argon2 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4679e5dd53222a5799fac835361a04a77ae696ae
-  data.tar.gz: f53efbb7d825c9e271a6812a03340dc951b58c9b
+  metadata.gz: e033ede9fe4ee7af5fb80343fbf6b07a8e5d154d
+  data.tar.gz: a13a0c907078a0ceb7d09e4c73d8839702588bad
 SHA512:
-  metadata.gz: bd1070534755d5f6582e6030b2b2e8907deca141553a1f767827ada8816321a16418ac245aa3e5c7453534ae93a649b5173bfe96cc1c3742f380d7194f22328b
-  data.tar.gz: 9e912c470b069e3b45a3253b7ad7761138d695468e8a5c65aa8495a98f7bcddf0c0cb1d708ee1165c87b9619e655bcf7ff29b1727e83f9190a46ce22a2d497c3
+  metadata.gz: e504a8d8f561768a65672742d27cbba36a3ccfc096ad705e19ecc912d6017b5bf4ce4c1f6283b50886b0e9b18e3e0b49f32943a4eb2618911290d911a7ec45f7
+  data.tar.gz: 73c8082e8a39fbf6147bdc15dbb5c5f1c441c95cbd9d45994e65d7f87d566f04af9d9448f0ef20cdd09462b6c4134a5e960ca5b2fa2212de638bef4fb5e53e39

data/.rubocop.yml

@@ -0,0 +1,66 @@
+# This configuration was generated by
+# `rubocop --auto-gen-config`
+Metrics/AbcSize:
+  Max: 16
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+Metrics/LineLength:
+  Max: 160
+
+Metrics/MethodLength:
+  Max: 24
+
+Style/AlignParameters:
+  Enabled: false
+
+Style/AlignArray:
+  Enabled: false
+
+# Configuration parameters: Exclude.
+Style/Documentation:
+  Exclude:
+    - 'spec/**/*'
+    - 'test/**/*'
+
+# Offense count: 16
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, SupportedStyles.
+Style/FirstParameterIndentation:
+  Exclude:
+    - 'lib/argon2.rb'
+    - 'test/low_level_test.rb'
+    - 'test/util_test.rb'
+
+Style/HashSyntax:
+  Enabled: false
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/IndentArray:
+  Exclude:
+    - 'lib/argon2/errors.rb'
+
+# Offense count: 44
+# Cop supports --auto-correct.
+Style/LeadingCommentSpace:
+  Exclude:
+    - 'ext/argon2_wrap/extconf.rb'
+    - 'lib/argon2.rb'
+    - 'lib/argon2/constants.rb'
+    - 'lib/argon2/ffi_engine.rb'
+    - 'test/api_test.rb'
+    - 'test/low_level_test.rb'
+    - 'test/util.rb'
+    - 'test/util_lib.rb'
+
+Style/SignalException:
+  Enabled: false
+
+Style/StringLiterals:
+  Enabled: false
+
+Style/WordArray:
+  MinSize: 33

data/.travis.yml

@@ -4,3 +4,7 @@ rvm:
   - jruby-9000
 before_install: gem install bundler -v 1.10.5
 install: bin/setup
+script:
+  - cd ext/argon2_wrap/ && make test && cd ../..
+  - CODECLIMATE_REPO_TOKEN=28e3d5d04f4ec87d0899784e6aecc13d7787343b2634b3c94fc1216993d443c2 rake test
+  - rake rubocop

data/README.md

@@ -2,21 +2,70 @@
 
 This Ruby Gem provides FFI bindings, and a simplified interface, to the Argon2 algorithm. [Argon2](https://github.com/P-H-C/phc-winner-argon2) is the official winner of the Password Hashing Competition, a several year project to identify a successor to bcrypt/PBKDF/scrypt methods of securely storing passwords. This is an independant project and not official from the PHC team.
 
-*This gem is still in early development* and at this point is not recommended for use, even in testing.
+*This gem is now considered a beta release* and at this point is not recommended for production use. It has however moved on to being feature complete and users are encouraged to test this product.
 
-For early documentation, please see the test cases, which currently demonstrate low level hashing capabilities.
 
 [![Build Status](https://travis-ci.org/technion/ruby-argon2.svg?branch=master)](https://travis-ci.org/technion/ruby-argon2)
+[![Code Climate](https://codeclimate.com/github/technion/ruby-argon2/badges/gpa.svg)](https://codeclimate.com/github/technion/ruby-argon2)
+[![Test Coverage](https://codeclimate.com/github/technion/ruby-argon2/badges/coverage.svg)](https://codeclimate.com/github/technion/ruby-argon2/coverage)
 
 ## Design
 
 This project has several key tenants to its design:
 
-* The reference Argon2 implementation is to be used "unaltered". To ensure this does not occur, and encourage regular updates from upstream, this is implemented as a git submodule, and is intended to stay that way.
+* The reference Argon2 implementation is to be used "unaltered". To ensure compliance wit this goal, and encourage regular updates from upstream, this is implemented as a git submodule, and is intended to stay that way.
 * The FFI interface is kept as slim as possible, with wrapper classes preferred to implementing context structs in FFI
 * Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
 * Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
-* Test suits are aimed to be very comprehensive.
+* Test suits should aim for 100% code coverage.
+* Default work values should not be considered constants. I will increase them from time to time.
+* Not exposing the threads parameter is a design choice. I believe there is significant risk, and minimal gain in using a value other than '1'. Four threads on a four core box completely ties up the entire server to process one user logon. If you want more security, increase m_cost.
+
+## Usage
+
+Require this in your Gemfile like a typical Ruby gem:
+
+```ruby
+require 'argon2'
+```
+
+To generate a hash using specific time and memory cost:
+
+```ruby
+hasher = Argon2::Password.new(t_cost: 2, m_cost: 16)
+hasher.hash("password")
+     => "$argon2i$m=65536,t=2,p=1$mLa9JT3Y9P2XhB5Mtuj+yQ$rojObVNKe/ehgd9SWQBB+8nJ8L34Aj3Kiz+aNrWvrx4"
+```
+
+To utilise default costs:
+
+```ruby
+hasher = Argon2::Password.new
+hasher.hash("password")
+```
+
+Alternatively, use this shotcut:
+
+```ruby
+Argon2::Password.hash("password")
+     => "$argon2i$m=65536,t=2,p=1$AZwVlHIbgRC7yQhkPKa4tA$F5eM2Zzt4GhIVnR8SNOh3ysyMvGxAO6omsw8kzjbcs4"
+```
+
+You can then use this function to verify a password against a given hash. Will return either true or false.
+
+```ruby
+Argon2::Password.verify_password("password", secure_password)
+```
+
+Argon2 supports an optional key value. This should be stored securely on your server, such as alongside your database credentials. Hashes generated with a key will only validate when presented that key.
+
+```ruby
+KEY = "A key"
+argon = Argon2::Password.new(t_cost: 2, m_cost: 16, secret: KEY)
+myhash = argon.hash("A password")
+Argon2::Password.verify_password("A password", myhash, KEY)
+```
+
 
 ## FAQ
 ### Don't roll your own crypto!
@@ -31,9 +80,15 @@ Although the low level C contains support for "secure memory wipe", any code hit
 
 The reference implementation is aimed to provide secure hashing for many years. This implementation doesn't want you to DoS yourself in the meantime. Accordingly, some limits artificial limits exist on work powers. This gem can be much more agile in raising these as technology progresses.
 
+### Salts in general
+
+If you are providing your own salt, you are probably using it wrong. The design of any secure hashing system should take care of it for you.
+
 ## Contributing
 
-Not yet - the code is in a high state of flux. If you feel you have identified a security issue, please email me directly. For any other bugs, it is too early to review them.
+Any form of contribution is appreciated, however, please note the design goals above and work within them.
+
+If an issue is felt to be a security concern, please contact me privately on: technion@lolware.net. If required, you may encrypt with [my GPG key](https://lolware.net/technion-GPG-KEY).
 
 ## License
 

data/Rakefile

@@ -1,5 +1,8 @@
 require "bundler/gem_tasks"
 require "rake/testtask"
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new
 
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"

data/argon2.gemspec

@@ -9,26 +9,24 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Technion"]
   spec.email         = ["technion@lolware.net"]
 
-  spec.summary       = %q{Argon2 Password hashing binding}
-  spec.description   = %q{Not remotely finished Argon2 binding}
-  spec.homepage      = "https://github.com/technion/ruby-argon2"
-  spec.license       = "MIT"
+  spec.summary       = 'Argon2 Password hashing binding'
+  spec.description   = 'Argon2 FFI binding'
+  spec.homepage      = 'https://github.com/technion/ruby-argon2'
+  spec.license       = 'MIT'
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-#  submodule_path = 'ext/phc-winner-argon2/src'
-#  `ls #{submodule_path}`.split.each do |filename|
-#    spec.files << "#{submodule_path}/#{filename}"
-#  end
   spec.files << `find ext`.split
-  
+
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
   spec.add_dependency 'ffi', '~> 1.9'
   spec.add_dependency 'ffi-compiler', '~> 0.1'
 
-  spec.add_development_dependency "bundler", "~> 1.10"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "minitest", '~> 5'
+  spec.add_development_dependency "bundler", '~> 1.10', '>= 1.10.5'
+  spec.add_development_dependency "rake", '~> 10.4', '>= 10.4.2'
+  spec.add_development_dependency "minitest", '~> 5.8'
+  spec.add_development_dependency "rubocop", '~> 0.35'
+  spec.add_development_dependency "codeclimate-test-reporter", '~> 0.4'
   spec.extensions << 'ext/argon2_wrap/extconf.rb'
 end

data/ext/argon2_wrap/Makefile

@@ -10,7 +10,7 @@
 
 DIST_SRC = ../phc-winner-argon2/src
 CC = gcc
-SRC = $(DIST_SRC)/argon2.c $(DIST_SRC)/core.c $(DIST_SRC)/blake2/blake2b.c $(DIST_SRC)/thread.c argon_wrap.c
+SRC = $(DIST_SRC)/argon2.c $(DIST_SRC)/core.c $(DIST_SRC)/blake2/blake2b.c $(DIST_SRC)/thread.c $(DIST_SRC)/encoding.c argon_wrap.c
 OBJ = $(SRC:.c=.o)
 
 CFLAGS = -std=c89 -pthread -O3 -Wall -g
@@ -62,11 +62,11 @@ libs: $(SRC)
 #Deliberately avoiding the CFLAGS for our test cases - disable optimise and
 #C89
 test: $(SRC) test.c
-		$(CC) -pthread -O3 -Wall -g $^ -o tests
-		./tests
+	clang -pthread -O3 -fsanitize=address -fsanitize=undefined -Wall -g $^ -o tests
+	./tests
 
 clean:
-	rm -rf tests libargon2_wrap.so
+	rm -f tests libargon2_wrap.so
 
 install:
 	echo none

data/ext/argon2_wrap/argon_wrap.c

@@ -12,6 +12,7 @@
 
 #include "../phc-winner-argon2/src/argon2.h"
 #include "../phc-winner-argon2/src/core.h"
+#include "../phc-winner-argon2/src/encoding.h"
 
 #define T_COST_DEF 3
 #define LOG_M_COST_DEF 12 /* 2^12 = 4 MiB */
@@ -19,9 +20,13 @@
 #define THREADS_DEF 1
 #define OUT_LEN 32
 #define SALT_LEN 16
+#define ENCODE_LEN 108
 
-unsigned int argon2_wrap(char *out, char *pwd, uint8_t *salt, uint32_t t_cost,
-                uint32_t m_cost, uint32_t lanes)
+int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len);
+
+unsigned int argon2_wrap(char *out, const char *pwd, uint8_t *salt, 
+        uint32_t t_cost, uint32_t m_cost, uint32_t lanes, 
+        uint8_t *secret, size_t secretlen)
 {
     unsigned pwd_length;
     uint8_t hash[OUT_LEN];
@@ -43,8 +48,8 @@ unsigned int argon2_wrap(char *out, char *pwd, uint8_t *salt, uint32_t t_cost,
     context.pwdlen = pwd_length;
     context.salt = salt;
     context.saltlen = SALT_LEN;
-    context.secret = NULL;
-    context.secretlen = 0;
+    context.secret = secret;
+    context.secretlen = secretlen;
     context.ad = NULL;
     context.adlen = 0;
     context.t_cost = t_cost;
@@ -59,7 +64,54 @@ unsigned int argon2_wrap(char *out, char *pwd, uint8_t *salt, uint32_t t_cost,
     if (result != ARGON2_OK)
         return result;
 
-    encode_string(out, 300, &context);
+    encode_string(out, ENCODE_LEN, &context, Argon2_i);
     return ARGON2_OK;
 }
  
+int wrap_argon2_verify(const char *encoded, const char *pwd,
+    const size_t pwdlen,
+    uint8_t *secret, size_t secretlen)
+{
+    argon2_context ctx;
+    int ret;
+    char out[ENCODE_LEN];
+    memset(&ctx, 0, sizeof(argon2_context));
+
+    /* max values, to be updated in decode_string */
+    ctx.adlen = 512;
+    ctx.saltlen = 512;
+    ctx.outlen = 512;
+
+    ctx.ad = malloc(ctx.adlen);
+    ctx.salt = malloc(ctx.saltlen);
+    ctx.out = malloc(ctx.outlen);
+    if (!ctx.out || !ctx.salt || !ctx.ad) {
+        free(ctx.ad);
+        free(ctx.salt);
+        free(ctx.out);
+        return ARGON2_MEMORY_ALLOCATION_ERROR;
+    }
+
+    if(decode_string(&ctx, encoded, Argon2_i) != 1) {
+        free(ctx.ad);
+        free(ctx.salt);
+        free(ctx.out);
+        return ARGON2_DECODING_FAIL;
+    } 
+
+    ret = argon2_wrap(out, pwd, ctx.salt, ctx.t_cost, 
+           ctx.m_cost, ctx.lanes, secret, secretlen);
+
+    free(ctx.ad);
+    free(ctx.salt);
+
+    if (ret != ARGON2_OK || argon2_compare((uint8_t*)out, (uint8_t*)encoded, 
+                strlen(encoded))) {
+        free(ctx.out);
+        return ARGON2_DECODING_FAIL;
+    }
+    free(ctx.out);
+
+    return ARGON2_OK;
+}
+

data/ext/argon2_wrap/test.c

@@ -8,26 +8,52 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
+#include <assert.h>
 
 #include "../phc-winner-argon2/src/argon2.h"
 
 #define OUT_LEN 32
 #define SALT_LEN 16
 
+/**
+ * Hashes a password with Argon2i, producing a raw hash
+ * @param t_cost Number of iterations
+ * @param m_cost Sets memory usage to 2^m_cost kibibytes
+ * @param parallelism Number of threads and compute lanes
+ * @param pwd Pointer to password
+ * @param pwdlen Password size in bytes
+ * @param salt Pointer to salt
+ * @param saltlen Salt size in bytes
+ * @param hash Buffer where to write the raw hash
+ * @param hashlen Desired length of the hash in bytes
+ * @pre   Different parallelism levels will give different results
+ * @pre   Returns ARGON2_OK if successful
 
+int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                     const uint32_t parallelism, const void *pwd,
+                     const size_t pwdlen, const void *salt,
+                     const size_t saltlen, void *hash, const size_t hashlen);
+
+*/
+
+void argon2_wrap(char *out, const char *pwd, uint8_t *salt, uint32_t t_cost,
+    uint32_t m_cost, uint32_t lanes,
+    uint8_t *secret, size_t secretlen);
+
+int wrap_argon2_verify(const char *encoded, const char *pwd,
+    const size_t pwdlen,
+    uint8_t *secret, size_t secretlen);
 
-void argon2_wrap(char *out, char *pwd, uint8_t *salt, uint32_t t_cost,
-    uint32_t m_cost, uint32_t lanes);
  
 int main()
 {
     unsigned char out[OUT_LEN];
+    unsigned char hex_out[OUT_LEN*2];
     char out2[300];
     char *pwd = NULL;
     uint8_t salt[SALT_LEN];
-    int i;
+    int i, ret;
 
-    pwd = strdup("password");
     memset(salt, 0x00, SALT_LEN); /* pad with null bytes */
     memcpy(salt, "somesalt", 8);
 
@@ -49,17 +75,63 @@ int main()
      * ./argon2 password diffsalt -t 2 -m 16 -p 1
      * Hash: 8f65b47d902fb2aee5e0b2bdc9041b249fc11f06f35551e0bee52716b41e8311
      */
-    hash_argon2i( out, OUT_LEN, pwd, strlen(pwd), salt, SALT_LEN, 2, 1<<16 );
-    for(i=0; i<32; ++i )
-        printf( "%02x", out[i] );
-    printf( "\n" );
 
-    strcpy(pwd, "password"); /* hash_argon2i wipes password content */
-    argon2_wrap(out2, pwd, salt, 2, 1<<16, 1);
-    printf("%s\n", out2);
-    free(pwd);;
+#define RAWTEST(T, M, P, PWD, REF) \
+    pwd = strdup(PWD); \
+    ret = argon2i_hash_raw(T, 1<<M, P, pwd, strlen(pwd), salt, SALT_LEN, out, OUT_LEN); \
+    assert(ret == ARGON2_OK); \
+    for(i=0; i<OUT_LEN; ++i ) \
+        sprintf((char*)(hex_out + i*2), "%02x", out[i] ); \
+    assert(memcmp(hex_out, REF, OUT_LEN*2) == 0); \
+    free(pwd); \
+    printf( "Ref test: %s: PASS\n", REF);
+
+    RAWTEST(2, 16, 1, "password", "894af4ff2e2d26f3ce15f77a7e1c25db45b4e20439e9961772ba199caddb001e");
+    RAWTEST(2, 20, 1, "password", "58d4d929aeeafa40cc049f032035784fb085e8e0d0c5a51ea067341a93d6d286");
+    RAWTEST(2, 18, 1, "password", "55292398cce8fc78685e610d004ca9bda5c325a0a2e6285a0de5f816df139aa6");
+    RAWTEST(2, 8, 1, "password", "e346b1e1aa7ca58c9bb862e223ba5604064398d4394e49e90972c6b54cef43ed");
+    RAWTEST(1, 16, 1, "password", "b49199e4ecb0f6659e6947f945e391c940b17106e1d0b0a9888006c7f87a789b");
+    RAWTEST(4, 16, 1, "password", "72207b3312d79995fbe7b30664837ae1246f9a98e07eac34835ca3498e705f85");
+    RAWTEST(2, 16, 1, "differentpassword", "8e286f605ed7383987a4aac25a28a04808593b6e17613bc31457146c4f3f4361");
+    memcpy(salt, "diffsalt", 8);
+    RAWTEST(2, 16, 1, "password", "8f65b47d902fb2aee5e0b2bdc9041b249fc11f06f35551e0bee52716b41e8311");
+
+
+#define WRAP_TEST(T, M, PWD, REF) \
+    pwd = strdup(PWD); \
+    argon2_wrap(out2, pwd, salt, T, 1<<M, 1, NULL, 0); \
+    free(pwd); \
+    assert(memcmp(out2, REF, strlen(REF)) == 0); \
+    printf( "Ref test: %s: PASS\n", REF);
+
+    memcpy(salt, "somesalt", 8);
+    /* echo password | ./argon2 somesalt -t 2 -m 16
+     * $argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$iUr0/y4tJvPOFfd6fhwl20W04gQ56ZYXcroZnK3bAB4
+     */
+    WRAP_TEST(2, 16, "password", 
+            "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$iUr0/y4tJvPOFfd6fhwl20W04gQ56ZYXcroZnK3bAB4");
+
+    /* echo password | ./argon2 somesalt -t 2 -m 8
+     * $argon2i$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$40ax4ap8pYybuGLiI7pWBAZDmNQ5TknpCXLGtUzvQ+0
+     */
+    WRAP_TEST(2, 8, "password", 
+            "$argon2i$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$40ax4ap8pYybuGLiI7pWBAZDmNQ5TknpCXLGtUzvQ+0");
+
+    /* echo diffpassword | ./argon2 somesalt -t 2 -m 16
+     * $argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$y/IeiuTydN/Sud4UzLqv6Spx8Eqree6FoP088X6WyW4
+     */
+    WRAP_TEST(2, 16, "diffpassword", 
+            "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$y/IeiuTydN/Sud4UzLqv6Spx8Eqree6FoP088X6WyW4");
 
+    ret = wrap_argon2_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$iUr0/y4tJvPOFfd6fhwl20W04gQ56ZYXcroZnK3bAB4", "password",
+            strlen("password"), NULL, 0);
+    assert(ret == ARGON2_OK);
+    printf("Verify OK test: PASS\n");
 
+    ret = wrap_argon2_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$iUr0/y4tJvPOFfd6fhwl20W04gQ56ZYXcroZnK3bAB4", "notpassword",
+            strlen("notpassword"), NULL, 0);
+    assert(ret == ARGON2_DECODING_FAIL);
+    printf("Verify FAIL test: PASS\n");
     return 0;