Documentation ¶
Index ¶
- Constants
- func DynamicTruncate(hmacResult []byte, digits int) string
- func GenerateTOTPQRCodePNG(key, issuer, user string, period time.Duration, length int) ([]byte, error)
- func GenerateTOTPURI(key, issuer, user string, period time.Duration, length int) string
- func HOTP(key string, counter uint64, length int) (string, error)
- func HOTPCompare(key string, counter uint64, length int, challenge string) (bool, error)
- func Hash(password string, salt string) string
- func HashAndSalt(password string) (hash string, salt string)
- func HashMD5(plaintext []byte) string
- func NewIncompleteDataError() errors.TracerError
- func NewOTPKey() (string, error)
- func NewRSAPrivateKeyNotSetError() errors.TracerError
- func NewRSAPublicKeyNotSetError() errors.TracerError
- func TOTP(key string, period time.Duration, vary int, length int) (string, error)
- func TOTPCompare(key string, period time.Duration, adjust int, length int, challenge string) (bool, error)
- func TOTPCompareAndGetDrift(key string, period time.Duration, length int, variance uint, challenge string, ...) (bool, int, error)
- func TOTPCompareAndGetDriftWithResynchronization(key string, period time.Duration, length int, variance uint, challenge string, ...) (bool, int, error)
- func TOTPCompareWithVariance(key string, period time.Duration, length int, variance uint, challenge string) (ok bool, err error)
- type AESEncryption
- func (a *AESEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)
- func (a *AESEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)
- func (AESEncryption) GenerateKey() []byte
- func (a *AESEncryption) GetKey() []byte
- func (a *AESEncryption) GetType() CipherType
- func (a *AESEncryption) RotateKey() []byte
- func (a *AESEncryption) SetKey(key []byte) error
- func (a *AESEncryption) Sign(plaintext []byte) (signature []byte, err error)
- func (a *AESEncryption) Verify(plaintext []byte, signature []byte) (err error)
- type CipherType
- type Encryption
- type IncompleteDataError
- type NoEncryption
- func (ne *NoEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)
- func (ne *NoEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)
- func (ne *NoEncryption) GetType() CipherType
- func (ne *NoEncryption) Sign(plaintext []byte) (signature []byte, err error)
- func (ne *NoEncryption) Verify(plaintext []byte, signature []byte) (err error)
- type RSAEncryption
- func (r *RSAEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)
- func (r *RSAEncryption) DecryptAndVerify(ciphertext []byte, signature []byte) (plaintext []byte, err error)
- func (r *RSAEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)
- func (r *RSAEncryption) EncryptAndSign(plaintext []byte) (signature []byte, ciphertext []byte, err error)
- func (r *RSAEncryption) GenerateKey() *rsa.PrivateKey
- func (r *RSAEncryption) GetPrivateKey() *rsa.PrivateKey
- func (r *RSAEncryption) GetPublicKey() *rsa.PublicKey
- func (r *RSAEncryption) GetType() CipherType
- func (r *RSAEncryption) MarshalPrivateKey() ([]byte, error)
- func (r *RSAEncryption) MarshalPrivatePublicKey() ([]byte, error)
- func (r *RSAEncryption) MarshalPublicKey() ([]byte, error)
- func (r *RSAEncryption) SetPrivateKey(key *rsa.PrivateKey)
- func (r *RSAEncryption) SetPublicKey(key rsa.PublicKey)
- func (r *RSAEncryption) Sign(plaintext []byte) (signed []byte, err error)
- func (r *RSAEncryption) UnmarshallPrivateKey(bytes []byte) error
- func (r *RSAEncryption) UnmarshallPublicKey(bytes []byte) error
- func (r *RSAEncryption) Verify(plaintext []byte, signature []byte) error
- type RSAPrivateKeyNotSetError
- type RSAPublicKeyNotSetError
Constants ¶
const AES256KeySize = 32
AES256KeySize for AWS256 Encryption
Variables ¶
This section is empty.
Functions ¶
func DynamicTruncate ¶
DynamicTruncate as described in RFC4226
"The Truncate function performs Step 2 and Step 3, i.e., the dynamic truncation and then the reduction modulo 10^Digit. The purpose of the dynamic offset truncation technique is to extract a 4-byte dynamic binary code from a 160-bit (20-byte) HMAC-SHA-1 result. DT(String) // String = String[0]...String[19] Let OffsetBits be the low-order 4 bits of String[19] Offset = StToNum(OffsetBits) // 0 <= OffSet <= 15 Let P = String[OffSet]...String[OffSet+3] Return the Last 31 bits of P"
func GenerateTOTPQRCodePNG ¶
func GenerateTOTPQRCodePNG(key, issuer, user string, period time.Duration, length int) ([]byte, error)
GenerateTOTPQRCodePNG that can be served directly using content type header with 'image/png' or written to file.
func GenerateTOTPURI ¶
GenerateTOTPURI for use in a QR code for registration with an authenticator application
func HOTPCompare ¶
HOTPCompare the HOTP for the specified key and the passed challenge
func HashAndSalt ¶
HashAndSalt generates a Hash and a Salt for a given string
func NewIncompleteDataError ¶
func NewIncompleteDataError() errors.TracerError
NewIncompleteDataError instantiates a IncompleteDataError with a stack trace
func NewRSAPrivateKeyNotSetError ¶
func NewRSAPrivateKeyNotSetError() errors.TracerError
NewRSAPrivateKeyNotSetError instantiates a RSAPrivateKeyNotSetError with a stack trace
func NewRSAPublicKeyNotSetError ¶
func NewRSAPublicKeyNotSetError() errors.TracerError
NewRSAPublicKeyNotSetError instantiates a RSAPublicKeyNotSetError with a stack trace
func TOTP ¶
TOTP for the passed key with the specified period (step size) and number of digits, step will be adjusted using the passed 'vary'
func TOTPCompare ¶
func TOTPCompare(key string, period time.Duration, adjust int, length int, challenge string) (bool, error)
TOTPCompare the challenge to TOTP for a specific step dictated by period and adjust.
func TOTPCompareAndGetDrift ¶ added in v2.1.1
func TOTPCompareAndGetDrift(key string, period time.Duration, length int, variance uint, challenge string, drift int) (bool, int, error)
TOTPCompareAndGetDrift the expected TOTP calculation with the challenge in constant time.
func TOTPCompareAndGetDriftWithResynchronization ¶ added in v2.18.0
func TOTPCompareAndGetDriftWithResynchronization(key string, period time.Duration, length int, variance uint, challenge string, drift int) (bool, int, error)
TOTPCompareAndGetDriftWithResynchronization will check the 0 drift case before comparing the passed drift. Executes in constants time in non-error conditions.
func TOTPCompareWithVariance ¶
func TOTPCompareWithVariance(key string, period time.Duration, length int, variance uint, challenge string) (ok bool, err error)
TOTPCompareWithVariance the expected TOTP calculation with the challenge in constant time. If variance is greater than 0, abs(variance) frames will be compared on either side of the 0 frame. Example:
Given the following values and offsets TOTP(): | A | B | C | D | E | offset: | -2 | -1 | 0 | 1 | 2 |
The following arguments would have the specified results:
Variance == ABS(Variance) Challenge Variance Return A 0 False A 1 False A 2 True B 0 False B 1 True B 2 True C 0 True C 1 True C 2 True E 0 False E 1 False E 2 True
Types ¶
type AESEncryption ¶
type AESEncryption struct {
// contains filtered or unexported fields
}
AESEncryption provides AES256 Encryption with GCM tampering detection.
func (*AESEncryption) Decrypt ¶
func (a *AESEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)
Decrypt data using AES256-GCM
func (*AESEncryption) Encrypt ¶
func (a *AESEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)
Encrypt with AES256-GCM
func (AESEncryption) GenerateKey ¶
func (AESEncryption) GenerateKey() []byte
GenerateKey will create a new key to use with this instance of AES
func (*AESEncryption) GetKey ¶
func (a *AESEncryption) GetKey() []byte
GetKey currently being used by this instance of AES
func (*AESEncryption) GetType ¶
func (a *AESEncryption) GetType() CipherType
GetType returns the cipher type this instance of encryption provides.
func (*AESEncryption) RotateKey ¶
func (a *AESEncryption) RotateKey() []byte
RotateKey generates a new AES256 key and sets for use on this instance and returns it.
func (*AESEncryption) SetKey ¶
func (a *AESEncryption) SetKey(key []byte) error
SetKey for use on this instance of AES256.
type CipherType ¶
type CipherType uint8
CipherType represents how the message body will be encrypted.
const ( // None specifies no encryption. Suitable only for Negotiate requests. None CipherType = 0 // AES symmetric encryption AES CipherType = 1 // RSA asymmetric small message encryption RSA CipherType = 2 )
func (CipherType) String ¶
func (ct CipherType) String() string
type Encryption ¶
type Encryption interface { GetType() CipherType Encrypt(plaintext []byte) (ciphertext []byte, err error) Decrypt(ciphertext []byte) (plaintext []byte, err error) Sign(plaintext []byte) (signature []byte, err error) Verify(plaintext []byte, signature []byte) (err error) }
Encryption interface provides the necessary methods for an encryption provider.
func NewAES ¶
func NewAES(key []byte) (Encryption, error)
NewAES using the passed key, if nil is passed a new key will be generated.
func NewNoEncryption ¶
func NewNoEncryption() Encryption
NewNoEncryption returns an instance of NoEncryption which can be used as a pass through.
type IncompleteDataError ¶
type IncompleteDataError struct {
// contains filtered or unexported fields
}
IncompleteDataError returned when an incomplete ciphertext is passed to decrypt.
func (*IncompleteDataError) Error ¶
func (err *IncompleteDataError) Error() string
func (*IncompleteDataError) Trace ¶
func (err *IncompleteDataError) Trace() []string
Trace returns the stack trace for the error
type NoEncryption ¶
type NoEncryption struct{}
NoEncryption provides a passthrough for when you need an Encryption object but don't actually want encryption.
func (*NoEncryption) Decrypt ¶
func (ne *NoEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)
Decrypt returns the ciphertext
func (*NoEncryption) Encrypt ¶
func (ne *NoEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)
Encrypt returns the plaintext
func (*NoEncryption) GetType ¶
func (ne *NoEncryption) GetType() CipherType
GetType of cipher on this Encryption.
type RSAEncryption ¶
type RSAEncryption struct {
// contains filtered or unexported fields
}
RSAEncryption provides 2048 bit rsa encryption with optional PSS Signing.
func NewRSAEncryption ¶
func NewRSAEncryption() *RSAEncryption
NewRSAEncryption instance with no keys set.
func (*RSAEncryption) Decrypt ¶
func (r *RSAEncryption) Decrypt(ciphertext []byte) (plaintext []byte, err error)
Decrypt the passed ciphertext using the passed private key.
func (*RSAEncryption) DecryptAndVerify ¶
func (r *RSAEncryption) DecryptAndVerify(ciphertext []byte, signature []byte) ( plaintext []byte, err error)
DecryptAndVerify decrypts the passed ciphertext and verifies the signature.
func (*RSAEncryption) Encrypt ¶
func (r *RSAEncryption) Encrypt(plaintext []byte) (ciphertext []byte, err error)
Encrypt the passed plaintext using the passed public key.
func (*RSAEncryption) EncryptAndSign ¶
func (r *RSAEncryption) EncryptAndSign(plaintext []byte) ( signature []byte, ciphertext []byte, err error)
EncryptAndSign the passed plaintext with the passed encryption key and signing key.
func (*RSAEncryption) GenerateKey ¶
func (r *RSAEncryption) GenerateKey() *rsa.PrivateKey
GenerateKey for 2048 bit rsa encryption.
func (*RSAEncryption) GetPrivateKey ¶
func (r *RSAEncryption) GetPrivateKey() *rsa.PrivateKey
GetPrivateKey that is currently set on this instance of RSAEncryption
func (*RSAEncryption) GetPublicKey ¶
func (r *RSAEncryption) GetPublicKey() *rsa.PublicKey
GetPublicKey that is currently set on this instance.
func (*RSAEncryption) GetType ¶
func (r *RSAEncryption) GetType() CipherType
GetType returns the cipher type this encryption instance provides.
func (*RSAEncryption) MarshalPrivateKey ¶
func (r *RSAEncryption) MarshalPrivateKey() ([]byte, error)
MarshalPrivateKey data type (PKCS1) and return as bytes.
func (*RSAEncryption) MarshalPrivatePublicKey ¶
func (r *RSAEncryption) MarshalPrivatePublicKey() ([]byte, error)
MarshalPrivatePublicKey to data type PubASN1 PEM format and return as bytes.
func (*RSAEncryption) MarshalPublicKey ¶
func (r *RSAEncryption) MarshalPublicKey() ([]byte, error)
MarshalPublicKey data type (PubASN1) and return as bytes.
func (*RSAEncryption) SetPrivateKey ¶
func (r *RSAEncryption) SetPrivateKey(key *rsa.PrivateKey)
SetPrivateKey that will be used to decrypt and sign on this instance.
func (*RSAEncryption) SetPublicKey ¶
func (r *RSAEncryption) SetPublicKey(key rsa.PublicKey)
SetPublicKey that will be used to encrypt and verify on this instance.
func (*RSAEncryption) Sign ¶
func (r *RSAEncryption) Sign(plaintext []byte) (signed []byte, err error)
Sign with RSASSA-PSS
func (*RSAEncryption) UnmarshallPrivateKey ¶
func (r *RSAEncryption) UnmarshallPrivateKey(bytes []byte) error
UnmarshallPrivateKey from the passed bytes created from `MarshalPrivateKey` and set it on this instance.
func (*RSAEncryption) UnmarshallPublicKey ¶
func (r *RSAEncryption) UnmarshallPublicKey(bytes []byte) error
UnmarshallPublicKey from the passed bytes created using MarshalPublicKey and set it on this instance.
type RSAPrivateKeyNotSetError ¶
type RSAPrivateKeyNotSetError struct {
// contains filtered or unexported fields
}
RSAPrivateKeyNotSetError is returned when the RSA private key is not set and an operation needing a private key is called.
func (*RSAPrivateKeyNotSetError) Error ¶
func (err *RSAPrivateKeyNotSetError) Error() string
func (*RSAPrivateKeyNotSetError) Trace ¶
func (err *RSAPrivateKeyNotSetError) Trace() []string
Trace returns the stack trace for the error
type RSAPublicKeyNotSetError ¶
type RSAPublicKeyNotSetError struct {
// contains filtered or unexported fields
}
RSAPublicKeyNotSetError is returned when the RSA public key is not set and an operation needing a private key is called.
func (*RSAPublicKeyNotSetError) Error ¶
func (err *RSAPublicKeyNotSetError) Error() string
func (*RSAPublicKeyNotSetError) Trace ¶
func (err *RSAPublicKeyNotSetError) Trace() []string
Trace returns the stack trace for the error