wneessen/apg-go
1
1
Fork 0
mirror of https://github.com/wneessen/apg-go.git synced 2024-11-22 13:50:49 +01:00
Code Issues Projects Releases Packages Wiki Activity

#52 and #53: Increase password generation flexibility and error handling

Browse source 
Added code to check if set minimum password requirements are met after generating a random password. If not, the password generation process is repeated.
This not only adds an extra layer of security but also ensures that all set criteria for the password are met.
Also enhanced error handling in functions that could return a negative integer when asked for a random number.
Changed 'minimum amount of' parameter descriptions in apg.go to avoid confusion.
This commit is contained in:
Winni Neessen 2023-08-06 18:55:47 +02:00
parent 2822f73f56
commit 203da17634
Signed by: wneessen
GPG key ID: 5F3AF39B820C119D
4 changed files with 244 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
cmd/apg/apg.go
View file

@ -10,6 +10,13 @@ import (
"github.com/wneessen/apg-go" "github.com/wneessen/apg-go"
) )
// MinimumAmountTooHigh is an error message displayed when a minimum amount of
// parameter has been set to a too high value
const MinimumAmountTooHigh = "WARNING: You have selected a minimum amount of characters that is bigger\n" +
"than 50% of the minimum password length to be generated. This can lead\n" +
"to extraordinary calculation times resulting in apg-go never finishing\n" +
"the job. Please consider lowering the value.\n\n"
func main() { func main() {
c := apg.NewConfig() c := apg.NewConfig()
@ -64,6 +71,33 @@ func main() {
c.Mode = apg.ModesFromFlags(ms) c.Mode = apg.ModesFromFlags(ms)
} }
// For the "minimum amount of" modes we need to imply at the type
// of character mode is set
if c.MinLowerCase > 0 {
if float64(c.MinLength)/2 < float64(c.MinNumeric) {
_, _ = os.Stderr.WriteString(MinimumAmountTooHigh)
}
c.Mode = apg.MaskSetMode(c.Mode, apg.ModeLowerCase)
}
if c.MinNumeric > 0 {
if float64(c.MinLength)/2 < float64(c.MinLowerCase) {
_, _ = os.Stderr.WriteString(MinimumAmountTooHigh)
}
c.Mode = apg.MaskSetMode(c.Mode, apg.ModeNumeric)
}
if c.MinSpecial > 0 {
if float64(c.MinLength)/2 < float64(c.MinSpecial) {
_, _ = os.Stderr.WriteString(MinimumAmountTooHigh)
}
c.Mode = apg.MaskSetMode(c.Mode, apg.ModeSpecial)
}
if c.MinUpperCase > 0 {
if float64(c.MinLength)/2 < float64(c.MinUpperCase) {
_, _ = os.Stderr.WriteString(MinimumAmountTooHigh)
}
c.Mode = apg.MaskSetMode(c.Mode, apg.ModeUpperCase)
}
// Check if algorithm is supported // Check if algorithm is supported
c.Algorithm = apg.IntToAlgo(al) c.Algorithm = apg.IntToAlgo(al)
if c.Algorithm == apg.AlgoUnsupported { if c.Algorithm == apg.AlgoUnsupported {
@ -106,10 +140,12 @@ Flags:
-E CHARS List of characters to be excluded in the generated password -E CHARS List of characters to be excluded in the generated password
-M [LUNSHClunshc] New style password flags -M [LUNSHClunshc] New style password flags
- Note: new-style flags have higher priority than any of the old-style flags - Note: new-style flags have higher priority than any of the old-style flags
-mL NUMBER Minimal amount of lower-case characters (implies -L) -mL NUMBER Minimum amount of lower-case characters (implies -L)
-mN NUMBER Minimal amount of numeric characters (imlies -N) -mN NUMBER Minimum amount of numeric characters (imlies -N)
-mS NUMBER Minimal amount of special characters (imlies -S) -mS NUMBER Minimum amount of special characters (imlies -S)
-mU NUMBER Minimal amount of upper-case characters (imlies -U) -mU NUMBER Minimum amount of upper-case characters (imlies -U)
- Note: any of the "Minimum amount of" modes may result in
extraordinarily long calculation times
-C Enable complex password mode (implies -L -U -N -S and disables -H) -C Enable complex password mode (implies -L -U -N -S and disables -H)
-H Avoid ambiguous characters in passwords (i. e.: 1, l, I, O, 0) (Default: off) -H Avoid ambiguous characters in passwords (i. e.: 1, l, I, O, 0) (Default: off)
-L Toggle lower-case characters in passwords (Default: on) -L Toggle lower-case characters in passwords (Default: on)

4
mode.go
View file

@ -37,8 +37,8 @@ const (
CharRangeAlphaUpperHuman = "ABCDEFGHJKMNPQRSTUVWXYZ" CharRangeAlphaUpperHuman = "ABCDEFGHJKMNPQRSTUVWXYZ"
// CharRangeNumeric represents all numerical characters // CharRangeNumeric represents all numerical characters
CharRangeNumeric = "1234567890" CharRangeNumeric = "1234567890"
// CharRangeNumberHuman represents all human-readable numerical characters // CharRangeNumericHuman represents all human-readable numerical characters
CharRangeNumberHuman = "23456789" CharRangeNumericHuman = "23456789"
// CharRangeSpecial represents all special characters // CharRangeSpecial represents all special characters
CharRangeSpecial = `!\"#$%&'()*+,-./:;<=>?@[\\]^_{|}~` CharRangeSpecial = `!\"#$%&'()*+,-./:;<=>?@[\\]^_{|}~`
// CharRangeSpecialHuman represents all human-readable special characters // CharRangeSpecialHuman represents all human-readable special characters

254
random.go
View file

@ -27,28 +27,54 @@ var (
ErrInvalidCharRange = errors.New("provided character range is not valid or empty") ErrInvalidCharRange = errors.New("provided character range is not valid or empty")
) )
// CoinFlip performs a simple coinflip based on the rand library and returns 1 or 0
func (g *Generator) CoinFlip() int64 {
cf, _ := g.RandNum(2)
return cf
}
// CoinFlipBool performs a simple coinflip based on the rand library and returns true or false
func (g *Generator) CoinFlipBool() bool {
return g.CoinFlip() == 1
}
// Generate generates a password based on all the different config flags and returns // Generate generates a password based on all the different config flags and returns
// it as string type. If the generation fails, an error will be thrown // it as string type. If the generation fails, an error will be thrown
func (g *Generator) Generate() (string, error) { func (g *Generator) Generate() (string, error) {
// Coinflip mode switch g.config.Algorithm {
if g.config.Algorithm == AlgoCoinFlip { case AlgoCoinFlip:
switch g.CoinFlipBool() { return g.generateCoinFlip()
case true: case AlgoRandom:
return "Heads", nil return g.generateRandom()
case false: case AlgoUnsupported:
return "Tails", nil return "", fmt.Errorf("unsupported algorithm")
} }
}
l, err := g.GetPasswordLength()
if err != nil {
return "", fmt.Errorf("failed to calculate password length: %w", err)
}
_ = l
return "", nil return "", nil
} }
// GetPasswordLength returns the password length based on the given config
// parameters
func (g *Generator) GetPasswordLength() (int64, error) {
if g.config.FixedLength > 0 {
return g.config.FixedLength, nil
}
mil := g.config.MinLength
mal := g.config.MaxLength
if mil > mal {
mal = mil
}
diff := mal - mil + 1
ra, err := g.RandNum(diff)
if err != nil {
return 0, err
}
l := mil + ra
if l <= 0 {
return 1, nil
}
return l, nil
}
// RandomBytes returns a byte slice of random bytes with length n that got generated by // RandomBytes returns a byte slice of random bytes with length n that got generated by
// the crypto/rand generator // the crypto/rand generator
func (g *Generator) RandomBytes(n int64) ([]byte, error) { func (g *Generator) RandomBytes(n int64) ([]byte, error) {
@ -67,10 +93,23 @@ func (g *Generator) RandomBytes(n int64) ([]byte, error) {
return b, nil return b, nil
} }
// RandNum generates a random, non-negative number with given maximum value
func (g *Generator) RandNum(m int64) (int64, error) {
if m < 1 {
return 0, ErrInvalidLength
}
mbi := big.NewInt(m)
rn, err := rand.Int(rand.Reader, mbi)
if err != nil {
return 0, fmt.Errorf("random number generation failed: %w", err)
}
return rn.Int64(), nil
}
// RandomStringFromCharRange returns a random string of length l based of the range of characters given. // RandomStringFromCharRange returns a random string of length l based of the range of characters given.
// The method makes use of the crypto/random package and therfore is // The method makes use of the crypto/random package and therfore is
// cryptographically secure // cryptographically secure
func (g *Generator) RandomStringFromCharRange(l int, cr string) (string, error) { func (g *Generator) RandomStringFromCharRange(l int64, cr string) (string, error) {
if l < 1 { if l < 1 {
return "", ErrInvalidLength return "", ErrInvalidLength
} }
@ -78,7 +117,13 @@ func (g *Generator) RandomStringFromCharRange(l int, cr string) (string, error)
return "", ErrInvalidCharRange return "", ErrInvalidCharRange
} }
rs := strings.Builder{} rs := strings.Builder{}
rs.Grow(l)
// As long as the length is smaller than the max. int32 value let's grow
// the string builder to the actual size, so we need less allocations
if l <= 2147483647 {
rs.Grow(int(l))
}
crl := len(cr) crl := len(cr)
rp := make([]byte, 8) rp := make([]byte, 8)
@ -105,49 +150,146 @@ func (g *Generator) RandomStringFromCharRange(l int, cr string) (string, error)
return rs.String(), nil return rs.String(), nil
} }
// RandNum generates a random, non-negative number with given maximum value // GetCharRangeFromConfig checks the Mode from the Config and returns a
func (g *Generator) RandNum(m int64) (int64, error) { // list of all possible characters that are supported by these Mode
if m < 1 { func (g *Generator) GetCharRangeFromConfig() string {
return 0, ErrInvalidLength cr := strings.Builder{}
if MaskHasMode(g.config.Mode, ModeLowerCase) {
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr.WriteString(CharRangeAlphaLowerHuman)
default:
cr.WriteString(CharRangeAlphaLower)
} }
mbi := big.NewInt(m) }
rn, err := rand.Int(rand.Reader, mbi) if MaskHasMode(g.config.Mode, ModeNumeric) {
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr.WriteString(CharRangeNumericHuman)
default:
cr.WriteString(CharRangeNumeric)
}
}
if MaskHasMode(g.config.Mode, ModeSpecial) {
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr.WriteString(CharRangeSpecialHuman)
default:
cr.WriteString(CharRangeSpecial)
}
}
if MaskHasMode(g.config.Mode, ModeUpperCase) {
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr.WriteString(CharRangeAlphaUpperHuman)
default:
cr.WriteString(CharRangeAlphaUpper)
}
}
return cr.String()
}
func (g *Generator) checkMinimumRequirements(pw string) bool {
ok := true
if g.config.MinLowerCase > 0 {
var cr string
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr = CharRangeAlphaLowerHuman
default:
cr = CharRangeAlphaLower
}
m := 0
for _, c := range cr {
m += strings.Count(pw, string(c))
}
if int64(m) < g.config.MinLowerCase {
ok = false
}
}
if g.config.MinNumeric > 0 {
var cr string
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr = CharRangeNumericHuman
default:
cr = CharRangeNumeric
}
m := 0
for _, c := range cr {
m += strings.Count(pw, string(c))
}
if int64(m) < g.config.MinNumeric {
ok = false
}
}
if g.config.MinSpecial > 0 {
var cr string
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr = CharRangeSpecialHuman
default:
cr = CharRangeSpecial
}
m := 0
for _, c := range cr {
m += strings.Count(pw, string(c))
}
if int64(m) < g.config.MinSpecial {
ok = false
}
}
if g.config.MinUpperCase > 0 {
var cr string
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
case true:
cr = CharRangeAlphaUpperHuman
default:
cr = CharRangeAlphaUpper
}
m := 0
for _, c := range cr {
m += strings.Count(pw, string(c))
}
if int64(m) < g.config.MinUpperCase {
ok = false
}
}
return ok
}
// generateCoinFlip is executed when Generate() is called with Algorithm set
// to AlgoCoinFlip
func (g *Generator) generateCoinFlip() (string, error) {
switch g.CoinFlipBool() {
case true:
return "Heads", nil
default:
return "Tails", nil
}
}
// generateRandom is executed when Generate() is called with Algorithm set
// to AlgoRandmom
func (g *Generator) generateRandom() (string, error) {
l, err := g.GetPasswordLength()
if err != nil { if err != nil {
return 0, fmt.Errorf("random number generation failed: %w", err) return "", fmt.Errorf("failed to calculate password length: %w", err)
} }
return rn.Int64(), nil cr := g.GetCharRangeFromConfig()
} var pw string
var ok bool
// CoinFlip performs a simple coinflip based on the rand library and returns 1 or 0 for !ok {
func (g *Generator) CoinFlip() int64 { pw, err = g.RandomStringFromCharRange(l, cr)
cf, _ := g.RandNum(2)
return cf
}
// CoinFlipBool performs a simple coinflip based on the rand library and returns true or false
func (g *Generator) CoinFlipBool() bool {
return g.CoinFlip() == 1
}
// GetPasswordLength returns the password length based on the given config
// parameters
func (g *Generator) GetPasswordLength() (int64, error) {
if g.config.FixedLength > 0 {
return g.config.FixedLength, nil
}
mil := g.config.MinLength
mal := g.config.MaxLength
if mil > mal {
mal = mil
}
diff := mal - mil + 1
ra, err := g.RandNum(diff)
if err != nil { if err != nil {
return 0, err return "", err
} }
l := mil + ra ok = g.checkMinimumRequirements(pw)
if l <= 0 {
return 1, nil
} }
return l, nil
return pw, nil
} }

4
random_test.go
View file

@ -103,7 +103,7 @@ func TestGenerator_RandomBytes(t *testing.T) {
func TestGenerator_RandomString(t *testing.T) { func TestGenerator_RandomString(t *testing.T) {
g := New(NewConfig()) g := New(NewConfig())
l := 32 var l int64 = 32 * 1024
tt := []struct { tt := []struct {
name string name string
cr string cr string
@ -137,7 +137,7 @@ func TestGenerator_RandomString(t *testing.T) {
if err != nil && !tc.sf { if err != nil && !tc.sf {
t.Errorf("RandomStringFromCharRange failed: %s", err) t.Errorf("RandomStringFromCharRange failed: %s", err)
} }
if len(rs) != l && !tc.sf { if int64(len(rs)) != l && !tc.sf {
t.Errorf("RandomStringFromCharRange failed. Expected length: %d, got: %d", l, len(rs)) t.Errorf("RandomStringFromCharRange failed. Expected length: %d, got: %d", l, len(rs))
} }
if strings.ContainsAny(rs, tc.nr) { if strings.ContainsAny(rs, tc.nr) {