scrypt 1.1.0 → 1.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 37b02ce17f2d7078339e92e73b2d6da477aba40f
+  data.tar.gz: ec79a618486939f6c3c9ded0f0cd6428e1d68d5c
+SHA512:
+  metadata.gz: b8ef5ea97a96bad661a81c648529ed1c3c56d88224ad4dfd68f7e2dc74c7b518bea4b29a5aa72e80d43df5eff7e4e48509133a00ef5099e043e8517c93ec14fd
+  data.tar.gz: 334eea1f45c403d2af6d73920ad63217e2772b1dc1ef1ccce58338648d6345aca167b0097fe27ee2678bfa35ef3e69da30c5539fa7c2c1e9410ee40ecc781505

data/README.md

@@ -23,22 +23,15 @@ gem install scrypt
 It works pretty similarly to ruby-bcrypt with a few minor differences, especially where the cost factor is concerned.
 
 ```ruby
-include "scrypt"
+require "scrypt"
 
 # hash a user's password
-@password = Password.create("my grand secret")
-@password #=> "2000$8$1$f5f2fa5fe5484a7091f1299768fbe92b5a7fbc77$6a385f22c54d92c314b71a4fd5ef33967c93d679"
+@password = SCrypt::Password.create("my grand secret")
+# => "400$8$36$78f4ae6983f76119$37ec6ce55a2b928dc56ff9a7d0cdafbd7dbde49d9282c38a40b1434e88f24cf5"
 
-# store it safely
-@user.update_attribute(:password, @password)
-
-# read it back
-@user.reload!
-@db_password = Password.new(@user.password)
-
-# compare it after retrieval
-@db_password == "my grand secret" #=> true
-@db_password == "a paltry guess"  #=> false
+# compare to strings
+@password == "my grand secret" # => true
+@password == "a paltry guess"  # => false
 ```
 
 Password.create takes five options which will determine the key length and salt size, as well as the cost limits of the computation:
@@ -50,3 +43,30 @@ Password.create takes five options which will determine the key length and salt
 * `:max_memfrac` specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
 
 Default options will result in calculation time of approx. 200 ms with 1 MB memory use.
+
+## Other things you can do
+
+```ruby
+require "scrypt"
+
+SCrypt::Engine.calibrate
+# => "400$8$25$"
+
+salt = SCrypt::Engine.generate_salt
+# => "400$8$26$b62e0f787a5fc373"
+
+SCrypt::Engine.hash_secret "my grand secret", salt
+# => "400$8$26$b62e0f787a5fc373$0399ccd4fa26642d92741b17c366b7f6bd12ccea5214987af445d2bed97bc6a2"
+```
+
+## Usage in Rails (and the like)
+
+```ruby
+# store it safely in the user model
+@user.update_attribute(:password, @password)
+
+# read it back later
+@user.reload!
+@password = SCrypt::Password.new(@user.password)
+@password == "my grand secret" # => true
+```

data/Rakefile

@@ -1,13 +1,39 @@
-require 'bundler'
-Bundler::GemHelper.install_tasks
+require 'bundler/setup'
+require 'bundler/gem_tasks'
 
 require 'rake'
 require 'rake/clean'
-require 'rdoc/task'
+
 require 'rspec/core/rake_task'
 
-task :default => [:compile, :spec]
+require 'ffi'
+require 'ffi-compiler/compile_task'
+
+require 'rubygems'
+require 'rubygems/package_task'
+
+require 'rdoc/task'
+
+task :default => [:clean, :compile_ffi, :spec]
 
+desc "clean, make and run specs"
+task :spec  do
+  RSpec::Core::RakeTask.new
+end
+
+desc "FFI compiler"
+namespace "ffi-compiler" do
+  FFI::Compiler::CompileTask.new('ext/scrypt/scrypt_ext') do |t|
+    t.cflags << "-Wall -msse -msse2"
+    t.cflags << "-D_GNU_SOURCE=1" if RbConfig::CONFIG["host_os"].downcase =~ /mingw/
+    t.cflags << "-arch x86_64 -arch i386" if t.platform.mac?
+    t.ldflags << "-arch x86_64 -arch i386" if t.platform.mac?
+  end
+end
+task :compile_ffi => ["ffi-compiler:default"]
+
+CLEAN.include('ext/scrypt/*{.o,.log,.so,.bundle}')
+CLEAN.include('lib/**/*{.o,.log,.so,.bundle}')
 
 desc 'Generate RDoc'
 rd = Rake::RDocTask.new do |rdoc|
@@ -23,20 +49,14 @@ RSpec::Core::RakeTask.new do |t|
   rspec_opts = ['--colour','--backtrace']
 end
 
+def gem_spec
+  @gem_spec ||= Gem::Specification.load('scrypt.gemspec')
+end
 
-desc "Clean native extension build files."
-task :clean do
-  Dir.chdir('ext/mri') do
-    ruby "extconf.rb"
-    sh "make clean"
-  end
+Gem::PackageTask.new(gem_spec) do |pkg|
+  pkg.need_zip = true
+  pkg.need_tar = true
+  pkg.package_dir = 'pkg'
 end
 
 
-desc "Compile the native extension."
-task :compile do
-  Dir.chdir('ext/mri') do
-    ruby "extconf.rb"
-    sh "make"
-  end
-end

data/ext/scrypt/Rakefile

@@ -0,0 +1,9 @@
+require 'ffi-compiler/compile_task'
+
+FFI::Compiler::CompileTask.new('scrypt_ext') do |t|
+  t.cflags << "-Wall -msse -msse2"
+  t.cflags << "-D_GNU_SOURCE=1" if RbConfig::CONFIG["host_os"].downcase =~ /mingw/
+  t.cflags << "-arch x86_64 -arch i386" if t.platform.mac?
+  t.ldflags << "-arch x86_64 -arch i386" if t.platform.mac?
+  t.export '../../lib/scrypt/scrypt_ext.rb'
+end

data/ext/{mri → scrypt}/crypto_scrypt-sse.c

@@ -262,13 +262,14 @@ smix(uint8_t * B, size_t r, uint64_t N, void * V, void * XY)
  */
 int
 crypto_scrypt(const uint8_t * passwd, size_t passwdlen,
-    const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p,
+    const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t _r, uint32_t _p,
     uint8_t * buf, size_t buflen)
 {
 	void * B0, * V0, * XY0;
 	uint8_t * B;
 	uint32_t * V;
 	uint32_t * XY;
+	size_t r = _r, p = _p;
 	uint32_t i;
 
 	/* Sanity-check parameters. */
@@ -282,7 +283,7 @@ crypto_scrypt(const uint8_t * passwd, size_t passwdlen,
 		errno = EFBIG;
 		goto err0;
 	}
-	if (((N & (N - 1)) != 0) || (N == 0)) {
+	if (((N & (N - 1)) != 0) || (N < 2)) {
 		errno = EINVAL;
 		goto err0;
 	}

data/ext/{mri → scrypt}/crypto_scrypt.h

@@ -40,6 +40,7 @@
  *
  * Return 0 on success; or -1 on error.
  */
-int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, uint32_t, uint32_t, uint8_t *, size_t);
+int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t,
+    uint32_t, uint32_t, uint8_t *, size_t);
 
 #endif /* !_CRYPTO_SCRYPT_H_ */

data/ext/scrypt/scrypt_ext.c

@@ -0,0 +1,16 @@
+#include "scrypt_ext.h"
+#include "scrypt_calibrate.h"
+#include "crypto_scrypt.h"
+
+
+typedef struct {
+  uint64_t n;
+  uint32_t r;
+  uint32_t p;
+} Calibration;
+
+
+RBFFI_EXPORT int sc_calibrate(size_t maxmem, double maxmemfrac, double maxtime, Calibration *result)
+{
+    return calibrate(maxmem, maxmemfrac, maxtime, &result->n, &result->r, &result->p);    // 0 == success
+}

data/ext/scrypt/scrypt_ext.h

@@ -0,0 +1,13 @@
+#ifndef SCRYPT_EXT_H
+#define SCRYPT_EXT_H 1
+
+#ifndef RBFFI_EXPORT
+# ifdef __cplusplus
+#  define RBFFI_EXPORT extern "C"
+# else
+#  define RBFFI_EXPORT
+# endif
+#endif
+
+
+#endif /* SCRYPT_EXT_H */

data/ext/{mri → scrypt}/scryptenc_cpuperf.c

@@ -163,7 +163,7 @@ scryptenc_cpuperf(double * opps)
 			break;
 	} while (1);
 
-	/* Could how many scryps we can do before the next tick. */
+	/* Count how many scrypts we can do before the next tick. */
 	if (getclocktime(&st))
 		return (2);
 	do {

data/lib/scrypt.rb

@@ -1,13 +1,19 @@
 # A wrapper for the scrypt algorithm.
 
-$LOAD_PATH.unshift(File.expand_path(File.join(File.dirname(__FILE__), "..", "ext", "mri")))
-require "scrypt_ext"
+require "scrypt/scrypt_ext"
 require "openssl"
 require "scanf"
+require "ffi"
 
 
 module SCrypt
 
+  module Ext
+    # Bind the external functions
+    attach_function :sc_calibrate, [:size_t, :double, :double, :pointer], :int, :blocking => true
+    attach_function :crypto_scrypt, [:pointer, :size_t, :pointer, :size_t, :uint64, :uint32, :uint32, :pointer, :size_t], :int, :blocking => true # todo
+  end
+
   module Errors
     class InvalidSalt   < StandardError; end  # The salt parameter provided is invalid.
     class InvalidHash   < StandardError; end  # The hash parameter provided is invalid.
@@ -23,9 +29,6 @@ module SCrypt
       :max_time    => 0.2
     }
 
-    private_class_method :__sc_calibrate
-    private_class_method :__sc_crypt
-
     def self.scrypt(secret, salt, *args)
       if args.length == 2
         # args is [cost_string, key_len]
@@ -118,6 +121,48 @@ module SCrypt
     def self.autodetect_cost(salt)
       salt[/^[0-9a-z]+\$[0-9a-z]+\$[0-9a-z]+\$/]
     end
+
+    private
+
+    class Calibration < FFI::Struct
+      layout  :n, :uint64,
+              :r, :uint32,
+              :p, :uint32
+    end
+
+    def self.__sc_calibrate(max_mem, max_memfrac, max_time)
+      result = nil
+
+      calibration = Calibration.new
+      retval = SCrypt::Ext.sc_calibrate(max_mem, max_memfrac, max_time, calibration)
+
+      if retval == 0
+        result = [calibration[:n], calibration[:r], calibration[:p]]
+      else
+        raise "calibration error #{result}"
+      end
+
+      result
+    end
+
+    def self.__sc_crypt(secret, salt, n, r, p, key_len)
+      result = nil
+
+      FFI::MemoryPointer.new(:char, key_len) do |buffer|
+        retval = SCrypt::Ext.crypto_scrypt(
+          secret, secret.length, salt, salt.length,
+          n, r, p,
+          buffer, key_len
+        )
+        if retval == 0
+          result = buffer.read_string(key_len)
+        else
+          raise "scrypt error #{retval}"
+        end
+      end
+
+      result
+    end
   end
 
   # A password management class which allows you to safely store users' passwords and compare them.

data/lib/scrypt/scrypt_ext.rb

@@ -0,0 +1,9 @@
+require 'ffi'
+require 'ffi-compiler/loader'
+
+module SCrypt
+  module Ext
+    extend FFI::Library
+    ffi_lib FFI::Compiler::Loader.find('scrypt_ext')
+  end
+end

data/lib/scrypt/version.rb

@@ -1,3 +1,3 @@
 module SCrypt
-  VERSION = "1.1.0"
+  VERSION = "1.2.0"
 end

data/scrypt.gemspec

@@ -5,7 +5,6 @@ require "scrypt/version"
 Gem::Specification.new do |s|
   s.name        = "scrypt"
   s.version     = SCrypt::VERSION
-  s.platform    = Gem::Platform::RUBY
   s.authors     = ["Patrick Hogan"]
   s.email       = ["pbhogan@gmail.com"]
   s.homepage    = ""
@@ -16,17 +15,18 @@ Gem::Specification.new do |s|
     alternative functions such as PBKDF2 or bcrypt.
   EOF
 
+  s.add_dependency 'ffi-compiler', '>= 0.0.2'
+  s.add_dependency 'rake'
   s.add_development_dependency "rspec"
   s.add_development_dependency "rdoc"
-  s.add_development_dependency "rake", "~> 0.9.2"
   s.add_development_dependency "awesome_print"
 
   s.rubyforge_project = "scrypt"
 
-  s.extensions = ["ext/mri/extconf.rb"]
+  s.extensions = ["ext/scrypt/Rakefile"]
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.files = %w(Rakefile scrypt.gemspec README.md COPYING) + Dir.glob("{lib,spec,autotest}/**/*")
+  s.files += Dir.glob("ext/scrypt/*")
+  s.test_files = Dir.glob("spec/**/*")
   s.require_paths = ["lib"]
 end

data/spec/scrypt/engine_spec.rb

@@ -47,8 +47,8 @@ describe "Generating SCrypt hashes" do
 
   it "should raise an InvalidSecret error if the secret is invalid" do
     lambda { SCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.should raise_error(SCrypt::Errors::InvalidSecret)
-    lambda { SCrypt::Engine.hash_secret(nil, @salt) }.should_not raise_error(SCrypt::Errors::InvalidSecret)
-    lambda { SCrypt::Engine.hash_secret(false, @salt) }.should_not raise_error(SCrypt::Errors::InvalidSecret)
+    lambda { SCrypt::Engine.hash_secret(nil, @salt) }.should_not raise_error
+    lambda { SCrypt::Engine.hash_secret(false, @salt) }.should_not raise_error
   end
 
   it "should call #to_s on the secret and use the return value as the actual secret data" do

data/spec/scrypt/password_spec.rb

@@ -14,9 +14,9 @@ describe "Creating a hashed password" do
   end
 
   it "should behave normally if the secret is not a string" do
-    lambda { SCrypt::Password.create(nil) }.should_not raise_error(SCrypt::Errors::InvalidSecret)
-    lambda { SCrypt::Password.create({:woo => "yeah"}) }.should_not raise_error(SCrypt::Errors::InvalidSecret)
-    lambda { SCrypt::Password.create(false) }.should_not raise_error(SCrypt::Errors::InvalidSecret)
+    lambda { SCrypt::Password.create(nil) }.should_not raise_error
+    lambda { SCrypt::Password.create({:woo => "yeah"}) }.should_not raise_error
+    lambda { SCrypt::Password.create(false) }.should_not raise_error
   end
 
   it "should tolerate empty string secrets" do

metadata

@@ -1,152 +1,144 @@
 --- !ruby/object:Gem::Specification
 name: scrypt
 version: !ruby/object:Gem::Version
-  version: 1.1.0
-  prerelease: 
+  version: 1.2.0
 platform: ruby
 authors:
 - Patrick Hogan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-07 00:00:00.000000000 Z
+date: 2013-07-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: ffi-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+- !ruby/object:Gem::Dependency
+  name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :development
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rdoc
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rdoc
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - '>='
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: awesome_print
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: ! "    The scrypt key derivation function is designed to be far\n    more
-  secure against hardware brute-force attacks than\n    alternative functions such
-  as PBKDF2 or bcrypt.\n"
+description: |2
+      The scrypt key derivation function is designed to be far
+      more secure against hardware brute-force attacks than
+      alternative functions such as PBKDF2 or bcrypt.
 email:
 - pbhogan@gmail.com
 executables: []
 extensions:
-- ext/mri/extconf.rb
+- ext/scrypt/Rakefile
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .rvmrc
-- .travis.yml
-- COPYING
-- Gemfile
-- Gemfile.lock
-- README.md
 - Rakefile
-- autotest/discover.rb
-- ext/mri/alt-impl/crypto_scrypt-nosse.c
-- ext/mri/alt-impl/crypto_scrypt-ref.c
-- ext/mri/crypto_scrypt-sse.c
-- ext/mri/crypto_scrypt.h
-- ext/mri/extconf.rb
-- ext/mri/memlimit.c
-- ext/mri/memlimit.h
-- ext/mri/scrypt_calibrate.c
-- ext/mri/scrypt_calibrate.h
-- ext/mri/scrypt_ext.c
-- ext/mri/scrypt_platform.h
-- ext/mri/scryptenc_cpuperf.c
-- ext/mri/scryptenc_cpuperf.h
-- ext/mri/sha256.c
-- ext/mri/sha256.h
-- ext/mri/sysendian.h
-- kdf-comparison.png
-- lib/scrypt.rb
-- lib/scrypt/version.rb
 - scrypt.gemspec
+- README.md
+- COPYING
+- lib/scrypt/scrypt_ext.rb
+- lib/scrypt/version.rb
+- lib/scrypt.rb
 - spec/scrypt/engine_spec.rb
 - spec/scrypt/password_spec.rb
 - spec/spec_helper.rb
+- autotest/discover.rb
+- ext/scrypt/Rakefile
+- ext/scrypt/crypto_scrypt-sse.c
+- ext/scrypt/crypto_scrypt.h
+- ext/scrypt/memlimit.c
+- ext/scrypt/memlimit.h
+- ext/scrypt/scrypt_calibrate.c
+- ext/scrypt/scrypt_calibrate.h
+- ext/scrypt/scrypt_ext.c
+- ext/scrypt/scrypt_ext.h
+- ext/scrypt/scrypt_platform.h
+- ext/scrypt/scryptenc_cpuperf.c
+- ext/scrypt/scryptenc_cpuperf.h
+- ext/scrypt/sha256.c
+- ext/scrypt/sha256.h
+- ext/scrypt/sysendian.h
 homepage: ''
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -214930008180539210
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: -214930008180539210
 requirements: []
 rubyforge_project: scrypt
-rubygems_version: 1.8.21
+rubygems_version: 2.0.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: scrypt password hashing algorithm.
 test_files:
 - spec/scrypt/engine_spec.rb