pbkdf2_password_hasher 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e5ef13ed0a6bd80499e058a98c70fe3797f5b5e7
+  data.tar.gz: 0abc6f671b5cf855ce359db027c32aea1d55a10c
+SHA512:
+  metadata.gz: 2b7dcfa535e5e19c1141d3e4668dba5ffd50b919e5f7a699049223a34f51639a144a1cbc067d4e7743f4dd88c35914887fd6d053b8a79a06529b4d0966469839
+  data.tar.gz: 4e2bc782267f3f554abcafe049c6841666e8fbeae805ff03f1b0f1a88667186070bab55fb5463531a4782e3515f0b1e36487ebd5bf29e6030ddbf80701da7a3c

data/.gitignore

@@ -0,0 +1,18 @@
+*.swp
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in pbkdf2_password_hasher.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Aurélien Hervé
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,41 @@
+pbkdf2-password-hasher
+======================
+
+Compute a pbkdf2 hash of a string, and/or check a password against a pbkdf2 hashed string.
+
+This was originally built to import password hashes from django application to rails/devise application
+
+## Installation
+
+In your Gemfile : 
+```ruby
+gem pbkdf2_password_hasher, git: 'aherve/pbkdf2-password-hasher'
+```
+
+or install it with:
+```ruby
+gem install pbkdf2_password_hasher
+```
+
+## Usage
+
+- Hash a password with salt:
+```ruby
+salt = 'NaCl'    # random salt key
+pass = 's3cr3t'  # your password
+it   = 1000      # number of iterations
+
+hash = Pbkdf2PasswordHasher.hash_password(pass,salt,it)
+```
+- Check password validity against string
+
+```ruby
+# hashed string from django app
+hsh ='pbkdf2_sha256$12000$PEnXGf9dviXF$2soDhu1WB8NSbFDm0w6NEe6OvslVXtiyf4VMiiy9rH0=' 
+
+# with right password:
+Pbkdf2PasswordHasher.check_password('bite',hsh) #=> true
+
+#with wrong password:
+Pbkdf2PasswordHasher.check_password('bitten',hsh) #=> false
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/pbkdf2_password_hasher/django_hash.rb

@@ -0,0 +1,68 @@
+require 'openssl'
+require 'base64'
+
+class DjangoHash
+  attr_reader :hsh
+
+  def initialize(params)
+    @password  = params[:password]
+    @dklen     = params[:dklen]    || 32
+    @c         = params[:c].to_i   || 12000
+    @hsh       = params[:hash]
+    @salt      = params[:salt]
+
+    @hash_f = OpenSSL::Digest.new("sha256")
+  end
+
+  # Instanciate class using hash string
+  def self.parse(str)
+    algo,c,salt,hsh = str.split('$')
+    raise "sorry, don't know what to do with #{algo}" unless algo == 'pbkdf2_sha256'
+    DjangoHash.new(
+      :dklen => Base64.decode64(hsh).size,
+      :c     => c,
+      :salt  => salt,
+      :hash  => hsh,
+    )
+  end
+
+  # Compute hash
+  def get_hash
+    (1..number_of_blocks).map(&block).reduce("",&:<<)
+  end
+
+  # Check password against computed hash
+  def check_password(password)
+    @password = password
+    @hsh == get_hash
+  end
+
+  private
+
+  def number_of_blocks
+    (@dklen.to_f/@hash_f.size).ceil
+  end
+
+  # "string xor"
+  def xor(s1,s2)
+    s1.bytes.zip((s2).bytes).map{|a,b| a ^ b}.pack("C*")
+  end
+
+  # Pseudo Random Function, as described in wikipedia
+  def prf(data)
+    @hash_func ||= OpenSSL::Digest.new("sha256")
+    OpenSSL::HMAC.digest(@hash_func,@password, data)
+  end
+
+  def block
+    -> i {
+      u = prf(@salt+[i].pack("N"))
+      f = u
+      2.upto(@c) do |i|
+        u = prf(u)
+        f = xor(f,u)
+      end
+      Base64.encode64(f[0..@dklen-1]).chomp
+    }
+  end
+end

data/lib/pbkdf2_password_hasher/version.rb

@@ -0,0 +1,3 @@
+module Pbkdf2PasswordHasher
+  VERSION = "0.1.0"
+end

data/lib/pbkdf2_password_hasher.rb

@@ -0,0 +1,26 @@
+require "pbkdf2_password_hasher/version"
+require 'pbkdf2_password_hasher/django_hash'
+
+module Pbkdf2PasswordHasher
+
+  class << self
+
+    # compute a hash from password, salt, number of iterations, and key length
+    def hash_password(pass,salt,nb_of_iterations,key_length=32)
+      DjangoHash.new(
+        :password => pass,
+        :salt     => salt,
+        :c        => nb_of_iterations,
+        :dklen    => key_length,
+      ).get_hash
+    end
+
+    # Check password against hash string
+    def check_password(pass,hash)
+      DjangoHash::parse(hash).check_password(pass)
+    end
+
+  end
+
+end
+

data/pbkdf2_password_hasher.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pbkdf2_password_hasher/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "pbkdf2_password_hasher"
+  spec.version       = Pbkdf2PasswordHasher::VERSION
+  spec.authors       = ["Aurélien Hervé"]
+  spec.email         = ["mail@aurelien-herve.com"]
+  spec.summary       = %q{pbkdf2 hash check}
+  spec.description   = %q{Check a password against a pbkdf2 hashed string. Useful to import password hashes from django application to rails/devise application}
+  spec.homepage      = "https://github.com/aherve/pbkdf2-password-hasher"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+
+end

data/spec/pbkdf2_password_hasher_spec.rb

@@ -0,0 +1,33 @@
+require 'spec_helper'
+describe Pbkdf2PasswordHasher do 
+
+  before(:all) do 
+    @django_hash = 'pbkdf2_sha256$12000$PEnXGf9dviXF$2soDhu1WB8NSbFDm0w6NEe6OvslVXtiyf4VMiiy9rH0='
+  end
+
+  describe 'check_password' do 
+
+    describe "when provided the right password" do 
+      it "should validate" do 
+        Pbkdf2PasswordHasher::check_password('bite',@django_hash).should be_true
+      end
+    end
+
+    describe "when NOT provided the right password" do 
+      it "should NOT validate" do 
+        Pbkdf2PasswordHasher::check_password('false_pass',@django_hash).should be_false
+      end
+    end
+
+  end
+
+  describe "hash_password" do 
+
+    it "should work" do 
+      a = @django_hash.split("$")
+      Pbkdf2PasswordHasher.hash_password('bite',a[2],a[1]).should == a[3]
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,2 @@
+require 'rspec'
+require 'pbkdf2_password_hasher'

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: pbkdf2_password_hasher
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Aurélien Hervé
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Check a password against a pbkdf2 hashed string. Useful to import password
+  hashes from django application to rails/devise application
+email:
+- mail@aurelien-herve.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/pbkdf2_password_hasher.rb
+- lib/pbkdf2_password_hasher/django_hash.rb
+- lib/pbkdf2_password_hasher/version.rb
+- pbkdf2_password_hasher.gemspec
+- spec/pbkdf2_password_hasher_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/aherve/pbkdf2-password-hasher
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.1
+signing_key: 
+specification_version: 4
+summary: pbkdf2 hash check
+test_files:
+- spec/pbkdf2_password_hasher_spec.rb
+- spec/spec_helper.rb