argon2 1.1.5 → 2.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/rubocop.yml +16 -0
- data/.github/workflows/ruby.yml +32 -0
- data/.rubocop.yml +150 -5
- data/Changelog.md +9 -0
- data/Gemfile +2 -0
- data/README.md +17 -7
- data/Rakefile +2 -0
- data/argon2.gemspec +10 -7
- data/bin/console +1 -0
- data/ext/argon2_wrap/argon_wrap.c +32 -6
- data/ext/argon2_wrap/extconf.rb +1 -0
- data/ext/argon2_wrap/test.c +10 -5
- data/ext/phc-winner-argon2/.gitignore +2 -1
- data/ext/phc-winner-argon2/.travis.yml +11 -0
- data/ext/phc-winner-argon2/Argon2.sln +2 -4
- data/ext/phc-winner-argon2/LICENSE +2 -2
- data/ext/phc-winner-argon2/Makefile +86 -18
- data/ext/phc-winner-argon2/README.md +10 -5
- data/ext/phc-winner-argon2/include/argon2.h +4 -4
- data/ext/phc-winner-argon2/latex/argon2-specs.tex +1 -1
- data/ext/phc-winner-argon2/libargon2.pc.in +18 -0
- data/ext/phc-winner-argon2/src/argon2.c +2 -2
- data/ext/phc-winner-argon2/src/bench.c +4 -4
- data/ext/phc-winner-argon2/src/blake2/blake2-impl.h +3 -3
- data/ext/phc-winner-argon2/src/blake2/blake2.h +2 -2
- data/ext/phc-winner-argon2/src/blake2/blake2b.c +2 -2
- data/ext/phc-winner-argon2/src/blake2/blamka-round-opt.h +2 -2
- data/ext/phc-winner-argon2/src/blake2/blamka-round-ref.h +2 -2
- data/ext/phc-winner-argon2/src/core.c +20 -6
- data/ext/phc-winner-argon2/src/core.h +2 -2
- data/ext/phc-winner-argon2/src/encoding.c +2 -2
- data/ext/phc-winner-argon2/src/encoding.h +2 -2
- data/ext/phc-winner-argon2/src/genkat.c +9 -3
- data/ext/phc-winner-argon2/src/genkat.h +4 -2
- data/ext/phc-winner-argon2/src/opt.c +2 -2
- data/ext/phc-winner-argon2/src/ref.c +2 -2
- data/ext/phc-winner-argon2/src/run.c +2 -2
- data/ext/phc-winner-argon2/src/test.c +65 -29
- data/ext/phc-winner-argon2/src/thread.c +2 -2
- data/ext/phc-winner-argon2/src/thread.h +2 -2
- data/ext/phc-winner-argon2/vs2015/Argon2Opt/Argon2Opt.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2OptBench/Argon2OptBench.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2OptDll/Argon2OptDll.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2OptGenKAT/Argon2OptGenKAT.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2OptTestCI/Argon2OptTestCI.vcxproj +16 -8
- data/ext/phc-winner-argon2/vs2015/Argon2Ref/Argon2Ref.vcxproj +25 -8
- data/ext/phc-winner-argon2/vs2015/Argon2RefBench/Argon2RefBench.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2RefDll/Argon2RefDll.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2RefGenKAT/Argon2RefGenKAT.vcxproj +11 -6
- data/ext/phc-winner-argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj +11 -6
- data/lib/argon2.rb +12 -6
- data/lib/argon2/ffi_engine.rb +55 -21
- data/lib/argon2/version.rb +1 -1
- metadata +40 -39
- data/.travis.yml +0 -14
- data/ext/phc-winner-argon2/libargon2.pc +0 -16
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ff5c2dcd38a21e51982265caf83a721327a8cff1a09acc5c51312ce92d2f5619
|
4
|
+
data.tar.gz: ab787b9e4ee2a039e286f5b96ebb65da86845749c7003de1b43061a2da2c3699
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1b47bef62063b2871cd0c6235fe38e76b892b9c4b888d0b9798ccf39a6cc7daa2f4539b6a4fa1829635e5970401a59b822bcd1d1f72bfb71b9d3c79781ecf1ae
|
7
|
+
data.tar.gz: 476a21e271c981101b51cd0fe32ce6182635994273895de8f57c26224f9f4e4fd883a1a40139fa95c9672a2cb8dea920bce9e362e01fc0893cacfd3b28ce9625
|
@@ -0,0 +1,16 @@
|
|
1
|
+
name: Rubocop
|
2
|
+
|
3
|
+
# Run this workflow every time a new commit pushed to your repository
|
4
|
+
on: push
|
5
|
+
|
6
|
+
jobs:
|
7
|
+
|
8
|
+
rubocop:
|
9
|
+
name: Rubocopchecks
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
steps:
|
12
|
+
- name: Run Rubocop
|
13
|
+
uses: gimenete/rubocop-action@1.0
|
14
|
+
env:
|
15
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
16
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
name: Test Suite
|
2
|
+
|
3
|
+
on: push
|
4
|
+
|
5
|
+
jobs:
|
6
|
+
test:
|
7
|
+
|
8
|
+
runs-on: ubuntu-latest
|
9
|
+
strategy:
|
10
|
+
matrix:
|
11
|
+
ruby-version: ['3.0', 2.7, 2.5]
|
12
|
+
|
13
|
+
steps:
|
14
|
+
- uses: actions/checkout@v2
|
15
|
+
- name: Set up Ruby ${{ matrix.ruby-version }}
|
16
|
+
uses: ruby/setup-ruby@v1
|
17
|
+
with:
|
18
|
+
ruby-version: ${{ matrix.ruby-version }}
|
19
|
+
- name: Install dependencies
|
20
|
+
run: bundle install
|
21
|
+
- name: Init submodules
|
22
|
+
run: git submodule update --init --recursive
|
23
|
+
- name: Build C library
|
24
|
+
run: bin/setup
|
25
|
+
- name: Test C library
|
26
|
+
run: cd ext/argon2_wrap/ && make test && cd ../..
|
27
|
+
- name: Run tests
|
28
|
+
run: bundle exec rake
|
29
|
+
- name: Coveralls
|
30
|
+
uses: coverallsapp/github-action@master
|
31
|
+
with:
|
32
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
data/.rubocop.yml
CHANGED
@@ -1,20 +1,26 @@
|
|
1
|
-
|
2
1
|
Metrics/AbcSize:
|
3
2
|
Max: 20
|
3
|
+
|
4
4
|
Metrics/CyclomaticComplexity:
|
5
5
|
Enabled: false
|
6
|
+
|
6
7
|
Metrics/PerceivedComplexity:
|
7
8
|
Enabled: false
|
8
|
-
|
9
|
+
|
10
|
+
Layout/LineLength:
|
9
11
|
Max: 160
|
12
|
+
Exclude:
|
13
|
+
- 'test/low_level_test.rb'
|
10
14
|
|
11
15
|
Metrics/MethodLength:
|
12
16
|
Max: 24
|
17
|
+
Exclude:
|
18
|
+
- 'test/low_level_test.rb'
|
13
19
|
|
14
|
-
Layout/
|
20
|
+
Layout/ParameterAlignment:
|
15
21
|
Enabled: false
|
16
22
|
|
17
|
-
Layout/
|
23
|
+
Layout/ArrayAlignment:
|
18
24
|
Enabled: false
|
19
25
|
|
20
26
|
# Configuration parameters: Exclude.
|
@@ -37,7 +43,7 @@ Style/HashSyntax:
|
|
37
43
|
|
38
44
|
# Offense count: 1
|
39
45
|
# Cop supports --auto-correct.
|
40
|
-
Layout/
|
46
|
+
Layout/FirstArrayElementIndentation:
|
41
47
|
Exclude:
|
42
48
|
- 'lib/argon2/errors.rb'
|
43
49
|
|
@@ -61,3 +67,142 @@ Layout/MultilineMethodCallBraceLayout:
|
|
61
67
|
- 'lib/argon2.rb'
|
62
68
|
- 'test/low_level_test.rb'
|
63
69
|
|
70
|
+
Gemspec/RequiredRubyVersion:
|
71
|
+
Enabled: false
|
72
|
+
|
73
|
+
Layout/BeginEndAlignment: # (new in 0.91)
|
74
|
+
Enabled: true
|
75
|
+
Layout/EmptyLinesAroundAttributeAccessor: # (new in 0.83)
|
76
|
+
Enabled: true
|
77
|
+
Layout/SpaceAroundMethodCallOperator: # (new in 0.82)
|
78
|
+
Enabled: true
|
79
|
+
Lint/BinaryOperatorWithIdenticalOperands: # (new in 0.89)
|
80
|
+
Enabled: true
|
81
|
+
Lint/ConstantDefinitionInBlock: # (new in 0.91)
|
82
|
+
Enabled: true
|
83
|
+
Lint/DeprecatedOpenSSLConstant: # (new in 0.84)
|
84
|
+
Enabled: true
|
85
|
+
Lint/DuplicateElsifCondition: # (new in 0.88)
|
86
|
+
Enabled: true
|
87
|
+
Lint/DuplicateRequire: # (new in 0.90)
|
88
|
+
Enabled: true
|
89
|
+
Lint/DuplicateRescueException: # (new in 0.89)
|
90
|
+
Enabled: true
|
91
|
+
Lint/EmptyConditionalBody: # (new in 0.89)
|
92
|
+
Enabled: true
|
93
|
+
Lint/EmptyFile: # (new in 0.90)
|
94
|
+
Enabled: true
|
95
|
+
Lint/FloatComparison: # (new in 0.89)
|
96
|
+
Enabled: true
|
97
|
+
Lint/IdentityComparison: # (new in 0.91)
|
98
|
+
Enabled: true
|
99
|
+
Lint/MissingSuper: # (new in 0.89)
|
100
|
+
Enabled: true
|
101
|
+
Lint/MixedRegexpCaptureTypes: # (new in 0.85)
|
102
|
+
Enabled: true
|
103
|
+
Lint/OutOfRangeRegexpRef: # (new in 0.89)
|
104
|
+
Enabled: true
|
105
|
+
Lint/RaiseException: # (new in 0.81)
|
106
|
+
Enabled: true
|
107
|
+
Lint/SelfAssignment: # (new in 0.89)
|
108
|
+
Enabled: true
|
109
|
+
Lint/StructNewOverride: # (new in 0.81)
|
110
|
+
Enabled: true
|
111
|
+
Lint/TopLevelReturnWithArgument: # (new in 0.89)
|
112
|
+
Enabled: true
|
113
|
+
Lint/TrailingCommaInAttributeDeclaration: # (new in 0.90)
|
114
|
+
Enabled: true
|
115
|
+
Lint/UnreachableLoop: # (new in 0.89)
|
116
|
+
Enabled: true
|
117
|
+
Lint/UselessMethodDefinition: # (new in 0.90)
|
118
|
+
Enabled: true
|
119
|
+
Lint/UselessTimes: # (new in 0.91)
|
120
|
+
Enabled: true
|
121
|
+
Style/AccessorGrouping: # (new in 0.87)
|
122
|
+
Enabled: true
|
123
|
+
Style/ArrayCoercion: # (new in 0.88)
|
124
|
+
Enabled: true
|
125
|
+
Style/BisectedAttrAccessor: # (new in 0.87)
|
126
|
+
Enabled: true
|
127
|
+
Style/CaseLikeIf: # (new in 0.88)
|
128
|
+
Enabled: true
|
129
|
+
Style/CombinableLoops: # (new in 0.90)
|
130
|
+
Enabled: true
|
131
|
+
Style/ExplicitBlockArgument: # (new in 0.89)
|
132
|
+
Enabled: true
|
133
|
+
Style/ExponentialNotation: # (new in 0.82)
|
134
|
+
Enabled: true
|
135
|
+
Style/GlobalStdStream: # (new in 0.89)
|
136
|
+
Enabled: true
|
137
|
+
Style/HashAsLastArrayItem: # (new in 0.88)
|
138
|
+
Enabled: true
|
139
|
+
Style/HashEachMethods: # (new in 0.80)
|
140
|
+
Enabled: true
|
141
|
+
Style/HashLikeCase: # (new in 0.88)
|
142
|
+
Enabled: true
|
143
|
+
Style/HashTransformKeys: # (new in 0.80)
|
144
|
+
Enabled: true
|
145
|
+
Style/HashTransformValues: # (new in 0.80)
|
146
|
+
Enabled: true
|
147
|
+
Style/KeywordParametersOrder: # (new in 0.90)
|
148
|
+
Enabled: true
|
149
|
+
Style/OptionalBooleanParameter: # (new in 0.89)
|
150
|
+
Enabled: true
|
151
|
+
Style/RedundantAssignment: # (new in 0.87)
|
152
|
+
Enabled: true
|
153
|
+
Style/RedundantFetchBlock: # (new in 0.86)
|
154
|
+
Enabled: true
|
155
|
+
Style/RedundantFileExtensionInRequire: # (new in 0.88)
|
156
|
+
Enabled: true
|
157
|
+
Style/RedundantRegexpCharacterClass: # (new in 0.85)
|
158
|
+
Enabled: true
|
159
|
+
Style/RedundantRegexpEscape: # (new in 0.85)
|
160
|
+
Enabled: true
|
161
|
+
Style/RedundantSelfAssignment: # (new in 0.90)
|
162
|
+
Enabled: true
|
163
|
+
Style/SingleArgumentDig: # (new in 0.89)
|
164
|
+
Enabled: true
|
165
|
+
Style/SlicingWithRange: # (new in 0.83)
|
166
|
+
Enabled: true
|
167
|
+
Style/SoleNestedConditional: # (new in 0.89)
|
168
|
+
Enabled: true
|
169
|
+
Style/StringConcatenation: # (new in 0.89)
|
170
|
+
Enabled: true
|
171
|
+
|
172
|
+
Layout/SpaceBeforeBrackets: # (new in 1.7)
|
173
|
+
Enabled: true
|
174
|
+
Lint/AmbiguousAssignment: # (new in 1.7)
|
175
|
+
Enabled: true
|
176
|
+
Lint/DuplicateBranch: # (new in 1.3)
|
177
|
+
Enabled: true
|
178
|
+
Lint/DuplicateRegexpCharacterClassElement: # (new in 1.1)
|
179
|
+
Enabled: true
|
180
|
+
Lint/EmptyBlock: # (new in 1.1)
|
181
|
+
Enabled: true
|
182
|
+
Lint/EmptyClass: # (new in 1.3)
|
183
|
+
Enabled: true
|
184
|
+
Lint/NoReturnInBeginEndBlocks: # (new in 1.2)
|
185
|
+
Enabled: true
|
186
|
+
Lint/ToEnumArguments: # (new in 1.1)
|
187
|
+
Enabled: true
|
188
|
+
Lint/UnexpectedBlockArity: # (new in 1.5)
|
189
|
+
Enabled: true
|
190
|
+
Lint/UnmodifiedReduceAccumulator: # (new in 1.1)
|
191
|
+
Enabled: true
|
192
|
+
Style/ArgumentsForwarding: # (new in 1.1)
|
193
|
+
Enabled: true
|
194
|
+
Style/CollectionCompact: # (new in 1.2)
|
195
|
+
Enabled: true
|
196
|
+
Style/DocumentDynamicEvalDefinition: # (new in 1.1)
|
197
|
+
Enabled: true
|
198
|
+
Style/HashExcept: # (new in 1.7)
|
199
|
+
Enabled: true
|
200
|
+
Style/NegatedIfElseCondition: # (new in 1.2)
|
201
|
+
Enabled: true
|
202
|
+
Style/NilLambda: # (new in 1.3)
|
203
|
+
Enabled: true
|
204
|
+
Style/RedundantArgument: # (new in 1.4)
|
205
|
+
Enabled: true
|
206
|
+
Style/SwapValues: # (new in 1.1)
|
207
|
+
Enabled: true
|
208
|
+
|
data/Changelog.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## v2.0.3: 2021-01-02
|
2
|
+
- Address potential memory leak. Unlikely to be exploitable.
|
3
|
+
|
4
|
+
## v2.0.0: 2019-01-06
|
5
|
+
- Defaults to Argon2id for new hashes
|
6
|
+
|
7
|
+
## v1.2.0: 2018-11-29
|
8
|
+
- Support for verifying Argon2id format
|
9
|
+
|
1
10
|
## v1.1.5: 2018-04-30
|
2
11
|
- Documentation updates
|
3
12
|
- Pulled latest reference
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -2,21 +2,20 @@
|
|
2
2
|
|
3
3
|
This Ruby Gem provides FFI bindings, and a simplified interface, to the Argon2 algorithm. [Argon2](https://github.com/P-H-C/phc-winner-argon2) is the official winner of the Password Hashing Competition, a several year project to identify a successor to bcrypt/PBKDF/scrypt methods of securely storing passwords. This is an independant project and not official from the PHC team.
|
4
4
|
|
5
|
-
|
6
|
-
[![Build Status](https://travis-ci.org/technion/ruby-argon2.svg?branch=master)](https://travis-ci.org/technion/ruby-argon2)
|
5
|
+
![Build Status](https://github.com/technion/ruby-argon2/workflows/Test%20Suite/badge.svg)
|
7
6
|
[![Code Climate](https://codeclimate.com/github/technion/ruby-argon2/badges/gpa.svg)](https://codeclimate.com/github/technion/ruby-argon2)
|
8
7
|
[![Coverage Status](https://coveralls.io/repos/github/technion/ruby-argon2/badge.svg)](https://coveralls.io/github/technion/ruby-argon2)
|
9
8
|
|
10
9
|
## Design
|
11
10
|
|
12
|
-
This project has several key
|
11
|
+
This project has several key tenets to its design:
|
13
12
|
|
14
13
|
* The reference Argon2 implementation is to be used "unaltered". To ensure compliance with this goal, and encourage regular updates from upstream, the upstream library is implemented as a git submodule, and is intended to stay that way.
|
15
14
|
* The FFI interface is kept as slim as possible, with wrapper classes preferred to implementing context structs in FFI
|
16
15
|
* Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
|
17
16
|
* Tested platforms are MRI Ruby 2.2, 2.3 and JRuby 9000. No assertions are made on other platforms.
|
18
17
|
* Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
|
19
|
-
* Test
|
18
|
+
* Test suites should aim for 100% code coverage.
|
20
19
|
* Default work values should not be considered constants. I will increase them from time to time.
|
21
20
|
* Not exposing the threads parameter is a design choice. I believe there is significant risk, and minimal gain in using a value other than '1'. Four threads on a four core box completely ties up the entire server to process one user logon. If you want more security, increase m_cost.
|
22
21
|
* Many Rubocop errors have been disabled, but any commit should avoid new alerts or demonstrate their necessity.
|
@@ -45,7 +44,7 @@ hasher.create("password")
|
|
45
44
|
```
|
46
45
|
|
47
46
|
If you follow this pattern, it is important to create a new `Argon2::Password` every time you generate a hash, in order to ensure a unique salt. See [issue 23](https://github.com/technion/ruby-argon2/issues/23) for more information.
|
48
|
-
Alternatively, use this
|
47
|
+
Alternatively, use this shortcut:
|
49
48
|
|
50
49
|
```ruby
|
51
50
|
Argon2::Password.create("password")
|
@@ -58,6 +57,13 @@ You can then use this function to verify a password against a given hash. Will r
|
|
58
57
|
Argon2::Password.verify_password("password", secure_password)
|
59
58
|
```
|
60
59
|
|
60
|
+
Version 1.2.x will now allow verifying an Argon2id password:
|
61
|
+
|
62
|
+
```ruby
|
63
|
+
Argon2::Password.verify_password("password", "$argon2id$v=19$m=262144,t=2,p=1$c29tZXNhbHQ$eP4eyR+zqlZX1y5xCFTkw9m5GYx0L5YWwvCFvtlbLow")
|
64
|
+
=> true
|
65
|
+
```
|
66
|
+
|
61
67
|
Argon2 supports an optional key value. This should be stored securely on your server, such as alongside your database credentials. Hashes generated with a key will only validate when presented that key.
|
62
68
|
|
63
69
|
```ruby
|
@@ -66,13 +72,15 @@ argon = Argon2::Password.new(t_cost: 2, m_cost: 16, secret: KEY)
|
|
66
72
|
myhash = argon.create("A password")
|
67
73
|
Argon2::Password.verify_password("A password", myhash, KEY)
|
68
74
|
```
|
75
|
+
## Version 2.0 - Argon 2id
|
76
|
+
Version 2.x upwards will now default to the Argon2id hash format. This is consistent with current recommendations regarding Argon2 usage. It remains capable of verifying existing hashes.
|
69
77
|
|
70
78
|
## Important notes regarding version 1.0 upgrade
|
71
79
|
Version 1.0.0 included a major version bump over 0.1.4 due to several breaking changes. The first of these was an API change, which you can read the background on [here](https://github.com/technion/ruby-argon2/issues/9).
|
72
80
|
|
73
81
|
The second of these is that the reference Argon2 implementation introduced an algorithm change, which produces a hash which is not backwards compatible. This is documented on [this PR on the C library](https://github.com/P-H-C/phc-winner-argon2/pull/115). This was a regrettable requirement to address a security concern in the algorithm itself. The two versions of the Argon2 algorithm are numbered 1.0 and 1.3 respectively.
|
74
82
|
|
75
|
-
Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the
|
83
|
+
Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future. Version 1.1.0 will silently introduce the current version number in hashes, in order to avoid a further compatibility break.
|
76
84
|
|
77
85
|
|
78
86
|
## Platform Issues
|
@@ -83,6 +91,8 @@ Windows is not. Nobody anywhere has the resources to support Ruby FFI code on Wi
|
|
83
91
|
|
84
92
|
grsec introduces certain challenges. Please see [documentation here](https://github.com/technion/ruby-argon2/issues/15).
|
85
93
|
|
94
|
+
See the .travis.yml file to see currently tested and supported Ruby versions.
|
95
|
+
|
86
96
|
## RubyDocs documentation
|
87
97
|
|
88
98
|
[The usual URL](http://www.rubydoc.info/gems/argon2) will provide detailed documentation.
|
@@ -100,7 +110,7 @@ Although the low level C contains support for "secure memory wipe", any code hit
|
|
100
110
|
|
101
111
|
### Work maximums may be tighter than reference
|
102
112
|
|
103
|
-
The reference implementation is aimed to provide secure hashing for many years. This implementation doesn't want you to DoS yourself in the meantime. Accordingly, some
|
113
|
+
The reference implementation is aimed to provide secure hashing for many years. This implementation doesn't want you to DoS yourself in the meantime. Accordingly, some artificial limits exist on work powers. This gem can be much more agile in raising these as technology progresses.
|
104
114
|
|
105
115
|
### Salts in general
|
106
116
|
|
data/Rakefile
CHANGED
data/argon2.gemspec
CHANGED
@@ -1,4 +1,6 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
lib = File.expand_path('lib', __dir__)
|
2
4
|
|
3
5
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
6
|
require 'argon2/version'
|
@@ -20,13 +22,14 @@ Gem::Specification.new do |spec|
|
|
20
22
|
spec.bindir = "exe"
|
21
23
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
22
24
|
spec.require_paths = ["lib"]
|
23
|
-
spec.add_dependency 'ffi', '~> 1.
|
24
|
-
spec.add_dependency 'ffi-compiler', '~> 0
|
25
|
+
spec.add_dependency 'ffi', '~> 1.14'
|
26
|
+
spec.add_dependency 'ffi-compiler', '~> 1.0'
|
25
27
|
|
26
|
-
spec.add_development_dependency "bundler", '~>
|
27
|
-
spec.add_development_dependency "coveralls", '~> 0.8'
|
28
|
+
spec.add_development_dependency "bundler", '~> 2.0'
|
28
29
|
spec.add_development_dependency "minitest", '~> 5.8'
|
29
|
-
spec.add_development_dependency "rake", '~>
|
30
|
-
spec.add_development_dependency "rubocop", '~>
|
30
|
+
spec.add_development_dependency "rake", '~> 13.0.1'
|
31
|
+
spec.add_development_dependency "rubocop", '~> 1.7'
|
32
|
+
spec.add_development_dependency "simplecov", '~> 0.20'
|
33
|
+
spec.add_development_dependency "simplecov-lcov", '~> 0.8'
|
31
34
|
spec.extensions << 'ext/argon2_wrap/extconf.rb'
|
32
35
|
end
|
data/bin/console
CHANGED
@@ -35,7 +35,8 @@ static int wrap_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
|
|
35
35
|
|
36
36
|
int argon2_wrap_version(char *out, const char *pwd, size_t pwd_length,
|
37
37
|
uint8_t *salt, uint32_t saltlen, uint32_t t_cost, uint32_t m_cost,
|
38
|
-
uint32_t lanes, uint8_t *secret, size_t secretlen, uint32_t version
|
38
|
+
uint32_t lanes, uint8_t *secret, size_t secretlen, uint32_t version,
|
39
|
+
argon2_type type)
|
39
40
|
{
|
40
41
|
uint8_t hash[OUT_LEN];
|
41
42
|
argon2_context context;
|
@@ -67,11 +68,22 @@ int argon2_wrap_version(char *out, const char *pwd, size_t pwd_length,
|
|
67
68
|
context.flags = 0;
|
68
69
|
context.version = version;
|
69
70
|
|
70
|
-
int result
|
71
|
+
int result;
|
72
|
+
if (type == Argon2_i) {
|
73
|
+
result = argon2i_ctx(&context);
|
74
|
+
} else if (type == Argon2_id) {
|
75
|
+
result = argon2id_ctx(&context);
|
76
|
+
} else if (type == Argon2_d) {
|
77
|
+
result = argon2d_ctx(&context);
|
78
|
+
} else {
|
79
|
+
// Unsupported type
|
80
|
+
return ARGON2_ENCODING_FAIL;
|
81
|
+
}
|
82
|
+
|
71
83
|
if (result != ARGON2_OK)
|
72
84
|
return result;
|
73
85
|
|
74
|
-
encode_string(out, ENCODE_LEN + saltlen, &context,
|
86
|
+
encode_string(out, ENCODE_LEN + saltlen, &context, type);
|
75
87
|
return ARGON2_OK;
|
76
88
|
}
|
77
89
|
|
@@ -83,7 +95,7 @@ int argon2_wrap(char *out, const char *pwd, size_t pwd_length,
|
|
83
95
|
uint32_t lanes, uint8_t *secret, size_t secretlen)
|
84
96
|
{
|
85
97
|
return argon2_wrap_version(out, pwd, pwd_length, salt, saltlen,
|
86
|
-
t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13);
|
98
|
+
t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13, Argon2_id);
|
87
99
|
}
|
88
100
|
|
89
101
|
int wrap_argon2_verify(const char *encoded, const char *pwd,
|
@@ -95,6 +107,7 @@ int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
95
107
|
char *out;
|
96
108
|
memset(&ctx, 0, sizeof(argon2_context));
|
97
109
|
size_t encoded_len;
|
110
|
+
argon2_type type;
|
98
111
|
|
99
112
|
encoded_len = strlen(encoded);
|
100
113
|
/* larger than max possible values */
|
@@ -109,7 +122,20 @@ int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
109
122
|
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
110
123
|
}
|
111
124
|
|
112
|
-
if(
|
125
|
+
if (memcmp(encoded, "$argon2id", strlen("$argon2id")) == 0) {
|
126
|
+
type = Argon2_id;
|
127
|
+
} else if (memcmp(encoded, "$argon2i", strlen("$argon2i")) == 0) {
|
128
|
+
type = Argon2_i;
|
129
|
+
} else if (memcmp(encoded, "$argon2d", strlen("$argon2d")) == 0) {
|
130
|
+
type = Argon2_d;
|
131
|
+
} else {
|
132
|
+
// Other types not yet supported
|
133
|
+
free(ctx.salt);
|
134
|
+
free(ctx.out);
|
135
|
+
return ARGON2_DECODING_FAIL;
|
136
|
+
}
|
137
|
+
|
138
|
+
if (decode_string(&ctx, encoded, type) != ARGON2_OK) {
|
113
139
|
free(ctx.salt);
|
114
140
|
free(ctx.out);
|
115
141
|
return ARGON2_DECODING_FAIL;
|
@@ -124,7 +150,7 @@ int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
124
150
|
|
125
151
|
ret = argon2_wrap_version(out, pwd, pwdlen, ctx.salt, ctx.saltlen,
|
126
152
|
ctx.t_cost, ctx.m_cost, ctx.lanes, secret, secretlen,
|
127
|
-
ctx.version);
|
153
|
+
ctx.version, type);
|
128
154
|
|
129
155
|
free(ctx.salt);
|
130
156
|
|