scrypt-util 0.1.4.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 25e0186d4d354b523b3906e4bb1032b2e342bffd
+  data.tar.gz: 4b18f33517eed4a9f19fae900bf148c302d36b25
+SHA512:
+  metadata.gz: 05698c2a9fee97e956e8e27a897b45a8f3c7c73a0234ec5c6d086c703496ba128413e8151c983b4342f631ff6c7c0f0970138828dd9b1af66a9ff5a7cf8864fb
+  data.tar.gz: be48509e49b9e0ed47eb7286c7425db277c50128040294f05033338dc4ce30be5abba97326bb155e7104ea851c4a0bc3c63bee403e277cf788ef5c06ea3f6caa

data/lib/scrypt-util.rb

@@ -0,0 +1,144 @@
+#!/usr/bin/ruby
+
+# Released under the MIT License
+# (See the LICENSE file)
+#
+# Copyright (c) 2016, Pandu POLUAN
+
+# Prerequisites: See EndNote[2]
+
+require "base64"
+require "scrypt"
+
+# Provides the Java.scrypt-like functions
+#
+# @author Pandu POLUAN <pepoluan@gmail.com>
+# @note Unlike Java.scrypt, the scrypt() function has default values
+module SCryptUtil
+
+    # Version of this module/gem
+    VERSION = '0.1.4.1'
+
+    @@HashLength = 32
+    @@SaltLength = 16
+
+    # Not sure why but required by generate_salt()
+    # A module that's too smart for its own good...
+    SCrypt::Engine.calibrate!
+
+    # Takes a password and outputs a hash (in MCF syntax) using an internally generated salt
+    #
+    # @param password [String] The password to be hashed
+    # @param n [Int] CPU/Memory cost parameter, must be power of 2, larger than 1. Default 32768
+    # @param r [Int] Block size parameter, 0 < r < 256. Default 8
+    # @param p [Int] Parallelization parameter, 0 < p < 256. Default 1
+    # @raise [ArgumentError] If any of the parameters do not fulfill the requirements
+    # @return [String] The hash (and parameters and salt) in MCF syntax
+    # @note In the future, the default values for n, r, and p might need to be increased to adapt to
+    #   Moore's Law
+    def SCryptUtil.scrypt(password, n = 32768, r = 8, p = 1)
+
+        raise ArgumentError, 'n must be power of 2, larger than 1' unless ( n > 1 && ( (n & (n-1)) == 0 ) )
+        raise ArgumentError, '0 < r < 256' unless ( r < 256 && r > 0 )
+        rause ArgumentError, '0 < p < 256' unless ( p < 256 && p > 0 )
+
+        nlog = 0
+        while n > 1 do
+            nlog += 1
+            n = n >> 1
+        end
+
+        # Generate a "long enough" salt. The function will return a hexstring
+        salt_hex = SCrypt::Engine.generate_salt()
+        # Trim salt to desired # of bytes; 1 byte = 2 hex digits 
+        salt_hex = salt_hex[0,@@SaltLength*2]
+        # Change hex digit pairs to actual bytes
+        salt_bin = [salt_hex].pack('H*')
+        
+        # Unlike the generate_salt() function, the scrypt() function returns binary bytes
+        hash_bin = SCrypt::Engine.scrypt(password, salt_bin, (2 ** nlog), r, p, @@HashLength)
+
+        params_i = (nlog << 16) | (r << 8) | p
+        salt64 = Base64.strict_encode64(salt_bin)
+        hash64 = Base64.strict_encode64(hash_bin)
+
+        hash_mcf = '$s0$' + params_i.to_s(16) + '$' + salt64 + '$' + hash64
+
+        return hash_mcf
+    end
+
+    # Checks if a password actually matches a hash (in MCF syntax, probably from DB)
+    #
+    # @param password [String] The password to be checked
+    # @param hash_mcf [String] The hash (in MCF syntax) to be compared to
+    # @param secure_compare [Boolean] Whether to use the more secure but much slower string comparison function
+    # @return [Boolean] True if password matches the hash
+    def SCryptUtil.check(password, hash_mcf, secure_compare = true)
+        
+        # See EndNote[3]
+        return false if hash_mcf.nil? || hash_mcf.empty?
+
+        elems = hash_mcf.split('$')
+        raise "Unrecognized MCF hash format: " + hash_mcf if elems.length != 5
+        signature, params_hex, salt64, hash64 = elems[1..4]
+
+        return "Unrecognized MCF hash format: " + hash_mcf if \
+            signature.empty? || params_hex.empty? || salt64.empty? || hash64.empty?
+
+        salt_bin = Base64.decode64(salt64)
+
+        params_i = params_hex.to_i(16)
+        nlog = (params_i >> 16)
+        r = (params_i >> 8) & 0xff
+        p = params_i & 0xff
+
+        calculated = SCrypt::Engine.scrypt(password, salt_bin, (2 ** nlog), r, p, @@HashLength)
+        calculated64 = Base64.strict_encode64(calculated)
+
+        return secure_compare ? SCryptUtil.secure_compare_string(hash64, calculated64) : (hash64 == calculated64)
+    end
+
+    # A string-compare function which is (hopefully) resistant to timing attacks since the time to perform
+    #   comparison depends only on the length of the longest string, and unlike memcmp() does not depend
+    #   on how when the first equality happened.
+    #
+    # @author Pandu POLUAN <pepoluan@gmail.com>
+    # @param str1 [String] First string to compare
+    # @param str2 [String] Second string to compare
+    # @note This function is SLOW, and it is kind-of by design.
+    def SCryptUtil.secure_compare_string(str1, str2)
+        raise ArgumentError, 'str1 and str2 must both be a non-empty string' if \
+            str1.nil? || str1.empty? || str2.nil? || str2.empty?
+        s1 = str1.bytes
+        s2 = str2.bytes
+        shortest, longest = [s1.length - 1, s2.length - 1].minmax
+        rslt = 0
+        for idx in (0..longest)
+            # See EndNote[1]
+            rslt |= (idx > shortest) ? ((s1[0] ^ s2[0]) | 0xFF) : (s1[idx] ^ s2[idx])
+        end
+        return rslt == 0                
+    end    
+
+end
+
+=begin
+
+EndNotes
+========
+
+[1] Why XOR-ing s1[0] with s2[0] repeatedly? The concept is to try to make the left side
+    of the colon to take approximately the same amount of time with the right side of
+    the colon, making comparison time to wholly depend on the length of the longest string. 
+
+[2] On Ubuntu 14.04/16.04 Fresh Install, you *must* do:
+      apt-get install build-essential ruby ruby-dev
+      gem install rake
+      gem install scrypt
+
+[3] Return 'false' instead of raising exception, because hash_mcf might come from a database
+    whose 'hash' column is empty/NULL, representing a user whose password had been reset or
+    who need to set their password for the first time or...
+    Well, in short, there are many possible explanations, so this is not unexpected.
+
+=end

metadata

@@ -0,0 +1,61 @@
+--- !ruby/object:Gem::Specification
+name: scrypt-util
+version: !ruby/object:Gem::Version
+  version: 0.1.4.1
+platform: ruby
+authors:
+- Pandu POLUAN
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-06-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: scrypt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+description: This gem introduces two function that act as the simplified wrapper around
+  the 'scrypt' gem, and also provides input/output compatibility with the scrypt for
+  Java implementation (available on https://github.com/wg/scrypt )
+email: pepoluan@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/scrypt-util.rb
+homepage: https://bitbucket.org/pepoluan/scrypt-util-ruby
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Simplified wrapper around the scrypt gem
+test_files: []
+has_rdoc: