argon2

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2024 License: MIT Imports: 11 Imported by: 1

Documentation

Overview

Package argon2 provides helpful abstractions for an implementation of RFC9106 and implements github.com/go-crypt/crypt interfaces.

This implementation is loaded by crypt.NewDefaultDecoder and crypt.NewDecoderAll.

Index

Constants

View Source
const (
	// EncodingFmt is the encoding format for this algorithm.
	EncodingFmt = "$%s$v=%d$m=%d,t=%d,p=%d$%s$%s"

	// AlgName is the name for this algorithm.
	AlgName = "argon2"

	// AlgIdentifierVariantI is the identifier used in encoded argon2i variants of this algorithm.
	AlgIdentifierVariantI = argon2i

	// AlgIdentifierVariantD is the identifier used in encoded argon2d variants of this algorithm.
	AlgIdentifierVariantD = argon2d

	// AlgIdentifierVariantID is the identifier used in encoded argon2id variants of this algorithm.
	AlgIdentifierVariantID = argon2id

	// KeyLengthMin is the minimum tag length output.
	KeyLengthMin = 4

	// KeyLengthMax is the maximum tag length output.
	KeyLengthMax = math.MaxInt32

	// KeyLengthDefault is the default key length.
	KeyLengthDefault = 32

	// SaltLengthMin is the minimum salt length input/output.
	SaltLengthMin = 1

	// SaltLengthMax is the maximum salt length input/output.
	SaltLengthMax = math.MaxInt32

	// IterationsMin is the minimum number of passes input.
	IterationsMin = 1

	// IterationsMax is the maximum number of passes input.
	IterationsMax = math.MaxInt32

	// IterationsDefault is the default number of passes.
	IterationsDefault = IterationsMin

	// ParallelismMin is the minimum parallelism factor input.
	ParallelismMin = 1

	// ParallelismMax is the maximum parallelism factor input.
	ParallelismMax = 16777215

	// ParallelismDefault is the default parallelism factor.
	ParallelismDefault = 4

	// MemoryMinParallelismMultiplier is the parallelism multiplier which determines the minimum memory.
	MemoryMinParallelismMultiplier = 8

	// MemoryRoundingParallelismMultiplier is the parallelism multiplier which determines the actual memory value. The
	// value is the closest multiple of this multiplied by the parallelism input.
	MemoryRoundingParallelismMultiplier = 4

	// MemoryMin is the minimum input for memory.
	MemoryMin = ParallelismMin * MemoryMinParallelismMultiplier

	// MemoryMax is the maximum input for memory.
	MemoryMax uint32 = math.MaxUint32

	// MemoryDefault represents the default memory value.
	MemoryDefault = 2 * 1024 * 1024

	// PasswordInputSizeMax is the maximum input for the password content.
	PasswordInputSizeMax = math.MaxInt32
)

Variables

This section is empty.

Functions

func Decode

func Decode(encodedDigest string) (digest algorithm.Digest, err error)

Decode the encoded digest into a algorithm.Digest.

func DecodeVariant

func DecodeVariant(v Variant) func(encodedDigest string) (digest algorithm.Digest, err error)

DecodeVariant the encoded digest into a algorithm.Digest provided it matches the provided argon2.Variant. If argon2.VariantNone is used all variants can be decoded.

func RegisterDecoder

func RegisterDecoder(r algorithm.DecoderRegister) (err error)

RegisterDecoder the decoder with the algorithm.DecoderRegister.

func RegisterDecoderArgon2d

func RegisterDecoderArgon2d(r algorithm.DecoderRegister) (err error)

RegisterDecoderArgon2d registers specifically the argon2d decoder variant with the algorithm.DecoderRegister.

func RegisterDecoderArgon2i

func RegisterDecoderArgon2i(r algorithm.DecoderRegister) (err error)

RegisterDecoderArgon2i registers specifically the argon2i decoder variant with the algorithm.DecoderRegister.

func RegisterDecoderArgon2id

func RegisterDecoderArgon2id(r algorithm.DecoderRegister) (err error)

RegisterDecoderArgon2id registers specifically the argon2id decoder variant with the algorithm.DecoderRegister.

Types

type Digest

type Digest struct {
	// contains filtered or unexported fields
}

Digest is a digest which handles Argon2 hashes like Argon2id, Argon2i, and Argon2d.

func (*Digest) Encode

func (d *Digest) Encode() (encodedHash string)

Encode returns the encoded form of this argon2.Digest.

func (*Digest) Match

func (d *Digest) Match(password string) (match bool)

Match returns true if the string password matches the current argon2.Digest.

func (*Digest) MatchAdvanced

func (d *Digest) MatchAdvanced(password string) (match bool, err error)

MatchAdvanced is the same as Match except if there is an error it returns that as well.

func (*Digest) MatchBytes

func (d *Digest) MatchBytes(passwordBytes []byte) (match bool)

MatchBytes returns true if the []byte passwordBytes matches the current argon2.Digest.

func (*Digest) MatchBytesAdvanced

func (d *Digest) MatchBytesAdvanced(passwordBytes []byte) (match bool, err error)

MatchBytesAdvanced is the same as MatchBytes except if there is an error it returns that as well.

func (*Digest) String

func (d *Digest) String() string

String returns the storable format of the argon2.Digest encoded hash.

type Hasher

type Hasher struct {
	// contains filtered or unexported fields
}

Hasher is a crypt.Hash for Argon2 which can be initialized via argon2.New using a functional options pattern.

func New

func New(opts ...Opt) (hasher *Hasher, err error)

New returns a new argon2.Hasher with the provided functional options applied.

func (*Hasher) Clone

func (h *Hasher) Clone() *Hasher

Clone returns a clone from this argon2.Hasher to another *argon2.Hasher.

func (*Hasher) Copy

func (h *Hasher) Copy(hasher *Hasher)

Copy copies all parameters from this argon2.Hasher to another *argon2.Hasher.

func (*Hasher) Hash

func (h *Hasher) Hash(password string) (digest algorithm.Digest, err error)

Hash performs the hashing operation and returns either a argon2.Digest or an error.

func (*Hasher) HashWithSalt

func (h *Hasher) HashWithSalt(password string, salt []byte) (digest algorithm.Digest, err error)

HashWithSalt overloads the Hash method allowing the user to provide a salt. It's recommended instead to configure the salt size and let this be a random value generated using crypto/rand.

func (*Hasher) Merge

func (h *Hasher) Merge(hash *Hasher)

Merge copies all parameters from this argon2.Hasher to another *argon2.Hasher where the parameters are unset.

func (*Hasher) MustHash

func (h *Hasher) MustHash(password string) (hashed algorithm.Digest)

MustHash overloads the Hash method and panics if the error is not nil. It's recommended if you use this option to utilize the Validate method first or handle the panic appropriately.

func (*Hasher) Validate

func (h *Hasher) Validate() (err error)

Validate checks the settings/parameters for this argon2.Hasher and returns an error.

func (*Hasher) WithOptions

func (h *Hasher) WithOptions(opts ...Opt) (err error)

WithOptions applies the provided functional options provided as an argon2.Opt to the argon2.Hasher.

type Opt

type Opt func(h *Hasher) (err error)

Opt describes the functional option pattern for the argon2.Hasher.

func WithIterations

func WithIterations(t int) Opt

WithIterations is an alias for WithT.

func WithK

func WithK(k int) Opt

WithK satisfies the argon2.Opt type for the argon2.Hasher and sets input 'T' known as the tag length.

Tag length T MUST be an integer number of bytes from 4 to 2^(32)-1. The Argon2 output, or "tag", is a string T bytes long.

Minimum is 4, Maximum is 2147483647. Default is 32.

RFC9106 section 3.1 "Argon2 Inputs and Outputs" https://www.rfc-editor.org/rfc/rfc9106.html#name-argon2-inputs-and-outputs.

func WithKeyLength

func WithKeyLength(k int) Opt

WithKeyLength is an alias for WithK.

func WithM

func WithM(m uint32) Opt

WithM satisfies the argon2.Opt type for the argon2.Hasher and sets input 'm' known as the memory size.

Memory size m MUST be an integer number of kibibytes from 8*p to 2^(32)-1. The actual number of blocks is m', which is m rounded down to the nearest multiple of 4*p.

Minimum is 8, Maximum is 4294967295. Default is 2097152.

RFC9106 section 3.1 "Argon2 Inputs and Outputs" https://www.rfc-editor.org/rfc/rfc9106.html#name-argon2-inputs-and-outputs.

func WithMemoryInKiB

func WithMemoryInKiB(m uint32) Opt

WithMemoryInKiB is an alias for WithM.

func WithP

func WithP(p int) Opt

WithP satisfies the argon2.Opt type for the argon2.Hasher and sets input 'p' known as the degree of parallelism.

Degree of parallelism p determines how many independent (but synchronizing) computational chains (lanes) can be run. It MUST be an integer value from 1 to 2^(24)-1.

Minimum is 1, Maximum is 16777215. Default is 4.

RFC9106 section 3.1 "Argon2 Inputs and Outputs" https://www.rfc-editor.org/rfc/rfc9106.html#name-argon2-inputs-and-outputs.

func WithParallelism

func WithParallelism(p int) Opt

WithParallelism is an alias for WithP.

func WithProfileRFC9106LowMemory

func WithProfileRFC9106LowMemory() Opt

WithProfileRFC9106LowMemory is the recommended low memory RFC9106 profile.

RFC9106 section 4.0 "Parameter Choice" https://www.rfc-editor.org/rfc/rfc9106.html#name-parameter-choice

func WithProfileRFC9106Recommended

func WithProfileRFC9106Recommended() Opt

WithProfileRFC9106Recommended is the recommended standard RFC9106 profile.

RFC9106 section 4.0 "Parameter Choice" https://www.rfc-editor.org/rfc/rfc9106.html#name-parameter-choice

func WithS

func WithS(s int) Opt

WithS satisfies the argon2.Opt type for the argon2.Hasher and sets the length of input 'S' known as the salt length.

Nonce S, which is a salt for password hashing applications. It MUST have a length not greater than 2^(32)-1 bytes. 16 bytes is RECOMMENDED for password hashing. The salt SHOULD be unique for each password.

Minimum is 1, Maximum is 2147483647. Default is 16.

RFC9106 section 3.1 "Argon2 Inputs and Outputs" https://www.rfc-editor.org/rfc/rfc9106.html#name-argon2-inputs-and-outputs.

func WithSaltLength

func WithSaltLength(s int) Opt

WithSaltLength is an alias for WithS.

func WithT

func WithT(t int) Opt

WithT satisfies the argon2.Opt type for the argon2.Hasher and sets input 't' known as the number of passes.

Number of passes t (used to tune the running time independently of the memory size) MUST be an integer number from 1 to 2^(32)-1.

Minimum is 1, Maximum is 2147483647. Default is 1.

RFC9106 section 3.1 "Argon2 Inputs and Outputs" https://www.rfc-editor.org/rfc/rfc9106.html#name-argon2-inputs-and-outputs.

func WithTagLength

func WithTagLength(k int) Opt

WithTagLength is an alias for WithK.

func WithVariant

func WithVariant(variant Variant) Opt

WithVariant is used to configure the argon2.Variant of the resulting argon2.Digest. Default is argon2.VariantID.

func WithVariantD

func WithVariantD() Opt

WithVariantD satisfies the argon2.Opt type and sets the variant as argon2.VariantD.

func WithVariantI

func WithVariantI() Opt

WithVariantI satisfies the argon2.Opt type and sets the variant as argon2.VariantI.

func WithVariantID

func WithVariantID() Opt

WithVariantID satisfies the argon2.Opt type and sets the variant as argon2.VariantID.

func WithVariantName

func WithVariantName(identifier string) Opt

WithVariantName uses the variant name or identifier to configure the argon2.Variant of the resulting argon2.Digest. Default is argon2.VariantID.

type Profile

type Profile int

Profile represents a hashing profile for Argon2Hash.

const (
	// ProfileRFC9106LowMemory is the RFC9106 low memory profile.
	ProfileRFC9106LowMemory Profile = iota

	// ProfileRFC9106Recommended is the RFC9106 recommended profile.
	ProfileRFC9106Recommended
)

func (Profile) Hasher

func (p Profile) Hasher() *Hasher

Hasher returns the argon2.Profile parameters as an argon2.Hasher.

type Variant

type Variant int

Variant is a variant of the argon2.Digest.

const (
	// VariantNone is a variant of the argon2.Digest which is unknown.
	VariantNone Variant = iota

	// VariantD is the argon2d variant of the argon2.Digest.
	VariantD

	// VariantI is the argon2i variant of the argon2.Digest.
	VariantI

	// VariantID is the argon2id variant of the argon2.Digest.
	VariantID
)

func NewVariant

func NewVariant(identifier string) (variant Variant)

NewVariant converts an identifier string to a argon2.Variant.

func (Variant) KeyFunc

func (v Variant) KeyFunc() argon2.KeyFunc

KeyFunc returns the argon2.KeyFunc key derivation function of this argon2.Variant.

func (Variant) Prefix

func (v Variant) Prefix() (prefix string)

Prefix returns the argon2.Variant prefix identifier.

func (Variant) String

func (v Variant) String() string

String implements the fmt.Stringer returning a string representation of the argon2.Variant.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL