go_secure 0.2 → 0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/go_secure.rb +16 -4
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 40e61a38f73a0bcdf75bc9d0bac1036611b6bf0b
4
- data.tar.gz: b13d4a1232f3e963018fdd222b29a7f8a2e75a5c
3
+ metadata.gz: 6df2e5055235de7fb8e1f4ffa24f139f608d99da
4
+ data.tar.gz: d324a65339e5f79aa7397ac3a70eb29595ed7330
5
5
  SHA512:
6
- metadata.gz: 8afc1a1bd1a847e613b1e58d5c826af725affaa058ce7fb6df0a6cb65e1bca813bd3911ea6be73f996b9a273663b555e48f3157f9fd45c419290ac0dcc6e2ccc
7
- data.tar.gz: 839fb1ba8729e5f83cdaa47c3e7063adba8cabf0ae3b548ea80cf032006578b06c8a8c2d6fc37a4ec8e6ee59ad30e2677f21ee55455ae12464545e73ccda9822
6
+ metadata.gz: 3d9fe792505c3dc4a2aa70a5d28dd61d55962b8ed414ead63ca143e9e68e4b56a59c773ee1615551ce67212e15f94c61649cbb111fd4af3186b0126d26659de8
7
+ data.tar.gz: 78dd5d713327f3dfcbbcd79582008a0b25a5d80b3aaa3de010ae1e4da6169abd03e38fbbff013aecd9cf7cb9799b24cd38468cd41e4be4269f9ecc83ca036326
data/lib/go_secure.rb CHANGED
@@ -1,10 +1,18 @@
1
1
  require 'openssl'
2
+ require 'base64'
2
3
 
3
4
  module GoSecure
4
5
  def self.sha512(str, salt, encryption_key=nil)
5
6
  Digest::SHA512.hexdigest(str.to_s + salt.to_s + (encryption_key || self.encryption_key))
6
7
  end
7
8
 
9
+ def self.hmac(str, salt, level, encryption_key=nil)
10
+ # level is here so we can upgrade in the future without breaking backwards compatibility
11
+ raise "invalid level" unless level == 1
12
+ digest = OpenSSL::Digest::SHA512.new(encryption_key || self.encryption_key)
13
+ res = Base64.urlsafe_encode64(OpenSSL::PKCS5.pbkdf2_hmac(str.to_s, salt.to_s, 100000, digest.digest_length, digest))
14
+ end
15
+
8
16
  def self.nonce(str)
9
17
  Digest::SHA512.hexdigest(str.to_s + Time.now.to_i.to_s + rand(999999).to_s + self.encryption_key)[0, 24]
10
18
  end
@@ -37,18 +45,18 @@ module GoSecure
37
45
  pw = {}
38
46
  # pw['hash_type'] = 'sha512'
39
47
  # pw['hash_type'] = 'bcrypt'
40
- pw['hash_type'] = 'pbkdf2-sha256'
48
+ pw['hash_type'] = 'pbkdf2-sha256-2'
41
49
  pw['salt'] = Digest::MD5.hexdigest(OpenSSL::Random.pseudo_bytes(4) + Time.now.to_i.to_s + self.encryption_key + "pw" + OpenSSL::Random.pseudo_bytes(16))
42
50
  # pw['hashed_password'] = Digest::SHA512.hexdigest(self.encryption_key + pw['salt'] + password.to_s)
43
51
  # salted = Digest::SHA256.hexdigest(self.encryption_key + pw['salt'] + password.to_s)
44
52
  # pw['hashed_password'] = BCrypt::Password.create(salted)
45
- digest = OpenSSL::Digest::SHA256.new
46
- pw['hashed_password'] = Base64.encode64(OpenSSL::PKCS5.pbkdf2_hmac(password.to_s, pw['salt'], 100000, digest.digest_length, digest))
53
+ digest = OpenSSL::Digest::SHA512.new(self.encryption_key)
54
+ pw['hashed_password'] = Base64.urlsafe_encode64(OpenSSL::PKCS5.pbkdf2_hmac(password.to_s, pw['salt'], 100000, digest.digest_length, digest))
47
55
  pw
48
56
  end
49
57
 
50
58
  def self.outdated_password?(password_hash)
51
- return password_hash && password_hash['hash_type'] != 'pbkdf2-sha256'
59
+ return password_hash && password_hash['hash_type'] != 'pbkdf2-sha256-2'
52
60
  end
53
61
 
54
62
  def self.matches_password?(attempt, password_hash)
@@ -68,6 +76,10 @@ module GoSecure
68
76
  digest = OpenSSL::Digest::SHA256.new
69
77
  str = Base64.encode64(OpenSSL::PKCS5.pbkdf2_hmac(attempt.to_s, password_hash['salt'], 100000, digest.digest_length, digest))
70
78
  res = str == password_hash['hashed_password']
79
+ elsif password_hash && password_hash['hash_type'] == 'pbkdf2-sha256-2' && password_hash['salt']
80
+ digest = OpenSSL::Digest::SHA512.new(self.encryption_key)
81
+ str = Base64.urlsafe_encode64(OpenSSL::PKCS5.pbkdf2_hmac(attempt.to_s, password_hash['salt'], 100000, digest.digest_length, digest))
82
+ res = str == password_hash['hashed_password']
71
83
  else
72
84
  false
73
85
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: go_secure
3
3
  version: !ruby/object:Gem::Version
4
- version: '0.2'
4
+ version: '0.3'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Whitmer
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-12-13 00:00:00.000000000 Z
11
+ date: 2018-04-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec