crsign

package
v2.1.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 27, 2018 License: MIT Imports: 6 Imported by: 7

Documentation

Overview

Package crsign provides functionality for signing challenge data in challenge-response authentication.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RespondChallenge

func RespondChallenge(pass string, c *wamp.Challenge, h func() hash.Hash) string

RespondChallenge is used by clients to sign the challenge string contained in the CHALLENGE message using the given password. If the CHALLENGE message contains salting information, then a derived key is computed using PBKDF2, and that derived key is used to sign the challenge string. If there is no salt, then no derived key is computed and the raw password is used to sign the challenge, which is identical to calling SignChallenge().

Set h to nil to use default hash sha256. This is provided in case the server-side PBKDF2 uses a different hash algorithm.

Example Client Use:

func clientCRAuthFunc(c *wamp.Challenge) (string, wamp.Dict) {
    // Get user password and return signature.
    password := AskUserPassoword()
    return RespondChallenge(password, c, nil), wamp.Dict{}
}

// Configure and create new client.
cfg := client.Config{
    ...
    AuthHandlers: map[string]client.AuthFunc{
        "wampcra": clientCRAuthFunc,
    },
}
cli, err = client.ConnectNet(routerAddr, cfg)

func SignChallenge

func SignChallenge(ch string, key []byte) string

SignChallenge computes the HMAC-SHA256, using the given key, over the challenge string, and returns the result as a base64-encoded string.

func SignChallengeBytes

func SignChallengeBytes(ch string, key []byte) []byte

SignChallenge computes the HMAC-SHA256, using the given key, over the challenge string, and returns the result.

func VerifySignature

func VerifySignature(sig, chal string, key []byte) bool

VerifySignature compares a signature to a signature that the computed over the given chalenge string using the key. The signature is a base64-encoded string, generally presented by a client, and the challenge string and key are used to compute the expected HMAC signature. If these are the same, then true is returned.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL