argon2 1.1.5 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Changelog.md +3 -0
- data/README.md +7 -0
- data/ext/argon2_wrap/argon_wrap.c +26 -6
- data/ext/argon2_wrap/test.c +6 -1
- data/ext/phc-winner-argon2/.gitignore +1 -1
- data/ext/phc-winner-argon2/.travis.yml +11 -0
- data/ext/phc-winner-argon2/README.md +7 -4
- data/ext/phc-winner-argon2/include/argon2.h +1 -1
- data/ext/phc-winner-argon2/latex/argon2-specs.tex +1 -1
- data/ext/phc-winner-argon2/src/genkat.h +2 -0
- data/ext/phc-winner-argon2/src/test.c +63 -27
- data/lib/argon2.rb +3 -2
- data/lib/argon2/ffi_engine.rb +1 -1
- data/lib/argon2/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a86e0210b4205a94242bc1afce3a43753cf24ae2c262274d48c3bdb9475c03b8
|
|
4
|
+
data.tar.gz: 52aa12dec68ee57751a0752fb502441adc37488bf1bfcfe6ebd8250a128dd9c3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bbd74370319320e2b84d6e5ad84f95c512f4d6d7d43ebf804837f47a8073c39d83e0dac72d21dc92586318ee03fc433e651b8ebc670556a6e9ff026ee66647e3
|
|
7
|
+
data.tar.gz: 96549bceabc5a7c764afeccd07b937080e9a47fbf9c93c78b34d6d6af60da6eeb6a8a027be0534d44afff4e1af1e59efa50d225c0842efa24156ec1c319d3a6b
|
data/Changelog.md
CHANGED
data/README.md
CHANGED
|
@@ -58,6 +58,13 @@ You can then use this function to verify a password against a given hash. Will r
|
|
|
58
58
|
Argon2::Password.verify_password("password", secure_password)
|
|
59
59
|
```
|
|
60
60
|
|
|
61
|
+
Version 1.2.x will now allow verifying an Argon2id password:
|
|
62
|
+
|
|
63
|
+
```ruby
|
|
64
|
+
Argon2::Password.verify_password("password", "$argon2id$v=19$m=262144,t=2,p=1$c29tZXNhbHQ$eP4eyR+zqlZX1y5xCFTkw9m5GYx0L5YWwvCFvtlbLow")
|
|
65
|
+
=> true
|
|
66
|
+
```
|
|
67
|
+
|
|
61
68
|
Argon2 supports an optional key value. This should be stored securely on your server, such as alongside your database credentials. Hashes generated with a key will only validate when presented that key.
|
|
62
69
|
|
|
63
70
|
```ruby
|
|
@@ -35,7 +35,8 @@ static int wrap_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
|
|
|
35
35
|
|
|
36
36
|
int argon2_wrap_version(char *out, const char *pwd, size_t pwd_length,
|
|
37
37
|
uint8_t *salt, uint32_t saltlen, uint32_t t_cost, uint32_t m_cost,
|
|
38
|
-
uint32_t lanes, uint8_t *secret, size_t secretlen, uint32_t version
|
|
38
|
+
uint32_t lanes, uint8_t *secret, size_t secretlen, uint32_t version,
|
|
39
|
+
argon2_type type)
|
|
39
40
|
{
|
|
40
41
|
uint8_t hash[OUT_LEN];
|
|
41
42
|
argon2_context context;
|
|
@@ -67,11 +68,20 @@ int argon2_wrap_version(char *out, const char *pwd, size_t pwd_length,
|
|
|
67
68
|
context.flags = 0;
|
|
68
69
|
context.version = version;
|
|
69
70
|
|
|
70
|
-
int result
|
|
71
|
+
int result;
|
|
72
|
+
if (type == Argon2_i) {
|
|
73
|
+
result = argon2i_ctx(&context);
|
|
74
|
+
} else if (type == Argon2_id) {
|
|
75
|
+
result = argon2id_ctx(&context);
|
|
76
|
+
} else {
|
|
77
|
+
// Unsupported type
|
|
78
|
+
return ARGON2_ENCODING_FAIL;
|
|
79
|
+
}
|
|
80
|
+
|
|
71
81
|
if (result != ARGON2_OK)
|
|
72
82
|
return result;
|
|
73
83
|
|
|
74
|
-
encode_string(out, ENCODE_LEN + saltlen, &context,
|
|
84
|
+
encode_string(out, ENCODE_LEN + saltlen, &context, type);
|
|
75
85
|
return ARGON2_OK;
|
|
76
86
|
}
|
|
77
87
|
|
|
@@ -83,7 +93,7 @@ int argon2_wrap(char *out, const char *pwd, size_t pwd_length,
|
|
|
83
93
|
uint32_t lanes, uint8_t *secret, size_t secretlen)
|
|
84
94
|
{
|
|
85
95
|
return argon2_wrap_version(out, pwd, pwd_length, salt, saltlen,
|
|
86
|
-
t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13);
|
|
96
|
+
t_cost, m_cost, lanes, secret, secretlen, ARGON2_VERSION_13, Argon2_i);
|
|
87
97
|
}
|
|
88
98
|
|
|
89
99
|
int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
@@ -95,6 +105,7 @@ int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
|
95
105
|
char *out;
|
|
96
106
|
memset(&ctx, 0, sizeof(argon2_context));
|
|
97
107
|
size_t encoded_len;
|
|
108
|
+
argon2_type type;
|
|
98
109
|
|
|
99
110
|
encoded_len = strlen(encoded);
|
|
100
111
|
/* larger than max possible values */
|
|
@@ -109,7 +120,16 @@ int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
|
109
120
|
return ARGON2_MEMORY_ALLOCATION_ERROR;
|
|
110
121
|
}
|
|
111
122
|
|
|
112
|
-
if(
|
|
123
|
+
if (memcmp(encoded, "$argon2id", strlen("$argon2id")) == 0) {
|
|
124
|
+
type = Argon2_id;
|
|
125
|
+
} else if (memcmp(encoded, "$argon2i", strlen("$argon2i")) == 0) {
|
|
126
|
+
type = Argon2_i;
|
|
127
|
+
} else {
|
|
128
|
+
// Other types not yet supported
|
|
129
|
+
return ARGON2_DECODING_FAIL;
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
if (decode_string(&ctx, encoded, type) != ARGON2_OK) {
|
|
113
133
|
free(ctx.salt);
|
|
114
134
|
free(ctx.out);
|
|
115
135
|
return ARGON2_DECODING_FAIL;
|
|
@@ -124,7 +144,7 @@ int wrap_argon2_verify(const char *encoded, const char *pwd,
|
|
|
124
144
|
|
|
125
145
|
ret = argon2_wrap_version(out, pwd, pwdlen, ctx.salt, ctx.saltlen,
|
|
126
146
|
ctx.t_cost, ctx.m_cost, ctx.lanes, secret, secretlen,
|
|
127
|
-
ctx.version);
|
|
147
|
+
ctx.version, type);
|
|
128
148
|
|
|
129
149
|
free(ctx.salt);
|
|
130
150
|
|
data/ext/argon2_wrap/test.c
CHANGED
|
@@ -99,7 +99,12 @@ int main()
|
|
|
99
99
|
ret = wrap_argon2_verify("$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$3+v51OrdaFn0zGqbsgBD/Z2n4eNr2s27BcpWn0Yyafg", "password",
|
|
100
100
|
strlen("password"), NULL, 0);
|
|
101
101
|
assert(ret == ARGON2_OK);
|
|
102
|
-
printf("Verify OK test: PASS\n");
|
|
102
|
+
printf("Verify OK test i variant: PASS\n");
|
|
103
|
+
|
|
104
|
+
ret = wrap_argon2_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc", "password",
|
|
105
|
+
strlen("password"), NULL, 0);
|
|
106
|
+
assert(ret == ARGON2_OK);
|
|
107
|
+
printf("Verify OK test id variant: PASS\n");
|
|
103
108
|
|
|
104
109
|
ret = wrap_argon2_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA$iUr0/y4tJvPOFfd6fhwl20W04gQ56ZYXcroZnK3bAB4", "notpassword",
|
|
105
110
|
strlen("notpassword"), NULL, 0);
|
|
@@ -8,6 +8,17 @@ os:
|
|
|
8
8
|
- linux
|
|
9
9
|
- osx
|
|
10
10
|
|
|
11
|
+
# Clang on Linux needs to run in a VM to use ASAN.
|
|
12
|
+
# See: https://github.com/travis-ci/travis-ci/issues/9033
|
|
13
|
+
matrix:
|
|
14
|
+
exclude:
|
|
15
|
+
- compiler: clang
|
|
16
|
+
os: linux
|
|
17
|
+
include:
|
|
18
|
+
- compiler: clang
|
|
19
|
+
os: linux
|
|
20
|
+
sudo: true
|
|
21
|
+
|
|
11
22
|
script: make && make testci
|
|
12
23
|
|
|
13
24
|
after_success:
|
|
@@ -191,9 +191,9 @@ int main(void)
|
|
|
191
191
|
}
|
|
192
192
|
```
|
|
193
193
|
|
|
194
|
-
To use Argon2d instead of Argon2i call `
|
|
195
|
-
`
|
|
196
|
-
`argon2i` using the low-level API. Similarly for Argon2id, call `
|
|
194
|
+
To use Argon2d instead of Argon2i call `argon2d_hash_raw` instead of
|
|
195
|
+
`argon2i_hash_raw` using the high-level API, and `argon2d` instead of
|
|
196
|
+
`argon2i` using the low-level API. Similarly for Argon2id, call `argon2id_hash_raw`
|
|
197
197
|
and `argon2id`.
|
|
198
198
|
|
|
199
199
|
To produce the crypt-like encoding rather than the raw hash, call
|
|
@@ -244,13 +244,15 @@ Bindings are available for the following languages (make sure to read
|
|
|
244
244
|
their documentation):
|
|
245
245
|
|
|
246
246
|
* [Elixir](https://github.com/riverrun/argon2_elixir) by [@riverrun](https://github.com/riverrun)
|
|
247
|
+
* [Erlang](https://github.com/ergenius/eargon2) by [@ergenius](https://github.com/ergenius)
|
|
247
248
|
* [Go](https://github.com/tvdburgt/go-argon2) by [@tvdburgt](https://github.com/tvdburgt)
|
|
248
|
-
* [Haskell](https://hackage.haskell.org/package/argon2
|
|
249
|
+
* [Haskell](https://hackage.haskell.org/package/argon2) by [@hvr](https://github.com/hvr)
|
|
249
250
|
* [JavaScript (native)](https://github.com/ranisalt/node-argon2), by [@ranisalt](https://github.com/ranisalt)
|
|
250
251
|
* [JavaScript (native)](https://github.com/jdconley/argon2themax), by [@jdconley](https://github.com/jdconley)
|
|
251
252
|
* [JavaScript (ffi)](https://github.com/cjlarose/argon2-ffi), by [@cjlarose](https://github.com/cjlarose)
|
|
252
253
|
* [JavaScript (browser)](https://github.com/antelle/argon2-browser), by [@antelle](https://github.com/antelle)
|
|
253
254
|
* [JVM](https://github.com/phxql/argon2-jvm) by [@phXql](https://github.com/phxql)
|
|
255
|
+
* [JVM (with keyed hashing)](https://github.com/kosprov/jargon2-api) by [@kosprov](https://github.com/kosprov)
|
|
254
256
|
* [Lua (native)](https://github.com/thibaultCha/lua-argon2) by [@thibaultCha](https://github.com/thibaultCha)
|
|
255
257
|
* [Lua (ffi)](https://github.com/thibaultCha/lua-argon2-ffi) by [@thibaultCha](https://github.com/thibaultCha)
|
|
256
258
|
* [OCaml](https://github.com/Khady/ocaml-argon2) by [@Khady](https://github.com/Khady)
|
|
@@ -260,6 +262,7 @@ their documentation):
|
|
|
260
262
|
* [R](https://cran.r-project.org/package=argon2) by [@wrathematics](https://github.com/wrathematics)
|
|
261
263
|
* [Ruby](https://github.com/technion/ruby-argon2) by [@technion](https://github.com/technion)
|
|
262
264
|
* [Rust](https://github.com/quininer/argon2-rs) by [@quininer](https://github.com/quininer)
|
|
265
|
+
* [Rust](https://docs.rs/argonautica/) by [@bcmyers](https://github.com/bcmyers/)
|
|
263
266
|
* [C#/.NET CoreCLR](https://github.com/kmaragon/Konscious.Security.Cryptography) by [@kmaragon](https://github.com/kmaragon)
|
|
264
267
|
* [Perl](https://github.com/Leont/crypt-argon2) by [@leont](https://github.com/Leont)
|
|
265
268
|
* [mruby](https://github.com/Asmod4n/mruby-argon2) by [@Asmod4n](https://github.com/Asmod4n)
|
|
@@ -93,7 +93,7 @@ extern "C" {
|
|
|
93
93
|
#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
|
|
94
94
|
|
|
95
95
|
/* Global flag to determine if we are wiping internal memory buffers. This flag
|
|
96
|
-
* is defined in core.c and
|
|
96
|
+
* is defined in core.c and defaults to 1 (wipe internal memory). */
|
|
97
97
|
extern int FLAG_clear_internal_memory;
|
|
98
98
|
|
|
99
99
|
/* Error codes */
|
|
@@ -749,7 +749,7 @@ the vast majority of the users would prefer as few parameters as possible.
|
|
|
749
749
|
\section{Performance}
|
|
750
750
|
|
|
751
751
|
\subsection{x86 architecture}
|
|
752
|
-
To optimize the data load and store from/to memory, the memory that will be processed has to be
|
|
752
|
+
To optimize the data load and store from/to memory, the memory that will be processed has to be aligned on 16-byte boundary when loaded/stored into/from 128-bit registers and on 32-byte boundary when loaded/stored into/from 256-bit registers. If the memory is not aligned on the specified boundaries, then each memory operation may take one extra CPU cycle, which may cause consistent penalties for many memory accesses.
|
|
753
753
|
|
|
754
754
|
|
|
755
755
|
The results presented are obtained using the \texttt{gcc 4.8.2} compiler with the following options: \texttt{-m64 -mavx -std=c++11 -pthread -O3}.
|
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
*/
|
|
36
36
|
|
|
37
37
|
void hashtest(uint32_t version, uint32_t t, uint32_t m, uint32_t p, char *pwd,
|
|
38
|
-
char *salt, char *hexref, char *mcfref) {
|
|
38
|
+
char *salt, char *hexref, char *mcfref, argon2_type type) {
|
|
39
39
|
unsigned char out[OUT_LEN];
|
|
40
40
|
unsigned char hex_out[OUT_LEN * 2 + 4];
|
|
41
41
|
char encoded[ENCODED_LEN];
|
|
@@ -45,21 +45,20 @@ void hashtest(uint32_t version, uint32_t t, uint32_t m, uint32_t p, char *pwd,
|
|
|
45
45
|
t, m, p, pwd, salt);
|
|
46
46
|
|
|
47
47
|
ret = argon2_hash(t, 1 << m, p, pwd, strlen(pwd), salt, strlen(salt), out,
|
|
48
|
-
OUT_LEN, encoded, ENCODED_LEN,
|
|
48
|
+
OUT_LEN, encoded, ENCODED_LEN, type, version);
|
|
49
49
|
assert(ret == ARGON2_OK);
|
|
50
50
|
|
|
51
51
|
for (i = 0; i < OUT_LEN; ++i)
|
|
52
52
|
sprintf((char *)(hex_out + i * 2), "%02x", out[i]);
|
|
53
|
-
|
|
54
53
|
assert(memcmp(hex_out, hexref, OUT_LEN * 2) == 0);
|
|
55
54
|
|
|
56
55
|
if (ARGON2_VERSION_NUMBER == version) {
|
|
57
56
|
assert(memcmp(encoded, mcfref, strlen(mcfref)) == 0);
|
|
58
57
|
}
|
|
59
58
|
|
|
60
|
-
ret = argon2_verify(encoded, pwd, strlen(pwd),
|
|
59
|
+
ret = argon2_verify(encoded, pwd, strlen(pwd), type);
|
|
61
60
|
assert(ret == ARGON2_OK);
|
|
62
|
-
ret = argon2_verify(mcfref, pwd, strlen(pwd),
|
|
61
|
+
ret = argon2_verify(mcfref, pwd, strlen(pwd), type);
|
|
63
62
|
assert(ret == ARGON2_OK);
|
|
64
63
|
|
|
65
64
|
printf("PASS\n");
|
|
@@ -78,41 +77,41 @@ int main() {
|
|
|
78
77
|
hashtest(version, 2, 16, 1, "password", "somesalt",
|
|
79
78
|
"f6c4db4a54e2a370627aff3db6176b94a2a209a62c8e36152711802f7b30c694",
|
|
80
79
|
"$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
81
|
-
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ");
|
|
80
|
+
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", Argon2_i);
|
|
82
81
|
#ifdef TEST_LARGE_RAM
|
|
83
82
|
hashtest(version, 2, 20, 1, "password", "somesalt",
|
|
84
83
|
"9690ec55d28d3ed32562f2e73ea62b02b018757643a2ae6e79528459de8106e9",
|
|
85
84
|
"$argon2i$m=1048576,t=2,p=1$c29tZXNhbHQ"
|
|
86
|
-
"$lpDsVdKNPtMlYvLnPqYrArAYdXZDoq5ueVKEWd6BBuk");
|
|
85
|
+
"$lpDsVdKNPtMlYvLnPqYrArAYdXZDoq5ueVKEWd6BBuk", Argon2_i);
|
|
87
86
|
#endif
|
|
88
87
|
hashtest(version, 2, 18, 1, "password", "somesalt",
|
|
89
88
|
"3e689aaa3d28a77cf2bc72a51ac53166761751182f1ee292e3f677a7da4c2467",
|
|
90
89
|
"$argon2i$m=262144,t=2,p=1$c29tZXNhbHQ"
|
|
91
|
-
"$Pmiaqj0op3zyvHKlGsUxZnYXURgvHuKS4/Z3p9pMJGc");
|
|
90
|
+
"$Pmiaqj0op3zyvHKlGsUxZnYXURgvHuKS4/Z3p9pMJGc", Argon2_i);
|
|
92
91
|
hashtest(version, 2, 8, 1, "password", "somesalt",
|
|
93
92
|
"fd4dd83d762c49bdeaf57c47bdcd0c2f1babf863fdeb490df63ede9975fccf06",
|
|
94
93
|
"$argon2i$m=256,t=2,p=1$c29tZXNhbHQ"
|
|
95
|
-
"$/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY");
|
|
94
|
+
"$/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY", Argon2_i);
|
|
96
95
|
hashtest(version, 2, 8, 2, "password", "somesalt",
|
|
97
96
|
"b6c11560a6a9d61eac706b79a2f97d68b4463aa3ad87e00c07e2b01e90c564fb",
|
|
98
97
|
"$argon2i$m=256,t=2,p=2$c29tZXNhbHQ"
|
|
99
|
-
"$tsEVYKap1h6scGt5ovl9aLRGOqOth+AMB+KwHpDFZPs");
|
|
98
|
+
"$tsEVYKap1h6scGt5ovl9aLRGOqOth+AMB+KwHpDFZPs", Argon2_i);
|
|
100
99
|
hashtest(version, 1, 16, 1, "password", "somesalt",
|
|
101
100
|
"81630552b8f3b1f48cdb1992c4c678643d490b2b5eb4ff6c4b3438b5621724b2",
|
|
102
101
|
"$argon2i$m=65536,t=1,p=1$c29tZXNhbHQ"
|
|
103
|
-
"$gWMFUrjzsfSM2xmSxMZ4ZD1JCytetP9sSzQ4tWIXJLI");
|
|
102
|
+
"$gWMFUrjzsfSM2xmSxMZ4ZD1JCytetP9sSzQ4tWIXJLI", Argon2_i);
|
|
104
103
|
hashtest(version, 4, 16, 1, "password", "somesalt",
|
|
105
104
|
"f212f01615e6eb5d74734dc3ef40ade2d51d052468d8c69440a3a1f2c1c2847b",
|
|
106
105
|
"$argon2i$m=65536,t=4,p=1$c29tZXNhbHQ"
|
|
107
|
-
"$8hLwFhXm6110c03D70Ct4tUdBSRo2MaUQKOh8sHChHs");
|
|
106
|
+
"$8hLwFhXm6110c03D70Ct4tUdBSRo2MaUQKOh8sHChHs", Argon2_i);
|
|
108
107
|
hashtest(version, 2, 16, 1, "differentpassword", "somesalt",
|
|
109
108
|
"e9c902074b6754531a3a0be519e5baf404b30ce69b3f01ac3bf21229960109a3",
|
|
110
109
|
"$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
111
|
-
"$6ckCB0tnVFMaOgvlGeW69ASzDOabPwGsO/ISKZYBCaM");
|
|
110
|
+
"$6ckCB0tnVFMaOgvlGeW69ASzDOabPwGsO/ISKZYBCaM", Argon2_i);
|
|
112
111
|
hashtest(version, 2, 16, 1, "password", "diffsalt",
|
|
113
112
|
"79a103b90fe8aef8570cb31fc8b22259778916f8336b7bdac3892569d4f1c497",
|
|
114
113
|
"$argon2i$m=65536,t=2,p=1$ZGlmZnNhbHQ"
|
|
115
|
-
"$eaEDuQ/orvhXDLMfyLIiWXeJFvgza3vaw4kladTxxJc");
|
|
114
|
+
"$eaEDuQ/orvhXDLMfyLIiWXeJFvgza3vaw4kladTxxJc", Argon2_i);
|
|
116
115
|
|
|
117
116
|
/* Error state tests */
|
|
118
117
|
|
|
@@ -157,41 +156,42 @@ int main() {
|
|
|
157
156
|
hashtest(version, 2, 16, 1, "password", "somesalt",
|
|
158
157
|
"c1628832147d9720c5bd1cfd61367078729f6dfb6f8fea9ff98158e0d7816ed0",
|
|
159
158
|
"$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
160
|
-
"$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA");
|
|
159
|
+
"$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", Argon2_i);
|
|
161
160
|
#ifdef TEST_LARGE_RAM
|
|
162
161
|
hashtest(version, 2, 20, 1, "password", "somesalt",
|
|
163
162
|
"d1587aca0922c3b5d6a83edab31bee3c4ebaef342ed6127a55d19b2351ad1f41",
|
|
164
163
|
"$argon2i$v=19$m=1048576,t=2,p=1$c29tZXNhbHQ"
|
|
165
|
-
"$0Vh6ygkiw7XWqD7asxvuPE667zQu1hJ6VdGbI1GtH0E");
|
|
164
|
+
"$0Vh6ygkiw7XWqD7asxvuPE667zQu1hJ6VdGbI1GtH0E", Argon2_i);
|
|
166
165
|
#endif
|
|
167
166
|
hashtest(version, 2, 18, 1, "password", "somesalt",
|
|
168
167
|
"296dbae80b807cdceaad44ae741b506f14db0959267b183b118f9b24229bc7cb",
|
|
169
168
|
"$argon2i$v=19$m=262144,t=2,p=1$c29tZXNhbHQ"
|
|
170
|
-
"$KW266AuAfNzqrUSudBtQbxTbCVkmexg7EY+bJCKbx8s");
|
|
169
|
+
"$KW266AuAfNzqrUSudBtQbxTbCVkmexg7EY+bJCKbx8s", Argon2_i);
|
|
171
170
|
hashtest(version, 2, 8, 1, "password", "somesalt",
|
|
172
171
|
"89e9029f4637b295beb027056a7336c414fadd43f6b208645281cb214a56452f",
|
|
173
172
|
"$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ"
|
|
174
|
-
"$iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8");
|
|
173
|
+
"$iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8", Argon2_i);
|
|
175
174
|
hashtest(version, 2, 8, 2, "password", "somesalt",
|
|
176
175
|
"4ff5ce2769a1d7f4c8a491df09d41a9fbe90e5eb02155a13e4c01e20cd4eab61",
|
|
177
176
|
"$argon2i$v=19$m=256,t=2,p=2$c29tZXNhbHQ"
|
|
178
|
-
"$T/XOJ2mh1/TIpJHfCdQan76Q5esCFVoT5MAeIM1Oq2E");
|
|
177
|
+
"$T/XOJ2mh1/TIpJHfCdQan76Q5esCFVoT5MAeIM1Oq2E", Argon2_i);
|
|
179
178
|
hashtest(version, 1, 16, 1, "password", "somesalt",
|
|
180
179
|
"d168075c4d985e13ebeae560cf8b94c3b5d8a16c51916b6f4ac2da3ac11bbecf",
|
|
181
180
|
"$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQ"
|
|
182
|
-
"$0WgHXE2YXhPr6uVgz4uUw7XYoWxRkWtvSsLaOsEbvs8");
|
|
181
|
+
"$0WgHXE2YXhPr6uVgz4uUw7XYoWxRkWtvSsLaOsEbvs8", Argon2_i);
|
|
183
182
|
hashtest(version, 4, 16, 1, "password", "somesalt",
|
|
184
183
|
"aaa953d58af3706ce3df1aefd4a64a84e31d7f54175231f1285259f88174ce5b",
|
|
185
184
|
"$argon2i$v=19$m=65536,t=4,p=1$c29tZXNhbHQ"
|
|
186
|
-
"$qqlT1YrzcGzj3xrv1KZKhOMdf1QXUjHxKFJZ+IF0zls");
|
|
185
|
+
"$qqlT1YrzcGzj3xrv1KZKhOMdf1QXUjHxKFJZ+IF0zls", Argon2_i);
|
|
187
186
|
hashtest(version, 2, 16, 1, "differentpassword", "somesalt",
|
|
188
187
|
"14ae8da01afea8700c2358dcef7c5358d9021282bd88663a4562f59fb74d22ee",
|
|
189
188
|
"$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
190
|
-
"$FK6NoBr+qHAMI1jc73xTWNkCEoK9iGY6RWL1n7dNIu4");
|
|
189
|
+
"$FK6NoBr+qHAMI1jc73xTWNkCEoK9iGY6RWL1n7dNIu4", Argon2_i);
|
|
191
190
|
hashtest(version, 2, 16, 1, "password", "diffsalt",
|
|
192
191
|
"b0357cccfbef91f3860b0dba447b2348cbefecadaf990abfe9cc40726c521271",
|
|
193
192
|
"$argon2i$v=19$m=65536,t=2,p=1$ZGlmZnNhbHQ"
|
|
194
|
-
"$sDV8zPvvkfOGCw26RHsjSMvv7K2vmQq/6cxAcmxSEnE");
|
|
193
|
+
"$sDV8zPvvkfOGCw26RHsjSMvv7K2vmQq/6cxAcmxSEnE", Argon2_i);
|
|
194
|
+
|
|
195
195
|
|
|
196
196
|
/* Error state tests */
|
|
197
197
|
|
|
@@ -225,7 +225,43 @@ int main() {
|
|
|
225
225
|
|
|
226
226
|
msg = argon2_error_message(ARGON2_DECODING_FAIL);
|
|
227
227
|
assert(strcmp(msg, "Decoding failed") == 0);
|
|
228
|
-
printf("Decode an error message: PASS\n");
|
|
228
|
+
printf("Decode an error message: PASS\n\n");
|
|
229
|
+
|
|
230
|
+
printf("Test Argon2id version number: %02x\n", version);
|
|
231
|
+
|
|
232
|
+
/* Multiple test cases for various input values */
|
|
233
|
+
hashtest(version, 2, 16, 1, "password", "somesalt",
|
|
234
|
+
"09316115d5cf24ed5a15a31a3ba326e5cf32edc24702987c02b6566f61913cf7",
|
|
235
|
+
"$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
236
|
+
"$CTFhFdXPJO1aFaMaO6Mm5c8y7cJHAph8ArZWb2GRPPc", Argon2_id);
|
|
237
|
+
hashtest(version, 2, 18, 1, "password", "somesalt",
|
|
238
|
+
"78fe1ec91fb3aa5657d72e710854e4c3d9b9198c742f9616c2f085bed95b2e8c",
|
|
239
|
+
"$argon2id$v=19$m=262144,t=2,p=1$c29tZXNhbHQ"
|
|
240
|
+
"$eP4eyR+zqlZX1y5xCFTkw9m5GYx0L5YWwvCFvtlbLow", Argon2_id);
|
|
241
|
+
hashtest(version, 2, 8, 1, "password", "somesalt",
|
|
242
|
+
"9dfeb910e80bad0311fee20f9c0e2b12c17987b4cac90c2ef54d5b3021c68bfe",
|
|
243
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ"
|
|
244
|
+
"$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4", Argon2_id);
|
|
245
|
+
hashtest(version, 2, 8, 2, "password", "somesalt",
|
|
246
|
+
"6d093c501fd5999645e0ea3bf620d7b8be7fd2db59c20d9fff9539da2bf57037",
|
|
247
|
+
"$argon2id$v=19$m=256,t=2,p=2$c29tZXNhbHQ"
|
|
248
|
+
"$bQk8UB/VmZZF4Oo79iDXuL5/0ttZwg2f/5U52iv1cDc", Argon2_id);
|
|
249
|
+
hashtest(version, 1, 16, 1, "password", "somesalt",
|
|
250
|
+
"f6a5adc1ba723dddef9b5ac1d464e180fcd9dffc9d1cbf76cca2fed795d9ca98",
|
|
251
|
+
"$argon2id$v=19$m=65536,t=1,p=1$c29tZXNhbHQ"
|
|
252
|
+
"$9qWtwbpyPd3vm1rB1GThgPzZ3/ydHL92zKL+15XZypg", Argon2_id);
|
|
253
|
+
hashtest(version, 4, 16, 1, "password", "somesalt",
|
|
254
|
+
"9025d48e68ef7395cca9079da4c4ec3affb3c8911fe4f86d1a2520856f63172c",
|
|
255
|
+
"$argon2id$v=19$m=65536,t=4,p=1$c29tZXNhbHQ"
|
|
256
|
+
"$kCXUjmjvc5XMqQedpMTsOv+zyJEf5PhtGiUghW9jFyw", Argon2_id);
|
|
257
|
+
hashtest(version, 2, 16, 1, "differentpassword", "somesalt",
|
|
258
|
+
"0b84d652cf6b0c4beaef0dfe278ba6a80df6696281d7e0d2891b817d8c458fde",
|
|
259
|
+
"$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
260
|
+
"$C4TWUs9rDEvq7w3+J4umqA32aWKB1+DSiRuBfYxFj94", Argon2_id);
|
|
261
|
+
hashtest(version, 2, 16, 1, "password", "diffsalt",
|
|
262
|
+
"bdf32b05ccc42eb15d58fd19b1f856b113da1e9a5874fdcc544308565aa8141c",
|
|
263
|
+
"$argon2id$v=19$m=65536,t=2,p=1$ZGlmZnNhbHQ"
|
|
264
|
+
"$vfMrBczELrFdWP0ZsfhWsRPaHppYdP3MVEMIVlqoFBw", Argon2_id);
|
|
229
265
|
|
|
230
266
|
/* Common error state tests */
|
|
231
267
|
|
|
@@ -234,18 +270,18 @@ int main() {
|
|
|
234
270
|
|
|
235
271
|
ret = argon2_hash(2, 1, 1, "password", strlen("password"),
|
|
236
272
|
"diffsalt", strlen("diffsalt"),
|
|
237
|
-
out, OUT_LEN, NULL, 0,
|
|
273
|
+
out, OUT_LEN, NULL, 0, Argon2_id, version);
|
|
238
274
|
assert(ret == ARGON2_MEMORY_TOO_LITTLE);
|
|
239
275
|
printf("Fail on invalid memory: PASS\n");
|
|
240
276
|
|
|
241
277
|
ret = argon2_hash(2, 1 << 12, 1, NULL, strlen("password"),
|
|
242
278
|
"diffsalt", strlen("diffsalt"),
|
|
243
|
-
out, OUT_LEN, NULL, 0,
|
|
279
|
+
out, OUT_LEN, NULL, 0, Argon2_id, version);
|
|
244
280
|
assert(ret == ARGON2_PWD_PTR_MISMATCH);
|
|
245
281
|
printf("Fail on invalid null pointer: PASS\n");
|
|
246
282
|
|
|
247
283
|
ret = argon2_hash(2, 1 << 12, 1, "password", strlen("password"), "s", 1,
|
|
248
|
-
out, OUT_LEN, NULL, 0,
|
|
284
|
+
out, OUT_LEN, NULL, 0, Argon2_id, version);
|
|
249
285
|
assert(ret == ARGON2_SALT_TOO_SHORT);
|
|
250
286
|
printf("Fail on salt too short: PASS\n");
|
|
251
287
|
|
data/lib/argon2.rb
CHANGED
|
@@ -33,10 +33,11 @@ module Argon2
|
|
|
33
33
|
end
|
|
34
34
|
|
|
35
35
|
def self.verify_password(pass, hash, secret = nil)
|
|
36
|
+
# Supports argon2i and argon2id formats.
|
|
36
37
|
raise ArgonHashFail, "Invalid hash" unless
|
|
37
|
-
/^\$argon2i
|
|
38
|
+
/^\$argon2i.{,113}/ =~ hash
|
|
38
39
|
|
|
39
|
-
Argon2::Engine.
|
|
40
|
+
Argon2::Engine.argon2_verify(pass, hash, secret)
|
|
40
41
|
end
|
|
41
42
|
end
|
|
42
43
|
end
|
data/lib/argon2/ffi_engine.rb
CHANGED
data/lib/argon2/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: argon2
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Technion
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04
|
|
11
|
+
date: 2018-12-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
@@ -252,7 +252,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
252
252
|
version: '0'
|
|
253
253
|
requirements: []
|
|
254
254
|
rubyforge_project:
|
|
255
|
-
rubygems_version: 2.7.
|
|
255
|
+
rubygems_version: 2.7.7
|
|
256
256
|
signing_key:
|
|
257
257
|
specification_version: 4
|
|
258
258
|
summary: Argon2 Password hashing binding
|