File Coverage

blib/lib/Digest/Bcrypt.pm

Criterion	Covered	Total	%
statement	104	104	100.0
branch	38	42	90.4
condition	14	15	93.3
subroutine	20	20	100.0
pod	10	10	100.0
total	186	191	97.3

line	stmt	bran	cond	sub	pod	time	code
1							package Digest::Bcrypt;
2	4			4		86309	use parent 'Digest::base';
	4					1268
	4					24
3
4	4			4		248	use strict;
	4					8
	4					72
5	4			4		19	use warnings;
	4					8
	4					129
6							require bytes;
7
8	4			4		20	use Carp ();
	4					7
	4					72
9	4			4		1837	use Crypt::Bcrypt qw(bcrypt bcrypt_check);
	4					7440
	4					249
10	4			4		31	use MIME::Base64 qw(decode_base64 encode_base64);
	4					8
	4					156
11	4			4		2373	use utf8;
	4					61
	4					22
12
13							our $VERSION = '1.211';
14
15							sub add {
16	22			22	1	4551	my $self = shift;
17	22					73	$self->{_buffer} .= join('', @_);
18	22					50	return $self;
19							}
20
21							sub bcrypt_b64digest {
22	2			2	1	8	my $encoded = encode_base64(shift->digest, "");
23	2					6	$encoded =~ tr{A-Za-z0-9+/=}{./A-Za-z0-9}d;
24	2					7	return $encoded;
25							}
26
27							sub clone {
28	2			2	1	5	my $self = shift;
29							return undef
30	2	50				6	unless my $clone = $self->new(
31							cost => $self->cost,
32							salt => $self->salt,
33							type => $self->type,
34							);
35	2					6	$clone->add($self->{_buffer});
36	2					6	return $clone;
37							}
38
39							sub cost {
40	111			111	1	4814	my $self = shift;
41	111	100				413	return $self->{cost} unless @_;
42
43	45					66	my $cost = shift;
44
45							# allow and undefined value to clear it
46	45	100				118	unless (defined $cost) {
47	2					6	delete $self->{cost};
48	2					7	return $self;
49							}
50	43					130	$self->_check_cost($cost);
51
52							# bcrypt requires 2 digit costs, it dies if it's a single digit.
53	39					200	$self->{cost} = sprintf("%02d", $cost);
54	39					80	return $self;
55							}
56
57							sub digest {
58	14			14	1	34	my $self = shift;
59	14					54	$self->_check_cost;
60	13					40	$self->_check_salt;
61
62	12	50				72	my $type = defined($self->{type}) ? $self->{type} : '2a';
63	12					26	my $hash = bcrypt($self->{_buffer}, $type, $self->cost, $self->salt);
64	12					49624	my $settings = $self->settings;
65	12					38	$self->reset;
66	12					40	return _de_base64(substr($hash, length($settings)));
67							}
68
69							# new isn't actually implemented in the base class. eww.
70							sub new {
71	39			39	1	21043	my $class = shift;
72	39		66			243	my $self = bless {_buffer => '',}, ref $class \|\| $class;
73	39	100				124	return $self unless @_;
74	28	100				87	my $params = @_ > 1 ? {@_} : {%{$_[0]}};
	16					91
75	24	100				92	$self->cost($params->{cost}) if $params->{cost};
76	24	100				121	$self->salt($params->{salt}) if $params->{salt};
77	24	100				78	$self->settings($params->{settings}) if $params->{settings};
78	24	50				57	$self->type($params->{type}) if $params->{type};
79	24					104	return $self;
80							}
81
82							sub reset {
83	22			22	1	10123	my $self = shift;
84	22					46	$self->{_buffer} = '';
85	22					40	delete $self->{cost};
86	22					35	delete $self->{salt};
87	22					30	delete $self->{type};
88	22					38	return $self;
89							}
90
91							sub salt {
92	126			126	1	16921	my $self = shift;
93	126	100				491	return $self->{salt} unless @_;
94
95	40					64	my $salt = shift;
96
97							# allow and undefined value to clear it
98	40	100				93	unless (defined $salt) {
99	2					6	delete $self->{salt};
100	2					5	return $self;
101							}
102
103							# all other values go through the check
104	38					157	$self->_check_salt($salt);
105	36					3075	$self->{salt} = $salt;
106	36					59	return $self;
107							}
108
109							sub settings {
110	31			31	1	1546	my $self = shift;
111	31	100				113	unless (@_) {
112	20					105	my $cost = sprintf('%02d', $self->{cost});
113	20					50	my $salt_base64 = encode_base64($self->salt, "");
114	20					48	$salt_base64 =~ tr{A-Za-z0-9+/=}{./A-Za-z0-9}d;
115	20	100				58	my $type = defined($self->{type}) ? $self->{type} : '2a';
116	20					88	return "\$${type}\$${cost}\$${salt_base64}";
117							}
118	11					26	my $settings = shift;
119	11	100				366	Carp::croak "bad bcrypt settings"
120							unless $settings =~ m#\A\$(2[abxy])\$([0-9]{2})\$
121							([./A-Za-z0-9]{22})#x;
122	9					43	my ($type, $cost, $salt_base64) = ($1, $2, $3);
123	9					35	$self->type($type);
124	9					27	$self->cost($cost);
125	8					21	$self->salt(_de_base64($salt_base64));
126	8					15	return $self;
127							}
128
129							sub type {
130	11			11	1	19	my $self = shift;
131	11	100				30	return $self->{type} unless (@_);
132
133	9					17	my $type = shift;
134	9	50				34	Carp::croak "bad bcrypt type" unless $type =~ /^2[abxy]$/;
135	9					77	$self->{type} = $type;
136	9					17	return $self;
137							}
138
139							# Checks that the cost is an integer in the range 1-31. Croaks if it isn't
140							sub _check_cost {
141	57			57		114	my ($self, $cost) = @_;
142	57	100				133	$cost = defined $cost ? $cost : $self->cost;
143	57	100	100			649	if (!defined $cost \|\| $cost !~ /^\d+$/ \|\| ($cost < 5 \|\| $cost > 31)) {
			100
			100
144	5					460	Carp::croak "Cost must be an integer between 5 and 31";
145							}
146							}
147
148							# Checks that the salt exactly 16 octets long. Croaks if it isn't
149							sub _check_salt {
150	51			51		112	my ($self, $salt) = @_;
151	51	100				129	$salt = defined $salt ? $salt : $self->salt;
152	51	100	100			248	unless ($salt && bytes::length($salt) == 16) {
153	3					1118	Carp::croak "Salt must be exactly 16 octets long";
154							}
155							}
156
157							sub _de_base64 {
158	20			20		111	my ($text) = @_;
159	20					47	$text =~ tr#./A-Za-z0-9#A-Za-z0-9+/#;
160	20					159	return decode_base64($text);
161							}
162
163
164							1;
165
166							=encoding utf8
167
168							=head1 NAME
169
170							Digest::Bcrypt - Perl interface to the bcrypt digest algorithm
171
172							=head1 SYNOPSIS
173
174							#!/usr/bin/env perl
175							use strict;
176							use warnings;
177							use utf8;
178							use Digest; # via the Digest module (recommended)
179
180							my $bcrypt = Digest->new('Bcrypt', cost => 12, salt => 'abcdefgh♥stuff');
181							# You can forego the cost and salt in favor of settings strings:
182							my $bcrypt = Digest->new('Bcrypt', settings => '$2a$20$GA.eY03tb02ea0DqbA.eG.');
183
184							# $cost is an integer between 5 and 31
185							$bcrypt->cost(12);
186
187							# $type is a selection between 2a, 2b, 2x, and 2y
188							$bcrypt->type('2b');
189
190							# $salt must be exactly 16 octets long
191							$bcrypt->salt('abcdefgh♥stuff');
192							# OR, for good, random salts:
193							use Data::Entropy::Algorithms qw(rand_bits);
194							$bcrypt->salt(rand_bits(16*8)); # 16 octets
195
196							# You can forego the cost and salt in favor of settings strings:
197							$bcrypt->settings('$2a$20$GA.eY03tb02ea0DqbA.eG.');
198
199							# add some strings we want to make a secret of
200							$bcrypt->add('some stuff', 'here and', 'here');
201
202							my $digest = $bcrypt->digest;
203							$digest = $bcrypt->hexdigest;
204							$digest = $bcrypt->b64digest;
205
206							# bcrypt's own non-standard base64 dictionary
207							$digest = $bcrypt->bcrypt_b64digest;
208
209							# Now, let's create a password hash and check it later:
210							use Data::Entropy::Algorithms qw(rand_bits);
211							my $bcrypt = Digest->new('Bcrypt', type => '2b', cost => 20, salt => rand_bits(16*8));
212							my $settings = $bcrypt->settings(); # save for later checks.
213							my $pass_hash = $bcrypt->add('Some secret password')->digest;
214
215							# much later, we can check a password against our hash via:
216							my $bcrypt = Digest->new('Bcrypt', settings => $settings);
217							if ($bcrypt->add($value_from_user)->digest eq $known_pass_hash) {
218							say "Your password matched";
219							}
220							else {
221							say "Try again!";
222							}
223
224							# Now that you've seen how cumbersome/silly that is,
225							# please use Crypt::Bcrypt instead of this module.
226
227							=head1 NOTICE
228
229							While maintenance for L will continue, there's no reason to use
230							L when L already exists. We strongly suggest
231							that you use L instead.
232
233							This C interface is crufty and laborious to use when compared
234							to that of L.
235
236							=head1 DESCRIPTION
237
238							L provides a L-based interface to the
239							L library.
240
241							Please note that you B set a C of exactly 16 octets in length,
242							and you B provide a C in the range C<1..31>.
243
244							=head1 ATTRIBUTES
245
246							L implements the following attributes.
247
248							=head2 cost
249
250							$bcrypt = $bcrypt->cost(20); # allows for method chaining
251							my $cost = $bcrypt->cost();
252
253							An integer in the range C<5..31>, this is required.
254
255							See L for a detailed description of C
256							in the context of the bcrypt algorithm.
257
258							When called with no arguments, it will return the current cost.
259
260							=head2 salt
261
262							$bcrypt = $bcrypt->salt('abcdefgh♥stuff'); # allows for method chaining
263							my $salt = $bcrypt->salt();
264
265							# OR, for good, random salts:
266							use Data::Entropy::Algorithms qw(rand_bits);
267							$bcrypt->salt(rand_bits(16*8)); # 16 octets
268
269							Sets the value to be used as a salt. Bcrypt requires B 16 octets of salt.
270
271							It is recommenced that you use a module like L to
272							provide a truly randomized salt.
273
274							When called with no arguments, it will return the current salt.
275
276							=head2 settings
277
278							$bcrypt = $bcrypt->settings('$2a$20$GA.eY03tb02ea0DqbA.eG.'); # allows for method chaining
279							my $settings = $bcrypt->settings();
280
281							A C string can be used to set the L and
282							L automatically. Setting the C will override any
283							current values in your C and C attributes.
284
285							For details on the C string requirements, please see L.
286
287							When called with no arguments, it will return the current settings string.
288
289							=head2 type
290
291							$bcrypt = $bcrypt->type('2b');
292							# method chaining on mutations
293							say $bcrypt->type(); # 2b
294
295							This sets the subtype of bcrypt used. These subtypes are as defined in L.
296							The available types are:
297							C<2b> which is the current standard,
298							C<2a> which is older; it's the one used in L,
299							C<2y> which is considered equivalent to C<2b> and used in PHP.
300							C<2x> which is very broken and only needed to work with ancient PHP versions.
301
302							=head1 METHODS
303
304							L inherits all methods from L and implements/overrides
305							the following methods as well.
306
307							=head2 new
308
309							my $bcrypt = Digest->new('Bcrypt', %params);
310							my $bcrypt = Digest::Bcrypt->new(%params);
311							my $bcrypt = Digest->new('Bcrypt', \%params);
312							my $bcrypt = Digest::Bcrypt->new(\%params);
313
314							Creates a new C object. It is recommended that you use the L
315							module in the first example rather than using L directly.
316
317							Any of the L above can be passed in as a parameter.
318
319							=head2 add
320
321							$bcrypt->add("a"); $bcrypt->add("b"); $bcrypt->add("c");
322							$bcrypt->add("a")->add("b")->add("c");
323							$bcrypt->add("a", "b", "c");
324							$bcrypt->add("abc");
325
326							Adds data to the message we are calculating the digest for. All the above
327							examples have the same effect.
328
329							=head2 b64digest
330
331							my $digest = $bcrypt->b64digest;
332
333							Same as L, but will return the digest base64 encoded.
334
335							The C of the returned string will be 31 and will only contain characters
336							from the ranges C<'0'..'9'>, C<'A'..'Z'>, C<'a'..'z'>, C<'+'>, and C<'/'>
337
338							The base64 encoded string returned is not padded to be a multiple of 4 bytes long.
339
340							=head2 bcrypt_b64digest
341
342							my $digest = $bcrypt->bcrypt_b64digest;
343
344							Same as L, but will return the digest base64 encoded using the alphabet
345							that is commonly used with bcrypt.
346
347							The C of the returned string will be 31 and will only contain characters
348							from the ranges C<'0'..'9'>, C<'A'..'Z'>, C<'a'..'z'>, C<'+'>, and C<'.'>
349
350							The base64 encoded string returned is not padded to be a multiple of 4 bytes long.
351
352							I This is bcrypt's own non-standard base64 alphabet, It is B
353							compatible with the standard MIME base64 encoding.
354
355							=head2 clone
356
357							my $clone = $bcrypt->clone;
358
359							Creates a clone of the C object, and returns it.
360
361							=head2 digest
362
363							my $digest = $bcrypt->digest;
364
365							Returns the binary digest for the message. The returned string will be 23 bytes long.
366
367							=head2 hexdigest
368
369							my $digest = $bcrypt->hexdigest;
370
371							Same as L, but will return the digest in hexadecimal form.
372
373							The C of the returned string will be 46 and will only contain
374							characters from the ranges C<'0'..'9'> and C<'a'..'f'>.
375
376							=head2 reset
377
378							$bcrypt->reset;
379
380							Resets the object to the same internal state it was in when it was constructed.
381
382							=head1 SEE ALSO
383
384							L, L, L
385
386							=head1 AUTHOR
387
388							James Aitken C
389
390							=head1 CONTRIBUTORS
391
392							=over
393
394							=item *
395
396							Chase Whitener C
397
398							=back
399
400							=head1 COPYRIGHT AND LICENSE
401
402							This software is copyright (c) 2012 by James Aitken.
403
404							This is free software; you can redistribute it and/or modify it under
405							the same terms as the Perl 5 programming language system itself.
406
407							=cut