README
¶
ALTCHA Go Library
The ALTCHA Go Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for Go applications.
Compatibility
This library is compatible with:
- Go 1.18+
- All major platforms (Linux, Windows, macOS)
Example
Installation
To install the ALTCHA Go Library, use the following command:
go get github.com/altcha-org/altcha-lib-go
Usage
Here’s a basic example of how to use the ALTCHA Go Library:
package main
import (
"fmt"
"log"
"time"
"github.com/altcha-org/altcha-lib-go"
)
func main() {
hmacKey := "secret hmac key"
// Create a new challenge
challenge, err := altcha.CreateChallenge(altcha.ChallengeOptions{
HMACKey: hmacKey,
MaxNumber: 100000, // the maximum random number
})
if err != nil {
log.Fatal(err)
}
fmt.Println("Challenge created:", challenge)
// Example number
var number int64 = 12345
// Example payload to verify
payload := altcha.Payload{
Algorithm: challenge.Algorithm,
Challenge: challenge.Challenge,
Number: &number,
Salt: challenge.Salt,
Signature: challenge.Signature,
}
// Verify the solution
ok, err := altcha.VerifySolution(payload, hmacKey, true)
if err != nil {
log.Fatal(err)
}
if ok {
fmt.Println("Solution verified!")
} else {
fmt.Println("Invalid solution.")
}
}
API
CreateChallenge(options ChallengeOptions) (Challenge, error)
Creates a new challenge for ALTCHA.
Parameters:
options ChallengeOptions:Algorithm Algorithm: Hashing algorithm to use (SHA-1,SHA-256,SHA-512, default:SHA-256).MaxNumber int64: Maximum number for the random number generator (default: 1,000,000).SaltLength int: Length of the random salt (default: 12 bytes).HMACKey string: Required HMAC key.Salt string: Optional salt string. If not provided, a random salt will be generated.Number *int64: Optional specific number to use. If not provided, a random number will be generated.Expires *time.Time: Optional expiration time for the challenge.Params url.Values: Optional URL-encoded query parameters.
Returns: Challenge, error
VerifySolution(payload map[string]interface{}, hmacKey string, checkExpires bool) (bool, error)
Verifies an ALTCHA solution.
Parameters:
payload map[string]interface{}: The solution payload to verify.hmacKey string: The HMAC key used for verification.checkExpires bool: Whether to check if the challenge has expired.
Returns: bool, error
ExtractParams(payload map[string]interface{}) url.Values
Extracts URL parameters from the payload's salt.
Parameters:
payload map[string]interface{}: The payload containing the salt.
Returns: url.Values
VerifyFieldsHash(formData map[string][]string, fields []string, fieldsHash string, algorithm Algorithm) (bool, error)
Verifies the hash of form fields.
Parameters:
formData map[string][]string: The form data to hash.fields []string: The fields to include in the hash.fieldsHash string: The expected hash value.algorithm Algorithm: Hashing algorithm (SHA-1,SHA-256,SHA-512).
Returns: bool, error
VerifyServerSignature(payload interface{}, hmacKey string) (bool, ServerSignatureVerificationData, error)
Verifies the server signature.
Parameters:
payload interface{}: The payload to verify (string orServerSignaturePayload).hmacKey string: The HMAC key used for verification.
Returns: bool, ServerSignatureVerificationData, error
SolveChallenge(challenge string, salt string, algorithm Algorithm, max int, start int, stopChan <-chan struct{}) (*Solution, error)
Finds a solution to the given challenge.
Parameters:
challenge string: The challenge hash.salt string: The challenge salt.algorithm Algorithm: Hashing algorithm (SHA-1,SHA-256,SHA-512).max int: Maximum number to iterate to.start int: Starting number.stopChan <-chan struct{}: Channel to receive stop signals.
Returns: *Solution, error
Cryptographically Safe Methods
This library provides cryptographically safe variants of core methods using subtle.ConstantTimeCompare to prevent timing attacks [#3]. These methods perform two additional SHA-256 iterations.
Available methods:
VerifySolutionSafeVerifyFieldsHashSafeVerifyServerSignatureSafeSolveChallengeSafe
License
MIT
Documentation
¶
Index ¶
- Constants
- func ExtractParams(payload Payload) url.Values
- func VerifyFieldsHash(formData map[string][]string, fields []string, fieldsHash string, ...) (bool, error)
- func VerifyFieldsHashSafe(formData map[string][]string, fields []string, fieldsHash string, ...) (bool, error)
- func VerifySolution(payload interface{}, hmacKey string, checkExpires bool) (bool, error)
- func VerifySolutionSafe(payload interface{}, hmacKey string, checkExpires bool) (bool, error)
- type Algorithm
- type Challenge
- type ChallengeOptions
- type Payload
- type ServerSignaturePayload
- type ServerSignatureVerificationData
- type Solution
Constants ¶
const ( DefaultMaxNumber int64 = 1e6 DefaultSaltLength int = 12 DefaultAlgorithm = SHA256 )
Variables ¶
This section is empty.
Functions ¶
func ExtractParams ¶
Extracts parameters from the payload
func VerifyFieldsHash ¶
func VerifyFieldsHash(formData map[string][]string, fields []string, fieldsHash string, algorithm Algorithm) (bool, error)
Verifies the hash of form fields
func VerifyFieldsHashSafe ¶ added in v0.2.1
func VerifyFieldsHashSafe(formData map[string][]string, fields []string, fieldsHash string, algorithm Algorithm) (bool, error)
Verifies the hash of form fields using constant-time comparison
func VerifySolution ¶
Verifies the solution provided by the client
Types ¶
type Challenge ¶
type Challenge struct {
Algorithm string `json:"algorithm"`
Challenge string `json:"challenge"`
MaxNumber int64 `json:"maxNumber"`
Salt string `json:"salt"`
Signature string `json:"signature"`
}
Challenge represents a challenge for the client to solve
func CreateChallenge ¶
func CreateChallenge(options ChallengeOptions) (Challenge, error)
Creates a challenge for the client to solve
type ChallengeOptions ¶
type ChallengeOptions struct {
Algorithm Algorithm
MaxNumber int64
SaltLength int
HMACKey string
Salt string
Number *int64
Expires *time.Time
Params url.Values
}
ChallengeOptions defines the options for creating a challenge
type Payload ¶ added in v0.1.2
type Payload struct {
Algorithm string `json:"algorithm"`
Challenge string `json:"challenge"`
Number int64 `json:"number"`
Salt string `json:"salt"`
Signature string `json:"signature"`
}
Payload represents a solution to a Challenge
type ServerSignaturePayload ¶
type ServerSignaturePayload struct {
Algorithm Algorithm `json:"algorithm"`
VerificationData string `json:"verificationData"`
Signature string `json:"signature"`
Verified bool `json:"verified"`
}
ServerSignaturePayload represents the structure of the payload for server signature verification
type ServerSignatureVerificationData ¶
type ServerSignatureVerificationData struct {
Classification string `json:"classification"`
Country string `json:"country"`
DetectedLanguage string `json:"detectedLanguage"`
Email string `json:"email"`
Expire int64 `json:"expire"`
Fields []string `json:"fields"`
FieldsHash string `json:"fieldsHash"`
IpAddress string `json:"ipAddress"`
Reasons []string `json:"reasons"`
Score float64 `json:"score"`
Time int64 `json:"time"`
Verified bool `json:"verified"`
Extra map[string]interface{} `json:"-"`
}
ServerSignatureVerificationData represents the extracted verification data
func VerifyServerSignature ¶
func VerifyServerSignature(payload interface{}, hmacKey string) (bool, ServerSignatureVerificationData, error)
VerifyServerSignature verifies the server's signature
func VerifyServerSignatureSafe ¶ added in v0.2.1
func VerifyServerSignatureSafe(payload interface{}, hmacKey string) (bool, ServerSignatureVerificationData, error)
VerifyServerSignature verifies the server's signature using constant-time comparison
Source Files