Adding upstream version 1.34.4.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-24 07:26:29 +02:00 · 2025-05-24 07:26:29 +02:00 · 4978089aab
commit 4978089aab
parent e393c3af3f
4963 changed files with 677545 additions and 0 deletions
--- a/plugins/secretstores/http/key_derivation.go
+++ b/plugins/secretstores/http/key_derivation.go
@ -0,0 +1,53 @@
+package http
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"hash"
+	"strings"
+
+	"golang.org/x/crypto/pbkdf2"
+
+	"github.com/influxdata/telegraf/config"
+)
+
+type KDFConfig struct {
+	Algorithm  string        `toml:"kdf_algorithm"`
+	Passwd     config.Secret `toml:"password"`
+	Salt       config.Secret `toml:"salt"`
+	Iterations int           `toml:"iterations"`
+}
+
+type hashFunc func() hash.Hash
+
+func (k *KDFConfig) NewKey(keylen int) (key, iv config.Secret, err error) {
+	switch strings.ToUpper(k.Algorithm) {
+	case "", "PBKDF2-HMAC-SHA256":
+		return k.generatePBKDF2HMAC(sha256.New, keylen)
+	}
+	return config.Secret{}, config.Secret{}, fmt.Errorf("unknown key-derivation function %q", k.Algorithm)
+}
+
+func (k *KDFConfig) generatePBKDF2HMAC(hf hashFunc, keylen int) (key, iv config.Secret, err error) {
+	if k.Iterations == 0 {
+		return config.Secret{}, config.Secret{}, errors.New("'iteration value not set")
+	}
+
+	passwd, err := k.Passwd.Get()
+	if err != nil {
+		return config.Secret{}, config.Secret{}, fmt.Errorf("getting password failed: %w", err)
+	}
+	defer passwd.Destroy()
+
+	salt, err := k.Salt.Get()
+	if err != nil {
+		return config.Secret{}, config.Secret{}, fmt.Errorf("getting salt failed: %w", err)
+	}
+	defer salt.Destroy()
+
+	rawkey := pbkdf2.Key(passwd.Bytes(), salt.Bytes(), k.Iterations, keylen, hf)
+	key = config.NewSecret([]byte(hex.EncodeToString(rawkey)))
+	return key, config.Secret{}, nil
+}