passvault

package
Version: v0.0.0-...-75dfb8e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 9, 2016 License: BSD-2-Clause Imports: 19 Imported by: 0

Documentation

Overview

Package passvault manages the vault containing user records on disk. It contains usernames and associated passwords which are stored hashed (with salt) using scrypt.

Copyright (c) 2013 CloudFlare, Inc.

Index

Constants

View Source
const (
	RSARecord = "RSA"
	ECCRecord = "ECC"
)

Constants for record type

View Source
const (
	KEYLENGTH = 16    // 16-byte output from scrypt
	N         = 16384 // Cost parameter
	R         = 8     // Block size
	P         = 1     // Parallelization factor

	DEFAULT_VERSION = 1
)

Constants for scrypt

Variables

View Source
var DefaultRecordType = RSARecord

Functions

This section is empty.

Types

type ECPublicKey

type ECPublicKey struct {
	Curve *elliptic.CurveParams
	X, Y  *big.Int
}

type PasswordRecord

type PasswordRecord struct {
	Type           string
	PasswordSalt   []byte
	HashedPassword []byte
	KeySalt        []byte
	RSAKey         struct {
		RSAExp      []byte
		RSAExpIV    []byte
		RSAPrimeP   []byte
		RSAPrimePIV []byte
		RSAPrimeQ   []byte
		RSAPrimeQIV []byte
		RSAPublic   rsa.PublicKey
	}
	ECKey struct {
		ECPriv   []byte
		ECPrivIV []byte
		ECPublic ECPublicKey
	}
	AltNames map[string]string
	Admin    bool
}

PasswordRecord is the structure used to store password and key material for a single user name. It is written and read from storage in JSON format.

func (*PasswordRecord) EncryptKey

func (pr *PasswordRecord) EncryptKey(in []byte) (out []byte, err error)

EncryptKey encrypts a 16-byte key with the RSA or EC key of the record.

func (*PasswordRecord) GetKeyECC

func (pr *PasswordRecord) GetKeyECC(password string) (key *ecdsa.PrivateKey, err error)

GetKeyECC returns the ECDSA private key of the record given the correct password.

func (*PasswordRecord) GetKeyECCPub

func (pr *PasswordRecord) GetKeyECCPub() (out *ecdsa.PublicKey, err error)

GetKeyECCPub returns the ECDSA public key out of the record.

func (*PasswordRecord) GetKeyRSA

func (pr *PasswordRecord) GetKeyRSA(password string) (key rsa.PrivateKey, err error)

GetKeyRSA returns the RSA private key of the record given the correct password.

func (*PasswordRecord) GetKeyRSAPub

func (pr *PasswordRecord) GetKeyRSAPub() (out *rsa.PublicKey, err error)

GetKeyRSAPub returns the RSA public key of the record.

func (*PasswordRecord) GetType

func (pr *PasswordRecord) GetType() string

GetType returns the type status of the PasswordRecord.

func (*PasswordRecord) IsAdmin

func (pr *PasswordRecord) IsAdmin() bool

IsAdmin returns the admin status of the PasswordRecord.

func (*PasswordRecord) ValidatePassword

func (pr *PasswordRecord) ValidatePassword(password string) error

ValidatePassword returns an error if the password is incorrect.

type Records

type Records struct {
	Version   int
	VaultId   int
	HmacKey   []byte
	Passwords map[string]PasswordRecord
	// contains filtered or unexported fields
}

Records is the structure used to read and write a JSON file containing the contents of a password vault

func InitFrom

func InitFrom(path string) (records Records, err error)

InitFrom reads the record from disk and initialize global context.

func (*Records) AddNewRecord

func (records *Records) AddNewRecord(name, password string, admin bool, userType string) (PasswordRecord, error)

AddNewRecord adds a new record for a given username and password.

func (*Records) ChangePassword

func (records *Records) ChangePassword(name, password, newPassword, hipchatName string) (err error)

ChangePassword changes the password for a given user.

func (*Records) DeleteRecord

func (records *Records) DeleteRecord(name string) error

DeleteRecord deletes a given record.

func (*Records) GetAltNameFromName

func (records *Records) GetAltNameFromName(alt, name string) (altName string, found bool)

func (*Records) GetAltNamesFromName

func (r *Records) GetAltNamesFromName(alt string, names []string) map[string]string

func (*Records) GetHMACKey

func (records *Records) GetHMACKey() (key []byte, err error)

GetHMACKey returns the hmac key of the current vault.

func (*Records) GetRecord

func (records *Records) GetRecord(name string) (PasswordRecord, bool)

GetRecord returns a record given a name.

func (*Records) GetSummary

func (records *Records) GetSummary() (summary map[string]Summary)

GetSummary returns a summary of the records on disk.

func (*Records) GetVaultID

func (records *Records) GetVaultID() (id int, err error)

GetVaultID returns the id of the current vault.

func (*Records) MakeAdmin

func (records *Records) MakeAdmin(name string) error

MakeAdmin adds admin status to a given record.

func (*Records) NumRecords

func (records *Records) NumRecords() int

NumRecords returns the number of records in the vault.

func (*Records) RevokeRecord

func (records *Records) RevokeRecord(name string) error

RevokeRecord removes admin status from a record.

func (*Records) SetRecord

func (records *Records) SetRecord(pr PasswordRecord, name string)

SetRecord puts a record into the global status.

func (*Records) WriteRecordsToDisk

func (records *Records) WriteRecordsToDisk() error

WriteRecordsToDisk saves the current state of the records to disk.

type Summary

type Summary struct {
	Admin bool
	Type  string
}

Summary is a minmial account summary.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL