argon2 1.2.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a86e0210b4205a94242bc1afce3a43753cf24ae2c262274d48c3bdb9475c03b8
-  data.tar.gz: 52aa12dec68ee57751a0752fb502441adc37488bf1bfcfe6ebd8250a128dd9c3
+  metadata.gz: a60b9c207b41c9617c2ab7a2004431db65a55a66bc32c89565a1640d503434a0
+  data.tar.gz: d06a5d2775c37d831d298469d594d9681488adb2d30180294973619efa478e88
 SHA512:
-  metadata.gz: bbd74370319320e2b84d6e5ad84f95c512f4d6d7d43ebf804837f47a8073c39d83e0dac72d21dc92586318ee03fc433e651b8ebc670556a6e9ff026ee66647e3
-  data.tar.gz: 96549bceabc5a7c764afeccd07b937080e9a47fbf9c93c78b34d6d6af60da6eeb6a8a027be0534d44afff4e1af1e59efa50d225c0842efa24156ec1c319d3a6b
+  metadata.gz: e63db7eb3b5fbbffa0291308eecd84b55a315986e124cd353bfad0111d86e1bf5072f42a39913a6b5c31730e65159cfe693694ccfd638996b9204d3b7a2a6d24
+  data.tar.gz: d81718f30c16eb3b504502f437150cc69964375fa0233512edb97d0bf208ee4903bae1911b957f781b6018b52e81eba113e6488ed3e035a417b9d52f9b6f4844

data/README.md

@@ -73,6 +73,8 @@ argon = Argon2::Password.new(t_cost: 2, m_cost: 16, secret: KEY)
 myhash = argon.create("A password")
 Argon2::Password.verify_password("A password", myhash, KEY)
 ```
+## Version 2.0 - Argon 2id
+Version 2.x upwards will now default to the Argon2id hash format. This is consistent with current recommendations regarding Argon2 usage. It remains capable of verifying existing hashes.
 
 ## Important notes regarding version 1.0 upgrade
 Version 1.0.0 included a major version bump over 0.1.4 due to several breaking changes. The first of these was an API change, which you can read the background on [here](https://github.com/technion/ruby-argon2/issues/9).

data/ext/argon2_wrap/argon_wrap.c

@@ -93,7 +93,7 @@ int argon2_wrap(char *out, const char *pwd, size_t pwd_length,
         uint32_t lanes, uint8_t *secret, size_t secretlen)
 {
     return argon2_wrap_version(out, pwd, pwd_length, salt, saltlen,
-            t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13, Argon2_i);
+            t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13, Argon2_id);
 }
 
 int wrap_argon2_verify(const char *encoded, const char *pwd,

data/ext/argon2_wrap/test.c

@@ -81,20 +81,21 @@ int main()
 
 #define WRAP_TEST(T, M, PWD, REF) \
     pwd = strdup(PWD); \
-    argon2_wrap(out2, pwd, strlen(PWD), salt, sizeof(salt),T, 1<<M, 1, NULL, 0); \
+    argon2_wrap(out2, pwd, strlen(PWD), salt, strlen((const char *)salt),T, 1<<M, 1, NULL, 0); \
     free(pwd); \
+    fprintf(stderr,out2); \
     assert(memcmp(out2, REF, strlen(REF)) == 0); \
     printf( "Ref test: %s: PASS\n", REF);
 
     memcpy(salt, "somesalt", 8);
     WRAP_TEST(2, 16, "password", 
-            "$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$HH7u+eDpabMCRyL8hkocqfbKINpz+b8/FzGIG+riA54");
+            "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc");
 
     WRAP_TEST(2, 8, "password", 
-            "$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$3+v51OrdaFn0zGqbsgBD/Z2n4eNr2s27BcpWn0Yyafg");
+            "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4");
 
     WRAP_TEST(2, 16, "differentpassword", 
-            "$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$studfA0SiJUa7EtuHNODXqKafaKsE+b0hVSiaxJxRvk");
+            "$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$C4TWUs9rDEvq7w3+J4umqA32aWKB1+DSiRuBfYxFj94");
 
     ret = wrap_argon2_verify("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$3+v51OrdaFn0zGqbsgBD/Z2n4eNr2s27BcpWn0Yyafg", "password",
             strlen("password"), NULL, 0);

data/lib/argon2.rb

@@ -22,7 +22,7 @@ module Argon2
       raise ArgonHashFail, "Invalid password (expected string)" unless
         pass.is_a?(String)
 
-      Argon2::Engine.hash_argon2i_encode(
+      Argon2::Engine.hash_argon2id_encode(
               pass, @salt, @t_cost, @m_cost, @secret)
     end
 

data/lib/argon2/ffi_engine.rb

@@ -33,19 +33,21 @@ module Argon2
   # The engine class shields users from the FFI interface.
   # It is generally not advised to directly use this class.
   class Engine
-    def self.hash_argon2i(password, salt, t_cost, m_cost)
+    def self.hash_argon2i(password, salt, t_cost, m_cost, out_len = nil)
+      out_len = (out_len || Constants::OUT_LEN).to_i
+      raise ArgonHashFail, "Invalid output length" if out_len < 1
       result = ''
-      FFI::MemoryPointer.new(:char, Constants::OUT_LEN) do |buffer|
+      FFI::MemoryPointer.new(:char, out_len) do |buffer|
         ret = Ext.argon2i_hash_raw(t_cost, 1 << m_cost, 1, password,
            password.length, salt, salt.length,
-            buffer, Constants::OUT_LEN)
+            buffer, out_len)
         raise ArgonHashFail, ERRORS[ret.abs] unless ret.zero?
-        result = buffer.read_string(Constants::OUT_LEN)
+        result = buffer.read_string(out_len)
       end
       result.unpack('H*').join
     end
 
-    def self.hash_argon2i_encode(password, salt, t_cost, m_cost, secret)
+    def self.hash_argon2id_encode(password, salt, t_cost, m_cost, secret)
       result = ''
       secretlen = secret.nil? ? 0 : secret.bytesize
       passwordlen = password.nil? ? 0 : password.bytesize

data/lib/argon2/version.rb

@@ -3,5 +3,5 @@
 # Standard Gem version constant.
 
 module Argon2
-  VERSION = "1.2.0".freeze
+  VERSION = "2.0.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: argon2
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Technion
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-12-04 00:00:00.000000000 Z
+date: 2019-01-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi