lookout-bcrypt 3.2.0

data/ext/mri/crypt_gensalt.c

@@ -0,0 +1,111 @@
+/*
+ * Written by Solar Designer and placed in the public domain.
+ * See crypt_blowfish.c for more information.
+ *
+ * This file contains salt generation functions for the traditional and
+ * other common crypt(3) algorithms, except for bcrypt which is defined
+ * entirely in crypt_blowfish.c.
+ */
+
+#include <string.h>
+
+#include <errno.h>
+#ifndef __set_errno
+#define __set_errno(val) errno = (val)
+#endif
+
+#undef __CONST
+#ifdef __GNUC__
+#define __CONST __const
+#else
+#define __CONST
+#endif
+
+unsigned char _crypt_itoa64[64 + 1] =
+	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+
+char *_crypt_gensalt_traditional_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size)
+{
+	if (size < 2 || output_size < 2 + 1 || (count && count != 25)) {
+		if (output_size > 0) output[0] = '\0';
+		__set_errno((output_size < 2 + 1) ? ERANGE : EINVAL);
+		return NULL;
+	}
+
+	output[0] = _crypt_itoa64[(unsigned int)input[0] & 0x3f];
+	output[1] = _crypt_itoa64[(unsigned int)input[1] & 0x3f];
+	output[2] = '\0';
+
+	return output;
+}
+
+char *_crypt_gensalt_extended_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size)
+{
+	unsigned long value;
+
+/* Even iteration counts make it easier to detect weak DES keys from a look
+ * at the hash, so they should be avoided */
+	if (size < 3 || output_size < 1 + 4 + 4 + 1 ||
+	    (count && (count > 0xffffff || !(count & 1)))) {
+		if (output_size > 0) output[0] = '\0';
+		__set_errno((output_size < 1 + 4 + 4 + 1) ? ERANGE : EINVAL);
+		return NULL;
+	}
+
+	if (!count) count = 725;
+
+	output[0] = '_';
+	output[1] = _crypt_itoa64[count & 0x3f];
+	output[2] = _crypt_itoa64[(count >> 6) & 0x3f];
+	output[3] = _crypt_itoa64[(count >> 12) & 0x3f];
+	output[4] = _crypt_itoa64[(count >> 18) & 0x3f];
+	value = (unsigned long)(unsigned char)input[0] |
+		((unsigned long)(unsigned char)input[1] << 8) |
+		((unsigned long)(unsigned char)input[2] << 16);
+	output[5] = _crypt_itoa64[value & 0x3f];
+	output[6] = _crypt_itoa64[(value >> 6) & 0x3f];
+	output[7] = _crypt_itoa64[(value >> 12) & 0x3f];
+	output[8] = _crypt_itoa64[(value >> 18) & 0x3f];
+	output[9] = '\0';
+
+	return output;
+}
+
+char *_crypt_gensalt_md5_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size)
+{
+	unsigned long value;
+
+	if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000)) {
+		if (output_size > 0) output[0] = '\0';
+		__set_errno((output_size < 3 + 4 + 1) ? ERANGE : EINVAL);
+		return NULL;
+	}
+
+	output[0] = '$';
+	output[1] = '1';
+	output[2] = '$';
+	value = (unsigned long)(unsigned char)input[0] |
+		((unsigned long)(unsigned char)input[1] << 8) |
+		((unsigned long)(unsigned char)input[2] << 16);
+	output[3] = _crypt_itoa64[value & 0x3f];
+	output[4] = _crypt_itoa64[(value >> 6) & 0x3f];
+	output[5] = _crypt_itoa64[(value >> 12) & 0x3f];
+	output[6] = _crypt_itoa64[(value >> 18) & 0x3f];
+	output[7] = '\0';
+
+	if (size >= 6 && output_size >= 3 + 4 + 4 + 1) {
+		value = (unsigned long)(unsigned char)input[3] |
+			((unsigned long)(unsigned char)input[4] << 8) |
+			((unsigned long)(unsigned char)input[5] << 16);
+		output[7] = _crypt_itoa64[value & 0x3f];
+		output[8] = _crypt_itoa64[(value >> 6) & 0x3f];
+		output[9] = _crypt_itoa64[(value >> 12) & 0x3f];
+		output[10] = _crypt_itoa64[(value >> 18) & 0x3f];
+		output[11] = '\0';
+	}
+
+	return output;
+}

data/ext/mri/extconf.rb

@@ -0,0 +1,16 @@
+if RUBY_PLATFORM == "java"
+  # Don't do anything when run in JRuby; this allows gem installation to pass.
+  # We need to write a dummy Makefile so that RubyGems doesn't think compilation
+  # failed.
+  File.open('Makefile', 'w') do |f|
+    f.puts "all:"
+    f.puts "\t@true"
+    f.puts "install:"
+    f.puts "\t@true"
+  end
+  exit 0
+else
+  require "mkmf"
+  dir_config("bcrypt_ext")
+  create_makefile("bcrypt_ext")
+end

data/ext/mri/ow-crypt.h

@@ -0,0 +1,35 @@
+/*
+ * Written by Solar Designer and placed in the public domain.
+ * See crypt_blowfish.c for more information.
+ */
+
+#ifndef _OW_CRYPT_H
+#define _OW_CRYPT_H
+
+#undef __CONST
+#if defined __GNUC__
+#define __CONST __const
+#elif defined _MSC_VER
+#define __CONST const
+#else
+#endif
+
+#ifndef __SKIP_GNU
+extern char *crypt(__CONST char *key, __CONST char *setting);
+extern char *crypt_r(__CONST char *key, __CONST char *setting, void *data);
+#endif
+
+#ifndef __SKIP_OW
+extern char *crypt_rn(__CONST char *key, __CONST char *setting,
+	void *data, int size);
+extern char *crypt_ra(__CONST char *key, __CONST char *setting,
+	void **data, int *size);
+extern char *crypt_gensalt(__CONST char *prefix, unsigned long count,
+	__CONST char *input, int size);
+extern char *crypt_gensalt_rn(__CONST char *prefix, unsigned long count,
+	__CONST char *input, int size, char *output, int output_size);
+extern char *crypt_gensalt_ra(__CONST char *prefix, unsigned long count,
+	__CONST char *input, int size);
+#endif
+
+#endif

data/ext/mri/wrapper.c

@@ -0,0 +1,262 @@
+/*
+ * Written by Solar Designer and placed in the public domain.
+ * See crypt_blowfish.c for more information.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <errno.h>
+#ifndef __set_errno
+#define __set_errno(val) errno = (val)
+#endif
+
+#ifdef TEST
+#include <stdio.h>
+#include <unistd.h>
+#include <signal.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/times.h>
+#ifdef TEST_THREADS
+#include <pthread.h>
+#endif
+#endif
+
+#include <ruby.h>
+#ifdef HAVE_RUBY_UTIL_H
+#include <ruby/util.h>
+#else
+#include <util.h>
+#endif
+
+#define CRYPT_OUTPUT_SIZE		(7 + 22 + 31 + 1)
+#define CRYPT_GENSALT_OUTPUT_SIZE	(7 + 22 + 1)
+
+#if defined(__GLIBC__) && defined(_LIBC)
+#define __SKIP_GNU
+#endif
+#include "ow-crypt.h"
+
+extern char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
+	char *output, int size);
+extern char *_crypt_gensalt_blowfish_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size);
+
+extern unsigned char _crypt_itoa64[];
+extern char *_crypt_gensalt_traditional_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size);
+extern char *_crypt_gensalt_extended_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size);
+extern char *_crypt_gensalt_md5_rn(unsigned long count,
+	__CONST char *input, int size, char *output, int output_size);
+
+#if defined(__GLIBC__) && defined(_LIBC)
+/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
+#include "crypt.h"
+extern char *__md5_crypt_r(const char *key, const char *salt,
+	char *buffer, int buflen);
+/* crypt-entry.c needs to be patched to define __des_crypt_r rather than
+ * __crypt_r, and not define crypt_r and crypt at all */
+extern char *__des_crypt_r(const char *key, const char *salt,
+	struct crypt_data *data);
+extern struct crypt_data _ufc_foobar;
+#endif
+
+static int _crypt_data_alloc(void **data, int *size, int need)
+{
+	void *updated;
+
+	if (*data && *size >= need) return 0;
+
+	updated = realloc(*data, need);
+
+	if (!updated) {
+#ifndef __GLIBC__
+		/* realloc(3) on glibc sets errno, so we don't need to bother */
+		__set_errno(ENOMEM);
+#endif
+		return -1;
+	}
+
+#if defined(__GLIBC__) && defined(_LIBC)
+	if (need >= sizeof(struct crypt_data))
+		((struct crypt_data *)updated)->initialized = 0;
+#endif
+
+	*data = updated;
+	*size = need;
+
+	return 0;
+}
+
+static char *_crypt_retval_magic(char *retval, __CONST char *setting,
+	char *output)
+{
+	if (retval) return retval;
+
+	output[0] = '*';
+	output[1] = '0';
+	output[2] = '\0';
+
+	if (setting[0] == '*' && setting[1] == '0')
+		output[1] = '1';
+
+	return output;
+}
+
+#if defined(__GLIBC__) && defined(_LIBC)
+/*
+ * Applications may re-use the same instance of struct crypt_data without
+ * resetting the initialized field in order to let crypt_r() skip some of
+ * its initialization code.  Thus, it is important that our multiple hashing
+ * algorithms either don't conflict with each other in their use of the
+ * data area or reset the initialized field themselves whenever required.
+ * Currently, the hashing algorithms simply have no conflicts: the first
+ * field of struct crypt_data is the 128-byte large DES key schedule which
+ * __des_crypt_r() calculates each time it is called while the two other
+ * hashing algorithms use less than 128 bytes of the data area.
+ */
+
+char *__crypt_rn(__const char *key, __const char *setting,
+	void *data, int size)
+{
+	if (setting[0] == '$' && setting[1] == '2')
+		return _crypt_blowfish_rn(key, setting, (char *)data, size);
+	if (setting[0] == '$' && setting[1] == '1')
+		return __md5_crypt_r(key, setting, (char *)data, size);
+	if (setting[0] == '$' || setting[0] == '_') {
+		__set_errno(EINVAL);
+		return NULL;
+	}
+	if (size >= sizeof(struct crypt_data))
+		return __des_crypt_r(key, setting, (struct crypt_data *)data);
+	__set_errno(ERANGE);
+	return NULL;
+}
+
+char *__crypt_ra(__const char *key, __const char *setting,
+	void **data, int *size)
+{
+	if (setting[0] == '$' && setting[1] == '2') {
+		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+			return NULL;
+		return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
+	}
+	if (setting[0] == '$' && setting[1] == '1') {
+		if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+			return NULL;
+		return __md5_crypt_r(key, setting, (char *)*data, *size);
+	}
+	if (setting[0] == '$' || setting[0] == '_') {
+		__set_errno(EINVAL);
+		return NULL;
+	}
+	if (_crypt_data_alloc(data, size, sizeof(struct crypt_data)))
+		return NULL;
+	return __des_crypt_r(key, setting, (struct crypt_data *)*data);
+}
+
+char *__crypt_r(__const char *key, __const char *setting,
+	struct crypt_data *data)
+{
+	return _crypt_retval_magic(
+		__crypt_rn(key, setting, data, sizeof(*data)),
+		setting, (char *)data);
+}
+
+char *__crypt(__const char *key, __const char *setting)
+{
+	return _crypt_retval_magic(
+		__crypt_rn(key, setting, &_ufc_foobar, sizeof(_ufc_foobar)),
+		setting, (char *)&_ufc_foobar);
+}
+#else
+char *crypt_rn(__CONST char *key, __CONST char *setting, void *data, int size)
+{
+	return _crypt_blowfish_rn(key, setting, (char *)data, size);
+}
+
+char *crypt_ra(__CONST char *key, __CONST char *setting,
+	void **data, int *size)
+{
+	if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+		return NULL;
+	return _crypt_blowfish_rn(key, setting, (char *)*data, *size);
+}
+
+char *crypt_r(__CONST char *key, __CONST char *setting, void *data)
+{
+	return _crypt_retval_magic(
+		crypt_rn(key, setting, data, CRYPT_OUTPUT_SIZE),
+		setting, (char *)data);
+}
+
+#define __crypt_gensalt_rn crypt_gensalt_rn
+#define __crypt_gensalt_ra crypt_gensalt_ra
+#define __crypt_gensalt crypt_gensalt
+#endif
+
+char *__crypt_gensalt_rn(__CONST char *prefix, unsigned long count,
+	__CONST char *input, int size, char *output, int output_size)
+{
+	char *(*use)(unsigned long count,
+		__CONST char *input, int size, char *output, int output_size);
+
+	/* This may be supported on some platforms in the future */
+	if (!input) {
+		__set_errno(EINVAL);
+		return NULL;
+	}
+
+	if (!strncmp(prefix, "$2a$", 4))
+		use = _crypt_gensalt_blowfish_rn;
+	else
+	if (!strncmp(prefix, "$1$", 3))
+		use = _crypt_gensalt_md5_rn;
+	else
+	if (prefix[0] == '_')
+		use = _crypt_gensalt_extended_rn;
+	else
+	if (!prefix[0] ||
+	    (prefix[0] && prefix[1] &&
+	    memchr(_crypt_itoa64, prefix[0], 64) &&
+	    memchr(_crypt_itoa64, prefix[1], 64)))
+		use = _crypt_gensalt_traditional_rn;
+	else {
+		__set_errno(EINVAL);
+		return NULL;
+	}
+
+	return use(count, input, size, output, output_size);
+}
+
+char *__crypt_gensalt_ra(__CONST char *prefix, unsigned long count,
+	__CONST char *input, int size)
+{
+	char output[CRYPT_GENSALT_OUTPUT_SIZE];
+	char *retval;
+
+	retval = __crypt_gensalt_rn(prefix, count,
+		input, size, output, sizeof(output));
+
+	if (retval) {
+		retval = ruby_strdup(retval);
+#ifndef __GLIBC__
+		/* strdup(3) on glibc sets errno, so we don't need to bother */
+		if (!retval)
+			__set_errno(ENOMEM);
+#endif
+	}
+
+	return retval;
+}
+
+char *__crypt_gensalt(__CONST char *prefix, unsigned long count,
+	__CONST char *input, int size)
+{
+	static char output[CRYPT_GENSALT_OUTPUT_SIZE];
+
+	return __crypt_gensalt_rn(prefix, count,
+		input, size, output, sizeof(output));
+}

data/lib/bcrypt/engine.rb

@@ -0,0 +1,123 @@
+module BCrypt
+  # A Ruby wrapper for the bcrypt() C extension calls and the Java calls.
+  class Engine
+    # The default computational expense parameter.
+    DEFAULT_COST    = 10
+    # The minimum cost supported by the algorithm.
+    MIN_COST        = 4
+    # Maximum possible size of bcrypt() salts.
+    MAX_SALT_LENGTH = 16
+
+    if RUBY_PLATFORM != "java"
+      # C-level routines which, if they don't get the right input, will crash the
+      # hell out of the Ruby process.
+      private_class_method :__bc_salt
+      private_class_method :__bc_crypt
+    end
+
+    @cost = nil
+
+    # Returns the cost factor that will be used if one is not specified when
+    # creating a password hash.  Defaults to DEFAULT_COST if not set.
+    def self.cost
+      @cost || DEFAULT_COST
+    end
+
+    # Set a default cost factor that will be used if one is not specified when
+    # creating a password hash.
+    #
+    # Example:
+    #
+    #   BCrypt::Engine::DEFAULT_COST            #=> 10
+    #   BCrypt::Password.create('secret').cost  #=> 10
+    #
+    #   BCrypt::Engine.cost = 8
+    #   BCrypt::Password.create('secret').cost  #=> 8
+    #
+    #   # cost can still be overridden as needed
+    #   BCrypt::Password.create('secret', :cost => 6).cost  #=> 6
+    def self.cost=(cost)
+      @cost = cost
+    end
+
+    # Given a secret and a valid salt (see BCrypt::Engine.generate_salt) calculates
+    # a bcrypt() password hash.
+    def self.hash_secret(secret, salt, _ = nil)
+      if valid_secret?(secret)
+        if valid_salt?(salt)
+          if RUBY_PLATFORM == "java"
+            # the native C bcrypt implementation used by the MRI version of this gem
+            # interprets secret as a null-terminated string; to ensure consistency,
+            # we drop after any null byte
+            trimmed = secret.to_s.split("\0").first # drop after null byte to emulate C
+
+            # the java hashpw() method taking byte[] expects the null terminator
+            bytes = (trimmed.to_s + "\0").to_java_bytes # add null byte for byte[] API
+            Java.bcrypt_jruby.BCrypt.hashpw(bytes, salt.to_s)
+          else
+            __bc_crypt(secret.to_s, salt)
+          end
+        else
+          raise Errors::InvalidSalt.new("invalid salt")
+        end
+      else
+        raise Errors::InvalidSecret.new("invalid secret")
+      end
+    end
+
+    # Generates a random salt with a given computational cost.
+    def self.generate_salt(cost = self.cost)
+      cost = cost.to_i
+      if cost > 0
+        if cost < MIN_COST
+          cost = MIN_COST
+        end
+        if RUBY_PLATFORM == "java"
+          Java.bcrypt_jruby.BCrypt.gensalt(cost)
+        else
+          prefix = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+          __bc_salt(prefix, cost, OpenSSL::Random.random_bytes(MAX_SALT_LENGTH))
+        end
+      else
+        raise Errors::InvalidCost.new("cost must be numeric and > 0")
+      end
+    end
+
+    # Returns true if +salt+ is a valid bcrypt() salt, false if not.
+    def self.valid_salt?(salt)
+      !!(salt =~ /^\$[0-9a-z]{2,}\$[0-9]{2,}\$[A-Za-z0-9\.\/]{22,}$/)
+    end
+
+    # Returns true if +secret+ is a valid bcrypt() secret, false if not.
+    def self.valid_secret?(secret)
+      secret.respond_to?(:to_s)
+    end
+
+    # Returns the cost factor which will result in computation times less than +upper_time_limit_in_ms+.
+    #
+    # Example:
+    #
+    #   BCrypt::Engine.calibrate(200)  #=> 10
+    #   BCrypt::Engine.calibrate(1000) #=> 12
+    #
+    #   # should take less than 200ms
+    #   BCrypt::Password.create("woo", :cost => 10)
+    #
+    #   # should take less than 1000ms
+    #   BCrypt::Password.create("woo", :cost => 12)
+    def self.calibrate(upper_time_limit_in_ms)
+      40.times do |i|
+        start_time = Time.now
+        Password.create("testing testing", :cost => i+1)
+        end_time = Time.now - start_time
+        return i if end_time * 1_000 > upper_time_limit_in_ms
+      end
+    end
+
+    # Autodetects the cost from the salt string.
+    def self.autodetect_cost(salt)
+      salt[4..5].to_i
+    end
+  end
+
+end

data/lib/bcrypt/error.rb

@@ -0,0 +1,22 @@
+module BCrypt
+
+  class Error < StandardError  # :nodoc:
+  end
+
+  module Errors  # :nodoc:
+
+    # The salt parameter provided to bcrypt() is invalid.
+    class InvalidSalt < BCrypt::Error; end
+
+    # The hash parameter provided to bcrypt() is invalid.
+    class InvalidHash < BCrypt::Error; end
+
+    # The cost parameter provided to bcrypt() is invalid.
+    class InvalidCost < BCrypt::Error; end
+
+    # The secret parameter provided to bcrypt() is invalid.
+    class InvalidSecret < BCrypt::Error; end
+
+  end
+
+end

data/lib/bcrypt/password.rb

@@ -0,0 +1,87 @@
+module BCrypt
+  # A password management class which allows you to safely store users' passwords and compare them.
+  #
+  # Example usage:
+  #
+  #   include BCrypt
+  #
+  #   # hash a user's password
+  #   @password = Password.create("my grand secret")
+  #   @password #=> "$2a$10$GtKs1Kbsig8ULHZzO1h2TetZfhO4Fmlxphp8bVKnUlZCBYYClPohG"
+  #
+  #   # store it safely
+  #   @user.update_attribute(:password, @password)
+  #
+  #   # read it back
+  #   @user.reload!
+  #   @db_password = Password.new(@user.password)
+  #
+  #   # compare it after retrieval
+  #   @db_password == "my grand secret" #=> true
+  #   @db_password == "a paltry guess"  #=> false
+  #
+  class Password < String
+    # The hash portion of the stored password hash.
+    attr_reader :checksum
+    # The salt of the store password hash (including version and cost).
+    attr_reader :salt
+    # The version of the bcrypt() algorithm used to create the hash.
+    attr_reader :version
+    # The cost factor used to create the hash.
+    attr_reader :cost
+
+    class << self
+      # Hashes a secret, returning a BCrypt::Password instance. Takes an optional <tt>:cost</tt> option, which is a
+      # logarithmic variable which determines how computational expensive the hash is to calculate (a <tt>:cost</tt> of
+      # 4 is twice as much work as a <tt>:cost</tt> of 3). The higher the <tt>:cost</tt> the harder it becomes for
+      # attackers to try to guess passwords (even if a copy of your database is stolen), but the slower it is to check
+      # users' passwords.
+      #
+      # Example:
+      #
+      #   @password = BCrypt::Password.create("my secret", :cost => 13)
+      def create(secret, options = {})
+        cost = options[:cost] || BCrypt::Engine.cost
+        raise ArgumentError if cost > 31
+        Password.new(BCrypt::Engine.hash_secret(secret, BCrypt::Engine.generate_salt(cost)))
+      end
+
+      def valid_hash?(h)
+        h =~ /^\$[0-9a-z]{2}\$[0-9]{2}\$[A-Za-z0-9\.\/]{53}$/
+      end
+    end
+
+    # Initializes a BCrypt::Password instance with the data from a stored hash.
+    def initialize(raw_hash)
+      if valid_hash?(raw_hash)
+        self.replace(raw_hash)
+        @version, @cost, @salt, @checksum = split_hash(self)
+      else
+        raise Errors::InvalidHash.new("invalid hash")
+      end
+    end
+
+    # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
+    def ==(secret)
+      super(BCrypt::Engine.hash_secret(secret, @salt))
+    end
+    alias_method :is_password?, :==
+
+  private
+
+    # Returns true if +h+ is a valid hash.
+    def valid_hash?(h)
+      self.class.valid_hash?(h)
+    end
+
+    # call-seq:
+    #   split_hash(raw_hash) -> version, cost, salt, hash
+    #
+    # Splits +h+ into version, cost, salt, and hash and returns them in that order.
+    def split_hash(h)
+      _, v, c, mash = h.split('$')
+      return v, c.to_i, h[0, 29].to_str, mash[-31, 31].to_str
+    end
+  end
+
+end

data/lib/bcrypt.rb

@@ -0,0 +1,21 @@
+# A Ruby library implementing OpenBSD's bcrypt()/crypt_blowfish algorithm for
+# hashing passwords.
+module BCrypt
+end
+
+if RUBY_PLATFORM == "java"
+  require 'java'
+else
+  require "openssl"
+end
+
+begin
+  RUBY_VERSION =~ /(\d+.\d+)/
+  require "#{$1}/bcrypt_ext"
+rescue LoadError
+  require "bcrypt_ext"
+end
+
+require 'bcrypt/error'
+require 'bcrypt/engine'
+require 'bcrypt/password'