fwt

package module
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2024 License: MIT Imports: 17 Imported by: 0

README

FastWebToken

Build, Test

Small, Fast and simple JWT alternative that uses CBOR for serialization and EdDSA, HMAC, blake2b and blake3 for signing.

Structure

Header Payload Signature
1 (SignatureType) + 8 (Payload size) byte Varies based on the Payload size 32 bytes for HMACSha256, Blake2b256, blake3 or 64 bytes for Ed25519, HMACSha512, Blake2b512 or 114 bytes for Ed448
  1. Header: This begins with a single byte that determines the SignatureType. The next eight bytes are the size of the payload encoded in big endian.
  2. Payload: Payload that encoded in CBOR format. The size of the payload is specified in the header.
  3. Signature: This is either 32, 64 or 114 bytes depending on the SignatureType specified in the header.

Signature Types

  • Ed25519: RFC-8032 Ed25519 signature.
  • Ed448: RFC-8032 Ed448 signature.
  • HMACSha256: HMAC with SHA-256.
  • HMACSha512: HMAC with SHA-512.
  • Blake2b256: Blake2b with 256-bit output.
  • Blake2b512: Blake2b with 512-bit output.
  • Blake3: Blake3 with 256-bit output.

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewAESCBCDecrypter 

func NewAESCBCDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESCBCDecrypter creates a new decrypter using AES-CBC.

func NewAESCBCEncryptor 

func NewAESCBCEncryptor(key []byte) func([]byte) ([]byte, error)

NewAESCBCEncryptor creates a new encryptor using AES-CBC.

func NewAESCTRDecrypter added in v1.0.2 

func NewAESCTRDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESCTRDecrypter creates a new decrypter using AES-CTR.

func NewAESCTREncryptor added in v1.0.2 

func NewAESCTREncryptor(key []byte) func([]byte) ([]byte, error)

NewAESCTREncryptor creates a new encryptor using AES-CTR.

func NewAESECBDecrypter added in v1.0.2 

func NewAESECBDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESECBDecrypter creates a new decrypter using AES-ECB. Disclaimer: ECB is not secure, it must not be used in production. Please use AES-CBC or AES-GCM instead. See https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB).

func NewAESECBEncryptor added in v1.0.2 

func NewAESECBEncryptor(key []byte) func([]byte) ([]byte, error)

NewAESECBEncryptor creates a new encryptor using AES-ECB. Disclaimer: ECB is not secure, it must not be used in production. Please use AES-CBC or AES-GCM instead. See https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB).

func NewAESGCMDecrypter added in v1.0.2 

func NewAESGCMDecrypter(key []byte) func([]byte) ([]byte, error)

NewAESGCMDecrypter creates a new decrypter using AES-GCM.

func NewAESGCMEncryptor added in v1.0.2 

func NewAESGCMEncryptor(key []byte) func([]byte) ([]byte, error)

NewAESGCMEncryptor creates a new encryptor using AES-GCM.

func NewBlake2b256Signer 

func NewBlake2b256Signer(key []byte) func([]byte) ([]byte, error)

NewBlake2b256Signer creates a new signer using blake2b-256 with a key. If the key is longer than 64 bytes, it will be hashed with blake2b-512.

func NewBlake2b256Verifier 

func NewBlake2b256Verifier(key []byte) func([]byte, []byte) error

NewBlake2b256Verifier creates a new verifier using blake2b-256 with a key. If the key is longer than 64 bytes, it will be hashed with blake2b-512.

func NewBlake2b512Signer 

func NewBlake2b512Signer(key []byte) func([]byte) ([]byte, error)

NewBlake2b512Signer creates a new signer using blake2b-512 with a key. If the key is larger than 64 bytes, it will be hashed with blake2b-512.

func NewBlake2b512Verifier 

func NewBlake2b512Verifier(key []byte) func([]byte, []byte) error

NewBlake2b512Verifier creates a new verifier using blake2b-512 with a key. If the key is larger than 64 bytes, it will be hashed with blake2b-512.

func NewBlake3Signer 

func NewBlake3Signer(key []byte) func([]byte) ([]byte, error)

NewBlake3Signer creates a new signer using blake3 with a key. If the key is not 32 bytes, it will be hashed with blake3.

func NewBlake3Verifier 

func NewBlake3Verifier(key []byte) func([]byte, []byte) error

NewBlake3Verifier creates a new verifier using blake3 with a key.

func NewEd25519Signer 

func NewEd25519Signer(key ed25519.PrivateKey) func([]byte) ([]byte, error)

NewEd25519Signer creates a new signer using Ed25519 with ed25519.PrivateKey.

func NewEd25519Verifier 

func NewEd25519Verifier(key ed25519.PublicKey) func([]byte, []byte) error

NewEd25519Verifier creates a new verifier using Ed25519 with ed25519.PublicKey

func NewEd448Signer 

func NewEd448Signer(key ed448.PrivateKey, context ...string) func([]byte) ([]byte, error)

NewEd448Signer creates a new signer using Ed448 with ed448.PrivateKey. context is optional and defaults to fwt.defaultCtx. please refer to https://tools.ietf.org/html/rfc8032#section-5.2.6 for more information.

func NewEd448Verifier 

func NewEd448Verifier(key ed448.PublicKey, context ...string) func([]byte, []byte) error

NewEd448Verifier creates a new verifier using Ed448 with ed448.PublicKey. context is optional and defaults to fwt.defaultCtx. please refer to https://tools.ietf.org/html/rfc8032#section-5.2.6 for more information.

func NewHMACSha256Signer 

func NewHMACSha256Signer(key []byte) func([]byte) ([]byte, error)

NewHMACSha256Signer creates a new signer using HMAC-SHA256 with a key.

func NewHMACSha256Verifier 

func NewHMACSha256Verifier(key []byte) func([]byte, []byte) error

NewHMACSha256Verifier creates a new verifier using HMAC-SHA256 with a key.

func NewHMACSha512Signer 

func NewHMACSha512Signer(key []byte) func([]byte) ([]byte, error)

NewHMACSha512Signer creates a new signer using HMAC-SHA512 with a key.

func NewHMACSha512Verifier 

func NewHMACSha512Verifier(key []byte) func([]byte, []byte) error

NewHMACSha512Verifier creates a new verifier using HMAC-SHA512 with a key.

func NewHPKEDecrypter added in v1.0.2 

func NewHPKEDecrypter(key kem.PrivateKey, suite hpke.Suite, info ...string) func([]byte) ([]byte, error)

NewHPKEDecrypter creates a new decrypter using HPKE. Experimental, not recommended for production use.

func NewHPKEEncryptor added in v1.0.2 

func NewHPKEEncryptor(key kem.PublicKey, suite hpke.Suite, info ...string) func([]byte) ([]byte, error)

NewHPKEEncryptor creates a new encryptor using HPKE. Experimental, not recommended for production use.

func NewXChaCha20PolyDecrypter 

func NewXChaCha20PolyDecrypter(key []byte) func([]byte) ([]byte, error)

NewXChaCha20PolyDecrypter creates a new decrypter using XChaCha20-Poly1305.

func NewXChaCha20PolyEncryptor 

func NewXChaCha20PolyEncryptor(key []byte) func([]byte) ([]byte, error)

NewXChaCha20PolyEncryptor creates a new encryptor using XChaCha20-Poly1305.

Types

type SignatureType 

type SignatureType int

SignatureType is the type of signature. 

const (
	// SignatureTypeEd25519 is the signature type of Ed25519.
	SignatureTypeEd25519 SignatureType = iota
	// SignatureTypeEd448 is the signature type of Ed448.
	SignatureTypeEd448
	// SignatureTypeHMACSha256 is the signature type of HMAC-SHA256.
	SignatureTypeHMACSha256
	// SignatureTypeHMACSha512 is the signature type of HMAC-SHA512.
	SignatureTypeHMACSha512
	// SignatureTypeBlake2b256 is the signature type of blake2b-256.
	SignatureTypeBlake2b256
	// SignatureTypeBlake2b512 is the signature type of blake2b-512.
	SignatureTypeBlake2b512
	// SignatureTypeBlake3 is the signature type of blake3.
	SignatureTypeBlake3
)

Signature types.

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a token factory & signer.

func NewSigner 

func NewSigner(signer func([]byte) ([]byte, error), encryptor func([]byte) ([]byte, error), signatureType SignatureType) *Signer

NewSigner creates a new signer. signer is a function that takes a marshaled data and returns a signature. encryptor is an optional function that takes a token and returns an encrypted token. signatureType is the type of signature, must be matched with the signer.

func (*Signer) Sign 

func (s *Signer) Sign(data any) (string, error)

Sign signs the data and returns a signed token. If encryptor is set, the token will be encrypted.

Example 
HMACKey := []byte("00000000000000000000000000000000")
signer := NewSigner(NewBlake3Signer(HMACKey), nil, SignatureTypeBlake3)
token, err := signer.Sign(testStruct)
if err != nil {
	panic(err)
}
fmt.Println(token)

Output:

BkQAAAAAAAAApAEYKgJ4L3RoZSBhbnN3ZXIgdG8gbGlmZSwgdGhlIHVuaXZlcnNlIGFuZCBldmVyeXRoaW5nAwAESnNvbWUgYnl0ZXNfUfdgdxFn2YAdHaO3VFbnyNTQOKBjc1/dlonKx8vE/Q==

type Verifier 

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier is a token verifier.

func NewVerifier 

func NewVerifier(verifier func([]byte, []byte) error, decrypter func([]byte) ([]byte, error), signatureType SignatureType) *Verifier

NewVerifier creates a new verifier. verifier is a function that takes a marshaled data and a signature and returns an error if the signature is invalid. decrypter is an optional function that takes a token and returns a decrypted token. signatureType is the type of signature, must be matched with the verifier.

func (*Verifier) Verify 

func (v *Verifier) Verify(token string) error

Verify verifies the token.

Example 
HMACKey := []byte("00000000000000000000000000000000")
verifier := NewVerifier(NewBlake3Verifier(HMACKey), nil, SignatureTypeBlake3)
if err := verifier.Verify("BkQAAAAAAAAApAEYKgJ4L3RoZSBhbnN3ZXIgdG8gbGlmZSwgdGhlIHVuaXZlcnNlIGFuZCBldmVyeXRoaW5nAwAESnNvbWUgYnl0ZXNfUfdgdxFn2YAdHaO3VFbnyNTQOKBjc1/dlonKx8vE/Q=="); err != nil {
	panic(err)
}
fmt.Println("token is valid")

Output:

token is valid

func (*Verifier) VerifyAndUnmarshal 

func (v *Verifier) VerifyAndUnmarshal(token string, dst any) error

VerifyAndUnmarshal verifies the token and unmarshal the data into dst.

Example 
HMACKey := []byte("00000000000000000000000000000000")
verifier := NewVerifier(NewBlake3Verifier(HMACKey), nil, SignatureTypeBlake3)
result := new(TestStruct)
if err := verifier.VerifyAndUnmarshal("BkQAAAAAAAAApAEYKgJ4L3RoZSBhbnN3ZXIgdG8gbGlmZSwgdGhlIHVuaXZlcnNlIGFuZCBldmVyeXRoaW5nAwAESnNvbWUgYnl0ZXNfUfdgdxFn2YAdHaO3VFbnyNTQOKBjc1/dlonKx8vE/Q==", result); err != nil {
	panic(err)
}
fmt.Printf("A: %d, B: %s, C: %s, D: %s", result.A, result.B, result.C.Format("2006-01-02"), result.D)

Output:

A: 42, B: the answer to life, the universe and everything, C: 1970-01-01, D: some bytes

Source Files

View all Source files

Directories

Path Synopsis
internal
pkcs7

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.