#!/bin/bash

function printhelp {
  version=$(tail -1 $0)
  echo "Usage: "
  echo
  echo "  $0 hashtype salt password iterations {raw/full/rawrull}"
  echo
  echo "Hashtypes: md5, sha1, sha224, sha256, sha384, sha512, blake2b"
  echo "           blake2s, sha3_224, sha3_256, sha3_384, sha3_512"
  echo "           shake_128, shake_256."
  echo
  echo "Salt: This must be a predefind string of A-Z, a-z and 0-9."
  echo
  echo "Password: The password you want hashed."
  echo
  echo "Iterations: An integer (range 1 to 2147483647)."
  echo "            The higher the integer the more secure but at the"
  echo "            cost of time."
  echo
  echo "{raw/full/rawfull}: This is optional. By default you will get a"
  echo "                    hash string followed by a new line. If you do"
  echo "                    not want the new line, say to use in a variable,"
  echo "                    then use 'raw' to get just the hash in hex."
  echo "                    However if you use 'full', you will get a string"
  echo "                    that can be usedto input into a database with a"
  echo "                    new line at the end. Use 'rawfull' to return the"
  echo "                    string without thenew line."
  echo
  echo "More about PBKDF2 hashing - https://en.wikipedia.org/wiki/PBKDF2"
  echo
  echo "App: $0 version ${version:1}"
  echo "URL: https://git.zaks.web.za/thisiszeev/pbkdf2"
  echo "License: GPL3.0 or later"
  echo "Author: Ze'ev Schurmann"
  echo "Reddit: u/thisiszeev"
  echo "Donations: https://paypal.me/thisiszeev"
  echo
  echo "NOTE: This script requires Python3 which as it's own license."
  echo "      Please visit https://github.com/python/cpython for more"
  echo "      information."
  echo
  exit 255
  }

ispython3installed=($(whereis python3))

if [[ ${#ispython3installed} == 1 ]] && [[ ${ispython3installed[0]} == "python3:" ]]; then
  echo "Needs Python3"
  exit 255
fi

if [[ -z $1 ]] || [[ -z $2 ]] || [[ -z $3 ]] || [[ -z $4 ]] || [[ ! -z $6 ]]; then
  printhelp
else
  if [[ $1 != "md5" ]] && [[ $1 != "sha1" ]] && [[ $1 != "sha224" ]] && [[ $1 != "sha256" ]] && [[ $1 != "sha384" ]] && [[ $1 != "sha512" ]] && [[ $1 != "blake2b" ]] && [[ $1 != "blake2s" ]] && [[ $1 != "sha_224" ]] && [[ $1 != "sha3_256" ]] && [[ $1 != "sha3_384" ]] && [[ $1 != "sha3_512" ]] && [[ $1 != "shake_128" ]] && [[ $1 != "shake_256" ]]; then
    printhelp
  else
    if [[ $4 -gt 0 ]] && [[ $4 -lt 2147483648 ]]; then
      declare thehashtype=$1
      declare thesalt=$2
      declare thepassword=$3
      declare -i theiterations=$4
      if [[ -z $5 ]]; then
        mode="echo"
      else
        if [[ $5 == "raw" ]]; then
          mode="raw"
        elif [[ $5 == "full" ]]; then
          mode="full"
        elif [[ $5 == "rawfull" ]]; then
          mode="rawfull"
        else
          printhelp
        fi
      fi
    fi
  fi
fi

#thesalt='TdkvYjyoP2w3yIcE'
#thepassword='HXqrYN6v2mYRYQQ!'
#theiterations=260000
#thehashtype='sha256'

hashstring=$(python3 -c "from hashlib import pbkdf2_hmac; salt = '$thesalt'; password = '$thepassword'; hashtype = '$thehashtype'; iterations = int($theiterations); print(pbkdf2_hmac(hashtype, password.encode(), salt.encode(), iterations).hex())")
errorcode=$?
if [[ $errorcode -gt 0 ]]; then
  exit $errorcode
fi

if [[ $mode == "echo" ]]; then
  echo $hashstring
elif [[ $mode == "raw" ]]; then
  echo -n $hashstring
elif [[ $mode == "full" ]]; then
  echo "pbkdf2:$thehashtype:$theiterations\$$thesalt\$$hashstring"
elif [[ $mode == "rawfull" ]]; then
  echo -n "pbkdf2:$thehashtype:$theiterations\$$thesalt\$$hashstring"
else
  printhelp
fi

exit 0

#1.03