Version: v0.0.0-...-75dfb8e Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Nov 9, 2016 License: BSD-2-Clause Imports: 19 Imported by: 0



Package passvault manages the vault containing user records on disk. It contains usernames and associated passwords which are stored hashed (with salt) using scrypt.

Copyright (c) 2013 CloudFlare, Inc.



View Source
const (
	RSARecord = "RSA"
	ECCRecord = "ECC"

Constants for record type

View Source
const (
	KEYLENGTH = 16    // 16-byte output from scrypt
	N         = 16384 // Cost parameter
	R         = 8     // Block size
	P         = 1     // Parallelization factor


Constants for scrypt


View Source
var DefaultRecordType = RSARecord


This section is empty.


type ECPublicKey

type ECPublicKey struct {
	Curve *elliptic.CurveParams
	X, Y  *big.Int

type PasswordRecord

type PasswordRecord struct {
	Type           string
	PasswordSalt   []byte
	HashedPassword []byte
	KeySalt        []byte
	RSAKey         struct {
		RSAExp      []byte
		RSAExpIV    []byte
		RSAPrimeP   []byte
		RSAPrimePIV []byte
		RSAPrimeQ   []byte
		RSAPrimeQIV []byte
		RSAPublic   rsa.PublicKey
	ECKey struct {
		ECPriv   []byte
		ECPrivIV []byte
		ECPublic ECPublicKey
	AltNames map[string]string
	Admin    bool

PasswordRecord is the structure used to store password and key material for a single user name. It is written and read from storage in JSON format.

func (*PasswordRecord) EncryptKey

func (pr *PasswordRecord) EncryptKey(in []byte) (out []byte, err error)

EncryptKey encrypts a 16-byte key with the RSA or EC key of the record.

func (*PasswordRecord) GetKeyECC

func (pr *PasswordRecord) GetKeyECC(password string) (key *ecdsa.PrivateKey, err error)

GetKeyECC returns the ECDSA private key of the record given the correct password.

func (*PasswordRecord) GetKeyECCPub

func (pr *PasswordRecord) GetKeyECCPub() (out *ecdsa.PublicKey, err error)

GetKeyECCPub returns the ECDSA public key out of the record.

func (*PasswordRecord) GetKeyRSA

func (pr *PasswordRecord) GetKeyRSA(password string) (key rsa.PrivateKey, err error)

GetKeyRSA returns the RSA private key of the record given the correct password.

func (*PasswordRecord) GetKeyRSAPub

func (pr *PasswordRecord) GetKeyRSAPub() (out *rsa.PublicKey, err error)

GetKeyRSAPub returns the RSA public key of the record.

func (*PasswordRecord) GetType

func (pr *PasswordRecord) GetType() string

GetType returns the type status of the PasswordRecord.

func (*PasswordRecord) IsAdmin

func (pr *PasswordRecord) IsAdmin() bool

IsAdmin returns the admin status of the PasswordRecord.

func (*PasswordRecord) ValidatePassword

func (pr *PasswordRecord) ValidatePassword(password string) error

ValidatePassword returns an error if the password is incorrect.

type Records

type Records struct {
	Version   int
	VaultId   int
	HmacKey   []byte
	Passwords map[string]PasswordRecord
	// contains filtered or unexported fields

Records is the structure used to read and write a JSON file containing the contents of a password vault

func InitFrom

func InitFrom(path string) (records Records, err error)

InitFrom reads the record from disk and initialize global context.

func (*Records) AddNewRecord

func (records *Records) AddNewRecord(name, password string, admin bool, userType string) (PasswordRecord, error)

AddNewRecord adds a new record for a given username and password.

func (*Records) ChangePassword

func (records *Records) ChangePassword(name, password, newPassword, hipchatName string) (err error)

ChangePassword changes the password for a given user.

func (*Records) DeleteRecord

func (records *Records) DeleteRecord(name string) error

DeleteRecord deletes a given record.

func (*Records) GetAltNameFromName

func (records *Records) GetAltNameFromName(alt, name string) (altName string, found bool)

func (*Records) GetAltNamesFromName

func (r *Records) GetAltNamesFromName(alt string, names []string) map[string]string

func (*Records) GetHMACKey

func (records *Records) GetHMACKey() (key []byte, err error)

GetHMACKey returns the hmac key of the current vault.

func (*Records) GetRecord

func (records *Records) GetRecord(name string) (PasswordRecord, bool)

GetRecord returns a record given a name.

func (*Records) GetSummary

func (records *Records) GetSummary() (summary map[string]Summary)

GetSummary returns a summary of the records on disk.

func (*Records) GetVaultID

func (records *Records) GetVaultID() (id int, err error)

GetVaultID returns the id of the current vault.

func (*Records) MakeAdmin

func (records *Records) MakeAdmin(name string) error

MakeAdmin adds admin status to a given record.

func (*Records) NumRecords

func (records *Records) NumRecords() int

NumRecords returns the number of records in the vault.

func (*Records) RevokeRecord

func (records *Records) RevokeRecord(name string) error

RevokeRecord removes admin status from a record.

func (*Records) SetRecord

func (records *Records) SetRecord(pr PasswordRecord, name string)

SetRecord puts a record into the global status.

func (*Records) WriteRecordsToDisk

func (records *Records) WriteRecordsToDisk() error

WriteRecordsToDisk saves the current state of the records to disk.

type Summary

type Summary struct {
	Admin bool
	Type  string

Summary is a minmial account summary.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL