]> git.immae.eu Git - github/fretlink/terraform-provider-statuscake.git/blame_incremental - vendor/github.com/hashicorp/terraform/lang/funcs/crypto.go
Merge branch 'fix_read_test' of github.com:alexandreFre/terraform-provider-statuscake
[github/fretlink/terraform-provider-statuscake.git] / vendor / github.com / hashicorp / terraform / lang / funcs / crypto.go
... / ...
CommitLineData
1package funcs
2
3import (
4 "crypto/md5"
5 "crypto/rsa"
6 "crypto/sha1"
7 "crypto/sha256"
8 "crypto/sha512"
9 "crypto/x509"
10 "encoding/base64"
11 "encoding/hex"
12 "encoding/pem"
13 "fmt"
14 "hash"
15
16 uuid "github.com/hashicorp/go-uuid"
17 "github.com/zclconf/go-cty/cty"
18 "github.com/zclconf/go-cty/cty/function"
19 "github.com/zclconf/go-cty/cty/gocty"
20 "golang.org/x/crypto/bcrypt"
21)
22
23var UUIDFunc = function.New(&function.Spec{
24 Params: []function.Parameter{},
25 Type: function.StaticReturnType(cty.String),
26 Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
27 result, err := uuid.GenerateUUID()
28 if err != nil {
29 return cty.UnknownVal(cty.String), err
30 }
31 return cty.StringVal(result), nil
32 },
33})
34
35// Base64Sha256Func constructs a function that computes the SHA256 hash of a given string
36// and encodes it with Base64.
37var Base64Sha256Func = makeStringHashFunction(sha256.New, base64.StdEncoding.EncodeToString)
38
39// MakeFileBase64Sha256Func constructs a function that is like Base64Sha256Func but reads the
40// contents of a file rather than hashing a given literal string.
41func MakeFileBase64Sha256Func(baseDir string) function.Function {
42 return makeFileHashFunction(baseDir, sha256.New, base64.StdEncoding.EncodeToString)
43}
44
45// Base64Sha512Func constructs a function that computes the SHA256 hash of a given string
46// and encodes it with Base64.
47var Base64Sha512Func = makeStringHashFunction(sha512.New, base64.StdEncoding.EncodeToString)
48
49// MakeFileBase64Sha512Func constructs a function that is like Base64Sha512Func but reads the
50// contents of a file rather than hashing a given literal string.
51func MakeFileBase64Sha512Func(baseDir string) function.Function {
52 return makeFileHashFunction(baseDir, sha512.New, base64.StdEncoding.EncodeToString)
53}
54
55// BcryptFunc constructs a function that computes a hash of the given string using the Blowfish cipher.
56var BcryptFunc = function.New(&function.Spec{
57 Params: []function.Parameter{
58 {
59 Name: "str",
60 Type: cty.String,
61 },
62 },
63 VarParam: &function.Parameter{
64 Name: "cost",
65 Type: cty.Number,
66 },
67 Type: function.StaticReturnType(cty.String),
68 Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
69 defaultCost := 10
70
71 if len(args) > 1 {
72 var val int
73 if err := gocty.FromCtyValue(args[1], &val); err != nil {
74 return cty.UnknownVal(cty.String), err
75 }
76 defaultCost = val
77 }
78
79 if len(args) > 2 {
80 return cty.UnknownVal(cty.String), fmt.Errorf("bcrypt() takes no more than two arguments")
81 }
82
83 input := args[0].AsString()
84 out, err := bcrypt.GenerateFromPassword([]byte(input), defaultCost)
85 if err != nil {
86 return cty.UnknownVal(cty.String), fmt.Errorf("error occured generating password %s", err.Error())
87 }
88
89 return cty.StringVal(string(out)), nil
90 },
91})
92
93// Md5Func constructs a function that computes the MD5 hash of a given string and encodes it with hexadecimal digits.
94var Md5Func = makeStringHashFunction(md5.New, hex.EncodeToString)
95
96// MakeFileMd5Func constructs a function that is like Md5Func but reads the
97// contents of a file rather than hashing a given literal string.
98func MakeFileMd5Func(baseDir string) function.Function {
99 return makeFileHashFunction(baseDir, md5.New, hex.EncodeToString)
100}
101
102// RsaDecryptFunc constructs a function that decrypts an RSA-encrypted ciphertext.
103var RsaDecryptFunc = function.New(&function.Spec{
104 Params: []function.Parameter{
105 {
106 Name: "ciphertext",
107 Type: cty.String,
108 },
109 {
110 Name: "privatekey",
111 Type: cty.String,
112 },
113 },
114 Type: function.StaticReturnType(cty.String),
115 Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
116 s := args[0].AsString()
117 key := args[1].AsString()
118
119 b, err := base64.StdEncoding.DecodeString(s)
120 if err != nil {
121 return cty.UnknownVal(cty.String), fmt.Errorf("failed to decode input %q: cipher text must be base64-encoded", s)
122 }
123
124 block, _ := pem.Decode([]byte(key))
125 if block == nil {
126 return cty.UnknownVal(cty.String), fmt.Errorf("failed to parse key: no key found")
127 }
128 if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
129 return cty.UnknownVal(cty.String), fmt.Errorf(
130 "failed to parse key: password protected keys are not supported. Please decrypt the key prior to use",
131 )
132 }
133
134 x509Key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
135 if err != nil {
136 return cty.UnknownVal(cty.String), err
137 }
138
139 out, err := rsa.DecryptPKCS1v15(nil, x509Key, b)
140 if err != nil {
141 return cty.UnknownVal(cty.String), err
142 }
143
144 return cty.StringVal(string(out)), nil
145 },
146})
147
148// Sha1Func contructs a function that computes the SHA1 hash of a given string
149// and encodes it with hexadecimal digits.
150var Sha1Func = makeStringHashFunction(sha1.New, hex.EncodeToString)
151
152// MakeFileSha1Func constructs a function that is like Sha1Func but reads the
153// contents of a file rather than hashing a given literal string.
154func MakeFileSha1Func(baseDir string) function.Function {
155 return makeFileHashFunction(baseDir, sha1.New, hex.EncodeToString)
156}
157
158// Sha256Func contructs a function that computes the SHA256 hash of a given string
159// and encodes it with hexadecimal digits.
160var Sha256Func = makeStringHashFunction(sha256.New, hex.EncodeToString)
161
162// MakeFileSha256Func constructs a function that is like Sha256Func but reads the
163// contents of a file rather than hashing a given literal string.
164func MakeFileSha256Func(baseDir string) function.Function {
165 return makeFileHashFunction(baseDir, sha256.New, hex.EncodeToString)
166}
167
168// Sha512Func contructs a function that computes the SHA512 hash of a given string
169// and encodes it with hexadecimal digits.
170var Sha512Func = makeStringHashFunction(sha512.New, hex.EncodeToString)
171
172// MakeFileSha512Func constructs a function that is like Sha512Func but reads the
173// contents of a file rather than hashing a given literal string.
174func MakeFileSha512Func(baseDir string) function.Function {
175 return makeFileHashFunction(baseDir, sha512.New, hex.EncodeToString)
176}
177
178func makeStringHashFunction(hf func() hash.Hash, enc func([]byte) string) function.Function {
179 return function.New(&function.Spec{
180 Params: []function.Parameter{
181 {
182 Name: "str",
183 Type: cty.String,
184 },
185 },
186 Type: function.StaticReturnType(cty.String),
187 Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
188 s := args[0].AsString()
189 h := hf()
190 h.Write([]byte(s))
191 rv := enc(h.Sum(nil))
192 return cty.StringVal(rv), nil
193 },
194 })
195}
196
197func makeFileHashFunction(baseDir string, hf func() hash.Hash, enc func([]byte) string) function.Function {
198 return function.New(&function.Spec{
199 Params: []function.Parameter{
200 {
201 Name: "path",
202 Type: cty.String,
203 },
204 },
205 Type: function.StaticReturnType(cty.String),
206 Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
207 path := args[0].AsString()
208 src, err := readFileBytes(baseDir, path)
209 if err != nil {
210 return cty.UnknownVal(cty.String), err
211 }
212
213 h := hf()
214 h.Write(src)
215 rv := enc(h.Sum(nil))
216 return cty.StringVal(rv), nil
217 },
218 })
219}
220
221// UUID generates and returns a Type-4 UUID in the standard hexadecimal string
222// format.
223//
224// This is not a pure function: it will generate a different result for each
225// call. It must therefore be registered as an impure function in the function
226// table in the "lang" package.
227func UUID() (cty.Value, error) {
228 return UUIDFunc.Call(nil)
229}
230
231// Base64Sha256 computes the SHA256 hash of a given string and encodes it with
232// Base64.
233//
234// The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied
235// as defined in RFC 4634. The raw hash is then encoded with Base64 before returning.
236// Terraform uses the "standard" Base64 alphabet as defined in RFC 4648 section 4.
237func Base64Sha256(str cty.Value) (cty.Value, error) {
238 return Base64Sha256Func.Call([]cty.Value{str})
239}
240
241// Base64Sha512 computes the SHA512 hash of a given string and encodes it with
242// Base64.
243//
244// The given string is first encoded as UTF-8 and then the SHA256 algorithm is applied
245// as defined in RFC 4634. The raw hash is then encoded with Base64 before returning.
246// Terraform uses the "standard" Base64 alphabet as defined in RFC 4648 section 4
247func Base64Sha512(str cty.Value) (cty.Value, error) {
248 return Base64Sha512Func.Call([]cty.Value{str})
249}
250
251// Bcrypt computes a hash of the given string using the Blowfish cipher,
252// returning a string in the Modular Crypt Format
253// usually expected in the shadow password file on many Unix systems.
254func Bcrypt(str cty.Value, cost ...cty.Value) (cty.Value, error) {
255 args := make([]cty.Value, len(cost)+1)
256 args[0] = str
257 copy(args[1:], cost)
258 return BcryptFunc.Call(args)
259}
260
261// Md5 computes the MD5 hash of a given string and encodes it with hexadecimal digits.
262func Md5(str cty.Value) (cty.Value, error) {
263 return Md5Func.Call([]cty.Value{str})
264}
265
266// RsaDecrypt decrypts an RSA-encrypted ciphertext, returning the corresponding
267// cleartext.
268func RsaDecrypt(ciphertext, privatekey cty.Value) (cty.Value, error) {
269 return RsaDecryptFunc.Call([]cty.Value{ciphertext, privatekey})
270}
271
272// Sha1 computes the SHA1 hash of a given string and encodes it with hexadecimal digits.
273func Sha1(str cty.Value) (cty.Value, error) {
274 return Sha1Func.Call([]cty.Value{str})
275}
276
277// Sha256 computes the SHA256 hash of a given string and encodes it with hexadecimal digits.
278func Sha256(str cty.Value) (cty.Value, error) {
279 return Sha256Func.Call([]cty.Value{str})
280}
281
282// Sha512 computes the SHA512 hash of a given string and encodes it with hexadecimal digits.
283func Sha512(str cty.Value) (cty.Value, error) {
284 return Sha512Func.Call([]cty.Value{str})
285}