genki-bcrypt-ruby 2.0.3

data/ext/extconf.rb

@@ -0,0 +1,5 @@
+require "mkmf"
+dir_config("bcrypt_ext")
+# enable this when we're feeling nitpicky
+# CONFIG['CC'] << " -Wall "
+create_makefile("bcrypt_ext")

data/lib/bcrypt.rb

@@ -0,0 +1,161 @@
+# A wrapper for OpenBSD's bcrypt/crypt_blowfish password-hashing algorithm.
+
+$: << "ext"
+require "bcrypt_ext"
+require "openssl"
+
+# A Ruby library implementing OpenBSD's bcrypt()/crypt_blowfish algorithm for
+# hashing passwords.
+module BCrypt
+  module Errors
+    class InvalidSalt   < StandardError; end  # The salt parameter provided to bcrypt() is invalid.
+    class InvalidHash   < StandardError; end  # The hash parameter provided to bcrypt() is invalid.
+    class InvalidCost   < StandardError; end  # The cost parameter provided to bcrypt() is invalid.
+    class InvalidSecret < StandardError; end  # The secret parameter provided to bcrypt() is invalid.
+  end
+  
+  # A Ruby wrapper for the bcrypt() extension calls.
+  class Engine
+    # The default computational expense parameter.
+    DEFAULT_COST    = 10
+    # Maximum possible size of bcrypt() salts.
+    MAX_SALT_LENGTH = 16
+    
+    # C-level routines which, if they don't get the right input, will crash the
+    # hell out of the Ruby process.
+    private_class_method :__bc_salt
+    private_class_method :__bc_crypt
+    
+    # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
+    # a bcrypt() password hash.
+    def self.hash_secret(secret, salt)
+      if valid_secret?(secret)
+        if valid_salt?(salt)
+          __bc_crypt(secret.to_s, salt)
+        else
+          raise Errors::InvalidSalt.new("invalid salt")
+        end
+      else
+        raise Errors::InvalidSecret.new("invalid secret")
+      end
+    end
+    
+    # Generates a random salt with a given computational cost.
+    def self.generate_salt(cost = DEFAULT_COST)
+      if cost.to_i > 0
+        __bc_salt(cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
+      else
+        raise Errors::InvalidCost.new("cost must be numeric and > 0")
+      end
+    end
+    
+    # Returns true if +salt+ is a valid bcrypt() salt, false if not.
+    def self.valid_salt?(salt)
+      salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/
+    end
+    
+    # Returns true if +secret+ is a valid bcrypt() secret, false if not.
+    def self.valid_secret?(secret)
+      secret.respond_to?(:to_s)
+    end
+    
+    # Returns the cost factor which will result in computation times less than +upper_time_limit_in_ms+.
+    # 
+    # Example:
+    # 
+    #   BCrypt.calibrate(200)  #=> 10
+    #   BCrypt.calibrate(1000) #=> 12
+    # 
+    #   # should take less than 200ms
+    #   BCrypt::Password.create("woo", :cost => 10)
+    # 
+    #   # should take less than 1000ms
+    #   BCrypt::Password.create("woo", :cost => 12)
+    def self.calibrate(upper_time_limit_in_ms)
+      40.times do |i|
+        start_time = Time.now
+        Password.create("testing testing", :cost => i+1)
+        end_time = Time.now - start_time
+        return i if end_time * 1_000 > upper_time_limit_in_ms
+      end
+    end
+  end
+  
+  # A password management class which allows you to safely store users' passwords and compare them.
+  # 
+  # Example usage:
+  # 
+  #   include BCrypt
+  # 
+  #   # hash a user's password  
+  #   @password = Password.create("my grand secret")
+  #   @password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG"
+  # 
+  #   # store it safely
+  #   @user.update_attribute(:password, @password)
+  # 
+  #   # read it back
+  #   @user.reload!
+  #   @db_password = Password.new(@user.password)
+  # 
+  #   # compare it after retrieval
+  #   @db_password == "my grand secret" #=> true
+  #   @db_password == "a paltry guess"  #=> false
+  # 
+  class Password < String
+    # The hash portion of the stored password hash.
+    attr_reader :hash
+    # The salt of the store password hash (including version and cost).
+    attr_reader :salt
+    # The version of the bcrypt() algorithm used to create the hash.
+    attr_reader :version
+    # The cost factor used to create the hash.
+    attr_reader :cost
+    
+    class << self
+      # Hashes a secret, returning a BCrypt::Password instance. Takes an optional <tt>:cost</tt> option, which is a
+      # logarithmic variable which determines how computational expensive the hash is to calculate (a <tt>:cost</tt> of
+      # 4 is twice as much work as a <tt>:cost</tt> of 3). The higher the <tt>:cost</tt> the harder it becomes for
+      # attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check
+      # users' passwords.
+      # 
+      # Example:
+      # 
+      #   @password = BCrypt::Password.create("my secret", :cost => 13)
+      def create(secret, options = { :cost => BCrypt::Engine::DEFAULT_COST })
+        Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(options[:cost])))
+      end
+    end
+    
+    # Initializes a BCrypt::Password instance with the data from a stored hash.
+    def initialize(raw_hash)
+      if valid_hash?(raw_hash)
+        self.replace(raw_hash)
+        @version, @cost, @salt, @hash = split_hash(self)
+      else
+        raise Errors::InvalidHash.new("invalid hash")
+      end
+    end
+    
+    # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
+    def ==(secret)
+      super(BCrypt::Engine.hash_secret(secret, @salt))
+    end
+    alias_method :is_password?, :==
+    
+  private
+    # Returns true if +h+ is a valid hash.
+    def valid_hash?(h)
+      h =~ /^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/
+    end
+    
+    # call-seq:
+    #   split_hash(raw_hash) -> version, cost, salt, hash
+    # 
+    # Splits +h+ into version, cost, salt, and hash and returns them in that order.
+    def split_hash(h)
+      b, v, c, mash = h.split('$')
+      return v, c.to_i, h[0, 29], mash[-31, 31]
+    end
+  end
+end

data/spec/bcrypt/engine_spec.rb

@@ -0,0 +1,63 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+context "The BCrypt engine" do
+  specify "should calculate the optimal cost factor to fit in a specific time" do
+    first = BCrypt::Engine.calibrate(100)
+    second = BCrypt::Engine.calibrate(300)
+    second.should >(first + 1)
+  end
+end
+
+context "Generating BCrypt salts" do
+  
+  specify "should produce strings" do
+    BCrypt::Engine.generate_salt.should be_an_instance_of(String)
+  end
+  
+  specify "should produce random data" do
+    BCrypt::Engine.generate_salt.should_not equal(BCrypt::Engine.generate_salt)
+  end
+  
+  specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
+    lambda { BCrypt::Engine.generate_salt('woo') }.should raise_error(BCrypt::Errors::InvalidCost)
+  end
+  
+  specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
+    lambda { BCrypt::Engine.generate_salt(-1) }.should raise_error(BCrypt::Errors::InvalidCost)
+  end
+end
+
+context "Generating BCrypt hashes" do
+  
+  setup do
+    @salt = BCrypt::Engine.generate_salt(4)
+    @password = "woo"
+  end
+  
+  specify "should produce a string" do
+    BCrypt::Engine.hash_secret(@password, @salt).should be_an_instance_of(String)
+  end
+  
+  specify "should raise an InvalidSalt error if the salt is invalid" do
+    lambda { BCrypt::Engine.hash_secret(@password, 'nino') }.should raise_error(BCrypt::Errors::InvalidSalt)
+  end
+  
+  specify "should raise an InvalidSecret error if the secret is invalid" do
+    lambda { BCrypt::Engine.hash_secret(nil, @salt) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
+    lambda { BCrypt::Engine.hash_secret(false, @salt) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
+  end
+  
+  specify "should be interoperable with other implementations" do
+    # test vectors from the OpenWall implementation <http://www.openwall.com/crypt/>
+    test_vectors = [
+      ["U*U", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"],
+      ["U*U*", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK"],
+      ["U*U*U", "$2a$05$XXXXXXXXXXXXXXXXXXXXXO", "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a"],
+      ["", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.", "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy"],
+      ["0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", "$2a$05$abcdefghijklmnopqrstuu", "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui"]
+    ]
+    for secret, salt, test_vector in test_vectors
+      BCrypt::Engine.hash_secret(secret, salt).should eql(test_vector)
+    end
+  end
+end

data/spec/bcrypt/password_spec.rb

@@ -0,0 +1,58 @@
+require File.join(File.dirname(__FILE__), "..", "spec_helper")
+
+context "Creating a hashed password" do
+  
+  setup do
+    @secret = "wheedle"
+    @password = BCrypt::Password.create(@secret, :cost => 4)
+  end
+  
+  specify "should return a BCrypt::Password" do
+    @password.should be_an_instance_of(BCrypt::Password)
+  end
+  
+  specify "should return a valid bcrypt password" do
+    lambda { BCrypt::Password.new(@password) }.should_not raise_error
+  end
+  
+  specify "should behave normally if the secret not a string" do
+    lambda { BCrypt::Password.create(nil) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
+    lambda { BCrypt::Password.create({:woo => "yeah"}) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
+    lambda { BCrypt::Password.create(false) }.should_not raise_error(BCrypt::Errors::InvalidSecret)
+  end
+end
+
+context "Reading a hashed password" do
+  setup do
+    @secret = "U*U"
+    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+  end
+  
+  specify "should read the version, cost, salt, and hash" do
+    password = BCrypt::Password.new(@hash)
+    password.version.should eql("2a")
+    password.cost.should equal(5)
+    password.salt.should eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
+    password.to_s.should eql(@hash)
+  end
+  
+  specify "should raise an InvalidHashError when given an invalid hash" do
+    lambda { BCrypt::Password.new('weedle') }.should raise_error(BCrypt::Errors::InvalidHash)
+  end
+end
+
+context "Comparing a hashed password with a secret" do
+  setup do
+    @secret = "U*U"
+    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+    @password = BCrypt::Password.create(@secret)
+  end
+  
+  specify "should compare successfully to the original secret" do
+    (@password == @secret).should be(true)
+  end
+  
+  specify "should compare unsuccessfully to anything besides original secret" do
+    (@password == "@secret").should be(false)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+require "rubygems"
+require "spec"
+require "bcrypt"

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: genki-bcrypt-ruby
+version: !ruby/object:Gem::Version 
+  version: 2.0.3
+platform: ruby
+authors: 
+- Coda Hale
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-01-31 00:00:00 -08:00
+default_executable: 
+dependencies: []
+
+description: bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD project for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for safely handling passwords.
+email: coda.hale@gmail.com
+executables: []
+
+extensions: 
+- ext/extconf.rb
+extra_rdoc_files: 
+- README
+- COPYING
+- CHANGELOG
+- lib/bcrypt.rb
+files: 
+- CHANGELOG
+- COPYING
+- Rakefile
+- README
+- lib/bcrypt.rb
+- spec/bcrypt/engine_spec.rb
+- spec/bcrypt/password_spec.rb
+- spec/spec_helper.rb
+- ext/bcrypt.c
+- ext/bcrypt_ext.c
+- ext/blowfish.c
+- ext/blf.h
+- ext/extconf.rb
+has_rdoc: true
+homepage: http://bcrypt-ruby.rubyforge.org
+post_install_message: 
+rdoc_options: 
+- --title
+- bcrypt-ruby
+- --line-numbers
+- --inline-source
+- --main
+- README
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: bcrypt-ruby
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: OpenBSD's bcrypt() password hashing algorithm.
+test_files: []
+