scram

package

v1.3.0 Latest Latest Go to latest Published: Sep 5, 2024 License: MPL-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/momeni/clean-arch

Links

Open Source Insights

Documentation ¶

Overview ¶

Package scram presents an implementation of SCRAM-SHA-256 and SCRAM-SHA-1 mechanisms. See the SHA256 and SHA1 functions for their instantiation logic. When a mechanism for a specific underlying hash function is instantiated, it can be used for generation of hash strings in the SCRAM standard format. This format is also known as the scram encrypted password format, however, it may not be reversed (so no encryption/decryption is taking place).

Index ¶

type Mechanism
- func SHA1() *Mechanism
- func SHA256() *Mechanism
- func (m *Mechanism) Hash(pass, salt string, iters int) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Mechanism ¶

type Mechanism struct {
	// contains filtered or unexported fields
}

Mechanism provides a Salted Challenge Response Authentication Mechanism (SCRAM) having a fixed underlying hash algorithm.

It implements the github.com/momeni/clean-arch/pkg/core/scram.Hasher interface, so it may be used in the use cases layer without any dependency on the actual implementation. This package relies on the github.com/xdg-go/scram module for the SCRAM implementation.

func SHA1 ¶

func SHA1() *Mechanism

SHA1 returns a new Mechanism instance using the SHA1 as its underlying hash algorithm.

func SHA256 ¶

func SHA256() *Mechanism

SHA256 returns a new Mechanism instance using the SHA256 as its underlying hash algorithm.

func (*Mechanism) Hash ¶

func (m *Mechanism) Hash(pass, salt string, iters int) (string, error)

Hash computes a hash string following the standard scram hash format, so it can be stored and used later for authentication.

The pass argument must be non-empty. The user and authzID params are not asked because they are not used in the hash output. The given password will be normalized accoriding to the SASLprep profile (defined by RFC 4013) of the stringprep algorithm (which is defined by RFC 3454) and any failure in that normalization returns an error.

The salt must contain a base64 encoding of the desired salt bytes, otherwise, if an empty value is passed, a random salt will be generated and used instead. The iters must be at least equal to 4096. However, the RFC 7677 recommends to use 15000 or more.

In absence of errors, a hashed string will be returned which conforms to the following format.

SCRAM-{SHA-X}${iters}:{b64-salt}${b64-storedKey}:{b64-serverKey}

This string (consisting only of ASCII printable letters) can be safely passed to an ALTER or CREATE ROLE query in order to update or create a database role with the desired password as accepted by the PostgreSQL DBMS without risking to send a plaintext password.

Source Files ¶

View all Source files

scram.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL