ruby_rncryptor 3.0.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ruby_rncryptor.rb +18 -6
  3. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c80019973b935b1f0e103db228bf56c895354819
4
- data.tar.gz: da313bcf46200818efa308af74bc2606bb1df055
3
+ metadata.gz: 198670f6550021801e7a3d827685ea0aa692e318
4
+ data.tar.gz: f4d4c09d8961d704346ccffaa5935e40cbdf4ada
5
5
  SHA512:
6
- metadata.gz: 659d506bc5e569e0a1c449dee320d3a0f228df995510ec5094a7a3d617982fe9bc257d2fc27318051ea9392c8bd0dfc8ecd1faf97a5246fc41c96d911876b975
7
- data.tar.gz: 8c0dc3e406987daceeb3931abefe86b74f70c74f7649f80dfad1ee5f3243ae4401be4afe2a72115fa917e0eec2e8cf6481000936fa63c851d4327d2f9ded78b4
6
+ metadata.gz: f5c9127520297db15f116f6ad907a72d8fb5982e5e09f770d177ec74d364a621226c3b4eb85393c232ebfdfd5077296102c2724fabd84599aa9cfd079c25786d
7
+ data.tar.gz: b44a4ee39a11848f96c19fde168508ada4b99091d3c2ff7909cdf10145c8354038b08d7d37e20f787a756e072b9abd9dc18a2b0fa1418484c8a788a2f7aa7a37
@@ -14,7 +14,7 @@ class RubyRNCryptor
14
14
  version = data[0,1]
15
15
  raise "RubyRNCryptor only decrypts version 2 or 3" unless (version == "\x02" || version == "\x03")
16
16
  options = data[1,1]
17
- encryption_salt = data[2,8]
17
+ encryption_salt = data[2,8]
18
18
  hmac_salt = data[10,8]
19
19
  iv = data[18,16]
20
20
  cipher_text = data[34,data.length-66]
@@ -24,13 +24,13 @@ class RubyRNCryptor
24
24
 
25
25
  # Verify password is correct. First try with correct encoding
26
26
  hmac_key = PKCS5.pbkdf2_hmac_sha1(password, hmac_salt, 10000, 32)
27
- verified = [HMAC.hexdigest('sha256', hmac_key, msg)].pack('H*') == hmac
27
+ verified = eql_time_cmp([HMAC.hexdigest('sha256', hmac_key, msg)].pack('H*'), hmac)
28
28
 
29
29
  if !verified && version == "\x02"
30
30
  # Version 2 Cocoa version truncated multibyte passwords, so try truncating.
31
31
  password = RubyRNCryptor.truncate_multibyte_password(password)
32
32
  hmac_key = PKCS5.pbkdf2_hmac_sha1(password, hmac_salt, 10000, 32)
33
- verified = [HMAC.hexdigest('sha256', hmac_key, msg)].pack('H*') == hmac
33
+ verified = eql_time_cmp([HMAC.hexdigest('sha256', hmac_key, msg)].pack('H*'), hmac)
34
34
  end
35
35
 
36
36
  raise "Password may be incorrect, or the data has been corrupted. (HMAC could not be verified)" unless verified
@@ -41,7 +41,7 @@ class RubyRNCryptor
41
41
  cipher.iv = iv
42
42
  cipher.key = PKCS5.pbkdf2_hmac_sha1(password, encryption_salt, 10000, 32)
43
43
 
44
- return cipher.update(cipher_text) + cipher.final
44
+ cipher.update(cipher_text) + cipher.final
45
45
  end
46
46
 
47
47
  def self.encrypt(data, password, version = 3)
@@ -66,14 +66,26 @@ class RubyRNCryptor
66
66
  msg = version + options + encryption_salt + hmac_salt + iv + cipher_text
67
67
  hmac = [HMAC.hexdigest('sha256', hmac_key, msg)].pack('H*')
68
68
 
69
- return msg + hmac
69
+ msg + hmac
70
70
  end
71
71
 
72
72
  def self.truncate_multibyte_password(str)
73
73
  if str.bytes.to_a.count == str.length
74
74
  return str
75
75
  end
76
- return str.bytes.to_a[0...str.length].map {|c| c.chr}.join
76
+ str.bytes.to_a[0...str.length].map {|c| c.chr}.join
77
77
  end
78
78
 
79
+ # From http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/PKCS5.html#module-OpenSSL::PKCS5-label-Important+Note+on+Checking+Passwords
80
+ def self.eql_time_cmp(a, b)
81
+ unless a.length == b.length
82
+ return false
83
+ end
84
+ cmp = b.bytes.to_a
85
+ result = 0
86
+ a.bytes.each_with_index {|c,i|
87
+ result |= c ^ cmp[i]
88
+ }
89
+ result == 0
90
+ end
79
91
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_rncryptor
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Wrenholt
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-12-20 00:00:00.000000000 Z
11
+ date: 2016-01-25 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Encrypt and Decrypt the RNCryptor format.
14
14
  email: erik@timestretch.com
@@ -17,7 +17,7 @@ extensions: []
17
17
  extra_rdoc_files: []
18
18
  files:
19
19
  - lib/ruby_rncryptor.rb
20
- homepage: https://github.com/timestretch/RNCryptor/tree/master/ruby
20
+ homepage: https://github.com/RNCryptor/ruby_rncryptor
21
21
  licenses:
22
22
  - MIT
23
23
  metadata: {}