argon2id 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -0
- data/README.md +8 -8
- data/ext/argon2id/argon2id.c +3 -3
- data/lib/argon2id/password.rb +20 -1
- data/lib/argon2id/version.rb +1 -1
- data/lib/argon2id.rb +9 -0
- data/test/test_verify.rb +17 -6
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 04cc805947499b3abf50fb79bf7806373038f9394c45f65f1a12d043c614232e
|
|
4
|
+
data.tar.gz: 237f0d071cbed926500a5c5a4bc801e33f363f6e01c02530a4a558a7a1e9041e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a46e84a168e6d189d7f876bb12eb9e4966550d5406e9b32cb8620a2baf95ded503b5de9236188c5f8ede23b04ab7c629a6b41df078ac94395fcb678f78fcf914
|
|
7
|
+
data.tar.gz: 6175056b71e0b19eb4cb1afabf31a52892eaed841b26745277fd0da4268542f8b0469c1a767d81b8beb99d36733deba0bdbc225cd835cce82f6e70aac702cd96
|
data/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.1.2] - 2024-11-01
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
|
|
12
|
+
- Validate that the encoded hash passed to Argon2id::Password.new is a
|
|
13
|
+
null-terminated C string, raising an ArgumentError if it contains extra null
|
|
14
|
+
bytes
|
|
15
|
+
|
|
8
16
|
## [0.1.1] - 2024-11-01
|
|
9
17
|
|
|
10
18
|
### Added
|
|
@@ -24,5 +32,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
24
32
|
reference C implementation of Argon2, the password-hashing function that won
|
|
25
33
|
the Password Hashing Competition.
|
|
26
34
|
|
|
35
|
+
[0.1.2]: https://github.com/mudge/argon2id/releases/tag/v0.1.2
|
|
27
36
|
[0.1.1]: https://github.com/mudge/argon2id/releases/tag/v0.1.1
|
|
28
37
|
[0.1.0]: https://github.com/mudge/argon2id/releases/tag/v0.1.0
|
data/README.md
CHANGED
|
@@ -5,7 +5,7 @@ function that won the 2015 [Password Hashing Competition][].
|
|
|
5
5
|
|
|
6
6
|
[](https://github.com/mudge/argon2id/actions)
|
|
7
7
|
|
|
8
|
-
**Current version:** 0.1.
|
|
8
|
+
**Current version:** 0.1.2
|
|
9
9
|
**Bundled Argon2 version:** libargon2.1 (20190702)
|
|
10
10
|
|
|
11
11
|
```ruby
|
|
@@ -176,11 +176,11 @@ notes](https://github.com/mudge/argon2id/releases) for each version and can be
|
|
|
176
176
|
checked with `sha256sum`, e.g.
|
|
177
177
|
|
|
178
178
|
```console
|
|
179
|
-
$ gem fetch argon2id -v 0.1.
|
|
180
|
-
Fetching argon2id-0.1.
|
|
181
|
-
Downloaded argon2id-0.1.
|
|
182
|
-
$ sha256sum argon2id-0.1.
|
|
183
|
-
|
|
179
|
+
$ gem fetch argon2id -v 0.1.1
|
|
180
|
+
Fetching argon2id-0.1.1-arm64-darwin.gem
|
|
181
|
+
Downloaded argon2id-0.1.1-arm64-darwin
|
|
182
|
+
$ sha256sum argon2id-0.1.1-arm64-darwin.gem
|
|
183
|
+
8d47464edf847ca52c1d41cac1a9feff376e9a1e7c0a98ab58df846990caa1bb argon2id-0.1.1-arm64-darwin.gem
|
|
184
184
|
```
|
|
185
185
|
|
|
186
186
|
[GPG](https://www.gnupg.org/) signatures are attached to each release (the
|
|
@@ -190,8 +190,8 @@ from a public keyserver, e.g. `gpg --keyserver keyserver.ubuntu.com --recv-key
|
|
|
190
190
|
0x39AC3530070E0F75`):
|
|
191
191
|
|
|
192
192
|
```console
|
|
193
|
-
$ gpg --verify argon2id-0.1.
|
|
194
|
-
gpg: Signature made
|
|
193
|
+
$ gpg --verify argon2id-0.1.1-arm64-darwin.gem.sig argon2id-0.1.1-arm64-darwin.gem
|
|
194
|
+
gpg: Signature made Fri 1 Nov 07:24:16 2024 GMT
|
|
195
195
|
gpg: using RSA key 702609D9C790F45B577D7BEC39AC3530070E0F75
|
|
196
196
|
gpg: Good signature from "Paul Mucur <mudge@mudge.name>" [unknown]
|
|
197
197
|
gpg: aka "Paul Mucur <paul@ghostcassette.com>" [unknown]
|
data/ext/argon2id/argon2id.c
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
|
|
8
8
|
VALUE mArgon2id, cArgon2idError;
|
|
9
9
|
|
|
10
|
-
/* call-seq:
|
|
10
|
+
/* call-seq: hash_encoded(t_cost, m_cost, parallelism, pwd, salt, output_len)
|
|
11
11
|
*
|
|
12
12
|
* Hashes a password with Argon2id, producing an encoded hash.
|
|
13
13
|
*
|
|
@@ -53,7 +53,7 @@ rb_argon2id_hash_encoded(VALUE module, VALUE iterations, VALUE memory, VALUE thr
|
|
|
53
53
|
return hash;
|
|
54
54
|
}
|
|
55
55
|
|
|
56
|
-
/* call-seq:
|
|
56
|
+
/* call-seq: verify(encoded, pwd)
|
|
57
57
|
*
|
|
58
58
|
* Verifies a password against an encoded string.
|
|
59
59
|
*/
|
|
@@ -63,7 +63,7 @@ rb_argon2id_verify(VALUE module, VALUE encoded, VALUE pwd) {
|
|
|
63
63
|
|
|
64
64
|
UNUSED(module);
|
|
65
65
|
|
|
66
|
-
result = argon2id_verify(
|
|
66
|
+
result = argon2id_verify(StringValueCStr(encoded), StringValuePtr(pwd), RSTRING_LEN(pwd));
|
|
67
67
|
if (result == ARGON2_OK) {
|
|
68
68
|
return Qtrue;
|
|
69
69
|
}
|
data/lib/argon2id/password.rb
CHANGED
|
@@ -17,15 +17,28 @@ module Argon2id
|
|
|
17
17
|
# password == "password"
|
|
18
18
|
# #=> true
|
|
19
19
|
class Password
|
|
20
|
+
# The encoded password hash.
|
|
20
21
|
attr_reader :encoded
|
|
21
22
|
|
|
22
|
-
# Create a new Password object that hashes a given plain text password
|
|
23
|
+
# Create a new Password object that hashes a given plain text password +pwd+.
|
|
23
24
|
#
|
|
24
25
|
# - +:t_cost+: integer (default 2) the "time cost" given as a number of iterations
|
|
25
26
|
# - +:m_cost+: integer (default 19456) the "memory cost" given in kibibytes
|
|
26
27
|
# - +:parallelism+: integer (default 1) the number of threads and compute lanes to use
|
|
27
28
|
# - +:salt_len+: integer (default 16) the salt size in bytes
|
|
28
29
|
# - +:output_len+: integer (default 32) the desired length of the hash in bytes
|
|
30
|
+
#
|
|
31
|
+
# For example, with the default configuration:
|
|
32
|
+
#
|
|
33
|
+
# password = Argon2id::Password.create("password")
|
|
34
|
+
# password.to_s
|
|
35
|
+
# #=> "$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s"
|
|
36
|
+
#
|
|
37
|
+
# When overriding the configuration:
|
|
38
|
+
#
|
|
39
|
+
# password = Argon2id::Password.create("password", t_cost: 3, m_cost: 12288)
|
|
40
|
+
# password.to_s
|
|
41
|
+
# #=> "$argon2id$v=19$m=12288,t=3,p=1$JigW7fFn+N3NImt+aWpuzw$eM5F1cKeIBALNTU6LuWra75Zi2nymGvQLWzJzVFv0Nc"
|
|
29
42
|
def self.create(pwd, t_cost: Argon2id.t_cost, m_cost: Argon2id.m_cost, parallelism: Argon2id.parallelism, salt_len: Argon2id.salt_len, output_len: Argon2id.output_len)
|
|
30
43
|
new(
|
|
31
44
|
Argon2id.hash_encoded(
|
|
@@ -42,6 +55,8 @@ module Argon2id
|
|
|
42
55
|
# call-seq: Argon2id::Password.new(encoded)
|
|
43
56
|
#
|
|
44
57
|
# Create a new Password with the given encoded password hash.
|
|
58
|
+
#
|
|
59
|
+
# password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
|
|
45
60
|
def initialize(encoded)
|
|
46
61
|
@encoded = encoded
|
|
47
62
|
end
|
|
@@ -53,6 +68,10 @@ module Argon2id
|
|
|
53
68
|
|
|
54
69
|
# Compare the password with given plain text, returning true if it verifies
|
|
55
70
|
# successfully.
|
|
71
|
+
#
|
|
72
|
+
# password = Argon2id::Password.new("$argon2id$v=19$m=19456,t=2,p=1$FI8yp1gXbthJCskBlpKPoQ$nOfCCpS2r+I8GRN71cZND4cskn7YKBNzuHUEO3YpY2s")
|
|
73
|
+
# password == "password" #=> true
|
|
74
|
+
# password == "notpassword" #=> false
|
|
56
75
|
def ==(other)
|
|
57
76
|
Argon2id.verify(encoded, String(other))
|
|
58
77
|
end
|
data/lib/argon2id/version.rb
CHANGED
data/lib/argon2id.rb
CHANGED
|
@@ -11,10 +11,19 @@ require "argon2id/version"
|
|
|
11
11
|
require "argon2id/password"
|
|
12
12
|
|
|
13
13
|
module Argon2id
|
|
14
|
+
# The default "time cost" of 2 iterations recommended by OWASP.
|
|
14
15
|
DEFAULT_T_COST = 2
|
|
16
|
+
|
|
17
|
+
# The default "memory cost" of 19 mebibytes recommended by OWASP.
|
|
15
18
|
DEFAULT_M_COST = 19456
|
|
19
|
+
|
|
20
|
+
# The default 1 thread and compute lane recommended by OWASP.
|
|
16
21
|
DEFAULT_PARALLELISM = 1
|
|
22
|
+
|
|
23
|
+
# The default salt length of 16 bytes.
|
|
17
24
|
DEFAULT_SALT_LEN = 16
|
|
25
|
+
|
|
26
|
+
# The default desired hash length of 32 bytes.
|
|
18
27
|
DEFAULT_OUTPUT_LEN = 32
|
|
19
28
|
|
|
20
29
|
@t_cost = DEFAULT_T_COST
|
data/test/test_verify.rb
CHANGED
|
@@ -5,15 +5,17 @@ require "argon2id"
|
|
|
5
5
|
|
|
6
6
|
class TestVerify < Minitest::Test
|
|
7
7
|
def test_returns_true_with_correct_password
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
8
|
+
assert Argon2id.verify(
|
|
9
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4",
|
|
10
|
+
"password"
|
|
11
|
+
)
|
|
11
12
|
end
|
|
12
13
|
|
|
13
14
|
def test_returns_false_with_incorrect_password
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
refute Argon2id.verify(
|
|
16
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4",
|
|
17
|
+
"not password"
|
|
18
|
+
)
|
|
17
19
|
end
|
|
18
20
|
|
|
19
21
|
def test_raises_if_given_invalid_encoded
|
|
@@ -21,4 +23,13 @@ class TestVerify < Minitest::Test
|
|
|
21
23
|
Argon2id.verify("", "opensesame")
|
|
22
24
|
end
|
|
23
25
|
end
|
|
26
|
+
|
|
27
|
+
def test_raises_if_given_encoded_with_null_byte
|
|
28
|
+
assert_raises(ArgumentError) do
|
|
29
|
+
Argon2id.verify(
|
|
30
|
+
"$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4\x00foo",
|
|
31
|
+
"password"
|
|
32
|
+
)
|
|
33
|
+
end
|
|
34
|
+
end
|
|
24
35
|
end
|