pbkdf2 0.1.0

data/LICENSE.TXT

@@ -0,0 +1,21 @@
+Copyright (c) 2008 Sam Quigley <quigley@emerose.com>
+ 
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+ 
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+ 
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+This license is sometimes referred to as "The MIT License"

data/README.markdown

@@ -0,0 +1,158 @@
+# PBKDF2 #
+
+A Ruby implementation of the [Password-Based Key-Derivation Function, uh,
+2][PBKDF2].
+
+## Using PBKDF2 ##
+
+The basic steps are: 
+
+1. Instantiate a `PBKDF2` object 
+2. Call `#bin_string` (or `#hex_string`) on it to recover the binary (hex) form of the key
+
+To instantiate, you can either pass the required arguments as options in a
+hash, like so:
+
+    PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>10000)
+
+or use the (easier and prettier, in my view) builder idiom:
+
+    PBKDF2.new do |p| 
+      p.password = "s33krit"
+      p.salt = "nacl"
+      p.iterations = 10000
+    end
+
+You can also mix-and-match ways of passing arguments, but I don't know why
+you'd want to do that.
+
+### Required options ###
+
+A `PBKDF2` object cannot be instantiated without setting the following options:
+
+* **`password`**: The passphrase used for the key, passed as a (possibly
+  binary) string.
+
+  This should be kept secret, preferably nowhere but the end-user's memory.
+
+* **`salt`**: A salt for this passphrase, passed as a (possibly binary)
+  string.
+
+  This does not need to be kept secret, but should be made as long as is
+  reasonable (64-128 bits) to avoid precomputed image ("rainbow table")
+  attacks.
+
+* **`iterations`**: The number of iterated hashes to calculate, expressed as
+  an integer.
+
+  This does not need to be kept secret, but should be made as large as is
+  reasonable.  See below for guidance on choosing a good number for this.
+
+PBKDF2 objects can also be configured with the following options:
+
+* **`hash_function`**: The hashing algorithm to be used.  
+
+  This option may be expressed in a number of ways:
+    * As a `Class` object, such as `OpenSSL::Digest::SHA512`. Only OpenSSL
+      digest classes are supported at the moment.
+    * As an already-instantiated OpenSSL digest object, such as the result of
+      `OpenSSL::Digest::SHA512.new`. If you use this method, take care that
+      the hash object is in its just-initialized state (or that the same hash
+      object with the same state is used whenever keys are generated/checked).
+    * As a string which is understood by `OpenSSL::Digest::Digest.new()`.  
+      Things like "sha1", "md5", "RIPEMD160", etc. all work fine.  If the
+      string begins with the text "hmacWith" it will be stripped before
+      passing it to the underlying OpenSSL library, making it possible to use
+      arguments that at least look more like the ASN.1 identifiers in the
+      spec.
+    * A symbol, like `:sha256`, that, when converted to a string, meets the
+      rules for strings above.
+
+  If not specified, SHA-256 will be used.  (Note that other implementations
+  may default to SHA-1.)
+
+* **`key_length`**: The length, in bytes, of the key you wish to generate.
+
+  By default, the key generated will be equal in length to the hash output
+  size. This can be adjusted to any size required, up to `((2**32 - 1) * (hash
+  length)`.
+
+If a required parameter is missing, or if an invalid parameter is passed to one of these options, an `ArgumentError` exception will be raised.
+
+## Setting the Number of Iterations ##
+
+The `iterations` option exposed by PBKDF2 provides a way of controlling the 
+amount of work required to check a candidate passphrase.  It can be thought of
+as a work factor governing the amount of work an attacker must do in order to
+perform a dictionary or brute-force attack on passwords.  Unfortunately, it
+also governs the amount of work that must be performed on behalf of legitimate
+users must when checking credentials.
+
+Choosing the correct value for this parameter is thus a balancing act: it
+should be set as high as possible, to make attacks as difficult as possible,
+without making legitimate applications unusably slow.  One method for choosing
+a value is based on estimating an upper bound on the resources an attacker is
+likely to have available, and then finding an iteration count that makes such
+attacks unprofitable.  A useful example of this sort of reasoning can be found
+in the [Security Considerations section of RFC 3962][ITERS].
+
+The other approach for choosing the iterations count is to decide the maximum
+performance penalty that can be tolerated in the context of the application,
+and to set the iteration count so that it remains within these bounds.  The
+`PBKDF2` module contains a `benchmark` method for this purpose: to use it,
+instantiate a `PBKDF2` object as normal, using the `hash_function` and
+`key_length` you intend to use in the final application.  Then, call the
+`benchmark` method on the object: the result will be the time, in seconds,
+required to complete one iteration.  Divide the maximum performance penalty
+by this number to find the number of iterations you should choose.
+
+The first method requires implementors to estimate a number of important
+variables, including the resources available to attackers, which may be
+difficult or impossible to do well.  The second method is also prone to error,
+as it can be difficult to predict load characteristics in production
+conditions, or the impact of a few milliseconds' delay on end-user
+perceptions.  The best approach will necessarily involve trying both
+approaches and balancing the competing concerns against one-another.
+
+Note that no default for this option is provided, as a way of forcing 
+implementors to consider this issue in their own contexts. Anyone who, having
+read and understood the above, is still unsure what the value to choose should
+just use 5,000 and move on.
+
+## Relevant Standards ##
+
+PBKDF2 was originally defined as part of RSA Laboratories' [PKCS #5][PKCS],
+part of their Public-Key Cryptography Standards series. It has since been
+republished as [RFC 2898][RFC].
+
+### Standards Conformance ###
+
+This implementation conforms to [RFC 2898][RFC], and has been tested using the
+test vectors in Appendix B of [RFC 3962][3962]. Note, however, that while
+those specifications use [HMAC][HMAC]-[SHA-1][SHA1], **this implementation
+defaults to [HMAC][HMAC]-[SHA-256][SHA1]**. (SHA-256 provides a longer bit
+length. In addition, NIST has [stated][NIST] that SHA-1 should be phased out
+due to concerns over recent cryptanalytic attacks.)
+
+## TODO ##
+
+This version is essentially complete.  If ASN.1 weren't such a nightmare, it 
+might be useful to be able to initialize `PBKDF2` objects based on standard
+OIDs for parameters.  It would also be nice to have a standard envelope for 
+serializing sets of {key, salt, options}.  Both of these are probably tasks
+for other modules, however.  (YAML fits the bill pretty well already.)
+
+## License ##
+
+This software is ©2008 Sam Quigley <quigley@emerose.com>.  See the
+LICENSE.TXT file accompanying this document for the terms under which it may
+be used and distributed.
+
+[PBKDF2]: http://en.wikipedia.org/wiki/PBKDF2 "Wikipedia: PBKDF2"
+[PKCS]: http://www.rsa.com/rsalabs/node.asp?id=2127 "PKCS #5"
+[RFC]: http://tools.ietf.org/html/rfc2898 "RFC 2898"
+[3962]: http://tools.ietf.org/html/rfc3962 "RFC 3962"
+[SHA1]: http://en.wikipedia.org/wiki/SHA-1 "Wikipedia: SHA-1"
+[HMAC]: http://tools.ietf.org/html/rfc2104 "RFC 2104"
+[ITERS]: http://tools.ietf.org/html/rfc3962#page-6 "RFC 3962: Section 8"
+[NIST]: http://csrc.nist.gov/groups/ST/hash/statement.html "NIST Comments on Cryptanalytic Attacks on SHA-1"

data/Rakefile

@@ -0,0 +1,45 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "pbkdf2"
+    gem.summary = %Q{Password-Based Key Derivation Function 2 - PBKDF2}
+    gem.description = %Q{This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-256. (SHA-256 provides a longer bit length. In addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.)}
+    gem.email = "quigley@emerose.com"
+    gem.homepage = "http://github.com/emerose/pbkdf2-ruby"
+    gem.authors = ["Sam Quigley"]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'spec/rake/spectask'
+Spec::Rake::SpecTask.new(:spec) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :spec => :check_dependencies
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "pbkdf2 #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/benchmark.rb

@@ -0,0 +1,33 @@
+require 'benchmark'
+require 'lib/pbkdf2'
+
+n = 5000
+#
+# from active-ldap
+module Salt
+  CHARS = ['.', '/', '0'..'9', 'A'..'Z', 'a'..'z'].collect do |x|
+    x.to_a
+  end.flatten
+  module_function
+  def generate(length)
+    salt = ""
+    length.times {salt << CHARS[rand(CHARS.length)]}
+    salt
+  end
+end
+
+def next_salt
+  Salt.generate(64)
+end
+Benchmark.bm do |x|
+  x.report do
+    1.upto(n) do
+      PBKDF2.new do |p| 
+        p.password = "s33krit"
+        p.salt = next_salt
+        p.iterations = 10000
+      end
+    end
+  end
+end
+

data/lib/pbkdf2.rb

@@ -0,0 +1,168 @@
+require 'openssl'
+
+class PBKDF2
+  def initialize(opts={})
+    @hash_function = OpenSSL::Digest::Digest.new("sha256")
+    
+    # override with options
+    opts.each_key do |k|
+      if self.respond_to?("#{k}=")
+        self.send("#{k}=", opts[k])
+      else
+        raise ArgumentError, "Argument '#{k}' is not allowed"
+      end
+    end
+    
+    yield self if block_given?
+
+    # set this to the default if nothing was given
+    @key_length ||= @hash_function.size
+    
+    # make sure the relevant things got set
+    raise ArgumentError, "password not set" if @password.nil?
+    raise ArgumentError, "salt not set" if @salt.nil?
+    raise ArgumentError, "iterations not set" if @iterations.nil?
+  end
+  attr_reader :key_length, :hash_function, :iterations, :salt, :password
+  
+  def key_length=(l)
+    raise ArgumentError, "key too short" if l < 1
+    raise ArgumentError, "key too long" if l > ((2**32 - 1) * @hash_function.size)
+    @value = nil
+    @key_length = l
+  end
+  
+  def hash_function=(h) 
+    @value = nil
+    @hash_function = find_hash(h)
+  end
+  
+  def iterations=(i)
+    raise ArgumentError, "iterations can't be less than 1" if i < 1
+    @value = nil
+    @iterations = i
+  end
+  
+  def salt=(s)
+    @value = nil
+    @salt = s
+  end
+  
+  def password=(p)
+    @value = nil
+    @password = p
+  end
+  
+  def value
+    calculate! if @value.nil?
+    @value
+  end    
+  
+  alias bin_string value
+    
+  def hex_string
+    bin_string.unpack("H*").first
+  end
+  
+  # return number of milliseconds it takes to complete one iteration
+  def benchmark(iters = 400000)
+    iter_orig = @iterations
+    @iterations=iters
+    start = Time.now
+    calculate!
+    time = Time.now - start
+    @iterations = iter_orig
+    return (time/iters)
+  end
+  
+  protected
+  
+  # finds and instantiates, if necessary, a hash function
+  def find_hash(hash)
+    case hash
+    when Class
+      # allow people to pass in classes to be instantiated
+      # (eg, pass in OpenSSL::Digest::SHA1)
+      hash = find_hash(hash.new)
+    when Symbol
+      # convert symbols to strings and see if OpenSSL::Digest can make sense of
+      hash = find_hash(hash.to_s)
+    when String
+      # if it's a string, first strip off any leading 'hmacWith' (which is implied)
+      hash.gsub!(/^hmacWith/i,'')
+      # see if the OpenSSL lib understands it
+      hash = OpenSSL::Digest::Digest.new(hash)
+    when OpenSSL::Digest
+    when OpenSSL::Digest::Digest
+      # ok
+    else
+      raise TypeError, "Unknown hash type: #{hash.class}"
+    end
+    hash
+  end
+  
+  # the pseudo-random function defined in the spec
+  def prf(data)
+    OpenSSL::HMAC.digest(@hash_function, @password, data)
+  end
+  
+  # this is a translation of the helper function "F" defined in the spec
+  def calculate_block(block_num)
+    # u_1:
+    u = prf(salt+[block_num].pack("N"))
+    ret = u
+    # u_2 through u_c:
+    2.upto(@iterations) do
+      # calculate u_n
+      u = prf(u)
+      # xor it with the previous results
+      ret = ret^u
+    end
+    ret
+  end
+
+  # the bit that actually does the calculating
+  def calculate!
+    # how many blocks we'll need to calculate (the last may be truncated)
+    blocks_needed = (@key_length.to_f / @hash_function.size).ceil
+    # reset
+    @value = ""
+    # main block-calculating loop:
+    1.upto(blocks_needed) do |block_num|
+     @value << calculate_block(block_num)
+    end
+    # truncate to desired length:
+    @value = @value.slice(0,@key_length)
+    @value
+  end
+end
+
+
+class String
+  if RUBY_VERSION >= "1.9"
+    def xor_impl(other)
+      result = ""
+      o_bytes = other.bytes.to_a
+      bytes.each_with_index do |c, i|
+        result << (c ^ o_bytes[i])
+      end
+      result
+    end
+  else
+    def xor_impl(other)
+      result = (0..self.length-1).collect { |i| self[i] ^ other[i] }
+      result.pack("C*")
+    end
+  end
+
+  private :xor_impl
+
+  def ^(other)
+    raise ArgumentError, "Can't bitwise-XOR a String with a non-String" \
+      unless other.kind_of? String
+    raise ArgumentError, "Can't bitwise-XOR strings of different length" \
+      unless self.length == other.length
+
+    xor_impl(other)
+  end
+end

data/pbkdf2.gemspec

@@ -0,0 +1,56 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{pbkdf2}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Sam Quigley"]
+  s.date = %q{2010-07-25}
+  s.description = %q{This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-256. (SHA-256 provides a longer bit length. In addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.)}
+  s.email = %q{quigley@emerose.com}
+  s.extra_rdoc_files = [
+    "LICENSE.TXT",
+     "README.markdown"
+  ]
+  s.files = [
+    "LICENSE.TXT",
+     "README.markdown",
+     "Rakefile",
+     "VERSION",
+     "benchmark.rb",
+     "lib/pbkdf2.rb",
+     "pbkdf2.gemspec",
+     "spec/pbkdf2_spec.rb",
+     "spec/rfc3962_spec.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/emerose/pbkdf2-ruby}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Password-Based Key Derivation Function 2 - PBKDF2}
+  s.test_files = [
+    "spec/pbkdf2_spec.rb",
+     "spec/rfc3962_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+    else
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+  end
+end
+

data/spec/pbkdf2_spec.rb

@@ -0,0 +1,144 @@
+require File.dirname(__FILE__) + '/spec_helper.rb'
+
+describe PBKDF2, "when initializing" do
+  it "should raise an ArgumentError if an unrecognized parameter is passed" do
+    lambda {PBKDF2.new(:foo=>1)}.should raise_error(ArgumentError)
+  end
+
+  it "should raise an ArgumentError if a password is not set" do
+    lambda {PBKDF2.new(:salt=>"nacl", :iterations=>1000)}.should raise_error(ArgumentError)
+  end
+  
+  it "should raise an ArgumentError if a salt is not set" do
+    lambda {PBKDF2.new(:password=>"s33krit", :iterations=>1000)}.should raise_error(ArgumentError)
+  end
+  
+  it "should raise an ArgumentError if iterations is not set" do
+    lambda {PBKDF2.new(:password=>"s33krit", :salt=>"nacl")}.should raise_error(ArgumentError)
+  end
+  
+  it "should allow setting options in a block" do
+    PBKDF2.new do |x|
+      x.password = "s33krit"
+      x.salt = "nacl"
+      x.iterations = 1000
+    end
+  end
+end
+
+describe PBKDF2, "when configuring a hash function" do
+  it "should default to SHA256" do
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000)
+    p.hash_function.name.should == "SHA256"
+  end
+
+  it "should support at least SHA1, SHA512, and MD5" do 
+    %w{SHA1 SHA512 MD5}.each do |alg|
+      p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>alg)
+      p.hash_function.name.should == alg
+    end
+  end
+
+  it "should allow setting by symbols" do 
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>:sha512)
+    p.hash_function.name.should == "SHA512"
+  end
+
+  it "should allow setting by strings" do 
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>"sha512")
+    p.hash_function.name.should == "SHA512"
+  end
+
+  it "should allow setting by PKCS-style 'hmacWith' strings" do 
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>"hmacWithSHA512")
+    p.hash_function.name.should == "SHA512"
+  end
+
+  it "should allow setting by classes in OpenSSL::Digest" do 
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>OpenSSL::Digest::SHA512)
+    p.hash_function.name.should == "SHA512"
+  end
+
+  it "should allow setting by an instantiated object of type OpenSSL::Digest::Digest" do 
+    hfunc = OpenSSL::Digest::SHA512.new
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>hfunc)
+    p.hash_function.name.should == "SHA512"
+  end
+end
+
+describe PBKDF2, "when setting a key length" do
+  it "should default to the size of the hash function used" do
+    %w{SHA1 SHA512 MD5}.each do |alg|
+      p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :hash_function=>alg)
+      p.key_length.should == OpenSSL::Digest::Digest.new(alg).size
+    end    
+  end
+
+  it "should throw an ArgumentError if a negative length is set" do
+    lambda {p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1000, :key_length=>-1)}.should  raise_error(ArgumentError)
+  end
+
+  it "should throw an ArgumentError if too long a length is set" do
+    not_too_long = ((2**32 - 1) * OpenSSL::Digest::SHA256.new.size)
+    too_long = not_too_long + 1
+    lambda {p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1, :key_length=>not_too_long, :hash_function=>:sha256)}.should_not  raise_error(ArgumentError)
+    lambda {p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1, :key_length=>too_long, :hash_function=>:sha256)}.should  raise_error(ArgumentError)
+  end
+
+  it "should ensure that the derived key really is that long" do
+    length = 123
+    p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>1, :key_length=>length)
+    p.bin_string.length.should == length
+  end
+end
+
+describe PBKDF2, "when setting the number of iterations" do
+  it "should throw an ArgumentError if a number less than 1 is passed" do
+    lambda {p = PBKDF2.new(:password=>"s33krit", :salt=>"nacl", :iterations=>0)}.should  raise_error(ArgumentError)
+  end
+end
+
+describe PBKDF2, "once created" do
+  before do
+    @p = PBKDF2.new do |x|
+      x.password = "s33krit"
+      x.salt = "nacl"
+      x.iterations = 1
+    end
+    @val = @p.hex_string
+  end
+
+  it "should have the same hex value as another, identically derived key" do
+    q = PBKDF2.new do |x|
+      x.password = "s33krit"
+      x.salt = "nacl"
+      x.iterations = 1
+    end
+    @p.hex_string.should == q.hex_string
+  end
+  
+  it "should recalculate the value if the password changes" do
+    @p.password = "foo"
+    @p.hex_string.should_not == @val
+  end
+  
+  it "should recalculate the value if the salt changes" do
+    @p.salt = "foo"
+    @p.hex_string.should_not == @val
+  end
+  
+  it "should recalculate the value if the number of iterations changes" do
+    @p.iterations = 2
+    @p.hex_string.should_not == @val
+  end
+
+  it "should recalculate the value if the hash function changes" do
+    @p.hash_function = :md5
+    @p.hex_string.should_not == @val
+  end
+
+  it "should recalculate the value if the key length changes" do
+    @p.key_length = 10
+    @p.hex_string.should_not == @val
+  end
+end

data/spec/rfc3962_spec.rb

@@ -0,0 +1,195 @@
+require File.dirname(__FILE__) + '/spec_helper.rb'
+
+describe PBKDF2, "when deriving keys" do
+  # see http://www.rfc-archive.org/getrfc.php?rfc=3962
+  # all examples there use HMAC-SHA1
+  it "should match the first test case in appendix B of RFC 3962" do
+  # Iteration count = 1
+  # Pass phrase = "password"
+  # Salt = "ATHENA.MIT.EDUraeburn"
+  # 128-bit PBKDF2 output:
+  #    cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15
+  # 256-bit PBKDF2 output:
+  #    cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15
+  #    0a d1 f7 a0 4b b9 f3 a3 33 ec c0 e2 e1 f7 08 37
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 1
+      p.password = "password"
+      p.salt = "ATHENA.MIT.EDUraeburn"
+      p.key_length = 128/8
+    end
+    
+    expected = "cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "cd ed b5 28 1b b2 f8 01 56 5a 11 22 b2 56 35 15" +
+                "0a d1 f7 a0 4b b9 f3 a3 33 ec c0 e2 e1 f7 08 37"
+    
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end
+
+  it "should match the second test case in appendix B of RFC 3962" do
+    # Iteration count = 2
+    # Pass phrase = "password"
+    # Salt="ATHENA.MIT.EDUraeburn"
+    # 128-bit PBKDF2 output:
+    #    01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d
+    # 256-bit PBKDF2 output:
+    #    01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d
+    #    a0 53 78 b9 32 44 ec 8f 48 a9 9e 61 ad 79 9d 86
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 2
+      p.password = "password"
+      p.salt = "ATHENA.MIT.EDUraeburn"
+      p.key_length = 128/8
+    end
+    
+    expected = "01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "01 db ee 7f 4a 9e 24 3e 98 8b 62 c7 3c da 93 5d" + 
+                "a0 53 78 b9 32 44 ec 8f 48 a9 9e 61 ad 79 9d 86"
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end
+
+  it "should match the third test case in appendix B of RFC 3962" do
+    # Iteration count = 1200
+    # Pass phrase = "password"
+    # Salt = "ATHENA.MIT.EDUraeburn"
+    # 128-bit PBKDF2 output:
+    #    5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
+    # 256-bit PBKDF2 output:
+    #    5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b
+    #    a7 e5 2d db c5 e5 14 2f 70 8a 31 e2 e6 2b 1e 13
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 1200
+      p.password = "password"
+      p.salt = "ATHENA.MIT.EDUraeburn"
+      p.key_length = 128/8
+    end
+    
+    expected = "5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "5c 08 eb 61 fd f7 1e 4e 4e c3 cf 6b a1 f5 51 2b" +
+                "a7 e5 2d db c5 e5 14 2f 70 8a 31 e2 e6 2b 1e 13"
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end
+
+  it "should match the fourth test case in appendix B of RFC 3962" do
+    # Iteration count = 5
+    # Pass phrase = "password"
+    # Salt=0x1234567878563412
+    # 128-bit PBKDF2 output:
+    #    d1 da a7 86 15 f2 87 e6 a1 c8 b1 20 d7 06 2a 49
+    # 256-bit PBKDF2 output:
+    #    d1 da a7 86 15 f2 87 e6 a1 c8 b1 20 d7 06 2a 49
+    #    3f 98 d2 03 e6 be 49 a6 ad f4 fa 57 4b 6e 64 ee
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 5
+      p.password = "password"
+      p.salt = [0x1234567878563412].pack("Q")
+      p.key_length = 128/8
+    end
+    
+    expected = "d1 da a7 86 15 f2 87 e6 a1 c8 b1 20 d7 06 2a 49"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "d1 da a7 86 15 f2 87 e6 a1 c8 b1 20 d7 06 2a 49" +
+                "3f 98 d2 03 e6 be 49 a6 ad f4 fa 57 4b 6e 64 ee"
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end
+
+  it "should match the fifth test case in appendix B of RFC 3962" do
+    # Iteration count = 1200
+    # Pass phrase = (64 characters)
+    #  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+    # Salt="pass phrase equals block size"
+    # 128-bit PBKDF2 output:
+    #    13 9c 30 c0 96 6b c3 2b a5 5f db f2 12 53 0a c9
+    # 256-bit PBKDF2 output:
+    #    13 9c 30 c0 96 6b c3 2b a5 5f db f2 12 53 0a c9
+    #    c5 ec 59 f1 a4 52 f5 cc 9a d9 40 fe a0 59 8e d1
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 1200
+      p.password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+      p.salt = "pass phrase equals block size"
+      p.key_length = 128/8
+    end
+    
+    expected = "13 9c 30 c0 96 6b c3 2b a5 5f db f2 12 53 0a c9"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "13 9c 30 c0 96 6b c3 2b a5 5f db f2 12 53 0a c9" +
+                "c5 ec 59 f1 a4 52 f5 cc 9a d9 40 fe a0 59 8e d1"
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end
+  
+  it "should match the sixth test case in appendix B of RFC 3962" do
+    # Iteration count = 1200
+    # Pass phrase = (65 characters)
+    #  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+    # Salt = "pass phrase exceeds block size"
+    # 128-bit PBKDF2 output:
+    #    9c ca d6 d4 68 77 0c d5 1b 10 e6 a6 87 21 be 61
+    # 256-bit PBKDF2 output:
+    #    9c ca d6 d4 68 77 0c d5 1b 10 e6 a6 87 21 be 61
+    #    1a 8b 4d 28 26 01 db 3b 36 be 92 46 91 5e c8 2a
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 1200
+      p.password = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+      p.salt = "pass phrase exceeds block size"
+      p.key_length = 128/8
+    end
+    
+    expected = "9c ca d6 d4 68 77 0c d5 1b 10 e6 a6 87 21 be 61"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "9c ca d6 d4 68 77 0c d5 1b 10 e6 a6 87 21 be 61" +
+                "1a 8b 4d 28 26 01 db 3b 36 be 92 46 91 5e c8 2a"
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end  
+  
+  it "should match the seventh test case in appendix B of RFC 3962" do
+    # Iteration count = 50
+    # Pass phrase = g-clef (0xf09d849e)
+    # Salt = "EXAMPLE.COMpianist"
+    # 128-bit PBKDF2 output:
+    #    6b 9c f2 6d 45 45 5a 43 a5 b8 bb 27 6a 40 3b 39
+    # 256-bit PBKDF2 output:
+    #    6b 9c f2 6d 45 45 5a 43 a5 b8 bb 27 6a 40 3b 39
+    #    e7 fe 37 a0 c4 1e 02 c2 81 ff 30 69 e1 e9 4f 52
+    p = PBKDF2.new do |p|
+      p.hash_function = :sha1
+      p.iterations = 50
+      # this is a gorram horrible test case.  it took me quite a while to
+      # track down why 0xf09d849e should be interpreted as "\360\235\204\236"
+      # (which is what other code uses for this example).  the mysterious 
+      # "g-clef" annotation didn't help (turns out to be a Unicode character
+      # in UTF8 -- ie, 0xf0 0x9d 0x84 0x9e)
+      p.password = [0xf09d849e].pack("N")
+      p.salt = "EXAMPLE.COMpianist"
+      p.key_length = 128/8
+    end
+    
+    expected = "6b 9c f2 6d 45 45 5a 43 a5 b8 bb 27 6a 40 3b 39"
+    p.hex_string.should == expected.gsub(' ','')
+    
+    expected =  "6b 9c f2 6d 45 45 5a 43 a5 b8 bb 27 6a 40 3b 39" +
+                "e7 fe 37 a0 c4 1e 02 c2 81 ff 30 69 e1 e9 4f 52"
+    p.key_length = 256/8
+    p.hex_string.should == expected.gsub(' ','')
+  end
+end

data/spec/spec.opts

@@ -0,0 +1 @@
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+Dir[File.join(File.dirname(__FILE__), '..', "lib", "*.rb")].each { |f| require f }
+

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification 
+name: pbkdf2
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Sam Quigley
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-25 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 13
+        segments: 
+        - 1
+        - 2
+        - 9
+        version: 1.2.9
+  type: :development
+  version_requirements: *id001
+description: This implementation conforms to RFC 2898, and has been tested using the test vectors in Appendix B of RFC 3962. Note, however, that while those specifications use HMAC-SHA-1, this implementation defaults to HMAC-SHA-256. (SHA-256 provides a longer bit length. In addition, NIST has stated that SHA-1 should be phased out due to concerns over recent cryptanalytic attacks.)
+email: quigley@emerose.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.TXT
+- README.markdown
+files: 
+- LICENSE.TXT
+- README.markdown
+- Rakefile
+- VERSION
+- benchmark.rb
+- lib/pbkdf2.rb
+- pbkdf2.gemspec
+- spec/pbkdf2_spec.rb
+- spec/rfc3962_spec.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/emerose/pbkdf2-ruby
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Password-Based Key Derivation Function 2 - PBKDF2
+test_files: 
+- spec/pbkdf2_spec.rb
+- spec/rfc3962_spec.rb
+- spec/spec_helper.rb