mirror of
https://github.com/wneessen/apg-go.git
synced 2024-11-22 05:40:51 +01:00
Winni Neessen
203da17634
Added code to check if set minimum password requirements are met after generating a random password. If not, the password generation process is repeated. This not only adds an extra layer of security but also ensures that all set criteria for the password are met. Also enhanced error handling in functions that could return a negative integer when asked for a random number. Changed 'minimum amount of' parameter descriptions in apg.go to avoid confusion.
295 lines
7 KiB
Go
295 lines
7 KiB
Go
package apg
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"encoding/binary"
|
|
"errors"
|
|
"fmt"
|
|
"math/big"
|
|
"strings"
|
|
)
|
|
|
|
const (
|
|
// 7 bits to represent a letter index
|
|
letterIdxBits = 7
|
|
// All 1-bits, as many as letterIdxBits
|
|
letterIdxMask = 1<<letterIdxBits - 1
|
|
// # of letter indices fitting in 63 bits)
|
|
letterIdxMax = 63 / letterIdxBits
|
|
)
|
|
|
|
var (
|
|
// ErrInvalidLength is returned if the provided maximum number is equal or less than zero
|
|
ErrInvalidLength = errors.New("provided length value cannot be zero or less")
|
|
// ErrLengthMismatch is returned if the number of generated bytes does not match the expected length
|
|
ErrLengthMismatch = errors.New("number of generated random bytes does not match the expected length")
|
|
// ErrInvalidCharRange is returned if the given range of characters is not valid
|
|
ErrInvalidCharRange = errors.New("provided character range is not valid or empty")
|
|
)
|
|
|
|
// CoinFlip performs a simple coinflip based on the rand library and returns 1 or 0
|
|
func (g *Generator) CoinFlip() int64 {
|
|
cf, _ := g.RandNum(2)
|
|
return cf
|
|
}
|
|
|
|
// CoinFlipBool performs a simple coinflip based on the rand library and returns true or false
|
|
func (g *Generator) CoinFlipBool() bool {
|
|
return g.CoinFlip() == 1
|
|
}
|
|
|
|
// Generate generates a password based on all the different config flags and returns
|
|
// it as string type. If the generation fails, an error will be thrown
|
|
func (g *Generator) Generate() (string, error) {
|
|
switch g.config.Algorithm {
|
|
case AlgoCoinFlip:
|
|
return g.generateCoinFlip()
|
|
case AlgoRandom:
|
|
return g.generateRandom()
|
|
case AlgoUnsupported:
|
|
return "", fmt.Errorf("unsupported algorithm")
|
|
}
|
|
return "", nil
|
|
}
|
|
|
|
// GetPasswordLength returns the password length based on the given config
|
|
// parameters
|
|
func (g *Generator) GetPasswordLength() (int64, error) {
|
|
if g.config.FixedLength > 0 {
|
|
return g.config.FixedLength, nil
|
|
}
|
|
mil := g.config.MinLength
|
|
mal := g.config.MaxLength
|
|
if mil > mal {
|
|
mal = mil
|
|
}
|
|
diff := mal - mil + 1
|
|
ra, err := g.RandNum(diff)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
l := mil + ra
|
|
if l <= 0 {
|
|
return 1, nil
|
|
}
|
|
return l, nil
|
|
}
|
|
|
|
// RandomBytes returns a byte slice of random bytes with length n that got generated by
|
|
// the crypto/rand generator
|
|
func (g *Generator) RandomBytes(n int64) ([]byte, error) {
|
|
if n < 1 {
|
|
return nil, ErrInvalidLength
|
|
}
|
|
b := make([]byte, n)
|
|
l, err := rand.Read(b)
|
|
if int64(l) != n {
|
|
return nil, ErrLengthMismatch
|
|
}
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return b, nil
|
|
}
|
|
|
|
// RandNum generates a random, non-negative number with given maximum value
|
|
func (g *Generator) RandNum(m int64) (int64, error) {
|
|
if m < 1 {
|
|
return 0, ErrInvalidLength
|
|
}
|
|
mbi := big.NewInt(m)
|
|
rn, err := rand.Int(rand.Reader, mbi)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("random number generation failed: %w", err)
|
|
}
|
|
return rn.Int64(), nil
|
|
}
|
|
|
|
// RandomStringFromCharRange returns a random string of length l based of the range of characters given.
|
|
// The method makes use of the crypto/random package and therfore is
|
|
// cryptographically secure
|
|
func (g *Generator) RandomStringFromCharRange(l int64, cr string) (string, error) {
|
|
if l < 1 {
|
|
return "", ErrInvalidLength
|
|
}
|
|
if len(cr) < 1 {
|
|
return "", ErrInvalidCharRange
|
|
}
|
|
rs := strings.Builder{}
|
|
|
|
// As long as the length is smaller than the max. int32 value let's grow
|
|
// the string builder to the actual size, so we need less allocations
|
|
if l <= 2147483647 {
|
|
rs.Grow(int(l))
|
|
}
|
|
|
|
crl := len(cr)
|
|
|
|
rp := make([]byte, 8)
|
|
_, err := rand.Read(rp)
|
|
if err != nil {
|
|
return rs.String(), err
|
|
}
|
|
for i, c, r := l-1, binary.BigEndian.Uint64(rp), letterIdxMax; i >= 0; {
|
|
if r == 0 {
|
|
_, err = rand.Read(rp)
|
|
if err != nil {
|
|
return rs.String(), err
|
|
}
|
|
c, r = binary.BigEndian.Uint64(rp), letterIdxMax
|
|
}
|
|
if idx := int(c & letterIdxMask); idx < crl {
|
|
rs.WriteByte(cr[idx])
|
|
i--
|
|
}
|
|
c >>= letterIdxBits
|
|
r--
|
|
}
|
|
|
|
return rs.String(), nil
|
|
}
|
|
|
|
// GetCharRangeFromConfig checks the Mode from the Config and returns a
|
|
// list of all possible characters that are supported by these Mode
|
|
func (g *Generator) GetCharRangeFromConfig() string {
|
|
cr := strings.Builder{}
|
|
if MaskHasMode(g.config.Mode, ModeLowerCase) {
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr.WriteString(CharRangeAlphaLowerHuman)
|
|
default:
|
|
cr.WriteString(CharRangeAlphaLower)
|
|
}
|
|
}
|
|
if MaskHasMode(g.config.Mode, ModeNumeric) {
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr.WriteString(CharRangeNumericHuman)
|
|
default:
|
|
cr.WriteString(CharRangeNumeric)
|
|
}
|
|
}
|
|
if MaskHasMode(g.config.Mode, ModeSpecial) {
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr.WriteString(CharRangeSpecialHuman)
|
|
default:
|
|
cr.WriteString(CharRangeSpecial)
|
|
}
|
|
}
|
|
if MaskHasMode(g.config.Mode, ModeUpperCase) {
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr.WriteString(CharRangeAlphaUpperHuman)
|
|
default:
|
|
cr.WriteString(CharRangeAlphaUpper)
|
|
}
|
|
}
|
|
return cr.String()
|
|
}
|
|
|
|
func (g *Generator) checkMinimumRequirements(pw string) bool {
|
|
ok := true
|
|
if g.config.MinLowerCase > 0 {
|
|
var cr string
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr = CharRangeAlphaLowerHuman
|
|
default:
|
|
cr = CharRangeAlphaLower
|
|
}
|
|
|
|
m := 0
|
|
for _, c := range cr {
|
|
m += strings.Count(pw, string(c))
|
|
}
|
|
if int64(m) < g.config.MinLowerCase {
|
|
ok = false
|
|
}
|
|
}
|
|
if g.config.MinNumeric > 0 {
|
|
var cr string
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr = CharRangeNumericHuman
|
|
default:
|
|
cr = CharRangeNumeric
|
|
}
|
|
|
|
m := 0
|
|
for _, c := range cr {
|
|
m += strings.Count(pw, string(c))
|
|
}
|
|
if int64(m) < g.config.MinNumeric {
|
|
ok = false
|
|
}
|
|
}
|
|
if g.config.MinSpecial > 0 {
|
|
var cr string
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr = CharRangeSpecialHuman
|
|
default:
|
|
cr = CharRangeSpecial
|
|
}
|
|
|
|
m := 0
|
|
for _, c := range cr {
|
|
m += strings.Count(pw, string(c))
|
|
}
|
|
if int64(m) < g.config.MinSpecial {
|
|
ok = false
|
|
}
|
|
}
|
|
if g.config.MinUpperCase > 0 {
|
|
var cr string
|
|
switch MaskHasMode(g.config.Mode, ModeHumanReadable) {
|
|
case true:
|
|
cr = CharRangeAlphaUpperHuman
|
|
default:
|
|
cr = CharRangeAlphaUpper
|
|
}
|
|
|
|
m := 0
|
|
for _, c := range cr {
|
|
m += strings.Count(pw, string(c))
|
|
}
|
|
if int64(m) < g.config.MinUpperCase {
|
|
ok = false
|
|
}
|
|
}
|
|
return ok
|
|
}
|
|
|
|
// generateCoinFlip is executed when Generate() is called with Algorithm set
|
|
// to AlgoCoinFlip
|
|
func (g *Generator) generateCoinFlip() (string, error) {
|
|
switch g.CoinFlipBool() {
|
|
case true:
|
|
return "Heads", nil
|
|
default:
|
|
return "Tails", nil
|
|
}
|
|
}
|
|
|
|
// generateRandom is executed when Generate() is called with Algorithm set
|
|
// to AlgoRandmom
|
|
func (g *Generator) generateRandom() (string, error) {
|
|
l, err := g.GetPasswordLength()
|
|
if err != nil {
|
|
return "", fmt.Errorf("failed to calculate password length: %w", err)
|
|
}
|
|
cr := g.GetCharRangeFromConfig()
|
|
var pw string
|
|
var ok bool
|
|
for !ok {
|
|
pw, err = g.RandomStringFromCharRange(l, cr)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
ok = g.checkMinimumRequirements(pw)
|
|
}
|
|
|
|
return pw, nil
|
|
}
|