argon2 2.0.3 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ff5c2dcd38a21e51982265caf83a721327a8cff1a09acc5c51312ce92d2f5619
-  data.tar.gz: ab787b9e4ee2a039e286f5b96ebb65da86845749c7003de1b43061a2da2c3699
+  metadata.gz: f926025634562667dbc1575383b09a6d3178248f1551325726f1dc194472b0e5
+  data.tar.gz: a4876cbbaf99df1062ac39f668e3af254c5b45b1d431bf5e7180e3076fd20d3d
 SHA512:
-  metadata.gz: 1b47bef62063b2871cd0c6235fe38e76b892b9c4b888d0b9798ccf39a6cc7daa2f4539b6a4fa1829635e5970401a59b822bcd1d1f72bfb71b9d3c79781ecf1ae
-  data.tar.gz: 476a21e271c981101b51cd0fe32ce6182635994273895de8f57c26224f9f4e4fd883a1a40139fa95c9672a2cb8dea920bce9e362e01fc0893cacfd3b28ce9625
+  metadata.gz: e5c592dc870390af4ad6fbce1ea4b3b4b5be6fa25574f18ac44d0509dab1adef3bb21e1e1c5a84b01d364e335f4b4b01460a0a4207c96734ae67f0b4ff12289a
+  data.tar.gz: c59f5baeea0c7ff436f77a4dadc267c5619ceccf2749ee25a428173abbf4842606a48bbd90f74a89cbd6347cc31dc643447b926cb6caccdcbcf04d7eabfb19a8

data/.github/workflows/codeql.yml

@@ -0,0 +1,74 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '34 3 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'ruby' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

data/.github/workflows/ruby.yml

@@ -1,32 +1,69 @@
 name: Test Suite
 
-on: push
+# Run against all commits and pull requests.
+on: [ push, pull_request ]
 
 jobs:
-  test:
+  test_matrix:
 
-    runs-on: ubuntu-latest
     strategy:
+      fail-fast: false
       matrix:
-        ruby-version: ['3.0', 2.7, 2.5]
+        os:
+          - ubuntu
+          - macos
+        ruby:
+          - 2.7
+          - 3.1
+          - 3.2
+
+    runs-on: ${{ matrix.os }}-latest
+
+    env:
+      TEST_CHECKS: 100
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Build Argon2 C library
+        run: bin/setup
+      - name: Test Argon2 C library
+        run: bin/test
+      - name: Run tests
+        run: bundle exec rake test
+      - name: Coveralls Parallel
+        uses: coverallsapp/github-action@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          flag-name: run-${{ matrix.ruby-version }}
+          parallel: true
+
+  rubocop:
+
+    runs-on: ubuntu-latest
 
     steps:
     - uses: actions/checkout@v2
-    - name: Set up Ruby ${{ matrix.ruby-version }}
+    - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
-        ruby-version: ${{ matrix.ruby-version }} 
-    - name: Install dependencies
-      run: bundle install
-    - name: Init submodules
-      run: git submodule update --init --recursive
-    - name: Build C library
-      run: bin/setup
-    - name: Test C library
-      run: cd ext/argon2_wrap/ && make test && cd ../..
-    - name: Run tests
-      run: bundle exec rake
-    - name: Coveralls
-      uses: coverallsapp/github-action@master
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
+        ruby-version: 3.0
+        bundler-cache: true
+    - name: Run rubocop
+      run: bundle exec rake rubocop
+
+  finish:
+    runs-on: ubuntu-latest
+    needs: [ test_matrix, rubocop ]
+    steps:
+      - name: Coveralls Finished
+        uses: coverallsapp/github-action@master
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          parallel-finished: true
+      - name: Wait for status checks
+        run: echo "All Green!"

data/.rubocop.yml

@@ -7,6 +7,11 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Enabled: false
 
+Metrics/ParameterLists:
+  Max: 5
+  Exclude:
+    - 'lib/argon2/ffi_engine.rb'
+
 Layout/LineLength:
   Max: 160
   Exclude:
@@ -205,4 +210,105 @@ Style/RedundantArgument: # (new in 1.4)
   Enabled: true
 Style/SwapValues: # (new in 1.1)
   Enabled: true
-
+Lint/DeprecatedConstants: # (new in 1.8)
+  Enabled: true
+Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
+  Enabled: true
+Lint/NumberedParameterAssignment: # (new in 1.9)
+  Enabled: true
+Lint/OrAssignmentToConstant: # (new in 1.9)
+  Enabled: true
+Lint/RedundantDirGlobSort: # (new in 1.8)
+  Enabled: true
+Lint/SymbolConversion: # (new in 1.9)
+  Enabled: true
+Lint/TripleQuotes: # (new in 1.9)
+  Enabled: true
+Style/EndlessMethod: # (new in 1.8)
+  Enabled: true
+Style/HashConversion: # (new in 1.10)
+  Enabled: true
+Style/IfWithBooleanLiteralBranches: # (new in 1.9)
+  Enabled: true
+Style/StringChars: # (new in 1.12)
+  Enabled: true
+Gemspec/DeprecatedAttributeAssignment: # new in 1.30
+  Enabled: true
+Gemspec/RequireMFA: # new in 1.23
+  Enabled: true
+Layout/LineContinuationLeadingSpace: # new in 1.31
+  Enabled: true
+Layout/LineContinuationSpacing: # new in 1.31
+  Enabled: true
+Layout/LineEndStringConcatenationIndentation: # new in 1.18
+  Enabled: true
+Lint/AmbiguousOperatorPrecedence: # new in 1.21
+  Enabled: true
+Lint/AmbiguousRange: # new in 1.19
+  Enabled: true
+Lint/ConstantOverwrittenInRescue: # new in 1.31
+  Enabled: true
+Lint/DuplicateMagicComment: # new in 1.37
+  Enabled: true
+Lint/EmptyInPattern: # new in 1.16
+  Enabled: true
+Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
+  Enabled: true
+Lint/NonAtomicFileOperation: # new in 1.31
+  Enabled: true
+Lint/RefinementImportMethods: # new in 1.27
+  Enabled: true
+Lint/RequireRangeParentheses: # new in 1.32
+  Enabled: true
+Lint/RequireRelativeSelfPath: # new in 1.22
+  Enabled: true
+Lint/UselessRuby2Keywords: # new in 1.23
+  Enabled: true
+Naming/BlockForwarding: # new in 1.24
+  Enabled: true
+Security/CompoundHash: # new in 1.28
+  Enabled: true
+Security/IoMethods: # new in 1.22
+  Enabled: true
+Style/EmptyHeredoc: # new in 1.32
+  Enabled: true
+Style/EnvHome: # new in 1.29
+  Enabled: true
+Style/FetchEnvVar: # new in 1.28
+  Enabled: true
+Style/FileRead: # new in 1.24
+  Enabled: true
+Style/FileWrite: # new in 1.24
+  Enabled: true
+Style/InPatternThen: # new in 1.16
+  Enabled: true
+Style/MagicCommentFormat: # new in 1.35
+  Enabled: true
+Style/MapCompactWithConditionalBlock: # new in 1.30
+  Enabled: true
+Style/MapToHash: # new in 1.24
+  Enabled: true
+Style/MultilineInPatternThen: # new in 1.16
+  Enabled: true
+Style/NestedFileDirname: # new in 1.26
+  Enabled: true
+Style/NumberedParameters: # new in 1.22
+  Enabled: true
+Style/NumberedParametersLimit: # new in 1.22
+  Enabled: true
+Style/ObjectThen: # new in 1.28
+  Enabled: true
+Style/OpenStructUse: # new in 1.23
+  Enabled: true
+Style/OperatorMethodCall: # new in 1.37
+  Enabled: true
+Style/QuotedSymbols: # new in 1.16
+  Enabled: true
+Style/RedundantInitialize: # new in 1.27
+  Enabled: true
+Style/RedundantSelfAssignmentBranch: # new in 1.19
+  Enabled: true
+Style/RedundantStringEscape: # new in 1.37
+  Enabled: true
+Style/SelectByRegexp: # new in 1.22
+  Enabled: true

data/Changelog.md

@@ -1,3 +1,7 @@
+## v2.1.0: 2021-04-09
+- Introduce RBS types
+- Expose p parameter
+
 ## v2.0.3: 2021-01-02
 - Address potential memory leak. Unlikely to be exploitable.
 

data/README.md

@@ -13,11 +13,10 @@ This project has several key tenets to its design:
 * The reference Argon2 implementation is to be used "unaltered". To ensure compliance with this goal, and encourage regular updates from upstream, the upstream library is implemented as a git submodule, and is intended to stay that way.
 * The FFI interface is kept as slim as possible, with wrapper classes preferred to implementing context structs in FFI
 * Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
-* Tested platforms are MRI Ruby 2.2, 2.3 and JRuby 9000. No assertions are made on other platforms.
+* Tested platforms are MRI Ruby 2.7 and 3.0. No assertions are made on other platforms.
 * Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
 * Test suites should aim for 100% code coverage.
 * Default work values should not be considered constants. I will increase them from time to time.
-* Not exposing the threads parameter is a design choice. I believe there is significant risk, and minimal gain in using a value other than '1'. Four threads on a four core box completely ties up the entire server to process one user logon. If you want more security, increase m_cost.
 * Many Rubocop errors have been disabled, but any commit should avoid new alerts or demonstrate their necessity.
 
 ## Usage
@@ -31,7 +30,7 @@ require 'argon2'
 To generate a hash using specific time and memory cost:
 
 ```ruby
-hasher = Argon2::Password.new(t_cost: 2, m_cost: 16)
+hasher = Argon2::Password.new(t_cost: 2, m_cost: 16, p_cost: 1)
 hasher.create("password")
     => "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
 ```
@@ -43,7 +42,6 @@ hasher = Argon2::Password.new
 hasher.create("password")
 ```
 
-If you follow this pattern, it is important to create a new `Argon2::Password` every time you generate a hash, in order to ensure a unique salt. See [issue 23](https://github.com/technion/ruby-argon2/issues/23) for more information.
 Alternatively, use this shortcut:
 
 ```ruby
@@ -72,6 +70,17 @@ argon = Argon2::Password.new(t_cost: 2, m_cost: 16, secret: KEY)
 myhash = argon.create("A password")
 Argon2::Password.verify_password("A password", myhash, KEY)
 ```
+## Ruby 3 Types
+I am now shipping signatures in sig/. The following command sets up a testing interface.
+```sh
+RBS_TEST_TARGET="Argon2::*" bundle exec ruby -r rbs/test/setup bin/console
+```
+You should also be able to pass Steep checks:
+```sh
+steep check
+```
+These tools will need to be installed manually at this time and will be added to Gemfiles after much further testing.
+
 ## Version 2.0 - Argon 2id
 Version 2.x upwards will now default to the Argon2id hash format. This is consistent with current recommendations regarding Argon2 usage. It remains capable of verifying existing hashes.
 
@@ -80,7 +89,7 @@ Version 1.0.0 included a major version bump over 0.1.4 due to several breaking c
 
 The second of these is that the reference Argon2 implementation introduced an algorithm change, which produces a hash which is not backwards compatible. This is documented on [this PR on the C library](https://github.com/P-H-C/phc-winner-argon2/pull/115). This was a regrettable requirement to address a security concern in the algorithm itself. The two versions of the Argon2 algorithm are numbered 1.0 and 1.3 respectively.
 
-Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future. Version 1.1.0 will silently introduce the current version number in hashes, in order to avoid a further compatibility break.
+Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future. 
 
 
 ## Platform Issues
@@ -123,17 +132,19 @@ Any form of contribution is appreciated, however, please review [CONTRIBUTING.md
 
 ## Building locally/Tests
 
-To build the gem locally, you will need to checkout the submodule and build it manually:
+To build the gem locally, you will need to run the setup script:
+
+```shell
+./bin/setup
+```
+
+You can test that the Argon2 C library was properly imported by running the C test suite:
 
 ```shell
-git submodule update --init --recursive
-bundle install
-cd ext/argon2_wrap/
-make
-cd ../..
+./bin/test
 ```
 
-The test harness includes a property based test. To more strenuously perform this test, you can tune the iterations parameter:
+The ruby wrapper test suite includes a property based test. To more strenuously perform this test, you can tune the iterations parameter:
 
 ```shell
 TEST_CHECKS=10000 bundle exec rake test

data/Steepfile

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+target :lib do
+  signature "sig"
+
+  check "argon2.rb"
+  check "lib"                       # Directory name
+  ignore "lib/argon2/ffi_engine.rb"
+  ignore "lib/argon2/errors.rb"
+end
+
+target :spec do
+  signature "sig", "sig-private"
+
+  check "spec"
+end

data/argon2.gemspec

@@ -11,18 +11,23 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Technion"]
   spec.email         = ["technion@lolware.net"]
 
+  spec.required_ruby_version = '>= 2.6.0'
+
   spec.summary       = 'Argon2 Password hashing binding'
   spec.description   = 'Argon2 FFI binding'
   spec.homepage      = 'https://github.com/technion/ruby-argon2'
   spec.license       = 'MIT'
+  spec.metadata      = {
+    'rubygems_mfa_required' => 'true'
+  }
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.files << `find ext`.split
 
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_dependency 'ffi', '~> 1.14'
+  spec.add_dependency 'ffi', '~> 1.15'
   spec.add_dependency 'ffi-compiler', '~> 1.0'
 
   spec.add_development_dependency "bundler", '~> 2.0'
@@ -31,5 +36,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rubocop", '~> 1.7'
   spec.add_development_dependency "simplecov", '~> 0.20'
   spec.add_development_dependency "simplecov-lcov", '~> 0.8'
+  spec.add_development_dependency "steep", "~> 1.2.1"
   spec.extensions << 'ext/argon2_wrap/extconf.rb'
 end

data/bin/console

@@ -1,15 +1,15 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require "bundler/setup"
-require "argon2"
+require 'bundler/setup'
+require 'argon2'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
 
 # (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
+# require 'pry'
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start

data/bin/setup

@@ -1,10 +1,15 @@
 #!/bin/bash
+# Exit the script immediately if a command fails
 set -euo pipefail
+# Internal Field Separator
 IFS=$'\n\t'
 
+# Initialize Git Submodules
+git submodule update --init --recursive
+
+# Build the Argon2 C Library. Git submodules must be initialized first!
 bundle install
 cd ext/argon2_wrap/
+ruby extconf.rb
 make
 cd ../..
-
-# Do any other automated setup that you need to do here

data/bin/test

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Exit the script immediately if a command fails
+set -euo pipefail
+# Internal Field Separator
+IFS=$'\n\t'
+
+# Run the Argon2 C Library tests
+cd ext/argon2_wrap/
+make test
+cd ../..

data/ext/argon2_wrap/{Makefile → Makefile.real}

@@ -60,6 +60,7 @@ LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
 all: libs 
 libs: $(SRC)
 		$(CC) $(CFLAGS) $(LIB_CFLAGS) $^ -o libargon2_wrap.$(LIB_EXT)
+		cp libargon2_wrap.$(LIB_EXT) ../../lib
 
 #Deliberately avoiding the CFLAGS for our test cases - disable optimise and
 #C89

data/ext/argon2_wrap/extconf.rb

@@ -1,2 +1,5 @@
 # frozen_string_literal: true
-#I must admit I have no understanding of why this empty file works.
+
+require 'mkmf'
+
+File.rename('Makefile.real', 'Makefile')

data/ext/phc-winner-argon2/Makefile

@@ -83,7 +83,7 @@ ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),DragonFly FreeBSD NetBSD OpenBSD))
 endif
 ifeq ($(KERNEL_NAME), Darwin)
 	LIB_EXT := $(ABI_VERSION).dylib
-	LIB_CFLAGS := -dynamiclib -install_name @rpath/lib$(LIB_NAME).$(LIB_EXT)
+	LIB_CFLAGS = -dynamiclib -install_name $(PREFIX)/$(LIBRARY_REL)/lib$(LIB_NAME).$(LIB_EXT)
 	LINKED_LIB_EXT := dylib
 	PC_EXTRA_LIBS ?=
 endif

data/ext/phc-winner-argon2/Package.swift

@@ -0,0 +1,46 @@
+// swift-tools-version:5.3
+
+import PackageDescription
+
+let package = Package(
+    name: "argon2",
+    products: [
+        .library(
+            name: "argon2",
+            targets: ["argon2"]),
+    ],
+    targets: [
+        .target(
+            name: "argon2",
+            path: ".",
+            exclude: [
+                "kats",
+                "vs2015",
+                "latex",
+                "libargon2.pc.in",
+                "export.sh",
+                "appveyor.yml",
+                "Argon2.sln",
+                "argon2-specs.pdf",
+                "CHANGELOG.md",
+                "LICENSE",
+                "Makefile",
+                "man",
+                "README.md",
+                "src/bench.c",
+                "src/genkat.c",
+                "src/opt.c",
+                "src/run.c",
+                "src/test.c",
+            ],
+            sources: [
+                "src/blake2/blake2b.c",
+                "src/argon2.c",
+                "src/core.c",
+                "src/encoding.c",
+                "src/ref.c",
+                "src/thread.c"
+            ]
+        )
+    ]
+)

data/ext/phc-winner-argon2/README.md

@@ -44,9 +44,11 @@ Please report bugs as issues on this repository.
 ## Usage
 
 `make` builds the executable `argon2`, the static library `libargon2.a`,
-and the shared library `libargon2.so` (or `libargon2.dylib` on OSX).
-Make sure to run `make test` to verify that your build produces valid
-results. `make install PREFIX=/usr` installs it to your system.
+and the shared library `libargon2.so` (or on macOS, the dynamic library
+`libargon2.dylib` -- make sure to specify the installation prefix when
+you compile: `make PREFIX=/usr`). Make sure to run `make test` to verify
+that your build produces valid results. `sudo make install PREFIX=/usr`
+installs it to your system.
 
 ### Command-line utility
 
@@ -148,7 +150,7 @@ int main(void)
     uint8_t *pwd = (uint8_t *)strdup(PWD);
     uint32_t pwdlen = strlen((char *)pwd);
 
-    uint32_t t_cost = 2;            // 1-pass computation
+    uint32_t t_cost = 2;            // 2-pass computation
     uint32_t m_cost = (1<<16);      // 64 mebibytes memory usage
     uint32_t parallelism = 1;       // number of threads and lanes
 
@@ -244,6 +246,7 @@ Bindings are available for the following languages (make sure to read
 their documentation):
 
 * [Android (Java/Kotlin)](https://github.com/lambdapioneer/argon2kt) by [@lambdapioneer](https://github.com/lambdapioneer)
+* [Dart](https://github.com/tmthecoder/dargon2) by [@tmthecoder](https://github.com/tmthecoder)
 * [Elixir](https://github.com/riverrun/argon2_elixir) by [@riverrun](https://github.com/riverrun)
 * [Erlang](https://github.com/ergenius/eargon2) by [@ergenius](https://github.com/ergenius)
 * [Go](https://github.com/tvdburgt/go-argon2) by [@tvdburgt](https://github.com/tvdburgt)
@@ -269,6 +272,7 @@ their documentation):
 * [Perl](https://github.com/Leont/crypt-argon2) by [@leont](https://github.com/Leont)
 * [mruby](https://github.com/Asmod4n/mruby-argon2) by [@Asmod4n](https://github.com/Asmod4n)
 * [Swift](https://github.com/ImKcat/CatCrypto) by [@ImKcat](https://github.com/ImKcat)
+* [Swift](https://github.com/tmthecoder/Argon2Swift) by [@tmthecoder](https://github.com/tmthecoder)
 
 
 ## Test suite

data/lib/argon2/ffi_engine.rb

@@ -62,13 +62,13 @@ module Argon2
       result.unpack('H*').join
     end
 
-    def self.hash_argon2id(password, salt, t_cost, m_cost, out_len = nil)
+    def self.hash_argon2id(password, salt, t_cost, m_cost, p_cost, out_len = nil)
       out_len = (out_len || Constants::OUT_LEN).to_i
       raise ArgonHashFail, "Invalid output length" if out_len < 1
 
       result = ''
       FFI::MemoryPointer.new(:char, out_len) do |buffer|
-        ret = Ext.argon2id_hash_raw(t_cost, 1 << m_cost, 1, password,
+        ret = Ext.argon2id_hash_raw(t_cost, 1 << m_cost, p_cost, password,
                                     password.length, salt, salt.length,
                                     buffer, out_len)
         raise ArgonHashFail, ERRORS[ret.abs] unless ret.zero?
@@ -78,7 +78,7 @@ module Argon2
       result.unpack('H*').join
     end
 
-    def self.hash_argon2id_encode(password, salt, t_cost, m_cost, secret)
+    def self.hash_argon2id_encode(password, salt, t_cost, m_cost, p_cost, secret)
       result = ''
       secretlen = secret.nil? ? 0 : secret.bytesize
       passwordlen = password.nil? ? 0 : password.bytesize
@@ -87,7 +87,7 @@ module Argon2
       FFI::MemoryPointer.new(:char, Constants::ENCODE_LEN) do |buffer|
         ret = Ext.argon2_wrap(buffer, password, passwordlen,
                               salt, salt.length, t_cost, (1 << m_cost),
-                              1, secret, secretlen)
+                              p_cost, secret, secretlen)
         raise ArgonHashFail, ERRORS[ret.abs] unless ret.zero?
 
         result = buffer.read_string(Constants::ENCODE_LEN)

data/lib/argon2/hash_format.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Argon2
+  ##
+  # Get the values from an Argon2 compatible string.
+  #
+  class HashFormat
+    attr_reader :variant, :version, :t_cost, :m_cost, :p_cost, :salt, :checksum
+
+    # FIXME: Reduce complexity/AbcSize
+    # rubocop:disable Metrics/AbcSize
+    def initialize(digest)
+      digest = digest.to_s unless digest.is_a?(String)
+
+      raise Argon2::ArgonHashFail, 'Invalid Argon2 hash' unless self.class.valid_hash?(digest)
+
+      _, variant, version, config, salt, checksum = digest.split('$')
+      # Regex magic to extract the values for each setting
+      version = /v=(\d+)/.match(version)
+      t_cost  = /t=(\d+),/.match(config)
+      m_cost  = /m=(\d+),/.match(config)
+      p_cost  = /p=(\d+)/.match(config)
+
+      # Make sure none of the values are missing
+      raise Argon2::ArgonHashFail, 'Invalid Argon2 version' if version.nil?
+      raise Argon2::ArgonHashFail, 'Invalid Argon2 time cost' if t_cost.nil?
+      raise Argon2::ArgonHashFail, 'Invalid Argon2 memory cost' if m_cost.nil?
+      raise Argon2::ArgonHashFail, 'Invalid Argon2 parallelism cost' if p_cost.nil?
+
+      @variant  = variant.to_str
+      @version  = version[1].to_i
+      @t_cost   = t_cost[1].to_i
+      @m_cost   = m_cost[1].to_i
+      @p_cost   = p_cost[1].to_i
+      @salt     = salt.to_str
+      @checksum = checksum.to_str
+    end
+    # rubocop:enable Metrics/AbcSize
+
+    ##
+    # Checks whether a given digest is a valid Argon2 hash.
+    #
+    # Supports 1 and argon2id formats.
+    #
+    def self.valid_hash?(digest)
+      /^\$argon2(id?|d).{,113}/ =~ digest
+    end
+  end
+end

data/lib/argon2/version.rb

@@ -3,5 +3,5 @@
 # Standard Gem version constant.
 
 module Argon2
-  VERSION = "2.0.3"
+  VERSION = "2.2.0"
 end

data/lib/argon2.rb

@@ -5,6 +5,7 @@ require 'argon2/ffi_engine'
 require 'argon2/version'
 require 'argon2/errors'
 require 'argon2/engine'
+require 'argon2/hash_format'
 
 module Argon2
   # Front-end API for the Argon2 module.
@@ -16,7 +17,10 @@ module Argon2
       @m_cost = options[:m_cost] || 16
       raise ArgonHashFail, "Invalid m_cost" if @m_cost < 1 || @m_cost > 31
 
-      @salt = options[:salt_do_not_supply] || Engine.saltgen
+      @p_cost = options[:p_cost] || 1
+      raise ArgonHashFail, "Invalid p_cost" if @p_cost < 1 || @p_cost > 8
+
+      @salt_do_not_supply = options[:salt_do_not_supply]
       @secret = options[:secret]
     end
 
@@ -24,19 +28,21 @@ module Argon2
       raise ArgonHashFail, "Invalid password (expected string)" unless
         pass.is_a?(String)
 
+      # Ensure salt is freshly generated unless it was intentionally supplied.
+      salt = @salt_do_not_supply || Engine.saltgen
+
       Argon2::Engine.hash_argon2id_encode(
-        pass, @salt, @t_cost, @m_cost, @secret)
+        pass, salt, @t_cost, @m_cost, @p_cost, @secret)
     end
 
     # Helper class, just creates defaults and calls hash()
-    def self.create(pass)
-      argon2 = Argon2::Password.new
+    def self.create(pass, options = {})
+      argon2 = Argon2::Password.new(options)
       argon2.create(pass)
     end
 
-    # Supports 1 and argon2id formats.
     def self.valid_hash?(hash)
-      /^\$argon2(id?|d).{,113}/ =~ hash
+      Argon2::HashFormat.valid_hash?(hash)
     end
 
     def self.verify_password(pass, hash, secret = nil)

data/sig/argon2.rbs

@@ -0,0 +1,21 @@
+# Classes
+module Argon2
+  class Password
+    @t_cost: Integer
+    @m_cost: Integer
+    @p_cost: Integer
+    @salt: nil | String
+    @secret: nil | String
+
+    def initialize: (?::Hash[untyped, untyped] options) -> void
+    def create: (String pass) -> untyped
+    def self.create: (String pass) -> untyped
+    def self.valid_hash?: (string hash) -> Integer?
+    def self.verify_password: (untyped pass, untyped hash, ?nil secret) -> untyped
+  end
+  class Engine
+    def self.saltgen: () -> String
+  end
+  class ArgonHashFail < StandardError
+  end
+end

data/sig/constants.rbs

@@ -0,0 +1,8 @@
+# Classes
+module Argon2
+  module Constants
+    SALT_LEN: Integer
+    OUT_LEN: Integer
+    ENCODE_LEN: Integer
+  end
+end

data/sig/ffi.rbs

@@ -0,0 +1,18 @@
+module Argon2
+  # Direct external bindings. Call these methods via the Engine class to ensure points are dealt with
+  module Ext
+    extend FFI::Library
+  end
+
+  # The engine class shields users from the FFI interface.
+  # It is generally not advised to directly use this class.
+  class Engine
+    def self.hash_argon2i: (untyped password, untyped salt, untyped t_cost, untyped m_cost, ?untyped? out_len) -> untyped
+
+    def self.hash_argon2id: (untyped password, untyped salt, untyped t_cost, untyped m_cost, untyped p_cost, ?untyped? out_len) -> untyped
+
+    def self.hash_argon2id_encode: (untyped password, untyped salt, untyped t_cost, untyped m_cost, untyped p_cost, untyped secret) -> untyped
+
+    def self.argon2_verify: (untyped pwd, untyped hash, untyped secret) -> (false | true)
+  end
+end

data/sig/version.rbs

@@ -0,0 +1,4 @@
+# Classes
+module Argon2
+  VERSION: String
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: argon2
 version: !ruby/object:Gem::Version
-  version: 2.0.3
+  version: 2.2.0
 platform: ruby
 authors:
 - Technion
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-01-02 00:00:00.000000000 Z
+date: 2022-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '1.15'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '1.15'
 - !ruby/object:Gem::Dependency
   name: ffi-compiler
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: steep
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.1
 description: Argon2 FFI binding
 email:
 - technion@lolware.net
@@ -130,7 +144,7 @@ extensions:
 - ext/argon2_wrap/extconf.rb
 extra_rdoc_files: []
 files:
-- ".github/workflows/rubocop.yml"
+- ".github/workflows/codeql.yml"
 - ".github/workflows/ruby.yml"
 - ".gitignore"
 - ".gitmodules"
@@ -141,13 +155,15 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- Steepfile
 - argon2.gemspec
 - bin/console
 - bin/setup
-- ext/argon2_wrap/Makefile
+- bin/test
+- ext/argon2_wrap/Makefile.real
 - ext/argon2_wrap/argon_wrap.c
+- ext/argon2_wrap/argon_wrap.o
 - ext/argon2_wrap/extconf.rb
-- ext/argon2_wrap/libargon2_wrap.so
 - ext/argon2_wrap/test.c
 - ext/phc-winner-argon2/.git
 - ext/phc-winner-argon2/.gitattributes
@@ -157,6 +173,7 @@ files:
 - ext/phc-winner-argon2/CHANGELOG.md
 - ext/phc-winner-argon2/LICENSE
 - ext/phc-winner-argon2/Makefile
+- ext/phc-winner-argon2/Package.swift
 - ext/phc-winner-argon2/README.md
 - ext/phc-winner-argon2/appveyor.yml
 - ext/phc-winner-argon2/argon2-specs.pdf
@@ -188,7 +205,6 @@ files:
 - ext/phc-winner-argon2/latex/tradeoff.bib
 - ext/phc-winner-argon2/libargon2.pc.in
 - ext/phc-winner-argon2/man/argon2.1
-- ext/phc-winner-argon2/opt.o
 - ext/phc-winner-argon2/src/argon2.c
 - ext/phc-winner-argon2/src/bench.c
 - ext/phc-winner-argon2/src/blake2/blake2-impl.h
@@ -233,12 +249,18 @@ files:
 - lib/argon2/engine.rb
 - lib/argon2/errors.rb
 - lib/argon2/ffi_engine.rb
+- lib/argon2/hash_format.rb
 - lib/argon2/version.rb
+- sig/argon2.rbs
+- sig/constants.rbs
+- sig/ffi.rbs
+- sig/version.rbs
 homepage: https://github.com/technion/ruby-argon2
 licenses:
 - MIT
-metadata: {}
-post_install_message:
+metadata:
+  rubygems_mfa_required: 'true'
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -246,15 +268,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.3.5
+signing_key: 
 specification_version: 4
 summary: Argon2 Password hashing binding
 test_files: []

data/.github/workflows/rubocop.yml

@@ -1,16 +0,0 @@
-name: Rubocop
-
-# Run this workflow every time a new commit pushed to your repository
-on: push
-
-jobs:
-
-  rubocop:
-    name: Rubocopchecks
-    runs-on: ubuntu-latest
-    steps:
-      - name: Run Rubocop
-        uses: gimenete/rubocop-action@1.0
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-