passwordping 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 31d4b9fb4475b1fabca8031eea2650e53f4c0102
4
- data.tar.gz: 724759e58a8f0c95a3fb9cd7d57b7188d0d1335f
3
+ metadata.gz: 4700c7b670bd2e343c643e3e5f64a2d7c8880cae
4
+ data.tar.gz: 228089e6bb3fad5d660c71f10adb4cec2a109408
5
5
  SHA512:
6
- metadata.gz: 6e71c6c80d4284d94c6865ddccf7163ada73f7e8a5bf98bbb0e4bd30c786f7ad70bd9fb13245624ab26436d1aa798086540599d2a8faf25fab7fee4c5fa37886
7
- data.tar.gz: e3c9ec3cefc0de5bf8d2cc68a6b39c3ee13334559d1c9134a2a000df1e0993c5da0058c783042d672895b69e0c9201fe412f15b55dadc4754decb4f1229705fa
6
+ metadata.gz: c2b2c0cce6c5f209a3b9ddcceffd7d76a1dc2747a51f7eb6752e942719bdac7dfdd0c30e4aaff02c799c7df1c02276679395497d63a148a82e74fd50b40d7ab8
7
+ data.tar.gz: f3638fba98a5612b627495a616e90b21aafd732905917f129b4cfe2a0fe07b7bf6f385960538d2f9959cfc024b9fe1de8e57b6477d8fdfd17c83311dfcc14322
data/.gitignore CHANGED
@@ -14,3 +14,4 @@
14
14
  /ext/argon2-wrapper/tests
15
15
  /ext/argon2-wrapper/libargon2-wrapper.bundle*
16
16
  passwordping-1.0.0.gem
17
+ *.bundle
@@ -123,10 +123,7 @@ module PasswordPing
123
123
  password_hash = calc_password_hash(hash_spec["hashType"], password, hash_spec["salt"])
124
124
 
125
125
  if (password_hash != nil)
126
- argon2_hash = Hashing.argon2(username + "$" + password_hash, salt)
127
-
128
- just_hash = argon2_hash[argon2_hash.rindex('$') + 1 .. argon2_hash.length]
129
- return Base64.decode64(just_hash).unpack('H*')[0]
126
+ return Hashing.argon2_raw(username + "$" + password_hash, salt)
130
127
  else
131
128
  return nil
132
129
  end
@@ -4,7 +4,7 @@ require 'bcrypt'
4
4
  require 'unix_crypt'
5
5
  require 'zlib'
6
6
  require 'digest/whirlpool'
7
- require 'base64'
7
+ require 'base64url'
8
8
 
9
9
  module PasswordPing
10
10
  class Hashing
@@ -155,6 +155,47 @@ module PasswordPing
155
155
  return self.bcrypt(self.md5(to_hash), salt)
156
156
  end
157
157
 
158
+ def self.argon2_raw(to_hash, salt)
159
+ time_cost = 3
160
+ mem_cost = 10
161
+ threads = 2
162
+ hash_length = 20
163
+ just_salt = salt
164
+
165
+ #$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG
166
+ if (salt[0..6] == "$argon2")
167
+ # looks like we specified algo info for argon2 in the salt
168
+ salt_values = salt.split("$")
169
+ just_salt = Base64URL.decode(salt_values[4])
170
+ cost_params = salt_values[3].split(",")
171
+
172
+ for param in cost_params
173
+ begin
174
+ param_parts = param.split("=")
175
+ if (param_parts[0] == "t")
176
+ time_cost = Integer(param_parts[1])
177
+ elsif (param_parts[0] == "m")
178
+ mem_cost = Math.log2(Integer(param_parts[1])).round
179
+ elsif (param_parts[0] == "p")
180
+ threads = Integer(param_parts[1])
181
+ elsif (param_parts[0] == "l")
182
+ hash_length = Integer(param_parts[1])
183
+ end
184
+ rescue ArgumentError
185
+ # ignore invalid params and just use default
186
+ end
187
+ end
188
+
189
+ if (salt_values[1] == "argon2i")
190
+ return Argon2Wrapper.hash_argon2i(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
191
+ else
192
+ return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
193
+ end
194
+ else
195
+ return Argon2Wrapper.hash_argon2d(to_hash, just_salt, time_cost, mem_cost, threads, hash_length)
196
+ end
197
+ end
198
+
158
199
  def self.argon2(to_hash, salt)
159
200
  time_cost = 3
160
201
  mem_cost = 10
@@ -166,7 +207,7 @@ module PasswordPing
166
207
  if (salt[0..6] == "$argon2")
167
208
  # looks like we specified algo info for argon2 in the salt
168
209
  salt_values = salt.split("$")
169
- just_salt = Base64.decode64(salt_values[4])
210
+ just_salt = Base64URL.decode(salt_values[4])
170
211
  cost_params = salt_values[3].split(",")
171
212
 
172
213
  for param in cost_params
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
  # Standard Gem version constant.
3
3
  module PasswordPing
4
- VERSION = "1.0.1".freeze
4
+ VERSION = "1.0.2".freeze
5
5
  end
@@ -25,10 +25,12 @@ Gem::Specification.new do |spec|
25
25
  spec.add_dependency 'rest-client', '~> 2.0', '>= 2.0.2'
26
26
  spec.add_dependency 'bcrypt', '~> 3.1', '>= 3.1.11'
27
27
  spec.add_dependency 'unix-crypt', '~> 1.3'
28
+ spec.add_dependency 'base64url', '~> 1.0', '>= 1.0.1'
28
29
 
29
30
  spec.add_development_dependency "bundler", '~> 1.10', '>= 1.10.5'
30
31
  spec.add_development_dependency "rake", '~> 10.4', '>= 10.4.2'
31
32
  spec.add_development_dependency "test-unit", '~> 3.2', '>= 3.2.4'
32
33
  spec.add_development_dependency "rake-compiler", '~> 1.0', '>= 1.0.4'
34
+ spec.add_development_dependency "io-console", '~> 0.4', '>= 0.4.6'
33
35
  spec.extensions = ['ext/argon2-wrapper/extconf.rb', "ext/digest/whirlpool/extconf.rb" ]
34
36
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: passwordping
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - PasswordPing
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-06-08 00:00:00.000000000 Z
11
+ date: 2017-06-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -92,6 +92,26 @@ dependencies:
92
92
  - - "~>"
93
93
  - !ruby/object:Gem::Version
94
94
  version: '1.3'
95
+ - !ruby/object:Gem::Dependency
96
+ name: base64url
97
+ requirement: !ruby/object:Gem::Requirement
98
+ requirements:
99
+ - - "~>"
100
+ - !ruby/object:Gem::Version
101
+ version: '1.0'
102
+ - - ">="
103
+ - !ruby/object:Gem::Version
104
+ version: 1.0.1
105
+ type: :runtime
106
+ prerelease: false
107
+ version_requirements: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - "~>"
110
+ - !ruby/object:Gem::Version
111
+ version: '1.0'
112
+ - - ">="
113
+ - !ruby/object:Gem::Version
114
+ version: 1.0.1
95
115
  - !ruby/object:Gem::Dependency
96
116
  name: bundler
97
117
  requirement: !ruby/object:Gem::Requirement
@@ -172,6 +192,26 @@ dependencies:
172
192
  - - ">="
173
193
  - !ruby/object:Gem::Version
174
194
  version: 1.0.4
195
+ - !ruby/object:Gem::Dependency
196
+ name: io-console
197
+ requirement: !ruby/object:Gem::Requirement
198
+ requirements:
199
+ - - "~>"
200
+ - !ruby/object:Gem::Version
201
+ version: '0.4'
202
+ - - ">="
203
+ - !ruby/object:Gem::Version
204
+ version: 0.4.6
205
+ type: :development
206
+ prerelease: false
207
+ version_requirements: !ruby/object:Gem::Requirement
208
+ requirements:
209
+ - - "~>"
210
+ - !ruby/object:Gem::Version
211
+ version: '0.4'
212
+ - - ">="
213
+ - !ruby/object:Gem::Version
214
+ version: 0.4.6
175
215
  description: Ruby library for PasswordPing API
176
216
  email:
177
217
  - support@passwordping.com
@@ -276,7 +316,6 @@ files:
276
316
  - ext/phc-winner-argon2/vs2015/Argon2RefGenKAT/Argon2RefGenKAT.vcxproj.filters
277
317
  - ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj
278
318
  - ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj.filters
279
- - lib/digest/whirlpool.bundle
280
319
  - lib/passwordping.rb
281
320
  - lib/passwordping/argon2_wrapper_ffi.rb
282
321
  - lib/passwordping/constants.rb
Binary file