argon2 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +9 -2
- data/ext/argon2_wrap/Makefile +0 -1
- data/ext/argon2_wrap/test.c +1 -0
- data/ext/phc-winner-argon2/src/argon2.c +25 -3
- data/ext/phc-winner-argon2/src/core.c +1 -2
- data/ext/phc-winner-argon2/src/core.h +1 -1
- data/ext/phc-winner-argon2/src/encoding.c +5 -6
- data/ext/phc-winner-argon2/src/encoding.h +4 -1
- data/ext/phc-winner-argon2/src/run.c +18 -2
- data/lib/argon2/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a59ac92cbaf98d789372ec5b51337d53be008395
|
|
4
|
+
data.tar.gz: abd378d5272207160eedb6d8027652ff3ef6930a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 55fb89025c32f22c92d140e614461d04c8da2a6e6d0d9c75d80e05b0947c1864a0acebbbde6a52266445dd64dfe89a76bcfd914e54669f8f287b7c8e949c04d2
|
|
7
|
+
data.tar.gz: dd2698c9e8d5483dc42dc866d9911ac899efdaba3ba32475dfd4673c1a16a4ed42bd518c3f8c623006f8ffb0cbd608d37f6d2a832e96346f60c9589e9f4715d7
|
data/README.md
CHANGED
|
@@ -1,8 +1,10 @@
|
|
|
1
|
-
# Argon2
|
|
1
|
+
# Ruby Argon2 Gem
|
|
2
2
|
|
|
3
3
|
This Ruby Gem provides FFI bindings, and a simplified interface, to the Argon2 algorithm. [Argon2](https://github.com/P-H-C/phc-winner-argon2) is the official winner of the Password Hashing Competition, a several year project to identify a successor to bcrypt/PBKDF/scrypt methods of securely storing passwords. This is an independant project and not official from the PHC team.
|
|
4
4
|
|
|
5
|
-
*This gem is now considered a beta release* and at this point is not recommended for production use.
|
|
5
|
+
*This gem is now considered a beta release* and at this point is not recommended for production use. The more detailed advice here, is that it is feature complete, and I do not intend on making backward breaking API changes without bumping the Gem version semantically. There is complete tests and documentation, and I'm working on a project to put this into production.
|
|
6
|
+
|
|
7
|
+
However, at this point, the reference C library that we pull in is under active development, ([including from myself](https://github.com/P-H-C/phc-winner-argon2/pulls?q=is%3Apr+author%3Atechnion)), and this binding isn't released grade until that is.
|
|
6
8
|
|
|
7
9
|
|
|
8
10
|
[](https://travis-ci.org/technion/ruby-argon2)
|
|
@@ -16,10 +18,12 @@ This project has several key tenants to its design:
|
|
|
16
18
|
* The reference Argon2 implementation is to be used "unaltered". To ensure compliance wit this goal, and encourage regular updates from upstream, this is implemented as a git submodule, and is intended to stay that way.
|
|
17
19
|
* The FFI interface is kept as slim as possible, with wrapper classes preferred to implementing context structs in FFI
|
|
18
20
|
* Security and maintainability take top priority. This can have an impact on platform support. A PR that contains platform specific code paths is unlikely to be accepted.
|
|
21
|
+
* Tested platforms are MRI Ruby 2.2 and JRuby 9000. No assertions are made on other platforms.
|
|
19
22
|
* Errors from the C interface are raised as Exceptions. There are a lot of exception classes, but they tend to relate to things like very broken input, and code bugs. Calls to this library should generally not require a rescue.
|
|
20
23
|
* Test suits should aim for 100% code coverage.
|
|
21
24
|
* Default work values should not be considered constants. I will increase them from time to time.
|
|
22
25
|
* Not exposing the threads parameter is a design choice. I believe there is significant risk, and minimal gain in using a value other than '1'. Four threads on a four core box completely ties up the entire server to process one user logon. If you want more security, increase m_cost.
|
|
26
|
+
* Many Rubocop errors have been disabled, but any commit should avoid new alerts or demonstrate their necessity.
|
|
23
27
|
|
|
24
28
|
## Usage
|
|
25
29
|
|
|
@@ -66,6 +70,9 @@ myhash = argon.hash("A password")
|
|
|
66
70
|
Argon2::Password.verify_password("A password", myhash, KEY)
|
|
67
71
|
```
|
|
68
72
|
|
|
73
|
+
## RubyDocs documentation
|
|
74
|
+
|
|
75
|
+
[The usual URL](http://www.rubydoc.info/gems/argon2) will provide detailed documentation.
|
|
69
76
|
|
|
70
77
|
## FAQ
|
|
71
78
|
### Don't roll your own crypto!
|
data/ext/argon2_wrap/Makefile
CHANGED
data/ext/argon2_wrap/test.c
CHANGED
|
@@ -130,6 +130,9 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
|
|
|
130
130
|
}
|
|
131
131
|
|
|
132
132
|
out = malloc(hashlen);
|
|
133
|
+
if (!out) {
|
|
134
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
|
135
|
+
}
|
|
133
136
|
|
|
134
137
|
context.out = (uint8_t *)out;
|
|
135
138
|
context.outlen = (uint32_t)hashlen;
|
|
@@ -230,6 +233,7 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
|
|
|
230
233
|
|
|
231
234
|
argon2_context ctx;
|
|
232
235
|
uint8_t *out;
|
|
236
|
+
int ret;
|
|
233
237
|
|
|
234
238
|
/* max values, to be updated in decode_string */
|
|
235
239
|
ctx.adlen = 512;
|
|
@@ -239,17 +243,35 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
|
|
|
239
243
|
ctx.ad = malloc(ctx.adlen);
|
|
240
244
|
ctx.salt = malloc(ctx.saltlen);
|
|
241
245
|
ctx.out = malloc(ctx.outlen);
|
|
246
|
+
if (!ctx.out || !ctx.salt || !ctx.ad) {
|
|
247
|
+
free(ctx.ad);
|
|
248
|
+
free(ctx.salt);
|
|
249
|
+
free(ctx.out);
|
|
250
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
|
251
|
+
}
|
|
242
252
|
out = malloc(ctx.outlen);
|
|
253
|
+
if (!out) {
|
|
254
|
+
free(ctx.ad);
|
|
255
|
+
free(ctx.salt);
|
|
256
|
+
free(ctx.out);
|
|
257
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
|
258
|
+
}
|
|
243
259
|
|
|
244
|
-
decode_string(&ctx, encoded, type)
|
|
260
|
+
if(decode_string(&ctx, encoded, type) != 1) {
|
|
261
|
+
free(ctx.ad);
|
|
262
|
+
free(ctx.salt);
|
|
263
|
+
free(ctx.out);
|
|
264
|
+
free(out);
|
|
265
|
+
return ARGON2_DECODING_FAIL;
|
|
266
|
+
}
|
|
245
267
|
|
|
246
|
-
argon2_hash(ctx.t_cost, ctx.m_cost, ctx.threads, pwd, pwdlen, ctx.salt,
|
|
268
|
+
ret = argon2_hash(ctx.t_cost, ctx.m_cost, ctx.threads, pwd, pwdlen, ctx.salt,
|
|
247
269
|
ctx.saltlen, out, ctx.outlen, NULL, 0, type);
|
|
248
270
|
|
|
249
271
|
free(ctx.ad);
|
|
250
272
|
free(ctx.salt);
|
|
251
273
|
|
|
252
|
-
if (argon2_compare(out, ctx.out, ctx.outlen)) {
|
|
274
|
+
if (ret != ARGON2_OK || argon2_compare(out, ctx.out, ctx.outlen)) {
|
|
253
275
|
free(out);
|
|
254
276
|
free(ctx.out);
|
|
255
277
|
return ARGON2_DECODING_FAIL;
|
|
@@ -361,8 +361,7 @@ int validate_inputs(const argon2_context *context) {
|
|
|
361
361
|
return ARGON2_PWD_PTR_MISMATCH;
|
|
362
362
|
}
|
|
363
363
|
} else {
|
|
364
|
-
if (ARGON2_MIN_PWD_LENGTH
|
|
365
|
-
ARGON2_MIN_PWD_LENGTH > context->pwdlen) {
|
|
364
|
+
if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) {
|
|
366
365
|
return ARGON2_PWD_TOO_SHORT;
|
|
367
366
|
}
|
|
368
367
|
|
|
@@ -171,7 +171,7 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
|
|
|
171
171
|
* @param blockhash Pointer to the pre-hashing digest
|
|
172
172
|
* @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values
|
|
173
173
|
*/
|
|
174
|
-
void
|
|
174
|
+
void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
|
|
175
175
|
|
|
176
176
|
/*
|
|
177
177
|
* Function allocates memory, hashes the inputs with Blake, and creates first
|
|
@@ -58,7 +58,7 @@
|
|
|
58
58
|
* Some macros for constant-time comparisons. These work over values in
|
|
59
59
|
* the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true".
|
|
60
60
|
*/
|
|
61
|
-
#define EQ(x, y) ((((-((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF)
|
|
61
|
+
#define EQ(x, y) ((((0U-((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF)
|
|
62
62
|
#define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF)
|
|
63
63
|
#define GE(x, y) (GT(y, x) ^ 0xFF)
|
|
64
64
|
#define LT(x, y) GT(y, x)
|
|
@@ -122,11 +122,11 @@ static size_t to_base64(char *dst, size_t dst_len, const void *src,
|
|
|
122
122
|
acc_len += 8;
|
|
123
123
|
while (acc_len >= 6) {
|
|
124
124
|
acc_len -= 6;
|
|
125
|
-
*dst++ = b64_byte_to_char((acc >> acc_len) & 0x3F);
|
|
125
|
+
*dst++ = (char) b64_byte_to_char((acc >> acc_len) & 0x3F);
|
|
126
126
|
}
|
|
127
127
|
}
|
|
128
128
|
if (acc_len > 0) {
|
|
129
|
-
*dst++ = b64_byte_to_char((acc << (6 - acc_len)) & 0x3F);
|
|
129
|
+
*dst++ = (char) b64_byte_to_char((acc << (6 - acc_len)) & 0x3F);
|
|
130
130
|
}
|
|
131
131
|
*dst++ = 0;
|
|
132
132
|
return olen;
|
|
@@ -197,7 +197,6 @@ static const char *decode_decimal(const char *str, unsigned long *v) {
|
|
|
197
197
|
const char *orig;
|
|
198
198
|
unsigned long acc;
|
|
199
199
|
|
|
200
|
-
orig = str;
|
|
201
200
|
acc = 0;
|
|
202
201
|
for (orig = str;; str++) {
|
|
203
202
|
int c;
|
|
@@ -387,7 +386,7 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
|
|
|
387
386
|
char tmp[30]; \
|
|
388
387
|
sprintf(tmp, "%lu", (unsigned long)(x)); \
|
|
389
388
|
SS(tmp); \
|
|
390
|
-
} while (0)
|
|
389
|
+
} while (0)
|
|
391
390
|
|
|
392
391
|
#define SB(buf, len) \
|
|
393
392
|
do { \
|
|
@@ -397,7 +396,7 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
|
|
|
397
396
|
} \
|
|
398
397
|
dst += sb_len; \
|
|
399
398
|
dst_len -= sb_len; \
|
|
400
|
-
} while (0)
|
|
399
|
+
} while (0)
|
|
401
400
|
|
|
402
401
|
if (type == Argon2_i)
|
|
403
402
|
SS("$argon2i$m=");
|
|
@@ -27,6 +27,22 @@
|
|
|
27
27
|
#define THREADS_DEF 1
|
|
28
28
|
#define OUT_LEN 32
|
|
29
29
|
#define SALT_LEN 16
|
|
30
|
+
/* Sample encode: $argon2i$m=65536,t=2,p=4$c29tZXNhbHQAAAAAAAAAAA$QWLzI4TY9HkL2ZTLc8g6SinwdhZewYrzz9zxCo0bkGY
|
|
31
|
+
* Maximumum lengths are defined as:
|
|
32
|
+
* strlen $argon2i$ = 9
|
|
33
|
+
* m=65536 with strlen (uint32_t)-1 = 10, so this total is 12
|
|
34
|
+
* ,t=2,p=4 If we consider each number to potentially reach four digits in future, this = 14
|
|
35
|
+
* $c29tZXNhbHQAAAAAAAAAAA Formula for this is (SALT_LEN * 4 + 3) / 3 + 1 = 23
|
|
36
|
+
* $QWLzI4TY9HkL2ZTLc8g6SinwdhZewYrzz9zxCo0bkGY per above formula, = 44
|
|
37
|
+
* + NULL byte
|
|
38
|
+
* 9 + 12 + 14 + 23 + 44 + 1 = 103
|
|
39
|
+
* Rounded to 4 byte boundary: 104
|
|
40
|
+
*
|
|
41
|
+
* WARNING: 104 is only for the parameters supported by this
|
|
42
|
+
command-line utility. You'll need a longer ENCODED_LEN to support
|
|
43
|
+
longer salts and ouputs, as supported by the argon2 library
|
|
44
|
+
*/
|
|
45
|
+
#define ENCODED_LEN 108
|
|
30
46
|
|
|
31
47
|
#define UNUSED_PARAMETER(x) (void)(x)
|
|
32
48
|
|
|
@@ -67,8 +83,8 @@ static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
|
|
|
67
83
|
uint32_t m_cost, uint32_t lanes, uint32_t threads,
|
|
68
84
|
argon2_type type) {
|
|
69
85
|
clock_t start_time, stop_time;
|
|
70
|
-
|
|
71
|
-
char encoded[
|
|
86
|
+
size_t pwdlen;
|
|
87
|
+
char encoded[ENCODED_LEN];
|
|
72
88
|
uint32_t i;
|
|
73
89
|
int result;
|
|
74
90
|
|
data/lib/argon2/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: argon2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Technion
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-11-
|
|
11
|
+
date: 2015-11-26 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|