Documentation ¶
Index ¶
- Constants
- Variables
- func CheckPassword(password, encodedDigest string) (valid bool, err error)
- func CheckPasswordWithPlainText(password, encodedDigest string) (valid bool, err error)
- func NormalizeEncodedDigest(encodedDigest string) (out string)
- type Argon2Digest
- func (d *Argon2Digest) Decode(encodedDigest string) (err error)
- func (d *Argon2Digest) Encode() (encodedHash string)
- func (d *Argon2Digest) Match(password string) (match bool)
- func (d *Argon2Digest) MatchAdvanced(password string) (match bool, err error)
- func (d *Argon2Digest) MatchBytes(passwordBytes []byte) (match bool)
- func (d *Argon2Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d *Argon2Digest) String() string
- type Argon2Hash
- func (h *Argon2Hash) CopyParamsTo(hash *Argon2Hash)
- func (h *Argon2Hash) CopyUnsetParamsTo(hash *Argon2Hash)
- func (h *Argon2Hash) Hash(password string) (hashed Digest, err error)
- func (h *Argon2Hash) HashWithSalt(password string, salt []byte) (hashed Digest, err error)
- func (h *Argon2Hash) MustHash(password string) (hashed Digest)
- func (h *Argon2Hash) Validate() (err error)
- func (h *Argon2Hash) WithK(length int) *Argon2Hash
- func (h *Argon2Hash) WithM(bytes int) *Argon2Hash
- func (h *Argon2Hash) WithP(parallelism int) *Argon2Hash
- func (h *Argon2Hash) WithProfile(profile Argon2Profile) *Argon2Hash
- func (h *Argon2Hash) WithS(length int) *Argon2Hash
- func (h *Argon2Hash) WithT(time int) *Argon2Hash
- func (h *Argon2Hash) WithVariant(variant Argon2Variant) *Argon2Hash
- type Argon2Profile
- type Argon2Variant
- type BcryptDigest
- func (d *BcryptDigest) Decode(encodedDigest string) (err error)
- func (d *BcryptDigest) Encode() string
- func (d BcryptDigest) Match(password string) (match bool)
- func (d BcryptDigest) MatchAdvanced(password string) (match bool, err error)
- func (d BcryptDigest) MatchBytes(passwordBytes []byte) (match bool)
- func (d BcryptDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d BcryptDigest) String() string
- type BcryptHash
- func (h *BcryptHash) Hash(password string) (digest Digest, err error)
- func (h *BcryptHash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
- func (h *BcryptHash) MustHash(password string) (digest Digest)
- func (h *BcryptHash) Validate() (err error)
- func (h *BcryptHash) WithCost(cost int) *BcryptHash
- func (h *BcryptHash) WithVariant(variant BcryptVariant) *BcryptHash
- func (h *BcryptHash) WithoutValidation() *BcryptHash
- type BcryptVariant
- type Digest
- type Hash
- type HashFunc
- type Matcher
- type PBKDF2Digest
- func (d *PBKDF2Digest) Decode(encodedDigest string) (err error)
- func (d *PBKDF2Digest) Encode() string
- func (d *PBKDF2Digest) Match(password string) (match bool)
- func (d *PBKDF2Digest) MatchAdvanced(password string) (match bool, err error)
- func (d *PBKDF2Digest) MatchBytes(passwordBytes []byte) (match bool)
- func (d *PBKDF2Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d *PBKDF2Digest) String() string
- type PBKDF2Hash
- func (h *PBKDF2Hash) Hash(password string) (digest Digest, err error)
- func (h *PBKDF2Hash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
- func (h *PBKDF2Hash) MustHash(password string) (digest Digest)
- func (h *PBKDF2Hash) Validate() (err error)
- func (h *PBKDF2Hash) WithIterations(iterations int) *PBKDF2Hash
- func (h *PBKDF2Hash) WithKeyLength(bytes int) *PBKDF2Hash
- func (h *PBKDF2Hash) WithSaltLength(bytes int) *PBKDF2Hash
- func (h *PBKDF2Hash) WithVariant(variant PBKDF2Variant) *PBKDF2Hash
- func (h *PBKDF2Hash) WithoutValidation() *PBKDF2Hash
- type PBKDF2Variant
- type PlainTextDigest
- func (d *PlainTextDigest) Decode(encodedDigest string) (err error)
- func (d *PlainTextDigest) Encode() string
- func (d *PlainTextDigest) Match(password string) (match bool)
- func (d *PlainTextDigest) MatchAdvanced(password string) (match bool, err error)
- func (d *PlainTextDigest) MatchBytes(passwordBytes []byte) (match bool)
- func (d *PlainTextDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d *PlainTextDigest) String() string
- type PlainTextVariant
- type SHA2CryptDigest
- func (d *SHA2CryptDigest) Decode(encodedDigest string) (err error)
- func (d *SHA2CryptDigest) Encode() (hash string)
- func (d SHA2CryptDigest) Match(password string) (match bool)
- func (d SHA2CryptDigest) MatchAdvanced(password string) (match bool, err error)
- func (d SHA2CryptDigest) MatchBytes(passwordBytes []byte) (match bool)
- func (d SHA2CryptDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d SHA2CryptDigest) String() string
- type SHA2CryptHash
- func (h *SHA2CryptHash) Hash(password string) (digest Digest, err error)
- func (h *SHA2CryptHash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
- func (h *SHA2CryptHash) MustHash(password string) (digest Digest)
- func (h *SHA2CryptHash) Validate() (err error)
- func (h *SHA2CryptHash) WithRounds(rounds int) *SHA2CryptHash
- func (h *SHA2CryptHash) WithSHA256() *SHA2CryptHash
- func (h *SHA2CryptHash) WithSHA512() *SHA2CryptHash
- func (h *SHA2CryptHash) WithSaltLength(bytes int) *SHA2CryptHash
- func (h *SHA2CryptHash) WithVariant(variant SHA2CryptVariant) *SHA2CryptHash
- func (h *SHA2CryptHash) WithoutValidation() *SHA2CryptHash
- type SHA2CryptVariant
- type ScryptDigest
- func (d *ScryptDigest) Decode(encodedDigest string) (err error)
- func (d *ScryptDigest) Encode() string
- func (d *ScryptDigest) Match(password string) (match bool)
- func (d *ScryptDigest) MatchAdvanced(password string) (match bool, err error)
- func (d *ScryptDigest) MatchBytes(passwordBytes []byte) (match bool)
- func (d *ScryptDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d *ScryptDigest) String() string
- type ScryptHash
- func (h *ScryptHash) Hash(password string) (digest Digest, err error)
- func (h *ScryptHash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
- func (h *ScryptHash) MustHash(password string) (digest Digest)
- func (h *ScryptHash) Validate() (err error)
- func (h *ScryptHash) WithKeySize(size int) *ScryptHash
- func (h *ScryptHash) WithLN(rounds int) *ScryptHash
- func (h *ScryptHash) WithP(parallelism int) *ScryptHash
- func (h *ScryptHash) WithR(blockSize int) *ScryptHash
- func (h *ScryptHash) WithSaltSize(size int) *ScryptHash
Constants ¶
const ( AlgorithmPrefixPlainText = "plaintext" AlgorithmPrefixBase64 = "base64" AlgorithmPrefixArgon2i = "argon2i" AlgorithmPrefixArgon2d = "argon2d" AlgorithmPrefixArgon2id = "argon2id" AlgorithmPrefixBcrypt = "2b" AlgorithmPrefixBcryptSHA256 = "bcrypt-sha256" AlgorithmPrefixSHA256 = "5" AlgorithmPrefixSHA512 = "6" AlgorithmPrefixScrypt = "scrypt" AlgorithmPrefixPBKDF2 = "pbkdf2" AlgorithmPrefixPBKDF2SHA1 = "pbkdf2-sha1" AlgorithmPrefixPBKDF2SHA256 = "pbkdf2-sha256" AlgorithmPrefixPBKDF2SHA224 = "pbkdf2-sha224" AlgorithmPrefixPBKDF2SHA384 = "pbkdf2-sha384" AlgorithmPrefixPBKDF2SHA512 = "pbkdf2-sha512" )
Algorithm Prefixes.
const ( StorageFormatPrefixLDAPCrypt = "{CRYPT}" StorageFormatPrefixLDAPArgon2 = "{ARGON2}" StorageDelimiter = "$" StorageFormatSHACrypt = "$%s$rounds=%d$%s$%s" StorageFormatArgon2 = "$%s$v=%d$m=%d,t=%d,p=%d$%s$%s" StorageFormatScrypt = "$%s$ln=%d,r=%d,p=%d$%s$%s" StorageFormatBcrypt = "$%s$%d$%s%s" StorageFormatBcryptSHA256 = "$%s$v=2,t=%s,r=%d$%s$%s" StorageFormatPBKDF2 = "$%s$%d$%s$%s" StorageFormatSimple = "$%s$%s" )
Storage Formats.
Variables ¶
var ( // ErrEncodedHashInvalidFormat is an error returned when an encoded hash has an invalid format. ErrEncodedHashInvalidFormat = errors.New("provided encoded hash has an invalid format") // ErrEncodedHashInvalidIdentifier is an error returned when an encoded hash has an invalid identifier for the // given digest. ErrEncodedHashInvalidIdentifier = errors.New("provided encoded hash has an invalid identifier") // ErrEncodedHashInvalidVersion is an error returned when an encoded hash has an unsupported or otherwise invalid // version. ErrEncodedHashInvalidVersion = errors.New("provided encoded hash has an invalid version") // ErrEncodedHashInvalidOption is an error returned when an encoded hash has an unsupported or otherwise invalid // option in the option field. ErrEncodedHashInvalidOption = errors.New("provided encoded hash has an invalid option") // ErrEncodedHashInvalidOptionKey is an error returned when an encoded hash has an unknown or otherwise invalid // option key in the option field. ErrEncodedHashInvalidOptionKey = errors.New("provided encoded hash has an invalid option key") // ErrEncodedHashInvalidOptionValue is an error returned when an encoded hash has an unknown or otherwise invalid // option value in the option field. ErrEncodedHashInvalidOptionValue = errors.New("provided encoded hash has an invalid option value") // ErrEncodedHashKeyEncoding is an error returned when an encoded hash has a salt with an invalid or unsupported // encoding. ErrEncodedHashKeyEncoding = errors.New("provided encoded hash has a key value that can't be decoded") // ErrEncodedHashSaltEncoding is an error returned when an encoded hash has a salt with an invalid or unsupported // encoding. ErrEncodedHashSaltEncoding = errors.New("provided encoded hash has a salt value that can't be decoded") // ErrKeyDerivation is returned when a Key function returns an error. ErrKeyDerivation = errors.New("failed to derive the key with the provided parameters") // ErrSaltEncoding is an error returned when a salt has an invalid or unsupported encoding. ErrSaltEncoding = errors.New("provided salt has a value that can't be decoded") // ErrPasswordInvalid is an error returned when a password has an invalid or unsupported properties. It is NOT // returned on password mismatches. ErrPasswordInvalid = errors.New("password is invalid") // ErrSaltInvalid is an error returned when a salt has an invalid or unsupported properties. ErrSaltInvalid = errors.New("salt is invalid") // ErrSaltReadRandomBytes is an error returned when generating the random bytes for salt resulted in an error. ErrSaltReadRandomBytes = errors.New("could not read random bytes for salt") // ErrParameterInvalid is an error returned when a parameter has an invalid value. ErrParameterInvalid = errors.New("parameter is invalid") )
Functions ¶
func CheckPassword ¶
CheckPassword takes the string password and an encoded digest. It decodes the Digest, then performs the MatchAdvanced() function on the Digest. If any process returns an error it returns false with the error, otherwise it returns the result of MatchAdvanced(). This is just a helper function and implementers can manually invoke this process themselves in situations where they may want to store the Digest to perform matches at a later date to avoid decoding multiple times for example.
func CheckPasswordWithPlainText ¶
CheckPasswordWithPlainText is the same as CheckPassword however it uses DecodeWithPlainText instead.
func NormalizeEncodedDigest ¶
NormalizeEncodedDigest helps normalize encoded digest strings from sources which don't use the same format as this library.
Types ¶
type Argon2Digest ¶
type Argon2Digest struct {
// contains filtered or unexported fields
}
Argon2Digest is a digest which handles Argon2 hashes like Argon2id, Argon2i, and Argon2d.
func (*Argon2Digest) Decode ¶
func (d *Argon2Digest) Decode(encodedDigest string) (err error)
Decode takes an encodedDigest string and parses it into this Digest.
func (*Argon2Digest) Encode ¶
func (d *Argon2Digest) Encode() (encodedHash string)
Encode returns the encoded form of this Digest.
func (*Argon2Digest) Match ¶
func (d *Argon2Digest) Match(password string) (match bool)
Match returns true if the string password matches the current Digest.
func (*Argon2Digest) MatchAdvanced ¶
func (d *Argon2Digest) MatchAdvanced(password string) (match bool, err error)
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (*Argon2Digest) MatchBytes ¶
func (d *Argon2Digest) MatchBytes(passwordBytes []byte) (match bool)
MatchBytes returns true if the []byte passwordBytes matches the current Digest.
func (*Argon2Digest) MatchBytesAdvanced ¶
func (d *Argon2Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
func (*Argon2Digest) String ¶
func (d *Argon2Digest) String() string
String returns the storable format of the Digest encoded hash.
type Argon2Hash ¶
type Argon2Hash struct {
// contains filtered or unexported fields
}
Argon2Hash is a Hash for Argon2 which provides a builder design pattern.
func NewArgon2DHash ¶
func NewArgon2DHash() *Argon2Hash
NewArgon2DHash returns a *Argon2Hash with just the D variant configured. This defaults to the low memory RFC9106 low memory profile.
func NewArgon2Hash ¶
func NewArgon2Hash() *Argon2Hash
NewArgon2Hash returns a *Argon2Hash without any settings configured. This defaults to the id variant with the low memory RFC9106 low memory profile.
func NewArgon2IDHash ¶
func NewArgon2IDHash() *Argon2Hash
NewArgon2IDHash returns a *Argon2Hash with just the ID variant configured. This defaults to the low memory RFC9106 low memory profile.
func NewArgon2IHash ¶
func NewArgon2IHash() *Argon2Hash
NewArgon2IHash returns a *Argon2Hash with just the I variant configured. This defaults to the low memory RFC9106 low memory profile.
func (*Argon2Hash) CopyParamsTo ¶
func (h *Argon2Hash) CopyParamsTo(hash *Argon2Hash)
CopyParamsTo copies all parameters from this Argon2Hash to another *Argon2Hash.
func (*Argon2Hash) CopyUnsetParamsTo ¶
func (h *Argon2Hash) CopyUnsetParamsTo(hash *Argon2Hash)
CopyUnsetParamsTo copies all parameters from this Argon2Hash to another *Argon2Hash where the parameters are unset.
func (*Argon2Hash) Hash ¶
func (h *Argon2Hash) Hash(password string) (hashed Digest, err error)
Hash performs the hashing operation and returns either a Digest or an error.
func (*Argon2Hash) HashWithSalt ¶
func (h *Argon2Hash) HashWithSalt(password string, salt []byte) (hashed Digest, err error)
HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.
func (*Argon2Hash) MustHash ¶
func (h *Argon2Hash) MustHash(password string) (hashed Digest)
MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.
func (*Argon2Hash) Validate ¶
func (h *Argon2Hash) Validate() (err error)
Validate checks the settings/parameters for this Hash and returns an error.
func (*Argon2Hash) WithK ¶
func (h *Argon2Hash) WithK(length int) *Argon2Hash
WithK adjusts the key length of the resulting Argon2Digest hash. Default is 32.
func (*Argon2Hash) WithM ¶
func (h *Argon2Hash) WithM(bytes int) *Argon2Hash
WithM sets the m parameter in bytes of the resulting Argon2Digest hash. Default is 32768.
func (*Argon2Hash) WithP ¶
func (h *Argon2Hash) WithP(parallelism int) *Argon2Hash
WithP sets the p parameter of the resulting Argon2Digest hash. Default is 4.
func (*Argon2Hash) WithProfile ¶
func (h *Argon2Hash) WithProfile(profile Argon2Profile) *Argon2Hash
WithProfile sets a specific Argon2Profile.
func (*Argon2Hash) WithS ¶
func (h *Argon2Hash) WithS(length int) *Argon2Hash
WithS adjusts the salt length of the resulting Argon2Digest hash. Default is 16.
func (*Argon2Hash) WithT ¶
func (h *Argon2Hash) WithT(time int) *Argon2Hash
WithT sets the t parameter of the resulting Argon2Digest hash. Default is 4.
func (*Argon2Hash) WithVariant ¶
func (h *Argon2Hash) WithVariant(variant Argon2Variant) *Argon2Hash
WithVariant adjusts the variant of the Argon2Digest algorithm. Valid values are I, D, ID. Default is argon2id.
type Argon2Profile ¶
type Argon2Profile int
Argon2Profile represents a hashing profile for Argon2Hash.
const ( // Argon2ProfileRFC9106LowMemory is the RFC9106 low memory profile. Argon2ProfileRFC9106LowMemory Argon2Profile = iota // Argon2ProfileRFC9106Recommended is the RFC9106 recommended profile. Argon2ProfileRFC9106Recommended )
func (Argon2Profile) Params ¶
func (p Argon2Profile) Params() *Argon2Hash
Params returns the Argon2Profile parameters as a Argon2Hash.
type Argon2Variant ¶
type Argon2Variant int
Argon2Variant is a variant of the Argon2Digest.
const ( // Argon2VariantNone is a variant of the Argon2Digest which is unknown. Argon2VariantNone Argon2Variant = iota // Argon2VariantD is the argon2d variant of the Argon2Digest. Argon2VariantD // Argon2VariantI is the argon2i variant of the Argon2Digest. Argon2VariantI // Argon2VariantID is the argon2id variant of the Argon2Digest. Argon2VariantID )
func NewArgon2Variant ¶
func NewArgon2Variant(identifier string) (variant Argon2Variant)
NewArgon2Variant converts an identifier string to a Argon2Variant.
func (Argon2Variant) KeyFunc ¶
func (v Argon2Variant) KeyFunc() argon2.KeyFunc
KeyFunc returns the KeyFunc of this Argon2Variant.
func (Argon2Variant) Prefix ¶
func (v Argon2Variant) Prefix() (prefix string)
Prefix returns the Argon2Variant prefix identifier.
type BcryptDigest ¶
type BcryptDigest struct {
// contains filtered or unexported fields
}
BcryptDigest is a digest which handles bcrypt hashes.
func (*BcryptDigest) Decode ¶
func (d *BcryptDigest) Decode(encodedDigest string) (err error)
Decode takes an encodedDigest string and parses it into this Digest.
func (*BcryptDigest) Encode ¶
func (d *BcryptDigest) Encode() string
Encode returns the encoded form of this digest.
func (BcryptDigest) Match ¶
func (d BcryptDigest) Match(password string) (match bool)
Match returns true if the string password matches the current Digest.
func (BcryptDigest) MatchAdvanced ¶
func (d BcryptDigest) MatchAdvanced(password string) (match bool, err error)
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (BcryptDigest) MatchBytes ¶
func (d BcryptDigest) MatchBytes(passwordBytes []byte) (match bool)
MatchBytes returns true if the []byte passwordBytes matches the current Digest.
func (BcryptDigest) MatchBytesAdvanced ¶
func (d BcryptDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
func (BcryptDigest) String ¶
func (d BcryptDigest) String() string
String returns the storable format of the Digest encoded hash.
type BcryptHash ¶
type BcryptHash struct {
// contains filtered or unexported fields
}
BcryptHash is a Hash for bcrypt which provides a builder design pattern.
func NewBcryptHash ¶
func NewBcryptHash() *BcryptHash
NewBcryptHash returns a *BcryptHash without any settings configured.
func NewBcryptSHA256Hash ¶
func NewBcryptSHA256Hash() *BcryptHash
NewBcryptSHA256Hash returns a SHA256 variant *BcryptHash without any settings configured.
func (*BcryptHash) Hash ¶
func (h *BcryptHash) Hash(password string) (digest Digest, err error)
Hash performs the hashing operation and returns either a Digest or an error.
func (*BcryptHash) HashWithSalt ¶
func (h *BcryptHash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.
func (*BcryptHash) MustHash ¶
func (h *BcryptHash) MustHash(password string) (digest Digest)
MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.
func (*BcryptHash) Validate ¶
func (h *BcryptHash) Validate() (err error)
Validate checks the settings/parameters for this Hash and returns an error.
func (*BcryptHash) WithCost ¶
func (h *BcryptHash) WithCost(cost int) *BcryptHash
WithCost sets the cost parameter of the resulting Bcrypt hash. Default is 12.
func (*BcryptHash) WithVariant ¶
func (h *BcryptHash) WithVariant(variant BcryptVariant) *BcryptHash
WithVariant adjusts the variant of the BcryptDigest algorithm.
func (*BcryptHash) WithoutValidation ¶
func (h *BcryptHash) WithoutValidation() *BcryptHash
WithoutValidation disables the validation and allows potentially unsafe values. Use at your own risk.
type BcryptVariant ¶
type BcryptVariant int
BcryptVariant is a variant of the Argon2Digest.
const ( // BcryptVariantNone is a variant of the BcryptDigest which is unknown. BcryptVariantNone BcryptVariant = iota // BcryptVariantStandard is the standard variant of BcryptDigest. BcryptVariantStandard // BcryptVariantSHA256 is the variant of BcryptDigest which hashes the password with SHA-256. BcryptVariantSHA256 )
func NewBcryptVariant ¶
func NewBcryptVariant(identifier string) (variant BcryptVariant)
NewBcryptVariant converts an identifier string to a Argon2Variant.
func (BcryptVariant) Encode ¶
func (v BcryptVariant) Encode(cost int, version string, salt, key []byte) (f string)
Encode formats the variant encoded Digest.
func (BcryptVariant) EncodeInput ¶
func (v BcryptVariant) EncodeInput(src, salt []byte) (dst []byte)
EncodeInput returns the appropriate algorithm input.
func (BcryptVariant) PasswordMaxLength ¶
func (v BcryptVariant) PasswordMaxLength() int
PasswordMaxLength returns -1 if the variant has no max length, otherwise returns the maximum password length.
func (BcryptVariant) Prefix ¶
func (v BcryptVariant) Prefix() (prefix string)
Prefix returns the Argon2Variant prefix identifier.
type Digest ¶
type Digest interface { fmt.Stringer Matcher Encode() (hash string) Decode(encodedDigest string) (err error) }
Digest represents a hashed password. It's implemented by all hashed password results so that when we pass a stored hash into its relevant type we can verify the password against the hash.
func DecodeWithPlainText ¶
DecodeWithPlainText is an extended version of Decode but also explicitly allows decoding plain text storage formats.
type Hash ¶
type Hash interface { // Validate checks the hasher configuration to ensure it's valid. This should be used when the Hash is going to be // reused and you should use it in conjunction with MustHash. Validate() (err error) // Hash performs the hashing operation on a password and resets any relevant parameters such as a manually set salt. // It then returns a Digest and error. Hash(password string) (hashed Digest, err error) // HashWithSalt is an overload of Digest that also accepts a salt. HashWithSalt(password string, salt []byte) (hashed Digest, err error) // MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this method to // utilize the Validate method first or handle the panic appropriately. MustHash(password string) (hashed Digest) }
Hash is an interface which implements password hashing.
type Matcher ¶
type Matcher interface { Match(password string) (match bool) MatchBytes(passwordBytes []byte) (match bool) MatchAdvanced(password string) (match bool, err error) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error) }
Matcher is an interface used to match passwords.
type PBKDF2Digest ¶
type PBKDF2Digest struct {
// contains filtered or unexported fields
}
PBKDF2Digest is a Digest which handles PBKDF2 hashes.
func (*PBKDF2Digest) Decode ¶
func (d *PBKDF2Digest) Decode(encodedDigest string) (err error)
Decode takes an encodedDigest string and parses it into this Digest.
func (*PBKDF2Digest) Encode ¶
func (d *PBKDF2Digest) Encode() string
Encode returns the encoded form of this digest.
func (*PBKDF2Digest) Match ¶
func (d *PBKDF2Digest) Match(password string) (match bool)
Match returns true if the string password matches the current Digest.
func (*PBKDF2Digest) MatchAdvanced ¶
func (d *PBKDF2Digest) MatchAdvanced(password string) (match bool, err error)
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (*PBKDF2Digest) MatchBytes ¶
func (d *PBKDF2Digest) MatchBytes(passwordBytes []byte) (match bool)
MatchBytes returns true if the []byte passwordBytes matches the current Digest.
func (*PBKDF2Digest) MatchBytesAdvanced ¶
func (d *PBKDF2Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
func (*PBKDF2Digest) String ¶
func (d *PBKDF2Digest) String() string
String returns the storable format of the Digest encoded hash.
type PBKDF2Hash ¶
type PBKDF2Hash struct {
// contains filtered or unexported fields
}
PBKDF2Hash is a Hash for PBKDF2 which provides a builder design pattern.
func NewPBKDF2Hash ¶
func NewPBKDF2Hash() *PBKDF2Hash
NewPBKDF2Hash returns a *PBKDF2Hash without any settings configured.
func NewPBKDF2SHA1Hash ¶
func NewPBKDF2SHA1Hash() *PBKDF2Hash
NewPBKDF2SHA1Hash returns a SHA1 variant *PBKDF2Hash without any settings configured.
func NewPBKDF2SHA224Hash ¶
func NewPBKDF2SHA224Hash() *PBKDF2Hash
NewPBKDF2SHA224Hash returns a SHA224 variant *PBKDF2Hash without any settings configured.
func NewPBKDF2SHA256Hash ¶
func NewPBKDF2SHA256Hash() *PBKDF2Hash
NewPBKDF2SHA256Hash returns a SHA256 variant *PBKDF2Hash without any settings configured.
func NewPBKDF2SHA384Hash ¶
func NewPBKDF2SHA384Hash() *PBKDF2Hash
NewPBKDF2SHA384Hash returns a SHA384 variant *PBKDF2Hash without any settings configured.
func NewPBKDF2SHA512Hash ¶
func NewPBKDF2SHA512Hash() *PBKDF2Hash
NewPBKDF2SHA512Hash returns a SHA512 variant *PBKDF2Hash without any settings configured.
func (*PBKDF2Hash) Hash ¶
func (h *PBKDF2Hash) Hash(password string) (digest Digest, err error)
Hash performs the hashing operation and returns either a Digest or an error.
func (*PBKDF2Hash) HashWithSalt ¶
func (h *PBKDF2Hash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.
func (*PBKDF2Hash) MustHash ¶
func (h *PBKDF2Hash) MustHash(password string) (digest Digest)
MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.
func (*PBKDF2Hash) Validate ¶
func (h *PBKDF2Hash) Validate() (err error)
Validate checks the settings/parameters for this Hash and returns an error.
func (*PBKDF2Hash) WithIterations ¶
func (h *PBKDF2Hash) WithIterations(iterations int) *PBKDF2Hash
WithIterations sets the iterations parameter of the resulting PBKDF2Digest. Default is 29000.
func (*PBKDF2Hash) WithKeyLength ¶
func (h *PBKDF2Hash) WithKeyLength(bytes int) *PBKDF2Hash
WithKeyLength adjusts the key size (in bytes) of the resulting PBKDF2Digest. Default is 32.
func (*PBKDF2Hash) WithSaltLength ¶
func (h *PBKDF2Hash) WithSaltLength(bytes int) *PBKDF2Hash
WithSaltLength adjusts the salt size (in bytes) of the resulting PBKDF2Digest. Default is 16.
func (*PBKDF2Hash) WithVariant ¶
func (h *PBKDF2Hash) WithVariant(variant PBKDF2Variant) *PBKDF2Hash
WithVariant configures the PBKDF2Variant.
func (*PBKDF2Hash) WithoutValidation ¶
func (h *PBKDF2Hash) WithoutValidation() *PBKDF2Hash
WithoutValidation disables the validation and allows potentially unsafe values. Use at your own risk.
type PBKDF2Variant ¶
type PBKDF2Variant int
PBKDF2Variant is a variant of the PBKDF2Digest.
const ( // PBKDF2VariantNone is a variant of the PBKDF2Digest which is unknown. PBKDF2VariantNone PBKDF2Variant = iota // PBKDF2VariantSHA1 is a variant of the PBKDF2Digest which uses HMAC-SHA-1. PBKDF2VariantSHA1 // PBKDF2VariantSHA224 is a variant of the PBKDF2Digest which uses HMAC-SHA-224. PBKDF2VariantSHA224 // PBKDF2VariantSHA256 is a variant of the PBKDF2Digest which uses HMAC-SHA-256. PBKDF2VariantSHA256 // PBKDF2VariantSHA384 is a variant of the PBKDF2Digest which uses HMAC-SHA-384. PBKDF2VariantSHA384 // PBKDF2VariantSHA512 is a variant of the PBKDF2Digest which uses HMAC-SHA-512. PBKDF2VariantSHA512 )
func NewPBKDF2Variant ¶
func NewPBKDF2Variant(identifier string) (variant PBKDF2Variant)
NewPBKDF2Variant converts an identifier string to a PBKDF2Variant.
func (PBKDF2Variant) HashFunc ¶
func (v PBKDF2Variant) HashFunc() HashFunc
HashFunc returns the internal HMAC HashFunc.
func (PBKDF2Variant) Prefix ¶
func (v PBKDF2Variant) Prefix() (prefix string)
Prefix returns the PlainTextVariant prefix identifier.
type PlainTextDigest ¶
type PlainTextDigest struct {
// contains filtered or unexported fields
}
PlainTextDigest is a Digest which handles plain text matching.
func NewBase64Digest ¶
func NewBase64Digest(password string) (digest PlainTextDigest)
NewBase64Digest creates a new PlainTextDigest using the Base64 PlainTextVariant.
func NewPlainTextDigest ¶
func NewPlainTextDigest(password string) (digest PlainTextDigest)
NewPlainTextDigest creates a new PlainTextDigest using the PlainText PlainTextVariant.
func (*PlainTextDigest) Decode ¶
func (d *PlainTextDigest) Decode(encodedDigest string) (err error)
Decode takes an encodedDigest string and parses it into this Digest.
func (*PlainTextDigest) Encode ¶
func (d *PlainTextDigest) Encode() string
Encode returns the encoded form of this digest.
func (*PlainTextDigest) Match ¶
func (d *PlainTextDigest) Match(password string) (match bool)
Match returns true if the string password matches the current Digest.
func (*PlainTextDigest) MatchAdvanced ¶
func (d *PlainTextDigest) MatchAdvanced(password string) (match bool, err error)
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (*PlainTextDigest) MatchBytes ¶
func (d *PlainTextDigest) MatchBytes(passwordBytes []byte) (match bool)
MatchBytes returns true if the []byte passwordBytes matches the current Digest.
func (*PlainTextDigest) MatchBytesAdvanced ¶
func (d *PlainTextDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
func (*PlainTextDigest) String ¶
func (d *PlainTextDigest) String() string
String returns the storable format of the Digest encoded hash.
type PlainTextVariant ¶
type PlainTextVariant int
PlainTextVariant is a variant of the PlainTextDigest.
const ( // PlainTextVariantNone is a variant of the PlainTextDigest which is unknown. PlainTextVariantNone PlainTextVariant = iota // PlainTextVariantPlainText is a variant of the PlainTextDigest which stores the key as plain text. PlainTextVariantPlainText // PlainTextVariantBase64 is a variant of the PlainTextDigest which stores the key as a base64 string. PlainTextVariantBase64 )
func NewPlainTextVariant ¶
func NewPlainTextVariant(identifier string) (variant PlainTextVariant)
NewPlainTextVariant converts an identifier string to a PlainTextVariant.
func (PlainTextVariant) Decode ¶
func (v PlainTextVariant) Decode(src string) (dst []byte, err error)
Decode performs the decode operation for this PlainTextVariant.
func (PlainTextVariant) Encode ¶
func (v PlainTextVariant) Encode(src []byte) (dst string)
Encode performs the encode operation for this PlainTextVariant.
func (PlainTextVariant) Prefix ¶
func (v PlainTextVariant) Prefix() (prefix string)
Prefix returns the PlainTextVariant prefix identifier.
type SHA2CryptDigest ¶
type SHA2CryptDigest struct {
// contains filtered or unexported fields
}
SHA2CryptDigest is a digest which handles SHA2 Crypt hashes like SHA256 or SHA512.
func (*SHA2CryptDigest) Decode ¶
func (d *SHA2CryptDigest) Decode(encodedDigest string) (err error)
Decode a password hash into this SHA2CryptDigest. Returns an error if the supplied encoded hash string cannot be decoded as a SHA2CryptDigest.
func (*SHA2CryptDigest) Encode ¶
func (d *SHA2CryptDigest) Encode() (hash string)
Encode this SHA2CryptDigest as a string for storage.
func (SHA2CryptDigest) Match ¶
func (d SHA2CryptDigest) Match(password string) (match bool)
Match returns true if the string password matches the current Digest.
func (SHA2CryptDigest) MatchAdvanced ¶
func (d SHA2CryptDigest) MatchAdvanced(password string) (match bool, err error)
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (SHA2CryptDigest) MatchBytes ¶
func (d SHA2CryptDigest) MatchBytes(passwordBytes []byte) (match bool)
MatchBytes returns true if the []byte passwordBytes matches the current Digest.
func (SHA2CryptDigest) MatchBytesAdvanced ¶
func (d SHA2CryptDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
func (SHA2CryptDigest) String ¶
func (d SHA2CryptDigest) String() string
String returns the storable format of the SHA2CryptDigest hash utilizing fmt.Sprintf and StorageFormatSHACrypt.
type SHA2CryptHash ¶
type SHA2CryptHash struct {
// contains filtered or unexported fields
}
SHA2CryptHash is a Hash for SHA2Crypt which provides a builder design pattern.
func NewSHA2CryptHash ¶
func NewSHA2CryptHash() *SHA2CryptHash
NewSHA2CryptHash returns a *SHA2CryptHash without any settings configured. This defaults to a SHA512 hash.Hash with 1000000 rounds. These settings can be overridden with the methods with the With prefix.
func NewSHA2CryptSHA256Hash ¶
func NewSHA2CryptSHA256Hash() *SHA2CryptHash
NewSHA2CryptSHA256Hash returns a *SHA2CryptHash with the SHA256 hash.Hash which defaults to 1000000 rounds. These settings can be overridden with the methods with the With prefix.
func NewSHA2CryptSHA512Hash ¶
func NewSHA2CryptSHA512Hash() *SHA2CryptHash
NewSHA2CryptSHA512Hash returns a *SHA2CryptHash with the SHA512 hash.Hash which defaults to 1000000 rounds. These settings can be overridden with the methods with the With prefix.
func (*SHA2CryptHash) Hash ¶
func (h *SHA2CryptHash) Hash(password string) (digest Digest, err error)
Hash performs the hashing operation and returns either a Digest or an error.
func (*SHA2CryptHash) HashWithSalt ¶
func (h *SHA2CryptHash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.
func (*SHA2CryptHash) MustHash ¶
func (h *SHA2CryptHash) MustHash(password string) (digest Digest)
MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.
func (*SHA2CryptHash) Validate ¶
func (h *SHA2CryptHash) Validate() (err error)
Validate checks the settings/parameters for this Hash and returns an error.
func (*SHA2CryptHash) WithRounds ¶
func (h *SHA2CryptHash) WithRounds(rounds int) *SHA2CryptHash
WithRounds sets the rounds parameter of the resulting SHA2CryptDigest. Default is 1000000.
func (*SHA2CryptHash) WithSHA256 ¶
func (h *SHA2CryptHash) WithSHA256() *SHA2CryptHash
WithSHA256 adjusts this SHA2CryptHash to utilize the SHA256 hash.Hash.
func (*SHA2CryptHash) WithSHA512 ¶
func (h *SHA2CryptHash) WithSHA512() *SHA2CryptHash
WithSHA512 adjusts this SHA2CryptHash to utilize the SHA512 hash.Hash.
func (*SHA2CryptHash) WithSaltLength ¶
func (h *SHA2CryptHash) WithSaltLength(bytes int) *SHA2CryptHash
WithSaltLength adjusts the salt size (in bytes) of the resulting SHA2CryptDigest. Minimum 1, Maximum 16. Default is 16.
func (*SHA2CryptHash) WithVariant ¶
func (h *SHA2CryptHash) WithVariant(variant SHA2CryptVariant) *SHA2CryptHash
WithVariant adjusts this SHA2CryptHash to utilize the provided variant.
func (*SHA2CryptHash) WithoutValidation ¶
func (h *SHA2CryptHash) WithoutValidation() *SHA2CryptHash
WithoutValidation disables the validation and allows potentially unsafe values. Use at your own risk.
type SHA2CryptVariant ¶
type SHA2CryptVariant int
SHA2CryptVariant is a variant of the SHA2CryptDigest.
const ( // SHA2CryptVariantNone is a variant of the SHA2CryptDigest which is unknown. SHA2CryptVariantNone SHA2CryptVariant = iota // SHA2CryptVariantSHA256 is a variant of the SHA2CryptDigest which uses SHA-256. SHA2CryptVariantSHA256 // SHA2CryptVariantSHA512 is a variant of the SHA2CryptDigest which uses SHA-512. SHA2CryptVariantSHA512 )
func NewSHA2CryptVariant ¶
func NewSHA2CryptVariant(identifier string) SHA2CryptVariant
NewSHA2CryptVariant converts an identifier string to a SHA2CryptVariant.
func (SHA2CryptVariant) HashFunc ¶
func (v SHA2CryptVariant) HashFunc() HashFunc
HashFunc returns the internal HMAC HashFunc.
func (SHA2CryptVariant) Name ¶
func (v SHA2CryptVariant) Name() (s string)
Name returns the SHA2CryptVariant name.
func (SHA2CryptVariant) Prefix ¶
func (v SHA2CryptVariant) Prefix() (prefix string)
Prefix returns the SHA2CryptVariant prefix identifier.
type ScryptDigest ¶
type ScryptDigest struct {
// contains filtered or unexported fields
}
ScryptDigest is a Digest which handles scrypt hashes.
func (*ScryptDigest) Decode ¶
func (d *ScryptDigest) Decode(encodedDigest string) (err error)
Decode takes an encodedDigest string and parses it into this Digest.
func (*ScryptDigest) Encode ¶
func (d *ScryptDigest) Encode() string
Encode returns the encoded form of this Digest.
func (*ScryptDigest) Match ¶
func (d *ScryptDigest) Match(password string) (match bool)
Match returns true if the string password matches the current Digest.
func (*ScryptDigest) MatchAdvanced ¶
func (d *ScryptDigest) MatchAdvanced(password string) (match bool, err error)
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (*ScryptDigest) MatchBytes ¶
func (d *ScryptDigest) MatchBytes(passwordBytes []byte) (match bool)
MatchBytes returns true if the []byte passwordBytes matches the current Digest.
func (*ScryptDigest) MatchBytesAdvanced ¶
func (d *ScryptDigest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
func (*ScryptDigest) String ¶
func (d *ScryptDigest) String() string
String returns the storable format of the Digest encoded hash.
type ScryptHash ¶
type ScryptHash struct {
// contains filtered or unexported fields
}
ScryptHash is a Hash for scrypt which provides a builder design pattern.
func NewScryptHash ¶
func NewScryptHash() *ScryptHash
NewScryptHash returns a *ScryptHash without any settings configured.
func (*ScryptHash) Hash ¶
func (h *ScryptHash) Hash(password string) (digest Digest, err error)
Hash performs the hashing operation and returns either a Digest or an error.
func (*ScryptHash) HashWithSalt ¶
func (h *ScryptHash) HashWithSalt(password string, salt []byte) (digest Digest, err error)
HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.
func (*ScryptHash) MustHash ¶
func (h *ScryptHash) MustHash(password string) (digest Digest)
MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.
func (*ScryptHash) Validate ¶
func (h *ScryptHash) Validate() (err error)
Validate checks the settings/parameters for this Hash and returns an error.
func (*ScryptHash) WithKeySize ¶
func (h *ScryptHash) WithKeySize(size int) *ScryptHash
WithKeySize adjusts the key size of the resulting Scrypt hash. Default is 32.
func (*ScryptHash) WithLN ¶
func (h *ScryptHash) WithLN(rounds int) *ScryptHash
WithLN sets the ln parameter (logN) of the resulting Scrypt hash. Default is 16.
func (*ScryptHash) WithP ¶
func (h *ScryptHash) WithP(parallelism int) *ScryptHash
WithP sets the p parameter (parallelism) of the resulting Scrypt hash. Default is 1.
func (*ScryptHash) WithR ¶
func (h *ScryptHash) WithR(blockSize int) *ScryptHash
WithR sets the r parameter (block size) of the resulting Scrypt hash. Default is 8.
func (*ScryptHash) WithSaltSize ¶
func (h *ScryptHash) WithSaltSize(size int) *ScryptHash
WithSaltSize adjusts the salt size of the resulting Scrypt hash. Default is 16.
Source Files ¶
- argon2.go
- argon2_digest.go
- argon2_profile.go
- argon2_variant.go
- bcrypt.go
- bcrypt_digest.go
- bcrypt_variant.go
- const.go
- errors.go
- helpers.go
- pbkdf2.go
- pbkdf2_digest.go
- pbkdf2_variant.go
- plaintext_digest.go
- plaintext_variant.go
- scrypt.go
- scrypt_digest.go
- sha2crypt.go
- sha2crypt_digest.go
- sha2crypt_variant.go
- types.go
- util.go