Documentation
¶
Index ¶
Constants ¶
const ( MAX_CHALLENGE_LENGTH = 2048 MAX_RESPONSE_LENGTH = 4096 DEFAULT_MAXBUF = 65536 )
const ( DES3 = iota RC4 DES RC4_56 RC4_40 )
Supported ciphers for 'auth-conf'
const ( DES_3_STRENGTH = sasl.HIGH_STRENGTH RC4_STRENGTH = sasl.HIGH_STRENGTH DES_STRENGTH = sasl.MEDIUM_STRENGTH RC4_56_STRENGTH = sasl.MEDIUM_STRENGTH RC4_40_STRENGTH = sasl.LOW_STRENGTH UNSET = byte(0) SECURITY_LAYER_MARKER = ":00000000000000000000000000000000" )
If QOP is set to 'auth-conf', a DIGEST-MD5 mechanism must have support for the DES and Triple DES cipher algorithms (optionally, support for RC4 [128/56/40 bit keys] ciphers) to provide for confidentiality. See RFC 2831 for details. This implementation provides support for DES, Triple DES and RC4 ciphers.
The value of strength effects the strength of cipher used. The mappings of 'high', 'medium', and 'low' give the following behaviour.
HIGH_STRENGTH - Triple DES
- RC4 (128bit)
MEDIUM_STRENGTH - DES
- RC4 (56bit)
LOW_SRENGTH - RC4 (40bit)
const ( CLIENT_INT_MAGIC = "golang sasl integrity client-to-server magic key" SVR_INT_MAGIC = "golang sasl integrity server-to-client magic key" CLIENT_CONF_MAGIC = "Digest H(A1) to client-to-server sealing key magic constant" SVR_CONF_MAGIC = "Digest H(A1) to server-to-client sealing key magic constant" )
Variables ¶
var ( CIPHER_MASKS = []byte{DES_3_STRENGTH, RC4_STRENGTH, DES_3_STRENGTH, RC4_56_STRENGTH, RC4_40_STRENGTH} CIPHER_TOKENS = []string{"3des", "rc4", "des", "rc4-56", "rc4-40"} JCE_CIPHER_NAME = []string{"DESede/CBC/NoPadding", "RC4", "DES/CBC/NoPadding"} )
var (
EMPTY_BYTE_SLICE = make([]byte, 0)
)
Functions ¶
This section is empty.
Types ¶
type Integrity ¶
type Integrity struct {
// contains filtered or unexported fields
}
Integrity is a implementation of the SecurityCtx interface allowing for messages between the client and server to be integrity checked. After a successful DIGEST-MD5 authentication, integrity checking is invoked if the SASL QOP is set to 'auth-int'.
func NewIntegrity ¶
NewIntegrity create a new instance of Integrity
func (*Integrity) IncrementSeqNum ¶
func (i *Integrity) IncrementSeqNum()
IncrementSeqNum increment own sequence number and set answer in NBO sequenceNum field.
type MD5Base ¶
MD5Base is a utility class for DIGEST-MD5 mechanism. Provides utility methods and contains two inner classes which implement the SecurityCtx interface. The inner classes provide the funtionality to allow for quality-of-protection (QOP) with integrity checking and privacy.
type Privacy ¶
type Privacy struct {
*Integrity
// contains filtered or unexported fields
}
Privacy is implementation of the SecurityCtx interface allowing for messages between the client and server to be integrity checked and encrypted. After a successful DIGEST-MD5 authentication, privacy is invoked if the SASL QOP (quality-of-protection) is set to 'auth-conf'.
func NewPrivacy ¶
NewPrivacy create a new Privacy instance for privacy check
type SecurityCtx ¶
type SecurityCtx interface {
// Wrap out-going message and return wrapped message
Wrap(dest []byte, start, len int) ([]byte, error)
// Unwrap incoming message and return original message
Unwrap(outgoing []byte, start, len int) ([]byte, error)
}
SecurityCtx is an interface used for classes implementing integrity checking and privacy for DIGEST-MD5 SASL mechanism implementation.
Source Files