Documentation
¶
Overview ¶
Package auth_method_password implements password-based entity key derivation using scrypt with a blake3-derived deterministic salt from the username.
Index ¶
- Constants
- Variables
- func NewMethod(ctx context.Context, le *logrus.Entry, handler auth_method.Handler) (auth_method.Method, error)
- type Config
- func (m *Config) CloneMessageVT() protobuf_go_lite.CloneMessage
- func (m *Config) CloneVT() *Config
- func (this *Config) EqualMessageVT(thatMsg any) bool
- func (this *Config) EqualVT(that *Config) bool
- func (c *Config) EqualsConfig(other config.Config) bool
- func (c *Config) GetConfigID() string
- func (x *Config) MarshalJSON() ([]byte, error)
- func (x *Config) MarshalProtoJSON(s *json.MarshalState)
- func (x *Config) MarshalProtoText() string
- func (m *Config) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *Config) MarshalToVT(dAtA []byte) (int, error)
- func (m *Config) MarshalVT() (dAtA []byte, err error)
- func (*Config) ProtoMessage()
- func (x *Config) Reset()
- func (m *Config) SizeVT() (n int)
- func (x *Config) String() string
- func (x *Config) UnmarshalJSON(b []byte) error
- func (x *Config) UnmarshalProtoJSON(s *json.UnmarshalState)
- func (m *Config) UnmarshalVT(dAtA []byte) error
- func (c *Config) Validate() error
- type Factory
- func (t *Factory) Construct(ctx context.Context, conf config.Config, opts controller.ConstructOpts) (controller.Controller, error)
- func (t *Factory) ConstructConfig() config.Config
- func (t *Factory) GetConfigID() string
- func (t *Factory) GetControllerID() string
- func (t *Factory) GetVersion() semver.Version
- type Parameters
- func (m *Parameters) CloneMessageVT() protobuf_go_lite.CloneMessage
- func (m *Parameters) CloneVT() *Parameters
- func (this *Parameters) EqualMessageVT(thatMsg any) bool
- func (this *Parameters) EqualVT(that *Parameters) bool
- func (x *Parameters) GetSalt() []byte
- func (x *Parameters) GetScryptN() uint32
- func (x *Parameters) GetScryptP() uint32
- func (x *Parameters) GetScryptR() uint32
- func (p *Parameters) MarshalBlock() ([]byte, error)
- func (x *Parameters) MarshalJSON() ([]byte, error)
- func (x *Parameters) MarshalProtoJSON(s *json.MarshalState)
- func (x *Parameters) MarshalProtoText() string
- func (m *Parameters) MarshalToSizedBufferVT(dAtA []byte) (int, error)
- func (m *Parameters) MarshalToVT(dAtA []byte) (int, error)
- func (m *Parameters) MarshalVT() (dAtA []byte, err error)
- func (*Parameters) ProtoMessage()
- func (x *Parameters) Reset()
- func (m *Parameters) SizeVT() (n int)
- func (x *Parameters) String() string
- func (x *Parameters) UnmarshalJSON(b []byte) error
- func (x *Parameters) UnmarshalProtoJSON(s *json.UnmarshalState)
- func (m *Parameters) UnmarshalVT(dAtA []byte) error
- func (p *Parameters) Validate() error
- type PasswordMethod
- func (p *PasswordMethod) Authenticate(paramsi auth_method.Parameters, authSecretData []byte) (crypto.PrivKey, error)
- func (p *PasswordMethod) Close()
- func (p *PasswordMethod) Execute(ctx context.Context) error
- func (p *PasswordMethod) GetMethodID() string
- func (p *PasswordMethod) UnmarshalParameters(data []byte) (auth_method.Parameters, error)
Constants ¶
const ConfigID = ControllerID
ConfigID is the string used to identify this config object.
const ControllerID = "auth/method/" + MethodID
ControllerID is the auth method controller ID.
const DefaultScryptN = 20
DefaultScryptN is the default scrypt N parameter (2^20).
const DefaultScryptP = 1
DefaultScryptP is the default scrypt p parameter.
const DefaultScryptR = 8
DefaultScryptR is the default scrypt r parameter.
const MethodID = "password"
MethodID is the auth method ID.
Variables ¶
var Version = semver.MustParse("0.1.0")
Version is the version of the password method implementation.
Functions ¶
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is configuration for the auth method.
func (*Config) CloneMessageVT ¶
func (m *Config) CloneMessageVT() protobuf_go_lite.CloneMessage
func (*Config) EqualMessageVT ¶
func (*Config) EqualsConfig ¶
EqualsConfig checks if the other config is equal.
func (*Config) GetConfigID ¶
GetConfigID returns the unique string for this configuration type.
func (*Config) MarshalJSON ¶
MarshalJSON marshals the Config to JSON.
func (*Config) MarshalProtoJSON ¶
func (x *Config) MarshalProtoJSON(s *json.MarshalState)
MarshalProtoJSON marshals the Config message to JSON.
func (*Config) MarshalProtoText ¶
func (*Config) MarshalToSizedBufferVT ¶
func (*Config) ProtoMessage ¶
func (*Config) ProtoMessage()
func (*Config) UnmarshalJSON ¶
UnmarshalJSON unmarshals the Config from JSON.
func (*Config) UnmarshalProtoJSON ¶
func (x *Config) UnmarshalProtoJSON(s *json.UnmarshalState)
UnmarshalProtoJSON unmarshals the Config message from JSON.
func (*Config) UnmarshalVT ¶
type Factory ¶
type Factory struct {
// contains filtered or unexported fields
}
Factory constructs a password auth handler.
func (*Factory) Construct ¶
func (t *Factory) Construct( ctx context.Context, conf config.Config, opts controller.ConstructOpts, ) (controller.Controller, error)
Construct constructs the associated controller given configuration.
func (*Factory) ConstructConfig ¶
ConstructConfig constructs an instance of the controller configuration.
func (*Factory) GetConfigID ¶
GetConfigID returns the configuration ID for the controller.
func (*Factory) GetControllerID ¶
GetControllerID returns the unique ID for the controller.
func (*Factory) GetVersion ¶
GetVersion returns the version of this controller.
type Parameters ¶
type Parameters struct {
// Salt is the salt used for key derivation.
// 16 bytes, derived deterministically from the username via blake3.
Salt []byte `protobuf:"bytes,1,opt,name=salt,proto3" json:"salt,omitempty"`
// ScryptN is the scrypt N parameter (cost factor as a power of 2).
// Default: 20 (2^20 = 1048576).
ScryptN uint32 `protobuf:"varint,2,opt,name=scrypt_n,json=scryptN,proto3" json:"scryptN,omitempty"`
// ScryptR is the scrypt r parameter (block size).
// Default: 8.
ScryptR uint32 `protobuf:"varint,3,opt,name=scrypt_r,json=scryptR,proto3" json:"scryptR,omitempty"`
// ScryptP is the scrypt p parameter (parallelization).
// Default: 1.
ScryptP uint32 `protobuf:"varint,4,opt,name=scrypt_p,json=scryptP,proto3" json:"scryptP,omitempty"`
// contains filtered or unexported fields
}
Parameters are stored with the user record.
func BuildParametersWithUsernamePassword ¶
func BuildParametersWithUsernamePassword(username string, password []byte) (*Parameters, crypto.PrivKey, error)
BuildParametersWithUsernamePassword builds Parameters and derives an Ed25519 private key from a username and password.
The salt is derived deterministically: blake3.DeriveKey(context, username). No server-stored salt is needed.
func (*Parameters) CloneMessageVT ¶
func (m *Parameters) CloneMessageVT() protobuf_go_lite.CloneMessage
func (*Parameters) CloneVT ¶
func (m *Parameters) CloneVT() *Parameters
func (*Parameters) EqualMessageVT ¶
func (this *Parameters) EqualMessageVT(thatMsg any) bool
func (*Parameters) EqualVT ¶
func (this *Parameters) EqualVT(that *Parameters) bool
func (*Parameters) GetSalt ¶
func (x *Parameters) GetSalt() []byte
func (*Parameters) GetScryptN ¶
func (x *Parameters) GetScryptN() uint32
func (*Parameters) GetScryptP ¶
func (x *Parameters) GetScryptP() uint32
func (*Parameters) GetScryptR ¶
func (x *Parameters) GetScryptR() uint32
func (*Parameters) MarshalBlock ¶
func (p *Parameters) MarshalBlock() ([]byte, error)
MarshalBlock marshals the parameters to binary.
func (*Parameters) MarshalJSON ¶
func (x *Parameters) MarshalJSON() ([]byte, error)
MarshalJSON marshals the Parameters to JSON.
func (*Parameters) MarshalProtoJSON ¶
func (x *Parameters) MarshalProtoJSON(s *json.MarshalState)
MarshalProtoJSON marshals the Parameters message to JSON.
func (*Parameters) MarshalProtoText ¶
func (x *Parameters) MarshalProtoText() string
func (*Parameters) MarshalToSizedBufferVT ¶
func (m *Parameters) MarshalToSizedBufferVT(dAtA []byte) (int, error)
func (*Parameters) MarshalToVT ¶
func (m *Parameters) MarshalToVT(dAtA []byte) (int, error)
func (*Parameters) MarshalVT ¶
func (m *Parameters) MarshalVT() (dAtA []byte, err error)
func (*Parameters) ProtoMessage ¶
func (*Parameters) ProtoMessage()
func (*Parameters) Reset ¶
func (x *Parameters) Reset()
func (*Parameters) SizeVT ¶
func (m *Parameters) SizeVT() (n int)
func (*Parameters) String ¶
func (x *Parameters) String() string
func (*Parameters) UnmarshalJSON ¶
func (x *Parameters) UnmarshalJSON(b []byte) error
UnmarshalJSON unmarshals the Parameters from JSON.
func (*Parameters) UnmarshalProtoJSON ¶
func (x *Parameters) UnmarshalProtoJSON(s *json.UnmarshalState)
UnmarshalProtoJSON unmarshals the Parameters message from JSON.
func (*Parameters) UnmarshalVT ¶
func (m *Parameters) UnmarshalVT(dAtA []byte) error
func (*Parameters) Validate ¶
func (p *Parameters) Validate() error
Validate validates the parameters.
type PasswordMethod ¶
type PasswordMethod struct{}
PasswordMethod implements password-based auth via scrypt+blake3 KDF.
func NewPasswordMethod ¶
func NewPasswordMethod() *PasswordMethod
NewPasswordMethod constructs the PasswordMethod.
func (*PasswordMethod) Authenticate ¶
func (p *PasswordMethod) Authenticate(paramsi auth_method.Parameters, authSecretData []byte) (crypto.PrivKey, error)
Authenticate authenticates with existing auth parameters. authSecretData is the password bytes.
func (*PasswordMethod) Close ¶
func (p *PasswordMethod) Close()
Close closes all resources related to the auth method.
func (*PasswordMethod) Execute ¶
func (p *PasswordMethod) Execute(ctx context.Context) error
Execute executes the auth method.
func (*PasswordMethod) GetMethodID ¶
func (p *PasswordMethod) GetMethodID() string
GetMethodID returns the auth method ID.
func (*PasswordMethod) UnmarshalParameters ¶
func (p *PasswordMethod) UnmarshalParameters(data []byte) (auth_method.Parameters, error)
UnmarshalParameters unmarshals+validates parameters from binary.
Source Files