argon2 2.0.3 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/codeql.yml +74 -0
- data/.github/workflows/ruby.yml +57 -20
- data/.rubocop.yml +107 -1
- data/Changelog.md +4 -0
- data/README.md +23 -12
- data/Steepfile +16 -0
- data/argon2.gemspec +8 -2
- data/bin/console +4 -4
- data/bin/setup +7 -2
- data/bin/test +10 -0
- data/ext/argon2_wrap/{Makefile → Makefile.real} +1 -0
- data/ext/argon2_wrap/argon_wrap.o +0 -0
- data/ext/argon2_wrap/extconf.rb +4 -1
- data/ext/phc-winner-argon2/Makefile +1 -1
- data/ext/phc-winner-argon2/Package.swift +46 -0
- data/ext/phc-winner-argon2/README.md +8 -4
- data/lib/argon2/ffi_engine.rb +4 -4
- data/lib/argon2/hash_format.rb +49 -0
- data/lib/argon2/version.rb +1 -1
- data/lib/argon2.rb +12 -6
- data/sig/argon2.rbs +21 -0
- data/sig/constants.rbs +8 -0
- data/sig/ffi.rbs +18 -0
- data/sig/version.rbs +4 -0
- metadata +36 -14
- data/.github/workflows/rubocop.yml +0 -16
- data/ext/argon2_wrap/libargon2_wrap.so +0 -0
- data/ext/phc-winner-argon2/opt.o +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f926025634562667dbc1575383b09a6d3178248f1551325726f1dc194472b0e5
|
4
|
+
data.tar.gz: a4876cbbaf99df1062ac39f668e3af254c5b45b1d431bf5e7180e3076fd20d3d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e5c592dc870390af4ad6fbce1ea4b3b4b5be6fa25574f18ac44d0509dab1adef3bb21e1e1c5a84b01d364e335f4b4b01460a0a4207c96734ae67f0b4ff12289a
|
7
|
+
data.tar.gz: c59f5baeea0c7ff436f77a4dadc267c5619ceccf2749ee25a428173abbf4842606a48bbd90f74a89cbd6347cc31dc643447b926cb6caccdcbcf04d7eabfb19a8
|
@@ -0,0 +1,74 @@
|
|
1
|
+
# For most projects, this workflow file will not need changing; you simply need
|
2
|
+
# to commit it to your repository.
|
3
|
+
#
|
4
|
+
# You may wish to alter this file to override the set of languages analyzed,
|
5
|
+
# or to provide custom queries or build logic.
|
6
|
+
#
|
7
|
+
# ******** NOTE ********
|
8
|
+
# We have attempted to detect the languages in your repository. Please check
|
9
|
+
# the `language` matrix defined below to confirm you have the correct set of
|
10
|
+
# supported CodeQL languages.
|
11
|
+
#
|
12
|
+
name: "CodeQL"
|
13
|
+
|
14
|
+
on:
|
15
|
+
push:
|
16
|
+
branches: [ "master" ]
|
17
|
+
pull_request:
|
18
|
+
# The branches below must be a subset of the branches above
|
19
|
+
branches: [ "master" ]
|
20
|
+
schedule:
|
21
|
+
- cron: '34 3 * * 3'
|
22
|
+
|
23
|
+
jobs:
|
24
|
+
analyze:
|
25
|
+
name: Analyze
|
26
|
+
runs-on: ubuntu-latest
|
27
|
+
permissions:
|
28
|
+
actions: read
|
29
|
+
contents: read
|
30
|
+
security-events: write
|
31
|
+
|
32
|
+
strategy:
|
33
|
+
fail-fast: false
|
34
|
+
matrix:
|
35
|
+
language: [ 'ruby' ]
|
36
|
+
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
37
|
+
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
|
38
|
+
|
39
|
+
steps:
|
40
|
+
- name: Checkout repository
|
41
|
+
uses: actions/checkout@v3
|
42
|
+
|
43
|
+
# Initializes the CodeQL tools for scanning.
|
44
|
+
- name: Initialize CodeQL
|
45
|
+
uses: github/codeql-action/init@v2
|
46
|
+
with:
|
47
|
+
languages: ${{ matrix.language }}
|
48
|
+
# If you wish to specify custom queries, you can do so here or in a config file.
|
49
|
+
# By default, queries listed here will override any specified in a config file.
|
50
|
+
# Prefix the list here with "+" to use these queries and those in the config file.
|
51
|
+
|
52
|
+
# Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
|
53
|
+
# queries: security-extended,security-and-quality
|
54
|
+
|
55
|
+
|
56
|
+
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
|
57
|
+
# If this step fails, then you should remove it and run the build manually (see below)
|
58
|
+
- name: Autobuild
|
59
|
+
uses: github/codeql-action/autobuild@v2
|
60
|
+
|
61
|
+
# ℹ️ Command-line programs to run using the OS shell.
|
62
|
+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
|
63
|
+
|
64
|
+
# If the Autobuild fails above, remove it and uncomment the following three lines.
|
65
|
+
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
|
66
|
+
|
67
|
+
# - run: |
|
68
|
+
# echo "Run, Build Application using script"
|
69
|
+
# ./location_of_script_within_repo/buildscript.sh
|
70
|
+
|
71
|
+
- name: Perform CodeQL Analysis
|
72
|
+
uses: github/codeql-action/analyze@v2
|
73
|
+
with:
|
74
|
+
category: "/language:${{matrix.language}}"
|
data/.github/workflows/ruby.yml
CHANGED
@@ -1,32 +1,69 @@
|
|
1
1
|
name: Test Suite
|
2
2
|
|
3
|
-
|
3
|
+
# Run against all commits and pull requests.
|
4
|
+
on: [ push, pull_request ]
|
4
5
|
|
5
6
|
jobs:
|
6
|
-
|
7
|
+
test_matrix:
|
7
8
|
|
8
|
-
runs-on: ubuntu-latest
|
9
9
|
strategy:
|
10
|
+
fail-fast: false
|
10
11
|
matrix:
|
11
|
-
|
12
|
+
os:
|
13
|
+
- ubuntu
|
14
|
+
- macos
|
15
|
+
ruby:
|
16
|
+
- 2.7
|
17
|
+
- 3.1
|
18
|
+
- 3.2
|
19
|
+
|
20
|
+
runs-on: ${{ matrix.os }}-latest
|
21
|
+
|
22
|
+
env:
|
23
|
+
TEST_CHECKS: 100
|
24
|
+
|
25
|
+
steps:
|
26
|
+
- uses: actions/checkout@v2
|
27
|
+
- name: Set up Ruby
|
28
|
+
uses: ruby/setup-ruby@v1
|
29
|
+
with:
|
30
|
+
ruby-version: ${{ matrix.ruby }}
|
31
|
+
bundler-cache: true
|
32
|
+
- name: Build Argon2 C library
|
33
|
+
run: bin/setup
|
34
|
+
- name: Test Argon2 C library
|
35
|
+
run: bin/test
|
36
|
+
- name: Run tests
|
37
|
+
run: bundle exec rake test
|
38
|
+
- name: Coveralls Parallel
|
39
|
+
uses: coverallsapp/github-action@master
|
40
|
+
with:
|
41
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
42
|
+
flag-name: run-${{ matrix.ruby-version }}
|
43
|
+
parallel: true
|
44
|
+
|
45
|
+
rubocop:
|
46
|
+
|
47
|
+
runs-on: ubuntu-latest
|
12
48
|
|
13
49
|
steps:
|
14
50
|
- uses: actions/checkout@v2
|
15
|
-
- name: Set up Ruby
|
51
|
+
- name: Set up Ruby
|
16
52
|
uses: ruby/setup-ruby@v1
|
17
53
|
with:
|
18
|
-
ruby-version:
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
54
|
+
ruby-version: 3.0
|
55
|
+
bundler-cache: true
|
56
|
+
- name: Run rubocop
|
57
|
+
run: bundle exec rake rubocop
|
58
|
+
|
59
|
+
finish:
|
60
|
+
runs-on: ubuntu-latest
|
61
|
+
needs: [ test_matrix, rubocop ]
|
62
|
+
steps:
|
63
|
+
- name: Coveralls Finished
|
64
|
+
uses: coverallsapp/github-action@master
|
65
|
+
with:
|
66
|
+
github-token: ${{ secrets.GITHUB_TOKEN }}
|
67
|
+
parallel-finished: true
|
68
|
+
- name: Wait for status checks
|
69
|
+
run: echo "All Green!"
|
data/.rubocop.yml
CHANGED
@@ -7,6 +7,11 @@ Metrics/CyclomaticComplexity:
|
|
7
7
|
Metrics/PerceivedComplexity:
|
8
8
|
Enabled: false
|
9
9
|
|
10
|
+
Metrics/ParameterLists:
|
11
|
+
Max: 5
|
12
|
+
Exclude:
|
13
|
+
- 'lib/argon2/ffi_engine.rb'
|
14
|
+
|
10
15
|
Layout/LineLength:
|
11
16
|
Max: 160
|
12
17
|
Exclude:
|
@@ -205,4 +210,105 @@ Style/RedundantArgument: # (new in 1.4)
|
|
205
210
|
Enabled: true
|
206
211
|
Style/SwapValues: # (new in 1.1)
|
207
212
|
Enabled: true
|
208
|
-
|
213
|
+
Lint/DeprecatedConstants: # (new in 1.8)
|
214
|
+
Enabled: true
|
215
|
+
Lint/LambdaWithoutLiteralBlock: # (new in 1.8)
|
216
|
+
Enabled: true
|
217
|
+
Lint/NumberedParameterAssignment: # (new in 1.9)
|
218
|
+
Enabled: true
|
219
|
+
Lint/OrAssignmentToConstant: # (new in 1.9)
|
220
|
+
Enabled: true
|
221
|
+
Lint/RedundantDirGlobSort: # (new in 1.8)
|
222
|
+
Enabled: true
|
223
|
+
Lint/SymbolConversion: # (new in 1.9)
|
224
|
+
Enabled: true
|
225
|
+
Lint/TripleQuotes: # (new in 1.9)
|
226
|
+
Enabled: true
|
227
|
+
Style/EndlessMethod: # (new in 1.8)
|
228
|
+
Enabled: true
|
229
|
+
Style/HashConversion: # (new in 1.10)
|
230
|
+
Enabled: true
|
231
|
+
Style/IfWithBooleanLiteralBranches: # (new in 1.9)
|
232
|
+
Enabled: true
|
233
|
+
Style/StringChars: # (new in 1.12)
|
234
|
+
Enabled: true
|
235
|
+
Gemspec/DeprecatedAttributeAssignment: # new in 1.30
|
236
|
+
Enabled: true
|
237
|
+
Gemspec/RequireMFA: # new in 1.23
|
238
|
+
Enabled: true
|
239
|
+
Layout/LineContinuationLeadingSpace: # new in 1.31
|
240
|
+
Enabled: true
|
241
|
+
Layout/LineContinuationSpacing: # new in 1.31
|
242
|
+
Enabled: true
|
243
|
+
Layout/LineEndStringConcatenationIndentation: # new in 1.18
|
244
|
+
Enabled: true
|
245
|
+
Lint/AmbiguousOperatorPrecedence: # new in 1.21
|
246
|
+
Enabled: true
|
247
|
+
Lint/AmbiguousRange: # new in 1.19
|
248
|
+
Enabled: true
|
249
|
+
Lint/ConstantOverwrittenInRescue: # new in 1.31
|
250
|
+
Enabled: true
|
251
|
+
Lint/DuplicateMagicComment: # new in 1.37
|
252
|
+
Enabled: true
|
253
|
+
Lint/EmptyInPattern: # new in 1.16
|
254
|
+
Enabled: true
|
255
|
+
Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
|
256
|
+
Enabled: true
|
257
|
+
Lint/NonAtomicFileOperation: # new in 1.31
|
258
|
+
Enabled: true
|
259
|
+
Lint/RefinementImportMethods: # new in 1.27
|
260
|
+
Enabled: true
|
261
|
+
Lint/RequireRangeParentheses: # new in 1.32
|
262
|
+
Enabled: true
|
263
|
+
Lint/RequireRelativeSelfPath: # new in 1.22
|
264
|
+
Enabled: true
|
265
|
+
Lint/UselessRuby2Keywords: # new in 1.23
|
266
|
+
Enabled: true
|
267
|
+
Naming/BlockForwarding: # new in 1.24
|
268
|
+
Enabled: true
|
269
|
+
Security/CompoundHash: # new in 1.28
|
270
|
+
Enabled: true
|
271
|
+
Security/IoMethods: # new in 1.22
|
272
|
+
Enabled: true
|
273
|
+
Style/EmptyHeredoc: # new in 1.32
|
274
|
+
Enabled: true
|
275
|
+
Style/EnvHome: # new in 1.29
|
276
|
+
Enabled: true
|
277
|
+
Style/FetchEnvVar: # new in 1.28
|
278
|
+
Enabled: true
|
279
|
+
Style/FileRead: # new in 1.24
|
280
|
+
Enabled: true
|
281
|
+
Style/FileWrite: # new in 1.24
|
282
|
+
Enabled: true
|
283
|
+
Style/InPatternThen: # new in 1.16
|
284
|
+
Enabled: true
|
285
|
+
Style/MagicCommentFormat: # new in 1.35
|
286
|
+
Enabled: true
|
287
|
+
Style/MapCompactWithConditionalBlock: # new in 1.30
|
288
|
+
Enabled: true
|
289
|
+
Style/MapToHash: # new in 1.24
|
290
|
+
Enabled: true
|
291
|
+
Style/MultilineInPatternThen: # new in 1.16
|
292
|
+
Enabled: true
|
293
|
+
Style/NestedFileDirname: # new in 1.26
|
294
|
+
Enabled: true
|
295
|
+
Style/NumberedParameters: # new in 1.22
|
296
|
+
Enabled: true
|
297
|
+
Style/NumberedParametersLimit: # new in 1.22
|
298
|
+
Enabled: true
|
299
|
+
Style/ObjectThen: # new in 1.28
|
300
|
+
Enabled: true
|
301
|
+
Style/OpenStructUse: # new in 1.23
|
302
|
+
Enabled: true
|
303
|
+
Style/OperatorMethodCall: # new in 1.37
|
304
|
+
Enabled: true
|
305
|
+
Style/QuotedSymbols: # new in 1.16
|
306
|
+
Enabled: true
|
307
|
+
Style/RedundantInitialize: # new in 1.27
|
308
|
+
Enabled: true
|
309
|
+
Style/RedundantSelfAssignmentBranch: # new in 1.19
|
310
|
+
Enabled: true
|
311
|
+
Style/RedundantStringEscape: # new in 1.37
|
312
|
+
Enabled: true
|
313
|
+
Style/SelectByRegexp: # new in 1.22
|
314
|
+
Enabled: true
|
data/Changelog.md
CHANGED
data/README.md
CHANGED
@@ -13,11 +13,10 @@ This project has several key tenets to its design:
|
|
13
13
|
* The reference Argon2 implementation is to be used "unaltered". To ensure compliance with this goal, and encourage regular updates from upstream, the upstream library is implemented as a git submodule, and is intended to stay that way.
|
14
14
|
* The FFI interface is kept as slim as possible, with wrapper classes preferred to implementing context structs in FFI
|
15
15
|
* Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
|
16
|
-
* Tested platforms are MRI Ruby 2.
|
16
|
+
* Tested platforms are MRI Ruby 2.7 and 3.0. No assertions are made on other platforms.
|
17
17
|
* Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
|
18
18
|
* Test suites should aim for 100% code coverage.
|
19
19
|
* Default work values should not be considered constants. I will increase them from time to time.
|
20
|
-
* Not exposing the threads parameter is a design choice. I believe there is significant risk, and minimal gain in using a value other than '1'. Four threads on a four core box completely ties up the entire server to process one user logon. If you want more security, increase m_cost.
|
21
20
|
* Many Rubocop errors have been disabled, but any commit should avoid new alerts or demonstrate their necessity.
|
22
21
|
|
23
22
|
## Usage
|
@@ -31,7 +30,7 @@ require 'argon2'
|
|
31
30
|
To generate a hash using specific time and memory cost:
|
32
31
|
|
33
32
|
```ruby
|
34
|
-
hasher = Argon2::Password.new(t_cost: 2, m_cost: 16)
|
33
|
+
hasher = Argon2::Password.new(t_cost: 2, m_cost: 16, p_cost: 1)
|
35
34
|
hasher.create("password")
|
36
35
|
=> "$argon2i$v=19$m=65536,t=2,p=1$jL7lLEAjDN+pY2cG1N8D2g$iwj1ueduCvm6B9YVjBSnAHu+6mKzqGmDW745ALR38Uo"
|
37
36
|
```
|
@@ -43,7 +42,6 @@ hasher = Argon2::Password.new
|
|
43
42
|
hasher.create("password")
|
44
43
|
```
|
45
44
|
|
46
|
-
If you follow this pattern, it is important to create a new `Argon2::Password` every time you generate a hash, in order to ensure a unique salt. See [issue 23](https://github.com/technion/ruby-argon2/issues/23) for more information.
|
47
45
|
Alternatively, use this shortcut:
|
48
46
|
|
49
47
|
```ruby
|
@@ -72,6 +70,17 @@ argon = Argon2::Password.new(t_cost: 2, m_cost: 16, secret: KEY)
|
|
72
70
|
myhash = argon.create("A password")
|
73
71
|
Argon2::Password.verify_password("A password", myhash, KEY)
|
74
72
|
```
|
73
|
+
## Ruby 3 Types
|
74
|
+
I am now shipping signatures in sig/. The following command sets up a testing interface.
|
75
|
+
```sh
|
76
|
+
RBS_TEST_TARGET="Argon2::*" bundle exec ruby -r rbs/test/setup bin/console
|
77
|
+
```
|
78
|
+
You should also be able to pass Steep checks:
|
79
|
+
```sh
|
80
|
+
steep check
|
81
|
+
```
|
82
|
+
These tools will need to be installed manually at this time and will be added to Gemfiles after much further testing.
|
83
|
+
|
75
84
|
## Version 2.0 - Argon 2id
|
76
85
|
Version 2.x upwards will now default to the Argon2id hash format. This is consistent with current recommendations regarding Argon2 usage. It remains capable of verifying existing hashes.
|
77
86
|
|
@@ -80,7 +89,7 @@ Version 1.0.0 included a major version bump over 0.1.4 due to several breaking c
|
|
80
89
|
|
81
90
|
The second of these is that the reference Argon2 implementation introduced an algorithm change, which produces a hash which is not backwards compatible. This is documented on [this PR on the C library](https://github.com/P-H-C/phc-winner-argon2/pull/115). This was a regrettable requirement to address a security concern in the algorithm itself. The two versions of the Argon2 algorithm are numbered 1.0 and 1.3 respectively.
|
82
91
|
|
83
|
-
Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future.
|
92
|
+
Shortly after this, version 1.0.0 of this gem was released with this breaking change, supporting only Argon2 v1.3. Further time later, the official encoding format was updated, with a spec that included the version number, and the library introduced backward compatibility. This should remove the likelihood of such breaking changes in future.
|
84
93
|
|
85
94
|
|
86
95
|
## Platform Issues
|
@@ -123,17 +132,19 @@ Any form of contribution is appreciated, however, please review [CONTRIBUTING.md
|
|
123
132
|
|
124
133
|
## Building locally/Tests
|
125
134
|
|
126
|
-
To build the gem locally, you will need to
|
135
|
+
To build the gem locally, you will need to run the setup script:
|
136
|
+
|
137
|
+
```shell
|
138
|
+
./bin/setup
|
139
|
+
```
|
140
|
+
|
141
|
+
You can test that the Argon2 C library was properly imported by running the C test suite:
|
127
142
|
|
128
143
|
```shell
|
129
|
-
|
130
|
-
bundle install
|
131
|
-
cd ext/argon2_wrap/
|
132
|
-
make
|
133
|
-
cd ../..
|
144
|
+
./bin/test
|
134
145
|
```
|
135
146
|
|
136
|
-
The test
|
147
|
+
The ruby wrapper test suite includes a property based test. To more strenuously perform this test, you can tune the iterations parameter:
|
137
148
|
|
138
149
|
```shell
|
139
150
|
TEST_CHECKS=10000 bundle exec rake test
|
data/Steepfile
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
target :lib do
|
4
|
+
signature "sig"
|
5
|
+
|
6
|
+
check "argon2.rb"
|
7
|
+
check "lib" # Directory name
|
8
|
+
ignore "lib/argon2/ffi_engine.rb"
|
9
|
+
ignore "lib/argon2/errors.rb"
|
10
|
+
end
|
11
|
+
|
12
|
+
target :spec do
|
13
|
+
signature "sig", "sig-private"
|
14
|
+
|
15
|
+
check "spec"
|
16
|
+
end
|
data/argon2.gemspec
CHANGED
@@ -11,18 +11,23 @@ Gem::Specification.new do |spec|
|
|
11
11
|
spec.authors = ["Technion"]
|
12
12
|
spec.email = ["technion@lolware.net"]
|
13
13
|
|
14
|
+
spec.required_ruby_version = '>= 2.6.0'
|
15
|
+
|
14
16
|
spec.summary = 'Argon2 Password hashing binding'
|
15
17
|
spec.description = 'Argon2 FFI binding'
|
16
18
|
spec.homepage = 'https://github.com/technion/ruby-argon2'
|
17
19
|
spec.license = 'MIT'
|
20
|
+
spec.metadata = {
|
21
|
+
'rubygems_mfa_required' => 'true'
|
22
|
+
}
|
18
23
|
|
19
|
-
spec.files
|
24
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
20
25
|
spec.files << `find ext`.split
|
21
26
|
|
22
27
|
spec.bindir = "exe"
|
23
28
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
29
|
spec.require_paths = ["lib"]
|
25
|
-
spec.add_dependency 'ffi', '~> 1.
|
30
|
+
spec.add_dependency 'ffi', '~> 1.15'
|
26
31
|
spec.add_dependency 'ffi-compiler', '~> 1.0'
|
27
32
|
|
28
33
|
spec.add_development_dependency "bundler", '~> 2.0'
|
@@ -31,5 +36,6 @@ Gem::Specification.new do |spec|
|
|
31
36
|
spec.add_development_dependency "rubocop", '~> 1.7'
|
32
37
|
spec.add_development_dependency "simplecov", '~> 0.20'
|
33
38
|
spec.add_development_dependency "simplecov-lcov", '~> 0.8'
|
39
|
+
spec.add_development_dependency "steep", "~> 1.2.1"
|
34
40
|
spec.extensions << 'ext/argon2_wrap/extconf.rb'
|
35
41
|
end
|
data/bin/console
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
-
require
|
5
|
-
require
|
4
|
+
require 'bundler/setup'
|
5
|
+
require 'argon2'
|
6
6
|
|
7
7
|
# You can add fixtures and/or initialization code here to make experimenting
|
8
8
|
# with your gem easier. You can also use a different console, if you like.
|
9
9
|
|
10
10
|
# (If you use this, don't forget to add pry to your Gemfile!)
|
11
|
-
# require
|
11
|
+
# require 'pry'
|
12
12
|
# Pry.start
|
13
13
|
|
14
|
-
require
|
14
|
+
require 'irb'
|
15
15
|
IRB.start
|
data/bin/setup
CHANGED
@@ -1,10 +1,15 @@
|
|
1
1
|
#!/bin/bash
|
2
|
+
# Exit the script immediately if a command fails
|
2
3
|
set -euo pipefail
|
4
|
+
# Internal Field Separator
|
3
5
|
IFS=$'\n\t'
|
4
6
|
|
7
|
+
# Initialize Git Submodules
|
8
|
+
git submodule update --init --recursive
|
9
|
+
|
10
|
+
# Build the Argon2 C Library. Git submodules must be initialized first!
|
5
11
|
bundle install
|
6
12
|
cd ext/argon2_wrap/
|
13
|
+
ruby extconf.rb
|
7
14
|
make
|
8
15
|
cd ../..
|
9
|
-
|
10
|
-
# Do any other automated setup that you need to do here
|
data/bin/test
ADDED
Binary file
|
data/ext/argon2_wrap/extconf.rb
CHANGED
@@ -83,7 +83,7 @@ ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),DragonFly FreeBSD NetBSD OpenBSD))
|
|
83
83
|
endif
|
84
84
|
ifeq ($(KERNEL_NAME), Darwin)
|
85
85
|
LIB_EXT := $(ABI_VERSION).dylib
|
86
|
-
LIB_CFLAGS
|
86
|
+
LIB_CFLAGS = -dynamiclib -install_name $(PREFIX)/$(LIBRARY_REL)/lib$(LIB_NAME).$(LIB_EXT)
|
87
87
|
LINKED_LIB_EXT := dylib
|
88
88
|
PC_EXTRA_LIBS ?=
|
89
89
|
endif
|
@@ -0,0 +1,46 @@
|
|
1
|
+
// swift-tools-version:5.3
|
2
|
+
|
3
|
+
import PackageDescription
|
4
|
+
|
5
|
+
let package = Package(
|
6
|
+
name: "argon2",
|
7
|
+
products: [
|
8
|
+
.library(
|
9
|
+
name: "argon2",
|
10
|
+
targets: ["argon2"]),
|
11
|
+
],
|
12
|
+
targets: [
|
13
|
+
.target(
|
14
|
+
name: "argon2",
|
15
|
+
path: ".",
|
16
|
+
exclude: [
|
17
|
+
"kats",
|
18
|
+
"vs2015",
|
19
|
+
"latex",
|
20
|
+
"libargon2.pc.in",
|
21
|
+
"export.sh",
|
22
|
+
"appveyor.yml",
|
23
|
+
"Argon2.sln",
|
24
|
+
"argon2-specs.pdf",
|
25
|
+
"CHANGELOG.md",
|
26
|
+
"LICENSE",
|
27
|
+
"Makefile",
|
28
|
+
"man",
|
29
|
+
"README.md",
|
30
|
+
"src/bench.c",
|
31
|
+
"src/genkat.c",
|
32
|
+
"src/opt.c",
|
33
|
+
"src/run.c",
|
34
|
+
"src/test.c",
|
35
|
+
],
|
36
|
+
sources: [
|
37
|
+
"src/blake2/blake2b.c",
|
38
|
+
"src/argon2.c",
|
39
|
+
"src/core.c",
|
40
|
+
"src/encoding.c",
|
41
|
+
"src/ref.c",
|
42
|
+
"src/thread.c"
|
43
|
+
]
|
44
|
+
)
|
45
|
+
]
|
46
|
+
)
|
@@ -44,9 +44,11 @@ Please report bugs as issues on this repository.
|
|
44
44
|
## Usage
|
45
45
|
|
46
46
|
`make` builds the executable `argon2`, the static library `libargon2.a`,
|
47
|
-
and the shared library `libargon2.so` (or
|
48
|
-
|
49
|
-
|
47
|
+
and the shared library `libargon2.so` (or on macOS, the dynamic library
|
48
|
+
`libargon2.dylib` -- make sure to specify the installation prefix when
|
49
|
+
you compile: `make PREFIX=/usr`). Make sure to run `make test` to verify
|
50
|
+
that your build produces valid results. `sudo make install PREFIX=/usr`
|
51
|
+
installs it to your system.
|
50
52
|
|
51
53
|
### Command-line utility
|
52
54
|
|
@@ -148,7 +150,7 @@ int main(void)
|
|
148
150
|
uint8_t *pwd = (uint8_t *)strdup(PWD);
|
149
151
|
uint32_t pwdlen = strlen((char *)pwd);
|
150
152
|
|
151
|
-
uint32_t t_cost = 2; //
|
153
|
+
uint32_t t_cost = 2; // 2-pass computation
|
152
154
|
uint32_t m_cost = (1<<16); // 64 mebibytes memory usage
|
153
155
|
uint32_t parallelism = 1; // number of threads and lanes
|
154
156
|
|
@@ -244,6 +246,7 @@ Bindings are available for the following languages (make sure to read
|
|
244
246
|
their documentation):
|
245
247
|
|
246
248
|
* [Android (Java/Kotlin)](https://github.com/lambdapioneer/argon2kt) by [@lambdapioneer](https://github.com/lambdapioneer)
|
249
|
+
* [Dart](https://github.com/tmthecoder/dargon2) by [@tmthecoder](https://github.com/tmthecoder)
|
247
250
|
* [Elixir](https://github.com/riverrun/argon2_elixir) by [@riverrun](https://github.com/riverrun)
|
248
251
|
* [Erlang](https://github.com/ergenius/eargon2) by [@ergenius](https://github.com/ergenius)
|
249
252
|
* [Go](https://github.com/tvdburgt/go-argon2) by [@tvdburgt](https://github.com/tvdburgt)
|
@@ -269,6 +272,7 @@ their documentation):
|
|
269
272
|
* [Perl](https://github.com/Leont/crypt-argon2) by [@leont](https://github.com/Leont)
|
270
273
|
* [mruby](https://github.com/Asmod4n/mruby-argon2) by [@Asmod4n](https://github.com/Asmod4n)
|
271
274
|
* [Swift](https://github.com/ImKcat/CatCrypto) by [@ImKcat](https://github.com/ImKcat)
|
275
|
+
* [Swift](https://github.com/tmthecoder/Argon2Swift) by [@tmthecoder](https://github.com/tmthecoder)
|
272
276
|
|
273
277
|
|
274
278
|
## Test suite
|
data/lib/argon2/ffi_engine.rb
CHANGED
@@ -62,13 +62,13 @@ module Argon2
|
|
62
62
|
result.unpack('H*').join
|
63
63
|
end
|
64
64
|
|
65
|
-
def self.hash_argon2id(password, salt, t_cost, m_cost, out_len = nil)
|
65
|
+
def self.hash_argon2id(password, salt, t_cost, m_cost, p_cost, out_len = nil)
|
66
66
|
out_len = (out_len || Constants::OUT_LEN).to_i
|
67
67
|
raise ArgonHashFail, "Invalid output length" if out_len < 1
|
68
68
|
|
69
69
|
result = ''
|
70
70
|
FFI::MemoryPointer.new(:char, out_len) do |buffer|
|
71
|
-
ret = Ext.argon2id_hash_raw(t_cost, 1 << m_cost,
|
71
|
+
ret = Ext.argon2id_hash_raw(t_cost, 1 << m_cost, p_cost, password,
|
72
72
|
password.length, salt, salt.length,
|
73
73
|
buffer, out_len)
|
74
74
|
raise ArgonHashFail, ERRORS[ret.abs] unless ret.zero?
|
@@ -78,7 +78,7 @@ module Argon2
|
|
78
78
|
result.unpack('H*').join
|
79
79
|
end
|
80
80
|
|
81
|
-
def self.hash_argon2id_encode(password, salt, t_cost, m_cost, secret)
|
81
|
+
def self.hash_argon2id_encode(password, salt, t_cost, m_cost, p_cost, secret)
|
82
82
|
result = ''
|
83
83
|
secretlen = secret.nil? ? 0 : secret.bytesize
|
84
84
|
passwordlen = password.nil? ? 0 : password.bytesize
|
@@ -87,7 +87,7 @@ module Argon2
|
|
87
87
|
FFI::MemoryPointer.new(:char, Constants::ENCODE_LEN) do |buffer|
|
88
88
|
ret = Ext.argon2_wrap(buffer, password, passwordlen,
|
89
89
|
salt, salt.length, t_cost, (1 << m_cost),
|
90
|
-
|
90
|
+
p_cost, secret, secretlen)
|
91
91
|
raise ArgonHashFail, ERRORS[ret.abs] unless ret.zero?
|
92
92
|
|
93
93
|
result = buffer.read_string(Constants::ENCODE_LEN)
|
@@ -0,0 +1,49 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Argon2
|
4
|
+
##
|
5
|
+
# Get the values from an Argon2 compatible string.
|
6
|
+
#
|
7
|
+
class HashFormat
|
8
|
+
attr_reader :variant, :version, :t_cost, :m_cost, :p_cost, :salt, :checksum
|
9
|
+
|
10
|
+
# FIXME: Reduce complexity/AbcSize
|
11
|
+
# rubocop:disable Metrics/AbcSize
|
12
|
+
def initialize(digest)
|
13
|
+
digest = digest.to_s unless digest.is_a?(String)
|
14
|
+
|
15
|
+
raise Argon2::ArgonHashFail, 'Invalid Argon2 hash' unless self.class.valid_hash?(digest)
|
16
|
+
|
17
|
+
_, variant, version, config, salt, checksum = digest.split('$')
|
18
|
+
# Regex magic to extract the values for each setting
|
19
|
+
version = /v=(\d+)/.match(version)
|
20
|
+
t_cost = /t=(\d+),/.match(config)
|
21
|
+
m_cost = /m=(\d+),/.match(config)
|
22
|
+
p_cost = /p=(\d+)/.match(config)
|
23
|
+
|
24
|
+
# Make sure none of the values are missing
|
25
|
+
raise Argon2::ArgonHashFail, 'Invalid Argon2 version' if version.nil?
|
26
|
+
raise Argon2::ArgonHashFail, 'Invalid Argon2 time cost' if t_cost.nil?
|
27
|
+
raise Argon2::ArgonHashFail, 'Invalid Argon2 memory cost' if m_cost.nil?
|
28
|
+
raise Argon2::ArgonHashFail, 'Invalid Argon2 parallelism cost' if p_cost.nil?
|
29
|
+
|
30
|
+
@variant = variant.to_str
|
31
|
+
@version = version[1].to_i
|
32
|
+
@t_cost = t_cost[1].to_i
|
33
|
+
@m_cost = m_cost[1].to_i
|
34
|
+
@p_cost = p_cost[1].to_i
|
35
|
+
@salt = salt.to_str
|
36
|
+
@checksum = checksum.to_str
|
37
|
+
end
|
38
|
+
# rubocop:enable Metrics/AbcSize
|
39
|
+
|
40
|
+
##
|
41
|
+
# Checks whether a given digest is a valid Argon2 hash.
|
42
|
+
#
|
43
|
+
# Supports 1 and argon2id formats.
|
44
|
+
#
|
45
|
+
def self.valid_hash?(digest)
|
46
|
+
/^\$argon2(id?|d).{,113}/ =~ digest
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
data/lib/argon2/version.rb
CHANGED
data/lib/argon2.rb
CHANGED
@@ -5,6 +5,7 @@ require 'argon2/ffi_engine'
|
|
5
5
|
require 'argon2/version'
|
6
6
|
require 'argon2/errors'
|
7
7
|
require 'argon2/engine'
|
8
|
+
require 'argon2/hash_format'
|
8
9
|
|
9
10
|
module Argon2
|
10
11
|
# Front-end API for the Argon2 module.
|
@@ -16,7 +17,10 @@ module Argon2
|
|
16
17
|
@m_cost = options[:m_cost] || 16
|
17
18
|
raise ArgonHashFail, "Invalid m_cost" if @m_cost < 1 || @m_cost > 31
|
18
19
|
|
19
|
-
@
|
20
|
+
@p_cost = options[:p_cost] || 1
|
21
|
+
raise ArgonHashFail, "Invalid p_cost" if @p_cost < 1 || @p_cost > 8
|
22
|
+
|
23
|
+
@salt_do_not_supply = options[:salt_do_not_supply]
|
20
24
|
@secret = options[:secret]
|
21
25
|
end
|
22
26
|
|
@@ -24,19 +28,21 @@ module Argon2
|
|
24
28
|
raise ArgonHashFail, "Invalid password (expected string)" unless
|
25
29
|
pass.is_a?(String)
|
26
30
|
|
31
|
+
# Ensure salt is freshly generated unless it was intentionally supplied.
|
32
|
+
salt = @salt_do_not_supply || Engine.saltgen
|
33
|
+
|
27
34
|
Argon2::Engine.hash_argon2id_encode(
|
28
|
-
pass,
|
35
|
+
pass, salt, @t_cost, @m_cost, @p_cost, @secret)
|
29
36
|
end
|
30
37
|
|
31
38
|
# Helper class, just creates defaults and calls hash()
|
32
|
-
def self.create(pass)
|
33
|
-
argon2 = Argon2::Password.new
|
39
|
+
def self.create(pass, options = {})
|
40
|
+
argon2 = Argon2::Password.new(options)
|
34
41
|
argon2.create(pass)
|
35
42
|
end
|
36
43
|
|
37
|
-
# Supports 1 and argon2id formats.
|
38
44
|
def self.valid_hash?(hash)
|
39
|
-
|
45
|
+
Argon2::HashFormat.valid_hash?(hash)
|
40
46
|
end
|
41
47
|
|
42
48
|
def self.verify_password(pass, hash, secret = nil)
|
data/sig/argon2.rbs
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
# Classes
|
2
|
+
module Argon2
|
3
|
+
class Password
|
4
|
+
@t_cost: Integer
|
5
|
+
@m_cost: Integer
|
6
|
+
@p_cost: Integer
|
7
|
+
@salt: nil | String
|
8
|
+
@secret: nil | String
|
9
|
+
|
10
|
+
def initialize: (?::Hash[untyped, untyped] options) -> void
|
11
|
+
def create: (String pass) -> untyped
|
12
|
+
def self.create: (String pass) -> untyped
|
13
|
+
def self.valid_hash?: (string hash) -> Integer?
|
14
|
+
def self.verify_password: (untyped pass, untyped hash, ?nil secret) -> untyped
|
15
|
+
end
|
16
|
+
class Engine
|
17
|
+
def self.saltgen: () -> String
|
18
|
+
end
|
19
|
+
class ArgonHashFail < StandardError
|
20
|
+
end
|
21
|
+
end
|
data/sig/constants.rbs
ADDED
data/sig/ffi.rbs
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
module Argon2
|
2
|
+
# Direct external bindings. Call these methods via the Engine class to ensure points are dealt with
|
3
|
+
module Ext
|
4
|
+
extend FFI::Library
|
5
|
+
end
|
6
|
+
|
7
|
+
# The engine class shields users from the FFI interface.
|
8
|
+
# It is generally not advised to directly use this class.
|
9
|
+
class Engine
|
10
|
+
def self.hash_argon2i: (untyped password, untyped salt, untyped t_cost, untyped m_cost, ?untyped? out_len) -> untyped
|
11
|
+
|
12
|
+
def self.hash_argon2id: (untyped password, untyped salt, untyped t_cost, untyped m_cost, untyped p_cost, ?untyped? out_len) -> untyped
|
13
|
+
|
14
|
+
def self.hash_argon2id_encode: (untyped password, untyped salt, untyped t_cost, untyped m_cost, untyped p_cost, untyped secret) -> untyped
|
15
|
+
|
16
|
+
def self.argon2_verify: (untyped pwd, untyped hash, untyped secret) -> (false | true)
|
17
|
+
end
|
18
|
+
end
|
data/sig/version.rbs
ADDED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: argon2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Technion
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-12-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.15'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.15'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: ffi-compiler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +122,20 @@ dependencies:
|
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0.8'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: steep
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: 1.2.1
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: 1.2.1
|
125
139
|
description: Argon2 FFI binding
|
126
140
|
email:
|
127
141
|
- technion@lolware.net
|
@@ -130,7 +144,7 @@ extensions:
|
|
130
144
|
- ext/argon2_wrap/extconf.rb
|
131
145
|
extra_rdoc_files: []
|
132
146
|
files:
|
133
|
-
- ".github/workflows/
|
147
|
+
- ".github/workflows/codeql.yml"
|
134
148
|
- ".github/workflows/ruby.yml"
|
135
149
|
- ".gitignore"
|
136
150
|
- ".gitmodules"
|
@@ -141,13 +155,15 @@ files:
|
|
141
155
|
- LICENSE.txt
|
142
156
|
- README.md
|
143
157
|
- Rakefile
|
158
|
+
- Steepfile
|
144
159
|
- argon2.gemspec
|
145
160
|
- bin/console
|
146
161
|
- bin/setup
|
147
|
-
-
|
162
|
+
- bin/test
|
163
|
+
- ext/argon2_wrap/Makefile.real
|
148
164
|
- ext/argon2_wrap/argon_wrap.c
|
165
|
+
- ext/argon2_wrap/argon_wrap.o
|
149
166
|
- ext/argon2_wrap/extconf.rb
|
150
|
-
- ext/argon2_wrap/libargon2_wrap.so
|
151
167
|
- ext/argon2_wrap/test.c
|
152
168
|
- ext/phc-winner-argon2/.git
|
153
169
|
- ext/phc-winner-argon2/.gitattributes
|
@@ -157,6 +173,7 @@ files:
|
|
157
173
|
- ext/phc-winner-argon2/CHANGELOG.md
|
158
174
|
- ext/phc-winner-argon2/LICENSE
|
159
175
|
- ext/phc-winner-argon2/Makefile
|
176
|
+
- ext/phc-winner-argon2/Package.swift
|
160
177
|
- ext/phc-winner-argon2/README.md
|
161
178
|
- ext/phc-winner-argon2/appveyor.yml
|
162
179
|
- ext/phc-winner-argon2/argon2-specs.pdf
|
@@ -188,7 +205,6 @@ files:
|
|
188
205
|
- ext/phc-winner-argon2/latex/tradeoff.bib
|
189
206
|
- ext/phc-winner-argon2/libargon2.pc.in
|
190
207
|
- ext/phc-winner-argon2/man/argon2.1
|
191
|
-
- ext/phc-winner-argon2/opt.o
|
192
208
|
- ext/phc-winner-argon2/src/argon2.c
|
193
209
|
- ext/phc-winner-argon2/src/bench.c
|
194
210
|
- ext/phc-winner-argon2/src/blake2/blake2-impl.h
|
@@ -233,12 +249,18 @@ files:
|
|
233
249
|
- lib/argon2/engine.rb
|
234
250
|
- lib/argon2/errors.rb
|
235
251
|
- lib/argon2/ffi_engine.rb
|
252
|
+
- lib/argon2/hash_format.rb
|
236
253
|
- lib/argon2/version.rb
|
254
|
+
- sig/argon2.rbs
|
255
|
+
- sig/constants.rbs
|
256
|
+
- sig/ffi.rbs
|
257
|
+
- sig/version.rbs
|
237
258
|
homepage: https://github.com/technion/ruby-argon2
|
238
259
|
licenses:
|
239
260
|
- MIT
|
240
|
-
metadata:
|
241
|
-
|
261
|
+
metadata:
|
262
|
+
rubygems_mfa_required: 'true'
|
263
|
+
post_install_message:
|
242
264
|
rdoc_options: []
|
243
265
|
require_paths:
|
244
266
|
- lib
|
@@ -246,15 +268,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
246
268
|
requirements:
|
247
269
|
- - ">="
|
248
270
|
- !ruby/object:Gem::Version
|
249
|
-
version:
|
271
|
+
version: 2.6.0
|
250
272
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
251
273
|
requirements:
|
252
274
|
- - ">="
|
253
275
|
- !ruby/object:Gem::Version
|
254
276
|
version: '0'
|
255
277
|
requirements: []
|
256
|
-
rubygems_version: 3.
|
257
|
-
signing_key:
|
278
|
+
rubygems_version: 3.3.5
|
279
|
+
signing_key:
|
258
280
|
specification_version: 4
|
259
281
|
summary: Argon2 Password hashing binding
|
260
282
|
test_files: []
|
@@ -1,16 +0,0 @@
|
|
1
|
-
name: Rubocop
|
2
|
-
|
3
|
-
# Run this workflow every time a new commit pushed to your repository
|
4
|
-
on: push
|
5
|
-
|
6
|
-
jobs:
|
7
|
-
|
8
|
-
rubocop:
|
9
|
-
name: Rubocopchecks
|
10
|
-
runs-on: ubuntu-latest
|
11
|
-
steps:
|
12
|
-
- name: Run Rubocop
|
13
|
-
uses: gimenete/rubocop-action@1.0
|
14
|
-
env:
|
15
|
-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
16
|
-
|
Binary file
|
data/ext/phc-winner-argon2/opt.o
DELETED
Binary file
|