From 826fd077aca94acf6a8d41d643b8f06ed7fb7090 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 21 Oct 2016 17:54:08 +0200
Subject: add functions to support dealing with keys for onion addresses

---
 lib/puppet/parser/functions/onion_address.rb | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 lib/puppet/parser/functions/onion_address.rb

(limited to 'lib/puppet/parser/functions/onion_address.rb')

diff --git a/lib/puppet/parser/functions/onion_address.rb b/lib/puppet/parser/functions/onion_address.rb
new file mode 100644
index 0000000..a3db2f4
--- /dev/null
+++ b/lib/puppet/parser/functions/onion_address.rb
@@ -0,0 +1,28 @@
+require 'base32'
+module Puppet::Parser::Functions
+  newfunction(:onion_address, :type => :rvalue, :doc => <<-EOS
+Generates an onion address from a 1024-bit RSA private key.
+
+Example:
+
+  onion_address("-----BEGIN RSA PRIVATE KEY-----
+MII....
+-----END RSA PRIVATE KEY-----")
+
+Returns the onionadress for that key, *without* the .onion suffix.
+  EOS
+  ) do |args|
+    key = args.shift
+    raise(Puppet::ParseError, "onion_address(): requires 1 argument") unless key && args.empty?
+    private_key = key.is_a?(OpenSSL::PKey::RSA) ? key : OpenSSL::PKey::RSA.new(key)
+
+    # the onion address are a base32 encoded string of the first half of the sha1 over the
+    # der format of the public key
+    # https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames#Howare.onionnamescreated
+    # We can skip the first 22 bits of the der format as they are ignored by tor
+    # https://timtaubert.de/blog/2014/11/using-the-webcrypto-api-to-generate-onion-names-for-tor-hidden-services/
+    # https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt#n525
+    public_key_der = private_key.public_key.to_der
+    Base32.encode(Digest::SHA1.digest(public_key_der[22..-1]))[0..15].downcase
+  end
+end
-- 
cgit v1.2.3