bcrypt-ruby 1.0.0

data/ext/extconf.rb

@@ -0,0 +1,5 @@
+require "mkmf"
+dir_config("bcrypt_ext")
+# enable this when we're feeling nitpicky
+# CONFIG['CC'] << " -Wall "
+create_makefile("bcrypt_ext")

data/lib/bcrypt.rb

@@ -0,0 +1,151 @@
+# A wrapper for OpenBSD's bcrypt/crypt_blowfish password-hashing algorithm.
+
+$: << "ext"
+require "bcrypt_ext"
+require "openssl"
+
+# A Ruby library implementing OpenBSD's bcrypt()/crypt_blowfish algorithm for
+# hashing passwords.
+module BCrypt
+  module Errors # :nodoc:
+    # The salt parameter provided to bcrypt() is invalid.
+    class InvalidSalt < Exception; end
+    # The hash parameter provided to bcrypt() is invalid.
+    class InvalidHash < Exception; end
+    # The cost parameter provided to bcrypt() is invalid.
+    class InvalidCost < Exception; end
+  end
+  
+  # The default computational expense parameter.
+  DEFAULT_COST = 10
+  
+  module Internals # :nodoc:
+    # contains the C-level methods and other internally bits
+    
+    # Maximum length of salts.
+    MAX_SALT_LENGTH = 16
+    
+    # Wrap this in some error checking otherwise it'll explode.
+    def _bc_crypt(key, salt)
+      if valid_salt?(salt)
+        __bc_crypt(key, salt)
+      else
+        raise Errors::InvalidSalt.new("invalid salt")
+      end
+    end
+    
+    def _bc_salt(cost = DEFAULT_COST)
+      if cost.to_i > 0
+        __bc_salt(cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
+      else
+        raise Errors::InvalidCost.new("cost must be numeric and > 0")
+      end
+    end
+    
+    def valid_salt?(s)
+      s =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/
+    end
+  end
+  
+  # Returns the cost factor which will result in computation times less than +upper_time_limit_in_ms+.
+  # 
+  # Example:
+  # 
+  #   BCrypt.calibrate(200)  #=> 10
+  #   BCrypt.calibrate(1000) #=> 12
+  # 
+  #   # should take less than 200ms
+  #   BCrypt::Password.create("woo", :cost => 10)
+  # 
+  #   # should take less than 1000ms
+  #   BCrypt::Password.create("woo", :cost => 12)
+  def self.calibrate(upper_time_limit_in_ms)
+    40.times do |i|
+      start_time = Time.now
+      Password.create("testing testing", :cost => i+1)
+      end_time = Time.now - start_time
+      return i if end_time * 1_000 > upper_time_limit_in_ms
+    end
+  end
+  
+  # A password management class which allows you to safely store users' passwords and compare them.
+  # 
+  # Example usage:
+  # 
+  #   include BCrypt
+  # 
+  #   # hash a user's password  
+  #   @password = Password.create("my grand secret")
+  #   @password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG"
+  # 
+  #   # store it safely
+  #   @user.update_attribute(:password, @password)
+  # 
+  #   # read it back
+  #   @user.reload!
+  #   @db_password = Password.new(@user.password)
+  # 
+  #   # compare it after retrieval
+  #   @db_password == "my grand secret" #=> true
+  #   @db_password == "a paltry guess"  #=> false
+  # 
+  class Password < String
+    # The hash portion of the stored password hash.
+    attr_reader :hash
+    # The salt of the store password hash (including version and cost).
+    attr_reader :salt
+    # The version of the bcrypt() algorithm used to create the hash.
+    attr_reader :version
+    # The cost factor used to create the hash.
+    attr_reader :cost
+    
+    class << self
+      # Hashes a secret, returning a BCrypt::Password instance. Takes an optional <tt>:cost</tt> option, which is a
+      # logarithmic variable which determines how computational expensive the hash is to calculate (a <tt>:cost</tt> of
+      # 4 is twice as much work as a <tt>:cost</tt> of 3). The higher the <tt>:cost</tt> the harder it becomes for
+      # attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check
+      # users' passwords.
+      # 
+      # Example:
+      # 
+      #   @password = BCrypt::Password.create("my secret", :cost => 13)
+      def create(secret, options = { :cost => DEFAULT_COST })
+        Password.new(_bc_crypt(secret, _bc_salt(options[:cost])))
+      end
+    private
+      include Internals
+    end
+    
+    # Initializes a BCrypt::Password instance with the data from a stored hash.
+    def initialize(raw_hash)
+      if valid_hash?(raw_hash)
+        self.replace(raw_hash)
+        @version, @cost, @salt, @hash = split_hash(self)
+      else
+        raise Errors::InvalidHash.new("invalid hash")
+      end
+    end
+    
+    alias_method :exactly_equals, :==
+    
+    # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
+    def ==(secret)
+      self.exactly_equals(self.class._bc_crypt(secret, @salt))
+    end
+    
+  private
+    # Returns true if +h+ is a valid hash.
+    def valid_hash?(h)
+      h =~ /^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/
+    end
+    
+    # call-seq:
+    #   split_hash(raw_hash) -> version, cost, salt, hash
+    # 
+    # Splits +h+ into version, cost, salt, and hash and returns them in that order.
+    def split_hash(h)
+      b, v, c, mash = h.split('$')
+      return v, c.to_i, h[0, 29], mash[-31, 31]
+    end
+  end
+end

data/spec/bcrypt/bcrypt_spec.rb

@@ -0,0 +1,9 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+context "BCrypt" do
+  specify "should calculate the optimal cost factor to fit in a specific time" do
+    first = BCrypt.calibrate(100)
+    second = BCrypt.calibrate(300)
+    second.should >(first + 1)
+  end
+end

data/spec/bcrypt/internals_spec.rb

@@ -0,0 +1,48 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+context "Generating BCrypt salts" do
+  include BCrypt::Internals
+  
+  specify "should produce strings" do
+    _bc_salt.should be_an_instance_of(String)
+  end
+  
+  specify "should produce random data" do
+    _bc_salt.should_not equal(_bc_salt)
+  end
+  
+  specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
+    lambda { _bc_salt('woo') }.should raise_error(BCrypt::Errors::InvalidCost)
+  end
+end
+
+context "Generating BCrypt hashes" do
+  include BCrypt::Internals
+  
+  setup do
+    @salt = _bc_salt
+    @password = "woo"
+  end
+  
+  specify "should produce a string" do
+    _bc_crypt(@password, @salt).should be_an_instance_of(String)
+  end
+  
+  specify "should raise an InvalidSaltError if the salt is invalid" do
+    lambda { _bc_crypt(@password, 'nino') }.should raise_error(BCrypt::Errors::InvalidSalt)
+  end
+  
+  specify "should be interoperable with other implementations" do
+    # test vectors from the OpenWall implementation <http://www.openwall.com/crypt/>
+    test_vectors = [
+      ["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
+      ["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
+      ["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
+      ["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
+      ["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"]
+    ]
+    for secret, salt, test_vector in test_vectors
+      _bc_crypt(secret, salt).should eql(test_vector)
+    end
+  end
+end

data/spec/bcrypt/password_spec.rb

@@ -0,0 +1,53 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+context "Creating a hashed password" do
+  
+  setup do
+    @secret = "wheedle"
+    @password = BCrypt::Password.create(@secret)
+  end
+  
+  specify "should return a BCrypt::Password" do
+    @password.should be_an_instance_of(BCrypt::Password)
+  end
+  
+  specify "should return a valid bcrypt password" do
+    lambda { BCrypt::Password.new(@password) }.should_not raise_error
+  end
+  
+end
+
+context "Reading a hashed password" do
+  setup do
+    @secret = "U*U"
+    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+  end
+  
+  specify "should read the version, cost, salt, and hash" do
+    password = BCrypt::Password.new(@hash)
+    password.version.should eql("2a")
+    password.cost.should equal(5)
+    password.salt.should eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
+    password.to_s.should_eql @hash
+  end
+  
+  specify "should raise an InvalidHashError when given an invalid hash" do
+    lambda { BCrypt::Password.new('weedle') }.should raise_error(BCrypt::Errors::InvalidHash)
+  end
+end
+
+context "Comparing a hashed password with a secret" do
+  setup do
+    @secret = "U*U"
+    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+    @password = BCrypt::Password.create(@secret)
+  end
+  
+  specify "should compare successfully to the original secret" do
+    (@password == @secret).should be(true)
+  end
+  
+  specify "should compare unsuccessfully to anything besides original secret" do
+    (@password == "@secret").should be(false)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+require "rubygems"
+require "spec"
+require "bcrypt"

metadata

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.9.1
+specification_version: 1
+name: bcrypt-ruby
+version: !ruby/object:Gem::Version 
+  version: 1.0.0
+date: 2007-02-27 00:00:00 -08:00
+summary: Blah.
+require_paths: 
+- lib
+email: coda.hale@gmail.com
+homepage: http://bcrypt-ruby.rubyforge.org
+rubyforge_project: bcrypt-ruby
+description: Woot.
+autorequire: bcrypt
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+post_install_message: 
+authors: 
+- - Coda Hale
+files: 
+- COPYING
+- Rakefile
+- README
+- lib/bcrypt.rb
+- spec/spec_helper.rb
+- spec/bcrypt/bcrypt_spec.rb
+- spec/bcrypt/internals_spec.rb
+- spec/bcrypt/password_spec.rb
+- ext/bcrypt.c
+- ext/bcrypt_ext.c
+- ext/blowfish.c
+- ext/blf.h
+- ext/extconf.rb
+test_files: []
+
+rdoc_options: 
+- --title
+- bcrypt-ruby
+- --line-numbers
+- --inline-source
+- --main
+- README
+extra_rdoc_files: 
+- README
+- COPYING
+- lib/bcrypt.rb
+executables: []
+
+extensions: 
+- ext/extconf.rb
+requirements: []
+
+dependencies: []
+