Documentation ¶
Overview ¶
Package bcrypt provides helpful abstractions for an implementation of bcrypt and implements github.com/go-crypt/crypt interfaces.
This implementation is loaded by crypt.NewDefaultDecoder and crypt.NewDecoderAll.
Index ¶
- Constants
- func Decode(encodedDigest string) (digest algorithm.Digest, err error)
- func DecodeVariant(v Variant) func(encodedDigest string) (digest algorithm.Digest, err error)
- func RegisterDecoder(r algorithm.DecoderRegister) (err error)
- func RegisterDecoderSHA256(r algorithm.DecoderRegister) (err error)
- func RegisterDecoderStandard(r algorithm.DecoderRegister) (err error)
- type Digest
- func (d *Digest) Encode() string
- func (d *Digest) Match(password string) (match bool)
- func (d *Digest) MatchAdvanced(password string) (match bool, err error)
- func (d *Digest) MatchBytes(passwordBytes []byte) (match bool)
- func (d *Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)
- func (d *Digest) String() string
- type Hasher
- func (h *Hasher) Hash(password string) (digest algorithm.Digest, err error)
- func (h *Hasher) HashWithSalt(password string, salt []byte) (digest algorithm.Digest, err error)
- func (h *Hasher) MustHash(password string) (digest algorithm.Digest)
- func (h *Hasher) Validate() (err error)
- func (h *Hasher) WithOptions(opts ...Opt) (err error)
- type Opt
- type Variant
Constants ¶
const ( // EncodingFmt is the encoding format for this algorithm. EncodingFmt = "$%s$%d$%s%s" // EncodingFmtSHA256 is the encoding format for the SHA256 variant of this algorithm. EncodingFmtSHA256 = "$%s$v=2,t=%s,r=%d$%s$%s" // AlgName is the name for this algorithm. AlgName = "bcrypt" // AlgIdentifier is the identifier used in this algorithm. AlgIdentifier = "2b" // AlgIdentifierVariantSHA256 is the identifier used in encoded SHA256 variant of this algorithm. AlgIdentifierVariantSHA256 = "bcrypt-sha256" // AlgIdentifierVerA is the identifier used in this algorithm (version a). AlgIdentifierVerA = "2a" // AlgIdentifierVerX is the identifier used in this algorithm (version x). AlgIdentifierVerX = "2x" // AlgIdentifierVerY is the identifier used in this algorithm (version y). AlgIdentifierVerY = "2y" // AlgIdentifierUnversioned is the identifier used in this algorithm (no version). AlgIdentifierUnversioned = "2" // VariantNameStandard is the variant name of the bcrypt.VariantStandard. VariantNameStandard = "standard" // VariantNameSHA256 is the variant name of the bcrypt.VariantSHA256. VariantNameSHA256 = algorithm.DigestSHA256 // IterationsMin is the minimum iterations accepted. IterationsMin = 10 // IterationsMax is the maximum iterations accepted. IterationsMax = 31 // IterationsDefault is the default iterations. IterationsDefault = 13 // PasswordInputSizeMax is the maximum password input size accepted. PasswordInputSizeMax = 72 )
Variables ¶
This section is empty.
Functions ¶
func DecodeVariant ¶
DecodeVariant the encoded digest into a algorithm.Digest provided it matches the provided bcrypt.Variant. If bcrypt.VariantNone is used all variants can be decoded.
func RegisterDecoder ¶
func RegisterDecoder(r algorithm.DecoderRegister) (err error)
RegisterDecoder the decoder with the algorithm.DecoderRegister.
func RegisterDecoderSHA256 ¶
func RegisterDecoderSHA256(r algorithm.DecoderRegister) (err error)
RegisterDecoderSHA256 registers specifically the sha256 decoder variant with the algorithm.DecoderRegister.
func RegisterDecoderStandard ¶
func RegisterDecoderStandard(r algorithm.DecoderRegister) (err error)
RegisterDecoderStandard registers specifically the standard decoder variant with the algorithm.DecoderRegister.
Types ¶
type Digest ¶
type Digest struct {
// contains filtered or unexported fields
}
Digest is a digest which handles bcrypt hashes.
func (*Digest) MatchAdvanced ¶
MatchAdvanced is the same as Match except if there is an error it returns that as well.
func (*Digest) MatchBytes ¶
MatchBytes returns true if the []byte passwordBytes matches the current bcrypt.Digest.
func (*Digest) MatchBytesAdvanced ¶
MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.
type Hasher ¶
type Hasher struct {
// contains filtered or unexported fields
}
Hasher is a crypt.Hash for bcrypt which can be initialized via bcrypt.New using a functional options pattern.
func NewSHA256 ¶
NewSHA256 returns a new bcrypt.Hasher with the provided functional options applied as well as the bcrypt.VariantSHA256 applied via the bcrypt.WithVariant bcrypt.Opt.
func (*Hasher) Hash ¶
Hash performs the hashing operation and returns either an algorithm.Digest or an error.
func (*Hasher) HashWithSalt ¶
HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.
func (*Hasher) MustHash ¶
MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.
func (*Hasher) Validate ¶
Validate checks the settings/parameters for this bcrypt.Hasher and returns an error.
func (*Hasher) WithOptions ¶
WithOptions applies the provided functional options provided as an bcrypt.Opt to the bcrypt.Hasher.
type Opt ¶
Opt describes the functional option pattern for the bcrypt.Hasher.
func WithIterations ¶
WithIterations sets the iterations parameter of the resulting bcrypt.Digest. Minimum is 10, Maximum is 31. Default is 12.
func WithVariant ¶
WithVariant is used to configure the bcrypt.Variant of the resulting bcrypt.Digest. Default is bcrypt.VariantStandard.
func WithVariantName ¶
WithVariantName uses the variant name or identifier to configure the bcrypt.Variant of the resulting bcrypt.Digest. Default is bcrypt.VariantStandard.
type Variant ¶
type Variant int
Variant is a variant of the bcrypt.Digest.
func NewVariant ¶
NewVariant converts an identifier string to a bcrypt.Variant.
func (Variant) EncodeInput ¶
EncodeInput returns the appropriate algorithm input.
func (Variant) PasswordMaxLength ¶
PasswordMaxLength returns -1 if the variant has no max length, otherwise returns the maximum password length.