scram

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2024 License: Apache-2.0 Imports: 17 Imported by: 1

Documentation

Overview

nolint: gosec

Index

Constants

View Source 
const (
	AuthorizationIDAttr     = "a"
	UserNameAttr            = "n"
	FutureExtensibilityAttr = "m"
	RandomSequenceAttr      = "r"
	ChannelBindingDataAttr  = "c"
	SaltAttr                = "s"
	IterationCountAttr      = "i"
	ClientProofAttr         = "p"
	ServerSignatureAttr     = "v"
	ErrorAttr               = "e"
)
View Source 
const (
	// SHA1 is the SHA-1 hash function.
	SHA1 = "SCRAM-SHA-1"
	// SHA256 is the SHA-256 hash function.
	SHA256 = "SCRAM-SHA-256"
	// SHA512 is the SHA-512 hash function.
	SHA512 = "SCRAM-SHA-512"
)
View Source 
const (
	UsernameID        = "username"
	PasswordID        = "password"
	RandomSequenceID  = "randomSequence"
	SaltedPasswordID  = "saltedPassword"
	ClientKeyID       = "clientKey"
	ServerKeyID       = "serverKey"
	StoredKeyID       = "storedKey"
	AuthMessageID     = "authMessage"
	ClientSignatureID = "clientSignature"
	ServerSignatureID = "serverSignature"
	SaltID            = "salt"
	IterationCountID  = "iterationCount"
	ClientProofID     = "clientProof"
)

Variables

View Source 
var ErrChannelBindingNotSupported = errors.New("channel-binding-not-supported")

ErrChannelBindingNotSupported is returned when the channel binding is not supported.

View Source 
var ErrChannelBindingsDontMatch = errors.New("channel-bindings-dont-match")

ErrChannelBindingsDontMatch is returned when the channel bindings don't match.

View Source 
var ErrExtensionsNotSupported = errors.New("extensions-not-supported")

ErrExtensionsNotSupported is returned when the extensions are not supported.

View Source 
var ErrInvalidEncoding = errors.New("invalid-encoding")

ErrInvalidEncoding is returned when the encoding is invalid.

View Source 
var ErrInvalidProof = errors.New("invalid-proof")

ErrInvalidProof is returned when the proof is invalid.

View Source 
var ErrInvalidUsernameEncoding = errors.New("invalid-username-encoding")

ErrInvalidUsernameEncoding is returned when the username encoding is invalid.

View Source 
var ErrNoResources = errors.New("no-resources")

ErrNoResources is returned when there are no resources.

View Source 
var ErrOtherError = errors.New("other-error")

ErrOtherError is returned when there is another error.

View Source 
var ErrServerDoesSupportChannelBinding = errors.New("server-does-not-support-channel-binding")

ErrServerDoesSupportChannelBinding is returned when the server does not support channel binding.

View Source 
var ErrUnknownUser = errors.New("unknown-user")

ErrUnknownUser is returned when the user is unknown.

View Source 
var ErrUnsupportedChannelBindingType = errors.New("unsupported-channel-binding-type")

ErrUnsupportedChannelBindingType is returned when the channel binding type is unsupported.

Functions

func AuthMessage 

func AuthMessage(clientFirstMessageBare, serverFirstMessage, clientFinalMessageWithoutProof string) string

AuthMessage := client-first-message-bare + "," + 

server-first-message + "," +
client-final-message-without-proof

func ClientKey 

func ClientKey(h HashFunc, saltedPassword []byte) []byte

ClientKey := HMAC(SaltedPassword, "Client Key").

func ClientProof 

func ClientProof(clientKey, clientSignature string) []byte

ClientProof := ClientKey XOR ClientSignature.

func ClientSignature 

func ClientSignature(h HashFunc, storedKey, authMessage string) []byte

ClientSignature := HMAC(StoredKey, AuthMessage).

func H 

func H(hf HashFunc, data []byte) []byte

H(data) is defined as:. 2.2. Notation.

func HMAC 

func HMAC(hf HashFunc, key []byte, data []byte) []byte

HMAC(key, data) is defined as:. 2.2. Notation RFC 2104 - HMAC: Keyed-Hashing for Message Authentication https://datatracker.ietf.org/doc/html/rfc2104

func Hi 

func Hi(h HashFunc, str string, salt []byte, i int) []byte

Hi(str, salt, i) is defined as:. 2.2. Notation.

func IsStandardError added in v1.2.1 

func IsStandardError(err error) bool

IsStandardError returns true if the error is a standard error.

func SaltedPassword 

func SaltedPassword(h HashFunc, password string, salt []byte, i int) ([]byte, error)

SaltedPassword := Hi(Normalize(password), salt, i).

func ServerKey 

func ServerKey(h HashFunc, saltedPassword []byte) []byte

ServerKey := HMAC(SaltedPassword, "Server Key").

func ServerSignature 

func ServerSignature(h HashFunc, serverKey, authMessage string) []byte

ServerSignature := HMAC(ServerKey, AuthMessage).

func StoredKey 

func StoredKey(h HashFunc, clientKey []byte) []byte

StoredKey := H(ClientKey).

func XOR 

func XOR(a, b []byte) []byte

XOR(a, b) is defined as:. 2.2. Notation.

Types

type Attribute 

type Attribute interface {
	// Name returns the property name.
	Name() string
	// Value returns the property value.
	Value() string
}

Attribute represents a message property.

func NewAttribute 

func NewAttribute(name, value string) Attribute

NewAttribute returns a new SASL attribute.

type AttributeMap 

type AttributeMap struct {
	// contains filtered or unexported fields
}

AttributeMap represents a SCRAM attribute map.

func NewAttributeMap 

func NewAttributeMap() AttributeMap

NewAttributeMap returns a new SCRAM attribute map.

func (*AttributeMap) Attribute 

func (m *AttributeMap) Attribute(name string) (string, bool)

Attribute returns an attribute from the map.

func (*AttributeMap) AuthorizationID 

func (m *AttributeMap) AuthorizationID() (string, bool)

AuthorizationID returns the authorization ID attribute from the map.

func (*AttributeMap) ChannelBindingData 

func (m *AttributeMap) ChannelBindingData() (string, bool)

ChannelBindingData returns the channel binding data attribute from the map.

func (*AttributeMap) ClientProof 

func (m *AttributeMap) ClientProof() ([]byte, bool)

ClientProof returns the client proof attribute from the map.

func (*AttributeMap) DecodeAttribute 

func (m *AttributeMap) DecodeAttribute(name string) ([]byte, bool)

DecodeAttribute returns a base64 decoded attribute from the map.

func (*AttributeMap) EncodeAttribute 

func (m *AttributeMap) EncodeAttribute(name string, value []byte)

EncodeAttribute sets a base64 encoded attribute to the map.

func (*AttributeMap) Equals 

func (m *AttributeMap) Equals(other AttributeMap) bool

Equals returns true if the map is equal to the other map.

func (*AttributeMap) Error 

func (m *AttributeMap) Error() (string, bool)

Error returns the error attribute from the map.

func (*AttributeMap) FutureFutureExtensibility 

func (m *AttributeMap) FutureFutureExtensibility() (string, bool)

FutureExtensions returns the future extensibility attribute from the map.

func (*AttributeMap) IterationCount 

func (m *AttributeMap) IterationCount() (int, bool)

IterationCount returns the iteration count attribute from the map.

func (*AttributeMap) RandomSequence 

func (m *AttributeMap) RandomSequence() (string, bool)

RandomSequence returns the random sequence attribute from the map.

func (*AttributeMap) Salt 

func (m *AttributeMap) Salt() ([]byte, bool)

Salt returns the salt attribute from the map.

func (*AttributeMap) ServerSignature 

func (m *AttributeMap) ServerSignature() ([]byte, bool)

ServerSignature returns the server signature attribute from the map.

func (*AttributeMap) SetAttribute 

func (m *AttributeMap) SetAttribute(name, value string)

SetAttribute sets an attribute to the map.

func (*AttributeMap) SetChannelBindingData 

func (m *AttributeMap) SetChannelBindingData(value string)

SetChannelBindingData sets the channel binding data attribute to the map.

func (*AttributeMap) SetClientProof 

func (m *AttributeMap) SetClientProof(value []byte)

SetClientProof sets the client proof attribute to the map.

func (*AttributeMap) SetError 

func (m *AttributeMap) SetError(value string)

SetError sets the error attribute to the map.

func (*AttributeMap) SetFutureExtensibility 

func (m *AttributeMap) SetFutureExtensibility(value string)

SetFutureExtensibility sets the future extensibility attribute to the map.

func (*AttributeMap) SetIterationCount 

func (m *AttributeMap) SetIterationCount(value int)

SetIterationCount sets the iteration count attribute to the map.

func (*AttributeMap) SetRandomSequence 

func (m *AttributeMap) SetRandomSequence(value string)

SetRandomSequence sets the random sequence attribute to the map.

func (*AttributeMap) SetSalt 

func (m *AttributeMap) SetSalt(value string)

SetSalt sets the salt attribute to the map.

func (*AttributeMap) SetSaltBytes 

func (m *AttributeMap) SetSaltBytes(value []byte)

SetSaltBytes sets the salt attribute to the map.

func (*AttributeMap) SetServerSignature 

func (m *AttributeMap) SetServerSignature(value []byte)

SetServerSignature sets the server signature attribute to the map.

func (*AttributeMap) SetUsername 

func (m *AttributeMap) SetUsername(value string)

SetUsername sets the user name attribute to the map.

func (*AttributeMap) String 

func (m *AttributeMap) String() string

String returns the string representation of the map.

func (*AttributeMap) StringWithoutProof 

func (m *AttributeMap) StringWithoutProof() string

StringWithoutProof returns the string representation of the map without the proof.

func (*AttributeMap) Username 

func (m *AttributeMap) Username() (string, bool)

Username returns the user name attribute from the map.

type Client 

type Client struct {
	mech.Store
	// contains filtered or unexported fields
}

Client is a SCRAM client.

func NewClient 

func NewClient(opts ...ClientOption) (*Client, error)

NewClient returns a new SCRAM client with options.

func NewClientFromPayload added in v1.1.0 

func NewClientFromPayload(payload string) (*Client, error)

NewClientFromPayload returns a new SCRAM client from the specified payload.

func NewClientFromPayloadWithHeader added in v1.1.0 

func NewClientFromPayloadWithHeader(payload string) (*Client, error)

NewClientFromPayloadWithHeader returns a new SCRAM client from the specified payload with the header.

func (*Client) FinalMessageFrom 

func (client *Client) FinalMessageFrom(serverFirstMsg *Message) (*Message, error)

FinalMessageFrom returns the final message from the specified server first message.

func (*Client) FirstMessage 

func (client *Client) FirstMessage() (*Message, error)

FirstMessage returns the first message.

func (*Client) HashFunc 

func (client *Client) HashFunc() HashFunc

HashFunc returns the hash function.

func (*Client) SetOptions added in v1.1.0 

func (client *Client) SetOptions(opts ...ClientOption) error

SetOptions sets the client options.

func (*Client) ValidateServerFinalMessage 

func (client *Client) ValidateServerFinalMessage(serverFinalMsg *Message) error

ValidateServerFinalMessage validates the final message from the specified server final message.

type ClientOption 

type ClientOption func(*Client) error

ClientOption represents a client option function.

func WithClientAuthzID 

func WithClientAuthzID(authzID string) ClientOption

WithClientAuthzID returns a client option to set the authorization ID.

func WithClientChallenge 

func WithClientChallenge(challenge string) ClientOption

WithClientChallenge returns a client option to set the challenge.

func WithClientHashFunc 

func WithClientHashFunc(hashFunc HashFunc) ClientOption

WithClientHashFunc returns a client option to set the hash function.

func WithClientPassword 

func WithClientPassword(password string) ClientOption

WithClientPassword returns a client option to set the password.

func WithClientPayload added in v1.1.0 

func WithClientPayload(payload mech.Payload) ClientOption

func WithClientRandomSequence 

func WithClientRandomSequence(randomSequence string) ClientOption

WithClientRandomSequence returns a client option to set the random sequence.

func WithClientUsername 

func WithClientUsername(username string) ClientOption

WithClientUsername returns a client option to set the username.

type HashFunc 

type HashFunc = func() hash.Hash

HashFunc is a function that returns a hash.Hash.

func HashSHA1 

func HashSHA1() HashFunc

HashSHA1 returns a new SHA-1 hash function. Deprecated: Use HashSHA256 instead.

func HashSHA256 

func HashSHA256() HashFunc

HashSHA256 returns a new SHA-256 hash function.

func HashSHA512 

func HashSHA512() HashFunc

HashSHA512 returns a new SHA-512 hash function.

type Message 

type Message struct {
	*gss.Header
	AttributeMap
}

Message represents a SCRAM message.

func NewMessage 

func NewMessage(opts ...MessageOption) *Message

NewMessage returns a new message.

func NewMessageFrom 

func NewMessageFrom(v any) (*Message, error)

NewMessageFrom returns a new message from the specified value.

func NewMessageFromString 

func NewMessageFromString(msg string) (*Message, error)

NewMessageFromString returns a new message from the specified string.

func NewMessageFromStringWithHeader 

func NewMessageFromStringWithHeader(msg string) (*Message, error)

NewMessageFromStringWithHeader returns a new message from the specified string with the GS2 header.

func NewMessageFromWithHeader added in v1.2.0 

func NewMessageFromWithHeader(v any) (*Message, error)

NewMessageFromWithHeader returns a new message from the specified value with the GS2 header.

func NewMessageWithError added in v1.2.1 

func NewMessageWithError(err error) *Message

NewMessageWithError returns a new message from the specified error.

func (*Message) Bytes added in v1.1.0 

func (msg *Message) Bytes() []byte

Bytes returns the message bytes.

func (*Message) Equals 

func (msg *Message) Equals(other *Message) bool

Equals returns true if the message equals the specified message.

func (*Message) HasHeader 

func (msg *Message) HasHeader() bool

HasHeader returns true if the message has a GS2 header.

func (*Message) ParseString 

func (msg *Message) ParseString(str string) error

ParseStringWithHeader parses the specified string.

func (*Message) ParseStringWithHeader 

func (msg *Message) ParseStringWithHeader(str string) error

ParseStringWithHeader parses the specified string with the GS2 header.

func (*Message) ParseStrings 

func (msg *Message) ParseStrings(props []string) error

ParseStringsWithHeader parses the specified property strings.

func (*Message) ParseStringsWithHeader 

func (msg *Message) ParseStringsWithHeader(props []string) error

ParseStringsWithHeader parses the specified property strings with the GS2 header.

func (*Message) String 

func (msg *Message) String() string

String returns the string representation of the message.

func (*Message) StringWithoutHeader added in v1.2.0 

func (msg *Message) StringWithoutHeader() string

StringWithoutHeader returns the string representation of the message without the header.

func (*Message) StringWithoutProof 

func (msg *Message) StringWithoutProof() string

StringWithoutProof returns the string representation of the message without the proof.

type MessageOption 

type MessageOption func(*Message)

MessageOption represents a message option.

func WithAttribute 

func WithAttribute(name, value string) MessageOption

func WithHeader 

func WithHeader(header *gss.Header) MessageOption

WithHeader returns an option to set the GS2 header.

type Server 

type Server struct {
	mech.Store
	*cred.CredentialStore
	// contains filtered or unexported fields
}

Server represents a SCRAM server.

func NewServer 

func NewServer(opts ...ServerOption) (*Server, error)

NewServer returns a new SCRAM server.

func (*Server) FinalMessageFrom 

func (server *Server) FinalMessageFrom(clientMsg *Message) (*Message, error)

FinalMessageFrom returns a new server final message from the specified client final message.

func (*Server) FirstMessageFrom 

func (server *Server) FirstMessageFrom(clientMsg *Message) (*Message, error)

FirstMessageFrom returns a new server first message from the specified client message.

func (*Server) HashFunc 

func (server *Server) HashFunc() HashFunc

HashFunc returns the hash function.

func (*Server) SetOptions added in v1.2.0 

func (server *Server) SetOptions(opts ...ServerOption) error

SetOptions sets the specified options.

type ServerOption 

type ServerOption func(*Server) error

ServerOption represents a server option.

func WithServeMechanism added in v1.2.1 

func WithServeMechanism(mechanism string) ServerOption

WithServeMechanism returns a server option to set the mechanism.

func WithServerAuthenticators 

func WithServerAuthenticators(authenticators cred.Authenticators) ServerOption

WithServerAuthenticators returns a server option to set the authenticators.

func WithServerHashFunc 

func WithServerHashFunc(hashFunc HashFunc) ServerOption

WithServerHashFunc returns a server option to set the hash function.

func WithServerIterationCount 

func WithServerIterationCount(iterationCount int) ServerOption

WithServerIterationCount returns a server option to set the iteration count.

func WithServerRandomSequence 

func WithServerRandomSequence(randomSequence string) ServerOption

WithServerRandomSequence returns a server option to set the random sequence.

func WithServerSaltString 

func WithServerSaltString(salt string) ServerOption

WithServerSaltString returns a server option to set the salt.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.