line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package PHP::Functions::Password; |
2
|
6
|
|
|
6
|
|
12135
|
use strict; |
|
6
|
|
|
|
|
15
|
|
|
6
|
|
|
|
|
182
|
|
3
|
6
|
|
|
6
|
|
28
|
use warnings; |
|
6
|
|
|
|
|
10
|
|
|
6
|
|
|
|
|
163
|
|
4
|
6
|
|
|
6
|
|
26
|
use Carp qw(carp croak); |
|
6
|
|
|
|
|
41
|
|
|
6
|
|
|
|
|
384
|
|
5
|
6
|
|
|
6
|
|
2439
|
use Crypt::Eksblowfish (); |
|
6
|
|
|
|
|
10552
|
|
|
6
|
|
|
|
|
126
|
|
6
|
6
|
|
|
6
|
|
2254
|
use Crypt::OpenSSL::Random (); |
|
6
|
|
|
|
|
10031
|
|
|
6
|
|
|
|
|
190
|
|
7
|
6
|
|
|
6
|
|
2226
|
use MIME::Base64 qw(encode_base64 decode_base64); |
|
6
|
|
|
|
|
3295
|
|
|
6
|
|
|
|
|
425
|
|
8
|
6
|
|
|
6
|
|
2868
|
use Readonly qw(Readonly); |
|
6
|
|
|
|
|
22032
|
|
|
6
|
|
|
|
|
383
|
|
9
|
6
|
|
|
6
|
|
2501
|
use version 0.77 (); |
|
6
|
|
|
|
|
10133
|
|
|
6
|
|
|
|
|
183
|
|
10
|
6
|
|
|
6
|
|
50
|
use base qw(Exporter); |
|
6
|
|
|
|
|
14
|
|
|
6
|
|
|
|
|
1364
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
our @EXPORT; |
13
|
|
|
|
|
|
|
our @EXPORT_OK = qw( |
14
|
|
|
|
|
|
|
password_algos |
15
|
|
|
|
|
|
|
password_get_info |
16
|
|
|
|
|
|
|
password_hash |
17
|
|
|
|
|
|
|
password_needs_rehash |
18
|
|
|
|
|
|
|
password_verify |
19
|
|
|
|
|
|
|
PASSWORD_BCRYPT |
20
|
|
|
|
|
|
|
PASSWORD_ARGON2I |
21
|
|
|
|
|
|
|
PASSWORD_ARGON2ID |
22
|
|
|
|
|
|
|
PASSWORD_DEFAULT |
23
|
|
|
|
|
|
|
); |
24
|
|
|
|
|
|
|
our %EXPORT_TAGS = ( |
25
|
|
|
|
|
|
|
'all' => \@EXPORT_OK, |
26
|
|
|
|
|
|
|
'default' => \@EXPORT, |
27
|
|
|
|
|
|
|
'consts' => [ grep /^PASSWORD_/, @EXPORT_OK ], |
28
|
|
|
|
|
|
|
'funcs' => [ grep /^password_/, @EXPORT_OK ], |
29
|
|
|
|
|
|
|
); |
30
|
|
|
|
|
|
|
our $VERSION = '1.12'; |
31
|
|
|
|
|
|
|
|
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
# Exported constants |
34
|
6
|
|
|
6
|
|
43
|
use constant PASSWORD_BCRYPT => 1; |
|
6
|
|
|
|
|
14
|
|
|
6
|
|
|
|
|
557
|
|
35
|
6
|
|
|
6
|
|
37
|
use constant PASSWORD_ARGON2I => 2; |
|
6
|
|
|
|
|
11
|
|
|
6
|
|
|
|
|
242
|
|
36
|
6
|
|
|
6
|
|
32
|
use constant PASSWORD_ARGON2ID => 3; |
|
6
|
|
|
|
|
23
|
|
|
6
|
|
|
|
|
364
|
|
37
|
6
|
|
|
6
|
|
32
|
use constant PASSWORD_DEFAULT => PASSWORD_BCRYPT; |
|
6
|
|
|
|
|
128
|
|
|
6
|
|
|
|
|
16575
|
|
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
|
40
|
|
|
|
|
|
|
# Internal constants |
41
|
|
|
|
|
|
|
Readonly my $PASSWORD_BCRYPT_DEFAULT_COST => 10; # no such PHP constant |
42
|
|
|
|
|
|
|
Readonly my $PASSWORD_ARGON2_DEFAULT_SALT_LENGTH => 16; # no such PHP constant |
43
|
|
|
|
|
|
|
Readonly my $PASSWORD_ARGON2_DEFAULT_MEMORY_COST => 65536; |
44
|
|
|
|
|
|
|
Readonly my $PASSWORD_ARGON2_DEFAULT_TIME_COST => 4; |
45
|
|
|
|
|
|
|
Readonly my $PASSWORD_ARGON2_DEFAULT_THREADS => 1; |
46
|
|
|
|
|
|
|
Readonly my $PASSWORD_ARGON2_DEFAULT_TAG_LENGTH => 32; # no such PHP constant |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
Readonly my $SIG_BCRYPT => '2y'; # PHP default |
49
|
|
|
|
|
|
|
Readonly my $SIG_ARGON2I => 'argon2i'; |
50
|
|
|
|
|
|
|
Readonly my $SIG_ARGON2ID => 'argon2id'; |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
Readonly my %SIG_TO_ALGO => ( |
53
|
|
|
|
|
|
|
$SIG_BCRYPT => PASSWORD_BCRYPT, |
54
|
|
|
|
|
|
|
$SIG_ARGON2I => PASSWORD_ARGON2I, |
55
|
|
|
|
|
|
|
$SIG_ARGON2ID => PASSWORD_ARGON2ID, |
56
|
|
|
|
|
|
|
); |
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
# https://en.wikipedia.org/wiki/Bcrypt |
59
|
|
|
|
|
|
|
Readonly my $RE_BCRYPT_ALGO => qr#2[abxy]?#; |
60
|
|
|
|
|
|
|
Readonly my $RE_BCRYPT_SALT => qr#[./A-Za-z0-9]{22}#; # fixed 16 byte salt |
61
|
|
|
|
|
|
|
Readonly my $RE_BCRYPT_COST => qr#[0-3]\d#; |
62
|
|
|
|
|
|
|
Readonly my $RE_BCRYPT_HASH => qr#[./A-Za-z0-9]+#; |
63
|
|
|
|
|
|
|
Readonly my $RE_BCRYPT_STRING => qr/^ |
64
|
|
|
|
|
|
|
\$ |
65
|
|
|
|
|
|
|
($RE_BCRYPT_ALGO) # $1 type |
66
|
|
|
|
|
|
|
\$ |
67
|
|
|
|
|
|
|
($RE_BCRYPT_COST) # $2 cost |
68
|
|
|
|
|
|
|
\$ |
69
|
|
|
|
|
|
|
($RE_BCRYPT_SALT) # $3 salt |
70
|
|
|
|
|
|
|
($RE_BCRYPT_HASH) # $4 hash |
71
|
|
|
|
|
|
|
$/x; |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
# See https://www.alexedwards.net/blog/how-to-hash-and-verify-passwords-with-argon2-in-go |
74
|
|
|
|
|
|
|
Readonly my $RE_ARGON2_ALGO => qr#argon2id?#; |
75
|
|
|
|
|
|
|
Readonly my $RE_ARGON2_STRING => qr/^ |
76
|
|
|
|
|
|
|
\$ |
77
|
|
|
|
|
|
|
($RE_ARGON2_ALGO) # $1 signature |
78
|
|
|
|
|
|
|
\$ |
79
|
|
|
|
|
|
|
v=(\d{1,3}) # $2 version |
80
|
|
|
|
|
|
|
\$ |
81
|
|
|
|
|
|
|
m=(\d{1,10}), # $3 memory_cost |
82
|
|
|
|
|
|
|
t=(\d{1,3}), # $4 time_cost |
83
|
|
|
|
|
|
|
p=(\d{1,3}) # $5 threads |
84
|
|
|
|
|
|
|
\$ |
85
|
|
|
|
|
|
|
([A-Za-z0-9+\/]+) # $6 salt |
86
|
|
|
|
|
|
|
\$ |
87
|
|
|
|
|
|
|
([A-Za-z0-9+\/]+) # $7 hash |
88
|
|
|
|
|
|
|
$/x; |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
=head1 NAME |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
PHP::Functions::Password - Perl ports of PHP password functions |
93
|
|
|
|
|
|
|
|
94
|
|
|
|
|
|
|
=head1 DESCRIPTION |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
This module provides ported PHP password functions. |
97
|
|
|
|
|
|
|
This module supports the bcrypt, argon2i, and argon2id algorithms, as is the case with the equivalent PHP functions at the date of writing this. |
98
|
|
|
|
|
|
|
All functions may also be called as class methods and support inheritance too. |
99
|
|
|
|
|
|
|
See L for detailed usage instructions. |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
=head1 SYNOPSIS |
102
|
|
|
|
|
|
|
|
103
|
|
|
|
|
|
|
use PHP::Functions::Password (); |
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
Functional interface, typical use: |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
use PHP::Functions::Password qw(password_hash); |
108
|
|
|
|
|
|
|
my $password = 'secret'; |
109
|
|
|
|
|
|
|
my $crypted_string = password_hash($password); # uses PASSWORD_BCRYPT algorithm |
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
Functional interface use, using options: |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
use PHP::Functions::Password qw(:all); |
114
|
|
|
|
|
|
|
my $password = 'secret'; |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
# Specify options (see PHP docs for which): |
117
|
|
|
|
|
|
|
my $crypted_string = password_hash($password, PASSWORD_DEFAULT, cost => 11); |
118
|
|
|
|
|
|
|
|
119
|
|
|
|
|
|
|
# Use a different algorithm: |
120
|
|
|
|
|
|
|
my $crypted_string = password_hash($password, PASSWORD_ARGON2ID); |
121
|
|
|
|
|
|
|
|
122
|
|
|
|
|
|
|
Class method use, using options: |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
use PHP::Functions::Password; |
125
|
|
|
|
|
|
|
my $password = 'secret'; |
126
|
|
|
|
|
|
|
my $crypted_string = PHP::Functions::Password->hash($password, cost => 9); |
127
|
|
|
|
|
|
|
# Note that the 2nd argument of password_hash() has been dropped here and may be specified |
128
|
|
|
|
|
|
|
# as an option as should've been the case in the original password_hash() function IMHO. |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
=head1 EXPORTS |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
The following names can be imported into the calling namespace by request: |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
password_algos |
135
|
|
|
|
|
|
|
password_get_info |
136
|
|
|
|
|
|
|
password_hash |
137
|
|
|
|
|
|
|
password_needs_rehash |
138
|
|
|
|
|
|
|
password_verify |
139
|
|
|
|
|
|
|
PASSWORD_ARGON2I |
140
|
|
|
|
|
|
|
PASSWORD_ARGON2ID |
141
|
|
|
|
|
|
|
PASSWORD_BCRYPT |
142
|
|
|
|
|
|
|
PASSWORD_DEFAULT |
143
|
|
|
|
|
|
|
:all - what it says |
144
|
|
|
|
|
|
|
:consts - the PASSWORD_* constants |
145
|
|
|
|
|
|
|
:funcs - the password_* functions |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
=head1 PHP COMPATIBLE AND EXPORTABLE FUNCTIONS |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=over |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
=item password_algos() |
152
|
|
|
|
|
|
|
|
153
|
|
|
|
|
|
|
The same as L |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
Returns an array of supported password algorithm signatures. |
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
=cut |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
sub password_algos { |
160
|
2
|
|
|
2
|
1
|
1057
|
my @result = ($SIG_BCRYPT); |
161
|
2
|
50
|
33
|
|
|
16
|
if ($INC{'Crypt/Argon2.pm'} || eval { require Crypt::Argon2; }) { |
|
2
|
|
|
|
|
793
|
|
162
|
2
|
|
|
|
|
1674
|
push(@result, $SIG_ARGON2I, $SIG_ARGON2ID); |
163
|
|
|
|
|
|
|
} |
164
|
2
|
|
|
|
|
23
|
return @result; |
165
|
|
|
|
|
|
|
} |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
|
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
=item password_get_info($crypted) |
171
|
|
|
|
|
|
|
|
172
|
|
|
|
|
|
|
The same as L |
173
|
|
|
|
|
|
|
with the exception that it returns the following additional keys in the result: |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
algoSig e.g. '2y' |
176
|
|
|
|
|
|
|
salt (encoded) |
177
|
|
|
|
|
|
|
hash (encoded) |
178
|
|
|
|
|
|
|
version (only for argon2 algorithms) |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
Returns a hash in array context, else a hashref. |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
=cut |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
sub password_get_info { |
185
|
34
|
100
|
66
|
34
|
1
|
3936
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
186
|
34
|
|
|
|
|
53
|
my $crypted = shift; |
187
|
34
|
100
|
|
|
|
132
|
if ($crypted =~ $RE_BCRYPT_STRING) { |
|
|
100
|
|
|
|
|
|
188
|
18
|
|
|
|
|
197
|
my $type = $1; |
189
|
18
|
|
|
|
|
52
|
my $cost = int($2); |
190
|
18
|
|
|
|
|
33
|
my $salt = $3; |
191
|
18
|
|
|
|
|
31
|
my $hash = $4; |
192
|
18
|
|
|
|
|
86
|
my %result = ( |
193
|
|
|
|
|
|
|
'algo' => PASSWORD_BCRYPT, |
194
|
|
|
|
|
|
|
'algoName' => 'bcrypt', |
195
|
|
|
|
|
|
|
'options' => { |
196
|
|
|
|
|
|
|
'cost' => $cost, |
197
|
|
|
|
|
|
|
}, |
198
|
|
|
|
|
|
|
'algoSig' => $type, # extra |
199
|
|
|
|
|
|
|
'salt' => $salt, # extra |
200
|
|
|
|
|
|
|
'hash' => $hash, # extra |
201
|
|
|
|
|
|
|
); |
202
|
18
|
100
|
|
|
|
102
|
return wantarray ? %result : \%result; |
203
|
|
|
|
|
|
|
} |
204
|
|
|
|
|
|
|
elsif ($crypted =~ $RE_ARGON2_STRING) { |
205
|
10
|
|
|
|
|
166
|
my $sig = $1; |
206
|
10
|
|
|
|
|
28
|
my $version = int($2); |
207
|
10
|
|
|
|
|
18
|
my $memory_cost = int($3); |
208
|
10
|
|
|
|
|
17
|
my $time_cost = int($4); |
209
|
10
|
|
|
|
|
16
|
my $threads = int($5); |
210
|
10
|
|
|
|
|
16
|
my $salt = $6; |
211
|
10
|
|
|
|
|
13
|
my $hash = $7; |
212
|
|
|
|
|
|
|
#my $raw_salt = decode_base64($salt); |
213
|
|
|
|
|
|
|
#my $raw_hash = decode_base64($hash); |
214
|
|
|
|
|
|
|
my %result = ( |
215
|
10
|
|
|
|
|
41
|
'algo' => $SIG_TO_ALGO{$sig}, |
216
|
|
|
|
|
|
|
'algoName' => $sig, |
217
|
|
|
|
|
|
|
'options' => { |
218
|
|
|
|
|
|
|
'memory_cost' => $memory_cost, |
219
|
|
|
|
|
|
|
'time_cost' => $time_cost, |
220
|
|
|
|
|
|
|
'threads' => $threads, |
221
|
|
|
|
|
|
|
}, |
222
|
|
|
|
|
|
|
'algoSig' => $sig, |
223
|
|
|
|
|
|
|
'salt' => $salt, |
224
|
|
|
|
|
|
|
'hash' => $hash, |
225
|
|
|
|
|
|
|
'version' => $version, |
226
|
|
|
|
|
|
|
); |
227
|
10
|
100
|
|
|
|
169
|
return wantarray ? %result : \%result; |
228
|
|
|
|
|
|
|
} |
229
|
|
|
|
|
|
|
|
230
|
|
|
|
|
|
|
# No matches: |
231
|
6
|
|
|
|
|
90
|
my %result = ( |
232
|
|
|
|
|
|
|
'algo' => 0, |
233
|
|
|
|
|
|
|
'algoName' => 'unknown', |
234
|
|
|
|
|
|
|
'options' => {}, |
235
|
|
|
|
|
|
|
); |
236
|
6
|
100
|
|
|
|
28
|
return wantarray ? %result : \%result; |
237
|
|
|
|
|
|
|
} |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
|
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
|
242
|
|
|
|
|
|
|
=item password_hash($password, $algo, %options) |
243
|
|
|
|
|
|
|
|
244
|
|
|
|
|
|
|
Similar to L |
245
|
|
|
|
|
|
|
with difference that the $algo argument is optional and defaults to PASSWORD_DEFAULT for your programming pleasure. |
246
|
|
|
|
|
|
|
|
247
|
|
|
|
|
|
|
Important notes about the 'salt' option which you shouldn't use: |
248
|
|
|
|
|
|
|
|
249
|
|
|
|
|
|
|
- The PASSWORD_BCRYPT 'salt' option is deprecated since PHP 7.0, but if you do pass it, then it must be bcrypt custom base64 encoded and not raw bytes! |
250
|
|
|
|
|
|
|
- For algorithms other than PASSWORD_BCRYPT, PHP doesn't support the 'salt' option, but if you do pass it, then it must be in raw bytes! |
251
|
|
|
|
|
|
|
|
252
|
|
|
|
|
|
|
=cut |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
sub password_hash { |
255
|
41
|
50
|
33
|
41
|
1
|
236
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
256
|
41
|
|
|
|
|
74
|
my $password = shift; |
257
|
41
|
|
50
|
|
|
140
|
my $algo = shift // PASSWORD_DEFAULT; |
258
|
41
|
50
|
66
|
|
|
199
|
my %options = @_ && ref($_[0]) ? %{$_[0]} : @_; |
|
0
|
|
|
|
|
0
|
|
259
|
41
|
100
|
66
|
|
|
139
|
if ($algo == PASSWORD_BCRYPT) { |
|
|
50
|
|
|
|
|
|
260
|
35
|
|
|
|
|
55
|
my $salt; |
261
|
35
|
100
|
66
|
|
|
157
|
if (defined($options{'salt'}) && length($options{'salt'})) { # bcrypt custom base64 encoded! |
262
|
32
|
50
|
|
|
|
170
|
unless ($options{'salt'} =~ /^$RE_BCRYPT_SALT$/) { |
263
|
0
|
|
|
|
|
0
|
croak('Bad syntax in given and deprecated salt option (' . $options{'salt'} . ')'); |
264
|
|
|
|
|
|
|
} |
265
|
32
|
|
|
|
|
377
|
$salt = $options{'salt'}; |
266
|
|
|
|
|
|
|
} |
267
|
|
|
|
|
|
|
else { |
268
|
3
|
|
|
|
|
64
|
$salt = $proto->_bcrypt_base64_encode(Crypt::OpenSSL::Random::random_bytes(16)); |
269
|
|
|
|
|
|
|
} |
270
|
35
|
|
66
|
|
|
124
|
my $cost = $options{'cost'} || $PASSWORD_BCRYPT_DEFAULT_COST; |
271
|
35
|
|
|
|
|
113
|
my $settings = '$' . $SIG_BCRYPT . '$' . sprintf('%.2u', $cost) . '$' . $salt; |
272
|
35
|
|
|
|
|
480
|
return $proto->_bcrypt($password, $settings); |
273
|
|
|
|
|
|
|
} |
274
|
|
|
|
|
|
|
elsif (($algo == PASSWORD_ARGON2ID) || ($algo == PASSWORD_ARGON2I)) { |
275
|
6
|
50
|
33
|
|
|
39
|
unless ($INC{'Crypt/Argon2.pm'} || eval { require Crypt::Argon2; }) { |
|
0
|
|
|
|
|
0
|
|
276
|
0
|
0
|
|
|
|
0
|
my $algo_const_name = $algo == PASSWORD_ARGON2ID ? PASSWORD_ARGON2ID : PASSWORD_ARGON2I; |
277
|
0
|
|
|
|
|
0
|
croak("Cannot use the $algo_const_name algorithm because the module Crypt::Argon2 is not installed"); |
278
|
|
|
|
|
|
|
} |
279
|
6
|
|
33
|
|
|
62
|
my $salt = $options{'salt'} || Crypt::OpenSSL::Random::random_bytes($PASSWORD_ARGON2_DEFAULT_SALT_LENGTH); # undocumented; not a PHP option; raw! |
280
|
6
|
|
33
|
|
|
2994
|
my $memory_cost = $options{'memory_cost'} || $PASSWORD_ARGON2_DEFAULT_MEMORY_COST; |
281
|
6
|
|
33
|
|
|
70
|
my $time_cost = $options{'time_cost'} || $PASSWORD_ARGON2_DEFAULT_TIME_COST; |
282
|
6
|
|
33
|
|
|
53
|
my $threads = $options{'threads'} || $PASSWORD_ARGON2_DEFAULT_THREADS; |
283
|
6
|
|
33
|
|
|
48
|
my $tag_length = $options{'tag_length'} || $PASSWORD_ARGON2_DEFAULT_TAG_LENGTH; # undocumented; not a PHP option; 4 - 2^32 - 1 |
284
|
|
|
|
|
|
|
|
285
|
|
|
|
|
|
|
# Ignore characters and treat strings as strings of bytes |
286
|
6
|
100
|
|
|
|
51
|
utf8::is_utf8($password) && utf8::encode($password); # "\x{100}" becomes "\xc4\x80"; preferred equivalent of Encode::is_utf8($string) && Encode::_utf8_off($password); |
287
|
|
|
|
|
|
|
|
288
|
6
|
|
|
|
|
24
|
my @args = ($password, $salt, $time_cost, $memory_cost . 'k', $threads, $tag_length); |
289
|
6
|
100
|
|
|
|
15
|
if ($algo == PASSWORD_ARGON2ID) { |
290
|
3
|
|
|
|
|
1530857
|
return Crypt::Argon2::argon2id_pass(@args); |
291
|
|
|
|
|
|
|
} |
292
|
|
|
|
|
|
|
else { |
293
|
3
|
|
|
|
|
1546218
|
return Crypt::Argon2::argon2i_pass(@args); |
294
|
|
|
|
|
|
|
} |
295
|
|
|
|
|
|
|
} |
296
|
|
|
|
|
|
|
else { |
297
|
0
|
|
|
|
|
0
|
croak("Unimplemented algorithm $algo"); |
298
|
|
|
|
|
|
|
} |
299
|
|
|
|
|
|
|
} |
300
|
|
|
|
|
|
|
|
301
|
|
|
|
|
|
|
|
302
|
|
|
|
|
|
|
|
303
|
|
|
|
|
|
|
|
304
|
|
|
|
|
|
|
=item password_needs_rehash($crypted, $algo, %options) |
305
|
|
|
|
|
|
|
|
306
|
|
|
|
|
|
|
The same as L. |
307
|
|
|
|
|
|
|
|
308
|
|
|
|
|
|
|
=cut |
309
|
|
|
|
|
|
|
|
310
|
|
|
|
|
|
|
sub password_needs_rehash { |
311
|
24
|
100
|
66
|
24
|
1
|
6730
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
312
|
24
|
|
|
|
|
46
|
my $crypted = shift; |
313
|
24
|
|
50
|
|
|
44
|
my $algo = shift(@_) // PASSWORD_DEFAULT; |
314
|
24
|
50
|
33
|
|
|
68
|
my %options = @_ && ref($_[0]) ? %{$_[0]} : @_; |
|
24
|
|
|
|
|
71
|
|
315
|
24
|
|
|
|
|
46
|
my %info = password_get_info($crypted); |
316
|
24
|
100
|
|
|
|
60
|
unless ($info{'algo'} == $algo) { |
317
|
2
|
50
|
|
|
|
5
|
$options{'debug'} && warn('Algorithms differ: ' . $info{'algo'} . "<>$algo"); |
318
|
2
|
|
|
|
|
6
|
return 1; |
319
|
|
|
|
|
|
|
} |
320
|
22
|
100
|
66
|
|
|
45
|
if ($algo == PASSWORD_BCRYPT) { |
|
|
100
|
|
|
|
|
|
321
|
12
|
100
|
|
|
|
28
|
if ($info{'algoSig'} ne $SIG_BCRYPT) { |
322
|
4
|
50
|
|
|
|
23
|
$options{'debug'} && warn('Algorithm signatures differ: ' . $info{'algoSig'} . ' vs ' . $SIG_BCRYPT); |
323
|
4
|
|
|
|
|
26
|
return 1; |
324
|
|
|
|
|
|
|
} |
325
|
8
|
|
66
|
|
|
44
|
my $cost = $options{'cost'} // $PASSWORD_BCRYPT_DEFAULT_COST; |
326
|
8
|
100
|
66
|
|
|
89
|
unless (defined($info{'options'}->{'cost'}) && ($info{'options'}->{'cost'} == $cost)) { |
327
|
4
|
50
|
|
|
|
8
|
$options{'debug'} && warn('Cost mismatch: ' . $info{'options'}->{'cost'} . "<>$cost"); |
328
|
4
|
|
|
|
|
13
|
return 1; |
329
|
|
|
|
|
|
|
} |
330
|
|
|
|
|
|
|
} |
331
|
|
|
|
|
|
|
elsif (($algo == PASSWORD_ARGON2ID) || ($algo == PASSWORD_ARGON2I)) { |
332
|
8
|
|
33
|
|
|
18
|
my $memory_cost = $options{'memory_cost'} // $PASSWORD_ARGON2_DEFAULT_MEMORY_COST; |
333
|
8
|
100
|
|
|
|
14
|
if ($info{'options'}->{'memory_cost'} != $memory_cost) { |
334
|
2
|
50
|
|
|
|
5
|
$options{'debug'} && warn('memory_cost mismatch: ' . $info{'options'}->{'memory_cost'} . "<>$memory_cost"); |
335
|
2
|
|
|
|
|
7
|
return 1; |
336
|
|
|
|
|
|
|
} |
337
|
6
|
|
33
|
|
|
11
|
my $time_cost = $options{'time_cost'} // $PASSWORD_ARGON2_DEFAULT_TIME_COST; |
338
|
6
|
100
|
|
|
|
10
|
if ($info{'options'}->{'time_cost'} != $time_cost) { |
339
|
2
|
50
|
|
|
|
5
|
$options{'debug'} && warn('time_cost mismatch: ' . $info{'options'}->{'time_cost'} . "<>$time_cost"); |
340
|
2
|
|
|
|
|
8
|
return 1; |
341
|
|
|
|
|
|
|
} |
342
|
4
|
|
33
|
|
|
8
|
my $threads = $options{'threads'} // $PASSWORD_ARGON2_DEFAULT_THREADS; |
343
|
4
|
100
|
|
|
|
7
|
if ($info{'options'}->{'threads'} != $threads) { |
344
|
2
|
50
|
|
|
|
6
|
$options{'debug'} && warn('threads mismatch: ' . $info{'options'}->{'threads'} . "<>$threads"); |
345
|
2
|
|
|
|
|
7
|
return 1; |
346
|
|
|
|
|
|
|
} |
347
|
2
|
50
|
33
|
|
|
9
|
my $wanted_salt_length = defined($options{'salt'}) && length($options{'salt'}) ? length($options{'salt'}) : $PASSWORD_ARGON2_DEFAULT_SALT_LENGTH; |
348
|
2
|
|
33
|
|
|
13
|
my $wanted_tag_length = $options{'tag_length'} || $PASSWORD_ARGON2_DEFAULT_TAG_LENGTH; # undocumented; not a PHP option; 4 - 2^32 - 1 |
349
|
|
|
|
|
|
|
|
350
|
2
|
50
|
66
|
|
|
15
|
if ($INC{'Crypt/Argon2.pm'} || eval { require Crypt::Argon2; }) { |
|
1
|
|
|
|
|
555
|
|
351
|
2
|
50
|
|
|
|
870
|
if (version->parse($Crypt::Argon2::VERSION) < version->parse('0.008')) { |
352
|
0
|
0
|
|
|
|
0
|
if ($info{'version'} < 19) { |
353
|
0
|
0
|
|
|
|
0
|
$options{'debug'} && warn('Version mismatch: ' . $info{'version'} . '<19'); |
354
|
0
|
|
|
|
|
0
|
return 1; |
355
|
|
|
|
|
|
|
} |
356
|
0
|
|
|
|
|
0
|
my $salt_encoded = $info{'salt'}; |
357
|
0
|
|
|
|
|
0
|
my $salt = decode_base64($salt_encoded); |
358
|
0
|
0
|
|
|
|
0
|
if (!defined($salt)) { |
359
|
0
|
0
|
|
|
|
0
|
$options{'debug'} && warn("decode_base64('$salt_encoded') failed"); |
360
|
0
|
|
|
|
|
0
|
return 1; |
361
|
|
|
|
|
|
|
} |
362
|
0
|
|
|
|
|
0
|
my $actual_salt_length = length($salt); |
363
|
0
|
0
|
|
|
|
0
|
if ($wanted_salt_length != $actual_salt_length) { |
364
|
0
|
0
|
|
|
|
0
|
$options{'debug'} && warn("wanted salt length ($wanted_salt_length) != actual salt length ($actual_salt_length)"); |
365
|
0
|
|
|
|
|
0
|
return 1; |
366
|
|
|
|
|
|
|
} |
367
|
0
|
|
|
|
|
0
|
my $tag_encoded = $info{'hash'}; |
368
|
0
|
|
|
|
|
0
|
my $tag = decode_base64($tag_encoded); |
369
|
0
|
|
|
|
|
0
|
my $actual_tag_length = length($tag); |
370
|
0
|
0
|
|
|
|
0
|
if ($wanted_tag_length != $actual_tag_length) { |
371
|
0
|
0
|
|
|
|
0
|
$options{'debug'} && warn("wanted tag length ($wanted_tag_length) != actual tag length ($actual_tag_length)"); |
372
|
0
|
|
|
|
|
0
|
return 1; |
373
|
|
|
|
|
|
|
} |
374
|
|
|
|
|
|
|
} |
375
|
|
|
|
|
|
|
else { |
376
|
2
|
|
|
|
|
11
|
return Crypt::Argon2::argon2_needs_rehash($crypted, $info{'algoSig'}, $time_cost, $memory_cost . 'k', $threads, $wanted_tag_length, $wanted_salt_length); |
377
|
|
|
|
|
|
|
} |
378
|
|
|
|
|
|
|
} |
379
|
|
|
|
|
|
|
} |
380
|
|
|
|
|
|
|
else { |
381
|
2
|
50
|
|
|
|
17
|
$options{'debug'} && warn("Can't do anything with unknown algorithm: $algo"); |
382
|
|
|
|
|
|
|
} |
383
|
6
|
|
|
|
|
21
|
return 0; |
384
|
|
|
|
|
|
|
} |
385
|
|
|
|
|
|
|
|
386
|
|
|
|
|
|
|
|
387
|
|
|
|
|
|
|
|
388
|
|
|
|
|
|
|
|
389
|
|
|
|
|
|
|
=item password_verify($password, $crypted) |
390
|
|
|
|
|
|
|
|
391
|
|
|
|
|
|
|
The same as L. |
392
|
|
|
|
|
|
|
|
393
|
|
|
|
|
|
|
=cut |
394
|
|
|
|
|
|
|
|
395
|
|
|
|
|
|
|
sub password_verify { |
396
|
50
|
100
|
66
|
50
|
1
|
17578
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
397
|
50
|
|
|
|
|
152
|
my ($password, $crypted) = @_; |
398
|
50
|
100
|
|
|
|
322
|
if ($crypted =~ $RE_BCRYPT_STRING) { |
|
|
100
|
|
|
|
|
|
399
|
32
|
|
|
|
|
575
|
my $cost = int($2); |
400
|
32
|
|
|
|
|
83
|
my $salt = $3; |
401
|
32
|
|
|
|
|
93
|
my $hash = $4; |
402
|
32
|
|
|
|
|
123
|
my $new_crypt = $proto->hash( |
403
|
|
|
|
|
|
|
$password, |
404
|
|
|
|
|
|
|
'cost' => $cost, |
405
|
|
|
|
|
|
|
'salt' => $salt, |
406
|
|
|
|
|
|
|
); |
407
|
32
|
100
|
|
|
|
175
|
if ($crypted eq $new_crypt) { |
408
|
20
|
|
|
|
|
111
|
return 1; |
409
|
|
|
|
|
|
|
} |
410
|
|
|
|
|
|
|
# Since the signature may vary slightly, try comparing only the hash. |
411
|
12
|
|
66
|
|
|
92
|
return ($new_crypt =~ $RE_BCRYPT_STRING) && ($4 eq $hash); |
412
|
|
|
|
|
|
|
} |
413
|
|
|
|
|
|
|
elsif ($crypted =~ $RE_ARGON2_STRING) { |
414
|
16
|
50
|
33
|
|
|
500
|
unless ($INC{'Crypt/Argon2.pm'} || eval { require Crypt::Argon2; }) { |
|
0
|
|
|
|
|
0
|
|
415
|
|
|
|
|
|
|
#carp("Verifying the $sig algorithm requires the module Crypt::Argon2 to be installed"); |
416
|
0
|
|
|
|
|
0
|
return 0; |
417
|
|
|
|
|
|
|
} |
418
|
16
|
|
|
|
|
137
|
my $algo = $SIG_TO_ALGO{$1}; |
419
|
|
|
|
|
|
|
|
420
|
|
|
|
|
|
|
# Ignore characters and treat strings as strings of bytes |
421
|
16
|
100
|
|
|
|
198
|
utf8::is_utf8($password) && utf8::encode($password); # "\x{100}" becomes "\xc4\x80"; preferred equivalent of Encode::is_utf8($string) && Encode::_utf8_off($password); |
422
|
|
|
|
|
|
|
|
423
|
16
|
|
|
|
|
39
|
my @args = ($crypted, $password); |
424
|
16
|
100
|
|
|
|
41
|
if ($algo == PASSWORD_ARGON2ID) { |
425
|
8
|
|
|
|
|
4302748
|
return Crypt::Argon2::argon2id_verify(@args); |
426
|
|
|
|
|
|
|
} |
427
|
|
|
|
|
|
|
else { |
428
|
8
|
|
|
|
|
4142511
|
return Crypt::Argon2::argon2i_verify(@args); |
429
|
|
|
|
|
|
|
} |
430
|
|
|
|
|
|
|
} |
431
|
|
|
|
|
|
|
#carp('Bad crypted argument'); |
432
|
2
|
|
|
|
|
35
|
return 0; |
433
|
|
|
|
|
|
|
} |
434
|
|
|
|
|
|
|
|
435
|
|
|
|
|
|
|
=back |
436
|
|
|
|
|
|
|
|
437
|
|
|
|
|
|
|
|
438
|
|
|
|
|
|
|
|
439
|
|
|
|
|
|
|
|
440
|
|
|
|
|
|
|
=head1 SHORTENED ALIAS METHODS |
441
|
|
|
|
|
|
|
|
442
|
|
|
|
|
|
|
=over |
443
|
|
|
|
|
|
|
|
444
|
|
|
|
|
|
|
=item algos() |
445
|
|
|
|
|
|
|
|
446
|
|
|
|
|
|
|
Alias of C. |
447
|
|
|
|
|
|
|
|
448
|
|
|
|
|
|
|
=cut |
449
|
|
|
|
|
|
|
|
450
|
|
|
|
|
|
|
sub algos { |
451
|
1
|
50
|
33
|
1
|
1
|
18
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
452
|
1
|
|
|
|
|
3
|
return $proto->password_algos(@_); |
453
|
|
|
|
|
|
|
} |
454
|
|
|
|
|
|
|
|
455
|
|
|
|
|
|
|
|
456
|
|
|
|
|
|
|
|
457
|
|
|
|
|
|
|
|
458
|
|
|
|
|
|
|
|
459
|
|
|
|
|
|
|
=item get_info($crypted) |
460
|
|
|
|
|
|
|
|
461
|
|
|
|
|
|
|
Alias of C. |
462
|
|
|
|
|
|
|
|
463
|
|
|
|
|
|
|
=cut |
464
|
|
|
|
|
|
|
|
465
|
|
|
|
|
|
|
sub get_info { |
466
|
5
|
50
|
33
|
5
|
1
|
4486
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
467
|
5
|
|
|
|
|
17
|
return $proto->password_get_info(@_); |
468
|
|
|
|
|
|
|
} |
469
|
|
|
|
|
|
|
|
470
|
|
|
|
|
|
|
|
471
|
|
|
|
|
|
|
|
472
|
|
|
|
|
|
|
|
473
|
|
|
|
|
|
|
=item hash($password, %options) |
474
|
|
|
|
|
|
|
|
475
|
|
|
|
|
|
|
Proxy method for C. |
476
|
|
|
|
|
|
|
The difference is that this method does have an $algo argument, |
477
|
|
|
|
|
|
|
but instead allows the algorithm to be specified with the 'algo' option (in %options). |
478
|
|
|
|
|
|
|
|
479
|
|
|
|
|
|
|
=cut |
480
|
|
|
|
|
|
|
|
481
|
|
|
|
|
|
|
sub hash { |
482
|
41
|
50
|
33
|
41
|
1
|
317
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
483
|
41
|
|
|
|
|
83
|
my $password = shift; |
484
|
41
|
50
|
33
|
|
|
262
|
my %options = @_ && ref($_[0]) ? %{$_[0]} : @_; |
|
0
|
|
|
|
|
0
|
|
485
|
41
|
|
100
|
|
|
173
|
my $algo = $options{'algo'} || PASSWORD_DEFAULT; |
486
|
41
|
|
|
|
|
95
|
delete($options{'algo'}); |
487
|
41
|
|
|
|
|
179
|
return $proto->password_hash($password, $algo, %options); |
488
|
|
|
|
|
|
|
} |
489
|
|
|
|
|
|
|
|
490
|
|
|
|
|
|
|
|
491
|
|
|
|
|
|
|
|
492
|
|
|
|
|
|
|
|
493
|
|
|
|
|
|
|
=item needs_rehash($crypted, $algo, %options) |
494
|
|
|
|
|
|
|
|
495
|
|
|
|
|
|
|
Alias of C. |
496
|
|
|
|
|
|
|
|
497
|
|
|
|
|
|
|
=cut |
498
|
|
|
|
|
|
|
|
499
|
|
|
|
|
|
|
sub needs_rehash { |
500
|
12
|
50
|
33
|
12
|
1
|
7644
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
501
|
12
|
|
|
|
|
33
|
return $proto->password_needs_rehash(@_); |
502
|
|
|
|
|
|
|
} |
503
|
|
|
|
|
|
|
|
504
|
|
|
|
|
|
|
|
505
|
|
|
|
|
|
|
|
506
|
|
|
|
|
|
|
|
507
|
|
|
|
|
|
|
=item verify($password, $crypted) |
508
|
|
|
|
|
|
|
|
509
|
|
|
|
|
|
|
Alias of C. |
510
|
|
|
|
|
|
|
|
511
|
|
|
|
|
|
|
=cut |
512
|
|
|
|
|
|
|
|
513
|
|
|
|
|
|
|
sub verify { |
514
|
25
|
50
|
33
|
25
|
1
|
30042
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
515
|
25
|
|
|
|
|
128
|
return $proto->password_verify(@_); |
516
|
|
|
|
|
|
|
} |
517
|
|
|
|
|
|
|
|
518
|
|
|
|
|
|
|
=back |
519
|
|
|
|
|
|
|
|
520
|
|
|
|
|
|
|
=cut |
521
|
|
|
|
|
|
|
|
522
|
|
|
|
|
|
|
|
523
|
|
|
|
|
|
|
|
524
|
|
|
|
|
|
|
|
525
|
|
|
|
|
|
|
# From Crypt::Eksblowfish::Bcrypt. |
526
|
|
|
|
|
|
|
# This is a version of C (see L) that implements the bcrypt algorithm. |
527
|
|
|
|
|
|
|
sub _bcrypt { |
528
|
35
|
50
|
33
|
35
|
|
194
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
529
|
35
|
|
|
|
|
78
|
my ($password, $settings) = @_; |
530
|
35
|
50
|
|
|
|
147
|
unless ($settings =~ qr/^ |
531
|
|
|
|
|
|
|
\$ |
532
|
|
|
|
|
|
|
($RE_BCRYPT_ALGO) |
533
|
|
|
|
|
|
|
\$ |
534
|
|
|
|
|
|
|
($RE_BCRYPT_COST) |
535
|
|
|
|
|
|
|
\$ |
536
|
|
|
|
|
|
|
($RE_BCRYPT_SALT) |
537
|
|
|
|
|
|
|
/x) { |
538
|
0
|
|
|
|
|
0
|
croak('Bad bcrypt settings argument'); |
539
|
|
|
|
|
|
|
} |
540
|
35
|
|
|
|
|
853
|
my ($type, $cost, $salt_base64) = ($1, $2, $3); |
541
|
35
|
|
|
|
|
154
|
my $hash = $proto->_bcrypt_hash( |
542
|
|
|
|
|
|
|
$password, |
543
|
|
|
|
|
|
|
{ |
544
|
|
|
|
|
|
|
'key_nul' => length($type) > 1, |
545
|
|
|
|
|
|
|
'cost' => $cost, |
546
|
|
|
|
|
|
|
'salt' => $proto->_bcrypt_base64_decode($salt_base64), |
547
|
|
|
|
|
|
|
} |
548
|
|
|
|
|
|
|
); |
549
|
35
|
|
|
|
|
489
|
return '$' . $SIG_BCRYPT . '$' . $cost . '$' . $salt_base64 . $proto->_bcrypt_base64_encode($hash); |
550
|
|
|
|
|
|
|
} |
551
|
|
|
|
|
|
|
|
552
|
|
|
|
|
|
|
|
553
|
|
|
|
|
|
|
|
554
|
|
|
|
|
|
|
|
555
|
|
|
|
|
|
|
# From Crypt::Eksblowfish::Bcrypt. |
556
|
|
|
|
|
|
|
# Hashes $password according to the supplied $settings, and returns the 23-octet hash. |
557
|
|
|
|
|
|
|
sub _bcrypt_hash { |
558
|
35
|
50
|
33
|
35
|
|
196
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
559
|
35
|
|
|
|
|
94
|
my ($password, $settings) = @_; |
560
|
35
|
50
|
33
|
|
|
126
|
if ($settings->{'key_nul'} || ($password eq '')) { |
561
|
35
|
|
|
|
|
91
|
$password .= "\0"; |
562
|
|
|
|
|
|
|
} |
563
|
|
|
|
|
|
|
|
564
|
|
|
|
|
|
|
# Ignore characters and treat strings as strings of bytes |
565
|
35
|
100
|
|
|
|
167
|
utf8::is_utf8($password) && utf8::encode($password); # "\x{100}" becomes "\xc4\x80"; preferred equivalent of Encode::is_utf8($string) && Encode::_utf8_off($password); |
566
|
|
|
|
|
|
|
|
567
|
|
|
|
|
|
|
my $cipher = Crypt::Eksblowfish->new( |
568
|
|
|
|
|
|
|
$settings->{'cost'}, |
569
|
35
|
|
|
|
|
3272421
|
$settings->{'salt'}, |
570
|
|
|
|
|
|
|
substr($password, 0, 72) |
571
|
|
|
|
|
|
|
); |
572
|
|
|
|
|
|
|
my $hash = join('', |
573
|
|
|
|
|
|
|
map { |
574
|
35
|
|
|
|
|
592
|
my $blk = $_; |
|
105
|
|
|
|
|
248
|
|
575
|
105
|
|
|
|
|
333
|
for(my $i = 64; $i--; ) { |
576
|
6720
|
|
|
|
|
14740
|
$blk = $cipher->encrypt($blk); |
577
|
|
|
|
|
|
|
} |
578
|
105
|
|
|
|
|
402
|
$blk; |
579
|
|
|
|
|
|
|
} qw(OrpheanB eholderS cryDoubt) |
580
|
|
|
|
|
|
|
); |
581
|
35
|
|
|
|
|
139
|
chop($hash); |
582
|
35
|
|
|
|
|
385
|
return $hash; |
583
|
|
|
|
|
|
|
} |
584
|
|
|
|
|
|
|
|
585
|
|
|
|
|
|
|
|
586
|
|
|
|
|
|
|
|
587
|
|
|
|
|
|
|
|
588
|
|
|
|
|
|
|
# From Crypt::Eksblowfish::Bcrypt. |
589
|
|
|
|
|
|
|
# Decodes an octet string that was textually encoded using the form of base64 that is conventionally used with bcrypt. |
590
|
|
|
|
|
|
|
sub _bcrypt_base64_decode { |
591
|
35
|
50
|
33
|
35
|
|
203
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
592
|
35
|
|
|
|
|
68
|
my $text = shift; |
593
|
35
|
50
|
|
|
|
307
|
unless ($text =~ m!\A(?>(?:[./A-Za-z0-9]{4})*)(?:|[./A-Za-z0-9]{2}[.CGKOSWaeimquy26]|[./A-Za-z0-9][.Oeu])\z!) { |
594
|
0
|
|
|
|
|
0
|
croak('Bad base64 encoded text argument'); |
595
|
|
|
|
|
|
|
} |
596
|
35
|
|
|
|
|
104
|
$text =~ tr#./A-Za-z0-9#A-Za-z0-9+/#; |
597
|
35
|
|
|
|
|
168
|
$text .= '=' x (3 - (length($text) + 3) % 4); |
598
|
35
|
|
|
|
|
274
|
return decode_base64($text); |
599
|
|
|
|
|
|
|
} |
600
|
|
|
|
|
|
|
|
601
|
|
|
|
|
|
|
|
602
|
|
|
|
|
|
|
|
603
|
|
|
|
|
|
|
|
604
|
|
|
|
|
|
|
# From Crypt::Eksblowfish::Bcrypt. |
605
|
|
|
|
|
|
|
# Encodes the octet string textually using the form of base64 that is conventionally used with bcrypt. |
606
|
|
|
|
|
|
|
sub _bcrypt_base64_encode { |
607
|
38
|
50
|
33
|
38
|
|
905
|
my $proto = @_ && UNIVERSAL::isa($_[0],__PACKAGE__) ? shift : __PACKAGE__; |
608
|
38
|
|
|
|
|
116
|
my $octets = shift; |
609
|
38
|
|
|
|
|
230
|
my $text = encode_base64($octets, ''); |
610
|
38
|
|
|
|
|
162
|
$text =~ tr#A-Za-z0-9+/=#./A-Za-z0-9#d; # "=" padding is deleted |
611
|
38
|
|
|
|
|
470
|
return $text; |
612
|
|
|
|
|
|
|
} |
613
|
|
|
|
|
|
|
|
614
|
|
|
|
|
|
|
|
615
|
|
|
|
|
|
|
|
616
|
|
|
|
|
|
|
1; |
617
|
|
|
|
|
|
|
|
618
|
|
|
|
|
|
|
__END__ |