Documentation ¶
Index ¶
- Constants
- func GenerateJoinCode() string
- func GroupAuthHash(joinCode, passphrase string) []byte
- func GroupDerivedKey(passphrase string) (*simplcrypto.SymKey, error)
- type Attempt
- func (*Attempt) Descriptor() ([]byte, []int)
- func (m *Attempt) GetAuthHashSignature() *simplcrypto.Signature
- func (m *Attempt) GetGroupUUID() string
- func (m *Attempt) GetMemberUUID() string
- func (m *Attempt) GetPubKey() *simplcrypto.SerializablePubKey
- func (m *Attempt) GetTimestamp() int64
- func (*Attempt) ProtoMessage()
- func (m *Attempt) Reset()
- func (m *Attempt) String() string
- func (m *Attempt) XXX_DiscardUnknown()
- func (m *Attempt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Attempt) XXX_Merge(src proto.Message)
- func (m *Attempt) XXX_Size() int
- func (m *Attempt) XXX_Unmarshal(b []byte) error
- type AttemptResponse
- func (*AttemptResponse) Descriptor() ([]byte, []int)
- func (m *AttemptResponse) GetEncChallenge() *simplcrypto.Message
- func (m *AttemptResponse) GetMasterPubKey() *simplcrypto.SerializablePubKey
- func (*AttemptResponse) ProtoMessage()
- func (m *AttemptResponse) Reset()
- func (m *AttemptResponse) String() string
- func (m *AttemptResponse) XXX_DiscardUnknown()
- func (m *AttemptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *AttemptResponse) XXX_Merge(src proto.Message)
- func (m *AttemptResponse) XXX_Size() int
- func (m *AttemptResponse) XXX_Unmarshal(b []byte) error
- type EncMemberSession
- type InternalAuthManager
- func (am *InternalAuthManager) AddGroup(group *MemberGroup) error
- func (am *InternalAuthManager) AttemptAuth(attempt *Attempt) (*EncMemberSession, error)
- func (am *InternalAuthManager) CheckAuth(session *Session) error
- func (am *InternalAuthManager) CheckAuthEnsureAdmin(session *Session) error
- func (am *InternalAuthManager) DeleteMemberAuth(memberUUID string) error
- func (am *InternalAuthManager) EncryptForMember(memberUUID string, msg []byte) (*simplcrypto.Message, error)
- func (am *InternalAuthManager) MemberPubkey(uuid string) (*simplcrypto.KeyPair, error)
- func (am *InternalAuthManager) VerifySignatureFromMember(memberUUID string, msg []byte, sig *simplcrypto.Signature) error
- type Manager
- type MemberAuth
- type MemberGroup
- func (*MemberGroup) Descriptor() ([]byte, []int)
- func (m *MemberGroup) GetAuthHash() []byte
- func (m *MemberGroup) GetJoinCode() string
- func (m *MemberGroup) GetName() string
- func (m *MemberGroup) GetUUID() string
- func (*MemberGroup) ProtoMessage()
- func (m *MemberGroup) Reset()
- func (m *MemberGroup) String() string
- func (m *MemberGroup) XXX_DiscardUnknown()
- func (m *MemberGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *MemberGroup) XXX_Merge(src proto.Message)
- func (m *MemberGroup) XXX_Size() int
- func (m *MemberGroup) XXX_Unmarshal(b []byte) error
- type Session
- func (*Session) Descriptor() ([]byte, []int)
- func (m *Session) GetGroupUUID() string
- func (m *Session) GetMemberUUID() string
- func (m *Session) GetSessionChallengeSig() *simplcrypto.Signature
- func (*Session) ProtoMessage()
- func (m *Session) Reset()
- func (m *Session) String() string
- func (m *Session) XXX_DiscardUnknown()
- func (m *Session) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *Session) XXX_Merge(src proto.Message)
- func (m *Session) XXX_Size() int
- func (m *Session) XXX_Unmarshal(b []byte) error
Constants ¶
const ( DefaultGroupUUID = "defaultgroupuuid" AdminGroupUUID = "admingroupuuid" PartnerGroupUUID = "partnergroupuuid" )
DefaultGroupUUID and others are consts for the internal (memory) auth manager
const ( GroupKeyIterations = 100000 GroupKeySaltString = "to there and back again" // TODO: store the salt with the group )
GroupKeyIterations and others are the consts for member auth
Variables ¶
This section is empty.
Functions ¶
func GenerateJoinCode ¶
func GenerateJoinCode() string
GenerateJoinCode generates a runner join code
func GroupAuthHash ¶
GroupAuthHash generates the auth hash from a Join Code and a passphrase
func GroupDerivedKey ¶
func GroupDerivedKey(passphrase string) (*simplcrypto.SymKey, error)
GroupDerivedKey derives a symmetric key from a passphrase
Types ¶
type Attempt ¶
type Attempt struct { MemberUUID string `protobuf:"bytes,1,opt,name=MemberUUID,proto3" json:"MemberUUID,omitempty"` GroupUUID string `protobuf:"bytes,2,opt,name=GroupUUID,proto3" json:"GroupUUID,omitempty"` PubKey *simplcrypto.SerializablePubKey `protobuf:"bytes,3,opt,name=PubKey,proto3" json:"PubKey,omitempty"` AuthHashSignature *simplcrypto.Signature `protobuf:"bytes,4,opt,name=AuthHashSignature,proto3" json:"AuthHashSignature,omitempty"` Timestamp int64 `protobuf:"varint,5,opt,name=Timestamp,proto3" json:"Timestamp,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*Attempt) Descriptor ¶
func (*Attempt) GetAuthHashSignature ¶
func (m *Attempt) GetAuthHashSignature() *simplcrypto.Signature
func (*Attempt) GetGroupUUID ¶
func (*Attempt) GetMemberUUID ¶
func (*Attempt) GetPubKey ¶
func (m *Attempt) GetPubKey() *simplcrypto.SerializablePubKey
func (*Attempt) GetTimestamp ¶
func (*Attempt) ProtoMessage ¶
func (*Attempt) ProtoMessage()
func (*Attempt) XXX_DiscardUnknown ¶
func (m *Attempt) XXX_DiscardUnknown()
func (*Attempt) XXX_Marshal ¶
func (*Attempt) XXX_Unmarshal ¶
type AttemptResponse ¶
type AttemptResponse struct { EncChallenge *simplcrypto.Message `protobuf:"bytes,1,opt,name=EncChallenge,proto3" json:"EncChallenge,omitempty"` MasterPubKey *simplcrypto.SerializablePubKey `protobuf:"bytes,2,opt,name=MasterPubKey,proto3" json:"MasterPubKey,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*AttemptResponse) Descriptor ¶
func (*AttemptResponse) Descriptor() ([]byte, []int)
func (*AttemptResponse) GetEncChallenge ¶
func (m *AttemptResponse) GetEncChallenge() *simplcrypto.Message
func (*AttemptResponse) GetMasterPubKey ¶
func (m *AttemptResponse) GetMasterPubKey() *simplcrypto.SerializablePubKey
func (*AttemptResponse) ProtoMessage ¶
func (*AttemptResponse) ProtoMessage()
func (*AttemptResponse) Reset ¶
func (m *AttemptResponse) Reset()
func (*AttemptResponse) String ¶
func (m *AttemptResponse) String() string
func (*AttemptResponse) XXX_DiscardUnknown ¶
func (m *AttemptResponse) XXX_DiscardUnknown()
func (*AttemptResponse) XXX_Marshal ¶
func (m *AttemptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*AttemptResponse) XXX_Merge ¶
func (m *AttemptResponse) XXX_Merge(src proto.Message)
func (*AttemptResponse) XXX_Size ¶
func (m *AttemptResponse) XXX_Size() int
func (*AttemptResponse) XXX_Unmarshal ¶
func (m *AttemptResponse) XXX_Unmarshal(b []byte) error
type EncMemberSession ¶
type EncMemberSession struct {
EncSessionChallenge *simplcrypto.Message
}
EncMemberSession is sent back to the member as an auth challenge
type InternalAuthManager ¶
type InternalAuthManager struct {
// contains filtered or unexported fields
}
InternalAuthManager manages the auth of members, with in-memory storage
func NewInternalAuthManager ¶
func NewInternalAuthManager(keyservice keyservice.KeyService) (*InternalAuthManager, error)
NewInternalAuthManager returns a new InternalAuthManager
func (*InternalAuthManager) AddGroup ¶
func (am *InternalAuthManager) AddGroup(group *MemberGroup) error
AddGroup adds a member group
func (*InternalAuthManager) AttemptAuth ¶
func (am *InternalAuthManager) AttemptAuth(attempt *Attempt) (*EncMemberSession, error)
AttemptAuth checks the auth request for a member TODO: consider including the group UUID in the crypto meat grinder?
func (*InternalAuthManager) CheckAuth ¶
func (am *InternalAuthManager) CheckAuth(session *Session) error
CheckAuth verifies a challenge signature is legit
func (*InternalAuthManager) CheckAuthEnsureAdmin ¶
func (am *InternalAuthManager) CheckAuthEnsureAdmin(session *Session) error
CheckAuthEnsureAdmin checks the auth against the admin group
func (*InternalAuthManager) DeleteMemberAuth ¶
func (am *InternalAuthManager) DeleteMemberAuth(memberUUID string) error
DeleteMemberAuth deletes a member's pubkey after it's been unregistered
func (*InternalAuthManager) EncryptForMember ¶
func (am *InternalAuthManager) EncryptForMember(memberUUID string, msg []byte) (*simplcrypto.Message, error)
EncryptForMember allows messages to be encrypted for members
func (*InternalAuthManager) MemberPubkey ¶
func (am *InternalAuthManager) MemberPubkey(uuid string) (*simplcrypto.KeyPair, error)
MemberPubkey returns the pubkey for an active member
func (*InternalAuthManager) VerifySignatureFromMember ¶
func (am *InternalAuthManager) VerifySignatureFromMember(memberUUID string, msg []byte, sig *simplcrypto.Signature) error
VerifySignatureFromMember allows messages to be encrypted for members
type Manager ¶
type Manager interface { AttemptAuth(attempt *Attempt) (*EncMemberSession, error) CheckAuth(session *Session) error CheckAuthEnsureAdmin(session *Session) error DeleteMemberAuth(uuid string) error AddGroup(group *MemberGroup) error MemberPubkey(uuid string) (*simplcrypto.KeyPair, error) EncryptForMember(memberUUID string, msg []byte) (*simplcrypto.Message, error) VerifySignatureFromMember(memberUUID string, msg []byte, sig *simplcrypto.Signature) error }
Manager describes the interface for things that are able to manage auth
type MemberAuth ¶
type MemberAuth struct { UUID string GroupUUID string SessionChallenge []byte PubKey *simplcrypto.KeyPair }
MemberAuth represents an existing member session
type MemberGroup ¶
type MemberGroup struct { UUID string `protobuf:"bytes,1,opt,name=UUID,proto3" json:"UUID,omitempty"` Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"` JoinCode string `protobuf:"bytes,3,opt,name=JoinCode,proto3" json:"JoinCode,omitempty"` AuthHash []byte `protobuf:"bytes,4,opt,name=AuthHash,proto3" json:"AuthHash,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*MemberGroup) Descriptor ¶
func (*MemberGroup) Descriptor() ([]byte, []int)
func (*MemberGroup) GetAuthHash ¶
func (m *MemberGroup) GetAuthHash() []byte
func (*MemberGroup) GetJoinCode ¶
func (m *MemberGroup) GetJoinCode() string
func (*MemberGroup) GetName ¶
func (m *MemberGroup) GetName() string
func (*MemberGroup) GetUUID ¶
func (m *MemberGroup) GetUUID() string
func (*MemberGroup) ProtoMessage ¶
func (*MemberGroup) ProtoMessage()
func (*MemberGroup) Reset ¶
func (m *MemberGroup) Reset()
func (*MemberGroup) String ¶
func (m *MemberGroup) String() string
func (*MemberGroup) XXX_DiscardUnknown ¶
func (m *MemberGroup) XXX_DiscardUnknown()
func (*MemberGroup) XXX_Marshal ¶
func (m *MemberGroup) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*MemberGroup) XXX_Merge ¶
func (m *MemberGroup) XXX_Merge(src proto.Message)
func (*MemberGroup) XXX_Size ¶
func (m *MemberGroup) XXX_Size() int
func (*MemberGroup) XXX_Unmarshal ¶
func (m *MemberGroup) XXX_Unmarshal(b []byte) error
type Session ¶
type Session struct { MemberUUID string `protobuf:"bytes,1,opt,name=MemberUUID,proto3" json:"MemberUUID,omitempty"` GroupUUID string `protobuf:"bytes,2,opt,name=GroupUUID,proto3" json:"GroupUUID,omitempty"` SessionChallengeSig *simplcrypto.Signature `protobuf:"bytes,3,opt,name=SessionChallengeSig,proto3" json:"SessionChallengeSig,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*Session) Descriptor ¶
func (*Session) GetGroupUUID ¶
func (*Session) GetMemberUUID ¶
func (*Session) GetSessionChallengeSig ¶
func (m *Session) GetSessionChallengeSig() *simplcrypto.Signature
func (*Session) ProtoMessage ¶
func (*Session) ProtoMessage()
func (*Session) XXX_DiscardUnknown ¶
func (m *Session) XXX_DiscardUnknown()