bcrypt 3.1.12-java → 3.1.16-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +8 -7
- data/CHANGELOG +78 -62
- data/README.md +17 -15
- data/Rakefile +2 -27
- data/appveyor.yml +32 -32
- data/bcrypt.gemspec +1 -3
- data/ext/jruby/bcrypt_jruby/BCrypt.java +524 -351
- data/ext/mri/bcrypt_ext.c +2 -2
- data/ext/mri/crypt.h +12 -1
- data/ext/mri/crypt_blowfish.c +269 -152
- data/ext/mri/crypt_blowfish.h +27 -0
- data/ext/mri/crypt_gensalt.c +27 -14
- data/ext/mri/crypt_gensalt.h +30 -0
- data/ext/mri/extconf.rb +6 -0
- data/ext/mri/ow-crypt.h +25 -17
- data/ext/mri/wrapper.c +338 -46
- data/ext/mri/x86.S +203 -0
- data/lib/bcrypt.rb +1 -6
- data/lib/bcrypt/engine.rb +7 -5
- data/lib/bcrypt/password.rb +3 -3
- data/spec/bcrypt/engine_spec.rb +77 -2
- data/spec/bcrypt/password_spec.rb +2 -2
- metadata +8 -21
- data/Gemfile.lock +0 -44
data/ext/mri/x86.S
ADDED
|
@@ -0,0 +1,203 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* Written by Solar Designer <solar at openwall.com> in 1998-2010.
|
|
3
|
+
* No copyright is claimed, and the software is hereby placed in the public
|
|
4
|
+
* domain. In case this attempt to disclaim copyright and place the software
|
|
5
|
+
* in the public domain is deemed null and void, then the software is
|
|
6
|
+
* Copyright (c) 1998-2010 Solar Designer and it is hereby released to the
|
|
7
|
+
* general public under the following terms:
|
|
8
|
+
*
|
|
9
|
+
* Redistribution and use in source and binary forms, with or without
|
|
10
|
+
* modification, are permitted.
|
|
11
|
+
*
|
|
12
|
+
* There's ABSOLUTELY NO WARRANTY, express or implied.
|
|
13
|
+
*
|
|
14
|
+
* See crypt_blowfish.c for more information.
|
|
15
|
+
*/
|
|
16
|
+
|
|
17
|
+
#ifdef __i386__
|
|
18
|
+
|
|
19
|
+
#if defined(__OpenBSD__) && !defined(__ELF__)
|
|
20
|
+
#define UNDERSCORES
|
|
21
|
+
#define ALIGN_LOG
|
|
22
|
+
#endif
|
|
23
|
+
|
|
24
|
+
#if defined(__CYGWIN32__) || defined(__MINGW32__)
|
|
25
|
+
#define UNDERSCORES
|
|
26
|
+
#endif
|
|
27
|
+
|
|
28
|
+
#ifdef __DJGPP__
|
|
29
|
+
#define UNDERSCORES
|
|
30
|
+
#define ALIGN_LOG
|
|
31
|
+
#endif
|
|
32
|
+
|
|
33
|
+
#ifdef UNDERSCORES
|
|
34
|
+
#define _BF_body_r __BF_body_r
|
|
35
|
+
#endif
|
|
36
|
+
|
|
37
|
+
#ifdef ALIGN_LOG
|
|
38
|
+
#define DO_ALIGN(log) .align (log)
|
|
39
|
+
#elif defined(DUMBAS)
|
|
40
|
+
#define DO_ALIGN(log) .align 1 << log
|
|
41
|
+
#else
|
|
42
|
+
#define DO_ALIGN(log) .align (1 << (log))
|
|
43
|
+
#endif
|
|
44
|
+
|
|
45
|
+
#define BF_FRAME 0x200
|
|
46
|
+
#define ctx %esp
|
|
47
|
+
|
|
48
|
+
#define BF_ptr (ctx)
|
|
49
|
+
|
|
50
|
+
#define S(N, r) N+BF_FRAME(ctx,r,4)
|
|
51
|
+
#ifdef DUMBAS
|
|
52
|
+
#define P(N) 0x1000+N+N+N+N+BF_FRAME(ctx)
|
|
53
|
+
#else
|
|
54
|
+
#define P(N) 0x1000+4*N+BF_FRAME(ctx)
|
|
55
|
+
#endif
|
|
56
|
+
|
|
57
|
+
/*
|
|
58
|
+
* This version of the assembly code is optimized primarily for the original
|
|
59
|
+
* Intel Pentium but is also careful to avoid partial register stalls on the
|
|
60
|
+
* Pentium Pro family of processors (tested up to Pentium III Coppermine).
|
|
61
|
+
*
|
|
62
|
+
* It is possible to do 15% faster on the Pentium Pro family and probably on
|
|
63
|
+
* many non-Intel x86 processors, but, unfortunately, that would make things
|
|
64
|
+
* twice slower for the original Pentium.
|
|
65
|
+
*
|
|
66
|
+
* An additional 2% speedup may be achieved with non-reentrant code.
|
|
67
|
+
*/
|
|
68
|
+
|
|
69
|
+
#define L %esi
|
|
70
|
+
#define R %edi
|
|
71
|
+
#define tmp1 %eax
|
|
72
|
+
#define tmp1_lo %al
|
|
73
|
+
#define tmp2 %ecx
|
|
74
|
+
#define tmp2_hi %ch
|
|
75
|
+
#define tmp3 %edx
|
|
76
|
+
#define tmp3_lo %dl
|
|
77
|
+
#define tmp4 %ebx
|
|
78
|
+
#define tmp4_hi %bh
|
|
79
|
+
#define tmp5 %ebp
|
|
80
|
+
|
|
81
|
+
.text
|
|
82
|
+
|
|
83
|
+
#define BF_ROUND(L, R, N) \
|
|
84
|
+
xorl L,tmp2; \
|
|
85
|
+
xorl tmp1,tmp1; \
|
|
86
|
+
movl tmp2,L; \
|
|
87
|
+
shrl $16,tmp2; \
|
|
88
|
+
movl L,tmp4; \
|
|
89
|
+
movb tmp2_hi,tmp1_lo; \
|
|
90
|
+
andl $0xFF,tmp2; \
|
|
91
|
+
movb tmp4_hi,tmp3_lo; \
|
|
92
|
+
andl $0xFF,tmp4; \
|
|
93
|
+
movl S(0,tmp1),tmp1; \
|
|
94
|
+
movl S(0x400,tmp2),tmp5; \
|
|
95
|
+
addl tmp5,tmp1; \
|
|
96
|
+
movl S(0x800,tmp3),tmp5; \
|
|
97
|
+
xorl tmp5,tmp1; \
|
|
98
|
+
movl S(0xC00,tmp4),tmp5; \
|
|
99
|
+
addl tmp1,tmp5; \
|
|
100
|
+
movl 4+P(N),tmp2; \
|
|
101
|
+
xorl tmp5,R
|
|
102
|
+
|
|
103
|
+
#define BF_ENCRYPT_START \
|
|
104
|
+
BF_ROUND(L, R, 0); \
|
|
105
|
+
BF_ROUND(R, L, 1); \
|
|
106
|
+
BF_ROUND(L, R, 2); \
|
|
107
|
+
BF_ROUND(R, L, 3); \
|
|
108
|
+
BF_ROUND(L, R, 4); \
|
|
109
|
+
BF_ROUND(R, L, 5); \
|
|
110
|
+
BF_ROUND(L, R, 6); \
|
|
111
|
+
BF_ROUND(R, L, 7); \
|
|
112
|
+
BF_ROUND(L, R, 8); \
|
|
113
|
+
BF_ROUND(R, L, 9); \
|
|
114
|
+
BF_ROUND(L, R, 10); \
|
|
115
|
+
BF_ROUND(R, L, 11); \
|
|
116
|
+
BF_ROUND(L, R, 12); \
|
|
117
|
+
BF_ROUND(R, L, 13); \
|
|
118
|
+
BF_ROUND(L, R, 14); \
|
|
119
|
+
BF_ROUND(R, L, 15); \
|
|
120
|
+
movl BF_ptr,tmp5; \
|
|
121
|
+
xorl L,tmp2; \
|
|
122
|
+
movl P(17),L
|
|
123
|
+
|
|
124
|
+
#define BF_ENCRYPT_END \
|
|
125
|
+
xorl R,L; \
|
|
126
|
+
movl tmp2,R
|
|
127
|
+
|
|
128
|
+
DO_ALIGN(5)
|
|
129
|
+
.globl _BF_body_r
|
|
130
|
+
_BF_body_r:
|
|
131
|
+
movl 4(%esp),%eax
|
|
132
|
+
pushl %ebp
|
|
133
|
+
pushl %ebx
|
|
134
|
+
pushl %esi
|
|
135
|
+
pushl %edi
|
|
136
|
+
subl $BF_FRAME-8,%eax
|
|
137
|
+
xorl L,L
|
|
138
|
+
cmpl %esp,%eax
|
|
139
|
+
ja BF_die
|
|
140
|
+
xchgl %eax,%esp
|
|
141
|
+
xorl R,R
|
|
142
|
+
pushl %eax
|
|
143
|
+
leal 0x1000+BF_FRAME-4(ctx),%eax
|
|
144
|
+
movl 0x1000+BF_FRAME-4(ctx),tmp2
|
|
145
|
+
pushl %eax
|
|
146
|
+
xorl tmp3,tmp3
|
|
147
|
+
BF_loop_P:
|
|
148
|
+
BF_ENCRYPT_START
|
|
149
|
+
addl $8,tmp5
|
|
150
|
+
BF_ENCRYPT_END
|
|
151
|
+
leal 0x1000+18*4+BF_FRAME(ctx),tmp1
|
|
152
|
+
movl tmp5,BF_ptr
|
|
153
|
+
cmpl tmp5,tmp1
|
|
154
|
+
movl L,-8(tmp5)
|
|
155
|
+
movl R,-4(tmp5)
|
|
156
|
+
movl P(0),tmp2
|
|
157
|
+
ja BF_loop_P
|
|
158
|
+
leal BF_FRAME(ctx),tmp5
|
|
159
|
+
xorl tmp3,tmp3
|
|
160
|
+
movl tmp5,BF_ptr
|
|
161
|
+
BF_loop_S:
|
|
162
|
+
BF_ENCRYPT_START
|
|
163
|
+
BF_ENCRYPT_END
|
|
164
|
+
movl P(0),tmp2
|
|
165
|
+
movl L,(tmp5)
|
|
166
|
+
movl R,4(tmp5)
|
|
167
|
+
BF_ENCRYPT_START
|
|
168
|
+
BF_ENCRYPT_END
|
|
169
|
+
movl P(0),tmp2
|
|
170
|
+
movl L,8(tmp5)
|
|
171
|
+
movl R,12(tmp5)
|
|
172
|
+
BF_ENCRYPT_START
|
|
173
|
+
BF_ENCRYPT_END
|
|
174
|
+
movl P(0),tmp2
|
|
175
|
+
movl L,16(tmp5)
|
|
176
|
+
movl R,20(tmp5)
|
|
177
|
+
BF_ENCRYPT_START
|
|
178
|
+
addl $32,tmp5
|
|
179
|
+
BF_ENCRYPT_END
|
|
180
|
+
leal 0x1000+BF_FRAME(ctx),tmp1
|
|
181
|
+
movl tmp5,BF_ptr
|
|
182
|
+
cmpl tmp5,tmp1
|
|
183
|
+
movl P(0),tmp2
|
|
184
|
+
movl L,-8(tmp5)
|
|
185
|
+
movl R,-4(tmp5)
|
|
186
|
+
ja BF_loop_S
|
|
187
|
+
movl 4(%esp),%esp
|
|
188
|
+
popl %edi
|
|
189
|
+
popl %esi
|
|
190
|
+
popl %ebx
|
|
191
|
+
popl %ebp
|
|
192
|
+
ret
|
|
193
|
+
|
|
194
|
+
BF_die:
|
|
195
|
+
/* Oops, need to re-compile with a larger BF_FRAME. */
|
|
196
|
+
hlt
|
|
197
|
+
jmp BF_die
|
|
198
|
+
|
|
199
|
+
#endif
|
|
200
|
+
|
|
201
|
+
#if defined(__ELF__) && defined(__linux__)
|
|
202
|
+
.section .note.GNU-stack,"",%progbits
|
|
203
|
+
#endif
|
data/lib/bcrypt.rb
CHANGED
data/lib/bcrypt/engine.rb
CHANGED
|
@@ -2,9 +2,11 @@ module BCrypt
|
|
|
2
2
|
# A Ruby wrapper for the bcrypt() C extension calls and the Java calls.
|
|
3
3
|
class Engine
|
|
4
4
|
# The default computational expense parameter.
|
|
5
|
-
DEFAULT_COST =
|
|
5
|
+
DEFAULT_COST = 12
|
|
6
6
|
# The minimum cost supported by the algorithm.
|
|
7
7
|
MIN_COST = 4
|
|
8
|
+
# The maximum cost supported by the algorithm.
|
|
9
|
+
MAX_COST = 31
|
|
8
10
|
# Maximum possible size of bcrypt() salts.
|
|
9
11
|
MAX_SALT_LENGTH = 16
|
|
10
12
|
|
|
@@ -28,8 +30,8 @@ module BCrypt
|
|
|
28
30
|
#
|
|
29
31
|
# Example:
|
|
30
32
|
#
|
|
31
|
-
# BCrypt::Engine::DEFAULT_COST #=>
|
|
32
|
-
# BCrypt::Password.create('secret').cost #=>
|
|
33
|
+
# BCrypt::Engine::DEFAULT_COST #=> 12
|
|
34
|
+
# BCrypt::Password.create('secret').cost #=> 12
|
|
33
35
|
#
|
|
34
36
|
# BCrypt::Engine.cost = 8
|
|
35
37
|
# BCrypt::Password.create('secret').cost #=> 8
|
|
@@ -46,7 +48,7 @@ module BCrypt
|
|
|
46
48
|
if valid_secret?(secret)
|
|
47
49
|
if valid_salt?(salt)
|
|
48
50
|
if RUBY_PLATFORM == "java"
|
|
49
|
-
Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s, salt.to_s)
|
|
51
|
+
Java.bcrypt_jruby.BCrypt.hashpw(secret.to_s.to_java_bytes, salt.to_s)
|
|
50
52
|
else
|
|
51
53
|
__bc_crypt(secret.to_s, salt)
|
|
52
54
|
end
|
|
@@ -99,7 +101,7 @@ module BCrypt
|
|
|
99
101
|
# # should take less than 1000ms
|
|
100
102
|
# BCrypt::Password.create("woo", :cost => 12)
|
|
101
103
|
def self.calibrate(upper_time_limit_in_ms)
|
|
102
|
-
|
|
104
|
+
(BCrypt::Engine::MIN_COST..BCrypt::Engine::MAX_COST-1).each do |i|
|
|
103
105
|
start_time = Time.now
|
|
104
106
|
Password.create("testing testing", :cost => i+1)
|
|
105
107
|
end_time = Time.now - start_time
|
data/lib/bcrypt/password.rb
CHANGED
|
@@ -7,7 +7,7 @@ module BCrypt
|
|
|
7
7
|
#
|
|
8
8
|
# # hash a user's password
|
|
9
9
|
# @password = Password.create("my grand secret")
|
|
10
|
-
# @password #=> "$2a$
|
|
10
|
+
# @password #=> "$2a$12$C5.FIvVDS9W4AYZ/Ib37YuWd/7ozp1UaMhU28UKrfSxp2oDchbi3K"
|
|
11
11
|
#
|
|
12
12
|
# # store it safely
|
|
13
13
|
# @user.update_attribute(:password, @password)
|
|
@@ -42,12 +42,12 @@ module BCrypt
|
|
|
42
42
|
# @password = BCrypt::Password.create("my secret", :cost => 13)
|
|
43
43
|
def create(secret, options = {})
|
|
44
44
|
cost = options[:cost] || BCrypt::Engine.cost
|
|
45
|
-
raise ArgumentError if cost >
|
|
45
|
+
raise ArgumentError if cost > BCrypt::Engine::MAX_COST
|
|
46
46
|
Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(cost)))
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
def valid_hash?(h)
|
|
50
|
-
|
|
50
|
+
/^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/ === h
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
|
data/spec/bcrypt/engine_spec.rb
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
|
2
2
|
|
|
3
|
+
describe 'BCrypt::Engine' do
|
|
4
|
+
describe '.calibrate(upper_time_limit_in_ms)' do
|
|
5
|
+
context 'a tiny upper time limit provided' do
|
|
6
|
+
it 'returns a minimum cost supported by the algorithm' do
|
|
7
|
+
expect(BCrypt::Engine.calibrate(0.001)).to eq(4)
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
3
13
|
describe "The BCrypt engine" do
|
|
4
14
|
specify "should calculate the optimal cost factor to fit in a specific time" do
|
|
5
15
|
first = BCrypt::Engine.calibrate(100)
|
|
@@ -67,13 +77,78 @@ describe "Generating BCrypt hashes" do
|
|
|
67
77
|
end
|
|
68
78
|
|
|
69
79
|
specify "should be interoperable with other implementations" do
|
|
70
|
-
# test vectors from the OpenWall implementation <http://www.openwall.com/crypt/>
|
|
71
80
|
test_vectors = [
|
|
81
|
+
# test vectors from the OpenWall implementation <https://www.openwall.com/crypt/>, found in wrapper.c
|
|
72
82
|
["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
|
|
73
83
|
["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
|
|
74
84
|
["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
|
|
85
|
+
["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"],
|
|
86
|
+
["\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
87
|
+
["\xff\xff\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
88
|
+
["\xff\xff\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
89
|
+
["\xff\xff\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85."],
|
|
90
|
+
["\xff\xff\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
|
91
|
+
["\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
|
92
|
+
["\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
|
93
|
+
["\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
|
94
|
+
["1\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
95
|
+
["\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
96
|
+
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
97
|
+
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
|
98
|
+
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd."],
|
|
99
|
+
["\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
|
|
100
|
+
["\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
|
|
101
|
+
["\xa3" "ab", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
|
102
|
+
["\xa3" "ab", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
|
103
|
+
["\xa3" "ab", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
|
104
|
+
["\xd1\x91", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS"],
|
|
105
|
+
["\xd0\xc1\xd2\xcf\xcc\xd8", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS"],
|
|
106
|
+
["\xaa"*72+"chars after 72 are ignored as usual", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6"],
|
|
107
|
+
["\xaa\x55"*36, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy"],
|
|
108
|
+
["\x55\xaa\xff"*24, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe"],
|
|
75
109
|
["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
|
|
76
|
-
|
|
110
|
+
|
|
111
|
+
# test vectors from the Java implementation, found in https://github.com/spring-projects/spring-security/blob/master/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
|
|
112
|
+
["", "$2a$06$DCq7YPn5Rq63x1Lad4cll.", "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s."],
|
|
113
|
+
["", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye"],
|
|
114
|
+
["", "$2a$10$k1wbIrmNyFAPwPVPSVa/ze", "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW"],
|
|
115
|
+
["", "$2a$12$k42ZFHFWqBp3vWli.nIn8u", "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO"],
|
|
116
|
+
["", "$2b$06$8eVN9RiU8Yki430X.wBvN.", "$2b$06$8eVN9RiU8Yki430X.wBvN.LWaqh2962emLVSVXVZIXJvDYLsV0oFu"],
|
|
117
|
+
["", "$2b$06$NlgfNgpIc6GlHciCkMEW8u", "$2b$06$NlgfNgpIc6GlHciCkMEW8uKOBsyvAp7QwlHpysOlKdtyEw50WQua2"],
|
|
118
|
+
["", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO3OFWzNEdcY84ELw6iHCPruuQfSAXBLK"],
|
|
119
|
+
["", "$2y$06$88kSqVttBx.e9iXTPCLa5u", "$2y$06$88kSqVttBx.e9iXTPCLa5uFPrVFjfLH4D.KcO6pBiAmvUkvdg0EYy"],
|
|
120
|
+
["a", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"],
|
|
121
|
+
["a", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V."],
|
|
122
|
+
["a", "$2a$10$k87L/MF28Q673VKh8/cPi.", "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u"],
|
|
123
|
+
["a", "$2a$12$8NJH3LsPrANStV6XtBakCe", "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS"],
|
|
124
|
+
["a", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.OaRjB4jHO7rBHJKlGXbqEH3QVJfO7iO"],
|
|
125
|
+
["a", "$2b$06$PWxFFHA3HiCD46TNOZh30e", "$2b$06$PWxFFHA3HiCD46TNOZh30eNto1hg5uM9tHBlI4q/b03SW/gGKUYk6"],
|
|
126
|
+
["a", "$2y$06$LUdD6/aD0e/UbnxVAVbvGu", "$2y$06$LUdD6/aD0e/UbnxVAVbvGuUmIoJ3l/OK94ThhadpMWwKC34LrGEey"],
|
|
127
|
+
["a", "$2y$06$eqgY.T2yloESMZxgp76deO", "$2y$06$eqgY.T2yloESMZxgp76deOROa7nzXDxbO0k.PJvuClTa.Vu1AuemG"],
|
|
128
|
+
["abc", "$2a$06$If6bvum7DFjUnE9p2uDeDu", "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"],
|
|
129
|
+
["abc", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm"],
|
|
130
|
+
["abc", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi"],
|
|
131
|
+
["abc", "$2a$12$EXRkfkdmXn2gzds2SSitu.", "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q"],
|
|
132
|
+
["abc", "$2b$06$5FyQoicpbox1xSHFfhhdXu", "$2b$06$5FyQoicpbox1xSHFfhhdXuR2oxLpO1rYsQh5RTkI/9.RIjtoF0/ta"],
|
|
133
|
+
["abc", "$2b$06$1kJyuho8MCVP3HHsjnRMkO", "$2b$06$1kJyuho8MCVP3HHsjnRMkO1nvCOaKTqLnjG2TX1lyMFbXH/aOkgc."],
|
|
134
|
+
["abc", "$2y$06$ACfku9dT6.H8VjdKb8nhlu", "$2y$06$ACfku9dT6.H8VjdKb8nhluaoBmhJyK7GfoNScEfOfrJffUxoUeCjK"],
|
|
135
|
+
["abc", "$2y$06$9JujYcoWPmifvFA3RUP90e", "$2y$06$9JujYcoWPmifvFA3RUP90e5rSEHAb5Ye6iv3.G9ikiHNv5cxjNEse"],
|
|
136
|
+
["abcdefghijklmnopqrstuvwxyz", "$2a$06$.rCVZVOThsIa97pEDOxvGu", "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC"],
|
|
137
|
+
["abcdefghijklmnopqrstuvwxyz", "$2a$08$aTsUwsyowQuzRrDqFflhge", "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz."],
|
|
138
|
+
["abcdefghijklmnopqrstuvwxyz", "$2a$10$fVH8e28OQRj9tqiDXs1e1u", "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq"],
|
|
139
|
+
["abcdefghijklmnopqrstuvwxyz", "$2a$12$D4G5f18o7aMMfwasBL7Gpu", "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG"],
|
|
140
|
+
["abcdefghijklmnopqrstuvwxyz", "$2b$06$O8E89AQPj1zJQA05YvIAU.", "$2b$06$O8E89AQPj1zJQA05YvIAU.hMpj25BXri1bupl/Q7CJMlpLwZDNBoO"],
|
|
141
|
+
["abcdefghijklmnopqrstuvwxyz", "$2b$06$PDqIWr./o/P3EE/P.Q0A/u", "$2b$06$PDqIWr./o/P3EE/P.Q0A/uFg86WL/PXTbaW267TDALEwDylqk00Z."],
|
|
142
|
+
["abcdefghijklmnopqrstuvwxyz", "$2y$06$34MG90ZLah8/ZNr3ltlHCu", "$2y$06$34MG90ZLah8/ZNr3ltlHCuz6bachF8/3S5jTuzF1h2qg2cUk11sFW"],
|
|
143
|
+
["abcdefghijklmnopqrstuvwxyz", "$2y$06$AK.hSLfMyw706iEW24i68u", "$2y$06$AK.hSLfMyw706iEW24i68uKAc2yorPTrB0cimvjJHEBUrPkOq7VvG"],
|
|
144
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO"],
|
|
145
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$08$Eq2r4G/76Wv39MzSX262hu", "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW"],
|
|
146
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"],
|
|
147
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$12$WApznUOJfkEGSmYRfnkrPO", "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC"],
|
|
148
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu", "$2b$06$FGWA8OlY6RtQhXBXuCJ8WusVipRI15cWOgJK8MYpBHEkktMfbHRIG"],
|
|
149
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$G6aYU7UhUEUDJBdTgq3CRe", "$2b$06$G6aYU7UhUEUDJBdTgq3CRekiopCN4O4sNitFXrf5NUscsVZj3a2r6"],
|
|
150
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$sYDFHqOcXTjBgOsqC0WCKe", "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti"],
|
|
151
|
+
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"]
|
|
77
152
|
]
|
|
78
153
|
for secret, salt, test_vector in test_vectors
|
|
79
154
|
expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
|
|
@@ -116,9 +116,9 @@ end
|
|
|
116
116
|
|
|
117
117
|
describe "Validating a password hash" do
|
|
118
118
|
specify "should not accept an invalid password" do
|
|
119
|
-
expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to
|
|
119
|
+
expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be(false)
|
|
120
120
|
end
|
|
121
121
|
specify "should accept a valid password" do
|
|
122
|
-
expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to
|
|
122
|
+
expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be(true)
|
|
123
123
|
end
|
|
124
124
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: bcrypt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.1.
|
|
4
|
+
version: 3.1.16
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Coda Hale
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-09-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -17,8 +17,8 @@ dependencies:
|
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
18
|
version: 0.9.2
|
|
19
19
|
name: rake-compiler
|
|
20
|
-
prerelease: false
|
|
21
20
|
type: :development
|
|
21
|
+
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
@@ -31,27 +31,13 @@ dependencies:
|
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: '3'
|
|
33
33
|
name: rspec
|
|
34
|
-
prerelease: false
|
|
35
34
|
type: :development
|
|
35
|
+
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '3'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
requirement: !ruby/object:Gem::Requirement
|
|
43
|
-
requirements:
|
|
44
|
-
- - "~>"
|
|
45
|
-
- !ruby/object:Gem::Version
|
|
46
|
-
version: '3.12'
|
|
47
|
-
name: rdoc
|
|
48
|
-
prerelease: false
|
|
49
|
-
type: :development
|
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
-
requirements:
|
|
52
|
-
- - "~>"
|
|
53
|
-
- !ruby/object:Gem::Version
|
|
54
|
-
version: '3.12'
|
|
55
41
|
description: |2
|
|
56
42
|
bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
|
|
57
43
|
for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
|
|
@@ -74,7 +60,6 @@ files:
|
|
|
74
60
|
- CHANGELOG
|
|
75
61
|
- COPYING
|
|
76
62
|
- Gemfile
|
|
77
|
-
- Gemfile.lock
|
|
78
63
|
- README.md
|
|
79
64
|
- Rakefile
|
|
80
65
|
- appveyor.yml
|
|
@@ -84,10 +69,13 @@ files:
|
|
|
84
69
|
- ext/mri/crypt.c
|
|
85
70
|
- ext/mri/crypt.h
|
|
86
71
|
- ext/mri/crypt_blowfish.c
|
|
72
|
+
- ext/mri/crypt_blowfish.h
|
|
87
73
|
- ext/mri/crypt_gensalt.c
|
|
74
|
+
- ext/mri/crypt_gensalt.h
|
|
88
75
|
- ext/mri/extconf.rb
|
|
89
76
|
- ext/mri/ow-crypt.h
|
|
90
77
|
- ext/mri/wrapper.c
|
|
78
|
+
- ext/mri/x86.S
|
|
91
79
|
- lib/bcrypt.rb
|
|
92
80
|
- lib/bcrypt/engine.rb
|
|
93
81
|
- lib/bcrypt/error.rb
|
|
@@ -123,8 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
123
111
|
- !ruby/object:Gem::Version
|
|
124
112
|
version: '0'
|
|
125
113
|
requirements: []
|
|
126
|
-
|
|
127
|
-
rubygems_version: 2.6.14.1
|
|
114
|
+
rubygems_version: 3.0.6
|
|
128
115
|
signing_key:
|
|
129
116
|
specification_version: 4
|
|
130
117
|
summary: OpenBSD's bcrypt() password hashing algorithm.
|