File Coverage

blib/lib/Digest/Bcrypt.pm

Criterion	Covered	Total	%
statement	104	104	100.0
branch	35	38	92.1
condition	17	19	89.4
subroutine	20	20	100.0
pod	10	10	100.0
total	186	191	97.3

line	stmt	bran	cond	sub	pod	time	code
1							package Digest::Bcrypt;
2	4			4		113260	use parent 'Digest::base';
	4					1301
	4					23
3
4	4			4		268	use strict;
	4					8
	4					75
5	4			4		16	use warnings;
	4					8
	4					119
6							require bytes;
7
8	4			4		16	use Carp ();
	4					8
	4					62
9	4			4		1823	use Crypt::Bcrypt qw(bcrypt bcrypt_check);
	4					73249
	4					224
10	4			4		32	use MIME::Base64 qw(decode_base64 encode_base64);
	4					6
	4					136
11	4			4		2233	use utf8;
	4					59
	4					20
12
13							our $VERSION = '1.210';
14
15							sub add {
16	22			22	1	10313	my $self = shift;
17	22					78	$self->{_buffer} .= join('', @_);
18	22					43	return $self;
19							}
20
21							sub bcrypt_b64digest {
22	2			2	1	10	my $encoded = encode_base64(shift->digest, "");
23	2					7	$encoded =~ tr{A-Za-z0-9+/=}{./A-Za-z0-9}d;
24	2					15	return $encoded;
25							}
26
27							sub clone {
28	2			2	1	4	my $self = shift;
29	2	50				6	return undef unless my $clone = $self->new(
30							cost => $self->cost,
31							salt => $self->salt,
32							type => $self->type,
33							);
34	2					8	$clone->add($self->{_buffer});
35	2					3	return $clone;
36							}
37
38							sub cost {
39	111			111	1	3961	my $self = shift;
40	111	100				334	return $self->{cost} unless @_;
41
42	45					67	my $cost = shift;
43
44							# allow and undefined value to clear it
45	45	100				110	unless (defined $cost) {
46	2					5	delete $self->{cost};
47	2					4	return $self;
48							}
49	43					118	$self->_check_cost($cost);
50
51							# bcrypt requires 2 digit costs, it dies if it's a single digit.
52	39					166	$self->{cost} = sprintf("%02d", $cost);
53	39					63	return $self;
54							}
55
56							sub digest {
57	14			14	1	76	my $self = shift;
58	14					39	$self->_check_cost;
59	13					39	$self->_check_salt;
60
61	12		50			80	my $type = $self->{type} // '2a';
62	12					29	my $hash = bcrypt($self->{_buffer}, $type, $self->cost, $self->salt);
63	12					40349	my $settings = $self->settings;
64	12					47	$self->reset;
65	12					70	return _de_base64(substr($hash, length($settings)));
66							}
67
68							# new isn't actually implemented in the base class. eww.
69							sub new {
70	39			39	1	17513	my $class = shift;
71	39		66			189	my $self = bless {_buffer => '',}, ref $class \|\| $class;
72	39	100				107	return $self unless @_;
73	28	100				62	my $params = @_ > 1 ? {@_} : {%{$_[0]}};
	16					82
74	24	100				67	$self->cost($params->{cost}) if $params->{cost};
75	24	100				55	$self->salt($params->{salt}) if $params->{salt};
76	24	100				55	$self->settings($params->{settings}) if $params->{settings};
77	24	50				40	$self->type($params->{type}) if $params->{type};
78	24					74	return $self;
79							}
80
81							sub reset {
82	19			19	1	4685	my $self = shift;
83	19					53	$self->{_buffer} = '';
84	19					42	delete $self->{cost};
85	19					48	delete $self->{salt};
86	19					28	delete $self->{type};
87	19					30	return $self;
88							}
89
90							sub salt {
91	126			126	1	15922	my $self = shift;
92	126	100				463	return $self->{salt} unless @_;
93
94	40					60	my $salt = shift;
95
96							# allow and undefined value to clear it
97	40	100				79	unless (defined $salt) {
98	2					4	delete $self->{salt};
99	2					4	return $self;
100							}
101
102							# all other values go through the check
103	38					105	$self->_check_salt($salt);
104	36					4648	$self->{salt} = $salt;
105	36					66	return $self;
106							}
107
108							sub settings {
109	31			31	1	1447	my $self = shift;
110	31	100				94	unless (@_) {
111	20					153	my $cost = sprintf('%02d', $self->{cost});
112	20					64	my $salt_base64 = encode_base64($self->salt, "");
113	20					54	$salt_base64 =~ tr{A-Za-z0-9+/=}{./A-Za-z0-9}d;
114	20		100			87	my $type = $self->{type} // '2a';
115	20					97	return "\$${type}\$${cost}\$${salt_base64}";
116							}
117	11					17	my $settings = shift;
118	11	100				317	Carp::croak "bad bcrypt settings"
119							unless $settings =~ m#\A\$(2[abxy])\$([0-9]{2})\$
120							([./A-Za-z0-9]{22})#x;
121	9					31	my ($type, $cost, $salt_base64) = ($1, $2, $3);
122	9					25	$self->type($type);
123	9					20	$self->cost($cost);
124	8					16	$self->salt(_de_base64($salt_base64));
125	8					11	return $self;
126							}
127
128							sub type {
129	11			11	1	12	my $self = shift;
130	11	100				26	return $self->{type} unless (@_);
131
132	9					15	my $type = shift;
133	9	50				25	Carp::croak "bad bcrypt type" unless $type =~ /^2[abxy]$/;
134	9					15	$self->{type} = $type;
135	9					11	return $self;
136							}
137
138							# Checks that the cost is an integer in the range 1-31. Croaks if it isn't
139							sub _check_cost {
140	57			57		96	my ($self, $cost) = @_;
141	57	100				128	$cost = defined $cost ? $cost : $self->cost;
142	57	100	100			535	if (!defined $cost \|\| $cost !~ /^\d+$/ \|\| ($cost < 5 \|\| $cost > 31)) {
			100
			100
143	5					483	Carp::croak "Cost must be an integer between 5 and 31";
144							}
145							}
146
147							# Checks that the salt exactly 16 octets long. Croaks if it isn't
148							sub _check_salt {
149	51			51		96	my ($self, $salt) = @_;
150	51	100				126	$salt = defined $salt ? $salt : $self->salt;
151	51	100	100			210	unless ($salt && bytes::length($salt) == 16) {
152	3					1267	Carp::croak "Salt must be exactly 16 octets long";
153							}
154							}
155
156							sub _de_base64 {
157	20			20		86	my ($text) = @_;
158	20					46	$text =~ tr#./A-Za-z0-9#A-Za-z0-9+/#;
159	20					242	return decode_base64($text);
160							}
161
162
163							1;
164
165							=encoding utf8
166
167							=head1 NAME
168
169							Digest::Bcrypt - Perl interface to the bcrypt digest algorithm
170
171							=head1 SYNOPSIS
172
173							#!/usr/bin/env perl
174							use strict;
175							use warnings;
176							use utf8;
177							use Digest; # via the Digest module (recommended)
178
179							my $bcrypt = Digest->new('Bcrypt', cost => 12, salt => 'abcdefgh♥stuff');
180							# You can forego the cost and salt in favor of settings strings:
181							my $bcrypt = Digest->new('Bcrypt', settings => '$2a$20$GA.eY03tb02ea0DqbA.eG.');
182
183							# $cost is an integer between 1 and 31
184							$bcrypt->cost(12);
185
186							# $salt must be exactly 16 octets long
187							$bcrypt->salt('abcdefgh♥stuff');
188							# OR, for good, random salts:
189							use Data::Entropy::Algorithms qw(rand_bits);
190							$bcrypt->salt(rand_bits(16*8)); # 16 octets
191
192							# You can forego the cost and salt in favor of settings strings:
193							$bcrypt->settings('$2a$20$GA.eY03tb02ea0DqbA.eG.');
194
195							# add some strings we want to make a secret of
196							$bcrypt->add('some stuff', 'here and', 'here');
197
198							my $digest = $bcrypt->digest;
199							$digest = $bcrypt->hexdigest;
200							$digest = $bcrypt->b64digest;
201
202							# bcrypt's own non-standard base64 dictionary
203							$digest = $bcrypt->bcrypt_b64digest;
204
205							# Now, let's create a password hash and check it later:
206							use Data::Entropy::Algorithms qw(rand_bits);
207							my $bcrypt = Digest->new('Bcrypt', cost=>20, salt=>rand_bits(16*8));
208							my $settings = $bcrypt->settings(); # save for later checks.
209							my $pass_hash = $bcrypt->add('Some secret password')->digest;
210							# much later, we can check a password against our hash via:
211							my $bcrypt = Digest->new('Bcrypt', settings=>$settings);
212							if ($bcrypt->add($value_from_user)->digest eq $known_pass_hash) {
213							say "Your password matched";
214							}
215							else {
216							say "Try again!";
217							}
218
219							=head1 NOTICE
220
221							While maintenance for L will continue, there's no reason to use
222							L when L already exists. We suggest
223							that you use L instead.
224
225							=head1 DESCRIPTION
226
227							L provides a L-based interface to the
228							L library.
229
230							Please note that you B set a C of exactly 16 octets in length,
231							and you B provide a C in the range C<1..31>.
232
233							=head1 ATTRIBUTES
234
235							L implements the following attributes.
236
237							=head2 cost
238
239							$bcrypt = $bcrypt->cost(20); # allows for method chaining
240							my $cost = $bcrypt->cost();
241
242							An integer in the range C<1..31>, this is required.
243
244							See L for a detailed description of C
245							in the context of the bcrypt algorithm.
246
247							When called with no arguments, it will return the current cost.
248
249							=head2 salt
250
251							$bcrypt = $bcrypt->salt('abcdefgh♥stuff'); # allows for method chaining
252							my $salt = $bcrypt->salt();
253
254							# OR, for good, random salts:
255							use Data::Entropy::Algorithms qw(rand_bits);
256							$bcrypt->salt(rand_bits(16*8)); # 16 octets
257
258							Sets the value to be used as a salt. Bcrypt requires B 16 octets of salt.
259
260							It is recommenced that you use a module like L to
261							provide a truly randomized salt.
262
263							When called with no arguments, it will return the current salt.
264
265							=head2 type
266
267							# method chaining on mutations as invocant is returned
268							$bcrypt = $bcrypt->type('2b');
269							say $bcrypt->type(); # 2b
270
271							This sets the subtype of bcrypt used. These subtypes are as defined in L.
272							The available types are:
273							C<2b> which is the current standard,
274							C<2a> which is older; it's the one used in L,
275							C<2y> which is considerd equivalent to C<2b> and used in PHP.
276							C<2x> which is very broken and only needed to work with ancient PHP versions.
277
278							=head2 settings
279
280							$bcrypt = $bcrypt->settings('$2a$20$GA.eY03tb02ea0DqbA.eG.'); # allows for method chaining
281							my $settings = $bcrypt->settings();
282
283							A C string can be used to set the L and
284							L automatically. Setting the C will override any
285							current values in your C and C attributes.
286
287							For details on the C string requirements, please see L.
288
289							When called with no arguments, it will return the current settings string.
290
291							=head1 METHODS
292
293							L inherits all methods from L and implements/overrides
294							the following methods as well.
295
296							=head2 new
297
298							my $bcrypt = Digest->new('Bcrypt', %params);
299							my $bcrypt = Digest::Bcrypt->new(%params);
300							my $bcrypt = Digest->new('Bcrypt', \%params);
301							my $bcrypt = Digest::Bcrypt->new(\%params);
302
303							Creates a new C object. It is recommended that you use the L
304							module in the first example rather than using L directly.
305
306							Any of the L above can be passed in as a parameter.
307
308							=head2 add
309
310							$bcrypt->add("a"); $bcrypt->add("b"); $bcrypt->add("c");
311							$bcrypt->add("a")->add("b")->add("c");
312							$bcrypt->add("a", "b", "c");
313							$bcrypt->add("abc");
314
315							Adds data to the message we are calculating the digest for. All the above
316							examples have the same effect.
317
318							=head2 b64digest
319
320							my $digest = $bcrypt->b64digest;
321
322							Same as L, but will return the digest base64 encoded.
323
324							The C of the returned string will be 31 and will only contain characters
325							from the ranges C<'0'..'9'>, C<'A'..'Z'>, C<'a'..'z'>, C<'+'>, and C<'/'>
326
327							The base64 encoded string returned is not padded to be a multiple of 4 bytes long.
328
329							=head2 bcrypt_b64digest
330
331							my $digest = $bcrypt->bcrypt_b64digest;
332
333							Same as L, but will return the digest base64 encoded using the alphabet
334							that is commonly used with bcrypt.
335
336							The C of the returned string will be 31 and will only contain characters
337							from the ranges C<'0'..'9'>, C<'A'..'Z'>, C<'a'..'z'>, C<'+'>, and C<'.'>
338
339							The base64 encoded string returned is not padded to be a multiple of 4 bytes long.
340
341							I This is bcrypt's own non-standard base64 alphabet, It is B
342							compatible with the standard MIME base64 encoding.
343
344							=head2 clone
345
346							my $clone = $bcrypt->clone;
347
348							Creates a clone of the C object, and returns it.
349
350							=head2 digest
351
352							my $digest = $bcrypt->digest;
353
354							Returns the binary digest for the message. The returned string will be 23 bytes long.
355
356							=head2 hexdigest
357
358							my $digest = $bcrypt->hexdigest;
359
360							Same as L, but will return the digest in hexadecimal form.
361
362							The C of the returned string will be 46 and will only contain
363							characters from the ranges C<'0'..'9'> and C<'a'..'f'>.
364
365							=head2 reset
366
367							$bcrypt->reset;
368
369							Resets the object to the same internal state it was in when it was constructed.
370
371							=head1 SEE ALSO
372
373							L, L, L
374
375							=head1 AUTHOR
376
377							James Aitken C
378
379							=head1 CONTRIBUTORS
380
381							=over
382
383							=item *
384
385							Chase Whitener C
386
387							=back
388
389							=head1 COPYRIGHT AND LICENSE
390
391							This software is copyright (c) 2012 by James Aitken.
392
393							This is free software; you can redistribute it and/or modify it under
394							the same terms as the Perl 5 programming language system itself.
395
396							=cut