sec

package

v0.0.0-...-7690095 Latest Latest Go to latest Published: Sep 24, 2017 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zaolab/sunnified

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AesCtrDecrypt(key []byte, msg []byte) ([]byte, error)
func AesCtrDecryptBase64(key []byte, msg string) (inp []byte, err error)
func AesCtrEncrypt(key []byte, msg []byte) ([]byte, error)
func AesCtrEncryptBase64(key []byte, msg []byte) (b64 string, err error)
func AesGcmDecrypt(key []byte, msg []byte) ([]byte, error)
func AesGcmDecryptBase64(key []byte, msg string) (inp []byte, err error)
func AesGcmEncrypt(key []byte, msg []byte) ([]byte, error)
func AesGcmEncryptBase64(key []byte, msg []byte) (b64 string, err error)
func GenPassword(l int) string
func GenRandomBase64String(l int) string
func GenRandomBytes(l int) (rb []byte)
func GenRandomHexString(l int) string
func GenRandomString(l int) string
func GenSessionID(l ...int) string
func GenSessionIDBase32(l ...int) string
func VerifyPassword(hashstr, pwd string) (ok bool)
func VerifyPasswordGetMeta(hashstr, pwd string) (bool, uint8, int8, uint8)
type AuthPassword
- func NewAuthPassword(settings AuthPasswordConfig) *AuthPassword
- func (ap *AuthPassword) CryptPassword(pwd string) (string, error)
- func (ap *AuthPassword) HashIsOutdated(hashstr string) bool
- func (ap *AuthPassword) VerifyPassword(hashstr, pwd string) bool
- func (ap *AuthPassword) VerifyPasswordAndUpdateHash(hashstr, pwd string) (bool, string)
type AuthPasswordConfig
type CSRFGate
- func NewCSRFGate(settings CSRFGateConfig) *CSRFGate
- func (cg *CSRFGate) CSRFToken(w http.ResponseWriter, r *http.Request) (crb CSRFRequestBody)
- func (cg *CSRFGate) VerifyCSRFToken(r *http.Request) (valid bool)
type CSRFGateConfig
type CSRFRequestBody

Constants ¶

View Source

const (
	//dSecurityKey		    = "\x69\x51\xe8\x41\x50\x83\x19\xa4\xf0\x2f\xac\x7d\x99\xb7\x5e\xbe\x7e\x32\xf5\xa5\xf7\x1f\x43\x04\x96\xdd\x1b\xf0\x93\x4e\xc5\x44"
	//dCSRFToken			= "\xc7\x58\xa7\xf2\x15\x79\x54\x34\x24\xeb\x45\x50\x33\x0f\xa5\x52\x95\x36\x06\xb0\xb7\xdb\x5d\xa7\x07\xcf\xa5\x1c\x10\xe7\x4b\xd4"
	//dHashSalt			= "\x5d\xfb\xcf\x47\x30\xce\x2e\x43\xfa\x1c\x5f\xee\x76\x0f\xd7\x31\x14\x07\x24\xa8\xbf\xd0\x3c\x88\xfc\xa3\xdc\x3b\xae\xaa\x3a\x15"
	//dCSRFTokenLife		= 14400
	CSRFTokenMinLife       = 3600
	CSRFDefaultTokenLife   = 14400
	CSRFDefaultCookieName  = "XSRF-TOKEN"
	CSRFDefaultRequestName = "X-XSRF-TOKEN"
	CSRFTimestampLen       = 5
	CSRFRandTokenLen       = 16
)

View Source

const DefaultSaltLen = 24

Variables ¶

View Source

var (
	ErrNonceGenFailed = errors.New("generating of random nonce failed")
	ErrNonceMissing   = errors.New("unable to locate nonce in encrypted message")
)

View Source

var ErrSaltGenFailed = errors.New("unable to generate a random salt")

Functions ¶

func AesCtrDecrypt ¶

func AesCtrDecrypt(key []byte, msg []byte) ([]byte, error)

AesCtrDecrypt decrypts the given encrypted msg with the key using AES CTR cipher, and returns the decrypted slice of bytes or error if any

func AesCtrDecryptBase64 ¶

func AesCtrDecryptBase64(key []byte, msg string) (inp []byte, err error)

AesCtrDecryptBase64 decrypts the given encrypted msg of base64 format with the key using AES GCM cipher, and returns the decrypted slice of bytes or error if any

func AesCtrEncrypt ¶

func AesCtrEncrypt(key []byte, msg []byte) ([]byte, error)

AesCtrEncrypt encrypts the given msg with the key using AES CTR cipher, and returns the encrypted slice of bytes or error if any

func AesCtrEncryptBase64 ¶

func AesCtrEncryptBase64(key []byte, msg []byte) (b64 string, err error)

AesCtrEncryptBase64 encrypts the given msg with the key using AES CTR cipher, and returns the base64 string format of the encrypted bytes or error if any

func AesGcmDecrypt ¶

func AesGcmDecrypt(key []byte, msg []byte) ([]byte, error)

AesGcmDecrypt decrypts the given encrypted msg with the key using AES GCM cipher, and returns the decrypted slice of bytes or error if any

func AesGcmDecryptBase64 ¶

func AesGcmDecryptBase64(key []byte, msg string) (inp []byte, err error)

AesGcmDecryptBase64 decrypts the given encrypted msg of base64 format with the key using AES GCM cipher, and returns the decrypted slice of bytes or error if any

func AesGcmEncrypt ¶

func AesGcmEncrypt(key []byte, msg []byte) ([]byte, error)

AesGcmEncrypt encrypts the given msg with the key using AES GCM cipher, and returns the encrypted slice of bytes or error if any

func AesGcmEncryptBase64 ¶

func AesGcmEncryptBase64(key []byte, msg []byte) (b64 string, err error)

AesGcmEncryptBase64 encrypts the given msg with the key using AES GCM cipher, and returns the base64 string format of the encrypted bytes or error if any

func GenPassword ¶

func GenPassword(l int) string

func GenRandomBase64String ¶

func GenRandomBase64String(l int) string

func GenRandomBytes ¶

func GenRandomBytes(l int) (rb []byte)

GenRandomBytes return a slice of random bytes of length l

func GenRandomHexString ¶

func GenRandomHexString(l int) string

func GenRandomString ¶

func GenRandomString(l int) string

func GenSessionID ¶

func GenSessionID(l ...int) string

func GenSessionIDBase32 ¶

func GenSessionIDBase32(l ...int) string

func VerifyPassword ¶

func VerifyPassword(hashstr, pwd string) (ok bool)

func VerifyPasswordGetMeta ¶

func VerifyPasswordGetMeta(hashstr, pwd string) (bool, uint8, int8, uint8)

Types ¶

type AuthPassword ¶

type AuthPassword struct {
	// contains filtered or unexported fields
}

func NewAuthPassword ¶

func NewAuthPassword(settings AuthPasswordConfig) *AuthPassword

func (*AuthPassword) CryptPassword ¶

func (ap *AuthPassword) CryptPassword(pwd string) (string, error)

func (*AuthPassword) HashIsOutdated ¶

func (ap *AuthPassword) HashIsOutdated(hashstr string) bool

func (*AuthPassword) VerifyPassword ¶

func (ap *AuthPassword) VerifyPassword(hashstr, pwd string) bool

func (*AuthPassword) VerifyPasswordAndUpdateHash ¶

func (ap *AuthPassword) VerifyPasswordAndUpdateHash(hashstr, pwd string) (bool, string)

when crypto is updated, the hash done using previous crypto can still be verified and the new hash with the updated crypto will be returned this allows rolling updates of new crypto hash function for password hashing

type AuthPasswordConfig ¶

type AuthPasswordConfig struct {
	SunnyConfig bool  `config.namespace:"sunnified.sec.auth"`
	Saltlen     uint8 `config.default:"24"`
	Strength    int8  `config.default:"5"` // strength ranges from 1-10
}

type CSRFGate ¶

type CSRFGate struct {
	// contains filtered or unexported fields
}

func NewCSRFGate ¶

func NewCSRFGate(settings CSRFGateConfig) *CSRFGate

func (*CSRFGate) CSRFToken ¶

func (cg *CSRFGate) CSRFToken(w http.ResponseWriter, r *http.Request) (crb CSRFRequestBody)

SetCSRFToken returns a CsrfRequestBody containing the name and value to be used as a query string or form input that can be verified by VerifyCSRFToken. Additionally, a cookie will be set (if ResponseWriter is not nil) to cross authenticate validity of token data if non exists

func (*CSRFGate) VerifyCSRFToken ¶

func (cg *CSRFGate) VerifyCSRFToken(r *http.Request) (valid bool)

VerifyCSRFToken checks whether the request r includes a valid CSRF token

type CSRFGateConfig ¶

type CSRFGateConfig struct {
	SunnyConfig bool `config.namespace:"sunnified.sec.csrf"`
	Key         []byte
	Token       []byte
	Tokenlife   int    `config.default:"14400"`
	Cookiename  string `config.default:"XSRF-TOKEN"`
	Reqname     string `config.default:"X-XSRF-TOKEN"`
}

type CSRFRequestBody ¶

type CSRFRequestBody struct {
	Name   string
	Value  string
	Cookie *http.Cookie
	Ok     bool
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL