github.com/wuhuizuo/gomplate@v3.5.0+incompatible/funcs/crypto.go (about) 1 package funcs 2 3 import ( 4 gcrypto "crypto" 5 "crypto/sha1" //nolint: gosec 6 "crypto/sha256" 7 "crypto/sha512" 8 "fmt" 9 "sync" 10 11 "golang.org/x/crypto/bcrypt" 12 13 "github.com/hairyhenderson/gomplate/conv" 14 "github.com/pkg/errors" 15 16 "github.com/hairyhenderson/gomplate/crypto" 17 ) 18 19 var ( 20 cryptoNS *CryptoFuncs 21 cryptoNSInit sync.Once 22 ) 23 24 // CryptoNS - the crypto namespace 25 func CryptoNS() *CryptoFuncs { 26 cryptoNSInit.Do(func() { cryptoNS = &CryptoFuncs{} }) 27 return cryptoNS 28 } 29 30 // AddCryptoFuncs - 31 func AddCryptoFuncs(f map[string]interface{}) { 32 f["crypto"] = CryptoNS 33 } 34 35 // CryptoFuncs - 36 type CryptoFuncs struct{} 37 38 // PBKDF2 - Run the Password-Based Key Derivation Function #2 as defined in 39 // RFC 2898 (PKCS #5 v2.0). This function outputs the binary result in hex 40 // format. 41 func (f *CryptoFuncs) PBKDF2(password, salt, iter, keylen interface{}, hashFunc ...string) (k string, err error) { 42 var h gcrypto.Hash 43 if len(hashFunc) == 0 { 44 h = gcrypto.SHA1 45 } else { 46 h, err = crypto.StrToHash(hashFunc[0]) 47 if err != nil { 48 return "", err 49 } 50 } 51 pw := toBytes(password) 52 s := toBytes(salt) 53 i := conv.ToInt(iter) 54 kl := conv.ToInt(keylen) 55 56 dk, err := crypto.PBKDF2(pw, s, i, kl, h) 57 return fmt.Sprintf("%02x", dk), err 58 } 59 60 // WPAPSK - Convert an ASCII passphrase to WPA PSK for a given SSID 61 func (f *CryptoFuncs) WPAPSK(ssid, password interface{}) (string, error) { 62 return f.PBKDF2(password, ssid, 4096, 32) 63 } 64 65 // SHA1 - Note: SHA-1 is cryptographically broken and should not be used for secure applications. 66 func (f *CryptoFuncs) SHA1(input interface{}) string { 67 in := toBytes(input) 68 // nolint: gosec 69 out := sha1.Sum(in) 70 return fmt.Sprintf("%02x", out) 71 } 72 73 // SHA224 - 74 func (f *CryptoFuncs) SHA224(input interface{}) string { 75 in := toBytes(input) 76 out := sha256.Sum224(in) 77 return fmt.Sprintf("%02x", out) 78 } 79 80 // SHA256 - 81 func (f *CryptoFuncs) SHA256(input interface{}) string { 82 in := toBytes(input) 83 out := sha256.Sum256(in) 84 return fmt.Sprintf("%02x", out) 85 } 86 87 // SHA384 - 88 func (f *CryptoFuncs) SHA384(input interface{}) string { 89 in := toBytes(input) 90 out := sha512.Sum384(in) 91 return fmt.Sprintf("%02x", out) 92 } 93 94 // SHA512 - 95 func (f *CryptoFuncs) SHA512(input interface{}) string { 96 in := toBytes(input) 97 out := sha512.Sum512(in) 98 return fmt.Sprintf("%02x", out) 99 } 100 101 // SHA512_224 - 102 // nolint: golint 103 func (f *CryptoFuncs) SHA512_224(input interface{}) string { 104 in := toBytes(input) 105 out := sha512.Sum512_224(in) 106 return fmt.Sprintf("%02x", out) 107 } 108 109 // SHA512_256 - 110 // nolint: golint 111 func (f *CryptoFuncs) SHA512_256(input interface{}) string { 112 in := toBytes(input) 113 out := sha512.Sum512_256(in) 114 return fmt.Sprintf("%02x", out) 115 } 116 117 // Bcrypt - 118 func (f *CryptoFuncs) Bcrypt(args ...interface{}) (string, error) { 119 input := "" 120 cost := bcrypt.DefaultCost 121 if len(args) == 0 { 122 return "", errors.Errorf("bcrypt requires at least an 'input' value") 123 } 124 if len(args) == 1 { 125 input = conv.ToString(args[0]) 126 } 127 if len(args) == 2 { 128 cost = conv.ToInt(args[0]) 129 input = conv.ToString(args[1]) 130 } 131 hash, err := bcrypt.GenerateFromPassword([]byte(input), cost) 132 return string(hash), err 133 }