Documentation
¶
Overview ¶
Package passvault manages the vault containing user records on disk. It contains usernames and associated passwords which are stored hashed (with salt) using scrypt.
Copyright (c) 2013 CloudFlare, Inc.
Index ¶
- Constants
- Variables
- type ECPublicKey
- type PasswordRecord
- func (pr *PasswordRecord) EncryptKey(in []byte) (out []byte, err error)
- func (pr *PasswordRecord) GetKeyECC(password string) (key *ecdsa.PrivateKey, err error)
- func (pr *PasswordRecord) GetKeyECCPub() (out *ecdsa.PublicKey, err error)
- func (pr *PasswordRecord) GetKeyRSA(password string) (key rsa.PrivateKey, err error)
- func (pr *PasswordRecord) GetKeyRSAPub() (out *rsa.PublicKey, err error)
- func (pr *PasswordRecord) GetType() string
- func (pr *PasswordRecord) IsAdmin() bool
- func (pr *PasswordRecord) ValidatePassword(password string) error
- type Records
- func (records *Records) AddNewRecord(name, password string, admin bool, userType string) (PasswordRecord, error)
- func (records *Records) ChangePassword(name, password, newPassword, hipchatName string) (err error)
- func (records *Records) DeleteRecord(name string) error
- func (records *Records) GetAltNameFromName(alt, name string) (altName string, found bool)
- func (r *Records) GetAltNamesFromName(alt string, names []string) map[string]string
- func (records *Records) GetHMACKey() (key []byte, err error)
- func (records *Records) GetRecord(name string) (PasswordRecord, bool)
- func (records *Records) GetSummary() (summary map[string]Summary)
- func (records *Records) GetVaultID() (id int, err error)
- func (records *Records) MakeAdmin(name string) error
- func (records *Records) NumRecords() int
- func (records *Records) RevokeRecord(name string) error
- func (records *Records) SetRecord(pr PasswordRecord, name string)
- func (records *Records) WriteRecordsToDisk() error
- type Summary
Constants ¶
const ( RSARecord = "RSA" ECCRecord = "ECC" )
Constants for record type
const ( KEYLENGTH = 16 // 16-byte output from scrypt N = 16384 // Cost parameter R = 8 // Block size P = 1 // Parallelization factor DEFAULT_VERSION = 1 )
Constants for scrypt
Variables ¶
var DefaultRecordType = RSARecord
Functions ¶
This section is empty.
Types ¶
type ECPublicKey ¶
type ECPublicKey struct {
Curve *elliptic.CurveParams
X, Y *big.Int
}
type PasswordRecord ¶
type PasswordRecord struct {
Type string
PasswordSalt []byte
HashedPassword []byte
KeySalt []byte
RSAKey struct {
RSAExp []byte
RSAExpIV []byte
RSAPrimeP []byte
RSAPrimePIV []byte
RSAPrimeQ []byte
RSAPrimeQIV []byte
RSAPublic rsa.PublicKey
}
ECKey struct {
ECPriv []byte
ECPrivIV []byte
ECPublic ECPublicKey
}
AltNames map[string]string
Admin bool
}
PasswordRecord is the structure used to store password and key material for a single user name. It is written and read from storage in JSON format.
func (*PasswordRecord) EncryptKey ¶
func (pr *PasswordRecord) EncryptKey(in []byte) (out []byte, err error)
EncryptKey encrypts a 16-byte key with the RSA or EC key of the record.
func (*PasswordRecord) GetKeyECC ¶
func (pr *PasswordRecord) GetKeyECC(password string) (key *ecdsa.PrivateKey, err error)
GetKeyECC returns the ECDSA private key of the record given the correct password.
func (*PasswordRecord) GetKeyECCPub ¶
func (pr *PasswordRecord) GetKeyECCPub() (out *ecdsa.PublicKey, err error)
GetKeyECCPub returns the ECDSA public key out of the record.
func (*PasswordRecord) GetKeyRSA ¶
func (pr *PasswordRecord) GetKeyRSA(password string) (key rsa.PrivateKey, err error)
GetKeyRSA returns the RSA private key of the record given the correct password.
func (*PasswordRecord) GetKeyRSAPub ¶
func (pr *PasswordRecord) GetKeyRSAPub() (out *rsa.PublicKey, err error)
GetKeyRSAPub returns the RSA public key of the record.
func (*PasswordRecord) GetType ¶
func (pr *PasswordRecord) GetType() string
GetType returns the type status of the PasswordRecord.
func (*PasswordRecord) IsAdmin ¶
func (pr *PasswordRecord) IsAdmin() bool
IsAdmin returns the admin status of the PasswordRecord.
func (*PasswordRecord) ValidatePassword ¶
func (pr *PasswordRecord) ValidatePassword(password string) error
ValidatePassword returns an error if the password is incorrect.
type Records ¶
type Records struct {
Version int
VaultId int
HmacKey []byte
Passwords map[string]PasswordRecord
// contains filtered or unexported fields
}
Records is the structure used to read and write a JSON file containing the contents of a password vault
func (*Records) AddNewRecord ¶
func (records *Records) AddNewRecord(name, password string, admin bool, userType string) (PasswordRecord, error)
AddNewRecord adds a new record for a given username and password.
func (*Records) ChangePassword ¶
ChangePassword changes the password for a given user.
func (*Records) DeleteRecord ¶
DeleteRecord deletes a given record.
func (*Records) GetAltNameFromName ¶
func (*Records) GetAltNamesFromName ¶
func (*Records) GetHMACKey ¶
GetHMACKey returns the hmac key of the current vault.
func (*Records) GetRecord ¶
func (records *Records) GetRecord(name string) (PasswordRecord, bool)
GetRecord returns a record given a name.
func (*Records) GetSummary ¶
GetSummary returns a summary of the records on disk.
func (*Records) GetVaultID ¶
GetVaultID returns the id of the current vault.
func (*Records) NumRecords ¶
NumRecords returns the number of records in the vault.
func (*Records) RevokeRecord ¶
RevokeRecord removes admin status from a record.
func (*Records) SetRecord ¶
func (records *Records) SetRecord(pr PasswordRecord, name string)
SetRecord puts a record into the global status.
func (*Records) WriteRecordsToDisk ¶
WriteRecordsToDisk saves the current state of the records to disk.
Source Files