From fe19f3bc4900d24198148f82803f9d83e620f465 Mon Sep 17 00:00:00 2001
From: sikofitt <sikofitt@gmail.com>
Date: Thu, 3 Nov 2016 11:29:38 -0700
Subject: [PATCH] See Changlog

---
 .gitignore |  2 ++
 BCrypt.pas | 49 +++++++++++++++++++++++++++----------------------
 CHANGELOG  | 18 ++++++++++++++++++
 README.md  | 28 ++++++++++++++++++++++------
 4 files changed, 69 insertions(+), 28 deletions(-)
 create mode 100644 CHANGELOG

diff --git a/.gitignore b/.gitignore
index 52ef87f..0776b30 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,6 @@
 *.o
 *.ppu
 *~
+.idea/
+*.iml
 
diff --git a/BCrypt.pas b/BCrypt.pas
index 0dbca66..37a169f 100644
--- a/BCrypt.pas
+++ b/BCrypt.pas
@@ -247,9 +247,8 @@ end;
 
 implementation
 
-uses
-  Math,
-  RegExpr;
+Uses
+  Math; // @Todo : Remove and use Renegade.Random
 
 constructor TBCryptHash.Create;
    begin
@@ -503,8 +502,8 @@ end;
 
 function TBCryptHash.FormatPasswordHash(const Salt, Hash: TBytes; Cost : Byte; HashType : THashTypes): AnsiString;
 var
-  saltString: ansistring;
-  hashString: ansistring;
+  SaltString: ansistring;
+  HashString: ansistring;
   HashPrefix : AnsiString;
 begin
   case HashType of
@@ -515,9 +514,9 @@ begin
     HashPrefix := '2y';
   end;
  end;
-  saltString := BsdBase64Encode(Salt, Length(Salt));
-  hashString := BsdBase64Encode(Hash, Length(MagicText) * 4 - 1);
-  Result := Format('$%s$%d$%s%s', [HashPrefix, Cost, saltString, hashString]);
+  SaltString := BsdBase64Encode(Salt, Length(Salt));
+  HashString := BsdBase64Encode(Hash, Length(MagicText) * 4 - 1);
+  Result := Format('$%s$%d$%s%s', [HashPrefix, Cost, SaltString, HashString]);
 end;
 
 function TBCryptHash.getRandomBlockFileName : AnsiString;
@@ -737,19 +736,28 @@ end;
 
 function TBCryptHash.VerifyHash(const Password, Hash : AnsiString) : Boolean;
 var
-  RegexObj: TRegExpr;
-  WorkingBcryptHash : AnsiString;
-  HashCounter, ResultStatus, Cost : Byte;
+  WorkingBcryptHash, Salt : AnsiString;
+  HashCounter, ResultStatus, BCryptCost : Byte;
   HashType : THashTypes;
+  PasswordInfo :RTPasswordInformation;
 Begin
   ResultStatus := 0;
-  RegexObj := TRegExpr.Create;
-  RegexObj.Expression := '^(\$2\w{1}\$)(\d{2})\$([\./0-9A-Za-z]{22})';
-  if RegexObj.Exec(Hash) then
+  try
+    PasswordInfo := HashGetInfo(Hash);
+  except
+    on e: EHash do
+      begin
+        Result := False;
+        Exit;
+      end;
+  end;
+  with PasswordInfo do
     begin
-      HashType := ResolveHashType(RegexObj.Match[1]);
-      Cost := StrToInt(RegexObj.Match[2]);
-      WorkingBcryptHash := Crypt(Password, RegexObj.Match[3], Cost, HashType);
+        HashType := Algo;
+        BCryptCost := Cost;
+        Salt := BCryptSalt;
+    end;
+      WorkingBcryptHash := Crypt(Password, Salt, BCryptCost, HashType);
       if (Length(WorkingBcryptHash) < 60) or (Length(WorkingBcryptHash) > 60) then
         begin
           Result := False;
@@ -769,12 +777,9 @@ Begin
         values. }
         ResultStatus := ResultStatus or (ord(WorkingBcryptHash[HashCounter]) xor ord(Hash[HashCounter]));
       end;
+
       Result := (ResultStatus = 0);
-    end
-    else begin
-      Result := False;
-  end;
-  RegexObj.Free;
+
 end;
 
 function TBCryptHash.NeedsRehash(const BCryptHash : AnsiString) : Boolean; overload;
diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 0000000..5ec2318
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,18 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/) 
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+
+## [0.1.0] - 2016-11-03
+
+### Added
+- Changelog
+- Started using [semver](http://semver.org/) for versioning.
+
+### Changed
+- Removed regex logic for getting the password's current salt, because come on.
+- Make use of object RTPasswordInformation to extract information from hash for verifing logic.
+
+
diff --git a/README.md b/README.md
index 55d3f6f..64db60d 100644
--- a/README.md
+++ b/README.md
@@ -9,14 +9,30 @@ If you try to verify a $2a$ password with PHP it will verify, but if you run the
 Tested with :
   * Free Pascal
     * 2.6.4 
-      * (Linux, Gentoo)
-      * (Linux, Raspbian)
+      * Linux
+        * Gentoo, 2.2-Current-x64
+        * Raspbian
     * 3.0.0
-      * (Linux, Gentoo)
-      * (Win10, 64bit) 
+      * Linux
+        * Gentoo, 2.2-Current-x64
+      * FreeBSD
+        * 12.0-CURRENT-x64
+      * Windows
+        * Windows 10-x64
   * PHP
-    * 5.6.20-pl0-gentoo
-    * 7.0.6_rc1-pl0-gentoo.
+    * 5.5.x
+      * 5.5.38-pl0-gentoo
+    * 5.6.x
+      * 5.6.20-pl0-gentoo
+      * 5.6.28-pl0-gentoo
+    * 7.0.x
+      * 7.0.6_rc1-pl0-gentoo
+      * 7.0.13-pl0-gentoo
+    * 7.x.x (dev)
+      * 7.2.0-dev-x64 (ZTS) 10/31/2016, Gentoo 2.2 Current
+      * 7.2.0-dev-x64 (ZTS) 11/02/2016, FreeBSD 12.0-CURRENT
+  * HHVM
+    * Soon
 
 ### Usage
 ```pascal