RubyGems - bcrypt - Versions diffs - 3.1.7 → 3.1.20 - Mend

bcrypt 3.1.7 → 3.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +7 -7
data/CHANGELOG +99 -51
data/README.md +66 -77
data/ext/jruby/bcrypt_jruby/BCrypt.java +524 -351
data/ext/mri/bcrypt_ext.c +76 -19
data/ext/mri/crypt.h +12 -1
data/ext/mri/crypt_blowfish.c +269 -152
data/ext/mri/crypt_blowfish.h +27 -0
data/ext/mri/crypt_gensalt.c +27 -14
data/ext/mri/crypt_gensalt.h +30 -0
data/ext/mri/extconf.rb +6 -1
data/ext/mri/ow-crypt.h +25 -17
data/ext/mri/wrapper.c +338 -46
data/ext/mri/x86.S +203 -0
data/lib/bcrypt/engine.rb +28 -10
data/lib/bcrypt/password.rb +15 -5
data/lib/bcrypt.rb +1 -6
metadata +61 -72
data/.gitignore +0 -10
data/.rspec +0 -3
data/.travis.yml +0 -15
data/Gemfile +0 -2
data/Gemfile.lock +0 -36
data/Rakefile +0 -73
data/bcrypt.gemspec +0 -29
data/spec/TestBCrypt.java +0 -194
data/spec/bcrypt/engine_spec.rb +0 -82
data/spec/bcrypt/error_spec.rb +0 -37
data/spec/bcrypt/password_spec.rb +0 -123
data/spec/spec_helper.rb +0 -2

data/bcrypt.gemspec DELETED Viewed

@@ -1,29 +0,0 @@
-Gem::Specification.new do |s|
-  s.name = 'bcrypt'
-  s.version = '3.1.7'
-  s.summary = "OpenBSD's bcrypt() password hashing algorithm."
-  s.description = <<-EOF
-    bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project
-    for hashing passwords. The bcrypt Ruby gem provides a simple wrapper for safely handling
-    passwords.
-  EOF
-  s.files = `git ls-files`.split("\n")
-  s.require_path = 'lib'
-  s.add_development_dependency 'rake-compiler', '~> 0.9.2'
-  s.add_development_dependency 'rspec'
-  s.add_development_dependency 'rdoc', '~> 3.12'
-  s.has_rdoc = true
-  s.rdoc_options += ['--title', 'bcrypt-ruby', '--line-numbers', '--inline-source', '--main', 'README.md']
-  s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG', *Dir['lib/**/*.rb']]
-  s.extensions = 'ext/mri/extconf.rb'
-  s.authors = ["Coda Hale"]
-  s.email = "coda.hale@gmail.com"
-  s.homepage = "https://github.com/codahale/bcrypt-ruby"
-  s.license = "MIT"
-end

data/spec/TestBCrypt.java DELETED Viewed

@@ -1,194 +0,0 @@
-// Copyright (c) 2006 Damien Miller <djm@mindrot.org>
-//
-// Permission to use, copy, modify, and distribute this software for any
-// purpose with or without fee is hereby granted, provided that the above
-// copyright notice and this permission notice appear in all copies.
-//
-// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-import junit.framework.TestCase;
-/**
- * JUnit unit tests for BCrypt routines
- * @author Damien Miller
- * @version 0.2
- */
-public class TestBCrypt extends TestCase {
-	String test_vectors[][] = {
-			{ "",
-			"$2a$06$DCq7YPn5Rq63x1Lad4cll.",
-			"$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
-			{ "",
-			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.",
-			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
-			{ "",
-			"$2a$10$k1wbIrmNyFAPwPVPSVa/ze",
-			"$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
-			{ "",
-			"$2a$12$k42ZFHFWqBp3vWli.nIn8u",
-			"$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
-			{ "a",
-			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO",
-			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
-			{ "a",
-			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfe",
-			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
-			{ "a",
-			"$2a$10$k87L/MF28Q673VKh8/cPi.",
-			"$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
-			{ "a",
-			"$2a$12$8NJH3LsPrANStV6XtBakCe",
-			"$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
-			{ "abc",
-			"$2a$06$If6bvum7DFjUnE9p2uDeDu",
-			"$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
-			{ "abc",
-			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7O",
-			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
-			{ "abc",
-			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.",
-			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
-			{ "abc",
-			"$2a$12$EXRkfkdmXn2gzds2SSitu.",
-			"$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$06$.rCVZVOThsIa97pEDOxvGu",
-			"$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$08$aTsUwsyowQuzRrDqFflhge",
-			"$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$10$fVH8e28OQRj9tqiDXs1e1u",
-			"$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
-			{ "abcdefghijklmnopqrstuvwxyz",
-			"$2a$12$D4G5f18o7aMMfwasBL7Gpu",
-			"$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$06$fPIsBO8qRqkjj273rfaOI.",
-			"$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$08$Eq2r4G/76Wv39MzSX262hu",
-			"$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe",
-			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
-			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
-			"$2a$12$WApznUOJfkEGSmYRfnkrPO",
-			"$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
-		};
-	/**
-	 * Entry point for unit tests
-	 * @param args unused
-	 */
-	public static void main(String[] args) {
-		junit.textui.TestRunner.run(TestBCrypt.class);
-	}
-	/**
-	 * Test method for 'BCrypt.hashpw(String, String)'
-	 */
-	public void testHashpw() {
-		System.out.print("BCrypt.hashpw(): ");
-		for (int i = 0; i < test_vectors.length; i++) {
-			String plain = test_vectors[i][0];
-			String salt = test_vectors[i][1];
-			String expected = test_vectors[i][2];
-			String hashed = BCrypt.hashpw(plain, salt);
-			assertEquals(hashed, expected);
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.gensalt(int)'
-	 */
-	public void testGensaltInt() {
-		System.out.print("BCrypt.gensalt(log_rounds):");
-		for (int i = 4; i <= 12; i++) {
-			System.out.print(" " + Integer.toString(i) + ":");
-			for (int j = 0; j < test_vectors.length; j += 4) {
-				String plain = test_vectors[j][0];
-				String salt = BCrypt.gensalt(i);
-				String hashed1 = BCrypt.hashpw(plain, salt);
-				String hashed2 = BCrypt.hashpw(plain, hashed1);
-				assertEquals(hashed1, hashed2);
-				System.out.print(".");
-			}
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.gensalt()'
-	 */
-	public void testGensalt() {
-		System.out.print("BCrypt.gensalt(): ");
-		for (int i = 0; i < test_vectors.length; i += 4) {
-			String plain = test_vectors[i][0];
-			String salt = BCrypt.gensalt();
-			String hashed1 = BCrypt.hashpw(plain, salt);
-			String hashed2 = BCrypt.hashpw(plain, hashed1);
-			assertEquals(hashed1, hashed2);
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.checkpw(String, String)'
-	 * expecting success
-	 */
-	public void testCheckpw_success() {
-		System.out.print("BCrypt.checkpw w/ good passwords: ");
-		for (int i = 0; i < test_vectors.length; i++) {
-			String plain = test_vectors[i][0];
-			String expected = test_vectors[i][2];
-			assertTrue(BCrypt.checkpw(plain, expected));
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test method for 'BCrypt.checkpw(String, String)'
-	 * expecting failure
-	 */
-	public void testCheckpw_failure() {
-		System.out.print("BCrypt.checkpw w/ bad passwords: ");
-		for (int i = 0; i < test_vectors.length; i++) {
-			int broken_index = (i + 4) % test_vectors.length;
-			String plain = test_vectors[i][0];
-			String expected = test_vectors[broken_index][2];
-			assertFalse(BCrypt.checkpw(plain, expected));
-			System.out.print(".");
-		}
-		System.out.println("");
-	}
-	/**
-	 * Test for correct hashing of non-US-ASCII passwords
-	 */
-	public void testInternationalChars() {
-		System.out.print("BCrypt.hashpw w/ international chars: ");
-		String pw1 = "ππππππππ";
-		String pw2 = "????????";
-		String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
-		assertFalse(BCrypt.checkpw(pw2, h1));
-		System.out.print(".");
-		String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
-		assertFalse(BCrypt.checkpw(pw1, h2));
-		System.out.print(".");
-		System.out.println("");
-	}
-}

data/spec/bcrypt/engine_spec.rb DELETED Viewed

@@ -1,82 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
-describe "The BCrypt engine" do
-  specify "should calculate the optimal cost factor to fit in a specific time" do
-    first = BCrypt::Engine.calibrate(100)
-    second = BCrypt::Engine.calibrate(400)
-    second.should > first
-  end
-end
-describe "Generating BCrypt salts" do
-  specify "should produce strings" do
-    BCrypt::Engine.generate_salt.should be_an_instance_of(String)
-  end
-  specify "should produce random data" do
-    BCrypt::Engine.generate_salt.should_not equal(BCrypt::Engine.generate_salt)
-  end
-  specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
-    lambda { BCrypt::Engine.generate_salt('woo') }.should raise_error(BCrypt::Errors::InvalidCost)
-  end
-  specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
-    lambda { BCrypt::Engine.generate_salt(-1) }.should raise_error(BCrypt::Errors::InvalidCost)
-  end
-end
-describe "Autodetecting of salt cost" do
-  specify "should work" do
-    BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou").should eq 8
-    BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu").should eq 5
-    BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.").should eq 13
-  end
-end
-describe "Generating BCrypt hashes" do
-  class MyInvalidSecret
-    undef to_s
-  end
-  before :each do
-    @salt = BCrypt::Engine.generate_salt(4)
-    @password = "woo"
-  end
-  specify "should produce a string" do
-    BCrypt::Engine.hash_secret(@password, @salt).should be_an_instance_of(String)
-  end
-  specify "should raise an InvalidSalt error if the salt is invalid" do
-    lambda { BCrypt::Engine.hash_secret(@password, 'nino') }.should raise_error(BCrypt::Errors::InvalidSalt)
-  end
-  specify "should raise an InvalidSecret error if the secret is invalid" do
-    lambda { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.should raise_error(BCrypt::Errors::InvalidSecret)
-    lambda { BCrypt::Engine.hash_secret(nil, @salt) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
-    lambda { BCrypt::Engine.hash_secret(false, @salt) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
-  end
-  specify "should call #to_s on the secret and use the return value as the actual secret data" do
-    BCrypt::Engine.hash_secret(false, @salt).should == BCrypt::Engine.hash_secret("false", @salt)
-  end
-  specify "should be interoperable with other implementations" do
-    # test vectors from the OpenWall implementation <http://www.openwall.com/crypt/>
-    test_vectors = [
-      ["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
-      ["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
-      ["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
-      ["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
-      ["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"]
-    ]
-    for secret, salt, test_vector in test_vectors
-      BCrypt::Engine.hash_secret(secret, salt).should eql(test_vector)
-    end
-  end
-end

data/spec/bcrypt/error_spec.rb DELETED Viewed

@@ -1,37 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
-describe "Errors" do
-  shared_examples "descends from StandardError" do
-    it "can be rescued as a StandardError" do
-      described_class.should < StandardError
-    end
-  end
-  shared_examples "descends from BCrypt::Error" do
-    it "can be rescued as a BCrypt::Error" do
-      described_class.should < BCrypt::Error
-    end
-  end
-  describe BCrypt::Error do
-    include_examples "descends from StandardError"
-  end
-  describe BCrypt::Errors::InvalidCost do
-    include_examples "descends from BCrypt::Error"
-  end
-  describe BCrypt::Errors::InvalidHash do
-    include_examples "descends from BCrypt::Error"
-  end
-  describe BCrypt::Errors::InvalidSalt do
-    include_examples "descends from BCrypt::Error"
-  end
-  describe BCrypt::Errors::InvalidSecret do
-    include_examples "descends from BCrypt::Error"
-  end
-end

data/spec/bcrypt/password_spec.rb DELETED Viewed

@@ -1,123 +0,0 @@
-require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
-describe "Creating a hashed password" do
-  before :each do
-    @secret = "wheedle"
-    @password = BCrypt::Password.create(@secret, :cost => 4)
-  end
-  specify "should return a BCrypt::Password" do
-    @password.should be_an_instance_of(BCrypt::Password)
-  end
-  specify "should return a valid bcrypt password" do
-    lambda { BCrypt::Password.new(@password) }.should_not raise_error
-  end
-  specify "should behave normally if the secret is not a string" do
-    lambda { BCrypt::Password.create(nil) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
-    lambda { BCrypt::Password.create({:woo => "yeah"}) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
-    lambda { BCrypt::Password.create(false) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
-  end
-  specify "should tolerate empty string secrets" do
-    lambda { BCrypt::Password.create( "\n".chop  ) }.should_not raise_error
-    lambda { BCrypt::Password.create( ""         ) }.should_not raise_error
-    lambda { BCrypt::Password.create( String.new ) }.should_not raise_error
-  end
-end
-describe "Reading a hashed password" do
-  before :each do
-    @secret = "U*U"
-    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
-  end
-  specify "the cost is too damn high" do
-    lambda {
-      BCrypt::Password.create("hello", :cost => 32)
-    }.should raise_error(ArgumentError)
-  end
-  specify "the cost should be set to the default if nil" do
-    BCrypt::Password.create("hello", :cost => nil).cost.should equal(BCrypt::Engine::DEFAULT_COST)
-  end
-  specify "the cost should be set to the default if empty hash" do
-    BCrypt::Password.create("hello", {}).cost.should equal(BCrypt::Engine::DEFAULT_COST)
-  end
-  specify "the cost should be set to the passed value if provided" do
-    BCrypt::Password.create("hello", :cost => 5).cost.should equal(5)
-  end
-  specify "the cost should be set to the global value if set" do
-    BCrypt::Engine.cost = 5
-    BCrypt::Password.create("hello").cost.should equal(5)
-    # unset the global value to not affect other tests
-    BCrypt::Engine.cost = nil
-  end
-  specify "the cost should be set to an overridden constant for backwards compatibility" do
-    # suppress "already initialized constant" warning
-    old_verbose, $VERBOSE = $VERBOSE, nil
-    old_default_cost = BCrypt::Engine::DEFAULT_COST
-    BCrypt::Engine::DEFAULT_COST = 5
-    BCrypt::Password.create("hello").cost.should equal(5)
-    # reset default to not affect other tests
-    BCrypt::Engine::DEFAULT_COST = old_default_cost
-    $VERBOSE = old_verbose
-  end
-  specify "should read the version, cost, salt, and hash" do
-    password = BCrypt::Password.new(@hash)
-    password.version.should eql("2a")
-    password.cost.should equal(5)
-    password.salt.should eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
-    password.salt.class.should eq String
-    password.checksum.should eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
-    password.checksum.class.should eq String
-    password.to_s.should eql(@hash)
-  end
-  specify "should raise an InvalidHashError when given an invalid hash" do
-    lambda { BCrypt::Password.new('weedle') }.should raise_error(BCrypt::Errors::InvalidHash)
-  end
-end
-describe "Comparing a hashed password with a secret" do
-  before :each do
-    @secret = "U*U"
-    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
-    @password = BCrypt::Password.create(@secret)
-  end
-  specify "should compare successfully to the original secret" do
-    (@password == @secret).should be(true)
-  end
-  specify "should compare unsuccessfully to anything besides original secret" do
-    (@password == "@secret").should be(false)
-  end
-end
-describe "Validating a generated salt" do
-  specify "should not accept an invalid salt" do
-    BCrypt::Engine.valid_salt?("invalid").should eq(false)
-  end
-  specify "should accept a valid salt" do
-    BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt).should eq(true)
-  end
-end
-describe "Validating a password hash" do
-  specify "should not accept an invalid password" do
-    BCrypt::Password.valid_hash?("i_am_so_not_valid").should be_false
-  end
-  specify "should accept a valid password" do
-    BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid").should be_true
-  end
-end

data/spec/spec_helper.rb DELETED Viewed

	@@ -1,2 +0,0 @@
1	- $:.unshift File.expand_path('../../lib', __FILE__)
2	- require 'bcrypt'