pasap

package module

v0.5.0 Latest Latest Go to latest Published: Mar 21, 2020 License: MIT Imports: 8 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mkawserm/pasap

Links

Open Source Insights

README ¶

pasap

Package pasap provides a way to derive fixed length cryptographically secure secret key from password using different key derivation algorithm, provides an encoded string and verify the password against the encoded string

Usage

➜ go get github.com/mkawserm/pasap

package main

import "fmt"
import "github.com/mkawserm/pasap"

func main()  {
	a := pasap.NewArgon2idHasher()
	ec := &pasap.ByteBasedEncoderCredentials{
		Salt:     []byte("123456789"),
		Password: []byte("pass"),
	}
	secretKey, encodedKey, err := a.Encode(ec)

	if err != nil {
		panic(err)
	}

	fmt.Printf("Secret key: %v\n", secretKey)
	fmt.Printf("Encoded key: %v\n", encodedKey)

	vc := &pasap.ByteBasedVerifierCredentials{
		Password:   []byte("pass"),
		EncodedKey: encodedKey,
	}
	_, ok, err := a.Verify(vc)
	if err != nil {
		panic(err)
	}

	if ok {
		fmt.Println("Valid password")
	}
}

Documentation ¶

Overview ¶

Package pasap provides a way to derive fixed length cryptographically secure secret key from password using different key derivation algorithm, provides an encoded string and verify the password against the encoded string

By Md Kawser Munshi

Index ¶

Variables
func GetSalt(length int, reader io.Reader) []byte
type AlgorithmName
type AlgorithmParameters
type AlgorithmVersion
type Argon2idHasher
- func NewArgon2idHasher() *Argon2idHasher
- func (a *Argon2idHasher) Encode(encoderCredentials EncoderCredentialsReader) (secretKey, encodedKey []byte, err error)
- func (a *Argon2idHasher) Name() string
- func (a *Argon2idHasher) Parameters() string
- func (a *Argon2idHasher) Verify(verifierCredentials VerifierCredentialsReader) (secretKey []byte, ok bool, err error)
- func (a *Argon2idHasher) Version() int
type ByteBasedEncoderCredentials
- func (b *ByteBasedEncoderCredentials) ReadPassword() (password []byte, err error)
- func (b *ByteBasedEncoderCredentials) ReadSalt() (salt []byte, err error)
- func (b *ByteBasedEncoderCredentials) SetPassword(password []byte) error
- func (b *ByteBasedEncoderCredentials) SetSalt(salt []byte) error
type ByteBasedVerifierCredentials
- func (b *ByteBasedVerifierCredentials) ReadEncodedKey() (encodedKey []byte, err error)
- func (b *ByteBasedVerifierCredentials) ReadPassword() (password []byte, err error)
- func (b *ByteBasedVerifierCredentials) SetEncodedKey(encodedKey []byte) error
- func (b *ByteBasedVerifierCredentials) SetPassword(password []byte) error
type EncoderCredentialsRW
type EncoderCredentialsReader
type EncoderCredentialsWriter
type PasswordEncoder
type PasswordHasher
type PasswordVerifier
type VerifierCredentialsRW
type VerifierCredentialsReader
type VerifierCredentialsWriter

Examples ¶

NewArgon2idHasher

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrHashComponentUnreadable occurs when unreadable component in hashed password
	ErrHashComponentUnreadable = errors.New("pasap: unreadable component in hashed password")

	// ErrHashComponentMismatch occurs when hashed password components does not match
	ErrHashComponentMismatch = errors.New("pasap: hashed password components mismatch")

	// ErrAlgorithmMismatch occurs when algorithm does not match
	ErrAlgorithmMismatch = errors.New("pasap: algorithm mismatch")

	// ErrIncompatibleVersion occurs when version in to compatible
	ErrIncompatibleVersion = errors.New("pasap: incompatible version")

	// ErrInvalidData occurs when given data is not valid, normally for
	// salt, password and encoded key
	ErrInvalidData = errors.New("pasap: invalid data")
)

Functions ¶

func GetSalt ¶

func GetSalt(length int, reader io.Reader) []byte

GetSalt receives salt from the reader

Types ¶

type AlgorithmName ¶

type AlgorithmName interface {
	Name() string
}

AlgorithmName basic interface

type AlgorithmParameters ¶ added in v0.4.0

type AlgorithmParameters interface {
	Parameters() string
}

AlgorithmParameters basic interface

type AlgorithmVersion ¶ added in v0.4.0

type AlgorithmVersion interface {
	Version() int
}

AlgorithmVersion basic interface

type Argon2idHasher ¶

type Argon2idHasher struct {
	// Defines the amount of computation time, given in number of iterations.
	Time uint32
	// Defines the memory usage (KiB).
	Memory uint32
	// Defines the number of parallel threads.
	Threads uint8
	// Defines the length of the hash in bytes.
	Length uint32
}

Argon2idHasher uses argon2id password hashing algorithm to generate secret key and verify encoded key

func NewArgon2idHasher ¶

func NewArgon2idHasher() *Argon2idHasher

NewArgon2idHasher returns a new Argon2idHasher instance

Example ¶

package main

import (
	"fmt"
	"github.com/mkawserm/pasap"
)

func main() {
	a := pasap.NewArgon2idHasher()
	ec := &pasap.ByteBasedEncoderCredentials{
		Salt:     []byte("123456789"),
		Password: []byte("pass"),
	}
	secretKey, encodedKey, err := a.Encode(ec)

	if err != nil {
		panic(err)
	}

	fmt.Printf("Secret key: %v\n", secretKey)
	fmt.Printf("Encoded key: %v\n", encodedKey)

	vc := &pasap.ByteBasedVerifierCredentials{
		Password:   []byte("pass"),
		EncodedKey: encodedKey,
	}
	_, ok, err := a.Verify(vc)
	if err != nil {
		panic(err)
	}

	if ok {
		fmt.Println("Valid password")
	}
}

Output:

func (*Argon2idHasher) Encode ¶

func (a *Argon2idHasher) Encode(encoderCredentials EncoderCredentialsReader) (secretKey, encodedKey []byte, err error)

Encode the password using argon2.IDKey algorithm

func (*Argon2idHasher) Name ¶

func (a *Argon2idHasher) Name() string

Name returns Argon2idHasher name

func (*Argon2idHasher) Parameters ¶ added in v0.4.0

func (a *Argon2idHasher) Parameters() string

Parameters returns current active parameters

func (*Argon2idHasher) Verify ¶

func (a *Argon2idHasher) Verify(verifierCredentials VerifierCredentialsReader) (secretKey []byte, ok bool, err error)

Verify the password against the encoded key

func (*Argon2idHasher) Version ¶ added in v0.4.0

func (a *Argon2idHasher) Version() int

Version returns Algorithm version

type ByteBasedEncoderCredentials ¶ added in v0.3.0

type ByteBasedEncoderCredentials struct {
	Salt     []byte
	Password []byte
}

ByteBasedEncoderCredentials implements EncoderCredentials

func (*ByteBasedEncoderCredentials) ReadPassword ¶ added in v0.3.0

func (b *ByteBasedEncoderCredentials) ReadPassword() (password []byte, err error)

ReadPassword from the given bytes

func (*ByteBasedEncoderCredentials) ReadSalt ¶ added in v0.3.0

func (b *ByteBasedEncoderCredentials) ReadSalt() (salt []byte, err error)

ReadSalt from the given bytes

func (*ByteBasedEncoderCredentials) SetPassword ¶ added in v0.4.0

func (b *ByteBasedEncoderCredentials) SetPassword(password []byte) error

SetPassword updates internal password data

func (*ByteBasedEncoderCredentials) SetSalt ¶ added in v0.4.0

func (b *ByteBasedEncoderCredentials) SetSalt(salt []byte) error

SetSalt updates internal salt data

type ByteBasedVerifierCredentials ¶ added in v0.3.0

type ByteBasedVerifierCredentials struct {
	Password   []byte
	EncodedKey []byte
}

ByteBasedVerifierCredentials implements VerifierCredentials

func (*ByteBasedVerifierCredentials) ReadEncodedKey ¶ added in v0.3.0

func (b *ByteBasedVerifierCredentials) ReadEncodedKey() (encodedKey []byte, err error)

ReadEncodedKey from the given bytes

func (*ByteBasedVerifierCredentials) ReadPassword ¶ added in v0.3.0

func (b *ByteBasedVerifierCredentials) ReadPassword() (password []byte, err error)

ReadPassword from the given bytes

func (*ByteBasedVerifierCredentials) SetEncodedKey ¶ added in v0.4.0

func (b *ByteBasedVerifierCredentials) SetEncodedKey(encodedKey []byte) error

SetEncodedKey updates internal encoded key data

func (*ByteBasedVerifierCredentials) SetPassword ¶ added in v0.4.0

func (b *ByteBasedVerifierCredentials) SetPassword(password []byte) error

SetPassword updates internal password data

type EncoderCredentialsRW ¶ added in v0.4.0

type EncoderCredentialsRW interface {
	EncoderCredentialsReader
	EncoderCredentialsWriter
}

EncoderCredentialsRW interface combines together EncoderCredentialsReader and EncoderCredentialsWriter

type EncoderCredentialsReader ¶ added in v0.4.0

type EncoderCredentialsReader interface {
	ReadSalt() (salt []byte, err error)
	ReadPassword() (password []byte, err error)
}

EncoderCredentialsReader interface defines ReadSalt and ReadPassword methods

type EncoderCredentialsWriter ¶ added in v0.4.0

type EncoderCredentialsWriter interface {
	SetSalt(salt []byte) error
	SetPassword(password []byte) error
}

EncoderCredentialsWriter interface defines SetSalt and SetPassword methods

type PasswordEncoder ¶

type PasswordEncoder interface {
	Encode(encoderCredentials EncoderCredentialsReader) (secretKey, encodedKey []byte, err error)
}

PasswordEncoder basic interface

type PasswordHasher ¶

type PasswordHasher interface {
	AlgorithmName
	AlgorithmVersion
	AlgorithmParameters
	PasswordEncoder
	PasswordVerifier
}

PasswordHasher basic interface

type PasswordVerifier ¶

type PasswordVerifier interface {
	Verify(verifierCredentials VerifierCredentialsReader) (secretKey []byte, ok bool, err error)
}

PasswordVerifier basic interface

type VerifierCredentialsRW ¶ added in v0.4.0

type VerifierCredentialsRW interface {
	VerifierCredentialsReader
	VerifierCredentialsWriter
}

VerifierCredentialsRW interface combines VerifierCredentialsReader and VerifierCredentialsWriter

type VerifierCredentialsReader ¶ added in v0.4.0

type VerifierCredentialsReader interface {
	ReadPassword() (password []byte, err error)
	ReadEncodedKey() (encodedKey []byte, err error)
}

VerifierCredentialsReader interface defines ReadPassword and ReadEncodedKey methods

type VerifierCredentialsWriter ¶ added in v0.4.0

type VerifierCredentialsWriter interface {
	SetPassword(password []byte) error
	SetEncodedKey(encodedKey []byte) error
}

VerifierCredentialsWriter interface defines SetPassword and SetEncodedKey methods

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL