Documentation ¶
Index ¶
- Constants
- Variables
- func ToString(pmt opaque.ProtocolMessageType) string
- type Client
- func (c *Client) FinalizeRegistration(response *ProtocolMessage) (*ProtocolMessage, error)
- func (c *Client) RegistrationRequest(password string, key crypto.Signer) (*ProtocolMessage, error)
- func (c *Client) Request(password string) (*ProtocolMessage, error)
- func (c *Client) VerifyAndRespond(serverResponse *ProtocolMessage) (*ProtocolMessage, error)
- type ClientInitMsg
- type ClientResponseMsg
- type ConfigMaterial
- type ConnectionState
- type ExportedKeyMaterial
- type ProtocolMessage
- type Server
- func (s *Server) GetUserID() string
- func (s *Server) RegistrationResponse(registrationRequest *ProtocolMessage) (*ProtocolMessage, error)
- func (s *Server) Respond(clientRequest *ProtocolMessage) (*ProtocolMessage, error)
- func (s *Server) UploadCredentials(registrationUpload *ProtocolMessage) error
- func (s *Server) Verify(clientResponse *ProtocolMessage) error
- type ServerConfig
- type ServerResponseMsg
Constants ¶
const ( ProtocolMessageTypeClientRequest opaque.ProtocolMessageType = 6 + iota // start where OPAQUE left off ProtocolMessageTypeClientResponse ProtocolMessageTypeServerResponse )
OPAQUE-EA protocol message types.
Variables ¶
var ProtocolMessageTypeToStringMap = map[opaque.ProtocolMessageType]string{
ProtocolMessageTypeClientRequest: "OPAQUE-EA Client Login Request",
ProtocolMessageTypeServerResponse: "OPAQUE-EA Server Authenticator and Envelope",
ProtocolMessageTypeClientResponse: "OPAQUE-EA Client Authenticator",
}
ProtocolMessageTypeToStringMap is a map representing a protocol message type mapped to the appropriate string.
Functions ¶
func ToString ¶
func ToString(pmt opaque.ProtocolMessageType) string
ToString maps a protocol message type to a string.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client is an instance of an OPAQUE-EA client.
func NewClient ¶
NewClient takes an existing client exported authenticator state and a user ID and returns a new OPAQUE-EA client instance.
func (*Client) FinalizeRegistration ¶
func (c *Client) FinalizeRegistration(response *ProtocolMessage) (*ProtocolMessage, error)
FinalizeRegistration creates a finalize registration.
func (*Client) RegistrationRequest ¶
RegistrationRequest creates a registration request.
func (*Client) Request ¶
func (c *Client) Request(password string) (*ProtocolMessage, error)
Request returns the initial client message to be sent to the server.
func (*Client) VerifyAndRespond ¶
func (c *Client) VerifyAndRespond(serverResponse *ProtocolMessage) (*ProtocolMessage, error)
VerifyAndRespond takes in the server message and returns the client response. Errors if the server message is invalid. TODO: make mutual auth optional.
type ClientInitMsg ¶
type ClientInitMsg struct {
Request expauth.ExportedAuthenticatorRequest
}
ClientInitMsg is the first message sent by a client in the OPAQUE-EA flow. Contains an exported authenticator request with the PAKEServerAuth extension.
func (*ClientInitMsg) Marshal ¶
func (cim *ClientInitMsg) Marshal() ([]byte, error)
Marshal returns the raw form of the struct.
func (*ClientInitMsg) Type ¶
func (cim *ClientInitMsg) Type() opaque.ProtocolMessageType
Type returns the type of this ProtocolMessageBody.
type ClientResponseMsg ¶
type ClientResponseMsg struct {
ExpAuth *expauth.ExportedAuthenticator
}
ClientResponseMsg is the second message sent by the client in the OPAQUE-EA flow. It is only sent if the Server requests mutual authentication. It contains a single Exported Authenticator from the Client.
func (*ClientResponseMsg) Marshal ¶
func (cr *ClientResponseMsg) Marshal() ([]byte, error)
Marshal returns the raw form of the struct.
func (*ClientResponseMsg) Type ¶
func (cr *ClientResponseMsg) Type() opaque.ProtocolMessageType
Type returns the type of this ProtocolMessageBody.
type ConfigMaterial ¶
ConfigMaterial handles the material for a Config.
type ConnectionState ¶
type ConnectionState struct {
// contains filtered or unexported fields
}
ConnectionState represents the state of a connection.
type ExportedKeyMaterial ¶
type ExportedKeyMaterial struct { ClientHandshakeContext []byte ServerHandshakeContext []byte ClientFinishedKey []byte ServerFinishedKey []byte AuthHash crypto.Hash }
ExportedKeyMaterial represents an exported key material struct.
func GetExportedKeyMaterial ¶
func GetExportedKeyMaterial(request *http.Request) (*ExportedKeyMaterial, error)
GetExportedKeyMaterial gets an ExportedKeyMaterial from a request.
func GetTestExportedKeyMaterial ¶
func GetTestExportedKeyMaterial() (*ExportedKeyMaterial, error)
GetTestExportedKeyMaterial gets an ExportedKeyMaterial for testing.
func (*ExportedKeyMaterial) ToGetterAndHash ¶
func (ekm *ExportedKeyMaterial) ToGetterAndHash() (expauth.ExportedKeyGetter, crypto.Hash)
ToGetterAndHash casts an ExportedKeyMaterial into an ExportedKeyGetter.
type ProtocolMessage ¶
type ProtocolMessage opaque.ProtocolMessage // renaming so we can define new methods
ProtocolMessage is a wrap around an OPAQUE protocol message.
func ProtocolMessageFromBody ¶
func ProtocolMessageFromBody(body opaque.ProtocolMessageBody) (*ProtocolMessage, error)
ProtocolMessageFromBody creates a protocol message from its body.
func (*ProtocolMessage) Marshal ¶
func (pm *ProtocolMessage) Marshal() ([]byte, error)
Marshal marshals a protocol message.
func (*ProtocolMessage) MarshalJSON ¶
func (pm *ProtocolMessage) MarshalJSON() ([]byte, error)
MarshalJSON marshals a protocol message.
func (*ProtocolMessage) ToBody ¶
func (pm *ProtocolMessage) ToBody() (opaque.ProtocolMessageBody, error)
ToBody gets the body of a protocol message.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is an instance of an OPAQUE-EA server.
func NewServer ¶
func NewServer(state *expauth.Party, cfg *ServerConfig) (*Server, error)
NewServer takes in a server exported authenticator state and a signing key and returns a new OPAQUE-EA server instance.
func (*Server) RegistrationResponse ¶
func (s *Server) RegistrationResponse(registrationRequest *ProtocolMessage) (*ProtocolMessage, error)
RegistrationResponse creates a registration response.
func (*Server) Respond ¶
func (s *Server) Respond(clientRequest *ProtocolMessage) (*ProtocolMessage, error)
Respond takes in the user password file and initial client message, and returns the server response message. TODO: make mutual auth optional.
func (*Server) UploadCredentials ¶
func (s *Server) UploadCredentials(registrationUpload *ProtocolMessage) error
UploadCredentials uploads the credentials.
func (*Server) Verify ¶
func (s *Server) Verify(clientResponse *ProtocolMessage) error
Verify takes in the client response and the user password file and errors if the response is invalid.
type ServerConfig ¶
type ServerConfig struct { OpaqueCfg *opaque.ServerConfig HandleMissingUser func(error) (*ServerResponseMsg, error) }
ServerConfig represents a configuration for a server, with an OPAQUE configuration and a handle.
type ServerResponseMsg ¶
type ServerResponseMsg struct { ExpAuth *expauth.ExportedAuthenticator // exp auth from server to client Request expauth.ExportedAuthenticatorRequest // request from server to client (optional mutual auth) }
ServerResponseMsg is the first message sent by the server in response to the client's initial message in the OPAQUE-EA flow. It contains an Exported Authenticator from the Server containing a PAKEServerAuth extension. This message also contains an EA request from the Server to the Client with a PAKEClientAuth extension. TODO: make mutual auth optional.
func (*ServerResponseMsg) Marshal ¶
func (srm *ServerResponseMsg) Marshal() ([]byte, error)
Marshal returns the raw form of the struct.
func (*ServerResponseMsg) Type ¶
func (srm *ServerResponseMsg) Type() opaque.ProtocolMessageType
Type returns the type of this ProtocolMessageBody.