auth

package

v0.0.0-...-2ea17e8 Latest Latest Go to latest Published: May 4, 2019 License: GPL-3.0, BSD-3-Clause, GPL-3.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/v-family/github-lockbox

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth authenticates a message using a secret key.

The Sum function, viewed as a function of the message for a uniform random key, is designed to meet the standard notion of unforgeability. This means that an attacker cannot find authenticators for any messages not authenticated by the sender, even if the attacker has adaptively influenced the messages authenticated by the sender. For a formal definition see, e.g., Section 2.4 of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining message authentication code," Journal of Computer and System Sciences 61 (2000), 362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html.

auth does not make any promises regarding "strong" unforgeability; perhaps one valid authenticator can be converted into another valid authenticator for the same message. NaCl also does not make any promises regarding "truncated unforgeability."

This package is interoperable with NaCl: https://nacl.cr.yp.to/auth.html.

Example ¶

package main

import (
	"encoding/hex"
	"fmt"

	"github.com/Psiphon-Labs/psiphon-tunnel-core/psiphon/common/crypto/nacl/auth"
)

func main() {
	// Load your secret key from a safe place and reuse it across multiple
	// Sum calls. (Obviously don't use this example key for anything
	// real.) If you want to convert a passphrase to a key, use a suitable
	// package like bcrypt or scrypt.
	secretKeyBytes, err := hex.DecodeString("6368616e676520746869732070617373776f726420746f206120736563726574")
	if err != nil {
		panic(err)
	}

	var secretKey [32]byte
	copy(secretKey[:], secretKeyBytes)

	mac := auth.Sum([]byte("hello world"), &secretKey)
	fmt.Printf("%x\n", *mac)
	result := auth.Verify(mac[:], []byte("hello world"), &secretKey)
	fmt.Println(result)
	badResult := auth.Verify(mac[:], []byte("different message"), &secretKey)
	fmt.Println(badResult)
}

Output:

eca5a521f3d77b63f567fb0cb6f5f2d200641bc8dada42f60c5f881260c30317
true
false

Index ¶

Constants
func Sum(m []byte, key *[KeySize]byte) *[Size]byte
func Verify(digest []byte, m []byte, key *[KeySize]byte) bool

Examples ¶

Package

Constants ¶

View Source

const (
	// Size is the size, in bytes, of an authenticated digest.
	Size = 32
	// KeySize is the size, in bytes, of an authentication key.
	KeySize = 32
)

Variables ¶

This section is empty.

Functions ¶

func Sum ¶

func Sum(m []byte, key *[KeySize]byte) *[Size]byte

Sum generates an authenticator for m using a secret key and returns the 32-byte digest.

func Verify ¶

func Verify(digest []byte, m []byte, key *[KeySize]byte) bool

Verify checks that digest is a valid authenticator of message m under the given secret key. Verify does not leak timing information.

Types ¶

This section is empty.

Source Files ¶

View all Source files

auth.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL