Documentation ¶
Overview ¶
Package auth implements the common key exchange and authentication bits between SOMA service and client.
Index ¶
- Variables
- func Verify(name, addr string, token, key, seed, expires, salt []byte) bool
- func VerifyExtracted(name, addr string, token, key, seed, expires, salt []byte) bool
- type Kex
- func (k *Kex) DecodeAndDecrypt(encoded, plaintext *[]byte) error
- func (k *Kex) EncryptAndEncode(plaintext, encoded *[]byte) error
- func (k *Kex) GenerateNewKeypair() error
- func (k *Kex) GenerateNewRequestID()
- func (k *Kex) GenerateNewVector() error
- func (k *Kex) IsExpired() bool
- func (k *Kex) IsSameSource(ip net.IP) bool
- func (k *Kex) IsSameSourceExtractedString(addr string) bool
- func (k *Kex) IsSameSourceString(addr string) bool
- func (k *Kex) NextNonce() *[24]byte
- func (k *Kex) PeerKey() *[32]byte
- func (k *Kex) PrivateKey() *[32]byte
- func (k *Kex) PublicKey() *[32]byte
- func (k *Kex) SetIPAddress(r *http.Request)
- func (k *Kex) SetIPAddressExtractedString(addr string)
- func (k *Kex) SetIPAddressString(addr string)
- func (k *Kex) SetPeerKey(pk *[32]byte)
- func (k *Kex) SetRequestUUID(s string) error
- func (k *Kex) SetTimeUTC()
- type Token
Constants ¶
This section is empty.
Variables ¶
var ErrAuth = errors.New("Authentication failed")
ErrAuth indicates an authentication failure
var ErrCrypt = errors.New(`Encryption/decryption error`)
ErrCrypt is returned if encryption or decryption of data failed
var ErrInput = errors.New("Invalid input")
ErrInput is returned if tokens can not be generated due to misconfiguration
var KexExpirySeconds uint64 = 60
KexExpirySeconds can be set to regulate how fast an open KexRequest expires
var TokenExpirySeconds uint64 = 43200
TokenExpirySeconds can be set to regulate the lifetime of newly issued authentication tokens. The default value is 43200, or 12 hours.
Functions ¶
func VerifyExtracted ¶
VerifyExtracted checks a user supplied username and token pair
Types ¶
type Kex ¶
type Kex struct { Public string `json:"public_key"` Request uuid.UUID `json:"request,omitempty"` InitializationVector string `json:"initialization_vector"` // contains filtered or unexported fields }
func NewKex ¶
func NewKex() *Kex
NewKex returns a Kex with a set random InitializationVector and new generated random keypair
func (*Kex) DecodeAndDecrypt ¶
DecodeAndDecrypt takes a base64 encoded message and decrypts it using the exchanged keys.
func (*Kex) EncryptAndEncode ¶
EncryptAndEncode takes a plaintext messages and encrypts it using the exchanged keys. The ciphertext is then encoded as base64.
func (*Kex) GenerateNewKeypair ¶
GenerateNewKeypair generate a new public,private Keypair
func (*Kex) GenerateNewRequestID ¶
func (k *Kex) GenerateNewRequestID()
GenerateNewRequestID generate a new UUIDv4 for this Kex
func (*Kex) GenerateNewVector ¶
GenerateNewVector generates a new random Initialization Vector
func (*Kex) IsExpired ¶
IsExpired returns true if the Kex-Exchange is more than KexExpirySeconds seconds old
func (*Kex) IsSameSource ¶
IsSameSource returns true if the paramter IP address is the same as the one recorded in the Kex
func (*Kex) IsSameSourceExtractedString ¶
IsSameSourceExtractedString return true if the parameter IP address is the same as the one recorded in the Kex
func (*Kex) IsSameSourceString ¶
IsSameSourceString returns true if the paramter IP address is same as the one recorded in the Kex
func (*Kex) NextNonce ¶
NextNonce returns the next nonce to use. Nonces are built by interpreting the IV as a positive integer number and adding the count of requested nonces; thus implementing a simple non-repeating counter. The IV itself is never used as a nonce. Returns nil on error
func (*Kex) PeerKey ¶
PeerKey returns the public key of the kex peer, or nil if it has not been set yet.
func (*Kex) PrivateKey ¶
PrivateKey returns our private key for this kex, or nil if it has not been set yet.
func (*Kex) PublicKey ¶
PublicKey returns our public key for this key exchange, or nil if it has not been set yet.
func (*Kex) SetIPAddress ¶
SetIPAddress records the client's IP address
func (*Kex) SetIPAddressExtractedString ¶
SetIPAddressExtractedString records the client's IP address
func (*Kex) SetIPAddressString ¶
SetIPAddressString records the client's IP address
func (*Kex) SetPeerKey ¶
SetPeerKey sets the kex peer public key
func (*Kex) SetRequestUUID ¶
SetRequestUUID sets the UUID of this Kex from a string
func (*Kex) SetTimeUTC ¶
func (k *Kex) SetTimeUTC()
SetTimeUTC records the current time within the Kex
type Token ¶
type Token struct { UserName string `json:"username"` Password string `json:"password,omitempty"` Token string `json:"token,omitempty"` ValidFrom string `json:"validFrom,omitempty"` ExpiresAt string `json:"expiresAt,omitempty"` Salt string `json:"-"` SourceIP net.IP `json:"-"` }
Token is the data passed between client and server to authenticate the client and issue a token for it that can be used as HTTP Basic Auth password.
func (*Token) Generate ¶
Generate verifies a the embedded credentials in Token and issues a new token to be returned to the user. Calling GenerateToken consumes the embedded password regardless of outcome. Returns ErrAuth if the password is incorrect.
func (*Token) SetIPAddress ¶
SetIPAddress records the client's IP address
func (*Token) SetIPAddressExtractedString ¶
SetIPAddressExtractedString records the client's IP address
func (*Token) SetIPAddressString ¶
SetIPAddressString records the client's IP address