lookout-bcrypt 3.2.0

data/spec/TestBCrypt.java

@@ -0,0 +1,347 @@
+// Copyright (c) 2006 Damien Miller <djm@mindrot.org>
+//
+// Permission to use, copy, modify, and distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+import junit.framework.TestCase;
+
+/**
+ * JUnit unit tests for BCrypt routines
+ * @author Damien Miller
+ * @version 0.3
+ */
+public class TestBCrypt extends TestCase {
+	// length of salt prefix
+	private static final int BCRYPT_SALT_PREFIX_LENGTH = 7 + 22 + 1;
+
+	String test_vectors[][] = {
+			{ "", 
+			"$2a$06$DCq7YPn5Rq63x1Lad4cll.TV4S6ytwfsfvkgY8jIucDrjc8deX1s." },
+			{ "",
+			"$2a$08$HqWuK6/Ng6sg9gQzbLrgb.Tl.ZHfXLhvt/SgVyWhQqgqcZ7ZuUtye" },
+			{ "",
+			"$2a$10$k1wbIrmNyFAPwPVPSVa/zecw2BCEnBwVS2GbrmgzxFUOqW9dk4TCW" },
+			{ "",
+			"$2a$12$k42ZFHFWqBp3vWli.nIn8uYyIkbvYRvodzbfbK18SSsY.CsIQPlxO" },
+			{ "a",
+			"$2a$06$m0CrhHm10qJ3lXRY.5zDGO3rS2KdeeWLuGmsfGlMfOxih58VYVfxe" },
+			{ "a", 
+			"$2a$08$cfcvVd2aQ8CMvoMpP2EBfeodLEkkFJ9umNEfPD18.hUF62qqlC/V." },
+			{ "a",
+			"$2a$10$k87L/MF28Q673VKh8/cPi.SUl7MU/rWuSiIDDFayrKk/1tBsSQu4u" },
+			{ "a",
+			"$2a$12$8NJH3LsPrANStV6XtBakCez0cKHXVxmvxIlcz785vxAIZrihHZpeS" },
+			{ "abc",
+			"$2a$06$If6bvum7DFjUnE9p2uDeDu0YHzrHM6tf.iqN8.yx.jNN1ILEf7h0i" },
+			{ "abc",
+			"$2a$08$Ro0CUfOqk6cXEKf3dyaM7OhSCvnwM9s4wIX9JeLapehKK5YdLxKcm" },
+			{ "abc",
+			"$2a$10$WvvTPHKwdBJ3uk0Z37EMR.hLA2W6N9AEBhEgrAOljy2Ae5MtaSIUi" },
+			{ "abc",
+			"$2a$12$EXRkfkdmXn2gzds2SSitu.MW9.gAVqa9eLS1//RYtYCmB1eLHg.9q" },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$06$.rCVZVOThsIa97pEDOxvGuRRgzG64bvtJ0938xuqzv18d3ZpQhstC" },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$08$aTsUwsyowQuzRrDqFflhgekJ8d9/7Z3GV3UcgvzQW3J5zMyrTvlz." },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$10$fVH8e28OQRj9tqiDXs1e1uxpsjN0c7II7YPKXua2NAKYvM6iQk7dq" },
+			{ "abcdefghijklmnopqrstuvwxyz",
+			"$2a$12$D4G5f18o7aMMfwasBL7GpuQWuP3pkrZrOAnqP.bmezbMng.QwJ/pG" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$06$fPIsBO8qRqkjj273rfaOI.HtSV9jLDpTbZn782DC6/t7qT67P6FfO" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$08$Eq2r4G/76Wv39MzSX262huzPz612MZiYHVUJe/OcOql2jo4.9UxTW" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$10$LgfYWkbzEvQ4JakH7rOvHe0y8pHKF9OaFgwUZ2q7W2FFZmZzJYlfS" },
+			{ "~!@#$%^&*()      ~!@#$%^&*()PNBFRD",
+			"$2a$12$WApznUOJfkEGSmYRfnkrPOr466oFDCaj4b6HY3EXGvfxm43seyhgC" },
+			{ "", // Note that this must be 4 or more from the end to pass testCheckpw_failure
+			  "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy" },
+			{ "U*U",
+			  "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW" },
+			{ "U*U*",
+			  "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK" },
+			{ "U*U*U",
+			  "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a" },
+			{ "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789",
+			  "$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui" },
+		};
+
+	byte[][] binary_test_vectors =
+		{
+			// ""
+			{
+			  (byte) 0
+			},
+
+			// "U*U"
+			{
+			  (byte) 'U', (byte) '*', (byte) 'U', (byte) 0
+			},
+
+			// "U*U*"
+			{
+			  (byte) 'U', (byte) '*', (byte) 'U', (byte) '*', (byte) 0
+			},
+
+			// "U*U*U"
+			{
+			  (byte) 'U', (byte) '*', (byte) 'U', (byte) '*', (byte) 'U', (byte) 0
+			},
+
+			// [0xaa] * 72
+			{ (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0
+			},
+
+			// [0xaa] * 72 + "chars after 72 are ignored as usual"
+			{ (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa, (byte) 0xaa,
+			  (byte) 'c', (byte) 'h', (byte) 'a', (byte) 'r', (byte) 's', (byte) ' ',
+			  (byte) 'a', (byte) 'f', (byte) 't', (byte) 'e', (byte) 'r', (byte) ' ',
+			  (byte) '7', (byte) '2', (byte) ' ', (byte) 'a', (byte) 'r', (byte) 'e',
+			  (byte) 'i', (byte) 'g', (byte) 'n', (byte) 'o', (byte) 'r', (byte) 'e',
+			  (byte) 'd', (byte) ' ', (byte) 'a', (byte) 's', (byte) ' ', (byte) 'u',
+			  (byte) 's', (byte) 'u', (byte) 'a', (byte) 'l', (byte) 0
+			},
+
+			// [0xaa, 0x55] * 36
+			{ (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55, (byte) 0xaa, (byte) 0x55,
+			  (byte) 0
+			},
+
+			// [0x55, 0xaa, 0xff] * 24
+			{ (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0x55, (byte) 0xaa, (byte) 0xff, (byte) 0x55, (byte) 0xaa, (byte) 0xff,
+			  (byte) 0
+			},
+		};
+
+	String[][] binary_test_match_vectors =
+		{
+			{ // ""
+			  "$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy" },
+			{ // "U*U"
+			  "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW" },
+			{ // "U*U*"
+			  "$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK" },
+			{ // "U*U*U"
+			  "$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a" },
+			{ // [0xaa] * 72
+			  "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6" },
+			{ // [0xaa] * 72 + "chars after 72 are ignored as usual"
+			  "$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6" },
+			{ // [0xaa, 0x55] * 36
+			  "$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy" },
+			{ // [0x55, 0xaa, 0xff] * 24
+			  "$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe" },
+		};
+
+
+	/**
+	 * Entry point for unit tests
+	 * @param args unused
+	 */
+	public static void main(String[] args) {
+		junit.textui.TestRunner.run(TestBCrypt.class);
+	}
+
+	/**
+	 * Test method for 'BCrypt.hashpw(String, String)'
+	 */
+	public void testHashpw() {
+		System.out.print("BCrypt.hashpw(): ");
+		for (int i = 0; i < test_vectors.length; i++) {
+			String plain = test_vectors[i][0];
+			String salt = test_vectors[i][1].substring(0, BCRYPT_SALT_PREFIX_LENGTH);
+			String expected = test_vectors[i][1];
+			String hashed = BCrypt.hashpw(plain, salt);
+			assertEquals(hashed, expected);
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.hashpw(byte[], String)'
+	 */
+	public void testHashpwBinary() {
+		System.out.print("BCrypt.hashpw(byte[]): ");
+		for (int i = 0; i < binary_test_vectors.length; i++) {
+			byte[] plain = binary_test_vectors[i];
+			String salt = binary_test_match_vectors[i][0].substring(0, BCRYPT_SALT_PREFIX_LENGTH);
+			String expected = binary_test_match_vectors[i][0];
+			String hashed = BCrypt.hashpw(plain, salt);
+			assertEquals(hashed, expected);
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.gensalt(int)'
+	 */
+	public void testGensaltInt() {
+		System.out.print("BCrypt.gensalt(log_rounds):");
+		for (int i = 4; i <= 12; i++) {
+			System.out.print(" " + Integer.toString(i) + ":");
+			for (int j = 0; j < test_vectors.length; j += 4) {
+				String plain = test_vectors[j][0];
+				String salt = BCrypt.gensalt(i);
+				String hashed1 = BCrypt.hashpw(plain, salt);
+				String hashed2 = BCrypt.hashpw(plain, hashed1);
+				assertEquals(hashed1, hashed2);
+				System.out.print(".");
+			}
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.gensalt()'
+	 */
+	public void testGensalt() {
+		System.out.print("BCrypt.gensalt(): ");
+		for (int i = 0; i < test_vectors.length; i += 4) {
+			String plain = test_vectors[i][0];
+			String salt = BCrypt.gensalt();
+			String hashed1 = BCrypt.hashpw(plain, salt);
+			String hashed2 = BCrypt.hashpw(plain, hashed1);
+			assertEquals(hashed1, hashed2);
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.checkpw(String, String)'
+	 * expecting success
+	 */
+	public void testCheckpw_success() {
+		System.out.print("BCrypt.checkpw w/ good passwords: ");
+		for (int i = 0; i < test_vectors.length; i++) {
+			String plain = test_vectors[i][0];
+			String expected = test_vectors[i][1];
+			assertTrue(BCrypt.checkpw(plain, expected));
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.checkpw(byte[], String)'
+	 * expecting success
+	 */
+	public void testCheckpwBinary_success() {
+		System.out.print("BCrypt.checkpw(byte[]) w/ good passwords: ");
+		for (int i = 0; i < binary_test_vectors.length; i++) {
+			byte[] plain = binary_test_vectors[i];
+			String expected = binary_test_match_vectors[i][0];
+			assertTrue(BCrypt.checkpw(plain, expected));
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.checkpw(String, String)'
+	 * expecting failure
+	 */
+	public void testCheckpw_failure() {
+		System.out.print("BCrypt.checkpw w/ bad passwords: ");
+		for (int i = 0; i < test_vectors.length; i++) {
+			int broken_index = (i + 4) % test_vectors.length;
+			String plain = test_vectors[i][0];
+			String expected = test_vectors[broken_index][1];
+			assertFalse(BCrypt.checkpw(plain, expected));
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test method for 'BCrypt.checkpw(byte[], String)'
+	 * expecting failure
+	 */
+	public void testCheckpwBinary_failure() {
+		System.out.print("BCrypt.checkpw(byte[]) w/ bad passwords: ");
+		for (int i = 0; i < binary_test_vectors.length; i++) {
+			int broken_index = (i + 4) % binary_test_vectors.length;
+			byte[] plain = binary_test_vectors[i];
+			String expected = binary_test_match_vectors[broken_index][0];
+			assertFalse(BCrypt.checkpw(plain, expected));
+			System.out.print(".");
+		}
+		System.out.println("");
+	}
+
+	/**
+	 * Test for correct hashing of non-US-ASCII passwords
+	 */
+	public void testInternationalChars() {
+		System.out.print("BCrypt.hashpw w/ international chars: ");
+		String pw1 = "ππππππππ";
+		String pw2 = "????????";
+
+		String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
+		assertFalse(BCrypt.checkpw(pw2, h1));
+		System.out.print(".");
+
+		String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
+		assertFalse(BCrypt.checkpw(pw1, h2));
+		System.out.print(".");
+		System.out.println("");
+	}
+
+}

data/spec/bcrypt/engine_spec.rb

@@ -0,0 +1,108 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+
+describe "The BCrypt engine" do
+  specify "should calculate the optimal cost factor to fit in a specific time" do
+    first = BCrypt::Engine.calibrate(100)
+    second = BCrypt::Engine.calibrate(400)
+    expect(second).to be > first
+  end
+end
+
+describe "Generating BCrypt salts" do
+
+  specify "should produce strings" do
+    expect(BCrypt::Engine.generate_salt).to be_an_instance_of(String)
+  end
+
+  specify "should produce random data" do
+    expect(BCrypt::Engine.generate_salt).to_not equal(BCrypt::Engine.generate_salt)
+  end
+
+  specify "should raise a InvalidCostError if the cost parameter isn't numeric" do
+    expect { BCrypt::Engine.generate_salt('woo') }.to raise_error(BCrypt::Errors::InvalidCost)
+  end
+
+  specify "should raise a InvalidCostError if the cost parameter isn't greater than 0" do
+    expect { BCrypt::Engine.generate_salt(-1) }.to raise_error(BCrypt::Errors::InvalidCost)
+  end
+end
+
+describe "Autodetecting of salt cost" do
+
+  specify "should work" do
+    expect(BCrypt::Engine.autodetect_cost("$2a$08$hRx2IVeHNsTSYYtUWn61Ou")).to eq 8
+    expect(BCrypt::Engine.autodetect_cost("$2a$05$XKd1bMnLgUnc87qvbAaCUu")).to eq 5
+    expect(BCrypt::Engine.autodetect_cost("$2a$13$Lni.CZ6z5A7344POTFBBV.")).to eq 13
+  end
+
+end
+
+describe "Generating BCrypt hashes" do
+
+  class MyInvalidSecret
+    undef to_s
+  end
+
+  before :each do
+    @salt = BCrypt::Engine.generate_salt(4)
+    @password = "woo"
+  end
+
+  specify "should produce a string" do
+    expect(BCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
+  end
+
+  specify "should raise an InvalidSalt error if the salt is invalid" do
+    expect { BCrypt::Engine.hash_secret(@password, 'nino') }.to raise_error(BCrypt::Errors::InvalidSalt)
+  end
+
+  specify "should raise an InvalidSecret error if the secret is invalid" do
+    expect { BCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.to raise_error(BCrypt::Errors::InvalidSecret)
+    expect { BCrypt::Engine.hash_secret(nil, @salt) }.not_to raise_error
+    expect { BCrypt::Engine.hash_secret(false, @salt) }.not_to raise_error
+  end
+
+  specify "should call #to_s on the secret and use the return value as the actual secret data" do
+    expect(BCrypt::Engine.hash_secret(false, @salt)).to eq BCrypt::Engine.hash_secret("false", @salt)
+  end
+
+  describe "should be interoperable with other implementations" do
+    BCRYPT_SALT_PREFIX_LENGTH = 7 + 22 + 1
+
+    # test vectors from the OpenWall implementation <http://www.openwall.com/crypt/>
+    test_vectors = [
+      ["$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW",
+          "U*U"],
+      ["$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK",
+          "U*U*"],
+      ["$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a",
+          "U*U*U"],
+      ["$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui",
+          "0123456789abcdefghijklmnopqrstuvwxyz" +
+	  "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" +
+	  "chars after 72 are ignored"],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq",
+          "\xa3"],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.nRht2l/HRhr6zmCp9vYUvvsqynflf9e",
+          "\xff\xa3" "345"],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.6IflQkJytoRVc1yuaNtHfiuq.FRlSIS",
+          "\xa3" "ab"],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6",
+          "\xaa"*72],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6",
+          "\xaa"*72 + "chars after 72 are ignored as usual"],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy",
+          "\xaa\x55"*36],
+      ["$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe",
+          "\x55\xaa\xff"*24],
+      ["$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy",
+          ""],
+    ]
+    test_vectors.each_with_index do |(test_vector, secret), i|
+      specify("with Secret ##{i}") do
+        salt = test_vector[0, BCRYPT_SALT_PREFIX_LENGTH - 1] # extract salt from test vector
+        expect(BCrypt::Engine.hash_secret(secret, salt)).to eql(test_vector)
+      end
+    end
+  end
+end

data/spec/bcrypt/error_spec.rb

@@ -0,0 +1,37 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+
+describe "Errors" do
+
+  shared_examples "descends from StandardError" do
+    it "can be rescued as a StandardError" do
+      expect(described_class).to be < StandardError
+    end
+  end
+
+  shared_examples "descends from BCrypt::Error" do
+    it "can be rescued as a BCrypt::Error" do
+      expect(described_class).to be < BCrypt::Error
+    end
+  end
+
+  describe BCrypt::Error do
+    include_examples "descends from StandardError"
+  end
+
+  describe BCrypt::Errors::InvalidCost do
+    include_examples "descends from BCrypt::Error"
+  end
+
+  describe BCrypt::Errors::InvalidHash do
+    include_examples "descends from BCrypt::Error"
+  end
+
+  describe BCrypt::Errors::InvalidSalt do
+    include_examples "descends from BCrypt::Error"
+  end
+
+  describe BCrypt::Errors::InvalidSecret do
+    include_examples "descends from BCrypt::Error"
+  end
+
+end

data/spec/bcrypt/password_spec.rb

@@ -0,0 +1,123 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+
+describe "Creating a hashed password" do
+
+  before :each do
+    @secret = "wheedle"
+    @password = BCrypt::Password.create(@secret, :cost => 4)
+  end
+
+  specify "should return a BCrypt::Password" do
+    expect(@password).to be_an_instance_of(BCrypt::Password)
+  end
+
+  specify "should return a valid bcrypt password" do
+    expect { BCrypt::Password.new(@password) }.not_to raise_error
+  end
+
+  specify "should behave normally if the secret is not a string" do
+    expect { BCrypt::Password.create(nil) }.not_to raise_error
+    expect { BCrypt::Password.create({:woo => "yeah"}) }.not_to raise_error
+    expect { BCrypt::Password.create(false) }.not_to raise_error
+  end
+
+  specify "should tolerate empty string secrets" do
+    expect { BCrypt::Password.create( "\n".chop  ) }.not_to raise_error
+    expect { BCrypt::Password.create( ""         ) }.not_to raise_error
+    expect { BCrypt::Password.create( String.new ) }.not_to raise_error
+  end
+end
+
+describe "Reading a hashed password" do
+  before :each do
+    @secret = "U*U"
+    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+  end
+
+  specify "the cost is too damn high" do
+    expect {
+      BCrypt::Password.create("hello", :cost => 32)
+    }.to raise_error(ArgumentError)
+  end
+
+  specify "the cost should be set to the default if nil" do
+    expect(BCrypt::Password.create("hello", :cost => nil).cost).to equal(BCrypt::Engine::DEFAULT_COST)
+  end
+
+  specify "the cost should be set to the default if empty hash" do
+    expect(BCrypt::Password.create("hello", {}).cost).to equal(BCrypt::Engine::DEFAULT_COST)
+  end
+
+  specify "the cost should be set to the passed value if provided" do
+    expect(BCrypt::Password.create("hello", :cost => 5).cost).to equal(5)
+  end
+
+  specify "the cost should be set to the global value if set" do
+    BCrypt::Engine.cost = 5
+    expect(BCrypt::Password.create("hello").cost).to equal(5)
+    # unset the global value to not affect other tests
+    BCrypt::Engine.cost = nil
+  end
+
+  specify "the cost should be set to an overridden constant for backwards compatibility" do
+    # suppress "already initialized constant" warning
+    old_verbose, $VERBOSE = $VERBOSE, nil
+    old_default_cost = BCrypt::Engine::DEFAULT_COST
+
+    BCrypt::Engine::DEFAULT_COST = 5
+    expect(BCrypt::Password.create("hello").cost).to equal(5)
+
+    # reset default to not affect other tests
+    BCrypt::Engine::DEFAULT_COST = old_default_cost
+    $VERBOSE = old_verbose
+  end
+
+  specify "should read the version, cost, salt, and hash" do
+    password = BCrypt::Password.new(@hash)
+    expect(password.version).to eql("2a")
+    expect(password.cost).to equal(5)
+    expect(password.salt).to eql("$2a$05$CCCCCCCCCCCCCCCCCCCCC.")
+    expect(password.salt.class).to eq String
+    expect(password.checksum).to eq("E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW")
+    expect(password.checksum.class).to eq String
+    expect(password.to_s).to eql(@hash)
+  end
+
+  specify "should raise an InvalidHashError when given an invalid hash" do
+    expect { BCrypt::Password.new('weedle') }.to raise_error(BCrypt::Errors::InvalidHash)
+  end
+end
+
+describe "Comparing a hashed password with a secret" do
+  before :each do
+    @secret = "U*U"
+    @hash = "$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW"
+    @password = BCrypt::Password.create(@secret)
+  end
+
+  specify "should compare successfully to the original secret" do
+    expect((@password == @secret)).to be(true)
+  end
+
+  specify "should compare unsuccessfully to anything besides original secret" do
+    expect((@password == "@secret")).to be(false)
+  end
+end
+
+describe "Validating a generated salt" do
+  specify "should not accept an invalid salt" do
+    expect(BCrypt::Engine.valid_salt?("invalid")).to eq(false)
+  end
+  specify "should accept a valid salt" do
+    expect(BCrypt::Engine.valid_salt?(BCrypt::Engine.generate_salt)).to eq(true)
+  end
+end
+
+describe "Validating a password hash" do
+  specify "should not accept an invalid password" do
+    expect(BCrypt::Password.valid_hash?("i_am_so_not_valid")).to be_falsey
+  end
+  specify "should accept a valid password" do
+    expect(BCrypt::Password.valid_hash?(BCrypt::Password.create "i_am_so_valid")).to be_truthy
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+$:.unshift File.expand_path('../../lib', __FILE__)
+require 'bcrypt'