scrypt 2.0.2 → 3.0.3

data/ext/scrypt/sha256.h

@@ -1,61 +1,95 @@
-/*-
- * Copyright 2005,2007,2009 Colin Percival
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD: src/lib/libmd/sha256.h,v 1.2 2006/01/17 15:35:56 phk Exp $
- */
-
-#ifndef _scrypt_SHA256_H_
-#define _scrypt_SHA256_H_
-
-#include <sys/types.h>
+#ifndef _SHA256_H_
+#define _SHA256_H_
 
+#include <stddef.h>
 #include <stdint.h>
 
-typedef struct scrypt_SHA256Context {
+/*
+ * Use #defines in order to avoid namespace collisions with anyone else's
+ * SHA256 code (e.g., the code in OpenSSL).
+ */
+#define SHA256_Init libcperciva_SHA256_Init
+#define SHA256_Update libcperciva_SHA256_Update
+#define SHA256_Final libcperciva_SHA256_Final
+#define SHA256_Buf libcperciva_SHA256_Buf
+#define SHA256_CTX libcperciva_SHA256_CTX
+#define HMAC_SHA256_Init libcperciva_HMAC_SHA256_Init
+#define HMAC_SHA256_Update libcperciva_HMAC_SHA256_Update
+#define HMAC_SHA256_Final libcperciva_HMAC_SHA256_Final
+#define HMAC_SHA256_Buf libcperciva_HMAC_SHA256_Buf
+#define HMAC_SHA256_CTX libcperciva_HMAC_SHA256_CTX
+
+/* Context structure for SHA256 operations. */
+typedef struct {
 	uint32_t state[8];
-	uint32_t count[2];
-	unsigned char buf[64];
-} scrypt_SHA256_CTX;
+	uint64_t count;
+	uint8_t buf[64];
+} SHA256_CTX;
 
-typedef struct HMAC_scrypt_SHA256Context {
-	scrypt_SHA256_CTX ictx;
-	scrypt_SHA256_CTX octx;
-} HMAC_scrypt_SHA256_CTX;
+/**
+ * SHA256_Init(ctx):
+ * Initialize the SHA256 context ${ctx}.
+ */
+void SHA256_Init(SHA256_CTX *);
+
+/**
+ * SHA256_Update(ctx, in, len):
+ * Input ${len} bytes from ${in} into the SHA256 context ${ctx}.
+ */
+void SHA256_Update(SHA256_CTX *, const void *, size_t);
+
+/**
+ * SHA256_Final(digest, ctx):
+ * Output the SHA256 hash of the data input to the context ${ctx} into the
+ * buffer ${digest}.
+ */
+void SHA256_Final(uint8_t[32], SHA256_CTX *);
+
+/**
+ * SHA256_Buf(in, len, digest):
+ * Compute the SHA256 hash of ${len} bytes from $in} and write it to ${digest}.
+ */
+void SHA256_Buf(const void *, size_t, uint8_t[32]);
 
-void	scrypt_SHA256_Init(scrypt_SHA256_CTX *);
-void	scrypt_SHA256_Update(scrypt_SHA256_CTX *, const void *, size_t);
-void	scrypt_SHA256_Final(unsigned char [32], scrypt_SHA256_CTX *);
-void	HMAC_scrypt_SHA256_Init(HMAC_scrypt_SHA256_CTX *, const void *, size_t);
-void	HMAC_scrypt_SHA256_Update(HMAC_scrypt_SHA256_CTX *, const void *, size_t);
-void	HMAC_scrypt_SHA256_Final(unsigned char [32], HMAC_scrypt_SHA256_CTX *);
+/* Context structure for HMAC-SHA256 operations. */
+typedef struct {
+	SHA256_CTX ictx;
+	SHA256_CTX octx;
+} HMAC_SHA256_CTX;
+
+/**
+ * HMAC_SHA256_Init(ctx, K, Klen):
+ * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from
+ * ${K}.
+ */
+void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t);
+
+/**
+ * HMAC_SHA256_Update(ctx, in, len):
+ * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}.
+ */
+void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t);
+
+/**
+ * HMAC_SHA256_Final(digest, ctx):
+ * Output the HMAC-SHA256 of the data input to the context ${ctx} into the
+ * buffer ${digest}.
+ */
+void HMAC_SHA256_Final(uint8_t[32], HMAC_SHA256_CTX *);
+
+/**
+ * HMAC_SHA256_Buf(K, Klen, in, len, digest):
+ * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of
+ * length ${Klen}, and write the result to ${digest}.
+ */
+void HMAC_SHA256_Buf(const void *, size_t, const void *, size_t, uint8_t[32]);
 
 /**
- * PBKDF2_scrypt_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
- * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-scrypt_SHA256 as the PRF, and
+ * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
+ * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
  * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
  */
-void	PBKDF2_scrypt_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, uint8_t *, size_t);
+void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
+    uint64_t, uint8_t *, size_t);
 
-#endif /* !_scrypt_SHA256_H_ */
+#endif /* !_SHA256_H_ */

data/ext/scrypt/warnp.c

@@ -0,0 +1,76 @@
+#include <errno.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "warnp.h"
+
+static int initialized = 0;
+static char * name = NULL;
+
+/* Free the name string. */
+static void
+done(void)
+{
+
+	free(name);
+	name = NULL;
+}
+
+/**
+ * warnp_setprogname(progname):
+ * Set the program name to be used by warn() and warnx() to ${progname}.
+ */
+void
+warnp_setprogname(const char * progname)
+{
+	const char * p;
+
+	/* Free the name if we already have one. */
+	free(name);
+
+	/* Find the last segment of the program name. */
+	for (p = progname; progname[0] != '\0'; progname++)
+		if (progname[0] == '/')
+			p = progname + 1;
+
+	/* Copy the name string. */
+	name = strdup(p);
+
+	/* If we haven't already done so, register our exit handler. */
+	if (initialized == 0) {
+		atexit(done);
+		initialized = 1;
+	}
+}
+
+void
+warn(const char * fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	fprintf(stderr, "%s", (name != NULL) ? name : "(unknown)");
+	if (fmt != NULL) {
+		fprintf(stderr, ": ");
+		vfprintf(stderr, fmt, ap);
+	}
+	fprintf(stderr, ": %s\n", strerror(errno));
+	va_end(ap);
+}
+
+void
+warnx(const char * fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	fprintf(stderr, "%s", (name != NULL) ? name : "(unknown)");
+	if (fmt != NULL) {
+		fprintf(stderr, ": ");
+		vfprintf(stderr, fmt, ap);
+	}
+	fprintf(stderr, "\n");
+	va_end(ap);
+}

data/ext/scrypt/warnp.h

@@ -0,0 +1,59 @@
+#ifndef _WARNP_H_
+#define _WARNP_H_
+
+#include <errno.h>
+
+/* Avoid namespace collisions with BSD <err.h>. */
+#define warn libcperciva_warn
+#define warnx libcperciva_warnx
+
+/**
+ * warnp_setprogname(progname):
+ * Set the program name to be used by warn() and warnx() to ${progname}.
+ */
+void warnp_setprogname(const char *);
+#define WARNP_INIT	do {		\
+	if (argv[0] != NULL)		\
+		warnp_setprogname(argv[0]);	\
+} while (0)
+
+/* As in BSD <err.h>. */
+void warn(const char *, ...);
+void warnx(const char *, ...);
+
+/*
+ * If compiled with DEBUG defined, print __FILE__ and __LINE__.
+ */
+#ifdef DEBUG
+#define warnline	do {				\
+	warnx("%s, %d", __FILE__, __LINE__);	\
+} while (0)
+#else
+#define warnline
+#endif
+
+/*
+ * Call warn(3) or warnx(3) depending upon whether errno == 0; and clear
+ * errno (so that the standard error message isn't repeated later).
+ */
+#define	warnp(...) do {					\
+	warnline;					\
+	if (errno != 0) {				\
+		warn(__VA_ARGS__);		\
+		errno = 0;				\
+	} else						\
+		warnx(__VA_ARGS__);		\
+} while (0)
+
+/*
+ * Call warnx(3) and set errno == 0.  Unlike warnp, this should be used
+ * in cases where we're reporting a problem which we discover ourselves
+ * rather than one which is reported to us from a library or the kernel.
+ */
+#define warn0(...) do {					\
+	warnline;					\
+	warnx(__VA_ARGS__);			\
+	errno = 0;					\
+} while (0)
+
+#endif /* !_WARNP_H_ */

data/lib/scrypt/security_utils.rb

@@ -0,0 +1,23 @@
+# NOTE:: a verbatim copy of https://github.com/rails/rails/blob/c8c660002f4b0e9606de96325f20b95248b6ff2d/activesupport/lib/active_support/security_utils.rb
+# Please see the Rails license: https://github.com/rails/rails/blob/master/activesupport/MIT-LICENSE
+
+module SCrypt
+  module SecurityUtils
+    # Constant time string comparison.
+    #
+    # The values compared should be of fixed length, such as strings
+    # that have already been processed by HMAC. This should not be used
+    # on variable length plaintext strings because it could leak length info
+    # via timing attacks.
+    def secure_compare(a, b)
+      return false unless a.bytesize == b.bytesize
+
+      l = a.unpack "C#{a.bytesize}"
+
+      res = 0
+      b.each_byte { |byte| res |= byte ^ l.shift }
+      res == 0
+    end
+    module_function :secure_compare
+  end
+end

data/lib/scrypt/version.rb

@@ -1,3 +1,3 @@
 module SCrypt
-  VERSION = "2.0.2"
+  VERSION = "3.0.3"
 end

data/lib/scrypt.rb

@@ -1,6 +1,7 @@
 # A wrapper for the scrypt algorithm.
 
 require "scrypt/scrypt_ext"
+require "scrypt/security_utils"
 require "openssl"
 require "scanf"
 require "ffi"
@@ -23,8 +24,8 @@ module SCrypt
   class Engine
     DEFAULTS = {
       :key_len     => 32,
-      :salt_size   => 8,
-      :max_mem     => 1024 * 1024,
+      :salt_size   => 32,
+      :max_mem     => 16 * 1024 * 1024,
       :max_memfrac => 0.5,
       :max_time    => 0.2,
       :cost        => nil
@@ -246,7 +247,7 @@ module SCrypt
 
     # Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.
     def ==(secret)
-      super(SCrypt::Engine.hash_secret(secret, @cost + @salt, self.digest.length / 2))
+      SecurityUtils.secure_compare(self, SCrypt::Engine.hash_secret(secret, @cost + @salt, self.digest.length / 2))
     end
     alias_method :is_password?, :==
 

data/scrypt.gemspec

@@ -5,8 +5,9 @@ require "scrypt/version"
 Gem::Specification.new do |s|
   s.name        = "scrypt"
   s.version     = SCrypt::VERSION
-  s.authors     = ["Patrick Hogan", "Stephen von Takach"]
-  s.email       = ["pbhogan@gmail.com", "steve@advancedcontrol.com.au"]
+  s.authors     = ["Patrick Hogan", "Stephen von Takach", "Rene van Paassen" ]
+  s.email       = ["pbhogan@gmail.com", "steve@advancedcontrol.com.au",
+                   "rene.vanpaassen@gmail.com" ]
   s.cert_chain  = ['certs/stakach.pem']
   s.license     = 'MIT'
   s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem") if $0 =~ /gem\z/
@@ -18,7 +19,7 @@ Gem::Specification.new do |s|
     alternative functions such as PBKDF2 or bcrypt.
   EOF
 
-  s.add_dependency 'ffi-compiler', '>= 0.0.2'
+  s.add_dependency 'ffi-compiler', '>= 1.0.0'
   s.add_dependency 'rake'
   s.add_development_dependency "rspec"
   s.add_development_dependency "rdoc"

data/spec/scrypt/engine_spec.rb

@@ -3,34 +3,34 @@ require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
 describe "The SCrypt engine" do
   it "should calculate a valid cost factor" do
     first = SCrypt::Engine.calibrate(:max_time => 0.2)
-    SCrypt::Engine.valid_cost?(first).should == true
+    expect(SCrypt::Engine.valid_cost?(first)).to equal(true)
   end
 end
 
 
 describe "Generating SCrypt salts" do
   it "should produce strings" do
-    SCrypt::Engine.generate_salt.should be_an_instance_of(String)
+    expect(SCrypt::Engine.generate_salt).to be_an_instance_of(String)
   end
 
   it "should produce random data" do
-    SCrypt::Engine.generate_salt.should_not equal(SCrypt::Engine.generate_salt)
+    expect(SCrypt::Engine.generate_salt).not_to equal(SCrypt::Engine.generate_salt)
   end
 
   it "should used the saved cost factor" do
     # Verify cost is different before saving
     cost = SCrypt::Engine.calibrate(:max_time => 0.01)
-    SCrypt::Engine.generate_salt(:max_time => 30, :max_mem => 64*1024*1024).should_not start_with(cost)
+    expect(SCrypt::Engine.generate_salt(:max_time => 30, :max_mem => 64*1024*1024)).not_to start_with(cost)
 
     cost = SCrypt::Engine.calibrate!(:max_time => 0.01)
-    SCrypt::Engine.generate_salt(:max_time => 30, :max_mem => 64*1024*1024).should start_with(cost)
+    expect(SCrypt::Engine.generate_salt(:max_time => 30, :max_mem => 64*1024*1024)).to start_with(cost)
   end
 end
 
 
 describe "Autodetecting of salt cost" do
   it "should work" do
-    SCrypt::Engine.autodetect_cost("2a$08$c3$randomjunkgoeshere").should == "2a$08$c3$"
+    expect(SCrypt::Engine.autodetect_cost("2a$08$c3$randomjunkgoeshere")).to eq("2a$08$c3$")
   end
 end
 
@@ -42,41 +42,43 @@ describe "Generating SCrypt hashes" do
   end
 
   before :each do
-    @salt = SCrypt::Engine.generate_salt()
+    @salt = SCrypt::Engine.generate_salt
     @password = "woo"
   end
 
   it "should produce a string" do
-    SCrypt::Engine.hash_secret(@password, @salt).should be_an_instance_of(String)
+    expect(SCrypt::Engine.hash_secret(@password, @salt)).to be_an_instance_of(String)
   end
 
   it "should raise an InvalidSalt error if the salt is invalid" do
-    lambda { SCrypt::Engine.hash_secret(@password, 'nino') }.should raise_error(SCrypt::Errors::InvalidSalt)
+    expect(lambda { SCrypt::Engine.hash_secret(@password, 'nino') }).to raise_error(SCrypt::Errors::InvalidSalt)
   end
 
   it "should raise an InvalidSecret error if the secret is invalid" do
-    lambda { SCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }.should raise_error(SCrypt::Errors::InvalidSecret)
-    lambda { SCrypt::Engine.hash_secret(nil, @salt) }.should_not raise_error
-    lambda { SCrypt::Engine.hash_secret(false, @salt) }.should_not raise_error
+    expect(lambda { SCrypt::Engine.hash_secret(MyInvalidSecret.new, @salt) }).to raise_error(SCrypt::Errors::InvalidSecret)
+    expect(lambda { SCrypt::Engine.hash_secret(nil, @salt) }).to_not raise_error
+    expect(lambda { SCrypt::Engine.hash_secret(false, @salt) }).to_not raise_error
   end
 
   it "should call #to_s on the secret and use the return value as the actual secret data" do
-    SCrypt::Engine.hash_secret(false, @salt).should == SCrypt::Engine.hash_secret("false", @salt)
+    expect(SCrypt::Engine.hash_secret(false, @salt)).to eq(SCrypt::Engine.hash_secret("false", @salt))
   end
 end
 
 describe "SCrypt test vectors" do
   it "should match results of SCrypt function" do
-    SCrypt::Engine.scrypt('', '', 16, 1, 1, 64).unpack('H*').first.should eq('77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906')
-    SCrypt::Engine.scrypt('password', 'NaCl', 1024, 8, 16, 64).unpack('H*').first.should eq('fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640')
-    SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 16384, 8, 1, 64).unpack('H*').first.should eq('7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887')
-    SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 1048576, 8, 1, 64).unpack('H*').first.should eq('2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4')
+        
+    expect(SCrypt::Engine.scrypt('', '', 16, 1, 1, 64).unpack('H*').first).to eq('77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906')
+    expect(SCrypt::Engine.scrypt('password', 'NaCl', 1024, 8, 16, 64).unpack('H*').first).to eq('fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640')
+    expect(SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 16384, 8, 1, 64).unpack('H*').first).to eq('7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887')
+    # Raspberry is memory limited, and fails on this test
+ #   expect(SCrypt::Engine.scrypt('pleaseletmein', 'SodiumChloride', 1048576, 8, 1, 64).unpack('H*').first).to eq('2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4')
   end
 
   it "should match equivalent results sent through hash_secret() function" do
-    SCrypt::Engine.hash_secret('', '10$1$1$0000000000000000', 64).should match(/\$77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906$/)
-    SCrypt::Engine.hash_secret('password', '400$8$10$000000004e61436c', 64).should match(/\$fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640$/)
-    SCrypt::Engine.hash_secret('pleaseletmein', '4000$8$1$536f6469756d43686c6f72696465', 64).should match(/\$7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887$/)
-    SCrypt::Engine.hash_secret('pleaseletmein', '100000$8$1$536f6469756d43686c6f72696465', 64).should match(/\$2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4$/)
+    expect(SCrypt::Engine.hash_secret('', '10$1$1$0000000000000000', 64)).to match(/\$77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906$/)
+    expect(SCrypt::Engine.hash_secret('password', '400$8$10$000000004e61436c', 64)).to match(/\$fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640$/)
+    expect(SCrypt::Engine.hash_secret('pleaseletmein', '4000$8$1$536f6469756d43686c6f72696465', 64)).to match(/\$7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887$/)
+  #  expect(SCrypt::Engine.hash_secret('pleaseletmein', '100000$8$1$536f6469756d43686c6f72696465', 64)).to match(/\$2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4$/)
   end
 end

data/spec/scrypt/password_spec.rb

@@ -6,23 +6,23 @@ describe "Creating a hashed password" do
   end
 
   it "should return a SCrypt::Password" do
-    @password.should be_an_instance_of(SCrypt::Password)
+    expect(@password).to be_an_instance_of(SCrypt::Password)
   end
 
   it "should return a valid password" do
-    lambda { SCrypt::Password.new(@password) }.should_not raise_error
+    expect(lambda { SCrypt::Password.new(@password) }).to_not raise_error
   end
 
   it "should behave normally if the secret is not a string" do
-    lambda { SCrypt::Password.create(nil) }.should_not raise_error
-    lambda { SCrypt::Password.create({:woo => "yeah"}) }.should_not raise_error
-    lambda { SCrypt::Password.create(false) }.should_not raise_error
+    expect(lambda { SCrypt::Password.create(nil) }).to_not raise_error
+    expect(lambda { SCrypt::Password.create({:woo => "yeah"}) }).to_not raise_error
+    expect(lambda { SCrypt::Password.create(false) }).to_not raise_error
   end
 
   it "should tolerate empty string secrets" do
-    lambda { SCrypt::Password.create( "\n".chop  ) }.should_not raise_error
-    lambda { SCrypt::Password.create( ""         ) }.should_not raise_error
-    lambda { SCrypt::Password.create( String.new ) }.should_not raise_error
+    expect(lambda { SCrypt::Password.create( "\n".chop  ) }).to_not raise_error
+    expect(lambda { SCrypt::Password.create( ""         ) }).to_not raise_error
+    expect(lambda { SCrypt::Password.create( String.new ) }).to_not raise_error
   end
 end
 
@@ -35,13 +35,13 @@ describe "Reading a hashed password" do
 
   it "should read the cost, salt, and hash" do
     password = SCrypt::Password.new(@hash)
-    password.cost.should == "400$8$d$"
-    password.salt.should == "173a8189751c095a29b933789560b73bf17b2e01"
-    password.to_s.should == @hash
+    expect(password.cost).to eq("400$8$d$")
+    expect(password.salt).to eq("173a8189751c095a29b933789560b73bf17b2e01")
+    expect(password.to_s).to eq(@hash)
   end
 
   it "should raise an InvalidHashError when given an invalid hash" do
-    lambda { SCrypt::Password.new('not a valid hash') }.should raise_error(SCrypt::Errors::InvalidHash)
+    expect(lambda { SCrypt::Password.new('not a valid hash') }).to raise_error(SCrypt::Errors::InvalidHash)
   end
 end
 
@@ -52,11 +52,11 @@ describe "Comparing a hashed password with a secret" do
   end
 
   it "should compare successfully to the original secret" do
-    (@password == @secret).should be(true)
+    expect((@password == @secret)).to be(true)
   end
 
   it "should compare unsuccessfully to anything besides original secret" do
-    (@password == "@secret").should be(false)
+    expect((@password == "@secret")).to be(false)
   end
 
 end
@@ -68,27 +68,27 @@ describe "non-default salt sizes" do
 
   it "should enforce a minimum salt of 8 bytes" do
     @password = SCrypt::Password.create(@secret, :salt_size => 7)
-    @password.salt.length.should eq(8 * 2)
+    expect(@password.salt.length).to eq(8 * 2)
   end
 
   it "should allow a salt of 32 bytes" do
     @password = SCrypt::Password.create(@secret, :salt_size => 32)
-    @password.salt.length.should eq(32 * 2)
+    expect(@password.salt.length).to eq(32 * 2)
   end
 
   it "should enforce a maximum salt of 32 bytes" do
     @password = SCrypt::Password.create(@secret, :salt_size => 33)
-    @password.salt.length.should eq(32 * 2)
+    expect(@password.salt.length).to eq(32 * 2)
   end
 
   it "should pad a 20-byte salt to not look like a 20-byte SHA1" do
     @password = SCrypt::Password.create(@secret, :salt_size => 20)
-    @password.salt.length.should eq(41)
+    expect(@password.salt.length).to eq(41)
   end
 
   it "should properly compare a non-standard salt hash" do
     @password = SCrypt::Password.create(@secret, :salt_size => 20)
-    (SCrypt::Password.new(@password.to_s) == @secret).should be(true)
+    expect((SCrypt::Password.new(@password.to_s) == @secret)).to be(true)
   end
 
 end
@@ -100,22 +100,22 @@ describe "non-default key lengths" do
 
   it "should enforce a minimum keylength of 16 bytes" do
     @password = SCrypt::Password.create(@secret, :key_len => 15)
-    @password.digest.length.should eq(16 * 2)
+    expect(@password.digest.length).to eq(16 * 2)
   end
 
   it "should allow a keylength of 512 bytes" do
     @password = SCrypt::Password.create(@secret, :key_len => 512)
-    @password.digest.length.should eq(512 * 2)
+    expect(@password.digest.length).to eq(512 * 2)
   end
 
   it "should enforce a maximum keylength of 512 bytes" do
     @password = SCrypt::Password.create(@secret, :key_len => 513)
-    @password.digest.length.should eq(512 * 2)
+    expect(@password.digest.length).to eq(512 * 2)
   end
 
   it "should properly compare a non-standard hash" do
     @password = SCrypt::Password.create(@secret, :key_len => 512)
-    (SCrypt::Password.new(@password.to_s) == @secret).should be(true)
+    expect((SCrypt::Password.new(@password.to_s) == @secret)).to be(true)
   end
 
 end
@@ -127,13 +127,13 @@ describe "Old-style hashes" do
   end
 
   it "should compare successfully" do
-    (SCrypt::Password.new(@hash) == @secret).should be(true)
+    expect((SCrypt::Password.new(@hash) == @secret)).to be(true)
   end
 end
 
 describe "Respecting standard ruby behaviors" do
   it 'should hash as a fixnum' do
     password = SCrypt::Password.create('')
-    password.hash.should be_kind_of(Fixnum)
+    expect(password.hash).to be_kind_of(Fixnum)
   end
 end

data/spec/scrypt/utils_spec.rb

@@ -0,0 +1,12 @@
+require File.expand_path(File.join(File.dirname(__FILE__), "..", "spec_helper"))
+
+describe "Security Utils" do
+  it "should perform a string comparison" do
+    expect(SCrypt::SecurityUtils.secure_compare('a', 'a')).to equal(true)
+    expect(SCrypt::SecurityUtils.secure_compare('a', 'b')).to equal(false)
+    expect(SCrypt::SecurityUtils.secure_compare('aa', 'aa')).to equal(true)
+    expect(SCrypt::SecurityUtils.secure_compare('aa', 'ab')).to equal(false)
+    expect(SCrypt::SecurityUtils.secure_compare('aa', 'aaa')).to equal(false)
+    expect(SCrypt::SecurityUtils.secure_compare('aaa', 'aa')).to equal(false)
+  end
+end