Add crypto namespace

Signed-off-by: Dave Henderson <dhenderson@gmail.com>
author: Dave Henderson <dhenderson@gmail.com> 2017-12-03 23:43:15 -0500
committer: Dave Henderson <dhenderson@gmail.com> 2017-12-03 23:43:15 -0500
commit: e1705b0db06d477561723a36331e5690a7aff5fd (patch)
tree: 8e85ea27eb61ab723c504d69c3a71b4b7f863a60 /funcs
parent: 99b900dbde35ceea30ec9479bf636e291fae72c9 (diff)
2 files changed, 155 insertions, 0 deletions
diff --git a/funcs/crypto.go b/funcs/crypto.go
new file mode 100644
index 00000000..ef54ee21
--- /dev/null
+++ b/funcs/crypto.go
@@ -0,0 +1,109 @@
+package funcs
+
+import (
+	gcrypto "crypto"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/sha512"
+	"fmt"
+	"sync"
+
+	"github.com/hairyhenderson/gomplate/conv"
+
+	"github.com/hairyhenderson/gomplate/crypto"
+)
+
+var (
+	cryptoNS     *CryptoFuncs
+	cryptoNSInit sync.Once
+)
+
+// CryptoNS - the crypto namespace
+func CryptoNS() *CryptoFuncs {
+	cryptoNSInit.Do(func() { cryptoNS = &CryptoFuncs{} })
+	return cryptoNS
+}
+
+// AddCryptoFuncs -
+func AddCryptoFuncs(f map[string]interface{}) {
+	f["crypto"] = CryptoNS
+}
+
+// CryptoFuncs -
+type CryptoFuncs struct{}
+
+// PBKDF2 - Run the Password-Based Key Derivation Function #2 as defined in
+// RFC 2898 (PKCS #5 v2.0). This function outputs the binary result in hex
+// format.
+func (f *CryptoFuncs) PBKDF2(password, salt, iter, keylen interface{}, hashFunc ...string) (k string, err error) {
+	var h gcrypto.Hash
+	if len(hashFunc) == 0 {
+		h = gcrypto.SHA1
+	} else {
+		h, err = crypto.StrToHash(hashFunc[0])
+		if err != nil {
+			return "", err
+		}
+	}
+	pw := toBytes(password)
+	s := toBytes(salt)
+	i := conv.ToInt(iter)
+	kl := conv.ToInt(keylen)
+
+	dk, err := crypto.PBKDF2(pw, s, i, kl, h)
+	return fmt.Sprintf("%02x", dk), err
+}
+
+// WPAPSK - Convert an ASCII passphrase to WPA PSK for a given SSID
+func (f *CryptoFuncs) WPAPSK(ssid, password interface{}) (string, error) {
+	return f.PBKDF2(password, ssid, 4096, 32)
+}
+
+// SHA1 -
+func (f *CryptoFuncs) SHA1(input interface{}) string {
+	in := toBytes(input)
+	out := sha1.Sum(in)
+	return fmt.Sprintf("%02x", out)
+}
+
+// SHA224 -
+func (f *CryptoFuncs) SHA224(input interface{}) string {
+	in := toBytes(input)
+	out := sha256.Sum224(in)
+	return fmt.Sprintf("%02x", out)
+}
+
+// SHA256 -
+func (f *CryptoFuncs) SHA256(input interface{}) string {
+	in := toBytes(input)
+	out := sha256.Sum256(in)
+	return fmt.Sprintf("%02x", out)
+}
+
+// SHA384 -
+func (f *CryptoFuncs) SHA384(input interface{}) string {
+	in := toBytes(input)
+	out := sha512.Sum384(in)
+	return fmt.Sprintf("%02x", out)
+}
+
+// SHA512 -
+func (f *CryptoFuncs) SHA512(input interface{}) string {
+	in := toBytes(input)
+	out := sha512.Sum512(in)
+	return fmt.Sprintf("%02x", out)
+}
+
+// SHA512_224 -
+func (f *CryptoFuncs) SHA512_224(input interface{}) string {
+	in := toBytes(input)
+	out := sha512.Sum512_224(in)
+	return fmt.Sprintf("%02x", out)
+}
+
+// SHA512_256 -
+func (f *CryptoFuncs) SHA512_256(input interface{}) string {
+	in := toBytes(input)
+	out := sha512.Sum512_256(in)
+	return fmt.Sprintf("%02x", out)
+}
diff --git a/funcs/crypto_test.go b/funcs/crypto_test.go
new file mode 100644
index 00000000..55945533
--- /dev/null
+++ b/funcs/crypto_test.go
@@ -0,0 +1,46 @@
+package funcs
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestPBKDF2(t *testing.T) {
+	c := CryptoNS()
+	dk, err := cryptoNS.PBKDF2("password", []byte("IEEE"), "4096", 32)
+	assert.Equal(t, "f42c6fc52df0ebef9ebb4b90b38a5f902e83fe1b135a70e23aed762e9710a12e", dk)
+	assert.NoError(t, err)
+
+	dk, err = c.PBKDF2([]byte("password"), "IEEE", 4096, "64", "SHA-512")
+	assert.Equal(t, "c16f4cb6d03e23614399dee5e7f676fb1da0eb9471b6a74a6c5bc934c6ec7d2ab7028fbb1000b1beb97f17646045d8144792352f6676d13b20a4c03754903d7e", dk)
+	assert.NoError(t, err)
+
+	_, err = c.PBKDF2(nil, nil, nil, nil, "bogus")
+	assert.Error(t, err)
+}
+
+func TestWPAPSK(t *testing.T) {
+	dk, err := cryptoNS.WPAPSK("password", "MySSID")
+	assert.Equal(t, "3a98def84b11644a17ebcc9b17955d2360ce8b8a85b8a78413fc551d722a84e7", dk)
+	assert.NoError(t, err)
+}
+
+func TestSHA(t *testing.T) {
+	in := "abc"
+	sha1 := "a9993e364706816aba3e25717850c26c9cd0d89d"
+	sha224 := "23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7"
+	sha256 := "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+	sha384 := "cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7"
+	sha512 := "ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f"
+	sha512_224 := "4634270f707b6a54daae7530460842e20e37ed265ceee9a43e8924aa"
+	sha512_256 := "53048e2681941ef99b2e29b76b4c7dabe4c2d0c634fc6d46e0e2f13107e7af23"
+	c := CryptoNS()
+	assert.Equal(t, sha1, c.SHA1(in))
+	assert.Equal(t, sha224, c.SHA224(in))
+	assert.Equal(t, sha256, c.SHA256(in))
+	assert.Equal(t, sha384, c.SHA384(in))
+	assert.Equal(t, sha512, c.SHA512(in))
+	assert.Equal(t, sha512_224, c.SHA512_224(in))
+	assert.Equal(t, sha512_256, c.SHA512_256(in))
+}
author	Dave Henderson <dhenderson@gmail.com>	2017-12-03 23:43:15 -0500
committer	Dave Henderson <dhenderson@gmail.com>	2017-12-03 23:43:15 -0500
commit	e1705b0db06d477561723a36331e5690a7aff5fd (patch)
tree	8e85ea27eb61ab723c504d69c3a71b4b7f863a60 /funcs
parent	99b900dbde35ceea30ec9479bf636e291fae72c9 (diff)