X-Git-Url: http://git.ieval.ro/?p=authen-passphrase-scrypt.git;a=blobdiff_plain;f=lib%2FAuthen%2FPassphrase%2FScrypt.pm;h=3a43e25b3632d83f0a1a9cdb3e406b86b65db56f;hp=213d4136f9242c14ed6e2e3f9f39b99aa625d452;hb=025ae5f357a01188476b3baafe528ed583a5306b;hpb=2fc55944af6c2166f79282673fb4318021b7fc42 diff --git a/lib/Authen/Passphrase/Scrypt.pm b/lib/Authen/Passphrase/Scrypt.pm index 213d413..3a43e25 100644 --- a/lib/Authen/Passphrase/Scrypt.pm +++ b/lib/Authen/Passphrase/Scrypt.pm @@ -5,7 +5,7 @@ use strict; use warnings; use Carp; -use parent qw/Exporter Authen::Passphrase Class::Accessor::Fast/; +use parent qw/Exporter Authen::Passphrase/; our @EXPORT = qw/crypto_scrypt/; our @EXPORT_OK = @EXPORT; @@ -18,7 +18,7 @@ use MIME::Base64; require XSLoader; XSLoader::load('Authen::Passphrase::Scrypt', $VERSION); -__PACKAGE__->mk_accessors(qw/data logN r p salt hmac passphrase/); +use Object::Tiny qw/data logN r p salt hmac passphrase/; sub compute_hash { my ($self, $passphrase) = @_; @@ -36,19 +36,21 @@ sub truncate_hash { sub new { my ($class, @args) = @_; - my $self = $class->SUPER::new(@args); + if ('HASH' eq ref $args[0]) { # we were given a hash + @args = %{$args[0]} + } + unshift @args, logN => 14, r => 16, p => 1; # default values + my %args = @args; + $args{salt} = rand_bits 256 unless exists $args{salt}; + my $self = bless \%args, $class; - $self->logN(14) unless defined $self->logN; - $self->r(16) unless defined $self->r; - $self->p(1) unless defined $self->p; croak "passphrase not set" unless defined $self->passphrase; - $self->salt(rand_bits 256) unless $self->salt; my $data = "scrypt\x00" . pack 'CNNa32', $self->logN, $self->r, $self->p, $self->salt; $data .= truncated_sha256 $data; - $self->data($data); - $self->hmac(hmac_sha256 $self->data, truncate_hash $self->compute_hash($self->passphrase)); + $self->{data} = $data; + $self->{hmac} = hmac_sha256 $self->data, truncate_hash $self->compute_hash($self->passphrase); $self } @@ -60,7 +62,7 @@ sub from_rfc2307 { unpack 'Z7CNNa32a16a32', $data; croak 'Invalid Scrypt hash: should start with "scrypt"' unless $scrypt eq 'scrypt'; croak 'Invalid Scrypt hash: bad checksum', unless $cksum eq truncated_sha256 (substr $data, 0, 48); - $class->SUPER::new({data => (substr $data, 0, 64), logN => $logN, r => $r, p => $p, salt => $salt, hmac => $hmac}); + bless { data => (substr $data, 0, 64), logN => $logN, r => $r, p => $p, salt => $salt, hmac => $hmac }, $class; } sub match { @@ -96,9 +98,9 @@ Authen::Passphrase::Scrypt - passphrases using Tarsnap's scrypt algorithm use Authen::Passphrase::Scrypt; # Hash a password - my $sc = Authen::Passphrase::Scrypt->new({ + my $sc = Authen::Passphrase::Scrypt->new( passphrase => 'correcthorsebatterystaple' - }); + ); my $hash = $sc->as_rfc2307; say "The given password hashes to $hash"; @@ -109,13 +111,13 @@ Authen::Passphrase::Scrypt - passphrases using Tarsnap's scrypt algorithm say 'The password was "xkcd"' if $sc->match('xkcd'); # Advanced hashing - my $sc = Authen::Passphrase::Scrypt->new({ + my $sc = Authen::Passphrase::Scrypt->new( passphrase => 'xkcd', logN => 14, # General work factor r => 16, # Memory work factor p => 1, # CPU (parallellism) work factor salt => 'SodiumChloride && sODIUMcHLORIDE', # Must be 32 bytes - }); + ); say 'The given password now hashes to ', $sc->as_rfc2307; =head1 DESCRIPTION @@ -134,10 +136,11 @@ from within L. The methods are: =over -=item Authen::Passphrase::Scrypt->B(I<\%args>) +=item Authen::Passphrase::Scrypt->B(I<%args>) Creates a new L from a given passphrase -and parameters. Use this to hash a passphrase. The arguments are: +and parameters. Use this to hash a passphrase. This function takes +either a key value list or a hashref. The arguments are: =over @@ -174,6 +177,8 @@ fine-tuning: if scrypt uses too much memory but not enough CPU, decrease logN and increase p; if scrypt uses too much CPU but not enough memory, decrease logN and increase r. +Note that C<< 2^logN >> must fit in 64 bits and C<< r * p < 2^30 >>. + =item $sc->B Returns the hash of the passphrase, in RFC2307 format. This is @@ -190,6 +195,7 @@ Returns true if the given passphrase matches the hash, false otherwise. =item Authen::Passphrase::Scrypt->from_crypt + =item $sc->as_crypt These functions both croak. They are provided for compatibility with