From e24143c05c20215a3b8897fa99c6b4384ff47081 Mon Sep 17 00:00:00 2001
From: Dominik Schulz <mail@dschulz.eu>
Date: Wed, 6 Jan 2021 22:07:56 +0100
Subject: [PATCH] Use 32 byte salt by default

This changes the salted hash funcs for the template feature to
use 32 salts by default and accept a parameter to choose the
desired salt length.

Fixes #1688

RELEASE_NOTES=[ENHANCEMENT] Use 32 byte salt by default

Signed-off-by: Dominik Schulz <dominik.schulz@gauner.org>
---
 internal/tpl/funcs.go | 26 ++++++++++++++++++++++----
 1 file changed, 22 insertions(+), 4 deletions(-)

diff --git a/internal/tpl/funcs.go b/internal/tpl/funcs.go
index a07f846e88..f86287c3a5 100644
--- a/internal/tpl/funcs.go
+++ b/internal/tpl/funcs.go
@@ -5,8 +5,10 @@ import (
 	"crypto/md5"
 	"crypto/sha1"
 	"fmt"
+	"strconv"
 	"text/template"
 
+	"github.com/gopasspw/gopass/internal/debug"
 	"github.com/jsimonetti/pwscheme/md5crypt"
 	"github.com/jsimonetti/pwscheme/ssha"
 	"github.com/jsimonetti/pwscheme/ssha256"
@@ -39,27 +41,43 @@ func sha1sum() func(...string) (string, error) {
 	}
 }
 
+func saltLen(s []string) int {
+	defLen := 32
+	if len(s) < 2 {
+		debug.Log("using saltLen %d", defLen)
+		return defLen
+	}
+	if i, err := strconv.Atoi(s[0]); err == nil && i > 0 {
+		debug.Log("using saltLen %d", i)
+		return i
+	} else {
+		debug.Log("failed to parse saltLen %+v: %q", s, err)
+	}
+	debug.Log("using saltLen %d", defLen)
+	return defLen
+}
+
 func md5cryptFunc() func(...string) (string, error) {
 	return func(s ...string) (string, error) {
-		return md5crypt.Generate(s[0], 4)
+		return md5crypt.Generate(s[0], uint8(saltLen(s)))
 	}
 }
 
 func sshaFunc() func(...string) (string, error) {
 	return func(s ...string) (string, error) {
-		return ssha.Generate(s[0], 4)
+		return ssha.Generate(s[0], uint8(saltLen(s)))
 	}
 }
 
 func ssha256Func() func(...string) (string, error) {
 	return func(s ...string) (string, error) {
-		return ssha256.Generate(s[0], 4)
+		return ssha256.Generate(s[0], uint8(saltLen(s)))
 	}
 }
 
 func ssha512Func() func(...string) (string, error) {
 	return func(s ...string) (string, error) {
-		return ssha512.Generate(s[0], 4)
+		return ssha512.Generate(s[0], uint8(saltLen(s)))
 	}
 }