrUnwrapFailed is returned if unwrapping a key fails. - ErrUnwrapFailed = errors.New("keywrap: failed to unwrap key") - - // NB: the AES NewCipher call only fails if the key is an invalid length. - - // ErrInvalidKey is returned when the AES key is invalid. - ErrInvalidKey = errors.New("keywrap: invalid AES key") -) - -// Wrap a key using the RFC 3394 AES Key Wrap Algorithm. -func Wrap(key, plainText []byte) ([]byte, error) { - if len(plainText)%8 != 0 { - return nil, ErrWrapPlaintext - } - - c, err := aes.NewCipher(key) - if err != nil { - return nil, ErrInvalidKey - } - - nblocks := len(plainText) / 8 - - // 1) Initialize variables. - var block [aes.BlockSize]byte - // - Set A = IV, an initial value (see 2.2.3) - for ii := 0; ii < 8; ii++ { - block[ii] = 0xA6 - } - - // - For i = 1 to n - // - Set R[i] = P[i] - intermediate := make([]byte, len(plainText)) - copy(intermediate, plainText) - - // 2) Calculate intermediate values. - for ii := 0; ii < 6; ii++ { - for jj := 0; jj < nblocks; jj++ { - // - B = AES(K, A | R[i]) - copy(block[8:], intermediate[jj*8:jj*8+8]) - c.Encrypt(block[:], block[:]) - - // - A = MSB(64, B) ^ t where t = (n*j)+1 - t := uint64(ii*nblocks + jj + 1) - val := binary.BigEndian.Uint64(block[:8]) ^ t - binary.BigEndian.PutUint64(block[:8], val) - - // - R[i] = LSB(64, B) - copy(intermediate[jj*8:jj*8+8], block[8:]) - } - } - - // 3) Output results. - // - Set C[0] = A - // - For i = 1 to n - // - C[i] = R[i] - return append(block[:8], intermediate...), nil -} - -// Unwrap a key using the RFC 3394 AES Key Wrap Algorithm. -func Unwrap(key, cipherText []byte) ([]byte, error) { - if len(cipherText)%8 != 0 { - return nil, ErrUnwrapCiphertext - } - - c, err := aes.NewCipher(key) - if err != nil { - return nil, ErrInvalidKey - } - - nblocks := len(cipherText)/8 - 1 - - // 1) Initialize variables. - var block [aes.BlockSize]byte - // - Set A = C[0] - copy(block[:8], cipherText[:8]) - - // - For i = 1 to n - // - Set R[i] = C[i] - intermediate := make([]byte, len(cipherText)-8) - copy(intermediate, cipherText[8:]) - - // 2) Compute intermediate values. - for jj := 5; jj >= 0; jj-- { - for ii := nblocks - 1; ii >= 0; ii-- { - // - B = AES-1(K, (A ^ t) | R[i]) where t = n*j+1 - // - A = MSB(64, B) - t := uint64(jj*nblocks + ii + 1) - val := binary.BigEndian.Uint64(block[:8]) ^ t - binary.BigEndian.PutUint64(block[:8], val) - - copy(block[8:], intermediate[ii*8:ii*8+8]) - c.Decrypt(block[:], block[:]) - - // - R[i] = LSB(B, 64) - copy(intermediate[ii*8:ii*8+8], block[8:]) - } - } - - // 3) Output results. - // - If A is an appropriate initial value (see 2.2.3), - for ii := 0; ii < 8; ii++ { - if block[ii] != 0xA6 { - return nil, ErrUnwrapFailed - } - } - - // - For i = 1 to n - // - P[i] = R[i] - return intermediate, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go deleted file mode 100644 index e0a677f284..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go +++ /dev/null @@ -1,183 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package armor implements OpenPGP ASCII Armor, see RFC 4880. OpenPGP Armor is -// very similar to PEM except that it has an additional CRC checksum. -package armor // import "github.com/ProtonMail/go-crypto/openpgp/armor" - -import ( - "bufio" - "bytes" - "encoding/base64" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// A Block represents an OpenPGP armored structure. -// -// The encoded form is: -// -// -----BEGIN Type----- -// Headers -// -// base64-encoded Bytes -// '=' base64 encoded checksum (optional) not checked anymore -// -----END Type----- -// -// where Headers is a possibly empty sequence of Key: Value lines. -// -// Since the armored data can be very large, this package presents a streaming -// interface. -type Block struct { - Type string // The type, taken from the preamble (i.e. "PGP SIGNATURE"). - Header map[string]string // Optional headers. - Body io.Reader // A Reader from which the contents can be read - lReader lineReader - oReader openpgpReader -} - -var ArmorCorrupt error = errors.StructuralError("armor invalid") - -var armorStart = []byte("-----BEGIN ") -var armorEnd = []byte("-----END ") -var armorEndOfLine = []byte("-----") - -// lineReader wraps a line based reader. It watches for the end of an armor block -type lineReader struct { - in *bufio.Reader - buf []byte - eof bool -} - -func (l *lineReader) Read(p []byte) (n int, err error) { - if l.eof { - return 0, io.EOF - } - - if len(l.buf) > 0 { - n = copy(p, l.buf) - l.buf = l.buf[n:] - return - } - - line, isPrefix, err := l.in.ReadLine() - if err != nil { - return - } - if isPrefix { - return 0, ArmorCorrupt - } - - if bytes.HasPrefix(line, armorEnd) { - l.eof = true - return 0, io.EOF - } - - if len(line) == 5 && line[0] == '=' { - // This is the checksum line - // Don't check the checksum - - l.eof = true - return 0, io.EOF - } - - if len(line) > 96 { - return 0, ArmorCorrupt - } - - n = copy(p, line) - bytesToSave := len(line) - n - if bytesToSave > 0 { - if cap(l.buf) < bytesToSave { - l.buf = make([]byte, 0, bytesToSave) - } - l.buf = l.buf[0:bytesToSave] - copy(l.buf, line[n:]) - } - - return -} - -// openpgpReader passes Read calls to the underlying base64 decoder. -type openpgpReader struct { - lReader *lineReader - b64Reader io.Reader -} - -func (r *openpgpReader) Read(p []byte) (n int, err error) { - n, err = r.b64Reader.Read(p) - return -} - -// Decode reads a PGP armored block from the given Reader. It will ignore -// leading garbage. If it doesn't find a block, it will return nil, io.EOF. The -// given Reader is not usable after calling this function: an arbitrary amount -// of data may have been read past the end of the block. -func Decode(in io.Reader) (p *Block, err error) { - r := bufio.NewReaderSize(in, 100) - var line []byte - ignoreNext := false - -TryNextBlock: - p = nil - - // Skip leading garbage - for { - ignoreThis := ignoreNext - line, ignoreNext, err = r.ReadLine() - if err != nil { - return - } - if ignoreNext || ignoreThis { - continue - } - line = bytes.TrimSpace(line) - if len(line) > len(armorStart)+len(armorEndOfLine) && bytes.HasPrefix(line, armorStart) { - break - } - } - - p = new(Block) - p.Type = string(line[len(armorStart) : len(line)-len(armorEndOfLine)]) - p.Header = make(map[string]string) - nextIsContinuation := false - var lastKey string - - // Read headers - for { - isContinuation := nextIsContinuation - line, nextIsContinuation, err = r.ReadLine() - if err != nil { - p = nil - return - } - if isContinuation { - p.Header[lastKey] += string(line) - continue - } - line = bytes.TrimSpace(line) - if len(line) == 0 { - break - } - - i := bytes.Index(line, []byte(":")) - if i == -1 { - goto TryNextBlock - } - lastKey = string(line[:i]) - var value string - if len(line) > i+2 { - value = string(line[i+2:]) - } - p.Header[lastKey] = value - } - - p.lReader.in = r - p.oReader.lReader = &p.lReader - p.oReader.b64Reader = base64.NewDecoder(base64.StdEncoding, &p.lReader) - p.Body = &p.oReader - - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go deleted file mode 100644 index 550efddf05..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go +++ /dev/null @@ -1,206 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package armor - -import ( - "encoding/base64" - "io" - "sort" -) - -var armorHeaderSep = []byte(": ") -var blockEnd = []byte("\n=") -var newline = []byte("\n") -var armorEndOfLineOut = []byte("-----\n") - -const crc24Init = 0xb704ce -const crc24Poly = 0x1864cfb - -// crc24 calculates the OpenPGP checksum as specified in RFC 4880, section 6.1 -func crc24(crc uint32, d []byte) uint32 { - for _, b := range d { - crc ^= uint32(b) << 16 - for i := 0; i < 8; i++ { - crc <<= 1 - if crc&0x1000000 != 0 { - crc ^= crc24Poly - } - } - } - return crc -} - -// writeSlices writes its arguments to the given Writer. -func writeSlices(out io.Writer, slices ...[]byte) (err error) { - for _, s := range slices { - _, err = out.Write(s) - if err != nil { - return err - } - } - return -} - -// lineBreaker breaks data across several lines, all of the same byte length -// (except possibly the last). Lines are broken with a single '\n'. -type lineBreaker struct { - lineLength int - line []byte - used int - out io.Writer - haveWritten bool -} - -func newLineBreaker(out io.Writer, lineLength int) *lineBreaker { - return &lineBreaker{ - lineLength: lineLength, - line: make([]byte, lineLength), - used: 0, - out: out, - } -} - -func (l *lineBreaker) Write(b []byte) (n int, err error) { - n = len(b) - - if n == 0 { - return - } - - if l.used == 0 && l.haveWritten { - _, err = l.out.Write([]byte{'\n'}) - if err != nil { - return - } - } - - if l.used+len(b) < l.lineLength { - l.used += copy(l.line[l.used:], b) - return - } - - l.haveWritten = true - _, err = l.out.Write(l.line[0:l.used]) - if err != nil { - return - } - excess := l.lineLength - l.used - l.used = 0 - - _, err = l.out.Write(b[0:excess]) - if err != nil { - return - } - - _, err = l.Write(b[excess:]) - return -} - -func (l *lineBreaker) Close() (err error) { - if l.used > 0 { - _, err = l.out.Write(l.line[0:l.used]) - if err != nil { - return - } - } - - return -} - -// encoding keeps track of a running CRC24 over the data which has been written -// to it and outputs a OpenPGP checksum when closed, followed by an armor -// trailer. -// -// It's built into a stack of io.Writers: -// -// encoding -> base64 encoder -> lineBreaker -> out -type encoding struct { - out io.Writer - breaker *lineBreaker - b64 io.WriteCloser - crc uint32 - crcEnabled bool - blockType []byte -} - -func (e *encoding) Write(data []byte) (n int, err error) { - if e.crcEnabled { - e.crc = crc24(e.crc, data) - } - return e.b64.Write(data) -} - -func (e *encoding) Close() (err error) { - err = e.b64.Close() - if err != nil { - return - } - e.breaker.Close() - - if e.crcEnabled { - var checksumBytes [3]byte - checksumBytes[0] = byte(e.crc >> 16) - checksumBytes[1] = byte(e.crc >> 8) - checksumBytes[2] = byte(e.crc) - - var b64ChecksumBytes [4]byte - base64.StdEncoding.Encode(b64ChecksumBytes[:], checksumBytes[:]) - - return writeSlices(e.out, blockEnd, b64ChecksumBytes[:], newline, armorEnd, e.blockType, armorEndOfLine) - } - return writeSlices(e.out, newline, armorEnd, e.blockType, armorEndOfLine) -} - -func encode(out io.Writer, blockType string, headers map[string]string, checksum bool) (w io.WriteCloser, err error) { - bType := []byte(blockType) - err = writeSlices(out, armorStart, bType, armorEndOfLineOut) - if err != nil { - return - } - - keys := make([]string, len(headers)) - i := 0 - for k := range headers { - keys[i] = k - i++ - } - sort.Strings(keys) - for _, k := range keys { - err = writeSlices(out, []byte(k), armorHeaderSep, []byte(headers[k]), newline) - if err != nil { - return - } - } - - _, err = out.Write(newline) - if err != nil { - return - } - - e := &encoding{ - out: out, - breaker: newLineBreaker(out, 64), - blockType: bType, - crc: crc24Init, - crcEnabled: checksum, - } - e.b64 = base64.NewEncoder(base64.StdEncoding, e.breaker) - return e, nil -} - -// Encode returns a WriteCloser which will encode the data written to it in -// OpenPGP armor. -func Encode(out io.Writer, blockType string, headers map[string]string) (w io.WriteCloser, err error) { - return encode(out, blockType, headers, true) -} - -// EncodeWithChecksumOption returns a WriteCloser which will encode the data written to it in -// OpenPGP armor and provides the option to include a checksum. -// When forming ASCII Armor, the CRC24 footer SHOULD NOT be generated, -// unless interoperability with implementations that require the CRC24 footer -// to be present is a concern. -func EncodeWithChecksumOption(out io.Writer, blockType string, headers map[string]string, doChecksum bool) (w io.WriteCloser, err error) { - return encode(out, blockType, headers, doChecksum) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go deleted file mode 100644 index 5b40e1375d..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go +++ /dev/null @@ -1,71 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package openpgp - -import ( - "hash" - "io" -) - -// NewCanonicalTextHash reformats text written to it into the canonical -// form and then applies the hash h. See RFC 4880, section 5.2.1. -func NewCanonicalTextHash(h hash.Hash) hash.Hash { - return &canonicalTextHash{h, 0} -} - -type canonicalTextHash struct { - h hash.Hash - s int -} - -var newline = []byte{'\r', '\n'} - -func writeCanonical(cw io.Writer, buf []byte, s *int) (int, error) { - start := 0 - for i, c := range buf { - switch *s { - case 0: - if c == '\r' { - *s = 1 - } else if c == '\n' { - if _, err := cw.Write(buf[start:i]); err != nil { - return 0, err - } - if _, err := cw.Write(newline); err != nil { - return 0, err - } - start = i + 1 - } - case 1: - *s = 0 - } - } - - if _, err := cw.Write(buf[start:]); err != nil { - return 0, err - } - return len(buf), nil -} - -func (cth *canonicalTextHash) Write(buf []byte) (int, error) { - return writeCanonical(cth.h, buf, &cth.s) -} - -func (cth *canonicalTextHash) Sum(in []byte) []byte { - return cth.h.Sum(in) -} - -func (cth *canonicalTextHash) Reset() { - cth.h.Reset() - cth.s = 0 -} - -func (cth *canonicalTextHash) Size() int { - return cth.h.Size() -} - -func (cth *canonicalTextHash) BlockSize() int { - return cth.h.BlockSize() -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go deleted file mode 100644 index db8fb163b6..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go +++ /dev/null @@ -1,206 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package ecdh implements ECDH encryption, suitable for OpenPGP, -// as specified in RFC 6637, section 8. -package ecdh - -import ( - "bytes" - "errors" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/internal/ecc" -) - -type KDF struct { - Hash algorithm.Hash - Cipher algorithm.Cipher -} - -type PublicKey struct { - curve ecc.ECDHCurve - Point []byte - KDF -} - -type PrivateKey struct { - PublicKey - D []byte -} - -func NewPublicKey(curve ecc.ECDHCurve, kdfHash algorithm.Hash, kdfCipher algorithm.Cipher) *PublicKey { - return &PublicKey{ - curve: curve, - KDF: KDF{ - Hash: kdfHash, - Cipher: kdfCipher, - }, - } -} - -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -func (pk *PublicKey) GetCurve() ecc.ECDHCurve { - return pk.curve -} - -func (pk *PublicKey) MarshalPoint() []byte { - return pk.curve.MarshalBytePoint(pk.Point) -} - -func (pk *PublicKey) UnmarshalPoint(p []byte) error { - pk.Point = pk.curve.UnmarshalBytePoint(p) - if pk.Point == nil { - return errors.New("ecdh: failed to parse EC point") - } - return nil -} - -func (sk *PrivateKey) MarshalByteSecret() []byte { - return sk.curve.MarshalByteSecret(sk.D) -} - -func (sk *PrivateKey) UnmarshalByteSecret(d []byte) error { - sk.D = sk.curve.UnmarshalByteSecret(d) - - if sk.D == nil { - return errors.New("ecdh: failed to parse scalar") - } - return nil -} - -func GenerateKey(rand io.Reader, c ecc.ECDHCurve, kdf KDF) (priv *PrivateKey, err error) { - priv = new(PrivateKey) - priv.PublicKey.curve = c - priv.PublicKey.KDF = kdf - priv.PublicKey.Point, priv.D, err = c.GenerateECDH(rand) - return -} - -func Encrypt(random io.Reader, pub *PublicKey, msg, curveOID, fingerprint []byte) (vsG, c []byte, err error) { - if len(msg) > 40 { - return nil, nil, errors.New("ecdh: message too long") - } - // the sender MAY use 21, 13, and 5 bytes of padding for AES-128, - // AES-192, and AES-256, respectively, to provide the same number of - // octets, 40 total, as an input to the key wrapping method. - padding := make([]byte, 40-len(msg)) - for i := range padding { - padding[i] = byte(40 - len(msg)) - } - m := append(msg, padding...) - - ephemeral, zb, err := pub.curve.Encaps(random, pub.Point) - if err != nil { - return nil, nil, err - } - - vsG = pub.curve.MarshalBytePoint(ephemeral) - - z, err := buildKey(pub, zb, curveOID, fingerprint, false, false) - if err != nil { - return nil, nil, err - } - - if c, err = keywrap.Wrap(z, m); err != nil { - return nil, nil, err - } - - return vsG, c, nil - -} - -func Decrypt(priv *PrivateKey, vsG, c, curveOID, fingerprint []byte) (msg []byte, err error) { - var m []byte - zb, err := priv.PublicKey.curve.Decaps(priv.curve.UnmarshalBytePoint(vsG), priv.D) - - // Try buildKey three times to workaround an old bug, see comments in buildKey. - for i := 0; i < 3; i++ { - var z []byte - // RFC6637 §8: "Compute Z = KDF( S, Z_len, Param );" - z, err = buildKey(&priv.PublicKey, zb, curveOID, fingerprint, i == 1, i == 2) - if err != nil { - return nil, err - } - - // RFC6637 §8: "Compute C = AESKeyWrap( Z, c ) as per [RFC3394]" - m, err = keywrap.Unwrap(z, c) - if err == nil { - break - } - } - - // Only return an error after we've tried all (required) variants of buildKey. - if err != nil { - return nil, err - } - - // RFC6637 §8: "m = symm_alg_ID || session key || checksum || pkcs5_padding" - // The last byte should be the length of the padding, as per PKCS5; strip it off. - return m[:len(m)-int(m[len(m)-1])], nil -} - -func buildKey(pub *PublicKey, zb []byte, curveOID, fingerprint []byte, stripLeading, stripTrailing bool) ([]byte, error) { - // Param = curve_OID_len || curve_OID || public_key_alg_ID || 03 - // || 01 || KDF_hash_ID || KEK_alg_ID for AESKeyWrap - // || "Anonymous Sender " || recipient_fingerprint; - param := new(bytes.Buffer) - if _, err := param.Write(curveOID); err != nil { - return nil, err - } - algKDF := []byte{18, 3, 1, pub.KDF.Hash.Id(), pub.KDF.Cipher.Id()} - if _, err := param.Write(algKDF); err != nil { - return nil, err - } - if _, err := param.Write([]byte("Anonymous Sender ")); err != nil { - return nil, err - } - if _, err := param.Write(fingerprint[:]); err != nil { - return nil, err - } - - // MB = Hash ( 00 || 00 || 00 || 01 || ZB || Param ); - h := pub.KDF.Hash.New() - if _, err := h.Write([]byte{0x0, 0x0, 0x0, 0x1}); err != nil { - return nil, err - } - zbLen := len(zb) - i := 0 - j := zbLen - 1 - if stripLeading { - // Work around old go crypto bug where the leading zeros are missing. - for i < zbLen && zb[i] == 0 { - i++ - } - } - if stripTrailing { - // Work around old OpenPGP.js bug where insignificant trailing zeros in - // this little-endian number are missing. - // (See https://github.com/openpgpjs/openpgpjs/pull/853.) - for j >= 0 && zb[j] == 0 { - j-- - } - } - if _, err := h.Write(zb[i : j+1]); err != nil { - return nil, err - } - if _, err := h.Write(param.Bytes()); err != nil { - return nil, err - } - mb := h.Sum(nil) - - return mb[:pub.KDF.Cipher.KeySize()], nil // return oBits leftmost bits of MB. - -} - -func Validate(priv *PrivateKey) error { - return priv.curve.ValidateECDH(priv.Point, priv.D) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go deleted file mode 100644 index f94ae1b2f5..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go +++ /dev/null @@ -1,80 +0,0 @@ -// Package ecdsa implements ECDSA signature, suitable for OpenPGP, -// as specified in RFC 6637, section 5. -package ecdsa - -import ( - "errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/ecc" - "io" - "math/big" -) - -type PublicKey struct { - X, Y *big.Int - curve ecc.ECDSACurve -} - -type PrivateKey struct { - PublicKey - D *big.Int -} - -func NewPublicKey(curve ecc.ECDSACurve) *PublicKey { - return &PublicKey{ - curve: curve, - } -} - -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -func (pk *PublicKey) GetCurve() ecc.ECDSACurve { - return pk.curve -} - -func (pk *PublicKey) MarshalPoint() []byte { - return pk.curve.MarshalIntegerPoint(pk.X, pk.Y) -} - -func (pk *PublicKey) UnmarshalPoint(p []byte) error { - pk.X, pk.Y = pk.curve.UnmarshalIntegerPoint(p) - if pk.X == nil { - return errors.New("ecdsa: failed to parse EC point") - } - return nil -} - -func (sk *PrivateKey) MarshalIntegerSecret() []byte { - return sk.curve.MarshalIntegerSecret(sk.D) -} - -func (sk *PrivateKey) UnmarshalIntegerSecret(d []byte) error { - sk.D = sk.curve.UnmarshalIntegerSecret(d) - - if sk.D == nil { - return errors.New("ecdsa: failed to parse scalar") - } - return nil -} - -func GenerateKey(rand io.Reader, c ecc.ECDSACurve) (priv *PrivateKey, err error) { - priv = new(PrivateKey) - priv.PublicKey.curve = c - priv.PublicKey.X, priv.PublicKey.Y, priv.D, err = c.GenerateECDSA(rand) - return -} - -func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) { - return priv.PublicKey.curve.Sign(rand, priv.X, priv.Y, priv.D, hash) -} - -func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { - return pub.curve.Verify(pub.X, pub.Y, hash, r, s) -} - -func Validate(priv *PrivateKey) error { - return priv.curve.ValidateECDSA(priv.X, priv.Y, priv.D.Bytes()) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go deleted file mode 100644 index 6abdf7c446..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go +++ /dev/null @@ -1,115 +0,0 @@ -// Package ed25519 implements the ed25519 signature algorithm for OpenPGP -// as defined in the Open PGP crypto refresh. -package ed25519 - -import ( - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - ed25519lib "github.com/cloudflare/circl/sign/ed25519" -) - -const ( - // PublicKeySize is the size, in bytes, of public keys in this package. - PublicKeySize = ed25519lib.PublicKeySize - // SeedSize is the size, in bytes, of private key seeds. - // The private key representation used by RFC 8032. - SeedSize = ed25519lib.SeedSize - // SignatureSize is the size, in bytes, of signatures generated and verified by this package. - SignatureSize = ed25519lib.SignatureSize -) - -type PublicKey struct { - // Point represents the elliptic curve point of the public key. - Point []byte -} - -type PrivateKey struct { - PublicKey - // Key the private key representation by RFC 8032, - // encoded as seed | pub key point. - Key []byte -} - -// NewPublicKey creates a new empty ed25519 public key. -func NewPublicKey() *PublicKey { - return &PublicKey{} -} - -// NewPrivateKey creates a new empty private key referencing the public key. -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -// Seed returns the ed25519 private key secret seed. -// The private key representation by RFC 8032. -func (pk *PrivateKey) Seed() []byte { - return pk.Key[:SeedSize] -} - -// MarshalByteSecret returns the underlying 32 byte seed of the private key. -func (pk *PrivateKey) MarshalByteSecret() []byte { - return pk.Seed() -} - -// UnmarshalByteSecret computes the private key from the secret seed -// and stores it in the private key object. -func (sk *PrivateKey) UnmarshalByteSecret(seed []byte) error { - sk.Key = ed25519lib.NewKeyFromSeed(seed) - return nil -} - -// GenerateKey generates a fresh private key with the provided randomness source. -func GenerateKey(rand io.Reader) (*PrivateKey, error) { - publicKey, privateKey, err := ed25519lib.GenerateKey(rand) - if err != nil { - return nil, err - } - privateKeyOut := new(PrivateKey) - privateKeyOut.PublicKey.Point = publicKey[:] - privateKeyOut.Key = privateKey[:] - return privateKeyOut, nil -} - -// Sign signs a message with the ed25519 algorithm. -// priv MUST be a valid key! Check this with Validate() before use. -func Sign(priv *PrivateKey, message []byte) ([]byte, error) { - return ed25519lib.Sign(priv.Key, message), nil -} - -// Verify verifies an ed25519 signature. -func Verify(pub *PublicKey, message []byte, signature []byte) bool { - return ed25519lib.Verify(pub.Point, message, signature) -} - -// Validate checks if the ed25519 private key is valid. -func Validate(priv *PrivateKey) error { - expectedPrivateKey := ed25519lib.NewKeyFromSeed(priv.Seed()) - if subtle.ConstantTimeCompare(priv.Key, expectedPrivateKey) == 0 { - return errors.KeyInvalidError("ed25519: invalid ed25519 secret") - } - if subtle.ConstantTimeCompare(priv.PublicKey.Point, expectedPrivateKey[SeedSize:]) == 0 { - return errors.KeyInvalidError("ed25519: invalid ed25519 public key") - } - return nil -} - -// ENCODING/DECODING signature: - -// WriteSignature encodes and writes an ed25519 signature to writer. -func WriteSignature(writer io.Writer, signature []byte) error { - _, err := writer.Write(signature) - return err -} - -// ReadSignature decodes an ed25519 signature from a reader. -func ReadSignature(reader io.Reader) ([]byte, error) { - signature := make([]byte, SignatureSize) - if _, err := io.ReadFull(reader, signature); err != nil { - return nil, err - } - return signature, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go deleted file mode 100644 index b11fb4fb17..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go +++ /dev/null @@ -1,119 +0,0 @@ -// Package ed448 implements the ed448 signature algorithm for OpenPGP -// as defined in the Open PGP crypto refresh. -package ed448 - -import ( - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - ed448lib "github.com/cloudflare/circl/sign/ed448" -) - -const ( - // PublicKeySize is the size, in bytes, of public keys in this package. - PublicKeySize = ed448lib.PublicKeySize - // SeedSize is the size, in bytes, of private key seeds. - // The private key representation used by RFC 8032. - SeedSize = ed448lib.SeedSize - // SignatureSize is the size, in bytes, of signatures generated and verified by this package. - SignatureSize = ed448lib.SignatureSize -) - -type PublicKey struct { - // Point represents the elliptic curve point of the public key. - Point []byte -} - -type PrivateKey struct { - PublicKey - // Key the private key representation by RFC 8032, - // encoded as seed | public key point. - Key []byte -} - -// NewPublicKey creates a new empty ed448 public key. -func NewPublicKey() *PublicKey { - return &PublicKey{} -} - -// NewPrivateKey creates a new empty private key referencing the public key. -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -// Seed returns the ed448 private key secret seed. -// The private key representation by RFC 8032. -func (pk *PrivateKey) Seed() []byte { - return pk.Key[:SeedSize] -} - -// MarshalByteSecret returns the underlying seed of the private key. -func (pk *PrivateKey) MarshalByteSecret() []byte { - return pk.Seed() -} - -// UnmarshalByteSecret computes the private key from the secret seed -// and stores it in the private key object. -func (sk *PrivateKey) UnmarshalByteSecret(seed []byte) error { - sk.Key = ed448lib.NewKeyFromSeed(seed) - return nil -} - -// GenerateKey generates a fresh private key with the provided randomness source. -func GenerateKey(rand io.Reader) (*PrivateKey, error) { - publicKey, privateKey, err := ed448lib.GenerateKey(rand) - if err != nil { - return nil, err - } - privateKeyOut := new(PrivateKey) - privateKeyOut.PublicKey.Point = publicKey[:] - privateKeyOut.Key = privateKey[:] - return privateKeyOut, nil -} - -// Sign signs a message with the ed448 algorithm. -// priv MUST be a valid key! Check this with Validate() before use. -func Sign(priv *PrivateKey, message []byte) ([]byte, error) { - // Ed448 is used with the empty string as a context string. - // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-08#section-13.7 - return ed448lib.Sign(priv.Key, message, ""), nil -} - -// Verify verifies a ed448 signature -func Verify(pub *PublicKey, message []byte, signature []byte) bool { - // Ed448 is used with the empty string as a context string. - // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-08#section-13.7 - return ed448lib.Verify(pub.Point, message, signature, "") -} - -// Validate checks if the ed448 private key is valid -func Validate(priv *PrivateKey) error { - expectedPrivateKey := ed448lib.NewKeyFromSeed(priv.Seed()) - if subtle.ConstantTimeCompare(priv.Key, expectedPrivateKey) == 0 { - return errors.KeyInvalidError("ed448: invalid ed448 secret") - } - if subtle.ConstantTimeCompare(priv.PublicKey.Point, expectedPrivateKey[SeedSize:]) == 0 { - return errors.KeyInvalidError("ed448: invalid ed448 public key") - } - return nil -} - -// ENCODING/DECODING signature: - -// WriteSignature encodes and writes an ed448 signature to writer. -func WriteSignature(writer io.Writer, signature []byte) error { - _, err := writer.Write(signature) - return err -} - -// ReadSignature decodes an ed448 signature from a reader. -func ReadSignature(reader io.Reader) ([]byte, error) { - signature := make([]byte, SignatureSize) - if _, err := io.ReadFull(reader, signature); err != nil { - return nil, err - } - return signature, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go deleted file mode 100644 index 99ecfc7f12..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go +++ /dev/null @@ -1,91 +0,0 @@ -// Package eddsa implements EdDSA signature, suitable for OpenPGP, as specified in -// https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7 -package eddsa - -import ( - "errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/ecc" - "io" -) - -type PublicKey struct { - X []byte - curve ecc.EdDSACurve -} - -type PrivateKey struct { - PublicKey - D []byte -} - -func NewPublicKey(curve ecc.EdDSACurve) *PublicKey { - return &PublicKey{ - curve: curve, - } -} - -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -func (pk *PublicKey) GetCurve() ecc.EdDSACurve { - return pk.curve -} - -func (pk *PublicKey) MarshalPoint() []byte { - return pk.curve.MarshalBytePoint(pk.X) -} - -func (pk *PublicKey) UnmarshalPoint(x []byte) error { - pk.X = pk.curve.UnmarshalBytePoint(x) - - if pk.X == nil { - return errors.New("eddsa: failed to parse EC point") - } - return nil -} - -func (sk *PrivateKey) MarshalByteSecret() []byte { - return sk.curve.MarshalByteSecret(sk.D) -} - -func (sk *PrivateKey) UnmarshalByteSecret(d []byte) error { - sk.D = sk.curve.UnmarshalByteSecret(d) - - if sk.D == nil { - return errors.New("eddsa: failed to parse scalar") - } - return nil -} - -func GenerateKey(rand io.Reader, c ecc.EdDSACurve) (priv *PrivateKey, err error) { - priv = new(PrivateKey) - priv.PublicKey.curve = c - priv.PublicKey.X, priv.D, err = c.GenerateEdDSA(rand) - return -} - -func Sign(priv *PrivateKey, message []byte) (r, s []byte, err error) { - sig, err := priv.PublicKey.curve.Sign(priv.PublicKey.X, priv.D, message) - if err != nil { - return nil, nil, err - } - - r, s = priv.PublicKey.curve.MarshalSignature(sig) - return -} - -func Verify(pub *PublicKey, message, r, s []byte) bool { - sig := pub.curve.UnmarshalSignature(r, s) - if sig == nil { - return false - } - - return pub.curve.Verify(pub.X, message, sig) -} - -func Validate(priv *PrivateKey) error { - return priv.curve.ValidateEdDSA(priv.PublicKey.X, priv.D) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go deleted file mode 100644 index bad2774344..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go +++ /dev/null @@ -1,124 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package elgamal implements ElGamal encryption, suitable for OpenPGP, -// as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on -// Discrete Logarithms," IEEE Transactions on Information Theory, v. IT-31, -// n. 4, 1985, pp. 469-472. -// -// This form of ElGamal embeds PKCS#1 v1.5 padding, which may make it -// unsuitable for other protocols. RSA should be used in preference in any -// case. -package elgamal // import "github.com/ProtonMail/go-crypto/openpgp/elgamal" - -import ( - "crypto/rand" - "crypto/subtle" - "errors" - "io" - "math/big" -) - -// PublicKey represents an ElGamal public key. -type PublicKey struct { - G, P, Y *big.Int -} - -// PrivateKey represents an ElGamal private key. -type PrivateKey struct { - PublicKey - X *big.Int -} - -// Encrypt encrypts the given message to the given public key. The result is a -// pair of integers. Errors can result from reading random, or because msg is -// too large to be encrypted to the public key. -func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { - pLen := (pub.P.BitLen() + 7) / 8 - if len(msg) > pLen-11 { - err = errors.New("elgamal: message too long") - return - } - - // EM = 0x02 || PS || 0x00 || M - em := make([]byte, pLen-1) - em[0] = 2 - ps, mm := em[1:len(em)-len(msg)-1], em[len(em)-len(msg):] - err = nonZeroRandomBytes(ps, random) - if err != nil { - return - } - em[len(em)-len(msg)-1] = 0 - copy(mm, msg) - - m := new(big.Int).SetBytes(em) - - k, err := rand.Int(random, pub.P) - if err != nil { - return - } - - c1 = new(big.Int).Exp(pub.G, k, pub.P) - s := new(big.Int).Exp(pub.Y, k, pub.P) - c2 = s.Mul(s, m) - c2.Mod(c2, pub.P) - - return -} - -// Decrypt takes two integers, resulting from an ElGamal encryption, and -// returns the plaintext of the message. An error can result only if the -// ciphertext is invalid. Users should keep in mind that this is a padding -// oracle and thus, if exposed to an adaptive chosen ciphertext attack, can -// be used to break the cryptosystem. See “Chosen Ciphertext Attacks -// Against Protocols Based on the RSA Encryption Standard PKCS #1”, Daniel -// Bleichenbacher, Advances in Cryptology (Crypto '98), -func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { - s := new(big.Int).Exp(c1, priv.X, priv.P) - if s.ModInverse(s, priv.P) == nil { - return nil, errors.New("elgamal: invalid private key") - } - s.Mul(s, c2) - s.Mod(s, priv.P) - em := s.Bytes() - - firstByteIsTwo := subtle.ConstantTimeByteEq(em[0], 2) - - // The remainder of the plaintext must be a string of non-zero random - // octets, followed by a 0, followed by the message. - // lookingForIndex: 1 iff we are still looking for the zero. - // index: the offset of the first zero byte. - var lookingForIndex, index int - lookingForIndex = 1 - - for i := 1; i < len(em); i++ { - equals0 := subtle.ConstantTimeByteEq(em[i], 0) - index = subtle.ConstantTimeSelect(lookingForIndex&equals0, i, index) - lookingForIndex = subtle.ConstantTimeSelect(equals0, 0, lookingForIndex) - } - - if firstByteIsTwo != 1 || lookingForIndex != 0 || index < 9 { - return nil, errors.New("elgamal: decryption error") - } - return em[index+1:], nil -} - -// nonZeroRandomBytes fills the given slice with non-zero random octets. -func nonZeroRandomBytes(s []byte, rand io.Reader) (err error) { - _, err = io.ReadFull(rand, s) - if err != nil { - return - } - - for i := 0; i < len(s); i++ { - for s[i] == 0 { - _, err = io.ReadFull(rand, s[i:i+1]) - if err != nil { - return - } - } - } - - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go deleted file mode 100644 index e44b45734d..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go +++ /dev/null @@ -1,200 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package errors contains common error types for the OpenPGP packages. -package errors // import "github.com/ProtonMail/go-crypto/openpgp/errors" - -import ( - "fmt" - "strconv" -) - -var ( - // ErrDecryptSessionKeyParsing is a generic error message for parsing errors in decrypted data - // to reduce the risk of oracle attacks. - ErrDecryptSessionKeyParsing = DecryptWithSessionKeyError("parsing error") - // ErrAEADTagVerification is returned if one of the tag verifications in SEIPDv2 fails - ErrAEADTagVerification error = DecryptWithSessionKeyError("AEAD tag verification failed") - // ErrMDCHashMismatch - ErrMDCHashMismatch error = SignatureError("MDC hash mismatch") - // ErrMDCMissing - ErrMDCMissing error = SignatureError("MDC packet not found") -) - -// A StructuralError is returned when OpenPGP data is found to be syntactically -// invalid. -type StructuralError string - -func (s StructuralError) Error() string { - return "openpgp: invalid data: " + string(s) -} - -// A DecryptWithSessionKeyError is returned when a failure occurs when reading from symmetrically decrypted data or -// an authentication tag verification fails. -// Such an error indicates that the supplied session key is likely wrong or the data got corrupted. -type DecryptWithSessionKeyError string - -func (s DecryptWithSessionKeyError) Error() string { - return "openpgp: decryption with session key failed: " + string(s) -} - -// HandleSensitiveParsingError handles parsing errors when reading data from potentially decrypted data. -// The function makes parsing errors generic to reduce the risk of oracle attacks in SEIPDv1. -func HandleSensitiveParsingError(err error, decrypted bool) error { - if !decrypted { - // Data was not encrypted so we return the inner error. - return err - } - // The data is read from a stream that decrypts using a session key; - // therefore, we need to handle parsing errors appropriately. - // This is essential to mitigate the risk of oracle attacks. - if decError, ok := err.(*DecryptWithSessionKeyError); ok { - return decError - } - if decError, ok := err.(DecryptWithSessionKeyError); ok { - return decError - } - return ErrDecryptSessionKeyParsing -} - -// UnsupportedError indicates that, although the OpenPGP data is valid, it -// makes use of currently unimplemented features. -type UnsupportedError string - -func (s UnsupportedError) Error() string { - return "openpgp: unsupported feature: " + string(s) -} - -// InvalidArgumentError indicates that the caller is in error and passed an -// incorrect value. -type InvalidArgumentError string - -func (i InvalidArgumentError) Error() string { - return "openpgp: invalid argument: " + string(i) -} - -// SignatureError indicates that a syntactically valid signature failed to -// validate. -type SignatureError string - -func (b SignatureError) Error() string { - return "openpgp: invalid signature: " + string(b) -} - -type signatureExpiredError int - -func (se signatureExpiredError) Error() string { - return "openpgp: signature expired" -} - -var ErrSignatureExpired error = signatureExpiredError(0) - -type keyExpiredError int - -func (ke keyExpiredError) Error() string { - return "openpgp: key expired" -} - -var ErrSignatureOlderThanKey error = signatureOlderThanKeyError(0) - -type signatureOlderThanKeyError int - -func (ske signatureOlderThanKeyError) Error() string { - return "openpgp: signature is older than the key" -} - -var ErrKeyExpired error = keyExpiredError(0) - -type keyIncorrectError int - -func (ki keyIncorrectError) Error() string { - return "openpgp: incorrect key" -} - -var ErrKeyIncorrect error = keyIncorrectError(0) - -// KeyInvalidError indicates that the public key parameters are invalid -// as they do not match the private ones -type KeyInvalidError string - -func (e KeyInvalidError) Error() string { - return "openpgp: invalid key: " + string(e) -} - -type unknownIssuerError int - -func (unknownIssuerError) Error() string { - return "openpgp: signature made by unknown entity" -} - -var ErrUnknownIssuer error = unknownIssuerError(0) - -type keyRevokedError int - -func (keyRevokedError) Error() string { - return "openpgp: signature made by revoked key" -} - -var ErrKeyRevoked error = keyRevokedError(0) - -type WeakAlgorithmError string - -func (e WeakAlgorithmError) Error() string { - return "openpgp: weak algorithms are rejected: " + string(e) -} - -type UnknownPacketTypeError uint8 - -func (upte UnknownPacketTypeError) Error() string { - return "openpgp: unknown packet type: " + strconv.Itoa(int(upte)) -} - -type CriticalUnknownPacketTypeError uint8 - -func (upte CriticalUnknownPacketTypeError) Error() string { - return "openpgp: unknown critical packet type: " + strconv.Itoa(int(upte)) -} - -// AEADError indicates that there is a problem when initializing or using a -// AEAD instance, configuration struct, nonces or index values. -type AEADError string - -func (ae AEADError) Error() string { - return "openpgp: aead error: " + string(ae) -} - -// ErrDummyPrivateKey results when operations are attempted on a private key -// that is just a dummy key. See -// https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109 -type ErrDummyPrivateKey string - -func (dke ErrDummyPrivateKey) Error() string { - return "openpgp: s2k GNU dummy key: " + string(dke) -} - -// ErrMalformedMessage results when the packet sequence is incorrect -type ErrMalformedMessage string - -func (dke ErrMalformedMessage) Error() string { - return "openpgp: malformed message " + string(dke) -} - -// ErrEncryptionKeySelection is returned if encryption key selection fails (v2 API). -type ErrEncryptionKeySelection struct { - PrimaryKeyId string - PrimaryKeyErr error - EncSelectionKeyId *string - EncSelectionErr error -} - -func (eks ErrEncryptionKeySelection) Error() string { - prefix := fmt.Sprintf("openpgp: key selection for primary key %s:", eks.PrimaryKeyId) - if eks.PrimaryKeyErr != nil { - return fmt.Sprintf("%s invalid primary key: %s", prefix, eks.PrimaryKeyErr) - } - if eks.EncSelectionKeyId != nil { - return fmt.Sprintf("%s invalid encryption key %s: %s", prefix, *eks.EncSelectionKeyId, eks.EncSelectionErr) - } - return fmt.Sprintf("%s no encryption key: %s", prefix, eks.EncSelectionErr) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go deleted file mode 100644 index 526bd7777f..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go +++ /dev/null @@ -1,24 +0,0 @@ -package openpgp - -import ( - "crypto" - - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" -) - -// HashIdToHash returns a crypto.Hash which corresponds to the given OpenPGP -// hash id. -func HashIdToHash(id byte) (h crypto.Hash, ok bool) { - return algorithm.HashIdToHash(id) -} - -// HashIdToString returns the name of the hash function corresponding to the -// given OpenPGP hash id. -func HashIdToString(id byte) (name string, ok bool) { - return algorithm.HashIdToString(id) -} - -// HashToHashId returns an OpenPGP hash id which corresponds the given Hash. -func HashToHashId(h crypto.Hash) (id byte, ok bool) { - return algorithm.HashToHashId(h) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go deleted file mode 100644 index d067065186..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG - -package algorithm - -import ( - "crypto/cipher" - "github.com/ProtonMail/go-crypto/eax" - "github.com/ProtonMail/go-crypto/ocb" -) - -// AEADMode defines the Authenticated Encryption with Associated Data mode of -// operation. -type AEADMode uint8 - -// Supported modes of operation (see RFC4880bis [EAX] and RFC7253) -const ( - AEADModeEAX = AEADMode(1) - AEADModeOCB = AEADMode(2) - AEADModeGCM = AEADMode(3) -) - -// TagLength returns the length in bytes of authentication tags. -func (mode AEADMode) TagLength() int { - switch mode { - case AEADModeEAX: - return 16 - case AEADModeOCB: - return 16 - case AEADModeGCM: - return 16 - default: - return 0 - } -} - -// NonceLength returns the length in bytes of nonces. -func (mode AEADMode) NonceLength() int { - switch mode { - case AEADModeEAX: - return 16 - case AEADModeOCB: - return 15 - case AEADModeGCM: - return 12 - default: - return 0 - } -} - -// New returns a fresh instance of the given mode -func (mode AEADMode) New(block cipher.Block) (alg cipher.AEAD) { - var err error - switch mode { - case AEADModeEAX: - alg, err = eax.NewEAX(block) - case AEADModeOCB: - alg, err = ocb.NewOCB(block) - case AEADModeGCM: - alg, err = cipher.NewGCM(block) - } - if err != nil { - panic(err.Error()) - } - return alg -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go deleted file mode 100644 index c76a75bcda..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package algorithm - -import ( - "crypto/aes" - "crypto/cipher" - "crypto/des" - - "golang.org/x/crypto/cast5" -) - -// Cipher is an official symmetric key cipher algorithm. See RFC 4880, -// section 9.2. -type Cipher interface { - // Id returns the algorithm ID, as a byte, of the cipher. - Id() uint8 - // KeySize returns the key size, in bytes, of the cipher. - KeySize() int - // BlockSize returns the block size, in bytes, of the cipher. - BlockSize() int - // New returns a fresh instance of the given cipher. - New(key []byte) cipher.Block -} - -// The following constants mirror the OpenPGP standard (RFC 4880). -const ( - TripleDES = CipherFunction(2) - CAST5 = CipherFunction(3) - AES128 = CipherFunction(7) - AES192 = CipherFunction(8) - AES256 = CipherFunction(9) -) - -// CipherById represents the different block ciphers specified for OpenPGP. See -// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 -var CipherById = map[uint8]Cipher{ - TripleDES.Id(): TripleDES, - CAST5.Id(): CAST5, - AES128.Id(): AES128, - AES192.Id(): AES192, - AES256.Id(): AES256, -} - -type CipherFunction uint8 - -// ID returns the algorithm Id, as a byte, of cipher. -func (sk CipherFunction) Id() uint8 { - return uint8(sk) -} - -// KeySize returns the key size, in bytes, of cipher. -func (cipher CipherFunction) KeySize() int { - switch cipher { - case CAST5: - return cast5.KeySize - case AES128: - return 16 - case AES192, TripleDES: - return 24 - case AES256: - return 32 - } - return 0 -} - -// BlockSize returns the block size, in bytes, of cipher. -func (cipher CipherFunction) BlockSize() int { - switch cipher { - case TripleDES: - return des.BlockSize - case CAST5: - return 8 - case AES128, AES192, AES256: - return 16 - } - return 0 -} - -// New returns a fresh instance of the given cipher. -func (cipher CipherFunction) New(key []byte) (block cipher.Block) { - var err error - switch cipher { - case TripleDES: - block, err = des.NewTripleDESCipher(key) - case CAST5: - block, err = cast5.NewCipher(key) - case AES128, AES192, AES256: - block, err = aes.NewCipher(key) - } - if err != nil { - panic(err.Error()) - } - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go deleted file mode 100644 index d1a00fc749..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package algorithm - -import ( - "crypto" - "fmt" - "hash" -) - -// Hash is an official hash function algorithm. See RFC 4880, section 9.4. -type Hash interface { - // Id returns the algorithm ID, as a byte, of Hash. - Id() uint8 - // Available reports whether the given hash function is linked into the binary. - Available() bool - // HashFunc simply returns the value of h so that Hash implements SignerOpts. - HashFunc() crypto.Hash - // New returns a new hash.Hash calculating the given hash function. New - // panics if the hash function is not linked into the binary. - New() hash.Hash - // Size returns the length, in bytes, of a digest resulting from the given - // hash function. It doesn't require that the hash function in question be - // linked into the program. - Size() int - // String is the name of the hash function corresponding to the given - // OpenPGP hash id. - String() string -} - -// The following vars mirror the crypto/Hash supported hash functions. -var ( - SHA1 Hash = cryptoHash{2, crypto.SHA1} - SHA256 Hash = cryptoHash{8, crypto.SHA256} - SHA384 Hash = cryptoHash{9, crypto.SHA384} - SHA512 Hash = cryptoHash{10, crypto.SHA512} - SHA224 Hash = cryptoHash{11, crypto.SHA224} - SHA3_256 Hash = cryptoHash{12, crypto.SHA3_256} - SHA3_512 Hash = cryptoHash{14, crypto.SHA3_512} -) - -// HashById represents the different hash functions specified for OpenPGP. See -// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-14 -var ( - HashById = map[uint8]Hash{ - SHA256.Id(): SHA256, - SHA384.Id(): SHA384, - SHA512.Id(): SHA512, - SHA224.Id(): SHA224, - SHA3_256.Id(): SHA3_256, - SHA3_512.Id(): SHA3_512, - } -) - -// cryptoHash contains pairs relating OpenPGP's hash identifier with -// Go's crypto.Hash type. See RFC 4880, section 9.4. -type cryptoHash struct { - id uint8 - crypto.Hash -} - -// Id returns the algorithm ID, as a byte, of cryptoHash. -func (h cryptoHash) Id() uint8 { - return h.id -} - -var hashNames = map[uint8]string{ - SHA256.Id(): "SHA256", - SHA384.Id(): "SHA384", - SHA512.Id(): "SHA512", - SHA224.Id(): "SHA224", - SHA3_256.Id(): "SHA3-256", - SHA3_512.Id(): "SHA3-512", -} - -func (h cryptoHash) String() string { - s, ok := hashNames[h.id] - if !ok { - panic(fmt.Sprintf("Unsupported hash function %d", h.id)) - } - return s -} - -// HashIdToHash returns a crypto.Hash which corresponds to the given OpenPGP -// hash id. -func HashIdToHash(id byte) (h crypto.Hash, ok bool) { - if hash, ok := HashById[id]; ok { - return hash.HashFunc(), true - } - return 0, false -} - -// HashIdToHashWithSha1 returns a crypto.Hash which corresponds to the given OpenPGP -// hash id, allowing sha1. -func HashIdToHashWithSha1(id byte) (h crypto.Hash, ok bool) { - if hash, ok := HashById[id]; ok { - return hash.HashFunc(), true - } - - if id == SHA1.Id() { - return SHA1.HashFunc(), true - } - - return 0, false -} - -// HashIdToString returns the name of the hash function corresponding to the -// given OpenPGP hash id. -func HashIdToString(id byte) (name string, ok bool) { - if hash, ok := HashById[id]; ok { - return hash.String(), true - } - return "", false -} - -// HashToHashId returns an OpenPGP hash id which corresponds the given Hash. -func HashToHashId(h crypto.Hash) (id byte, ok bool) { - for id, hash := range HashById { - if hash.HashFunc() == h { - return id, true - } - } - - return 0, false -} - -// HashToHashIdWithSha1 returns an OpenPGP hash id which corresponds the given Hash, -// allowing instances of SHA1 -func HashToHashIdWithSha1(h crypto.Hash) (id byte, ok bool) { - for id, hash := range HashById { - if hash.HashFunc() == h { - return id, true - } - } - - if h == SHA1.HashFunc() { - return SHA1.Id(), true - } - - return 0, false -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go deleted file mode 100644 index 888767c4e4..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go +++ /dev/null @@ -1,171 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - x25519lib "github.com/cloudflare/circl/dh/x25519" -) - -type curve25519 struct{} - -func NewCurve25519() *curve25519 { - return &curve25519{} -} - -func (c *curve25519) GetCurveName() string { - return "curve25519" -} - -// MarshalBytePoint encodes the public point from native format, adding the prefix. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6 -func (c *curve25519) MarshalBytePoint(point []byte) []byte { - return append([]byte{0x40}, point...) -} - -// UnmarshalBytePoint decodes the public point to native format, removing the prefix. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6 -func (c *curve25519) UnmarshalBytePoint(point []byte) []byte { - if len(point) != x25519lib.Size+1 { - return nil - } - - // Remove prefix - return point[1:] -} - -// MarshalByteSecret encodes the secret scalar from native format. -// Note that the EC secret scalar differs from the definition of public keys in -// [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is -// more uniform with how big integers are represented in OpenPGP, and (2) the -// leading zeros are truncated. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.1 -// Note that leading zero bytes are stripped later when encoding as an MPI. -func (c *curve25519) MarshalByteSecret(secret []byte) []byte { - d := make([]byte, x25519lib.Size) - copyReversed(d, secret) - - // The following ensures that the private key is a number of the form - // 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of - // the curve. - // - // This masking is done internally in the underlying lib and so is unnecessary - // for security, but OpenPGP implementations require that private keys be - // pre-masked. - d[0] &= 127 - d[0] |= 64 - d[31] &= 248 - - return d -} - -// UnmarshalByteSecret decodes the secret scalar from native format. -// Note that the EC secret scalar differs from the definition of public keys in -// [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is -// more uniform with how big integers are represented in OpenPGP, and (2) the -// leading zeros are truncated. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.1 -func (c *curve25519) UnmarshalByteSecret(d []byte) []byte { - if len(d) > x25519lib.Size { - return nil - } - - // Ensure truncated leading bytes are re-added - secret := make([]byte, x25519lib.Size) - copyReversed(secret, d) - - return secret -} - -// generateKeyPairBytes Generates a private-public key-pair. -// 'priv' is a private key; a little-endian scalar belonging to the set -// 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of the -// curve. 'pub' is simply 'priv' * G where G is the base point. -// See https://cr.yp.to/ecdh.html and RFC7748, sec 5. -func (c *curve25519) generateKeyPairBytes(rand io.Reader) (priv, pub x25519lib.Key, err error) { - _, err = io.ReadFull(rand, priv[:]) - if err != nil { - return - } - - x25519lib.KeyGen(&pub, &priv) - return -} - -func (c *curve25519) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) { - priv, pub, err := c.generateKeyPairBytes(rand) - if err != nil { - return - } - - return pub[:], priv[:], nil -} - -func (c *genericCurve) MaskSecret(secret []byte) []byte { - return secret -} - -func (c *curve25519) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) { - // RFC6637 §8: "Generate an ephemeral key pair {v, V=vG}" - // ephemeralPrivate corresponds to `v`. - // ephemeralPublic corresponds to `V`. - ephemeralPrivate, ephemeralPublic, err := c.generateKeyPairBytes(rand) - if err != nil { - return nil, nil, err - } - - // RFC6637 §8: "Obtain the authenticated recipient public key R" - // pubKey corresponds to `R`. - var pubKey x25519lib.Key - copy(pubKey[:], point) - - // RFC6637 §8: "Compute the shared point S = vR" - // "VB = convert point V to the octet string" - // sharedPoint corresponds to `VB`. - var sharedPoint x25519lib.Key - x25519lib.Shared(&sharedPoint, &ephemeralPrivate, &pubKey) - - return ephemeralPublic[:], sharedPoint[:], nil -} - -func (c *curve25519) Decaps(vsG, secret []byte) (sharedSecret []byte, err error) { - var ephemeralPublic, decodedPrivate, sharedPoint x25519lib.Key - // RFC6637 §8: "The decryption is the inverse of the method given." - // All quoted descriptions in comments below describe encryption, and - // the reverse is performed. - // vsG corresponds to `VB` in RFC6637 §8 . - - // RFC6637 §8: "VB = convert point V to the octet string" - copy(ephemeralPublic[:], vsG) - - // decodedPrivate corresponds to `r` in RFC6637 §8 . - copy(decodedPrivate[:], secret) - - // RFC6637 §8: "Note that the recipient obtains the shared secret by calculating - // S = rV = rvG, where (r,R) is the recipient's key pair." - // sharedPoint corresponds to `S`. - x25519lib.Shared(&sharedPoint, &decodedPrivate, &ephemeralPublic) - - return sharedPoint[:], nil -} - -func (c *curve25519) ValidateECDH(point []byte, secret []byte) (err error) { - var pk, sk x25519lib.Key - copy(sk[:], secret) - x25519lib.KeyGen(&pk, &sk) - - if subtle.ConstantTimeCompare(point, pk[:]) == 0 { - return errors.KeyInvalidError("ecc: invalid curve25519 public point") - } - - return nil -} - -func copyReversed(out []byte, in []byte) { - l := len(in) - for i := 0; i < l; i++ { - out[i] = in[l-i-1] - } -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go deleted file mode 100644 index 0da2d0d852..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go +++ /dev/null @@ -1,143 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "bytes" - "crypto/elliptic" - - "github.com/ProtonMail/go-crypto/bitcurves" - "github.com/ProtonMail/go-crypto/brainpool" - "github.com/ProtonMail/go-crypto/openpgp/internal/encoding" -) - -const Curve25519GenName = "Curve25519" - -type CurveInfo struct { - GenName string - Oid *encoding.OID - Curve Curve -} - -var Curves = []CurveInfo{ - { - // NIST P-256 - GenName: "P256", - Oid: encoding.NewOID([]byte{0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}), - Curve: NewGenericCurve(elliptic.P256()), - }, - { - // NIST P-384 - GenName: "P384", - Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x22}), - Curve: NewGenericCurve(elliptic.P384()), - }, - { - // NIST P-521 - GenName: "P521", - Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x23}), - Curve: NewGenericCurve(elliptic.P521()), - }, - { - // SecP256k1 - GenName: "SecP256k1", - Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x0A}), - Curve: NewGenericCurve(bitcurves.S256()), - }, - { - // Curve25519 - GenName: Curve25519GenName, - Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01}), - Curve: NewCurve25519(), - }, - { - // x448 - GenName: "Curve448", - Oid: encoding.NewOID([]byte{0x2B, 0x65, 0x6F}), - Curve: NewX448(), - }, - { - // Ed25519 - GenName: Curve25519GenName, - Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01}), - Curve: NewEd25519(), - }, - { - // Ed448 - GenName: "Curve448", - Oid: encoding.NewOID([]byte{0x2B, 0x65, 0x71}), - Curve: NewEd448(), - }, - { - // BrainpoolP256r1 - GenName: "BrainpoolP256", - Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}), - Curve: NewGenericCurve(brainpool.P256r1()), - }, - { - // BrainpoolP384r1 - GenName: "BrainpoolP384", - Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B}), - Curve: NewGenericCurve(brainpool.P384r1()), - }, - { - // BrainpoolP512r1 - GenName: "BrainpoolP512", - Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D}), - Curve: NewGenericCurve(brainpool.P512r1()), - }, -} - -func FindByCurve(curve Curve) *CurveInfo { - for _, curveInfo := range Curves { - if curveInfo.Curve.GetCurveName() == curve.GetCurveName() { - return &curveInfo - } - } - return nil -} - -func FindByOid(oid encoding.Field) *CurveInfo { - var rawBytes = oid.Bytes() - for _, curveInfo := range Curves { - if bytes.Equal(curveInfo.Oid.Bytes(), rawBytes) { - return &curveInfo - } - } - return nil -} - -func FindEdDSAByGenName(curveGenName string) EdDSACurve { - for _, curveInfo := range Curves { - if curveInfo.GenName == curveGenName { - curve, ok := curveInfo.Curve.(EdDSACurve) - if ok { - return curve - } - } - } - return nil -} - -func FindECDSAByGenName(curveGenName string) ECDSACurve { - for _, curveInfo := range Curves { - if curveInfo.GenName == curveGenName { - curve, ok := curveInfo.Curve.(ECDSACurve) - if ok { - return curve - } - } - } - return nil -} - -func FindECDHByGenName(curveGenName string) ECDHCurve { - for _, curveInfo := range Curves { - if curveInfo.GenName == curveGenName { - curve, ok := curveInfo.Curve.(ECDHCurve) - if ok { - return curve - } - } - } - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go deleted file mode 100644 index 5ed9c93b3d..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go +++ /dev/null @@ -1,48 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "io" - "math/big" -) - -type Curve interface { - GetCurveName() string -} - -type ECDSACurve interface { - Curve - MarshalIntegerPoint(x, y *big.Int) []byte - UnmarshalIntegerPoint([]byte) (x, y *big.Int) - MarshalIntegerSecret(d *big.Int) []byte - UnmarshalIntegerSecret(d []byte) *big.Int - GenerateECDSA(rand io.Reader) (x, y, secret *big.Int, err error) - Sign(rand io.Reader, x, y, d *big.Int, hash []byte) (r, s *big.Int, err error) - Verify(x, y *big.Int, hash []byte, r, s *big.Int) bool - ValidateECDSA(x, y *big.Int, secret []byte) error -} - -type EdDSACurve interface { - Curve - MarshalBytePoint(x []byte) []byte - UnmarshalBytePoint([]byte) (x []byte) - MarshalByteSecret(d []byte) []byte - UnmarshalByteSecret(d []byte) []byte - MarshalSignature(sig []byte) (r, s []byte) - UnmarshalSignature(r, s []byte) (sig []byte) - GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) - Sign(publicKey, privateKey, message []byte) (sig []byte, err error) - Verify(publicKey, message, sig []byte) bool - ValidateEdDSA(publicKey, privateKey []byte) (err error) -} -type ECDHCurve interface { - Curve - MarshalBytePoint([]byte) (encoded []byte) - UnmarshalBytePoint(encoded []byte) []byte - MarshalByteSecret(d []byte) []byte - UnmarshalByteSecret(d []byte) []byte - GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) - Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) - Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) - ValidateECDH(public []byte, secret []byte) error -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go deleted file mode 100644 index 5a4c3a8596..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go +++ /dev/null @@ -1,120 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "bytes" - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - ed25519lib "github.com/cloudflare/circl/sign/ed25519" -) - -const ed25519Size = 32 - -type ed25519 struct{} - -func NewEd25519() *ed25519 { - return &ed25519{} -} - -func (c *ed25519) GetCurveName() string { - return "ed25519" -} - -// MarshalBytePoint encodes the public point from native format, adding the prefix. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed25519) MarshalBytePoint(x []byte) []byte { - return append([]byte{0x40}, x...) -} - -// UnmarshalBytePoint decodes a point from prefixed format to native. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed25519) UnmarshalBytePoint(point []byte) (x []byte) { - if len(point) != ed25519lib.PublicKeySize+1 { - return nil - } - - // Return unprefixed - return point[1:] -} - -// MarshalByteSecret encodes a scalar in native format. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed25519) MarshalByteSecret(d []byte) []byte { - return d -} - -// UnmarshalByteSecret decodes a scalar in native format and re-adds the stripped leading zeroes -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed25519) UnmarshalByteSecret(s []byte) (d []byte) { - if len(s) > ed25519lib.SeedSize { - return nil - } - - // Handle stripped leading zeroes - d = make([]byte, ed25519lib.SeedSize) - copy(d[ed25519lib.SeedSize-len(s):], s) - return -} - -// MarshalSignature splits a signature in R and S. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1 -func (c *ed25519) MarshalSignature(sig []byte) (r, s []byte) { - return sig[:ed25519Size], sig[ed25519Size:] -} - -// UnmarshalSignature decodes R and S in the native format, re-adding the stripped leading zeroes -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1 -func (c *ed25519) UnmarshalSignature(r, s []byte) (sig []byte) { - // Check size - if len(r) > 32 || len(s) > 32 { - return nil - } - - sig = make([]byte, ed25519lib.SignatureSize) - - // Handle stripped leading zeroes - copy(sig[ed25519Size-len(r):ed25519Size], r) - copy(sig[ed25519lib.SignatureSize-len(s):], s) - return sig -} - -func (c *ed25519) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) { - pk, sk, err := ed25519lib.GenerateKey(rand) - - if err != nil { - return nil, nil, err - } - - return pk, sk[:ed25519lib.SeedSize], nil -} - -func getEd25519Sk(publicKey, privateKey []byte) ed25519lib.PrivateKey { - privateKeyCap, privateKeyLen, publicKeyLen := cap(privateKey), len(privateKey), len(publicKey) - - if privateKeyCap >= privateKeyLen+publicKeyLen && - bytes.Equal(privateKey[privateKeyLen:privateKeyLen+publicKeyLen], publicKey) { - return privateKey[:privateKeyLen+publicKeyLen] - } - - return append(privateKey[:privateKeyLen:privateKeyLen], publicKey...) -} - -func (c *ed25519) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) { - sig = ed25519lib.Sign(getEd25519Sk(publicKey, privateKey), message) - return sig, nil -} - -func (c *ed25519) Verify(publicKey, message, sig []byte) bool { - return ed25519lib.Verify(publicKey, message, sig) -} - -func (c *ed25519) ValidateEdDSA(publicKey, privateKey []byte) (err error) { - priv := getEd25519Sk(publicKey, privateKey) - expectedPriv := ed25519lib.NewKeyFromSeed(priv.Seed()) - if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 { - return errors.KeyInvalidError("ecc: invalid ed25519 secret") - } - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go deleted file mode 100644 index b6edda7480..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go +++ /dev/null @@ -1,119 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "bytes" - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - ed448lib "github.com/cloudflare/circl/sign/ed448" -) - -type ed448 struct{} - -func NewEd448() *ed448 { - return &ed448{} -} - -func (c *ed448) GetCurveName() string { - return "ed448" -} - -// MarshalBytePoint encodes the public point from native format, adding the prefix. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed448) MarshalBytePoint(x []byte) []byte { - // Return prefixed - return append([]byte{0x40}, x...) -} - -// UnmarshalBytePoint decodes a point from prefixed format to native. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed448) UnmarshalBytePoint(point []byte) (x []byte) { - if len(point) != ed448lib.PublicKeySize+1 { - return nil - } - - // Strip prefix - return point[1:] -} - -// MarshalByteSecret encoded a scalar from native format to prefixed. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed448) MarshalByteSecret(d []byte) []byte { - // Return prefixed - return append([]byte{0x40}, d...) -} - -// UnmarshalByteSecret decodes a scalar from prefixed format to native. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5 -func (c *ed448) UnmarshalByteSecret(s []byte) (d []byte) { - // Check prefixed size - if len(s) != ed448lib.SeedSize+1 { - return nil - } - - // Strip prefix - return s[1:] -} - -// MarshalSignature splits a signature in R and S, where R is in prefixed native format and -// S is an MPI with value zero. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.2 -func (c *ed448) MarshalSignature(sig []byte) (r, s []byte) { - return append([]byte{0x40}, sig...), []byte{} -} - -// UnmarshalSignature decodes R and S in the native format. Only R is used, in prefixed native format. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.2 -func (c *ed448) UnmarshalSignature(r, s []byte) (sig []byte) { - if len(r) != ed448lib.SignatureSize+1 { - return nil - } - - return r[1:] -} - -func (c *ed448) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) { - pk, sk, err := ed448lib.GenerateKey(rand) - - if err != nil { - return nil, nil, err - } - - return pk, sk[:ed448lib.SeedSize], nil -} - -func getEd448Sk(publicKey, privateKey []byte) ed448lib.PrivateKey { - privateKeyCap, privateKeyLen, publicKeyLen := cap(privateKey), len(privateKey), len(publicKey) - - if privateKeyCap >= privateKeyLen+publicKeyLen && - bytes.Equal(privateKey[privateKeyLen:privateKeyLen+publicKeyLen], publicKey) { - return privateKey[:privateKeyLen+publicKeyLen] - } - - return append(privateKey[:privateKeyLen:privateKeyLen], publicKey...) -} - -func (c *ed448) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) { - // Ed448 is used with the empty string as a context string. - // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7 - sig = ed448lib.Sign(getEd448Sk(publicKey, privateKey), message, "") - - return sig, nil -} - -func (c *ed448) Verify(publicKey, message, sig []byte) bool { - // Ed448 is used with the empty string as a context string. - // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7 - return ed448lib.Verify(publicKey, message, sig, "") -} - -func (c *ed448) ValidateEdDSA(publicKey, privateKey []byte) (err error) { - priv := getEd448Sk(publicKey, privateKey) - expectedPriv := ed448lib.NewKeyFromSeed(priv.Seed()) - if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 { - return errors.KeyInvalidError("ecc: invalid ed448 secret") - } - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go deleted file mode 100644 index e28d7c7106..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go +++ /dev/null @@ -1,149 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "crypto/ecdsa" - "crypto/elliptic" - "fmt" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "io" - "math/big" -) - -type genericCurve struct { - Curve elliptic.Curve -} - -func NewGenericCurve(c elliptic.Curve) *genericCurve { - return &genericCurve{ - Curve: c, - } -} - -func (c *genericCurve) GetCurveName() string { - return c.Curve.Params().Name -} - -func (c *genericCurve) MarshalBytePoint(point []byte) []byte { - return point -} - -func (c *genericCurve) UnmarshalBytePoint(point []byte) []byte { - return point -} - -func (c *genericCurve) MarshalIntegerPoint(x, y *big.Int) []byte { - return elliptic.Marshal(c.Curve, x, y) -} - -func (c *genericCurve) UnmarshalIntegerPoint(point []byte) (x, y *big.Int) { - return elliptic.Unmarshal(c.Curve, point) -} - -func (c *genericCurve) MarshalByteSecret(d []byte) []byte { - return d -} - -func (c *genericCurve) UnmarshalByteSecret(d []byte) []byte { - return d -} - -func (c *genericCurve) MarshalIntegerSecret(d *big.Int) []byte { - return d.Bytes() -} - -func (c *genericCurve) UnmarshalIntegerSecret(d []byte) *big.Int { - return new(big.Int).SetBytes(d) -} - -func (c *genericCurve) GenerateECDH(rand io.Reader) (point, secret []byte, err error) { - secret, x, y, err := elliptic.GenerateKey(c.Curve, rand) - if err != nil { - return nil, nil, err - } - - point = elliptic.Marshal(c.Curve, x, y) - return point, secret, nil -} - -func (c *genericCurve) GenerateECDSA(rand io.Reader) (x, y, secret *big.Int, err error) { - priv, err := ecdsa.GenerateKey(c.Curve, rand) - if err != nil { - return - } - - return priv.X, priv.Y, priv.D, nil -} - -func (c *genericCurve) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) { - xP, yP := elliptic.Unmarshal(c.Curve, point) - if xP == nil { - panic("invalid point") - } - - d, x, y, err := elliptic.GenerateKey(c.Curve, rand) - if err != nil { - return nil, nil, err - } - - vsG := elliptic.Marshal(c.Curve, x, y) - zbBig, _ := c.Curve.ScalarMult(xP, yP, d) - - byteLen := (c.Curve.Params().BitSize + 7) >> 3 - zb := make([]byte, byteLen) - zbBytes := zbBig.Bytes() - copy(zb[byteLen-len(zbBytes):], zbBytes) - - return vsG, zb, nil -} - -func (c *genericCurve) Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) { - x, y := elliptic.Unmarshal(c.Curve, ephemeral) - zbBig, _ := c.Curve.ScalarMult(x, y, secret) - byteLen := (c.Curve.Params().BitSize + 7) >> 3 - zb := make([]byte, byteLen) - zbBytes := zbBig.Bytes() - copy(zb[byteLen-len(zbBytes):], zbBytes) - - return zb, nil -} - -func (c *genericCurve) Sign(rand io.Reader, x, y, d *big.Int, hash []byte) (r, s *big.Int, err error) { - priv := &ecdsa.PrivateKey{D: d, PublicKey: ecdsa.PublicKey{X: x, Y: y, Curve: c.Curve}} - return ecdsa.Sign(rand, priv, hash) -} - -func (c *genericCurve) Verify(x, y *big.Int, hash []byte, r, s *big.Int) bool { - pub := &ecdsa.PublicKey{X: x, Y: y, Curve: c.Curve} - return ecdsa.Verify(pub, hash, r, s) -} - -func (c *genericCurve) validate(xP, yP *big.Int, secret []byte) error { - // the public point should not be at infinity (0,0) - zero := new(big.Int) - if xP.Cmp(zero) == 0 && yP.Cmp(zero) == 0 { - return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): infinity point", c.Curve.Params().Name)) - } - - // re-derive the public point Q' = (X,Y) = dG - // to compare to declared Q in public key - expectedX, expectedY := c.Curve.ScalarBaseMult(secret) - if xP.Cmp(expectedX) != 0 || yP.Cmp(expectedY) != 0 { - return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): invalid point", c.Curve.Params().Name)) - } - - return nil -} - -func (c *genericCurve) ValidateECDSA(xP, yP *big.Int, secret []byte) error { - return c.validate(xP, yP, secret) -} - -func (c *genericCurve) ValidateECDH(point []byte, secret []byte) error { - xP, yP := elliptic.Unmarshal(c.Curve, point) - if xP == nil { - return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): invalid point", c.Curve.Params().Name)) - } - - return c.validate(xP, yP, secret) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go deleted file mode 100644 index df04262e9e..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go +++ /dev/null @@ -1,107 +0,0 @@ -// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA. -package ecc - -import ( - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - x448lib "github.com/cloudflare/circl/dh/x448" -) - -type x448 struct{} - -func NewX448() *x448 { - return &x448{} -} - -func (c *x448) GetCurveName() string { - return "x448" -} - -// MarshalBytePoint encodes the public point from native format, adding the prefix. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6 -func (c *x448) MarshalBytePoint(point []byte) []byte { - return append([]byte{0x40}, point...) -} - -// UnmarshalBytePoint decodes a point from prefixed format to native. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6 -func (c *x448) UnmarshalBytePoint(point []byte) []byte { - if len(point) != x448lib.Size+1 { - return nil - } - - return point[1:] -} - -// MarshalByteSecret encoded a scalar from native format to prefixed. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.2 -func (c *x448) MarshalByteSecret(d []byte) []byte { - return append([]byte{0x40}, d...) -} - -// UnmarshalByteSecret decodes a scalar from prefixed format to native. -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.2 -func (c *x448) UnmarshalByteSecret(d []byte) []byte { - if len(d) != x448lib.Size+1 { - return nil - } - - // Store without prefix - return d[1:] -} - -func (c *x448) generateKeyPairBytes(rand io.Reader) (sk, pk x448lib.Key, err error) { - if _, err = rand.Read(sk[:]); err != nil { - return - } - - x448lib.KeyGen(&pk, &sk) - return -} - -func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) { - priv, pub, err := c.generateKeyPairBytes(rand) - if err != nil { - return - } - - return pub[:], priv[:], nil -} - -func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) { - var pk, ss x448lib.Key - seed, e, err := c.generateKeyPairBytes(rand) - if err != nil { - return nil, nil, err - } - copy(pk[:], point) - x448lib.Shared(&ss, &seed, &pk) - - return e[:], ss[:], nil -} - -func (c *x448) Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) { - var ss, sk, e x448lib.Key - - copy(sk[:], secret) - copy(e[:], ephemeral) - x448lib.Shared(&ss, &sk, &e) - - return ss[:], nil -} - -func (c *x448) ValidateECDH(point []byte, secret []byte) error { - var sk, pk, expectedPk x448lib.Key - - copy(pk[:], point) - copy(sk[:], secret) - x448lib.KeyGen(&expectedPk, &sk) - - if subtle.ConstantTimeCompare(expectedPk[:], pk[:]) == 0 { - return errors.KeyInvalidError("ecc: invalid curve25519 public point") - } - - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go deleted file mode 100644 index 6c921481b7..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package encoding implements openpgp packet field encodings as specified in -// RFC 4880 and 6637. -package encoding - -import "io" - -// Field is an encoded field of an openpgp packet. -type Field interface { - // Bytes returns the decoded data. - Bytes() []byte - - // BitLength is the size in bits of the decoded data. - BitLength() uint16 - - // EncodedBytes returns the encoded data. - EncodedBytes() []byte - - // EncodedLength is the size in bytes of the encoded data. - EncodedLength() uint16 - - // ReadFrom reads the next Field from r. - ReadFrom(r io.Reader) (int64, error) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go deleted file mode 100644 index 02e5e695c3..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go +++ /dev/null @@ -1,91 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package encoding - -import ( - "io" - "math/big" - "math/bits" -) - -// An MPI is used to store the contents of a big integer, along with the bit -// length that was specified in the original input. This allows the MPI to be -// reserialized exactly. -type MPI struct { - bytes []byte - bitLength uint16 -} - -// NewMPI returns a MPI initialized with bytes. -func NewMPI(bytes []byte) *MPI { - for len(bytes) != 0 && bytes[0] == 0 { - bytes = bytes[1:] - } - if len(bytes) == 0 { - bitLength := uint16(0) - return &MPI{bytes, bitLength} - } - bitLength := 8*uint16(len(bytes)-1) + uint16(bits.Len8(bytes[0])) - return &MPI{bytes, bitLength} -} - -// Bytes returns the decoded data. -func (m *MPI) Bytes() []byte { - return m.bytes -} - -// BitLength is the size in bits of the decoded data. -func (m *MPI) BitLength() uint16 { - return m.bitLength -} - -// EncodedBytes returns the encoded data. -func (m *MPI) EncodedBytes() []byte { - return append([]byte{byte(m.bitLength >> 8), byte(m.bitLength)}, m.bytes...) -} - -// EncodedLength is the size in bytes of the encoded data. -func (m *MPI) EncodedLength() uint16 { - return uint16(2 + len(m.bytes)) -} - -// ReadFrom reads into m the next MPI from r. -func (m *MPI) ReadFrom(r io.Reader) (int64, error) { - var buf [2]byte - n, err := io.ReadFull(r, buf[0:]) - if err != nil { - if err == io.EOF { - err = io.ErrUnexpectedEOF - } - return int64(n), err - } - - m.bitLength = uint16(buf[0])<<8 | uint16(buf[1]) - m.bytes = make([]byte, (int(m.bitLength)+7)/8) - - nn, err := io.ReadFull(r, m.bytes) - if err == io.EOF { - err = io.ErrUnexpectedEOF - } - - // remove leading zero bytes from malformed GnuPG encoded MPIs: - // https://bugs.gnupg.org/gnupg/issue1853 - // for _, b := range m.bytes { - // if b != 0 { - // break - // } - // m.bytes = m.bytes[1:] - // m.bitLength -= 8 - // } - - return int64(n) + int64(nn), err -} - -// SetBig initializes m with the bits from n. -func (m *MPI) SetBig(n *big.Int) *MPI { - m.bytes = n.Bytes() - m.bitLength = uint16(n.BitLen()) - return m -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go deleted file mode 100644 index c9df9fe232..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go +++ /dev/null @@ -1,88 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package encoding - -import ( - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// OID is used to store a variable-length field with a one-octet size -// prefix. See https://tools.ietf.org/html/rfc6637#section-9. -type OID struct { - bytes []byte -} - -const ( - // maxOID is the maximum number of bytes in a OID. - maxOID = 254 - // reservedOIDLength1 and reservedOIDLength2 are OID lengths that the RFC - // specifies are reserved. - reservedOIDLength1 = 0 - reservedOIDLength2 = 0xff -) - -// NewOID returns a OID initialized with bytes. -func NewOID(bytes []byte) *OID { - switch len(bytes) { - case reservedOIDLength1, reservedOIDLength2: - panic("encoding: NewOID argument length is reserved") - default: - if len(bytes) > maxOID { - panic("encoding: NewOID argument too large") - } - } - - return &OID{ - bytes: bytes, - } -} - -// Bytes returns the decoded data. -func (o *OID) Bytes() []byte { - return o.bytes -} - -// BitLength is the size in bits of the decoded data. -func (o *OID) BitLength() uint16 { - return uint16(len(o.bytes) * 8) -} - -// EncodedBytes returns the encoded data. -func (o *OID) EncodedBytes() []byte { - return append([]byte{byte(len(o.bytes))}, o.bytes...) -} - -// EncodedLength is the size in bytes of the encoded data. -func (o *OID) EncodedLength() uint16 { - return uint16(1 + len(o.bytes)) -} - -// ReadFrom reads into b the next OID from r. -func (o *OID) ReadFrom(r io.Reader) (int64, error) { - var buf [1]byte - n, err := io.ReadFull(r, buf[:]) - if err != nil { - if err == io.EOF { - err = io.ErrUnexpectedEOF - } - return int64(n), err - } - - switch buf[0] { - case reservedOIDLength1, reservedOIDLength2: - return int64(n), errors.UnsupportedError("reserved for future extensions") - } - - o.bytes = make([]byte, buf[0]) - - nn, err := io.ReadFull(r, o.bytes) - if err == io.EOF { - err = io.ErrUnexpectedEOF - } - - return int64(n) + int64(nn), err -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go deleted file mode 100644 index 77213f66be..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go +++ /dev/null @@ -1,456 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package openpgp - -import ( - "crypto" - "crypto/rand" - "crypto/rsa" - goerrors "errors" - "io" - "math/big" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/ecdh" - "github.com/ProtonMail/go-crypto/openpgp/ecdsa" - "github.com/ProtonMail/go-crypto/openpgp/ed25519" - "github.com/ProtonMail/go-crypto/openpgp/ed448" - "github.com/ProtonMail/go-crypto/openpgp/eddsa" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/internal/ecc" - "github.com/ProtonMail/go-crypto/openpgp/packet" - "github.com/ProtonMail/go-crypto/openpgp/x25519" - "github.com/ProtonMail/go-crypto/openpgp/x448" -) - -// NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a -// single identity composed of the given full name, comment and email, any of -// which may be empty but must not contain any of "()<>\x00". -// If config is nil, sensible defaults will be used. -func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) { - creationTime := config.Now() - keyLifetimeSecs := config.KeyLifetime() - - // Generate a primary signing key - primaryPrivRaw, err := newSigner(config) - if err != nil { - return nil, err - } - primary := packet.NewSignerPrivateKey(creationTime, primaryPrivRaw) - if config.V6() { - if err := primary.UpgradeToV6(); err != nil { - return nil, err - } - } - - e := &Entity{ - PrimaryKey: &primary.PublicKey, - PrivateKey: primary, - Identities: make(map[string]*Identity), - Subkeys: []Subkey{}, - Signatures: []*packet.Signature{}, - } - - if config.V6() { - // In v6 keys algorithm preferences should be stored in direct key signatures - selfSignature := createSignaturePacket(&primary.PublicKey, packet.SigTypeDirectSignature, config) - err = writeKeyProperties(selfSignature, creationTime, keyLifetimeSecs, config) - if err != nil { - return nil, err - } - err = selfSignature.SignDirectKeyBinding(&primary.PublicKey, primary, config) - if err != nil { - return nil, err - } - e.Signatures = append(e.Signatures, selfSignature) - e.SelfSignature = selfSignature - } - - err = e.addUserId(name, comment, email, config, creationTime, keyLifetimeSecs, !config.V6()) - if err != nil { - return nil, err - } - - // NOTE: No key expiry here, but we will not return this subkey in EncryptionKey() - // if the primary/master key has expired. - err = e.addEncryptionSubkey(config, creationTime, 0) - if err != nil { - return nil, err - } - - return e, nil -} - -func (t *Entity) AddUserId(name, comment, email string, config *packet.Config) error { - creationTime := config.Now() - keyLifetimeSecs := config.KeyLifetime() - return t.addUserId(name, comment, email, config, creationTime, keyLifetimeSecs, !config.V6()) -} - -func writeKeyProperties(selfSignature *packet.Signature, creationTime time.Time, keyLifetimeSecs uint32, config *packet.Config) error { - advertiseAead := config.AEAD() != nil - - selfSignature.CreationTime = creationTime - selfSignature.KeyLifetimeSecs = &keyLifetimeSecs - selfSignature.FlagsValid = true - selfSignature.FlagSign = true - selfSignature.FlagCertify = true - selfSignature.SEIPDv1 = true // true by default, see 5.8 vs. 5.14 - selfSignature.SEIPDv2 = advertiseAead - - // Set the PreferredHash for the SelfSignature from the packet.Config. - // If it is not the must-implement algorithm from rfc4880bis, append that. - hash, ok := algorithm.HashToHashId(config.Hash()) - if !ok { - return errors.UnsupportedError("unsupported preferred hash function") - } - - selfSignature.PreferredHash = []uint8{hash} - if config.Hash() != crypto.SHA256 { - selfSignature.PreferredHash = append(selfSignature.PreferredHash, hashToHashId(crypto.SHA256)) - } - - // Likewise for DefaultCipher. - selfSignature.PreferredSymmetric = []uint8{uint8(config.Cipher())} - if config.Cipher() != packet.CipherAES128 { - selfSignature.PreferredSymmetric = append(selfSignature.PreferredSymmetric, uint8(packet.CipherAES128)) - } - - // We set CompressionNone as the preferred compression algorithm because - // of compression side channel attacks, then append the configured - // DefaultCompressionAlgo if any is set (to signal support for cases - // where the application knows that using compression is safe). - selfSignature.PreferredCompression = []uint8{uint8(packet.CompressionNone)} - if config.Compression() != packet.CompressionNone { - selfSignature.PreferredCompression = append(selfSignature.PreferredCompression, uint8(config.Compression())) - } - - if advertiseAead { - // Get the preferred AEAD mode from the packet.Config. - // If it is not the must-implement algorithm from rfc9580, append that. - modes := []uint8{uint8(config.AEAD().Mode())} - if config.AEAD().Mode() != packet.AEADModeOCB { - modes = append(modes, uint8(packet.AEADModeOCB)) - } - - // For preferred (AES256, GCM), we'll generate (AES256, GCM), (AES256, OCB), (AES128, GCM), (AES128, OCB) - for _, cipher := range selfSignature.PreferredSymmetric { - for _, mode := range modes { - selfSignature.PreferredCipherSuites = append(selfSignature.PreferredCipherSuites, [2]uint8{cipher, mode}) - } - } - } - return nil -} - -func (t *Entity) addUserId(name, comment, email string, config *packet.Config, creationTime time.Time, keyLifetimeSecs uint32, writeProperties bool) error { - uid := packet.NewUserId(name, comment, email) - if uid == nil { - return errors.InvalidArgumentError("user id field contained invalid characters") - } - - if _, ok := t.Identities[uid.Id]; ok { - return errors.InvalidArgumentError("user id exist") - } - - primary := t.PrivateKey - isPrimaryId := len(t.Identities) == 0 - selfSignature := createSignaturePacket(&primary.PublicKey, packet.SigTypePositiveCert, config) - if writeProperties { - err := writeKeyProperties(selfSignature, creationTime, keyLifetimeSecs, config) - if err != nil { - return err - } - } - selfSignature.IsPrimaryId = &isPrimaryId - - // User ID binding signature - err := selfSignature.SignUserId(uid.Id, &primary.PublicKey, primary, config) - if err != nil { - return err - } - t.Identities[uid.Id] = &Identity{ - Name: uid.Id, - UserId: uid, - SelfSignature: selfSignature, - Signatures: []*packet.Signature{selfSignature}, - } - return nil -} - -// AddSigningSubkey adds a signing keypair as a subkey to the Entity. -// If config is nil, sensible defaults will be used. -func (e *Entity) AddSigningSubkey(config *packet.Config) error { - creationTime := config.Now() - keyLifetimeSecs := config.KeyLifetime() - - subPrivRaw, err := newSigner(config) - if err != nil { - return err - } - sub := packet.NewSignerPrivateKey(creationTime, subPrivRaw) - sub.IsSubkey = true - if config.V6() { - if err := sub.UpgradeToV6(); err != nil { - return err - } - } - - subkey := Subkey{ - PublicKey: &sub.PublicKey, - PrivateKey: sub, - } - subkey.Sig = createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyBinding, config) - subkey.Sig.CreationTime = creationTime - subkey.Sig.KeyLifetimeSecs = &keyLifetimeSecs - subkey.Sig.FlagsValid = true - subkey.Sig.FlagSign = true - subkey.Sig.EmbeddedSignature = createSignaturePacket(subkey.PublicKey, packet.SigTypePrimaryKeyBinding, config) - subkey.Sig.EmbeddedSignature.CreationTime = creationTime - - err = subkey.Sig.EmbeddedSignature.CrossSignKey(subkey.PublicKey, e.PrimaryKey, subkey.PrivateKey, config) - if err != nil { - return err - } - - err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config) - if err != nil { - return err - } - - e.Subkeys = append(e.Subkeys, subkey) - return nil -} - -// AddEncryptionSubkey adds an encryption keypair as a subkey to the Entity. -// If config is nil, sensible defaults will be used. -func (e *Entity) AddEncryptionSubkey(config *packet.Config) error { - creationTime := config.Now() - keyLifetimeSecs := config.KeyLifetime() - return e.addEncryptionSubkey(config, creationTime, keyLifetimeSecs) -} - -func (e *Entity) addEncryptionSubkey(config *packet.Config, creationTime time.Time, keyLifetimeSecs uint32) error { - subPrivRaw, err := newDecrypter(config) - if err != nil { - return err - } - sub := packet.NewDecrypterPrivateKey(creationTime, subPrivRaw) - sub.IsSubkey = true - if config.V6() { - if err := sub.UpgradeToV6(); err != nil { - return err - } - } - - subkey := Subkey{ - PublicKey: &sub.PublicKey, - PrivateKey: sub, - } - subkey.Sig = createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyBinding, config) - subkey.Sig.CreationTime = creationTime - subkey.Sig.KeyLifetimeSecs = &keyLifetimeSecs - subkey.Sig.FlagsValid = true - subkey.Sig.FlagEncryptStorage = true - subkey.Sig.FlagEncryptCommunications = true - - err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config) - if err != nil { - return err - } - - e.Subkeys = append(e.Subkeys, subkey) - return nil -} - -// Generates a signing key -func newSigner(config *packet.Config) (signer interface{}, err error) { - switch config.PublicKeyAlgorithm() { - case packet.PubKeyAlgoRSA: - bits := config.RSAModulusBits() - if bits < 1024 { - return nil, errors.InvalidArgumentError("bits must be >= 1024") - } - if config != nil && len(config.RSAPrimes) >= 2 { - primes := config.RSAPrimes[0:2] - config.RSAPrimes = config.RSAPrimes[2:] - return generateRSAKeyWithPrimes(config.Random(), 2, bits, primes) - } - return rsa.GenerateKey(config.Random(), bits) - case packet.PubKeyAlgoEdDSA: - if config.V6() { - // Implementations MUST NOT accept or generate v6 key material - // using the deprecated OIDs. - return nil, errors.InvalidArgumentError("EdDSALegacy cannot be used for v6 keys") - } - curve := ecc.FindEdDSAByGenName(string(config.CurveName())) - if curve == nil { - return nil, errors.InvalidArgumentError("unsupported curve") - } - - priv, err := eddsa.GenerateKey(config.Random(), curve) - if err != nil { - return nil, err - } - return priv, nil - case packet.PubKeyAlgoECDSA: - curve := ecc.FindECDSAByGenName(string(config.CurveName())) - if curve == nil { - return nil, errors.InvalidArgumentError("unsupported curve") - } - - priv, err := ecdsa.GenerateKey(config.Random(), curve) - if err != nil { - return nil, err - } - return priv, nil - case packet.PubKeyAlgoEd25519: - priv, err := ed25519.GenerateKey(config.Random()) - if err != nil { - return nil, err - } - return priv, nil - case packet.PubKeyAlgoEd448: - priv, err := ed448.GenerateKey(config.Random()) - if err != nil { - return nil, err - } - return priv, nil - default: - return nil, errors.InvalidArgumentError("unsupported public key algorithm") - } -} - -// Generates an encryption/decryption key -func newDecrypter(config *packet.Config) (decrypter interface{}, err error) { - switch config.PublicKeyAlgorithm() { - case packet.PubKeyAlgoRSA: - bits := config.RSAModulusBits() - if bits < 1024 { - return nil, errors.InvalidArgumentError("bits must be >= 1024") - } - if config != nil && len(config.RSAPrimes) >= 2 { - primes := config.RSAPrimes[0:2] - config.RSAPrimes = config.RSAPrimes[2:] - return generateRSAKeyWithPrimes(config.Random(), 2, bits, primes) - } - return rsa.GenerateKey(config.Random(), bits) - case packet.PubKeyAlgoEdDSA, packet.PubKeyAlgoECDSA: - fallthrough // When passing EdDSA or ECDSA, we generate an ECDH subkey - case packet.PubKeyAlgoECDH: - if config.V6() && - (config.CurveName() == packet.Curve25519 || - config.CurveName() == packet.Curve448) { - // Implementations MUST NOT accept or generate v6 key material - // using the deprecated OIDs. - return nil, errors.InvalidArgumentError("ECDH with Curve25519/448 legacy cannot be used for v6 keys") - } - var kdf = ecdh.KDF{ - Hash: algorithm.SHA512, - Cipher: algorithm.AES256, - } - curve := ecc.FindECDHByGenName(string(config.CurveName())) - if curve == nil { - return nil, errors.InvalidArgumentError("unsupported curve") - } - return ecdh.GenerateKey(config.Random(), curve, kdf) - case packet.PubKeyAlgoEd25519, packet.PubKeyAlgoX25519: // When passing Ed25519, we generate an x25519 subkey - return x25519.GenerateKey(config.Random()) - case packet.PubKeyAlgoEd448, packet.PubKeyAlgoX448: // When passing Ed448, we generate an x448 subkey - return x448.GenerateKey(config.Random()) - default: - return nil, errors.InvalidArgumentError("unsupported public key algorithm") - } -} - -var bigOne = big.NewInt(1) - -// generateRSAKeyWithPrimes generates a multi-prime RSA keypair of the -// given bit size, using the given random source and pre-populated primes. -func generateRSAKeyWithPrimes(random io.Reader, nprimes int, bits int, prepopulatedPrimes []*big.Int) (*rsa.PrivateKey, error) { - priv := new(rsa.PrivateKey) - priv.E = 65537 - - if nprimes < 2 { - return nil, goerrors.New("generateRSAKeyWithPrimes: nprimes must be >= 2") - } - - if bits < 1024 { - return nil, goerrors.New("generateRSAKeyWithPrimes: bits must be >= 1024") - } - - primes := make([]*big.Int, nprimes) - -NextSetOfPrimes: - for { - todo := bits - // crypto/rand should set the top two bits in each prime. - // Thus each prime has the form - // p_i = 2^bitlen(p_i) × 0.11... (in base 2). - // And the product is: - // P = 2^todo × α - // where α is the product of nprimes numbers of the form 0.11... - // - // If α < 1/2 (which can happen for nprimes > 2), we need to - // shift todo to compensate for lost bits: the mean value of 0.11... - // is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2 - // will give good results. - if nprimes >= 7 { - todo += (nprimes - 2) / 5 - } - for i := 0; i < nprimes; i++ { - var err error - if len(prepopulatedPrimes) == 0 { - primes[i], err = rand.Prime(random, todo/(nprimes-i)) - if err != nil { - return nil, err - } - } else { - primes[i] = prepopulatedPrimes[0] - prepopulatedPrimes = prepopulatedPrimes[1:] - } - - todo -= primes[i].BitLen() - } - - // Make sure that primes is pairwise unequal. - for i, prime := range primes { - for j := 0; j < i; j++ { - if prime.Cmp(primes[j]) == 0 { - continue NextSetOfPrimes - } - } - } - - n := new(big.Int).Set(bigOne) - totient := new(big.Int).Set(bigOne) - pminus1 := new(big.Int) - for _, prime := range primes { - n.Mul(n, prime) - pminus1.Sub(prime, bigOne) - totient.Mul(totient, pminus1) - } - if n.BitLen() != bits { - // This should never happen for nprimes == 2 because - // crypto/rand should set the top two bits in each prime. - // For nprimes > 2 we hope it does not happen often. - continue NextSetOfPrimes - } - - priv.D = new(big.Int) - e := big.NewInt(int64(priv.E)) - ok := priv.D.ModInverse(e, totient) - - if ok != nil { - priv.Primes = primes - priv.N = n - break - } - } - - priv.Precompute() - return priv, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go deleted file mode 100644 index a071353e2e..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go +++ /dev/null @@ -1,901 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package openpgp - -import ( - goerrors "errors" - "fmt" - "io" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/armor" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/packet" -) - -// PublicKeyType is the armor type for a PGP public key. -var PublicKeyType = "PGP PUBLIC KEY BLOCK" - -// PrivateKeyType is the armor type for a PGP private key. -var PrivateKeyType = "PGP PRIVATE KEY BLOCK" - -// An Entity represents the components of an OpenPGP key: a primary public key -// (which must be a signing key), one or more identities claimed by that key, -// and zero or more subkeys, which may be encryption keys. -type Entity struct { - PrimaryKey *packet.PublicKey - PrivateKey *packet.PrivateKey - Identities map[string]*Identity // indexed by Identity.Name - Revocations []*packet.Signature - Subkeys []Subkey - SelfSignature *packet.Signature // Direct-key self signature of the PrimaryKey (contains primary key properties in v6) - Signatures []*packet.Signature // all (potentially unverified) self-signatures, revocations, and third-party signatures -} - -// An Identity represents an identity claimed by an Entity and zero or more -// assertions by other entities about that claim. -type Identity struct { - Name string // by convention, has the form "Full Name (comment) " - UserId *packet.UserId - SelfSignature *packet.Signature - Revocations []*packet.Signature - Signatures []*packet.Signature // all (potentially unverified) self-signatures, revocations, and third-party signatures -} - -// A Subkey is an additional public key in an Entity. Subkeys can be used for -// encryption. -type Subkey struct { - PublicKey *packet.PublicKey - PrivateKey *packet.PrivateKey - Sig *packet.Signature - Revocations []*packet.Signature -} - -// A Key identifies a specific public key in an Entity. This is either the -// Entity's primary key or a subkey. -type Key struct { - Entity *Entity - PublicKey *packet.PublicKey - PrivateKey *packet.PrivateKey - SelfSignature *packet.Signature - Revocations []*packet.Signature -} - -// A KeyRing provides access to public and private keys. -type KeyRing interface { - // KeysById returns the set of keys that have the given key id. - KeysById(id uint64) []Key - // KeysByIdAndUsage returns the set of keys with the given id - // that also meet the key usage given by requiredUsage. - // The requiredUsage is expressed as the bitwise-OR of - // packet.KeyFlag* values. - KeysByIdUsage(id uint64, requiredUsage byte) []Key - // DecryptionKeys returns all private keys that are valid for - // decryption. - DecryptionKeys() []Key -} - -// PrimaryIdentity returns an Identity, preferring non-revoked identities, -// identities marked as primary, or the latest-created identity, in that order. -func (e *Entity) PrimaryIdentity() *Identity { - var primaryIdentity *Identity - for _, ident := range e.Identities { - if shouldPreferIdentity(primaryIdentity, ident) { - primaryIdentity = ident - } - } - return primaryIdentity -} - -func shouldPreferIdentity(existingId, potentialNewId *Identity) bool { - if existingId == nil { - return true - } - - if len(existingId.Revocations) > len(potentialNewId.Revocations) { - return true - } - - if len(existingId.Revocations) < len(potentialNewId.Revocations) { - return false - } - - if existingId.SelfSignature == nil { - return true - } - - if existingId.SelfSignature.IsPrimaryId != nil && *existingId.SelfSignature.IsPrimaryId && - !(potentialNewId.SelfSignature.IsPrimaryId != nil && *potentialNewId.SelfSignature.IsPrimaryId) { - return false - } - - if !(existingId.SelfSignature.IsPrimaryId != nil && *existingId.SelfSignature.IsPrimaryId) && - potentialNewId.SelfSignature.IsPrimaryId != nil && *potentialNewId.SelfSignature.IsPrimaryId { - return true - } - - return potentialNewId.SelfSignature.CreationTime.After(existingId.SelfSignature.CreationTime) -} - -// EncryptionKey returns the best candidate Key for encrypting a message to the -// given Entity. -func (e *Entity) EncryptionKey(now time.Time) (Key, bool) { - // Fail to find any encryption key if the... - primarySelfSignature, primaryIdentity := e.PrimarySelfSignature() - if primarySelfSignature == nil || // no self-signature found - e.PrimaryKey.KeyExpired(primarySelfSignature, now) || // primary key has expired - e.Revoked(now) || // primary key has been revoked - primarySelfSignature.SigExpired(now) || // user ID or or direct self-signature has expired - (primaryIdentity != nil && primaryIdentity.Revoked(now)) { // user ID has been revoked (for v4 keys) - return Key{}, false - } - - // Iterate the keys to find the newest, unexpired one - candidateSubkey := -1 - var maxTime time.Time - for i, subkey := range e.Subkeys { - if subkey.Sig.FlagsValid && - subkey.Sig.FlagEncryptCommunications && - subkey.PublicKey.PubKeyAlgo.CanEncrypt() && - !subkey.PublicKey.KeyExpired(subkey.Sig, now) && - !subkey.Sig.SigExpired(now) && - !subkey.Revoked(now) && - (maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) { - candidateSubkey = i - maxTime = subkey.Sig.CreationTime - } - } - - if candidateSubkey != -1 { - subkey := e.Subkeys[candidateSubkey] - return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig, subkey.Revocations}, true - } - - // If we don't have any subkeys for encryption and the primary key - // is marked as OK to encrypt with, then we can use it. - if primarySelfSignature.FlagsValid && primarySelfSignature.FlagEncryptCommunications && - e.PrimaryKey.PubKeyAlgo.CanEncrypt() { - return Key{e, e.PrimaryKey, e.PrivateKey, primarySelfSignature, e.Revocations}, true - } - - return Key{}, false -} - -// CertificationKey return the best candidate Key for certifying a key with this -// Entity. -func (e *Entity) CertificationKey(now time.Time) (Key, bool) { - return e.CertificationKeyById(now, 0) -} - -// CertificationKeyById return the Key for key certification with this -// Entity and keyID. -func (e *Entity) CertificationKeyById(now time.Time, id uint64) (Key, bool) { - return e.signingKeyByIdUsage(now, id, packet.KeyFlagCertify) -} - -// SigningKey return the best candidate Key for signing a message with this -// Entity. -func (e *Entity) SigningKey(now time.Time) (Key, bool) { - return e.SigningKeyById(now, 0) -} - -// SigningKeyById return the Key for signing a message with this -// Entity and keyID. -func (e *Entity) SigningKeyById(now time.Time, id uint64) (Key, bool) { - return e.signingKeyByIdUsage(now, id, packet.KeyFlagSign) -} - -func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int) (Key, bool) { - // Fail to find any signing key if the... - primarySelfSignature, primaryIdentity := e.PrimarySelfSignature() - if primarySelfSignature == nil || // no self-signature found - e.PrimaryKey.KeyExpired(primarySelfSignature, now) || // primary key has expired - e.Revoked(now) || // primary key has been revoked - primarySelfSignature.SigExpired(now) || // user ID or direct self-signature has expired - (primaryIdentity != nil && primaryIdentity.Revoked(now)) { // user ID has been revoked (for v4 keys) - return Key{}, false - } - - // Iterate the keys to find the newest, unexpired one - candidateSubkey := -1 - var maxTime time.Time - for idx, subkey := range e.Subkeys { - if subkey.Sig.FlagsValid && - (flags&packet.KeyFlagCertify == 0 || subkey.Sig.FlagCertify) && - (flags&packet.KeyFlagSign == 0 || subkey.Sig.FlagSign) && - subkey.PublicKey.PubKeyAlgo.CanSign() && - !subkey.PublicKey.KeyExpired(subkey.Sig, now) && - !subkey.Sig.SigExpired(now) && - !subkey.Revoked(now) && - (maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) && - (id == 0 || subkey.PublicKey.KeyId == id) { - candidateSubkey = idx - maxTime = subkey.Sig.CreationTime - } - } - - if candidateSubkey != -1 { - subkey := e.Subkeys[candidateSubkey] - return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig, subkey.Revocations}, true - } - - // If we don't have any subkeys for signing and the primary key - // is marked as OK to sign with, then we can use it. - if primarySelfSignature.FlagsValid && - (flags&packet.KeyFlagCertify == 0 || primarySelfSignature.FlagCertify) && - (flags&packet.KeyFlagSign == 0 || primarySelfSignature.FlagSign) && - e.PrimaryKey.PubKeyAlgo.CanSign() && - (id == 0 || e.PrimaryKey.KeyId == id) { - return Key{e, e.PrimaryKey, e.PrivateKey, primarySelfSignature, e.Revocations}, true - } - - // No keys with a valid Signing Flag or no keys matched the id passed in - return Key{}, false -} - -func revoked(revocations []*packet.Signature, now time.Time) bool { - for _, revocation := range revocations { - if revocation.RevocationReason != nil && *revocation.RevocationReason == packet.KeyCompromised { - // If the key is compromised, the key is considered revoked even before the revocation date. - return true - } - if !revocation.SigExpired(now) { - return true - } - } - return false -} - -// Revoked returns whether the entity has any direct key revocation signatures. -// Note that third-party revocation signatures are not supported. -// Note also that Identity and Subkey revocation should be checked separately. -func (e *Entity) Revoked(now time.Time) bool { - return revoked(e.Revocations, now) -} - -// EncryptPrivateKeys encrypts all non-encrypted keys in the entity with the same key -// derived from the provided passphrase. Public keys and dummy keys are ignored, -// and don't cause an error to be returned. -func (e *Entity) EncryptPrivateKeys(passphrase []byte, config *packet.Config) error { - var keysToEncrypt []*packet.PrivateKey - // Add entity private key to encrypt. - if e.PrivateKey != nil && !e.PrivateKey.Dummy() && !e.PrivateKey.Encrypted { - keysToEncrypt = append(keysToEncrypt, e.PrivateKey) - } - - // Add subkeys to encrypt. - for _, sub := range e.Subkeys { - if sub.PrivateKey != nil && !sub.PrivateKey.Dummy() && !sub.PrivateKey.Encrypted { - keysToEncrypt = append(keysToEncrypt, sub.PrivateKey) - } - } - return packet.EncryptPrivateKeys(keysToEncrypt, passphrase, config) -} - -// DecryptPrivateKeys decrypts all encrypted keys in the entity with the given passphrase. -// Avoids recomputation of similar s2k key derivations. Public keys and dummy keys are ignored, -// and don't cause an error to be returned. -func (e *Entity) DecryptPrivateKeys(passphrase []byte) error { - var keysToDecrypt []*packet.PrivateKey - // Add entity private key to decrypt. - if e.PrivateKey != nil && !e.PrivateKey.Dummy() && e.PrivateKey.Encrypted { - keysToDecrypt = append(keysToDecrypt, e.PrivateKey) - } - - // Add subkeys to decrypt. - for _, sub := range e.Subkeys { - if sub.PrivateKey != nil && !sub.PrivateKey.Dummy() && sub.PrivateKey.Encrypted { - keysToDecrypt = append(keysToDecrypt, sub.PrivateKey) - } - } - return packet.DecryptPrivateKeys(keysToDecrypt, passphrase) -} - -// Revoked returns whether the identity has been revoked by a self-signature. -// Note that third-party revocation signatures are not supported. -func (i *Identity) Revoked(now time.Time) bool { - return revoked(i.Revocations, now) -} - -// Revoked returns whether the subkey has been revoked by a self-signature. -// Note that third-party revocation signatures are not supported. -func (s *Subkey) Revoked(now time.Time) bool { - return revoked(s.Revocations, now) -} - -// Revoked returns whether the key or subkey has been revoked by a self-signature. -// Note that third-party revocation signatures are not supported. -// Note also that Identity revocation should be checked separately. -// Normally, it's not necessary to call this function, except on keys returned by -// KeysById or KeysByIdUsage. -func (key *Key) Revoked(now time.Time) bool { - return revoked(key.Revocations, now) -} - -// An EntityList contains one or more Entities. -type EntityList []*Entity - -// KeysById returns the set of keys that have the given key id. -func (el EntityList) KeysById(id uint64) (keys []Key) { - for _, e := range el { - if e.PrimaryKey.KeyId == id { - selfSig, _ := e.PrimarySelfSignature() - keys = append(keys, Key{e, e.PrimaryKey, e.PrivateKey, selfSig, e.Revocations}) - } - - for _, subKey := range e.Subkeys { - if subKey.PublicKey.KeyId == id { - keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig, subKey.Revocations}) - } - } - } - return -} - -// KeysByIdAndUsage returns the set of keys with the given id that also meet -// the key usage given by requiredUsage. The requiredUsage is expressed as -// the bitwise-OR of packet.KeyFlag* values. -func (el EntityList) KeysByIdUsage(id uint64, requiredUsage byte) (keys []Key) { - for _, key := range el.KeysById(id) { - if requiredUsage != 0 { - if key.SelfSignature == nil || !key.SelfSignature.FlagsValid { - continue - } - - var usage byte - if key.SelfSignature.FlagCertify { - usage |= packet.KeyFlagCertify - } - if key.SelfSignature.FlagSign { - usage |= packet.KeyFlagSign - } - if key.SelfSignature.FlagEncryptCommunications { - usage |= packet.KeyFlagEncryptCommunications - } - if key.SelfSignature.FlagEncryptStorage { - usage |= packet.KeyFlagEncryptStorage - } - if usage&requiredUsage != requiredUsage { - continue - } - } - - keys = append(keys, key) - } - return -} - -// DecryptionKeys returns all private keys that are valid for decryption. -func (el EntityList) DecryptionKeys() (keys []Key) { - for _, e := range el { - for _, subKey := range e.Subkeys { - if subKey.PrivateKey != nil && subKey.Sig.FlagsValid && (subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications) { - keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig, subKey.Revocations}) - } - } - } - return -} - -// ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file. -func ReadArmoredKeyRing(r io.Reader) (EntityList, error) { - block, err := armor.Decode(r) - if err == io.EOF { - return nil, errors.InvalidArgumentError("no armored data found") - } - if err != nil { - return nil, err - } - if block.Type != PublicKeyType && block.Type != PrivateKeyType { - return nil, errors.InvalidArgumentError("expected public or private key block, got: " + block.Type) - } - - return ReadKeyRing(block.Body) -} - -// ReadKeyRing reads one or more public/private keys. Unsupported keys are -// ignored as long as at least a single valid key is found. -func ReadKeyRing(r io.Reader) (el EntityList, err error) { - packets := packet.NewReader(r) - var lastUnsupportedError error - - for { - var e *Entity - e, err = ReadEntity(packets) - if err != nil { - // TODO: warn about skipped unsupported/unreadable keys - if _, ok := err.(errors.UnsupportedError); ok { - lastUnsupportedError = err - err = readToNextPublicKey(packets) - } else if _, ok := err.(errors.StructuralError); ok { - // Skip unreadable, badly-formatted keys - lastUnsupportedError = err - err = readToNextPublicKey(packets) - } - if err == io.EOF { - err = nil - break - } - if err != nil { - el = nil - break - } - } else { - el = append(el, e) - } - } - - if len(el) == 0 && err == nil { - err = lastUnsupportedError - } - return -} - -// readToNextPublicKey reads packets until the start of the entity and leaves -// the first packet of the new entity in the Reader. -func readToNextPublicKey(packets *packet.Reader) (err error) { - var p packet.Packet - for { - p, err = packets.Next() - if err == io.EOF { - return - } else if err != nil { - if _, ok := err.(errors.UnsupportedError); ok { - continue - } - return - } - - if pk, ok := p.(*packet.PublicKey); ok && !pk.IsSubkey { - packets.Unread(p) - return - } - } -} - -// ReadEntity reads an entity (public key, identities, subkeys etc) from the -// given Reader. -func ReadEntity(packets *packet.Reader) (*Entity, error) { - e := new(Entity) - e.Identities = make(map[string]*Identity) - - p, err := packets.Next() - if err != nil { - return nil, err - } - - var ok bool - if e.PrimaryKey, ok = p.(*packet.PublicKey); !ok { - if e.PrivateKey, ok = p.(*packet.PrivateKey); !ok { - packets.Unread(p) - return nil, errors.StructuralError("first packet was not a public/private key") - } - e.PrimaryKey = &e.PrivateKey.PublicKey - } - - if !e.PrimaryKey.PubKeyAlgo.CanSign() { - return nil, errors.StructuralError("primary key cannot be used for signatures") - } - - var revocations []*packet.Signature - var directSignatures []*packet.Signature -EachPacket: - for { - p, err := packets.Next() - if err == io.EOF { - break - } else if err != nil { - return nil, err - } - - switch pkt := p.(type) { - case *packet.UserId: - if err := addUserID(e, packets, pkt); err != nil { - return nil, err - } - case *packet.Signature: - if pkt.SigType == packet.SigTypeKeyRevocation { - revocations = append(revocations, pkt) - } else if pkt.SigType == packet.SigTypeDirectSignature { - directSignatures = append(directSignatures, pkt) - } - // Else, ignoring the signature as it does not follow anything - // we would know to attach it to. - case *packet.PrivateKey: - if !pkt.IsSubkey { - packets.Unread(p) - break EachPacket - } - err = addSubkey(e, packets, &pkt.PublicKey, pkt) - if err != nil { - return nil, err - } - case *packet.PublicKey: - if !pkt.IsSubkey { - packets.Unread(p) - break EachPacket - } - err = addSubkey(e, packets, pkt, nil) - if err != nil { - return nil, err - } - default: - // we ignore unknown packets. - } - } - - if len(e.Identities) == 0 && e.PrimaryKey.Version < 6 { - return nil, errors.StructuralError(fmt.Sprintf("v%d entity without any identities", e.PrimaryKey.Version)) - } - - // An implementation MUST ensure that a valid direct-key signature is present before using a v6 key. - if e.PrimaryKey.Version == 6 { - if len(directSignatures) == 0 { - return nil, errors.StructuralError("v6 entity without a valid direct-key signature") - } - // Select main direct key signature. - var mainDirectKeySelfSignature *packet.Signature - for _, directSignature := range directSignatures { - if directSignature.SigType == packet.SigTypeDirectSignature && - directSignature.CheckKeyIdOrFingerprint(e.PrimaryKey) && - (mainDirectKeySelfSignature == nil || - directSignature.CreationTime.After(mainDirectKeySelfSignature.CreationTime)) { - mainDirectKeySelfSignature = directSignature - } - } - if mainDirectKeySelfSignature == nil { - return nil, errors.StructuralError("no valid direct-key self-signature for v6 primary key found") - } - // Check that the main self-signature is valid. - err = e.PrimaryKey.VerifyDirectKeySignature(mainDirectKeySelfSignature) - if err != nil { - return nil, errors.StructuralError("invalid direct-key self-signature for v6 primary key") - } - e.SelfSignature = mainDirectKeySelfSignature - e.Signatures = directSignatures - } - - for _, revocation := range revocations { - err = e.PrimaryKey.VerifyRevocationSignature(revocation) - if err == nil { - e.Revocations = append(e.Revocations, revocation) - } else { - // TODO: RFC 4880 5.2.3.15 defines revocation keys. - return nil, errors.StructuralError("revocation signature signed by alternate key") - } - } - - return e, nil -} - -func addUserID(e *Entity, packets *packet.Reader, pkt *packet.UserId) error { - // Make a new Identity object, that we might wind up throwing away. - // We'll only add it if we get a valid self-signature over this - // userID. - identity := new(Identity) - identity.Name = pkt.Id - identity.UserId = pkt - - for { - p, err := packets.Next() - if err == io.EOF { - break - } else if err != nil { - return err - } - - sig, ok := p.(*packet.Signature) - if !ok { - packets.Unread(p) - break - } - - if sig.SigType != packet.SigTypeGenericCert && - sig.SigType != packet.SigTypePersonaCert && - sig.SigType != packet.SigTypeCasualCert && - sig.SigType != packet.SigTypePositiveCert && - sig.SigType != packet.SigTypeCertificationRevocation { - return errors.StructuralError("user ID signature with wrong type") - } - - if sig.CheckKeyIdOrFingerprint(e.PrimaryKey) { - if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil { - return errors.StructuralError("user ID self-signature invalid: " + err.Error()) - } - if sig.SigType == packet.SigTypeCertificationRevocation { - identity.Revocations = append(identity.Revocations, sig) - } else if identity.SelfSignature == nil || sig.CreationTime.After(identity.SelfSignature.CreationTime) { - identity.SelfSignature = sig - } - identity.Signatures = append(identity.Signatures, sig) - e.Identities[pkt.Id] = identity - } else { - identity.Signatures = append(identity.Signatures, sig) - } - } - - return nil -} - -func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error { - var subKey Subkey - subKey.PublicKey = pub - subKey.PrivateKey = priv - - for { - p, err := packets.Next() - if err == io.EOF { - break - } else if err != nil { - return errors.StructuralError("subkey signature invalid: " + err.Error()) - } - - sig, ok := p.(*packet.Signature) - if !ok { - packets.Unread(p) - break - } - - if sig.SigType != packet.SigTypeSubkeyBinding && sig.SigType != packet.SigTypeSubkeyRevocation { - return errors.StructuralError("subkey signature with wrong type") - } - - if err := e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, sig); err != nil { - return errors.StructuralError("subkey signature invalid: " + err.Error()) - } - - switch sig.SigType { - case packet.SigTypeSubkeyRevocation: - subKey.Revocations = append(subKey.Revocations, sig) - case packet.SigTypeSubkeyBinding: - if subKey.Sig == nil || sig.CreationTime.After(subKey.Sig.CreationTime) { - subKey.Sig = sig - } - } - } - - if subKey.Sig == nil { - return errors.StructuralError("subkey packet not followed by signature") - } - - e.Subkeys = append(e.Subkeys, subKey) - - return nil -} - -// SerializePrivate serializes an Entity, including private key material, but -// excluding signatures from other entities, to the given Writer. -// Identities and subkeys are re-signed in case they changed since NewEntry. -// If config is nil, sensible defaults will be used. -func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) { - if e.PrivateKey.Dummy() { - return errors.ErrDummyPrivateKey("dummy private key cannot re-sign identities") - } - return e.serializePrivate(w, config, true) -} - -// SerializePrivateWithoutSigning serializes an Entity, including private key -// material, but excluding signatures from other entities, to the given Writer. -// Self-signatures of identities and subkeys are not re-signed. This is useful -// when serializing GNU dummy keys, among other things. -// If config is nil, sensible defaults will be used. -func (e *Entity) SerializePrivateWithoutSigning(w io.Writer, config *packet.Config) (err error) { - return e.serializePrivate(w, config, false) -} - -func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign bool) (err error) { - if e.PrivateKey == nil { - return goerrors.New("openpgp: private key is missing") - } - err = e.PrivateKey.Serialize(w) - if err != nil { - return - } - for _, revocation := range e.Revocations { - err := revocation.Serialize(w) - if err != nil { - return err - } - } - for _, directSignature := range e.Signatures { - err := directSignature.Serialize(w) - if err != nil { - return err - } - } - for _, ident := range e.Identities { - err = ident.UserId.Serialize(w) - if err != nil { - return - } - if reSign { - if ident.SelfSignature == nil { - return goerrors.New("openpgp: can't re-sign identity without valid self-signature") - } - err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey, config) - if err != nil { - return - } - } - for _, sig := range ident.Signatures { - err = sig.Serialize(w) - if err != nil { - return err - } - } - } - for _, subkey := range e.Subkeys { - err = subkey.PrivateKey.Serialize(w) - if err != nil { - return - } - if reSign { - err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config) - if err != nil { - return - } - if subkey.Sig.EmbeddedSignature != nil { - err = subkey.Sig.EmbeddedSignature.CrossSignKey(subkey.PublicKey, e.PrimaryKey, - subkey.PrivateKey, config) - if err != nil { - return - } - } - } - for _, revocation := range subkey.Revocations { - err := revocation.Serialize(w) - if err != nil { - return err - } - } - err = subkey.Sig.Serialize(w) - if err != nil { - return - } - } - return nil -} - -// Serialize writes the public part of the given Entity to w, including -// signatures from other entities. No private key material will be output. -func (e *Entity) Serialize(w io.Writer) error { - err := e.PrimaryKey.Serialize(w) - if err != nil { - return err - } - for _, revocation := range e.Revocations { - err := revocation.Serialize(w) - if err != nil { - return err - } - } - for _, directSignature := range e.Signatures { - err := directSignature.Serialize(w) - if err != nil { - return err - } - } - for _, ident := range e.Identities { - err = ident.UserId.Serialize(w) - if err != nil { - return err - } - for _, sig := range ident.Signatures { - err = sig.Serialize(w) - if err != nil { - return err - } - } - } - for _, subkey := range e.Subkeys { - err = subkey.PublicKey.Serialize(w) - if err != nil { - return err - } - for _, revocation := range subkey.Revocations { - err := revocation.Serialize(w) - if err != nil { - return err - } - } - err = subkey.Sig.Serialize(w) - if err != nil { - return err - } - } - return nil -} - -// SignIdentity adds a signature to e, from signer, attesting that identity is -// associated with e. The provided identity must already be an element of -// e.Identities and the private key of signer must have been decrypted if -// necessary. -// If config is nil, sensible defaults will be used. -func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Config) error { - certificationKey, ok := signer.CertificationKey(config.Now()) - if !ok { - return errors.InvalidArgumentError("no valid certification key found") - } - - if certificationKey.PrivateKey.Encrypted { - return errors.InvalidArgumentError("signing Entity's private key must be decrypted") - } - - ident, ok := e.Identities[identity] - if !ok { - return errors.InvalidArgumentError("given identity string not found in Entity") - } - - sig := createSignaturePacket(certificationKey.PublicKey, packet.SigTypeGenericCert, config) - - signingUserID := config.SigningUserId() - if signingUserID != "" { - if _, ok := signer.Identities[signingUserID]; !ok { - return errors.InvalidArgumentError("signer identity string not found in signer Entity") - } - sig.SignerUserId = &signingUserID - } - - if err := sig.SignUserId(identity, e.PrimaryKey, certificationKey.PrivateKey, config); err != nil { - return err - } - ident.Signatures = append(ident.Signatures, sig) - return nil -} - -// RevokeKey generates a key revocation signature (packet.SigTypeKeyRevocation) with the -// specified reason code and text (RFC4880 section-5.2.3.23). -// If config is nil, sensible defaults will be used. -func (e *Entity) RevokeKey(reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error { - revSig := createSignaturePacket(e.PrimaryKey, packet.SigTypeKeyRevocation, config) - revSig.RevocationReason = &reason - revSig.RevocationReasonText = reasonText - - if err := revSig.RevokeKey(e.PrimaryKey, e.PrivateKey, config); err != nil { - return err - } - e.Revocations = append(e.Revocations, revSig) - return nil -} - -// RevokeSubkey generates a subkey revocation signature (packet.SigTypeSubkeyRevocation) for -// a subkey with the specified reason code and text (RFC4880 section-5.2.3.23). -// If config is nil, sensible defaults will be used. -func (e *Entity) RevokeSubkey(sk *Subkey, reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error { - if err := e.PrimaryKey.VerifyKeySignature(sk.PublicKey, sk.Sig); err != nil { - return errors.InvalidArgumentError("given subkey is not associated with this key") - } - - revSig := createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyRevocation, config) - revSig.RevocationReason = &reason - revSig.RevocationReasonText = reasonText - - if err := revSig.RevokeSubkey(sk.PublicKey, e.PrivateKey, config); err != nil { - return err - } - - sk.Revocations = append(sk.Revocations, revSig) - return nil -} - -func (e *Entity) primaryDirectSignature() *packet.Signature { - return e.SelfSignature -} - -// PrimarySelfSignature searches the entity for the self-signature that stores key preferences. -// For V4 keys, returns the self-signature of the primary identity, and the identity. -// For V6 keys, returns the latest valid direct-key self-signature, and no identity (nil). -// This self-signature is to be used to check the key expiration, -// algorithm preferences, and so on. -func (e *Entity) PrimarySelfSignature() (*packet.Signature, *Identity) { - if e.PrimaryKey.Version == 6 { - return e.primaryDirectSignature(), nil - } - primaryIdentity := e.PrimaryIdentity() - if primaryIdentity == nil { - return nil, nil - } - return primaryIdentity.SelfSignature, primaryIdentity -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go deleted file mode 100644 index 108fd096f3..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go +++ /dev/null @@ -1,538 +0,0 @@ -package openpgp - -const expiringKeyHex = "c6c04d0451d0c680010800abbb021fd03ffc4e96618901180c3fdcb060ee69eeead97b91256d11420d80b5f1b51930248044130bd300605cf8a05b7a40d3d8cfb0a910be2e3db50dcd50a9c54064c2a5550801daa834ff4480b33d3d3ca495ff8a4e84a886977d17d998f881241a874083d8b995beab555b6d22b8a4817ab17ac3e7304f7d4d2c05c495fb2218348d3bc13651db1d92732e368a9dd7dcefa6eddff30b94706a9aaee47e9d39321460b740c59c6fc3c2fd8ab6c0fb868cb87c0051f0321301fe0f0e1820b15e7fb7063395769b525005c7e30a7ce85984f5cac00504e7b4fdc45d74958de8388436fd5c7ba9ea121f1c851b5911dd1b47a14d81a09e92ef37721e2325b6790011010001cd00c2c07b041001080025050251d0c680050900278d00060b09070803020415080a0203160201021901021b03021e01000a0910e7b484133a890a35ae4b0800a1beb82e7f28eaf5273d6af9d3391314f6280b2b624eaca2851f89a9ebcaf80ac589ebd509f168bc4322106ca2e2ce77a76e071a3c7444787d65216b5f05e82c77928860b92aace3b7d0327db59492f422eb9dfab7249266d37429870b091a98aba8724c2259ebf8f85093f21255eafa75aa841e31d94f2ac891b9755fed455e539044ee69fc47950b80e003fc9f298d695660f28329eaa38037c367efde1727458e514faf990d439a21461b719edaddf9296d3d0647b43ca56cb8dbf63b4fcf8b9968e7928c463470fab3b98e44d0d95645062f94b2d04fe56bd52822b71934db8ce845622c40b92fcbe765a142e7f38b61a6aa9606c8e8858dcd3b6eb1894acec04d0451d1f06b01080088bea67444e1789390e7c0335c86775502d58ec783d99c8ef4e06de235ed3dd4b0467f6f358d818c7d8989d43ec6d69fcbc8c32632d5a1b605e3fa8e41d695fcdcaa535936cd0157f9040dce362519803b908eafe838bb13216c885c6f93e9e8d5745607f0d062322085d6bdc760969149a8ff8dd9f5c18d9bfe2e6f63a06e17694cf1f67587c6fb70e9aebf90ffc528ca3b615ac7c9d4a21ea4f7c06f2e98fbbd90a859b8608bf9ea638e3a54289ce44c283110d0c45fa458de6251cd6e7baf71f80f12c8978340490fd90c92b81736ae902ed958e478dceae2835953d189c45d182aff02ea2be61b81d8e94430f041d638647b43e2fcb45fd512fbf5068b810011010001c2c06504180108000f050251d1f06b050900081095021b0c000a0910e7b484133a890a35e63407fe2ec88d6d1e6c9ce7553ece0cb2524747217bad29f251d33df84599ffcc900141a355abd62126800744068a5e05dc167056aa9205273dc7765a2ed49db15c2a83b8d6e6429c902136f1e12229086c1c10c0053242c2a4ae1930db58163387a48cad64607ff2153c320e42843dec28e3fce90e7399d63ac0affa2fee1f0adc0953c89eb3f46ef1d6c04328ed13b491669d5120a3782e3ffb7c69575fb77eebd108794f4dda9d34be2bae57e8e59ec8ebfda2f6f06104b2321be408ea146e2db482b00c5055c8618de36ac9716f80da2617e225556d0fce61b01c8cea2d1e0ea982c31711060ca370f2739366e1e708f38405d784b49d16a26cf62d152eae734327cec04d0451d1f07b010800d5af91c5e7c2fd8951c8d254eab0c97cdcb66822f868b79b78c366255059a68fd74ebca9adb9b970cd9e586690e6e0756705432306878c897b10a4b4ca0005966f99ac8fa4e6f9caf54bf8e53844544beee9872a7ac64c119cf1393d96e674254b661f61ee975633d0e8a8672531edb6bb8e211204e7754a9efa802342118eee850beea742bac95a3f706cc2024cf6037a308bb68162b2f53b9a6346a96e6d31871a2456186e24a1c7a82b82ac04afdfd57cd7fb9ba77a9c760d40b76a170f7be525e5fb6a9848cc726e806187710d9b190387df28700f321f988a392899f93815cc937f309129eb94d5299c5547cb2c085898e6639496e70d746c9d3fb9881d0011010001c2c06504180108000f050251d1f07b050900266305021b0c000a0910e7b484133a890a35bff207fd10dfe8c4a6ea1dd30568012b6fd6891a763c87ad0f7a1d112aad9e8e3239378a3b85588c235865bac2e614348cb4f216d7217f53b3ef48c192e0a4d31d64d7bfa5faccf21155965fa156e887056db644a05ad08a85cc6152d1377d9e37b46f4ff462bbe68ace2dc586ef90070314576c985d8037c2ba63f0a7dc17a62e15bd77e88bc61d9d00858979709f12304264a4cf4225c5cf86f12c8e19486cb9cdcc69f18f027e5f16f4ca8b50e28b3115eaff3a345acd21f624aef81f6ede515c1b55b26b84c1e32264754eab672d5489b287e7277ea855e0a5ff2aa9e8b8c76d579a964ec225255f4d57bf66639ccb34b64798846943e162a41096a7002ca21c7f56" -const subkeyUsageHex = "988d04533a52bc010400d26af43085558f65b9e7dbc90cb9238015259aed5e954637adcfa2181548b2d0b60c65f1f42ec5081cbf1bc0a8aa4900acfb77070837c58f26012fbce297d70afe96e759ad63531f0037538e70dbf8e384569b9720d99d8eb39d8d0a2947233ed242436cb6ac7dfe74123354b3d0119b5c235d3dd9c9d6c004f8ffaf67ad8583001101000188b7041f010200210502533b8552170c8001ce094aa433f7040bb2ddf0be3893cb843d0fe70c020700000a0910a42704b92866382aa98404009d63d916a27543da4221c60087c33f1c44bec9998c5438018ed370cca4962876c748e94b73eb39c58eb698063f3fd6346d58dd2a11c0247934c4a9d71f24754f7468f96fb24c3e791dd2392b62f626148ad724189498cbf993db2df7c0cdc2d677c35da0f16cb16c9ce7c33b4de65a4a91b1d21a130ae9cc26067718910ef8e2b417556d627261203c756d627261407379642e65642e61753e88b80413010200220502533a52bc021b03060b090807030206150802090a0b0416020301021e01021780000a0910a42704b92866382a47840400c0c2bd04f5fca586de408b395b3c280a278259c93eaaa8b79a53b97003f8ed502a8a00446dd9947fb462677e4fcac0dac2f0701847d15130aadb6cd9e0705ea0cf5f92f129136c7be21a718d46c8e641eb7f044f2adae573e11ae423a0a9ca51324f03a8a2f34b91fa40c3cc764bee4dccadedb54c768ba0469b683ea53f1c29b88d04533a52bc01040099c92a5d6f8b744224da27bc2369127c35269b58bec179de6bbc038f749344222f85a31933224f26b70243c4e4b2d242f0c4777eaef7b5502f9dad6d8bf3aaeb471210674b74de2d7078af497d55f5cdad97c7bedfbc1b41e8065a97c9c3d344b21fc81d27723af8e374bc595da26ea242dccb6ae497be26eea57e563ed517e90011010001889f0418010200090502533a52bc021b0c000a0910a42704b92866382afa1403ff70284c2de8a043ff51d8d29772602fa98009b7861c540535f874f2c230af8caf5638151a636b21f8255003997ccd29747fdd06777bb24f9593bd7d98a3e887689bf902f999915fcc94625ae487e5d13e6616f89090ebc4fdc7eb5cad8943e4056995bb61c6af37f8043016876a958ec7ebf39c43d20d53b7f546cfa83e8d2604b88d04533b8283010400c0b529316dbdf58b4c54461e7e669dc11c09eb7f73819f178ccd4177b9182b91d138605fcf1e463262fabefa73f94a52b5e15d1904635541c7ea540f07050ce0fb51b73e6f88644cec86e91107c957a114f69554548a85295d2b70bd0b203992f76eb5d493d86d9eabcaa7ef3fc7db7e458438db3fcdb0ca1cc97c638439a9170011010001889f0418010200090502533b8283021b0c000a0910a42704b92866382adc6d0400cfff6258485a21675adb7a811c3e19ebca18851533f75a7ba317950b9997fda8d1a4c8c76505c08c04b6c2cc31dc704d33da36a21273f2b388a1a706f7c3378b66d887197a525936ed9a69acb57fe7f718133da85ec742001c5d1864e9c6c8ea1b94f1c3759cebfd93b18606066c063a63be86085b7e37bdbc65f9a915bf084bb901a204533b85cd110400aed3d2c52af2b38b5b67904b0ef73d6dd7aef86adb770e2b153cd22489654dcc91730892087bb9856ae2d9f7ed1eb48f214243fe86bfe87b349ebd7c30e630e49c07b21fdabf78b7a95c8b7f969e97e3d33f2e074c63552ba64a2ded7badc05ce0ea2be6d53485f6900c7860c7aa76560376ce963d7271b9b54638a4028b573f00a0d8854bfcdb04986141568046202192263b9b67350400aaa1049dbc7943141ef590a70dcb028d730371d92ea4863de715f7f0f16d168bd3dc266c2450457d46dcbbf0b071547e5fbee7700a820c3750b236335d8d5848adb3c0da010e998908dfd93d961480084f3aea20b247034f8988eccb5546efaa35a92d0451df3aaf1aee5aa36a4c4d462c760ecd9cebcabfbe1412b1f21450f203fd126687cd486496e971a87fd9e1a8a765fe654baa219a6871ab97768596ab05c26c1aeea8f1a2c72395a58dbc12ef9640d2b95784e974a4d2d5a9b17c25fedacfe551bda52602de8f6d2e48443f5dd1a2a2a8e6a5e70ecdb88cd6e766ad9745c7ee91d78cc55c3d06536b49c3fee6c3d0b6ff0fb2bf13a314f57c953b8f4d93bf88e70418010200090502533b85cd021b0200520910a42704b92866382a47200419110200060502533b85cd000a091042ce2c64bc0ba99214b2009e26b26852c8b13b10c35768e40e78fbbb48bd084100a0c79d9ea0844fa5853dd3c85ff3ecae6f2c9dd6c557aa04008bbbc964cd65b9b8299d4ebf31f41cc7264b8cf33a00e82c5af022331fac79efc9563a822497ba012953cefe2629f1242fcdcb911dbb2315985bab060bfd58261ace3c654bdbbe2e8ed27a46e836490145c86dc7bae15c011f7e1ffc33730109b9338cd9f483e7cef3d2f396aab5bd80efb6646d7e778270ee99d934d187dd98" -const revokedKeyHex = "988d045331ce82010400c4fdf7b40a5477f206e6ee278eaef888ca73bf9128a9eef9f2f1ddb8b7b71a4c07cfa241f028a04edb405e4d916c61d6beabc333813dc7b484d2b3c52ee233c6a79b1eea4e9cc51596ba9cd5ac5aeb9df62d86ea051055b79d03f8a4fa9f38386f5bd17529138f3325d46801514ea9047977e0829ed728e68636802796801be10011010001889f04200102000905025331d0e3021d03000a0910a401d9f09a34f7c042aa040086631196405b7e6af71026b88e98012eab44aa9849f6ef3fa930c7c9f23deaedba9db1538830f8652fb7648ec3fcade8dbcbf9eaf428e83c6cbcc272201bfe2fbb90d41963397a7c0637a1a9d9448ce695d9790db2dc95433ad7be19eb3de72dacf1d6db82c3644c13eae2a3d072b99bb341debba012c5ce4006a7d34a1f4b94b444526567205265766f6b657220283c52656727732022424d204261726973746122204b657920262530305c303e5c29203c72656740626d626172697374612e636f2e61753e88b704130102002205025331ce82021b03060b090807030206150802090a0b0416020301021e01021780000a0910a401d9f09a34f7c0019c03f75edfbeb6a73e7225ad3cc52724e2872e04260d7daf0d693c170d8c4b243b8767bc7785763533febc62ec2600c30603c433c095453ede59ff2fcabeb84ce32e0ed9d5cf15ffcbc816202b64370d4d77c1e9077d74e94a16fb4fa2e5bec23a56d7a73cf275f91691ae1801a976fcde09e981a2f6327ac27ea1fecf3185df0d56889c04100102000605025331cfb5000a0910fe9645554e8266b64b4303fc084075396674fb6f778d302ac07cef6bc0b5d07b66b2004c44aef711cbac79617ef06d836b4957522d8772dd94bf41a2f4ac8b1ee6d70c57503f837445a74765a076d07b829b8111fc2a918423ddb817ead7ca2a613ef0bfb9c6b3562aec6c3cf3c75ef3031d81d95f6563e4cdcc9960bcb386c5d757b104fcca5fe11fc709df884604101102000605025331cfe7000a09107b15a67f0b3ddc0317f6009e360beea58f29c1d963a22b962b80788c3fa6c84e009d148cfde6b351469b8eae91187eff07ad9d08fcaab88d045331ce820104009f25e20a42b904f3fa555530fe5c46737cf7bd076c35a2a0d22b11f7e0b61a69320b768f4a80fe13980ce380d1cfc4a0cd8fbe2d2e2ef85416668b77208baa65bf973fe8e500e78cc310d7c8705cdb34328bf80e24f0385fce5845c33bc7943cf6b11b02348a23da0bf6428e57c05135f2dc6bd7c1ce325d666d5a5fd2fd5e410011010001889f04180102000905025331ce82021b0c000a0910a401d9f09a34f7c0418003fe34feafcbeaef348a800a0d908a7a6809cc7304017d820f70f0474d5e23cb17e38b67dc6dca282c6ca00961f4ec9edf2738d0f087b1d81e4871ef08e1798010863afb4eac4c44a376cb343be929c5be66a78cfd4456ae9ec6a99d97f4e1c3ff3583351db2147a65c0acef5c003fb544ab3a2e2dc4d43646f58b811a6c3a369d1f" -const revokedSubkeyHex = "988d04533121f6010400aefc803a3e4bb1a61c86e8a86d2726c6a43e0079e9f2713f1fa017e9854c83877f4aced8e331d675c67ea83ddab80aacbfa0b9040bb12d96f5a3d6be09455e2a76546cbd21677537db941cab710216b6d24ec277ee0bd65b910f416737ed120f6b93a9d3b306245c8cfd8394606fdb462e5cf43c551438d2864506c63367fc890011010001b41d416c696365203c616c69636540626d626172697374612e636f2e61753e88bb041301020025021b03060b090807030206150802090a0b0416020301021e01021780050253312798021901000a09104ef7e4beccde97f015a803ff5448437780f63263b0df8442a995e7f76c221351a51edd06f2063d8166cf3157aada4923dfc44aa0f2a6a4da5cf83b7fe722ba8ab416c976e77c6b5682e7f1069026673bd0de56ba06fd5d7a9f177607f277d9b55ff940a638c3e68525c67517e2b3d976899b93ca267f705b3e5efad7d61220e96b618a4497eab8d04403d23f8846041011020006050253312910000a09107b15a67f0b3ddc03d96e009f50b6365d86c4be5d5e9d0ea42d5e56f5794c617700a0ab274e19c2827780016d23417ce89e0a2c0d987d889c04100102000605025331cf7a000a0910a401d9f09a34f7c0ee970400aca292f213041c9f3b3fc49148cbda9d84afee6183c8dd6c5ff2600b29482db5fecd4303797be1ee6d544a20a858080fec43412061c9a71fae4039fd58013b4ae341273e6c66ad4c7cdd9e68245bedb260562e7b166f2461a1032f2b38c0e0e5715fb3d1656979e052b55ca827a76f872b78a9fdae64bc298170bfcebedc1271b41a416c696365203c616c696365407379646973702e6f722e61753e88b804130102002205025331278b021b03060b090807030206150802090a0b0416020301021e01021780000a09104ef7e4beccde97f06a7003fa03c3af68d272ebc1fa08aa72a03b02189c26496a2833d90450801c4e42c5b5f51ad96ce2d2c9cef4b7c02a6a2fcf1412d6a2d486098eb762f5010a201819c17fd2888aec8eda20c65a3b75744de7ee5cc8ac7bfc470cbe3cb982720405a27a3c6a8c229cfe36905f881b02ed5680f6a8f05866efb9d6c5844897e631deb949ca8846041011020006050253312910000a09107b15a67f0b3ddc0347bc009f7fa35db59147469eb6f2c5aaf6428accb138b22800a0caa2f5f0874bacc5909c652a57a31beda65eddd5889c04100102000605025331cf7a000a0910a401d9f09a34f7c0316403ff46f2a5c101256627f16384d34a38fb47a6c88ba60506843e532d91614339fccae5f884a5741e7582ffaf292ba38ee10a270a05f139bde3814b6a077e8cd2db0f105ebea2a83af70d385f13b507fac2ad93ff79d84950328bb86f3074745a8b7f9b64990fb142e2a12976e27e8d09a28dc5621f957ac49091116da410ac3cbde1b88d04533121f6010400cbd785b56905e4192e2fb62a720727d43c4fa487821203cf72138b884b78b701093243e1d8c92a0248a6c0203a5a88693da34af357499abacaf4b3309c640797d03093870a323b4b6f37865f6eaa2838148a67df4735d43a90ca87942554cdf1c4a751b1e75f9fd4ce4e97e278d6c1c7ed59d33441df7d084f3f02beb68896c70011010001889f0418010200090502533121f6021b0c000a09104ef7e4beccde97f0b98b03fc0a5ccf6a372995835a2f5da33b282a7d612c0ab2a97f59cf9fff73e9110981aac2858c41399afa29624a7fd8a0add11654e3d882c0fd199e161bdad65e5e2548f7b68a437ea64293db1246e3011cbb94dc1bcdeaf0f2539bd88ff16d95547144d97cead6a8c5927660a91e6db0d16eb36b7b49a3525b54d1644e65599b032b7eb901a204533127a0110400bd3edaa09eff9809c4edc2c2a0ebe52e53c50a19c1e49ab78e6167bf61473bb08f2050d78a5cbbc6ed66aff7b42cd503f16b4a0b99fa1609681fca9b7ce2bbb1a5b3864d6cdda4d7ef7849d156d534dea30fb0efb9e4cf8959a2b2ce623905882d5430b995a15c3b9fe92906086788b891002924f94abe139b42cbbfaaabe42f00a0b65dc1a1ad27d798adbcb5b5ad02d2688c89477b03ff4eebb6f7b15a73b96a96bed201c0e5e4ea27e4c6e2dd1005b94d4b90137a5b1cf5e01c6226c070c4cc999938101578877ee76d296b9aab8246d57049caacf489e80a3f40589cade790a020b1ac146d6f7a6241184b8c7fcde680eae3188f5dcbe846d7f7bdad34f6fcfca08413e19c1d5df83fc7c7c627d493492e009c2f52a80400a2fe82de87136fd2e8845888c4431b032ba29d9a29a804277e31002a8201fb8591a3e55c7a0d0881496caf8b9fb07544a5a4879291d0dc026a0ea9e5bd88eb4aa4947bbd694b25012e208a250d65ddc6f1eea59d3aed3b4ec15fcab85e2afaa23a40ab1ef9ce3e11e1bc1c34a0e758e7aa64deb8739276df0af7d4121f834a9b88e70418010200090502533127a0021b02005209104ef7e4beccde97f047200419110200060502533127a0000a0910dbce4ee19529437fe045009c0b32f5ead48ee8a7e98fac0dea3d3e6c0e2c552500a0ad71fadc5007cfaf842d9b7db3335a8cdad15d3d1a6404009b08e2c68fe8f3b45c1bb72a4b3278cdf3012aa0f229883ad74aa1f6000bb90b18301b2f85372ca5d6b9bf478d235b733b1b197d19ccca48e9daf8e890cb64546b4ce1b178faccfff07003c172a2d4f5ebaba9f57153955f3f61a9b80a4f5cb959908f8b211b03b7026a8a82fc612bfedd3794969bcf458c4ce92be215a1176ab88d045331d144010400a5063000c5aaf34953c1aa3bfc95045b3aab9882b9a8027fecfe2142dc6b47ba8aca667399990244d513dd0504716908c17d92c65e74219e004f7b83fc125e575dd58efec3ab6dd22e3580106998523dea42ec75bf9aa111734c82df54630bebdff20fe981cfc36c76f865eb1c2fb62c9e85bc3a6e5015a361a2eb1c8431578d0011010001889f04280102000905025331d433021d03000a09104ef7e4beccde97f02e5503ff5e0630d1b65291f4882b6d40a29da4616bb5088717d469fbcc3648b8276de04a04988b1f1b9f3e18f52265c1f8b6c85861691c1a6b8a3a25a1809a0b32ad330aec5667cb4262f4450649184e8113849b05e5ad06a316ea80c001e8e71838190339a6e48bbde30647bcf245134b9a97fa875c1d83a9862cae87ffd7e2c4ce3a1b89013d04180102000905025331d144021b0200a809104ef7e4beccde97f09d2004190102000605025331d144000a0910677815e371c2fd23522203fe22ab62b8e7a151383cea3edd3a12995693911426f8ccf125e1f6426388c0010f88d9ca7da2224aee8d1c12135998640c5e1813d55a93df472faae75bef858457248db41b4505827590aeccf6f9eb646da7f980655dd3050c6897feddddaca90676dee856d66db8923477d251712bb9b3186b4d0114daf7d6b59272b53218dd1da94a03ff64006fcbe71211e5daecd9961fba66cdb6de3f914882c58ba5beddeba7dcb950c1156d7fba18c19ea880dccc800eae335deec34e3b84ac75ffa24864f782f87815cda1c0f634b3dd2fa67cea30811d21723d21d9551fa12ccbcfa62b6d3a15d01307b99925707992556d50065505b090aadb8579083a20fe65bd2a270da9b011" - -const missingCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- -Charset: UTF-8 - -mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY -ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG -zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54 -QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ -QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo -9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu -Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/ -dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R -JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL -ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew -RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW -/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu -yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAJcXQeP+NmuciE99YcJoffxv -2gVLU4ZXBNHEaP0mgaJ1+tmMD089vUQAcyGRvw8jfsNsVZQIOAuRxY94aHQhIRHR -bUzBN28ofo/AJJtfx62C15xt6fDKRV6HXYqAiygrHIpEoRLyiN69iScUsjIJeyFL -C8wa72e8pSL6dkHoaV1N9ZH/xmrJ+k0vsgkQaAh9CzYufncDxcwkoP+aOlGtX1gP -WwWoIbz0JwLEMPHBWvDDXQcQPQTYQyj+LGC9U6f9VZHN25E94subM1MjuT9OhN9Y -MLfWaaIc5WyhLFyQKW2Upofn9wSFi8ubyBnv640Dfd0rVmaWv7LNTZpoZ/GbJAMA -EQEAAYkBHwQYAQIACQUCU5ygeQIbAgAKCRDt1A0FCB6SP0zCB/sEzaVR38vpx+OQ -MMynCBJrakiqDmUZv9xtplY7zsHSQjpd6xGflbU2n+iX99Q+nav0ETQZifNUEd4N -1ljDGQejcTyKD6Pkg6wBL3x9/RJye7Zszazm4+toJXZ8xJ3800+BtaPoI39akYJm -+ijzbskvN0v/j5GOFJwQO0pPRAFtdHqRs9Kf4YanxhedB4dIUblzlIJuKsxFit6N -lgGRblagG3Vv2eBszbxzPbJjHCgVLR3RmrVezKOsZjr/2i7X+xLWIR0uD3IN1qOW -CXQxLBizEEmSNVNxsp7KPGTLnqO3bPtqFirxS9PJLIMPTPLNBY7ZYuPNTMqVIUWF -4artDmrG -=7FfJ ------END PGP PUBLIC KEY BLOCK-----` - -const invalidCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY -ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG -zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54 -QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ -QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo -9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu -Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/ -dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R -JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL -ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew -RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW -/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu -yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAIINDqlj7X6jYKc6DjwrOkjQ -UIRWbQQar0LwmNilehmt70g5DCL1SYm9q4LcgJJ2Nhxj0/5qqsYib50OSWMcKeEe -iRXpXzv1ObpcQtI5ithp0gR53YPXBib80t3bUzomQ5UyZqAAHzMp3BKC54/vUrSK -FeRaxDzNLrCeyI00+LHNUtwghAqHvdNcsIf8VRumK8oTm3RmDh0TyjASWYbrt9c8 -R1Um3zuoACOVy+mEIgIzsfHq0u7dwYwJB5+KeM7ZLx+HGIYdUYzHuUE1sLwVoELh -+SHIGHI1HDicOjzqgajShuIjj5hZTyQySVprrsLKiXS6NEwHAP20+XjayJ/R3tEA -EQEAAYkCPgQYAQIBKAUCU5ygeQIbAsBdIAQZAQIABgUCU5ygeQAKCRCpVlnFZmhO -52RJB/9uD1MSa0wjY6tHOIgquZcP3bHBvHmrHNMw9HR2wRCMO91ZkhrpdS3ZHtgb -u3/55etj0FdvDo1tb8P8FGSVtO5Vcwf5APM8sbbqoi8L951Q3i7qt847lfhu6sMl -w0LWFvPTOLHrliZHItPRjOltS1WAWfr2jUYhsU9ytaDAJmvf9DujxEOsN5G1YJep -54JCKVCkM/y585Zcnn+yxk/XwqoNQ0/iJUT9qRrZWvoeasxhl1PQcwihCwss44A+ -YXaAt3hbk+6LEQuZoYS73yR3WHj+42tfm7YxRGeubXfgCEz/brETEWXMh4pe0vCL -bfWrmfSPq2rDegYcAybxRQz0lF8PAAoJEO3UDQUIHpI/exkH/0vQfdHA8g/N4T6E -i6b1CUVBAkvtdJpCATZjWPhXmShOw62gkDw306vHPilL4SCvEEi4KzG72zkp6VsB -DSRcpxCwT4mHue+duiy53/aRMtSJ+vDfiV1Vhq+3sWAck/yUtfDU9/u4eFaiNok1 -8/Gd7reyuZt5CiJnpdPpjCwelK21l2w7sHAnJF55ITXdOxI8oG3BRKufz0z5lyDY -s2tXYmhhQIggdgelN8LbcMhWs/PBbtUr6uZlNJG2lW1yscD4aI529VjwJlCeo745 -U7pO4eF05VViUJ2mmfoivL3tkhoTUWhx8xs8xCUcCg8DoEoSIhxtOmoTPR22Z9BL -6LCg2mg= -=Dhm4 ------END PGP PUBLIC KEY BLOCK-----` - -const goodCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mI0EVUqeVwEEAMufHRrMPWK3gyvi0O0tABCs/oON9zV9KDZlr1a1M91ShCSFwCPo -7r80PxdWVWcj0V5h50/CJYtpN3eE/mUIgW2z1uDYQF1OzrQ8ubrksfsJvpAhENom -lTQEppv9mV8qhcM278teb7TX0pgrUHLYF5CfPdp1L957JLLXoQR/lwLVABEBAAG0 -E2dvb2Qtc2lnbmluZy1zdWJrZXmIuAQTAQIAIgUCVUqeVwIbAwYLCQgHAwIGFQgC -CQoLBBYCAwECHgECF4AACgkQNRjL95IRWP69XQQAlH6+eyXJN4DZTLX78KGjHrsw -6FCvxxClEPtPUjcJy/1KCRQmtLAt9PbbA78dvgzjDeZMZqRAwdjyJhjyg/fkU2OH -7wq4ktjUu+dLcOBb+BFMEY+YjKZhf6EJuVfxoTVr5f82XNPbYHfTho9/OABKH6kv -X70PaKZhbwnwij8Nts65AaIEVUqftREEAJ3WxZfqAX0bTDbQPf2CMT2IVMGDfhK7 -GyubOZgDFFjwUJQvHNvsrbeGLZ0xOBumLINyPO1amIfTgJNm1iiWFWfmnHReGcDl -y5mpYG60Mb79Whdcer7CMm3AqYh/dW4g6IB02NwZMKoUHo3PXmFLxMKXnWyJ0clw -R0LI/Qn509yXAKDh1SO20rqrBM+EAP2c5bfI98kyNwQAi3buu94qo3RR1ZbvfxgW -CKXDVm6N99jdZGNK7FbRifXqzJJDLcXZKLnstnC4Sd3uyfyf1uFhmDLIQRryn5m+ -LBYHfDBPN3kdm7bsZDDq9GbTHiFZUfm/tChVKXWxkhpAmHhU/tH6GGzNSMXuIWSO -aOz3Rqq0ED4NXyNKjdF9MiwD/i83S0ZBc0LmJYt4Z10jtH2B6tYdqnAK29uQaadx -yZCX2scE09UIm32/w7pV77CKr1Cp/4OzAXS1tmFzQ+bX7DR+Gl8t4wxr57VeEMvl -BGw4Vjh3X8//m3xynxycQU18Q1zJ6PkiMyPw2owZ/nss3hpSRKFJsxMLhW3fKmKr -Ey2KiOcEGAECAAkFAlVKn7UCGwIAUgkQNRjL95IRWP5HIAQZEQIABgUCVUqftQAK -CRD98VjDN10SqkWrAKDTpEY8D8HC02E/KVC5YUI01B30wgCgurpILm20kXEDCeHp -C5pygfXw1DJrhAP+NyPJ4um/bU1I+rXaHHJYroYJs8YSweiNcwiHDQn0Engh/mVZ -SqLHvbKh2dL/RXymC3+rjPvQf5cup9bPxNMa6WagdYBNAfzWGtkVISeaQW+cTEp/ -MtgVijRGXR/lGLGETPg2X3Afwn9N9bLMBkBprKgbBqU7lpaoPupxT61bL70= -=vtbN ------END PGP PUBLIC KEY BLOCK-----` - -const revokedUserIDKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -mQENBFsgO5EBCADhREPmcjsPkXe1z7ctvyWL0S7oa9JaoGZ9oPDHFDlQxd0qlX2e -DZJZDg0qYvVixmaULIulApq1puEsaJCn3lHUbHlb4PYKwLEywYXM28JN91KtLsz/ -uaEX2KC5WqeP40utmzkNLq+oRX/xnRMgwbO7yUNVG2UlEa6eI+xOXO3YtLdmJMBW -ClQ066ZnOIzEo1JxnIwha1CDBMWLLfOLrg6l8InUqaXbtEBbnaIYO6fXVXELUjkx -nmk7t/QOk0tXCy8muH9UDqJkwDUESY2l79XwBAcx9riX8vY7vwC34pm22fAUVLCJ -x1SJx0J8bkeNp38jKM2Zd9SUQqSbfBopQ4pPABEBAAG0I0dvbGFuZyBHb3BoZXIg -PG5vLXJlcGx5QGdvbGFuZy5jb20+iQFUBBMBCgA+FiEE5Ik5JLcNx6l6rZfw1oFy -9I6cUoMFAlsgO5ECGwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ -1oFy9I6cUoMIkwf8DNPeD23i4jRwd/pylbvxwZintZl1fSwTJW1xcOa1emXaEtX2 -depuqhP04fjlRQGfsYAQh7X9jOJxAHjTmhqFBi5sD7QvKU00cPFYbJ/JTx0B41bl -aXnSbGhRPh63QtEZL7ACAs+shwvvojJqysx7kyVRu0EW2wqjXdHwR/SJO6nhNBa2 -DXzSiOU/SUA42mmG+5kjF8Aabq9wPwT9wjraHShEweNerNMmOqJExBOy3yFeyDpa -XwEZFzBfOKoxFNkIaVf5GSdIUGhFECkGvBMB935khftmgR8APxdU4BE7XrXexFJU -8RCuPXonm4WQOwTWR0vQg64pb2WKAzZ8HhwTGbQiR29sYW5nIEdvcGhlciA8cmV2 -b2tlZEBnb2xhbmcuY29tPokBNgQwAQoAIBYhBOSJOSS3Dcepeq2X8NaBcvSOnFKD -BQJbIDv3Ah0AAAoJENaBcvSOnFKDfWMIAKhI/Tvu3h8fSUxp/gSAcduT6bC1JttG -0lYQ5ilKB/58lBUA5CO3ZrKDKlzW3M8VEcvohVaqeTMKeoQd5rCZq8KxHn/KvN6N -s85REfXfniCKfAbnGgVXX3kDmZ1g63pkxrFu0fDZjVDXC6vy+I0sGyI/Inro0Pzb -tvn0QCsxjapKK15BtmSrpgHgzVqVg0cUp8vqZeKFxarYbYB2idtGRci4b9tObOK0 -BSTVFy26+I/mrFGaPrySYiy2Kz5NMEcRhjmTxJ8jSwEr2O2sUR0yjbgUAXbTxDVE -/jg5fQZ1ACvBRQnB7LvMHcInbzjyeTM3FazkkSYQD6b97+dkWwb1iWG5AQ0EWyA7 -kQEIALkg04REDZo1JgdYV4x8HJKFS4xAYWbIva1ZPqvDNmZRUbQZR2+gpJGEwn7z -VofGvnOYiGW56AS5j31SFf5kro1+1bZQ5iOONBng08OOo58/l1hRseIIVGB5TGSa -PCdChKKHreJI6hS3mShxH6hdfFtiZuB45rwoaArMMsYcjaezLwKeLc396cpUwwcZ -snLUNd1Xu5EWEF2OdFkZ2a1qYdxBvAYdQf4+1Nr+NRIx1u1NS9c8jp3PuMOkrQEi -bNtc1v6v0Jy52mKLG4y7mC/erIkvkQBYJdxPaP7LZVaPYc3/xskcyijrJ/5ufoD8 -K71/ShtsZUXSQn9jlRaYR0EbojMAEQEAAYkBPAQYAQoAJhYhBOSJOSS3Dcepeq2X -8NaBcvSOnFKDBQJbIDuRAhsMBQkDwmcAAAoJENaBcvSOnFKDkFMIAIt64bVZ8x7+ -TitH1bR4pgcNkaKmgKoZz6FXu80+SnbuEt2NnDyf1cLOSimSTILpwLIuv9Uft5Pb -OraQbYt3xi9yrqdKqGLv80bxqK0NuryNkvh9yyx5WoG1iKqMj9/FjGghuPrRaT4l -QinNAghGVkEy1+aXGFrG2DsOC1FFI51CC2WVTzZ5RwR2GpiNRfESsU1rZAUqf/2V -yJl9bD5R4SUNy8oQmhOxi+gbhD4Ao34e4W0ilibslI/uawvCiOwlu5NGd8zv5n+U -heiQvzkApQup5c+BhH5zFDFdKJ2CBByxw9+7QjMFI/wgLixKuE0Ob2kAokXf7RlB -7qTZOahrETw= -=IKnw ------END PGP PUBLIC KEY BLOCK-----` - -const keyWithFirstUserIDRevoked = `-----BEGIN PGP PUBLIC KEY BLOCK----- -Version: OpenPGP.js v4.10.10 -Comment: https://openpgpjs.org - -xsBNBFsgO5EBCADhREPmcjsPkXe1z7ctvyWL0S7oa9JaoGZ9oPDHFDlQxd0q -lX2eDZJZDg0qYvVixmaULIulApq1puEsaJCn3lHUbHlb4PYKwLEywYXM28JN -91KtLsz/uaEX2KC5WqeP40utmzkNLq+oRX/xnRMgwbO7yUNVG2UlEa6eI+xO -XO3YtLdmJMBWClQ066ZnOIzEo1JxnIwha1CDBMWLLfOLrg6l8InUqaXbtEBb -naIYO6fXVXELUjkxnmk7t/QOk0tXCy8muH9UDqJkwDUESY2l79XwBAcx9riX -8vY7vwC34pm22fAUVLCJx1SJx0J8bkeNp38jKM2Zd9SUQqSbfBopQ4pPABEB -AAHNIkdvbGFuZyBHb3BoZXIgPHJldm9rZWRAZ29sYW5nLmNvbT7CwI0EMAEK -ACAWIQTkiTkktw3HqXqtl/DWgXL0jpxSgwUCWyA79wIdAAAhCRDWgXL0jpxS -gxYhBOSJOSS3Dcepeq2X8NaBcvSOnFKDfWMIAKhI/Tvu3h8fSUxp/gSAcduT -6bC1JttG0lYQ5ilKB/58lBUA5CO3ZrKDKlzW3M8VEcvohVaqeTMKeoQd5rCZ -q8KxHn/KvN6Ns85REfXfniCKfAbnGgVXX3kDmZ1g63pkxrFu0fDZjVDXC6vy -+I0sGyI/Inro0Pzbtvn0QCsxjapKK15BtmSrpgHgzVqVg0cUp8vqZeKFxarY -bYB2idtGRci4b9tObOK0BSTVFy26+I/mrFGaPrySYiy2Kz5NMEcRhjmTxJ8j -SwEr2O2sUR0yjbgUAXbTxDVE/jg5fQZ1ACvBRQnB7LvMHcInbzjyeTM3Fazk -kSYQD6b97+dkWwb1iWHNI0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFu -Zy5jb20+wsCrBBMBCgA+FiEE5Ik5JLcNx6l6rZfw1oFy9I6cUoMFAlsgO5EC -GwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AAIQkQ1oFy9I6cUoMW -IQTkiTkktw3HqXqtl/DWgXL0jpxSgwiTB/wM094PbeLiNHB3+nKVu/HBmKe1 -mXV9LBMlbXFw5rV6ZdoS1fZ16m6qE/Th+OVFAZ+xgBCHtf2M4nEAeNOaGoUG -LmwPtC8pTTRw8Vhsn8lPHQHjVuVpedJsaFE+HrdC0RkvsAICz6yHC++iMmrK -zHuTJVG7QRbbCqNd0fBH9Ik7qeE0FrYNfNKI5T9JQDjaaYb7mSMXwBpur3A/ -BP3COtodKETB416s0yY6okTEE7LfIV7IOlpfARkXMF84qjEU2QhpV/kZJ0hQ -aEUQKQa8EwH3fmSF+2aBHwA/F1TgETtetd7EUlTxEK49eiebhZA7BNZHS9CD -rilvZYoDNnweHBMZzsBNBFsgO5EBCAC5INOERA2aNSYHWFeMfByShUuMQGFm -yL2tWT6rwzZmUVG0GUdvoKSRhMJ+81aHxr5zmIhluegEuY99UhX+ZK6NftW2 -UOYjjjQZ4NPDjqOfP5dYUbHiCFRgeUxkmjwnQoSih63iSOoUt5kocR+oXXxb -YmbgeOa8KGgKzDLGHI2nsy8Cni3N/enKVMMHGbJy1DXdV7uRFhBdjnRZGdmt -amHcQbwGHUH+PtTa/jUSMdbtTUvXPI6dz7jDpK0BImzbXNb+r9CcudpiixuM -u5gv3qyJL5EAWCXcT2j+y2VWj2HN/8bJHMoo6yf+bn6A/Cu9f0obbGVF0kJ/ -Y5UWmEdBG6IzABEBAAHCwJMEGAEKACYWIQTkiTkktw3HqXqtl/DWgXL0jpxS -gwUCWyA7kQIbDAUJA8JnAAAhCRDWgXL0jpxSgxYhBOSJOSS3Dcepeq2X8NaB -cvSOnFKDkFMIAIt64bVZ8x7+TitH1bR4pgcNkaKmgKoZz6FXu80+SnbuEt2N -nDyf1cLOSimSTILpwLIuv9Uft5PbOraQbYt3xi9yrqdKqGLv80bxqK0NuryN -kvh9yyx5WoG1iKqMj9/FjGghuPrRaT4lQinNAghGVkEy1+aXGFrG2DsOC1FF -I51CC2WVTzZ5RwR2GpiNRfESsU1rZAUqf/2VyJl9bD5R4SUNy8oQmhOxi+gb -hD4Ao34e4W0ilibslI/uawvCiOwlu5NGd8zv5n+UheiQvzkApQup5c+BhH5z -FDFdKJ2CBByxw9+7QjMFI/wgLixKuE0Ob2kAokXf7RlB7qTZOahrETw= -=+2T8 ------END PGP PUBLIC KEY BLOCK----- -` - -const keyWithOnlyUserIDRevoked = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -mDMEYYwB7RYJKwYBBAHaRw8BAQdARimqhPPzyGAXmfQJjcqM1QVPzLtURJSzNVll -JV4tEaW0KVJldm9rZWQgUHJpbWFyeSBVc2VyIElEIDxyZXZva2VkQGtleS5jb20+ -iHgEMBYIACAWIQSpyJZAXYqVEFkjyKutFcS0yeB0LQUCYYwCtgIdAAAKCRCtFcS0 -yeB0LbSsAQD8OYMaaBjrdzzpwIkP1stgmPd4/kzN/ZG28Ywl6a5F5QEA5Xg7aq4e -/t6Fsb4F5iqB956kSPe6YJrikobD/tBbMwSIkAQTFggAOBYhBKnIlkBdipUQWSPI -q60VxLTJ4HQtBQJhjAHtAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK0V -xLTJ4HQtBaoBAPZL7luTCji+Tqhn7XNfFE/0QIahCt8k9wfO1cGlB3inAQDf8Tzw -ZGR5fNluUcNoVxQT7bUSFStbaGo3k0BaOYPbCLg4BGGMAe0SCisGAQQBl1UBBQEB -B0DLwSpveSrbIO/IVZD13yrs1XuB3FURZUnafGrRq7+jUAMBCAeIeAQYFggAIBYh -BKnIlkBdipUQWSPIq60VxLTJ4HQtBQJhjAHtAhsMAAoJEK0VxLTJ4HQtZ1oA/j9u -8+p3xTNzsmabTL6BkNbMeB/RUKCrlm6woM6AV+vxAQCcXTn3JC2sNoNrLoXuVzaA -mcG3/TwG5GSQUUPkrDsGDA== -=mFWy ------END PGP PUBLIC KEY BLOCK----- -` - -const keyWithSubKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -mI0EWyKwKQEEALwXhKBnyaaNFeK3ljfc/qn9X/QFw+28EUfgZPHjRmHubuXLE2uR -s3ZoSXY2z7Dkv+NyHYMt8p+X8q5fR7JvUjK2XbPyKoiJVnHINll83yl67DaWfKNL -EjNoO0kIfbXfCkZ7EG6DL+iKtuxniGTcnGT47e+HJSqb/STpLMnWwXjBABEBAAG0 -I0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFuZy5jb20+iM4EEwEKADgWIQQ/ -lRafP/p9PytHbwxMvYJsOQdOOAUCWyKwKQIbAwULCQgHAwUVCgkICwUWAgMBAAIe -AQIXgAAKCRBMvYJsOQdOOOsFBAC62mXww8XuqvYLcVOvHkWLT6mhxrQOJXnlfpn7 -2uBV9CMhoG/Ycd43NONsJrB95Apr9TDIqWnVszNbqPCuBhZQSGLdbiDKjxnCWBk0 -69qv4RNtkpOhYB7jK4s8F5oQZqId6JasT/PmJTH92mhBYhhTQr0GYFuPX2UJdkw9 -Sn9C67iNBFsisDUBBAC3A+Yo9lgCnxi/pfskyLrweYif6kIXWLAtLTsM6g/6jt7b -wTrknuCPyTv0QKGXsAEe/cK/Xq3HvX9WfXPGIHc/X56ZIsHQ+RLowbZV/Lhok1IW -FAuQm8axr/by80cRwFnzhfPc/ukkAq2Qyj4hLsGblu6mxeAhzcp8aqmWOO2H9QAR -AQABiLYEKAEKACAWIQQ/lRafP/p9PytHbwxMvYJsOQdOOAUCWyK16gIdAAAKCRBM -vYJsOQdOOB1vA/4u4uLONsE+2GVOyBsHyy7uTdkuxaR9b54A/cz6jT/tzUbeIzgx -22neWhgvIEghnUZd0vEyK9k1wy5vbDlEo6nKzHso32N1QExGr5upRERAxweDxGOj -7luDwNypI7QcifE64lS/JmlnunwRCdRWMKc0Fp+7jtRc5mpwyHN/Suf5RokBagQY -AQoAIBYhBD+VFp8/+n0/K0dvDEy9gmw5B044BQJbIrA1AhsCAL8JEEy9gmw5B044 -tCAEGQEKAB0WIQSNdnkaWY6t62iX336UXbGvYdhXJwUCWyKwNQAKCRCUXbGvYdhX -JxJSA/9fCPHP6sUtGF1o3G1a3yvOUDGr1JWcct9U+QpbCt1mZoNopCNDDQAJvDWl -mvDgHfuogmgNJRjOMznvahbF+wpTXmB7LS0SK412gJzl1fFIpK4bgnhu0TwxNsO1 -8UkCZWqxRMgcNUn9z6XWONK8dgt5JNvHSHrwF4CxxwjL23AAtK+FA/UUoi3U4kbC -0XnSr1Sl+mrzQi1+H7xyMe7zjqe+gGANtskqexHzwWPUJCPZ5qpIa2l8ghiUim6b -4ymJ+N8/T8Yva1FaPEqfMzzqJr8McYFm0URioXJPvOAlRxdHPteZ0qUopt/Jawxl -Xt6B9h1YpeLoJwjwsvbi98UTRs0jXwoY -=3fWu ------END PGP PUBLIC KEY BLOCK-----` - -const keyWithSubKeyAndBadSelfSigOrder = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -mI0EWyLLDQEEAOqIOpJ/ha1OYAGduu9tS3rBz5vyjbNgJO4sFveEM0mgsHQ0X9/L -plonW+d0gRoO1dhJ8QICjDAc6+cna1DE3tEb5m6JtQ30teLZuqrR398Cf6w7NNVz -r3lrlmnH9JaKRuXl7tZciwyovneBfZVCdtsRZjaLI1uMQCz/BToiYe3DABEBAAG0 -I0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFuZy5jb20+iM4EEwEKADgWIQRZ -sixZOfQcZdW0wUqmgmdsv1O9xgUCWyLLDQIbAwULCQgHAwUVCgkICwUWAgMBAAIe -AQIXgAAKCRCmgmdsv1O9xql2A/4pix98NxjhdsXtazA9agpAKeADf9tG4Za27Gj+ -3DCww/E4iP2X35jZimSm/30QRB6j08uGCqd9vXkkJxtOt63y/IpVOtWX6vMWSTUm -k8xKkaYMP0/IzKNJ1qC/qYEUYpwERBKg9Z+k99E2Ql4kRHdxXUHq6OzY79H18Y+s -GdeM/riNBFsiyxsBBAC54Pxg/8ZWaZX1phGdwfe5mek27SOYpC0AxIDCSOdMeQ6G -HPk38pywl1d+S+KmF/F4Tdi+kWro62O4eG2uc/T8JQuRDUhSjX0Qa51gPzJrUOVT -CFyUkiZ/3ZDhtXkgfuso8ua2ChBgR9Ngr4v43tSqa9y6AK7v0qjxD1x+xMrjXQAR -AQABiQFxBBgBCgAmAhsCFiEEWbIsWTn0HGXVtMFKpoJnbL9TvcYFAlsizTIFCQAN -MRcAv7QgBBkBCgAdFiEEJcoVUVJIk5RWj1c/o62jUpRPICQFAlsiyxsACgkQo62j -UpRPICQq5gQApoWIigZxXFoM0uw4uJBS5JFZtirTANvirZV5RhndwHeMN6JttaBS -YnjyA4+n1D+zB2VqliD2QrsX12KJN6rGOehCtEIClQ1Hodo9nC6kMzzAwW1O8bZs -nRJmXV+bsvD4sidLZLjdwOVa3Cxh6pvq4Uur6a7/UYx121hEY0Qx0s8JEKaCZ2y/ -U73GGi0D/i20VW8AWYAPACm2zMlzExKTOAV01YTQH/3vW0WLrOse53WcIVZga6es -HuO4So0SOEAvxKMe5HpRIu2dJxTvd99Bo9xk9xJU0AoFrO0vNCRnL+5y68xMlODK -lEw5/kl0jeaTBp6xX0HDQOEVOpPGUwWV4Ij2EnvfNDXaE1vK1kffiQFrBBgBCgAg -AhsCFiEEWbIsWTn0HGXVtMFKpoJnbL9TvcYFAlsi0AYAv7QgBBkBCgAdFiEEJcoV -UVJIk5RWj1c/o62jUpRPICQFAlsiyxsACgkQo62jUpRPICQq5gQApoWIigZxXFoM -0uw4uJBS5JFZtirTANvirZV5RhndwHeMN6JttaBSYnjyA4+n1D+zB2VqliD2QrsX -12KJN6rGOehCtEIClQ1Hodo9nC6kMzzAwW1O8bZsnRJmXV+bsvD4sidLZLjdwOVa -3Cxh6pvq4Uur6a7/UYx121hEY0Qx0s8JEKaCZ2y/U73GRl0EAJokkXmy4zKDHWWi -wvK9gi2gQgRkVnu2AiONxJb5vjeLhM/07BRmH6K1o+w3fOeEQp4FjXj1eQ5fPSM6 -Hhwx2CTl9SDnPSBMiKXsEFRkmwQ2AAsQZLmQZvKBkLZYeBiwf+IY621eYDhZfo+G -1dh1WoUCyREZsJQg2YoIpWIcvw+a -=bNRo ------END PGP PUBLIC KEY BLOCK----- -` - -const onlySubkeyNoPrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- -Version: GnuPG v1 - -lQCVBFggvocBBAC7vBsHn7MKmS6IiiZNTXdciplVgS9cqVd+RTdIAoyNTcsiV1H0 -GQ3QtodOPeDlQDNoqinqaobd7R9g3m3hS53Nor7yBZkCWQ5x9v9JxRtoAq0sklh1 -I1X2zEqZk2l6YrfBF/64zWrhjnW3j23szkrAIVu0faQXbQ4z56tmZrw11wARAQAB -/gdlAkdOVQG0CUdOVSBEdW1teYi4BBMBAgAiBQJYIL6HAhsDBgsJCAcDAgYVCAIJ -CgsEFgIDAQIeAQIXgAAKCRCd1xxWp1CYAnjGA/9synn6ZXJUKAXQzySgmCZvCIbl -rqBfEpxwLG4Q/lONhm5vthAE0z49I8hj5Gc5e2tLYUtq0o0OCRdCrYHa/efOYWpJ -6RsK99bePOisVzmOABLIgZkcr022kHoMCmkPgv9CUGKP1yqbGl+zzAwQfUjRUmvD -ZIcWLHi2ge4GzPMPi50B2ARYIL6cAQQAxWHnicKejAFcFcF1/3gUSgSH7eiwuBPX -M7vDdgGzlve1o1jbV4tzrjN9jsCl6r0nJPDMfBSzgLr1auNTRG6HpJ4abcOx86ED -Ad+avDcQPZb7z3dPhH/gb2lQejZsHh7bbeOS8WMSzHV3RqCLd8J/xwWPNR5zKn1f -yp4IGfopidMAEQEAAQAD+wQOelnR82+dxyM2IFmZdOB9wSXQeCVOvxSaNMh6Y3lk -UOOkO8Nlic4x0ungQRvjoRs4wBmCuwFK/MII6jKui0B7dn/NDf51i7rGdNGuJXDH -e676By1sEY/NGkc74jr74T+5GWNU64W0vkpfgVmjSAzsUtpmhJMXsc7beBhJdnVl -AgDKCb8hZqj1alcdmLoNvb7ibA3K/V8J462CPD7bMySPBa/uayoFhNxibpoXml2r -oOtHa5izF3b0/9JY97F6rqkdAgD6GdTJ+xmlCoz1Sewoif1I6krq6xoa7gOYpIXo -UL1Afr+LiJeyAnF/M34j/kjIVmPanZJjry0kkjHE5ILjH3uvAf4/6n9np+Th8ujS -YDCIzKwR7639+H+qccOaddCep8Y6KGUMVdD/vTKEx1rMtK+hK/CDkkkxnFslifMJ -kqoqv3WUqCWJAT0EGAECAAkFAlggvpwCGwIAqAkQndccVqdQmAKdIAQZAQIABgUC -WCC+nAAKCRDmGUholQPwvQk+A/9latnSsR5s5/1A9TFki11GzSEnfLbx46FYOdkW -n3YBxZoPQGxNA1vIn8GmouxZInw9CF4jdOJxEdzLlYQJ9YLTLtN5tQEMl/19/bR8 -/qLacAZ9IOezYRWxxZsyn6//jfl7A0Y+FV59d4YajKkEfItcIIlgVBSW6T+TNQT3 -R+EH5HJ/A/4/AN0CmBhhE2vGzTnVU0VPrE4V64pjn1rufFdclgpixNZCuuqpKpoE -VVHn6mnBf4njKjZrAGPs5kfQ+H4NsM7v3Zz4yV6deu9FZc4O6E+V1WJ38rO8eBix -7G2jko106CC6vtxsCPVIzY7aaG3H5pjRtomw+pX7SzrQ7FUg2PGumg== -=F/T0 ------END PGP PRIVATE KEY BLOCK-----` - -const ecdsaPrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -xaUEX1KsSRMIKoZIzj0DAQcCAwTpYqJsnJiFhKKh+8TulWD+lVmerBFNS+Ii -B+nlG3T0xQQ4Sy5eIjJ0CExIQQzi3EElF/Z2l4F3WC5taFA11NgA/gkDCHSS -PThf1M2K4LN8F1MRcvR+sb7i0nH55ojkwuVB1DE6jqIT9m9i+mX1tzjSAS+6 -lPQiweCJvG7xTC7Hs3AzRapf/r1At4TB+v+5G2/CKynNFEJpbGwgPGJpbGxA -aG9tZS5jb20+wncEEBMIAB8FAl9SrEkGCwkHCAMCBBUICgIDFgIBAhkBAhsD -Ah4BAAoJEMpwT3+q3+xqw5UBAMebZN9isEZ1ML+R/jWAAWMwa/knMugrEZ1v -Bl9+ZwM0AQCZdf80/wYY4Nve01qSRFv8OmKswLli3TvDv6FKc4cLz8epBF9S -rEkSCCqGSM49AwEHAgMEAjKnT9b5wY2bf9TpAV3d7OUfPOxKj9c4VzeVzSrH -AtQgo/MuI1cdYVURicV4i76DNjFhQHQFTk7BrC+C2u1yqQMBCAf+CQMIHImA -iYfzQtjgQWSFZYUkCFpbbwhNF0ch+3HNaZkaHCnZRIsWsRnc6FCb6lRQyK9+ -Dq59kHlduE5QgY40894jfmP2JdJHU6nBdYrivbEdbMJhBBgTCAAJBQJfUqxJ -AhsMAAoJEMpwT3+q3+xqUI0BAMykhV08kQ4Ip9Qlbss6Jdufv7YrU0Vd5hou -b5TmiPd0APoDBh3qIic+aLLUcAuG3+Gt1P1AbUlmqV61ozn1WfHxfw== -=KLN8 ------END PGP PRIVATE KEY BLOCK-----` - -const dsaPrivateKeyWithElGamalSubkey = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -lQOBBF9/MLsRCACeaF6BI0jTgDAs86t8/kXPfwlPvR2MCYzB0BCqAdcq1hV/GTYd -oNmJRna/ZJfsI/vf+d8Nv+EYOQkPheFS1MJVBitkAXjQPgm8i1tQWen1FCWZxqGk -/vwZYF4yo8GhZ+Wxi3w09W9Cp9QM/CTmyE1Xe7wpPBGe+oD+me8Zxjyt8JBS4Qx+ -gvWbfHxfHnggh4pz7U8QkItlLsBNQEdX4R5+zwRN66g2ZSX/shaa/EkVnihUhD7r -njP9I51ORWucTQD6OvgooaNQZCkQ/Se9TzdakwWKS2XSIFXiY/e2E5ZgKI/pfKDU -iA/KessxddPb7nP/05OIJqg9AoDrD4vmehLzAQD+zsUS3LDU1m9/cG4LMsQbT2VK -Te4HqbGIAle+eu/asQf8DDJMrbZpiJZvADum9j0TJ0oep6VdMbzo9RSDKvlLKT9m -kG63H8oDWnCZm1a+HmGq9YIX+JHWmsLXXsFLeEouLzHO+mZo0X28eji3V2T87hyR -MmUM0wFo4k7jK8uVmkDXv3XwNp2uByWxUKZd7EnWmcEZWqIiexJ7XpCS0Pg3tRaI -zxve0SRe/dxfUPnTk/9KQ9hS6DWroBKquL182zx1Fggh4LIWWE2zq+UYn8BI0E8A -rmIDFJdF8ymFQGRrEy6g79NnkPmkrZWsgMRYY65P6v4zLVmqohJKkpm3/Uxa6QAP -CCoPh/JTOvPeCP2bOJH8z4Z9Py3ouMIjofQW8sXqRgf/RIHbh0KsINHrwwZ4gVIr -MK3RofpaYxw1ztPIWb4cMWoWZHH1Pxh7ggTGSBpAhKXkiWw2Rxat8QF5aA7e962c -bLvVv8dqsPrD/RnVJHag89cbPTzjn7gY9elE8EM8ithV3oQkwHTr4avYlpDZsgNd -hUW3YgRwGo31tdzxoG04AcpV2t+07P8XMPr9hsfWs4rHohXPi38Hseu1Ji+dBoWQ -3+1w/HH3o55s+jy4Ruaz78AIrjbmAJq+6rA2mIcCgrhw3DnzuwQAKeBvSeqn9zfS -ZC812osMBVmkycwelpaIh64WZ0vWL3GvdXDctV2kXM+qVpDTLEny0LuiXxrwCKQL -Ev4HAwK9uQBcreDEEud7pfRb8EYP5lzO2ZA7RaIvje6EWAGBvJGMRT0QQE5SGqc7 -Fw5geigBdt+vVyRuNNhg3c2fdn/OBQaYu0J/8AiOogG8EaM8tCFlbGdhbWFsQGRz -YS5jb20gPGVsZ2FtYWxAZHNhLmNvbT6IkAQTEQgAOBYhBI+gnfiHQxB35/Dp0XAQ -aE/rsWC5BQJffzC7AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHAQaE/r -sWC5A4EA/0GcJmyPtN+Klc7b9sVT3JgKTRnB/URxOJfYJofP0hZLAQCkqyMO+adV -JvbgDH0zaITQWZSSXPqpgMpCA6juTrDsd50CawRffzC7EAgAxFFFSAAEQzWTgKU5 -EBtpxxoPzHqcChawTHRxHxjcELXzmUBS5PzfA1HXSPnNqK/x3Ut5ycC3CsW41Fnt -Gm3706Wu9VFbFZVn55F9lPiplUo61n5pqMvOr1gmuQsdXiTa0t5FRa4TZ2VSiHFw -vdAVSPTUsT4ZxJ1rPyFYRtq1n3pQcvdZowd07r0JnzTMjLLMFYCKhwIowoOC4zqJ -iB8enjwOlpaqBATRm9xpVF7SJkroPF6/B1vdhj7E3c1aJyHlo0PYBAg756sSHWHg -UuLyUQ4TA0hcCVenn/L/aSY2LnbdZB1EBhlYjA7dTCgwIqsQhfQmPkjz6g64A7+Y -HbbrLwADBQgAk14QIEQ+J/VHetpQV/jt2pNsFK1kVK7mXK0spTExaC2yj2sXlHjL -Ie3bO5T/KqmIaBEB5db5fA5xK9cZt79qrQHDKsEqUetUeMUWLBx77zBsus3grIgy -bwDZKseRzQ715pwxquxQlScGoDIBKEh08HpwHkq140eIj3w+MAIfndaZaSCNaxaP -Snky7BQmJ7Wc7qrIwoQP6yrnUqyW2yNi81nJYUhxjChqaFSlwzLs/iNGryBKo0ic -BqVIRjikKHBlwBng6WyrltQo/Vt9GG8w+lqaAVXbJRlaBZJUR+2NKi/YhP3qQse3 -v8fi4kns0gh5LK+2C01RvdX4T49QSExuIf4HAwLJqYIGwadA2uem5v7/765ZtFWV -oL0iZ0ueTJDby4wTFDpLVzzDi/uVcB0ZRFrGOp7w6OYcNYTtV8n3xmli2Q5Trw0c -wZVzvg+ABKWiv7faBjMczIFF8y6WZKOIeAQYEQgAIBYhBI+gnfiHQxB35/Dp0XAQ -aE/rsWC5BQJffzC7AhsMAAoJEHAQaE/rsWC5ZmIA/jhS4r4lClbvjuPWt0Yqdn7R -fss2SPMYvMrrDh42aE0OAQD8xn4G6CN8UtW9xihXOY6FpxiJ/sMc2VaneeUd34oa -4g== -=XZm8 ------END PGP PRIVATE KEY BLOCK-----` - -// https://tests.sequoia-pgp.org/#Certificate_expiration -// P _ U p -const expiringPrimaryUIDKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv -/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz -/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/ -5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3 -X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv -9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0 -qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb -SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb -vLIwa3T4CyshfT0AEQEAAc0hQm9iIEJhYmJhZ2UgPGJvYkBvcGVucGdwLmV4YW1w -bGU+wsFcBBMBCgCQBYJhesp/BYkEWQPJBQsJCAcCCRD7/MgqAV5zMEcUAAAAAAAe -ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeEOQlNyTLFkc9I/elp+BpY -495V7KatqtDmsyDr+zDAdwYVCgkICwIEFgIDAQIXgAIbAwIeARYhBNGmbhojsYLJ -mA94jPv8yCoBXnMwAABSCQv/av8hKyynMtXVKFuWOGJw0mR8auDm84WdhMFRZg8t -yTJ1L88+Ny4WUAFeqo2j7DU2yPGrm5rmuvzlEedFYFeOWt+A4adz+oumgRd0nsgG -Lf3QYUWQhLWVlz+H7zubgKqSB2A2RqV65S7mTTVro42nb2Mng6rvGWiqeKG5nrXN -/01p1mIBQGR/KnZSqYLzA2Pw2PiJoSkXT26PDz/kiEMXpjKMR6sicV4bKVlEdUvm -pIImIPBHZq1EsKXEyWtWC41w/pc+FofGE+uSFs2aef1vvEHFkj3BHSK8gRcH3kfR -eFroTET8C2q9V1AOELWm+Ys6PzGzF72URK1MKXlThuL4t4LjvXWGNA78IKW+/RQH -DzK4U0jqSO0mL6qxqVS5Ij6jjL6OTrVEGdtDf5n0vI8tcUTBKtVqYAYk+t2YGT05 -ayxALtb7viVKo8f10WEcCuKshn0gdsEFMRZQzJ89uQIY3R3FbsdRCaE6OEaDgKMQ -UTFROyfhthgzRKbRxfcplMUCzsDNBF2lnPIBDADWML9cbGMrp12CtF9b2P6z9TTT -74S8iyBOzaSvdGDQY/sUtZXRg21HWamXnn9sSXvIDEINOQ6A9QxdxoqWdCHrOuW3 -ofneYXoG+zeKc4dC86wa1TR2q9vW+RMXSO4uImA+Uzula/6k1DogDf28qhCxMwG/ -i/m9g1c/0aApuDyKdQ1PXsHHNlgd/Dn6rrd5y2AObaifV7wIhEJnvqgFXDN2RXGj -LeCOHV4Q2WTYPg/S4k1nMXVDwZXrvIsA0YwIMgIT86Rafp1qKlgPNbiIlC1g9RY/ -iFaGN2b4Ir6GDohBQSfZW2+LXoPZuVE/wGlQ01rh827KVZW4lXvqsge+wtnWlszc -selGATyzqOK9LdHPdZGzROZYI2e8c+paLNDdVPL6vdRBUnkCaEkOtl1mr2JpQi5n -TU+gTX4IeInC7E+1a9UDF/Y85ybUz8XV8rUnR76UqVC7KidNepdHbZjjXCt8/Zo+ -Tec9JNbYNQB/e9ExmDntmlHEsSEQzFwzj8sxH48AEQEAAcLA9gQYAQoAIBYhBNGm -bhojsYLJmA94jPv8yCoBXnMwBQJdpZzyAhsMAAoJEPv8yCoBXnMw6f8L/26C34dk -jBffTzMj5Bdzm8MtF67OYneJ4TQMw7+41IL4rVcSKhIhk/3Ud5knaRtP2ef1+5F6 -6h9/RPQOJ5+tvBwhBAcUWSupKnUrdVaZQanYmtSxcVV2PL9+QEiNN3tzluhaWO// -rACxJ+K/ZXQlIzwQVTpNhfGzAaMVV9zpf3u0k14itcv6alKY8+rLZvO1wIIeRZLm -U0tZDD5HtWDvUV7rIFI1WuoLb+KZgbYn3OWjCPHVdTrdZ2CqnZbG3SXw6awH9bzR -LV9EXkbhIMez0deCVdeo+wFFklh8/5VK2b0vk/+wqMJxfpa1lHvJLobzOP9fvrsw -sr92MA2+k901WeISR7qEzcI0Fdg8AyFAExaEK6VyjP7SXGLwvfisw34OxuZr3qmx -1Sufu4toH3XrB7QJN8XyqqbsGxUCBqWif9RSK4xjzRTe56iPeiSJJOIciMP9i2ld -I+KgLycyeDvGoBj0HCLO3gVaBe4ubVrj5KjhX2PVNEJd3XZRzaXZE2aAMQ== -=AmgT ------END PGP PUBLIC KEY BLOCK-----` - -const rsa2048PrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- -Comment: gpg (GnuPG) 2.2.27 with libgcrypt 1.9.4 - -lQPGBGL07P0BCADL0etN8efyAXA6sL2WfQvHe5wEKYXPWeN2+jiqSppfeRZAOlzP -kZ3U+cloeJriplYvVJwI3ID2aw52Z/TRn8iKRP5eOUFrEgcgl06lazLtOndK7o7p -oBV5mLtHEirFHm6W61fNt10jzM0jx0PV6nseLhFB2J42F1cmU/aBgFo41wjLSZYr -owR+v+O9S5sUXblQF6sEDcY01sBEu09zrIgT49VFwQ1Cvdh9XZEOTQBfdiugoj5a -DS3fAqAka3r1VoQK4eR7/upnYSgSACGeaQ4pUelKku5rpm50gdWTY8ppq0k9e1eT -y2x0OQcW3hWE+j4os1ca0ZEADMdqr/99MOxrABEBAAH+BwMCJWxU4VOZOJ7/I6vX -FxdfBhIBEXlJ52FM3S/oYtXqLhkGyrtmZOeEazVvUtuCe3M3ScHI8xCthcmE8E0j -bi+ZEHPS2NiBZtgHFF27BLn7zZuTc+oD5WKduZdK3463egnyThTqIIMl25WZBuab -k5ycwYrWwBH0jfA4gwJ13ai4pufKC2RM8qIu6YAVPglYBKFLKGvvJHa5vI+LuA0E -K+k35hIic7yVUcQneNnAF2598X5yWiieYnOZpmHlRw1zfbMwOJr3ZNj2v94u7b+L -sTa/1Uv9887Vb6sJp0c2Sh4cwEccoPYkvMqFn3ZrJUr3UdDu1K2vWohPtswzhrYV -+RdPZE5RLoCQufKvlPezk0Pzhzb3bBU7XjUbdGY1nH/EyQeBNp+Gw6qldKvzcBaB -cyOK1c6hPSszpJX93m5UxCN55IeifmcNjmbDh8vGCCdajy6d56qV2n4F3k7vt1J1 -0UlxIGhqijJoaTCX66xjLMC6VXkSz6aHQ35rnXosm/cqPcQshsZTdlfSyWkorfdr -4Hj8viBER26mjYurTMLBKDtUN724ZrR0Ev5jorX9uoKlgl87bDZHty2Ku2S+vR68 -VAvnj6Fi1BYNclnDoqxdRB2z5T9JbWE52HuG83/QsplhEqXxESDxriTyTHMbNxEe -88soVCDh4tgflZFa2ucUr6gEKJKij7jgahARnyaXfPZlQBUAS1YUeILYmN+VR+M/ -sHENpwDWc7TInn8VN638nJV+ScZGMih3AwWZTIoiLju3MMt1K0YZ3NuiqwGH4Jwg -/BbEdTWeCci9y3NEQHQ3uZZ5p6j2CwFVlK11idemCMvAiTVxF+gKdaLMkeCwKxru -J3YzhKEo+iDVYbPYBYizx/EHBn2U5kITQ5SBXzjTaaFMNZJEf9JYsL1ybPB6HOFY -VNVB2KT8CGVwtCJHb2xhbmcgR29waGVyIDxnb2xhbmdAZXhhbXBsZS5vcmc+iQFO -BBMBCgA4FiEEC6K7U7f4qesybTnqSkra7gHusm0FAmL07P0CGwMFCwkIBwIGFQoJ -CAsCBBYCAwECHgECF4AACgkQSkra7gHusm1MvwgAxpClWkeSqIhMQfbiuz0+lOkE -89y1DCFw8bHjZoUf4/4K8hFA3dGkk+q72XFgiyaCpfXxMt6Gi+dN47t+tTv9NIqC -sukbaoJBmJDhN6+djmJOgOYy+FWsW2LAk2LOwKYulpnBZdcA5rlMAhBg7gevQpF+ -ruSU69P7UUaFJl/DC7hDmaIcj+4cjBE/HO26SnVQjoTfjZT82rDh1Wsuf8LnkJUk -b3wezBLpXKjDvdHikdv4gdlR4AputVM38aZntYYglh/EASo5TneyZ7ZscdLNRdcF -r5O2fKqrOJLOdaoYRFZZWOvP5GtEVFDU7WGivOSVfiszBE0wZR3dgZRJipHCXJ0D -xgRi9Oz9AQgAtMJcJqLLVANJHl90tWuoizDkm+Imcwq2ubQAjpclnNrODnDK+7o4 -pBsWmXbZSdkC4gY+LhOQA6bPDD0JEHM58DOnrm49BddxXAyK0HPsk4sGGt2SS86B -OawWNdfJVyqw4bAiHWDmQg4PcjBbt3ocOIxAR6I5kBSiQVxuGQs9T+Zvg3G1r3Or -fS6DzlgY3HFUML5YsGH4lOxNSOoKAP68GIH/WNdUZ+feiRg9knIib6I3Hgtf5eO8 -JRH7aWE/TD7eNu36bLLjT5TZPq5r6xaD2plbtPOyXbNPWs9qI1yG+VnErfaLY0w8 -Qo0aqzbgID+CTZVomXSOpOcQseaFKw8ZfQARAQAB/gcDArha6+/+d4OY/w9N32K9 -hFNYt4LufTETMQ+k/sBeaMuAVzmT47DlAXzkrZhGW4dZOtXMu1rXaUwHlqkhEyzL -L4MYEWVXfD+LbZNEK3MEFss6RK+UAMeT/PTV9aA8cXQVPcSJYzfBXHQ1U1hnOgrO -apn92MN8RmkhX8wJLyeWTMMuP4lXByJMmmGo8WvifeRD2kFY4y0WVBDAXJAV4Ljf -Di/bBiwoc5a+gxHuZT2W9ZSxBQJNXdt4Un2IlyZuo58s5MLx2N0EaNJ8PwRUE6fM -RZYO8aZCEPUtINE4njbvsWOMCtrblsMPwZ1B0SiIaWmLaNyGdCNKea+fCIW7kasC -JYMhnLumpUTXg5HNexkCsl7ABWj0PYBflOE61h8EjWpnQ7JBBVKS2ua4lMjwHRX7 -5o5yxym9k5UZNFdGoXVL7xpizCcdGawxTJvwhs3vBqu1ZWYCegOAZWDrOkCyhUpq -8uKMROZFbn+FwE+7tjt+v2ed62FVEvD6g4V3ThCA6mQqeOARfJWN8GZY8BDm8lht -crOXriUkrx+FlrgGtm2CkwjW5/9Xd7AhFpHnQdFeozOHyq1asNSgJF9sNi9Lz94W -skQSVRi0IExxSXYGI3Y0nnAZUe2BAQflYPJdEveSr3sKlUqXiETTA1VXsTPK3kOC -92CbLzj/Hz199jZvywwyu53I+GKMpF42rMq7zxr2oa61YWY4YE/GDezwwys/wLx/ -QpCW4X3ppI7wJjCSSqEV0baYZSSli1ayheS6dxi8QnSpX1Bmpz6gU7m/M9Sns+hl -J7ZvgpjCAiV7KJTjtclr5/S02zP78LTVkoTWoz/6MOTROwaP63VBUXX8pbJhf/vu -DLmNnDk8joMJxoDXWeNU0EnNl4hP7Z/jExRBOEO4oAnUf/Sf6gCWQhL5qcajtg6w -tGv7vx3f2IkBNgQYAQoAIBYhBAuiu1O3+KnrMm056kpK2u4B7rJtBQJi9Oz9AhsM -AAoJEEpK2u4B7rJt6lgIAMBWqP4BCOGnQXBbgJ0+ACVghpkFUXZTb/tXJc8UUvTM -8uov6k/RsqDGZrvhhufD7Wwt7j9v7dD7VPp7bPyjVWyimglQzWguTUUqLDGlstYH -5uYv1pzma0ZsAGNqFeGlTLsKOSGKFMH4rB2KfN2n51L8POvtp1y7GKZQbWIWneaB -cZr3BINU5GMvYYU7pAYcoR+mJPdJx5Up3Ocn+bn8Tu1sy9C/ArtCQucazGnoE9u1 -HhNLrh0CdzzX7TNH6TQ8LwPOvq0K5l/WqbN9lE0WBBhMv2HydxhluO8AhU+A5GqC -C+wET7nVDnhoOm/fstIeb7/LN7OYejKPeHdFBJEL9GA= -=u442 ------END PGP PRIVATE KEY BLOCK-----` - -const curve25519PrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- -Comment: gpg (GnuPG) 2.2.27 with libgcrypt 1.9.4 - -lFgEYvTtQBYJKwYBBAHaRw8BAQdAxsNXLbrk5xOjpO24VhOMvQ0/F+JcyIkckMDH -X3FIGxcAAQDFOlunZWYuPsCx5JLp78vKqUTfgef9TGG4oD6I/Sa0zBMstCJHb2xh -bmcgR29waGVyIDxnb2xhbmdAZXhhbXBsZS5vcmc+iJAEExYIADgWIQSFQHEOazmo -h1ldII4MvfnLQ4JBNwUCYvTtQAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK -CRAMvfnLQ4JBN5yeAQCKdry8B5ScCPrev2+UByMCss7Sdu5RhomCFsHdNPLcKAEA -8ugei+1owHsV+3cGwWWzKk6sLa8ZN87i3SKuOGp9DQycXQRi9O1AEgorBgEEAZdV -AQUBAQdA5CubPp8l7lrVQ25h7Hx5XN2C8xanRnnpcjzEooCaEA0DAQgHAAD/Rpc+ -sOZUXrFk9HOWB1XU41LoWbDBoG8sP8RWAVYwD5AQRYh4BBgWCAAgFiEEhUBxDms5 -qIdZXSCODL35y0OCQTcFAmL07UACGwwACgkQDL35y0OCQTcvdwEA7lb5g/YisrEf -iq660uwMGoepLUfvtqKzuQ6heYe83y0BAN65Ffg5HYOJzUEi0kZQRf7OhdtuL2kJ -SRXn8DmCTfEB -=cELM ------END PGP PRIVATE KEY BLOCK-----` - -const curve448PrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- -Comment: C1DB 65D5 80D7 B922 7254 4B1E A699 9895 FABA CE52 - -xYUEYV2UmRYDK2VxAc9AFyxgh5xnSbyt50TWl558mw9xdMN+/UBLr5+UMP8IsrvV -MdXuTIE8CyaUQKSotHtH2RkYEXj5nsMAAAHPQIbTMSzjIWug8UFECzAex5FHgAgH -gYF3RK+TS8D24wX8kOu2C/NoVxwGY+p+i0JHaB+7yljriSKAGxs6wsBEBB8WCgCD -BYJhXZSZBYkFpI+9AwsJBwkQppmYlfq6zlJHFAAAAAAAHgAgc2FsdEBub3RhdGlv -bnMuc2VxdW9pYS1wZ3Aub3Jn5wSpIutJ5HncJWk4ruUV8GzQF390rR5+qWEAnAoY -akcDFQoIApsBAh4BFiEEwdtl1YDXuSJyVEseppmYlfq6zlIAALzdA5dA/fsgYg/J -qaQriYKaPUkyHL7EB3BXhV2d1h/gk+qJLvXQuU2WEJ/XSs3GrsBRiiZwvPH4o+7b -mleAxjy5wpS523vqrrBR2YZ5FwIku7WS4litSdn4AtVam/TlLdMNIf41CtFeZKBe -c5R5VNdQy8y7qy8AAADNEUN1cnZlNDQ4IE9wdGlvbiA4wsBHBBMWCgCGBYJhXZSZ -BYkFpI+9AwsJBwkQppmYlfq6zlJHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2Vx -dW9pYS1wZ3Aub3JnD55UsYMzE6OACP+mgw5zvT+BBgol8/uFQjHg4krjUCMDFQoI -ApkBApsBAh4BFiEEwdtl1YDXuSJyVEseppmYlfq6zlIAAPQJA5dA0Xqwzn/0uwCq -RlsOVCB3f5NOj1exKnlBvRw0xT1VBee1yxvlUt5eIAoCxWoRlWBJob3TTkhm9AEA -8dyhwPmyGfWHzPw5NFG3xsXrZdNXNvit9WMVAPcmsyR7teXuDlJItxRAdJJc/qfJ -YVbBFoaNrhYAAADHhQRhXZSZFgMrZXEBz0BL7THZ9MnCLfSPJ1FMLim9eGkQ3Bfn -M3he5rOwO3t14QI1LjI96OjkeJipMgcFAmEP1Bq/ZHGO7oAAAc9AFnE8iNBaT3OU -EFtxkmWHXtdaYMmGGRdopw9JPXr/UxuunDln5o9dxPxf7q7z26zXrZen+qed/Isa -HsDCwSwEGBYKAWsFgmFdlJkFiQWkj70JEKaZmJX6us5SRxQAAAAAAB4AIHNhbHRA -bm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZxREUizdTcepBzgSMOv2VWQCWbl++3CZ -EbgAWDryvSsyApsCwDGgBBkWCgBvBYJhXZSZCRBKo3SL4S5djkcUAAAAAAAeACBz -YWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmemoGTDjmNQiIzw6HOEddvS0OB7 -UZ/P07jM/EVmnYxTlBYhBAxsnkGpx1UCiH6gUUqjdIvhLl2OAAALYQOXQAMB1oKq -OWxSFmvmgCKNcbAAyA3piF5ERIqs4z07oJvqDYrOWt75UsEIH/04gU/vHc4EmfG2 -JDLJgOLlyTUPkL/08f0ydGZPofFQBhn8HkuFFjnNtJ5oz3GIP4cdWMQFaUw0uvjb -PM9Tm3ptENGd6Ts1AAAAFiEEwdtl1YDXuSJyVEseppmYlfq6zlIAAGpTA5dATR6i -U2GrpUcQgpG+JqfAsGmF4yAOhgFxc1UfidFk3nTup3fLgjipkYY170WLRNbyKkVO -Sodx93GAs58rizO1acDAWiLq3cyEPBFXbyFThbcNPcLl+/77Uk/mgkYrPQFAQWdK -1kSRm4SizDBK37K8ChAAAADHhwRhXZSZEgMrZW8Bx0DMhzvhQo+OsXeqQ6QVw4sF -CaexHh6rLohh7TzL3hQSjoJ27fV6JBkIWdn0LfrMlJIDbSv2SLdlgQMBCgkAAcdA -MO7Dc1myF6Co1fAH+EuP+OxhxP/7V6ljuSCZENDfA49tQkzTta+PniG+pOVB2LHb -huyaKBkqiaogo8LAOQQYFgoAeAWCYV2UmQWJBaSPvQkQppmYlfq6zlJHFAAAAAAA -HgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEjBMQAmc/2u45u5FQGmB -QAytjSG2LM3JQN+PPVl5vEkCmwwWIQTB22XVgNe5InJUSx6mmZiV+rrOUgAASdYD -l0DXEHQ9ykNP2rZP35ET1dmiFagFtTj/hLQcWlg16LqvJNGqOgYXuqTerbiOOt02 -XLCBln+wdewpU4ChEffMUDRBfqfQco/YsMqWV7bHJHAO0eC/DMKCjyU90xdH7R/d -QgqsfguR1PqPuJxpXV4bSr6CGAAAAA== -=MSvh ------END PGP PRIVATE KEY BLOCK-----` - -const keyWithNotation = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -xVgEY9gIshYJKwYBBAHaRw8BAQdAF25fSM8OpFlXZhop4Qpqo5ywGZ4jgWlR -ppjhIKDthREAAQC+LFpzFcMJYcjxGKzBGHN0Px2jU4d04YSRnFAik+lVVQ6u -zRdUZXN0IDx0ZXN0QGV4YW1wbGUuY29tPsLACgQQFgoAfAUCY9gIsgQLCQcI -CRD/utJOCym8pR0UgAAAAAAQAAR0ZXh0QGV4YW1wbGUuY29tdGVzdB8UAAAA -AAASAARiaW5hcnlAZXhhbXBsZS5jb20AAQIDAxUICgQWAAIBAhkBAhsDAh4B -FiEEEMCQTUVGKgCX5rDQ/7rSTgspvKUAAPl5AP9Npz90LxzrB97Qr2DrGwfG -wuYn4FSYwtuPfZHHeoIabwD/QEbvpQJ/NBb9EAZuow4Rirlt1yv19mmnF+j5 -8yUzhQjHXQRj2AiyEgorBgEEAZdVAQUBAQdARXAo30DmKcyUg6co7OUm0RNT -z9iqFbDBzA8A47JEt1MDAQgHAAD/XKK3lBm0SqMR558HLWdBrNG6NqKuqb5X -joCML987ZNgRD8J4BBgWCAAqBQJj2AiyCRD/utJOCym8pQIbDBYhBBDAkE1F -RioAl+aw0P+60k4LKbylAADRxgEAg7UfBDiDPp5LHcW9D+SgFHk6+GyEU4ev -VppQxdtxPvAA/34snHBX7Twnip1nMt7P4e2hDiw/hwQ7oqioOvc6jMkP -=Z8YJ ------END PGP PRIVATE KEY BLOCK----- -` diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go deleted file mode 100644 index fec41a0e73..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go +++ /dev/null @@ -1,67 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG - -package packet - -import "math/bits" - -// CipherSuite contains a combination of Cipher and Mode -type CipherSuite struct { - // The cipher function - Cipher CipherFunction - // The AEAD mode of operation. - Mode AEADMode -} - -// AEADConfig collects a number of AEAD parameters along with sensible defaults. -// A nil AEADConfig is valid and results in all default values. -type AEADConfig struct { - // The AEAD mode of operation. - DefaultMode AEADMode - // Amount of octets in each chunk of data - ChunkSize uint64 -} - -// Mode returns the AEAD mode of operation. -func (conf *AEADConfig) Mode() AEADMode { - // If no preference is specified, OCB is used (which is mandatory to implement). - if conf == nil || conf.DefaultMode == 0 { - return AEADModeOCB - } - - mode := conf.DefaultMode - if mode != AEADModeEAX && mode != AEADModeOCB && mode != AEADModeGCM { - panic("AEAD mode unsupported") - } - return mode -} - -// ChunkSizeByte returns the byte indicating the chunk size. The effective -// chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6) -// limit to 16 = 4 MiB -// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 -func (conf *AEADConfig) ChunkSizeByte() byte { - if conf == nil || conf.ChunkSize == 0 { - return 12 // 1 << (12 + 6) == 262144 bytes - } - - chunkSize := conf.ChunkSize - exponent := bits.Len64(chunkSize) - 1 - switch { - case exponent < 6: - exponent = 6 - case exponent > 16: - exponent = 16 - } - - return byte(exponent - 6) -} - -// decodeAEADChunkSize returns the effective chunk size. In 32-bit systems, the -// maximum returned value is 1 << 30. -func decodeAEADChunkSize(c byte) int { - size := uint64(1 << (c + 6)) - if size != uint64(int(size)) { - return 1 << 30 - } - return int(size) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go deleted file mode 100644 index 5e46046563..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go +++ /dev/null @@ -1,250 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG - -package packet - -import ( - "crypto/cipher" - "encoding/binary" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// aeadCrypter is an AEAD opener/sealer, its configuration, and data for en/decryption. -type aeadCrypter struct { - aead cipher.AEAD - chunkSize int - nonce []byte - associatedData []byte // Chunk-independent associated data - chunkIndex []byte // Chunk counter - packetTag packetType // SEIP packet (v2) or AEAD Encrypted Data packet - bytesProcessed int // Amount of plaintext bytes encrypted/decrypted -} - -// computeNonce takes the incremental index and computes an eXclusive OR with -// the least significant 8 bytes of the receivers' initial nonce (see sec. -// 5.16.1 and 5.16.2). It returns the resulting nonce. -func (wo *aeadCrypter) computeNextNonce() (nonce []byte) { - if wo.packetTag == packetTypeSymmetricallyEncryptedIntegrityProtected { - return wo.nonce - } - - nonce = make([]byte, len(wo.nonce)) - copy(nonce, wo.nonce) - offset := len(wo.nonce) - 8 - for i := 0; i < 8; i++ { - nonce[i+offset] ^= wo.chunkIndex[i] - } - return -} - -// incrementIndex performs an integer increment by 1 of the integer represented by the -// slice, modifying it accordingly. -func (wo *aeadCrypter) incrementIndex() error { - index := wo.chunkIndex - if len(index) == 0 { - return errors.AEADError("Index has length 0") - } - for i := len(index) - 1; i >= 0; i-- { - if index[i] < 255 { - index[i]++ - return nil - } - index[i] = 0 - } - return errors.AEADError("cannot further increment index") -} - -// aeadDecrypter reads and decrypts bytes. It buffers extra decrypted bytes when -// necessary, similar to aeadEncrypter. -type aeadDecrypter struct { - aeadCrypter // Embedded ciphertext opener - reader io.Reader // 'reader' is a partialLengthReader - chunkBytes []byte - peekedBytes []byte // Used to detect last chunk - buffer []byte // Buffered decrypted bytes -} - -// Read decrypts bytes and reads them into dst. It decrypts when necessary and -// buffers extra decrypted bytes. It returns the number of bytes copied into dst -// and an error. -func (ar *aeadDecrypter) Read(dst []byte) (n int, err error) { - // Return buffered plaintext bytes from previous calls - if len(ar.buffer) > 0 { - n = copy(dst, ar.buffer) - ar.buffer = ar.buffer[n:] - return - } - - // Read a chunk - tagLen := ar.aead.Overhead() - copy(ar.chunkBytes, ar.peekedBytes) // Copy bytes peeked in previous chunk or in initialization - bytesRead, errRead := io.ReadFull(ar.reader, ar.chunkBytes[tagLen:]) - if errRead != nil && errRead != io.EOF && errRead != io.ErrUnexpectedEOF { - return 0, errRead - } - - if bytesRead > 0 { - ar.peekedBytes = ar.chunkBytes[bytesRead:bytesRead+tagLen] - - decrypted, errChunk := ar.openChunk(ar.chunkBytes[:bytesRead]) - if errChunk != nil { - return 0, errChunk - } - - // Return decrypted bytes, buffering if necessary - n = copy(dst, decrypted) - ar.buffer = decrypted[n:] - return - } - - return 0, io.EOF -} - -// Close checks the final authentication tag of the stream. -// In the future, this function could also be used to wipe the reader -// and peeked & decrypted bytes, if necessary. -func (ar *aeadDecrypter) Close() (err error) { - errChunk := ar.validateFinalTag(ar.peekedBytes) - if errChunk != nil { - return errChunk - } - return nil -} - -// openChunk decrypts and checks integrity of an encrypted chunk, returning -// the underlying plaintext and an error. It accesses peeked bytes from next -// chunk, to identify the last chunk and decrypt/validate accordingly. -func (ar *aeadDecrypter) openChunk(data []byte) ([]byte, error) { - adata := ar.associatedData - if ar.aeadCrypter.packetTag == packetTypeAEADEncrypted { - adata = append(ar.associatedData, ar.chunkIndex...) - } - - nonce := ar.computeNextNonce() - plainChunk, err := ar.aead.Open(data[:0:len(data)], nonce, data, adata) - if err != nil { - return nil, errors.ErrAEADTagVerification - } - ar.bytesProcessed += len(plainChunk) - if err = ar.aeadCrypter.incrementIndex(); err != nil { - return nil, err - } - return plainChunk, nil -} - -// Checks the summary tag. It takes into account the total decrypted bytes into -// the associated data. It returns an error, or nil if the tag is valid. -func (ar *aeadDecrypter) validateFinalTag(tag []byte) error { - // Associated: tag, version, cipher, aead, chunk size, ... - amountBytes := make([]byte, 8) - binary.BigEndian.PutUint64(amountBytes, uint64(ar.bytesProcessed)) - - adata := ar.associatedData - if ar.aeadCrypter.packetTag == packetTypeAEADEncrypted { - // ... index ... - adata = append(ar.associatedData, ar.chunkIndex...) - } - - // ... and total number of encrypted octets - adata = append(adata, amountBytes...) - nonce := ar.computeNextNonce() - if _, err := ar.aead.Open(nil, nonce, tag, adata); err != nil { - return errors.ErrAEADTagVerification - } - return nil -} - -// aeadEncrypter encrypts and writes bytes. It encrypts when necessary according -// to the AEAD block size, and buffers the extra encrypted bytes for next write. -type aeadEncrypter struct { - aeadCrypter // Embedded plaintext sealer - writer io.WriteCloser // 'writer' is a partialLengthWriter - chunkBytes []byte - offset int -} - -// Write encrypts and writes bytes. It encrypts when necessary and buffers extra -// plaintext bytes for next call. When the stream is finished, Close() MUST be -// called to append the final tag. -func (aw *aeadEncrypter) Write(plaintextBytes []byte) (n int, err error) { - for n != len(plaintextBytes) { - copied := copy(aw.chunkBytes[aw.offset:aw.chunkSize], plaintextBytes[n:]) - n += copied - aw.offset += copied - - if aw.offset == aw.chunkSize { - encryptedChunk, err := aw.sealChunk(aw.chunkBytes[:aw.offset]) - if err != nil { - return n, err - } - _, err = aw.writer.Write(encryptedChunk) - if err != nil { - return n, err - } - aw.offset = 0 - } - } - return -} - -// Close encrypts and writes the remaining buffered plaintext if any, appends -// the final authentication tag, and closes the embedded writer. This function -// MUST be called at the end of a stream. -func (aw *aeadEncrypter) Close() (err error) { - // Encrypt and write a chunk if there's buffered data left, or if we haven't - // written any chunks yet. - if aw.offset > 0 || aw.bytesProcessed == 0 { - lastEncryptedChunk, err := aw.sealChunk(aw.chunkBytes[:aw.offset]) - if err != nil { - return err - } - _, err = aw.writer.Write(lastEncryptedChunk) - if err != nil { - return err - } - } - // Compute final tag (associated data: packet tag, version, cipher, aead, - // chunk size... - adata := aw.associatedData - - if aw.aeadCrypter.packetTag == packetTypeAEADEncrypted { - // ... index ... - adata = append(aw.associatedData, aw.chunkIndex...) - } - - // ... and total number of encrypted octets - amountBytes := make([]byte, 8) - binary.BigEndian.PutUint64(amountBytes, uint64(aw.bytesProcessed)) - adata = append(adata, amountBytes...) - - nonce := aw.computeNextNonce() - finalTag := aw.aead.Seal(nil, nonce, nil, adata) - _, err = aw.writer.Write(finalTag) - if err != nil { - return err - } - return aw.writer.Close() -} - -// sealChunk Encrypts and authenticates the given chunk. -func (aw *aeadEncrypter) sealChunk(data []byte) ([]byte, error) { - if len(data) > aw.chunkSize { - return nil, errors.AEADError("chunk exceeds maximum length") - } - if aw.associatedData == nil { - return nil, errors.AEADError("can't seal without headers") - } - adata := aw.associatedData - if aw.aeadCrypter.packetTag == packetTypeAEADEncrypted { - adata = append(aw.associatedData, aw.chunkIndex...) - } - - nonce := aw.computeNextNonce() - encrypted := aw.aead.Seal(data[:0], nonce, data, adata) - aw.bytesProcessed += len(data) - if err := aw.aeadCrypter.incrementIndex(); err != nil { - return nil, err - } - return encrypted, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go deleted file mode 100644 index 583765d87c..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright (C) 2019 ProtonTech AG - -package packet - -import ( - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" -) - -// AEADEncrypted represents an AEAD Encrypted Packet. -// See https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t -type AEADEncrypted struct { - cipher CipherFunction - mode AEADMode - chunkSizeByte byte - Contents io.Reader // Encrypted chunks and tags - initialNonce []byte // Referred to as IV in RFC4880-bis -} - -// Only currently defined version -const aeadEncryptedVersion = 1 - -func (ae *AEADEncrypted) parse(buf io.Reader) error { - headerData := make([]byte, 4) - if n, err := io.ReadFull(buf, headerData); n < 4 { - return errors.AEADError("could not read aead header:" + err.Error()) - } - // Read initial nonce - mode := AEADMode(headerData[2]) - nonceLen := mode.IvLength() - - // This packet supports only EAX and OCB - // https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t - if nonceLen == 0 || mode > AEADModeOCB { - return errors.AEADError("unknown mode") - } - - initialNonce := make([]byte, nonceLen) - if n, err := io.ReadFull(buf, initialNonce); n < nonceLen { - return errors.AEADError("could not read aead nonce:" + err.Error()) - } - ae.Contents = buf - ae.initialNonce = initialNonce - c := headerData[1] - if _, ok := algorithm.CipherById[c]; !ok { - return errors.UnsupportedError("unknown cipher: " + string(c)) - } - ae.cipher = CipherFunction(c) - ae.mode = mode - ae.chunkSizeByte = headerData[3] - return nil -} - -// Decrypt returns a io.ReadCloser from which decrypted bytes can be read, or -// an error. -func (ae *AEADEncrypted) Decrypt(ciph CipherFunction, key []byte) (io.ReadCloser, error) { - return ae.decrypt(key) -} - -// decrypt prepares an aeadCrypter and returns a ReadCloser from which -// decrypted bytes can be read (see aeadDecrypter.Read()). -func (ae *AEADEncrypted) decrypt(key []byte) (io.ReadCloser, error) { - blockCipher := ae.cipher.new(key) - aead := ae.mode.new(blockCipher) - // Carry the first tagLen bytes - chunkSize := decodeAEADChunkSize(ae.chunkSizeByte) - tagLen := ae.mode.TagLength() - chunkBytes := make([]byte, chunkSize+tagLen*2) - peekedBytes := chunkBytes[chunkSize+tagLen:] - n, err := io.ReadFull(ae.Contents, peekedBytes) - if n < tagLen || (err != nil && err != io.EOF) { - return nil, errors.AEADError("Not enough data to decrypt:" + err.Error()) - } - - return &aeadDecrypter{ - aeadCrypter: aeadCrypter{ - aead: aead, - chunkSize: chunkSize, - nonce: ae.initialNonce, - associatedData: ae.associatedData(), - chunkIndex: make([]byte, 8), - packetTag: packetTypeAEADEncrypted, - }, - reader: ae.Contents, - chunkBytes: chunkBytes, - peekedBytes: peekedBytes, - }, nil -} - -// associatedData for chunks: tag, version, cipher, mode, chunk size byte -func (ae *AEADEncrypted) associatedData() []byte { - return []byte{ - 0xD4, - aeadEncryptedVersion, - byte(ae.cipher), - byte(ae.mode), - ae.chunkSizeByte} -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go deleted file mode 100644 index 0bcb38caca..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go +++ /dev/null @@ -1,161 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "compress/bzip2" - "compress/flate" - "compress/zlib" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// Compressed represents a compressed OpenPGP packet. The decompressed contents -// will contain more OpenPGP packets. See RFC 4880, section 5.6. -type Compressed struct { - Body io.Reader -} - -const ( - NoCompression = flate.NoCompression - BestSpeed = flate.BestSpeed - BestCompression = flate.BestCompression - DefaultCompression = flate.DefaultCompression -) - -// CompressionConfig contains compressor configuration settings. -type CompressionConfig struct { - // Level is the compression level to use. It must be set to - // between -1 and 9, with -1 causing the compressor to use the - // default compression level, 0 causing the compressor to use - // no compression and 1 to 9 representing increasing (better, - // slower) compression levels. If Level is less than -1 or - // more then 9, a non-nil error will be returned during - // encryption. See the constants above for convenient common - // settings for Level. - Level int -} - -// decompressionReader ensures that the whole compression packet is read. -type decompressionReader struct { - compressed io.Reader - decompressed io.ReadCloser - readAll bool -} - -func newDecompressionReader(r io.Reader, decompressor io.ReadCloser) *decompressionReader { - return &decompressionReader{ - compressed: r, - decompressed: decompressor, - } -} - -func (dr *decompressionReader) Read(data []byte) (n int, err error) { - if dr.readAll { - return 0, io.EOF - } - n, err = dr.decompressed.Read(data) - if err == io.EOF { - dr.readAll = true - // Close the decompressor. - if errDec := dr.decompressed.Close(); errDec != nil { - return n, errDec - } - // Consume all remaining data from the compressed packet. - consumeAll(dr.compressed) - } - return n, err -} - -func (c *Compressed) parse(r io.Reader) error { - var buf [1]byte - _, err := readFull(r, buf[:]) - if err != nil { - return err - } - - switch buf[0] { - case 0: - c.Body = r - case 1: - c.Body = newDecompressionReader(r, flate.NewReader(r)) - case 2: - decompressor, err := zlib.NewReader(r) - if err != nil { - return err - } - c.Body = newDecompressionReader(r, decompressor) - case 3: - c.Body = newDecompressionReader(r, io.NopCloser(bzip2.NewReader(r))) - default: - err = errors.UnsupportedError("unknown compression algorithm: " + strconv.Itoa(int(buf[0]))) - } - - return err -} - -// compressedWriterCloser represents the serialized compression stream -// header and the compressor. Its Close() method ensures that both the -// compressor and serialized stream header are closed. Its Write() -// method writes to the compressor. -type compressedWriteCloser struct { - sh io.Closer // Stream Header - c io.WriteCloser // Compressor -} - -func (cwc compressedWriteCloser) Write(p []byte) (int, error) { - return cwc.c.Write(p) -} - -func (cwc compressedWriteCloser) Close() (err error) { - err = cwc.c.Close() - if err != nil { - return err - } - - return cwc.sh.Close() -} - -// SerializeCompressed serializes a compressed data packet to w and -// returns a WriteCloser to which the literal data packets themselves -// can be written and which MUST be closed on completion. If cc is -// nil, sensible defaults will be used to configure the compression -// algorithm. -func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error) { - compressed, err := serializeStreamHeader(w, packetTypeCompressed) - if err != nil { - return - } - - _, err = compressed.Write([]byte{uint8(algo)}) - if err != nil { - return - } - - level := DefaultCompression - if cc != nil { - level = cc.Level - } - - var compressor io.WriteCloser - switch algo { - case CompressionZIP: - compressor, err = flate.NewWriter(compressed, level) - case CompressionZLIB: - compressor, err = zlib.NewWriterLevel(compressed, level) - default: - s := strconv.Itoa(int(algo)) - err = errors.UnsupportedError("Unsupported compression algorithm: " + s) - } - if err != nil { - return - } - - literaldata = compressedWriteCloser{compressed, compressor} - - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go deleted file mode 100644 index 257398d9dd..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go +++ /dev/null @@ -1,422 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "crypto" - "crypto/rand" - "io" - "math/big" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/s2k" -) - -var ( - defaultRejectPublicKeyAlgorithms = map[PublicKeyAlgorithm]bool{ - PubKeyAlgoElGamal: true, - PubKeyAlgoDSA: true, - } - defaultRejectHashAlgorithms = map[crypto.Hash]bool{ - crypto.MD5: true, - crypto.RIPEMD160: true, - } - defaultRejectMessageHashAlgorithms = map[crypto.Hash]bool{ - crypto.SHA1: true, - crypto.MD5: true, - crypto.RIPEMD160: true, - } - defaultRejectCurves = map[Curve]bool{ - CurveSecP256k1: true, - } -) - -// A global feature flag to indicate v5 support. -// Can be set via a build tag, e.g.: `go build -tags v5 ./...` -// If the build tag is missing config_v5.go will set it to true. -// -// Disables parsing of v5 keys and v5 signatures. -// These are non-standard entities, which in the crypto-refresh have been superseded -// by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively. -var V5Disabled = false - -// Config collects a number of parameters along with sensible defaults. -// A nil *Config is valid and results in all default values. -type Config struct { - // Rand provides the source of entropy. - // If nil, the crypto/rand Reader is used. - Rand io.Reader - // DefaultHash is the default hash function to be used. - // If zero, SHA-256 is used. - DefaultHash crypto.Hash - // DefaultCipher is the cipher to be used. - // If zero, AES-128 is used. - DefaultCipher CipherFunction - // Time returns the current time as the number of seconds since the - // epoch. If Time is nil, time.Now is used. - Time func() time.Time - // DefaultCompressionAlgo is the compression algorithm to be - // applied to the plaintext before encryption. If zero, no - // compression is done. - DefaultCompressionAlgo CompressionAlgo - // CompressionConfig configures the compression settings. - CompressionConfig *CompressionConfig - // S2K (String to Key) config, used for key derivation in the context of secret key encryption - // and password-encrypted data. - // If nil, the default configuration is used - S2KConfig *s2k.Config - // Iteration count for Iterated S2K (String to Key). - // Only used if sk2.Mode is nil. - // This value is duplicated here from s2k.Config for backwards compatibility. - // It determines the strength of the passphrase stretching when - // the said passphrase is hashed to produce a key. S2KCount - // should be between 65536 and 65011712, inclusive. If Config - // is nil or S2KCount is 0, the value 16777216 used. Not all - // values in the above range can be represented. S2KCount will - // be rounded up to the next representable value if it cannot - // be encoded exactly. When set, it is strongly encrouraged to - // use a value that is at least 65536. See RFC 4880 Section - // 3.7.1.3. - // - // Deprecated: SK2Count should be configured in S2KConfig instead. - S2KCount int - // RSABits is the number of bits in new RSA keys made with NewEntity. - // If zero, then 2048 bit keys are created. - RSABits int - // The public key algorithm to use - will always create a signing primary - // key and encryption subkey. - Algorithm PublicKeyAlgorithm - // Some known primes that are optionally prepopulated by the caller - RSAPrimes []*big.Int - // Curve configures the desired packet.Curve if the Algorithm is PubKeyAlgoECDSA, - // PubKeyAlgoEdDSA, or PubKeyAlgoECDH. If empty Curve25519 is used. - Curve Curve - // AEADConfig configures the use of the new AEAD Encrypted Data Packet, - // defined in the draft of the next version of the OpenPGP specification. - // If a non-nil AEADConfig is passed, usage of this packet is enabled. By - // default, it is disabled. See the documentation of AEADConfig for more - // configuration options related to AEAD. - // **Note: using this option may break compatibility with other OpenPGP - // implementations, as well as future versions of this library.** - AEADConfig *AEADConfig - // V6Keys configures version 6 key generation. If false, this package still - // supports version 6 keys, but produces version 4 keys. - V6Keys bool - // Minimum RSA key size allowed for key generation and message signing, verification and encryption. - MinRSABits uint16 - // Reject insecure algorithms, only works with v2 api - RejectPublicKeyAlgorithms map[PublicKeyAlgorithm]bool - RejectHashAlgorithms map[crypto.Hash]bool - RejectMessageHashAlgorithms map[crypto.Hash]bool - RejectCurves map[Curve]bool - // "The validity period of the key. This is the number of seconds after - // the key creation time that the key expires. If this is not present - // or has a value of zero, the key never expires. This is found only on - // a self-signature."" - // https://tools.ietf.org/html/rfc4880#section-5.2.3.6 - KeyLifetimeSecs uint32 - // "The validity period of the signature. This is the number of seconds - // after the signature creation time that the signature expires. If - // this is not present or has a value of zero, it never expires." - // https://tools.ietf.org/html/rfc4880#section-5.2.3.10 - SigLifetimeSecs uint32 - // SigningKeyId is used to specify the signing key to use (by Key ID). - // By default, the signing key is selected automatically, preferring - // signing subkeys if available. - SigningKeyId uint64 - // SigningIdentity is used to specify a user ID (packet Signer's User ID, type 28) - // when producing a generic certification signature onto an existing user ID. - // The identity must be present in the signer Entity. - SigningIdentity string - // InsecureAllowUnauthenticatedMessages controls, whether it is tolerated to read - // encrypted messages without Modification Detection Code (MDC). - // MDC is mandated by the IETF OpenPGP Crypto Refresh draft and has long been implemented - // in most OpenPGP implementations. Messages without MDC are considered unnecessarily - // insecure and should be prevented whenever possible. - // In case one needs to deal with messages from very old OpenPGP implementations, there - // might be no other way than to tolerate the missing MDC. Setting this flag, allows this - // mode of operation. It should be considered a measure of last resort. - InsecureAllowUnauthenticatedMessages bool - // InsecureAllowDecryptionWithSigningKeys allows decryption with keys marked as signing keys in the v2 API. - // This setting is potentially insecure, but it is needed as some libraries - // ignored key flags when selecting a key for encryption. - // Not relevant for the v1 API, as all keys were allowed in decryption. - InsecureAllowDecryptionWithSigningKeys bool - // KnownNotations is a map of Notation Data names to bools, which controls - // the notation names that are allowed to be present in critical Notation Data - // signature subpackets. - KnownNotations map[string]bool - // SignatureNotations is a list of Notations to be added to any signatures. - SignatureNotations []*Notation - // CheckIntendedRecipients controls, whether the OpenPGP Intended Recipient Fingerprint feature - // should be enabled for encryption and decryption. - // (See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-intended-recipient-fingerpr). - // When the flag is set, encryption produces Intended Recipient Fingerprint signature sub-packets and decryption - // checks whether the key it was encrypted to is one of the included fingerprints in the signature. - // If the flag is disabled, no Intended Recipient Fingerprint sub-packets are created or checked. - // The default behavior, when the config or flag is nil, is to enable the feature. - CheckIntendedRecipients *bool - // CacheSessionKey controls if decryption should return the session key used for decryption. - // If the flag is set, the session key is cached in the message details struct. - CacheSessionKey bool - // CheckPacketSequence is a flag that controls if the pgp message reader should strictly check - // that the packet sequence conforms with the grammar mandated by rfc4880. - // The default behavior, when the config or flag is nil, is to check the packet sequence. - CheckPacketSequence *bool - // NonDeterministicSignaturesViaNotation is a flag to enable randomization of signatures. - // If true, a salt notation is used to randomize signatures generated by v4 and v5 keys - // (v6 signatures are always non-deterministic, by design). - // This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur - // during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of - // weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks. - // The default behavior, when the config or flag is nil, is to enable the feature. - NonDeterministicSignaturesViaNotation *bool - - // InsecureAllowAllKeyFlagsWhenMissing determines how a key without valid key flags is handled. - // When set to true, a key without flags is treated as if all flags are enabled. - // This behavior is consistent with GPG. - InsecureAllowAllKeyFlagsWhenMissing bool -} - -func (c *Config) Random() io.Reader { - if c == nil || c.Rand == nil { - return rand.Reader - } - return c.Rand -} - -func (c *Config) Hash() crypto.Hash { - if c == nil || uint(c.DefaultHash) == 0 { - return crypto.SHA256 - } - return c.DefaultHash -} - -func (c *Config) Cipher() CipherFunction { - if c == nil || uint8(c.DefaultCipher) == 0 { - return CipherAES128 - } - return c.DefaultCipher -} - -func (c *Config) Now() time.Time { - if c == nil || c.Time == nil { - return time.Now().Truncate(time.Second) - } - return c.Time().Truncate(time.Second) -} - -// KeyLifetime returns the validity period of the key. -func (c *Config) KeyLifetime() uint32 { - if c == nil { - return 0 - } - return c.KeyLifetimeSecs -} - -// SigLifetime returns the validity period of the signature. -func (c *Config) SigLifetime() uint32 { - if c == nil { - return 0 - } - return c.SigLifetimeSecs -} - -func (c *Config) Compression() CompressionAlgo { - if c == nil { - return CompressionNone - } - return c.DefaultCompressionAlgo -} - -func (c *Config) RSAModulusBits() int { - if c == nil || c.RSABits == 0 { - return 2048 - } - return c.RSABits -} - -func (c *Config) PublicKeyAlgorithm() PublicKeyAlgorithm { - if c == nil || c.Algorithm == 0 { - return PubKeyAlgoRSA - } - return c.Algorithm -} - -func (c *Config) CurveName() Curve { - if c == nil || c.Curve == "" { - return Curve25519 - } - return c.Curve -} - -// Deprecated: The hash iterations should now be queried via the S2K() method. -func (c *Config) PasswordHashIterations() int { - if c == nil || c.S2KCount == 0 { - return 0 - } - return c.S2KCount -} - -func (c *Config) S2K() *s2k.Config { - if c == nil { - return nil - } - // for backwards compatibility - if c.S2KCount > 0 && c.S2KConfig == nil { - return &s2k.Config{ - S2KCount: c.S2KCount, - } - } - return c.S2KConfig -} - -func (c *Config) AEAD() *AEADConfig { - if c == nil { - return nil - } - return c.AEADConfig -} - -func (c *Config) SigningKey() uint64 { - if c == nil { - return 0 - } - return c.SigningKeyId -} - -func (c *Config) SigningUserId() string { - if c == nil { - return "" - } - return c.SigningIdentity -} - -func (c *Config) AllowUnauthenticatedMessages() bool { - if c == nil { - return false - } - return c.InsecureAllowUnauthenticatedMessages -} - -func (c *Config) AllowDecryptionWithSigningKeys() bool { - if c == nil { - return false - } - return c.InsecureAllowDecryptionWithSigningKeys -} - -func (c *Config) KnownNotation(notationName string) bool { - if c == nil { - return false - } - return c.KnownNotations[notationName] -} - -func (c *Config) Notations() []*Notation { - if c == nil { - return nil - } - return c.SignatureNotations -} - -func (c *Config) V6() bool { - if c == nil { - return false - } - return c.V6Keys -} - -func (c *Config) IntendedRecipients() bool { - if c == nil || c.CheckIntendedRecipients == nil { - return true - } - return *c.CheckIntendedRecipients -} - -func (c *Config) RetrieveSessionKey() bool { - if c == nil { - return false - } - return c.CacheSessionKey -} - -func (c *Config) MinimumRSABits() uint16 { - if c == nil || c.MinRSABits == 0 { - return 2047 - } - return c.MinRSABits -} - -func (c *Config) RejectPublicKeyAlgorithm(alg PublicKeyAlgorithm) bool { - var rejectedAlgorithms map[PublicKeyAlgorithm]bool - if c == nil || c.RejectPublicKeyAlgorithms == nil { - // Default - rejectedAlgorithms = defaultRejectPublicKeyAlgorithms - } else { - rejectedAlgorithms = c.RejectPublicKeyAlgorithms - } - return rejectedAlgorithms[alg] -} - -func (c *Config) RejectHashAlgorithm(hash crypto.Hash) bool { - var rejectedAlgorithms map[crypto.Hash]bool - if c == nil || c.RejectHashAlgorithms == nil { - // Default - rejectedAlgorithms = defaultRejectHashAlgorithms - } else { - rejectedAlgorithms = c.RejectHashAlgorithms - } - return rejectedAlgorithms[hash] -} - -func (c *Config) RejectMessageHashAlgorithm(hash crypto.Hash) bool { - var rejectedAlgorithms map[crypto.Hash]bool - if c == nil || c.RejectMessageHashAlgorithms == nil { - // Default - rejectedAlgorithms = defaultRejectMessageHashAlgorithms - } else { - rejectedAlgorithms = c.RejectMessageHashAlgorithms - } - return rejectedAlgorithms[hash] -} - -func (c *Config) RejectCurve(curve Curve) bool { - var rejectedCurve map[Curve]bool - if c == nil || c.RejectCurves == nil { - // Default - rejectedCurve = defaultRejectCurves - } else { - rejectedCurve = c.RejectCurves - } - return rejectedCurve[curve] -} - -func (c *Config) StrictPacketSequence() bool { - if c == nil || c.CheckPacketSequence == nil { - return true - } - return *c.CheckPacketSequence -} - -func (c *Config) RandomizeSignaturesViaNotation() bool { - if c == nil || c.NonDeterministicSignaturesViaNotation == nil { - return true - } - return *c.NonDeterministicSignaturesViaNotation -} - -func (c *Config) AllowAllKeyFlagsWhenMissing() bool { - if c == nil { - return false - } - return c.InsecureAllowAllKeyFlagsWhenMissing -} - -// BoolPointer is a helper function to set a boolean pointer in the Config. -// e.g., config.CheckPacketSequence = BoolPointer(true) -func BoolPointer(value bool) *bool { - return &value -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go deleted file mode 100644 index f2415906b9..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build !v5 - -package packet - -func init() { - V5Disabled = true -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go deleted file mode 100644 index b90bb28911..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go +++ /dev/null @@ -1,584 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "bytes" - "crypto" - "crypto/rsa" - "encoding/binary" - "encoding/hex" - "io" - "math/big" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/ecdh" - "github.com/ProtonMail/go-crypto/openpgp/elgamal" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/encoding" - "github.com/ProtonMail/go-crypto/openpgp/x25519" - "github.com/ProtonMail/go-crypto/openpgp/x448" -) - -// EncryptedKey represents a public-key encrypted session key. See RFC 4880, -// section 5.1. -type EncryptedKey struct { - Version int - KeyId uint64 - KeyVersion int // v6 - KeyFingerprint []byte // v6 - Algo PublicKeyAlgorithm - CipherFunc CipherFunction // only valid after a successful Decrypt for a v3 packet - Key []byte // only valid after a successful Decrypt - - encryptedMPI1, encryptedMPI2 encoding.Field - ephemeralPublicX25519 *x25519.PublicKey // used for x25519 - ephemeralPublicX448 *x448.PublicKey // used for x448 - encryptedSession []byte // used for x25519 and x448 -} - -func (e *EncryptedKey) parse(r io.Reader) (err error) { - var buf [8]byte - _, err = readFull(r, buf[:versionSize]) - if err != nil { - return - } - e.Version = int(buf[0]) - if e.Version != 3 && e.Version != 6 { - return errors.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0]))) - } - if e.Version == 6 { - //Read a one-octet size of the following two fields. - if _, err = readFull(r, buf[:1]); err != nil { - return - } - // The size may also be zero, and the key version and - // fingerprint omitted for an "anonymous recipient" - if buf[0] != 0 { - // non-anonymous case - _, err = readFull(r, buf[:versionSize]) - if err != nil { - return - } - e.KeyVersion = int(buf[0]) - if e.KeyVersion != 4 && e.KeyVersion != 6 { - return errors.UnsupportedError("unknown public key version " + strconv.Itoa(e.KeyVersion)) - } - var fingerprint []byte - if e.KeyVersion == 6 { - fingerprint = make([]byte, fingerprintSizeV6) - } else if e.KeyVersion == 4 { - fingerprint = make([]byte, fingerprintSize) - } - _, err = readFull(r, fingerprint) - if err != nil { - return - } - e.KeyFingerprint = fingerprint - if e.KeyVersion == 6 { - e.KeyId = binary.BigEndian.Uint64(e.KeyFingerprint[:keyIdSize]) - } else if e.KeyVersion == 4 { - e.KeyId = binary.BigEndian.Uint64(e.KeyFingerprint[fingerprintSize-keyIdSize : fingerprintSize]) - } - } - } else { - _, err = readFull(r, buf[:8]) - if err != nil { - return - } - e.KeyId = binary.BigEndian.Uint64(buf[:keyIdSize]) - } - - _, err = readFull(r, buf[:1]) - if err != nil { - return - } - e.Algo = PublicKeyAlgorithm(buf[0]) - var cipherFunction byte - switch e.Algo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: - e.encryptedMPI1 = new(encoding.MPI) - if _, err = e.encryptedMPI1.ReadFrom(r); err != nil { - return - } - case PubKeyAlgoElGamal: - e.encryptedMPI1 = new(encoding.MPI) - if _, err = e.encryptedMPI1.ReadFrom(r); err != nil { - return - } - - e.encryptedMPI2 = new(encoding.MPI) - if _, err = e.encryptedMPI2.ReadFrom(r); err != nil { - return - } - case PubKeyAlgoECDH: - e.encryptedMPI1 = new(encoding.MPI) - if _, err = e.encryptedMPI1.ReadFrom(r); err != nil { - return - } - - e.encryptedMPI2 = new(encoding.OID) - if _, err = e.encryptedMPI2.ReadFrom(r); err != nil { - return - } - case PubKeyAlgoX25519: - e.ephemeralPublicX25519, e.encryptedSession, cipherFunction, err = x25519.DecodeFields(r, e.Version == 6) - if err != nil { - return - } - case PubKeyAlgoX448: - e.ephemeralPublicX448, e.encryptedSession, cipherFunction, err = x448.DecodeFields(r, e.Version == 6) - if err != nil { - return - } - } - if e.Version < 6 { - switch e.Algo { - case PubKeyAlgoX25519, PubKeyAlgoX448: - e.CipherFunc = CipherFunction(cipherFunction) - // Check for validiy is in the Decrypt method - } - } - - _, err = consumeAll(r) - return -} - -// Decrypt decrypts an encrypted session key with the given private key. The -// private key must have been decrypted first. -// If config is nil, sensible defaults will be used. -func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error { - if e.Version < 6 && e.KeyId != 0 && e.KeyId != priv.KeyId { - return errors.InvalidArgumentError("cannot decrypt encrypted session key for key id " + strconv.FormatUint(e.KeyId, 16) + " with private key id " + strconv.FormatUint(priv.KeyId, 16)) - } - if e.Version == 6 && e.KeyVersion != 0 && !bytes.Equal(e.KeyFingerprint, priv.Fingerprint) { - return errors.InvalidArgumentError("cannot decrypt encrypted session key for key fingerprint " + hex.EncodeToString(e.KeyFingerprint) + " with private key fingerprint " + hex.EncodeToString(priv.Fingerprint)) - } - if e.Algo != priv.PubKeyAlgo { - return errors.InvalidArgumentError("cannot decrypt encrypted session key of type " + strconv.Itoa(int(e.Algo)) + " with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo))) - } - if priv.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - - var err error - var b []byte - - // TODO(agl): use session key decryption routines here to avoid - // padding oracle attacks. - switch priv.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: - // Supports both *rsa.PrivateKey and crypto.Decrypter - k := priv.PrivateKey.(crypto.Decrypter) - b, err = k.Decrypt(config.Random(), padToKeySize(k.Public().(*rsa.PublicKey), e.encryptedMPI1.Bytes()), nil) - case PubKeyAlgoElGamal: - c1 := new(big.Int).SetBytes(e.encryptedMPI1.Bytes()) - c2 := new(big.Int).SetBytes(e.encryptedMPI2.Bytes()) - b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2) - case PubKeyAlgoECDH: - vsG := e.encryptedMPI1.Bytes() - m := e.encryptedMPI2.Bytes() - oid := priv.PublicKey.oid.EncodedBytes() - fp := priv.PublicKey.Fingerprint[:] - if priv.PublicKey.Version == 5 { - // For v5 the, the fingerprint must be restricted to 20 bytes - fp = fp[:20] - } - b, err = ecdh.Decrypt(priv.PrivateKey.(*ecdh.PrivateKey), vsG, m, oid, fp) - case PubKeyAlgoX25519: - b, err = x25519.Decrypt(priv.PrivateKey.(*x25519.PrivateKey), e.ephemeralPublicX25519, e.encryptedSession) - case PubKeyAlgoX448: - b, err = x448.Decrypt(priv.PrivateKey.(*x448.PrivateKey), e.ephemeralPublicX448, e.encryptedSession) - default: - err = errors.InvalidArgumentError("cannot decrypt encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo))) - } - if err != nil { - return err - } - - var key []byte - switch priv.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH: - keyOffset := 0 - if e.Version < 6 { - e.CipherFunc = CipherFunction(b[0]) - keyOffset = 1 - if !e.CipherFunc.IsSupported() { - return errors.UnsupportedError("unsupported encryption function") - } - } - key, err = decodeChecksumKey(b[keyOffset:]) - if err != nil { - return err - } - case PubKeyAlgoX25519, PubKeyAlgoX448: - if e.Version < 6 { - switch e.CipherFunc { - case CipherAES128, CipherAES192, CipherAES256: - break - default: - return errors.StructuralError("v3 PKESK mandates AES as cipher function for x25519 and x448") - } - } - key = b[:] - default: - return errors.UnsupportedError("unsupported algorithm for decryption") - } - e.Key = key - return nil -} - -// Serialize writes the encrypted key packet, e, to w. -func (e *EncryptedKey) Serialize(w io.Writer) error { - var encodedLength int - switch e.Algo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: - encodedLength = int(e.encryptedMPI1.EncodedLength()) - case PubKeyAlgoElGamal: - encodedLength = int(e.encryptedMPI1.EncodedLength()) + int(e.encryptedMPI2.EncodedLength()) - case PubKeyAlgoECDH: - encodedLength = int(e.encryptedMPI1.EncodedLength()) + int(e.encryptedMPI2.EncodedLength()) - case PubKeyAlgoX25519: - encodedLength = x25519.EncodedFieldsLength(e.encryptedSession, e.Version == 6) - case PubKeyAlgoX448: - encodedLength = x448.EncodedFieldsLength(e.encryptedSession, e.Version == 6) - default: - return errors.InvalidArgumentError("don't know how to serialize encrypted key type " + strconv.Itoa(int(e.Algo))) - } - - packetLen := versionSize /* version */ + keyIdSize /* key id */ + algorithmSize /* algo */ + encodedLength - if e.Version == 6 { - packetLen = versionSize /* version */ + algorithmSize /* algo */ + encodedLength + keyVersionSize /* key version */ - if e.KeyVersion == 6 { - packetLen += fingerprintSizeV6 - } else if e.KeyVersion == 4 { - packetLen += fingerprintSize - } - } - - err := serializeHeader(w, packetTypeEncryptedKey, packetLen) - if err != nil { - return err - } - - _, err = w.Write([]byte{byte(e.Version)}) - if err != nil { - return err - } - if e.Version == 6 { - _, err = w.Write([]byte{byte(e.KeyVersion)}) - if err != nil { - return err - } - // The key version number may also be zero, - // and the fingerprint omitted - if e.KeyVersion != 0 { - _, err = w.Write(e.KeyFingerprint) - if err != nil { - return err - } - } - } else { - // Write KeyID - err = binary.Write(w, binary.BigEndian, e.KeyId) - if err != nil { - return err - } - } - _, err = w.Write([]byte{byte(e.Algo)}) - if err != nil { - return err - } - - switch e.Algo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: - _, err := w.Write(e.encryptedMPI1.EncodedBytes()) - return err - case PubKeyAlgoElGamal: - if _, err := w.Write(e.encryptedMPI1.EncodedBytes()); err != nil { - return err - } - _, err := w.Write(e.encryptedMPI2.EncodedBytes()) - return err - case PubKeyAlgoECDH: - if _, err := w.Write(e.encryptedMPI1.EncodedBytes()); err != nil { - return err - } - _, err := w.Write(e.encryptedMPI2.EncodedBytes()) - return err - case PubKeyAlgoX25519: - err := x25519.EncodeFields(w, e.ephemeralPublicX25519, e.encryptedSession, byte(e.CipherFunc), e.Version == 6) - return err - case PubKeyAlgoX448: - err := x448.EncodeFields(w, e.ephemeralPublicX448, e.encryptedSession, byte(e.CipherFunc), e.Version == 6) - return err - default: - panic("internal error") - } -} - -// SerializeEncryptedKeyAEAD serializes an encrypted key packet to w that contains -// key, encrypted to pub. -// If aeadSupported is set, PKESK v6 is used, otherwise v3. -// Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted. -// If config is nil, sensible defaults will be used. -func SerializeEncryptedKeyAEAD(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, key []byte, config *Config) error { - return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, aeadSupported, key, false, config) -} - -// SerializeEncryptedKeyAEADwithHiddenOption serializes an encrypted key packet to w that contains -// key, encrypted to pub. -// Offers the hidden flag option to indicated if the PKESK packet should include a wildcard KeyID. -// If aeadSupported is set, PKESK v6 is used, otherwise v3. -// Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted. -// If config is nil, sensible defaults will be used. -func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, key []byte, hidden bool, config *Config) error { - var buf [36]byte // max possible header size is v6 - lenHeaderWritten := versionSize - version := 3 - - if aeadSupported { - version = 6 - } - // An implementation MUST NOT generate ElGamal v6 PKESKs. - if version == 6 && pub.PubKeyAlgo == PubKeyAlgoElGamal { - return errors.InvalidArgumentError("ElGamal v6 PKESK are not allowed") - } - // In v3 PKESKs, for x25519 and x448, mandate using AES - if version == 3 && (pub.PubKeyAlgo == PubKeyAlgoX25519 || pub.PubKeyAlgo == PubKeyAlgoX448) { - switch cipherFunc { - case CipherAES128, CipherAES192, CipherAES256: - break - default: - return errors.InvalidArgumentError("v3 PKESK mandates AES for x25519 and x448") - } - } - - buf[0] = byte(version) - - // If hidden is set, the key should be hidden - // An implementation MAY accept or use a Key ID of all zeros, - // or a key version of zero and no key fingerprint, to hide the intended decryption key. - // See Section 5.1.8. in the open pgp crypto refresh - if version == 6 { - if !hidden { - // A one-octet size of the following two fields. - buf[1] = byte(keyVersionSize + len(pub.Fingerprint)) - // A one octet key version number. - buf[2] = byte(pub.Version) - lenHeaderWritten += keyVersionSize + 1 - // The fingerprint of the public key - copy(buf[lenHeaderWritten:lenHeaderWritten+len(pub.Fingerprint)], pub.Fingerprint) - lenHeaderWritten += len(pub.Fingerprint) - } else { - // The size may also be zero, and the key version - // and fingerprint omitted for an "anonymous recipient" - buf[1] = 0 - lenHeaderWritten += 1 - } - } else { - if !hidden { - binary.BigEndian.PutUint64(buf[versionSize:(versionSize+keyIdSize)], pub.KeyId) - } - lenHeaderWritten += keyIdSize - } - buf[lenHeaderWritten] = byte(pub.PubKeyAlgo) - lenHeaderWritten += algorithmSize - - var keyBlock []byte - switch pub.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH: - lenKeyBlock := len(key) + 2 - if version < 6 { - lenKeyBlock += 1 // cipher type included - } - keyBlock = make([]byte, lenKeyBlock) - keyOffset := 0 - if version < 6 { - keyBlock[0] = byte(cipherFunc) - keyOffset = 1 - } - encodeChecksumKey(keyBlock[keyOffset:], key) - case PubKeyAlgoX25519, PubKeyAlgoX448: - // algorithm is added in plaintext below - keyBlock = key - } - - switch pub.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly: - return serializeEncryptedKeyRSA(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*rsa.PublicKey), keyBlock) - case PubKeyAlgoElGamal: - return serializeEncryptedKeyElGamal(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*elgamal.PublicKey), keyBlock) - case PubKeyAlgoECDH: - return serializeEncryptedKeyECDH(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*ecdh.PublicKey), keyBlock, pub.oid, pub.Fingerprint) - case PubKeyAlgoX25519: - return serializeEncryptedKeyX25519(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*x25519.PublicKey), keyBlock, byte(cipherFunc), version) - case PubKeyAlgoX448: - return serializeEncryptedKeyX448(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*x448.PublicKey), keyBlock, byte(cipherFunc), version) - case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly: - return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo))) - } - - return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo))) -} - -// SerializeEncryptedKey serializes an encrypted key packet to w that contains -// key, encrypted to pub. -// PKESKv6 is used if config.AEAD() is not nil. -// If config is nil, sensible defaults will be used. -// Deprecated: Use SerializeEncryptedKeyAEAD instead. -func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error { - return SerializeEncryptedKeyAEAD(w, pub, cipherFunc, config.AEAD() != nil, key, config) -} - -// SerializeEncryptedKeyWithHiddenOption serializes an encrypted key packet to w that contains -// key, encrypted to pub. PKESKv6 is used if config.AEAD() is not nil. -// The hidden option controls if the packet should be anonymous, i.e., omit key metadata. -// If config is nil, sensible defaults will be used. -// Deprecated: Use SerializeEncryptedKeyAEADwithHiddenOption instead. -func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, hidden bool, config *Config) error { - return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config) -} - -func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header []byte, pub *rsa.PublicKey, keyBlock []byte) error { - cipherText, err := rsa.EncryptPKCS1v15(rand, pub, keyBlock) - if err != nil { - return errors.InvalidArgumentError("RSA encryption failed: " + err.Error()) - } - - cipherMPI := encoding.NewMPI(cipherText) - packetLen := len(header) /* header length */ + int(cipherMPI.EncodedLength()) - - err = serializeHeader(w, packetTypeEncryptedKey, packetLen) - if err != nil { - return err - } - _, err = w.Write(header[:]) - if err != nil { - return err - } - _, err = w.Write(cipherMPI.EncodedBytes()) - return err -} - -func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header []byte, pub *elgamal.PublicKey, keyBlock []byte) error { - c1, c2, err := elgamal.Encrypt(rand, pub, keyBlock) - if err != nil { - return errors.InvalidArgumentError("ElGamal encryption failed: " + err.Error()) - } - - packetLen := len(header) /* header length */ - packetLen += 2 /* mpi size */ + (c1.BitLen()+7)/8 - packetLen += 2 /* mpi size */ + (c2.BitLen()+7)/8 - - err = serializeHeader(w, packetTypeEncryptedKey, packetLen) - if err != nil { - return err - } - _, err = w.Write(header[:]) - if err != nil { - return err - } - if _, err = w.Write(new(encoding.MPI).SetBig(c1).EncodedBytes()); err != nil { - return err - } - _, err = w.Write(new(encoding.MPI).SetBig(c2).EncodedBytes()) - return err -} - -func serializeEncryptedKeyECDH(w io.Writer, rand io.Reader, header []byte, pub *ecdh.PublicKey, keyBlock []byte, oid encoding.Field, fingerprint []byte) error { - vsG, c, err := ecdh.Encrypt(rand, pub, keyBlock, oid.EncodedBytes(), fingerprint) - if err != nil { - return errors.InvalidArgumentError("ECDH encryption failed: " + err.Error()) - } - - g := encoding.NewMPI(vsG) - m := encoding.NewOID(c) - - packetLen := len(header) /* header length */ - packetLen += int(g.EncodedLength()) + int(m.EncodedLength()) - - err = serializeHeader(w, packetTypeEncryptedKey, packetLen) - if err != nil { - return err - } - - _, err = w.Write(header[:]) - if err != nil { - return err - } - if _, err = w.Write(g.EncodedBytes()); err != nil { - return err - } - _, err = w.Write(m.EncodedBytes()) - return err -} - -func serializeEncryptedKeyX25519(w io.Writer, rand io.Reader, header []byte, pub *x25519.PublicKey, keyBlock []byte, cipherFunc byte, version int) error { - ephemeralPublicX25519, ciphertext, err := x25519.Encrypt(rand, pub, keyBlock) - if err != nil { - return errors.InvalidArgumentError("x25519 encryption failed: " + err.Error()) - } - - packetLen := len(header) /* header length */ - packetLen += x25519.EncodedFieldsLength(ciphertext, version == 6) - - err = serializeHeader(w, packetTypeEncryptedKey, packetLen) - if err != nil { - return err - } - - _, err = w.Write(header[:]) - if err != nil { - return err - } - return x25519.EncodeFields(w, ephemeralPublicX25519, ciphertext, cipherFunc, version == 6) -} - -func serializeEncryptedKeyX448(w io.Writer, rand io.Reader, header []byte, pub *x448.PublicKey, keyBlock []byte, cipherFunc byte, version int) error { - ephemeralPublicX448, ciphertext, err := x448.Encrypt(rand, pub, keyBlock) - if err != nil { - return errors.InvalidArgumentError("x448 encryption failed: " + err.Error()) - } - - packetLen := len(header) /* header length */ - packetLen += x448.EncodedFieldsLength(ciphertext, version == 6) - - err = serializeHeader(w, packetTypeEncryptedKey, packetLen) - if err != nil { - return err - } - - _, err = w.Write(header[:]) - if err != nil { - return err - } - return x448.EncodeFields(w, ephemeralPublicX448, ciphertext, cipherFunc, version == 6) -} - -func checksumKeyMaterial(key []byte) uint16 { - var checksum uint16 - for _, v := range key { - checksum += uint16(v) - } - return checksum -} - -func decodeChecksumKey(msg []byte) (key []byte, err error) { - key = msg[:len(msg)-2] - expectedChecksum := uint16(msg[len(msg)-2])<<8 | uint16(msg[len(msg)-1]) - checksum := checksumKeyMaterial(key) - if checksum != expectedChecksum { - err = errors.StructuralError("session key checksum is incorrect") - } - return -} - -func encodeChecksumKey(buffer []byte, key []byte) { - copy(buffer, key) - checksum := checksumKeyMaterial(key) - buffer[len(key)] = byte(checksum >> 8) - buffer[len(key)+1] = byte(checksum) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go deleted file mode 100644 index 8a028c8a17..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go +++ /dev/null @@ -1,91 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "encoding/binary" - "io" -) - -// LiteralData represents an encrypted file. See RFC 4880, section 5.9. -type LiteralData struct { - Format uint8 - IsBinary bool - FileName string - Time uint32 // Unix epoch time. Either creation time or modification time. 0 means undefined. - Body io.Reader -} - -// ForEyesOnly returns whether the contents of the LiteralData have been marked -// as especially sensitive. -func (l *LiteralData) ForEyesOnly() bool { - return l.FileName == "_CONSOLE" -} - -func (l *LiteralData) parse(r io.Reader) (err error) { - var buf [256]byte - - _, err = readFull(r, buf[:2]) - if err != nil { - return - } - - l.Format = buf[0] - l.IsBinary = l.Format == 'b' - fileNameLen := int(buf[1]) - - _, err = readFull(r, buf[:fileNameLen]) - if err != nil { - return - } - - l.FileName = string(buf[:fileNameLen]) - - _, err = readFull(r, buf[:4]) - if err != nil { - return - } - - l.Time = binary.BigEndian.Uint32(buf[:4]) - l.Body = r - return -} - -// SerializeLiteral serializes a literal data packet to w and returns a -// WriteCloser to which the data itself can be written and which MUST be closed -// on completion. The fileName is truncated to 255 bytes. -func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error) { - var buf [4]byte - buf[0] = 'b' - if !isBinary { - buf[0] = 'u' - } - if len(fileName) > 255 { - fileName = fileName[:255] - } - buf[1] = byte(len(fileName)) - - inner, err := serializeStreamHeader(w, packetTypeLiteralData) - if err != nil { - return - } - - _, err = inner.Write(buf[:2]) - if err != nil { - return - } - _, err = inner.Write([]byte(fileName)) - if err != nil { - return - } - binary.BigEndian.PutUint32(buf[:], time) - _, err = inner.Write(buf[:]) - if err != nil { - return - } - - plaintext = inner - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go deleted file mode 100644 index 1ee378ba3c..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go +++ /dev/null @@ -1,33 +0,0 @@ -package packet - -import ( - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -type Marker struct{} - -const markerString = "PGP" - -// parse just checks if the packet contains "PGP". -func (m *Marker) parse(reader io.Reader) error { - var buffer [3]byte - if _, err := io.ReadFull(reader, buffer[:]); err != nil { - return err - } - if string(buffer[:]) != markerString { - return errors.StructuralError("invalid marker packet") - } - return nil -} - -// SerializeMarker writes a marker packet to writer. -func SerializeMarker(writer io.Writer) error { - err := serializeHeader(writer, packetTypeMarker, len(markerString)) - if err != nil { - return err - } - _, err = writer.Write([]byte(markerString)) - return err -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go deleted file mode 100644 index 2c3e3f50b2..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go +++ /dev/null @@ -1,29 +0,0 @@ -package packet - -// Notation type represents a Notation Data subpacket -// see https://tools.ietf.org/html/rfc4880#section-5.2.3.16 -type Notation struct { - Name string - Value []byte - IsCritical bool - IsHumanReadable bool -} - -func (notation *Notation) getData() []byte { - nameData := []byte(notation.Name) - nameLen := len(nameData) - valueLen := len(notation.Value) - - data := make([]byte, 8+nameLen+valueLen) - if notation.IsHumanReadable { - data[0] = 0x80 - } - - data[4] = byte(nameLen >> 8) - data[5] = byte(nameLen) - data[6] = byte(valueLen >> 8) - data[7] = byte(valueLen) - copy(data[8:8+nameLen], nameData) - copy(data[8+nameLen:], notation.Value) - return data -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go deleted file mode 100644 index 4f26d0a00b..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go +++ /dev/null @@ -1,137 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// OpenPGP CFB Mode. http://tools.ietf.org/html/rfc4880#section-13.9 - -package packet - -import ( - "crypto/cipher" -) - -type ocfbEncrypter struct { - b cipher.Block - fre []byte - outUsed int -} - -// An OCFBResyncOption determines if the "resynchronization step" of OCFB is -// performed. -type OCFBResyncOption bool - -const ( - OCFBResync OCFBResyncOption = true - OCFBNoResync OCFBResyncOption = false -) - -// NewOCFBEncrypter returns a cipher.Stream which encrypts data with OpenPGP's -// cipher feedback mode using the given cipher.Block, and an initial amount of -// ciphertext. randData must be random bytes and be the same length as the -// cipher.Block's block size. Resync determines if the "resynchronization step" -// from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on -// this point. -func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte) { - blockSize := block.BlockSize() - if len(randData) != blockSize { - return nil, nil - } - - x := &ocfbEncrypter{ - b: block, - fre: make([]byte, blockSize), - outUsed: 0, - } - prefix := make([]byte, blockSize+2) - - block.Encrypt(x.fre, x.fre) - for i := 0; i < blockSize; i++ { - prefix[i] = randData[i] ^ x.fre[i] - } - - block.Encrypt(x.fre, prefix[:blockSize]) - prefix[blockSize] = x.fre[0] ^ randData[blockSize-2] - prefix[blockSize+1] = x.fre[1] ^ randData[blockSize-1] - - if resync { - block.Encrypt(x.fre, prefix[2:]) - } else { - x.fre[0] = prefix[blockSize] - x.fre[1] = prefix[blockSize+1] - x.outUsed = 2 - } - return x, prefix -} - -func (x *ocfbEncrypter) XORKeyStream(dst, src []byte) { - for i := 0; i < len(src); i++ { - if x.outUsed == len(x.fre) { - x.b.Encrypt(x.fre, x.fre) - x.outUsed = 0 - } - - x.fre[x.outUsed] ^= src[i] - dst[i] = x.fre[x.outUsed] - x.outUsed++ - } -} - -type ocfbDecrypter struct { - b cipher.Block - fre []byte - outUsed int -} - -// NewOCFBDecrypter returns a cipher.Stream which decrypts data with OpenPGP's -// cipher feedback mode using the given cipher.Block. Prefix must be the first -// blockSize + 2 bytes of the ciphertext, where blockSize is the cipher.Block's -// block size. On successful exit, blockSize+2 bytes of decrypted data are written into -// prefix. Resync determines if the "resynchronization step" from RFC 4880, -// 13.9 step 7 is performed. Different parts of OpenPGP vary on this point. -func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream { - blockSize := block.BlockSize() - if len(prefix) != blockSize+2 { - return nil - } - - x := &ocfbDecrypter{ - b: block, - fre: make([]byte, blockSize), - outUsed: 0, - } - prefixCopy := make([]byte, len(prefix)) - copy(prefixCopy, prefix) - - block.Encrypt(x.fre, x.fre) - for i := 0; i < blockSize; i++ { - prefixCopy[i] ^= x.fre[i] - } - - block.Encrypt(x.fre, prefix[:blockSize]) - prefixCopy[blockSize] ^= x.fre[0] - prefixCopy[blockSize+1] ^= x.fre[1] - - if resync { - block.Encrypt(x.fre, prefix[2:]) - } else { - x.fre[0] = prefix[blockSize] - x.fre[1] = prefix[blockSize+1] - x.outUsed = 2 - } - copy(prefix, prefixCopy) - return x -} - -func (x *ocfbDecrypter) XORKeyStream(dst, src []byte) { - for i := 0; i < len(src); i++ { - if x.outUsed == len(x.fre) { - x.b.Encrypt(x.fre, x.fre) - x.outUsed = 0 - } - - c := src[i] - dst[i] = x.fre[x.outUsed] ^ src[i] - x.fre[x.outUsed] = c - x.outUsed++ - } -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go deleted file mode 100644 index f393c4063b..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go +++ /dev/null @@ -1,157 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "crypto" - "encoding/binary" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" -) - -// OnePassSignature represents a one-pass signature packet. See RFC 4880, -// section 5.4. -type OnePassSignature struct { - Version int - SigType SignatureType - Hash crypto.Hash - PubKeyAlgo PublicKeyAlgorithm - KeyId uint64 - IsLast bool - Salt []byte // v6 only - KeyFingerprint []byte // v6 only -} - -func (ops *OnePassSignature) parse(r io.Reader) (err error) { - var buf [8]byte - // Read: version | signature type | hash algorithm | public-key algorithm - _, err = readFull(r, buf[:4]) - if err != nil { - return - } - if buf[0] != 3 && buf[0] != 6 { - return errors.UnsupportedError("one-pass-signature packet version " + strconv.Itoa(int(buf[0]))) - } - ops.Version = int(buf[0]) - - var ok bool - ops.Hash, ok = algorithm.HashIdToHashWithSha1(buf[2]) - if !ok { - return errors.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2]))) - } - - ops.SigType = SignatureType(buf[1]) - ops.PubKeyAlgo = PublicKeyAlgorithm(buf[3]) - - if ops.Version == 6 { - // Only for v6, a variable-length field containing the salt - _, err = readFull(r, buf[:1]) - if err != nil { - return - } - saltLength := int(buf[0]) - var expectedSaltLength int - expectedSaltLength, err = SaltLengthForHash(ops.Hash) - if err != nil { - return - } - if saltLength != expectedSaltLength { - err = errors.StructuralError("unexpected salt size for the given hash algorithm") - return - } - salt := make([]byte, expectedSaltLength) - _, err = readFull(r, salt) - if err != nil { - return - } - ops.Salt = salt - - // Only for v6 packets, 32 octets of the fingerprint of the signing key. - fingerprint := make([]byte, 32) - _, err = readFull(r, fingerprint) - if err != nil { - return - } - ops.KeyFingerprint = fingerprint - ops.KeyId = binary.BigEndian.Uint64(ops.KeyFingerprint[:8]) - } else { - _, err = readFull(r, buf[:8]) - if err != nil { - return - } - ops.KeyId = binary.BigEndian.Uint64(buf[:8]) - } - - _, err = readFull(r, buf[:1]) - if err != nil { - return - } - ops.IsLast = buf[0] != 0 - return -} - -// Serialize marshals the given OnePassSignature to w. -func (ops *OnePassSignature) Serialize(w io.Writer) error { - //v3 length 1+1+1+1+8+1 = - packetLength := 13 - if ops.Version == 6 { - // v6 length 1+1+1+1+1+len(salt)+32+1 = - packetLength = 38 + len(ops.Salt) - } - - if err := serializeHeader(w, packetTypeOnePassSignature, packetLength); err != nil { - return err - } - - var buf [8]byte - buf[0] = byte(ops.Version) - buf[1] = uint8(ops.SigType) - var ok bool - buf[2], ok = algorithm.HashToHashIdWithSha1(ops.Hash) - if !ok { - return errors.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash))) - } - buf[3] = uint8(ops.PubKeyAlgo) - - _, err := w.Write(buf[:4]) - if err != nil { - return err - } - - if ops.Version == 6 { - // write salt for v6 signatures - _, err := w.Write([]byte{uint8(len(ops.Salt))}) - if err != nil { - return err - } - _, err = w.Write(ops.Salt) - if err != nil { - return err - } - - // write fingerprint v6 signatures - _, err = w.Write(ops.KeyFingerprint) - if err != nil { - return err - } - } else { - binary.BigEndian.PutUint64(buf[:8], ops.KeyId) - _, err := w.Write(buf[:8]) - if err != nil { - return err - } - } - - isLast := []byte{byte(0)} - if ops.IsLast { - isLast[0] = 1 - } - - _, err = w.Write(isLast) - return err -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go deleted file mode 100644 index cef7c661d3..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go +++ /dev/null @@ -1,170 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "bytes" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is -// useful for splitting and storing the original packet contents separately, -// handling unsupported packet types or accessing parts of the packet not yet -// implemented by this package. -type OpaquePacket struct { - // Packet type - Tag uint8 - // Reason why the packet was parsed opaquely - Reason error - // Binary contents of the packet data - Contents []byte -} - -func (op *OpaquePacket) parse(r io.Reader) (err error) { - op.Contents, err = io.ReadAll(r) - return -} - -// Serialize marshals the packet to a writer in its original form, including -// the packet header. -func (op *OpaquePacket) Serialize(w io.Writer) (err error) { - err = serializeHeader(w, packetType(op.Tag), len(op.Contents)) - if err == nil { - _, err = w.Write(op.Contents) - } - return -} - -// Parse attempts to parse the opaque contents into a structure supported by -// this package. If the packet is not known then the result will be another -// OpaquePacket. -func (op *OpaquePacket) Parse() (p Packet, err error) { - hdr := bytes.NewBuffer(nil) - err = serializeHeader(hdr, packetType(op.Tag), len(op.Contents)) - if err != nil { - op.Reason = err - return op, err - } - p, err = Read(io.MultiReader(hdr, bytes.NewBuffer(op.Contents))) - if err != nil { - op.Reason = err - p = op - } - return -} - -// OpaqueReader reads OpaquePackets from an io.Reader. -type OpaqueReader struct { - r io.Reader -} - -func NewOpaqueReader(r io.Reader) *OpaqueReader { - return &OpaqueReader{r: r} -} - -// Read the next OpaquePacket. -func (or *OpaqueReader) Next() (op *OpaquePacket, err error) { - tag, _, contents, err := readHeader(or.r) - if err != nil { - return - } - op = &OpaquePacket{Tag: uint8(tag), Reason: err} - err = op.parse(contents) - if err != nil { - consumeAll(contents) - } - return -} - -// OpaqueSubpacket represents an unparsed OpenPGP subpacket, -// as found in signature and user attribute packets. -type OpaqueSubpacket struct { - SubType uint8 - EncodedLength []byte // Store the original encoded length for signature verifications. - Contents []byte -} - -// OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from -// their byte representation. -func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error) { - var ( - subHeaderLen int - subPacket *OpaqueSubpacket - ) - for len(contents) > 0 { - subHeaderLen, subPacket, err = nextSubpacket(contents) - if err != nil { - break - } - result = append(result, subPacket) - contents = contents[subHeaderLen+len(subPacket.Contents):] - } - return -} - -func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacket, err error) { - // RFC 4880, section 5.2.3.1 - var subLen uint32 - var encodedLength []byte - if len(contents) < 1 { - goto Truncated - } - subPacket = &OpaqueSubpacket{} - switch { - case contents[0] < 192: - subHeaderLen = 2 // 1 length byte, 1 subtype byte - if len(contents) < subHeaderLen { - goto Truncated - } - encodedLength = contents[0:1] - subLen = uint32(contents[0]) - contents = contents[1:] - case contents[0] < 255: - subHeaderLen = 3 // 2 length bytes, 1 subtype - if len(contents) < subHeaderLen { - goto Truncated - } - encodedLength = contents[0:2] - subLen = uint32(contents[0]-192)<<8 + uint32(contents[1]) + 192 - contents = contents[2:] - default: - subHeaderLen = 6 // 5 length bytes, 1 subtype - if len(contents) < subHeaderLen { - goto Truncated - } - encodedLength = contents[0:5] - subLen = uint32(contents[1])<<24 | - uint32(contents[2])<<16 | - uint32(contents[3])<<8 | - uint32(contents[4]) - contents = contents[5:] - - } - if subLen > uint32(len(contents)) || subLen == 0 { - goto Truncated - } - subPacket.SubType = contents[0] - subPacket.EncodedLength = encodedLength - subPacket.Contents = contents[1:subLen] - return -Truncated: - err = errors.StructuralError("subpacket truncated") - return -} - -func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error) { - buf := make([]byte, 6) - copy(buf, osp.EncodedLength) - n := len(osp.EncodedLength) - - buf[n] = osp.SubType - if _, err = w.Write(buf[:n+1]); err != nil { - return - } - _, err = w.Write(osp.Contents) - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go deleted file mode 100644 index 1e92e22c97..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go +++ /dev/null @@ -1,675 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package packet implements parsing and serialization of OpenPGP packets, as -// specified in RFC 4880. -package packet // import "github.com/ProtonMail/go-crypto/openpgp/packet" - -import ( - "bytes" - "crypto/cipher" - "crypto/rsa" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" -) - -// readFull is the same as io.ReadFull except that reading zero bytes returns -// ErrUnexpectedEOF rather than EOF. -func readFull(r io.Reader, buf []byte) (n int, err error) { - n, err = io.ReadFull(r, buf) - if err == io.EOF { - err = io.ErrUnexpectedEOF - } - return -} - -// readLength reads an OpenPGP length from r. See RFC 4880, section 4.2.2. -func readLength(r io.Reader) (length int64, isPartial bool, err error) { - var buf [4]byte - _, err = readFull(r, buf[:1]) - if err != nil { - return - } - switch { - case buf[0] < 192: - length = int64(buf[0]) - case buf[0] < 224: - length = int64(buf[0]-192) << 8 - _, err = readFull(r, buf[0:1]) - if err != nil { - return - } - length += int64(buf[0]) + 192 - case buf[0] < 255: - length = int64(1) << (buf[0] & 0x1f) - isPartial = true - default: - _, err = readFull(r, buf[0:4]) - if err != nil { - return - } - length = int64(buf[0])<<24 | - int64(buf[1])<<16 | - int64(buf[2])<<8 | - int64(buf[3]) - } - return -} - -// partialLengthReader wraps an io.Reader and handles OpenPGP partial lengths. -// The continuation lengths are parsed and removed from the stream and EOF is -// returned at the end of the packet. See RFC 4880, section 4.2.2.4. -type partialLengthReader struct { - r io.Reader - remaining int64 - isPartial bool -} - -func (r *partialLengthReader) Read(p []byte) (n int, err error) { - for r.remaining == 0 { - if !r.isPartial { - return 0, io.EOF - } - r.remaining, r.isPartial, err = readLength(r.r) - if err != nil { - return 0, err - } - } - - toRead := int64(len(p)) - if toRead > r.remaining { - toRead = r.remaining - } - - n, err = r.r.Read(p[:int(toRead)]) - r.remaining -= int64(n) - if n < int(toRead) && err == io.EOF { - err = io.ErrUnexpectedEOF - } - return -} - -// partialLengthWriter writes a stream of data using OpenPGP partial lengths. -// See RFC 4880, section 4.2.2.4. -type partialLengthWriter struct { - w io.WriteCloser - buf bytes.Buffer - lengthByte [1]byte -} - -func (w *partialLengthWriter) Write(p []byte) (n int, err error) { - bufLen := w.buf.Len() - if bufLen > 512 { - for power := uint(30); ; power-- { - l := 1 << power - if bufLen >= l { - w.lengthByte[0] = 224 + uint8(power) - _, err = w.w.Write(w.lengthByte[:]) - if err != nil { - return - } - var m int - m, err = w.w.Write(w.buf.Next(l)) - if err != nil { - return - } - if m != l { - return 0, io.ErrShortWrite - } - break - } - } - } - return w.buf.Write(p) -} - -func (w *partialLengthWriter) Close() (err error) { - len := w.buf.Len() - err = serializeLength(w.w, len) - if err != nil { - return err - } - _, err = w.buf.WriteTo(w.w) - if err != nil { - return err - } - return w.w.Close() -} - -// A spanReader is an io.LimitReader, but it returns ErrUnexpectedEOF if the -// underlying Reader returns EOF before the limit has been reached. -type spanReader struct { - r io.Reader - n int64 -} - -func (l *spanReader) Read(p []byte) (n int, err error) { - if l.n <= 0 { - return 0, io.EOF - } - if int64(len(p)) > l.n { - p = p[0:l.n] - } - n, err = l.r.Read(p) - l.n -= int64(n) - if l.n > 0 && err == io.EOF { - err = io.ErrUnexpectedEOF - } - return -} - -// readHeader parses a packet header and returns an io.Reader which will return -// the contents of the packet. See RFC 4880, section 4.2. -func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader, err error) { - var buf [4]byte - _, err = io.ReadFull(r, buf[:1]) - if err != nil { - return - } - if buf[0]&0x80 == 0 { - err = errors.StructuralError("tag byte does not have MSB set") - return - } - if buf[0]&0x40 == 0 { - // Old format packet - tag = packetType((buf[0] & 0x3f) >> 2) - lengthType := buf[0] & 3 - if lengthType == 3 { - length = -1 - contents = r - return - } - lengthBytes := 1 << lengthType - _, err = readFull(r, buf[0:lengthBytes]) - if err != nil { - return - } - for i := 0; i < lengthBytes; i++ { - length <<= 8 - length |= int64(buf[i]) - } - contents = &spanReader{r, length} - return - } - - // New format packet - tag = packetType(buf[0] & 0x3f) - length, isPartial, err := readLength(r) - if err != nil { - return - } - if isPartial { - contents = &partialLengthReader{ - remaining: length, - isPartial: true, - r: r, - } - length = -1 - } else { - contents = &spanReader{r, length} - } - return -} - -// serializeHeader writes an OpenPGP packet header to w. See RFC 4880, section -// 4.2. -func serializeHeader(w io.Writer, ptype packetType, length int) (err error) { - err = serializeType(w, ptype) - if err != nil { - return - } - return serializeLength(w, length) -} - -// serializeType writes an OpenPGP packet type to w. See RFC 4880, section -// 4.2. -func serializeType(w io.Writer, ptype packetType) (err error) { - var buf [1]byte - buf[0] = 0x80 | 0x40 | byte(ptype) - _, err = w.Write(buf[:]) - return -} - -// serializeLength writes an OpenPGP packet length to w. See RFC 4880, section -// 4.2.2. -func serializeLength(w io.Writer, length int) (err error) { - var buf [5]byte - var n int - - if length < 192 { - buf[0] = byte(length) - n = 1 - } else if length < 8384 { - length -= 192 - buf[0] = 192 + byte(length>>8) - buf[1] = byte(length) - n = 2 - } else { - buf[0] = 255 - buf[1] = byte(length >> 24) - buf[2] = byte(length >> 16) - buf[3] = byte(length >> 8) - buf[4] = byte(length) - n = 5 - } - - _, err = w.Write(buf[:n]) - return -} - -// serializeStreamHeader writes an OpenPGP packet header to w where the -// length of the packet is unknown. It returns a io.WriteCloser which can be -// used to write the contents of the packet. See RFC 4880, section 4.2. -func serializeStreamHeader(w io.WriteCloser, ptype packetType) (out io.WriteCloser, err error) { - err = serializeType(w, ptype) - if err != nil { - return - } - out = &partialLengthWriter{w: w} - return -} - -// Packet represents an OpenPGP packet. Users are expected to try casting -// instances of this interface to specific packet types. -type Packet interface { - parse(io.Reader) error -} - -// consumeAll reads from the given Reader until error, returning the number of -// bytes read. -func consumeAll(r io.Reader) (n int64, err error) { - var m int - var buf [1024]byte - - for { - m, err = r.Read(buf[:]) - n += int64(m) - if err == io.EOF { - err = nil - return - } - if err != nil { - return - } - } -} - -// packetType represents the numeric ids of the different OpenPGP packet types. See -// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-2 -type packetType uint8 - -const ( - packetTypeEncryptedKey packetType = 1 - packetTypeSignature packetType = 2 - packetTypeSymmetricKeyEncrypted packetType = 3 - packetTypeOnePassSignature packetType = 4 - packetTypePrivateKey packetType = 5 - packetTypePublicKey packetType = 6 - packetTypePrivateSubkey packetType = 7 - packetTypeCompressed packetType = 8 - packetTypeSymmetricallyEncrypted packetType = 9 - packetTypeMarker packetType = 10 - packetTypeLiteralData packetType = 11 - packetTypeTrust packetType = 12 - packetTypeUserId packetType = 13 - packetTypePublicSubkey packetType = 14 - packetTypeUserAttribute packetType = 17 - packetTypeSymmetricallyEncryptedIntegrityProtected packetType = 18 - packetTypeAEADEncrypted packetType = 20 - packetPadding packetType = 21 -) - -// EncryptedDataPacket holds encrypted data. It is currently implemented by -// SymmetricallyEncrypted and AEADEncrypted. -type EncryptedDataPacket interface { - Decrypt(CipherFunction, []byte) (io.ReadCloser, error) -} - -// Read reads a single OpenPGP packet from the given io.Reader. If there is an -// error parsing a packet, the whole packet is consumed from the input. -func Read(r io.Reader) (p Packet, err error) { - tag, len, contents, err := readHeader(r) - if err != nil { - return - } - - switch tag { - case packetTypeEncryptedKey: - p = new(EncryptedKey) - case packetTypeSignature: - p = new(Signature) - case packetTypeSymmetricKeyEncrypted: - p = new(SymmetricKeyEncrypted) - case packetTypeOnePassSignature: - p = new(OnePassSignature) - case packetTypePrivateKey, packetTypePrivateSubkey: - pk := new(PrivateKey) - if tag == packetTypePrivateSubkey { - pk.IsSubkey = true - } - p = pk - case packetTypePublicKey, packetTypePublicSubkey: - isSubkey := tag == packetTypePublicSubkey - p = &PublicKey{IsSubkey: isSubkey} - case packetTypeCompressed: - p = new(Compressed) - case packetTypeSymmetricallyEncrypted: - p = new(SymmetricallyEncrypted) - case packetTypeLiteralData: - p = new(LiteralData) - case packetTypeUserId: - p = new(UserId) - case packetTypeUserAttribute: - p = new(UserAttribute) - case packetTypeSymmetricallyEncryptedIntegrityProtected: - se := new(SymmetricallyEncrypted) - se.IntegrityProtected = true - p = se - case packetTypeAEADEncrypted: - p = new(AEADEncrypted) - case packetPadding: - p = Padding(len) - case packetTypeMarker: - p = new(Marker) - case packetTypeTrust: - // Not implemented, just consume - err = errors.UnknownPacketTypeError(tag) - default: - // Packet Tags from 0 to 39 are critical. - // Packet Tags from 40 to 63 are non-critical. - if tag < 40 { - err = errors.CriticalUnknownPacketTypeError(tag) - } else { - err = errors.UnknownPacketTypeError(tag) - } - } - if p != nil { - err = p.parse(contents) - } - if err != nil { - consumeAll(contents) - } - return -} - -// ReadWithCheck reads a single OpenPGP message packet from the given io.Reader. If there is an -// error parsing a packet, the whole packet is consumed from the input. -// ReadWithCheck additionally checks if the OpenPGP message packet sequence adheres -// to the packet composition rules in rfc4880, if not throws an error. -func ReadWithCheck(r io.Reader, sequence *SequenceVerifier) (p Packet, msgErr error, err error) { - tag, len, contents, err := readHeader(r) - if err != nil { - return - } - switch tag { - case packetTypeEncryptedKey: - msgErr = sequence.Next(ESKSymbol) - p = new(EncryptedKey) - case packetTypeSignature: - msgErr = sequence.Next(SigSymbol) - p = new(Signature) - case packetTypeSymmetricKeyEncrypted: - msgErr = sequence.Next(ESKSymbol) - p = new(SymmetricKeyEncrypted) - case packetTypeOnePassSignature: - msgErr = sequence.Next(OPSSymbol) - p = new(OnePassSignature) - case packetTypeCompressed: - msgErr = sequence.Next(CompSymbol) - p = new(Compressed) - case packetTypeSymmetricallyEncrypted: - msgErr = sequence.Next(EncSymbol) - p = new(SymmetricallyEncrypted) - case packetTypeLiteralData: - msgErr = sequence.Next(LDSymbol) - p = new(LiteralData) - case packetTypeSymmetricallyEncryptedIntegrityProtected: - msgErr = sequence.Next(EncSymbol) - se := new(SymmetricallyEncrypted) - se.IntegrityProtected = true - p = se - case packetTypeAEADEncrypted: - msgErr = sequence.Next(EncSymbol) - p = new(AEADEncrypted) - case packetPadding: - p = Padding(len) - case packetTypeMarker: - p = new(Marker) - case packetTypeTrust: - // Not implemented, just consume - err = errors.UnknownPacketTypeError(tag) - case packetTypePrivateKey, - packetTypePrivateSubkey, - packetTypePublicKey, - packetTypePublicSubkey, - packetTypeUserId, - packetTypeUserAttribute: - msgErr = sequence.Next(UnknownSymbol) - consumeAll(contents) - default: - // Packet Tags from 0 to 39 are critical. - // Packet Tags from 40 to 63 are non-critical. - if tag < 40 { - err = errors.CriticalUnknownPacketTypeError(tag) - } else { - err = errors.UnknownPacketTypeError(tag) - } - } - if p != nil { - err = p.parse(contents) - } - if err != nil { - consumeAll(contents) - } - return -} - -// SignatureType represents the different semantic meanings of an OpenPGP -// signature. See RFC 4880, section 5.2.1. -type SignatureType uint8 - -const ( - SigTypeBinary SignatureType = 0x00 - SigTypeText SignatureType = 0x01 - SigTypeGenericCert SignatureType = 0x10 - SigTypePersonaCert SignatureType = 0x11 - SigTypeCasualCert SignatureType = 0x12 - SigTypePositiveCert SignatureType = 0x13 - SigTypeSubkeyBinding SignatureType = 0x18 - SigTypePrimaryKeyBinding SignatureType = 0x19 - SigTypeDirectSignature SignatureType = 0x1F - SigTypeKeyRevocation SignatureType = 0x20 - SigTypeSubkeyRevocation SignatureType = 0x28 - SigTypeCertificationRevocation SignatureType = 0x30 -) - -// PublicKeyAlgorithm represents the different public key system specified for -// OpenPGP. See -// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12 -type PublicKeyAlgorithm uint8 - -const ( - PubKeyAlgoRSA PublicKeyAlgorithm = 1 - PubKeyAlgoElGamal PublicKeyAlgorithm = 16 - PubKeyAlgoDSA PublicKeyAlgorithm = 17 - // RFC 6637, Section 5. - PubKeyAlgoECDH PublicKeyAlgorithm = 18 - PubKeyAlgoECDSA PublicKeyAlgorithm = 19 - // https://www.ietf.org/archive/id/draft-koch-eddsa-for-openpgp-04.txt - PubKeyAlgoEdDSA PublicKeyAlgorithm = 22 - // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh - PubKeyAlgoX25519 PublicKeyAlgorithm = 25 - PubKeyAlgoX448 PublicKeyAlgorithm = 26 - PubKeyAlgoEd25519 PublicKeyAlgorithm = 27 - PubKeyAlgoEd448 PublicKeyAlgorithm = 28 - - // Deprecated in RFC 4880, Section 13.5. Use key flags instead. - PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2 - PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3 -) - -// CanEncrypt returns true if it's possible to encrypt a message to a public -// key of the given type. -func (pka PublicKeyAlgorithm) CanEncrypt() bool { - switch pka { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH, PubKeyAlgoX25519, PubKeyAlgoX448: - return true - } - return false -} - -// CanSign returns true if it's possible for a public key of the given type to -// sign a message. -func (pka PublicKeyAlgorithm) CanSign() bool { - switch pka { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA, PubKeyAlgoEdDSA, PubKeyAlgoEd25519, PubKeyAlgoEd448: - return true - } - return false -} - -// CipherFunction represents the different block ciphers specified for OpenPGP. See -// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13 -type CipherFunction algorithm.CipherFunction - -const ( - Cipher3DES CipherFunction = 2 - CipherCAST5 CipherFunction = 3 - CipherAES128 CipherFunction = 7 - CipherAES192 CipherFunction = 8 - CipherAES256 CipherFunction = 9 -) - -// KeySize returns the key size, in bytes, of cipher. -func (cipher CipherFunction) KeySize() int { - return algorithm.CipherFunction(cipher).KeySize() -} - -// IsSupported returns true if the cipher is supported from the library -func (cipher CipherFunction) IsSupported() bool { - return algorithm.CipherFunction(cipher).KeySize() > 0 -} - -// blockSize returns the block size, in bytes, of cipher. -func (cipher CipherFunction) blockSize() int { - return algorithm.CipherFunction(cipher).BlockSize() -} - -// new returns a fresh instance of the given cipher. -func (cipher CipherFunction) new(key []byte) (block cipher.Block) { - return algorithm.CipherFunction(cipher).New(key) -} - -// padToKeySize left-pads a MPI with zeroes to match the length of the -// specified RSA public. -func padToKeySize(pub *rsa.PublicKey, b []byte) []byte { - k := (pub.N.BitLen() + 7) / 8 - if len(b) >= k { - return b - } - bb := make([]byte, k) - copy(bb[len(bb)-len(b):], b) - return bb -} - -// CompressionAlgo Represents the different compression algorithms -// supported by OpenPGP (except for BZIP2, which is not currently -// supported). See Section 9.3 of RFC 4880. -type CompressionAlgo uint8 - -const ( - CompressionNone CompressionAlgo = 0 - CompressionZIP CompressionAlgo = 1 - CompressionZLIB CompressionAlgo = 2 -) - -// AEADMode represents the different Authenticated Encryption with Associated -// Data specified for OpenPGP. -// See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6 -type AEADMode algorithm.AEADMode - -const ( - AEADModeEAX AEADMode = 1 - AEADModeOCB AEADMode = 2 - AEADModeGCM AEADMode = 3 -) - -func (mode AEADMode) IvLength() int { - return algorithm.AEADMode(mode).NonceLength() -} - -func (mode AEADMode) TagLength() int { - return algorithm.AEADMode(mode).TagLength() -} - -// IsSupported returns true if the aead mode is supported from the library -func (mode AEADMode) IsSupported() bool { - return algorithm.AEADMode(mode).TagLength() > 0 -} - -// new returns a fresh instance of the given mode. -func (mode AEADMode) new(block cipher.Block) cipher.AEAD { - return algorithm.AEADMode(mode).New(block) -} - -// ReasonForRevocation represents a revocation reason code as per RFC4880 -// section 5.2.3.23. -type ReasonForRevocation uint8 - -const ( - NoReason ReasonForRevocation = 0 - KeySuperseded ReasonForRevocation = 1 - KeyCompromised ReasonForRevocation = 2 - KeyRetired ReasonForRevocation = 3 - UserIDNotValid ReasonForRevocation = 32 - Unknown ReasonForRevocation = 200 -) - -func NewReasonForRevocation(value byte) ReasonForRevocation { - if value < 4 || value == 32 { - return ReasonForRevocation(value) - } - return Unknown -} - -// Curve is a mapping to supported ECC curves for key generation. -// See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-06.html#name-curve-specific-wire-formats -type Curve string - -const ( - Curve25519 Curve = "Curve25519" - Curve448 Curve = "Curve448" - CurveNistP256 Curve = "P256" - CurveNistP384 Curve = "P384" - CurveNistP521 Curve = "P521" - CurveSecP256k1 Curve = "SecP256k1" - CurveBrainpoolP256 Curve = "BrainpoolP256" - CurveBrainpoolP384 Curve = "BrainpoolP384" - CurveBrainpoolP512 Curve = "BrainpoolP512" -) - -// TrustLevel represents a trust level per RFC4880 5.2.3.13 -type TrustLevel uint8 - -// TrustAmount represents a trust amount per RFC4880 5.2.3.13 -type TrustAmount uint8 - -const ( - // versionSize is the length in bytes of the version value. - versionSize = 1 - // algorithmSize is the length in bytes of the key algorithm value. - algorithmSize = 1 - // keyVersionSize is the length in bytes of the key version value - keyVersionSize = 1 - // keyIdSize is the length in bytes of the key identifier value. - keyIdSize = 8 - // timestampSize is the length in bytes of encoded timestamps. - timestampSize = 4 - // fingerprintSizeV6 is the length in bytes of the key fingerprint in v6. - fingerprintSizeV6 = 32 - // fingerprintSize is the length in bytes of the key fingerprint. - fingerprintSize = 20 -) diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go deleted file mode 100644 index 55a8a56c2d..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go +++ /dev/null @@ -1,222 +0,0 @@ -package packet - -// This file implements the pushdown automata (PDA) from PGPainless (Paul Schaub) -// to verify pgp packet sequences. See Paul's blogpost for more details: -// https://blog.jabberhead.tk/2022/10/26/implementing-packet-sequence-validation-using-pushdown-automata/ -import ( - "fmt" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -func NewErrMalformedMessage(from State, input InputSymbol, stackSymbol StackSymbol) errors.ErrMalformedMessage { - return errors.ErrMalformedMessage(fmt.Sprintf("state %d, input symbol %d, stack symbol %d ", from, input, stackSymbol)) -} - -// InputSymbol defines the input alphabet of the PDA -type InputSymbol uint8 - -const ( - LDSymbol InputSymbol = iota - SigSymbol - OPSSymbol - CompSymbol - ESKSymbol - EncSymbol - EOSSymbol - UnknownSymbol -) - -// StackSymbol defines the stack alphabet of the PDA -type StackSymbol int8 - -const ( - MsgStackSymbol StackSymbol = iota - OpsStackSymbol - KeyStackSymbol - EndStackSymbol - EmptyStackSymbol -) - -// State defines the states of the PDA -type State int8 - -const ( - OpenPGPMessage State = iota - ESKMessage - LiteralMessage - CompressedMessage - EncryptedMessage - ValidMessage -) - -// transition represents a state transition in the PDA -type transition func(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) - -// SequenceVerifier is a pushdown automata to verify -// PGP messages packet sequences according to rfc4880. -type SequenceVerifier struct { - stack []StackSymbol - state State -} - -// Next performs a state transition with the given input symbol. -// If the transition fails a ErrMalformedMessage is returned. -func (sv *SequenceVerifier) Next(input InputSymbol) error { - for { - stackSymbol := sv.popStack() - transitionFunc := getTransition(sv.state) - nextState, newStackSymbols, redo, err := transitionFunc(input, stackSymbol) - if err != nil { - return err - } - if redo { - sv.pushStack(stackSymbol) - } - for _, newStackSymbol := range newStackSymbols { - sv.pushStack(newStackSymbol) - } - sv.state = nextState - if !redo { - break - } - } - return nil -} - -// Valid returns true if RDA is in a valid state. -func (sv *SequenceVerifier) Valid() bool { - return sv.state == ValidMessage && len(sv.stack) == 0 -} - -func (sv *SequenceVerifier) AssertValid() error { - if !sv.Valid() { - return errors.ErrMalformedMessage("invalid message") - } - return nil -} - -func NewSequenceVerifier() *SequenceVerifier { - return &SequenceVerifier{ - stack: []StackSymbol{EndStackSymbol, MsgStackSymbol}, - state: OpenPGPMessage, - } -} - -func (sv *SequenceVerifier) popStack() StackSymbol { - if len(sv.stack) == 0 { - return EmptyStackSymbol - } - elemIndex := len(sv.stack) - 1 - stackSymbol := sv.stack[elemIndex] - sv.stack = sv.stack[:elemIndex] - return stackSymbol -} - -func (sv *SequenceVerifier) pushStack(stackSymbol StackSymbol) { - sv.stack = append(sv.stack, stackSymbol) -} - -func getTransition(from State) transition { - switch from { - case OpenPGPMessage: - return fromOpenPGPMessage - case LiteralMessage: - return fromLiteralMessage - case CompressedMessage: - return fromCompressedMessage - case EncryptedMessage: - return fromEncryptedMessage - case ESKMessage: - return fromESKMessage - case ValidMessage: - return fromValidMessage - } - return nil -} - -// fromOpenPGPMessage is the transition for the state OpenPGPMessage. -func fromOpenPGPMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) { - if stackSymbol != MsgStackSymbol { - return 0, nil, false, NewErrMalformedMessage(OpenPGPMessage, input, stackSymbol) - } - switch input { - case LDSymbol: - return LiteralMessage, nil, false, nil - case SigSymbol: - return OpenPGPMessage, []StackSymbol{MsgStackSymbol}, false, nil - case OPSSymbol: - return OpenPGPMessage, []StackSymbol{OpsStackSymbol, MsgStackSymbol}, false, nil - case CompSymbol: - return CompressedMessage, nil, false, nil - case ESKSymbol: - return ESKMessage, []StackSymbol{KeyStackSymbol}, false, nil - case EncSymbol: - return EncryptedMessage, nil, false, nil - } - return 0, nil, false, NewErrMalformedMessage(OpenPGPMessage, input, stackSymbol) -} - -// fromESKMessage is the transition for the state ESKMessage. -func fromESKMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) { - if stackSymbol != KeyStackSymbol { - return 0, nil, false, NewErrMalformedMessage(ESKMessage, input, stackSymbol) - } - switch input { - case ESKSymbol: - return ESKMessage, []StackSymbol{KeyStackSymbol}, false, nil - case EncSymbol: - return EncryptedMessage, nil, false, nil - } - return 0, nil, false, NewErrMalformedMessage(ESKMessage, input, stackSymbol) -} - -// fromLiteralMessage is the transition for the state LiteralMessage. -func fromLiteralMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) { - switch input { - case SigSymbol: - if stackSymbol == OpsStackSymbol { - return LiteralMessage, nil, false, nil - } - case EOSSymbol: - if stackSymbol == EndStackSymbol { - return ValidMessage, nil, false, nil - } - } - return 0, nil, false, NewErrMalformedMessage(LiteralMessage, input, stackSymbol) -} - -// fromLiteralMessage is the transition for the state CompressedMessage. -func fromCompressedMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) { - switch input { - case SigSymbol: - if stackSymbol == OpsStackSymbol { - return CompressedMessage, nil, false, nil - } - case EOSSymbol: - if stackSymbol == EndStackSymbol { - return ValidMessage, nil, false, nil - } - } - return OpenPGPMessage, []StackSymbol{MsgStackSymbol}, true, nil -} - -// fromEncryptedMessage is the transition for the state EncryptedMessage. -func fromEncryptedMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) { - switch input { - case SigSymbol: - if stackSymbol == OpsStackSymbol { - return EncryptedMessage, nil, false, nil - } - case EOSSymbol: - if stackSymbol == EndStackSymbol { - return ValidMessage, nil, false, nil - } - } - return OpenPGPMessage, []StackSymbol{MsgStackSymbol}, true, nil -} - -// fromValidMessage is the transition for the state ValidMessage. -func fromValidMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) { - return 0, nil, false, NewErrMalformedMessage(ValidMessage, input, stackSymbol) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go deleted file mode 100644 index 2d714723cf..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go +++ /dev/null @@ -1,24 +0,0 @@ -package packet - -import ( - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// UnsupportedPackage represents a OpenPGP packet with a known packet type -// but with unsupported content. -type UnsupportedPacket struct { - IncompletePacket Packet - Error errors.UnsupportedError -} - -// Implements the Packet interface -func (up *UnsupportedPacket) parse(read io.Reader) error { - err := up.IncompletePacket.parse(read) - if castedErr, ok := err.(errors.UnsupportedError); ok { - up.Error = castedErr - return nil - } - return err -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go deleted file mode 100644 index 3b6a7045d1..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go +++ /dev/null @@ -1,26 +0,0 @@ -package packet - -import ( - "io" -) - -// Padding type represents a Padding Packet (Tag 21). -// The padding type is represented by the length of its padding. -// see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21 -type Padding int - -// parse just ignores the padding content. -func (pad Padding) parse(reader io.Reader) error { - _, err := io.CopyN(io.Discard, reader, int64(pad)) - return err -} - -// SerializePadding writes the padding to writer. -func (pad Padding) SerializePadding(writer io.Writer, rand io.Reader) error { - err := serializeHeader(writer, packetPadding, int(pad)) - if err != nil { - return err - } - _, err = io.CopyN(writer, rand, int64(pad)) - return err -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go deleted file mode 100644 index f04e6c6b87..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go +++ /dev/null @@ -1,1191 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "bytes" - "crypto" - "crypto/cipher" - "crypto/dsa" - "crypto/rsa" - "crypto/sha1" - "crypto/sha256" - "crypto/subtle" - "fmt" - "io" - "math/big" - "strconv" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/ecdh" - "github.com/ProtonMail/go-crypto/openpgp/ecdsa" - "github.com/ProtonMail/go-crypto/openpgp/ed25519" - "github.com/ProtonMail/go-crypto/openpgp/ed448" - "github.com/ProtonMail/go-crypto/openpgp/eddsa" - "github.com/ProtonMail/go-crypto/openpgp/elgamal" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/encoding" - "github.com/ProtonMail/go-crypto/openpgp/s2k" - "github.com/ProtonMail/go-crypto/openpgp/x25519" - "github.com/ProtonMail/go-crypto/openpgp/x448" - "golang.org/x/crypto/hkdf" -) - -// PrivateKey represents a possibly encrypted private key. See RFC 4880, -// section 5.5.3. -type PrivateKey struct { - PublicKey - Encrypted bool // if true then the private key is unavailable until Decrypt has been called. - encryptedData []byte - cipher CipherFunction - s2k func(out, in []byte) - aead AEADMode // only relevant if S2KAEAD is enabled - // An *{rsa|dsa|elgamal|ecdh|ecdsa|ed25519|ed448}.PrivateKey or - // crypto.Signer/crypto.Decrypter (Decryptor RSA only). - PrivateKey interface{} - iv []byte - - // Type of encryption of the S2K packet - // Allowed values are 0 (Not encrypted), 253 (AEAD), 254 (SHA1), or - // 255 (2-byte checksum) - s2kType S2KType - // Full parameters of the S2K packet - s2kParams *s2k.Params -} - -// S2KType s2k packet type -type S2KType uint8 - -const ( - // S2KNON unencrypt - S2KNON S2KType = 0 - // S2KAEAD use authenticated encryption - S2KAEAD S2KType = 253 - // S2KSHA1 sha1 sum check - S2KSHA1 S2KType = 254 - // S2KCHECKSUM sum check - S2KCHECKSUM S2KType = 255 -) - -func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewDSAPublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewECDSAPublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewEdDSAPrivateKey(creationTime time.Time, priv *eddsa.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewEdDSAPublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewECDHPrivateKey(creationTime time.Time, priv *ecdh.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewX25519PrivateKey(creationTime time.Time, priv *x25519.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewX25519PublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewX448PrivateKey(creationTime time.Time, priv *x448.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewX448PublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewEd25519PrivateKey(creationTime time.Time, priv *ed25519.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewEd25519PublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -func NewEd448PrivateKey(creationTime time.Time, priv *ed448.PrivateKey) *PrivateKey { - pk := new(PrivateKey) - pk.PublicKey = *NewEd448PublicKey(creationTime, &priv.PublicKey) - pk.PrivateKey = priv - return pk -} - -// NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that -// implements RSA, ECDSA or EdDSA. -func NewSignerPrivateKey(creationTime time.Time, signer interface{}) *PrivateKey { - pk := new(PrivateKey) - // In general, the public Keys should be used as pointers. We still - // type-switch on the values, for backwards-compatibility. - switch pubkey := signer.(type) { - case *rsa.PrivateKey: - pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey.PublicKey) - case rsa.PrivateKey: - pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey.PublicKey) - case *ecdsa.PrivateKey: - pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey.PublicKey) - case ecdsa.PrivateKey: - pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey.PublicKey) - case *eddsa.PrivateKey: - pk.PublicKey = *NewEdDSAPublicKey(creationTime, &pubkey.PublicKey) - case eddsa.PrivateKey: - pk.PublicKey = *NewEdDSAPublicKey(creationTime, &pubkey.PublicKey) - case *ed25519.PrivateKey: - pk.PublicKey = *NewEd25519PublicKey(creationTime, &pubkey.PublicKey) - case ed25519.PrivateKey: - pk.PublicKey = *NewEd25519PublicKey(creationTime, &pubkey.PublicKey) - case *ed448.PrivateKey: - pk.PublicKey = *NewEd448PublicKey(creationTime, &pubkey.PublicKey) - case ed448.PrivateKey: - pk.PublicKey = *NewEd448PublicKey(creationTime, &pubkey.PublicKey) - default: - panic("openpgp: unknown signer type in NewSignerPrivateKey") - } - pk.PrivateKey = signer - return pk -} - -// NewDecrypterPrivateKey creates a PrivateKey from a *{rsa|elgamal|ecdh|x25519|x448}.PrivateKey. -func NewDecrypterPrivateKey(creationTime time.Time, decrypter interface{}) *PrivateKey { - pk := new(PrivateKey) - switch priv := decrypter.(type) { - case *rsa.PrivateKey: - pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey) - case *elgamal.PrivateKey: - pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey) - case *ecdh.PrivateKey: - pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey) - case *x25519.PrivateKey: - pk.PublicKey = *NewX25519PublicKey(creationTime, &priv.PublicKey) - case *x448.PrivateKey: - pk.PublicKey = *NewX448PublicKey(creationTime, &priv.PublicKey) - default: - panic("openpgp: unknown decrypter type in NewDecrypterPrivateKey") - } - pk.PrivateKey = decrypter - return pk -} - -func (pk *PrivateKey) parse(r io.Reader) (err error) { - err = (&pk.PublicKey).parse(r) - if err != nil { - return - } - v5 := pk.PublicKey.Version == 5 - v6 := pk.PublicKey.Version == 6 - - if V5Disabled && v5 { - return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed") - } - - var buf [1]byte - _, err = readFull(r, buf[:]) - if err != nil { - return - } - pk.s2kType = S2KType(buf[0]) - var optCount [1]byte - if v5 || (v6 && pk.s2kType != S2KNON) { - if _, err = readFull(r, optCount[:]); err != nil { - return - } - } - - switch pk.s2kType { - case S2KNON: - pk.s2k = nil - pk.Encrypted = false - case S2KSHA1, S2KCHECKSUM, S2KAEAD: - if (v5 || v6) && pk.s2kType == S2KCHECKSUM { - return errors.StructuralError(fmt.Sprintf("wrong s2k identifier for version %d", pk.Version)) - } - _, err = readFull(r, buf[:]) - if err != nil { - return - } - pk.cipher = CipherFunction(buf[0]) - if pk.cipher != 0 && !pk.cipher.IsSupported() { - return errors.UnsupportedError("unsupported cipher function in private key") - } - // [Optional] If string-to-key usage octet was 253, - // a one-octet AEAD algorithm. - if pk.s2kType == S2KAEAD { - _, err = readFull(r, buf[:]) - if err != nil { - return - } - pk.aead = AEADMode(buf[0]) - if !pk.aead.IsSupported() { - return errors.UnsupportedError("unsupported aead mode in private key") - } - } - - // [Optional] Only for a version 6 packet, - // and if string-to-key usage octet was 255, 254, or 253, - // an one-octet count of the following field. - if v6 { - _, err = readFull(r, buf[:]) - if err != nil { - return - } - } - - pk.s2kParams, err = s2k.ParseIntoParams(r) - if err != nil { - return - } - if pk.s2kParams.Dummy() { - return - } - if pk.s2kParams.Mode() == s2k.Argon2S2K && pk.s2kType != S2KAEAD { - return errors.StructuralError("using Argon2 S2K without AEAD is not allowed") - } - if pk.s2kParams.Mode() == s2k.SimpleS2K && pk.Version == 6 { - return errors.StructuralError("using Simple S2K with version 6 keys is not allowed") - } - pk.s2k, err = pk.s2kParams.Function() - if err != nil { - return - } - pk.Encrypted = true - default: - return errors.UnsupportedError("deprecated s2k function in private key") - } - - if pk.Encrypted { - var ivSize int - // If the S2K usage octet was 253, the IV is of the size expected by the AEAD mode, - // unless it's a version 5 key, in which case it's the size of the symmetric cipher's block size. - // For all other S2K modes, it's always the block size. - if !v5 && pk.s2kType == S2KAEAD { - ivSize = pk.aead.IvLength() - } else { - ivSize = pk.cipher.blockSize() - } - - if ivSize == 0 { - return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher))) - } - pk.iv = make([]byte, ivSize) - _, err = readFull(r, pk.iv) - if err != nil { - return - } - if v5 && pk.s2kType == S2KAEAD { - pk.iv = pk.iv[:pk.aead.IvLength()] - } - } - - var privateKeyData []byte - if v5 { - var n [4]byte /* secret material four octet count */ - _, err = readFull(r, n[:]) - if err != nil { - return - } - count := uint32(uint32(n[0])<<24 | uint32(n[1])<<16 | uint32(n[2])<<8 | uint32(n[3])) - if !pk.Encrypted { - count = count + 2 /* two octet checksum */ - } - privateKeyData = make([]byte, count) - _, err = readFull(r, privateKeyData) - if err != nil { - return - } - } else { - privateKeyData, err = io.ReadAll(r) - if err != nil { - return - } - } - if !pk.Encrypted { - if len(privateKeyData) < 2 { - return errors.StructuralError("truncated private key data") - } - if pk.Version != 6 { - // checksum - var sum uint16 - for i := 0; i < len(privateKeyData)-2; i++ { - sum += uint16(privateKeyData[i]) - } - if privateKeyData[len(privateKeyData)-2] != uint8(sum>>8) || - privateKeyData[len(privateKeyData)-1] != uint8(sum) { - return errors.StructuralError("private key checksum failure") - } - privateKeyData = privateKeyData[:len(privateKeyData)-2] - return pk.parsePrivateKey(privateKeyData) - } else { - // No checksum - return pk.parsePrivateKey(privateKeyData) - } - } - - pk.encryptedData = privateKeyData - return -} - -// Dummy returns true if the private key is a dummy key. This is a GNU extension. -func (pk *PrivateKey) Dummy() bool { - return pk.s2kParams.Dummy() -} - -func mod64kHash(d []byte) uint16 { - var h uint16 - for _, b := range d { - h += uint16(b) - } - return h -} - -func (pk *PrivateKey) Serialize(w io.Writer) (err error) { - contents := bytes.NewBuffer(nil) - err = pk.PublicKey.serializeWithoutHeaders(contents) - if err != nil { - return - } - if _, err = contents.Write([]byte{uint8(pk.s2kType)}); err != nil { - return - } - - optional := bytes.NewBuffer(nil) - if pk.Encrypted || pk.Dummy() { - // [Optional] If string-to-key usage octet was 255, 254, or 253, - // a one-octet symmetric encryption algorithm. - if _, err = optional.Write([]byte{uint8(pk.cipher)}); err != nil { - return - } - // [Optional] If string-to-key usage octet was 253, - // a one-octet AEAD algorithm. - if pk.s2kType == S2KAEAD { - if _, err = optional.Write([]byte{uint8(pk.aead)}); err != nil { - return - } - } - - s2kBuffer := bytes.NewBuffer(nil) - if err := pk.s2kParams.Serialize(s2kBuffer); err != nil { - return err - } - // [Optional] Only for a version 6 packet, and if string-to-key - // usage octet was 255, 254, or 253, an one-octet - // count of the following field. - if pk.Version == 6 { - if _, err = optional.Write([]byte{uint8(s2kBuffer.Len())}); err != nil { - return - } - } - // [Optional] If string-to-key usage octet was 255, 254, or 253, - // a string-to-key (S2K) specifier. The length of the string-to-key specifier - // depends on its type - if _, err = io.Copy(optional, s2kBuffer); err != nil { - return - } - - // IV - if pk.Encrypted { - if _, err = optional.Write(pk.iv); err != nil { - return - } - if pk.Version == 5 && pk.s2kType == S2KAEAD { - // Add padding for version 5 - padding := make([]byte, pk.cipher.blockSize()-len(pk.iv)) - if _, err = optional.Write(padding); err != nil { - return - } - } - } - } - if pk.Version == 5 || (pk.Version == 6 && pk.s2kType != S2KNON) { - contents.Write([]byte{uint8(optional.Len())}) - } - - if _, err := io.Copy(contents, optional); err != nil { - return err - } - - if !pk.Dummy() { - l := 0 - var priv []byte - if !pk.Encrypted { - buf := bytes.NewBuffer(nil) - err = pk.serializePrivateKey(buf) - if err != nil { - return err - } - l = buf.Len() - if pk.Version != 6 { - checksum := mod64kHash(buf.Bytes()) - buf.Write([]byte{byte(checksum >> 8), byte(checksum)}) - } - priv = buf.Bytes() - } else { - priv, l = pk.encryptedData, len(pk.encryptedData) - } - - if pk.Version == 5 { - contents.Write([]byte{byte(l >> 24), byte(l >> 16), byte(l >> 8), byte(l)}) - } - contents.Write(priv) - } - - ptype := packetTypePrivateKey - if pk.IsSubkey { - ptype = packetTypePrivateSubkey - } - err = serializeHeader(w, ptype, contents.Len()) - if err != nil { - return - } - _, err = io.Copy(w, contents) - if err != nil { - return - } - return -} - -func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error { - if _, err := w.Write(new(encoding.MPI).SetBig(priv.D).EncodedBytes()); err != nil { - return err - } - if _, err := w.Write(new(encoding.MPI).SetBig(priv.Primes[1]).EncodedBytes()); err != nil { - return err - } - if _, err := w.Write(new(encoding.MPI).SetBig(priv.Primes[0]).EncodedBytes()); err != nil { - return err - } - _, err := w.Write(new(encoding.MPI).SetBig(priv.Precomputed.Qinv).EncodedBytes()) - return err -} - -func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error { - _, err := w.Write(new(encoding.MPI).SetBig(priv.X).EncodedBytes()) - return err -} - -func serializeElGamalPrivateKey(w io.Writer, priv *elgamal.PrivateKey) error { - _, err := w.Write(new(encoding.MPI).SetBig(priv.X).EncodedBytes()) - return err -} - -func serializeECDSAPrivateKey(w io.Writer, priv *ecdsa.PrivateKey) error { - _, err := w.Write(encoding.NewMPI(priv.MarshalIntegerSecret()).EncodedBytes()) - return err -} - -func serializeEdDSAPrivateKey(w io.Writer, priv *eddsa.PrivateKey) error { - _, err := w.Write(encoding.NewMPI(priv.MarshalByteSecret()).EncodedBytes()) - return err -} - -func serializeECDHPrivateKey(w io.Writer, priv *ecdh.PrivateKey) error { - _, err := w.Write(encoding.NewMPI(priv.MarshalByteSecret()).EncodedBytes()) - return err -} - -func serializeX25519PrivateKey(w io.Writer, priv *x25519.PrivateKey) error { - _, err := w.Write(priv.Secret) - return err -} - -func serializeX448PrivateKey(w io.Writer, priv *x448.PrivateKey) error { - _, err := w.Write(priv.Secret) - return err -} - -func serializeEd25519PrivateKey(w io.Writer, priv *ed25519.PrivateKey) error { - _, err := w.Write(priv.MarshalByteSecret()) - return err -} - -func serializeEd448PrivateKey(w io.Writer, priv *ed448.PrivateKey) error { - _, err := w.Write(priv.MarshalByteSecret()) - return err -} - -// decrypt decrypts an encrypted private key using a decryption key. -func (pk *PrivateKey) decrypt(decryptionKey []byte) error { - if pk.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - if !pk.Encrypted { - return nil - } - block := pk.cipher.new(decryptionKey) - var data []byte - switch pk.s2kType { - case S2KAEAD: - aead := pk.aead.new(block) - additionalData, err := pk.additionalData() - if err != nil { - return err - } - // Decrypt the encrypted key material with aead - data, err = aead.Open(nil, pk.iv, pk.encryptedData, additionalData) - if err != nil { - return err - } - case S2KSHA1, S2KCHECKSUM: - cfb := cipher.NewCFBDecrypter(block, pk.iv) - data = make([]byte, len(pk.encryptedData)) - cfb.XORKeyStream(data, pk.encryptedData) - if pk.s2kType == S2KSHA1 { - if len(data) < sha1.Size { - return errors.StructuralError("truncated private key data") - } - h := sha1.New() - h.Write(data[:len(data)-sha1.Size]) - sum := h.Sum(nil) - if !bytes.Equal(sum, data[len(data)-sha1.Size:]) { - return errors.StructuralError("private key checksum failure") - } - data = data[:len(data)-sha1.Size] - } else { - if len(data) < 2 { - return errors.StructuralError("truncated private key data") - } - var sum uint16 - for i := 0; i < len(data)-2; i++ { - sum += uint16(data[i]) - } - if data[len(data)-2] != uint8(sum>>8) || - data[len(data)-1] != uint8(sum) { - return errors.StructuralError("private key checksum failure") - } - data = data[:len(data)-2] - } - default: - return errors.InvalidArgumentError("invalid s2k type") - } - - err := pk.parsePrivateKey(data) - if _, ok := err.(errors.KeyInvalidError); ok { - return errors.KeyInvalidError("invalid key parameters") - } - if err != nil { - return err - } - - // Mark key as unencrypted - pk.s2kType = S2KNON - pk.s2k = nil - pk.Encrypted = false - pk.encryptedData = nil - return nil -} - -func (pk *PrivateKey) decryptWithCache(passphrase []byte, keyCache *s2k.Cache) error { - if pk.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - if !pk.Encrypted { - return nil - } - - key, err := keyCache.GetOrComputeDerivedKey(passphrase, pk.s2kParams, pk.cipher.KeySize()) - if err != nil { - return err - } - if pk.s2kType == S2KAEAD { - key = pk.applyHKDF(key) - } - return pk.decrypt(key) -} - -// Decrypt decrypts an encrypted private key using a passphrase. -func (pk *PrivateKey) Decrypt(passphrase []byte) error { - if pk.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - if !pk.Encrypted { - return nil - } - - key := make([]byte, pk.cipher.KeySize()) - pk.s2k(key, passphrase) - if pk.s2kType == S2KAEAD { - key = pk.applyHKDF(key) - } - return pk.decrypt(key) -} - -// DecryptPrivateKeys decrypts all encrypted keys with the given config and passphrase. -// Avoids recomputation of similar s2k key derivations. -func DecryptPrivateKeys(keys []*PrivateKey, passphrase []byte) error { - // Create a cache to avoid recomputation of key derviations for the same passphrase. - s2kCache := &s2k.Cache{} - for _, key := range keys { - if key != nil && !key.Dummy() && key.Encrypted { - err := key.decryptWithCache(passphrase, s2kCache) - if err != nil { - return err - } - } - } - return nil -} - -// encrypt encrypts an unencrypted private key. -func (pk *PrivateKey) encrypt(key []byte, params *s2k.Params, s2kType S2KType, cipherFunction CipherFunction, rand io.Reader) error { - if pk.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - if pk.Encrypted { - return nil - } - // check if encryptionKey has the correct size - if len(key) != cipherFunction.KeySize() { - return errors.InvalidArgumentError("supplied encryption key has the wrong size") - } - - if params.Mode() == s2k.Argon2S2K && s2kType != S2KAEAD { - return errors.InvalidArgumentError("using Argon2 S2K without AEAD is not allowed") - } - if params.Mode() != s2k.Argon2S2K && params.Mode() != s2k.IteratedSaltedS2K && - params.Mode() != s2k.SaltedS2K { // only allowed for high-entropy passphrases - return errors.InvalidArgumentError("insecure S2K mode") - } - - priv := bytes.NewBuffer(nil) - err := pk.serializePrivateKey(priv) - if err != nil { - return err - } - - pk.cipher = cipherFunction - pk.s2kParams = params - pk.s2k, err = pk.s2kParams.Function() - if err != nil { - return err - } - - privateKeyBytes := priv.Bytes() - pk.s2kType = s2kType - block := pk.cipher.new(key) - switch s2kType { - case S2KAEAD: - if pk.aead == 0 { - return errors.StructuralError("aead mode is not set on key") - } - aead := pk.aead.new(block) - additionalData, err := pk.additionalData() - if err != nil { - return err - } - pk.iv = make([]byte, aead.NonceSize()) - _, err = io.ReadFull(rand, pk.iv) - if err != nil { - return err - } - // Decrypt the encrypted key material with aead - pk.encryptedData = aead.Seal(nil, pk.iv, privateKeyBytes, additionalData) - case S2KSHA1, S2KCHECKSUM: - pk.iv = make([]byte, pk.cipher.blockSize()) - _, err = io.ReadFull(rand, pk.iv) - if err != nil { - return err - } - cfb := cipher.NewCFBEncrypter(block, pk.iv) - if s2kType == S2KSHA1 { - h := sha1.New() - h.Write(privateKeyBytes) - sum := h.Sum(nil) - privateKeyBytes = append(privateKeyBytes, sum...) - } else { - var sum uint16 - for _, b := range privateKeyBytes { - sum += uint16(b) - } - privateKeyBytes = append(privateKeyBytes, []byte{uint8(sum >> 8), uint8(sum)}...) - } - pk.encryptedData = make([]byte, len(privateKeyBytes)) - cfb.XORKeyStream(pk.encryptedData, privateKeyBytes) - default: - return errors.InvalidArgumentError("invalid s2k type for encryption") - } - - pk.Encrypted = true - pk.PrivateKey = nil - return err -} - -// EncryptWithConfig encrypts an unencrypted private key using the passphrase and the config. -func (pk *PrivateKey) EncryptWithConfig(passphrase []byte, config *Config) error { - params, err := s2k.Generate(config.Random(), config.S2K()) - if err != nil { - return err - } - // Derive an encryption key with the configured s2k function. - key := make([]byte, config.Cipher().KeySize()) - s2k, err := params.Function() - if err != nil { - return err - } - s2k(key, passphrase) - s2kType := S2KSHA1 - if config.AEAD() != nil { - s2kType = S2KAEAD - pk.aead = config.AEAD().Mode() - pk.cipher = config.Cipher() - key = pk.applyHKDF(key) - } - // Encrypt the private key with the derived encryption key. - return pk.encrypt(key, params, s2kType, config.Cipher(), config.Random()) -} - -// EncryptPrivateKeys encrypts all unencrypted keys with the given config and passphrase. -// Only derives one key from the passphrase, which is then used to encrypt each key. -func EncryptPrivateKeys(keys []*PrivateKey, passphrase []byte, config *Config) error { - params, err := s2k.Generate(config.Random(), config.S2K()) - if err != nil { - return err - } - // Derive an encryption key with the configured s2k function. - encryptionKey := make([]byte, config.Cipher().KeySize()) - s2k, err := params.Function() - if err != nil { - return err - } - s2k(encryptionKey, passphrase) - for _, key := range keys { - if key != nil && !key.Dummy() && !key.Encrypted { - s2kType := S2KSHA1 - if config.AEAD() != nil { - s2kType = S2KAEAD - key.aead = config.AEAD().Mode() - key.cipher = config.Cipher() - derivedKey := key.applyHKDF(encryptionKey) - err = key.encrypt(derivedKey, params, s2kType, config.Cipher(), config.Random()) - } else { - err = key.encrypt(encryptionKey, params, s2kType, config.Cipher(), config.Random()) - } - if err != nil { - return err - } - } - } - return nil -} - -// Encrypt encrypts an unencrypted private key using a passphrase. -func (pk *PrivateKey) Encrypt(passphrase []byte) error { - // Default config of private key encryption - config := &Config{ - S2KConfig: &s2k.Config{ - S2KMode: s2k.IteratedSaltedS2K, - S2KCount: 65536, - Hash: crypto.SHA256, - }, - DefaultCipher: CipherAES256, - } - return pk.EncryptWithConfig(passphrase, config) -} - -func (pk *PrivateKey) serializePrivateKey(w io.Writer) (err error) { - switch priv := pk.PrivateKey.(type) { - case *rsa.PrivateKey: - err = serializeRSAPrivateKey(w, priv) - case *dsa.PrivateKey: - err = serializeDSAPrivateKey(w, priv) - case *elgamal.PrivateKey: - err = serializeElGamalPrivateKey(w, priv) - case *ecdsa.PrivateKey: - err = serializeECDSAPrivateKey(w, priv) - case *eddsa.PrivateKey: - err = serializeEdDSAPrivateKey(w, priv) - case *ecdh.PrivateKey: - err = serializeECDHPrivateKey(w, priv) - case *x25519.PrivateKey: - err = serializeX25519PrivateKey(w, priv) - case *x448.PrivateKey: - err = serializeX448PrivateKey(w, priv) - case *ed25519.PrivateKey: - err = serializeEd25519PrivateKey(w, priv) - case *ed448.PrivateKey: - err = serializeEd448PrivateKey(w, priv) - default: - err = errors.InvalidArgumentError("unknown private key type") - } - return -} - -func (pk *PrivateKey) parsePrivateKey(data []byte) (err error) { - switch pk.PublicKey.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoRSAEncryptOnly: - return pk.parseRSAPrivateKey(data) - case PubKeyAlgoDSA: - return pk.parseDSAPrivateKey(data) - case PubKeyAlgoElGamal: - return pk.parseElGamalPrivateKey(data) - case PubKeyAlgoECDSA: - return pk.parseECDSAPrivateKey(data) - case PubKeyAlgoECDH: - return pk.parseECDHPrivateKey(data) - case PubKeyAlgoEdDSA: - return pk.parseEdDSAPrivateKey(data) - case PubKeyAlgoX25519: - return pk.parseX25519PrivateKey(data) - case PubKeyAlgoX448: - return pk.parseX448PrivateKey(data) - case PubKeyAlgoEd25519: - return pk.parseEd25519PrivateKey(data) - case PubKeyAlgoEd448: - return pk.parseEd448PrivateKey(data) - default: - err = errors.StructuralError("unknown private key type") - return - } -} - -func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) { - rsaPub := pk.PublicKey.PublicKey.(*rsa.PublicKey) - rsaPriv := new(rsa.PrivateKey) - rsaPriv.PublicKey = *rsaPub - - buf := bytes.NewBuffer(data) - d := new(encoding.MPI) - if _, err := d.ReadFrom(buf); err != nil { - return err - } - - p := new(encoding.MPI) - if _, err := p.ReadFrom(buf); err != nil { - return err - } - - q := new(encoding.MPI) - if _, err := q.ReadFrom(buf); err != nil { - return err - } - - rsaPriv.D = new(big.Int).SetBytes(d.Bytes()) - rsaPriv.Primes = make([]*big.Int, 2) - rsaPriv.Primes[0] = new(big.Int).SetBytes(p.Bytes()) - rsaPriv.Primes[1] = new(big.Int).SetBytes(q.Bytes()) - if err := rsaPriv.Validate(); err != nil { - return errors.KeyInvalidError(err.Error()) - } - rsaPriv.Precompute() - pk.PrivateKey = rsaPriv - - return nil -} - -func (pk *PrivateKey) parseDSAPrivateKey(data []byte) (err error) { - dsaPub := pk.PublicKey.PublicKey.(*dsa.PublicKey) - dsaPriv := new(dsa.PrivateKey) - dsaPriv.PublicKey = *dsaPub - - buf := bytes.NewBuffer(data) - x := new(encoding.MPI) - if _, err := x.ReadFrom(buf); err != nil { - return err - } - - dsaPriv.X = new(big.Int).SetBytes(x.Bytes()) - if err := validateDSAParameters(dsaPriv); err != nil { - return err - } - pk.PrivateKey = dsaPriv - - return nil -} - -func (pk *PrivateKey) parseElGamalPrivateKey(data []byte) (err error) { - pub := pk.PublicKey.PublicKey.(*elgamal.PublicKey) - priv := new(elgamal.PrivateKey) - priv.PublicKey = *pub - - buf := bytes.NewBuffer(data) - x := new(encoding.MPI) - if _, err := x.ReadFrom(buf); err != nil { - return err - } - - priv.X = new(big.Int).SetBytes(x.Bytes()) - if err := validateElGamalParameters(priv); err != nil { - return err - } - pk.PrivateKey = priv - - return nil -} - -func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) { - ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey) - ecdsaPriv := ecdsa.NewPrivateKey(*ecdsaPub) - - buf := bytes.NewBuffer(data) - d := new(encoding.MPI) - if _, err := d.ReadFrom(buf); err != nil { - return err - } - - if err := ecdsaPriv.UnmarshalIntegerSecret(d.Bytes()); err != nil { - return err - } - if err := ecdsa.Validate(ecdsaPriv); err != nil { - return err - } - pk.PrivateKey = ecdsaPriv - - return nil -} - -func (pk *PrivateKey) parseECDHPrivateKey(data []byte) (err error) { - ecdhPub := pk.PublicKey.PublicKey.(*ecdh.PublicKey) - ecdhPriv := ecdh.NewPrivateKey(*ecdhPub) - - buf := bytes.NewBuffer(data) - d := new(encoding.MPI) - if _, err := d.ReadFrom(buf); err != nil { - return err - } - - if err := ecdhPriv.UnmarshalByteSecret(d.Bytes()); err != nil { - return err - } - - if err := ecdh.Validate(ecdhPriv); err != nil { - return err - } - - pk.PrivateKey = ecdhPriv - - return nil -} - -func (pk *PrivateKey) parseX25519PrivateKey(data []byte) (err error) { - publicKey := pk.PublicKey.PublicKey.(*x25519.PublicKey) - privateKey := x25519.NewPrivateKey(*publicKey) - privateKey.PublicKey = *publicKey - - privateKey.Secret = make([]byte, x25519.KeySize) - - if len(data) != x25519.KeySize { - err = errors.StructuralError("wrong x25519 key size") - return err - } - subtle.ConstantTimeCopy(1, privateKey.Secret, data) - if err = x25519.Validate(privateKey); err != nil { - return err - } - pk.PrivateKey = privateKey - return nil -} - -func (pk *PrivateKey) parseX448PrivateKey(data []byte) (err error) { - publicKey := pk.PublicKey.PublicKey.(*x448.PublicKey) - privateKey := x448.NewPrivateKey(*publicKey) - privateKey.PublicKey = *publicKey - - privateKey.Secret = make([]byte, x448.KeySize) - - if len(data) != x448.KeySize { - err = errors.StructuralError("wrong x448 key size") - return err - } - subtle.ConstantTimeCopy(1, privateKey.Secret, data) - if err = x448.Validate(privateKey); err != nil { - return err - } - pk.PrivateKey = privateKey - return nil -} - -func (pk *PrivateKey) parseEd25519PrivateKey(data []byte) (err error) { - publicKey := pk.PublicKey.PublicKey.(*ed25519.PublicKey) - privateKey := ed25519.NewPrivateKey(*publicKey) - privateKey.PublicKey = *publicKey - - if len(data) != ed25519.SeedSize { - err = errors.StructuralError("wrong ed25519 key size") - return err - } - err = privateKey.UnmarshalByteSecret(data) - if err != nil { - return err - } - err = ed25519.Validate(privateKey) - if err != nil { - return err - } - pk.PrivateKey = privateKey - return nil -} - -func (pk *PrivateKey) parseEd448PrivateKey(data []byte) (err error) { - publicKey := pk.PublicKey.PublicKey.(*ed448.PublicKey) - privateKey := ed448.NewPrivateKey(*publicKey) - privateKey.PublicKey = *publicKey - - if len(data) != ed448.SeedSize { - err = errors.StructuralError("wrong ed448 key size") - return err - } - err = privateKey.UnmarshalByteSecret(data) - if err != nil { - return err - } - err = ed448.Validate(privateKey) - if err != nil { - return err - } - pk.PrivateKey = privateKey - return nil -} - -func (pk *PrivateKey) parseEdDSAPrivateKey(data []byte) (err error) { - eddsaPub := pk.PublicKey.PublicKey.(*eddsa.PublicKey) - eddsaPriv := eddsa.NewPrivateKey(*eddsaPub) - eddsaPriv.PublicKey = *eddsaPub - - buf := bytes.NewBuffer(data) - d := new(encoding.MPI) - if _, err := d.ReadFrom(buf); err != nil { - return err - } - - if err = eddsaPriv.UnmarshalByteSecret(d.Bytes()); err != nil { - return err - } - - if err := eddsa.Validate(eddsaPriv); err != nil { - return err - } - - pk.PrivateKey = eddsaPriv - - return nil -} - -func (pk *PrivateKey) additionalData() ([]byte, error) { - additionalData := bytes.NewBuffer(nil) - // Write additional data prefix based on packet type - var packetByte byte - if pk.PublicKey.IsSubkey { - packetByte = 0xc7 - } else { - packetByte = 0xc5 - } - // Write public key to additional data - _, err := additionalData.Write([]byte{packetByte}) - if err != nil { - return nil, err - } - err = pk.PublicKey.serializeWithoutHeaders(additionalData) - if err != nil { - return nil, err - } - return additionalData.Bytes(), nil -} - -func (pk *PrivateKey) applyHKDF(inputKey []byte) []byte { - var packetByte byte - if pk.PublicKey.IsSubkey { - packetByte = 0xc7 - } else { - packetByte = 0xc5 - } - associatedData := []byte{packetByte, byte(pk.Version), byte(pk.cipher), byte(pk.aead)} - hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData) - encryptionKey := make([]byte, pk.cipher.KeySize()) - _, _ = readFull(hkdfReader, encryptionKey) - return encryptionKey -} - -func validateDSAParameters(priv *dsa.PrivateKey) error { - p := priv.P // group prime - q := priv.Q // subgroup order - g := priv.G // g has order q mod p - x := priv.X // secret - y := priv.Y // y == g**x mod p - one := big.NewInt(1) - // expect g, y >= 2 and g < p - if g.Cmp(one) <= 0 || y.Cmp(one) <= 0 || g.Cmp(p) > 0 { - return errors.KeyInvalidError("dsa: invalid group") - } - // expect p > q - if p.Cmp(q) <= 0 { - return errors.KeyInvalidError("dsa: invalid group prime") - } - // q should be large enough and divide p-1 - pSub1 := new(big.Int).Sub(p, one) - if q.BitLen() < 150 || new(big.Int).Mod(pSub1, q).Cmp(big.NewInt(0)) != 0 { - return errors.KeyInvalidError("dsa: invalid order") - } - // confirm that g has order q mod p - if !q.ProbablyPrime(32) || new(big.Int).Exp(g, q, p).Cmp(one) != 0 { - return errors.KeyInvalidError("dsa: invalid order") - } - // check y - if new(big.Int).Exp(g, x, p).Cmp(y) != 0 { - return errors.KeyInvalidError("dsa: mismatching values") - } - - return nil -} - -func validateElGamalParameters(priv *elgamal.PrivateKey) error { - p := priv.P // group prime - g := priv.G // g has order p-1 mod p - x := priv.X // secret - y := priv.Y // y == g**x mod p - one := big.NewInt(1) - // Expect g, y >= 2 and g < p - if g.Cmp(one) <= 0 || y.Cmp(one) <= 0 || g.Cmp(p) > 0 { - return errors.KeyInvalidError("elgamal: invalid group") - } - if p.BitLen() < 1024 { - return errors.KeyInvalidError("elgamal: group order too small") - } - pSub1 := new(big.Int).Sub(p, one) - if new(big.Int).Exp(g, pSub1, p).Cmp(one) != 0 { - return errors.KeyInvalidError("elgamal: invalid group") - } - // Since p-1 is not prime, g might have a smaller order that divides p-1. - // We cannot confirm the exact order of g, but we make sure it is not too small. - gExpI := new(big.Int).Set(g) - i := 1 - threshold := 2 << 17 // we want order > threshold - for i < threshold { - i++ // we check every order to make sure key validation is not easily bypassed by guessing y' - gExpI.Mod(new(big.Int).Mul(gExpI, g), p) - if gExpI.Cmp(one) == 0 { - return errors.KeyInvalidError("elgamal: order too small") - } - } - // Check y - if new(big.Int).Exp(g, x, p).Cmp(y) != 0 { - return errors.KeyInvalidError("elgamal: mismatching values") - } - - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go deleted file mode 100644 index 029b8f1aab..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go +++ /dev/null @@ -1,12 +0,0 @@ -package packet - -// Generated with `gpg --export-secret-keys "Test Key 2"` -const privKeyRSAHex = "9501fe044cc349a8010400b70ca0010e98c090008d45d1ee8f9113bd5861fd57b88bacb7c68658747663f1e1a3b5a98f32fda6472373c024b97359cd2efc88ff60f77751adfbf6af5e615e6a1408cfad8bf0cea30b0d5f53aa27ad59089ba9b15b7ebc2777a25d7b436144027e3bcd203909f147d0e332b240cf63d3395f5dfe0df0a6c04e8655af7eacdf0011010001fe0303024a252e7d475fd445607de39a265472aa74a9320ba2dac395faa687e9e0336aeb7e9a7397e511b5afd9dc84557c80ac0f3d4d7bfec5ae16f20d41c8c84a04552a33870b930420e230e179564f6d19bb153145e76c33ae993886c388832b0fa042ddda7f133924f3854481533e0ede31d51278c0519b29abc3bf53da673e13e3e1214b52413d179d7f66deee35cac8eacb060f78379d70ef4af8607e68131ff529439668fc39c9ce6dfef8a5ac234d234802cbfb749a26107db26406213ae5c06d4673253a3cbee1fcbae58d6ab77e38d6e2c0e7c6317c48e054edadb5a40d0d48acb44643d998139a8a66bb820be1f3f80185bc777d14b5954b60effe2448a036d565c6bc0b915fcea518acdd20ab07bc1529f561c58cd044f723109b93f6fd99f876ff891d64306b5d08f48bab59f38695e9109c4dec34013ba3153488ce070268381ba923ee1eb77125b36afcb4347ec3478c8f2735b06ef17351d872e577fa95d0c397c88c71b59629a36aec" - -// Generated by `gpg --export-secret-keys` followed by a manual extraction of -// the ElGamal subkey from the packets. -const privKeyElGamalHex = "9d0157044df9ee1a100400eb8e136a58ec39b582629cdadf830bc64e0a94ed8103ca8bb247b27b11b46d1d25297ef4bcc3071785ba0c0bedfe89eabc5287fcc0edf81ab5896c1c8e4b20d27d79813c7aede75320b33eaeeaa586edc00fd1036c10133e6ba0ff277245d0d59d04b2b3421b7244aca5f4a8d870c6f1c1fbff9e1c26699a860b9504f35ca1d700030503fd1ededd3b840795be6d9ccbe3c51ee42e2f39233c432b831ddd9c4e72b7025a819317e47bf94f9ee316d7273b05d5fcf2999c3a681f519b1234bbfa6d359b4752bd9c3f77d6b6456cde152464763414ca130f4e91d91041432f90620fec0e6d6b5116076c2985d5aeaae13be492b9b329efcaf7ee25120159a0a30cd976b42d7afe030302dae7eb80db744d4960c4df930d57e87fe81412eaace9f900e6c839817a614ddb75ba6603b9417c33ea7b6c93967dfa2bcff3fa3c74a5ce2c962db65b03aece14c96cbd0038fc" - -// pkcs1PrivKeyHex is a PKCS#1, RSA private key. -// Generated by `openssl genrsa 1024 | openssl rsa -outform DER | xxd -p` -const pkcs1PrivKeyHex = "3082025d02010002818100e98edfa1c3b35884a54d0b36a6a603b0290fa85e49e30fa23fc94fef9c6790bc4849928607aa48d809da326fb42a969d06ad756b98b9c1a90f5d4a2b6d0ac05953c97f4da3120164a21a679793ce181c906dc01d235cc085ddcdf6ea06c389b6ab8885dfd685959e693138856a68a7e5db263337ff82a088d583a897cf2d59e9020301000102818100b6d5c9eb70b02d5369b3ee5b520a14490b5bde8a317d36f7e4c74b7460141311d1e5067735f8f01d6f5908b2b96fbd881f7a1ab9a84d82753e39e19e2d36856be960d05ac9ef8e8782ea1b6d65aee28fdfe1d61451e8cff0adfe84322f12cf455028b581cf60eb9e0e140ba5d21aeba6c2634d7c65318b9a665fc01c3191ca21024100fa5e818da3705b0fa33278bb28d4b6f6050388af2d4b75ec9375dd91ccf2e7d7068086a8b82a8f6282e4fbbdb8a7f2622eb97295249d87acea7f5f816f54d347024100eecf9406d7dc49cdfb95ab1eff4064de84c7a30f64b2798936a0d2018ba9eb52e4b636f82e96c49cc63b80b675e91e40d1b2e4017d4b9adaf33ab3d9cf1c214f024100c173704ace742c082323066226a4655226819a85304c542b9dacbeacbf5d1881ee863485fcf6f59f3a604f9b42289282067447f2b13dfeed3eab7851fc81e0550240741fc41f3fc002b382eed8730e33c5d8de40256e4accee846667f536832f711ab1d4590e7db91a8a116ac5bff3be13d3f9243ff2e976662aa9b395d907f8e9c9024046a5696c9ef882363e06c9fa4e2f5b580906452befba03f4a99d0f873697ef1f851d2226ca7934b30b7c3e80cb634a67172bbbf4781735fe3e09263e2dd723e7" diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go deleted file mode 100644 index e2813396e3..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go +++ /dev/null @@ -1,1125 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "crypto/dsa" - "crypto/rsa" - "crypto/sha1" - "crypto/sha256" - _ "crypto/sha512" - "encoding/binary" - "fmt" - "hash" - "io" - "math/big" - "strconv" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/ecdh" - "github.com/ProtonMail/go-crypto/openpgp/ecdsa" - "github.com/ProtonMail/go-crypto/openpgp/ed25519" - "github.com/ProtonMail/go-crypto/openpgp/ed448" - "github.com/ProtonMail/go-crypto/openpgp/eddsa" - "github.com/ProtonMail/go-crypto/openpgp/elgamal" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/internal/ecc" - "github.com/ProtonMail/go-crypto/openpgp/internal/encoding" - "github.com/ProtonMail/go-crypto/openpgp/x25519" - "github.com/ProtonMail/go-crypto/openpgp/x448" -) - -// PublicKey represents an OpenPGP public key. See RFC 4880, section 5.5.2. -type PublicKey struct { - Version int - CreationTime time.Time - PubKeyAlgo PublicKeyAlgorithm - PublicKey interface{} // *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey or *eddsa.PublicKey, *x25519.PublicKey, *x448.PublicKey, *ed25519.PublicKey, *ed448.PublicKey - Fingerprint []byte - KeyId uint64 - IsSubkey bool - - // RFC 4880 fields - n, e, p, q, g, y encoding.Field - - // RFC 6637 fields - // oid contains the OID byte sequence identifying the elliptic curve used - oid encoding.Field - - // kdf stores key derivation function parameters - // used for ECDH encryption. See RFC 6637, Section 9. - kdf encoding.Field -} - -// UpgradeToV5 updates the version of the key to v5, and updates all necessary -// fields. -func (pk *PublicKey) UpgradeToV5() { - pk.Version = 5 - pk.setFingerprintAndKeyId() -} - -// UpgradeToV6 updates the version of the key to v6, and updates all necessary -// fields. -func (pk *PublicKey) UpgradeToV6() error { - pk.Version = 6 - pk.setFingerprintAndKeyId() - return pk.checkV6Compatibility() -} - -// signingKey provides a convenient abstraction over signature verification -// for v3 and v4 public keys. -type signingKey interface { - SerializeForHash(io.Writer) error - SerializeSignaturePrefix(io.Writer) error - serializeWithoutHeaders(io.Writer) error -} - -// NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey. -func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoRSA, - PublicKey: pub, - n: new(encoding.MPI).SetBig(pub.N), - e: new(encoding.MPI).SetBig(big.NewInt(int64(pub.E))), - } - - pk.setFingerprintAndKeyId() - return pk -} - -// NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey. -func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoDSA, - PublicKey: pub, - p: new(encoding.MPI).SetBig(pub.P), - q: new(encoding.MPI).SetBig(pub.Q), - g: new(encoding.MPI).SetBig(pub.G), - y: new(encoding.MPI).SetBig(pub.Y), - } - - pk.setFingerprintAndKeyId() - return pk -} - -// NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey. -func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoElGamal, - PublicKey: pub, - p: new(encoding.MPI).SetBig(pub.P), - g: new(encoding.MPI).SetBig(pub.G), - y: new(encoding.MPI).SetBig(pub.Y), - } - - pk.setFingerprintAndKeyId() - return pk -} - -func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoECDSA, - PublicKey: pub, - p: encoding.NewMPI(pub.MarshalPoint()), - } - - curveInfo := ecc.FindByCurve(pub.GetCurve()) - if curveInfo == nil { - panic("unknown elliptic curve") - } - pk.oid = curveInfo.Oid - pk.setFingerprintAndKeyId() - return pk -} - -func NewECDHPublicKey(creationTime time.Time, pub *ecdh.PublicKey) *PublicKey { - var pk *PublicKey - var kdf = encoding.NewOID([]byte{0x1, pub.Hash.Id(), pub.Cipher.Id()}) - pk = &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoECDH, - PublicKey: pub, - p: encoding.NewMPI(pub.MarshalPoint()), - kdf: kdf, - } - - curveInfo := ecc.FindByCurve(pub.GetCurve()) - - if curveInfo == nil { - panic("unknown elliptic curve") - } - - pk.oid = curveInfo.Oid - pk.setFingerprintAndKeyId() - return pk -} - -func NewEdDSAPublicKey(creationTime time.Time, pub *eddsa.PublicKey) *PublicKey { - curveInfo := ecc.FindByCurve(pub.GetCurve()) - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoEdDSA, - PublicKey: pub, - oid: curveInfo.Oid, - // Native point format, see draft-koch-eddsa-for-openpgp-04, Appendix B - p: encoding.NewMPI(pub.MarshalPoint()), - } - - pk.setFingerprintAndKeyId() - return pk -} - -func NewX25519PublicKey(creationTime time.Time, pub *x25519.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoX25519, - PublicKey: pub, - } - - pk.setFingerprintAndKeyId() - return pk -} - -func NewX448PublicKey(creationTime time.Time, pub *x448.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoX448, - PublicKey: pub, - } - - pk.setFingerprintAndKeyId() - return pk -} - -func NewEd25519PublicKey(creationTime time.Time, pub *ed25519.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoEd25519, - PublicKey: pub, - } - - pk.setFingerprintAndKeyId() - return pk -} - -func NewEd448PublicKey(creationTime time.Time, pub *ed448.PublicKey) *PublicKey { - pk := &PublicKey{ - Version: 4, - CreationTime: creationTime, - PubKeyAlgo: PubKeyAlgoEd448, - PublicKey: pub, - } - - pk.setFingerprintAndKeyId() - return pk -} - -func (pk *PublicKey) parse(r io.Reader) (err error) { - // RFC 4880, section 5.5.2 - var buf [6]byte - _, err = readFull(r, buf[:]) - if err != nil { - return - } - - pk.Version = int(buf[0]) - if pk.Version != 4 && pk.Version != 5 && pk.Version != 6 { - return errors.UnsupportedError("public key version " + strconv.Itoa(int(buf[0]))) - } - - if V5Disabled && pk.Version == 5 { - return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed") - } - - if pk.Version >= 5 { - // Read the four-octet scalar octet count - // The count is not used in this implementation - var n [4]byte - _, err = readFull(r, n[:]) - if err != nil { - return - } - } - pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0) - pk.PubKeyAlgo = PublicKeyAlgorithm(buf[5]) - // Ignore four-ocet length - switch pk.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly: - err = pk.parseRSA(r) - case PubKeyAlgoDSA: - err = pk.parseDSA(r) - case PubKeyAlgoElGamal: - err = pk.parseElGamal(r) - case PubKeyAlgoECDSA: - err = pk.parseECDSA(r) - case PubKeyAlgoECDH: - err = pk.parseECDH(r) - case PubKeyAlgoEdDSA: - err = pk.parseEdDSA(r) - case PubKeyAlgoX25519: - err = pk.parseX25519(r) - case PubKeyAlgoX448: - err = pk.parseX448(r) - case PubKeyAlgoEd25519: - err = pk.parseEd25519(r) - case PubKeyAlgoEd448: - err = pk.parseEd448(r) - default: - err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo))) - } - if err != nil { - return - } - - pk.setFingerprintAndKeyId() - return -} - -func (pk *PublicKey) setFingerprintAndKeyId() { - // RFC 4880, section 12.2 - if pk.Version >= 5 { - fingerprint := sha256.New() - if err := pk.SerializeForHash(fingerprint); err != nil { - // Should not happen for a hash. - panic(err) - } - pk.Fingerprint = make([]byte, 32) - copy(pk.Fingerprint, fingerprint.Sum(nil)) - pk.KeyId = binary.BigEndian.Uint64(pk.Fingerprint[:8]) - } else { - fingerprint := sha1.New() - if err := pk.SerializeForHash(fingerprint); err != nil { - // Should not happen for a hash. - panic(err) - } - pk.Fingerprint = make([]byte, 20) - copy(pk.Fingerprint, fingerprint.Sum(nil)) - pk.KeyId = binary.BigEndian.Uint64(pk.Fingerprint[12:20]) - } -} - -func (pk *PublicKey) checkV6Compatibility() error { - // Implementations MUST NOT accept or generate version 6 key material using the deprecated OIDs. - switch pk.PubKeyAlgo { - case PubKeyAlgoECDH: - curveInfo := ecc.FindByOid(pk.oid) - if curveInfo == nil { - return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid)) - } - if curveInfo.GenName == ecc.Curve25519GenName { - return errors.StructuralError("cannot generate v6 key with deprecated OID: Curve25519Legacy") - } - case PubKeyAlgoEdDSA: - return errors.StructuralError("cannot generate v6 key with deprecated algorithm: EdDSALegacy") - } - return nil -} - -// parseRSA parses RSA public key material from the given Reader. See RFC 4880, -// section 5.5.2. -func (pk *PublicKey) parseRSA(r io.Reader) (err error) { - pk.n = new(encoding.MPI) - if _, err = pk.n.ReadFrom(r); err != nil { - return - } - pk.e = new(encoding.MPI) - if _, err = pk.e.ReadFrom(r); err != nil { - return - } - - if len(pk.e.Bytes()) > 3 { - err = errors.UnsupportedError("large public exponent") - return - } - rsa := &rsa.PublicKey{ - N: new(big.Int).SetBytes(pk.n.Bytes()), - E: 0, - } - for i := 0; i < len(pk.e.Bytes()); i++ { - rsa.E <<= 8 - rsa.E |= int(pk.e.Bytes()[i]) - } - pk.PublicKey = rsa - return -} - -// parseDSA parses DSA public key material from the given Reader. See RFC 4880, -// section 5.5.2. -func (pk *PublicKey) parseDSA(r io.Reader) (err error) { - pk.p = new(encoding.MPI) - if _, err = pk.p.ReadFrom(r); err != nil { - return - } - pk.q = new(encoding.MPI) - if _, err = pk.q.ReadFrom(r); err != nil { - return - } - pk.g = new(encoding.MPI) - if _, err = pk.g.ReadFrom(r); err != nil { - return - } - pk.y = new(encoding.MPI) - if _, err = pk.y.ReadFrom(r); err != nil { - return - } - - dsa := new(dsa.PublicKey) - dsa.P = new(big.Int).SetBytes(pk.p.Bytes()) - dsa.Q = new(big.Int).SetBytes(pk.q.Bytes()) - dsa.G = new(big.Int).SetBytes(pk.g.Bytes()) - dsa.Y = new(big.Int).SetBytes(pk.y.Bytes()) - pk.PublicKey = dsa - return -} - -// parseElGamal parses ElGamal public key material from the given Reader. See -// RFC 4880, section 5.5.2. -func (pk *PublicKey) parseElGamal(r io.Reader) (err error) { - pk.p = new(encoding.MPI) - if _, err = pk.p.ReadFrom(r); err != nil { - return - } - pk.g = new(encoding.MPI) - if _, err = pk.g.ReadFrom(r); err != nil { - return - } - pk.y = new(encoding.MPI) - if _, err = pk.y.ReadFrom(r); err != nil { - return - } - - elgamal := new(elgamal.PublicKey) - elgamal.P = new(big.Int).SetBytes(pk.p.Bytes()) - elgamal.G = new(big.Int).SetBytes(pk.g.Bytes()) - elgamal.Y = new(big.Int).SetBytes(pk.y.Bytes()) - pk.PublicKey = elgamal - return -} - -// parseECDSA parses ECDSA public key material from the given Reader. See -// RFC 6637, Section 9. -func (pk *PublicKey) parseECDSA(r io.Reader) (err error) { - pk.oid = new(encoding.OID) - if _, err = pk.oid.ReadFrom(r); err != nil { - return - } - - curveInfo := ecc.FindByOid(pk.oid) - if curveInfo == nil { - return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid)) - } - - pk.p = new(encoding.MPI) - if _, err = pk.p.ReadFrom(r); err != nil { - return - } - - c, ok := curveInfo.Curve.(ecc.ECDSACurve) - if !ok { - return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid)) - } - - ecdsaKey := ecdsa.NewPublicKey(c) - err = ecdsaKey.UnmarshalPoint(pk.p.Bytes()) - pk.PublicKey = ecdsaKey - - return -} - -// parseECDH parses ECDH public key material from the given Reader. See -// RFC 6637, Section 9. -func (pk *PublicKey) parseECDH(r io.Reader) (err error) { - pk.oid = new(encoding.OID) - if _, err = pk.oid.ReadFrom(r); err != nil { - return - } - - curveInfo := ecc.FindByOid(pk.oid) - if curveInfo == nil { - return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid)) - } - - if pk.Version == 6 && curveInfo.GenName == ecc.Curve25519GenName { - // Implementations MUST NOT accept or generate version 6 key material using the deprecated OIDs. - return errors.StructuralError("cannot read v6 key with deprecated OID: Curve25519Legacy") - } - - pk.p = new(encoding.MPI) - if _, err = pk.p.ReadFrom(r); err != nil { - return - } - pk.kdf = new(encoding.OID) - if _, err = pk.kdf.ReadFrom(r); err != nil { - return - } - - c, ok := curveInfo.Curve.(ecc.ECDHCurve) - if !ok { - return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid)) - } - - if kdfLen := len(pk.kdf.Bytes()); kdfLen < 3 { - return errors.UnsupportedError("unsupported ECDH KDF length: " + strconv.Itoa(kdfLen)) - } - if reserved := pk.kdf.Bytes()[0]; reserved != 0x01 { - return errors.UnsupportedError("unsupported KDF reserved field: " + strconv.Itoa(int(reserved))) - } - kdfHash, ok := algorithm.HashById[pk.kdf.Bytes()[1]] - if !ok { - return errors.UnsupportedError("unsupported ECDH KDF hash: " + strconv.Itoa(int(pk.kdf.Bytes()[1]))) - } - kdfCipher, ok := algorithm.CipherById[pk.kdf.Bytes()[2]] - if !ok { - return errors.UnsupportedError("unsupported ECDH KDF cipher: " + strconv.Itoa(int(pk.kdf.Bytes()[2]))) - } - - ecdhKey := ecdh.NewPublicKey(c, kdfHash, kdfCipher) - err = ecdhKey.UnmarshalPoint(pk.p.Bytes()) - pk.PublicKey = ecdhKey - - return -} - -func (pk *PublicKey) parseEdDSA(r io.Reader) (err error) { - if pk.Version == 6 { - // Implementations MUST NOT accept or generate version 6 key material using the deprecated OIDs. - return errors.StructuralError("cannot generate v6 key with deprecated algorithm: EdDSALegacy") - } - - pk.oid = new(encoding.OID) - if _, err = pk.oid.ReadFrom(r); err != nil { - return - } - - curveInfo := ecc.FindByOid(pk.oid) - if curveInfo == nil { - return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid)) - } - - c, ok := curveInfo.Curve.(ecc.EdDSACurve) - if !ok { - return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid)) - } - - pk.p = new(encoding.MPI) - if _, err = pk.p.ReadFrom(r); err != nil { - return - } - - if len(pk.p.Bytes()) == 0 { - return errors.StructuralError("empty EdDSA public key") - } - - pub := eddsa.NewPublicKey(c) - - switch flag := pk.p.Bytes()[0]; flag { - case 0x04: - // TODO: see _grcy_ecc_eddsa_ensure_compact in grcypt - return errors.UnsupportedError("unsupported EdDSA compression: " + strconv.Itoa(int(flag))) - case 0x40: - err = pub.UnmarshalPoint(pk.p.Bytes()) - default: - return errors.UnsupportedError("unsupported EdDSA compression: " + strconv.Itoa(int(flag))) - } - - pk.PublicKey = pub - return -} - -func (pk *PublicKey) parseX25519(r io.Reader) (err error) { - point := make([]byte, x25519.KeySize) - _, err = io.ReadFull(r, point) - if err != nil { - return - } - pub := &x25519.PublicKey{ - Point: point, - } - pk.PublicKey = pub - return -} - -func (pk *PublicKey) parseX448(r io.Reader) (err error) { - point := make([]byte, x448.KeySize) - _, err = io.ReadFull(r, point) - if err != nil { - return - } - pub := &x448.PublicKey{ - Point: point, - } - pk.PublicKey = pub - return -} - -func (pk *PublicKey) parseEd25519(r io.Reader) (err error) { - point := make([]byte, ed25519.PublicKeySize) - _, err = io.ReadFull(r, point) - if err != nil { - return - } - pub := &ed25519.PublicKey{ - Point: point, - } - pk.PublicKey = pub - return -} - -func (pk *PublicKey) parseEd448(r io.Reader) (err error) { - point := make([]byte, ed448.PublicKeySize) - _, err = io.ReadFull(r, point) - if err != nil { - return - } - pub := &ed448.PublicKey{ - Point: point, - } - pk.PublicKey = pub - return -} - -// SerializeForHash serializes the PublicKey to w with the special packet -// header format needed for hashing. -func (pk *PublicKey) SerializeForHash(w io.Writer) error { - if err := pk.SerializeSignaturePrefix(w); err != nil { - return err - } - return pk.serializeWithoutHeaders(w) -} - -// SerializeSignaturePrefix writes the prefix for this public key to the given Writer. -// The prefix is used when calculating a signature over this public key. See -// RFC 4880, section 5.2.4. -func (pk *PublicKey) SerializeSignaturePrefix(w io.Writer) error { - var pLength = pk.algorithmSpecificByteCount() - // version, timestamp, algorithm - pLength += versionSize + timestampSize + algorithmSize - if pk.Version >= 5 { - // key octet count (4). - pLength += 4 - _, err := w.Write([]byte{ - // When a v4 signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length - // of the key, and then the body of the key packet. When a v6 signature is made over a key, the hash data starts - // with the salt, then octet 0x9B, followed by a four-octet length of the key, and then the body of the key packet. - 0x95 + byte(pk.Version), - byte(pLength >> 24), - byte(pLength >> 16), - byte(pLength >> 8), - byte(pLength), - }) - return err - } - if _, err := w.Write([]byte{0x99, byte(pLength >> 8), byte(pLength)}); err != nil { - return err - } - return nil -} - -func (pk *PublicKey) Serialize(w io.Writer) (err error) { - length := uint32(versionSize + timestampSize + algorithmSize) // 6 byte header - length += pk.algorithmSpecificByteCount() - if pk.Version >= 5 { - length += 4 // octet key count - } - packetType := packetTypePublicKey - if pk.IsSubkey { - packetType = packetTypePublicSubkey - } - err = serializeHeader(w, packetType, int(length)) - if err != nil { - return - } - return pk.serializeWithoutHeaders(w) -} - -func (pk *PublicKey) algorithmSpecificByteCount() uint32 { - length := uint32(0) - switch pk.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly: - length += uint32(pk.n.EncodedLength()) - length += uint32(pk.e.EncodedLength()) - case PubKeyAlgoDSA: - length += uint32(pk.p.EncodedLength()) - length += uint32(pk.q.EncodedLength()) - length += uint32(pk.g.EncodedLength()) - length += uint32(pk.y.EncodedLength()) - case PubKeyAlgoElGamal: - length += uint32(pk.p.EncodedLength()) - length += uint32(pk.g.EncodedLength()) - length += uint32(pk.y.EncodedLength()) - case PubKeyAlgoECDSA: - length += uint32(pk.oid.EncodedLength()) - length += uint32(pk.p.EncodedLength()) - case PubKeyAlgoECDH: - length += uint32(pk.oid.EncodedLength()) - length += uint32(pk.p.EncodedLength()) - length += uint32(pk.kdf.EncodedLength()) - case PubKeyAlgoEdDSA: - length += uint32(pk.oid.EncodedLength()) - length += uint32(pk.p.EncodedLength()) - case PubKeyAlgoX25519: - length += x25519.KeySize - case PubKeyAlgoX448: - length += x448.KeySize - case PubKeyAlgoEd25519: - length += ed25519.PublicKeySize - case PubKeyAlgoEd448: - length += ed448.PublicKeySize - default: - panic("unknown public key algorithm") - } - return length -} - -// serializeWithoutHeaders marshals the PublicKey to w in the form of an -// OpenPGP public key packet, not including the packet header. -func (pk *PublicKey) serializeWithoutHeaders(w io.Writer) (err error) { - t := uint32(pk.CreationTime.Unix()) - if _, err = w.Write([]byte{ - byte(pk.Version), - byte(t >> 24), byte(t >> 16), byte(t >> 8), byte(t), - byte(pk.PubKeyAlgo), - }); err != nil { - return - } - - if pk.Version >= 5 { - n := pk.algorithmSpecificByteCount() - if _, err = w.Write([]byte{ - byte(n >> 24), byte(n >> 16), byte(n >> 8), byte(n), - }); err != nil { - return - } - } - - switch pk.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly: - if _, err = w.Write(pk.n.EncodedBytes()); err != nil { - return - } - _, err = w.Write(pk.e.EncodedBytes()) - return - case PubKeyAlgoDSA: - if _, err = w.Write(pk.p.EncodedBytes()); err != nil { - return - } - if _, err = w.Write(pk.q.EncodedBytes()); err != nil { - return - } - if _, err = w.Write(pk.g.EncodedBytes()); err != nil { - return - } - _, err = w.Write(pk.y.EncodedBytes()) - return - case PubKeyAlgoElGamal: - if _, err = w.Write(pk.p.EncodedBytes()); err != nil { - return - } - if _, err = w.Write(pk.g.EncodedBytes()); err != nil { - return - } - _, err = w.Write(pk.y.EncodedBytes()) - return - case PubKeyAlgoECDSA: - if _, err = w.Write(pk.oid.EncodedBytes()); err != nil { - return - } - _, err = w.Write(pk.p.EncodedBytes()) - return - case PubKeyAlgoECDH: - if _, err = w.Write(pk.oid.EncodedBytes()); err != nil { - return - } - if _, err = w.Write(pk.p.EncodedBytes()); err != nil { - return - } - _, err = w.Write(pk.kdf.EncodedBytes()) - return - case PubKeyAlgoEdDSA: - if _, err = w.Write(pk.oid.EncodedBytes()); err != nil { - return - } - _, err = w.Write(pk.p.EncodedBytes()) - return - case PubKeyAlgoX25519: - publicKey := pk.PublicKey.(*x25519.PublicKey) - _, err = w.Write(publicKey.Point) - return - case PubKeyAlgoX448: - publicKey := pk.PublicKey.(*x448.PublicKey) - _, err = w.Write(publicKey.Point) - return - case PubKeyAlgoEd25519: - publicKey := pk.PublicKey.(*ed25519.PublicKey) - _, err = w.Write(publicKey.Point) - return - case PubKeyAlgoEd448: - publicKey := pk.PublicKey.(*ed448.PublicKey) - _, err = w.Write(publicKey.Point) - return - } - return errors.InvalidArgumentError("bad public-key algorithm") -} - -// CanSign returns true iff this public key can generate signatures -func (pk *PublicKey) CanSign() bool { - return pk.PubKeyAlgo != PubKeyAlgoRSAEncryptOnly && pk.PubKeyAlgo != PubKeyAlgoElGamal && pk.PubKeyAlgo != PubKeyAlgoECDH -} - -// VerifyHashTag returns nil iff sig appears to be a plausible signature of the data -// hashed into signed, based solely on its HashTag. signed is mutated by this call. -func VerifyHashTag(signed hash.Hash, sig *Signature) (err error) { - if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) { - sig.AddMetadataToHashSuffix() - } - signed.Write(sig.HashSuffix) - hashBytes := signed.Sum(nil) - if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] { - return errors.SignatureError("hash tag doesn't match") - } - return nil -} - -// VerifySignature returns nil iff sig is a valid signature, made by this -// public key, of the data hashed into signed. signed is mutated by this call. -func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error) { - if !pk.CanSign() { - return errors.InvalidArgumentError("public key cannot generate signatures") - } - if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) { - sig.AddMetadataToHashSuffix() - } - signed.Write(sig.HashSuffix) - hashBytes := signed.Sum(nil) - // see discussion https://github.com/ProtonMail/go-crypto/issues/107 - if sig.Version >= 5 && (hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1]) { - return errors.SignatureError("hash tag doesn't match") - } - - if pk.PubKeyAlgo != sig.PubKeyAlgo { - return errors.InvalidArgumentError("public key and signature use different algorithms") - } - - switch pk.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: - rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey) - err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.Bytes())) - if err != nil { - return errors.SignatureError("RSA verification failure") - } - return nil - case PubKeyAlgoDSA: - dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey) - // Need to truncate hashBytes to match FIPS 186-3 section 4.6. - subgroupSize := (dsaPublicKey.Q.BitLen() + 7) / 8 - if len(hashBytes) > subgroupSize { - hashBytes = hashBytes[:subgroupSize] - } - if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.Bytes()), new(big.Int).SetBytes(sig.DSASigS.Bytes())) { - return errors.SignatureError("DSA verification failure") - } - return nil - case PubKeyAlgoECDSA: - ecdsaPublicKey := pk.PublicKey.(*ecdsa.PublicKey) - if !ecdsa.Verify(ecdsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.ECDSASigR.Bytes()), new(big.Int).SetBytes(sig.ECDSASigS.Bytes())) { - return errors.SignatureError("ECDSA verification failure") - } - return nil - case PubKeyAlgoEdDSA: - eddsaPublicKey := pk.PublicKey.(*eddsa.PublicKey) - if !eddsa.Verify(eddsaPublicKey, hashBytes, sig.EdDSASigR.Bytes(), sig.EdDSASigS.Bytes()) { - return errors.SignatureError("EdDSA verification failure") - } - return nil - case PubKeyAlgoEd25519: - ed25519PublicKey := pk.PublicKey.(*ed25519.PublicKey) - if !ed25519.Verify(ed25519PublicKey, hashBytes, sig.EdSig) { - return errors.SignatureError("Ed25519 verification failure") - } - return nil - case PubKeyAlgoEd448: - ed448PublicKey := pk.PublicKey.(*ed448.PublicKey) - if !ed448.Verify(ed448PublicKey, hashBytes, sig.EdSig) { - return errors.SignatureError("ed448 verification failure") - } - return nil - default: - return errors.SignatureError("Unsupported public key algorithm used in signature") - } -} - -// keySignatureHash returns a Hash of the message that needs to be signed for -// pk to assert a subkey relationship to signed. -func keySignatureHash(pk, signed signingKey, hashFunc hash.Hash) (h hash.Hash, err error) { - h = hashFunc - - // RFC 4880, section 5.2.4 - err = pk.SerializeForHash(h) - if err != nil { - return nil, err - } - - err = signed.SerializeForHash(h) - return -} - -// VerifyKeyHashTag returns nil iff sig appears to be a plausible signature over this -// primary key and subkey, based solely on its HashTag. -func (pk *PublicKey) VerifyKeyHashTag(signed *PublicKey, sig *Signature) error { - preparedHash, err := sig.PrepareVerify() - if err != nil { - return err - } - h, err := keySignatureHash(pk, signed, preparedHash) - if err != nil { - return err - } - return VerifyHashTag(h, sig) -} - -// VerifyKeySignature returns nil iff sig is a valid signature, made by this -// public key, of signed. -func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error { - preparedHash, err := sig.PrepareVerify() - if err != nil { - return err - } - h, err := keySignatureHash(pk, signed, preparedHash) - if err != nil { - return err - } - if err = pk.VerifySignature(h, sig); err != nil { - return err - } - - if sig.FlagSign { - // Signing subkeys must be cross-signed. See - // https://www.gnupg.org/faq/subkey-cross-certify.html. - if sig.EmbeddedSignature == nil { - return errors.StructuralError("signing subkey is missing cross-signature") - } - preparedHashEmbedded, err := sig.EmbeddedSignature.PrepareVerify() - if err != nil { - return err - } - // Verify the cross-signature. This is calculated over the same - // data as the main signature, so we cannot just recursively - // call signed.VerifyKeySignature(...) - if h, err = keySignatureHash(pk, signed, preparedHashEmbedded); err != nil { - return errors.StructuralError("error while hashing for cross-signature: " + err.Error()) - } - if err := signed.VerifySignature(h, sig.EmbeddedSignature); err != nil { - return errors.StructuralError("error while verifying cross-signature: " + err.Error()) - } - } - - return nil -} - -func keyRevocationHash(pk signingKey, hashFunc hash.Hash) (err error) { - return pk.SerializeForHash(hashFunc) -} - -// VerifyRevocationHashTag returns nil iff sig appears to be a plausible signature -// over this public key, based solely on its HashTag. -func (pk *PublicKey) VerifyRevocationHashTag(sig *Signature) (err error) { - preparedHash, err := sig.PrepareVerify() - if err != nil { - return err - } - if err = keyRevocationHash(pk, preparedHash); err != nil { - return err - } - return VerifyHashTag(preparedHash, sig) -} - -// VerifyRevocationSignature returns nil iff sig is a valid signature, made by this -// public key. -func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error) { - preparedHash, err := sig.PrepareVerify() - if err != nil { - return err - } - if err = keyRevocationHash(pk, preparedHash); err != nil { - return err - } - return pk.VerifySignature(preparedHash, sig) -} - -// VerifySubkeyRevocationSignature returns nil iff sig is a valid subkey revocation signature, -// made by this public key, of signed. -func (pk *PublicKey) VerifySubkeyRevocationSignature(sig *Signature, signed *PublicKey) (err error) { - preparedHash, err := sig.PrepareVerify() - if err != nil { - return err - } - h, err := keySignatureHash(pk, signed, preparedHash) - if err != nil { - return err - } - return pk.VerifySignature(h, sig) -} - -// userIdSignatureHash returns a Hash of the message that needs to be signed -// to assert that pk is a valid key for id. -func userIdSignatureHash(id string, pk *PublicKey, h hash.Hash) (err error) { - - // RFC 4880, section 5.2.4 - if err := pk.SerializeSignaturePrefix(h); err != nil { - return err - } - if err := pk.serializeWithoutHeaders(h); err != nil { - return err - } - - var buf [5]byte - buf[0] = 0xb4 - buf[1] = byte(len(id) >> 24) - buf[2] = byte(len(id) >> 16) - buf[3] = byte(len(id) >> 8) - buf[4] = byte(len(id)) - h.Write(buf[:]) - h.Write([]byte(id)) - - return nil -} - -// directKeySignatureHash returns a Hash of the message that needs to be signed. -func directKeySignatureHash(pk *PublicKey, h hash.Hash) (err error) { - return pk.SerializeForHash(h) -} - -// VerifyUserIdHashTag returns nil iff sig appears to be a plausible signature over this -// public key and UserId, based solely on its HashTag -func (pk *PublicKey) VerifyUserIdHashTag(id string, sig *Signature) (err error) { - preparedHash, err := sig.PrepareVerify() - if err != nil { - return err - } - err = userIdSignatureHash(id, pk, preparedHash) - if err != nil { - return err - } - return VerifyHashTag(preparedHash, sig) -} - -// VerifyUserIdSignature returns nil iff sig is a valid signature, made by this -// public key, that id is the identity of pub. -func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error) { - h, err := sig.PrepareVerify() - if err != nil { - return err - } - if err := userIdSignatureHash(id, pub, h); err != nil { - return err - } - return pk.VerifySignature(h, sig) -} - -// VerifyDirectKeySignature returns nil iff sig is a valid signature, made by this -// public key. -func (pk *PublicKey) VerifyDirectKeySignature(sig *Signature) (err error) { - h, err := sig.PrepareVerify() - if err != nil { - return err - } - if err := directKeySignatureHash(pk, h); err != nil { - return err - } - return pk.VerifySignature(h, sig) -} - -// KeyIdString returns the public key's fingerprint in capital hex -// (e.g. "6C7EE1B8621CC013"). -func (pk *PublicKey) KeyIdString() string { - return fmt.Sprintf("%016X", pk.KeyId) -} - -// KeyIdShortString returns the short form of public key's fingerprint -// in capital hex, as shown by gpg --list-keys (e.g. "621CC013"). -// This function will return the full key id for v5 and v6 keys -// since the short key id is undefined for them. -func (pk *PublicKey) KeyIdShortString() string { - if pk.Version >= 5 { - return pk.KeyIdString() - } - return fmt.Sprintf("%X", pk.Fingerprint[16:20]) -} - -// BitLength returns the bit length for the given public key. -func (pk *PublicKey) BitLength() (bitLength uint16, err error) { - switch pk.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly: - bitLength = pk.n.BitLength() - case PubKeyAlgoDSA: - bitLength = pk.p.BitLength() - case PubKeyAlgoElGamal: - bitLength = pk.p.BitLength() - case PubKeyAlgoECDSA: - bitLength = pk.p.BitLength() - case PubKeyAlgoECDH: - bitLength = pk.p.BitLength() - case PubKeyAlgoEdDSA: - bitLength = pk.p.BitLength() - case PubKeyAlgoX25519: - bitLength = x25519.KeySize * 8 - case PubKeyAlgoX448: - bitLength = x448.KeySize * 8 - case PubKeyAlgoEd25519: - bitLength = ed25519.PublicKeySize * 8 - case PubKeyAlgoEd448: - bitLength = ed448.PublicKeySize * 8 - default: - err = errors.InvalidArgumentError("bad public-key algorithm") - } - return -} - -// Curve returns the used elliptic curve of this public key. -// Returns an error if no elliptic curve is used. -func (pk *PublicKey) Curve() (curve Curve, err error) { - switch pk.PubKeyAlgo { - case PubKeyAlgoECDSA, PubKeyAlgoECDH, PubKeyAlgoEdDSA: - curveInfo := ecc.FindByOid(pk.oid) - if curveInfo == nil { - return "", errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid)) - } - curve = Curve(curveInfo.GenName) - case PubKeyAlgoEd25519, PubKeyAlgoX25519: - curve = Curve25519 - case PubKeyAlgoEd448, PubKeyAlgoX448: - curve = Curve448 - default: - err = errors.InvalidArgumentError("public key does not operate with an elliptic curve") - } - return -} - -// KeyExpired returns whether sig is a self-signature of a key that has -// expired or is created in the future. -func (pk *PublicKey) KeyExpired(sig *Signature, currentTime time.Time) bool { - if pk.CreationTime.Unix() > currentTime.Unix() { - return true - } - if sig.KeyLifetimeSecs == nil || *sig.KeyLifetimeSecs == 0 { - return false - } - expiry := pk.CreationTime.Add(time.Duration(*sig.KeyLifetimeSecs) * time.Second) - return currentTime.Unix() > expiry.Unix() -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go deleted file mode 100644 index b255f1f6f8..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go +++ /dev/null @@ -1,24 +0,0 @@ -package packet - -const rsaFingerprintHex = "5fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb" - -const rsaPkDataHex = "988d044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd0011010001" - -const dsaFingerprintHex = "eece4c094db002103714c63c8e8fbe54062f19ed" - -const dsaPkDataHex = "9901a2044d432f89110400cd581334f0d7a1e1bdc8b9d6d8c0baf68793632735d2bb0903224cbaa1dfbf35a60ee7a13b92643421e1eb41aa8d79bea19a115a677f6b8ba3c7818ce53a6c2a24a1608bd8b8d6e55c5090cbde09dd26e356267465ae25e69ec8bdd57c7bbb2623e4d73336f73a0a9098f7f16da2e25252130fd694c0e8070c55a812a423ae7f00a0ebf50e70c2f19c3520a551bd4b08d30f23530d3d03ff7d0bf4a53a64a09dc5e6e6e35854b7d70c882b0c60293401958b1bd9e40abec3ea05ba87cf64899299d4bd6aa7f459c201d3fbbd6c82004bdc5e8a9eb8082d12054cc90fa9d4ec251a843236a588bf49552441817436c4f43326966fe85447d4e6d0acf8fa1ef0f014730770603ad7634c3088dc52501c237328417c31c89ed70400b2f1a98b0bf42f11fefc430704bebbaa41d9f355600c3facee1e490f64208e0e094ea55e3a598a219a58500bf78ac677b670a14f4e47e9cf8eab4f368cc1ddcaa18cc59309d4cc62dd4f680e73e6cc3e1ce87a84d0925efbcb26c575c093fc42eecf45135fabf6403a25c2016e1774c0484e440a18319072c617cc97ac0a3bb0" - -const ecdsaFingerprintHex = "9892270b38b8980b05c8d56d43fe956c542ca00b" - -const ecdsaPkDataHex = "9893045071c29413052b8104002304230401f4867769cedfa52c325018896245443968e52e51d0c2df8d939949cb5b330f2921711fbee1c9b9dddb95d15cb0255e99badeddda7cc23d9ddcaacbc290969b9f24019375d61c2e4e3b36953a28d8b2bc95f78c3f1d592fb24499be348656a7b17e3963187b4361afe497bc5f9f81213f04069f8e1fb9e6a6290ae295ca1a92b894396cb4" - -const ecdhFingerprintHex = "722354df2475a42164d1d49faa8b938f9a201946" - -const ecdhPkDataHex = "b90073044d53059212052b810400220303042faa84024a20b6735c4897efa5bfb41bf85b7eefeab5ca0cb9ffc8ea04a46acb25534a577694f9e25340a4ab5223a9dd1eda530c8aa2e6718db10d7e672558c7736fe09369ea5739a2a3554bf16d41faa50562f11c6d39bbd5dffb6b9a9ec91803010909" - -const eddsaFingerprintHex = "b2d5e5ec0e6deca6bc8eeeb00907e75e1dd99ad8" - -const eddsaPkDataHex = "98330456e2132b16092b06010401da470f01010740bbda39266affa511a8c2d02edf690fb784b0499c4406185811a163539ef11dc1b41d74657374696e67203c74657374696e674074657374696e672e636f6d3e8879041316080021050256e2132b021b03050b09080702061508090a0b020416020301021e01021780000a09100907e75e1dd99ad86d0c00fe39d2008359352782bc9b61ac382584cd8eff3f57a18c2287e3afeeb05d1f04ba00fe2d0bc1ddf3ff8adb9afa3e7d9287244b4ec567f3db4d60b74a9b5465ed528203" - -// Source: https://sites.google.com/site/brainhub/pgpecckeys#TOC-ECC-NIST-P-384-key -const ecc384PubHex = `99006f044d53059213052b81040022030304f6b8c5aced5b84ef9f4a209db2e4a9dfb70d28cb8c10ecd57674a9fa5a67389942b62d5e51367df4c7bfd3f8e500feecf07ed265a621a8ebbbe53e947ec78c677eba143bd1533c2b350e1c29f82313e1e1108eba063be1e64b10e6950e799c2db42465635f6473615f64685f333834203c6f70656e70677040627261696e6875622e6f72673e8900cb04101309005305024d530592301480000000002000077072656665727265642d656d61696c2d656e636f64696e67407067702e636f6d7067706d696d65040b090807021901051b03000000021602051e010000000415090a08000a0910098033880f54719fca2b0180aa37350968bd5f115afd8ce7bc7b103822152dbff06d0afcda835329510905b98cb469ba208faab87c7412b799e7b633017f58364ea480e8a1a3f253a0c5f22c446e8be9a9fce6210136ee30811abbd49139de28b5bdf8dc36d06ae748579e9ff503b90073044d53059212052b810400220303042faa84024a20b6735c4897efa5bfb41bf85b7eefeab5ca0cb9ffc8ea04a46acb25534a577694f9e25340a4ab5223a9dd1eda530c8aa2e6718db10d7e672558c7736fe09369ea5739a2a3554bf16d41faa50562f11c6d39bbd5dffb6b9a9ec9180301090989008404181309000c05024d530592051b0c000000000a0910098033880f54719f80970180eee7a6d8fcee41ee4f9289df17f9bcf9d955dca25c583b94336f3a2b2d4986dc5cf417b8d2dc86f741a9e1a6d236c0e3017d1c76575458a0cfb93ae8a2b274fcc65ceecd7a91eec83656ba13219969f06945b48c56bd04152c3a0553c5f2f4bd1267` diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go deleted file mode 100644 index dd84092392..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go +++ /dev/null @@ -1,209 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -type PacketReader interface { - Next() (p Packet, err error) - Push(reader io.Reader) (err error) - Unread(p Packet) -} - -// Reader reads packets from an io.Reader and allows packets to be 'unread' so -// that they result from the next call to Next. -type Reader struct { - q []Packet - readers []io.Reader -} - -// New io.Readers are pushed when a compressed or encrypted packet is processed -// and recursively treated as a new source of packets. However, a carefully -// crafted packet can trigger an infinite recursive sequence of packets. See -// http://mumble.net/~campbell/misc/pgp-quine -// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402 -// This constant limits the number of recursive packets that may be pushed. -const maxReaders = 32 - -// Next returns the most recently unread Packet, or reads another packet from -// the top-most io.Reader. Unknown/unsupported/Marker packet types are skipped. -func (r *Reader) Next() (p Packet, err error) { - for { - p, err := r.read() - if err == io.EOF { - break - } else if err != nil { - if _, ok := err.(errors.UnknownPacketTypeError); ok { - continue - } - if _, ok := err.(errors.UnsupportedError); ok { - switch p.(type) { - case *SymmetricallyEncrypted, *AEADEncrypted, *Compressed, *LiteralData: - return nil, err - } - continue - } - return nil, err - } else { - //A marker packet MUST be ignored when received - switch p.(type) { - case *Marker: - continue - } - return p, nil - } - } - return nil, io.EOF -} - -// Next returns the most recently unread Packet, or reads another packet from -// the top-most io.Reader. Unknown/Marker packet types are skipped while unsupported -// packets are returned as UnsupportedPacket type. -func (r *Reader) NextWithUnsupported() (p Packet, err error) { - for { - p, err = r.read() - if err == io.EOF { - break - } else if err != nil { - if _, ok := err.(errors.UnknownPacketTypeError); ok { - continue - } - if casteErr, ok := err.(errors.UnsupportedError); ok { - return &UnsupportedPacket{ - IncompletePacket: p, - Error: casteErr, - }, nil - } - return - } else { - //A marker packet MUST be ignored when received - switch p.(type) { - case *Marker: - continue - } - return - } - } - return nil, io.EOF -} - -func (r *Reader) read() (p Packet, err error) { - if len(r.q) > 0 { - p = r.q[len(r.q)-1] - r.q = r.q[:len(r.q)-1] - return - } - for len(r.readers) > 0 { - p, err = Read(r.readers[len(r.readers)-1]) - if err == io.EOF { - r.readers = r.readers[:len(r.readers)-1] - continue - } - return p, err - } - return nil, io.EOF -} - -// Push causes the Reader to start reading from a new io.Reader. When an EOF -// error is seen from the new io.Reader, it is popped and the Reader continues -// to read from the next most recent io.Reader. Push returns a StructuralError -// if pushing the reader would exceed the maximum recursion level, otherwise it -// returns nil. -func (r *Reader) Push(reader io.Reader) (err error) { - if len(r.readers) >= maxReaders { - return errors.StructuralError("too many layers of packets") - } - r.readers = append(r.readers, reader) - return nil -} - -// Unread causes the given Packet to be returned from the next call to Next. -func (r *Reader) Unread(p Packet) { - r.q = append(r.q, p) -} - -func NewReader(r io.Reader) *Reader { - return &Reader{ - q: nil, - readers: []io.Reader{r}, - } -} - -// CheckReader is similar to Reader but additionally -// uses the pushdown automata to verify the read packet sequence. -type CheckReader struct { - Reader - verifier *SequenceVerifier - fullyRead bool -} - -// Next returns the most recently unread Packet, or reads another packet from -// the top-most io.Reader. Unknown packet types are skipped. -// If the read packet sequence does not conform to the packet composition -// rules in rfc4880, it returns an error. -func (r *CheckReader) Next() (p Packet, err error) { - if r.fullyRead { - return nil, io.EOF - } - if len(r.q) > 0 { - p = r.q[len(r.q)-1] - r.q = r.q[:len(r.q)-1] - return - } - var errMsg error - for len(r.readers) > 0 { - p, errMsg, err = ReadWithCheck(r.readers[len(r.readers)-1], r.verifier) - if errMsg != nil { - err = errMsg - return - } - if err == nil { - return - } - if err == io.EOF { - r.readers = r.readers[:len(r.readers)-1] - continue - } - //A marker packet MUST be ignored when received - switch p.(type) { - case *Marker: - continue - } - if _, ok := err.(errors.UnknownPacketTypeError); ok { - continue - } - if _, ok := err.(errors.UnsupportedError); ok { - switch p.(type) { - case *SymmetricallyEncrypted, *AEADEncrypted, *Compressed, *LiteralData: - return nil, err - } - continue - } - return nil, err - } - if errMsg = r.verifier.Next(EOSSymbol); errMsg != nil { - return nil, errMsg - } - if errMsg = r.verifier.AssertValid(); errMsg != nil { - return nil, errMsg - } - r.fullyRead = true - return nil, io.EOF -} - -func NewCheckReader(r io.Reader) *CheckReader { - return &CheckReader{ - Reader: Reader{ - q: nil, - readers: []io.Reader{r}, - }, - verifier: NewSequenceVerifier(), - fullyRead: false, - } -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go deleted file mode 100644 index fb2e362e4a..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go +++ /dev/null @@ -1,15 +0,0 @@ -package packet - -// Recipient type represents a Intended Recipient Fingerprint subpacket -// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-intended-recipient-fingerpr -type Recipient struct { - KeyVersion int - Fingerprint []byte -} - -func (r *Recipient) Serialize() []byte { - packet := make([]byte, len(r.Fingerprint)+1) - packet[0] = byte(r.KeyVersion) - copy(packet[1:], r.Fingerprint) - return packet -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go deleted file mode 100644 index 84dd3b86f8..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go +++ /dev/null @@ -1,1511 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "bytes" - "crypto" - "crypto/dsa" - "encoding/asn1" - "encoding/binary" - "hash" - "io" - "math/big" - "strconv" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/ecdsa" - "github.com/ProtonMail/go-crypto/openpgp/ed25519" - "github.com/ProtonMail/go-crypto/openpgp/ed448" - "github.com/ProtonMail/go-crypto/openpgp/eddsa" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/internal/encoding" -) - -const ( - // First octet of key flags. - // See RFC 9580, section 5.2.3.29 for details. - KeyFlagCertify = 1 << iota - KeyFlagSign - KeyFlagEncryptCommunications - KeyFlagEncryptStorage - KeyFlagSplitKey - KeyFlagAuthenticate - _ - KeyFlagGroupKey -) - -const ( - // First octet of keyserver preference flags. - // See RFC 9580, section 5.2.3.25 for details. - _ = 1 << iota - _ - _ - _ - _ - _ - _ - KeyserverPrefNoModify -) - -const SaltNotationName = "salt@notations.openpgpjs.org" - -// Signature represents a signature. See RFC 9580, section 5.2. -type Signature struct { - Version int - SigType SignatureType - PubKeyAlgo PublicKeyAlgorithm - Hash crypto.Hash - // salt contains a random salt value for v6 signatures - // See RFC 9580 Section 5.2.4. - salt []byte - - // HashSuffix is extra data that is hashed in after the signed data. - HashSuffix []byte - // HashTag contains the first two bytes of the hash for fast rejection - // of bad signed data. - HashTag [2]byte - - // Metadata includes format, filename and time, and is protected by v5 - // signatures of type 0x00 or 0x01. This metadata is included into the hash - // computation; if nil, six 0x00 bytes are used instead. See section 5.2.4. - Metadata *LiteralData - - CreationTime time.Time - - RSASignature encoding.Field - DSASigR, DSASigS encoding.Field - ECDSASigR, ECDSASigS encoding.Field - EdDSASigR, EdDSASigS encoding.Field - EdSig []byte - - // rawSubpackets contains the unparsed subpackets, in order. - rawSubpackets []outputSubpacket - - // The following are optional so are nil when not included in the - // signature. - - SigLifetimeSecs, KeyLifetimeSecs *uint32 - PreferredSymmetric, PreferredHash, PreferredCompression []uint8 - PreferredCipherSuites [][2]uint8 - IssuerKeyId *uint64 - IssuerFingerprint []byte - SignerUserId *string - IsPrimaryId *bool - Notations []*Notation - IntendedRecipients []*Recipient - - // TrustLevel and TrustAmount can be set by the signer to assert that - // the key is not only valid but also trustworthy at the specified - // level. - // See RFC 9580, section 5.2.3.21 for details. - TrustLevel TrustLevel - TrustAmount TrustAmount - - // TrustRegularExpression can be used in conjunction with trust Signature - // packets to limit the scope of the trust that is extended. - // See RFC 9580, section 5.2.3.22 for details. - TrustRegularExpression *string - - // KeyserverPrefsValid is set if any keyserver preferences were given. See RFC 9580, section - // 5.2.3.25 for details. - KeyserverPrefsValid bool - KeyserverPrefNoModify bool - - // PreferredKeyserver can be set to a URI where the latest version of the - // key that this signature is made over can be found. See RFC 9580, section - // 5.2.3.26 for details. - PreferredKeyserver string - - // PolicyURI can be set to the URI of a document that describes the - // policy under which the signature was issued. See RFC 9580, section - // 5.2.3.28 for details. - PolicyURI string - - // FlagsValid is set if any flags were given. See RFC 9580, section - // 5.2.3.29 for details. - FlagsValid bool - FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage, FlagSplitKey, FlagAuthenticate, FlagGroupKey bool - - // RevocationReason is set if this signature has been revoked. - // See RFC 9580, section 5.2.3.31 for details. - RevocationReason *ReasonForRevocation - RevocationReasonText string - - // In a self-signature, these flags are set there is a features subpacket - // indicating that the issuer implementation supports these features - // see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#features-subpacket - SEIPDv1, SEIPDv2 bool - - // EmbeddedSignature, if non-nil, is a signature of the parent key, by - // this key. This prevents an attacker from claiming another's signing - // subkey as their own. - EmbeddedSignature *Signature - - outSubpackets []outputSubpacket -} - -// VerifiableSignature internally keeps state if the -// the signature has been verified before. -type VerifiableSignature struct { - Valid *bool // nil if it has not been verified yet - Packet *Signature -} - -// NewVerifiableSig returns a struct of type VerifiableSignature referencing the input signature. -func NewVerifiableSig(signature *Signature) *VerifiableSignature { - return &VerifiableSignature{ - Packet: signature, - } -} - -// Salt returns the signature salt for v6 signatures. -func (sig *Signature) Salt() []byte { - if sig == nil { - return nil - } - return sig.salt -} - -func (sig *Signature) parse(r io.Reader) (err error) { - // RFC 9580, section 5.2.3 - var buf [7]byte - _, err = readFull(r, buf[:1]) - if err != nil { - return - } - sig.Version = int(buf[0]) - if sig.Version != 4 && sig.Version != 5 && sig.Version != 6 { - err = errors.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0]))) - return - } - - if V5Disabled && sig.Version == 5 { - return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed") - } - - if sig.Version == 6 { - _, err = readFull(r, buf[:7]) - } else { - _, err = readFull(r, buf[:5]) - } - if err != nil { - return - } - sig.SigType = SignatureType(buf[0]) - sig.PubKeyAlgo = PublicKeyAlgorithm(buf[1]) - switch sig.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA, PubKeyAlgoEdDSA, PubKeyAlgoEd25519, PubKeyAlgoEd448: - default: - err = errors.UnsupportedError("public key algorithm " + strconv.Itoa(int(sig.PubKeyAlgo))) - return - } - - var ok bool - - if sig.Version < 5 { - sig.Hash, ok = algorithm.HashIdToHashWithSha1(buf[2]) - } else { - sig.Hash, ok = algorithm.HashIdToHash(buf[2]) - } - - if !ok { - return errors.UnsupportedError("hash function " + strconv.Itoa(int(buf[2]))) - } - - var hashedSubpacketsLength int - if sig.Version == 6 { - // For a v6 signature, a four-octet length is used. - hashedSubpacketsLength = - int(buf[3])<<24 | - int(buf[4])<<16 | - int(buf[5])<<8 | - int(buf[6]) - } else { - hashedSubpacketsLength = int(buf[3])<<8 | int(buf[4]) - } - hashedSubpackets := make([]byte, hashedSubpacketsLength) - _, err = readFull(r, hashedSubpackets) - if err != nil { - return - } - err = sig.buildHashSuffix(hashedSubpackets) - if err != nil { - return - } - - err = parseSignatureSubpackets(sig, hashedSubpackets, true) - if err != nil { - return - } - - if sig.Version == 6 { - _, err = readFull(r, buf[:4]) - } else { - _, err = readFull(r, buf[:2]) - } - - if err != nil { - return - } - var unhashedSubpacketsLength uint32 - if sig.Version == 6 { - unhashedSubpacketsLength = uint32(buf[0])<<24 | uint32(buf[1])<<16 | uint32(buf[2])<<8 | uint32(buf[3]) - } else { - unhashedSubpacketsLength = uint32(buf[0])<<8 | uint32(buf[1]) - } - unhashedSubpackets := make([]byte, unhashedSubpacketsLength) - _, err = readFull(r, unhashedSubpackets) - if err != nil { - return - } - err = parseSignatureSubpackets(sig, unhashedSubpackets, false) - if err != nil { - return - } - - _, err = readFull(r, sig.HashTag[:2]) - if err != nil { - return - } - - if sig.Version == 6 { - // Only for v6 signatures, a variable-length field containing the salt - _, err = readFull(r, buf[:1]) - if err != nil { - return - } - saltLength := int(buf[0]) - var expectedSaltLength int - expectedSaltLength, err = SaltLengthForHash(sig.Hash) - if err != nil { - return - } - if saltLength != expectedSaltLength { - err = errors.StructuralError("unexpected salt size for the given hash algorithm") - return - } - salt := make([]byte, expectedSaltLength) - _, err = readFull(r, salt) - if err != nil { - return - } - sig.salt = salt - } - - switch sig.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: - sig.RSASignature = new(encoding.MPI) - _, err = sig.RSASignature.ReadFrom(r) - case PubKeyAlgoDSA: - sig.DSASigR = new(encoding.MPI) - if _, err = sig.DSASigR.ReadFrom(r); err != nil { - return - } - - sig.DSASigS = new(encoding.MPI) - _, err = sig.DSASigS.ReadFrom(r) - case PubKeyAlgoECDSA: - sig.ECDSASigR = new(encoding.MPI) - if _, err = sig.ECDSASigR.ReadFrom(r); err != nil { - return - } - - sig.ECDSASigS = new(encoding.MPI) - _, err = sig.ECDSASigS.ReadFrom(r) - case PubKeyAlgoEdDSA: - sig.EdDSASigR = new(encoding.MPI) - if _, err = sig.EdDSASigR.ReadFrom(r); err != nil { - return - } - - sig.EdDSASigS = new(encoding.MPI) - if _, err = sig.EdDSASigS.ReadFrom(r); err != nil { - return - } - case PubKeyAlgoEd25519: - sig.EdSig, err = ed25519.ReadSignature(r) - if err != nil { - return - } - case PubKeyAlgoEd448: - sig.EdSig, err = ed448.ReadSignature(r) - if err != nil { - return - } - default: - panic("unreachable") - } - return -} - -// parseSignatureSubpackets parses subpackets of the main signature packet. See -// RFC 9580, section 5.2.3.1. -func parseSignatureSubpackets(sig *Signature, subpackets []byte, isHashed bool) (err error) { - for len(subpackets) > 0 { - subpackets, err = parseSignatureSubpacket(sig, subpackets, isHashed) - if err != nil { - return - } - } - - if sig.CreationTime.IsZero() { - err = errors.StructuralError("no creation time in signature") - } - - return -} - -type signatureSubpacketType uint8 - -const ( - creationTimeSubpacket signatureSubpacketType = 2 - signatureExpirationSubpacket signatureSubpacketType = 3 - exportableCertSubpacket signatureSubpacketType = 4 - trustSubpacket signatureSubpacketType = 5 - regularExpressionSubpacket signatureSubpacketType = 6 - keyExpirationSubpacket signatureSubpacketType = 9 - prefSymmetricAlgosSubpacket signatureSubpacketType = 11 - issuerSubpacket signatureSubpacketType = 16 - notationDataSubpacket signatureSubpacketType = 20 - prefHashAlgosSubpacket signatureSubpacketType = 21 - prefCompressionSubpacket signatureSubpacketType = 22 - keyserverPrefsSubpacket signatureSubpacketType = 23 - prefKeyserverSubpacket signatureSubpacketType = 24 - primaryUserIdSubpacket signatureSubpacketType = 25 - policyUriSubpacket signatureSubpacketType = 26 - keyFlagsSubpacket signatureSubpacketType = 27 - signerUserIdSubpacket signatureSubpacketType = 28 - reasonForRevocationSubpacket signatureSubpacketType = 29 - featuresSubpacket signatureSubpacketType = 30 - embeddedSignatureSubpacket signatureSubpacketType = 32 - issuerFingerprintSubpacket signatureSubpacketType = 33 - intendedRecipientSubpacket signatureSubpacketType = 35 - prefCipherSuitesSubpacket signatureSubpacketType = 39 -) - -// parseSignatureSubpacket parses a single subpacket. len(subpacket) is >= 1. -func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (rest []byte, err error) { - // RFC 9580, section 5.2.3.7 - var ( - length uint32 - packetType signatureSubpacketType - isCritical bool - ) - if len(subpacket) == 0 { - err = errors.StructuralError("zero length signature subpacket") - return - } - switch { - case subpacket[0] < 192: - length = uint32(subpacket[0]) - subpacket = subpacket[1:] - case subpacket[0] < 255: - if len(subpacket) < 2 { - goto Truncated - } - length = uint32(subpacket[0]-192)<<8 + uint32(subpacket[1]) + 192 - subpacket = subpacket[2:] - default: - if len(subpacket) < 5 { - goto Truncated - } - length = uint32(subpacket[1])<<24 | - uint32(subpacket[2])<<16 | - uint32(subpacket[3])<<8 | - uint32(subpacket[4]) - subpacket = subpacket[5:] - } - if length > uint32(len(subpacket)) { - goto Truncated - } - rest = subpacket[length:] - subpacket = subpacket[:length] - if len(subpacket) == 0 { - err = errors.StructuralError("zero length signature subpacket") - return - } - packetType = signatureSubpacketType(subpacket[0] & 0x7f) - isCritical = subpacket[0]&0x80 == 0x80 - subpacket = subpacket[1:] - sig.rawSubpackets = append(sig.rawSubpackets, outputSubpacket{isHashed, packetType, isCritical, subpacket}) - if !isHashed && - packetType != issuerSubpacket && - packetType != issuerFingerprintSubpacket && - packetType != embeddedSignatureSubpacket { - return - } - switch packetType { - case creationTimeSubpacket: - if len(subpacket) != 4 { - err = errors.StructuralError("signature creation time not four bytes") - return - } - t := binary.BigEndian.Uint32(subpacket) - sig.CreationTime = time.Unix(int64(t), 0) - case signatureExpirationSubpacket: - // Signature expiration time, section 5.2.3.18 - if len(subpacket) != 4 { - err = errors.StructuralError("expiration subpacket with bad length") - return - } - sig.SigLifetimeSecs = new(uint32) - *sig.SigLifetimeSecs = binary.BigEndian.Uint32(subpacket) - case exportableCertSubpacket: - if subpacket[0] == 0 { - err = errors.UnsupportedError("signature with non-exportable certification") - return - } - case trustSubpacket: - if len(subpacket) != 2 { - err = errors.StructuralError("trust subpacket with bad length") - return - } - // Trust level and amount, section 5.2.3.21 - sig.TrustLevel = TrustLevel(subpacket[0]) - sig.TrustAmount = TrustAmount(subpacket[1]) - case regularExpressionSubpacket: - if len(subpacket) == 0 { - err = errors.StructuralError("regexp subpacket with bad length") - return - } - // Trust regular expression, section 5.2.3.22 - // RFC specifies the string should be null-terminated; remove a null byte from the end - if subpacket[len(subpacket)-1] != 0x00 { - err = errors.StructuralError("expected regular expression to be null-terminated") - return - } - trustRegularExpression := string(subpacket[:len(subpacket)-1]) - sig.TrustRegularExpression = &trustRegularExpression - case keyExpirationSubpacket: - // Key expiration time, section 5.2.3.13 - if len(subpacket) != 4 { - err = errors.StructuralError("key expiration subpacket with bad length") - return - } - sig.KeyLifetimeSecs = new(uint32) - *sig.KeyLifetimeSecs = binary.BigEndian.Uint32(subpacket) - case prefSymmetricAlgosSubpacket: - // Preferred symmetric algorithms, section 5.2.3.14 - sig.PreferredSymmetric = make([]byte, len(subpacket)) - copy(sig.PreferredSymmetric, subpacket) - case issuerSubpacket: - // Issuer, section 5.2.3.12 - if sig.Version > 4 && isHashed { - err = errors.StructuralError("issuer subpacket found in v6 key") - return - } - if len(subpacket) != 8 { - err = errors.StructuralError("issuer subpacket with bad length") - return - } - if sig.Version <= 4 { - sig.IssuerKeyId = new(uint64) - *sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket) - } - case notationDataSubpacket: - // Notation data, section 5.2.3.24 - if len(subpacket) < 8 { - err = errors.StructuralError("notation data subpacket with bad length") - return - } - - nameLength := uint32(subpacket[4])<<8 | uint32(subpacket[5]) - valueLength := uint32(subpacket[6])<<8 | uint32(subpacket[7]) - if len(subpacket) != int(nameLength)+int(valueLength)+8 { - err = errors.StructuralError("notation data subpacket with bad length") - return - } - - notation := Notation{ - IsHumanReadable: (subpacket[0] & 0x80) == 0x80, - Name: string(subpacket[8:(nameLength + 8)]), - Value: subpacket[(nameLength + 8):(valueLength + nameLength + 8)], - IsCritical: isCritical, - } - - sig.Notations = append(sig.Notations, ¬ation) - case prefHashAlgosSubpacket: - // Preferred hash algorithms, section 5.2.3.16 - sig.PreferredHash = make([]byte, len(subpacket)) - copy(sig.PreferredHash, subpacket) - case prefCompressionSubpacket: - // Preferred compression algorithms, section 5.2.3.17 - sig.PreferredCompression = make([]byte, len(subpacket)) - copy(sig.PreferredCompression, subpacket) - case keyserverPrefsSubpacket: - // Keyserver preferences, section 5.2.3.25 - sig.KeyserverPrefsValid = true - if len(subpacket) == 0 { - return - } - if subpacket[0]&KeyserverPrefNoModify != 0 { - sig.KeyserverPrefNoModify = true - } - case prefKeyserverSubpacket: - // Preferred keyserver, section 5.2.3.26 - sig.PreferredKeyserver = string(subpacket) - case primaryUserIdSubpacket: - // Primary User ID, section 5.2.3.27 - if len(subpacket) != 1 { - err = errors.StructuralError("primary user id subpacket with bad length") - return - } - sig.IsPrimaryId = new(bool) - if subpacket[0] > 0 { - *sig.IsPrimaryId = true - } - case keyFlagsSubpacket: - // Key flags, section 5.2.3.29 - sig.FlagsValid = true - if len(subpacket) == 0 { - return - } - if subpacket[0]&KeyFlagCertify != 0 { - sig.FlagCertify = true - } - if subpacket[0]&KeyFlagSign != 0 { - sig.FlagSign = true - } - if subpacket[0]&KeyFlagEncryptCommunications != 0 { - sig.FlagEncryptCommunications = true - } - if subpacket[0]&KeyFlagEncryptStorage != 0 { - sig.FlagEncryptStorage = true - } - if subpacket[0]&KeyFlagSplitKey != 0 { - sig.FlagSplitKey = true - } - if subpacket[0]&KeyFlagAuthenticate != 0 { - sig.FlagAuthenticate = true - } - if subpacket[0]&KeyFlagGroupKey != 0 { - sig.FlagGroupKey = true - } - case signerUserIdSubpacket: - userId := string(subpacket) - sig.SignerUserId = &userId - case reasonForRevocationSubpacket: - // Reason For Revocation, section 5.2.3.31 - if len(subpacket) == 0 { - err = errors.StructuralError("empty revocation reason subpacket") - return - } - sig.RevocationReason = new(ReasonForRevocation) - *sig.RevocationReason = NewReasonForRevocation(subpacket[0]) - sig.RevocationReasonText = string(subpacket[1:]) - case featuresSubpacket: - // Features subpacket, section 5.2.3.32 specifies a very general - // mechanism for OpenPGP implementations to signal support for new - // features. - if len(subpacket) > 0 { - if subpacket[0]&0x01 != 0 { - sig.SEIPDv1 = true - } - // 0x02 and 0x04 are reserved - if subpacket[0]&0x08 != 0 { - sig.SEIPDv2 = true - } - } - case embeddedSignatureSubpacket: - // Only usage is in signatures that cross-certify - // signing subkeys. section 5.2.3.34 describes the - // format, with its usage described in section 11.1 - if sig.EmbeddedSignature != nil { - err = errors.StructuralError("Cannot have multiple embedded signatures") - return - } - sig.EmbeddedSignature = new(Signature) - if err := sig.EmbeddedSignature.parse(bytes.NewBuffer(subpacket)); err != nil { - return nil, err - } - if sigType := sig.EmbeddedSignature.SigType; sigType != SigTypePrimaryKeyBinding { - return nil, errors.StructuralError("cross-signature has unexpected type " + strconv.Itoa(int(sigType))) - } - case policyUriSubpacket: - // Policy URI, section 5.2.3.28 - sig.PolicyURI = string(subpacket) - case issuerFingerprintSubpacket: - if len(subpacket) == 0 { - err = errors.StructuralError("empty issuer fingerprint subpacket") - return - } - v, l := subpacket[0], len(subpacket[1:]) - if v >= 5 && l != 32 || v < 5 && l != 20 { - return nil, errors.StructuralError("bad fingerprint length") - } - sig.IssuerFingerprint = make([]byte, l) - copy(sig.IssuerFingerprint, subpacket[1:]) - sig.IssuerKeyId = new(uint64) - if v >= 5 { - *sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket[1:9]) - } else { - *sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket[13:21]) - } - case intendedRecipientSubpacket: - // Intended Recipient Fingerprint, section 5.2.3.36 - if len(subpacket) < 1 { - return nil, errors.StructuralError("invalid intended recipient fingerpring length") - } - version, length := subpacket[0], len(subpacket[1:]) - if version >= 5 && length != 32 || version < 5 && length != 20 { - return nil, errors.StructuralError("invalid fingerprint length") - } - fingerprint := make([]byte, length) - copy(fingerprint, subpacket[1:]) - sig.IntendedRecipients = append(sig.IntendedRecipients, &Recipient{int(version), fingerprint}) - case prefCipherSuitesSubpacket: - // Preferred AEAD cipher suites, section 5.2.3.15 - if len(subpacket)%2 != 0 { - err = errors.StructuralError("invalid aead cipher suite length") - return - } - - sig.PreferredCipherSuites = make([][2]byte, len(subpacket)/2) - - for i := 0; i < len(subpacket)/2; i++ { - sig.PreferredCipherSuites[i] = [2]uint8{subpacket[2*i], subpacket[2*i+1]} - } - default: - if isCritical { - err = errors.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType))) - return - } - } - return - -Truncated: - err = errors.StructuralError("signature subpacket truncated") - return -} - -// subpacketLengthLength returns the length, in bytes, of an encoded length value. -func subpacketLengthLength(length int) int { - if length < 192 { - return 1 - } - if length < 16320 { - return 2 - } - return 5 -} - -func (sig *Signature) CheckKeyIdOrFingerprint(pk *PublicKey) bool { - if sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) >= 20 { - return bytes.Equal(sig.IssuerFingerprint, pk.Fingerprint) - } - return sig.IssuerKeyId != nil && *sig.IssuerKeyId == pk.KeyId -} - -func (sig *Signature) CheckKeyIdOrFingerprintExplicit(fingerprint []byte, keyId uint64) bool { - if sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) >= 20 && fingerprint != nil { - return bytes.Equal(sig.IssuerFingerprint, fingerprint) - } - return sig.IssuerKeyId != nil && *sig.IssuerKeyId == keyId -} - -// serializeSubpacketLength marshals the given length into to. -func serializeSubpacketLength(to []byte, length int) int { - // RFC 9580, Section 4.2.1. - if length < 192 { - to[0] = byte(length) - return 1 - } - if length < 16320 { - length -= 192 - to[0] = byte((length >> 8) + 192) - to[1] = byte(length) - return 2 - } - to[0] = 255 - to[1] = byte(length >> 24) - to[2] = byte(length >> 16) - to[3] = byte(length >> 8) - to[4] = byte(length) - return 5 -} - -// subpacketsLength returns the serialized length, in bytes, of the given -// subpackets. -func subpacketsLength(subpackets []outputSubpacket, hashed bool) (length int) { - for _, subpacket := range subpackets { - if subpacket.hashed == hashed { - length += subpacketLengthLength(len(subpacket.contents) + 1) - length += 1 // type byte - length += len(subpacket.contents) - } - } - return -} - -// serializeSubpackets marshals the given subpackets into to. -func serializeSubpackets(to []byte, subpackets []outputSubpacket, hashed bool) { - for _, subpacket := range subpackets { - if subpacket.hashed == hashed { - n := serializeSubpacketLength(to, len(subpacket.contents)+1) - to[n] = byte(subpacket.subpacketType) - if subpacket.isCritical { - to[n] |= 0x80 - } - to = to[1+n:] - n = copy(to, subpacket.contents) - to = to[n:] - } - } -} - -// SigExpired returns whether sig is a signature that has expired or is created -// in the future. -func (sig *Signature) SigExpired(currentTime time.Time) bool { - if sig.CreationTime.Unix() > currentTime.Unix() { - return true - } - if sig.SigLifetimeSecs == nil || *sig.SigLifetimeSecs == 0 { - return false - } - expiry := sig.CreationTime.Add(time.Duration(*sig.SigLifetimeSecs) * time.Second) - return currentTime.Unix() > expiry.Unix() -} - -// buildHashSuffix constructs the HashSuffix member of sig in preparation for signing. -func (sig *Signature) buildHashSuffix(hashedSubpackets []byte) (err error) { - var hashId byte - var ok bool - - if sig.Version < 5 { - hashId, ok = algorithm.HashToHashIdWithSha1(sig.Hash) - } else { - hashId, ok = algorithm.HashToHashId(sig.Hash) - } - - if !ok { - sig.HashSuffix = nil - return errors.InvalidArgumentError("hash cannot be represented in OpenPGP: " + strconv.Itoa(int(sig.Hash))) - } - - hashedFields := bytes.NewBuffer([]byte{ - uint8(sig.Version), - uint8(sig.SigType), - uint8(sig.PubKeyAlgo), - uint8(hashId), - }) - hashedSubpacketsLength := len(hashedSubpackets) - if sig.Version == 6 { - // v6 signatures store the length in 4 octets - hashedFields.Write([]byte{ - uint8(hashedSubpacketsLength >> 24), - uint8(hashedSubpacketsLength >> 16), - uint8(hashedSubpacketsLength >> 8), - uint8(hashedSubpacketsLength), - }) - } else { - hashedFields.Write([]byte{ - uint8(hashedSubpacketsLength >> 8), - uint8(hashedSubpacketsLength), - }) - } - lenPrefix := hashedFields.Len() - hashedFields.Write(hashedSubpackets) - - var l uint64 = uint64(lenPrefix + len(hashedSubpackets)) - if sig.Version == 5 { - // v5 case - hashedFields.Write([]byte{0x05, 0xff}) - hashedFields.Write([]byte{ - uint8(l >> 56), uint8(l >> 48), uint8(l >> 40), uint8(l >> 32), - uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l), - }) - } else { - // v4 and v6 case - hashedFields.Write([]byte{byte(sig.Version), 0xff}) - hashedFields.Write([]byte{ - uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l), - }) - } - sig.HashSuffix = make([]byte, hashedFields.Len()) - copy(sig.HashSuffix, hashedFields.Bytes()) - return -} - -func (sig *Signature) signPrepareHash(h hash.Hash) (digest []byte, err error) { - hashedSubpacketsLen := subpacketsLength(sig.outSubpackets, true) - hashedSubpackets := make([]byte, hashedSubpacketsLen) - serializeSubpackets(hashedSubpackets, sig.outSubpackets, true) - err = sig.buildHashSuffix(hashedSubpackets) - if err != nil { - return - } - if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) { - sig.AddMetadataToHashSuffix() - } - - h.Write(sig.HashSuffix) - digest = h.Sum(nil) - copy(sig.HashTag[:], digest) - return -} - -// PrepareSign must be called to create a hash object before Sign for v6 signatures. -// The created hash object initially hashes a randomly generated salt -// as required by v6 signatures. The generated salt is stored in sig. If the signature is not v6, -// the method returns an empty hash object. -// See RFC 9580 Section 5.2.4. -func (sig *Signature) PrepareSign(config *Config) (hash.Hash, error) { - if !sig.Hash.Available() { - return nil, errors.UnsupportedError("hash function") - } - hasher := sig.Hash.New() - if sig.Version == 6 { - if sig.salt == nil { - var err error - sig.salt, err = SignatureSaltForHash(sig.Hash, config.Random()) - if err != nil { - return nil, err - } - } - hasher.Write(sig.salt) - } - return hasher, nil -} - -// SetSalt sets the signature salt for v6 signatures. -// Assumes salt is generated correctly and checks if length matches. -// If the signature is not v6, the method ignores the salt. -// Use PrepareSign whenever possible instead of generating and -// hashing the salt externally. -// See RFC 9580 Section 5.2.4. -func (sig *Signature) SetSalt(salt []byte) error { - if sig.Version == 6 { - expectedSaltLength, err := SaltLengthForHash(sig.Hash) - if err != nil { - return err - } - if salt == nil || len(salt) != expectedSaltLength { - return errors.InvalidArgumentError("unexpected salt size for the given hash algorithm") - } - sig.salt = salt - } - return nil -} - -// PrepareVerify must be called to create a hash object before verifying v6 signatures. -// The created hash object initially hashes the internally stored salt. -// If the signature is not v6, the method returns an empty hash object. -// See RFC 9580 Section 5.2.4. -func (sig *Signature) PrepareVerify() (hash.Hash, error) { - if !sig.Hash.Available() { - return nil, errors.UnsupportedError("hash function") - } - hasher := sig.Hash.New() - if sig.Version == 6 { - if sig.salt == nil { - return nil, errors.StructuralError("v6 requires a salt for the hash to be signed") - } - hasher.Write(sig.salt) - } - return hasher, nil -} - -// Sign signs a message with a private key. The hash, h, must contain -// the hash of the message to be signed and will be mutated by this function. -// On success, the signature is stored in sig. Call Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error) { - if priv.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - sig.Version = priv.PublicKey.Version - sig.IssuerFingerprint = priv.PublicKey.Fingerprint - if sig.Version < 6 && config.RandomizeSignaturesViaNotation() { - sig.removeNotationsWithName(SaltNotationName) - salt, err := SignatureSaltForHash(sig.Hash, config.Random()) - if err != nil { - return err - } - notation := Notation{ - Name: SaltNotationName, - Value: salt, - IsCritical: false, - IsHumanReadable: false, - } - sig.Notations = append(sig.Notations, ¬ation) - } - sig.outSubpackets, err = sig.buildSubpackets(priv.PublicKey) - if err != nil { - return err - } - digest, err := sig.signPrepareHash(h) - if err != nil { - return - } - switch priv.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: - // supports both *rsa.PrivateKey and crypto.Signer - sigdata, err := priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash) - if err == nil { - sig.RSASignature = encoding.NewMPI(sigdata) - } - case PubKeyAlgoDSA: - dsaPriv := priv.PrivateKey.(*dsa.PrivateKey) - - // Need to truncate hashBytes to match FIPS 186-3 section 4.6. - subgroupSize := (dsaPriv.Q.BitLen() + 7) / 8 - if len(digest) > subgroupSize { - digest = digest[:subgroupSize] - } - r, s, err := dsa.Sign(config.Random(), dsaPriv, digest) - if err == nil { - sig.DSASigR = new(encoding.MPI).SetBig(r) - sig.DSASigS = new(encoding.MPI).SetBig(s) - } - case PubKeyAlgoECDSA: - var r, s *big.Int - if sk, ok := priv.PrivateKey.(*ecdsa.PrivateKey); ok { - r, s, err = ecdsa.Sign(config.Random(), sk, digest) - } else { - var b []byte - b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash) - if err == nil { - r, s, err = unwrapECDSASig(b) - } - } - - if err == nil { - sig.ECDSASigR = new(encoding.MPI).SetBig(r) - sig.ECDSASigS = new(encoding.MPI).SetBig(s) - } - case PubKeyAlgoEdDSA: - sk := priv.PrivateKey.(*eddsa.PrivateKey) - r, s, err := eddsa.Sign(sk, digest) - if err == nil { - sig.EdDSASigR = encoding.NewMPI(r) - sig.EdDSASigS = encoding.NewMPI(s) - } - case PubKeyAlgoEd25519: - sk := priv.PrivateKey.(*ed25519.PrivateKey) - signature, err := ed25519.Sign(sk, digest) - if err == nil { - sig.EdSig = signature - } - case PubKeyAlgoEd448: - sk := priv.PrivateKey.(*ed448.PrivateKey) - signature, err := ed448.Sign(sk, digest) - if err == nil { - sig.EdSig = signature - } - default: - err = errors.UnsupportedError("public key algorithm: " + strconv.Itoa(int(sig.PubKeyAlgo))) - } - - return -} - -// unwrapECDSASig parses the two integer components of an ASN.1-encoded ECDSA signature. -func unwrapECDSASig(b []byte) (r, s *big.Int, err error) { - var ecsdaSig struct { - R, S *big.Int - } - _, err = asn1.Unmarshal(b, &ecsdaSig) - if err != nil { - return - } - return ecsdaSig.R, ecsdaSig.S, nil -} - -// SignUserId computes a signature from priv, asserting that pub is a valid -// key for the identity id. On success, the signature is stored in sig. Call -// Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error { - if priv.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - prepareHash, err := sig.PrepareSign(config) - if err != nil { - return err - } - if err := userIdSignatureHash(id, pub, prepareHash); err != nil { - return err - } - return sig.Sign(prepareHash, priv, config) -} - -// SignDirectKeyBinding computes a signature from priv -// On success, the signature is stored in sig. -// Call Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) SignDirectKeyBinding(pub *PublicKey, priv *PrivateKey, config *Config) error { - if priv.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - prepareHash, err := sig.PrepareSign(config) - if err != nil { - return err - } - if err := directKeySignatureHash(pub, prepareHash); err != nil { - return err - } - return sig.Sign(prepareHash, priv, config) -} - -// CrossSignKey computes a signature from signingKey on pub hashed using hashKey. On success, -// the signature is stored in sig. Call Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) CrossSignKey(pub *PublicKey, hashKey *PublicKey, signingKey *PrivateKey, - config *Config) error { - prepareHash, err := sig.PrepareSign(config) - if err != nil { - return err - } - h, err := keySignatureHash(hashKey, pub, prepareHash) - if err != nil { - return err - } - return sig.Sign(h, signingKey, config) -} - -// SignKey computes a signature from priv, asserting that pub is a subkey. On -// success, the signature is stored in sig. Call Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error { - if priv.Dummy() { - return errors.ErrDummyPrivateKey("dummy key found") - } - prepareHash, err := sig.PrepareSign(config) - if err != nil { - return err - } - h, err := keySignatureHash(&priv.PublicKey, pub, prepareHash) - if err != nil { - return err - } - return sig.Sign(h, priv, config) -} - -// RevokeKey computes a revocation signature of pub using priv. On success, the signature is -// stored in sig. Call Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) RevokeKey(pub *PublicKey, priv *PrivateKey, config *Config) error { - prepareHash, err := sig.PrepareSign(config) - if err != nil { - return err - } - if err := keyRevocationHash(pub, prepareHash); err != nil { - return err - } - return sig.Sign(prepareHash, priv, config) -} - -// RevokeSubkey computes a subkey revocation signature of pub using priv. -// On success, the signature is stored in sig. Call Serialize to write it out. -// If config is nil, sensible defaults will be used. -func (sig *Signature) RevokeSubkey(pub *PublicKey, priv *PrivateKey, config *Config) error { - // Identical to a subkey binding signature - return sig.SignKey(pub, priv, config) -} - -// Serialize marshals sig to w. Sign, SignUserId or SignKey must have been -// called first. -func (sig *Signature) Serialize(w io.Writer) (err error) { - if len(sig.outSubpackets) == 0 { - sig.outSubpackets = sig.rawSubpackets - } - if sig.RSASignature == nil && sig.DSASigR == nil && sig.ECDSASigR == nil && sig.EdDSASigR == nil && sig.EdSig == nil { - return errors.InvalidArgumentError("Signature: need to call Sign, SignUserId or SignKey before Serialize") - } - - sigLength := 0 - switch sig.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: - sigLength = int(sig.RSASignature.EncodedLength()) - case PubKeyAlgoDSA: - sigLength = int(sig.DSASigR.EncodedLength()) - sigLength += int(sig.DSASigS.EncodedLength()) - case PubKeyAlgoECDSA: - sigLength = int(sig.ECDSASigR.EncodedLength()) - sigLength += int(sig.ECDSASigS.EncodedLength()) - case PubKeyAlgoEdDSA: - sigLength = int(sig.EdDSASigR.EncodedLength()) - sigLength += int(sig.EdDSASigS.EncodedLength()) - case PubKeyAlgoEd25519: - sigLength = ed25519.SignatureSize - case PubKeyAlgoEd448: - sigLength = ed448.SignatureSize - default: - panic("impossible") - } - - hashedSubpacketsLen := subpacketsLength(sig.outSubpackets, true) - unhashedSubpacketsLen := subpacketsLength(sig.outSubpackets, false) - length := 4 + /* length of version|signature type|public-key algorithm|hash algorithm */ - 2 /* length of hashed subpackets */ + hashedSubpacketsLen + - 2 /* length of unhashed subpackets */ + unhashedSubpacketsLen + - 2 /* hash tag */ + sigLength - if sig.Version == 6 { - length += 4 + /* the two length fields are four-octet instead of two */ - 1 + /* salt length */ - len(sig.salt) /* length salt */ - } - err = serializeHeader(w, packetTypeSignature, length) - if err != nil { - return - } - err = sig.serializeBody(w) - if err != nil { - return err - } - return -} - -func (sig *Signature) serializeBody(w io.Writer) (err error) { - var fields []byte - if sig.Version == 6 { - // v6 signatures use 4 octets for length - hashedSubpacketsLen := - uint32(uint32(sig.HashSuffix[4])<<24) | - uint32(uint32(sig.HashSuffix[5])<<16) | - uint32(uint32(sig.HashSuffix[6])<<8) | - uint32(sig.HashSuffix[7]) - fields = sig.HashSuffix[:8+hashedSubpacketsLen] - } else { - hashedSubpacketsLen := uint16(uint16(sig.HashSuffix[4])<<8) | - uint16(sig.HashSuffix[5]) - fields = sig.HashSuffix[:6+hashedSubpacketsLen] - - } - _, err = w.Write(fields) - if err != nil { - return - } - - unhashedSubpacketsLen := subpacketsLength(sig.outSubpackets, false) - var unhashedSubpackets []byte - if sig.Version == 6 { - unhashedSubpackets = make([]byte, 4+unhashedSubpacketsLen) - unhashedSubpackets[0] = byte(unhashedSubpacketsLen >> 24) - unhashedSubpackets[1] = byte(unhashedSubpacketsLen >> 16) - unhashedSubpackets[2] = byte(unhashedSubpacketsLen >> 8) - unhashedSubpackets[3] = byte(unhashedSubpacketsLen) - serializeSubpackets(unhashedSubpackets[4:], sig.outSubpackets, false) - } else { - unhashedSubpackets = make([]byte, 2+unhashedSubpacketsLen) - unhashedSubpackets[0] = byte(unhashedSubpacketsLen >> 8) - unhashedSubpackets[1] = byte(unhashedSubpacketsLen) - serializeSubpackets(unhashedSubpackets[2:], sig.outSubpackets, false) - } - - _, err = w.Write(unhashedSubpackets) - if err != nil { - return - } - _, err = w.Write(sig.HashTag[:]) - if err != nil { - return - } - - if sig.Version == 6 { - // write salt for v6 signatures - _, err = w.Write([]byte{uint8(len(sig.salt))}) - if err != nil { - return - } - _, err = w.Write(sig.salt) - if err != nil { - return - } - } - - switch sig.PubKeyAlgo { - case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly: - _, err = w.Write(sig.RSASignature.EncodedBytes()) - case PubKeyAlgoDSA: - if _, err = w.Write(sig.DSASigR.EncodedBytes()); err != nil { - return - } - _, err = w.Write(sig.DSASigS.EncodedBytes()) - case PubKeyAlgoECDSA: - if _, err = w.Write(sig.ECDSASigR.EncodedBytes()); err != nil { - return - } - _, err = w.Write(sig.ECDSASigS.EncodedBytes()) - case PubKeyAlgoEdDSA: - if _, err = w.Write(sig.EdDSASigR.EncodedBytes()); err != nil { - return - } - _, err = w.Write(sig.EdDSASigS.EncodedBytes()) - case PubKeyAlgoEd25519: - err = ed25519.WriteSignature(w, sig.EdSig) - case PubKeyAlgoEd448: - err = ed448.WriteSignature(w, sig.EdSig) - default: - panic("impossible") - } - return -} - -// outputSubpacket represents a subpacket to be marshaled. -type outputSubpacket struct { - hashed bool // true if this subpacket is in the hashed area. - subpacketType signatureSubpacketType - isCritical bool - contents []byte -} - -func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubpacket, err error) { - creationTime := make([]byte, 4) - binary.BigEndian.PutUint32(creationTime, uint32(sig.CreationTime.Unix())) - // Signature Creation Time - subpackets = append(subpackets, outputSubpacket{true, creationTimeSubpacket, true, creationTime}) - // Signature Expiration Time - if sig.SigLifetimeSecs != nil && *sig.SigLifetimeSecs != 0 { - sigLifetime := make([]byte, 4) - binary.BigEndian.PutUint32(sigLifetime, *sig.SigLifetimeSecs) - subpackets = append(subpackets, outputSubpacket{true, signatureExpirationSubpacket, true, sigLifetime}) - } - // Trust Signature - if sig.TrustLevel != 0 { - subpackets = append(subpackets, outputSubpacket{true, trustSubpacket, true, []byte{byte(sig.TrustLevel), byte(sig.TrustAmount)}}) - } - // Regular Expression - if sig.TrustRegularExpression != nil { - // RFC specifies the string should be null-terminated; add a null byte to the end - subpackets = append(subpackets, outputSubpacket{true, regularExpressionSubpacket, true, []byte(*sig.TrustRegularExpression + "\000")}) - } - // Key Expiration Time - if sig.KeyLifetimeSecs != nil && *sig.KeyLifetimeSecs != 0 { - keyLifetime := make([]byte, 4) - binary.BigEndian.PutUint32(keyLifetime, *sig.KeyLifetimeSecs) - subpackets = append(subpackets, outputSubpacket{true, keyExpirationSubpacket, true, keyLifetime}) - } - // Preferred Symmetric Ciphers for v1 SEIPD - if len(sig.PreferredSymmetric) > 0 { - subpackets = append(subpackets, outputSubpacket{true, prefSymmetricAlgosSubpacket, false, sig.PreferredSymmetric}) - } - // Issuer Key ID - if sig.IssuerKeyId != nil && sig.Version == 4 { - keyId := make([]byte, 8) - binary.BigEndian.PutUint64(keyId, *sig.IssuerKeyId) - // Note: making this critical breaks RPM <=4.16. - // See: https://github.com/ProtonMail/go-crypto/issues/263 - subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, false, keyId}) - } - // Notation Data - for _, notation := range sig.Notations { - subpackets = append( - subpackets, - outputSubpacket{ - true, - notationDataSubpacket, - notation.IsCritical, - notation.getData(), - }) - } - // Preferred Hash Algorithms - if len(sig.PreferredHash) > 0 { - subpackets = append(subpackets, outputSubpacket{true, prefHashAlgosSubpacket, false, sig.PreferredHash}) - } - // Preferred Compression Algorithms - if len(sig.PreferredCompression) > 0 { - subpackets = append(subpackets, outputSubpacket{true, prefCompressionSubpacket, false, sig.PreferredCompression}) - } - // Keyserver Preferences - // Keyserver preferences may only appear in self-signatures or certification signatures. - if sig.KeyserverPrefsValid { - var prefs byte - if sig.KeyserverPrefNoModify { - prefs |= KeyserverPrefNoModify - } - subpackets = append(subpackets, outputSubpacket{true, keyserverPrefsSubpacket, false, []byte{prefs}}) - } - // Preferred Keyserver - if len(sig.PreferredKeyserver) > 0 { - subpackets = append(subpackets, outputSubpacket{true, prefKeyserverSubpacket, false, []uint8(sig.PreferredKeyserver)}) - } - // Primary User ID - if sig.IsPrimaryId != nil && *sig.IsPrimaryId { - subpackets = append(subpackets, outputSubpacket{true, primaryUserIdSubpacket, false, []byte{1}}) - } - // Policy URI - if len(sig.PolicyURI) > 0 { - subpackets = append(subpackets, outputSubpacket{true, policyUriSubpacket, false, []uint8(sig.PolicyURI)}) - } - // Key Flags - // Key flags may only appear in self-signatures or certification signatures. - if sig.FlagsValid { - var flags byte - if sig.FlagCertify { - flags |= KeyFlagCertify - } - if sig.FlagSign { - flags |= KeyFlagSign - } - if sig.FlagEncryptCommunications { - flags |= KeyFlagEncryptCommunications - } - if sig.FlagEncryptStorage { - flags |= KeyFlagEncryptStorage - } - if sig.FlagSplitKey { - flags |= KeyFlagSplitKey - } - if sig.FlagAuthenticate { - flags |= KeyFlagAuthenticate - } - if sig.FlagGroupKey { - flags |= KeyFlagGroupKey - } - subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, true, []byte{flags}}) - } - // Signer's User ID - if sig.SignerUserId != nil { - subpackets = append(subpackets, outputSubpacket{true, signerUserIdSubpacket, false, []byte(*sig.SignerUserId)}) - } - // Reason for Revocation - // Revocation reason appears only in revocation signatures and is serialized as per section 5.2.3.31. - if sig.RevocationReason != nil { - subpackets = append(subpackets, outputSubpacket{true, reasonForRevocationSubpacket, true, - append([]uint8{uint8(*sig.RevocationReason)}, []uint8(sig.RevocationReasonText)...)}) - } - // Features - var features = byte(0x00) - if sig.SEIPDv1 { - features |= 0x01 - } - if sig.SEIPDv2 { - features |= 0x08 - } - if features != 0x00 { - subpackets = append(subpackets, outputSubpacket{true, featuresSubpacket, false, []byte{features}}) - } - // Embedded Signature - // EmbeddedSignature appears only in subkeys capable of signing and is serialized as per section 5.2.3.34. - if sig.EmbeddedSignature != nil { - var buf bytes.Buffer - err = sig.EmbeddedSignature.serializeBody(&buf) - if err != nil { - return - } - subpackets = append(subpackets, outputSubpacket{true, embeddedSignatureSubpacket, true, buf.Bytes()}) - } - // Issuer Fingerprint - if sig.IssuerFingerprint != nil { - contents := append([]uint8{uint8(issuer.Version)}, sig.IssuerFingerprint...) - subpackets = append(subpackets, outputSubpacket{true, issuerFingerprintSubpacket, sig.Version >= 5, contents}) - } - // Intended Recipient Fingerprint - for _, recipient := range sig.IntendedRecipients { - subpackets = append( - subpackets, - outputSubpacket{ - true, - intendedRecipientSubpacket, - false, - recipient.Serialize(), - }) - } - // Preferred AEAD Ciphersuites - if len(sig.PreferredCipherSuites) > 0 { - serialized := make([]byte, len(sig.PreferredCipherSuites)*2) - for i, cipherSuite := range sig.PreferredCipherSuites { - serialized[2*i] = cipherSuite[0] - serialized[2*i+1] = cipherSuite[1] - } - subpackets = append(subpackets, outputSubpacket{true, prefCipherSuitesSubpacket, false, serialized}) - } - return -} - -// AddMetadataToHashSuffix modifies the current hash suffix to include metadata -// (format, filename, and time). Version 5 keys protect this data including it -// in the hash computation. See section 5.2.4. -func (sig *Signature) AddMetadataToHashSuffix() { - if sig == nil || sig.Version != 5 { - return - } - if sig.SigType != 0x00 && sig.SigType != 0x01 { - return - } - lit := sig.Metadata - if lit == nil { - // This will translate into six 0x00 bytes. - lit = &LiteralData{} - } - - // Extract the current byte count - n := sig.HashSuffix[len(sig.HashSuffix)-8:] - l := uint64( - uint64(n[0])<<56 | uint64(n[1])<<48 | uint64(n[2])<<40 | uint64(n[3])<<32 | - uint64(n[4])<<24 | uint64(n[5])<<16 | uint64(n[6])<<8 | uint64(n[7])) - - suffix := bytes.NewBuffer(nil) - suffix.Write(sig.HashSuffix[:l]) - - // Add the metadata - var buf [4]byte - buf[0] = lit.Format - fileName := lit.FileName - if len(lit.FileName) > 255 { - fileName = fileName[:255] - } - buf[1] = byte(len(fileName)) - suffix.Write(buf[:2]) - suffix.Write([]byte(lit.FileName)) - binary.BigEndian.PutUint32(buf[:], lit.Time) - suffix.Write(buf[:]) - - suffix.Write([]byte{0x05, 0xff}) - suffix.Write([]byte{ - uint8(l >> 56), uint8(l >> 48), uint8(l >> 40), uint8(l >> 32), - uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l), - }) - sig.HashSuffix = suffix.Bytes() -} - -// SaltLengthForHash selects the required salt length for the given hash algorithm, -// as per Table 23 (Hash algorithm registry) of the crypto refresh. -// See RFC 9580 Section 9.5. -func SaltLengthForHash(hash crypto.Hash) (int, error) { - switch hash { - case crypto.SHA256, crypto.SHA224, crypto.SHA3_256: - return 16, nil - case crypto.SHA384: - return 24, nil - case crypto.SHA512, crypto.SHA3_512: - return 32, nil - default: - return 0, errors.UnsupportedError("hash function not supported for V6 signatures") - } -} - -// SignatureSaltForHash generates a random signature salt -// with the length for the given hash algorithm. -// See RFC 9580 Section 9.5. -func SignatureSaltForHash(hash crypto.Hash, randReader io.Reader) ([]byte, error) { - saltLength, err := SaltLengthForHash(hash) - if err != nil { - return nil, err - } - salt := make([]byte, saltLength) - _, err = io.ReadFull(randReader, salt) - if err != nil { - return nil, err - } - return salt, nil -} - -// removeNotationsWithName removes all notations in this signature with the given name. -func (sig *Signature) removeNotationsWithName(name string) { - if sig == nil || sig.Notations == nil { - return - } - updatedNotations := make([]*Notation, 0, len(sig.Notations)) - for _, notation := range sig.Notations { - if notation.Name != name { - updatedNotations = append(updatedNotations, notation) - } - } - sig.Notations = updatedNotations -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go deleted file mode 100644 index 2812a1db88..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go +++ /dev/null @@ -1,331 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "bytes" - "crypto/cipher" - "crypto/sha256" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/s2k" - "golang.org/x/crypto/hkdf" -) - -// This is the largest session key that we'll support. Since at most 256-bit cipher -// is supported in OpenPGP, this is large enough to contain also the auth tag. -const maxSessionKeySizeInBytes = 64 - -// SymmetricKeyEncrypted represents a passphrase protected session key. See RFC -// 4880, section 5.3. -type SymmetricKeyEncrypted struct { - Version int - CipherFunc CipherFunction - Mode AEADMode - s2k func(out, in []byte) - iv []byte - encryptedKey []byte // Contains also the authentication tag for AEAD -} - -// parse parses an SymmetricKeyEncrypted packet as specified in -// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#name-symmetric-key-encrypted-ses -func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error { - var buf [1]byte - - // Version - if _, err := readFull(r, buf[:]); err != nil { - return err - } - ske.Version = int(buf[0]) - if ske.Version != 4 && ske.Version != 5 && ske.Version != 6 { - return errors.UnsupportedError("unknown SymmetricKeyEncrypted version") - } - - if V5Disabled && ske.Version == 5 { - return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed") - } - - if ske.Version > 5 { - // Scalar octet count - if _, err := readFull(r, buf[:]); err != nil { - return err - } - } - - // Cipher function - if _, err := readFull(r, buf[:]); err != nil { - return err - } - ske.CipherFunc = CipherFunction(buf[0]) - if !ske.CipherFunc.IsSupported() { - return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[0]))) - } - - if ske.Version >= 5 { - // AEAD mode - if _, err := readFull(r, buf[:]); err != nil { - return errors.StructuralError("cannot read AEAD octet from packet") - } - ske.Mode = AEADMode(buf[0]) - } - - if ske.Version > 5 { - // Scalar octet count - if _, err := readFull(r, buf[:]); err != nil { - return err - } - } - - var err error - if ske.s2k, err = s2k.Parse(r); err != nil { - if _, ok := err.(errors.ErrDummyPrivateKey); ok { - return errors.UnsupportedError("missing key GNU extension in session key") - } - return err - } - - if ske.Version >= 5 { - // AEAD IV - iv := make([]byte, ske.Mode.IvLength()) - _, err := readFull(r, iv) - if err != nil { - return errors.StructuralError("cannot read AEAD IV") - } - - ske.iv = iv - } - - encryptedKey := make([]byte, maxSessionKeySizeInBytes) - // The session key may follow. We just have to try and read to find - // out. If it exists then we limit it to maxSessionKeySizeInBytes. - n, err := readFull(r, encryptedKey) - if err != nil && err != io.ErrUnexpectedEOF { - return err - } - - if n != 0 { - if n == maxSessionKeySizeInBytes { - return errors.UnsupportedError("oversized encrypted session key") - } - ske.encryptedKey = encryptedKey[:n] - } - return nil -} - -// Decrypt attempts to decrypt an encrypted session key and returns the key and -// the cipher to use when decrypting a subsequent Symmetrically Encrypted Data -// packet. -func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error) { - key := make([]byte, ske.CipherFunc.KeySize()) - ske.s2k(key, passphrase) - if len(ske.encryptedKey) == 0 { - return key, ske.CipherFunc, nil - } - switch ske.Version { - case 4: - plaintextKey, cipherFunc, err := ske.decryptV4(key) - return plaintextKey, cipherFunc, err - case 5, 6: - plaintextKey, err := ske.aeadDecrypt(ske.Version, key) - return plaintextKey, CipherFunction(0), err - } - err := errors.UnsupportedError("unknown SymmetricKeyEncrypted version") - return nil, CipherFunction(0), err -} - -func (ske *SymmetricKeyEncrypted) decryptV4(key []byte) ([]byte, CipherFunction, error) { - // the IV is all zeros - iv := make([]byte, ske.CipherFunc.blockSize()) - c := cipher.NewCFBDecrypter(ske.CipherFunc.new(key), iv) - plaintextKey := make([]byte, len(ske.encryptedKey)) - c.XORKeyStream(plaintextKey, ske.encryptedKey) - cipherFunc := CipherFunction(plaintextKey[0]) - if cipherFunc.blockSize() == 0 { - return nil, ske.CipherFunc, errors.UnsupportedError( - "unknown cipher: " + strconv.Itoa(int(cipherFunc))) - } - plaintextKey = plaintextKey[1:] - if len(plaintextKey) != cipherFunc.KeySize() { - return nil, cipherFunc, errors.StructuralError( - "length of decrypted key not equal to cipher keysize") - } - return plaintextKey, cipherFunc, nil -} - -func (ske *SymmetricKeyEncrypted) aeadDecrypt(version int, key []byte) ([]byte, error) { - adata := []byte{0xc3, byte(version), byte(ske.CipherFunc), byte(ske.Mode)} - aead := getEncryptedKeyAeadInstance(ske.CipherFunc, ske.Mode, key, adata, version) - - plaintextKey, err := aead.Open(nil, ske.iv, ske.encryptedKey, adata) - if err != nil { - return nil, err - } - return plaintextKey, nil -} - -// SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w. -// The packet contains a random session key, encrypted by a key derived from -// the given passphrase. The session key is returned and must be passed to -// SerializeSymmetricallyEncrypted. -// If config is nil, sensible defaults will be used. -func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error) { - cipherFunc := config.Cipher() - - sessionKey := make([]byte, cipherFunc.KeySize()) - _, err = io.ReadFull(config.Random(), sessionKey) - if err != nil { - return - } - - err = SerializeSymmetricKeyEncryptedReuseKey(w, sessionKey, passphrase, config) - if err != nil { - return - } - - key = sessionKey - return -} - -// SerializeSymmetricKeyEncryptedReuseKey serializes a symmetric key packet to w. -// The packet contains the given session key, encrypted by a key derived from -// the given passphrase. The returned session key must be passed to -// SerializeSymmetricallyEncrypted. -// If config is nil, sensible defaults will be used. -// Deprecated: Use SerializeSymmetricKeyEncryptedAEADReuseKey instead. -func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, config *Config) (err error) { - return SerializeSymmetricKeyEncryptedAEADReuseKey(w, sessionKey, passphrase, config.AEAD() != nil, config) -} - -// SerializeSymmetricKeyEncryptedAEADReuseKey serializes a symmetric key packet to w. -// The packet contains the given session key, encrypted by a key derived from -// the given passphrase. The returned session key must be passed to -// SerializeSymmetricallyEncrypted. -// If aeadSupported is set, SKESK v6 is used, otherwise v4. -// Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted. -// If config is nil, sensible defaults will be used. -func SerializeSymmetricKeyEncryptedAEADReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, aeadSupported bool, config *Config) (err error) { - var version int - if aeadSupported { - version = 6 - } else { - version = 4 - } - cipherFunc := config.Cipher() - // cipherFunc must be AES - if !cipherFunc.IsSupported() || cipherFunc < CipherAES128 || cipherFunc > CipherAES256 { - return errors.UnsupportedError("unsupported cipher: " + strconv.Itoa(int(cipherFunc))) - } - - keySize := cipherFunc.KeySize() - s2kBuf := new(bytes.Buffer) - keyEncryptingKey := make([]byte, keySize) - // s2k.Serialize salts and stretches the passphrase, and writes the - // resulting key to keyEncryptingKey and the s2k descriptor to s2kBuf. - err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase, config.S2K()) - if err != nil { - return - } - s2kBytes := s2kBuf.Bytes() - - var packetLength int - switch version { - case 4: - packetLength = 2 /* header */ + len(s2kBytes) + 1 /* cipher type */ + keySize - case 5, 6: - ivLen := config.AEAD().Mode().IvLength() - tagLen := config.AEAD().Mode().TagLength() - packetLength = 3 + len(s2kBytes) + ivLen + keySize + tagLen - } - if version > 5 { - packetLength += 2 // additional octet count fields - } - - err = serializeHeader(w, packetTypeSymmetricKeyEncrypted, packetLength) - if err != nil { - return - } - - // Symmetric Key Encrypted Version - buf := []byte{byte(version)} - - if version > 5 { - // Scalar octet count - buf = append(buf, byte(3+len(s2kBytes)+config.AEAD().Mode().IvLength())) - } - - // Cipher function - buf = append(buf, byte(cipherFunc)) - - if version >= 5 { - // AEAD mode - buf = append(buf, byte(config.AEAD().Mode())) - } - if version > 5 { - // Scalar octet count - buf = append(buf, byte(len(s2kBytes))) - } - _, err = w.Write(buf) - if err != nil { - return - } - _, err = w.Write(s2kBytes) - if err != nil { - return - } - - switch version { - case 4: - iv := make([]byte, cipherFunc.blockSize()) - c := cipher.NewCFBEncrypter(cipherFunc.new(keyEncryptingKey), iv) - encryptedCipherAndKey := make([]byte, keySize+1) - c.XORKeyStream(encryptedCipherAndKey, buf[1:]) - c.XORKeyStream(encryptedCipherAndKey[1:], sessionKey) - _, err = w.Write(encryptedCipherAndKey) - if err != nil { - return - } - case 5, 6: - mode := config.AEAD().Mode() - adata := []byte{0xc3, byte(version), byte(cipherFunc), byte(mode)} - aead := getEncryptedKeyAeadInstance(cipherFunc, mode, keyEncryptingKey, adata, version) - - // Sample iv using random reader - iv := make([]byte, config.AEAD().Mode().IvLength()) - _, err = io.ReadFull(config.Random(), iv) - if err != nil { - return - } - // Seal and write (encryptedData includes auth. tag) - - encryptedData := aead.Seal(nil, iv, sessionKey, adata) - _, err = w.Write(iv) - if err != nil { - return - } - _, err = w.Write(encryptedData) - if err != nil { - return - } - } - - return -} - -func getEncryptedKeyAeadInstance(c CipherFunction, mode AEADMode, inputKey, associatedData []byte, version int) (aead cipher.AEAD) { - var blockCipher cipher.Block - if version > 5 { - hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData) - - encryptionKey := make([]byte, c.KeySize()) - _, _ = readFull(hkdfReader, encryptionKey) - - blockCipher = c.new(encryptionKey) - } else { - blockCipher = c.new(inputKey) - } - return mode.new(blockCipher) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go deleted file mode 100644 index 0e898742cf..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go +++ /dev/null @@ -1,94 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "io" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -const aeadSaltSize = 32 - -// SymmetricallyEncrypted represents a symmetrically encrypted byte string. The -// encrypted Contents will consist of more OpenPGP packets. See RFC 4880, -// sections 5.7 and 5.13. -type SymmetricallyEncrypted struct { - Version int - Contents io.Reader // contains tag for version 2 - IntegrityProtected bool // If true it is type 18 (with MDC or AEAD). False is packet type 9 - - // Specific to version 1 - prefix []byte - - // Specific to version 2 - Cipher CipherFunction - Mode AEADMode - ChunkSizeByte byte - Salt [aeadSaltSize]byte -} - -const ( - symmetricallyEncryptedVersionMdc = 1 - symmetricallyEncryptedVersionAead = 2 -) - -func (se *SymmetricallyEncrypted) parse(r io.Reader) error { - if se.IntegrityProtected { - // See RFC 4880, section 5.13. - var buf [1]byte - _, err := readFull(r, buf[:]) - if err != nil { - return err - } - - switch buf[0] { - case symmetricallyEncryptedVersionMdc: - se.Version = symmetricallyEncryptedVersionMdc - case symmetricallyEncryptedVersionAead: - se.Version = symmetricallyEncryptedVersionAead - if err := se.parseAead(r); err != nil { - return err - } - default: - return errors.UnsupportedError("unknown SymmetricallyEncrypted version") - } - } - se.Contents = r - return nil -} - -// Decrypt returns a ReadCloser, from which the decrypted Contents of the -// packet can be read. An incorrect key will only be detected after trying -// to decrypt the entire data. -func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) { - if se.Version == symmetricallyEncryptedVersionAead { - return se.decryptAead(key) - } - - return se.decryptMdc(c, key) -} - -// SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet -// to w and returns a WriteCloser to which the to-be-encrypted packets can be -// written. -// If aeadSupported is set to true, SEIPDv2 is used with the indicated CipherSuite. -// Otherwise, SEIPDv1 is used with the indicated CipherFunction. -// Note: aeadSupported MUST match the value passed to SerializeEncryptedKeyAEAD -// and/or SerializeSymmetricKeyEncryptedAEADReuseKey. -// If config is nil, sensible defaults will be used. -func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, aeadSupported bool, cipherSuite CipherSuite, key []byte, config *Config) (Contents io.WriteCloser, err error) { - writeCloser := noOpCloser{w} - ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedIntegrityProtected) - if err != nil { - return - } - - if aeadSupported { - return serializeSymmetricallyEncryptedAead(ciphertext, cipherSuite, config.AEADConfig.ChunkSizeByte(), config.Random(), key) - } - - return serializeSymmetricallyEncryptedMdc(ciphertext, c, key, config) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go deleted file mode 100644 index 3ddc4fe4a9..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go +++ /dev/null @@ -1,168 +0,0 @@ -// Copyright 2023 Proton AG. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "crypto/cipher" - "crypto/sha256" - "fmt" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "golang.org/x/crypto/hkdf" -) - -// parseAead parses a V2 SEIPD packet (AEAD) as specified in -// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 -func (se *SymmetricallyEncrypted) parseAead(r io.Reader) error { - headerData := make([]byte, 3) - if n, err := io.ReadFull(r, headerData); n < 3 { - return errors.StructuralError("could not read aead header: " + err.Error()) - } - - // Cipher - se.Cipher = CipherFunction(headerData[0]) - // cipherFunc must have block size 16 to use AEAD - if se.Cipher.blockSize() != 16 { - return errors.UnsupportedError("invalid aead cipher: " + strconv.Itoa(int(se.Cipher))) - } - - // Mode - se.Mode = AEADMode(headerData[1]) - if se.Mode.TagLength() == 0 { - return errors.UnsupportedError("unknown aead mode: " + strconv.Itoa(int(se.Mode))) - } - - // Chunk size - se.ChunkSizeByte = headerData[2] - if se.ChunkSizeByte > 16 { - return errors.UnsupportedError("invalid aead chunk size byte: " + strconv.Itoa(int(se.ChunkSizeByte))) - } - - // Salt - if n, err := io.ReadFull(r, se.Salt[:]); n < aeadSaltSize { - return errors.StructuralError("could not read aead salt: " + err.Error()) - } - - return nil -} - -// associatedData for chunks: tag, version, cipher, mode, chunk size byte -func (se *SymmetricallyEncrypted) associatedData() []byte { - return []byte{ - 0xD2, - symmetricallyEncryptedVersionAead, - byte(se.Cipher), - byte(se.Mode), - se.ChunkSizeByte, - } -} - -// decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in -// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 -func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) { - if se.Cipher.KeySize() != len(inputKey) { - return nil, errors.StructuralError(fmt.Sprintf("invalid session key length for cipher: got %d bytes, but expected %d bytes", len(inputKey), se.Cipher.KeySize())) - } - - aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData()) - // Carry the first tagLen bytes - chunkSize := decodeAEADChunkSize(se.ChunkSizeByte) - tagLen := se.Mode.TagLength() - chunkBytes := make([]byte, chunkSize+tagLen*2) - peekedBytes := chunkBytes[chunkSize+tagLen:] - n, err := io.ReadFull(se.Contents, peekedBytes) - if n < tagLen || (err != nil && err != io.EOF) { - return nil, errors.StructuralError("not enough data to decrypt:" + err.Error()) - } - - return &aeadDecrypter{ - aeadCrypter: aeadCrypter{ - aead: aead, - chunkSize: decodeAEADChunkSize(se.ChunkSizeByte), - nonce: nonce, - associatedData: se.associatedData(), - chunkIndex: nonce[len(nonce)-8:], - packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, - }, - reader: se.Contents, - chunkBytes: chunkBytes, - peekedBytes: peekedBytes, - }, nil -} - -// serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in -// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2 -func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) { - // cipherFunc must have block size 16 to use AEAD - if cipherSuite.Cipher.blockSize() != 16 { - return nil, errors.InvalidArgumentError("invalid aead cipher function") - } - - if cipherSuite.Cipher.KeySize() != len(inputKey) { - return nil, errors.InvalidArgumentError("error in aead serialization: bad key length") - } - - // Data for en/decryption: tag, version, cipher, aead mode, chunk size - prefix := []byte{ - 0xD2, - symmetricallyEncryptedVersionAead, - byte(cipherSuite.Cipher), - byte(cipherSuite.Mode), - chunkSizeByte, - } - - // Write header (that correspond to prefix except first byte) - n, err := ciphertext.Write(prefix[1:]) - if err != nil || n < 4 { - return nil, err - } - - // Random salt - salt := make([]byte, aeadSaltSize) - if _, err := io.ReadFull(rand, salt); err != nil { - return nil, err - } - - if _, err := ciphertext.Write(salt); err != nil { - return nil, err - } - - aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix) - - chunkSize := decodeAEADChunkSize(chunkSizeByte) - tagLen := aead.Overhead() - chunkBytes := make([]byte, chunkSize+tagLen) - return &aeadEncrypter{ - aeadCrypter: aeadCrypter{ - aead: aead, - chunkSize: chunkSize, - associatedData: prefix, - nonce: nonce, - chunkIndex: nonce[len(nonce)-8:], - packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected, - }, - writer: ciphertext, - chunkBytes: chunkBytes, - }, nil -} - -func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) { - hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData) - - encryptionKey := make([]byte, c.KeySize()) - _, _ = readFull(hkdfReader, encryptionKey) - - nonce = make([]byte, mode.IvLength()) - - // Last 64 bits of nonce are the counter - _, _ = readFull(hkdfReader, nonce[:len(nonce)-8]) - - blockCipher := c.new(encryptionKey) - aead = mode.new(blockCipher) - - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go deleted file mode 100644 index 8b18623684..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go +++ /dev/null @@ -1,256 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "crypto/cipher" - "crypto/sha1" - "crypto/subtle" - "hash" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/errors" -) - -// seMdcReader wraps an io.Reader with a no-op Close method. -type seMdcReader struct { - in io.Reader -} - -func (ser seMdcReader) Read(buf []byte) (int, error) { - return ser.in.Read(buf) -} - -func (ser seMdcReader) Close() error { - return nil -} - -func (se *SymmetricallyEncrypted) decryptMdc(c CipherFunction, key []byte) (io.ReadCloser, error) { - if !c.IsSupported() { - return nil, errors.UnsupportedError("unsupported cipher: " + strconv.Itoa(int(c))) - } - - if len(key) != c.KeySize() { - return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") - } - - if se.prefix == nil { - se.prefix = make([]byte, c.blockSize()+2) - _, err := readFull(se.Contents, se.prefix) - if err != nil { - return nil, err - } - } else if len(se.prefix) != c.blockSize()+2 { - return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths") - } - - ocfbResync := OCFBResync - if se.IntegrityProtected { - // MDC packets use a different form of OCFB mode. - ocfbResync = OCFBNoResync - } - - s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync) - - plaintext := cipher.StreamReader{S: s, R: se.Contents} - - if se.IntegrityProtected { - // IntegrityProtected packets have an embedded hash that we need to check. - h := sha1.New() - h.Write(se.prefix) - return &seMDCReader{in: plaintext, h: h}, nil - } - - // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser. - return seMdcReader{plaintext}, nil -} - -const mdcTrailerSize = 1 /* tag byte */ + 1 /* length byte */ + sha1.Size - -// An seMDCReader wraps an io.Reader, maintains a running hash and keeps hold -// of the most recent 22 bytes (mdcTrailerSize). Upon EOF, those bytes form an -// MDC packet containing a hash of the previous Contents which is checked -// against the running hash. See RFC 4880, section 5.13. -type seMDCReader struct { - in io.Reader - h hash.Hash - trailer [mdcTrailerSize]byte - scratch [mdcTrailerSize]byte - trailerUsed int - error bool - eof bool -} - -func (ser *seMDCReader) Read(buf []byte) (n int, err error) { - if ser.error { - err = io.ErrUnexpectedEOF - return - } - if ser.eof { - err = io.EOF - return - } - - // If we haven't yet filled the trailer buffer then we must do that - // first. - for ser.trailerUsed < mdcTrailerSize { - n, err = ser.in.Read(ser.trailer[ser.trailerUsed:]) - ser.trailerUsed += n - if err == io.EOF { - if ser.trailerUsed != mdcTrailerSize { - n = 0 - err = io.ErrUnexpectedEOF - ser.error = true - return - } - ser.eof = true - n = 0 - return - } - - if err != nil { - n = 0 - return - } - } - - // If it's a short read then we read into a temporary buffer and shift - // the data into the caller's buffer. - if len(buf) <= mdcTrailerSize { - n, err = readFull(ser.in, ser.scratch[:len(buf)]) - copy(buf, ser.trailer[:n]) - ser.h.Write(buf[:n]) - copy(ser.trailer[:], ser.trailer[n:]) - copy(ser.trailer[mdcTrailerSize-n:], ser.scratch[:]) - if n < len(buf) { - ser.eof = true - err = io.EOF - } - return - } - - n, err = ser.in.Read(buf[mdcTrailerSize:]) - copy(buf, ser.trailer[:]) - ser.h.Write(buf[:n]) - copy(ser.trailer[:], buf[n:]) - - if err == io.EOF { - ser.eof = true - } - return -} - -// This is a new-format packet tag byte for a type 19 (Integrity Protected) packet. -const mdcPacketTagByte = byte(0x80) | 0x40 | 19 - -func (ser *seMDCReader) Close() error { - if ser.error { - return errors.ErrMDCHashMismatch - } - - for !ser.eof { - // We haven't seen EOF so we need to read to the end - var buf [1024]byte - _, err := ser.Read(buf[:]) - if err == io.EOF { - break - } - if err != nil { - return errors.ErrMDCHashMismatch - } - } - - ser.h.Write(ser.trailer[:2]) - - final := ser.h.Sum(nil) - if subtle.ConstantTimeCompare(final, ser.trailer[2:]) != 1 { - return errors.ErrMDCHashMismatch - } - // The hash already includes the MDC header, but we still check its value - // to confirm encryption correctness - if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size { - return errors.ErrMDCHashMismatch - } - return nil -} - -// An seMDCWriter writes through to an io.WriteCloser while maintains a running -// hash of the data written. On close, it emits an MDC packet containing the -// running hash. -type seMDCWriter struct { - w io.WriteCloser - h hash.Hash -} - -func (w *seMDCWriter) Write(buf []byte) (n int, err error) { - w.h.Write(buf) - return w.w.Write(buf) -} - -func (w *seMDCWriter) Close() (err error) { - var buf [mdcTrailerSize]byte - - buf[0] = mdcPacketTagByte - buf[1] = sha1.Size - w.h.Write(buf[:2]) - digest := w.h.Sum(nil) - copy(buf[2:], digest) - - _, err = w.w.Write(buf[:]) - if err != nil { - return - } - return w.w.Close() -} - -// noOpCloser is like an ioutil.NopCloser, but for an io.Writer. -type noOpCloser struct { - w io.Writer -} - -func (c noOpCloser) Write(data []byte) (n int, err error) { - return c.w.Write(data) -} - -func (c noOpCloser) Close() error { - return nil -} - -func serializeSymmetricallyEncryptedMdc(ciphertext io.WriteCloser, c CipherFunction, key []byte, config *Config) (Contents io.WriteCloser, err error) { - // Disallow old cipher suites - if !c.IsSupported() || c < CipherAES128 { - return nil, errors.InvalidArgumentError("invalid mdc cipher function") - } - - if c.KeySize() != len(key) { - return nil, errors.InvalidArgumentError("error in mdc serialization: bad key length") - } - - _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersionMdc}) - if err != nil { - return - } - - block := c.new(key) - blockSize := block.BlockSize() - iv := make([]byte, blockSize) - _, err = io.ReadFull(config.Random(), iv) - if err != nil { - return nil, err - } - s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync) - _, err = ciphertext.Write(prefix) - if err != nil { - return - } - plaintext := cipher.StreamWriter{S: s, W: ciphertext} - - h := sha1.New() - h.Write(iv) - h.Write(iv[blockSize-2:]) - Contents = &seMDCWriter{w: plaintext, h: h} - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go deleted file mode 100644 index 63814ed132..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright 2013 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "bytes" - "image" - "image/jpeg" - "io" -) - -const UserAttrImageSubpacket = 1 - -// UserAttribute is capable of storing other types of data about a user -// beyond name, email and a text comment. In practice, user attributes are typically used -// to store a signed thumbnail photo JPEG image of the user. -// See RFC 4880, section 5.12. -type UserAttribute struct { - Contents []*OpaqueSubpacket -} - -// NewUserAttributePhoto creates a user attribute packet -// containing the given images. -func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error) { - uat = new(UserAttribute) - for _, photo := range photos { - var buf bytes.Buffer - // RFC 4880, Section 5.12.1. - data := []byte{ - 0x10, 0x00, // Little-endian image header length (16 bytes) - 0x01, // Image header version 1 - 0x01, // JPEG - 0, 0, 0, 0, // 12 reserved octets, must be all zero. - 0, 0, 0, 0, - 0, 0, 0, 0} - if _, err = buf.Write(data); err != nil { - return - } - if err = jpeg.Encode(&buf, photo, nil); err != nil { - return - } - - lengthBuf := make([]byte, 5) - n := serializeSubpacketLength(lengthBuf, len(buf.Bytes())+1) - lengthBuf = lengthBuf[:n] - - uat.Contents = append(uat.Contents, &OpaqueSubpacket{ - SubType: UserAttrImageSubpacket, - EncodedLength: lengthBuf, - Contents: buf.Bytes(), - }) - } - return -} - -// NewUserAttribute creates a new user attribute packet containing the given subpackets. -func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute { - return &UserAttribute{Contents: contents} -} - -func (uat *UserAttribute) parse(r io.Reader) (err error) { - // RFC 4880, section 5.13 - b, err := io.ReadAll(r) - if err != nil { - return - } - uat.Contents, err = OpaqueSubpackets(b) - return -} - -// Serialize marshals the user attribute to w in the form of an OpenPGP packet, including -// header. -func (uat *UserAttribute) Serialize(w io.Writer) (err error) { - var buf bytes.Buffer - for _, sp := range uat.Contents { - err = sp.Serialize(&buf) - if err != nil { - return err - } - } - if err = serializeHeader(w, packetTypeUserAttribute, buf.Len()); err != nil { - return err - } - _, err = w.Write(buf.Bytes()) - return -} - -// ImageData returns zero or more byte slices, each containing -// JPEG File Interchange Format (JFIF), for each photo in the -// user attribute packet. -func (uat *UserAttribute) ImageData() (imageData [][]byte) { - for _, sp := range uat.Contents { - if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 { - imageData = append(imageData, sp.Contents[16:]) - } - } - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go deleted file mode 100644 index 3c7451a3c3..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go +++ /dev/null @@ -1,166 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package packet - -import ( - "io" - "strings" -) - -// UserId contains text that is intended to represent the name and email -// address of the key holder. See RFC 4880, section 5.11. By convention, this -// takes the form "Full Name (Comment) " -type UserId struct { - Id string // By convention, this takes the form "Full Name (Comment) " which is split out in the fields below. - - Name, Comment, Email string -} - -func hasInvalidCharacters(s string) bool { - for _, c := range s { - switch c { - case '(', ')', '<', '>', 0: - return true - } - } - return false -} - -// NewUserId returns a UserId or nil if any of the arguments contain invalid -// characters. The invalid characters are '\x00', '(', ')', '<' and '>' -func NewUserId(name, comment, email string) *UserId { - // RFC 4880 doesn't deal with the structure of userid strings; the - // name, comment and email form is just a convention. However, there's - // no convention about escaping the metacharacters and GPG just refuses - // to create user ids where, say, the name contains a '('. We mirror - // this behaviour. - - if hasInvalidCharacters(name) || hasInvalidCharacters(comment) || hasInvalidCharacters(email) { - return nil - } - - uid := new(UserId) - uid.Name, uid.Comment, uid.Email = name, comment, email - uid.Id = name - if len(comment) > 0 { - if len(uid.Id) > 0 { - uid.Id += " " - } - uid.Id += "(" - uid.Id += comment - uid.Id += ")" - } - if len(email) > 0 { - if len(uid.Id) > 0 { - uid.Id += " " - } - uid.Id += "<" - uid.Id += email - uid.Id += ">" - } - return uid -} - -func (uid *UserId) parse(r io.Reader) (err error) { - // RFC 4880, section 5.11 - b, err := io.ReadAll(r) - if err != nil { - return - } - uid.Id = string(b) - uid.Name, uid.Comment, uid.Email = parseUserId(uid.Id) - return -} - -// Serialize marshals uid to w in the form of an OpenPGP packet, including -// header. -func (uid *UserId) Serialize(w io.Writer) error { - err := serializeHeader(w, packetTypeUserId, len(uid.Id)) - if err != nil { - return err - } - _, err = w.Write([]byte(uid.Id)) - return err -} - -// parseUserId extracts the name, comment and email from a user id string that -// is formatted as "Full Name (Comment) ". -func parseUserId(id string) (name, comment, email string) { - var n, c, e struct { - start, end int - } - var state int - - for offset, rune := range id { - switch state { - case 0: - // Entering name - n.start = offset - state = 1 - fallthrough - case 1: - // In name - if rune == '(' { - state = 2 - n.end = offset - } else if rune == '<' { - state = 5 - n.end = offset - } - case 2: - // Entering comment - c.start = offset - state = 3 - fallthrough - case 3: - // In comment - if rune == ')' { - state = 4 - c.end = offset - } - case 4: - // Between comment and email - if rune == '<' { - state = 5 - } - case 5: - // Entering email - e.start = offset - state = 6 - fallthrough - case 6: - // In email - if rune == '>' { - state = 7 - e.end = offset - } - default: - // After email - } - } - switch state { - case 1: - // ended in the name - n.end = len(id) - case 3: - // ended in comment - c.end = len(id) - case 6: - // ended in email - e.end = len(id) - } - - name = strings.TrimSpace(id[n.start:n.end]) - comment = strings.TrimSpace(id[c.start:c.end]) - email = strings.TrimSpace(id[e.start:e.end]) - - // RFC 2822 3.4: alternate simple form of a mailbox - if email == "" && strings.ContainsRune(name, '@') { - email = name - name = "" - } - - return -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go deleted file mode 100644 index e6dd9b5fd3..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go +++ /dev/null @@ -1,619 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package openpgp implements high level operations on OpenPGP messages. -package openpgp // import "github.com/ProtonMail/go-crypto/openpgp" - -import ( - "crypto" - _ "crypto/sha256" - _ "crypto/sha512" - "hash" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/armor" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/packet" - _ "golang.org/x/crypto/sha3" -) - -// SignatureType is the armor type for a PGP signature. -var SignatureType = "PGP SIGNATURE" - -// readArmored reads an armored block with the given type. -func readArmored(r io.Reader, expectedType string) (body io.Reader, err error) { - block, err := armor.Decode(r) - if err != nil { - return - } - - if block.Type != expectedType { - return nil, errors.InvalidArgumentError("expected '" + expectedType + "', got: " + block.Type) - } - - return block.Body, nil -} - -// MessageDetails contains the result of parsing an OpenPGP encrypted and/or -// signed message. -type MessageDetails struct { - IsEncrypted bool // true if the message was encrypted. - EncryptedToKeyIds []uint64 // the list of recipient key ids. - IsSymmetricallyEncrypted bool // true if a passphrase could have decrypted the message. - DecryptedWith Key // the private key used to decrypt the message, if any. - IsSigned bool // true if the message is signed. - SignedByKeyId uint64 // the key id of the signer, if any. - SignedByFingerprint []byte // the key fingerprint of the signer, if any. - SignedBy *Key // the key of the signer, if available. - LiteralData *packet.LiteralData // the metadata of the contents - UnverifiedBody io.Reader // the contents of the message. - - // If IsSigned is true and SignedBy is non-zero then the signature will - // be verified as UnverifiedBody is read. The signature cannot be - // checked until the whole of UnverifiedBody is read so UnverifiedBody - // must be consumed until EOF before the data can be trusted. Even if a - // message isn't signed (or the signer is unknown) the data may contain - // an authentication code that is only checked once UnverifiedBody has - // been consumed. Once EOF has been seen, the following fields are - // valid. (An authentication code failure is reported as a - // SignatureError error when reading from UnverifiedBody.) - Signature *packet.Signature // the signature packet itself. - SignatureError error // nil if the signature is good. - UnverifiedSignatures []*packet.Signature // all other unverified signature packets. - - decrypted io.ReadCloser -} - -// A PromptFunction is used as a callback by functions that may need to decrypt -// a private key, or prompt for a passphrase. It is called with a list of -// acceptable, encrypted private keys and a boolean that indicates whether a -// passphrase is usable. It should either decrypt a private key or return a -// passphrase to try. If the decrypted private key or given passphrase isn't -// correct, the function will be called again, forever. Any error returned will -// be passed up. -type PromptFunction func(keys []Key, symmetric bool) ([]byte, error) - -// A keyEnvelopePair is used to store a private key with the envelope that -// contains a symmetric key, encrypted with that key. -type keyEnvelopePair struct { - key Key - encryptedKey *packet.EncryptedKey -} - -// ReadMessage parses an OpenPGP message that may be signed and/or encrypted. -// The given KeyRing should contain both public keys (for signature -// verification) and, possibly encrypted, private keys for decrypting. -// If config is nil, sensible defaults will be used. -func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *packet.Config) (md *MessageDetails, err error) { - var p packet.Packet - - var symKeys []*packet.SymmetricKeyEncrypted - var pubKeys []keyEnvelopePair - // Integrity protected encrypted packet: SymmetricallyEncrypted or AEADEncrypted - var edp packet.EncryptedDataPacket - - packets := packet.NewReader(r) - md = new(MessageDetails) - md.IsEncrypted = true - - // The message, if encrypted, starts with a number of packets - // containing an encrypted decryption key. The decryption key is either - // encrypted to a public key, or with a passphrase. This loop - // collects these packets. -ParsePackets: - for { - p, err = packets.Next() - if err != nil { - return nil, err - } - switch p := p.(type) { - case *packet.SymmetricKeyEncrypted: - // This packet contains the decryption key encrypted with a passphrase. - md.IsSymmetricallyEncrypted = true - symKeys = append(symKeys, p) - case *packet.EncryptedKey: - // This packet contains the decryption key encrypted to a public key. - md.EncryptedToKeyIds = append(md.EncryptedToKeyIds, p.KeyId) - switch p.Algo { - case packet.PubKeyAlgoRSA, packet.PubKeyAlgoRSAEncryptOnly, packet.PubKeyAlgoElGamal, packet.PubKeyAlgoECDH, packet.PubKeyAlgoX25519, packet.PubKeyAlgoX448: - break - default: - continue - } - if keyring != nil { - var keys []Key - if p.KeyId == 0 { - keys = keyring.DecryptionKeys() - } else { - keys = keyring.KeysById(p.KeyId) - } - for _, k := range keys { - pubKeys = append(pubKeys, keyEnvelopePair{k, p}) - } - } - case *packet.SymmetricallyEncrypted: - if !p.IntegrityProtected && !config.AllowUnauthenticatedMessages() { - return nil, errors.UnsupportedError("message is not integrity protected") - } - edp = p - break ParsePackets - case *packet.AEADEncrypted: - edp = p - break ParsePackets - case *packet.Compressed, *packet.LiteralData, *packet.OnePassSignature: - // This message isn't encrypted. - if len(symKeys) != 0 || len(pubKeys) != 0 { - return nil, errors.StructuralError("key material not followed by encrypted message") - } - packets.Unread(p) - return readSignedMessage(packets, nil, keyring, config) - } - } - - var candidates []Key - var decrypted io.ReadCloser - - // Now that we have the list of encrypted keys we need to decrypt at - // least one of them or, if we cannot, we need to call the prompt - // function so that it can decrypt a key or give us a passphrase. -FindKey: - for { - // See if any of the keys already have a private key available - candidates = candidates[:0] - candidateFingerprints := make(map[string]bool) - - for _, pk := range pubKeys { - if pk.key.PrivateKey == nil { - continue - } - if !pk.key.PrivateKey.Encrypted { - if len(pk.encryptedKey.Key) == 0 { - errDec := pk.encryptedKey.Decrypt(pk.key.PrivateKey, config) - if errDec != nil { - continue - } - } - // Try to decrypt symmetrically encrypted - decrypted, err = edp.Decrypt(pk.encryptedKey.CipherFunc, pk.encryptedKey.Key) - if err != nil && err != errors.ErrKeyIncorrect { - return nil, err - } - if decrypted != nil { - md.DecryptedWith = pk.key - break FindKey - } - } else { - fpr := string(pk.key.PublicKey.Fingerprint[:]) - if v := candidateFingerprints[fpr]; v { - continue - } - candidates = append(candidates, pk.key) - candidateFingerprints[fpr] = true - } - } - - if len(candidates) == 0 && len(symKeys) == 0 { - return nil, errors.ErrKeyIncorrect - } - - if prompt == nil { - return nil, errors.ErrKeyIncorrect - } - - passphrase, err := prompt(candidates, len(symKeys) != 0) - if err != nil { - return nil, err - } - - // Try the symmetric passphrase first - if len(symKeys) != 0 && passphrase != nil { - for _, s := range symKeys { - key, cipherFunc, err := s.Decrypt(passphrase) - // In v4, on wrong passphrase, session key decryption is very likely to result in an invalid cipherFunc: - // only for < 5% of cases we will proceed to decrypt the data - if err == nil { - decrypted, err = edp.Decrypt(cipherFunc, key) - if err != nil { - return nil, err - } - if decrypted != nil { - break FindKey - } - } - } - } - } - - md.decrypted = decrypted - if err := packets.Push(decrypted); err != nil { - return nil, err - } - mdFinal, sensitiveParsingErr := readSignedMessage(packets, md, keyring, config) - if sensitiveParsingErr != nil { - return nil, errors.HandleSensitiveParsingError(sensitiveParsingErr, md.decrypted != nil) - } - return mdFinal, nil -} - -// readSignedMessage reads a possibly signed message if mdin is non-zero then -// that structure is updated and returned. Otherwise a fresh MessageDetails is -// used. -func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing, config *packet.Config) (md *MessageDetails, err error) { - if mdin == nil { - mdin = new(MessageDetails) - } - md = mdin - - var p packet.Packet - var h hash.Hash - var wrappedHash hash.Hash - var prevLast bool -FindLiteralData: - for { - p, err = packets.Next() - if err != nil { - return nil, err - } - switch p := p.(type) { - case *packet.Compressed: - if err := packets.Push(p.Body); err != nil { - return nil, err - } - case *packet.OnePassSignature: - if prevLast { - return nil, errors.UnsupportedError("nested signature packets") - } - - if p.IsLast { - prevLast = true - } - - h, wrappedHash, err = hashForSignature(p.Hash, p.SigType, p.Salt) - if err != nil { - md.SignatureError = err - } - - md.IsSigned = true - if p.Version == 6 { - md.SignedByFingerprint = p.KeyFingerprint - } - md.SignedByKeyId = p.KeyId - - if keyring != nil { - keys := keyring.KeysByIdUsage(p.KeyId, packet.KeyFlagSign) - if len(keys) > 0 { - md.SignedBy = &keys[0] - } - } - case *packet.LiteralData: - md.LiteralData = p - break FindLiteralData - } - } - - if md.IsSigned && md.SignatureError == nil { - md.UnverifiedBody = &signatureCheckReader{packets, h, wrappedHash, md, config} - } else if md.decrypted != nil { - md.UnverifiedBody = &checkReader{md, false} - } else { - md.UnverifiedBody = md.LiteralData.Body - } - - return md, nil -} - -func wrapHashForSignature(hashFunc hash.Hash, sigType packet.SignatureType) (hash.Hash, error) { - switch sigType { - case packet.SigTypeBinary: - return hashFunc, nil - case packet.SigTypeText: - return NewCanonicalTextHash(hashFunc), nil - } - return nil, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType))) -} - -// hashForSignature returns a pair of hashes that can be used to verify a -// signature. The signature may specify that the contents of the signed message -// should be preprocessed (i.e. to normalize line endings). Thus this function -// returns two hashes. The second should be used to hash the message itself and -// performs any needed preprocessing. -func hashForSignature(hashFunc crypto.Hash, sigType packet.SignatureType, sigSalt []byte) (hash.Hash, hash.Hash, error) { - if _, ok := algorithm.HashToHashIdWithSha1(hashFunc); !ok { - return nil, nil, errors.UnsupportedError("unsupported hash function") - } - if !hashFunc.Available() { - return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashFunc))) - } - h := hashFunc.New() - if sigSalt != nil { - h.Write(sigSalt) - } - wrappedHash, err := wrapHashForSignature(h, sigType) - if err != nil { - return nil, nil, err - } - switch sigType { - case packet.SigTypeBinary: - return h, wrappedHash, nil - case packet.SigTypeText: - return h, wrappedHash, nil - } - return nil, nil, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType))) -} - -// checkReader wraps an io.Reader from a LiteralData packet. When it sees EOF -// it closes the ReadCloser from any SymmetricallyEncrypted packet to trigger -// MDC checks. -type checkReader struct { - md *MessageDetails - checked bool -} - -func (cr *checkReader) Read(buf []byte) (int, error) { - n, sensitiveParsingError := cr.md.LiteralData.Body.Read(buf) - if sensitiveParsingError == io.EOF { - if cr.checked { - // Only check once - return n, io.EOF - } - mdcErr := cr.md.decrypted.Close() - if mdcErr != nil { - return n, mdcErr - } - cr.checked = true - return n, io.EOF - } - - if sensitiveParsingError != nil { - return n, errors.HandleSensitiveParsingError(sensitiveParsingError, true) - } - - return n, nil -} - -// signatureCheckReader wraps an io.Reader from a LiteralData packet and hashes -// the data as it is read. When it sees an EOF from the underlying io.Reader -// it parses and checks a trailing Signature packet and triggers any MDC checks. -type signatureCheckReader struct { - packets *packet.Reader - h, wrappedHash hash.Hash - md *MessageDetails - config *packet.Config -} - -func (scr *signatureCheckReader) Read(buf []byte) (int, error) { - n, sensitiveParsingError := scr.md.LiteralData.Body.Read(buf) - - // Hash only if required - if scr.md.SignedBy != nil { - scr.wrappedHash.Write(buf[:n]) - } - - readsDecryptedData := scr.md.decrypted != nil - if sensitiveParsingError == io.EOF { - var p packet.Packet - var readError error - var sig *packet.Signature - - p, readError = scr.packets.Next() - for readError == nil { - var ok bool - if sig, ok = p.(*packet.Signature); ok { - if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) { - sig.Metadata = scr.md.LiteralData - } - - // If signature KeyID matches - if scr.md.SignedBy != nil && *sig.IssuerKeyId == scr.md.SignedByKeyId { - key := scr.md.SignedBy - signatureError := key.PublicKey.VerifySignature(scr.h, sig) - if signatureError == nil { - signatureError = checkMessageSignatureDetails(key, sig, scr.config) - } - scr.md.Signature = sig - scr.md.SignatureError = signatureError - } else { - scr.md.UnverifiedSignatures = append(scr.md.UnverifiedSignatures, sig) - } - } - - p, readError = scr.packets.Next() - } - - if scr.md.SignedBy != nil && scr.md.Signature == nil { - if scr.md.UnverifiedSignatures == nil { - scr.md.SignatureError = errors.StructuralError("LiteralData not followed by signature") - } else { - scr.md.SignatureError = errors.StructuralError("No matching signature found") - } - } - - // The SymmetricallyEncrypted packet, if any, might have an - // unsigned hash of its own. In order to check this we need to - // close that Reader. - if scr.md.decrypted != nil { - if sensitiveParsingError := scr.md.decrypted.Close(); sensitiveParsingError != nil { - return n, errors.HandleSensitiveParsingError(sensitiveParsingError, true) - } - } - return n, io.EOF - } - - if sensitiveParsingError != nil { - return n, errors.HandleSensitiveParsingError(sensitiveParsingError, readsDecryptedData) - } - - return n, nil -} - -// VerifyDetachedSignature takes a signed file and a detached signature and -// returns the signature packet and the entity the signature was signed by, -// if any, and a possible signature verification error. -// If the signer isn't known, ErrUnknownIssuer is returned. -func VerifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) { - return verifyDetachedSignature(keyring, signed, signature, nil, false, config) -} - -// VerifyDetachedSignatureAndHash performs the same actions as -// VerifyDetachedSignature and checks that the expected hash functions were used. -func VerifyDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) { - return verifyDetachedSignature(keyring, signed, signature, expectedHashes, true, config) -} - -// CheckDetachedSignature takes a signed file and a detached signature and -// returns the entity the signature was signed by, if any, and a possible -// signature verification error. If the signer isn't known, -// ErrUnknownIssuer is returned. -func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) { - _, signer, err = verifyDetachedSignature(keyring, signed, signature, nil, false, config) - return -} - -// CheckDetachedSignatureAndHash performs the same actions as -// CheckDetachedSignature and checks that the expected hash functions were used. -func CheckDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (signer *Entity, err error) { - _, signer, err = verifyDetachedSignature(keyring, signed, signature, expectedHashes, true, config) - return -} - -func verifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, checkHashes bool, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) { - var issuerKeyId uint64 - var hashFunc crypto.Hash - var sigType packet.SignatureType - var keys []Key - var p packet.Packet - - packets := packet.NewReader(signature) - for { - p, err = packets.Next() - if err == io.EOF { - return nil, nil, errors.ErrUnknownIssuer - } - if err != nil { - return nil, nil, err - } - - var ok bool - sig, ok = p.(*packet.Signature) - if !ok { - return nil, nil, errors.StructuralError("non signature packet found") - } - if sig.IssuerKeyId == nil { - return nil, nil, errors.StructuralError("signature doesn't have an issuer") - } - issuerKeyId = *sig.IssuerKeyId - hashFunc = sig.Hash - sigType = sig.SigType - if checkHashes { - matchFound := false - // check for hashes - for _, expectedHash := range expectedHashes { - if hashFunc == expectedHash { - matchFound = true - break - } - } - if !matchFound { - return nil, nil, errors.StructuralError("hash algorithm or salt mismatch with cleartext message headers") - } - } - keys = keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign) - if len(keys) > 0 { - break - } - } - - if len(keys) == 0 { - panic("unreachable") - } - - h, err := sig.PrepareVerify() - if err != nil { - return nil, nil, err - } - wrappedHash, err := wrapHashForSignature(h, sigType) - if err != nil { - return nil, nil, err - } - - if _, err := io.Copy(wrappedHash, signed); err != nil && err != io.EOF { - return nil, nil, err - } - - for _, key := range keys { - err = key.PublicKey.VerifySignature(h, sig) - if err == nil { - return sig, key.Entity, checkMessageSignatureDetails(&key, sig, config) - } - } - - return nil, nil, err -} - -// CheckArmoredDetachedSignature performs the same actions as -// CheckDetachedSignature but expects the signature to be armored. -func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) { - body, err := readArmored(signature, SignatureType) - if err != nil { - return - } - - return CheckDetachedSignature(keyring, signed, body, config) -} - -// checkMessageSignatureDetails returns an error if: -// - The signature (or one of the binding signatures mentioned below) -// has a unknown critical notation data subpacket -// - The primary key of the signing entity is revoked -// - The primary identity is revoked -// - The signature is expired -// - The primary key of the signing entity is expired according to the -// primary identity binding signature -// -// ... or, if the signature was signed by a subkey and: -// - The signing subkey is revoked -// - The signing subkey is expired according to the subkey binding signature -// - The signing subkey binding signature is expired -// - The signing subkey cross-signature is expired -// -// NOTE: The order of these checks is important, as the caller may choose to -// ignore ErrSignatureExpired or ErrKeyExpired errors, but should never -// ignore any other errors. -func checkMessageSignatureDetails(key *Key, signature *packet.Signature, config *packet.Config) error { - now := config.Now() - primarySelfSignature, primaryIdentity := key.Entity.PrimarySelfSignature() - signedBySubKey := key.PublicKey != key.Entity.PrimaryKey - sigsToCheck := []*packet.Signature{signature, primarySelfSignature} - if signedBySubKey { - sigsToCheck = append(sigsToCheck, key.SelfSignature, key.SelfSignature.EmbeddedSignature) - } - for _, sig := range sigsToCheck { - for _, notation := range sig.Notations { - if notation.IsCritical && !config.KnownNotation(notation.Name) { - return errors.SignatureError("unknown critical notation: " + notation.Name) - } - } - } - if key.Entity.Revoked(now) || // primary key is revoked - (signedBySubKey && key.Revoked(now)) || // subkey is revoked - (primaryIdentity != nil && primaryIdentity.Revoked(now)) { // primary identity is revoked for v4 - return errors.ErrKeyRevoked - } - if key.Entity.PrimaryKey.KeyExpired(primarySelfSignature, now) { // primary key is expired - return errors.ErrKeyExpired - } - if signedBySubKey { - if key.PublicKey.KeyExpired(key.SelfSignature, now) { // subkey is expired - return errors.ErrKeyExpired - } - } - for _, sig := range sigsToCheck { - if sig.SigExpired(now) { // any of the relevant signatures are expired - return errors.ErrSignatureExpired - } - } - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go deleted file mode 100644 index 670d60226a..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go +++ /dev/null @@ -1,457 +0,0 @@ -package openpgp - -const testKey1KeyId uint64 = 0xA34D7E18C20C31BB -const testKey3KeyId uint64 = 0x338934250CCC0360 -const testKeyP256KeyId uint64 = 0xd44a2c495918513e - -const signedInput = "Signed message\nline 2\nline 3\n" -const signedTextInput = "Signed message\r\nline 2\r\nline 3\r\n" - -const recipientUnspecifiedHex = "848c0300000000000000000103ff62d4d578d03cf40c3da998dfe216c074fa6ddec5e31c197c9666ba292830d91d18716a80f699f9d897389a90e6d62d0238f5f07a5248073c0f24920e4bc4a30c2d17ee4e0cae7c3d4aaa4e8dced50e3010a80ee692175fa0385f62ecca4b56ee6e9980aa3ec51b61b077096ac9e800edaf161268593eedb6cc7027ff5cb32745d250010d407a6221ae22ef18469b444f2822478c4d190b24d36371a95cb40087cdd42d9399c3d06a53c0673349bfb607927f20d1e122bde1e2bf3aa6cae6edf489629bcaa0689539ae3b718914d88ededc3b" - -const detachedSignatureHex = "889c04000102000605024d449cd1000a0910a34d7e18c20c31bb167603ff57718d09f28a519fdc7b5a68b6a3336da04df85e38c5cd5d5bd2092fa4629848a33d85b1729402a2aab39c3ac19f9d573f773cc62c264dc924c067a79dfd8a863ae06c7c8686120760749f5fd9b1e03a64d20a7df3446ddc8f0aeadeaeba7cbaee5c1e366d65b6a0c6cc749bcb912d2f15013f812795c2e29eb7f7b77f39ce77" - -const detachedSignatureTextHex = "889c04010102000605024d449d21000a0910a34d7e18c20c31bbc8c60400a24fbef7342603a41cb1165767bd18985d015fb72fe05db42db36cfb2f1d455967f1e491194fbf6cf88146222b23bf6ffbd50d17598d976a0417d3192ff9cc0034fd00f287b02e90418bbefe609484b09231e4e7a5f3562e199bf39909ab5276c4d37382fe088f6b5c3426fc1052865da8b3ab158672d58b6264b10823dc4b39" - -const detachedSignatureDSAHex = "884604001102000605024d6c4eac000a0910338934250ccc0360f18d00a087d743d6405ed7b87755476629600b8b694a39e900a0abff8126f46faf1547c1743c37b21b4ea15b8f83" - -const detachedSignatureP256Hex = "885e0400130a0006050256e5bb00000a0910d44a2c495918513edef001009841a4f792beb0befccb35c8838a6a87d9b936beaa86db6745ddc7b045eee0cf00fd1ac1f78306b17e965935dd3f8bae4587a76587e4af231efe19cc4011a8434817" - -// The plaintext is https://www.gutenberg.org/cache/epub/1080/pg1080.txt -const modestProposalSha512 = "lbbrB1+WP3T9AaC9OQqBdOcCjgeEQadlulXsNPgVx0tyqPzDHwUugZ2gE7V0ESKAw6kAVfgkcuvfgxAAGaeHtw==" - -const testKeys1And2Hex = "988d044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd0011010001b41054657374204b6579203120285253412988b804130102002205024d3c5c10021b03060b090807030206150802090a0b0416020301021e01021780000a0910a34d7e18c20c31bbb5b304009cc45fe610b641a2c146331be94dade0a396e73ca725e1b25c21708d9cab46ecca5ccebc23055879df8f99eea39b377962a400f2ebdc36a7c99c333d74aeba346315137c3ff9d0a09b0273299090343048afb8107cf94cbd1400e3026f0ccac7ecebbc4d78588eb3e478fe2754d3ca664bcf3eac96ca4a6b0c8d7df5102f60f6b0020003b88d044d3c5c10010400b201df61d67487301f11879d514f4248ade90c8f68c7af1284c161098de4c28c2850f1ec7b8e30f959793e571542ffc6532189409cb51c3d30dad78c4ad5165eda18b20d9826d8707d0f742e2ab492103a85bbd9ddf4f5720f6de7064feb0d39ee002219765bb07bcfb8b877f47abe270ddeda4f676108cecb6b9bb2ad484a4f0011010001889f04180102000905024d3c5c10021b0c000a0910a34d7e18c20c31bb1a03040085c8d62e16d05dc4e9dad64953c8a2eed8b6c12f92b1575eeaa6dcf7be9473dd5b24b37b6dffbb4e7c99ed1bd3cb11634be19b3e6e207bed7505c7ca111ccf47cb323bf1f8851eb6360e8034cbff8dd149993c959de89f8f77f38e7e98b8e3076323aa719328e2b408db5ec0d03936efd57422ba04f925cdc7b4c1af7590e40ab0020003988d044d3c5c33010400b488c3e5f83f4d561f317817538d9d0397981e9aef1321ca68ebfae1cf8b7d388e19f4b5a24a82e2fbbf1c6c26557a6c5845307a03d815756f564ac7325b02bc83e87d5480a8fae848f07cb891f2d51ce7df83dcafdc12324517c86d472cc0ee10d47a68fd1d9ae49a6c19bbd36d82af597a0d88cc9c49de9df4e696fc1f0b5d0011010001b42754657374204b6579203220285253412c20656e637279707465642070726976617465206b65792988b804130102002205024d3c5c33021b03060b090807030206150802090a0b0416020301021e01021780000a0910d4984f961e35246b98940400908a73b6a6169f700434f076c6c79015a49bee37130eaf23aaa3cfa9ce60bfe4acaa7bc95f1146ada5867e0079babb38804891f4f0b8ebca57a86b249dee786161a755b7a342e68ccf3f78ed6440a93a6626beb9a37aa66afcd4f888790cb4bb46d94a4ae3eb3d7d3e6b00f6bfec940303e89ec5b32a1eaaacce66497d539328b0020003b88d044d3c5c33010400a4e913f9442abcc7f1804ccab27d2f787ffa592077ca935a8bb23165bd8d57576acac647cc596b2c3f814518cc8c82953c7a4478f32e0cf645630a5ba38d9618ef2bc3add69d459ae3dece5cab778938d988239f8c5ae437807075e06c828019959c644ff05ef6a5a1dab72227c98e3a040b0cf219026640698d7a13d8538a570011010001889f04180102000905024d3c5c33021b0c000a0910d4984f961e35246b26c703ff7ee29ef53bc1ae1ead533c408fa136db508434e233d6e62be621e031e5940bbd4c08142aed0f82217e7c3e1ec8de574bc06ccf3c36633be41ad78a9eacd209f861cae7b064100758545cc9dd83db71806dc1cfd5fb9ae5c7474bba0c19c44034ae61bae5eca379383339dece94ff56ff7aa44a582f3e5c38f45763af577c0934b0020003" - -const testKeys1And2PrivateHex = "9501d8044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd00110100010003ff4d91393b9a8e3430b14d6209df42f98dc927425b881f1209f319220841273a802a97c7bdb8b3a7740b3ab5866c4d1d308ad0d3a79bd1e883aacf1ac92dfe720285d10d08752a7efe3c609b1d00f17f2805b217be53999a7da7e493bfc3e9618fd17018991b8128aea70a05dbce30e4fbe626aa45775fa255dd9177aabf4df7cf0200c1ded12566e4bc2bb590455e5becfb2e2c9796482270a943343a7835de41080582c2be3caf5981aa838140e97afa40ad652a0b544f83eb1833b0957dce26e47b0200eacd6046741e9ce2ec5beb6fb5e6335457844fb09477f83b050a96be7da043e17f3a9523567ed40e7a521f818813a8b8a72209f1442844843ccc7eb9805442570200bdafe0438d97ac36e773c7162028d65844c4d463e2420aa2228c6e50dc2743c3d6c72d0d782a5173fe7be2169c8a9f4ef8a7cf3e37165e8c61b89c346cdc6c1799d2b41054657374204b6579203120285253412988b804130102002205024d3c5c10021b03060b090807030206150802090a0b0416020301021e01021780000a0910a34d7e18c20c31bbb5b304009cc45fe610b641a2c146331be94dade0a396e73ca725e1b25c21708d9cab46ecca5ccebc23055879df8f99eea39b377962a400f2ebdc36a7c99c333d74aeba346315137c3ff9d0a09b0273299090343048afb8107cf94cbd1400e3026f0ccac7ecebbc4d78588eb3e478fe2754d3ca664bcf3eac96ca4a6b0c8d7df5102f60f6b00200009d01d8044d3c5c10010400b201df61d67487301f11879d514f4248ade90c8f68c7af1284c161098de4c28c2850f1ec7b8e30f959793e571542ffc6532189409cb51c3d30dad78c4ad5165eda18b20d9826d8707d0f742e2ab492103a85bbd9ddf4f5720f6de7064feb0d39ee002219765bb07bcfb8b877f47abe270ddeda4f676108cecb6b9bb2ad484a4f00110100010003fd17a7490c22a79c59281fb7b20f5e6553ec0c1637ae382e8adaea295f50241037f8997cf42c1ce26417e015091451b15424b2c59eb8d4161b0975630408e394d3b00f88d4b4e18e2cc85e8251d4753a27c639c83f5ad4a571c4f19d7cd460b9b73c25ade730c99df09637bd173d8e3e981ac64432078263bb6dc30d3e974150dd0200d0ee05be3d4604d2146fb0457f31ba17c057560785aa804e8ca5530a7cd81d3440d0f4ba6851efcfd3954b7e68908fc0ba47f7ac37bf559c6c168b70d3a7c8cd0200da1c677c4bce06a068070f2b3733b0a714e88d62aa3f9a26c6f5216d48d5c2b5624144f3807c0df30be66b3268eeeca4df1fbded58faf49fc95dc3c35f134f8b01fd1396b6c0fc1b6c4f0eb8f5e44b8eace1e6073e20d0b8bc5385f86f1cf3f050f66af789f3ef1fc107b7f4421e19e0349c730c68f0a226981f4e889054fdb4dc149e8e889f04180102000905024d3c5c10021b0c000a0910a34d7e18c20c31bb1a03040085c8d62e16d05dc4e9dad64953c8a2eed8b6c12f92b1575eeaa6dcf7be9473dd5b24b37b6dffbb4e7c99ed1bd3cb11634be19b3e6e207bed7505c7ca111ccf47cb323bf1f8851eb6360e8034cbff8dd149993c959de89f8f77f38e7e98b8e3076323aa719328e2b408db5ec0d03936efd57422ba04f925cdc7b4c1af7590e40ab00200009501fe044d3c5c33010400b488c3e5f83f4d561f317817538d9d0397981e9aef1321ca68ebfae1cf8b7d388e19f4b5a24a82e2fbbf1c6c26557a6c5845307a03d815756f564ac7325b02bc83e87d5480a8fae848f07cb891f2d51ce7df83dcafdc12324517c86d472cc0ee10d47a68fd1d9ae49a6c19bbd36d82af597a0d88cc9c49de9df4e696fc1f0b5d0011010001fe030302e9030f3c783e14856063f16938530e148bc57a7aa3f3e4f90df9dceccdc779bc0835e1ad3d006e4a8d7b36d08b8e0de5a0d947254ecfbd22037e6572b426bcfdc517796b224b0036ff90bc574b5509bede85512f2eefb520fb4b02aa523ba739bff424a6fe81c5041f253f8d757e69a503d3563a104d0d49e9e890b9d0c26f96b55b743883b472caa7050c4acfd4a21f875bdf1258d88bd61224d303dc9df77f743137d51e6d5246b88c406780528fd9a3e15bab5452e5b93970d9dcc79f48b38651b9f15bfbcf6da452837e9cc70683d1bdca94507870f743e4ad902005812488dd342f836e72869afd00ce1850eea4cfa53ce10e3608e13d3c149394ee3cbd0e23d018fcbcb6e2ec5a1a22972d1d462ca05355d0d290dd2751e550d5efb38c6c89686344df64852bf4ff86638708f644e8ec6bd4af9b50d8541cb91891a431326ab2e332faa7ae86cfb6e0540aa63160c1e5cdd5a4add518b303fff0a20117c6bc77f7cfbaf36b04c865c6c2b42754657374204b6579203220285253412c20656e637279707465642070726976617465206b65792988b804130102002205024d3c5c33021b03060b090807030206150802090a0b0416020301021e01021780000a0910d4984f961e35246b98940400908a73b6a6169f700434f076c6c79015a49bee37130eaf23aaa3cfa9ce60bfe4acaa7bc95f1146ada5867e0079babb38804891f4f0b8ebca57a86b249dee786161a755b7a342e68ccf3f78ed6440a93a6626beb9a37aa66afcd4f888790cb4bb46d94a4ae3eb3d7d3e6b00f6bfec940303e89ec5b32a1eaaacce66497d539328b00200009d01fe044d3c5c33010400a4e913f9442abcc7f1804ccab27d2f787ffa592077ca935a8bb23165bd8d57576acac647cc596b2c3f814518cc8c82953c7a4478f32e0cf645630a5ba38d9618ef2bc3add69d459ae3dece5cab778938d988239f8c5ae437807075e06c828019959c644ff05ef6a5a1dab72227c98e3a040b0cf219026640698d7a13d8538a570011010001fe030302e9030f3c783e148560f936097339ae381d63116efcf802ff8b1c9360767db5219cc987375702a4123fd8657d3e22700f23f95020d1b261eda5257e9a72f9a918e8ef22dd5b3323ae03bbc1923dd224db988cadc16acc04b120a9f8b7e84da9716c53e0334d7b66586ddb9014df604b41be1e960dcfcbc96f4ed150a1a0dd070b9eb14276b9b6be413a769a75b519a53d3ecc0c220e85cd91ca354d57e7344517e64b43b6e29823cbd87eae26e2b2e78e6dedfbb76e3e9f77bcb844f9a8932eb3db2c3f9e44316e6f5d60e9e2a56e46b72abe6b06dc9a31cc63f10023d1f5e12d2a3ee93b675c96f504af0001220991c88db759e231b3320dcedf814dcf723fd9857e3d72d66a0f2af26950b915abdf56c1596f46a325bf17ad4810d3535fb02a259b247ac3dbd4cc3ecf9c51b6c07cebb009c1506fba0a89321ec8683e3fd009a6e551d50243e2d5092fefb3321083a4bad91320dc624bd6b5dddf93553e3d53924c05bfebec1fb4bd47e89a1a889f04180102000905024d3c5c33021b0c000a0910d4984f961e35246b26c703ff7ee29ef53bc1ae1ead533c408fa136db508434e233d6e62be621e031e5940bbd4c08142aed0f82217e7c3e1ec8de574bc06ccf3c36633be41ad78a9eacd209f861cae7b064100758545cc9dd83db71806dc1cfd5fb9ae5c7474bba0c19c44034ae61bae5eca379383339dece94ff56ff7aa44a582f3e5c38f45763af577c0934b0020000" - -const dsaElGamalTestKeysHex = "9501e1044dfcb16a110400aa3e5c1a1f43dd28c2ffae8abf5cfce555ee874134d8ba0a0f7b868ce2214beddc74e5e1e21ded354a95d18acdaf69e5e342371a71fbb9093162e0c5f3427de413a7f2c157d83f5cd2f9d791256dc4f6f0e13f13c3302af27f2384075ab3021dff7a050e14854bbde0a1094174855fc02f0bae8e00a340d94a1f22b32e48485700a0cec672ac21258fb95f61de2ce1af74b2c4fa3e6703ff698edc9be22c02ae4d916e4fa223f819d46582c0516235848a77b577ea49018dcd5e9e15cff9dbb4663a1ae6dd7580fa40946d40c05f72814b0f88481207e6c0832c3bded4853ebba0a7e3bd8e8c66df33d5a537cd4acf946d1080e7a3dcea679cb2b11a72a33a2b6a9dc85f466ad2ddf4c3db6283fa645343286971e3dd700703fc0c4e290d45767f370831a90187e74e9972aae5bff488eeff7d620af0362bfb95c1a6c3413ab5d15a2e4139e5d07a54d72583914661ed6a87cce810be28a0aa8879a2dd39e52fb6fe800f4f181ac7e328f740cde3d09a05cecf9483e4cca4253e60d4429ffd679d9996a520012aad119878c941e3cf151459873bdfc2a9563472fe0303027a728f9feb3b864260a1babe83925ce794710cfd642ee4ae0e5b9d74cee49e9c67b6cd0ea5dfbb582132195a121356a1513e1bca73e5b80c58c7ccb4164453412f456c47616d616c2054657374204b65792031886204131102002205024dfcb16a021b03060b090807030206150802090a0b0416020301021e01021780000a091033af447ccd759b09fadd00a0b8fd6f5a790bad7e9f2dbb7632046dc4493588db009c087c6a9ba9f7f49fab221587a74788c00db4889ab00200009d0157044dfcb16a1004008dec3f9291205255ccff8c532318133a6840739dd68b03ba942676f9038612071447bf07d00d559c5c0875724ea16a4c774f80d8338b55fca691a0522e530e604215b467bbc9ccfd483a1da99d7bc2648b4318fdbd27766fc8bfad3fddb37c62b8ae7ccfe9577e9b8d1e77c1d417ed2c2ef02d52f4da11600d85d3229607943700030503ff506c94c87c8cab778e963b76cf63770f0a79bf48fb49d3b4e52234620fc9f7657f9f8d56c96a2b7c7826ae6b57ebb2221a3fe154b03b6637cea7e6d98e3e45d87cf8dc432f723d3d71f89c5192ac8d7290684d2c25ce55846a80c9a7823f6acd9bb29fa6cd71f20bc90eccfca20451d0c976e460e672b000df49466408d527affe0303027a728f9feb3b864260abd761730327bca2aaa4ea0525c175e92bf240682a0e83b226f97ecb2e935b62c9a133858ce31b271fa8eb41f6a1b3cd72a63025ce1a75ee4180dcc284884904181102000905024dfcb16a021b0c000a091033af447ccd759b09dd0b009e3c3e7296092c81bee5a19929462caaf2fff3ae26009e218c437a2340e7ea628149af1ec98ec091a43992b00200009501e1044dfcb1be1104009f61faa61aa43df75d128cbe53de528c4aec49ce9360c992e70c77072ad5623de0a3a6212771b66b39a30dad6781799e92608316900518ec01184a85d872365b7d2ba4bacfb5882ea3c2473d3750dc6178cc1cf82147fb58caa28b28e9f12f6d1efcb0534abed644156c91cca4ab78834268495160b2400bc422beb37d237c2300a0cac94911b6d493bda1e1fbc6feeca7cb7421d34b03fe22cec6ccb39675bb7b94a335c2b7be888fd3906a1125f33301d8aa6ec6ee6878f46f73961c8d57a3e9544d8ef2a2cbfd4d52da665b1266928cfe4cb347a58c412815f3b2d2369dec04b41ac9a71cc9547426d5ab941cccf3b18575637ccfb42df1a802df3cfe0a999f9e7109331170e3a221991bf868543960f8c816c28097e503fe319db10fb98049f3a57d7c80c420da66d56f3644371631fad3f0ff4040a19a4fedc2d07727a1b27576f75a4d28c47d8246f27071e12d7a8de62aad216ddbae6aa02efd6b8a3e2818cda48526549791ab277e447b3a36c57cefe9b592f5eab73959743fcc8e83cbefec03a329b55018b53eec196765ae40ef9e20521a603c551efe0303020950d53a146bf9c66034d00c23130cce95576a2ff78016ca471276e8227fb30b1ffbd92e61804fb0c3eff9e30b1a826ee8f3e4730b4d86273ca977b4164453412f456c47616d616c2054657374204b65792032886204131102002205024dfcb1be021b03060b090807030206150802090a0b0416020301021e01021780000a0910a86bf526325b21b22bd9009e34511620415c974750a20df5cb56b182f3b48e6600a0a9466cb1a1305a84953445f77d461593f1d42bc1b00200009d0157044dfcb1be1004009565a951da1ee87119d600c077198f1c1bceb0f7aa54552489298e41ff788fa8f0d43a69871f0f6f77ebdfb14a4260cf9fbeb65d5844b4272a1904dd95136d06c3da745dc46327dd44a0f16f60135914368c8039a34033862261806bb2c5ce1152e2840254697872c85441ccb7321431d75a747a4bfb1d2c66362b51ce76311700030503fc0ea76601c196768070b7365a200e6ddb09307f262d5f39eec467b5f5784e22abdf1aa49226f59ab37cb49969d8f5230ea65caf56015abda62604544ed526c5c522bf92bed178a078789f6c807b6d34885688024a5bed9e9f8c58d11d4b82487b44c5f470c5606806a0443b79cadb45e0f897a561a53f724e5349b9267c75ca17fe0303020950d53a146bf9c660bc5f4ce8f072465e2d2466434320c1e712272fafc20e342fe7608101580fa1a1a367e60486a7cd1246b7ef5586cf5e10b32762b710a30144f12dd17dd4884904181102000905024dfcb1be021b0c000a0910a86bf526325b21b2904c00a0b2b66b4b39ccffda1d10f3ea8d58f827e30a8b8e009f4255b2d8112a184e40cde43a34e8655ca7809370b0020000" - -const ed25519wX25519Key = "c54b0663877fe31b00000020f94da7bb48d60a61e567706a6587d0331999bb9d891a08242ead84543df895a3001972817b12be707e8d5f586ce61361201d344eb266a2c82fde6835762b65b0b7c2b1061f1b0a00000042058263877fe3030b090705150a0e080c021600029b03021e09222106cb186c4f0609a697e4d52dfa6c722b0c1f1e27c18a56708f6525ec27bad9acc905270902070200000000ad2820103e2d7d227ec0e6d7ce4471db36bfc97083253690271498a7ef0576c07faae14585b3b903b0127ec4fda2f023045a2ec76bcb4f9571a9651e14aee1137a1d668442c88f951e33c4ffd33fb9a17d511eed758fc6d9cc50cb5fd793b2039d5804c74b0663877fe319000000208693248367f9e5015db922f8f48095dda784987f2d5985b12fbad16caf5e4435004d600a4f794d44775c57a26e0feefed558e9afffd6ad0d582d57fb2ba2dcedb8c29b06181b0a0000002c050263877fe322a106cb186c4f0609a697e4d52dfa6c722b0c1f1e27c18a56708f6525ec27bad9acc9021b0c00000000defa20a6e9186d9d5935fc8fe56314cdb527486a5a5120f9b762a235a729f039010a56b89c658568341fbef3b894e9834ad9bc72afae2f4c9c47a43855e65f1cb0a3f77bbc5f61085c1f8249fe4e7ca59af5f0bcee9398e0fa8d76e522e1d8ab42bb0d" - -const signedMessageHex = "a3019bc0cbccc0c4b8d8b74ee2108fe16ec6d3ca490cbe362d3f8333d3f352531472538b8b13d353b97232f352158c20943157c71c16064626063656269052062e4e01987e9b6fccff4b7df3a34c534b23e679cbec3bc0f8f6e64dfb4b55fe3f8efa9ce110ddb5cd79faf1d753c51aecfa669f7e7aa043436596cccc3359cb7dd6bbe9ecaa69e5989d9e57209571edc0b2fa7f57b9b79a64ee6e99ce1371395fee92fec2796f7b15a77c386ff668ee27f6d38f0baa6c438b561657377bf6acff3c5947befd7bf4c196252f1d6e5c524d0300" - -const signedTextMessageHex = "a3019bc0cbccc8c4b8d8b74ee2108fe16ec6d36a250cbece0c178233d3f352531472538b8b13d35379b97232f352158ca0b4312f57c71c1646462606365626906a062e4e019811591798ff99bf8afee860b0d8a8c2a85c3387e3bcf0bb3b17987f2bbcfab2aa526d930cbfd3d98757184df3995c9f3e7790e36e3e9779f06089d4c64e9e47dd6202cb6e9bc73c5d11bb59fbaf89d22d8dc7cf199ddf17af96e77c5f65f9bbed56f427bd8db7af37f6c9984bf9385efaf5f184f986fb3e6adb0ecfe35bbf92d16a7aa2a344fb0bc52fb7624f0200" - -const signedEncryptedMessageHex = "c18c032a67d68660df41c70103ff5a84c9a72f80e74ef0384c2d6a9ebfe2b09e06a8f298394f6d2abf174e40934ab0ec01fb2d0ddf21211c6fe13eb238563663b017a6b44edca552eb4736c4b7dc6ed907dd9e12a21b51b64b46f902f76fb7aaf805c1db8070574d8d0431a23e324a750f77fb72340a17a42300ee4ca8207301e95a731da229a63ab9c6b44541fbd2c11d016d810b3b3b2b38f15b5b40f0a4910332829c2062f1f7cc61f5b03677d73c54cafa1004ced41f315d46444946faae571d6f426e6dbd45d9780eb466df042005298adabf7ce0ef766dfeb94cd449c7ed0046c880339599c4711af073ce649b1e237c40b50a5536283e03bdbb7afad78bd08707715c67fb43295f905b4c479178809d429a8e167a9a8c6dfd8ab20b4edebdc38d6dec879a3202e1b752690d9bb5b0c07c5a227c79cc200e713a99251a4219d62ad5556900cf69bd384b6c8e726c7be267471d0d23af956da165af4af757246c2ebcc302b39e8ef2fccb4971b234fcda22d759ddb20e27269ee7f7fe67898a9de721bfa02ab0becaa046d00ea16cb1afc4e2eab40d0ac17121c565686e5cbd0cbdfbd9d6db5c70278b9c9db5a83176d04f61fbfbc4471d721340ede2746e5c312ded4f26787985af92b64fae3f253dbdde97f6a5e1996fd4d865599e32ff76325d3e9abe93184c02988ee89a4504356a4ef3b9b7a57cbb9637ca90af34a7676b9ef559325c3cca4e29d69fec1887f5440bb101361d744ad292a8547f22b4f22b419a42aa836169b89190f46d9560824cb2ac6e8771de8223216a5e647e132ab9eebcba89569ab339cb1c3d70fe806b31f4f4c600b4103b8d7583ebff16e43dcda551e6530f975122eb8b29" - -const verifiedSignatureEncryptedMessageHex = "c2b304000108000605026048f6d600210910a34d7e18c20c31bb1621045fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb9a3b0400a32ddac1af259c1b0abab0041327ea04970944401978fb647dd1cf9aba4f164e43f0d8a9389501886474bdd4a6e77f6aea945c07dfbf87743835b44cc2c39a1f9aeecfa83135abc92e18e50396f2e6a06c44e0188b0081effbfb4160d28f118d4ff73dd199a102e47cffd8c7ff2bacd83ae72b5820c021a486766dd587b5da61" - -const unverifiedSignatureEncryptedMessageHex = "c2b304000108000605026048f6d600210910a34d7e18c20c31bb1621045fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb9a3b0400a32ddac1af259c1b0abab0041327ea04970944401978fb647dd1cf9aba4f164e43f0d8a9389501886474bdd4a6e77f6aea945c07dfbf87743835b44cc2c39a1f9aeecfa83135abc92e18e50396f2e6a06c44e0188b0081effbfb4160d28f118d4ff73dd199a102e47cffd8c7ff2bacd83ae72b5820c021a486766dd587b5da61" - -const signedEncryptedMessage2Hex = "85010e03cf6a7abcd43e36731003fb057f5495b79db367e277cdbe4ab90d924ddee0c0381494112ff8c1238fb0184af35d1731573b01bc4c55ecacd2aafbe2003d36310487d1ecc9ac994f3fada7f9f7f5c3a64248ab7782906c82c6ff1303b69a84d9a9529c31ecafbcdb9ba87e05439897d87e8a2a3dec55e14df19bba7f7bd316291c002ae2efd24f83f9e3441203fc081c0c23dc3092a454ca8a082b27f631abf73aca341686982e8fbda7e0e7d863941d68f3de4a755c2964407f4b5e0477b3196b8c93d551dd23c8beef7d0f03fbb1b6066f78907faf4bf1677d8fcec72651124080e0b7feae6b476e72ab207d38d90b958759fdedfc3c6c35717c9dbfc979b3cfbbff0a76d24a5e57056bb88acbd2a901ef64bc6e4db02adc05b6250ff378de81dca18c1910ab257dff1b9771b85bb9bbe0a69f5989e6d1710a35e6dfcceb7d8fb5ccea8db3932b3d9ff3fe0d327597c68b3622aec8e3716c83a6c93f497543b459b58ba504ed6bcaa747d37d2ca746fe49ae0a6ce4a8b694234e941b5159ff8bd34b9023da2814076163b86f40eed7c9472f81b551452d5ab87004a373c0172ec87ea6ce42ccfa7dbdad66b745496c4873d8019e8c28d6b3" - -const signatureEncryptedMessage2Hex = "c24604001102000605024dfd0166000a091033af447ccd759b09bae600a096ec5e63ecf0a403085e10f75cc3bab327663282009f51fad9df457ed8d2b70d8a73c76e0443eac0f377" - -const symmetricallyEncryptedCompressedHex = "c32e040903085a357c1a7b5614ed00cc0d1d92f428162058b3f558a0fb0980d221ebac6c97d5eda4e0fe32f6e706e94dd263012d6ca1ef8c4bbd324098225e603a10c85ebf09cbf7b5aeeb5ce46381a52edc51038b76a8454483be74e6dcd1e50d5689a8ae7eceaeefed98a0023d49b22eb1f65c2aa1ef1783bb5e1995713b0457102ec3c3075fe871267ffa4b686ad5d52000d857" - -const dsaTestKeyHex = "9901a2044d6c49de110400cb5ce438cf9250907ac2ba5bf6547931270b89f7c4b53d9d09f4d0213a5ef2ec1f26806d3d259960f872a4a102ef1581ea3f6d6882d15134f21ef6a84de933cc34c47cc9106efe3bd84c6aec12e78523661e29bc1a61f0aab17fa58a627fd5fd33f5149153fbe8cd70edf3d963bc287ef875270ff14b5bfdd1bca4483793923b00a0fe46d76cb6e4cbdc568435cd5480af3266d610d303fe33ae8273f30a96d4d34f42fa28ce1112d425b2e3bf7ea553d526e2db6b9255e9dc7419045ce817214d1a0056dbc8d5289956a4b1b69f20f1105124096e6a438f41f2e2495923b0f34b70642607d45559595c7fe94d7fa85fc41bf7d68c1fd509ebeaa5f315f6059a446b9369c277597e4f474a9591535354c7e7f4fd98a08aa60400b130c24ff20bdfbf683313f5daebf1c9b34b3bdadfc77f2ddd72ee1fb17e56c473664bc21d66467655dd74b9005e3a2bacce446f1920cd7017231ae447b67036c9b431b8179deacd5120262d894c26bc015bffe3d827ba7087ad9b700d2ca1f6d16cc1786581e5dd065f293c31209300f9b0afcc3f7c08dd26d0a22d87580b4db41054657374204b65792033202844534129886204131102002205024d6c49de021b03060b090807030206150802090a0b0416020301021e01021780000a0910338934250ccc03607e0400a0bdb9193e8a6b96fc2dfc108ae848914b504481f100a09c4dc148cb693293a67af24dd40d2b13a9e36794" - -const dsaTestKeyPrivateHex = "9501bb044d6c49de110400cb5ce438cf9250907ac2ba5bf6547931270b89f7c4b53d9d09f4d0213a5ef2ec1f26806d3d259960f872a4a102ef1581ea3f6d6882d15134f21ef6a84de933cc34c47cc9106efe3bd84c6aec12e78523661e29bc1a61f0aab17fa58a627fd5fd33f5149153fbe8cd70edf3d963bc287ef875270ff14b5bfdd1bca4483793923b00a0fe46d76cb6e4cbdc568435cd5480af3266d610d303fe33ae8273f30a96d4d34f42fa28ce1112d425b2e3bf7ea553d526e2db6b9255e9dc7419045ce817214d1a0056dbc8d5289956a4b1b69f20f1105124096e6a438f41f2e2495923b0f34b70642607d45559595c7fe94d7fa85fc41bf7d68c1fd509ebeaa5f315f6059a446b9369c277597e4f474a9591535354c7e7f4fd98a08aa60400b130c24ff20bdfbf683313f5daebf1c9b34b3bdadfc77f2ddd72ee1fb17e56c473664bc21d66467655dd74b9005e3a2bacce446f1920cd7017231ae447b67036c9b431b8179deacd5120262d894c26bc015bffe3d827ba7087ad9b700d2ca1f6d16cc1786581e5dd065f293c31209300f9b0afcc3f7c08dd26d0a22d87580b4d00009f592e0619d823953577d4503061706843317e4fee083db41054657374204b65792033202844534129886204131102002205024d6c49de021b03060b090807030206150802090a0b0416020301021e01021780000a0910338934250ccc03607e0400a0bdb9193e8a6b96fc2dfc108ae848914b504481f100a09c4dc148cb693293a67af24dd40d2b13a9e36794" - -const p256TestKeyHex = "98520456e5b83813082a8648ce3d030107020304a2072cd6d21321266c758cc5b83fab0510f751cb8d91897cddb7047d8d6f185546e2107111b0a95cb8ef063c33245502af7a65f004d5919d93ee74eb71a66253b424502d3235362054657374204b6579203c696e76616c6964406578616d706c652e636f6d3e8879041313080021050256e5b838021b03050b09080702061508090a0b020416020301021e01021780000a0910d44a2c495918513e54e50100dfa64f97d9b47766fc1943c6314ba3f2b2a103d71ad286dc5b1efb96a345b0c80100dbc8150b54241f559da6ef4baacea6d31902b4f4b1bdc09b34bf0502334b7754b8560456e5b83812082a8648ce3d030107020304bfe3cea9cee13486f8d518aa487fecab451f25467d2bf08e58f63e5fa525d5482133e6a79299c274b068ef0be448152ad65cf11cf764348588ca4f6a0bcf22b6030108078861041813080009050256e5b838021b0c000a0910d44a2c495918513e4a4800ff49d589fa64024ad30be363a032e3a0e0e6f5db56ba4c73db850518bf0121b8f20100fd78e065f4c70ea5be9df319ea67e493b936fc78da834a71828043d3154af56e" - -const p256TestKeyPrivateHex = "94a50456e5b83813082a8648ce3d030107020304a2072cd6d21321266c758cc5b83fab0510f751cb8d91897cddb7047d8d6f185546e2107111b0a95cb8ef063c33245502af7a65f004d5919d93ee74eb71a66253fe070302f0c2bfb0b6c30f87ee1599472b8636477eab23ced13b271886a4b50ed34c9d8436af5af5b8f88921f0efba6ef8c37c459bbb88bc1c6a13bbd25c4ce9b1e97679569ee77645d469bf4b43de637f5561b424502d3235362054657374204b6579203c696e76616c6964406578616d706c652e636f6d3e8879041313080021050256e5b838021b03050b09080702061508090a0b020416020301021e01021780000a0910d44a2c495918513e54e50100dfa64f97d9b47766fc1943c6314ba3f2b2a103d71ad286dc5b1efb96a345b0c80100dbc8150b54241f559da6ef4baacea6d31902b4f4b1bdc09b34bf0502334b77549ca90456e5b83812082a8648ce3d030107020304bfe3cea9cee13486f8d518aa487fecab451f25467d2bf08e58f63e5fa525d5482133e6a79299c274b068ef0be448152ad65cf11cf764348588ca4f6a0bcf22b603010807fe0703027510012471a603cfee2968dce19f732721ddf03e966fd133b4e3c7a685b788705cbc46fb026dc94724b830c9edbaecd2fb2c662f23169516cacd1fe423f0475c364ecc10abcabcfd4bbbda1a36a1bd8861041813080009050256e5b838021b0c000a0910d44a2c495918513e4a4800ff49d589fa64024ad30be363a032e3a0e0e6f5db56ba4c73db850518bf0121b8f20100fd78e065f4c70ea5be9df319ea67e493b936fc78da834a71828043d3154af56e" - -const armoredPrivateKeyBlock = `-----BEGIN PGP PRIVATE KEY BLOCK----- -Version: GnuPG v1.4.10 (GNU/Linux) - -lQHYBE2rFNoBBADFwqWQIW/DSqcB4yCQqnAFTJ27qS5AnB46ccAdw3u4Greeu3Bp -idpoHdjULy7zSKlwR1EA873dO/k/e11Ml3dlAFUinWeejWaK2ugFP6JjiieSsrKn -vWNicdCS4HTWn0X4sjl0ZiAygw6GNhqEQ3cpLeL0g8E9hnYzJKQ0LWJa0QARAQAB -AAP/TB81EIo2VYNmTq0pK1ZXwUpxCrvAAIG3hwKjEzHcbQznsjNvPUihZ+NZQ6+X -0HCfPAdPkGDCLCb6NavcSW+iNnLTrdDnSI6+3BbIONqWWdRDYJhqZCkqmG6zqSfL -IdkJgCw94taUg5BWP/AAeQrhzjChvpMQTVKQL5mnuZbUCeMCAN5qrYMP2S9iKdnk -VANIFj7656ARKt/nf4CBzxcpHTyB8+d2CtPDKCmlJP6vL8t58Jmih+kHJMvC0dzn -gr5f5+sCAOOe5gt9e0am7AvQWhdbHVfJU0TQJx+m2OiCJAqGTB1nvtBLHdJnfdC9 -TnXXQ6ZXibqLyBies/xeY2sCKL5qtTMCAKnX9+9d/5yQxRyrQUHt1NYhaXZnJbHx -q4ytu0eWz+5i68IYUSK69jJ1NWPM0T6SkqpB3KCAIv68VFm9PxqG1KmhSrQIVGVz -dCBLZXmIuAQTAQIAIgUCTasU2gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA -CgkQO9o98PRieSoLhgQAkLEZex02Qt7vGhZzMwuN0R22w3VwyYyjBx+fM3JFETy1 -ut4xcLJoJfIaF5ZS38UplgakHG0FQ+b49i8dMij0aZmDqGxrew1m4kBfjXw9B/v+ -eIqpODryb6cOSwyQFH0lQkXC040pjq9YqDsO5w0WYNXYKDnzRV0p4H1pweo2VDid -AdgETasU2gEEAN46UPeWRqKHvA99arOxee38fBt2CI08iiWyI8T3J6ivtFGixSqV -bRcPxYO/qLpVe5l84Nb3X71GfVXlc9hyv7CD6tcowL59hg1E/DC5ydI8K8iEpUmK -/UnHdIY5h8/kqgGxkY/T/hgp5fRQgW1ZoZxLajVlMRZ8W4tFtT0DeA+JABEBAAEA -A/0bE1jaaZKj6ndqcw86jd+QtD1SF+Cf21CWRNeLKnUds4FRRvclzTyUMuWPkUeX -TaNNsUOFqBsf6QQ2oHUBBK4VCHffHCW4ZEX2cd6umz7mpHW6XzN4DECEzOVksXtc -lUC1j4UB91DC/RNQqwX1IV2QLSwssVotPMPqhOi0ZLNY7wIA3n7DWKInxYZZ4K+6 -rQ+POsz6brEoRHwr8x6XlHenq1Oki855pSa1yXIARoTrSJkBtn5oI+f8AzrnN0BN -oyeQAwIA/7E++3HDi5aweWrViiul9cd3rcsS0dEnksPhvS0ozCJiHsq/6GFmy7J8 -QSHZPteedBnZyNp5jR+H7cIfVN3KgwH/Skq4PsuPhDq5TKK6i8Pc1WW8MA6DXTdU -nLkX7RGmMwjC0DBf7KWAlPjFaONAX3a8ndnz//fy1q7u2l9AZwrj1qa1iJ8EGAEC -AAkFAk2rFNoCGwwACgkQO9o98PRieSo2/QP/WTzr4ioINVsvN1akKuekmEMI3LAp -BfHwatufxxP1U+3Si/6YIk7kuPB9Hs+pRqCXzbvPRrI8NHZBmc8qIGthishdCYad -AHcVnXjtxrULkQFGbGvhKURLvS9WnzD/m1K2zzwxzkPTzT9/Yf06O6Mal5AdugPL -VrM0m72/jnpKo04= -=zNCn ------END PGP PRIVATE KEY BLOCK-----` - -const e2ePublicKey = `-----BEGIN PGP PUBLIC KEY BLOCK----- -Charset: UTF-8 - -xv8AAABSBAAAAAATCCqGSM49AwEHAgME1LRoXSpOxtHXDUdmuvzchyg6005qIBJ4 -sfaSxX7QgH9RV2ONUhC+WiayCNADq+UMzuR/vunSr4aQffXvuGnR383/AAAAFDxk -Z2lsQHlhaG9vLWluYy5jb20+wv8AAACGBBATCAA4/wAAAAWCVGvAG/8AAAACiwn/ -AAAACZC2VkQCOjdvYf8AAAAFlQgJCgv/AAAAA5YBAv8AAAACngEAAE1BAP0X8veD -24IjmI5/C6ZAfVNXxgZZFhTAACFX75jUA3oD6AEAzoSwKf1aqH6oq62qhCN/pekX -+WAsVMBhNwzLpqtCRjLO/wAAAFYEAAAAABIIKoZIzj0DAQcCAwT50ain7vXiIRv8 -B1DO3x3cE/aattZ5sHNixJzRCXi2vQIA5QmOxZ6b5jjUekNbdHG3SZi1a2Ak5mfX -fRxC/5VGAwEIB8L/AAAAZQQYEwgAGP8AAAAFglRrwBz/AAAACZC2VkQCOjdvYQAA -FJAA9isX3xtGyMLYwp2F3nXm7QEdY5bq5VUcD/RJlj792VwA/1wH0pCzVLl4Q9F9 -ex7En5r7rHR5xwX82Msc+Rq9dSyO -=7MrZ ------END PGP PUBLIC KEY BLOCK-----` - -const dsaKeyWithSHA512 = `9901a2044f04b07f110400db244efecc7316553ee08d179972aab87bb1214de7692593fcf5b6feb1c80fba268722dd464748539b85b81d574cd2d7ad0ca2444de4d849b8756bad7768c486c83a824f9bba4af773d11742bdfb4ac3b89ef8cc9452d4aad31a37e4b630d33927bff68e879284a1672659b8b298222fc68f370f3e24dccacc4a862442b9438b00a0ea444a24088dc23e26df7daf8f43cba3bffc4fe703fe3d6cd7fdca199d54ed8ae501c30e3ec7871ea9cdd4cf63cfe6fc82281d70a5b8bb493f922cd99fba5f088935596af087c8d818d5ec4d0b9afa7f070b3d7c1dd32a84fca08d8280b4890c8da1dde334de8e3cad8450eed2a4a4fcc2db7b8e5528b869a74a7f0189e11ef097ef1253582348de072bb07a9fa8ab838e993cef0ee203ff49298723e2d1f549b00559f886cd417a41692ce58d0ac1307dc71d85a8af21b0cf6eaa14baf2922d3a70389bedf17cc514ba0febbd107675a372fe84b90162a9e88b14d4b1c6be855b96b33fb198c46f058568817780435b6936167ebb3724b680f32bf27382ada2e37a879b3d9de2abe0c3f399350afd1ad438883f4791e2e3b4184453412068617368207472756e636174696f6e207465737488620413110a002205024f04b07f021b03060b090807030206150802090a0b0416020301021e01021780000a0910ef20e0cefca131581318009e2bf3bf047a44d75a9bacd00161ee04d435522397009a03a60d51bd8a568c6c021c8d7cf1be8d990d6417b0020003` - -const unknownHashFunctionHex = `8a00000040040001990006050253863c24000a09103b4fe6acc0b21f32ffff0101010101010101010101010101010101010101010101010101010101010101010101010101` - -const rsaSignatureBadMPIlength = `8a00000040040001030006050253863c24000a09103b4fe6acc0b21f32ffff0101010101010101010101010101010101010101010101010101010101010101010101010101` - -const missingHashFunctionHex = `8a00000040040001030006050253863c24000a09103b4fe6acc0b21f32ffff0101010101010101010101010101010101010101010101010101010101010101010101010101` - -const campbellQuine = `a0b001000300fcffa0b001000d00f2ff000300fcffa0b001000d00f2ff8270a01c00000500faff8270a01c00000500faff000500faff001400ebff8270a01c00000500faff000500faff001400ebff428821c400001400ebff428821c400001400ebff428821c400001400ebff428821c400001400ebff428821c400000000ffff000000ffff000b00f4ff428821c400000000ffff000000ffff000b00f4ff0233214c40000100feff000233214c40000100feff0000` - -const keyV4forVerifyingSignedMessageV3 = `-----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: GPGTools - https://gpgtools.org - -mI0EVfxoFQEEAMBIqmbDfYygcvP6Phr1wr1XI41IF7Qixqybs/foBF8qqblD9gIY -BKpXjnBOtbkcVOJ0nljd3/sQIfH4E0vQwK5/4YRQSI59eKOqd6Fx+fWQOLG+uu6z -tewpeCj9LLHvibx/Sc7VWRnrznia6ftrXxJ/wHMezSab3tnGC0YPVdGNABEBAAG0 -JEdvY3J5cHRvIFRlc3QgS2V5IDx0aGVtYXhAZ21haWwuY29tPoi5BBMBCgAjBQJV -/GgVAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQeXnQmhdGW9PFVAP+ -K7TU0qX5ArvIONIxh/WAweyOk884c5cE8f+3NOPOOCRGyVy0FId5A7MmD5GOQh4H -JseOZVEVCqlmngEvtHZb3U1VYtVGE5WZ+6rQhGsMcWP5qaT4soYwMBlSYxgYwQcx -YhN9qOr292f9j2Y//TTIJmZT4Oa+lMxhWdqTfX+qMgG4jQRV/GgVAQQArhFSiij1 -b+hT3dnapbEU+23Z1yTu1DfF6zsxQ4XQWEV3eR8v+8mEDDNcz8oyyF56k6UQ3rXi -UMTIwRDg4V6SbZmaFbZYCOwp/EmXJ3rfhm7z7yzXj2OFN22luuqbyVhuL7LRdB0M -pxgmjXb4tTvfgKd26x34S+QqUJ7W6uprY4sAEQEAAYifBBgBCgAJBQJV/GgVAhsM -AAoJEHl50JoXRlvT7y8D/02ckx4OMkKBZo7viyrBw0MLG92i+DC2bs35PooHR6zz -786mitjOp5z2QWNLBvxC70S0qVfCIz8jKupO1J6rq6Z8CcbLF3qjm6h1omUBf8Nd -EfXKD2/2HV6zMKVknnKzIEzauh+eCKS2CeJUSSSryap/QLVAjRnckaES/OsEWhNB -=RZia ------END PGP PUBLIC KEY BLOCK----- -` - -const signedMessageV3 = `-----BEGIN PGP MESSAGE----- -Comment: GPGTools - https://gpgtools.org - -owGbwMvMwMVYWXlhlrhb9GXG03JJDKF/MtxDMjKLFYAoUaEktbhEITe1uDgxPVWP -q5NhKjMrWAVcC9evD8z/bF/uWNjqtk/X3y5/38XGRQHm/57rrDRYuGnTw597Xqka -uM3137/hH3Os+Jf2dc0fXOITKwJvXJvecPVs0ta+Vg7ZO1MLn8w58Xx+6L58mbka -DGHyU9yTueZE8D+QF/Tz28Y78dqtF56R1VPn9Xw4uJqrWYdd7b3vIZ1V6R4Nh05d -iT57d/OhWwA= -=hG7R ------END PGP MESSAGE----- -` - -// https://mailarchive.ietf.org/arch/msg/openpgp/9SheW_LENE0Kxf7haNllovPyAdY/ -const v5PrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -lGEFXJH05BYAAAAtCSsGAQQB2kcPAQEHQFhZlVcVVtwf+21xNQPX+ecMJJBL0MPd -fj75iux+my8QAAAAAAAiAQCHZ1SnSUmWqxEsoI6facIVZQu6mph3cBFzzTvcm5lA -Ng5ctBhlbW1hLmdvbGRtYW5AZXhhbXBsZS5uZXSIlgUTFggASCIhBRk0e8mHJGQC -X5nfPsLgAA7ZiEiS4fez6kyUAJFZVptUBQJckfTkAhsDBQsJCAcCAyICAQYVCgkI -CwIEFgIDAQIeBwIXgAAA9cAA/jiR3yMsZMeEQ40u6uzEoXa6UXeV/S3wwJAXRJy9 -M8s0AP9vuL/7AyTfFXwwzSjDnYmzS0qAhbLDQ643N+MXGBJ2BZxmBVyR9OQSAAAA -MgorBgEEAZdVAQUBAQdA+nysrzml2UCweAqtpDuncSPlvrcBWKU0yfU0YvYWWAoD -AQgHAAAAAAAiAP9OdAPppjU1WwpqjIItkxr+VPQRT8Zm/Riw7U3F6v3OiBFHiHoF -GBYIACwiIQUZNHvJhyRkAl+Z3z7C4AAO2YhIkuH3s+pMlACRWVabVAUCXJH05AIb -DAAAOSQBAP4BOOIR/sGLNMOfeb5fPs/02QMieoiSjIBnijhob2U5AQC+RtOHCHx7 -TcIYl5/Uyoi+FOvPLcNw4hOv2nwUzSSVAw== -=IiS2 ------END PGP PRIVATE KEY BLOCK-----` - -// See OpenPGP crypto refresh Section A.3. -const v6PrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -xUsGY4d/4xsAAAAg+U2nu0jWCmHlZ3BqZYfQMxmZu52JGggkLq2EVD34laMAGXKB -exK+cH6NX1hs5hNhIB00TrJmosgv3mg1ditlsLfCsQYfGwoAAABCBYJjh3/jAwsJ -BwUVCg4IDAIWAAKbAwIeCSIhBssYbE8GCaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce6 -2azJBScJAgcCAAAAAK0oIBA+LX0ifsDm185Ecds2v8lwgyU2kCcUmKfvBXbAf6rh -RYWzuQOwEn7E/aLwIwRaLsdry0+VcallHhSu4RN6HWaEQsiPlR4zxP/TP7mhfVEe -7XWPxtnMUMtf15OyA51YBMdLBmOHf+MZAAAAIIaTJINn+eUBXbki+PSAld2nhJh/ -LVmFsS+60WyvXkQ1AE1gCk95TUR3XFeibg/u/tVY6a//1q0NWC1X+yui3O24wpsG -GBsKAAAALAWCY4d/4wKbDCIhBssYbE8GCaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce6 -2azJAAAAAAQBIKbpGG2dWTX8j+VjFM21J0hqWlEg+bdiojWnKfA5AQpWUWtnNwDE -M0g12vYxoWM8Y81W+bHBw805I8kWVkXU6vFOi+HWvv/ira7ofJu16NnoUkhclkUr -k0mXubZvyl4GBg== ------END PGP PRIVATE KEY BLOCK-----` - -// See OpenPGP crypto refresh merge request: -// https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/304 -const v6PrivKeyMsg = `-----BEGIN PGP MESSAGE----- - -wV0GIQYSyD8ecG9jCP4VGkF3Q6HwM3kOk+mXhIjR2zeNqZMIhRmHzxjV8bU/gXzO -WgBM85PMiVi93AZfJfhK9QmxfdNnZBjeo1VDeVZheQHgaVf7yopqR6W1FT6NOrfS -aQIHAgZhZBZTW+CwcW1g4FKlbExAf56zaw76/prQoN+bAzxpohup69LA7JW/Vp0l -yZnuSj3hcFj0DfqLTGgr4/u717J+sPWbtQBfgMfG9AOIwwrUBqsFE9zW+f1zdlYo -bhF30A+IitsxxA== ------END PGP MESSAGE-----` - -// See OpenPGP crypto refresh merge request: -// https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/305 -const v6PrivKeyInlineSignMsg = `-----BEGIN PGP MESSAGE----- - -wV0GIQYSyD8ecG9jCP4VGkF3Q6HwM3kOk+mXhIjR2zeNqZMIhRmHzxjV8bU/gXzO -WgBM85PMiVi93AZfJfhK9QmxfdNnZBjeo1VDeVZheQHgaVf7yopqR6W1FT6NOrfS -aQIHAgZhZBZTW+CwcW1g4FKlbExAf56zaw76/prQoN+bAzxpohup69LA7JW/Vp0l -yZnuSj3hcFj0DfqLTGgr4/u717J+sPWbtQBfgMfG9AOIwwrUBqsFE9zW+f1zdlYo -bhF30A+IitsxxA== ------END PGP MESSAGE-----` - -// See https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/274 -// decryption password: "correct horse battery staple" -const v6ArgonSealedPrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -xYIGY4d/4xsAAAAg+U2nu0jWCmHlZ3BqZYfQMxmZu52JGggkLq2EVD34laP9JgkC -FARdb9ccngltHraRe25uHuyuAQQVtKipJ0+r5jL4dacGWSAheCWPpITYiyfyIOPS -3gIDyg8f7strd1OB4+LZsUhcIjOMpVHgmiY/IutJkulneoBYwrEGHxsKAAAAQgWC -Y4d/4wMLCQcFFQoOCAwCFgACmwMCHgkiIQbLGGxPBgmml+TVLfpscisMHx4nwYpW -cI9lJewnutmsyQUnCQIHAgAAAACtKCAQPi19In7A5tfORHHbNr/JcIMlNpAnFJin -7wV2wH+q4UWFs7kDsBJ+xP2i8CMEWi7Ha8tPlXGpZR4UruETeh1mhELIj5UeM8T/ -0z+5oX1RHu11j8bZzFDLX9eTsgOdWATHggZjh3/jGQAAACCGkySDZ/nlAV25Ivj0 -gJXdp4SYfy1ZhbEvutFsr15ENf0mCQIUBA5hhGgp2oaavg6mFUXcFMwBBBUuE8qf -9Ock+xwusd+GAglBr5LVyr/lup3xxQvHXFSjjA2haXfoN6xUGRdDEHI6+uevKjVR -v5oAxgu7eJpaXNjCmwYYGwoAAAAsBYJjh3/jApsMIiEGyxhsTwYJppfk1S36bHIr -DB8eJ8GKVnCPZSXsJ7rZrMkAAAAABAEgpukYbZ1ZNfyP5WMUzbUnSGpaUSD5t2Ki -Nacp8DkBClZRa2c3AMQzSDXa9jGhYzxjzVb5scHDzTkjyRZWRdTq8U6L4da+/+Kt -ruh8m7Xo2ehSSFyWRSuTSZe5tm/KXgYG ------END PGP PRIVATE KEY BLOCK-----` - -const v4Key25519 = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -xUkEZB3qzRto01j2k2pwN5ux9w70stPinAdXULLr20CRW7U7h2GSeACch0M+ -qzQg8yjFQ8VBvu3uwgKH9senoHmj72lLSCLTmhFKzQR0ZXN0wogEEBsIAD4F -gmQd6s0ECwkHCAmQIf45+TuC+xMDFQgKBBYAAgECGQECmwMCHgEWIQSWEzMi -jJUHvyIbVKIh/jn5O4L7EwAAUhaHNlgudvxARdPPETUzVgjuWi+YIz8w1xIb -lHQMvIrbe2sGCQIethpWofd0x7DHuv/ciHg+EoxJ/Td6h4pWtIoKx0kEZB3q -zRm4CyA7quliq7yx08AoOqHTuuCgvpkSdEhpp3pEyejQOgBo0p6ywIiLPllY -0t+jpNspHpAGfXID6oqjpYuJw3AfVRBlwnQEGBsIACoFgmQd6s0JkCH+Ofk7 -gvsTApsMFiEElhMzIoyVB78iG1SiIf45+TuC+xMAAGgQuN9G73446ykvJ/mL -sCZ7zGFId2gBd1EnG0FTC4npfOKpck0X8dngByrCxU8LDSfvjsEp/xDAiKsQ -aU71tdtNBQ== -=e7jT ------END PGP PRIVATE KEY BLOCK-----` - -const keyWithExpiredCrossSig = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv -/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz -/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/ -5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3 -X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv -9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0 -qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb -SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb -vLIwa3T4CyshfT0AEQEAAc0hQm9iIEJhYmJhZ2UgPGJvYkBvcGVucGdwLmV4YW1w -bGU+wsEABBMBCgATBYJeO2eVAgsJAxUICgKbAQIeAQAhCRD7/MgqAV5zMBYhBNGm -bhojsYLJmA94jPv8yCoBXnMwKWUMAJ3FKZfJ2mXvh+GFqgymvK4NoKkDRPB0CbUN -aDdG7ZOizQrWXo7Da2MYIZ6eZUDqBKLdhZ5gZfVnisDfu/yeCgpENaKib1MPHpA8 -nZQjnPejbBDomNqY8HRzr5jvXNlwywBpjWGtegCKUY9xbSynjbfzIlMrWL4S+Rfl -+bOOQKRyYJWXmECmVyqY8cz2VUYmETjNcwC8VCDUxQnhtcCJ7Aej22hfYwVEPb/J -BsJBPq8WECCiGfJ9Y2y6TF+62KzG9Kfs5hqUeHhQy8V4TSi479ewwL7DH86XmIIK -chSANBS+7iyMtctjNZfmF9zYdGJFvjI/mbBR/lK66E515Inuf75XnL8hqlXuwqvG -ni+i03Aet1DzULZEIio4uIU6ioc1lGO9h7K2Xn4S7QQH1QoISNMWqXibUR0RCGjw -FsEDTt2QwJl8XXxoJCooM7BCcCQo+rMNVUHDjIwrdoQjPld3YZsUQQRcqH6bLuln -cfn5ufl8zTGWKydoj/iTz8KcjZ7w187AzQRdpZzyAQwA1jC/XGxjK6ddgrRfW9j+ -s/U00++EvIsgTs2kr3Rg0GP7FLWV0YNtR1mpl55/bEl7yAxCDTkOgPUMXcaKlnQh -6zrlt6H53mF6Bvs3inOHQvOsGtU0dqvb1vkTF0juLiJgPlM7pWv+pNQ6IA39vKoQ -sTMBv4v5vYNXP9GgKbg8inUNT17BxzZYHfw5+q63ectgDm2on1e8CIRCZ76oBVwz -dkVxoy3gjh1eENlk2D4P0uJNZzF1Q8GV67yLANGMCDICE/OkWn6daipYDzW4iJQt -YPUWP4hWhjdm+CK+hg6IQUEn2Vtvi16D2blRP8BpUNNa4fNuylWVuJV76rIHvsLZ -1pbM3LHpRgE8s6jivS3Rz3WRs0TmWCNnvHPqWizQ3VTy+r3UQVJ5AmhJDrZdZq9i -aUIuZ01PoE1+CHiJwuxPtWvVAxf2POcm1M/F1fK1J0e+lKlQuyonTXqXR22Y41wr -fP2aPk3nPSTW2DUAf3vRMZg57ZpRxLEhEMxcM4/LMR+PABEBAAHCwrIEGAEKAAkF -gl8sAVYCmwIB3QkQ+/zIKgFeczDA+qAEGQEKAAwFgl47Z5UFgwB4TOAAIQkQfC+q -Tfk8N7IWIQQd3OFfCSF87i87N2B8L6pN+Tw3st58C/0exp0X2U4LqicSHEOSqHZj -jiysdqIELHGyo5DSPv92UFPp36aqjF9OFgtNNwSa56fmAVCD4+hor/fKARRIeIjF -qdIC5Y/9a4B10NQFJa5lsvB38x/d39LI2kEoglZnqWgdJskROo3vNQF4KlIcm6FH -dn4WI8UkC5oUUcrpZVMSKoacIaxLwqnXT42nIVgYYuqrd/ZagZZjG5WlrTOd5+NI -zi/l0fWProcPHGLjmAh4Thu8i7omtVw1nQaMnq9I77ffg3cPDgXknYrLL+q8xXh/ -0mEJyIhnmPwllWCSZuLv9DrD5pOexFfdlwXhf6cLzNpW6QhXD/Tf5KrqIPr9aOv8 -9xaEEXWh0vEby2kIsI2++ft+vfdIyxYw/wKqx0awTSnuBV1rG3z1dswX4BfoY66x -Bz3KOVqlz9+mG/FTRQwrgPvR+qgLCHbuotxoGN7fzW+PI75hQG5JQAqhsC9sHjQH -UrI21/VUNwzfw3v5pYsWuFb5bdQ3ASJetICQiMy7IW8WIQTRpm4aI7GCyZgPeIz7 -/MgqAV5zMG6/C/wLpPl/9e6Hf5wmXIUwpZNQbNZvpiCcyx9sXsHXaycOQVxn3McZ -nYOUP9/mobl1tIeDQyTNbkxWjU0zzJl8XQsDZerb5098pg+x7oGIL7M1vn5s5JMl -owROourqF88JEtOBxLMxlAM7X4hB48xKQ3Hu9hS1GdnqLKki4MqRGl4l5FUwyGOM -GjyS3TzkfiDJNwQxybQiC9n57ij20ieNyLfuWCMLcNNnZUgZtnF6wCctoq/0ZIWu -a7nvuA/XC2WW9YjEJJiWdy5109pqac+qWiY11HWy/nms4gpMdxVpT0RhrKGWq4o0 -M5q3ZElOoeN70UO3OSbU5EVrG7gB1GuwF9mTHUVlV0veSTw0axkta3FGT//XfSpD -lRrCkyLzwq0M+UUHQAuYpAfobDlDdnxxOD2jm5GyTzak3GSVFfjW09QFVO6HlGp5 -01/jtzkUiS6nwoHHkfnyn0beZuR8X6KlcrzLB0VFgQFLmkSM9cSOgYhD0PTu9aHb -hW1Hj9AO8lzggBQ= -=Nt+N ------END PGP PUBLIC KEY BLOCK----- -` - -const sigFromKeyWithExpiredCrossSig = `-----BEGIN PGP SIGNATURE----- - -wsDzBAABCgAGBYJfLAFsACEJEHwvqk35PDeyFiEEHdzhXwkhfO4vOzdgfC+qTfk8 -N7KiqwwAts4QGB7v9bABCC2qkTxJhmStC0wQMcHRcjL/qAiVnmasQWmvE9KVsdm3 -AaXd8mIx4a37/RRvr9dYrY2eE4uw72cMqPxNja2tvVXkHQvk1oEUqfkvbXs4ypKI -NyeTWjXNOTZEbg0hbm3nMy+Wv7zgB1CEvAsEboLDJlhGqPcD+X8a6CJGrBGUBUrv -KVmZr3U6vEzClz3DBLpoddCQseJRhT4YM1nKmBlZ5quh2LFgTSpajv5OsZheqt9y -EZAPbqmLhDmWRQwGzkWHKceKS7nZ/ox2WK6OS7Ob8ZGZkM64iPo6/EGj5Yc19vQN -AGiIaPEGszBBWlOpHTPhNm0LB0nMWqqaT87oNYwP8CQuuxDb6rKJ2lffCmZH27Lb -UbQZcH8J+0UhpeaiadPZxH5ATJAcenmVtVVMLVOFnm+eIlxzov9ntpgGYt8hLdXB -ITEG9mMgp3TGS9ZzSifMZ8UGtHdp9QdBg8NEVPFzDOMGxpc/Bftav7RRRuPiAER+ -7A5CBid5 -=aQkm ------END PGP SIGNATURE----- -` - -const signedMessageWithCriticalNotation = `-----BEGIN PGP MESSAGE----- - -owGbwMvMwMH4oOW7S46CznTG09xJDDE3Wl1KUotLuDousDAwcjBYiSmyXL+48d6x -U1PSGUxcj8IUszKBVMpMaWAAAgEGZpAeh9SKxNyCnFS95PzcytRiBi5OAZjyXXzM -f8WYLqv7TXP61Sa4rqT12CI3xaN73YS2pt089f96odCKaEPnWJ3iSGmzJaW/ug10 -2Zo8Wj2k4s7t8wt4H3HtTu+y5UZfV3VOO+l//sdE/o+Lsub8FZH7/eOq7OnbNp4n -vwjE8mqJXetNMfj8r2SCyvkEnlVRYR+/mnge+ib56FdJ8uKtqSxyvgA= -=fRXs ------END PGP MESSAGE-----` - -const criticalNotationSigner = `-----BEGIN PGP PUBLIC KEY BLOCK----- - -mI0EUmEvTgEEANyWtQQMOybQ9JltDqmaX0WnNPJeLILIM36sw6zL0nfTQ5zXSS3+ -fIF6P29lJFxpblWk02PSID5zX/DYU9/zjM2xPO8Oa4xo0cVTOTLj++Ri5mtr//f5 -GLsIXxFrBJhD/ghFsL3Op0GXOeLJ9A5bsOn8th7x6JucNKuaRB6bQbSPABEBAAG0 -JFRlc3QgTWNUZXN0aW5ndG9uIDx0ZXN0QGV4YW1wbGUuY29tPoi5BBMBAgAjBQJS -YS9OAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQSmNhOk1uQJQwDAP6 -AgrTyqkRlJVqz2pb46TfbDM2TDF7o9CBnBzIGoxBhlRwpqALz7z2kxBDmwpQa+ki -Bq3jZN/UosY9y8bhwMAlnrDY9jP1gdCo+H0sD48CdXybblNwaYpwqC8VSpDdTndf -9j2wE/weihGp/DAdy/2kyBCaiOY1sjhUfJ1GogF49rC4jQRSYS9OAQQA6R/PtBFa -JaT4jq10yqASk4sqwVMsc6HcifM5lSdxzExFP74naUMMyEsKHP53QxTF0Grqusag -Qg/ZtgT0CN1HUM152y7ACOdp1giKjpMzOTQClqCoclyvWOFB+L/SwGEIJf7LSCEr -woBuJifJc8xAVr0XX0JthoW+uP91eTQ3XpsAEQEAAYkBPQQYAQIACQUCUmEvTgIb -LgCoCRBKY2E6TW5AlJ0gBBkBAgAGBQJSYS9OAAoJEOCE90RsICyXuqIEANmmiRCA -SF7YK7PvFkieJNwzeK0V3F2lGX+uu6Y3Q/Zxdtwc4xR+me/CSBmsURyXTO29OWhP -GLszPH9zSJU9BdDi6v0yNprmFPX/1Ng0Abn/sCkwetvjxC1YIvTLFwtUL/7v6NS2 -bZpsUxRTg9+cSrMWWSNjiY9qUKajm1tuzPDZXAUEAMNmAN3xXN/Kjyvj2OK2ck0X -W748sl/tc3qiKPMJ+0AkMF7Pjhmh9nxqE9+QCEl7qinFqqBLjuzgUhBU4QlwX1GD -AtNTq6ihLMD5v1d82ZC7tNatdlDMGWnIdvEMCv2GZcuIqDQ9rXWs49e7tq1NncLY -hz3tYjKhoFTKEIq3y3Pp -=h/aX ------END PGP PUBLIC KEY BLOCK-----` - -const keyv5Test = `-----BEGIN PGP PRIVATE KEY BLOCK----- -Comment: Bob's OpenPGP Transferable Secret Key - -lQVYBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv -/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz -/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/ -5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3 -X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv -9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0 -qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb -SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb -vLIwa3T4CyshfT0AEQEAAQAL/RZqbJW2IqQDCnJi4Ozm++gPqBPiX1RhTWSjwxfM -cJKUZfzLj414rMKm6Jh1cwwGY9jekROhB9WmwaaKT8HtcIgrZNAlYzANGRCM4TLK -3VskxfSwKKna8l+s+mZglqbAjUg3wmFuf9Tj2xcUZYmyRm1DEmcN2ZzpvRtHgX7z -Wn1mAKUlSDJZSQks0zjuMNbupcpyJokdlkUg2+wBznBOTKzgMxVNC9b2g5/tMPUs -hGGWmF1UH+7AHMTaS6dlmr2ZBIyogdnfUqdNg5sZwsxSNrbglKP4sqe7X61uEAIQ -bD7rT3LonLbhkrj3I8wilUD8usIwt5IecoHhd9HziqZjRCc1BUBkboUEoyedbDV4 -i4qfsFZ6CEWoLuD5pW7dEp0M+WeuHXO164Rc+LnH6i1VQrpb1Okl4qO6ejIpIjBI -1t3GshtUu/mwGBBxs60KBX5g77mFQ9lLCRj8lSYqOsHRKBhUp4qM869VA+fD0BRP -fqPT0I9IH4Oa/A3jYJcg622GwQYA1LhnP208Waf6PkQSJ6kyr8ymY1yVh9VBE/g6 -fRDYA+pkqKnw9wfH2Qho3ysAA+OmVOX8Hldg+Pc0Zs0e5pCavb0En8iFLvTA0Q2E -LR5rLue9uD7aFuKFU/VdcddY9Ww/vo4k5p/tVGp7F8RYCFn9rSjIWbfvvZi1q5Tx -+akoZbga+4qQ4WYzB/obdX6SCmi6BndcQ1QdjCCQU6gpYx0MddVERbIp9+2SXDyL -hpxjSyz+RGsZi/9UAshT4txP4+MZBgDfK3ZqtW+h2/eMRxkANqOJpxSjMyLO/FXN -WxzTDYeWtHNYiAlOwlQZEPOydZFty9IVzzNFQCIUCGjQ/nNyhw7adSgUk3+BXEx/ -MyJPYY0BYuhLxLYcrfQ9nrhaVKxRJj25SVHj2ASsiwGJRZW4CC3uw40OYxfKEvNC -mer/VxM3kg8qqGf9KUzJ1dVdAvjyx2Hz6jY2qWCyRQ6IMjWHyd43C4r3jxooYKUC -YnstRQyb/gCSKahveSEjo07CiXMr88UGALwzEr3npFAsPW3osGaFLj49y1oRe11E -he9gCHFm+fuzbXrWmdPjYU5/ZdqdojzDqfu4ThfnipknpVUM1o6MQqkjM896FHm8 -zbKVFSMhEP6DPHSCexMFrrSgN03PdwHTO6iBaIBBFqmGY01tmJ03SxvSpiBPON9P -NVvy/6UZFedTq8A07OUAxO62YUSNtT5pmK2vzs3SAZJmbFbMh+NN204TRI72GlqT -t5hcfkuv8hrmwPS/ZR6q312mKQ6w/1pqO9qitCFCb2IgQmFiYmFnZSA8Ym9iQG9w -ZW5wZ3AuZXhhbXBsZT6JAc4EEwEKADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC -F4AWIQTRpm4aI7GCyZgPeIz7/MgqAV5zMAUCXaWe+gAKCRD7/MgqAV5zMG9sC/9U -2T3RrqEbw533FPNfEflhEVRIZ8gDXKM8hU6cqqEzCmzZT6xYTe6sv4y+PJBGXJFX -yhj0g6FDkSyboM5litOcTupURObVqMgA/Y4UKERznm4fzzH9qek85c4ljtLyNufe -doL2pp3vkGtn7eD0QFRaLLmnxPKQ/TlZKdLE1G3u8Uot8QHicaR6GnAdc5UXQJE3 -BiV7jZuDyWmZ1cUNwJkKL6oRtp+ZNDOQCrLNLecKHcgCqrpjSQG5oouba1I1Q6Vl -sP44dhA1nkmLHtxlTOzpeHj4jnk1FaXmyasurrrI5CgU/L2Oi39DGKTH/A/cywDN -4ZplIQ9zR8enkbXquUZvFDe+Xz+6xRXtb5MwQyWODB3nHw85HocLwRoIN9WdQEI+ -L8a/56AuOwhs8llkSuiITjR7r9SgKJC2WlAHl7E8lhJ3VDW3ELC56KH308d6mwOG -ZRAqIAKzM1T5FGjMBhq7ZV0eqdEntBh3EcOIfj2M8rg1MzJv+0mHZOIjByawikad -BVgEXaWc8gEMANYwv1xsYyunXYK0X1vY/rP1NNPvhLyLIE7NpK90YNBj+xS1ldGD -bUdZqZeef2xJe8gMQg05DoD1DF3GipZ0Ies65beh+d5hegb7N4pzh0LzrBrVNHar -29b5ExdI7i4iYD5TO6Vr/qTUOiAN/byqELEzAb+L+b2DVz/RoCm4PIp1DU9ewcc2 -WB38Ofqut3nLYA5tqJ9XvAiEQme+qAVcM3ZFcaMt4I4dXhDZZNg+D9LiTWcxdUPB -leu8iwDRjAgyAhPzpFp+nWoqWA81uIiULWD1Fj+IVoY3ZvgivoYOiEFBJ9lbb4te -g9m5UT/AaVDTWuHzbspVlbiVe+qyB77C2daWzNyx6UYBPLOo4r0t0c91kbNE5lgj -Z7xz6los0N1U8vq91EFSeQJoSQ62XWavYmlCLmdNT6BNfgh4icLsT7Vr1QMX9jzn -JtTPxdXytSdHvpSpULsqJ016l0dtmONcK3z9mj5N5z0k1tg1AH970TGYOe2aUcSx -IRDMXDOPyzEfjwARAQABAAv9F2CwsjS+Sjh1M1vegJbZjei4gF1HHpEM0K0PSXsp -SfVvpR4AoSJ4He6CXSMWg0ot8XKtDuZoV9jnJaES5UL9pMAD7JwIOqZm/DYVJM5h -OASCh1c356/wSbFbzRHPtUdZO9Q30WFNJM5pHbCJPjtNoRmRGkf71RxtvHBzy7np -Ga+W6U/NVKHw0i0CYwMI0YlKDakYW3Pm+QL+gHZFvngGweTod0f9l2VLLAmeQR/c -+EZs7lNumhuZ8mXcwhUc9JQIhOkpO+wreDysEFkAcsKbkQP3UDUsA1gFx9pbMzT0 -tr1oZq2a4QBtxShHzP/ph7KLpN+6qtjks3xB/yjTgaGmtrwM8tSe0wD1RwXS+/1o -BHpXTnQ7TfeOGUAu4KCoOQLv6ELpKWbRBLWuiPwMdbGpvVFALO8+kvKAg9/r+/ny -zM2GQHY+J3Jh5JxPiJnHfXNZjIKLbFbIPdSKNyJBuazXW8xIa//mEHMI5OcvsZBK -clAIp7LXzjEjKXIwHwDcTn9pBgDpdOKTHOtJ3JUKx0rWVsDH6wq6iKV/FTVSY5jl -zN+puOEsskF1Lfxn9JsJihAVO3yNsp6RvkKtyNlFazaCVKtDAmkjoh60XNxcNRqr -gCnwdpbgdHP6v/hvZY54ZaJjz6L2e8unNEkYLxDt8cmAyGPgH2XgL7giHIp9jrsQ -aS381gnYwNX6wE1aEikgtY91nqJjwPlibF9avSyYQoMtEqM/1UjTjB2KdD/MitK5 -fP0VpvuXpNYZedmyq4UOMwdkiNMGAOrfmOeT0olgLrTMT5H97Cn3Yxbk13uXHNu/ -ZUZZNe8s+QtuLfUlKAJtLEUutN33TlWQY522FV0m17S+b80xJib3yZVJteVurrh5 -HSWHAM+zghQAvCesg5CLXa2dNMkTCmZKgCBvfDLZuZbjFwnwCI6u/NhOY9egKuUf -SA/je/RXaT8m5VxLYMxwqQXKApzD87fv0tLPlVIEvjEsaf992tFEFSNPcG1l/jpd -5AVXw6kKuf85UkJtYR1x2MkQDrqY1QX/XMw00kt8y9kMZUre19aCArcmor+hDhRJ -E3Gt4QJrD9z/bICESw4b4z2DbgD/Xz9IXsA/r9cKiM1h5QMtXvuhyfVeM01enhxM -GbOH3gjqqGNKysx0UODGEwr6AV9hAd8RWXMchJLaExK9J5SRawSg671ObAU24SdY -vMQ9Z4kAQ2+1ReUZzf3ogSMRZtMT+d18gT6L90/y+APZIaoArLPhebIAGq39HLmJ -26x3z0WAgrpA1kNsjXEXkoiZGPLKIGoe3hqJAbYEGAEKACAWIQTRpm4aI7GCyZgP -eIz7/MgqAV5zMAUCXaWc8gIbDAAKCRD7/MgqAV5zMOn/C/9ugt+HZIwX308zI+QX -c5vDLReuzmJ3ieE0DMO/uNSC+K1XEioSIZP91HeZJ2kbT9nn9fuReuoff0T0Dief -rbwcIQQHFFkrqSp1K3VWmUGp2JrUsXFVdjy/fkBIjTd7c5boWljv/6wAsSfiv2V0 -JSM8EFU6TYXxswGjFVfc6X97tJNeIrXL+mpSmPPqy2bztcCCHkWS5lNLWQw+R7Vg -71Fe6yBSNVrqC2/imYG2J9zlowjx1XU63Wdgqp2Wxt0l8OmsB/W80S1fRF5G4SDH -s9HXglXXqPsBRZJYfP+VStm9L5P/sKjCcX6WtZR7yS6G8zj/X767MLK/djANvpPd -NVniEke6hM3CNBXYPAMhQBMWhCulcoz+0lxi8L34rMN+Dsbma96psdUrn7uLaB91 -6we0CTfF8qqm7BsVAgalon/UUiuMY80U3ueoj3okiSTiHIjD/YtpXSPioC8nMng7 -xqAY9Bwizt4FWgXuLm1a4+So4V9j1TRCXd12Uc2l2RNmgDE= -=miES ------END PGP PRIVATE KEY BLOCK----- -` - -const certv5Test = `-----BEGIN PGP PRIVATE KEY BLOCK----- - -lGEFXJH05BYAAAAtCSsGAQQB2kcPAQEHQFhZlVcVVtwf+21xNQPX+ecMJJBL0MPd -fj75iux+my8QAAAAAAAiAQCHZ1SnSUmWqxEsoI6facIVZQu6mph3cBFzzTvcm5lA -Ng5ctBhlbW1hLmdvbGRtYW5AZXhhbXBsZS5uZXSIlgUTFggASCIhBRk0e8mHJGQC -X5nfPsLgAA7ZiEiS4fez6kyUAJFZVptUBQJckfTkAhsDBQsJCAcCAyICAQYVCgkI -CwIEFgIDAQIeBwIXgAAA9cAA/jiR3yMsZMeEQ40u6uzEoXa6UXeV/S3wwJAXRJy9 -M8s0AP9vuL/7AyTfFXwwzSjDnYmzS0qAhbLDQ643N+MXGBJ2BZxmBVyR9OQSAAAA -MgorBgEEAZdVAQUBAQdA+nysrzml2UCweAqtpDuncSPlvrcBWKU0yfU0YvYWWAoD -AQgHAAAAAAAiAP9OdAPppjU1WwpqjIItkxr+VPQRT8Zm/Riw7U3F6v3OiBFHiHoF -GBYIACwiIQUZNHvJhyRkAl+Z3z7C4AAO2YhIkuH3s+pMlACRWVabVAUCXJH05AIb -DAAAOSQBAP4BOOIR/sGLNMOfeb5fPs/02QMieoiSjIBnijhob2U5AQC+RtOHCHx7 -TcIYl5/Uyoi+FOvPLcNw4hOv2nwUzSSVAw== -=IiS2 ------END PGP PRIVATE KEY BLOCK----- -` - -const msgv5Test = `-----BEGIN PGP MESSAGE----- - -wcDMA3wvqk35PDeyAQv+PcQiLsoYTH30nJYQh3j3cJaO2+jErtVCrIQRIU0+ -rmgMddERYST4A9mA0DQIiTI4FQ0Lp440D3BWCgpq3LlNWewGzduaWwym5rN6 -cwHz5ccDqOcqbd9X0GXXGy/ZH/ljSgzuVMIytMAXKdF/vrRrVgH/+I7cxvm9 -HwnhjMN5dF0j4aEt996H2T7cbtzSr2GN9SWGW8Gyu7I8Zx73hgrGUI7gDiJB -Afaff+P6hfkkHSGOItr94dde8J/7AUF4VEwwxdVVPvsNEFyvv6gRIbYtOCa2 -6RE6h1V/QTxW2O7zZgzWALrE2ui0oaYr9QuqQSssd9CdgExLfdPbI+3/ZAnE -v31Idzpk3/6ILiakYHtXkElPXvf46mCNpobty8ysT34irF+fy3C1p3oGwAsx -5VDV9OSFU6z5U+UPbSPYAy9rkc5ZssuIKxCER2oTvZ2L8Q5cfUvEUiJtRGGn -CJlHrVDdp3FssKv2tlKgLkvxJLyoOjuEkj44H1qRk+D02FzmmUT/0sAHAYYx -lTir6mjHeLpcGjn4waUuWIAJyph8SxUexP60bic0L0NBa6Qp5SxxijKsPIDb -FPHxWwfJSDZRrgUyYT7089YFB/ZM4FHyH9TZcnxn0f0xIB7NS6YNDsxzN2zT -EVEYf+De4qT/dQTsdww78Chtcv9JY9r2kDm77dk2MUGHL2j7n8jasbLtgA7h -pn2DMIWLrGamMLWRmlwslolKr1sMV5x8w+5Ias6C33iBMl9phkg42an0gYmc -byVJHvLO/XErtC+GNIJeMg== -=liRq ------END PGP MESSAGE----- -` diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go deleted file mode 100644 index 6871b84fc9..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go +++ /dev/null @@ -1,436 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package s2k implements the various OpenPGP string-to-key transforms as -// specified in RFC 4800 section 3.7.1, and Argon2 specified in -// draft-ietf-openpgp-crypto-refresh-08 section 3.7.1.4. -package s2k // import "github.com/ProtonMail/go-crypto/openpgp/s2k" - -import ( - "crypto" - "hash" - "io" - "strconv" - - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "golang.org/x/crypto/argon2" -) - -type Mode uint8 - -// Defines the default S2KMode constants -// -// 0 (simple), 1(salted), 3(iterated), 4(argon2) -const ( - SimpleS2K Mode = 0 - SaltedS2K Mode = 1 - IteratedSaltedS2K Mode = 3 - Argon2S2K Mode = 4 - GnuS2K Mode = 101 -) - -const Argon2SaltSize int = 16 - -// Params contains all the parameters of the s2k packet -type Params struct { - // mode is the mode of s2k function. - // It can be 0 (simple), 1(salted), 3(iterated) - // 2(reserved) 100-110(private/experimental). - mode Mode - // hashId is the ID of the hash function used in any of the modes - hashId byte - // salt is a byte array to use as a salt in hashing process or argon2 - saltBytes [Argon2SaltSize]byte - // countByte is used to determine how many rounds of hashing are to - // be performed in s2k mode 3. See RFC 4880 Section 3.7.1.3. - countByte byte - // passes is a parameter in Argon2 to determine the number of iterations - // See RFC the crypto refresh Section 3.7.1.4. - passes byte - // parallelism is a parameter in Argon2 to determine the degree of paralellism - // See RFC the crypto refresh Section 3.7.1.4. - parallelism byte - // memoryExp is a parameter in Argon2 to determine the memory usage - // i.e., 2 ** memoryExp kibibytes - // See RFC the crypto refresh Section 3.7.1.4. - memoryExp byte -} - -// encodeCount converts an iterative "count" in the range 1024 to -// 65011712, inclusive, to an encoded count. The return value is the -// octet that is actually stored in the GPG file. encodeCount panics -// if i is not in the above range (encodedCount above takes care to -// pass i in the correct range). See RFC 4880 Section 3.7.7.1. -func encodeCount(i int) uint8 { - if i < 65536 || i > 65011712 { - panic("count arg i outside the required range") - } - - for encoded := 96; encoded < 256; encoded++ { - count := decodeCount(uint8(encoded)) - if count >= i { - return uint8(encoded) - } - } - - return 255 -} - -// decodeCount returns the s2k mode 3 iterative "count" corresponding to -// the encoded octet c. -func decodeCount(c uint8) int { - return (16 + int(c&15)) << (uint32(c>>4) + 6) -} - -// encodeMemory converts the Argon2 "memory" in the range parallelism*8 to -// 2**31, inclusive, to an encoded memory. The return value is the -// octet that is actually stored in the GPG file. encodeMemory panics -// if is not in the above range -// See OpenPGP crypto refresh Section 3.7.1.4. -func encodeMemory(memory uint32, parallelism uint8) uint8 { - if memory < (8*uint32(parallelism)) || memory > uint32(2147483648) { - panic("Memory argument memory is outside the required range") - } - - for exp := 3; exp < 31; exp++ { - compare := decodeMemory(uint8(exp)) - if compare >= memory { - return uint8(exp) - } - } - - return 31 -} - -// decodeMemory computes the decoded memory in kibibytes as 2**memoryExponent -func decodeMemory(memoryExponent uint8) uint32 { - return uint32(1) << memoryExponent -} - -// Simple writes to out the result of computing the Simple S2K function (RFC -// 4880, section 3.7.1.1) using the given hash and input passphrase. -func Simple(out []byte, h hash.Hash, in []byte) { - Salted(out, h, in, nil) -} - -var zero [1]byte - -// Salted writes to out the result of computing the Salted S2K function (RFC -// 4880, section 3.7.1.2) using the given hash, input passphrase and salt. -func Salted(out []byte, h hash.Hash, in []byte, salt []byte) { - done := 0 - var digest []byte - - for i := 0; done < len(out); i++ { - h.Reset() - for j := 0; j < i; j++ { - h.Write(zero[:]) - } - h.Write(salt) - h.Write(in) - digest = h.Sum(digest[:0]) - n := copy(out[done:], digest) - done += n - } -} - -// Iterated writes to out the result of computing the Iterated and Salted S2K -// function (RFC 4880, section 3.7.1.3) using the given hash, input passphrase, -// salt and iteration count. -func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) { - combined := make([]byte, len(in)+len(salt)) - copy(combined, salt) - copy(combined[len(salt):], in) - - if count < len(combined) { - count = len(combined) - } - - done := 0 - var digest []byte - for i := 0; done < len(out); i++ { - h.Reset() - for j := 0; j < i; j++ { - h.Write(zero[:]) - } - written := 0 - for written < count { - if written+len(combined) > count { - todo := count - written - h.Write(combined[:todo]) - written = count - } else { - h.Write(combined) - written += len(combined) - } - } - digest = h.Sum(digest[:0]) - n := copy(out[done:], digest) - done += n - } -} - -// Argon2 writes to out the key derived from the password (in) with the Argon2 -// function (the crypto refresh, section 3.7.1.4) -func Argon2(out []byte, in []byte, salt []byte, passes uint8, paralellism uint8, memoryExp uint8) { - key := argon2.IDKey(in, salt, uint32(passes), decodeMemory(memoryExp), paralellism, uint32(len(out))) - copy(out[:], key) -} - -// Generate generates valid parameters from given configuration. -// It will enforce the Iterated and Salted or Argon2 S2K method. -func Generate(rand io.Reader, c *Config) (*Params, error) { - var params *Params - if c != nil && c.Mode() == Argon2S2K { - // handle Argon2 case - argonConfig := c.Argon2() - params = &Params{ - mode: Argon2S2K, - passes: argonConfig.Passes(), - parallelism: argonConfig.Parallelism(), - memoryExp: argonConfig.EncodedMemory(), - } - } else if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy - hashId, ok := algorithm.HashToHashId(c.hash()) - if !ok { - return nil, errors.UnsupportedError("no such hash") - } - - params = &Params{ - mode: SaltedS2K, - hashId: hashId, - } - } else { // Enforce IteratedSaltedS2K method otherwise - hashId, ok := algorithm.HashToHashId(c.hash()) - if !ok { - return nil, errors.UnsupportedError("no such hash") - } - if c != nil { - c.S2KMode = IteratedSaltedS2K - } - params = &Params{ - mode: IteratedSaltedS2K, - hashId: hashId, - countByte: c.EncodedCount(), - } - } - if _, err := io.ReadFull(rand, params.salt()); err != nil { - return nil, err - } - return params, nil -} - -// Parse reads a binary specification for a string-to-key transformation from r -// and returns a function which performs that transform. If the S2K is a special -// GNU extension that indicates that the private key is missing, then the error -// returned is errors.ErrDummyPrivateKey. -func Parse(r io.Reader) (f func(out, in []byte), err error) { - params, err := ParseIntoParams(r) - if err != nil { - return nil, err - } - - return params.Function() -} - -// ParseIntoParams reads a binary specification for a string-to-key -// transformation from r and returns a struct describing the s2k parameters. -func ParseIntoParams(r io.Reader) (params *Params, err error) { - var buf [Argon2SaltSize + 3]byte - - _, err = io.ReadFull(r, buf[:1]) - if err != nil { - return - } - - params = &Params{ - mode: Mode(buf[0]), - } - - switch params.mode { - case SimpleS2K: - _, err = io.ReadFull(r, buf[:1]) - if err != nil { - return nil, err - } - params.hashId = buf[0] - return params, nil - case SaltedS2K: - _, err = io.ReadFull(r, buf[:9]) - if err != nil { - return nil, err - } - params.hashId = buf[0] - copy(params.salt(), buf[1:9]) - return params, nil - case IteratedSaltedS2K: - _, err = io.ReadFull(r, buf[:10]) - if err != nil { - return nil, err - } - params.hashId = buf[0] - copy(params.salt(), buf[1:9]) - params.countByte = buf[9] - return params, nil - case Argon2S2K: - _, err = io.ReadFull(r, buf[:Argon2SaltSize+3]) - if err != nil { - return nil, err - } - copy(params.salt(), buf[:Argon2SaltSize]) - params.passes = buf[Argon2SaltSize] - params.parallelism = buf[Argon2SaltSize+1] - params.memoryExp = buf[Argon2SaltSize+2] - if err := validateArgon2Params(params); err != nil { - return nil, err - } - return params, nil - case GnuS2K: - // This is a GNU extension. See - // https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109 - if _, err = io.ReadFull(r, buf[:5]); err != nil { - return nil, err - } - params.hashId = buf[0] - if buf[1] == 'G' && buf[2] == 'N' && buf[3] == 'U' && buf[4] == 1 { - return params, nil - } - return nil, errors.UnsupportedError("GNU S2K extension") - } - - return nil, errors.UnsupportedError("S2K function") -} - -func (params *Params) Mode() Mode { - return params.mode -} - -func (params *Params) Dummy() bool { - return params != nil && params.mode == GnuS2K -} - -func (params *Params) salt() []byte { - switch params.mode { - case SaltedS2K, IteratedSaltedS2K: - return params.saltBytes[:8] - case Argon2S2K: - return params.saltBytes[:Argon2SaltSize] - default: - return nil - } -} - -func (params *Params) Function() (f func(out, in []byte), err error) { - if params.Dummy() { - return nil, errors.ErrDummyPrivateKey("dummy key found") - } - var hashObj crypto.Hash - if params.mode != Argon2S2K { - var ok bool - hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId) - if !ok { - return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId))) - } - if !hashObj.Available() { - return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj))) - } - } - - switch params.mode { - case SimpleS2K: - f := func(out, in []byte) { - Simple(out, hashObj.New(), in) - } - - return f, nil - case SaltedS2K: - f := func(out, in []byte) { - Salted(out, hashObj.New(), in, params.salt()) - } - - return f, nil - case IteratedSaltedS2K: - f := func(out, in []byte) { - Iterated(out, hashObj.New(), in, params.salt(), decodeCount(params.countByte)) - } - - return f, nil - case Argon2S2K: - f := func(out, in []byte) { - Argon2(out, in, params.salt(), params.passes, params.parallelism, params.memoryExp) - } - return f, nil - } - - return nil, errors.UnsupportedError("S2K function") -} - -func (params *Params) Serialize(w io.Writer) (err error) { - if _, err = w.Write([]byte{uint8(params.mode)}); err != nil { - return - } - if params.mode != Argon2S2K { - if _, err = w.Write([]byte{params.hashId}); err != nil { - return - } - } - if params.Dummy() { - _, err = w.Write(append([]byte("GNU"), 1)) - return - } - if params.mode > 0 { - if _, err = w.Write(params.salt()); err != nil { - return - } - if params.mode == IteratedSaltedS2K { - _, err = w.Write([]byte{params.countByte}) - } - if params.mode == Argon2S2K { - _, err = w.Write([]byte{params.passes, params.parallelism, params.memoryExp}) - } - } - return -} - -// Serialize salts and stretches the given passphrase and writes the -// resulting key into key. It also serializes an S2K descriptor to -// w. The key stretching can be configured with c, which may be -// nil. In that case, sensible defaults will be used. -func Serialize(w io.Writer, key []byte, rand io.Reader, passphrase []byte, c *Config) error { - params, err := Generate(rand, c) - if err != nil { - return err - } - err = params.Serialize(w) - if err != nil { - return err - } - - f, err := params.Function() - if err != nil { - return err - } - f(key, passphrase) - return nil -} - -// validateArgon2Params checks that the argon2 parameters are valid according to RFC9580. -func validateArgon2Params(params *Params) error { - // The number of passes t and the degree of parallelism p MUST be non-zero. - if params.parallelism == 0 { - return errors.StructuralError("invalid argon2 params: parallelism is 0") - } - if params.passes == 0 { - return errors.StructuralError("invalid argon2 params: iterations is 0") - } - - // The encoded memory size MUST be a value from 3+ceil(log2(p)) to 31, - // such that the decoded memory size m is a value from 8*p to 2^31. - if params.memoryExp > 31 || decodeMemory(params.memoryExp) < 8*uint32(params.parallelism) { - return errors.StructuralError("invalid argon2 params: memory is out of bounds") - } - - return nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go deleted file mode 100644 index 616e0d12c6..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go +++ /dev/null @@ -1,26 +0,0 @@ -package s2k - -// Cache stores keys derived with s2k functions from one passphrase -// to avoid recomputation if multiple items are encrypted with -// the same parameters. -type Cache map[Params][]byte - -// GetOrComputeDerivedKey tries to retrieve the key -// for the given s2k parameters from the cache. -// If there is no hit, it derives the key with the s2k function from the passphrase, -// updates the cache, and returns the key. -func (c *Cache) GetOrComputeDerivedKey(passphrase []byte, params *Params, expectedKeySize int) ([]byte, error) { - key, found := (*c)[*params] - if !found || len(key) != expectedKeySize { - var err error - derivedKey := make([]byte, expectedKeySize) - s2k, err := params.Function() - if err != nil { - return nil, err - } - s2k(derivedKey, passphrase) - (*c)[*params] = key - return derivedKey, nil - } - return key, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go deleted file mode 100644 index b93db1ab85..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go +++ /dev/null @@ -1,129 +0,0 @@ -package s2k - -import "crypto" - -// Config collects configuration parameters for s2k key-stretching -// transformations. A nil *Config is valid and results in all default -// values. -type Config struct { - // S2K (String to Key) mode, used for key derivation in the context of secret key encryption - // and passphrase-encrypted data. Either s2k.Argon2S2K or s2k.IteratedSaltedS2K may be used. - // If the passphrase is a high-entropy key, indicated by setting PassphraseIsHighEntropy to true, - // s2k.SaltedS2K can also be used. - // Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it - //(pending standardisation). - // 0 (simple), 1(salted), 3(iterated), 4(argon2) - // 2(reserved) 100-110(private/experimental). - S2KMode Mode - // Only relevant if S2KMode is not set to s2k.Argon2S2K. - // Hash is the default hash function to be used. If - // nil, SHA256 is used. - Hash crypto.Hash - // Argon2 parameters for S2K (String to Key). - // Only relevant if S2KMode is set to s2k.Argon2S2K. - // If nil, default parameters are used. - // For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4. - Argon2Config *Argon2Config - // Only relevant if S2KMode is set to s2k.IteratedSaltedS2K. - // Iteration count for Iterated S2K (String to Key). It - // determines the strength of the passphrase stretching when - // the said passphrase is hashed to produce a key. S2KCount - // should be between 65536 and 65011712, inclusive. If Config - // is nil or S2KCount is 0, the value 16777216 used. Not all - // values in the above range can be represented. S2KCount will - // be rounded up to the next representable value if it cannot - // be encoded exactly. When set, it is strongly encrouraged to - // use a value that is at least 65536. See RFC 4880 Section - // 3.7.1.3. - S2KCount int - // Indicates whether the passphrase passed by the application is a - // high-entropy key (e.g. it's randomly generated or derived from - // another passphrase using a strong key derivation function). - // When true, allows the S2KMode to be s2k.SaltedS2K. - // When the passphrase is not a high-entropy key, using SaltedS2K is - // insecure, and not allowed by draft-ietf-openpgp-crypto-refresh-08. - PassphraseIsHighEntropy bool -} - -// Argon2Config stores the Argon2 parameters -// A nil *Argon2Config is valid and results in all default -type Argon2Config struct { - NumberOfPasses uint8 - DegreeOfParallelism uint8 - // Memory specifies the desired Argon2 memory usage in kibibytes. - // For example memory=64*1024 sets the memory cost to ~64 MB. - Memory uint32 -} - -func (c *Config) Mode() Mode { - if c == nil { - return IteratedSaltedS2K - } - return c.S2KMode -} - -func (c *Config) hash() crypto.Hash { - if c == nil || uint(c.Hash) == 0 { - return crypto.SHA256 - } - - return c.Hash -} - -func (c *Config) Argon2() *Argon2Config { - if c == nil || c.Argon2Config == nil { - return nil - } - return c.Argon2Config -} - -// EncodedCount get encoded count -func (c *Config) EncodedCount() uint8 { - if c == nil || c.S2KCount == 0 { - return 224 // The common case. Corresponding to 16777216 - } - - i := c.S2KCount - - switch { - case i < 65536: - i = 65536 - case i > 65011712: - i = 65011712 - } - - return encodeCount(i) -} - -func (c *Argon2Config) Passes() uint8 { - if c == nil || c.NumberOfPasses == 0 { - return 3 - } - return c.NumberOfPasses -} - -func (c *Argon2Config) Parallelism() uint8 { - if c == nil || c.DegreeOfParallelism == 0 { - return 4 - } - return c.DegreeOfParallelism -} - -func (c *Argon2Config) EncodedMemory() uint8 { - if c == nil || c.Memory == 0 { - return 16 // 64 MiB of RAM - } - - memory := c.Memory - lowerBound := uint32(c.Parallelism()) * 8 - upperBound := uint32(2147483648) - - switch { - case memory < lowerBound: - memory = lowerBound - case memory > upperBound: - memory = upperBound - } - - return encodeMemory(memory, c.Parallelism()) -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go deleted file mode 100644 index b0f6ef7b09..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go +++ /dev/null @@ -1,620 +0,0 @@ -// Copyright 2011 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package openpgp - -import ( - "crypto" - "hash" - "io" - "strconv" - "time" - - "github.com/ProtonMail/go-crypto/openpgp/armor" - "github.com/ProtonMail/go-crypto/openpgp/errors" - "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm" - "github.com/ProtonMail/go-crypto/openpgp/packet" -) - -// DetachSign signs message with the private key from signer (which must -// already have been decrypted) and writes the signature to w. -// If config is nil, sensible defaults will be used. -func DetachSign(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error { - return detachSign(w, signer, message, packet.SigTypeBinary, config) -} - -// ArmoredDetachSign signs message with the private key from signer (which -// must already have been decrypted) and writes an armored signature to w. -// If config is nil, sensible defaults will be used. -func ArmoredDetachSign(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) (err error) { - return armoredDetachSign(w, signer, message, packet.SigTypeBinary, config) -} - -// DetachSignText signs message (after canonicalising the line endings) with -// the private key from signer (which must already have been decrypted) and -// writes the signature to w. -// If config is nil, sensible defaults will be used. -func DetachSignText(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error { - return detachSign(w, signer, message, packet.SigTypeText, config) -} - -// ArmoredDetachSignText signs message (after canonicalising the line endings) -// with the private key from signer (which must already have been decrypted) -// and writes an armored signature to w. -// If config is nil, sensible defaults will be used. -func ArmoredDetachSignText(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error { - return armoredDetachSign(w, signer, message, packet.SigTypeText, config) -} - -func armoredDetachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) { - out, err := armor.Encode(w, SignatureType, nil) - if err != nil { - return - } - err = detachSign(out, signer, message, sigType, config) - if err != nil { - return - } - return out.Close() -} - -func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) { - signingKey, ok := signer.SigningKeyById(config.Now(), config.SigningKey()) - if !ok { - return errors.InvalidArgumentError("no valid signing keys") - } - if signingKey.PrivateKey == nil { - return errors.InvalidArgumentError("signing key doesn't have a private key") - } - if signingKey.PrivateKey.Encrypted { - return errors.InvalidArgumentError("signing key is encrypted") - } - if _, ok := algorithm.HashToHashId(config.Hash()); !ok { - return errors.InvalidArgumentError("invalid hash function") - } - - sig := createSignaturePacket(signingKey.PublicKey, sigType, config) - - h, err := sig.PrepareSign(config) - if err != nil { - return - } - wrappedHash, err := wrapHashForSignature(h, sig.SigType) - if err != nil { - return - } - if _, err = io.Copy(wrappedHash, message); err != nil { - return err - } - - err = sig.Sign(h, signingKey.PrivateKey, config) - if err != nil { - return - } - - return sig.Serialize(w) -} - -// FileHints contains metadata about encrypted files. This metadata is, itself, -// encrypted. -type FileHints struct { - // IsBinary can be set to hint that the contents are binary data. - IsBinary bool - // FileName hints at the name of the file that should be written. It's - // truncated to 255 bytes if longer. It may be empty to suggest that the - // file should not be written to disk. It may be equal to "_CONSOLE" to - // suggest the data should not be written to disk. - FileName string - // ModTime contains the modification time of the file, or the zero time if not applicable. - ModTime time.Time -} - -// SymmetricallyEncrypt acts like gpg -c: it encrypts a file with a passphrase. -// The resulting WriteCloser must be closed after the contents of the file have -// been written. -// If config is nil, sensible defaults will be used. -func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { - if hints == nil { - hints = &FileHints{} - } - - key, err := packet.SerializeSymmetricKeyEncrypted(ciphertext, passphrase, config) - if err != nil { - return - } - - var w io.WriteCloser - cipherSuite := packet.CipherSuite{ - Cipher: config.Cipher(), - Mode: config.AEAD().Mode(), - } - w, err = packet.SerializeSymmetricallyEncrypted(ciphertext, config.Cipher(), config.AEAD() != nil, cipherSuite, key, config) - if err != nil { - return - } - - literalData := w - if algo := config.Compression(); algo != packet.CompressionNone { - var compConfig *packet.CompressionConfig - if config != nil { - compConfig = config.CompressionConfig - } - literalData, err = packet.SerializeCompressed(w, algo, compConfig) - if err != nil { - return - } - } - - var epochSeconds uint32 - if !hints.ModTime.IsZero() { - epochSeconds = uint32(hints.ModTime.Unix()) - } - return packet.SerializeLiteral(literalData, hints.IsBinary, hints.FileName, epochSeconds) -} - -// intersectPreferences mutates and returns a prefix of a that contains only -// the values in the intersection of a and b. The order of a is preserved. -func intersectPreferences(a []uint8, b []uint8) (intersection []uint8) { - var j int - for _, v := range a { - for _, v2 := range b { - if v == v2 { - a[j] = v - j++ - break - } - } - } - - return a[:j] -} - -// intersectPreferences mutates and returns a prefix of a that contains only -// the values in the intersection of a and b. The order of a is preserved. -func intersectCipherSuites(a [][2]uint8, b [][2]uint8) (intersection [][2]uint8) { - var j int - for _, v := range a { - for _, v2 := range b { - if v[0] == v2[0] && v[1] == v2[1] { - a[j] = v - j++ - break - } - } - } - - return a[:j] -} - -func hashToHashId(h crypto.Hash) uint8 { - v, ok := algorithm.HashToHashId(h) - if !ok { - panic("tried to convert unknown hash") - } - return v -} - -// EncryptText encrypts a message to a number of recipients and, optionally, -// signs it. Optional information is contained in 'hints', also encrypted, that -// aids the recipients in processing the message. The resulting WriteCloser -// must be closed after the contents of the file have been written. If config -// is nil, sensible defaults will be used. The signing is done in text mode. -func EncryptText(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { - return encrypt(ciphertext, ciphertext, to, signed, hints, packet.SigTypeText, config) -} - -// Encrypt encrypts a message to a number of recipients and, optionally, signs -// it. hints contains optional information, that is also encrypted, that aids -// the recipients in processing the message. The resulting WriteCloser must -// be closed after the contents of the file have been written. -// If config is nil, sensible defaults will be used. -func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { - return encrypt(ciphertext, ciphertext, to, signed, hints, packet.SigTypeBinary, config) -} - -// EncryptSplit encrypts a message to a number of recipients and, optionally, signs -// it. hints contains optional information, that is also encrypted, that aids -// the recipients in processing the message. The resulting WriteCloser must -// be closed after the contents of the file have been written. -// If config is nil, sensible defaults will be used. -func EncryptSplit(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { - return encrypt(keyWriter, dataWriter, to, signed, hints, packet.SigTypeBinary, config) -} - -// EncryptTextSplit encrypts a message to a number of recipients and, optionally, signs -// it. hints contains optional information, that is also encrypted, that aids -// the recipients in processing the message. The resulting WriteCloser must -// be closed after the contents of the file have been written. -// If config is nil, sensible defaults will be used. -func EncryptTextSplit(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) { - return encrypt(keyWriter, dataWriter, to, signed, hints, packet.SigTypeText, config) -} - -// writeAndSign writes the data as a payload package and, optionally, signs -// it. hints contains optional information, that is also encrypted, -// that aids the recipients in processing the message. The resulting -// WriteCloser must be closed after the contents of the file have been -// written. If config is nil, sensible defaults will be used. -func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, sigType packet.SignatureType, config *packet.Config) (plaintext io.WriteCloser, err error) { - var signer *packet.PrivateKey - if signed != nil { - signKey, ok := signed.SigningKeyById(config.Now(), config.SigningKey()) - if !ok { - return nil, errors.InvalidArgumentError("no valid signing keys") - } - signer = signKey.PrivateKey - if signer == nil { - return nil, errors.InvalidArgumentError("no private key in signing key") - } - if signer.Encrypted { - return nil, errors.InvalidArgumentError("signing key must be decrypted") - } - } - - var hash crypto.Hash - for _, hashId := range candidateHashes { - if h, ok := algorithm.HashIdToHash(hashId); ok && h.Available() { - hash = h - break - } - } - - // If the hash specified by config is a candidate, we'll use that. - if configuredHash := config.Hash(); configuredHash.Available() { - for _, hashId := range candidateHashes { - if h, ok := algorithm.HashIdToHash(hashId); ok && h == configuredHash { - hash = h - break - } - } - } - - if hash == 0 { - hashId := candidateHashes[0] - name, ok := algorithm.HashIdToString(hashId) - if !ok { - name = "#" + strconv.Itoa(int(hashId)) - } - return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)") - } - - var salt []byte - if signer != nil { - var opsVersion = 3 - if signer.Version == 6 { - opsVersion = signer.Version - } - ops := &packet.OnePassSignature{ - Version: opsVersion, - SigType: sigType, - Hash: hash, - PubKeyAlgo: signer.PubKeyAlgo, - KeyId: signer.KeyId, - IsLast: true, - } - if opsVersion == 6 { - ops.KeyFingerprint = signer.Fingerprint - salt, err = packet.SignatureSaltForHash(hash, config.Random()) - if err != nil { - return nil, err - } - ops.Salt = salt - } - if err := ops.Serialize(payload); err != nil { - return nil, err - } - } - - if hints == nil { - hints = &FileHints{} - } - - w := payload - if signer != nil { - // If we need to write a signature packet after the literal - // data then we need to stop literalData from closing - // encryptedData. - w = noOpCloser{w} - - } - var epochSeconds uint32 - if !hints.ModTime.IsZero() { - epochSeconds = uint32(hints.ModTime.Unix()) - } - literalData, err := packet.SerializeLiteral(w, hints.IsBinary, hints.FileName, epochSeconds) - if err != nil { - return nil, err - } - - if signer != nil { - h, wrappedHash, err := hashForSignature(hash, sigType, salt) - if err != nil { - return nil, err - } - metadata := &packet.LiteralData{ - Format: 'u', - FileName: hints.FileName, - Time: epochSeconds, - } - if hints.IsBinary { - metadata.Format = 'b' - } - return signatureWriter{payload, literalData, hash, wrappedHash, h, salt, signer, sigType, config, metadata}, nil - } - return literalData, nil -} - -// encrypt encrypts a message to a number of recipients and, optionally, signs -// it. hints contains optional information, that is also encrypted, that aids -// the recipients in processing the message. The resulting WriteCloser must -// be closed after the contents of the file have been written. -// If config is nil, sensible defaults will be used. -func encrypt(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, sigType packet.SignatureType, config *packet.Config) (plaintext io.WriteCloser, err error) { - if len(to) == 0 { - return nil, errors.InvalidArgumentError("no encryption recipient provided") - } - - // These are the possible ciphers that we'll use for the message. - candidateCiphers := []uint8{ - uint8(packet.CipherAES256), - uint8(packet.CipherAES128), - } - - // These are the possible hash functions that we'll use for the signature. - candidateHashes := []uint8{ - hashToHashId(crypto.SHA256), - hashToHashId(crypto.SHA384), - hashToHashId(crypto.SHA512), - hashToHashId(crypto.SHA3_256), - hashToHashId(crypto.SHA3_512), - } - - // Prefer GCM if everyone supports it - candidateCipherSuites := [][2]uint8{ - {uint8(packet.CipherAES256), uint8(packet.AEADModeGCM)}, - {uint8(packet.CipherAES256), uint8(packet.AEADModeEAX)}, - {uint8(packet.CipherAES256), uint8(packet.AEADModeOCB)}, - {uint8(packet.CipherAES128), uint8(packet.AEADModeGCM)}, - {uint8(packet.CipherAES128), uint8(packet.AEADModeEAX)}, - {uint8(packet.CipherAES128), uint8(packet.AEADModeOCB)}, - } - - candidateCompression := []uint8{ - uint8(packet.CompressionNone), - uint8(packet.CompressionZIP), - uint8(packet.CompressionZLIB), - } - - encryptKeys := make([]Key, len(to)) - - // AEAD is used only if config enables it and every key supports it - aeadSupported := config.AEAD() != nil - - for i := range to { - var ok bool - encryptKeys[i], ok = to[i].EncryptionKey(config.Now()) - if !ok { - return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no valid encryption keys") - } - - primarySelfSignature, _ := to[i].PrimarySelfSignature() - if primarySelfSignature == nil { - return nil, errors.InvalidArgumentError("entity without a self-signature") - } - - if !primarySelfSignature.SEIPDv2 { - aeadSupported = false - } - - candidateCiphers = intersectPreferences(candidateCiphers, primarySelfSignature.PreferredSymmetric) - candidateHashes = intersectPreferences(candidateHashes, primarySelfSignature.PreferredHash) - candidateCipherSuites = intersectCipherSuites(candidateCipherSuites, primarySelfSignature.PreferredCipherSuites) - candidateCompression = intersectPreferences(candidateCompression, primarySelfSignature.PreferredCompression) - } - - // In the event that the intersection of supported algorithms is empty we use the ones - // labelled as MUST that every implementation supports. - if len(candidateCiphers) == 0 { - // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.3 - candidateCiphers = []uint8{uint8(packet.CipherAES128)} - } - if len(candidateHashes) == 0 { - // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#hash-algos - candidateHashes = []uint8{hashToHashId(crypto.SHA256)} - } - if len(candidateCipherSuites) == 0 { - // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6 - candidateCipherSuites = [][2]uint8{{uint8(packet.CipherAES128), uint8(packet.AEADModeOCB)}} - } - - cipher := packet.CipherFunction(candidateCiphers[0]) - aeadCipherSuite := packet.CipherSuite{ - Cipher: packet.CipherFunction(candidateCipherSuites[0][0]), - Mode: packet.AEADMode(candidateCipherSuites[0][1]), - } - - // If the cipher specified by config is a candidate, we'll use that. - configuredCipher := config.Cipher() - for _, c := range candidateCiphers { - cipherFunc := packet.CipherFunction(c) - if cipherFunc == configuredCipher { - cipher = cipherFunc - break - } - } - - var symKey []byte - if aeadSupported { - symKey = make([]byte, aeadCipherSuite.Cipher.KeySize()) - } else { - symKey = make([]byte, cipher.KeySize()) - } - - if _, err := io.ReadFull(config.Random(), symKey); err != nil { - return nil, err - } - - for _, key := range encryptKeys { - if err := packet.SerializeEncryptedKeyAEAD(keyWriter, key.PublicKey, cipher, aeadSupported, symKey, config); err != nil { - return nil, err - } - } - - var payload io.WriteCloser - payload, err = packet.SerializeSymmetricallyEncrypted(dataWriter, cipher, aeadSupported, aeadCipherSuite, symKey, config) - if err != nil { - return - } - - payload, err = handleCompression(payload, candidateCompression, config) - if err != nil { - return nil, err - } - - return writeAndSign(payload, candidateHashes, signed, hints, sigType, config) -} - -// Sign signs a message. The resulting WriteCloser must be closed after the -// contents of the file have been written. hints contains optional information -// that aids the recipients in processing the message. -// If config is nil, sensible defaults will be used. -func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Config) (input io.WriteCloser, err error) { - if signed == nil { - return nil, errors.InvalidArgumentError("no signer provided") - } - - // These are the possible hash functions that we'll use for the signature. - candidateHashes := []uint8{ - hashToHashId(crypto.SHA256), - hashToHashId(crypto.SHA384), - hashToHashId(crypto.SHA512), - hashToHashId(crypto.SHA3_256), - hashToHashId(crypto.SHA3_512), - } - defaultHashes := candidateHashes[0:1] - primarySelfSignature, _ := signed.PrimarySelfSignature() - if primarySelfSignature == nil { - return nil, errors.StructuralError("signed entity has no self-signature") - } - preferredHashes := primarySelfSignature.PreferredHash - if len(preferredHashes) == 0 { - preferredHashes = defaultHashes - } - candidateHashes = intersectPreferences(candidateHashes, preferredHashes) - if len(candidateHashes) == 0 { - return nil, errors.StructuralError("cannot sign because signing key shares no common algorithms with candidate hashes") - } - - return writeAndSign(noOpCloser{output}, candidateHashes, signed, hints, packet.SigTypeBinary, config) -} - -// signatureWriter hashes the contents of a message while passing it along to -// literalData. When closed, it closes literalData, writes a signature packet -// to encryptedData and then also closes encryptedData. -type signatureWriter struct { - encryptedData io.WriteCloser - literalData io.WriteCloser - hashType crypto.Hash - wrappedHash hash.Hash - h hash.Hash - salt []byte // v6 only - signer *packet.PrivateKey - sigType packet.SignatureType - config *packet.Config - metadata *packet.LiteralData // V5 signatures protect document metadata -} - -func (s signatureWriter) Write(data []byte) (int, error) { - s.wrappedHash.Write(data) - switch s.sigType { - case packet.SigTypeBinary: - return s.literalData.Write(data) - case packet.SigTypeText: - flag := 0 - return writeCanonical(s.literalData, data, &flag) - } - return 0, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(s.sigType))) -} - -func (s signatureWriter) Close() error { - sig := createSignaturePacket(&s.signer.PublicKey, s.sigType, s.config) - sig.Hash = s.hashType - sig.Metadata = s.metadata - - if err := sig.SetSalt(s.salt); err != nil { - return err - } - - if err := sig.Sign(s.h, s.signer, s.config); err != nil { - return err - } - if err := s.literalData.Close(); err != nil { - return err - } - if err := sig.Serialize(s.encryptedData); err != nil { - return err - } - return s.encryptedData.Close() -} - -func createSignaturePacket(signer *packet.PublicKey, sigType packet.SignatureType, config *packet.Config) *packet.Signature { - sigLifetimeSecs := config.SigLifetime() - return &packet.Signature{ - Version: signer.Version, - SigType: sigType, - PubKeyAlgo: signer.PubKeyAlgo, - Hash: config.Hash(), - CreationTime: config.Now(), - IssuerKeyId: &signer.KeyId, - IssuerFingerprint: signer.Fingerprint, - Notations: config.Notations(), - SigLifetimeSecs: &sigLifetimeSecs, - } -} - -// noOpCloser is like an ioutil.NopCloser, but for an io.Writer. -// TODO: we have two of these in OpenPGP packages alone. This probably needs -// to be promoted somewhere more common. -type noOpCloser struct { - w io.Writer -} - -func (c noOpCloser) Write(data []byte) (n int, err error) { - return c.w.Write(data) -} - -func (c noOpCloser) Close() error { - return nil -} - -func handleCompression(compressed io.WriteCloser, candidateCompression []uint8, config *packet.Config) (data io.WriteCloser, err error) { - data = compressed - confAlgo := config.Compression() - if confAlgo == packet.CompressionNone { - return - } - - // Set algorithm labelled as MUST as fallback - // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.4 - finalAlgo := packet.CompressionNone - // if compression specified by config available we will use it - for _, c := range candidateCompression { - if uint8(confAlgo) == c { - finalAlgo = confAlgo - break - } - } - - if finalAlgo != packet.CompressionNone { - var compConfig *packet.CompressionConfig - if config != nil { - compConfig = config.CompressionConfig - } - data, err = packet.SerializeCompressed(compressed, finalAlgo, compConfig) - if err != nil { - return - } - } - return data, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go deleted file mode 100644 index 38afcc74fa..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go +++ /dev/null @@ -1,221 +0,0 @@ -package x25519 - -import ( - "crypto/sha256" - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap" - "github.com/ProtonMail/go-crypto/openpgp/errors" - x25519lib "github.com/cloudflare/circl/dh/x25519" - "golang.org/x/crypto/hkdf" -) - -const ( - hkdfInfo = "OpenPGP X25519" - aes128KeySize = 16 - // The size of a public or private key in bytes. - KeySize = x25519lib.Size -) - -type PublicKey struct { - // Point represents the encoded elliptic curve point of the public key. - Point []byte -} - -type PrivateKey struct { - PublicKey - // Secret represents the secret of the private key. - Secret []byte -} - -// NewPrivateKey creates a new empty private key including the public key. -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -// Validate validates that the provided public key matches the private key. -func Validate(pk *PrivateKey) (err error) { - var expectedPublicKey, privateKey x25519lib.Key - subtle.ConstantTimeCopy(1, privateKey[:], pk.Secret) - x25519lib.KeyGen(&expectedPublicKey, &privateKey) - if subtle.ConstantTimeCompare(expectedPublicKey[:], pk.PublicKey.Point) == 0 { - return errors.KeyInvalidError("x25519: invalid key") - } - return nil -} - -// GenerateKey generates a new x25519 key pair. -func GenerateKey(rand io.Reader) (*PrivateKey, error) { - var privateKey, publicKey x25519lib.Key - privateKeyOut := new(PrivateKey) - err := generateKey(rand, &privateKey, &publicKey) - if err != nil { - return nil, err - } - privateKeyOut.PublicKey.Point = publicKey[:] - privateKeyOut.Secret = privateKey[:] - return privateKeyOut, nil -} - -func generateKey(rand io.Reader, privateKey *x25519lib.Key, publicKey *x25519lib.Key) error { - maxRounds := 10 - isZero := true - for round := 0; isZero; round++ { - if round == maxRounds { - return errors.InvalidArgumentError("x25519: zero keys only, randomness source might be corrupt") - } - _, err := io.ReadFull(rand, privateKey[:]) - if err != nil { - return err - } - isZero = constantTimeIsZero(privateKey[:]) - } - x25519lib.KeyGen(publicKey, privateKey) - return nil -} - -// Encrypt encrypts a sessionKey with x25519 according to -// the OpenPGP crypto refresh specification section 5.1.6. The function assumes that the -// sessionKey has the correct format and padding according to the specification. -func Encrypt(rand io.Reader, publicKey *PublicKey, sessionKey []byte) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, err error) { - var ephemeralPrivate, ephemeralPublic, staticPublic, shared x25519lib.Key - // Check that the input static public key has 32 bytes - if len(publicKey.Point) != KeySize { - err = errors.KeyInvalidError("x25519: the public key has the wrong size") - return - } - copy(staticPublic[:], publicKey.Point) - // Generate ephemeral keyPair - err = generateKey(rand, &ephemeralPrivate, &ephemeralPublic) - if err != nil { - return - } - // Compute shared key - ok := x25519lib.Shared(&shared, &ephemeralPrivate, &staticPublic) - if !ok { - err = errors.KeyInvalidError("x25519: the public key is a low order point") - return - } - // Derive the encryption key from the shared secret - encryptionKey := applyHKDF(ephemeralPublic[:], publicKey.Point[:], shared[:]) - ephemeralPublicKey = &PublicKey{ - Point: ephemeralPublic[:], - } - // Encrypt the sessionKey with aes key wrapping - encryptedSessionKey, err = keywrap.Wrap(encryptionKey, sessionKey) - return -} - -// Decrypt decrypts a session key stored in ciphertext with the provided x25519 -// private key and ephemeral public key. -func Decrypt(privateKey *PrivateKey, ephemeralPublicKey *PublicKey, ciphertext []byte) (encodedSessionKey []byte, err error) { - var ephemeralPublic, staticPrivate, shared x25519lib.Key - // Check that the input ephemeral public key has 32 bytes - if len(ephemeralPublicKey.Point) != KeySize { - err = errors.KeyInvalidError("x25519: the public key has the wrong size") - return - } - copy(ephemeralPublic[:], ephemeralPublicKey.Point) - subtle.ConstantTimeCopy(1, staticPrivate[:], privateKey.Secret) - // Compute shared key - ok := x25519lib.Shared(&shared, &staticPrivate, &ephemeralPublic) - if !ok { - err = errors.KeyInvalidError("x25519: the ephemeral public key is a low order point") - return - } - // Derive the encryption key from the shared secret - encryptionKey := applyHKDF(ephemeralPublicKey.Point[:], privateKey.PublicKey.Point[:], shared[:]) - // Decrypt the session key with aes key wrapping - encodedSessionKey, err = keywrap.Unwrap(encryptionKey, ciphertext) - return -} - -func applyHKDF(ephemeralPublicKey []byte, publicKey []byte, sharedSecret []byte) []byte { - inputKey := make([]byte, 3*KeySize) - // ephemeral public key | recipient public key | shared secret - subtle.ConstantTimeCopy(1, inputKey[:KeySize], ephemeralPublicKey) - subtle.ConstantTimeCopy(1, inputKey[KeySize:2*KeySize], publicKey) - subtle.ConstantTimeCopy(1, inputKey[2*KeySize:], sharedSecret) - hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, []byte(hkdfInfo)) - encryptionKey := make([]byte, aes128KeySize) - _, _ = io.ReadFull(hkdfReader, encryptionKey) - return encryptionKey -} - -func constantTimeIsZero(bytes []byte) bool { - isZero := byte(0) - for _, b := range bytes { - isZero |= b - } - return isZero == 0 -} - -// ENCODING/DECODING ciphertexts: - -// EncodeFieldsLength returns the length of the ciphertext encoding -// given the encrypted session key. -func EncodedFieldsLength(encryptedSessionKey []byte, v6 bool) int { - lenCipherFunction := 0 - if !v6 { - lenCipherFunction = 1 - } - return KeySize + 1 + len(encryptedSessionKey) + lenCipherFunction -} - -// EncodeField encodes x25519 session key encryption fields as -// ephemeral x25519 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey -// and writes it to writer. -func EncodeFields(writer io.Writer, ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, v6 bool) (err error) { - lenAlgorithm := 0 - if !v6 { - lenAlgorithm = 1 - } - if _, err = writer.Write(ephemeralPublicKey.Point); err != nil { - return err - } - if _, err = writer.Write([]byte{byte(len(encryptedSessionKey) + lenAlgorithm)}); err != nil { - return err - } - if !v6 { - if _, err = writer.Write([]byte{cipherFunction}); err != nil { - return err - } - } - _, err = writer.Write(encryptedSessionKey) - return err -} - -// DecodeField decodes a x25519 session key encryption as -// ephemeral x25519 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey. -func DecodeFields(reader io.Reader, v6 bool) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, err error) { - var buf [1]byte - ephemeralPublicKey = &PublicKey{ - Point: make([]byte, KeySize), - } - // 32 octets representing an ephemeral x25519 public key. - if _, err = io.ReadFull(reader, ephemeralPublicKey.Point); err != nil { - return nil, nil, 0, err - } - // A one-octet size of the following fields. - if _, err = io.ReadFull(reader, buf[:]); err != nil { - return nil, nil, 0, err - } - followingLen := buf[0] - // The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - if !v6 { - if _, err = io.ReadFull(reader, buf[:]); err != nil { - return nil, nil, 0, err - } - cipherFunction = buf[0] - followingLen -= 1 - } - // The encrypted session key. - encryptedSessionKey = make([]byte, followingLen) - if _, err = io.ReadFull(reader, encryptedSessionKey); err != nil { - return nil, nil, 0, err - } - return ephemeralPublicKey, encryptedSessionKey, cipherFunction, nil -} diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go deleted file mode 100644 index 65a082dabd..0000000000 --- a/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go +++ /dev/null @@ -1,229 +0,0 @@ -package x448 - -import ( - "crypto/sha512" - "crypto/subtle" - "io" - - "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap" - "github.com/ProtonMail/go-crypto/openpgp/errors" - x448lib "github.com/cloudflare/circl/dh/x448" - "golang.org/x/crypto/hkdf" -) - -const ( - hkdfInfo = "OpenPGP X448" - aes256KeySize = 32 - // The size of a public or private key in bytes. - KeySize = x448lib.Size -) - -type PublicKey struct { - // Point represents the encoded elliptic curve point of the public key. - Point []byte -} - -type PrivateKey struct { - PublicKey - // Secret represents the secret of the private key. - Secret []byte -} - -// NewPrivateKey creates a new empty private key including the public key. -func NewPrivateKey(key PublicKey) *PrivateKey { - return &PrivateKey{ - PublicKey: key, - } -} - -// Validate validates that the provided public key matches -// the private key. -func Validate(pk *PrivateKey) (err error) { - var expectedPublicKey, privateKey x448lib.Key - subtle.ConstantTimeCopy(1, privateKey[:], pk.Secret) - x448lib.KeyGen(&expectedPublicKey, &privateKey) - if subtle.ConstantTimeCompare(expectedPublicKey[:], pk.PublicKey.Point) == 0 { - return errors.KeyInvalidError("x448: invalid key") - } - return nil -} - -// GenerateKey generates a new x448 key pair. -func GenerateKey(rand io.Reader) (*PrivateKey, error) { - var privateKey, publicKey x448lib.Key - privateKeyOut := new(PrivateKey) - err := generateKey(rand, &privateKey, &publicKey) - if err != nil { - return nil, err - } - privateKeyOut.PublicKey.Point = publicKey[:] - privateKeyOut.Secret = privateKey[:] - return privateKeyOut, nil -} - -func generateKey(rand io.Reader, privateKey *x448lib.Key, publicKey *x448lib.Key) error { - maxRounds := 10 - isZero := true - for round := 0; isZero; round++ { - if round == maxRounds { - return errors.InvalidArgumentError("x448: zero keys only, randomness source might be corrupt") - } - _, err := io.ReadFull(rand, privateKey[:]) - if err != nil { - return err - } - isZero = constantTimeIsZero(privateKey[:]) - } - x448lib.KeyGen(publicKey, privateKey) - return nil -} - -// Encrypt encrypts a sessionKey with x448 according to -// the OpenPGP crypto refresh specification section 5.1.7. The function assumes that the -// sessionKey has the correct format and padding according to the specification. -func Encrypt(rand io.Reader, publicKey *PublicKey, sessionKey []byte) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, err error) { - var ephemeralPrivate, ephemeralPublic, staticPublic, shared x448lib.Key - // Check that the input static public key has 56 bytes. - if len(publicKey.Point) != KeySize { - err = errors.KeyInvalidError("x448: the public key has the wrong size") - return nil, nil, err - } - copy(staticPublic[:], publicKey.Point) - // Generate ephemeral keyPair. - if err = generateKey(rand, &ephemeralPrivate, &ephemeralPublic); err != nil { - return nil, nil, err - } - // Compute shared key. - ok := x448lib.Shared(&shared, &ephemeralPrivate, &staticPublic) - if !ok { - err = errors.KeyInvalidError("x448: the public key is a low order point") - return nil, nil, err - } - // Derive the encryption key from the shared secret. - encryptionKey := applyHKDF(ephemeralPublic[:], publicKey.Point[:], shared[:]) - ephemeralPublicKey = &PublicKey{ - Point: ephemeralPublic[:], - } - // Encrypt the sessionKey with aes key wrapping. - encryptedSessionKey, err = keywrap.Wrap(encryptionKey, sessionKey) - if err != nil { - return nil, nil, err - } - return ephemeralPublicKey, encryptedSessionKey, nil -} - -// Decrypt decrypts a session key stored in ciphertext with the provided x448 -// private key and ephemeral public key. -func Decrypt(privateKey *PrivateKey, ephemeralPublicKey *PublicKey, ciphertext []byte) (encodedSessionKey []byte, err error) { - var ephemeralPublic, staticPrivate, shared x448lib.Key - // Check that the input ephemeral public key has 56 bytes. - if len(ephemeralPublicKey.Point) != KeySize { - err = errors.KeyInvalidError("x448: the public key has the wrong size") - return nil, err - } - copy(ephemeralPublic[:], ephemeralPublicKey.Point) - subtle.ConstantTimeCopy(1, staticPrivate[:], privateKey.Secret) - // Compute shared key. - ok := x448lib.Shared(&shared, &staticPrivate, &ephemeralPublic) - if !ok { - err = errors.KeyInvalidError("x448: the ephemeral public key is a low order point") - return nil, err - } - // Derive the encryption key from the shared secret. - encryptionKey := applyHKDF(ephemeralPublicKey.Point[:], privateKey.PublicKey.Point[:], shared[:]) - // Decrypt the session key with aes key wrapping. - encodedSessionKey, err = keywrap.Unwrap(encryptionKey, ciphertext) - if err != nil { - return nil, err - } - return encodedSessionKey, nil -} - -func applyHKDF(ephemeralPublicKey []byte, publicKey []byte, sharedSecret []byte) []byte { - inputKey := make([]byte, 3*KeySize) - // ephemeral public key | recipient public key | shared secret. - subtle.ConstantTimeCopy(1, inputKey[:KeySize], ephemeralPublicKey) - subtle.ConstantTimeCopy(1, inputKey[KeySize:2*KeySize], publicKey) - subtle.ConstantTimeCopy(1, inputKey[2*KeySize:], sharedSecret) - hkdfReader := hkdf.New(sha512.New, inputKey, []byte{}, []byte(hkdfInfo)) - encryptionKey := make([]byte, aes256KeySize) - _, _ = io.ReadFull(hkdfReader, encryptionKey) - return encryptionKey -} - -func constantTimeIsZero(bytes []byte) bool { - isZero := byte(0) - for _, b := range bytes { - isZero |= b - } - return isZero == 0 -} - -// ENCODING/DECODING ciphertexts: - -// EncodeFieldsLength returns the length of the ciphertext encoding -// given the encrypted session key. -func EncodedFieldsLength(encryptedSessionKey []byte, v6 bool) int { - lenCipherFunction := 0 - if !v6 { - lenCipherFunction = 1 - } - return KeySize + 1 + len(encryptedSessionKey) + lenCipherFunction -} - -// EncodeField encodes x448 session key encryption fields as -// ephemeral x448 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey -// and writes it to writer. -func EncodeFields(writer io.Writer, ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, v6 bool) (err error) { - lenAlgorithm := 0 - if !v6 { - lenAlgorithm = 1 - } - if _, err = writer.Write(ephemeralPublicKey.Point); err != nil { - return err - } - if _, err = writer.Write([]byte{byte(len(encryptedSessionKey) + lenAlgorithm)}); err != nil { - return err - } - if !v6 { - if _, err = writer.Write([]byte{cipherFunction}); err != nil { - return err - } - } - if _, err = writer.Write(encryptedSessionKey); err != nil { - return err - } - return nil -} - -// DecodeField decodes a x448 session key encryption as -// ephemeral x448 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey. -func DecodeFields(reader io.Reader, v6 bool) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, err error) { - var buf [1]byte - ephemeralPublicKey = &PublicKey{ - Point: make([]byte, KeySize), - } - // 56 octets representing an ephemeral x448 public key. - if _, err = io.ReadFull(reader, ephemeralPublicKey.Point); err != nil { - return nil, nil, 0, err - } - // A one-octet size of the following fields. - if _, err = io.ReadFull(reader, buf[:]); err != nil { - return nil, nil, 0, err - } - followingLen := buf[0] - // The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet). - if !v6 { - if _, err = io.ReadFull(reader, buf[:]); err != nil { - return nil, nil, 0, err - } - cipherFunction = buf[0] - followingLen -= 1 - } - // The encrypted session key. - encryptedSessionKey = make([]byte, followingLen) - if _, err = io.ReadFull(reader, encryptedSessionKey); err != nil { - return nil, nil, 0, err - } - return ephemeralPublicKey, encryptedSessionKey, cipherFunction, nil -} diff --git a/vendor/github.com/agext/levenshtein/.gitignore b/vendor/github.com/agext/levenshtein/.gitignore deleted file mode 100644 index 4473da19b2..0000000000 --- a/vendor/github.com/agext/levenshtein/.gitignore +++ /dev/null @@ -1,53 +0,0 @@ -# Ignore docs files -_gh_pages -_site - -# Ignore temporary files -README.html -coverage.out -.tmp - -# Numerous always-ignore extensions -*.diff -*.err -*.log -*.orig -*.rej -*.swo -*.swp -*.vi -*.zip -*~ - -# OS or Editor folders -._* -.cache -.DS_Store -.idea -.project -.settings -.tmproj -*.esproj -*.sublime-project -*.sublime-workspace -nbproject -Thumbs.db - -# Komodo -.komodotools -*.komodoproject - -# SCSS-Lint -scss-lint-report.xml - -# grunt-contrib-sass cache -.sass-cache - -# Jekyll metadata -docs/.jekyll-metadata - -# Folders to ignore -.build -.test -bower_components -node_modules diff --git a/vendor/github.com/agext/levenshtein/.travis.yml b/vendor/github.com/agext/levenshtein/.travis.yml deleted file mode 100644 index a51a144660..0000000000 --- a/vendor/github.com/agext/levenshtein/.travis.yml +++ /dev/null @@ -1,25 +0,0 @@ -language: go -sudo: false -matrix: - fast_finish: true - include: - - go: 1.11.x - env: TEST_METHOD=goveralls - - go: 1.10.x - - go: tip - - go: 1.9.x - - go: 1.8.x - - go: 1.7.x - - go: 1.6.x - - go: 1.5.x - allow_failures: - - go: tip - - go: 1.9.x - - go: 1.8.x - - go: 1.7.x - - go: 1.6.x - - go: 1.5.x -script: ./test.sh $TEST_METHOD -notifications: - email: - on_success: never diff --git a/vendor/github.com/agext/levenshtein/DCO b/vendor/github.com/agext/levenshtein/DCO deleted file mode 100644 index 716561d5d2..0000000000 --- a/vendor/github.com/agext/levenshtein/DCO +++ /dev/null @@ -1,36 +0,0 @@ -Developer Certificate of Origin -Version 1.1 - -Copyright (C) 2004, 2006 The Linux Foundation and its contributors. -660 York Street, Suite 102, -San Francisco, CA 94110 USA - -Everyone is permitted to copy and distribute verbatim copies of this -license document, but changing it is not allowed. - - -Developer's Certificate of Origin 1.1 - -By making a contribution to this project, I certify that: - -(a) The contribution was created in whole or in part by me and I - have the right to submit it under the open source license - indicated in the file; or - -(b) The contribution is based upon previous work that, to the best - of my knowledge, is covered under an appropriate open source - license and I have the right under that license to submit that - work with modifications, whether created in whole or in part - by me, under the same open source license (unless I am - permitted to submit under a different license), as indicated - in the file; or - -(c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified - it. - -(d) I understand and agree that this project and the contribution - are public and that a record of the contribution (including all - personal information I submit with it, including my sign-off) is - maintained indefinitely and may be redistributed consistent with - this project or the open source license(s) involved. diff --git a/vendor/github.com/agext/levenshtein/LICENSE b/vendor/github.com/agext/levenshtein/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/vendor/github.com/agext/levenshtein/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/agext/levenshtein/MAINTAINERS b/vendor/github.com/agext/levenshtein/MAINTAINERS deleted file mode 100644 index 726c2afb32..0000000000 --- a/vendor/github.com/agext/levenshtein/MAINTAINERS +++ /dev/null @@ -1 +0,0 @@ -Alex Bucataru (@AlexBucataru) diff --git a/vendor/github.com/agext/levenshtein/NOTICE b/vendor/github.com/agext/levenshtein/NOTICE deleted file mode 100644 index eaffaab94c..0000000000 --- a/vendor/github.com/agext/levenshtein/NOTICE +++ /dev/null @@ -1,5 +0,0 @@ -Alrux Go EXTensions (AGExt) - package levenshtein -Copyright 2016 ALRUX Inc. - -This product includes software developed at ALRUX Inc. -(http://www.alrux.com/). diff --git a/vendor/github.com/agext/levenshtein/README.md b/vendor/github.com/agext/levenshtein/README.md deleted file mode 100644 index 9e4255879f..0000000000 --- a/vendor/github.com/agext/levenshtein/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# A Go package for calculating the Levenshtein distance between two strings - -[![Release](https://img.shields.io/github/release/agext/levenshtein.svg?style=flat)](https://github.com/agext/levenshtein/releases/latest) -[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat)](https://godoc.org/github.com/agext/levenshtein)  -[![Build Status](https://travis-ci.org/agext/levenshtein.svg?branch=master&style=flat)](https://travis-ci.org/agext/levenshtein) -[![Coverage Status](https://coveralls.io/repos/github/agext/levenshtein/badge.svg?style=flat)](https://coveralls.io/github/agext/levenshtein) -[![Go Report Card](https://goreportcard.com/badge/github.com/agext/levenshtein?style=flat)](https://goreportcard.com/report/github.com/agext/levenshtein) - - -This package implements distance and similarity metrics for strings, based on the Levenshtein measure, in [Go](http://golang.org). - -## Project Status - -v1.2.2 Stable: Guaranteed no breaking changes to the API in future v1.x releases. Probably safe to use in production, though provided on "AS IS" basis. - -This package is being actively maintained. If you encounter any problems or have any suggestions for improvement, please [open an issue](https://github.com/agext/levenshtein/issues). Pull requests are welcome. - -## Overview - -The Levenshtein `Distance` between two strings is the minimum total cost of edits that would convert the first string into the second. The allowed edit operations are insertions, deletions, and substitutions, all at character (one UTF-8 code point) level. Each operation has a default cost of 1, but each can be assigned its own cost equal to or greater than 0. - -A `Distance` of 0 means the two strings are identical, and the higher the value the more different the strings. Since in practice we are interested in finding if the two strings are "close enough", it often does not make sense to continue the calculation once the result is mathematically guaranteed to exceed a desired threshold. Providing this value to the `Distance` function allows it to take a shortcut and return a lower bound instead of an exact cost when the threshold is exceeded. - -The `Similarity` function calculates the distance, then converts it into a normalized metric within the range 0..1, with 1 meaning the strings are identical, and 0 that they have nothing in common. A minimum similarity threshold can be provided to speed up the calculation of the metric for strings that are far too dissimilar for the purpose at hand. All values under this threshold are rounded down to 0. - -The `Match` function provides a similarity metric, with the same range and meaning as `Similarity`, but with a bonus for string pairs that share a common prefix and have a similarity above a "bonus threshold". It uses the same method as proposed by Winkler for the Jaro distance, and the reasoning behind it is that these string pairs are very likely spelling variations or errors, and they are more closely linked than the edit distance alone would suggest. - -The underlying `Calculate` function is also exported, to allow the building of other derivative metrics, if needed. - -## Installation - -``` -go get github.com/agext/levenshtein -``` - -## License - -Package levenshtein is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details. diff --git a/vendor/github.com/agext/levenshtein/levenshtein.go b/vendor/github.com/agext/levenshtein/levenshtein.go deleted file mode 100644 index df69ce7016..0000000000 --- a/vendor/github.com/agext/levenshtein/levenshtein.go +++ /dev/null @@ -1,290 +0,0 @@ -// Copyright 2016 ALRUX Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -/* -Package levenshtein implements distance and similarity metrics for strings, based on the Levenshtein measure. - -The Levenshtein `Distance` between two strings is the minimum total cost of edits that would convert the first string into the second. The allowed edit operations are insertions, deletions, and substitutions, all at character (one UTF-8 code point) level. Each operation has a default cost of 1, but each can be assigned its own cost equal to or greater than 0. - -A `Distance` of 0 means the two strings are identical, and the higher the value the more different the strings. Since in practice we are interested in finding if the two strings are "close enough", it often does not make sense to continue the calculation once the result is mathematically guaranteed to exceed a desired threshold. Providing this value to the `Distance` function allows it to take a shortcut and return a lower bound instead of an exact cost when the threshold is exceeded. - -The `Similarity` function calculates the distance, then converts it into a normalized metric within the range 0..1, with 1 meaning the strings are identical, and 0 that they have nothing in common. A minimum similarity threshold can be provided to speed up the calculation of the metric for strings that are far too dissimilar for the purpose at hand. All values under this threshold are rounded down to 0. - -The `Match` function provides a similarity metric, with the same range and meaning as `Similarity`, but with a bonus for string pairs that share a common prefix and have a similarity above a "bonus threshold". It uses the same method as proposed by Winkler for the Jaro distance, and the reasoning behind it is that these string pairs are very likely spelling variations or errors, and they are more closely linked than the edit distance alone would suggest. - -The underlying `Calculate` function is also exported, to allow the building of other derivative metrics, if needed. -*/ -package levenshtein - -// Calculate determines the Levenshtein distance between two strings, using -// the given costs for each edit operation. It returns the distance along with -// the lengths of the longest common prefix and suffix. -// -// If maxCost is non-zero, the calculation stops as soon as the distance is determined -// to be greater than maxCost. Therefore, any return value higher than maxCost is a -// lower bound for the actual distance. -func Calculate(str1, str2 []rune, maxCost, insCost, subCost, delCost int) (dist, prefixLen, suffixLen int) { - l1, l2 := len(str1), len(str2) - // trim common prefix, if any, as it doesn't affect the distance - for ; prefixLen < l1 && prefixLen < l2; prefixLen++ { - if str1[prefixLen] != str2[prefixLen] { - break - } - } - str1, str2 = str1[prefixLen:], str2[prefixLen:] - l1 -= prefixLen - l2 -= prefixLen - // trim common suffix, if any, as it doesn't affect the distance - for 0 < l1 && 0 < l2 { - if str1[l1-1] != str2[l2-1] { - str1, str2 = str1[:l1], str2[:l2] - break - } - l1-- - l2-- - suffixLen++ - } - // if the first string is empty, the distance is the length of the second string times the cost of insertion - if l1 == 0 { - dist = l2 * insCost - return - } - // if the second string is empty, the distance is the length of the first string times the cost of deletion - if l2 == 0 { - dist = l1 * delCost - return - } - - // variables used in inner "for" loops - var y, dy, c, l int - - // if maxCost is greater than or equal to the maximum possible distance, it's equivalent to 'unlimited' - if maxCost > 0 { - if subCost < delCost+insCost { - if maxCost >= l1*subCost+(l2-l1)*insCost { - maxCost = 0 - } - } else { - if maxCost >= l1*delCost+l2*insCost { - maxCost = 0 - } - } - } - - if maxCost > 0 { - // prefer the longer string first, to minimize time; - // a swap also transposes the meanings of insertion and deletion. - if l1 < l2 { - str1, str2, l1, l2, insCost, delCost = str2, str1, l2, l1, delCost, insCost - } - - // the length differential times cost of deletion is a lower bound for the cost; - // if it is higher than the maxCost, there is no point going into the main calculation. - if dist = (l1 - l2) * delCost; dist > maxCost { - return - } - - d := make([]int, l1+1) - - // offset and length of d in the current row - doff, dlen := 0, 1 - for y, dy = 1, delCost; y <= l1 && dy <= maxCost; dlen++ { - d[y] = dy - y++ - dy = y * delCost - } - // fmt.Printf("%q -> %q: init doff=%d dlen=%d d[%d:%d]=%v\n", str1, str2, doff, dlen, doff, doff+dlen, d[doff:doff+dlen]) - - for x := 0; x < l2; x++ { - dy, d[doff] = d[doff], d[doff]+insCost - for d[doff] > maxCost && dlen > 0 { - if str1[doff] != str2[x] { - dy += subCost - } - doff++ - dlen-- - if c = d[doff] + insCost; c < dy { - dy = c - } - dy, d[doff] = d[doff], dy - } - for y, l = doff, doff+dlen-1; y < l; dy, d[y] = d[y], dy { - if str1[y] != str2[x] { - dy += subCost - } - if c = d[y] + delCost; c < dy { - dy = c - } - y++ - if c = d[y] + insCost; c < dy { - dy = c - } - } - if y < l1 { - if str1[y] != str2[x] { - dy += subCost - } - if c = d[y] + delCost; c < dy { - dy = c - } - for ; dy <= maxCost && y < l1; dy, d[y] = dy+delCost, dy { - y++ - dlen++ - } - } - // fmt.Printf("%q -> %q: x=%d doff=%d dlen=%d d[%d:%d]=%v\n", str1, str2, x, doff, dlen, doff, doff+dlen, d[doff:doff+dlen]) - if dlen == 0 { - dist = maxCost + 1 - return - } - } - if doff+dlen-1 < l1 { - dist = maxCost + 1 - return - } - dist = d[l1] - } else { - // ToDo: This is O(l1*l2) time and O(min(l1,l2)) space; investigate if it is - // worth to implement diagonal approach - O(l1*(1+dist)) time, up to O(l1*l2) space - // http://www.csse.monash.edu.au/~lloyd/tildeStrings/Alignment/92.IPL.html - - // prefer the shorter string first, to minimize space; time is O(l1*l2) anyway; - // a swap also transposes the meanings of insertion and deletion. - if l1 > l2 { - str1, str2, l1, l2, insCost, delCost = str2, str1, l2, l1, delCost, insCost - } - d := make([]int, l1+1) - - for y = 1; y <= l1; y++ { - d[y] = y * delCost - } - for x := 0; x < l2; x++ { - dy, d[0] = d[0], d[0]+insCost - for y = 0; y < l1; dy, d[y] = d[y], dy { - if str1[y] != str2[x] { - dy += subCost - } - if c = d[y] + delCost; c < dy { - dy = c - } - y++ - if c = d[y] + insCost; c < dy { - dy = c - } - } - } - dist = d[l1] - } - - return -} - -// Distance returns the Levenshtein distance between str1 and str2, using the -// default or provided cost values. Pass nil for the third argument to use the -// default cost of 1 for all three operations, with no maximum. -func Distance(str1, str2 string, p *Params) int { - if p == nil { - p = defaultParams - } - dist, _, _ := Calculate([]rune(str1), []rune(str2), p.maxCost, p.insCost, p.subCost, p.delCost) - return dist -} - -// Similarity returns a score in the range of 0..1 for how similar the two strings are. -// A score of 1 means the strings are identical, and 0 means they have nothing in common. -// -// A nil third argument uses the default cost of 1 for all three operations. -// -// If a non-zero MinScore value is provided in the parameters, scores lower than it -// will be returned as 0. -func Similarity(str1, str2 string, p *Params) float64 { - return Match(str1, str2, p.Clone().BonusThreshold(1.1)) // guaranteed no bonus -} - -// Match returns a similarity score adjusted by the same method as proposed by Winkler for -// the Jaro distance - giving a bonus to string pairs that share a common prefix, only if their -// similarity score is already over a threshold. -// -// The score is in the range of 0..1, with 1 meaning the strings are identical, -// and 0 meaning they have nothing in common. -// -// A nil third argument uses the default cost of 1 for all three operations, maximum length of -// common prefix to consider for bonus of 4, scaling factor of 0.1, and bonus threshold of 0.7. -// -// If a non-zero MinScore value is provided in the parameters, scores lower than it -// will be returned as 0. -func Match(str1, str2 string, p *Params) float64 { - s1, s2 := []rune(str1), []rune(str2) - l1, l2 := len(s1), len(s2) - // two empty strings are identical; shortcut also avoids divByZero issues later on. - if l1 == 0 && l2 == 0 { - return 1 - } - - if p == nil { - p = defaultParams - } - - // a min over 1 can never be satisfied, so the score is 0. - if p.minScore > 1 { - return 0 - } - - insCost, delCost, maxDist, max := p.insCost, p.delCost, 0, 0 - if l1 > l2 { - l1, l2, insCost, delCost = l2, l1, delCost, insCost - } - - if p.subCost < delCost+insCost { - maxDist = l1*p.subCost + (l2-l1)*insCost - } else { - maxDist = l1*delCost + l2*insCost - } - - // a zero min is always satisfied, so no need to set a max cost. - if p.minScore > 0 { - // if p.minScore is lower than p.bonusThreshold, we can use a simplified formula - // for the max cost, because a sim score below min cannot receive a bonus. - if p.minScore < p.bonusThreshold { - // round down the max - a cost equal to a rounded up max would already be under min. - max = int((1 - p.minScore) * float64(maxDist)) - } else { - // p.minScore <= sim + p.bonusPrefix*p.bonusScale*(1-sim) - // p.minScore <= (1-dist/maxDist) + p.bonusPrefix*p.bonusScale*(1-(1-dist/maxDist)) - // p.minScore <= 1 - dist/maxDist + p.bonusPrefix*p.bonusScale*dist/maxDist - // 1 - p.minScore >= dist/maxDist - p.bonusPrefix*p.bonusScale*dist/maxDist - // (1-p.minScore)*maxDist/(1-p.bonusPrefix*p.bonusScale) >= dist - max = int((1 - p.minScore) * float64(maxDist) / (1 - float64(p.bonusPrefix)*p.bonusScale)) - } - } - - dist, pl, _ := Calculate(s1, s2, max, p.insCost, p.subCost, p.delCost) - if max > 0 && dist > max { - return 0 - } - sim := 1 - float64(dist)/float64(maxDist) - - if sim >= p.bonusThreshold && sim < 1 && p.bonusPrefix > 0 && p.bonusScale > 0 { - if pl > p.bonusPrefix { - pl = p.bonusPrefix - } - sim += float64(pl) * p.bonusScale * (1 - sim) - } - - if sim < p.minScore { - return 0 - } - - return sim -} diff --git a/vendor/github.com/agext/levenshtein/params.go b/vendor/github.com/agext/levenshtein/params.go deleted file mode 100644 index a85727b3ef..0000000000 --- a/vendor/github.com/agext/levenshtein/params.go +++ /dev/null @@ -1,152 +0,0 @@ -// Copyright 2016 ALRUX Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package levenshtein - -// Params represents a set of parameter values for the various formulas involved -// in the calculation of the Levenshtein string metrics. -type Params struct { - insCost int - subCost int - delCost int - maxCost int - minScore float64 - bonusPrefix int - bonusScale float64 - bonusThreshold float64 -} - -var ( - defaultParams = NewParams() -) - -// NewParams creates a new set of parameters and initializes it with the default values. -func NewParams() *Params { - return &Params{ - insCost: 1, - subCost: 1, - delCost: 1, - maxCost: 0, - minScore: 0, - bonusPrefix: 4, - bonusScale: .1, - bonusThreshold: .7, - } -} - -// Clone returns a pointer to a copy of the receiver parameter set, or of a new -// default parameter set if the receiver is nil. -func (p *Params) Clone() *Params { - if p == nil { - return NewParams() - } - return &Params{ - insCost: p.insCost, - subCost: p.subCost, - delCost: p.delCost, - maxCost: p.maxCost, - minScore: p.minScore, - bonusPrefix: p.bonusPrefix, - bonusScale: p.bonusScale, - bonusThreshold: p.bonusThreshold, - } -} - -// InsCost overrides the default value of 1 for the cost of insertion. -// The new value must be zero or positive. -func (p *Params) InsCost(v int) *Params { - if v >= 0 { - p.insCost = v - } - return p -} - -// SubCost overrides the default value of 1 for the cost of substitution. -// The new value must be zero or positive. -func (p *Params) SubCost(v int) *Params { - if v >= 0 { - p.subCost = v - } - return p -} - -// DelCost overrides the default value of 1 for the cost of deletion. -// The new value must be zero or positive. -func (p *Params) DelCost(v int) *Params { - if v >= 0 { - p.delCost = v - } - return p -} - -// MaxCost overrides the default value of 0 (meaning unlimited) for the maximum cost. -// The calculation of Distance() stops when the result is guaranteed to exceed -// this maximum, returning a lower-bound rather than exact value. -// The new value must be zero or positive. -func (p *Params) MaxCost(v int) *Params { - if v >= 0 { - p.maxCost = v - } - return p -} - -// MinScore overrides the default value of 0 for the minimum similarity score. -// Scores below this threshold are returned as 0 by Similarity() and Match(). -// The new value must be zero or positive. Note that a minimum greater than 1 -// can never be satisfied, resulting in a score of 0 for any pair of strings. -func (p *Params) MinScore(v float64) *Params { - if v >= 0 { - p.minScore = v - } - return p -} - -// BonusPrefix overrides the default value for the maximum length of -// common prefix to be considered for bonus by Match(). -// The new value must be zero or positive. -func (p *Params) BonusPrefix(v int) *Params { - if v >= 0 { - p.bonusPrefix = v - } - return p -} - -// BonusScale overrides the default value for the scaling factor used by Match() -// in calculating the bonus. -// The new value must be zero or positive. To guarantee that the similarity score -// remains in the interval 0..1, this scaling factor is not allowed to exceed -// 1 / BonusPrefix. -func (p *Params) BonusScale(v float64) *Params { - if v >= 0 { - p.bonusScale = v - } - - // the bonus cannot exceed (1-sim), or the score may become greater than 1. - if float64(p.bonusPrefix)*p.bonusScale > 1 { - p.bonusScale = 1 / float64(p.bonusPrefix) - } - - return p -} - -// BonusThreshold overrides the default value for the minimum similarity score -// for which Match() can assign a bonus. -// The new value must be zero or positive. Note that a threshold greater than 1 -// effectively makes Match() become the equivalent of Similarity(). -func (p *Params) BonusThreshold(v float64) *Params { - if v >= 0 { - p.bonusThreshold = v - } - return p -} diff --git a/vendor/github.com/agext/levenshtein/test.sh b/vendor/github.com/agext/levenshtein/test.sh deleted file mode 100644 index c5ed72466f..0000000000 --- a/vendor/github.com/agext/levenshtein/test.sh +++ /dev/null @@ -1,10 +0,0 @@ -set -ev - -if [[ "$1" == "goveralls" ]]; then - echo "Testing with goveralls..." - go get github.com/mattn/goveralls - $HOME/gopath/bin/goveralls -service=travis-ci -else - echo "Testing with go test..." - go test -v ./... -fi diff --git a/vendor/github.com/apparentlymart/go-textseg/v15/LICENSE b/vendor/github.com/apparentlymart/go-textseg/v15/LICENSE deleted file mode 100644 index 684b03b4a2..0000000000 --- a/vendor/github.com/apparentlymart/go-textseg/v15/LICENSE +++ /dev/null @@ -1,95 +0,0 @@ -Copyright (c) 2017 Martin Atkins - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - ---------- - -Unicode table generation programs are under a separate copyright and license: - -Copyright (c) 2014 Couchbase, Inc. -Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file -except in compliance with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software distributed under the -License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, -either express or implied. See the License for the specific language governing permissions -and limitations under the License. - ---------- - -Grapheme break data is provided as part of the Unicode character database, -copright 2016 Unicode, Inc, which is provided with the following license: - -Unicode Data Files include all data files under the directories -http://www.unicode.org/Public/, http://www.unicode.org/reports/, -http://www.unicode.org/cldr/data/, http://source.icu-project.org/repos/icu/, and -http://www.unicode.org/utility/trac/browser/. - -Unicode Data Files do not include PDF online code charts under the -directory http://www.unicode.org/Public/. - -Software includes any source code published in the Unicode Standard -or under the directories -http://www.unicode.org/Public/, http://www.unicode.org/reports/, -http://www.unicode.org/cldr/data/, http://source.icu-project.org/repos/icu/, and -http://www.unicode.org/utility/trac/browser/. - -NOTICE TO USER: Carefully read the following legal agreement. -BY DOWNLOADING, INSTALLING, COPYING OR OTHERWISE USING UNICODE INC.'S -DATA FILES ("DATA FILES"), AND/OR SOFTWARE ("SOFTWARE"), -YOU UNEQUIVOCALLY ACCEPT, AND AGREE TO BE BOUND BY, ALL OF THE -TERMS AND CONDITIONS OF THIS AGREEMENT. -IF YOU DO NOT AGREE, DO NOT DOWNLOAD, INSTALL, COPY, DISTRIBUTE OR USE -THE DATA FILES OR SOFTWARE. - -COPYRIGHT AND PERMISSION NOTICE - -Copyright © 1991-2017 Unicode, Inc. All rights reserved. -Distributed under the Terms of Use in http://www.unicode.org/copyright.html. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of the Unicode data files and any associated documentation -(the "Data Files") or Unicode software and any associated documentation -(the "Software") to deal in the Data Files or Software -without restriction, including without limitation the rights to use, -copy, modify, merge, publish, distribute, and/or sell copies of -the Data Files or Software, and to permit persons to whom the Data Files -or Software are furnished to do so, provided that either -(a) this copyright and permission notice appear with all copies -of the Data Files or Software, or -(b) this copyright and permission notice appear in associated -Documentation. - -THE DATA FILES AND SOFTWARE ARE PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT OF THIRD PARTY RIGHTS. -IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS -NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL -DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, -DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER -TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR -PERFORMANCE OF THE DATA FILES OR SOFTWARE. - -Except as contained in this notice, the name of a copyright holder -shall not be used in advertising or otherwise to promote the sale, -use or other dealings in these Data Files or Software without prior -written authorization of the copyright holder. diff --git a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/all_tokens.go b/vendor/github.com/apparentlymart/go-textseg/v15/textseg/all_tokens.go deleted file mode 100644 index 5752e9ef8f..0000000000 --- a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/all_tokens.go +++ /dev/null @@ -1,30 +0,0 @@ -package textseg - -import ( - "bufio" - "bytes" -) - -// AllTokens is a utility that uses a bufio.SplitFunc to produce a slice of -// all of the recognized tokens in the given buffer. -func AllTokens(buf []byte, splitFunc bufio.SplitFunc) ([][]byte, error) { - scanner := bufio.NewScanner(bytes.NewReader(buf)) - scanner.Split(splitFunc) - var ret [][]byte - for scanner.Scan() { - ret = append(ret, scanner.Bytes()) - } - return ret, scanner.Err() -} - -// TokenCount is a utility that uses a bufio.SplitFunc to count the number of -// recognized tokens in the given buffer. -func TokenCount(buf []byte, splitFunc bufio.SplitFunc) (int, error) { - scanner := bufio.NewScanner(bytes.NewReader(buf)) - scanner.Split(splitFunc) - var ret int - for scanner.Scan() { - ret++ - } - return ret, scanner.Err() -} diff --git a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/emoji_table.rl b/vendor/github.com/apparentlymart/go-textseg/v15/textseg/emoji_table.rl deleted file mode 100644 index 10b93e474f..0000000000 --- a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/emoji_table.rl +++ /dev/null @@ -1,545 +0,0 @@ -# The following Ragel file was autogenerated with unicode2ragel.rb -# from: https://www.unicode.org/Public/15.0.0/ucd/emoji/emoji-data.txt -# -# It defines ["Extended_Pictographic"]. -# -# To use this, make sure that your alphtype is set to byte, -# and that your input is in utf8. - -%%{ - machine Emoji; - - Extended_Pictographic = - 0xC2 0xA9 #E0.6 [1] (©️) copyright - | 0xC2 0xAE #E0.6 [1] (®️) registered - | 0xE2 0x80 0xBC #E0.6 [1] (‼️) double exclamation mark - | 0xE2 0x81 0x89 #E0.6 [1] (⁉️) exclamation question ... - | 0xE2 0x84 0xA2 #E0.6 [1] (™️) trade mark - | 0xE2 0x84 0xB9 #E0.6 [1] (ℹ️) information - | 0xE2 0x86 0x94..0x99 #E0.6 [6] (↔️..↙️) left-right arrow..do... - | 0xE2 0x86 0xA9..0xAA #E0.6 [2] (↩️..↪️) right arrow curving ... - | 0xE2 0x8C 0x9A..0x9B #E0.6 [2] (⌚..⌛) watch..hourglass done - | 0xE2 0x8C 0xA8 #E1.0 [1] (⌨️) keyboard - | 0xE2 0x8E 0x88 #E0.0 [1] (⎈) HELM SYMBOL - | 0xE2 0x8F 0x8F #E1.0 [1] (⏏️) eject button - | 0xE2 0x8F 0xA9..0xAC #E0.6 [4] (⏩..⏬) fast-forward button..f... - | 0xE2 0x8F 0xAD..0xAE #E0.7 [2] (⏭️..⏮️) next track button..l... - | 0xE2 0x8F 0xAF #E1.0 [1] (⏯️) play or pause button - | 0xE2 0x8F 0xB0 #E0.6 [1] (⏰) alarm clock - | 0xE2 0x8F 0xB1..0xB2 #E1.0 [2] (⏱️..⏲️) stopwatch..timer clock - | 0xE2 0x8F 0xB3 #E0.6 [1] (⏳) hourglass not done - | 0xE2 0x8F 0xB8..0xBA #E0.7 [3] (⏸️..⏺️) pause button..record... - | 0xE2 0x93 0x82 #E0.6 [1] (Ⓜ️) circled M - | 0xE2 0x96 0xAA..0xAB #E0.6 [2] (▪️..▫️) black small square..... - | 0xE2 0x96 0xB6 #E0.6 [1] (▶️) play button - | 0xE2 0x97 0x80 #E0.6 [1] (◀️) reverse button - | 0xE2 0x97 0xBB..0xBE #E0.6 [4] (◻️..◾) white medium square..... - | 0xE2 0x98 0x80..0x81 #E0.6 [2] (☀️..☁️) sun..cloud - | 0xE2 0x98 0x82..0x83 #E0.7 [2] (☂️..☃️) umbrella..snowman - | 0xE2 0x98 0x84 #E1.0 [1] (☄️) comet - | 0xE2 0x98 0x85 #E0.0 [1] (★) BLACK STAR - | 0xE2 0x98 0x87..0x8D #E0.0 [7] (☇..☍) LIGHTNING..OPPOSITION - | 0xE2 0x98 0x8E #E0.6 [1] (☎️) telephone - | 0xE2 0x98 0x8F..0x90 #E0.0 [2] (☏..☐) WHITE TELEPHONE..BALLO... - | 0xE2 0x98 0x91 #E0.6 [1] (☑️) check box with check - | 0xE2 0x98 0x92 #E0.0 [1] (☒) BALLOT BOX WITH X - | 0xE2 0x98 0x94..0x95 #E0.6 [2] (☔..☕) umbrella with rain dro... - | 0xE2 0x98 0x96..0x97 #E0.0 [2] (☖..☗) WHITE SHOGI PIECE..BLA... - | 0xE2 0x98 0x98 #E1.0 [1] (☘️) shamrock - | 0xE2 0x98 0x99..0x9C #E0.0 [4] (☙..☜) REVERSED ROTATED FLORA... - | 0xE2 0x98 0x9D #E0.6 [1] (☝️) index pointing up - | 0xE2 0x98 0x9E..0x9F #E0.0 [2] (☞..☟) WHITE RIGHT POINTING I... - | 0xE2 0x98 0xA0 #E1.0 [1] (☠️) skull and crossbones - | 0xE2 0x98 0xA1 #E0.0 [1] (☡) CAUTION SIGN - | 0xE2 0x98 0xA2..0xA3 #E1.0 [2] (☢️..☣️) radioactive..biohazard - | 0xE2 0x98 0xA4..0xA5 #E0.0 [2] (☤..☥) CADUCEUS..ANKH - | 0xE2 0x98 0xA6 #E1.0 [1] (☦️) orthodox cross - | 0xE2 0x98 0xA7..0xA9 #E0.0 [3] (☧..☩) CHI RHO..CROSS OF JERU... - | 0xE2 0x98 0xAA #E0.7 [1] (☪️) star and crescent - | 0xE2 0x98 0xAB..0xAD #E0.0 [3] (☫..☭) FARSI SYMBOL..HAMMER A... - | 0xE2 0x98 0xAE #E1.0 [1] (☮️) peace symbol - | 0xE2 0x98 0xAF #E0.7 [1] (☯️) yin yang - | 0xE2 0x98 0xB0..0xB7 #E0.0 [8] (☰..☷) TRIGRAM FOR HEAVEN..TR... - | 0xE2 0x98 0xB8..0xB9 #E0.7 [2] (☸️..☹️) wheel of dharma..fro... - | 0xE2 0x98 0xBA #E0.6 [1] (☺️) smiling face - | 0xE2 0x98 0xBB..0xBF #E0.0 [5] (☻..☿) BLACK SMILING FACE..ME... - | 0xE2 0x99 0x80 #E4.0 [1] (♀️) female sign - | 0xE2 0x99 0x81 #E0.0 [1] (♁) EARTH - | 0xE2 0x99 0x82 #E4.0 [1] (♂️) male sign - | 0xE2 0x99 0x83..0x87 #E0.0 [5] (♃..♇) JUPITER..PLUTO - | 0xE2 0x99 0x88..0x93 #E0.6 [12] (♈..♓) Aries..Pisces - | 0xE2 0x99 0x94..0x9E #E0.0 [11] (♔..♞) WHITE CHESS KING..BLAC... - | 0xE2 0x99 0x9F #E11.0 [1] (♟️) chess pawn - | 0xE2 0x99 0xA0 #E0.6 [1] (♠️) spade suit - | 0xE2 0x99 0xA1..0xA2 #E0.0 [2] (♡..♢) WHITE HEART SUIT..WHIT... - | 0xE2 0x99 0xA3 #E0.6 [1] (♣️) club suit - | 0xE2 0x99 0xA4 #E0.0 [1] (♤) WHITE SPADE SUIT - | 0xE2 0x99 0xA5..0xA6 #E0.6 [2] (♥️..♦️) heart suit..diamond ... - | 0xE2 0x99 0xA7 #E0.0 [1] (♧) WHITE CLUB SUIT - | 0xE2 0x99 0xA8 #E0.6 [1] (♨️) hot springs - | 0xE2 0x99 0xA9..0xBA #E0.0 [18] (♩..♺) QUARTER NOTE..RECYCLIN... - | 0xE2 0x99 0xBB #E0.6 [1] (♻️) recycling symbol - | 0xE2 0x99 0xBC..0xBD #E0.0 [2] (♼..♽) RECYCLED PAPER SYMBOL.... - | 0xE2 0x99 0xBE #E11.0 [1] (♾️) infinity - | 0xE2 0x99 0xBF #E0.6 [1] (♿) wheelchair symbol - | 0xE2 0x9A 0x80..0x85 #E0.0 [6] (⚀..⚅) DIE FACE-1..DIE FACE-6 - | 0xE2 0x9A 0x90..0x91 #E0.0 [2] (⚐..⚑) WHITE FLAG..BLACK FLAG - | 0xE2 0x9A 0x92 #E1.0 [1] (⚒️) hammer and pick - | 0xE2 0x9A 0x93 #E0.6 [1] (⚓) anchor - | 0xE2 0x9A 0x94 #E1.0 [1] (⚔️) crossed swords - | 0xE2 0x9A 0x95 #E4.0 [1] (⚕️) medical symbol - | 0xE2 0x9A 0x96..0x97 #E1.0 [2] (⚖️..⚗️) balance scale..alembic - | 0xE2 0x9A 0x98 #E0.0 [1] (⚘) FLOWER - | 0xE2 0x9A 0x99 #E1.0 [1] (⚙️) gear - | 0xE2 0x9A 0x9A #E0.0 [1] (⚚) STAFF OF HERMES - | 0xE2 0x9A 0x9B..0x9C #E1.0 [2] (⚛️..⚜️) atom symbol..fleur-d... - | 0xE2 0x9A 0x9D..0x9F #E0.0 [3] (⚝..⚟) OUTLINED WHITE STAR..T... - | 0xE2 0x9A 0xA0..0xA1 #E0.6 [2] (⚠️..⚡) warning..high voltage - | 0xE2 0x9A 0xA2..0xA6 #E0.0 [5] (⚢..⚦) DOUBLED FEMALE SIGN..M... - | 0xE2 0x9A 0xA7 #E13.0 [1] (⚧️) transgender symbol - | 0xE2 0x9A 0xA8..0xA9 #E0.0 [2] (⚨..⚩) VERTICAL MALE WITH STR... - | 0xE2 0x9A 0xAA..0xAB #E0.6 [2] (⚪..⚫) white circle..black ci... - | 0xE2 0x9A 0xAC..0xAF #E0.0 [4] (⚬..⚯) MEDIUM SMALL WHITE CIR... - | 0xE2 0x9A 0xB0..0xB1 #E1.0 [2] (⚰️..⚱️) coffin..funeral urn - | 0xE2 0x9A 0xB2..0xBC #E0.0 [11] (⚲..⚼) NEUTER..SESQUIQUADRATE - | 0xE2 0x9A 0xBD..0xBE #E0.6 [2] (⚽..⚾) soccer ball..baseball - | 0xE2 0x9A 0xBF..0xFF #E0.0 [5] (⚿..⛃) SQUARED KEY..BLACK DRA... - | 0xE2 0x9B 0x00..0x83 # - | 0xE2 0x9B 0x84..0x85 #E0.6 [2] (⛄..⛅) snowman without snow..... - | 0xE2 0x9B 0x86..0x87 #E0.0 [2] (⛆..⛇) RAIN..BLACK SNOWMAN - | 0xE2 0x9B 0x88 #E0.7 [1] (⛈️) cloud with lightning ... - | 0xE2 0x9B 0x89..0x8D #E0.0 [5] (⛉..⛍) TURNED WHITE SHOGI PIE... - | 0xE2 0x9B 0x8E #E0.6 [1] (⛎) Ophiuchus - | 0xE2 0x9B 0x8F #E0.7 [1] (⛏️) pick - | 0xE2 0x9B 0x90 #E0.0 [1] (⛐) CAR SLIDING - | 0xE2 0x9B 0x91 #E0.7 [1] (⛑️) rescue worker’s helmet - | 0xE2 0x9B 0x92 #E0.0 [1] (⛒) CIRCLED CROSSING LANES - | 0xE2 0x9B 0x93 #E0.7 [1] (⛓️) chains - | 0xE2 0x9B 0x94 #E0.6 [1] (⛔) no entry - | 0xE2 0x9B 0x95..0xA8 #E0.0 [20] (⛕..⛨) ALTERNATE ONE-WAY LEFT... - | 0xE2 0x9B 0xA9 #E0.7 [1] (⛩️) shinto shrine - | 0xE2 0x9B 0xAA #E0.6 [1] (⛪) church - | 0xE2 0x9B 0xAB..0xAF #E0.0 [5] (⛫..⛯) CASTLE..MAP SYMBOL FOR... - | 0xE2 0x9B 0xB0..0xB1 #E0.7 [2] (⛰️..⛱️) mountain..umbrella o... - | 0xE2 0x9B 0xB2..0xB3 #E0.6 [2] (⛲..⛳) fountain..flag in hole - | 0xE2 0x9B 0xB4 #E0.7 [1] (⛴️) ferry - | 0xE2 0x9B 0xB5 #E0.6 [1] (⛵) sailboat - | 0xE2 0x9B 0xB6 #E0.0 [1] (⛶) SQUARE FOUR CORNERS - | 0xE2 0x9B 0xB7..0xB9 #E0.7 [3] (⛷️..⛹️) skier..person bounci... - | 0xE2 0x9B 0xBA #E0.6 [1] (⛺) tent - | 0xE2 0x9B 0xBB..0xBC #E0.0 [2] (⛻..⛼) JAPANESE BANK SYMBOL..... - | 0xE2 0x9B 0xBD #E0.6 [1] (⛽) fuel pump - | 0xE2 0x9B 0xBE..0xFF #E0.0 [4] (⛾..✁) CUP ON BLACK SQUARE..U... - | 0xE2 0x9C 0x00..0x81 # - | 0xE2 0x9C 0x82 #E0.6 [1] (✂️) scissors - | 0xE2 0x9C 0x83..0x84 #E0.0 [2] (✃..✄) LOWER BLADE SCISSORS..... - | 0xE2 0x9C 0x85 #E0.6 [1] (✅) check mark button - | 0xE2 0x9C 0x88..0x8C #E0.6 [5] (✈️..✌️) airplane..victory hand - | 0xE2 0x9C 0x8D #E0.7 [1] (✍️) writing hand - | 0xE2 0x9C 0x8E #E0.0 [1] (✎) LOWER RIGHT PENCIL - | 0xE2 0x9C 0x8F #E0.6 [1] (✏️) pencil - | 0xE2 0x9C 0x90..0x91 #E0.0 [2] (✐..✑) UPPER RIGHT PENCIL..WH... - | 0xE2 0x9C 0x92 #E0.6 [1] (✒️) black nib - | 0xE2 0x9C 0x94 #E0.6 [1] (✔️) check mark - | 0xE2 0x9C 0x96 #E0.6 [1] (✖️) multiply - | 0xE2 0x9C 0x9D #E0.7 [1] (✝️) latin cross - | 0xE2 0x9C 0xA1 #E0.7 [1] (✡️) star of David - | 0xE2 0x9C 0xA8 #E0.6 [1] (✨) sparkles - | 0xE2 0x9C 0xB3..0xB4 #E0.6 [2] (✳️..✴️) eight-spoked asteris... - | 0xE2 0x9D 0x84 #E0.6 [1] (❄️) snowflake - | 0xE2 0x9D 0x87 #E0.6 [1] (❇️) sparkle - | 0xE2 0x9D 0x8C #E0.6 [1] (❌) cross mark - | 0xE2 0x9D 0x8E #E0.6 [1] (❎) cross mark button - | 0xE2 0x9D 0x93..0x95 #E0.6 [3] (❓..❕) red question mark..whi... - | 0xE2 0x9D 0x97 #E0.6 [1] (❗) red exclamation mark - | 0xE2 0x9D 0xA3 #E1.0 [1] (❣️) heart exclamation - | 0xE2 0x9D 0xA4 #E0.6 [1] (❤️) red heart - | 0xE2 0x9D 0xA5..0xA7 #E0.0 [3] (❥..❧) ROTATED HEAVY BLACK HE... - | 0xE2 0x9E 0x95..0x97 #E0.6 [3] (➕..➗) plus..divide - | 0xE2 0x9E 0xA1 #E0.6 [1] (➡️) right arrow - | 0xE2 0x9E 0xB0 #E0.6 [1] (➰) curly loop - | 0xE2 0x9E 0xBF #E1.0 [1] (➿) double curly loop - | 0xE2 0xA4 0xB4..0xB5 #E0.6 [2] (⤴️..⤵️) right arrow curving ... - | 0xE2 0xAC 0x85..0x87 #E0.6 [3] (⬅️..⬇️) left arrow..down arrow - | 0xE2 0xAC 0x9B..0x9C #E0.6 [2] (⬛..⬜) black large square..wh... - | 0xE2 0xAD 0x90 #E0.6 [1] (⭐) star - | 0xE2 0xAD 0x95 #E0.6 [1] (⭕) hollow red circle - | 0xE3 0x80 0xB0 #E0.6 [1] (〰️) wavy dash - | 0xE3 0x80 0xBD #E0.6 [1] (〽️) part alternation mark - | 0xE3 0x8A 0x97 #E0.6 [1] (㊗️) Japanese “congratulat... - | 0xE3 0x8A 0x99 #E0.6 [1] (㊙️) Japanese “secret” button - | 0xF0 0x9F 0x80 0x80..0x83 #E0.0 [4] (🀀..🀃) MAHJONG TILE EAST W... - | 0xF0 0x9F 0x80 0x84 #E0.6 [1] (🀄) mahjong red dragon - | 0xF0 0x9F 0x80 0x85..0xFF #E0.0 [202] (🀅..🃎) MAHJONG TILE ... - | 0xF0 0x9F 0x81..0x82 0x00..0xFF # - | 0xF0 0x9F 0x83 0x00..0x8E # - | 0xF0 0x9F 0x83 0x8F #E0.6 [1] (🃏) joker - | 0xF0 0x9F 0x83 0x90..0xBF #E0.0 [48] (🃐..🃿) ..<... - | 0xF0 0x9F 0x84 0x8D..0x8F #E0.0 [3] (🄍..🄏) CIRCLED ZERO WITH S... - | 0xF0 0x9F 0x84 0xAF #E0.0 [1] (🄯) COPYLEFT SYMBOL - | 0xF0 0x9F 0x85 0xAC..0xAF #E0.0 [4] (🅬..🅯) RAISED MR SIGN..CIR... - | 0xF0 0x9F 0x85 0xB0..0xB1 #E0.6 [2] (🅰️..🅱️) A button (blood t... - | 0xF0 0x9F 0x85 0xBE..0xBF #E0.6 [2] (🅾️..🅿️) O button (blood t... - | 0xF0 0x9F 0x86 0x8E #E0.6 [1] (🆎) AB button (blood type) - | 0xF0 0x9F 0x86 0x91..0x9A #E0.6 [10] (🆑..🆚) CL button..VS button - | 0xF0 0x9F 0x86 0xAD..0xFF #E0.0 [57] (🆭..🇥) MASK WORK SYMBOL..<... - | 0xF0 0x9F 0x87 0x00..0xA5 # - | 0xF0 0x9F 0x88 0x81..0x82 #E0.6 [2] (🈁..🈂️) Japanese “here” bu... - | 0xF0 0x9F 0x88 0x83..0x8F #E0.0 [13] (🈃..🈏) ..<... - | 0xF0 0x9F 0x88 0x9A #E0.6 [1] (🈚) Japanese “free of char... - | 0xF0 0x9F 0x88 0xAF #E0.6 [1] (🈯) Japanese “reserved” bu... - | 0xF0 0x9F 0x88 0xB2..0xBA #E0.6 [9] (🈲..🈺) Japanese “prohibite... - | 0xF0 0x9F 0x88 0xBC..0xBF #E0.0 [4] (🈼..🈿) ..<... - | 0xF0 0x9F 0x89 0x89..0x8F #E0.0 [7] (🉉..🉏) ..<... - | 0xF0 0x9F 0x89 0x90..0x91 #E0.6 [2] (🉐..🉑) Japanese “bargain” ... - | 0xF0 0x9F 0x89 0x92..0xFF #E0.0 [174] (🉒..🋿) ..<... - | 0xF0 0x9F 0x9B 0x9C #E15.0 [1] (🛜) wireless - | 0xF0 0x9F 0x9B 0x9D..0x9F #E14.0 [3] (🛝..🛟) playground slide..r... - | 0xF0 0x9F 0x9B 0xA0..0xA5 #E0.7 [6] (🛠️..🛥️) hammer and wrench... - | 0xF0 0x9F 0x9B 0xA6..0xA8 #E0.0 [3] (🛦..🛨) UP-POINTING MILITAR... - | 0xF0 0x9F 0x9B 0xA9 #E0.7 [1] (🛩️) small airplane - | 0xF0 0x9F 0x9B 0xAA #E0.0 [1] (🛪) NORTHEAST-POINTING AIR... - | 0xF0 0x9F 0x9B 0xAB..0xAC #E1.0 [2] (🛫..🛬) airplane departure.... - | 0xF0 0x9F 0x9B 0xAD..0xAF #E0.0 [3] (🛭..🛯) ..<... - | 0xF0 0x9F 0x9B 0xB0 #E0.7 [1] (🛰️) satellite - | 0xF0 0x9F 0x9B 0xB1..0xB2 #E0.0 [2] (🛱..🛲) ONCOMING FIRE ENGIN... - | 0xF0 0x9F 0x9B 0xB3 #E0.7 [1] (🛳️) passenger ship - | 0xF0 0x9F 0x9B 0xB4..0xB6 #E3.0 [3] (🛴..🛶) kick scooter..canoe - | 0xF0 0x9F 0x9B 0xB7..0xB8 #E5.0 [2] (🛷..🛸) sled..flying saucer - | 0xF0 0x9F 0x9B 0xB9 #E11.0 [1] (🛹) skateboard - | 0xF0 0x9F 0x9B 0xBA #E12.0 [1] (🛺) auto rickshaw - | 0xF0 0x9F 0x9B 0xBB..0xBC #E13.0 [2] (🛻..🛼) pickup truck..rolle... - | 0xF0 0x9F 0x9B 0xBD..0xBF #E0.0 [3] (🛽..🛿) ..<... - | 0xF0 0x9F 0x9D 0xB4..0xBF #E0.0 [12] (🝴..🝿) LOT OF FORTUNE..ORCUS - | 0xF0 0x9F 0x9F 0x95..0x9F #E0.0 [11] (🟕..🟟) CIRCLED TRIANGLE..<... - | 0xF0 0x9F 0x9F 0xA0..0xAB #E12.0 [12] (🟠..🟫) orange circle..brow... - | 0xF0 0x9F 0x9F 0xAC..0xAF #E0.0 [4] (🟬..🟯) ..<... - | 0xF0 0x9F 0x9F 0xB0 #E14.0 [1] (🟰) heavy equals sign - | 0xF0 0x9F 0x9F 0xB1..0xBF #E0.0 [15] (🟱..🟿) ..<... - | 0xF0 0x9F 0xA0 0x8C..0x8F #E0.0 [4] (🠌..🠏) ..<... - | 0xF0 0x9F 0xA1 0x88..0x8F #E0.0 [8] (🡈..🡏) ..<... - | 0xF0 0x9F 0xA1 0x9A..0x9F #E0.0 [6] (🡚..🡟) ..<... - | 0xF0 0x9F 0xA2 0x88..0x8F #E0.0 [8] (🢈..🢏) ..<... - | 0xF0 0x9F 0xA2 0xAE..0xFF #E0.0 [82] (🢮..🣿) ..<... - | 0xF0 0x9F 0xA3 0x00..0xBF # - | 0xF0 0x9F 0xA4 0x8C #E13.0 [1] (🤌) pinched fingers - | 0xF0 0x9F 0xA4 0x8D..0x8F #E12.0 [3] (🤍..🤏) white heart..pinchi... - | 0xF0 0x9F 0xA4 0x90..0x98 #E1.0 [9] (🤐..🤘) zipper-mouth face..... - | 0xF0 0x9F 0xA4 0x99..0x9E #E3.0 [6] (🤙..🤞) call me hand..cross... - | 0xF0 0x9F 0xA4 0x9F #E5.0 [1] (🤟) love-you gesture - | 0xF0 0x9F 0xA4 0xA0..0xA7 #E3.0 [8] (🤠..🤧) cowboy hat face..sn... - | 0xF0 0x9F 0xA4 0xA8..0xAF #E5.0 [8] (🤨..🤯) face with raised ey... - | 0xF0 0x9F 0xA4 0xB0 #E3.0 [1] (🤰) pregnant woman - | 0xF0 0x9F 0xA4 0xB1..0xB2 #E5.0 [2] (🤱..🤲) breast-feeding..pal... - | 0xF0 0x9F 0xA4 0xB3..0xBA #E3.0 [8] (🤳..🤺) selfie..person fencing - | 0xF0 0x9F 0xA4 0xBC..0xBE #E3.0 [3] (🤼..🤾) people wrestling..p... - | 0xF0 0x9F 0xA4 0xBF #E12.0 [1] (🤿) diving mask - | 0xF0 0x9F 0xA5 0x80..0x85 #E3.0 [6] (🥀..🥅) wilted flower..goal... - | 0xF0 0x9F 0xA5 0x87..0x8B #E3.0 [5] (🥇..🥋) 1st place medal..ma... - | 0xF0 0x9F 0xA5 0x8C #E5.0 [1] (🥌) curling stone - | 0xF0 0x9F 0xA5 0x8D..0x8F #E11.0 [3] (🥍..🥏) lacrosse..flying disc - | 0xF0 0x9F 0xA5 0x90..0x9E #E3.0 [15] (🥐..🥞) croissant..pancakes - | 0xF0 0x9F 0xA5 0x9F..0xAB #E5.0 [13] (🥟..🥫) dumpling..canned food - | 0xF0 0x9F 0xA5 0xAC..0xB0 #E11.0 [5] (🥬..🥰) leafy green..smilin... - | 0xF0 0x9F 0xA5 0xB1 #E12.0 [1] (🥱) yawning face - | 0xF0 0x9F 0xA5 0xB2 #E13.0 [1] (🥲) smiling face with tear - | 0xF0 0x9F 0xA5 0xB3..0xB6 #E11.0 [4] (🥳..🥶) partying face..cold... - | 0xF0 0x9F 0xA5 0xB7..0xB8 #E13.0 [2] (🥷..🥸) ninja..disguised face - | 0xF0 0x9F 0xA5 0xB9 #E14.0 [1] (🥹) face holding back tears - | 0xF0 0x9F 0xA5 0xBA #E11.0 [1] (🥺) pleading face - | 0xF0 0x9F 0xA5 0xBB #E12.0 [1] (🥻) sari - | 0xF0 0x9F 0xA5 0xBC..0xBF #E11.0 [4] (🥼..🥿) lab coat..flat shoe - | 0xF0 0x9F 0xA6 0x80..0x84 #E1.0 [5] (🦀..🦄) crab..unicorn - | 0xF0 0x9F 0xA6 0x85..0x91 #E3.0 [13] (🦅..🦑) eagle..squid - | 0xF0 0x9F 0xA6 0x92..0x97 #E5.0 [6] (🦒..🦗) giraffe..cricket - | 0xF0 0x9F 0xA6 0x98..0xA2 #E11.0 [11] (🦘..🦢) kangaroo..swan - | 0xF0 0x9F 0xA6 0xA3..0xA4 #E13.0 [2] (🦣..🦤) mammoth..dodo - | 0xF0 0x9F 0xA6 0xA5..0xAA #E12.0 [6] (🦥..🦪) sloth..oyster - | 0xF0 0x9F 0xA6 0xAB..0xAD #E13.0 [3] (🦫..🦭) beaver..seal - | 0xF0 0x9F 0xA6 0xAE..0xAF #E12.0 [2] (🦮..🦯) guide dog..white cane - | 0xF0 0x9F 0xA6 0xB0..0xB9 #E11.0 [10] (🦰..🦹) red hair..supervillain - | 0xF0 0x9F 0xA6 0xBA..0xBF #E12.0 [6] (🦺..🦿) safety vest..mechan... - | 0xF0 0x9F 0xA7 0x80 #E1.0 [1] (🧀) cheese wedge - | 0xF0 0x9F 0xA7 0x81..0x82 #E11.0 [2] (🧁..🧂) cupcake..salt - | 0xF0 0x9F 0xA7 0x83..0x8A #E12.0 [8] (🧃..🧊) beverage box..ice - | 0xF0 0x9F 0xA7 0x8B #E13.0 [1] (🧋) bubble tea - | 0xF0 0x9F 0xA7 0x8C #E14.0 [1] (🧌) troll - | 0xF0 0x9F 0xA7 0x8D..0x8F #E12.0 [3] (🧍..🧏) person standing..de... - | 0xF0 0x9F 0xA7 0x90..0xA6 #E5.0 [23] (🧐..🧦) face with monocle..... - | 0xF0 0x9F 0xA7 0xA7..0xBF #E11.0 [25] (🧧..🧿) red envelope..nazar... - | 0xF0 0x9F 0xA8 0x80..0xFF #E0.0 [112] (🨀..🩯) NEUTRAL CHESS KING.... - | 0xF0 0x9F 0xA9 0x00..0xAF # - | 0xF0 0x9F 0xA9 0xB0..0xB3 #E12.0 [4] (🩰..🩳) ballet shoes..shorts - | 0xF0 0x9F 0xA9 0xB4 #E13.0 [1] (🩴) thong sandal - | 0xF0 0x9F 0xA9 0xB5..0xB7 #E15.0 [3] (🩵..🩷) light blue heart..p... - | 0xF0 0x9F 0xA9 0xB8..0xBA #E12.0 [3] (🩸..🩺) drop of blood..stet... - | 0xF0 0x9F 0xA9 0xBB..0xBC #E14.0 [2] (🩻..🩼) x-ray..crutch - | 0xF0 0x9F 0xA9 0xBD..0xBF #E0.0 [3] (🩽..🩿) ..<... - | 0xF0 0x9F 0xAA 0x80..0x82 #E12.0 [3] (🪀..🪂) yo-yo..parachute - | 0xF0 0x9F 0xAA 0x83..0x86 #E13.0 [4] (🪃..🪆) boomerang..nesting ... - | 0xF0 0x9F 0xAA 0x87..0x88 #E15.0 [2] (🪇..🪈) maracas..flute - | 0xF0 0x9F 0xAA 0x89..0x8F #E0.0 [7] (🪉..🪏) ..<... - | 0xF0 0x9F 0xAA 0x90..0x95 #E12.0 [6] (🪐..🪕) ringed planet..banjo - | 0xF0 0x9F 0xAA 0x96..0xA8 #E13.0 [19] (🪖..🪨) military helmet..rock - | 0xF0 0x9F 0xAA 0xA9..0xAC #E14.0 [4] (🪩..🪬) mirror ball..hamsa - | 0xF0 0x9F 0xAA 0xAD..0xAF #E15.0 [3] (🪭..🪯) folding hand fan..k... - | 0xF0 0x9F 0xAA 0xB0..0xB6 #E13.0 [7] (🪰..🪶) fly..feather - | 0xF0 0x9F 0xAA 0xB7..0xBA #E14.0 [4] (🪷..🪺) lotus..nest with eggs - | 0xF0 0x9F 0xAA 0xBB..0xBD #E15.0 [3] (🪻..🪽) hyacinth..wing - | 0xF0 0x9F 0xAA 0xBE #E0.0 [1] (🪾) - | 0xF0 0x9F 0xAA 0xBF #E15.0 [1] (🪿) goose - | 0xF0 0x9F 0xAB 0x80..0x82 #E13.0 [3] (🫀..🫂) anatomical heart..p... - | 0xF0 0x9F 0xAB 0x83..0x85 #E14.0 [3] (🫃..🫅) pregnant man..perso... - | 0xF0 0x9F 0xAB 0x86..0x8D #E0.0 [8] (🫆..🫍) ..<... - | 0xF0 0x9F 0xAB 0x8E..0x8F #E15.0 [2] (🫎..🫏) moose..donkey - | 0xF0 0x9F 0xAB 0x90..0x96 #E13.0 [7] (🫐..🫖) blueberries..teapot - | 0xF0 0x9F 0xAB 0x97..0x99 #E14.0 [3] (🫗..🫙) pouring liquid..jar - | 0xF0 0x9F 0xAB 0x9A..0x9B #E15.0 [2] (🫚..🫛) ginger root..pea pod - | 0xF0 0x9F 0xAB 0x9C..0x9F #E0.0 [4] (🫜..🫟) ..<... - | 0xF0 0x9F 0xAB 0xA0..0xA7 #E14.0 [8] (🫠..🫧) melting face..bubbles - | 0xF0 0x9F 0xAB 0xA8 #E15.0 [1] (🫨) shaking face - | 0xF0 0x9F 0xAB 0xA9..0xAF #E0.0 [7] (🫩..🫯) ..<... - | 0xF0 0x9F 0xAB 0xB0..0xB6 #E14.0 [7] (🫰..🫶) hand with index fin... - | 0xF0 0x9F 0xAB 0xB7..0xB8 #E15.0 [2] (🫷..🫸) leftwards pushing h... - | 0xF0 0x9F 0xAB 0xB9..0xBF #E0.0 [7] (🫹..🫿) ..<... - | 0xF0 0x9F 0xB0 0x80..0xFF #E0.0[1022] (🰀..🿽) 0; _nacts-- { - _acts++ - switch _graphclust_actions[_acts-1] { - case 4: -//line NONE:1 - ts = p - -//line grapheme_clusters.go:4080 - } - } - - _keys = int(_graphclust_key_offsets[cs]) - _trans = int(_graphclust_index_offsets[cs]) - - _klen = int(_graphclust_single_lengths[cs]) - if _klen > 0 { - _lower := int(_keys) - var _mid int - _upper := int(_keys + _klen - 1) - for { - if _upper < _lower { - break - } - - _mid = _lower + ((_upper - _lower) >> 1) - switch { - case data[p] < _graphclust_trans_keys[_mid]: - _upper = _mid - 1 - case data[p] > _graphclust_trans_keys[_mid]: - _lower = _mid + 1 - default: - _trans += int(_mid - int(_keys)) - goto _match - } - } - _keys += _klen - _trans += _klen - } - - _klen = int(_graphclust_range_lengths[cs]) - if _klen > 0 { - _lower := int(_keys) - var _mid int - _upper := int(_keys + (_klen << 1) - 2) - for { - if _upper < _lower { - break - } - - _mid = _lower + (((_upper - _lower) >> 1) & ^1) - switch { - case data[p] < _graphclust_trans_keys[_mid]: - _upper = _mid - 2 - case data[p] > _graphclust_trans_keys[_mid+1]: - _lower = _mid + 2 - default: - _trans += int((_mid - int(_keys)) >> 1) - goto _match - } - } - _trans += _klen - } - - _match: - _trans = int(_graphclust_indicies[_trans]) - _eof_trans: - cs = int(_graphclust_trans_targs[_trans]) - - if _graphclust_trans_actions[_trans] == 0 { - goto _again - } - - _acts = int(_graphclust_trans_actions[_trans]) - _nacts = uint(_graphclust_actions[_acts]) - _acts++ - for ; _nacts > 0; _nacts-- { - _acts++ - switch _graphclust_actions[_acts-1] { - case 0: -//line grapheme_clusters.rl:47 - - startPos = p - - case 1: -//line grapheme_clusters.rl:51 - - endPos = p - - case 5: -//line NONE:1 - te = p + 1 - - case 6: -//line grapheme_clusters.rl:55 - act = 3 - case 7: -//line grapheme_clusters.rl:55 - act = 4 - case 8: -//line grapheme_clusters.rl:55 - act = 8 - case 9: -//line grapheme_clusters.rl:55 - te = p + 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 10: -//line grapheme_clusters.rl:55 - te = p + 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 11: -//line grapheme_clusters.rl:55 - te = p - p-- - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 12: -//line grapheme_clusters.rl:55 - te = p - p-- - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 13: -//line grapheme_clusters.rl:55 - te = p - p-- - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 14: -//line grapheme_clusters.rl:55 - te = p - p-- - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 15: -//line grapheme_clusters.rl:55 - te = p - p-- - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 16: -//line grapheme_clusters.rl:55 - te = p - p-- - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 17: -//line grapheme_clusters.rl:55 - p = (te) - 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 18: -//line grapheme_clusters.rl:55 - p = (te) - 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 19: -//line grapheme_clusters.rl:55 - p = (te) - 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 20: -//line grapheme_clusters.rl:55 - p = (te) - 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 21: -//line grapheme_clusters.rl:55 - p = (te) - 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 22: -//line grapheme_clusters.rl:55 - p = (te) - 1 - { - return endPos + 1, data[startPos : endPos+1], nil - } - case 23: -//line NONE:1 - switch act { - case 0: - { - cs = 0 - goto _again - } - case 3: - { - p = (te) - 1 - - return endPos + 1, data[startPos : endPos+1], nil - } - case 4: - { - p = (te) - 1 - - return endPos + 1, data[startPos : endPos+1], nil - } - case 8: - { - p = (te) - 1 - - return endPos + 1, data[startPos : endPos+1], nil - } - } - -//line grapheme_clusters.go:4287 - } - } - - _again: - _acts = int(_graphclust_to_state_actions[cs]) - _nacts = uint(_graphclust_actions[_acts]) - _acts++ - for ; _nacts > 0; _nacts-- { - _acts++ - switch _graphclust_actions[_acts-1] { - case 2: -//line NONE:1 - ts = 0 - - case 3: -//line NONE:1 - act = 0 - -//line grapheme_clusters.go:4305 - } - } - - if cs == 0 { - goto _out - } - p++ - if p != pe { - goto _resume - } - _test_eof: - { - } - if p == eof { - if _graphclust_eof_trans[cs] > 0 { - _trans = int(_graphclust_eof_trans[cs] - 1) - goto _eof_trans - } - } - - _out: - { - } - } - -//line grapheme_clusters.rl:117 - - // If we fall out here then we were unable to complete a sequence. - // If we weren't able to complete a sequence then either we've - // reached the end of a partial buffer (so there's more data to come) - // or we have an isolated symbol that would normally be part of a - // grapheme cluster but has appeared in isolation here. - - if !atEOF { - // Request more - return 0, nil, nil - } - - // Just take the first UTF-8 sequence and return that. - _, seqLen := utf8.DecodeRune(data) - return seqLen, data[:seqLen], nil -} diff --git a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters.rl b/vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters.rl deleted file mode 100644 index 737db18b29..0000000000 --- a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters.rl +++ /dev/null @@ -1,133 +0,0 @@ -package textseg - -import ( - "errors" - "unicode/utf8" -) - -// Generated from grapheme_clusters.rl. DO NOT EDIT -%%{ - # (except you are actually in grapheme_clusters.rl here, so edit away!) - - machine graphclust; - write data; -}%% - -var Error = errors.New("invalid UTF8 text") - -// ScanGraphemeClusters is a split function for bufio.Scanner that splits -// on grapheme cluster boundaries. -func ScanGraphemeClusters(data []byte, atEOF bool) (int, []byte, error) { - if len(data) == 0 { - return 0, nil, nil - } - - // Ragel state - cs := 0 // Current State - p := 0 // "Pointer" into data - pe := len(data) // End-of-data "pointer" - ts := 0 - te := 0 - act := 0 - eof := pe - - // Make Go compiler happy - _ = ts - _ = te - _ = act - _ = eof - - startPos := 0 - endPos := 0 - - %%{ - include GraphemeCluster "grapheme_clusters_table.rl"; - include Emoji "emoji_table.rl"; - - action start { - startPos = p - } - - action end { - endPos = p - } - - action emit { - return endPos+1, data[startPos:endPos+1], nil - } - - ZWJGlue = ZWJ (Extended_Pictographic Extend*)?; - AnyExtender = Extend | ZWJGlue | SpacingMark; - Extension = AnyExtender*; - ReplacementChar = (0xEF 0xBF 0xBD); - - CRLFSeq = CR LF; - ControlSeq = Control | ReplacementChar; - HangulSeq = ( - L+ (((LV? V+ | LVT) T*)?|LV?) | - LV V* T* | - V+ T* | - LVT T* | - T+ - ) Extension; - EmojiSeq = Extended_Pictographic Extend* Extension; - ZWJSeq = ZWJ (ZWJ | Extend | SpacingMark)*; - EmojiFlagSeq = Regional_Indicator Regional_Indicator? Extension; - - UTF8Cont = 0x80 .. 0xBF; - AnyUTF8 = ( - 0x00..0x7F | - 0xC0..0xDF . UTF8Cont | - 0xE0..0xEF . UTF8Cont . UTF8Cont | - 0xF0..0xF7 . UTF8Cont . UTF8Cont . UTF8Cont - ); - - # OtherSeq is any character that isn't at the start of one of the extended sequences above, followed by extension - OtherSeq = (AnyUTF8 - (CR|LF|Control|ReplacementChar|L|LV|V|LVT|T|Extended_Pictographic|ZWJ|Regional_Indicator|Prepend)) (Extend | ZWJ | SpacingMark)*; - - # PrependSeq is prepend followed by any of the other patterns above, except control characters which explicitly break - PrependSeq = Prepend+ (HangulSeq|EmojiSeq|ZWJSeq|EmojiFlagSeq|OtherSeq)?; - - CRLFTok = CRLFSeq >start @end; - ControlTok = ControlSeq >start @end; - HangulTok = HangulSeq >start @end; - EmojiTok = EmojiSeq >start @end; - ZWJTok = ZWJSeq >start @end; - EmojiFlagTok = EmojiFlagSeq >start @end; - OtherTok = OtherSeq >start @end; - PrependTok = PrependSeq >start @end; - - main := |* - CRLFTok => emit; - ControlTok => emit; - HangulTok => emit; - EmojiTok => emit; - ZWJTok => emit; - EmojiFlagTok => emit; - PrependTok => emit; - OtherTok => emit; - - # any single valid UTF-8 character would also be valid per spec, - # but we'll handle that separately after the loop so we can deal - # with requesting more bytes if we're not at EOF. - *|; - - write init; - write exec; - }%% - - // If we fall out here then we were unable to complete a sequence. - // If we weren't able to complete a sequence then either we've - // reached the end of a partial buffer (so there's more data to come) - // or we have an isolated symbol that would normally be part of a - // grapheme cluster but has appeared in isolation here. - - if !atEOF { - // Request more - return 0, nil, nil - } - - // Just take the first UTF-8 sequence and return that. - _, seqLen := utf8.DecodeRune(data) - return seqLen, data[:seqLen], nil -} \ No newline at end of file diff --git a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters_table.rl b/vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters_table.rl deleted file mode 100644 index 3cff4291de..0000000000 --- a/vendor/github.com/apparentlymart/go-textseg/v15/textseg/grapheme_clusters_table.rl +++ /dev/null @@ -1,1637 +0,0 @@ -# The following Ragel file was autogenerated with unicode2ragel.rb -# from: https://www.unicode.org/Public/15.0.0/ucd/auxiliary/GraphemeBreakProperty.txt -# -# It defines ["Prepend", "CR", "LF", "Control", "Extend", "Regional_Indicator", "SpacingMark", "L", "V", "T", "LV", "LVT", "ZWJ"]. -# -# To use this, make sure that your alphtype is set to byte, -# and that your input is in utf8. - -%%{ - machine GraphemeCluster; - - Prepend = - 0xD8 0x80..0x85 #Cf [6] ARABIC NUMBER SIGN..ARABIC NUMBER ... - | 0xDB 0x9D #Cf ARABIC END OF AYAH - | 0xDC 0x8F #Cf SYRIAC ABBREVIATION MARK - | 0xE0 0xA2 0x90..0x91 #Cf [2] ARABIC POUND MARK ABOVE..ARABIC PI... - | 0xE0 0xA3 0xA2 #Cf ARABIC DISPUTED END OF AYAH - | 0xE0 0xB5 0x8E #Lo MALAYALAM LETTER DOT REPH - | 0xF0 0x91 0x82 0xBD #Cf KAITHI NUMBER SIGN - | 0xF0 0x91 0x83 0x8D #Cf KAITHI NUMBER SIGN ABOVE - | 0xF0 0x91 0x87 0x82..0x83 #Lo [2] SHARADA SIGN JIHVAMULIYA..SHARA... - | 0xF0 0x91 0xA4 0xBF #Lo DIVES AKURU PREFIXED NASAL SIGN - | 0xF0 0x91 0xA5 0x81 #Lo DIVES AKURU INITIAL RA - | 0xF0 0x91 0xA8 0xBA #Lo ZANABAZAR SQUARE CLUSTER-INITIAL L... - | 0xF0 0x91 0xAA 0x84..0x89 #Lo [6] SOYOMBO SIGN JIHVAMULIYA..SOYOM... - | 0xF0 0x91 0xB5 0x86 #Lo MASARAM GONDI REPHA - | 0xF0 0x91 0xBC 0x82 #Lo KAWI SIGN REPHA - ; - - CR = - 0x0D #Cc - ; - - LF = - 0x0A #Cc - ; - - Control = - 0x00..0x09 #Cc [10] .. - | 0x0B..0x0C #Cc [2] .. - | 0x0E..0x1F #Cc [18] .. - | 0x7F #Cc [33] .. - | 0xC2 0x80..0x9F # - | 0xC2 0xAD #Cf SOFT HYPHEN - | 0xD8 0x9C #Cf ARABIC LETTER MARK - | 0xE1 0xA0 0x8E #Cf MONGOLIAN VOWEL SEPARATOR - | 0xE2 0x80 0x8B #Cf ZERO WIDTH SPACE - | 0xE2 0x80 0x8E..0x8F #Cf [2] LEFT-TO-RIGHT MARK..RIGHT-TO-LEFT ... - | 0xE2 0x80 0xA8 #Zl LINE SEPARATOR - | 0xE2 0x80 0xA9 #Zp PARAGRAPH SEPARATOR - | 0xE2 0x80 0xAA..0xAE #Cf [5] LEFT-TO-RIGHT EMBEDDING..RIGHT-TO-... - | 0xE2 0x81 0xA0..0xA4 #Cf [5] WORD JOINER..INVISIBLE PLUS - | 0xE2 0x81 0xA5 #Cn - | 0xE2 0x81 0xA6..0xAF #Cf [10] LEFT-TO-RIGHT ISOLATE..NOMINAL DIG... - | 0xEF 0xBB 0xBF #Cf ZERO WIDTH NO-BREAK SPACE - | 0xEF 0xBF 0xB0..0xB8 #Cn [9] .. - | 0xEF 0xBF 0xB9..0xBB #Cf [3] INTERLINEAR ANNOTATION ANCHOR..INT... - | 0xF0 0x93 0x90 0xB0..0xBF #Cf [16] EGYPTIAN HIEROGLYPH VERTICAL JO... - | 0xF0 0x9B 0xB2 0xA0..0xA3 #Cf [4] SHORTHAND FORMAT LETTER OVERLAP... - | 0xF0 0x9D 0x85 0xB3..0xBA #Cf [8] MUSICAL SYMBOL BEGIN BEAM..MUSI... - | 0xF3 0xA0 0x80 0x80 #Cn - | 0xF3 0xA0 0x80 0x81 #Cf LANGUAGE TAG - | 0xF3 0xA0 0x80 0x82..0x9F #Cn [30] .. - | 0xF3 0xA0 0x82 0x80..0xFF #Cn [128] .. - | 0xF3 0xA0 0x83 0x00..0xBF # - | 0xF3 0xA0 0x87 0xB0..0xFF #Cn [3600] .. -# -# This script uses the unicode spec to generate a Ragel state machine -# that recognizes unicode alphanumeric characters. It generates 5 -# character classes: uupper, ulower, ualpha, udigit, and ualnum. -# Currently supported encodings are UTF-8 [default] and UCS-4. -# -# Usage: unicode2ragel.rb [options] -# -e, --encoding [ucs4 | utf8] Data encoding -# -h, --help Show this message -# -# This script was originally written as part of the Ferret search -# engine library. -# -# Author: Rakan El-Khalil - -require 'optparse' -require 'open-uri' - -ENCODINGS = [ :utf8, :ucs4 ] -ALPHTYPES = { :utf8 => "byte", :ucs4 => "rune" } -DEFAULT_CHART_URL = "http://www.unicode.org/Public/5.1.0/ucd/DerivedCoreProperties.txt" -DEFAULT_MACHINE_NAME= "WChar" - -### -# Display vars & default option - -TOTAL_WIDTH = 80 -RANGE_WIDTH = 23 -@encoding = :utf8 -@chart_url = DEFAULT_CHART_URL -machine_name = DEFAULT_MACHINE_NAME -properties = [] -@output = $stdout - -### -# Option parsing - -cli_opts = OptionParser.new do |opts| - opts.on("-e", "--encoding [ucs4 | utf8]", "Data encoding") do |o| - @encoding = o.downcase.to_sym - end - opts.on("-h", "--help", "Show this message") do - puts opts - exit - end - opts.on("-u", "--url URL", "URL to process") do |o| - @chart_url = o - end - opts.on("-m", "--machine MACHINE_NAME", "Machine name") do |o| - machine_name = o - end - opts.on("-p", "--properties x,y,z", Array, "Properties to add to machine") do |o| - properties = o - end - opts.on("-o", "--output FILE", "output file") do |o| - @output = File.new(o, "w+") - end -end - -cli_opts.parse(ARGV) -unless ENCODINGS.member? @encoding - puts "Invalid encoding: #{@encoding}" - puts cli_opts - exit -end - -## -# Downloads the document at url and yields every alpha line's hex -# range and description. - -def each_alpha( url, property ) - URI.open( url ) do |file| - file.each_line do |line| - next if line =~ /^#/; - next if line !~ /; #{property} *#/; - - range, description = line.split(/;/) - range.strip! - description.gsub!(/.*#/, '').strip! - - if range =~ /\.\./ - start, stop = range.split '..' - else start = stop = range - end - - yield start.hex .. stop.hex, description - end - end -end - -### -# Formats to hex at minimum width - -def to_hex( n ) - r = "%0X" % n - r = "0#{r}" unless (r.length % 2).zero? - r -end - -### -# UCS4 is just a straight hex conversion of the unicode codepoint. - -def to_ucs4( range ) - rangestr = "0x" + to_hex(range.begin) - rangestr << "..0x" + to_hex(range.end) if range.begin != range.end - [ rangestr ] -end - -## -# 0x00 - 0x7f -> 0zzzzzzz[7] -# 0x80 - 0x7ff -> 110yyyyy[5] 10zzzzzz[6] -# 0x800 - 0xffff -> 1110xxxx[4] 10yyyyyy[6] 10zzzzzz[6] -# 0x010000 - 0x10ffff -> 11110www[3] 10xxxxxx[6] 10yyyyyy[6] 10zzzzzz[6] - -UTF8_BOUNDARIES = [0x7f, 0x7ff, 0xffff, 0x10ffff] - -def to_utf8_enc( n ) - r = 0 - if n <= 0x7f - r = n - elsif n <= 0x7ff - y = 0xc0 | (n >> 6) - z = 0x80 | (n & 0x3f) - r = y << 8 | z - elsif n <= 0xffff - x = 0xe0 | (n >> 12) - y = 0x80 | (n >> 6) & 0x3f - z = 0x80 | n & 0x3f - r = x << 16 | y << 8 | z - elsif n <= 0x10ffff - w = 0xf0 | (n >> 18) - x = 0x80 | (n >> 12) & 0x3f - y = 0x80 | (n >> 6) & 0x3f - z = 0x80 | n & 0x3f - r = w << 24 | x << 16 | y << 8 | z - end - - to_hex(r) -end - -def from_utf8_enc( n ) - n = n.hex - r = 0 - if n <= 0x7f - r = n - elsif n <= 0xdfff - y = (n >> 8) & 0x1f - z = n & 0x3f - r = y << 6 | z - elsif n <= 0xefffff - x = (n >> 16) & 0x0f - y = (n >> 8) & 0x3f - z = n & 0x3f - r = x << 10 | y << 6 | z - elsif n <= 0xf7ffffff - w = (n >> 24) & 0x07 - x = (n >> 16) & 0x3f - y = (n >> 8) & 0x3f - z = n & 0x3f - r = w << 18 | x << 12 | y << 6 | z - end - r -end - -### -# Given a range, splits it up into ranges that can be continuously -# encoded into utf8. Eg: 0x00 .. 0xff => [0x00..0x7f, 0x80..0xff] -# This is not strictly needed since the current [5.1] unicode standard -# doesn't have ranges that straddle utf8 boundaries. This is included -# for completeness as there is no telling if that will ever change. - -def utf8_ranges( range ) - ranges = [] - UTF8_BOUNDARIES.each do |max| - if range.begin <= max - if range.end <= max - ranges << range - return ranges - end - - ranges << (range.begin .. max) - range = (max + 1) .. range.end - end - end - ranges -end - -def build_range( start, stop ) - size = start.size/2 - left = size - 1 - return [""] if size < 1 - - a = start[0..1] - b = stop[0..1] - - ### - # Shared prefix - - if a == b - return build_range(start[2..-1], stop[2..-1]).map do |elt| - "0x#{a} " + elt - end - end - - ### - # Unshared prefix, end of run - - return ["0x#{a}..0x#{b} "] if left.zero? - - ### - # Unshared prefix, not end of run - # Range can be 0x123456..0x56789A - # Which is equivalent to: - # 0x123456 .. 0x12FFFF - # 0x130000 .. 0x55FFFF - # 0x560000 .. 0x56789A - - ret = [] - ret << build_range(start, a + "FF" * left) - - ### - # Only generate middle range if need be. - - if a.hex+1 != b.hex - max = to_hex(b.hex - 1) - max = "FF" if b == "FF" - ret << "0x#{to_hex(a.hex+1)}..0x#{max} " + "0x00..0xFF " * left - end - - ### - # Don't generate last range if it is covered by first range - - ret << build_range(b + "00" * left, stop) unless b == "FF" - ret.flatten! -end - -def to_utf8( range ) - utf8_ranges( range ).map do |r| - begin_enc = to_utf8_enc(r.begin) - end_enc = to_utf8_enc(r.end) - build_range begin_enc, end_enc - end.flatten! -end - -## -# Perform a 3-way comparison of the number of codepoints advertised by -# the unicode spec for the given range, the originally parsed range, -# and the resulting utf8 encoded range. - -def count_codepoints( code ) - code.split(' ').inject(1) do |acc, elt| - if elt =~ /0x(.+)\.\.0x(.+)/ - if @encoding == :utf8 - acc * (from_utf8_enc($2) - from_utf8_enc($1) + 1) - else - acc * ($2.hex - $1.hex + 1) - end - else - acc - end - end -end - -def is_valid?( range, desc, codes ) - spec_count = 1 - spec_count = $1.to_i if desc =~ /\[(\d+)\]/ - range_count = range.end - range.begin + 1 - - sum = codes.inject(0) { |acc, elt| acc + count_codepoints(elt) } - sum == spec_count and sum == range_count -end - -## -# Generate the state maching to stdout - -def generate_machine( name, property ) - pipe = " " - @output.puts " #{name} = " - each_alpha( @chart_url, property ) do |range, desc| - - codes = (@encoding == :ucs4) ? to_ucs4(range) : to_utf8(range) - - #raise "Invalid encoding of range #{range}: #{codes.inspect}" unless - # is_valid? range, desc, codes - - range_width = codes.map { |a| a.size }.max - range_width = RANGE_WIDTH if range_width < RANGE_WIDTH - - desc_width = TOTAL_WIDTH - RANGE_WIDTH - 11 - desc_width -= (range_width - RANGE_WIDTH) if range_width > RANGE_WIDTH - - if desc.size > desc_width - desc = desc[0..desc_width - 4] + "..." - end - - codes.each_with_index do |r, idx| - desc = "" unless idx.zero? - code = "%-#{range_width}s" % r - @output.puts " #{pipe} #{code} ##{desc}" - pipe = "|" - end - end - @output.puts " ;" - @output.puts "" -end - -@output.puts <> uint(j)) & 1) - copy(w[0][:], tableGenerator[s*Size:(s+1)*Size]) - diffAdd(&w, swap^bit) - swap = bit - } - for s := 0; s < h; s++ { - double(&w[1], &w[2]) - } - toAffine((*[fp.Size]byte)(k), &w[1], &w[2]) -} - -// ladderMontgomery calculates a generic scalar point multiplication -// The algorithm implemented is the left-to-right Montgomery's ladder. -func ladderMontgomery(k, xP *Key) { - w := [5]fp.Elt{} // [x1, x2, z2, x3, z3] order must be preserved. - w[0] = *(*fp.Elt)(xP) // x1 = xP - fp.SetOne(&w[1]) // x2 = 1 - w[3] = *(*fp.Elt)(xP) // x3 = xP - fp.SetOne(&w[4]) // z3 = 1 - - move := uint(0) - for s := 255 - 1; s >= 0; s-- { - i := s / 8 - j := s % 8 - bit := uint((k[i] >> uint(j)) & 1) - ladderStep(&w, move^bit) - move = bit - } - toAffine((*[fp.Size]byte)(k), &w[1], &w[2]) -} - -func toAffine(k *[fp.Size]byte, x, z *fp.Elt) { - fp.Inv(z, z) - fp.Mul(x, x, z) - _ = fp.ToBytes(k[:], x) -} - -var lowOrderPoints = [5]fp.Elt{ - { /* (0,_,1) point of order 2 on Curve25519 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }, - { /* (1,_,1) point of order 4 on Curve25519 */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }, - { /* (x,_,1) first point of order 8 on Curve25519 */ - 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, - 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, - 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, - 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00, - }, - { /* (x,_,1) second point of order 8 on Curve25519 */ - 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, - 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, - 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, - 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57, - }, - { /* (-1,_,1) a point of order 4 on the twist of Curve25519 */ - 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, - }, -} diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go deleted file mode 100644 index 8a3d54c570..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go +++ /dev/null @@ -1,30 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -package x25519 - -import ( - fp "github.com/cloudflare/circl/math/fp25519" - "golang.org/x/sys/cpu" -) - -var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX - -var _ = hasBmi2Adx - -func double(x, z *fp.Elt) { doubleAmd64(x, z) } -func diffAdd(w *[5]fp.Elt, b uint) { diffAddAmd64(w, b) } -func ladderStep(w *[5]fp.Elt, b uint) { ladderStepAmd64(w, b) } -func mulA24(z, x *fp.Elt) { mulA24Amd64(z, x) } - -//go:noescape -func ladderStepAmd64(w *[5]fp.Elt, b uint) - -//go:noescape -func diffAddAmd64(w *[5]fp.Elt, b uint) - -//go:noescape -func doubleAmd64(x, z *fp.Elt) - -//go:noescape -func mulA24Amd64(z, x *fp.Elt) diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h deleted file mode 100644 index 8c1ae4d0fb..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h +++ /dev/null @@ -1,111 +0,0 @@ -#define ladderStepLeg \ - addSub(x2,z2) \ - addSub(x3,z3) \ - integerMulLeg(b0,x2,z3) \ - integerMulLeg(b1,x3,z2) \ - reduceFromDoubleLeg(t0,b0) \ - reduceFromDoubleLeg(t1,b1) \ - addSub(t0,t1) \ - cselect(x2,x3,regMove) \ - cselect(z2,z3,regMove) \ - integerSqrLeg(b0,t0) \ - integerSqrLeg(b1,t1) \ - reduceFromDoubleLeg(x3,b0) \ - reduceFromDoubleLeg(z3,b1) \ - integerMulLeg(b0,x1,z3) \ - reduceFromDoubleLeg(z3,b0) \ - integerSqrLeg(b0,x2) \ - integerSqrLeg(b1,z2) \ - reduceFromDoubleLeg(x2,b0) \ - reduceFromDoubleLeg(z2,b1) \ - subtraction(t0,x2,z2) \ - multiplyA24Leg(t1,t0) \ - additionLeg(t1,t1,z2) \ - integerMulLeg(b0,x2,z2) \ - integerMulLeg(b1,t0,t1) \ - reduceFromDoubleLeg(x2,b0) \ - reduceFromDoubleLeg(z2,b1) - -#define ladderStepBmi2Adx \ - addSub(x2,z2) \ - addSub(x3,z3) \ - integerMulAdx(b0,x2,z3) \ - integerMulAdx(b1,x3,z2) \ - reduceFromDoubleAdx(t0,b0) \ - reduceFromDoubleAdx(t1,b1) \ - addSub(t0,t1) \ - cselect(x2,x3,regMove) \ - cselect(z2,z3,regMove) \ - integerSqrAdx(b0,t0) \ - integerSqrAdx(b1,t1) \ - reduceFromDoubleAdx(x3,b0) \ - reduceFromDoubleAdx(z3,b1) \ - integerMulAdx(b0,x1,z3) \ - reduceFromDoubleAdx(z3,b0) \ - integerSqrAdx(b0,x2) \ - integerSqrAdx(b1,z2) \ - reduceFromDoubleAdx(x2,b0) \ - reduceFromDoubleAdx(z2,b1) \ - subtraction(t0,x2,z2) \ - multiplyA24Adx(t1,t0) \ - additionAdx(t1,t1,z2) \ - integerMulAdx(b0,x2,z2) \ - integerMulAdx(b1,t0,t1) \ - reduceFromDoubleAdx(x2,b0) \ - reduceFromDoubleAdx(z2,b1) - -#define difAddLeg \ - addSub(x1,z1) \ - integerMulLeg(b0,z1,ui) \ - reduceFromDoubleLeg(z1,b0) \ - addSub(x1,z1) \ - integerSqrLeg(b0,x1) \ - integerSqrLeg(b1,z1) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) \ - integerMulLeg(b0,x1,z2) \ - integerMulLeg(b1,z1,x2) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) - -#define difAddBmi2Adx \ - addSub(x1,z1) \ - integerMulAdx(b0,z1,ui) \ - reduceFromDoubleAdx(z1,b0) \ - addSub(x1,z1) \ - integerSqrAdx(b0,x1) \ - integerSqrAdx(b1,z1) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) \ - integerMulAdx(b0,x1,z2) \ - integerMulAdx(b1,z1,x2) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) - -#define doubleLeg \ - addSub(x1,z1) \ - integerSqrLeg(b0,x1) \ - integerSqrLeg(b1,z1) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) \ - subtraction(t0,x1,z1) \ - multiplyA24Leg(t1,t0) \ - additionLeg(t1,t1,z1) \ - integerMulLeg(b0,x1,z1) \ - integerMulLeg(b1,t0,t1) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) - -#define doubleBmi2Adx \ - addSub(x1,z1) \ - integerSqrAdx(b0,x1) \ - integerSqrAdx(b1,z1) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) \ - subtraction(t0,x1,z1) \ - multiplyA24Adx(t1,t0) \ - additionAdx(t1,t1,z1) \ - integerMulAdx(b0,x1,z1) \ - integerMulAdx(b1,t0,t1) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s deleted file mode 100644 index ce9f062894..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s +++ /dev/null @@ -1,157 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -#include "textflag.h" - -// Depends on circl/math/fp25519 package -#include "../../math/fp25519/fp_amd64.h" -#include "curve_amd64.h" - -// CTE_A24 is (A+2)/4 from Curve25519 -#define CTE_A24 121666 - -#define Size 32 - -// multiplyA24Leg multiplies x times CTE_A24 and stores in z -// Uses: AX, DX, R8-R13, FLAGS -// Instr: x86_64, cmov -#define multiplyA24Leg(z,x) \ - MOVL $CTE_A24, AX; MULQ 0+x; MOVQ AX, R8; MOVQ DX, R9; \ - MOVL $CTE_A24, AX; MULQ 8+x; MOVQ AX, R12; MOVQ DX, R10; \ - MOVL $CTE_A24, AX; MULQ 16+x; MOVQ AX, R13; MOVQ DX, R11; \ - MOVL $CTE_A24, AX; MULQ 24+x; \ - ADDQ R12, R9; \ - ADCQ R13, R10; \ - ADCQ AX, R11; \ - ADCQ $0, DX; \ - MOVL $38, AX; /* 2*C = 38 = 2^256 MOD 2^255-19*/ \ - IMULQ AX, DX; \ - ADDQ DX, R8; \ - ADCQ $0, R9; MOVQ R9, 8+z; \ - ADCQ $0, R10; MOVQ R10, 16+z; \ - ADCQ $0, R11; MOVQ R11, 24+z; \ - MOVQ $0, DX; \ - CMOVQCS AX, DX; \ - ADDQ DX, R8; MOVQ R8, 0+z; - -// multiplyA24Adx multiplies x times CTE_A24 and stores in z -// Uses: AX, DX, R8-R12, FLAGS -// Instr: x86_64, cmov, bmi2 -#define multiplyA24Adx(z,x) \ - MOVQ $CTE_A24, DX; \ - MULXQ 0+x, R8, R10; \ - MULXQ 8+x, R9, R11; ADDQ R10, R9; \ - MULXQ 16+x, R10, AX; ADCQ R11, R10; \ - MULXQ 24+x, R11, R12; ADCQ AX, R11; \ - ;;;;;;;;;;;;;;;;;;;;; ADCQ $0, R12; \ - MOVL $38, DX; /* 2*C = 38 = 2^256 MOD 2^255-19*/ \ - IMULQ DX, R12; \ - ADDQ R12, R8; \ - ADCQ $0, R9; MOVQ R9, 8+z; \ - ADCQ $0, R10; MOVQ R10, 16+z; \ - ADCQ $0, R11; MOVQ R11, 24+z; \ - MOVQ $0, R12; \ - CMOVQCS DX, R12; \ - ADDQ R12, R8; MOVQ R8, 0+z; - -#define mulA24Legacy \ - multiplyA24Leg(0(DI),0(SI)) -#define mulA24Bmi2Adx \ - multiplyA24Adx(0(DI),0(SI)) - -// func mulA24Amd64(z, x *fp255.Elt) -TEXT ·mulA24Amd64(SB),NOSPLIT,$0-16 - MOVQ z+0(FP), DI - MOVQ x+8(FP), SI - CHECK_BMI2ADX(LMA24, mulA24Legacy, mulA24Bmi2Adx) - - -// func ladderStepAmd64(w *[5]fp255.Elt, b uint) -// ladderStepAmd64 calculates a point addition and doubling as follows: -// (x2,z2) = 2*(x2,z2) and (x3,z3) = (x2,z2)+(x3,z3) using as a difference (x1,-). -// work = (x1,x2,z2,x3,z3) are five fp255.Elt of 32 bytes. -// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and -// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes. -TEXT ·ladderStepAmd64(SB),NOSPLIT,$192-16 - // Parameters - #define regWork DI - #define regMove SI - #define x1 0*Size(regWork) - #define x2 1*Size(regWork) - #define z2 2*Size(regWork) - #define x3 3*Size(regWork) - #define z3 4*Size(regWork) - // Local variables - #define t0 0*Size(SP) - #define t1 1*Size(SP) - #define b0 2*Size(SP) - #define b1 4*Size(SP) - MOVQ w+0(FP), regWork - MOVQ b+8(FP), regMove - CHECK_BMI2ADX(LLADSTEP, ladderStepLeg, ladderStepBmi2Adx) - #undef regWork - #undef regMove - #undef x1 - #undef x2 - #undef z2 - #undef x3 - #undef z3 - #undef t0 - #undef t1 - #undef b0 - #undef b1 - -// func diffAddAmd64(w *[5]fp255.Elt, b uint) -// diffAddAmd64 calculates a differential point addition using a precomputed point. -// (x1,z1) = (x1,z1)+(mu) using a difference point (x2,z2) -// w = (mu,x1,z1,x2,z2) are five fp.Elt, and -// stack = (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes. -TEXT ·diffAddAmd64(SB),NOSPLIT,$128-16 - // Parameters - #define regWork DI - #define regSwap SI - #define ui 0*Size(regWork) - #define x1 1*Size(regWork) - #define z1 2*Size(regWork) - #define x2 3*Size(regWork) - #define z2 4*Size(regWork) - // Local variables - #define b0 0*Size(SP) - #define b1 2*Size(SP) - MOVQ w+0(FP), regWork - MOVQ b+8(FP), regSwap - cswap(x1,x2,regSwap) - cswap(z1,z2,regSwap) - CHECK_BMI2ADX(LDIFADD, difAddLeg, difAddBmi2Adx) - #undef regWork - #undef regSwap - #undef ui - #undef x1 - #undef z1 - #undef x2 - #undef z2 - #undef b0 - #undef b1 - -// func doubleAmd64(x, z *fp255.Elt) -// doubleAmd64 calculates a point doubling (x1,z1) = 2*(x1,z1). -// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and -// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes. -TEXT ·doubleAmd64(SB),NOSPLIT,$192-16 - // Parameters - #define x1 0(DI) - #define z1 0(SI) - // Local variables - #define t0 0*Size(SP) - #define t1 1*Size(SP) - #define b0 2*Size(SP) - #define b1 4*Size(SP) - MOVQ x+0(FP), DI - MOVQ z+8(FP), SI - CHECK_BMI2ADX(LDOUB,doubleLeg,doubleBmi2Adx) - #undef x1 - #undef z1 - #undef t0 - #undef t1 - #undef b0 - #undef b1 diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go deleted file mode 100644 index dae67ea37d..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go +++ /dev/null @@ -1,85 +0,0 @@ -package x25519 - -import ( - "encoding/binary" - "math/bits" - - fp "github.com/cloudflare/circl/math/fp25519" -) - -func doubleGeneric(x, z *fp.Elt) { - t0, t1 := &fp.Elt{}, &fp.Elt{} - fp.AddSub(x, z) - fp.Sqr(x, x) - fp.Sqr(z, z) - fp.Sub(t0, x, z) - mulA24Generic(t1, t0) - fp.Add(t1, t1, z) - fp.Mul(x, x, z) - fp.Mul(z, t0, t1) -} - -func diffAddGeneric(w *[5]fp.Elt, b uint) { - mu, x1, z1, x2, z2 := &w[0], &w[1], &w[2], &w[3], &w[4] - fp.Cswap(x1, x2, b) - fp.Cswap(z1, z2, b) - fp.AddSub(x1, z1) - fp.Mul(z1, z1, mu) - fp.AddSub(x1, z1) - fp.Sqr(x1, x1) - fp.Sqr(z1, z1) - fp.Mul(x1, x1, z2) - fp.Mul(z1, z1, x2) -} - -func ladderStepGeneric(w *[5]fp.Elt, b uint) { - x1, x2, z2, x3, z3 := &w[0], &w[1], &w[2], &w[3], &w[4] - t0 := &fp.Elt{} - t1 := &fp.Elt{} - fp.AddSub(x2, z2) - fp.AddSub(x3, z3) - fp.Mul(t0, x2, z3) - fp.Mul(t1, x3, z2) - fp.AddSub(t0, t1) - fp.Cmov(x2, x3, b) - fp.Cmov(z2, z3, b) - fp.Sqr(x3, t0) - fp.Sqr(z3, t1) - fp.Mul(z3, x1, z3) - fp.Sqr(x2, x2) - fp.Sqr(z2, z2) - fp.Sub(t0, x2, z2) - mulA24Generic(t1, t0) - fp.Add(t1, t1, z2) - fp.Mul(x2, x2, z2) - fp.Mul(z2, t0, t1) -} - -func mulA24Generic(z, x *fp.Elt) { - const A24 = 121666 - const n = 8 - var xx [4]uint64 - for i := range xx { - xx[i] = binary.LittleEndian.Uint64(x[i*n : (i+1)*n]) - } - - h0, l0 := bits.Mul64(xx[0], A24) - h1, l1 := bits.Mul64(xx[1], A24) - h2, l2 := bits.Mul64(xx[2], A24) - h3, l3 := bits.Mul64(xx[3], A24) - - var c3 uint64 - l1, c0 := bits.Add64(h0, l1, 0) - l2, c1 := bits.Add64(h1, l2, c0) - l3, c2 := bits.Add64(h2, l3, c1) - l4, _ := bits.Add64(h3, 0, c2) - _, l4 = bits.Mul64(l4, 38) - l0, c0 = bits.Add64(l0, l4, 0) - xx[1], c1 = bits.Add64(l1, 0, c0) - xx[2], c2 = bits.Add64(l2, 0, c1) - xx[3], c3 = bits.Add64(l3, 0, c2) - xx[0], _ = bits.Add64(l0, (-c3)&38, 0) - for i := range xx { - binary.LittleEndian.PutUint64(z[i*n:(i+1)*n], xx[i]) - } -} diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go deleted file mode 100644 index 07fab97d2a..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go +++ /dev/null @@ -1,11 +0,0 @@ -//go:build !amd64 || purego -// +build !amd64 purego - -package x25519 - -import fp "github.com/cloudflare/circl/math/fp25519" - -func double(x, z *fp.Elt) { doubleGeneric(x, z) } -func diffAdd(w *[5]fp.Elt, b uint) { diffAddGeneric(w, b) } -func ladderStep(w *[5]fp.Elt, b uint) { ladderStepGeneric(w, b) } -func mulA24(z, x *fp.Elt) { mulA24Generic(z, x) } diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/doc.go b/vendor/github.com/cloudflare/circl/dh/x25519/doc.go deleted file mode 100644 index 3ce102d145..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Package x25519 provides Diffie-Hellman functions as specified in RFC-7748. - -Validation of public keys. - -The Diffie-Hellman function, as described in RFC-7748 [1], works for any -public key. However, if a different protocol requires contributory -behaviour [2,3], then the public keys must be validated against low-order -points [3,4]. To do that, the Shared function performs this validation -internally and returns false when the public key is invalid (i.e., it -is a low-order point). - -References: - - [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt) - - [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html) - - [3] Bernstein (https://cr.yp.to/ecdh.html#validate) - - [4] Cremers&Jackson (https://eprint.iacr.org/2019/526) -*/ -package x25519 diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/key.go b/vendor/github.com/cloudflare/circl/dh/x25519/key.go deleted file mode 100644 index c76f72ac7f..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/key.go +++ /dev/null @@ -1,47 +0,0 @@ -package x25519 - -import ( - "crypto/subtle" - - fp "github.com/cloudflare/circl/math/fp25519" -) - -// Size is the length in bytes of a X25519 key. -const Size = 32 - -// Key represents a X25519 key. -type Key [Size]byte - -func (k *Key) clamp(in *Key) *Key { - *k = *in - k[0] &= 248 - k[31] = (k[31] & 127) | 64 - return k -} - -// isValidPubKey verifies if the public key is not a low-order point. -func (k *Key) isValidPubKey() bool { - fp.Modp((*fp.Elt)(k)) - var isLowOrder int - for _, P := range lowOrderPoints { - isLowOrder |= subtle.ConstantTimeCompare(P[:], k[:]) - } - return isLowOrder == 0 -} - -// KeyGen obtains a public key given a secret key. -func KeyGen(public, secret *Key) { - ladderJoye(public.clamp(secret)) -} - -// Shared calculates Alice's shared key from Alice's secret key and Bob's -// public key returning true on success. A failure case happens when the public -// key is a low-order point, thus the shared key is all-zeros and the function -// returns false. -func Shared(shared, secret, public *Key) bool { - validPk := *public - validPk[31] &= (1 << (255 % 8)) - 1 - ok := validPk.isValidPubKey() - ladderMontgomery(shared.clamp(secret), &validPk) - return ok -} diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/table.go b/vendor/github.com/cloudflare/circl/dh/x25519/table.go deleted file mode 100644 index 28c8c4ac03..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x25519/table.go +++ /dev/null @@ -1,268 +0,0 @@ -package x25519 - -import "github.com/cloudflare/circl/math/fp25519" - -// tableGenerator contains the set of points: -// -// t[i] = (xi+1)/(xi-1), -// -// where (xi,yi) = 2^iG and G is the generator point -// Size = (256)*(256/8) = 8192 bytes. -var tableGenerator = [256 * fp25519.Size]byte{ - /* (2^ 0)P */ 0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f, - /* (2^ 1)P */ 0x96, 0xfe, 0xaa, 0x16, 0xf4, 0x20, 0x82, 0x6b, 0x34, 0x6a, 0x56, 0x4f, 0x2b, 0xeb, 0xeb, 0x82, 0x0f, 0x95, 0xa5, 0x75, 0xb0, 0xa5, 0xa9, 0xd5, 0xf4, 0x88, 0x24, 0x4b, 0xcf, 0xb2, 0x42, 0x51, - /* (2^ 2)P */ 0x0c, 0x68, 0x69, 0x00, 0x75, 0xbc, 0xae, 0x6a, 0x41, 0x9c, 0xf9, 0xa0, 0x20, 0x78, 0xcf, 0x89, 0xf4, 0xd0, 0x56, 0x3b, 0x18, 0xd9, 0x58, 0x2a, 0xa4, 0x11, 0x60, 0xe3, 0x80, 0xca, 0x5a, 0x4b, - /* (2^ 3)P */ 0x5d, 0x74, 0x29, 0x8c, 0x34, 0x32, 0x91, 0x32, 0xd7, 0x2f, 0x64, 0xe1, 0x16, 0xe6, 0xa2, 0xf4, 0x34, 0xbc, 0x67, 0xff, 0x03, 0xbb, 0x45, 0x1e, 0x4a, 0x9b, 0x2a, 0xf4, 0xd0, 0x12, 0x69, 0x30, - /* (2^ 4)P */ 0x54, 0x71, 0xaf, 0xe6, 0x07, 0x65, 0x88, 0xff, 0x2f, 0xc8, 0xee, 0xdf, 0x13, 0x0e, 0xf5, 0x04, 0xce, 0xb5, 0xba, 0x2a, 0xe8, 0x2f, 0x51, 0xaa, 0x22, 0xf2, 0xd5, 0x68, 0x1a, 0x25, 0x4e, 0x17, - /* (2^ 5)P */ 0x98, 0x88, 0x02, 0x82, 0x0d, 0x70, 0x96, 0xcf, 0xc5, 0x02, 0x2c, 0x0a, 0x37, 0xe3, 0x43, 0x17, 0xaa, 0x6e, 0xe8, 0xb4, 0x98, 0xec, 0x9e, 0x37, 0x2e, 0x48, 0xe0, 0x51, 0x8a, 0x88, 0x59, 0x0c, - /* (2^ 6)P */ 0x89, 0xd1, 0xb5, 0x99, 0xd6, 0xf1, 0xcb, 0xfb, 0x84, 0xdc, 0x9f, 0x8e, 0xd5, 0xf0, 0xae, 0xac, 0x14, 0x76, 0x1f, 0x23, 0x06, 0x0d, 0xc2, 0xc1, 0x72, 0xf9, 0x74, 0xa2, 0x8d, 0x21, 0x38, 0x29, - /* (2^ 7)P */ 0x18, 0x7f, 0x1d, 0xff, 0xbe, 0x49, 0xaf, 0xf6, 0xc2, 0xc9, 0x7a, 0x38, 0x22, 0x1c, 0x54, 0xcc, 0x6b, 0xc5, 0x15, 0x40, 0xef, 0xc9, 0xfc, 0x96, 0xa9, 0x13, 0x09, 0x69, 0x7c, 0x62, 0xc1, 0x69, - /* (2^ 8)P */ 0x0e, 0xdb, 0x33, 0x47, 0x2f, 0xfd, 0x86, 0x7a, 0xe9, 0x7d, 0x08, 0x9e, 0xf2, 0xc4, 0xb8, 0xfd, 0x29, 0xa2, 0xa2, 0x8e, 0x1a, 0x4b, 0x5e, 0x09, 0x79, 0x7a, 0xb3, 0x29, 0xc8, 0xa7, 0xd7, 0x1a, - /* (2^ 9)P */ 0xc0, 0xa0, 0x7e, 0xd1, 0xca, 0x89, 0x2d, 0x34, 0x51, 0x20, 0xed, 0xcc, 0xa6, 0xdd, 0xbe, 0x67, 0x74, 0x2f, 0xb4, 0x2b, 0xbf, 0x31, 0xca, 0x19, 0xbb, 0xac, 0x80, 0x49, 0xc8, 0xb4, 0xf7, 0x3d, - /* (2^ 10)P */ 0x83, 0xd8, 0x0a, 0xc8, 0x4d, 0x44, 0xc6, 0xa8, 0x85, 0xab, 0xe3, 0x66, 0x03, 0x44, 0x1e, 0xb9, 0xd8, 0xf6, 0x64, 0x01, 0xa0, 0xcd, 0x15, 0xc2, 0x68, 0xe6, 0x47, 0xf2, 0x6e, 0x7c, 0x86, 0x3d, - /* (2^ 11)P */ 0x8c, 0x65, 0x3e, 0xcc, 0x2b, 0x58, 0xdd, 0xc7, 0x28, 0x55, 0x0e, 0xee, 0x48, 0x47, 0x2c, 0xfd, 0x71, 0x4f, 0x9f, 0xcc, 0x95, 0x9b, 0xfd, 0xa0, 0xdf, 0x5d, 0x67, 0xb0, 0x71, 0xd8, 0x29, 0x75, - /* (2^ 12)P */ 0x78, 0xbd, 0x3c, 0x2d, 0xb4, 0x68, 0xf5, 0xb8, 0x82, 0xda, 0xf3, 0x91, 0x1b, 0x01, 0x33, 0x12, 0x62, 0x3b, 0x7c, 0x4a, 0xcd, 0x6c, 0xce, 0x2d, 0x03, 0x86, 0x49, 0x9e, 0x8e, 0xfc, 0xe7, 0x75, - /* (2^ 13)P */ 0xec, 0xb6, 0xd0, 0xfc, 0xf1, 0x13, 0x4f, 0x2f, 0x45, 0x7a, 0xff, 0x29, 0x1f, 0xca, 0xa8, 0xf1, 0x9b, 0xe2, 0x81, 0x29, 0xa7, 0xc1, 0x49, 0xc2, 0x6a, 0xb5, 0x83, 0x8c, 0xbb, 0x0d, 0xbe, 0x6e, - /* (2^ 14)P */ 0x22, 0xb2, 0x0b, 0x17, 0x8d, 0xfa, 0x14, 0x71, 0x5f, 0x93, 0x93, 0xbf, 0xd5, 0xdc, 0xa2, 0x65, 0x9a, 0x97, 0x9c, 0xb5, 0x68, 0x1f, 0xc4, 0xbd, 0x89, 0x92, 0xce, 0xa2, 0x79, 0xef, 0x0e, 0x2f, - /* (2^ 15)P */ 0xce, 0x37, 0x3c, 0x08, 0x0c, 0xbf, 0xec, 0x42, 0x22, 0x63, 0x49, 0xec, 0x09, 0xbc, 0x30, 0x29, 0x0d, 0xac, 0xfe, 0x9c, 0xc1, 0xb0, 0x94, 0xf2, 0x80, 0xbb, 0xfa, 0xed, 0x4b, 0xaa, 0x80, 0x37, - /* (2^ 16)P */ 0x29, 0xd9, 0xea, 0x7c, 0x3e, 0x7d, 0xc1, 0x56, 0xc5, 0x22, 0x57, 0x2e, 0xeb, 0x4b, 0xcb, 0xe7, 0x5a, 0xe1, 0xbf, 0x2d, 0x73, 0x31, 0xe9, 0x0c, 0xf8, 0x52, 0x10, 0x62, 0xc7, 0x83, 0xb8, 0x41, - /* (2^ 17)P */ 0x50, 0x53, 0xd2, 0xc3, 0xa0, 0x5c, 0xf7, 0xdb, 0x51, 0xe3, 0xb1, 0x6e, 0x08, 0xbe, 0x36, 0x29, 0x12, 0xb2, 0xa9, 0xb4, 0x3c, 0xe0, 0x36, 0xc9, 0xaa, 0x25, 0x22, 0x32, 0x82, 0xbf, 0x45, 0x1d, - /* (2^ 18)P */ 0xc5, 0x4c, 0x02, 0x6a, 0x03, 0xb1, 0x1a, 0xe8, 0x72, 0x9a, 0x4c, 0x30, 0x1c, 0x20, 0x12, 0xe2, 0xfc, 0xb1, 0x32, 0x68, 0xba, 0x3f, 0xd7, 0xc5, 0x81, 0x95, 0x83, 0x4d, 0x5a, 0xdb, 0xff, 0x20, - /* (2^ 19)P */ 0xad, 0x0f, 0x5d, 0xbe, 0x67, 0xd3, 0x83, 0xa2, 0x75, 0x44, 0x16, 0x8b, 0xca, 0x25, 0x2b, 0x6c, 0x2e, 0xf2, 0xaa, 0x7c, 0x46, 0x35, 0x49, 0x9d, 0x49, 0xff, 0x85, 0xee, 0x8e, 0x40, 0x66, 0x51, - /* (2^ 20)P */ 0x61, 0xe3, 0xb4, 0xfa, 0xa2, 0xba, 0x67, 0x3c, 0xef, 0x5c, 0xf3, 0x7e, 0xc6, 0x33, 0xe4, 0xb3, 0x1c, 0x9b, 0x15, 0x41, 0x92, 0x72, 0x59, 0x52, 0x33, 0xab, 0xb0, 0xd5, 0x92, 0x18, 0x62, 0x6a, - /* (2^ 21)P */ 0xcb, 0xcd, 0x55, 0x75, 0x38, 0x4a, 0xb7, 0x20, 0x3f, 0x92, 0x08, 0x12, 0x0e, 0xa1, 0x2a, 0x53, 0xd1, 0x1d, 0x28, 0x62, 0x77, 0x7b, 0xa1, 0xea, 0xbf, 0x44, 0x5c, 0xf0, 0x43, 0x34, 0xab, 0x61, - /* (2^ 22)P */ 0xf8, 0xde, 0x24, 0x23, 0x42, 0x6c, 0x7a, 0x25, 0x7f, 0xcf, 0xe3, 0x17, 0x10, 0x6c, 0x1c, 0x13, 0x57, 0xa2, 0x30, 0xf6, 0x39, 0x87, 0x75, 0x23, 0x80, 0x85, 0xa7, 0x01, 0x7a, 0x40, 0x5a, 0x29, - /* (2^ 23)P */ 0xd9, 0xa8, 0x5d, 0x6d, 0x24, 0x43, 0xc4, 0xf8, 0x5d, 0xfa, 0x52, 0x0c, 0x45, 0x75, 0xd7, 0x19, 0x3d, 0xf8, 0x1b, 0x73, 0x92, 0xfc, 0xfc, 0x2a, 0x00, 0x47, 0x2b, 0x1b, 0xe8, 0xc8, 0x10, 0x7d, - /* (2^ 24)P */ 0x0b, 0xa2, 0xba, 0x70, 0x1f, 0x27, 0xe0, 0xc8, 0x57, 0x39, 0xa6, 0x7c, 0x86, 0x48, 0x37, 0x99, 0xbb, 0xd4, 0x7e, 0xcb, 0xb3, 0xef, 0x12, 0x54, 0x75, 0x29, 0xe6, 0x73, 0x61, 0xd3, 0x96, 0x31, - /* (2^ 25)P */ 0xfc, 0xdf, 0xc7, 0x41, 0xd1, 0xca, 0x5b, 0xde, 0x48, 0xc8, 0x95, 0xb3, 0xd2, 0x8c, 0xcc, 0x47, 0xcb, 0xf3, 0x1a, 0xe1, 0x42, 0xd9, 0x4c, 0xa3, 0xc2, 0xce, 0x4e, 0xd0, 0xf2, 0xdb, 0x56, 0x02, - /* (2^ 26)P */ 0x7f, 0x66, 0x0e, 0x4b, 0xe9, 0xb7, 0x5a, 0x87, 0x10, 0x0d, 0x85, 0xc0, 0x83, 0xdd, 0xd4, 0xca, 0x9f, 0xc7, 0x72, 0x4e, 0x8f, 0x2e, 0xf1, 0x47, 0x9b, 0xb1, 0x85, 0x8c, 0xbb, 0x87, 0x1a, 0x5f, - /* (2^ 27)P */ 0xb8, 0x51, 0x7f, 0x43, 0xb6, 0xd0, 0xe9, 0x7a, 0x65, 0x90, 0x87, 0x18, 0x55, 0xce, 0xc7, 0x12, 0xee, 0x7a, 0xf7, 0x5c, 0xfe, 0x09, 0xde, 0x2a, 0x27, 0x56, 0x2c, 0x7d, 0x2f, 0x5a, 0xa0, 0x23, - /* (2^ 28)P */ 0x9a, 0x16, 0x7c, 0xf1, 0x28, 0xe1, 0x08, 0x59, 0x2d, 0x85, 0xd0, 0x8a, 0xdd, 0x98, 0x74, 0xf7, 0x64, 0x2f, 0x10, 0xab, 0xce, 0xc4, 0xb4, 0x74, 0x45, 0x98, 0x13, 0x10, 0xdd, 0xba, 0x3a, 0x18, - /* (2^ 29)P */ 0xac, 0xaa, 0x92, 0xaa, 0x8d, 0xba, 0x65, 0xb1, 0x05, 0x67, 0x38, 0x99, 0x95, 0xef, 0xc5, 0xd5, 0xd1, 0x40, 0xfc, 0xf8, 0x0c, 0x8f, 0x2f, 0xbe, 0x14, 0x45, 0x20, 0xee, 0x35, 0xe6, 0x01, 0x27, - /* (2^ 30)P */ 0x14, 0x65, 0x15, 0x20, 0x00, 0xa8, 0x9f, 0x62, 0xce, 0xc1, 0xa8, 0x64, 0x87, 0x86, 0x23, 0xf2, 0x0e, 0x06, 0x3f, 0x0b, 0xff, 0x4f, 0x89, 0x5b, 0xfa, 0xa3, 0x08, 0xf7, 0x4c, 0x94, 0xd9, 0x60, - /* (2^ 31)P */ 0x1f, 0x20, 0x7a, 0x1c, 0x1a, 0x00, 0xea, 0xae, 0x63, 0xce, 0xe2, 0x3e, 0x63, 0x6a, 0xf1, 0xeb, 0xe1, 0x07, 0x7a, 0x4c, 0x59, 0x09, 0x77, 0x6f, 0xcb, 0x08, 0x02, 0x0d, 0x15, 0x58, 0xb9, 0x79, - /* (2^ 32)P */ 0xe7, 0x10, 0xd4, 0x01, 0x53, 0x5e, 0xb5, 0x24, 0x4d, 0xc8, 0xfd, 0xf3, 0xdf, 0x4e, 0xa3, 0xe3, 0xd8, 0x32, 0x40, 0x90, 0xe4, 0x68, 0x87, 0xd8, 0xec, 0xae, 0x3a, 0x7b, 0x42, 0x84, 0x13, 0x13, - /* (2^ 33)P */ 0x14, 0x4f, 0x23, 0x86, 0x12, 0xe5, 0x05, 0x84, 0x29, 0xc5, 0xb4, 0xad, 0x39, 0x47, 0xdc, 0x14, 0xfd, 0x4f, 0x63, 0x50, 0xb2, 0xb5, 0xa2, 0xb8, 0x93, 0xff, 0xa7, 0xd8, 0x4a, 0xa9, 0xe2, 0x2f, - /* (2^ 34)P */ 0xdd, 0xfa, 0x43, 0xe8, 0xef, 0x57, 0x5c, 0xec, 0x18, 0x99, 0xbb, 0xf0, 0x40, 0xce, 0x43, 0x28, 0x05, 0x63, 0x3d, 0xcf, 0xd6, 0x61, 0xb5, 0xa4, 0x7e, 0x77, 0xfb, 0xe8, 0xbd, 0x29, 0x36, 0x74, - /* (2^ 35)P */ 0x8f, 0x73, 0xaf, 0xbb, 0x46, 0xdd, 0x3e, 0x34, 0x51, 0xa6, 0x01, 0xb1, 0x28, 0x18, 0x98, 0xed, 0x7a, 0x79, 0x2c, 0x88, 0x0b, 0x76, 0x01, 0xa4, 0x30, 0x87, 0xc8, 0x8d, 0xe2, 0x23, 0xc2, 0x1f, - /* (2^ 36)P */ 0x0e, 0xba, 0x0f, 0xfc, 0x91, 0x4e, 0x60, 0x48, 0xa4, 0x6f, 0x2c, 0x05, 0x8f, 0xf7, 0x37, 0xb6, 0x9c, 0x23, 0xe9, 0x09, 0x3d, 0xac, 0xcc, 0x91, 0x7c, 0x68, 0x7a, 0x43, 0xd4, 0xee, 0xf7, 0x23, - /* (2^ 37)P */ 0x00, 0xd8, 0x9b, 0x8d, 0x11, 0xb1, 0x73, 0x51, 0xa7, 0xd4, 0x89, 0x31, 0xb6, 0x41, 0xd6, 0x29, 0x86, 0xc5, 0xbb, 0x88, 0x79, 0x17, 0xbf, 0xfd, 0xf5, 0x1d, 0xd8, 0xca, 0x4f, 0x89, 0x59, 0x29, - /* (2^ 38)P */ 0x99, 0xc8, 0xbb, 0xb4, 0xf3, 0x8e, 0xbc, 0xae, 0xb9, 0x92, 0x69, 0xb2, 0x5a, 0x99, 0x48, 0x41, 0xfb, 0x2c, 0xf9, 0x34, 0x01, 0x0b, 0xe2, 0x24, 0xe8, 0xde, 0x05, 0x4a, 0x89, 0x58, 0xd1, 0x40, - /* (2^ 39)P */ 0xf6, 0x76, 0xaf, 0x85, 0x11, 0x0b, 0xb0, 0x46, 0x79, 0x7a, 0x18, 0x73, 0x78, 0xc7, 0xba, 0x26, 0x5f, 0xff, 0x8f, 0xab, 0x95, 0xbf, 0xc0, 0x3d, 0xd7, 0x24, 0x55, 0x94, 0xd8, 0x8b, 0x60, 0x2a, - /* (2^ 40)P */ 0x02, 0x63, 0x44, 0xbd, 0x88, 0x95, 0x44, 0x26, 0x9c, 0x43, 0x88, 0x03, 0x1c, 0xc2, 0x4b, 0x7c, 0xb2, 0x11, 0xbd, 0x83, 0xf3, 0xa4, 0x98, 0x8e, 0xb9, 0x76, 0xd8, 0xc9, 0x7b, 0x8d, 0x21, 0x26, - /* (2^ 41)P */ 0x8a, 0x17, 0x7c, 0x99, 0x42, 0x15, 0x08, 0xe3, 0x6f, 0x60, 0xb6, 0x6f, 0xa8, 0x29, 0x2d, 0x3c, 0x74, 0x93, 0x27, 0xfa, 0x36, 0x77, 0x21, 0x5c, 0xfa, 0xb1, 0xfe, 0x4a, 0x73, 0x05, 0xde, 0x7d, - /* (2^ 42)P */ 0xab, 0x2b, 0xd4, 0x06, 0x39, 0x0e, 0xf1, 0x3b, 0x9c, 0x64, 0x80, 0x19, 0x3e, 0x80, 0xf7, 0xe4, 0x7a, 0xbf, 0x95, 0x95, 0xf8, 0x3b, 0x05, 0xe6, 0x30, 0x55, 0x24, 0xda, 0x38, 0xaf, 0x4f, 0x39, - /* (2^ 43)P */ 0xf4, 0x28, 0x69, 0x89, 0x58, 0xfb, 0x8e, 0x7a, 0x3c, 0x11, 0x6a, 0xcc, 0xe9, 0x78, 0xc7, 0xfb, 0x6f, 0x59, 0xaf, 0x30, 0xe3, 0x0c, 0x67, 0x72, 0xf7, 0x6c, 0x3d, 0x1d, 0xa8, 0x22, 0xf2, 0x48, - /* (2^ 44)P */ 0xa7, 0xca, 0x72, 0x0d, 0x41, 0xce, 0x1f, 0xf0, 0x95, 0x55, 0x3b, 0x21, 0xc7, 0xec, 0x20, 0x5a, 0x83, 0x14, 0xfa, 0xc1, 0x65, 0x11, 0xc2, 0x7b, 0x41, 0xa7, 0xa8, 0x1d, 0xe3, 0x9a, 0xf8, 0x07, - /* (2^ 45)P */ 0xf9, 0x0f, 0x83, 0xc6, 0xb4, 0xc2, 0xd2, 0x05, 0x93, 0x62, 0x31, 0xc6, 0x0f, 0x33, 0x3e, 0xd4, 0x04, 0xa9, 0xd3, 0x96, 0x0a, 0x59, 0xa5, 0xa5, 0xb6, 0x33, 0x53, 0xa6, 0x91, 0xdb, 0x5e, 0x70, - /* (2^ 46)P */ 0xf7, 0xa5, 0xb9, 0x0b, 0x5e, 0xe1, 0x8e, 0x04, 0x5d, 0xaf, 0x0a, 0x9e, 0xca, 0xcf, 0x40, 0x32, 0x0b, 0xa4, 0xc4, 0xed, 0xce, 0x71, 0x4b, 0x8f, 0x6d, 0x4a, 0x54, 0xde, 0xa3, 0x0d, 0x1c, 0x62, - /* (2^ 47)P */ 0x91, 0x40, 0x8c, 0xa0, 0x36, 0x28, 0x87, 0x92, 0x45, 0x14, 0xc9, 0x10, 0xb0, 0x75, 0x83, 0xce, 0x94, 0x63, 0x27, 0x4f, 0x52, 0xeb, 0x72, 0x8a, 0x35, 0x36, 0xc8, 0x7e, 0xfa, 0xfc, 0x67, 0x26, - /* (2^ 48)P */ 0x2a, 0x75, 0xe8, 0x45, 0x33, 0x17, 0x4c, 0x7f, 0xa5, 0x79, 0x70, 0xee, 0xfe, 0x47, 0x1b, 0x06, 0x34, 0xff, 0x86, 0x9f, 0xfa, 0x9a, 0xdd, 0x25, 0x9c, 0xc8, 0x5d, 0x42, 0xf5, 0xce, 0x80, 0x37, - /* (2^ 49)P */ 0xe9, 0xb4, 0x3b, 0x51, 0x5a, 0x03, 0x46, 0x1a, 0xda, 0x5a, 0x57, 0xac, 0x79, 0xf3, 0x1e, 0x3e, 0x50, 0x4b, 0xa2, 0x5f, 0x1c, 0x5f, 0x8c, 0xc7, 0x22, 0x9f, 0xfd, 0x34, 0x76, 0x96, 0x1a, 0x32, - /* (2^ 50)P */ 0xfa, 0x27, 0x6e, 0x82, 0xb8, 0x07, 0x67, 0x94, 0xd0, 0x6f, 0x50, 0x4c, 0xd6, 0x84, 0xca, 0x3d, 0x36, 0x14, 0xe9, 0x75, 0x80, 0x21, 0x89, 0xc1, 0x84, 0x84, 0x3b, 0x9b, 0x16, 0x84, 0x92, 0x6d, - /* (2^ 51)P */ 0xdf, 0x2d, 0x3f, 0x38, 0x40, 0xe8, 0x67, 0x3a, 0x75, 0x9b, 0x4f, 0x0c, 0xa3, 0xc9, 0xee, 0x33, 0x47, 0xef, 0x83, 0xa7, 0x6f, 0xc8, 0xc7, 0x3e, 0xc4, 0xfb, 0xc9, 0xba, 0x9f, 0x44, 0xec, 0x26, - /* (2^ 52)P */ 0x7d, 0x9e, 0x9b, 0xa0, 0xcb, 0x38, 0x0f, 0x5c, 0x8c, 0x47, 0xa3, 0x62, 0xc7, 0x8c, 0x16, 0x81, 0x1c, 0x12, 0xfc, 0x06, 0xd3, 0xb0, 0x23, 0x3e, 0xdd, 0xdc, 0xef, 0xa5, 0xa0, 0x8a, 0x23, 0x5a, - /* (2^ 53)P */ 0xff, 0x43, 0xea, 0xc4, 0x21, 0x61, 0xa2, 0x1b, 0xb5, 0x32, 0x88, 0x7c, 0x7f, 0xc7, 0xf8, 0x36, 0x9a, 0xf9, 0xdc, 0x0a, 0x0b, 0xea, 0xfb, 0x88, 0xf9, 0xeb, 0x5b, 0xc2, 0x8e, 0x93, 0xa9, 0x5c, - /* (2^ 54)P */ 0xa0, 0xcd, 0xfc, 0x51, 0x5e, 0x6a, 0x43, 0xd5, 0x3b, 0x89, 0xcd, 0xc2, 0x97, 0x47, 0xbc, 0x1d, 0x08, 0x4a, 0x22, 0xd3, 0x65, 0x6a, 0x34, 0x19, 0x66, 0xf4, 0x9a, 0x9b, 0xe4, 0x34, 0x50, 0x0f, - /* (2^ 55)P */ 0x6e, 0xb9, 0xe0, 0xa1, 0x67, 0x39, 0x3c, 0xf2, 0x88, 0x4d, 0x7a, 0x86, 0xfa, 0x08, 0x8b, 0xe5, 0x79, 0x16, 0x34, 0xa7, 0xc6, 0xab, 0x2f, 0xfb, 0x46, 0x69, 0x02, 0xb6, 0x1e, 0x38, 0x75, 0x2a, - /* (2^ 56)P */ 0xac, 0x20, 0x94, 0xc1, 0xe4, 0x3b, 0x0a, 0xc8, 0xdc, 0xb6, 0xf2, 0x81, 0xc6, 0xf6, 0xb1, 0x66, 0x88, 0x33, 0xe9, 0x61, 0x67, 0x03, 0xf7, 0x7c, 0xc4, 0xa4, 0x60, 0xa6, 0xd8, 0xbb, 0xab, 0x25, - /* (2^ 57)P */ 0x98, 0x51, 0xfd, 0x14, 0xba, 0x12, 0xea, 0x91, 0xa9, 0xff, 0x3c, 0x4a, 0xfc, 0x50, 0x49, 0x68, 0x28, 0xad, 0xf5, 0x30, 0x21, 0x84, 0x26, 0xf8, 0x41, 0xa4, 0x01, 0x53, 0xf7, 0x88, 0xa9, 0x3e, - /* (2^ 58)P */ 0x6f, 0x8c, 0x5f, 0x69, 0x9a, 0x10, 0x78, 0xc9, 0xf3, 0xc3, 0x30, 0x05, 0x4a, 0xeb, 0x46, 0x17, 0x95, 0x99, 0x45, 0xb4, 0x77, 0x6d, 0x4d, 0x44, 0xc7, 0x5c, 0x4e, 0x05, 0x8c, 0x2b, 0x95, 0x75, - /* (2^ 59)P */ 0xaa, 0xd6, 0xf4, 0x15, 0x79, 0x3f, 0x70, 0xa3, 0xd8, 0x47, 0x26, 0x2f, 0x20, 0x46, 0xc3, 0x66, 0x4b, 0x64, 0x1d, 0x81, 0xdf, 0x69, 0x14, 0xd0, 0x1f, 0xd7, 0xa5, 0x81, 0x7d, 0xa4, 0xfe, 0x77, - /* (2^ 60)P */ 0x81, 0xa3, 0x7c, 0xf5, 0x9e, 0x52, 0xe9, 0xc5, 0x1a, 0x88, 0x2f, 0xce, 0xb9, 0xb4, 0xee, 0x6e, 0xd6, 0x9b, 0x00, 0xe8, 0x28, 0x1a, 0xe9, 0xb6, 0xec, 0x3f, 0xfc, 0x9a, 0x3e, 0xbe, 0x80, 0x4b, - /* (2^ 61)P */ 0xc5, 0xd2, 0xae, 0x26, 0xc5, 0x73, 0x37, 0x7e, 0x9d, 0xa4, 0xc9, 0x53, 0xb4, 0xfc, 0x4a, 0x1b, 0x4d, 0xb2, 0xff, 0xba, 0xd7, 0xbd, 0x20, 0xa9, 0x0e, 0x40, 0x2d, 0x12, 0x9f, 0x69, 0x54, 0x7c, - /* (2^ 62)P */ 0xc8, 0x4b, 0xa9, 0x4f, 0xe1, 0xc8, 0x46, 0xef, 0x5e, 0xed, 0x52, 0x29, 0xce, 0x74, 0xb0, 0xe0, 0xd5, 0x85, 0xd8, 0xdb, 0xe1, 0x50, 0xa4, 0xbe, 0x2c, 0x71, 0x0f, 0x32, 0x49, 0x86, 0xb6, 0x61, - /* (2^ 63)P */ 0xd1, 0xbd, 0xcc, 0x09, 0x73, 0x5f, 0x48, 0x8a, 0x2d, 0x1a, 0x4d, 0x7d, 0x0d, 0x32, 0x06, 0xbd, 0xf4, 0xbe, 0x2d, 0x32, 0x73, 0x29, 0x23, 0x25, 0x70, 0xf7, 0x17, 0x8c, 0x75, 0xc4, 0x5d, 0x44, - /* (2^ 64)P */ 0x3c, 0x93, 0xc8, 0x7c, 0x17, 0x34, 0x04, 0xdb, 0x9f, 0x05, 0xea, 0x75, 0x21, 0xe8, 0x6f, 0xed, 0x34, 0xdb, 0x53, 0xc0, 0xfd, 0xbe, 0xfe, 0x1e, 0x99, 0xaf, 0x5d, 0xc6, 0x67, 0xe8, 0xdb, 0x4a, - /* (2^ 65)P */ 0xdf, 0x09, 0x06, 0xa9, 0xa2, 0x71, 0xcd, 0x3a, 0x50, 0x40, 0xd0, 0x6d, 0x85, 0x91, 0xe9, 0xe5, 0x3c, 0xc2, 0x57, 0x81, 0x68, 0x9b, 0xc6, 0x1e, 0x4d, 0xfe, 0x5c, 0x88, 0xf6, 0x27, 0x74, 0x69, - /* (2^ 66)P */ 0x51, 0xa8, 0xe1, 0x65, 0x9b, 0x7b, 0xbe, 0xd7, 0xdd, 0x36, 0xc5, 0x22, 0xd5, 0x28, 0x3d, 0xa0, 0x45, 0xb6, 0xd2, 0x8f, 0x65, 0x9d, 0x39, 0x28, 0xe1, 0x41, 0x26, 0x7c, 0xe1, 0xb7, 0xe5, 0x49, - /* (2^ 67)P */ 0xa4, 0x57, 0x04, 0x70, 0x98, 0x3a, 0x8c, 0x6f, 0x78, 0x67, 0xbb, 0x5e, 0xa2, 0xf0, 0x78, 0x50, 0x0f, 0x96, 0x82, 0xc3, 0xcb, 0x3c, 0x3c, 0xd1, 0xb1, 0x84, 0xdf, 0xa7, 0x58, 0x32, 0x00, 0x2e, - /* (2^ 68)P */ 0x1c, 0x6a, 0x29, 0xe6, 0x9b, 0xf3, 0xd1, 0x8a, 0xb2, 0xbf, 0x5f, 0x2a, 0x65, 0xaa, 0xee, 0xc1, 0xcb, 0xf3, 0x26, 0xfd, 0x73, 0x06, 0xee, 0x33, 0xcc, 0x2c, 0x9d, 0xa6, 0x73, 0x61, 0x25, 0x59, - /* (2^ 69)P */ 0x41, 0xfc, 0x18, 0x4e, 0xaa, 0x07, 0xea, 0x41, 0x1e, 0xa5, 0x87, 0x7c, 0x52, 0x19, 0xfc, 0xd9, 0x6f, 0xca, 0x31, 0x58, 0x80, 0xcb, 0xaa, 0xbd, 0x4f, 0x69, 0x16, 0xc9, 0x2d, 0x65, 0x5b, 0x44, - /* (2^ 70)P */ 0x15, 0x23, 0x17, 0xf2, 0xa7, 0xa3, 0x92, 0xce, 0x64, 0x99, 0x1b, 0xe1, 0x2d, 0x28, 0xdc, 0x1e, 0x4a, 0x31, 0x4c, 0xe0, 0xaf, 0x3a, 0x82, 0xa1, 0x86, 0xf5, 0x7c, 0x43, 0x94, 0x2d, 0x0a, 0x79, - /* (2^ 71)P */ 0x09, 0xe0, 0xf6, 0x93, 0xfb, 0x47, 0xc4, 0x71, 0x76, 0x52, 0x84, 0x22, 0x67, 0xa5, 0x22, 0x89, 0x69, 0x51, 0x4f, 0x20, 0x3b, 0x90, 0x70, 0xbf, 0xfe, 0x19, 0xa3, 0x1b, 0x89, 0x89, 0x7a, 0x2f, - /* (2^ 72)P */ 0x0c, 0x14, 0xe2, 0x77, 0xb5, 0x8e, 0xa0, 0x02, 0xf4, 0xdc, 0x7b, 0x42, 0xd4, 0x4e, 0x9a, 0xed, 0xd1, 0x3c, 0x32, 0xe4, 0x44, 0xec, 0x53, 0x52, 0x5b, 0x35, 0xe9, 0x14, 0x3c, 0x36, 0x88, 0x3e, - /* (2^ 73)P */ 0x8c, 0x0b, 0x11, 0x77, 0x42, 0xc1, 0x66, 0xaa, 0x90, 0x33, 0xa2, 0x10, 0x16, 0x39, 0xe0, 0x1a, 0xa2, 0xc2, 0x3f, 0xc9, 0x12, 0xbd, 0x30, 0x20, 0xab, 0xc7, 0x55, 0x95, 0x57, 0x41, 0xe1, 0x3e, - /* (2^ 74)P */ 0x41, 0x7d, 0x6e, 0x6d, 0x3a, 0xde, 0x14, 0x92, 0xfe, 0x7e, 0xf1, 0x07, 0x86, 0xd8, 0xcd, 0x3c, 0x17, 0x12, 0xe1, 0xf8, 0x88, 0x12, 0x4f, 0x67, 0xd0, 0x93, 0x9f, 0x32, 0x0f, 0x25, 0x82, 0x56, - /* (2^ 75)P */ 0x6e, 0x39, 0x2e, 0x6d, 0x13, 0x0b, 0xf0, 0x6c, 0xbf, 0xde, 0x14, 0x10, 0x6f, 0xf8, 0x4c, 0x6e, 0x83, 0x4e, 0xcc, 0xbf, 0xb5, 0xb1, 0x30, 0x59, 0xb6, 0x16, 0xba, 0x8a, 0xb4, 0x69, 0x70, 0x04, - /* (2^ 76)P */ 0x93, 0x07, 0xb2, 0x69, 0xab, 0xe4, 0x4c, 0x0d, 0x9e, 0xfb, 0xd0, 0x97, 0x1a, 0xb9, 0x4d, 0xb2, 0x1d, 0xd0, 0x00, 0x4e, 0xf5, 0x50, 0xfa, 0xcd, 0xb5, 0xdd, 0x8b, 0x36, 0x85, 0x10, 0x1b, 0x22, - /* (2^ 77)P */ 0xd2, 0xd8, 0xe3, 0xb1, 0x68, 0x94, 0xe5, 0xe7, 0x93, 0x2f, 0x12, 0xbd, 0x63, 0x65, 0xc5, 0x53, 0x09, 0x3f, 0x66, 0xe0, 0x03, 0xa9, 0xe8, 0xee, 0x42, 0x3d, 0xbe, 0xcb, 0x62, 0xa6, 0xef, 0x61, - /* (2^ 78)P */ 0x2a, 0xab, 0x6e, 0xde, 0xdd, 0xdd, 0xf8, 0x2c, 0x31, 0xf2, 0x35, 0x14, 0xd5, 0x0a, 0xf8, 0x9b, 0x73, 0x49, 0xf0, 0xc9, 0xce, 0xda, 0xea, 0x5d, 0x27, 0x9b, 0xd2, 0x41, 0x5d, 0x5b, 0x27, 0x29, - /* (2^ 79)P */ 0x4f, 0xf1, 0xeb, 0x95, 0x08, 0x0f, 0xde, 0xcf, 0xa7, 0x05, 0x49, 0x05, 0x6b, 0xb9, 0xaa, 0xb9, 0xfd, 0x20, 0xc4, 0xa1, 0xd9, 0x0d, 0xe8, 0xca, 0xc7, 0xbb, 0x73, 0x16, 0x2f, 0xbf, 0x63, 0x0a, - /* (2^ 80)P */ 0x8c, 0xbc, 0x8f, 0x95, 0x11, 0x6e, 0x2f, 0x09, 0xad, 0x2f, 0x82, 0x04, 0xe8, 0x81, 0x2a, 0x67, 0x17, 0x25, 0xd5, 0x60, 0x15, 0x35, 0xc8, 0xca, 0xf8, 0x92, 0xf1, 0xc8, 0x22, 0x77, 0x3f, 0x6f, - /* (2^ 81)P */ 0xb7, 0x94, 0xe8, 0xc2, 0xcc, 0x90, 0xba, 0xf8, 0x0d, 0x9f, 0xff, 0x38, 0xa4, 0x57, 0x75, 0x2c, 0x59, 0x23, 0xe5, 0x5a, 0x85, 0x1d, 0x4d, 0x89, 0x69, 0x3d, 0x74, 0x7b, 0x15, 0x22, 0xe1, 0x68, - /* (2^ 82)P */ 0xf3, 0x19, 0xb9, 0xcf, 0x70, 0x55, 0x7e, 0xd8, 0xb9, 0x8d, 0x79, 0x95, 0xcd, 0xde, 0x2c, 0x3f, 0xce, 0xa2, 0xc0, 0x10, 0x47, 0x15, 0x21, 0x21, 0xb2, 0xc5, 0x6d, 0x24, 0x15, 0xa1, 0x66, 0x3c, - /* (2^ 83)P */ 0x72, 0xcb, 0x4e, 0x29, 0x62, 0xc5, 0xed, 0xcb, 0x16, 0x0b, 0x28, 0x6a, 0xc3, 0x43, 0x71, 0xba, 0x67, 0x8b, 0x07, 0xd4, 0xef, 0xc2, 0x10, 0x96, 0x1e, 0x4b, 0x6a, 0x94, 0x5d, 0x73, 0x44, 0x61, - /* (2^ 84)P */ 0x50, 0x33, 0x5b, 0xd7, 0x1e, 0x11, 0x6f, 0x53, 0x1b, 0xd8, 0x41, 0x20, 0x8c, 0xdb, 0x11, 0x02, 0x3c, 0x41, 0x10, 0x0e, 0x00, 0xb1, 0x3c, 0xf9, 0x76, 0x88, 0x9e, 0x03, 0x3c, 0xfd, 0x9d, 0x14, - /* (2^ 85)P */ 0x5b, 0x15, 0x63, 0x6b, 0xe4, 0xdd, 0x79, 0xd4, 0x76, 0x79, 0x83, 0x3c, 0xe9, 0x15, 0x6e, 0xb6, 0x38, 0xe0, 0x13, 0x1f, 0x3b, 0xe4, 0xfd, 0xda, 0x35, 0x0b, 0x4b, 0x2e, 0x1a, 0xda, 0xaf, 0x5f, - /* (2^ 86)P */ 0x81, 0x75, 0x19, 0x17, 0xdf, 0xbb, 0x00, 0x36, 0xc2, 0xd2, 0x3c, 0xbe, 0x0b, 0x05, 0x72, 0x39, 0x86, 0xbe, 0xd5, 0xbd, 0x6d, 0x90, 0x38, 0x59, 0x0f, 0x86, 0x9b, 0x3f, 0xe4, 0xe5, 0xfc, 0x34, - /* (2^ 87)P */ 0x02, 0x4d, 0xd1, 0x42, 0xcd, 0xa4, 0xa8, 0x75, 0x65, 0xdf, 0x41, 0x34, 0xc5, 0xab, 0x8d, 0x82, 0xd3, 0x31, 0xe1, 0xd2, 0xed, 0xab, 0xdc, 0x33, 0x5f, 0xd2, 0x14, 0xb8, 0x6f, 0xd7, 0xba, 0x3e, - /* (2^ 88)P */ 0x0f, 0xe1, 0x70, 0x6f, 0x56, 0x6f, 0x90, 0xd4, 0x5a, 0x0f, 0x69, 0x51, 0xaa, 0xf7, 0x12, 0x5d, 0xf2, 0xfc, 0xce, 0x76, 0x6e, 0xb1, 0xad, 0x45, 0x99, 0x29, 0x23, 0xad, 0xae, 0x68, 0xf7, 0x01, - /* (2^ 89)P */ 0xbd, 0xfe, 0x48, 0x62, 0x7b, 0xc7, 0x6c, 0x2b, 0xfd, 0xaf, 0x3a, 0xec, 0x28, 0x06, 0xd3, 0x3c, 0x6a, 0x48, 0xef, 0xd4, 0x80, 0x0b, 0x1c, 0xce, 0x23, 0x6c, 0xf6, 0xa6, 0x2e, 0xff, 0x3b, 0x4c, - /* (2^ 90)P */ 0x5f, 0xeb, 0xea, 0x4a, 0x09, 0xc4, 0x2e, 0x3f, 0xa7, 0x2c, 0x37, 0x6e, 0x28, 0x9b, 0xb1, 0x61, 0x1d, 0x70, 0x2a, 0xde, 0x66, 0xa9, 0xef, 0x5e, 0xef, 0xe3, 0x55, 0xde, 0x65, 0x05, 0xb2, 0x23, - /* (2^ 91)P */ 0x57, 0x85, 0xd5, 0x79, 0x52, 0xca, 0x01, 0xe3, 0x4f, 0x87, 0xc2, 0x27, 0xce, 0xd4, 0xb2, 0x07, 0x67, 0x1d, 0xcf, 0x9d, 0x8a, 0xcd, 0x32, 0xa5, 0x56, 0xff, 0x2b, 0x3f, 0xe2, 0xfe, 0x52, 0x2a, - /* (2^ 92)P */ 0x3d, 0x66, 0xd8, 0x7c, 0xb3, 0xef, 0x24, 0x86, 0x94, 0x75, 0xbd, 0xff, 0x20, 0xac, 0xc7, 0xbb, 0x45, 0x74, 0xd3, 0x82, 0x9c, 0x5e, 0xb8, 0x57, 0x66, 0xec, 0xa6, 0x86, 0xcb, 0x52, 0x30, 0x7b, - /* (2^ 93)P */ 0x1e, 0xe9, 0x25, 0x25, 0xad, 0xf0, 0x82, 0x34, 0xa0, 0xdc, 0x8e, 0xd2, 0x43, 0x80, 0xb6, 0x2c, 0x3a, 0x00, 0x1b, 0x2e, 0x05, 0x6d, 0x4f, 0xaf, 0x0a, 0x1b, 0x78, 0x29, 0x25, 0x8c, 0x5f, 0x18, - /* (2^ 94)P */ 0xd6, 0xe0, 0x0c, 0xd8, 0x5b, 0xde, 0x41, 0xaa, 0xd6, 0xe9, 0x53, 0x68, 0x41, 0xb2, 0x07, 0x94, 0x3a, 0x4c, 0x7f, 0x35, 0x6e, 0xc3, 0x3e, 0x56, 0xce, 0x7b, 0x29, 0x0e, 0xdd, 0xb8, 0xc4, 0x4c, - /* (2^ 95)P */ 0x0e, 0x73, 0xb8, 0xff, 0x52, 0x1a, 0xfc, 0xa2, 0x37, 0x8e, 0x05, 0x67, 0x6e, 0xf1, 0x11, 0x18, 0xe1, 0x4e, 0xdf, 0xcd, 0x66, 0xa3, 0xf9, 0x10, 0x99, 0xf0, 0xb9, 0xa0, 0xc4, 0xa0, 0xf4, 0x72, - /* (2^ 96)P */ 0xa7, 0x4e, 0x3f, 0x66, 0x6f, 0xc0, 0x16, 0x8c, 0xba, 0x0f, 0x97, 0x4e, 0xf7, 0x3a, 0x3b, 0x69, 0x45, 0xc3, 0x9e, 0xd6, 0xf1, 0xe7, 0x02, 0x21, 0x89, 0x80, 0x8a, 0x96, 0xbc, 0x3c, 0xa5, 0x0b, - /* (2^ 97)P */ 0x37, 0x55, 0xa1, 0xfe, 0xc7, 0x9d, 0x3d, 0xca, 0x93, 0x64, 0x53, 0x51, 0xbb, 0x24, 0x68, 0x4c, 0xb1, 0x06, 0x40, 0x84, 0x14, 0x63, 0x88, 0xb9, 0x60, 0xcc, 0x54, 0xb4, 0x2a, 0xa7, 0xd2, 0x40, - /* (2^ 98)P */ 0x75, 0x09, 0x57, 0x12, 0xb7, 0xa1, 0x36, 0x59, 0x57, 0xa6, 0xbd, 0xde, 0x48, 0xd6, 0xb9, 0x91, 0xea, 0x30, 0x43, 0xb6, 0x4b, 0x09, 0x44, 0x33, 0xd0, 0x51, 0xee, 0x12, 0x0d, 0xa1, 0x6b, 0x00, - /* (2^ 99)P */ 0x58, 0x5d, 0xde, 0xf5, 0x68, 0x84, 0x22, 0x19, 0xb0, 0x05, 0xcc, 0x38, 0x4c, 0x2f, 0xb1, 0x0e, 0x90, 0x19, 0x60, 0xd5, 0x9d, 0x9f, 0x03, 0xa1, 0x0b, 0x0e, 0xff, 0x4f, 0xce, 0xd4, 0x02, 0x45, - /* (2^100)P */ 0x89, 0xc1, 0x37, 0x68, 0x10, 0x54, 0x20, 0xeb, 0x3c, 0xb9, 0xd3, 0x6d, 0x4c, 0x54, 0xf6, 0xd0, 0x4f, 0xd7, 0x16, 0xc4, 0x64, 0x70, 0x72, 0x40, 0xf0, 0x2e, 0x50, 0x4b, 0x11, 0xc6, 0x15, 0x6e, - /* (2^101)P */ 0x6b, 0xa7, 0xb1, 0xcf, 0x98, 0xa3, 0xf2, 0x4d, 0xb1, 0xf6, 0xf2, 0x19, 0x74, 0x6c, 0x25, 0x11, 0x43, 0x60, 0x6e, 0x06, 0x62, 0x79, 0x49, 0x4a, 0x44, 0x5b, 0x35, 0x41, 0xab, 0x3a, 0x5b, 0x70, - /* (2^102)P */ 0xd8, 0xb1, 0x97, 0xd7, 0x36, 0xf5, 0x5e, 0x36, 0xdb, 0xf0, 0xdd, 0x22, 0xd6, 0x6b, 0x07, 0x00, 0x88, 0x5a, 0x57, 0xe0, 0xb0, 0x33, 0xbf, 0x3b, 0x4d, 0xca, 0xe4, 0xc8, 0x05, 0xaa, 0x77, 0x37, - /* (2^103)P */ 0x5f, 0xdb, 0x78, 0x55, 0xc8, 0x45, 0x27, 0x39, 0xe2, 0x5a, 0xae, 0xdb, 0x49, 0x41, 0xda, 0x6f, 0x67, 0x98, 0xdc, 0x8a, 0x0b, 0xb0, 0xf0, 0xb1, 0xa3, 0x1d, 0x6f, 0xd3, 0x37, 0x34, 0x96, 0x09, - /* (2^104)P */ 0x53, 0x38, 0xdc, 0xa5, 0x90, 0x4e, 0x82, 0x7e, 0xbd, 0x5c, 0x13, 0x1f, 0x64, 0xf6, 0xb5, 0xcc, 0xcc, 0x8f, 0xce, 0x87, 0x6c, 0xd8, 0x36, 0x67, 0x9f, 0x24, 0x04, 0x66, 0xe2, 0x3c, 0x5f, 0x62, - /* (2^105)P */ 0x3f, 0xf6, 0x02, 0x95, 0x05, 0xc8, 0x8a, 0xaf, 0x69, 0x14, 0x35, 0x2e, 0x0a, 0xe7, 0x05, 0x0c, 0x05, 0x63, 0x4b, 0x76, 0x9c, 0x2e, 0x29, 0x35, 0xc3, 0x3a, 0xe2, 0xc7, 0x60, 0x43, 0x39, 0x1a, - /* (2^106)P */ 0x64, 0x32, 0x18, 0x51, 0x32, 0xd5, 0xc6, 0xd5, 0x4f, 0xb7, 0xc2, 0x43, 0xbd, 0x5a, 0x06, 0x62, 0x9b, 0x3f, 0x97, 0x3b, 0xd0, 0xf5, 0xfb, 0xb5, 0x5e, 0x6e, 0x20, 0x61, 0x36, 0xda, 0xa3, 0x13, - /* (2^107)P */ 0xe5, 0x94, 0x5d, 0x72, 0x37, 0x58, 0xbd, 0xc6, 0xc5, 0x16, 0x50, 0x20, 0x12, 0x09, 0xe3, 0x18, 0x68, 0x3c, 0x03, 0x70, 0x15, 0xce, 0x88, 0x20, 0x87, 0x79, 0x83, 0x5c, 0x49, 0x1f, 0xba, 0x7f, - /* (2^108)P */ 0x9d, 0x07, 0xf9, 0xf2, 0x23, 0x74, 0x8c, 0x5a, 0xc5, 0x3f, 0x02, 0x34, 0x7b, 0x15, 0x35, 0x17, 0x51, 0xb3, 0xfa, 0xd2, 0x9a, 0xb4, 0xf9, 0xe4, 0x3c, 0xe3, 0x78, 0xc8, 0x72, 0xff, 0x91, 0x66, - /* (2^109)P */ 0x3e, 0xff, 0x5e, 0xdc, 0xde, 0x2a, 0x2c, 0x12, 0xf4, 0x6c, 0x95, 0xd8, 0xf1, 0x4b, 0xdd, 0xf8, 0xda, 0x5b, 0x9e, 0x9e, 0x5d, 0x20, 0x86, 0xeb, 0x43, 0xc7, 0x75, 0xd9, 0xb9, 0x92, 0x9b, 0x04, - /* (2^110)P */ 0x5a, 0xc0, 0xf6, 0xb0, 0x30, 0x97, 0x37, 0xa5, 0x53, 0xa5, 0xf3, 0xc6, 0xac, 0xff, 0xa0, 0x72, 0x6d, 0xcd, 0x0d, 0xb2, 0x34, 0x2c, 0x03, 0xb0, 0x4a, 0x16, 0xd5, 0x88, 0xbc, 0x9d, 0x0e, 0x47, - /* (2^111)P */ 0x47, 0xc0, 0x37, 0xa2, 0x0c, 0xf1, 0x9c, 0xb1, 0xa2, 0x81, 0x6c, 0x1f, 0x71, 0x66, 0x54, 0xb6, 0x43, 0x0b, 0xd8, 0x6d, 0xd1, 0x1b, 0x32, 0xb3, 0x8e, 0xbe, 0x5f, 0x0c, 0x60, 0x4f, 0xc1, 0x48, - /* (2^112)P */ 0x03, 0xc8, 0xa6, 0x4a, 0x26, 0x1c, 0x45, 0x66, 0xa6, 0x7d, 0xfa, 0xa4, 0x04, 0x39, 0x6e, 0xb6, 0x95, 0x83, 0x12, 0xb3, 0xb0, 0x19, 0x5f, 0xd4, 0x10, 0xbc, 0xc9, 0xc3, 0x27, 0x26, 0x60, 0x31, - /* (2^113)P */ 0x0d, 0xe1, 0xe4, 0x32, 0x48, 0xdc, 0x20, 0x31, 0xf7, 0x17, 0xc7, 0x56, 0x67, 0xc4, 0x20, 0xeb, 0x94, 0x02, 0x28, 0x67, 0x3f, 0x2e, 0xf5, 0x00, 0x09, 0xc5, 0x30, 0x47, 0xc1, 0x4f, 0x6d, 0x56, - /* (2^114)P */ 0x06, 0x72, 0x83, 0xfd, 0x40, 0x5d, 0x3a, 0x7e, 0x7a, 0x54, 0x59, 0x71, 0xdc, 0x26, 0xe9, 0xc1, 0x95, 0x60, 0x8d, 0xa6, 0xfb, 0x30, 0x67, 0x21, 0xa7, 0xce, 0x69, 0x3f, 0x84, 0xc3, 0xe8, 0x22, - /* (2^115)P */ 0x2b, 0x4b, 0x0e, 0x93, 0xe8, 0x74, 0xd0, 0x33, 0x16, 0x58, 0xd1, 0x84, 0x0e, 0x35, 0xe4, 0xb6, 0x65, 0x23, 0xba, 0xd6, 0x6a, 0xc2, 0x34, 0x55, 0xf3, 0xf3, 0xf1, 0x89, 0x2f, 0xc1, 0x73, 0x77, - /* (2^116)P */ 0xaa, 0x62, 0x79, 0xa5, 0x4d, 0x40, 0xba, 0x8c, 0x56, 0xce, 0x99, 0x19, 0xa8, 0x97, 0x98, 0x5b, 0xfc, 0x92, 0x16, 0x12, 0x2f, 0x86, 0x8e, 0x50, 0x91, 0xc2, 0x93, 0xa0, 0x7f, 0x90, 0x81, 0x3a, - /* (2^117)P */ 0x10, 0xa5, 0x25, 0x47, 0xff, 0xd0, 0xde, 0x0d, 0x03, 0xc5, 0x3f, 0x67, 0x10, 0xcc, 0xd8, 0x10, 0x89, 0x4e, 0x1f, 0x9f, 0x1c, 0x15, 0x9d, 0x5b, 0x4c, 0xa4, 0x09, 0xcb, 0xd5, 0xc1, 0xa5, 0x32, - /* (2^118)P */ 0xfb, 0x41, 0x05, 0xb9, 0x42, 0xa4, 0x0a, 0x1e, 0xdb, 0x85, 0xb4, 0xc1, 0x7c, 0xeb, 0x85, 0x5f, 0xe5, 0xf2, 0x9d, 0x8a, 0xce, 0x95, 0xe5, 0xbe, 0x36, 0x22, 0x42, 0x22, 0xc7, 0x96, 0xe4, 0x25, - /* (2^119)P */ 0xb9, 0xe5, 0x0f, 0xcd, 0x46, 0x3c, 0xdf, 0x5e, 0x88, 0x33, 0xa4, 0xd2, 0x7e, 0x5a, 0xe7, 0x34, 0x52, 0xe3, 0x61, 0xd7, 0x11, 0xde, 0x88, 0xe4, 0x5c, 0x54, 0x85, 0xa0, 0x01, 0x8a, 0x87, 0x0e, - /* (2^120)P */ 0x04, 0xbb, 0x21, 0xe0, 0x77, 0x3c, 0x49, 0xba, 0x9a, 0x89, 0xdf, 0xc7, 0x43, 0x18, 0x4d, 0x2b, 0x67, 0x0d, 0xe8, 0x7a, 0x48, 0x7a, 0xa3, 0x9e, 0x94, 0x17, 0xe4, 0x11, 0x80, 0x95, 0xa9, 0x67, - /* (2^121)P */ 0x65, 0xb0, 0x97, 0x66, 0x1a, 0x05, 0x58, 0x4b, 0xd4, 0xa6, 0x6b, 0x8d, 0x7d, 0x3f, 0xe3, 0x47, 0xc1, 0x46, 0xca, 0x83, 0xd4, 0xa8, 0x4d, 0xbb, 0x0d, 0xdb, 0xc2, 0x81, 0xa1, 0xca, 0xbe, 0x68, - /* (2^122)P */ 0xa5, 0x9a, 0x98, 0x0b, 0xe9, 0x80, 0x89, 0x8d, 0x9b, 0xc9, 0x93, 0x2c, 0x4a, 0xb1, 0x5e, 0xf9, 0xa2, 0x73, 0x6e, 0x79, 0xc4, 0xc7, 0xc6, 0x51, 0x69, 0xb5, 0xef, 0xb5, 0x63, 0x83, 0x22, 0x6e, - /* (2^123)P */ 0xc8, 0x24, 0xd6, 0x2d, 0xb0, 0xc0, 0xbb, 0xc6, 0xee, 0x70, 0x81, 0xec, 0x7d, 0xb4, 0x7e, 0x77, 0xa9, 0xaf, 0xcf, 0x04, 0xa0, 0x15, 0xde, 0x3c, 0x9b, 0xbf, 0x60, 0x71, 0x08, 0xbc, 0xc6, 0x1d, - /* (2^124)P */ 0x02, 0x40, 0xc3, 0xee, 0x43, 0xe0, 0x07, 0x2e, 0x7f, 0xdc, 0x68, 0x7a, 0x67, 0xfc, 0xe9, 0x18, 0x9a, 0x5b, 0xd1, 0x8b, 0x18, 0x03, 0xda, 0xd8, 0x53, 0x82, 0x56, 0x00, 0xbb, 0xc3, 0xfb, 0x48, - /* (2^125)P */ 0xe1, 0x4c, 0x65, 0xfb, 0x4c, 0x7d, 0x54, 0x57, 0xad, 0xe2, 0x58, 0xa0, 0x82, 0x5b, 0x56, 0xd3, 0x78, 0x44, 0x15, 0xbf, 0x0b, 0xaf, 0x3e, 0xf6, 0x18, 0xbb, 0xdf, 0x14, 0xf1, 0x1e, 0x53, 0x47, - /* (2^126)P */ 0x87, 0xc5, 0x78, 0x42, 0x0a, 0x63, 0xec, 0xe1, 0xf3, 0x83, 0x8e, 0xca, 0x46, 0xd5, 0x07, 0x55, 0x2b, 0x0c, 0xdc, 0x3a, 0xc6, 0x35, 0xe1, 0x85, 0x4e, 0x84, 0x82, 0x56, 0xa8, 0xef, 0xa7, 0x0a, - /* (2^127)P */ 0x15, 0xf6, 0xe1, 0xb3, 0xa8, 0x1b, 0x69, 0x72, 0xfa, 0x3f, 0xbe, 0x1f, 0x70, 0xe9, 0xb4, 0x32, 0x68, 0x78, 0xbb, 0x39, 0x2e, 0xd9, 0xb6, 0x97, 0xe8, 0x39, 0x2e, 0xa0, 0xde, 0x53, 0xfe, 0x2c, - /* (2^128)P */ 0xb0, 0x52, 0xcd, 0x85, 0xcd, 0x92, 0x73, 0x68, 0x31, 0x98, 0xe2, 0x10, 0xc9, 0x66, 0xff, 0x27, 0x06, 0x2d, 0x83, 0xa9, 0x56, 0x45, 0x13, 0x97, 0xa0, 0xf8, 0x84, 0x0a, 0x36, 0xb0, 0x9b, 0x26, - /* (2^129)P */ 0x5c, 0xf8, 0x43, 0x76, 0x45, 0x55, 0x6e, 0x70, 0x1b, 0x7d, 0x59, 0x9b, 0x8c, 0xa4, 0x34, 0x37, 0x72, 0xa4, 0xef, 0xc6, 0xe8, 0x91, 0xee, 0x7a, 0xe0, 0xd9, 0xa9, 0x98, 0xc1, 0xab, 0xd6, 0x5c, - /* (2^130)P */ 0x1a, 0xe4, 0x3c, 0xcb, 0x06, 0xde, 0x04, 0x0e, 0x38, 0xe1, 0x02, 0x34, 0x89, 0xeb, 0xc6, 0xd8, 0x72, 0x37, 0x6e, 0x68, 0xbb, 0x59, 0x46, 0x90, 0xc8, 0xa8, 0x6b, 0x74, 0x71, 0xc3, 0x15, 0x72, - /* (2^131)P */ 0xd9, 0xa2, 0xe4, 0xea, 0x7e, 0xa9, 0x12, 0xfd, 0xc5, 0xf2, 0x94, 0x63, 0x51, 0xb7, 0x14, 0x95, 0x94, 0xf2, 0x08, 0x92, 0x80, 0xd5, 0x6f, 0x26, 0xb9, 0x26, 0x9a, 0x61, 0x85, 0x70, 0x84, 0x5c, - /* (2^132)P */ 0xea, 0x94, 0xd6, 0xfe, 0x10, 0x54, 0x98, 0x52, 0x54, 0xd2, 0x2e, 0x4a, 0x93, 0x5b, 0x90, 0x3c, 0x67, 0xe4, 0x3b, 0x2d, 0x69, 0x47, 0xbb, 0x10, 0xe1, 0xe9, 0xe5, 0x69, 0x2d, 0x3d, 0x3b, 0x06, - /* (2^133)P */ 0xeb, 0x7d, 0xa5, 0xdd, 0xee, 0x26, 0x27, 0x47, 0x91, 0x18, 0xf4, 0x10, 0xae, 0xc4, 0xb6, 0xef, 0x14, 0x76, 0x30, 0x7b, 0x91, 0x41, 0x16, 0x2b, 0x7c, 0x5b, 0xf4, 0xc4, 0x4f, 0x55, 0x7c, 0x11, - /* (2^134)P */ 0x12, 0x88, 0x9d, 0x8f, 0x11, 0xf3, 0x7c, 0xc0, 0x39, 0x79, 0x01, 0x50, 0x20, 0xd8, 0xdb, 0x01, 0x27, 0x28, 0x1b, 0x17, 0xf4, 0x03, 0xe8, 0xd7, 0xea, 0x25, 0xd2, 0x87, 0x74, 0xe8, 0x15, 0x10, - /* (2^135)P */ 0x4d, 0xcc, 0x3a, 0xd2, 0xfe, 0xe3, 0x8d, 0xc5, 0x2d, 0xbe, 0xa7, 0x94, 0xc2, 0x91, 0xdb, 0x50, 0x57, 0xf4, 0x9c, 0x1c, 0x3d, 0xd4, 0x94, 0x0b, 0x4a, 0x52, 0x37, 0x6e, 0xfa, 0x40, 0x16, 0x6b, - /* (2^136)P */ 0x09, 0x0d, 0xda, 0x5f, 0x6c, 0x34, 0x2f, 0x69, 0x51, 0x31, 0x4d, 0xfa, 0x59, 0x1c, 0x0b, 0x20, 0x96, 0xa2, 0x77, 0x07, 0x76, 0x6f, 0xc4, 0xb8, 0xcf, 0xfb, 0xfd, 0x3f, 0x5f, 0x39, 0x38, 0x4b, - /* (2^137)P */ 0x71, 0xd6, 0x54, 0xbe, 0x00, 0x5e, 0xd2, 0x18, 0xa6, 0xab, 0xc8, 0xbe, 0x82, 0x05, 0xd5, 0x60, 0x82, 0xb9, 0x78, 0x3b, 0x26, 0x8f, 0xad, 0x87, 0x32, 0x04, 0xda, 0x9c, 0x4e, 0xf6, 0xfd, 0x50, - /* (2^138)P */ 0xf0, 0xdc, 0x78, 0xc5, 0xaa, 0x67, 0xf5, 0x90, 0x3b, 0x13, 0xa3, 0xf2, 0x0e, 0x9b, 0x1e, 0xef, 0x71, 0xde, 0xd9, 0x42, 0x92, 0xba, 0xeb, 0x0e, 0xc7, 0x01, 0x31, 0xf0, 0x9b, 0x3c, 0x47, 0x15, - /* (2^139)P */ 0x95, 0x80, 0xb7, 0x56, 0xae, 0xe8, 0x77, 0x7c, 0x8e, 0x07, 0x6f, 0x6e, 0x66, 0xe7, 0x78, 0xb6, 0x1f, 0xba, 0x48, 0x53, 0x61, 0xb9, 0xa0, 0x2d, 0x0b, 0x3f, 0x73, 0xff, 0xc1, 0x31, 0xf9, 0x7c, - /* (2^140)P */ 0x6c, 0x36, 0x0a, 0x0a, 0xf5, 0x57, 0xb3, 0x26, 0x32, 0xd7, 0x87, 0x2b, 0xf4, 0x8c, 0x70, 0xe9, 0xc0, 0xb2, 0x1c, 0xf9, 0xa5, 0xee, 0x3a, 0xc1, 0x4c, 0xbb, 0x43, 0x11, 0x99, 0x0c, 0xd9, 0x35, - /* (2^141)P */ 0xdc, 0xd9, 0xa0, 0xa9, 0x04, 0xc4, 0xc1, 0x47, 0x51, 0xd2, 0x72, 0x19, 0x45, 0x58, 0x9e, 0x65, 0x31, 0x8c, 0xb3, 0x73, 0xc4, 0xa8, 0x75, 0x38, 0x24, 0x1f, 0x56, 0x79, 0xd3, 0x9e, 0xbd, 0x1f, - /* (2^142)P */ 0x8d, 0xc2, 0x1e, 0xd4, 0x6f, 0xbc, 0xfa, 0x11, 0xca, 0x2d, 0x2a, 0xcd, 0xe3, 0xdf, 0xf8, 0x7e, 0x95, 0x45, 0x40, 0x8c, 0x5d, 0x3b, 0xe7, 0x72, 0x27, 0x2f, 0xb7, 0x54, 0x49, 0xfa, 0x35, 0x61, - /* (2^143)P */ 0x9c, 0xb6, 0x24, 0xde, 0xa2, 0x32, 0xfc, 0xcc, 0x88, 0x5d, 0x09, 0x1f, 0x8c, 0x69, 0x55, 0x3f, 0x29, 0xf9, 0xc3, 0x5a, 0xed, 0x50, 0x33, 0xbe, 0xeb, 0x7e, 0x47, 0xca, 0x06, 0xf8, 0x9b, 0x5e, - /* (2^144)P */ 0x68, 0x9f, 0x30, 0x3c, 0xb6, 0x8f, 0xce, 0xe9, 0xf4, 0xf9, 0xe1, 0x65, 0x35, 0xf6, 0x76, 0x53, 0xf1, 0x93, 0x63, 0x5a, 0xb3, 0xcf, 0xaf, 0xd1, 0x06, 0x35, 0x62, 0xe5, 0xed, 0xa1, 0x32, 0x66, - /* (2^145)P */ 0x4c, 0xed, 0x2d, 0x0c, 0x39, 0x6c, 0x7d, 0x0b, 0x1f, 0xcb, 0x04, 0xdf, 0x81, 0x32, 0xcb, 0x56, 0xc7, 0xc3, 0xec, 0x49, 0x12, 0x5a, 0x30, 0x66, 0x2a, 0xa7, 0x8c, 0xa3, 0x60, 0x8b, 0x58, 0x5d, - /* (2^146)P */ 0x2d, 0xf4, 0xe5, 0xe8, 0x78, 0xbf, 0xec, 0xa6, 0xec, 0x3e, 0x8a, 0x3c, 0x4b, 0xb4, 0xee, 0x86, 0x04, 0x16, 0xd2, 0xfb, 0x48, 0x9c, 0x21, 0xec, 0x31, 0x67, 0xc3, 0x17, 0xf5, 0x1a, 0xaf, 0x1a, - /* (2^147)P */ 0xe7, 0xbd, 0x69, 0x67, 0x83, 0xa2, 0x06, 0xc3, 0xdb, 0x2a, 0x1e, 0x2b, 0x62, 0x80, 0x82, 0x20, 0xa6, 0x94, 0xff, 0xfb, 0x1f, 0xf5, 0x27, 0x80, 0x6b, 0xf2, 0x24, 0x11, 0xce, 0xa1, 0xcf, 0x76, - /* (2^148)P */ 0xb6, 0xab, 0x22, 0x24, 0x56, 0x00, 0xeb, 0x18, 0xc3, 0x29, 0x8c, 0x8f, 0xd5, 0xc4, 0x77, 0xf3, 0x1a, 0x56, 0x31, 0xf5, 0x07, 0xc2, 0xbb, 0x4d, 0x27, 0x8a, 0x12, 0x82, 0xf0, 0xb7, 0x53, 0x02, - /* (2^149)P */ 0xe0, 0x17, 0x2c, 0xb6, 0x1c, 0x09, 0x1f, 0x3d, 0xa9, 0x28, 0x46, 0xd6, 0xab, 0xe1, 0x60, 0x48, 0x53, 0x42, 0x9d, 0x30, 0x36, 0x74, 0xd1, 0x52, 0x76, 0xe5, 0xfa, 0x3e, 0xe1, 0x97, 0x6f, 0x35, - /* (2^150)P */ 0x5b, 0x53, 0x50, 0xa1, 0x1a, 0xe1, 0x51, 0xd3, 0xcc, 0x78, 0xd8, 0x1d, 0xbb, 0x45, 0x6b, 0x3e, 0x98, 0x2c, 0xd9, 0xbe, 0x28, 0x61, 0x77, 0x0c, 0xb8, 0x85, 0x28, 0x03, 0x93, 0xae, 0x34, 0x1d, - /* (2^151)P */ 0xc3, 0xa4, 0x5b, 0xa8, 0x8c, 0x48, 0xa0, 0x4b, 0xce, 0xe6, 0x9c, 0x3c, 0xc3, 0x48, 0x53, 0x98, 0x70, 0xa7, 0xbd, 0x97, 0x6f, 0x4c, 0x12, 0x66, 0x4a, 0x12, 0x54, 0x06, 0x29, 0xa0, 0x81, 0x0f, - /* (2^152)P */ 0xfd, 0x86, 0x9b, 0x56, 0xa6, 0x9c, 0xd0, 0x9e, 0x2d, 0x9a, 0xaf, 0x18, 0xfd, 0x09, 0x10, 0x81, 0x0a, 0xc2, 0xd8, 0x93, 0x3f, 0xd0, 0x08, 0xff, 0x6b, 0xf2, 0xae, 0x9f, 0x19, 0x48, 0xa1, 0x52, - /* (2^153)P */ 0x73, 0x1b, 0x8d, 0x2d, 0xdc, 0xf9, 0x03, 0x3e, 0x70, 0x1a, 0x96, 0x73, 0x18, 0x80, 0x05, 0x42, 0x70, 0x59, 0xa3, 0x41, 0xf0, 0x87, 0xd9, 0xc0, 0x49, 0xd5, 0xc0, 0xa1, 0x15, 0x1f, 0xaa, 0x07, - /* (2^154)P */ 0x24, 0x72, 0xd2, 0x8c, 0xe0, 0x6c, 0xd4, 0xdf, 0x39, 0x42, 0x4e, 0x93, 0x4f, 0x02, 0x0a, 0x6d, 0x59, 0x7b, 0x89, 0x99, 0x63, 0x7a, 0x8a, 0x80, 0xa2, 0x95, 0x3d, 0xe1, 0xe9, 0x56, 0x45, 0x0a, - /* (2^155)P */ 0x45, 0x30, 0xc1, 0xe9, 0x1f, 0x99, 0x1a, 0xd2, 0xb8, 0x51, 0x77, 0xfe, 0x48, 0x85, 0x0e, 0x9b, 0x35, 0x00, 0xf3, 0x4b, 0xcb, 0x43, 0xa6, 0x5d, 0x21, 0xf7, 0x40, 0x39, 0xd6, 0x28, 0xdb, 0x77, - /* (2^156)P */ 0x11, 0x90, 0xdc, 0x4a, 0x61, 0xeb, 0x5e, 0xfc, 0xeb, 0x11, 0xc4, 0xe8, 0x9a, 0x41, 0x29, 0x52, 0x74, 0xcf, 0x1d, 0x7d, 0x78, 0xe7, 0xc3, 0x9e, 0xb5, 0x4c, 0x6e, 0x21, 0x3e, 0x05, 0x0d, 0x34, - /* (2^157)P */ 0xb4, 0xf2, 0x8d, 0xb4, 0x39, 0xaf, 0xc7, 0xca, 0x94, 0x0a, 0xa1, 0x71, 0x28, 0xec, 0xfa, 0xc0, 0xed, 0x75, 0xa5, 0x5c, 0x24, 0x69, 0x0a, 0x14, 0x4c, 0x3a, 0x27, 0x34, 0x71, 0xc3, 0xf1, 0x0c, - /* (2^158)P */ 0xa5, 0xb8, 0x24, 0xc2, 0x6a, 0x30, 0xee, 0xc8, 0xb0, 0x30, 0x49, 0xcb, 0x7c, 0xee, 0xea, 0x57, 0x4f, 0xe7, 0xcb, 0xaa, 0xbd, 0x06, 0xe8, 0xa1, 0x7d, 0x65, 0xeb, 0x2e, 0x74, 0x62, 0x9a, 0x7d, - /* (2^159)P */ 0x30, 0x48, 0x6c, 0x54, 0xef, 0xb6, 0xb6, 0x9e, 0x2e, 0x6e, 0xb3, 0xdd, 0x1f, 0xca, 0x5c, 0x88, 0x05, 0x71, 0x0d, 0xef, 0x83, 0xf3, 0xb9, 0xe6, 0x12, 0x04, 0x2e, 0x9d, 0xef, 0x4f, 0x65, 0x58, - /* (2^160)P */ 0x26, 0x8e, 0x0e, 0xbe, 0xff, 0xc4, 0x05, 0xa9, 0x6e, 0x81, 0x31, 0x9b, 0xdf, 0xe5, 0x2d, 0x94, 0xe1, 0x88, 0x2e, 0x80, 0x3f, 0x72, 0x7d, 0x49, 0x8d, 0x40, 0x2f, 0x60, 0xea, 0x4d, 0x68, 0x30, - /* (2^161)P */ 0x34, 0xcb, 0xe6, 0xa3, 0x78, 0xa2, 0xe5, 0x21, 0xc4, 0x1d, 0x15, 0x5b, 0x6f, 0x6e, 0xfb, 0xae, 0x15, 0xca, 0x77, 0x9d, 0x04, 0x8e, 0x0b, 0xb3, 0x81, 0x89, 0xb9, 0x53, 0xcf, 0xc9, 0xc3, 0x28, - /* (2^162)P */ 0x2a, 0xdd, 0x6c, 0x55, 0x21, 0xb7, 0x7f, 0x28, 0x74, 0x22, 0x02, 0x97, 0xa8, 0x7c, 0x31, 0x0d, 0x58, 0x32, 0x54, 0x3a, 0x42, 0xc7, 0x68, 0x74, 0x2f, 0x64, 0xb5, 0x4e, 0x46, 0x11, 0x7f, 0x4a, - /* (2^163)P */ 0xa6, 0x3a, 0x19, 0x4d, 0x77, 0xa4, 0x37, 0xa2, 0xa1, 0x29, 0x21, 0xa9, 0x6e, 0x98, 0x65, 0xd8, 0x88, 0x1a, 0x7c, 0xf8, 0xec, 0x15, 0xc5, 0x24, 0xeb, 0xf5, 0x39, 0x5f, 0x57, 0x03, 0x40, 0x60, - /* (2^164)P */ 0x27, 0x9b, 0x0a, 0x57, 0x89, 0xf1, 0xb9, 0x47, 0x78, 0x4b, 0x5e, 0x46, 0xde, 0xce, 0x98, 0x2b, 0x20, 0x5c, 0xb8, 0xdb, 0x51, 0xf5, 0x6d, 0x02, 0x01, 0x19, 0xe2, 0x47, 0x10, 0xd9, 0xfc, 0x74, - /* (2^165)P */ 0xa3, 0xbf, 0xc1, 0x23, 0x0a, 0xa9, 0xe2, 0x13, 0xf6, 0x19, 0x85, 0x47, 0x4e, 0x07, 0xb0, 0x0c, 0x44, 0xcf, 0xf6, 0x3a, 0xbe, 0xcb, 0xf1, 0x5f, 0xbe, 0x2d, 0x81, 0xbe, 0x38, 0x54, 0xfe, 0x67, - /* (2^166)P */ 0xb0, 0x05, 0x0f, 0xa4, 0x4f, 0xf6, 0x3c, 0xd1, 0x87, 0x37, 0x28, 0x32, 0x2f, 0xfb, 0x4d, 0x05, 0xea, 0x2a, 0x0d, 0x7f, 0x5b, 0x91, 0x73, 0x41, 0x4e, 0x0d, 0x61, 0x1f, 0x4f, 0x14, 0x2f, 0x48, - /* (2^167)P */ 0x34, 0x82, 0x7f, 0xb4, 0x01, 0x02, 0x21, 0xf6, 0x90, 0xb9, 0x70, 0x9e, 0x92, 0xe1, 0x0a, 0x5d, 0x7c, 0x56, 0x49, 0xb0, 0x55, 0xf4, 0xd7, 0xdc, 0x01, 0x6f, 0x91, 0xf0, 0xf1, 0xd0, 0x93, 0x7e, - /* (2^168)P */ 0xfa, 0xb4, 0x7d, 0x8a, 0xf1, 0xcb, 0x79, 0xdd, 0x2f, 0xc6, 0x74, 0x6f, 0xbf, 0x91, 0x83, 0xbe, 0xbd, 0x91, 0x82, 0x4b, 0xd1, 0x45, 0x71, 0x02, 0x05, 0x17, 0xbf, 0x2c, 0xea, 0x73, 0x5a, 0x58, - /* (2^169)P */ 0xb2, 0x0d, 0x8a, 0x92, 0x3e, 0xa0, 0x5c, 0x48, 0xe7, 0x57, 0x28, 0x74, 0xa5, 0x01, 0xfc, 0x10, 0xa7, 0x51, 0xd5, 0xd6, 0xdb, 0x2e, 0x48, 0x2f, 0x8a, 0xdb, 0x8f, 0x04, 0xb5, 0x33, 0x04, 0x0f, - /* (2^170)P */ 0x47, 0x62, 0xdc, 0xd7, 0x8d, 0x2e, 0xda, 0x60, 0x9a, 0x81, 0xd4, 0x8c, 0xd3, 0xc9, 0xb4, 0x88, 0x97, 0x66, 0xf6, 0x01, 0xc0, 0x3a, 0x03, 0x13, 0x75, 0x7d, 0x36, 0x3b, 0xfe, 0x24, 0x3b, 0x27, - /* (2^171)P */ 0xd4, 0xb9, 0xb3, 0x31, 0x6a, 0xf6, 0xe8, 0xc6, 0xd5, 0x49, 0xdf, 0x94, 0xa4, 0x14, 0x15, 0x28, 0xa7, 0x3d, 0xb2, 0xc8, 0xdf, 0x6f, 0x72, 0xd1, 0x48, 0xe5, 0xde, 0x03, 0xd1, 0xe7, 0x3a, 0x4b, - /* (2^172)P */ 0x7e, 0x9d, 0x4b, 0xce, 0x19, 0x6e, 0x25, 0xc6, 0x1c, 0xc6, 0xe3, 0x86, 0xf1, 0x5c, 0x5c, 0xff, 0x45, 0xc1, 0x8e, 0x4b, 0xa3, 0x3c, 0xc6, 0xac, 0x74, 0x65, 0xe6, 0xfe, 0x88, 0x18, 0x62, 0x74, - /* (2^173)P */ 0x1e, 0x0a, 0x29, 0x45, 0x96, 0x40, 0x6f, 0x95, 0x2e, 0x96, 0x3a, 0x26, 0xe3, 0xf8, 0x0b, 0xef, 0x7b, 0x64, 0xc2, 0x5e, 0xeb, 0x50, 0x6a, 0xed, 0x02, 0x75, 0xca, 0x9d, 0x3a, 0x28, 0x94, 0x06, - /* (2^174)P */ 0xd1, 0xdc, 0xa2, 0x43, 0x36, 0x96, 0x9b, 0x76, 0x53, 0x53, 0xfc, 0x09, 0xea, 0xc8, 0xb7, 0x42, 0xab, 0x7e, 0x39, 0x13, 0xee, 0x2a, 0x00, 0x4f, 0x3a, 0xd6, 0xb7, 0x19, 0x2c, 0x5e, 0x00, 0x63, - /* (2^175)P */ 0xea, 0x3b, 0x02, 0x63, 0xda, 0x36, 0x67, 0xca, 0xb7, 0x99, 0x2a, 0xb1, 0x6d, 0x7f, 0x6c, 0x96, 0xe1, 0xc5, 0x37, 0xc5, 0x90, 0x93, 0xe0, 0xac, 0xee, 0x89, 0xaa, 0xa1, 0x63, 0x60, 0x69, 0x0b, - /* (2^176)P */ 0xe5, 0x56, 0x8c, 0x28, 0x97, 0x3e, 0xb0, 0xeb, 0xe8, 0x8b, 0x8c, 0x93, 0x9f, 0x9f, 0x2a, 0x43, 0x71, 0x7f, 0x71, 0x5b, 0x3d, 0xa9, 0xa5, 0xa6, 0x97, 0x9d, 0x8f, 0xe1, 0xc3, 0xb4, 0x5f, 0x1a, - /* (2^177)P */ 0xce, 0xcd, 0x60, 0x1c, 0xad, 0xe7, 0x94, 0x1c, 0xa0, 0xc4, 0x02, 0xfc, 0x43, 0x2a, 0x20, 0xee, 0x20, 0x6a, 0xc4, 0x67, 0xd8, 0xe4, 0xaf, 0x8d, 0x58, 0x7b, 0xc2, 0x8a, 0x3c, 0x26, 0x10, 0x0a, - /* (2^178)P */ 0x4a, 0x2a, 0x43, 0xe4, 0xdf, 0xa9, 0xde, 0xd0, 0xc5, 0x77, 0x92, 0xbe, 0x7b, 0xf8, 0x6a, 0x85, 0x1a, 0xc7, 0x12, 0xc2, 0xac, 0x72, 0x84, 0xce, 0x91, 0x1e, 0xbb, 0x9b, 0x6d, 0x1b, 0x15, 0x6f, - /* (2^179)P */ 0x6a, 0xd5, 0xee, 0x7c, 0x52, 0x6c, 0x77, 0x26, 0xec, 0xfa, 0xf8, 0xfb, 0xb7, 0x1c, 0x21, 0x7d, 0xcc, 0x09, 0x46, 0xfd, 0xa6, 0x66, 0xae, 0x37, 0x42, 0x0c, 0x77, 0xd2, 0x02, 0xb7, 0x81, 0x1f, - /* (2^180)P */ 0x92, 0x83, 0xc5, 0xea, 0x57, 0xb0, 0xb0, 0x2f, 0x9d, 0x4e, 0x74, 0x29, 0xfe, 0x89, 0xdd, 0xe1, 0xf8, 0xb4, 0xbe, 0x17, 0xeb, 0xf8, 0x64, 0xc9, 0x1e, 0xd4, 0xa2, 0xc9, 0x73, 0x10, 0x57, 0x29, - /* (2^181)P */ 0x54, 0xe2, 0xc0, 0x81, 0x89, 0xa1, 0x48, 0xa9, 0x30, 0x28, 0xb2, 0x65, 0x9b, 0x36, 0xf6, 0x2d, 0xc6, 0xd3, 0xcf, 0x5f, 0xd7, 0xb2, 0x3e, 0xa3, 0x1f, 0xa0, 0x99, 0x41, 0xec, 0xd6, 0x8c, 0x07, - /* (2^182)P */ 0x2f, 0x0d, 0x90, 0xad, 0x41, 0x4a, 0x58, 0x4a, 0x52, 0x4c, 0xc7, 0xe2, 0x78, 0x2b, 0x14, 0x32, 0x78, 0xc9, 0x31, 0x84, 0x33, 0xe8, 0xc4, 0x68, 0xc2, 0x9f, 0x68, 0x08, 0x90, 0xea, 0x69, 0x7f, - /* (2^183)P */ 0x65, 0x82, 0xa3, 0x46, 0x1e, 0xc8, 0xf2, 0x52, 0xfd, 0x32, 0xa8, 0x04, 0x2d, 0x07, 0x78, 0xfd, 0x94, 0x9e, 0x35, 0x25, 0xfa, 0xd5, 0xd7, 0x8c, 0xd2, 0x29, 0xcc, 0x54, 0x74, 0x1b, 0xe7, 0x4d, - /* (2^184)P */ 0xc9, 0x6a, 0xda, 0x1e, 0xad, 0x60, 0xeb, 0x42, 0x3a, 0x9c, 0xc0, 0xdb, 0xdf, 0x37, 0xad, 0x0a, 0x91, 0xc1, 0x3c, 0xe3, 0x71, 0x4b, 0x00, 0x81, 0x3c, 0x80, 0x22, 0x51, 0x34, 0xbe, 0xe6, 0x44, - /* (2^185)P */ 0xdb, 0x20, 0x19, 0xba, 0x88, 0x83, 0xfe, 0x03, 0x08, 0xb0, 0x0d, 0x15, 0x32, 0x7c, 0xd5, 0xf5, 0x29, 0x0c, 0xf6, 0x1a, 0x28, 0xc4, 0xc8, 0x49, 0xee, 0x1a, 0x70, 0xde, 0x18, 0xb5, 0xed, 0x21, - /* (2^186)P */ 0x99, 0xdc, 0x06, 0x8f, 0x41, 0x3e, 0xb6, 0x7f, 0xb8, 0xd7, 0x66, 0xc1, 0x99, 0x0d, 0x46, 0xa4, 0x83, 0x0a, 0x52, 0xce, 0x48, 0x52, 0xdd, 0x24, 0x58, 0x83, 0x92, 0x2b, 0x71, 0xad, 0xc3, 0x5e, - /* (2^187)P */ 0x0f, 0x93, 0x17, 0xbd, 0x5f, 0x2a, 0x02, 0x15, 0xe3, 0x70, 0x25, 0xd8, 0x77, 0x4a, 0xf6, 0xa4, 0x12, 0x37, 0x78, 0x15, 0x69, 0x8d, 0xbc, 0x12, 0xbb, 0x0a, 0x62, 0xfc, 0xc0, 0x94, 0x81, 0x49, - /* (2^188)P */ 0x82, 0x6c, 0x68, 0x55, 0xd2, 0xd9, 0xa2, 0x38, 0xf0, 0x21, 0x3e, 0x19, 0xd9, 0x6b, 0x5c, 0x78, 0x84, 0x54, 0x4a, 0xb2, 0x1a, 0xc8, 0xd5, 0xe4, 0x89, 0x09, 0xe2, 0xb2, 0x60, 0x78, 0x30, 0x56, - /* (2^189)P */ 0xc4, 0x74, 0x4d, 0x8b, 0xf7, 0x55, 0x9d, 0x42, 0x31, 0x01, 0x35, 0x43, 0x46, 0x83, 0xf1, 0x22, 0xff, 0x1f, 0xc7, 0x98, 0x45, 0xc2, 0x60, 0x1e, 0xef, 0x83, 0x99, 0x97, 0x14, 0xf0, 0xf2, 0x59, - /* (2^190)P */ 0x44, 0x4a, 0x49, 0xeb, 0x56, 0x7d, 0xa4, 0x46, 0x8e, 0xa1, 0x36, 0xd6, 0x54, 0xa8, 0x22, 0x3e, 0x3b, 0x1c, 0x49, 0x74, 0x52, 0xe1, 0x46, 0xb3, 0xe7, 0xcd, 0x90, 0x53, 0x4e, 0xfd, 0xea, 0x2c, - /* (2^191)P */ 0x75, 0x66, 0x0d, 0xbe, 0x38, 0x85, 0x8a, 0xba, 0x23, 0x8e, 0x81, 0x50, 0xbb, 0x74, 0x90, 0x4b, 0xc3, 0x04, 0xd3, 0x85, 0x90, 0xb8, 0xda, 0xcb, 0xc4, 0x92, 0x61, 0xe5, 0xe0, 0x4f, 0xa2, 0x61, - /* (2^192)P */ 0xcb, 0x5b, 0x52, 0xdb, 0xe6, 0x15, 0x76, 0xcb, 0xca, 0xe4, 0x67, 0xa5, 0x35, 0x8c, 0x7d, 0xdd, 0x69, 0xdd, 0xfc, 0xca, 0x3a, 0x15, 0xb4, 0xe6, 0x66, 0x97, 0x3c, 0x7f, 0x09, 0x8e, 0x66, 0x2d, - /* (2^193)P */ 0xf0, 0x5e, 0xe5, 0x5c, 0x26, 0x7e, 0x7e, 0xa5, 0x67, 0xb9, 0xd4, 0x7c, 0x52, 0x4e, 0x9f, 0x5d, 0xe5, 0xd1, 0x2f, 0x49, 0x06, 0x36, 0xc8, 0xfb, 0xae, 0xf7, 0xc3, 0xb7, 0xbe, 0x52, 0x0d, 0x09, - /* (2^194)P */ 0x7c, 0x4d, 0x7b, 0x1e, 0x5a, 0x51, 0xb9, 0x09, 0xc0, 0x44, 0xda, 0x99, 0x25, 0x6a, 0x26, 0x1f, 0x04, 0x55, 0xc5, 0xe2, 0x48, 0x95, 0xc4, 0xa1, 0xcc, 0x15, 0x6f, 0x12, 0x87, 0x42, 0xf0, 0x7e, - /* (2^195)P */ 0x15, 0xef, 0x30, 0xbd, 0x9d, 0x65, 0xd1, 0xfe, 0x7b, 0x27, 0xe0, 0xc4, 0xee, 0xb9, 0x4a, 0x8b, 0x91, 0x32, 0xdf, 0xa5, 0x36, 0x62, 0x4d, 0x88, 0x88, 0xf7, 0x5c, 0xbf, 0xa6, 0x6e, 0xd9, 0x1f, - /* (2^196)P */ 0x9a, 0x0d, 0x19, 0x1f, 0x98, 0x61, 0xa1, 0x42, 0xc1, 0x52, 0x60, 0x7e, 0x50, 0x49, 0xd8, 0x61, 0xd5, 0x2c, 0x5a, 0x28, 0xbf, 0x13, 0xe1, 0x9f, 0xd8, 0x85, 0xad, 0xdb, 0x76, 0xd6, 0x22, 0x7c, - /* (2^197)P */ 0x7d, 0xd2, 0xfb, 0x2b, 0xed, 0x70, 0xe7, 0x82, 0xa5, 0xf5, 0x96, 0xe9, 0xec, 0xb2, 0x05, 0x4c, 0x50, 0x01, 0x90, 0xb0, 0xc2, 0xa9, 0x40, 0xcd, 0x64, 0xbf, 0xd9, 0x13, 0x92, 0x31, 0x95, 0x58, - /* (2^198)P */ 0x08, 0x2e, 0xea, 0x3f, 0x70, 0x5d, 0xcc, 0xe7, 0x8c, 0x18, 0xe2, 0x58, 0x12, 0x49, 0x0c, 0xb5, 0xf0, 0x5b, 0x20, 0x48, 0xaa, 0x0b, 0xe3, 0xcc, 0x62, 0x2d, 0xa3, 0xcf, 0x9c, 0x65, 0x7c, 0x53, - /* (2^199)P */ 0x88, 0xc0, 0xcf, 0x98, 0x3a, 0x62, 0xb6, 0x37, 0xa4, 0xac, 0xd6, 0xa4, 0x1f, 0xed, 0x9b, 0xfe, 0xb0, 0xd1, 0xa8, 0x56, 0x8e, 0x9b, 0xd2, 0x04, 0x75, 0x95, 0x51, 0x0b, 0xc4, 0x71, 0x5f, 0x72, - /* (2^200)P */ 0xe6, 0x9c, 0x33, 0xd0, 0x9c, 0xf8, 0xc7, 0x28, 0x8b, 0xc1, 0xdd, 0x69, 0x44, 0xb1, 0x67, 0x83, 0x2c, 0x65, 0xa1, 0xa6, 0x83, 0xda, 0x3a, 0x88, 0x17, 0x6c, 0x4d, 0x03, 0x74, 0x19, 0x5f, 0x58, - /* (2^201)P */ 0x88, 0x91, 0xb1, 0xf1, 0x66, 0xb2, 0xcf, 0x89, 0x17, 0x52, 0xc3, 0xe7, 0x63, 0x48, 0x3b, 0xe6, 0x6a, 0x52, 0xc0, 0xb4, 0xa6, 0x9d, 0x8c, 0xd8, 0x35, 0x46, 0x95, 0xf0, 0x9d, 0x5c, 0x03, 0x3e, - /* (2^202)P */ 0x9d, 0xde, 0x45, 0xfb, 0x12, 0x54, 0x9d, 0xdd, 0x0d, 0xf4, 0xcf, 0xe4, 0x32, 0x45, 0x68, 0xdd, 0x1c, 0x67, 0x1d, 0x15, 0x9b, 0x99, 0x5c, 0x4b, 0x90, 0xf6, 0xe7, 0x11, 0xc8, 0x2c, 0x8c, 0x2d, - /* (2^203)P */ 0x40, 0x5d, 0x05, 0x90, 0x1d, 0xbe, 0x54, 0x7f, 0x40, 0xaf, 0x4a, 0x46, 0xdf, 0xc5, 0x64, 0xa4, 0xbe, 0x17, 0xe9, 0xf0, 0x24, 0x96, 0x97, 0x33, 0x30, 0x6b, 0x35, 0x27, 0xc5, 0x8d, 0x01, 0x2c, - /* (2^204)P */ 0xd4, 0xb3, 0x30, 0xe3, 0x24, 0x50, 0x41, 0xa5, 0xd3, 0x52, 0x16, 0x69, 0x96, 0x3d, 0xff, 0x73, 0xf1, 0x59, 0x9b, 0xef, 0xc4, 0x42, 0xec, 0x94, 0x5a, 0x8e, 0xd0, 0x18, 0x16, 0x20, 0x47, 0x07, - /* (2^205)P */ 0x53, 0x1c, 0x41, 0xca, 0x8a, 0xa4, 0x6c, 0x4d, 0x19, 0x61, 0xa6, 0xcf, 0x2f, 0x5f, 0x41, 0x66, 0xff, 0x27, 0xe2, 0x51, 0x00, 0xd4, 0x4d, 0x9c, 0xeb, 0xf7, 0x02, 0x9a, 0xc0, 0x0b, 0x81, 0x59, - /* (2^206)P */ 0x1d, 0x10, 0xdc, 0xb3, 0x71, 0xb1, 0x7e, 0x2a, 0x8e, 0xf6, 0xfe, 0x9f, 0xb9, 0x5a, 0x1c, 0x44, 0xea, 0x59, 0xb3, 0x93, 0x9b, 0x5c, 0x02, 0x32, 0x2f, 0x11, 0x9d, 0x1e, 0xa7, 0xe0, 0x8c, 0x5e, - /* (2^207)P */ 0xfd, 0x03, 0x95, 0x42, 0x92, 0xcb, 0xcc, 0xbf, 0x55, 0x5d, 0x09, 0x2f, 0x75, 0xba, 0x71, 0xd2, 0x1e, 0x09, 0x2d, 0x97, 0x5e, 0xad, 0x5e, 0x34, 0xba, 0x03, 0x31, 0xa8, 0x11, 0xdf, 0xc8, 0x18, - /* (2^208)P */ 0x4c, 0x0f, 0xed, 0x9a, 0x9a, 0x94, 0xcd, 0x90, 0x7e, 0xe3, 0x60, 0x66, 0xcb, 0xf4, 0xd1, 0xc5, 0x0b, 0x2e, 0xc5, 0x56, 0x2d, 0xc5, 0xca, 0xb8, 0x0d, 0x8e, 0x80, 0xc5, 0x00, 0xe4, 0x42, 0x6e, - /* (2^209)P */ 0x23, 0xfd, 0xae, 0xee, 0x66, 0x69, 0xb4, 0xa3, 0xca, 0xcd, 0x9e, 0xe3, 0x0b, 0x1f, 0x4f, 0x0c, 0x1d, 0xa5, 0x83, 0xd6, 0xc9, 0xc8, 0x9d, 0x18, 0x1b, 0x35, 0x09, 0x4c, 0x05, 0x7f, 0xf2, 0x51, - /* (2^210)P */ 0x82, 0x06, 0x32, 0x2a, 0xcd, 0x7c, 0x48, 0x4c, 0x96, 0x1c, 0xdf, 0xb3, 0x5b, 0xa9, 0x7e, 0x58, 0xe8, 0xb8, 0x5c, 0x55, 0x9e, 0xf7, 0xcc, 0xc8, 0x3d, 0xd7, 0x06, 0xa2, 0x29, 0xc8, 0x7d, 0x54, - /* (2^211)P */ 0x06, 0x9b, 0xc3, 0x80, 0xcd, 0xa6, 0x22, 0xb8, 0xc6, 0xd4, 0x00, 0x20, 0x73, 0x54, 0x6d, 0xe9, 0x4d, 0x3b, 0x46, 0x91, 0x6f, 0x5b, 0x53, 0x28, 0x1d, 0x6e, 0x48, 0xe2, 0x60, 0x46, 0x8f, 0x22, - /* (2^212)P */ 0xbf, 0x3a, 0x8d, 0xde, 0x38, 0x95, 0x79, 0x98, 0x6e, 0xca, 0xeb, 0x45, 0x00, 0x33, 0xd8, 0x8c, 0x38, 0xe7, 0x21, 0x82, 0x00, 0x2a, 0x95, 0x79, 0xbb, 0xd2, 0x5c, 0x53, 0xa7, 0xe1, 0x22, 0x43, - /* (2^213)P */ 0x1c, 0x80, 0xd1, 0x19, 0x18, 0xc1, 0x14, 0xb1, 0xc7, 0x5e, 0x3f, 0x4f, 0xd8, 0xe4, 0x16, 0x20, 0x4c, 0x0f, 0x26, 0x09, 0xf4, 0x2d, 0x0e, 0xdd, 0x66, 0x72, 0x5f, 0xae, 0xc0, 0x62, 0xc3, 0x5e, - /* (2^214)P */ 0xee, 0xb4, 0xb2, 0xb8, 0x18, 0x2b, 0x46, 0xc0, 0xfb, 0x1a, 0x4d, 0x27, 0x50, 0xd9, 0xc8, 0x7c, 0xd2, 0x02, 0x6b, 0x43, 0x05, 0x71, 0x5f, 0xf2, 0xd3, 0xcc, 0xf9, 0xbf, 0xdc, 0xf8, 0xbb, 0x43, - /* (2^215)P */ 0xdf, 0xe9, 0x39, 0xa0, 0x67, 0x17, 0xad, 0xb6, 0x83, 0x35, 0x9d, 0xf6, 0xa8, 0x4d, 0x71, 0xb0, 0xf5, 0x31, 0x29, 0xb4, 0x18, 0xfa, 0x55, 0x5e, 0x61, 0x09, 0xc6, 0x33, 0x8f, 0x55, 0xd5, 0x4e, - /* (2^216)P */ 0xdd, 0xa5, 0x47, 0xc6, 0x01, 0x79, 0xe3, 0x1f, 0x57, 0xd3, 0x81, 0x80, 0x1f, 0xdf, 0x3d, 0x59, 0xa6, 0xd7, 0x3f, 0x81, 0xfd, 0xa4, 0x49, 0x02, 0x61, 0xaf, 0x9c, 0x4e, 0x27, 0xca, 0xac, 0x69, - /* (2^217)P */ 0xc9, 0x21, 0x07, 0x33, 0xea, 0xa3, 0x7b, 0x04, 0xa0, 0x1e, 0x7e, 0x0e, 0xc2, 0x3f, 0x42, 0x83, 0x60, 0x4a, 0x31, 0x01, 0xaf, 0xc0, 0xf4, 0x1d, 0x27, 0x95, 0x28, 0x89, 0xab, 0x2d, 0xa6, 0x09, - /* (2^218)P */ 0x00, 0xcb, 0xc6, 0x9c, 0xa4, 0x25, 0xb3, 0xa5, 0xb6, 0x6c, 0xb5, 0x54, 0xc6, 0x5d, 0x4b, 0xe9, 0xa0, 0x94, 0xc9, 0xad, 0x79, 0x87, 0xe2, 0x3b, 0xad, 0x4a, 0x3a, 0xba, 0xf8, 0xe8, 0x96, 0x42, - /* (2^219)P */ 0xab, 0x1e, 0x45, 0x1e, 0x76, 0x89, 0x86, 0x32, 0x4a, 0x59, 0x59, 0xff, 0x8b, 0x59, 0x4d, 0x2e, 0x4a, 0x08, 0xa7, 0xd7, 0x53, 0x68, 0xb9, 0x49, 0xa8, 0x20, 0x14, 0x60, 0x19, 0xa3, 0x80, 0x49, - /* (2^220)P */ 0x42, 0x2c, 0x55, 0x2f, 0xe1, 0xb9, 0x65, 0x95, 0x96, 0xfe, 0x00, 0x71, 0xdb, 0x18, 0x53, 0x8a, 0xd7, 0xd0, 0xad, 0x43, 0x4d, 0x0b, 0xc9, 0x05, 0xda, 0x4e, 0x5d, 0x6a, 0xd6, 0x4c, 0x8b, 0x53, - /* (2^221)P */ 0x9f, 0x03, 0x9f, 0xe8, 0xc3, 0x4f, 0xe9, 0xf4, 0x45, 0x80, 0x61, 0x6f, 0xf2, 0x9a, 0x2c, 0x59, 0x50, 0x95, 0x4b, 0xfd, 0xb5, 0x6e, 0xa3, 0x08, 0x19, 0x14, 0xed, 0xc2, 0xf6, 0xfa, 0xff, 0x25, - /* (2^222)P */ 0x54, 0xd3, 0x79, 0xcc, 0x59, 0x44, 0x43, 0x34, 0x6b, 0x47, 0xd5, 0xb1, 0xb4, 0xbf, 0xec, 0xee, 0x99, 0x5d, 0x61, 0x61, 0xa0, 0x34, 0xeb, 0xdd, 0x73, 0xb7, 0x64, 0xeb, 0xcc, 0xce, 0x29, 0x51, - /* (2^223)P */ 0x20, 0x35, 0x99, 0x94, 0x58, 0x21, 0x43, 0xee, 0x3b, 0x0b, 0x4c, 0xf1, 0x7c, 0x9c, 0x2f, 0x77, 0xd5, 0xda, 0xbe, 0x06, 0xe3, 0xfc, 0xe2, 0xd2, 0x97, 0x6a, 0xf0, 0x46, 0xb5, 0x42, 0x5f, 0x71, - /* (2^224)P */ 0x1a, 0x5f, 0x5b, 0xda, 0xce, 0xcd, 0x4e, 0x43, 0xa9, 0x41, 0x97, 0xa4, 0x15, 0x71, 0xa1, 0x0d, 0x2e, 0xad, 0xed, 0x73, 0x7c, 0xd7, 0x0b, 0x68, 0x41, 0x90, 0xdd, 0x4e, 0x35, 0x02, 0x7c, 0x48, - /* (2^225)P */ 0xc4, 0xd9, 0x0e, 0xa7, 0xf3, 0xef, 0xef, 0xb8, 0x02, 0xe3, 0x57, 0xe8, 0xa3, 0x2a, 0xa3, 0x56, 0xa0, 0xa5, 0xa2, 0x48, 0xbd, 0x68, 0x3a, 0xdf, 0x44, 0xc4, 0x76, 0x31, 0xb7, 0x50, 0xf6, 0x07, - /* (2^226)P */ 0xb1, 0xcc, 0xe0, 0x26, 0x16, 0x9b, 0x8b, 0xe3, 0x36, 0xfb, 0x09, 0x8b, 0xc1, 0x53, 0xe0, 0x79, 0x64, 0x49, 0xf9, 0xc9, 0x19, 0x03, 0xd9, 0x56, 0xc4, 0xf5, 0x9f, 0xac, 0xe7, 0x41, 0xa9, 0x1c, - /* (2^227)P */ 0xbb, 0xa0, 0x2f, 0x16, 0x29, 0xdf, 0xc4, 0x49, 0x05, 0x33, 0xb3, 0x82, 0x32, 0xcf, 0x88, 0x84, 0x7d, 0x43, 0xbb, 0xca, 0x14, 0xda, 0xdf, 0x95, 0x86, 0xad, 0xd5, 0x64, 0x82, 0xf7, 0x91, 0x33, - /* (2^228)P */ 0x5d, 0x09, 0xb5, 0xe2, 0x6a, 0xe0, 0x9a, 0x72, 0x46, 0xa9, 0x59, 0x32, 0xd7, 0x58, 0x8a, 0xd5, 0xed, 0x21, 0x39, 0xd1, 0x62, 0x42, 0x83, 0xe9, 0x92, 0xb5, 0x4b, 0xa5, 0xfa, 0xda, 0xfe, 0x27, - /* (2^229)P */ 0xbb, 0x48, 0xad, 0x29, 0xb8, 0xc5, 0x9d, 0xa9, 0x60, 0xe2, 0x9e, 0x49, 0x42, 0x57, 0x02, 0x5f, 0xfd, 0x13, 0x75, 0x5d, 0xcd, 0x8e, 0x2c, 0x80, 0x38, 0xd9, 0x6d, 0x3f, 0xef, 0xb3, 0xce, 0x78, - /* (2^230)P */ 0x94, 0x5d, 0x13, 0x8a, 0x4f, 0xf4, 0x42, 0xc3, 0xa3, 0xdd, 0x8c, 0x82, 0x44, 0xdb, 0x9e, 0x7b, 0xe7, 0xcf, 0x37, 0x05, 0x1a, 0xd1, 0x36, 0x94, 0xc8, 0xb4, 0x1a, 0xec, 0x64, 0xb1, 0x64, 0x50, - /* (2^231)P */ 0xfc, 0xb2, 0x7e, 0xd3, 0xcf, 0xec, 0x20, 0x70, 0xfc, 0x25, 0x0d, 0xd9, 0x3e, 0xea, 0x31, 0x1f, 0x34, 0xbb, 0xa1, 0xdf, 0x7b, 0x0d, 0x93, 0x1b, 0x44, 0x30, 0x11, 0x48, 0x7a, 0x46, 0x44, 0x53, - /* (2^232)P */ 0xfb, 0x6d, 0x5e, 0xf2, 0x70, 0x31, 0x07, 0x70, 0xc8, 0x4c, 0x11, 0x50, 0x1a, 0xdc, 0x85, 0xe3, 0x00, 0x4f, 0xfc, 0xc8, 0x8a, 0x69, 0x48, 0x23, 0xd8, 0x40, 0xdd, 0x84, 0x52, 0xa5, 0x77, 0x2a, - /* (2^233)P */ 0xe4, 0x6c, 0x8c, 0xc9, 0xe0, 0xaf, 0x06, 0xfe, 0xe4, 0xd6, 0xdf, 0xdd, 0x96, 0xdf, 0x35, 0xc2, 0xd3, 0x1e, 0xbf, 0x33, 0x1e, 0xd0, 0x28, 0x14, 0xaf, 0xbd, 0x00, 0x93, 0xec, 0x68, 0x57, 0x78, - /* (2^234)P */ 0x3b, 0xb6, 0xde, 0x91, 0x7a, 0xe5, 0x02, 0x97, 0x80, 0x8b, 0xce, 0xe5, 0xbf, 0xb8, 0xbd, 0x61, 0xac, 0x58, 0x1d, 0x3d, 0x6f, 0x42, 0x5b, 0x64, 0xbc, 0x57, 0xa5, 0x27, 0x22, 0xa8, 0x04, 0x48, - /* (2^235)P */ 0x01, 0x26, 0x4d, 0xb4, 0x8a, 0x04, 0x57, 0x8e, 0x35, 0x69, 0x3a, 0x4b, 0x1a, 0x50, 0xd6, 0x68, 0x93, 0xc2, 0xe1, 0xf9, 0xc3, 0x9e, 0x9c, 0xc3, 0xe2, 0x63, 0xde, 0xd4, 0x57, 0xf2, 0x72, 0x41, - /* (2^236)P */ 0x01, 0x64, 0x0c, 0x33, 0x50, 0xb4, 0x68, 0xd3, 0x91, 0x23, 0x8f, 0x41, 0x17, 0x30, 0x0d, 0x04, 0x0d, 0xd9, 0xb7, 0x90, 0x60, 0xbb, 0x34, 0x2c, 0x1f, 0xd5, 0xdf, 0x8f, 0x22, 0x49, 0xf6, 0x16, - /* (2^237)P */ 0xf5, 0x8e, 0x92, 0x2b, 0x8e, 0x81, 0xa6, 0xbe, 0x72, 0x1e, 0xc1, 0xcd, 0x91, 0xcf, 0x8c, 0xe2, 0xcd, 0x36, 0x7a, 0xe7, 0x68, 0xaa, 0x4a, 0x59, 0x0f, 0xfd, 0x7f, 0x6c, 0x80, 0x34, 0x30, 0x31, - /* (2^238)P */ 0x65, 0xbd, 0x49, 0x22, 0xac, 0x27, 0x9d, 0x8a, 0x12, 0x95, 0x8e, 0x01, 0x64, 0xb4, 0xa3, 0x19, 0xc7, 0x7e, 0xb3, 0x52, 0xf3, 0xcf, 0x6c, 0xc2, 0x21, 0x7b, 0x79, 0x1d, 0x34, 0x68, 0x6f, 0x05, - /* (2^239)P */ 0x27, 0x23, 0xfd, 0x7e, 0x75, 0xd6, 0x79, 0x5e, 0x15, 0xfe, 0x3a, 0x55, 0xb6, 0xbc, 0xbd, 0xfa, 0x60, 0x5a, 0xaf, 0x6e, 0x2c, 0x22, 0xe7, 0xd3, 0x3b, 0x74, 0xae, 0x4d, 0x6d, 0xc7, 0x46, 0x70, - /* (2^240)P */ 0x55, 0x4a, 0x8d, 0xb1, 0x72, 0xe8, 0x0b, 0x66, 0x96, 0x14, 0x4e, 0x57, 0x18, 0x25, 0x99, 0x19, 0xbb, 0xdc, 0x2b, 0x30, 0x3a, 0x05, 0x03, 0xc1, 0x8e, 0x8e, 0x21, 0x0b, 0x80, 0xe9, 0xd8, 0x3e, - /* (2^241)P */ 0x3e, 0xe0, 0x75, 0xfa, 0x39, 0x92, 0x0b, 0x7b, 0x83, 0xc0, 0x33, 0x46, 0x68, 0xfb, 0xe9, 0xef, 0x93, 0x77, 0x1a, 0x39, 0xbe, 0x5f, 0xa3, 0x98, 0x34, 0xfe, 0xd0, 0xe2, 0x0f, 0x51, 0x65, 0x60, - /* (2^242)P */ 0x0c, 0xad, 0xab, 0x48, 0x85, 0x66, 0xcb, 0x55, 0x27, 0xe5, 0x87, 0xda, 0x48, 0x45, 0x58, 0xb4, 0xdd, 0xc1, 0x07, 0x01, 0xea, 0xec, 0x43, 0x2c, 0x35, 0xde, 0x72, 0x93, 0x80, 0x28, 0x60, 0x52, - /* (2^243)P */ 0x1f, 0x3b, 0x21, 0xf9, 0x6a, 0xc5, 0x15, 0x34, 0xdb, 0x98, 0x7e, 0x01, 0x4d, 0x1a, 0xee, 0x5b, 0x9b, 0x70, 0xcf, 0xb5, 0x05, 0xb1, 0xf6, 0x13, 0xb6, 0x9a, 0xb2, 0x82, 0x34, 0x0e, 0xf2, 0x5f, - /* (2^244)P */ 0x90, 0x6c, 0x2e, 0xcc, 0x75, 0x9c, 0xa2, 0x0a, 0x06, 0xe2, 0x70, 0x3a, 0xca, 0x73, 0x7d, 0xfc, 0x15, 0xc5, 0xb5, 0xc4, 0x8f, 0xc3, 0x9f, 0x89, 0x07, 0xc2, 0xff, 0x24, 0xb1, 0x86, 0x03, 0x25, - /* (2^245)P */ 0x56, 0x2b, 0x3d, 0xae, 0xd5, 0x28, 0xea, 0x54, 0xce, 0x60, 0xde, 0xd6, 0x9d, 0x14, 0x13, 0x99, 0xc1, 0xd6, 0x06, 0x8f, 0xc5, 0x4f, 0x69, 0x16, 0xc7, 0x8f, 0x01, 0xeb, 0x75, 0x39, 0xb2, 0x46, - /* (2^246)P */ 0xe2, 0xb4, 0xb7, 0xb4, 0x0f, 0x6a, 0x0a, 0x47, 0xde, 0x53, 0x72, 0x8f, 0x5a, 0x47, 0x92, 0x5d, 0xdb, 0x3a, 0xbd, 0x2f, 0xb5, 0xe5, 0xee, 0xab, 0x68, 0x69, 0x80, 0xa0, 0x01, 0x08, 0xa2, 0x7f, - /* (2^247)P */ 0xd2, 0x14, 0x77, 0x9f, 0xf1, 0xfa, 0xf3, 0x76, 0xc3, 0x60, 0x46, 0x2f, 0xc1, 0x40, 0xe8, 0xb3, 0x4e, 0x74, 0x12, 0xf2, 0x8d, 0xcd, 0xb4, 0x0f, 0xd2, 0x2d, 0x3a, 0x1d, 0x25, 0x5a, 0x06, 0x4b, - /* (2^248)P */ 0x4a, 0xcd, 0x77, 0x3d, 0x38, 0xde, 0xeb, 0x5c, 0xb1, 0x9c, 0x2c, 0x88, 0xdf, 0x39, 0xdf, 0x6a, 0x59, 0xf7, 0x9a, 0xb0, 0x2e, 0x24, 0xdd, 0xa2, 0x22, 0x64, 0x5f, 0x0e, 0xe5, 0xc0, 0x47, 0x31, - /* (2^249)P */ 0xdb, 0x50, 0x13, 0x1d, 0x10, 0xa5, 0x4c, 0x16, 0x62, 0xc9, 0x3f, 0xc3, 0x79, 0x34, 0xd1, 0xf8, 0x08, 0xda, 0xe5, 0x13, 0x4d, 0xce, 0x40, 0xe6, 0xba, 0xf8, 0x61, 0x50, 0xc4, 0xe0, 0xde, 0x4b, - /* (2^250)P */ 0xc9, 0xb1, 0xed, 0xa4, 0xc1, 0x6d, 0xc4, 0xd7, 0x8a, 0xd9, 0x7f, 0x43, 0xb6, 0xd7, 0x14, 0x55, 0x0b, 0xc0, 0xa1, 0xb2, 0x6b, 0x2f, 0x94, 0x58, 0x0e, 0x71, 0x70, 0x1d, 0xab, 0xb2, 0xff, 0x2d, - /* (2^251)P */ 0x68, 0x6d, 0x8b, 0xc1, 0x2f, 0xcf, 0xdf, 0xcc, 0x67, 0x61, 0x80, 0xb7, 0xa8, 0xcb, 0xeb, 0xa8, 0xe3, 0x37, 0x29, 0x5e, 0xf9, 0x97, 0x06, 0x98, 0x8c, 0x6e, 0x12, 0xd0, 0x1c, 0xba, 0xfb, 0x02, - /* (2^252)P */ 0x65, 0x45, 0xff, 0xad, 0x60, 0xc3, 0x98, 0xcb, 0x19, 0x15, 0xdb, 0x4b, 0xd2, 0x01, 0x71, 0x44, 0xd5, 0x15, 0xfb, 0x75, 0x74, 0xc8, 0xc4, 0x98, 0x7d, 0xa2, 0x22, 0x6e, 0x6d, 0xc7, 0xf8, 0x05, - /* (2^253)P */ 0x94, 0xf4, 0xb9, 0xfe, 0xdf, 0xe5, 0x69, 0xab, 0x75, 0x6b, 0x40, 0x18, 0x9d, 0xc7, 0x09, 0xae, 0x1d, 0x2d, 0xa4, 0x94, 0xfb, 0x45, 0x9b, 0x19, 0x84, 0xfa, 0x2a, 0xae, 0xeb, 0x0a, 0x71, 0x79, - /* (2^254)P */ 0xdf, 0xd2, 0x34, 0xf3, 0xa7, 0xed, 0xad, 0xa6, 0xb4, 0x57, 0x2a, 0xaf, 0x51, 0x9c, 0xde, 0x7b, 0xa8, 0xea, 0xdc, 0x86, 0x4f, 0xc6, 0x8f, 0xa9, 0x7b, 0xd0, 0x0e, 0xc2, 0x35, 0x03, 0xbe, 0x6b, - /* (2^255)P */ 0x44, 0x43, 0x98, 0x53, 0xbe, 0xdc, 0x7f, 0x66, 0xa8, 0x49, 0x59, 0x00, 0x1c, 0xbc, 0x72, 0x07, 0x8e, 0xd6, 0xbe, 0x4e, 0x9f, 0xa4, 0x07, 0xba, 0xbf, 0x30, 0xdf, 0xba, 0x85, 0xb0, 0xa7, 0x1f, -} diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve.go b/vendor/github.com/cloudflare/circl/dh/x448/curve.go deleted file mode 100644 index d59564e4b4..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/curve.go +++ /dev/null @@ -1,104 +0,0 @@ -package x448 - -import ( - fp "github.com/cloudflare/circl/math/fp448" -) - -// ladderJoye calculates a fixed-point multiplication with the generator point. -// The algorithm is the right-to-left Joye's ladder as described -// in "How to precompute a ladder" in SAC'2017. -func ladderJoye(k *Key) { - w := [5]fp.Elt{} // [mu,x1,z1,x2,z2] order must be preserved. - w[1] = fp.Elt{ // x1 = S - 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - } - fp.SetOne(&w[2]) // z1 = 1 - w[3] = fp.Elt{ // x2 = G-S - 0x20, 0x27, 0x9d, 0xc9, 0x7d, 0x19, 0xb1, 0xac, - 0xf8, 0xba, 0x69, 0x1c, 0xff, 0x33, 0xac, 0x23, - 0x51, 0x1b, 0xce, 0x3a, 0x64, 0x65, 0xbd, 0xf1, - 0x23, 0xf8, 0xc1, 0x84, 0x9d, 0x45, 0x54, 0x29, - 0x67, 0xb9, 0x81, 0x1c, 0x03, 0xd1, 0xcd, 0xda, - 0x7b, 0xeb, 0xff, 0x1a, 0x88, 0x03, 0xcf, 0x3a, - 0x42, 0x44, 0x32, 0x01, 0x25, 0xb7, 0xfa, 0xf0, - } - fp.SetOne(&w[4]) // z2 = 1 - - const n = 448 - const h = 2 - swap := uint(1) - for s := 0; s < n-h; s++ { - i := (s + h) / 8 - j := (s + h) % 8 - bit := uint((k[i] >> uint(j)) & 1) - copy(w[0][:], tableGenerator[s*Size:(s+1)*Size]) - diffAdd(&w, swap^bit) - swap = bit - } - for s := 0; s < h; s++ { - double(&w[1], &w[2]) - } - toAffine((*[fp.Size]byte)(k), &w[1], &w[2]) -} - -// ladderMontgomery calculates a generic scalar point multiplication -// The algorithm implemented is the left-to-right Montgomery's ladder. -func ladderMontgomery(k, xP *Key) { - w := [5]fp.Elt{} // [x1, x2, z2, x3, z3] order must be preserved. - w[0] = *(*fp.Elt)(xP) // x1 = xP - fp.SetOne(&w[1]) // x2 = 1 - w[3] = *(*fp.Elt)(xP) // x3 = xP - fp.SetOne(&w[4]) // z3 = 1 - - move := uint(0) - for s := 448 - 1; s >= 0; s-- { - i := s / 8 - j := s % 8 - bit := uint((k[i] >> uint(j)) & 1) - ladderStep(&w, move^bit) - move = bit - } - toAffine((*[fp.Size]byte)(k), &w[1], &w[2]) -} - -func toAffine(k *[fp.Size]byte, x, z *fp.Elt) { - fp.Inv(z, z) - fp.Mul(x, x, z) - _ = fp.ToBytes(k[:], x) -} - -var lowOrderPoints = [3]fp.Elt{ - { /* (0,_,1) point of order 2 on Curve448 */ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }, - { /* (1,_,1) a point of order 4 on the twist of Curve448 */ - 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - }, - { /* (-1,_,1) point of order 4 on Curve448 */ - 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - }, -} diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go deleted file mode 100644 index a062266613..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go +++ /dev/null @@ -1,30 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -package x448 - -import ( - fp "github.com/cloudflare/circl/math/fp448" - "golang.org/x/sys/cpu" -) - -var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX - -var _ = hasBmi2Adx - -func double(x, z *fp.Elt) { doubleAmd64(x, z) } -func diffAdd(w *[5]fp.Elt, b uint) { diffAddAmd64(w, b) } -func ladderStep(w *[5]fp.Elt, b uint) { ladderStepAmd64(w, b) } -func mulA24(z, x *fp.Elt) { mulA24Amd64(z, x) } - -//go:noescape -func doubleAmd64(x, z *fp.Elt) - -//go:noescape -func diffAddAmd64(w *[5]fp.Elt, b uint) - -//go:noescape -func ladderStepAmd64(w *[5]fp.Elt, b uint) - -//go:noescape -func mulA24Amd64(z, x *fp.Elt) diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h deleted file mode 100644 index 8c1ae4d0fb..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h +++ /dev/null @@ -1,111 +0,0 @@ -#define ladderStepLeg \ - addSub(x2,z2) \ - addSub(x3,z3) \ - integerMulLeg(b0,x2,z3) \ - integerMulLeg(b1,x3,z2) \ - reduceFromDoubleLeg(t0,b0) \ - reduceFromDoubleLeg(t1,b1) \ - addSub(t0,t1) \ - cselect(x2,x3,regMove) \ - cselect(z2,z3,regMove) \ - integerSqrLeg(b0,t0) \ - integerSqrLeg(b1,t1) \ - reduceFromDoubleLeg(x3,b0) \ - reduceFromDoubleLeg(z3,b1) \ - integerMulLeg(b0,x1,z3) \ - reduceFromDoubleLeg(z3,b0) \ - integerSqrLeg(b0,x2) \ - integerSqrLeg(b1,z2) \ - reduceFromDoubleLeg(x2,b0) \ - reduceFromDoubleLeg(z2,b1) \ - subtraction(t0,x2,z2) \ - multiplyA24Leg(t1,t0) \ - additionLeg(t1,t1,z2) \ - integerMulLeg(b0,x2,z2) \ - integerMulLeg(b1,t0,t1) \ - reduceFromDoubleLeg(x2,b0) \ - reduceFromDoubleLeg(z2,b1) - -#define ladderStepBmi2Adx \ - addSub(x2,z2) \ - addSub(x3,z3) \ - integerMulAdx(b0,x2,z3) \ - integerMulAdx(b1,x3,z2) \ - reduceFromDoubleAdx(t0,b0) \ - reduceFromDoubleAdx(t1,b1) \ - addSub(t0,t1) \ - cselect(x2,x3,regMove) \ - cselect(z2,z3,regMove) \ - integerSqrAdx(b0,t0) \ - integerSqrAdx(b1,t1) \ - reduceFromDoubleAdx(x3,b0) \ - reduceFromDoubleAdx(z3,b1) \ - integerMulAdx(b0,x1,z3) \ - reduceFromDoubleAdx(z3,b0) \ - integerSqrAdx(b0,x2) \ - integerSqrAdx(b1,z2) \ - reduceFromDoubleAdx(x2,b0) \ - reduceFromDoubleAdx(z2,b1) \ - subtraction(t0,x2,z2) \ - multiplyA24Adx(t1,t0) \ - additionAdx(t1,t1,z2) \ - integerMulAdx(b0,x2,z2) \ - integerMulAdx(b1,t0,t1) \ - reduceFromDoubleAdx(x2,b0) \ - reduceFromDoubleAdx(z2,b1) - -#define difAddLeg \ - addSub(x1,z1) \ - integerMulLeg(b0,z1,ui) \ - reduceFromDoubleLeg(z1,b0) \ - addSub(x1,z1) \ - integerSqrLeg(b0,x1) \ - integerSqrLeg(b1,z1) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) \ - integerMulLeg(b0,x1,z2) \ - integerMulLeg(b1,z1,x2) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) - -#define difAddBmi2Adx \ - addSub(x1,z1) \ - integerMulAdx(b0,z1,ui) \ - reduceFromDoubleAdx(z1,b0) \ - addSub(x1,z1) \ - integerSqrAdx(b0,x1) \ - integerSqrAdx(b1,z1) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) \ - integerMulAdx(b0,x1,z2) \ - integerMulAdx(b1,z1,x2) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) - -#define doubleLeg \ - addSub(x1,z1) \ - integerSqrLeg(b0,x1) \ - integerSqrLeg(b1,z1) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) \ - subtraction(t0,x1,z1) \ - multiplyA24Leg(t1,t0) \ - additionLeg(t1,t1,z1) \ - integerMulLeg(b0,x1,z1) \ - integerMulLeg(b1,t0,t1) \ - reduceFromDoubleLeg(x1,b0) \ - reduceFromDoubleLeg(z1,b1) - -#define doubleBmi2Adx \ - addSub(x1,z1) \ - integerSqrAdx(b0,x1) \ - integerSqrAdx(b1,z1) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) \ - subtraction(t0,x1,z1) \ - multiplyA24Adx(t1,t0) \ - additionAdx(t1,t1,z1) \ - integerMulAdx(b0,x1,z1) \ - integerMulAdx(b1,t0,t1) \ - reduceFromDoubleAdx(x1,b0) \ - reduceFromDoubleAdx(z1,b1) diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s deleted file mode 100644 index ed33ba3d03..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s +++ /dev/null @@ -1,194 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -#include "textflag.h" - -// Depends on circl/math/fp448 package -#include "../../math/fp448/fp_amd64.h" -#include "curve_amd64.h" - -// CTE_A24 is (A+2)/4 from Curve448 -#define CTE_A24 39082 - -#define Size 56 - -// multiplyA24Leg multiplies x times CTE_A24 and stores in z -// Uses: AX, DX, R8-R15, FLAGS -// Instr: x86_64, cmov, adx -#define multiplyA24Leg(z,x) \ - MOVQ $CTE_A24, R15; \ - MOVQ 0+x, AX; MULQ R15; MOVQ AX, R8; ;;;;;;;;;;;; MOVQ DX, R9; \ - MOVQ 8+x, AX; MULQ R15; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; \ - MOVQ 16+x, AX; MULQ R15; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; \ - MOVQ 24+x, AX; MULQ R15; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; \ - MOVQ 32+x, AX; MULQ R15; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; \ - MOVQ 40+x, AX; MULQ R15; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX, R14; \ - MOVQ 48+x, AX; MULQ R15; ADDQ AX, R14; ADCQ $0, DX; \ - MOVQ DX, AX; \ - SHLQ $32, AX; \ - ADDQ DX, R8; MOVQ $0, DX; \ - ADCQ $0, R9; \ - ADCQ $0, R10; \ - ADCQ AX, R11; \ - ADCQ $0, R12; \ - ADCQ $0, R13; \ - ADCQ $0, R14; \ - ADCQ $0, DX; \ - MOVQ DX, AX; \ - SHLQ $32, AX; \ - ADDQ DX, R8; \ - ADCQ $0, R9; \ - ADCQ $0, R10; \ - ADCQ AX, R11; \ - ADCQ $0, R12; \ - ADCQ $0, R13; \ - ADCQ $0, R14; \ - MOVQ R8, 0+z; \ - MOVQ R9, 8+z; \ - MOVQ R10, 16+z; \ - MOVQ R11, 24+z; \ - MOVQ R12, 32+z; \ - MOVQ R13, 40+z; \ - MOVQ R14, 48+z; - -// multiplyA24Adx multiplies x times CTE_A24 and stores in z -// Uses: AX, DX, R8-R14, FLAGS -// Instr: x86_64, bmi2 -#define multiplyA24Adx(z,x) \ - MOVQ $CTE_A24, DX; \ - MULXQ 0+x, R8, R9; \ - MULXQ 8+x, AX, R10; ADDQ AX, R9; \ - MULXQ 16+x, AX, R11; ADCQ AX, R10; \ - MULXQ 24+x, AX, R12; ADCQ AX, R11; \ - MULXQ 32+x, AX, R13; ADCQ AX, R12; \ - MULXQ 40+x, AX, R14; ADCQ AX, R13; \ - MULXQ 48+x, AX, DX; ADCQ AX, R14; \ - ;;;;;;;;;;;;;;;;;;;; ADCQ $0, DX; \ - MOVQ DX, AX; \ - SHLQ $32, AX; \ - ADDQ DX, R8; MOVQ $0, DX; \ - ADCQ $0, R9; \ - ADCQ $0, R10; \ - ADCQ AX, R11; \ - ADCQ $0, R12; \ - ADCQ $0, R13; \ - ADCQ $0, R14; \ - ADCQ $0, DX; \ - MOVQ DX, AX; \ - SHLQ $32, AX; \ - ADDQ DX, R8; \ - ADCQ $0, R9; \ - ADCQ $0, R10; \ - ADCQ AX, R11; \ - ADCQ $0, R12; \ - ADCQ $0, R13; \ - ADCQ $0, R14; \ - MOVQ R8, 0+z; \ - MOVQ R9, 8+z; \ - MOVQ R10, 16+z; \ - MOVQ R11, 24+z; \ - MOVQ R12, 32+z; \ - MOVQ R13, 40+z; \ - MOVQ R14, 48+z; - -#define mulA24Legacy \ - multiplyA24Leg(0(DI),0(SI)) -#define mulA24Bmi2Adx \ - multiplyA24Adx(0(DI),0(SI)) - -// func mulA24Amd64(z, x *fp448.Elt) -TEXT ·mulA24Amd64(SB),NOSPLIT,$0-16 - MOVQ z+0(FP), DI - MOVQ x+8(FP), SI - CHECK_BMI2ADX(LMA24, mulA24Legacy, mulA24Bmi2Adx) - -// func ladderStepAmd64(w *[5]fp448.Elt, b uint) -// ladderStepAmd64 calculates a point addition and doubling as follows: -// (x2,z2) = 2*(x2,z2) and (x3,z3) = (x2,z2)+(x3,z3) using as a difference (x1,-). -// w = {x1,x2,z2,x3,z4} are five fp255.Elt of 56 bytes. -// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and -// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes. -TEXT ·ladderStepAmd64(SB),NOSPLIT,$336-16 - // Parameters - #define regWork DI - #define regMove SI - #define x1 0*Size(regWork) - #define x2 1*Size(regWork) - #define z2 2*Size(regWork) - #define x3 3*Size(regWork) - #define z3 4*Size(regWork) - // Local variables - #define t0 0*Size(SP) - #define t1 1*Size(SP) - #define b0 2*Size(SP) - #define b1 4*Size(SP) - MOVQ w+0(FP), regWork - MOVQ b+8(FP), regMove - CHECK_BMI2ADX(LLADSTEP, ladderStepLeg, ladderStepBmi2Adx) - #undef regWork - #undef regMove - #undef x1 - #undef x2 - #undef z2 - #undef x3 - #undef z3 - #undef t0 - #undef t1 - #undef b0 - #undef b1 - -// func diffAddAmd64(work *[5]fp.Elt, swap uint) -// diffAddAmd64 calculates a differential point addition using a precomputed point. -// (x1,z1) = (x1,z1)+(mu) using a difference point (x2,z2) -// work = {mu,x1,z1,x2,z2} are five fp448.Elt of 56 bytes, and -// stack = (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes. -// This is Equation 7 at https://eprint.iacr.org/2017/264. -TEXT ·diffAddAmd64(SB),NOSPLIT,$224-16 - // Parameters - #define regWork DI - #define regSwap SI - #define ui 0*Size(regWork) - #define x1 1*Size(regWork) - #define z1 2*Size(regWork) - #define x2 3*Size(regWork) - #define z2 4*Size(regWork) - // Local variables - #define b0 0*Size(SP) - #define b1 2*Size(SP) - MOVQ w+0(FP), regWork - MOVQ b+8(FP), regSwap - cswap(x1,x2,regSwap) - cswap(z1,z2,regSwap) - CHECK_BMI2ADX(LDIFADD, difAddLeg, difAddBmi2Adx) - #undef regWork - #undef regSwap - #undef ui - #undef x1 - #undef z1 - #undef x2 - #undef z2 - #undef b0 - #undef b1 - -// func doubleAmd64(x, z *fp448.Elt) -// doubleAmd64 calculates a point doubling (x1,z1) = 2*(x1,z1). -// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and -// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes. -TEXT ·doubleAmd64(SB),NOSPLIT,$336-16 - // Parameters - #define x1 0(DI) - #define z1 0(SI) - // Local variables - #define t0 0*Size(SP) - #define t1 1*Size(SP) - #define b0 2*Size(SP) - #define b1 4*Size(SP) - MOVQ x+0(FP), DI - MOVQ z+8(FP), SI - CHECK_BMI2ADX(LDOUB,doubleLeg,doubleBmi2Adx) - #undef x1 - #undef z1 - #undef t0 - #undef t1 - #undef b0 - #undef b1 diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go b/vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go deleted file mode 100644 index b0b65ccf7e..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go +++ /dev/null @@ -1,100 +0,0 @@ -package x448 - -import ( - "encoding/binary" - "math/bits" - - "github.com/cloudflare/circl/math/fp448" -) - -func doubleGeneric(x, z *fp448.Elt) { - t0, t1 := &fp448.Elt{}, &fp448.Elt{} - fp448.AddSub(x, z) - fp448.Sqr(x, x) - fp448.Sqr(z, z) - fp448.Sub(t0, x, z) - mulA24Generic(t1, t0) - fp448.Add(t1, t1, z) - fp448.Mul(x, x, z) - fp448.Mul(z, t0, t1) -} - -func diffAddGeneric(w *[5]fp448.Elt, b uint) { - mu, x1, z1, x2, z2 := &w[0], &w[1], &w[2], &w[3], &w[4] - fp448.Cswap(x1, x2, b) - fp448.Cswap(z1, z2, b) - fp448.AddSub(x1, z1) - fp448.Mul(z1, z1, mu) - fp448.AddSub(x1, z1) - fp448.Sqr(x1, x1) - fp448.Sqr(z1, z1) - fp448.Mul(x1, x1, z2) - fp448.Mul(z1, z1, x2) -} - -func ladderStepGeneric(w *[5]fp448.Elt, b uint) { - x1, x2, z2, x3, z3 := &w[0], &w[1], &w[2], &w[3], &w[4] - t0 := &fp448.Elt{} - t1 := &fp448.Elt{} - fp448.AddSub(x2, z2) - fp448.AddSub(x3, z3) - fp448.Mul(t0, x2, z3) - fp448.Mul(t1, x3, z2) - fp448.AddSub(t0, t1) - fp448.Cmov(x2, x3, b) - fp448.Cmov(z2, z3, b) - fp448.Sqr(x3, t0) - fp448.Sqr(z3, t1) - fp448.Mul(z3, x1, z3) - fp448.Sqr(x2, x2) - fp448.Sqr(z2, z2) - fp448.Sub(t0, x2, z2) - mulA24Generic(t1, t0) - fp448.Add(t1, t1, z2) - fp448.Mul(x2, x2, z2) - fp448.Mul(z2, t0, t1) -} - -func mulA24Generic(z, x *fp448.Elt) { - const A24 = 39082 - const n = 8 - var xx [7]uint64 - for i := range xx { - xx[i] = binary.LittleEndian.Uint64(x[i*n : (i+1)*n]) - } - h0, l0 := bits.Mul64(xx[0], A24) - h1, l1 := bits.Mul64(xx[1], A24) - h2, l2 := bits.Mul64(xx[2], A24) - h3, l3 := bits.Mul64(xx[3], A24) - h4, l4 := bits.Mul64(xx[4], A24) - h5, l5 := bits.Mul64(xx[5], A24) - h6, l6 := bits.Mul64(xx[6], A24) - - l1, c0 := bits.Add64(h0, l1, 0) - l2, c1 := bits.Add64(h1, l2, c0) - l3, c2 := bits.Add64(h2, l3, c1) - l4, c3 := bits.Add64(h3, l4, c2) - l5, c4 := bits.Add64(h4, l5, c3) - l6, c5 := bits.Add64(h5, l6, c4) - l7, _ := bits.Add64(h6, 0, c5) - - l0, c0 = bits.Add64(l0, l7, 0) - l1, c1 = bits.Add64(l1, 0, c0) - l2, c2 = bits.Add64(l2, 0, c1) - l3, c3 = bits.Add64(l3, l7<<32, c2) - l4, c4 = bits.Add64(l4, 0, c3) - l5, c5 = bits.Add64(l5, 0, c4) - l6, l7 = bits.Add64(l6, 0, c5) - - xx[0], c0 = bits.Add64(l0, l7, 0) - xx[1], c1 = bits.Add64(l1, 0, c0) - xx[2], c2 = bits.Add64(l2, 0, c1) - xx[3], c3 = bits.Add64(l3, l7<<32, c2) - xx[4], c4 = bits.Add64(l4, 0, c3) - xx[5], c5 = bits.Add64(l5, 0, c4) - xx[6], _ = bits.Add64(l6, 0, c5) - - for i := range xx { - binary.LittleEndian.PutUint64(z[i*n:(i+1)*n], xx[i]) - } -} diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go b/vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go deleted file mode 100644 index 3755b7c83b..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go +++ /dev/null @@ -1,11 +0,0 @@ -//go:build !amd64 || purego -// +build !amd64 purego - -package x448 - -import fp "github.com/cloudflare/circl/math/fp448" - -func double(x, z *fp.Elt) { doubleGeneric(x, z) } -func diffAdd(w *[5]fp.Elt, b uint) { diffAddGeneric(w, b) } -func ladderStep(w *[5]fp.Elt, b uint) { ladderStepGeneric(w, b) } -func mulA24(z, x *fp.Elt) { mulA24Generic(z, x) } diff --git a/vendor/github.com/cloudflare/circl/dh/x448/doc.go b/vendor/github.com/cloudflare/circl/dh/x448/doc.go deleted file mode 100644 index c02904feda..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/doc.go +++ /dev/null @@ -1,19 +0,0 @@ -/* -Package x448 provides Diffie-Hellman functions as specified in RFC-7748. - -Validation of public keys. - -The Diffie-Hellman function, as described in RFC-7748 [1], works for any -public key. However, if a different protocol requires contributory -behaviour [2,3], then the public keys must be validated against low-order -points [3,4]. To do that, the Shared function performs this validation -internally and returns false when the public key is invalid (i.e., it -is a low-order point). - -References: - - [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt) - - [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html) - - [3] Bernstein (https://cr.yp.to/ecdh.html#validate) - - [4] Cremers&Jackson (https://eprint.iacr.org/2019/526) -*/ -package x448 diff --git a/vendor/github.com/cloudflare/circl/dh/x448/key.go b/vendor/github.com/cloudflare/circl/dh/x448/key.go deleted file mode 100644 index 2fdde51168..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/key.go +++ /dev/null @@ -1,46 +0,0 @@ -package x448 - -import ( - "crypto/subtle" - - fp "github.com/cloudflare/circl/math/fp448" -) - -// Size is the length in bytes of a X448 key. -const Size = 56 - -// Key represents a X448 key. -type Key [Size]byte - -func (k *Key) clamp(in *Key) *Key { - *k = *in - k[0] &= 252 - k[55] |= 128 - return k -} - -// isValidPubKey verifies if the public key is not a low-order point. -func (k *Key) isValidPubKey() bool { - fp.Modp((*fp.Elt)(k)) - var isLowOrder int - for _, P := range lowOrderPoints { - isLowOrder |= subtle.ConstantTimeCompare(P[:], k[:]) - } - return isLowOrder == 0 -} - -// KeyGen obtains a public key given a secret key. -func KeyGen(public, secret *Key) { - ladderJoye(public.clamp(secret)) -} - -// Shared calculates Alice's shared key from Alice's secret key and Bob's -// public key returning true on success. A failure case happens when the public -// key is a low-order point, thus the shared key is all-zeros and the function -// returns false. -func Shared(shared, secret, public *Key) bool { - validPk := *public - ok := validPk.isValidPubKey() - ladderMontgomery(shared.clamp(secret), &validPk) - return ok -} diff --git a/vendor/github.com/cloudflare/circl/dh/x448/table.go b/vendor/github.com/cloudflare/circl/dh/x448/table.go deleted file mode 100644 index eef53c30f8..0000000000 --- a/vendor/github.com/cloudflare/circl/dh/x448/table.go +++ /dev/null @@ -1,460 +0,0 @@ -package x448 - -import fp "github.com/cloudflare/circl/math/fp448" - -// tableGenerator contains the set of points: -// -// t[i] = (xi+1)/(xi-1), -// -// where (xi,yi) = 2^iG and G is the generator point -// Size = (448)*(448/8) = 25088 bytes. -var tableGenerator = [448 * fp.Size]byte{ - /* (2^ 0)P */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, - /* (2^ 1)P */ 0x37, 0xfa, 0xaa, 0x0d, 0x86, 0xa6, 0x24, 0xe9, 0x6c, 0x95, 0x08, 0x34, 0xba, 0x1a, 0x81, 0x3a, 0xae, 0x01, 0xa5, 0xa7, 0x05, 0x85, 0x96, 0x00, 0x06, 0x5a, 0xd7, 0xff, 0xee, 0x8e, 0x8f, 0x94, 0xd2, 0xdc, 0xd7, 0xfc, 0xe7, 0xe5, 0x99, 0x1d, 0x05, 0x46, 0x43, 0xe8, 0xbc, 0x12, 0xb7, 0xeb, 0x30, 0x5e, 0x7a, 0x85, 0x68, 0xed, 0x9d, 0x28, - /* (2^ 2)P */ 0xf1, 0x7d, 0x08, 0x2b, 0x32, 0x4a, 0x62, 0x80, 0x36, 0xe7, 0xa4, 0x76, 0x5a, 0x2a, 0x1e, 0xf7, 0x9e, 0x3c, 0x40, 0x46, 0x9a, 0x1b, 0x61, 0xc1, 0xbf, 0x1a, 0x1b, 0xae, 0x91, 0x80, 0xa3, 0x76, 0x6c, 0xd4, 0x8f, 0xa4, 0xee, 0x26, 0x39, 0x23, 0xa4, 0x80, 0xf4, 0x66, 0x92, 0xe4, 0xe1, 0x18, 0x76, 0xc5, 0xe2, 0x19, 0x87, 0xd5, 0xc3, 0xe8, - /* (2^ 3)P */ 0xfb, 0xc9, 0xf0, 0x07, 0xf2, 0x93, 0xd8, 0x50, 0x36, 0xed, 0xfb, 0xbd, 0xb2, 0xd3, 0xfc, 0xdf, 0xd5, 0x2a, 0x6e, 0x26, 0x09, 0xce, 0xd4, 0x07, 0x64, 0x9f, 0x40, 0x74, 0xad, 0x98, 0x2f, 0x1c, 0xb6, 0xdc, 0x2d, 0x42, 0xff, 0xbf, 0x97, 0xd8, 0xdb, 0xef, 0x99, 0xca, 0x73, 0x99, 0x1a, 0x04, 0x3b, 0x56, 0x2c, 0x1f, 0x87, 0x9d, 0x9f, 0x03, - /* (2^ 4)P */ 0x4c, 0x35, 0x97, 0xf7, 0x81, 0x2c, 0x84, 0xa6, 0xe0, 0xcb, 0xce, 0x37, 0x4c, 0x21, 0x1c, 0x67, 0xfa, 0xab, 0x18, 0x4d, 0xef, 0xd0, 0xf0, 0x44, 0xa9, 0xfb, 0xc0, 0x8e, 0xda, 0x57, 0xa1, 0xd8, 0xeb, 0x87, 0xf4, 0x17, 0xea, 0x66, 0x0f, 0x16, 0xea, 0xcd, 0x5f, 0x3e, 0x88, 0xea, 0x09, 0x68, 0x40, 0xdf, 0x43, 0xcc, 0x54, 0x61, 0x58, 0xaa, - /* (2^ 5)P */ 0x8d, 0xe7, 0x59, 0xd7, 0x5e, 0x63, 0x37, 0xa7, 0x3f, 0xd1, 0x49, 0x85, 0x01, 0xdd, 0x5e, 0xb3, 0xe6, 0x29, 0xcb, 0x25, 0x93, 0xdd, 0x08, 0x96, 0x83, 0x52, 0x76, 0x85, 0xf5, 0x5d, 0x02, 0xbf, 0xe9, 0x6d, 0x15, 0x27, 0xc1, 0x09, 0xd1, 0x14, 0x4d, 0x6e, 0xe8, 0xaf, 0x59, 0x58, 0x34, 0x9d, 0x2a, 0x99, 0x85, 0x26, 0xbe, 0x4b, 0x1e, 0xb9, - /* (2^ 6)P */ 0x8d, 0xce, 0x94, 0xe2, 0x18, 0x56, 0x0d, 0x82, 0x8e, 0xdf, 0x85, 0x01, 0x8f, 0x93, 0x3c, 0xc6, 0xbd, 0x61, 0xfb, 0xf4, 0x22, 0xc5, 0x16, 0x87, 0xd1, 0xb1, 0x9e, 0x09, 0xc5, 0x83, 0x2e, 0x4a, 0x07, 0x88, 0xee, 0xe0, 0x29, 0x8d, 0x2e, 0x1f, 0x88, 0xad, 0xfd, 0x18, 0x93, 0xb7, 0xed, 0x42, 0x86, 0x78, 0xf0, 0xb8, 0x70, 0xbe, 0x01, 0x67, - /* (2^ 7)P */ 0xdf, 0x62, 0x2d, 0x94, 0xc7, 0x35, 0x23, 0xda, 0x27, 0xbb, 0x2b, 0xdb, 0x30, 0x80, 0x68, 0x16, 0xa3, 0xae, 0xd7, 0xd2, 0xa7, 0x7c, 0xbf, 0x6a, 0x1d, 0x83, 0xde, 0x96, 0x0a, 0x43, 0xb6, 0x30, 0x37, 0xd6, 0xee, 0x63, 0x59, 0x9a, 0xbf, 0xa3, 0x30, 0x6c, 0xaf, 0x0c, 0xee, 0x3d, 0xcb, 0x35, 0x4b, 0x55, 0x5f, 0x84, 0x85, 0xcb, 0x4f, 0x1e, - /* (2^ 8)P */ 0x9d, 0x04, 0x68, 0x89, 0xa4, 0xa9, 0x0d, 0x87, 0xc1, 0x70, 0xf1, 0xeb, 0xfb, 0x47, 0x0a, 0xf0, 0xde, 0x67, 0xb7, 0x94, 0xcd, 0x36, 0x43, 0xa5, 0x49, 0x43, 0x67, 0xc3, 0xee, 0x3c, 0x6b, 0xec, 0xd0, 0x1a, 0xf4, 0xad, 0xef, 0x06, 0x4a, 0xe8, 0x46, 0x24, 0xd7, 0x93, 0xbf, 0xf0, 0xe3, 0x81, 0x61, 0xec, 0xea, 0x64, 0xfe, 0x67, 0xeb, 0xc7, - /* (2^ 9)P */ 0x95, 0x45, 0x79, 0xcf, 0x2c, 0xfd, 0x9b, 0xfe, 0x84, 0x46, 0x4b, 0x8f, 0xa1, 0xcf, 0xc3, 0x04, 0x94, 0x78, 0xdb, 0xc9, 0xa6, 0x01, 0x75, 0xa4, 0xb4, 0x93, 0x72, 0x43, 0xa7, 0x7d, 0xda, 0x31, 0x38, 0x54, 0xab, 0x4e, 0x3f, 0x89, 0xa6, 0xab, 0x57, 0xc0, 0x16, 0x65, 0xdb, 0x92, 0x96, 0xe4, 0xc8, 0xae, 0xe7, 0x4c, 0x7a, 0xeb, 0xbb, 0x5a, - /* (2^ 10)P */ 0xbe, 0xfe, 0x86, 0xc3, 0x97, 0xe0, 0x6a, 0x18, 0x20, 0x21, 0xca, 0x22, 0x55, 0xa1, 0xeb, 0xf5, 0x74, 0xe5, 0xc9, 0x59, 0xa7, 0x92, 0x65, 0x15, 0x08, 0x71, 0xd1, 0x09, 0x7e, 0x83, 0xfc, 0xbc, 0x5a, 0x93, 0x38, 0x0d, 0x43, 0x42, 0xfd, 0x76, 0x30, 0xe8, 0x63, 0x60, 0x09, 0x8d, 0x6c, 0xd3, 0xf8, 0x56, 0x3d, 0x68, 0x47, 0xab, 0xa0, 0x1d, - /* (2^ 11)P */ 0x38, 0x50, 0x1c, 0xb1, 0xac, 0x88, 0x8f, 0x38, 0xe3, 0x69, 0xe6, 0xfc, 0x4f, 0x8f, 0xe1, 0x9b, 0xb1, 0x1a, 0x09, 0x39, 0x19, 0xdf, 0xcd, 0x98, 0x7b, 0x64, 0x42, 0xf6, 0x11, 0xea, 0xc7, 0xe8, 0x92, 0x65, 0x00, 0x2c, 0x75, 0xb5, 0x94, 0x1e, 0x5b, 0xa6, 0x66, 0x81, 0x77, 0xf3, 0x39, 0x94, 0xac, 0xbd, 0xe4, 0x2a, 0x66, 0x84, 0x9c, 0x60, - /* (2^ 12)P */ 0xb5, 0xb6, 0xd9, 0x03, 0x67, 0xa4, 0xa8, 0x0a, 0x4a, 0x2b, 0x9d, 0xfa, 0x13, 0xe1, 0x99, 0x25, 0x4a, 0x5c, 0x67, 0xb9, 0xb2, 0xb7, 0xdd, 0x1e, 0xaf, 0xeb, 0x63, 0x41, 0xb6, 0xb9, 0xa0, 0x87, 0x0a, 0xe0, 0x06, 0x07, 0xaa, 0x97, 0xf8, 0xf9, 0x38, 0x4f, 0xdf, 0x0c, 0x40, 0x7c, 0xc3, 0x98, 0xa9, 0x74, 0xf1, 0x5d, 0xda, 0xd1, 0xc0, 0x0a, - /* (2^ 13)P */ 0xf2, 0x0a, 0xab, 0xab, 0x94, 0x50, 0xf0, 0xa3, 0x6f, 0xc6, 0x66, 0xba, 0xa6, 0xdc, 0x44, 0xdd, 0xd6, 0x08, 0xf4, 0xd3, 0xed, 0xb1, 0x40, 0x93, 0xee, 0xf6, 0xb8, 0x8e, 0xb4, 0x7c, 0xb9, 0x82, 0xc9, 0x9d, 0x45, 0x3b, 0x8e, 0x10, 0xcb, 0x70, 0x1e, 0xba, 0x3c, 0x62, 0x50, 0xda, 0xa9, 0x93, 0xb5, 0xd7, 0xd0, 0x6f, 0x29, 0x52, 0x95, 0xae, - /* (2^ 14)P */ 0x14, 0x68, 0x69, 0x23, 0xa8, 0x44, 0x87, 0x9e, 0x22, 0x91, 0xe8, 0x92, 0xdf, 0xf7, 0xae, 0xba, 0x1c, 0x96, 0xe1, 0xc3, 0x94, 0xed, 0x6c, 0x95, 0xae, 0x96, 0xa7, 0x15, 0x9f, 0xf1, 0x17, 0x11, 0x92, 0x42, 0xd5, 0xcd, 0x18, 0xe7, 0xa9, 0xb5, 0x2f, 0xcd, 0xde, 0x6c, 0xc9, 0x7d, 0xfc, 0x7e, 0xbd, 0x7f, 0x10, 0x3d, 0x01, 0x00, 0x8d, 0x95, - /* (2^ 15)P */ 0x3b, 0x76, 0x72, 0xae, 0xaf, 0x84, 0xf2, 0xf7, 0xd1, 0x6d, 0x13, 0x9c, 0x47, 0xe1, 0xb7, 0xa3, 0x19, 0x16, 0xee, 0x75, 0x45, 0xf6, 0x1a, 0x7b, 0x78, 0x49, 0x79, 0x05, 0x86, 0xf0, 0x7f, 0x9f, 0xfc, 0xc4, 0xbd, 0x86, 0xf3, 0x41, 0xa7, 0xfe, 0x01, 0xd5, 0x67, 0x16, 0x10, 0x5b, 0xa5, 0x16, 0xf3, 0x7f, 0x60, 0xce, 0xd2, 0x0c, 0x8e, 0x4b, - /* (2^ 16)P */ 0x4a, 0x07, 0x99, 0x4a, 0x0f, 0x74, 0x91, 0x14, 0x68, 0xb9, 0x48, 0xb7, 0x44, 0x77, 0x9b, 0x4a, 0xe0, 0x68, 0x0e, 0x43, 0x4d, 0x98, 0x98, 0xbf, 0xa8, 0x3a, 0xb7, 0x6d, 0x2a, 0x9a, 0x77, 0x5f, 0x62, 0xf5, 0x6b, 0x4a, 0xb7, 0x7d, 0xe5, 0x09, 0x6b, 0xc0, 0x8b, 0x9c, 0x88, 0x37, 0x33, 0xf2, 0x41, 0xac, 0x22, 0x1f, 0xcf, 0x3b, 0x82, 0x34, - /* (2^ 17)P */ 0x00, 0xc3, 0x78, 0x42, 0x32, 0x2e, 0xdc, 0xda, 0xb1, 0x96, 0x21, 0xa4, 0xe4, 0xbb, 0xe9, 0x9d, 0xbb, 0x0f, 0x93, 0xed, 0x26, 0x3d, 0xb5, 0xdb, 0x94, 0x31, 0x37, 0x07, 0xa2, 0xb2, 0xd5, 0x99, 0x0d, 0x93, 0xe1, 0xce, 0x3f, 0x0b, 0x96, 0x82, 0x47, 0xfe, 0x60, 0x6f, 0x8f, 0x61, 0x88, 0xd7, 0x05, 0x95, 0x0b, 0x46, 0x06, 0xb7, 0x32, 0x06, - /* (2^ 18)P */ 0x44, 0xf5, 0x34, 0xdf, 0x2f, 0x9c, 0x5d, 0x9f, 0x53, 0x5c, 0x42, 0x8f, 0xc9, 0xdc, 0xd8, 0x40, 0xa2, 0xe7, 0x6a, 0x4a, 0x05, 0xf7, 0x86, 0x77, 0x2b, 0xae, 0x37, 0xed, 0x48, 0xfb, 0xf7, 0x62, 0x7c, 0x17, 0x59, 0x92, 0x41, 0x61, 0x93, 0x38, 0x30, 0xd1, 0xef, 0x54, 0x54, 0x03, 0x17, 0x57, 0x91, 0x15, 0x11, 0x33, 0xb5, 0xfa, 0xfb, 0x17, - /* (2^ 19)P */ 0x29, 0xbb, 0xd4, 0xb4, 0x9c, 0xf1, 0x72, 0x94, 0xce, 0x6a, 0x29, 0xa8, 0x89, 0x18, 0x19, 0xf7, 0xb7, 0xcc, 0xee, 0x9a, 0x02, 0xe3, 0xc0, 0xb1, 0xe0, 0xee, 0x83, 0x78, 0xb4, 0x9e, 0x07, 0x87, 0xdf, 0xb0, 0x82, 0x26, 0x4e, 0xa4, 0x0c, 0x33, 0xaf, 0x40, 0x59, 0xb6, 0xdd, 0x52, 0x45, 0xf0, 0xb4, 0xf6, 0xe8, 0x4e, 0x4e, 0x79, 0x1a, 0x5d, - /* (2^ 20)P */ 0x27, 0x33, 0x4d, 0x4c, 0x6b, 0x4f, 0x75, 0xb1, 0xbc, 0x1f, 0xab, 0x5b, 0x2b, 0xf0, 0x1c, 0x57, 0x86, 0xdd, 0xfd, 0x60, 0xb0, 0x8c, 0xe7, 0x9a, 0xe5, 0x5c, 0xeb, 0x11, 0x3a, 0xda, 0x22, 0x25, 0x99, 0x06, 0x8d, 0xf4, 0xaf, 0x29, 0x7a, 0xc9, 0xe5, 0xd2, 0x16, 0x9e, 0xd4, 0x63, 0x1d, 0x64, 0xa6, 0x47, 0x96, 0x37, 0x6f, 0x93, 0x2c, 0xcc, - /* (2^ 21)P */ 0xc1, 0x94, 0x74, 0x86, 0x75, 0xf2, 0x91, 0x58, 0x23, 0x85, 0x63, 0x76, 0x54, 0xc7, 0xb4, 0x8c, 0xbc, 0x4e, 0xc4, 0xa7, 0xba, 0xa0, 0x55, 0x26, 0x71, 0xd5, 0x33, 0x72, 0xc9, 0xad, 0x1e, 0xf9, 0x5d, 0x78, 0x70, 0x93, 0x4e, 0x85, 0xfc, 0x39, 0x06, 0x73, 0x76, 0xff, 0xe8, 0x64, 0x69, 0x42, 0x45, 0xb2, 0x69, 0xb5, 0x32, 0xe7, 0x2c, 0xde, - /* (2^ 22)P */ 0xde, 0x16, 0xd8, 0x33, 0x49, 0x32, 0xe9, 0x0e, 0x3a, 0x60, 0xee, 0x2e, 0x24, 0x75, 0xe3, 0x9c, 0x92, 0x07, 0xdb, 0xad, 0x92, 0xf5, 0x11, 0xdf, 0xdb, 0xb0, 0x17, 0x5c, 0xd6, 0x1a, 0x70, 0x00, 0xb7, 0xe2, 0x18, 0xec, 0xdc, 0xc2, 0x02, 0x93, 0xb3, 0xc8, 0x3f, 0x4f, 0x1b, 0x96, 0xe6, 0x33, 0x8c, 0xfb, 0xcc, 0xa5, 0x4e, 0xe8, 0xe7, 0x11, - /* (2^ 23)P */ 0x05, 0x7a, 0x74, 0x52, 0xf8, 0xdf, 0x0d, 0x7c, 0x6a, 0x1a, 0x4e, 0x9a, 0x02, 0x1d, 0xae, 0x77, 0xf8, 0x8e, 0xf9, 0xa2, 0x38, 0x54, 0x50, 0xb2, 0x2c, 0x08, 0x9d, 0x9b, 0x9f, 0xfb, 0x2b, 0x06, 0xde, 0x9d, 0xc2, 0x03, 0x0b, 0x22, 0x2b, 0x10, 0x5b, 0x3a, 0x73, 0x29, 0x8e, 0x3e, 0x37, 0x08, 0x2c, 0x3b, 0xf8, 0x80, 0xc1, 0x66, 0x1e, 0x98, - /* (2^ 24)P */ 0xd8, 0xd6, 0x3e, 0xcd, 0x63, 0x8c, 0x2b, 0x41, 0x81, 0xc0, 0x0c, 0x06, 0x87, 0xd6, 0xe7, 0x92, 0xfe, 0xf1, 0x0c, 0x4a, 0x84, 0x5b, 0xaf, 0x40, 0x53, 0x6f, 0x60, 0xd6, 0x6b, 0x76, 0x4b, 0xc2, 0xad, 0xc9, 0xb6, 0xb6, 0x6a, 0xa2, 0xb3, 0xf5, 0xf5, 0xc2, 0x55, 0x83, 0xb2, 0xd3, 0xe9, 0x41, 0x6c, 0x63, 0x51, 0xb8, 0x81, 0x74, 0xc8, 0x2c, - /* (2^ 25)P */ 0xb2, 0xaf, 0x1c, 0xee, 0x07, 0xb0, 0x58, 0xa8, 0x2c, 0x6a, 0xc9, 0x2d, 0x62, 0x28, 0x75, 0x0c, 0x40, 0xb6, 0x11, 0x33, 0x96, 0x80, 0x28, 0x6d, 0xd5, 0x9e, 0x87, 0x90, 0x01, 0x66, 0x1d, 0x1c, 0xf8, 0xb4, 0x92, 0xac, 0x38, 0x18, 0x05, 0xc2, 0x4c, 0x4b, 0x54, 0x7d, 0x80, 0x46, 0x87, 0x2d, 0x99, 0x8e, 0x70, 0x80, 0x69, 0x71, 0x8b, 0xed, - /* (2^ 26)P */ 0x37, 0xa7, 0x6b, 0x71, 0x36, 0x75, 0x8e, 0xff, 0x0f, 0x42, 0xda, 0x5a, 0x46, 0xa6, 0x97, 0x79, 0x7e, 0x30, 0xb3, 0x8f, 0xc7, 0x3a, 0xa0, 0xcb, 0x1d, 0x9c, 0x78, 0x77, 0x36, 0xc2, 0xe7, 0xf4, 0x2f, 0x29, 0x07, 0xb1, 0x07, 0xfd, 0xed, 0x1b, 0x39, 0x77, 0x06, 0x38, 0x77, 0x0f, 0x50, 0x31, 0x12, 0xbf, 0x92, 0xbf, 0x72, 0x79, 0x54, 0xa9, - /* (2^ 27)P */ 0xbd, 0x4d, 0x46, 0x6b, 0x1a, 0x80, 0x46, 0x2d, 0xed, 0xfd, 0x64, 0x6d, 0x94, 0xbc, 0x4a, 0x6e, 0x0c, 0x12, 0xf6, 0x12, 0xab, 0x54, 0x88, 0xd3, 0x85, 0xac, 0x51, 0xae, 0x6f, 0xca, 0xc4, 0xb7, 0xec, 0x22, 0x54, 0x6d, 0x80, 0xb2, 0x1c, 0x63, 0x33, 0x76, 0x6b, 0x8e, 0x6d, 0x59, 0xcd, 0x73, 0x92, 0x5f, 0xff, 0xad, 0x10, 0x35, 0x70, 0x5f, - /* (2^ 28)P */ 0xb3, 0x84, 0xde, 0xc8, 0x04, 0x43, 0x63, 0xfa, 0x29, 0xd9, 0xf0, 0x69, 0x65, 0x5a, 0x0c, 0xe8, 0x2e, 0x0b, 0xfe, 0xb0, 0x7a, 0x42, 0xb3, 0xc3, 0xfc, 0xe6, 0xb8, 0x92, 0x29, 0xae, 0xed, 0xec, 0xd5, 0xe8, 0x4a, 0xa1, 0xbd, 0x3b, 0xd3, 0xc0, 0x07, 0xab, 0x65, 0x65, 0x35, 0x9a, 0xa6, 0x5e, 0x78, 0x18, 0x76, 0x1c, 0x15, 0x49, 0xe6, 0x75, - /* (2^ 29)P */ 0x45, 0xb3, 0x92, 0xa9, 0xc3, 0xb8, 0x11, 0x68, 0x64, 0x3a, 0x83, 0x5d, 0xa8, 0x94, 0x6a, 0x9d, 0xaa, 0x27, 0x9f, 0x98, 0x5d, 0xc0, 0x29, 0xf0, 0xc0, 0x4b, 0x14, 0x3c, 0x05, 0xe7, 0xf8, 0xbd, 0x38, 0x22, 0x96, 0x75, 0x65, 0x5e, 0x0d, 0x3f, 0xbb, 0x6f, 0xe8, 0x3f, 0x96, 0x76, 0x9f, 0xba, 0xd9, 0x44, 0x92, 0x96, 0x22, 0xe7, 0x52, 0xe7, - /* (2^ 30)P */ 0xf4, 0xa3, 0x95, 0x90, 0x47, 0xdf, 0x7d, 0xdc, 0xf4, 0x13, 0x87, 0x67, 0x7d, 0x4f, 0x9d, 0xa0, 0x00, 0x46, 0x72, 0x08, 0xc3, 0xa2, 0x7a, 0x3e, 0xe7, 0x6d, 0x52, 0x7c, 0x11, 0x36, 0x50, 0x83, 0x89, 0x64, 0xcb, 0x1f, 0x08, 0x83, 0x46, 0xcb, 0xac, 0xa6, 0xd8, 0x9c, 0x1b, 0xe8, 0x05, 0x47, 0xc7, 0x26, 0x06, 0x83, 0x39, 0xe9, 0xb1, 0x1c, - /* (2^ 31)P */ 0x11, 0xe8, 0xc8, 0x42, 0xbf, 0x30, 0x9c, 0xa3, 0xf1, 0x85, 0x96, 0x95, 0x4f, 0x4f, 0x52, 0xa2, 0xf5, 0x8b, 0x68, 0x24, 0x16, 0xac, 0x9b, 0xa9, 0x27, 0x28, 0x0e, 0x84, 0x03, 0x46, 0x22, 0x5f, 0xf7, 0x0d, 0xa6, 0x85, 0x88, 0xc1, 0x45, 0x4b, 0x85, 0x1a, 0x10, 0x7f, 0xc9, 0x94, 0x20, 0xb0, 0x04, 0x28, 0x12, 0x30, 0xb9, 0xe6, 0x40, 0x6b, - /* (2^ 32)P */ 0xac, 0x1b, 0x57, 0xb6, 0x42, 0xdb, 0x81, 0x8d, 0x76, 0xfd, 0x9b, 0x1c, 0x29, 0x30, 0xd5, 0x3a, 0xcc, 0x53, 0xd9, 0x26, 0x7a, 0x0f, 0x9c, 0x2e, 0x79, 0xf5, 0x62, 0xeb, 0x61, 0x9d, 0x9b, 0x80, 0x39, 0xcd, 0x60, 0x2e, 0x1f, 0x08, 0x22, 0xbc, 0x19, 0xb3, 0x2a, 0x43, 0x44, 0xf2, 0x4e, 0x66, 0xf4, 0x36, 0xa6, 0xa7, 0xbc, 0xa4, 0x15, 0x7e, - /* (2^ 33)P */ 0xc1, 0x90, 0x8a, 0xde, 0xff, 0x78, 0xc3, 0x73, 0x16, 0xee, 0x76, 0xa0, 0x84, 0x60, 0x8d, 0xe6, 0x82, 0x0f, 0xde, 0x4e, 0xc5, 0x99, 0x34, 0x06, 0x90, 0x44, 0x55, 0xf8, 0x91, 0xd8, 0xe1, 0xe4, 0x2c, 0x8a, 0xde, 0x94, 0x1e, 0x78, 0x25, 0x3d, 0xfd, 0xd8, 0x59, 0x7d, 0xaf, 0x6e, 0xbe, 0x96, 0xbe, 0x3c, 0x16, 0x23, 0x0f, 0x4c, 0xa4, 0x28, - /* (2^ 34)P */ 0xba, 0x11, 0x35, 0x57, 0x03, 0xb6, 0xf4, 0x24, 0x89, 0xb8, 0x5a, 0x0d, 0x50, 0x9c, 0xaa, 0x51, 0x7f, 0xa4, 0x0e, 0xfc, 0x71, 0xb3, 0x3b, 0xf1, 0x96, 0x50, 0x23, 0x15, 0xf5, 0xf5, 0xd4, 0x23, 0xdc, 0x8b, 0x26, 0x9e, 0xae, 0xb7, 0x50, 0xcd, 0xc4, 0x25, 0xf6, 0x75, 0x40, 0x9c, 0x37, 0x79, 0x33, 0x60, 0xd4, 0x4b, 0x13, 0x32, 0xee, 0xe2, - /* (2^ 35)P */ 0x43, 0xb8, 0x56, 0x59, 0xf0, 0x68, 0x23, 0xb3, 0xea, 0x70, 0x58, 0x4c, 0x1e, 0x5a, 0x16, 0x54, 0x03, 0xb2, 0xf4, 0x73, 0xb6, 0xd9, 0x5c, 0x9c, 0x6f, 0xcf, 0x82, 0x2e, 0x54, 0x15, 0x46, 0x2c, 0xa3, 0xda, 0x4e, 0x87, 0xf5, 0x2b, 0xba, 0x91, 0xa3, 0xa0, 0x89, 0xba, 0x48, 0x2b, 0xfa, 0x64, 0x02, 0x7f, 0x78, 0x03, 0xd1, 0xe8, 0x3b, 0xe9, - /* (2^ 36)P */ 0x15, 0xa4, 0x71, 0xd4, 0x0c, 0x24, 0xe9, 0x07, 0xa1, 0x43, 0xf4, 0x7f, 0xbb, 0xa2, 0xa6, 0x6b, 0xfa, 0xb7, 0xea, 0x58, 0xd1, 0x96, 0xb0, 0x24, 0x5c, 0xc7, 0x37, 0x4e, 0x60, 0x0f, 0x40, 0xf2, 0x2f, 0x44, 0x70, 0xea, 0x80, 0x63, 0xfe, 0xfc, 0x46, 0x59, 0x12, 0x27, 0xb5, 0x27, 0xfd, 0xb7, 0x73, 0x0b, 0xca, 0x8b, 0xc2, 0xd3, 0x71, 0x08, - /* (2^ 37)P */ 0x26, 0x0e, 0xd7, 0x52, 0x6f, 0xf1, 0xf2, 0x9d, 0xb8, 0x3d, 0xbd, 0xd4, 0x75, 0x97, 0xd8, 0xbf, 0xa8, 0x86, 0x96, 0xa5, 0x80, 0xa0, 0x45, 0x75, 0xf6, 0x77, 0x71, 0xdb, 0x77, 0x96, 0x55, 0x99, 0x31, 0xd0, 0x4f, 0x34, 0xf4, 0x35, 0x39, 0x41, 0xd3, 0x7d, 0xf7, 0xe2, 0x74, 0xde, 0xbe, 0x5b, 0x1f, 0x39, 0x10, 0x21, 0xa3, 0x4d, 0x3b, 0xc8, - /* (2^ 38)P */ 0x04, 0x00, 0x2a, 0x45, 0xb2, 0xaf, 0x9b, 0x18, 0x6a, 0xeb, 0x96, 0x28, 0xa4, 0x77, 0xd0, 0x13, 0xcf, 0x17, 0x65, 0xe8, 0xc5, 0x81, 0x28, 0xad, 0x39, 0x7a, 0x0b, 0xaa, 0x55, 0x2b, 0xf3, 0xfc, 0x86, 0x40, 0xad, 0x0d, 0x1e, 0x28, 0xa2, 0x2d, 0xc5, 0xd6, 0x04, 0x15, 0xa2, 0x30, 0x3d, 0x12, 0x8e, 0xd6, 0xb5, 0xf7, 0x69, 0xbb, 0x84, 0x20, - /* (2^ 39)P */ 0xd7, 0x7a, 0x77, 0x2c, 0xfb, 0x81, 0x80, 0xe9, 0x1e, 0xc6, 0x36, 0x31, 0x79, 0xc3, 0x7c, 0xa9, 0x57, 0x6b, 0xb5, 0x70, 0xfb, 0xe4, 0xa1, 0xff, 0xfd, 0x21, 0xa5, 0x7c, 0xfa, 0x44, 0xba, 0x0d, 0x96, 0x3d, 0xc4, 0x5c, 0x39, 0x52, 0x87, 0xd7, 0x22, 0x0f, 0x52, 0x88, 0x91, 0x87, 0x96, 0xac, 0xfa, 0x3b, 0xdf, 0xdc, 0x83, 0x8c, 0x99, 0x29, - /* (2^ 40)P */ 0x98, 0x6b, 0x3a, 0x8d, 0x83, 0x17, 0xe1, 0x62, 0xd8, 0x80, 0x4c, 0x97, 0xce, 0x6b, 0xaa, 0x10, 0xa7, 0xc4, 0xe9, 0xeb, 0xa5, 0xfb, 0xc9, 0xdd, 0x2d, 0xeb, 0xfc, 0x9a, 0x71, 0xcd, 0x68, 0x6e, 0xc0, 0x35, 0x64, 0x62, 0x1b, 0x95, 0x12, 0xe8, 0x53, 0xec, 0xf0, 0xf4, 0x86, 0x86, 0x78, 0x18, 0xc4, 0xc6, 0xbc, 0x5a, 0x59, 0x8f, 0x7c, 0x7e, - /* (2^ 41)P */ 0x7f, 0xd7, 0x1e, 0xc5, 0x83, 0xdc, 0x1f, 0xbe, 0x0b, 0xcf, 0x2e, 0x01, 0x01, 0xed, 0xac, 0x17, 0x3b, 0xed, 0xa4, 0x30, 0x96, 0x0e, 0x14, 0x7e, 0x19, 0x2b, 0xa5, 0x67, 0x1e, 0xb3, 0x34, 0x03, 0xa8, 0xbb, 0x0a, 0x7d, 0x08, 0x2d, 0xd5, 0x53, 0x19, 0x6f, 0x13, 0xd5, 0xc0, 0x90, 0x8a, 0xcc, 0xc9, 0x5c, 0xab, 0x24, 0xd7, 0x03, 0xf6, 0x57, - /* (2^ 42)P */ 0x49, 0xcb, 0xb4, 0x96, 0x5f, 0xa6, 0xf8, 0x71, 0x6f, 0x59, 0xad, 0x05, 0x24, 0x2d, 0xaf, 0x67, 0xa8, 0xbe, 0x95, 0xdf, 0x0d, 0x28, 0x5a, 0x7f, 0x6e, 0x87, 0x8c, 0x6e, 0x67, 0x0c, 0xf4, 0xe0, 0x1c, 0x30, 0xc2, 0x66, 0xae, 0x20, 0xa1, 0x34, 0xec, 0x9c, 0xbc, 0xae, 0x3d, 0xa1, 0x28, 0x28, 0x95, 0x1d, 0xc9, 0x3a, 0xa8, 0xfd, 0xfc, 0xa1, - /* (2^ 43)P */ 0xe2, 0x2b, 0x9d, 0xed, 0x02, 0x99, 0x67, 0xbb, 0x2e, 0x16, 0x62, 0x05, 0x70, 0xc7, 0x27, 0xb9, 0x1c, 0x3f, 0xf2, 0x11, 0x01, 0xd8, 0x51, 0xa4, 0x18, 0x92, 0xa9, 0x5d, 0xfb, 0xa9, 0xe4, 0x42, 0xba, 0x38, 0x34, 0x1a, 0x4a, 0xc5, 0x6a, 0x37, 0xde, 0xa7, 0x0c, 0xb4, 0x7e, 0x7f, 0xde, 0xa6, 0xee, 0xcd, 0x55, 0x57, 0x05, 0x06, 0xfd, 0x5d, - /* (2^ 44)P */ 0x2f, 0x32, 0xcf, 0x2e, 0x2c, 0x7b, 0xbe, 0x9a, 0x0c, 0x57, 0x35, 0xf8, 0x87, 0xda, 0x9c, 0xec, 0x48, 0xf2, 0xbb, 0xe2, 0xda, 0x10, 0x58, 0x20, 0xc6, 0xd3, 0x87, 0xe9, 0xc7, 0x26, 0xd1, 0x9a, 0x46, 0x87, 0x90, 0xda, 0xdc, 0xde, 0xc3, 0xb3, 0xf2, 0xe8, 0x6f, 0x4a, 0xe6, 0xe8, 0x9d, 0x98, 0x36, 0x20, 0x03, 0x47, 0x15, 0x3f, 0x64, 0x59, - /* (2^ 45)P */ 0xd4, 0x71, 0x49, 0x0a, 0x67, 0x97, 0xaa, 0x3f, 0xf4, 0x1b, 0x3a, 0x6e, 0x5e, 0x17, 0xcc, 0x0a, 0x8f, 0x81, 0x6a, 0x41, 0x38, 0x77, 0x40, 0x8a, 0x11, 0x42, 0x62, 0xd2, 0x50, 0x32, 0x79, 0x78, 0x28, 0xc2, 0x2e, 0x10, 0x01, 0x94, 0x30, 0x4f, 0x7f, 0x18, 0x17, 0x56, 0x85, 0x4e, 0xad, 0xf7, 0xcb, 0x87, 0x3c, 0x3f, 0x50, 0x2c, 0xc0, 0xba, - /* (2^ 46)P */ 0xbc, 0x30, 0x8e, 0x65, 0x8e, 0x57, 0x5b, 0x38, 0x7a, 0xd4, 0x95, 0x52, 0x7a, 0x32, 0x59, 0x69, 0xcd, 0x9d, 0x47, 0x34, 0x5b, 0x55, 0xa5, 0x24, 0x60, 0xdd, 0xc0, 0xc1, 0x62, 0x73, 0x44, 0xae, 0x4c, 0x9c, 0x65, 0x55, 0x1b, 0x9d, 0x8a, 0x29, 0xb0, 0x1a, 0x52, 0xa8, 0xf1, 0xe6, 0x9a, 0xb3, 0xf6, 0xa3, 0xc9, 0x0a, 0x70, 0x7d, 0x0f, 0xee, - /* (2^ 47)P */ 0x77, 0xd3, 0xe5, 0x8e, 0xfa, 0x00, 0xeb, 0x1b, 0x7f, 0xdc, 0x68, 0x3f, 0x92, 0xbd, 0xb7, 0x0b, 0xb7, 0xb5, 0x24, 0xdf, 0xc5, 0x67, 0x53, 0xd4, 0x36, 0x79, 0xc4, 0x7b, 0x57, 0xbc, 0x99, 0x97, 0x60, 0xef, 0xe4, 0x01, 0xa1, 0xa7, 0xaa, 0x12, 0x36, 0x29, 0xb1, 0x03, 0xc2, 0x83, 0x1c, 0x2b, 0x83, 0xef, 0x2e, 0x2c, 0x23, 0x92, 0xfd, 0xd1, - /* (2^ 48)P */ 0x94, 0xef, 0x03, 0x59, 0xfa, 0x8a, 0x18, 0x76, 0xee, 0x58, 0x08, 0x4d, 0x44, 0xce, 0xf1, 0x52, 0x33, 0x49, 0xf6, 0x69, 0x71, 0xe3, 0xa9, 0xbc, 0x86, 0xe3, 0x43, 0xde, 0x33, 0x7b, 0x90, 0x8b, 0x3e, 0x7d, 0xd5, 0x4a, 0xf0, 0x23, 0x99, 0xa6, 0xea, 0x5f, 0x08, 0xe5, 0xb9, 0x49, 0x8b, 0x0d, 0x6a, 0x21, 0xab, 0x07, 0x62, 0xcd, 0xc4, 0xbe, - /* (2^ 49)P */ 0x61, 0xbf, 0x70, 0x14, 0xfa, 0x4e, 0x9e, 0x7c, 0x0c, 0xf8, 0xb2, 0x48, 0x71, 0x62, 0x83, 0xd6, 0xd1, 0xdc, 0x9c, 0x29, 0x66, 0xb1, 0x34, 0x9c, 0x8d, 0xe6, 0x88, 0xaf, 0xbe, 0xdc, 0x4d, 0xeb, 0xb0, 0xe7, 0x28, 0xae, 0xb2, 0x05, 0x56, 0xc6, 0x0e, 0x10, 0x26, 0xab, 0x2c, 0x59, 0x72, 0x03, 0x66, 0xfe, 0x8f, 0x2c, 0x51, 0x2d, 0xdc, 0xae, - /* (2^ 50)P */ 0xdc, 0x63, 0xf1, 0x8b, 0x5c, 0x65, 0x0b, 0xf1, 0xa6, 0x22, 0xe2, 0xd9, 0xdb, 0x49, 0xb1, 0x3c, 0x47, 0xc2, 0xfe, 0xac, 0x86, 0x07, 0x52, 0xec, 0xb0, 0x08, 0x69, 0xfb, 0xd1, 0x06, 0xdc, 0x48, 0x5c, 0x3d, 0xb2, 0x4d, 0xb8, 0x1a, 0x4e, 0xda, 0xb9, 0xc1, 0x2b, 0xab, 0x4b, 0x62, 0x81, 0x21, 0x9a, 0xfc, 0x3d, 0x39, 0x83, 0x11, 0x36, 0xeb, - /* (2^ 51)P */ 0x94, 0xf3, 0x17, 0xef, 0xf9, 0x60, 0x54, 0xc3, 0xd7, 0x27, 0x35, 0xc5, 0x98, 0x5e, 0xf6, 0x63, 0x6c, 0xa0, 0x4a, 0xd3, 0xa3, 0x98, 0xd9, 0x42, 0xe3, 0xf1, 0xf8, 0x81, 0x96, 0xa9, 0xea, 0x6d, 0x4b, 0x8e, 0x33, 0xca, 0x94, 0x0d, 0xa0, 0xf7, 0xbb, 0x64, 0xa3, 0x36, 0x6f, 0xdc, 0x5a, 0x94, 0x42, 0xca, 0x06, 0xb2, 0x2b, 0x9a, 0x9f, 0x71, - /* (2^ 52)P */ 0xec, 0xdb, 0xa6, 0x1f, 0xdf, 0x15, 0x36, 0xa3, 0xda, 0x8a, 0x7a, 0xb6, 0xa7, 0xe3, 0xaf, 0x52, 0xe0, 0x8d, 0xe8, 0xf2, 0x44, 0x20, 0xeb, 0xa1, 0x20, 0xc4, 0x65, 0x3c, 0x7c, 0x6c, 0x49, 0xed, 0x2f, 0x66, 0x23, 0x68, 0x61, 0x91, 0x40, 0x9f, 0x50, 0x19, 0xd1, 0x84, 0xa7, 0xe2, 0xed, 0x34, 0x37, 0xe3, 0xe4, 0x11, 0x7f, 0x87, 0x55, 0x0f, - /* (2^ 53)P */ 0xb3, 0xa1, 0x0f, 0xb0, 0x48, 0xc0, 0x4d, 0x96, 0xa7, 0xcf, 0x5a, 0x81, 0xb8, 0x4a, 0x46, 0xef, 0x0a, 0xd3, 0x40, 0x7e, 0x02, 0xe3, 0x63, 0xaa, 0x50, 0xd1, 0x2a, 0x37, 0x22, 0x4a, 0x7f, 0x4f, 0xb6, 0xf9, 0x01, 0x82, 0x78, 0x3d, 0x93, 0x14, 0x11, 0x8a, 0x90, 0x60, 0xcd, 0x45, 0x4e, 0x7b, 0x42, 0xb9, 0x3e, 0x6e, 0x68, 0x1f, 0x36, 0x41, - /* (2^ 54)P */ 0x13, 0x73, 0x0e, 0x4f, 0x79, 0x93, 0x9e, 0x29, 0x70, 0x7b, 0x4a, 0x59, 0x1a, 0x9a, 0xf4, 0x55, 0x08, 0xf0, 0xdb, 0x17, 0x58, 0xec, 0x64, 0xad, 0x7f, 0x29, 0xeb, 0x3f, 0x85, 0x4e, 0x60, 0x28, 0x98, 0x1f, 0x73, 0x4e, 0xe6, 0xa8, 0xab, 0xd5, 0xd6, 0xfc, 0xa1, 0x36, 0x6d, 0x15, 0xc6, 0x13, 0x83, 0xa0, 0xc2, 0x6e, 0xd9, 0xdb, 0xc9, 0xcc, - /* (2^ 55)P */ 0xff, 0xd8, 0x52, 0xa3, 0xdc, 0x99, 0xcf, 0x3e, 0x19, 0xb3, 0x68, 0xd0, 0xb5, 0x0d, 0xb8, 0xee, 0x3f, 0xef, 0x6e, 0xc0, 0x38, 0x28, 0x44, 0x92, 0x78, 0x91, 0x1a, 0x08, 0x78, 0x6c, 0x65, 0x24, 0xf3, 0xa2, 0x3d, 0xf2, 0xe5, 0x79, 0x62, 0x69, 0x29, 0xf4, 0x22, 0xc5, 0xdb, 0x6a, 0xae, 0xf4, 0x44, 0xa3, 0x6f, 0xc7, 0x86, 0xab, 0xef, 0xef, - /* (2^ 56)P */ 0xbf, 0x54, 0x9a, 0x09, 0x5d, 0x17, 0xd0, 0xde, 0xfb, 0xf5, 0xca, 0xff, 0x13, 0x20, 0x88, 0x82, 0x3a, 0xe2, 0xd0, 0x3b, 0xfb, 0x05, 0x76, 0xd1, 0xc0, 0x02, 0x71, 0x3b, 0x94, 0xe8, 0xc9, 0x84, 0xcf, 0xa4, 0xe9, 0x28, 0x7b, 0xf5, 0x09, 0xc3, 0x2b, 0x22, 0x40, 0xf1, 0x68, 0x24, 0x24, 0x7d, 0x9f, 0x6e, 0xcd, 0xfe, 0xb0, 0x19, 0x61, 0xf5, - /* (2^ 57)P */ 0xe8, 0x63, 0x51, 0xb3, 0x95, 0x6b, 0x7b, 0x74, 0x92, 0x52, 0x45, 0xa4, 0xed, 0xea, 0x0e, 0x0d, 0x2b, 0x01, 0x1e, 0x2c, 0xbc, 0x91, 0x06, 0x69, 0xdb, 0x1f, 0xb5, 0x77, 0x1d, 0x56, 0xf5, 0xb4, 0x02, 0x80, 0x49, 0x56, 0x12, 0xce, 0x86, 0x05, 0xc9, 0xd9, 0xae, 0xf3, 0x6d, 0xe6, 0x3f, 0x40, 0x52, 0xe9, 0x49, 0x2b, 0x31, 0x06, 0x86, 0x14, - /* (2^ 58)P */ 0xf5, 0x09, 0x3b, 0xd2, 0xff, 0xdf, 0x11, 0xa5, 0x1c, 0x99, 0xe8, 0x1b, 0xa4, 0x2c, 0x7d, 0x8e, 0xc8, 0xf7, 0x03, 0x46, 0xfa, 0xb6, 0xde, 0x73, 0x91, 0x7e, 0x5a, 0x7a, 0xd7, 0x9a, 0x5b, 0x80, 0x24, 0x62, 0x5e, 0x92, 0xf1, 0xa3, 0x45, 0xa3, 0x43, 0x92, 0x8a, 0x2a, 0x5b, 0x0c, 0xb4, 0xc8, 0xad, 0x1c, 0xb6, 0x6c, 0x5e, 0x81, 0x18, 0x91, - /* (2^ 59)P */ 0x96, 0xb3, 0xca, 0x2b, 0xe3, 0x7a, 0x59, 0x72, 0x17, 0x74, 0x29, 0x21, 0xe7, 0x78, 0x07, 0xad, 0xda, 0xb6, 0xcd, 0xf9, 0x27, 0x4d, 0xc8, 0xf2, 0x98, 0x22, 0xca, 0xf2, 0x33, 0x74, 0x7a, 0xdd, 0x1e, 0x71, 0xec, 0xe3, 0x3f, 0xe2, 0xa2, 0xd2, 0x38, 0x75, 0xb0, 0xd0, 0x0a, 0xcf, 0x7d, 0x36, 0xdc, 0x49, 0x38, 0x25, 0x34, 0x4f, 0x20, 0x9a, - /* (2^ 60)P */ 0x2b, 0x6e, 0x04, 0x0d, 0x4f, 0x3d, 0x3b, 0x24, 0xf6, 0x4e, 0x5e, 0x0a, 0xbd, 0x48, 0x96, 0xba, 0x81, 0x8f, 0x39, 0x82, 0x13, 0xe6, 0x72, 0xf3, 0x0f, 0xb6, 0x94, 0xf4, 0xc5, 0x90, 0x74, 0x91, 0xa8, 0xf2, 0xc9, 0xca, 0x9a, 0x4d, 0x98, 0xf2, 0xdf, 0x52, 0x4e, 0x97, 0x2f, 0xeb, 0x84, 0xd3, 0xaf, 0xc2, 0xcc, 0xfb, 0x4c, 0x26, 0x4b, 0xe4, - /* (2^ 61)P */ 0x12, 0x9e, 0xfb, 0x9d, 0x78, 0x79, 0x99, 0xdd, 0xb3, 0x0b, 0x2e, 0x56, 0x41, 0x8e, 0x3f, 0x39, 0xb8, 0x97, 0x89, 0x53, 0x9b, 0x8a, 0x3c, 0x40, 0x9d, 0xa4, 0x6c, 0x2e, 0x31, 0x71, 0xc6, 0x0a, 0x41, 0xd4, 0x95, 0x06, 0x5e, 0xc1, 0xab, 0xc2, 0x14, 0xc4, 0xc7, 0x15, 0x08, 0x3a, 0xad, 0x7a, 0xb4, 0x62, 0xa3, 0x0c, 0x90, 0xf4, 0x47, 0x08, - /* (2^ 62)P */ 0x7f, 0xec, 0x09, 0x82, 0xf5, 0x94, 0x09, 0x93, 0x32, 0xd3, 0xdc, 0x56, 0x80, 0x7b, 0x5b, 0x22, 0x80, 0x6a, 0x96, 0x72, 0xb1, 0xc2, 0xd9, 0xa1, 0x8b, 0x66, 0x42, 0x16, 0xe2, 0x07, 0xb3, 0x2d, 0xf1, 0x75, 0x35, 0x72, 0xc7, 0x98, 0xbe, 0x63, 0x3b, 0x20, 0x75, 0x05, 0xc1, 0x3e, 0x31, 0x5a, 0xf7, 0xaa, 0xae, 0x4b, 0xdb, 0x1d, 0xd0, 0x74, - /* (2^ 63)P */ 0x36, 0x5c, 0x74, 0xe6, 0x5d, 0x59, 0x3f, 0x15, 0x4b, 0x4d, 0x4e, 0x67, 0x41, 0xfe, 0x98, 0x1f, 0x49, 0x76, 0x91, 0x0f, 0x9b, 0xf4, 0xaf, 0x86, 0xaf, 0x66, 0x19, 0xed, 0x46, 0xf1, 0x05, 0x9a, 0xcc, 0xd1, 0x14, 0x1f, 0x82, 0x12, 0x8e, 0xe6, 0xf4, 0xc3, 0x42, 0x5c, 0x4e, 0x33, 0x93, 0xbe, 0x30, 0xe7, 0x64, 0xa9, 0x35, 0x00, 0x4d, 0xf9, - /* (2^ 64)P */ 0x1f, 0xc1, 0x1e, 0xb7, 0xe3, 0x7c, 0xfa, 0xa3, 0x6b, 0x76, 0xaf, 0x9c, 0x05, 0x85, 0x4a, 0xa9, 0xfb, 0xe3, 0x7e, 0xf2, 0x49, 0x56, 0xdc, 0x2f, 0x57, 0x10, 0xba, 0x37, 0xb2, 0x62, 0xf5, 0x6b, 0xe5, 0x8f, 0x0a, 0x87, 0xd1, 0x6a, 0xcb, 0x9d, 0x07, 0xd0, 0xf6, 0x38, 0x99, 0x2c, 0x61, 0x4a, 0x4e, 0xd8, 0xd2, 0x88, 0x29, 0x99, 0x11, 0x95, - /* (2^ 65)P */ 0x6f, 0xdc, 0xd5, 0xd6, 0xd6, 0xa7, 0x4c, 0x46, 0x93, 0x65, 0x62, 0x23, 0x95, 0x32, 0x9c, 0xde, 0x40, 0x41, 0x68, 0x2c, 0x18, 0x4e, 0x5a, 0x8c, 0xc0, 0xc5, 0xc5, 0xea, 0x5c, 0x45, 0x0f, 0x60, 0x78, 0x39, 0xb6, 0x36, 0x23, 0x12, 0xbc, 0x21, 0x9a, 0xf8, 0x91, 0xac, 0xc4, 0x70, 0xdf, 0x85, 0x8e, 0x3c, 0xec, 0x22, 0x04, 0x98, 0xa8, 0xaa, - /* (2^ 66)P */ 0xcc, 0x52, 0x10, 0x5b, 0x4b, 0x6c, 0xc5, 0xfa, 0x3e, 0xd4, 0xf8, 0x1c, 0x04, 0x14, 0x48, 0x33, 0xd9, 0xfc, 0x5f, 0xb0, 0xa5, 0x48, 0x8c, 0x45, 0x8a, 0xee, 0x3e, 0xa7, 0xc1, 0x2e, 0x34, 0xca, 0xf6, 0xc9, 0xeb, 0x10, 0xbb, 0xe1, 0x59, 0x84, 0x25, 0xe8, 0x81, 0x70, 0xc0, 0x09, 0x42, 0xa7, 0x3b, 0x0d, 0x33, 0x00, 0xb5, 0x77, 0xbe, 0x25, - /* (2^ 67)P */ 0xcd, 0x1f, 0xbc, 0x7d, 0xef, 0xe5, 0xca, 0x91, 0xaf, 0xa9, 0x59, 0x6a, 0x09, 0xca, 0xd6, 0x1b, 0x3d, 0x55, 0xde, 0xa2, 0x6a, 0x80, 0xd6, 0x95, 0x47, 0xe4, 0x5f, 0x68, 0x54, 0x08, 0xdf, 0x29, 0xba, 0x2a, 0x02, 0x84, 0xe8, 0xe9, 0x00, 0x77, 0x99, 0x36, 0x03, 0xf6, 0x4a, 0x3e, 0x21, 0x81, 0x7d, 0xb8, 0xa4, 0x8a, 0xa2, 0x05, 0xef, 0xbc, - /* (2^ 68)P */ 0x7c, 0x59, 0x5f, 0x66, 0xd9, 0xb7, 0x83, 0x43, 0x8a, 0xa1, 0x8d, 0x51, 0x70, 0xba, 0xf2, 0x9b, 0x95, 0xc0, 0x4b, 0x4c, 0xa0, 0x14, 0xd3, 0xa4, 0x5d, 0x4a, 0x37, 0x36, 0x97, 0x31, 0x1e, 0x12, 0xe7, 0xbb, 0x08, 0x67, 0xa5, 0x23, 0xd7, 0xfb, 0x97, 0xd8, 0x6a, 0x03, 0xb1, 0xf8, 0x7f, 0xda, 0x58, 0xd9, 0x3f, 0x73, 0x4a, 0x53, 0xe1, 0x7b, - /* (2^ 69)P */ 0x55, 0x83, 0x98, 0x78, 0x6c, 0x56, 0x5e, 0xed, 0xf7, 0x23, 0x3e, 0x4c, 0x7d, 0x09, 0x2d, 0x09, 0x9c, 0x58, 0x8b, 0x32, 0xca, 0xfe, 0xbf, 0x47, 0x03, 0xeb, 0x4d, 0xe7, 0xeb, 0x9c, 0x83, 0x05, 0x68, 0xaa, 0x80, 0x89, 0x44, 0xf9, 0xd4, 0xdc, 0xdb, 0xb1, 0xdb, 0x77, 0xac, 0xf9, 0x2a, 0xae, 0x35, 0xac, 0x74, 0xb5, 0x95, 0x62, 0x18, 0x85, - /* (2^ 70)P */ 0xab, 0x82, 0x7e, 0x10, 0xd7, 0xe6, 0x57, 0xd1, 0x66, 0x12, 0x31, 0x9c, 0x9c, 0xa6, 0x27, 0x59, 0x71, 0x2e, 0xeb, 0xa0, 0x68, 0xc5, 0x87, 0x51, 0xf4, 0xca, 0x3f, 0x98, 0x56, 0xb0, 0x89, 0xb1, 0xc7, 0x7b, 0x46, 0xb3, 0xae, 0x36, 0xf2, 0xee, 0x15, 0x1a, 0x60, 0xf4, 0x50, 0x76, 0x4f, 0xc4, 0x53, 0x0d, 0x36, 0x4d, 0x31, 0xb1, 0x20, 0x51, - /* (2^ 71)P */ 0xf7, 0x1d, 0x8c, 0x1b, 0x5e, 0xe5, 0x02, 0x6f, 0xc5, 0xa5, 0xe0, 0x5f, 0xc6, 0xb6, 0x63, 0x43, 0xaf, 0x3c, 0x19, 0x6c, 0xf4, 0xaf, 0xa4, 0x33, 0xb1, 0x0a, 0x37, 0x3d, 0xd9, 0x4d, 0xe2, 0x29, 0x24, 0x26, 0x94, 0x7c, 0x02, 0xe4, 0xe2, 0xf2, 0xbe, 0xbd, 0xac, 0x1b, 0x48, 0xb8, 0xdd, 0xe9, 0x0d, 0x9a, 0x50, 0x1a, 0x98, 0x71, 0x6e, 0xdc, - /* (2^ 72)P */ 0x9f, 0x40, 0xb1, 0xb3, 0x66, 0x28, 0x6c, 0xfe, 0xa6, 0x7d, 0xf8, 0x3e, 0xb8, 0xf3, 0xde, 0x52, 0x76, 0x52, 0xa3, 0x92, 0x98, 0x23, 0xab, 0x4f, 0x88, 0x97, 0xfc, 0x22, 0xe1, 0x6b, 0x67, 0xcd, 0x13, 0x95, 0xda, 0x65, 0xdd, 0x3b, 0x67, 0x3f, 0x5f, 0x4c, 0xf2, 0x8a, 0xad, 0x98, 0xa7, 0x94, 0x24, 0x45, 0x87, 0x11, 0x7c, 0x75, 0x79, 0x85, - /* (2^ 73)P */ 0x70, 0xbf, 0xf9, 0x3b, 0xa9, 0x44, 0x57, 0x72, 0x96, 0xc9, 0xa4, 0x98, 0x65, 0xbf, 0x87, 0xb3, 0x3a, 0x39, 0x12, 0xde, 0xe5, 0x39, 0x01, 0x4f, 0xf7, 0xc0, 0x71, 0x52, 0x36, 0x85, 0xb3, 0x18, 0xf8, 0x14, 0xc0, 0x6d, 0xae, 0x9e, 0x4f, 0xb0, 0x72, 0x87, 0xac, 0x5c, 0xd1, 0x6c, 0x41, 0x6c, 0x90, 0x9d, 0x22, 0x81, 0xe4, 0x2b, 0xea, 0xe5, - /* (2^ 74)P */ 0xfc, 0xea, 0x1a, 0x65, 0xd9, 0x49, 0x6a, 0x39, 0xb5, 0x96, 0x72, 0x7b, 0x32, 0xf1, 0xd0, 0xe9, 0x45, 0xd9, 0x31, 0x55, 0xc7, 0x34, 0xe9, 0x5a, 0xec, 0x73, 0x0b, 0x03, 0xc4, 0xb3, 0xe6, 0xc9, 0x5e, 0x0a, 0x17, 0xfe, 0x53, 0x66, 0x7f, 0x21, 0x18, 0x74, 0x54, 0x1b, 0xc9, 0x49, 0x16, 0xd2, 0x48, 0xaf, 0x5b, 0x47, 0x7b, 0xeb, 0xaa, 0xc9, - /* (2^ 75)P */ 0x47, 0x04, 0xf5, 0x5a, 0x87, 0x77, 0x9e, 0x21, 0x34, 0x4e, 0x83, 0x88, 0xaf, 0x02, 0x1d, 0xb0, 0x5a, 0x1d, 0x1d, 0x7d, 0x8d, 0x2c, 0xd3, 0x8d, 0x63, 0xa9, 0x45, 0xfb, 0x15, 0x6d, 0x86, 0x45, 0xcd, 0x38, 0x0e, 0xf7, 0x37, 0x79, 0xed, 0x6d, 0x5a, 0xbc, 0x32, 0xcc, 0x66, 0xf1, 0x3a, 0xb2, 0x87, 0x6f, 0x70, 0x71, 0xd9, 0xf2, 0xfa, 0x7b, - /* (2^ 76)P */ 0x68, 0x07, 0xdc, 0x61, 0x40, 0xe4, 0xec, 0x32, 0xc8, 0xbe, 0x66, 0x30, 0x54, 0x80, 0xfd, 0x13, 0x7a, 0xef, 0xae, 0xed, 0x2e, 0x00, 0x6d, 0x3f, 0xbd, 0xfc, 0x91, 0x24, 0x53, 0x7f, 0x63, 0x9d, 0x2e, 0xe3, 0x76, 0xe0, 0xf3, 0xe1, 0x8f, 0x7a, 0xc4, 0x77, 0x0c, 0x91, 0xc0, 0xc2, 0x18, 0x6b, 0x04, 0xad, 0xb6, 0x70, 0x9a, 0x64, 0xc5, 0x82, - /* (2^ 77)P */ 0x7f, 0xea, 0x13, 0xd8, 0x9e, 0xfc, 0x5b, 0x06, 0xb5, 0x4f, 0xda, 0x38, 0xe0, 0x9c, 0xd2, 0x3a, 0xc1, 0x1c, 0x62, 0x70, 0x7f, 0xc6, 0x24, 0x0a, 0x47, 0x04, 0x01, 0xc4, 0x55, 0x09, 0xd1, 0x7a, 0x07, 0xba, 0xa3, 0x80, 0x4f, 0xc1, 0x65, 0x36, 0x6d, 0xc0, 0x10, 0xcf, 0x94, 0xa9, 0xa2, 0x01, 0x44, 0xd1, 0xf9, 0x1c, 0x4c, 0xfb, 0xf8, 0x99, - /* (2^ 78)P */ 0x6c, 0xb9, 0x6b, 0xee, 0x43, 0x5b, 0xb9, 0xbb, 0xee, 0x2e, 0x52, 0xc1, 0xc6, 0xb9, 0x61, 0xd2, 0x93, 0xa5, 0xaf, 0x52, 0xf4, 0xa4, 0x1a, 0x51, 0x61, 0xa7, 0xcb, 0x9e, 0xbb, 0x56, 0x65, 0xe2, 0xbf, 0x75, 0xb9, 0x9c, 0x50, 0x96, 0x60, 0x81, 0x74, 0x47, 0xc0, 0x04, 0x88, 0x71, 0x76, 0x39, 0x9a, 0xa7, 0xb1, 0x4e, 0x43, 0x15, 0xe0, 0xbb, - /* (2^ 79)P */ 0xbb, 0xce, 0xe2, 0xbb, 0xf9, 0x17, 0x0f, 0x82, 0x40, 0xad, 0x73, 0xe3, 0xeb, 0x3b, 0x06, 0x1a, 0xcf, 0x8e, 0x6e, 0x28, 0xb8, 0x26, 0xd9, 0x5b, 0xb7, 0xb3, 0xcf, 0xb4, 0x6a, 0x1c, 0xbf, 0x7f, 0xb8, 0xb5, 0x79, 0xcf, 0x45, 0x68, 0x7d, 0xc5, 0xeb, 0xf3, 0xbe, 0x39, 0x40, 0xfc, 0x07, 0x90, 0x7a, 0x62, 0xad, 0x86, 0x08, 0x71, 0x25, 0xe1, - /* (2^ 80)P */ 0x9b, 0x46, 0xac, 0xef, 0xc1, 0x4e, 0xa1, 0x97, 0x95, 0x76, 0xf9, 0x1b, 0xc2, 0xb2, 0x6a, 0x41, 0xea, 0x80, 0x3d, 0xe9, 0x08, 0x52, 0x5a, 0xe3, 0xf2, 0x08, 0xc5, 0xea, 0x39, 0x3f, 0x44, 0x71, 0x4d, 0xea, 0x0d, 0x05, 0x23, 0xe4, 0x2e, 0x3c, 0x89, 0xfe, 0x12, 0x8a, 0x95, 0x42, 0x0a, 0x68, 0xea, 0x5a, 0x28, 0x06, 0x9e, 0xe3, 0x5f, 0xe0, - /* (2^ 81)P */ 0x00, 0x61, 0x6c, 0x98, 0x9b, 0xe7, 0xb9, 0x06, 0x1c, 0xc5, 0x1b, 0xed, 0xbe, 0xc8, 0xb3, 0xea, 0x87, 0xf0, 0xc4, 0x24, 0x7d, 0xbb, 0x5d, 0xa4, 0x1d, 0x7a, 0x16, 0x00, 0x55, 0x94, 0x67, 0x78, 0xbd, 0x58, 0x02, 0x82, 0x90, 0x53, 0x76, 0xd4, 0x72, 0x99, 0x51, 0x6f, 0x7b, 0xcf, 0x80, 0x30, 0x31, 0x3b, 0x01, 0xc7, 0xc1, 0xef, 0xe6, 0x42, - /* (2^ 82)P */ 0xe2, 0x35, 0xaf, 0x4b, 0x79, 0xc6, 0x12, 0x24, 0x99, 0xc0, 0x68, 0xb0, 0x43, 0x3e, 0xe5, 0xef, 0xe2, 0x29, 0xea, 0xb8, 0xb3, 0xbc, 0x6a, 0x53, 0x2c, 0x69, 0x18, 0x5a, 0xf9, 0x15, 0xae, 0x66, 0x58, 0x18, 0xd3, 0x2d, 0x4b, 0x00, 0xfd, 0x84, 0xab, 0x4f, 0xae, 0x70, 0x6b, 0x9e, 0x9a, 0xdf, 0x83, 0xfd, 0x2e, 0x3c, 0xcf, 0xf8, 0x88, 0x5b, - /* (2^ 83)P */ 0xa4, 0x90, 0x31, 0x85, 0x13, 0xcd, 0xdf, 0x64, 0xc9, 0xa1, 0x0b, 0xe7, 0xb6, 0x73, 0x8a, 0x1b, 0x22, 0x78, 0x4c, 0xd4, 0xae, 0x48, 0x18, 0x00, 0x00, 0xa8, 0x9f, 0x06, 0xf9, 0xfb, 0x2d, 0xc3, 0xb1, 0x2a, 0xbc, 0x13, 0x99, 0x57, 0xaf, 0xf0, 0x8d, 0x61, 0x54, 0x29, 0xd5, 0xf2, 0x72, 0x00, 0x96, 0xd1, 0x85, 0x12, 0x8a, 0xf0, 0x23, 0xfb, - /* (2^ 84)P */ 0x69, 0xc7, 0xdb, 0xd9, 0x92, 0x75, 0x08, 0x9b, 0xeb, 0xa5, 0x93, 0xd1, 0x1a, 0xf4, 0xf5, 0xaf, 0xe6, 0xc4, 0x4a, 0x0d, 0x35, 0x26, 0x39, 0x9d, 0xd3, 0x17, 0x3e, 0xae, 0x2d, 0xbf, 0x73, 0x9f, 0xb7, 0x74, 0x91, 0xd1, 0xd8, 0x5c, 0x14, 0xf9, 0x75, 0xdf, 0xeb, 0xc2, 0x22, 0xd8, 0x14, 0x8d, 0x86, 0x23, 0x4d, 0xd1, 0x2d, 0xdb, 0x6b, 0x42, - /* (2^ 85)P */ 0x8c, 0xda, 0xc6, 0xf8, 0x71, 0xba, 0x2b, 0x06, 0x78, 0xae, 0xcc, 0x3a, 0xe3, 0xe3, 0xa1, 0x8b, 0xe2, 0x34, 0x6d, 0x28, 0x9e, 0x46, 0x13, 0x4d, 0x9e, 0xa6, 0x73, 0x49, 0x65, 0x79, 0x88, 0xb9, 0x3a, 0xd1, 0x6d, 0x2f, 0x48, 0x2b, 0x0a, 0x7f, 0x58, 0x20, 0x37, 0xf4, 0x0e, 0xbb, 0x4a, 0x95, 0x58, 0x0c, 0x88, 0x30, 0xc4, 0x74, 0xdd, 0xfd, - /* (2^ 86)P */ 0x6d, 0x13, 0x4e, 0x89, 0x2d, 0xa9, 0xa3, 0xed, 0x09, 0xe3, 0x0e, 0x71, 0x3e, 0x4a, 0xab, 0x90, 0xde, 0x03, 0xeb, 0x56, 0x46, 0x60, 0x06, 0xf5, 0x71, 0xe5, 0xee, 0x9b, 0xef, 0xff, 0xc4, 0x2c, 0x9f, 0x37, 0x48, 0x45, 0x94, 0x12, 0x41, 0x81, 0x15, 0x70, 0x91, 0x99, 0x5e, 0x56, 0x6b, 0xf4, 0xa6, 0xc9, 0xf5, 0x69, 0x9d, 0x78, 0x37, 0x57, - /* (2^ 87)P */ 0xf3, 0x51, 0x57, 0x7e, 0x43, 0x6f, 0xc6, 0x67, 0x59, 0x0c, 0xcf, 0x94, 0xe6, 0x3d, 0xb5, 0x07, 0xc9, 0x77, 0x48, 0xc9, 0x68, 0x0d, 0x98, 0x36, 0x62, 0x35, 0x38, 0x1c, 0xf5, 0xc5, 0xec, 0x66, 0x78, 0xfe, 0x47, 0xab, 0x26, 0xd6, 0x44, 0xb6, 0x06, 0x0f, 0x89, 0xe3, 0x19, 0x40, 0x1a, 0xe7, 0xd8, 0x65, 0x55, 0xf7, 0x1a, 0xfc, 0xa3, 0x0e, - /* (2^ 88)P */ 0x0e, 0x30, 0xa6, 0xb7, 0x58, 0x60, 0x62, 0x2a, 0x6c, 0x13, 0xa8, 0x14, 0x9b, 0xb8, 0xf2, 0x70, 0xd8, 0xb1, 0x71, 0x88, 0x8c, 0x18, 0x31, 0x25, 0x93, 0x90, 0xb4, 0xc7, 0x49, 0xd8, 0xd4, 0xdb, 0x1e, 0x1e, 0x7f, 0xaa, 0xba, 0xc9, 0xf2, 0x5d, 0xa9, 0x3a, 0x43, 0xb4, 0x5c, 0xee, 0x7b, 0xc7, 0x97, 0xb7, 0x66, 0xd7, 0x23, 0xd9, 0x22, 0x59, - /* (2^ 89)P */ 0x28, 0x19, 0xa6, 0xf9, 0x89, 0x20, 0x78, 0xd4, 0x6d, 0xcb, 0x79, 0x8f, 0x61, 0x6f, 0xb2, 0x5c, 0x4f, 0xa6, 0x54, 0x84, 0x95, 0x24, 0x36, 0x64, 0xcb, 0x39, 0xe7, 0x8f, 0x97, 0x9c, 0x5c, 0x3c, 0xfb, 0x51, 0x11, 0x01, 0x17, 0xdb, 0xc9, 0x9b, 0x51, 0x03, 0x9a, 0xe9, 0xe5, 0x24, 0x1e, 0xf5, 0xda, 0xe0, 0x48, 0x02, 0x23, 0xd0, 0x2c, 0x81, - /* (2^ 90)P */ 0x42, 0x1b, 0xe4, 0x91, 0x85, 0x2a, 0x0c, 0xd2, 0x28, 0x66, 0x57, 0x9e, 0x33, 0x8d, 0x25, 0x71, 0x10, 0x65, 0x76, 0xa2, 0x8c, 0x21, 0x86, 0x81, 0x15, 0xc2, 0x27, 0xeb, 0x54, 0x2d, 0x4f, 0x6c, 0xe6, 0xd6, 0x24, 0x9c, 0x1a, 0x12, 0xb8, 0x81, 0xe2, 0x0a, 0xf3, 0xd3, 0xf0, 0xd3, 0xe1, 0x74, 0x1f, 0x9b, 0x11, 0x47, 0xd0, 0xcf, 0xb6, 0x54, - /* (2^ 91)P */ 0x26, 0x45, 0xa2, 0x10, 0xd4, 0x2d, 0xae, 0xc0, 0xb0, 0xe8, 0x86, 0xb3, 0xc7, 0xea, 0x70, 0x87, 0x61, 0xb5, 0xa5, 0x55, 0xbe, 0x88, 0x1d, 0x7a, 0xd9, 0x6f, 0xeb, 0x83, 0xe2, 0x44, 0x7f, 0x98, 0x04, 0xd6, 0x50, 0x9d, 0xa7, 0x86, 0x66, 0x09, 0x63, 0xe1, 0xed, 0x72, 0xb1, 0xe4, 0x1d, 0x3a, 0xfd, 0x47, 0xce, 0x1c, 0xaa, 0x3b, 0x8f, 0x1b, - /* (2^ 92)P */ 0xf4, 0x3c, 0x4a, 0xb6, 0xc2, 0x9c, 0xe0, 0x2e, 0xb7, 0x38, 0xea, 0x61, 0x35, 0x97, 0x10, 0x90, 0xae, 0x22, 0x48, 0xb3, 0xa9, 0xc6, 0x7a, 0xbb, 0x23, 0xf2, 0xf8, 0x1b, 0xa7, 0xa1, 0x79, 0xcc, 0xc4, 0xf8, 0x08, 0x76, 0x8a, 0x5a, 0x1c, 0x1b, 0xc5, 0x33, 0x91, 0xa9, 0xb8, 0xb9, 0xd3, 0xf8, 0x49, 0xcd, 0xe5, 0x82, 0x43, 0xf7, 0xca, 0x68, - /* (2^ 93)P */ 0x38, 0xba, 0xae, 0x44, 0xfe, 0x57, 0x64, 0x56, 0x7c, 0x0e, 0x9c, 0xca, 0xff, 0xa9, 0x82, 0xbb, 0x38, 0x4a, 0xa7, 0xf7, 0x47, 0xab, 0xbe, 0x6d, 0x23, 0x0b, 0x8a, 0xed, 0xc2, 0xb9, 0x8f, 0xf1, 0xec, 0x91, 0x44, 0x73, 0x64, 0xba, 0xd5, 0x8f, 0x37, 0x38, 0x0d, 0xd5, 0xf8, 0x73, 0x57, 0xb6, 0xc2, 0x45, 0xdc, 0x25, 0xb2, 0xb6, 0xea, 0xd9, - /* (2^ 94)P */ 0xbf, 0xe9, 0x1a, 0x40, 0x4d, 0xcc, 0xe6, 0x1d, 0x70, 0x1a, 0x65, 0xcc, 0x34, 0x2c, 0x37, 0x2c, 0x2d, 0x6b, 0x6d, 0xe5, 0x2f, 0x19, 0x9e, 0xe4, 0xe1, 0xaa, 0xd4, 0xab, 0x54, 0xf4, 0xa8, 0xe4, 0x69, 0x2d, 0x8e, 0x4d, 0xd7, 0xac, 0xb0, 0x5b, 0xfe, 0xe3, 0x26, 0x07, 0xc3, 0xf8, 0x1b, 0x43, 0xa8, 0x1d, 0x64, 0xa5, 0x25, 0x88, 0xbb, 0x77, - /* (2^ 95)P */ 0x92, 0xcd, 0x6e, 0xa0, 0x79, 0x04, 0x18, 0xf4, 0x11, 0x58, 0x48, 0xb5, 0x3c, 0x7b, 0xd1, 0xcc, 0xd3, 0x14, 0x2c, 0xa0, 0xdd, 0x04, 0x44, 0x11, 0xb3, 0x6d, 0x2f, 0x0d, 0xf5, 0x2a, 0x75, 0x5d, 0x1d, 0xda, 0x86, 0x8d, 0x7d, 0x6b, 0x32, 0x68, 0xb6, 0x6c, 0x64, 0x9e, 0xde, 0x80, 0x88, 0xce, 0x08, 0xbf, 0x0b, 0xe5, 0x8e, 0x4f, 0x1d, 0xfb, - /* (2^ 96)P */ 0xaf, 0xe8, 0x85, 0xbf, 0x7f, 0x37, 0x8d, 0x66, 0x7c, 0xd5, 0xd3, 0x96, 0xa5, 0x81, 0x67, 0x95, 0xff, 0x48, 0xde, 0xde, 0xd7, 0x7a, 0x46, 0x34, 0xb1, 0x13, 0x70, 0x29, 0xed, 0x87, 0x90, 0xb0, 0x40, 0x2c, 0xa6, 0x43, 0x6e, 0xb6, 0xbc, 0x48, 0x8a, 0xc1, 0xae, 0xb8, 0xd4, 0xe2, 0xc0, 0x32, 0xb2, 0xa6, 0x2a, 0x8f, 0xb5, 0x16, 0x9e, 0xc3, - /* (2^ 97)P */ 0xff, 0x4d, 0xd2, 0xd6, 0x74, 0xef, 0x2c, 0x96, 0xc1, 0x11, 0xa8, 0xb8, 0xfe, 0x94, 0x87, 0x3e, 0xa0, 0xfb, 0x57, 0xa3, 0xfc, 0x7a, 0x7e, 0x6a, 0x59, 0x6c, 0x54, 0xbb, 0xbb, 0xa2, 0x25, 0x38, 0x1b, 0xdf, 0x5d, 0x7b, 0x94, 0x14, 0xde, 0x07, 0x6e, 0xd3, 0xab, 0x02, 0x26, 0x74, 0x16, 0x12, 0xdf, 0x2e, 0x2a, 0xa7, 0xb0, 0xe8, 0x29, 0xc0, - /* (2^ 98)P */ 0x6a, 0x38, 0x0b, 0xd3, 0xba, 0x45, 0x23, 0xe0, 0x04, 0x3b, 0x83, 0x39, 0xc5, 0x11, 0xe6, 0xcf, 0x39, 0x0a, 0xb3, 0xb0, 0x3b, 0x27, 0x29, 0x63, 0x1c, 0xf3, 0x00, 0xe6, 0xd2, 0x55, 0x21, 0x1f, 0x84, 0x97, 0x9f, 0x01, 0x49, 0x43, 0x30, 0x5f, 0xe0, 0x1d, 0x24, 0xc4, 0x4e, 0xa0, 0x2b, 0x0b, 0x12, 0x55, 0xc3, 0x27, 0xae, 0x08, 0x83, 0x7c, - /* (2^ 99)P */ 0x5d, 0x1a, 0xb7, 0xa9, 0xf5, 0xfd, 0xec, 0xad, 0xb7, 0x87, 0x02, 0x5f, 0x0d, 0x30, 0x4d, 0xe2, 0x65, 0x87, 0xa4, 0x41, 0x45, 0x1d, 0x67, 0xe0, 0x30, 0x5c, 0x13, 0x87, 0xf6, 0x2e, 0x08, 0xc1, 0xc7, 0x12, 0x45, 0xc8, 0x9b, 0xad, 0xb8, 0xd5, 0x57, 0xbb, 0x5c, 0x48, 0x3a, 0xe1, 0x91, 0x5e, 0xf6, 0x4d, 0x8a, 0x63, 0x75, 0x69, 0x0c, 0x01, - /* (2^100)P */ 0x8f, 0x53, 0x2d, 0xa0, 0x71, 0x3d, 0xfc, 0x45, 0x10, 0x96, 0xcf, 0x56, 0xf9, 0xbb, 0x40, 0x3c, 0x86, 0x52, 0x76, 0xbe, 0x84, 0xf9, 0xa6, 0x9d, 0x3d, 0x27, 0xbe, 0xb4, 0x00, 0x49, 0x94, 0xf5, 0x5d, 0xe1, 0x62, 0x85, 0x66, 0xe5, 0xb8, 0x20, 0x2c, 0x09, 0x7d, 0x9d, 0x3d, 0x6e, 0x74, 0x39, 0xab, 0xad, 0xa0, 0x90, 0x97, 0x5f, 0xbb, 0xa7, - /* (2^101)P */ 0xdb, 0x2d, 0x99, 0x08, 0x16, 0x46, 0x83, 0x7a, 0xa8, 0xea, 0x3d, 0x28, 0x5b, 0x49, 0xfc, 0xb9, 0x6d, 0x00, 0x9e, 0x54, 0x4f, 0x47, 0x64, 0x9b, 0x58, 0x4d, 0x07, 0x0c, 0x6f, 0x29, 0x56, 0x0b, 0x00, 0x14, 0x85, 0x96, 0x41, 0x04, 0xb9, 0x5c, 0xa4, 0xf6, 0x16, 0x73, 0x6a, 0xc7, 0x62, 0x0c, 0x65, 0x2f, 0x93, 0xbf, 0xf7, 0xb9, 0xb7, 0xf1, - /* (2^102)P */ 0xeb, 0x6d, 0xb3, 0x46, 0x32, 0xd2, 0xcb, 0x08, 0x94, 0x14, 0xbf, 0x3f, 0xc5, 0xcb, 0x5f, 0x9f, 0x8a, 0x89, 0x0c, 0x1b, 0x45, 0xad, 0x4c, 0x50, 0xb4, 0xe1, 0xa0, 0x6b, 0x11, 0x92, 0xaf, 0x1f, 0x00, 0xcc, 0xe5, 0x13, 0x7e, 0xe4, 0x2e, 0xa0, 0x57, 0xf3, 0xa7, 0x84, 0x79, 0x7a, 0xc2, 0xb7, 0xb7, 0xfc, 0x5d, 0xa5, 0xa9, 0x64, 0xcc, 0xd8, - /* (2^103)P */ 0xa9, 0xc4, 0x12, 0x8b, 0x34, 0x78, 0x3e, 0x38, 0xfd, 0x3f, 0x87, 0xfa, 0x88, 0x94, 0xd5, 0xd9, 0x7f, 0xeb, 0x58, 0xff, 0xb9, 0x45, 0xdb, 0xa1, 0xed, 0x22, 0x28, 0x1d, 0x00, 0x6d, 0x79, 0x85, 0x7a, 0x75, 0x5d, 0xf0, 0xb1, 0x9e, 0x47, 0x28, 0x8c, 0x62, 0xdf, 0xfb, 0x4c, 0x7b, 0xc5, 0x1a, 0x42, 0x95, 0xef, 0x9a, 0xb7, 0x27, 0x7e, 0xda, - /* (2^104)P */ 0xca, 0xd5, 0xc0, 0x17, 0xa1, 0x66, 0x79, 0x9c, 0x2a, 0xb7, 0x0a, 0xfe, 0x62, 0xe4, 0x26, 0x78, 0x90, 0xa7, 0xcb, 0xb0, 0x4f, 0x6d, 0xf9, 0x8f, 0xf7, 0x7d, 0xac, 0xb8, 0x78, 0x1f, 0x41, 0xea, 0x97, 0x1e, 0x62, 0x97, 0x43, 0x80, 0x58, 0x80, 0xb6, 0x69, 0x7d, 0xee, 0x16, 0xd2, 0xa1, 0x81, 0xd7, 0xb1, 0x27, 0x03, 0x48, 0xda, 0xab, 0xec, - /* (2^105)P */ 0x5b, 0xed, 0x40, 0x8e, 0x8c, 0xc1, 0x66, 0x90, 0x7f, 0x0c, 0xb2, 0xfc, 0xbd, 0x16, 0xac, 0x7d, 0x4c, 0x6a, 0xf9, 0xae, 0xe7, 0x4e, 0x11, 0x12, 0xe9, 0xbe, 0x17, 0x09, 0xc6, 0xc1, 0x5e, 0xb5, 0x7b, 0x50, 0x5c, 0x27, 0xfb, 0x80, 0xab, 0x01, 0xfa, 0x5b, 0x9b, 0x75, 0x16, 0x6e, 0xb2, 0x5c, 0x8c, 0x2f, 0xa5, 0x6a, 0x1a, 0x68, 0xa6, 0x90, - /* (2^106)P */ 0x75, 0xfe, 0xb6, 0x96, 0x96, 0x87, 0x4c, 0x12, 0xa9, 0xd1, 0xd8, 0x03, 0xa3, 0xc1, 0x15, 0x96, 0xe8, 0xa0, 0x75, 0x82, 0xa0, 0x6d, 0xea, 0x54, 0xdc, 0x5f, 0x0d, 0x7e, 0xf6, 0x70, 0xb5, 0xdc, 0x7a, 0xf6, 0xc4, 0xd4, 0x21, 0x49, 0xf5, 0xd4, 0x14, 0x6d, 0x48, 0x1d, 0x7c, 0x99, 0x42, 0xdf, 0x78, 0x6b, 0x9d, 0xb9, 0x30, 0x3c, 0xd0, 0x29, - /* (2^107)P */ 0x85, 0xd6, 0xd8, 0xf3, 0x91, 0x74, 0xdd, 0xbd, 0x72, 0x96, 0x10, 0xe4, 0x76, 0x02, 0x5a, 0x72, 0x67, 0xd3, 0x17, 0x72, 0x14, 0x9a, 0x20, 0x5b, 0x0f, 0x8d, 0xed, 0x6d, 0x4e, 0xe3, 0xd9, 0x82, 0xc2, 0x99, 0xee, 0x39, 0x61, 0x69, 0x8a, 0x24, 0x01, 0x92, 0x15, 0xe7, 0xfc, 0xf9, 0x4d, 0xac, 0xf1, 0x30, 0x49, 0x01, 0x0b, 0x6e, 0x0f, 0x20, - /* (2^108)P */ 0xd8, 0x25, 0x94, 0x5e, 0x43, 0x29, 0xf5, 0xcc, 0xe8, 0xe3, 0x55, 0x41, 0x3c, 0x9f, 0x58, 0x5b, 0x00, 0xeb, 0xc5, 0xdf, 0xcf, 0xfb, 0xfd, 0x6e, 0x92, 0xec, 0x99, 0x30, 0xd6, 0x05, 0xdd, 0x80, 0x7a, 0x5d, 0x6d, 0x16, 0x85, 0xd8, 0x9d, 0x43, 0x65, 0xd8, 0x2c, 0x33, 0x2f, 0x5c, 0x41, 0xea, 0xb7, 0x95, 0x77, 0xf2, 0x9e, 0x59, 0x09, 0xe8, - /* (2^109)P */ 0x00, 0xa0, 0x03, 0x80, 0xcd, 0x60, 0xe5, 0x17, 0xd4, 0x15, 0x99, 0xdd, 0x4f, 0xbf, 0x66, 0xb8, 0xc0, 0xf5, 0xf9, 0xfc, 0x6d, 0x42, 0x18, 0x34, 0x1c, 0x7d, 0x5b, 0xb5, 0x09, 0xd0, 0x99, 0x57, 0x81, 0x0b, 0x62, 0xb3, 0xa2, 0xf9, 0x0b, 0xae, 0x95, 0xb8, 0xc2, 0x3b, 0x0d, 0x5b, 0x00, 0xf1, 0xed, 0xbc, 0x05, 0x9d, 0x61, 0xbc, 0x73, 0x9d, - /* (2^110)P */ 0xd4, 0xdb, 0x29, 0xe5, 0x85, 0xe9, 0xc6, 0x89, 0x2a, 0xa8, 0x54, 0xab, 0xb3, 0x7f, 0x88, 0xc0, 0x4d, 0xe0, 0xd1, 0x74, 0x6e, 0xa3, 0xa7, 0x39, 0xd5, 0xcc, 0xa1, 0x8a, 0xcb, 0x5b, 0x34, 0xad, 0x92, 0xb4, 0xd8, 0xd5, 0x17, 0xf6, 0x77, 0x18, 0x9e, 0xaf, 0x45, 0x3b, 0x03, 0xe2, 0xf8, 0x52, 0x60, 0xdc, 0x15, 0x20, 0x9e, 0xdf, 0xd8, 0x5d, - /* (2^111)P */ 0x02, 0xc1, 0xac, 0x1a, 0x15, 0x8e, 0x6c, 0xf5, 0x1e, 0x1e, 0xba, 0x7e, 0xc2, 0xda, 0x7d, 0x02, 0xda, 0x43, 0xae, 0x04, 0x70, 0x28, 0x54, 0x78, 0x94, 0xf5, 0x4f, 0x07, 0x84, 0x8f, 0xed, 0xaa, 0xc0, 0xb8, 0xcd, 0x7f, 0x7e, 0x33, 0xa3, 0xbe, 0x21, 0x29, 0xc8, 0x56, 0x34, 0xc0, 0x76, 0x87, 0x8f, 0xc7, 0x73, 0x58, 0x90, 0x16, 0xfc, 0xd6, - /* (2^112)P */ 0xb8, 0x3f, 0xe1, 0xdf, 0x3a, 0x91, 0x25, 0x0c, 0xf6, 0x47, 0xa8, 0x89, 0xc4, 0xc6, 0x61, 0xec, 0x86, 0x2c, 0xfd, 0xbe, 0xa4, 0x6f, 0xc2, 0xd4, 0x46, 0x19, 0x70, 0x5d, 0x09, 0x02, 0x86, 0xd3, 0x4b, 0xe9, 0x16, 0x7b, 0xf0, 0x0d, 0x6c, 0xff, 0x91, 0x05, 0xbf, 0x55, 0xb4, 0x00, 0x8d, 0xe5, 0x6d, 0x68, 0x20, 0x90, 0x12, 0xb5, 0x5c, 0x32, - /* (2^113)P */ 0x80, 0x45, 0xc8, 0x51, 0x87, 0xba, 0x1c, 0x5c, 0xcf, 0x5f, 0x4b, 0x3c, 0x9e, 0x3b, 0x36, 0xd2, 0x26, 0xa2, 0x7f, 0xab, 0xb7, 0xbf, 0xda, 0x68, 0x23, 0x8f, 0xc3, 0xa0, 0xfd, 0xad, 0xf1, 0x56, 0x3b, 0xd0, 0x75, 0x2b, 0x44, 0x61, 0xd8, 0xf4, 0xf1, 0x05, 0x49, 0x53, 0x07, 0xee, 0x47, 0xef, 0xc0, 0x7c, 0x9d, 0xe4, 0x15, 0x88, 0xc5, 0x47, - /* (2^114)P */ 0x2d, 0xb5, 0x09, 0x80, 0xb9, 0xd3, 0xd8, 0xfe, 0x4c, 0xd2, 0xa6, 0x6e, 0xd3, 0x75, 0xcf, 0xb0, 0x99, 0xcb, 0x50, 0x8d, 0xe9, 0x67, 0x9b, 0x20, 0xe8, 0x57, 0xd8, 0x14, 0x85, 0x73, 0x6a, 0x74, 0xe0, 0x99, 0xf0, 0x6b, 0x6e, 0x59, 0x30, 0x31, 0x33, 0x96, 0x5f, 0xa1, 0x0c, 0x1b, 0xf4, 0xca, 0x09, 0xe1, 0x9b, 0xb5, 0xcf, 0x6d, 0x0b, 0xeb, - /* (2^115)P */ 0x1a, 0xde, 0x50, 0xa9, 0xac, 0x3e, 0x10, 0x43, 0x4f, 0x82, 0x4f, 0xc0, 0xfe, 0x3f, 0x33, 0xd2, 0x64, 0x86, 0x50, 0xa9, 0x51, 0x76, 0x5e, 0x50, 0x97, 0x6c, 0x73, 0x8d, 0x77, 0xa3, 0x75, 0x03, 0xbc, 0xc9, 0xfb, 0x50, 0xd9, 0x6d, 0x16, 0xad, 0x5d, 0x32, 0x3d, 0xac, 0x44, 0xdf, 0x51, 0xf7, 0x19, 0xd4, 0x0b, 0x57, 0x78, 0x0b, 0x81, 0x4e, - /* (2^116)P */ 0x32, 0x24, 0xf1, 0x6c, 0x55, 0x62, 0x1d, 0xb3, 0x1f, 0xda, 0xfa, 0x6a, 0x8f, 0x98, 0x01, 0x16, 0xde, 0x44, 0x50, 0x0d, 0x2e, 0x6c, 0x0b, 0xa2, 0xd3, 0x74, 0x0e, 0xa9, 0xbf, 0x8d, 0xa9, 0xc8, 0xc8, 0x2f, 0x62, 0xc1, 0x35, 0x5e, 0xfd, 0x3a, 0xb3, 0x83, 0x2d, 0xee, 0x4e, 0xfd, 0x5c, 0x5e, 0xad, 0x85, 0xa5, 0x10, 0xb5, 0x4f, 0x34, 0xa7, - /* (2^117)P */ 0xd1, 0x58, 0x6f, 0xe6, 0x54, 0x2c, 0xc2, 0xcd, 0xcf, 0x83, 0xdc, 0x88, 0x0c, 0xb9, 0xb4, 0x62, 0x18, 0x89, 0x65, 0x28, 0xe9, 0x72, 0x4b, 0x65, 0xcf, 0xd6, 0x90, 0x88, 0xd7, 0x76, 0x17, 0x4f, 0x74, 0x64, 0x1e, 0xcb, 0xd3, 0xf5, 0x4b, 0xaa, 0x2e, 0x4d, 0x2d, 0x7c, 0x13, 0x1f, 0xfd, 0xd9, 0x60, 0x83, 0x7e, 0xda, 0x64, 0x1c, 0xdc, 0x9f, - /* (2^118)P */ 0xad, 0xef, 0xac, 0x1b, 0xc1, 0x30, 0x5a, 0x15, 0xc9, 0x1f, 0xac, 0xf1, 0xca, 0x44, 0x95, 0x95, 0xea, 0xf2, 0x22, 0xe7, 0x8d, 0x25, 0xf0, 0xff, 0xd8, 0x71, 0xf7, 0xf8, 0x8f, 0x8f, 0xcd, 0xf4, 0x1e, 0xfe, 0x6c, 0x68, 0x04, 0xb8, 0x78, 0xa1, 0x5f, 0xa6, 0x5d, 0x5e, 0xf9, 0x8d, 0xea, 0x80, 0xcb, 0xf3, 0x17, 0xa6, 0x03, 0xc9, 0x38, 0xd5, - /* (2^119)P */ 0x79, 0x14, 0x31, 0xc3, 0x38, 0xe5, 0xaa, 0xbf, 0x17, 0xa3, 0x04, 0x4e, 0x80, 0x59, 0x9c, 0x9f, 0x19, 0x39, 0xe4, 0x2d, 0x23, 0x54, 0x4a, 0x7f, 0x3e, 0xf3, 0xd9, 0xc7, 0xba, 0x6c, 0x8f, 0x6b, 0xfa, 0x34, 0xb5, 0x23, 0x17, 0x1d, 0xff, 0x1d, 0xea, 0x1f, 0xd7, 0xba, 0x61, 0xb2, 0xe0, 0x38, 0x6a, 0xe9, 0xcf, 0x48, 0x5d, 0x6a, 0x10, 0x9c, - /* (2^120)P */ 0xc8, 0xbb, 0x13, 0x1c, 0x3f, 0x3c, 0x34, 0xfd, 0xac, 0x37, 0x52, 0x44, 0x25, 0xa8, 0xde, 0x1d, 0x63, 0xf4, 0x81, 0x9a, 0xbe, 0x0b, 0x74, 0x2e, 0xc8, 0x51, 0x16, 0xd3, 0xac, 0x4a, 0xaf, 0xe2, 0x5f, 0x3a, 0x89, 0x32, 0xd1, 0x9b, 0x7c, 0x90, 0x0d, 0xac, 0xdc, 0x8b, 0x73, 0x45, 0x45, 0x97, 0xb1, 0x90, 0x2c, 0x1b, 0x31, 0xca, 0xb1, 0x94, - /* (2^121)P */ 0x07, 0x28, 0xdd, 0x10, 0x14, 0xa5, 0x95, 0x7e, 0xf3, 0xe4, 0xd4, 0x14, 0xb4, 0x7e, 0x76, 0xdb, 0x42, 0xd6, 0x94, 0x3e, 0xeb, 0x44, 0x64, 0x88, 0x0d, 0xec, 0xc1, 0x21, 0xf0, 0x79, 0xe0, 0x83, 0x67, 0x55, 0x53, 0xc2, 0xf6, 0xc5, 0xc5, 0x89, 0x39, 0xe8, 0x42, 0xd0, 0x17, 0xbd, 0xff, 0x35, 0x59, 0x0e, 0xc3, 0x06, 0x86, 0xd4, 0x64, 0xcf, - /* (2^122)P */ 0x91, 0xa8, 0xdb, 0x57, 0x9b, 0xe2, 0x96, 0x31, 0x10, 0x6e, 0xd7, 0x9a, 0x97, 0xb3, 0xab, 0xb5, 0x15, 0x66, 0xbe, 0xcc, 0x6d, 0x9a, 0xac, 0x06, 0xb3, 0x0d, 0xaa, 0x4b, 0x9c, 0x96, 0x79, 0x6c, 0x34, 0xee, 0x9e, 0x53, 0x4d, 0x6e, 0xbd, 0x88, 0x02, 0xbf, 0x50, 0x54, 0x12, 0x5d, 0x01, 0x02, 0x46, 0xc6, 0x74, 0x02, 0x8c, 0x24, 0xae, 0xb1, - /* (2^123)P */ 0xf5, 0x22, 0xea, 0xac, 0x7d, 0x9c, 0x33, 0x8a, 0xa5, 0x36, 0x79, 0x6a, 0x4f, 0xa4, 0xdc, 0xa5, 0x73, 0x64, 0xc4, 0x6f, 0x43, 0x02, 0x3b, 0x94, 0x66, 0xd2, 0x4b, 0x4f, 0xf6, 0x45, 0x33, 0x5d, 0x10, 0x33, 0x18, 0x1e, 0xa3, 0xfc, 0xf7, 0xd2, 0xb8, 0xc8, 0xa7, 0xe0, 0x76, 0x8a, 0xcd, 0xff, 0x4f, 0x99, 0x34, 0x47, 0x84, 0x91, 0x96, 0x9f, - /* (2^124)P */ 0x8a, 0x48, 0x3b, 0x48, 0x4a, 0xbc, 0xac, 0xe2, 0x80, 0xd6, 0xd2, 0x35, 0xde, 0xd0, 0x56, 0x42, 0x33, 0xb3, 0x56, 0x5a, 0xcd, 0xb8, 0x3d, 0xb5, 0x25, 0xc1, 0xed, 0xff, 0x87, 0x0b, 0x79, 0xff, 0xf2, 0x62, 0xe1, 0x76, 0xc6, 0xa2, 0x0f, 0xa8, 0x9b, 0x0d, 0xcc, 0x3f, 0x3d, 0x35, 0x27, 0x8d, 0x0b, 0x74, 0xb0, 0xc3, 0x78, 0x8c, 0xcc, 0xc8, - /* (2^125)P */ 0xfc, 0x9a, 0x0c, 0xa8, 0x49, 0x42, 0xb8, 0xdf, 0xcf, 0xb3, 0x19, 0xa6, 0x64, 0x57, 0xfe, 0xe8, 0xf8, 0xa6, 0x4b, 0x86, 0xa1, 0xd5, 0x83, 0x7f, 0x14, 0x99, 0x18, 0x0c, 0x7d, 0x5b, 0xf7, 0x3d, 0xf9, 0x4b, 0x79, 0xb1, 0x86, 0x30, 0xb4, 0x5e, 0x6a, 0xe8, 0x9d, 0xfa, 0x8a, 0x41, 0xc4, 0x30, 0xfc, 0x56, 0x74, 0x14, 0x42, 0xc8, 0x96, 0x0e, - /* (2^126)P */ 0xdf, 0x66, 0xec, 0xbc, 0x44, 0xdb, 0x19, 0xce, 0xd4, 0xb5, 0x49, 0x40, 0x07, 0x49, 0xe0, 0x3a, 0x61, 0x10, 0xfb, 0x7d, 0xba, 0xb1, 0xe0, 0x28, 0x5b, 0x99, 0x59, 0x96, 0xa2, 0xee, 0xe0, 0x23, 0x37, 0x39, 0x1f, 0xe6, 0x57, 0x9f, 0xf8, 0xf8, 0xdc, 0x74, 0xf6, 0x8f, 0x4f, 0x5e, 0x51, 0xa4, 0x12, 0xac, 0xbe, 0xe4, 0xf3, 0xd1, 0xf0, 0x24, - /* (2^127)P */ 0x1e, 0x3e, 0x9a, 0x5f, 0xdf, 0x9f, 0xd6, 0x4e, 0x8a, 0x28, 0xc3, 0xcd, 0x96, 0x9d, 0x57, 0xc7, 0x61, 0x81, 0x90, 0xff, 0xae, 0xb1, 0x4f, 0xc2, 0x96, 0x8b, 0x1a, 0x18, 0xf4, 0x50, 0xcb, 0x31, 0xe1, 0x57, 0xf4, 0x90, 0xa8, 0xea, 0xac, 0xe7, 0x61, 0x98, 0xb6, 0x15, 0xc1, 0x7b, 0x29, 0xa4, 0xc3, 0x18, 0xef, 0xb9, 0xd8, 0xdf, 0xf6, 0xac, - /* (2^128)P */ 0xca, 0xa8, 0x6c, 0xf1, 0xb4, 0xca, 0xfe, 0x31, 0xee, 0x48, 0x38, 0x8b, 0x0e, 0xbb, 0x7a, 0x30, 0xaa, 0xf9, 0xee, 0x27, 0x53, 0x24, 0xdc, 0x2e, 0x15, 0xa6, 0x48, 0x8f, 0xa0, 0x7e, 0xf1, 0xdc, 0x93, 0x87, 0x39, 0xeb, 0x7f, 0x38, 0x92, 0x92, 0x4c, 0x29, 0xe9, 0x57, 0xd8, 0x59, 0xfc, 0xe9, 0x9c, 0x44, 0xc0, 0x65, 0xcf, 0xac, 0x4b, 0xdc, - /* (2^129)P */ 0xa3, 0xd0, 0x37, 0x8f, 0x86, 0x2f, 0xc6, 0x47, 0x55, 0x46, 0x65, 0x26, 0x4b, 0x91, 0xe2, 0x18, 0x5c, 0x4f, 0x23, 0xc1, 0x37, 0x29, 0xb9, 0xc1, 0x27, 0xc5, 0x3c, 0xbf, 0x7e, 0x23, 0xdb, 0x73, 0x99, 0xbd, 0x1b, 0xb2, 0x31, 0x68, 0x3a, 0xad, 0xb7, 0xb0, 0x10, 0xc5, 0xe5, 0x11, 0x51, 0xba, 0xa7, 0x60, 0x66, 0x54, 0xf0, 0x08, 0xd7, 0x69, - /* (2^130)P */ 0x89, 0x41, 0x79, 0xcc, 0xeb, 0x0a, 0xf5, 0x4b, 0xa3, 0x4c, 0xce, 0x52, 0xb0, 0xa7, 0xe4, 0x41, 0x75, 0x7d, 0x04, 0xbb, 0x09, 0x4c, 0x50, 0x9f, 0xdf, 0xea, 0x74, 0x61, 0x02, 0xad, 0xb4, 0x9d, 0xb7, 0x05, 0xb9, 0xea, 0xeb, 0x91, 0x35, 0xe7, 0x49, 0xea, 0xd3, 0x4f, 0x3c, 0x60, 0x21, 0x7a, 0xde, 0xc7, 0xe2, 0x5a, 0xee, 0x8e, 0x93, 0xc7, - /* (2^131)P */ 0x00, 0xe8, 0xed, 0xd0, 0xb3, 0x0d, 0xaf, 0xb2, 0xde, 0x2c, 0xf6, 0x00, 0xe2, 0xea, 0x6d, 0xf8, 0x0e, 0xd9, 0x67, 0x59, 0xa9, 0x50, 0xbb, 0x17, 0x8f, 0xff, 0xb1, 0x9f, 0x17, 0xb6, 0xf2, 0xb5, 0xba, 0x80, 0xf7, 0x0f, 0xba, 0xd5, 0x09, 0x43, 0xaa, 0x4e, 0x3a, 0x67, 0x6a, 0x89, 0x9b, 0x18, 0x65, 0x35, 0xf8, 0x3a, 0x49, 0x91, 0x30, 0x51, - /* (2^132)P */ 0x8d, 0x25, 0xe9, 0x0e, 0x7d, 0x50, 0x76, 0xe4, 0x58, 0x7e, 0xb9, 0x33, 0xe6, 0x65, 0x90, 0xc2, 0x50, 0x9d, 0x50, 0x2e, 0x11, 0xad, 0xd5, 0x43, 0x52, 0x32, 0x41, 0x4f, 0x7b, 0xb6, 0xa0, 0xec, 0x81, 0x75, 0x36, 0x7c, 0x77, 0x85, 0x59, 0x70, 0xe4, 0xf9, 0xef, 0x66, 0x8d, 0x35, 0xc8, 0x2a, 0x6e, 0x5b, 0xc6, 0x0d, 0x0b, 0x29, 0x60, 0x68, - /* (2^133)P */ 0xf8, 0xce, 0xb0, 0x3a, 0x56, 0x7d, 0x51, 0x9a, 0x25, 0x73, 0xea, 0xdd, 0xe4, 0xe0, 0x0e, 0xf0, 0x07, 0xc0, 0x31, 0x00, 0x73, 0x35, 0xd0, 0x39, 0xc4, 0x9b, 0xb7, 0x95, 0xe0, 0x62, 0x70, 0x36, 0x0b, 0xcb, 0xa0, 0x42, 0xde, 0x51, 0xcf, 0x41, 0xe0, 0xb8, 0xb4, 0xc0, 0xe5, 0x46, 0x99, 0x9f, 0x02, 0x7f, 0x14, 0x8c, 0xc1, 0x4e, 0xef, 0xe8, - /* (2^134)P */ 0x10, 0x01, 0x57, 0x0a, 0xbe, 0x8b, 0x18, 0xc8, 0xca, 0x00, 0x28, 0x77, 0x4a, 0x9a, 0xc7, 0x55, 0x2a, 0xcc, 0x0c, 0x7b, 0xb9, 0xe9, 0xc8, 0x97, 0x7c, 0x02, 0xe3, 0x09, 0x2f, 0x62, 0x30, 0xb8, 0x40, 0x09, 0x65, 0xe9, 0x55, 0x63, 0xb5, 0x07, 0xca, 0x9f, 0x00, 0xdf, 0x9d, 0x5c, 0xc7, 0xee, 0x57, 0xa5, 0x90, 0x15, 0x1e, 0x22, 0xa0, 0x12, - /* (2^135)P */ 0x71, 0x2d, 0xc9, 0xef, 0x27, 0xb9, 0xd8, 0x12, 0x43, 0x6b, 0xa8, 0xce, 0x3b, 0x6d, 0x6e, 0x91, 0x43, 0x23, 0xbc, 0x32, 0xb3, 0xbf, 0xe1, 0xc7, 0x39, 0xcf, 0x7c, 0x42, 0x4c, 0xb1, 0x30, 0xe2, 0xdd, 0x69, 0x06, 0xe5, 0xea, 0xf0, 0x2a, 0x16, 0x50, 0x71, 0xca, 0x92, 0xdf, 0xc1, 0xcc, 0xec, 0xe6, 0x54, 0x07, 0xf3, 0x18, 0x8d, 0xd8, 0x29, - /* (2^136)P */ 0x98, 0x51, 0x48, 0x8f, 0xfa, 0x2e, 0x5e, 0x67, 0xb0, 0xc6, 0x17, 0x12, 0xb6, 0x7d, 0xc9, 0xad, 0x81, 0x11, 0xad, 0x0c, 0x1c, 0x2d, 0x45, 0xdf, 0xac, 0x66, 0xbd, 0x08, 0x6f, 0x7c, 0xc7, 0x06, 0x6e, 0x19, 0x08, 0x39, 0x64, 0xd7, 0xe4, 0xd1, 0x11, 0x5f, 0x1c, 0xf4, 0x67, 0xc3, 0x88, 0x6a, 0xe6, 0x07, 0xa3, 0x83, 0xd7, 0xfd, 0x2a, 0xf9, - /* (2^137)P */ 0x87, 0xed, 0xeb, 0xd9, 0xdf, 0xff, 0x43, 0x8b, 0xaa, 0x20, 0x58, 0xb0, 0xb4, 0x6b, 0x14, 0xb8, 0x02, 0xc5, 0x40, 0x20, 0x22, 0xbb, 0xf7, 0xb4, 0xf3, 0x05, 0x1e, 0x4d, 0x94, 0xff, 0xe3, 0xc5, 0x22, 0x82, 0xfe, 0xaf, 0x90, 0x42, 0x98, 0x6b, 0x76, 0x8b, 0x3e, 0x89, 0x3f, 0x42, 0x2a, 0xa7, 0x26, 0x00, 0xda, 0x5c, 0xa2, 0x2b, 0xec, 0xdd, - /* (2^138)P */ 0x5c, 0x21, 0x16, 0x0d, 0x46, 0xb8, 0xd0, 0xa7, 0x88, 0xe7, 0x25, 0xcb, 0x3e, 0x50, 0x73, 0x61, 0xe7, 0xaf, 0x5a, 0x3f, 0x47, 0x8b, 0x3d, 0x97, 0x79, 0x2c, 0xe6, 0x6d, 0x95, 0x74, 0x65, 0x70, 0x36, 0xfd, 0xd1, 0x9e, 0x13, 0x18, 0x63, 0xb1, 0x2d, 0x0b, 0xb5, 0x36, 0x3e, 0xe7, 0x35, 0x42, 0x3b, 0xe6, 0x1f, 0x4d, 0x9d, 0x59, 0xa2, 0x43, - /* (2^139)P */ 0x8c, 0x0c, 0x7c, 0x24, 0x9e, 0xe0, 0xf8, 0x05, 0x1c, 0x9e, 0x1f, 0x31, 0xc0, 0x70, 0xb3, 0xfb, 0x4e, 0xf8, 0x0a, 0x57, 0xb7, 0x49, 0xb5, 0x73, 0xa1, 0x5f, 0x9b, 0x6a, 0x07, 0x6c, 0x87, 0x71, 0x87, 0xd4, 0xbe, 0x98, 0x1e, 0x98, 0xee, 0x52, 0xc1, 0x7b, 0x95, 0x0f, 0x28, 0x32, 0x36, 0x28, 0xd0, 0x3a, 0x0f, 0x7d, 0x2a, 0xa9, 0x62, 0xb9, - /* (2^140)P */ 0x97, 0xe6, 0x18, 0x77, 0xf9, 0x34, 0xac, 0xbc, 0xe0, 0x62, 0x9f, 0x42, 0xde, 0xbd, 0x2f, 0xf7, 0x1f, 0xb7, 0x14, 0x52, 0x8a, 0x79, 0xb2, 0x3f, 0xd2, 0x95, 0x71, 0x01, 0xe8, 0xaf, 0x8c, 0xa4, 0xa4, 0xa7, 0x27, 0xf3, 0x5c, 0xdf, 0x3e, 0x57, 0x7a, 0xf1, 0x76, 0x49, 0xe6, 0x42, 0x3f, 0x8f, 0x1e, 0x63, 0x4a, 0x65, 0xb5, 0x41, 0xf5, 0x02, - /* (2^141)P */ 0x72, 0x85, 0xc5, 0x0b, 0xe1, 0x47, 0x64, 0x02, 0xc5, 0x4d, 0x81, 0x69, 0xb2, 0xcf, 0x0f, 0x6c, 0xd4, 0x6d, 0xd0, 0xc7, 0xb4, 0x1c, 0xd0, 0x32, 0x59, 0x89, 0xe2, 0xe0, 0x96, 0x8b, 0x12, 0x98, 0xbf, 0x63, 0x7a, 0x4c, 0x76, 0x7e, 0x58, 0x17, 0x8f, 0x5b, 0x0a, 0x59, 0x65, 0x75, 0xbc, 0x61, 0x1f, 0xbe, 0xc5, 0x6e, 0x0a, 0x57, 0x52, 0x70, - /* (2^142)P */ 0x92, 0x1c, 0x77, 0xbb, 0x62, 0x02, 0x6c, 0x25, 0x9c, 0x66, 0x07, 0x83, 0xab, 0xcc, 0x80, 0x5d, 0xd2, 0x76, 0x0c, 0xa4, 0xc5, 0xb4, 0x8a, 0x68, 0x23, 0x31, 0x32, 0x29, 0x8a, 0x47, 0x92, 0x12, 0x80, 0xb3, 0xfa, 0x18, 0xe4, 0x8d, 0xc0, 0x4d, 0xfe, 0x97, 0x5f, 0x72, 0x41, 0xb5, 0x5c, 0x7a, 0xbd, 0xf0, 0xcf, 0x5e, 0x97, 0xaa, 0x64, 0x32, - /* (2^143)P */ 0x35, 0x3f, 0x75, 0xc1, 0x7a, 0x75, 0x7e, 0xa9, 0xc6, 0x0b, 0x4e, 0x32, 0x62, 0xec, 0xe3, 0x5c, 0xfb, 0x01, 0x43, 0xb6, 0xd4, 0x5b, 0x75, 0xd2, 0xee, 0x7f, 0x5d, 0x23, 0x2b, 0xb3, 0x54, 0x34, 0x4c, 0xd3, 0xb4, 0x32, 0x84, 0x81, 0xb5, 0x09, 0x76, 0x19, 0xda, 0x58, 0xda, 0x7c, 0xdb, 0x2e, 0xdd, 0x4c, 0x8e, 0xdd, 0x5d, 0x89, 0x10, 0x10, - /* (2^144)P */ 0x57, 0x25, 0x6a, 0x08, 0x37, 0x92, 0xa8, 0xdf, 0x24, 0xef, 0x8f, 0x33, 0x34, 0x52, 0xa4, 0x4c, 0xf0, 0x77, 0x9f, 0x69, 0x77, 0xd5, 0x8f, 0xd2, 0x9a, 0xb3, 0xb6, 0x1d, 0x2d, 0xa6, 0xf7, 0x1f, 0xda, 0xd7, 0xcb, 0x75, 0x11, 0xc3, 0x6b, 0xc0, 0x38, 0xb1, 0xd5, 0x2d, 0x96, 0x84, 0x16, 0xfa, 0x26, 0xb9, 0xcc, 0x3f, 0x16, 0x47, 0x23, 0x74, - /* (2^145)P */ 0x9b, 0x61, 0x2a, 0x1c, 0xdd, 0x39, 0xa5, 0xfa, 0x1c, 0x7d, 0x63, 0x50, 0xca, 0xe6, 0x9d, 0xfa, 0xb7, 0xc4, 0x4c, 0x6a, 0x97, 0x5f, 0x36, 0x4e, 0x47, 0xdd, 0x17, 0xf7, 0xf9, 0x19, 0xce, 0x75, 0x17, 0xad, 0xce, 0x2a, 0xf3, 0xfe, 0x27, 0x8f, 0x3e, 0x48, 0xc0, 0x60, 0x87, 0x24, 0x19, 0xae, 0x59, 0xe4, 0x5a, 0x00, 0x2a, 0xba, 0xa2, 0x1f, - /* (2^146)P */ 0x26, 0x88, 0x42, 0x60, 0x9f, 0x6e, 0x2c, 0x7c, 0x39, 0x0f, 0x47, 0x6a, 0x0e, 0x02, 0xbb, 0x4b, 0x34, 0x29, 0x55, 0x18, 0x36, 0xcf, 0x3b, 0x47, 0xf1, 0x2e, 0xfc, 0x6e, 0x94, 0xff, 0xe8, 0x6b, 0x06, 0xd2, 0xba, 0x77, 0x5e, 0x60, 0xd7, 0x19, 0xef, 0x02, 0x9d, 0x3a, 0xc2, 0xb7, 0xa9, 0xd8, 0x57, 0xee, 0x7e, 0x2b, 0xf2, 0x6d, 0x28, 0xda, - /* (2^147)P */ 0xdf, 0xd9, 0x92, 0x11, 0x98, 0x23, 0xe2, 0x45, 0x2f, 0x74, 0x70, 0xee, 0x0e, 0x55, 0x65, 0x79, 0x86, 0x38, 0x17, 0x92, 0x85, 0x87, 0x99, 0x50, 0xd9, 0x7c, 0xdb, 0xa1, 0x10, 0xec, 0x30, 0xb7, 0x40, 0xa3, 0x23, 0x9b, 0x0e, 0x27, 0x49, 0x29, 0x03, 0x94, 0xff, 0x53, 0xdc, 0xd7, 0xed, 0x49, 0xa9, 0x5a, 0x3b, 0xee, 0xd7, 0xc7, 0x65, 0xaf, - /* (2^148)P */ 0xa0, 0xbd, 0xbe, 0x03, 0xee, 0x0c, 0xbe, 0x32, 0x00, 0x7b, 0x52, 0xcb, 0x92, 0x29, 0xbf, 0xa0, 0xc6, 0xd9, 0xd2, 0xd6, 0x15, 0xe8, 0x3a, 0x75, 0x61, 0x65, 0x56, 0xae, 0xad, 0x3c, 0x2a, 0x64, 0x14, 0x3f, 0x8e, 0xc1, 0x2d, 0x0c, 0x8d, 0x20, 0xdb, 0x58, 0x4b, 0xe5, 0x40, 0x15, 0x4b, 0xdc, 0xa8, 0xbd, 0xef, 0x08, 0xa7, 0xd1, 0xf4, 0xb0, - /* (2^149)P */ 0xa9, 0x0f, 0x05, 0x94, 0x66, 0xac, 0x1f, 0x65, 0x3f, 0xe1, 0xb8, 0xe1, 0x34, 0x5e, 0x1d, 0x8f, 0xe3, 0x93, 0x03, 0x15, 0xff, 0xb6, 0x65, 0xb6, 0x6e, 0xc0, 0x2f, 0xd4, 0x2e, 0xb9, 0x2c, 0x13, 0x3c, 0x99, 0x1c, 0xb5, 0x87, 0xba, 0x79, 0xcb, 0xf0, 0x18, 0x06, 0x86, 0x04, 0x14, 0x25, 0x09, 0xcd, 0x1c, 0x14, 0xda, 0x35, 0xd0, 0x38, 0x3b, - /* (2^150)P */ 0x1b, 0x04, 0xa3, 0x27, 0xb4, 0xd3, 0x37, 0x48, 0x1e, 0x8f, 0x69, 0xd3, 0x5a, 0x2f, 0x20, 0x02, 0x36, 0xbe, 0x06, 0x7b, 0x6b, 0x6c, 0x12, 0x5b, 0x80, 0x74, 0x44, 0xe6, 0xf8, 0xf5, 0x95, 0x59, 0x29, 0xab, 0x51, 0x47, 0x83, 0x28, 0xe0, 0xad, 0xde, 0xaa, 0xd3, 0xb1, 0x1a, 0xcb, 0xa3, 0xcd, 0x8b, 0x6a, 0xb1, 0xa7, 0x0a, 0xd1, 0xf9, 0xbe, - /* (2^151)P */ 0xce, 0x2f, 0x85, 0xca, 0x74, 0x6d, 0x49, 0xb8, 0xce, 0x80, 0x44, 0xe0, 0xda, 0x5b, 0xcf, 0x2f, 0x79, 0x74, 0xfe, 0xb4, 0x2c, 0x99, 0x20, 0x6e, 0x09, 0x04, 0xfb, 0x6d, 0x57, 0x5b, 0x95, 0x0c, 0x45, 0xda, 0x4f, 0x7f, 0x63, 0xcc, 0x85, 0x5a, 0x67, 0x50, 0x68, 0x71, 0xb4, 0x67, 0xb1, 0x2e, 0xc1, 0x1c, 0xdc, 0xff, 0x2a, 0x7c, 0x10, 0x5e, - /* (2^152)P */ 0xa6, 0xde, 0xf3, 0xd4, 0x22, 0x30, 0x24, 0x9e, 0x0b, 0x30, 0x54, 0x59, 0x7e, 0xa2, 0xeb, 0x89, 0x54, 0x65, 0x3e, 0x40, 0xd1, 0xde, 0xe6, 0xee, 0x4d, 0xbf, 0x5e, 0x40, 0x1d, 0xee, 0x4f, 0x68, 0xd9, 0xa7, 0x2f, 0xb3, 0x64, 0xb3, 0xf5, 0xc8, 0xd3, 0xaa, 0x70, 0x70, 0x3d, 0xef, 0xd3, 0x95, 0x54, 0xdb, 0x3e, 0x94, 0x95, 0x92, 0x1f, 0x45, - /* (2^153)P */ 0x22, 0x80, 0x1d, 0x9d, 0x96, 0xa5, 0x78, 0x6f, 0xe0, 0x1e, 0x1b, 0x66, 0x42, 0xc8, 0xae, 0x9e, 0x46, 0x45, 0x08, 0x41, 0xdf, 0x80, 0xae, 0x6f, 0xdb, 0x15, 0x5a, 0x21, 0x31, 0x7a, 0xd0, 0xf2, 0x54, 0x15, 0x88, 0xd3, 0x0f, 0x7f, 0x14, 0x5a, 0x14, 0x97, 0xab, 0xf4, 0x58, 0x6a, 0x9f, 0xea, 0x74, 0xe5, 0x6b, 0x90, 0x59, 0x2b, 0x48, 0xd9, - /* (2^154)P */ 0x12, 0x24, 0x04, 0xf5, 0x50, 0xc2, 0x8c, 0xb0, 0x7c, 0x46, 0x98, 0xd5, 0x24, 0xad, 0xf6, 0x72, 0xdc, 0x82, 0x1a, 0x60, 0xc1, 0xeb, 0x48, 0xef, 0x7f, 0x6e, 0xe6, 0xcc, 0xdb, 0x7b, 0xae, 0xbe, 0x5e, 0x1e, 0x5c, 0xe6, 0x0a, 0x70, 0xdf, 0xa4, 0xa3, 0x85, 0x1b, 0x1b, 0x7f, 0x72, 0xb9, 0x96, 0x6f, 0xdc, 0x03, 0x76, 0x66, 0xfb, 0xa0, 0x33, - /* (2^155)P */ 0x37, 0x40, 0xbb, 0xbc, 0x68, 0x58, 0x86, 0xca, 0xbb, 0xa5, 0x24, 0x76, 0x3d, 0x48, 0xd1, 0xad, 0xb4, 0xa8, 0xcf, 0xc3, 0xb6, 0xa8, 0xba, 0x1a, 0x3a, 0xbe, 0x33, 0x75, 0x04, 0x5c, 0x13, 0x8c, 0x0d, 0x70, 0x8d, 0xa6, 0x4e, 0x2a, 0xeb, 0x17, 0x3c, 0x22, 0xdd, 0x3e, 0x96, 0x40, 0x11, 0x9e, 0x4e, 0xae, 0x3d, 0xf8, 0x91, 0xd7, 0x50, 0xc8, - /* (2^156)P */ 0xd8, 0xca, 0xde, 0x19, 0xcf, 0x00, 0xe4, 0x73, 0x18, 0x7f, 0x9b, 0x9f, 0xf4, 0x5b, 0x49, 0x49, 0x99, 0xdc, 0xa4, 0x46, 0x21, 0xb5, 0xd7, 0x3e, 0xb7, 0x47, 0x1b, 0xa9, 0x9f, 0x4c, 0x69, 0x7d, 0xec, 0x33, 0xd6, 0x1c, 0x51, 0x7f, 0x47, 0x74, 0x7a, 0x6c, 0xf3, 0xd2, 0x2e, 0xbf, 0xdf, 0x6c, 0x9e, 0x77, 0x3b, 0x34, 0xf6, 0x73, 0x80, 0xed, - /* (2^157)P */ 0x16, 0xfb, 0x16, 0xc3, 0xc2, 0x83, 0xe4, 0xf4, 0x03, 0x7f, 0x52, 0xb0, 0x67, 0x51, 0x7b, 0x24, 0x5a, 0x51, 0xd3, 0xb6, 0x4e, 0x59, 0x76, 0xcd, 0x08, 0x7b, 0x1d, 0x7a, 0x9c, 0x65, 0xae, 0xce, 0xaa, 0xd2, 0x1c, 0x85, 0x66, 0x68, 0x06, 0x15, 0xa8, 0x06, 0xe6, 0x16, 0x37, 0xf4, 0x49, 0x9e, 0x0f, 0x50, 0x37, 0xb1, 0xb2, 0x93, 0x70, 0x43, - /* (2^158)P */ 0x18, 0x3a, 0x16, 0xe5, 0x8d, 0xc8, 0x35, 0xd6, 0x7b, 0x09, 0xec, 0x61, 0x5f, 0x5c, 0x2a, 0x19, 0x96, 0x2e, 0xc3, 0xfd, 0xab, 0xe6, 0x23, 0xae, 0xab, 0xc5, 0xcb, 0xb9, 0x7b, 0x2d, 0x34, 0x51, 0xb9, 0x41, 0x9e, 0x7d, 0xca, 0xda, 0x25, 0x45, 0x14, 0xb0, 0xc7, 0x4d, 0x26, 0x2b, 0xfe, 0x43, 0xb0, 0x21, 0x5e, 0xfa, 0xdc, 0x7c, 0xf9, 0x5a, - /* (2^159)P */ 0x94, 0xad, 0x42, 0x17, 0xf5, 0xcd, 0x1c, 0x0d, 0xf6, 0x41, 0xd2, 0x55, 0xbb, 0x50, 0xf1, 0xc6, 0xbc, 0xa6, 0xc5, 0x3a, 0xfd, 0x9b, 0x75, 0x3e, 0xf6, 0x1a, 0xa7, 0xb2, 0x6e, 0x64, 0x12, 0xdc, 0x3c, 0xe5, 0xf6, 0xfc, 0x3b, 0xfa, 0x43, 0x81, 0xd4, 0xa5, 0xee, 0xf5, 0x9c, 0x47, 0x2f, 0xd0, 0x9c, 0xde, 0xa1, 0x48, 0x91, 0x9a, 0x34, 0xc1, - /* (2^160)P */ 0x37, 0x1b, 0xb3, 0x88, 0xc9, 0x98, 0x4e, 0xfb, 0x84, 0x4f, 0x2b, 0x0a, 0xb6, 0x8f, 0x35, 0x15, 0xcd, 0x61, 0x7a, 0x5f, 0x5c, 0xa0, 0xca, 0x23, 0xa0, 0x93, 0x1f, 0xcc, 0x3c, 0x39, 0x3a, 0x24, 0xa7, 0x49, 0xad, 0x8d, 0x59, 0xcc, 0x94, 0x5a, 0x16, 0xf5, 0x70, 0xe8, 0x52, 0x1e, 0xee, 0x20, 0x30, 0x17, 0x7e, 0xf0, 0x4c, 0x93, 0x06, 0x5a, - /* (2^161)P */ 0x81, 0xba, 0x3b, 0xd7, 0x3e, 0xb4, 0x32, 0x3a, 0x22, 0x39, 0x2a, 0xfc, 0x19, 0xd9, 0xd2, 0xf6, 0xc5, 0x79, 0x6c, 0x0e, 0xde, 0xda, 0x01, 0xff, 0x52, 0xfb, 0xb6, 0x95, 0x4e, 0x7a, 0x10, 0xb8, 0x06, 0x86, 0x3c, 0xcd, 0x56, 0xd6, 0x15, 0xbf, 0x6e, 0x3e, 0x4f, 0x35, 0x5e, 0xca, 0xbc, 0xa5, 0x95, 0xa2, 0xdf, 0x2d, 0x1d, 0xaf, 0x59, 0xf9, - /* (2^162)P */ 0x69, 0xe5, 0xe2, 0xfa, 0xc9, 0x7f, 0xdd, 0x09, 0xf5, 0x6b, 0x4e, 0x2e, 0xbe, 0xb4, 0xbf, 0x3e, 0xb2, 0xf2, 0x81, 0x30, 0xe1, 0x07, 0xa8, 0x0d, 0x2b, 0xd2, 0x5a, 0x55, 0xbe, 0x4b, 0x86, 0x5d, 0xb0, 0x5e, 0x7c, 0x8f, 0xc1, 0x3c, 0x81, 0x4c, 0xf7, 0x6d, 0x7d, 0xe6, 0x4f, 0x8a, 0x85, 0xc2, 0x2f, 0x28, 0xef, 0x8c, 0x69, 0xc2, 0xc2, 0x1a, - /* (2^163)P */ 0xd9, 0xe4, 0x0e, 0x1e, 0xc2, 0xf7, 0x2f, 0x9f, 0xa1, 0x40, 0xfe, 0x46, 0x16, 0xaf, 0x2e, 0xd1, 0xec, 0x15, 0x9b, 0x61, 0x92, 0xce, 0xfc, 0x10, 0x43, 0x1d, 0x00, 0xf6, 0xbe, 0x20, 0x80, 0x80, 0x6f, 0x3c, 0x16, 0x94, 0x59, 0xba, 0x03, 0x53, 0x6e, 0xb6, 0xdd, 0x25, 0x7b, 0x86, 0xbf, 0x96, 0xf4, 0x2f, 0xa1, 0x96, 0x8d, 0xf9, 0xb3, 0x29, - /* (2^164)P */ 0x3b, 0x04, 0x60, 0x6e, 0xce, 0xab, 0xd2, 0x63, 0x18, 0x53, 0x88, 0x16, 0x4a, 0x6a, 0xab, 0x72, 0x03, 0x68, 0xa5, 0xd4, 0x0d, 0xb2, 0x82, 0x81, 0x1f, 0x2b, 0x5c, 0x75, 0xe8, 0xd2, 0x1d, 0x7f, 0xe7, 0x1b, 0x35, 0x02, 0xde, 0xec, 0xbd, 0xcb, 0xc7, 0x01, 0xd3, 0x95, 0x61, 0xfe, 0xb2, 0x7a, 0x66, 0x09, 0x4c, 0x6d, 0xfd, 0x39, 0xf7, 0x52, - /* (2^165)P */ 0x42, 0xc1, 0x5f, 0xf8, 0x35, 0x52, 0xc1, 0xfe, 0xc5, 0x11, 0x80, 0x1c, 0x11, 0x46, 0x31, 0x11, 0xbe, 0xd0, 0xc4, 0xb6, 0x07, 0x13, 0x38, 0xa0, 0x8d, 0x65, 0xf0, 0x56, 0x9e, 0x16, 0xbf, 0x9d, 0xcd, 0x51, 0x34, 0xf9, 0x08, 0x48, 0x7b, 0x76, 0x0c, 0x7b, 0x30, 0x07, 0xa8, 0x76, 0xaf, 0xa3, 0x29, 0x38, 0xb0, 0x58, 0xde, 0x72, 0x4b, 0x45, - /* (2^166)P */ 0xd4, 0x16, 0xa7, 0xc0, 0xb4, 0x9f, 0xdf, 0x1a, 0x37, 0xc8, 0x35, 0xed, 0xc5, 0x85, 0x74, 0x64, 0x09, 0x22, 0xef, 0xe9, 0x0c, 0xaf, 0x12, 0x4c, 0x9e, 0xf8, 0x47, 0x56, 0xe0, 0x7f, 0x4e, 0x24, 0x6b, 0x0c, 0xe7, 0xad, 0xc6, 0x47, 0x1d, 0xa4, 0x0d, 0x86, 0x89, 0x65, 0xe8, 0x5f, 0x71, 0xc7, 0xe9, 0xcd, 0xec, 0x6c, 0x62, 0xc7, 0xe3, 0xb3, - /* (2^167)P */ 0xb5, 0xea, 0x86, 0xe3, 0x15, 0x18, 0x3f, 0x6d, 0x7b, 0x05, 0x95, 0x15, 0x53, 0x26, 0x1c, 0xeb, 0xbe, 0x7e, 0x16, 0x42, 0x4b, 0xa2, 0x3d, 0xdd, 0x0e, 0xff, 0xba, 0x67, 0xb5, 0xae, 0x7a, 0x17, 0xde, 0x23, 0xad, 0x14, 0xcc, 0xd7, 0xaf, 0x57, 0x01, 0xe0, 0xdd, 0x48, 0xdd, 0xd7, 0xe3, 0xdf, 0xe9, 0x2d, 0xda, 0x67, 0xa4, 0x9f, 0x29, 0x04, - /* (2^168)P */ 0x16, 0x53, 0xe6, 0x9c, 0x4e, 0xe5, 0x1e, 0x70, 0x81, 0x25, 0x02, 0x9b, 0x47, 0x6d, 0xd2, 0x08, 0x73, 0xbe, 0x0a, 0xf1, 0x7b, 0xeb, 0x24, 0xeb, 0x38, 0x23, 0x5c, 0xb6, 0x3e, 0xce, 0x1e, 0xe3, 0xbc, 0x82, 0x35, 0x1f, 0xaf, 0x3a, 0x3a, 0xe5, 0x4e, 0xc1, 0xca, 0xbf, 0x47, 0xb4, 0xbb, 0xbc, 0x5f, 0xea, 0xc6, 0xca, 0xf3, 0xa0, 0xa2, 0x73, - /* (2^169)P */ 0xef, 0xa4, 0x7a, 0x4e, 0xe4, 0xc7, 0xb6, 0x43, 0x2e, 0xa5, 0xe4, 0xa5, 0xba, 0x1e, 0xa5, 0xfe, 0x9e, 0xce, 0xa9, 0x80, 0x04, 0xcb, 0x4f, 0xd8, 0x74, 0x05, 0x48, 0xfa, 0x99, 0x11, 0x5d, 0x97, 0x3b, 0x07, 0x0d, 0xdd, 0xe6, 0xb1, 0x74, 0x87, 0x1a, 0xd3, 0x26, 0xb7, 0x8f, 0xe1, 0x63, 0x3d, 0xec, 0x53, 0x93, 0xb0, 0x81, 0x78, 0x34, 0xa4, - /* (2^170)P */ 0xe1, 0xe7, 0xd4, 0x58, 0x9d, 0x0e, 0x8b, 0x65, 0x66, 0x37, 0x16, 0x48, 0x6f, 0xaa, 0x42, 0x37, 0x77, 0xad, 0xb1, 0x56, 0x48, 0xdf, 0x65, 0x36, 0x30, 0xb8, 0x00, 0x12, 0xd8, 0x32, 0x28, 0x7f, 0xc1, 0x71, 0xeb, 0x93, 0x0f, 0x48, 0x04, 0xe1, 0x5a, 0x6a, 0x96, 0xc1, 0xca, 0x89, 0x6d, 0x1b, 0x82, 0x4c, 0x18, 0x6d, 0x55, 0x4b, 0xea, 0xfd, - /* (2^171)P */ 0x62, 0x1a, 0x53, 0xb4, 0xb1, 0xbe, 0x6f, 0x15, 0x18, 0x88, 0xd4, 0x66, 0x61, 0xc7, 0x12, 0x69, 0x02, 0xbd, 0x03, 0x23, 0x2b, 0xef, 0xf9, 0x54, 0xa4, 0x85, 0xa8, 0xe3, 0xb7, 0xbd, 0xa9, 0xa3, 0xf3, 0x2a, 0xdd, 0xf1, 0xd4, 0x03, 0x0f, 0xa9, 0xa1, 0xd8, 0xa3, 0xcd, 0xb2, 0x71, 0x90, 0x4b, 0x35, 0x62, 0xf2, 0x2f, 0xce, 0x67, 0x1f, 0xaa, - /* (2^172)P */ 0x9e, 0x1e, 0xcd, 0x43, 0x7e, 0x87, 0x37, 0x94, 0x3a, 0x97, 0x4c, 0x7e, 0xee, 0xc9, 0x37, 0x85, 0xf1, 0xd9, 0x4f, 0xbf, 0xf9, 0x6f, 0x39, 0x9a, 0x39, 0x87, 0x2e, 0x25, 0x84, 0x42, 0xc3, 0x80, 0xcb, 0x07, 0x22, 0xae, 0x30, 0xd5, 0x50, 0xa1, 0x23, 0xcc, 0x31, 0x81, 0x9d, 0xf1, 0x30, 0xd9, 0x2b, 0x73, 0x41, 0x16, 0x50, 0xab, 0x2d, 0xa2, - /* (2^173)P */ 0xa4, 0x69, 0x4f, 0xa1, 0x4e, 0xb9, 0xbf, 0x14, 0xe8, 0x2b, 0x04, 0x93, 0xb7, 0x6e, 0x9f, 0x7d, 0x73, 0x0a, 0xc5, 0x14, 0xb8, 0xde, 0x8c, 0xc1, 0xfe, 0xc0, 0xa7, 0xa4, 0xcc, 0x42, 0x42, 0x81, 0x15, 0x65, 0x8a, 0x80, 0xb9, 0xde, 0x1f, 0x60, 0x33, 0x0e, 0xcb, 0xfc, 0xe0, 0xdb, 0x83, 0xa1, 0xe5, 0xd0, 0x16, 0x86, 0x2c, 0xe2, 0x87, 0xed, - /* (2^174)P */ 0x7a, 0xc0, 0xeb, 0x6b, 0xf6, 0x0d, 0x4c, 0x6d, 0x1e, 0xdb, 0xab, 0xe7, 0x19, 0x45, 0xc6, 0xe3, 0xb2, 0x06, 0xbb, 0xbc, 0x70, 0x99, 0x83, 0x33, 0xeb, 0x28, 0xc8, 0x77, 0xf6, 0x4d, 0x01, 0xb7, 0x59, 0xa0, 0xd2, 0xb3, 0x2a, 0x72, 0x30, 0xe7, 0x11, 0x39, 0xb6, 0x41, 0x29, 0x65, 0x5a, 0x14, 0xb9, 0x86, 0x08, 0xe0, 0x7d, 0x32, 0x8c, 0xf0, - /* (2^175)P */ 0x5c, 0x11, 0x30, 0x9e, 0x05, 0x27, 0xf5, 0x45, 0x0f, 0xb3, 0xc9, 0x75, 0xc3, 0xd7, 0xe1, 0x82, 0x3b, 0x8e, 0x87, 0x23, 0x00, 0x15, 0x19, 0x07, 0xd9, 0x21, 0x53, 0xc7, 0xf1, 0xa3, 0xbf, 0x70, 0x64, 0x15, 0x18, 0xca, 0x23, 0x9e, 0xd3, 0x08, 0xc3, 0x2a, 0x8b, 0xe5, 0x83, 0x04, 0x89, 0x14, 0xfd, 0x28, 0x25, 0x1c, 0xe3, 0x26, 0xa7, 0x22, - /* (2^176)P */ 0xdc, 0xd4, 0x75, 0x60, 0x99, 0x94, 0xea, 0x09, 0x8e, 0x8a, 0x3c, 0x1b, 0xf9, 0xbd, 0x33, 0x0d, 0x51, 0x3d, 0x12, 0x6f, 0x4e, 0x72, 0xe0, 0x17, 0x20, 0xe9, 0x75, 0xe6, 0x3a, 0xb2, 0x13, 0x83, 0x4e, 0x7a, 0x08, 0x9e, 0xd1, 0x04, 0x5f, 0x6b, 0x42, 0x0b, 0x76, 0x2a, 0x2d, 0x77, 0x53, 0x6c, 0x65, 0x6d, 0x8e, 0x25, 0x3c, 0xb6, 0x8b, 0x69, - /* (2^177)P */ 0xb9, 0x49, 0x28, 0xd0, 0xdc, 0x6c, 0x8f, 0x4c, 0xc9, 0x14, 0x8a, 0x38, 0xa3, 0xcb, 0xc4, 0x9d, 0x53, 0xcf, 0xe9, 0xe3, 0xcf, 0xe0, 0xb1, 0xf2, 0x1b, 0x4c, 0x7f, 0x83, 0x2a, 0x7a, 0xe9, 0x8b, 0x3b, 0x86, 0x61, 0x30, 0xe9, 0x99, 0xbd, 0xba, 0x19, 0x6e, 0x65, 0x2a, 0x12, 0x3e, 0x9c, 0xa8, 0xaf, 0xc3, 0xcf, 0xf8, 0x1f, 0x77, 0x86, 0xea, - /* (2^178)P */ 0x30, 0xde, 0xe7, 0xff, 0x54, 0xf7, 0xa2, 0x59, 0xf6, 0x0b, 0xfb, 0x7a, 0xf2, 0x39, 0xf0, 0xdb, 0x39, 0xbc, 0xf0, 0xfa, 0x60, 0xeb, 0x6b, 0x4f, 0x47, 0x17, 0xc8, 0x00, 0x65, 0x6d, 0x25, 0x1c, 0xd0, 0x48, 0x56, 0x53, 0x45, 0x11, 0x30, 0x02, 0x49, 0x20, 0x27, 0xac, 0xf2, 0x4c, 0xac, 0x64, 0x3d, 0x52, 0xb8, 0x89, 0xe0, 0x93, 0x16, 0x0f, - /* (2^179)P */ 0x84, 0x09, 0xba, 0x40, 0xb2, 0x2f, 0xa3, 0xa8, 0xc2, 0xba, 0x46, 0x33, 0x05, 0x9d, 0x62, 0xad, 0xa1, 0x3c, 0x33, 0xef, 0x0d, 0xeb, 0xf0, 0x77, 0x11, 0x5a, 0xb0, 0x21, 0x9c, 0xdf, 0x55, 0x24, 0x25, 0x35, 0x51, 0x61, 0x92, 0xf0, 0xb1, 0xce, 0xf5, 0xd4, 0x7b, 0x6c, 0x21, 0x9d, 0x56, 0x52, 0xf8, 0xa1, 0x4c, 0xe9, 0x27, 0x55, 0xac, 0x91, - /* (2^180)P */ 0x03, 0x3e, 0x30, 0xd2, 0x0a, 0xfa, 0x7d, 0x82, 0x3d, 0x1f, 0x8b, 0xcb, 0xb6, 0x04, 0x5c, 0xcc, 0x8b, 0xda, 0xe2, 0x68, 0x74, 0x08, 0x8c, 0x44, 0x83, 0x57, 0x6d, 0x6f, 0x80, 0xb0, 0x7e, 0xa9, 0x82, 0x91, 0x7b, 0x4c, 0x37, 0x97, 0xd1, 0x63, 0xd1, 0xbd, 0x45, 0xe6, 0x8a, 0x86, 0xd6, 0x89, 0x54, 0xfd, 0xd2, 0xb1, 0xd7, 0x54, 0xad, 0xaf, - /* (2^181)P */ 0x8b, 0x33, 0x62, 0x49, 0x9f, 0x63, 0xf9, 0x87, 0x42, 0x58, 0xbf, 0xb3, 0xe6, 0x68, 0x02, 0x60, 0x5c, 0x76, 0x62, 0xf7, 0x61, 0xd7, 0x36, 0x31, 0xf7, 0x9c, 0xb5, 0xe5, 0x13, 0x6c, 0xea, 0x78, 0xae, 0xcf, 0xde, 0xbf, 0xb6, 0xeb, 0x4f, 0xc8, 0x2a, 0xb4, 0x9a, 0x9f, 0xf3, 0xd1, 0x6a, 0xec, 0x0c, 0xbd, 0x85, 0x98, 0x40, 0x06, 0x1c, 0x2a, - /* (2^182)P */ 0x74, 0x3b, 0xe7, 0x81, 0xd5, 0xae, 0x54, 0x56, 0x03, 0xe8, 0x97, 0x16, 0x76, 0xcf, 0x24, 0x96, 0x96, 0x5b, 0xcc, 0x09, 0xab, 0x23, 0x6f, 0x54, 0xae, 0x8f, 0xe4, 0x12, 0xcb, 0xfd, 0xbc, 0xac, 0x93, 0x45, 0x3d, 0x68, 0x08, 0x22, 0x59, 0xc6, 0xf0, 0x47, 0x19, 0x8c, 0x79, 0x93, 0x1e, 0x0e, 0x30, 0xb0, 0x94, 0xfb, 0x17, 0x1d, 0x5a, 0x12, - /* (2^183)P */ 0x85, 0xff, 0x40, 0x18, 0x85, 0xff, 0x44, 0x37, 0x69, 0x23, 0x4d, 0x34, 0xe1, 0xeb, 0xa3, 0x1b, 0x55, 0x40, 0xc1, 0x64, 0xf4, 0xd4, 0x13, 0x0a, 0x9f, 0xb9, 0x19, 0xfc, 0x88, 0x7d, 0xc0, 0x72, 0xcf, 0x69, 0x2f, 0xd2, 0x0c, 0x82, 0x0f, 0xda, 0x08, 0xba, 0x0f, 0xaa, 0x3b, 0xe9, 0xe5, 0x83, 0x7a, 0x06, 0xe8, 0x1b, 0x38, 0x43, 0xc3, 0x54, - /* (2^184)P */ 0x14, 0xaa, 0xb3, 0x6e, 0xe6, 0x28, 0xee, 0xc5, 0x22, 0x6c, 0x7c, 0xf9, 0xa8, 0x71, 0xcc, 0xfe, 0x68, 0x7e, 0xd3, 0xb8, 0x37, 0x96, 0xca, 0x0b, 0xd9, 0xb6, 0x06, 0xa9, 0xf6, 0x71, 0xe8, 0x31, 0xf7, 0xd8, 0xf1, 0x5d, 0xab, 0xb9, 0xf0, 0x5c, 0x98, 0xcf, 0x22, 0xa2, 0x2a, 0xf6, 0xd0, 0x59, 0xf0, 0x9d, 0xd9, 0x6a, 0x4f, 0x59, 0x57, 0xad, - /* (2^185)P */ 0xd7, 0x2b, 0x3d, 0x38, 0x4c, 0x2e, 0x23, 0x4d, 0x49, 0xa2, 0x62, 0x62, 0xf9, 0x0f, 0xde, 0x08, 0xf3, 0x86, 0x71, 0xb6, 0xc7, 0xf9, 0x85, 0x9c, 0x33, 0xa1, 0xcf, 0x16, 0xaa, 0x60, 0xb9, 0xb7, 0xea, 0xed, 0x01, 0x1c, 0x59, 0xdb, 0x3f, 0x3f, 0x97, 0x2e, 0xf0, 0x09, 0x9f, 0x10, 0x85, 0x5f, 0x53, 0x39, 0xf3, 0x13, 0x40, 0x56, 0x95, 0xf9, - /* (2^186)P */ 0xb4, 0xe3, 0xda, 0xc6, 0x1f, 0x78, 0x8e, 0xac, 0xd4, 0x20, 0x1d, 0xa0, 0xbf, 0x4c, 0x09, 0x16, 0xa7, 0x30, 0xb5, 0x8d, 0x9e, 0xa1, 0x5f, 0x6d, 0x52, 0xf4, 0x71, 0xb6, 0x32, 0x2d, 0x21, 0x51, 0xc6, 0xfc, 0x2f, 0x08, 0xf4, 0x13, 0x6c, 0x55, 0xba, 0x72, 0x81, 0x24, 0x49, 0x0e, 0x4f, 0x06, 0x36, 0x39, 0x6a, 0xc5, 0x81, 0xfc, 0xeb, 0xb2, - /* (2^187)P */ 0x7d, 0x8d, 0xc8, 0x6c, 0xea, 0xb4, 0xb9, 0xe8, 0x40, 0xc9, 0x69, 0xc9, 0x30, 0x05, 0xfd, 0x34, 0x46, 0xfd, 0x94, 0x05, 0x16, 0xf5, 0x4b, 0x13, 0x3d, 0x24, 0x1a, 0xd6, 0x64, 0x2b, 0x9c, 0xe2, 0xa5, 0xd9, 0x98, 0xe0, 0xe8, 0xf4, 0xbc, 0x2c, 0xbd, 0xa2, 0x56, 0xe3, 0x9e, 0x14, 0xdb, 0xbf, 0x05, 0xbf, 0x9a, 0x13, 0x5d, 0xf7, 0x91, 0xa3, - /* (2^188)P */ 0x8b, 0xcb, 0x27, 0xf3, 0x15, 0x26, 0x05, 0x40, 0x0f, 0xa6, 0x15, 0x13, 0x71, 0x95, 0xa2, 0xc6, 0x38, 0x04, 0x67, 0xf8, 0x9a, 0x83, 0x06, 0xaa, 0x25, 0x36, 0x72, 0x01, 0x6f, 0x74, 0x5f, 0xe5, 0x6e, 0x44, 0x99, 0xce, 0x13, 0xbc, 0x82, 0xc2, 0x0d, 0xa4, 0x98, 0x50, 0x38, 0xf3, 0xa2, 0xc5, 0xe5, 0x24, 0x1f, 0x6f, 0x56, 0x3e, 0x07, 0xb2, - /* (2^189)P */ 0xbd, 0x0f, 0x32, 0x60, 0x07, 0xb1, 0xd7, 0x0b, 0x11, 0x07, 0x57, 0x02, 0x89, 0xe8, 0x8b, 0xe8, 0x5a, 0x1f, 0xee, 0x54, 0x6b, 0xff, 0xb3, 0x04, 0x07, 0x57, 0x13, 0x0b, 0x94, 0xa8, 0x4d, 0x81, 0xe2, 0x17, 0x16, 0x45, 0xd4, 0x4b, 0xf7, 0x7e, 0x64, 0x66, 0x20, 0xe8, 0x0b, 0x26, 0xfd, 0xa9, 0x8a, 0x47, 0x52, 0x89, 0x14, 0xd0, 0xd1, 0xa1, - /* (2^190)P */ 0xdc, 0x03, 0xe6, 0x20, 0x44, 0x47, 0x8f, 0x04, 0x16, 0x24, 0x22, 0xc1, 0x55, 0x5c, 0xbe, 0x43, 0xc3, 0x92, 0xc5, 0x54, 0x3d, 0x5d, 0xd1, 0x05, 0x9c, 0xc6, 0x7c, 0xbf, 0x23, 0x84, 0x1a, 0xba, 0x4f, 0x1f, 0xfc, 0xa1, 0xae, 0x1a, 0x64, 0x02, 0x51, 0xf1, 0xcb, 0x7a, 0x20, 0xce, 0xb2, 0x34, 0x3c, 0xca, 0xe0, 0xe4, 0xba, 0x22, 0xd4, 0x7b, - /* (2^191)P */ 0xca, 0xfd, 0xca, 0xd7, 0xde, 0x61, 0xae, 0xf0, 0x79, 0x0c, 0x20, 0xab, 0xbc, 0x6f, 0x4d, 0x61, 0xf0, 0xc7, 0x9c, 0x8d, 0x4b, 0x52, 0xf3, 0xb9, 0x48, 0x63, 0x0b, 0xb6, 0xd2, 0x25, 0x9a, 0x96, 0x72, 0xc1, 0x6b, 0x0c, 0xb5, 0xfb, 0x71, 0xaa, 0xad, 0x47, 0x5b, 0xe7, 0xc0, 0x0a, 0x55, 0xb2, 0xd4, 0x16, 0x2f, 0xb1, 0x01, 0xfd, 0xce, 0x27, - /* (2^192)P */ 0x64, 0x11, 0x4b, 0xab, 0x57, 0x09, 0xc6, 0x49, 0x4a, 0x37, 0xc3, 0x36, 0xc4, 0x7b, 0x81, 0x1f, 0x42, 0xed, 0xbb, 0xe0, 0xa0, 0x8d, 0x51, 0xe6, 0xca, 0x8b, 0xb9, 0xcd, 0x99, 0x2d, 0x91, 0x53, 0xa9, 0x47, 0xcb, 0x32, 0xc7, 0xa4, 0x92, 0xec, 0x46, 0x74, 0x44, 0x6d, 0x71, 0x9f, 0x6d, 0x0c, 0x69, 0xa4, 0xf8, 0xbe, 0x9f, 0x7f, 0xa0, 0xd7, - /* (2^193)P */ 0x5f, 0x33, 0xb6, 0x91, 0xc8, 0xa5, 0x3f, 0x5d, 0x7f, 0x38, 0x6e, 0x74, 0x20, 0x4a, 0xd6, 0x2b, 0x98, 0x2a, 0x41, 0x4b, 0x83, 0x64, 0x0b, 0x92, 0x7a, 0x06, 0x1e, 0xc6, 0x2c, 0xf6, 0xe4, 0x91, 0xe5, 0xb1, 0x2e, 0x6e, 0x4e, 0xa8, 0xc8, 0x14, 0x32, 0x57, 0x44, 0x1c, 0xe4, 0xb9, 0x7f, 0x54, 0x51, 0x08, 0x81, 0xaa, 0x4e, 0xce, 0xa1, 0x5d, - /* (2^194)P */ 0x5c, 0xd5, 0x9b, 0x5e, 0x7c, 0xb5, 0xb1, 0x52, 0x73, 0x00, 0x41, 0x56, 0x79, 0x08, 0x7e, 0x07, 0x28, 0x06, 0xa6, 0xfb, 0x7f, 0x69, 0xbd, 0x7a, 0x3c, 0xae, 0x9f, 0x39, 0xbb, 0x54, 0xa2, 0x79, 0xb9, 0x0e, 0x7f, 0xbb, 0xe0, 0xe6, 0xb7, 0x27, 0x64, 0x38, 0x45, 0xdb, 0x84, 0xe4, 0x61, 0x72, 0x3f, 0xe2, 0x24, 0xfe, 0x7a, 0x31, 0x9a, 0xc9, - /* (2^195)P */ 0xa1, 0xd2, 0xa4, 0xee, 0x24, 0x96, 0xe5, 0x5b, 0x79, 0x78, 0x3c, 0x7b, 0x82, 0x3b, 0x8b, 0x58, 0x0b, 0xa3, 0x63, 0x2d, 0xbc, 0x75, 0x46, 0xe8, 0x83, 0x1a, 0xc0, 0x2a, 0x92, 0x61, 0xa8, 0x75, 0x37, 0x3c, 0xbf, 0x0f, 0xef, 0x8f, 0x6c, 0x97, 0x75, 0x10, 0x05, 0x7a, 0xde, 0x23, 0xe8, 0x2a, 0x35, 0xeb, 0x41, 0x64, 0x7d, 0xcf, 0xe0, 0x52, - /* (2^196)P */ 0x4a, 0xd0, 0x49, 0x93, 0xae, 0xf3, 0x24, 0x8c, 0xe1, 0x09, 0x98, 0x45, 0xd8, 0xb9, 0xfe, 0x8e, 0x8c, 0xa8, 0x2c, 0xc9, 0x9f, 0xce, 0x01, 0xdc, 0x38, 0x11, 0xab, 0x85, 0xb9, 0xe8, 0x00, 0x51, 0xfd, 0x82, 0xe1, 0x9b, 0x4e, 0xfc, 0xb5, 0x2a, 0x0f, 0x8b, 0xda, 0x4e, 0x02, 0xca, 0xcc, 0xe3, 0x91, 0xc4, 0xe0, 0xcf, 0x7b, 0xd6, 0xe6, 0x6a, - /* (2^197)P */ 0xfe, 0x11, 0xd7, 0xaa, 0xe3, 0x0c, 0x52, 0x2e, 0x04, 0xe0, 0xe0, 0x61, 0xc8, 0x05, 0xd7, 0x31, 0x4c, 0xc3, 0x9b, 0x2d, 0xce, 0x59, 0xbe, 0x12, 0xb7, 0x30, 0x21, 0xfc, 0x81, 0xb8, 0x5e, 0x57, 0x73, 0xd0, 0xad, 0x8e, 0x9e, 0xe4, 0xeb, 0xcd, 0xcf, 0xd2, 0x0f, 0x01, 0x35, 0x16, 0xed, 0x7a, 0x43, 0x8e, 0x42, 0xdc, 0xea, 0x4c, 0xa8, 0x7c, - /* (2^198)P */ 0x37, 0x26, 0xcc, 0x76, 0x0b, 0xe5, 0x76, 0xdd, 0x3e, 0x19, 0x3c, 0xc4, 0x6c, 0x7f, 0xd0, 0x03, 0xc1, 0xb8, 0x59, 0x82, 0xca, 0x36, 0xc1, 0xe4, 0xc8, 0xb2, 0x83, 0x69, 0x9c, 0xc5, 0x9d, 0x12, 0x82, 0x1c, 0xea, 0xb2, 0x84, 0x9f, 0xf3, 0x52, 0x6b, 0xbb, 0xd8, 0x81, 0x56, 0x83, 0x04, 0x66, 0x05, 0x22, 0x49, 0x37, 0x93, 0xb1, 0xfd, 0xd5, - /* (2^199)P */ 0xaf, 0x96, 0xbf, 0x03, 0xbe, 0xe6, 0x5d, 0x78, 0x19, 0xba, 0x37, 0x46, 0x0a, 0x2b, 0x52, 0x7c, 0xd8, 0x51, 0x9e, 0x3d, 0x29, 0x42, 0xdb, 0x0e, 0x31, 0x20, 0x94, 0xf8, 0x43, 0x9a, 0x2d, 0x22, 0xd3, 0xe3, 0xa1, 0x79, 0x68, 0xfb, 0x2d, 0x7e, 0xd6, 0x79, 0xda, 0x0b, 0xc6, 0x5b, 0x76, 0x68, 0xf0, 0xfe, 0x72, 0x59, 0xbb, 0xa1, 0x9c, 0x74, - /* (2^200)P */ 0x0a, 0xd9, 0xec, 0xc5, 0xbd, 0xf0, 0xda, 0xcf, 0x82, 0xab, 0x46, 0xc5, 0x32, 0x13, 0xdc, 0x5b, 0xac, 0xc3, 0x53, 0x9a, 0x7f, 0xef, 0xa5, 0x40, 0x5a, 0x1f, 0xc1, 0x12, 0x91, 0x54, 0x83, 0x6a, 0xb0, 0x9a, 0x85, 0x4d, 0xbf, 0x36, 0x8e, 0xd3, 0xa2, 0x2b, 0xe5, 0xd6, 0xc6, 0xe1, 0x58, 0x5b, 0x82, 0x9b, 0xc8, 0xf2, 0x03, 0xba, 0xf5, 0x92, - /* (2^201)P */ 0xfb, 0x21, 0x7e, 0xde, 0xe7, 0xb4, 0xc0, 0x56, 0x86, 0x3a, 0x5b, 0x78, 0xf8, 0xf0, 0xf4, 0xe7, 0x5c, 0x00, 0xd2, 0xd7, 0xd6, 0xf8, 0x75, 0x5e, 0x0f, 0x3e, 0xd1, 0x4b, 0x77, 0xd8, 0xad, 0xb0, 0xc9, 0x8b, 0x59, 0x7d, 0x30, 0x76, 0x64, 0x7a, 0x76, 0xd9, 0x51, 0x69, 0xfc, 0xbd, 0x8e, 0xb5, 0x55, 0xe0, 0xd2, 0x07, 0x15, 0xa9, 0xf7, 0xa4, - /* (2^202)P */ 0xaa, 0x2d, 0x2f, 0x2b, 0x3c, 0x15, 0xdd, 0xcd, 0xe9, 0x28, 0x82, 0x4f, 0xa2, 0xaa, 0x31, 0x48, 0xcc, 0xfa, 0x07, 0x73, 0x8a, 0x34, 0x74, 0x0d, 0xab, 0x1a, 0xca, 0xd2, 0xbf, 0x3a, 0xdb, 0x1a, 0x5f, 0x50, 0x62, 0xf4, 0x6b, 0x83, 0x38, 0x43, 0x96, 0xee, 0x6b, 0x39, 0x1e, 0xf0, 0x17, 0x80, 0x1e, 0x9b, 0xed, 0x2b, 0x2f, 0xcc, 0x65, 0xf7, - /* (2^203)P */ 0x03, 0xb3, 0x23, 0x9c, 0x0d, 0xd1, 0xeb, 0x7e, 0x34, 0x17, 0x8a, 0x4c, 0xde, 0x54, 0x39, 0xc4, 0x11, 0x82, 0xd3, 0xa4, 0x00, 0x32, 0x95, 0x9c, 0xa6, 0x64, 0x76, 0x6e, 0xd6, 0x53, 0x27, 0xb4, 0x6a, 0x14, 0x8c, 0x54, 0xf6, 0x58, 0x9e, 0x22, 0x4a, 0x55, 0x18, 0x77, 0xd0, 0x08, 0x6b, 0x19, 0x8a, 0xb5, 0xe7, 0x19, 0xb8, 0x60, 0x92, 0xb1, - /* (2^204)P */ 0x66, 0xec, 0xf3, 0x12, 0xde, 0x67, 0x7f, 0xd4, 0x5b, 0xf6, 0x70, 0x64, 0x0a, 0xb5, 0xc2, 0xf9, 0xb3, 0x64, 0xab, 0x56, 0x46, 0xc7, 0x93, 0xc2, 0x8b, 0x2d, 0xd0, 0xd6, 0x39, 0x3b, 0x1f, 0xcd, 0xb3, 0xac, 0xcc, 0x2c, 0x27, 0x6a, 0xbc, 0xb3, 0x4b, 0xa8, 0x3c, 0x69, 0x20, 0xe2, 0x18, 0x35, 0x17, 0xe1, 0x8a, 0xd3, 0x11, 0x74, 0xaa, 0x4d, - /* (2^205)P */ 0x96, 0xc4, 0x16, 0x7e, 0xfd, 0xf5, 0xd0, 0x7d, 0x1f, 0x32, 0x1b, 0xdb, 0xa6, 0xfd, 0x51, 0x75, 0x4d, 0xd7, 0x00, 0xe5, 0x7f, 0x58, 0x5b, 0xeb, 0x4b, 0x6a, 0x78, 0xfe, 0xe5, 0xd6, 0x8f, 0x99, 0x17, 0xca, 0x96, 0x45, 0xf7, 0x52, 0xdf, 0x84, 0x06, 0x77, 0xb9, 0x05, 0x63, 0x5d, 0xe9, 0x91, 0xb1, 0x4b, 0x82, 0x5a, 0xdb, 0xd7, 0xca, 0x69, - /* (2^206)P */ 0x02, 0xd3, 0x38, 0x38, 0x87, 0xea, 0xbd, 0x9f, 0x11, 0xca, 0xf3, 0x21, 0xf1, 0x9b, 0x35, 0x97, 0x98, 0xff, 0x8e, 0x6d, 0x3d, 0xd6, 0xb2, 0xfa, 0x68, 0xcb, 0x7e, 0x62, 0x85, 0xbb, 0xc7, 0x5d, 0xee, 0x32, 0x30, 0x2e, 0x71, 0x96, 0x63, 0x43, 0x98, 0xc4, 0xa7, 0xde, 0x60, 0xb2, 0xd9, 0x43, 0x4a, 0xfa, 0x97, 0x2d, 0x5f, 0x21, 0xd4, 0xfe, - /* (2^207)P */ 0x3b, 0x20, 0x29, 0x07, 0x07, 0xb5, 0x78, 0xc3, 0xc7, 0xab, 0x56, 0xba, 0x40, 0xde, 0x1d, 0xcf, 0xc3, 0x00, 0x56, 0x21, 0x0c, 0xc8, 0x42, 0xd9, 0x0e, 0xcd, 0x02, 0x7c, 0x07, 0xb9, 0x11, 0xd7, 0x96, 0xaf, 0xff, 0xad, 0xc5, 0xba, 0x30, 0x6d, 0x82, 0x3a, 0xbf, 0xef, 0x7b, 0xf7, 0x0a, 0x74, 0xbd, 0x31, 0x0c, 0xe4, 0xec, 0x1a, 0xe5, 0xc5, - /* (2^208)P */ 0xcc, 0xf2, 0x28, 0x16, 0x12, 0xbf, 0xef, 0x85, 0xbc, 0xf7, 0xcb, 0x9f, 0xdb, 0xa8, 0xb2, 0x49, 0x53, 0x48, 0xa8, 0x24, 0xa8, 0x68, 0x8d, 0xbb, 0x21, 0x0a, 0x5a, 0xbd, 0xb2, 0x91, 0x61, 0x47, 0xc4, 0x43, 0x08, 0xa6, 0x19, 0xef, 0x8e, 0x88, 0x39, 0xc6, 0x33, 0x30, 0xf3, 0x0e, 0xc5, 0x92, 0x66, 0xd6, 0xfe, 0xc5, 0x12, 0xd9, 0x4c, 0x2d, - /* (2^209)P */ 0x30, 0x34, 0x07, 0xbf, 0x9c, 0x5a, 0x4e, 0x65, 0xf1, 0x39, 0x35, 0x38, 0xae, 0x7b, 0x55, 0xac, 0x6a, 0x92, 0x24, 0x7e, 0x50, 0xd3, 0xba, 0x78, 0x51, 0xfe, 0x4d, 0x32, 0x05, 0x11, 0xf5, 0x52, 0xf1, 0x31, 0x45, 0x39, 0x98, 0x7b, 0x28, 0x56, 0xc3, 0x5d, 0x4f, 0x07, 0x6f, 0x84, 0xb8, 0x1a, 0x58, 0x0b, 0xc4, 0x7c, 0xc4, 0x8d, 0x32, 0x8e, - /* (2^210)P */ 0x7e, 0xaf, 0x98, 0xce, 0xc5, 0x2b, 0x9d, 0xf6, 0xfa, 0x2c, 0xb6, 0x2a, 0x5a, 0x1d, 0xc0, 0x24, 0x8d, 0xa4, 0xce, 0xb1, 0x12, 0x01, 0xf9, 0x79, 0xc6, 0x79, 0x38, 0x0c, 0xd4, 0x07, 0xc9, 0xf7, 0x37, 0xa1, 0x0b, 0xfe, 0x72, 0xec, 0x5d, 0xd6, 0xb0, 0x1c, 0x70, 0xbe, 0x70, 0x01, 0x13, 0xe0, 0x86, 0x95, 0xc7, 0x2e, 0x12, 0x3b, 0xe6, 0xa6, - /* (2^211)P */ 0x24, 0x82, 0x67, 0xe0, 0x14, 0x7b, 0x56, 0x08, 0x38, 0x44, 0xdb, 0xa0, 0x3a, 0x05, 0x47, 0xb2, 0xc0, 0xac, 0xd1, 0xcc, 0x3f, 0x82, 0xb8, 0x8a, 0x88, 0xbc, 0xf5, 0x33, 0xa1, 0x35, 0x0f, 0xf6, 0xe2, 0xef, 0x6c, 0xf7, 0x37, 0x9e, 0xe8, 0x10, 0xca, 0xb0, 0x8e, 0x80, 0x86, 0x00, 0x23, 0xd0, 0x4a, 0x76, 0x9f, 0xf7, 0x2c, 0x52, 0x15, 0x0e, - /* (2^212)P */ 0x5e, 0x49, 0xe1, 0x2c, 0x9a, 0x01, 0x76, 0xa6, 0xb3, 0x07, 0x5b, 0xa4, 0x07, 0xef, 0x1d, 0xc3, 0x6a, 0xbb, 0x64, 0xbe, 0x71, 0x15, 0x6e, 0x32, 0x31, 0x46, 0x9a, 0x9e, 0x8f, 0x45, 0x73, 0xce, 0x0b, 0x94, 0x1a, 0x52, 0x07, 0xf4, 0x50, 0x30, 0x49, 0x53, 0x50, 0xfb, 0x71, 0x1f, 0x5a, 0x03, 0xa9, 0x76, 0xf2, 0x8f, 0x42, 0xff, 0xed, 0xed, - /* (2^213)P */ 0xed, 0x08, 0xdb, 0x91, 0x1c, 0xee, 0xa2, 0xb4, 0x47, 0xa2, 0xfa, 0xcb, 0x03, 0xd1, 0xff, 0x8c, 0xad, 0x64, 0x50, 0x61, 0xcd, 0xfc, 0x88, 0xa0, 0x31, 0x95, 0x30, 0xb9, 0x58, 0xdd, 0xd7, 0x43, 0xe4, 0x46, 0xc2, 0x16, 0xd9, 0x72, 0x4a, 0x56, 0x51, 0x70, 0x85, 0xf1, 0xa1, 0x80, 0x40, 0xd5, 0xba, 0x67, 0x81, 0xda, 0xcd, 0x03, 0xea, 0x51, - /* (2^214)P */ 0x42, 0x50, 0xf0, 0xef, 0x37, 0x61, 0x72, 0x85, 0xe1, 0xf1, 0xff, 0x6f, 0x3d, 0xe8, 0x7b, 0x21, 0x5c, 0xe5, 0x50, 0x03, 0xde, 0x00, 0xc1, 0xf7, 0x3a, 0x55, 0x12, 0x1c, 0x9e, 0x1e, 0xce, 0xd1, 0x2f, 0xaf, 0x05, 0x70, 0x5b, 0x47, 0xf2, 0x04, 0x7a, 0x89, 0xbc, 0x78, 0xa6, 0x65, 0x6c, 0xaa, 0x3c, 0xa2, 0x3c, 0x8b, 0x5c, 0xa9, 0x22, 0x48, - /* (2^215)P */ 0x7e, 0x8c, 0x8f, 0x2f, 0x60, 0xe3, 0x5a, 0x94, 0xd4, 0xce, 0xdd, 0x9d, 0x83, 0x3b, 0x77, 0x78, 0x43, 0x1d, 0xfd, 0x8f, 0xc8, 0xe8, 0x02, 0x90, 0xab, 0xf6, 0xc9, 0xfc, 0xf1, 0x63, 0xaa, 0x5f, 0x42, 0xf1, 0x78, 0x34, 0x64, 0x16, 0x75, 0x9c, 0x7d, 0xd0, 0xe4, 0x74, 0x5a, 0xa8, 0xfb, 0xcb, 0xac, 0x20, 0xa3, 0xc2, 0xa6, 0x20, 0xf8, 0x1b, - /* (2^216)P */ 0x00, 0x4f, 0x1e, 0x56, 0xb5, 0x34, 0xb2, 0x87, 0x31, 0xe5, 0xee, 0x8d, 0xf1, 0x41, 0x67, 0xb7, 0x67, 0x3a, 0x54, 0x86, 0x5c, 0xf0, 0x0b, 0x37, 0x2f, 0x1b, 0x92, 0x5d, 0x58, 0x93, 0xdc, 0xd8, 0x58, 0xcc, 0x9e, 0x67, 0xd0, 0x97, 0x3a, 0xaf, 0x49, 0x39, 0x2d, 0x3b, 0xd8, 0x98, 0xfb, 0x76, 0x6b, 0xe7, 0xaf, 0xc3, 0x45, 0x44, 0x53, 0x94, - /* (2^217)P */ 0x30, 0xbd, 0x90, 0x75, 0xd3, 0xbd, 0x3b, 0x58, 0x27, 0x14, 0x9f, 0x6b, 0xd4, 0x31, 0x99, 0xcd, 0xde, 0x3a, 0x21, 0x1e, 0xb4, 0x02, 0xe4, 0x33, 0x04, 0x02, 0xb0, 0x50, 0x66, 0x68, 0x90, 0xdd, 0x7b, 0x69, 0x31, 0xd9, 0xcf, 0x68, 0x73, 0xf1, 0x60, 0xdd, 0xc8, 0x1d, 0x5d, 0xe3, 0xd6, 0x5b, 0x2a, 0xa4, 0xea, 0xc4, 0x3f, 0x08, 0xcd, 0x9c, - /* (2^218)P */ 0x6b, 0x1a, 0xbf, 0x55, 0xc1, 0x1b, 0x0c, 0x05, 0x09, 0xdf, 0xf5, 0x5e, 0xa3, 0x77, 0x95, 0xe9, 0xdf, 0x19, 0xdd, 0xc7, 0x94, 0xcb, 0x06, 0x73, 0xd0, 0x88, 0x02, 0x33, 0x94, 0xca, 0x7a, 0x2f, 0x8e, 0x3d, 0x72, 0x61, 0x2d, 0x4d, 0xa6, 0x61, 0x1f, 0x32, 0x5e, 0x87, 0x53, 0x36, 0x11, 0x15, 0x20, 0xb3, 0x5a, 0x57, 0x51, 0x93, 0x20, 0xd8, - /* (2^219)P */ 0xb7, 0x56, 0xf4, 0xab, 0x7d, 0x0c, 0xfb, 0x99, 0x1a, 0x30, 0x29, 0xb0, 0x75, 0x2a, 0xf8, 0x53, 0x71, 0x23, 0xbd, 0xa7, 0xd8, 0x0a, 0xe2, 0x27, 0x65, 0xe9, 0x74, 0x26, 0x98, 0x4a, 0x69, 0x19, 0xb2, 0x4d, 0x0a, 0x17, 0x98, 0xb2, 0xa9, 0x57, 0x4e, 0xf6, 0x86, 0xc8, 0x01, 0xa4, 0xc6, 0x98, 0xad, 0x5a, 0x90, 0x2c, 0x05, 0x46, 0x64, 0xb7, - /* (2^220)P */ 0x7b, 0x91, 0xdf, 0xfc, 0xf8, 0x1c, 0x8c, 0x15, 0x9e, 0xf7, 0xd5, 0xa8, 0xe8, 0xe7, 0xe3, 0xa3, 0xb0, 0x04, 0x74, 0xfa, 0x78, 0xfb, 0x26, 0xbf, 0x67, 0x42, 0xf9, 0x8c, 0x9b, 0xb4, 0x69, 0x5b, 0x02, 0x13, 0x6d, 0x09, 0x6c, 0xd6, 0x99, 0x61, 0x7b, 0x89, 0x4a, 0x67, 0x75, 0xa3, 0x98, 0x13, 0x23, 0x1d, 0x18, 0x24, 0x0e, 0xef, 0x41, 0x79, - /* (2^221)P */ 0x86, 0x33, 0xab, 0x08, 0xcb, 0xbf, 0x1e, 0x76, 0x3c, 0x0b, 0xbd, 0x30, 0xdb, 0xe9, 0xa3, 0x35, 0x87, 0x1b, 0xe9, 0x07, 0x00, 0x66, 0x7f, 0x3b, 0x35, 0x0c, 0x8a, 0x3f, 0x61, 0xbc, 0xe0, 0xae, 0xf6, 0xcc, 0x54, 0xe1, 0x72, 0x36, 0x2d, 0xee, 0x93, 0x24, 0xf8, 0xd7, 0xc5, 0xf9, 0xcb, 0xb0, 0xe5, 0x88, 0x0d, 0x23, 0x4b, 0x76, 0x15, 0xa2, - /* (2^222)P */ 0x37, 0xdb, 0x83, 0xd5, 0x6d, 0x06, 0x24, 0x37, 0x1b, 0x15, 0x85, 0x15, 0xe2, 0xc0, 0x4e, 0x02, 0xa9, 0x6d, 0x0a, 0x3a, 0x94, 0x4a, 0x6f, 0x49, 0x00, 0x01, 0x72, 0xbb, 0x60, 0x14, 0x35, 0xae, 0xb4, 0xc6, 0x01, 0x0a, 0x00, 0x9e, 0xc3, 0x58, 0xc5, 0xd1, 0x5e, 0x30, 0x73, 0x96, 0x24, 0x85, 0x9d, 0xf0, 0xf9, 0xec, 0x09, 0xd3, 0xe7, 0x70, - /* (2^223)P */ 0xf3, 0xbd, 0x96, 0x87, 0xe9, 0x71, 0xbd, 0xd6, 0xa2, 0x45, 0xeb, 0x0a, 0xcd, 0x2c, 0xf1, 0x72, 0xa6, 0x31, 0xa9, 0x6f, 0x09, 0xa1, 0x5e, 0xdd, 0xc8, 0x8d, 0x0d, 0xbc, 0x5a, 0x8d, 0xb1, 0x2c, 0x9a, 0xcc, 0x37, 0x74, 0xc2, 0xa9, 0x4e, 0xd6, 0xc0, 0x3c, 0xa0, 0x23, 0xb0, 0xa0, 0x77, 0x14, 0x80, 0x45, 0x71, 0x6a, 0x2d, 0x41, 0xc3, 0x82, - /* (2^224)P */ 0x37, 0x44, 0xec, 0x8a, 0x3e, 0xc1, 0x0c, 0xa9, 0x12, 0x9c, 0x08, 0x88, 0xcb, 0xd9, 0xf8, 0xba, 0x00, 0xd6, 0xc3, 0xdf, 0xef, 0x7a, 0x44, 0x7e, 0x25, 0x69, 0xc9, 0xc1, 0x46, 0xe5, 0x20, 0x9e, 0xcc, 0x0b, 0x05, 0x3e, 0xf4, 0x78, 0x43, 0x0c, 0xa6, 0x2f, 0xc1, 0xfa, 0x70, 0xb2, 0x3c, 0x31, 0x7a, 0x63, 0x58, 0xab, 0x17, 0xcf, 0x4c, 0x4f, - /* (2^225)P */ 0x2b, 0x08, 0x31, 0x59, 0x75, 0x8b, 0xec, 0x0a, 0xa9, 0x79, 0x70, 0xdd, 0xf1, 0x11, 0xc3, 0x11, 0x1f, 0xab, 0x37, 0xaa, 0x26, 0xea, 0x53, 0xc4, 0x79, 0xa7, 0x91, 0x00, 0xaa, 0x08, 0x42, 0xeb, 0x8b, 0x8b, 0xe8, 0xc3, 0x2f, 0xb8, 0x78, 0x90, 0x38, 0x0e, 0x8a, 0x42, 0x0c, 0x0f, 0xbf, 0x3e, 0xf8, 0xd8, 0x07, 0xcf, 0x6a, 0x34, 0xc9, 0xfa, - /* (2^226)P */ 0x11, 0xe0, 0x76, 0x4d, 0x23, 0xc5, 0xa6, 0xcc, 0x9f, 0x9a, 0x2a, 0xde, 0x3a, 0xb5, 0x92, 0x39, 0x19, 0x8a, 0xf1, 0x8d, 0xf9, 0x4d, 0xc9, 0xb4, 0x39, 0x9f, 0x57, 0xd8, 0x72, 0xab, 0x1d, 0x61, 0x6a, 0xb2, 0xff, 0x52, 0xba, 0x54, 0x0e, 0xfb, 0x83, 0x30, 0x8a, 0xf7, 0x3b, 0xf4, 0xd8, 0xae, 0x1a, 0x94, 0x3a, 0xec, 0x63, 0xfe, 0x6e, 0x7c, - /* (2^227)P */ 0xdc, 0x70, 0x8e, 0x55, 0x44, 0xbf, 0xd2, 0x6a, 0xa0, 0x14, 0x61, 0x89, 0xd5, 0x55, 0x45, 0x3c, 0xf6, 0x40, 0x0d, 0x83, 0x85, 0x44, 0xb4, 0x62, 0x56, 0xfe, 0x60, 0xd7, 0x07, 0x1d, 0x47, 0x30, 0x3b, 0x73, 0xa4, 0xb5, 0xb7, 0xea, 0xac, 0xda, 0xf1, 0x17, 0xaa, 0x60, 0xdf, 0xe9, 0x84, 0xda, 0x31, 0x32, 0x61, 0xbf, 0xd0, 0x7e, 0x8a, 0x02, - /* (2^228)P */ 0xb9, 0x51, 0xb3, 0x89, 0x21, 0x5d, 0xa2, 0xfe, 0x79, 0x2a, 0xb3, 0x2a, 0x3b, 0xe6, 0x6f, 0x2b, 0x22, 0x03, 0xea, 0x7b, 0x1f, 0xaf, 0x85, 0xc3, 0x38, 0x55, 0x5b, 0x8e, 0xb4, 0xaa, 0x77, 0xfe, 0x03, 0x6e, 0xda, 0x91, 0x24, 0x0c, 0x48, 0x39, 0x27, 0x43, 0x16, 0xd2, 0x0a, 0x0d, 0x43, 0xa3, 0x0e, 0xca, 0x45, 0xd1, 0x7f, 0xf5, 0xd3, 0x16, - /* (2^229)P */ 0x3d, 0x32, 0x9b, 0x38, 0xf8, 0x06, 0x93, 0x78, 0x5b, 0x50, 0x2b, 0x06, 0xd8, 0x66, 0xfe, 0xab, 0x9b, 0x58, 0xc7, 0xd1, 0x4d, 0xd5, 0xf8, 0x3b, 0x10, 0x7e, 0x85, 0xde, 0x58, 0x4e, 0xdf, 0x53, 0xd9, 0x58, 0xe0, 0x15, 0x81, 0x9f, 0x1a, 0x78, 0xfc, 0x9f, 0x10, 0xc2, 0x23, 0xd6, 0x78, 0xd1, 0x9d, 0xd2, 0xd5, 0x1c, 0x53, 0xe2, 0xc9, 0x76, - /* (2^230)P */ 0x98, 0x1e, 0x38, 0x7b, 0x71, 0x18, 0x4b, 0x15, 0xaf, 0xa1, 0xa6, 0x98, 0xcb, 0x26, 0xa3, 0xc8, 0x07, 0x46, 0xda, 0x3b, 0x70, 0x65, 0xec, 0x7a, 0x2b, 0x34, 0x94, 0xa8, 0xb6, 0x14, 0xf8, 0x1a, 0xce, 0xf7, 0xc8, 0x60, 0xf3, 0x88, 0xf4, 0x33, 0x60, 0x7b, 0xd1, 0x02, 0xe7, 0xda, 0x00, 0x4a, 0xea, 0xd2, 0xfd, 0x88, 0xd2, 0x99, 0x28, 0xf3, - /* (2^231)P */ 0x28, 0x24, 0x1d, 0x26, 0xc2, 0xeb, 0x8b, 0x3b, 0xb4, 0x6b, 0xbe, 0x6b, 0x77, 0xff, 0xf3, 0x21, 0x3b, 0x26, 0x6a, 0x8c, 0x8e, 0x2a, 0x44, 0xa8, 0x01, 0x2b, 0x71, 0xea, 0x64, 0x30, 0xfd, 0xfd, 0x95, 0xcb, 0x39, 0x38, 0x48, 0xfa, 0x96, 0x97, 0x8c, 0x2f, 0x33, 0xca, 0x03, 0xe6, 0xd7, 0x94, 0x55, 0x6c, 0xc3, 0xb3, 0xa8, 0xf7, 0xae, 0x8c, - /* (2^232)P */ 0xea, 0x62, 0x8a, 0xb4, 0xeb, 0x74, 0xf7, 0xb8, 0xae, 0xc5, 0x20, 0x71, 0x06, 0xd6, 0x7c, 0x62, 0x9b, 0x69, 0x74, 0xef, 0xa7, 0x6d, 0xd6, 0x8c, 0x37, 0xb9, 0xbf, 0xcf, 0xeb, 0xe4, 0x2f, 0x04, 0x02, 0x21, 0x7d, 0x75, 0x6b, 0x92, 0x48, 0xf8, 0x70, 0xad, 0x69, 0xe2, 0xea, 0x0e, 0x88, 0x67, 0x72, 0xcc, 0x2d, 0x10, 0xce, 0x2d, 0xcf, 0x65, - /* (2^233)P */ 0x49, 0xf3, 0x57, 0x64, 0xe5, 0x5c, 0xc5, 0x65, 0x49, 0x97, 0xc4, 0x8a, 0xcc, 0xa9, 0xca, 0x94, 0x7b, 0x86, 0x88, 0xb6, 0x51, 0x27, 0x69, 0xa5, 0x0f, 0x8b, 0x06, 0x59, 0xa0, 0x94, 0xef, 0x63, 0x1a, 0x01, 0x9e, 0x4f, 0xd2, 0x5a, 0x93, 0xc0, 0x7c, 0xe6, 0x61, 0x77, 0xb6, 0xf5, 0x40, 0xd9, 0x98, 0x43, 0x5b, 0x56, 0x68, 0xe9, 0x37, 0x8f, - /* (2^234)P */ 0xee, 0x87, 0xd2, 0x05, 0x1b, 0x39, 0x89, 0x10, 0x07, 0x6d, 0xe8, 0xfd, 0x8b, 0x4d, 0xb2, 0xa7, 0x7b, 0x1e, 0xa0, 0x6c, 0x0d, 0x3d, 0x3d, 0x49, 0xba, 0x61, 0x36, 0x1f, 0xc2, 0x84, 0x4a, 0xcc, 0x87, 0xa9, 0x1b, 0x23, 0x04, 0xe2, 0x3e, 0x97, 0xe1, 0xdb, 0xd5, 0x5a, 0xe8, 0x41, 0x6b, 0xe5, 0x5a, 0xa1, 0x99, 0xe5, 0x7b, 0xa7, 0xe0, 0x3b, - /* (2^235)P */ 0xea, 0xa3, 0x6a, 0xdd, 0x77, 0x7f, 0x77, 0x41, 0xc5, 0x6a, 0xe4, 0xaf, 0x11, 0x5f, 0x88, 0xa5, 0x10, 0xee, 0xd0, 0x8c, 0x0c, 0xb4, 0xa5, 0x2a, 0xd0, 0xd8, 0x1d, 0x47, 0x06, 0xc0, 0xd5, 0xce, 0x51, 0x54, 0x9b, 0x2b, 0xe6, 0x2f, 0xe7, 0xe7, 0x31, 0x5f, 0x5c, 0x23, 0x81, 0x3e, 0x03, 0x93, 0xaa, 0x2d, 0x71, 0x84, 0xa0, 0x89, 0x32, 0xa6, - /* (2^236)P */ 0x55, 0xa3, 0x13, 0x92, 0x4e, 0x93, 0x7d, 0xec, 0xca, 0x57, 0xfb, 0x37, 0xae, 0xd2, 0x18, 0x2e, 0x54, 0x05, 0x6c, 0xd1, 0x28, 0xca, 0x90, 0x40, 0x82, 0x2e, 0x79, 0xc6, 0x5a, 0xc7, 0xdd, 0x84, 0x93, 0xdf, 0x15, 0xb8, 0x1f, 0xb1, 0xf9, 0xaf, 0x2c, 0xe5, 0x32, 0xcd, 0xc2, 0x99, 0x6d, 0xac, 0x85, 0x5c, 0x63, 0xd3, 0xe2, 0xff, 0x24, 0xda, - /* (2^237)P */ 0x2d, 0x8d, 0xfd, 0x65, 0xcc, 0xe5, 0x02, 0xa0, 0xe5, 0xb9, 0xec, 0x59, 0x09, 0x50, 0x27, 0xb7, 0x3d, 0x2a, 0x79, 0xb2, 0x76, 0x5d, 0x64, 0x95, 0xf8, 0xc5, 0xaf, 0x8a, 0x62, 0x11, 0x5c, 0x56, 0x1c, 0x05, 0x64, 0x9e, 0x5e, 0xbd, 0x54, 0x04, 0xe6, 0x9e, 0xab, 0xe6, 0x22, 0x7e, 0x42, 0x54, 0xb5, 0xa5, 0xd0, 0x8d, 0x28, 0x6b, 0x0f, 0x0b, - /* (2^238)P */ 0x2d, 0xb2, 0x8c, 0x59, 0x10, 0x37, 0x84, 0x3b, 0x9b, 0x65, 0x1b, 0x0f, 0x10, 0xf9, 0xea, 0x60, 0x1b, 0x02, 0xf5, 0xee, 0x8b, 0xe6, 0x32, 0x7d, 0x10, 0x7f, 0x5f, 0x8c, 0x72, 0x09, 0x4e, 0x1f, 0x29, 0xff, 0x65, 0xcb, 0x3e, 0x3a, 0xd2, 0x96, 0x50, 0x1e, 0xea, 0x64, 0x99, 0xb5, 0x4c, 0x7a, 0x69, 0xb8, 0x95, 0xae, 0x48, 0xc0, 0x7c, 0xb1, - /* (2^239)P */ 0xcd, 0x7c, 0x4f, 0x3e, 0xea, 0xf3, 0x90, 0xcb, 0x12, 0x76, 0xd1, 0x17, 0xdc, 0x0d, 0x13, 0x0f, 0xfd, 0x4d, 0xb5, 0x1f, 0xe4, 0xdd, 0xf2, 0x4d, 0x58, 0xea, 0xa5, 0x66, 0x92, 0xcf, 0xe5, 0x54, 0xea, 0x9b, 0x35, 0x83, 0x1a, 0x44, 0x8e, 0x62, 0x73, 0x45, 0x98, 0xa3, 0x89, 0x95, 0x52, 0x93, 0x1a, 0x8d, 0x63, 0x0f, 0xc2, 0x57, 0x3c, 0xb1, - /* (2^240)P */ 0x72, 0xb4, 0xdf, 0x51, 0xb7, 0xf6, 0x52, 0xa2, 0x14, 0x56, 0xe5, 0x0a, 0x2e, 0x75, 0x81, 0x02, 0xee, 0x93, 0x48, 0x0a, 0x92, 0x4e, 0x0c, 0x0f, 0xdf, 0x09, 0x89, 0x99, 0xf6, 0xf9, 0x22, 0xa2, 0x32, 0xf8, 0xb0, 0x76, 0x0c, 0xb2, 0x4d, 0x6e, 0xbe, 0x83, 0x35, 0x61, 0x44, 0xd2, 0x58, 0xc7, 0xdd, 0x14, 0xcf, 0xc3, 0x4b, 0x7c, 0x07, 0xee, - /* (2^241)P */ 0x8b, 0x03, 0xee, 0xcb, 0xa7, 0x2e, 0x28, 0xbd, 0x97, 0xd1, 0x4c, 0x2b, 0xd1, 0x92, 0x67, 0x5b, 0x5a, 0x12, 0xbf, 0x29, 0x17, 0xfc, 0x50, 0x09, 0x74, 0x76, 0xa2, 0xd4, 0x82, 0xfd, 0x2c, 0x0c, 0x90, 0xf7, 0xe7, 0xe5, 0x9a, 0x2c, 0x16, 0x40, 0xb9, 0x6c, 0xd9, 0xe0, 0x22, 0x9e, 0xf8, 0xdd, 0x73, 0xe4, 0x7b, 0x9e, 0xbe, 0x4f, 0x66, 0x22, - /* (2^242)P */ 0xa4, 0x10, 0xbe, 0xb8, 0x83, 0x3a, 0x77, 0x8e, 0xea, 0x0a, 0xc4, 0x97, 0x3e, 0xb6, 0x6c, 0x81, 0xd7, 0x65, 0xd9, 0xf7, 0xae, 0xe6, 0xbe, 0xab, 0x59, 0x81, 0x29, 0x4b, 0xff, 0xe1, 0x0f, 0xc3, 0x2b, 0xad, 0x4b, 0xef, 0xc4, 0x50, 0x9f, 0x88, 0x31, 0xf2, 0xde, 0x80, 0xd6, 0xf4, 0x20, 0x9c, 0x77, 0x9b, 0xbe, 0xbe, 0x08, 0xf5, 0xf0, 0x95, - /* (2^243)P */ 0x0e, 0x7c, 0x7b, 0x7c, 0xb3, 0xd8, 0x83, 0xfc, 0x8c, 0x75, 0x51, 0x74, 0x1b, 0xe1, 0x6d, 0x11, 0x05, 0x46, 0x24, 0x0d, 0xa4, 0x2b, 0x32, 0xfd, 0x2c, 0x4e, 0x21, 0xdf, 0x39, 0x6b, 0x96, 0xfc, 0xff, 0x92, 0xfc, 0x35, 0x0d, 0x9a, 0x4b, 0xc0, 0x70, 0x46, 0x32, 0x7d, 0xc0, 0xc4, 0x04, 0xe0, 0x2d, 0x83, 0xa7, 0x00, 0xc7, 0xcb, 0xb4, 0x8f, - /* (2^244)P */ 0xa9, 0x5a, 0x7f, 0x0e, 0xdd, 0x2c, 0x85, 0xaa, 0x4d, 0xac, 0xde, 0xb3, 0xb6, 0xaf, 0xe6, 0xd1, 0x06, 0x7b, 0x2c, 0xa4, 0x01, 0x19, 0x22, 0x7d, 0x78, 0xf0, 0x3a, 0xea, 0x89, 0xfe, 0x21, 0x61, 0x6d, 0xb8, 0xfe, 0xa5, 0x2a, 0xab, 0x0d, 0x7b, 0x51, 0x39, 0xb6, 0xde, 0xbc, 0xf0, 0xc5, 0x48, 0xd7, 0x09, 0x82, 0x6e, 0x66, 0x75, 0xc5, 0xcd, - /* (2^245)P */ 0xee, 0xdf, 0x2b, 0x6c, 0xa8, 0xde, 0x61, 0xe1, 0x27, 0xfa, 0x2a, 0x0f, 0x68, 0xe7, 0x7a, 0x9b, 0x13, 0xe9, 0x56, 0xd2, 0x1c, 0x3d, 0x2f, 0x3c, 0x7a, 0xf6, 0x6f, 0x45, 0xee, 0xe8, 0xf4, 0xa0, 0xa6, 0xe8, 0xa5, 0x27, 0xee, 0xf2, 0x85, 0xa9, 0xd5, 0x0e, 0xa9, 0x26, 0x60, 0xfe, 0xee, 0xc7, 0x59, 0x99, 0x5e, 0xa3, 0xdf, 0x23, 0x36, 0xd5, - /* (2^246)P */ 0x15, 0x66, 0x6f, 0xd5, 0x78, 0xa4, 0x0a, 0xf7, 0xb1, 0xe8, 0x75, 0x6b, 0x48, 0x7d, 0xa6, 0x4d, 0x3d, 0x36, 0x9b, 0xc7, 0xcc, 0x68, 0x9a, 0xfe, 0x2f, 0x39, 0x2a, 0x51, 0x31, 0x39, 0x7d, 0x73, 0x6f, 0xc8, 0x74, 0x72, 0x6f, 0x6e, 0xda, 0x5f, 0xad, 0x48, 0xc8, 0x40, 0xe1, 0x06, 0x01, 0x36, 0xa1, 0x88, 0xc8, 0x99, 0x9c, 0xd1, 0x11, 0x8f, - /* (2^247)P */ 0xab, 0xc5, 0xcb, 0xcf, 0xbd, 0x73, 0x21, 0xd0, 0x82, 0xb1, 0x2e, 0x2d, 0xd4, 0x36, 0x1b, 0xed, 0xa9, 0x8a, 0x26, 0x79, 0xc4, 0x17, 0xae, 0xe5, 0x09, 0x0a, 0x0c, 0xa4, 0x21, 0xa0, 0x6e, 0xdd, 0x62, 0x8e, 0x44, 0x62, 0xcc, 0x50, 0xff, 0x93, 0xb3, 0x9a, 0x72, 0x8c, 0x3f, 0xa1, 0xa6, 0x4d, 0x87, 0xd5, 0x1c, 0x5a, 0xc0, 0x0b, 0x1a, 0xd6, - /* (2^248)P */ 0x67, 0x36, 0x6a, 0x1f, 0x96, 0xe5, 0x80, 0x20, 0xa9, 0xe8, 0x0b, 0x0e, 0x21, 0x29, 0x3f, 0xc8, 0x0a, 0x6d, 0x27, 0x47, 0xca, 0xd9, 0x05, 0x55, 0xbf, 0x11, 0xcf, 0x31, 0x7a, 0x37, 0xc7, 0x90, 0xa9, 0xf4, 0x07, 0x5e, 0xd5, 0xc3, 0x92, 0xaa, 0x95, 0xc8, 0x23, 0x2a, 0x53, 0x45, 0xe3, 0x3a, 0x24, 0xe9, 0x67, 0x97, 0x3a, 0x82, 0xf9, 0xa6, - /* (2^249)P */ 0x92, 0x9e, 0x6d, 0x82, 0x67, 0xe9, 0xf9, 0x17, 0x96, 0x2c, 0xa7, 0xd3, 0x89, 0xf9, 0xdb, 0xd8, 0x20, 0xc6, 0x2e, 0xec, 0x4a, 0x76, 0x64, 0xbf, 0x27, 0x40, 0xe2, 0xb4, 0xdf, 0x1f, 0xa0, 0xef, 0x07, 0x80, 0xfb, 0x8e, 0x12, 0xf8, 0xb8, 0xe1, 0xc6, 0xdf, 0x7c, 0x69, 0x35, 0x5a, 0xe1, 0x8e, 0x5d, 0x69, 0x84, 0x56, 0xb6, 0x31, 0x1c, 0x0b, - /* (2^250)P */ 0xd6, 0x94, 0x5c, 0xef, 0xbb, 0x46, 0x45, 0x44, 0x5b, 0xa1, 0xae, 0x03, 0x65, 0xdd, 0xb5, 0x66, 0x88, 0x35, 0x29, 0x95, 0x16, 0x54, 0xa6, 0xf5, 0xc9, 0x78, 0x34, 0xe6, 0x0f, 0xc4, 0x2b, 0x5b, 0x79, 0x51, 0x68, 0x48, 0x3a, 0x26, 0x87, 0x05, 0x70, 0xaf, 0x8b, 0xa6, 0xc7, 0x2e, 0xb3, 0xa9, 0x10, 0x01, 0xb0, 0xb9, 0x31, 0xfd, 0xdc, 0x80, - /* (2^251)P */ 0x25, 0xf2, 0xad, 0xd6, 0x75, 0xa3, 0x04, 0x05, 0x64, 0x8a, 0x97, 0x60, 0x27, 0x2a, 0xe5, 0x6d, 0xb0, 0x73, 0xf4, 0x07, 0x2a, 0x9d, 0xe9, 0x46, 0xb4, 0x1c, 0x51, 0xf8, 0x63, 0x98, 0x7e, 0xe5, 0x13, 0x51, 0xed, 0x98, 0x65, 0x98, 0x4f, 0x8f, 0xe7, 0x7e, 0x72, 0xd7, 0x64, 0x11, 0x2f, 0xcd, 0x12, 0xf8, 0xc4, 0x63, 0x52, 0x0f, 0x7f, 0xc4, - /* (2^252)P */ 0x5c, 0xd9, 0x85, 0x63, 0xc7, 0x8a, 0x65, 0x9a, 0x25, 0x83, 0x31, 0x73, 0x49, 0xf0, 0x93, 0x96, 0x70, 0x67, 0x6d, 0xb1, 0xff, 0x95, 0x54, 0xe4, 0xf8, 0x15, 0x6c, 0x5f, 0xbd, 0xf6, 0x0f, 0x38, 0x7b, 0x68, 0x7d, 0xd9, 0x3d, 0xf0, 0xa9, 0xa0, 0xe4, 0xd1, 0xb6, 0x34, 0x6d, 0x14, 0x16, 0xc2, 0x4c, 0x30, 0x0e, 0x67, 0xd3, 0xbe, 0x2e, 0xc0, - /* (2^253)P */ 0x06, 0x6b, 0x52, 0xc8, 0x14, 0xcd, 0xae, 0x03, 0x93, 0xea, 0xc1, 0xf2, 0xf6, 0x8b, 0xc5, 0xb6, 0xdc, 0x82, 0x42, 0x29, 0x94, 0xe0, 0x25, 0x6c, 0x3f, 0x9f, 0x5d, 0xe4, 0x96, 0xf6, 0x8e, 0x3f, 0xf9, 0x72, 0xc4, 0x77, 0x60, 0x8b, 0xa4, 0xf9, 0xa8, 0xc3, 0x0a, 0x81, 0xb1, 0x97, 0x70, 0x18, 0xab, 0xea, 0x37, 0x8a, 0x08, 0xc7, 0xe2, 0x95, - /* (2^254)P */ 0x94, 0x49, 0xd9, 0x5f, 0x76, 0x72, 0x82, 0xad, 0x2d, 0x50, 0x1a, 0x7a, 0x5b, 0xe6, 0x95, 0x1e, 0x95, 0x65, 0x87, 0x1c, 0x52, 0xd7, 0x44, 0xe6, 0x9b, 0x56, 0xcd, 0x6f, 0x05, 0xff, 0x67, 0xc5, 0xdb, 0xa2, 0xac, 0xe4, 0xa2, 0x28, 0x63, 0x5f, 0xfb, 0x0c, 0x3b, 0xf1, 0x87, 0xc3, 0x36, 0x78, 0x3f, 0x77, 0xfa, 0x50, 0x85, 0xf9, 0xd7, 0x82, - /* (2^255)P */ 0x64, 0xc0, 0xe0, 0xd8, 0x2d, 0xed, 0xcb, 0x6a, 0xfd, 0xcd, 0xbc, 0x7e, 0x9f, 0xc8, 0x85, 0xe9, 0xc1, 0x7c, 0x0f, 0xe5, 0x18, 0xea, 0xd4, 0x51, 0xad, 0x59, 0x13, 0x75, 0xd9, 0x3d, 0xd4, 0x8a, 0xb2, 0xbe, 0x78, 0x52, 0x2b, 0x52, 0x94, 0x37, 0x41, 0xd6, 0xb4, 0xb6, 0x45, 0x20, 0x76, 0xe0, 0x1f, 0x31, 0xdb, 0xb1, 0xa1, 0x43, 0xf0, 0x18, - /* (2^256)P */ 0x74, 0xa9, 0xa4, 0xa9, 0xdd, 0x6e, 0x3e, 0x68, 0xe5, 0xc3, 0x2e, 0x92, 0x17, 0xa4, 0xcb, 0x80, 0xb1, 0xf0, 0x06, 0x93, 0xef, 0xe6, 0x00, 0xe6, 0x3b, 0xb1, 0x32, 0x65, 0x7b, 0x83, 0xb6, 0x8a, 0x49, 0x1b, 0x14, 0x89, 0xee, 0xba, 0xf5, 0x6a, 0x8d, 0x36, 0xef, 0xb0, 0xd8, 0xb2, 0x16, 0x99, 0x17, 0x35, 0x02, 0x16, 0x55, 0x58, 0xdd, 0x82, - /* (2^257)P */ 0x36, 0x95, 0xe8, 0xf4, 0x36, 0x42, 0xbb, 0xc5, 0x3e, 0xfa, 0x30, 0x84, 0x9e, 0x59, 0xfd, 0xd2, 0x95, 0x42, 0xf8, 0x64, 0xd9, 0xb9, 0x0e, 0x9f, 0xfa, 0xd0, 0x7b, 0x20, 0x31, 0x77, 0x48, 0x29, 0x4d, 0xd0, 0x32, 0x57, 0x56, 0x30, 0xa6, 0x17, 0x53, 0x04, 0xbf, 0x08, 0x28, 0xec, 0xb8, 0x46, 0xc1, 0x03, 0x89, 0xdc, 0xed, 0xa0, 0x35, 0x53, - /* (2^258)P */ 0xc5, 0x7f, 0x9e, 0xd8, 0xc5, 0xba, 0x5f, 0x68, 0xc8, 0x23, 0x75, 0xea, 0x0d, 0xd9, 0x5a, 0xfd, 0x61, 0x1a, 0xa3, 0x2e, 0x45, 0x63, 0x14, 0x55, 0x86, 0x21, 0x29, 0xbe, 0xef, 0x5e, 0x50, 0xe5, 0x18, 0x59, 0xe7, 0xe3, 0xce, 0x4d, 0x8c, 0x15, 0x8f, 0x89, 0x66, 0x44, 0x52, 0x3d, 0xfa, 0xc7, 0x9a, 0x59, 0x90, 0x8e, 0xc0, 0x06, 0x3f, 0xc9, - /* (2^259)P */ 0x8e, 0x04, 0xd9, 0x16, 0x50, 0x1d, 0x8c, 0x9f, 0xd5, 0xe3, 0xce, 0xfd, 0x47, 0x04, 0x27, 0x4d, 0xc2, 0xfa, 0x71, 0xd9, 0x0b, 0xb8, 0x65, 0xf4, 0x11, 0xf3, 0x08, 0xee, 0x81, 0xc8, 0x67, 0x99, 0x0b, 0x8d, 0x77, 0xa3, 0x4f, 0xb5, 0x9b, 0xdb, 0x26, 0xf1, 0x97, 0xeb, 0x04, 0x54, 0xeb, 0x80, 0x08, 0x1d, 0x1d, 0xf6, 0x3d, 0x1f, 0x5a, 0xb8, - /* (2^260)P */ 0xb7, 0x9c, 0x9d, 0xee, 0xb9, 0x5c, 0xad, 0x0d, 0x9e, 0xfd, 0x60, 0x3c, 0x27, 0x4e, 0xa2, 0x95, 0xfb, 0x64, 0x7e, 0x79, 0x64, 0x87, 0x10, 0xb4, 0x73, 0xe0, 0x9d, 0x46, 0x4d, 0x3d, 0xee, 0x83, 0xe4, 0x16, 0x88, 0x97, 0xe6, 0x4d, 0xba, 0x70, 0xb6, 0x96, 0x7b, 0xff, 0x4b, 0xc8, 0xcf, 0x72, 0x83, 0x3e, 0x5b, 0x24, 0x2e, 0x57, 0xf1, 0x82, - /* (2^261)P */ 0x30, 0x71, 0x40, 0x51, 0x4f, 0x44, 0xbb, 0xc7, 0xf0, 0x54, 0x6e, 0x9d, 0xeb, 0x15, 0xad, 0xf8, 0x61, 0x43, 0x5a, 0xef, 0xc0, 0xb1, 0x57, 0xae, 0x03, 0x40, 0xe8, 0x68, 0x6f, 0x03, 0x20, 0x4f, 0x8a, 0x51, 0x2a, 0x9e, 0xd2, 0x45, 0xaf, 0xb4, 0xf5, 0xd4, 0x95, 0x7f, 0x3d, 0x3d, 0xb7, 0xb6, 0x28, 0xc5, 0x08, 0x8b, 0x44, 0xd6, 0x3f, 0xe7, - /* (2^262)P */ 0xa9, 0x52, 0x04, 0x67, 0xcb, 0x20, 0x63, 0xf8, 0x18, 0x01, 0x44, 0x21, 0x6a, 0x8a, 0x83, 0x48, 0xd4, 0xaf, 0x23, 0x0f, 0x35, 0x8d, 0xe5, 0x5a, 0xc4, 0x7c, 0x55, 0x46, 0x19, 0x5f, 0x35, 0xe0, 0x5d, 0x97, 0x4c, 0x2d, 0x04, 0xed, 0x59, 0xd4, 0xb0, 0xb2, 0xc6, 0xe3, 0x51, 0xe1, 0x38, 0xc6, 0x30, 0x49, 0x8f, 0xae, 0x61, 0x64, 0xce, 0xa8, - /* (2^263)P */ 0x9b, 0x64, 0x83, 0x3c, 0xd3, 0xdf, 0xb9, 0x27, 0xe7, 0x5b, 0x7f, 0xeb, 0xf3, 0x26, 0xcf, 0xb1, 0x8f, 0xaf, 0x26, 0xc8, 0x48, 0xce, 0xa1, 0xac, 0x7d, 0x10, 0x34, 0x28, 0xe1, 0x1f, 0x69, 0x03, 0x64, 0x77, 0x61, 0xdd, 0x4a, 0x9b, 0x18, 0x47, 0xf8, 0xca, 0x63, 0xc9, 0x03, 0x2d, 0x20, 0x2a, 0x69, 0x6e, 0x42, 0xd0, 0xe7, 0xaa, 0xb5, 0xf3, - /* (2^264)P */ 0xea, 0x31, 0x0c, 0x57, 0x0f, 0x3e, 0xe3, 0x35, 0xd8, 0x30, 0xa5, 0x6f, 0xdd, 0x95, 0x43, 0xc6, 0x66, 0x07, 0x4f, 0x34, 0xc3, 0x7e, 0x04, 0x10, 0x2d, 0xc4, 0x1c, 0x94, 0x52, 0x2e, 0x5b, 0x9a, 0x65, 0x2f, 0x91, 0xaa, 0x4f, 0x3c, 0xdc, 0x23, 0x18, 0xe1, 0x4f, 0x85, 0xcd, 0xf4, 0x8c, 0x51, 0xf7, 0xab, 0x4f, 0xdc, 0x15, 0x5c, 0x9e, 0xc5, - /* (2^265)P */ 0x54, 0x57, 0x23, 0x17, 0xe7, 0x82, 0x2f, 0x04, 0x7d, 0xfe, 0xe7, 0x1f, 0xa2, 0x57, 0x79, 0xe9, 0x58, 0x9b, 0xbe, 0xc6, 0x16, 0x4a, 0x17, 0x50, 0x90, 0x4a, 0x34, 0x70, 0x87, 0x37, 0x01, 0x26, 0xd8, 0xa3, 0x5f, 0x07, 0x7c, 0xd0, 0x7d, 0x05, 0x8a, 0x93, 0x51, 0x2f, 0x99, 0xea, 0xcf, 0x00, 0xd8, 0xc7, 0xe6, 0x9b, 0x8c, 0x62, 0x45, 0x87, - /* (2^266)P */ 0xc3, 0xfd, 0x29, 0x66, 0xe7, 0x30, 0x29, 0x77, 0xe0, 0x0d, 0x63, 0x5b, 0xe6, 0x90, 0x1a, 0x1e, 0x99, 0xc2, 0xa7, 0xab, 0xff, 0xa7, 0xbd, 0x79, 0x01, 0x97, 0xfd, 0x27, 0x1b, 0x43, 0x2b, 0xe6, 0xfe, 0x5e, 0xf1, 0xb9, 0x35, 0x38, 0x08, 0x25, 0x55, 0x90, 0x68, 0x2e, 0xc3, 0x67, 0x39, 0x9f, 0x2b, 0x2c, 0x70, 0x48, 0x8c, 0x47, 0xee, 0x56, - /* (2^267)P */ 0xf7, 0x32, 0x70, 0xb5, 0xe6, 0x42, 0xfd, 0x0a, 0x39, 0x9b, 0x07, 0xfe, 0x0e, 0xf4, 0x47, 0xba, 0x6a, 0x3f, 0xf5, 0x2c, 0x15, 0xf3, 0x60, 0x3f, 0xb1, 0x83, 0x7b, 0x2e, 0x34, 0x58, 0x1a, 0x6e, 0x4a, 0x49, 0x05, 0x45, 0xca, 0xdb, 0x00, 0x01, 0x0c, 0x42, 0x5e, 0x60, 0x40, 0x5f, 0xd9, 0xc7, 0x3a, 0x9e, 0x1c, 0x8d, 0xab, 0x11, 0x55, 0x65, - /* (2^268)P */ 0x87, 0x40, 0xb7, 0x0d, 0xaa, 0x34, 0x89, 0x90, 0x75, 0x6d, 0xa2, 0xfe, 0x3b, 0x6d, 0x5c, 0x39, 0x98, 0x10, 0x9e, 0x15, 0xc5, 0x35, 0xa2, 0x27, 0x23, 0x0a, 0x2d, 0x60, 0xe2, 0xa8, 0x7f, 0x3e, 0x77, 0x8f, 0xcc, 0x44, 0xcc, 0x30, 0x28, 0xe2, 0xf0, 0x04, 0x8c, 0xee, 0xe4, 0x5f, 0x68, 0x8c, 0xdf, 0x70, 0xbf, 0x31, 0xee, 0x2a, 0xfc, 0xce, - /* (2^269)P */ 0x92, 0xf2, 0xa0, 0xd9, 0x58, 0x3b, 0x7c, 0x1a, 0x99, 0x46, 0x59, 0x54, 0x60, 0x06, 0x8d, 0x5e, 0xf0, 0x22, 0xa1, 0xed, 0x92, 0x8a, 0x4d, 0x76, 0x95, 0x05, 0x0b, 0xff, 0xfc, 0x9a, 0xd1, 0xcc, 0x05, 0xb9, 0x5e, 0x99, 0xe8, 0x2a, 0x76, 0x7b, 0xfd, 0xa6, 0xe2, 0xd1, 0x1a, 0xd6, 0x76, 0x9f, 0x2f, 0x0e, 0xd1, 0xa8, 0x77, 0x5a, 0x40, 0x5a, - /* (2^270)P */ 0xff, 0xf9, 0x3f, 0xa9, 0xa6, 0x6c, 0x6d, 0x03, 0x8b, 0xa7, 0x10, 0x5d, 0x3f, 0xec, 0x3e, 0x1c, 0x0b, 0x6b, 0xa2, 0x6a, 0x22, 0xa9, 0x28, 0xd0, 0x66, 0xc9, 0xc2, 0x3d, 0x47, 0x20, 0x7d, 0xa6, 0x1d, 0xd8, 0x25, 0xb5, 0xf2, 0xf9, 0x70, 0x19, 0x6b, 0xf8, 0x43, 0x36, 0xc5, 0x1f, 0xe4, 0x5a, 0x4c, 0x13, 0xe4, 0x6d, 0x08, 0x0b, 0x1d, 0xb1, - /* (2^271)P */ 0x3f, 0x20, 0x9b, 0xfb, 0xec, 0x7d, 0x31, 0xc5, 0xfc, 0x88, 0x0b, 0x30, 0xed, 0x36, 0xc0, 0x63, 0xb1, 0x7d, 0x10, 0xda, 0xb6, 0x2e, 0xad, 0xf3, 0xec, 0x94, 0xe7, 0xec, 0xb5, 0x9c, 0xfe, 0xf5, 0x35, 0xf0, 0xa2, 0x2d, 0x7f, 0xca, 0x6b, 0x67, 0x1a, 0xf6, 0xb3, 0xda, 0x09, 0x2a, 0xaa, 0xdf, 0xb1, 0xca, 0x9b, 0xfb, 0xeb, 0xb3, 0xcd, 0xc0, - /* (2^272)P */ 0xcd, 0x4d, 0x89, 0x00, 0xa4, 0x3b, 0x48, 0xf0, 0x76, 0x91, 0x35, 0xa5, 0xf8, 0xc9, 0xb6, 0x46, 0xbc, 0xf6, 0x9a, 0x45, 0x47, 0x17, 0x96, 0x80, 0x5b, 0x3a, 0x28, 0x33, 0xf9, 0x5a, 0xef, 0x43, 0x07, 0xfe, 0x3b, 0xf4, 0x8e, 0x19, 0xce, 0xd2, 0x94, 0x4b, 0x6d, 0x8e, 0x67, 0x20, 0xc7, 0x4f, 0x2f, 0x59, 0x8e, 0xe1, 0xa1, 0xa9, 0xf9, 0x0e, - /* (2^273)P */ 0xdc, 0x7b, 0xb5, 0x50, 0x2e, 0xe9, 0x7e, 0x8b, 0x78, 0xa1, 0x38, 0x96, 0x22, 0xc3, 0x61, 0x67, 0x6d, 0xc8, 0x58, 0xed, 0x41, 0x1d, 0x5d, 0x86, 0x98, 0x7f, 0x2f, 0x1b, 0x8d, 0x3e, 0xaa, 0xc1, 0xd2, 0x0a, 0xf3, 0xbf, 0x95, 0x04, 0xf3, 0x10, 0x3c, 0x2b, 0x7f, 0x90, 0x46, 0x04, 0xaa, 0x6a, 0xa9, 0x35, 0x76, 0xac, 0x49, 0xb5, 0x00, 0x45, - /* (2^274)P */ 0xb1, 0x93, 0x79, 0x84, 0x4a, 0x2a, 0x30, 0x78, 0x16, 0xaa, 0xc5, 0x74, 0x06, 0xce, 0xa5, 0xa7, 0x32, 0x86, 0xe0, 0xf9, 0x10, 0xd2, 0x58, 0x76, 0xfb, 0x66, 0x49, 0x76, 0x3a, 0x90, 0xba, 0xb5, 0xcc, 0x99, 0xcd, 0x09, 0xc1, 0x9a, 0x74, 0x23, 0xdf, 0x0c, 0xfe, 0x99, 0x52, 0x80, 0xa3, 0x7c, 0x1c, 0x71, 0x5f, 0x2c, 0x49, 0x57, 0xf4, 0xf9, - /* (2^275)P */ 0x6d, 0xbf, 0x52, 0xe6, 0x25, 0x98, 0xed, 0xcf, 0xe3, 0xbc, 0x08, 0xa2, 0x1a, 0x90, 0xae, 0xa0, 0xbf, 0x07, 0x15, 0xad, 0x0a, 0x9f, 0x3e, 0x47, 0x44, 0xc2, 0x10, 0x46, 0xa6, 0x7a, 0x9e, 0x2f, 0x57, 0xbc, 0xe2, 0xf0, 0x1d, 0xd6, 0x9a, 0x06, 0xed, 0xfc, 0x54, 0x95, 0x92, 0x15, 0xa2, 0xf7, 0x8d, 0x6b, 0xef, 0xb2, 0x05, 0xed, 0x5c, 0x63, - /* (2^276)P */ 0xbc, 0x0b, 0x27, 0x3a, 0x3a, 0xf8, 0xe1, 0x48, 0x02, 0x7e, 0x27, 0xe6, 0x81, 0x62, 0x07, 0x73, 0x74, 0xe5, 0x52, 0xd7, 0xf8, 0x26, 0xca, 0x93, 0x4d, 0x3e, 0x9b, 0x55, 0x09, 0x8e, 0xe3, 0xd7, 0xa6, 0xe3, 0xb6, 0x2a, 0xa9, 0xb3, 0xb0, 0xa0, 0x8c, 0x01, 0xbb, 0x07, 0x90, 0x78, 0x6d, 0x6d, 0xe9, 0xf0, 0x7a, 0x90, 0xbd, 0xdc, 0x0c, 0x36, - /* (2^277)P */ 0x7f, 0x20, 0x12, 0x0f, 0x40, 0x00, 0x53, 0xd8, 0x0c, 0x27, 0x47, 0x47, 0x22, 0x80, 0xfb, 0x62, 0xe4, 0xa7, 0xf7, 0xbd, 0x42, 0xa5, 0xc3, 0x2b, 0xb2, 0x7f, 0x50, 0xcc, 0xe2, 0xfb, 0xd5, 0xc0, 0x63, 0xdd, 0x24, 0x5f, 0x7c, 0x08, 0x91, 0xbf, 0x6e, 0x47, 0x44, 0xd4, 0x6a, 0xc0, 0xc3, 0x09, 0x39, 0x27, 0xdd, 0xc7, 0xca, 0x06, 0x29, 0x55, - /* (2^278)P */ 0x76, 0x28, 0x58, 0xb0, 0xd2, 0xf3, 0x0f, 0x04, 0xe9, 0xc9, 0xab, 0x66, 0x5b, 0x75, 0x51, 0xdc, 0xe5, 0x8f, 0xe8, 0x1f, 0xdb, 0x03, 0x0f, 0xb0, 0x7d, 0xf9, 0x20, 0x64, 0x89, 0xe9, 0xdc, 0xe6, 0x24, 0xc3, 0xd5, 0xd2, 0x41, 0xa6, 0xe4, 0xe3, 0xc4, 0x79, 0x7c, 0x0f, 0xa1, 0x61, 0x2f, 0xda, 0xa4, 0xc9, 0xfd, 0xad, 0x5c, 0x65, 0x6a, 0xf3, - /* (2^279)P */ 0xd5, 0xab, 0x72, 0x7a, 0x3b, 0x59, 0xea, 0xcf, 0xd5, 0x17, 0xd2, 0xb2, 0x5f, 0x2d, 0xab, 0xad, 0x9e, 0x88, 0x64, 0x55, 0x96, 0x6e, 0xf3, 0x44, 0xa9, 0x11, 0xf5, 0xf8, 0x3a, 0xf1, 0xcd, 0x79, 0x4c, 0x99, 0x6d, 0x23, 0x6a, 0xa0, 0xc2, 0x1a, 0x19, 0x45, 0xb5, 0xd8, 0x95, 0x2f, 0x49, 0xe9, 0x46, 0x39, 0x26, 0x60, 0x04, 0x15, 0x8b, 0xcc, - /* (2^280)P */ 0x66, 0x0c, 0xf0, 0x54, 0x41, 0x02, 0x91, 0xab, 0xe5, 0x85, 0x8a, 0x44, 0xa6, 0x34, 0x96, 0x32, 0xc0, 0xdf, 0x6c, 0x41, 0x39, 0xd4, 0xc6, 0xe1, 0xe3, 0x81, 0xb0, 0x4c, 0x34, 0x4f, 0xe5, 0xf4, 0x35, 0x46, 0x1f, 0xeb, 0x75, 0xfd, 0x43, 0x37, 0x50, 0x99, 0xab, 0xad, 0xb7, 0x8c, 0xa1, 0x57, 0xcb, 0xe6, 0xce, 0x16, 0x2e, 0x85, 0xcc, 0xf9, - /* (2^281)P */ 0x63, 0xd1, 0x3f, 0x9e, 0xa2, 0x17, 0x2e, 0x1d, 0x3e, 0xce, 0x48, 0x2d, 0xbb, 0x8f, 0x69, 0xc9, 0xa6, 0x3d, 0x4e, 0xfe, 0x09, 0x56, 0xb3, 0x02, 0x5f, 0x99, 0x97, 0x0c, 0x54, 0xda, 0x32, 0x97, 0x9b, 0xf4, 0x95, 0xf1, 0xad, 0xe3, 0x2b, 0x04, 0xa7, 0x9b, 0x3f, 0xbb, 0xe7, 0x87, 0x2e, 0x1f, 0x8b, 0x4b, 0x7a, 0xa4, 0x43, 0x0c, 0x0f, 0x35, - /* (2^282)P */ 0x05, 0xdc, 0xe0, 0x2c, 0xa1, 0xc1, 0xd0, 0xf1, 0x1f, 0x4e, 0xc0, 0x6c, 0x35, 0x7b, 0xca, 0x8f, 0x8b, 0x02, 0xb1, 0xf7, 0xd6, 0x2e, 0xe7, 0x93, 0x80, 0x85, 0x18, 0x88, 0x19, 0xb9, 0xb4, 0x4a, 0xbc, 0xeb, 0x5a, 0x78, 0x38, 0xed, 0xc6, 0x27, 0x2a, 0x74, 0x76, 0xf0, 0x1b, 0x79, 0x92, 0x2f, 0xd2, 0x81, 0x98, 0xdf, 0xa9, 0x50, 0x19, 0xeb, - /* (2^283)P */ 0xb5, 0xe7, 0xb4, 0x11, 0x3a, 0x81, 0xb6, 0xb4, 0xf8, 0xa2, 0xb3, 0x6c, 0xfc, 0x9d, 0xe0, 0xc0, 0xe0, 0x59, 0x7f, 0x05, 0x37, 0xef, 0x2c, 0xa9, 0x3a, 0x24, 0xac, 0x7b, 0x25, 0xa0, 0x55, 0xd2, 0x44, 0x82, 0x82, 0x6e, 0x64, 0xa3, 0x58, 0xc8, 0x67, 0xae, 0x26, 0xa7, 0x0f, 0x42, 0x63, 0xe1, 0x93, 0x01, 0x52, 0x19, 0xaf, 0x49, 0x3e, 0x33, - /* (2^284)P */ 0x05, 0x85, 0xe6, 0x66, 0xaf, 0x5f, 0xdf, 0xbf, 0x9d, 0x24, 0x62, 0x60, 0x90, 0xe2, 0x4c, 0x7d, 0x4e, 0xc3, 0x74, 0x5d, 0x4f, 0x53, 0xf3, 0x63, 0x13, 0xf4, 0x74, 0x28, 0x6b, 0x7d, 0x57, 0x0c, 0x9d, 0x84, 0xa7, 0x1a, 0xff, 0xa0, 0x79, 0xdf, 0xfc, 0x65, 0x98, 0x8e, 0x22, 0x0d, 0x62, 0x7e, 0xf2, 0x34, 0x60, 0x83, 0x05, 0x14, 0xb1, 0xc1, - /* (2^285)P */ 0x64, 0x22, 0xcc, 0xdf, 0x5c, 0xbc, 0x88, 0x68, 0x4c, 0xd9, 0xbc, 0x0e, 0xc9, 0x8b, 0xb4, 0x23, 0x52, 0xad, 0xb0, 0xb3, 0xf1, 0x17, 0xd8, 0x15, 0x04, 0x6b, 0x99, 0xf0, 0xc4, 0x7d, 0x48, 0x22, 0x4a, 0xf8, 0x6f, 0xaa, 0x88, 0x0d, 0xc5, 0x5e, 0xa9, 0x1c, 0x61, 0x3d, 0x95, 0xa9, 0x7b, 0x6a, 0x79, 0x33, 0x0a, 0x2b, 0x99, 0xe3, 0x4e, 0x48, - /* (2^286)P */ 0x6b, 0x9b, 0x6a, 0x2a, 0xf1, 0x60, 0x31, 0xb4, 0x73, 0xd1, 0x87, 0x45, 0x9c, 0x15, 0x58, 0x4b, 0x91, 0x6d, 0x94, 0x1c, 0x41, 0x11, 0x4a, 0x83, 0xec, 0xaf, 0x65, 0xbc, 0x34, 0xaa, 0x26, 0xe2, 0xaf, 0xed, 0x46, 0x05, 0x4e, 0xdb, 0xc6, 0x4e, 0x10, 0x28, 0x4e, 0x72, 0xe5, 0x31, 0xa3, 0x20, 0xd7, 0xb1, 0x96, 0x64, 0xf6, 0xce, 0x08, 0x08, - /* (2^287)P */ 0x16, 0xa9, 0x5c, 0x9f, 0x9a, 0xb4, 0xb8, 0xc8, 0x32, 0x78, 0xc0, 0x3a, 0xd9, 0x5f, 0x94, 0xac, 0x3a, 0x42, 0x1f, 0x43, 0xd6, 0x80, 0x47, 0x2c, 0xdc, 0x76, 0x27, 0xfa, 0x50, 0xe5, 0xa1, 0xe4, 0xc3, 0xcb, 0x61, 0x31, 0xe1, 0x2e, 0xde, 0x81, 0x3b, 0x77, 0x1c, 0x39, 0x3c, 0xdb, 0xda, 0x87, 0x4b, 0x84, 0x12, 0xeb, 0xdd, 0x54, 0xbf, 0xe7, - /* (2^288)P */ 0xbf, 0xcb, 0x73, 0x21, 0x3d, 0x7e, 0x13, 0x8c, 0xa6, 0x34, 0x21, 0x2b, 0xa5, 0xe4, 0x9f, 0x8e, 0x9c, 0x01, 0x9c, 0x43, 0xd9, 0xc7, 0xb9, 0xf1, 0xbe, 0x7f, 0x45, 0x51, 0x97, 0xa1, 0x8e, 0x01, 0xf8, 0xbd, 0xd2, 0xbf, 0x81, 0x3a, 0x8b, 0xab, 0xe4, 0x89, 0xb7, 0xbd, 0xf2, 0xcd, 0xa9, 0x8a, 0x8a, 0xde, 0xfb, 0x8a, 0x55, 0x12, 0x7b, 0x17, - /* (2^289)P */ 0x1b, 0x95, 0x58, 0x4d, 0xe6, 0x51, 0x31, 0x52, 0x1c, 0xd8, 0x15, 0x84, 0xb1, 0x0d, 0x36, 0x25, 0x88, 0x91, 0x46, 0x71, 0x42, 0x56, 0xe2, 0x90, 0x08, 0x9e, 0x77, 0x1b, 0xee, 0x22, 0x3f, 0xec, 0xee, 0x8c, 0x7b, 0x2e, 0x79, 0xc4, 0x6c, 0x07, 0xa1, 0x7e, 0x52, 0xf5, 0x26, 0x5c, 0x84, 0x2a, 0x50, 0x6e, 0x82, 0xb3, 0x76, 0xda, 0x35, 0x16, - /* (2^290)P */ 0x0a, 0x6f, 0x99, 0x87, 0xc0, 0x7d, 0x8a, 0xb2, 0xca, 0xae, 0xe8, 0x65, 0x98, 0x0f, 0xb3, 0x44, 0xe1, 0xdc, 0x52, 0x79, 0x75, 0xec, 0x8f, 0x95, 0x87, 0x45, 0xd1, 0x32, 0x18, 0x55, 0x15, 0xce, 0x64, 0x9b, 0x08, 0x4f, 0x2c, 0xea, 0xba, 0x1c, 0x57, 0x06, 0x63, 0xc8, 0xb1, 0xfd, 0xc5, 0x67, 0xe7, 0x1f, 0x87, 0x9e, 0xde, 0x72, 0x7d, 0xec, - /* (2^291)P */ 0x36, 0x8b, 0x4d, 0x2c, 0xc2, 0x46, 0xe8, 0x96, 0xac, 0x0b, 0x8c, 0xc5, 0x09, 0x10, 0xfc, 0xf2, 0xda, 0xea, 0x22, 0xb2, 0xd3, 0x89, 0xeb, 0xb2, 0x85, 0x0f, 0xff, 0x59, 0x50, 0x2c, 0x99, 0x5a, 0x1f, 0xec, 0x2a, 0x6f, 0xec, 0xcf, 0xe9, 0xce, 0x12, 0x6b, 0x19, 0xd8, 0xde, 0x9b, 0xce, 0x0e, 0x6a, 0xaa, 0xe1, 0x32, 0xea, 0x4c, 0xfe, 0x92, - /* (2^292)P */ 0x5f, 0x17, 0x70, 0x53, 0x26, 0x03, 0x0b, 0xab, 0xd1, 0xc1, 0x42, 0x0b, 0xab, 0x2b, 0x3d, 0x31, 0xa4, 0xd5, 0x2b, 0x5e, 0x00, 0xd5, 0x9a, 0x22, 0x34, 0xe0, 0x53, 0x3f, 0x59, 0x7f, 0x2c, 0x6d, 0x72, 0x9a, 0xa4, 0xbe, 0x3d, 0x42, 0x05, 0x1b, 0xf2, 0x7f, 0x88, 0x56, 0xd1, 0x7c, 0x7d, 0x6b, 0x9f, 0x43, 0xfe, 0x65, 0x19, 0xae, 0x9c, 0x4c, - /* (2^293)P */ 0xf3, 0x7c, 0x20, 0xa9, 0xfc, 0xf2, 0xf2, 0x3b, 0x3c, 0x57, 0x41, 0x94, 0xe5, 0xcc, 0x6a, 0x37, 0x5d, 0x09, 0xf2, 0xab, 0xc2, 0xca, 0x60, 0x38, 0x6b, 0x7a, 0xe1, 0x78, 0x2b, 0xc1, 0x1d, 0xe8, 0xfd, 0xbc, 0x3d, 0x5c, 0xa2, 0xdb, 0x49, 0x20, 0x79, 0xe6, 0x1b, 0x9b, 0x65, 0xd9, 0x6d, 0xec, 0x57, 0x1d, 0xd2, 0xe9, 0x90, 0xeb, 0x43, 0x7b, - /* (2^294)P */ 0x2a, 0x8b, 0x2e, 0x19, 0x18, 0x10, 0xb8, 0x83, 0xe7, 0x7d, 0x2d, 0x9a, 0x3a, 0xe5, 0xd1, 0xe4, 0x7c, 0x38, 0xe5, 0x59, 0x2a, 0x6e, 0xd9, 0x01, 0x29, 0x3d, 0x23, 0xf7, 0x52, 0xba, 0x61, 0x04, 0x9a, 0xde, 0xc4, 0x31, 0x50, 0xeb, 0x1b, 0xaa, 0xde, 0x39, 0x58, 0xd8, 0x1b, 0x1e, 0xfc, 0x57, 0x9a, 0x28, 0x43, 0x9e, 0x97, 0x5e, 0xaa, 0xa3, - /* (2^295)P */ 0x97, 0x0a, 0x74, 0xc4, 0x39, 0x99, 0x6b, 0x40, 0xc7, 0x3e, 0x8c, 0xa7, 0xb1, 0x4e, 0x9a, 0x59, 0x6e, 0x1c, 0xfe, 0xfc, 0x2a, 0x5e, 0x73, 0x2b, 0x8c, 0xa9, 0x71, 0xf5, 0xda, 0x6b, 0x15, 0xab, 0xf7, 0xbe, 0x2a, 0x44, 0x5f, 0xba, 0xae, 0x67, 0x93, 0xc5, 0x86, 0xc1, 0xb8, 0xdf, 0xdc, 0xcb, 0xd7, 0xff, 0xb1, 0x71, 0x7c, 0x6f, 0x88, 0xf8, - /* (2^296)P */ 0x3f, 0x89, 0xb1, 0xbf, 0x24, 0x16, 0xac, 0x56, 0xfe, 0xdf, 0x94, 0x71, 0xbf, 0xd6, 0x57, 0x0c, 0xb4, 0x77, 0x37, 0xaa, 0x2a, 0x70, 0x76, 0x49, 0xaf, 0x0c, 0x97, 0x8e, 0x78, 0x2a, 0x67, 0xc9, 0x3b, 0x3d, 0x5b, 0x01, 0x2f, 0xda, 0xd5, 0xa8, 0xde, 0x02, 0xa9, 0xac, 0x76, 0x00, 0x0b, 0x46, 0xc6, 0x2d, 0xdc, 0x08, 0xf4, 0x10, 0x2c, 0xbe, - /* (2^297)P */ 0xcb, 0x07, 0xf9, 0x91, 0xc6, 0xd5, 0x3e, 0x54, 0x63, 0xae, 0xfc, 0x10, 0xbe, 0x3a, 0x20, 0x73, 0x4e, 0x65, 0x0e, 0x2d, 0x86, 0x77, 0x83, 0x9d, 0xe2, 0x0a, 0xe9, 0xac, 0x22, 0x52, 0x76, 0xd4, 0x6e, 0xfa, 0xe0, 0x09, 0xef, 0x78, 0x82, 0x9f, 0x26, 0xf9, 0x06, 0xb5, 0xe7, 0x05, 0x0e, 0xf2, 0x46, 0x72, 0x93, 0xd3, 0x24, 0xbd, 0x87, 0x60, - /* (2^298)P */ 0x14, 0x55, 0x84, 0x7b, 0x6c, 0x60, 0x80, 0x73, 0x8c, 0xbe, 0x2d, 0xd6, 0x69, 0xd6, 0x17, 0x26, 0x44, 0x9f, 0x88, 0xa2, 0x39, 0x7c, 0x89, 0xbc, 0x6d, 0x9e, 0x46, 0xb6, 0x68, 0x66, 0xea, 0xdc, 0x31, 0xd6, 0x21, 0x51, 0x9f, 0x28, 0x28, 0xaf, 0x9e, 0x47, 0x2c, 0x4c, 0x8f, 0xf3, 0xaf, 0x1f, 0xe4, 0xab, 0xac, 0xe9, 0x0c, 0x91, 0x3a, 0x61, - /* (2^299)P */ 0xb0, 0x37, 0x55, 0x4b, 0xe9, 0xc3, 0xb1, 0xce, 0x42, 0xe6, 0xc5, 0x11, 0x7f, 0x2c, 0x11, 0xfc, 0x4e, 0x71, 0x17, 0x00, 0x74, 0x7f, 0xbf, 0x07, 0x4d, 0xfd, 0x40, 0xb2, 0x87, 0xb0, 0xef, 0x1f, 0x35, 0x2c, 0x2d, 0xd7, 0xe1, 0xe4, 0xad, 0x0e, 0x7f, 0x63, 0x66, 0x62, 0x23, 0x41, 0xf6, 0xc1, 0x14, 0xa6, 0xd7, 0xa9, 0x11, 0x56, 0x9d, 0x1b, - /* (2^300)P */ 0x02, 0x82, 0x42, 0x18, 0x4f, 0x1b, 0xc9, 0x5d, 0x78, 0x5f, 0xee, 0xed, 0x01, 0x49, 0x8f, 0xf2, 0xa0, 0xe2, 0x6e, 0xbb, 0x6b, 0x04, 0x8d, 0xb2, 0x41, 0xae, 0xc8, 0x1b, 0x59, 0x34, 0xb8, 0x2a, 0xdb, 0x1f, 0xd2, 0x52, 0xdf, 0x3f, 0x35, 0x00, 0x8b, 0x61, 0xbc, 0x97, 0xa0, 0xc4, 0x77, 0xd1, 0xe4, 0x2c, 0x59, 0x68, 0xff, 0x30, 0xf2, 0xe2, - /* (2^301)P */ 0x79, 0x08, 0xb1, 0xdb, 0x55, 0xae, 0xd0, 0xed, 0xda, 0xa0, 0xec, 0x6c, 0xae, 0x68, 0xf2, 0x0b, 0x61, 0xb3, 0xf5, 0x21, 0x69, 0x87, 0x0b, 0x03, 0xea, 0x8a, 0x15, 0xd9, 0x7e, 0xca, 0xf7, 0xcd, 0xf3, 0x33, 0xb3, 0x4c, 0x5b, 0x23, 0x4e, 0x6f, 0x90, 0xad, 0x91, 0x4b, 0x4f, 0x46, 0x37, 0xe5, 0xe8, 0xb7, 0xeb, 0xd5, 0xca, 0x34, 0x4e, 0x23, - /* (2^302)P */ 0x09, 0x02, 0xdd, 0xfd, 0x70, 0xac, 0x56, 0x80, 0x36, 0x5e, 0x49, 0xd0, 0x3f, 0xc2, 0xe0, 0xba, 0x46, 0x7f, 0x5c, 0xf7, 0xc5, 0xbd, 0xd5, 0x55, 0x7d, 0x3f, 0xd5, 0x7d, 0x06, 0xdf, 0x27, 0x20, 0x4f, 0xe9, 0x30, 0xec, 0x1b, 0xa0, 0x0c, 0xd4, 0x2c, 0xe1, 0x2b, 0x65, 0x73, 0xea, 0x75, 0x35, 0xe8, 0xe6, 0x56, 0xd6, 0x07, 0x15, 0x99, 0xdf, - /* (2^303)P */ 0x4e, 0x10, 0xb7, 0xd0, 0x63, 0x8c, 0xcf, 0x16, 0x00, 0x7c, 0x58, 0xdf, 0x86, 0xdc, 0x4e, 0xca, 0x9c, 0x40, 0x5a, 0x42, 0xfd, 0xec, 0x98, 0xa4, 0x42, 0x53, 0xae, 0x16, 0x9d, 0xfd, 0x75, 0x5a, 0x12, 0x56, 0x1e, 0xc6, 0x57, 0xcc, 0x79, 0x27, 0x96, 0x00, 0xcf, 0x80, 0x4f, 0x8a, 0x36, 0x5c, 0xbb, 0xe9, 0x12, 0xdb, 0xb6, 0x2b, 0xad, 0x96, - /* (2^304)P */ 0x92, 0x32, 0x1f, 0xfd, 0xc6, 0x02, 0x94, 0x08, 0x1b, 0x60, 0x6a, 0x9f, 0x8b, 0xd6, 0xc8, 0xad, 0xd5, 0x1b, 0x27, 0x4e, 0xa4, 0x4d, 0x4a, 0x00, 0x10, 0x5f, 0x86, 0x11, 0xf5, 0xe3, 0x14, 0x32, 0x43, 0xee, 0xb9, 0xc7, 0xab, 0xf4, 0x6f, 0xe5, 0x66, 0x0c, 0x06, 0x0d, 0x96, 0x79, 0x28, 0xaf, 0x45, 0x2b, 0x56, 0xbe, 0xe4, 0x4a, 0x52, 0xd6, - /* (2^305)P */ 0x15, 0x16, 0x69, 0xef, 0x60, 0xca, 0x82, 0x25, 0x0f, 0xc6, 0x30, 0xa0, 0x0a, 0xd1, 0x83, 0x29, 0xcd, 0xb6, 0x89, 0x6c, 0xf5, 0xb2, 0x08, 0x38, 0xe6, 0xca, 0x6b, 0x19, 0x93, 0xc6, 0x5f, 0x75, 0x8e, 0x60, 0x34, 0x23, 0xc4, 0x13, 0x17, 0x69, 0x55, 0xcc, 0x72, 0x9c, 0x2b, 0x6c, 0x80, 0xf4, 0x4b, 0x8b, 0xb6, 0x97, 0x65, 0x07, 0xb6, 0xfb, - /* (2^306)P */ 0x01, 0x99, 0x74, 0x28, 0xa6, 0x67, 0xa3, 0xe5, 0x25, 0xfb, 0xdf, 0x82, 0x93, 0xe7, 0x35, 0x74, 0xce, 0xe3, 0x15, 0x1c, 0x1d, 0x79, 0x52, 0x84, 0x08, 0x04, 0x2f, 0x5c, 0xb8, 0xcd, 0x7f, 0x89, 0xb0, 0x39, 0x93, 0x63, 0xc9, 0x5d, 0x06, 0x01, 0x59, 0xf7, 0x7e, 0xf1, 0x4c, 0x3d, 0x12, 0x8d, 0x69, 0x1d, 0xb7, 0x21, 0x5e, 0x88, 0x82, 0xa2, - /* (2^307)P */ 0x8e, 0x69, 0xaf, 0x9a, 0x41, 0x0d, 0x9d, 0xcf, 0x8e, 0x8d, 0x5c, 0x51, 0x6e, 0xde, 0x0e, 0x48, 0x23, 0x89, 0xe5, 0x37, 0x80, 0xd6, 0x9d, 0x72, 0x32, 0x26, 0x38, 0x2d, 0x63, 0xa0, 0xfa, 0xd3, 0x40, 0xc0, 0x8c, 0x68, 0x6f, 0x2b, 0x1e, 0x9a, 0x39, 0x51, 0x78, 0x74, 0x9a, 0x7b, 0x4a, 0x8f, 0x0c, 0xa0, 0x88, 0x60, 0xa5, 0x21, 0xcd, 0xc7, - /* (2^308)P */ 0x3a, 0x7f, 0x73, 0x14, 0xbf, 0x89, 0x6a, 0x4c, 0x09, 0x5d, 0xf2, 0x93, 0x20, 0x2d, 0xc4, 0x29, 0x86, 0x06, 0x95, 0xab, 0x22, 0x76, 0x4c, 0x54, 0xe1, 0x7e, 0x80, 0x6d, 0xab, 0x29, 0x61, 0x87, 0x77, 0xf6, 0xc0, 0x3e, 0xda, 0xab, 0x65, 0x7e, 0x39, 0x12, 0xa1, 0x6b, 0x42, 0xf7, 0xc5, 0x97, 0x77, 0xec, 0x6f, 0x22, 0xbe, 0x44, 0xc7, 0x03, - /* (2^309)P */ 0xa5, 0x23, 0x90, 0x41, 0xa3, 0xc5, 0x3e, 0xe0, 0xa5, 0x32, 0x49, 0x1f, 0x39, 0x78, 0xb1, 0xd8, 0x24, 0xea, 0xd4, 0x87, 0x53, 0x42, 0x51, 0xf4, 0xd9, 0x46, 0x25, 0x2f, 0x62, 0xa9, 0x90, 0x9a, 0x4a, 0x25, 0x8a, 0xd2, 0x10, 0xe7, 0x3c, 0xbc, 0x58, 0x8d, 0x16, 0x14, 0x96, 0xa4, 0x6f, 0xf8, 0x12, 0x69, 0x91, 0x73, 0xe2, 0xfa, 0xf4, 0x57, - /* (2^310)P */ 0x51, 0x45, 0x3f, 0x96, 0xdc, 0x97, 0x38, 0xa6, 0x01, 0x63, 0x09, 0xea, 0xc2, 0x13, 0x30, 0xb0, 0x00, 0xb8, 0x0a, 0xce, 0xd1, 0x8f, 0x3e, 0x69, 0x62, 0x46, 0x33, 0x9c, 0xbf, 0x4b, 0xcb, 0x0c, 0x90, 0x1c, 0x45, 0xcf, 0x37, 0x5b, 0xf7, 0x4b, 0x5e, 0x95, 0xc3, 0x28, 0x9f, 0x08, 0x83, 0x53, 0x74, 0xab, 0x0c, 0xb4, 0xc0, 0xa1, 0xbc, 0x89, - /* (2^311)P */ 0x06, 0xb1, 0x51, 0x15, 0x65, 0x60, 0x21, 0x17, 0x7a, 0x20, 0x65, 0xee, 0x12, 0x35, 0x4d, 0x46, 0xf4, 0xf8, 0xd0, 0xb1, 0xca, 0x09, 0x30, 0x08, 0x89, 0x23, 0x3b, 0xe7, 0xab, 0x8b, 0x77, 0xa6, 0xad, 0x25, 0xdd, 0xea, 0x3c, 0x7d, 0xa5, 0x24, 0xb3, 0xe8, 0xfa, 0xfb, 0xc9, 0xf2, 0x71, 0xe9, 0xfa, 0xf2, 0xdc, 0x54, 0xdd, 0x55, 0x2e, 0x2f, - /* (2^312)P */ 0x7f, 0x96, 0x96, 0xfb, 0x52, 0x86, 0xcf, 0xea, 0x62, 0x18, 0xf1, 0x53, 0x1f, 0x61, 0x2a, 0x9f, 0x8c, 0x51, 0xca, 0x2c, 0xde, 0x6d, 0xce, 0xab, 0x58, 0x32, 0x0b, 0x33, 0x9b, 0x99, 0xb4, 0x5c, 0x88, 0x2a, 0x76, 0xcc, 0x3e, 0x54, 0x1e, 0x9d, 0xa2, 0x89, 0xe4, 0x19, 0xba, 0x80, 0xc8, 0x39, 0x32, 0x7f, 0x0f, 0xc7, 0x84, 0xbb, 0x43, 0x56, - /* (2^313)P */ 0x9b, 0x07, 0xb4, 0x42, 0xa9, 0xa0, 0x78, 0x4f, 0x28, 0x70, 0x2b, 0x7e, 0x61, 0xe0, 0xdd, 0x02, 0x98, 0xfc, 0xed, 0x31, 0x80, 0xf1, 0x15, 0x52, 0x89, 0x23, 0xcd, 0x5d, 0x2b, 0xc5, 0x19, 0x32, 0xfb, 0x70, 0x50, 0x7a, 0x97, 0x6b, 0x42, 0xdb, 0xca, 0xdb, 0xc4, 0x59, 0x99, 0xe0, 0x12, 0x1f, 0x17, 0xba, 0x8b, 0xf0, 0xc4, 0x38, 0x5d, 0x27, - /* (2^314)P */ 0x29, 0x1d, 0xdc, 0x2b, 0xf6, 0x5b, 0x04, 0x61, 0x36, 0x76, 0xa0, 0x56, 0x36, 0x6e, 0xd7, 0x24, 0x4d, 0xe7, 0xef, 0x44, 0xd2, 0xd5, 0x07, 0xcd, 0xc4, 0x9d, 0x80, 0x48, 0xc3, 0x38, 0xcf, 0xd8, 0xa3, 0xdd, 0xb2, 0x5e, 0xb5, 0x70, 0x15, 0xbb, 0x36, 0x85, 0x8a, 0xd7, 0xfb, 0x56, 0x94, 0x73, 0x9c, 0x81, 0xbe, 0xb1, 0x44, 0x28, 0xf1, 0x37, - /* (2^315)P */ 0xbf, 0xcf, 0x5c, 0xd2, 0xe2, 0xea, 0xc2, 0xcd, 0x70, 0x7a, 0x9d, 0xcb, 0x81, 0xc1, 0xe9, 0xf1, 0x56, 0x71, 0x52, 0xf7, 0x1b, 0x87, 0xc6, 0xd8, 0xcc, 0xb2, 0x69, 0xf3, 0xb0, 0xbd, 0xba, 0x83, 0x12, 0x26, 0xc4, 0xce, 0x72, 0xde, 0x3b, 0x21, 0x28, 0x9e, 0x5a, 0x94, 0xf5, 0x04, 0xa3, 0xc8, 0x0f, 0x5e, 0xbc, 0x71, 0xf9, 0x0d, 0xce, 0xf5, - /* (2^316)P */ 0x93, 0x97, 0x00, 0x85, 0xf4, 0xb4, 0x40, 0xec, 0xd9, 0x2b, 0x6c, 0xd6, 0x63, 0x9e, 0x93, 0x0a, 0x5a, 0xf4, 0xa7, 0x9a, 0xe3, 0x3c, 0xf0, 0x55, 0xd1, 0x96, 0x6c, 0xf5, 0x2a, 0xce, 0xd7, 0x95, 0x72, 0xbf, 0xc5, 0x0c, 0xce, 0x79, 0xa2, 0x0a, 0x78, 0xe0, 0x72, 0xd0, 0x66, 0x28, 0x05, 0x75, 0xd3, 0x23, 0x09, 0x91, 0xed, 0x7e, 0xc4, 0xbc, - /* (2^317)P */ 0x77, 0xc2, 0x9a, 0xf7, 0xa6, 0xe6, 0x18, 0xb4, 0xe7, 0xf6, 0xda, 0xec, 0x44, 0x6d, 0xfb, 0x08, 0xee, 0x65, 0xa8, 0x92, 0x85, 0x1f, 0xba, 0x38, 0x93, 0x20, 0x5c, 0x4d, 0xd2, 0x18, 0x0f, 0x24, 0xbe, 0x1a, 0x96, 0x44, 0x7d, 0xeb, 0xb3, 0xda, 0x95, 0xf4, 0xaf, 0x6c, 0x06, 0x0f, 0x47, 0x37, 0xc8, 0x77, 0x63, 0xe1, 0x29, 0xef, 0xff, 0xa5, - /* (2^318)P */ 0x16, 0x12, 0xd9, 0x47, 0x90, 0x22, 0x9b, 0x05, 0xf2, 0xa5, 0x9a, 0xae, 0x83, 0x98, 0xb5, 0xac, 0xab, 0x29, 0xaa, 0xdc, 0x5f, 0xde, 0xcd, 0xf7, 0x42, 0xad, 0x3b, 0x96, 0xd6, 0x3e, 0x6e, 0x52, 0x47, 0xb1, 0xab, 0x51, 0xde, 0x49, 0x7c, 0x87, 0x8d, 0x86, 0xe2, 0x70, 0x13, 0x21, 0x51, 0x1c, 0x0c, 0x25, 0xc1, 0xb0, 0xe6, 0x19, 0xcf, 0x12, - /* (2^319)P */ 0xf0, 0xbc, 0x97, 0x8f, 0x4b, 0x2f, 0xd1, 0x1f, 0x8c, 0x57, 0xed, 0x3c, 0xf4, 0x26, 0x19, 0xbb, 0x60, 0xca, 0x24, 0xc5, 0xd9, 0x97, 0xe2, 0x5f, 0x76, 0x49, 0x39, 0x7e, 0x2d, 0x12, 0x21, 0x98, 0xda, 0xe6, 0xdb, 0xd2, 0xd8, 0x9f, 0x18, 0xd8, 0x83, 0x6c, 0xba, 0x89, 0x8d, 0x29, 0xfa, 0x46, 0x33, 0x8c, 0x28, 0xdf, 0x6a, 0xb3, 0x69, 0x28, - /* (2^320)P */ 0x86, 0x17, 0xbc, 0xd6, 0x7c, 0xba, 0x1e, 0x83, 0xbb, 0x84, 0xb5, 0x8c, 0xad, 0xdf, 0xa1, 0x24, 0x81, 0x70, 0x40, 0x0f, 0xad, 0xad, 0x3b, 0x23, 0xd0, 0x93, 0xa0, 0x49, 0x5c, 0x4b, 0x51, 0xbe, 0x20, 0x49, 0x4e, 0xda, 0x2d, 0xd3, 0xad, 0x1b, 0x74, 0x08, 0x41, 0xf0, 0xef, 0x19, 0xe9, 0x45, 0x5d, 0x02, 0xae, 0x26, 0x25, 0xd9, 0xd1, 0xc2, - /* (2^321)P */ 0x48, 0x81, 0x3e, 0xb2, 0x83, 0xf8, 0x4d, 0xb3, 0xd0, 0x4c, 0x75, 0xb3, 0xa0, 0x52, 0x26, 0xf2, 0xaf, 0x5d, 0x36, 0x70, 0x72, 0xd6, 0xb7, 0x88, 0x08, 0x69, 0xbd, 0x15, 0x25, 0xb1, 0x45, 0x1b, 0xb7, 0x0b, 0x5f, 0x71, 0x5d, 0x83, 0x49, 0xb9, 0x84, 0x3b, 0x7c, 0xc1, 0x50, 0x93, 0x05, 0x53, 0xe0, 0x61, 0xea, 0xc1, 0xef, 0xdb, 0x82, 0x97, - /* (2^322)P */ 0x00, 0xd5, 0xc3, 0x3a, 0x4d, 0x8a, 0x23, 0x7a, 0xef, 0xff, 0x37, 0xef, 0xf3, 0xbc, 0xa9, 0xb6, 0xae, 0xd7, 0x3a, 0x7b, 0xfd, 0x3e, 0x8e, 0x9b, 0xab, 0x44, 0x54, 0x60, 0x28, 0x6c, 0xbf, 0x15, 0x24, 0x4a, 0x56, 0x60, 0x7f, 0xa9, 0x7a, 0x28, 0x59, 0x2c, 0x8a, 0xd1, 0x7d, 0x6b, 0x00, 0xfd, 0xa5, 0xad, 0xbc, 0x19, 0x3f, 0xcb, 0x73, 0xe0, - /* (2^323)P */ 0xcf, 0x9e, 0x66, 0x06, 0x4d, 0x2b, 0xf5, 0x9c, 0xc2, 0x9d, 0x9e, 0xed, 0x5a, 0x5c, 0x2d, 0x00, 0xbf, 0x29, 0x90, 0x88, 0xe4, 0x5d, 0xfd, 0xe2, 0xf0, 0x38, 0xec, 0x4d, 0x26, 0xea, 0x54, 0xf0, 0x3c, 0x84, 0x10, 0x6a, 0xf9, 0x66, 0x9c, 0xe7, 0x21, 0xfd, 0x0f, 0xc7, 0x13, 0x50, 0x81, 0xb6, 0x50, 0xf9, 0x04, 0x7f, 0xa4, 0x37, 0x85, 0x14, - /* (2^324)P */ 0xdb, 0x87, 0x49, 0xc7, 0xa8, 0x39, 0x0c, 0x32, 0x98, 0x0c, 0xb9, 0x1a, 0x1b, 0x4d, 0xe0, 0x8a, 0x9a, 0x8e, 0x8f, 0xab, 0x5a, 0x17, 0x3d, 0x04, 0x21, 0xce, 0x3e, 0x2c, 0xf9, 0xa3, 0x97, 0xe4, 0x77, 0x95, 0x0e, 0xb6, 0xa5, 0x15, 0xad, 0x3a, 0x1e, 0x46, 0x53, 0x17, 0x09, 0x83, 0x71, 0x4e, 0x86, 0x38, 0xd5, 0x23, 0x44, 0x16, 0x8d, 0xc8, - /* (2^325)P */ 0x05, 0x5e, 0x99, 0x08, 0xbb, 0xc3, 0xc0, 0xb7, 0x6c, 0x12, 0xf2, 0xf3, 0xf4, 0x7c, 0x6a, 0x4d, 0x9e, 0xeb, 0x3d, 0xb9, 0x63, 0x94, 0xce, 0x81, 0xd8, 0x11, 0xcb, 0x55, 0x69, 0x4a, 0x20, 0x0b, 0x4c, 0x2e, 0x14, 0xb8, 0xd4, 0x6a, 0x7c, 0xf0, 0xed, 0xfc, 0x8f, 0xef, 0xa0, 0xeb, 0x6c, 0x01, 0xe2, 0xdc, 0x10, 0x22, 0xa2, 0x01, 0x85, 0x64, - /* (2^326)P */ 0x58, 0xe1, 0x9c, 0x27, 0x55, 0xc6, 0x25, 0xa6, 0x7d, 0x67, 0x88, 0x65, 0x99, 0x6c, 0xcb, 0xdb, 0x27, 0x4f, 0x44, 0x29, 0xf5, 0x4a, 0x23, 0x10, 0xbc, 0x03, 0x3f, 0x36, 0x1e, 0xef, 0xb0, 0xba, 0x75, 0xe8, 0x74, 0x5f, 0x69, 0x3e, 0x26, 0x40, 0xb4, 0x2f, 0xdc, 0x43, 0xbf, 0xa1, 0x8b, 0xbd, 0xca, 0x6e, 0xc1, 0x6e, 0x21, 0x79, 0xa0, 0xd0, - /* (2^327)P */ 0x78, 0x93, 0x4a, 0x2d, 0x22, 0x6e, 0x6e, 0x7d, 0x74, 0xd2, 0x66, 0x58, 0xce, 0x7b, 0x1d, 0x97, 0xb1, 0xf2, 0xda, 0x1c, 0x79, 0xfb, 0xba, 0xd1, 0xc0, 0xc5, 0x6e, 0xc9, 0x11, 0x89, 0xd2, 0x41, 0x8d, 0x70, 0xb9, 0xcc, 0xea, 0x6a, 0xb3, 0x45, 0xb6, 0x05, 0x2e, 0xf2, 0x17, 0xf1, 0x27, 0xb8, 0xed, 0x06, 0x1f, 0xdb, 0x9d, 0x1f, 0x69, 0x28, - /* (2^328)P */ 0x93, 0x12, 0xa8, 0x11, 0xe1, 0x92, 0x30, 0x8d, 0xac, 0xe1, 0x1c, 0x60, 0x7c, 0xed, 0x2d, 0x2e, 0xd3, 0x03, 0x5c, 0x9c, 0xc5, 0xbd, 0x64, 0x4a, 0x8c, 0xba, 0x76, 0xfe, 0xc6, 0xc1, 0xea, 0xc2, 0x4f, 0xbe, 0x70, 0x3d, 0x64, 0xcf, 0x8e, 0x18, 0xcb, 0xcd, 0x57, 0xa7, 0xf7, 0x36, 0xa9, 0x6b, 0x3e, 0xb8, 0x69, 0xee, 0x47, 0xa2, 0x7e, 0xb2, - /* (2^329)P */ 0x96, 0xaf, 0x3a, 0xf5, 0xed, 0xcd, 0xaf, 0xf7, 0x82, 0xaf, 0x59, 0x62, 0x0b, 0x36, 0x85, 0xf9, 0xaf, 0xd6, 0x38, 0xff, 0x87, 0x2e, 0x1d, 0x6c, 0x8b, 0xaf, 0x3b, 0xdf, 0x28, 0xa2, 0xd6, 0x4d, 0x80, 0x92, 0xc3, 0x0f, 0x34, 0xa8, 0xae, 0x69, 0x5d, 0x7b, 0x9d, 0xbc, 0xf5, 0xfd, 0x1d, 0xb1, 0x96, 0x55, 0x86, 0xe1, 0x5c, 0xb6, 0xac, 0xb9, - /* (2^330)P */ 0x50, 0x9e, 0x37, 0x28, 0x7d, 0xa8, 0x33, 0x63, 0xda, 0x3f, 0x20, 0x98, 0x0e, 0x09, 0xa8, 0x77, 0x3b, 0x7a, 0xfc, 0x16, 0x85, 0x44, 0x64, 0x77, 0x65, 0x68, 0x92, 0x41, 0xc6, 0x1f, 0xdf, 0x27, 0xf9, 0xec, 0xa0, 0x61, 0x22, 0xea, 0x19, 0xe7, 0x75, 0x8b, 0x4e, 0xe5, 0x0f, 0xb7, 0xf7, 0xd2, 0x53, 0xf4, 0xdd, 0x4a, 0xaa, 0x78, 0x40, 0xb7, - /* (2^331)P */ 0xd4, 0x89, 0xe3, 0x79, 0xba, 0xb6, 0xc3, 0xda, 0xe6, 0x78, 0x65, 0x7d, 0x6e, 0x22, 0x62, 0xb1, 0x3d, 0xea, 0x90, 0x84, 0x30, 0x5e, 0xd4, 0x39, 0x84, 0x78, 0xd9, 0x75, 0xd6, 0xce, 0x2a, 0x11, 0x29, 0x69, 0xa4, 0x5e, 0xaa, 0x2a, 0x98, 0x5a, 0xe5, 0x91, 0x8f, 0xb2, 0xfb, 0xda, 0x97, 0xe8, 0x83, 0x6f, 0x04, 0xb9, 0x5d, 0xaf, 0xe1, 0x9b, - /* (2^332)P */ 0x8b, 0xe4, 0xe1, 0x48, 0x9c, 0xc4, 0x83, 0x89, 0xdf, 0x65, 0xd3, 0x35, 0x55, 0x13, 0xf4, 0x1f, 0x36, 0x92, 0x33, 0x38, 0xcb, 0xed, 0x15, 0xe6, 0x60, 0x2d, 0x25, 0xf5, 0x36, 0x60, 0x3a, 0x37, 0x9b, 0x71, 0x9d, 0x42, 0xb0, 0x14, 0xc8, 0xba, 0x62, 0xa3, 0x49, 0xb0, 0x88, 0xc1, 0x72, 0x73, 0xdd, 0x62, 0x40, 0xa9, 0x62, 0x88, 0x99, 0xca, - /* (2^333)P */ 0x47, 0x7b, 0xea, 0xda, 0x46, 0x2f, 0x45, 0xc6, 0xe3, 0xb4, 0x4d, 0x8d, 0xac, 0x0b, 0x54, 0x22, 0x06, 0x31, 0x16, 0x66, 0x3e, 0xe4, 0x38, 0x12, 0xcd, 0xf3, 0xe7, 0x99, 0x37, 0xd9, 0x62, 0x24, 0x4b, 0x05, 0xf2, 0x58, 0xe6, 0x29, 0x4b, 0x0d, 0xf6, 0xc1, 0xba, 0xa0, 0x1e, 0x0f, 0xcb, 0x1f, 0xc6, 0x2b, 0x19, 0xfc, 0x82, 0x01, 0xd0, 0x86, - /* (2^334)P */ 0xa2, 0xae, 0x77, 0x20, 0xfb, 0xa8, 0x18, 0xb4, 0x61, 0xef, 0xe8, 0x52, 0x79, 0xbb, 0x86, 0x90, 0x5d, 0x2e, 0x76, 0xed, 0x66, 0x60, 0x5d, 0x00, 0xb5, 0xa4, 0x00, 0x40, 0x89, 0xec, 0xd1, 0xd2, 0x0d, 0x26, 0xb9, 0x30, 0xb2, 0xd2, 0xb8, 0xe8, 0x0e, 0x56, 0xf9, 0x67, 0x94, 0x2e, 0x62, 0xe1, 0x79, 0x48, 0x2b, 0xa9, 0xfa, 0xea, 0xdb, 0x28, - /* (2^335)P */ 0x35, 0xf1, 0xb0, 0x43, 0xbd, 0x27, 0xef, 0x18, 0x44, 0xa2, 0x04, 0xb4, 0x69, 0xa1, 0x97, 0x1f, 0x8c, 0x04, 0x82, 0x9b, 0x00, 0x6d, 0xf8, 0xbf, 0x7d, 0xc1, 0x5b, 0xab, 0xe8, 0xb2, 0x34, 0xbd, 0xaf, 0x7f, 0xb2, 0x0d, 0xf3, 0xed, 0xfc, 0x5b, 0x50, 0xee, 0xe7, 0x4a, 0x20, 0xd9, 0xf5, 0xc6, 0x9a, 0x97, 0x6d, 0x07, 0x2f, 0xb9, 0x31, 0x02, - /* (2^336)P */ 0xf9, 0x54, 0x4a, 0xc5, 0x61, 0x7e, 0x1d, 0xa6, 0x0e, 0x1a, 0xa8, 0xd3, 0x8c, 0x36, 0x7d, 0xf1, 0x06, 0xb1, 0xac, 0x93, 0xcd, 0xe9, 0x8f, 0x61, 0x6c, 0x5d, 0x03, 0x23, 0xdf, 0x85, 0x53, 0x39, 0x63, 0x5e, 0xeb, 0xf3, 0xd3, 0xd3, 0x75, 0x97, 0x9b, 0x62, 0x9b, 0x01, 0xb3, 0x19, 0xd8, 0x2b, 0x36, 0xf2, 0x2c, 0x2c, 0x6f, 0x36, 0xc6, 0x3c, - /* (2^337)P */ 0x05, 0x74, 0x43, 0x10, 0xb6, 0xb0, 0xf8, 0xbf, 0x02, 0x46, 0x9a, 0xee, 0xc1, 0xaf, 0xc1, 0xe5, 0x5a, 0x2e, 0xbb, 0xe1, 0xdc, 0xc6, 0xce, 0x51, 0x29, 0x50, 0xbf, 0x1b, 0xde, 0xff, 0xba, 0x4d, 0x8d, 0x8b, 0x7e, 0xe7, 0xbd, 0x5b, 0x8f, 0xbe, 0xe3, 0x75, 0x71, 0xff, 0x37, 0x05, 0x5a, 0x10, 0xeb, 0x54, 0x7e, 0x44, 0x72, 0x2c, 0xd4, 0xfc, - /* (2^338)P */ 0x03, 0x12, 0x1c, 0xb2, 0x08, 0x90, 0xa1, 0x2d, 0x50, 0xa0, 0xad, 0x7f, 0x8d, 0xa6, 0x97, 0xc1, 0xbd, 0xdc, 0xc3, 0xa7, 0xad, 0x31, 0xdf, 0xb8, 0x03, 0x84, 0xc3, 0xb9, 0x29, 0x3d, 0x92, 0x2e, 0xc3, 0x90, 0x07, 0xe8, 0xa7, 0xc7, 0xbc, 0x61, 0xe9, 0x3e, 0xa0, 0x35, 0xda, 0x1d, 0xab, 0x48, 0xfe, 0x50, 0xc9, 0x25, 0x59, 0x23, 0x69, 0x3f, - /* (2^339)P */ 0x8e, 0x91, 0xab, 0x6b, 0x91, 0x4f, 0x89, 0x76, 0x67, 0xad, 0xb2, 0x65, 0x9d, 0xad, 0x02, 0x36, 0xdc, 0xac, 0x96, 0x93, 0x97, 0x21, 0x14, 0xd0, 0xe8, 0x11, 0x60, 0x1e, 0xeb, 0x96, 0x06, 0xf2, 0x53, 0xf2, 0x6d, 0xb7, 0x93, 0x6f, 0x26, 0x91, 0x23, 0xe3, 0x34, 0x04, 0x92, 0x91, 0x37, 0x08, 0x50, 0xd6, 0x28, 0x09, 0x27, 0xa1, 0x0c, 0x00, - /* (2^340)P */ 0x1f, 0xbb, 0x21, 0x26, 0x33, 0xcb, 0xa4, 0xd1, 0xee, 0x85, 0xf9, 0xd9, 0x3c, 0x90, 0xc3, 0xd1, 0x26, 0xa2, 0x25, 0x93, 0x43, 0x61, 0xed, 0x91, 0x6e, 0x54, 0x03, 0x2e, 0x42, 0x9d, 0xf7, 0xa6, 0x02, 0x0f, 0x2f, 0x9c, 0x7a, 0x8d, 0x12, 0xc2, 0x18, 0xfc, 0x41, 0xff, 0x85, 0x26, 0x1a, 0x44, 0x55, 0x0b, 0x89, 0xab, 0x6f, 0x62, 0x33, 0x8c, - /* (2^341)P */ 0xe0, 0x3c, 0x5d, 0x70, 0x64, 0x87, 0x81, 0x35, 0xf2, 0x37, 0xa6, 0x24, 0x3e, 0xe0, 0x62, 0xd5, 0x71, 0xe7, 0x93, 0xfb, 0xac, 0xc3, 0xe7, 0xc7, 0x04, 0xe2, 0x70, 0xd3, 0x29, 0x5b, 0x21, 0xbf, 0xf4, 0x26, 0x5d, 0xf3, 0x95, 0xb4, 0x2a, 0x6a, 0x07, 0x55, 0xa6, 0x4b, 0x3b, 0x15, 0xf2, 0x25, 0x8a, 0x95, 0x3f, 0x63, 0x2f, 0x7a, 0x23, 0x96, - /* (2^342)P */ 0x0d, 0x3d, 0xd9, 0x13, 0xa7, 0xb3, 0x5e, 0x67, 0xf7, 0x02, 0x23, 0xee, 0x84, 0xff, 0x99, 0xda, 0xb9, 0x53, 0xf8, 0xf0, 0x0e, 0x39, 0x2f, 0x3c, 0x64, 0x34, 0xe3, 0x09, 0xfd, 0x2b, 0x33, 0xc7, 0xfe, 0x62, 0x2b, 0x84, 0xdf, 0x2b, 0xd2, 0x7c, 0x26, 0x01, 0x70, 0x66, 0x5b, 0x85, 0xc2, 0xbe, 0x88, 0x37, 0xf1, 0x30, 0xac, 0xb8, 0x76, 0xa3, - /* (2^343)P */ 0x6e, 0x01, 0xf0, 0x55, 0x35, 0xe4, 0xbd, 0x43, 0x62, 0x9d, 0xd6, 0x11, 0xef, 0x6f, 0xb8, 0x8c, 0xaa, 0x98, 0x87, 0xc6, 0x6d, 0xc4, 0xcc, 0x74, 0x92, 0x53, 0x4a, 0xdf, 0xe4, 0x08, 0x89, 0x17, 0xd0, 0x0f, 0xf4, 0x00, 0x60, 0x78, 0x08, 0x44, 0xb5, 0xda, 0x18, 0xed, 0x98, 0xc8, 0x61, 0x3d, 0x39, 0xdb, 0xcf, 0x1d, 0x49, 0x40, 0x65, 0x75, - /* (2^344)P */ 0x8e, 0x10, 0xae, 0x5f, 0x06, 0xd2, 0x95, 0xfd, 0x20, 0x16, 0x49, 0x5b, 0x57, 0xbe, 0x22, 0x8b, 0x43, 0xfb, 0xe6, 0xcc, 0x26, 0xa5, 0x5d, 0xd3, 0x68, 0xc5, 0xf9, 0x5a, 0x86, 0x24, 0x87, 0x27, 0x05, 0xfd, 0xe2, 0xff, 0xb3, 0xa3, 0x7b, 0x37, 0x59, 0xc5, 0x4e, 0x14, 0x94, 0xf9, 0x3b, 0xcb, 0x7c, 0xed, 0xca, 0x1d, 0xb2, 0xac, 0x05, 0x4a, - /* (2^345)P */ 0xf4, 0xd1, 0x81, 0xeb, 0x89, 0xbf, 0xfe, 0x1e, 0x41, 0x92, 0x29, 0xee, 0xe1, 0x43, 0xf5, 0x86, 0x1d, 0x2f, 0xbb, 0x1e, 0x84, 0x5d, 0x7b, 0x8d, 0xd5, 0xda, 0xee, 0x1e, 0x8a, 0xd0, 0x27, 0xf2, 0x60, 0x51, 0x59, 0x82, 0xf4, 0x84, 0x2b, 0x5b, 0x14, 0x2d, 0x81, 0x82, 0x3e, 0x2b, 0xb4, 0x6d, 0x51, 0x4f, 0xc5, 0xcb, 0xbf, 0x74, 0xe3, 0xb4, - /* (2^346)P */ 0x19, 0x2f, 0x22, 0xb3, 0x04, 0x5f, 0x81, 0xca, 0x05, 0x60, 0xb9, 0xaa, 0xee, 0x0e, 0x2f, 0x48, 0x38, 0xf9, 0x91, 0xb4, 0x66, 0xe4, 0x57, 0x28, 0x54, 0x10, 0xe9, 0x61, 0x9d, 0xd4, 0x90, 0x75, 0xb1, 0x39, 0x23, 0xb6, 0xfc, 0x82, 0xe0, 0xfa, 0xbb, 0x5c, 0x6e, 0xc3, 0x44, 0x13, 0x00, 0x83, 0x55, 0x9e, 0x8e, 0x10, 0x61, 0x81, 0x91, 0x04, - /* (2^347)P */ 0x5f, 0x2a, 0xd7, 0x81, 0xd9, 0x9c, 0xbb, 0x79, 0xbc, 0x62, 0x56, 0x98, 0x03, 0x5a, 0x18, 0x85, 0x2a, 0x9c, 0xd0, 0xfb, 0xd2, 0xb1, 0xaf, 0xef, 0x0d, 0x24, 0xc5, 0xfa, 0x39, 0xbb, 0x6b, 0xed, 0xa4, 0xdf, 0xe4, 0x87, 0xcd, 0x41, 0xd3, 0x72, 0x32, 0xc6, 0x28, 0x21, 0xb1, 0xba, 0x8b, 0xa3, 0x91, 0x79, 0x76, 0x22, 0x25, 0x10, 0x61, 0xd1, - /* (2^348)P */ 0x73, 0xb5, 0x32, 0x97, 0xdd, 0xeb, 0xdd, 0x22, 0x22, 0xf1, 0x33, 0x3c, 0x77, 0x56, 0x7d, 0x6b, 0x48, 0x2b, 0x05, 0x81, 0x03, 0x03, 0x91, 0x9a, 0xe3, 0x5e, 0xd4, 0xee, 0x3f, 0xf8, 0xbb, 0x50, 0x21, 0x32, 0x4c, 0x4a, 0x58, 0x49, 0xde, 0x0c, 0xde, 0x30, 0x82, 0x3d, 0x92, 0xf0, 0x6c, 0xcc, 0x32, 0x3e, 0xd2, 0x78, 0x8a, 0x6e, 0x2c, 0xd0, - /* (2^349)P */ 0xf0, 0xf7, 0xa1, 0x0b, 0xc1, 0x74, 0x85, 0xa8, 0xe9, 0xdd, 0x48, 0xa1, 0xc0, 0x16, 0xd8, 0x2b, 0x61, 0x08, 0xc2, 0x2b, 0x30, 0x26, 0x79, 0xce, 0x9e, 0xfd, 0x39, 0xd7, 0x81, 0xa4, 0x63, 0x8c, 0xd5, 0x74, 0xa0, 0x88, 0xfa, 0x03, 0x30, 0xe9, 0x7f, 0x2b, 0xc6, 0x02, 0xc9, 0x5e, 0xe4, 0xd5, 0x4d, 0x92, 0xd0, 0xf6, 0xf2, 0x5b, 0x79, 0x08, - /* (2^350)P */ 0x34, 0x89, 0x81, 0x43, 0xd1, 0x94, 0x2c, 0x10, 0x54, 0x9b, 0xa0, 0xe5, 0x44, 0xe8, 0xc2, 0x2f, 0x3e, 0x0e, 0x74, 0xae, 0xba, 0xe2, 0xac, 0x85, 0x6b, 0xd3, 0x5c, 0x97, 0xf7, 0x90, 0xf1, 0x12, 0xc0, 0x03, 0xc8, 0x1f, 0x37, 0x72, 0x8c, 0x9b, 0x9c, 0x17, 0x96, 0x9d, 0xc7, 0xbf, 0xa3, 0x3f, 0x44, 0x3d, 0x87, 0x81, 0xbd, 0x81, 0xa6, 0x5f, - /* (2^351)P */ 0xe4, 0xff, 0x78, 0x62, 0x82, 0x5b, 0x76, 0x58, 0xf5, 0x5b, 0xa6, 0xc4, 0x53, 0x11, 0x3b, 0x7b, 0xaa, 0x67, 0xf8, 0xea, 0x3b, 0x5d, 0x9a, 0x2e, 0x04, 0xeb, 0x4a, 0x24, 0xfb, 0x56, 0xf0, 0xa8, 0xd4, 0x14, 0xed, 0x0f, 0xfd, 0xc5, 0x26, 0x17, 0x2a, 0xf0, 0xb9, 0x13, 0x8c, 0xbd, 0x65, 0x14, 0x24, 0x95, 0x27, 0x12, 0x63, 0x2a, 0x09, 0x18, - /* (2^352)P */ 0xe1, 0x5c, 0xe7, 0xe0, 0x00, 0x6a, 0x96, 0xf2, 0x49, 0x6a, 0x39, 0xa5, 0xe0, 0x17, 0x79, 0x4a, 0x63, 0x07, 0x62, 0x09, 0x61, 0x1b, 0x6e, 0xa9, 0xb5, 0x62, 0xb7, 0xde, 0xdf, 0x80, 0x4c, 0x5a, 0x99, 0x73, 0x59, 0x9d, 0xfb, 0xb1, 0x5e, 0xbe, 0xb8, 0xb7, 0x63, 0x93, 0xe8, 0xad, 0x5e, 0x1f, 0xae, 0x59, 0x1c, 0xcd, 0xb4, 0xc2, 0xb3, 0x8a, - /* (2^353)P */ 0x78, 0x53, 0xa1, 0x4c, 0x70, 0x9c, 0x63, 0x7e, 0xb3, 0x12, 0x40, 0x5f, 0xbb, 0x23, 0xa7, 0xf7, 0x77, 0x96, 0x5b, 0x4d, 0x91, 0x10, 0x52, 0x85, 0x9e, 0xa5, 0x38, 0x0b, 0xfd, 0x25, 0x01, 0x4b, 0xfa, 0x4d, 0xd3, 0x3f, 0x78, 0x74, 0x42, 0xff, 0x62, 0x2d, 0x27, 0xdc, 0x9d, 0xd1, 0x29, 0x76, 0x2e, 0x78, 0xb3, 0x35, 0xfa, 0x15, 0xd5, 0x38, - /* (2^354)P */ 0x8b, 0xc7, 0x43, 0xce, 0xf0, 0x5e, 0xf1, 0x0d, 0x02, 0x38, 0xe8, 0x82, 0xc9, 0x25, 0xad, 0x2d, 0x27, 0xa4, 0x54, 0x18, 0xb2, 0x30, 0x73, 0xa4, 0x41, 0x08, 0xe4, 0x86, 0xe6, 0x8c, 0xe9, 0x2a, 0x34, 0xb3, 0xd6, 0x61, 0x8f, 0x66, 0x26, 0x08, 0xb6, 0x06, 0x33, 0xaa, 0x12, 0xac, 0x72, 0xec, 0x2e, 0x52, 0xa3, 0x25, 0x3e, 0xd7, 0x62, 0xe8, - /* (2^355)P */ 0xc4, 0xbb, 0x89, 0xc8, 0x40, 0xcc, 0x84, 0xec, 0x4a, 0xd9, 0xc4, 0x55, 0x78, 0x00, 0xcf, 0xd8, 0xe9, 0x24, 0x59, 0xdc, 0x5e, 0xf0, 0x66, 0xa1, 0x83, 0xae, 0x97, 0x18, 0xc5, 0x54, 0x27, 0xa2, 0x21, 0x52, 0x03, 0x31, 0x5b, 0x11, 0x67, 0xf6, 0x12, 0x00, 0x87, 0x2f, 0xff, 0x59, 0x70, 0x8f, 0x6d, 0x71, 0xab, 0xab, 0x24, 0xb8, 0xba, 0x35, - /* (2^356)P */ 0x69, 0x43, 0xa7, 0x14, 0x06, 0x96, 0xe9, 0xc2, 0xe3, 0x2b, 0x45, 0x22, 0xc0, 0xd0, 0x2f, 0x34, 0xd1, 0x01, 0x99, 0xfc, 0x99, 0x38, 0xa1, 0x25, 0x2e, 0x59, 0x6c, 0x27, 0xc9, 0xeb, 0x7b, 0xdc, 0x4e, 0x26, 0x68, 0xba, 0xfa, 0xec, 0x02, 0x05, 0x64, 0x80, 0x30, 0x20, 0x5c, 0x26, 0x7f, 0xaf, 0x95, 0x17, 0x3d, 0x5c, 0x9e, 0x96, 0x96, 0xaf, - /* (2^357)P */ 0xa6, 0xba, 0x21, 0x29, 0x32, 0xe2, 0x98, 0xde, 0x9b, 0x6d, 0x0b, 0x44, 0x91, 0xa8, 0x3e, 0xd4, 0xb8, 0x04, 0x6c, 0xf6, 0x04, 0x39, 0xbd, 0x52, 0x05, 0x15, 0x27, 0x78, 0x8e, 0x55, 0xac, 0x79, 0xc5, 0xe6, 0x00, 0x7f, 0x90, 0xa2, 0xdd, 0x07, 0x13, 0xe0, 0x24, 0x70, 0x5c, 0x0f, 0x4d, 0xa9, 0xf9, 0xae, 0xcb, 0x34, 0x10, 0x9d, 0x89, 0x9d, - /* (2^358)P */ 0x12, 0xe0, 0xb3, 0x9f, 0xc4, 0x96, 0x1d, 0xcf, 0xed, 0x99, 0x64, 0x28, 0x8d, 0xc7, 0x31, 0x82, 0xee, 0x5e, 0x75, 0x48, 0xff, 0x3a, 0xf2, 0x09, 0x34, 0x03, 0x93, 0x52, 0x19, 0xb2, 0xc5, 0x81, 0x93, 0x45, 0x5e, 0x59, 0x21, 0x2b, 0xec, 0x89, 0xba, 0x36, 0x6e, 0xf9, 0x82, 0x75, 0x7e, 0x82, 0x3f, 0xaa, 0xe2, 0xe3, 0x3b, 0x94, 0xfd, 0x98, - /* (2^359)P */ 0x7c, 0xdb, 0x75, 0x31, 0x61, 0xfb, 0x15, 0x28, 0x94, 0xd7, 0xc3, 0x5a, 0xa9, 0xa1, 0x0a, 0x66, 0x0f, 0x2b, 0x13, 0x3e, 0x42, 0xb5, 0x28, 0x3a, 0xca, 0x83, 0xf3, 0x61, 0x22, 0xf4, 0x40, 0xc5, 0xdf, 0xe7, 0x31, 0x9f, 0x7e, 0x51, 0x75, 0x06, 0x9d, 0x51, 0xc8, 0xe7, 0x9f, 0xc3, 0x71, 0x4f, 0x3d, 0x5b, 0xfb, 0xe9, 0x8e, 0x08, 0x40, 0x8e, - /* (2^360)P */ 0xf7, 0x31, 0xad, 0x50, 0x5d, 0x25, 0x93, 0x73, 0x68, 0xf6, 0x7c, 0x89, 0x5a, 0x3d, 0x9f, 0x9b, 0x05, 0x82, 0xe7, 0x70, 0x4b, 0x19, 0xaa, 0xcf, 0xff, 0xde, 0x50, 0x8f, 0x2f, 0x69, 0xd3, 0xf0, 0x99, 0x51, 0x6b, 0x9d, 0xb6, 0x56, 0x6f, 0xf8, 0x4c, 0x74, 0x8b, 0x4c, 0x91, 0xf9, 0xa9, 0xb1, 0x3e, 0x07, 0xdf, 0x0b, 0x27, 0x8a, 0xb1, 0xed, - /* (2^361)P */ 0xfb, 0x67, 0xd9, 0x48, 0xd2, 0xe4, 0x44, 0x9b, 0x43, 0x15, 0x8a, 0xeb, 0x00, 0x53, 0xad, 0x25, 0xc7, 0x7e, 0x19, 0x30, 0x87, 0xb7, 0xd5, 0x5f, 0x04, 0xf8, 0xaa, 0xdd, 0x57, 0xae, 0x34, 0x75, 0xe2, 0x84, 0x4b, 0x54, 0x60, 0x37, 0x95, 0xe4, 0xd3, 0xec, 0xac, 0xef, 0x47, 0x31, 0xa3, 0xc8, 0x31, 0x22, 0xdb, 0x26, 0xe7, 0x6a, 0xb5, 0xad, - /* (2^362)P */ 0x44, 0x09, 0x5c, 0x95, 0xe4, 0x72, 0x3c, 0x1a, 0xd1, 0xac, 0x42, 0x51, 0x99, 0x6f, 0xfa, 0x1f, 0xf2, 0x22, 0xbe, 0xff, 0x7b, 0x66, 0xf5, 0x6c, 0xb3, 0x66, 0xc7, 0x4d, 0x78, 0x31, 0x83, 0x80, 0xf5, 0x41, 0xe9, 0x7f, 0xbe, 0xf7, 0x23, 0x49, 0x6b, 0x84, 0x4e, 0x7e, 0x47, 0x07, 0x6e, 0x74, 0xdf, 0xe5, 0x9d, 0x9e, 0x56, 0x2a, 0xc0, 0xbc, - /* (2^363)P */ 0xac, 0x10, 0x80, 0x8c, 0x7c, 0xfa, 0x83, 0xdf, 0xb3, 0xd0, 0xc4, 0xbe, 0xfb, 0x9f, 0xac, 0xc9, 0xc3, 0x40, 0x95, 0x0b, 0x09, 0x23, 0xda, 0x63, 0x67, 0xcf, 0xe7, 0x9f, 0x7d, 0x7b, 0x6b, 0xe2, 0xe6, 0x6d, 0xdb, 0x87, 0x9e, 0xa6, 0xff, 0x6d, 0xab, 0xbd, 0xfb, 0x54, 0x84, 0x68, 0xcf, 0x89, 0xf1, 0xd0, 0xe2, 0x85, 0x61, 0xdc, 0x22, 0xd1, - /* (2^364)P */ 0xa8, 0x48, 0xfb, 0x8c, 0x6a, 0x63, 0x01, 0x72, 0x43, 0x43, 0xeb, 0x21, 0xa3, 0x00, 0x8a, 0xc0, 0x87, 0x51, 0x9e, 0x86, 0x75, 0x16, 0x79, 0xf9, 0x6b, 0x11, 0x80, 0x62, 0xc2, 0x9d, 0xb8, 0x8c, 0x30, 0x8e, 0x8d, 0x03, 0x52, 0x7e, 0x31, 0x59, 0x38, 0xf9, 0x25, 0xc7, 0x0f, 0xc7, 0xa8, 0x2b, 0x5c, 0x80, 0xfa, 0x90, 0xa2, 0x63, 0xca, 0xe7, - /* (2^365)P */ 0xf1, 0x5d, 0xb5, 0xd9, 0x20, 0x10, 0x7d, 0x0f, 0xc5, 0x50, 0x46, 0x07, 0xff, 0x02, 0x75, 0x2b, 0x4a, 0xf3, 0x39, 0x91, 0x72, 0xb7, 0xd5, 0xcc, 0x38, 0xb8, 0xe7, 0x36, 0x26, 0x5e, 0x11, 0x97, 0x25, 0xfb, 0x49, 0x68, 0xdc, 0xb4, 0x46, 0x87, 0x5c, 0xc2, 0x7f, 0xaa, 0x7d, 0x36, 0x23, 0xa6, 0xc6, 0x53, 0xec, 0xbc, 0x57, 0x47, 0xc1, 0x2b, - /* (2^366)P */ 0x25, 0x5d, 0x7d, 0x95, 0xda, 0x0b, 0x8f, 0x78, 0x1e, 0x19, 0x09, 0xfa, 0x67, 0xe0, 0xa0, 0x17, 0x24, 0x76, 0x6c, 0x30, 0x1f, 0x62, 0x3d, 0xbe, 0x45, 0x70, 0xcc, 0xb6, 0x1e, 0x68, 0x06, 0x25, 0x68, 0x16, 0x1a, 0x33, 0x3f, 0x90, 0xc7, 0x78, 0x2d, 0x98, 0x3c, 0x2f, 0xb9, 0x2d, 0x94, 0x0b, 0xfb, 0x49, 0x56, 0x30, 0xd7, 0xc1, 0xe6, 0x48, - /* (2^367)P */ 0x7a, 0xd1, 0xe0, 0x8e, 0x67, 0xfc, 0x0b, 0x50, 0x1f, 0x84, 0x98, 0xfa, 0xaf, 0xae, 0x2e, 0x31, 0x27, 0xcf, 0x3f, 0xf2, 0x6e, 0x8d, 0x81, 0x8f, 0xd2, 0x5f, 0xde, 0xd3, 0x5e, 0xe9, 0xe7, 0x13, 0x48, 0x83, 0x5a, 0x4e, 0x84, 0xd1, 0x58, 0xcf, 0x6b, 0x84, 0xdf, 0x13, 0x1d, 0x91, 0x85, 0xe8, 0xcb, 0x29, 0x79, 0xd2, 0xca, 0xac, 0x6a, 0x93, - /* (2^368)P */ 0x53, 0x82, 0xce, 0x61, 0x96, 0x88, 0x6f, 0xe1, 0x4a, 0x4c, 0x1e, 0x30, 0x73, 0xe8, 0x74, 0xde, 0x40, 0x2b, 0xe0, 0xc4, 0xb5, 0xd8, 0x7c, 0x15, 0xe7, 0xe1, 0xb1, 0xe0, 0xd6, 0x88, 0xb1, 0x6a, 0x57, 0x19, 0x6a, 0x22, 0x66, 0x57, 0xf6, 0x8d, 0xfd, 0xc0, 0xf2, 0xa3, 0x03, 0x56, 0xfb, 0x2e, 0x75, 0x5e, 0xc7, 0x8e, 0x22, 0x96, 0x5c, 0x06, - /* (2^369)P */ 0x98, 0x7e, 0xbf, 0x3e, 0xbf, 0x24, 0x9d, 0x15, 0xd3, 0xf6, 0xd3, 0xd2, 0xf0, 0x11, 0xf2, 0xdb, 0x36, 0x23, 0x38, 0xf7, 0x1d, 0x71, 0x20, 0xd2, 0x54, 0x7f, 0x1e, 0x24, 0x8f, 0xe2, 0xaa, 0xf7, 0x3f, 0x6b, 0x41, 0x4e, 0xdc, 0x0e, 0xec, 0xe8, 0x35, 0x0a, 0x08, 0x6d, 0x89, 0x5b, 0x32, 0x91, 0x01, 0xb6, 0xe0, 0x2c, 0xc6, 0xa1, 0xbe, 0xb4, - /* (2^370)P */ 0x29, 0xf2, 0x1e, 0x1c, 0xdc, 0x68, 0x8a, 0x43, 0x87, 0x2c, 0x48, 0xb3, 0x9e, 0xed, 0xd2, 0x82, 0x46, 0xac, 0x2f, 0xef, 0x93, 0x34, 0x37, 0xca, 0x64, 0x8d, 0xc9, 0x06, 0x90, 0xbb, 0x78, 0x0a, 0x3c, 0x4c, 0xcf, 0x35, 0x7a, 0x0f, 0xf7, 0xa7, 0xf4, 0x2f, 0x45, 0x69, 0x3f, 0xa9, 0x5d, 0xce, 0x7b, 0x8a, 0x84, 0xc3, 0xae, 0xf4, 0xda, 0xd5, - /* (2^371)P */ 0xca, 0xba, 0x95, 0x43, 0x05, 0x7b, 0x06, 0xd9, 0x5c, 0x0a, 0x18, 0x5f, 0x6a, 0x6a, 0xce, 0xc0, 0x3d, 0x95, 0x51, 0x0e, 0x1a, 0xbe, 0x85, 0x7a, 0xf2, 0x69, 0xec, 0xc0, 0x8c, 0xca, 0xa3, 0x32, 0x0a, 0x76, 0x50, 0xc6, 0x76, 0x61, 0x00, 0x89, 0xbf, 0x6e, 0x0f, 0x48, 0x90, 0x31, 0x93, 0xec, 0x34, 0x70, 0xf0, 0xc3, 0x8d, 0xf0, 0x0f, 0xb5, - /* (2^372)P */ 0xbe, 0x23, 0xe2, 0x18, 0x99, 0xf1, 0xed, 0x8a, 0xf6, 0xc9, 0xac, 0xb8, 0x1e, 0x9a, 0x3c, 0x15, 0xae, 0xd7, 0x6d, 0xb3, 0x04, 0xee, 0x5b, 0x0d, 0x1e, 0x79, 0xb7, 0xf9, 0xf9, 0x8d, 0xad, 0xf9, 0x8f, 0x5a, 0x6a, 0x7b, 0xd7, 0x9b, 0xca, 0x62, 0xfe, 0x9c, 0xc0, 0x6f, 0x6d, 0x9d, 0x76, 0xa3, 0x69, 0xb9, 0x4c, 0xa1, 0xc4, 0x0c, 0x76, 0xaa, - /* (2^373)P */ 0x1c, 0x06, 0xfe, 0x3f, 0x45, 0x70, 0xcd, 0x97, 0xa9, 0xa2, 0xb1, 0xd3, 0xf2, 0xa5, 0x0c, 0x49, 0x2c, 0x75, 0x73, 0x1f, 0xcf, 0x00, 0xaf, 0xd5, 0x2e, 0xde, 0x0d, 0x8f, 0x8f, 0x7c, 0xc4, 0x58, 0xce, 0xd4, 0xf6, 0x24, 0x19, 0x2e, 0xd8, 0xc5, 0x1d, 0x1a, 0x3f, 0xb8, 0x4f, 0xbc, 0x7d, 0xbd, 0x68, 0xe3, 0x81, 0x98, 0x1b, 0xa8, 0xc9, 0xd9, - /* (2^374)P */ 0x39, 0x95, 0x78, 0x24, 0x6c, 0x38, 0xe4, 0xe7, 0xd0, 0x8d, 0xb9, 0x38, 0x71, 0x5e, 0xc1, 0x62, 0x80, 0xcc, 0xcb, 0x8c, 0x97, 0xca, 0xf8, 0xb9, 0xd9, 0x9c, 0xce, 0x72, 0x7b, 0x70, 0xee, 0x5f, 0xea, 0xa2, 0xdf, 0xa9, 0x14, 0x10, 0xf9, 0x6e, 0x59, 0x9f, 0x9c, 0xe0, 0x0c, 0xb2, 0x07, 0x97, 0xcd, 0xd2, 0x89, 0x16, 0xfd, 0x9c, 0xa8, 0xa5, - /* (2^375)P */ 0x5a, 0x61, 0xf1, 0x59, 0x7c, 0x38, 0xda, 0xe2, 0x85, 0x99, 0x68, 0xe9, 0xc9, 0xf7, 0x32, 0x7e, 0xc4, 0xca, 0xb7, 0x11, 0x08, 0x69, 0x2b, 0x66, 0x02, 0xf7, 0x2e, 0x18, 0xc3, 0x8e, 0xe1, 0xf9, 0xc5, 0x19, 0x9a, 0x0a, 0x9c, 0x07, 0xba, 0xc7, 0x9c, 0x03, 0x34, 0x89, 0x99, 0x67, 0x0b, 0x16, 0x4b, 0x07, 0x36, 0x16, 0x36, 0x2c, 0xe2, 0xa1, - /* (2^376)P */ 0x70, 0x10, 0x91, 0x27, 0xa8, 0x24, 0x8e, 0x29, 0x04, 0x6f, 0x79, 0x1f, 0xd3, 0xa5, 0x68, 0xd3, 0x0b, 0x7d, 0x56, 0x4d, 0x14, 0x57, 0x7b, 0x2e, 0x00, 0x9f, 0x9a, 0xfd, 0x6c, 0x63, 0x18, 0x81, 0xdb, 0x9d, 0xb7, 0xd7, 0xa4, 0x1e, 0xe8, 0x40, 0xf1, 0x4c, 0xa3, 0x01, 0xd5, 0x4b, 0x75, 0xea, 0xdd, 0x97, 0xfd, 0x5b, 0xb2, 0x66, 0x6a, 0x24, - /* (2^377)P */ 0x72, 0x11, 0xfe, 0x73, 0x1b, 0xd3, 0xea, 0x7f, 0x93, 0x15, 0x15, 0x05, 0xfe, 0x40, 0xe8, 0x28, 0xd8, 0x50, 0x47, 0x66, 0xfa, 0xb7, 0xb5, 0x04, 0xba, 0x35, 0x1e, 0x32, 0x9f, 0x5f, 0x32, 0xba, 0x3d, 0xd1, 0xed, 0x9a, 0x76, 0xca, 0xa3, 0x3e, 0x77, 0xd8, 0xd8, 0x7c, 0x5f, 0x68, 0x42, 0xb5, 0x86, 0x7f, 0x3b, 0xc9, 0xc1, 0x89, 0x64, 0xda, - /* (2^378)P */ 0xd5, 0xd4, 0x17, 0x31, 0xfc, 0x6a, 0xfd, 0xb8, 0xe8, 0xe5, 0x3e, 0x39, 0x06, 0xe4, 0xd1, 0x90, 0x2a, 0xca, 0xf6, 0x54, 0x6c, 0x1b, 0x2f, 0x49, 0x97, 0xb1, 0x2a, 0x82, 0x43, 0x3d, 0x1f, 0x8b, 0xe2, 0x47, 0xc5, 0x24, 0xa8, 0xd5, 0x53, 0x29, 0x7d, 0xc6, 0x87, 0xa6, 0x25, 0x3a, 0x64, 0xdd, 0x71, 0x08, 0x9e, 0xcd, 0xe9, 0x45, 0xc7, 0xba, - /* (2^379)P */ 0x37, 0x72, 0x6d, 0x13, 0x7a, 0x8d, 0x04, 0x31, 0xe6, 0xe3, 0x9e, 0x36, 0x71, 0x3e, 0xc0, 0x1e, 0xe3, 0x71, 0xd3, 0x49, 0x4e, 0x4a, 0x36, 0x42, 0x68, 0x68, 0x61, 0xc7, 0x3c, 0xdb, 0x81, 0x49, 0xf7, 0x91, 0x4d, 0xea, 0x4c, 0x4f, 0x98, 0xc6, 0x7e, 0x60, 0x84, 0x4b, 0x6a, 0x37, 0xbb, 0x52, 0xf7, 0xce, 0x02, 0xe4, 0xad, 0xd1, 0x3c, 0xa7, - /* (2^380)P */ 0x51, 0x06, 0x2d, 0xf8, 0x08, 0xe8, 0xf1, 0x0c, 0xe5, 0xa9, 0xac, 0x29, 0x73, 0x3b, 0xed, 0x98, 0x5f, 0x55, 0x08, 0x38, 0x51, 0x44, 0x36, 0x5d, 0xea, 0xc3, 0xb8, 0x0e, 0xa0, 0x4f, 0xd2, 0x79, 0xe9, 0x98, 0xc3, 0xf5, 0x00, 0xb9, 0x26, 0x27, 0x42, 0xa8, 0x07, 0xc1, 0x12, 0x31, 0xc1, 0xc3, 0x3c, 0x3b, 0x7a, 0x72, 0x97, 0xc2, 0x70, 0x3a, - /* (2^381)P */ 0xf4, 0xb2, 0xba, 0x32, 0xbc, 0xa9, 0x2f, 0x87, 0xc7, 0x3c, 0x45, 0xcd, 0xae, 0xe2, 0x13, 0x6d, 0x3a, 0xf2, 0xf5, 0x66, 0x97, 0x29, 0xaf, 0x53, 0x9f, 0xda, 0xea, 0x14, 0xdf, 0x04, 0x98, 0x19, 0x95, 0x9e, 0x2a, 0x00, 0x5c, 0x9d, 0x1d, 0xf0, 0x39, 0x23, 0xff, 0xfc, 0xca, 0x36, 0xb7, 0xde, 0xdf, 0x37, 0x78, 0x52, 0x21, 0xfa, 0x19, 0x10, - /* (2^382)P */ 0x50, 0x20, 0x73, 0x74, 0x62, 0x21, 0xf2, 0xf7, 0x9b, 0x66, 0x85, 0x34, 0x74, 0xd4, 0x9d, 0x60, 0xd7, 0xbc, 0xc8, 0x46, 0x3b, 0xb8, 0x80, 0x42, 0x15, 0x0a, 0x6c, 0x35, 0x1a, 0x69, 0xf0, 0x1d, 0x4b, 0x29, 0x54, 0x5a, 0x9a, 0x48, 0xec, 0x9f, 0x37, 0x74, 0x91, 0xd0, 0xd1, 0x9e, 0x00, 0xc2, 0x76, 0x56, 0xd6, 0xa0, 0x15, 0x14, 0x83, 0x59, - /* (2^383)P */ 0xc2, 0xf8, 0x22, 0x20, 0x23, 0x07, 0xbd, 0x1d, 0x6f, 0x1e, 0x8c, 0x56, 0x06, 0x6a, 0x4b, 0x9f, 0xe2, 0xa9, 0x92, 0x46, 0x4b, 0x46, 0x59, 0xd7, 0xe1, 0xda, 0x14, 0x98, 0x07, 0x65, 0x7e, 0x28, 0x20, 0xf2, 0x9d, 0x4f, 0x36, 0x5c, 0x92, 0xe0, 0x9d, 0xfe, 0x3e, 0xda, 0xe4, 0x47, 0x19, 0x3c, 0x00, 0x7f, 0x22, 0xf2, 0x9e, 0x51, 0xae, 0x4d, - /* (2^384)P */ 0xbe, 0x8c, 0x1b, 0x10, 0xb6, 0xad, 0xcc, 0xcc, 0xd8, 0x5e, 0x21, 0xa6, 0xfb, 0xf1, 0xf6, 0xbd, 0x0a, 0x24, 0x67, 0xb4, 0x57, 0x7a, 0xbc, 0xe8, 0xe9, 0xff, 0xee, 0x0a, 0x1f, 0xee, 0xbd, 0xc8, 0x44, 0xed, 0x2b, 0xbb, 0x55, 0x1f, 0xdd, 0x7c, 0xb3, 0xeb, 0x3f, 0x63, 0xa1, 0x28, 0x91, 0x21, 0xab, 0x71, 0xc6, 0x4c, 0xd0, 0xe9, 0xb0, 0x21, - /* (2^385)P */ 0xad, 0xc9, 0x77, 0x2b, 0xee, 0x89, 0xa4, 0x7b, 0xfd, 0xf9, 0xf6, 0x14, 0xe4, 0xed, 0x1a, 0x16, 0x9b, 0x78, 0x41, 0x43, 0xa8, 0x83, 0x72, 0x06, 0x2e, 0x7c, 0xdf, 0xeb, 0x7e, 0xdd, 0xd7, 0x8b, 0xea, 0x9a, 0x2b, 0x03, 0xba, 0x57, 0xf3, 0xf1, 0xd9, 0xe5, 0x09, 0xc5, 0x98, 0x61, 0x1c, 0x51, 0x6d, 0x5d, 0x6e, 0xfb, 0x5e, 0x95, 0x9f, 0xb5, - /* (2^386)P */ 0x23, 0xe2, 0x1e, 0x95, 0xa3, 0x5e, 0x42, 0x10, 0xc7, 0xc3, 0x70, 0xbf, 0x4b, 0x6b, 0x83, 0x36, 0x93, 0xb7, 0x68, 0x47, 0x88, 0x3a, 0x10, 0x88, 0x48, 0x7f, 0x8c, 0xae, 0x54, 0x10, 0x02, 0xa4, 0x52, 0x8f, 0x8d, 0xf7, 0x26, 0x4f, 0x50, 0xc3, 0x6a, 0xe2, 0x4e, 0x3b, 0x4c, 0xb9, 0x8a, 0x14, 0x15, 0x6d, 0x21, 0x29, 0xb3, 0x6e, 0x4e, 0xd0, - /* (2^387)P */ 0x4c, 0x8a, 0x18, 0x3f, 0xb7, 0x20, 0xfd, 0x3e, 0x54, 0xca, 0x68, 0x3c, 0xea, 0x6f, 0xf4, 0x6b, 0xa2, 0xbd, 0x01, 0xbd, 0xfe, 0x08, 0xa8, 0xd8, 0xc2, 0x20, 0x36, 0x05, 0xcd, 0xe9, 0xf3, 0x9e, 0xfa, 0x85, 0x66, 0x8f, 0x4b, 0x1d, 0x8c, 0x64, 0x4f, 0xb8, 0xc6, 0x0f, 0x5b, 0x57, 0xd8, 0x24, 0x19, 0x5a, 0x14, 0x4b, 0x92, 0xd3, 0x96, 0xbc, - /* (2^388)P */ 0xa9, 0x3f, 0xc9, 0x6c, 0xca, 0x64, 0x1e, 0x6f, 0xdf, 0x65, 0x7f, 0x9a, 0x47, 0x6b, 0x8a, 0x60, 0x31, 0xa6, 0x06, 0xac, 0x69, 0x30, 0xe6, 0xea, 0x63, 0x42, 0x26, 0x5f, 0xdb, 0xd0, 0xf2, 0x8e, 0x34, 0x0a, 0x3a, 0xeb, 0xf3, 0x79, 0xc8, 0xb7, 0x60, 0x56, 0x5c, 0x37, 0x95, 0x71, 0xf8, 0x7f, 0x49, 0x3e, 0x9e, 0x01, 0x26, 0x1e, 0x80, 0x9f, - /* (2^389)P */ 0xf8, 0x16, 0x9a, 0xaa, 0xb0, 0x28, 0xb5, 0x8e, 0xd0, 0x60, 0xe5, 0x26, 0xa9, 0x47, 0xc4, 0x5c, 0xa9, 0x39, 0xfe, 0x0a, 0xd8, 0x07, 0x2b, 0xb3, 0xce, 0xf1, 0xea, 0x1a, 0xf4, 0x7b, 0x98, 0x31, 0x3d, 0x13, 0x29, 0x80, 0xe8, 0x0d, 0xcf, 0x56, 0x39, 0x86, 0x50, 0x0c, 0xb3, 0x18, 0xf4, 0xc5, 0xca, 0xf2, 0x6f, 0xcd, 0x8d, 0xd5, 0x02, 0xb0, - /* (2^390)P */ 0xbf, 0x39, 0x3f, 0xac, 0x6d, 0x1a, 0x6a, 0xe4, 0x42, 0x24, 0xd6, 0x41, 0x9d, 0xb9, 0x5b, 0x46, 0x73, 0x93, 0x76, 0xaa, 0xb7, 0x37, 0x36, 0xa6, 0x09, 0xe5, 0x04, 0x3b, 0x66, 0xc4, 0x29, 0x3e, 0x41, 0xc2, 0xcb, 0xe5, 0x17, 0xd7, 0x34, 0x67, 0x1d, 0x2c, 0x12, 0xec, 0x24, 0x7a, 0x40, 0xa2, 0x45, 0x41, 0xf0, 0x75, 0xed, 0x43, 0x30, 0xc9, - /* (2^391)P */ 0x80, 0xf6, 0x47, 0x5b, 0xad, 0x54, 0x02, 0xbc, 0xdd, 0xa4, 0xb2, 0xd7, 0x42, 0x95, 0xf2, 0x0d, 0x1b, 0xef, 0x37, 0xa7, 0xb4, 0x34, 0x04, 0x08, 0x71, 0x1b, 0xd3, 0xdf, 0xa1, 0xf0, 0x2b, 0xfa, 0xc0, 0x1f, 0xf3, 0x44, 0xb5, 0xc6, 0x47, 0x3d, 0x65, 0x67, 0x45, 0x4d, 0x2f, 0xde, 0x52, 0x73, 0xfc, 0x30, 0x01, 0x6b, 0xc1, 0x03, 0xd8, 0xd7, - /* (2^392)P */ 0x1c, 0x67, 0x55, 0x3e, 0x01, 0x17, 0x0f, 0x3e, 0xe5, 0x34, 0x58, 0xfc, 0xcb, 0x71, 0x24, 0x74, 0x5d, 0x36, 0x1e, 0x89, 0x2a, 0x63, 0xf8, 0xf8, 0x9f, 0x50, 0x9f, 0x32, 0x92, 0x29, 0xd8, 0x1a, 0xec, 0x76, 0x57, 0x6c, 0x67, 0x12, 0x6a, 0x6e, 0xef, 0x97, 0x1f, 0xc3, 0x77, 0x60, 0x3c, 0x22, 0xcb, 0xc7, 0x04, 0x1a, 0x89, 0x2d, 0x10, 0xa6, - /* (2^393)P */ 0x12, 0xf5, 0xa9, 0x26, 0x16, 0xd9, 0x3c, 0x65, 0x5d, 0x83, 0xab, 0xd1, 0x70, 0x6b, 0x1c, 0xdb, 0xe7, 0x86, 0x0d, 0xfb, 0xe7, 0xf8, 0x2a, 0x58, 0x6e, 0x7a, 0x66, 0x13, 0x53, 0x3a, 0x6f, 0x8d, 0x43, 0x5f, 0x14, 0x23, 0x14, 0xff, 0x3d, 0x52, 0x7f, 0xee, 0xbd, 0x7a, 0x34, 0x8b, 0x35, 0x24, 0xc3, 0x7a, 0xdb, 0xcf, 0x22, 0x74, 0x9a, 0x8f, - /* (2^394)P */ 0xdb, 0x20, 0xfc, 0xe5, 0x39, 0x4e, 0x7d, 0x78, 0xee, 0x0b, 0xbf, 0x1d, 0x80, 0xd4, 0x05, 0x4f, 0xb9, 0xd7, 0x4e, 0x94, 0x88, 0x9a, 0x50, 0x78, 0x1a, 0x70, 0x8c, 0xcc, 0x25, 0xb6, 0x61, 0x09, 0xdc, 0x7b, 0xea, 0x3f, 0x7f, 0xea, 0x2a, 0x0d, 0x47, 0x1c, 0x8e, 0xa6, 0x5b, 0xd2, 0xa3, 0x61, 0x93, 0x3c, 0x68, 0x9f, 0x8b, 0xea, 0xb0, 0xcb, - /* (2^395)P */ 0xff, 0x54, 0x02, 0x19, 0xae, 0x8b, 0x4c, 0x2c, 0x3a, 0xe0, 0xe4, 0xac, 0x87, 0xf7, 0x51, 0x45, 0x41, 0x43, 0xdc, 0xaa, 0xcd, 0xcb, 0xdc, 0x40, 0xe3, 0x44, 0x3b, 0x1d, 0x9e, 0x3d, 0xb9, 0x82, 0xcc, 0x7a, 0xc5, 0x12, 0xf8, 0x1e, 0xdd, 0xdb, 0x8d, 0xb0, 0x2a, 0xe8, 0xe6, 0x6c, 0x94, 0x3b, 0xb7, 0x2d, 0xba, 0x79, 0x3b, 0xb5, 0x86, 0xfb, - /* (2^396)P */ 0x82, 0x88, 0x13, 0xdd, 0x6c, 0xcd, 0x85, 0x2b, 0x90, 0x86, 0xb7, 0xac, 0x16, 0xa6, 0x6e, 0x6a, 0x94, 0xd8, 0x1e, 0x4e, 0x41, 0x0f, 0xce, 0x81, 0x6a, 0xa8, 0x26, 0x56, 0x43, 0x52, 0x52, 0xe6, 0xff, 0x88, 0xcf, 0x47, 0x05, 0x1d, 0xff, 0xf3, 0xa0, 0x10, 0xb2, 0x97, 0x87, 0xeb, 0x47, 0xbb, 0xfa, 0x1f, 0xe8, 0x4c, 0xce, 0xc4, 0xcd, 0x93, - /* (2^397)P */ 0xf4, 0x11, 0xf5, 0x8d, 0x89, 0x29, 0x79, 0xb3, 0x59, 0x0b, 0x29, 0x7d, 0x9c, 0x12, 0x4a, 0x65, 0x72, 0x3a, 0xf9, 0xec, 0x37, 0x18, 0x86, 0xef, 0x44, 0x07, 0x25, 0x74, 0x76, 0x53, 0xed, 0x51, 0x01, 0xc6, 0x28, 0xc5, 0xc3, 0x4a, 0x0f, 0x99, 0xec, 0xc8, 0x40, 0x5a, 0x83, 0x30, 0x79, 0xa2, 0x3e, 0x63, 0x09, 0x2d, 0x6f, 0x23, 0x54, 0x1c, - /* (2^398)P */ 0x5c, 0x6f, 0x3b, 0x1c, 0x30, 0x77, 0x7e, 0x87, 0x66, 0x83, 0x2e, 0x7e, 0x85, 0x50, 0xfd, 0xa0, 0x7a, 0xc2, 0xf5, 0x0f, 0xc1, 0x64, 0xe7, 0x0b, 0xbd, 0x59, 0xa7, 0xe7, 0x65, 0x53, 0xc3, 0xf5, 0x55, 0x5b, 0xe1, 0x82, 0x30, 0x5a, 0x61, 0xcd, 0xa0, 0x89, 0x32, 0xdb, 0x87, 0xfc, 0x21, 0x8a, 0xab, 0x6d, 0x82, 0xa8, 0x42, 0x81, 0x4f, 0xf2, - /* (2^399)P */ 0xb3, 0xeb, 0x88, 0x18, 0xf6, 0x56, 0x96, 0xbf, 0xba, 0x5d, 0x71, 0xa1, 0x5a, 0xd1, 0x04, 0x7b, 0xd5, 0x46, 0x01, 0x74, 0xfe, 0x15, 0x25, 0xb7, 0xff, 0x0c, 0x24, 0x47, 0xac, 0xfd, 0xab, 0x47, 0x32, 0xe1, 0x6a, 0x4e, 0xca, 0xcf, 0x7f, 0xdd, 0xf8, 0xd2, 0x4b, 0x3b, 0xf5, 0x17, 0xba, 0xba, 0x8b, 0xa1, 0xec, 0x28, 0x3f, 0x97, 0xab, 0x2a, - /* (2^400)P */ 0x51, 0x38, 0xc9, 0x5e, 0xc6, 0xb3, 0x64, 0xf2, 0x24, 0x4d, 0x04, 0x7d, 0xc8, 0x39, 0x0c, 0x4a, 0xc9, 0x73, 0x74, 0x1b, 0x5c, 0xb2, 0xc5, 0x41, 0x62, 0xa0, 0x4c, 0x6d, 0x8d, 0x91, 0x9a, 0x7b, 0x88, 0xab, 0x9c, 0x7e, 0x23, 0xdb, 0x6f, 0xb5, 0x72, 0xd6, 0x47, 0x40, 0xef, 0x22, 0x58, 0x62, 0x19, 0x6c, 0x38, 0xba, 0x5b, 0x00, 0x30, 0x9f, - /* (2^401)P */ 0x65, 0xbb, 0x3b, 0x9b, 0xe9, 0xae, 0xbf, 0xbe, 0xe4, 0x13, 0x95, 0xf3, 0xe3, 0x77, 0xcb, 0xe4, 0x9a, 0x22, 0xb5, 0x4a, 0x08, 0x9d, 0xb3, 0x9e, 0x27, 0xe0, 0x15, 0x6c, 0x9f, 0x7e, 0x9a, 0x5e, 0x15, 0x45, 0x25, 0x8d, 0x01, 0x0a, 0xd2, 0x2b, 0xbd, 0x48, 0x06, 0x0d, 0x18, 0x97, 0x4b, 0xdc, 0xbc, 0xf0, 0xcd, 0xb2, 0x52, 0x3c, 0xac, 0xf5, - /* (2^402)P */ 0x3e, 0xed, 0x47, 0x6b, 0x5c, 0xf6, 0x76, 0xd0, 0xe9, 0x15, 0xa3, 0xcb, 0x36, 0x00, 0x21, 0xa3, 0x79, 0x20, 0xa5, 0x3e, 0x88, 0x03, 0xcb, 0x7e, 0x63, 0xbb, 0xed, 0xa9, 0x13, 0x35, 0x16, 0xaf, 0x2e, 0xb4, 0x70, 0x14, 0x93, 0xfb, 0xc4, 0x9b, 0xd8, 0xb1, 0xbe, 0x43, 0xd1, 0x85, 0xb8, 0x97, 0xef, 0xea, 0x88, 0xa1, 0x25, 0x52, 0x62, 0x75, - /* (2^403)P */ 0x8e, 0x4f, 0xaa, 0x23, 0x62, 0x7e, 0x2b, 0x37, 0x89, 0x00, 0x11, 0x30, 0xc5, 0x33, 0x4a, 0x89, 0x8a, 0xe2, 0xfc, 0x5c, 0x6a, 0x75, 0xe5, 0xf7, 0x02, 0x4a, 0x9b, 0xf7, 0xb5, 0x6a, 0x85, 0x31, 0xd3, 0x5a, 0xcf, 0xc3, 0xf8, 0xde, 0x2f, 0xcf, 0xb5, 0x24, 0xf4, 0xe3, 0xa1, 0xad, 0x42, 0xae, 0x09, 0xb9, 0x2e, 0x04, 0x2d, 0x01, 0x22, 0x3f, - /* (2^404)P */ 0x41, 0x16, 0xfb, 0x7d, 0x50, 0xfd, 0xb5, 0xba, 0x88, 0x24, 0xba, 0xfd, 0x3d, 0xb2, 0x90, 0x15, 0xb7, 0xfa, 0xa2, 0xe1, 0x4c, 0x7d, 0xb9, 0xc6, 0xff, 0x81, 0x57, 0xb6, 0xc2, 0x9e, 0xcb, 0xc4, 0x35, 0xbd, 0x01, 0xb7, 0xaa, 0xce, 0xd0, 0xe9, 0xb5, 0xd6, 0x72, 0xbf, 0xd2, 0xee, 0xc7, 0xac, 0x94, 0xff, 0x29, 0x57, 0x02, 0x49, 0x09, 0xad, - /* (2^405)P */ 0x27, 0xa5, 0x78, 0x1b, 0xbf, 0x6b, 0xaf, 0x0b, 0x8c, 0xd9, 0xa8, 0x37, 0xb0, 0x67, 0x18, 0xb6, 0xc7, 0x05, 0x8a, 0x67, 0x03, 0x30, 0x62, 0x6e, 0x56, 0x82, 0xa9, 0x54, 0x3e, 0x0c, 0x4e, 0x07, 0xe1, 0x5a, 0x38, 0xed, 0xfa, 0xc8, 0x55, 0x6b, 0x08, 0xa3, 0x6b, 0x64, 0x2a, 0x15, 0xd6, 0x39, 0x6f, 0x47, 0x99, 0x42, 0x3f, 0x33, 0x84, 0x8f, - /* (2^406)P */ 0xbc, 0x45, 0x29, 0x81, 0x0e, 0xa4, 0xc5, 0x72, 0x3a, 0x10, 0xe1, 0xc4, 0x1e, 0xda, 0xc3, 0xfe, 0xb0, 0xce, 0xd2, 0x13, 0x34, 0x67, 0x21, 0xc6, 0x7e, 0xf9, 0x8c, 0xff, 0x39, 0x50, 0xae, 0x92, 0x60, 0x35, 0x2f, 0x8b, 0x6e, 0xc9, 0xc1, 0x27, 0x3a, 0x94, 0x66, 0x3e, 0x26, 0x84, 0x93, 0xc8, 0x6c, 0xcf, 0xd2, 0x03, 0xa1, 0x10, 0xcf, 0xb7, - /* (2^407)P */ 0x64, 0xda, 0x19, 0xf6, 0xc5, 0x73, 0x17, 0x44, 0x88, 0x81, 0x07, 0x0d, 0x34, 0xb2, 0x75, 0xf9, 0xd9, 0xe2, 0xe0, 0x8b, 0x71, 0xcf, 0x72, 0x34, 0x83, 0xb4, 0xce, 0xfc, 0xd7, 0x29, 0x09, 0x5a, 0x98, 0xbf, 0x14, 0xac, 0x77, 0x55, 0x38, 0x47, 0x5b, 0x0f, 0x40, 0x24, 0xe5, 0xa5, 0xa6, 0xac, 0x2d, 0xa6, 0xff, 0x9c, 0x73, 0xfe, 0x5c, 0x7e, - /* (2^408)P */ 0x1e, 0x33, 0xcc, 0x68, 0xb2, 0xbc, 0x8c, 0x93, 0xaf, 0xcc, 0x38, 0xf8, 0xd9, 0x16, 0x72, 0x50, 0xac, 0xd9, 0xb5, 0x0b, 0x9a, 0xbe, 0x46, 0x7a, 0xf1, 0xee, 0xf1, 0xad, 0xec, 0x5b, 0x59, 0x27, 0x9c, 0x05, 0xa3, 0x87, 0xe0, 0x37, 0x2c, 0x83, 0xce, 0xb3, 0x65, 0x09, 0x8e, 0xc3, 0x9c, 0xbf, 0x6a, 0xa2, 0x00, 0xcc, 0x12, 0x36, 0xc5, 0x95, - /* (2^409)P */ 0x36, 0x11, 0x02, 0x14, 0x9c, 0x3c, 0xeb, 0x2f, 0x23, 0x5b, 0x6b, 0x2b, 0x08, 0x54, 0x53, 0xac, 0xb2, 0xa3, 0xe0, 0x26, 0x62, 0x3c, 0xe4, 0xe1, 0x81, 0xee, 0x13, 0x3e, 0xa4, 0x97, 0xef, 0xf9, 0x92, 0x27, 0x01, 0xce, 0x54, 0x8b, 0x3e, 0x31, 0xbe, 0xa7, 0x88, 0xcf, 0x47, 0x99, 0x3c, 0x10, 0x6f, 0x60, 0xb3, 0x06, 0x4e, 0xee, 0x1b, 0xf0, - /* (2^410)P */ 0x59, 0x49, 0x66, 0xcf, 0x22, 0xe6, 0xf6, 0x73, 0xfe, 0xa3, 0x1c, 0x09, 0xfa, 0x5f, 0x65, 0xa8, 0xf0, 0x82, 0xc2, 0xef, 0x16, 0x63, 0x6e, 0x79, 0x69, 0x51, 0x39, 0x07, 0x65, 0xc4, 0x81, 0xec, 0x73, 0x0f, 0x15, 0x93, 0xe1, 0x30, 0x33, 0xe9, 0x37, 0x86, 0x42, 0x4c, 0x1f, 0x9b, 0xad, 0xee, 0x3f, 0xf1, 0x2a, 0x8e, 0x6a, 0xa3, 0xc8, 0x35, - /* (2^411)P */ 0x1e, 0x49, 0xf1, 0xdd, 0xd2, 0x9c, 0x8e, 0x78, 0xb2, 0x06, 0xe4, 0x6a, 0xab, 0x3a, 0xdc, 0xcd, 0xf4, 0xeb, 0xe1, 0xe7, 0x2f, 0xaa, 0xeb, 0x40, 0x31, 0x9f, 0xb9, 0xab, 0x13, 0xa9, 0x78, 0xbf, 0x38, 0x89, 0x0e, 0x85, 0x14, 0x8b, 0x46, 0x76, 0x14, 0xda, 0xcf, 0x33, 0xc8, 0x79, 0xd3, 0xd5, 0xa3, 0x6a, 0x69, 0x45, 0x70, 0x34, 0xc3, 0xe9, - /* (2^412)P */ 0x5e, 0xe7, 0x78, 0xe9, 0x24, 0xcc, 0xe9, 0xf4, 0xc8, 0x6b, 0xe0, 0xfb, 0x3a, 0xbe, 0xcc, 0x42, 0x4a, 0x00, 0x22, 0xf8, 0xe6, 0x32, 0xbe, 0x6d, 0x18, 0x55, 0x60, 0xe9, 0x72, 0x69, 0x50, 0x56, 0xca, 0x04, 0x18, 0x38, 0xa1, 0xee, 0xd8, 0x38, 0x3c, 0xa7, 0x70, 0xe2, 0xb9, 0x4c, 0xa0, 0xc8, 0x89, 0x72, 0xcf, 0x49, 0x7f, 0xdf, 0xbc, 0x67, - /* (2^413)P */ 0x1d, 0x17, 0xcb, 0x0b, 0xbd, 0xb2, 0x36, 0xe3, 0xa8, 0x99, 0x31, 0xb6, 0x26, 0x9c, 0x0c, 0x74, 0xaf, 0x4d, 0x24, 0x61, 0xcf, 0x31, 0x7b, 0xed, 0xdd, 0xc3, 0xf6, 0x32, 0x70, 0xfe, 0x17, 0xf6, 0x51, 0x37, 0x65, 0xce, 0x5d, 0xaf, 0xa5, 0x2f, 0x2a, 0xfe, 0x00, 0x71, 0x7c, 0x50, 0xbe, 0x21, 0xc7, 0xed, 0xc6, 0xfc, 0x67, 0xcf, 0x9c, 0xdd, - /* (2^414)P */ 0x26, 0x3e, 0xf8, 0xbb, 0xd0, 0xb1, 0x01, 0xd8, 0xeb, 0x0b, 0x62, 0x87, 0x35, 0x4c, 0xde, 0xca, 0x99, 0x9c, 0x6d, 0xf7, 0xb6, 0xf0, 0x57, 0x0a, 0x52, 0x29, 0x6a, 0x3f, 0x26, 0x31, 0x04, 0x07, 0x2a, 0xc9, 0xfa, 0x9b, 0x0e, 0x62, 0x8e, 0x72, 0xf2, 0xad, 0xce, 0xb6, 0x35, 0x7a, 0xc1, 0xae, 0x35, 0xc7, 0xa3, 0x14, 0xcf, 0x0c, 0x28, 0xb7, - /* (2^415)P */ 0xa6, 0xf1, 0x32, 0x3a, 0x20, 0xd2, 0x24, 0x97, 0xcf, 0x5d, 0x37, 0x99, 0xaf, 0x33, 0x7a, 0x5b, 0x7a, 0xcc, 0x4e, 0x41, 0x38, 0xb1, 0x4e, 0xad, 0xc9, 0xd9, 0x71, 0x7e, 0xb2, 0xf5, 0xd5, 0x01, 0x6c, 0x4d, 0xfd, 0xa1, 0xda, 0x03, 0x38, 0x9b, 0x3d, 0x92, 0x92, 0xf2, 0xca, 0xbf, 0x1f, 0x24, 0xa4, 0xbb, 0x30, 0x6a, 0x74, 0x56, 0xc8, 0xce, - /* (2^416)P */ 0x27, 0xf4, 0xed, 0xc9, 0xc3, 0xb1, 0x79, 0x85, 0xbe, 0xf6, 0xeb, 0xf3, 0x55, 0xc7, 0xaa, 0xa6, 0xe9, 0x07, 0x5d, 0xf4, 0xeb, 0xa6, 0x81, 0xe3, 0x0e, 0xcf, 0xa3, 0xc1, 0xef, 0xe7, 0x34, 0xb2, 0x03, 0x73, 0x8a, 0x91, 0xf1, 0xad, 0x05, 0xc7, 0x0b, 0x43, 0x99, 0x12, 0x31, 0xc8, 0xc7, 0xc5, 0xa4, 0x3d, 0xcd, 0xe5, 0x4e, 0x6d, 0x24, 0xdd, - /* (2^417)P */ 0x61, 0x54, 0xd0, 0x95, 0x2c, 0x45, 0x75, 0xac, 0xb5, 0x1a, 0x9d, 0x11, 0xeb, 0xed, 0x6b, 0x57, 0xa3, 0xe6, 0xcd, 0x77, 0xd4, 0x83, 0x8e, 0x39, 0xf1, 0x0f, 0x98, 0xcb, 0x40, 0x02, 0x6e, 0x10, 0x82, 0x9e, 0xb4, 0x93, 0x76, 0xd7, 0x97, 0xa3, 0x53, 0x12, 0x86, 0xc6, 0x15, 0x78, 0x73, 0x93, 0xe7, 0x7f, 0xcf, 0x1f, 0xbf, 0xcd, 0xd2, 0x7a, - /* (2^418)P */ 0xc2, 0x21, 0xdc, 0xd5, 0x69, 0xff, 0xca, 0x49, 0x3a, 0xe1, 0xc3, 0x69, 0x41, 0x56, 0xc1, 0x76, 0x63, 0x24, 0xbd, 0x64, 0x1b, 0x3d, 0x92, 0xf9, 0x13, 0x04, 0x25, 0xeb, 0x27, 0xa6, 0xef, 0x39, 0x3a, 0x80, 0xe0, 0xf8, 0x27, 0xee, 0xc9, 0x49, 0x77, 0xef, 0x3f, 0x29, 0x3d, 0x5e, 0xe6, 0x66, 0x83, 0xd1, 0xf6, 0xfe, 0x9d, 0xbc, 0xf1, 0x96, - /* (2^419)P */ 0x6b, 0xc6, 0x99, 0x26, 0x3c, 0xf3, 0x63, 0xf9, 0xc7, 0x29, 0x8c, 0x52, 0x62, 0x2d, 0xdc, 0x8a, 0x66, 0xce, 0x2c, 0xa7, 0xe4, 0xf0, 0xd7, 0x37, 0x17, 0x1e, 0xe4, 0xa3, 0x53, 0x7b, 0x29, 0x8e, 0x60, 0x99, 0xf9, 0x0c, 0x7c, 0x6f, 0xa2, 0xcc, 0x9f, 0x80, 0xdd, 0x5e, 0x46, 0xaa, 0x0d, 0x6c, 0xc9, 0x6c, 0xf7, 0x78, 0x5b, 0x38, 0xe3, 0x24, - /* (2^420)P */ 0x4b, 0x75, 0x6a, 0x2f, 0x08, 0xe1, 0x72, 0x76, 0xab, 0x82, 0x96, 0xdf, 0x3b, 0x1f, 0x9b, 0xd8, 0xed, 0xdb, 0xcd, 0x15, 0x09, 0x5a, 0x1e, 0xb7, 0xc5, 0x26, 0x72, 0x07, 0x0c, 0x50, 0xcd, 0x3b, 0x4d, 0x3f, 0xa2, 0x67, 0xc2, 0x02, 0x61, 0x2e, 0x68, 0xe9, 0x6f, 0xf0, 0x21, 0x2a, 0xa7, 0x3b, 0x88, 0x04, 0x11, 0x64, 0x49, 0x0d, 0xb4, 0x46, - /* (2^421)P */ 0x63, 0x85, 0xf3, 0xc5, 0x2b, 0x5a, 0x9f, 0xf0, 0x17, 0xcb, 0x45, 0x0a, 0xf3, 0x6e, 0x7e, 0xb0, 0x7c, 0xbc, 0xf0, 0x4f, 0x3a, 0xb0, 0xbc, 0x36, 0x36, 0x52, 0x51, 0xcb, 0xfe, 0x9a, 0xcb, 0xe8, 0x7e, 0x4b, 0x06, 0x7f, 0xaa, 0x35, 0xc8, 0x0e, 0x7a, 0x30, 0xa3, 0xb1, 0x09, 0xbb, 0x86, 0x4c, 0xbe, 0xb8, 0xbd, 0xe0, 0x32, 0xa5, 0xd4, 0xf7, - /* (2^422)P */ 0x7d, 0x50, 0x37, 0x68, 0x4e, 0x22, 0xb2, 0x2c, 0xd5, 0x0f, 0x2b, 0x6d, 0xb1, 0x51, 0xf2, 0x82, 0xe9, 0x98, 0x7c, 0x50, 0xc7, 0x96, 0x7e, 0x0e, 0xdc, 0xb1, 0x0e, 0xb2, 0x63, 0x8c, 0x30, 0x37, 0x72, 0x21, 0x9c, 0x61, 0xc2, 0xa7, 0x33, 0xd9, 0xb2, 0x63, 0x93, 0xd1, 0x6b, 0x6a, 0x73, 0xa5, 0x58, 0x80, 0xff, 0x04, 0xc7, 0x83, 0x21, 0x29, - /* (2^423)P */ 0x29, 0x04, 0xbc, 0x99, 0x39, 0xc9, 0x58, 0xc9, 0x6b, 0x17, 0xe8, 0x90, 0xb3, 0xe6, 0xa9, 0xb6, 0x28, 0x9b, 0xcb, 0x3b, 0x28, 0x90, 0x68, 0x71, 0xff, 0xcf, 0x08, 0x78, 0xc9, 0x8d, 0xa8, 0x4e, 0x43, 0xd1, 0x1c, 0x9e, 0xa4, 0xe3, 0xdf, 0xbf, 0x92, 0xf4, 0xf9, 0x41, 0xba, 0x4d, 0x1c, 0xf9, 0xdd, 0x74, 0x76, 0x1c, 0x6e, 0x3e, 0x94, 0x87, - /* (2^424)P */ 0xe4, 0xda, 0xc5, 0xd7, 0xfb, 0x87, 0xc5, 0x4d, 0x6b, 0x19, 0xaa, 0xb9, 0xbc, 0x8c, 0xf2, 0x8a, 0xd8, 0x5d, 0xdb, 0x4d, 0xef, 0xa6, 0xf2, 0x65, 0xf1, 0x22, 0x9c, 0xf1, 0x46, 0x30, 0x71, 0x7c, 0xe4, 0x53, 0x8e, 0x55, 0x2e, 0x9c, 0x9a, 0x31, 0x2a, 0xc3, 0xab, 0x0f, 0xde, 0xe4, 0xbe, 0xd8, 0x96, 0x50, 0x6e, 0x0c, 0x54, 0x49, 0xe6, 0xec, - /* (2^425)P */ 0x3c, 0x1d, 0x5a, 0xa5, 0xda, 0xad, 0xdd, 0xc2, 0xae, 0xac, 0x6f, 0x86, 0x75, 0x31, 0x91, 0x64, 0x45, 0x9d, 0xa4, 0xf0, 0x81, 0xf1, 0x0e, 0xba, 0x74, 0xaf, 0x7b, 0xcd, 0x6f, 0xfe, 0xac, 0x4e, 0xdb, 0x4e, 0x45, 0x35, 0x36, 0xc5, 0xc0, 0x6c, 0x3d, 0x64, 0xf4, 0xd8, 0x07, 0x62, 0xd1, 0xec, 0xf3, 0xfc, 0x93, 0xc9, 0x28, 0x0c, 0x2c, 0xf3, - /* (2^426)P */ 0x0c, 0x69, 0x2b, 0x5c, 0xb6, 0x41, 0x69, 0xf1, 0xa4, 0xf1, 0x5b, 0x75, 0x4c, 0x42, 0x8b, 0x47, 0xeb, 0x69, 0xfb, 0xa8, 0xe6, 0xf9, 0x7b, 0x48, 0x50, 0xaf, 0xd3, 0xda, 0xb2, 0x35, 0x10, 0xb5, 0x5b, 0x40, 0x90, 0x39, 0xc9, 0x07, 0x06, 0x73, 0x26, 0x20, 0x95, 0x01, 0xa4, 0x2d, 0xf0, 0xe7, 0x2e, 0x00, 0x7d, 0x41, 0x09, 0x68, 0x13, 0xc4, - /* (2^427)P */ 0xbe, 0x38, 0x78, 0xcf, 0xc9, 0x4f, 0x36, 0xca, 0x09, 0x61, 0x31, 0x3c, 0x57, 0x2e, 0xec, 0x17, 0xa4, 0x7d, 0x19, 0x2b, 0x9b, 0x5b, 0xbe, 0x8f, 0xd6, 0xc5, 0x2f, 0x86, 0xf2, 0x64, 0x76, 0x17, 0x00, 0x6e, 0x1a, 0x8c, 0x67, 0x1b, 0x68, 0xeb, 0x15, 0xa2, 0xd6, 0x09, 0x91, 0xdd, 0x23, 0x0d, 0x98, 0xb2, 0x10, 0x19, 0x55, 0x9b, 0x63, 0xf2, - /* (2^428)P */ 0x51, 0x1f, 0x93, 0xea, 0x2a, 0x3a, 0xfa, 0x41, 0xc0, 0x57, 0xfb, 0x74, 0xa6, 0x65, 0x09, 0x56, 0x14, 0xb6, 0x12, 0xaa, 0xb3, 0x1a, 0x8d, 0x3b, 0x76, 0x91, 0x7a, 0x23, 0x56, 0x9c, 0x6a, 0xc0, 0xe0, 0x3c, 0x3f, 0xb5, 0x1a, 0xf4, 0x57, 0x71, 0x93, 0x2b, 0xb1, 0xa7, 0x70, 0x57, 0x22, 0x80, 0xf5, 0xb8, 0x07, 0x77, 0x87, 0x0c, 0xbe, 0x83, - /* (2^429)P */ 0x07, 0x9b, 0x0e, 0x52, 0x38, 0x63, 0x13, 0x86, 0x6a, 0xa6, 0xb4, 0xd2, 0x60, 0x68, 0x9a, 0x99, 0x82, 0x0a, 0x04, 0x5f, 0x89, 0x7a, 0x1a, 0x2a, 0xae, 0x2d, 0x35, 0x0c, 0x1e, 0xad, 0xef, 0x4f, 0x9a, 0xfc, 0xc8, 0xd9, 0xcf, 0x9d, 0x48, 0x71, 0xa5, 0x55, 0x79, 0x73, 0x39, 0x1b, 0xd8, 0x73, 0xec, 0x9b, 0x03, 0x16, 0xd8, 0x82, 0xf7, 0x67, - /* (2^430)P */ 0x52, 0x67, 0x42, 0x21, 0xc9, 0x40, 0x78, 0x82, 0x2b, 0x95, 0x2d, 0x20, 0x92, 0xd1, 0xe2, 0x61, 0x25, 0xb0, 0xc6, 0x9c, 0x20, 0x59, 0x8e, 0x28, 0x6f, 0xf3, 0xfd, 0xd3, 0xc1, 0x32, 0x43, 0xc9, 0xa6, 0x08, 0x7a, 0x77, 0x9c, 0x4c, 0x8c, 0x33, 0x71, 0x13, 0x69, 0xe3, 0x52, 0x30, 0xa7, 0xf5, 0x07, 0x67, 0xac, 0xad, 0x46, 0x8a, 0x26, 0x25, - /* (2^431)P */ 0xda, 0x86, 0xc4, 0xa2, 0x71, 0x56, 0xdd, 0xd2, 0x48, 0xd3, 0xde, 0x42, 0x63, 0x01, 0xa7, 0x2c, 0x92, 0x83, 0x6f, 0x2e, 0xd8, 0x1e, 0x3f, 0xc1, 0xc5, 0x42, 0x4e, 0x34, 0x19, 0x54, 0x6e, 0x35, 0x2c, 0x51, 0x2e, 0xfd, 0x0f, 0x9a, 0x45, 0x66, 0x5e, 0x4a, 0x83, 0xda, 0x0a, 0x53, 0x68, 0x63, 0xfa, 0xce, 0x47, 0x20, 0xd3, 0x34, 0xba, 0x0d, - /* (2^432)P */ 0xd0, 0xe9, 0x64, 0xa4, 0x61, 0x4b, 0x86, 0xe5, 0x93, 0x6f, 0xda, 0x0e, 0x31, 0x7e, 0x6e, 0xe3, 0xc6, 0x73, 0xd8, 0xa3, 0x08, 0x57, 0x52, 0xcd, 0x51, 0x63, 0x1d, 0x9f, 0x93, 0x00, 0x62, 0x91, 0x26, 0x21, 0xa7, 0xdd, 0x25, 0x0f, 0x09, 0x0d, 0x35, 0xad, 0xcf, 0x11, 0x8e, 0x6e, 0xe8, 0xae, 0x1d, 0x95, 0xcb, 0x88, 0xf8, 0x70, 0x7b, 0x91, - /* (2^433)P */ 0x0c, 0x19, 0x5c, 0xd9, 0x8d, 0xda, 0x9d, 0x2c, 0x90, 0x54, 0x65, 0xe8, 0xb6, 0x35, 0x50, 0xae, 0xea, 0xae, 0x43, 0xb7, 0x1e, 0x99, 0x8b, 0x4c, 0x36, 0x4e, 0xe4, 0x1e, 0xc4, 0x64, 0x43, 0xb6, 0xeb, 0xd4, 0xe9, 0x60, 0x22, 0xee, 0xcf, 0xb8, 0x52, 0x1b, 0xf0, 0x04, 0xce, 0xbc, 0x2b, 0xf0, 0xbe, 0xcd, 0x44, 0x74, 0x1e, 0x1f, 0x63, 0xf9, - /* (2^434)P */ 0xe1, 0x3f, 0x95, 0x94, 0xb2, 0xb6, 0x31, 0xa9, 0x1b, 0xdb, 0xfd, 0x0e, 0xdb, 0xdd, 0x1a, 0x22, 0x78, 0x60, 0x9f, 0x75, 0x5f, 0x93, 0x06, 0x0c, 0xd8, 0xbb, 0xa2, 0x85, 0x2b, 0x5e, 0xc0, 0x9b, 0xa8, 0x5d, 0xaf, 0x93, 0x91, 0x91, 0x47, 0x41, 0x1a, 0xfc, 0xb4, 0x51, 0x85, 0xad, 0x69, 0x4d, 0x73, 0x69, 0xd5, 0x4e, 0x82, 0xfb, 0x66, 0xcb, - /* (2^435)P */ 0x7c, 0xbe, 0xc7, 0x51, 0xc4, 0x74, 0x6e, 0xab, 0xfd, 0x41, 0x4f, 0x76, 0x4f, 0x24, 0x03, 0xd6, 0x2a, 0xb7, 0x42, 0xb4, 0xda, 0x41, 0x2c, 0x82, 0x48, 0x4c, 0x7f, 0x6f, 0x25, 0x5d, 0x36, 0xd4, 0x69, 0xf5, 0xef, 0x02, 0x81, 0xea, 0x6f, 0x19, 0x69, 0xe8, 0x6f, 0x5b, 0x2f, 0x14, 0x0e, 0x6f, 0x89, 0xb4, 0xb5, 0xd8, 0xae, 0xef, 0x7b, 0x87, - /* (2^436)P */ 0xe9, 0x91, 0xa0, 0x8b, 0xc9, 0xe0, 0x01, 0x90, 0x37, 0xc1, 0x6f, 0xdc, 0x5e, 0xf7, 0xbf, 0x43, 0x00, 0xaa, 0x10, 0x76, 0x76, 0x18, 0x6e, 0x19, 0x1e, 0x94, 0x50, 0x11, 0x0a, 0xd1, 0xe2, 0xdb, 0x08, 0x21, 0xa0, 0x1f, 0xdb, 0x54, 0xfe, 0xea, 0x6e, 0xa3, 0x68, 0x56, 0x87, 0x0b, 0x22, 0x4e, 0x66, 0xf3, 0x82, 0x82, 0x00, 0xcd, 0xd4, 0x12, - /* (2^437)P */ 0x25, 0x8e, 0x24, 0x77, 0x64, 0x4c, 0xe0, 0xf8, 0x18, 0xc0, 0xdc, 0xc7, 0x1b, 0x35, 0x65, 0xde, 0x67, 0x41, 0x5e, 0x6f, 0x90, 0x82, 0xa7, 0x2e, 0x6d, 0xf1, 0x47, 0xb4, 0x92, 0x9c, 0xfd, 0x6a, 0x9a, 0x41, 0x36, 0x20, 0x24, 0x58, 0xc3, 0x59, 0x07, 0x9a, 0xfa, 0x9f, 0x03, 0xcb, 0xc7, 0x69, 0x37, 0x60, 0xe1, 0xab, 0x13, 0x72, 0xee, 0xa2, - /* (2^438)P */ 0x74, 0x78, 0xfb, 0x13, 0xcb, 0x8e, 0x37, 0x1a, 0xf6, 0x1d, 0x17, 0x83, 0x06, 0xd4, 0x27, 0x06, 0x21, 0xe8, 0xda, 0xdf, 0x6b, 0xf3, 0x83, 0x6b, 0x34, 0x8a, 0x8c, 0xee, 0x01, 0x05, 0x5b, 0xed, 0xd3, 0x1b, 0xc9, 0x64, 0x83, 0xc9, 0x49, 0xc2, 0x57, 0x1b, 0xdd, 0xcf, 0xf1, 0x9d, 0x63, 0xee, 0x1c, 0x0d, 0xa0, 0x0a, 0x73, 0x1f, 0x5b, 0x32, - /* (2^439)P */ 0x29, 0xce, 0x1e, 0xc0, 0x6a, 0xf5, 0xeb, 0x99, 0x5a, 0x39, 0x23, 0xe9, 0xdd, 0xac, 0x44, 0x88, 0xbc, 0x80, 0x22, 0xde, 0x2c, 0xcb, 0xa8, 0x3b, 0xff, 0xf7, 0x6f, 0xc7, 0x71, 0x72, 0xa8, 0xa3, 0xf6, 0x4d, 0xc6, 0x75, 0xda, 0x80, 0xdc, 0xd9, 0x30, 0xd9, 0x07, 0x50, 0x5a, 0x54, 0x7d, 0xda, 0x39, 0x6f, 0x78, 0x94, 0xbf, 0x25, 0x98, 0xdc, - /* (2^440)P */ 0x01, 0x26, 0x62, 0x44, 0xfb, 0x0f, 0x11, 0x72, 0x73, 0x0a, 0x16, 0xc7, 0x16, 0x9c, 0x9b, 0x37, 0xd8, 0xff, 0x4f, 0xfe, 0x57, 0xdb, 0xae, 0xef, 0x7d, 0x94, 0x30, 0x04, 0x70, 0x83, 0xde, 0x3c, 0xd4, 0xb5, 0x70, 0xda, 0xa7, 0x55, 0xc8, 0x19, 0xe1, 0x36, 0x15, 0x61, 0xe7, 0x3b, 0x7d, 0x85, 0xbb, 0xf3, 0x42, 0x5a, 0x94, 0xf4, 0x53, 0x2a, - /* (2^441)P */ 0x14, 0x60, 0xa6, 0x0b, 0x83, 0xe1, 0x23, 0x77, 0xc0, 0xce, 0x50, 0xed, 0x35, 0x8d, 0x98, 0x99, 0x7d, 0xf5, 0x8d, 0xce, 0x94, 0x25, 0xc8, 0x0f, 0x6d, 0xfa, 0x4a, 0xa4, 0x3a, 0x1f, 0x66, 0xfb, 0x5a, 0x64, 0xaf, 0x8b, 0x54, 0x54, 0x44, 0x3f, 0x5b, 0x88, 0x61, 0xe4, 0x48, 0x45, 0x26, 0x20, 0xbe, 0x0d, 0x06, 0xbb, 0x65, 0x59, 0xe1, 0x36, - /* (2^442)P */ 0xb7, 0x98, 0xce, 0xa3, 0xe3, 0xee, 0x11, 0x1b, 0x9e, 0x24, 0x59, 0x75, 0x31, 0x37, 0x44, 0x6f, 0x6b, 0x9e, 0xec, 0xb7, 0x44, 0x01, 0x7e, 0xab, 0xbb, 0x69, 0x5d, 0x11, 0xb0, 0x30, 0x64, 0xea, 0x91, 0xb4, 0x7a, 0x8c, 0x02, 0x4c, 0xb9, 0x10, 0xa7, 0xc7, 0x79, 0xe6, 0xdc, 0x77, 0xe3, 0xc8, 0xef, 0x3e, 0xf9, 0x38, 0x81, 0xce, 0x9a, 0xb2, - /* (2^443)P */ 0x91, 0x12, 0x76, 0xd0, 0x10, 0xb4, 0xaf, 0xe1, 0x89, 0x3a, 0x93, 0x6b, 0x5c, 0x19, 0x5f, 0x24, 0xed, 0x04, 0x92, 0xc7, 0xf0, 0x00, 0x08, 0xc1, 0x92, 0xff, 0x90, 0xdb, 0xb2, 0xbf, 0xdf, 0x49, 0xcd, 0xbd, 0x5c, 0x6e, 0xbf, 0x16, 0xbb, 0x61, 0xf9, 0x20, 0x33, 0x35, 0x93, 0x11, 0xbc, 0x59, 0x69, 0xce, 0x18, 0x9f, 0xf8, 0x7b, 0xa1, 0x6e, - /* (2^444)P */ 0xa1, 0xf4, 0xaf, 0xad, 0xf8, 0xe6, 0x99, 0xd2, 0xa1, 0x4d, 0xde, 0x56, 0xc9, 0x7b, 0x0b, 0x11, 0x3e, 0xbf, 0x89, 0x1a, 0x9a, 0x90, 0xe5, 0xe2, 0xa6, 0x37, 0x88, 0xa1, 0x68, 0x59, 0xae, 0x8c, 0xec, 0x02, 0x14, 0x8d, 0xb7, 0x2e, 0x25, 0x75, 0x7f, 0x76, 0x1a, 0xd3, 0x4d, 0xad, 0x8a, 0x00, 0x6c, 0x96, 0x49, 0xa4, 0xc3, 0x2e, 0x5c, 0x7b, - /* (2^445)P */ 0x26, 0x53, 0xf7, 0xda, 0xa8, 0x01, 0x14, 0xb1, 0x63, 0xe3, 0xc3, 0x89, 0x88, 0xb0, 0x85, 0x40, 0x2b, 0x26, 0x9a, 0x10, 0x1a, 0x70, 0x33, 0xf4, 0x50, 0x9d, 0x4d, 0xd8, 0x64, 0xc6, 0x0f, 0xe1, 0x17, 0xc8, 0x10, 0x4b, 0xfc, 0xa0, 0xc9, 0xba, 0x2c, 0x98, 0x09, 0xf5, 0x84, 0xb6, 0x7c, 0x4e, 0xa3, 0xe3, 0x81, 0x1b, 0x32, 0x60, 0x02, 0xdd, - /* (2^446)P */ 0xa3, 0xe5, 0x86, 0xd4, 0x43, 0xa8, 0xd1, 0x98, 0x9d, 0x9d, 0xdb, 0x04, 0xcf, 0x6e, 0x35, 0x05, 0x30, 0x53, 0x3b, 0xbc, 0x90, 0x00, 0x4a, 0xc5, 0x40, 0x2a, 0x0f, 0xde, 0x1a, 0xd7, 0x36, 0x27, 0x44, 0x62, 0xa6, 0xac, 0x9d, 0xd2, 0x70, 0x69, 0x14, 0x39, 0x9b, 0xd1, 0xc3, 0x0a, 0x3a, 0x82, 0x0e, 0xf1, 0x94, 0xd7, 0x42, 0x94, 0xd5, 0x7d, - /* (2^447)P */ 0x04, 0xc0, 0x6e, 0x12, 0x90, 0x70, 0xf9, 0xdf, 0xf7, 0xc9, 0x86, 0xc0, 0xe6, 0x92, 0x8b, 0x0a, 0xa1, 0xc1, 0x3b, 0xcc, 0x33, 0xb7, 0xf0, 0xeb, 0x51, 0x50, 0x80, 0x20, 0x69, 0x1c, 0x4f, 0x89, 0x05, 0x1e, 0xe4, 0x7a, 0x0a, 0xc2, 0xf0, 0xf5, 0x78, 0x91, 0x76, 0x34, 0x45, 0xdc, 0x24, 0x53, 0x24, 0x98, 0xe2, 0x73, 0x6f, 0xe6, 0x46, 0x67, -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go deleted file mode 100644 index b6b236e5d3..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go +++ /dev/null @@ -1,71 +0,0 @@ -package goldilocks - -import fp "github.com/cloudflare/circl/math/fp448" - -var ( - // genX is the x-coordinate of the generator of Goldilocks curve. - genX = fp.Elt{ - 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26, - 0x8e, 0x93, 0x00, 0x8b, 0xe1, 0x80, 0x3b, 0x43, - 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12, - 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea, - 0x67, 0x17, 0x0f, 0x47, 0x70, 0x65, 0x14, 0x9e, - 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22, - 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f, - } - // genY is the y-coordinate of the generator of Goldilocks curve. - genY = fp.Elt{ - 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98, - 0xad, 0xc8, 0xd7, 0x4e, 0x2c, 0x13, 0xbd, 0xfd, - 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a, - 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87, - 0x40, 0x98, 0xa3, 0x6c, 0x73, 0x73, 0xea, 0x4b, - 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88, - 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69, - } - // paramD is -39081 in Fp. - paramD = fp.Elt{ - 0x56, 0x67, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - } - // order is 2^446-0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d, - // which is the number of points in the prime subgroup. - order = Scalar{ - 0xf3, 0x44, 0x58, 0xab, 0x92, 0xc2, 0x78, 0x23, - 0x55, 0x8f, 0xc5, 0x8d, 0x72, 0xc2, 0x6c, 0x21, - 0x90, 0x36, 0xd6, 0xae, 0x49, 0xdb, 0x4e, 0xc4, - 0xe9, 0x23, 0xca, 0x7c, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, - } - // residue448 is 2^448 mod order. - residue448 = [4]uint64{ - 0x721cf5b5529eec34, 0x7a4cf635c8e9c2ab, 0xeec492d944a725bf, 0x20cd77058, - } - // invFour is 1/4 mod order. - invFour = Scalar{ - 0x3d, 0x11, 0xd6, 0xaa, 0xa4, 0x30, 0xde, 0x48, - 0xd5, 0x63, 0x71, 0xa3, 0x9c, 0x30, 0x5b, 0x08, - 0xa4, 0x8d, 0xb5, 0x6b, 0xd2, 0xb6, 0x13, 0x71, - 0xfa, 0x88, 0x32, 0xdf, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f, - } - // paramDTwist is -39082 in Fp. The D parameter of the twist curve. - paramDTwist = fp.Elt{ - 0x55, 0x67, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - } -) diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go deleted file mode 100644 index 1f165141a9..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go +++ /dev/null @@ -1,84 +0,0 @@ -// Package goldilocks provides elliptic curve operations over the goldilocks curve. -package goldilocks - -import fp "github.com/cloudflare/circl/math/fp448" - -// Curve is the Goldilocks curve x^2+y^2=z^2-39081x^2y^2. -type Curve struct{} - -// Identity returns the identity point. -func (Curve) Identity() *Point { - return &Point{ - y: fp.One(), - z: fp.One(), - } -} - -// IsOnCurve returns true if the point lies on the curve. -func (Curve) IsOnCurve(P *Point) bool { - x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{} - rhs, lhs := &fp.Elt{}, &fp.Elt{} - // Check z != 0 - eq0 := !fp.IsZero(&P.z) - - fp.Mul(t, &P.ta, &P.tb) // t = ta*tb - fp.Sqr(x2, &P.x) // x^2 - fp.Sqr(y2, &P.y) // y^2 - fp.Sqr(z2, &P.z) // z^2 - fp.Sqr(t2, t) // t^2 - fp.Add(lhs, x2, y2) // x^2 + y^2 - fp.Mul(rhs, t2, ¶mD) // dt^2 - fp.Add(rhs, rhs, z2) // z^2 + dt^2 - fp.Sub(lhs, lhs, rhs) // x^2 + y^2 - (z^2 + dt^2) - eq1 := fp.IsZero(lhs) - - fp.Mul(lhs, &P.x, &P.y) // xy - fp.Mul(rhs, t, &P.z) // tz - fp.Sub(lhs, lhs, rhs) // xy - tz - eq2 := fp.IsZero(lhs) - - return eq0 && eq1 && eq2 -} - -// Generator returns the generator point. -func (Curve) Generator() *Point { - return &Point{ - x: genX, - y: genY, - z: fp.One(), - ta: genX, - tb: genY, - } -} - -// Order returns the number of points in the prime subgroup. -func (Curve) Order() Scalar { return order } - -// Double returns 2P. -func (Curve) Double(P *Point) *Point { R := *P; R.Double(); return &R } - -// Add returns P+Q. -func (Curve) Add(P, Q *Point) *Point { R := *P; R.Add(Q); return &R } - -// ScalarMult returns kP. This function runs in constant time. -func (e Curve) ScalarMult(k *Scalar, P *Point) *Point { - k4 := &Scalar{} - k4.divBy4(k) - return e.pull(twistCurve{}.ScalarMult(k4, e.push(P))) -} - -// ScalarBaseMult returns kG where G is the generator point. This function runs in constant time. -func (e Curve) ScalarBaseMult(k *Scalar) *Point { - k4 := &Scalar{} - k4.divBy4(k) - return e.pull(twistCurve{}.ScalarBaseMult(k4)) -} - -// CombinedMult returns mG+nP, where G is the generator point. This function is non-constant time. -func (e Curve) CombinedMult(m, n *Scalar, P *Point) *Point { - m4 := &Scalar{} - n4 := &Scalar{} - m4.divBy4(m) - n4.divBy4(n) - return e.pull(twistCurve{}.CombinedMult(m4, n4, twistCurve{}.pull(P))) -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go deleted file mode 100644 index b1daab851c..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go +++ /dev/null @@ -1,52 +0,0 @@ -package goldilocks - -import fp "github.com/cloudflare/circl/math/fp448" - -func (Curve) pull(P *twistPoint) *Point { return twistCurve{}.push(P) } -func (twistCurve) pull(P *Point) *twistPoint { return Curve{}.push(P) } - -// push sends a point on the Goldilocks curve to a point on the twist curve. -func (Curve) push(P *Point) *twistPoint { - Q := &twistPoint{} - Px, Py, Pz := &P.x, &P.y, &P.z - a, b, c, d, e, f, g, h := &Q.x, &Q.y, &Q.z, &fp.Elt{}, &Q.ta, &Q.x, &Q.y, &Q.tb - fp.Add(e, Px, Py) // x+y - fp.Sqr(a, Px) // A = x^2 - fp.Sqr(b, Py) // B = y^2 - fp.Sqr(c, Pz) // z^2 - fp.Add(c, c, c) // C = 2*z^2 - *d = *a // D = A - fp.Sqr(e, e) // (x+y)^2 - fp.Sub(e, e, a) // (x+y)^2-A - fp.Sub(e, e, b) // E = (x+y)^2-A-B - fp.Add(h, b, d) // H = B+D - fp.Sub(g, b, d) // G = B-D - fp.Sub(f, c, h) // F = C-H - fp.Mul(&Q.z, f, g) // Z = F * G - fp.Mul(&Q.x, e, f) // X = E * F - fp.Mul(&Q.y, g, h) // Y = G * H, // T = E * H - return Q -} - -// push sends a point on the twist curve to a point on the Goldilocks curve. -func (twistCurve) push(P *twistPoint) *Point { - Q := &Point{} - Px, Py, Pz := &P.x, &P.y, &P.z - a, b, c, d, e, f, g, h := &Q.x, &Q.y, &Q.z, &fp.Elt{}, &Q.ta, &Q.x, &Q.y, &Q.tb - fp.Add(e, Px, Py) // x+y - fp.Sqr(a, Px) // A = x^2 - fp.Sqr(b, Py) // B = y^2 - fp.Sqr(c, Pz) // z^2 - fp.Add(c, c, c) // C = 2*z^2 - fp.Neg(d, a) // D = -A - fp.Sqr(e, e) // (x+y)^2 - fp.Sub(e, e, a) // (x+y)^2-A - fp.Sub(e, e, b) // E = (x+y)^2-A-B - fp.Add(h, b, d) // H = B+D - fp.Sub(g, b, d) // G = B-D - fp.Sub(f, c, h) // F = C-H - fp.Mul(&Q.z, f, g) // Z = F * G - fp.Mul(&Q.x, e, f) // X = E * F - fp.Mul(&Q.y, g, h) // Y = G * H, // T = E * H - return Q -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go deleted file mode 100644 index 11f73de054..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go +++ /dev/null @@ -1,171 +0,0 @@ -package goldilocks - -import ( - "errors" - "fmt" - - fp "github.com/cloudflare/circl/math/fp448" -) - -// Point is a point on the Goldilocks Curve. -type Point struct{ x, y, z, ta, tb fp.Elt } - -func (P Point) String() string { - return fmt.Sprintf("x: %v\ny: %v\nz: %v\nta: %v\ntb: %v", P.x, P.y, P.z, P.ta, P.tb) -} - -// FromAffine creates a point from affine coordinates. -func FromAffine(x, y *fp.Elt) (*Point, error) { - P := &Point{ - x: *x, - y: *y, - z: fp.One(), - ta: *x, - tb: *y, - } - if !(Curve{}).IsOnCurve(P) { - return P, errors.New("point not on curve") - } - return P, nil -} - -// isLessThan returns true if 0 <= x < y, and assumes that slices are of the -// same length and are interpreted in little-endian order. -func isLessThan(x, y []byte) bool { - i := len(x) - 1 - for i > 0 && x[i] == y[i] { - i-- - } - return x[i] < y[i] -} - -// FromBytes returns a point from the input buffer. -func FromBytes(in []byte) (*Point, error) { - if len(in) < fp.Size+1 { - return nil, errors.New("wrong input length") - } - err := errors.New("invalid decoding") - P := &Point{} - signX := in[fp.Size] >> 7 - copy(P.y[:], in[:fp.Size]) - p := fp.P() - if !isLessThan(P.y[:], p[:]) { - return nil, err - } - - u, v := &fp.Elt{}, &fp.Elt{} - one := fp.One() - fp.Sqr(u, &P.y) // u = y^2 - fp.Mul(v, u, ¶mD) // v = dy^2 - fp.Sub(u, u, &one) // u = y^2-1 - fp.Sub(v, v, &one) // v = dy^2-1 - isQR := fp.InvSqrt(&P.x, u, v) // x = sqrt(u/v) - if !isQR { - return nil, err - } - fp.Modp(&P.x) // x = x mod p - if fp.IsZero(&P.x) && signX == 1 { - return nil, err - } - if signX != (P.x[0] & 1) { - fp.Neg(&P.x, &P.x) - } - P.ta = P.x - P.tb = P.y - P.z = fp.One() - return P, nil -} - -// IsIdentity returns true is P is the identity Point. -func (P *Point) IsIdentity() bool { - return fp.IsZero(&P.x) && !fp.IsZero(&P.y) && !fp.IsZero(&P.z) && P.y == P.z -} - -// IsEqual returns true if P is equivalent to Q. -func (P *Point) IsEqual(Q *Point) bool { - l, r := &fp.Elt{}, &fp.Elt{} - fp.Mul(l, &P.x, &Q.z) - fp.Mul(r, &Q.x, &P.z) - fp.Sub(l, l, r) - b := fp.IsZero(l) - fp.Mul(l, &P.y, &Q.z) - fp.Mul(r, &Q.y, &P.z) - fp.Sub(l, l, r) - b = b && fp.IsZero(l) - fp.Mul(l, &P.ta, &P.tb) - fp.Mul(l, l, &Q.z) - fp.Mul(r, &Q.ta, &Q.tb) - fp.Mul(r, r, &P.z) - fp.Sub(l, l, r) - b = b && fp.IsZero(l) - return b -} - -// Neg obtains the inverse of the Point. -func (P *Point) Neg() { fp.Neg(&P.x, &P.x); fp.Neg(&P.ta, &P.ta) } - -// ToAffine returns the x,y affine coordinates of P. -func (P *Point) ToAffine() (x, y fp.Elt) { - fp.Inv(&P.z, &P.z) // 1/z - fp.Mul(&P.x, &P.x, &P.z) // x/z - fp.Mul(&P.y, &P.y, &P.z) // y/z - fp.Modp(&P.x) - fp.Modp(&P.y) - fp.SetOne(&P.z) - P.ta = P.x - P.tb = P.y - return P.x, P.y -} - -// ToBytes stores P into a slice of bytes. -func (P *Point) ToBytes(out []byte) error { - if len(out) < fp.Size+1 { - return errors.New("invalid decoding") - } - x, y := P.ToAffine() - out[fp.Size] = (x[0] & 1) << 7 - return fp.ToBytes(out[:fp.Size], &y) -} - -// MarshalBinary encodes the receiver into a binary form and returns the result. -func (P *Point) MarshalBinary() (data []byte, err error) { - data = make([]byte, fp.Size+1) - err = P.ToBytes(data[:fp.Size+1]) - return data, err -} - -// UnmarshalBinary must be able to decode the form generated by MarshalBinary. -func (P *Point) UnmarshalBinary(data []byte) error { Q, err := FromBytes(data); *P = *Q; return err } - -// Double sets P = 2Q. -func (P *Point) Double() { P.Add(P) } - -// Add sets P =P+Q.. -func (P *Point) Add(Q *Point) { - // This is formula (5) from "Twisted Edwards Curves Revisited" by - // Hisil H., Wong K.KH., Carter G., Dawson E. (2008) - // https://doi.org/10.1007/978-3-540-89255-7_20 - x1, y1, z1, ta1, tb1 := &P.x, &P.y, &P.z, &P.ta, &P.tb - x2, y2, z2, ta2, tb2 := &Q.x, &Q.y, &Q.z, &Q.ta, &Q.tb - x3, y3, z3, E, H := &P.x, &P.y, &P.z, &P.ta, &P.tb - A, B, C, D := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{} - t1, t2, F, G := C, D, &fp.Elt{}, &fp.Elt{} - fp.Mul(t1, ta1, tb1) // t1 = ta1*tb1 - fp.Mul(t2, ta2, tb2) // t2 = ta2*tb2 - fp.Mul(A, x1, x2) // A = x1*x2 - fp.Mul(B, y1, y2) // B = y1*y2 - fp.Mul(C, t1, t2) // t1*t2 - fp.Mul(C, C, ¶mD) // C = d*t1*t2 - fp.Mul(D, z1, z2) // D = z1*z2 - fp.Add(F, x1, y1) // x1+y1 - fp.Add(E, x2, y2) // x2+y2 - fp.Mul(E, E, F) // (x1+y1)*(x2+y2) - fp.Sub(E, E, A) // (x1+y1)*(x2+y2)-A - fp.Sub(E, E, B) // E = (x1+y1)*(x2+y2)-A-B - fp.Sub(F, D, C) // F = D-C - fp.Add(G, D, C) // G = D+C - fp.Sub(H, B, A) // H = B-A - fp.Mul(z3, F, G) // Z = F * G - fp.Mul(x3, E, F) // X = E * F - fp.Mul(y3, G, H) // Y = G * H, T = E * H -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go deleted file mode 100644 index f98117b252..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go +++ /dev/null @@ -1,203 +0,0 @@ -package goldilocks - -import ( - "encoding/binary" - "math/bits" -) - -// ScalarSize is the size (in bytes) of scalars. -const ScalarSize = 56 // 448 / 8 - -// _N is the number of 64-bit words to store scalars. -const _N = 7 // 448 / 64 - -// Scalar represents a positive integer stored in little-endian order. -type Scalar [ScalarSize]byte - -type scalar64 [_N]uint64 - -func (z *scalar64) fromScalar(x *Scalar) { - z[0] = binary.LittleEndian.Uint64(x[0*8 : 1*8]) - z[1] = binary.LittleEndian.Uint64(x[1*8 : 2*8]) - z[2] = binary.LittleEndian.Uint64(x[2*8 : 3*8]) - z[3] = binary.LittleEndian.Uint64(x[3*8 : 4*8]) - z[4] = binary.LittleEndian.Uint64(x[4*8 : 5*8]) - z[5] = binary.LittleEndian.Uint64(x[5*8 : 6*8]) - z[6] = binary.LittleEndian.Uint64(x[6*8 : 7*8]) -} - -func (z *scalar64) toScalar(x *Scalar) { - binary.LittleEndian.PutUint64(x[0*8:1*8], z[0]) - binary.LittleEndian.PutUint64(x[1*8:2*8], z[1]) - binary.LittleEndian.PutUint64(x[2*8:3*8], z[2]) - binary.LittleEndian.PutUint64(x[3*8:4*8], z[3]) - binary.LittleEndian.PutUint64(x[4*8:5*8], z[4]) - binary.LittleEndian.PutUint64(x[5*8:6*8], z[5]) - binary.LittleEndian.PutUint64(x[6*8:7*8], z[6]) -} - -// add calculates z = x + y. Assumes len(z) > max(len(x),len(y)). -func add(z, x, y []uint64) uint64 { - l, L, zz := len(x), len(y), y - if l > L { - l, L, zz = L, l, x - } - c := uint64(0) - for i := 0; i < l; i++ { - z[i], c = bits.Add64(x[i], y[i], c) - } - for i := l; i < L; i++ { - z[i], c = bits.Add64(zz[i], 0, c) - } - return c -} - -// sub calculates z = x - y. Assumes len(z) > max(len(x),len(y)). -func sub(z, x, y []uint64) uint64 { - l, L, zz := len(x), len(y), y - if l > L { - l, L, zz = L, l, x - } - c := uint64(0) - for i := 0; i < l; i++ { - z[i], c = bits.Sub64(x[i], y[i], c) - } - for i := l; i < L; i++ { - z[i], c = bits.Sub64(zz[i], 0, c) - } - return c -} - -// mulWord calculates z = x * y. Assumes len(z) >= len(x)+1. -func mulWord(z, x []uint64, y uint64) { - for i := range z { - z[i] = 0 - } - carry := uint64(0) - for i := range x { - hi, lo := bits.Mul64(x[i], y) - lo, cc := bits.Add64(lo, z[i], 0) - hi, _ = bits.Add64(hi, 0, cc) - z[i], cc = bits.Add64(lo, carry, 0) - carry, _ = bits.Add64(hi, 0, cc) - } - z[len(x)] = carry -} - -// Cmov moves x into z if b=1. -func (z *scalar64) Cmov(b uint64, x *scalar64) { - m := uint64(0) - b - for i := range z { - z[i] = (z[i] &^ m) | (x[i] & m) - } -} - -// leftShift shifts to the left the words of z returning the more significant word. -func (z *scalar64) leftShift(low uint64) uint64 { - high := z[_N-1] - for i := _N - 1; i > 0; i-- { - z[i] = z[i-1] - } - z[0] = low - return high -} - -// reduceOneWord calculates z = z + 2^448*x such that the result fits in a Scalar. -func (z *scalar64) reduceOneWord(x uint64) { - prod := (&scalar64{})[:] - mulWord(prod, residue448[:], x) - cc := add(z[:], z[:], prod) - mulWord(prod, residue448[:], cc) - add(z[:], z[:], prod) -} - -// modOrder reduces z mod order. -func (z *scalar64) modOrder() { - var o64, x scalar64 - o64.fromScalar(&order) - // Performs: while (z >= order) { z = z-order } - // At most 8 (eight) iterations reduce 3 bits by subtracting. - for i := 0; i < 8; i++ { - c := sub(x[:], z[:], o64[:]) // (c || x) = z-order - z.Cmov(1-c, &x) // if c != 0 { z = x } - } -} - -// FromBytes stores z = x mod order, where x is a number stored in little-endian order. -func (z *Scalar) FromBytes(x []byte) { - n := len(x) - nCeil := (n + 7) >> 3 - for i := range z { - z[i] = 0 - } - if nCeil < _N { - copy(z[:], x) - return - } - copy(z[:], x[8*(nCeil-_N):]) - var z64 scalar64 - z64.fromScalar(z) - for i := nCeil - _N - 1; i >= 0; i-- { - low := binary.LittleEndian.Uint64(x[8*i:]) - high := z64.leftShift(low) - z64.reduceOneWord(high) - } - z64.modOrder() - z64.toScalar(z) -} - -// divBy4 calculates z = x/4 mod order. -func (z *Scalar) divBy4(x *Scalar) { z.Mul(x, &invFour) } - -// Red reduces z mod order. -func (z *Scalar) Red() { var t scalar64; t.fromScalar(z); t.modOrder(); t.toScalar(z) } - -// Neg calculates z = -z mod order. -func (z *Scalar) Neg() { z.Sub(&order, z) } - -// Add calculates z = x+y mod order. -func (z *Scalar) Add(x, y *Scalar) { - var z64, x64, y64, t scalar64 - x64.fromScalar(x) - y64.fromScalar(y) - c := add(z64[:], x64[:], y64[:]) - add(t[:], z64[:], residue448[:]) - z64.Cmov(c, &t) - z64.modOrder() - z64.toScalar(z) -} - -// Sub calculates z = x-y mod order. -func (z *Scalar) Sub(x, y *Scalar) { - var z64, x64, y64, t scalar64 - x64.fromScalar(x) - y64.fromScalar(y) - c := sub(z64[:], x64[:], y64[:]) - sub(t[:], z64[:], residue448[:]) - z64.Cmov(c, &t) - z64.modOrder() - z64.toScalar(z) -} - -// Mul calculates z = x*y mod order. -func (z *Scalar) Mul(x, y *Scalar) { - var z64, x64, y64 scalar64 - prod := (&[_N + 1]uint64{})[:] - x64.fromScalar(x) - y64.fromScalar(y) - mulWord(prod, x64[:], y64[_N-1]) - copy(z64[:], prod[:_N]) - z64.reduceOneWord(prod[_N]) - for i := _N - 2; i >= 0; i-- { - h := z64.leftShift(0) - z64.reduceOneWord(h) - mulWord(prod, x64[:], y64[i]) - c := add(z64[:], z64[:], prod[:_N]) - z64.reduceOneWord(prod[_N] + c) - } - z64.modOrder() - z64.toScalar(z) -} - -// IsZero returns true if z=0. -func (z *Scalar) IsZero() bool { z.Red(); return *z == Scalar{} } diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go deleted file mode 100644 index 83d7cdadd3..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go +++ /dev/null @@ -1,138 +0,0 @@ -package goldilocks - -import ( - "crypto/subtle" - "math/bits" - - "github.com/cloudflare/circl/internal/conv" - "github.com/cloudflare/circl/math" - fp "github.com/cloudflare/circl/math/fp448" -) - -// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogenous to Goldilocks. -type twistCurve struct{} - -// Identity returns the identity point. -func (twistCurve) Identity() *twistPoint { - return &twistPoint{ - y: fp.One(), - z: fp.One(), - } -} - -// subYDiv16 update x = (x - y) / 16. -func subYDiv16(x *scalar64, y int64) { - s := uint64(y >> 63) - x0, b0 := bits.Sub64((*x)[0], uint64(y), 0) - x1, b1 := bits.Sub64((*x)[1], s, b0) - x2, b2 := bits.Sub64((*x)[2], s, b1) - x3, b3 := bits.Sub64((*x)[3], s, b2) - x4, b4 := bits.Sub64((*x)[4], s, b3) - x5, b5 := bits.Sub64((*x)[5], s, b4) - x6, _ := bits.Sub64((*x)[6], s, b5) - x[0] = (x0 >> 4) | (x1 << 60) - x[1] = (x1 >> 4) | (x2 << 60) - x[2] = (x2 >> 4) | (x3 << 60) - x[3] = (x3 >> 4) | (x4 << 60) - x[4] = (x4 >> 4) | (x5 << 60) - x[5] = (x5 >> 4) | (x6 << 60) - x[6] = (x6 >> 4) -} - -func recodeScalar(d *[113]int8, k *Scalar) { - var k64 scalar64 - k64.fromScalar(k) - for i := 0; i < 112; i++ { - d[i] = int8((k64[0] & 0x1f) - 16) - subYDiv16(&k64, int64(d[i])) - } - d[112] = int8(k64[0]) -} - -// ScalarMult returns kP. -func (e twistCurve) ScalarMult(k *Scalar, P *twistPoint) *twistPoint { - var TabP [8]preTwistPointProy - var S preTwistPointProy - var d [113]int8 - - var isZero int - if k.IsZero() { - isZero = 1 - } - subtle.ConstantTimeCopy(isZero, k[:], order[:]) - - minusK := *k - isEven := 1 - int(k[0]&0x1) - minusK.Neg() - subtle.ConstantTimeCopy(isEven, k[:], minusK[:]) - recodeScalar(&d, k) - - P.oddMultiples(TabP[:]) - Q := e.Identity() - for i := 112; i >= 0; i-- { - Q.Double() - Q.Double() - Q.Double() - Q.Double() - mask := d[i] >> 7 - absDi := (d[i] + mask) ^ mask - inx := int32((absDi - 1) >> 1) - sig := int((d[i] >> 7) & 0x1) - for j := range TabP { - S.cmov(&TabP[j], uint(subtle.ConstantTimeEq(inx, int32(j)))) - } - S.cneg(sig) - Q.mixAdd(&S) - } - Q.cneg(uint(isEven)) - return Q -} - -const ( - omegaFix = 7 - omegaVar = 5 -) - -// CombinedMult returns mG+nP. -func (e twistCurve) CombinedMult(m, n *Scalar, P *twistPoint) *twistPoint { - nafFix := math.OmegaNAF(conv.BytesLe2BigInt(m[:]), omegaFix) - nafVar := math.OmegaNAF(conv.BytesLe2BigInt(n[:]), omegaVar) - - if len(nafFix) > len(nafVar) { - nafVar = append(nafVar, make([]int32, len(nafFix)-len(nafVar))...) - } else if len(nafFix) < len(nafVar) { - nafFix = append(nafFix, make([]int32, len(nafVar)-len(nafFix))...) - } - - var TabQ [1 << (omegaVar - 2)]preTwistPointProy - P.oddMultiples(TabQ[:]) - Q := e.Identity() - for i := len(nafFix) - 1; i >= 0; i-- { - Q.Double() - // Generator point - if nafFix[i] != 0 { - idxM := absolute(nafFix[i]) >> 1 - R := tabVerif[idxM] - if nafFix[i] < 0 { - R.neg() - } - Q.mixAddZ1(&R) - } - // Variable input point - if nafVar[i] != 0 { - idxN := absolute(nafVar[i]) >> 1 - S := TabQ[idxN] - if nafVar[i] < 0 { - S.neg() - } - Q.mixAdd(&S) - } - } - return Q -} - -// absolute returns always a positive value. -func absolute(x int32) int32 { - mask := x >> 31 - return (x + mask) ^ mask -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go deleted file mode 100644 index c55db77b06..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go +++ /dev/null @@ -1,135 +0,0 @@ -package goldilocks - -import ( - "fmt" - - fp "github.com/cloudflare/circl/math/fp448" -) - -type twistPoint struct{ x, y, z, ta, tb fp.Elt } - -type preTwistPointAffine struct{ addYX, subYX, dt2 fp.Elt } - -type preTwistPointProy struct { - preTwistPointAffine - z2 fp.Elt -} - -func (P *twistPoint) String() string { - return fmt.Sprintf("x: %v\ny: %v\nz: %v\nta: %v\ntb: %v", P.x, P.y, P.z, P.ta, P.tb) -} - -// cneg conditionally negates the point if b=1. -func (P *twistPoint) cneg(b uint) { - t := &fp.Elt{} - fp.Neg(t, &P.x) - fp.Cmov(&P.x, t, b) - fp.Neg(t, &P.ta) - fp.Cmov(&P.ta, t, b) -} - -// Double updates P with 2P. -func (P *twistPoint) Double() { - // This is formula (7) from "Twisted Edwards Curves Revisited" by - // Hisil H., Wong K.KH., Carter G., Dawson E. (2008) - // https://doi.org/10.1007/978-3-540-89255-7_20 - Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb - a, b, c, e, f, g, h := Px, Py, Pz, Pta, Px, Py, Ptb - fp.Add(e, Px, Py) // x+y - fp.Sqr(a, Px) // A = x^2 - fp.Sqr(b, Py) // B = y^2 - fp.Sqr(c, Pz) // z^2 - fp.Add(c, c, c) // C = 2*z^2 - fp.Add(h, a, b) // H = A+B - fp.Sqr(e, e) // (x+y)^2 - fp.Sub(e, e, h) // E = (x+y)^2-A-B - fp.Sub(g, b, a) // G = B-A - fp.Sub(f, c, g) // F = C-G - fp.Mul(Pz, f, g) // Z = F * G - fp.Mul(Px, e, f) // X = E * F - fp.Mul(Py, g, h) // Y = G * H, T = E * H -} - -// mixAdd calculates P= P+Q, where Q is a precomputed point with Z_Q = 1. -func (P *twistPoint) mixAddZ1(Q *preTwistPointAffine) { - fp.Add(&P.z, &P.z, &P.z) // D = 2*z1 (z2=1) - P.coreAddition(Q) -} - -// coreAddition calculates P=P+Q for curves with A=-1. -func (P *twistPoint) coreAddition(Q *preTwistPointAffine) { - // This is the formula following (5) from "Twisted Edwards Curves Revisited" by - // Hisil H., Wong K.KH., Carter G., Dawson E. (2008) - // https://doi.org/10.1007/978-3-540-89255-7_20 - Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb - addYX2, subYX2, dt2 := &Q.addYX, &Q.subYX, &Q.dt2 - a, b, c, d, e, f, g, h := Px, Py, &fp.Elt{}, Pz, Pta, Px, Py, Ptb - fp.Mul(c, Pta, Ptb) // t1 = ta*tb - fp.Sub(h, Py, Px) // y1-x1 - fp.Add(b, Py, Px) // y1+x1 - fp.Mul(a, h, subYX2) // A = (y1-x1)*(y2-x2) - fp.Mul(b, b, addYX2) // B = (y1+x1)*(y2+x2) - fp.Mul(c, c, dt2) // C = 2*D*t1*t2 - fp.Sub(e, b, a) // E = B-A - fp.Add(h, b, a) // H = B+A - fp.Sub(f, d, c) // F = D-C - fp.Add(g, d, c) // G = D+C - fp.Mul(Pz, f, g) // Z = F * G - fp.Mul(Px, e, f) // X = E * F - fp.Mul(Py, g, h) // Y = G * H, T = E * H -} - -func (P *preTwistPointAffine) neg() { - P.addYX, P.subYX = P.subYX, P.addYX - fp.Neg(&P.dt2, &P.dt2) -} - -func (P *preTwistPointAffine) cneg(b int) { - t := &fp.Elt{} - fp.Cswap(&P.addYX, &P.subYX, uint(b)) - fp.Neg(t, &P.dt2) - fp.Cmov(&P.dt2, t, uint(b)) -} - -func (P *preTwistPointAffine) cmov(Q *preTwistPointAffine, b uint) { - fp.Cmov(&P.addYX, &Q.addYX, b) - fp.Cmov(&P.subYX, &Q.subYX, b) - fp.Cmov(&P.dt2, &Q.dt2, b) -} - -// mixAdd calculates P= P+Q, where Q is a precomputed point with Z_Q != 1. -func (P *twistPoint) mixAdd(Q *preTwistPointProy) { - fp.Mul(&P.z, &P.z, &Q.z2) // D = 2*z1*z2 - P.coreAddition(&Q.preTwistPointAffine) -} - -// oddMultiples calculates T[i] = (2*i-1)P for 0 < i < len(T). -func (P *twistPoint) oddMultiples(T []preTwistPointProy) { - if n := len(T); n > 0 { - T[0].FromTwistPoint(P) - _2P := *P - _2P.Double() - R := &preTwistPointProy{} - R.FromTwistPoint(&_2P) - for i := 1; i < n; i++ { - P.mixAdd(R) - T[i].FromTwistPoint(P) - } - } -} - -// cmov conditionally moves Q into P if b=1. -func (P *preTwistPointProy) cmov(Q *preTwistPointProy, b uint) { - P.preTwistPointAffine.cmov(&Q.preTwistPointAffine, b) - fp.Cmov(&P.z2, &Q.z2, b) -} - -// FromTwistPoint precomputes some coordinates of Q for missed addition. -func (P *preTwistPointProy) FromTwistPoint(Q *twistPoint) { - fp.Add(&P.addYX, &Q.y, &Q.x) // addYX = X + Y - fp.Sub(&P.subYX, &Q.y, &Q.x) // subYX = Y - X - fp.Mul(&P.dt2, &Q.ta, &Q.tb) // T = ta*tb - fp.Mul(&P.dt2, &P.dt2, ¶mDTwist) // D*T - fp.Add(&P.dt2, &P.dt2, &P.dt2) // dt2 = 2*D*T - fp.Add(&P.z2, &Q.z, &Q.z) // z2 = 2*Z -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go deleted file mode 100644 index ed432e02c7..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go +++ /dev/null @@ -1,216 +0,0 @@ -package goldilocks - -import fp "github.com/cloudflare/circl/math/fp448" - -var tabFixMult = [fxV][fx2w1]preTwistPointAffine{ - { - { - addYX: fp.Elt{0x65, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2b, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05}, - subYX: fp.Elt{0x64, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2d, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05}, - dt2: fp.Elt{0x1a, 0x33, 0xea, 0x64, 0x45, 0x1c, 0xdf, 0x17, 0x1d, 0x16, 0x34, 0x28, 0xd6, 0x61, 0x19, 0x67, 0x79, 0xb4, 0x13, 0xcf, 0x3e, 0x7c, 0x0e, 0x72, 0xda, 0xf1, 0x5f, 0xda, 0xe6, 0xcf, 0x42, 0xd3, 0xb6, 0x17, 0xc2, 0x68, 0x13, 0x2d, 0xd9, 0x60, 0x3e, 0xae, 0xf0, 0x5b, 0x96, 0xf0, 0xcd, 0xaf, 0xea, 0xb7, 0x0d, 0x59, 0x16, 0xa7, 0xff, 0x55}, - }, - { - addYX: fp.Elt{0xca, 0xd8, 0x7d, 0x86, 0x1a, 0xef, 0xad, 0x11, 0xe3, 0x27, 0x41, 0x7e, 0x7f, 0x3e, 0xa9, 0xd2, 0xb5, 0x4e, 0x50, 0xe0, 0x77, 0x91, 0xc2, 0x13, 0x52, 0x73, 0x41, 0x09, 0xa6, 0x57, 0x9a, 0xc8, 0xa8, 0x90, 0x9d, 0x26, 0x14, 0xbb, 0xa1, 0x2a, 0xf7, 0x45, 0x43, 0x4e, 0xea, 0x35, 0x62, 0xe1, 0x08, 0x85, 0x46, 0xb8, 0x24, 0x05, 0x2d, 0xab}, - subYX: fp.Elt{0x9b, 0xe6, 0xd3, 0xe5, 0xfe, 0x50, 0x36, 0x3c, 0x3c, 0x6d, 0x74, 0x1d, 0x74, 0xc0, 0xde, 0x5b, 0x45, 0x27, 0xe5, 0x12, 0xee, 0x63, 0x35, 0x6b, 0x13, 0xe2, 0x41, 0x6b, 0x3a, 0x05, 0x2b, 0xb1, 0x89, 0x26, 0xb6, 0xc6, 0xd1, 0x84, 0xff, 0x0e, 0x9b, 0xa3, 0xfb, 0x21, 0x36, 0x6b, 0x01, 0xf7, 0x9f, 0x7c, 0xeb, 0xf5, 0x18, 0x7a, 0x2a, 0x70}, - dt2: fp.Elt{0x09, 0xad, 0x99, 0x1a, 0x38, 0xd3, 0xdf, 0x22, 0x37, 0x32, 0x61, 0x8b, 0xf3, 0x19, 0x48, 0x08, 0xe8, 0x49, 0xb6, 0x4a, 0xa7, 0xed, 0xa4, 0xa2, 0xee, 0x86, 0xd7, 0x31, 0x5e, 0xce, 0x95, 0x76, 0x86, 0x42, 0x1c, 0x9d, 0x07, 0x14, 0x8c, 0x34, 0x18, 0x9c, 0x6d, 0x3a, 0xdf, 0xa9, 0xe8, 0x36, 0x7e, 0xe4, 0x95, 0xbe, 0xb5, 0x09, 0xf8, 0x9c}, - }, - { - addYX: fp.Elt{0x51, 0xdb, 0x49, 0xa8, 0x9f, 0xe3, 0xd7, 0xec, 0x0d, 0x0f, 0x49, 0xe8, 0xb6, 0xc5, 0x0f, 0x5a, 0x1c, 0xce, 0x54, 0x0d, 0xb1, 0x8d, 0x5b, 0xbf, 0xf4, 0xaa, 0x34, 0x77, 0xc4, 0x5d, 0x59, 0xb6, 0xc5, 0x0e, 0x5a, 0xd8, 0x5b, 0x30, 0xc2, 0x1d, 0xec, 0x85, 0x1c, 0x42, 0xbe, 0x24, 0x2e, 0x50, 0x55, 0x44, 0xb2, 0x3a, 0x01, 0xaa, 0x98, 0xfb}, - subYX: fp.Elt{0xe7, 0x29, 0xb7, 0xd0, 0xaa, 0x4f, 0x32, 0x53, 0x56, 0xde, 0xbc, 0xd1, 0x92, 0x5d, 0x19, 0xbe, 0xa3, 0xe3, 0x75, 0x48, 0xe0, 0x7a, 0x1b, 0x54, 0x7a, 0xb7, 0x41, 0x77, 0x84, 0x38, 0xdd, 0x14, 0x9f, 0xca, 0x3f, 0xa3, 0xc8, 0xa7, 0x04, 0x70, 0xf1, 0x4d, 0x3d, 0xb3, 0x84, 0x79, 0xcb, 0xdb, 0xe4, 0xc5, 0x42, 0x9b, 0x57, 0x19, 0xf1, 0x2d}, - dt2: fp.Elt{0x20, 0xb4, 0x94, 0x9e, 0xdf, 0x31, 0x44, 0x0b, 0xc9, 0x7b, 0x75, 0x40, 0x9d, 0xd1, 0x96, 0x39, 0x70, 0x71, 0x15, 0xc8, 0x93, 0xd5, 0xc5, 0xe5, 0xba, 0xfe, 0xee, 0x08, 0x6a, 0x98, 0x0a, 0x1b, 0xb2, 0xaa, 0x3a, 0xf4, 0xa4, 0x79, 0xf9, 0x8e, 0x4d, 0x65, 0x10, 0x9b, 0x3a, 0x6e, 0x7c, 0x87, 0x94, 0x92, 0x11, 0x65, 0xbf, 0x1a, 0x09, 0xde}, - }, - { - addYX: fp.Elt{0xf3, 0x84, 0x76, 0x77, 0xa5, 0x6b, 0x27, 0x3b, 0x83, 0x3d, 0xdf, 0xa0, 0xeb, 0x32, 0x6d, 0x58, 0x81, 0x57, 0x64, 0xc2, 0x21, 0x7c, 0x9b, 0xea, 0xe6, 0xb0, 0x93, 0xf9, 0xe7, 0xc3, 0xed, 0x5a, 0x8e, 0xe2, 0xb4, 0x72, 0x76, 0x66, 0x0f, 0x22, 0x29, 0x94, 0x3e, 0x63, 0x48, 0x5e, 0x80, 0xcb, 0xac, 0xfa, 0x95, 0xb6, 0x4b, 0xc4, 0x95, 0x33}, - subYX: fp.Elt{0x0c, 0x55, 0xd1, 0x5e, 0x5f, 0xbf, 0xbf, 0xe2, 0x4c, 0xfc, 0x37, 0x4a, 0xc4, 0xb1, 0xf4, 0x83, 0x61, 0x93, 0x60, 0x8e, 0x9f, 0x31, 0xf0, 0xa0, 0x41, 0xff, 0x1d, 0xe2, 0x7f, 0xca, 0x40, 0xd6, 0x88, 0xe8, 0x91, 0x61, 0xe2, 0x11, 0x18, 0x83, 0xf3, 0x25, 0x2f, 0x3f, 0x49, 0x40, 0xd4, 0x83, 0xe2, 0xd7, 0x74, 0x6a, 0x16, 0x86, 0x4e, 0xab}, - dt2: fp.Elt{0xdd, 0x58, 0x65, 0xd8, 0x9f, 0xdd, 0x70, 0x7f, 0x0f, 0xec, 0xbd, 0x5c, 0x5c, 0x9b, 0x7e, 0x1b, 0x9f, 0x79, 0x36, 0x1f, 0xfd, 0x79, 0x10, 0x1c, 0x52, 0xf3, 0x22, 0xa4, 0x1f, 0x71, 0x6e, 0x63, 0x14, 0xf4, 0xa7, 0x3e, 0xbe, 0xad, 0x43, 0x30, 0x38, 0x8c, 0x29, 0xc6, 0xcf, 0x50, 0x75, 0x21, 0xe5, 0x78, 0xfd, 0xb0, 0x9a, 0xc4, 0x6d, 0xd4}, - }, - }, - { - { - addYX: fp.Elt{0x7a, 0xa1, 0x38, 0xa6, 0xfd, 0x0e, 0x96, 0xd5, 0x26, 0x76, 0x86, 0x70, 0x80, 0x30, 0xa6, 0x67, 0xeb, 0xf4, 0x39, 0xdb, 0x22, 0xf5, 0x9f, 0x98, 0xe4, 0xb5, 0x3a, 0x0c, 0x59, 0xbf, 0x85, 0xc6, 0xf0, 0x0b, 0x1c, 0x41, 0x38, 0x09, 0x01, 0xdb, 0xd6, 0x3c, 0xb7, 0xf1, 0x08, 0x6b, 0x4b, 0x9e, 0x63, 0x53, 0x83, 0xd3, 0xab, 0xa3, 0x72, 0x0d}, - subYX: fp.Elt{0x84, 0x68, 0x25, 0xe8, 0xe9, 0x8f, 0x91, 0xbf, 0xf7, 0xa4, 0x30, 0xae, 0xea, 0x9f, 0xdd, 0x56, 0x64, 0x09, 0xc9, 0x54, 0x68, 0x4e, 0x33, 0xc5, 0x6f, 0x7b, 0x2d, 0x52, 0x2e, 0x42, 0xbe, 0xbe, 0xf5, 0x64, 0xbf, 0x77, 0x54, 0xdf, 0xb0, 0x10, 0xd2, 0x16, 0x5d, 0xce, 0xaf, 0x9f, 0xfb, 0xa3, 0x63, 0x50, 0xcb, 0xc0, 0xd0, 0x88, 0x44, 0xa3}, - dt2: fp.Elt{0xc3, 0x8b, 0xa5, 0xf1, 0x44, 0xe4, 0x41, 0xcd, 0x75, 0xe3, 0x17, 0x69, 0x5b, 0xb9, 0xbb, 0xee, 0x82, 0xbb, 0xce, 0x57, 0xdf, 0x2a, 0x9c, 0x12, 0xab, 0x66, 0x08, 0x68, 0x05, 0x1b, 0x87, 0xee, 0x5d, 0x1e, 0x18, 0x14, 0x22, 0x4b, 0x99, 0x61, 0x75, 0x28, 0xe7, 0x65, 0x1c, 0x36, 0xb6, 0x18, 0x09, 0xa8, 0xdf, 0xef, 0x30, 0x35, 0xbc, 0x58}, - }, - { - addYX: fp.Elt{0xc5, 0xd3, 0x0e, 0x6f, 0xaf, 0x06, 0x69, 0xc4, 0x07, 0x9e, 0x58, 0x6e, 0x3f, 0x49, 0xd9, 0x0a, 0x3c, 0x2c, 0x37, 0xcd, 0x27, 0x4d, 0x87, 0x91, 0x7a, 0xb0, 0x28, 0xad, 0x2f, 0x68, 0x92, 0x05, 0x97, 0xf1, 0x30, 0x5f, 0x4c, 0x10, 0x20, 0x30, 0xd3, 0x08, 0x3f, 0xc1, 0xc6, 0xb7, 0xb5, 0xd1, 0x71, 0x7b, 0xa8, 0x0a, 0xd8, 0xf5, 0x17, 0xcf}, - subYX: fp.Elt{0x64, 0xd4, 0x8f, 0x91, 0x40, 0xab, 0x6e, 0x1a, 0x62, 0x83, 0xdc, 0xd7, 0x30, 0x1a, 0x4a, 0x2a, 0x4c, 0x54, 0x86, 0x19, 0x81, 0x5d, 0x04, 0x52, 0xa3, 0xca, 0x82, 0x38, 0xdc, 0x1e, 0xf0, 0x7a, 0x78, 0x76, 0x49, 0x4f, 0x71, 0xc4, 0x74, 0x2f, 0xf0, 0x5b, 0x2e, 0x5e, 0xac, 0xef, 0x17, 0xe4, 0x8e, 0x6e, 0xed, 0x43, 0x23, 0x61, 0x99, 0x49}, - dt2: fp.Elt{0x64, 0x90, 0x72, 0x76, 0xf8, 0x2c, 0x7d, 0x57, 0xf9, 0x30, 0x5e, 0x7a, 0x10, 0x74, 0x19, 0x39, 0xd9, 0xaf, 0x0a, 0xf1, 0x43, 0xed, 0x88, 0x9c, 0x8b, 0xdc, 0x9b, 0x1c, 0x90, 0xe7, 0xf7, 0xa3, 0xa5, 0x0d, 0xc6, 0xbc, 0x30, 0xfb, 0x91, 0x1a, 0x51, 0xba, 0x2d, 0xbe, 0x89, 0xdf, 0x1d, 0xdc, 0x53, 0xa8, 0x82, 0x8a, 0xd3, 0x8d, 0x16, 0x68}, - }, - { - addYX: fp.Elt{0xef, 0x5c, 0xe3, 0x74, 0xbf, 0x13, 0x4a, 0xbf, 0x66, 0x73, 0x64, 0xb7, 0xd4, 0xce, 0x98, 0x82, 0x05, 0xfa, 0x98, 0x0c, 0x0a, 0xae, 0xe5, 0x6b, 0x9f, 0xac, 0xbb, 0x6e, 0x1f, 0xcf, 0xff, 0xa6, 0x71, 0x9a, 0xa8, 0x7a, 0x9e, 0x64, 0x1f, 0x20, 0x4a, 0x61, 0xa2, 0xd6, 0x50, 0xe3, 0xba, 0x81, 0x0c, 0x50, 0x59, 0x69, 0x59, 0x15, 0x55, 0xdb}, - subYX: fp.Elt{0xe8, 0x77, 0x4d, 0xe8, 0x66, 0x3d, 0xc1, 0x00, 0x3c, 0xf2, 0x25, 0x00, 0xdc, 0xb2, 0xe5, 0x9b, 0x12, 0x89, 0xf3, 0xd6, 0xea, 0x85, 0x60, 0xfe, 0x67, 0x91, 0xfd, 0x04, 0x7c, 0xe0, 0xf1, 0x86, 0x06, 0x11, 0x66, 0xee, 0xd4, 0xd5, 0xbe, 0x3b, 0x0f, 0xe3, 0x59, 0xb3, 0x4f, 0x00, 0xb6, 0xce, 0x80, 0xc1, 0x61, 0xf7, 0xaf, 0x04, 0x6a, 0x3c}, - dt2: fp.Elt{0x00, 0xd7, 0x32, 0x93, 0x67, 0x70, 0x6f, 0xd7, 0x69, 0xab, 0xb1, 0xd3, 0xdc, 0xd6, 0xa8, 0xdd, 0x35, 0x25, 0xca, 0xd3, 0x8a, 0x6d, 0xce, 0xfb, 0xfd, 0x2b, 0x83, 0xf0, 0xd4, 0xac, 0x66, 0xfb, 0x72, 0x87, 0x7e, 0x55, 0xb7, 0x91, 0x58, 0x10, 0xc3, 0x11, 0x7e, 0x15, 0xfe, 0x7c, 0x55, 0x90, 0xa3, 0x9e, 0xed, 0x9a, 0x7f, 0xa7, 0xb7, 0xeb}, - }, - { - addYX: fp.Elt{0x25, 0x0f, 0xc2, 0x09, 0x9c, 0x10, 0xc8, 0x7c, 0x93, 0xa7, 0xbe, 0xe9, 0x26, 0x25, 0x7c, 0x21, 0xfe, 0xe7, 0x5f, 0x3c, 0x02, 0x83, 0xa7, 0x9e, 0xdf, 0xc0, 0x94, 0x2b, 0x7d, 0x1a, 0xd0, 0x1d, 0xcc, 0x2e, 0x7d, 0xd4, 0x85, 0xe7, 0xc1, 0x15, 0x66, 0xd6, 0xd6, 0x32, 0xb8, 0xf7, 0x63, 0xaa, 0x3b, 0xa5, 0xea, 0x49, 0xad, 0x88, 0x9b, 0x66}, - subYX: fp.Elt{0x09, 0x97, 0x79, 0x36, 0x41, 0x56, 0x9b, 0xdf, 0x15, 0xd8, 0x43, 0x28, 0x17, 0x5b, 0x96, 0xc9, 0xcf, 0x39, 0x1f, 0x13, 0xf7, 0x4d, 0x1d, 0x1f, 0xda, 0x51, 0x56, 0xe7, 0x0a, 0x5a, 0x65, 0xb6, 0x2a, 0x87, 0x49, 0x86, 0xc2, 0x2b, 0xcd, 0xfe, 0x07, 0xf6, 0x4c, 0xe2, 0x1d, 0x9b, 0xd8, 0x82, 0x09, 0x5b, 0x11, 0x10, 0x62, 0x56, 0x89, 0xbd}, - dt2: fp.Elt{0xd9, 0x15, 0x73, 0xf2, 0x96, 0x35, 0x53, 0xb0, 0xe7, 0xa8, 0x0b, 0x93, 0x35, 0x0b, 0x3a, 0x00, 0xf5, 0x18, 0xb1, 0xc3, 0x12, 0x3f, 0x91, 0x17, 0xc1, 0x4c, 0x15, 0x5a, 0x86, 0x92, 0x11, 0xbd, 0x44, 0x40, 0x5a, 0x7b, 0x15, 0x89, 0xba, 0xc1, 0xc1, 0xbc, 0x43, 0x45, 0xe6, 0x52, 0x02, 0x73, 0x0a, 0xd0, 0x2a, 0x19, 0xda, 0x47, 0xa8, 0xff}, - }, - }, -} - -// tabVerif contains the odd multiples of P. The entry T[i] = (2i+1)P, where -// P = phi(G) and G is the generator of the Goldilocks curve, and phi is a -// 4-degree isogeny. -var tabVerif = [1 << (omegaFix - 2)]preTwistPointAffine{ - { /* 1P*/ - addYX: fp.Elt{0x65, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2b, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05}, - subYX: fp.Elt{0x64, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2d, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05}, - dt2: fp.Elt{0x1a, 0x33, 0xea, 0x64, 0x45, 0x1c, 0xdf, 0x17, 0x1d, 0x16, 0x34, 0x28, 0xd6, 0x61, 0x19, 0x67, 0x79, 0xb4, 0x13, 0xcf, 0x3e, 0x7c, 0x0e, 0x72, 0xda, 0xf1, 0x5f, 0xda, 0xe6, 0xcf, 0x42, 0xd3, 0xb6, 0x17, 0xc2, 0x68, 0x13, 0x2d, 0xd9, 0x60, 0x3e, 0xae, 0xf0, 0x5b, 0x96, 0xf0, 0xcd, 0xaf, 0xea, 0xb7, 0x0d, 0x59, 0x16, 0xa7, 0xff, 0x55}, - }, - { /* 3P*/ - addYX: fp.Elt{0xd1, 0xe9, 0xa8, 0x33, 0x20, 0x76, 0x18, 0x08, 0x45, 0x2a, 0xc9, 0x67, 0x2a, 0xc3, 0x15, 0x24, 0xf9, 0x74, 0x21, 0x30, 0x99, 0x59, 0x8b, 0xb2, 0xf0, 0xa4, 0x07, 0xe2, 0x6a, 0x36, 0x8d, 0xd9, 0xd2, 0x4a, 0x7f, 0x73, 0x50, 0x39, 0x3d, 0xaa, 0xa7, 0x51, 0x73, 0x0d, 0x2b, 0x8b, 0x96, 0x47, 0xac, 0x3c, 0x5d, 0xaa, 0x39, 0x9c, 0xcf, 0xd5}, - subYX: fp.Elt{0x6b, 0x11, 0x5d, 0x1a, 0xf9, 0x41, 0x9d, 0xc5, 0x30, 0x3e, 0xad, 0x25, 0x2c, 0x04, 0x45, 0xea, 0xcc, 0x67, 0x07, 0x85, 0xe9, 0xda, 0x0e, 0xb5, 0x40, 0xb7, 0x32, 0xb4, 0x49, 0xdd, 0xff, 0xaa, 0xfc, 0xbb, 0x19, 0xca, 0x8b, 0x79, 0x2b, 0x8f, 0x8d, 0x00, 0x33, 0xc2, 0xad, 0xe9, 0xd3, 0x12, 0xa8, 0xaa, 0x87, 0x62, 0xad, 0x2d, 0xff, 0xa4}, - dt2: fp.Elt{0xb0, 0xaf, 0x3b, 0xea, 0xf0, 0x42, 0x0b, 0x5e, 0x88, 0xd3, 0x98, 0x08, 0x87, 0x59, 0x72, 0x0a, 0xc2, 0xdf, 0xcb, 0x7f, 0x59, 0xb5, 0x4c, 0x63, 0x68, 0xe8, 0x41, 0x38, 0x67, 0x4f, 0xe9, 0xc6, 0xb2, 0x6b, 0x08, 0xa7, 0xf7, 0x0e, 0xcd, 0xea, 0xca, 0x3d, 0xaf, 0x8e, 0xda, 0x4b, 0x2e, 0xd2, 0x88, 0x64, 0x8d, 0xc5, 0x5f, 0x76, 0x0f, 0x3d}, - }, - { /* 5P*/ - addYX: fp.Elt{0xe5, 0x65, 0xc9, 0xe2, 0x75, 0xf0, 0x7d, 0x1a, 0xba, 0xa4, 0x40, 0x4b, 0x93, 0x12, 0xa2, 0x80, 0x95, 0x0d, 0x03, 0x93, 0xe8, 0xa5, 0x4d, 0xe2, 0x3d, 0x81, 0xf5, 0xce, 0xd4, 0x2d, 0x25, 0x59, 0x16, 0x5c, 0xe7, 0xda, 0xc7, 0x45, 0xd2, 0x7e, 0x2c, 0x38, 0xd4, 0x37, 0x64, 0xb2, 0xc2, 0x28, 0xc5, 0x72, 0x16, 0x32, 0x45, 0x36, 0x6f, 0x9f}, - subYX: fp.Elt{0x09, 0xf4, 0x7e, 0xbd, 0x89, 0xdb, 0x19, 0x58, 0xe1, 0x08, 0x00, 0x8a, 0xf4, 0x5f, 0x2a, 0x32, 0x40, 0xf0, 0x2c, 0x3f, 0x5d, 0xe4, 0xfc, 0x89, 0x11, 0x24, 0xb4, 0x2f, 0x97, 0xad, 0xac, 0x8f, 0x19, 0xab, 0xfa, 0x12, 0xe5, 0xf9, 0x50, 0x4e, 0x50, 0x6f, 0x32, 0x30, 0x88, 0xa6, 0xe5, 0x48, 0x28, 0xa2, 0x1b, 0x9f, 0xcd, 0xe2, 0x43, 0x38}, - dt2: fp.Elt{0xa9, 0xcc, 0x53, 0x39, 0x86, 0x02, 0x60, 0x75, 0x34, 0x99, 0x57, 0xbd, 0xfc, 0x5a, 0x8e, 0xce, 0x5e, 0x98, 0x22, 0xd0, 0xa5, 0x24, 0xff, 0x90, 0x28, 0x9f, 0x58, 0xf3, 0x39, 0xe9, 0xba, 0x36, 0x23, 0xfb, 0x7f, 0x41, 0xcc, 0x2b, 0x5a, 0x25, 0x3f, 0x4c, 0x2a, 0xf1, 0x52, 0x6f, 0x2f, 0x07, 0xe3, 0x88, 0x81, 0x77, 0xdd, 0x7c, 0x88, 0x82}, - }, - { /* 7P*/ - addYX: fp.Elt{0xf7, 0xee, 0x88, 0xfd, 0x3a, 0xbf, 0x7e, 0x28, 0x39, 0x23, 0x79, 0xe6, 0x5c, 0x56, 0xcb, 0xb5, 0x48, 0x6a, 0x80, 0x6d, 0x37, 0x60, 0x6c, 0x10, 0x35, 0x49, 0x4b, 0x46, 0x60, 0xd4, 0x79, 0xd4, 0x53, 0xd3, 0x67, 0x88, 0xd0, 0x41, 0xd5, 0x43, 0x85, 0xc8, 0x71, 0xe3, 0x1c, 0xb6, 0xda, 0x22, 0x64, 0x8f, 0x80, 0xac, 0xad, 0x7d, 0xd5, 0x82}, - subYX: fp.Elt{0x92, 0x40, 0xc1, 0x83, 0x21, 0x9b, 0xd5, 0x7d, 0x3f, 0x29, 0xb6, 0x26, 0xef, 0x12, 0xb9, 0x27, 0x39, 0x42, 0x37, 0x97, 0x09, 0x9a, 0x08, 0xe1, 0x68, 0xb6, 0x7a, 0x3f, 0x9f, 0x45, 0xf8, 0x37, 0x19, 0x83, 0x97, 0xe6, 0x73, 0x30, 0x32, 0x35, 0xcf, 0xae, 0x5c, 0x12, 0x68, 0xdf, 0x6e, 0x2b, 0xde, 0x83, 0xa0, 0x44, 0x74, 0x2e, 0x4a, 0xe9}, - dt2: fp.Elt{0xcb, 0x22, 0x0a, 0xda, 0x6b, 0xc1, 0x8a, 0x29, 0xa1, 0xac, 0x8b, 0x5b, 0x8b, 0x32, 0x20, 0xf2, 0x21, 0xae, 0x0c, 0x43, 0xc4, 0xd7, 0x19, 0x37, 0x3d, 0x79, 0x25, 0x98, 0x6c, 0x9c, 0x22, 0x31, 0x2a, 0x55, 0x9f, 0xda, 0x5e, 0xa8, 0x13, 0xdb, 0x8e, 0x2e, 0x16, 0x39, 0xf4, 0x91, 0x6f, 0xec, 0x71, 0x71, 0xc9, 0x10, 0xf2, 0xa4, 0x8f, 0x11}, - }, - { /* 9P*/ - addYX: fp.Elt{0x85, 0xdd, 0x37, 0x62, 0x74, 0x8e, 0x33, 0x5b, 0x25, 0x12, 0x1b, 0xe7, 0xdf, 0x47, 0xe5, 0x12, 0xfd, 0x3a, 0x3a, 0xf5, 0x5d, 0x4c, 0xa2, 0x29, 0x3c, 0x5c, 0x2f, 0xee, 0x18, 0x19, 0x0a, 0x2b, 0xef, 0x67, 0x50, 0x7a, 0x0d, 0x29, 0xae, 0x55, 0x82, 0xcd, 0xd6, 0x41, 0x90, 0xb4, 0x13, 0x31, 0x5d, 0x11, 0xb8, 0xaa, 0x12, 0x86, 0x08, 0xac}, - subYX: fp.Elt{0xcc, 0x37, 0x8d, 0x83, 0x5f, 0xfd, 0xde, 0xd5, 0xf7, 0xf1, 0xae, 0x0a, 0xa7, 0x0b, 0xeb, 0x6d, 0x19, 0x8a, 0xb6, 0x1a, 0x59, 0xd8, 0xff, 0x3c, 0xbc, 0xbc, 0xef, 0x9c, 0xda, 0x7b, 0x75, 0x12, 0xaf, 0x80, 0x8f, 0x2c, 0x3c, 0xaa, 0x0b, 0x17, 0x86, 0x36, 0x78, 0x18, 0xc8, 0x8a, 0xf6, 0xb8, 0x2c, 0x2f, 0x57, 0x2c, 0x62, 0x57, 0xf6, 0x90}, - dt2: fp.Elt{0x83, 0xbc, 0xa2, 0x07, 0xa5, 0x38, 0x96, 0xea, 0xfe, 0x11, 0x46, 0x1d, 0x3b, 0xcd, 0x42, 0xc5, 0xee, 0x67, 0x04, 0x72, 0x08, 0xd8, 0xd9, 0x96, 0x07, 0xf7, 0xac, 0xc3, 0x64, 0xf1, 0x98, 0x2c, 0x55, 0xd7, 0x7d, 0xc8, 0x6c, 0xbd, 0x2c, 0xff, 0x15, 0xd6, 0x6e, 0xb8, 0x17, 0x8e, 0xa8, 0x27, 0x66, 0xb1, 0x73, 0x79, 0x96, 0xff, 0x29, 0x10}, - }, - { /* 11P*/ - addYX: fp.Elt{0x76, 0xcb, 0x9b, 0x0c, 0x5b, 0xfe, 0xe1, 0x2a, 0xdd, 0x6f, 0x6c, 0xdd, 0x6f, 0xb4, 0xc0, 0xc2, 0x1b, 0x4b, 0x38, 0xe8, 0x66, 0x8c, 0x1e, 0x31, 0x63, 0xb9, 0x94, 0xcd, 0xc3, 0x8c, 0x44, 0x25, 0x7b, 0xd5, 0x39, 0x80, 0xfc, 0x01, 0xaa, 0xf7, 0x2a, 0x61, 0x8a, 0x25, 0xd2, 0x5f, 0xc5, 0x66, 0x38, 0xa4, 0x17, 0xcf, 0x3e, 0x11, 0x0f, 0xa3}, - subYX: fp.Elt{0xe0, 0xb6, 0xd1, 0x9c, 0x71, 0x49, 0x2e, 0x7b, 0xde, 0x00, 0xda, 0x6b, 0xf1, 0xec, 0xe6, 0x7a, 0x15, 0x38, 0x71, 0xe9, 0x7b, 0xdb, 0xf8, 0x98, 0xc0, 0x91, 0x2e, 0x53, 0xee, 0x92, 0x87, 0x25, 0xc9, 0xb0, 0xbb, 0x33, 0x15, 0x46, 0x7f, 0xfd, 0x4f, 0x8b, 0x77, 0x05, 0x96, 0xb6, 0xe2, 0x08, 0xdb, 0x0d, 0x09, 0xee, 0x5b, 0xd1, 0x2a, 0x63}, - dt2: fp.Elt{0x8f, 0x7b, 0x57, 0x8c, 0xbf, 0x06, 0x0d, 0x43, 0x21, 0x92, 0x94, 0x2d, 0x6a, 0x38, 0x07, 0x0f, 0xa0, 0xf1, 0xe3, 0xd8, 0x2a, 0xbf, 0x46, 0xc6, 0x9e, 0x1f, 0x8f, 0x2b, 0x46, 0x84, 0x0b, 0x74, 0xed, 0xff, 0xf8, 0xa5, 0x94, 0xae, 0xf1, 0x67, 0xb1, 0x9b, 0xdd, 0x4a, 0xd0, 0xdb, 0xc2, 0xb5, 0x58, 0x49, 0x0c, 0xa9, 0x1d, 0x7d, 0xa9, 0xd3}, - }, - { /* 13P*/ - addYX: fp.Elt{0x73, 0x84, 0x2e, 0x31, 0x1f, 0xdc, 0xed, 0x9f, 0x74, 0xfa, 0xe0, 0x35, 0xb1, 0x85, 0x6a, 0x8d, 0x86, 0xd0, 0xff, 0xd6, 0x08, 0x43, 0x73, 0x1a, 0xd5, 0xf8, 0x43, 0xd4, 0xb3, 0xe5, 0x3f, 0xa8, 0x84, 0x17, 0x59, 0x65, 0x4e, 0xe6, 0xee, 0x54, 0x9c, 0xda, 0x5e, 0x7e, 0x98, 0x29, 0x6d, 0x73, 0x34, 0x1f, 0x99, 0x80, 0x54, 0x54, 0x81, 0x0b}, - subYX: fp.Elt{0xb1, 0xe5, 0xbb, 0x80, 0x22, 0x9c, 0x81, 0x6d, 0xaf, 0x27, 0x65, 0x6f, 0x7e, 0x9c, 0xb6, 0x8d, 0x35, 0x5c, 0x2e, 0x20, 0x48, 0x7a, 0x28, 0xf0, 0x97, 0xfe, 0xb7, 0x71, 0xce, 0xd6, 0xad, 0x3a, 0x81, 0xf6, 0x74, 0x5e, 0xf3, 0xfd, 0x1b, 0xd4, 0x1e, 0x7c, 0xc2, 0xb7, 0xc8, 0xa6, 0xc9, 0x89, 0x03, 0x47, 0xec, 0x24, 0xd6, 0x0e, 0xec, 0x9c}, - dt2: fp.Elt{0x91, 0x0a, 0x43, 0x34, 0x20, 0xc2, 0x64, 0xf7, 0x4e, 0x48, 0xc8, 0xd2, 0x95, 0x83, 0xd1, 0xa4, 0xfb, 0x4e, 0x41, 0x3b, 0x0d, 0xd5, 0x07, 0xd9, 0xf1, 0x13, 0x16, 0x78, 0x54, 0x57, 0xd0, 0xf1, 0x4f, 0x20, 0xac, 0xcf, 0x9c, 0x3b, 0x33, 0x0b, 0x99, 0x54, 0xc3, 0x7f, 0x3e, 0x57, 0x26, 0x86, 0xd5, 0xa5, 0x2b, 0x8d, 0xe3, 0x19, 0x36, 0xf7}, - }, - { /* 15P*/ - addYX: fp.Elt{0x23, 0x69, 0x47, 0x14, 0xf9, 0x9a, 0x50, 0xff, 0x64, 0xd1, 0x50, 0x35, 0xc3, 0x11, 0xd3, 0x19, 0xcf, 0x87, 0xda, 0x30, 0x0b, 0x50, 0xda, 0xc0, 0xe0, 0x25, 0x00, 0xe5, 0x68, 0x93, 0x04, 0xc2, 0xaf, 0xbd, 0x2f, 0x36, 0x5f, 0x47, 0x96, 0x10, 0xa8, 0xbd, 0xe4, 0x88, 0xac, 0x80, 0x52, 0x61, 0x73, 0xe9, 0x63, 0xdd, 0x99, 0xad, 0x20, 0x5b}, - subYX: fp.Elt{0x1b, 0x5e, 0xa2, 0x2a, 0x25, 0x0f, 0x86, 0xc0, 0xb1, 0x2e, 0x0c, 0x13, 0x40, 0x8d, 0xf0, 0xe6, 0x00, 0x55, 0x08, 0xc5, 0x7d, 0xf4, 0xc9, 0x31, 0x25, 0x3a, 0x99, 0x69, 0xdd, 0x67, 0x63, 0x9a, 0xd6, 0x89, 0x2e, 0xa1, 0x19, 0xca, 0x2c, 0xd9, 0x59, 0x5f, 0x5d, 0xc3, 0x6e, 0x62, 0x36, 0x12, 0x59, 0x15, 0xe1, 0xdc, 0xa4, 0xad, 0xc9, 0xd0}, - dt2: fp.Elt{0xbc, 0xea, 0xfc, 0xaf, 0x66, 0x23, 0xb7, 0x39, 0x6b, 0x2a, 0x96, 0xa8, 0x54, 0x43, 0xe9, 0xaa, 0x32, 0x40, 0x63, 0x92, 0x5e, 0xdf, 0x35, 0xc2, 0x9f, 0x24, 0x0c, 0xed, 0xfc, 0xde, 0x73, 0x8f, 0xa7, 0xd5, 0xa3, 0x2b, 0x18, 0x1f, 0xb0, 0xf8, 0xeb, 0x55, 0xd9, 0xc3, 0xfd, 0x28, 0x7c, 0x4f, 0xce, 0x0d, 0xf7, 0xae, 0xc2, 0x83, 0xc3, 0x78}, - }, - { /* 17P*/ - addYX: fp.Elt{0x71, 0xe6, 0x60, 0x93, 0x37, 0xdb, 0x01, 0xa5, 0x4c, 0xba, 0xe8, 0x8e, 0xd5, 0xf9, 0xd3, 0x98, 0xe5, 0xeb, 0xab, 0x3a, 0x15, 0x8b, 0x35, 0x60, 0xbe, 0xe5, 0x9c, 0x2d, 0x10, 0x9b, 0x2e, 0xcf, 0x65, 0x64, 0xea, 0x8f, 0x72, 0xce, 0xf5, 0x18, 0xe5, 0xe2, 0xf0, 0x0e, 0xae, 0x04, 0xec, 0xa0, 0x20, 0x65, 0x63, 0x07, 0xb1, 0x9f, 0x03, 0x97}, - subYX: fp.Elt{0x9e, 0x41, 0x64, 0x30, 0x95, 0x7f, 0x3a, 0x89, 0x7b, 0x0a, 0x79, 0x59, 0x23, 0x9a, 0x3b, 0xfe, 0xa4, 0x13, 0x08, 0xb2, 0x2e, 0x04, 0x50, 0x10, 0x30, 0xcd, 0x2e, 0xa4, 0x91, 0x71, 0x50, 0x36, 0x4a, 0x02, 0xf4, 0x8d, 0xa3, 0x36, 0x1b, 0xf4, 0x52, 0xba, 0x15, 0x04, 0x8b, 0x80, 0x25, 0xd9, 0xae, 0x67, 0x20, 0xd9, 0x88, 0x8f, 0x97, 0xa6}, - dt2: fp.Elt{0xb5, 0xe7, 0x46, 0xbd, 0x55, 0x23, 0xa0, 0x68, 0xc0, 0x12, 0xd9, 0xf1, 0x0a, 0x75, 0xe2, 0xda, 0xf4, 0x6b, 0xca, 0x14, 0xe4, 0x9f, 0x0f, 0xb5, 0x3c, 0xa6, 0xa5, 0xa2, 0x63, 0x94, 0xd1, 0x1c, 0x39, 0x58, 0x57, 0x02, 0x27, 0x98, 0xb6, 0x47, 0xc6, 0x61, 0x4b, 0x5c, 0xab, 0x6f, 0x2d, 0xab, 0xe3, 0xc1, 0x69, 0xf9, 0x12, 0xb0, 0xc8, 0xd5}, - }, - { /* 19P*/ - addYX: fp.Elt{0x19, 0x7d, 0xd5, 0xac, 0x79, 0xa2, 0x82, 0x9b, 0x28, 0x31, 0x22, 0xc0, 0x73, 0x02, 0x76, 0x17, 0x10, 0x70, 0x79, 0x57, 0xc9, 0x84, 0x62, 0x8e, 0x04, 0x04, 0x61, 0x67, 0x08, 0x48, 0xb4, 0x4b, 0xde, 0x53, 0x8c, 0xff, 0x36, 0x1b, 0x62, 0x86, 0x5d, 0xe1, 0x9b, 0xb1, 0xe5, 0xe8, 0x44, 0x64, 0xa1, 0x68, 0x3f, 0xa8, 0x45, 0x52, 0x91, 0xed}, - subYX: fp.Elt{0x42, 0x1a, 0x36, 0x1f, 0x90, 0x15, 0x24, 0x8d, 0x24, 0x80, 0xe6, 0xfe, 0x1e, 0xf0, 0xad, 0xaf, 0x6a, 0x93, 0xf0, 0xa6, 0x0d, 0x5d, 0xea, 0xf6, 0x62, 0x96, 0x7a, 0x05, 0x76, 0x85, 0x74, 0x32, 0xc7, 0xc8, 0x64, 0x53, 0x62, 0xe7, 0x54, 0x84, 0xe0, 0x40, 0x66, 0x19, 0x70, 0x40, 0x95, 0x35, 0x68, 0x64, 0x43, 0xcd, 0xba, 0x29, 0x32, 0xa8}, - dt2: fp.Elt{0x3e, 0xf6, 0xd6, 0xe4, 0x99, 0xeb, 0x20, 0x66, 0x08, 0x2e, 0x26, 0x64, 0xd7, 0x76, 0xf3, 0xb4, 0xc5, 0xa4, 0x35, 0x92, 0xd2, 0x99, 0x70, 0x5a, 0x1a, 0xe9, 0xe9, 0x3d, 0x3b, 0xe1, 0xcd, 0x0e, 0xee, 0x24, 0x13, 0x03, 0x22, 0xd6, 0xd6, 0x72, 0x08, 0x2b, 0xde, 0xfd, 0x93, 0xed, 0x0c, 0x7f, 0x5e, 0x31, 0x22, 0x4d, 0x80, 0x78, 0xc0, 0x48}, - }, - { /* 21P*/ - addYX: fp.Elt{0x8f, 0x72, 0xd2, 0x9e, 0xc4, 0xcd, 0x2c, 0xbf, 0xa8, 0xd3, 0x24, 0x62, 0x28, 0xee, 0x39, 0x0a, 0x19, 0x3a, 0x58, 0xff, 0x21, 0x2e, 0x69, 0x6c, 0x6e, 0x18, 0xd0, 0xcd, 0x61, 0xc1, 0x18, 0x02, 0x5a, 0xe9, 0xe3, 0xef, 0x1f, 0x8e, 0x10, 0xe8, 0x90, 0x2b, 0x48, 0xcd, 0xee, 0x38, 0xbd, 0x3a, 0xca, 0xbc, 0x2d, 0xe2, 0x3a, 0x03, 0x71, 0x02}, - subYX: fp.Elt{0xf8, 0xa4, 0x32, 0x26, 0x66, 0xaf, 0x3b, 0x53, 0xe7, 0xb0, 0x91, 0x92, 0xf5, 0x3c, 0x74, 0xce, 0xf2, 0xdd, 0x68, 0xa9, 0xf4, 0xcd, 0x5f, 0x60, 0xab, 0x71, 0xdf, 0xcd, 0x5c, 0x5d, 0x51, 0x72, 0x3a, 0x96, 0xea, 0xd6, 0xde, 0x54, 0x8e, 0x55, 0x4c, 0x08, 0x4c, 0x60, 0xdd, 0x34, 0xa9, 0x6f, 0xf3, 0x04, 0x02, 0xa8, 0xa6, 0x4e, 0x4d, 0x62}, - dt2: fp.Elt{0x76, 0x4a, 0xae, 0x38, 0x62, 0x69, 0x72, 0xdc, 0xe8, 0x43, 0xbe, 0x1d, 0x61, 0xde, 0x31, 0xc3, 0x42, 0x8f, 0x33, 0x9d, 0xca, 0xc7, 0x9c, 0xec, 0x6a, 0xe2, 0xaa, 0x01, 0x49, 0x78, 0x8d, 0x72, 0x4f, 0x38, 0xea, 0x52, 0xc2, 0xd3, 0xc9, 0x39, 0x71, 0xba, 0xb9, 0x09, 0x9b, 0xa3, 0x7f, 0x45, 0x43, 0x65, 0x36, 0x29, 0xca, 0xe7, 0x5c, 0x5f}, - }, - { /* 23P*/ - addYX: fp.Elt{0x89, 0x42, 0x35, 0x48, 0x6d, 0x74, 0xe5, 0x1f, 0xc3, 0xdd, 0x28, 0x5b, 0x84, 0x41, 0x33, 0x9f, 0x42, 0xf3, 0x1d, 0x5d, 0x15, 0x6d, 0x76, 0x33, 0x36, 0xaf, 0xe9, 0xdd, 0xfa, 0x63, 0x4f, 0x7a, 0x9c, 0xeb, 0x1c, 0x4f, 0x34, 0x65, 0x07, 0x54, 0xbb, 0x4c, 0x8b, 0x62, 0x9d, 0xd0, 0x06, 0x99, 0xb3, 0xe9, 0xda, 0x85, 0x19, 0xb0, 0x3d, 0x3c}, - subYX: fp.Elt{0xbb, 0x99, 0xf6, 0xbf, 0xaf, 0x2c, 0x22, 0x0d, 0x7a, 0xaa, 0x98, 0x6f, 0x01, 0x82, 0x99, 0xcf, 0x88, 0xbd, 0x0e, 0x3a, 0x89, 0xe0, 0x9c, 0x8c, 0x17, 0x20, 0xc4, 0xe0, 0xcf, 0x43, 0x7a, 0xef, 0x0d, 0x9f, 0x87, 0xd4, 0xfb, 0xf2, 0x96, 0xb8, 0x03, 0xe8, 0xcb, 0x5c, 0xec, 0x65, 0x5f, 0x49, 0xa4, 0x7c, 0x85, 0xb4, 0xf6, 0xc7, 0xdb, 0xa3}, - dt2: fp.Elt{0x11, 0xf3, 0x32, 0xa3, 0xa7, 0xb2, 0x7d, 0x51, 0x82, 0x44, 0xeb, 0xa2, 0x7d, 0x72, 0xcb, 0xc6, 0xf6, 0xc7, 0xb2, 0x38, 0x0e, 0x0f, 0x4f, 0x29, 0x00, 0xe4, 0x5b, 0x94, 0x46, 0x86, 0x66, 0xa1, 0x83, 0xb3, 0xeb, 0x15, 0xb6, 0x31, 0x50, 0x28, 0xeb, 0xed, 0x0d, 0x32, 0x39, 0xe9, 0x23, 0x81, 0x99, 0x3e, 0xff, 0x17, 0x4c, 0x11, 0x43, 0xd1}, - }, - { /* 25P*/ - addYX: fp.Elt{0xce, 0xe7, 0xf8, 0x94, 0x8f, 0x96, 0xf8, 0x96, 0xe6, 0x72, 0x20, 0x44, 0x2c, 0xa7, 0xfc, 0xba, 0xc8, 0xe1, 0xbb, 0xc9, 0x16, 0x85, 0xcd, 0x0b, 0xe5, 0xb5, 0x5a, 0x7f, 0x51, 0x43, 0x63, 0x8b, 0x23, 0x8e, 0x1d, 0x31, 0xff, 0x46, 0x02, 0x66, 0xcc, 0x9e, 0x4d, 0xa2, 0xca, 0xe2, 0xc7, 0xfd, 0x22, 0xb1, 0xdb, 0xdf, 0x6f, 0xe6, 0xa5, 0x82}, - subYX: fp.Elt{0xd0, 0xf5, 0x65, 0x40, 0xec, 0x8e, 0x65, 0x42, 0x78, 0xc1, 0x65, 0xe4, 0x10, 0xc8, 0x0b, 0x1b, 0xdd, 0x96, 0x68, 0xce, 0xee, 0x45, 0x55, 0xd8, 0x6e, 0xd3, 0xe6, 0x77, 0x19, 0xae, 0xc2, 0x8d, 0x8d, 0x3e, 0x14, 0x3f, 0x6d, 0x00, 0x2f, 0x9b, 0xd1, 0x26, 0x60, 0x28, 0x0f, 0x3a, 0x47, 0xb3, 0xe6, 0x68, 0x28, 0x24, 0x25, 0xca, 0xc8, 0x06}, - dt2: fp.Elt{0x54, 0xbb, 0x60, 0x92, 0xdb, 0x8f, 0x0f, 0x38, 0xe0, 0xe6, 0xe4, 0xc9, 0xcc, 0x14, 0x62, 0x01, 0xc4, 0x2b, 0x0f, 0xcf, 0xed, 0x7d, 0x8e, 0xa4, 0xd9, 0x73, 0x0b, 0xba, 0x0c, 0xaf, 0x0c, 0xf9, 0xe2, 0xeb, 0x29, 0x2a, 0x53, 0xdf, 0x2c, 0x5a, 0xfa, 0x8f, 0xc1, 0x01, 0xd7, 0xb1, 0x45, 0x73, 0x92, 0x32, 0x83, 0x85, 0x12, 0x74, 0x89, 0x44}, - }, - { /* 27P*/ - addYX: fp.Elt{0x0b, 0x73, 0x3c, 0xc2, 0xb1, 0x2e, 0xe1, 0xa7, 0xf5, 0xc9, 0x7a, 0xfb, 0x3d, 0x2d, 0xac, 0x59, 0xdb, 0xfa, 0x36, 0x11, 0xd1, 0x13, 0x04, 0x51, 0x1d, 0xab, 0x9b, 0x6b, 0x93, 0xfe, 0xda, 0xb0, 0x8e, 0xb4, 0x79, 0x11, 0x21, 0x0f, 0x65, 0xb9, 0xbb, 0x79, 0x96, 0x2a, 0xfd, 0x30, 0xe0, 0xb4, 0x2d, 0x9a, 0x55, 0x25, 0x5d, 0xd4, 0xad, 0x2a}, - subYX: fp.Elt{0x9e, 0xc5, 0x04, 0xfe, 0xec, 0x3c, 0x64, 0x1c, 0xed, 0x95, 0xed, 0xae, 0xaf, 0x5c, 0x6e, 0x08, 0x9e, 0x02, 0x29, 0x59, 0x7e, 0x5f, 0xc4, 0x9a, 0xd5, 0x32, 0x72, 0x86, 0xe1, 0x4e, 0x3c, 0xce, 0x99, 0x69, 0x3b, 0xc4, 0xdd, 0x4d, 0xb7, 0xbb, 0xda, 0x3b, 0x1a, 0x99, 0xaa, 0x62, 0x15, 0xc1, 0xf0, 0xb6, 0x6c, 0xec, 0x56, 0xc1, 0xff, 0x0c}, - dt2: fp.Elt{0x2f, 0xf1, 0x3f, 0x7a, 0x2d, 0x56, 0x19, 0x7f, 0xea, 0xbe, 0x59, 0x2e, 0x13, 0x67, 0x81, 0xfb, 0xdb, 0xc8, 0xa3, 0x1d, 0xd5, 0xe9, 0x13, 0x8b, 0x29, 0xdf, 0xcf, 0x9f, 0xe7, 0xd9, 0x0b, 0x70, 0xd3, 0x15, 0x57, 0x4a, 0xe9, 0x50, 0x12, 0x1b, 0x81, 0x4b, 0x98, 0x98, 0xa8, 0x31, 0x1d, 0x27, 0x47, 0x38, 0xed, 0x57, 0x99, 0x26, 0xb2, 0xee}, - }, - { /* 29P*/ - addYX: fp.Elt{0x1c, 0xb2, 0xb2, 0x67, 0x3b, 0x8b, 0x3d, 0x5a, 0x30, 0x7e, 0x38, 0x7e, 0x3c, 0x3d, 0x28, 0x56, 0x59, 0xd8, 0x87, 0x53, 0x8b, 0xe6, 0x6c, 0x5d, 0xe5, 0x0a, 0x33, 0x10, 0xce, 0xa2, 0x17, 0x0d, 0xe8, 0x76, 0xee, 0x68, 0xa8, 0x72, 0x54, 0xbd, 0xa6, 0x24, 0x94, 0x6e, 0x77, 0xc7, 0x53, 0xb7, 0x89, 0x1c, 0x7a, 0xe9, 0x78, 0x9a, 0x74, 0x5f}, - subYX: fp.Elt{0x76, 0x96, 0x1c, 0xcf, 0x08, 0x55, 0xd8, 0x1e, 0x0d, 0xa3, 0x59, 0x95, 0x32, 0xf4, 0xc2, 0x8e, 0x84, 0x5e, 0x4b, 0x04, 0xda, 0x71, 0xc9, 0x78, 0x52, 0xde, 0x14, 0xb4, 0x31, 0xf4, 0xd4, 0xb8, 0x58, 0xc5, 0x20, 0xe8, 0xdd, 0x15, 0xb5, 0xee, 0xea, 0x61, 0xe0, 0xf5, 0xd6, 0xae, 0x55, 0x59, 0x05, 0x3e, 0xaf, 0x74, 0xac, 0x1f, 0x17, 0x82}, - dt2: fp.Elt{0x59, 0x24, 0xcd, 0xfc, 0x11, 0x7e, 0x85, 0x18, 0x3d, 0x69, 0xf7, 0x71, 0x31, 0x66, 0x98, 0x42, 0x95, 0x00, 0x8c, 0xb2, 0xae, 0x39, 0x7e, 0x85, 0xd6, 0xb0, 0x02, 0xec, 0xce, 0xfc, 0x25, 0xb2, 0xe3, 0x99, 0x8e, 0x5b, 0x61, 0x96, 0x2e, 0x6d, 0x96, 0x57, 0x71, 0xa5, 0x93, 0x41, 0x0e, 0x6f, 0xfd, 0x0a, 0xbf, 0xa9, 0xf7, 0x56, 0xa9, 0x3e}, - }, - { /* 31P*/ - addYX: fp.Elt{0xa2, 0x2e, 0x0c, 0x17, 0x4d, 0xcc, 0x85, 0x2c, 0x18, 0xa0, 0xd2, 0x08, 0xba, 0x11, 0xfa, 0x47, 0x71, 0x86, 0xaf, 0x36, 0x6a, 0xd7, 0xfe, 0xb9, 0xb0, 0x2f, 0x89, 0x98, 0x49, 0x69, 0xf8, 0x6a, 0xad, 0x27, 0x5e, 0x0a, 0x22, 0x60, 0x5e, 0x5d, 0xca, 0x06, 0x51, 0x27, 0x99, 0x29, 0x85, 0x68, 0x98, 0xe1, 0xc4, 0x21, 0x50, 0xa0, 0xe9, 0xc1}, - subYX: fp.Elt{0x4d, 0x70, 0xee, 0x91, 0x92, 0x3f, 0xb7, 0xd3, 0x1d, 0xdb, 0x8d, 0x6e, 0x16, 0xf5, 0x65, 0x7d, 0x5f, 0xb5, 0x6c, 0x59, 0x26, 0x70, 0x4b, 0xf2, 0xfc, 0xe7, 0xdf, 0x86, 0xfe, 0xa5, 0xa7, 0xa6, 0x5d, 0xfb, 0x06, 0xe9, 0xf9, 0xcc, 0xc0, 0x37, 0xcc, 0xd8, 0x09, 0x04, 0xd2, 0xa5, 0x1d, 0xd7, 0xb7, 0xce, 0x92, 0xac, 0x3c, 0xad, 0xfb, 0xae}, - dt2: fp.Elt{0x17, 0xa3, 0x9a, 0xc7, 0x86, 0x2a, 0x51, 0xf7, 0x96, 0x79, 0x49, 0x22, 0x2e, 0x5a, 0x01, 0x5c, 0xb5, 0x95, 0xd4, 0xe8, 0xcb, 0x00, 0xca, 0x2d, 0x55, 0xb6, 0x34, 0x36, 0x0b, 0x65, 0x46, 0xf0, 0x49, 0xfc, 0x87, 0x86, 0xe5, 0xc3, 0x15, 0xdb, 0x32, 0xcd, 0xf2, 0xd3, 0x82, 0x4c, 0xe6, 0x61, 0x8a, 0xaf, 0xd4, 0x9e, 0x0f, 0x5a, 0xf2, 0x81}, - }, - { /* 33P*/ - addYX: fp.Elt{0x88, 0x10, 0xc0, 0xcb, 0xf5, 0x77, 0xae, 0xa5, 0xbe, 0xf6, 0xcd, 0x2e, 0x8b, 0x7e, 0xbd, 0x79, 0x62, 0x4a, 0xeb, 0x69, 0xc3, 0x28, 0xaa, 0x72, 0x87, 0xa9, 0x25, 0x87, 0x46, 0xea, 0x0e, 0x62, 0xa3, 0x6a, 0x1a, 0xe2, 0xba, 0xdc, 0x81, 0x10, 0x33, 0x01, 0xf6, 0x16, 0x89, 0x80, 0xc6, 0xcd, 0xdb, 0xdc, 0xba, 0x0e, 0x09, 0x4a, 0x35, 0x4a}, - subYX: fp.Elt{0x86, 0xb2, 0x2b, 0xd0, 0xb8, 0x4a, 0x6d, 0x66, 0x7b, 0x32, 0xdf, 0x3b, 0x1a, 0x19, 0x1f, 0x63, 0xee, 0x1f, 0x3d, 0x1c, 0x5c, 0x14, 0x60, 0x5b, 0x72, 0x49, 0x07, 0xb1, 0x0d, 0x72, 0xc6, 0x35, 0xf0, 0xbc, 0x5e, 0xda, 0x80, 0x6b, 0x64, 0x5b, 0xe5, 0x34, 0x54, 0x39, 0xdd, 0xe6, 0x3c, 0xcb, 0xe5, 0x29, 0x32, 0x06, 0xc6, 0xb1, 0x96, 0x34}, - dt2: fp.Elt{0x85, 0x86, 0xf5, 0x84, 0x86, 0xe6, 0x77, 0x8a, 0x71, 0x85, 0x0c, 0x4f, 0x81, 0x5b, 0x29, 0x06, 0xb5, 0x2e, 0x26, 0x71, 0x07, 0x78, 0x07, 0xae, 0xbc, 0x95, 0x46, 0xc3, 0x65, 0xac, 0xe3, 0x76, 0x51, 0x7d, 0xd4, 0x85, 0x31, 0xe3, 0x43, 0xf3, 0x1b, 0x7c, 0xf7, 0x6b, 0x2c, 0xf8, 0x1c, 0xbb, 0x8d, 0xca, 0xab, 0x4b, 0xba, 0x7f, 0xa4, 0xe2}, - }, - { /* 35P*/ - addYX: fp.Elt{0x1a, 0xee, 0xe7, 0xa4, 0x8a, 0x9d, 0x53, 0x80, 0xc6, 0xb8, 0x4e, 0xdc, 0x89, 0xe0, 0xc4, 0x2b, 0x60, 0x52, 0x6f, 0xec, 0x81, 0xd2, 0x55, 0x6b, 0x1b, 0x6f, 0x17, 0x67, 0x8e, 0x42, 0x26, 0x4c, 0x65, 0x23, 0x29, 0xc6, 0x7b, 0xcd, 0x9f, 0xad, 0x4b, 0x42, 0xd3, 0x0c, 0x75, 0xc3, 0x8a, 0xf5, 0xbe, 0x9e, 0x55, 0xf7, 0x47, 0x5d, 0xbd, 0x3a}, - subYX: fp.Elt{0x0d, 0xa8, 0x3b, 0xf9, 0xc7, 0x7e, 0xc6, 0x86, 0x94, 0xc0, 0x01, 0xff, 0x27, 0xce, 0x43, 0xac, 0xe5, 0xe1, 0xd2, 0x8d, 0xc1, 0x22, 0x31, 0xbe, 0xe1, 0xaf, 0xf9, 0x4a, 0x78, 0xa1, 0x0c, 0xaa, 0xd4, 0x80, 0xe4, 0x09, 0x8d, 0xfb, 0x1d, 0x52, 0xc8, 0x60, 0x2d, 0xf2, 0xa2, 0x89, 0x02, 0x56, 0x3d, 0x56, 0x27, 0x85, 0xc7, 0xf0, 0x2b, 0x9a}, - dt2: fp.Elt{0x62, 0x7c, 0xc7, 0x6b, 0x2c, 0x9d, 0x0a, 0x7c, 0xe5, 0x50, 0x3c, 0xe6, 0x87, 0x1c, 0x82, 0x30, 0x67, 0x3c, 0x39, 0xb6, 0xa0, 0x31, 0xfb, 0x03, 0x7b, 0xa1, 0x58, 0xdf, 0x12, 0x76, 0x5d, 0x5d, 0x0a, 0x8f, 0x9b, 0x37, 0x32, 0xc3, 0x60, 0x33, 0xea, 0x9f, 0x0a, 0x99, 0xfa, 0x20, 0xd0, 0x33, 0x21, 0xc3, 0x94, 0xd4, 0x86, 0x49, 0x7c, 0x4e}, - }, - { /* 37P*/ - addYX: fp.Elt{0xc7, 0x0c, 0x71, 0xfe, 0x55, 0xd1, 0x95, 0x8f, 0x43, 0xbb, 0x6b, 0x74, 0x30, 0xbd, 0xe8, 0x6f, 0x1c, 0x1b, 0x06, 0x62, 0xf5, 0xfc, 0x65, 0xa0, 0xeb, 0x81, 0x12, 0xc9, 0x64, 0x66, 0x61, 0xde, 0xf3, 0x6d, 0xd4, 0xae, 0x8e, 0xb1, 0x72, 0xe0, 0xcd, 0x37, 0x01, 0x28, 0x52, 0xd7, 0x39, 0x46, 0x0c, 0x55, 0xcf, 0x47, 0x70, 0xef, 0xa1, 0x17}, - subYX: fp.Elt{0x8d, 0x58, 0xde, 0x83, 0x88, 0x16, 0x0e, 0x12, 0x42, 0x03, 0x50, 0x60, 0x4b, 0xdf, 0xbf, 0x95, 0xcc, 0x7d, 0x18, 0x17, 0x7e, 0x31, 0x5d, 0x8a, 0x66, 0xc1, 0xcf, 0x14, 0xea, 0xf4, 0xf4, 0xe5, 0x63, 0x2d, 0x32, 0x86, 0x9b, 0xed, 0x1f, 0x4f, 0x03, 0xaf, 0x33, 0x92, 0xcb, 0xaf, 0x9c, 0x05, 0x0d, 0x47, 0x1b, 0x42, 0xba, 0x13, 0x22, 0x98}, - dt2: fp.Elt{0xb5, 0x48, 0xeb, 0x7d, 0x3d, 0x10, 0x9f, 0x59, 0xde, 0xf8, 0x1c, 0x4f, 0x7d, 0x9d, 0x40, 0x4d, 0x9e, 0x13, 0x24, 0xb5, 0x21, 0x09, 0xb7, 0xee, 0x98, 0x5c, 0x56, 0xbc, 0x5e, 0x2b, 0x78, 0x38, 0x06, 0xac, 0xe3, 0xe0, 0xfa, 0x2e, 0xde, 0x4f, 0xd2, 0xb3, 0xfb, 0x2d, 0x71, 0x84, 0xd1, 0x9d, 0x12, 0x5b, 0x35, 0xc8, 0x03, 0x68, 0x67, 0xc7}, - }, - { /* 39P*/ - addYX: fp.Elt{0xb6, 0x65, 0xfb, 0xa7, 0x06, 0x35, 0xbb, 0xe0, 0x31, 0x8d, 0x91, 0x40, 0x98, 0xab, 0x30, 0xe4, 0xca, 0x12, 0x59, 0x89, 0xed, 0x65, 0x5d, 0x7f, 0xae, 0x69, 0xa0, 0xa4, 0xfa, 0x78, 0xb4, 0xf7, 0xed, 0xae, 0x86, 0x78, 0x79, 0x64, 0x24, 0xa6, 0xd4, 0xe1, 0xf6, 0xd3, 0xa0, 0x89, 0xba, 0x20, 0xf4, 0x54, 0x0d, 0x8f, 0xdb, 0x1a, 0x79, 0xdb}, - subYX: fp.Elt{0xe1, 0x82, 0x0c, 0x4d, 0xde, 0x9f, 0x40, 0xf0, 0xc1, 0xbd, 0x8b, 0xd3, 0x24, 0x03, 0xcd, 0xf2, 0x92, 0x7d, 0xe2, 0x68, 0x7f, 0xf1, 0xbe, 0x69, 0xde, 0x34, 0x67, 0x4c, 0x85, 0x3b, 0xec, 0x98, 0xcc, 0x4d, 0x3e, 0xc0, 0x96, 0x27, 0xe6, 0x75, 0xfc, 0xdf, 0x37, 0xc0, 0x1e, 0x27, 0xe0, 0xf6, 0xc2, 0xbd, 0xbc, 0x3d, 0x9b, 0x39, 0xdc, 0xe2}, - dt2: fp.Elt{0xd8, 0x29, 0xa7, 0x39, 0xe3, 0x9f, 0x2f, 0x0e, 0x4b, 0x24, 0x21, 0x70, 0xef, 0xfd, 0x91, 0xea, 0xbf, 0xe1, 0x72, 0x90, 0xcc, 0xc9, 0x84, 0x0e, 0xad, 0xd5, 0xe6, 0xbb, 0xc5, 0x99, 0x7f, 0xa4, 0xf0, 0x2e, 0xcc, 0x95, 0x64, 0x27, 0x19, 0xd8, 0x4c, 0x27, 0x0d, 0xff, 0xb6, 0x29, 0xe2, 0x6c, 0xfa, 0xbb, 0x4d, 0x9c, 0xbb, 0xaf, 0xa5, 0xec}, - }, - { /* 41P*/ - addYX: fp.Elt{0xd6, 0x33, 0x3f, 0x9f, 0xcf, 0xfd, 0x4c, 0xd1, 0xfe, 0xe5, 0xeb, 0x64, 0x27, 0xae, 0x7a, 0xa2, 0x82, 0x50, 0x6d, 0xaa, 0xe3, 0x5d, 0xe2, 0x48, 0x60, 0xb3, 0x76, 0x04, 0xd9, 0x19, 0xa7, 0xa1, 0x73, 0x8d, 0x38, 0xa9, 0xaf, 0x45, 0xb5, 0xb2, 0x62, 0x9b, 0xf1, 0x35, 0x7b, 0x84, 0x66, 0xeb, 0x06, 0xef, 0xf1, 0xb2, 0x2d, 0x6a, 0x61, 0x15}, - subYX: fp.Elt{0x86, 0x50, 0x42, 0xf7, 0xda, 0x59, 0xb2, 0xcf, 0x0d, 0x3d, 0xee, 0x8e, 0x53, 0x5d, 0xf7, 0x9e, 0x6a, 0x26, 0x2d, 0xc7, 0x8c, 0x8e, 0x18, 0x50, 0x6d, 0xb7, 0x51, 0x4c, 0xa7, 0x52, 0x6e, 0x0e, 0x0a, 0x16, 0x74, 0xb2, 0x81, 0x8b, 0x56, 0x27, 0x22, 0x84, 0xf4, 0x56, 0xc5, 0x06, 0xe1, 0x8b, 0xca, 0x2d, 0xdb, 0x9a, 0xf6, 0x10, 0x9c, 0x51}, - dt2: fp.Elt{0x1f, 0x16, 0xa2, 0x78, 0x96, 0x1b, 0x85, 0x9c, 0x76, 0x49, 0xd4, 0x0f, 0xac, 0xb0, 0xf4, 0xd0, 0x06, 0x2c, 0x7e, 0x6d, 0x6e, 0x8e, 0xc7, 0x9f, 0x18, 0xad, 0xfc, 0x88, 0x0c, 0x0c, 0x09, 0x05, 0x05, 0xa0, 0x79, 0x72, 0x32, 0x72, 0x87, 0x0f, 0x49, 0x87, 0x0c, 0xb4, 0x12, 0xc2, 0x09, 0xf8, 0x9f, 0x30, 0x72, 0xa9, 0x47, 0x13, 0x93, 0x49}, - }, - { /* 43P*/ - addYX: fp.Elt{0xcc, 0xb1, 0x4c, 0xd3, 0xc0, 0x9e, 0x9e, 0x4d, 0x6d, 0x28, 0x0b, 0xa5, 0x94, 0xa7, 0x2e, 0xc2, 0xc7, 0xaf, 0x29, 0x73, 0xc9, 0x68, 0xea, 0x0f, 0x34, 0x37, 0x8d, 0x96, 0x8f, 0x3a, 0x3d, 0x73, 0x1e, 0x6d, 0x9f, 0xcf, 0x8d, 0x83, 0xb5, 0x71, 0xb9, 0xe1, 0x4b, 0x67, 0x71, 0xea, 0xcf, 0x56, 0xe5, 0xeb, 0x72, 0x15, 0x2f, 0x9e, 0xa8, 0xaa}, - subYX: fp.Elt{0xf4, 0x3e, 0x85, 0x1c, 0x1a, 0xef, 0x50, 0xd1, 0xb4, 0x20, 0xb2, 0x60, 0x05, 0x98, 0xfe, 0x47, 0x3b, 0xc1, 0x76, 0xca, 0x2c, 0x4e, 0x5a, 0x42, 0xa3, 0xf7, 0x20, 0xaa, 0x57, 0x39, 0xee, 0x34, 0x1f, 0xe1, 0x68, 0xd3, 0x7e, 0x06, 0xc4, 0x6c, 0xc7, 0x76, 0x2b, 0xe4, 0x1c, 0x48, 0x44, 0xe6, 0xe5, 0x44, 0x24, 0x8d, 0xb3, 0xb6, 0x88, 0x32}, - dt2: fp.Elt{0x18, 0xa7, 0xba, 0xd0, 0x44, 0x6f, 0x33, 0x31, 0x00, 0xf8, 0xf6, 0x12, 0xe3, 0xc5, 0xc7, 0xb5, 0x91, 0x9c, 0x91, 0xb5, 0x75, 0x18, 0x18, 0x8a, 0xab, 0xed, 0x24, 0x11, 0x2e, 0xce, 0x5a, 0x0f, 0x94, 0x5f, 0x2e, 0xca, 0xd3, 0x80, 0xea, 0xe5, 0x34, 0x96, 0x67, 0x8b, 0x6a, 0x26, 0x5e, 0xc8, 0x9d, 0x2c, 0x5e, 0x6c, 0xa2, 0x0c, 0xbf, 0xf0}, - }, - { /* 45P*/ - addYX: fp.Elt{0xb3, 0xbf, 0xa3, 0x85, 0xee, 0xf6, 0x58, 0x02, 0x78, 0xc4, 0x30, 0xd6, 0x57, 0x59, 0x8c, 0x88, 0x08, 0x7c, 0xbc, 0xbe, 0x0a, 0x74, 0xa9, 0xde, 0x69, 0xe7, 0x41, 0xd8, 0xbf, 0x66, 0x8d, 0x3d, 0x28, 0x00, 0x8c, 0x47, 0x65, 0x34, 0xfe, 0x86, 0x9e, 0x6a, 0xf2, 0x41, 0x6a, 0x94, 0xc4, 0x88, 0x75, 0x23, 0x0d, 0x52, 0x69, 0xee, 0x07, 0x89}, - subYX: fp.Elt{0x22, 0x3c, 0xa1, 0x70, 0x58, 0x97, 0x93, 0xbe, 0x59, 0xa8, 0x0b, 0x8a, 0x46, 0x2a, 0x38, 0x1e, 0x08, 0x6b, 0x61, 0x9f, 0xf2, 0x4a, 0x8b, 0x80, 0x68, 0x6e, 0xc8, 0x92, 0x60, 0xf3, 0xc9, 0x89, 0xb2, 0x6d, 0x63, 0xb0, 0xeb, 0x83, 0x15, 0x63, 0x0e, 0x64, 0xbb, 0xb8, 0xfe, 0xb4, 0x81, 0x90, 0x01, 0x28, 0x10, 0xb9, 0x74, 0x6e, 0xde, 0xa4}, - dt2: fp.Elt{0x1a, 0x23, 0x45, 0xa8, 0x6f, 0x4e, 0xa7, 0x4a, 0x0c, 0xeb, 0xb0, 0x43, 0xf9, 0xef, 0x99, 0x60, 0x5b, 0xdb, 0x66, 0xc0, 0x86, 0x71, 0x43, 0xb1, 0x22, 0x7b, 0x1c, 0xe7, 0x8d, 0x09, 0x1d, 0x83, 0x76, 0x9c, 0xd3, 0x5a, 0xdd, 0x42, 0xd9, 0x2f, 0x2d, 0xba, 0x7a, 0xc2, 0xd9, 0x6b, 0xd4, 0x7a, 0xf1, 0xd5, 0x5f, 0x6b, 0x85, 0xbf, 0x0b, 0xf1}, - }, - { /* 47P*/ - addYX: fp.Elt{0xb2, 0x83, 0xfa, 0x1f, 0xd2, 0xce, 0xb6, 0xf2, 0x2d, 0xea, 0x1b, 0xe5, 0x29, 0xa5, 0x72, 0xf9, 0x25, 0x48, 0x4e, 0xf2, 0x50, 0x1b, 0x39, 0xda, 0x34, 0xc5, 0x16, 0x13, 0xb4, 0x0c, 0xa1, 0x00, 0x79, 0x7a, 0xf5, 0x8b, 0xf3, 0x70, 0x14, 0xb6, 0xfc, 0x9a, 0x47, 0x68, 0x1e, 0x42, 0x70, 0x64, 0x2a, 0x84, 0x3e, 0x3d, 0x20, 0x58, 0xf9, 0x6a}, - subYX: fp.Elt{0xd9, 0xee, 0xc0, 0xc4, 0xf5, 0xc2, 0x86, 0xaf, 0x45, 0xd2, 0xd2, 0x87, 0x1b, 0x64, 0xd5, 0xe0, 0x8c, 0x44, 0x00, 0x4f, 0x43, 0x89, 0x04, 0x48, 0x4a, 0x0b, 0xca, 0x94, 0x06, 0x2f, 0x23, 0x5b, 0x6c, 0x8d, 0x44, 0x66, 0x53, 0xf5, 0x5a, 0x20, 0x72, 0x28, 0x58, 0x84, 0xcc, 0x73, 0x22, 0x5e, 0xd1, 0x0b, 0x56, 0x5e, 0x6a, 0xa3, 0x11, 0x91}, - dt2: fp.Elt{0x6e, 0x9f, 0x88, 0xa8, 0x68, 0x2f, 0x12, 0x37, 0x88, 0xfc, 0x92, 0x8f, 0x24, 0xeb, 0x5b, 0x2a, 0x2a, 0xd0, 0x14, 0x40, 0x4c, 0xa9, 0xa4, 0x03, 0x0c, 0x45, 0x48, 0x13, 0xe8, 0xa6, 0x37, 0xab, 0xc0, 0x06, 0x38, 0x6c, 0x96, 0x73, 0x40, 0x6c, 0xc6, 0xea, 0x56, 0xc6, 0xe9, 0x1a, 0x69, 0xeb, 0x7a, 0xd1, 0x33, 0x69, 0x58, 0x2b, 0xea, 0x2f}, - }, - { /* 49P*/ - addYX: fp.Elt{0x58, 0xa8, 0x05, 0x41, 0x00, 0x9d, 0xaa, 0xd9, 0x98, 0xcf, 0xb9, 0x41, 0xb5, 0x4a, 0x8d, 0xe2, 0xe7, 0xc0, 0x72, 0xef, 0xc8, 0x28, 0x6b, 0x68, 0x9d, 0xc9, 0xdf, 0x05, 0x8b, 0xd0, 0x04, 0x74, 0x79, 0x45, 0x52, 0x05, 0xa3, 0x6e, 0x35, 0x3a, 0xe3, 0xef, 0xb2, 0xdc, 0x08, 0x6f, 0x4e, 0x76, 0x85, 0x67, 0xba, 0x23, 0x8f, 0xdd, 0xaf, 0x09}, - subYX: fp.Elt{0xb4, 0x38, 0xc8, 0xff, 0x4f, 0x65, 0x2a, 0x7e, 0xad, 0xb1, 0xc6, 0xb9, 0x3d, 0xd6, 0xf7, 0x14, 0xcf, 0xf6, 0x98, 0x75, 0xbb, 0x47, 0x83, 0x90, 0xe7, 0xe1, 0xf6, 0x14, 0x99, 0x7e, 0xfa, 0xe4, 0x77, 0x24, 0xe3, 0xe7, 0xf0, 0x1e, 0xdb, 0x27, 0x4e, 0x16, 0x04, 0xf2, 0x08, 0x52, 0xfc, 0xec, 0x55, 0xdb, 0x2e, 0x67, 0xe1, 0x94, 0x32, 0x89}, - dt2: fp.Elt{0x00, 0xad, 0x03, 0x35, 0x1a, 0xb1, 0x88, 0xf0, 0xc9, 0x11, 0xe4, 0x12, 0x52, 0x61, 0xfd, 0x8a, 0x1b, 0x6a, 0x0a, 0x4c, 0x42, 0x46, 0x22, 0x0e, 0xa5, 0xf9, 0xe2, 0x50, 0xf2, 0xb2, 0x1f, 0x20, 0x78, 0x10, 0xf6, 0xbf, 0x7f, 0x0c, 0x9c, 0xad, 0x40, 0x8b, 0x82, 0xd4, 0xba, 0x69, 0x09, 0xac, 0x4b, 0x6d, 0xc4, 0x49, 0x17, 0x81, 0x57, 0x3b}, - }, - { /* 51P*/ - addYX: fp.Elt{0x0d, 0xfe, 0xb4, 0x35, 0x11, 0xbd, 0x1d, 0x6b, 0xc2, 0xc5, 0x3b, 0xd2, 0x23, 0x2c, 0x72, 0xe3, 0x48, 0xb1, 0x48, 0x73, 0xfb, 0xa3, 0x21, 0x6e, 0xc0, 0x09, 0x69, 0xac, 0xe1, 0x60, 0xbc, 0x24, 0x03, 0x99, 0x63, 0x0a, 0x00, 0xf0, 0x75, 0xf6, 0x92, 0xc5, 0xd6, 0xdb, 0x51, 0xd4, 0x7d, 0xe6, 0xf4, 0x11, 0x79, 0xd7, 0xc3, 0xaf, 0x48, 0xd0}, - subYX: fp.Elt{0xf4, 0x4f, 0xaf, 0x31, 0xe3, 0x10, 0x89, 0x95, 0xf0, 0x8a, 0xf6, 0x31, 0x9f, 0x48, 0x02, 0xba, 0x42, 0x2b, 0x3c, 0x22, 0x8b, 0xcc, 0x12, 0x98, 0x6e, 0x7a, 0x64, 0x3a, 0xc4, 0xca, 0x32, 0x2a, 0x72, 0xf8, 0x2c, 0xcf, 0x78, 0x5e, 0x7a, 0x75, 0x6e, 0x72, 0x46, 0x48, 0x62, 0x28, 0xac, 0x58, 0x1a, 0xc6, 0x59, 0x88, 0x2a, 0x44, 0x9e, 0x83}, - dt2: fp.Elt{0xb3, 0xde, 0x36, 0xfd, 0xeb, 0x1b, 0xd4, 0x24, 0x1b, 0x08, 0x8c, 0xfe, 0xa9, 0x41, 0xa1, 0x64, 0xf2, 0x6d, 0xdb, 0xf9, 0x94, 0xae, 0x86, 0x71, 0xab, 0x10, 0xbf, 0xa3, 0xb2, 0xa0, 0xdf, 0x10, 0x8c, 0x74, 0xce, 0xb3, 0xfc, 0xdb, 0xba, 0x15, 0xf6, 0x91, 0x7a, 0x9c, 0x36, 0x1e, 0x45, 0x07, 0x3c, 0xec, 0x1a, 0x61, 0x26, 0x93, 0xe3, 0x50}, - }, - { /* 53P*/ - addYX: fp.Elt{0xc5, 0x50, 0xc5, 0x83, 0xb0, 0xbd, 0xd9, 0xf6, 0x6d, 0x15, 0x5e, 0xc1, 0x1a, 0x33, 0xa0, 0xce, 0x13, 0x70, 0x3b, 0xe1, 0x31, 0xc6, 0xc4, 0x02, 0xec, 0x8c, 0xd5, 0x9c, 0x97, 0xd3, 0x12, 0xc4, 0xa2, 0xf9, 0xd5, 0xfb, 0x22, 0x69, 0x94, 0x09, 0x2f, 0x59, 0xce, 0xdb, 0xf2, 0xf2, 0x00, 0xe0, 0xa9, 0x08, 0x44, 0x2e, 0x8b, 0x6b, 0xf5, 0xb3}, - subYX: fp.Elt{0x90, 0xdd, 0xec, 0xa2, 0x65, 0xb7, 0x61, 0xbc, 0xaa, 0x70, 0xa2, 0x15, 0xd8, 0xb0, 0xf8, 0x8e, 0x23, 0x3d, 0x9f, 0x46, 0xa3, 0x29, 0x20, 0xd1, 0xa1, 0x15, 0x81, 0xc6, 0xb6, 0xde, 0xbe, 0x60, 0x63, 0x24, 0xac, 0x15, 0xfb, 0xeb, 0xd3, 0xea, 0x57, 0x13, 0x86, 0x38, 0x1e, 0x22, 0xf4, 0x8c, 0x5d, 0xaf, 0x1b, 0x27, 0x21, 0x4f, 0xa3, 0x63}, - dt2: fp.Elt{0x07, 0x15, 0x87, 0xc4, 0xfd, 0xa1, 0x97, 0x7a, 0x07, 0x1f, 0x56, 0xcc, 0xe3, 0x6a, 0x01, 0x90, 0xce, 0xf9, 0xfa, 0x50, 0xb2, 0xe0, 0x87, 0x8b, 0x6c, 0x63, 0x6c, 0xf6, 0x2a, 0x09, 0xef, 0xef, 0xd2, 0x31, 0x40, 0x25, 0xf6, 0x84, 0xcb, 0xe0, 0xc4, 0x23, 0xc1, 0xcb, 0xe2, 0x02, 0x83, 0x2d, 0xed, 0x74, 0x74, 0x8b, 0xf8, 0x7c, 0x81, 0x18}, - }, - { /* 55P*/ - addYX: fp.Elt{0x9e, 0xe5, 0x59, 0x95, 0x63, 0x2e, 0xac, 0x8b, 0x03, 0x3c, 0xc1, 0x8e, 0xe1, 0x5b, 0x56, 0x3c, 0x16, 0x41, 0xe4, 0xc2, 0x60, 0x0c, 0x6d, 0x65, 0x9f, 0xfc, 0x27, 0x68, 0x43, 0x44, 0x05, 0x12, 0x6c, 0xda, 0x04, 0xef, 0xcf, 0xcf, 0xdc, 0x0a, 0x1a, 0x7f, 0x12, 0xd3, 0xeb, 0x02, 0xb6, 0x04, 0xca, 0xd6, 0xcb, 0xf0, 0x22, 0xba, 0x35, 0x6d}, - subYX: fp.Elt{0x09, 0x6d, 0xf9, 0x64, 0x4c, 0xe6, 0x41, 0xff, 0x01, 0x4d, 0xce, 0x1e, 0xfa, 0x38, 0xa2, 0x25, 0x62, 0xff, 0x03, 0x39, 0x18, 0x91, 0xbb, 0x9d, 0xce, 0x02, 0xf0, 0xf1, 0x3c, 0x55, 0x18, 0xa9, 0xab, 0x4d, 0xd2, 0x35, 0xfd, 0x8d, 0xa9, 0xb2, 0xad, 0xb7, 0x06, 0x6e, 0xc6, 0x69, 0x49, 0xd6, 0x98, 0x98, 0x0b, 0x22, 0x81, 0x6b, 0xbd, 0xa0}, - dt2: fp.Elt{0x22, 0xf4, 0x85, 0x5d, 0x2b, 0xf1, 0x55, 0xa5, 0xd6, 0x27, 0x86, 0x57, 0x12, 0x1f, 0x16, 0x0a, 0x5a, 0x9b, 0xf2, 0x38, 0xb6, 0x28, 0xd8, 0x99, 0x0c, 0x89, 0x1d, 0x7f, 0xca, 0x21, 0x17, 0x1a, 0x0b, 0x02, 0x5f, 0x77, 0x2f, 0x73, 0x30, 0x7c, 0xc8, 0xd7, 0x2b, 0xcc, 0xe7, 0xf3, 0x21, 0xac, 0x53, 0xa7, 0x11, 0x5d, 0xd8, 0x1d, 0x9b, 0xf5}, - }, - { /* 57P*/ - addYX: fp.Elt{0x94, 0x63, 0x5d, 0xef, 0xfd, 0x6d, 0x25, 0x4e, 0x6d, 0x29, 0x03, 0xed, 0x24, 0x28, 0x27, 0x57, 0x47, 0x3e, 0x6a, 0x1a, 0xfe, 0x37, 0xee, 0x5f, 0x83, 0x29, 0x14, 0xfd, 0x78, 0x25, 0x8a, 0xe1, 0x02, 0x38, 0xd8, 0xca, 0x65, 0x55, 0x40, 0x7d, 0x48, 0x2c, 0x7c, 0x7e, 0x60, 0xb6, 0x0c, 0x6d, 0xf7, 0xe8, 0xb3, 0x62, 0x53, 0xd6, 0x9c, 0x2b}, - subYX: fp.Elt{0x47, 0x25, 0x70, 0x62, 0xf5, 0x65, 0x93, 0x62, 0x08, 0xac, 0x59, 0x66, 0xdb, 0x08, 0xd9, 0x1a, 0x19, 0xaf, 0xf4, 0xef, 0x02, 0xa2, 0x78, 0xa9, 0x55, 0x1c, 0xfa, 0x08, 0x11, 0xcb, 0xa3, 0x71, 0x74, 0xb1, 0x62, 0xe7, 0xc7, 0xf3, 0x5a, 0xb5, 0x8b, 0xd4, 0xf6, 0x10, 0x57, 0x79, 0x72, 0x2f, 0x13, 0x86, 0x7b, 0x44, 0x5f, 0x48, 0xfd, 0x88}, - dt2: fp.Elt{0x10, 0x02, 0xcd, 0x05, 0x9a, 0xc3, 0x32, 0x6d, 0x10, 0x3a, 0x74, 0xba, 0x06, 0xc4, 0x3b, 0x34, 0xbc, 0x36, 0xed, 0xa3, 0xba, 0x9a, 0xdb, 0x6d, 0xd4, 0x69, 0x99, 0x97, 0xd0, 0xe4, 0xdd, 0xf5, 0xd4, 0x7c, 0xd3, 0x4e, 0xab, 0xd1, 0x3b, 0xbb, 0xe9, 0xc7, 0x6a, 0x94, 0x25, 0x61, 0xf0, 0x06, 0xc5, 0x12, 0xa8, 0x86, 0xe5, 0x35, 0x46, 0xeb}, - }, - { /* 59P*/ - addYX: fp.Elt{0x9e, 0x95, 0x11, 0xc6, 0xc7, 0xe8, 0xee, 0x5a, 0x26, 0xa0, 0x72, 0x72, 0x59, 0x91, 0x59, 0x16, 0x49, 0x99, 0x7e, 0xbb, 0xd7, 0x15, 0xb4, 0xf2, 0x40, 0xf9, 0x5a, 0x4d, 0xc8, 0xa0, 0xe2, 0x34, 0x7b, 0x34, 0xf3, 0x99, 0xbf, 0xa9, 0xf3, 0x79, 0xc1, 0x1a, 0x0c, 0xf4, 0x86, 0x74, 0x4e, 0xcb, 0xbc, 0x90, 0xad, 0xb6, 0x51, 0x6d, 0xaa, 0x33}, - subYX: fp.Elt{0x9f, 0xd1, 0xc5, 0xa2, 0x6c, 0x24, 0x88, 0x15, 0x71, 0x68, 0xf6, 0x07, 0x45, 0x02, 0xc4, 0x73, 0x7e, 0x75, 0x87, 0xca, 0x7c, 0xf0, 0x92, 0x00, 0x75, 0xd6, 0x5a, 0xdd, 0xe0, 0x64, 0x16, 0x9d, 0x62, 0x80, 0x33, 0x9f, 0xf4, 0x8e, 0x1a, 0x15, 0x1c, 0xd3, 0x0f, 0x4d, 0x4f, 0x62, 0x2d, 0xd7, 0xa5, 0x77, 0xe3, 0xea, 0xf0, 0xfb, 0x1a, 0xdb}, - dt2: fp.Elt{0x6a, 0xa2, 0xb1, 0xaa, 0xfb, 0x5a, 0x32, 0x4e, 0xff, 0x47, 0x06, 0xd5, 0x9a, 0x4f, 0xce, 0x83, 0x5b, 0x82, 0x34, 0x3e, 0x47, 0xb8, 0xf8, 0xe9, 0x7c, 0x67, 0x69, 0x8d, 0x9c, 0xb7, 0xde, 0x57, 0xf4, 0x88, 0x41, 0x56, 0x0c, 0x87, 0x1e, 0xc9, 0x2f, 0x54, 0xbf, 0x5c, 0x68, 0x2c, 0xd9, 0xc4, 0xef, 0x53, 0x73, 0x1e, 0xa6, 0x38, 0x02, 0x10}, - }, - { /* 61P*/ - addYX: fp.Elt{0x08, 0x80, 0x4a, 0xc9, 0xb7, 0xa8, 0x88, 0xd9, 0xfc, 0x6a, 0xc0, 0x3e, 0xc2, 0x33, 0x4d, 0x2b, 0x2a, 0xa3, 0x6d, 0x72, 0x3e, 0xdc, 0x34, 0x68, 0x08, 0xbf, 0x27, 0xef, 0xf4, 0xff, 0xe2, 0x0c, 0x31, 0x0c, 0xa2, 0x0a, 0x1f, 0x65, 0xc1, 0x4c, 0x61, 0xd3, 0x1b, 0xbc, 0x25, 0xb1, 0xd0, 0xd4, 0x89, 0xb2, 0x53, 0xfb, 0x43, 0xa5, 0xaf, 0x04}, - subYX: fp.Elt{0xe3, 0xe1, 0x37, 0xad, 0x58, 0xa9, 0x55, 0x81, 0xee, 0x64, 0x21, 0xb9, 0xf5, 0x4c, 0x35, 0xea, 0x4a, 0xd3, 0x26, 0xaa, 0x90, 0xd4, 0x60, 0x46, 0x09, 0x4b, 0x4a, 0x62, 0xf9, 0xcd, 0xe1, 0xee, 0xbb, 0xc2, 0x09, 0x0b, 0xb0, 0x96, 0x8e, 0x43, 0x77, 0xaf, 0x25, 0x20, 0x5e, 0x47, 0xe4, 0x1d, 0x50, 0x69, 0x74, 0x08, 0xd7, 0xb9, 0x90, 0x13}, - dt2: fp.Elt{0x51, 0x91, 0x95, 0x64, 0x03, 0x16, 0xfd, 0x6e, 0x26, 0x94, 0x6b, 0x61, 0xe7, 0xd9, 0xe0, 0x4a, 0x6d, 0x7c, 0xfa, 0xc0, 0xe2, 0x43, 0x23, 0x53, 0x70, 0xf5, 0x6f, 0x73, 0x8b, 0x81, 0xb0, 0x0c, 0xee, 0x2e, 0x46, 0xf2, 0x8d, 0xa6, 0xfb, 0xb5, 0x1c, 0x33, 0xbf, 0x90, 0x59, 0xc9, 0x7c, 0xb8, 0x6f, 0xad, 0x75, 0x02, 0x90, 0x8e, 0x59, 0x75}, - }, - { /* 63P*/ - addYX: fp.Elt{0x36, 0x4d, 0x77, 0x04, 0xb8, 0x7d, 0x4a, 0xd1, 0xc5, 0xbb, 0x7b, 0x50, 0x5f, 0x8d, 0x9d, 0x62, 0x0f, 0x66, 0x71, 0xec, 0x87, 0xc5, 0x80, 0x82, 0xc8, 0xf4, 0x6a, 0x94, 0x92, 0x5b, 0xb0, 0x16, 0x9b, 0xb2, 0xc9, 0x6f, 0x2b, 0x2d, 0xee, 0x95, 0x73, 0x2e, 0xc2, 0x1b, 0xc5, 0x55, 0x36, 0x86, 0x24, 0xf8, 0x20, 0x05, 0x0d, 0x93, 0xd7, 0x76}, - subYX: fp.Elt{0x7f, 0x01, 0xeb, 0x2e, 0x48, 0x4d, 0x1d, 0xf1, 0x06, 0x7e, 0x7c, 0x2a, 0x43, 0xbf, 0x28, 0xac, 0xe9, 0x58, 0x13, 0xc8, 0xbf, 0x8e, 0xc0, 0xef, 0xe8, 0x4f, 0x46, 0x8a, 0xe7, 0xc0, 0xf6, 0x0f, 0x0a, 0x03, 0x48, 0x91, 0x55, 0x39, 0x2a, 0xe3, 0xdc, 0xf6, 0x22, 0x9d, 0x4d, 0x71, 0x55, 0x68, 0x25, 0x6e, 0x95, 0x52, 0xee, 0x4c, 0xd9, 0x01}, - dt2: fp.Elt{0xac, 0x33, 0x3f, 0x7c, 0x27, 0x35, 0x15, 0x91, 0x33, 0x8d, 0xf9, 0xc4, 0xf4, 0xf3, 0x90, 0x09, 0x75, 0x69, 0x62, 0x9f, 0x61, 0x35, 0x83, 0x92, 0x04, 0xef, 0x96, 0x38, 0x80, 0x9e, 0x88, 0xb3, 0x67, 0x95, 0xbe, 0x79, 0x3c, 0x35, 0xd8, 0xdc, 0xb2, 0x3e, 0x2d, 0xe6, 0x46, 0xbe, 0x81, 0xf3, 0x32, 0x0e, 0x37, 0x23, 0x75, 0x2a, 0x3d, 0xa0}, - }, -} diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go deleted file mode 100644 index f6ac5edbbb..0000000000 --- a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go +++ /dev/null @@ -1,62 +0,0 @@ -package goldilocks - -import ( - "crypto/subtle" - - mlsb "github.com/cloudflare/circl/math/mlsbset" -) - -const ( - // MLSBRecoding parameters - fxT = 448 - fxV = 2 - fxW = 3 - fx2w1 = 1 << (uint(fxW) - 1) -) - -// ScalarBaseMult returns kG where G is the generator point. -func (e twistCurve) ScalarBaseMult(k *Scalar) *twistPoint { - m, err := mlsb.New(fxT, fxV, fxW) - if err != nil { - panic(err) - } - if m.IsExtended() { - panic("not extended") - } - - var isZero int - if k.IsZero() { - isZero = 1 - } - subtle.ConstantTimeCopy(isZero, k[:], order[:]) - - minusK := *k - isEven := 1 - int(k[0]&0x1) - minusK.Neg() - subtle.ConstantTimeCopy(isEven, k[:], minusK[:]) - c, err := m.Encode(k[:]) - if err != nil { - panic(err) - } - - gP := c.Exp(groupMLSB{}) - P := gP.(*twistPoint) - P.cneg(uint(isEven)) - return P -} - -type groupMLSB struct{} - -func (e groupMLSB) ExtendedEltP() mlsb.EltP { return nil } -func (e groupMLSB) Sqr(x mlsb.EltG) { x.(*twistPoint).Double() } -func (e groupMLSB) Mul(x mlsb.EltG, y mlsb.EltP) { x.(*twistPoint).mixAddZ1(y.(*preTwistPointAffine)) } -func (e groupMLSB) Identity() mlsb.EltG { return twistCurve{}.Identity() } -func (e groupMLSB) NewEltP() mlsb.EltP { return &preTwistPointAffine{} } -func (e groupMLSB) Lookup(a mlsb.EltP, v uint, s, u int32) { - Tabj := &tabFixMult[v] - P := a.(*preTwistPointAffine) - for k := range Tabj { - P.cmov(&Tabj[k], uint(subtle.ConstantTimeEq(int32(k), u))) - } - P.cneg(int(s >> 31)) -} diff --git a/vendor/github.com/cloudflare/circl/internal/conv/conv.go b/vendor/github.com/cloudflare/circl/internal/conv/conv.go deleted file mode 100644 index 3fd0df496f..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/conv/conv.go +++ /dev/null @@ -1,173 +0,0 @@ -package conv - -import ( - "encoding/binary" - "fmt" - "math/big" - "strings" - - "golang.org/x/crypto/cryptobyte" -) - -// BytesLe2Hex returns an hexadecimal string of a number stored in a -// little-endian order slice x. -func BytesLe2Hex(x []byte) string { - b := &strings.Builder{} - b.Grow(2*len(x) + 2) - fmt.Fprint(b, "0x") - if len(x) == 0 { - fmt.Fprint(b, "00") - } - for i := len(x) - 1; i >= 0; i-- { - fmt.Fprintf(b, "%02x", x[i]) - } - return b.String() -} - -// BytesLe2BigInt converts a little-endian slice x into a big-endian -// math/big.Int. -func BytesLe2BigInt(x []byte) *big.Int { - n := len(x) - b := new(big.Int) - if len(x) > 0 { - y := make([]byte, n) - for i := 0; i < n; i++ { - y[n-1-i] = x[i] - } - b.SetBytes(y) - } - return b -} - -// BytesBe2Uint64Le converts a big-endian slice x to a little-endian slice of uint64. -func BytesBe2Uint64Le(x []byte) []uint64 { - l := len(x) - z := make([]uint64, (l+7)/8) - blocks := l / 8 - for i := 0; i < blocks; i++ { - z[i] = binary.BigEndian.Uint64(x[l-8*(i+1):]) - } - remBytes := l % 8 - for i := 0; i < remBytes; i++ { - z[blocks] |= uint64(x[l-1-8*blocks-i]) << uint(8*i) - } - return z -} - -// BigInt2BytesLe stores a positive big.Int number x into a little-endian slice z. -// The slice is modified if the bitlength of x <= 8*len(z) (padding with zeros). -// If x does not fit in the slice or is negative, z is not modified. -func BigInt2BytesLe(z []byte, x *big.Int) { - xLen := (x.BitLen() + 7) >> 3 - zLen := len(z) - if zLen >= xLen && x.Sign() >= 0 { - y := x.Bytes() - for i := 0; i < xLen; i++ { - z[i] = y[xLen-1-i] - } - for i := xLen; i < zLen; i++ { - z[i] = 0 - } - } -} - -// Uint64Le2BigInt converts a little-endian slice x into a big number. -func Uint64Le2BigInt(x []uint64) *big.Int { - n := len(x) - b := new(big.Int) - var bi big.Int - for i := n - 1; i >= 0; i-- { - bi.SetUint64(x[i]) - b.Lsh(b, 64) - b.Add(b, &bi) - } - return b -} - -// Uint64Le2BytesLe converts a little-endian slice x to a little-endian slice of bytes. -func Uint64Le2BytesLe(x []uint64) []byte { - b := make([]byte, 8*len(x)) - n := len(x) - for i := 0; i < n; i++ { - binary.LittleEndian.PutUint64(b[i*8:], x[i]) - } - return b -} - -// Uint64Le2BytesBe converts a little-endian slice x to a big-endian slice of bytes. -func Uint64Le2BytesBe(x []uint64) []byte { - b := make([]byte, 8*len(x)) - n := len(x) - for i := 0; i < n; i++ { - binary.BigEndian.PutUint64(b[i*8:], x[n-1-i]) - } - return b -} - -// Uint64Le2Hex returns an hexadecimal string of a number stored in a -// little-endian order slice x. -func Uint64Le2Hex(x []uint64) string { - b := new(strings.Builder) - b.Grow(16*len(x) + 2) - fmt.Fprint(b, "0x") - if len(x) == 0 { - fmt.Fprint(b, "00") - } - for i := len(x) - 1; i >= 0; i-- { - fmt.Fprintf(b, "%016x", x[i]) - } - return b.String() -} - -// BigInt2Uint64Le stores a positive big.Int number x into a little-endian slice z. -// The slice is modified if the bitlength of x <= 8*len(z) (padding with zeros). -// If x does not fit in the slice or is negative, z is not modified. -func BigInt2Uint64Le(z []uint64, x *big.Int) { - xLen := (x.BitLen() + 63) >> 6 // number of 64-bit words - zLen := len(z) - if zLen >= xLen && x.Sign() > 0 { - var y, yi big.Int - y.Set(x) - two64 := big.NewInt(1) - two64.Lsh(two64, 64).Sub(two64, big.NewInt(1)) - for i := 0; i < xLen; i++ { - yi.And(&y, two64) - z[i] = yi.Uint64() - y.Rsh(&y, 64) - } - } - for i := xLen; i < zLen; i++ { - z[i] = 0 - } -} - -// MarshalBinary encodes a value into a byte array in a format readable by UnmarshalBinary. -func MarshalBinary(v cryptobyte.MarshalingValue) ([]byte, error) { - const DefaultSize = 32 - b := cryptobyte.NewBuilder(make([]byte, 0, DefaultSize)) - b.AddValue(v) - return b.Bytes() -} - -// MarshalBinaryLen encodes a value into an array of n bytes in a format readable by UnmarshalBinary. -func MarshalBinaryLen(v cryptobyte.MarshalingValue, length uint) ([]byte, error) { - b := cryptobyte.NewFixedBuilder(make([]byte, 0, length)) - b.AddValue(v) - return b.Bytes() -} - -// A UnmarshalingValue decodes itself from a cryptobyte.String and advances the pointer. -// It reports whether the read was successful. -type UnmarshalingValue interface { - Unmarshal(*cryptobyte.String) bool -} - -// UnmarshalBinary recovers a value from a byte array. -// It returns an error if the read was unsuccessful. -func UnmarshalBinary(v UnmarshalingValue, data []byte) (err error) { - s := cryptobyte.String(data) - if data == nil || !v.Unmarshal(&s) || !s.Empty() { - err = fmt.Errorf("cannot read %T from input string", v) - } - return -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/doc.go b/vendor/github.com/cloudflare/circl/internal/sha3/doc.go deleted file mode 100644 index 7e02309070..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/doc.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package sha3 implements the SHA-3 fixed-output-length hash functions and -// the SHAKE variable-output-length hash functions defined by FIPS-202. -// -// Both types of hash function use the "sponge" construction and the Keccak -// permutation. For a detailed specification see http://keccak.noekeon.org/ -// -// # Guidance -// -// If you aren't sure what function you need, use SHAKE256 with at least 64 -// bytes of output. The SHAKE instances are faster than the SHA3 instances; -// the latter have to allocate memory to conform to the hash.Hash interface. -// -// If you need a secret-key MAC (message authentication code), prepend the -// secret key to the input, hash with SHAKE256 and read at least 32 bytes of -// output. -// -// # Security strengths -// -// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security -// strength against preimage attacks of x bits. Since they only produce "x" -// bits of output, their collision-resistance is only "x/2" bits. -// -// The SHAKE-256 and -128 functions have a generic security strength of 256 and -// 128 bits against all attacks, provided that at least 2x bits of their output -// is used. Requesting more than 64 or 32 bytes of output, respectively, does -// not increase the collision-resistance of the SHAKE functions. -// -// # The sponge construction -// -// A sponge builds a pseudo-random function from a public pseudo-random -// permutation, by applying the permutation to a state of "rate + capacity" -// bytes, but hiding "capacity" of the bytes. -// -// A sponge starts out with a zero state. To hash an input using a sponge, up -// to "rate" bytes of the input are XORed into the sponge's state. The sponge -// is then "full" and the permutation is applied to "empty" it. This process is -// repeated until all the input has been "absorbed". The input is then padded. -// The digest is "squeezed" from the sponge in the same way, except that output -// is copied out instead of input being XORed in. -// -// A sponge is parameterized by its generic security strength, which is equal -// to half its capacity; capacity + rate is equal to the permutation's width. -// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means -// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2. -// -// # Recommendations -// -// The SHAKE functions are recommended for most new uses. They can produce -// output of arbitrary length. SHAKE256, with an output length of at least -// 64 bytes, provides 256-bit security against all attacks. The Keccak team -// recommends it for most applications upgrading from SHA2-512. (NIST chose a -// much stronger, but much slower, sponge instance for SHA3-512.) -// -// The SHA-3 functions are "drop-in" replacements for the SHA-2 functions. -// They produce output of the same length, with the same security strengths -// against all attacks. This means, in particular, that SHA3-256 only has -// 128-bit collision resistance, because its output length is 32 bytes. -package sha3 diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/hashes.go b/vendor/github.com/cloudflare/circl/internal/sha3/hashes.go deleted file mode 100644 index 7d2365a76e..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/hashes.go +++ /dev/null @@ -1,69 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sha3 - -// This file provides functions for creating instances of the SHA-3 -// and SHAKE hash functions, as well as utility functions for hashing -// bytes. - -// New224 creates a new SHA3-224 hash. -// Its generic security strength is 224 bits against preimage attacks, -// and 112 bits against collision attacks. -func New224() State { - return State{rate: 144, outputLen: 28, dsbyte: 0x06} -} - -// New256 creates a new SHA3-256 hash. -// Its generic security strength is 256 bits against preimage attacks, -// and 128 bits against collision attacks. -func New256() State { - return State{rate: 136, outputLen: 32, dsbyte: 0x06} -} - -// New384 creates a new SHA3-384 hash. -// Its generic security strength is 384 bits against preimage attacks, -// and 192 bits against collision attacks. -func New384() State { - return State{rate: 104, outputLen: 48, dsbyte: 0x06} -} - -// New512 creates a new SHA3-512 hash. -// Its generic security strength is 512 bits against preimage attacks, -// and 256 bits against collision attacks. -func New512() State { - return State{rate: 72, outputLen: 64, dsbyte: 0x06} -} - -// Sum224 returns the SHA3-224 digest of the data. -func Sum224(data []byte) (digest [28]byte) { - h := New224() - _, _ = h.Write(data) - h.Sum(digest[:0]) - return -} - -// Sum256 returns the SHA3-256 digest of the data. -func Sum256(data []byte) (digest [32]byte) { - h := New256() - _, _ = h.Write(data) - h.Sum(digest[:0]) - return -} - -// Sum384 returns the SHA3-384 digest of the data. -func Sum384(data []byte) (digest [48]byte) { - h := New384() - _, _ = h.Write(data) - h.Sum(digest[:0]) - return -} - -// Sum512 returns the SHA3-512 digest of the data. -func Sum512(data []byte) (digest [64]byte) { - h := New512() - _, _ = h.Write(data) - h.Sum(digest[:0]) - return -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go deleted file mode 100644 index 1755fd1e6d..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go +++ /dev/null @@ -1,391 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sha3 - -// KeccakF1600 applies the Keccak permutation to a 1600b-wide -// state represented as a slice of 25 uint64s. -// If turbo is true, applies the 12-round variant instead of the -// regular 24-round variant. -// nolint:funlen -func KeccakF1600(a *[25]uint64, turbo bool) { - // Implementation translated from Keccak-inplace.c - // in the keccak reference code. - var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64 - - i := 0 - - if turbo { - i = 12 - } - - for ; i < 24; i += 4 { - // Combines the 5 steps in each round into 2 steps. - // Unrolls 4 rounds per loop and spreads some steps across rounds. - - // Round 1 - bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] - bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] - bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] - bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] - bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] - d0 = bc4 ^ (bc1<<1 | bc1>>63) - d1 = bc0 ^ (bc2<<1 | bc2>>63) - d2 = bc1 ^ (bc3<<1 | bc3>>63) - d3 = bc2 ^ (bc4<<1 | bc4>>63) - d4 = bc3 ^ (bc0<<1 | bc0>>63) - - bc0 = a[0] ^ d0 - t = a[6] ^ d1 - bc1 = t<<44 | t>>(64-44) - t = a[12] ^ d2 - bc2 = t<<43 | t>>(64-43) - t = a[18] ^ d3 - bc3 = t<<21 | t>>(64-21) - t = a[24] ^ d4 - bc4 = t<<14 | t>>(64-14) - a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i] - a[6] = bc1 ^ (bc3 &^ bc2) - a[12] = bc2 ^ (bc4 &^ bc3) - a[18] = bc3 ^ (bc0 &^ bc4) - a[24] = bc4 ^ (bc1 &^ bc0) - - t = a[10] ^ d0 - bc2 = t<<3 | t>>(64-3) - t = a[16] ^ d1 - bc3 = t<<45 | t>>(64-45) - t = a[22] ^ d2 - bc4 = t<<61 | t>>(64-61) - t = a[3] ^ d3 - bc0 = t<<28 | t>>(64-28) - t = a[9] ^ d4 - bc1 = t<<20 | t>>(64-20) - a[10] = bc0 ^ (bc2 &^ bc1) - a[16] = bc1 ^ (bc3 &^ bc2) - a[22] = bc2 ^ (bc4 &^ bc3) - a[3] = bc3 ^ (bc0 &^ bc4) - a[9] = bc4 ^ (bc1 &^ bc0) - - t = a[20] ^ d0 - bc4 = t<<18 | t>>(64-18) - t = a[1] ^ d1 - bc0 = t<<1 | t>>(64-1) - t = a[7] ^ d2 - bc1 = t<<6 | t>>(64-6) - t = a[13] ^ d3 - bc2 = t<<25 | t>>(64-25) - t = a[19] ^ d4 - bc3 = t<<8 | t>>(64-8) - a[20] = bc0 ^ (bc2 &^ bc1) - a[1] = bc1 ^ (bc3 &^ bc2) - a[7] = bc2 ^ (bc4 &^ bc3) - a[13] = bc3 ^ (bc0 &^ bc4) - a[19] = bc4 ^ (bc1 &^ bc0) - - t = a[5] ^ d0 - bc1 = t<<36 | t>>(64-36) - t = a[11] ^ d1 - bc2 = t<<10 | t>>(64-10) - t = a[17] ^ d2 - bc3 = t<<15 | t>>(64-15) - t = a[23] ^ d3 - bc4 = t<<56 | t>>(64-56) - t = a[4] ^ d4 - bc0 = t<<27 | t>>(64-27) - a[5] = bc0 ^ (bc2 &^ bc1) - a[11] = bc1 ^ (bc3 &^ bc2) - a[17] = bc2 ^ (bc4 &^ bc3) - a[23] = bc3 ^ (bc0 &^ bc4) - a[4] = bc4 ^ (bc1 &^ bc0) - - t = a[15] ^ d0 - bc3 = t<<41 | t>>(64-41) - t = a[21] ^ d1 - bc4 = t<<2 | t>>(64-2) - t = a[2] ^ d2 - bc0 = t<<62 | t>>(64-62) - t = a[8] ^ d3 - bc1 = t<<55 | t>>(64-55) - t = a[14] ^ d4 - bc2 = t<<39 | t>>(64-39) - a[15] = bc0 ^ (bc2 &^ bc1) - a[21] = bc1 ^ (bc3 &^ bc2) - a[2] = bc2 ^ (bc4 &^ bc3) - a[8] = bc3 ^ (bc0 &^ bc4) - a[14] = bc4 ^ (bc1 &^ bc0) - - // Round 2 - bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] - bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] - bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] - bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] - bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] - d0 = bc4 ^ (bc1<<1 | bc1>>63) - d1 = bc0 ^ (bc2<<1 | bc2>>63) - d2 = bc1 ^ (bc3<<1 | bc3>>63) - d3 = bc2 ^ (bc4<<1 | bc4>>63) - d4 = bc3 ^ (bc0<<1 | bc0>>63) - - bc0 = a[0] ^ d0 - t = a[16] ^ d1 - bc1 = t<<44 | t>>(64-44) - t = a[7] ^ d2 - bc2 = t<<43 | t>>(64-43) - t = a[23] ^ d3 - bc3 = t<<21 | t>>(64-21) - t = a[14] ^ d4 - bc4 = t<<14 | t>>(64-14) - a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i+1] - a[16] = bc1 ^ (bc3 &^ bc2) - a[7] = bc2 ^ (bc4 &^ bc3) - a[23] = bc3 ^ (bc0 &^ bc4) - a[14] = bc4 ^ (bc1 &^ bc0) - - t = a[20] ^ d0 - bc2 = t<<3 | t>>(64-3) - t = a[11] ^ d1 - bc3 = t<<45 | t>>(64-45) - t = a[2] ^ d2 - bc4 = t<<61 | t>>(64-61) - t = a[18] ^ d3 - bc0 = t<<28 | t>>(64-28) - t = a[9] ^ d4 - bc1 = t<<20 | t>>(64-20) - a[20] = bc0 ^ (bc2 &^ bc1) - a[11] = bc1 ^ (bc3 &^ bc2) - a[2] = bc2 ^ (bc4 &^ bc3) - a[18] = bc3 ^ (bc0 &^ bc4) - a[9] = bc4 ^ (bc1 &^ bc0) - - t = a[15] ^ d0 - bc4 = t<<18 | t>>(64-18) - t = a[6] ^ d1 - bc0 = t<<1 | t>>(64-1) - t = a[22] ^ d2 - bc1 = t<<6 | t>>(64-6) - t = a[13] ^ d3 - bc2 = t<<25 | t>>(64-25) - t = a[4] ^ d4 - bc3 = t<<8 | t>>(64-8) - a[15] = bc0 ^ (bc2 &^ bc1) - a[6] = bc1 ^ (bc3 &^ bc2) - a[22] = bc2 ^ (bc4 &^ bc3) - a[13] = bc3 ^ (bc0 &^ bc4) - a[4] = bc4 ^ (bc1 &^ bc0) - - t = a[10] ^ d0 - bc1 = t<<36 | t>>(64-36) - t = a[1] ^ d1 - bc2 = t<<10 | t>>(64-10) - t = a[17] ^ d2 - bc3 = t<<15 | t>>(64-15) - t = a[8] ^ d3 - bc4 = t<<56 | t>>(64-56) - t = a[24] ^ d4 - bc0 = t<<27 | t>>(64-27) - a[10] = bc0 ^ (bc2 &^ bc1) - a[1] = bc1 ^ (bc3 &^ bc2) - a[17] = bc2 ^ (bc4 &^ bc3) - a[8] = bc3 ^ (bc0 &^ bc4) - a[24] = bc4 ^ (bc1 &^ bc0) - - t = a[5] ^ d0 - bc3 = t<<41 | t>>(64-41) - t = a[21] ^ d1 - bc4 = t<<2 | t>>(64-2) - t = a[12] ^ d2 - bc0 = t<<62 | t>>(64-62) - t = a[3] ^ d3 - bc1 = t<<55 | t>>(64-55) - t = a[19] ^ d4 - bc2 = t<<39 | t>>(64-39) - a[5] = bc0 ^ (bc2 &^ bc1) - a[21] = bc1 ^ (bc3 &^ bc2) - a[12] = bc2 ^ (bc4 &^ bc3) - a[3] = bc3 ^ (bc0 &^ bc4) - a[19] = bc4 ^ (bc1 &^ bc0) - - // Round 3 - bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] - bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] - bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] - bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] - bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] - d0 = bc4 ^ (bc1<<1 | bc1>>63) - d1 = bc0 ^ (bc2<<1 | bc2>>63) - d2 = bc1 ^ (bc3<<1 | bc3>>63) - d3 = bc2 ^ (bc4<<1 | bc4>>63) - d4 = bc3 ^ (bc0<<1 | bc0>>63) - - bc0 = a[0] ^ d0 - t = a[11] ^ d1 - bc1 = t<<44 | t>>(64-44) - t = a[22] ^ d2 - bc2 = t<<43 | t>>(64-43) - t = a[8] ^ d3 - bc3 = t<<21 | t>>(64-21) - t = a[19] ^ d4 - bc4 = t<<14 | t>>(64-14) - a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i+2] - a[11] = bc1 ^ (bc3 &^ bc2) - a[22] = bc2 ^ (bc4 &^ bc3) - a[8] = bc3 ^ (bc0 &^ bc4) - a[19] = bc4 ^ (bc1 &^ bc0) - - t = a[15] ^ d0 - bc2 = t<<3 | t>>(64-3) - t = a[1] ^ d1 - bc3 = t<<45 | t>>(64-45) - t = a[12] ^ d2 - bc4 = t<<61 | t>>(64-61) - t = a[23] ^ d3 - bc0 = t<<28 | t>>(64-28) - t = a[9] ^ d4 - bc1 = t<<20 | t>>(64-20) - a[15] = bc0 ^ (bc2 &^ bc1) - a[1] = bc1 ^ (bc3 &^ bc2) - a[12] = bc2 ^ (bc4 &^ bc3) - a[23] = bc3 ^ (bc0 &^ bc4) - a[9] = bc4 ^ (bc1 &^ bc0) - - t = a[5] ^ d0 - bc4 = t<<18 | t>>(64-18) - t = a[16] ^ d1 - bc0 = t<<1 | t>>(64-1) - t = a[2] ^ d2 - bc1 = t<<6 | t>>(64-6) - t = a[13] ^ d3 - bc2 = t<<25 | t>>(64-25) - t = a[24] ^ d4 - bc3 = t<<8 | t>>(64-8) - a[5] = bc0 ^ (bc2 &^ bc1) - a[16] = bc1 ^ (bc3 &^ bc2) - a[2] = bc2 ^ (bc4 &^ bc3) - a[13] = bc3 ^ (bc0 &^ bc4) - a[24] = bc4 ^ (bc1 &^ bc0) - - t = a[20] ^ d0 - bc1 = t<<36 | t>>(64-36) - t = a[6] ^ d1 - bc2 = t<<10 | t>>(64-10) - t = a[17] ^ d2 - bc3 = t<<15 | t>>(64-15) - t = a[3] ^ d3 - bc4 = t<<56 | t>>(64-56) - t = a[14] ^ d4 - bc0 = t<<27 | t>>(64-27) - a[20] = bc0 ^ (bc2 &^ bc1) - a[6] = bc1 ^ (bc3 &^ bc2) - a[17] = bc2 ^ (bc4 &^ bc3) - a[3] = bc3 ^ (bc0 &^ bc4) - a[14] = bc4 ^ (bc1 &^ bc0) - - t = a[10] ^ d0 - bc3 = t<<41 | t>>(64-41) - t = a[21] ^ d1 - bc4 = t<<2 | t>>(64-2) - t = a[7] ^ d2 - bc0 = t<<62 | t>>(64-62) - t = a[18] ^ d3 - bc1 = t<<55 | t>>(64-55) - t = a[4] ^ d4 - bc2 = t<<39 | t>>(64-39) - a[10] = bc0 ^ (bc2 &^ bc1) - a[21] = bc1 ^ (bc3 &^ bc2) - a[7] = bc2 ^ (bc4 &^ bc3) - a[18] = bc3 ^ (bc0 &^ bc4) - a[4] = bc4 ^ (bc1 &^ bc0) - - // Round 4 - bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20] - bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21] - bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22] - bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23] - bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24] - d0 = bc4 ^ (bc1<<1 | bc1>>63) - d1 = bc0 ^ (bc2<<1 | bc2>>63) - d2 = bc1 ^ (bc3<<1 | bc3>>63) - d3 = bc2 ^ (bc4<<1 | bc4>>63) - d4 = bc3 ^ (bc0<<1 | bc0>>63) - - bc0 = a[0] ^ d0 - t = a[1] ^ d1 - bc1 = t<<44 | t>>(64-44) - t = a[2] ^ d2 - bc2 = t<<43 | t>>(64-43) - t = a[3] ^ d3 - bc3 = t<<21 | t>>(64-21) - t = a[4] ^ d4 - bc4 = t<<14 | t>>(64-14) - a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i+3] - a[1] = bc1 ^ (bc3 &^ bc2) - a[2] = bc2 ^ (bc4 &^ bc3) - a[3] = bc3 ^ (bc0 &^ bc4) - a[4] = bc4 ^ (bc1 &^ bc0) - - t = a[5] ^ d0 - bc2 = t<<3 | t>>(64-3) - t = a[6] ^ d1 - bc3 = t<<45 | t>>(64-45) - t = a[7] ^ d2 - bc4 = t<<61 | t>>(64-61) - t = a[8] ^ d3 - bc0 = t<<28 | t>>(64-28) - t = a[9] ^ d4 - bc1 = t<<20 | t>>(64-20) - a[5] = bc0 ^ (bc2 &^ bc1) - a[6] = bc1 ^ (bc3 &^ bc2) - a[7] = bc2 ^ (bc4 &^ bc3) - a[8] = bc3 ^ (bc0 &^ bc4) - a[9] = bc4 ^ (bc1 &^ bc0) - - t = a[10] ^ d0 - bc4 = t<<18 | t>>(64-18) - t = a[11] ^ d1 - bc0 = t<<1 | t>>(64-1) - t = a[12] ^ d2 - bc1 = t<<6 | t>>(64-6) - t = a[13] ^ d3 - bc2 = t<<25 | t>>(64-25) - t = a[14] ^ d4 - bc3 = t<<8 | t>>(64-8) - a[10] = bc0 ^ (bc2 &^ bc1) - a[11] = bc1 ^ (bc3 &^ bc2) - a[12] = bc2 ^ (bc4 &^ bc3) - a[13] = bc3 ^ (bc0 &^ bc4) - a[14] = bc4 ^ (bc1 &^ bc0) - - t = a[15] ^ d0 - bc1 = t<<36 | t>>(64-36) - t = a[16] ^ d1 - bc2 = t<<10 | t>>(64-10) - t = a[17] ^ d2 - bc3 = t<<15 | t>>(64-15) - t = a[18] ^ d3 - bc4 = t<<56 | t>>(64-56) - t = a[19] ^ d4 - bc0 = t<<27 | t>>(64-27) - a[15] = bc0 ^ (bc2 &^ bc1) - a[16] = bc1 ^ (bc3 &^ bc2) - a[17] = bc2 ^ (bc4 &^ bc3) - a[18] = bc3 ^ (bc0 &^ bc4) - a[19] = bc4 ^ (bc1 &^ bc0) - - t = a[20] ^ d0 - bc3 = t<<41 | t>>(64-41) - t = a[21] ^ d1 - bc4 = t<<2 | t>>(64-2) - t = a[22] ^ d2 - bc0 = t<<62 | t>>(64-62) - t = a[23] ^ d3 - bc1 = t<<55 | t>>(64-55) - t = a[24] ^ d4 - bc2 = t<<39 | t>>(64-39) - a[20] = bc0 ^ (bc2 &^ bc1) - a[21] = bc1 ^ (bc3 &^ bc2) - a[22] = bc2 ^ (bc4 &^ bc3) - a[23] = bc3 ^ (bc0 &^ bc4) - a[24] = bc4 ^ (bc1 &^ bc0) - } -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/rc.go b/vendor/github.com/cloudflare/circl/internal/sha3/rc.go deleted file mode 100644 index 6a3df42f30..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/rc.go +++ /dev/null @@ -1,29 +0,0 @@ -package sha3 - -// RC stores the round constants for use in the ι step. -var RC = [24]uint64{ - 0x0000000000000001, - 0x0000000000008082, - 0x800000000000808A, - 0x8000000080008000, - 0x000000000000808B, - 0x0000000080000001, - 0x8000000080008081, - 0x8000000000008009, - 0x000000000000008A, - 0x0000000000000088, - 0x0000000080008009, - 0x000000008000000A, - 0x000000008000808B, - 0x800000000000008B, - 0x8000000000008089, - 0x8000000000008003, - 0x8000000000008002, - 0x8000000000000080, - 0x000000000000800A, - 0x800000008000000A, - 0x8000000080008081, - 0x8000000000008080, - 0x0000000080000001, - 0x8000000080008008, -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go deleted file mode 100644 index a0df5aa6c5..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go +++ /dev/null @@ -1,200 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sha3 - -// spongeDirection indicates the direction bytes are flowing through the sponge. -type spongeDirection int - -const ( - // spongeAbsorbing indicates that the sponge is absorbing input. - spongeAbsorbing spongeDirection = iota - // spongeSqueezing indicates that the sponge is being squeezed. - spongeSqueezing -) - -const ( - // maxRate is the maximum size of the internal buffer. SHAKE-256 - // currently needs the largest buffer. - maxRate = 168 -) - -func (d *State) buf() []byte { - return d.storage.asBytes()[d.bufo:d.bufe] -} - -type State struct { - // Generic sponge components. - a [25]uint64 // main state of the hash - rate int // the number of bytes of state to use - - bufo int // offset of buffer in storage - bufe int // end of buffer in storage - - // dsbyte contains the "domain separation" bits and the first bit of - // the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the - // SHA-3 and SHAKE functions by appending bitstrings to the message. - // Using a little-endian bit-ordering convention, these are "01" for SHA-3 - // and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the - // padding rule from section 5.1 is applied to pad the message to a multiple - // of the rate, which involves adding a "1" bit, zero or more "0" bits, and - // a final "1" bit. We merge the first "1" bit from the padding into dsbyte, - // giving 00000110b (0x06) and 00011111b (0x1f). - // [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf - // "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and - // Extendable-Output Functions (May 2014)" - dsbyte byte - - storage storageBuf - - // Specific to SHA-3 and SHAKE. - outputLen int // the default output size in bytes - state spongeDirection // whether the sponge is absorbing or squeezing - turbo bool // Whether we're using 12 rounds instead of 24 -} - -// BlockSize returns the rate of sponge underlying this hash function. -func (d *State) BlockSize() int { return d.rate } - -// Size returns the output size of the hash function in bytes. -func (d *State) Size() int { return d.outputLen } - -// Reset clears the internal state by zeroing the sponge state and -// the byte buffer, and setting Sponge.state to absorbing. -func (d *State) Reset() { - // Zero the permutation's state. - for i := range d.a { - d.a[i] = 0 - } - d.state = spongeAbsorbing - d.bufo = 0 - d.bufe = 0 -} - -func (d *State) clone() *State { - ret := *d - return &ret -} - -// permute applies the KeccakF-1600 permutation. It handles -// any input-output buffering. -func (d *State) permute() { - switch d.state { - case spongeAbsorbing: - // If we're absorbing, we need to xor the input into the state - // before applying the permutation. - xorIn(d, d.buf()) - d.bufe = 0 - d.bufo = 0 - KeccakF1600(&d.a, d.turbo) - case spongeSqueezing: - // If we're squeezing, we need to apply the permutation before - // copying more output. - KeccakF1600(&d.a, d.turbo) - d.bufe = d.rate - d.bufo = 0 - copyOut(d, d.buf()) - } -} - -// pads appends the domain separation bits in dsbyte, applies -// the multi-bitrate 10..1 padding rule, and permutes the state. -func (d *State) padAndPermute(dsbyte byte) { - // Pad with this instance's domain-separator bits. We know that there's - // at least one byte of space in d.buf() because, if it were full, - // permute would have been called to empty it. dsbyte also contains the - // first one bit for the padding. See the comment in the state struct. - zerosStart := d.bufe + 1 - d.bufe = d.rate - buf := d.buf() - buf[zerosStart-1] = dsbyte - for i := zerosStart; i < d.rate; i++ { - buf[i] = 0 - } - // This adds the final one bit for the padding. Because of the way that - // bits are numbered from the LSB upwards, the final bit is the MSB of - // the last byte. - buf[d.rate-1] ^= 0x80 - // Apply the permutation - d.permute() - d.state = spongeSqueezing - d.bufe = d.rate - copyOut(d, buf) -} - -// Write absorbs more data into the hash's state. It produces an error -// if more data is written to the ShakeHash after writing -func (d *State) Write(p []byte) (written int, err error) { - if d.state != spongeAbsorbing { - panic("sha3: write to sponge after read") - } - written = len(p) - - for len(p) > 0 { - bufl := d.bufe - d.bufo - if bufl == 0 && len(p) >= d.rate { - // The fast path; absorb a full "rate" bytes of input and apply the permutation. - xorIn(d, p[:d.rate]) - p = p[d.rate:] - KeccakF1600(&d.a, d.turbo) - } else { - // The slow path; buffer the input until we can fill the sponge, and then xor it in. - todo := d.rate - bufl - if todo > len(p) { - todo = len(p) - } - d.bufe += todo - buf := d.buf() - copy(buf[bufl:], p[:todo]) - p = p[todo:] - - // If the sponge is full, apply the permutation. - if d.bufe == d.rate { - d.permute() - } - } - } - - return written, nil -} - -// Read squeezes an arbitrary number of bytes from the sponge. -func (d *State) Read(out []byte) (n int, err error) { - // If we're still absorbing, pad and apply the permutation. - if d.state == spongeAbsorbing { - d.padAndPermute(d.dsbyte) - } - - n = len(out) - - // Now, do the squeezing. - for len(out) > 0 { - buf := d.buf() - n := copy(out, buf) - d.bufo += n - out = out[n:] - - // Apply the permutation if we've squeezed the sponge dry. - if d.bufo == d.bufe { - d.permute() - } - } - - return -} - -// Sum applies padding to the hash state and then squeezes out the desired -// number of output bytes. -func (d *State) Sum(in []byte) []byte { - // Make a copy of the original hash so that caller can keep writing - // and summing. - dup := d.clone() - hash := make([]byte, dup.outputLen) - _, _ = dup.Read(hash) - return append(in, hash...) -} - -func (d *State) IsAbsorbing() bool { - return d.state == spongeAbsorbing -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s b/vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s deleted file mode 100644 index 8a4458f63f..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !gccgo,!appengine - -#include "textflag.h" - -// func kimd(function code, chain *[200]byte, src []byte) -TEXT ·kimd(SB), NOFRAME|NOSPLIT, $0-40 - MOVD function+0(FP), R0 - MOVD chain+8(FP), R1 - LMG src+16(FP), R2, R3 // R2=base, R3=len - -continue: - WORD $0xB93E0002 // KIMD --, R2 - BVS continue // continue if interrupted - MOVD $0, R0 // reset R0 for pre-go1.8 compilers - RET - -// func klmd(function code, chain *[200]byte, dst, src []byte) -TEXT ·klmd(SB), NOFRAME|NOSPLIT, $0-64 - // TODO: SHAKE support - MOVD function+0(FP), R0 - MOVD chain+8(FP), R1 - LMG dst+16(FP), R2, R3 // R2=base, R3=len - LMG src+40(FP), R4, R5 // R4=base, R5=len - -continue: - WORD $0xB93F0024 // KLMD R2, R4 - BVS continue // continue if interrupted - MOVD $0, R0 // reset R0 for pre-go1.8 compilers - RET diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go deleted file mode 100644 index 77817f758c..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go +++ /dev/null @@ -1,119 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package sha3 - -// This file defines the ShakeHash interface, and provides -// functions for creating SHAKE and cSHAKE instances, as well as utility -// functions for hashing bytes to arbitrary-length output. -// -// -// SHAKE implementation is based on FIPS PUB 202 [1] -// cSHAKE implementations is based on NIST SP 800-185 [2] -// -// [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf -// [2] https://doi.org/10.6028/NIST.SP.800-185 - -import ( - "io" -) - -// ShakeHash defines the interface to hash functions that -// support arbitrary-length output. -type ShakeHash interface { - // Write absorbs more data into the hash's state. It panics if input is - // written to it after output has been read from it. - io.Writer - - // Read reads more output from the hash; reading affects the hash's - // state. (ShakeHash.Read is thus very different from Hash.Sum) - // It never returns an error. - io.Reader - - // Clone returns a copy of the ShakeHash in its current state. - Clone() ShakeHash - - // Reset resets the ShakeHash to its initial state. - Reset() -} - -// Consts for configuring initial SHA-3 state -const ( - dsbyteShake = 0x1f - rate128 = 168 - rate256 = 136 -) - -// Clone returns copy of SHAKE context within its current state. -func (d *State) Clone() ShakeHash { - return d.clone() -} - -// NewShake128 creates a new SHAKE128 variable-output-length ShakeHash. -// Its generic security strength is 128 bits against all attacks if at -// least 32 bytes of its output are used. -func NewShake128() State { - return State{rate: rate128, dsbyte: dsbyteShake} -} - -// NewTurboShake128 creates a new TurboSHAKE128 variable-output-length ShakeHash. -// Its generic security strength is 128 bits against all attacks if at -// least 32 bytes of its output are used. -// D is the domain separation byte and must be between 0x01 and 0x7f inclusive. -func NewTurboShake128(D byte) State { - if D == 0 || D > 0x7f { - panic("turboshake: D out of range") - } - return State{rate: rate128, dsbyte: D, turbo: true} -} - -// NewShake256 creates a new SHAKE256 variable-output-length ShakeHash. -// Its generic security strength is 256 bits against all attacks if -// at least 64 bytes of its output are used. -func NewShake256() State { - return State{rate: rate256, dsbyte: dsbyteShake} -} - -// NewTurboShake256 creates a new TurboSHAKE256 variable-output-length ShakeHash. -// Its generic security strength is 256 bits against all attacks if -// at least 64 bytes of its output are used. -// D is the domain separation byte and must be between 0x01 and 0x7f inclusive. -func NewTurboShake256(D byte) State { - if D == 0 || D > 0x7f { - panic("turboshake: D out of range") - } - return State{rate: rate256, dsbyte: D, turbo: true} -} - -// ShakeSum128 writes an arbitrary-length digest of data into hash. -func ShakeSum128(hash, data []byte) { - h := NewShake128() - _, _ = h.Write(data) - _, _ = h.Read(hash) -} - -// ShakeSum256 writes an arbitrary-length digest of data into hash. -func ShakeSum256(hash, data []byte) { - h := NewShake256() - _, _ = h.Write(data) - _, _ = h.Read(hash) -} - -// TurboShakeSum128 writes an arbitrary-length digest of data into hash. -func TurboShakeSum128(hash, data []byte, D byte) { - h := NewTurboShake128(D) - _, _ = h.Write(data) - _, _ = h.Read(hash) -} - -// TurboShakeSum256 writes an arbitrary-length digest of data into hash. -func TurboShakeSum256(hash, data []byte, D byte) { - h := NewTurboShake256(D) - _, _ = h.Write(data) - _, _ = h.Read(hash) -} - -func (d *State) SwitchDS(D byte) { - d.dsbyte = D -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor.go deleted file mode 100644 index 1e21337454..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/xor.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (!amd64 && !386 && !ppc64le) || appengine -// +build !amd64,!386,!ppc64le appengine - -package sha3 - -// A storageBuf is an aligned array of maxRate bytes. -type storageBuf [maxRate]byte - -func (b *storageBuf) asBytes() *[maxRate]byte { - return (*[maxRate]byte)(b) -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go deleted file mode 100644 index 2b0c661790..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (!amd64 || appengine) && (!386 || appengine) && (!ppc64le || appengine) -// +build !amd64 appengine -// +build !386 appengine -// +build !ppc64le appengine - -package sha3 - -import "encoding/binary" - -// xorIn xors the bytes in buf into the state; it -// makes no non-portable assumptions about memory layout -// or alignment. -func xorIn(d *State, buf []byte) { - n := len(buf) / 8 - - for i := 0; i < n; i++ { - a := binary.LittleEndian.Uint64(buf) - d.a[i] ^= a - buf = buf[8:] - } -} - -// copyOut copies ulint64s to a byte buffer. -func copyOut(d *State, b []byte) { - for i := 0; len(b) >= 8; i++ { - binary.LittleEndian.PutUint64(b, d.a[i]) - b = b[8:] - } -} diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go deleted file mode 100644 index 052fc8d32d..0000000000 --- a/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go +++ /dev/null @@ -1,61 +0,0 @@ -// Copyright 2015 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (amd64 || 386 || ppc64le) && !appengine -// +build amd64 386 ppc64le -// +build !appengine - -package sha3 - -import "unsafe" - -// A storageBuf is an aligned array of maxRate bytes. -type storageBuf [maxRate / 8]uint64 - -func (b *storageBuf) asBytes() *[maxRate]byte { - return (*[maxRate]byte)(unsafe.Pointer(b)) -} - -// xorInuses unaligned reads and writes to update d.a to contain d.a -// XOR buf. -func xorIn(d *State, buf []byte) { - n := len(buf) - bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8] - if n >= 72 { - d.a[0] ^= bw[0] - d.a[1] ^= bw[1] - d.a[2] ^= bw[2] - d.a[3] ^= bw[3] - d.a[4] ^= bw[4] - d.a[5] ^= bw[5] - d.a[6] ^= bw[6] - d.a[7] ^= bw[7] - d.a[8] ^= bw[8] - } - if n >= 104 { - d.a[9] ^= bw[9] - d.a[10] ^= bw[10] - d.a[11] ^= bw[11] - d.a[12] ^= bw[12] - } - if n >= 136 { - d.a[13] ^= bw[13] - d.a[14] ^= bw[14] - d.a[15] ^= bw[15] - d.a[16] ^= bw[16] - } - if n >= 144 { - d.a[17] ^= bw[17] - } - if n >= 168 { - d.a[18] ^= bw[18] - d.a[19] ^= bw[19] - d.a[20] ^= bw[20] - } -} - -func copyOut(d *State, buf []byte) { - ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0])) - copy(buf, ab[:]) -} diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp.go deleted file mode 100644 index 57a50ff5e9..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp25519/fp.go +++ /dev/null @@ -1,205 +0,0 @@ -// Package fp25519 provides prime field arithmetic over GF(2^255-19). -package fp25519 - -import ( - "errors" - - "github.com/cloudflare/circl/internal/conv" -) - -// Size in bytes of an element. -const Size = 32 - -// Elt is a prime field element. -type Elt [Size]byte - -func (e Elt) String() string { return conv.BytesLe2Hex(e[:]) } - -// p is the prime modulus 2^255-19. -var p = Elt{ - 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, -} - -// P returns the prime modulus 2^255-19. -func P() Elt { return p } - -// ToBytes stores in b the little-endian byte representation of x. -func ToBytes(b []byte, x *Elt) error { - if len(b) != Size { - return errors.New("wrong size") - } - Modp(x) - copy(b, x[:]) - return nil -} - -// IsZero returns true if x is equal to 0. -func IsZero(x *Elt) bool { Modp(x); return *x == Elt{} } - -// SetOne assigns x=1. -func SetOne(x *Elt) { *x = Elt{}; x[0] = 1 } - -// Neg calculates z = -x. -func Neg(z, x *Elt) { Sub(z, &p, x) } - -// InvSqrt calculates z = sqrt(x/y) iff x/y is a quadratic-residue, which is -// indicated by returning isQR = true. Otherwise, when x/y is a quadratic -// non-residue, z will have an undetermined value and isQR = false. -func InvSqrt(z, x, y *Elt) (isQR bool) { - sqrtMinusOne := &Elt{ - 0xb0, 0xa0, 0x0e, 0x4a, 0x27, 0x1b, 0xee, 0xc4, - 0x78, 0xe4, 0x2f, 0xad, 0x06, 0x18, 0x43, 0x2f, - 0xa7, 0xd7, 0xfb, 0x3d, 0x99, 0x00, 0x4d, 0x2b, - 0x0b, 0xdf, 0xc1, 0x4f, 0x80, 0x24, 0x83, 0x2b, - } - t0, t1, t2, t3 := &Elt{}, &Elt{}, &Elt{}, &Elt{} - - Mul(t0, x, y) // t0 = u*v - Sqr(t1, y) // t1 = v^2 - Mul(t2, t0, t1) // t2 = u*v^3 - Sqr(t0, t1) // t0 = v^4 - Mul(t1, t0, t2) // t1 = u*v^7 - - var Tab [4]*Elt - Tab[0] = &Elt{} - Tab[1] = &Elt{} - Tab[2] = t3 - Tab[3] = t1 - - *Tab[0] = *t1 - Sqr(Tab[0], Tab[0]) - Sqr(Tab[1], Tab[0]) - Sqr(Tab[1], Tab[1]) - Mul(Tab[1], Tab[1], Tab[3]) - Mul(Tab[0], Tab[0], Tab[1]) - Sqr(Tab[0], Tab[0]) - Mul(Tab[0], Tab[0], Tab[1]) - Sqr(Tab[1], Tab[0]) - for i := 0; i < 4; i++ { - Sqr(Tab[1], Tab[1]) - } - Mul(Tab[1], Tab[1], Tab[0]) - Sqr(Tab[2], Tab[1]) - for i := 0; i < 4; i++ { - Sqr(Tab[2], Tab[2]) - } - Mul(Tab[2], Tab[2], Tab[0]) - Sqr(Tab[1], Tab[2]) - for i := 0; i < 14; i++ { - Sqr(Tab[1], Tab[1]) - } - Mul(Tab[1], Tab[1], Tab[2]) - Sqr(Tab[2], Tab[1]) - for i := 0; i < 29; i++ { - Sqr(Tab[2], Tab[2]) - } - Mul(Tab[2], Tab[2], Tab[1]) - Sqr(Tab[1], Tab[2]) - for i := 0; i < 59; i++ { - Sqr(Tab[1], Tab[1]) - } - Mul(Tab[1], Tab[1], Tab[2]) - for i := 0; i < 5; i++ { - Sqr(Tab[1], Tab[1]) - } - Mul(Tab[1], Tab[1], Tab[0]) - Sqr(Tab[2], Tab[1]) - for i := 0; i < 124; i++ { - Sqr(Tab[2], Tab[2]) - } - Mul(Tab[2], Tab[2], Tab[1]) - Sqr(Tab[2], Tab[2]) - Sqr(Tab[2], Tab[2]) - Mul(Tab[2], Tab[2], Tab[3]) - - Mul(z, t3, t2) // z = xy^(p+3)/8 = xy^3*(xy^7)^(p-5)/8 - // Checking whether y z^2 == x - Sqr(t0, z) // t0 = z^2 - Mul(t0, t0, y) // t0 = yz^2 - Sub(t1, t0, x) // t1 = t0-u - Add(t2, t0, x) // t2 = t0+u - if IsZero(t1) { - return true - } else if IsZero(t2) { - Mul(z, z, sqrtMinusOne) // z = z*sqrt(-1) - return true - } else { - return false - } -} - -// Inv calculates z = 1/x mod p. -func Inv(z, x *Elt) { - x0, x1, x2 := &Elt{}, &Elt{}, &Elt{} - Sqr(x1, x) - Sqr(x0, x1) - Sqr(x0, x0) - Mul(x0, x0, x) - Mul(z, x0, x1) - Sqr(x1, z) - Mul(x0, x0, x1) - Sqr(x1, x0) - for i := 0; i < 4; i++ { - Sqr(x1, x1) - } - Mul(x0, x0, x1) - Sqr(x1, x0) - for i := 0; i < 9; i++ { - Sqr(x1, x1) - } - Mul(x1, x1, x0) - Sqr(x2, x1) - for i := 0; i < 19; i++ { - Sqr(x2, x2) - } - Mul(x2, x2, x1) - for i := 0; i < 10; i++ { - Sqr(x2, x2) - } - Mul(x2, x2, x0) - Sqr(x0, x2) - for i := 0; i < 49; i++ { - Sqr(x0, x0) - } - Mul(x0, x0, x2) - Sqr(x1, x0) - for i := 0; i < 99; i++ { - Sqr(x1, x1) - } - Mul(x1, x1, x0) - for i := 0; i < 50; i++ { - Sqr(x1, x1) - } - Mul(x1, x1, x2) - for i := 0; i < 5; i++ { - Sqr(x1, x1) - } - Mul(z, z, x1) -} - -// Cmov assigns y to x if n is 1. -func Cmov(x, y *Elt, n uint) { cmov(x, y, n) } - -// Cswap interchanges x and y if n is 1. -func Cswap(x, y *Elt, n uint) { cswap(x, y, n) } - -// Add calculates z = x+y mod p. -func Add(z, x, y *Elt) { add(z, x, y) } - -// Sub calculates z = x-y mod p. -func Sub(z, x, y *Elt) { sub(z, x, y) } - -// AddSub calculates (x,y) = (x+y mod p, x-y mod p). -func AddSub(x, y *Elt) { addsub(x, y) } - -// Mul calculates z = x*y mod p. -func Mul(z, x, y *Elt) { mul(z, x, y) } - -// Sqr calculates z = x^2 mod p. -func Sqr(z, x *Elt) { sqr(z, x) } - -// Modp ensures that z is between [0,p-1]. -func Modp(z *Elt) { modp(z) } diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go deleted file mode 100644 index 057f0d2803..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go +++ /dev/null @@ -1,45 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -package fp25519 - -import ( - "golang.org/x/sys/cpu" -) - -var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX - -var _ = hasBmi2Adx - -func cmov(x, y *Elt, n uint) { cmovAmd64(x, y, n) } -func cswap(x, y *Elt, n uint) { cswapAmd64(x, y, n) } -func add(z, x, y *Elt) { addAmd64(z, x, y) } -func sub(z, x, y *Elt) { subAmd64(z, x, y) } -func addsub(x, y *Elt) { addsubAmd64(x, y) } -func mul(z, x, y *Elt) { mulAmd64(z, x, y) } -func sqr(z, x *Elt) { sqrAmd64(z, x) } -func modp(z *Elt) { modpAmd64(z) } - -//go:noescape -func cmovAmd64(x, y *Elt, n uint) - -//go:noescape -func cswapAmd64(x, y *Elt, n uint) - -//go:noescape -func addAmd64(z, x, y *Elt) - -//go:noescape -func subAmd64(z, x, y *Elt) - -//go:noescape -func addsubAmd64(x, y *Elt) - -//go:noescape -func mulAmd64(z, x, y *Elt) - -//go:noescape -func sqrAmd64(z, x *Elt) - -//go:noescape -func modpAmd64(z *Elt) diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h deleted file mode 100644 index b884b584ab..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h +++ /dev/null @@ -1,351 +0,0 @@ -// This code was imported from https://github.com/armfazh/rfc7748_precomputed - -// CHECK_BMI2ADX triggers bmi2adx if supported, -// otherwise it fallbacks to legacy code. -#define CHECK_BMI2ADX(label, legacy, bmi2adx) \ - CMPB ·hasBmi2Adx(SB), $0 \ - JE label \ - bmi2adx \ - RET \ - label: \ - legacy \ - RET - -// cselect is a conditional move -// if b=1: it copies y into x; -// if b=0: x remains with the same value; -// if b<> 0,1: undefined. -// Uses: AX, DX, FLAGS -// Instr: x86_64, cmov -#define cselect(x,y,b) \ - TESTQ b, b \ - MOVQ 0+x, AX; MOVQ 0+y, DX; CMOVQNE DX, AX; MOVQ AX, 0+x; \ - MOVQ 8+x, AX; MOVQ 8+y, DX; CMOVQNE DX, AX; MOVQ AX, 8+x; \ - MOVQ 16+x, AX; MOVQ 16+y, DX; CMOVQNE DX, AX; MOVQ AX, 16+x; \ - MOVQ 24+x, AX; MOVQ 24+y, DX; CMOVQNE DX, AX; MOVQ AX, 24+x; - -// cswap is a conditional swap -// if b=1: x,y <- y,x; -// if b=0: x,y remain with the same values; -// if b<> 0,1: undefined. -// Uses: AX, DX, R8, FLAGS -// Instr: x86_64, cmov -#define cswap(x,y,b) \ - TESTQ b, b \ - MOVQ 0+x, AX; MOVQ AX, R8; MOVQ 0+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 0+x; MOVQ DX, 0+y; \ - MOVQ 8+x, AX; MOVQ AX, R8; MOVQ 8+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 8+x; MOVQ DX, 8+y; \ - MOVQ 16+x, AX; MOVQ AX, R8; MOVQ 16+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 16+x; MOVQ DX, 16+y; \ - MOVQ 24+x, AX; MOVQ AX, R8; MOVQ 24+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 24+x; MOVQ DX, 24+y; - -// additionLeg adds x and y and stores in z -// Uses: AX, DX, R8-R11, FLAGS -// Instr: x86_64, cmov -#define additionLeg(z,x,y) \ - MOVL $38, AX; \ - MOVL $0, DX; \ - MOVQ 0+x, R8; ADDQ 0+y, R8; \ - MOVQ 8+x, R9; ADCQ 8+y, R9; \ - MOVQ 16+x, R10; ADCQ 16+y, R10; \ - MOVQ 24+x, R11; ADCQ 24+y, R11; \ - CMOVQCS AX, DX; \ - ADDQ DX, R8; \ - ADCQ $0, R9; MOVQ R9, 8+z; \ - ADCQ $0, R10; MOVQ R10, 16+z; \ - ADCQ $0, R11; MOVQ R11, 24+z; \ - MOVL $0, DX; \ - CMOVQCS AX, DX; \ - ADDQ DX, R8; MOVQ R8, 0+z; - -// additionAdx adds x and y and stores in z -// Uses: AX, DX, R8-R11, FLAGS -// Instr: x86_64, cmov, adx -#define additionAdx(z,x,y) \ - MOVL $38, AX; \ - XORL DX, DX; \ - MOVQ 0+x, R8; ADCXQ 0+y, R8; \ - MOVQ 8+x, R9; ADCXQ 8+y, R9; \ - MOVQ 16+x, R10; ADCXQ 16+y, R10; \ - MOVQ 24+x, R11; ADCXQ 24+y, R11; \ - CMOVQCS AX, DX ; \ - XORL AX, AX; \ - ADCXQ DX, R8; \ - ADCXQ AX, R9; MOVQ R9, 8+z; \ - ADCXQ AX, R10; MOVQ R10, 16+z; \ - ADCXQ AX, R11; MOVQ R11, 24+z; \ - MOVL $38, DX; \ - CMOVQCS DX, AX; \ - ADDQ AX, R8; MOVQ R8, 0+z; - -// subtraction subtracts y from x and stores in z -// Uses: AX, DX, R8-R11, FLAGS -// Instr: x86_64, cmov -#define subtraction(z,x,y) \ - MOVL $38, AX; \ - MOVQ 0+x, R8; SUBQ 0+y, R8; \ - MOVQ 8+x, R9; SBBQ 8+y, R9; \ - MOVQ 16+x, R10; SBBQ 16+y, R10; \ - MOVQ 24+x, R11; SBBQ 24+y, R11; \ - MOVL $0, DX; \ - CMOVQCS AX, DX; \ - SUBQ DX, R8; \ - SBBQ $0, R9; MOVQ R9, 8+z; \ - SBBQ $0, R10; MOVQ R10, 16+z; \ - SBBQ $0, R11; MOVQ R11, 24+z; \ - MOVL $0, DX; \ - CMOVQCS AX, DX; \ - SUBQ DX, R8; MOVQ R8, 0+z; - -// integerMulAdx multiplies x and y and stores in z -// Uses: AX, DX, R8-R15, FLAGS -// Instr: x86_64, bmi2, adx -#define integerMulAdx(z,x,y) \ - MOVL $0,R15; \ - MOVQ 0+y, DX; XORL AX, AX; \ - MULXQ 0+x, AX, R8; MOVQ AX, 0+z; \ - MULXQ 8+x, AX, R9; ADCXQ AX, R8; \ - MULXQ 16+x, AX, R10; ADCXQ AX, R9; \ - MULXQ 24+x, AX, R11; ADCXQ AX, R10; \ - MOVL $0, AX;;;;;;;;; ADCXQ AX, R11; \ - MOVQ 8+y, DX; XORL AX, AX; \ - MULXQ 0+x, AX, R12; ADCXQ R8, AX; MOVQ AX, 8+z; \ - MULXQ 8+x, AX, R13; ADCXQ R9, R12; ADOXQ AX, R12; \ - MULXQ 16+x, AX, R14; ADCXQ R10, R13; ADOXQ AX, R13; \ - MULXQ 24+x, AX, R15; ADCXQ R11, R14; ADOXQ AX, R14; \ - MOVL $0, AX;;;;;;;;; ADCXQ AX, R15; ADOXQ AX, R15; \ - MOVQ 16+y, DX; XORL AX, AX; \ - MULXQ 0+x, AX, R8; ADCXQ R12, AX; MOVQ AX, 16+z; \ - MULXQ 8+x, AX, R9; ADCXQ R13, R8; ADOXQ AX, R8; \ - MULXQ 16+x, AX, R10; ADCXQ R14, R9; ADOXQ AX, R9; \ - MULXQ 24+x, AX, R11; ADCXQ R15, R10; ADOXQ AX, R10; \ - MOVL $0, AX;;;;;;;;; ADCXQ AX, R11; ADOXQ AX, R11; \ - MOVQ 24+y, DX; XORL AX, AX; \ - MULXQ 0+x, AX, R12; ADCXQ R8, AX; MOVQ AX, 24+z; \ - MULXQ 8+x, AX, R13; ADCXQ R9, R12; ADOXQ AX, R12; MOVQ R12, 32+z; \ - MULXQ 16+x, AX, R14; ADCXQ R10, R13; ADOXQ AX, R13; MOVQ R13, 40+z; \ - MULXQ 24+x, AX, R15; ADCXQ R11, R14; ADOXQ AX, R14; MOVQ R14, 48+z; \ - MOVL $0, AX;;;;;;;;; ADCXQ AX, R15; ADOXQ AX, R15; MOVQ R15, 56+z; - -// integerMulLeg multiplies x and y and stores in z -// Uses: AX, DX, R8-R15, FLAGS -// Instr: x86_64 -#define integerMulLeg(z,x,y) \ - MOVQ 0+y, R8; \ - MOVQ 0+x, AX; MULQ R8; MOVQ AX, 0+z; MOVQ DX, R15; \ - MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \ - MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \ - MOVQ 24+x, AX; MULQ R8; \ - ADDQ R13, R15; \ - ADCQ R14, R10; MOVQ R10, 16+z; \ - ADCQ AX, R11; MOVQ R11, 24+z; \ - ADCQ $0, DX; MOVQ DX, 32+z; \ - MOVQ 8+y, R8; \ - MOVQ 0+x, AX; MULQ R8; MOVQ AX, R12; MOVQ DX, R9; \ - MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \ - MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \ - MOVQ 24+x, AX; MULQ R8; \ - ADDQ R12, R15; MOVQ R15, 8+z; \ - ADCQ R13, R9; \ - ADCQ R14, R10; \ - ADCQ AX, R11; \ - ADCQ $0, DX; \ - ADCQ 16+z, R9; MOVQ R9, R15; \ - ADCQ 24+z, R10; MOVQ R10, 24+z; \ - ADCQ 32+z, R11; MOVQ R11, 32+z; \ - ADCQ $0, DX; MOVQ DX, 40+z; \ - MOVQ 16+y, R8; \ - MOVQ 0+x, AX; MULQ R8; MOVQ AX, R12; MOVQ DX, R9; \ - MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \ - MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \ - MOVQ 24+x, AX; MULQ R8; \ - ADDQ R12, R15; MOVQ R15, 16+z; \ - ADCQ R13, R9; \ - ADCQ R14, R10; \ - ADCQ AX, R11; \ - ADCQ $0, DX; \ - ADCQ 24+z, R9; MOVQ R9, R15; \ - ADCQ 32+z, R10; MOVQ R10, 32+z; \ - ADCQ 40+z, R11; MOVQ R11, 40+z; \ - ADCQ $0, DX; MOVQ DX, 48+z; \ - MOVQ 24+y, R8; \ - MOVQ 0+x, AX; MULQ R8; MOVQ AX, R12; MOVQ DX, R9; \ - MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \ - MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \ - MOVQ 24+x, AX; MULQ R8; \ - ADDQ R12, R15; MOVQ R15, 24+z; \ - ADCQ R13, R9; \ - ADCQ R14, R10; \ - ADCQ AX, R11; \ - ADCQ $0, DX; \ - ADCQ 32+z, R9; MOVQ R9, 32+z; \ - ADCQ 40+z, R10; MOVQ R10, 40+z; \ - ADCQ 48+z, R11; MOVQ R11, 48+z; \ - ADCQ $0, DX; MOVQ DX, 56+z; - -// integerSqrLeg squares x and stores in z -// Uses: AX, CX, DX, R8-R15, FLAGS -// Instr: x86_64 -#define integerSqrLeg(z,x) \ - MOVQ 0+x, R8; \ - MOVQ 8+x, AX; MULQ R8; MOVQ AX, R9; MOVQ DX, R10; /* A[0]*A[1] */ \ - MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; /* A[0]*A[2] */ \ - MOVQ 24+x, AX; MULQ R8; MOVQ AX, R15; MOVQ DX, R12; /* A[0]*A[3] */ \ - MOVQ 24+x, R8; \ - MOVQ 8+x, AX; MULQ R8; MOVQ AX, CX; MOVQ DX, R13; /* A[3]*A[1] */ \ - MOVQ 16+x, AX; MULQ R8; /* A[3]*A[2] */ \ - \ - ADDQ R14, R10;\ - ADCQ R15, R11; MOVL $0, R15;\ - ADCQ CX, R12;\ - ADCQ AX, R13;\ - ADCQ $0, DX; MOVQ DX, R14;\ - MOVQ 8+x, AX; MULQ 16+x;\ - \ - ADDQ AX, R11;\ - ADCQ DX, R12;\ - ADCQ $0, R13;\ - ADCQ $0, R14;\ - ADCQ $0, R15;\ - \ - SHLQ $1, R14, R15; MOVQ R15, 56+z;\ - SHLQ $1, R13, R14; MOVQ R14, 48+z;\ - SHLQ $1, R12, R13; MOVQ R13, 40+z;\ - SHLQ $1, R11, R12; MOVQ R12, 32+z;\ - SHLQ $1, R10, R11; MOVQ R11, 24+z;\ - SHLQ $1, R9, R10; MOVQ R10, 16+z;\ - SHLQ $1, R9; MOVQ R9, 8+z;\ - \ - MOVQ 0+x,AX; MULQ AX; MOVQ AX, 0+z; MOVQ DX, R9;\ - MOVQ 8+x,AX; MULQ AX; MOVQ AX, R10; MOVQ DX, R11;\ - MOVQ 16+x,AX; MULQ AX; MOVQ AX, R12; MOVQ DX, R13;\ - MOVQ 24+x,AX; MULQ AX; MOVQ AX, R14; MOVQ DX, R15;\ - \ - ADDQ 8+z, R9; MOVQ R9, 8+z;\ - ADCQ 16+z, R10; MOVQ R10, 16+z;\ - ADCQ 24+z, R11; MOVQ R11, 24+z;\ - ADCQ 32+z, R12; MOVQ R12, 32+z;\ - ADCQ 40+z, R13; MOVQ R13, 40+z;\ - ADCQ 48+z, R14; MOVQ R14, 48+z;\ - ADCQ 56+z, R15; MOVQ R15, 56+z; - -// integerSqrAdx squares x and stores in z -// Uses: AX, CX, DX, R8-R15, FLAGS -// Instr: x86_64, bmi2, adx -#define integerSqrAdx(z,x) \ - MOVQ 0+x, DX; /* A[0] */ \ - MULXQ 8+x, R8, R14; /* A[1]*A[0] */ XORL R15, R15; \ - MULXQ 16+x, R9, R10; /* A[2]*A[0] */ ADCXQ R14, R9; \ - MULXQ 24+x, AX, CX; /* A[3]*A[0] */ ADCXQ AX, R10; \ - MOVQ 24+x, DX; /* A[3] */ \ - MULXQ 8+x, R11, R12; /* A[1]*A[3] */ ADCXQ CX, R11; \ - MULXQ 16+x, AX, R13; /* A[2]*A[3] */ ADCXQ AX, R12; \ - MOVQ 8+x, DX; /* A[1] */ ADCXQ R15, R13; \ - MULXQ 16+x, AX, CX; /* A[2]*A[1] */ MOVL $0, R14; \ - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADCXQ R15, R14; \ - XORL R15, R15; \ - ADOXQ AX, R10; ADCXQ R8, R8; \ - ADOXQ CX, R11; ADCXQ R9, R9; \ - ADOXQ R15, R12; ADCXQ R10, R10; \ - ADOXQ R15, R13; ADCXQ R11, R11; \ - ADOXQ R15, R14; ADCXQ R12, R12; \ - ;;;;;;;;;;;;;;; ADCXQ R13, R13; \ - ;;;;;;;;;;;;;;; ADCXQ R14, R14; \ - MOVQ 0+x, DX; MULXQ DX, AX, CX; /* A[0]^2 */ \ - ;;;;;;;;;;;;;;; MOVQ AX, 0+z; \ - ADDQ CX, R8; MOVQ R8, 8+z; \ - MOVQ 8+x, DX; MULXQ DX, AX, CX; /* A[1]^2 */ \ - ADCQ AX, R9; MOVQ R9, 16+z; \ - ADCQ CX, R10; MOVQ R10, 24+z; \ - MOVQ 16+x, DX; MULXQ DX, AX, CX; /* A[2]^2 */ \ - ADCQ AX, R11; MOVQ R11, 32+z; \ - ADCQ CX, R12; MOVQ R12, 40+z; \ - MOVQ 24+x, DX; MULXQ DX, AX, CX; /* A[3]^2 */ \ - ADCQ AX, R13; MOVQ R13, 48+z; \ - ADCQ CX, R14; MOVQ R14, 56+z; - -// reduceFromDouble finds z congruent to x modulo p such that 0> 63) - // PUT BIT 255 IN CARRY FLAG AND CLEAR - x3 &^= 1 << 63 - - x0, c0 := bits.Add64(x0, cx, 0) - x1, c1 := bits.Add64(x1, 0, c0) - x2, c2 := bits.Add64(x2, 0, c1) - x3, _ = bits.Add64(x3, 0, c2) - - // TEST FOR BIT 255 AGAIN; ONLY TRIGGERED ON OVERFLOW MODULO 2^255-19 - // cx = C[255] ? 0 : 19 - cx = uint64(19) &^ (-(x3 >> 63)) - // CLEAR BIT 255 - x3 &^= 1 << 63 - - x0, c0 = bits.Sub64(x0, cx, 0) - x1, c1 = bits.Sub64(x1, 0, c0) - x2, c2 = bits.Sub64(x2, 0, c1) - x3, _ = bits.Sub64(x3, 0, c2) - - binary.LittleEndian.PutUint64(x[0*8:1*8], x0) - binary.LittleEndian.PutUint64(x[1*8:2*8], x1) - binary.LittleEndian.PutUint64(x[2*8:3*8], x2) - binary.LittleEndian.PutUint64(x[3*8:4*8], x3) -} - -func red64(z *Elt, x0, x1, x2, x3, x4, x5, x6, x7 uint64) { - h0, l0 := bits.Mul64(x4, 38) - h1, l1 := bits.Mul64(x5, 38) - h2, l2 := bits.Mul64(x6, 38) - h3, l3 := bits.Mul64(x7, 38) - - l1, c0 := bits.Add64(h0, l1, 0) - l2, c1 := bits.Add64(h1, l2, c0) - l3, c2 := bits.Add64(h2, l3, c1) - l4, _ := bits.Add64(h3, 0, c2) - - l0, c0 = bits.Add64(l0, x0, 0) - l1, c1 = bits.Add64(l1, x1, c0) - l2, c2 = bits.Add64(l2, x2, c1) - l3, c3 := bits.Add64(l3, x3, c2) - l4, _ = bits.Add64(l4, 0, c3) - - _, l4 = bits.Mul64(l4, 38) - l0, c0 = bits.Add64(l0, l4, 0) - z1, c1 := bits.Add64(l1, 0, c0) - z2, c2 := bits.Add64(l2, 0, c1) - z3, c3 := bits.Add64(l3, 0, c2) - z0, _ := bits.Add64(l0, (-c3)&38, 0) - - binary.LittleEndian.PutUint64(z[0*8:1*8], z0) - binary.LittleEndian.PutUint64(z[1*8:2*8], z1) - binary.LittleEndian.PutUint64(z[2*8:3*8], z2) - binary.LittleEndian.PutUint64(z[3*8:4*8], z3) -} diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go deleted file mode 100644 index 26ca4d01b7..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go +++ /dev/null @@ -1,13 +0,0 @@ -//go:build !amd64 || purego -// +build !amd64 purego - -package fp25519 - -func cmov(x, y *Elt, n uint) { cmovGeneric(x, y, n) } -func cswap(x, y *Elt, n uint) { cswapGeneric(x, y, n) } -func add(z, x, y *Elt) { addGeneric(z, x, y) } -func sub(z, x, y *Elt) { subGeneric(z, x, y) } -func addsub(x, y *Elt) { addsubGeneric(x, y) } -func mul(z, x, y *Elt) { mulGeneric(z, x, y) } -func sqr(z, x *Elt) { sqrGeneric(z, x) } -func modp(z *Elt) { modpGeneric(z) } diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp.go b/vendor/github.com/cloudflare/circl/math/fp448/fp.go deleted file mode 100644 index a5e36600bb..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fp.go +++ /dev/null @@ -1,164 +0,0 @@ -// Package fp448 provides prime field arithmetic over GF(2^448-2^224-1). -package fp448 - -import ( - "errors" - - "github.com/cloudflare/circl/internal/conv" -) - -// Size in bytes of an element. -const Size = 56 - -// Elt is a prime field element. -type Elt [Size]byte - -func (e Elt) String() string { return conv.BytesLe2Hex(e[:]) } - -// p is the prime modulus 2^448-2^224-1. -var p = Elt{ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, -} - -// P returns the prime modulus 2^448-2^224-1. -func P() Elt { return p } - -// ToBytes stores in b the little-endian byte representation of x. -func ToBytes(b []byte, x *Elt) error { - if len(b) != Size { - return errors.New("wrong size") - } - Modp(x) - copy(b, x[:]) - return nil -} - -// IsZero returns true if x is equal to 0. -func IsZero(x *Elt) bool { Modp(x); return *x == Elt{} } - -// IsOne returns true if x is equal to 1. -func IsOne(x *Elt) bool { Modp(x); return *x == Elt{1} } - -// SetOne assigns x=1. -func SetOne(x *Elt) { *x = Elt{1} } - -// One returns the 1 element. -func One() (x Elt) { x = Elt{1}; return } - -// Neg calculates z = -x. -func Neg(z, x *Elt) { Sub(z, &p, x) } - -// Modp ensures that z is between [0,p-1]. -func Modp(z *Elt) { Sub(z, z, &p) } - -// InvSqrt calculates z = sqrt(x/y) iff x/y is a quadratic-residue. If so, -// isQR = true; otherwise, isQR = false, since x/y is a quadratic non-residue, -// and z = sqrt(-x/y). -func InvSqrt(z, x, y *Elt) (isQR bool) { - // First note that x^(2(k+1)) = x^(p-1)/2 * x = legendre(x) * x - // so that's x if x is a quadratic residue and -x otherwise. - // Next, y^(6k+3) = y^(4k+2) * y^(2k+1) = y^(p-1) * y^((p-1)/2) = legendre(y). - // So the z we compute satisfies z^2 y = x^(2(k+1)) y^(6k+3) = legendre(x)*legendre(y). - // Thus if x and y are quadratic residues, then z is indeed sqrt(x/y). - t0, t1 := &Elt{}, &Elt{} - Mul(t0, x, y) // x*y - Sqr(t1, y) // y^2 - Mul(t1, t0, t1) // x*y^3 - powPminus3div4(z, t1) // (x*y^3)^k - Mul(z, z, t0) // z = x*y*(x*y^3)^k = x^(k+1) * y^(3k+1) - - // Check if x/y is a quadratic residue - Sqr(t0, z) // z^2 - Mul(t0, t0, y) // y*z^2 - Sub(t0, t0, x) // y*z^2-x - return IsZero(t0) -} - -// Inv calculates z = 1/x mod p. -func Inv(z, x *Elt) { - // Calculates z = x^(4k+1) = x^(p-3+1) = x^(p-2) = x^-1, where k = (p-3)/4. - t := &Elt{} - powPminus3div4(t, x) // t = x^k - Sqr(t, t) // t = x^2k - Sqr(t, t) // t = x^4k - Mul(z, t, x) // z = x^(4k+1) -} - -// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4. -func powPminus3div4(z, x *Elt) { - x0, x1 := &Elt{}, &Elt{} - Sqr(z, x) - Mul(z, z, x) - Sqr(x0, z) - Mul(x0, x0, x) - Sqr(z, x0) - Sqr(z, z) - Sqr(z, z) - Mul(z, z, x0) - Sqr(x1, z) - for i := 0; i < 5; i++ { - Sqr(x1, x1) - } - Mul(x1, x1, z) - Sqr(z, x1) - for i := 0; i < 11; i++ { - Sqr(z, z) - } - Mul(z, z, x1) - Sqr(z, z) - Sqr(z, z) - Sqr(z, z) - Mul(z, z, x0) - Sqr(x1, z) - for i := 0; i < 26; i++ { - Sqr(x1, x1) - } - Mul(x1, x1, z) - Sqr(z, x1) - for i := 0; i < 53; i++ { - Sqr(z, z) - } - Mul(z, z, x1) - Sqr(z, z) - Sqr(z, z) - Sqr(z, z) - Mul(z, z, x0) - Sqr(x1, z) - for i := 0; i < 110; i++ { - Sqr(x1, x1) - } - Mul(x1, x1, z) - Sqr(z, x1) - Mul(z, z, x) - for i := 0; i < 223; i++ { - Sqr(z, z) - } - Mul(z, z, x1) -} - -// Cmov assigns y to x if n is 1. -func Cmov(x, y *Elt, n uint) { cmov(x, y, n) } - -// Cswap interchanges x and y if n is 1. -func Cswap(x, y *Elt, n uint) { cswap(x, y, n) } - -// Add calculates z = x+y mod p. -func Add(z, x, y *Elt) { add(z, x, y) } - -// Sub calculates z = x-y mod p. -func Sub(z, x, y *Elt) { sub(z, x, y) } - -// AddSub calculates (x,y) = (x+y mod p, x-y mod p). -func AddSub(x, y *Elt) { addsub(x, y) } - -// Mul calculates z = x*y mod p. -func Mul(z, x, y *Elt) { mul(z, x, y) } - -// Sqr calculates z = x^2 mod p. -func Sqr(z, x *Elt) { sqr(z, x) } diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go deleted file mode 100644 index 6a12209a70..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go +++ /dev/null @@ -1,43 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -package fp448 - -import ( - "golang.org/x/sys/cpu" -) - -var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX - -var _ = hasBmi2Adx - -func cmov(x, y *Elt, n uint) { cmovAmd64(x, y, n) } -func cswap(x, y *Elt, n uint) { cswapAmd64(x, y, n) } -func add(z, x, y *Elt) { addAmd64(z, x, y) } -func sub(z, x, y *Elt) { subAmd64(z, x, y) } -func addsub(x, y *Elt) { addsubAmd64(x, y) } -func mul(z, x, y *Elt) { mulAmd64(z, x, y) } -func sqr(z, x *Elt) { sqrAmd64(z, x) } - -/* Functions defined in fp_amd64.s */ - -//go:noescape -func cmovAmd64(x, y *Elt, n uint) - -//go:noescape -func cswapAmd64(x, y *Elt, n uint) - -//go:noescape -func addAmd64(z, x, y *Elt) - -//go:noescape -func subAmd64(z, x, y *Elt) - -//go:noescape -func addsubAmd64(x, y *Elt) - -//go:noescape -func mulAmd64(z, x, y *Elt) - -//go:noescape -func sqrAmd64(z, x *Elt) diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h deleted file mode 100644 index 536fe5bdfe..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h +++ /dev/null @@ -1,591 +0,0 @@ -// This code was imported from https://github.com/armfazh/rfc7748_precomputed - -// CHECK_BMI2ADX triggers bmi2adx if supported, -// otherwise it fallbacks to legacy code. -#define CHECK_BMI2ADX(label, legacy, bmi2adx) \ - CMPB ·hasBmi2Adx(SB), $0 \ - JE label \ - bmi2adx \ - RET \ - label: \ - legacy \ - RET - -// cselect is a conditional move -// if b=1: it copies y into x; -// if b=0: x remains with the same value; -// if b<> 0,1: undefined. -// Uses: AX, DX, FLAGS -// Instr: x86_64, cmov -#define cselect(x,y,b) \ - TESTQ b, b \ - MOVQ 0+x, AX; MOVQ 0+y, DX; CMOVQNE DX, AX; MOVQ AX, 0+x; \ - MOVQ 8+x, AX; MOVQ 8+y, DX; CMOVQNE DX, AX; MOVQ AX, 8+x; \ - MOVQ 16+x, AX; MOVQ 16+y, DX; CMOVQNE DX, AX; MOVQ AX, 16+x; \ - MOVQ 24+x, AX; MOVQ 24+y, DX; CMOVQNE DX, AX; MOVQ AX, 24+x; \ - MOVQ 32+x, AX; MOVQ 32+y, DX; CMOVQNE DX, AX; MOVQ AX, 32+x; \ - MOVQ 40+x, AX; MOVQ 40+y, DX; CMOVQNE DX, AX; MOVQ AX, 40+x; \ - MOVQ 48+x, AX; MOVQ 48+y, DX; CMOVQNE DX, AX; MOVQ AX, 48+x; - -// cswap is a conditional swap -// if b=1: x,y <- y,x; -// if b=0: x,y remain with the same values; -// if b<> 0,1: undefined. -// Uses: AX, DX, R8, FLAGS -// Instr: x86_64, cmov -#define cswap(x,y,b) \ - TESTQ b, b \ - MOVQ 0+x, AX; MOVQ AX, R8; MOVQ 0+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 0+x; MOVQ DX, 0+y; \ - MOVQ 8+x, AX; MOVQ AX, R8; MOVQ 8+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 8+x; MOVQ DX, 8+y; \ - MOVQ 16+x, AX; MOVQ AX, R8; MOVQ 16+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 16+x; MOVQ DX, 16+y; \ - MOVQ 24+x, AX; MOVQ AX, R8; MOVQ 24+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 24+x; MOVQ DX, 24+y; \ - MOVQ 32+x, AX; MOVQ AX, R8; MOVQ 32+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 32+x; MOVQ DX, 32+y; \ - MOVQ 40+x, AX; MOVQ AX, R8; MOVQ 40+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 40+x; MOVQ DX, 40+y; \ - MOVQ 48+x, AX; MOVQ AX, R8; MOVQ 48+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 48+x; MOVQ DX, 48+y; - -// additionLeg adds x and y and stores in z -// Uses: AX, DX, R8-R14, FLAGS -// Instr: x86_64 -#define additionLeg(z,x,y) \ - MOVQ 0+x, R8; ADDQ 0+y, R8; \ - MOVQ 8+x, R9; ADCQ 8+y, R9; \ - MOVQ 16+x, R10; ADCQ 16+y, R10; \ - MOVQ 24+x, R11; ADCQ 24+y, R11; \ - MOVQ 32+x, R12; ADCQ 32+y, R12; \ - MOVQ 40+x, R13; ADCQ 40+y, R13; \ - MOVQ 48+x, R14; ADCQ 48+y, R14; \ - MOVQ $0, AX; ADCQ $0, AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - ADDQ AX, R8; MOVQ $0, AX; \ - ADCQ $0, R9; \ - ADCQ $0, R10; \ - ADCQ DX, R11; \ - ADCQ $0, R12; \ - ADCQ $0, R13; \ - ADCQ $0, R14; \ - ADCQ $0, AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - ADDQ AX, R8; MOVQ R8, 0+z; \ - ADCQ $0, R9; MOVQ R9, 8+z; \ - ADCQ $0, R10; MOVQ R10, 16+z; \ - ADCQ DX, R11; MOVQ R11, 24+z; \ - ADCQ $0, R12; MOVQ R12, 32+z; \ - ADCQ $0, R13; MOVQ R13, 40+z; \ - ADCQ $0, R14; MOVQ R14, 48+z; - - -// additionAdx adds x and y and stores in z -// Uses: AX, DX, R8-R15, FLAGS -// Instr: x86_64, adx -#define additionAdx(z,x,y) \ - MOVL $32, R15; \ - XORL DX, DX; \ - MOVQ 0+x, R8; ADCXQ 0+y, R8; \ - MOVQ 8+x, R9; ADCXQ 8+y, R9; \ - MOVQ 16+x, R10; ADCXQ 16+y, R10; \ - MOVQ 24+x, R11; ADCXQ 24+y, R11; \ - MOVQ 32+x, R12; ADCXQ 32+y, R12; \ - MOVQ 40+x, R13; ADCXQ 40+y, R13; \ - MOVQ 48+x, R14; ADCXQ 48+y, R14; \ - ;;;;;;;;;;;;;;; ADCXQ DX, DX; \ - XORL AX, AX; \ - ADCXQ DX, R8; SHLXQ R15, DX, DX; \ - ADCXQ AX, R9; \ - ADCXQ AX, R10; \ - ADCXQ DX, R11; \ - ADCXQ AX, R12; \ - ADCXQ AX, R13; \ - ADCXQ AX, R14; \ - ADCXQ AX, AX; \ - XORL DX, DX; \ - ADCXQ AX, R8; MOVQ R8, 0+z; SHLXQ R15, AX, AX; \ - ADCXQ DX, R9; MOVQ R9, 8+z; \ - ADCXQ DX, R10; MOVQ R10, 16+z; \ - ADCXQ AX, R11; MOVQ R11, 24+z; \ - ADCXQ DX, R12; MOVQ R12, 32+z; \ - ADCXQ DX, R13; MOVQ R13, 40+z; \ - ADCXQ DX, R14; MOVQ R14, 48+z; - -// subtraction subtracts y from x and stores in z -// Uses: AX, DX, R8-R14, FLAGS -// Instr: x86_64 -#define subtraction(z,x,y) \ - MOVQ 0+x, R8; SUBQ 0+y, R8; \ - MOVQ 8+x, R9; SBBQ 8+y, R9; \ - MOVQ 16+x, R10; SBBQ 16+y, R10; \ - MOVQ 24+x, R11; SBBQ 24+y, R11; \ - MOVQ 32+x, R12; SBBQ 32+y, R12; \ - MOVQ 40+x, R13; SBBQ 40+y, R13; \ - MOVQ 48+x, R14; SBBQ 48+y, R14; \ - MOVQ $0, AX; SETCS AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - SUBQ AX, R8; MOVQ $0, AX; \ - SBBQ $0, R9; \ - SBBQ $0, R10; \ - SBBQ DX, R11; \ - SBBQ $0, R12; \ - SBBQ $0, R13; \ - SBBQ $0, R14; \ - SETCS AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - SUBQ AX, R8; MOVQ R8, 0+z; \ - SBBQ $0, R9; MOVQ R9, 8+z; \ - SBBQ $0, R10; MOVQ R10, 16+z; \ - SBBQ DX, R11; MOVQ R11, 24+z; \ - SBBQ $0, R12; MOVQ R12, 32+z; \ - SBBQ $0, R13; MOVQ R13, 40+z; \ - SBBQ $0, R14; MOVQ R14, 48+z; - -// maddBmi2Adx multiplies x and y and accumulates in z -// Uses: AX, DX, R15, FLAGS -// Instr: x86_64, bmi2, adx -#define maddBmi2Adx(z,x,y,i,r0,r1,r2,r3,r4,r5,r6) \ - MOVQ i+y, DX; XORL AX, AX; \ - MULXQ 0+x, AX, R8; ADOXQ AX, r0; ADCXQ R8, r1; MOVQ r0,i+z; \ - MULXQ 8+x, AX, r0; ADOXQ AX, r1; ADCXQ r0, r2; MOVQ $0, R8; \ - MULXQ 16+x, AX, r0; ADOXQ AX, r2; ADCXQ r0, r3; \ - MULXQ 24+x, AX, r0; ADOXQ AX, r3; ADCXQ r0, r4; \ - MULXQ 32+x, AX, r0; ADOXQ AX, r4; ADCXQ r0, r5; \ - MULXQ 40+x, AX, r0; ADOXQ AX, r5; ADCXQ r0, r6; \ - MULXQ 48+x, AX, r0; ADOXQ AX, r6; ADCXQ R8, r0; \ - ;;;;;;;;;;;;;;;;;;; ADOXQ R8, r0; - -// integerMulAdx multiplies x and y and stores in z -// Uses: AX, DX, R8-R15, FLAGS -// Instr: x86_64, bmi2, adx -#define integerMulAdx(z,x,y) \ - MOVL $0,R15; \ - MOVQ 0+y, DX; XORL AX, AX; MOVQ $0, R8; \ - MULXQ 0+x, AX, R9; MOVQ AX, 0+z; \ - MULXQ 8+x, AX, R10; ADCXQ AX, R9; \ - MULXQ 16+x, AX, R11; ADCXQ AX, R10; \ - MULXQ 24+x, AX, R12; ADCXQ AX, R11; \ - MULXQ 32+x, AX, R13; ADCXQ AX, R12; \ - MULXQ 40+x, AX, R14; ADCXQ AX, R13; \ - MULXQ 48+x, AX, R15; ADCXQ AX, R14; \ - ;;;;;;;;;;;;;;;;;;;; ADCXQ R8, R15; \ - maddBmi2Adx(z,x,y, 8, R9,R10,R11,R12,R13,R14,R15) \ - maddBmi2Adx(z,x,y,16,R10,R11,R12,R13,R14,R15, R9) \ - maddBmi2Adx(z,x,y,24,R11,R12,R13,R14,R15, R9,R10) \ - maddBmi2Adx(z,x,y,32,R12,R13,R14,R15, R9,R10,R11) \ - maddBmi2Adx(z,x,y,40,R13,R14,R15, R9,R10,R11,R12) \ - maddBmi2Adx(z,x,y,48,R14,R15, R9,R10,R11,R12,R13) \ - MOVQ R15, 56+z; \ - MOVQ R9, 64+z; \ - MOVQ R10, 72+z; \ - MOVQ R11, 80+z; \ - MOVQ R12, 88+z; \ - MOVQ R13, 96+z; \ - MOVQ R14, 104+z; - -// maddLegacy multiplies x and y and accumulates in z -// Uses: AX, DX, R15, FLAGS -// Instr: x86_64 -#define maddLegacy(z,x,y,i) \ - MOVQ i+y, R15; \ - MOVQ 0+x, AX; MULQ R15; MOVQ AX, R8; ;;;;;;;;;;;; MOVQ DX, R9; \ - MOVQ 8+x, AX; MULQ R15; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; \ - MOVQ 16+x, AX; MULQ R15; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; \ - MOVQ 24+x, AX; MULQ R15; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; \ - MOVQ 32+x, AX; MULQ R15; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; \ - MOVQ 40+x, AX; MULQ R15; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX, R14; \ - MOVQ 48+x, AX; MULQ R15; ADDQ AX, R14; ADCQ $0, DX; \ - ADDQ 0+i+z, R8; MOVQ R8, 0+i+z; \ - ADCQ 8+i+z, R9; MOVQ R9, 8+i+z; \ - ADCQ 16+i+z, R10; MOVQ R10, 16+i+z; \ - ADCQ 24+i+z, R11; MOVQ R11, 24+i+z; \ - ADCQ 32+i+z, R12; MOVQ R12, 32+i+z; \ - ADCQ 40+i+z, R13; MOVQ R13, 40+i+z; \ - ADCQ 48+i+z, R14; MOVQ R14, 48+i+z; \ - ADCQ $0, DX; MOVQ DX, 56+i+z; - -// integerMulLeg multiplies x and y and stores in z -// Uses: AX, DX, R8-R15, FLAGS -// Instr: x86_64 -#define integerMulLeg(z,x,y) \ - MOVQ 0+y, R15; \ - MOVQ 0+x, AX; MULQ R15; MOVQ AX, 0+z; ;;;;;;;;;;;; MOVQ DX, R8; \ - MOVQ 8+x, AX; MULQ R15; ADDQ AX, R8; ADCQ $0, DX; MOVQ DX, R9; MOVQ R8, 8+z; \ - MOVQ 16+x, AX; MULQ R15; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; MOVQ R9, 16+z; \ - MOVQ 24+x, AX; MULQ R15; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; MOVQ R10, 24+z; \ - MOVQ 32+x, AX; MULQ R15; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; MOVQ R11, 32+z; \ - MOVQ 40+x, AX; MULQ R15; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; MOVQ R12, 40+z; \ - MOVQ 48+x, AX; MULQ R15; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX,56+z; MOVQ R13, 48+z; \ - maddLegacy(z,x,y, 8) \ - maddLegacy(z,x,y,16) \ - maddLegacy(z,x,y,24) \ - maddLegacy(z,x,y,32) \ - maddLegacy(z,x,y,40) \ - maddLegacy(z,x,y,48) - -// integerSqrLeg squares x and stores in z -// Uses: AX, CX, DX, R8-R15, FLAGS -// Instr: x86_64 -#define integerSqrLeg(z,x) \ - XORL R15, R15; \ - MOVQ 0+x, CX; \ - MOVQ CX, AX; MULQ CX; MOVQ AX, 0+z; MOVQ DX, R8; \ - ADDQ CX, CX; ADCQ $0, R15; \ - MOVQ 8+x, AX; MULQ CX; ADDQ AX, R8; ADCQ $0, DX; MOVQ DX, R9; MOVQ R8, 8+z; \ - MOVQ 16+x, AX; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; \ - MOVQ 24+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; \ - MOVQ 32+x, AX; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; \ - MOVQ 40+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; \ - MOVQ 48+x, AX; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX, R14; \ - \ - MOVQ 8+x, CX; \ - MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \ - ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; MOVQ R9,16+z; \ - MOVQ R15, AX; NEGQ AX; ANDQ 8+x, AX; ADDQ AX, DX; ADCQ $0, R11; MOVQ DX, R8; \ - ADDQ 8+x, CX; ADCQ $0, R15; \ - MOVQ 16+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; ADDQ R8, R10; ADCQ $0, DX; MOVQ DX, R8; MOVQ R10, 24+z; \ - MOVQ 24+x, AX; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; ADDQ R8, R11; ADCQ $0, DX; MOVQ DX, R8; \ - MOVQ 32+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; ADDQ R8, R12; ADCQ $0, DX; MOVQ DX, R8; \ - MOVQ 40+x, AX; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; ADDQ R8, R13; ADCQ $0, DX; MOVQ DX, R8; \ - MOVQ 48+x, AX; MULQ CX; ADDQ AX, R14; ADCQ $0, DX; ADDQ R8, R14; ADCQ $0, DX; MOVQ DX, R9; \ - \ - MOVQ 16+x, CX; \ - MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \ - ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; MOVQ R11, 32+z; \ - MOVQ R15, AX; NEGQ AX; ANDQ 16+x,AX; ADDQ AX, DX; ADCQ $0, R13; MOVQ DX, R8; \ - ADDQ 16+x, CX; ADCQ $0, R15; \ - MOVQ 24+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; ADDQ R8, R12; ADCQ $0, DX; MOVQ DX, R8; MOVQ R12, 40+z; \ - MOVQ 32+x, AX; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; ADDQ R8, R13; ADCQ $0, DX; MOVQ DX, R8; \ - MOVQ 40+x, AX; MULQ CX; ADDQ AX, R14; ADCQ $0, DX; ADDQ R8, R14; ADCQ $0, DX; MOVQ DX, R8; \ - MOVQ 48+x, AX; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; ADDQ R8, R9; ADCQ $0, DX; MOVQ DX,R10; \ - \ - MOVQ 24+x, CX; \ - MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \ - ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; MOVQ R13, 48+z; \ - MOVQ R15, AX; NEGQ AX; ANDQ 24+x,AX; ADDQ AX, DX; ADCQ $0, R9; MOVQ DX, R8; \ - ADDQ 24+x, CX; ADCQ $0, R15; \ - MOVQ 32+x, AX; MULQ CX; ADDQ AX, R14; ADCQ $0, DX; ADDQ R8, R14; ADCQ $0, DX; MOVQ DX, R8; MOVQ R14, 56+z; \ - MOVQ 40+x, AX; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; ADDQ R8, R9; ADCQ $0, DX; MOVQ DX, R8; \ - MOVQ 48+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; ADDQ R8, R10; ADCQ $0, DX; MOVQ DX,R11; \ - \ - MOVQ 32+x, CX; \ - MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \ - ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; MOVQ R9, 64+z; \ - MOVQ R15, AX; NEGQ AX; ANDQ 32+x,AX; ADDQ AX, DX; ADCQ $0, R11; MOVQ DX, R8; \ - ADDQ 32+x, CX; ADCQ $0, R15; \ - MOVQ 40+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; ADDQ R8, R10; ADCQ $0, DX; MOVQ DX, R8; MOVQ R10, 72+z; \ - MOVQ 48+x, AX; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; ADDQ R8, R11; ADCQ $0, DX; MOVQ DX,R12; \ - \ - XORL R13, R13; \ - XORL R14, R14; \ - MOVQ 40+x, CX; \ - MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \ - ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; MOVQ R11, 80+z; \ - MOVQ R15, AX; NEGQ AX; ANDQ 40+x,AX; ADDQ AX, DX; ADCQ $0, R13; MOVQ DX, R8; \ - ADDQ 40+x, CX; ADCQ $0, R15; \ - MOVQ 48+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; ADDQ R8, R12; ADCQ $0, DX; MOVQ DX, R8; MOVQ R12, 88+z; \ - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADDQ R8, R13; ADCQ $0,R14; \ - \ - XORL R9, R9; \ - MOVQ 48+x, CX; \ - MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \ - ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; MOVQ R13, 96+z; \ - MOVQ R15, AX; NEGQ AX; ANDQ 48+x,AX; ADDQ AX, DX; ADCQ $0, R9; MOVQ DX, R8; \ - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADDQ R8,R14; ADCQ $0, R9; MOVQ R14, 104+z; - - -// integerSqrAdx squares x and stores in z -// Uses: AX, CX, DX, R8-R15, FLAGS -// Instr: x86_64, bmi2, adx -#define integerSqrAdx(z,x) \ - XORL R15, R15; \ - MOVQ 0+x, DX; \ - ;;;;;;;;;;;;;; MULXQ DX, AX, R8; MOVQ AX, 0+z; \ - ADDQ DX, DX; ADCQ $0, R15; CLC; \ - MULXQ 8+x, AX, R9; ADCXQ AX, R8; MOVQ R8, 8+z; \ - MULXQ 16+x, AX, R10; ADCXQ AX, R9; MOVQ $0, R8;\ - MULXQ 24+x, AX, R11; ADCXQ AX, R10; \ - MULXQ 32+x, AX, R12; ADCXQ AX, R11; \ - MULXQ 40+x, AX, R13; ADCXQ AX, R12; \ - MULXQ 48+x, AX, R14; ADCXQ AX, R13; \ - ;;;;;;;;;;;;;;;;;;;; ADCXQ R8, R14; \ - \ - MOVQ 8+x, DX; \ - MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \ - MULXQ AX, AX, CX; \ - MOVQ R15, R8; NEGQ R8; ANDQ 8+x, R8; \ - ADDQ AX, R9; MOVQ R9, 16+z; \ - ADCQ CX, R8; \ - ADCQ $0, R11; \ - ADDQ 8+x, DX; \ - ADCQ $0, R15; \ - XORL R9, R9; ;;;;;;;;;;;;;;;;;;;;; ADOXQ R8, R10; \ - MULXQ 16+x, AX, CX; ADCXQ AX, R10; ADOXQ CX, R11; MOVQ R10, 24+z; \ - MULXQ 24+x, AX, CX; ADCXQ AX, R11; ADOXQ CX, R12; MOVQ $0, R10; \ - MULXQ 32+x, AX, CX; ADCXQ AX, R12; ADOXQ CX, R13; \ - MULXQ 40+x, AX, CX; ADCXQ AX, R13; ADOXQ CX, R14; \ - MULXQ 48+x, AX, CX; ADCXQ AX, R14; ADOXQ CX, R9; \ - ;;;;;;;;;;;;;;;;;;; ADCXQ R10, R9; \ - \ - MOVQ 16+x, DX; \ - MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \ - MULXQ AX, AX, CX; \ - MOVQ R15, R8; NEGQ R8; ANDQ 16+x, R8; \ - ADDQ AX, R11; MOVQ R11, 32+z; \ - ADCQ CX, R8; \ - ADCQ $0, R13; \ - ADDQ 16+x, DX; \ - ADCQ $0, R15; \ - XORL R11, R11; ;;;;;;;;;;;;;;;;;;; ADOXQ R8, R12; \ - MULXQ 24+x, AX, CX; ADCXQ AX, R12; ADOXQ CX, R13; MOVQ R12, 40+z; \ - MULXQ 32+x, AX, CX; ADCXQ AX, R13; ADOXQ CX, R14; MOVQ $0, R12; \ - MULXQ 40+x, AX, CX; ADCXQ AX, R14; ADOXQ CX, R9; \ - MULXQ 48+x, AX, CX; ADCXQ AX, R9; ADOXQ CX, R10; \ - ;;;;;;;;;;;;;;;;;;; ADCXQ R11,R10; \ - \ - MOVQ 24+x, DX; \ - MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \ - MULXQ AX, AX, CX; \ - MOVQ R15, R8; NEGQ R8; ANDQ 24+x, R8; \ - ADDQ AX, R13; MOVQ R13, 48+z; \ - ADCQ CX, R8; \ - ADCQ $0, R9; \ - ADDQ 24+x, DX; \ - ADCQ $0, R15; \ - XORL R13, R13; ;;;;;;;;;;;;;;;;;;; ADOXQ R8, R14; \ - MULXQ 32+x, AX, CX; ADCXQ AX, R14; ADOXQ CX, R9; MOVQ R14, 56+z; \ - MULXQ 40+x, AX, CX; ADCXQ AX, R9; ADOXQ CX, R10; MOVQ $0, R14; \ - MULXQ 48+x, AX, CX; ADCXQ AX, R10; ADOXQ CX, R11; \ - ;;;;;;;;;;;;;;;;;;; ADCXQ R12,R11; \ - \ - MOVQ 32+x, DX; \ - MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \ - MULXQ AX, AX, CX; \ - MOVQ R15, R8; NEGQ R8; ANDQ 32+x, R8; \ - ADDQ AX, R9; MOVQ R9, 64+z; \ - ADCQ CX, R8; \ - ADCQ $0, R11; \ - ADDQ 32+x, DX; \ - ADCQ $0, R15; \ - XORL R9, R9; ;;;;;;;;;;;;;;;;;;;;; ADOXQ R8, R10; \ - MULXQ 40+x, AX, CX; ADCXQ AX, R10; ADOXQ CX, R11; MOVQ R10, 72+z; \ - MULXQ 48+x, AX, CX; ADCXQ AX, R11; ADOXQ CX, R12; \ - ;;;;;;;;;;;;;;;;;;; ADCXQ R13,R12; \ - \ - MOVQ 40+x, DX; \ - MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \ - MULXQ AX, AX, CX; \ - MOVQ R15, R8; NEGQ R8; ANDQ 40+x, R8; \ - ADDQ AX, R11; MOVQ R11, 80+z; \ - ADCQ CX, R8; \ - ADCQ $0, R13; \ - ADDQ 40+x, DX; \ - ADCQ $0, R15; \ - XORL R11, R11; ;;;;;;;;;;;;;;;;;;; ADOXQ R8, R12; \ - MULXQ 48+x, AX, CX; ADCXQ AX, R12; ADOXQ CX, R13; MOVQ R12, 88+z; \ - ;;;;;;;;;;;;;;;;;;; ADCXQ R14,R13; \ - \ - MOVQ 48+x, DX; \ - MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \ - MULXQ AX, AX, CX; \ - MOVQ R15, R8; NEGQ R8; ANDQ 48+x, R8; \ - XORL R10, R10; ;;;;;;;;;;;;;; ADOXQ CX, R14; \ - ;;;;;;;;;;;;;; ADCXQ AX, R13; ;;;;;;;;;;;;;; MOVQ R13, 96+z; \ - ;;;;;;;;;;;;;; ADCXQ R8, R14; MOVQ R14, 104+z; - -// reduceFromDoubleLeg finds a z=x modulo p such that z<2^448 and stores in z -// Uses: AX, R8-R15, FLAGS -// Instr: x86_64 -#define reduceFromDoubleLeg(z,x) \ - /* ( ,2C13,2C12,2C11,2C10|C10,C9,C8, C7) + (C6,...,C0) */ \ - /* (r14, r13, r12, r11, r10,r9,r8,r15) */ \ - MOVQ 80+x,AX; MOVQ AX,R10; \ - MOVQ $0xFFFFFFFF00000000, R8; \ - ANDQ R8,R10; \ - \ - MOVQ $0,R14; \ - MOVQ 104+x,R13; SHLQ $1,R13,R14; \ - MOVQ 96+x,R12; SHLQ $1,R12,R13; \ - MOVQ 88+x,R11; SHLQ $1,R11,R12; \ - MOVQ 72+x, R9; SHLQ $1,R10,R11; \ - MOVQ 64+x, R8; SHLQ $1,R10; \ - MOVQ $0xFFFFFFFF,R15; ANDQ R15,AX; ORQ AX,R10; \ - MOVQ 56+x,R15; \ - \ - ADDQ 0+x,R15; MOVQ R15, 0+z; MOVQ 56+x,R15; \ - ADCQ 8+x, R8; MOVQ R8, 8+z; MOVQ 64+x, R8; \ - ADCQ 16+x, R9; MOVQ R9,16+z; MOVQ 72+x, R9; \ - ADCQ 24+x,R10; MOVQ R10,24+z; MOVQ 80+x,R10; \ - ADCQ 32+x,R11; MOVQ R11,32+z; MOVQ 88+x,R11; \ - ADCQ 40+x,R12; MOVQ R12,40+z; MOVQ 96+x,R12; \ - ADCQ 48+x,R13; MOVQ R13,48+z; MOVQ 104+x,R13; \ - ADCQ $0,R14; \ - /* (c10c9,c9c8,c8c7,c7c13,c13c12,c12c11,c11c10) + (c6,...,c0) */ \ - /* ( r9, r8, r15, r13, r12, r11, r10) */ \ - MOVQ R10, AX; \ - SHRQ $32,R11,R10; \ - SHRQ $32,R12,R11; \ - SHRQ $32,R13,R12; \ - SHRQ $32,R15,R13; \ - SHRQ $32, R8,R15; \ - SHRQ $32, R9, R8; \ - SHRQ $32, AX, R9; \ - \ - ADDQ 0+z,R10; \ - ADCQ 8+z,R11; \ - ADCQ 16+z,R12; \ - ADCQ 24+z,R13; \ - ADCQ 32+z,R15; \ - ADCQ 40+z, R8; \ - ADCQ 48+z, R9; \ - ADCQ $0,R14; \ - /* ( c7) + (c6,...,c0) */ \ - /* (r14) */ \ - MOVQ R14, AX; SHLQ $32, AX; \ - ADDQ R14,R10; MOVQ $0,R14; \ - ADCQ $0,R11; \ - ADCQ $0,R12; \ - ADCQ AX,R13; \ - ADCQ $0,R15; \ - ADCQ $0, R8; \ - ADCQ $0, R9; \ - ADCQ $0,R14; \ - /* ( c7) + (c6,...,c0) */ \ - /* (r14) */ \ - MOVQ R14, AX; SHLQ $32,AX; \ - ADDQ R14,R10; MOVQ R10, 0+z; \ - ADCQ $0,R11; MOVQ R11, 8+z; \ - ADCQ $0,R12; MOVQ R12,16+z; \ - ADCQ AX,R13; MOVQ R13,24+z; \ - ADCQ $0,R15; MOVQ R15,32+z; \ - ADCQ $0, R8; MOVQ R8,40+z; \ - ADCQ $0, R9; MOVQ R9,48+z; - -// reduceFromDoubleAdx finds a z=x modulo p such that z<2^448 and stores in z -// Uses: AX, R8-R15, FLAGS -// Instr: x86_64, adx -#define reduceFromDoubleAdx(z,x) \ - /* ( ,2C13,2C12,2C11,2C10|C10,C9,C8, C7) + (C6,...,C0) */ \ - /* (r14, r13, r12, r11, r10,r9,r8,r15) */ \ - MOVQ 80+x,AX; MOVQ AX,R10; \ - MOVQ $0xFFFFFFFF00000000, R8; \ - ANDQ R8,R10; \ - \ - MOVQ $0,R14; \ - MOVQ 104+x,R13; SHLQ $1,R13,R14; \ - MOVQ 96+x,R12; SHLQ $1,R12,R13; \ - MOVQ 88+x,R11; SHLQ $1,R11,R12; \ - MOVQ 72+x, R9; SHLQ $1,R10,R11; \ - MOVQ 64+x, R8; SHLQ $1,R10; \ - MOVQ $0xFFFFFFFF,R15; ANDQ R15,AX; ORQ AX,R10; \ - MOVQ 56+x,R15; \ - \ - XORL AX,AX; \ - ADCXQ 0+x,R15; MOVQ R15, 0+z; MOVQ 56+x,R15; \ - ADCXQ 8+x, R8; MOVQ R8, 8+z; MOVQ 64+x, R8; \ - ADCXQ 16+x, R9; MOVQ R9,16+z; MOVQ 72+x, R9; \ - ADCXQ 24+x,R10; MOVQ R10,24+z; MOVQ 80+x,R10; \ - ADCXQ 32+x,R11; MOVQ R11,32+z; MOVQ 88+x,R11; \ - ADCXQ 40+x,R12; MOVQ R12,40+z; MOVQ 96+x,R12; \ - ADCXQ 48+x,R13; MOVQ R13,48+z; MOVQ 104+x,R13; \ - ADCXQ AX,R14; \ - /* (c10c9,c9c8,c8c7,c7c13,c13c12,c12c11,c11c10) + (c6,...,c0) */ \ - /* ( r9, r8, r15, r13, r12, r11, r10) */ \ - MOVQ R10, AX; \ - SHRQ $32,R11,R10; \ - SHRQ $32,R12,R11; \ - SHRQ $32,R13,R12; \ - SHRQ $32,R15,R13; \ - SHRQ $32, R8,R15; \ - SHRQ $32, R9, R8; \ - SHRQ $32, AX, R9; \ - \ - XORL AX,AX; \ - ADCXQ 0+z,R10; \ - ADCXQ 8+z,R11; \ - ADCXQ 16+z,R12; \ - ADCXQ 24+z,R13; \ - ADCXQ 32+z,R15; \ - ADCXQ 40+z, R8; \ - ADCXQ 48+z, R9; \ - ADCXQ AX,R14; \ - /* ( c7) + (c6,...,c0) */ \ - /* (r14) */ \ - MOVQ R14, AX; SHLQ $32, AX; \ - CLC; \ - ADCXQ R14,R10; MOVQ $0,R14; \ - ADCXQ R14,R11; \ - ADCXQ R14,R12; \ - ADCXQ AX,R13; \ - ADCXQ R14,R15; \ - ADCXQ R14, R8; \ - ADCXQ R14, R9; \ - ADCXQ R14,R14; \ - /* ( c7) + (c6,...,c0) */ \ - /* (r14) */ \ - MOVQ R14, AX; SHLQ $32, AX; \ - CLC; \ - ADCXQ R14,R10; MOVQ R10, 0+z; MOVQ $0,R14; \ - ADCXQ R14,R11; MOVQ R11, 8+z; \ - ADCXQ R14,R12; MOVQ R12,16+z; \ - ADCXQ AX,R13; MOVQ R13,24+z; \ - ADCXQ R14,R15; MOVQ R15,32+z; \ - ADCXQ R14, R8; MOVQ R8,40+z; \ - ADCXQ R14, R9; MOVQ R9,48+z; - -// addSub calculates two operations: x,y = x+y,x-y -// Uses: AX, DX, R8-R15, FLAGS -#define addSub(x,y) \ - MOVQ 0+x, R8; ADDQ 0+y, R8; \ - MOVQ 8+x, R9; ADCQ 8+y, R9; \ - MOVQ 16+x, R10; ADCQ 16+y, R10; \ - MOVQ 24+x, R11; ADCQ 24+y, R11; \ - MOVQ 32+x, R12; ADCQ 32+y, R12; \ - MOVQ 40+x, R13; ADCQ 40+y, R13; \ - MOVQ 48+x, R14; ADCQ 48+y, R14; \ - MOVQ $0, AX; ADCQ $0, AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - ADDQ AX, R8; MOVQ $0, AX; \ - ADCQ $0, R9; \ - ADCQ $0, R10; \ - ADCQ DX, R11; \ - ADCQ $0, R12; \ - ADCQ $0, R13; \ - ADCQ $0, R14; \ - ADCQ $0, AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - ADDQ AX, R8; MOVQ 0+x,AX; MOVQ R8, 0+x; MOVQ AX, R8; \ - ADCQ $0, R9; MOVQ 8+x,AX; MOVQ R9, 8+x; MOVQ AX, R9; \ - ADCQ $0, R10; MOVQ 16+x,AX; MOVQ R10, 16+x; MOVQ AX, R10; \ - ADCQ DX, R11; MOVQ 24+x,AX; MOVQ R11, 24+x; MOVQ AX, R11; \ - ADCQ $0, R12; MOVQ 32+x,AX; MOVQ R12, 32+x; MOVQ AX, R12; \ - ADCQ $0, R13; MOVQ 40+x,AX; MOVQ R13, 40+x; MOVQ AX, R13; \ - ADCQ $0, R14; MOVQ 48+x,AX; MOVQ R14, 48+x; MOVQ AX, R14; \ - SUBQ 0+y, R8; \ - SBBQ 8+y, R9; \ - SBBQ 16+y, R10; \ - SBBQ 24+y, R11; \ - SBBQ 32+y, R12; \ - SBBQ 40+y, R13; \ - SBBQ 48+y, R14; \ - MOVQ $0, AX; SETCS AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - SUBQ AX, R8; MOVQ $0, AX; \ - SBBQ $0, R9; \ - SBBQ $0, R10; \ - SBBQ DX, R11; \ - SBBQ $0, R12; \ - SBBQ $0, R13; \ - SBBQ $0, R14; \ - SETCS AX; \ - MOVQ AX, DX; \ - SHLQ $32, DX; \ - SUBQ AX, R8; MOVQ R8, 0+y; \ - SBBQ $0, R9; MOVQ R9, 8+y; \ - SBBQ $0, R10; MOVQ R10, 16+y; \ - SBBQ DX, R11; MOVQ R11, 24+y; \ - SBBQ $0, R12; MOVQ R12, 32+y; \ - SBBQ $0, R13; MOVQ R13, 40+y; \ - SBBQ $0, R14; MOVQ R14, 48+y; diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s deleted file mode 100644 index 3f1f07c986..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s +++ /dev/null @@ -1,75 +0,0 @@ -//go:build amd64 && !purego -// +build amd64,!purego - -#include "textflag.h" -#include "fp_amd64.h" - -// func cmovAmd64(x, y *Elt, n uint) -TEXT ·cmovAmd64(SB),NOSPLIT,$0-24 - MOVQ x+0(FP), DI - MOVQ y+8(FP), SI - MOVQ n+16(FP), BX - cselect(0(DI),0(SI),BX) - RET - -// func cswapAmd64(x, y *Elt, n uint) -TEXT ·cswapAmd64(SB),NOSPLIT,$0-24 - MOVQ x+0(FP), DI - MOVQ y+8(FP), SI - MOVQ n+16(FP), BX - cswap(0(DI),0(SI),BX) - RET - -// func subAmd64(z, x, y *Elt) -TEXT ·subAmd64(SB),NOSPLIT,$0-24 - MOVQ z+0(FP), DI - MOVQ x+8(FP), SI - MOVQ y+16(FP), BX - subtraction(0(DI),0(SI),0(BX)) - RET - -// func addsubAmd64(x, y *Elt) -TEXT ·addsubAmd64(SB),NOSPLIT,$0-16 - MOVQ x+0(FP), DI - MOVQ y+8(FP), SI - addSub(0(DI),0(SI)) - RET - -#define addLegacy \ - additionLeg(0(DI),0(SI),0(BX)) -#define addBmi2Adx \ - additionAdx(0(DI),0(SI),0(BX)) - -#define mulLegacy \ - integerMulLeg(0(SP),0(SI),0(BX)) \ - reduceFromDoubleLeg(0(DI),0(SP)) -#define mulBmi2Adx \ - integerMulAdx(0(SP),0(SI),0(BX)) \ - reduceFromDoubleAdx(0(DI),0(SP)) - -#define sqrLegacy \ - integerSqrLeg(0(SP),0(SI)) \ - reduceFromDoubleLeg(0(DI),0(SP)) -#define sqrBmi2Adx \ - integerSqrAdx(0(SP),0(SI)) \ - reduceFromDoubleAdx(0(DI),0(SP)) - -// func addAmd64(z, x, y *Elt) -TEXT ·addAmd64(SB),NOSPLIT,$0-24 - MOVQ z+0(FP), DI - MOVQ x+8(FP), SI - MOVQ y+16(FP), BX - CHECK_BMI2ADX(LADD, addLegacy, addBmi2Adx) - -// func mulAmd64(z, x, y *Elt) -TEXT ·mulAmd64(SB),NOSPLIT,$112-24 - MOVQ z+0(FP), DI - MOVQ x+8(FP), SI - MOVQ y+16(FP), BX - CHECK_BMI2ADX(LMUL, mulLegacy, mulBmi2Adx) - -// func sqrAmd64(z, x *Elt) -TEXT ·sqrAmd64(SB),NOSPLIT,$112-16 - MOVQ z+0(FP), DI - MOVQ x+8(FP), SI - CHECK_BMI2ADX(LSQR, sqrLegacy, sqrBmi2Adx) diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go b/vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go deleted file mode 100644 index 47a0b63205..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go +++ /dev/null @@ -1,339 +0,0 @@ -package fp448 - -import ( - "encoding/binary" - "math/bits" -) - -func cmovGeneric(x, y *Elt, n uint) { - m := -uint64(n & 0x1) - x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8]) - x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8]) - x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8]) - x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8]) - x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8]) - x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8]) - x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8]) - - y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8]) - y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8]) - y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8]) - y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8]) - y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8]) - y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8]) - y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8]) - - x0 = (x0 &^ m) | (y0 & m) - x1 = (x1 &^ m) | (y1 & m) - x2 = (x2 &^ m) | (y2 & m) - x3 = (x3 &^ m) | (y3 & m) - x4 = (x4 &^ m) | (y4 & m) - x5 = (x5 &^ m) | (y5 & m) - x6 = (x6 &^ m) | (y6 & m) - - binary.LittleEndian.PutUint64(x[0*8:1*8], x0) - binary.LittleEndian.PutUint64(x[1*8:2*8], x1) - binary.LittleEndian.PutUint64(x[2*8:3*8], x2) - binary.LittleEndian.PutUint64(x[3*8:4*8], x3) - binary.LittleEndian.PutUint64(x[4*8:5*8], x4) - binary.LittleEndian.PutUint64(x[5*8:6*8], x5) - binary.LittleEndian.PutUint64(x[6*8:7*8], x6) -} - -func cswapGeneric(x, y *Elt, n uint) { - m := -uint64(n & 0x1) - x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8]) - x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8]) - x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8]) - x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8]) - x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8]) - x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8]) - x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8]) - - y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8]) - y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8]) - y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8]) - y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8]) - y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8]) - y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8]) - y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8]) - - t0 := m & (x0 ^ y0) - t1 := m & (x1 ^ y1) - t2 := m & (x2 ^ y2) - t3 := m & (x3 ^ y3) - t4 := m & (x4 ^ y4) - t5 := m & (x5 ^ y5) - t6 := m & (x6 ^ y6) - x0 ^= t0 - x1 ^= t1 - x2 ^= t2 - x3 ^= t3 - x4 ^= t4 - x5 ^= t5 - x6 ^= t6 - y0 ^= t0 - y1 ^= t1 - y2 ^= t2 - y3 ^= t3 - y4 ^= t4 - y5 ^= t5 - y6 ^= t6 - - binary.LittleEndian.PutUint64(x[0*8:1*8], x0) - binary.LittleEndian.PutUint64(x[1*8:2*8], x1) - binary.LittleEndian.PutUint64(x[2*8:3*8], x2) - binary.LittleEndian.PutUint64(x[3*8:4*8], x3) - binary.LittleEndian.PutUint64(x[4*8:5*8], x4) - binary.LittleEndian.PutUint64(x[5*8:6*8], x5) - binary.LittleEndian.PutUint64(x[6*8:7*8], x6) - - binary.LittleEndian.PutUint64(y[0*8:1*8], y0) - binary.LittleEndian.PutUint64(y[1*8:2*8], y1) - binary.LittleEndian.PutUint64(y[2*8:3*8], y2) - binary.LittleEndian.PutUint64(y[3*8:4*8], y3) - binary.LittleEndian.PutUint64(y[4*8:5*8], y4) - binary.LittleEndian.PutUint64(y[5*8:6*8], y5) - binary.LittleEndian.PutUint64(y[6*8:7*8], y6) -} - -func addGeneric(z, x, y *Elt) { - x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8]) - x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8]) - x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8]) - x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8]) - x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8]) - x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8]) - x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8]) - - y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8]) - y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8]) - y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8]) - y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8]) - y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8]) - y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8]) - y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8]) - - z0, c0 := bits.Add64(x0, y0, 0) - z1, c1 := bits.Add64(x1, y1, c0) - z2, c2 := bits.Add64(x2, y2, c1) - z3, c3 := bits.Add64(x3, y3, c2) - z4, c4 := bits.Add64(x4, y4, c3) - z5, c5 := bits.Add64(x5, y5, c4) - z6, z7 := bits.Add64(x6, y6, c5) - - z0, c0 = bits.Add64(z0, z7, 0) - z1, c1 = bits.Add64(z1, 0, c0) - z2, c2 = bits.Add64(z2, 0, c1) - z3, c3 = bits.Add64(z3, z7<<32, c2) - z4, c4 = bits.Add64(z4, 0, c3) - z5, c5 = bits.Add64(z5, 0, c4) - z6, z7 = bits.Add64(z6, 0, c5) - - z0, c0 = bits.Add64(z0, z7, 0) - z1, c1 = bits.Add64(z1, 0, c0) - z2, c2 = bits.Add64(z2, 0, c1) - z3, c3 = bits.Add64(z3, z7<<32, c2) - z4, c4 = bits.Add64(z4, 0, c3) - z5, c5 = bits.Add64(z5, 0, c4) - z6, _ = bits.Add64(z6, 0, c5) - - binary.LittleEndian.PutUint64(z[0*8:1*8], z0) - binary.LittleEndian.PutUint64(z[1*8:2*8], z1) - binary.LittleEndian.PutUint64(z[2*8:3*8], z2) - binary.LittleEndian.PutUint64(z[3*8:4*8], z3) - binary.LittleEndian.PutUint64(z[4*8:5*8], z4) - binary.LittleEndian.PutUint64(z[5*8:6*8], z5) - binary.LittleEndian.PutUint64(z[6*8:7*8], z6) -} - -func subGeneric(z, x, y *Elt) { - x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8]) - x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8]) - x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8]) - x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8]) - x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8]) - x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8]) - x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8]) - - y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8]) - y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8]) - y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8]) - y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8]) - y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8]) - y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8]) - y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8]) - - z0, c0 := bits.Sub64(x0, y0, 0) - z1, c1 := bits.Sub64(x1, y1, c0) - z2, c2 := bits.Sub64(x2, y2, c1) - z3, c3 := bits.Sub64(x3, y3, c2) - z4, c4 := bits.Sub64(x4, y4, c3) - z5, c5 := bits.Sub64(x5, y5, c4) - z6, z7 := bits.Sub64(x6, y6, c5) - - z0, c0 = bits.Sub64(z0, z7, 0) - z1, c1 = bits.Sub64(z1, 0, c0) - z2, c2 = bits.Sub64(z2, 0, c1) - z3, c3 = bits.Sub64(z3, z7<<32, c2) - z4, c4 = bits.Sub64(z4, 0, c3) - z5, c5 = bits.Sub64(z5, 0, c4) - z6, z7 = bits.Sub64(z6, 0, c5) - - z0, c0 = bits.Sub64(z0, z7, 0) - z1, c1 = bits.Sub64(z1, 0, c0) - z2, c2 = bits.Sub64(z2, 0, c1) - z3, c3 = bits.Sub64(z3, z7<<32, c2) - z4, c4 = bits.Sub64(z4, 0, c3) - z5, c5 = bits.Sub64(z5, 0, c4) - z6, _ = bits.Sub64(z6, 0, c5) - - binary.LittleEndian.PutUint64(z[0*8:1*8], z0) - binary.LittleEndian.PutUint64(z[1*8:2*8], z1) - binary.LittleEndian.PutUint64(z[2*8:3*8], z2) - binary.LittleEndian.PutUint64(z[3*8:4*8], z3) - binary.LittleEndian.PutUint64(z[4*8:5*8], z4) - binary.LittleEndian.PutUint64(z[5*8:6*8], z5) - binary.LittleEndian.PutUint64(z[6*8:7*8], z6) -} - -func addsubGeneric(x, y *Elt) { - z := &Elt{} - addGeneric(z, x, y) - subGeneric(y, x, y) - *x = *z -} - -func mulGeneric(z, x, y *Elt) { - x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8]) - x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8]) - x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8]) - x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8]) - x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8]) - x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8]) - x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8]) - - y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8]) - y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8]) - y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8]) - y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8]) - y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8]) - y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8]) - y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8]) - - yy := [7]uint64{y0, y1, y2, y3, y4, y5, y6} - zz := [7]uint64{} - - yi := yy[0] - h0, l0 := bits.Mul64(x0, yi) - h1, l1 := bits.Mul64(x1, yi) - h2, l2 := bits.Mul64(x2, yi) - h3, l3 := bits.Mul64(x3, yi) - h4, l4 := bits.Mul64(x4, yi) - h5, l5 := bits.Mul64(x5, yi) - h6, l6 := bits.Mul64(x6, yi) - - zz[0] = l0 - a0, c0 := bits.Add64(h0, l1, 0) - a1, c1 := bits.Add64(h1, l2, c0) - a2, c2 := bits.Add64(h2, l3, c1) - a3, c3 := bits.Add64(h3, l4, c2) - a4, c4 := bits.Add64(h4, l5, c3) - a5, c5 := bits.Add64(h5, l6, c4) - a6, _ := bits.Add64(h6, 0, c5) - - for i := 1; i < 7; i++ { - yi = yy[i] - h0, l0 = bits.Mul64(x0, yi) - h1, l1 = bits.Mul64(x1, yi) - h2, l2 = bits.Mul64(x2, yi) - h3, l3 = bits.Mul64(x3, yi) - h4, l4 = bits.Mul64(x4, yi) - h5, l5 = bits.Mul64(x5, yi) - h6, l6 = bits.Mul64(x6, yi) - - zz[i], c0 = bits.Add64(a0, l0, 0) - a0, c1 = bits.Add64(a1, l1, c0) - a1, c2 = bits.Add64(a2, l2, c1) - a2, c3 = bits.Add64(a3, l3, c2) - a3, c4 = bits.Add64(a4, l4, c3) - a4, c5 = bits.Add64(a5, l5, c4) - a5, a6 = bits.Add64(a6, l6, c5) - - a0, c0 = bits.Add64(a0, h0, 0) - a1, c1 = bits.Add64(a1, h1, c0) - a2, c2 = bits.Add64(a2, h2, c1) - a3, c3 = bits.Add64(a3, h3, c2) - a4, c4 = bits.Add64(a4, h4, c3) - a5, c5 = bits.Add64(a5, h5, c4) - a6, _ = bits.Add64(a6, h6, c5) - } - red64(z, &zz, &[7]uint64{a0, a1, a2, a3, a4, a5, a6}) -} - -func sqrGeneric(z, x *Elt) { mulGeneric(z, x, x) } - -func red64(z *Elt, l, h *[7]uint64) { - /* (2C13, 2C12, 2C11, 2C10|C10, C9, C8, C7) + (C6,...,C0) */ - h0 := h[0] - h1 := h[1] - h2 := h[2] - h3 := ((h[3] & (0xFFFFFFFF << 32)) << 1) | (h[3] & 0xFFFFFFFF) - h4 := (h[3] >> 63) | (h[4] << 1) - h5 := (h[4] >> 63) | (h[5] << 1) - h6 := (h[5] >> 63) | (h[6] << 1) - h7 := (h[6] >> 63) - - l0, c0 := bits.Add64(h0, l[0], 0) - l1, c1 := bits.Add64(h1, l[1], c0) - l2, c2 := bits.Add64(h2, l[2], c1) - l3, c3 := bits.Add64(h3, l[3], c2) - l4, c4 := bits.Add64(h4, l[4], c3) - l5, c5 := bits.Add64(h5, l[5], c4) - l6, c6 := bits.Add64(h6, l[6], c5) - l7, _ := bits.Add64(h7, 0, c6) - - /* (C10C9, C9C8,C8C7,C7C13,C13C12,C12C11,C11C10) + (C6,...,C0) */ - h0 = (h[3] >> 32) | (h[4] << 32) - h1 = (h[4] >> 32) | (h[5] << 32) - h2 = (h[5] >> 32) | (h[6] << 32) - h3 = (h[6] >> 32) | (h[0] << 32) - h4 = (h[0] >> 32) | (h[1] << 32) - h5 = (h[1] >> 32) | (h[2] << 32) - h6 = (h[2] >> 32) | (h[3] << 32) - - l0, c0 = bits.Add64(l0, h0, 0) - l1, c1 = bits.Add64(l1, h1, c0) - l2, c2 = bits.Add64(l2, h2, c1) - l3, c3 = bits.Add64(l3, h3, c2) - l4, c4 = bits.Add64(l4, h4, c3) - l5, c5 = bits.Add64(l5, h5, c4) - l6, c6 = bits.Add64(l6, h6, c5) - l7, _ = bits.Add64(l7, 0, c6) - - /* (C7) + (C6,...,C0) */ - l0, c0 = bits.Add64(l0, l7, 0) - l1, c1 = bits.Add64(l1, 0, c0) - l2, c2 = bits.Add64(l2, 0, c1) - l3, c3 = bits.Add64(l3, l7<<32, c2) - l4, c4 = bits.Add64(l4, 0, c3) - l5, c5 = bits.Add64(l5, 0, c4) - l6, l7 = bits.Add64(l6, 0, c5) - - /* (C7) + (C6,...,C0) */ - l0, c0 = bits.Add64(l0, l7, 0) - l1, c1 = bits.Add64(l1, 0, c0) - l2, c2 = bits.Add64(l2, 0, c1) - l3, c3 = bits.Add64(l3, l7<<32, c2) - l4, c4 = bits.Add64(l4, 0, c3) - l5, c5 = bits.Add64(l5, 0, c4) - l6, _ = bits.Add64(l6, 0, c5) - - binary.LittleEndian.PutUint64(z[0*8:1*8], l0) - binary.LittleEndian.PutUint64(z[1*8:2*8], l1) - binary.LittleEndian.PutUint64(z[2*8:3*8], l2) - binary.LittleEndian.PutUint64(z[3*8:4*8], l3) - binary.LittleEndian.PutUint64(z[4*8:5*8], l4) - binary.LittleEndian.PutUint64(z[5*8:6*8], l5) - binary.LittleEndian.PutUint64(z[6*8:7*8], l6) -} diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go b/vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go deleted file mode 100644 index a62225d296..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go +++ /dev/null @@ -1,12 +0,0 @@ -//go:build !amd64 || purego -// +build !amd64 purego - -package fp448 - -func cmov(x, y *Elt, n uint) { cmovGeneric(x, y, n) } -func cswap(x, y *Elt, n uint) { cswapGeneric(x, y, n) } -func add(z, x, y *Elt) { addGeneric(z, x, y) } -func sub(z, x, y *Elt) { subGeneric(z, x, y) } -func addsub(x, y *Elt) { addsubGeneric(x, y) } -func mul(z, x, y *Elt) { mulGeneric(z, x, y) } -func sqr(z, x *Elt) { sqrGeneric(z, x) } diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go b/vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go deleted file mode 100644 index 2d7afc8059..0000000000 --- a/vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go +++ /dev/null @@ -1,75 +0,0 @@ -//go:build gofuzz -// +build gofuzz - -// How to run the fuzzer: -// -// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz -// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz-build -// $ go-fuzz-build -libfuzzer -func FuzzReduction -o lib.a -// $ clang -fsanitize=fuzzer lib.a -o fu.exe -// $ ./fu.exe -package fp448 - -import ( - "encoding/binary" - "fmt" - "math/big" - - "github.com/cloudflare/circl/internal/conv" -) - -// FuzzReduction is a fuzzer target for red64 function, which reduces t -// (112 bits) to a number t' (56 bits) congruent modulo p448. -func FuzzReduction(data []byte) int { - if len(data) != 2*Size { - return -1 - } - var got, want Elt - var lo, hi [7]uint64 - a := data[:Size] - b := data[Size:] - lo[0] = binary.LittleEndian.Uint64(a[0*8 : 1*8]) - lo[1] = binary.LittleEndian.Uint64(a[1*8 : 2*8]) - lo[2] = binary.LittleEndian.Uint64(a[2*8 : 3*8]) - lo[3] = binary.LittleEndian.Uint64(a[3*8 : 4*8]) - lo[4] = binary.LittleEndian.Uint64(a[4*8 : 5*8]) - lo[5] = binary.LittleEndian.Uint64(a[5*8 : 6*8]) - lo[6] = binary.LittleEndian.Uint64(a[6*8 : 7*8]) - - hi[0] = binary.LittleEndian.Uint64(b[0*8 : 1*8]) - hi[1] = binary.LittleEndian.Uint64(b[1*8 : 2*8]) - hi[2] = binary.LittleEndian.Uint64(b[2*8 : 3*8]) - hi[3] = binary.LittleEndian.Uint64(b[3*8 : 4*8]) - hi[4] = binary.LittleEndian.Uint64(b[4*8 : 5*8]) - hi[5] = binary.LittleEndian.Uint64(b[5*8 : 6*8]) - hi[6] = binary.LittleEndian.Uint64(b[6*8 : 7*8]) - - red64(&got, &lo, &hi) - - t := conv.BytesLe2BigInt(data[:2*Size]) - - two448 := big.NewInt(1) - two448.Lsh(two448, 448) // 2^448 - mask448 := big.NewInt(1) - mask448.Sub(two448, mask448) // 2^448-1 - two224plus1 := big.NewInt(1) - two224plus1.Lsh(two224plus1, 224) - two224plus1.Add(two224plus1, big.NewInt(1)) // 2^224+1 - - var loBig, hiBig big.Int - for t.Cmp(two448) >= 0 { - loBig.And(t, mask448) - hiBig.Rsh(t, 448) - t.Mul(&hiBig, two224plus1) - t.Add(t, &loBig) - } - conv.BigInt2BytesLe(want[:], t) - - if got != want { - fmt.Printf("in: %v\n", conv.BytesLe2BigInt(data[:2*Size])) - fmt.Printf("got: %v\n", got) - fmt.Printf("want: %v\n", want) - panic("error found") - } - return 1 -} diff --git a/vendor/github.com/cloudflare/circl/math/integer.go b/vendor/github.com/cloudflare/circl/math/integer.go deleted file mode 100644 index 9c80c23b59..0000000000 --- a/vendor/github.com/cloudflare/circl/math/integer.go +++ /dev/null @@ -1,16 +0,0 @@ -package math - -import "math/bits" - -// NextPow2 finds the next power of two (N=2^k, k>=0) greater than n. -// If n is already a power of two, then this function returns n, and log2(n). -func NextPow2(n uint) (N uint, k uint) { - if bits.OnesCount(n) == 1 { - k = uint(bits.TrailingZeros(n)) - N = n - } else { - k = uint(bits.Len(n)) - N = uint(1) << k - } - return -} diff --git a/vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go b/vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go deleted file mode 100644 index a43851b8bb..0000000000 --- a/vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go +++ /dev/null @@ -1,122 +0,0 @@ -// Package mlsbset provides a constant-time exponentiation method with precomputation. -// -// References: "Efficient and secure algorithms for GLV-based scalar -// multiplication and their implementation on GLV–GLS curves" by (Faz-Hernandez et al.) -// - https://doi.org/10.1007/s13389-014-0085-7 -// - https://eprint.iacr.org/2013/158 -package mlsbset - -import ( - "errors" - "fmt" - "math/big" - - "github.com/cloudflare/circl/internal/conv" -) - -// EltG is a group element. -type EltG interface{} - -// EltP is a precomputed group element. -type EltP interface{} - -// Group defines the operations required by MLSBSet exponentiation method. -type Group interface { - Identity() EltG // Returns the identity of the group. - Sqr(x EltG) // Calculates x = x^2. - Mul(x EltG, y EltP) // Calculates x = x*y. - NewEltP() EltP // Returns an arbitrary precomputed element. - ExtendedEltP() EltP // Returns the precomputed element x^(2^(w*d)). - Lookup(a EltP, v uint, s, u int32) // Sets a = s*T[v][u]. -} - -// Params contains the parameters of the encoding. -type Params struct { - T uint // T is the maximum size (in bits) of exponents. - V uint // V is the number of tables. - W uint // W is the window size. - E uint // E is the number of digits per table. - D uint // D is the number of digits in total. - L uint // L is the length of the code. -} - -// Encoder allows to convert integers into valid powers. -type Encoder struct{ p Params } - -// New produces an encoder of the MLSBSet algorithm. -func New(t, v, w uint) (Encoder, error) { - if !(t > 1 && v >= 1 && w >= 2) { - return Encoder{}, errors.New("t>1, v>=1, w>=2") - } - e := (t + w*v - 1) / (w * v) - d := e * v - l := d * w - return Encoder{Params{t, v, w, e, d, l}}, nil -} - -// Encode converts an odd integer k into a valid power for exponentiation. -func (m Encoder) Encode(k []byte) (*Power, error) { - if len(k) == 0 { - return nil, errors.New("empty slice") - } - if !(len(k) <= int(m.p.L+7)>>3) { - return nil, errors.New("k too big") - } - if k[0]%2 == 0 { - return nil, errors.New("k must be odd") - } - ap := int((m.p.L+7)/8) - len(k) - k = append(k, make([]byte, ap)...) - s := m.signs(k) - b := make([]int32, m.p.L-m.p.D) - c := conv.BytesLe2BigInt(k) - c.Rsh(c, m.p.D) - var bi big.Int - for i := m.p.D; i < m.p.L; i++ { - c0 := int32(c.Bit(0)) - b[i-m.p.D] = s[i%m.p.D] * c0 - bi.SetInt64(int64(b[i-m.p.D] >> 1)) - c.Rsh(c, 1) - c.Sub(c, &bi) - } - carry := int(c.Int64()) - return &Power{m, s, b, carry}, nil -} - -// signs calculates the set of signs. -func (m Encoder) signs(k []byte) []int32 { - s := make([]int32, m.p.D) - s[m.p.D-1] = 1 - for i := uint(1); i < m.p.D; i++ { - ki := int32((k[i>>3] >> (i & 0x7)) & 0x1) - s[i-1] = 2*ki - 1 - } - return s -} - -// GetParams returns the complementary parameters of the encoding. -func (m Encoder) GetParams() Params { return m.p } - -// tableSize returns the size of each table. -func (m Encoder) tableSize() uint { return 1 << (m.p.W - 1) } - -// Elts returns the total number of elements that must be precomputed. -func (m Encoder) Elts() uint { return m.p.V * m.tableSize() } - -// IsExtended returns true if the element x^(2^(wd)) must be calculated. -func (m Encoder) IsExtended() bool { q := m.p.T / (m.p.V * m.p.W); return m.p.T == q*m.p.V*m.p.W } - -// Ops returns the number of squares and multiplications executed during an exponentiation. -func (m Encoder) Ops() (S uint, M uint) { - S = m.p.E - M = m.p.E * m.p.V - if m.IsExtended() { - M++ - } - return -} - -func (m Encoder) String() string { - return fmt.Sprintf("T: %v W: %v V: %v e: %v d: %v l: %v wv|t: %v", - m.p.T, m.p.W, m.p.V, m.p.E, m.p.D, m.p.L, m.IsExtended()) -} diff --git a/vendor/github.com/cloudflare/circl/math/mlsbset/power.go b/vendor/github.com/cloudflare/circl/math/mlsbset/power.go deleted file mode 100644 index 3f214c3046..0000000000 --- a/vendor/github.com/cloudflare/circl/math/mlsbset/power.go +++ /dev/null @@ -1,64 +0,0 @@ -package mlsbset - -import "fmt" - -// Power is a valid exponent produced by the MLSBSet encoding algorithm. -type Power struct { - set Encoder // parameters of code. - s []int32 // set of signs. - b []int32 // set of digits. - c int // carry is {0,1}. -} - -// Exp is calculates x^k, where x is a predetermined element of a group G. -func (p *Power) Exp(G Group) EltG { - a, b := G.Identity(), G.NewEltP() - for e := int(p.set.p.E - 1); e >= 0; e-- { - G.Sqr(a) - for v := uint(0); v < p.set.p.V; v++ { - sgnElt, idElt := p.Digit(v, uint(e)) - G.Lookup(b, v, sgnElt, idElt) - G.Mul(a, b) - } - } - if p.set.IsExtended() && p.c == 1 { - G.Mul(a, G.ExtendedEltP()) - } - return a -} - -// Digit returns the (v,e)-th digit and its sign. -func (p *Power) Digit(v, e uint) (sgn, dig int32) { - sgn = p.bit(0, v, e) - dig = 0 - for i := p.set.p.W - 1; i > 0; i-- { - dig = 2*dig + p.bit(i, v, e) - } - mask := dig >> 31 - dig = (dig + mask) ^ mask - return sgn, dig -} - -// bit returns the (w,v,e)-th bit of the code. -func (p *Power) bit(w, v, e uint) int32 { - if !(w < p.set.p.W && - v < p.set.p.V && - e < p.set.p.E) { - panic(fmt.Errorf("indexes outside (%v,%v,%v)", w, v, e)) - } - if w == 0 { - return p.s[p.set.p.E*v+e] - } - return p.b[p.set.p.D*(w-1)+p.set.p.E*v+e] -} - -func (p *Power) String() string { - dig := "" - for j := uint(0); j < p.set.p.V; j++ { - for i := uint(0); i < p.set.p.E; i++ { - s, d := p.Digit(j, i) - dig += fmt.Sprintf("(%2v,%2v) = %+2v %+2v\n", j, i, s, d) - } - } - return fmt.Sprintf("len: %v\ncarry: %v\ndigits:\n%v", len(p.b)+len(p.s), p.c, dig) -} diff --git a/vendor/github.com/cloudflare/circl/math/primes.go b/vendor/github.com/cloudflare/circl/math/primes.go deleted file mode 100644 index 158fd83a7a..0000000000 --- a/vendor/github.com/cloudflare/circl/math/primes.go +++ /dev/null @@ -1,34 +0,0 @@ -package math - -import ( - "crypto/rand" - "io" - "math/big" -) - -// IsSafePrime reports whether p is (probably) a safe prime. -// The prime p=2*q+1 is safe prime if both p and q are primes. -// Note that ProbablyPrime is not suitable for judging primes -// that an adversary may have crafted to fool the test. -func IsSafePrime(p *big.Int) bool { - pdiv2 := new(big.Int).Rsh(p, 1) - return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20) -} - -// SafePrime returns a number of the given bit length that is a safe prime with high probability. -// The number returned p=2*q+1 is a safe prime if both p and q are primes. -// SafePrime will return error for any error returned by rand.Read or if bits < 2. -func SafePrime(random io.Reader, bits int) (*big.Int, error) { - one := big.NewInt(1) - p := new(big.Int) - for { - q, err := rand.Prime(random, bits-1) - if err != nil { - return nil, err - } - p.Lsh(q, 1).Add(p, one) - if p.ProbablyPrime(20) { - return p, nil - } - } -} diff --git a/vendor/github.com/cloudflare/circl/math/wnaf.go b/vendor/github.com/cloudflare/circl/math/wnaf.go deleted file mode 100644 index 94a1ec5042..0000000000 --- a/vendor/github.com/cloudflare/circl/math/wnaf.go +++ /dev/null @@ -1,84 +0,0 @@ -// Package math provides some utility functions for big integers. -package math - -import "math/big" - -// SignedDigit obtains the signed-digit recoding of n and returns a list L of -// digits such that n = sum( L[i]*2^(i*(w-1)) ), and each L[i] is an odd number -// in the set {±1, ±3, ..., ±2^(w-1)-1}. The third parameter ensures that the -// output has ceil(l/(w-1)) digits. -// -// Restrictions: -// - n is odd and n > 0. -// - 1 < w < 32. -// - l >= bit length of n. -// -// References: -// - Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms" -// by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21 -// - Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and -// Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y -func SignedDigit(n *big.Int, w, l uint) []int32 { - if n.Sign() <= 0 || n.Bit(0) == 0 { - panic("n must be non-zero, odd, and positive") - } - if w <= 1 || w >= 32 { - panic("Verify that 1 < w < 32") - } - if uint(n.BitLen()) > l { - panic("n is too big to fit in l digits") - } - lenN := (l + (w - 1) - 1) / (w - 1) // ceil(l/(w-1)) - L := make([]int32, lenN+1) - var k, v big.Int - k.Set(n) - - var i uint - for i = 0; i < lenN; i++ { - words := k.Bits() - value := int32(words[0] & ((1 << w) - 1)) - value -= int32(1) << (w - 1) - L[i] = value - v.SetInt64(int64(value)) - k.Sub(&k, &v) - k.Rsh(&k, w-1) - } - L[i] = int32(k.Int64()) - return L -} - -// OmegaNAF obtains the window-w Non-Adjacent Form of a positive number n and -// 1 < w < 32. The returned slice L holds n = sum( L[i]*2^i ). -// -// Reference: -// - Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas. -// http://doi.org/10.1023/A:1008306223194 -func OmegaNAF(n *big.Int, w uint) (L []int32) { - if n.Sign() < 0 { - panic("n must be positive") - } - if w <= 1 || w >= 32 { - panic("Verify that 1 < w < 32") - } - - L = make([]int32, n.BitLen()+1) - var k, v big.Int - k.Set(n) - - i := 0 - for ; k.Sign() > 0; i++ { - value := int32(0) - if k.Bit(0) == 1 { - words := k.Bits() - value = int32(words[0] & ((1 << w) - 1)) - if value >= (int32(1) << (w - 1)) { - value -= int32(1) << w - } - v.SetInt64(int64(value)) - k.Sub(&k, &v) - } - L[i] = value - k.Rsh(&k, 1) - } - return L[:i] -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go deleted file mode 100644 index 2c73c26fb1..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go +++ /dev/null @@ -1,453 +0,0 @@ -// Package ed25519 implements Ed25519 signature scheme as described in RFC-8032. -// -// This package provides optimized implementations of the three signature -// variants and maintaining closer compatibility with crypto/ed25519. -// -// | Scheme Name | Sign Function | Verification | Context | -// |-------------|-------------------|---------------|-------------------| -// | Ed25519 | Sign | Verify | None | -// | Ed25519Ph | SignPh | VerifyPh | Yes, can be empty | -// | Ed25519Ctx | SignWithCtx | VerifyWithCtx | Yes, non-empty | -// | All above | (PrivateKey).Sign | VerifyAny | As above | -// -// Specific functions for sign and verify are defined. A generic signing -// function for all schemes is available through the crypto.Signer interface, -// which is implemented by the PrivateKey type. A correspond all-in-one -// verification method is provided by the VerifyAny function. -// -// Signing with Ed25519Ph or Ed25519Ctx requires a context string for domain -// separation. This parameter is passed using a SignerOptions struct defined -// in this package. While Ed25519Ph accepts an empty context, Ed25519Ctx -// enforces non-empty context strings. -// -// # Compatibility with crypto.ed25519 -// -// These functions are compatible with the “Ed25519” function defined in -// RFC-8032. However, unlike RFC 8032's formulation, this package's private -// key representation includes a public key suffix to make multiple signing -// operations with the same key more efficient. This package refers to the -// RFC-8032 private key as the “seed”. -// -// References -// -// - RFC-8032: https://rfc-editor.org/rfc/rfc8032.txt -// - Ed25519: https://ed25519.cr.yp.to/ -// - EdDSA: High-speed high-security signatures. https://doi.org/10.1007/s13389-012-0027-1 -package ed25519 - -import ( - "bytes" - "crypto" - cryptoRand "crypto/rand" - "crypto/sha512" - "crypto/subtle" - "errors" - "fmt" - "io" - "strconv" - - "github.com/cloudflare/circl/sign" -) - -const ( - // ContextMaxSize is the maximum length (in bytes) allowed for context. - ContextMaxSize = 255 - // PublicKeySize is the size, in bytes, of public keys as used in this package. - PublicKeySize = 32 - // PrivateKeySize is the size, in bytes, of private keys as used in this package. - PrivateKeySize = 64 - // SignatureSize is the size, in bytes, of signatures generated and verified by this package. - SignatureSize = 64 - // SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. - SeedSize = 32 -) - -const ( - paramB = 256 / 8 // Size of keys in bytes. -) - -// SignerOptions implements crypto.SignerOpts and augments with parameters -// that are specific to the Ed25519 signature schemes. -type SignerOptions struct { - // Hash must be crypto.Hash(0) for Ed25519/Ed25519ctx, or crypto.SHA512 - // for Ed25519ph. - crypto.Hash - - // Context is an optional domain separation string for Ed25519ph and a - // must for Ed25519ctx. Its length must be less or equal than 255 bytes. - Context string - - // Scheme is an identifier for choosing a signature scheme. The zero value - // is ED25519. - Scheme SchemeID -} - -// SchemeID is an identifier for each signature scheme. -type SchemeID uint - -const ( - ED25519 SchemeID = iota - ED25519Ph - ED25519Ctx -) - -// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer. -type PrivateKey []byte - -// Equal reports whether priv and x have the same value. -func (priv PrivateKey) Equal(x crypto.PrivateKey) bool { - xx, ok := x.(PrivateKey) - return ok && subtle.ConstantTimeCompare(priv, xx) == 1 -} - -// Public returns the PublicKey corresponding to priv. -func (priv PrivateKey) Public() crypto.PublicKey { - publicKey := make(PublicKey, PublicKeySize) - copy(publicKey, priv[SeedSize:]) - return publicKey -} - -// Seed returns the private key seed corresponding to priv. It is provided for -// interoperability with RFC 8032. RFC 8032's private keys correspond to seeds -// in this package. -func (priv PrivateKey) Seed() []byte { - seed := make([]byte, SeedSize) - copy(seed, priv[:SeedSize]) - return seed -} - -func (priv PrivateKey) Scheme() sign.Scheme { return sch } - -func (pub PublicKey) Scheme() sign.Scheme { return sch } - -func (priv PrivateKey) MarshalBinary() (data []byte, err error) { - privateKey := make(PrivateKey, PrivateKeySize) - copy(privateKey, priv) - return privateKey, nil -} - -func (pub PublicKey) MarshalBinary() (data []byte, err error) { - publicKey := make(PublicKey, PublicKeySize) - copy(publicKey, pub) - return publicKey, nil -} - -// Equal reports whether pub and x have the same value. -func (pub PublicKey) Equal(x crypto.PublicKey) bool { - xx, ok := x.(PublicKey) - return ok && bytes.Equal(pub, xx) -} - -// Sign creates a signature of a message with priv key. -// This function is compatible with crypto.ed25519 and also supports the -// three signature variants defined in RFC-8032, namely Ed25519 (or pure -// EdDSA), Ed25519Ph, and Ed25519Ctx. -// The opts.HashFunc() must return zero to specify either Ed25519 or Ed25519Ctx -// variant. This can be achieved by passing crypto.Hash(0) as the value for -// opts. -// The opts.HashFunc() must return SHA512 to specify the Ed25519Ph variant. -// This can be achieved by passing crypto.SHA512 as the value for opts. -// Use a SignerOptions struct (defined in this package) to pass a context -// string for signing. -func (priv PrivateKey) Sign( - rand io.Reader, - message []byte, - opts crypto.SignerOpts, -) (signature []byte, err error) { - var ctx string - var scheme SchemeID - if o, ok := opts.(SignerOptions); ok { - ctx = o.Context - scheme = o.Scheme - } - - switch true { - case scheme == ED25519 && opts.HashFunc() == crypto.Hash(0): - return Sign(priv, message), nil - case scheme == ED25519Ph && opts.HashFunc() == crypto.SHA512: - return SignPh(priv, message, ctx), nil - case scheme == ED25519Ctx && opts.HashFunc() == crypto.Hash(0) && len(ctx) > 0: - return SignWithCtx(priv, message, ctx), nil - default: - return nil, errors.New("ed25519: bad hash algorithm") - } -} - -// GenerateKey generates a public/private key pair using entropy from rand. -// If rand is nil, crypto/rand.Reader will be used. -func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { - if rand == nil { - rand = cryptoRand.Reader - } - - seed := make([]byte, SeedSize) - if _, err := io.ReadFull(rand, seed); err != nil { - return nil, nil, err - } - - privateKey := NewKeyFromSeed(seed) - publicKey := make(PublicKey, PublicKeySize) - copy(publicKey, privateKey[SeedSize:]) - - return publicKey, privateKey, nil -} - -// NewKeyFromSeed calculates a private key from a seed. It will panic if -// len(seed) is not SeedSize. This function is provided for interoperability -// with RFC 8032. RFC 8032's private keys correspond to seeds in this -// package. -func NewKeyFromSeed(seed []byte) PrivateKey { - privateKey := make(PrivateKey, PrivateKeySize) - newKeyFromSeed(privateKey, seed) - return privateKey -} - -func newKeyFromSeed(privateKey, seed []byte) { - if l := len(seed); l != SeedSize { - panic("ed25519: bad seed length: " + strconv.Itoa(l)) - } - var P pointR1 - k := sha512.Sum512(seed) - clamp(k[:]) - reduceModOrder(k[:paramB], false) - P.fixedMult(k[:paramB]) - copy(privateKey[:SeedSize], seed) - _ = P.ToBytes(privateKey[SeedSize:]) -} - -func signAll(signature []byte, privateKey PrivateKey, message, ctx []byte, preHash bool) { - if l := len(privateKey); l != PrivateKeySize { - panic("ed25519: bad private key length: " + strconv.Itoa(l)) - } - - H := sha512.New() - var PHM []byte - - if preHash { - _, _ = H.Write(message) - PHM = H.Sum(nil) - H.Reset() - } else { - PHM = message - } - - // 1. Hash the 32-byte private key using SHA-512. - _, _ = H.Write(privateKey[:SeedSize]) - h := H.Sum(nil) - clamp(h[:]) - prefix, s := h[paramB:], h[:paramB] - - // 2. Compute SHA-512(dom2(F, C) || prefix || PH(M)) - H.Reset() - - writeDom(H, ctx, preHash) - - _, _ = H.Write(prefix) - _, _ = H.Write(PHM) - r := H.Sum(nil) - reduceModOrder(r[:], true) - - // 3. Compute the point [r]B. - var P pointR1 - P.fixedMult(r[:paramB]) - R := (&[paramB]byte{})[:] - if err := P.ToBytes(R); err != nil { - panic(err) - } - - // 4. Compute SHA512(dom2(F, C) || R || A || PH(M)). - H.Reset() - - writeDom(H, ctx, preHash) - - _, _ = H.Write(R) - _, _ = H.Write(privateKey[SeedSize:]) - _, _ = H.Write(PHM) - hRAM := H.Sum(nil) - - reduceModOrder(hRAM[:], true) - - // 5. Compute S = (r + k * s) mod order. - S := (&[paramB]byte{})[:] - calculateS(S, r[:paramB], hRAM[:paramB], s) - - // 6. The signature is the concatenation of R and S. - copy(signature[:paramB], R[:]) - copy(signature[paramB:], S[:]) -} - -// Sign signs the message with privateKey and returns a signature. -// This function supports the signature variant defined in RFC-8032: Ed25519, -// also known as the pure version of EdDSA. -// It will panic if len(privateKey) is not PrivateKeySize. -func Sign(privateKey PrivateKey, message []byte) []byte { - signature := make([]byte, SignatureSize) - signAll(signature, privateKey, message, []byte(""), false) - return signature -} - -// SignPh creates a signature of a message with private key and context. -// This function supports the signature variant defined in RFC-8032: Ed25519ph, -// meaning it internally hashes the message using SHA-512, and optionally -// accepts a context string. -// It will panic if len(privateKey) is not PrivateKeySize. -// Context could be passed to this function, which length should be no more than -// ContextMaxSize=255. It can be empty. -func SignPh(privateKey PrivateKey, message []byte, ctx string) []byte { - if len(ctx) > ContextMaxSize { - panic(fmt.Errorf("ed25519: bad context length: %v", len(ctx))) - } - - signature := make([]byte, SignatureSize) - signAll(signature, privateKey, message, []byte(ctx), true) - return signature -} - -// SignWithCtx creates a signature of a message with private key and context. -// This function supports the signature variant defined in RFC-8032: Ed25519ctx, -// meaning it accepts a non-empty context string. -// It will panic if len(privateKey) is not PrivateKeySize. -// Context must be passed to this function, which length should be no more than -// ContextMaxSize=255 and cannot be empty. -func SignWithCtx(privateKey PrivateKey, message []byte, ctx string) []byte { - if len(ctx) == 0 || len(ctx) > ContextMaxSize { - panic(fmt.Errorf("ed25519: bad context length: %v > %v", len(ctx), ContextMaxSize)) - } - - signature := make([]byte, SignatureSize) - signAll(signature, privateKey, message, []byte(ctx), false) - return signature -} - -func verify(public PublicKey, message, signature, ctx []byte, preHash bool) bool { - if len(public) != PublicKeySize || - len(signature) != SignatureSize || - !isLessThanOrder(signature[paramB:]) { - return false - } - - var P pointR1 - if ok := P.FromBytes(public); !ok { - return false - } - - H := sha512.New() - var PHM []byte - - if preHash { - _, _ = H.Write(message) - PHM = H.Sum(nil) - H.Reset() - } else { - PHM = message - } - - R := signature[:paramB] - - writeDom(H, ctx, preHash) - - _, _ = H.Write(R) - _, _ = H.Write(public) - _, _ = H.Write(PHM) - hRAM := H.Sum(nil) - reduceModOrder(hRAM[:], true) - - var Q pointR1 - encR := (&[paramB]byte{})[:] - P.neg() - Q.doubleMult(&P, signature[paramB:], hRAM[:paramB]) - _ = Q.ToBytes(encR) - return bytes.Equal(R, encR) -} - -// VerifyAny returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded. -// This function supports all the three signature variants defined in RFC-8032, -// namely Ed25519 (or pure EdDSA), Ed25519Ph, and Ed25519Ctx. -// The opts.HashFunc() must return zero to specify either Ed25519 or Ed25519Ctx -// variant. This can be achieved by passing crypto.Hash(0) as the value for opts. -// The opts.HashFunc() must return SHA512 to specify the Ed25519Ph variant. -// This can be achieved by passing crypto.SHA512 as the value for opts. -// Use a SignerOptions struct to pass a context string for signing. -func VerifyAny(public PublicKey, message, signature []byte, opts crypto.SignerOpts) bool { - var ctx string - var scheme SchemeID - if o, ok := opts.(SignerOptions); ok { - ctx = o.Context - scheme = o.Scheme - } - - switch true { - case scheme == ED25519 && opts.HashFunc() == crypto.Hash(0): - return Verify(public, message, signature) - case scheme == ED25519Ph && opts.HashFunc() == crypto.SHA512: - return VerifyPh(public, message, signature, ctx) - case scheme == ED25519Ctx && opts.HashFunc() == crypto.Hash(0) && len(ctx) > 0: - return VerifyWithCtx(public, message, signature, ctx) - default: - return false - } -} - -// Verify returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded. -// This function supports the signature variant defined in RFC-8032: Ed25519, -// also known as the pure version of EdDSA. -func Verify(public PublicKey, message, signature []byte) bool { - return verify(public, message, signature, []byte(""), false) -} - -// VerifyPh returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded. -// This function supports the signature variant defined in RFC-8032: Ed25519ph, -// meaning it internally hashes the message using SHA-512. -// Context could be passed to this function, which length should be no more than -// 255. It can be empty. -func VerifyPh(public PublicKey, message, signature []byte, ctx string) bool { - return verify(public, message, signature, []byte(ctx), true) -} - -// VerifyWithCtx returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded, or when context is -// not provided. -// This function supports the signature variant defined in RFC-8032: Ed25519ctx, -// meaning it does not handle prehashed messages. Non-empty context string must be -// provided, and must not be more than 255 of length. -func VerifyWithCtx(public PublicKey, message, signature []byte, ctx string) bool { - if len(ctx) == 0 || len(ctx) > ContextMaxSize { - return false - } - - return verify(public, message, signature, []byte(ctx), false) -} - -func clamp(k []byte) { - k[0] &= 248 - k[paramB-1] = (k[paramB-1] & 127) | 64 -} - -// isLessThanOrder returns true if 0 <= x < order. -func isLessThanOrder(x []byte) bool { - i := len(order) - 1 - for i > 0 && x[i] == order[i] { - i-- - } - return x[i] < order[i] -} - -func writeDom(h io.Writer, ctx []byte, preHash bool) { - dom2 := "SigEd25519 no Ed25519 collisions" - - if len(ctx) > 0 { - _, _ = h.Write([]byte(dom2)) - if preHash { - _, _ = h.Write([]byte{byte(0x01), byte(len(ctx))}) - } else { - _, _ = h.Write([]byte{byte(0x00), byte(len(ctx))}) - } - _, _ = h.Write(ctx) - } else if preHash { - _, _ = h.Write([]byte(dom2)) - _, _ = h.Write([]byte{0x01, 0x00}) - } -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/modular.go b/vendor/github.com/cloudflare/circl/sign/ed25519/modular.go deleted file mode 100644 index 10efafdcaf..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/modular.go +++ /dev/null @@ -1,175 +0,0 @@ -package ed25519 - -import ( - "encoding/binary" - "math/bits" -) - -var order = [paramB]byte{ - 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, - 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, -} - -// isLessThan returns true if 0 <= x < y, and assumes that slices have the same length. -func isLessThan(x, y []byte) bool { - i := len(x) - 1 - for i > 0 && x[i] == y[i] { - i-- - } - return x[i] < y[i] -} - -// reduceModOrder calculates k = k mod order of the curve. -func reduceModOrder(k []byte, is512Bit bool) { - var X [((2 * paramB) * 8) / 64]uint64 - numWords := len(k) >> 3 - for i := 0; i < numWords; i++ { - X[i] = binary.LittleEndian.Uint64(k[i*8 : (i+1)*8]) - } - red512(&X, is512Bit) - for i := 0; i < numWords; i++ { - binary.LittleEndian.PutUint64(k[i*8:(i+1)*8], X[i]) - } -} - -// red512 calculates x = x mod Order of the curve. -func red512(x *[8]uint64, full bool) { - // Implementation of Algs.(14.47)+(14.52) of Handbook of Applied - // Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone. - const ( - ell0 = uint64(0x5812631a5cf5d3ed) - ell1 = uint64(0x14def9dea2f79cd6) - ell160 = uint64(0x812631a5cf5d3ed0) - ell161 = uint64(0x4def9dea2f79cd65) - ell162 = uint64(0x0000000000000001) - ) - - var c0, c1, c2, c3 uint64 - r0, r1, r2, r3, r4 := x[0], x[1], x[2], x[3], uint64(0) - - if full { - q0, q1, q2, q3 := x[4], x[5], x[6], x[7] - - for i := 0; i < 3; i++ { - h0, s0 := bits.Mul64(q0, ell160) - h1, s1 := bits.Mul64(q1, ell160) - h2, s2 := bits.Mul64(q2, ell160) - h3, s3 := bits.Mul64(q3, ell160) - - s1, c0 = bits.Add64(h0, s1, 0) - s2, c1 = bits.Add64(h1, s2, c0) - s3, c2 = bits.Add64(h2, s3, c1) - s4, _ := bits.Add64(h3, 0, c2) - - h0, l0 := bits.Mul64(q0, ell161) - h1, l1 := bits.Mul64(q1, ell161) - h2, l2 := bits.Mul64(q2, ell161) - h3, l3 := bits.Mul64(q3, ell161) - - l1, c0 = bits.Add64(h0, l1, 0) - l2, c1 = bits.Add64(h1, l2, c0) - l3, c2 = bits.Add64(h2, l3, c1) - l4, _ := bits.Add64(h3, 0, c2) - - s1, c0 = bits.Add64(s1, l0, 0) - s2, c1 = bits.Add64(s2, l1, c0) - s3, c2 = bits.Add64(s3, l2, c1) - s4, c3 = bits.Add64(s4, l3, c2) - s5, s6 := bits.Add64(l4, 0, c3) - - s2, c0 = bits.Add64(s2, q0, 0) - s3, c1 = bits.Add64(s3, q1, c0) - s4, c2 = bits.Add64(s4, q2, c1) - s5, c3 = bits.Add64(s5, q3, c2) - s6, s7 := bits.Add64(s6, 0, c3) - - q := q0 | q1 | q2 | q3 - m := -((q | -q) >> 63) // if q=0 then m=0...0 else m=1..1 - s0 &= m - s1 &= m - s2 &= m - s3 &= m - q0, q1, q2, q3 = s4, s5, s6, s7 - - if (i+1)%2 == 0 { - r0, c0 = bits.Add64(r0, s0, 0) - r1, c1 = bits.Add64(r1, s1, c0) - r2, c2 = bits.Add64(r2, s2, c1) - r3, c3 = bits.Add64(r3, s3, c2) - r4, _ = bits.Add64(r4, 0, c3) - } else { - r0, c0 = bits.Sub64(r0, s0, 0) - r1, c1 = bits.Sub64(r1, s1, c0) - r2, c2 = bits.Sub64(r2, s2, c1) - r3, c3 = bits.Sub64(r3, s3, c2) - r4, _ = bits.Sub64(r4, 0, c3) - } - } - - m := -(r4 >> 63) - r0, c0 = bits.Add64(r0, m&ell160, 0) - r1, c1 = bits.Add64(r1, m&ell161, c0) - r2, c2 = bits.Add64(r2, m&ell162, c1) - r3, c3 = bits.Add64(r3, 0, c2) - r4, _ = bits.Add64(r4, m&1, c3) - x[4], x[5], x[6], x[7] = 0, 0, 0, 0 - } - - q0 := (r4 << 4) | (r3 >> 60) - r3 &= (uint64(1) << 60) - 1 - - h0, s0 := bits.Mul64(ell0, q0) - h1, s1 := bits.Mul64(ell1, q0) - s1, c0 = bits.Add64(h0, s1, 0) - s2, _ := bits.Add64(h1, 0, c0) - - r0, c0 = bits.Sub64(r0, s0, 0) - r1, c1 = bits.Sub64(r1, s1, c0) - r2, c2 = bits.Sub64(r2, s2, c1) - r3, _ = bits.Sub64(r3, 0, c2) - - x[0], x[1], x[2], x[3] = r0, r1, r2, r3 -} - -// calculateS performs s = r+k*a mod Order of the curve. -func calculateS(s, r, k, a []byte) { - K := [4]uint64{ - binary.LittleEndian.Uint64(k[0*8 : 1*8]), - binary.LittleEndian.Uint64(k[1*8 : 2*8]), - binary.LittleEndian.Uint64(k[2*8 : 3*8]), - binary.LittleEndian.Uint64(k[3*8 : 4*8]), - } - S := [8]uint64{ - binary.LittleEndian.Uint64(r[0*8 : 1*8]), - binary.LittleEndian.Uint64(r[1*8 : 2*8]), - binary.LittleEndian.Uint64(r[2*8 : 3*8]), - binary.LittleEndian.Uint64(r[3*8 : 4*8]), - } - var c3 uint64 - for i := range K { - ai := binary.LittleEndian.Uint64(a[i*8 : (i+1)*8]) - - h0, l0 := bits.Mul64(K[0], ai) - h1, l1 := bits.Mul64(K[1], ai) - h2, l2 := bits.Mul64(K[2], ai) - h3, l3 := bits.Mul64(K[3], ai) - - l1, c0 := bits.Add64(h0, l1, 0) - l2, c1 := bits.Add64(h1, l2, c0) - l3, c2 := bits.Add64(h2, l3, c1) - l4, _ := bits.Add64(h3, 0, c2) - - S[i+0], c0 = bits.Add64(S[i+0], l0, 0) - S[i+1], c1 = bits.Add64(S[i+1], l1, c0) - S[i+2], c2 = bits.Add64(S[i+2], l2, c1) - S[i+3], c3 = bits.Add64(S[i+3], l3, c2) - S[i+4], _ = bits.Add64(S[i+4], l4, c3) - } - red512(&S, true) - binary.LittleEndian.PutUint64(s[0*8:1*8], S[0]) - binary.LittleEndian.PutUint64(s[1*8:2*8], S[1]) - binary.LittleEndian.PutUint64(s[2*8:3*8], S[2]) - binary.LittleEndian.PutUint64(s[3*8:4*8], S[3]) -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/mult.go b/vendor/github.com/cloudflare/circl/sign/ed25519/mult.go deleted file mode 100644 index 3216aae303..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/mult.go +++ /dev/null @@ -1,180 +0,0 @@ -package ed25519 - -import ( - "crypto/subtle" - "encoding/binary" - "math/bits" - - "github.com/cloudflare/circl/internal/conv" - "github.com/cloudflare/circl/math" - fp "github.com/cloudflare/circl/math/fp25519" -) - -var paramD = fp.Elt{ - 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75, - 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00, - 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c, - 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52, -} - -// mLSBRecoding parameters. -const ( - fxT = 257 - fxV = 2 - fxW = 3 - fx2w1 = 1 << (uint(fxW) - 1) - numWords64 = (paramB * 8 / 64) -) - -// mLSBRecoding is the odd-only modified LSB-set. -// -// Reference: -// -// "Efficient and secure algorithms for GLV-based scalar multiplication and -// their implementation on GLV–GLS curves" by (Faz-Hernandez et al.) -// http://doi.org/10.1007/s13389-014-0085-7. -func mLSBRecoding(L []int8, k []byte) { - const ee = (fxT + fxW*fxV - 1) / (fxW * fxV) - const dd = ee * fxV - const ll = dd * fxW - if len(L) == (ll + 1) { - var m [numWords64 + 1]uint64 - for i := 0; i < numWords64; i++ { - m[i] = binary.LittleEndian.Uint64(k[8*i : 8*i+8]) - } - condAddOrderN(&m) - L[dd-1] = 1 - for i := 0; i < dd-1; i++ { - kip1 := (m[(i+1)/64] >> (uint(i+1) % 64)) & 0x1 - L[i] = int8(kip1<<1) - 1 - } - { // right-shift by d - right := uint(dd % 64) - left := uint(64) - right - lim := ((numWords64+1)*64 - dd) / 64 - j := dd / 64 - for i := 0; i < lim; i++ { - m[i] = (m[i+j] >> right) | (m[i+j+1] << left) - } - m[lim] = m[lim+j] >> right - } - for i := dd; i < ll; i++ { - L[i] = L[i%dd] * int8(m[0]&0x1) - div2subY(m[:], int64(L[i]>>1), numWords64) - } - L[ll] = int8(m[0]) - } -} - -// absolute returns always a positive value. -func absolute(x int32) int32 { - mask := x >> 31 - return (x + mask) ^ mask -} - -// condAddOrderN updates x = x+order if x is even, otherwise x remains unchanged. -func condAddOrderN(x *[numWords64 + 1]uint64) { - isOdd := (x[0] & 0x1) - 1 - c := uint64(0) - for i := 0; i < numWords64; i++ { - orderWord := binary.LittleEndian.Uint64(order[8*i : 8*i+8]) - o := isOdd & orderWord - x0, c0 := bits.Add64(x[i], o, c) - x[i] = x0 - c = c0 - } - x[numWords64], _ = bits.Add64(x[numWords64], 0, c) -} - -// div2subY update x = (x/2) - y. -func div2subY(x []uint64, y int64, l int) { - s := uint64(y >> 63) - for i := 0; i < l-1; i++ { - x[i] = (x[i] >> 1) | (x[i+1] << 63) - } - x[l-1] = (x[l-1] >> 1) - - b := uint64(0) - x0, b0 := bits.Sub64(x[0], uint64(y), b) - x[0] = x0 - b = b0 - for i := 1; i < l-1; i++ { - x0, b0 := bits.Sub64(x[i], s, b) - x[i] = x0 - b = b0 - } - x[l-1], _ = bits.Sub64(x[l-1], s, b) -} - -func (P *pointR1) fixedMult(scalar []byte) { - if len(scalar) != paramB { - panic("wrong scalar size") - } - const ee = (fxT + fxW*fxV - 1) / (fxW * fxV) - const dd = ee * fxV - const ll = dd * fxW - - L := make([]int8, ll+1) - mLSBRecoding(L[:], scalar) - S := &pointR3{} - P.SetIdentity() - for ii := ee - 1; ii >= 0; ii-- { - P.double() - for j := 0; j < fxV; j++ { - dig := L[fxW*dd-j*ee+ii-ee] - for i := (fxW-1)*dd - j*ee + ii - ee; i >= (2*dd - j*ee + ii - ee); i = i - dd { - dig = 2*dig + L[i] - } - idx := absolute(int32(dig)) - sig := L[dd-j*ee+ii-ee] - Tabj := &tabSign[fxV-j-1] - for k := 0; k < fx2w1; k++ { - S.cmov(&Tabj[k], subtle.ConstantTimeEq(int32(k), idx)) - } - S.cneg(subtle.ConstantTimeEq(int32(sig), -1)) - P.mixAdd(S) - } - } -} - -const ( - omegaFix = 7 - omegaVar = 5 -) - -// doubleMult returns P=mG+nQ. -func (P *pointR1) doubleMult(Q *pointR1, m, n []byte) { - nafFix := math.OmegaNAF(conv.BytesLe2BigInt(m), omegaFix) - nafVar := math.OmegaNAF(conv.BytesLe2BigInt(n), omegaVar) - - if len(nafFix) > len(nafVar) { - nafVar = append(nafVar, make([]int32, len(nafFix)-len(nafVar))...) - } else if len(nafFix) < len(nafVar) { - nafFix = append(nafFix, make([]int32, len(nafVar)-len(nafFix))...) - } - - var TabQ [1 << (omegaVar - 2)]pointR2 - Q.oddMultiples(TabQ[:]) - P.SetIdentity() - for i := len(nafFix) - 1; i >= 0; i-- { - P.double() - // Generator point - if nafFix[i] != 0 { - idxM := absolute(nafFix[i]) >> 1 - R := tabVerif[idxM] - if nafFix[i] < 0 { - R.neg() - } - P.mixAdd(&R) - } - // Variable input point - if nafVar[i] != 0 { - idxN := absolute(nafVar[i]) >> 1 - S := TabQ[idxN] - if nafVar[i] < 0 { - S.neg() - } - P.add(&S) - } - } -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/point.go b/vendor/github.com/cloudflare/circl/sign/ed25519/point.go deleted file mode 100644 index d1c3b146b7..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/point.go +++ /dev/null @@ -1,195 +0,0 @@ -package ed25519 - -import fp "github.com/cloudflare/circl/math/fp25519" - -type ( - pointR1 struct{ x, y, z, ta, tb fp.Elt } - pointR2 struct { - pointR3 - z2 fp.Elt - } -) -type pointR3 struct{ addYX, subYX, dt2 fp.Elt } - -func (P *pointR1) neg() { - fp.Neg(&P.x, &P.x) - fp.Neg(&P.ta, &P.ta) -} - -func (P *pointR1) SetIdentity() { - P.x = fp.Elt{} - fp.SetOne(&P.y) - fp.SetOne(&P.z) - P.ta = fp.Elt{} - P.tb = fp.Elt{} -} - -func (P *pointR1) toAffine() { - fp.Inv(&P.z, &P.z) - fp.Mul(&P.x, &P.x, &P.z) - fp.Mul(&P.y, &P.y, &P.z) - fp.Modp(&P.x) - fp.Modp(&P.y) - fp.SetOne(&P.z) - P.ta = P.x - P.tb = P.y -} - -func (P *pointR1) ToBytes(k []byte) error { - P.toAffine() - var x [fp.Size]byte - err := fp.ToBytes(k[:fp.Size], &P.y) - if err != nil { - return err - } - err = fp.ToBytes(x[:], &P.x) - if err != nil { - return err - } - b := x[0] & 1 - k[paramB-1] = k[paramB-1] | (b << 7) - return nil -} - -func (P *pointR1) FromBytes(k []byte) bool { - if len(k) != paramB { - panic("wrong size") - } - signX := k[paramB-1] >> 7 - copy(P.y[:], k[:fp.Size]) - P.y[fp.Size-1] &= 0x7F - p := fp.P() - if !isLessThan(P.y[:], p[:]) { - return false - } - - one, u, v := &fp.Elt{}, &fp.Elt{}, &fp.Elt{} - fp.SetOne(one) - fp.Sqr(u, &P.y) // u = y^2 - fp.Mul(v, u, ¶mD) // v = dy^2 - fp.Sub(u, u, one) // u = y^2-1 - fp.Add(v, v, one) // v = dy^2+1 - isQR := fp.InvSqrt(&P.x, u, v) // x = sqrt(u/v) - if !isQR { - return false - } - fp.Modp(&P.x) // x = x mod p - if fp.IsZero(&P.x) && signX == 1 { - return false - } - if signX != (P.x[0] & 1) { - fp.Neg(&P.x, &P.x) - } - P.ta = P.x - P.tb = P.y - fp.SetOne(&P.z) - return true -} - -// double calculates 2P for curves with A=-1. -func (P *pointR1) double() { - Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb - a, b, c, e, f, g, h := Px, Py, Pz, Pta, Px, Py, Ptb - fp.Add(e, Px, Py) // x+y - fp.Sqr(a, Px) // A = x^2 - fp.Sqr(b, Py) // B = y^2 - fp.Sqr(c, Pz) // z^2 - fp.Add(c, c, c) // C = 2*z^2 - fp.Add(h, a, b) // H = A+B - fp.Sqr(e, e) // (x+y)^2 - fp.Sub(e, e, h) // E = (x+y)^2-A-B - fp.Sub(g, b, a) // G = B-A - fp.Sub(f, c, g) // F = C-G - fp.Mul(Pz, f, g) // Z = F * G - fp.Mul(Px, e, f) // X = E * F - fp.Mul(Py, g, h) // Y = G * H, T = E * H -} - -func (P *pointR1) mixAdd(Q *pointR3) { - fp.Add(&P.z, &P.z, &P.z) // D = 2*z1 - P.coreAddition(Q) -} - -func (P *pointR1) add(Q *pointR2) { - fp.Mul(&P.z, &P.z, &Q.z2) // D = 2*z1*z2 - P.coreAddition(&Q.pointR3) -} - -// coreAddition calculates P=P+Q for curves with A=-1. -func (P *pointR1) coreAddition(Q *pointR3) { - Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb - addYX2, subYX2, dt2 := &Q.addYX, &Q.subYX, &Q.dt2 - a, b, c, d, e, f, g, h := Px, Py, &fp.Elt{}, Pz, Pta, Px, Py, Ptb - fp.Mul(c, Pta, Ptb) // t1 = ta*tb - fp.Sub(h, Py, Px) // y1-x1 - fp.Add(b, Py, Px) // y1+x1 - fp.Mul(a, h, subYX2) // A = (y1-x1)*(y2-x2) - fp.Mul(b, b, addYX2) // B = (y1+x1)*(y2+x2) - fp.Mul(c, c, dt2) // C = 2*D*t1*t2 - fp.Sub(e, b, a) // E = B-A - fp.Add(h, b, a) // H = B+A - fp.Sub(f, d, c) // F = D-C - fp.Add(g, d, c) // G = D+C - fp.Mul(Pz, f, g) // Z = F * G - fp.Mul(Px, e, f) // X = E * F - fp.Mul(Py, g, h) // Y = G * H, T = E * H -} - -func (P *pointR1) oddMultiples(T []pointR2) { - var R pointR2 - n := len(T) - T[0].fromR1(P) - _2P := *P - _2P.double() - R.fromR1(&_2P) - for i := 1; i < n; i++ { - P.add(&R) - T[i].fromR1(P) - } -} - -func (P *pointR1) isEqual(Q *pointR1) bool { - l, r := &fp.Elt{}, &fp.Elt{} - fp.Mul(l, &P.x, &Q.z) - fp.Mul(r, &Q.x, &P.z) - fp.Sub(l, l, r) - b := fp.IsZero(l) - fp.Mul(l, &P.y, &Q.z) - fp.Mul(r, &Q.y, &P.z) - fp.Sub(l, l, r) - b = b && fp.IsZero(l) - fp.Mul(l, &P.ta, &P.tb) - fp.Mul(l, l, &Q.z) - fp.Mul(r, &Q.ta, &Q.tb) - fp.Mul(r, r, &P.z) - fp.Sub(l, l, r) - b = b && fp.IsZero(l) - return b && !fp.IsZero(&P.z) && !fp.IsZero(&Q.z) -} - -func (P *pointR3) neg() { - P.addYX, P.subYX = P.subYX, P.addYX - fp.Neg(&P.dt2, &P.dt2) -} - -func (P *pointR2) fromR1(Q *pointR1) { - fp.Add(&P.addYX, &Q.y, &Q.x) - fp.Sub(&P.subYX, &Q.y, &Q.x) - fp.Mul(&P.dt2, &Q.ta, &Q.tb) - fp.Mul(&P.dt2, &P.dt2, ¶mD) - fp.Add(&P.dt2, &P.dt2, &P.dt2) - fp.Add(&P.z2, &Q.z, &Q.z) -} - -func (P *pointR3) cneg(b int) { - t := &fp.Elt{} - fp.Cswap(&P.addYX, &P.subYX, uint(b)) - fp.Neg(t, &P.dt2) - fp.Cmov(&P.dt2, t, uint(b)) -} - -func (P *pointR3) cmov(Q *pointR3, b int) { - fp.Cmov(&P.addYX, &Q.addYX, uint(b)) - fp.Cmov(&P.subYX, &Q.subYX, uint(b)) - fp.Cmov(&P.dt2, &Q.dt2, uint(b)) -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go b/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go deleted file mode 100644 index c3505b67ac..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go +++ /dev/null @@ -1,9 +0,0 @@ -//go:build go1.13 -// +build go1.13 - -package ed25519 - -import cryptoEd25519 "crypto/ed25519" - -// PublicKey is the type of Ed25519 public keys. -type PublicKey cryptoEd25519.PublicKey diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go b/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go deleted file mode 100644 index d57d86eff0..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build !go1.13 -// +build !go1.13 - -package ed25519 - -// PublicKey is the type of Ed25519 public keys. -type PublicKey []byte diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go b/vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go deleted file mode 100644 index e4520f5203..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go +++ /dev/null @@ -1,87 +0,0 @@ -package ed25519 - -import ( - "crypto/rand" - "encoding/asn1" - - "github.com/cloudflare/circl/sign" -) - -var sch sign.Scheme = &scheme{} - -// Scheme returns a signature interface. -func Scheme() sign.Scheme { return sch } - -type scheme struct{} - -func (*scheme) Name() string { return "Ed25519" } -func (*scheme) PublicKeySize() int { return PublicKeySize } -func (*scheme) PrivateKeySize() int { return PrivateKeySize } -func (*scheme) SignatureSize() int { return SignatureSize } -func (*scheme) SeedSize() int { return SeedSize } -func (*scheme) TLSIdentifier() uint { return 0x0807 } -func (*scheme) SupportsContext() bool { return false } -func (*scheme) Oid() asn1.ObjectIdentifier { - return asn1.ObjectIdentifier{1, 3, 101, 112} -} - -func (*scheme) GenerateKey() (sign.PublicKey, sign.PrivateKey, error) { - return GenerateKey(rand.Reader) -} - -func (*scheme) Sign( - sk sign.PrivateKey, - message []byte, - opts *sign.SignatureOpts, -) []byte { - priv, ok := sk.(PrivateKey) - if !ok { - panic(sign.ErrTypeMismatch) - } - if opts != nil && opts.Context != "" { - panic(sign.ErrContextNotSupported) - } - return Sign(priv, message) -} - -func (*scheme) Verify( - pk sign.PublicKey, - message, signature []byte, - opts *sign.SignatureOpts, -) bool { - pub, ok := pk.(PublicKey) - if !ok { - panic(sign.ErrTypeMismatch) - } - if opts != nil { - if opts.Context != "" { - panic(sign.ErrContextNotSupported) - } - } - return Verify(pub, message, signature) -} - -func (*scheme) DeriveKey(seed []byte) (sign.PublicKey, sign.PrivateKey) { - privateKey := NewKeyFromSeed(seed) - publicKey := make(PublicKey, PublicKeySize) - copy(publicKey, privateKey[SeedSize:]) - return publicKey, privateKey -} - -func (*scheme) UnmarshalBinaryPublicKey(buf []byte) (sign.PublicKey, error) { - if len(buf) < PublicKeySize { - return nil, sign.ErrPubKeySize - } - pub := make(PublicKey, PublicKeySize) - copy(pub, buf[:PublicKeySize]) - return pub, nil -} - -func (*scheme) UnmarshalBinaryPrivateKey(buf []byte) (sign.PrivateKey, error) { - if len(buf) < PrivateKeySize { - return nil, sign.ErrPrivKeySize - } - priv := make(PrivateKey, PrivateKeySize) - copy(priv, buf[:PrivateKeySize]) - return priv, nil -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/tables.go b/vendor/github.com/cloudflare/circl/sign/ed25519/tables.go deleted file mode 100644 index 8763b426fc..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed25519/tables.go +++ /dev/null @@ -1,213 +0,0 @@ -package ed25519 - -import fp "github.com/cloudflare/circl/math/fp25519" - -var tabSign = [fxV][fx2w1]pointR3{ - { - pointR3{ - addYX: fp.Elt{0x85, 0x3b, 0x8c, 0xf5, 0xc6, 0x93, 0xbc, 0x2f, 0x19, 0x0e, 0x8c, 0xfb, 0xc6, 0x2d, 0x93, 0xcf, 0xc2, 0x42, 0x3d, 0x64, 0x98, 0x48, 0x0b, 0x27, 0x65, 0xba, 0xd4, 0x33, 0x3a, 0x9d, 0xcf, 0x07}, - subYX: fp.Elt{0x3e, 0x91, 0x40, 0xd7, 0x05, 0x39, 0x10, 0x9d, 0xb3, 0xbe, 0x40, 0xd1, 0x05, 0x9f, 0x39, 0xfd, 0x09, 0x8a, 0x8f, 0x68, 0x34, 0x84, 0xc1, 0xa5, 0x67, 0x12, 0xf8, 0x98, 0x92, 0x2f, 0xfd, 0x44}, - dt2: fp.Elt{0x68, 0xaa, 0x7a, 0x87, 0x05, 0x12, 0xc9, 0xab, 0x9e, 0xc4, 0xaa, 0xcc, 0x23, 0xe8, 0xd9, 0x26, 0x8c, 0x59, 0x43, 0xdd, 0xcb, 0x7d, 0x1b, 0x5a, 0xa8, 0x65, 0x0c, 0x9f, 0x68, 0x7b, 0x11, 0x6f}, - }, - { - addYX: fp.Elt{0x7c, 0xb0, 0x9e, 0xe6, 0xc5, 0xbf, 0xfa, 0x13, 0x8e, 0x0d, 0x22, 0xde, 0xc8, 0xd1, 0xce, 0x52, 0x02, 0xd5, 0x62, 0x31, 0x71, 0x0e, 0x8e, 0x9d, 0xb0, 0xd6, 0x00, 0xa5, 0x5a, 0x0e, 0xce, 0x72}, - subYX: fp.Elt{0x1a, 0x8e, 0x5c, 0xdc, 0xa4, 0xb3, 0x6c, 0x51, 0x18, 0xa0, 0x09, 0x80, 0x9a, 0x46, 0x33, 0xd5, 0xe0, 0x3c, 0x4d, 0x3b, 0xfc, 0x49, 0xa2, 0x43, 0x29, 0xe1, 0x29, 0xa9, 0x93, 0xea, 0x7c, 0x35}, - dt2: fp.Elt{0x08, 0x46, 0x6f, 0x68, 0x7f, 0x0b, 0x7c, 0x9e, 0xad, 0xba, 0x07, 0x61, 0x74, 0x83, 0x2f, 0xfc, 0x26, 0xd6, 0x09, 0xb9, 0x00, 0x34, 0x36, 0x4f, 0x01, 0xf3, 0x48, 0xdb, 0x43, 0xba, 0x04, 0x44}, - }, - { - addYX: fp.Elt{0x4c, 0xda, 0x0d, 0x13, 0x66, 0xfd, 0x82, 0x84, 0x9f, 0x75, 0x5b, 0xa2, 0x17, 0xfe, 0x34, 0xbf, 0x1f, 0xcb, 0xba, 0x90, 0x55, 0x80, 0x83, 0xfd, 0x63, 0xb9, 0x18, 0xf8, 0x5b, 0x5d, 0x94, 0x1e}, - subYX: fp.Elt{0xb9, 0xdb, 0x6c, 0x04, 0x88, 0x22, 0xd8, 0x79, 0x83, 0x2f, 0x8d, 0x65, 0x6b, 0xd2, 0xab, 0x1b, 0xdd, 0x65, 0xe5, 0x93, 0x63, 0xf8, 0xa2, 0xd8, 0x3c, 0xf1, 0x4b, 0xc5, 0x99, 0xd1, 0xf2, 0x12}, - dt2: fp.Elt{0x05, 0x4c, 0xb8, 0x3b, 0xfe, 0xf5, 0x9f, 0x2e, 0xd1, 0xb2, 0xb8, 0xff, 0xfe, 0x6d, 0xd9, 0x37, 0xe0, 0xae, 0xb4, 0x5a, 0x51, 0x80, 0x7e, 0x9b, 0x1d, 0xd1, 0x8d, 0x8c, 0x56, 0xb1, 0x84, 0x35}, - }, - { - addYX: fp.Elt{0x39, 0x71, 0x43, 0x34, 0xe3, 0x42, 0x45, 0xa1, 0xf2, 0x68, 0x71, 0xa7, 0xe8, 0x23, 0xfd, 0x9f, 0x86, 0x48, 0xff, 0xe5, 0x96, 0x74, 0xcf, 0x05, 0x49, 0xe2, 0xb3, 0x6c, 0x17, 0x77, 0x2f, 0x6d}, - subYX: fp.Elt{0x73, 0x3f, 0xc1, 0xc7, 0x6a, 0x66, 0xa1, 0x20, 0xdd, 0x11, 0xfb, 0x7a, 0x6e, 0xa8, 0x51, 0xb8, 0x3f, 0x9d, 0xa2, 0x97, 0x84, 0xb5, 0xc7, 0x90, 0x7c, 0xab, 0x48, 0xd6, 0x84, 0xa3, 0xd5, 0x1a}, - dt2: fp.Elt{0x63, 0x27, 0x3c, 0x49, 0x4b, 0xfc, 0x22, 0xf2, 0x0b, 0x50, 0xc2, 0x0f, 0xb4, 0x1f, 0x31, 0x0c, 0x2f, 0x53, 0xab, 0xaa, 0x75, 0x6f, 0xe0, 0x69, 0x39, 0x56, 0xe0, 0x3b, 0xb7, 0xa8, 0xbf, 0x45}, - }, - }, - { - { - addYX: fp.Elt{0x00, 0x45, 0xd9, 0x0d, 0x58, 0x03, 0xfc, 0x29, 0x93, 0xec, 0xbb, 0x6f, 0xa4, 0x7a, 0xd2, 0xec, 0xf8, 0xa7, 0xe2, 0xc2, 0x5f, 0x15, 0x0a, 0x13, 0xd5, 0xa1, 0x06, 0xb7, 0x1a, 0x15, 0x6b, 0x41}, - subYX: fp.Elt{0x85, 0x8c, 0xb2, 0x17, 0xd6, 0x3b, 0x0a, 0xd3, 0xea, 0x3b, 0x77, 0x39, 0xb7, 0x77, 0xd3, 0xc5, 0xbf, 0x5c, 0x6a, 0x1e, 0x8c, 0xe7, 0xc6, 0xc6, 0xc4, 0xb7, 0x2a, 0x8b, 0xf7, 0xb8, 0x61, 0x0d}, - dt2: fp.Elt{0xb0, 0x36, 0xc1, 0xe9, 0xef, 0xd7, 0xa8, 0x56, 0x20, 0x4b, 0xe4, 0x58, 0xcd, 0xe5, 0x07, 0xbd, 0xab, 0xe0, 0x57, 0x1b, 0xda, 0x2f, 0xe6, 0xaf, 0xd2, 0xe8, 0x77, 0x42, 0xf7, 0x2a, 0x1a, 0x19}, - }, - { - addYX: fp.Elt{0x6a, 0x6d, 0x6d, 0xd1, 0xfa, 0xf5, 0x03, 0x30, 0xbd, 0x6d, 0xc2, 0xc8, 0xf5, 0x38, 0x80, 0x4f, 0xb2, 0xbe, 0xa1, 0x76, 0x50, 0x1a, 0x73, 0xf2, 0x78, 0x2b, 0x8e, 0x3a, 0x1e, 0x34, 0x47, 0x7b}, - subYX: fp.Elt{0xc3, 0x2c, 0x36, 0xdc, 0xc5, 0x45, 0xbc, 0xef, 0x1b, 0x64, 0xd6, 0x65, 0x28, 0xe9, 0xda, 0x84, 0x13, 0xbe, 0x27, 0x8e, 0x3f, 0x98, 0x2a, 0x37, 0xee, 0x78, 0x97, 0xd6, 0xc0, 0x6f, 0xb4, 0x53}, - dt2: fp.Elt{0x58, 0x5d, 0xa7, 0xa3, 0x68, 0xbb, 0x20, 0x30, 0x2e, 0x03, 0xe9, 0xb1, 0xd4, 0x90, 0x72, 0xe3, 0x71, 0xb2, 0x36, 0x3e, 0x73, 0xa0, 0x2e, 0x3d, 0xd1, 0x85, 0x33, 0x62, 0x4e, 0xa7, 0x7b, 0x31}, - }, - { - addYX: fp.Elt{0xbf, 0xc4, 0x38, 0x53, 0xfb, 0x68, 0xa9, 0x77, 0xce, 0x55, 0xf9, 0x05, 0xcb, 0xeb, 0xfb, 0x8c, 0x46, 0xc2, 0x32, 0x7c, 0xf0, 0xdb, 0xd7, 0x2c, 0x62, 0x8e, 0xdd, 0x54, 0x75, 0xcf, 0x3f, 0x33}, - subYX: fp.Elt{0x49, 0x50, 0x1f, 0x4e, 0x6e, 0x55, 0x55, 0xde, 0x8c, 0x4e, 0x77, 0x96, 0x38, 0x3b, 0xfe, 0xb6, 0x43, 0x3c, 0x86, 0x69, 0xc2, 0x72, 0x66, 0x1f, 0x6b, 0xf9, 0x87, 0xbc, 0x4f, 0x37, 0x3e, 0x3c}, - dt2: fp.Elt{0xd2, 0x2f, 0x06, 0x6b, 0x08, 0x07, 0x69, 0x77, 0xc0, 0x94, 0xcc, 0xae, 0x43, 0x00, 0x59, 0x6e, 0xa3, 0x63, 0xa8, 0xdd, 0xfa, 0x24, 0x18, 0xd0, 0x35, 0xc7, 0x78, 0xf7, 0x0d, 0xd4, 0x5a, 0x1e}, - }, - { - addYX: fp.Elt{0x45, 0xc1, 0x17, 0x51, 0xf8, 0xed, 0x7e, 0xc7, 0xa9, 0x1a, 0x11, 0x6e, 0x2d, 0xef, 0x0b, 0xd5, 0x3f, 0x98, 0xb0, 0xa3, 0x9d, 0x65, 0xf1, 0xcd, 0x53, 0x4a, 0x8a, 0x18, 0x70, 0x0a, 0x7f, 0x23}, - subYX: fp.Elt{0xdd, 0xef, 0xbe, 0x3a, 0x31, 0xe0, 0xbc, 0xbe, 0x6d, 0x5d, 0x79, 0x87, 0xd6, 0xbe, 0x68, 0xe3, 0x59, 0x76, 0x8c, 0x86, 0x0e, 0x7a, 0x92, 0x13, 0x14, 0x8f, 0x67, 0xb3, 0xcb, 0x1a, 0x76, 0x76}, - dt2: fp.Elt{0x56, 0x7a, 0x1c, 0x9d, 0xca, 0x96, 0xf9, 0xf9, 0x03, 0x21, 0xd4, 0xe8, 0xb3, 0xd5, 0xe9, 0x52, 0xc8, 0x54, 0x1e, 0x1b, 0x13, 0xb6, 0xfd, 0x47, 0x7d, 0x02, 0x32, 0x33, 0x27, 0xe2, 0x1f, 0x19}, - }, - }, -} - -var tabVerif = [1 << (omegaFix - 2)]pointR3{ - { /* 1P */ - addYX: fp.Elt{0x85, 0x3b, 0x8c, 0xf5, 0xc6, 0x93, 0xbc, 0x2f, 0x19, 0x0e, 0x8c, 0xfb, 0xc6, 0x2d, 0x93, 0xcf, 0xc2, 0x42, 0x3d, 0x64, 0x98, 0x48, 0x0b, 0x27, 0x65, 0xba, 0xd4, 0x33, 0x3a, 0x9d, 0xcf, 0x07}, - subYX: fp.Elt{0x3e, 0x91, 0x40, 0xd7, 0x05, 0x39, 0x10, 0x9d, 0xb3, 0xbe, 0x40, 0xd1, 0x05, 0x9f, 0x39, 0xfd, 0x09, 0x8a, 0x8f, 0x68, 0x34, 0x84, 0xc1, 0xa5, 0x67, 0x12, 0xf8, 0x98, 0x92, 0x2f, 0xfd, 0x44}, - dt2: fp.Elt{0x68, 0xaa, 0x7a, 0x87, 0x05, 0x12, 0xc9, 0xab, 0x9e, 0xc4, 0xaa, 0xcc, 0x23, 0xe8, 0xd9, 0x26, 0x8c, 0x59, 0x43, 0xdd, 0xcb, 0x7d, 0x1b, 0x5a, 0xa8, 0x65, 0x0c, 0x9f, 0x68, 0x7b, 0x11, 0x6f}, - }, - { /* 3P */ - addYX: fp.Elt{0x30, 0x97, 0xee, 0x4c, 0xa8, 0xb0, 0x25, 0xaf, 0x8a, 0x4b, 0x86, 0xe8, 0x30, 0x84, 0x5a, 0x02, 0x32, 0x67, 0x01, 0x9f, 0x02, 0x50, 0x1b, 0xc1, 0xf4, 0xf8, 0x80, 0x9a, 0x1b, 0x4e, 0x16, 0x7a}, - subYX: fp.Elt{0x65, 0xd2, 0xfc, 0xa4, 0xe8, 0x1f, 0x61, 0x56, 0x7d, 0xba, 0xc1, 0xe5, 0xfd, 0x53, 0xd3, 0x3b, 0xbd, 0xd6, 0x4b, 0x21, 0x1a, 0xf3, 0x31, 0x81, 0x62, 0xda, 0x5b, 0x55, 0x87, 0x15, 0xb9, 0x2a}, - dt2: fp.Elt{0x89, 0xd8, 0xd0, 0x0d, 0x3f, 0x93, 0xae, 0x14, 0x62, 0xda, 0x35, 0x1c, 0x22, 0x23, 0x94, 0x58, 0x4c, 0xdb, 0xf2, 0x8c, 0x45, 0xe5, 0x70, 0xd1, 0xc6, 0xb4, 0xb9, 0x12, 0xaf, 0x26, 0x28, 0x5a}, - }, - { /* 5P */ - addYX: fp.Elt{0x33, 0xbb, 0xa5, 0x08, 0x44, 0xbc, 0x12, 0xa2, 0x02, 0xed, 0x5e, 0xc7, 0xc3, 0x48, 0x50, 0x8d, 0x44, 0xec, 0xbf, 0x5a, 0x0c, 0xeb, 0x1b, 0xdd, 0xeb, 0x06, 0xe2, 0x46, 0xf1, 0xcc, 0x45, 0x29}, - subYX: fp.Elt{0xba, 0xd6, 0x47, 0xa4, 0xc3, 0x82, 0x91, 0x7f, 0xb7, 0x29, 0x27, 0x4b, 0xd1, 0x14, 0x00, 0xd5, 0x87, 0xa0, 0x64, 0xb8, 0x1c, 0xf1, 0x3c, 0xe3, 0xf3, 0x55, 0x1b, 0xeb, 0x73, 0x7e, 0x4a, 0x15}, - dt2: fp.Elt{0x85, 0x82, 0x2a, 0x81, 0xf1, 0xdb, 0xbb, 0xbc, 0xfc, 0xd1, 0xbd, 0xd0, 0x07, 0x08, 0x0e, 0x27, 0x2d, 0xa7, 0xbd, 0x1b, 0x0b, 0x67, 0x1b, 0xb4, 0x9a, 0xb6, 0x3b, 0x6b, 0x69, 0xbe, 0xaa, 0x43}, - }, - { /* 7P */ - addYX: fp.Elt{0xbf, 0xa3, 0x4e, 0x94, 0xd0, 0x5c, 0x1a, 0x6b, 0xd2, 0xc0, 0x9d, 0xb3, 0x3a, 0x35, 0x70, 0x74, 0x49, 0x2e, 0x54, 0x28, 0x82, 0x52, 0xb2, 0x71, 0x7e, 0x92, 0x3c, 0x28, 0x69, 0xea, 0x1b, 0x46}, - subYX: fp.Elt{0xb1, 0x21, 0x32, 0xaa, 0x9a, 0x2c, 0x6f, 0xba, 0xa7, 0x23, 0xba, 0x3b, 0x53, 0x21, 0xa0, 0x6c, 0x3a, 0x2c, 0x19, 0x92, 0x4f, 0x76, 0xea, 0x9d, 0xe0, 0x17, 0x53, 0x2e, 0x5d, 0xdd, 0x6e, 0x1d}, - dt2: fp.Elt{0xa2, 0xb3, 0xb8, 0x01, 0xc8, 0x6d, 0x83, 0xf1, 0x9a, 0xa4, 0x3e, 0x05, 0x47, 0x5f, 0x03, 0xb3, 0xf3, 0xad, 0x77, 0x58, 0xba, 0x41, 0x9c, 0x52, 0xa7, 0x90, 0x0f, 0x6a, 0x1c, 0xbb, 0x9f, 0x7a}, - }, - { /* 9P */ - addYX: fp.Elt{0x2f, 0x63, 0xa8, 0xa6, 0x8a, 0x67, 0x2e, 0x9b, 0xc5, 0x46, 0xbc, 0x51, 0x6f, 0x9e, 0x50, 0xa6, 0xb5, 0xf5, 0x86, 0xc6, 0xc9, 0x33, 0xb2, 0xce, 0x59, 0x7f, 0xdd, 0x8a, 0x33, 0xed, 0xb9, 0x34}, - subYX: fp.Elt{0x64, 0x80, 0x9d, 0x03, 0x7e, 0x21, 0x6e, 0xf3, 0x9b, 0x41, 0x20, 0xf5, 0xb6, 0x81, 0xa0, 0x98, 0x44, 0xb0, 0x5e, 0xe7, 0x08, 0xc6, 0xcb, 0x96, 0x8f, 0x9c, 0xdc, 0xfa, 0x51, 0x5a, 0xc0, 0x49}, - dt2: fp.Elt{0x1b, 0xaf, 0x45, 0x90, 0xbf, 0xe8, 0xb4, 0x06, 0x2f, 0xd2, 0x19, 0xa7, 0xe8, 0x83, 0xff, 0xe2, 0x16, 0xcf, 0xd4, 0x93, 0x29, 0xfc, 0xf6, 0xaa, 0x06, 0x8b, 0x00, 0x1b, 0x02, 0x72, 0xc1, 0x73}, - }, - { /* 11P */ - addYX: fp.Elt{0xde, 0x2a, 0x80, 0x8a, 0x84, 0x00, 0xbf, 0x2f, 0x27, 0x2e, 0x30, 0x02, 0xcf, 0xfe, 0xd9, 0xe5, 0x06, 0x34, 0x70, 0x17, 0x71, 0x84, 0x3e, 0x11, 0xaf, 0x8f, 0x6d, 0x54, 0xe2, 0xaa, 0x75, 0x42}, - subYX: fp.Elt{0x48, 0x43, 0x86, 0x49, 0x02, 0x5b, 0x5f, 0x31, 0x81, 0x83, 0x08, 0x77, 0x69, 0xb3, 0xd6, 0x3e, 0x95, 0xeb, 0x8d, 0x6a, 0x55, 0x75, 0xa0, 0xa3, 0x7f, 0xc7, 0xd5, 0x29, 0x80, 0x59, 0xab, 0x18}, - dt2: fp.Elt{0xe9, 0x89, 0x60, 0xfd, 0xc5, 0x2c, 0x2b, 0xd8, 0xa4, 0xe4, 0x82, 0x32, 0xa1, 0xb4, 0x1e, 0x03, 0x22, 0x86, 0x1a, 0xb5, 0x99, 0x11, 0x31, 0x44, 0x48, 0xf9, 0x3d, 0xb5, 0x22, 0x55, 0xc6, 0x3d}, - }, - { /* 13P */ - addYX: fp.Elt{0x6d, 0x7f, 0x00, 0xa2, 0x22, 0xc2, 0x70, 0xbf, 0xdb, 0xde, 0xbc, 0xb5, 0x9a, 0xb3, 0x84, 0xbf, 0x07, 0xba, 0x07, 0xfb, 0x12, 0x0e, 0x7a, 0x53, 0x41, 0xf2, 0x46, 0xc3, 0xee, 0xd7, 0x4f, 0x23}, - subYX: fp.Elt{0x93, 0xbf, 0x7f, 0x32, 0x3b, 0x01, 0x6f, 0x50, 0x6b, 0x6f, 0x77, 0x9b, 0xc9, 0xeb, 0xfc, 0xae, 0x68, 0x59, 0xad, 0xaa, 0x32, 0xb2, 0x12, 0x9d, 0xa7, 0x24, 0x60, 0x17, 0x2d, 0x88, 0x67, 0x02}, - dt2: fp.Elt{0x78, 0xa3, 0x2e, 0x73, 0x19, 0xa1, 0x60, 0x53, 0x71, 0xd4, 0x8d, 0xdf, 0xb1, 0xe6, 0x37, 0x24, 0x33, 0xe5, 0xa7, 0x91, 0xf8, 0x37, 0xef, 0xa2, 0x63, 0x78, 0x09, 0xaa, 0xfd, 0xa6, 0x7b, 0x49}, - }, - { /* 15P */ - addYX: fp.Elt{0xa0, 0xea, 0xcf, 0x13, 0x03, 0xcc, 0xce, 0x24, 0x6d, 0x24, 0x9c, 0x18, 0x8d, 0xc2, 0x48, 0x86, 0xd0, 0xd4, 0xf2, 0xc1, 0xfa, 0xbd, 0xbd, 0x2d, 0x2b, 0xe7, 0x2d, 0xf1, 0x17, 0x29, 0xe2, 0x61}, - subYX: fp.Elt{0x0b, 0xcf, 0x8c, 0x46, 0x86, 0xcd, 0x0b, 0x04, 0xd6, 0x10, 0x99, 0x2a, 0xa4, 0x9b, 0x82, 0xd3, 0x92, 0x51, 0xb2, 0x07, 0x08, 0x30, 0x08, 0x75, 0xbf, 0x5e, 0xd0, 0x18, 0x42, 0xcd, 0xb5, 0x43}, - dt2: fp.Elt{0x16, 0xb5, 0xd0, 0x9b, 0x2f, 0x76, 0x9a, 0x5d, 0xee, 0xde, 0x3f, 0x37, 0x4e, 0xaf, 0x38, 0xeb, 0x70, 0x42, 0xd6, 0x93, 0x7d, 0x5a, 0x2e, 0x03, 0x42, 0xd8, 0xe4, 0x0a, 0x21, 0x61, 0x1d, 0x51}, - }, - { /* 17P */ - addYX: fp.Elt{0x81, 0x9d, 0x0e, 0x95, 0xef, 0x76, 0xc6, 0x92, 0x4f, 0x04, 0xd7, 0xc0, 0xcd, 0x20, 0x46, 0xa5, 0x48, 0x12, 0x8f, 0x6f, 0x64, 0x36, 0x9b, 0xaa, 0xe3, 0x55, 0xb8, 0xdd, 0x24, 0x59, 0x32, 0x6d}, - subYX: fp.Elt{0x87, 0xde, 0x20, 0x44, 0x48, 0x86, 0x13, 0x08, 0xb4, 0xed, 0x92, 0xb5, 0x16, 0xf0, 0x1c, 0x8a, 0x25, 0x2d, 0x94, 0x29, 0x27, 0x4e, 0xfa, 0x39, 0x10, 0x28, 0x48, 0xe2, 0x6f, 0xfe, 0xa7, 0x71}, - dt2: fp.Elt{0x54, 0xc8, 0xc8, 0xa5, 0xb8, 0x82, 0x71, 0x6c, 0x03, 0x2a, 0x5f, 0xfe, 0x79, 0x14, 0xfd, 0x33, 0x0c, 0x8d, 0x77, 0x83, 0x18, 0x59, 0xcf, 0x72, 0xa9, 0xea, 0x9e, 0x55, 0xb6, 0xc4, 0x46, 0x47}, - }, - { /* 19P */ - addYX: fp.Elt{0x2b, 0x9a, 0xc6, 0x6d, 0x3c, 0x7b, 0x77, 0xd3, 0x17, 0xf6, 0x89, 0x6f, 0x27, 0xb2, 0xfa, 0xde, 0xb5, 0x16, 0x3a, 0xb5, 0xf7, 0x1c, 0x65, 0x45, 0xb7, 0x9f, 0xfe, 0x34, 0xde, 0x51, 0x9a, 0x5c}, - subYX: fp.Elt{0x47, 0x11, 0x74, 0x64, 0xc8, 0x46, 0x85, 0x34, 0x49, 0xc8, 0xfc, 0x0e, 0xdd, 0xae, 0x35, 0x7d, 0x32, 0xa3, 0x72, 0x06, 0x76, 0x9a, 0x93, 0xff, 0xd6, 0xe6, 0xb5, 0x7d, 0x49, 0x63, 0x96, 0x21}, - dt2: fp.Elt{0x67, 0x0e, 0xf1, 0x79, 0xcf, 0xf1, 0x10, 0xf5, 0x5b, 0x51, 0x58, 0xe6, 0xa1, 0xda, 0xdd, 0xff, 0x77, 0x22, 0x14, 0x10, 0x17, 0xa7, 0xc3, 0x09, 0xbb, 0x23, 0x82, 0x60, 0x3c, 0x50, 0x04, 0x48}, - }, - { /* 21P */ - addYX: fp.Elt{0xc7, 0x7f, 0xa3, 0x2c, 0xd0, 0x9e, 0x24, 0xc4, 0xab, 0xac, 0x15, 0xa6, 0xe3, 0xa0, 0x59, 0xa0, 0x23, 0x0e, 0x6e, 0xc9, 0xd7, 0x6e, 0xa9, 0x88, 0x6d, 0x69, 0x50, 0x16, 0xa5, 0x98, 0x33, 0x55}, - subYX: fp.Elt{0x75, 0xd1, 0x36, 0x3a, 0xd2, 0x21, 0x68, 0x3b, 0x32, 0x9e, 0x9b, 0xe9, 0xa7, 0x0a, 0xb4, 0xbb, 0x47, 0x8a, 0x83, 0x20, 0xe4, 0x5c, 0x9e, 0x5d, 0x5e, 0x4c, 0xde, 0x58, 0x88, 0x09, 0x1e, 0x77}, - dt2: fp.Elt{0xdf, 0x1e, 0x45, 0x78, 0xd2, 0xf5, 0x12, 0x9a, 0xcb, 0x9c, 0x89, 0x85, 0x79, 0x5d, 0xda, 0x3a, 0x08, 0x95, 0xa5, 0x9f, 0x2d, 0x4a, 0x7f, 0x47, 0x11, 0xa6, 0xf5, 0x8f, 0xd6, 0xd1, 0x5e, 0x5a}, - }, - { /* 23P */ - addYX: fp.Elt{0x83, 0x0e, 0x15, 0xfe, 0x2a, 0x12, 0x95, 0x11, 0xd8, 0x35, 0x4b, 0x7e, 0x25, 0x9a, 0x20, 0xcf, 0x20, 0x1e, 0x71, 0x1e, 0x29, 0xf8, 0x87, 0x73, 0xf0, 0x92, 0xbf, 0xd8, 0x97, 0xb8, 0xac, 0x44}, - subYX: fp.Elt{0x59, 0x73, 0x52, 0x58, 0xc5, 0xe0, 0xe5, 0xba, 0x7e, 0x9d, 0xdb, 0xca, 0x19, 0x5c, 0x2e, 0x39, 0xe9, 0xab, 0x1c, 0xda, 0x1e, 0x3c, 0x65, 0x28, 0x44, 0xdc, 0xef, 0x5f, 0x13, 0x60, 0x9b, 0x01}, - dt2: fp.Elt{0x83, 0x4b, 0x13, 0x5e, 0x14, 0x68, 0x60, 0x1e, 0x16, 0x4c, 0x30, 0x24, 0x4f, 0xe6, 0xf5, 0xc4, 0xd7, 0x3e, 0x1a, 0xfc, 0xa8, 0x88, 0x6e, 0x50, 0x92, 0x2f, 0xad, 0xe6, 0xfd, 0x49, 0x0c, 0x15}, - }, - { /* 25P */ - addYX: fp.Elt{0x38, 0x11, 0x47, 0x09, 0x95, 0xf2, 0x7b, 0x8e, 0x51, 0xa6, 0x75, 0x4f, 0x39, 0xef, 0x6f, 0x5d, 0xad, 0x08, 0xa7, 0x25, 0xc4, 0x79, 0xaf, 0x10, 0x22, 0x99, 0xb9, 0x5b, 0x07, 0x5a, 0x2b, 0x6b}, - subYX: fp.Elt{0x68, 0xa8, 0xdc, 0x9c, 0x3c, 0x86, 0x49, 0xb8, 0xd0, 0x4a, 0x71, 0xb8, 0xdb, 0x44, 0x3f, 0xc8, 0x8d, 0x16, 0x36, 0x0c, 0x56, 0xe3, 0x3e, 0xfe, 0xc1, 0xfb, 0x05, 0x1e, 0x79, 0xd7, 0xa6, 0x78}, - dt2: fp.Elt{0x76, 0xb9, 0xa0, 0x47, 0x4b, 0x70, 0xbf, 0x58, 0xd5, 0x48, 0x17, 0x74, 0x55, 0xb3, 0x01, 0xa6, 0x90, 0xf5, 0x42, 0xd5, 0xb1, 0x1f, 0x2b, 0xaa, 0x00, 0x5d, 0xd5, 0x4a, 0xfc, 0x7f, 0x5c, 0x72}, - }, - { /* 27P */ - addYX: fp.Elt{0xb2, 0x99, 0xcf, 0xd1, 0x15, 0x67, 0x42, 0xe4, 0x34, 0x0d, 0xa2, 0x02, 0x11, 0xd5, 0x52, 0x73, 0x9f, 0x10, 0x12, 0x8b, 0x7b, 0x15, 0xd1, 0x23, 0xa3, 0xf3, 0xb1, 0x7c, 0x27, 0xc9, 0x4c, 0x79}, - subYX: fp.Elt{0xc0, 0x98, 0xd0, 0x1c, 0xf7, 0x2b, 0x80, 0x91, 0x66, 0x63, 0x5e, 0xed, 0xa4, 0x6c, 0x41, 0xfe, 0x4c, 0x99, 0x02, 0x49, 0x71, 0x5d, 0x58, 0xdf, 0xe7, 0xfa, 0x55, 0xf8, 0x25, 0x46, 0xd5, 0x4c}, - dt2: fp.Elt{0x53, 0x50, 0xac, 0xc2, 0x26, 0xc4, 0xf6, 0x4a, 0x58, 0x72, 0xf6, 0x32, 0xad, 0xed, 0x9a, 0xbc, 0x21, 0x10, 0x31, 0x0a, 0xf1, 0x32, 0xd0, 0x2a, 0x85, 0x8e, 0xcc, 0x6f, 0x7b, 0x35, 0x08, 0x70}, - }, - { /* 29P */ - addYX: fp.Elt{0x01, 0x3f, 0x77, 0x38, 0x27, 0x67, 0x88, 0x0b, 0xfb, 0xcc, 0xfb, 0x95, 0xfa, 0xc8, 0xcc, 0xb8, 0xb6, 0x29, 0xad, 0xb9, 0xa3, 0xd5, 0x2d, 0x8d, 0x6a, 0x0f, 0xad, 0x51, 0x98, 0x7e, 0xef, 0x06}, - subYX: fp.Elt{0x34, 0x4a, 0x58, 0x82, 0xbb, 0x9f, 0x1b, 0xd0, 0x2b, 0x79, 0xb4, 0xd2, 0x63, 0x64, 0xab, 0x47, 0x02, 0x62, 0x53, 0x48, 0x9c, 0x63, 0x31, 0xb6, 0x28, 0xd4, 0xd6, 0x69, 0x36, 0x2a, 0xa9, 0x13}, - dt2: fp.Elt{0xe5, 0x7d, 0x57, 0xc0, 0x1c, 0x77, 0x93, 0xca, 0x5c, 0xdc, 0x35, 0x50, 0x1e, 0xe4, 0x40, 0x75, 0x71, 0xe0, 0x02, 0xd8, 0x01, 0x0f, 0x68, 0x24, 0x6a, 0xf8, 0x2a, 0x8a, 0xdf, 0x6d, 0x29, 0x3c}, - }, - { /* 31P */ - addYX: fp.Elt{0x13, 0xa7, 0x14, 0xd9, 0xf9, 0x15, 0xad, 0xae, 0x12, 0xf9, 0x8f, 0x8c, 0xf9, 0x7b, 0x2f, 0xa9, 0x30, 0xd7, 0x53, 0x9f, 0x17, 0x23, 0xf8, 0xaf, 0xba, 0x77, 0x0c, 0x49, 0x93, 0xd3, 0x99, 0x7a}, - subYX: fp.Elt{0x41, 0x25, 0x1f, 0xbb, 0x2e, 0x4d, 0xeb, 0xfc, 0x1f, 0xb9, 0xad, 0x40, 0xc7, 0x10, 0x95, 0xb8, 0x05, 0xad, 0xa1, 0xd0, 0x7d, 0xa3, 0x71, 0xfc, 0x7b, 0x71, 0x47, 0x07, 0x70, 0x2c, 0x89, 0x0a}, - dt2: fp.Elt{0xe8, 0xa3, 0xbd, 0x36, 0x24, 0xed, 0x52, 0x8f, 0x94, 0x07, 0xe8, 0x57, 0x41, 0xc8, 0xa8, 0x77, 0xe0, 0x9c, 0x2f, 0x26, 0x63, 0x65, 0xa9, 0xa5, 0xd2, 0xf7, 0x02, 0x83, 0xd2, 0x62, 0x67, 0x28}, - }, - { /* 33P */ - addYX: fp.Elt{0x25, 0x5b, 0xe3, 0x3c, 0x09, 0x36, 0x78, 0x4e, 0x97, 0xaa, 0x6b, 0xb2, 0x1d, 0x18, 0xe1, 0x82, 0x3f, 0xb8, 0xc7, 0xcb, 0xd3, 0x92, 0xc1, 0x0c, 0x3a, 0x9d, 0x9d, 0x6a, 0x04, 0xda, 0xf1, 0x32}, - subYX: fp.Elt{0xbd, 0xf5, 0x2e, 0xce, 0x2b, 0x8e, 0x55, 0x7c, 0x63, 0xbc, 0x47, 0x67, 0xb4, 0x6c, 0x98, 0xe4, 0xb8, 0x89, 0xbb, 0x3b, 0x9f, 0x17, 0x4a, 0x15, 0x7a, 0x76, 0xf1, 0xd6, 0xa3, 0xf2, 0x86, 0x76}, - dt2: fp.Elt{0x6a, 0x7c, 0x59, 0x6d, 0xa6, 0x12, 0x8d, 0xaa, 0x2b, 0x85, 0xd3, 0x04, 0x03, 0x93, 0x11, 0x8f, 0x22, 0xb0, 0x09, 0xc2, 0x73, 0xdc, 0x91, 0x3f, 0xa6, 0x28, 0xad, 0xa9, 0xf8, 0x05, 0x13, 0x56}, - }, - { /* 35P */ - addYX: fp.Elt{0xd1, 0xae, 0x92, 0xec, 0x8d, 0x97, 0x0c, 0x10, 0xe5, 0x73, 0x6d, 0x4d, 0x43, 0xd5, 0x43, 0xca, 0x48, 0xba, 0x47, 0xd8, 0x22, 0x1b, 0x13, 0x83, 0x2c, 0x4d, 0x5d, 0xe3, 0x53, 0xec, 0xaa}, - subYX: fp.Elt{0xd5, 0xc0, 0xb0, 0xe7, 0x28, 0xcc, 0x22, 0x67, 0x53, 0x5c, 0x07, 0xdb, 0xbb, 0xe9, 0x9d, 0x70, 0x61, 0x0a, 0x01, 0xd7, 0xa7, 0x8d, 0xf6, 0xca, 0x6c, 0xcc, 0x57, 0x2c, 0xef, 0x1a, 0x0a, 0x03}, - dt2: fp.Elt{0xaa, 0xd2, 0x3a, 0x00, 0x73, 0xf7, 0xb1, 0x7b, 0x08, 0x66, 0x21, 0x2b, 0x80, 0x29, 0x3f, 0x0b, 0x3e, 0xd2, 0x0e, 0x52, 0x86, 0xdc, 0x21, 0x78, 0x80, 0x54, 0x06, 0x24, 0x1c, 0x9c, 0xbe, 0x20}, - }, - { /* 37P */ - addYX: fp.Elt{0xa6, 0x73, 0x96, 0x24, 0xd8, 0x87, 0x53, 0xe1, 0x93, 0xe4, 0x46, 0xf5, 0x2d, 0xbc, 0x43, 0x59, 0xb5, 0x63, 0x6f, 0xc3, 0x81, 0x9a, 0x7f, 0x1c, 0xde, 0xc1, 0x0a, 0x1f, 0x36, 0xb3, 0x0a, 0x75}, - subYX: fp.Elt{0x60, 0x5e, 0x02, 0xe2, 0x4a, 0xe4, 0xe0, 0x20, 0x38, 0xb9, 0xdc, 0xcb, 0x2f, 0x3b, 0x3b, 0xb0, 0x1c, 0x0d, 0x5a, 0xf9, 0x9c, 0x63, 0x5d, 0x10, 0x11, 0xe3, 0x67, 0x50, 0x54, 0x4c, 0x76, 0x69}, - dt2: fp.Elt{0x37, 0x10, 0xf8, 0xa2, 0x83, 0x32, 0x8a, 0x1e, 0xf1, 0xcb, 0x7f, 0xbd, 0x23, 0xda, 0x2e, 0x6f, 0x63, 0x25, 0x2e, 0xac, 0x5b, 0xd1, 0x2f, 0xb7, 0x40, 0x50, 0x07, 0xb7, 0x3f, 0x6b, 0xf9, 0x54}, - }, - { /* 39P */ - addYX: fp.Elt{0x79, 0x92, 0x66, 0x29, 0x04, 0xf2, 0xad, 0x0f, 0x4a, 0x72, 0x7d, 0x7d, 0x04, 0xa2, 0xdd, 0x3a, 0xf1, 0x60, 0x57, 0x8c, 0x82, 0x94, 0x3d, 0x6f, 0x9e, 0x53, 0xb7, 0x2b, 0xc5, 0xe9, 0x7f, 0x3d}, - subYX: fp.Elt{0xcd, 0x1e, 0xb1, 0x16, 0xc6, 0xaf, 0x7d, 0x17, 0x79, 0x64, 0x57, 0xfa, 0x9c, 0x4b, 0x76, 0x89, 0x85, 0xe7, 0xec, 0xe6, 0x10, 0xa1, 0xa8, 0xb7, 0xf0, 0xdb, 0x85, 0xbe, 0x9f, 0x83, 0xe6, 0x78}, - dt2: fp.Elt{0x6b, 0x85, 0xb8, 0x37, 0xf7, 0x2d, 0x33, 0x70, 0x8a, 0x17, 0x1a, 0x04, 0x43, 0x5d, 0xd0, 0x75, 0x22, 0x9e, 0xe5, 0xa0, 0x4a, 0xf7, 0x0f, 0x32, 0x42, 0x82, 0x08, 0x50, 0xf3, 0x68, 0xf2, 0x70}, - }, - { /* 41P */ - addYX: fp.Elt{0x47, 0x5f, 0x80, 0xb1, 0x83, 0x45, 0x86, 0x66, 0x19, 0x7c, 0xdd, 0x60, 0xd1, 0xc5, 0x35, 0xf5, 0x06, 0xb0, 0x4c, 0x1e, 0xb7, 0x4e, 0x87, 0xe9, 0xd9, 0x89, 0xd8, 0xfa, 0x5c, 0x34, 0x0d, 0x7c}, - subYX: fp.Elt{0x55, 0xf3, 0xdc, 0x70, 0x20, 0x11, 0x24, 0x23, 0x17, 0xe1, 0xfc, 0xe7, 0x7e, 0xc9, 0x0c, 0x38, 0x98, 0xb6, 0x52, 0x35, 0xed, 0xde, 0x1d, 0xb3, 0xb9, 0xc4, 0xb8, 0x39, 0xc0, 0x56, 0x4e, 0x40}, - dt2: fp.Elt{0x8a, 0x33, 0x78, 0x8c, 0x4b, 0x1f, 0x1f, 0x59, 0xe1, 0xb5, 0xe0, 0x67, 0xb1, 0x6a, 0x36, 0xa0, 0x44, 0x3d, 0x5f, 0xb4, 0x52, 0x41, 0xbc, 0x5c, 0x77, 0xc7, 0xae, 0x2a, 0x76, 0x54, 0xd7, 0x20}, - }, - { /* 43P */ - addYX: fp.Elt{0x58, 0xb7, 0x3b, 0xc7, 0x6f, 0xc3, 0x8f, 0x5e, 0x9a, 0xbb, 0x3c, 0x36, 0xa5, 0x43, 0xe5, 0xac, 0x22, 0xc9, 0x3b, 0x90, 0x7d, 0x4a, 0x93, 0xa9, 0x62, 0xec, 0xce, 0xf3, 0x46, 0x1e, 0x8f, 0x2b}, - subYX: fp.Elt{0x43, 0xf5, 0xb9, 0x35, 0xb1, 0xfe, 0x74, 0x9d, 0x6c, 0x95, 0x8c, 0xde, 0xf1, 0x7d, 0xb3, 0x84, 0xa9, 0x8b, 0x13, 0x57, 0x07, 0x2b, 0x32, 0xe9, 0xe1, 0x4c, 0x0b, 0x79, 0xa8, 0xad, 0xb8, 0x38}, - dt2: fp.Elt{0x5d, 0xf9, 0x51, 0xdf, 0x9c, 0x4a, 0xc0, 0xb5, 0xac, 0xde, 0x1f, 0xcb, 0xae, 0x52, 0x39, 0x2b, 0xda, 0x66, 0x8b, 0x32, 0x8b, 0x6d, 0x10, 0x1d, 0x53, 0x19, 0xba, 0xce, 0x32, 0xeb, 0x9a, 0x04}, - }, - { /* 45P */ - addYX: fp.Elt{0x31, 0x79, 0xfc, 0x75, 0x0b, 0x7d, 0x50, 0xaa, 0xd3, 0x25, 0x67, 0x7a, 0x4b, 0x92, 0xef, 0x0f, 0x30, 0x39, 0x6b, 0x39, 0x2b, 0x54, 0x82, 0x1d, 0xfc, 0x74, 0xf6, 0x30, 0x75, 0xe1, 0x5e, 0x79}, - subYX: fp.Elt{0x7e, 0xfe, 0xdc, 0x63, 0x3c, 0x7d, 0x76, 0xd7, 0x40, 0x6e, 0x85, 0x97, 0x48, 0x59, 0x9c, 0x20, 0x13, 0x7c, 0x4f, 0xe1, 0x61, 0x68, 0x67, 0xb6, 0xfc, 0x25, 0xd6, 0xc8, 0xe0, 0x65, 0xc6, 0x51}, - dt2: fp.Elt{0x81, 0xbd, 0xec, 0x52, 0x0a, 0x5b, 0x4a, 0x25, 0xe7, 0xaf, 0x34, 0xe0, 0x6e, 0x1f, 0x41, 0x5d, 0x31, 0x4a, 0xee, 0xca, 0x0d, 0x4d, 0xa2, 0xe6, 0x77, 0x44, 0xc5, 0x9d, 0xf4, 0x9b, 0xd1, 0x6c}, - }, - { /* 47P */ - addYX: fp.Elt{0x86, 0xc3, 0xaf, 0x65, 0x21, 0x61, 0xfe, 0x1f, 0x10, 0x1b, 0xd5, 0xb8, 0x88, 0x2a, 0x2a, 0x08, 0xaa, 0x0b, 0x99, 0x20, 0x7e, 0x62, 0xf6, 0x76, 0xe7, 0x43, 0x9e, 0x42, 0xa7, 0xb3, 0x01, 0x5e}, - subYX: fp.Elt{0xa3, 0x9c, 0x17, 0x52, 0x90, 0x61, 0x87, 0x7e, 0x85, 0x9f, 0x2c, 0x0b, 0x06, 0x0a, 0x1d, 0x57, 0x1e, 0x71, 0x99, 0x84, 0xa8, 0xba, 0xa2, 0x80, 0x38, 0xe6, 0xb2, 0x40, 0xdb, 0xf3, 0x20, 0x75}, - dt2: fp.Elt{0xa1, 0x57, 0x93, 0xd3, 0xe3, 0x0b, 0xb5, 0x3d, 0xa5, 0x94, 0x9e, 0x59, 0xdd, 0x6c, 0x7b, 0x96, 0x6e, 0x1e, 0x31, 0xdf, 0x64, 0x9a, 0x30, 0x1a, 0x86, 0xc9, 0xf3, 0xce, 0x9c, 0x2c, 0x09, 0x71}, - }, - { /* 49P */ - addYX: fp.Elt{0xcf, 0x1d, 0x05, 0x74, 0xac, 0xd8, 0x6b, 0x85, 0x1e, 0xaa, 0xb7, 0x55, 0x08, 0xa4, 0xf6, 0x03, 0xeb, 0x3c, 0x74, 0xc9, 0xcb, 0xe7, 0x4a, 0x3a, 0xde, 0xab, 0x37, 0x71, 0xbb, 0xa5, 0x73, 0x41}, - subYX: fp.Elt{0x8c, 0x91, 0x64, 0x03, 0x3f, 0x52, 0xd8, 0x53, 0x1c, 0x6b, 0xab, 0x3f, 0xf4, 0x04, 0xb4, 0xa2, 0xa4, 0xe5, 0x81, 0x66, 0x9e, 0x4a, 0x0b, 0x08, 0xa7, 0x7b, 0x25, 0xd0, 0x03, 0x5b, 0xa1, 0x0e}, - dt2: fp.Elt{0x8a, 0x21, 0xf9, 0xf0, 0x31, 0x6e, 0xc5, 0x17, 0x08, 0x47, 0xfc, 0x1a, 0x2b, 0x6e, 0x69, 0x5a, 0x76, 0xf1, 0xb2, 0xf4, 0x68, 0x16, 0x93, 0xf7, 0x67, 0x3a, 0x4e, 0x4a, 0x61, 0x65, 0xc5, 0x5f}, - }, - { /* 51P */ - addYX: fp.Elt{0x8e, 0x98, 0x90, 0x77, 0xe6, 0xe1, 0x92, 0x48, 0x22, 0xd7, 0x5c, 0x1c, 0x0f, 0x95, 0xd5, 0x01, 0xed, 0x3e, 0x92, 0xe5, 0x9a, 0x81, 0xb0, 0xe3, 0x1b, 0x65, 0x46, 0x9d, 0x40, 0xc7, 0x14, 0x32}, - subYX: fp.Elt{0xe5, 0x7a, 0x6d, 0xc4, 0x0d, 0x57, 0x6e, 0x13, 0x8f, 0xdc, 0xf8, 0x54, 0xcc, 0xaa, 0xd0, 0x0f, 0x86, 0xad, 0x0d, 0x31, 0x03, 0x9f, 0x54, 0x59, 0xa1, 0x4a, 0x45, 0x4c, 0x41, 0x1c, 0x71, 0x62}, - dt2: fp.Elt{0x70, 0x17, 0x65, 0x06, 0x74, 0x82, 0x29, 0x13, 0x36, 0x94, 0x27, 0x8a, 0x66, 0xa0, 0xa4, 0x3b, 0x3c, 0x22, 0x5d, 0x18, 0xec, 0xb8, 0xb6, 0xd9, 0x3c, 0x83, 0xcb, 0x3e, 0x07, 0x94, 0xea, 0x5b}, - }, - { /* 53P */ - addYX: fp.Elt{0xf8, 0xd2, 0x43, 0xf3, 0x63, 0xce, 0x70, 0xb4, 0xf1, 0xe8, 0x43, 0x05, 0x8f, 0xba, 0x67, 0x00, 0x6f, 0x7b, 0x11, 0xa2, 0xa1, 0x51, 0xda, 0x35, 0x2f, 0xbd, 0xf1, 0x44, 0x59, 0x78, 0xd0, 0x4a}, - subYX: fp.Elt{0xe4, 0x9b, 0xc8, 0x12, 0x09, 0xbf, 0x1d, 0x64, 0x9c, 0x57, 0x6e, 0x7d, 0x31, 0x8b, 0xf3, 0xac, 0x65, 0xb0, 0x97, 0xf6, 0x02, 0x9e, 0xfe, 0xab, 0xec, 0x1e, 0xf6, 0x48, 0xc1, 0xd5, 0xac, 0x3a}, - dt2: fp.Elt{0x01, 0x83, 0x31, 0xc3, 0x34, 0x3b, 0x8e, 0x85, 0x26, 0x68, 0x31, 0x07, 0x47, 0xc0, 0x99, 0xdc, 0x8c, 0xa8, 0x9d, 0xd3, 0x2e, 0x5b, 0x08, 0x34, 0x3d, 0x85, 0x02, 0xd9, 0xb1, 0x0c, 0xff, 0x3a}, - }, - { /* 55P */ - addYX: fp.Elt{0x05, 0x35, 0xc5, 0xf4, 0x0b, 0x43, 0x26, 0x92, 0x83, 0x22, 0x1f, 0x26, 0x13, 0x9c, 0xe4, 0x68, 0xc6, 0x27, 0xd3, 0x8f, 0x78, 0x33, 0xef, 0x09, 0x7f, 0x9e, 0xd9, 0x2b, 0x73, 0x9f, 0xcf, 0x2c}, - subYX: fp.Elt{0x5e, 0x40, 0x20, 0x3a, 0xeb, 0xc7, 0xc5, 0x87, 0xc9, 0x56, 0xad, 0xed, 0xef, 0x11, 0xe3, 0x8e, 0xf9, 0xd5, 0x29, 0xad, 0x48, 0x2e, 0x25, 0x29, 0x1d, 0x25, 0xcd, 0xf4, 0x86, 0x7e, 0x0e, 0x11}, - dt2: fp.Elt{0xe4, 0xf5, 0x03, 0xd6, 0x9e, 0xd8, 0xc0, 0x57, 0x0c, 0x20, 0xb0, 0xf0, 0x28, 0x86, 0x88, 0x12, 0xb7, 0x3b, 0x2e, 0xa0, 0x09, 0x27, 0x17, 0x53, 0x37, 0x3a, 0x69, 0xb9, 0xe0, 0x57, 0xc5, 0x05}, - }, - { /* 57P */ - addYX: fp.Elt{0xb0, 0x0e, 0xc2, 0x89, 0xb0, 0xbb, 0x76, 0xf7, 0x5c, 0xd8, 0x0f, 0xfa, 0xf6, 0x5b, 0xf8, 0x61, 0xfb, 0x21, 0x44, 0x63, 0x4e, 0x3f, 0xb9, 0xb6, 0x05, 0x12, 0x86, 0x41, 0x08, 0xef, 0x9f, 0x28}, - subYX: fp.Elt{0x6f, 0x7e, 0xc9, 0x1f, 0x31, 0xce, 0xf9, 0xd8, 0xae, 0xfd, 0xf9, 0x11, 0x30, 0x26, 0x3f, 0x7a, 0xdd, 0x25, 0xed, 0x8b, 0xa0, 0x7e, 0x5b, 0xe1, 0x5a, 0x87, 0xe9, 0x8f, 0x17, 0x4c, 0x15, 0x6e}, - dt2: fp.Elt{0xbf, 0x9a, 0xd6, 0xfe, 0x36, 0x63, 0x61, 0xcf, 0x4f, 0xc9, 0x35, 0x83, 0xe7, 0xe4, 0x16, 0x9b, 0xe7, 0x7f, 0x3a, 0x75, 0x65, 0x97, 0x78, 0x13, 0x19, 0xa3, 0x5c, 0xa9, 0x42, 0xf6, 0xfb, 0x6a}, - }, - { /* 59P */ - addYX: fp.Elt{0xcc, 0xa8, 0x13, 0xf9, 0x70, 0x50, 0xe5, 0x5d, 0x61, 0xf5, 0x0c, 0x2b, 0x7b, 0x16, 0x1d, 0x7d, 0x89, 0xd4, 0xea, 0x90, 0xb6, 0x56, 0x29, 0xda, 0xd9, 0x1e, 0x80, 0xdb, 0xce, 0x93, 0xc0, 0x12}, - subYX: fp.Elt{0xc1, 0xd2, 0xf5, 0x62, 0x0c, 0xde, 0xa8, 0x7d, 0x9a, 0x7b, 0x0e, 0xb0, 0xa4, 0x3d, 0xfc, 0x98, 0xe0, 0x70, 0xad, 0x0d, 0xda, 0x6a, 0xeb, 0x7d, 0xc4, 0x38, 0x50, 0xb9, 0x51, 0xb8, 0xb4, 0x0d}, - dt2: fp.Elt{0x0f, 0x19, 0xb8, 0x08, 0x93, 0x7f, 0x14, 0xfc, 0x10, 0xe3, 0x1a, 0xa1, 0xa0, 0x9d, 0x96, 0x06, 0xfd, 0xd7, 0xc7, 0xda, 0x72, 0x55, 0xe7, 0xce, 0xe6, 0x5c, 0x63, 0xc6, 0x99, 0x87, 0xaa, 0x33}, - }, - { /* 61P */ - addYX: fp.Elt{0xb1, 0x6c, 0x15, 0xfc, 0x88, 0xf5, 0x48, 0x83, 0x27, 0x6d, 0x0a, 0x1a, 0x9b, 0xba, 0xa2, 0x6d, 0xb6, 0x5a, 0xca, 0x87, 0x5c, 0x2d, 0x26, 0xe2, 0xa6, 0x89, 0xd5, 0xc8, 0xc1, 0xd0, 0x2c, 0x21}, - subYX: fp.Elt{0xf2, 0x5c, 0x08, 0xbd, 0x1e, 0xf5, 0x0f, 0xaf, 0x1f, 0x3f, 0xd3, 0x67, 0x89, 0x1a, 0xf5, 0x78, 0x3c, 0x03, 0x60, 0x50, 0xe1, 0xbf, 0xc2, 0x6e, 0x86, 0x1a, 0xe2, 0xe8, 0x29, 0x6f, 0x3c, 0x23}, - dt2: fp.Elt{0x81, 0xc7, 0x18, 0x7f, 0x10, 0xd5, 0xf4, 0xd2, 0x28, 0x9d, 0x7e, 0x52, 0xf2, 0xcd, 0x2e, 0x12, 0x41, 0x33, 0x3d, 0x3d, 0x2a, 0x86, 0x0a, 0xa7, 0xe3, 0x4c, 0x91, 0x11, 0x89, 0x77, 0xb7, 0x1d}, - }, - { /* 63P */ - addYX: fp.Elt{0xb6, 0x1a, 0x70, 0xdd, 0x69, 0x47, 0x39, 0xb3, 0xa5, 0x8d, 0xcf, 0x19, 0xd4, 0xde, 0xb8, 0xe2, 0x52, 0xc8, 0x2a, 0xfd, 0x61, 0x41, 0xdf, 0x15, 0xbe, 0x24, 0x7d, 0x01, 0x8a, 0xca, 0xe2, 0x7a}, - subYX: fp.Elt{0x6f, 0xc2, 0x6b, 0x7c, 0x39, 0x52, 0xf3, 0xdd, 0x13, 0x01, 0xd5, 0x53, 0xcc, 0xe2, 0x97, 0x7a, 0x30, 0xa3, 0x79, 0xbf, 0x3a, 0xf4, 0x74, 0x7c, 0xfc, 0xad, 0xe2, 0x26, 0xad, 0x97, 0xad, 0x31}, - dt2: fp.Elt{0x62, 0xb9, 0x20, 0x09, 0xed, 0x17, 0xe8, 0xb7, 0x9d, 0xda, 0x19, 0x3f, 0xcc, 0x18, 0x85, 0x1e, 0x64, 0x0a, 0x56, 0x25, 0x4f, 0xc1, 0x91, 0xe4, 0x83, 0x2c, 0x62, 0xa6, 0x53, 0xfc, 0xd1, 0x1e}, - }, -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go deleted file mode 100644 index c368b181b4..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go +++ /dev/null @@ -1,411 +0,0 @@ -// Package ed448 implements Ed448 signature scheme as described in RFC-8032. -// -// This package implements two signature variants. -// -// | Scheme Name | Sign Function | Verification | Context | -// |-------------|-------------------|---------------|-------------------| -// | Ed448 | Sign | Verify | Yes, can be empty | -// | Ed448Ph | SignPh | VerifyPh | Yes, can be empty | -// | All above | (PrivateKey).Sign | VerifyAny | As above | -// -// Specific functions for sign and verify are defined. A generic signing -// function for all schemes is available through the crypto.Signer interface, -// which is implemented by the PrivateKey type. A correspond all-in-one -// verification method is provided by the VerifyAny function. -// -// Both schemes require a context string for domain separation. This parameter -// is passed using a SignerOptions struct defined in this package. -// -// References: -// -// - RFC8032: https://rfc-editor.org/rfc/rfc8032.txt -// - EdDSA for more curves: https://eprint.iacr.org/2015/677 -// - High-speed high-security signatures: https://doi.org/10.1007/s13389-012-0027-1 -package ed448 - -import ( - "bytes" - "crypto" - cryptoRand "crypto/rand" - "crypto/subtle" - "errors" - "fmt" - "io" - "strconv" - - "github.com/cloudflare/circl/ecc/goldilocks" - "github.com/cloudflare/circl/internal/sha3" - "github.com/cloudflare/circl/sign" -) - -const ( - // ContextMaxSize is the maximum length (in bytes) allowed for context. - ContextMaxSize = 255 - // PublicKeySize is the length in bytes of Ed448 public keys. - PublicKeySize = 57 - // PrivateKeySize is the length in bytes of Ed448 private keys. - PrivateKeySize = 114 - // SignatureSize is the length in bytes of signatures. - SignatureSize = 114 - // SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. - SeedSize = 57 -) - -const ( - paramB = 456 / 8 // Size of keys in bytes. - hashSize = 2 * paramB // Size of the hash function's output. -) - -// SignerOptions implements crypto.SignerOpts and augments with parameters -// that are specific to the Ed448 signature schemes. -type SignerOptions struct { - // Hash must be crypto.Hash(0) for both Ed448 and Ed448Ph. - crypto.Hash - - // Context is an optional domain separation string for signing. - // Its length must be less or equal than 255 bytes. - Context string - - // Scheme is an identifier for choosing a signature scheme. - Scheme SchemeID -} - -// SchemeID is an identifier for each signature scheme. -type SchemeID uint - -const ( - ED448 SchemeID = iota - ED448Ph -) - -// PublicKey is the type of Ed448 public keys. -type PublicKey []byte - -// Equal reports whether pub and x have the same value. -func (pub PublicKey) Equal(x crypto.PublicKey) bool { - xx, ok := x.(PublicKey) - return ok && bytes.Equal(pub, xx) -} - -// PrivateKey is the type of Ed448 private keys. It implements crypto.Signer. -type PrivateKey []byte - -// Equal reports whether priv and x have the same value. -func (priv PrivateKey) Equal(x crypto.PrivateKey) bool { - xx, ok := x.(PrivateKey) - return ok && subtle.ConstantTimeCompare(priv, xx) == 1 -} - -// Public returns the PublicKey corresponding to priv. -func (priv PrivateKey) Public() crypto.PublicKey { - publicKey := make([]byte, PublicKeySize) - copy(publicKey, priv[SeedSize:]) - return PublicKey(publicKey) -} - -// Seed returns the private key seed corresponding to priv. It is provided for -// interoperability with RFC 8032. RFC 8032's private keys correspond to seeds -// in this package. -func (priv PrivateKey) Seed() []byte { - seed := make([]byte, SeedSize) - copy(seed, priv[:SeedSize]) - return seed -} - -func (priv PrivateKey) Scheme() sign.Scheme { return sch } - -func (pub PublicKey) Scheme() sign.Scheme { return sch } - -func (priv PrivateKey) MarshalBinary() (data []byte, err error) { - privateKey := make(PrivateKey, PrivateKeySize) - copy(privateKey, priv) - return privateKey, nil -} - -func (pub PublicKey) MarshalBinary() (data []byte, err error) { - publicKey := make(PublicKey, PublicKeySize) - copy(publicKey, pub) - return publicKey, nil -} - -// Sign creates a signature of a message given a key pair. -// This function supports all the two signature variants defined in RFC-8032, -// namely Ed448 (or pure EdDSA) and Ed448Ph. -// The opts.HashFunc() must return zero to the specify Ed448 variant. This can -// be achieved by passing crypto.Hash(0) as the value for opts. -// Use an Options struct to pass a bool indicating that the ed448Ph variant -// should be used. -// The struct can also be optionally used to pass a context string for signing. -func (priv PrivateKey) Sign( - rand io.Reader, - message []byte, - opts crypto.SignerOpts, -) (signature []byte, err error) { - var ctx string - var scheme SchemeID - - if o, ok := opts.(SignerOptions); ok { - ctx = o.Context - scheme = o.Scheme - } - - switch true { - case scheme == ED448 && opts.HashFunc() == crypto.Hash(0): - return Sign(priv, message, ctx), nil - case scheme == ED448Ph && opts.HashFunc() == crypto.Hash(0): - return SignPh(priv, message, ctx), nil - default: - return nil, errors.New("ed448: bad hash algorithm") - } -} - -// GenerateKey generates a public/private key pair using entropy from rand. -// If rand is nil, crypto/rand.Reader will be used. -func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { - if rand == nil { - rand = cryptoRand.Reader - } - - seed := make(PrivateKey, SeedSize) - if _, err := io.ReadFull(rand, seed); err != nil { - return nil, nil, err - } - - privateKey := NewKeyFromSeed(seed) - publicKey := make([]byte, PublicKeySize) - copy(publicKey, privateKey[SeedSize:]) - - return publicKey, privateKey, nil -} - -// NewKeyFromSeed calculates a private key from a seed. It will panic if -// len(seed) is not SeedSize. This function is provided for interoperability -// with RFC 8032. RFC 8032's private keys correspond to seeds in this -// package. -func NewKeyFromSeed(seed []byte) PrivateKey { - privateKey := make([]byte, PrivateKeySize) - newKeyFromSeed(privateKey, seed) - return privateKey -} - -func newKeyFromSeed(privateKey, seed []byte) { - if l := len(seed); l != SeedSize { - panic("ed448: bad seed length: " + strconv.Itoa(l)) - } - - var h [hashSize]byte - H := sha3.NewShake256() - _, _ = H.Write(seed) - _, _ = H.Read(h[:]) - s := &goldilocks.Scalar{} - deriveSecretScalar(s, h[:paramB]) - - copy(privateKey[:SeedSize], seed) - _ = goldilocks.Curve{}.ScalarBaseMult(s).ToBytes(privateKey[SeedSize:]) -} - -func signAll(signature []byte, privateKey PrivateKey, message, ctx []byte, preHash bool) { - if len(ctx) > ContextMaxSize { - panic(fmt.Errorf("ed448: bad context length: %v", len(ctx))) - } - - H := sha3.NewShake256() - var PHM []byte - - if preHash { - var h [64]byte - _, _ = H.Write(message) - _, _ = H.Read(h[:]) - PHM = h[:] - H.Reset() - } else { - PHM = message - } - - // 1. Hash the 57-byte private key using SHAKE256(x, 114). - var h [hashSize]byte - _, _ = H.Write(privateKey[:SeedSize]) - _, _ = H.Read(h[:]) - s := &goldilocks.Scalar{} - deriveSecretScalar(s, h[:paramB]) - prefix := h[paramB:] - - // 2. Compute SHAKE256(dom4(F, C) || prefix || PH(M), 114). - var rPM [hashSize]byte - H.Reset() - - writeDom(&H, ctx, preHash) - - _, _ = H.Write(prefix) - _, _ = H.Write(PHM) - _, _ = H.Read(rPM[:]) - - // 3. Compute the point [r]B. - r := &goldilocks.Scalar{} - r.FromBytes(rPM[:]) - R := (&[paramB]byte{})[:] - if err := (goldilocks.Curve{}.ScalarBaseMult(r).ToBytes(R)); err != nil { - panic(err) - } - // 4. Compute SHAKE256(dom4(F, C) || R || A || PH(M), 114) - var hRAM [hashSize]byte - H.Reset() - - writeDom(&H, ctx, preHash) - - _, _ = H.Write(R) - _, _ = H.Write(privateKey[SeedSize:]) - _, _ = H.Write(PHM) - _, _ = H.Read(hRAM[:]) - - // 5. Compute S = (r + k * s) mod order. - k := &goldilocks.Scalar{} - k.FromBytes(hRAM[:]) - S := &goldilocks.Scalar{} - S.Mul(k, s) - S.Add(S, r) - - // 6. The signature is the concatenation of R and S. - copy(signature[:paramB], R[:]) - copy(signature[paramB:], S[:]) -} - -// Sign signs the message with privateKey and returns a signature. -// This function supports the signature variant defined in RFC-8032: Ed448, -// also known as the pure version of EdDSA. -// It will panic if len(privateKey) is not PrivateKeySize. -func Sign(priv PrivateKey, message []byte, ctx string) []byte { - signature := make([]byte, SignatureSize) - signAll(signature, priv, message, []byte(ctx), false) - return signature -} - -// SignPh creates a signature of a message given a keypair. -// This function supports the signature variant defined in RFC-8032: Ed448ph, -// meaning it internally hashes the message using SHAKE-256. -// Context could be passed to this function, which length should be no more than -// 255. It can be empty. -func SignPh(priv PrivateKey, message []byte, ctx string) []byte { - signature := make([]byte, SignatureSize) - signAll(signature, priv, message, []byte(ctx), true) - return signature -} - -func verify(public PublicKey, message, signature, ctx []byte, preHash bool) bool { - if len(public) != PublicKeySize || - len(signature) != SignatureSize || - len(ctx) > ContextMaxSize || - !isLessThanOrder(signature[paramB:]) { - return false - } - - P, err := goldilocks.FromBytes(public) - if err != nil { - return false - } - - H := sha3.NewShake256() - var PHM []byte - - if preHash { - var h [64]byte - _, _ = H.Write(message) - _, _ = H.Read(h[:]) - PHM = h[:] - H.Reset() - } else { - PHM = message - } - - var hRAM [hashSize]byte - R := signature[:paramB] - - writeDom(&H, ctx, preHash) - - _, _ = H.Write(R) - _, _ = H.Write(public) - _, _ = H.Write(PHM) - _, _ = H.Read(hRAM[:]) - - k := &goldilocks.Scalar{} - k.FromBytes(hRAM[:]) - S := &goldilocks.Scalar{} - S.FromBytes(signature[paramB:]) - - encR := (&[paramB]byte{})[:] - P.Neg() - _ = goldilocks.Curve{}.CombinedMult(S, k, P).ToBytes(encR) - return bytes.Equal(R, encR) -} - -// VerifyAny returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded. -// This function supports all the two signature variants defined in RFC-8032, -// namely Ed448 (or pure EdDSA) and Ed448Ph. -// The opts.HashFunc() must return zero, this can be achieved by passing -// crypto.Hash(0) as the value for opts. -// Use a SignerOptions struct to pass a context string for signing. -func VerifyAny(public PublicKey, message, signature []byte, opts crypto.SignerOpts) bool { - var ctx string - var scheme SchemeID - if o, ok := opts.(SignerOptions); ok { - ctx = o.Context - scheme = o.Scheme - } - - switch true { - case scheme == ED448 && opts.HashFunc() == crypto.Hash(0): - return Verify(public, message, signature, ctx) - case scheme == ED448Ph && opts.HashFunc() == crypto.Hash(0): - return VerifyPh(public, message, signature, ctx) - default: - return false - } -} - -// Verify returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded. -// This function supports the signature variant defined in RFC-8032: Ed448, -// also known as the pure version of EdDSA. -func Verify(public PublicKey, message, signature []byte, ctx string) bool { - return verify(public, message, signature, []byte(ctx), false) -} - -// VerifyPh returns true if the signature is valid. Failure cases are invalid -// signature, or when the public key cannot be decoded. -// This function supports the signature variant defined in RFC-8032: Ed448ph, -// meaning it internally hashes the message using SHAKE-256. -// Context could be passed to this function, which length should be no more than -// 255. It can be empty. -func VerifyPh(public PublicKey, message, signature []byte, ctx string) bool { - return verify(public, message, signature, []byte(ctx), true) -} - -func deriveSecretScalar(s *goldilocks.Scalar, h []byte) { - h[0] &= 0xFC // The two least significant bits of the first octet are cleared, - h[paramB-1] = 0x00 // all eight bits the last octet are cleared, and - h[paramB-2] |= 0x80 // the highest bit of the second to last octet is set. - s.FromBytes(h[:paramB]) -} - -// isLessThanOrder returns true if 0 <= x < order and if the last byte of x is zero. -func isLessThanOrder(x []byte) bool { - order := goldilocks.Curve{}.Order() - i := len(order) - 1 - for i > 0 && x[i] == order[i] { - i-- - } - return x[paramB-1] == 0 && x[i] < order[i] -} - -func writeDom(h io.Writer, ctx []byte, preHash bool) { - dom4 := "SigEd448" - _, _ = h.Write([]byte(dom4)) - - if preHash { - _, _ = h.Write([]byte{byte(0x01), byte(len(ctx))}) - } else { - _, _ = h.Write([]byte{byte(0x00), byte(len(ctx))}) - } - _, _ = h.Write(ctx) -} diff --git a/vendor/github.com/cloudflare/circl/sign/ed448/signapi.go b/vendor/github.com/cloudflare/circl/sign/ed448/signapi.go deleted file mode 100644 index 22da8bc0a5..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/ed448/signapi.go +++ /dev/null @@ -1,87 +0,0 @@ -package ed448 - -import ( - "crypto/rand" - "encoding/asn1" - - "github.com/cloudflare/circl/sign" -) - -var sch sign.Scheme = &scheme{} - -// Scheme returns a signature interface. -func Scheme() sign.Scheme { return sch } - -type scheme struct{} - -func (*scheme) Name() string { return "Ed448" } -func (*scheme) PublicKeySize() int { return PublicKeySize } -func (*scheme) PrivateKeySize() int { return PrivateKeySize } -func (*scheme) SignatureSize() int { return SignatureSize } -func (*scheme) SeedSize() int { return SeedSize } -func (*scheme) TLSIdentifier() uint { return 0x0808 } -func (*scheme) SupportsContext() bool { return true } -func (*scheme) Oid() asn1.ObjectIdentifier { - return asn1.ObjectIdentifier{1, 3, 101, 113} -} - -func (*scheme) GenerateKey() (sign.PublicKey, sign.PrivateKey, error) { - return GenerateKey(rand.Reader) -} - -func (*scheme) Sign( - sk sign.PrivateKey, - message []byte, - opts *sign.SignatureOpts, -) []byte { - priv, ok := sk.(PrivateKey) - if !ok { - panic(sign.ErrTypeMismatch) - } - ctx := "" - if opts != nil { - ctx = opts.Context - } - return Sign(priv, message, ctx) -} - -func (*scheme) Verify( - pk sign.PublicKey, - message, signature []byte, - opts *sign.SignatureOpts, -) bool { - pub, ok := pk.(PublicKey) - if !ok { - panic(sign.ErrTypeMismatch) - } - ctx := "" - if opts != nil { - ctx = opts.Context - } - return Verify(pub, message, signature, ctx) -} - -func (*scheme) DeriveKey(seed []byte) (sign.PublicKey, sign.PrivateKey) { - privateKey := NewKeyFromSeed(seed) - publicKey := make(PublicKey, PublicKeySize) - copy(publicKey, privateKey[SeedSize:]) - return publicKey, privateKey -} - -func (*scheme) UnmarshalBinaryPublicKey(buf []byte) (sign.PublicKey, error) { - if len(buf) < PublicKeySize { - return nil, sign.ErrPubKeySize - } - pub := make(PublicKey, PublicKeySize) - copy(pub, buf[:PublicKeySize]) - return pub, nil -} - -func (*scheme) UnmarshalBinaryPrivateKey(buf []byte) (sign.PrivateKey, error) { - if len(buf) < PrivateKeySize { - return nil, sign.ErrPrivKeySize - } - priv := make(PrivateKey, PrivateKeySize) - copy(priv, buf[:PrivateKeySize]) - return priv, nil -} diff --git a/vendor/github.com/cloudflare/circl/sign/sign.go b/vendor/github.com/cloudflare/circl/sign/sign.go deleted file mode 100644 index 557d6f0960..0000000000 --- a/vendor/github.com/cloudflare/circl/sign/sign.go +++ /dev/null @@ -1,113 +0,0 @@ -// Package sign provides unified interfaces for signature schemes. -// -// A register of schemes is available in the package -// -// github.com/cloudflare/circl/sign/schemes -package sign - -import ( - "crypto" - "encoding" - "errors" -) - -type SignatureOpts struct { - // If non-empty, includes the given context in the signature if supported - // and will cause an error during signing otherwise. - Context string -} - -// A public key is used to verify a signature set by the corresponding private -// key. -type PublicKey interface { - // Returns the signature scheme for this public key. - Scheme() Scheme - Equal(crypto.PublicKey) bool - encoding.BinaryMarshaler - crypto.PublicKey -} - -// A private key allows one to create signatures. -type PrivateKey interface { - // Returns the signature scheme for this private key. - Scheme() Scheme - Equal(crypto.PrivateKey) bool - // For compatibility with Go standard library - crypto.Signer - crypto.PrivateKey - encoding.BinaryMarshaler -} - -// A Scheme represents a specific instance of a signature scheme. -type Scheme interface { - // Name of the scheme. - Name() string - - // GenerateKey creates a new key-pair. - GenerateKey() (PublicKey, PrivateKey, error) - - // Creates a signature using the PrivateKey on the given message and - // returns the signature. opts are additional options which can be nil. - // - // Panics if key is nil or wrong type or opts context is not supported. - Sign(sk PrivateKey, message []byte, opts *SignatureOpts) []byte - - // Checks whether the given signature is a valid signature set by - // the private key corresponding to the given public key on the - // given message. opts are additional options which can be nil. - // - // Panics if key is nil or wrong type or opts context is not supported. - Verify(pk PublicKey, message []byte, signature []byte, opts *SignatureOpts) bool - - // Deterministically derives a keypair from a seed. If you're unsure, - // you're better off using GenerateKey(). - // - // Panics if seed is not of length SeedSize(). - DeriveKey(seed []byte) (PublicKey, PrivateKey) - - // Unmarshals a PublicKey from the provided buffer. - UnmarshalBinaryPublicKey([]byte) (PublicKey, error) - - // Unmarshals a PublicKey from the provided buffer. - UnmarshalBinaryPrivateKey([]byte) (PrivateKey, error) - - // Size of binary marshalled public keys. - PublicKeySize() int - - // Size of binary marshalled public keys. - PrivateKeySize() int - - // Size of signatures. - SignatureSize() int - - // Size of seeds. - SeedSize() int - - // Returns whether contexts are supported. - SupportsContext() bool -} - -var ( - // ErrTypeMismatch is the error used if types of, for instance, private - // and public keys don't match. - ErrTypeMismatch = errors.New("types mismatch") - - // ErrSeedSize is the error used if the provided seed is of the wrong - // size. - ErrSeedSize = errors.New("wrong seed size") - - // ErrPubKeySize is the error used if the provided public key is of - // the wrong size. - ErrPubKeySize = errors.New("wrong size for public key") - - // ErrPrivKeySize is the error used if the provided private key is of - // the wrong size. - ErrPrivKeySize = errors.New("wrong size for private key") - - // ErrContextNotSupported is the error used if a context is not - // supported. - ErrContextNotSupported = errors.New("context not supported") - - // ErrContextTooLong is the error used if the context string is too long. - ErrContextTooLong = errors.New("context string too long") -) diff --git a/vendor/github.com/fatih/color/LICENSE.md b/vendor/github.com/fatih/color/LICENSE.md deleted file mode 100644 index 25fdaf639d..0000000000 --- a/vendor/github.com/fatih/color/LICENSE.md +++ /dev/null @@ -1,20 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2013 Fatih Arslan - -Permission is hereby granted, free of charge, to any person obtaining a copy of -this software and associated documentation files (the "Software"), to deal in -the Software without restriction, including without limitation the rights to -use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software is furnished to do so, -subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS -FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER -IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/vendor/github.com/fatih/color/README.md b/vendor/github.com/fatih/color/README.md deleted file mode 100644 index d135bfe023..0000000000 --- a/vendor/github.com/fatih/color/README.md +++ /dev/null @@ -1,189 +0,0 @@ -# color [![](https://github.com/fatih/color/workflows/build/badge.svg)](https://github.com/fatih/color/actions) [![PkgGoDev](https://pkg.go.dev/badge/github.com/fatih/color)](https://pkg.go.dev/github.com/fatih/color) - -Color lets you use colorized outputs in terms of [ANSI Escape -Codes](http://en.wikipedia.org/wiki/ANSI_escape_code#Colors) in Go (Golang). It -has support for Windows too! The API can be used in several ways, pick one that -suits you. - -![Color](https://user-images.githubusercontent.com/438920/96832689-03b3e000-13f4-11eb-9803-46f4c4de3406.jpg) - -## Install - -``` -go get github.com/fatih/color -``` - -## Examples - -### Standard colors - -```go -// Print with default helper functions -color.Cyan("Prints text in cyan.") - -// A newline will be appended automatically -color.Blue("Prints %s in blue.", "text") - -// These are using the default foreground colors -color.Red("We have red") -color.Magenta("And many others ..") - -``` - -### RGB colors - -If your terminal supports 24-bit colors, you can use RGB color codes. - -```go -color.RGB(255, 128, 0).Println("foreground orange") -color.RGB(230, 42, 42).Println("foreground red") - -color.BgRGB(255, 128, 0).Println("background orange") -color.BgRGB(230, 42, 42).Println("background red") -``` - -### Mix and reuse colors - -```go -// Create a new color object -c := color.New(color.FgCyan).Add(color.Underline) -c.Println("Prints cyan text with an underline.") - -// Or just add them to New() -d := color.New(color.FgCyan, color.Bold) -d.Printf("This prints bold cyan %s\n", "too!.") - -// Mix up foreground and background colors, create new mixes! -red := color.New(color.FgRed) - -boldRed := red.Add(color.Bold) -boldRed.Println("This will print text in bold red.") - -whiteBackground := red.Add(color.BgWhite) -whiteBackground.Println("Red text with white background.") - -// Mix with RGB color codes -color.RGB(255, 128, 0).AddBgRGB(0, 0, 0).Println("orange with black background") - -color.BgRGB(255, 128, 0).AddRGB(255, 255, 255).Println("orange background with white foreground") -``` - -### Use your own output (io.Writer) - -```go -// Use your own io.Writer output -color.New(color.FgBlue).Fprintln(myWriter, "blue color!") - -blue := color.New(color.FgBlue) -blue.Fprint(writer, "This will print text in blue.") -``` - -### Custom print functions (PrintFunc) - -```go -// Create a custom print function for convenience -red := color.New(color.FgRed).PrintfFunc() -red("Warning") -red("Error: %s", err) - -// Mix up multiple attributes -notice := color.New(color.Bold, color.FgGreen).PrintlnFunc() -notice("Don't forget this...") -``` - -### Custom fprint functions (FprintFunc) - -```go -blue := color.New(color.FgBlue).FprintfFunc() -blue(myWriter, "important notice: %s", stars) - -// Mix up with multiple attributes -success := color.New(color.Bold, color.FgGreen).FprintlnFunc() -success(myWriter, "Don't forget this...") -``` - -### Insert into noncolor strings (SprintFunc) - -```go -// Create SprintXxx functions to mix strings with other non-colorized strings: -yellow := color.New(color.FgYellow).SprintFunc() -red := color.New(color.FgRed).SprintFunc() -fmt.Printf("This is a %s and this is %s.\n", yellow("warning"), red("error")) - -info := color.New(color.FgWhite, color.BgGreen).SprintFunc() -fmt.Printf("This %s rocks!\n", info("package")) - -// Use helper functions -fmt.Println("This", color.RedString("warning"), "should be not neglected.") -fmt.Printf("%v %v\n", color.GreenString("Info:"), "an important message.") - -// Windows supported too! Just don't forget to change the output to color.Output -fmt.Fprintf(color.Output, "Windows support: %s", color.GreenString("PASS")) -``` - -### Plug into existing code - -```go -// Use handy standard colors -color.Set(color.FgYellow) - -fmt.Println("Existing text will now be in yellow") -fmt.Printf("This one %s\n", "too") - -color.Unset() // Don't forget to unset - -// You can mix up parameters -color.Set(color.FgMagenta, color.Bold) -defer color.Unset() // Use it in your function - -fmt.Println("All text will now be bold magenta.") -``` - -### Disable/Enable color - -There might be a case where you want to explicitly disable/enable color output. the -`go-isatty` package will automatically disable color output for non-tty output streams -(for example if the output were piped directly to `less`). - -The `color` package also disables color output if the [`NO_COLOR`](https://no-color.org) environment -variable is set to a non-empty string. - -`Color` has support to disable/enable colors programmatically both globally and -for single color definitions. For example suppose you have a CLI app and a -`-no-color` bool flag. You can easily disable the color output with: - -```go -var flagNoColor = flag.Bool("no-color", false, "Disable color output") - -if *flagNoColor { - color.NoColor = true // disables colorized output -} -``` - -It also has support for single color definitions (local). You can -disable/enable color output on the fly: - -```go -c := color.New(color.FgCyan) -c.Println("Prints cyan text") - -c.DisableColor() -c.Println("This is printed without any color") - -c.EnableColor() -c.Println("This prints again cyan...") -``` - -## GitHub Actions - -To output color in GitHub Actions (or other CI systems that support ANSI colors), make sure to set `color.NoColor = false` so that it bypasses the check for non-tty output streams. - - -## Credits - -* [Fatih Arslan](https://github.com/fatih) -* Windows support via @mattn: [colorable](https://github.com/mattn/go-colorable) - -## License - -The MIT License (MIT) - see [`LICENSE.md`](https://github.com/fatih/color/blob/master/LICENSE.md) for more details diff --git a/vendor/github.com/fatih/color/color.go b/vendor/github.com/fatih/color/color.go deleted file mode 100644 index ee39b408e9..0000000000 --- a/vendor/github.com/fatih/color/color.go +++ /dev/null @@ -1,685 +0,0 @@ -package color - -import ( - "fmt" - "io" - "os" - "strconv" - "strings" - "sync" - - "github.com/mattn/go-colorable" - "github.com/mattn/go-isatty" -) - -var ( - // NoColor defines if the output is colorized or not. It's dynamically set to - // false or true based on the stdout's file descriptor referring to a terminal - // or not. It's also set to true if the NO_COLOR environment variable is - // set (regardless of its value). This is a global option and affects all - // colors. For more control over each color block use the methods - // DisableColor() individually. - NoColor = noColorIsSet() || os.Getenv("TERM") == "dumb" || - (!isatty.IsTerminal(os.Stdout.Fd()) && !isatty.IsCygwinTerminal(os.Stdout.Fd())) - - // Output defines the standard output of the print functions. By default, - // os.Stdout is used. - Output = colorable.NewColorableStdout() - - // Error defines a color supporting writer for os.Stderr. - Error = colorable.NewColorableStderr() - - // colorsCache is used to reduce the count of created Color objects and - // allows to reuse already created objects with required Attribute. - colorsCache = make(map[Attribute]*Color) - colorsCacheMu sync.Mutex // protects colorsCache -) - -// noColorIsSet returns true if the environment variable NO_COLOR is set to a non-empty string. -func noColorIsSet() bool { - return os.Getenv("NO_COLOR") != "" -} - -// Color defines a custom color object which is defined by SGR parameters. -type Color struct { - params []Attribute - noColor *bool -} - -// Attribute defines a single SGR Code -type Attribute int - -const escape = "\x1b" - -// Base attributes -const ( - Reset Attribute = iota - Bold - Faint - Italic - Underline - BlinkSlow - BlinkRapid - ReverseVideo - Concealed - CrossedOut -) - -const ( - ResetBold Attribute = iota + 22 - ResetItalic - ResetUnderline - ResetBlinking - _ - ResetReversed - ResetConcealed - ResetCrossedOut -) - -var mapResetAttributes map[Attribute]Attribute = map[Attribute]Attribute{ - Bold: ResetBold, - Faint: ResetBold, - Italic: ResetItalic, - Underline: ResetUnderline, - BlinkSlow: ResetBlinking, - BlinkRapid: ResetBlinking, - ReverseVideo: ResetReversed, - Concealed: ResetConcealed, - CrossedOut: ResetCrossedOut, -} - -// Foreground text colors -const ( - FgBlack Attribute = iota + 30 - FgRed - FgGreen - FgYellow - FgBlue - FgMagenta - FgCyan - FgWhite - - // used internally for 256 and 24-bit coloring - foreground -) - -// Foreground Hi-Intensity text colors -const ( - FgHiBlack Attribute = iota + 90 - FgHiRed - FgHiGreen - FgHiYellow - FgHiBlue - FgHiMagenta - FgHiCyan - FgHiWhite -) - -// Background text colors -const ( - BgBlack Attribute = iota + 40 - BgRed - BgGreen - BgYellow - BgBlue - BgMagenta - BgCyan - BgWhite - - // used internally for 256 and 24-bit coloring - background -) - -// Background Hi-Intensity text colors -const ( - BgHiBlack Attribute = iota + 100 - BgHiRed - BgHiGreen - BgHiYellow - BgHiBlue - BgHiMagenta - BgHiCyan - BgHiWhite -) - -// New returns a newly created color object. -func New(value ...Attribute) *Color { - c := &Color{ - params: make([]Attribute, 0), - } - - if noColorIsSet() { - c.noColor = boolPtr(true) - } - - c.Add(value...) - return c -} - -// RGB returns a new foreground color in 24-bit RGB. -func RGB(r, g, b int) *Color { - return New(foreground, 2, Attribute(r), Attribute(g), Attribute(b)) -} - -// BgRGB returns a new background color in 24-bit RGB. -func BgRGB(r, g, b int) *Color { - return New(background, 2, Attribute(r), Attribute(g), Attribute(b)) -} - -// AddRGB is used to chain foreground RGB SGR parameters. Use as many as parameters to combine -// and create custom color objects. Example: .Add(34, 0, 12).Add(255, 128, 0). -func (c *Color) AddRGB(r, g, b int) *Color { - c.params = append(c.params, foreground, 2, Attribute(r), Attribute(g), Attribute(b)) - return c -} - -// AddRGB is used to chain background RGB SGR parameters. Use as many as parameters to combine -// and create custom color objects. Example: .Add(34, 0, 12).Add(255, 128, 0). -func (c *Color) AddBgRGB(r, g, b int) *Color { - c.params = append(c.params, background, 2, Attribute(r), Attribute(g), Attribute(b)) - return c -} - -// Set sets the given parameters immediately. It will change the color of -// output with the given SGR parameters until color.Unset() is called. -func Set(p ...Attribute) *Color { - c := New(p...) - c.Set() - return c -} - -// Unset resets all escape attributes and clears the output. Usually should -// be called after Set(). -func Unset() { - if NoColor { - return - } - - fmt.Fprintf(Output, "%s[%dm", escape, Reset) -} - -// Set sets the SGR sequence. -func (c *Color) Set() *Color { - if c.isNoColorSet() { - return c - } - - fmt.Fprint(Output, c.format()) - return c -} - -func (c *Color) unset() { - if c.isNoColorSet() { - return - } - - Unset() -} - -// SetWriter is used to set the SGR sequence with the given io.Writer. This is -// a low-level function, and users should use the higher-level functions, such -// as color.Fprint, color.Print, etc. -func (c *Color) SetWriter(w io.Writer) *Color { - if c.isNoColorSet() { - return c - } - - fmt.Fprint(w, c.format()) - return c -} - -// UnsetWriter resets all escape attributes and clears the output with the give -// io.Writer. Usually should be called after SetWriter(). -func (c *Color) UnsetWriter(w io.Writer) { - if c.isNoColorSet() { - return - } - - if NoColor { - return - } - - fmt.Fprintf(w, "%s[%dm", escape, Reset) -} - -// Add is used to chain SGR parameters. Use as many as parameters to combine -// and create custom color objects. Example: Add(color.FgRed, color.Underline). -func (c *Color) Add(value ...Attribute) *Color { - c.params = append(c.params, value...) - return c -} - -// Fprint formats using the default formats for its operands and writes to w. -// Spaces are added between operands when neither is a string. -// It returns the number of bytes written and any write error encountered. -// On Windows, users should wrap w with colorable.NewColorable() if w is of -// type *os.File. -func (c *Color) Fprint(w io.Writer, a ...interface{}) (n int, err error) { - c.SetWriter(w) - defer c.UnsetWriter(w) - - return fmt.Fprint(w, a...) -} - -// Print formats using the default formats for its operands and writes to -// standard output. Spaces are added between operands when neither is a -// string. It returns the number of bytes written and any write error -// encountered. This is the standard fmt.Print() method wrapped with the given -// color. -func (c *Color) Print(a ...interface{}) (n int, err error) { - c.Set() - defer c.unset() - - return fmt.Fprint(Output, a...) -} - -// Fprintf formats according to a format specifier and writes to w. -// It returns the number of bytes written and any write error encountered. -// On Windows, users should wrap w with colorable.NewColorable() if w is of -// type *os.File. -func (c *Color) Fprintf(w io.Writer, format string, a ...interface{}) (n int, err error) { - c.SetWriter(w) - defer c.UnsetWriter(w) - - return fmt.Fprintf(w, format, a...) -} - -// Printf formats according to a format specifier and writes to standard output. -// It returns the number of bytes written and any write error encountered. -// This is the standard fmt.Printf() method wrapped with the given color. -func (c *Color) Printf(format string, a ...interface{}) (n int, err error) { - c.Set() - defer c.unset() - - return fmt.Fprintf(Output, format, a...) -} - -// Fprintln formats using the default formats for its operands and writes to w. -// Spaces are always added between operands and a newline is appended. -// On Windows, users should wrap w with colorable.NewColorable() if w is of -// type *os.File. -func (c *Color) Fprintln(w io.Writer, a ...interface{}) (n int, err error) { - return fmt.Fprintln(w, c.wrap(sprintln(a...))) -} - -// Println formats using the default formats for its operands and writes to -// standard output. Spaces are always added between operands and a newline is -// appended. It returns the number of bytes written and any write error -// encountered. This is the standard fmt.Print() method wrapped with the given -// color. -func (c *Color) Println(a ...interface{}) (n int, err error) { - return fmt.Fprintln(Output, c.wrap(sprintln(a...))) -} - -// Sprint is just like Print, but returns a string instead of printing it. -func (c *Color) Sprint(a ...interface{}) string { - return c.wrap(fmt.Sprint(a...)) -} - -// Sprintln is just like Println, but returns a string instead of printing it. -func (c *Color) Sprintln(a ...interface{}) string { - return c.wrap(sprintln(a...)) + "\n" -} - -// Sprintf is just like Printf, but returns a string instead of printing it. -func (c *Color) Sprintf(format string, a ...interface{}) string { - return c.wrap(fmt.Sprintf(format, a...)) -} - -// FprintFunc returns a new function that prints the passed arguments as -// colorized with color.Fprint(). -func (c *Color) FprintFunc() func(w io.Writer, a ...interface{}) { - return func(w io.Writer, a ...interface{}) { - c.Fprint(w, a...) - } -} - -// PrintFunc returns a new function that prints the passed arguments as -// colorized with color.Print(). -func (c *Color) PrintFunc() func(a ...interface{}) { - return func(a ...interface{}) { - c.Print(a...) - } -} - -// FprintfFunc returns a new function that prints the passed arguments as -// colorized with color.Fprintf(). -func (c *Color) FprintfFunc() func(w io.Writer, format string, a ...interface{}) { - return func(w io.Writer, format string, a ...interface{}) { - c.Fprintf(w, format, a...) - } -} - -// PrintfFunc returns a new function that prints the passed arguments as -// colorized with color.Printf(). -func (c *Color) PrintfFunc() func(format string, a ...interface{}) { - return func(format string, a ...interface{}) { - c.Printf(format, a...) - } -} - -// FprintlnFunc returns a new function that prints the passed arguments as -// colorized with color.Fprintln(). -func (c *Color) FprintlnFunc() func(w io.Writer, a ...interface{}) { - return func(w io.Writer, a ...interface{}) { - c.Fprintln(w, a...) - } -} - -// PrintlnFunc returns a new function that prints the passed arguments as -// colorized with color.Println(). -func (c *Color) PrintlnFunc() func(a ...interface{}) { - return func(a ...interface{}) { - c.Println(a...) - } -} - -// SprintFunc returns a new function that returns colorized strings for the -// given arguments with fmt.Sprint(). Useful to put into or mix into other -// string. Windows users should use this in conjunction with color.Output, example: -// -// put := New(FgYellow).SprintFunc() -// fmt.Fprintf(color.Output, "This is a %s", put("warning")) -func (c *Color) SprintFunc() func(a ...interface{}) string { - return func(a ...interface{}) string { - return c.wrap(fmt.Sprint(a...)) - } -} - -// SprintfFunc returns a new function that returns colorized strings for the -// given arguments with fmt.Sprintf(). Useful to put into or mix into other -// string. Windows users should use this in conjunction with color.Output. -func (c *Color) SprintfFunc() func(format string, a ...interface{}) string { - return func(format string, a ...interface{}) string { - return c.wrap(fmt.Sprintf(format, a...)) - } -} - -// SprintlnFunc returns a new function that returns colorized strings for the -// given arguments with fmt.Sprintln(). Useful to put into or mix into other -// string. Windows users should use this in conjunction with color.Output. -func (c *Color) SprintlnFunc() func(a ...interface{}) string { - return func(a ...interface{}) string { - return c.wrap(sprintln(a...)) + "\n" - } -} - -// sequence returns a formatted SGR sequence to be plugged into a "\x1b[...m" -// an example output might be: "1;36" -> bold cyan -func (c *Color) sequence() string { - format := make([]string, len(c.params)) - for i, v := range c.params { - format[i] = strconv.Itoa(int(v)) - } - - return strings.Join(format, ";") -} - -// wrap wraps the s string with the colors attributes. The string is ready to -// be printed. -func (c *Color) wrap(s string) string { - if c.isNoColorSet() { - return s - } - - return c.format() + s + c.unformat() -} - -func (c *Color) format() string { - return fmt.Sprintf("%s[%sm", escape, c.sequence()) -} - -func (c *Color) unformat() string { - //return fmt.Sprintf("%s[%dm", escape, Reset) - //for each element in sequence let's use the specific reset escape, or the generic one if not found - format := make([]string, len(c.params)) - for i, v := range c.params { - format[i] = strconv.Itoa(int(Reset)) - ra, ok := mapResetAttributes[v] - if ok { - format[i] = strconv.Itoa(int(ra)) - } - } - - return fmt.Sprintf("%s[%sm", escape, strings.Join(format, ";")) -} - -// DisableColor disables the color output. Useful to not change any existing -// code and still being able to output. Can be used for flags like -// "--no-color". To enable back use EnableColor() method. -func (c *Color) DisableColor() { - c.noColor = boolPtr(true) -} - -// EnableColor enables the color output. Use it in conjunction with -// DisableColor(). Otherwise, this method has no side effects. -func (c *Color) EnableColor() { - c.noColor = boolPtr(false) -} - -func (c *Color) isNoColorSet() bool { - // check first if we have user set action - if c.noColor != nil { - return *c.noColor - } - - // if not return the global option, which is disabled by default - return NoColor -} - -// Equals returns a boolean value indicating whether two colors are equal. -func (c *Color) Equals(c2 *Color) bool { - if c == nil && c2 == nil { - return true - } - if c == nil || c2 == nil { - return false - } - if len(c.params) != len(c2.params) { - return false - } - - for _, attr := range c.params { - if !c2.attrExists(attr) { - return false - } - } - - return true -} - -func (c *Color) attrExists(a Attribute) bool { - for _, attr := range c.params { - if attr == a { - return true - } - } - - return false -} - -func boolPtr(v bool) *bool { - return &v -} - -func getCachedColor(p Attribute) *Color { - colorsCacheMu.Lock() - defer colorsCacheMu.Unlock() - - c, ok := colorsCache[p] - if !ok { - c = New(p) - colorsCache[p] = c - } - - return c -} - -func colorPrint(format string, p Attribute, a ...interface{}) { - c := getCachedColor(p) - - if !strings.HasSuffix(format, "\n") { - format += "\n" - } - - if len(a) == 0 { - c.Print(format) - } else { - c.Printf(format, a...) - } -} - -func colorString(format string, p Attribute, a ...interface{}) string { - c := getCachedColor(p) - - if len(a) == 0 { - return c.SprintFunc()(format) - } - - return c.SprintfFunc()(format, a...) -} - -// Black is a convenient helper function to print with black foreground. A -// newline is appended to format by default. -func Black(format string, a ...interface{}) { colorPrint(format, FgBlack, a...) } - -// Red is a convenient helper function to print with red foreground. A -// newline is appended to format by default. -func Red(format string, a ...interface{}) { colorPrint(format, FgRed, a...) } - -// Green is a convenient helper function to print with green foreground. A -// newline is appended to format by default. -func Green(format string, a ...interface{}) { colorPrint(format, FgGreen, a...) } - -// Yellow is a convenient helper function to print with yellow foreground. -// A newline is appended to format by default. -func Yellow(format string, a ...interface{}) { colorPrint(format, FgYellow, a...) } - -// Blue is a convenient helper function to print with blue foreground. A -// newline is appended to format by default. -func Blue(format string, a ...interface{}) { colorPrint(format, FgBlue, a...) } - -// Magenta is a convenient helper function to print with magenta foreground. -// A newline is appended to format by default. -func Magenta(format string, a ...interface{}) { colorPrint(format, FgMagenta, a...) } - -// Cyan is a convenient helper function to print with cyan foreground. A -// newline is appended to format by default. -func Cyan(format string, a ...interface{}) { colorPrint(format, FgCyan, a...) } - -// White is a convenient helper function to print with white foreground. A -// newline is appended to format by default. -func White(format string, a ...interface{}) { colorPrint(format, FgWhite, a...) } - -// BlackString is a convenient helper function to return a string with black -// foreground. -func BlackString(format string, a ...interface{}) string { return colorString(format, FgBlack, a...) } - -// RedString is a convenient helper function to return a string with red -// foreground. -func RedString(format string, a ...interface{}) string { return colorString(format, FgRed, a...) } - -// GreenString is a convenient helper function to return a string with green -// foreground. -func GreenString(format string, a ...interface{}) string { return colorString(format, FgGreen, a...) } - -// YellowString is a convenient helper function to return a string with yellow -// foreground. -func YellowString(format string, a ...interface{}) string { return colorString(format, FgYellow, a...) } - -// BlueString is a convenient helper function to return a string with blue -// foreground. -func BlueString(format string, a ...interface{}) string { return colorString(format, FgBlue, a...) } - -// MagentaString is a convenient helper function to return a string with magenta -// foreground. -func MagentaString(format string, a ...interface{}) string { - return colorString(format, FgMagenta, a...) -} - -// CyanString is a convenient helper function to return a string with cyan -// foreground. -func CyanString(format string, a ...interface{}) string { return colorString(format, FgCyan, a...) } - -// WhiteString is a convenient helper function to return a string with white -// foreground. -func WhiteString(format string, a ...interface{}) string { return colorString(format, FgWhite, a...) } - -// HiBlack is a convenient helper function to print with hi-intensity black foreground. A -// newline is appended to format by default. -func HiBlack(format string, a ...interface{}) { colorPrint(format, FgHiBlack, a...) } - -// HiRed is a convenient helper function to print with hi-intensity red foreground. A -// newline is appended to format by default. -func HiRed(format string, a ...interface{}) { colorPrint(format, FgHiRed, a...) } - -// HiGreen is a convenient helper function to print with hi-intensity green foreground. A -// newline is appended to format by default. -func HiGreen(format string, a ...interface{}) { colorPrint(format, FgHiGreen, a...) } - -// HiYellow is a convenient helper function to print with hi-intensity yellow foreground. -// A newline is appended to format by default. -func HiYellow(format string, a ...interface{}) { colorPrint(format, FgHiYellow, a...) } - -// HiBlue is a convenient helper function to print with hi-intensity blue foreground. A -// newline is appended to format by default. -func HiBlue(format string, a ...interface{}) { colorPrint(format, FgHiBlue, a...) } - -// HiMagenta is a convenient helper function to print with hi-intensity magenta foreground. -// A newline is appended to format by default. -func HiMagenta(format string, a ...interface{}) { colorPrint(format, FgHiMagenta, a...) } - -// HiCyan is a convenient helper function to print with hi-intensity cyan foreground. A -// newline is appended to format by default. -func HiCyan(format string, a ...interface{}) { colorPrint(format, FgHiCyan, a...) } - -// HiWhite is a convenient helper function to print with hi-intensity white foreground. A -// newline is appended to format by default. -func HiWhite(format string, a ...interface{}) { colorPrint(format, FgHiWhite, a...) } - -// HiBlackString is a convenient helper function to return a string with hi-intensity black -// foreground. -func HiBlackString(format string, a ...interface{}) string { - return colorString(format, FgHiBlack, a...) -} - -// HiRedString is a convenient helper function to return a string with hi-intensity red -// foreground. -func HiRedString(format string, a ...interface{}) string { return colorString(format, FgHiRed, a...) } - -// HiGreenString is a convenient helper function to return a string with hi-intensity green -// foreground. -func HiGreenString(format string, a ...interface{}) string { - return colorString(format, FgHiGreen, a...) -} - -// HiYellowString is a convenient helper function to return a string with hi-intensity yellow -// foreground. -func HiYellowString(format string, a ...interface{}) string { - return colorString(format, FgHiYellow, a...) -} - -// HiBlueString is a convenient helper function to return a string with hi-intensity blue -// foreground. -func HiBlueString(format string, a ...interface{}) string { return colorString(format, FgHiBlue, a...) } - -// HiMagentaString is a convenient helper function to return a string with hi-intensity magenta -// foreground. -func HiMagentaString(format string, a ...interface{}) string { - return colorString(format, FgHiMagenta, a...) -} - -// HiCyanString is a convenient helper function to return a string with hi-intensity cyan -// foreground. -func HiCyanString(format string, a ...interface{}) string { return colorString(format, FgHiCyan, a...) } - -// HiWhiteString is a convenient helper function to return a string with hi-intensity white -// foreground. -func HiWhiteString(format string, a ...interface{}) string { - return colorString(format, FgHiWhite, a...) -} - -// sprintln is a helper function to format a string with fmt.Sprintln and trim the trailing newline. -func sprintln(a ...interface{}) string { - return strings.TrimSuffix(fmt.Sprintln(a...), "\n") -} diff --git a/vendor/github.com/fatih/color/color_windows.go b/vendor/github.com/fatih/color/color_windows.go deleted file mode 100644 index be01c558e5..0000000000 --- a/vendor/github.com/fatih/color/color_windows.go +++ /dev/null @@ -1,19 +0,0 @@ -package color - -import ( - "os" - - "golang.org/x/sys/windows" -) - -func init() { - // Opt-in for ansi color support for current process. - // https://learn.microsoft.com/en-us/windows/console/console-virtual-terminal-sequences#output-sequences - var outMode uint32 - out := windows.Handle(os.Stdout.Fd()) - if err := windows.GetConsoleMode(out, &outMode); err != nil { - return - } - outMode |= windows.ENABLE_PROCESSED_OUTPUT | windows.ENABLE_VIRTUAL_TERMINAL_PROCESSING - _ = windows.SetConsoleMode(out, outMode) -} diff --git a/vendor/github.com/fatih/color/doc.go b/vendor/github.com/fatih/color/doc.go deleted file mode 100644 index 9491ad5413..0000000000 --- a/vendor/github.com/fatih/color/doc.go +++ /dev/null @@ -1,134 +0,0 @@ -/* -Package color is an ANSI color package to output colorized or SGR defined -output to the standard output. The API can be used in several way, pick one -that suits you. - -Use simple and default helper functions with predefined foreground colors: - - color.Cyan("Prints text in cyan.") - - // a newline will be appended automatically - color.Blue("Prints %s in blue.", "text") - - // More default foreground colors.. - color.Red("We have red") - color.Yellow("Yellow color too!") - color.Magenta("And many others ..") - - // Hi-intensity colors - color.HiGreen("Bright green color.") - color.HiBlack("Bright black means gray..") - color.HiWhite("Shiny white color!") - -However, there are times when custom color mixes are required. Below are some -examples to create custom color objects and use the print functions of each -separate color object. - - // Create a new color object - c := color.New(color.FgCyan).Add(color.Underline) - c.Println("Prints cyan text with an underline.") - - // Or just add them to New() - d := color.New(color.FgCyan, color.Bold) - d.Printf("This prints bold cyan %s\n", "too!.") - - - // Mix up foreground and background colors, create new mixes! - red := color.New(color.FgRed) - - boldRed := red.Add(color.Bold) - boldRed.Println("This will print text in bold red.") - - whiteBackground := red.Add(color.BgWhite) - whiteBackground.Println("Red text with White background.") - - // Use your own io.Writer output - color.New(color.FgBlue).Fprintln(myWriter, "blue color!") - - blue := color.New(color.FgBlue) - blue.Fprint(myWriter, "This will print text in blue.") - -You can create PrintXxx functions to simplify even more: - - // Create a custom print function for convenient - red := color.New(color.FgRed).PrintfFunc() - red("warning") - red("error: %s", err) - - // Mix up multiple attributes - notice := color.New(color.Bold, color.FgGreen).PrintlnFunc() - notice("don't forget this...") - -You can also FprintXxx functions to pass your own io.Writer: - - blue := color.New(FgBlue).FprintfFunc() - blue(myWriter, "important notice: %s", stars) - - // Mix up with multiple attributes - success := color.New(color.Bold, color.FgGreen).FprintlnFunc() - success(myWriter, don't forget this...") - -Or create SprintXxx functions to mix strings with other non-colorized strings: - - yellow := New(FgYellow).SprintFunc() - red := New(FgRed).SprintFunc() - - fmt.Printf("this is a %s and this is %s.\n", yellow("warning"), red("error")) - - info := New(FgWhite, BgGreen).SprintFunc() - fmt.Printf("this %s rocks!\n", info("package")) - -Windows support is enabled by default. All Print functions work as intended. -However, only for color.SprintXXX functions, user should use fmt.FprintXXX and -set the output to color.Output: - - fmt.Fprintf(color.Output, "Windows support: %s", color.GreenString("PASS")) - - info := New(FgWhite, BgGreen).SprintFunc() - fmt.Fprintf(color.Output, "this %s rocks!\n", info("package")) - -Using with existing code is possible. Just use the Set() method to set the -standard output to the given parameters. That way a rewrite of an existing -code is not required. - - // Use handy standard colors. - color.Set(color.FgYellow) - - fmt.Println("Existing text will be now in Yellow") - fmt.Printf("This one %s\n", "too") - - color.Unset() // don't forget to unset - - // You can mix up parameters - color.Set(color.FgMagenta, color.Bold) - defer color.Unset() // use it in your function - - fmt.Println("All text will be now bold magenta.") - -There might be a case where you want to disable color output (for example to -pipe the standard output of your app to somewhere else). `Color` has support to -disable colors both globally and for single color definition. For example -suppose you have a CLI app and a `--no-color` bool flag. You can easily disable -the color output with: - - var flagNoColor = flag.Bool("no-color", false, "Disable color output") - - if *flagNoColor { - color.NoColor = true // disables colorized output - } - -You can also disable the color by setting the NO_COLOR environment variable to any value. - -It also has support for single color definitions (local). You can -disable/enable color output on the fly: - - c := color.New(color.FgCyan) - c.Println("Prints cyan text") - - c.DisableColor() - c.Println("This is printed without any color") - - c.EnableColor() - c.Println("This prints again cyan...") -*/ -package color diff --git a/vendor/github.com/go-jose/go-jose/v3/.gitignore b/vendor/github.com/go-jose/go-jose/v3/.gitignore deleted file mode 100644 index eb29ebaefd..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -jose-util/jose-util -jose-util.t.err \ No newline at end of file diff --git a/vendor/github.com/go-jose/go-jose/v3/.golangci.yml b/vendor/github.com/go-jose/go-jose/v3/.golangci.yml deleted file mode 100644 index 2a577a8f95..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/.golangci.yml +++ /dev/null @@ -1,53 +0,0 @@ -# https://github.com/golangci/golangci-lint - -run: - skip-files: - - doc_test.go - modules-download-mode: readonly - -linters: - enable-all: true - disable: - - gochecknoglobals - - goconst - - lll - - maligned - - nakedret - - scopelint - - unparam - - funlen # added in 1.18 (requires go-jose changes before it can be enabled) - -linters-settings: - gocyclo: - min-complexity: 35 - -issues: - exclude-rules: - - text: "don't use ALL_CAPS in Go names" - linters: - - golint - - text: "hardcoded credentials" - linters: - - gosec - - text: "weak cryptographic primitive" - linters: - - gosec - - path: json/ - linters: - - dupl - - errcheck - - gocritic - - gocyclo - - golint - - govet - - ineffassign - - staticcheck - - structcheck - - stylecheck - - unused - - path: _test\.go - linters: - - scopelint - - path: jwk.go - linters: - - gocyclo diff --git a/vendor/github.com/go-jose/go-jose/v3/.travis.yml b/vendor/github.com/go-jose/go-jose/v3/.travis.yml deleted file mode 100644 index 48de631b00..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ -language: go - -matrix: - fast_finish: true - allow_failures: - - go: tip - -go: - - "1.13.x" - - "1.14.x" - - tip - -before_script: - - export PATH=$HOME/.local/bin:$PATH - -before_install: - - go get -u github.com/mattn/goveralls github.com/wadey/gocovmerge - - curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.18.0 - - pip install cram --user - -script: - - go test -v -covermode=count -coverprofile=profile.cov . - - go test -v -covermode=count -coverprofile=cryptosigner/profile.cov ./cryptosigner - - go test -v -covermode=count -coverprofile=cipher/profile.cov ./cipher - - go test -v -covermode=count -coverprofile=jwt/profile.cov ./jwt - - go test -v ./json # no coverage for forked encoding/json package - - golangci-lint run - - cd jose-util && go build && PATH=$PWD:$PATH cram -v jose-util.t # cram tests jose-util - - cd .. - -after_success: - - gocovmerge *.cov */*.cov > merged.coverprofile - - goveralls -coverprofile merged.coverprofile -service=travis-ci diff --git a/vendor/github.com/go-jose/go-jose/v3/CHANGELOG.md b/vendor/github.com/go-jose/go-jose/v3/CHANGELOG.md deleted file mode 100644 index ce2a54ebf2..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/CHANGELOG.md +++ /dev/null @@ -1,78 +0,0 @@ -# v4.0.1 - -## Fixed - - - An attacker could send a JWE containing compressed data that used large - amounts of memory and CPU when decompressed by `Decrypt` or `DecryptMulti`. - Those functions now return an error if the decompressed data would exceed - 250kB or 10x the compressed size (whichever is larger). Thanks to - Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj) - for reporting. - -# v4.0.0 - -This release makes some breaking changes in order to more thoroughly -address the vulnerabilities discussed in [Three New Attacks Against JSON Web -Tokens][1], "Sign/encrypt confusion", "Billion hash attack", and "Polyglot -token". - -## Changed - - - Limit JWT encryption types (exclude password or public key types) (#78) - - Enforce minimum length for HMAC keys (#85) - - jwt: match any audience in a list, rather than requiring all audiences (#81) - - jwt: accept only Compact Serialization (#75) - - jws: Add expected algorithms for signatures (#74) - - Require specifying expected algorithms for ParseEncrypted, - ParseSigned, ParseDetached, jwt.ParseEncrypted, jwt.ParseSigned, - jwt.ParseSignedAndEncrypted (#69, #74) - - Usually there is a small, known set of appropriate algorithms for a program - to use and it's a mistake to allow unexpected algorithms. For instance the - "billion hash attack" relies in part on programs accepting the PBES2 - encryption algorithm and doing the necessary work even if they weren't - specifically configured to allow PBES2. - - Revert "Strip padding off base64 strings" (#82) - - The specs require base64url encoding without padding. - - Minimum supported Go version is now 1.21 - -## Added - - - ParseSignedCompact, ParseSignedJSON, ParseEncryptedCompact, ParseEncryptedJSON. - - These allow parsing a specific serialization, as opposed to ParseSigned and - ParseEncrypted, which try to automatically detect which serialization was - provided. It's common to require a specific serialization for a specific - protocol - for instance JWT requires Compact serialization. - -[1]: https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf - -# v3.0.3 - -## Fixed - - - Limit decompression output size to prevent a DoS. Backport from v4.0.1. - -# v3.0.2 - -## Fixed - - - DecryptMulti: handle decompression error (#19) - -## Changed - - - jwe/CompactSerialize: improve performance (#67) - - Increase the default number of PBKDF2 iterations to 600k (#48) - - Return the proper algorithm for ECDSA keys (#45) - -## Added - - - Add Thumbprint support for opaque signers (#38) - -# v3.0.1 - -## Fixed - - - Security issue: an attacker specifying a large "p2c" value can cause - JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large - amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the - disclosure and to Tom Tervoort for originally publishing the category of attack. - https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf diff --git a/vendor/github.com/go-jose/go-jose/v3/CONTRIBUTING.md b/vendor/github.com/go-jose/go-jose/v3/CONTRIBUTING.md deleted file mode 100644 index b63e1f8fee..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/CONTRIBUTING.md +++ /dev/null @@ -1,15 +0,0 @@ -# Contributing - -If you would like to contribute code to go-jose you can do so through GitHub by -forking the repository and sending a pull request. - -When submitting code, please make every effort to follow existing conventions -and style in order to keep the code as readable as possible. Please also make -sure all tests pass by running `go test`, and format your code with `go fmt`. -We also recommend using `golint` and `errcheck`. - -Before your code can be accepted into the project you must also sign the -Individual Contributor License Agreement. We use [cla-assistant.io][1] and you -will be prompted to sign once a pull request is opened. - -[1]: https://cla-assistant.io/ diff --git a/vendor/github.com/go-jose/go-jose/v3/LICENSE b/vendor/github.com/go-jose/go-jose/v3/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/go-jose/go-jose/v3/README.md b/vendor/github.com/go-jose/go-jose/v3/README.md deleted file mode 100644 index 282cd9e135..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/README.md +++ /dev/null @@ -1,108 +0,0 @@ -# Go JOSE - -### Versions - -[Version 4](https://github.com/go-jose/go-jose) -([branch](https://github.com/go-jose/go-jose/), -[doc](https://pkg.go.dev/github.com/go-jose/go-jose/v4), [releases](https://github.com/go-jose/go-jose/releases)) is the current stable version: - - import "github.com/go-jose/go-jose/v4" - -The old [square/go-jose](https://github.com/square/go-jose) repo contains the prior v1 and v2 versions, which -are deprecated. - -### Summary - -Package jose aims to provide an implementation of the Javascript Object Signing -and Encryption set of standards. This includes support for JSON Web Encryption, -JSON Web Signature, and JSON Web Token standards. - -**Disclaimer**: This library contains encryption software that is subject to -the U.S. Export Administration Regulations. You may not export, re-export, -transfer or download this code or any part of it in violation of any United -States law, directive or regulation. In particular this software may not be -exported or re-exported in any form or on any media to Iran, North Sudan, -Syria, Cuba, or North Korea, or to denied persons or entities mentioned on any -US maintained blocked list. - -## Overview - -The implementation follows the -[JSON Web Encryption](https://dx.doi.org/10.17487/RFC7516) (RFC 7516), -[JSON Web Signature](https://dx.doi.org/10.17487/RFC7515) (RFC 7515), and -[JSON Web Token](https://dx.doi.org/10.17487/RFC7519) (RFC 7519) specifications. -Tables of supported algorithms are shown below. The library supports both -the compact and JWS/JWE JSON Serialization formats, and has optional support for -multiple recipients. It also comes with a small command-line utility -([`jose-util`](https://pkg.go.dev/github.com/go-jose/go-jose/jose-util)) -for dealing with JOSE messages in a shell. - -**Note**: We use a forked version of the `encoding/json` package from the Go -standard library which uses case-sensitive matching for member names (instead -of [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html)). -This is to avoid differences in interpretation of messages between go-jose and -libraries in other languages. - -### Supported algorithms - -See below for a table of supported algorithms. Algorithm identifiers match -the names in the [JSON Web Algorithms](https://dx.doi.org/10.17487/RFC7518) -standard where possible. The Godoc reference has a list of constants. - - Key encryption | Algorithm identifier(s) - :------------------------- | :------------------------------ - RSA-PKCS#1v1.5 | RSA1_5 - RSA-OAEP | RSA-OAEP, RSA-OAEP-256 - AES key wrap | A128KW, A192KW, A256KW - AES-GCM key wrap | A128GCMKW, A192GCMKW, A256GCMKW - ECDH-ES + AES key wrap | ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW - ECDH-ES (direct) | ECDH-ES1 - Direct encryption | dir1 - -1. Not supported in multi-recipient mode - - Signing / MAC | Algorithm identifier(s) - :------------------------- | :------------------------------ - RSASSA-PKCS#1v1.5 | RS256, RS384, RS512 - RSASSA-PSS | PS256, PS384, PS512 - HMAC | HS256, HS384, HS512 - ECDSA | ES256, ES384, ES512 - Ed25519 | EdDSA2 - -2. Only available in version 2 of the package - - Content encryption | Algorithm identifier(s) - :------------------------- | :------------------------------ - AES-CBC+HMAC | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 - AES-GCM | A128GCM, A192GCM, A256GCM - - Compression | Algorithm identifiers(s) - :------------------------- | ------------------------------- - DEFLATE (RFC 1951) | DEF - -### Supported key types - -See below for a table of supported key types. These are understood by the -library, and can be passed to corresponding functions such as `NewEncrypter` or -`NewSigner`. Each of these keys can also be wrapped in a JWK if desired, which -allows attaching a key id. - - Algorithm(s) | Corresponding types - :------------------------- | ------------------------------- - RSA | *[rsa.PublicKey](https://pkg.go.dev/crypto/rsa/#PublicKey), *[rsa.PrivateKey](https://pkg.go.dev/crypto/rsa/#PrivateKey) - ECDH, ECDSA | *[ecdsa.PublicKey](https://pkg.go.dev/crypto/ecdsa/#PublicKey), *[ecdsa.PrivateKey](https://pkg.go.dev/crypto/ecdsa/#PrivateKey) - EdDSA1 | [ed25519.PublicKey](https://pkg.go.dev/crypto/ed25519#PublicKey), [ed25519.PrivateKey](https://pkg.go.dev/crypto/ed25519#PrivateKey) - AES, HMAC | []byte - -1. Only available in version 2 or later of the package - -## Examples - -[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v3.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v3) -[![godoc](https://pkg.go.dev/badge/github.com/go-jose/go-jose/v3/jwt.svg)](https://pkg.go.dev/github.com/go-jose/go-jose/v3/jwt) - -Examples can be found in the Godoc -reference for this package. The -[`jose-util`](https://github.com/go-jose/go-jose/tree/v3/jose-util) -subdirectory also contains a small command-line utility which might be useful -as an example as well. diff --git a/vendor/github.com/go-jose/go-jose/v3/SECURITY.md b/vendor/github.com/go-jose/go-jose/v3/SECURITY.md deleted file mode 100644 index 2f18a75a82..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/SECURITY.md +++ /dev/null @@ -1,13 +0,0 @@ -# Security Policy -This document explains how to contact the Let's Encrypt security team to report security vulnerabilities. - -## Supported Versions -| Version | Supported | -| ------- | ----------| -| >= v3 | ✓ | -| v2 | ✗ | -| v1 | ✗ | - -## Reporting a vulnerability - -Please see [https://letsencrypt.org/contact/#security](https://letsencrypt.org/contact/#security) for the email address to report a vulnerability. Ensure that the subject line for your report contains the word `vulnerability` and is descriptive. Your email should be acknowledged within 24 hours. If you do not receive a response within 24 hours, please follow-up again with another email. diff --git a/vendor/github.com/go-jose/go-jose/v3/asymmetric.go b/vendor/github.com/go-jose/go-jose/v3/asymmetric.go deleted file mode 100644 index d4d4961b24..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/asymmetric.go +++ /dev/null @@ -1,595 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto" - "crypto/aes" - "crypto/ecdsa" - "crypto/ed25519" - "crypto/rand" - "crypto/rsa" - "crypto/sha1" - "crypto/sha256" - "errors" - "fmt" - "math/big" - - josecipher "github.com/go-jose/go-jose/v3/cipher" - "github.com/go-jose/go-jose/v3/json" -) - -// A generic RSA-based encrypter/verifier -type rsaEncrypterVerifier struct { - publicKey *rsa.PublicKey -} - -// A generic RSA-based decrypter/signer -type rsaDecrypterSigner struct { - privateKey *rsa.PrivateKey -} - -// A generic EC-based encrypter/verifier -type ecEncrypterVerifier struct { - publicKey *ecdsa.PublicKey -} - -type edEncrypterVerifier struct { - publicKey ed25519.PublicKey -} - -// A key generator for ECDH-ES -type ecKeyGenerator struct { - size int - algID string - publicKey *ecdsa.PublicKey -} - -// A generic EC-based decrypter/signer -type ecDecrypterSigner struct { - privateKey *ecdsa.PrivateKey -} - -type edDecrypterSigner struct { - privateKey ed25519.PrivateKey -} - -// newRSARecipient creates recipientKeyInfo based on the given key. -func newRSARecipient(keyAlg KeyAlgorithm, publicKey *rsa.PublicKey) (recipientKeyInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch keyAlg { - case RSA1_5, RSA_OAEP, RSA_OAEP_256: - default: - return recipientKeyInfo{}, ErrUnsupportedAlgorithm - } - - if publicKey == nil { - return recipientKeyInfo{}, errors.New("invalid public key") - } - - return recipientKeyInfo{ - keyAlg: keyAlg, - keyEncrypter: &rsaEncrypterVerifier{ - publicKey: publicKey, - }, - }, nil -} - -// newRSASigner creates a recipientSigInfo based on the given key. -func newRSASigner(sigAlg SignatureAlgorithm, privateKey *rsa.PrivateKey) (recipientSigInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch sigAlg { - case RS256, RS384, RS512, PS256, PS384, PS512: - default: - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - if privateKey == nil { - return recipientSigInfo{}, errors.New("invalid private key") - } - - return recipientSigInfo{ - sigAlg: sigAlg, - publicKey: staticPublicKey(&JSONWebKey{ - Key: privateKey.Public(), - }), - signer: &rsaDecrypterSigner{ - privateKey: privateKey, - }, - }, nil -} - -func newEd25519Signer(sigAlg SignatureAlgorithm, privateKey ed25519.PrivateKey) (recipientSigInfo, error) { - if sigAlg != EdDSA { - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - if privateKey == nil { - return recipientSigInfo{}, errors.New("invalid private key") - } - return recipientSigInfo{ - sigAlg: sigAlg, - publicKey: staticPublicKey(&JSONWebKey{ - Key: privateKey.Public(), - }), - signer: &edDecrypterSigner{ - privateKey: privateKey, - }, - }, nil -} - -// newECDHRecipient creates recipientKeyInfo based on the given key. -func newECDHRecipient(keyAlg KeyAlgorithm, publicKey *ecdsa.PublicKey) (recipientKeyInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch keyAlg { - case ECDH_ES, ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: - default: - return recipientKeyInfo{}, ErrUnsupportedAlgorithm - } - - if publicKey == nil || !publicKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { - return recipientKeyInfo{}, errors.New("invalid public key") - } - - return recipientKeyInfo{ - keyAlg: keyAlg, - keyEncrypter: &ecEncrypterVerifier{ - publicKey: publicKey, - }, - }, nil -} - -// newECDSASigner creates a recipientSigInfo based on the given key. -func newECDSASigner(sigAlg SignatureAlgorithm, privateKey *ecdsa.PrivateKey) (recipientSigInfo, error) { - // Verify that key management algorithm is supported by this encrypter - switch sigAlg { - case ES256, ES384, ES512: - default: - return recipientSigInfo{}, ErrUnsupportedAlgorithm - } - - if privateKey == nil { - return recipientSigInfo{}, errors.New("invalid private key") - } - - return recipientSigInfo{ - sigAlg: sigAlg, - publicKey: staticPublicKey(&JSONWebKey{ - Key: privateKey.Public(), - }), - signer: &ecDecrypterSigner{ - privateKey: privateKey, - }, - }, nil -} - -// Encrypt the given payload and update the object. -func (ctx rsaEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { - encryptedKey, err := ctx.encrypt(cek, alg) - if err != nil { - return recipientInfo{}, err - } - - return recipientInfo{ - encryptedKey: encryptedKey, - header: &rawHeader{}, - }, nil -} - -// Encrypt the given payload. Based on the key encryption algorithm, -// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). -func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) { - switch alg { - case RSA1_5: - return rsa.EncryptPKCS1v15(RandReader, ctx.publicKey, cek) - case RSA_OAEP: - return rsa.EncryptOAEP(sha1.New(), RandReader, ctx.publicKey, cek, []byte{}) - case RSA_OAEP_256: - return rsa.EncryptOAEP(sha256.New(), RandReader, ctx.publicKey, cek, []byte{}) - } - - return nil, ErrUnsupportedAlgorithm -} - -// Decrypt the given payload and return the content encryption key. -func (ctx rsaDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - return ctx.decrypt(recipient.encryptedKey, headers.getAlgorithm(), generator) -} - -// Decrypt the given payload. Based on the key encryption algorithm, -// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256). -func (ctx rsaDecrypterSigner) decrypt(jek []byte, alg KeyAlgorithm, generator keyGenerator) ([]byte, error) { - // Note: The random reader on decrypt operations is only used for blinding, - // so stubbing is meanlingless (hence the direct use of rand.Reader). - switch alg { - case RSA1_5: - defer func() { - // DecryptPKCS1v15SessionKey sometimes panics on an invalid payload - // because of an index out of bounds error, which we want to ignore. - // This has been fixed in Go 1.3.1 (released 2014/08/13), the recover() - // only exists for preventing crashes with unpatched versions. - // See: https://groups.google.com/forum/#!topic/golang-dev/7ihX6Y6kx9k - // See: https://code.google.com/p/go/source/detail?r=58ee390ff31602edb66af41ed10901ec95904d33 - _ = recover() - }() - - // Perform some input validation. - keyBytes := ctx.privateKey.PublicKey.N.BitLen() / 8 - if keyBytes != len(jek) { - // Input size is incorrect, the encrypted payload should always match - // the size of the public modulus (e.g. using a 2048 bit key will - // produce 256 bytes of output). Reject this since it's invalid input. - return nil, ErrCryptoFailure - } - - cek, _, err := generator.genKey() - if err != nil { - return nil, ErrCryptoFailure - } - - // When decrypting an RSA-PKCS1v1.5 payload, we must take precautions to - // prevent chosen-ciphertext attacks as described in RFC 3218, "Preventing - // the Million Message Attack on Cryptographic Message Syntax". We are - // therefore deliberately ignoring errors here. - _ = rsa.DecryptPKCS1v15SessionKey(rand.Reader, ctx.privateKey, jek, cek) - - return cek, nil - case RSA_OAEP: - // Use rand.Reader for RSA blinding - return rsa.DecryptOAEP(sha1.New(), rand.Reader, ctx.privateKey, jek, []byte{}) - case RSA_OAEP_256: - // Use rand.Reader for RSA blinding - return rsa.DecryptOAEP(sha256.New(), rand.Reader, ctx.privateKey, jek, []byte{}) - } - - return nil, ErrUnsupportedAlgorithm -} - -// Sign the given payload -func (ctx rsaDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - var hash crypto.Hash - - switch alg { - case RS256, PS256: - hash = crypto.SHA256 - case RS384, PS384: - hash = crypto.SHA384 - case RS512, PS512: - hash = crypto.SHA512 - default: - return Signature{}, ErrUnsupportedAlgorithm - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - var out []byte - var err error - - switch alg { - case RS256, RS384, RS512: - // TODO(https://github.com/go-jose/go-jose/issues/40): As of go1.20, the - // random parameter is legacy and ignored, and it can be nil. - // https://cs.opensource.google/go/go/+/refs/tags/go1.20:src/crypto/rsa/pkcs1v15.go;l=263;bpv=0;bpt=1 - out, err = rsa.SignPKCS1v15(RandReader, ctx.privateKey, hash, hashed) - case PS256, PS384, PS512: - out, err = rsa.SignPSS(RandReader, ctx.privateKey, hash, hashed, &rsa.PSSOptions{ - SaltLength: rsa.PSSSaltLengthEqualsHash, - }) - } - - if err != nil { - return Signature{}, err - } - - return Signature{ - Signature: out, - protected: &rawHeader{}, - }, nil -} - -// Verify the given payload -func (ctx rsaEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - var hash crypto.Hash - - switch alg { - case RS256, PS256: - hash = crypto.SHA256 - case RS384, PS384: - hash = crypto.SHA384 - case RS512, PS512: - hash = crypto.SHA512 - default: - return ErrUnsupportedAlgorithm - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - switch alg { - case RS256, RS384, RS512: - return rsa.VerifyPKCS1v15(ctx.publicKey, hash, hashed, signature) - case PS256, PS384, PS512: - return rsa.VerifyPSS(ctx.publicKey, hash, hashed, signature, nil) - } - - return ErrUnsupportedAlgorithm -} - -// Encrypt the given payload and update the object. -func (ctx ecEncrypterVerifier) encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) { - switch alg { - case ECDH_ES: - // ECDH-ES mode doesn't wrap a key, the shared secret is used directly as the key. - return recipientInfo{ - header: &rawHeader{}, - }, nil - case ECDH_ES_A128KW, ECDH_ES_A192KW, ECDH_ES_A256KW: - default: - return recipientInfo{}, ErrUnsupportedAlgorithm - } - - generator := ecKeyGenerator{ - algID: string(alg), - publicKey: ctx.publicKey, - } - - switch alg { - case ECDH_ES_A128KW: - generator.size = 16 - case ECDH_ES_A192KW: - generator.size = 24 - case ECDH_ES_A256KW: - generator.size = 32 - } - - kek, header, err := generator.genKey() - if err != nil { - return recipientInfo{}, err - } - - block, err := aes.NewCipher(kek) - if err != nil { - return recipientInfo{}, err - } - - jek, err := josecipher.KeyWrap(block, cek) - if err != nil { - return recipientInfo{}, err - } - - return recipientInfo{ - encryptedKey: jek, - header: &header, - }, nil -} - -// Get key size for EC key generator -func (ctx ecKeyGenerator) keySize() int { - return ctx.size -} - -// Get a content encryption key for ECDH-ES -func (ctx ecKeyGenerator) genKey() ([]byte, rawHeader, error) { - priv, err := ecdsa.GenerateKey(ctx.publicKey.Curve, RandReader) - if err != nil { - return nil, rawHeader{}, err - } - - out := josecipher.DeriveECDHES(ctx.algID, []byte{}, []byte{}, priv, ctx.publicKey, ctx.size) - - b, err := json.Marshal(&JSONWebKey{ - Key: &priv.PublicKey, - }) - if err != nil { - return nil, nil, err - } - - headers := rawHeader{ - headerEPK: makeRawMessage(b), - } - - return out, headers, nil -} - -// Decrypt the given payload and return the content encryption key. -func (ctx ecDecrypterSigner) decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) { - epk, err := headers.getEPK() - if err != nil { - return nil, errors.New("go-jose/go-jose: invalid epk header") - } - if epk == nil { - return nil, errors.New("go-jose/go-jose: missing epk header") - } - - publicKey, ok := epk.Key.(*ecdsa.PublicKey) - if publicKey == nil || !ok { - return nil, errors.New("go-jose/go-jose: invalid epk header") - } - - if !ctx.privateKey.Curve.IsOnCurve(publicKey.X, publicKey.Y) { - return nil, errors.New("go-jose/go-jose: invalid public key in epk header") - } - - apuData, err := headers.getAPU() - if err != nil { - return nil, errors.New("go-jose/go-jose: invalid apu header") - } - apvData, err := headers.getAPV() - if err != nil { - return nil, errors.New("go-jose/go-jose: invalid apv header") - } - - deriveKey := func(algID string, size int) []byte { - return josecipher.DeriveECDHES(algID, apuData.bytes(), apvData.bytes(), ctx.privateKey, publicKey, size) - } - - var keySize int - - algorithm := headers.getAlgorithm() - switch algorithm { - case ECDH_ES: - // ECDH-ES uses direct key agreement, no key unwrapping necessary. - return deriveKey(string(headers.getEncryption()), generator.keySize()), nil - case ECDH_ES_A128KW: - keySize = 16 - case ECDH_ES_A192KW: - keySize = 24 - case ECDH_ES_A256KW: - keySize = 32 - default: - return nil, ErrUnsupportedAlgorithm - } - - key := deriveKey(string(algorithm), keySize) - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - - return josecipher.KeyUnwrap(block, recipient.encryptedKey) -} - -func (ctx edDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - if alg != EdDSA { - return Signature{}, ErrUnsupportedAlgorithm - } - - sig, err := ctx.privateKey.Sign(RandReader, payload, crypto.Hash(0)) - if err != nil { - return Signature{}, err - } - - return Signature{ - Signature: sig, - protected: &rawHeader{}, - }, nil -} - -func (ctx edEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - if alg != EdDSA { - return ErrUnsupportedAlgorithm - } - ok := ed25519.Verify(ctx.publicKey, payload, signature) - if !ok { - return errors.New("go-jose/go-jose: ed25519 signature failed to verify") - } - return nil -} - -// Sign the given payload -func (ctx ecDecrypterSigner) signPayload(payload []byte, alg SignatureAlgorithm) (Signature, error) { - var expectedBitSize int - var hash crypto.Hash - - switch alg { - case ES256: - expectedBitSize = 256 - hash = crypto.SHA256 - case ES384: - expectedBitSize = 384 - hash = crypto.SHA384 - case ES512: - expectedBitSize = 521 - hash = crypto.SHA512 - } - - curveBits := ctx.privateKey.Curve.Params().BitSize - if expectedBitSize != curveBits { - return Signature{}, fmt.Errorf("go-jose/go-jose: expected %d bit key, got %d bits instead", expectedBitSize, curveBits) - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - r, s, err := ecdsa.Sign(RandReader, ctx.privateKey, hashed) - if err != nil { - return Signature{}, err - } - - keyBytes := curveBits / 8 - if curveBits%8 > 0 { - keyBytes++ - } - - // We serialize the outputs (r and s) into big-endian byte arrays and pad - // them with zeros on the left to make sure the sizes work out. Both arrays - // must be keyBytes long, and the output must be 2*keyBytes long. - rBytes := r.Bytes() - rBytesPadded := make([]byte, keyBytes) - copy(rBytesPadded[keyBytes-len(rBytes):], rBytes) - - sBytes := s.Bytes() - sBytesPadded := make([]byte, keyBytes) - copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) - - out := append(rBytesPadded, sBytesPadded...) - - return Signature{ - Signature: out, - protected: &rawHeader{}, - }, nil -} - -// Verify the given payload -func (ctx ecEncrypterVerifier) verifyPayload(payload []byte, signature []byte, alg SignatureAlgorithm) error { - var keySize int - var hash crypto.Hash - - switch alg { - case ES256: - keySize = 32 - hash = crypto.SHA256 - case ES384: - keySize = 48 - hash = crypto.SHA384 - case ES512: - keySize = 66 - hash = crypto.SHA512 - default: - return ErrUnsupportedAlgorithm - } - - if len(signature) != 2*keySize { - return fmt.Errorf("go-jose/go-jose: invalid signature size, have %d bytes, wanted %d", len(signature), 2*keySize) - } - - hasher := hash.New() - - // According to documentation, Write() on hash never fails - _, _ = hasher.Write(payload) - hashed := hasher.Sum(nil) - - r := big.NewInt(0).SetBytes(signature[:keySize]) - s := big.NewInt(0).SetBytes(signature[keySize:]) - - match := ecdsa.Verify(ctx.publicKey, hashed, r, s) - if !match { - return errors.New("go-jose/go-jose: ecdsa signature failed to verify") - } - - return nil -} diff --git a/vendor/github.com/go-jose/go-jose/v3/cipher/cbc_hmac.go b/vendor/github.com/go-jose/go-jose/v3/cipher/cbc_hmac.go deleted file mode 100644 index af029cec0b..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/cipher/cbc_hmac.go +++ /dev/null @@ -1,196 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "bytes" - "crypto/cipher" - "crypto/hmac" - "crypto/sha256" - "crypto/sha512" - "crypto/subtle" - "encoding/binary" - "errors" - "hash" -) - -const ( - nonceBytes = 16 -) - -// NewCBCHMAC instantiates a new AEAD based on CBC+HMAC. -func NewCBCHMAC(key []byte, newBlockCipher func([]byte) (cipher.Block, error)) (cipher.AEAD, error) { - keySize := len(key) / 2 - integrityKey := key[:keySize] - encryptionKey := key[keySize:] - - blockCipher, err := newBlockCipher(encryptionKey) - if err != nil { - return nil, err - } - - var hash func() hash.Hash - switch keySize { - case 16: - hash = sha256.New - case 24: - hash = sha512.New384 - case 32: - hash = sha512.New - } - - return &cbcAEAD{ - hash: hash, - blockCipher: blockCipher, - authtagBytes: keySize, - integrityKey: integrityKey, - }, nil -} - -// An AEAD based on CBC+HMAC -type cbcAEAD struct { - hash func() hash.Hash - authtagBytes int - integrityKey []byte - blockCipher cipher.Block -} - -func (ctx *cbcAEAD) NonceSize() int { - return nonceBytes -} - -func (ctx *cbcAEAD) Overhead() int { - // Maximum overhead is block size (for padding) plus auth tag length, where - // the length of the auth tag is equivalent to the key size. - return ctx.blockCipher.BlockSize() + ctx.authtagBytes -} - -// Seal encrypts and authenticates the plaintext. -func (ctx *cbcAEAD) Seal(dst, nonce, plaintext, data []byte) []byte { - // Output buffer -- must take care not to mangle plaintext input. - ciphertext := make([]byte, uint64(len(plaintext))+uint64(ctx.Overhead()))[:len(plaintext)] - copy(ciphertext, plaintext) - ciphertext = padBuffer(ciphertext, ctx.blockCipher.BlockSize()) - - cbc := cipher.NewCBCEncrypter(ctx.blockCipher, nonce) - - cbc.CryptBlocks(ciphertext, ciphertext) - authtag := ctx.computeAuthTag(data, nonce, ciphertext) - - ret, out := resize(dst, uint64(len(dst))+uint64(len(ciphertext))+uint64(len(authtag))) - copy(out, ciphertext) - copy(out[len(ciphertext):], authtag) - - return ret -} - -// Open decrypts and authenticates the ciphertext. -func (ctx *cbcAEAD) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { - if len(ciphertext) < ctx.authtagBytes { - return nil, errors.New("go-jose/go-jose: invalid ciphertext (too short)") - } - - offset := len(ciphertext) - ctx.authtagBytes - expectedTag := ctx.computeAuthTag(data, nonce, ciphertext[:offset]) - match := subtle.ConstantTimeCompare(expectedTag, ciphertext[offset:]) - if match != 1 { - return nil, errors.New("go-jose/go-jose: invalid ciphertext (auth tag mismatch)") - } - - cbc := cipher.NewCBCDecrypter(ctx.blockCipher, nonce) - - // Make copy of ciphertext buffer, don't want to modify in place - buffer := append([]byte{}, ciphertext[:offset]...) - - if len(buffer)%ctx.blockCipher.BlockSize() > 0 { - return nil, errors.New("go-jose/go-jose: invalid ciphertext (invalid length)") - } - - cbc.CryptBlocks(buffer, buffer) - - // Remove padding - plaintext, err := unpadBuffer(buffer, ctx.blockCipher.BlockSize()) - if err != nil { - return nil, err - } - - ret, out := resize(dst, uint64(len(dst))+uint64(len(plaintext))) - copy(out, plaintext) - - return ret, nil -} - -// Compute an authentication tag -func (ctx *cbcAEAD) computeAuthTag(aad, nonce, ciphertext []byte) []byte { - buffer := make([]byte, uint64(len(aad))+uint64(len(nonce))+uint64(len(ciphertext))+8) - n := 0 - n += copy(buffer, aad) - n += copy(buffer[n:], nonce) - n += copy(buffer[n:], ciphertext) - binary.BigEndian.PutUint64(buffer[n:], uint64(len(aad))*8) - - // According to documentation, Write() on hash.Hash never fails. - hmac := hmac.New(ctx.hash, ctx.integrityKey) - _, _ = hmac.Write(buffer) - - return hmac.Sum(nil)[:ctx.authtagBytes] -} - -// resize ensures that the given slice has a capacity of at least n bytes. -// If the capacity of the slice is less than n, a new slice is allocated -// and the existing data will be copied. -func resize(in []byte, n uint64) (head, tail []byte) { - if uint64(cap(in)) >= n { - head = in[:n] - } else { - head = make([]byte, n) - copy(head, in) - } - - tail = head[len(in):] - return -} - -// Apply padding -func padBuffer(buffer []byte, blockSize int) []byte { - missing := blockSize - (len(buffer) % blockSize) - ret, out := resize(buffer, uint64(len(buffer))+uint64(missing)) - padding := bytes.Repeat([]byte{byte(missing)}, missing) - copy(out, padding) - return ret -} - -// Remove padding -func unpadBuffer(buffer []byte, blockSize int) ([]byte, error) { - if len(buffer)%blockSize != 0 { - return nil, errors.New("go-jose/go-jose: invalid padding") - } - - last := buffer[len(buffer)-1] - count := int(last) - - if count == 0 || count > blockSize || count > len(buffer) { - return nil, errors.New("go-jose/go-jose: invalid padding") - } - - padding := bytes.Repeat([]byte{last}, count) - if !bytes.HasSuffix(buffer, padding) { - return nil, errors.New("go-jose/go-jose: invalid padding") - } - - return buffer[:len(buffer)-count], nil -} diff --git a/vendor/github.com/go-jose/go-jose/v3/cipher/concat_kdf.go b/vendor/github.com/go-jose/go-jose/v3/cipher/concat_kdf.go deleted file mode 100644 index f62c3bdba5..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/cipher/concat_kdf.go +++ /dev/null @@ -1,75 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "crypto" - "encoding/binary" - "hash" - "io" -) - -type concatKDF struct { - z, info []byte - i uint32 - cache []byte - hasher hash.Hash -} - -// NewConcatKDF builds a KDF reader based on the given inputs. -func NewConcatKDF(hash crypto.Hash, z, algID, ptyUInfo, ptyVInfo, supPubInfo, supPrivInfo []byte) io.Reader { - buffer := make([]byte, uint64(len(algID))+uint64(len(ptyUInfo))+uint64(len(ptyVInfo))+uint64(len(supPubInfo))+uint64(len(supPrivInfo))) - n := 0 - n += copy(buffer, algID) - n += copy(buffer[n:], ptyUInfo) - n += copy(buffer[n:], ptyVInfo) - n += copy(buffer[n:], supPubInfo) - copy(buffer[n:], supPrivInfo) - - hasher := hash.New() - - return &concatKDF{ - z: z, - info: buffer, - hasher: hasher, - cache: []byte{}, - i: 1, - } -} - -func (ctx *concatKDF) Read(out []byte) (int, error) { - copied := copy(out, ctx.cache) - ctx.cache = ctx.cache[copied:] - - for copied < len(out) { - ctx.hasher.Reset() - - // Write on a hash.Hash never fails - _ = binary.Write(ctx.hasher, binary.BigEndian, ctx.i) - _, _ = ctx.hasher.Write(ctx.z) - _, _ = ctx.hasher.Write(ctx.info) - - hash := ctx.hasher.Sum(nil) - chunkCopied := copy(out[copied:], hash) - copied += chunkCopied - ctx.cache = hash[chunkCopied:] - - ctx.i++ - } - - return copied, nil -} diff --git a/vendor/github.com/go-jose/go-jose/v3/cipher/ecdh_es.go b/vendor/github.com/go-jose/go-jose/v3/cipher/ecdh_es.go deleted file mode 100644 index 093c646740..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/cipher/ecdh_es.go +++ /dev/null @@ -1,86 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "bytes" - "crypto" - "crypto/ecdsa" - "crypto/elliptic" - "encoding/binary" -) - -// DeriveECDHES derives a shared encryption key using ECDH/ConcatKDF as described in JWE/JWA. -// It is an error to call this function with a private/public key that are not on the same -// curve. Callers must ensure that the keys are valid before calling this function. Output -// size may be at most 1<<16 bytes (64 KiB). -func DeriveECDHES(alg string, apuData, apvData []byte, priv *ecdsa.PrivateKey, pub *ecdsa.PublicKey, size int) []byte { - if size > 1<<16 { - panic("ECDH-ES output size too large, must be less than or equal to 1<<16") - } - - // algId, partyUInfo, partyVInfo inputs must be prefixed with the length - algID := lengthPrefixed([]byte(alg)) - ptyUInfo := lengthPrefixed(apuData) - ptyVInfo := lengthPrefixed(apvData) - - // suppPubInfo is the encoded length of the output size in bits - supPubInfo := make([]byte, 4) - binary.BigEndian.PutUint32(supPubInfo, uint32(size)*8) - - if !priv.PublicKey.Curve.IsOnCurve(pub.X, pub.Y) { - panic("public key not on same curve as private key") - } - - z, _ := priv.Curve.ScalarMult(pub.X, pub.Y, priv.D.Bytes()) - zBytes := z.Bytes() - - // Note that calling z.Bytes() on a big.Int may strip leading zero bytes from - // the returned byte array. This can lead to a problem where zBytes will be - // shorter than expected which breaks the key derivation. Therefore we must pad - // to the full length of the expected coordinate here before calling the KDF. - octSize := dSize(priv.Curve) - if len(zBytes) != octSize { - zBytes = append(bytes.Repeat([]byte{0}, octSize-len(zBytes)), zBytes...) - } - - reader := NewConcatKDF(crypto.SHA256, zBytes, algID, ptyUInfo, ptyVInfo, supPubInfo, []byte{}) - key := make([]byte, size) - - // Read on the KDF will never fail - _, _ = reader.Read(key) - - return key -} - -// dSize returns the size in octets for a coordinate on a elliptic curve. -func dSize(curve elliptic.Curve) int { - order := curve.Params().P - bitLen := order.BitLen() - size := bitLen / 8 - if bitLen%8 != 0 { - size++ - } - return size -} - -func lengthPrefixed(data []byte) []byte { - out := make([]byte, len(data)+4) - binary.BigEndian.PutUint32(out, uint32(len(data))) - copy(out[4:], data) - return out -} diff --git a/vendor/github.com/go-jose/go-jose/v3/cipher/key_wrap.go b/vendor/github.com/go-jose/go-jose/v3/cipher/key_wrap.go deleted file mode 100644 index b9effbca8a..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/cipher/key_wrap.go +++ /dev/null @@ -1,109 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package josecipher - -import ( - "crypto/cipher" - "crypto/subtle" - "encoding/binary" - "errors" -) - -var defaultIV = []byte{0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6} - -// KeyWrap implements NIST key wrapping; it wraps a content encryption key (cek) with the given block cipher. -func KeyWrap(block cipher.Block, cek []byte) ([]byte, error) { - if len(cek)%8 != 0 { - return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") - } - - n := len(cek) / 8 - r := make([][]byte, n) - - for i := range r { - r[i] = make([]byte, 8) - copy(r[i], cek[i*8:]) - } - - buffer := make([]byte, 16) - tBytes := make([]byte, 8) - copy(buffer, defaultIV) - - for t := 0; t < 6*n; t++ { - copy(buffer[8:], r[t%n]) - - block.Encrypt(buffer, buffer) - - binary.BigEndian.PutUint64(tBytes, uint64(t+1)) - - for i := 0; i < 8; i++ { - buffer[i] ^= tBytes[i] - } - copy(r[t%n], buffer[8:]) - } - - out := make([]byte, (n+1)*8) - copy(out, buffer[:8]) - for i := range r { - copy(out[(i+1)*8:], r[i]) - } - - return out, nil -} - -// KeyUnwrap implements NIST key unwrapping; it unwraps a content encryption key (cek) with the given block cipher. -func KeyUnwrap(block cipher.Block, ciphertext []byte) ([]byte, error) { - if len(ciphertext)%8 != 0 { - return nil, errors.New("go-jose/go-jose: key wrap input must be 8 byte blocks") - } - - n := (len(ciphertext) / 8) - 1 - r := make([][]byte, n) - - for i := range r { - r[i] = make([]byte, 8) - copy(r[i], ciphertext[(i+1)*8:]) - } - - buffer := make([]byte, 16) - tBytes := make([]byte, 8) - copy(buffer[:8], ciphertext[:8]) - - for t := 6*n - 1; t >= 0; t-- { - binary.BigEndian.PutUint64(tBytes, uint64(t+1)) - - for i := 0; i < 8; i++ { - buffer[i] ^= tBytes[i] - } - copy(buffer[8:], r[t%n]) - - block.Decrypt(buffer, buffer) - - copy(r[t%n], buffer[8:]) - } - - if subtle.ConstantTimeCompare(buffer[:8], defaultIV) == 0 { - return nil, errors.New("go-jose/go-jose: failed to unwrap key") - } - - out := make([]byte, n*8) - for i := range r { - copy(out[i*8:], r[i]) - } - - return out, nil -} diff --git a/vendor/github.com/go-jose/go-jose/v3/crypter.go b/vendor/github.com/go-jose/go-jose/v3/crypter.go deleted file mode 100644 index 8870e8905f..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/crypter.go +++ /dev/null @@ -1,593 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "crypto/ecdsa" - "crypto/rsa" - "errors" - "fmt" - - "github.com/go-jose/go-jose/v3/json" -) - -// Encrypter represents an encrypter which produces an encrypted JWE object. -type Encrypter interface { - Encrypt(plaintext []byte) (*JSONWebEncryption, error) - EncryptWithAuthData(plaintext []byte, aad []byte) (*JSONWebEncryption, error) - Options() EncrypterOptions -} - -// A generic content cipher -type contentCipher interface { - keySize() int - encrypt(cek []byte, aad, plaintext []byte) (*aeadParts, error) - decrypt(cek []byte, aad []byte, parts *aeadParts) ([]byte, error) -} - -// A key generator (for generating/getting a CEK) -type keyGenerator interface { - keySize() int - genKey() ([]byte, rawHeader, error) -} - -// A generic key encrypter -type keyEncrypter interface { - encryptKey(cek []byte, alg KeyAlgorithm) (recipientInfo, error) // Encrypt a key -} - -// A generic key decrypter -type keyDecrypter interface { - decryptKey(headers rawHeader, recipient *recipientInfo, generator keyGenerator) ([]byte, error) // Decrypt a key -} - -// A generic encrypter based on the given key encrypter and content cipher. -type genericEncrypter struct { - contentAlg ContentEncryption - compressionAlg CompressionAlgorithm - cipher contentCipher - recipients []recipientKeyInfo - keyGenerator keyGenerator - extraHeaders map[HeaderKey]interface{} -} - -type recipientKeyInfo struct { - keyID string - keyAlg KeyAlgorithm - keyEncrypter keyEncrypter -} - -// EncrypterOptions represents options that can be set on new encrypters. -type EncrypterOptions struct { - Compression CompressionAlgorithm - - // Optional map of name/value pairs to be inserted into the protected - // header of a JWS object. Some specifications which make use of - // JWS require additional values here. - // - // Values will be serialized by [json.Marshal] and must be valid inputs to - // that function. - // - // [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal - ExtraHeaders map[HeaderKey]interface{} -} - -// WithHeader adds an arbitrary value to the ExtraHeaders map, initializing it -// if necessary, and returns the updated EncrypterOptions. -// -// The v parameter will be serialized by [json.Marshal] and must be a valid -// input to that function. -// -// [json.Marshal]: https://pkg.go.dev/encoding/json#Marshal -func (eo *EncrypterOptions) WithHeader(k HeaderKey, v interface{}) *EncrypterOptions { - if eo.ExtraHeaders == nil { - eo.ExtraHeaders = map[HeaderKey]interface{}{} - } - eo.ExtraHeaders[k] = v - return eo -} - -// WithContentType adds a content type ("cty") header and returns the updated -// EncrypterOptions. -func (eo *EncrypterOptions) WithContentType(contentType ContentType) *EncrypterOptions { - return eo.WithHeader(HeaderContentType, contentType) -} - -// WithType adds a type ("typ") header and returns the updated EncrypterOptions. -func (eo *EncrypterOptions) WithType(typ ContentType) *EncrypterOptions { - return eo.WithHeader(HeaderType, typ) -} - -// Recipient represents an algorithm/key to encrypt messages to. -// -// PBES2Count and PBES2Salt correspond with the "p2c" and "p2s" headers used -// on the password-based encryption algorithms PBES2-HS256+A128KW, -// PBES2-HS384+A192KW, and PBES2-HS512+A256KW. If they are not provided a safe -// default of 100000 will be used for the count and a 128-bit random salt will -// be generated. -type Recipient struct { - Algorithm KeyAlgorithm - // Key must have one of these types: - // - ed25519.PublicKey - // - *ecdsa.PublicKey - // - *rsa.PublicKey - // - *JSONWebKey - // - JSONWebKey - // - []byte (a symmetric key) - // - Any type that satisfies the OpaqueKeyEncrypter interface - // - // The type of Key must match the value of Algorithm. - Key interface{} - KeyID string - PBES2Count int - PBES2Salt []byte -} - -// NewEncrypter creates an appropriate encrypter based on the key type -func NewEncrypter(enc ContentEncryption, rcpt Recipient, opts *EncrypterOptions) (Encrypter, error) { - encrypter := &genericEncrypter{ - contentAlg: enc, - recipients: []recipientKeyInfo{}, - cipher: getContentCipher(enc), - } - if opts != nil { - encrypter.compressionAlg = opts.Compression - encrypter.extraHeaders = opts.ExtraHeaders - } - - if encrypter.cipher == nil { - return nil, ErrUnsupportedAlgorithm - } - - var keyID string - var rawKey interface{} - switch encryptionKey := rcpt.Key.(type) { - case JSONWebKey: - keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key - case *JSONWebKey: - keyID, rawKey = encryptionKey.KeyID, encryptionKey.Key - case OpaqueKeyEncrypter: - keyID, rawKey = encryptionKey.KeyID(), encryptionKey - default: - rawKey = encryptionKey - } - - switch rcpt.Algorithm { - case DIRECT: - // Direct encryption mode must be treated differently - keyBytes, ok := rawKey.([]byte) - if !ok { - return nil, ErrUnsupportedKeyType - } - if encrypter.cipher.keySize() != len(keyBytes) { - return nil, ErrInvalidKeySize - } - encrypter.keyGenerator = staticKeyGenerator{ - key: keyBytes, - } - recipientInfo, _ := newSymmetricRecipient(rcpt.Algorithm, keyBytes) - recipientInfo.keyID = keyID - if rcpt.KeyID != "" { - recipientInfo.keyID = rcpt.KeyID - } - encrypter.recipients = []recipientKeyInfo{recipientInfo} - return encrypter, nil - case ECDH_ES: - // ECDH-ES (w/o key wrapping) is similar to DIRECT mode - keyDSA, ok := rawKey.(*ecdsa.PublicKey) - if !ok { - return nil, ErrUnsupportedKeyType - } - encrypter.keyGenerator = ecKeyGenerator{ - size: encrypter.cipher.keySize(), - algID: string(enc), - publicKey: keyDSA, - } - recipientInfo, _ := newECDHRecipient(rcpt.Algorithm, keyDSA) - recipientInfo.keyID = keyID - if rcpt.KeyID != "" { - recipientInfo.keyID = rcpt.KeyID - } - encrypter.recipients = []recipientKeyInfo{recipientInfo} - return encrypter, nil - default: - // Can just add a standard recipient - encrypter.keyGenerator = randomKeyGenerator{ - size: encrypter.cipher.keySize(), - } - err := encrypter.addRecipient(rcpt) - return encrypter, err - } -} - -// NewMultiEncrypter creates a multi-encrypter based on the given parameters -func NewMultiEncrypter(enc ContentEncryption, rcpts []Recipient, opts *EncrypterOptions) (Encrypter, error) { - cipher := getContentCipher(enc) - - if cipher == nil { - return nil, ErrUnsupportedAlgorithm - } - if len(rcpts) == 0 { - return nil, fmt.Errorf("go-jose/go-jose: recipients is nil or empty") - } - - encrypter := &genericEncrypter{ - contentAlg: enc, - recipients: []recipientKeyInfo{}, - cipher: cipher, - keyGenerator: randomKeyGenerator{ - size: cipher.keySize(), - }, - } - - if opts != nil { - encrypter.compressionAlg = opts.Compression - encrypter.extraHeaders = opts.ExtraHeaders - } - - for _, recipient := range rcpts { - err := encrypter.addRecipient(recipient) - if err != nil { - return nil, err - } - } - - return encrypter, nil -} - -func (ctx *genericEncrypter) addRecipient(recipient Recipient) (err error) { - var recipientInfo recipientKeyInfo - - switch recipient.Algorithm { - case DIRECT, ECDH_ES: - return fmt.Errorf("go-jose/go-jose: key algorithm '%s' not supported in multi-recipient mode", recipient.Algorithm) - } - - recipientInfo, err = makeJWERecipient(recipient.Algorithm, recipient.Key) - if recipient.KeyID != "" { - recipientInfo.keyID = recipient.KeyID - } - - switch recipient.Algorithm { - case PBES2_HS256_A128KW, PBES2_HS384_A192KW, PBES2_HS512_A256KW: - if sr, ok := recipientInfo.keyEncrypter.(*symmetricKeyCipher); ok { - sr.p2c = recipient.PBES2Count - sr.p2s = recipient.PBES2Salt - } - } - - if err == nil { - ctx.recipients = append(ctx.recipients, recipientInfo) - } - return err -} - -func makeJWERecipient(alg KeyAlgorithm, encryptionKey interface{}) (recipientKeyInfo, error) { - switch encryptionKey := encryptionKey.(type) { - case *rsa.PublicKey: - return newRSARecipient(alg, encryptionKey) - case *ecdsa.PublicKey: - return newECDHRecipient(alg, encryptionKey) - case []byte: - return newSymmetricRecipient(alg, encryptionKey) - case string: - return newSymmetricRecipient(alg, []byte(encryptionKey)) - case *JSONWebKey: - recipient, err := makeJWERecipient(alg, encryptionKey.Key) - recipient.keyID = encryptionKey.KeyID - return recipient, err - case OpaqueKeyEncrypter: - return newOpaqueKeyEncrypter(alg, encryptionKey) - } - return recipientKeyInfo{}, ErrUnsupportedKeyType -} - -// newDecrypter creates an appropriate decrypter based on the key type -func newDecrypter(decryptionKey interface{}) (keyDecrypter, error) { - switch decryptionKey := decryptionKey.(type) { - case *rsa.PrivateKey: - return &rsaDecrypterSigner{ - privateKey: decryptionKey, - }, nil - case *ecdsa.PrivateKey: - return &ecDecrypterSigner{ - privateKey: decryptionKey, - }, nil - case []byte: - return &symmetricKeyCipher{ - key: decryptionKey, - }, nil - case string: - return &symmetricKeyCipher{ - key: []byte(decryptionKey), - }, nil - case JSONWebKey: - return newDecrypter(decryptionKey.Key) - case *JSONWebKey: - return newDecrypter(decryptionKey.Key) - case OpaqueKeyDecrypter: - return &opaqueKeyDecrypter{decrypter: decryptionKey}, nil - default: - return nil, ErrUnsupportedKeyType - } -} - -// Implementation of encrypt method producing a JWE object. -func (ctx *genericEncrypter) Encrypt(plaintext []byte) (*JSONWebEncryption, error) { - return ctx.EncryptWithAuthData(plaintext, nil) -} - -// Implementation of encrypt method producing a JWE object. -func (ctx *genericEncrypter) EncryptWithAuthData(plaintext, aad []byte) (*JSONWebEncryption, error) { - obj := &JSONWebEncryption{} - obj.aad = aad - - obj.protected = &rawHeader{} - err := obj.protected.set(headerEncryption, ctx.contentAlg) - if err != nil { - return nil, err - } - - obj.recipients = make([]recipientInfo, len(ctx.recipients)) - - if len(ctx.recipients) == 0 { - return nil, fmt.Errorf("go-jose/go-jose: no recipients to encrypt to") - } - - cek, headers, err := ctx.keyGenerator.genKey() - if err != nil { - return nil, err - } - - obj.protected.merge(&headers) - - for i, info := range ctx.recipients { - recipient, err := info.keyEncrypter.encryptKey(cek, info.keyAlg) - if err != nil { - return nil, err - } - - err = recipient.header.set(headerAlgorithm, info.keyAlg) - if err != nil { - return nil, err - } - - if info.keyID != "" { - err = recipient.header.set(headerKeyID, info.keyID) - if err != nil { - return nil, err - } - } - obj.recipients[i] = recipient - } - - if len(ctx.recipients) == 1 { - // Move per-recipient headers into main protected header if there's - // only a single recipient. - obj.protected.merge(obj.recipients[0].header) - obj.recipients[0].header = nil - } - - if ctx.compressionAlg != NONE { - plaintext, err = compress(ctx.compressionAlg, plaintext) - if err != nil { - return nil, err - } - - err = obj.protected.set(headerCompression, ctx.compressionAlg) - if err != nil { - return nil, err - } - } - - for k, v := range ctx.extraHeaders { - b, err := json.Marshal(v) - if err != nil { - return nil, err - } - (*obj.protected)[k] = makeRawMessage(b) - } - - authData := obj.computeAuthData() - parts, err := ctx.cipher.encrypt(cek, authData, plaintext) - if err != nil { - return nil, err - } - - obj.iv = parts.iv - obj.ciphertext = parts.ciphertext - obj.tag = parts.tag - - return obj, nil -} - -func (ctx *genericEncrypter) Options() EncrypterOptions { - return EncrypterOptions{ - Compression: ctx.compressionAlg, - ExtraHeaders: ctx.extraHeaders, - } -} - -// Decrypt and validate the object and return the plaintext. This -// function does not support multi-recipient. If you desire multi-recipient -// decryption use DecryptMulti instead. -// -// The decryptionKey argument must contain a private or symmetric key -// and must have one of these types: -// - *ecdsa.PrivateKey -// - *rsa.PrivateKey -// - *JSONWebKey -// - JSONWebKey -// - *JSONWebKeySet -// - JSONWebKeySet -// - []byte (a symmetric key) -// - string (a symmetric key) -// - Any type that satisfies the OpaqueKeyDecrypter interface. -// -// Note that ed25519 is only available for signatures, not encryption, so is -// not an option here. -// -// Automatically decompresses plaintext, but returns an error if the decompressed -// data would be >250kB or >10x the size of the compressed data, whichever is larger. -func (obj JSONWebEncryption) Decrypt(decryptionKey interface{}) ([]byte, error) { - headers := obj.mergedHeaders(nil) - - if len(obj.recipients) > 1 { - return nil, errors.New("go-jose/go-jose: too many recipients in payload; expecting only one") - } - - critical, err := headers.getCritical() - if err != nil { - return nil, fmt.Errorf("go-jose/go-jose: invalid crit header") - } - - if len(critical) > 0 { - return nil, fmt.Errorf("go-jose/go-jose: unsupported crit header") - } - - key := tryJWKS(decryptionKey, obj.Header) - decrypter, err := newDecrypter(key) - if err != nil { - return nil, err - } - - cipher := getContentCipher(headers.getEncryption()) - if cipher == nil { - return nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(headers.getEncryption())) - } - - generator := randomKeyGenerator{ - size: cipher.keySize(), - } - - parts := &aeadParts{ - iv: obj.iv, - ciphertext: obj.ciphertext, - tag: obj.tag, - } - - authData := obj.computeAuthData() - - var plaintext []byte - recipient := obj.recipients[0] - recipientHeaders := obj.mergedHeaders(&recipient) - - cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) - if err == nil { - // Found a valid CEK -- let's try to decrypt. - plaintext, err = cipher.decrypt(cek, authData, parts) - } - - if plaintext == nil { - return nil, ErrCryptoFailure - } - - // The "zip" header parameter may only be present in the protected header. - if comp := obj.protected.getCompression(); comp != "" { - plaintext, err = decompress(comp, plaintext) - if err != nil { - return nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err) - } - } - - return plaintext, nil -} - -// DecryptMulti decrypts and validates the object and returns the plaintexts, -// with support for multiple recipients. It returns the index of the recipient -// for which the decryption was successful, the merged headers for that recipient, -// and the plaintext. -// -// The decryptionKey argument must have one of the types allowed for the -// decryptionKey argument of Decrypt(). -// -// Automatically decompresses plaintext, but returns an error if the decompressed -// data would be >250kB or >3x the size of the compressed data, whichever is larger. -func (obj JSONWebEncryption) DecryptMulti(decryptionKey interface{}) (int, Header, []byte, error) { - globalHeaders := obj.mergedHeaders(nil) - - critical, err := globalHeaders.getCritical() - if err != nil { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: invalid crit header") - } - - if len(critical) > 0 { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported crit header") - } - - key := tryJWKS(decryptionKey, obj.Header) - decrypter, err := newDecrypter(key) - if err != nil { - return -1, Header{}, nil, err - } - - encryption := globalHeaders.getEncryption() - cipher := getContentCipher(encryption) - if cipher == nil { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: unsupported enc value '%s'", string(encryption)) - } - - generator := randomKeyGenerator{ - size: cipher.keySize(), - } - - parts := &aeadParts{ - iv: obj.iv, - ciphertext: obj.ciphertext, - tag: obj.tag, - } - - authData := obj.computeAuthData() - - index := -1 - var plaintext []byte - var headers rawHeader - - for i, recipient := range obj.recipients { - recipientHeaders := obj.mergedHeaders(&recipient) - - cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) - if err == nil { - // Found a valid CEK -- let's try to decrypt. - plaintext, err = cipher.decrypt(cek, authData, parts) - if err == nil { - index = i - headers = recipientHeaders - break - } - } - } - - if plaintext == nil { - return -1, Header{}, nil, ErrCryptoFailure - } - - // The "zip" header parameter may only be present in the protected header. - if comp := obj.protected.getCompression(); comp != "" { - plaintext, err = decompress(comp, plaintext) - if err != nil { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to decompress plaintext: %v", err) - } - } - - sanitized, err := headers.sanitized() - if err != nil { - return -1, Header{}, nil, fmt.Errorf("go-jose/go-jose: failed to sanitize header: %v", err) - } - - return index, sanitized, plaintext, err -} diff --git a/vendor/github.com/go-jose/go-jose/v3/doc.go b/vendor/github.com/go-jose/go-jose/v3/doc.go deleted file mode 100644 index 0ad40ca085..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/doc.go +++ /dev/null @@ -1,25 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* -Package jose aims to provide an implementation of the Javascript Object Signing -and Encryption set of standards. It implements encryption and signing based on -the JSON Web Encryption and JSON Web Signature standards, with optional JSON Web -Token support available in a sub-package. The library supports both the compact -and JWS/JWE JSON Serialization formats, and has optional support for multiple -recipients. -*/ -package jose diff --git a/vendor/github.com/go-jose/go-jose/v3/encoding.go b/vendor/github.com/go-jose/go-jose/v3/encoding.go deleted file mode 100644 index 9f07cfdcb8..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/encoding.go +++ /dev/null @@ -1,237 +0,0 @@ -/*- - * Copyright 2014 Square Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package jose - -import ( - "bytes" - "compress/flate" - "encoding/base64" - "encoding/binary" - "fmt" - "io" - "math/big" - "strings" - "unicode" - - "github.com/go-jose/go-jose/v3/json" -) - -// Helper function to serialize known-good objects. -// Precondition: value is not a nil pointer. -func mustSerializeJSON(value interface{}) []byte { - out, err := json.Marshal(value) - if err != nil { - panic(err) - } - // We never want to serialize the top-level value "null," since it's not a - // valid JOSE message. But if a caller passes in a nil pointer to this method, - // MarshalJSON will happily serialize it as the top-level value "null". If - // that value is then embedded in another operation, for instance by being - // base64-encoded and fed as input to a signing algorithm - // (https://github.com/go-jose/go-jose/issues/22), the result will be - // incorrect. Because this method is intended for known-good objects, and a nil - // pointer is not a known-good object, we are free to panic in this case. - // Note: It's not possible to directly check whether the data pointed at by an - // interface is a nil pointer, so we do this hacky workaround. - // https://groups.google.com/forum/#!topic/golang-nuts/wnH302gBa4I - if string(out) == "null" { - panic("Tried to serialize a nil pointer.") - } - return out -} - -// Strip all newlines and whitespace -func stripWhitespace(data string) string { - buf := strings.Builder{} - buf.Grow(len(data)) - for _, r := range data { - if !unicode.IsSpace(r) { - buf.WriteRune(r) - } - } - return buf.String() -} - -// Perform compression based on algorithm -func compress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { - switch algorithm { - case DEFLATE: - return deflate(input) - default: - return nil, ErrUnsupportedAlgorithm - } -} - -// Perform decompression based on algorithm -func decompress(algorithm CompressionAlgorithm, input []byte) ([]byte, error) { - switch algorithm { - case DEFLATE: - return inflate(input) - default: - return nil, ErrUnsupportedAlgorithm - } -} - -// deflate compresses the input. -func deflate(input []byte) ([]byte, error) { - output := new(bytes.Buffer) - - // Writing to byte buffer, err is always nil - writer, _ := flate.NewWriter(output, 1) - _, _ = io.Copy(writer, bytes.NewBuffer(input)) - - err := writer.Close() - return output.Bytes(), err -} - -// inflate decompresses the input. -// -// Errors if the decompressed data would be >250kB or >10x the size of the -// compressed data, whichever is larger. -func inflate(input []byte) ([]byte, error) { - output := new(bytes.Buffer) - reader := flate.NewReader(bytes.NewBuffer(input)) - - maxCompressedSize := 10 * int64(len(input)) - if maxCompressedSize < 250000 { - maxCompressedSize = 250000 - } - - limit := maxCompressedSize + 1 - n, err := io.CopyN(output, reader, limit) - if err != nil && err != io.EOF { - return nil, err - } - if n == limit { - return nil, fmt.Errorf("uncompressed data would be too large (>%d bytes)", maxCompressedSize) - } - - err = reader.Close() - return output.Bytes(), err -} - -// byteBuffer represents a slice of bytes that can be serialized to url-safe base64. -type byteBuffer struct { - data []byte -} - -func newBuffer(data []byte) *byteBuffer { - if data == nil { - return nil - } - return &byteBuffer{ - data: data, - } -} - -func newFixedSizeBuffer(data []byte, length int) *byteBuffer { - if len(data) > length { - panic("go-jose/go-jose: invalid call to newFixedSizeBuffer (len(data) > length)") - } - pad := make([]byte, length-len(data)) - return newBuffer(append(pad, data...)) -} - -func newBufferFromInt(num uint64) *byteBuffer { - data := make([]byte, 8) - binary.BigEndian.PutUint64(data, num) - return newBuffer(bytes.TrimLeft(data, "\x00")) -} - -func (b *byteBuffer) MarshalJSON() ([]byte, error) { - return json.Marshal(b.base64()) -} - -func (b *byteBuffer) UnmarshalJSON(data []byte) error { - var encoded string - err := json.Unmarshal(data, &encoded) - if err != nil { - return err - } - - if encoded == "" { - return nil - } - - decoded, err := base64URLDecode(encoded) - if err != nil { - return err - } - - *b = *newBuffer(decoded) - - return nil -} - -func (b *byteBuffer) base64() string { - return base64.RawURLEncoding.EncodeToString(b.data) -} - -func (b *byteBuffer) bytes() []byte { - // Handling nil here allows us to transparently handle nil slices when serializing. - if b == nil { - return nil - } - return b.data -} - -func (b byteBuffer) bigInt() *big.Int { - return new(big.Int).SetBytes(b.data) -} - -func (b byteBuffer) toInt() int { - return int(b.bigInt().Int64()) -} - -// base64URLDecode is implemented as defined in https://www.rfc-editor.org/rfc/rfc7515.html#appendix-C -func base64URLDecode(value string) ([]byte, error) { - value = strings.TrimRight(value, "=") - return base64.RawURLEncoding.DecodeString(value) -} - -func base64EncodeLen(sl []byte) int { - return base64.RawURLEncoding.EncodedLen(len(sl)) -} - -func base64JoinWithDots(inputs ...[]byte) string { - if len(inputs) == 0 { - return "" - } - - // Count of dots. - totalCount := len(inputs) - 1 - - for _, input := range inputs { - totalCount += base64EncodeLen(input) - } - - out := make([]byte, totalCount) - startEncode := 0 - for i, input := range inputs { - base64.RawURLEncoding.Encode(out[startEncode:], input) - - if i == len(inputs)-1 { - continue - } - - startEncode += base64EncodeLen(input) - out[startEncode] = '.' - startEncode++ - } - - return string(out) -} diff --git a/vendor/github.com/go-jose/go-jose/v3/json/LICENSE b/vendor/github.com/go-jose/go-jose/v3/json/LICENSE deleted file mode 100644 index 7448756763..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/json/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/go-jose/go-jose/v3/json/README.md b/vendor/github.com/go-jose/go-jose/v3/json/README.md deleted file mode 100644 index 86de5e5581..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/json/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Safe JSON - -This repository contains a fork of the `encoding/json` package from Go 1.6. - -The following changes were made: - -* Object deserialization uses case-sensitive member name matching instead of - [case-insensitive matching](https://www.ietf.org/mail-archive/web/json/current/msg03763.html). - This is to avoid differences in the interpretation of JOSE messages between - go-jose and libraries written in other languages. -* When deserializing a JSON object, we check for duplicate keys and reject the - input whenever we detect a duplicate. Rather than trying to work with malformed - data, we prefer to reject it right away. diff --git a/vendor/github.com/go-jose/go-jose/v3/json/decode.go b/vendor/github.com/go-jose/go-jose/v3/json/decode.go deleted file mode 100644 index 50634dd847..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/json/decode.go +++ /dev/null @@ -1,1216 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Represents JSON data structure using native Go types: booleans, floats, -// strings, arrays, and maps. - -package json - -import ( - "bytes" - "encoding" - "encoding/base64" - "errors" - "fmt" - "math" - "reflect" - "runtime" - "strconv" - "unicode" - "unicode/utf16" - "unicode/utf8" -) - -// Unmarshal parses the JSON-encoded data and stores the result -// in the value pointed to by v. -// -// Unmarshal uses the inverse of the encodings that -// Marshal uses, allocating maps, slices, and pointers as necessary, -// with the following additional rules: -// -// To unmarshal JSON into a pointer, Unmarshal first handles the case of -// the JSON being the JSON literal null. In that case, Unmarshal sets -// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into -// the value pointed at by the pointer. If the pointer is nil, Unmarshal -// allocates a new value for it to point to. -// -// To unmarshal JSON into a struct, Unmarshal matches incoming object -// keys to the keys used by Marshal (either the struct field name or its tag), -// preferring an exact match but also accepting a case-insensitive match. -// Unmarshal will only set exported fields of the struct. -// -// To unmarshal JSON into an interface value, -// Unmarshal stores one of these in the interface value: -// -// bool, for JSON booleans -// float64, for JSON numbers -// string, for JSON strings -// []interface{}, for JSON arrays -// map[string]interface{}, for JSON objects -// nil for JSON null -// -// To unmarshal a JSON array into a slice, Unmarshal resets the slice length -// to zero and then appends each element to the slice. -// As a special case, to unmarshal an empty JSON array into a slice, -// Unmarshal replaces the slice with a new empty slice. -// -// To unmarshal a JSON array into a Go array, Unmarshal decodes -// JSON array elements into corresponding Go array elements. -// If the Go array is smaller than the JSON array, -// the additional JSON array elements are discarded. -// If the JSON array is smaller than the Go array, -// the additional Go array elements are set to zero values. -// -// To unmarshal a JSON object into a string-keyed map, Unmarshal first -// establishes a map to use, If the map is nil, Unmarshal allocates a new map. -// Otherwise Unmarshal reuses the existing map, keeping existing entries. -// Unmarshal then stores key-value pairs from the JSON object into the map. -// -// If a JSON value is not appropriate for a given target type, -// or if a JSON number overflows the target type, Unmarshal -// skips that field and completes the unmarshaling as best it can. -// If no more serious errors are encountered, Unmarshal returns -// an UnmarshalTypeError describing the earliest such error. -// -// The JSON null value unmarshals into an interface, map, pointer, or slice -// by setting that Go value to nil. Because null is often used in JSON to mean -// “not present,” unmarshaling a JSON null into any other Go type has no effect -// on the value and produces no error. -// -// When unmarshaling quoted strings, invalid UTF-8 or -// invalid UTF-16 surrogate pairs are not treated as an error. -// Instead, they are replaced by the Unicode replacement -// character U+FFFD. -func Unmarshal(data []byte, v interface{}) error { - // Check for well-formedness. - // Avoids filling out half a data structure - // before discovering a JSON syntax error. - var d decodeState - err := checkValid(data, &d.scan) - if err != nil { - return err - } - - d.init(data) - return d.unmarshal(v) -} - -// Unmarshaler is the interface implemented by objects -// that can unmarshal a JSON description of themselves. -// The input can be assumed to be a valid encoding of -// a JSON value. UnmarshalJSON must copy the JSON data -// if it wishes to retain the data after returning. -type Unmarshaler interface { - UnmarshalJSON([]byte) error -} - -// An UnmarshalTypeError describes a JSON value that was -// not appropriate for a value of a specific Go type. -type UnmarshalTypeError struct { - Value string // description of JSON value - "bool", "array", "number -5" - Type reflect.Type // type of Go value it could not be assigned to - Offset int64 // error occurred after reading Offset bytes -} - -func (e *UnmarshalTypeError) Error() string { - return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String() -} - -// An UnmarshalFieldError describes a JSON object key that -// led to an unexported (and therefore unwritable) struct field. -// (No longer used; kept for compatibility.) -type UnmarshalFieldError struct { - Key string - Type reflect.Type - Field reflect.StructField -} - -func (e *UnmarshalFieldError) Error() string { - return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String() -} - -// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal. -// (The argument to Unmarshal must be a non-nil pointer.) -type InvalidUnmarshalError struct { - Type reflect.Type -} - -func (e *InvalidUnmarshalError) Error() string { - if e.Type == nil { - return "json: Unmarshal(nil)" - } - - if e.Type.Kind() != reflect.Ptr { - return "json: Unmarshal(non-pointer " + e.Type.String() + ")" - } - return "json: Unmarshal(nil " + e.Type.String() + ")" -} - -func (d *decodeState) unmarshal(v interface{}) (err error) { - defer func() { - if r := recover(); r != nil { - if _, ok := r.(runtime.Error); ok { - panic(r) - } - err = r.(error) - } - }() - - rv := reflect.ValueOf(v) - if rv.Kind() != reflect.Ptr || rv.IsNil() { - return &InvalidUnmarshalError{reflect.TypeOf(v)} - } - - d.scan.reset() - // We decode rv not rv.Elem because the Unmarshaler interface - // test must be applied at the top level of the value. - d.value(rv) - return d.savedError -} - -// A Number represents a JSON number literal. -type Number string - -// String returns the literal text of the number. -func (n Number) String() string { return string(n) } - -// Float64 returns the number as a float64. -func (n Number) Float64() (float64, error) { - return strconv.ParseFloat(string(n), 64) -} - -// Int64 returns the number as an int64. -func (n Number) Int64() (int64, error) { - return strconv.ParseInt(string(n), 10, 64) -} - -// isValidNumber reports whether s is a valid JSON number literal. -func isValidNumber(s string) bool { - // This function implements the JSON numbers grammar. - // See https://tools.ietf.org/html/rfc7159#section-6 - // and http://json.org/number.gif - - if s == "" { - return false - } - - // Optional - - if s[0] == '-' { - s = s[1:] - if s == "" { - return false - } - } - - // Digits - switch { - default: - return false - - case s[0] == '0': - s = s[1:] - - case '1' <= s[0] && s[0] <= '9': - s = s[1:] - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // . followed by 1 or more digits. - if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' { - s = s[2:] - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // e or E followed by an optional - or + and - // 1 or more digits. - if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') { - s = s[1:] - if s[0] == '+' || s[0] == '-' { - s = s[1:] - if s == "" { - return false - } - } - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // Make sure we are at the end. - return s == "" -} - -type NumberUnmarshalType int - -const ( - // unmarshal a JSON number into an interface{} as a float64 - UnmarshalFloat NumberUnmarshalType = iota - // unmarshal a JSON number into an interface{} as a `json.Number` - UnmarshalJSONNumber - // unmarshal a JSON number into an interface{} as a int64 - // if value is an integer otherwise float64 - UnmarshalIntOrFloat -) - -// decodeState represents the state while decoding a JSON value. -type decodeState struct { - data []byte - off int // read offset in data - scan scanner - nextscan scanner // for calls to nextValue - savedError error - numberType NumberUnmarshalType -} - -// errPhase is used for errors that should not happen unless -// there is a bug in the JSON decoder or something is editing -// the data slice while the decoder executes. -var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?") - -func (d *decodeState) init(data []byte) *decodeState { - d.data = data - d.off = 0 - d.savedError = nil - return d -} - -// error aborts the decoding by panicking with err. -func (d *decodeState) error(err error) { - panic(err) -} - -// saveError saves the first err it is called with, -// for reporting at the end of the unmarshal. -func (d *decodeState) saveError(err error) { - if d.savedError == nil { - d.savedError = err - } -} - -// next cuts off and returns the next full JSON value in d.data[d.off:]. -// The next value is known to be an object or array, not a literal. -func (d *decodeState) next() []byte { - c := d.data[d.off] - item, rest, err := nextValue(d.data[d.off:], &d.nextscan) - if err != nil { - d.error(err) - } - d.off = len(d.data) - len(rest) - - // Our scanner has seen the opening brace/bracket - // and thinks we're still in the middle of the object. - // invent a closing brace/bracket to get it out. - if c == '{' { - d.scan.step(&d.scan, '}') - } else { - d.scan.step(&d.scan, ']') - } - - return item -} - -// scanWhile processes bytes in d.data[d.off:] until it -// receives a scan code not equal to op. -// It updates d.off and returns the new scan code. -func (d *decodeState) scanWhile(op int) int { - var newOp int - for { - if d.off >= len(d.data) { - newOp = d.scan.eof() - d.off = len(d.data) + 1 // mark processed EOF with len+1 - } else { - c := d.data[d.off] - d.off++ - newOp = d.scan.step(&d.scan, c) - } - if newOp != op { - break - } - } - return newOp -} - -// value decodes a JSON value from d.data[d.off:] into the value. -// it updates d.off to point past the decoded value. -func (d *decodeState) value(v reflect.Value) { - if !v.IsValid() { - _, rest, err := nextValue(d.data[d.off:], &d.nextscan) - if err != nil { - d.error(err) - } - d.off = len(d.data) - len(rest) - - // d.scan thinks we're still at the beginning of the item. - // Feed in an empty string - the shortest, simplest value - - // so that it knows we got to the end of the value. - if d.scan.redo { - // rewind. - d.scan.redo = false - d.scan.step = stateBeginValue - } - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '"') - - n := len(d.scan.parseState) - if n > 0 && d.scan.parseState[n-1] == parseObjectKey { - // d.scan thinks we just read an object key; finish the object - d.scan.step(&d.scan, ':') - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '}') - } - - return - } - - switch op := d.scanWhile(scanSkipSpace); op { - default: - d.error(errPhase) - - case scanBeginArray: - d.array(v) - - case scanBeginObject: - d.object(v) - - case scanBeginLiteral: - d.literal(v) - } -} - -type unquotedValue struct{} - -// valueQuoted is like value but decodes a -// quoted string literal or literal null into an interface value. -// If it finds anything other than a quoted string literal or null, -// valueQuoted returns unquotedValue{}. -func (d *decodeState) valueQuoted() interface{} { - switch op := d.scanWhile(scanSkipSpace); op { - default: - d.error(errPhase) - - case scanBeginArray: - d.array(reflect.Value{}) - - case scanBeginObject: - d.object(reflect.Value{}) - - case scanBeginLiteral: - switch v := d.literalInterface().(type) { - case nil, string: - return v - } - } - return unquotedValue{} -} - -// indirect walks down v allocating pointers as needed, -// until it gets to a non-pointer. -// if it encounters an Unmarshaler, indirect stops and returns that. -// if decodingNull is true, indirect stops at the last pointer so it can be set to nil. -func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) { - // If v is a named type and is addressable, - // start with its address, so that if the type has pointer methods, - // we find them. - if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() { - v = v.Addr() - } - for { - // Load value from interface, but only if the result will be - // usefully addressable. - if v.Kind() == reflect.Interface && !v.IsNil() { - e := v.Elem() - if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) { - v = e - continue - } - } - - if v.Kind() != reflect.Ptr { - break - } - - if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() { - break - } - if v.IsNil() { - v.Set(reflect.New(v.Type().Elem())) - } - if v.Type().NumMethod() > 0 { - if u, ok := v.Interface().(Unmarshaler); ok { - return u, nil, reflect.Value{} - } - if u, ok := v.Interface().(encoding.TextUnmarshaler); ok { - return nil, u, reflect.Value{} - } - } - v = v.Elem() - } - return nil, nil, v -} - -// array consumes an array from d.data[d.off-1:], decoding into the value v. -// the first byte of the array ('[') has been read already. -func (d *decodeState) array(v reflect.Value) { - // Check for unmarshaler. - u, ut, pv := d.indirect(v, false) - if u != nil { - d.off-- - err := u.UnmarshalJSON(d.next()) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) - d.off-- - d.next() - return - } - - v = pv - - // Check type of target. - switch v.Kind() { - case reflect.Interface: - if v.NumMethod() == 0 { - // Decoding into nil interface? Switch to non-reflect code. - v.Set(reflect.ValueOf(d.arrayInterface())) - return - } - // Otherwise it's invalid. - fallthrough - default: - d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) - d.off-- - d.next() - return - case reflect.Array: - case reflect.Slice: - break - } - - i := 0 - for { - // Look ahead for ] - can only happen on first iteration. - op := d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - - // Back up so d.value can have the byte we just read. - d.off-- - d.scan.undo(op) - - // Get element of array, growing if necessary. - if v.Kind() == reflect.Slice { - // Grow slice if necessary - if i >= v.Cap() { - newcap := v.Cap() + v.Cap()/2 - if newcap < 4 { - newcap = 4 - } - newv := reflect.MakeSlice(v.Type(), v.Len(), newcap) - reflect.Copy(newv, v) - v.Set(newv) - } - if i >= v.Len() { - v.SetLen(i + 1) - } - } - - if i < v.Len() { - // Decode into element. - d.value(v.Index(i)) - } else { - // Ran out of fixed array: skip. - d.value(reflect.Value{}) - } - i++ - - // Next token must be , or ]. - op = d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - if op != scanArrayValue { - d.error(errPhase) - } - } - - if i < v.Len() { - if v.Kind() == reflect.Array { - // Array. Zero the rest. - z := reflect.Zero(v.Type().Elem()) - for ; i < v.Len(); i++ { - v.Index(i).Set(z) - } - } else { - v.SetLen(i) - } - } - if i == 0 && v.Kind() == reflect.Slice { - v.Set(reflect.MakeSlice(v.Type(), 0, 0)) - } -} - -var nullLiteral = []byte("null") - -// object consumes an object from d.data[d.off-1:], decoding into the value v. -// the first byte ('{') of the object has been read already. -func (d *decodeState) object(v reflect.Value) { - // Check for unmarshaler. - u, ut, pv := d.indirect(v, false) - if u != nil { - d.off-- - err := u.UnmarshalJSON(d.next()) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - v = pv - - // Decoding into nil interface? Switch to non-reflect code. - if v.Kind() == reflect.Interface && v.NumMethod() == 0 { - v.Set(reflect.ValueOf(d.objectInterface())) - return - } - - // Check type of target: struct or map[string]T - switch v.Kind() { - case reflect.Map: - // map must have string kind - t := v.Type() - if t.Key().Kind() != reflect.String { - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - if v.IsNil() { - v.Set(reflect.MakeMap(t)) - } - case reflect.Struct: - - default: - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - - var mapElem reflect.Value - keys := map[string]bool{} - - for { - // Read opening " of string key or closing }. - op := d.scanWhile(scanSkipSpace) - if op == scanEndObject { - // closing } - can only happen on first iteration. - break - } - if op != scanBeginLiteral { - d.error(errPhase) - } - - // Read key. - start := d.off - 1 - op = d.scanWhile(scanContinue) - item := d.data[start : d.off-1] - key, ok := unquote(item) - if !ok { - d.error(errPhase) - } - - // Check for duplicate keys. - _, ok = keys[key] - if !ok { - keys[key] = true - } else { - d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) - } - - // Figure out field corresponding to key. - var subv reflect.Value - destring := false // whether the value is wrapped in a string to be decoded first - - if v.Kind() == reflect.Map { - elemType := v.Type().Elem() - if !mapElem.IsValid() { - mapElem = reflect.New(elemType).Elem() - } else { - mapElem.Set(reflect.Zero(elemType)) - } - subv = mapElem - } else { - var f *field - fields := cachedTypeFields(v.Type()) - for i := range fields { - ff := &fields[i] - if bytes.Equal(ff.nameBytes, []byte(key)) { - f = ff - break - } - } - if f != nil { - subv = v - destring = f.quoted - for _, i := range f.index { - if subv.Kind() == reflect.Ptr { - if subv.IsNil() { - subv.Set(reflect.New(subv.Type().Elem())) - } - subv = subv.Elem() - } - subv = subv.Field(i) - } - } - } - - // Read : before value. - if op == scanSkipSpace { - op = d.scanWhile(scanSkipSpace) - } - if op != scanObjectKey { - d.error(errPhase) - } - - // Read value. - if destring { - switch qv := d.valueQuoted().(type) { - case nil: - d.literalStore(nullLiteral, subv, false) - case string: - d.literalStore([]byte(qv), subv, true) - default: - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type())) - } - } else { - d.value(subv) - } - - // Write value back to map; - // if using struct, subv points into struct already. - if v.Kind() == reflect.Map { - kv := reflect.ValueOf(key).Convert(v.Type().Key()) - v.SetMapIndex(kv, subv) - } - - // Next token must be , or }. - op = d.scanWhile(scanSkipSpace) - if op == scanEndObject { - break - } - if op != scanObjectValue { - d.error(errPhase) - } - } -} - -// literal consumes a literal from d.data[d.off-1:], decoding into the value v. -// The first byte of the literal has been read already -// (that's how the caller knows it's a literal). -func (d *decodeState) literal(v reflect.Value) { - // All bytes inside literal return scanContinue op code. - start := d.off - 1 - op := d.scanWhile(scanContinue) - - // Scan read one byte too far; back up. - d.off-- - d.scan.undo(op) - - d.literalStore(d.data[start:d.off], v, false) -} - -// convertNumber converts the number literal s to a float64, int64 or a Number -// depending on d.numberDecodeType. -func (d *decodeState) convertNumber(s string) (interface{}, error) { - switch d.numberType { - - case UnmarshalJSONNumber: - return Number(s), nil - case UnmarshalIntOrFloat: - v, err := strconv.ParseInt(s, 10, 64) - if err == nil { - return v, nil - } - - // tries to parse integer number in scientific notation - f, err := strconv.ParseFloat(s, 64) - if err != nil { - return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} - } - - // if it has no decimal value use int64 - if fi, fd := math.Modf(f); fd == 0.0 { - return int64(fi), nil - } - return f, nil - default: - f, err := strconv.ParseFloat(s, 64) - if err != nil { - return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} - } - return f, nil - } - -} - -var numberType = reflect.TypeOf(Number("")) - -// literalStore decodes a literal stored in item into v. -// -// fromQuoted indicates whether this literal came from unwrapping a -// string from the ",string" struct tag option. this is used only to -// produce more helpful error messages. -func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) { - // Check for unmarshaler. - if len(item) == 0 { - //Empty string given - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - return - } - wantptr := item[0] == 'n' // null - u, ut, pv := d.indirect(v, wantptr) - if u != nil { - err := u.UnmarshalJSON(item) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - if item[0] != '"' { - if fromQuoted { - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - } - return - } - s, ok := unquoteBytes(item) - if !ok { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - err := ut.UnmarshalText(s) - if err != nil { - d.error(err) - } - return - } - - v = pv - - switch c := item[0]; c { - case 'n': // null - switch v.Kind() { - case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice: - v.Set(reflect.Zero(v.Type())) - // otherwise, ignore null for primitives/string - } - case 't', 'f': // true, false - value := c == 't' - switch v.Kind() { - default: - if fromQuoted { - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) - } - case reflect.Bool: - v.SetBool(value) - case reflect.Interface: - if v.NumMethod() == 0 { - v.Set(reflect.ValueOf(value)) - } else { - d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) - } - } - - case '"': // string - s, ok := unquoteBytes(item) - if !ok { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - switch v.Kind() { - default: - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - case reflect.Slice: - if v.Type().Elem().Kind() != reflect.Uint8 { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - break - } - b := make([]byte, base64.StdEncoding.DecodedLen(len(s))) - n, err := base64.StdEncoding.Decode(b, s) - if err != nil { - d.saveError(err) - break - } - v.SetBytes(b[:n]) - case reflect.String: - v.SetString(string(s)) - case reflect.Interface: - if v.NumMethod() == 0 { - v.Set(reflect.ValueOf(string(s))) - } else { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - } - } - - default: // number - if c != '-' && (c < '0' || c > '9') { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - s := string(item) - switch v.Kind() { - default: - if v.Kind() == reflect.String && v.Type() == numberType { - v.SetString(s) - if !isValidNumber(s) { - d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)) - } - break - } - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) - } - case reflect.Interface: - n, err := d.convertNumber(s) - if err != nil { - d.saveError(err) - break - } - if v.NumMethod() != 0 { - d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) - break - } - v.Set(reflect.ValueOf(n)) - - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - n, err := strconv.ParseInt(s, 10, 64) - if err != nil || v.OverflowInt(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetInt(n) - - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - n, err := strconv.ParseUint(s, 10, 64) - if err != nil || v.OverflowUint(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetUint(n) - - case reflect.Float32, reflect.Float64: - n, err := strconv.ParseFloat(s, v.Type().Bits()) - if err != nil || v.OverflowFloat(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetFloat(n) - } - } -} - -// The xxxInterface routines build up a value to be stored -// in an empty interface. They are not strictly necessary, -// but they avoid the weight of reflection in this common case. - -// valueInterface is like value but returns interface{} -func (d *decodeState) valueInterface() interface{} { - switch d.scanWhile(scanSkipSpace) { - default: - d.error(errPhase) - panic("unreachable") - case scanBeginArray: - return d.arrayInterface() - case scanBeginObject: - return d.objectInterface() - case scanBeginLiteral: - return d.literalInterface() - } -} - -// arrayInterface is like array but returns []interface{}. -func (d *decodeState) arrayInterface() []interface{} { - var v = make([]interface{}, 0) - for { - // Look ahead for ] - can only happen on first iteration. - op := d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - - // Back up so d.value can have the byte we just read. - d.off-- - d.scan.undo(op) - - v = append(v, d.valueInterface()) - - // Next token must be , or ]. - op = d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - if op != scanArrayValue { - d.error(errPhase) - } - } - return v -} - -// objectInterface is like object but returns map[string]interface{}. -func (d *decodeState) objectInterface() map[string]interface{} { - m := make(map[string]interface{}) - keys := map[string]bool{} - - for { - // Read opening " of string key or closing }. - op := d.scanWhile(scanSkipSpace) - if op == scanEndObject { - // closing } - can only happen on first iteration. - break - } - if op != scanBeginLiteral { - d.error(errPhase) - } - - // Read string key. - start := d.off - 1 - op = d.scanWhile(scanContinue) - item := d.data[start : d.off-1] - key, ok := unquote(item) - if !ok { - d.error(errPhase) - } - - // Check for duplicate keys. - _, ok = keys[key] - if !ok { - keys[key] = true - } else { - d.error(fmt.Errorf("json: duplicate key '%s' in object", key)) - } - - // Read : before value. - if op == scanSkipSpace { - op = d.scanWhile(scanSkipSpace) - } - if op != scanObjectKey { - d.error(errPhase) - } - - // Read value. - m[key] = d.valueInterface() - - // Next token must be , or }. - op = d.scanWhile(scanSkipSpace) - if op == scanEndObject { - break - } - if op != scanObjectValue { - d.error(errPhase) - } - } - return m -} - -// literalInterface is like literal but returns an interface value. -func (d *decodeState) literalInterface() interface{} { - // All bytes inside literal return scanContinue op code. - start := d.off - 1 - op := d.scanWhile(scanContinue) - - // Scan read one byte too far; back up. - d.off-- - d.scan.undo(op) - item := d.data[start:d.off] - - switch c := item[0]; c { - case 'n': // null - return nil - - case 't', 'f': // true, false - return c == 't' - - case '"': // string - s, ok := unquote(item) - if !ok { - d.error(errPhase) - } - return s - - default: // number - if c != '-' && (c < '0' || c > '9') { - d.error(errPhase) - } - n, err := d.convertNumber(string(item)) - if err != nil { - d.saveError(err) - } - return n - } -} - -// getu4 decodes \uXXXX from the beginning of s, returning the hex value, -// or it returns -1. -func getu4(s []byte) rune { - if len(s) < 6 || s[0] != '\\' || s[1] != 'u' { - return -1 - } - r, err := strconv.ParseUint(string(s[2:6]), 16, 64) - if err != nil { - return -1 - } - return rune(r) -} - -// unquote converts a quoted JSON string literal s into an actual string t. -// The rules are different than for Go, so cannot use strconv.Unquote. -func unquote(s []byte) (t string, ok bool) { - s, ok = unquoteBytes(s) - t = string(s) - return -} - -func unquoteBytes(s []byte) (t []byte, ok bool) { - if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' { - return - } - s = s[1 : len(s)-1] - - // Check for unusual characters. If there are none, - // then no unquoting is needed, so return a slice of the - // original bytes. - r := 0 - for r < len(s) { - c := s[r] - if c == '\\' || c == '"' || c < ' ' { - break - } - if c < utf8.RuneSelf { - r++ - continue - } - rr, size := utf8.DecodeRune(s[r:]) - if rr == utf8.RuneError && size == 1 { - break - } - r += size - } - if r == len(s) { - return s, true - } - - b := make([]byte, len(s)+2*utf8.UTFMax) - w := copy(b, s[0:r]) - for r < len(s) { - // Out of room? Can only happen if s is full of - // malformed UTF-8 and we're replacing each - // byte with RuneError. - if w >= len(b)-2*utf8.UTFMax { - nb := make([]byte, (len(b)+utf8.UTFMax)*2) - copy(nb, b[0:w]) - b = nb - } - switch c := s[r]; { - case c == '\\': - r++ - if r >= len(s) { - return - } - switch s[r] { - default: - return - case '"', '\\', '/', '\'': - b[w] = s[r] - r++ - w++ - case 'b': - b[w] = '\b' - r++ - w++ - case 'f': - b[w] = '\f' - r++ - w++ - case 'n': - b[w] = '\n' - r++ - w++ - case 'r': - b[w] = '\r' - r++ - w++ - case 't': - b[w] = '\t' - r++ - w++ - case 'u': - r-- - rr := getu4(s[r:]) - if rr < 0 { - return - } - r += 6 - if utf16.IsSurrogate(rr) { - rr1 := getu4(s[r:]) - if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar { - // A valid pair; consume. - r += 6 - w += utf8.EncodeRune(b[w:], dec) - break - } - // Invalid surrogate; fall back to replacement rune. - rr = unicode.ReplacementChar - } - w += utf8.EncodeRune(b[w:], rr) - } - - // Quote, control characters are invalid. - case c == '"', c < ' ': - return - - // ASCII - case c < utf8.RuneSelf: - b[w] = c - r++ - w++ - - // Coerce to well-formed UTF-8. - default: - rr, size := utf8.DecodeRune(s[r:]) - r += size - w += utf8.EncodeRune(b[w:], rr) - } - } - return b[0:w], true -} diff --git a/vendor/github.com/go-jose/go-jose/v3/json/encode.go b/vendor/github.com/go-jose/go-jose/v3/json/encode.go deleted file mode 100644 index 98de68ce1e..0000000000 --- a/vendor/github.com/go-jose/go-jose/v3/json/encode.go +++ /dev/null @@ -1,1197 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package json implements encoding and decoding of JSON objects as defined in -// RFC 4627. The mapping between JSON objects and Go values is described -// in the documentation for the Marshal and Unmarshal functions. -// -// See "JSON and Go" for an introduction to this package: -// https://golang.org/doc/articles/json_and_go.html -package json - -import ( - "bytes" - "encoding" - "encoding/base64" - "fmt" - "math" - "reflect" - "runtime" - "sort" - "strconv" - "strings" - "sync" - "unicode" - "unicode/utf8" -) - -// Marshal returns the JSON encoding of v. -// -// Marshal traverses the value v recursively. -// If an encountered value implements the Marshaler interface -// and is not a nil pointer, Marshal calls its MarshalJSON method -// to produce JSON. If no MarshalJSON method is present but the -// value implements encoding.TextMarshaler instead, Marshal calls -// its MarshalText method. -// The nil pointer exception is not strictly necessary -// but mimics a similar, necessary exception in the behavior of -// UnmarshalJSON. -// -// Otherwise, Marshal uses the following type-dependent default encodings: -// -// Boolean values encode as JSON booleans. -// -// Floating point, integer, and Number values encode as JSON numbers. -// -// String values encode as JSON strings coerced to valid UTF-8, -// replacing invalid bytes with the Unicode replacement rune. -// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" -// to keep some browsers from misinterpreting JSON output as HTML. -// Ampersand "&" is also escaped to "\u0026" for the same reason. -// -// Array and slice values encode as JSON arrays, except that -// []byte encodes as a base64-encoded string, and a nil slice -// encodes as the null JSON object. -// -// Struct values encode as JSON objects. Each exported struct field -// becomes a member of the object unless -// - the field's tag is "-", or -// - the field is empty and its tag specifies the "omitempty" option. -// -// The empty values are false, 0, any -// nil pointer or interface value, and any array, slice, map, or string of -// length zero. The object's default key string is the struct field name -// but can be specified in the struct field's tag value. The "json" key in -// the struct field's tag value is the key name, followed by an optional comma -// and options. Examples: -// -// // Field is ignored by this package. -// Field int `json:"-"` -// -// // Field appears in JSON as key "myName". -// Field int `json:"myName"` -// -// // Field appears in JSON as key "myName" and -// // the field is omitted from the object if its value is empty, -// // as defined above. -// Field int `json:"myName,omitempty"` -// -// // Field appears in JSON as key "Field" (the default), but -// // the field is skipped if empty. -// // Note the leading comma. -// Field int `json:",omitempty"` -// -// The "string" option signals that a field is stored as JSON inside a -// JSON-encoded string. It applies only to fields of string, floating point, -// integer, or boolean types. This extra level of encoding is sometimes used -// when communicating with JavaScript programs: -// -// Int64String int64 `json:",string"` -// -// The key name will be used if it's a non-empty string consisting of -// only Unicode letters, digits, dollar signs, percent signs, hyphens, -// underscores and slashes. -// -// Anonymous struct fields are usually marshaled as if their inner exported fields -// were fields in the outer struct, subject to the usual Go visibility rules amended -// as described in the next paragraph. -// An anonymous struct field with a name given in its JSON tag is treated as -// having that name, rather than being anonymous. -// An anonymous struct field of interface type is treated the same as having -// that type as its name, rather than being anonymous. -// -// The Go visibility rules for struct fields are amended for JSON when -// deciding which field to marshal or unmarshal. If there are -// multiple fields at the same level, and that level is the least -// nested (and would therefore be the nesting level selected by the -// usual Go rules), the following extra rules apply: -// -// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered, -// even if there are multiple untagged fields that would otherwise conflict. -// 2) If there is exactly one field (tagged or not according to the first rule), that is selected. -// 3) Otherwise there are multiple fields, and all are ignored; no error occurs. -// -// Handling of anonymous struct fields is new in Go 1.1. -// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of -// an anonymous struct field in both current and earlier versions, give the field -// a JSON tag of "-". -// -// Map values encode as JSON objects. -// The map's key type must be string; the map keys are used as JSON object -// keys, subject to the UTF-8 coercion described for string values above. -// -// Pointer values encode as the value pointed to. -// A nil pointer encodes as the null JSON object. -// -// Interface values encode as the value contained in the interface. -// A nil interface value encodes as the null JSON object. -// -// Channel, complex, and function values cannot be encoded in JSON. -// Attempting to encode such a value causes Marshal to return -// an UnsupportedTypeError. -// -// JSON cannot represent cyclic data structures and Marshal does not -// handle them. Passing cyclic structures to Marshal will result in -// an infinite recursion. -func Marshal(v interface{}) ([]byte, error) { - e := &encodeState{} - err := e.marshal(v) - if err != nil { - return nil, err - } - return e.Bytes(), nil -} - -// MarshalIndent is like Marshal but applies Indent to format the output. -func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) { - b, err := Marshal(v) - if err != nil { - return nil, err - } - var buf bytes.Buffer - err = Indent(&buf, b, prefix, indent) - if err != nil { - return nil, err - } - return buf.Bytes(), nil -} - -// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029 -// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029 -// so that the JSON will be safe to embed inside HTML