pbkdf2

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 9, 2024 License: BSD-3-Clause Imports: 13 Imported by: 1

Documentation

Overview

Package pbkdf2 provides salt generation, hashing and verification for x/crypto/pbkdf2. RFC 8018 / PKCS #5 v2.1 specification allows use of all five FIPS Approved Hash Functions SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 for HMAC. All of the above are supported by the Verifier or through specific constuctor functions of the Hasher.

Index

Constants

View Source 
const (
	IdentifierSHA1   = "pbkdf2"
	IdentifierSHA224 = IdentifierSHA1 + "-sha224"
	IdentifierSHA256 = IdentifierSHA1 + "-sha256"
	IdentifierSHA384 = IdentifierSHA1 + "-sha384"
	IdentifierSHA512 = IdentifierSHA1 + "-sha512"

	Prefix = "$" + IdentifierSHA1
)

Identifiers and prefixes that describe a pbkdf2 encoded hash string.

View Source 
const Format = "$%s$%d$%s$%s"

Format of the Modular Crypt Format, as used by passlib. See https://passlib.readthedocs.io/en/stable/lib/passlib.hash.pbkdf2_digest.html#format-algorithm

Variables

View Source 
var (
	RecommendedSHA1Params = Params{
		Rounds:  290000,
		KeyLen:  sha1.Size,
		SaltLen: 16,
	}
	RecommendedSHA224Params = Params{
		Rounds:  290000,
		KeyLen:  sha256.Size224,
		SaltLen: 16,
	}
	RecommendedSHA256Params = Params{
		Rounds:  290000,
		KeyLen:  sha256.Size,
		SaltLen: 16,
	}
	RecommendedSHA384Params = Params{
		Rounds:  290000,
		KeyLen:  sha512.Size384,
		SaltLen: 16,
	}
	RecommendedSHA512Params = Params{
		Rounds:  290000,
		KeyLen:  sha512.Size,
		SaltLen: 16,
	}
)

Recommended parameters are based on passlib's defaults.

View Source 
var Verifier = verifier.VerifyFunc(Verify)

Functions

func Verify 

func Verify(encoded, password string) (verifier.Result, error)

Verify parses encoded and uses its pbkdf2 parameters to verify password against its hash. The HMAC message authentication scheme is taken from the encoded string. Currently SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 are suppored.

Verify accepts hash and password encoding in standard base 64 or the alternative base64 encoding as defined by passlib. This is standard encoding with `+` replaced by `.` without padding.

Types

type Hasher 

type Hasher struct {
	// contains filtered or unexported fields
}

func NewSHA1 

func NewSHA1(p Params) *Hasher

NewSHA1 returns a pbkdf2 SHA1 Hasher.

func NewSHA224 

func NewSHA224(p Params) *Hasher

NewSHA224 returns a pbkdf2 SHA224 Hasher.

func NewSHA256 

func NewSHA256(p Params) *Hasher

NewSHA256 returns a pbkdf2 SHA256 Hasher.

func NewSHA384 

func NewSHA384(p Params) *Hasher

NewSHA384 returns a pbkdf2 SHA384 Hasher.

func NewSHA512 

func NewSHA512(p Params) *Hasher

NewSHA512 returns a pbkdf2 SHA512 Hasher.

func (*Hasher) Hash 

func (h *Hasher) Hash(password string) (string, error)

Hash implements passwap.Hasher. Salt and password hashes are encoded using the alternative base64 encoding as defined by passlib. This is standard encoding with `+` replaced by `.` without padding.

func (*Hasher) Verify 

func (h *Hasher) Verify(encoded, password string) (verifier.Result, error)

Verify implements passwap.Verifier

type Params 

type Params struct {
	Rounds  uint32
	KeyLen  uint32
	SaltLen uint32
	// contains filtered or unexported fields
}

Params are used for all hasher modes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.