README
¶
go-secret-hash
The Golang Secret Hashing Library
Documentation
¶
Overview ¶
Package secrethash provides an abstraction over generating, parsing, and comparing secret hashes. It supports multiple hashing algorithms, and it is extensible.
Index ¶
Constants ¶
const ( // HashingAlgorithmTypeBCrypt is the bcrypt hashing algorithm. // It is quite simple algorithm to implement, but it does not allow secrets longer than 72 bytes. HashingAlgorithmTypeBCrypt = HashingAlgorithmType("bcrypt") // HashingAlgorithmTypeArgon2 is the argon2 hashing algorithm. HashingAlgorithmTypeArgon2 = HashingAlgorithmType("argon2") )
const ( BCryptMinCost int = 4 // the minimum allowable cost as passed in to GenerateFromPassword BCryptMaxCost int = 31 // the maximum allowable cost as passed in to GenerateFromPassword BCryptDefaultCost int = 10 // the cost that will actually be set if a cost below BCryptMinCost is passed into GenerateFromPassword )
Variables ¶
Functions ¶
This section is empty.
Types ¶
type Argon2HashingAlgorithm ¶
type Argon2HashingAlgorithm struct {
SaltLength int
Iterations uint32
Memory uint32
Parallelism uint8
KeyLength uint32
Mode Argon2Mode
}
Argon2HashingAlgorithm is the argon2 hashing algorithm.
func DefaultArgon2HashingAlgorith ¶
func DefaultArgon2HashingAlgorith() Argon2HashingAlgorithm
DefaultArgon2HashingAlgorith returns the default argon2 hashing algorithm.
func (Argon2HashingAlgorithm) CompareFormat ¶
func (a Argon2HashingAlgorithm) CompareFormat(secretHash []byte) bool
CompareFormat checks whether the format of the secret hash matches this hashing algorithm.
func (Argon2HashingAlgorithm) GenerateSecretHash ¶
func (a Argon2HashingAlgorithm) GenerateSecretHash(secret []byte) (SecretHash, error)
GenerateSecretHash generates a hash from the secret.
func (Argon2HashingAlgorithm) Parse ¶
func (a Argon2HashingAlgorithm) Parse(secretHash []byte) (SecretHash, error)
Parse a formatted string representation of the key.
func (Argon2HashingAlgorithm) Type ¶
func (a Argon2HashingAlgorithm) Type() HashingAlgorithmType
Type implements HashingAlgorithm interface.
type Argon2KeyComposed ¶
type Argon2KeyComposed struct {
Params Argon2Params
Salt []byte
Key []byte
}
Argon2KeyComposed is a structure that contains Argon2 parameters, salt and key.
func (*Argon2KeyComposed) CompareSecret ¶
func (a *Argon2KeyComposed) CompareSecret(secret []byte) error
CompareSecret compares the secret with the parsed
func (*Argon2KeyComposed) Format ¶
func (a *Argon2KeyComposed) Format() []byte
Format returns a formatted string representation of the key. The format is: $argon2id$v=<version>$m=<memory>,t=<iterations>,p=<parallelism>$<salt>$<key>
func (*Argon2KeyComposed) Parse ¶
func (a *Argon2KeyComposed) Parse(secretHash []byte) error
Parse parses a formatted string representation of the key.
type Argon2Mode ¶
type Argon2Mode int
Argon2Mode is the argon2 mode.
const ( Argon2ModeID Argon2Mode = iota Argon2ModeI Argon2ModeD )
type Argon2Params ¶
type Argon2Params struct {
Memory uint32
Iterations uint32
Parallelism uint8
Mode Argon2Mode
}
Argon2Params contains Argon2 parameters.
type BCryptHashingAlgorithm ¶
type BCryptHashingAlgorithm struct {
// Cost is the cost of the bcrypt algorithm.
Cost int
}
BCryptHashingAlgorithm is the bcrypt hashing algorithm.
func (BCryptHashingAlgorithm) CompareFormat ¶
func (a BCryptHashingAlgorithm) CompareFormat(secretHash []byte) bool
CompareFormat checks whether the format of the secret hash matches this hashing algorithm.
func (BCryptHashingAlgorithm) GenerateSecretHash ¶
func (a BCryptHashingAlgorithm) GenerateSecretHash(secret []byte) (SecretHash, error)
GenerateSecretHash generates a hash from the secret. The maximum secret length is 72 bytes.
func (BCryptHashingAlgorithm) Parse ¶
func (a BCryptHashingAlgorithm) Parse(secretHash []byte) (SecretHash, error)
Parse parses a formatted representation of the key.
func (BCryptHashingAlgorithm) Type ¶
func (BCryptHashingAlgorithm) Type() HashingAlgorithmType
type BCryptSecretHash ¶
type BCryptSecretHash struct {
// Hash is the hash of the secret.
Hash []byte
// Salt is the salt of the secret.
Salt []byte
// Cost is the cost of the bcrypt algorithm.
// allowed range is BCryptMinCost to BCryptMaxCost
Cost int
// Major is the major version of the bcrypt algorithm.
Major byte
// Minor is the minor version of the bcrypt algorithm.
Minor byte
}
BCryptSecretHash is the bcrypt secret hash.
func (*BCryptSecretHash) CompareSecret ¶
func (b *BCryptSecretHash) CompareSecret(secret []byte) error
CompareSecret compares the secret with the parsed secret hash.
func (*BCryptSecretHash) Format ¶
func (b *BCryptSecretHash) Format() []byte
Format returns a formatted string representation of the bcrypt hashed secret. The format is: $2a$[cost]$[22 character salt][31 character hash].
func (*BCryptSecretHash) Parse ¶
func (b *BCryptSecretHash) Parse(hashedSecret []byte) error
Parse parses a formatted string representation of the key. The standard bcrypt format is $2a$[cost]$[22 character salt][31 character hash].
func (*BCryptSecretHash) String ¶
func (b *BCryptSecretHash) String() string
type GenerateSecretHashOptions ¶
type GenerateSecretHashOptions struct {
Algorithm HashingAlgorithmType
}
GenerateSecretHashOptions is the options for generating a secret hash.
type Hasher ¶
type Hasher struct {
// contains filtered or unexported fields
}
Hasher is the parser of the secret hash.
func NewHasher ¶
func NewHasher(algorithms ...HashingAlgorithm) (*Hasher, error)
NewHasher creates a new algorithms container..
func (Hasher) GenerateSecretHash ¶
func (p Hasher) GenerateSecretHash(secret []byte, opts *GenerateSecretHashOptions) (SecretHash, error)
GenerateSecretHash generates a hash from the secret.
func (Hasher) Parse ¶
func (p Hasher) Parse(secretHash []byte, opts *ParseHashOptions) (SecretHash, error)
Parse parses the secret hash from given input.
type HashingAlgorithm ¶
type HashingAlgorithm interface {
// GenerateSecretHash generates a hash from the secret.
GenerateSecretHash(secret []byte) (SecretHash, error)
// Parse parses a formatted representation of the key.
Parse(secretHash []byte) (SecretHash, error)
// CompareFormat checks whether the format of the secret hash matches this
// hashing algorithm.
CompareFormat(secretHash []byte) bool
// Type returns the hashing algorithm type.
Type() HashingAlgorithmType
}
HashingAlgorithm is the hashing algorithm used to hash the client secret.
type HashingAlgorithmType ¶
type HashingAlgorithmType string
HashingAlgorithmType is the hashing algorithm used to hash the client secret.
func (HashingAlgorithmType) IsEmpty ¶
func (h HashingAlgorithmType) IsEmpty() bool
type ParseHashOptions ¶
type ParseHashOptions struct {
// ExpectedAlgorithm is the expected algorithm of the secret hash.
ExpectAlgorithm HashingAlgorithmType
}
ParseHashOptions is the options for parsing a secret hash.
type SecretHash ¶
type SecretHash interface {
// CompareSecret compares the secret with the parsed
CompareSecret(secret []byte) error
// Parse parses a formatted string representation of the key.
Parse(secretHash []byte) error
// Format returns the secret hash.
Format() []byte
}
SecretHash is the secret key.
Source Files