go.mod: github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611

Update to the latest version, which is now a module; full diff: 9f70042a33...303da6aec6 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2026-01-11 18:51:37 +00:00 · 2025-08-04 17:59:18 +02:00
parent 6b45c76a23
commit 8e63b55146
4 changed files with 19 additions and 27 deletions
--- a/go.mod
+++ b/go.mod
@@ -165,7 +165,7 @@ require (
 	github.com/docker/libtrust v0.0.0-20150526203908-9cbd2a1374f4 // indirect
 	github.com/dustin/go-humanize v1.0.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee // indirect
+	github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611 // indirect
 	github.com/fsnotify/fsnotify v1.9.0 // indirect
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -202,8 +202,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee h1:v6Eju/FhxsACGNipFEPBZZAzGr1F/jlRQr1qiBw2nEE=
-github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee/go.mod h1:2H9hjfbpSMHwY503FclkV/lZTBh2YlOmLLSda12uL8c=
+github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611 h1:JwYtKJ/DVEoIA5dH45OEU7uoryZY/gjd/BQiwwAOImM=
+github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611/go.mod h1:zHMNeYgqrTpKyjawjitDg0Osd1P/FmeA0SZLYK3RfLQ=
 github.com/fluent/fluent-logger-golang v1.9.0 h1:zUdY44CHX2oIUc7VTNZc+4m+ORuO/mldQDA7czhWXEg=
 github.com/fluent/fluent-logger-golang v1.9.0/go.mod h1:2/HCT/jTy78yGyeNGQLGQsjF3zzzAuy6Xlk6FCMV5eU=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
--- a/vendor/github.com/fernet/fernet-go/fernet.go
+++ b/vendor/github.com/fernet/fernet-go/fernet.go
@@ -80,7 +80,7 @@ func verify(msg, tok []byte, ttl time.Duration, now time.Time, k *Key) []byte {
 	if subtle.ConstantTimeCompare(tok[n:], hmac[:]) != 1 {
 		return nil
 	}
-	pay := tok[payOffset : len(tok)-sha256.Size]
+	pay := tok[payOffset:n]
 	if len(pay)%aes.BlockSize != 0 {
 		return nil
 	}
@@ -89,7 +89,7 @@ func verify(msg, tok []byte, ttl time.Duration, now time.Time, k *Key) []byte {
 		pay = msg
 	}
 	bc, _ := aes.NewCipher(k.cryptBytes())
-	iv := tok[9:][:aes.BlockSize]
+	iv := tok[ivOffset:][:aes.BlockSize]
 	cipher.NewCBCDecrypter(bc, iv).CryptBlocks(pay, pay)
 	return unpad(pay)
 }
@@ -120,42 +120,34 @@ func unpad(p []byte) []byte {
 	return p[:len(p)-int(c)]
 }

-func b64enc(src []byte) []byte {
-	dst := make([]byte, encoding.EncodedLen(len(src)))
-	encoding.Encode(dst, src)
-	return dst
-}
-
-func b64dec(src []byte) []byte {
-	dst := make([]byte, encoding.DecodedLen(len(src)))
-	n, err := encoding.Decode(dst, src)
-	if err != nil {
-		return nil
-	}
-	return dst[:n]
-}
-
 func genhmac(q, p, k []byte) {
 	h := hmac.New(sha256.New, k)
 	h.Write(p)
 	h.Sum(q)
 }

-// EncryptAndSign encrypts and signs msg with key k and returns the resulting
-// fernet token. If msg contains text, the text should be encoded
-// with UTF-8 to follow fernet convention.
-func EncryptAndSign(msg []byte, k *Key) (tok []byte, err error) {
+// EncryptAndSignAtTime encrypts and signs msg with key k at timestamp signedAt
+// and returns the resulting fernet token. If msg contains text, the text
+// should be encoded with UTF-8 to follow fernet convention.
+func EncryptAndSignAtTime(msg []byte, k *Key, signedAt time.Time) (tok []byte, err error) {
 	iv := make([]byte, aes.BlockSize)
 	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
 		return nil, err
 	}
 	b := make([]byte, encodedLen(len(msg)))
-	n := gen(b, msg, iv, time.Now(), k)
+	n := gen(b, msg, iv, signedAt, k)
 	tok = make([]byte, encoding.EncodedLen(n))
 	encoding.Encode(tok, b[:n])
 	return tok, nil
 }

+// EncryptAndSign encrypts and signs msg with key k and returns the resulting
+// fernet token. If msg contains text, the text should be encoded
+// with UTF-8 to follow fernet convention.
+func EncryptAndSign(msg []byte, k *Key) (tok []byte, err error) {
+	return EncryptAndSignAtTime(msg, k, time.Now())
+}
+
 // VerifyAndDecrypt verifies that tok is a valid fernet token that was signed
 // with a key in k at most ttl time ago only if ttl is greater than zero.
 // Returns the message contained in tok if tok is valid, otherwise nil.
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -533,8 +533,8 @@ github.com/dustin/go-humanize
 # github.com/felixge/httpsnoop v1.0.4
 ## explicit; go 1.13
 github.com/felixge/httpsnoop
-# github.com/fernet/fernet-go v0.0.0-20211208181803-9f70042a33ee
-## explicit
+# github.com/fernet/fernet-go v0.0.0-20240119011108-303da6aec611
+## explicit; go 1.18
 github.com/fernet/fernet-go
 # github.com/fluent/fluent-logger-golang v1.9.0
 ## explicit