go_secure 0.2 → 0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 40e61a38f73a0bcdf75bc9d0bac1036611b6bf0b
-  data.tar.gz: b13d4a1232f3e963018fdd222b29a7f8a2e75a5c
+  metadata.gz: 6df2e5055235de7fb8e1f4ffa24f139f608d99da
+  data.tar.gz: d324a65339e5f79aa7397ac3a70eb29595ed7330
 SHA512:
-  metadata.gz: 8afc1a1bd1a847e613b1e58d5c826af725affaa058ce7fb6df0a6cb65e1bca813bd3911ea6be73f996b9a273663b555e48f3157f9fd45c419290ac0dcc6e2ccc
-  data.tar.gz: 839fb1ba8729e5f83cdaa47c3e7063adba8cabf0ae3b548ea80cf032006578b06c8a8c2d6fc37a4ec8e6ee59ad30e2677f21ee55455ae12464545e73ccda9822
+  metadata.gz: 3d9fe792505c3dc4a2aa70a5d28dd61d55962b8ed414ead63ca143e9e68e4b56a59c773ee1615551ce67212e15f94c61649cbb111fd4af3186b0126d26659de8
+  data.tar.gz: 78dd5d713327f3dfcbbcd79582008a0b25a5d80b3aaa3de010ae1e4da6169abd03e38fbbff013aecd9cf7cb9799b24cd38468cd41e4be4269f9ecc83ca036326

data/lib/go_secure.rb

@@ -1,10 +1,18 @@
 require 'openssl'
+require 'base64'
 
 module GoSecure
   def self.sha512(str, salt, encryption_key=nil)
     Digest::SHA512.hexdigest(str.to_s + salt.to_s + (encryption_key || self.encryption_key))
   end
   
+  def self.hmac(str, salt, level, encryption_key=nil)
+    # level is here so we can upgrade in the future without breaking backwards compatibility
+    raise "invalid level" unless level == 1
+    digest = OpenSSL::Digest::SHA512.new(encryption_key || self.encryption_key)
+    res = Base64.urlsafe_encode64(OpenSSL::PKCS5.pbkdf2_hmac(str.to_s, salt.to_s, 100000, digest.digest_length, digest))
+  end
+  
   def self.nonce(str)
     Digest::SHA512.hexdigest(str.to_s + Time.now.to_i.to_s + rand(999999).to_s + self.encryption_key)[0, 24]
   end
@@ -37,18 +45,18 @@ module GoSecure
     pw = {}
 #     pw['hash_type'] = 'sha512'
 #     pw['hash_type'] = 'bcrypt'
-    pw['hash_type'] = 'pbkdf2-sha256'
+    pw['hash_type'] = 'pbkdf2-sha256-2'
     pw['salt'] = Digest::MD5.hexdigest(OpenSSL::Random.pseudo_bytes(4) + Time.now.to_i.to_s + self.encryption_key + "pw" + OpenSSL::Random.pseudo_bytes(16))
 #     pw['hashed_password'] = Digest::SHA512.hexdigest(self.encryption_key + pw['salt'] + password.to_s)
 #     salted = Digest::SHA256.hexdigest(self.encryption_key + pw['salt'] + password.to_s)
 #     pw['hashed_password'] = BCrypt::Password.create(salted)
-    digest = OpenSSL::Digest::SHA256.new
-    pw['hashed_password'] = Base64.encode64(OpenSSL::PKCS5.pbkdf2_hmac(password.to_s, pw['salt'], 100000, digest.digest_length, digest))
+    digest = OpenSSL::Digest::SHA512.new(self.encryption_key)
+    pw['hashed_password'] = Base64.urlsafe_encode64(OpenSSL::PKCS5.pbkdf2_hmac(password.to_s, pw['salt'], 100000, digest.digest_length, digest))
     pw
   end
   
   def self.outdated_password?(password_hash)
-    return password_hash && password_hash['hash_type'] != 'pbkdf2-sha256'
+    return password_hash && password_hash['hash_type'] != 'pbkdf2-sha256-2'
   end
   
   def self.matches_password?(attempt, password_hash)
@@ -68,6 +76,10 @@ module GoSecure
       digest = OpenSSL::Digest::SHA256.new
       str = Base64.encode64(OpenSSL::PKCS5.pbkdf2_hmac(attempt.to_s, password_hash['salt'], 100000, digest.digest_length, digest))
       res = str == password_hash['hashed_password']
+    elsif password_hash && password_hash['hash_type'] == 'pbkdf2-sha256-2' && password_hash['salt']
+      digest = OpenSSL::Digest::SHA512.new(self.encryption_key)
+      str = Base64.urlsafe_encode64(OpenSSL::PKCS5.pbkdf2_hmac(attempt.to_s, password_hash['salt'], 100000, digest.digest_length, digest))
+      res = str == password_hash['hashed_password']
     else
       false
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: go_secure
 version: !ruby/object:Gem::Version
-  version: '0.2'
+  version: '0.3'
 platform: ruby
 authors:
 - Brian Whitmer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-13 00:00:00.000000000 Z
+date: 2018-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec