Documentation ¶
Index ¶
- Constants
- Variables
- func Argon2PreimageChallenge(b64Challenge string, deadlineUnixMilli int64) (b64Solution string, err error)
- func ECDLPChallenge(b64Challenge string, deadlineUnixMilli int64) (b64Solution string, err error)
- func GetModulusKey() string
- func HashPassword(authVersion int, password []byte, userName string, salt, modulus []byte) ([]byte, error)
- func MailboxPassword(password []byte, salt []byte) (hashed []byte, err error)
- func RandomBits(bits int) ([]byte, error)
- func RandomBytes(byes int) (raw []byte, err error)
- func VersionNumber() string
- type Auth
- type Proofs
- type Server
Constants ¶
const Version string = "0.0.7"
Variables ¶
var ( // ErrDataAfterModulus found extra data after decode the modulus ErrDataAfterModulus = errors.New("pm-srp: extra data after modulus") // ErrInvalidSignature invalid modulus signature ErrInvalidSignature = errors.New("pm-srp: invalid modulus signature") RandReader = rand.Reader )
var DeadlineExceeded error = deadlineExceededError{}
Implementation following the "context" package
Functions ¶
func Argon2PreimageChallenge ¶ added in v0.0.4
func Argon2PreimageChallenge(b64Challenge string, deadlineUnixMilli int64) (b64Solution string, err error)
Argon2PreimageChallenge computes the base64 solution for a given Argon2 base64 challenge within deadlineUnixMilli milliseconds, if any was found. Deadlines are measured on the wall clock, not the monotonic clock, due to unreliability on mobile devices. deadlineUnixMilli = -1 means unlimited time.
func ECDLPChallenge ¶
ECDLPChallenge computes the base64 solution for a given ECDLP base64 challenge within deadlineUnixMilli milliseconds, if any was found. Deadlines are measured on the wall clock, not the monotonic clock, due to unreliability on mobile devices. deadlineUnixMilli = -1 means unlimited time.
func GetModulusKey ¶
func GetModulusKey() string
func HashPassword ¶
func HashPassword(authVersion int, password []byte, userName string, salt, modulus []byte) ([]byte, error)
HashPassword returns the hash of password argument. Based on version number following arguments are used in addition to password: * 0, 1, 2: userName and modulus * 3, 4: salt and modulus
func MailboxPassword ¶
MailboxPassword get mailbox password hash
Parameters:
- password []byte: a mailbox password
- salt []byte: a salt is random 128 bits data
Returns:
- hashed []byte: a hashed password
- err error: throw error
func RandomBits ¶
func RandomBytes ¶
Types ¶
type Auth ¶
Auth stores byte data for the calculation of SRP proofs.
- Changed SrpAuto to Auth because the name will be used as srp.SrpAuto by other packages and as SrpSrpAuth on mobile
- Also the data from the API called Auth. it could be match the meaning and reduce the confusion
func NewAuth ¶
func NewAuth(version int, username string, password []byte, b64salt, signedModulus, serverEphemeral string) (auth *Auth, err error)
NewAuth Creates new Auth from strings input. Salt and server ephemeral are in base64 format. Modulus is base64 with signature attached. The signature is verified against server key. The version controls password hash algorithm.
Parameters:
- version int: The *x* component of the vector.
- username string: The *y* component of the vector.
- password []byte: The *z* component of the vector.
- b64salt string: The std-base64 formatted salt
Returns:
- auth *Auth: the pre calculated auth information
- err error: throw error
Usage:
Warnings:
- Be careful! Poos can hurt.
func NewAuthForVerifier ¶
func NewAuthForVerifier(password []byte, signedModulus string, rawSalt []byte) (auth *Auth, err error)
NewAuthForVerifier Creates new Auth from strings input. Salt and server ephemeral are in base64 format. Modulus is base64 with signature attached. The signature is verified against server key. The version controls password hash algorithm.
Parameters:
- version int: The *x* component of the vector.
- username string: The *y* component of the vector.
- password []byte: The *z* component of the vector.
- salt string:
Returns:
- auth *Auth: the pre calculated auth information
- err error: throw error
Usage:
Warnings:
- none.
func (*Auth) GenerateProofs ¶
GenerateProofs calculates SPR proofs.
type Proofs ¶
type Proofs struct {
ClientProof, ClientEphemeral, ExpectedServerProof []byte
// contains filtered or unexported fields
}
Proofs Srp Proofs object. Changed SrpProofs to Proofs because the name will be used as srp.SrpProofs by other packages and as SrpSrpProofs on mobile ClientProof []byte client proof ClientEphemeral []byte calculated from ExpectedServerProof []byte
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server stores the internal state for the validation of SRP proofs.
func NewServerFromSigned ¶
NewServerFromSigned creates a new server instance from the signed modulus and the binary verifier.
func NewServerWithSecret ¶
func NewServerWithSecret(modulusBytes, verifier, secretBytes []byte, bitLength int) (*Server, error)
NewServerWithSecret creates a new server instance without generating a random secret from the raw binary data. Use with caution as the secret should not be reused.
func (*Server) GenerateChallenge ¶
GenerateChallenge is the first step for SRP exchange, and generates a valid challenge for the provided verifier.
func (*Server) GetSharedSession ¶
GetSharedSession returns the shared secret as byte if the session has concluded in valid state.
func (*Server) IsCompleted ¶
IsCompleted returns true if the exchange has been concluded in valid state.
func (*Server) VerifyProofs ¶
func (s *Server) VerifyProofs(clientEphemeralBytes, clientProofBytes []byte) (serverProof []byte, err error)
VerifyProofs Verifies the client proof and - if valid - generates the shared secret and returnd the server proof. It concludes the exchange in valid state if successful.