bcrypt 3.1.18-java → 3.1.20-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +7 -0
- data/ext/mri/bcrypt_ext.c +5 -0
- data/lib/bcrypt/engine.rb +7 -0
- data/lib/bcrypt_ext.jar +0 -0
- metadata +6 -17
- data/.github/workflows/ruby.yml +0 -59
- data/.gitignore +0 -10
- data/.rspec +0 -3
- data/Gemfile +0 -2
- data/Rakefile +0 -72
- data/bcrypt.gemspec +0 -27
- data/spec/TestBCrypt.java +0 -194
- data/spec/bcrypt/engine_spec.rb +0 -176
- data/spec/bcrypt/error_spec.rb +0 -37
- data/spec/bcrypt/password_spec.rb +0 -131
- data/spec/spec_helper.rb +0 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 18e51a94af441c07a71cba0f9d5c8e813ed65b0206e6d143784215d43404be78
|
4
|
+
data.tar.gz: 0f593432119c2166fb96c65786b3bf119d42ecc35d7de1322b7700c81679e3b5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92e7ac49940ed3c1ac8929da228dc90e48ef9ec12819fe9a83102211f7695c47ad9dd6e7aeb333b6499308556995405c9b7a7fd1b70eb0b12231d070f111f2d3
|
7
|
+
data.tar.gz: bdbfa55d1c5e8c111b31f3c2bd0d90f4408799af5afcca5d53f2c47604033f991238948905f95f91f16a2f08d315283ceda37ea770cbe612d98170771da24394
|
data/CHANGELOG
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
3.1.20 Nov 17 2023
|
2
|
+
- Limit packaged files -- decrease gem filesize by ~28% [GH #272 by @pusewicz]
|
3
|
+
|
4
|
+
3.1.19 June 22 2023
|
5
|
+
- Deprecate passing the third argument to `BCrypt::Engine.hash_secret` [GH #207 by @sergey-alekseev]
|
6
|
+
- Add GC guards so the C compiler won't optimize out references [GH #270]
|
7
|
+
|
1
8
|
3.1.18 May 16 2022
|
2
9
|
- Unlock GVL when calculating hashes and salts [GH #260]
|
3
10
|
- Fix compilation warnings in `ext/mri/bcrypt_ext.c` [GH #261]
|
data/ext/mri/bcrypt_ext.c
CHANGED
@@ -49,6 +49,9 @@ static VALUE bc_salt(VALUE self, VALUE prefix, VALUE count, VALUE input) {
|
|
49
49
|
if(!salt) return Qnil;
|
50
50
|
|
51
51
|
str_salt = rb_str_new2(salt);
|
52
|
+
|
53
|
+
RB_GC_GUARD(prefix);
|
54
|
+
RB_GC_GUARD(input);
|
52
55
|
free(salt);
|
53
56
|
|
54
57
|
return str_salt;
|
@@ -99,6 +102,8 @@ static VALUE bc_crypt(VALUE self, VALUE key, VALUE setting) {
|
|
99
102
|
|
100
103
|
out = rb_str_new2(value);
|
101
104
|
|
105
|
+
RB_GC_GUARD(key);
|
106
|
+
RB_GC_GUARD(setting);
|
102
107
|
free(args.data);
|
103
108
|
|
104
109
|
return out;
|
data/lib/bcrypt/engine.rb
CHANGED
@@ -53,6 +53,13 @@ module BCrypt
|
|
53
53
|
# Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
|
54
54
|
# a bcrypt() password hash. Secrets longer than 72 bytes are truncated.
|
55
55
|
def self.hash_secret(secret, salt, _ = nil)
|
56
|
+
unless _.nil?
|
57
|
+
warn "[DEPRECATION] Passing the third argument to " \
|
58
|
+
"`BCrypt::Engine.hash_secret` is deprecated. " \
|
59
|
+
"Please do not pass the third argument which " \
|
60
|
+
"is currently not used."
|
61
|
+
end
|
62
|
+
|
56
63
|
if valid_secret?(secret)
|
57
64
|
if valid_salt?(salt)
|
58
65
|
if RUBY_PLATFORM == "java"
|
data/lib/bcrypt_ext.jar
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bcrypt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.1.
|
4
|
+
version: 3.1.20
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Coda Hale
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-11-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -17,8 +17,8 @@ dependencies:
|
|
17
17
|
- !ruby/object:Gem::Version
|
18
18
|
version: 1.2.0
|
19
19
|
name: rake-compiler
|
20
|
-
prerelease: false
|
21
20
|
type: :development
|
21
|
+
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
@@ -31,8 +31,8 @@ dependencies:
|
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '3'
|
33
33
|
name: rspec
|
34
|
-
prerelease: false
|
35
34
|
type: :development
|
35
|
+
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - ">="
|
@@ -50,19 +50,13 @@ extra_rdoc_files:
|
|
50
50
|
- COPYING
|
51
51
|
- CHANGELOG
|
52
52
|
- lib/bcrypt.rb
|
53
|
-
- lib/bcrypt/password.rb
|
54
53
|
- lib/bcrypt/engine.rb
|
55
54
|
- lib/bcrypt/error.rb
|
55
|
+
- lib/bcrypt/password.rb
|
56
56
|
files:
|
57
|
-
- ".github/workflows/ruby.yml"
|
58
|
-
- ".gitignore"
|
59
|
-
- ".rspec"
|
60
57
|
- CHANGELOG
|
61
58
|
- COPYING
|
62
|
-
- Gemfile
|
63
59
|
- README.md
|
64
|
-
- Rakefile
|
65
|
-
- bcrypt.gemspec
|
66
60
|
- ext/jruby/bcrypt_jruby/BCrypt.java
|
67
61
|
- ext/mri/bcrypt_ext.c
|
68
62
|
- ext/mri/crypt.c
|
@@ -80,11 +74,6 @@ files:
|
|
80
74
|
- lib/bcrypt/error.rb
|
81
75
|
- lib/bcrypt/password.rb
|
82
76
|
- lib/bcrypt_ext.jar
|
83
|
-
- spec/TestBCrypt.java
|
84
|
-
- spec/bcrypt/engine_spec.rb
|
85
|
-
- spec/bcrypt/error_spec.rb
|
86
|
-
- spec/bcrypt/password_spec.rb
|
87
|
-
- spec/spec_helper.rb
|
88
77
|
homepage: https://github.com/bcrypt-ruby/bcrypt-ruby
|
89
78
|
licenses:
|
90
79
|
- MIT
|
@@ -110,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
110
99
|
- !ruby/object:Gem::Version
|
111
100
|
version: '0'
|
112
101
|
requirements: []
|
113
|
-
rubygems_version: 3.
|
102
|
+
rubygems_version: 3.3.26
|
114
103
|
signing_key:
|
115
104
|
specification_version: 4
|
116
105
|
summary: OpenBSD's bcrypt() password hashing algorithm.
|
data/.github/workflows/ruby.yml
DELETED
@@ -1,59 +0,0 @@
|
|
1
|
-
name: Test Suite
|
2
|
-
|
3
|
-
# Run against all commits and pull requests.
|
4
|
-
on: [ push, pull_request ]
|
5
|
-
|
6
|
-
jobs:
|
7
|
-
test_matrix:
|
8
|
-
|
9
|
-
strategy:
|
10
|
-
fail-fast: false
|
11
|
-
matrix:
|
12
|
-
os:
|
13
|
-
- ubuntu
|
14
|
-
- macos
|
15
|
-
- windows
|
16
|
-
ruby:
|
17
|
-
- 2.1
|
18
|
-
- 2.2
|
19
|
-
- 2.3
|
20
|
-
- 2.4
|
21
|
-
- 2.5
|
22
|
-
- 2.6
|
23
|
-
- 2.7
|
24
|
-
- '3.0'
|
25
|
-
- 3.1
|
26
|
-
- head
|
27
|
-
- jruby
|
28
|
-
- jruby-head
|
29
|
-
- truffleruby
|
30
|
-
- truffleruby-head
|
31
|
-
- mingw
|
32
|
-
exclude:
|
33
|
-
- { os: ubuntu, ruby: mingw }
|
34
|
-
- { os: macos, ruby: mingw }
|
35
|
-
- { os: windows, ruby: truffleruby }
|
36
|
-
- { os: windows, ruby: truffleruby-head }
|
37
|
-
|
38
|
-
runs-on: ${{ matrix.os }}-latest
|
39
|
-
|
40
|
-
steps:
|
41
|
-
- uses: actions/checkout@v2
|
42
|
-
- name: Set up Ruby
|
43
|
-
uses: ruby/setup-ruby@v1
|
44
|
-
with:
|
45
|
-
ruby-version: ${{ matrix.ruby }}
|
46
|
-
bundler-cache: true
|
47
|
-
env:
|
48
|
-
JAVA_OPTS: -Djdk.io.File.enableADS=true
|
49
|
-
- name: Run tests
|
50
|
-
run: bundle exec rake default
|
51
|
-
env:
|
52
|
-
JAVA_OPTS: -Djdk.io.File.enableADS=true
|
53
|
-
|
54
|
-
finish:
|
55
|
-
runs-on: ubuntu-latest
|
56
|
-
needs: [ test_matrix ]
|
57
|
-
steps:
|
58
|
-
- name: Wait for status checks
|
59
|
-
run: echo "All Green!"
|
data/.gitignore
DELETED
data/.rspec
DELETED
data/Gemfile
DELETED
data/Rakefile
DELETED
@@ -1,72 +0,0 @@
|
|
1
|
-
require 'rspec/core/rake_task'
|
2
|
-
require 'rubygems/package_task'
|
3
|
-
require 'rake/extensiontask'
|
4
|
-
require 'rake/javaextensiontask'
|
5
|
-
require 'rake/clean'
|
6
|
-
require 'rdoc/task'
|
7
|
-
require 'benchmark'
|
8
|
-
|
9
|
-
CLEAN.include(
|
10
|
-
"tmp",
|
11
|
-
"lib/bcrypt_ext.jar",
|
12
|
-
"lib/bcrypt_ext.so"
|
13
|
-
)
|
14
|
-
CLOBBER.include(
|
15
|
-
"doc",
|
16
|
-
"pkg"
|
17
|
-
)
|
18
|
-
|
19
|
-
GEMSPEC = Gem::Specification.load("bcrypt.gemspec")
|
20
|
-
|
21
|
-
task :default => [:compile, :spec]
|
22
|
-
|
23
|
-
desc "Run all specs"
|
24
|
-
RSpec::Core::RakeTask.new do |t|
|
25
|
-
t.pattern = 'spec/**/*_spec.rb'
|
26
|
-
t.ruby_opts = '-w'
|
27
|
-
end
|
28
|
-
|
29
|
-
desc "Run all specs, with coverage testing"
|
30
|
-
RSpec::Core::RakeTask.new(:rcov) do |t|
|
31
|
-
t.pattern = 'spec/**/*_spec.rb'
|
32
|
-
t.rcov = true
|
33
|
-
t.rcov_path = 'doc/coverage'
|
34
|
-
t.rcov_opts = ['--exclude', 'rspec,diff-lcs,rcov,_spec,_helper']
|
35
|
-
end
|
36
|
-
|
37
|
-
desc 'Generate RDoc'
|
38
|
-
RDoc::Task.new do |rdoc|
|
39
|
-
rdoc.rdoc_dir = 'doc/rdoc'
|
40
|
-
rdoc.options += GEMSPEC.rdoc_options
|
41
|
-
rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE']
|
42
|
-
rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files)
|
43
|
-
end
|
44
|
-
|
45
|
-
Gem::PackageTask.new(GEMSPEC) do |pkg|
|
46
|
-
pkg.need_zip = true
|
47
|
-
pkg.need_tar = true
|
48
|
-
end
|
49
|
-
|
50
|
-
if RUBY_PLATFORM =~ /java/
|
51
|
-
Rake::JavaExtensionTask.new('bcrypt_ext', GEMSPEC) do |ext|
|
52
|
-
ext.ext_dir = 'ext/jruby'
|
53
|
-
ext.source_version = "1.7"
|
54
|
-
ext.target_version = "1.7"
|
55
|
-
end
|
56
|
-
else
|
57
|
-
Rake::ExtensionTask.new("bcrypt_ext", GEMSPEC) do |ext|
|
58
|
-
ext.ext_dir = 'ext/mri'
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
desc "Run a set of benchmarks on the compiled extension."
|
63
|
-
task :benchmark do
|
64
|
-
TESTS = 100
|
65
|
-
TEST_PWD = "this is a test"
|
66
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "lib", "bcrypt"))
|
67
|
-
Benchmark.bmbm do |results|
|
68
|
-
4.upto(10) do |n|
|
69
|
-
results.report("cost #{n}:") { TESTS.times { BCrypt::Password.create(TEST_PWD, :cost => n) } }
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|
data/bcrypt.gemspec
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
Gem::Specification.new do |s|
|
2
|
-
s.name = 'bcrypt'
|
3
|
-
s.version = '3.1.18'
|
4
|
-
|
5
|
-
s.summary = "OpenBSD's bcrypt() password hashing algorithm."
|
6
|
-
s.description = <<-EOF
|
7
|
-
bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
|
8
|
-
for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
|
9
|
-
passwords.
|
10
|
-
EOF
|
11
|
-
|
12
|
-
s.files = `git ls-files`.split("\n")
|
13
|
-
s.require_path = 'lib'
|
14
|
-
|
15
|
-
s.add_development_dependency 'rake-compiler', '~> 1.2.0'
|
16
|
-
s.add_development_dependency 'rspec', '>= 3'
|
17
|
-
|
18
|
-
s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']
|
19
|
-
s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG', *Dir['lib/**/*.rb']]
|
20
|
-
|
21
|
-
s.extensions = 'ext/mri/extconf.rb'
|
22
|
-
|
23
|
-
s.authors = ["Coda Hale"]
|
24
|
-
s.email = "coda.hale@gmail.com"
|
25
|
-
s.homepage = "https://github.com/bcrypt-ruby/bcrypt-ruby"
|
26
|
-
s.license = "MIT"
|
27
|
-
end
|
data/spec/TestBCrypt.java
DELETED
@@ -1,194 +0,0 @@
|
|
1
|
-
// Copyright (c) 2006 Damien Miller <djm@mindrot.org>
|
2
|
-
//
|
3
|
-
// Permission to use, copy, modify, and distribute this software for any
|
4
|
-
// purpose with or without fee is hereby granted, provided that the above
|
5
|
-
// copyright notice and this permission notice appear in all copies.
|
6
|
-
//
|
7
|
-
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
8
|
-
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
9
|
-
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
10
|
-
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
11
|
-
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
12
|
-
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
13
|
-
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
14
|
-
|
15
|
-
import junit.framework.TestCase;
|
16
|
-
|
17
|
-
/**
|
18
|
-
* JUnit unit tests for BCrypt routines
|
19
|
-
* @author Damien Miller
|
20
|
-
* @version 0.2
|
21
|
-
*/
|
22
|
-
public class TestBCrypt extends TestCase {
|
23
|
-
String test_vectors[][] = {
|
24
|
-
{ "",
|
25
|
-
"$2a$06$DCq7YPn5Rq63x1Lad4cll.",
|
26
|
-
"$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
|
27
|
-
{ "",
|
28
|
-
"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.",
|
29
|
-
"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
|
30
|
-
{ "",
|
31
|
-
"$2a$10$k1wbIrmNyFAPwPVPSVa/ze",
|
32
|
-
"$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
|
33
|
-
{ "",
|
34
|
-
"$2a$12$k42ZFHFWqBp3vWli.nIn8u",
|
35
|
-
"$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
|
36
|
-
{ "a",
|
37
|
-
"$2a$06$m0CrhHm10qJ3lXRY.5zDGO",
|
38
|
-
"$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
|
39
|
-
{ "a",
|
40
|
-
"$2a$08$cfcvVd2aQ8CMvoMpP2EBfe",
|
41
|
-
"$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
|
42
|
-
{ "a",
|
43
|
-
"$2a$10$k87L/MF28Q673VKh8/cPi.",
|
44
|
-
"$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
|
45
|
-
{ "a",
|
46
|
-
"$2a$12$8NJH3LsPrANStV6XtBakCe",
|
47
|
-
"$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
|
48
|
-
{ "abc",
|
49
|
-
"$2a$06$If6bvum7DFjUnE9p2uDeDu",
|
50
|
-
"$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
|
51
|
-
{ "abc",
|
52
|
-
"$2a$08$Ro0CUfOqk6cXEKf3dyaM7O",
|
53
|
-
"$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
|
54
|
-
{ "abc",
|
55
|
-
"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.",
|
56
|
-
"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
|
57
|
-
{ "abc",
|
58
|
-
"$2a$12$EXRkfkdmXn2gzds2SSitu.",
|
59
|
-
"$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
|
60
|
-
{ "abcdefghijklmnopqrstuvwxyz",
|
61
|
-
"$2a$06$.rCVZVOThsIa97pEDOxvGu",
|
62
|
-
"$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
|
63
|
-
{ "abcdefghijklmnopqrstuvwxyz",
|
64
|
-
"$2a$08$aTsUwsyowQuzRrDqFflhge",
|
65
|
-
"$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
|
66
|
-
{ "abcdefghijklmnopqrstuvwxyz",
|
67
|
-
"$2a$10$fVH8e28OQRj9tqiDXs1e1u",
|
68
|
-
"$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
|
69
|
-
{ "abcdefghijklmnopqrstuvwxyz",
|
70
|
-
"$2a$12$D4G5f18o7aMMfwasBL7Gpu",
|
71
|
-
"$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
|
72
|
-
{ "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
|
73
|
-
"$2a$06$fPIsBO8qRqkjj273rfaOI.",
|
74
|
-
"$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
|
75
|
-
{ "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
|
76
|
-
"$2a$08$Eq2r4G/76Wv39MzSX262hu",
|
77
|
-
"$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
|
78
|
-
{ "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
|
79
|
-
"$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
|
80
|
-
"$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
|
81
|
-
{ "~!@#$%^&*() ~!@#$%^&*()PNBFRD",
|
82
|
-
"$2a$12$WApznUOJfkEGSmYRfnkrPO",
|
83
|
-
"$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
|
84
|
-
};
|
85
|
-
|
86
|
-
/**
|
87
|
-
* Entry point for unit tests
|
88
|
-
* @param args unused
|
89
|
-
*/
|
90
|
-
public static void main(String[] args) {
|
91
|
-
junit.textui.TestRunner.run(TestBCrypt.class);
|
92
|
-
}
|
93
|
-
|
94
|
-
/**
|
95
|
-
* Test method for 'BCrypt.hashpw(String, String)'
|
96
|
-
*/
|
97
|
-
public void testHashpw() {
|
98
|
-
System.out.print("BCrypt.hashpw(): ");
|
99
|
-
for (int i = 0; i < test_vectors.length; i++) {
|
100
|
-
String plain = test_vectors[i][0];
|
101
|
-
String salt = test_vectors[i][1];
|
102
|
-
String expected = test_vectors[i][2];
|
103
|
-
String hashed = BCrypt.hashpw(plain, salt);
|
104
|
-
assertEquals(hashed, expected);
|
105
|
-
System.out.print(".");
|
106
|
-
}
|
107
|
-
System.out.println("");
|
108
|
-
}
|
109
|
-
|
110
|
-
/**
|
111
|
-
* Test method for 'BCrypt.gensalt(int)'
|
112
|
-
*/
|
113
|
-
public void testGensaltInt() {
|
114
|
-
System.out.print("BCrypt.gensalt(log_rounds):");
|
115
|
-
for (int i = 4; i <= 12; i++) {
|
116
|
-
System.out.print(" " + Integer.toString(i) + ":");
|
117
|
-
for (int j = 0; j < test_vectors.length; j += 4) {
|
118
|
-
String plain = test_vectors[j][0];
|
119
|
-
String salt = BCrypt.gensalt(i);
|
120
|
-
String hashed1 = BCrypt.hashpw(plain, salt);
|
121
|
-
String hashed2 = BCrypt.hashpw(plain, hashed1);
|
122
|
-
assertEquals(hashed1, hashed2);
|
123
|
-
System.out.print(".");
|
124
|
-
}
|
125
|
-
}
|
126
|
-
System.out.println("");
|
127
|
-
}
|
128
|
-
|
129
|
-
/**
|
130
|
-
* Test method for 'BCrypt.gensalt()'
|
131
|
-
*/
|
132
|
-
public void testGensalt() {
|
133
|
-
System.out.print("BCrypt.gensalt(): ");
|
134
|
-
for (int i = 0; i < test_vectors.length; i += 4) {
|
135
|
-
String plain = test_vectors[i][0];
|
136
|
-
String salt = BCrypt.gensalt();
|
137
|
-
String hashed1 = BCrypt.hashpw(plain, salt);
|
138
|
-
String hashed2 = BCrypt.hashpw(plain, hashed1);
|
139
|
-
assertEquals(hashed1, hashed2);
|
140
|
-
System.out.print(".");
|
141
|
-
}
|
142
|
-
System.out.println("");
|
143
|
-
}
|
144
|
-
|
145
|
-
/**
|
146
|
-
* Test method for 'BCrypt.checkpw(String, String)'
|
147
|
-
* expecting success
|
148
|
-
*/
|
149
|
-
public void testCheckpw_success() {
|
150
|
-
System.out.print("BCrypt.checkpw w/ good passwords: ");
|
151
|
-
for (int i = 0; i < test_vectors.length; i++) {
|
152
|
-
String plain = test_vectors[i][0];
|
153
|
-
String expected = test_vectors[i][2];
|
154
|
-
assertTrue(BCrypt.checkpw(plain, expected));
|
155
|
-
System.out.print(".");
|
156
|
-
}
|
157
|
-
System.out.println("");
|
158
|
-
}
|
159
|
-
|
160
|
-
/**
|
161
|
-
* Test method for 'BCrypt.checkpw(String, String)'
|
162
|
-
* expecting failure
|
163
|
-
*/
|
164
|
-
public void testCheckpw_failure() {
|
165
|
-
System.out.print("BCrypt.checkpw w/ bad passwords: ");
|
166
|
-
for (int i = 0; i < test_vectors.length; i++) {
|
167
|
-
int broken_index = (i + 4) % test_vectors.length;
|
168
|
-
String plain = test_vectors[i][0];
|
169
|
-
String expected = test_vectors[broken_index][2];
|
170
|
-
assertFalse(BCrypt.checkpw(plain, expected));
|
171
|
-
System.out.print(".");
|
172
|
-
}
|
173
|
-
System.out.println("");
|
174
|
-
}
|
175
|
-
|
176
|
-
/**
|
177
|
-
* Test for correct hashing of non-US-ASCII passwords
|
178
|
-
*/
|
179
|
-
public void testInternationalChars() {
|
180
|
-
System.out.print("BCrypt.hashpw w/ international chars: ");
|
181
|
-
String pw1 = "ππππππππ";
|
182
|
-
String pw2 = "????????";
|
183
|
-
|
184
|
-
String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
|
185
|
-
assertFalse(BCrypt.checkpw(pw2, h1));
|
186
|
-
System.out.print(".");
|
187
|
-
|
188
|
-
String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
|
189
|
-
assertFalse(BCrypt.checkpw(pw1, h2));
|
190
|
-
System.out.print(".");
|
191
|
-
System.out.println("");
|
192
|
-
}
|
193
|
-
|
194
|
-
}
|
data/spec/bcrypt/engine_spec.rb
DELETED
@@ -1,176 +0,0 @@
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
2
|
-
require 'securerandom'
|
3
|
-
|
4
|
-
describe 'BCrypt::Engine' do
|
5
|
-
describe '.calibrate(upper_time_limit_in_ms)' do
|
6
|
-
context 'a tiny upper time limit provided' do
|
7
|
-
it 'returns a minimum cost supported by the algorithm' do
|
8
|
-
expect(BCrypt::Engine.calibrate(0.001)).to eq(4)
|
9
|
-
end
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
|
14
|
-
describe "The BCrypt engine" do
|
15
|
-
specify "should calculate the optimal cost factor to fit in a specific time" do
|
16
|
-
start_time = Time.now
|
17
|
-
BCrypt::Password.create("testing testing", :cost => BCrypt::Engine::MIN_COST + 1)
|
18
|
-
min_time_ms = (Time.now - start_time) * 1000
|
19
|
-
first = BCrypt::Engine.calibrate(min_time_ms)
|
20
|
-
second = BCrypt::Engine.calibrate(min_time_ms * 4)
|
21
|
-
expect(second).to be > first
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
describe "Generating BCrypt salts" do
|
26
|
-
|
27
|
-
specify "should produce strings" do
|
28
|
-
expect(BCrypt::Engine.generate_salt).to be_an_instance_of(String)
|
29
|
-
end
|
30
|
-
|
31
|
-
specify "should produce random data" do
|
32
|
-
expect(BCrypt::Engine.generate_salt).to_not equal(BCrypt::Engine.generate_salt)
|
33
|
-
end
|
34
|
-
|
35
|
-
specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
|
36
|
-
expect { BCrypt::Engine.generate_salt('woo') }.to raise_error(BCrypt::Errors::InvalidCost)
|
37
|
-
end
|
38
|
-
|
39
|
-
specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
|
40
|
-
expect { BCrypt::Engine.generate_salt(-1) }.to raise_error(BCrypt::Errors::InvalidCost)
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
describe "Autodetecting of salt cost" do
|
45
|
-
|
46
|
-
specify "should work" do
|
47
|
-
expect(BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou")).to eq 8
|
48
|
-
expect(BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu")).to eq 5
|
49
|
-
expect(BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.")).to eq 13
|
50
|
-
end
|
51
|
-
|
52
|
-
end
|
53
|
-
|
54
|
-
describe "Generating BCrypt hashes" do
|
55
|
-
|
56
|
-
class MyInvalidSecret
|
57
|
-
undef to_s
|
58
|
-
end
|
59
|
-
|
60
|
-
before :each do
|
61
|
-
@salt = BCrypt::Engine.generate_salt(4)
|
62
|
-
@password = "woo"
|
63
|
-
end
|
64
|
-
|
65
|
-
specify "should produce a string" do
|
66
|
-
expect(BCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
|
67
|
-
end
|
68
|
-
|
69
|
-
specify "should raise an InvalidSalt error if the salt is invalid" do
|
70
|
-
expect { BCrypt::Engine.hash_secret(@password, 'nino') }.to raise_error(BCrypt::Errors::InvalidSalt)
|
71
|
-
end
|
72
|
-
|
73
|
-
specify "should raise an InvalidSecret error if the secret is invalid" do
|
74
|
-
expect { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.to raise_error(BCrypt::Errors::InvalidSecret)
|
75
|
-
expect { BCrypt::Engine.hash_secret(nil, @salt) }.not_to raise_error
|
76
|
-
expect { BCrypt::Engine.hash_secret(false, @salt) }.not_to raise_error
|
77
|
-
end
|
78
|
-
|
79
|
-
specify "should call #to_s on the secret and use the return value as the actual secret data" do
|
80
|
-
expect(BCrypt::Engine.hash_secret(false, @salt)).to eq BCrypt::Engine.hash_secret("false", @salt)
|
81
|
-
end
|
82
|
-
|
83
|
-
specify "should be interoperable with other implementations" do
|
84
|
-
test_vectors = [
|
85
|
-
# test vectors from the OpenWall implementation <https://www.openwall.com/crypt/>, found in wrapper.c
|
86
|
-
["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
|
87
|
-
["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
|
88
|
-
["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
|
89
|
-
["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789chars after 72 are ignored", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"],
|
90
|
-
["\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
91
|
-
["\xff\xff\xa3", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
92
|
-
["\xff\xff\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
93
|
-
["\xff\xff\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nqd1wy.pTMdcvrRWxyiGL2eMz.2a85."],
|
94
|
-
["\xff\xff\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e"],
|
95
|
-
["\xa3", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
96
|
-
["\xa3", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
97
|
-
["\xa3", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.", "$2b$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq"],
|
98
|
-
["1\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
99
|
-
["\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
100
|
-
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
101
|
-
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.o./n25XVfn6oAPaUvHe.Csk4zRfsYPi"],
|
102
|
-
["\xff\xa3" "34" "\xff\xff\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.ZC1JEJ8Z4gPfpe1JOr/oyPXTWl9EFd."],
|
103
|
-
["\xff\xa3" "345", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
|
104
|
-
["\xff\xa3" "345", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e"],
|
105
|
-
["\xa3" "ab", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
106
|
-
["\xa3" "ab", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.", "$2x$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
107
|
-
["\xa3" "ab", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.", "$2y$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS"],
|
108
|
-
["\xd1\x91", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS"],
|
109
|
-
["\xd0\xc1\xd2\xcf\xcc\xd8", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O", "$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS"],
|
110
|
-
["\xaa"*72+"chars after 72 are ignored as usual", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6"],
|
111
|
-
["\xaa\x55"*36, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy"],
|
112
|
-
["\x55\xaa\xff"*24, "$2a$05$/OK.fbVrR/bpIqNJ5ianF.", "$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe"],
|
113
|
-
["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
|
114
|
-
|
115
|
-
# test vectors from the Java implementation, found in https://github.com/spring-projects/spring-security/blob/master/crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java
|
116
|
-
["", "$2a$06$DCq7YPn5Rq63x1Lad4cll.", "$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s."],
|
117
|
-
["", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.", "$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye"],
|
118
|
-
["", "$2a$10$k1wbIrmNyFAPwPVPSVa/ze", "$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW"],
|
119
|
-
["", "$2a$12$k42ZFHFWqBp3vWli.nIn8u", "$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO"],
|
120
|
-
["", "$2b$06$8eVN9RiU8Yki430X.wBvN.", "$2b$06$8eVN9RiU8Yki430X.wBvN.LWaqh2962emLVSVXVZIXJvDYLsV0oFu"],
|
121
|
-
["", "$2b$06$NlgfNgpIc6GlHciCkMEW8u", "$2b$06$NlgfNgpIc6GlHciCkMEW8uKOBsyvAp7QwlHpysOlKdtyEw50WQua2"],
|
122
|
-
["", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO", "$2y$06$mFDtkz6UN7B3GZ2qi2hhaO3OFWzNEdcY84ELw6iHCPruuQfSAXBLK"],
|
123
|
-
["", "$2y$06$88kSqVttBx.e9iXTPCLa5u", "$2y$06$88kSqVttBx.e9iXTPCLa5uFPrVFjfLH4D.KcO6pBiAmvUkvdg0EYy"],
|
124
|
-
["a", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO", "$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe"],
|
125
|
-
["a", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfe", "$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V."],
|
126
|
-
["a", "$2a$10$k87L/MF28Q673VKh8/cPi.", "$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u"],
|
127
|
-
["a", "$2a$12$8NJH3LsPrANStV6XtBakCe", "$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS"],
|
128
|
-
["a", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.", "$2b$06$ehKGYiS4wt2HAr7KQXS5z.OaRjB4jHO7rBHJKlGXbqEH3QVJfO7iO"],
|
129
|
-
["a", "$2b$06$PWxFFHA3HiCD46TNOZh30e", "$2b$06$PWxFFHA3HiCD46TNOZh30eNto1hg5uM9tHBlI4q/b03SW/gGKUYk6"],
|
130
|
-
["a", "$2y$06$LUdD6/aD0e/UbnxVAVbvGu", "$2y$06$LUdD6/aD0e/UbnxVAVbvGuUmIoJ3l/OK94ThhadpMWwKC34LrGEey"],
|
131
|
-
["a", "$2y$06$eqgY.T2yloESMZxgp76deO", "$2y$06$eqgY.T2yloESMZxgp76deOROa7nzXDxbO0k.PJvuClTa.Vu1AuemG"],
|
132
|
-
["abc", "$2a$06$If6bvum7DFjUnE9p2uDeDu", "$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i"],
|
133
|
-
["abc", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7O", "$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm"],
|
134
|
-
["abc", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.", "$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi"],
|
135
|
-
["abc", "$2a$12$EXRkfkdmXn2gzds2SSitu.", "$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q"],
|
136
|
-
["abc", "$2b$06$5FyQoicpbox1xSHFfhhdXu", "$2b$06$5FyQoicpbox1xSHFfhhdXuR2oxLpO1rYsQh5RTkI/9.RIjtoF0/ta"],
|
137
|
-
["abc", "$2b$06$1kJyuho8MCVP3HHsjnRMkO", "$2b$06$1kJyuho8MCVP3HHsjnRMkO1nvCOaKTqLnjG2TX1lyMFbXH/aOkgc."],
|
138
|
-
["abc", "$2y$06$ACfku9dT6.H8VjdKb8nhlu", "$2y$06$ACfku9dT6.H8VjdKb8nhluaoBmhJyK7GfoNScEfOfrJffUxoUeCjK"],
|
139
|
-
["abc", "$2y$06$9JujYcoWPmifvFA3RUP90e", "$2y$06$9JujYcoWPmifvFA3RUP90e5rSEHAb5Ye6iv3.G9ikiHNv5cxjNEse"],
|
140
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$06$.rCVZVOThsIa97pEDOxvGu", "$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC"],
|
141
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$08$aTsUwsyowQuzRrDqFflhge", "$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz."],
|
142
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$10$fVH8e28OQRj9tqiDXs1e1u", "$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq"],
|
143
|
-
["abcdefghijklmnopqrstuvwxyz", "$2a$12$D4G5f18o7aMMfwasBL7Gpu", "$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG"],
|
144
|
-
["abcdefghijklmnopqrstuvwxyz", "$2b$06$O8E89AQPj1zJQA05YvIAU.", "$2b$06$O8E89AQPj1zJQA05YvIAU.hMpj25BXri1bupl/Q7CJMlpLwZDNBoO"],
|
145
|
-
["abcdefghijklmnopqrstuvwxyz", "$2b$06$PDqIWr./o/P3EE/P.Q0A/u", "$2b$06$PDqIWr./o/P3EE/P.Q0A/uFg86WL/PXTbaW267TDALEwDylqk00Z."],
|
146
|
-
["abcdefghijklmnopqrstuvwxyz", "$2y$06$34MG90ZLah8/ZNr3ltlHCu", "$2y$06$34MG90ZLah8/ZNr3ltlHCuz6bachF8/3S5jTuzF1h2qg2cUk11sFW"],
|
147
|
-
["abcdefghijklmnopqrstuvwxyz", "$2y$06$AK.hSLfMyw706iEW24i68u", "$2y$06$AK.hSLfMyw706iEW24i68uKAc2yorPTrB0cimvjJHEBUrPkOq7VvG"],
|
148
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$06$fPIsBO8qRqkjj273rfaOI.", "$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO"],
|
149
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$08$Eq2r4G/76Wv39MzSX262hu", "$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW"],
|
150
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe", "$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS"],
|
151
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2a$12$WApznUOJfkEGSmYRfnkrPO", "$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC"],
|
152
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$FGWA8OlY6RtQhXBXuCJ8Wu", "$2b$06$FGWA8OlY6RtQhXBXuCJ8WusVipRI15cWOgJK8MYpBHEkktMfbHRIG"],
|
153
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2b$06$G6aYU7UhUEUDJBdTgq3CRe", "$2b$06$G6aYU7UhUEUDJBdTgq3CRekiopCN4O4sNitFXrf5NUscsVZj3a2r6"],
|
154
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$sYDFHqOcXTjBgOsqC0WCKe", "$2y$06$sYDFHqOcXTjBgOsqC0WCKeMd3T1UhHuWQSxncLGtXDLMrcE6vFDti"],
|
155
|
-
["~!@#$%^&*() ~!@#$%^&*()PNBFRD", "$2y$06$6Xm0gCw4g7ZNDCEp4yTise", "$2y$06$6Xm0gCw4g7ZNDCEp4yTisez0kSdpXEl66MvdxGidnmChIe8dFmMnq"]
|
156
|
-
]
|
157
|
-
for secret, salt, test_vector in test_vectors
|
158
|
-
expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
|
-
specify "should truncate long 1-byte character secrets to 72 bytes" do
|
163
|
-
# 'b' as a base triggers the failure at 256 characters, but 'a' does not.
|
164
|
-
too_long_secret = 'b'*(BCrypt::Engine::MAX_SECRET_BYTESIZE + 1)
|
165
|
-
just_right_secret = 'b'*BCrypt::Engine::MAX_SECRET_BYTESIZE
|
166
|
-
expect(BCrypt::Engine.hash_secret(too_long_secret, @salt)).to eq(BCrypt::Engine.hash_secret(just_right_secret, @salt))
|
167
|
-
end
|
168
|
-
|
169
|
-
specify "should truncate long multi-byte character secrets to 72 bytes" do
|
170
|
-
# 256 times causes bcrypt to return nil for libxcrypt > 4.4.18-4.
|
171
|
-
too_long_secret = '𐐷'*256
|
172
|
-
# 𐐷 takes 4 bytes in UTF-8. 18 times is 72 bytes
|
173
|
-
just_right_secret = '𐐷'*18
|
174
|
-
expect(BCrypt::Engine.hash_secret(too_long_secret, @salt)).to eq(BCrypt::Engine.hash_secret(just_right_secret, @salt))
|
175
|
-
end
|
176
|
-
end
|
data/spec/bcrypt/error_spec.rb
DELETED
@@ -1,37 +0,0 @@
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
2
|
-
|
3
|
-
describe "Errors" do
|
4
|
-
|
5
|
-
shared_examples "descends from StandardError" do
|
6
|
-
it "can be rescued as a StandardError" do
|
7
|
-
expect(described_class).to be < StandardError
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
shared_examples "descends from BCrypt::Error" do
|
12
|
-
it "can be rescued as a BCrypt::Error" do
|
13
|
-
expect(described_class).to be < BCrypt::Error
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
describe BCrypt::Error do
|
18
|
-
include_examples "descends from StandardError"
|
19
|
-
end
|
20
|
-
|
21
|
-
describe BCrypt::Errors::InvalidCost do
|
22
|
-
include_examples "descends from BCrypt::Error"
|
23
|
-
end
|
24
|
-
|
25
|
-
describe BCrypt::Errors::InvalidHash do
|
26
|
-
include_examples "descends from BCrypt::Error"
|
27
|
-
end
|
28
|
-
|
29
|
-
describe BCrypt::Errors::InvalidSalt do
|
30
|
-
include_examples "descends from BCrypt::Error"
|
31
|
-
end
|
32
|
-
|
33
|
-
describe BCrypt::Errors::InvalidSecret do
|
34
|
-
include_examples "descends from BCrypt::Error"
|
35
|
-
end
|
36
|
-
|
37
|
-
end
|
@@ -1,131 +0,0 @@
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
|
2
|
-
require 'securerandom'
|
3
|
-
|
4
|
-
describe "Creating a hashed password" do
|
5
|
-
|
6
|
-
before :each do
|
7
|
-
@secret = "wheedle"
|
8
|
-
@password = BCrypt::Password.create(@secret, :cost => 4)
|
9
|
-
end
|
10
|
-
|
11
|
-
specify "should return a BCrypt::Password" do
|
12
|
-
expect(@password).to be_an_instance_of(BCrypt::Password)
|
13
|
-
end
|
14
|
-
|
15
|
-
specify "should return a valid bcrypt password" do
|
16
|
-
expect { BCrypt::Password.new(@password) }.not_to raise_error
|
17
|
-
end
|
18
|
-
|
19
|
-
specify "should behave normally if the secret is not a string" do
|
20
|
-
expect { BCrypt::Password.create(nil) }.not_to raise_error
|
21
|
-
expect { BCrypt::Password.create({:woo => "yeah"}) }.not_to raise_error
|
22
|
-
expect { BCrypt::Password.create(false) }.not_to raise_error
|
23
|
-
end
|
24
|
-
|
25
|
-
specify "should tolerate empty string secrets" do
|
26
|
-
expect { BCrypt::Password.create( "\n".chop ) }.not_to raise_error
|
27
|
-
expect { BCrypt::Password.create( "" ) }.not_to raise_error
|
28
|
-
expect { BCrypt::Password.create( String.new ) }.not_to raise_error
|
29
|
-
end
|
30
|
-
|
31
|
-
specify "should tolerate very long string secrets" do
|
32
|
-
expect { BCrypt::Password.create("abcd"*1024) }.not_to raise_error
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
describe "Reading a hashed password" do
|
37
|
-
before :each do
|
38
|
-
@secret = "U*U"
|
39
|
-
@hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
|
40
|
-
end
|
41
|
-
|
42
|
-
specify "the cost is too damn high" do
|
43
|
-
expect {
|
44
|
-
BCrypt::Password.create("hello", :cost => 32)
|
45
|
-
}.to raise_error(ArgumentError)
|
46
|
-
end
|
47
|
-
|
48
|
-
specify "the cost should be set to the default if nil" do
|
49
|
-
expect(BCrypt::Password.create("hello", :cost => nil).cost).to equal(BCrypt::Engine::DEFAULT_COST)
|
50
|
-
end
|
51
|
-
|
52
|
-
specify "the cost should be set to the default if empty hash" do
|
53
|
-
expect(BCrypt::Password.create("hello", {}).cost).to equal(BCrypt::Engine::DEFAULT_COST)
|
54
|
-
end
|
55
|
-
|
56
|
-
specify "the cost should be set to the passed value if provided" do
|
57
|
-
expect(BCrypt::Password.create("hello", :cost => 5).cost).to equal(5)
|
58
|
-
end
|
59
|
-
|
60
|
-
specify "the cost should be set to the global value if set" do
|
61
|
-
BCrypt::Engine.cost = 5
|
62
|
-
expect(BCrypt::Password.create("hello").cost).to equal(5)
|
63
|
-
# unset the global value to not affect other tests
|
64
|
-
BCrypt::Engine.cost = nil
|
65
|
-
end
|
66
|
-
|
67
|
-
specify "the cost should be set to an overridden constant for backwards compatibility" do
|
68
|
-
# suppress "already initialized constant" warning
|
69
|
-
old_verbose, $VERBOSE = $VERBOSE, nil
|
70
|
-
old_default_cost = BCrypt::Engine::DEFAULT_COST
|
71
|
-
|
72
|
-
BCrypt::Engine::DEFAULT_COST = 5
|
73
|
-
expect(BCrypt::Password.create("hello").cost).to equal(5)
|
74
|
-
|
75
|
-
# reset default to not affect other tests
|
76
|
-
BCrypt::Engine::DEFAULT_COST = old_default_cost
|
77
|
-
$VERBOSE = old_verbose
|
78
|
-
end
|
79
|
-
|
80
|
-
specify "should read the version, cost, salt, and hash" do
|
81
|
-
password = BCrypt::Password.new(@hash)
|
82
|
-
expect(password.version).to eql("2a")
|
83
|
-
expect(password.version.class).to eq String
|
84
|
-
expect(password.cost).to equal(5)
|
85
|
-
expect(password.salt).to eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
|
86
|
-
expect(password.salt.class).to eq String
|
87
|
-
expect(password.checksum).to eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
|
88
|
-
expect(password.checksum.class).to eq String
|
89
|
-
expect(password.to_s).to eql(@hash)
|
90
|
-
end
|
91
|
-
|
92
|
-
specify "should raise an InvalidHashError when given an invalid hash" do
|
93
|
-
expect { BCrypt::Password.new('weedle') }.to raise_error(BCrypt::Errors::InvalidHash)
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
describe "Comparing a hashed password with a secret" do
|
98
|
-
before :each do
|
99
|
-
@secret = "U*U"
|
100
|
-
@hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
|
101
|
-
@password = BCrypt::Password.create(@secret)
|
102
|
-
end
|
103
|
-
|
104
|
-
specify "should compare successfully to the original secret" do
|
105
|
-
expect((@password == @secret)).to be(true)
|
106
|
-
end
|
107
|
-
|
108
|
-
specify "should compare unsuccessfully to anything besides original secret" do
|
109
|
-
expect((@password == "@secret")).to be(false)
|
110
|
-
end
|
111
|
-
end
|
112
|
-
|
113
|
-
describe "Validating a generated salt" do
|
114
|
-
specify "should not accept an invalid salt" do
|
115
|
-
expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
|
116
|
-
expect(BCrypt::Engine.valid_salt?("invalid\n#{BCrypt::Engine.generate_salt}\ninvalid")).to eq(false)
|
117
|
-
end
|
118
|
-
specify "should accept a valid salt" do
|
119
|
-
expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
|
120
|
-
end
|
121
|
-
end
|
122
|
-
|
123
|
-
describe "Validating a password hash" do
|
124
|
-
specify "should not accept an invalid password" do
|
125
|
-
expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be(false)
|
126
|
-
expect(BCrypt::Password.valid_hash?("invalid\n#{BCrypt::Password.create "i_am_so_valid"}\ninvalid")).to be(false)
|
127
|
-
end
|
128
|
-
specify "should accept a valid password" do
|
129
|
-
expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be(true)
|
130
|
-
end
|
131
|
-
end
|
data/spec/spec_helper.rb
DELETED