Crypt-PBKDF2-0.261630000755001750001750 015212655102 13704 5ustar00andrewandrew000000000000README100644001750001750 56515212655102 14633 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630This archive contains the distribution Crypt-PBKDF2, version 0.261630: The PBKDF2 password hash algorithm This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. This README file was generated by Dist::Zilla::Plugin::Readme v6.037. LICENSE100644001750001750 4630715212655102 15024 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. Terms of the Perl programming language system itself a) the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version, or b) the "Artistic License" --- The GNU General Public License, Version 1, February 1989 --- This software is Copyright (c) 2026 by Andrew Rodland. This is free software, licensed under: The GNU General Public License, Version 1, February 1989 GNU GENERAL PUBLIC LICENSE Version 1, February 1989 Copyright (C) 1989 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The license agreements of most software companies try to keep users at the mercy of those companies. By contrast, our General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. The General Public License applies to the Free Software Foundation's software and to any other program whose authors commit to using it. You can use it for your programs, too. When we speak of free software, we are referring to freedom, not price. Specifically, the General Public License is designed to make sure that you have the freedom to give away or sell copies of free software, that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of a such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must tell them their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any work containing the Program or a portion of it, either verbatim or with modifications. Each licensee is addressed as "you". 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this General Public License and to the absence of any warranty; and give any other recipients of the Program a copy of this General Public License along with the Program. You may charge a fee for the physical act of transferring a copy. 2. You may modify your copy or copies of the Program or any portion of it, and copy and distribute such modifications under the terms of Paragraph 1 above, provided that you also do the following: a) cause the modified files to carry prominent notices stating that you changed the files and the date of any change; and b) cause the whole of any work that you distribute or publish, that in whole or in part contains the Program or any part thereof, either with or without modifications, to be licensed at no charge to all third parties under the terms of this General Public License (except that you may choose to grant warranty protection to some or all third parties, at your option). c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the simplest and most usual way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this General Public License. d) You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. Mere aggregation of another independent work with the Program (or its derivative) on a volume of a storage or distribution medium does not bring the other work under the scope of these terms. 3. You may copy and distribute the Program (or a portion or derivative of it, under Paragraph 2) in object code or executable form under the terms of Paragraphs 1 and 2 above provided that you also do one of the following: a) accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Paragraphs 1 and 2 above; or, b) accompany it with a written offer, valid for at least three years, to give any third party free (except for a nominal charge for the cost of distribution) a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Paragraphs 1 and 2 above; or, c) accompany it with the information you received as to where the corresponding source code may be obtained. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form alone.) Source code for a work means the preferred form of the work for making modifications to it. For an executable file, complete source code means all the source code for all modules it contains; but, as a special exception, it need not include source code for modules which are standard libraries that accompany the operating system on which the executable file runs, or for standard header files or definitions files that accompany that operating system. 4. You may not copy, modify, sublicense, distribute or transfer the Program except as expressly provided under this General Public License. Any attempt otherwise to copy, modify, sublicense, distribute or transfer the Program is void, and will automatically terminate your rights to use the Program under this License. However, parties who have received copies, or rights to use copies, from you under this General Public License will not have their licenses terminated so long as such parties remain in full compliance. 5. By copying, distributing or modifying the Program (or any work based on the Program) you indicate your acceptance of this license to do so, and all its terms and conditions. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. 7. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of the license which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the license, you may choose any version ever published by the Free Software Foundation. 8. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to humanity, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) 19yy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 1, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see . Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) 19xx name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (a program to direct compilers to make passes at assemblers) written by James Hacker. , 1 April 1989 Moe Ghoul, President of Vice That's all there is to it! --- The Perl Artistic License 1.0 --- This software is Copyright (c) 2026 by Andrew Rodland. This is free software, licensed under: The Perl Artistic License 1.0 The "Artistic License" Preamble The intent of this document is to state the conditions under which a Package may be copied, such that the Copyright Holder maintains some semblance of artistic control over the development of the package, while giving the users of the package the right to use and distribute the Package in a more-or-less customary fashion, plus the right to make reasonable modifications. Definitions: "Package" refers to the collection of files distributed by the Copyright Holder, and derivatives of that collection of files created through textual modification. "Standard Version" refers to such a Package if it has not been modified, or has been modified in accordance with the wishes of the Copyright Holder as specified below. "Copyright Holder" is whoever is named in the copyright or copyrights for the package. "You" is you, if you're thinking about copying or distributing this Package. "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will not be required to justify it to the Copyright Holder, but only to the computing community at large as a market that must bear the fee.) "Freely Available" means that no fee is charged for the item itself, though there may be fees involved in handling the item. It also means that recipients of the item may redistribute it under the same conditions they received it. 1. You may make and give away verbatim copies of the source form of the Standard Version of this Package without restriction, provided that you duplicate all of the original copyright notices and associated disclaimers. 2. You may apply bug fixes, portability fixes and other modifications derived from the Public Domain or from the Copyright Holder. A Package modified in such a way shall still be considered the Standard Version. 3. You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file stating how and when you changed that file, and provided that you do at least ONE of the following: a) place your modifications in the Public Domain or otherwise make them Freely Available, such as by posting said modifications to Usenet or an equivalent medium, or placing the modifications on a major archive site such as uunet.uu.net, or by allowing the Copyright Holder to include your modifications in the Standard Version of the Package. b) use the modified Package only within your corporation or organization. c) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided, and provide a separate manual page for each non-standard executable that clearly documents how it differs from the Standard Version. d) make other distribution arrangements with the Copyright Holder. 4. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: a) distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version. b) accompany the distribution with the machine-readable source of the Package with your modifications. c) give non-standard executables non-standard names, and clearly document the differences in manual pages (or equivalent), together with instructions on where to get the Standard Version. d) make other distribution arrangements with the Copyright Holder. 5. You may charge a reasonable copying fee for any distribution of this Package. You may charge any fee you choose for support of this Package. You may not charge a fee for this Package itself. However, you may distribute this Package in aggregate with other (possibly commercial) programs as part of a larger (possibly commercial) software distribution provided that you do not advertise this Package as a product of your own. You may embed this Package's interpreter within an executable of yours (by linking); this shall be construed as a mere form of aggregation, provided that the complete Standard Version of the interpreter is so embedded. 6. The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package, but belong to whoever generated them, and may be sold commercially, and may be aggregated with this Package. If such scripts or library files are aggregated with this Package via the so-called "undump" or "unexec" methods of producing a binary executable image, then distribution of such an image shall neither be construed as a distribution of this Package nor shall it fall under the restrictions of Paragraphs 3 and 4, provided that you do not represent such an executable image as a Standard Version of this Package. 7. C subroutines (or comparably compiled subroutines in other languages) supplied by you and linked into this Package in order to emulate subroutines and variables of the language defined by this Package shall not be considered part of this Package, but are the equivalent of input as in Paragraph 6, provided these subroutines do not change the language in any way that would cause it to fail the regression tests for the language. 8. Aggregation of this Package with a commercial distribution is always permitted provided that the use of this Package is embedded; that is, when no overt attempt is made to make this Package's interfaces visible to the end user of the commercial distribution. Such use shall not be construed as a distribution of this Package. 9. The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission. 10. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End Changes100644001750001750 536415212655102 15270 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630Changes for Crypt::PBKDF2 Version 0.261630: 2026-06-11 * Change the default hash algorithm to HMAC-SHA256, and increase the default number of iterations to 600,000, in line with current OWASP recommendations (CVE-2026-9641). * Generate salts using Crypt::URandom (a strong system RNG) instead of perl's builtin `rand()`, which is not cryptographically secure (CVE-2026-9638). * Use a constant-time comparison in `validate` to avoid timing attacks (CVE-2017-20240). Version 0.161520: 2016-05-31 * Require an up-to-date Types::Standard to prevent errors about ConsumerOf and Enum not being found on installation. There is no need to upgrade if Crypt::PBKDF2 is already working for you. Version 0.160410: 2016-02-10 * Release 0.160010-TRIAL as stable. Version 0.160010-TRIAL: 2015-12-31 * Use Moo instead of Moose. This reduces our dependencies significantly, and also speeds up startup by a little bit. Runtime performance should be unaffected. Version 0.150900: 2015-03-31 * Fix RT#102447 (PBKDF2_hex removes certain bytes from the end of hash). Version 0.142390: 2014-08-27 * Add HMACSHA3 hasher. * Add an option to limit password length to prevent algorithmic complexity attacks. Thanks Gabor Szabo for reporting. Version 0.140890: 2014-03-30 * Remove use of Method::Signatures::Simple. Devel::Declare was causing problems for some users, and it's really not needed for such a simple module. Version 0.133330: 2013-11-29 * Replace Class::MOP::load_class with Module::Runtime for compatibility with latest Moose Version 0.131750: 2013-06-24 * Fix decoding 'crypt'-style hashes with options (CPAN RT#84130) Version 0.121930: 2012-07-10 * Correct a typo that breaks deserialization of hashes with algorithm options. Version 0.112020: 2011-07-21 * SEMI-INCOMPATIBLE CHANGE: Add a new, LDAP-like, output format for 'generate'. This format is now the default output format. If you want to generate the same output as version 0.110461, or that can be read by previous versions, see the documentation for the "encoding" attribute. Version 0.110461: 2011-02-15 * Fix bug related to instantiation of "hasher". Version 0.110460: 2011-02-14 * Miscellaneous documentation improvements. * Optional arguments to "generate" and "validate" have been removed. The mandatory arguments remain the same. If you want to override options, clone the object instead. * MooseX::MethodSignatures replaced with Method::Signatures::Simple, which should improve speed noticeably. Version 0.101170: 2010-04-26 * Updated SEE ALSO section. * Repository in META. * Added Changes file. Version 0.101160: 2010-04-26 * Initial release to CPAN. * HMACSHA1, HMACSHA2, and DigestHMAC hashers included. META.yml100644001750001750 240115212655102 15233 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630--- abstract: 'The PBKDF2 password hash algorithm' author: - 'Andrew Rodland ' build_requires: Encode: '0' Test::Fatal: '0' Test::More: '0' constant: '0' strict: '0' warnings: '0' configure_requires: Module::Build::Tiny: '0.034' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.037, CPAN::Meta::Converter version 2.150010' license: perl meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Crypt-PBKDF2 no_index: directory: - t requires: Carp: '0' Crypt::URandom: '0' Digest: '1.16' Digest::HMAC: '1.01' Digest::SHA: '0' Digest::SHA3: '0.22' MIME::Base64: '0' Module::Runtime: '0' Moo: '2' Moo::Role: '2' Scalar::Util: '0' Try::Tiny: '0.04' Type::Tiny: '0' Types::Standard: '1.000005' namespace::autoclean: '0' strictures: '2' resources: bugtracker: https://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-PBKDF2 homepage: http://metacpan.org/release/Crypt-PBKDF2 license: http://dev.perl.org/licenses/ repository: git://github.com/arodland/Crypt-PBKDF2.git version: '0.261630' x_authority: cpan:ARODLAND x_generated_by_perl: v5.42.2 x_serialization_backend: 'YAML::Tiny version 1.76' x_spdx_expression: 'Artistic-1.0-Perl OR GPL-1.0-or-later' MANIFEST100644001750001750 67215212655102 15103 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.037 Build.PL Changes LICENSE MANIFEST MANIFEST.SKIP META.json META.yml README dist.ini lib/Crypt/PBKDF2.pm lib/Crypt/PBKDF2/Hash.pm lib/Crypt/PBKDF2/Hash/DigestHMAC.pm lib/Crypt/PBKDF2/Hash/HMACSHA1.pm lib/Crypt/PBKDF2/Hash/HMACSHA2.pm lib/Crypt/PBKDF2/Hash/HMACSHA3.pm t/01-raeburn.t t/02-validate.t t/03-clone.t t/04-params.t t/05-crypt-ldap.t t/06-length-limit.t dist.ini100644001750001750 35715212655102 15416 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630name = Crypt-PBKDF2 author = Andrew Rodland license = Perl_5 copyright_holder = Andrew Rodland abstract = The PBKDF2 password hash algorithm [@ARODLAND] dist = Crypt-PBKDF2 nextversion = autoversion [PodWeaver] Build.PL100644001750001750 26115212655102 15240 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630# This Build.PL for Crypt-PBKDF2 was generated by Dist::Zilla::Plugin::ModuleBuildTiny 0.020. use strict; use warnings; use 5.006; use Module::Build::Tiny 0.034; Build_PL(); META.json100644001750001750 427015212655102 15411 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630{ "abstract" : "The PBKDF2 password hash algorithm", "author" : [ "Andrew Rodland " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.037, CPAN::Meta::Converter version 2.150010", "license" : [ "perl_5" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Crypt-PBKDF2", "no_index" : { "directory" : [ "t" ] }, "prereqs" : { "configure" : { "requires" : { "Module::Build::Tiny" : "0.034" } }, "runtime" : { "requires" : { "Carp" : "0", "Crypt::URandom" : "0", "Digest" : "1.16", "Digest::HMAC" : "1.01", "Digest::SHA" : "0", "Digest::SHA3" : "0.22", "MIME::Base64" : "0", "Module::Runtime" : "0", "Moo" : "2", "Moo::Role" : "2", "Scalar::Util" : "0", "Try::Tiny" : "0.04", "Type::Tiny" : "0", "Types::Standard" : "1.000005", "namespace::autoclean" : "0", "strictures" : "2" } }, "test" : { "requires" : { "Encode" : "0", "Test::Fatal" : "0", "Test::More" : "0", "constant" : "0", "strict" : "0", "warnings" : "0" } } }, "release_status" : "stable", "resources" : { "bugtracker" : { "mailto" : "bug-Crypt-PBKDF2@rt.cpan.org", "web" : "https://rt.cpan.org/Public/Dist/Display.html?Name=Crypt-PBKDF2" }, "homepage" : "http://metacpan.org/release/Crypt-PBKDF2", "license" : [ "http://dev.perl.org/licenses/" ], "repository" : { "type" : "git", "url" : "git://github.com/arodland/Crypt-PBKDF2.git", "web" : "http://github.com/arodland/Crypt-PBKDF2" } }, "version" : "0.261630", "x_authority" : "cpan:ARODLAND", "x_generated_by_perl" : "v5.42.2", "x_serialization_backend" : "Cpanel::JSON::XS version 4.42", "x_spdx_expression" : "Artistic-1.0-Perl OR GPL-1.0-or-later" } t000755001750001750 015212655102 14070 5ustar00andrewandrew000000000000Crypt-PBKDF2-0.26163003-clone.t100644001750001750 217715212655102 15744 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/t#!perl use strict; use warnings; use Test::More; BEGIN { use_ok 'Crypt::PBKDF2'; use_ok 'Crypt::PBKDF2::Hash::HMACSHA1'; use_ok 'Crypt::PBKDF2::Hash::HMACSHA2'; } { my $orig = Crypt::PBKDF2->new(hash_class => 'HMACSHA1'); my $orig_hasher = $orig->hasher; is ref $orig_hasher, 'Crypt::PBKDF2::Hash::HMACSHA1', 'Got the right hasher class'; { my $clone = $orig->clone; my $clone_hasher = $clone->hasher; isnt $clone_hasher, $orig_hasher, 'Hasher was rebuilt'; is ref $clone_hasher, 'Crypt::PBKDF2::Hash::HMACSHA1', 'Still the right class'; } { my $clone = $orig->clone(hash_class => 'HMACSHA2'); my $clone_hasher = $clone->hasher; isnt $clone_hasher, $orig_hasher, 'Hasher was rebuilt again'; is ref $clone_hasher, 'Crypt::PBKDF2::Hash::HMACSHA2', 'Rebuilt under the right class'; } } { my $hasher = Crypt::PBKDF2::Hash::HMACSHA1->new; my $orig = Crypt::PBKDF2->new(hasher => $hasher); is $orig->hasher, $hasher, 'Used the hasher we passed in'; is $orig->clone->hasher, $hasher, 'Same hasher on clone'; ok ! $orig->has_lazy_hasher, q{Hasher wasn't marked lazy-built}; } done_testing; MANIFEST.SKIP100644001750001750 3315212655102 15617 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630local/ carton.lock .carton 04-params.t100644001750001750 121615212655102 16121 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/t#!perl use strict; use warnings; use Test::More; use constant TEST_PASSWORDS => 10; BEGIN { plan tests => 2 * TEST_PASSWORDS + 1; # + use_ok use_ok 'Crypt::PBKDF2'; } for my $encoding (qw(ldap crypt)) { my $pbkdf2 = Crypt::PBKDF2->new( hash_class => 'HMACSHA2', hash_args => { sha_size => 512 }, iterations => 100, salt_len => 32, encoding => $encoding, ); for my $i (1 .. TEST_PASSWORDS) { my $password = join "", map ["A".."Z","a".."z","0".."9"]->[rand 62], 1..8; my $hash = $pbkdf2->generate($password); ok $pbkdf2->validate($hash, $password), "Validate password $i: $password ($encoding)"; } } 01-raeburn.t100644001750001750 340615212655102 16274 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/t#!perl use strict; use warnings; use Test::More; # Tests from draft-raeburn-krb-rijndael-krb-04.txt BEGIN { use_ok 'Crypt::PBKDF2'; } my $pbkdf2 = Crypt::PBKDF2->new(hash_class => 'HMACSHA1'); sub PBKDF2 { my ($iterations, $bits, $salt, $password) = @_; return $pbkdf2->clone(iterations => $iterations, output_len => $bits / 8)->PBKDF2_hex($salt, $password); } is PBKDF2(1, 128, "ATHENA.MIT.EDUraeburn", "password"), "cdedb5281bb2f801565a1122b2563515", "raeburn 1 iter, 128-bit"; is PBKDF2(1, 256, "ATHENA.MIT.EDUraeburn", "password"), "cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837", "raeburn 1 iter, 256-bit"; is PBKDF2(2, 128, "ATHENA.MIT.EDUraeburn", "password"), "01dbee7f4a9e243e988b62c73cda935d", "raeburn 2 iter, 128-bit"; is PBKDF2(2, 256, "ATHENA.MIT.EDUraeburn", "password"), "01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86", "raeburn 2 iter, 256-bit"; is PBKDF2(1200, 128, "ATHENA.MIT.EDUraeburn", "password"), "5c08eb61fdf71e4e4ec3cf6ba1f5512b", "raeburn 1200 iter, 128-bit"; is PBKDF2(1200, 256, "ATHENA.MIT.EDUraeburn", "password"), "5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13", "raeburn 1200 iter, 256-bit"; is PBKDF2(1200, 256, "pass phrase equals block size", "X" x 64), "139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1", "raeburn pass phrase equals block size, 256-bit"; is PBKDF2(1200, 256, "pass phrase exceeds block size", "X" x 65), "9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a", "raeburn pass phrase exceeds block size, 256-bit"; use Encode (); is PBKDF2(50, 256, "EXAMPLE.COMpianist", Encode::encode("UTF-8", "\x{1d11e}") ), "6b9cf26d45455a43a5b8bb276a403b39e7fe37a0c41e02c281ff3069e1e94f52", "raeburn pianist, 256-bit"; done_testing; 02-validate.t100644001750001750 143315212655102 16426 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/t#!perl use strict; use warnings; use Test::More; use constant TEST_PASSWORDS => 500; BEGIN { plan tests => 8 * TEST_PASSWORDS + 1; # + use_ok use_ok 'Crypt::PBKDF2'; } for my $encoding (qw(ldap crypt)) { my $pbkdf2 = Crypt::PBKDF2->new(iterations => 40, encoding => $encoding); for my $i (1 .. TEST_PASSWORDS) { my $password = join "", map ["A".."Z","a".."z","0".."9"]->[rand 62], 1..8; my $hash = $pbkdf2->generate($password); ok $pbkdf2->validate($hash, $password), "Validate password $i: $password ($encoding)"; is length $pbkdf2->PBKDF2('test', $password), 32, "raw length $password"; is length $pbkdf2->PBKDF2_hex('test', $password), 64, "hex length $password"; is length $pbkdf2->PBKDF2_base64('test', $password), 44, "base64 length $password"; } } 05-crypt-ldap.t100644001750001750 103115212655102 16711 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/t#!perl use strict; use warnings; use Test::More; BEGIN { plan tests => 1 + 1; use_ok 'Crypt::PBKDF2'; } my $encoder = Crypt::PBKDF2->new( hash_class => 'HMACSHA2', hash_args => { sha_size => 512 }, iterations => 100, salt_len => 32, encoding => 'crypt', ); my $password = "testpass"; my $hash = $encoder->generate($password); my $decoder = Crypt::PBKDF2->new; # Defaults to LDAP encoding, different hash, etc. ok $decoder->validate($hash, $password), "Old crypt hash validates with new PBKDF2 that wants LDAP"; Crypt000755001750001750 015212655102 15474 5ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/libPBKDF2.pm100644001750001750 3506415212655102 17132 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Cryptpackage Crypt::PBKDF2; # ABSTRACT: The PBKDF2 password hashing algorithm. our $VERSION = '0.261630'; # VERSION our $AUTHORITY = 'cpan:ARODLAND'; # AUTHORITY use Moo 2; use strictures 2; use namespace::autoclean; use MIME::Base64 (); use Crypt::URandom (); use Carp qw(croak); use Module::Runtime; use Try::Tiny; use Type::Tiny; use Types::Standard 1.000005 qw(Str Int HashRef ConsumerOf); use Scalar::Util qw(blessed); sub BUILD { my ($self) = @_; $self->hasher; # Force instantiation, so we get errors ASAP } has hash_class => ( is => 'ro', isa => Str, default => 'HMACSHA2', predicate => 'has_hash_class', ); has hash_args => ( is => 'ro', isa => HashRef, default => sub { +{} }, predicate => 'has_hash_args', ); has hasher => ( is => 'ro', isa => ConsumerOf['Crypt::PBKDF2::Hash'], lazy => 1, default => sub { shift->_lazy_hasher }, ); has _lazy_hasher => ( is => 'ro', isa => ConsumerOf['Crypt::PBKDF2::Hash'], lazy => 1, init_arg => undef, predicate => 'has_lazy_hasher', builder => '_build_hasher', ); sub _build_hasher { my ($self) = @_; my $class = $self->hash_class; if ($class !~ s/^\+//) { $class = "Crypt::PBKDF2::Hash::$class"; } my $hash_args = $self->hash_args; return Module::Runtime::use_module($class)->new( %$hash_args ); } has iterations => ( is => 'ro', isa => Int, default => 600000, ); has output_len => ( is => 'ro', isa => Int, predicate => 'has_output_len', ); has salt_len => ( is => 'ro', isa => Int, default => 4, ); sub _random_salt { my ($self) = @_; return Crypt::URandom::urandom($self->salt_len); } has encoding => ( is => 'ro', isa => Str, default => 'ldap', ); has length_limit => ( is => 'ro', isa => Int, predicate => 'has_length_limit', ); sub generate { my ($self, $password, $salt) = @_; $salt = $self->_random_salt unless defined $salt; if ($self->has_length_limit and length($password) > $self->length_limit) { croak "Password exceeds length limit"; } my $hash = $self->PBKDF2($salt, $password); return $self->encode_string($salt, $hash); } sub validate { my ($self, $hashed, $password) = @_; if ($self->has_length_limit and length($password) > $self->length_limit) { croak "Password exceeds length limit"; } my $info = $self->decode_string($hashed); my $hasher = try { $self->hasher_from_algorithm($info->{algorithm}, $info->{algorithm_options}); } catch { my $opts = defined($info->{algorithm_options}) ? " (options ''$info->{algorithm_options}'')" : ""; croak "Couldn't construct hasher for ''$info->{algorithm}''$opts: $_"; }; my $checker = $self->clone( hasher => $hasher, iterations => $info->{iterations}, output_len => length($info->{hash}), ); my $check_hash = $checker->PBKDF2($info->{salt}, $password); return _secure_compare($check_hash, $info->{hash}); } # Constant-time string comparison, to avoid timing attacks on the hash check. sub _secure_compare { my ($a, $b) = @_; my $r = length($a) != length($b); $a = $b if $r; $r |= ord(substr($a, $_)) ^ ord(substr($b, $_)) for 0 .. length($a) - 1; return $r == 0; } sub PBKDF2 { my ($self, $salt, $password) = @_; my $iterations = $self->iterations; my $hasher = $self->hasher; my $output_len = $self->output_len || $hasher->hash_len; my $hLen = $hasher->hash_len; my $l = int($output_len / $hLen); my $r = $output_len % $hLen; if ($l > 0xffffffff or $l == 0xffffffff && $r > 0) { croak "output_len too large for PBKDF2"; } my $output; for my $i (1 .. $l) { $output .= $self->_PBKDF2_F($hasher, $salt, $password, $iterations, $i); } if ($r) { $output .= substr( $self->_PBKDF2_F($hasher, $salt, $password, $iterations, $l + 1), 0, $r); } return $output; } sub PBKDF2_base64 { my $self = shift; return MIME::Base64::encode( $self->PBKDF2(@_), "" ); } sub PBKDF2_hex { my $self = shift; return unpack "H*", $self->PBKDF2(@_); } sub _PBKDF2_F { my ($self, $hasher, $salt, $password, $iterations, $i) = @_; my $result = my $hash = $hasher->generate( $salt . pack("N", $i), $password ); for my $iter (2 .. $iterations) { $hash = $hasher->generate( $hash, $password ); $result ^= $hash; } return $result; } sub encode_string { my ($self, $salt, $hash) = @_; if ($self->encoding eq 'crypt') { return $self->_encode_string_cryptlike($salt, $hash); } elsif ($self->encoding eq 'ldap') { return $self->_encode_string_ldaplike($salt, $hash); } else { die "Unknown setting '", $self->encoding, "' for encoding"; } } sub _encode_string_cryptlike { my ($self, $salt, $hash) = @_; my $hasher = $self->hasher; my $hasher_class = blessed($hasher); if (!defined $hasher_class || $hasher_class !~ s/^Crypt::PBKDF2::Hash:://) { croak "Can't ''encode_string'' with a hasher class outside of Crypt::PBKDF2::Hash::*"; } my $algo_string = $hasher->to_algo_string; $algo_string = defined($algo_string) ? "{$algo_string}" : ""; return '$PBKDF2$' . "$hasher_class$algo_string:" . $self->iterations . ':' . MIME::Base64::encode($salt, "") . '$' . MIME::Base64::encode($hash, ""); } sub _encode_string_ldaplike { my ($self, $salt, $hash) = @_; my $hasher = $self->hasher; my $hasher_class = blessed($hasher); if (!defined $hasher_class || $hasher_class !~ s/^Crypt::PBKDF2::Hash:://) { croak "Can't ''encode_string'' with a hasher class outside of Crypt::PBKDF2::Hash::*"; } my $algo_string = $hasher->to_algo_string; $algo_string = defined($algo_string) ? "+$algo_string" : ""; return '{X-PBKDF2}' . "$hasher_class$algo_string:" . $self->_b64_encode_int32($self->iterations) . ':' . MIME::Base64::encode($salt, "") . ':' . MIME::Base64::encode($hash, ""); } sub decode_string { my ($self, $hashed) = @_; if ($hashed =~ /^\$PBKDF2\$/) { return $self->_decode_string_cryptlike($hashed); } elsif ($hashed =~ /^\{X-PBKDF2}/i) { return $self->_decode_string_ldaplike($hashed); } else { croak "Unrecognized hash"; } } sub _decode_string_cryptlike { my ($self, $hashed) = @_; if ($hashed !~ /^\$PBKDF2\$/) { croak "Unrecognized hash"; } if (my ($algorithm, $opts, $iterations, $salt, $hash) = $hashed =~ /^\$PBKDF2\$([^:}]+)(?:\{([^}]+)\})?:(\d+):([^\$]+)\$(.*)/) { return { algorithm => $algorithm, algorithm_options => $opts, iterations => $iterations, salt => MIME::Base64::decode($salt), hash => MIME::Base64::decode($hash), } } else { croak "Invalid format"; } } sub _decode_string_ldaplike { my ($self, $hashed) = @_; if ($hashed !~ /^\{X-PBKDF2}/i) { croak "Unrecognized hash"; } if (my ($algo_str, $iterations, $salt, $hash) = $hashed =~ /^\{X-PBKDF2}([^:]+):([^:]{6}):([^\$]+):(.*)/i) { my ($algorithm, $opts) = split /\+/, $algo_str; return { algorithm => $algorithm, algorithm_options => $opts, iterations => $self->_b64_decode_int32($iterations), salt => MIME::Base64::decode($salt), hash => MIME::Base64::decode($hash), } } else { croak "Invalid format"; } } sub hasher_from_algorithm { my ($self, $algorithm, $args) = @_; my $class = Module::Runtime::use_module("Crypt::PBKDF2::Hash::$algorithm"); if (defined $args) { return $class->from_algo_string($args); } else { return $class->new; } } sub clone { my ($self, %params) = @_; my $class = ref $self; # If the hasher was built from hash_class and hash_args, then omit it from # the clone. But if it was set by the user, then we need to copy it. We're # assuming that the hasher has no state, so it doesn't need a deep clone. # This is true of all of the ones that I'm shipping, but if it's not true for # you, let me know. my %new_args = ( $self->has_hash_class ? (hash_class => $self->hash_class) : (), $self->has_hash_args ? (hash_args => $self->hash_args) : (), $self->has_output_len ? (output_len => $self->output_len) : (), $self->has_lazy_hasher ? () : (hasher => $self->hasher), iterations => $self->iterations, salt_len => $self->salt_len, %params, ); return $class->new(%new_args); } sub _b64_encode_int32 { my ($self, $value) = @_; my $b64 = MIME::Base64::encode(pack("N", $value), ""); $b64 =~ s/==$//; return $b64; } sub _b64_decode_int32 { my ($self, $b64) = @_; $b64 .= "=="; return unpack "N", MIME::Base64::decode($b64); } __PACKAGE__->meta->make_immutable; 1; __END__ =pod =encoding UTF-8 =head1 NAME Crypt::PBKDF2 - The PBKDF2 password hashing algorithm. =head1 VERSION version 0.261630 =head1 SYNOPSIS use Crypt::PBKDF2; my $pbkdf2 = Crypt::PBKDF2->new( hash_class => 'HMACSHA2', # this is the default (HMAC-SHA256) iterations => 600000, # so is this output_len => 32, # and this salt_len => 4, # and this. ); my $hash = $pbkdf2->generate("s3kr1t_password"); if ($pbkdf2->validate($hash, "s3kr1t_password")) { access_granted(); } =head1 DESCRIPTION PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily high. PBKDF2 uses any other cryptographic hash or cipher (by convention, usually HMAC-SHA1, but C is fully pluggable), and allows for an arbitrary number of iterations of the hashing function, and a nearly unlimited output hash size (up to 2**32 - 1 times the size of the output of the backend hash). The hash is salted, as any password hash should be, and the salt may also be of arbitrary size. =head1 ATTRIBUTES =head2 hash_class B String, B HMACSHA2 The name of the default class that will provide PBKDF2's Pseudo-Random Function (the backend hash). If the value starts with a C<+>, the C<+> will be removed and the remainder will be taken as a fully-qualified package name. Otherwise, the value will be appended to C. The default class is C, which (with its own default C of 256) provides HMAC-SHA256. =head2 hash_args B HashRef, B {} Arguments to be passed to the C constructor. =head2 hasher B Object (must fulfill role L), B None. It is also possible to provide a hash object directly; in this case the C and C are ignored. =head2 iterations B Integer, B 600000. The default number of iterations of the hashing function to use for the C and C methods. =head2 output_len B Integer. The default size (in bytes, not bits) of the output hash. If a value isn't provided, the output size depends on the CS< / >C selected, and will equal the output size of the backend hash (e.g. 20 bytes for HMACSHA1). =head2 salt_len B Integer, B 4 The default salt length (in bytes) for the C method. =head2 encoding B String (either "crypt" or "ldap"), B "ldap" The hash format to generate. The "ldap" format is intended to be compatible with RFC2307, and looks like: {X-PBKDF2}HMACSHA1:AAAD6A:8ODUPA==:1HSdSVVwlWSZhbPGO7GIZ4iUbrk= While the "crypt" format is similar to the format used by the C function, except with more structured information in the second (salt) field. It looks like: $PBKDF2$HMACSHA1:1000:4q9OTg==$9Pb6bCRgnct/dga+4v4Lyv8x31s= Versions of this module up to 0.110461 generated the "crypt" format, so set that if you want it. Current versions of this module will read either format, but the "ldap" format is preferred. =head2 length_limit B Integer The maximum password length to allow, for generate and verify functions. Allowing passwords of unlimited length can allow a denial-of-service attack in which an attacker asks the server to validate very large passwords. For compatibility this attribute is unset by default, but it is recommended to set it to a reasonably small value like 100 -- large enough that users aren't discouraged from having secure passwords, but small enough to limit the computation needed to validate any one password. =head1 METHODS =head2 generate ($password, [$salt]) Generates a hash for the given C<$password>. If C<$salt> is not provided, a random salt with length C will be generated. There are two output formats available, depending on the setting of the C attribute: "ldap" and "crypt"; see the documentation for L for more information. =head2 validate ($hashed, $password) Validates whether the password C<$password> matches the hash string C<$hashed>. May throw an exception if the format of C<$hashed> is invalid; otherwise, returns true or false. Accepts both formats that the "generate" method can produce. =head2 PBKDF2 ($salt, $password) The raw PBKDF2 algorithm. Given the C<$salt> and C<$password>, returns the raw binary hash. =head2 PBKDF2_base64 ($salt, $password) As the C method, only the output is encoded with L. =head2 PBKDF2_hex ($salt, $password) As the C method, only the output is encoded in hexadecimal. =head2 encode_string ($salt, $hash) Given a generated salt and hash, hash, generates output in the form generated by C and accepted by C. Unlikely to be of much use to anyone else. =head2 decode_string ($hashed) Given a textual hash in the form generated by C, decodes it and returns a HashRef containing: =over 4 =item * C: A string representing the hash algorithm used. See L. =item * C: The number of iterations used. =item * C: The salt, in raw binary form. =item * C: The hash, in raw binary form. =back This method is mostly for internal use, but it has been left public as it may come in handy. If the input data is invalid, this method may throw an exception. =head2 hasher_from_algorithm ($algo_str) Attempts to load and instantiate a C class based on an algorithm string as produced by C / C. =head2 clone (%params) Create a new object like this one, but with C<%params> changed. =head1 SEE ALSO =over 4 =item * B: L =item * B: L =item * B: L =back =head1 AUTHOR Andrew Rodland =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut 06-length-limit.t100644001750001750 123115212655102 17232 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/t#!perl use strict; use warnings; use Test::More; use Test::Fatal; use Crypt::PBKDF2; my $pbkdf2 = Crypt::PBKDF2->new( length_limit => 8 ); my $hash; is exception { $hash = $pbkdf2->generate("12345678") }, undef, "doesn't die on generate with valid length"; is exception { is $pbkdf2->validate($hash, "12345678"), 1, "hash validates" }, undef, "doesn't die on validate with valid length"; like exception { $hash = $pbkdf2->generate("123456789") }, qr/length limit/, "dies on generate with too long pw"; like exception { is $pbkdf2->validate($hash, "123456789"), 1, "hash validates" }, qr/length limit/, "dies on validate with too long pw"; done_testing; PBKDF2000755001750001750 015212655102 16404 5ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/CryptHash.pm100644001750001750 301315212655102 17762 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Crypt/PBKDF2package Crypt::PBKDF2::Hash; # ABSTRACT: Abstract role for PBKDF2 hashing algorithms. our $VERSION = '0.261630'; # VERSION our $AUTHORITY = 'cpan:ARODLAND'; # AUTHORITY use Moo::Role 2; use strictures 2; use namespace::autoclean; requires 'hash_len'; requires 'generate'; requires 'to_algo_string'; requires 'from_algo_string'; 1; __END__ =pod =encoding UTF-8 =head1 NAME Crypt::PBKDF2::Hash - Abstract role for PBKDF2 hashing algorithms. =head1 VERSION version 0.261630 =head1 METHODS =head2 hash_len() Returns the length (in bytes) of the hashes this algorithm generates. =head2 generate($data, $key) Generate strong pseudorandom bits based on the C<$data> and C<$key> =head2 to_algo_string() Return a string representing any optional arguments this object was created with, for use by L's C and C methods. May return undef if no arguments are required, in which case none will be serialized and C won't be called on reading the hash. =head2 from_algo_string($str) Given a string as produced by C, return an instance of this class with options corresponding to those in C<$str>. If no options are expected, it's permissible for this method to throw an exception. =head1 AUTHOR Andrew Rodland =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut Hash000755001750001750 015212655102 17267 5ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Crypt/PBKDF2HMACSHA1.pm100644001750001750 210215212655102 21105 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Crypt/PBKDF2/Hashpackage Crypt::PBKDF2::Hash::HMACSHA1; # ABSTRACT: HMAC-SHA1 support for Crypt::PBKDF2 using Digest::SHA our $VERSION = '0.261630'; # VERSION our $AUTHORITY = 'cpan:ARODLAND'; # AUTHORITY use Moo 2; use strictures 2; use namespace::autoclean; use Digest::SHA (); use Carp qw(croak); with 'Crypt::PBKDF2::Hash'; sub hash_len { return 20; } sub generate { my $self = shift; # ($data, $key) return Digest::SHA::hmac_sha1(@_); } sub to_algo_string { return; } sub from_algo_string { croak "No argument expected"; } 1; __END__ =pod =encoding UTF-8 =head1 NAME Crypt::PBKDF2::Hash::HMACSHA1 - HMAC-SHA1 support for Crypt::PBKDF2 using Digest::SHA =head1 VERSION version 0.261630 =head1 DESCRIPTION Uses L C to provide the HMAC-SHA1 backend for L. =head1 AUTHOR Andrew Rodland =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut HMACSHA2.pm100644001750001750 317015212655102 21114 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Crypt/PBKDF2/Hashpackage Crypt::PBKDF2::Hash::HMACSHA2; # ABSTRACT: HMAC-SHA2 support for Crypt::PBKDF2 using Digest::SHA our $VERSION = '0.261630'; # VERSION our $AUTHORITY = 'cpan:ARODLAND'; # AUTHORITY use Moo 2; use strictures 2; use namespace::autoclean; use Digest::SHA (); use Type::Tiny; use Types::Standard qw(Enum); with 'Crypt::PBKDF2::Hash'; has 'sha_size' => ( is => 'ro', isa => Type::Tiny->new( name => 'SHASize', parent => Enum[qw( 224 256 384 512 )], display_name => 'valid number of bits for SHA-2', ), default => 256, ); has '_hasher' => ( is => 'lazy', init_arg => undef, ); sub _build__hasher { my $self = shift; my $shasize = $self->sha_size; return Digest::SHA->can("hmac_sha$shasize"); } sub hash_len { my $self = shift; return $self->sha_size() / 8; } sub generate { my $self = shift; # ($data, $key) return $self->_hasher->(@_); } sub to_algo_string { my $self = shift; return $self->sha_size; } sub from_algo_string { my ($class, $str) = @_; return $class->new( sha_size => $str ); } 1; __END__ =pod =encoding UTF-8 =head1 NAME Crypt::PBKDF2::Hash::HMACSHA2 - HMAC-SHA2 support for Crypt::PBKDF2 using Digest::SHA =head1 VERSION version 0.261630 =head1 DESCRIPTION Uses L C/C/C to provide the HMAC-SHA2 family of hashes for L. =head1 AUTHOR Andrew Rodland =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut HMACSHA3.pm100644001750001750 347215212655102 21122 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Crypt/PBKDF2/Hashpackage Crypt::PBKDF2::Hash::HMACSHA3; # ABSTRACT: HMAC-SHA3 support for Crypt::PBKDF2 using Digest::SHA our $VERSION = '0.261630'; # VERSION our $AUTHORITY = 'cpan:ARODLAND'; # AUTHORITY use Moo 2; use strictures 2; use namespace::autoclean; use Digest::HMAC 1.01 (); use Digest::SHA3 0.22 (); use Type::Tiny; use Types::Standard qw(Enum); with 'Crypt::PBKDF2::Hash'; has 'sha_size' => ( is => 'ro', isa => Type::Tiny->new( name => 'SHASize', parent => Enum[qw( 224 256 384 512 )], display_name => 'valid number of bits for SHA-2', ), default => 256, ); has '_hasher' => ( is => 'lazy', init_arg => undef, ); sub _build__hasher { my $self = shift; my $shasize = $self->sha_size; return Digest::SHA3->can("sha3_$shasize"); } sub hash_len { my $self = shift; return $self->sha_size() / 8; } sub generate { my ($self, $data, $key) = @_; return Digest::HMAC::hmac($data, $key, $self->_hasher); } sub to_algo_string { my $self = shift; return $self->sha_size; } sub from_algo_string { my ($class, $str) = @_; return $class->new( sha_size => $str ); } 1; __END__ =pod =encoding UTF-8 =head1 NAME Crypt::PBKDF2::Hash::HMACSHA3 - HMAC-SHA3 support for Crypt::PBKDF2 using Digest::SHA =head1 VERSION version 0.261630 =head1 DESCRIPTION Uses L and L C/C/C to provide the HMAC-ShA3 family of hashes for L. This could be done with L instead, but it seemed nice to have a uniform interface to HMACSHA*. =head1 AUTHOR Andrew Rodland =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut DigestHMAC.pm100644001750001750 360715212655102 21643 0ustar00andrewandrew000000000000Crypt-PBKDF2-0.261630/lib/Crypt/PBKDF2/Hashpackage Crypt::PBKDF2::Hash::DigestHMAC; # ABSTRACT: Digest::HMAC hash support for Crypt::PBKDF2. our $VERSION = '0.261630'; # VERSION our $AUTHORITY = 'cpan:ARODLAND'; # AUTHORITY use Moo 2; use strictures 2; use namespace::autoclean; use Digest 1.16 (); use Digest::HMAC 1.01 (); use Try::Tiny 0.04; use Carp qw(croak); with 'Crypt::PBKDF2::Hash'; has digest_class => ( is => 'ro', required => 1, ); has _digest => ( is => 'lazy', init_arg => undef, ); sub _build__digest { my $self = shift; return Digest->new($self->digest_class); } sub BUILD { my $self = shift; try { my $digest = $self->_digest; } catch { croak "Couldn't construct a Digest of type " . $self->digest_class . ": $_"; } } sub hash_len { my $self = shift; return length( $self->_digest->clone->add("")->digest ); } sub generate { my ($self, $data, $key) = @_; my $digest = $self->_digest->clone; return Digest::HMAC::hmac($data, $key, sub { $digest->add(@_)->digest }); } sub to_algo_string { my $self = shift; return $self->digest_class; } sub from_algo_string { my ($class, $str) = shift; return $class->new(digest_class => $str); } 1; __END__ =pod =encoding UTF-8 =head1 NAME Crypt::PBKDF2::Hash::DigestHMAC - Digest::HMAC hash support for Crypt::PBKDF2. =head1 VERSION version 0.261630 =head1 DESCRIPTION Uses L to make nearly any L-compatible module compatible with L by driving it with the standard HMAC algorithm to combine the key and the data. =head1 ATTRIBUTES =head2 digest_class The Digest class to use. Will be passed to C<< Digest->new >>. =head1 AUTHOR Andrew Rodland =head1 COPYRIGHT AND LICENSE This software is copyright (c) 2026 by Andrew Rodland. This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself. =cut