rbpass 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Pablo Elices
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,42 @@
+# RbPass
+
+RbPass is a Ruby port of PHPass, a portable password hashing framework written in PHP.
+PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'rbpass'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install rbpass
+
+## Usage
+
+    require 'rbpass'
+
+    password_hasher = RbPass::PasswordHasher.new(8, false)
+
+    # Hashing a password
+    password = 'somepasswordhere'
+    password_hash = password_hasher.hash(password)
+
+    # Password checking
+    password = 'somepasswordhere'
+    password_hash = get_password_hash_from_somewhere()
+
+    if password_hasher.check(password, password_hash)
+    	puts 'Valid password'
+    else
+    	puts 'Invalid password'
+    end
+
+## Copyright
+
+Copyright © 2013 Pablo Elices. See [license](https://github.com/pabloelices/rbpass/blob/master/LICENSE.md) for details.

data/Rakefile

@@ -0,0 +1,9 @@
+#!/usr/bin/env rake
+
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |option|
+  option.rspec_opts = "-c" # Colored output
+end
+
+task :default => :spec

data/bin/rbpass

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'rbpass'
+
+OptionParser.new do |option_parser|
+ 	option_parser.banner = 'Usage: rbpass [options]'
+
+ 	option_parser.on('-h', '--help', "Display help.") do
+   puts option_parser
+  end
+
+ 	option_parser.on('-v', '--version', "Display the current version.") do
+    puts "RbPass #{RbPass::VERSION}"
+  end
+end.parse!

data/lib/rbpass/password_hasher.rb

@@ -0,0 +1,200 @@
+require 'digest/md5'
+
+module RbPass
+  class PasswordHasher
+    def initialize(iteration_count_log2, portable_hashes)
+      @itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
+      @iteration_count_log2 = iteration_count_log2.between?(4, 31) ? iteration_count_log2 : 8
+      @portable_hashes = portable_hashes
+      @random_state = Time.now.usec.to_s + Process.pid.to_s
+    end
+
+    def get_random_bytes(count)
+      output = ''
+      
+      if File.readable?('/dev/urandom')
+        output = File.read('/dev/urandom', count)
+      end
+
+      if output.length < count
+        output = ''
+        i = 0
+
+        while i < count do
+          @random_state = Digest::MD5.hexdigest(Time.now.usec.to_s + @random_state)
+          @output << Digest::MD5.hexdigest(@random_state).split(//).pack('H*')
+          i += 16
+        end
+
+        output = output[0..count]
+      end
+
+      return output
+    end
+
+    def encode64(input, count)
+      output = ''
+      i = 0
+
+      while i < count
+        value = (input[i]).ord
+        i += 1
+        output << @itoa64[value & 0x3f]
+
+        if i < count
+          value |= (input[i]).ord << 8
+        end
+
+        output << @itoa64[(value >> 6) & 0x3f]
+
+        if i >= count
+          break
+        end
+
+        i += 1
+
+        if i < count 
+          value |= (input[i]).ord << 16
+        end
+
+        output << @itoa64[(value >> 12) & 0x3f]
+
+        if i >= count
+          break
+        end
+
+        i += 1
+
+        output << @itoa64[(value >> 18) & 0x3f]
+      end
+
+      return output
+    end
+
+    def gensalt_private(input)
+      output = '$P$'
+      
+      output << @itoa64[[@iteration_count_log2 + 5, 30].min]
+      output << encode64(input, 6)
+      
+      return output
+    end
+
+    def crypt_private(password, setting)
+      output = '*0'
+
+      if setting[0,2] == output
+        output = '*1'
+      end
+
+      return output if setting[0,3] != '$P$' and setting[0,3] != '$H$'
+
+      count_log2 = @itoa64.index(setting[3])
+
+      return output if !count_log2.between?(7, 30)
+
+      count = 1 << count_log2
+
+      salt = setting[4,8]
+
+      return output if salt.length != 8
+
+      hash = Digest::MD5.digest(salt + password)
+
+      while count > 0 do
+        hash = Digest::MD5.digest(hash + password)
+        count -= 1
+      end
+
+      output = setting[0, 12]
+
+      output << encode64(hash, 16)
+
+      return output
+    end
+
+    # Actually this function is never called within a regular program execution.
+    # Blowfish is the default algorithm, implement ext-des?
+    def gensalt_extended(input)
+      count_log2 = [@iteration_count_log2 + 8, 24].min
+      count = (1 << count_log2) -1
+
+      output = '_'
+
+      output << @itoa64[count & 0x3f]
+      output << @itoa64[(count >> 6) & 0x3f]
+      output << @itoa64[(count >> 12) & 0x3f]
+      output << @itoa64[(count >> 18) & 0x3f]
+      output << encode64(input, 3)
+
+      return output
+    end
+
+    def gensalt_blowfish(input)
+      itoa64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
+      output = '$2a$'
+
+      output << ('0'.ord + @iteration_count_log2 / 10).chr
+      output << ('0'.ord + @iteration_count_log2 % 10).chr
+      output << '$'
+
+      i = 0
+
+      while true
+          c1 = (input[i]).ord
+          i += 1
+          output << itoa64[c1 >> 2]
+          c1 = (c1 & 0x03) << 4
+
+          if i >= 16
+            output << itoa64[c1]
+            break
+          end
+
+          c2 = (input[i]).ord
+          i += 1
+          c1 |= c2 >> 4
+          output << itoa64[c1]
+          c1 = (c2 & 0x0f) << 2
+
+          c2 = (input[i]).ord
+          i += 1
+          c1 |= c2 >> 6
+          output << itoa64[c1]
+          output << itoa64[c2 & 0x3f]
+      end
+
+      return output
+    end
+
+    def hash(password)
+      random = ''
+
+      if !@portable_hashes
+        random = get_random_bytes(16)
+        hash = password.crypt(gensalt_blowfish(random))
+        return hash if hash.length == 60
+      end
+
+      if random.length < 6
+        random = get_random_bytes(6)
+      end
+
+      hash = crypt_private(password, gensalt_private(random))
+
+      return hash if hash.length == 34
+      
+      return '*'
+    end
+
+    def check(password, stored_hash)
+      hash = crypt_private(password, stored_hash)
+      
+      if hash[0] == '*'
+        hash = password.crypt(stored_hash)
+      end
+
+      return hash == stored_hash
+    end
+  end
+end

data/lib/rbpass.rb

@@ -0,0 +1,5 @@
+require File.expand_path('../rbpass/password_hasher', __FILE__)
+
+module RbPass
+	VERSION = '0.0.1'
+end

data/rbpass.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'rbpass'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'rbpass'
+  spec.version       = RbPass::VERSION
+  spec.license       = 'MIT'
+  spec.authors       = ['Pablo Elices']
+  spec.email         = ['contact@pabloelic.es']
+  spec.summary       = 'Ruby port of PHPass, a portable password hashing framework written in php.'
+  spec.description   = <<-EOF
+    Ruby port of phpass, a portable password hashing framework written in php.
+    PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.
+  EOF
+  spec.homepage      = 'https://github.com/pabloelices/rbpass'
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+end

data/spec/rbpass/password_hasher_spec.rb

@@ -0,0 +1,48 @@
+require File.expand_path('../../spec_helper', __FILE__)
+
+describe RbPass::PasswordHasher do
+  context 'when using system-specific hashes' do
+    let(:password_hasher)     { RbPass::PasswordHasher.new(8, false) }
+    let(:valid_password)      { 'test12345' }
+    let(:invalid_password)    { 'test12346' }
+    let(:valid_password_hash) { password_hasher.hash(valid_password) }
+
+  	it 'returns true when a valid password is passed' do
+  		password_hasher.check(valid_password, valid_password_hash).should be_true
+  	end
+
+  	it 'returns false when an invalid password is passed' do
+  		password_hasher.check(invalid_password, valid_password_hash).should be_false
+  	end
+  end
+
+  context 'when using portable hashes' do
+    let(:password_hasher)     { RbPass::PasswordHasher.new(8, true) }
+    let(:valid_password)      { 'test12345' }
+    let(:invalid_password)    { 'test12346' }
+    let(:valid_password_hash) { password_hasher.hash(valid_password) }
+
+  	it 'returns true when a valid password is passed' do
+  		password_hasher.check(valid_password, valid_password_hash).should be_true
+  	end
+
+   	it 'returns false when an invalid password is passed' do
+      password_hasher.check(invalid_password, valid_password_hash).should be_false
+  	end
+  end
+
+  context 'when using portable hashes and a random hardcoded password hash' do
+    let(:password_hasher)     { RbPass::PasswordHasher.new(8, true) }
+    let(:valid_password)      { 'test12345' }
+    let(:invalid_password)    { 'test12346' }
+    let(:valid_password_hash) { '$P$9IQRaTwmfeRo7ud9Fh4E2PdI0S3r.L0' } # A correct portable hash for 'test12345'
+
+  	it 'returns true when a valid password is passed' do
+  		password_hasher.check(valid_password, valid_password_hash).should be_true
+  	end
+
+  	it 'returns false when an invalid password is passed' do
+  		password_hasher.check(invalid_password, valid_password_hash).should be_false
+  	end
+  end
+end

data/spec/rbpass/rbpass_spec.rb

@@ -0,0 +1,7 @@
+require File.expand_path('../../spec_helper', __FILE__)
+
+describe RbPass do
+  it 'has a version number' do
+    RbPass::VERSION.should_not be_nil
+  end
+ end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require File.expand_path('../../lib/rbpass', __FILE__)

metadata

@@ -0,0 +1,63 @@
+--- !ruby/object:Gem::Specification
+name: rbpass
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Pablo Elices
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-18 00:00:00.000000000 Z
+dependencies: []
+description: ! "    Ruby port of phpass, a portable password hashing framework written
+  in php.\n    PHPass is used by WordPress, bbPress, Vanilla Forums, PivotX and phpBB.\n"
+email:
+- contact@pabloelic.es
+executables:
+- rbpass
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/rbpass
+- lib/rbpass.rb
+- lib/rbpass/password_hasher.rb
+- rbpass.gemspec
+- spec/rbpass/password_hasher_spec.rb
+- spec/rbpass/rbpass_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/pabloelices/rbpass
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Ruby port of PHPass, a portable password hashing framework written in php.
+test_files:
+- spec/rbpass/password_hasher_spec.rb
+- spec/rbpass/rbpass_spec.rb
+- spec/spec_helper.rb