#!/usr/bin/env perl

##
## Author......: See docs/credits.txt
## License.....: MIT
##

use strict;
use warnings;

use Crypt::PBKDF2;
use MIME::Base64 qw (encode_base64);

sub module_constraints { [[0, 256], [14, 14], [-1, -1], [-1, -1], [-1, -1]] }

my $CISCO_BASE64_MAPPING =
{
  'A', '.', 'B', '/', 'C', '0', 'D', '1', 'E', '2', 'F', '3', 'G', '4', 'H',
  '5', 'I', '6', 'J', '7', 'K', '8', 'L', '9', 'M', 'A', 'N', 'B', 'O', 'C',
  'P', 'D', 'Q', 'E', 'R', 'F', 'S', 'G', 'T', 'H', 'U', 'I', 'V', 'J', 'W',
  'K', 'X', 'L', 'Y', 'M', 'Z', 'N', 'a', 'O', 'b', 'P', 'c', 'Q', 'd', 'R',
  'e', 'S', 'f', 'T', 'g', 'U', 'h', 'V', 'i', 'W', 'j', 'X', 'k', 'Y', 'l',
  'Z', 'm', 'a', 'n', 'b', 'o', 'c', 'p', 'd', 'q', 'e', 'r', 'f', 's', 'g',
  't', 'h', 'u', 'i', 'v', 'j', 'w', 'k', 'x', 'l', 'y', 'm', 'z', 'n', '0',
  'o', '1', 'p', '2', 'q', '3', 'r', '4', 's', '5', 't', '6', 'u', '7', 'v',
  '8', 'w', '9', 'x', '+', 'y', '/', 'z'
};

sub module_generate_hash
{
  my $word = shift;
  my $salt = shift;
  my $iter = shift // 20000;

  my $pbkdf2 = Crypt::PBKDF2->new
  (
    hasher     => Crypt::PBKDF2->hasher_from_algorithm ('HMACSHA2', 256),
    iterations => $iter
  );

  my $hash_buf = encode_base64 ($pbkdf2->PBKDF2 ($salt, $word), "");

  my $tmp_hash = "";

  for (my $i = 0; $i < 43; $i++)
  {
    $tmp_hash .= $CISCO_BASE64_MAPPING->{substr ($hash_buf, $i, 1)};
  }

  my $hash = sprintf ("\$8\$%s\$%s", $salt, $tmp_hash);

  return $hash;
}

sub module_verify_hash
{
  my $line = shift;

  # Cisco $8$ - PBKDF2-HMAC-SHA256
  return unless (substr ($line, 0, 3) eq '$8$');

  # get hash
  my $index1 = index ($line, "\$", 3);

  return if $index1 != 17;

  my $index2 = index ($line, "\$", $index1 + 1);

  # salt
  my $salt = substr ($line, 3,  $index1 - 3);

  $index1 = index ($line, ":", $index1 + 1);

  return if $index1 < 1;

  # digest

  my $word = substr ($line, $index1 + 1);

  return unless defined $salt;
  return unless defined $word;

  $word = pack_if_HEX_notation ($word);

  my $new_hash = module_generate_hash ($word, $salt);

  return ($new_hash, $word);
}

1;