security

package
v0.0.0-...-f15f0a0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 3, 2021 License: GPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GeneratePasswordHash 

func GeneratePasswordHash(plainTextPassword string, iterations uint32) (string, error)

GeneratePasswordHash generates a password hash from its plaintext form.

This uses Argon2id key derivation function.

https://en.wikipedia.org/wiki/Argon2

func GenerateRandomBase64 

func GenerateRandomBase64(length uint) (string, error)

GenerateRandomBase64 generates a cryptograhically secure random vector of bytes of specified encoded as base64.

func GenerateSignedCSRFID 

func GenerateSignedCSRFID(plaintextCSRFID string, secretKey []byte) (string, error)

GenerateSignedCSRFID generates a signed and hashed CSRF ID from its plaintext form using provided secret key.

This uses HMAC with SHA512 for hashing.

func GenerateSignedJWT 

func GenerateSignedJWT(payload *Claims, privateKeyBytes []byte) (string, error)

GenerateSignedJWT generates a JWT token from payload signed by a private key.

This uses an ECDSA P-521 asymmetric encryption with SHA-512 hashing.

https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

func VerifyPasswordHash 

func VerifyPasswordHash(plaintextPassword string, passwordHash string) error

VerifyPasswordHash verfies that password hash was generated from the plaintext password.

func VerifySignedCSRFID 

func VerifySignedCSRFID(plaintextCSRFID string, hashedCSRFID string, secretKey []byte) error

VerifySignedCSRFID verfies that hashed/signed CSRF ID was generated from the plaintext CSRF ID using specified secret key.

Types

type ActionKind 

type ActionKind string

ActionKind represents a Claim Action kind 

const (
	PreSession     ActionKind = "PreSession"
	SessionAccess  ActionKind = "SessionAccess"
	SessionRefresh ActionKind = "SessionRefresh"
)

...

type Claims 

type Claims struct {
	StandardClaims
	Email        string     `json:"email,omitempty"`
	SignedCSRFID string     `json:"signed_csrf_id,omitempty"`
	Action       ActionKind `json:"action,omitempty"`
}

Claims is a custom claims type wrapping JWT standard claims.

func DecodeAndVerifySignedJWT 

func DecodeAndVerifySignedJWT(tokenString string, publicKeyBytes []byte) (*Claims, error)

DecodeAndVerifySignedJWT decodes and verifies that the token was signed with associated private key as well as still within expriration limit.

func GeneratePreSessionClaims 

func GeneratePreSessionClaims(signedCSRFID string, expirationInSeconds int) *Claims

GeneratePreSessionClaims generates JWT claims for a pre-session user.

func GenerateSessionClaims 

func GenerateSessionClaims(subject string, email string, signedCSRFID string, action ActionKind, expirationInSeconds int) *Claims

GenerateSessionClaims generates JWT claims for a session user.

type StandardClaims 

type StandardClaims struct {
	Issuer    string `json:"iss,omitempty"`
	Subject   string `json:"sub,omitempty"`
	ExpiresAt int64  `json:"exp,omitempty"`
	IssuedAt  int64  `json:"iat,omitempty"`
}

StandardClaims standard claims

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.