argon2 0.0.2 → 0.1.0

data/ext/phc-winner-argon2/src/encoding.h

@@ -0,0 +1,7 @@
+
+#include "argon2.h"
+
+int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+                  argon2_type type);
+
+int decode_string(argon2_context *ctx, const char *str, argon2_type type);

data/ext/phc-winner-argon2/src/run.c

@@ -31,12 +31,11 @@
 #define UNUSED_PARAMETER(x) (void)(x)
 
 static void usage(const char *cmd) {
-    printf("Usage:  %s pwd salt [-d] [-t iterations] [-m memory] "
+    printf("Usage:  %s salt [-d] [-t iterations] [-m memory] "
            "[-p parallelism]\n",
            cmd);
-
+    printf("\tPassword is read from stdin\n");
     printf("Parameters:\n");
-    printf("\tpwd\t\tThe password to hash\n");
     printf("\tsalt\t\tThe salt to use, at most 16 characters\n");
     printf("\t-d\t\tUse Argon2d instead of Argon2i (which is the default)\n");
     printf("\t-t N\t\tSets the number of iterations to N (default = %d)\n",
@@ -66,11 +65,12 @@ Base64-encoded hash string
 */
 static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
                 uint32_t m_cost, uint32_t lanes, uint32_t threads,
-                const char *type) {
+                argon2_type type) {
     clock_t start_time, stop_time;
-    unsigned pwd_length;
-    argon2_context context;
+    unsigned pwdlen;
+    char encoded[300];
     uint32_t i;
+    int result;
 
     start_time = clock();
 
@@ -83,57 +83,31 @@ static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
         fatal("salt missing");
     }
 
-    pwd_length = strlen(pwd);
-
-    UNUSED_PARAMETER(threads);
-
-    context.out = out;
-    context.outlen = OUT_LEN;
-    context.pwd = (uint8_t *)pwd;
-    context.pwdlen = pwd_length;
-    context.salt = salt;
-    context.saltlen = SALT_LEN;
-    context.secret = NULL;
-    context.secretlen = 0;
-    context.ad = NULL;
-    context.adlen = 0;
-    context.t_cost = t_cost;
-    context.m_cost = m_cost;
-    context.lanes = lanes;
-    context.threads = lanes;
-    context.allocate_cbk = NULL;
-    context.free_cbk = NULL;
-    context.flags = ARGON2_FLAG_CLEAR_PASSWORD;
-
-    if (!strcmp(type, "d")) {
-        int result = argon2d(&context);
-        if (result != ARGON2_OK)
-            fatal(error_message(result));
-    } else if (!strcmp(type, "i")) {
-        int result = argon2i(&context);
-        if (result != ARGON2_OK)
-            fatal(error_message(result));
-    } else {
-        secure_wipe_memory(pwd, strlen(pwd));
-        fatal("wrong Argon2 type");
-    }
+    pwdlen = strlen(pwd);
+
+    UNUSED_PARAMETER(lanes);
+
+    result = argon2_hash(t_cost, m_cost, threads, pwd, pwdlen, salt, SALT_LEN,
+                         out, OUT_LEN, encoded, sizeof encoded, type);
+    if (result != ARGON2_OK)
+        fatal(error_message(result));
 
     stop_time = clock();
 
-    /* add back when proper decoding */
-    /*
-    char encoded[300];
-    encode_string(encoded, sizeof encoded, &context);
-    printf("%s\n", encoded);
-    */
     printf("Hash:\t\t");
-    for (i = 0; i < context.outlen; ++i) {
-        printf("%02x", context.out[i]);
+    for (i = 0; i < OUT_LEN; ++i) {
+        printf("%02x", out[i]);
     }
     printf("\n");
+    printf("Encoded:\t%s\n", encoded);
 
     printf("%2.3f seconds\n",
            ((double)stop_time - start_time) / (CLOCKS_PER_SEC));
+
+    result = argon2_verify(encoded, pwd, pwdlen, type);
+    if (result != ARGON2_OK)
+        fatal(error_message(result));
+    printf("Verification ok\n");
 }
 
 int main(int argc, char *argv[]) {
@@ -142,26 +116,33 @@ int main(int argc, char *argv[]) {
     uint32_t t_cost = T_COST_DEF;
     uint32_t lanes = LANES_DEF;
     uint32_t threads = THREADS_DEF;
-    char *pwd = NULL;
     uint8_t salt[SALT_LEN];
-    const char *type = "i";
+    argon2_type type = Argon2_i;
     int i;
+    size_t n;
+    char pwd[128];
 
-    if (argc < 3) {
+    if (argc < 2) {
         usage(argv[0]);
         return ARGON2_MISSING_ARGS;
     }
 
-    /* get password and salt from command line */
-    pwd = argv[1];
-    if (strlen(argv[2]) > SALT_LEN) {
+    /* get password from stdin */
+    while ((n = fread(pwd, 1, sizeof pwd - 1, stdin)) > 0) {
+        pwd[n] = '\0';
+        if (pwd[n - 1] == '\n')
+            pwd[n - 1] = '\0';
+    }
+
+    /* get salt from command line */
+    if (strlen(argv[1]) > SALT_LEN) {
         fatal("salt too long");
     }
     memset(salt, 0x00, SALT_LEN); /* pad with null bytes */
-    memcpy(salt, argv[2], strlen(argv[2]));
+    memcpy(salt, argv[1], strlen(argv[1]));
 
     /* parse options */
-    for (i = 3; i < argc; i++) {
+    for (i = 2; i < argc; i++) {
         const char *a = argv[i];
         unsigned long input = 0;
         if (!strcmp(a, "-m")) {
@@ -208,12 +189,16 @@ int main(int argc, char *argv[]) {
                 fatal("missing -p argument");
             }
         } else if (!strcmp(a, "-d")) {
-            type = "d";
+            type = Argon2_d;
         } else {
             fatal("unknown argument");
         }
     }
-    printf("Type:\t\tArgon2%c\n", type[0]);
+    if (type == Argon2_i) {
+        printf("Type:\t\tArgon2i\n");
+    } else {
+        printf("Type:\t\tArgon2d\n");
+    }
     printf("Iterations:\t%" PRIu32 " \n", t_cost);
     printf("Memory:\t\t%" PRIu32 " KiB\n", m_cost);
     printf("Parallelism:\t%" PRIu32 " \n", lanes);

data/lib/argon2.rb

@@ -5,17 +5,36 @@ require 'argon2/errors'
 require 'argon2/engine.rb'
 
 module Argon2
+  # Front-end API for the Argon2 module.
   class Password
     def initialize(options = {})
-      #TODO: Verify inputs
       @t_cost = options[:t_cost] || 2
+      raise ArgonHashFail, "Invalid t_cost" if @t_cost < 1 || @t_cost > 10
       @m_cost = options[:m_cost] || 16
+      raise ArgonHashFail, "Invalid m_cost" if @t_cost < 1 || @t_cost > 31
       @salt = options[:salt_do_not_supply] || Engine.saltgen
+      @secret = options[:secret]
     end
 
     def hash(pass)
+      # It is technically possible to include NULL bytes, however our C
+      # uses strlen(). It is not deemed suitable to accept a user password
+      # with such a character.
+      raise ArgonHashFail, "NULL bytes not permitted" if /\0/.match(pass)
       Argon2::Engine.hash_argon2i_encode(
-              pass, @salt, @t_cost, @m_cost)
+              pass, @salt, @t_cost, @m_cost, @secret)
+    end
+
+    #Helper class, just creates defaults and calls hash()
+    def self.hash(pass)
+      argon2 = Argon2::Password.new
+      argon2.hash(pass)
+    end
+
+    def self.verify_password(pass, hash, secret = nil)
+      raise ArgonHashFail, "Invalid hash" unless
+        /^\$argon2i\$.{,110}/.match hash
+      Argon2::Engine.argon2i_verify(pass, hash, secret)
     end
   end
 end

data/lib/argon2/constants.rb

@@ -1,6 +1,9 @@
 module Argon2
+  # Constants utilised in several parts of the Argon2 module
+  # SALT_LEN is a standard recommendation from the Argon2 spec.
   module Constants
     SALT_LEN = 16
     OUT_LEN = 32 #Binary, unencoded output
+    ENCODE_LEN = 108 #Encoded output
   end
 end

data/lib/argon2/engine.rb

@@ -1,10 +1,10 @@
 require 'securerandom'
 
 module Argon2
+  # Generates a random, binary string for use as a salt.
   class Engine
     def self.saltgen
       SecureRandom.random_bytes(Argon2::Constants::SALT_LEN)
     end
   end
 end
-

data/lib/argon2/errors.rb

@@ -1,36 +1,41 @@
+# Defines an array of errors that matches the enum list of errors from
+# argon2.h. This allows return values to propagate errors through the FFI.
 module Argon2
   class ArgonHashFail < StandardError; end
   ERRORS = [
-    'ARGON2_OK', 
-    'ARGON2_OUTPUT_PTR_NULL', 
-    'ARGON2_OUTPUT_TOO_SHORT', 
-    'ARGON2_OUTPUT_TOO_LONG', 
-    'ARGON2_PWD_TOO_SHORT', 
-    'ARGON2_PWD_TOO_LONG', 
-    'ARGON2_SALT_TOO_SHORT', 
-    'ARGON2_SALT_TOO_LONG', 
-    'ARGON2_AD_TOO_SHORT', 
-    'ARGON2_AD_TOO_LONG', 
-    'ARGON2_SECRET_TOO_SHORT', 
-    'ARGON2_SECRET_TOO_LONG', 
-    'ARGON2_TIME_TOO_SMALL', 
-    'ARGON2_TIME_TOO_LARGE', 
-    'ARGON2_MEMORY_TOO_LITTLE', 
-    'ARGON2_MEMORY_TOO_MUCH', 
-    'ARGON2_LANES_TOO_FEW', 
-    'ARGON2_LANES_TOO_MANY', 
-    'ARGON2_PWD_PTR_MISMATCH', 
-    'ARGON2_SALT_PTR_MISMATCH', 
-    'ARGON2_SECRET_PTR_MISMATCH', 
+    'ARGON2_OK',
+    'ARGON2_OUTPUT_PTR_NULL',
+    'ARGON2_OUTPUT_TOO_SHORT',
+    'ARGON2_OUTPUT_TOO_LONG',
+    'ARGON2_PWD_TOO_SHORT',
+    'ARGON2_PWD_TOO_LONG',
+    'ARGON2_SALT_TOO_SHORT',
+    'ARGON2_SALT_TOO_LONG',
+    'ARGON2_AD_TOO_SHORT',
+    'ARGON2_AD_TOO_LONG',
+    'ARGON2_SECRET_TOO_SHORT',
+    'ARGON2_SECRET_TOO_LONG',
+    'ARGON2_TIME_TOO_SMALL',
+    'ARGON2_TIME_TOO_LARGE',
+    'ARGON2_MEMORY_TOO_LITTLE',
+    'ARGON2_MEMORY_TOO_MUCH',
+    'ARGON2_LANES_TOO_FEW',
+    'ARGON2_LANES_TOO_MANY',
+    'ARGON2_PWD_PTR_MISMATCH',
+    'ARGON2_SALT_PTR_MISMATCH',
+    'ARGON2_SECRET_PTR_MISMATCH',
     'ARGON2_AD_PTR_MISMATCH',
-    'ARGON2_MEMORY_ALLOCATION_ERROR', 
-    'ARGON2_FREE_MEMORY_CBK_NULL', 
-    'ARGON2_ALLOCATE_MEMORY_CBK_NULL', 
-    'ARGON2_INCORRECT_PARAMETER', 
-    'ARGON2_INCORRECT_TYPE', 
-    'ARGON2_OUT_PTR_MISMATCH', 
-    'ARGON2_THREADS_TOO_FEW', 
-    'ARGON2_THREADS_TOO_MANY', 
-    'ARGON2_MISSING_ARGS'
+    'ARGON2_MEMORY_ALLOCATION_ERROR',
+    'ARGON2_FREE_MEMORY_CBK_NULL',
+    'ARGON2_ALLOCATE_MEMORY_CBK_NULL',
+    'ARGON2_INCORRECT_PARAMETER',
+    'ARGON2_INCORRECT_TYPE',
+    'ARGON2_OUT_PTR_MISMATCH',
+    'ARGON2_THREADS_TOO_FEW',
+    'ARGON2_THREADS_TOO_MANY',
+    'ARGON2_MISSING_ARGS',
+    'ARGON2_ENCODING_FAIL',
+    'ARGON2_DECODING_FAIL'
+
     ]
 end

data/lib/argon2/ffi_engine.rb

@@ -2,46 +2,68 @@ require 'ffi'
 require 'ffi-compiler/loader'
 
 module Argon2
+  #Direct external bindings. Call these methods via the Engine class to ensure points are dealt with
   module Ext
     extend FFI::Library
-     ffi_lib FFI::Compiler::Loader.find('argon2_wrap')
-#int hash_argon2i(void *out, size_t outlen, const void *in, size_t inlen,
-#                 const void *salt, size_t saltlen, unsigned int t_cost,
-#                 unsigned int m_cost);
+    ffi_lib FFI::Compiler::Loader.find('argon2_wrap')
 
-   attach_function :hash_argon2i, [:pointer, :size_t, :pointer, :size_t, 
-   :pointer, :size_t, :uint, :uint ], :int, :blocking => true
+    #int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+    #   const uint32_t parallelism, const void *pwd,
+    #   const size_t pwdlen, const void *salt,
+    #   const size_t saltlen, void *hash, const size_t hashlen);
 
-#void argon2_wrap(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
-#        uint32_t m_cost, uint32_t lanes);
-    attach_function :argon2_wrap, [:pointer, :pointer, :pointer, :uint, :uint, :uint], :uint, :blocking => true
+    attach_function :argon2i_hash_raw, [
+      :uint, :uint, :uint, :pointer,
+      :size_t, :pointer, :size_t, :pointer, :size_t], :int, :blocking => true
 
+    #void argon2_wrap(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
+    #    uint32_t m_cost, uint32_t lanes,
+    #    uint8_t *secret, uint32_t secretlen)
+    attach_function :argon2_wrap, [
+      :pointer, :pointer, :pointer, :uint,
+      :uint, :uint, :pointer, :size_t], :uint, :blocking => true
+
+    #int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen);
+    attach_function :wrap_argon2_verify, [:pointer, :pointer, :size_t,
+      :pointer, :size_t], :int, :blocking => true
   end
 
+  # The engine class shields users from the FFI interface.
+  # It is generally not advised to directly use this class.
   class Engine
-    # The engine class shields users from the FFI interface.
-    # It is generally not advised to directly use this class.
     def self.hash_argon2i(password, salt, t_cost, m_cost)
       result = ''
       FFI::MemoryPointer.new(:char, Constants::OUT_LEN) do |buffer|
-        ret = Ext.hash_argon2i(buffer, Constants::OUT_LEN, password, password.length, salt, salt.length, t_cost, (1<<m_cost))
-        raise ArgonHashFail.new(ERRORS[ret]) unless ret == 0
+        ret = Ext.argon2i_hash_raw(t_cost, 1 << m_cost, 1, password,
+           password.length, salt, salt.length,
+            buffer, Constants::OUT_LEN)
+        raise ArgonHashFail, ERRORS[ret] unless ret == 0
         result = buffer.read_string(Constants::OUT_LEN)
       end
-       result.unpack('H*').join
+      result.unpack('H*').join
     end
 
-    def self.hash_argon2i_encode(password, salt, t_cost, m_cost)
+    def self.hash_argon2i_encode(password, salt, t_cost, m_cost, secret)
       result = ''
+      secretlen = secret.nil? ? 0 : secret.length
       if salt.length != Constants::SALT_LEN
-        raise ArgonHashFail.new("Invalid salt size") 
+        raise ArgonHashFail, "Invalid salt size"
       end
-      FFI::MemoryPointer.new(:char, 300) do |buffer|
-        ret = Ext.argon2_wrap(buffer, password, salt, t_cost, (1<<m_cost), 1)
-        raise ArgonHashFail.new(ERRORS[ret]) unless ret == 0
-        result = buffer.read_string(300)
+      FFI::MemoryPointer.new(:char, Constants::ENCODE_LEN) do |buffer|
+        ret = Ext.argon2_wrap(buffer, password, salt, t_cost, (1 << m_cost),
+            1, secret, secretlen)
+        raise ArgonHashFail, ERRORS[ret] unless ret == 0
+        result = buffer.read_string(Constants::ENCODE_LEN)
       end
-      result.gsub("\0", '')
+      result.delete "\0"
+    end
+
+    def self.argon2i_verify(pwd, hash, secret)
+      secretlen = secret.nil? ? 0 : secret.length
+      ret = Ext.wrap_argon2_verify(hash, pwd, pwd.length, secret, secretlen)
+      return false if ERRORS[ret] == 'ARGON2_DECODING_FAIL'
+      raise ArgonHashFail, ERRORS[ret] unless ret == 0
+      true
     end
   end
 end

data/lib/argon2/version.rb

@@ -1,4 +1,4 @@
+# Standard Gem version constant.
 module Argon2
-  VERSION = "0.0.2"
+  VERSION = "0.1.0"
 end
-

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: argon2
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors:
 - Technion
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-11-06 00:00:00.000000000 Z
+date: 2015-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -45,6 +45,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.10.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -52,35 +55,72 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.10'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.10.5
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '10.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '10.4'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 10.4.2
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5'
+        version: '5.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.8'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.35'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.35'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5'
-description: Not remotely finished Argon2 binding
+        version: '0.4'
+description: Argon2 FFI binding
 email:
 - technion@lolware.net
 executables: []
@@ -90,6 +130,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".gitmodules"
+- ".rubocop.yml"
 - ".travis.yml"
 - Gemfile
 - LICENSE.txt
@@ -132,6 +173,9 @@ files:
 - ext/phc-winner-argon2/src/core.c
 - ext/phc-winner-argon2/src/core.h
 - ext/phc-winner-argon2/src/core.o
+- ext/phc-winner-argon2/src/encoding.c
+- ext/phc-winner-argon2/src/encoding.h
+- ext/phc-winner-argon2/src/encoding.o
 - ext/phc-winner-argon2/src/genkat.c
 - ext/phc-winner-argon2/src/genkat.h
 - ext/phc-winner-argon2/src/opt.c