bcrypt-ruby 2.1.2 → 2.1.3

data/.gitignore

@@ -0,0 +1,7 @@
+*.o
+*.bundle
+*.so
+ext/mri/Makefile
+doc
+pkg
+*.class

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--backtrace
+--format documentation

data/Gemfile

@@ -0,0 +1,2 @@
+source :rubygems
+gemspec

data/Rakefile

@@ -1,24 +1,12 @@
-gem "rspec"
-require "spec/rake/spectask"
+require 'rspec/core/rake_task'
 require 'rake/gempackagetask'
+require 'rake/extensiontask'
+require 'rake/javaextensiontask'
 require 'rake/contrib/rubyforgepublisher'
 require 'rake/clean'
 require 'rake/rdoctask'
-require "benchmark"
+require 'benchmark'
 
-PKG_NAME = "bcrypt-ruby"
-PKG_VERSION   = "2.1.2"
-PKG_FILE_NAME = "#{PKG_NAME}-#{PKG_VERSION}"
-PKG_FILES = FileList[
-  '[A-Z]*',
-  'lib/**/*.rb', 
-  'spec/**/*.rb', 
-  'ext/mri/*.c',
-  'ext/mri/*.h',
-  'ext/mri/*.rb',
-  'ext/jruby/bcrypt_jruby/BCrypt.java',
-  'ext/jruby/bcrypt_jruby/BCrypt.class'
-]
 CLEAN.include(
   "ext/mri/*.o",
   "ext/mri/*.bundle",
@@ -30,91 +18,62 @@ CLOBBER.include(
   "doc/coverage",
   "pkg"
 )
+GEMSPEC = eval(File.read(File.expand_path("../bcrypt-ruby.gemspec", __FILE__)))
 
 task :default => [:compile, :spec]
 
 desc "Run all specs"
-Spec::Rake::SpecTask.new do |t|
-  t.spec_files = FileList['spec/**/*_spec.rb']
-  t.spec_opts = ['--color','--backtrace','--diff']
+RSpec::Core::RakeTask.new do |t|
+  t.pattern = 'spec/**/*_spec.rb'
 end
 
 desc "Run all specs, with coverage testing"
-Spec::Rake::SpecTask.new(:rcov) do |t|
-  t.spec_files = FileList['spec/**/*_spec.rb']
-  t.spec_opts = ['--color','--backtrace','--diff']
+RSpec::Core::RakeTask.new(:rcov) do |t|
+  t.pattern = 'spec/**/*_spec.rb'
   t.rcov = true
-  t.rcov_dir = 'doc/coverage'
+  t.rcov_path = 'doc/coverage'
   t.rcov_opts = ['--exclude', 'rspec,diff-lcs,rcov,_spec,_helper']
 end
 
 desc 'Generate RDoc'
 rd = Rake::RDocTask.new do |rdoc|
   rdoc.rdoc_dir = 'doc/rdoc'
-  rdoc.options << '--title' << 'bcrypt-ruby' << '--line-numbers' << '--inline-source' << '--main' << 'README'
+  rdoc.options += GEMSPEC.rdoc_options
   rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE']
-  rdoc.rdoc_files.include('README', 'COPYING', 'CHANGELOG', 'lib/**/*.rb')
+  rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files)
 end
 
-spec = Gem::Specification.new do |s|
-  s.name = PKG_NAME
-  s.version = PKG_VERSION
-  s.summary = "OpenBSD's bcrypt() password hashing algorithm."
-  s.description = <<-EOF
-    bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
-    for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for safely handling
-    passwords.
-  EOF
-
-  s.files = PKG_FILES.to_a
-  s.require_path = 'lib'
-
-  s.has_rdoc = true
-  s.rdoc_options = rd.options
-  s.extra_rdoc_files = rd.rdoc_files.to_a
-  
-  s.extensions = FileList["ext/mri/extconf.rb"].to_a
-  
-  s.authors = ["Coda Hale"]
-  s.email = "coda.hale@gmail.com"
-  s.homepage = "http://bcrypt-ruby.rubyforge.org"
-  s.rubyforge_project = "bcrypt-ruby"
-end
-
-file 'ext/jruby/bcrypt_jruby/BCrypt.class' => ["ext/jruby/bcrypt_jruby/BCrypt.java"] do
-  Rake::Task['compile:jruby'].invoke
-end
-
-Rake::GemPackageTask.new(spec) do |pkg|
+Rake::GemPackageTask.new(GEMSPEC) do |pkg|
   pkg.need_zip = true
   pkg.need_tar = true
 end
 
-desc "Clean, then compile the extension that's native to the current Ruby compiler."
-if RUBY_PLATFORM == "java"
-  task :compile => 'compile:jruby'
+if RUBY_PLATFORM =~ /java/
+  Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
+    ext.ext_dir = 'ext/jruby'
+  end
 else
-  task :compile => 'compile:mri'
-end
+  Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|
+    ext.ext_dir = 'ext/mri'
+    ext.cross_compile = true
+    ext.cross_platform = ['x86-mingw32', 'x86-mswin32-60']
 
-namespace :compile do
-  desc "CLean, then compile all extensions"
-  task :all => [:mri, :jruby]
-  
-  desc "Clean, then compile the MRI extension"
-  task :mri => :clean do
-    Dir.chdir('ext/mri') do
-      ruby "extconf.rb"
-      sh "make"
+    # inject 1.8/1.9 pure-ruby entry point
+    ext.cross_compiling do |spec|
+      spec.files += ["lib/#{ext.name}.rb"]
     end
   end
-  
-  desc "Clean, then compile the JRuby extension"
-  task :jruby => :clean do
-    Dir.chdir('ext/jruby/bcrypt_jruby') do
-      sh "javac -source 1.4 -target 1.4 BCrypt.java"
-    end
+end
+
+# Entry point for fat-binary gems on win32
+file("lib/bcrypt_ext.rb") do |t|
+  File.open(t.name, 'wb') do |f|
+    f.write <<-eoruby
+RUBY_VERSION =~ /(\\d+.\\d+)/
+require "\#{$1}/#{File.basename(t.name, '.rb')}"
+    eoruby
   end
+  at_exit{ FileUtils.rm t.name if File.exists?(t.name) }
 end
 
 desc "Run a set of benchmarks on the compiled extension."

data/bcrypt-ruby.gemspec

@@ -0,0 +1,28 @@
+Gem::Specification.new do |s|
+  s.name = 'bcrypt-ruby'
+  s.version = '2.1.3'
+
+  s.summary = "OpenBSD's bcrypt() password hashing algorithm."
+  s.description = <<-EOF
+    bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
+    for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for safely handling
+    passwords.
+  EOF
+
+  s.files = `git ls-files`.split("\n")
+  s.require_path = 'lib'
+
+  s.add_development_dependency 'rake-compiler'
+  s.add_development_dependency 'rspec'
+
+  s.has_rdoc = true
+  s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README']
+  s.extra_rdoc_files += ['README', 'COPYING', 'CHANGELOG', *Dir['lib/**/*.rb']]
+
+  s.extensions = 'ext/mri/extconf.rb'
+
+  s.authors = ["Coda Hale"]
+  s.email = "coda.hale@gmail.com"
+  s.homepage = "http://bcrypt-ruby.rubyforge.org"
+  s.rubyforge_project = "bcrypt-ruby"
+end

data/ext/mri/bcrypt.c

@@ -77,10 +77,10 @@ static void encode_salt(char *, uint8_t *, uint16_t, uint8_t);
 static void encode_base64(uint8_t *, uint8_t *, uint16_t);
 static void decode_base64(uint8_t *, uint16_t, uint8_t *);
 
-const static uint8_t Base64Code[] =
+static const uint8_t Base64Code[] =
 "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
 
-const static uint8_t index_64[128] = {
+static const uint8_t index_64[128] = {
 	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 	255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
@@ -150,7 +150,7 @@ encode_salt(char *salt, uint8_t *csalt, uint16_t clen, uint8_t logr)
  */
 
 char   *
-bcrypt_gensalt(char *output, uint8_t log_rounds, uint8_t *rseed)
+ruby_bcrypt_gensalt(char *output, uint8_t log_rounds, uint8_t *rseed)
 {
 	if (log_rounds < 4)
 		log_rounds = 4;
@@ -164,7 +164,7 @@ bcrypt_gensalt(char *output, uint8_t log_rounds, uint8_t *rseed)
    i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
 
 char   *
-bcrypt(char *output, const char *key, const char *salt)
+ruby_bcrypt(char *output, const char *key, const char *salt)
 {
 	blf_ctx state;
 	uint32_t rounds, i, k;

data/ext/mri/bcrypt.h

@@ -51,7 +51,7 @@
  *        cryptographically secure random source.
  * Returns: output
  */
-char *bcrypt_gensalt(char *output, uint8_t log_rounds, uint8_t *rseed);
+char *ruby_bcrypt_gensalt(char *output, uint8_t log_rounds, uint8_t *rseed);
 
 /*
  * Given a secret and a salt, generates a salted hash (which you can then store safely).
@@ -62,6 +62,6 @@ char *bcrypt_gensalt(char *output, uint8_t log_rounds, uint8_t *rseed);
  * salt: The salt, as generated by bcrypt_gensalt().
  * Returns: output on success, NULL on error.
  */
-char *bcrypt(char *output, const char *key, const char *salt);
+char *ruby_bcrypt(char *output, const char *key, const char *salt);
 
 #endif /* _BCRYPT_H_ */

data/ext/mri/bcrypt_ext.c

@@ -30,7 +30,7 @@ static VALUE cBCryptEngine;
 	
 	static VALUE bcrypt_wrapper(void *_args) {
 		BCryptArguments *args = (BCryptArguments *)_args;
-		return (VALUE)bcrypt(args->output, args->key, args->salt);
+		return (VALUE)ruby_bcrypt(args->output, args->key, args->salt);
 	}
 
 #endif /* RUBY_1_9 */
@@ -41,7 +41,7 @@ static VALUE bc_salt(VALUE self, VALUE cost, VALUE seed) {
 	int icost = NUM2INT(cost);
 	char salt[BCRYPT_SALT_OUTPUT_SIZE];
 	
-	bcrypt_gensalt(salt, icost, (uint8_t *)RSTRING_PTR(seed));
+	ruby_bcrypt_gensalt(salt, icost, (uint8_t *)RSTRING_PTR(seed));
 	return rb_str_new2(salt);
 }
 
@@ -70,7 +70,7 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE salt, VALUE cost) {
 		/* otherwise, fallback to the non-GIL-unlocking code, just like on Ruby 1.8 */
 	#endif
 	
-	if (bcrypt(output, safeguarded, (char *)RSTRING_PTR(salt)) != NULL) {
+	if (ruby_bcrypt(output, safeguarded, (char *)RSTRING_PTR(salt)) != NULL) {
 		return rb_str_new2(output);
 	} else {
 		return Qnil;

data/lib/bcrypt.rb

@@ -2,13 +2,12 @@
 
 if RUBY_PLATFORM == "java"
   require 'java'
-  $CLASSPATH << File.expand_path(File.join(File.dirname(__FILE__), "..", "ext", "jruby"))
 else
-  $LOAD_PATH.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "ext", "mri")))
-  require "bcrypt_ext"
   require "openssl"
 end
 
+require 'bcrypt_ext'
+
 # A Ruby library implementing OpenBSD's bcrypt()/crypt_blowfish algorithm for
 # hashing passwords.
 module BCrypt
@@ -18,7 +17,7 @@ module BCrypt
     class InvalidCost   < StandardError; end  # The cost parameter provided to bcrypt() is invalid.
     class InvalidSecret < StandardError; end  # The secret parameter provided to bcrypt() is invalid.
   end
-  
+
   # A Ruby wrapper for the bcrypt() C extension calls and the Java calls.
   class Engine
     # The default computational expense parameter.
@@ -27,14 +26,14 @@ module BCrypt
     MIN_COST        = 4
     # Maximum possible size of bcrypt() salts.
     MAX_SALT_LENGTH = 16
-    
+
     if RUBY_PLATFORM != "java"
       # C-level routines which, if they don't get the right input, will crash the
       # hell out of the Ruby process.
       private_class_method :__bc_salt
       private_class_method :__bc_crypt
     end
-    
+
     # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
     # a bcrypt() password hash.
     def self.hash_secret(secret, salt, cost = nil)
@@ -43,7 +42,7 @@ module BCrypt
           if cost.nil?
             cost = autodetect_cost(salt)
           end
-          
+
           if RUBY_PLATFORM == "java"
             Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s, salt.to_s)
           else
@@ -56,7 +55,7 @@ module BCrypt
         raise Errors::InvalidSecret.new("invalid secret")
       end
     end
-    
+
     # Generates a random salt with a given computational cost.
     def self.generate_salt(cost = DEFAULT_COST)
       cost = cost.to_i
@@ -73,27 +72,27 @@ module BCrypt
         raise Errors::InvalidCost.new("cost must be numeric and > 0")
       end
     end
-    
+
     # Returns true if +salt+ is a valid bcrypt() salt, false if not.
     def self.valid_salt?(salt)
       salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/
     end
-    
+
     # Returns true if +secret+ is a valid bcrypt() secret, false if not.
     def self.valid_secret?(secret)
       secret.respond_to?(:to_s)
     end
-    
+
     # Returns the cost factor which will result in computation times less than +upper_time_limit_in_ms+.
-    # 
+    #
     # Example:
-    # 
+    #
     #   BCrypt.calibrate(200)  #=> 10
     #   BCrypt.calibrate(1000) #=> 12
-    # 
+    #
     #   # should take less than 200ms
     #   BCrypt::Password.create("woo", :cost => 10)
-    # 
+    #
     #   # should take less than 1000ms
     #   BCrypt::Password.create("woo", :cost => 12)
     def self.calibrate(upper_time_limit_in_ms)
@@ -104,88 +103,88 @@ module BCrypt
         return i if end_time * 1_000 > upper_time_limit_in_ms
       end
     end
-    
+
     # Autodetects the cost from the salt string.
     def self.autodetect_cost(salt)
       salt[4..5].to_i
     end
   end
-  
+
   # A password management class which allows you to safely store users' passwords and compare them.
-  # 
+  #
   # Example usage:
-  # 
+  #
   #   include BCrypt
-  # 
+  #
   #   # hash a user's password  
   #   @password = Password.create("my grand secret")
   #   @password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG"
-  # 
+  #
   #   # store it safely
   #   @user.update_attribute(:password, @password)
-  # 
+  #
   #   # read it back
   #   @user.reload!
   #   @db_password = Password.new(@user.password)
-  # 
+  #
   #   # compare it after retrieval
   #   @db_password == "my grand secret" #=> true
   #   @db_password == "a paltry guess"  #=> false
-  # 
+  #
   class Password < String
     # The hash portion of the stored password hash.
-    attr_reader :hash
+    attr_reader :checksum
     # The salt of the store password hash (including version and cost).
     attr_reader :salt
     # The version of the bcrypt() algorithm used to create the hash.
     attr_reader :version
     # The cost factor used to create the hash.
     attr_reader :cost
-    
+
     class << self
       # Hashes a secret, returning a BCrypt::Password instance. Takes an optional <tt>:cost</tt> option, which is a
       # logarithmic variable which determines how computational expensive the hash is to calculate (a <tt>:cost</tt> of
       # 4 is twice as much work as a <tt>:cost</tt> of 3). The higher the <tt>:cost</tt> the harder it becomes for
       # attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check
       # users' passwords.
-      # 
+      #
       # Example:
-      # 
+      #
       #   @password = BCrypt::Password.create("my secret", :cost => 13)
       def create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST })
         Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(options[:cost]), options[:cost]))
       end
     end
-    
+
     # Initializes a BCrypt::Password instance with the data from a stored hash.
     def initialize(raw_hash)
       if valid_hash?(raw_hash)
         self.replace(raw_hash)
-        @version, @cost, @salt, @hash = split_hash(self)
+        @version, @cost, @salt, @checksum = split_hash(self)
       else
         raise Errors::InvalidHash.new("invalid hash")
       end
     end
-    
+
     # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
     def ==(secret)
       super(BCrypt::Engine.hash_secret(secret, @salt))
     end
     alias_method :is_password?, :==
-    
+
   private
     # Returns true if +h+ is a valid hash.
     def valid_hash?(h)
       h =~ /^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/
     end
-    
+
     # call-seq:
     #   split_hash(raw_hash) -> version, cost, salt, hash
-    # 
+    #
     # Splits +h+ into version, cost, salt, and hash and returns them in that order.
     def split_hash(h)
       b, v, c, mash = h.split('$')
-      return v, c.to_i, h[0, 29], mash[-31, 31]
+      return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
     end
   end
 end

data/spec/TestBCrypt.java

@@ -0,0 +1,175 @@
+// Copyright (c) 2006 Damien Miller <djm@mindrot.org>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+import junit.framework.TestCase;
+
+/**
+ * JUnit unit tests for BCrypt routines
+ * @author Damien Miller
+ * @version 0.2
+ */
+public class TestBCrypt extends TestCase {
+	String test_vectors[][] = {
+			{ "", 
+			"$2a$06$DCq7YPn5Rq63x1Lad4cll.",
+			"$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
+			{ "",
+			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.",
+			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
+			{ "",
+			"$2a$10$k1wbIrmNyFAPwPVPSVa/ze",
+			"$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
+			{ "",
+			"$2a$12$k42ZFHFWqBp3vWli.nIn8u",
+			"$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
+			{ "a",
+			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO",
+			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
+			{ "a", 
+			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfe",
+			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
+			{ "a",
+			"$2a$10$k87L/MF28Q673VKh8/cPi.",
+			"$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
+			{ "a",
+			"$2a$12$8NJH3LsPrANStV6XtBakCe",
+			"$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
+			{ "abc",
+			"$2a$06$If6bvum7DFjUnE9p2uDeDu",
+			"$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
+			{ "abc",
+			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7O",
+			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
+			{ "abc",
+			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.",
+			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
+			{ "abc",
+			"$2a$12$EXRkfkdmXn2gzds2SSitu.",
+			"$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$06$.rCVZVOThsIa97pEDOxvGu",
+			"$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$08$aTsUwsyowQuzRrDqFflhge",
+			"$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$10$fVH8e28OQRj9tqiDXs1e1u",
+			"$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$12$D4G5f18o7aMMfwasBL7Gpu",
+			"$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$06$fPIsBO8qRqkjj273rfaOI.",
+			"$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$08$Eq2r4G/76Wv39MzSX262hu",
+			"$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
+			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$12$WApznUOJfkEGSmYRfnkrPO",
+			"$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
+		};
+
+	/**
+	 * Entry point for unit tests
+	 * @param args unused
+	 */
+	public static void main(String[] args) {
+		junit.textui.TestRunner.run(TestBCrypt.class);
+	}
+
+	/**
+	 * Test method for 'BCrypt.hashpw(String, String)'
+	 */
+	public void testHashpw() {
+		System.out.print("BCrypt.hashpw(): ");
+		for (int i = 0; i < test_vectors.length; i++) {
+			String plain = test_vectors[i][0];
+			String salt = test_vectors[i][1];
+			String expected = test_vectors[i][2];
+			String hashed = BCrypt.hashpw(plain, salt);
+			assertEquals(hashed, expected);
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.gensalt(int)'
+	 */
+	public void testGensaltInt() {
+		System.out.print("BCrypt.gensalt(log_rounds):");
+		for (int i = 4; i <= 12; i++) {
+			System.out.print(" " + Integer.toString(i) + ":");
+			for (int j = 0; j < test_vectors.length; j += 4) {
+				String plain = test_vectors[j][0];
+				String salt = BCrypt.gensalt(i);
+				String hashed1 = BCrypt.hashpw(plain, salt);
+				String hashed2 = BCrypt.hashpw(plain, hashed1);
+				assertEquals(hashed1, hashed2);
+				System.out.print(".");
+			}
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.gensalt()'
+	 */
+	public void testGensalt() {
+		System.out.print("BCrypt.gensalt(): ");
+		for (int i = 0; i < test_vectors.length; i += 4) {
+			String plain = test_vectors[i][0];
+			String salt = BCrypt.gensalt();
+			String hashed1 = BCrypt.hashpw(plain, salt);
+			String hashed2 = BCrypt.hashpw(plain, hashed1);
+			assertEquals(hashed1, hashed2);
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.checkpw(String, String)'
+	 * expecting success
+	 */
+	public void testCheckpw_success() {
+		System.out.print("BCrypt.checkpw w/ good passwords: ");
+		for (int i = 0; i < test_vectors.length; i++) {
+			String plain = test_vectors[i][0];
+			String expected = test_vectors[i][2];
+			assertTrue(BCrypt.checkpw(plain, expected));
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.checkpw(String, String)'
+	 * expecting failure
+	 */
+	public void testCheckpw_failure() {
+		System.out.print("BCrypt.checkpw w/ bad passwords: ");
+		for (int i = 0; i < test_vectors.length; i++) {
+			int broken_index = (i + 4) % test_vectors.length;
+			String plain = test_vectors[i][0];
+			String expected = test_vectors[broken_index][2];
+			assertFalse(BCrypt.checkpw(plain, expected));
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+}

data/spec/bcrypt/engine_spec.rb

@@ -1,6 +1,6 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
 
-context "The BCrypt engine" do
+describe "The BCrypt engine" do
   specify "should calculate the optimal cost factor to fit in a specific time" do
     first = BCrypt::Engine.calibrate(100)
     second = BCrypt::Engine.calibrate(400)
@@ -8,64 +8,64 @@ context "The BCrypt engine" do
   end
 end
 
-context "Generating BCrypt salts" do
-  
+describe "Generating BCrypt salts" do
+
   specify "should produce strings" do
     BCrypt::Engine.generate_salt.should be_an_instance_of(String)
   end
-  
+
   specify "should produce random data" do
     BCrypt::Engine.generate_salt.should_not equal(BCrypt::Engine.generate_salt)
   end
-  
+
   specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
     lambda { BCrypt::Engine.generate_salt('woo') }.should raise_error(BCrypt::Errors::InvalidCost)
   end
-  
+
   specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
     lambda { BCrypt::Engine.generate_salt(-1) }.should raise_error(BCrypt::Errors::InvalidCost)
   end
 end
 
-context "Autodetecting of salt cost" do
-  
+describe "Autodetecting of salt cost" do
+
   specify "should work" do
     BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou").should == 8
     BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu").should == 5
     BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.").should == 13
   end
-  
+
 end
 
-context "Generating BCrypt hashes" do
-  
+describe "Generating BCrypt hashes" do
+
   class MyInvalidSecret
     undef to_s
   end
-  
+
   before :each do
     @salt = BCrypt::Engine.generate_salt(4)
     @password = "woo"
   end
-  
+
   specify "should produce a string" do
     BCrypt::Engine.hash_secret(@password, @salt).should be_an_instance_of(String)
   end
-  
+
   specify "should raise an InvalidSalt error if the salt is invalid" do
     lambda { BCrypt::Engine.hash_secret(@password, 'nino') }.should raise_error(BCrypt::Errors::InvalidSalt)
   end
-  
+
   specify "should raise an InvalidSecret error if the secret is invalid" do
     lambda { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.should raise_error(BCrypt::Errors::InvalidSecret)
     lambda { BCrypt::Engine.hash_secret(nil, @salt) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
     lambda { BCrypt::Engine.hash_secret(false, @salt) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
   end
-  
+
   specify "should call #to_s on the secret and use the return value as the actual secret data" do
     BCrypt::Engine.hash_secret(false, @salt).should == BCrypt::Engine.hash_secret("false", @salt)
   end
-  
+
   specify "should be interoperable with other implementations" do
     # test vectors from the OpenWall implementation <http://www.openwall.com/crypt/>
     test_vectors = [

data/spec/bcrypt/password_spec.rb

@@ -1,26 +1,26 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
 
-context "Creating a hashed password" do
-  
+describe "Creating a hashed password" do
+
   before :each do
     @secret = "wheedle"
     @password = BCrypt::Password.create(@secret, :cost => 4)
   end
-  
+
   specify "should return a BCrypt::Password" do
     @password.should be_an_instance_of(BCrypt::Password)
   end
-  
+
   specify "should return a valid bcrypt password" do
     lambda { BCrypt::Password.new(@password) }.should_not raise_error
   end
-  
+
   specify "should behave normally if the secret is not a string" do
     lambda { BCrypt::Password.create(nil) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
     lambda { BCrypt::Password.create({:woo => "yeah"}) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
     lambda { BCrypt::Password.create(false) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
   end
-  
+
   specify "should tolerate empty string secrets" do
     lambda { BCrypt::Password.create( "\n".chop  ) }.should_not raise_error
     lambda { BCrypt::Password.create( ""         ) }.should_not raise_error
@@ -28,37 +28,40 @@ context "Creating a hashed password" do
   end
 end
 
-context "Reading a hashed password" do
+describe "Reading a hashed password" do
   before :each do
     @secret = "U*U"
     @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
   end
-  
+
   specify "should read the version, cost, salt, and hash" do
     password = BCrypt::Password.new(@hash)
     password.version.should eql("2a")
     password.cost.should equal(5)
     password.salt.should eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
+    password.salt.class.should == String
+    password.checksum.should eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
+    password.checksum.class.should == String
     password.to_s.should eql(@hash)
   end
-  
+
   specify "should raise an InvalidHashError when given an invalid hash" do
     lambda { BCrypt::Password.new('weedle') }.should raise_error(BCrypt::Errors::InvalidHash)
   end
 end
 
-context "Comparing a hashed password with a secret" do
+describe "Comparing a hashed password with a secret" do
   before :each do
     @secret = "U*U"
     @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
     @password = BCrypt::Password.create(@secret)
   end
-  
+
   specify "should compare successfully to the original secret" do
     (@password == @secret).should be(true)
   end
-  
+
   specify "should compare unsuccessfully to anything besides original secret" do
     (@password == "@secret").should be(false)
   end
-end
+end

data/spec/spec_helper.rb

@@ -1,4 +1,2 @@
-$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
-require "rubygems"
-require "spec"
-require "bcrypt"
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'bcrypt'

metadata

@@ -1,7 +1,12 @@
 --- !ruby/object:Gem::Specification 
 name: bcrypt-ruby
 version: !ruby/object:Gem::Version 
-  version: 2.1.2
+  prerelease: false
+  segments: 
+  - 2
+  - 1
+  - 3
+  version: 2.1.3
 platform: ruby
 authors: 
 - Coda Hale
@@ -9,10 +14,33 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-09-16 00:00:00 -07:00
+date: 2010-12-20 00:00:00 -08:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rake-compiler
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id002
 description: "    bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project\n    for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for safely handling\n    passwords.\n"
 email: coda.hale@gmail.com
 executables: []
@@ -25,22 +53,26 @@ extra_rdoc_files:
 - CHANGELOG
 - lib/bcrypt.rb
 files: 
+- .gitignore
+- .rspec
 - CHANGELOG
 - COPYING
-- Rakefile
+- Gemfile
 - README
-- lib/bcrypt.rb
-- spec/bcrypt/engine_spec.rb
-- spec/bcrypt/password_spec.rb
-- spec/spec_helper.rb
+- Rakefile
+- bcrypt-ruby.gemspec
+- ext/jruby/bcrypt_jruby/BCrypt.java
 - ext/mri/bcrypt.c
-- ext/mri/bcrypt_ext.c
-- ext/mri/blowfish.c
 - ext/mri/bcrypt.h
+- ext/mri/bcrypt_ext.c
 - ext/mri/blf.h
+- ext/mri/blowfish.c
 - ext/mri/extconf.rb
-- ext/jruby/bcrypt_jruby/BCrypt.java
-- ext/jruby/bcrypt_jruby/BCrypt.class
+- lib/bcrypt.rb
+- spec/TestBCrypt.java
+- spec/bcrypt/engine_spec.rb
+- spec/bcrypt/password_spec.rb
+- spec/spec_helper.rb
 has_rdoc: true
 homepage: http://bcrypt-ruby.rubyforge.org
 licenses: []
@@ -59,18 +91,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      segments: 
+      - 0
       version: "0"
-  version: 
 required_rubygems_version: !ruby/object:Gem::Requirement 
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      segments: 
+      - 0
       version: "0"
-  version: 
 requirements: []
 
 rubyforge_project: bcrypt-ruby
-rubygems_version: 1.3.5
+rubygems_version: 1.3.6
 signing_key: 
 specification_version: 3
 summary: OpenBSD's bcrypt() password hashing algorithm.