challenge

package
v1.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2026 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ChallengeSize = 32               // 256 bits
	ResponseSize  = 64               // SHA512 output size
	AuthTimeout   = 10 * time.Second // Maximum time for auth handshake
	MinTokenSize  = 16               // Minimum token length in bytes
)

Variables

This section is empty.

Functions

func ComputeResponse 

func ComputeResponse(token, challenge []byte) []byte

ComputeResponse computes HMAC-SHA512(token, challenge)

func GenerateChallenge 

func GenerateChallenge() ([]byte, error)

GenerateChallenge creates a cryptographically secure random challenge

func New 

func New(token []byte) (auth.Auth, error)

New creates a new challenge-response authenticator. The token must be at least MinTokenSize (16) bytes. The token is copied to prevent external modification.

func VerifyResponse 

func VerifyResponse(token, challenge, response []byte) bool

VerifyResponse verifies the response using constant-time comparison

Types

type ChallengeAuth 

type ChallengeAuth struct {
	// contains filtered or unexported fields
}

ChallengeAuth implements challenge-response authentication using HMAC-SHA512

func (*ChallengeAuth) VerifyConn 

func (c *ChallengeAuth) VerifyConn(ctx context.Context, conn *quic.Conn) (bool, error)

VerifyConn implements the auth.Auth interface. It performs the complete challenge-response authentication flow: 1. Opens an auth stream on the QUIC connection 2. Generates and sends a random challenge 3. Reads and verifies the client's response

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.