Documentation ¶
Overview ¶
Package pss provides some Password Storage Schemes which is defined in https://tools.ietf.org/html/rfc3112
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrPasswdNotMatch = errors.New("password not matching") ErrInvalidSyntax = errors.New("invalid password storage syntax") ErrUnknownScheme = errors.New("unknown password storage scheme") )
common errors
var All = make(Schemes, 1)
All includes all supported password storage scheme
var Bcrypt = &Scheme{ Name: "BCRYPT", Encrypter: func(plain []byte, args ...interface{}) ([]byte, error) { return bcrypt.GenerateFromPassword(plain, bcrypt.DefaultCost) }, Verifier: func(plain, encoded []byte, args ...interface{}) error { return bcrypt.CompareHashAndPassword(encoded, plain) }, }
Bcrypt stores password as bcypt hash.
var DefaultScheme = "BCRYPT"
DefaultScheme is the name of default password storage scheme
var PBKDF2 = &Scheme{ Name: "PBKDF2", Encrypter: func(plain []byte, args ...interface{}) ([]byte, error) { salt := generateSalt(defaultSaltLen) encodedPwd := pbkdf2.Key(plain, salt, defaultIterations, defaultKeyLen, defaultHashFunc) e := concatSlices(salt, encodedPwd) return e, nil }, Verifier: func(plain, encoded []byte, args ...interface{}) error { salt := encoded[:defaultSaltLen] passwd := encoded[defaultSaltLen:] encodedPwd := pbkdf2.Key(plain, salt, defaultIterations, defaultKeyLen, defaultHashFunc) if bytes.Compare(passwd, encodedPwd) != 0 { return ErrPasswdNotMatch } return nil }, }
PBKDF2 stores password with pbkdf2
var Plain = &Scheme{ Name: "PLAIN", Encrypter: func(plain []byte, args ...interface{}) ([]byte, error) { return plain, nil }, Verifier: func(plain, encoded []byte, args ...interface{}) error { if string(plain) == string(encoded) { return nil } return ErrPasswdNotMatch }, }
Plain stores password as plain text. This should be used for test only
var SSHA = &Scheme{ Name: "SSHA", Encrypter: func(plain []byte, args ...interface{}) ([]byte, error) { salt := generateSalt(sha1.Size) saltAndPlain := concatSlices(plain, salt) passwd := sha1.Sum(saltAndPlain) encoded := concatSlices(salt, passwd[:]) return encoded, nil }, Verifier: func(plain, encoded []byte, args ...interface{}) error { salt := encoded[:sha1.Size] passwd := encoded[sha1.Size:] saltAndPlain := concatSlices(plain, salt) e := sha1.Sum(saltAndPlain) if !bytes.Equal(passwd, e[:]) { return ErrPasswdNotMatch } return nil }, }
SSHA using a salted SHA-1 checksum of the data.
var SSHA256 = &Scheme{ Name: "SSHA256", Encrypter: func(plain []byte, args ...interface{}) ([]byte, error) { salt := generateSalt(sha256.Size) saltAndPlain := concatSlices(plain, salt) passwd := sha256.Sum256(saltAndPlain) encoded := concatSlices(salt, passwd[:]) return encoded, nil }, Verifier: func(plain, encoded []byte, args ...interface{}) error { salt := encoded[:sha256.Size] passwd := encoded[sha256.Size:] saltAndPlain := concatSlices(plain, salt) e := sha256.Sum256(saltAndPlain) if !bytes.Equal(passwd, e[:]) { return ErrPasswdNotMatch } return nil }, }
SSHA256 using a salted 256-bit version of SHa-2 Secure Hash Algorithm
var SSHA512 = &Scheme{ Name: "SSHA512", Encrypter: func(plain []byte, args ...interface{}) ([]byte, error) { salt := generateSalt(sha512.Size) saltAndPlain := concatSlices(plain, salt) passwd := sha512.Sum512(saltAndPlain) encoded := concatSlices(salt, passwd[:]) return encoded, nil }, Verifier: func(plain, encoded []byte, args ...interface{}) error { salt := encoded[:sha512.Size] passwd := encoded[sha512.Size:] saltAndPlain := concatSlices(plain, salt) e := sha512.Sum512(saltAndPlain) if !bytes.Equal(passwd, e[:]) { return ErrPasswdNotMatch } return nil }, }
SSHA512 using a salted 512-bit version of SHa-2 Secure Hash Algorithm
Functions ¶
Types ¶
type APS ¶
type APS struct {
Scheme *Scheme
}
APS represents authentication password syntax, see rfc3112
type Scheme ¶
type Scheme struct { Name string // Scheme name, Must be 0-9, A-Z, "-", ".", "/", or "_" Encrypter func(plain []byte, args ...interface{}) ([]byte, error) Verifier func(plain, encoded []byte, args ...interface{}) error // nil for matching }
Scheme represents Password Storage Scheme which is described in https://tools.ietf.org/html/rfc3112