pbkdf2

package
v0.2.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2024 License: MIT Imports: 11 Imported by: 1

Documentation

Overview

Package pbkdf2 provides helpful abstractions for an implementation of PBKDF2 and implements github.com/go-crypt/crypt interfaces.

This implementation is loaded by crypt.NewDefaultDecoder and crypt.NewDecoderAll.

Index

Constants

View Source 
const (
	// EncodingFmt is the encoding format for this algorithm.
	EncodingFmt = "$%s$%d$%s$%s"

	// AlgName is the name for this algorithm.
	AlgName = "pbkdf2"

	// AlgIdentifier is the identifier used in encoded digests for this algorithm.
	AlgIdentifier = AlgName

	// AlgIdentifierSHA1 is the identifier used in encoded SHA1 variants of this algorithm.
	AlgIdentifierSHA1 = "pbkdf2-sha1"

	// AlgIdentifierSHA224 is the identifier used in encoded SHA224 variants of this algorithm.
	AlgIdentifierSHA224 = "pbkdf2-sha224"

	// AlgIdentifierSHA256 is the identifier used in encoded SHA256 variants of this algorithm.
	AlgIdentifierSHA256 = "pbkdf2-sha256"

	// AlgIdentifierSHA384 is the identifier used in encoded SHA384 variants of this algorithm.
	AlgIdentifierSHA384 = "pbkdf2-sha384"

	// AlgIdentifierSHA512 is the identifier used in encoded SHA512 variants of this algorithm.
	AlgIdentifierSHA512 = "pbkdf2-sha512"

	// KeyLengthMax is the maximum tag size accepted.
	KeyLengthMax = math.MaxInt32

	// SaltLengthMin is the minimum salt size accepted.
	SaltLengthMin = 8

	// SaltLengthMax is the maximum salt size accepted.
	SaltLengthMax = math.MaxInt32

	// IterationsMin is the minimum iterations accepted.
	IterationsMin = 100000

	// IterationsMax is the maximum iterations accepted.
	IterationsMax = math.MaxInt32

	// IterationsDefaultSHA1 is the default iterations for algorithms SHA1 and SHA224.
	IterationsDefaultSHA1 = 720000

	// IterationsDefaultSHA256 is the default iterations for algorithms SHA256 and SHA384.
	IterationsDefaultSHA256 = 310000

	// IterationsDefaultSHA512 is the default iterations for algorithms SHA512.
	IterationsDefaultSHA512 = 120000
)

Variables

This section is empty.

Functions

func Decode 

func Decode(encodedDigest string) (digest algorithm.Digest, err error)

Decode the encoded digest into a algorithm.Digest.

func DecodeVariant 

func DecodeVariant(v Variant) func(encodedDigest string) (digest algorithm.Digest, err error)

DecodeVariant the encoded digest into a algorithm.Digest provided it matches the provided pbkdf2.Variant. If pbkdf2.VariantNone is used all variants can be decoded.

func RegisterDecoder 

func RegisterDecoder(r algorithm.DecoderRegister) (err error)

RegisterDecoder the decoder with the algorithm.DecoderRegister.

func RegisterDecoderSHA1 

func RegisterDecoderSHA1(r algorithm.DecoderRegister) (err error)

RegisterDecoderSHA1 registers specifically the sha1 decoder variant with the algorithm.DecoderRegister.

func RegisterDecoderSHA224 

func RegisterDecoderSHA224(r algorithm.DecoderRegister) (err error)

RegisterDecoderSHA224 registers specifically the sha224 decoder variant with the algorithm.DecoderRegister.

func RegisterDecoderSHA256 

func RegisterDecoderSHA256(r algorithm.DecoderRegister) (err error)

RegisterDecoderSHA256 registers specifically the sha256 decoder variant with the algorithm.DecoderRegister.

func RegisterDecoderSHA384 

func RegisterDecoderSHA384(r algorithm.DecoderRegister) (err error)

RegisterDecoderSHA384 registers specifically the sha384 decoder variant with the algorithm.DecoderRegister.

func RegisterDecoderSHA512 

func RegisterDecoderSHA512(r algorithm.DecoderRegister) (err error)

RegisterDecoderSHA512 registers specifically the sha512 decoder variant with the algorithm.DecoderRegister.

Types

type Digest 

type Digest struct {
	// contains filtered or unexported fields
}

Digest is a pbkdf2.Digest which handles PBKDF2 hashes.

func (*Digest) Encode 

func (d *Digest) Encode() string

Encode returns the encoded form of this pbkdf2.Digest.

func (*Digest) Match 

func (d *Digest) Match(password string) (match bool)

Match returns true if the string password matches the current pbkdf2.Digest.

func (*Digest) MatchAdvanced 

func (d *Digest) MatchAdvanced(password string) (match bool, err error)

MatchAdvanced is the same as Match except if there is an error it returns that as well.

func (*Digest) MatchBytes 

func (d *Digest) MatchBytes(passwordBytes []byte) (match bool)

MatchBytes returns true if the []byte passwordBytes matches the current pbkdf2.Digest.

func (*Digest) MatchBytesAdvanced 

func (d *Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)

MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.

func (*Digest) String 

func (d *Digest) String() string

String returns the storable format of the pbkdf2.Digest encoded hash.

type Hasher 

type Hasher struct {
	// contains filtered or unexported fields
}

Hasher is a crypt.Hash for PBKDF2 which can be initialized via pbkdf2.New using a functional options pattern.

func New 

func New(opts ...Opt) (hasher *Hasher, err error)

New returns a *pbkdf2.Hasher with the additional opts applied if any.

func NewSHA1 

func NewSHA1(opts ...Opt) (hasher *Hasher, err error)

NewSHA1 returns a SHA1 variant *pbkdf2.Hasher with the additional opts applied if any.

func NewSHA224 

func NewSHA224(opts ...Opt) (hasher *Hasher, err error)

NewSHA224 returns a SHA224 variant *pbkdf2.Hasher with the additional opts applied if any.

func NewSHA256 

func NewSHA256(opts ...Opt) (hasher *Hasher, err error)

NewSHA256 returns a SHA256 variant *pbkdf2.Hasher with the additional opts applied if any.

func NewSHA384 

func NewSHA384(opts ...Opt) (hasher *Hasher, err error)

NewSHA384 returns a SHA384 variant *pbkdf2.Hasher with the additional opts applied if any.

func NewSHA512 

func NewSHA512(opts ...Opt) (hasher *Hasher, err error)

NewSHA512 returns a SHA512 variant *pbkdf2.Hasher with the additional opts applied if any.

func (*Hasher) Hash 

func (h *Hasher) Hash(password string) (digest algorithm.Digest, err error)

Hash performs the hashing operation and returns either a algorithm.Digest or an error.

func (*Hasher) HashWithSalt 

func (h *Hasher) HashWithSalt(password string, salt []byte) (digest algorithm.Digest, err error)

HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.

func (*Hasher) MustHash 

func (h *Hasher) MustHash(password string) (digest algorithm.Digest)

MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.

func (*Hasher) Validate 

func (h *Hasher) Validate() (err error)

Validate checks the settings/parameters for this Hash and returns an error.

func (*Hasher) WithOptions 

func (h *Hasher) WithOptions(opts ...Opt) (err error)

WithOptions applies the provided functional options provided as a pbkdf2.Opt to the pbkdf2.Hasher.

type Opt 

type Opt func(h *Hasher) (err error)

Opt describes the functional option pattern for the pbkdf2.Hasher.

func WithIterations 

func WithIterations(iterations int) Opt

WithIterations sets the iterations parameter of the resulting pbkdf2.Digest. Minimum is 100000, Maximum is 2147483647. Default is 29000.

func WithKeyLength 

func WithKeyLength(bytes int) Opt

WithKeyLength adjusts the tag length (in bytes) of the resulting pbkdf2.Digest. Default is the output length of the HMAC digest. Generally it's NOT recommended to change this value at all and let the default values be applied. Longer tag lengths technically reduce security by forcing a longer hash calculation for legitimate users but not requiring this for an attacker. In addition most implementations expect the tag length to match the output length of the HMAC digest. This option MUST come after a specific pbkdf2.WithVariant.

func WithSaltLength 

func WithSaltLength(bytes int) Opt

WithSaltLength adjusts the salt size (in bytes) of the resulting pbkdf2.Digest. Minimum is 8, Maximum is 2147483647. Default is 16.

func WithVariant 

func WithVariant(variant Variant) Opt

WithVariant configures the pbkdf2.Variant of the resulting pbkdf2.Digest. Default is pbkdf2.VariantSHA256.

func WithVariantName 

func WithVariantName(identifier string) Opt

WithVariantName uses the variant name or identifier to configure the pbkdf2.Variant of the resulting pbkdf2.Digest. Default is pbkdf2.VariantSHA256.

type Variant 

type Variant int

Variant is a variant of the pbkdf2.Digest. 

const (
	// VariantNone is a variant of the pbkdf2.Digest which is unknown.
	VariantNone Variant = iota

	// VariantSHA1 is a variant of the pbkdf2.Digest which uses HMAC-SHA-1.
	VariantSHA1

	// VariantSHA224 is a variant of the pbkdf2.Digest which uses HMAC-SHA-224.
	VariantSHA224

	// VariantSHA256 is a variant of the pbkdf2.Digest which uses HMAC-SHA-256.
	VariantSHA256

	// VariantSHA384 is a variant of the pbkdf2.Digest which uses HMAC-SHA-384.
	VariantSHA384

	// VariantSHA512 is a variant of the pbkdf2.Digest which uses HMAC-SHA-512.
	VariantSHA512
)

func NewVariant 

func NewVariant(identifier string) (variant Variant)

NewVariant converts an identifier string to a pbkdf2.Variant.

func (Variant) DefaultIterations 

func (v Variant) DefaultIterations() int

DefaultIterations returns the default iterations for a variant.

func (Variant) HashFunc 

func (v Variant) HashFunc() algorithm.HashFunc

HashFunc returns the internal HMAC algorithm.HashFunc.

func (Variant) Prefix 

func (v Variant) Prefix() (prefix string)

Prefix returns the pbkdf2.Variant prefix identifier.

func (Variant) String 

func (v Variant) String() (variant string)

String implements the fmt.Stringer returning a string representation of the pbkdf2.Variant.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.