Documentation
¶
Index ¶
- Variables
- func Base64Decode(value []byte) ([]byte, error)
- func Base64Encode(value []byte) []byte
- func CompareHashAndPassphrase(hash []byte, passphrase []byte) (needUpdate bool, err error)
- func DecodeAuthMessage(c MACConfig, key, enc, additionalData []byte) ([]byte, error)
- func EncodeAuthMessage(c MACConfig, key, value, additionalData []byte) ([]byte, error)
- func GenerateFromPassphrase(passphrase []byte) ([]byte, error)
- func GenerateRandomBytes(n int) []byte
- func GenerateRandomString(n int) string
- func NewJWT(secret []byte, claims jwt.Claims) (string, error)
- func ParseJWT(tokenString string, keyFunc jwt.Keyfunc, claims jwt.Claims) error
- func Timestamp() int64
- type MACConfig
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidHash = errors.New("Invalid hash format") ErrMismatchedHashAndPassphrase = errors.New("hash and password are different") ErrNoUpdateNeeded = errors.New("hash already has correct parameters") )
Errors
var SigningMethod = jwt.SigningMethodHS512
SigningMethod is the algorithm choosed for signing JWT. Currently, it is HMAC-SHA-512
Functions ¶
func Base64Decode ¶
Base64Decode decodes a value using base64.
func Base64Encode ¶
Base64Encode encodes a value using base64.
func CompareHashAndPassphrase ¶
CompareHashAndPassphrase compares a derived key with the possible cleartext equivalent. The parameters used in the provided derived key are used. The comparison performed by this function is constant-time.
It returns an error if the derived keys do not match. It also returns a needUpdate boolean indicating whether or not the passphrase hash has outdated parameters and should be recomputed.
func DecodeAuthMessage ¶
DecodeAuthMessage verifies a message authentified with message authentication code and returns the message value algon with the issued time of the message.
func EncodeAuthMessage ¶
EncodeAuthMessage associates the given value with a message authentication code for integrity and authenticity.
If the value, when base64 encoded with a fixed size header is longer than the configured maximum length, it will panic.
Message format (name prefix is in MAC but removed from message):
<---------------- MAC input ---------------->
<---------- Message ---------->
| name | additional data | time | value | hmac |
| ---- | --- | 8 bytes | --- | 32 bytes |
func GenerateFromPassphrase ¶
GenerateFromPassphrase returns the derived key of the passphrase using the parameters provided. The parameters are prepended to the derived key and separated by the "$" character (0x24). If the parameters provided are less than the minimum acceptable values, an error will be returned.
func GenerateRandomBytes ¶
GenerateRandomBytes returns securely generated random bytes. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
func GenerateRandomString ¶
GenerateRandomString generates a secure random string of length N
Types ¶
type MACConfig ¶
MACConfig contains all the options to encode or decode a message along with a proof of integrity and authenticity.
Key is the secret used for the HMAC key. It should contain at least 16 bytes and should be generated by a PRNG.
Name is an optional message name that won't be contained in the MACed messaged itself but will be MACed against.
Source Files